[Pascal Quantin <pascal.quantin@xxxxxxxxx>]

Hi Michael,

2015-10-21 8:13 GMT+02:00 Michael <michaelhuang@xxxxxxxxxxx>:

Hi everyone,

 

I just want to know if I misunderstood RFC 7348 (https://tools.ietf.org/html/rfc7348 ).

According to section 5 – VXLAN Frame Format, it seems just UDP.Dst-Port must/should be 4789.

 

But I have checked the code:

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-vxlan.c;hb=2a5a560a64e73832c6a91b4a3772ddbda0e7d5fb

 

196 void

197 proto_reg_handoff_vxlan(void)

198 {

199     dissector_handle_t vxlan_handle;

200

 201     eth_handle = find_dissector("eth");

202

 203     vxlan_handle = create_dissector_handle(dissect_vxlan, proto_vxlan);

204     dissector_add_uint("udp.port", UDP_PORT_VXLAN, vxlan_handle);

205     dissector_add_for_decode_as("udp.port", vxlan_handle);

206

 207 }

 

Should line 204 be updated to “udp.dport”?

No it should not as there is no dissector table for UDP destination port only. The only registered dissector table is for "udp.port" field:
  udp_dissector_table = register_dissector_table("udp.port",
                                                 "UDP port", FT_UINT16, BASE_DEC);

With your change, the VXLAN dissector would not be called anymore.

Your change would imply creating a new dissector table and modify UDP dissector to call it.

Best regards,

Pascal.

Or I miss something I should know.

 

Thanks!

 

Best Regards,

Michael

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe