Wireshark mailing list archives
Re: How do I call the next dissector ...
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sat, 31 May 2014 15:26:16 -0700
On Thu, May 29, 2014 at 10:24 PM, Richard Sharpe <realrichardsharpe () gmail com> wrote:
Hi folks,
to fix the LDAP SASL integrity only stuff, I think I have to do
something like the following:
--- a/asn1/spnego/packet-spnego-template.c
+++ b/asn1/spnego/packet-spnego-template.c
@@ -1026,13 +1026,30 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int off
if (pinfo->gssapi_data_encrypted) {
checksum_size = 44 + ec;
+
+ proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
+ checksum_size, ENC_NA);
+ offset += checksum_size;
+
} else {
- checksum_size = 12;
- }
+ tvbuff_t *inner_token;
+ int inner_token_len = 0;
+ heur_dtbl_entry_t *hdtbl_entry;
- proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
- checksum_size, ENC_NA);
- offset += checksum_size;
+ checksum_size = ec;
+
+ inner_token_len = tvb_reported_length_remaining(tvb, offset) -
+ ec;
+ inner_token = tvb_new_subset(tvb, offset, inner_token_len,
+ tvb_reported_length(tvb));
+
+ call_some_dissector(inner_token, pinfo, tree, FALSE);
+
+ offset += inner_token_len;
+
+ proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
+ checksum_size, ENC_NA);
+ }
if(pinfo->decrypt_gssapi_tvb){
/* if the caller did not provide a tvb, then we just use
So, how do I call the next dissector?
The only clue I have so far is that the inner token looks like it is
ASN.1 encoded because it starts with 0x3073...
Any clues out there?
OK, I found a way to deal with it, but it needs cleaning up and it
does not associate the correct bytes with the LDAP query (although it
at least dissects the LDAP query now.):
diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-te
index ac2d9b1..aaac8a2 100644
--- a/asn1/spnego/packet-spnego-template.c
+++ b/asn1/spnego/packet-spnego-template.c
@@ -1026,13 +1026,29 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int off
if (pinfo->gssapi_data_encrypted) {
checksum_size = 44 + ec;
+
+ proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
+ checksum_size, ENC_NA);
+ offset += checksum_size;
+
} else {
- checksum_size = 12;
- }
+ int inner_token_len = 0;
- proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
- checksum_size, ENC_NA);
- offset += checksum_size;
+ checksum_size = ec;
+
+ inner_token_len = tvb_reported_length_remaining(tvb, offset) -
+ ec;
+
+ pinfo->gssapi_wrap_tvb = tvb_new_subset(tvb, offset,
+ inner_token_len, inner_token_len
+
+ offset += inner_token_len;
+
+ proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
+ checksum_size, ENC_NA);
+
+ return offset;
+ }
if(pinfo->decrypt_gssapi_tvb){
/* if the caller did not provide a tvb, then we just use
diff --git a/epan/dissectors/packet-ldap.c b/epan/dissectors/packet-ldap.c
index 9ee6054..536e52d 100644
--- a/epan/dissectors/packet-ldap.c
+++ b/epan/dissectors/packet-ldap.c
@@ -4129,7 +4129,10 @@ static void
/* if we could unwrap, do a tvb shuffle */
if(pinfo->gssapi_decrypted_tvb){
decr_tvb=pinfo->gssapi_decrypted_tvb;
+ } else if (pinfo->gssapi_wrap_tvb) {
+ plain_tvb=pinfo->gssapi_wrap_tvb;
}
+
/* tidy up */
pinfo->decrypt_gssapi_tvb=0;
pinfo->gssapi_wrap_tvb=NULL;
@@ -4149,7 +4152,7 @@ static void
* see if the wrapping involved encryption of the
* data; if not, just use the plaintext data.
*/
- if (!decr_tvb) {
+ if (!decr_tvb && !plain_tvb) {
if(!pinfo->gssapi_data_encrypted){
plain_tvb = tvb_new_subset_remai
}
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How do I call the next dissector ... Richard Sharpe (May 29)
- Re: How do I call the next dissector ... Richard Sharpe (May 31)
- Re: How do I call the next dissector ... Richard Sharpe (May 31)