Ethereal-dev: Re: [Ethereal-dev] PATCH: ESP transport null encyption decode

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 22 Oct 2004 10:52:11 -0700
Mark Phillips wrote:


  The code assumes that if this is a transport ESP NULL encrypted
  packet it will contain a 12 byte (ie. SHA1 or MD5) authentication
  trailer, prefixed with the ESP pad and payload type field, which in
  turn will specify the payload as being ICMP/UDP/TCP. If a reasonable
  payload type is found the the payload is passed to the appropriate
  dissector.


The right way to pass the payload to that dissector would be to:
in the ESP dissector's "register handoff" routine, call "find_dissector_table()" with an argument of "ip.proto" to get a pointer to IP's dissector table for IP protocol numbers;
in the ESP dissector, call "dissector_try_port()" with the protocol number and the appropriate arguments - if it returns TRUE, the packet was dissected by the dissector for that protocol, and if it returns FALSE, it wasn't. You can either do so for all putative protocol number values or do so only for ICMP, UDP, and TCP.
This obviates the need to make dissectors public (which shouldn't be done in almost all cases - dissectors should only be called through handles, if they have the standard dissector signature).