Here is an updated patch, it is against last night's (2004-06-30) tar file.
Thanks.
Guy Harris wrote:
On Sat, Jun 26, 2004 at 07:48:50PM +0200, Ruud Linders wrote:
Here is a PATCH for packet-rtp.c which adds an heuristic UDP/RTP decoder.
Unfortunately, it appars to be a patch against the 0.10.4 version, or
some other version earlier than the current CVS version, and doesn't
apply to the current CVS version; please send a version that's a patch
against the current CVS version of packet-rtp.c.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
--- packet-rtp.c.20040630 2004-06-29 22:29:56.000000000 +0200
+++ packet-rtp.c 2004-06-30 18:56:14.354157984 +0200
@@ -117,6 +117,9 @@
/* Preferences bool to control whether or not setup info should be shown */
static gboolean global_rtp_show_setup_info = TRUE;
+/* Try heuristic RTP decode */
+static gboolean global_rtp_heur = FALSE;
+
/* Memory chunk for storing conversation and per-packet info */
static GMemChunk *rtp_conversations = NULL;
@@ -294,36 +297,43 @@
static gboolean
dissect_rtp_heur( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
{
- conversation_t* pconv;
- /* This is a heuristic dissector, which means we get all the TCP
+ guint8 octet1, octet2;
+ unsigned int version;
+ unsigned int payload_type;
+ unsigned int offset = 0;
+
+ /* This is a heuristic dissector, which means we get all the UDP
* traffic not sent to a known dissector and not claimed by
* a heuristic dissector called before us!
- * So we first check if the frame is really meant for us.
*/
- if ( ( pconv = find_conversation( &pinfo->src, &fake_addr, pinfo->ptype,
- pinfo->srcport, 0, 0 ) ) == NULL ) {
- /*
- * The source ip:port combination was not what we were
- * looking for, check the destination
- */
- if ( ( pconv = find_conversation( &pinfo->dst, &fake_addr,
- pinfo->ptype, pinfo->destport, 0, 0 ) ) == NULL ) {
- return FALSE;
- }
- }
- /*
- * An RTP conversation always has a data item for RTP.
- * (Its existence is sufficient to indicate that this is an RTP
- * conversation.)
- */
- if (conversation_get_proto_data(pconv, proto_rtp) == NULL)
+ if (! global_rtp_heur)
return FALSE;
- dissect_rtp( tvb, pinfo, tree );
+ /* Get the fields in the first octet */
+ octet1 = tvb_get_guint8( tvb, offset );
+ version = RTP_VERSION( octet1 );
- return TRUE;
+ if (version != 2) {
+ /* Unknown or unsupported version */
+ return FALSE;
+ }
+
+ /* Get the fields in the second octet */
+ octet2 = tvb_get_guint8( tvb, offset + 1 );
+ payload_type = RTP_PAYLOAD_TYPE( octet2 );
+ /* if (payload_type == PT_PCMU ||
+ * payload_type == PT_PCMA)
+ * payload_type == PT_G729)
+ * */
+ if (payload_type <= PT_H263) {
+ dissect_rtp( tvb, pinfo, tree );
+ return TRUE;
+ }
+ else {
+ return FALSE;
+ }
}
static void
@@ -959,6 +969,12 @@
"this RTP stream to be created",
&global_rtp_show_setup_info);
+ prefs_register_bool_preference(rtp_module, "heuristic_rtp",
+ "Try to decode RTP outside of conversations ",
+ "If call control SIP/H323/.. messages are missing in the trace, "
+ "RTP isn't decoded without this",
+ &global_rtp_heur);
+
register_init_routine( &rtp_init );
}
@@ -973,4 +989,6 @@
*/
rtp_handle = find_dissector("rtp");
dissector_add_handle("udp.port", rtp_handle);
+
+ heur_dissector_add( "udp", dissect_rtp_heur, proto_rtp);
}
