this silly protocol uses the same port as ndmp and worse, there is

nothing really in the header to identify it reliably as silly
vendor specific encapsulation

10000 is actually registered by iana for ndmp   so it makes no sense for
a lazy vendor to use it by default.

make it check if the packet is ndmp first before assuming that anything
that goes to port 10000 must be some lazy vendor specific protocol

grrr

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@23009 f5534014-38df-0310-8fa8-9805f1628bb7

diff --git a/epan/dissectors/packet-ipsec-tcp.c b/epan/dissectors/packet-ipsec-tcp.c
index 371306316e490336b3a41169a36806335ad8ba4b..d6c15bd1aba44bbeef69417a5a56f6629c76a95e 100644 (file)
--- a/epan/dissectors/packet-ipsec-tcp.c
+++ b/epan/dissectors/packet-ipsec-tcp.c
@@ -38,6 +38,7 @@
 #include <glib.h>
 #include <epan/packet.h>
 #include <epan/prefs.h>
+#include "packet-ndmp.h"
 
 static int hf_tcpencap_unknown = -1;
 static int hf_tcpencap_zero = -1;
@@ -75,11 +76,29 @@ static dissector_handle_t udp_handle;
 #define TCP_ENCAP_P_ESP 1
 #define TCP_ENCAP_P_UDP 2
 
+
+/* oh what a crap protocol.
+   there is nothing in the protocol that makes it easy to identify and then
+   worse   is that by default it is using port 10000 which ndmp has been
+   using for ages.
+
+   assume it is tcpencap    if it does not look like ndmp
+*/
+static int
+packet_is_tcpencap(tvbuff_t *tvb, packet_info *pinfo)
+{
+       if(check_if_ndmp(tvb, pinfo)){
+               return FALSE;
+       }
+
+       return TRUE;
+}
+
 /*
  * TCP Encapsulation of IPsec Packets  
  * as supported by the cisco vpn3000 concentrator series
  */
-static void
+static int
 dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
        proto_tree *tcpencap_tree = NULL;
@@ -92,6 +111,11 @@ dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
        guint32 offset;
        guint8  protocol;
 
+       /* verify that this looks like a tcpencap packet */
+       if(!packet_is_tcpencap(tvb, pinfo)){
+               return 0;
+       }
+
        if (check_col(pinfo->cinfo, COL_PROTOCOL))
                col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCPENCAP");
        if (check_col(pinfo->cinfo, COL_INFO))
@@ -136,6 +160,7 @@ dissect_tcpencap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                call_dissector(esp_handle, next_tvb, pinfo, tree);
        }
 
+       return tvb_length(tvb);
 }
 
 void
@@ -146,7 +171,7 @@ proto_reg_handoff_tcpencap(void)
        esp_handle = find_dissector("esp");
        udp_handle = find_dissector("udp");
 
-       tcpencap_handle = create_dissector_handle(dissect_tcpencap, proto_tcpencap);
+       tcpencap_handle = new_create_dissector_handle(dissect_tcpencap, proto_tcpencap);
        dissector_add("tcp.port", global_tcpencap_tcp_port, tcpencap_handle);
 }