Hi Guy,
Thanks a lot for the feedback - I thought there must be a way to get
at the top level protocol dissectors, but could only figure out how to get
at the UDP/TCP Port level ones.
I will rework my patch based on your suggestion and resend to the list.
Cheers
Mark Phillips
On Fri, 22 Oct 2004, Guy Harris wrote:
Mark Phillips wrote:
The code assumes that if this is a transport ESP NULL encrypted
packet it will contain a 12 byte (ie. SHA1 or MD5) authentication
trailer, prefixed with the ESP pad and payload type field, which in
turn will specify the payload as being ICMP/UDP/TCP. If a reasonable
payload type is found the the payload is passed to the appropriate
dissector.
The right way to pass the payload to that dissector would be to:
in the ESP dissector's "register handoff" routine, call
"find_dissector_table()" with an argument of "ip.proto" to get a pointer
to IP's dissector table for IP protocol numbers;
in the ESP dissector, call "dissector_try_port()" with the
protocol
number and the appropriate arguments - if it returns TRUE, the packet
was dissected by the dissector for that protocol, and if it returns
FALSE, it wasn't. You can either do so for all putative protocol number
values or do so only for ICMP, UDP, and TCP.
This obviates the need to make dissectors public (which shouldn't be
done in almost all cases - dissectors should only be called through
handles, if they have the standard dissector signature).
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
--
Mark S. Phillips mob. 07903 559147
mark.phillips@xxxxxxxxxx Tel. 01279 441124
Old Nortel address (til Xmas 2004) ESN 742 2461
msp@xxxxxxxxxxxxxxxxxx Tel. +44 1279 402461