Wireshark mailing list archives
tshark -K option not handled correctly in --disable-wireshark build
From: "Jonathan Schilling" <jschilling () niksun com>
Date: Fri, 29 Jan 2010 17:35:59 -0500
Hello, I'm building Wireshark 1.2.5 (but the same situation appears to exist in 1.2.6 and 1.3.2). I'm using it for a special purpose, and only need the command-line tshark, and I don't have the environment set up to build the GTK-based code. So I configured the build with --disable-wireshark. When I run the resulting tshark with the -K keytab option to decrypt/dissect some Kerberos packets, they fail to decrypt. I tracked this down to the code in epan/dissectors/packet-kerberos.c. The bool krb_decrypt is never set to TRUE, thus causing the decrypt routines to exit without doing anything. As I understand it, in normal circumstances that bool is set via its address being passed into the register_preference mechanism, which then sets it via the Wireshark GUI and whatever times the user selects that. I don't quite see how it gets set from the wireshark -K option, but I didn't follow that code. But from the tshark -K option alone, certainly when the Wireshark code is excluded by the --disable-wireshark setting, the bool never gets set. As a fix, it seems to me that whenever the read_keytab_file() function is called in packet-kerberos.c, and the function gets past its various error checks to its normal return point at the end, the krb_decrypt bool should be set to TRUE before the return. Because use of the -K option (which calls read_keytab_file) implicitly states that the user wants Kerberos decryption. I made this change and my tshark began decrypting/dissecting a Kerberos ticket correctly. Am I right about this? Thanks, Jonathan Schilling ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- tshark -K option not handled correctly in --disable-wireshark build Jonathan Schilling (Jan 30)
- Re: tshark -K option not handled correctly in --disable-wireshark build Guy Harris (Jan 30)