diff options
| author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2007-09-28 07:34:42 +0000 |
|---|---|---|
| committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2007-09-28 07:34:42 +0000 |
| commit | 93c5c7a70c60a8e1d137552bb872404a880240af (patch) | |
| tree | d204a3f5d460b1834dc28c7d8ee3445036190f01 /epan | |
| parent | b6aeeb982185be8682e898e05482c0e282e625fb (diff) | |
this silly protocol uses the same port as ndmp and worse, there is
nothing really in the header to identify it reliably as silly
vendor specific encapsulation
10000 is actually registered by iana for ndmp so it makes no sense for
a lazy vendor to use it by default.
make it check if the packet is ndmp first before assuming that anything
that goes to port 10000 must be some lazy vendor specific protocol
grrr
svn path=/trunk/; revision=23009
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-ipsec-tcp.c | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ipsec-tcp.c b/epan/dissectors/packet-ipsec-tcp.c index 371306316e..d6c15bd1ab 100644 --- a/epan/dissectors/packet-ipsec-tcp.c +++ b/epan/dissectors/packet-ipsec-tcp.c @@ -38,6 +38,7 @@ #include <glib.h> #include <epan/packet.h> #include <epan/prefs.h> +#include "packet-ndmp.h" static int hf_tcpencap_unknown = -1; static int hf_tcpencap_zero = -1; @@ -75,11 +76,29 @@ static dissector_handle_t udp_handle; #define TCP_ENCAP_P_ESP 1 #define TCP_ENCAP_P_UDP 2 + +/* oh what a crap protocol. + there is nothing in the protocol that makes it easy to identify and then + worse is that by default it is using port 10000 which ndmp has been + using for ages. + + assume it is tcpencap if it does not look like ndmp +*/ +static int +packet_is_tcpencap(tvbuff_t *tvb, packet_info *pinfo) +{ + if(check_if_ndmp(tvb, pinfo)){ + return FALSE; + } + + return TRUE; +} + /* * TCP Encapsulation of IPsec Packets * as supported by the cisco vpn3000 concentrator series */ -static void +static int dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *tcpencap_tree = NULL; @@ -92,6 +111,11 @@ dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint32 offset; guint8 protocol; + /* verify that this looks like a tcpencap packet */ + if(!packet_is_tcpencap(tvb, pinfo)){ + return 0; + } + if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCPENCAP"); if (check_col(pinfo->cinfo, COL_INFO)) @@ -136,6 +160,7 @@ dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) call_dissector(esp_handle, next_tvb, pinfo, tree); } + return tvb_length(tvb); } void @@ -146,7 +171,7 @@ proto_reg_handoff_tcpencap(void) esp_handle = find_dissector("esp"); udp_handle = find_dissector("udp"); - tcpencap_handle = create_dissector_handle(dissect_tcpencap, proto_tcpencap); + tcpencap_handle = new_create_dissector_handle(dissect_tcpencap, proto_tcpencap); dissector_add("tcp.port", global_tcpencap_tcp_port, tcpencap_handle); } |