Wireshark mailing list archives
Re: Conflict between LISP control and LISP data dissectors
From: Alexis La Goutte <alexis.lagoutte () gmail com>
Date: Thu, 2 May 2013 16:49:48 +0200
On Thu, May 2, 2013 at 4:41 PM, Anders Broman <anders.broman () ericsson com>wrote:
Hi, Disclaimer: Without looking at the code.
+1
Couldn't the "LISO Data" dissector check the destination port and call LISP control if the port is LISP control?
+1
Regards Anders -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto: wireshark-dev-bounces () wireshark org] On Behalf Of Lori Jakab Sent: den 2 maj 2013 16:10 To: wireshark-dev () wireshark org Subject: [Wireshark-dev] Conflict between LISP control and LISP data dissectors Hi, There is a special "LISP Control" packet type, where the UDP source port is the one registered for "LISP Data" and the UDP destination port is "LISP Control" (4341 and 4342 respectively). Wireshark dissects this packet as "LISP Data" which leads to incorrect dissection. While "LISP Control" can have the port number 4342 as both source and destination, for "LISP Data" 4341 is always the destination port. However, the way the dissector table works, AFAIK, you cannot register a dissector for a destination port only, (something like "udp.dstport") which would solve my problem. Additionally, I looked at the generated epan/dissectors/register.c, where the "LISP Control" dissector comes before "LISP Data", yet, when both ports are present in the UDP header, the packet gets dissected as "LISP Data". I would really like to avoid using heuristic dissectors here, since the protocol uses well known ports, and there is only one packet type where there is UDP port clash. Is there any way to solve this issue in such a way, that users don't need to make any extra settings, i.e., it would work as expected out of the box when Wireshark is installed? Thanks, -Lori ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Conflict between LISP control and LISP data dissectors Lori Jakab (May 02)
- Re: Conflict between LISP control and LISP data dissectors Anders Broman (May 02)
- Re: Conflict between LISP control and LISP data dissectors Alexis La Goutte (May 02)
- Re: Conflict between LISP control and LISP data dissectors Lori Jakab (May 03)
- Re: Conflict between LISP control and LISP data dissectors Alexis La Goutte (May 02)
- Re: Conflict between LISP control and LISP data dissectors Anders Broman (May 02)