On Thu, May 22, 2014 at 12:37 AM, Kukosa, Tomas <tomas.kukosa@xxxxxxxxx> wrote:
> Hi Richard,
>
> I do not know how to decide (and where) whether it is request or response as I have never seen SPNEGO.
>
> But the second half of the problem to switch between NegTokenInit and NegTokenInit2 can be solved in following way:
>
> #.FN_BODY NegotiationToken/negTokenInit
> gboolean is_response = FALSE; /* get this information from somewhere */
> if (is_response) {
> return dissect_spnego_NegTokenInit2(%(IMPLICIT_TAG)s, %(TVB)s, %(OFFSET)s, %(ACTX)s, %(TREE)s, %(HF_INDEX)s);
> } else {
> return dissect_spnego_NegTokenInit(%(IMPLICIT_TAG)s, %(TVB)s, %(OFFSET)s, %(ACTX)s, %(TREE)s, %(HF_INDEX)s);
> }
> #.END
Thank you for that hint. Also, I have found the pinfo pointer in the actx.
However, is this an issue?
[rsharpe@localhost spnego]$ make
/usr/bin/python ../../tools/asn2wrs.py \
-b \
-p spnego \
-c ./spnego.cnf \
-s ./packet-spnego-template \
-D . \
-O ../../epan/dissectors \
spnego.asn
ASN.1 to Wireshark dissector compiler
:0: UserWarning: The same type names for different types. Explicit
type renaming is recommended.
T_mechListMIC
T_mechListMIC NegTokenInit/mechListMIC
T_mechListMIC_01 NegTokenTarg/mechListMIC
:0: UserWarning: The same field names for different types. Explicit
field renaming is recommended.
mechListMIC
mechListMIC_01 OCTET_STRING NegTokenInit2/mechListMIC
mechListMIC T_mechListMIC NegTokenInit/mechListMIC
mechListMIC_02 T_mechListMIC_01 NegTokenTarg/mechListMIC
:0: UserWarning: The same field names for different types. Explicit
field renaming is recommended.
mechToken
mechToken_01 OCTET_STRING NegTokenInit2/mechToken
mechToken T_mechToken NegTokenInit/mechToken
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)