Wireshark mailing list archives
Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port.
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Thu, 22 Oct 2015 16:53:40 +0200
Hi Michael, 2015-10-21 8:13 GMT+02:00 Michael <michaelhuang () realtek com>:
Hi everyone, I just want to know if I misunderstood RFC 7348 ( https://tools.ietf.org/html/rfc7348 ). According to section 5 – VXLAN Frame Format, it seems just UDP.Dst-Port must/should be 4789. But I have checked the code: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb 196 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l196> void 197 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l197> proto_reg_handoff_vxlan(void) 198 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l198> { 199 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l199> dissector_handle_t vxlan_handle; 200 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l200> 201 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l201> eth_handle = find_dissector("eth"); 202 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l202> 203 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l203> vxlan_handle = create_dissector_handle(dissect_vxlan, proto_vxlan); 204 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l204> dissector_add_uint("udp.port", UDP_PORT_VXLAN, vxlan_handle); 205 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l205> dissector_add_for_decode_as("udp.port", vxlan_handle); 206 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l206> 207 <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l207> } Should line 204 be updated to “udp.dport”?
No it should not as there is no dissector table for UDP destination port only. The only registered dissector table is for "udp.port" field: udp_dissector_table = register_dissector_table("udp.port", "UDP port", FT_UINT16, BASE_DEC); With your change, the VXLAN dissector would not be called anymore. Your change would imply creating a new dissector table and modify UDP dissector to call it. Best regards, Pascal. Or I miss something I should know.
Thanks! Best Regards, Michael ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Michael (Oct 22)
- Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Pascal Quantin (Oct 22)
- Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Jeff Morriss (Oct 22)