hiii,
/*packet-xxxxx.c*/
include "config.h"
#include <epan/packet.h>
#include "packet-xxxxx.h"
void proto_reg_handoff_xxxxx(void);
void proto_register_xxxxx(void);
static int proto_xxxxx = -1;
static int hf_data=-1;
static gint ett_xxxxx = -1;
static gint ett_data = -1;
static int xxxxx_rtp_payload_type = 96;
static void
dissect_xxxxx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *ti;
proto_tree *xxxxx_tree;
guint8 packet_type = tvb_get_guint8(tvb, 0);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "xxxxx");
col_set_str(pinfo->cinfo, COL_INFO, "xxxxx message");
if (tree)
{
guint32 offset = 0;
ti = proto_tree_add_item(tree, proto_xxxxx, tvb, 0, -1, FALSE);
xxxxx_tree = proto_item_add_subtree(ti, ett_xxxxx);
proto_tree_add_item(xxxxx_tree, &hf_data,tvb,offset,1, ENC_BIG_ENDIAN);
offset += 1;
}
}
void
proto_register_xxxxx(void)
{
static hf_register_info hf[] = {
{ &hf_data,
{ "data", "xxxxx.data", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }}
};
static gint *ett[] = {
&ett_xxxxx,
&ett_data
};
proto_xxxxx = proto_register_protocol (
"xxxxxProtocol", /* name */
"xxxxx", /* short name */
"xxxxx" /* abbrev */
);
proto_register_field_array(proto_xxxxx, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void proto_reg_handoff_xxxxx(void)
{
static gboolean inited = FALSE;
dissector_handle_t xxxxx_handle;
if (!inited) {
xxxxx_handle = new_create_dissector_handle(dissect_xxxxx, proto_xxxxx);
inited = TRUE;
}
else {
dissector_delete_uint("rtp.pt",xxxxx_rtp_payload_type , xxxxx_handle);
}
dissector_add_uint("rtp.pt",xxxxx_rtp_payload_type , xxxxx_handle);
inited = TRUE;
}
i wrote my own dissector code in epan/dissector.i want to decode the rtp payload stream for payload type 96.i was not able to get the field “data” field after the ssrc in rtp packet(Synchronization Source identifier: 0x73ed0101 (1944912129)).I wrote the code by checking in reference with h.264 protocol. If i am not wrong,when i give my xxxxx procol name in filter it is turning into green,which means my dissector is registered right?
when i click on the rtp packet and give decode as option ,i was not able to see my xxxxx protocol over rtp. Is my dissector_add_unit function correct?
asked 02 Apr '15, 01:42
lucky15
6●5●5●8
accept rate: 0%
edited 02 Apr '15, 05:16
grahamb ♦
19.8k●3●30●206
I fixed the formatting of your code, did this code actually compile? I ask as there seems to be an extra "}" in dissect_xxxxx(), maybe there's a missing "{" after the if?
Thanks,
That was a typo mistake,i had the '}' in my code.No compilation error was there.
Is my dissector_add_unit function correct?
should i use prefs_register_xxx_preference function for this in proto_register_xxxxx(void) function?
The code error I was referring to was around the
if(tree)indissect_xxxxx(), your comment shows code inproto_reg_handoff_xxxxx().You can edit your question to fix the code to prevent confusion.
The
dissector_add_uint()call looks OK.Have you tried hooking up a debugger? Much easier then debugging via ascii.
i debugged using visual studio.i kept break points at:
guint8 packet_type = tvb_get_guint8(tvb, 0);
dissector_add_uint("rtp.pt",xxxxx_rtp_payload_type , xxxxx_handle);
i was able to get break point at dissector_add_uint.
but not in dissect_xxxxx function.
why is it ?
can u please explian? I am new to this wireshark code.
your comments are helpful.thank u..
Is there any other information or value i have to check while dubugging?
while i tried the same code on udp.port,i was able to give get the decode as option ,and when clicked on xxxxx protocol i got the following error on wireshark dispaly:
+User Datagram Protocol, Src Port: 46163 (46163), Dst Port: cap (1026)
You are registering your dissector as a sub-dissector for rtp, with a payload type of 96. This is the same as the 2dparityfec dissector, and maybe some other rtp sub-dissectors.
Check your registration using the menu item Internals -> Dissector tables -> Integer tables -> RTP payload type.
thanks,
And i checked that RTP Payload Type : it is showing some junk value for my protocol.why is it?
What does the table show?
RTP payload Type:
-898487959 xxxxx
display is coming.
hi,
Already for 96 some other sub dissector is present in the integer table.Is it contradicting because of this?
&hf_data -> hf_data There is no warning about put void* as int?
umm in my current wireshark 1.12.4 there is no dissector for 96 payload in the rtp.payload dissector table!
I believe that dissector tables can only hold one entry for the key. In that case, the last dissector to call dissector_add_uint() for a particular integer will be the one that is called as the sub-dissector that that table entry.
I don’t understand why you have such an odd value in the table. Can you check that again?