This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

hiii,

/*packet-xxxxx.c*/

# include "config.h"

#include <epan/packet.h>
#include "packet-xxxxx.h"

void proto_reg_handoff_xxxxx(void);
void proto_register_xxxxx(void);

static int proto_xxxxx = -1;
static int hf_data=-1;
static gint ett_xxxxx = -1;
static gint ett_data = -1;
static int xxxxx_rtp_payload_type = 96;
static void
dissect_xxxxx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    proto_item *ti;
    proto_tree *xxxxx_tree;

    guint8 packet_type = tvb_get_guint8(tvb, 0);
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "xxxxx");
    col_set_str(pinfo->cinfo, COL_INFO, "xxxxx message");

    if (tree) 
    {
        guint32 offset = 0; 
        ti = proto_tree_add_item(tree, proto_xxxxx, tvb, 0, -1, FALSE);
        xxxxx_tree = proto_item_add_subtree(ti, ett_xxxxx);
        proto_tree_add_item(xxxxx_tree, &hf_data,tvb,offset,1, ENC_BIG_ENDIAN);
        offset += 1;
    }
}

void
proto_register_xxxxx(void)
{
    static hf_register_info hf[] = {
        { &hf_data,
        { "data", "xxxxx.data", FT_UINT8, BASE_DEC, NULL, 0x0,
        NULL, HFILL }}
    };

    static gint *ett[] = {
        &ett_xxxxx,
        &ett_data
    };

    proto_xxxxx = proto_register_protocol (
        "xxxxxProtocol", /* name       */
        "xxxxx",      /* short name */
        "xxxxx"       /* abbrev     */
    );

    proto_register_field_array(proto_xxxxx, hf, array_length(hf));
    proto_register_subtree_array(ett, array_length(ett));
}

void proto_reg_handoff_xxxxx(void)
{
    static gboolean inited = FALSE;
    dissector_handle_t xxxxx_handle;

    if (!inited) {
        xxxxx_handle = new_create_dissector_handle(dissect_xxxxx, proto_xxxxx);
        inited = TRUE;
    }
    else {
        dissector_delete_uint("rtp.pt",xxxxx_rtp_payload_type , xxxxx_handle);
    }
    dissector_add_uint("rtp.pt",xxxxx_rtp_payload_type , xxxxx_handle);

    inited = TRUE;
}

i wrote my own dissector code in epan/dissector.i want to decode the rtp payload stream for payload type 96.i was not able to get the field "data" field after the ssrc in rtp packet(Synchronization Source identifier: 0x73ed0101 (1944912129)).I wrote the code by checking in reference with h.264 protocol. If i am not wrong,when i give my xxxxx procol name in filter it is turning into green,which means my dissector is registered right?

when i click on the rtp packet and give decode as option ,i was not able to see my xxxxx protocol over rtp. Is my dissector_add_unit function correct?

asked 02 Apr '15, 01:42

lucky15's gravatar image

lucky15
6558
accept rate: 0%

edited 02 Apr '15, 05:16

grahamb's gravatar image

grahamb ♦
19.8k330206

2

I fixed the formatting of your code, did this code actually compile? I ask as there seems to be an extra "}" in dissect_xxxxx(), maybe there's a missing "{" after the if?

(02 Apr '15, 02:30) grahamb ♦

Thanks,

void proto_reg_handoff_xxxxx(void)
{
    static gboolean inited = FALSE;
    dissector_handle_t xxxxx_handle;
    if (!inited) {
        xxxxx_handle = new_create_dissector_handle(dissect_xxxxx, proto_xxxxx);
        inited = TRUE;
    }

That was a typo mistake,i had the '}' in my code.No compilation error was there.

(02 Apr '15, 02:48) lucky15

Is my dissector_add_unit function correct?

(02 Apr '15, 03:02) lucky15

should i use prefs_register_xxx_preference function for this in proto_register_xxxxx(void) function?

(02 Apr '15, 03:07) lucky15

The code error I was referring to was around the if(tree) in dissect_xxxxx(), your comment shows code in proto_reg_handoff_xxxxx().

You can edit your question to fix the code to prevent confusion.

The dissector_add_uint() call looks OK.

Have you tried hooking up a debugger? Much easier then debugging via ascii.

(02 Apr '15, 03:47) grahamb ♦

i debugged using visual studio.i kept break points at:

guint8 packet_type = tvb_get_guint8(tvb, 0);

dissector_add_uint("rtp.pt",xxxxx_rtp_payload_type , xxxxx_handle);

i was able to get break point at dissector_add_uint.

but not in dissect_xxxxx function.

why is it ?

can u please explian? I am new to this wireshark code.

your comments are helpful.thank u..

Is there any other information or value i have to check while dubugging?

(02 Apr '15, 04:34) lucky15

while i tried the same code on udp.port,i was able to give get the decode as option ,and when clicked on xxxxx protocol i got the following error on wireshark dispaly:

+User Datagram Protocol, Src Port: 46163 (46163), Dst Port: cap (1026)

    xxxxxProtocol

+  Expert Info (Error/Malformed): proto.c:1991: failed assertion "(guint)hfindex < gpa_hfinfo.len" (Unregistered hf!)

when i tried to debug it was going into dissect_xxxxx function 
But it did not debug the if (tree)condition block.
(02 Apr '15, 05:23) lucky15

You are registering your dissector as a sub-dissector for rtp, with a payload type of 96. This is the same as the 2dparityfec dissector, and maybe some other rtp sub-dissectors.

Check your registration using the menu item Internals -> Dissector tables -> Integer tables -> RTP payload type.

(02 Apr '15, 05:25) grahamb ♦

thanks,

And i checked that RTP Payload Type : it is showing some junk value for my protocol.why is it?

(02 Apr '15, 05:36) lucky15

What does the table show?

(02 Apr '15, 06:21) grahamb ♦

RTP payload Type:

-898487959 xxxxx

display is coming.

(02 Apr '15, 08:04) lucky15

hi,

Already for 96 some other sub dissector is present in the integer table.Is it contradicting because of this?

(02 Apr '15, 21:53) lucky15
  1. There is a line: "proto_tree_add_item(xxxxx_tree, &hf_data,tvb,offset,1, ENC_BIG_ENDIAN);"

&hf_data -> hf_data There is no warning about put void* as int?

  1. "ti = proto_tree_add_item(tree, proto_xxxxx, tvb, 0, -1, FALSE);" FALSE -> ENC_NA
(06 Apr '15, 22:51) Michał Łabędzki

umm in my current wireshark 1.12.4 there is no dissector for 96 payload in the rtp.payload dissector table!

(08 Apr '15, 23:04) koundi

I believe that dissector tables can only hold one entry for the key. In that case, the last dissector to call dissector_add_uint() for a particular integer will be the one that is called as the sub-dissector that that table entry.

I don't understand why you have such an odd value in the table. Can you check that again?

(10 Apr '15, 06:13) grahamb ♦
showing 5 of 15 show 10 more comments
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×16

question asked: 02 Apr '15, 01:42

question was seen: 2,619 times

last updated: 10 Apr '15, 06:13

p​o​w​e​r​e​d by O​S​Q​A