Wireshark-bugs: [Wireshark-bugs] [Bug 11413] RTP Lua reassemble does not work for more than two
Comment # 1
on bug 11413
from Hadriel Kaplan
Wireshark performs multiple passes of the packets, dissecting them multiple
times. When it first loads a file, it dissects them but without generating
fields that only affect the details window pane display tree. The
"rtp.timestamp" field happens to be one of those fields that it does not
generate in this initial dissection pass.
Because of that, your Lua proto.dissector() function is actually hitting a Lua
error when it does "getTs().value", because there is no such "rtp.timestamp"
field, so the "getTs()" returns nil, and trying to get the "value" Lua field of
a nil (which is not a table) is a Lua error. So Lua will return immediately on
hitting that error. You don't see that error in Wireshark's details pane
because Wireshark will dissect the packet again and not hit the error the
second time, since there will be a timestamp field then.
Therefore, during the first pass your Lua script is setting the
"pinfo.desegment_len" to 0 implicitly due to the error, for every single
packet. But the RTP dissector expects it to have correctly dissected the packet
in that first pass; so when it runs through and dissects the packets a second
time (at which point your Lua script changes the desegment_len/offset), it's
not working right.
So you need to change your script to dissect the packet the same way regardless
of first or second pass. I can't guarantee it will work correctly even then -
there could be a bug with RTP reassembly as far as I know - but the issue
you're hitting right now is a bug in the Lua script not Wireshark.
You are receiving this mail because:
- You are watching all bug changes.
