Wireshark mailing list archives

Re: Encapsulated IP

From: Ronald Howe <rhowe () apriva com>
Date: Tue, 21 Sep 2010 09:51:11 -0700

ok Can I then use SET_ADDRESS to put the Source and Destination fields back to the original IP address not the 
encapsulated Address? 
That would be more useful to the guys using the tool.


thanks 
Ron
________________________________________
ge: 5
Date: Mon, 20 Sep 2010 17:16:39 -0700
From: Ronald Howe <rhowe () apriva com>
Subject: Re: [Wireshark-dev] Encapsulated IP
To: "wireshark-dev () wireshark org" <wireshark-dev () wireshark org>
Message-ID:
        <B096CFD34CBCD749BC0ECE00CD248732167F89727A () EXCHANGE04 apriva com>
Content-Type: text/plain; charset="us-ascii"

The col_set_writable does not seem to make a difference in the source and destination address
They seem to update when I call the ip dissector again. If I could read those columns before
I call the dissector I could replace the fields when it returns but I don't see a function in column-utils.h to do that.

------------------------------

Message: 6
Date: Mon, 20 Sep 2010 17:25:26 -0700
From: Guy Harris <guy () alum mit edu>
Subject: Re: [Wireshark-dev] Encapsulated IP
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Message-ID: <AD59B040-66AF-4B08-BDD9-E0B79E01786C () alum mit edu>
Content-Type: text/plain; charset=us-ascii


On Sep 20, 2010, at 5:16 PM, Ronald Howe wrote:

The col_set_writable does not seem to make a difference in the source and destination address


Nope.  The columns are set based on the addresses set by SET_ADDRESS, and we do not allow a dissector to prevent 
another dissector from setting the address (if your dissector were to prevent the IP dissector from setting the 
address, that would violate assumptions, made by dissectors running atop IP and atop dissectors themselves running atop 
IP, that they can fetch the source and destination IP addresses for the IP datagram that directly contained them).

------------------------------

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Encapsulated IP Ronald Howe (Sep 20)
- Re: Encapsulated IP Stephen Fisher (Sep 20)
- <Possible follow-ups>
- Re: Encapsulated IP Ronald Howe (Sep 20)
  - Re: Encapsulated IP Guy Harris (Sep 20)
- Re: Encapsulated IP Ronald Howe (Sep 21)
  - Re: Encapsulated IP Guy Harris (Sep 21)
- Re: Encapsulated IP Ronald Howe (Sep 21)