UDP dissector in reduced mode expects full UDP header

[mwanggren]

The UDP dissector that is called from the gre_reduced dissector (on line 25) expects to be fed a full UDP header + payload, but only gets the payload. So it attempts to parse the start of the payload as the header. Not sure how to fix that. I made a change that worked well for my purposes though, which was to assume that what was inside the reduced header is RTP, and do:

-       udp_dissector = DissectorTable.get("ip.proto"):get_dissector(17)
-       udp_dissector:call(buffer(4):tvb(), pinfo, tree)
+       rtp_dissector = Dissector.get("rtp")
+       rtp_dissector:call(buffer(4):tvb(), pinfo, tree)

I didn't submit a pull request since the TR does not mandate explicitly that the contents of the reduced mode is RTP, so consider this a bug report and a suggestion for a workaround that at least works better than before.

Thanks!

[mwanggren]

Well after some more testing, turns out that the rtp dissector does not handle the rtcp's, so those don't show correctly anyway... I will look into it some more

[mwanggren]

This takes care of the RTCP's too:

24,25c24,31
<   udp_dissector = DissectorTable.get("ip.proto"):get_dissector(17)
<   udp_dissector:call(buffer(4):tvb(), pinfo, tree)
---
>   local port = buffer:range(2,2):uint()
>   if bit.band(port, 1) == 0 then
>       rtp_dissector = Dissector.get("rtp")
>       rtp_dissector:call(buffer(4):tvb(), pinfo, tree)
>   else
>       rtcp_dissector = Dissector.get("rtcp")
>       rtcp_dissector:call(buffer(4):tvb(), pinfo, tree)
>   end