Le Mardi 24 Août 2004 10:20, Guy Harris a écrit :
> Rémi Denis-Courmont wrote:
> > I've improved the Teredo packet dissector. The attached patch
> > includes correct and more verbose decoding of Teredo authentication
> > headers, and some cleanups.
>
> Checked in.
Thanks.
There's a patch for disabled by default heuristic Teredo dissection
there:
http://people.via.ecp.fr/~rem/samples/ethereal-teredo-heur.patch
Is there a way to only attempt to dissect UDP/IPv4 packets only (and not
UDP/IPv6), as Teredo is not supposed to work on UDP/IPv6 ?
> > I've kept the TAP feature that was in the previous version of the
> > dissector. Yet, the structure which is passed to TAP listeners
> > looks rather bizarre to me.
> Which structure? e_teredohdr? And what's bizarre about it?
Yes.
I don't really get the point of th_indtype: if it's meant as a boolean
for the presence of an Authentication header, it should not be of type
guint16. If it's meant as an indication for the type of Teredo header
present, it's broken, as it only indicates the presence of an
Authentication header, and not that of an Origin Indication.
Similarly, the interpretation of th_header is not obvious either: it
might be the first two bytes of an IPv6 header, or it is zero if there
is an Origin Indication. And finally, th_ip_v_hl is most likely
redumdant.
I am eager to see a TAP listener which makes real use of that.
> > Additionnaly, I could not get col_append_sep_str to work properly.
> > It insists on inserting a separator before the first element. Could
> > someone have a look at that?
>
> I've checked in some changes that might fix that; if you're using the
> current Subversion tree, try that.
That seems to work fine now :-)
Have a nice day,
--
Rémi Denis-Courmont
http://www.simphalempin.com/home/infos/cv.shtml.fr
Attachment:
pgpBZVWqVG_4C.pgp
Description: signature