Wireshark mailing list archives
Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Mon, 26 May 2014 10:02:03 -0700
On Mon, May 26, 2014 at 10:00 AM, Richard Sharpe <realrichardsharpe () gmail com> wrote:
On Thu, May 22, 2014 at 12:37 AM, Kukosa, Tomas <tomas.kukosa () unify com> wrote:Hi Richard, I do not know how to decide (and where) whether it is request or response as I have never seen SPNEGO. But the second half of the problem to switch between NegTokenInit and NegTokenInit2 can be solved in following way: #.FN_BODY NegotiationToken/negTokenInit gboolean is_response = FALSE; /* get this information from somewhere */ if (is_response) { return dissect_spnego_NegTokenInit2(%(IMPLICIT_TAG)s, %(TVB)s, %(OFFSET)s, %(ACTX)s, %(TREE)s, %(HF_INDEX)s); } else { return dissect_spnego_NegTokenInit(%(IMPLICIT_TAG)s, %(TVB)s, %(OFFSET)s, %(ACTX)s, %(TREE)s, %(HF_INDEX)s); } #.ENDThank you for that hint. Also, I have found the pinfo pointer in the actx. However, is this an issue?
Well, it looks like it is, since epan/dissectors/packet-spnego.c ended up empty.
[rsharpe@localhost spnego]$ make /usr/bin/python ../../tools/asn2wrs.py \ -b \ -p spnego \ -c ./spnego.cnf \ -s ./packet-spnego-template \ -D . \ -O ../../epan/dissectors \ spnego.asn ASN.1 to Wireshark dissector compiler :0: UserWarning: The same type names for different types. Explicit type renaming is recommended. T_mechListMIC T_mechListMIC NegTokenInit/mechListMIC T_mechListMIC_01 NegTokenTarg/mechListMIC :0: UserWarning: The same field names for different types. Explicit field renaming is recommended. mechListMIC mechListMIC_01 OCTET_STRING NegTokenInit2/mechListMIC mechListMIC T_mechListMIC NegTokenInit/mechListMIC mechListMIC_02 T_mechListMIC_01 NegTokenTarg/mechListMIC :0: UserWarning: The same field names for different types. Explicit field renaming is recommended. mechToken mechToken_01 OCTET_STRING NegTokenInit2/mechToken mechToken T_mechToken NegTokenInit/mechToken -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)
-- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 16)
- Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 19)
- Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 21)
- Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Kukosa, Tomas (May 22)
- Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 26)
- Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 26)
- Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Kukosa, Tomas (May 22)