Thanks. Code cleanups (and corrections) are always welcome, especially in my
code ;-)
1. I've added a call to the AH dissector in the same way that you've added
ESP - there's nothing significant about AH - if the 4 bytes after the
non-ike-marker are zero'ed, then it's AH. Otherwise, it's ESP and it is its
SPI value. Please see attached.
2. I've registered the ISAKMP dissector to be called for TCP/500 as well.
3. Semantics: Shouldn't we change ISAKMP to IKE?
4. I really hope that someone with implementation for this IPSec over UDP
will test this! (MS, Nortel, Cisco, SSH, F-Secure, anyone?). I'd be grateful
for a dump sent to me as well.
-----Original Message-----
From: Guy Harris [mailto:gharris@xxxxxxxxx]
Sent: Wednesday, August 29, 2001 10:15 AM
To: Yaniv Kaul
Cc: Ethereal-Dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] patch for isakmp dissector
On Wed, Aug 29, 2001 at 12:44:59AM -0700, Guy Harris wrote:
> There isn't an IPSec dissector *per se*. There are ESP and AH
> dissectors; if you want to call them directly, you'd have to ...
I've checked in your patch, with some cleanups, and with code to call
the ESP dissector, along with a change to "packet-ipsec.c" to register
the ESP dissector, as per my previous mail.
There wasn't any code in your patch to dissect the AH Envelope, so I
didn't put changes to call or register the AH dissector; you can add
those if/when you add code to dissect the AH Envelope.
Attachment:
isakmp.patch.gz
Description: GNU Zip compressed data
Attachment:
ipsec.patch.gz
Description: GNU Zip compressed data