Dissector for rtp payload independent from port

Question

Hey guys, I wanna dissect data from rtp body.

I tried this first with adding my defined protocol to the UDP table like that:

function myProto.dissector(buffer, pinfo, tree)
  -- some code here for dissection
end
local udp_dissector_table = DissectorTable.get("udp.port")
udp_dissector_table:add(5010, myProto)

The dissection works fine but unfortunately just for the specified Port 5010. The dissection of the bytes inside of the function myProto.dissector(buffer, pinfo, tree) starts with the beginning ot the udp packet. So buffer() has now the length of the whole RTP content (including header). The problem is now that the RTP can be in UDP packets with differnt ports.

I tried another way which seems to be the better one because in this case it is independent from the UDP port. I registered a postdissector for checking againnst each packet:

function myProto.dissector(buffer, pinfo, tree)
  -- some code here for dissection
end
register_postdissector(myProto)

Now the buffer has the lnegth of the whole frame (ethernet header + ip header + udp header + rtp header + rtp content). So for each of my fields I have to add the offset length of e.g. 42 Bytes (14 + 20 + 8). My problem is now that ethernet frame as well as the ip packets having not everytime a static lnegth.

Is there a way to check if the buffer contains a rtp packet and to check the header length of ethernet / IP? Or is there mybe a way to use my first option but without any fixed port?

Thanks in advance.

Best regards, Danny

Accepted Answer

You should look into registering for rtp.pt or rtp_dyn_payload_type. Have a look into the RTP dissector (epan/dissectors/packet-rtp.c) what that brings you.