Wireshark mailing list archives

Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Mon, 26 May 2014 10:00:33 -0700

On Thu, May 22, 2014 at 12:37 AM, Kukosa, Tomas <tomas.kukosa () unify com> wrote:

Hi Richard,

I do not know how to decide (and where) whether it is request or response as I have never seen SPNEGO.

But the second half of the problem to switch between NegTokenInit and NegTokenInit2 can be solved in following way:

#.FN_BODY NegotiationToken/negTokenInit
  gboolean is_response = FALSE;  /* get this information from somewhere */
  if (is_response) {
    return dissect_spnego_NegTokenInit2(%(IMPLICIT_TAG)s, %(TVB)s, %(OFFSET)s, %(ACTX)s, %(TREE)s, %(HF_INDEX)s);
  } else {
    return dissect_spnego_NegTokenInit(%(IMPLICIT_TAG)s, %(TVB)s, %(OFFSET)s, %(ACTX)s, %(TREE)s, %(HF_INDEX)s);
  }
#.END


Thank you for that hint. Also, I have found the pinfo pointer in the actx.

However, is this an issue?

[rsharpe@localhost spnego]$ make
/usr/bin/python ../../tools/asn2wrs.py \
-b \
-p spnego \
-c ./spnego.cnf \
-s ./packet-spnego-template \
-D . \
-O ../../epan/dissectors \
spnego.asn
ASN.1 to Wireshark dissector compiler
:0: UserWarning: The same type names for different types. Explicit
type renaming is recommended.
T_mechListMIC
 T_mechListMIC        NegTokenInit/mechListMIC
 T_mechListMIC_01     NegTokenTarg/mechListMIC

:0: UserWarning: The same field names for different types. Explicit
field renaming is recommended.
mechListMIC
 mechListMIC_01       OCTET_STRING         NegTokenInit2/mechListMIC
 mechListMIC          T_mechListMIC        NegTokenInit/mechListMIC
 mechListMIC_02       T_mechListMIC_01     NegTokenTarg/mechListMIC

:0: UserWarning: The same field names for different types. Explicit
field renaming is recommended.
mechToken
 mechToken_01         OCTET_STRING         NegTokenInit2/mechToken
 mechToken            T_mechToken          NegTokenInit/mechToken

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 16)
- Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 19)
- Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 21)
  - Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Kukosa, Tomas (May 22)
    - Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 26)
    - Re: Fixing the problem where Wireshark misdissects the SPNEGO negTokenInit Richard Sharpe (May 26)