On Wed, Aug 29, 2001 at 10:30:18AM +0200, Yaniv Kaul wrote:
> 3. I'd like to call the IPSec dissector (to dissect ESP or AH packets) after
> I'm done with the header. How do I do that?
There isn't an IPSec dissector *per se*. There are ESP and AH
dissectors; if you want to call them directly, you'd have to change
"proto_register_ipsec()" to register those dissectors by name, after the
ESP and AH protocols have been registered:
register_dissector("esp", dissect_esp, proto_esp);
register_dissector("ah", dissect_ah, proto_ah);
and declare in your dissector's source file handles for those
dissectors:
static dissector_handle_t esp_handle;
static dissector_handle_t ah_handle;
and in your dissector's "proto_reg_handoff" routine get the handles for
those dissectors:
esp_handle = find_dissector("esp");
ah_handle = find_dissector("ah");
and, when you want to call those dissectors, construct a tvbuff for the
ESP and AH headers and payload with "tvb_new_subset()", and call the
dissector with "call_dissector()":
/*
* "offset" here is the offset within the IPSec-over-UDP payload
* of the beginning of the ESP header.
*/
next_tvb = tvb_new_subset(tvb, offset, -1, -1);
call_dissector(esp_handle, next_tvb, pinfo, tree);
and
/*
* "offset" here is the offset within the IPSec-over-UDP payload
* of the beginning of the AH header.
*/
next_tvb = tvb_new_subset(tvb, offset, -1, -1);
call_dissector(ah_handle, next_tvb, pinfo, tree);
