Masatake YAMATO napsal(a):
> Hi,
>
> I'm reworking on wireshark dissector for corosync.
> https://github.com/masatake/wireshark-plugin-rhcs
>
>
> With quick looking, it seems that the wire format of crypto layer
> is changed between 1.x and 2.x.
>
> How can I know which format is used from a given packet?
> It seems that port 5405 is used both versions.
>
> I'd like to resubmit dissectors for totemnet(handling decryption here)
> totemsrp and totemmpg to wireshark project this time. However, most of
> all my code is based on corosync 1.x shipped as part of RHEL6.
>
> I'd like to prepare the room to handle packets of 2.x in my patc but
> I don't want to implement dissectors for 2.x now.
>
>
> I'd like to add following code to my patch:
>
> if (CONDITION(packet)) {
> my_dissector_for_1_x(packet);
> } else {
> printf("TODO\n");
> }
>
> I'd like to know how CONDITION is.
>
Best condition is probably to test, if two first bytes are FE. We had
other values in 2.{0..2}, but they are unsupported. and 2.3 ALWAYS put
CRYPTO_CIPHER_TYPE_2_3 (= UINT8_MAX - 1) into first two bytes + (but
this can change) next two bytes are 0.
In flatiron, first byte should be 0 to 5 for unencrypted message, and
(sadly) almost anything for encrypted message. So CONDITION is not 100%,
but should be just good enough.
Regards,
Honza
> Regards,
> Masatake YAMATO
> _______________________________________________
> discuss mailing list
> [email protected]
> http://lists.corosync.org/mailman/listinfo/discuss
_______________________________________________
discuss mailing list
[email protected]
http://lists.corosync.org/mailman/listinfo/discuss
