Ethereal-dev: RE: [Ethereal-dev] patch for isakmp dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Yaniv Kaul" <ykaul@xxxxxxxxxxxxxxxx>
Date: Wed, 29 Aug 2001 12:36:47 +0200
Thanks. Code cleanups (and corrections) are always welcome, especially in my
code ;-)

1. I've added a call to the AH dissector in the same way that you've added
ESP - there's nothing significant about AH - if the 4 bytes after the
non-ike-marker are zero'ed, then it's AH. Otherwise, it's ESP and it is its
SPI value. Please see attached.

2. I've registered the ISAKMP dissector to be called for TCP/500 as well.

3. Semantics: Shouldn't we change ISAKMP to IKE?

4. I really hope that someone with implementation for this IPSec over UDP
will test this! (MS, Nortel, Cisco, SSH, F-Secure, anyone?). I'd be grateful
for a dump sent to me as well.


-----Original Message-----
From: Guy Harris [mailto:gharris@xxxxxxxxx]
Sent: Wednesday, August 29, 2001 10:15 AM
To: Yaniv Kaul
Cc: Ethereal-Dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] patch for isakmp dissector


On Wed, Aug 29, 2001 at 12:44:59AM -0700, Guy Harris wrote:
> There isn't an IPSec dissector *per se*.  There are ESP and AH
> dissectors; if you want to call them directly, you'd have to ...

I've checked in your patch, with some cleanups, and with code to call
the ESP dissector, along with a change to "packet-ipsec.c" to register
the ESP dissector, as per my previous mail.

There wasn't any code in your patch to dissect the AH Envelope, so I
didn't put changes to call or register the AH dissector; you can add
those if/when you add code to dissect the AH Envelope.

Attachment: isakmp.patch.gz
Description: GNU Zip compressed data

Attachment: ipsec.patch.gz
Description: GNU Zip compressed data