this silly protocol uses the same port as ndmp and worse, there is
nothing really in the header to identify it reliably as silly vendor specific encapsulation 10000 is actually registered by iana for ndmp so it makes no sense for a lazy vendor to use it by default. make it check if the packet is ndmp first before assuming that anything that goes to port 10000 must be some lazy vendor specific protocol grrr svn path=/trunk/; revision=23009
This commit is contained in:
parent
b6aeeb9821
commit
93c5c7a70c
|
@ -38,6 +38,7 @@
|
|||
#include <glib.h>
|
||||
#include <epan/packet.h>
|
||||
#include <epan/prefs.h>
|
||||
#include "packet-ndmp.h"
|
||||
|
||||
static int hf_tcpencap_unknown = -1;
|
||||
static int hf_tcpencap_zero = -1;
|
||||
|
@ -75,11 +76,29 @@ static dissector_handle_t udp_handle;
|
|||
#define TCP_ENCAP_P_ESP 1
|
||||
#define TCP_ENCAP_P_UDP 2
|
||||
|
||||
|
||||
/* oh what a crap protocol.
|
||||
there is nothing in the protocol that makes it easy to identify and then
|
||||
worse is that by default it is using port 10000 which ndmp has been
|
||||
using for ages.
|
||||
|
||||
assume it is tcpencap if it does not look like ndmp
|
||||
*/
|
||||
static int
|
||||
packet_is_tcpencap(tvbuff_t *tvb, packet_info *pinfo)
|
||||
{
|
||||
if(check_if_ndmp(tvb, pinfo)){
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
* TCP Encapsulation of IPsec Packets
|
||||
* as supported by the cisco vpn3000 concentrator series
|
||||
*/
|
||||
static void
|
||||
static int
|
||||
dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
||||
{
|
||||
proto_tree *tcpencap_tree = NULL;
|
||||
|
@ -92,6 +111,11 @@ dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
guint32 offset;
|
||||
guint8 protocol;
|
||||
|
||||
/* verify that this looks like a tcpencap packet */
|
||||
if(!packet_is_tcpencap(tvb, pinfo)){
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCPENCAP");
|
||||
if (check_col(pinfo->cinfo, COL_INFO))
|
||||
|
@ -136,6 +160,7 @@ dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
call_dissector(esp_handle, next_tvb, pinfo, tree);
|
||||
}
|
||||
|
||||
return tvb_length(tvb);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -146,7 +171,7 @@ proto_reg_handoff_tcpencap(void)
|
|||
esp_handle = find_dissector("esp");
|
||||
udp_handle = find_dissector("udp");
|
||||
|
||||
tcpencap_handle = create_dissector_handle(dissect_tcpencap, proto_tcpencap);
|
||||
tcpencap_handle = new_create_dissector_handle(dissect_tcpencap, proto_tcpencap);
|
||||
dissector_add("tcp.port", global_tcpencap_tcp_port, tcpencap_handle);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue