Ethereal-dev: RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Anders Broman (AL/EAB)" <anders.broman@xxxxxxxxxxxx>
Date: Tue, 28 Mar 2006 14:10:51 +0200
Hi,
I noted that you added:
+#define HAVE_LIBCRYPT
+
In your patch.
The whole idea with adding HAVE_LIBCRYPT is that it will be set by the configure script if the library is present
Which it isn't on my system so your original patch wouldn't build.
I'm not realy familliar with the makefile magic so I'm not quite sure on how to do this, the SSL dissector has
#ifdef HAVE_LIBGNUTLS
If that also implies that libcrypt is avalable that could be used insted.
Otherwise something similar to:
# gnu tls
AM_PATH_LIBGNUTLS(1.0.0,
[
echo "gnuTLS found, enabling ssl decryption"
AC_DEFINE(HAVE_LIBGNUTLS, 1, [Define to use gnutls library])
tls_message="yes"
]
, [
if test x$libgnutls_config_prefix != x ; then
AC_MSG_ERROR([[gnuTLS not found; install gnuTLS-devel package for your system]])
else
echo echo "gnuTLS not found, disabling ssl decryption"
tls_message="no"
fi
]
)
Has to be done in configure.in/config.nmake I think.
The preferense was changed due to failed compile on Solaris:
http://anonsvn.ethereal.com/viewcvs/viewcvs.py?rev=17748&view=rev
Wiki:
Just do a page on IPsec on how to use the dissector to start with.
Best regards
Anders
-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic Roudaut
Sent: den 28 mars 2006 13:24
To: Ethereal development
Subject: Re: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
Hi,
> Hi,
> I have checked in your patch with a change:
> #ifdef HAVE_LIBCRYPT
> #define __USE_LIBGCRYPT__
> #endif
> (Please check if that's correct).
>
yes it seems to be. Nevertheless I modified the comments in the ESP preference since it seems to have been truncated ... perhaps because of your or my editor.
I have also changed hf_esp_pad to hf_esp.pad_len because I used to process the PDML outpout. (It means that now in the output I also have "esp.pad_len").
> Can you please put the information from the readme file on the wiki
> protocol pages.
> Brg
> Anders
As a consequence I also modified the README. Where do you want I put the README in fact. In the InternetProtocolFamily section ? Do I have to do a new section for Network layer (IPSEC) or something similar ? It seems that I have to adapt the README to take into account the format you have defined, right ?
Something completely different. As I wrote I used to check the PDML output.
Thus I noticed that the followings fields are not present in the output :
- Ripng : MustBeZero
- ICMPv6 Neighbor Sollicitation : Reserved
- ICMPv6 Router Sollicitation : Reserved
- ICMPv6 Destination Unreachable : Unused
- ICMPv6 MTU option : Reserved
- TCP : UrgentPointer
- TCP : ack when ack bit is not set.
I modified some of them, is there a need for this ?
Best Regards,
Frederic Roudaut
>
> -----Ursprungligt meddelande-----
> Från: ethereal-dev-bounces@xxxxxxxxxxxx
> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] För Frederic Roudaut
> Skickat: den 25 februari 2006 14:02
> Till: Ethereal development
> Kopia: Ethereal development
> Ämne: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>
>
> Hi
>
>
> I just add a #define __USE_LIBGCRYPT__ that you have to set to be able
> to decrypt ESP payload. Otherwise if not, the original IPSEC dissector
> is compiled. I also notice that on current stable Ethereal versions
> gnutls is not linked.
> Thus you have to install libgcrypt and do:
>
> LDFLAGS=-lgcrypt ./configure && make
>
> For windows you should get:
>
> http://gnunet.org/download/win/libgcrypt-1.2.1.zip
>
> and do something similar.
>
> Best regards
> ---
> Frederic
>
>
>> Paolo,
>>
>> is there a way to compile the dissector with windows. The sourceforge
>> rep
>> (gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
>> gcrypt.h.
>>
>> TIA
>>
>> Thomas
>>
>>
>>> --- Ursprüngliche Nachricht ---
>>> Von: "Filonenko Alexander-AAF013" <AAF013@xxxxxxxxxxxx>
>>> An: "Ethereal development" <ethereal-dev@xxxxxxxxxxxx>
>>> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>> Datum: Fri, 24 Feb 2006 17:42:44 -0500
>>>
>>> Frederic,
>>>
>>> I find IPsec functionality you have added to the dissector very useful.
>>> Hope I can provide you with some feedback in a few weeks.
>>>
>>> Thank you,
>>> Alex Filonenko
>>>
>>> > -----Original Message-----
>>> > From: ethereal-dev-bounces@xxxxxxxxxxxx
>>> > [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic
>>> > Roudaut
>>> > Sent: Friday, February 24, 2006 10:01 AM
>>> > To: Ethereal development
>>> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>> >
>>> >
>>> > Hi,
>>> >
>>> > finally, I have updated my dissector using libgcrypt.
>>> > It does not use openssl anymore.
>>> > If gnutls is installed, all should work.
>>> > Thus, now it should decrypt and dissect (transport/tunnel/several
>>> > encapsulations ...) :
>>> >
>>> > - NULL Encryption Algorithm
>>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
>>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>>> > 32 bits will be used as nonce.
>>> > - DES-CBC [RFC2405] : keylen 64 bits
>>> >
>>> > I also have added :
>>> >
>>> > - BLOWFISH-CBC : keylen 128 bits.
>>> > - TWOFISH-CBC : keylen 128/256 bits.
>>> >
>>> > You have to indicate the Authentication algorithm even if all
>>> > Algorithms since it uses 12 bytes in the Auth field should work
>>> > (have a look to the README to understand why I put it
>>> > ;-) ). If you consider I have to throw it away please tell me.
>>> >
>>> > HMAC-SHA1-96 [RFC2404]
>>> > NULL
>>> > AES-XCBC-MAC-96 [RFC3566]
>>> > HMAC-MD5-96 [RFC2403]
>>> >
>>> > In the attachment you will get :
>>> > - this dissector
>>> > - a new README
>>> > - some example capture files with associated preferences files
>>> > (and setkey config files)
>>> >
>>> >
>>> > Best Regards,
>>> >
>>> >
>>> > ----
>>> > Frederic
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Frédéric ROUDAUT
>>> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
>>> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>>> >
>>> >
>>> _______________________________________________
>>> Ethereal-dev mailing list
>>> Ethereal-dev@xxxxxxxxxxxx
>>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>>
>>
>> --
>> DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
>> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
>> _______________________________________________
>> Ethereal-dev mailing list
>> Ethereal-dev@xxxxxxxxxxxx
>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
- Prev by Date: Re: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
- Next by Date: RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
- Previous by thread: Re: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
- Next by thread: RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
- Index(es):
