Wireshark mailing list archives

Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port.

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Thu, 22 Oct 2015 16:53:40 +0200

Hi Michael,

2015-10-21 8:13 GMT+02:00 Michael <michaelhuang () realtek com>:

Hi everyone,



I just want to know if I misunderstood RFC 7348 (
https://tools.ietf.org/html/rfc7348 ).

According to section 5 – VXLAN Frame Format, it seems just UDP.Dst-Port
must/should be 4789.



But I have checked the code:


https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb



196
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l196>
void

197
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l197>
proto_reg_handoff_vxlan(void)

198
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l198>
{

199
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l199>
    dissector_handle_t vxlan_handle;

200
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l200>

 201
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l201>
    eth_handle = find_dissector("eth");

202
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l202>

 203
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l203>
    vxlan_handle = create_dissector_handle(dissect_vxlan, proto_vxlan);

204
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l204>
    dissector_add_uint("udp.port", UDP_PORT_VXLAN, vxlan_handle);

205
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l205>
    dissector_add_for_decode_as("udp.port", vxlan_handle);

206
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l206>

 207
<https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb#l207>
}



Should line 204 be updated to “udp.dport”?


No it should not as there is no dissector table for UDP destination port
only. The only registered dissector table is for "udp.port" field:
  udp_dissector_table = register_dissector_table("udp.port",
                                                 "UDP port", FT_UINT16,
BASE_DEC);
With your change, the VXLAN dissector would not be called anymore.
Your change would imply creating a new dissector table and modify UDP
dissector to call it.

Best regards,
Pascal.


Or I miss something I should know.




Thanks!



Best Regards,

Michael

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Michael (Oct 22)
- Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Pascal Quantin (Oct 22)
- Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Jeff Morriss (Oct 22)