This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

RTP Plugin | Possible to create |

0

Hello, I have a question to write a Plugin in Wireshark. I have a RTP Protkoll, where I have Header Extensions. Now I have download and build Wireshark. I have add to this Wireshark Version with my RTP Extensions. Now the RTP Header are really good shown my Extensions. I can build an Installer and so on.

Now I would like to create a Plugin. So that I can use every Wireshark Version with my RTP- Extensions. The problem is. I have not found an example how I can create a Plugin to an existing Protokoll. Is that Possible ? When yes, can you show me an example to start.

Thanks a lot.

asked 17 Apr '14, 01:18

Alias_alias's gravatar image

Alias_alias
21558
accept rate: 0%


2 Answers:

1

You're not creating a plugin replacing an existing protocol, you're trying to extend/build on top of an existing protocol. This is something very normal, heck the core principle of how dissectors are stacked.

What you need to find out is how a dissector exports a hook to which you can register for your specific protocol. If you look in packet-rtp you'll see that when an RTP extension is found (in rtp_hdr_ext_dissector_table) it tries to call any registered subdissector for that extension. It uses the dissectors registered at table rtp.hdr_ext. This is basically not different from the HTML dissector registering itself for tcp.port 80.

answered 17 Apr '14, 06:42

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

I should have looked in the code ;-)

(17 Apr '14, 07:08) Anders ♦

First thanks. You understand what I would like to do.

The Problem for me is that i don't have any Idea how to do that. I would like that my extensions only start when the Protokoll is : static const value_string rtp_payload_type_vals[] = { PT_UNDF_100, "DynamicRTP-Type-100" },

So what i have make ....

.... if( rtp_info->info_payload_type == 0x100 ) { ... proto_tree_add_item(rtp_tree, hf_rtp_hdr_exts, tvb, hdrext_offset_rd, (hdr_extension_len * 4 - 4), ENC_NA) } ...

how now can i make a plugin please give me a example for any protokoll

(22 Apr '14, 09:16) Alias_alias

There is a significant difference in RTP header extensions and RTP payload types. From what I read here I assume that your header extension is only applicable when the RTP payload type is 100 (=0x64 !!). Currently I don't have an example protocol at hand. I would have to fake one.

(24 Apr '14, 04:23) Jaap ♦

0

Have you looked at README.plugins in the doc directory of the source?

answered 17 Apr '14, 02:20

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

yes but i don't find my problem there.

(17 Apr '14, 03:27) Alias_alias

So what have you tried, and what is your problem?

README.plugin tells you exactly what you need to do to take your built-in dissector and make a plugin dissector.

Are you also aware that your plugin is unlikely to work across different versions of Wireshark. You may end up having to make multiple versions of your plugin.

Are you also aware that if you distribute your modified version of Wireshark or your plugin to others then as per the GPL licence you must offer the source code for your changes?

(17 Apr '14, 03:47) grahamb ♦

As you ar replacing the existing RTP dissector with yours you are probably better off building a custom installer and use that. I suppose your extensions are non standard ones otherwise you should offer your code to the Wireshark project. If they need to be private you might want to look into the posibillities of hooking into the existing dissector rather than replacing it. As it stands you will have to reapply your changes every time packet-rtp.c is updated if you want to stay current.

(17 Apr '14, 04:31) Anders ♦