rtp_ext_onvif_replay.lua

--[[
ONVIF Streaming Specification: 6.2 RTP header extension
 0xABAC length=3
 NTP timestamp
 NTP timestamp
 C E D mbz CSeq padding
--]]

local onvif_replay_proto = Proto("onvif", "ONVIF Replay")

-- ProtoField.new(name, abbr, type, [voidstring], [base], [mask], [descr])
-- base: one of BASE_, or field bit-width if FT_BOOLEAN and non-zero bitmask (_header_field_info)
local ntp_sec = ProtoField.new("NTP Second", "onvif.sec", ftypes.UINT32, nil, base.DEC_HEX)
local ntp_nsec = ProtoField.new("NTP Nanosecond", "onvif.nsec", ftypes.UINT32, nil, base.DEC_HEX)
local ntp_clean = ProtoField.new("Clean", "onvif.c", ftypes.BOOLEAN, nil, 8, 0x80)
local ntp_end = ProtoField.new("End", "onvif.e", ftypes.BOOLEAN, nil, 8, 0x40)
local ntp_discon = ProtoField.new("Discon", "onvif.d", ftypes.BOOLEAN, nil, 8, 0x20)
local ntp_mbz = ProtoField.new("MBZ", "onvif.mbz", ftypes.UINT8, nil, base.DEC, 0x1F)
local ntp_seq = ProtoField.new("Seq", "onvif.seq", ftypes.UINT8)
local ntp_pad = ProtoField.new("Pad", "onvif.pad", ftypes.UINT16)

onvif_replay_proto.fields = {
	ntp_sec, ntp_nsec,
	ntp_clean, ntp_end, ntp_discon, ntp_mbz,
	ntp_seq, ntp_pad,
}

function onvif_replay_proto.dissector(buf, pinfo, tree)
	if buf:len() ~= 12 then return end

	local os = require "os"
	local ntp_time_tbl = os.date("!*t", buf(0,4):uint())
	local ntp_time_str = string.format(" (%02u-%02u-%02u %02u:%02u:%02u UTC)",
									   ntp_time_tbl.year, ntp_time_tbl.month, ntp_time_tbl.day,
									   ntp_time_tbl.hour, ntp_time_tbl.min, ntp_time_tbl.sec)

	local subtree = tree:add(onvif_replay_proto, buf())

	local ntp_sec_item = subtree:add(ntp_sec, buf(0,4))
	ntp_sec_item:append_text(ntp_time_str)

	subtree:add(ntp_nsec, buf(4,4))

	subtree:add(ntp_clean, buf(8,1))
	subtree:add(ntp_end, buf(8,1))
	subtree:add(ntp_discon, buf(8,1))
	subtree:add(ntp_mbz, buf(8,1))

	subtree:add(ntp_seq, buf(9,1))

	subtree:add(ntp_pad, buf(10,2))
end

local rtp_hdr_ext_table = DissectorTable.get("rtp.hdr_ext")
rtp_hdr_ext_table:add(0xABAC, onvif_replay_proto)