Wireshark mailing list archives

Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port.

From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Thu, 22 Oct 2015 10:56:49 -0400

On 10/21/15 02:13, Michael wrote:

Hi everyone,

I just want to know if I misunderstood RFC 7348
(https://tools.ietf.org/html/rfc7348 ).

According to section 5 – VXLAN Frame Format, it seems just UDP.Dst-Port
must/should be 4789.

But I have checked the code:

[...]

204       dissector_add_uint("udp.port", UDP_PORT_VXLAN, vxlan_handle);

[...]

Should line 204 be updated to “udp.dport”?

Or I miss something I should know.

No, that wouldn't work because Wireshark doesn't have a "udp.dport"dissector table.

The only subdissector table that Wireshark's UDP dissector provides isnamed "udp.port". This is probably because most protocols involvepackets going to/from the same (hopefully/often IANA-registered if notIANA-assigned) port. So packets going /to/ the well-known port areacknowledged with packets going /from/ that same well-known port.Having subdissectors registered for the port (rather than thedestination port) means Wireshark can decode those responses correctly too.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Michael (Oct 22)
- Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Pascal Quantin (Oct 22)
- Re: Wonder should recognize VxLAN packet with UDP destination port number 4789 but not source port. Jeff Morriss (Oct 22)