3 * Routines for RFC 2250 MPEG2 (ISO/IEC 13818-1) Transport Stream dissection
5 * Copyright 2006, Erwin Rol <erwin@erwinrol.com>
6 * Copyright 2012-2014, Guy Martin <gmsoft@tuxicoman.be>
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
12 * SPDX-License-Identifier: GPL-2.0-or-later
17 #include <epan/packet.h>
18 #include <wiretap/wtap.h>
20 #include <epan/rtp_pt.h>
22 #include <epan/conversation.h>
23 #include <epan/expert.h>
24 #include <epan/reassemble.h>
25 #include <epan/address_types.h>
26 #include <epan/proto_data.h>
27 #include <epan/exceptions.h>
28 #include <epan/show_exception.h>
29 #include "packet-l2tp.h"
31 void proto_register_mp2t(void);
32 void proto_reg_handoff_mp2t(void);
34 /* The MPEG2 TS packet size */
35 #define MP2T_PACKET_SIZE 188
36 #define MP2T_SYNC_BYTE 0x47
38 #define MP2T_PID_DOCSIS 0x1FFE
39 #define MP2T_PID_NULL 0x1FFF
41 static dissector_handle_t mp2t_handle;
43 static dissector_handle_t docsis_handle;
44 static dissector_handle_t mpeg_pes_handle;
45 static dissector_handle_t mpeg_sect_handle;
47 static heur_dissector_list_t heur_subdissector_list;
49 static int proto_mp2t = -1;
50 static gint ett_mp2t = -1;
51 static gint ett_mp2t_header = -1;
52 static gint ett_mp2t_af = -1;
53 static gint ett_mp2t_analysis = -1;
54 static gint ett_stuff = -1;
56 static int hf_mp2t_header = -1;
57 static int hf_mp2t_sync_byte = -1;
58 static int hf_mp2t_tei = -1;
59 static int hf_mp2t_pusi = -1;
60 static int hf_mp2t_tp = -1;
61 static int hf_mp2t_pid = -1;
62 static int hf_mp2t_tsc = -1;
63 static int hf_mp2t_afc = -1;
64 static int hf_mp2t_cc = -1;
66 /* static int hf_mp2t_analysis_flags = -1; */
67 static int hf_mp2t_analysis_skips = -1;
68 static int hf_mp2t_analysis_drops = -1;
70 #define MP2T_SYNC_BYTE_MASK 0xFF000000
71 #define MP2T_TEI_MASK 0x00800000
72 #define MP2T_PUSI_MASK 0x00400000
73 #define MP2T_TP_MASK 0x00200000
74 #define MP2T_PID_MASK 0x001FFF00
75 #define MP2T_TSC_MASK 0x000000C0
76 #define MP2T_AFC_MASK 0x00000030
77 #define MP2T_CC_MASK 0x0000000F
79 #define MP2T_SYNC_BYTE_SHIFT 24
80 #define MP2T_TEI_SHIFT 23
81 #define MP2T_PUSI_SHIFT 22
82 #define MP2T_TP_SHIFT 21
83 #define MP2T_PID_SHIFT 8
84 #define MP2T_TSC_SHIFT 6
85 #define MP2T_AFC_SHIFT 4
86 #define MP2T_CC_SHIFT 0
88 static int hf_mp2t_af = -1;
89 static int hf_mp2t_af_length = -1;
90 static int hf_mp2t_af_di = -1;
91 static int hf_mp2t_af_rai = -1;
92 static int hf_mp2t_af_espi = -1;
93 static int hf_mp2t_af_pcr_flag = -1;
94 static int hf_mp2t_af_opcr_flag = -1;
95 static int hf_mp2t_af_sp_flag = -1;
96 static int hf_mp2t_af_tpd_flag = -1;
97 static int hf_mp2t_af_afe_flag = -1;
99 #define MP2T_AF_DI_MASK 0x80
100 #define MP2T_AF_RAI_MASK 0x40
101 #define MP2T_AF_ESPI_MASK 0x20
102 #define MP2T_AF_PCR_MASK 0x10
103 #define MP2T_AF_OPCR_MASK 0x08
104 #define MP2T_AF_SP_MASK 0x04
105 #define MP2T_AF_TPD_MASK 0x02
106 #define MP2T_AF_AFE_MASK 0x01
108 #define MP2T_AF_DI_SHIFT 7
109 #define MP2T_AF_RAI_SHIFT 6
110 #define MP2T_AF_ESPI_SHIFT 5
111 #define MP2T_AF_PCR_SHIFT 4
112 #define MP2T_AF_OPCR_SHIFT 3
113 #define MP2T_AF_SP_SHIFT 2
114 #define MP2T_AF_TPD_SHIFT 1
115 #define MP2T_AF_AFE_SHIFT 0
117 static int hf_mp2t_af_pcr = -1;
118 static int hf_mp2t_af_opcr = -1;
120 static int hf_mp2t_af_sc = -1;
122 static int hf_mp2t_af_tpd_length = -1;
123 static int hf_mp2t_af_tpd = -1;
125 static int hf_mp2t_af_e_length = -1;
126 static int hf_mp2t_af_e_ltw_flag = -1;
127 static int hf_mp2t_af_e_pr_flag = -1;
128 static int hf_mp2t_af_e_ss_flag = -1;
129 static int hf_mp2t_af_e_reserved = -1;
131 #define MP2T_AF_E_LTW_FLAG_MASK 0x80
132 #define MP2T_AF_E_PR_FLAG_MASK 0x40
133 #define MP2T_AF_E_SS_FLAG_MASK 0x20
135 static int hf_mp2t_af_e_reserved_bytes = -1;
136 static int hf_mp2t_af_stuffing_bytes = -1;
138 static int hf_mp2t_af_e_ltwv_flag = -1;
139 static int hf_mp2t_af_e_ltwo = -1;
141 static int hf_mp2t_af_e_pr_reserved = -1;
142 static int hf_mp2t_af_e_pr = -1;
144 static int hf_mp2t_af_e_st = -1;
145 static int hf_mp2t_af_e_dnau_32_30 = -1;
146 static int hf_mp2t_af_e_m_1 = -1;
147 static int hf_mp2t_af_e_dnau_29_15 = -1;
148 static int hf_mp2t_af_e_m_2 = -1;
149 static int hf_mp2t_af_e_dnau_14_0 = -1;
150 static int hf_mp2t_af_e_m_3 = -1;
152 /* static int hf_mp2t_payload = -1; */
153 static int hf_mp2t_stuff_bytes = -1;
154 static int hf_mp2t_pointer = -1;
156 static int mp2t_no_address_type = -1;
158 static const value_string mp2t_sync_byte_vals[] = {
159 { MP2T_SYNC_BYTE, "Correct" },
163 static const value_string mp2t_pid_vals[] = {
164 { 0x0000, "Program Association Table" },
165 { 0x0001, "Conditional Access Table" },
166 { 0x0002, "Transport Stream Description Table" },
167 { 0x0003, "Reserved" },
168 { 0x0004, "Reserved" },
169 { 0x0005, "Reserved" },
170 { 0x0006, "Reserved" },
171 { 0x0007, "Reserved" },
172 { 0x0008, "Reserved" },
173 { 0x0009, "Reserved" },
174 { 0x000A, "Reserved" },
175 { 0x000B, "Reserved" },
176 { 0x000C, "Reserved" },
177 { 0x000D, "Reserved" },
178 { 0x000E, "Reserved" },
179 { 0x000F, "Reserved" },
180 { 0x1FFE, "DOCSIS Data-over-cable well-known PID" },
181 { 0x1FFF, "Null packet" },
186 /* Values below according ETSI ETR 289 */
187 static const value_string mp2t_tsc_vals[] = {
188 { 0, "Not scrambled" },
190 { 2, "Packet scrambled with Even Key" },
191 { 3, "Packet scrambled with Odd Key" },
195 static const value_string mp2t_afc_vals[] = {
197 { 1, "Payload only" },
198 { 2, "Adaptation Field only" },
199 { 3, "Adaptation Field and Payload" },
203 static gint ett_msg_fragment = -1;
204 static gint ett_msg_fragments = -1;
205 static int hf_msg_fragments = -1;
206 static int hf_msg_fragment = -1;
207 static int hf_msg_fragment_overlap = -1;
208 static int hf_msg_fragment_overlap_conflicts = -1;
209 static int hf_msg_fragment_multiple_tails = -1;
210 static int hf_msg_fragment_too_long_fragment = -1;
211 static int hf_msg_fragment_error = -1;
212 static int hf_msg_fragment_count = -1;
213 static int hf_msg_reassembled_in = -1;
214 static int hf_msg_reassembled_length = -1;
216 static int hf_msg_ts_packet_reassembled = -1;
218 static expert_field ei_mp2t_pointer = EI_INIT;
219 static expert_field ei_mp2t_cc_drop = EI_INIT;
220 static expert_field ei_mp2t_invalid_afc = EI_INIT;
222 static const fragment_items mp2t_msg_frag_items = {
223 /* Fragment subtrees */
226 /* Fragment fields */
229 &hf_msg_fragment_overlap,
230 &hf_msg_fragment_overlap_conflicts,
231 &hf_msg_fragment_multiple_tails,
232 &hf_msg_fragment_too_long_fragment,
233 &hf_msg_fragment_error,
234 &hf_msg_fragment_count,
235 /* Reassembled in field */
236 &hf_msg_reassembled_in,
237 /* Reassembled length field */
238 &hf_msg_reassembled_length,
239 /* Reassembled data field */
246 /* Data structure used for detecting CC drops
250 * +-> mp2t_analysis_data
252 * +-> pid_table (RB tree) (key: pid)
254 * | +-> pid_analysis_data (per pid)
255 * | +-> pid_analysis_data
256 * | +-> pid_analysis_data
258 * +-> frame_table (RB tree) (key: pinfo->num)
260 * +-> frame_analysis_data (only created if drop detected)
262 * +-> ts_table (RB tree)
264 * +-> ts_analysis_data (per TS subframe)
265 * +-> ts_analysis_data
266 * +-> ts_analysis_data
269 typedef struct mp2t_analysis_data {
271 /* This structure contains a tree containing data for the
272 * individual pid's, this is only used when packets are
273 * processed sequentially.
275 wmem_tree_t *pid_table;
277 /* When detecting a CC drop, store that information for the
278 * given frame. This info is needed, when clicking around in
279 * wireshark, as the pid table data only makes sense during
280 * sequential processing. The flag pinfo->fd->visited is
281 * used to tell the difference.
284 wmem_tree_t *frame_table;
286 /* Total counters per conversation / multicast stream */
288 guint32 total_discontinuity;
290 } mp2t_analysis_data_t;
292 enum pid_payload_type {
300 typedef struct subpacket_analysis_data {
301 guint32 frag_cur_pos;
302 guint32 frag_tot_len;
303 gboolean fragmentation;
305 } subpacket_analysis_data_t;
307 typedef struct packet_analysis_data {
309 /* Contain information for each MPEG2-TS packet in the current big packet */
310 wmem_tree_t *subpacket_table;
311 } packet_analysis_data_t;
313 /* Analysis TS frame info needed during sequential processing */
314 typedef struct pid_analysis_data {
316 gint8 cc_prev; /* Previous CC number */
317 enum pid_payload_type pload_type;
319 /* Fragments information used for first pass */
320 gboolean fragmentation;
321 guint32 frag_cur_pos;
322 guint32 frag_tot_len;
324 } pid_analysis_data_t;
326 /* Analysis info stored for a TS frame */
327 typedef struct ts_analysis_data {
329 gint8 cc_prev; /* Previous CC number */
330 guint8 skips; /* Skips between Ccs max 14 */
331 } ts_analysis_data_t;
334 typedef struct frame_analysis_data {
336 /* As each frame has several pid's, thus need a pid data
337 * structure per TS frame.
339 wmem_tree_t *ts_table;
341 } frame_analysis_data_t;
343 static mp2t_analysis_data_t *
344 init_mp2t_conversation_data(void)
346 mp2t_analysis_data_t *mp2t_data;
348 mp2t_data = wmem_new0(wmem_file_scope(), struct mp2t_analysis_data);
350 mp2t_data->pid_table = wmem_tree_new(wmem_file_scope());
352 mp2t_data->frame_table = wmem_tree_new(wmem_file_scope());
354 mp2t_data->total_skips = 0;
355 mp2t_data->total_discontinuity = 0;
360 static mp2t_analysis_data_t *
361 get_mp2t_conversation_data(conversation_t *conv)
363 mp2t_analysis_data_t *mp2t_data;
365 mp2t_data = (mp2t_analysis_data_t *)conversation_get_proto_data(conv, proto_mp2t);
367 mp2t_data = init_mp2t_conversation_data();
368 conversation_add_proto_data(conv, proto_mp2t, mp2t_data);
374 static frame_analysis_data_t *
375 init_frame_analysis_data(mp2t_analysis_data_t *mp2t_data, packet_info *pinfo)
377 frame_analysis_data_t *frame_analysis_data_p;
379 frame_analysis_data_p = wmem_new0(wmem_file_scope(), struct frame_analysis_data);
380 frame_analysis_data_p->ts_table = wmem_tree_new(wmem_file_scope());
381 /* Insert into mp2t tree */
382 wmem_tree_insert32(mp2t_data->frame_table, pinfo->num,
383 (void *)frame_analysis_data_p);
385 return frame_analysis_data_p;
389 static frame_analysis_data_t *
390 get_frame_analysis_data(mp2t_analysis_data_t *mp2t_data, packet_info *pinfo)
392 frame_analysis_data_t *frame_analysis_data_p;
393 frame_analysis_data_p = (frame_analysis_data_t *)wmem_tree_lookup32(mp2t_data->frame_table, pinfo->num);
394 return frame_analysis_data_p;
397 static pid_analysis_data_t *
398 get_pid_analysis(mp2t_analysis_data_t *mp2t_data, guint32 pid)
400 pid_analysis_data_t *pid_data;
402 pid_data = (pid_analysis_data_t *)wmem_tree_lookup32(mp2t_data->pid_table, pid);
404 pid_data = wmem_new0(wmem_file_scope(), struct pid_analysis_data);
405 pid_data->cc_prev = -1;
407 pid_data->frag_id = (pid << (32 - 13)) | 0x1;
409 wmem_tree_insert32(mp2t_data->pid_table, pid, (void *)pid_data);
414 /* Structure to handle packets, spanned across
415 * multiple MPEG packets
417 static reassembly_table mp2t_reassembly_table;
420 mp2t_dissect_packet(tvbuff_t *tvb, enum pid_payload_type pload_type,
421 packet_info *pinfo, proto_tree *tree)
423 dissector_handle_t handle = NULL;
425 switch (pload_type) {
426 case pid_pload_docsis:
427 handle = docsis_handle;
430 handle = mpeg_pes_handle;
433 handle = mpeg_sect_handle;
436 /* Should not happen */
441 call_dissector(handle, tvb, pinfo, tree);
443 call_data_dissector(tvb, pinfo, tree);
447 mp2t_get_packet_length(tvbuff_t *tvb, guint offset, packet_info *pinfo,
448 guint32 frag_id, enum pid_payload_type pload_type)
451 tvbuff_t *len_tvb = NULL, *frag_tvb = NULL, *data_tvb = NULL;
455 frag = fragment_get(&mp2t_reassembly_table, pinfo, frag_id, NULL);
459 if (!frag) { /* First frame */
460 remaining_len = tvb_reported_length_remaining(tvb, offset);
461 if ( (pload_type == pid_pload_docsis && remaining_len < 4) ||
462 (pload_type == pid_pload_sect && remaining_len < 3) ||
463 (pload_type == pid_pload_pes && remaining_len < 5) ) {
464 /* Not enough info to determine the size of the encapsulated packet */
465 /* Just add the fragment and we'll check out the length later */
471 /* Create a composite tvb out of the two */
472 frag_tvb = tvb_new_subset_remaining(frag->tvb_data, 0);
473 len_tvb = tvb_new_composite();
474 tvb_composite_append(len_tvb, frag_tvb);
476 data_tvb = tvb_new_subset_remaining(tvb, offset);
477 tvb_composite_append(len_tvb, data_tvb);
478 tvb_composite_finalize(len_tvb);
480 offset = frag->offset;
483 /* Get the next packet's size if possible */
484 switch (pload_type) {
485 case pid_pload_docsis:
486 pkt_len = tvb_get_ntohs(len_tvb, offset + 2) + 6;
489 pkt_len = tvb_get_ntohs(len_tvb, offset + 4);
490 if (pkt_len) /* A size of 0 means size not bounded */
494 pkt_len = (tvb_get_ntohs(len_tvb, offset + 1) & 0xFFF) + 3;
497 /* Should not happen */
508 mp2t_fragment_handle(tvbuff_t *tvb, guint offset, packet_info *pinfo,
509 proto_tree *tree, guint32 frag_id,
510 guint frag_offset, guint frag_len,
511 gboolean fragment_last, enum pid_payload_type pload_type)
513 /* proto_item *ti; */
514 fragment_head *frag_msg;
516 gboolean save_fragmented;
517 address save_src, save_dst;
519 save_fragmented = pinfo->fragmented;
520 pinfo->fragmented = TRUE;
521 copy_address_shallow(&save_src, &pinfo->src);
522 copy_address_shallow(&save_dst, &pinfo->dst);
524 /* It's possible that a fragment in the same packet set an address already
525 * This will change the hash value, we need to make sure it's NULL */
527 set_address(&pinfo->src, mp2t_no_address_type, 0, NULL);
528 set_address(&pinfo->dst, mp2t_no_address_type, 0, NULL);
530 /* check length; send frame for reassembly */
531 frag_msg = fragment_add_check(&mp2t_reassembly_table,
532 tvb, offset, pinfo, frag_id, NULL,
537 new_tvb = process_reassembled_data(tvb, offset, pinfo,
539 frag_msg, &mp2t_msg_frag_items,
542 copy_address_shallow(&pinfo->src, &save_src);
543 copy_address_shallow(&pinfo->dst, &save_dst);
546 /* ti = */ proto_tree_add_item(tree, hf_msg_ts_packet_reassembled, tvb, 0, 0, ENC_NA);
547 mp2t_dissect_packet(new_tvb, pload_type, pinfo, tree);
549 col_set_str(pinfo->cinfo, COL_INFO, "[MP2T fragment of a reassembled packet]");
552 pinfo->fragmented = save_fragmented;
557 * Reassembly of various payload types.
559 * DOCSIS MAC frames, PES packets, etc. may begin anywhere within an MPEG-TS
560 * packet or span multiple MPEG packets.
562 * The payload_unit_start_indicator bit in the MPEG-TS header, and the pointer
563 * field, are used to reassemble fragmented frames from MPEG-TS packets.
565 * If that bit is set, a higher-level packet begins in this MPEG-TS
566 * packet, and the MPEG-TS header is followed by a 1-octet pointer field.
567 * The value of the pointer field indicates at which byte the higher-
568 * level packet begins. If that bit is not set, the packet begun in
569 * an earlier MPEG-TS packet continues in this packet, with the data
570 * in the payload going after the data in the previous MPEG-TS packet
571 * (there can be more than one continuing packet).
573 * If the pointer field is non-zero, this MPEG-TS packet contains
574 * the conclusion of one higher-level packet and the beginning of
577 * As the MPEG-TS packets are of a fixed size, stuff bytes are used
578 * as padding before the first byte of a higher-level packet as
581 * This diagram is from Data-Over-Cable Service Interface Specifications,
582 * Downstream RF Interface Specification, CM-SP-DRFI-I16-170111, section 7
583 * "DOWNSTREAM TRANSMISSION CONVERGENCE SUBLAYER", and shows how the
584 * higher-level packets are transported over the MPEG Transport Stream:
586 *+--------------------------------------------------------------------------------+
587 *|MPEG Header | pointer_field | stuff_bytes | Start of Packet #1 |
588 *|(PUSI = 1) | (= 0) | (0 or more) | (up to 183 bytes) |
589 *+--------------------------------------------------------------------------------+
590 *+--------------------------------------------------------------------------------+
591 *|MPEG Header | Continuation of Packet #1 |
592 *|(PUSI = 0) | (up to 183 bytes) |
593 *+--------------------------------------------------------------------------------+
594 *+---------------------------------------------------------------------------------+
595 *|MPEG Header | pointer_field |Tail of Packet #1 | stuff_bytes |Start of Packet #2 |
596 *|(PUSI = 1) | (= M) |(M bytes) | (0 or more) |(N bytes) |
597 *+---------------------------------------------------------------------------------+
599 * For PES and PSI, see ISO/IEC 13818-1 / ITU-T Rec. H.222.0 (05/2006),
600 * section 2.4.3.3 "Semantic definition of fields in Transport Stream packet
601 * layer", which says much the same thing.
604 mp2t_process_fragmented_payload(tvbuff_t *tvb, gint offset, guint remaining_len, packet_info *pinfo,
605 proto_tree *tree, proto_tree *header_tree, guint32 pusi_flag,
606 pid_analysis_data_t *pid_analysis)
612 proto_tree *stuff_tree;
613 packet_analysis_data_t *pdata = NULL;
614 subpacket_analysis_data_t *spdata = NULL;
615 guint32 frag_cur_pos = 0, frag_tot_len = 0;
616 gboolean fragmentation = FALSE;
619 if (pusi_flag && pid_analysis->pload_type == pid_pload_unknown
620 && remaining_len > 3) {
621 /* We should already have identified if it was a DOCSIS packet
622 * Remaining possibility is PES or SECT */
623 if (tvb_get_ntoh24(tvb, offset) == 0x000001) {
624 /* Looks like a PES packet to me ... */
625 pid_analysis->pload_type = pid_pload_pes;
627 /* Most probably a SECT packet */
628 pid_analysis->pload_type = pid_pload_sect;
632 /* Unable to determine the payload type, do nothing */
633 if (pid_analysis->pload_type == pid_pload_unknown)
636 /* PES packet don't have pointer fields, others do */
637 if (pusi_flag && pid_analysis->pload_type != pid_pload_pes) {
638 pointer = tvb_get_guint8(tvb, offset);
639 pi = proto_tree_add_item(header_tree, hf_mp2t_pointer, tvb, offset, 1, ENC_BIG_ENDIAN);
642 if (pointer > remaining_len) {
644 expert_add_info_format(pinfo, pi, &ei_mp2t_pointer,
645 "Pointer value is too large (> remaining data length %u)",
650 if (!pinfo->fd->visited) {
651 /* Get values from our current PID analysis */
652 frag_cur_pos = pid_analysis->frag_cur_pos;
653 frag_tot_len = pid_analysis->frag_tot_len;
654 fragmentation = pid_analysis->fragmentation;
655 frag_id = pid_analysis->frag_id;
656 pdata = (packet_analysis_data_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_mp2t, 0);
658 pdata = wmem_new0(wmem_file_scope(), packet_analysis_data_t);
659 pdata->subpacket_table = wmem_tree_new(wmem_file_scope());
660 p_add_proto_data(wmem_file_scope(), pinfo, proto_mp2t, 0, pdata);
663 spdata = (subpacket_analysis_data_t *)wmem_tree_lookup32(pdata->subpacket_table, offset);
667 spdata = wmem_new0(wmem_file_scope(), subpacket_analysis_data_t);
668 /* Save the info into pdata from pid_analysis */
669 spdata->frag_cur_pos = frag_cur_pos;
670 spdata->frag_tot_len = frag_tot_len;
671 spdata->fragmentation = fragmentation;
672 spdata->frag_id = frag_id;
673 wmem_tree_insert32(pdata->subpacket_table, offset, (void *)spdata);
676 /* Get saved values */
677 pdata = (packet_analysis_data_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_mp2t, 0);
679 /* Occurs for the first packets in the capture which cannot be reassembled */
683 spdata = (subpacket_analysis_data_t *)wmem_tree_lookup32(pdata->subpacket_table, offset);
685 /* Occurs for the first sub packets in the capture which cannot be reassembled */
689 frag_cur_pos = spdata->frag_cur_pos;
690 frag_tot_len = spdata->frag_tot_len;
691 fragmentation = spdata->fragmentation;
692 frag_id = spdata->frag_id;
695 if (frag_tot_len == (guint)-1) {
696 frag_tot_len = mp2t_get_packet_length(tvb, offset, pinfo, frag_id, pid_analysis->pload_type);
698 if (frag_tot_len == (guint)-1) {
704 /* The beginning of a new packet is present */
706 if (pointer > remaining_len) {
708 * Quit, so we don't use the bogus pointer value;
709 * that could cause remaining_len to become
710 * "negative", meaning it becomes a very large
716 /* "pointer" contains the number of bytes until the
717 * start of the new section
719 * if the new section does not start immediately after the
720 * pointer field (i.e. pointer>0), the remaining bytes before the
721 * start of the section are another fragment of the
724 * if pointer is 0, a new upper-layer packet starts at the
725 * beginning of this TS packet
726 * if we have pending fragments, the last TS packet contained the
727 * last fragment and at the time we processed it, we couldn't figure
728 * out that it is the last fragment
729 * this is the case e.g. for PES packets with a 0 length field
730 * ("unbounded length")
731 * to handle this case, we add an empty fragment (pointer==0)
732 * and reassemble, then we process the current TS packet as
736 mp2t_fragment_handle(tvb, offset, pinfo, tree, frag_id, frag_cur_pos,
737 pointer, TRUE, pid_analysis->pload_type);
742 remaining_len -= pointer;
743 fragmentation = FALSE;
747 if (!remaining_len) {
748 /* Shouldn't happen */
752 while (remaining_len > 0) {
753 /* Don't like subsequent packets overwrite the Info column */
754 col_append_str(pinfo->cinfo, COL_INFO, " ");
755 col_set_fence(pinfo->cinfo, COL_INFO);
757 /* Skip stuff bytes */
759 while ((tvb_get_guint8(tvb, offset + stuff_len) == 0xFF)) {
761 if (stuff_len >= remaining_len) {
768 stuff_tree = proto_tree_add_subtree_format(tree, tvb, offset, stuff_len, ett_stuff, NULL, "Stuffing");
769 proto_tree_add_item(stuff_tree, hf_mp2t_stuff_bytes, tvb, offset, stuff_len, ENC_NA);
771 if (stuff_len >= remaining_len) {
774 remaining_len -= stuff_len;
777 /* Get the next packet's size if possible */
778 frag_tot_len = mp2t_get_packet_length(tvb, offset, pinfo, frag_id, pid_analysis->pload_type);
779 if (frag_tot_len == (guint)-1 || !frag_tot_len) {
780 mp2t_fragment_handle(tvb, offset, pinfo, tree, frag_id, 0, remaining_len, FALSE, pid_analysis->pload_type);
781 fragmentation = TRUE;
782 /*offset += remaining_len;*/
783 frag_cur_pos += remaining_len;
787 /* Check for full packets within this TS frame */
789 frag_tot_len <= remaining_len) {
790 next_tvb = tvb_new_subset_length(tvb, offset, frag_tot_len);
791 mp2t_dissect_packet(next_tvb, pid_analysis->pload_type, pinfo, tree);
792 remaining_len -= frag_tot_len;
793 offset += frag_tot_len;
801 if (remaining_len == 0) {
802 pid_analysis->frag_cur_pos = 0;
803 pid_analysis->frag_tot_len = 0;
810 /* There are remaining bytes. Add them to the fragment list */
812 if ((frag_tot_len && frag_cur_pos + remaining_len >= frag_tot_len) || (!frag_tot_len && pusi_flag)) {
813 mp2t_fragment_handle(tvb, offset, pinfo, tree, frag_id, frag_cur_pos, remaining_len, TRUE, pid_analysis->pload_type);
815 fragmentation = FALSE;
819 mp2t_fragment_handle(tvb, offset, pinfo, tree, frag_id, frag_cur_pos, remaining_len, FALSE, pid_analysis->pload_type);
820 fragmentation = TRUE;
821 frag_cur_pos += remaining_len;
825 pid_analysis->fragmentation = fragmentation;
826 pid_analysis->frag_cur_pos = frag_cur_pos;
827 pid_analysis->frag_tot_len = frag_tot_len;
828 pid_analysis->frag_id = frag_id;
833 /* Calc the number of skipped CC numbers. Note that this can easy
834 * overflow, and a value above 7 indicate several network packets
838 calc_skips(gint32 curr, gint32 prev)
842 /* Only count the missing TS frames in between prev and curr.
843 * The "prev" frame CC number seen is confirmed received, it's
844 * the next frames CC counter which is the first known missing
849 /* Calc missing TS frame 'skips' */
852 /* Handle wrap around */
859 #define KEY(pid, cc) ((pid << 4)|cc)
862 detect_cc_drops(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo,
863 guint32 pid, gint32 cc_curr, mp2t_analysis_data_t *mp2t_data)
866 pid_analysis_data_t *pid_data = NULL;
867 ts_analysis_data_t *ts_data = NULL;
868 frame_analysis_data_t *frame_analysis_data_p = NULL;
869 proto_item *flags_item;
871 gboolean detected_drop = FALSE;
874 /* The initial sequential processing stage */
875 if (!pinfo->fd->visited) {
876 /* This is the sequential processing stage */
877 pid_data = get_pid_analysis(mp2t_data, pid);
879 cc_prev = pid_data->cc_prev;
880 pid_data->cc_prev = cc_curr;
882 /* Null packet always have a CC value equal 0 */
886 /* Its allowed that (cc_prev == cc_curr) if adaptation field */
887 if (cc_prev == cc_curr)
890 /* Have not seen this pid before */
894 /* Detect if CC is not increasing by one all the time */
895 if (cc_curr != ((cc_prev+1) & MP2T_CC_MASK)) {
896 detected_drop = TRUE;
898 skips = calc_skips(cc_curr, cc_prev);
900 mp2t_data->total_skips += skips;
901 mp2t_data->total_discontinuity++;
902 /* TODO: if (skips > 7) signal_loss++; ??? */
906 /* Save the info about the dropped packet */
907 if (detected_drop && !pinfo->fd->visited) {
908 /* Lookup frame data, contains TS pid data objects */
909 frame_analysis_data_p = get_frame_analysis_data(mp2t_data, pinfo);
910 if (!frame_analysis_data_p)
911 frame_analysis_data_p = init_frame_analysis_data(mp2t_data, pinfo);
913 /* Create and store a new TS frame pid_data object.
914 This indicate that we have a drop
916 ts_data = wmem_new0(wmem_file_scope(), struct ts_analysis_data);
917 ts_data->cc_prev = cc_prev;
919 ts_data->skips = skips;
920 wmem_tree_insert32(frame_analysis_data_p->ts_table, KEY(pid, cc_curr),
924 /* See if we stored info about drops */
925 if (pinfo->fd->visited) {
927 /* Lookup frame data, contains TS pid data objects */
928 frame_analysis_data_p = get_frame_analysis_data(mp2t_data, pinfo);
929 if (!frame_analysis_data_p)
930 return 0; /* No stored frame data -> no drops*/
932 ts_data = (struct ts_analysis_data *)wmem_tree_lookup32(frame_analysis_data_p->ts_table,
936 if (ts_data->skips > 0) {
937 detected_drop = TRUE;
938 cc_prev = ts_data->cc_prev;
939 skips = ts_data->skips;
945 /* Add info to the proto tree about drops */
947 expert_add_info_format(pinfo, tree, &ei_mp2t_cc_drop,
948 "Detected %d missing TS frames before this (last_cc:%d total skips:%d discontinuity:%d)",
950 mp2t_data->total_skips,
951 mp2t_data->total_discontinuity
954 flags_item = proto_tree_add_uint(tree, hf_mp2t_analysis_skips,
956 PROTO_ITEM_SET_GENERATED(flags_item);
958 flags_item = proto_tree_add_uint(tree, hf_mp2t_analysis_drops,
960 PROTO_ITEM_SET_GENERATED(flags_item);
966 dissect_mp2t_adaptation_field(tvbuff_t *tvb, gint offset, proto_tree *tree)
968 gint af_start_offset;
970 proto_tree *mp2t_af_tree;
975 af_length = tvb_get_guint8(tvb, offset);
976 proto_tree_add_item(tree, hf_mp2t_af_length, tvb, offset, 1, ENC_BIG_ENDIAN);
978 /* fix issues where afc==3 but af_length==0
979 * Adaptaion field...spec section 2.4.3.5: The value 0 is for inserting a single
980 * stuffing byte in a Transport Stream packet. When the adaptation_field_control
981 * value is '11', the value of the adaptation_field_length shall be in the range 0 to 182.
986 af_start_offset = offset;
988 hi = proto_tree_add_item( tree, hf_mp2t_af, tvb, offset, af_length, ENC_NA);
989 mp2t_af_tree = proto_item_add_subtree( hi, ett_mp2t_af );
991 af_flags = tvb_get_guint8(tvb, offset);
992 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_di, tvb, offset, 1, ENC_BIG_ENDIAN);
993 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_rai, tvb, offset, 1, ENC_BIG_ENDIAN);
994 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_espi, tvb, offset, 1, ENC_BIG_ENDIAN);
995 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_pcr_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
996 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_opcr_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
997 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_sp_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
998 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_tpd_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
999 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_afe_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
1002 if (af_flags & MP2T_AF_PCR_MASK) {
1006 /* 33 bit PCR base, 6 bit reserved, 9 bit PCR ext */
1007 pcr_base = tvb_get_ntoh48(tvb, offset) >> (48-33);
1008 pcr_ext = (guint16)(tvb_get_ntoh48(tvb, offset) & 0x1FF);
1010 proto_tree_add_uint64(mp2t_af_tree, hf_mp2t_af_pcr, tvb, offset, 6,
1011 pcr_base*300 + pcr_ext);
1016 if (af_flags & MP2T_AF_OPCR_MASK) {
1020 /* the same format as PCR above */
1021 opcr_base = tvb_get_ntoh48(tvb, offset) >> (48-33);
1022 opcr_ext = (guint16)(tvb_get_ntoh48(tvb, offset) & 0x1FF);
1024 proto_tree_add_uint64(mp2t_af_tree, hf_mp2t_af_opcr, tvb, offset, 6,
1025 opcr_base*300 + opcr_ext);
1030 if (af_flags & MP2T_AF_SP_MASK) {
1031 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_sc, tvb, offset, 1, ENC_BIG_ENDIAN);
1035 if (af_flags & MP2T_AF_TPD_MASK) {
1038 tpd_len = tvb_get_guint8(tvb, offset);
1039 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_tpd_length, tvb, offset, 1, ENC_BIG_ENDIAN);
1042 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_tpd, tvb, offset, tpd_len, ENC_NA);
1046 if (af_flags & MP2T_AF_AFE_MASK) {
1049 gint e_start_offset = offset;
1050 gint reserved_len = 0;
1052 e_len = tvb_get_guint8(tvb, offset);
1053 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_length, tvb, offset, 1, ENC_BIG_ENDIAN);
1056 e_flags = tvb_get_guint8(tvb, offset);
1057 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_ltw_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
1058 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_pr_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
1059 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_ss_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
1060 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_reserved, tvb, offset, 1, ENC_BIG_ENDIAN);
1063 if (e_flags & MP2T_AF_E_LTW_FLAG_MASK) {
1064 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_ltwv_flag, tvb, offset, 2, ENC_BIG_ENDIAN);
1065 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_ltwo, tvb, offset, 2, ENC_BIG_ENDIAN);
1069 if (e_flags & MP2T_AF_E_PR_FLAG_MASK) {
1070 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_pr_reserved, tvb, offset, 3, ENC_BIG_ENDIAN);
1071 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_pr, tvb, offset, 3, ENC_BIG_ENDIAN);
1075 if (e_flags & MP2T_AF_E_SS_FLAG_MASK) {
1076 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_st, tvb, offset, 1, ENC_BIG_ENDIAN);
1077 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_dnau_32_30, tvb, offset, 1, ENC_BIG_ENDIAN);
1078 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_m_1, tvb, offset, 1, ENC_BIG_ENDIAN);
1080 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_dnau_29_15, tvb, offset, 2, ENC_BIG_ENDIAN);
1081 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_m_2, tvb, offset, 2, ENC_BIG_ENDIAN);
1083 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_dnau_14_0, tvb, offset, 2, ENC_BIG_ENDIAN);
1084 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_m_3, tvb, offset, 2, ENC_BIG_ENDIAN);
1088 reserved_len = (e_len + 1) - (offset - e_start_offset);
1089 if (reserved_len > 0) {
1090 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_e_reserved_bytes, tvb, offset, reserved_len, ENC_NA);
1091 offset += reserved_len;
1095 stuffing_len = af_length - (offset - af_start_offset);
1096 if (stuffing_len > 0) {
1097 proto_tree_add_item( mp2t_af_tree, hf_mp2t_af_stuffing_bytes, tvb, offset, stuffing_len, ENC_NA);
1098 offset += stuffing_len;
1105 dissect_tsp(tvbuff_t *tvb, gint offset, packet_info *pinfo,
1106 proto_tree *tree, conversation_t *conv)
1110 gint start_offset = offset;
1112 mp2t_analysis_data_t *mp2t_data;
1113 pid_analysis_data_t *pid_analysis;
1124 proto_item *item = NULL;
1125 proto_tree *mp2t_tree;
1126 proto_tree *mp2t_header_tree;
1127 proto_tree *mp2t_analysis_tree;
1130 ti = proto_tree_add_item( tree, proto_mp2t, tvb, offset, MP2T_PACKET_SIZE, ENC_NA );
1131 mp2t_tree = proto_item_add_subtree( ti, ett_mp2t );
1133 header = tvb_get_ntohl(tvb, offset);
1134 pusi_flag = (header & 0x00400000);
1135 pid = (header & MP2T_PID_MASK) >> MP2T_PID_SHIFT;
1136 tsc = (header & MP2T_TSC_MASK);
1137 afc = (header & MP2T_AFC_MASK) >> MP2T_AFC_SHIFT;
1138 cc = (header & MP2T_CC_MASK) >> MP2T_CC_SHIFT;
1140 proto_item_append_text(ti, " PID=0x%x CC=%d", pid, cc);
1141 col_set_str(pinfo->cinfo, COL_PROTOCOL, "MPEG TS");
1143 hi = proto_tree_add_item( mp2t_tree, hf_mp2t_header, tvb, offset, 4, ENC_BIG_ENDIAN);
1144 mp2t_header_tree = proto_item_add_subtree( hi, ett_mp2t_header );
1146 proto_tree_add_item( mp2t_header_tree, hf_mp2t_sync_byte, tvb, offset, 4, ENC_BIG_ENDIAN);
1147 proto_tree_add_item( mp2t_header_tree, hf_mp2t_tei, tvb, offset, 4, ENC_BIG_ENDIAN);
1148 proto_tree_add_item( mp2t_header_tree, hf_mp2t_pusi, tvb, offset, 4, ENC_BIG_ENDIAN);
1149 proto_tree_add_item( mp2t_header_tree, hf_mp2t_tp, tvb, offset, 4, ENC_BIG_ENDIAN);
1150 proto_tree_add_item( mp2t_header_tree, hf_mp2t_pid, tvb, offset, 4, ENC_BIG_ENDIAN);
1151 proto_tree_add_item( mp2t_header_tree, hf_mp2t_tsc, tvb, offset, 4, ENC_BIG_ENDIAN);
1152 afci = proto_tree_add_item( mp2t_header_tree, hf_mp2t_afc, tvb, offset, 4, ENC_BIG_ENDIAN);
1153 proto_tree_add_item( mp2t_header_tree, hf_mp2t_cc, tvb, offset, 4, ENC_BIG_ENDIAN);
1155 mp2t_data = get_mp2t_conversation_data(conv);
1157 pid_analysis = get_pid_analysis(mp2t_data, pid);
1159 if (pid_analysis->pload_type == pid_pload_unknown) {
1160 if (pid == MP2T_PID_NULL) {
1161 pid_analysis->pload_type = pid_pload_null;
1162 } else if (pid == MP2T_PID_DOCSIS) {
1163 pid_analysis->pload_type = pid_pload_docsis;
1167 if (pid_analysis->pload_type == pid_pload_docsis && (afc != 1)) {
1168 /* DOCSIS packets should not have an adaptation field */
1170 expert_add_info_format(pinfo, afci, &ei_mp2t_invalid_afc,
1171 "Adaptation Field Control for DOCSIS packets must be 0x01");
1175 if (pid_analysis->pload_type == pid_pload_null) {
1176 col_set_str(pinfo->cinfo, COL_INFO, "NULL packet");
1178 expert_add_info_format(pinfo, afci, &ei_mp2t_invalid_afc,
1179 "Adaptation Field Control for NULL packets must be 0x01");
1181 /* Nothing more to do */
1187 /* Create a subtree for analysis stuff */
1188 mp2t_analysis_tree = proto_tree_add_subtree_format(mp2t_tree, tvb, offset, 0, ett_mp2t_analysis, &item, "MPEG2 PCR Analysis");
1189 PROTO_ITEM_SET_GENERATED(item);
1191 skips = detect_cc_drops(tvb, mp2t_analysis_tree, pinfo, pid, cc, mp2t_data);
1194 proto_item_append_text(ti, " skips=%d", skips);
1196 if (afc == 2 || afc == 3)
1197 offset = dissect_mp2t_adaptation_field(tvb, offset, mp2t_tree);
1199 if ((offset - start_offset) < MP2T_PACKET_SIZE)
1200 payload_len = MP2T_PACKET_SIZE - (offset - start_offset);
1208 col_set_str(pinfo->cinfo, COL_INFO, "Adaptation field only");
1209 /* The rest of the packet is stuffing bytes */
1210 proto_tree_add_item( mp2t_tree, hf_mp2t_stuff_bytes, tvb, offset, payload_len, ENC_NA);
1211 offset += payload_len;
1215 mp2t_process_fragmented_payload(tvb, offset, payload_len, pinfo, tree, mp2t_tree, pusi_flag, pid_analysis);
1217 /* Payload is scrambled */
1218 col_set_str(pinfo->cinfo, COL_INFO, "Scrambled TS payload");
1224 dissect_mp2t( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_ )
1226 volatile guint offset = 0;
1227 conversation_t *conv;
1228 const char *saved_proto;
1230 conv = find_or_create_conversation(pinfo);
1232 for (; tvb_reported_length_remaining(tvb, offset) >= MP2T_PACKET_SIZE; offset += MP2T_PACKET_SIZE) {
1236 * If it gets an error that means there's no point in
1237 * dissecting any more TSPs, rethrow the exception in
1240 * If it gets any other error, report it and continue, as that
1241 * means that TSP got an error, but that doesn't mean we should
1242 * stop dissecting TSPs within this frame or chunk of reassembled
1245 saved_proto = pinfo->current_proto;
1247 dissect_tsp(tvb, offset, pinfo, tree, conv);
1249 CATCH_NONFATAL_ERRORS {
1250 show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
1253 * Restore the saved protocol as well; we do this after
1254 * show_exception(), so that the "Malformed packet" indication
1255 * shows the protocol for which dissection failed.
1257 pinfo->current_proto = saved_proto;
1261 return tvb_captured_length(tvb);
1265 heur_dissect_mp2t( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_ )
1270 length = tvb_reported_length_remaining(tvb, offset);
1272 /* Nothing to check for */
1275 if ((length % MP2T_PACKET_SIZE) != 0) {
1276 /* Not a multiple of the MPEG-2 transport packet size */
1279 while (tvb_offset_exists(tvb, offset)) {
1280 if (tvb_get_guint8(tvb, offset) != MP2T_SYNC_BYTE) {
1281 /* No sync byte at the appropriate offset */
1284 offset += MP2T_PACKET_SIZE;
1288 dissect_mp2t(tvb, pinfo, tree, data);
1294 proto_register_mp2t(void)
1296 static hf_register_info hf[] = {
1297 { &hf_mp2t_header, {
1298 "Header", "mp2t.header",
1299 FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL
1301 { &hf_mp2t_sync_byte, {
1302 "Sync Byte", "mp2t.sync_byte",
1303 FT_UINT32, BASE_HEX, VALS(mp2t_sync_byte_vals), MP2T_SYNC_BYTE_MASK, NULL, HFILL
1306 "Transport Error Indicator", "mp2t.tei",
1307 FT_UINT32, BASE_DEC, NULL, MP2T_TEI_MASK, NULL, HFILL
1310 "Payload Unit Start Indicator", "mp2t.pusi",
1311 FT_UINT32, BASE_DEC, NULL, MP2T_PUSI_MASK, NULL, HFILL
1314 "Transport Priority", "mp2t.tp",
1315 FT_UINT32, BASE_DEC, NULL, MP2T_TP_MASK, NULL, HFILL
1319 FT_UINT32, BASE_HEX, VALS(mp2t_pid_vals), MP2T_PID_MASK, NULL, HFILL
1322 "Transport Scrambling Control", "mp2t.tsc",
1323 FT_UINT32, BASE_HEX, VALS(mp2t_tsc_vals), MP2T_TSC_MASK, NULL, HFILL
1326 "Adaptation Field Control", "mp2t.afc",
1327 FT_UINT32, BASE_HEX, VALS(mp2t_afc_vals) , MP2T_AFC_MASK, NULL, HFILL
1330 "Continuity Counter", "mp2t.cc",
1331 FT_UINT32, BASE_DEC, NULL, MP2T_CC_MASK, NULL, HFILL
1334 { &hf_mp2t_analysis_flags, {
1335 "MPEG2-TS Analysis Flags", "mp2t.analysis.flags",
1336 FT_NONE, BASE_NONE, NULL, 0x0,
1337 "This frame has some of the MPEG2 analysis flags set", HFILL
1340 { &hf_mp2t_analysis_skips, {
1341 "TS Continuity Counter Skips", "mp2t.analysis.skips",
1342 FT_UINT8, BASE_DEC, NULL, 0x0,
1343 "Missing TS frames according to CC counter values", HFILL
1345 { &hf_mp2t_analysis_drops, {
1346 "Some frames dropped", "mp2t.analysis.drops",
1347 FT_UINT8, BASE_DEC, NULL, 0x0,
1348 "Discontinuity: A number of TS frames were dropped", HFILL
1351 "Adaptation Field", "mp2t.af",
1352 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL
1354 { &hf_mp2t_af_length, {
1355 "Adaptation Field Length", "mp2t.af.length",
1356 FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL
1359 "Discontinuity Indicator", "mp2t.af.di",
1360 FT_UINT8, BASE_DEC, NULL, MP2T_AF_DI_MASK, NULL, HFILL
1362 { &hf_mp2t_af_rai, {
1363 "Random Access Indicator", "mp2t.af.rai",
1364 FT_UINT8, BASE_DEC, NULL, MP2T_AF_RAI_MASK, NULL, HFILL
1366 { &hf_mp2t_af_espi, {
1367 "Elementary Stream Priority Indicator", "mp2t.af.espi",
1368 FT_UINT8, BASE_DEC, NULL, MP2T_AF_ESPI_MASK, NULL, HFILL
1370 { &hf_mp2t_af_pcr_flag, {
1371 "PCR Flag", "mp2t.af.pcr_flag",
1372 FT_UINT8, BASE_DEC, NULL, MP2T_AF_PCR_MASK, NULL, HFILL
1374 { &hf_mp2t_af_opcr_flag, {
1375 "OPCR Flag", "mp2t.af.opcr_flag",
1376 FT_UINT8, BASE_DEC, NULL, MP2T_AF_OPCR_MASK, NULL, HFILL
1378 { &hf_mp2t_af_sp_flag, {
1379 "Splicing Point Flag", "mp2t.af.sp_flag",
1380 FT_UINT8, BASE_DEC, NULL, MP2T_AF_SP_MASK, NULL, HFILL
1382 { &hf_mp2t_af_tpd_flag, {
1383 "Transport Private Data Flag", "mp2t.af.tpd_flag",
1384 FT_UINT8, BASE_DEC, NULL, MP2T_AF_TPD_MASK, NULL, HFILL
1386 { &hf_mp2t_af_afe_flag, {
1387 "Adaptation Field Extension Flag", "mp2t.af.afe_flag",
1388 FT_UINT8, BASE_DEC, NULL, MP2T_AF_AFE_MASK, NULL, HFILL
1390 { &hf_mp2t_af_pcr, {
1391 "Program Clock Reference", "mp2t.af.pcr",
1392 FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL
1394 { &hf_mp2t_af_opcr, {
1395 "Original Program Clock Reference", "mp2t.af.opcr",
1396 FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL
1399 "Splice Countdown", "mp2t.af.sc",
1400 FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL
1402 { &hf_mp2t_af_tpd_length, {
1403 "Transport Private Data Length", "mp2t.af.tpd_length",
1404 FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL
1406 { &hf_mp2t_af_tpd, {
1407 "Transport Private Data", "mp2t.af.tpd",
1408 FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL
1410 { &hf_mp2t_af_e_length, {
1411 "Adaptation Field Extension Length", "mp2t.af.e_length",
1412 FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL
1414 { &hf_mp2t_af_e_ltw_flag, {
1415 "LTW Flag", "mp2t.af.e.ltw_flag",
1416 FT_UINT8, BASE_DEC, NULL, MP2T_AF_E_LTW_FLAG_MASK, NULL, HFILL
1418 { &hf_mp2t_af_e_pr_flag, {
1419 "Piecewise Rate Flag", "mp2t.af.e.pr_flag",
1420 FT_UINT8, BASE_DEC, NULL, MP2T_AF_E_PR_FLAG_MASK, NULL, HFILL
1422 { &hf_mp2t_af_e_ss_flag, {
1423 "Seamless Splice Flag", "mp2t.af.e.ss_flag",
1424 FT_UINT8, BASE_DEC, NULL, MP2T_AF_E_SS_FLAG_MASK, NULL, HFILL
1426 { &hf_mp2t_af_e_reserved, {
1427 "Reserved", "mp2t.af.e.reserved",
1428 FT_UINT8, BASE_DEC, NULL, 0x1F, NULL, HFILL
1430 { &hf_mp2t_af_e_reserved_bytes, {
1431 "Reserved", "mp2t.af.e.reserved_bytes",
1432 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL
1434 { &hf_mp2t_af_stuffing_bytes, {
1435 "Stuffing", "mp2t.af.stuffing_bytes",
1436 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL
1438 { &hf_mp2t_af_e_ltwv_flag, {
1439 "LTW Valid Flag", "mp2t.af.e.ltwv_flag",
1440 FT_UINT16, BASE_DEC, NULL, 0x8000, NULL, HFILL
1442 { &hf_mp2t_af_e_ltwo, {
1443 "LTW Offset", "mp2t.af.e.ltwo",
1444 FT_UINT16, BASE_DEC, NULL, 0x7FFF, NULL, HFILL
1446 { &hf_mp2t_af_e_pr_reserved, {
1447 "Reserved", "mp2t.af.e.pr_reserved",
1448 FT_UINT24, BASE_DEC, NULL, 0xC00000, NULL, HFILL
1450 { &hf_mp2t_af_e_pr, {
1451 "Piecewise Rate", "mp2t.af.e.pr",
1452 FT_UINT24, BASE_DEC, NULL, 0x3FFFFF, NULL, HFILL
1454 { &hf_mp2t_af_e_st, {
1455 "Splice Type", "mp2t.af.e.st",
1456 FT_UINT8, BASE_DEC, NULL, 0xF0, NULL, HFILL
1458 { &hf_mp2t_af_e_dnau_32_30, {
1459 "DTS Next AU[32...30]", "mp2t.af.e.dnau_32_30",
1460 FT_UINT8, BASE_DEC, NULL, 0x0E, NULL, HFILL
1462 { &hf_mp2t_af_e_m_1, {
1463 "Marker Bit", "mp2t.af.e.m_1",
1464 FT_UINT8, BASE_DEC, NULL, 0x01, NULL, HFILL
1466 { &hf_mp2t_af_e_dnau_29_15, {
1467 "DTS Next AU[29...15]", "mp2t.af.e.dnau_29_15",
1468 FT_UINT16, BASE_DEC, NULL, 0xFFFE, NULL, HFILL
1470 { &hf_mp2t_af_e_m_2, {
1471 "Marker Bit", "mp2t.af.e.m_2",
1472 FT_UINT16, BASE_DEC, NULL, 0x0001, NULL, HFILL
1474 { &hf_mp2t_af_e_dnau_14_0, {
1475 "DTS Next AU[14...0]", "mp2t.af.e.dnau_14_0",
1476 FT_UINT16, BASE_DEC, NULL, 0xFFFE, NULL, HFILL
1478 { &hf_mp2t_af_e_m_3, {
1479 "Marker Bit", "mp2t.af.e.m_3",
1480 FT_UINT16, BASE_DEC, NULL, 0x0001, NULL, HFILL
1483 { &hf_mp2t_payload, {
1484 "Payload", "mp2t.payload",
1485 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL
1488 { &hf_mp2t_stuff_bytes, {
1489 "Stuffing", "mp2t.stuff_bytes",
1490 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL
1492 { &hf_mp2t_pointer, {
1493 "Pointer", "mp2t.pointer",
1494 FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL
1496 { &hf_msg_fragments, {
1497 "Message fragments", "mp2t.msg.fragments",
1498 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL
1500 { &hf_msg_fragment, {
1501 "Message fragment", "mp2t.msg.fragment",
1502 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL
1504 { &hf_msg_fragment_overlap, {
1505 "Message fragment overlap", "mp2t.msg.fragment.overlap",
1506 FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL
1508 { &hf_msg_fragment_overlap_conflicts, {
1509 "Message fragment overlapping with conflicting data",
1510 "mp2t.msg.fragment.overlap.conflicts",
1511 FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL
1513 { &hf_msg_fragment_multiple_tails, {
1514 "Message has multiple tail fragments",
1515 "mp2t.msg.fragment.multiple_tails",
1516 FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL
1518 { &hf_msg_fragment_too_long_fragment, {
1519 "Message fragment too long", "mp2t.msg.fragment.too_long_fragment",
1520 FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL
1522 { &hf_msg_fragment_error, {
1523 "Message defragmentation error", "mp2t.msg.fragment.error",
1524 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL
1526 { &hf_msg_fragment_count, {
1527 "Message fragment count", "mp2t.msg.fragment.count",
1528 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL
1530 { &hf_msg_reassembled_in, {
1531 "Reassembled in", "mp2t.msg.reassembled.in",
1532 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL
1534 { &hf_msg_reassembled_length, {
1535 "Reassembled MP2T length", "mp2t.msg.reassembled.length",
1536 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL
1538 { &hf_msg_ts_packet_reassembled, {
1539 "MPEG TS Packet (reassembled)", "mp2t.ts_packet_reassembled",
1540 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL
1544 static gint *ett[] =
1555 static ei_register_info ei[] = {
1556 { &ei_mp2t_pointer, { "mp2t.pointer_too_large", PI_MALFORMED, PI_ERROR, "Pointer value is too large", EXPFILL }},
1557 { &ei_mp2t_cc_drop, { "mp2t.cc.drop", PI_MALFORMED, PI_ERROR, "Detected missing TS frames", EXPFILL }},
1558 { &ei_mp2t_invalid_afc, { "mp2t.afc.invalid", PI_PROTOCOL, PI_WARN,
1559 "Adaptation Field Control contains an invalid value", EXPFILL }}
1562 expert_module_t* expert_mp2t;
1564 proto_mp2t = proto_register_protocol("ISO/IEC 13818-1", "MP2T", "mp2t");
1566 mp2t_handle = register_dissector("mp2t", dissect_mp2t, proto_mp2t);
1568 proto_register_field_array(proto_mp2t, hf, array_length(hf));
1569 proto_register_subtree_array(ett, array_length(ett));
1570 expert_mp2t = expert_register_protocol(proto_mp2t);
1571 expert_register_field_array(expert_mp2t, ei, array_length(ei));
1573 mp2t_no_address_type = address_type_dissector_register("AT_MP2T_NONE", "No MP2T Address", none_addr_to_str, none_addr_str_len, NULL, NULL, none_addr_len, NULL, NULL);
1575 heur_subdissector_list = register_heur_dissector_list("mp2t.pid", proto_mp2t);
1576 /* Register init of processing of fragmented DEPI packets */
1577 reassembly_table_register(&mp2t_reassembly_table,
1578 &addresses_reassembly_table_functions);
1584 proto_reg_handoff_mp2t(void)
1586 heur_dissector_add("udp", heur_dissect_mp2t, "MP2T over UDP", "mp2t_udp", proto_mp2t, HEURISTIC_ENABLE);
1588 dissector_add_uint("rtp.pt", PT_MP2T, mp2t_handle);
1589 dissector_add_for_decode_as_with_preference("tcp.port", mp2t_handle);
1590 dissector_add_for_decode_as_with_preference("udp.port", mp2t_handle);
1591 heur_dissector_add("usb.bulk", heur_dissect_mp2t, "MP2T USB bulk endpoint", "mp2t_usb_bulk", proto_mp2t, HEURISTIC_ENABLE);
1592 dissector_add_uint("wtap_encap", WTAP_ENCAP_MPEG_2_TS, mp2t_handle);
1593 dissector_add_uint("l2tp.pw_type", L2TPv3_PROTOCOL_DOCSIS_DMPT, mp2t_handle);
1594 dissector_add_string("media_type", "video/mp2t", mp2t_handle);
1596 docsis_handle = find_dissector("docsis");
1597 mpeg_pes_handle = find_dissector("mpeg-pes");
1598 mpeg_sect_handle = find_dissector("mpeg_sect");
1602 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1607 * indent-tabs-mode: nil
1610 * vi: set shiftwidth=4 tabstop=8 expandtab:
1611 * :indentSize=4:tabSize=8:noTabs=true:
git.samba.org / gd / wireshark / .git / blob