Wireshark-dev: [Wireshark-dev] how to link rtp.p_type to different protocol version for dissect
Hi,
I've got a working plugin / dissector for ISMACryp 1.1 that I'm
currently cleaning up and still checking for bit parsing, but I'd like
your help on handling different ISMACryp versions.
ISMACryp 1.1 is triggered by an RTP payload type "enc-mpeg4-generic"
ISMACryp 2.0 is triggered by an RTP payload type "enc-isoff-generic"
I've done ISMACryp 1.1 but would like to at least have a placeholder for
ISMACryp 2.0, I think that would help other contributors.
Is something like this possible?:
/* not sure how to do this, try to display correct ismacryp
version according to rtp payload type if defined
*rtp.p_type?
*if (check_col(pinfo->cinfo, COL_PROTOCOL) &
pinfo->cinfo->rtp.p_type== "enc-mpeg4-generic"))
* col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_ISMACRYP_11);
*if (check_col(pinfo->cinfo, COL_PROTOCOL) &
check_col(pinfo->rtp.p_type, "enc-isoff-generic"))
* col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_ISMACRYP_20);
*/
Not sure how to switch in dissection e.g. before if (tree) ????
For automatic association to ISMACryp (info sent via SAP/SDP) or
preferences, I have:
void proto_reg_handoff_ismacryp(void)
{
static gboolean ismacryp_prefs_initialized=FALSE;
if (!ismacryp_prefs_initialized) {
ismacryp_handle = create_dissector_handle(dissect_ismacryp,
proto_ismacryp);
ismacryp_prefs_initialized = TRUE;
dynamic_payload_type=0;
}
else { /* ismacryp_prefs_initialized = TRUE */
/* delete existing association of ismacryp with payload_type */
if ( dynamic_payload_type > 95 ){
dissector_delete("rtp.pt", dynamic_payload_type, ismacryp_handle);
}
}
/* always do the following */
dynamic_payload_type = temp_dynamic_payload_type; /*update payload_type
to new value */
if ( dynamic_payload_type > 95 ){
dissector_add("rtp.pt", dynamic_payload_type, ismacryp_handle);
}
dissector_add_string("rtp_dyn_payload_type", "ISMACRYP",
ismacryp_handle);
dissector_add_string("rtp_dyn_payload_type", "enc-mpeg4-generic",
ismacryp_handle); /* ISMACryp 1.1 */
/*dissector_add_string("rtp_dyn_payload_type", "enc-isoff-generic",
ismacryp_handle);*/ /* ISMACryp 2.0 */
}
FYI there is no way to inspect the RTP payload to determine whether or
not ISMACryp version is 1.1 or 2.0 (and 1.1 is a subset of 2.0).
Not sure if there are good examples I can follow or how easy this is,
but appreciate any help.
Thanks,
David
ps dissecting ISMACryp and AU headers only, not decrypting encrypted AUs
pps ISMACryp encrypts audio / video access units transported over RTP