Ethereal-dev: [Ethereal-dev] Decoding of IPsec over TCP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ph. Marek" <philipp.marek@xxxxxxxxxx>
Date: Mon, 25 Jul 2005 14:17:04 +0200
Hello everybody,

IPSec can be tunneled over a TCP connection; but I've found no way to tell 
ethereal to dissect this. It would allow to use ESP below IP, but that is 
something different :-)

I tried to patch epan/dissectors/packet-ipsec.c to dissect below IP too, but 
I've failed - tethereal dies with
	** ERROR **: file packet.c: line 662 (dissector_add): assertion failed:
	(sub_dissectors)
	aborting...
	Trace/breakpoint trap

I did this by simply appending some lines:
	void
	proto_reg_handoff_ipsec(void)
	{
	  dissector_handle_t esp_handle, ah_handle, ipcomp_handle;

	  data_handle = find_dissector("data");
	  ah_handle = find_dissector("ah");
	  dissector_add("ip.proto", IP_PROTO_AH, ah_handle);
	  esp_handle = find_dissector("esp");
	  dissector_add("ip.proto", IP_PROTO_ESP, esp_handle);
	  ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp);
	  dissector_add("ip.proto", IP_PROTO_IPCOMP, ipcomp_handle);
+
+	  ah_handle = find_dissector("ah");
+	  dissector_add("tcp.proto", IP_PROTO_AH, ah_handle);
+	  esp_handle = find_dissector("esp");
+	  dissector_add("tcp.proto", IP_PROTO_ESP, esp_handle);
+	  ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp);
+	  dissector_add("tcp.proto", IP_PROTO_IPCOMP, ipcomp_handle);

	  ip_dissector_table = find_dissector_table("ip.proto");
	}

Please include this option in your next release.

Thank you!


Regards,

Phil