Hello everybody,
IPSec can be tunneled over a TCP connection; but I've found no way to tell
ethereal to dissect this. It would allow to use ESP below IP, but that is
something different :-)
I tried to patch epan/dissectors/packet-ipsec.c to dissect below IP too, but
I've failed - tethereal dies with
** ERROR **: file packet.c: line 662 (dissector_add): assertion failed:
(sub_dissectors)
aborting...
Trace/breakpoint trap
I did this by simply appending some lines:
void
proto_reg_handoff_ipsec(void)
{
dissector_handle_t esp_handle, ah_handle, ipcomp_handle;
data_handle = find_dissector("data");
ah_handle = find_dissector("ah");
dissector_add("ip.proto", IP_PROTO_AH, ah_handle);
esp_handle = find_dissector("esp");
dissector_add("ip.proto", IP_PROTO_ESP, esp_handle);
ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp);
dissector_add("ip.proto", IP_PROTO_IPCOMP, ipcomp_handle);
+
+ ah_handle = find_dissector("ah");
+ dissector_add("tcp.proto", IP_PROTO_AH, ah_handle);
+ esp_handle = find_dissector("esp");
+ dissector_add("tcp.proto", IP_PROTO_ESP, esp_handle);
+ ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp);
+ dissector_add("tcp.proto", IP_PROTO_IPCOMP, ipcomp_handle);
ip_dissector_table = find_dissector_table("ip.proto");
}
Please include this option in your next release.
Thank you!
Regards,
Phil