linux lover wrote:
Actually i am in implementation of new protocol
like IPSEC protocol which adds NEW IP header in front
of AH Header i.e. consider packet structure of ipsec TCP+IP1+AH+IP2+ETHERNET
Right-to-left is a bit odd there - do you mean that the packet begins with an Ethernet (or PPP or 802.11 or...) header, followed by an IP header, followed by an AH header, followed by your added IP header, followed by the payload of that IP header?
If so, then:
So how to dissect packet headers in that case.
You'd have to modify the IPv4 and IPv6 dissectors to recognize that case and call the IP dissector.
What indicates that there's an IP header after the AH header? A special value in the "next header" field of the AH header?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
