Wireshark-dev: Re: [Wireshark-dev] problem to register own protoco...
From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Thu, 12 Jun 2008 15:08:25 +0400
Sub-dissectors can't be added against protocol fields, but against
dissector tables. H225 registers the following tables:
nsp_object_dissector_table =
register_dissector_table("h225.nsp.object", "H.225
NonStandardParameter (object)", FT_STRING, BASE_NONE);
nsp_h221_dissector_table = register_dissector_table("h225.nsp.h221",
"H.225 NonStandardParameter (h221)", FT_UINT32, BASE_HEX);
tp_dissector_table = register_dissector_table("h225.tp", "H.225
TunnelledProtocol", FT_STRING, BASE_NONE);
gef_name_dissector_table = register_dissector_table("h225.gef.name",
"H.225 Generic Extensible Framework (names)", FT_STRING, BASE_NONE);
gef_content_dissector_table =
register_dissector_table("h225.gef.content", "H.225 Generic Extensible
Framework", FT_STRING, BASE_NONE);
So you have to see which one you need to register against... it is
probably "h225.tp". There is also a discussion in this thread:
http://www.wireshark.org/lists/wireshark-dev/200707/msg00214.html
which _might_ be of use.
HTH
Abhik.
On Thu, Jun 12, 2008 at 1:24 PM, H F <sam5919@xxxxxxxxxx> wrote:
>
>
> Hi!!!
>
>
>
> I'm writing a plugin for our program's own protocol, which encapsulates a
> whole 'q931' package in user-user (look at the end of massage in red )
>
>
>
> But I have problem to register own protocol!
>
> I'm missing the dissector_add() in my (sub)dissector
>
>
>
> void
>
> proto_reg_handoff_mytype(void)
>
> {
>
> static gboolean initialized = FALSE;
>
>
>
> if (!initialized) {
>
> H323UserInformation_handle= find_dissector("h323ui");
>
> ipnet_handle= create_dissector_handle(dissect_mytype, proto_mytype);
>
> dissector_add("h225.messageContent_item",0xFE,mytype_handle);
>
> /*0xFE for identifier my protcol */
>
> initialized = TRUE;
>
> };
>
> };
>
>
>
> But when wireshark build !! I get the error:
>
> ** ERROR:(packet.c:697):???: assertion failed: (sub_dissectors)
>
>
>
>
>
>
>
> No. Time Source Destination Protocol
> Info
>
> 203 15.094231 10.24.30.13 10.24.30.15 Q.931 CS:
> setup SETUP
>
>
>
> Frame 203 (210 bytes on wire, 210 bytes captured)
>
> Arrival Time: Jun 2, 2008 17:57:50.481268000
>
> [Time delta from previous captured frame: 0.016456000 seconds]
>
> [Time delta from previous displayed frame: 15.094231000 seconds]
>
> [Time since reference or first frame: 15.094231000 seconds]
>
> Frame Number: 203
>
> Frame Length: 210 bytes
>
> Capture Length: 210 bytes
>
> [Frame is marked: False]
>
> [Protocols in frame: eth:ip:tcp:q931:q931:h225:q931]
>
> [Coloring Rule Name: TCP]
>
> [Coloring Rule String: tcp]
>
> Ethernet II, Src: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c), Dst:
> Ericsson_52:f2:14 (00:80:37:52:f2:14)
>
> Destination: Ericsson_52:f2:14 (00:80:37:52:f2:14)
>
> Address: Ericsson_52:f2:14 (00:80:37:52:f2:14)
>
> .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
>
> .... ..0. .... .... .... .... = LG bit: Globally unique address
> (factory default)
>
> Source: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
>
> Address: Ericsson_fb:c0:9c (00:01:ec:fb:c0:9c)
>
> .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
>
> .... ..0. .... .... .... .... = LG bit: Globally unique address
> (factory default)
>
> Type: IP (0x0800)
>
> Internet Protocol, Src: 10.24.30.13 (10.24.30.13), Dst: 10.24.30.15
> (10.24.30.15)
>
> Version: 4
>
> Header length: 20 bytes
>
> Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding;
> ECN: 0x00)
>
> 1011 10.. = Differentiated Services Codepoint: Expedited Forwarding
> (0x2e)
>
> .... ..0. = ECN-Capable Transport (ECT): 0
>
> .... ...0 = ECN-CE: 0
>
> Total Length: 196
>
> Identification: 0xf0fa (61690)
>
> Flags: 0x00
>
> 0... = Reserved bit: Not set
>
> .0.. = Don't fragment: Not set
>
> ..0. = More fragments: Not set
>
> Fragment offset: 0
>
> Time to live: 64
>
> Protocol: TCP (0x06)
>
> Header checksum: 0x3836 [correct]
>
> [Good: True]
>
> [Bad : False]
>
> Source: 10.24.30.13 (10.24.30.13)
>
> Destination: 10.24.30.15 (10.24.30.15)
>
> Transmission Control Protocol, Src Port: mxomss (1141), Dst Port:
> h323hostcall (1720), Seq: 1, Ack: 1, Len: 156
>
> Source port: mxomss (1141)
>
> Destination port: h323hostcall (1720)
>
> Sequence number: 1 (relative sequence number)
>
> [Next sequence number: 157 (relative sequence number)]
>
> Acknowledgement number: 1 (relative ack number)
>
> Header length: 20 bytes
>
> Flags: 0x18 (PSH, ACK)
>
> 0... .... = Congestion Window Reduced (CWR): Not set
>
> .0.. .... = ECN-Echo: Not set
>
> ..0. .... = Urgent: Not set
>
> ...1 .... = Acknowledgment: Set
>
> .... 1... = Push: Set
>
> .... .0.. = Reset: Not set
>
> .... ..0. = Syn: Not set
>
> .... ...0 = Fin: Not set
>
> Window size: 5840
>
> Checksum: 0xc1ad [validation disabled]
>
> [Good Checksum: False]
>
> [Bad Checksum: False]
>
> TPKT, Version: 3, Length: 156
>
> Version: 3
>
> Reserved: 0
>
> Length: 156
>
> Q.931
>
> Protocol discriminator: Q.931
>
> Call reference value length: 2
>
> Call reference flag: Message sent from originating side
>
> Call reference value: 012A
>
> Message type: SETUP (0x05)
>
> Bearer capability
>
> Information element: Bearer capability
>
> Length: 3
>
> 1... .... = Extension indicator: last octet
>
> .00. .... = Coding standard: ITU-T standardized coding (0x00)
>
> ...0 1000 = Information transfer capability: Unrestricted digital
> information (0x08)
>
> 1... .... = Extension indicator: last octet
>
> .00. .... = Transfer mode: Circuit mode (0x00)
>
> ...1 0000 = Information transfer rate: 64 kbit/s (0x10)
>
> 1... .... = Extension indicator: last octet
>
> ...0 0101 = User information layer 1 protocol: Recommendation H.221
> and H.242 (0x05)
>
> Called party number: '129'
>
> Information element: Called party number
>
> Length: 4
>
> .... 1001 = Numbering plan: Private numbering (0x09)
>
> .100 .... = Number type: Subscriber number (0x04)
>
> 1... .... = Extension indicator: last octet
>
> Called party number digits: 129
>
> User-user
>
> Information element: User-user
>
> Length: 133
>
> Protocol discriminator: X.208 and X.209 coded user information
>
> H.225.0 CS
>
> H323-UserInformation
>
> h323-uu-pdu
>
> h323-message-body: setup (0)
>
> setup
>
> protocolIdentifier: 0.0.8.2250.0.2 (Version 2)
>
> h245Address: ipAddress (0)
>
> ipAddress
>
> ip: 10.24.30.13 (10.24.30.13)
>
> port: 2002
>
> sourceInfo
>
> .... ...0 mc: False
>
> 0... .... undefinedNode: False
>
> destinationAddress: 1 item
>
> Item 0
>
> Item: dialedDigits (0)
>
> dialedDigits: 129
>
> .... 0... activeMC: False
>
> conferenceID: 00000018-3e17-fb70-0008-467f00b63678
>
> conferenceGoal: create (0)
>
> create: NULL
>
> callType: pointToPoint (0)
>
> pointToPoint: NULL
>
> sourceCallSignalAddress: ipAddress (0)
>
> ipAddress
>
> ip: 10.24.30.13 (10.24.30.13)
>
> port: 1720
>
> callIdentifier
>
> guid: 00000018-3e17-fb70-0008-467f00b63678
>
> 0... .... mediaWaitForConnect: False
>
> 1... .... canOverlapSend: True
>
> 0... .... h245Tunneling: False
>
> tunnelledSignallingMessage
>
> tunnelledProtocolID
>
> id: tunnelledProtocolObjectID (0)
>
> tunnelledProtocolObjectID: 1.3.12.9
> (SNMPv2-SMI::org.12.9)
>
> messageContent: 1 item
>
> Item 0
>
> Item: 46 octets
>
> Q.931
>
> Protocol discriminator: Q.931
>
> Call reference value length: 2
>
> Call reference flag: Message sent from
> originating side
>
> Call reference value: 0053
>
> Message type: SETUP (0x05)
>
> Bearer capability
>
> Information element: Bearer capability
>
> Length: 3
>
> 1... .... = Extension indicator: last octet
>
> .00. .... = Coding standard: ITU-T
> standardized coding (0x00)
>
> ...0 0000 = Information transfer capability:
> Speech (0x00)
>
> 1... .... = Extension indicator: last octet
>
> .00. .... = Transfer mode: Circuit mode
> (0x00)
>
> ...1 0000 = Information transfer rate: 64
> kbit/s (0x10)
>
> 1... .... = Extension indicator: last octet
>
> ...0 0011 = User information layer 1
> protocol: Recommendation G.711 A-law (0x03)
>
> Channel identification
>
> Information element: Channel identification
>
> Length: 3
>
> 1... .... = Extension indicator: last octet
>
> .0.. .... = Interface identifier present:
> False
>
> ..1. .... = Interface type: Primary rate
> interface
>
> .... 1... = Indicated channel is exclusive:
> Exclusive; only the indicated channel is acceptable
>
> .... .0.. = D-channel indicator: False
>
> .... ..01 = Information channel selection:
> Channel indicated in following octets (0x01)
>
> 1... .... = Extension indicator: last octet
>
> .00. .... = Coding standard: ITU-T
> standardized coding (0x00)
>
> ...0 .... = Number/map: Channel indicated by
> number
>
> .... 0011 = Element type: B-channel units
> (0x03)
>
> 1... .... = Extension indicator: last octet
>
> .000 0010 = Channel number: 2
>
> Non-locking shift to codeset 5: Information
> elements for national use
>
> Unknown information element (0x31)
>
> Information element: Unknown (0x31)
>
> Length: 1
>
> Data: 80
>
> Called party number: '129'
>
> Information element: Called party number
>
> Length: 4
>
> .... 1001 = Numbering plan: Private
> numbering (0x09)
>
> .100 .... = Number type: Subscriber number
> (0x04)
>
> 1... .... = Extension indicator: last octet
>
> Called party number digits: 129
>
> High-layer compatibility
>
> Information element: High-layer
> compatibility
>
> Length: 2
>
> .00. .... = Coding standard: ITU-T
> standardized coding (0x00)
>
> High layer characteristics identification:
> Telephony
>
> User-user
>
> Information element: User-user
>
> Length: 15
>
> Protocol discriminator: User-specific
> protocol
>
> User information:
> FEB30C07498131323533357F0182
>
>
>
> (0xFE is identifier of own protocol)
>
>
>
> 0000 00 80 37 52 f2 14 00 01 ec fb c0 9c 08 00 45 b8 ..7R..........E.
>
> 0010 00 c4 f0 fa 00 00 40 06 38 36 0a 18 1e 0d 0a 18 [email protected]......
>
> 0020 1e 0f 04 75 06 b8 22 40 11 02 00 48 c1 02 50 18 ...u.."@...H..P.
>
> 0030 16 d0 c1 ad 00 00 03 00 00 9c 08 02 01 2a 05 04 .............*..
>
> 0040 03 88 90 a5 70 04 c9 31 32 39 7e 00 85 05 20 d0 ....p..129~... .
>
> 0050 06 00 08 91 4a 00 02 00 0a 18 1e 0d 07 d2 00 00 ....J...........
>
> 0060 01 01 00 45 c0 00 00 00 18 3e 17 fb 70 00 08 46 ...E.....>..p..F
>
> 0070 7f 00 b6 36 78 00 cd 0c 00 00 07 00 0a 18 1e 0d ...6x...........
>
> 0080 06 b8 11 00 00 00 00 18 3e 17 fb 70 00 08 46 7f ........>..p..F.
>
> 0090 00 b6 36 78 01 00 01 80 10 88 01 00 35 00 03 2b ..6x........5..+
>
> 00a0 0c 09 01 2e 08 02 00 53 05 04 03 80 90 a3 18 03 .......S........
>
> 00b0 a9 83 82 9d 31 01 80 70 04 c9 31 32 39 7d 02 91 ....1..p..129}..
>
> 00c0 81 7e 0f 00 fe b3 0c 07 49 81 31 32 35 33 35 7f .~......I.12535.
>
> 00d0 01 82
>
>
>
> .
>
> Best Regards
>
> ________________________________
> Avec Windows Live Messenger restez en contact avec tous vos amis !
> Téléchargez Messenger, c'est gratuit !
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>
- References:
- Prev by Date: [Wireshark-dev] problem to register own protoco...
- Next by Date: [Wireshark-dev] wireshark 1.0.1?
- Previous by thread: [Wireshark-dev] problem to register own protoco...
- Next by thread: [Wireshark-dev] wireshark 1.0.1?
- Index(es):