Thank you. I'll implement the heuristic method to my code. .. I'm afraid wire formats of upper layer protocols are also changed. Masatake YAMATO > Masatake YAMATO napsal(a): >> Hi, >> >> I'm reworking on wireshark dissector for corosync. >> https://github.com/masatake/wireshark-plugin-rhcs >> >> >> With quick looking, it seems that the wire format of crypto layer >> is changed between 1.x and 2.x. >> >> How can I know which format is used from a given packet? >> It seems that port 5405 is used both versions. >> >> I'd like to resubmit dissectors for totemnet(handling decryption here) >> totemsrp and totemmpg to wireshark project this time. However, most of >> all my code is based on corosync 1.x shipped as part of RHEL6. >> >> I'd like to prepare the room to handle packets of 2.x in my patc but >> I don't want to implement dissectors for 2.x now. >> >> >> I'd like to add following code to my patch: >> >> if (CONDITION(packet)) { >> my_dissector_for_1_x(packet); >> } else { >> printf("TODO\n"); >> } >> >> I'd like to know how CONDITION is. >> > > Best condition is probably to test, if two first bytes are FE. We had > other values in 2.{0..2}, but they are unsupported. and 2.3 ALWAYS put > CRYPTO_CIPHER_TYPE_2_3 (= UINT8_MAX - 1) into first two bytes + (but > this can change) next two bytes are 0. > > In flatiron, first byte should be 0 to 5 for unencrypted message, and > (sadly) almost anything for encrypted message. So CONDITION is not 100%, > but should be just good enough. > > Regards, > Honza > >> Regards, >> Masatake YAMATO >> _______________________________________________ >> discuss mailing list >> discuss@xxxxxxxxxxxx >> http://lists.corosync.org/mailman/listinfo/discuss > _______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss
