Ask Your Question
0

Get parent dissector field

asked 2022-07-05 15:49:54 +0000

Michael Firth gravatar image

Hi,

I'm writing a dissector for a new RTP protocol. Because it is high rate, it extends the standard RTP sequence number from 16-bits to 32-bits by having a "sequence number extension" field to hold the high 16 bits.

What would be really nice in my dissector would be to be able to show the full 32-bit sequence number by reading the 16-bit sequence number from the standard RTP dissector (which is the parent of my dissector), and then combining this with the extension.

Is it possible to easily read a field from a parent protocol in this way?

I've seen some similar questions, but they were all about two custom protocol dissectors interacting, not a custom one interacting with a built in one (so I can't and don't want to change the existing RTP dissector)

edit retag flag offensive close merge delete

Comments

There's already an extended sequence number computed as part of the conversation data. Is that what you're looking for? See for example: https://gitlab.com/wireshark/wireshar...

cmaynard gravatar imagecmaynard ( 2022-07-13 21:55:25 +0000 )edit

From what I can see at a quick glance, the MSBs of that extended sequence number are arbitrary / locally generated. The protocols I'm interested in hold an actual "end-to-end" extended sequence number as part of a "payload header" after the standard RTP header. See the top of page 5 of RFC4175 (https://tools.ietf.org/search/rfc4175) for one example of this - the other protocols I am interested in take their inspiration from that RFC

Michael Firth gravatar imageMichael Firth ( 2022-07-14 10:58:26 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2022-07-14 11:08:35 +0000

Michael Firth gravatar image

It seems something like the following works - not sure how bad a practice it is...

.......
Flds.FullSeq = ProtoField.uint32("myproto.FullSequence","Full Sequence Number",base.HEX,nil)
.......
local rtp_seq_field = Field.new("rtp.seq")
.......

function myproto.dissector(buffer, pinfo, tree)
    .......
    local rtp_seq = rtp_seq_field()
    local esn_val = buffer(0,2):uint()
    if rtp_seq ~= nil and esn_field ~= nil then
        local full_seq = esn_val.value * 65536 + rtp_seq.value
        subtree:add(Flds.FullSeq, full_seq):set_generated()
    end
    .......
end
edit flag offensive delete link more

Comments

local esn_val = buffer(0,2):uint() - Returns:The unsigned integer value.

Is the .value needed in esn_val.value?

Chuckc gravatar imageChuckc ( 2022-07-14 19:12:48 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-07-05 15:49:54 +0000

Seen: 221 times

Last updated: Jul 14 '22

Related questions

Registering RTP dissector for PCMU Payload Type 0

how to invert two bytes in lua script dissector ?

How do I get and display packet data information at a specific byte from the first byte?

why protocol is not showing as HTTP even though we sent http request ?

Adjusting Bit order and Endianess in LUA between Dissectors

How do I add "child item" to an item in the subtree?

PRP Dissector and FCS

Now that the g.729 codec patent has expired, will Wireshark include a decoder for it?

Use a UDP payload dissector depending on ip addresses

Reuse (part of) a Wireshark Dissector

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2