|
Ethereal[Ethereal-dev] H.223 |
|
||
|
|
Ethereal[Ethereal-dev] H.223 |
|
||
Hi,
I'm trying to write a plugin to dissect H.223, but it's proving somewhat challenging.
H.223 is a cicuit-orientated multiplexing protocol; we are passing it over IP using IAX2, which is a VoIP protocol, which essentially means that the raw H.223 data is transmitted (unreliably) in 160-byte frames over UDP with not much more than a timestamp to allow you to get your frames in order (or, perhaps more likely, drop out-of-order frames) and a call id to distinguish different multiplexes.
The actual process of distinguishing calls from an individual IAX packet is somewhat involved, so my first step has been to make the IAX dissector (which has to do that anyway) set packet_info->ctype=CT_IAX and packet_info->circuit_id = <unique id> and do relevant magic with find_circuit() and circuit_new(), which means that subdissectors can just do find_circuit() and circuit_get_proto_data().
Hopefully, that's good so far. Someone correct me if it sounds ludicrous.
Now, I've fallen at the next hurdle, which is that of delineating and dissecting H.223 MUX-PDUs. PDUs are delineated by a 2-byte magic number (the HDLC flag), and obviously PDUs are likely to span multiple IAX frames; worse yet, the HDLC flag itself could theoretically span two frames. The PDUs have no length or identification data: it's assumed that you'll have a stream of data and you start reading at one HDLC flag and stop at the next.
So my question really is how I could best go about supporting this in Ethereal; the problem is basically that, when you're called to dissect an arbitrary frame, you don't know what the state of the stream is or what the rest of the data in the PDUs at each end of the frame are.
TIA for any advice.
Richard van der Hoff
Powered by MHonArc 2.6.10