Bug ID |
12567
|
Summary |
Wireshark requires strict format for SPI field of ESP/SA configuration option
|
Product |
Wireshark
|
Version |
Git
|
Hardware |
x86
|
OS |
All
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 14689 [details]
ICMP over ESP packet
Build Information:
Version 2.1.0-git (v2.1.0rc0-3301-gf7cd537 from unknown)
--
Dear Wireshark developers,
Wireshark can't dissect encrypted ESP packet if SPI field of ESP/SA
configuration option uses upper-case hexadecimal value (although upper-case
format is a common one for hex values). Also, it requires leading zeroes for
the value (although SPI is fixed 32bit field). For example, the value
0x000003ea is considered as valid and values 0x3ea and 0x000003EA as invalid.
ESP/ICMP packet is attached. The SA for the packet is following:
Protocol: IPv4
Src IP: 10.0.12.1
Dest IP: 10.0.12.2
SPI: 0x000003ea
Encryption: DES-CBC
Encryption Key: 0x61626364656667ab
Authentication: HMAC-SHA-1-96
Authentication Key: 0x6162636465666768696a30313233343536373839
Many thanks in advance!
Garri
You are receiving this mail because:
- You are watching all bug changes.