Enclosed is a patch to packet-rpc.c that corrects the bugs in the
existing RPCSEC_GSS decoding code. This allows proper decoding of the
'integrity' service type by showing the sequence number, RPC data, and
then the checksum. For the 'privacy' service type, it displays the
encrypted data (instead of allowing successive dissectors attempt to
make sense of it).
Mike.
--- packet-rpc.c 2001/07/03 02:05:47 1.64
+++ packet-rpc.c 2001/08/30 15:35:01
@@ -1068,12 +1068,14 @@
proto_tree_add_uint(gtree, hf_rpc_authgss_seq,
tvb, offset+4, 4, seq);
}
+ offset += 8;
+
if (dissect_function != NULL) {
/* offset = */
call_dissect_function(tvb, pinfo, gtree, offset,
dissect_function, progname);
}
- offset += 8 + length;
+ offset += length - 4;
offset = dissect_rpc_data(tvb, pinfo, tree, hf_rpc_authgss_checksum,
offset);
return offset;
@@ -1498,13 +1500,12 @@
proc = tvb_get_ntohl(tvb, offset+12);
/* Check for RPCSEC_GSS */
- if (proc == 0) {
- flavor = tvb_get_ntohl(tvb, offset+16);
- if (flavor == RPCSEC_GSS) {
- gss_proc = tvb_get_ntohl(tvb, offset+28);
- gss_svc = tvb_get_ntohl(tvb, offset+34);
- }
+ flavor = tvb_get_ntohl(tvb, offset+16);
+ if (flavor == RPCSEC_GSS) {
+ gss_proc = tvb_get_ntohl(tvb, offset+28);
+ gss_svc = tvb_get_ntohl(tvb, offset+36);
}
+
key.prog = prog;
key.vers = vers;
key.proc = proc;
@@ -2041,6 +2042,7 @@
&ett_rpc_cred,
&ett_rpc_verf,
&ett_rpc_gids,
+ &ett_rpc_gss_data,
&ett_rpc_array,
};