Wireshark · Wireshark-dev: Re: [Wireshark-dev] Conflict between LISP control and LISP data dissectors

Wireshark-dev: Re: [Wireshark-dev] Conflict between LISP control and LISP data dissectors

From: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>

Date: Thu, 2 May 2013 16:49:48 +0200

On Thu, May 2, 2013 at 4:41 PM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

Hi,
Disclaimer: Without looking at the code.

Couldn't the "LISO Data" dissector check the destination port and call LISP control if the port is LISP control?

Regards
Anders

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Lori Jakab
Sent: den 2 maj 2013 16:10
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Conflict between LISP control and LISP data dissectors

Hi,

There is a special "LISP Control" packet type, where the UDP source port is the one registered for "LISP Data" and the UDP destination port is "LISP Control" (4341 and 4342 respectively). Wireshark dissects this packet as "LISP Data" which leads to incorrect dissection. While "LISP Control" can have the port number 4342 as both source and destination, for "LISP Data" 4341 is always the destination port. However, the way the dissector table works, AFAIK, you cannot register a dissector for a destination port only, (something like "udp.dstport") which would solve my problem.

Additionally, I looked at the generated epan/dissectors/register.c, where the "LISP Control" dissector comes before "LISP Data", yet, when both ports are present in the UDP header, the packet gets dissected as "LISP Data".

I would really like to avoid using heuristic dissectors here, since the protocol uses well known ports, and there is only one packet type where there is UDP port clash. Is there any way to solve this issue in such a way, that users don't need to make any extra settings, i.e., it would work as expected out of the box when Wireshark is installed?

Thanks,
-Lori
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-dev] Conflict between LISP control and LISP data dissectors
  - From: Lori Jakab

References:
- [Wireshark-dev] Conflict between LISP control and LISP data dissectors
  - From: Lori Jakab
- Re: [Wireshark-dev] Conflict between LISP control and LISP data dissectors
  - From: Anders Broman

Prev by Date: Re: [Wireshark-dev] Conflict between LISP control and LISP data dissectors
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 49066: /trunk-1.10/ /trunk-1.10/: configure.ac
Previous by thread: Re: [Wireshark-dev] Conflict between LISP control and LISP data dissectors
Next by thread: Re: [Wireshark-dev] Conflict between LISP control and LISP data dissectors
Index(es):
- Date
- Thread