Masatake YAMATO napsal(a): > Hi, > > I'm reworking on wireshark dissector for corosync. > https://github.com/masatake/wireshark-plugin-rhcs > > > With quick looking, it seems that the wire format of crypto layer > is changed between 1.x and 2.x. > > How can I know which format is used from a given packet? > It seems that port 5405 is used both versions. > > I'd like to resubmit dissectors for totemnet(handling decryption here) > totemsrp and totemmpg to wireshark project this time. However, most of > all my code is based on corosync 1.x shipped as part of RHEL6. > > I'd like to prepare the room to handle packets of 2.x in my patc but > I don't want to implement dissectors for 2.x now. > > > I'd like to add following code to my patch: > > if (CONDITION(packet)) { > my_dissector_for_1_x(packet); > } else { > printf("TODO\n"); > } > > I'd like to know how CONDITION is. > Best condition is probably to test, if two first bytes are FE. We had other values in 2.{0..2}, but they are unsupported. and 2.3 ALWAYS put CRYPTO_CIPHER_TYPE_2_3 (= UINT8_MAX - 1) into first two bytes + (but this can change) next two bytes are 0. In flatiron, first byte should be 0 to 5 for unencrypted message, and (sadly) almost anything for encrypted message. So CONDITION is not 100%, but should be just good enough. Regards, Honza > Regards, > Masatake YAMATO > _______________________________________________ > discuss mailing list > discuss@xxxxxxxxxxxx > http://lists.corosync.org/mailman/listinfo/discuss _______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss
