Wireshark-dev: Re: [Wireshark-dev] how do you get SDP dissector info to useitwitha new dissecto

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Wed, 23 Apr 2008 16:09:17 +0200
beware:
if the dissector gets called in a different way pinfo->private_data
may contain who knows what...
This might be true for all dissectors,
neither the DLT_USER nor K12 do anything with pinfo->private_data and
if the dissector is registered by name they could call it without
calling RTP's first.



On Wed, Apr 23, 2008 at 3:53 PM, Anders Broman
<anders.broman@xxxxxxxxxxxx> wrote:
> Hi,
>  If I understand you correctly (using AMR as example) you have SDP like:
>  :
>  a=rtpmap:96 AMR/8000/1\r\n
>  a=fmtp:96 octet-align=1\r\n
>  :
>
>  Today the SDP dissector "reads" 96 and connects in to PT 96 which is used by the RTP dissector to find the PT dissector, AMR in this case.
>  You would like your PT dissetor to also receive the fmtp parameter, which actually could be useful for AMR as well.
>
>  First I would look into adding this info into the struct:
>  typedef struct {
>   gint32 pt[SDP_MAX_RTP_PAYLOAD_TYPES];
>   gint8 pt_count;
>   GHashTable *rtp_dyn_payload;
>  } transport_media_pt_t;
>  In packet-sdp.c it could then be read out in packet-rtp.c before calling the PT subdissector and sent as pinfo->private data.
>  Regards
>  Anders
>
>
>
>
>  -----Original Message-----
>  From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of david.castleford@xxxxxxxxxxxxxxxxxx
>  Sent: den 23 april 2008 10:51
>  To: wireshark-dev@xxxxxxxxxxxxx
>  Subject: Re: [Wireshark-dev] how do you get SDP dissector info to useitwitha new dissector?
>
>
>  Hi,
>
>  Thanks for your replies.
>
>  To (hopefully) clarify the problem statement, here's something more explicit:
>
>  Captured packets:
>
>  Example 1: no SDP
>  =================
>  RTP Payload Type 96 (unkown)
>  RTP Payload Type 97 (unkown)
>  :
>  :
>  :
>  :
>  RTP PT 96 (unkown)
>  RTP PT 97 (unkown)
>
>  My plugin has as a preference Payload Type to force dissection, so I use the following in my code (it works):
>
>  dissector_add("rtp.pt", dynamic_payload_type, myprotocol_handle);
>
>  So if I enter 96 as my payload type, I get the following for my capture:
>
>  MYPROTOCOL (RTP Payload Type 96 (unkown)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>  RTP Payload Type 97 (unkown (unkown))
>  :
>  :
>  :
>  :
>  MYPROTOCOL RTP PT 96
>  RTP PT 97
>
>  Example 2: SDP, RTP PT set at 0 for examle in myprotocol preferences ======================================================================
>  Raw data shown, no wireshark dissection
>  =========
>  SDP/SAP contains list of media types, dynamic payload types and mime-types, MYPROTOCOL sdp_setup_parameters
>  :
>  :
>  RTP Payload Type 96
>  RTP Payload Type 97
>  :
>  :
>  :
>  :
>  RTP PT myprotocol_mime_type (96)
>  RTP PT 97 myprotocol_mime_type (97)
>
>  Now, given that in my code I add myprotocol_mime_type as follows:
>  dissector_add_string("rtp_dyn_payload_type", myprotocol_mime_type, myprotocol_handle);
>
>  Wireshar actually shows the following:
>  ========
>  SDP/SAP contains list of media types, dynamic payload types and mime-types, MYPROTOCOL sdp_setup_parameters
>  :
>  :
>  MYPROTOCOL (RTP Payload Type myprotocol_mime_type (96)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>  MYPROTOCOL (RTP Payload Type myprotocol_mime_type (97)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>  :
>  :
>  MYPROTOCOL (RTP Payload Type myprotocol_mime_type (96)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>  MYPROTOCOL (RTP Payload Type myprotocol_mime_type (97)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>
>
>  Problem statement
>  ================
>  So far so good, SDP media type declaration is automatically used by wireshark to associate the relevant dynamic payload type number to the declare mime-type, which then "launches" the proper protocol dissection *BUT*
>
>  myprotocol dissector uses myprotocol_preferences setup parameters for decoding, rather than the parameters in SDP i.e. sdp_setup_parameters for PT 96 and sdp_setup_parameters for PT 97.
>
>  Possible solutions
>  ==================
>  You recommend adding information to the SDP data structure, I gather you mean actually adding the SDP setup parameters for myprotocol in the SDP dissector? Or can I do it "dynamically" from within myprotocol dissector?
>
>  Alternatively, given wireshark explicitly shows for each correctly decoded RTP packet [Stream setup by SDP] for each packet for which the PT has been found in SDP, can I fetch/search the relevant information from within the packet dissected within my dissector code?
>
>  i.e. can I use tvb or something like pinfo-> SDP parameter ????
>  or do I need to fetch it from the relevant packet containing the SDP?
>
>  I'll look at the RTP / SDP dissectors to see what information the conversation dissector data can gather, but again, how do I access SDP info or RTP info from within my own code?
>
>  I'll try and look for myself but as you all know this takes time.
>
>  Hope this mail clarifies the problem statement. Thanks for any help / advice. The solution might seem obvious to you, but not to me ;-)
>
>  Regards,
>
>  David
>
>
>  -----Message d'origine-----
>  De : wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] De la part de Anders Broman Envoyé : mardi 22 avril 2008 17:49 À : Developer support list for Wireshark Objet : Re: [Wireshark-dev] how do you get SDP dissector info to use itwitha new dissector?
>
>  Hi,
>  Just to add to what Luis said:
>  The SDP dissector hands information to the RTP dissector for the conversation in question if your payload dissector Needs any of this info or additional info you first have to add it to this information to the SDP data structure then the RTP dissector Should hand it to your payload dissector which should be called from the RTP dissector or possibly the payload Dissector could pick it up from the conversation if the info is stored in the conversation dissector data by the SDP or RTP dissector.
>
>  Probably this is the function you want to look at void srtp_add_address().
>  Regards
>  Anders
>
>  -----Original Message-----
>  From: wireshark-dev-bounces@xxxxxxxxxxxxx
>  [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG Ontanon
>  Sent: den 22 april 2008 15:25
>  To: Developer support list for Wireshark
>  Subject: Re: [Wireshark-dev] how do you get SDP dissector info to use itwith a new dissector?
>
>  I do not understand what you want to do.
>
>  If all you want is to get RTP's media dissected just invoking the sdp dissector to dissect the sdp buffer might be enough. SDP will take care of "registering" the RTP converstations definded in it so that related media packets are passed to RTP and that RTP calls the propper dissector for the payload.
>
>  You can take a look on how packet-rtsp.c or packet-sip.c hand over to sdp and how amr or iuup register themselves to be usable as dynamic RTP payload.
>
>  Hope this helps
>
>
>  On Tue, Apr 22, 2008 at 3:11 PM,  <david.castleford@xxxxxxxxxxxxxxxxxx>
>  wrote:
>  >
>  >
>  > Hi everyone,
>  >
>  > I've been working on a new dissector that I'll hopefully be able to
>  > contribute.
>  >
>  > So far I've used the protocol preferences menu to allow me to "setup"
>  > parameters that are usually found in an SDP file or via SDP/SAP or via
>
>  > SDP/RTSP.
>  >
>  > This can be quite tedious as I'm switching between different RTP
>  > streams, each having potentially different setup parameters.
>  >
>  > Hence I would like to try and reuse the already dissected SDP
>  > parameters (if
>  > found) and use those automatically i.e.
>  >
>  > If  SDP -> Media Format (sdp.media.format)  = certain value,
>  >
>  > then
>  >     Search    SDP -> Media format specific parameters
>  (sdp.fmtp.parameter)
>  >             If found "setup" parameter, "store" the value for that
>  > setup parameter and associate it with the associated sdp.media.format
>  type
>  >     End search
>  > End SDP search
>  >
>  > As I expect the SDP information to contain declarations for multiple
>  > RTP streams with different dynamic payload types, each having setup
>  > parameters for my dissector, what is the best approach I can take?
>  >
>  > How do I search for any relevant SDP info?
>  >
>  > I've tried to find relevant examples but haven't exactly succeeded and
>
>  > would appreciate a pointer. Wireshark seems extremely powerful but
>  > it's rather daunting to a beginner.
>  > I came across tapping, but I'm not sure whether I need to get info
>  > from the SDP tap, or whether I need to create a tap for my
>  > dissector....or even tap at all?!
>  >
>  > As for using those parameters:
>  >
>  > Should I define a structure containing all the relevant setup
>  > parameters, define a table containing pointers to that structure, and
>  > populate it accordingly for each relevant stream i.e. RTP payload type
>
>  > in SDP having my setup parameters?
>  >
>  > The idea would then be to search this table for a matching RTP payload
>
>  > type so that my dissector can use the correct setup parameters,
>  > extracted automatically from SDP, rather than using the potentially
>  > incorrect setup parameters defined in my preferences.
>  >
>  > Thanks for your help,
>  >
>  > David
>  >
>  >
>  >
>  > _______________________________________________
>  >  Wireshark-dev mailing list
>  >  Wireshark-dev@xxxxxxxxxxxxx
>  >  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  >
>  >
>
>
>
>  --
>  This information is top security. When you have read it, destroy yourself.
>  -- Marshall McLuhan
>  _______________________________________________
>  Wireshark-dev mailing list
>  Wireshark-dev@xxxxxxxxxxxxx
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  _______________________________________________
>  Wireshark-dev mailing list
>  Wireshark-dev@xxxxxxxxxxxxx
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  _______________________________________________
>  Wireshark-dev mailing list
>  Wireshark-dev@xxxxxxxxxxxxx
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  _______________________________________________
>  Wireshark-dev mailing list
>  Wireshark-dev@xxxxxxxxxxxxx
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan