Wireshark-dev: Re: [Wireshark-dev] problem to register own protoco...

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Thu, 12 Jun 2008 15:08:25 +0400
Sub-dissectors can't be added against protocol fields, but against
dissector tables. H225 registers the following tables:
  nsp_object_dissector_table =
register_dissector_table("h225.nsp.object", "H.225
NonStandardParameter (object)", FT_STRING, BASE_NONE);
  nsp_h221_dissector_table = register_dissector_table("h225.nsp.h221",
"H.225 NonStandardParameter (h221)", FT_UINT32, BASE_HEX);
  tp_dissector_table = register_dissector_table("h225.tp", "H.225
TunnelledProtocol", FT_STRING, BASE_NONE);
  gef_name_dissector_table = register_dissector_table("h225.gef.name",
"H.225 Generic Extensible Framework (names)", FT_STRING, BASE_NONE);
  gef_content_dissector_table =
register_dissector_table("h225.gef.content", "H.225 Generic Extensible
Framework", FT_STRING, BASE_NONE);

So you have to see which one you need to register against... it is
probably "h225.tp". There is also a discussion in this thread:
http://www.wireshark.org/lists/wireshark-dev/200707/msg00214.html
which _might_ be of use.

HTH
Abhik.

On Thu, Jun 12, 2008 at 1:24 PM, H F <sam5919@xxxxxxxxxx> wrote:
>
>
> Hi!!!
>
>
>
> I'm writing a plugin for our program's own protocol, which encapsulates a
> whole 'q931' package  in user-user (look at the end of massage in red )
>
>
>
> But I have problem to register own protocol!
>
> I'm missing the dissector_add() in my (sub)dissector
>
>
>
> void
>
> proto_reg_handoff_mytype(void)
>
> {
>
>       static gboolean initialized = FALSE;
>
>
>
>       if (!initialized) {
>
>       H323UserInformation_handle= find_dissector("h323ui");
>
>       ipnet_handle= create_dissector_handle(dissect_mytype, proto_mytype);
>
>       dissector_add("h225.messageContent_item",0xFE,mytype_handle);
>
>                  /*0xFE for identifier my protcol */
>
>             initialized = TRUE;
>
>       };
>
> };
>
>
>
> But when wireshark build !! I get the error:
>
> ** ERROR:(packet.c:697):???: assertion failed: (sub_dissectors)
>
>
>
>
>
>
>
> No.     Time        Source                Destination           Protocol
> Info
>
>     203 15.094231   10.24.30.13           10.24.30.15           Q.931    CS:
> setup SETUP
>
>
>
> Frame 203 (210 bytes on wire, 210 bytes captured)
>
>     Arrival Time: Jun  2, 2008 17:57:50.481268000
>
>     [Time delta from previous captured frame: 0.016456000 seconds]
>
>     [Time delta from previous displayed frame: 15.094231000 seconds]
>
>     [Time since reference or first frame: 15.094231000 seconds]
>
>     Frame Number: 203
>
>     Frame Length: 210 bytes
>
>     Capture Length: 210 bytes
>
>     [Frame is marked: False]
>
>     [Protocols in frame: eth:ip:tcp:q931:q931:h225:q931]
>
>     [Coloring Rule Name: TCP]
>
>     [Coloring Rule String: tcp]
>
> Ethernet II, Src: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c), Dst:
> Ericsson_52:f2:14 (00:80:37:52:f2:14)
>
>     Destination: Ericsson_52:f2:14 (00:80:37:52:f2:14)
>
>         Address: Ericsson_52:f2:14 (00:80:37:52:f2:14)
>
>         .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
>
>         .... ..0. .... .... .... .... = LG bit: Globally unique address
> (factory default)
>
>     Source: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
>
>         Address: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
>
>         .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
>
>         .... ..0. .... .... .... .... = LG bit: Globally unique address
> (factory default)
>
>     Type: IP (0x0800)
>
> Internet Protocol, Src: 10.24.30.13 (10.24.30.13), Dst: 10.24.30.15
> (10.24.30.15)
>
>     Version: 4
>
>     Header length: 20 bytes
>
>     Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding;
> ECN: 0x00)
>
>         1011 10.. = Differentiated Services Codepoint: Expedited Forwarding
> (0x2e)
>
>         .... ..0. = ECN-Capable Transport (ECT): 0
>
>         .... ...0 = ECN-CE: 0
>
>     Total Length: 196
>
>     Identification: 0xf0fa (61690)
>
>     Flags: 0x00
>
>         0... = Reserved bit: Not set
>
>         .0.. = Don't fragment: Not set
>
>         ..0. = More fragments: Not set
>
>     Fragment offset: 0
>
>     Time to live: 64
>
>     Protocol: TCP (0x06)
>
>     Header checksum: 0x3836 [correct]
>
>         [Good: True]
>
>         [Bad : False]
>
>     Source: 10.24.30.13 (10.24.30.13)
>
>     Destination: 10.24.30.15 (10.24.30.15)
>
> Transmission Control Protocol, Src Port: mxomss (1141), Dst Port:
> h323hostcall (1720), Seq: 1, Ack: 1, Len: 156
>
>     Source port: mxomss (1141)
>
>     Destination port: h323hostcall (1720)
>
>     Sequence number: 1    (relative sequence number)
>
>     [Next sequence number: 157    (relative sequence number)]
>
>     Acknowledgement number: 1    (relative ack number)
>
>     Header length: 20 bytes
>
>     Flags: 0x18 (PSH, ACK)
>
>         0... .... = Congestion Window Reduced (CWR): Not set
>
>         .0.. .... = ECN-Echo: Not set
>
>         ..0. .... = Urgent: Not set
>
>         ...1 .... = Acknowledgment: Set
>
>         .... 1... = Push: Set
>
>         .... .0.. = Reset: Not set
>
>         .... ..0. = Syn: Not set
>
>         .... ...0 = Fin: Not set
>
>     Window size: 5840
>
>     Checksum: 0xc1ad [validation disabled]
>
>         [Good Checksum: False]
>
>         [Bad Checksum: False]
>
> TPKT, Version: 3, Length: 156
>
>     Version: 3
>
>     Reserved: 0
>
>     Length: 156
>
> Q.931
>
>     Protocol discriminator: Q.931
>
>     Call reference value length: 2
>
>     Call reference flag: Message sent from originating side
>
>     Call reference value: 012A
>
>     Message type: SETUP (0x05)
>
>     Bearer capability
>
>         Information element: Bearer capability
>
>         Length: 3
>
>         1... .... = Extension indicator: last octet
>
>         .00. .... = Coding standard: ITU-T standardized coding (0x00)
>
>         ...0 1000 = Information transfer capability: Unrestricted digital
> information (0x08)
>
>         1... .... = Extension indicator: last octet
>
>         .00. .... = Transfer mode: Circuit mode (0x00)
>
>         ...1 0000 = Information transfer rate: 64 kbit/s (0x10)
>
>         1... .... = Extension indicator: last octet
>
>         ...0 0101 = User information layer 1 protocol: Recommendation H.221
> and H.242 (0x05)
>
>     Called party number: '129'
>
>         Information element: Called party number
>
>         Length: 4
>
>         .... 1001 = Numbering plan: Private numbering (0x09)
>
>         .100 .... = Number type: Subscriber number (0x04)
>
>         1... .... = Extension indicator: last octet
>
>         Called party number digits: 129
>
>     User-user
>
>         Information element: User-user
>
>         Length: 133
>
>         Protocol discriminator: X.208 and X.209 coded user information
>
> H.225.0 CS
>
>       H323-UserInformation
>
>            h323-uu-pdu
>
>                h323-message-body: setup (0)
>
>                 setup
>
>                     protocolIdentifier: 0.0.8.2250.0.2 (Version 2)
>
>                     h245Address: ipAddress (0)
>
>                         ipAddress
>
>                             ip: 10.24.30.13 (10.24.30.13)
>
>                             port: 2002
>
>                     sourceInfo
>
>                         .... ...0 mc: False
>
>                         0... .... undefinedNode: False
>
>                     destinationAddress: 1 item
>
>                         Item 0
>
>                             Item: dialedDigits (0)
>
>                                 dialedDigits: 129
>
>                     .... 0... activeMC: False
>
>                     conferenceID: 00000018-3e17-fb70-0008-467f00b63678
>
>                     conferenceGoal: create (0)
>
>                         create: NULL
>
>                     callType: pointToPoint (0)
>
>                         pointToPoint: NULL
>
>                     sourceCallSignalAddress: ipAddress (0)
>
>                         ipAddress
>
>                             ip: 10.24.30.13 (10.24.30.13)
>
>                             port: 1720
>
>                     callIdentifier
>
>                         guid: 00000018-3e17-fb70-0008-467f00b63678
>
>                     0... .... mediaWaitForConnect: False
>
>                     1... .... canOverlapSend: True
>
>             0... .... h245Tunneling: False
>
>             tunnelledSignallingMessage
>
>                 tunnelledProtocolID
>
>                     id: tunnelledProtocolObjectID (0)
>
>                         tunnelledProtocolObjectID: 1.3.12.9
> (SNMPv2-SMI::org.12.9)
>
>                 messageContent: 1 item
>
>                     Item 0
>
>                         Item: 46 octets
>
>                         Q.931
>
>                             Protocol discriminator: Q.931
>
>                             Call reference value length: 2
>
>                             Call reference flag: Message sent from
> originating side
>
>                             Call reference value: 0053
>
>                             Message type: SETUP (0x05)
>
>                             Bearer capability
>
>                                 Information element: Bearer capability
>
>                                 Length: 3
>
>                                 1... .... = Extension indicator: last octet
>
>                                 .00. .... = Coding standard: ITU-T
> standardized coding (0x00)
>
>                                 ...0 0000 = Information transfer capability:
> Speech (0x00)
>
>                                 1... .... = Extension indicator: last octet
>
>                                 .00. .... = Transfer mode: Circuit mode
> (0x00)
>
>                                 ...1 0000 = Information transfer rate: 64
> kbit/s (0x10)
>
>                                 1... .... = Extension indicator: last octet
>
>                                 ...0 0011 = User information layer 1
> protocol: Recommendation G.711 A-law (0x03)
>
>                             Channel identification
>
>                                 Information element: Channel identification
>
>                                 Length: 3
>
>                                 1... .... = Extension indicator: last octet
>
>                                 .0.. .... = Interface identifier present:
> False
>
>                                 ..1. .... = Interface type: Primary rate
> interface
>
>                                 .... 1... = Indicated channel is exclusive:
> Exclusive; only the indicated channel is acceptable
>
>                                 .... .0.. = D-channel indicator: False
>
>                                 .... ..01 = Information channel selection:
> Channel indicated in following octets (0x01)
>
>                                 1... .... = Extension indicator: last octet
>
>                                 .00. .... = Coding standard: ITU-T
> standardized coding (0x00)
>
>                                 ...0 .... = Number/map: Channel indicated by
> number
>
>                                 .... 0011 = Element type: B-channel units
> (0x03)
>
>                                 1... .... = Extension indicator: last octet
>
>                                 .000 0010 = Channel number: 2
>
>                             Non-locking shift to codeset 5: Information
> elements for national use
>
>                             Unknown information element (0x31)
>
>                                 Information element: Unknown (0x31)
>
>                                 Length: 1
>
>                                 Data: 80
>
>                             Called party number: '129'
>
>                                 Information element: Called party number
>
>                                 Length: 4
>
>                                 .... 1001 = Numbering plan: Private
> numbering (0x09)
>
>                                 .100 .... = Number type: Subscriber number
> (0x04)
>
>                                 1... .... = Extension indicator: last octet
>
>                                 Called party number digits: 129
>
>                             High-layer compatibility
>
>                                 Information element: High-layer
> compatibility
>
>                                 Length: 2
>
>                                 .00. .... = Coding standard: ITU-T
> standardized coding (0x00)
>
>                                 High layer characteristics identification:
> Telephony
>
>                             User-user
>
>                                 Information element: User-user
>
>                                 Length: 15
>
>                                 Protocol discriminator: User-specific
> protocol
>
>                                 User information:
> FEB30C07498131323533357F0182
>
>
>
> (0xFE is identifier of own protocol)
>
>
>
> 0000  00 80 37 52 f2 14 00 01 ec fb c0 9c 08 00 45 b8   ..7R..........E.
>
> 0010  00 c4 f0 fa 00 00 40 06 38 36 0a 18 1e 0d 0a 18   [email protected]......
>
> 0020  1e 0f 04 75 06 b8 22 40 11 02 00 48 c1 02 50 18   ...u.."@...H..P.
>
> 0030  16 d0 c1 ad 00 00 03 00 00 9c 08 02 01 2a 05 04   .............*..
>
> 0040  03 88 90 a5 70 04 c9 31 32 39 7e 00 85 05 20 d0   ....p..129~... .
>
> 0050  06 00 08 91 4a 00 02 00 0a 18 1e 0d 07 d2 00 00   ....J...........
>
> 0060  01 01 00 45 c0 00 00 00 18 3e 17 fb 70 00 08 46   ...E.....>..p..F
>
> 0070  7f 00 b6 36 78 00 cd 0c 00 00 07 00 0a 18 1e 0d   ...6x...........
>
> 0080  06 b8 11 00 00 00 00 18 3e 17 fb 70 00 08 46 7f   ........>..p..F.
>
> 0090  00 b6 36 78 01 00 01 80 10 88 01 00 35 00 03 2b   ..6x........5..+
>
> 00a0  0c 09 01 2e 08 02 00 53 05 04 03 80 90 a3 18 03   .......S........
>
> 00b0  a9 83 82 9d 31 01 80 70 04 c9 31 32 39 7d 02 91   ....1..p..129}..
>
> 00c0  81 7e 0f 00 fe b3 0c 07 49 81 31 32 35 33 35 7f   .~......I.12535.
>
> 00d0  01 82
>
>
>
> .
>
> Best Regards
>
> ________________________________
> Avec Windows Live Messenger restez en contact avec tous vos amis !
> Téléchargez Messenger, c'est gratuit !
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>