This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Reusing RFC5285 RTP header Extensions

0

I have a similar issue - I'm trying to dissect an application that rides over RTP.

The "top-level" dissector is registered to the "udp.port" dissector table for the specific ports in use. That dissector manually calls the RTP dissector.

The payload dissector is registered to the "rtp.pt" dissector table for the specific payload types in use. This is automatically called by the RTP dissector.

However, my issue is with the header extensions.

It turns out that the specific header extensions (rtp.ext.profile) in use happen to overlap with the RFC 5285 2-byte range (i.e. 0x10.. - specifically, 0x1001, 0x1003, 0x1005, 0x1007, 0x1009, 0x100a, 0x100c, 0x100e).

Not sure if it is by luck or by design (the protocol definitely predates the RFC), but the extension payload matches the RFC 5825 format, so I was able to register an RTP extension dissector with the "rtp.ext.rfc5285.id" dissector table.

This mostly works. However, I would like to add some information to the tree about the RFC 5285 Application Bits (rtp.ext.rfc5285.appbits), which in my application are used as flags. Is there any way to do this? It would be great if I could register that information with the RTP dissector.

The first thing I tried was to register a dissector for each specific rtp.ext.profile with the "rtp.hdr_ext" table as suggested above, but the problem is that the RFC5285 dissector is called first. If the custom dissectors could be called first, that would address the issue.

asked 09 Feb '15, 10:53

chojiao's gravatar image

chojiao
11225
accept rate: 0%

converted to question 10 Feb '15, 05:07

Jaap's gravatar image

Jaap ♦
11.7k16101