Get parent dissector field
Hi,
I'm writing a dissector for a new RTP protocol. Because it is high rate, it extends the standard RTP sequence number from 16-bits to 32-bits by having a "sequence number extension" field to hold the high 16 bits.
What would be really nice in my dissector would be to be able to show the full 32-bit sequence number by reading the 16-bit sequence number from the standard RTP dissector (which is the parent of my dissector), and then combining this with the extension.
Is it possible to easily read a field from a parent protocol in this way?
I've seen some similar questions, but they were all about two custom protocol dissectors interacting, not a custom one interacting with a built in one (so I can't and don't want to change the existing RTP dissector)
There's already an extended sequence number computed as part of the conversation data. Is that what you're looking for? See for example: https://gitlab.com/wireshark/wireshar...
From what I can see at a quick glance, the MSBs of that extended sequence number are arbitrary / locally generated. The protocols I'm interested in hold an actual "end-to-end" extended sequence number as part of a "payload header" after the standard RTP header. See the top of page 5 of RFC4175 (https://tools.ietf.org/search/rfc4175) for one example of this - the other protocols I am interested in take their inspiration from that RFC