With my recent commit in r37945, it is now possible to view GRE-encapsulated IP conversations and endpoints, which also include any other supported conversations such as UDP and TCP as well. However, when looking at the bytes being counted as part of those conversations, I noticed that they were all the same and in fact included the byte count for the entire packet rather than only for the Layer3/4 that the conversation pertained to. For example, I have a Linux Cooked encapsulated packet as follows:
Linux cooked header: 16 bytes IP header: 20 bytes GRE: 8 bytes (normally 4 bytes, but it includes the optional 4 byte key field) IP header: 20 bytes UDP header: 8 bytes UDP Payload: 52 bytes TOTAL: 124 bytes So given the above example, all conversations at all layers show the number of bytes being transferred as 124 bytes. I believe this to be in error. The outer IP conversation encompasses only 108 bytes, the GRE-encapsulated inner IP conversation encompasses only 80 bytes, and the UDP conversation encompasses only 60 bytes. I started making changes to the gtk/conversation*.c and gtk/hostlist*.c files, but thought that I should check with the other developers first to be sure this is the right thing to do. Thoughts? Thanks. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
