On Thu, May 2, 2013 at 4:41 PM, Anders Broman <[email protected]>wrote:
> Hi, > Disclaimer: Without looking at the code. > +1 > Couldn't the "LISO Data" dissector check the destination port and call > LISP control if the port is LISP control? > +1 > Regards > Anders > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Lori Jakab > Sent: den 2 maj 2013 16:10 > To: [email protected] > Subject: [Wireshark-dev] Conflict between LISP control and LISP data > dissectors > > Hi, > > There is a special "LISP Control" packet type, where the UDP source port > is the one registered for "LISP Data" and the UDP destination port is "LISP > Control" (4341 and 4342 respectively). Wireshark dissects this packet as > "LISP Data" which leads to incorrect dissection. While "LISP Control" can > have the port number 4342 as both source and destination, for "LISP Data" > 4341 is always the destination port. However, the way the dissector table > works, AFAIK, you cannot register a dissector for a destination port only, > (something like "udp.dstport") which would solve my problem. > > Additionally, I looked at the generated epan/dissectors/register.c, where > the "LISP Control" dissector comes before "LISP Data", yet, when both ports > are present in the UDP header, the packet gets dissected as "LISP Data". > > I would really like to avoid using heuristic dissectors here, since the > protocol uses well known ports, and there is only one packet type where > there is UDP port clash. Is there any way to solve this issue in such a > way, that users don't need to make any extra settings, i.e., it would work > as expected out of the box when Wireshark is installed? > > Thanks, > -Lori > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
