Ethereal-dev: RE: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Frederic Roudaut" <frederic.roudaut@xxxxxxxx>
Date: Tue, 28 Mar 2006 14:45:19 +0200 (CEST)
> Hi,
> I noted that you added:
> +#define HAVE_LIBCRYPT
> +

Oups sorry I forgot to remove it. I understood your point but it was just
for test purpose

--
frederic

> In your patch.
>  The whole idea with adding HAVE_LIBCRYPT is that it will be set by the
> configure script if the library is present
> Which it isn't on my system so your original patch wouldn't build.
> I'm not realy familliar with the makefile magic so I'm not quite sure on
> how to do this, the SSL dissector has
> #ifdef HAVE_LIBGNUTLS
> If that also implies that libcrypt is avalable that could be used insted.
> Otherwise something similar to:
> # gnu tls
> AM_PATH_LIBGNUTLS(1.0.0,
>         [
>                 echo "gnuTLS found, enabling ssl decryption"
>                 AC_DEFINE(HAVE_LIBGNUTLS, 1, [Define to use gnutls
> library])
>                 tls_message="yes"
>         ]
>         , [
>                 if test x$libgnutls_config_prefix != x ; then
> 	                AC_MSG_ERROR([[gnuTLS not found; install gnuTLS-devel
> package for your system]])
>                 else
>                         echo echo "gnuTLS not found, disabling ssl
> decryption"
>                         tls_message="no"
>                 fi
>         ]
> )
> Has to be done in configure.in/config.nmake I think.
>
> The preferense was changed due to failed compile on Solaris:
> http://anonsvn.ethereal.com/viewcvs/viewcvs.py?rev=17748&view=rev
>
> Wiki:
> Just do a page on IPsec on how to use the dissector to start with.
>
> Best regards
> Anders
>
> -----Original Message-----
> From: ethereal-dev-bounces@xxxxxxxxxxxx
> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic Roudaut
> Sent: den 28 mars 2006 13:24
> To: Ethereal development
> Subject: Re: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>
> Hi,
>
>> Hi,
>> I have checked in your patch with a change:
>> #ifdef HAVE_LIBCRYPT
>> #define __USE_LIBGCRYPT__
>> #endif
>> (Please check if that's correct).
>>
>
> yes it seems to be. Nevertheless I modified the comments in the ESP
> preference since it seems to have been truncated ... perhaps because of
> your  or my editor.
> I have also changed hf_esp_pad to hf_esp.pad_len because I used to process
> the PDML outpout. (It means that now in the output I also have
> "esp.pad_len").
>
>> Can you please put the information from the readme file on the wiki
>> protocol pages.
>> Brg
>> Anders
>
> As a consequence I also modified the README. Where do you want I put the
> README in fact. In the InternetProtocolFamily section ? Do I have to do a
> new section for Network layer (IPSEC) or something similar ? It seems that
> I have to adapt the README to take into account the format you have
> defined, right ?
>
>
> Something completely different. As I wrote I used to check the PDML
> output.
> Thus I noticed that the followings fields are not present in the output :
>
> - Ripng : MustBeZero
> - ICMPv6 Neighbor Sollicitation : Reserved
> - ICMPv6 Router Sollicitation : Reserved
> - ICMPv6 Destination Unreachable : Unused
> - ICMPv6 MTU option : Reserved
> - TCP : UrgentPointer
> - TCP : ack when ack bit is not set.
>
> I modified some of them, is there a need for this ?
>
>
> Best Regards,
>
> Frederic Roudaut
>
>
>
>
>
>
>
>
>
>
>>
>> -----Ursprungligt meddelande-----
>> Fr�n: ethereal-dev-bounces@xxxxxxxxxxxx
>> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] F�r Frederic Roudaut
>> Skickat: den 25 februari 2006 14:02
>> Till: Ethereal development
>> Kopia: Ethereal development
>> �mne: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>
>>
>> Hi
>>
>>
>> I just add a #define __USE_LIBGCRYPT__ that you have to set to be able
>> to decrypt ESP payload. Otherwise if not, the original IPSEC dissector
>> is compiled. I also notice that on current stable Ethereal versions
>> gnutls is not linked.
>> Thus you have to install libgcrypt and do:
>>
>> LDFLAGS=-lgcrypt ./configure && make
>>
>> For windows you should get:
>>
>> http://gnunet.org/download/win/libgcrypt-1.2.1.zip
>>
>> and do something similar.
>>
>> Best regards
>> ---
>> Frederic
>>
>>
>>> Paolo,
>>>
>>> is there a way to compile the dissector with windows. The sourceforge
>>> rep
>>> (gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
>>> gcrypt.h.
>>>
>>> TIA
>>>
>>> Thomas
>>>
>>>
>>>> --- Urspr�ngliche Nachricht ---
>>>> Von: "Filonenko Alexander-AAF013" <AAF013@xxxxxxxxxxxx>
>>>> An: "Ethereal development" <ethereal-dev@xxxxxxxxxxxx>
>>>> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>>> Datum: Fri, 24 Feb 2006 17:42:44 -0500
>>>>
>>>> Frederic,
>>>>
>>>> I find IPsec functionality you have added to the dissector very
>>>> useful.
>>>> Hope I can provide you with some feedback in a few weeks.
>>>>
>>>> Thank you,
>>>> Alex Filonenko
>>>>
>>>> > -----Original Message-----
>>>> > From: ethereal-dev-bounces@xxxxxxxxxxxx
>>>> > [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic
>>>> > Roudaut
>>>> > Sent: Friday, February 24, 2006 10:01 AM
>>>> > To: Ethereal development
>>>> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>>> >
>>>> >
>>>> > Hi,
>>>> >
>>>> > finally, I have updated my dissector using libgcrypt.
>>>> > It does not use openssl anymore.
>>>> > If gnutls is installed, all should work.
>>>> > Thus, now it should decrypt and dissect (transport/tunnel/several
>>>> > encapsulations ...) :
>>>> >
>>>> > - NULL Encryption Algorithm
>>>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>>>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
>>>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>>>> > 32 bits will be used as nonce.
>>>> > - DES-CBC [RFC2405] : keylen 64 bits
>>>> >
>>>> > I also have added :
>>>> >
>>>> > - BLOWFISH-CBC : keylen 128 bits.
>>>> > - TWOFISH-CBC : keylen 128/256 bits.
>>>> >
>>>> > You have to indicate the Authentication algorithm even if all
>>>> > Algorithms since it uses 12 bytes in the Auth field should work
>>>> > (have a look to the README to understand why I put it
>>>> > ;-) ). If you consider I have to throw it away please tell me.
>>>> >
>>>> > HMAC-SHA1-96 [RFC2404]
>>>> > NULL
>>>> > AES-XCBC-MAC-96 [RFC3566]
>>>> > HMAC-MD5-96 [RFC2403]
>>>> >
>>>> > In the attachment you will get :
>>>> > - this dissector
>>>> > - a new README
>>>> > - some example capture files with associated preferences files
>>>> > (and setkey config files)
>>>> >
>>>> >
>>>> > Best Regards,
>>>> >
>>>> >
>>>> > ----
>>>> > Frederic
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Fr�d�ric ROUDAUT
>>>> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
>>>> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>>>> >
>>>> >
>>>> _______________________________________________
>>>> Ethereal-dev mailing list
>>>> Ethereal-dev@xxxxxxxxxxxx
>>>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>>>
>>>
>>> --
>>> DSL-Aktion wegen gro�er Nachfrage bis 28.2.2006 verl�ngert:
>>> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
>>> _______________________________________________
>>> Ethereal-dev mailing list
>>> Ethereal-dev@xxxxxxxxxxxx
>>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>>
>>
>>
>> _______________________________________________
>> Ethereal-dev mailing list
>> Ethereal-dev@xxxxxxxxxxxx
>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>