This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

RTP Header extension in Lua

1

I want to write a dissector to manage some header extensions for RTP protocol. Searching in code, I saw that we need to write a sub-dissector and that it would be called instead of the generic header extension, but how do I register my dissector to the list of sub-dissectors in Lua?

Update

Where is the payload type string locate?

In the packet I want to analyses, it said that payload type is DinamicRTP-Type-98 (98).

I think the real payload type is defined in a RTSP/SDF packet I received a fiew packets ago. Here is it's RTSP content:

RTSP/1.0 200 OK
CSeq: 2
Connection: Keep-Alive
Content-Base: rtsp://10.2.23.28/Storage/
Content-Type: application/sdp
Content-Length: 166

v=0o=- 1 1 IN IP4 10.2.23.28 s=Media Presentation e=NONE c=IN IP4 0.0.0.0 t=0 0 a=control:* m=video 0 RTP/AVP 98 a=rtpmap:98 H264/90000 a=control:trackID=1

With that said, what should be the payload_str_type?

asked 26 Jan ‘12, 12:04

mdesharnais's gravatar image

mdesharnais
21115
accept rate: 0%

edited 27 Jan ‘12, 06:05


One Answer:

1

This should work:

local proto_foo = Proto("foo", "Foo Protocol")
function proto_foo.dissector(buf, pinfo, tree)
  -- ...
end
DissectorTable.get('rtp_hdr_ext'):add('payload_type_str', proto_foo)

where payload_type_str, in your case, is the encoding name, which is parsed from the rtpmap media attribute (the text between the space and slash):

a=rtpmap:98 H264/90000

So, you would use:

DissectorTable.get('rtp_hdr_ext'):add('H264', proto_foo)

Unfortunately, Bug 5208 prevents this subdissector from being called.

UPDATE: According to Bug 6783, this dissector table is actually supposed to key off the RTP header extension ID (a 16-bit integer) instead of the encoding name (a string). Thus, rtp_hdr_ext has been changed from a string table to an integer table, and example usage would be:

DissectorTable.get('rtp_hdr_ext'):add(0xA123, proto_foo)

You can try SVN 40834 (or later) or download an automated build.

answered 26 Jan '12, 18:25

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

edited 05 Feb '12, 10:28

Tanks for your answer. But I am not sure what the payload_type_str is suppose to be in my case. I've just edit my initial question to explain further my situation. Can you please have a look?

(27 Jan '12, 05:44) mdesharnais