Yes, this is a long standing problem:
and
among others, are examples of the same generic problem.
The entire packet_info [dl_|net_]{src, dst} structure doesn't work very well for tunnelled packets, especially those containing the same protocol in the outer layers as well inside the tunnel. The endpoints API is supposed to help, but the TCP dissector doesn't use it, and it would still have to be changed for multiple protocols of the same type, see Michael Mann's comment on #2345.
John
Hi,
We have a proprietary protocol sending usually small frames mixed with larger tunneled ethernet frames over TCP. If we then have a TCP segment where the ethernet frame
Spans 2 segments reassembly fails presumably because pinfo does not have the IP address of the TCP segment. I think we would need a way to create a new pinfo structure
For the tunneled frame? How to do that or some other way to solve the problem? In our case we only have ethernet and a vlan tag then our protocol again so
We “fixed” that by dissecting those bytes in the internal dissector. But I think it may be a generic problem for tunneling that may deserve a proper fix.
tcp_dissect_pdus() is used
Regards
Anders
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe