一、功能
解析新的协议,该协议前八个字节为自定义字节,剩余的部分为rtp或者rtcp协议。使用lua脚本编写解析器
二、代码
do
local p_demoproto = Proto("demoproto", "DemoProto","demo stream")
local S_R_Shows = {[0x5253] = "SR"}
local CMD_Shows = {[104] = "RTP", [107] = "RTCP", [114] = "AUDIO"}
--normal parameters
local field_sr = ProtoField.uint8("multi.DemoProto","SR",base.DEC, S_R_Shows)
local field_version = ProtoField.uint8("multi.DemoProto","version",base.DEC)
local field_data_len = ProtoField.uint16("multi.DemoProto","datalen",base.DEC)
local field_seqnum = ProtoField.uint16("multi.DemoProto","seqnum",base.DEC)
local field_timestamp = ProtoField.uint32("multi.DemoProto","timestamp",base.DEC)
--filter parameters
local field_channel_id = ProtoField.new("channelid", "DemoProto.channelid", "ftypes.UINT8", nil, base.DEC)
local field_cmd_type = ProtoField.new("cmdtype", "DemoProto.cmdtype", "ftypes.UINT16", CMD_Shows, base.DEC)
local field_ssrc = ProtoField.new("ssrc", "DemoProto.ssrc", "ftypes.UINT32", nil, base.DEC)
p_demoproto.fields = {field_sr, field_version, field_channel_id, field_data_len, field_cmd_type, field_seqnum, field_ssrc, field_timestamp}
local data_dis = Dissector.get("data")
local function ScoreBoard_dissector(buf,pkt,root)
local buf_len = buf:len();
if buf_len < 8 then return false end
--check error
if ((buf(0,1):uint()~=83) and (buf(1,1):uint()~=82)) then
return false
end
local cmd_type = buf(6,1):uint()
local temp = bit.bswap(cmd_type)
if( cmd_type ~=104 and cmd_type ~= 107 and cmd_type ~= 114 ) then
return false
end
local buffer_len = buf:len()
local t = root:add(p_demoproto,buf(0,buffer_len))
pkt.cols.protocol = "demomedia"
t:add_le(field_sr,buf(0,2))
t:add_le(field_version,buf(2,1))
t:add_le(field_channel_id,buf(3,1))
t:add_le(field_data_len,buf(4,2))
t:add_le(field_cmd_type,buf(6,2))
if (cmd_type == 104) then
--rtp
t:add(field_seqnum,buf(10,2)) --seq num
t:add(field_timestamp,buf(12,4)) --seq timestamp
t:add(field_ssrc,buf(16,4)) --seq num
--call internal rtp dissector
local rtp_dissector = Dissector.get("rtp")
--rtp_dissector:call(rtp_buf, pkt, root)
rtp_dissector:call(buf(8, buf_len-8):tvb(),pkt,root)
return true
elseif ( cmd_type == 107 ) then
--rtcp
local rtcp_dissector = Dissector.get("rtcp")
rtcp_dissector:call(buf(8, buf_len-8):tvb(),pkt,root)
return true
elseif ( cmd_type == 114 ) then
--audio
t:add_le(field_channel_id,buf(8,1))
local audio_dissector = Dissector.get("rtcp")
audio_dissector:call(buf(9, buf_len-9):tvb(),pkt,root)
else
return false
end
end
function p_demoproto.dissector(buf,pkt,root)
if ScoreBoard_dissector(buf,pkt,root) then
else
data_dis:call(buf,pkt,root)
end
end
local udp_table = DissectorTable.get("udp.port")
udp_table:add(2000,p_demoproto)
end
三、参考文章
使用Lua脚本为wireshark编写自定义通信协议解析器插件
rtp实时传输协议
Lua/Examples
本文摘录于海阔天空的博客,作者: zjg555543,发布时间: 2015-11-11