8.30. SDP Keywords
The SDP keywords are implemented as sticky buffers and can be used to match on fields in SDP messages.
Keyword |
Direction |
|---|---|
sdp.origin |
Both |
sdp.session_name |
Both |
sdp.session_info |
Both |
sdp.uri |
Both |
sdp.email |
Both |
sdp.connection_data |
Both |
sdp.bandwidth |
Both |
sdp.time |
Both |
sdp.repeat_time |
Both |
sdp.timezone |
Both |
sdp.encryption_key |
Both |
sdp.attribute |
Both |
sdp.media.media |
Both |
sdp.media.session_info |
Both |
sdp.media.connection_data |
Both |
sdp.media.encryption_key |
Both |
8.30.1. sdp.origin
This keyword matches on the originator found in an SDP request or response.
8.30.1.1. Syntax
sdp.origin; content:<origin>;
Where <origin> is an originator that follows the SDP Origin (o=) scheme.
8.30.1.2. Examples
sdp.origin; content:"SIPPS 105015165 105015162 IN IP4 192.168.1.2";
8.30.2. sdp.session_name
This keyword matches on the session name found in an SDP request or response.
8.30.2.1. Syntax
sdp.session_name; content:<session_name>;
Where <session_name> is a name that follows the SDP Session name (s=) scheme.
8.30.2.2. Examples
sdp.session_name; content:"SIP call";
8.30.3. sdp.session_info
This keyword matches on the session information found in an SDP request or response.
8.30.3.1. Syntax
sdp.session_info; content:<session_info>;
Where <session_info> is a description that follows the SDP Session information (i=) scheme.
8.30.3.2. Examples
sdp.session_info; content:"Session Description Protocol";
8.30.4. sdp.uri
This keyword matches on the URI found in an SDP request or response.
8.30.4.1. Syntax
sdp.uri; content:<uri>;
Where <uri> is a URI (u=) that the follows the SDP scheme.
8.30.4.2. Examples
sdp.uri; content:"https://www.sdp.proto"
8.30.5. sdp.email
This keyword matches on the email found in an SDP request or response.
8.30.5.1. Syntax
sdp.email; content:<email>
Where <email> is an email address (e=) that follows the SDP scheme.
8.30.5.2. Examples
sdp.email; content:"j.doe@example.com (Jane Doe)";
8.30.6. sdp.phone_number
This keyword matches on the phone number found in an SDP request or response.
8.30.6.1. Syntax
sdp.phone_number; content:<phone_number>
Where <phone_number> is a phone number (p=) that follows the SDP scheme.
8.30.6.2. Examples
sdp.phone_number; content:"+1 617 555-6011 (Jane Doe)";
8.30.7. sdp.connection_data
This keyword matches on the connection found in an SDP request or response.
8.30.7.1. Syntax
sdp.connection_data; content:<connection_data>;
Where <connection_data> is a connection (c=) that follows the SDP scheme.
8.30.7.2. Examples
sdp.connection_data; content:"IN IP4 192.168.1.2"
8.30.8. sdp.bandwidth
This keyword matches on the bandwidths found in an SDP request or response.
8.30.8.1. Syntax
sdp.bandwidth; content:<bandwidth>
Where <bandwidth> is a bandwidth (b=) that follows the SDP scheme.
8.30.8.2. Example
sdp.bandwidth; content:"AS:64"
8.30.9. sdp.time
This keyword matches on the time found in an SDP request or response.
8.30.9.1. Syntax
sdp.time; content:<time>
Where <time> is a time (t=) that follows the SDP scheme.
8.30.9.2. Example
sdp.time; content:"3034423619 3042462419"
8.30.10. sdp.repeat_time
This keyword matches on the repeat time found in an SDP request or response.
8.30.10.1. Syntax
sdp.repeat_time; content:<repeat_time>
Where <repeat_time> is a repeat time (r=) that follows the SDP scheme.
8.30.10.2. Example
sdp.repeat_time; content:"604800 3600 0 90000"
8.30.11. sdp.timezone
This keyword matches on the timezone found in an SDP request or response.
8.30.11.1. Syntax
sdp.timezone; content:<timezone>
Where <timezone> is a timezone (z=) that follows the SDP scheme.
8.30.11.2. Example
sdp.timezone; content:"2882844526 -1h 2898848070 0"
8.30.12. sdp.encryption_key
This keyword matches on the encryption key found in an SDP request or response.
8.30.12.1. Syntax
sdp.encryption_key; content:<encryption_key>
Where <encryption_key> is a key (k=) that follows the SDP scheme.
8.30.12.2. Example
sdp.encryption_key; content:"prompt"
8.30.13. sdp.attribute
This keyword matches on the attributes found in an SDP request or response.
8.30.13.1. Syntax
sdp.attribute; content:<attribute>
Where <attribute> is an attribute (a=) that follows the SDP scheme.
8.30.13.2. Example
sdp.attribute; content:"sendrecv"
8.30.14. sdp.media.media
This keyword matches on the Media subfield of a Media description field found in an SDP request or response.
8.30.14.1. Syntax
sdp.media.media; content:<media>
Where <media> is a media (m=) that follows the SDP scheme.
8.30.14.2. Example
sdp.media.media; content:"audio 30000 RTP/AVP 0 8 97 2 3"
8.30.15. sdp.media.session_info
This keyword matches on the Session information subfield of a Media description field found in an SDP request or response.
8.30.15.1. Syntax
sdp.media.session_info; content:<session_info>
Where <session_info> is a description (i=) that follows the SDP scheme.
8.30.15.2. Example
sdp.media.session_info; content:"Session Description Protocol"
8.30.16. sdp.media.connection_data
This keyword matches on the Connection data subfield of a Media description field found in an SDP request or response.
8.30.16.1. Syntax
sdp.media.connection_data; content:<connection_data>
Where <connection_data> is a connection (c=) that follows the SDP scheme.
8.30.16.2. Example
sdp.media.connection_data; content:"IN IP4 192.168.1.2"
8.30.17. sdp.media.encryption_key
This keyword matches on the Encryption key subfield of a Media description field found in an SDP request or response.
8.30.17.1. Syntax
sdp.media.encryption_key; content:<encryption_key>
Where <encryption_key> is a key (k=) that follows the SDP scheme.
8.30.17.2. Example
sdp.media.encryption_key; content:"prompt"