Ethereal-dev: RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Frederic Roudaut" <frederic.roudaut@xxxxxxxx>
Date: Tue, 28 Mar 2006 14:45:19 +0200 (CEST)
> Hi, > I noted that you added: > +#define HAVE_LIBCRYPT > + Oups sorry I forgot to remove it. I understood your point but it was just for test purpose -- frederic > In your patch. > The whole idea with adding HAVE_LIBCRYPT is that it will be set by the > configure script if the library is present > Which it isn't on my system so your original patch wouldn't build. > I'm not realy familliar with the makefile magic so I'm not quite sure on > how to do this, the SSL dissector has > #ifdef HAVE_LIBGNUTLS > If that also implies that libcrypt is avalable that could be used insted. > Otherwise something similar to: > # gnu tls > AM_PATH_LIBGNUTLS(1.0.0, > [ > echo "gnuTLS found, enabling ssl decryption" > AC_DEFINE(HAVE_LIBGNUTLS, 1, [Define to use gnutls > library]) > tls_message="yes" > ] > , [ > if test x$libgnutls_config_prefix != x ; then > AC_MSG_ERROR([[gnuTLS not found; install gnuTLS-devel > package for your system]]) > else > echo echo "gnuTLS not found, disabling ssl > decryption" > tls_message="no" > fi > ] > ) > Has to be done in configure.in/config.nmake I think. > > The preferense was changed due to failed compile on Solaris: > http://anonsvn.ethereal.com/viewcvs/viewcvs.py?rev=17748&view=rev > > Wiki: > Just do a page on IPsec on how to use the dissector to start with. > > Best regards > Anders > > -----Original Message----- > From: ethereal-dev-bounces@xxxxxxxxxxxx > [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic Roudaut > Sent: den 28 mars 2006 13:24 > To: Ethereal development > Subject: Re: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload > > Hi, > >> Hi, >> I have checked in your patch with a change: >> #ifdef HAVE_LIBCRYPT >> #define __USE_LIBGCRYPT__ >> #endif >> (Please check if that's correct). >> > > yes it seems to be. Nevertheless I modified the comments in the ESP > preference since it seems to have been truncated ... perhaps because of > your or my editor. > I have also changed hf_esp_pad to hf_esp.pad_len because I used to process > the PDML outpout. (It means that now in the output I also have > "esp.pad_len"). > >> Can you please put the information from the readme file on the wiki >> protocol pages. >> Brg >> Anders > > As a consequence I also modified the README. Where do you want I put the > README in fact. In the InternetProtocolFamily section ? Do I have to do a > new section for Network layer (IPSEC) or something similar ? It seems that > I have to adapt the README to take into account the format you have > defined, right ? > > > Something completely different. As I wrote I used to check the PDML > output. > Thus I noticed that the followings fields are not present in the output : > > - Ripng : MustBeZero > - ICMPv6 Neighbor Sollicitation : Reserved > - ICMPv6 Router Sollicitation : Reserved > - ICMPv6 Destination Unreachable : Unused > - ICMPv6 MTU option : Reserved > - TCP : UrgentPointer > - TCP : ack when ack bit is not set. > > I modified some of them, is there a need for this ? > > > Best Regards, > > Frederic Roudaut > > > > > > > > > > >> >> -----Ursprungligt meddelande----- >> Från: ethereal-dev-bounces@xxxxxxxxxxxx >> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] För Frederic Roudaut >> Skickat: den 25 februari 2006 14:02 >> Till: Ethereal development >> Kopia: Ethereal development >> Ämne: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload >> >> >> Hi >> >> >> I just add a #define __USE_LIBGCRYPT__ that you have to set to be able >> to decrypt ESP payload. Otherwise if not, the original IPSEC dissector >> is compiled. I also notice that on current stable Ethereal versions >> gnutls is not linked. >> Thus you have to install libgcrypt and do: >> >> LDFLAGS=-lgcrypt ./configure && make >> >> For windows you should get: >> >> http://gnunet.org/download/win/libgcrypt-1.2.1.zip >> >> and do something similar. >> >> Best regards >> --- >> Frederic >> >> >>> Paolo, >>> >>> is there a way to compile the dissector with windows. The sourceforge >>> rep >>> (gnutls-win32-msvc.tgz) does not include the winposixtype.h and the >>> gcrypt.h. >>> >>> TIA >>> >>> Thomas >>> >>> >>>> --- Ursprüngliche Nachricht --- >>>> Von: "Filonenko Alexander-AAF013" <AAF013@xxxxxxxxxxxx> >>>> An: "Ethereal development" <ethereal-dev@xxxxxxxxxxxx> >>>> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload >>>> Datum: Fri, 24 Feb 2006 17:42:44 -0500 >>>> >>>> Frederic, >>>> >>>> I find IPsec functionality you have added to the dissector very >>>> useful. >>>> Hope I can provide you with some feedback in a few weeks. >>>> >>>> Thank you, >>>> Alex Filonenko >>>> >>>> > -----Original Message----- >>>> > From: ethereal-dev-bounces@xxxxxxxxxxxx >>>> > [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic >>>> > Roudaut >>>> > Sent: Friday, February 24, 2006 10:01 AM >>>> > To: Ethereal development >>>> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload >>>> > >>>> > >>>> > Hi, >>>> > >>>> > finally, I have updated my dissector using libgcrypt. >>>> > It does not use openssl anymore. >>>> > If gnutls is installed, all should work. >>>> > Thus, now it should decrypt and dissect (transport/tunnel/several >>>> > encapsulations ...) : >>>> > >>>> > - NULL Encryption Algorithm >>>> > - TripleDES-CBC [RFC2451] : keylen 192 bits. >>>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits. >>>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining >>>> > 32 bits will be used as nonce. >>>> > - DES-CBC [RFC2405] : keylen 64 bits >>>> > >>>> > I also have added : >>>> > >>>> > - BLOWFISH-CBC : keylen 128 bits. >>>> > - TWOFISH-CBC : keylen 128/256 bits. >>>> > >>>> > You have to indicate the Authentication algorithm even if all >>>> > Algorithms since it uses 12 bytes in the Auth field should work >>>> > (have a look to the README to understand why I put it >>>> > ;-) ). If you consider I have to throw it away please tell me. >>>> > >>>> > HMAC-SHA1-96 [RFC2404] >>>> > NULL >>>> > AES-XCBC-MAC-96 [RFC3566] >>>> > HMAC-MD5-96 [RFC2403] >>>> > >>>> > In the attachment you will get : >>>> > - this dissector >>>> > - a new README >>>> > - some example capture files with associated preferences files >>>> > (and setkey config files) >>>> > >>>> > >>>> > Best Regards, >>>> > >>>> > >>>> > ---- >>>> > Frederic >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > -- >>>> > Frédéric ROUDAUT >>>> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France >>>> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71 >>>> > >>>> > >>>> _______________________________________________ >>>> Ethereal-dev mailing list >>>> Ethereal-dev@xxxxxxxxxxxx >>>> http://www.ethereal.com/mailman/listinfo/ethereal-dev >>>> >>> >>> -- >>> DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert: >>> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl >>> _______________________________________________ >>> Ethereal-dev mailing list >>> Ethereal-dev@xxxxxxxxxxxx >>> http://www.ethereal.com/mailman/listinfo/ethereal-dev >>> >> >> >> _______________________________________________ >> Ethereal-dev mailing list >> Ethereal-dev@xxxxxxxxxxxx >> http://www.ethereal.com/mailman/listinfo/ethereal-dev >> > _______________________________________________ > Ethereal-dev mailing list > Ethereal-dev@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-dev >
- References:
- RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
- From: Anders Broman (AL/EAB)
- RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
- Prev by Date: RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
- Next by Date: [Ethereal-dev] Re: Access to generalized dissecting
- Previous by thread: RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
- Next by thread: Re: [Ethereal-dev] Updated trivial packet-sip.c [patch] (Out of the office)
- Index(es):
