Wireshark mailing list archives
Re: How do I call the next dissector ...
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sat, 31 May 2014 14:01:28 -0700
On Thu, May 29, 2014 at 10:24 PM, Richard Sharpe <realrichardsharpe () gmail com> wrote:
Hi folks, to fix the LDAP SASL integrity only stuff, I think I have to do something like the following: --- a/asn1/spnego/packet-spnego-template.c +++ b/asn1/spnego/packet-spnego-template.c @@ -1026,13 +1026,30 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int off if (pinfo->gssapi_data_encrypted) { checksum_size = 44 + ec; + + proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset, + checksum_size, ENC_NA); + offset += checksum_size; + } else { - checksum_size = 12; - } + tvbuff_t *inner_token; + int inner_token_len = 0; + heur_dtbl_entry_t *hdtbl_entry; - proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset, - checksum_size, ENC_NA); - offset += checksum_size; + checksum_size = ec; + + inner_token_len = tvb_reported_length_remaining(tvb, offset) - + ec; + inner_token = tvb_new_subset(tvb, offset, inner_token_len, + tvb_reported_length(tvb)); + + call_some_dissector(inner_token, pinfo, tree, FALSE); + + offset += inner_token_len; + + proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset, + checksum_size, ENC_NA); + } if(pinfo->decrypt_gssapi_tvb){ /* if the caller did not provide a tvb, then we just use So, how do I call the next dissector? The only clue I have so far is that the inner token looks like it is ASN.1 encoded because it starts with 0x3073... Any clues out there?
OK, in looking at the data that is incorrectly dissected, it starts with this: 3073020104636e041064633d It looks like a BER encoded SEQUENCE or SEQUENCE off 0x73 bytes which is 115 bytes, which looks like the payload ... So, it looks like I need to call dissect_ber_SOMETHING ... maybe dissect_ber_sequence_of ... Does that help anyone provide a suggestion? -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How do I call the next dissector ... Richard Sharpe (May 29)
- Re: How do I call the next dissector ... Richard Sharpe (May 31)
- Re: How do I call the next dissector ... Richard Sharpe (May 31)