Mailing List Archive

Hi all,


Because I received no comment about my dissector, I ask again ;-).
Is there any need for my update ? Does anyone plan to use it ?

Best regards

----
Frederic








Frederic roudaut a écrit :
>
>
>
> Hi everyone,
>
> I adapted the IPSEC dissector in order to decrypt ESP payload based on
> known SAs.It uses the few algorithms described in RFC 4305.
> It also uses libopenssl.
>
> If you prefer a patch please ask me. Otherwise, the file is the following :
> - packet-ipsec.c
>
> (It is still possible to decrypt ESP payloads with the assumption that
> it is null encrypted and the Authenticator field is 12 bytes as in the
> original dissector).
>
> I wrote a little doc in :
> - README_DISSECTOR_IPSEC (have a look to install the dissector)
>
> And I put exemple files :
>
> - A capture file : capture.pcap
>
> - Some preferences files with the configurations for v4 and V6
> - preferences_v4
> - preferences_v6
>
> - The sad has been run using : ipsec.conf (config file for setkey)
> I have not tested it for AES-CTR. So if you can, please send me a
> report on it.
>
> - If you want to get another capture file. You may use both following
> scripts on Linux:
> - neigh.sh : for establishing neighborhood
> - ping_v6_v4.sh : in order to send ping v4 and v6
>
>
> I hope it will be helpfull for some of you.
>
>
> Best regards,
>
>
--
Frédéric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71



--
Frédéric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71

On Wed, Feb 22, 2006 at 05:03:38PM +0100, Frederic Roudaut wrote:
>
> Because I received no comment about my dissector, I ask again ;-).
> Is there any need for my update ? Does anyone plan to use it ?

I quickly browsed through the readme and was not sure where the
dissector would get the PSK or the private key for the SA from. It
would be very useful to be able to look 'inside' an IPsec tunnel
so if there is a mechanism to select a PSK / private key and then
be able to decrypt the IPSEC traffic I do think I will use it
some times.

I do believe it's necessary to capture from the setup of the
SA's to be able to do so, which might limit it's usefullness
in the real world (unless you're able to restart the tunnel
of course).

Still, I personally would definately like this functionality
to be available in the official releases :)


Cheers, Sake

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Would it be possible to link against GNU TLS instead? We can't ship
Ethereal linked against OpenSSL on many (most?) systems.

Frederic Roudaut wrote:
>
>
>
> Hi all,
>
>
> Because I received no comment about my dissector, I ask again ;-).
> Is there any need for my update ? Does anyone plan to use it ?
>
> Best regards
>
> ----
> Frederic
>
>
>
>
>
>
>
>
> Frederic roudaut a écrit :
>
>>
>>
>>
>> Hi everyone,
>>
>> I adapted the IPSEC dissector in order to decrypt ESP payload based on
>> known SAs.It uses the few algorithms described in RFC 4305.
>> It also uses libopenssl.
>>
>> If you prefer a patch please ask me. Otherwise, the file is the
>> following :
>> - packet-ipsec.c
>>
>> (It is still possible to decrypt ESP payloads with the assumption that
>> it is null encrypted and the Authenticator field is 12 bytes as in the
>> original dissector).
>>
>> I wrote a little doc in :
>> - README_DISSECTOR_IPSEC (have a look to install the dissector)
>>
>> And I put exemple files :
>>
>> - A capture file : capture.pcap
>>
>> - Some preferences files with the configurations for v4 and V6
>> - preferences_v4
>> - preferences_v6
>>
>> - The sad has been run using : ipsec.conf (config file for setkey)
>> I have not tested it for AES-CTR. So if you can, please send me a
>> report on it.
>>
>> - If you want to get another capture file. You may use both following
>> scripts on Linux:
>> - neigh.sh : for establishing neighborhood
>> - ping_v6_v4.sh : in order to send ping v4 and v6
>>
>>
>> I hope it will be helpfull for some of you.
>>
>>
>> Best regards,
>>
>>
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>Ethereal-dev mailing list
>>Ethereal-dev@ethereal.com
>>http://www.ethereal.com/mailman/listinfo/ethereal-dev

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Hi,

I am not really sure about what you said but here is my answer ;-).
First of all I have added some field in the ESP Preferences to describe
the SAs, the Keys, the Encryption algorithms and the Authentication
algorithms (perhaps for future use for checking authentication... Whatever
if you use the NULL authentication the alignment is different so you have
to precise it).
I understood that you are talking about decryption of ESP in tunnel mode.

Here is one of the more complexe tology I tried (if you have encapsulated
ESP in encapsulated ESP in ... it should work the same).
It is in v4 and I joigned the dump file with the preference file you have
to put in ~/.ethereal

N1 R1 N2
[192.168.0.3] -------[192.168.0.2][10.0.0.1]--------[10.0.0.2]

default route for 192.168.0.3 is 192.168.0.2
There is not default route on 10.0.0.2.
it means that I will received destination unreachable ... Great ;-)

In this case I have the following policies:

########## For 192.168.0.2 (R1)
spdadd 192.168.0.3 10.0.0.2 any -P out ipsec
esp/tunnel/10.0.0.1-10.0.0.2/use;
add 10.0.0.1 10.0.0.2 esp 10
-m tunnel
-E aes-cbc "aescbcencryption"
-A hmac-sha1 "hmacsha1authenticati";

########## For 192.168.0.3 (N1)
spdadd 192.168.0.3 10.0.0.2 any -P out ipsec esp/transport//require;
add 192.168.0.3 10.0.0.2 esp 15
-E des-cbc "descbte"
-A hmac-sha1 "hmacsha1authenticati";

It means that packets coming from N1 to 10.0.0.3 will be encrypted with
des-cbc and tunneled with ESP encryption aes-cbc to N2.
If I have a look into R1, I have these two SAs to decrypt the entire packet.
I will have something like

[IP1][ESP1][ENCRYPTION1]

with [ENCRYPTION1]=[IP2][ESP2][ENCRYPTION2]
and [ENCRYPTION2]=ICMP

IP1 is ip layer from R1 to N2
ENCRYPTION2 is aes-cbc
IP2 is ip layer from N1 to 10.0.0.3
ENCRYPTION2 is des-cbc

thus you have enough information to describe the whole packet.
if you use the preference File in attachment it will do this.
You only have two SAs :

SA #1: IPV4|10.0.0.1|10.0.0.2|*
Encrypt 1 : AES-CBC
Auth 1 : HMAC-SHA1
Encrypt Key 1 : aescbcencryption

SA #2: IPV4|192.168.0.3|10.0.0.2|*
Encrypt 2 : DES-CBC
Auth 2 : HMAC-SHA1
Encrypt Key 2 : descbcte


And as a consequence the Destination Unreachable will also be decrypted,
because SAs are the same.


I hope it was the question,

Best regards,

---
Frederic















> On Wed, Feb 22, 2006 at 05:03:38PM +0100, Frederic Roudaut wrote:
>>
>> Because I received no comment about my dissector, I ask again ;-).
>> Is there any need for my update ? Does anyone plan to use it ?
>
> I quickly browsed through the readme and was not sure where the
> dissector would get the PSK or the private key for the SA from. It
> would be very useful to be able to look 'inside' an IPsec tunnel
> so if there is a mechanism to select a PSK / private key and then
> be able to decrypt the IPSEC traffic I do think I will use it
> some times.
>
> I do believe it's necessary to capture from the setup of the
> SA's to be able to do so, which might limit it's usefullness
> in the real world (unless you're able to restart the tunnel
> of course).
>
> Still, I personally would definately like this functionality
> to be available in the official releases :)
>
>
> Cheers, Sake
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Hi,


thanks a lot for your answer.
I do not know a lot about GNU TLS but I believe that we could have problem
to get Encryption Algorithms. As far as I understood, it uses libgcrypt,
but only a part of it. Would not be better to directly use libgcrypt ?

I could try to adapat it in this way.

Best regards,

--
Frederic


> Would it be possible to link against GNU TLS instead? We can't ship
> Ethereal linked against OpenSSL on many (most?) systems.
>
> Frederic Roudaut wrote:
>>
>>
>>
>> Hi all,
>>
>>
>> Because I received no comment about my dissector, I ask again ;-).
>> Is there any need for my update ? Does anyone plan to use it ?
>>
>> Best regards
>>
>> ----
>> Frederic
>>
>>
>>
>>
>>
>>
>>
>>
>> Frederic roudaut a écrit :
>>
>>>
>>>
>>>
>>> Hi everyone,
>>>
>>> I adapted the IPSEC dissector in order to decrypt ESP payload based on
>>> known SAs.It uses the few algorithms described in RFC 4305.
>>> It also uses libopenssl.
>>>
>>> If you prefer a patch please ask me. Otherwise, the file is the
>>> following :
>>> - packet-ipsec.c
>>>
>>> (It is still possible to decrypt ESP payloads with the assumption that
>>> it is null encrypted and the Authenticator field is 12 bytes as in the
>>> original dissector).
>>>
>>> I wrote a little doc in :
>>> - README_DISSECTOR_IPSEC (have a look to install the dissector)
>>>
>>> And I put exemple files :
>>>
>>> - A capture file : capture.pcap
>>>
>>> - Some preferences files with the configurations for v4 and V6
>>> - preferences_v4
>>> - preferences_v6
>>>
>>> - The sad has been run using : ipsec.conf (config file for setkey)
>>> I have not tested it for AES-CTR. So if you can, please send me a
>>> report on it.
>>>
>>> - If you want to get another capture file. You may use both following
>>> scripts on Linux:
>>> - neigh.sh : for establishing neighborhood
>>> - ping_v6_v4.sh : in order to send ping v4 and v6
>>>
>>>
>>> I hope it will be helpfull for some of you.
>>>
>>>
>>> Best regards,
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>_______________________________________________
>>>Ethereal-dev mailing list
>>>Ethereal-dev@ethereal.com
>>>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>


_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Hi,

finally, I have updated my dissector using libgcrypt.
It does not use openssl anymore.
If gnutls is installed, all should work.
Thus, now it should decrypt and dissect (transport/tunnel/several
encapsulations ...) :

- NULL Encryption Algorithm
- TripleDES-CBC [RFC2451] : keylen 192 bits.
- AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
- AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining 32 bits
will be used as nonce.
- DES-CBC [RFC2405] : keylen 64 bits

I also have added :

- BLOWFISH-CBC : keylen 128 bits.
- TWOFISH-CBC : keylen 128/256 bits.

You have to indicate the Authentication algorithm even if all Algorithms
since it uses 12 bytes in the Auth field should work (have a look to the
README to understand why I put it ;-) ). If you consider I have to throw
it away please tell me.

HMAC-SHA1-96 [RFC2404]
NULL
AES-XCBC-MAC-96 [RFC3566]
HMAC-MD5-96 [RFC2403]

In the attachment you will get :
- this dissector
- a new README
- some example capture files with associated preferences files (and
setkey config files)


Best Regards,


----
Frederic






--
Frédéric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71

Frederic,

I find IPsec functionality you have added to the dissector very useful.
Hope I can provide you with some feedback in a few weeks.

Thank you,
Alex Filonenko

> -----Original Message-----
> From: ethereal-dev-bounces@ethereal.com
> [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of
> Frederic Roudaut
> Sent: Friday, February 24, 2006 10:01 AM
> To: Ethereal development
> Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>
>
> Hi,
>
> finally, I have updated my dissector using libgcrypt.
> It does not use openssl anymore.
> If gnutls is installed, all should work.
> Thus, now it should decrypt and dissect
> (transport/tunnel/several encapsulations ...) :
>
> - NULL Encryption Algorithm
> - TripleDES-CBC [RFC2451] : keylen 192 bits.
> - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
> - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
> 32 bits will be used as nonce.
> - DES-CBC [RFC2405] : keylen 64 bits
>
> I also have added :
>
> - BLOWFISH-CBC : keylen 128 bits.
> - TWOFISH-CBC : keylen 128/256 bits.
>
> You have to indicate the Authentication algorithm even if all
> Algorithms since it uses 12 bytes in the Auth field should
> work (have a look to the README to understand why I put it
> ;-) ). If you consider I have to throw it away please tell me.
>
> HMAC-SHA1-96 [RFC2404]
> NULL
> AES-XCBC-MAC-96 [RFC3566]
> HMAC-MD5-96 [RFC2403]
>
> In the attachment you will get :
> - this dissector
> - a new README
> - some example capture files with associated preferences
> files (and setkey config files)
>
>
> Best Regards,
>
>
> ----
> Frederic
>
>
>
>
>
>
> --
> Frédéric ROUDAUT
> IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
> Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>
>
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Paolo,

is there a way to compile the dissector with windows. The sourceforge rep
(gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
gcrypt.h.

TIA

Thomas


> --- Ursprüngliche Nachricht ---
> Von: "Filonenko Alexander-AAF013" <AAF013@motorola.com>
> An: "Ethereal development" <ethereal-dev@ethereal.com>
> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
> Datum: Fri, 24 Feb 2006 17:42:44 -0500
>
> Frederic,
>
> I find IPsec functionality you have added to the dissector very useful.
> Hope I can provide you with some feedback in a few weeks.
>
> Thank you,
> Alex Filonenko
>
> > -----Original Message-----
> > From: ethereal-dev-bounces@ethereal.com
> > [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of
> > Frederic Roudaut
> > Sent: Friday, February 24, 2006 10:01 AM
> > To: Ethereal development
> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
> >
> >
> > Hi,
> >
> > finally, I have updated my dissector using libgcrypt.
> > It does not use openssl anymore.
> > If gnutls is installed, all should work.
> > Thus, now it should decrypt and dissect
> > (transport/tunnel/several encapsulations ...) :
> >
> > - NULL Encryption Algorithm
> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
> > 32 bits will be used as nonce.
> > - DES-CBC [RFC2405] : keylen 64 bits
> >
> > I also have added :
> >
> > - BLOWFISH-CBC : keylen 128 bits.
> > - TWOFISH-CBC : keylen 128/256 bits.
> >
> > You have to indicate the Authentication algorithm even if all
> > Algorithms since it uses 12 bytes in the Auth field should
> > work (have a look to the README to understand why I put it
> > ;-) ). If you consider I have to throw it away please tell me.
> >
> > HMAC-SHA1-96 [RFC2404]
> > NULL
> > AES-XCBC-MAC-96 [RFC3566]
> > HMAC-MD5-96 [RFC2403]
> >
> > In the attachment you will get :
> > - this dissector
> > - a new README
> > - some example capture files with associated preferences
> > files (and setkey config files)
> >
> >
> > Best Regards,
> >
> >
> > ----
> > Frederic
> >
> >
> >
> >
> >
> >
> > --
> > Frédéric ROUDAUT
> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
> >
> >
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

--
DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Hi


I just add a #define __USE_LIBGCRYPT__ that you have to set to be able to
decrypt ESP payload. Otherwise if not, the original IPSEC dissector is
compiled. I also notice that on current stable Ethereal versions gnutls is
not linked.
Thus you have to install libgcrypt and do:

LDFLAGS=-lgcrypt ./configure && make

For windows you should get:

http://gnunet.org/download/win/libgcrypt-1.2.1.zip

and do something similar.

Best regards
---
Frederic


> Paolo,
>
> is there a way to compile the dissector with windows. The sourceforge rep
> (gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
> gcrypt.h.
>
> TIA
>
> Thomas
>
>
>> --- Ursprüngliche Nachricht ---
>> Von: "Filonenko Alexander-AAF013" <AAF013@motorola.com>
>> An: "Ethereal development" <ethereal-dev@ethereal.com>
>> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>> Datum: Fri, 24 Feb 2006 17:42:44 -0500
>>
>> Frederic,
>>
>> I find IPsec functionality you have added to the dissector very useful.
>> Hope I can provide you with some feedback in a few weeks.
>>
>> Thank you,
>> Alex Filonenko
>>
>> > -----Original Message-----
>> > From: ethereal-dev-bounces@ethereal.com
>> > [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of
>> > Frederic Roudaut
>> > Sent: Friday, February 24, 2006 10:01 AM
>> > To: Ethereal development
>> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>> >
>> >
>> > Hi,
>> >
>> > finally, I have updated my dissector using libgcrypt.
>> > It does not use openssl anymore.
>> > If gnutls is installed, all should work.
>> > Thus, now it should decrypt and dissect
>> > (transport/tunnel/several encapsulations ...) :
>> >
>> > - NULL Encryption Algorithm
>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>> > 32 bits will be used as nonce.
>> > - DES-CBC [RFC2405] : keylen 64 bits
>> >
>> > I also have added :
>> >
>> > - BLOWFISH-CBC : keylen 128 bits.
>> > - TWOFISH-CBC : keylen 128/256 bits.
>> >
>> > You have to indicate the Authentication algorithm even if all
>> > Algorithms since it uses 12 bytes in the Auth field should
>> > work (have a look to the README to understand why I put it
>> > ;-) ). If you consider I have to throw it away please tell me.
>> >
>> > HMAC-SHA1-96 [RFC2404]
>> > NULL
>> > AES-XCBC-MAC-96 [RFC3566]
>> > HMAC-MD5-96 [RFC2403]
>> >
>> > In the attachment you will get :
>> > - this dissector
>> > - a new README
>> > - some example capture files with associated preferences
>> > files (and setkey config files)
>> >
>> >
>> > Best Regards,
>> >
>> >
>> > ----
>> > Frederic
>> >
>> >
>> >
>> >
>> >
>> >
>> > --
>> > Frédéric ROUDAUT
>> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
>> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>> >
>> >
>> _______________________________________________
>> Ethereal-dev mailing list
>> Ethereal-dev@ethereal.com
>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
>
> --
> DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Hi,
I have checked in your patch with a change:
#ifdef HAVE_LIBCRYPT
#define __USE_LIBGCRYPT__
#endif
(Please check if that's correct).

Can you please put the information from the readme file on the wiki protocol
pages.
Brg
Anders

-----Ursprungligt meddelande-----
Från: ethereal-dev-bounces@ethereal.com
[mailto:ethereal-dev-bounces@ethereal.com] För Frederic Roudaut
Skickat: den 25 februari 2006 14:02
Till: Ethereal development
Kopia: Ethereal development
Ämne: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload


Hi


I just add a #define __USE_LIBGCRYPT__ that you have to set to be able to
decrypt ESP payload. Otherwise if not, the original IPSEC dissector is
compiled. I also notice that on current stable Ethereal versions gnutls is
not linked.
Thus you have to install libgcrypt and do:

LDFLAGS=-lgcrypt ./configure && make

For windows you should get:

http://gnunet.org/download/win/libgcrypt-1.2.1.zip

and do something similar.

Best regards
---
Frederic


> Paolo,
>
> is there a way to compile the dissector with windows. The sourceforge rep
> (gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
> gcrypt.h.
>
> TIA
>
> Thomas
>
>
>> --- Ursprüngliche Nachricht ---
>> Von: "Filonenko Alexander-AAF013" <AAF013@motorola.com>
>> An: "Ethereal development" <ethereal-dev@ethereal.com>
>> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>> Datum: Fri, 24 Feb 2006 17:42:44 -0500
>>
>> Frederic,
>>
>> I find IPsec functionality you have added to the dissector very useful.
>> Hope I can provide you with some feedback in a few weeks.
>>
>> Thank you,
>> Alex Filonenko
>>
>> > -----Original Message-----
>> > From: ethereal-dev-bounces@ethereal.com
>> > [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of
>> > Frederic Roudaut
>> > Sent: Friday, February 24, 2006 10:01 AM
>> > To: Ethereal development
>> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>> >
>> >
>> > Hi,
>> >
>> > finally, I have updated my dissector using libgcrypt.
>> > It does not use openssl anymore.
>> > If gnutls is installed, all should work.
>> > Thus, now it should decrypt and dissect
>> > (transport/tunnel/several encapsulations ...) :
>> >
>> > - NULL Encryption Algorithm
>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>> > 32 bits will be used as nonce.
>> > - DES-CBC [RFC2405] : keylen 64 bits
>> >
>> > I also have added :
>> >
>> > - BLOWFISH-CBC : keylen 128 bits.
>> > - TWOFISH-CBC : keylen 128/256 bits.
>> >
>> > You have to indicate the Authentication algorithm even if all
>> > Algorithms since it uses 12 bytes in the Auth field should
>> > work (have a look to the README to understand why I put it
>> > ;-) ). If you consider I have to throw it away please tell me.
>> >
>> > HMAC-SHA1-96 [RFC2404]
>> > NULL
>> > AES-XCBC-MAC-96 [RFC3566]
>> > HMAC-MD5-96 [RFC2403]
>> >
>> > In the attachment you will get :
>> > - this dissector
>> > - a new README
>> > - some example capture files with associated preferences
>> > files (and setkey config files)
>> >
>> >
>> > Best Regards,
>> >
>> >
>> > ----
>> > Frederic
>> >
>> >
>> >
>> >
>> >
>> >
>> > --
>> > Frédéric ROUDAUT
>> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
>> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>> >
>> >
>> _______________________________________________
>> Ethereal-dev mailing list
>> Ethereal-dev@ethereal.com
>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
>
> --
> DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>


_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Hi,

> Hi,
> I have checked in your patch with a change:
> #ifdef HAVE_LIBCRYPT
> #define __USE_LIBGCRYPT__
> #endif
> (Please check if that's correct).
>

yes it seems to be. Nevertheless I modified the comments in the ESP
preference since it seems to have been truncated ... perhaps because of
your or my editor.
I have also changed hf_esp_pad to hf_esp.pad_len because I used to process
the PDML outpout. (It means that now in the output I also have
"esp.pad_len").

> Can you please put the information from the readme file on the wiki
> protocol
> pages.
> Brg
> Anders

As a consequence I also modified the README. Where do you want I put the
README in fact. In the InternetProtocolFamily section ? Do I have to do a
new section for Network layer (IPSEC) or something similar ? It seems that
I have to adapt the README to take into account the format you have
defined, right ?


Something completely different. As I wrote I used to check the PDML output.
Thus I noticed that the followings fields are not present in the output :

- Ripng : MustBeZero
- ICMPv6 Neighbor Sollicitation : Reserved
- ICMPv6 Router Sollicitation : Reserved
- ICMPv6 Destination Unreachable : Unused
- ICMPv6 MTU option : Reserved
- TCP : UrgentPointer
- TCP : ack when ack bit is not set.

I modified some of them, is there a need for this ?


Best Regards,

Frederic Roudaut










>
> -----Ursprungligt meddelande-----
> Från: ethereal-dev-bounces@ethereal.com
> [mailto:ethereal-dev-bounces@ethereal.com] För Frederic Roudaut
> Skickat: den 25 februari 2006 14:02
> Till: Ethereal development
> Kopia: Ethereal development
> Ämne: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>
>
> Hi
>
>
> I just add a #define __USE_LIBGCRYPT__ that you have to set to be able to
> decrypt ESP payload. Otherwise if not, the original IPSEC dissector is
> compiled. I also notice that on current stable Ethereal versions gnutls is
> not linked.
> Thus you have to install libgcrypt and do:
>
> LDFLAGS=-lgcrypt ./configure && make
>
> For windows you should get:
>
> http://gnunet.org/download/win/libgcrypt-1.2.1.zip
>
> and do something similar.
>
> Best regards
> ---
> Frederic
>
>
>> Paolo,
>>
>> is there a way to compile the dissector with windows. The sourceforge
>> rep
>> (gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
>> gcrypt.h.
>>
>> TIA
>>
>> Thomas
>>
>>
>>> --- Ursprüngliche Nachricht ---
>>> Von: "Filonenko Alexander-AAF013" <AAF013@motorola.com>
>>> An: "Ethereal development" <ethereal-dev@ethereal.com>
>>> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>> Datum: Fri, 24 Feb 2006 17:42:44 -0500
>>>
>>> Frederic,
>>>
>>> I find IPsec functionality you have added to the dissector very useful.
>>> Hope I can provide you with some feedback in a few weeks.
>>>
>>> Thank you,
>>> Alex Filonenko
>>>
>>> > -----Original Message-----
>>> > From: ethereal-dev-bounces@ethereal.com
>>> > [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of
>>> > Frederic Roudaut
>>> > Sent: Friday, February 24, 2006 10:01 AM
>>> > To: Ethereal development
>>> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>> >
>>> >
>>> > Hi,
>>> >
>>> > finally, I have updated my dissector using libgcrypt.
>>> > It does not use openssl anymore.
>>> > If gnutls is installed, all should work.
>>> > Thus, now it should decrypt and dissect
>>> > (transport/tunnel/several encapsulations ...) :
>>> >
>>> > - NULL Encryption Algorithm
>>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
>>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>>> > 32 bits will be used as nonce.
>>> > - DES-CBC [RFC2405] : keylen 64 bits
>>> >
>>> > I also have added :
>>> >
>>> > - BLOWFISH-CBC : keylen 128 bits.
>>> > - TWOFISH-CBC : keylen 128/256 bits.
>>> >
>>> > You have to indicate the Authentication algorithm even if all
>>> > Algorithms since it uses 12 bytes in the Auth field should
>>> > work (have a look to the README to understand why I put it
>>> > ;-) ). If you consider I have to throw it away please tell me.
>>> >
>>> > HMAC-SHA1-96 [RFC2404]
>>> > NULL
>>> > AES-XCBC-MAC-96 [RFC3566]
>>> > HMAC-MD5-96 [RFC2403]
>>> >
>>> > In the attachment you will get :
>>> > - this dissector
>>> > - a new README
>>> > - some example capture files with associated preferences
>>> > files (and setkey config files)
>>> >
>>> >
>>> > Best Regards,
>>> >
>>> >
>>> > ----
>>> > Frederic
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Frédéric ROUDAUT
>>> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
>>> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>>> >
>>> >
>>> _______________________________________________
>>> Ethereal-dev mailing list
>>> Ethereal-dev@ethereal.com
>>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>>
>>
>> --
>> DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
>> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
>> _______________________________________________
>> Ethereal-dev mailing list
>> Ethereal-dev@ethereal.com
>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Hi,
I noted that you added:
+#define HAVE_LIBCRYPT
+
In your patch.
The whole idea with adding HAVE_LIBCRYPT is that it will be set by the configure script if the library is present
Which it isn't on my system so your original patch wouldn't build.
I'm not realy familliar with the makefile magic so I'm not quite sure on how to do this, the SSL dissector has
#ifdef HAVE_LIBGNUTLS
If that also implies that libcrypt is avalable that could be used insted.
Otherwise something similar to:
# gnu tls
AM_PATH_LIBGNUTLS(1.0.0,
[
echo "gnuTLS found, enabling ssl decryption"
AC_DEFINE(HAVE_LIBGNUTLS, 1, [Define to use gnutls library])
tls_message="yes"
]
, [.
if test x$libgnutls_config_prefix != x ; then
AC_MSG_ERROR([[gnuTLS not found; install gnuTLS-devel package for your system]])
else
echo echo "gnuTLS not found, disabling ssl decryption"
tls_message="no"
fi
]
)
Has to be done in configure.in/config.nmake I think.

The preferense was changed due to failed compile on Solaris:
http://anonsvn.ethereal.com/viewcvs/viewcvs.py?rev=17748&view=rev

Wiki:
Just do a page on IPsec on how to use the dissector to start with.

Best regards
Anders

-----Original Message-----
From: ethereal-dev-bounces@ethereal.com [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of Frederic Roudaut
Sent: den 28 mars 2006 13:24
To: Ethereal development
Subject: Re: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload

Hi,

> Hi,
> I have checked in your patch with a change:
> #ifdef HAVE_LIBCRYPT
> #define __USE_LIBGCRYPT__
> #endif
> (Please check if that's correct).
>

yes it seems to be. Nevertheless I modified the comments in the ESP preference since it seems to have been truncated ... perhaps because of your or my editor.
I have also changed hf_esp_pad to hf_esp.pad_len because I used to process the PDML outpout. (It means that now in the output I also have "esp.pad_len").

> Can you please put the information from the readme file on the wiki
> protocol pages.
> Brg
> Anders

As a consequence I also modified the README. Where do you want I put the README in fact. In the InternetProtocolFamily section ? Do I have to do a new section for Network layer (IPSEC) or something similar ? It seems that I have to adapt the README to take into account the format you have defined, right ?


Something completely different. As I wrote I used to check the PDML output.
Thus I noticed that the followings fields are not present in the output :

- Ripng : MustBeZero
- ICMPv6 Neighbor Sollicitation : Reserved
- ICMPv6 Router Sollicitation : Reserved
- ICMPv6 Destination Unreachable : Unused
- ICMPv6 MTU option : Reserved
- TCP : UrgentPointer
- TCP : ack when ack bit is not set.

I modified some of them, is there a need for this ?


Best Regards,

Frederic Roudaut










>
> -----Ursprungligt meddelande-----
> Från: ethereal-dev-bounces@ethereal.com
> [mailto:ethereal-dev-bounces@ethereal.com] För Frederic Roudaut
> Skickat: den 25 februari 2006 14:02
> Till: Ethereal development
> Kopia: Ethereal development
> Ämne: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>
>
> Hi
>
>
> I just add a #define __USE_LIBGCRYPT__ that you have to set to be able
> to decrypt ESP payload. Otherwise if not, the original IPSEC dissector
> is compiled. I also notice that on current stable Ethereal versions
> gnutls is not linked.
> Thus you have to install libgcrypt and do:
>
> LDFLAGS=-lgcrypt ./configure && make
>
> For windows you should get:
>
> http://gnunet.org/download/win/libgcrypt-1.2.1.zip
>
> and do something similar.
>
> Best regards
> ---
> Frederic
>
>
>> Paolo,
>>
>> is there a way to compile the dissector with windows. The sourceforge
>> rep
>> (gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
>> gcrypt.h.
>>
>> TIA
>>
>> Thomas
>>
>>
>>> --- Ursprüngliche Nachricht ---
>>> Von: "Filonenko Alexander-AAF013" <AAF013@motorola.com>
>>> An: "Ethereal development" <ethereal-dev@ethereal.com>
>>> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>> Datum: Fri, 24 Feb 2006 17:42:44 -0500
>>>
>>> Frederic,
>>>
>>> I find IPsec functionality you have added to the dissector very useful.
>>> Hope I can provide you with some feedback in a few weeks.
>>>
>>> Thank you,
>>> Alex Filonenko
>>>
>>> > -----Original Message-----
>>> > From: ethereal-dev-bounces@ethereal.com
>>> > [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of Frederic
>>> > Roudaut
>>> > Sent: Friday, February 24, 2006 10:01 AM
>>> > To: Ethereal development
>>> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>> >
>>> >
>>> > Hi,
>>> >
>>> > finally, I have updated my dissector using libgcrypt.
>>> > It does not use openssl anymore.
>>> > If gnutls is installed, all should work.
>>> > Thus, now it should decrypt and dissect (transport/tunnel/several
>>> > encapsulations ...) :
>>> >
>>> > - NULL Encryption Algorithm
>>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
>>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>>> > 32 bits will be used as nonce.
>>> > - DES-CBC [RFC2405] : keylen 64 bits
>>> >
>>> > I also have added :
>>> >
>>> > - BLOWFISH-CBC : keylen 128 bits.
>>> > - TWOFISH-CBC : keylen 128/256 bits.
>>> >
>>> > You have to indicate the Authentication algorithm even if all
>>> > Algorithms since it uses 12 bytes in the Auth field should work
>>> > (have a look to the README to understand why I put it
>>> > ;-) ). If you consider I have to throw it away please tell me.
>>> >
>>> > HMAC-SHA1-96 [RFC2404]
>>> > NULL
>>> > AES-XCBC-MAC-96 [RFC3566]
>>> > HMAC-MD5-96 [RFC2403]
>>> >
>>> > In the attachment you will get :
>>> > - this dissector
>>> > - a new README
>>> > - some example capture files with associated preferences files
>>> > (and setkey config files)
>>> >
>>> >
>>> > Best Regards,
>>> >
>>> >
>>> > ----
>>> > Frederic
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Frédéric ROUDAUT
>>> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
>>> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>>> >
>>> >
>>> _______________________________________________
>>> Ethereal-dev mailing list
>>> Ethereal-dev@ethereal.com
>>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>>
>>
>> --
>> DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
>> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
>> _______________________________________________
>> Ethereal-dev mailing list
>> Ethereal-dev@ethereal.com
>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

> Hi,
> I noted that you added:
> +#define HAVE_LIBCRYPT
> +

Oups sorry I forgot to remove it. I understood your point but it was just
for test purpose

--
frederic

> In your patch.
> The whole idea with adding HAVE_LIBCRYPT is that it will be set by the
> configure script if the library is present
> Which it isn't on my system so your original patch wouldn't build.
> I'm not realy familliar with the makefile magic so I'm not quite sure on
> how to do this, the SSL dissector has
> #ifdef HAVE_LIBGNUTLS
> If that also implies that libcrypt is avalable that could be used insted.
> Otherwise something similar to:
> # gnu tls
> AM_PATH_LIBGNUTLS(1.0.0,
> [.
> echo "gnuTLS found, enabling ssl decryption"
> AC_DEFINE(HAVE_LIBGNUTLS, 1, [Define to use gnutls
> library])
> tls_message="yes"
> ]
> , [.
> if test x$libgnutls_config_prefix != x ; then
> AC_MSG_ERROR([[gnuTLS not found; install gnuTLS-devel
> package for your system]])
> else
> echo echo "gnuTLS not found, disabling ssl
> decryption"
> tls_message="no"
> fi
> ]
> )
> Has to be done in configure.in/config.nmake I think.
>
> The preferense was changed due to failed compile on Solaris:
> http://anonsvn.ethereal.com/viewcvs/viewcvs.py?rev=17748&view=rev
>
> Wiki:
> Just do a page on IPsec on how to use the dissector to start with.
>
> Best regards
> Anders
>
> -----Original Message-----
> From: ethereal-dev-bounces@ethereal.com
> [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of Frederic Roudaut
> Sent: den 28 mars 2006 13:24
> To: Ethereal development
> Subject: Re: SV: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>
> Hi,
>
>> Hi,
>> I have checked in your patch with a change:
>> #ifdef HAVE_LIBCRYPT
>> #define __USE_LIBGCRYPT__
>> #endif
>> (Please check if that's correct).
>>
>
> yes it seems to be. Nevertheless I modified the comments in the ESP
> preference since it seems to have been truncated ... perhaps because of
> your or my editor.
> I have also changed hf_esp_pad to hf_esp.pad_len because I used to process
> the PDML outpout. (It means that now in the output I also have
> "esp.pad_len").
>
>> Can you please put the information from the readme file on the wiki
>> protocol pages.
>> Brg
>> Anders
>
> As a consequence I also modified the README. Where do you want I put the
> README in fact. In the InternetProtocolFamily section ? Do I have to do a
> new section for Network layer (IPSEC) or something similar ? It seems that
> I have to adapt the README to take into account the format you have
> defined, right ?
>
>
> Something completely different. As I wrote I used to check the PDML
> output.
> Thus I noticed that the followings fields are not present in the output :
>
> - Ripng : MustBeZero
> - ICMPv6 Neighbor Sollicitation : Reserved
> - ICMPv6 Router Sollicitation : Reserved
> - ICMPv6 Destination Unreachable : Unused
> - ICMPv6 MTU option : Reserved
> - TCP : UrgentPointer
> - TCP : ack when ack bit is not set.
>
> I modified some of them, is there a need for this ?
>
>
> Best Regards,
>
> Frederic Roudaut
>
>
>
>
>
>
>
>
>
>
>>
>> -----Ursprungligt meddelande-----
>> Från: ethereal-dev-bounces@ethereal.com
>> [mailto:ethereal-dev-bounces@ethereal.com] För Frederic Roudaut
>> Skickat: den 25 februari 2006 14:02
>> Till: Ethereal development
>> Kopia: Ethereal development
>> Ämne: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>
>>
>> Hi
>>
>>
>> I just add a #define __USE_LIBGCRYPT__ that you have to set to be able
>> to decrypt ESP payload. Otherwise if not, the original IPSEC dissector
>> is compiled. I also notice that on current stable Ethereal versions
>> gnutls is not linked.
>> Thus you have to install libgcrypt and do:
>>
>> LDFLAGS=-lgcrypt ./configure && make
>>
>> For windows you should get:
>>
>> http://gnunet.org/download/win/libgcrypt-1.2.1.zip
>>
>> and do something similar.
>>
>> Best regards
>> ---
>> Frederic
>>
>>
>>> Paolo,
>>>
>>> is there a way to compile the dissector with windows. The sourceforge
>>> rep
>>> (gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
>>> gcrypt.h.
>>>
>>> TIA
>>>
>>> Thomas
>>>
>>>
>>>> --- Ursprüngliche Nachricht ---
>>>> Von: "Filonenko Alexander-AAF013" <AAF013@motorola.com>
>>>> An: "Ethereal development" <ethereal-dev@ethereal.com>
>>>> Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>>> Datum: Fri, 24 Feb 2006 17:42:44 -0500
>>>>
>>>> Frederic,
>>>>
>>>> I find IPsec functionality you have added to the dissector very
>>>> useful.
>>>> Hope I can provide you with some feedback in a few weeks.
>>>>
>>>> Thank you,
>>>> Alex Filonenko
>>>>
>>>> > -----Original Message-----
>>>> > From: ethereal-dev-bounces@ethereal.com
>>>> > [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of Frederic
>>>> > Roudaut
>>>> > Sent: Friday, February 24, 2006 10:01 AM
>>>> > To: Ethereal development
>>>> > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>>> >
>>>> >
>>>> > Hi,
>>>> >
>>>> > finally, I have updated my dissector using libgcrypt.
>>>> > It does not use openssl anymore.
>>>> > If gnutls is installed, all should work.
>>>> > Thus, now it should decrypt and dissect (transport/tunnel/several
>>>> > encapsulations ...) :
>>>> >
>>>> > - NULL Encryption Algorithm
>>>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>>>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
>>>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>>>> > 32 bits will be used as nonce.
>>>> > - DES-CBC [RFC2405] : keylen 64 bits
>>>> >
>>>> > I also have added :
>>>> >
>>>> > - BLOWFISH-CBC : keylen 128 bits.
>>>> > - TWOFISH-CBC : keylen 128/256 bits.
>>>> >
>>>> > You have to indicate the Authentication algorithm even if all
>>>> > Algorithms since it uses 12 bytes in the Auth field should work
>>>> > (have a look to the README to understand why I put it
>>>> > ;-) ). If you consider I have to throw it away please tell me.
>>>> >
>>>> > HMAC-SHA1-96 [RFC2404]
>>>> > NULL
>>>> > AES-XCBC-MAC-96 [RFC3566]
>>>> > HMAC-MD5-96 [RFC2403]
>>>> >
>>>> > In the attachment you will get :
>>>> > - this dissector
>>>> > - a new README
>>>> > - some example capture files with associated preferences files
>>>> > (and setkey config files)
>>>> >
>>>> >
>>>> > Best Regards,
>>>> >
>>>> >
>>>> > ----
>>>> > Frederic
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Frédéric ROUDAUT
>>>> > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
>>>> > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>>>> >
>>>> >
>>>> _______________________________________________
>>>> Ethereal-dev mailing list
>>>> Ethereal-dev@ethereal.com
>>>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>>>
>>>
>>> --
>>> DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
>>> GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
>>> _______________________________________________
>>> Ethereal-dev mailing list
>>> Ethereal-dev@ethereal.com
>>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>>
>>
>>
>> _______________________________________________
>> Ethereal-dev mailing list
>> Ethereal-dev@ethereal.com
>> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>


_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Hi,

in the wiki protocol at the InternetProtocolFamily section I have added :
a new menu with a few information.

Network Layer (IPsec <http://wiki.ethereal.com/IPsec> Internet Protocol
Security):

*

AH <http://wiki.ethereal.com/AH>: Authentication Header

*

ESP <http://wiki.ethereal.com/ESP>: Encapsulating Security Payload

Moreover I also have added a little doc for the ESP Preference Settings.

I hope it is what you were expecting for .

Regards,

--
Frederic



Anders Broman wrote:

>Hi,
>I have checked in your patch with a change:
>#ifdef HAVE_LIBCRYPT
>#define __USE_LIBGCRYPT__
>#endif
>(Please check if that's correct).
>
>Can you please put the information from the readme file on the wiki protocol
>pages.
>Brg
>Anders
>
>-----Ursprungligt meddelande-----
>Från: ethereal-dev-bounces@ethereal.com
>[mailto:ethereal-dev-bounces@ethereal.com] För Frederic Roudaut
>Skickat: den 25 februari 2006 14:02
>Till: Ethereal development
>Kopia: Ethereal development
>Ämne: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>
>
>Hi
>
>
>I just add a #define __USE_LIBGCRYPT__ that you have to set to be able to
>decrypt ESP payload. Otherwise if not, the original IPSEC dissector is
>compiled. I also notice that on current stable Ethereal versions gnutls is
>not linked.
>Thus you have to install libgcrypt and do:
>
>LDFLAGS=-lgcrypt ./configure && make
>
>For windows you should get:
>
>http://gnunet.org/download/win/libgcrypt-1.2.1.zip
>
>and do something similar.
>
>Best regards
>---
>Frederic
>
>
>
>
>>Paolo,
>>
>>is there a way to compile the dissector with windows. The sourceforge rep
>>(gnutls-win32-msvc.tgz) does not include the winposixtype.h and the
>>gcrypt.h.
>>
>>TIA
>>
>>Thomas
>>
>>
>>
>>
>>>--- Ursprüngliche Nachricht ---
>>>Von: "Filonenko Alexander-AAF013" <AAF013@motorola.com>
>>>An: "Ethereal development" <ethereal-dev@ethereal.com>
>>>Betreff: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>>Datum: Fri, 24 Feb 2006 17:42:44 -0500
>>>
>>>Frederic,
>>>
>>>I find IPsec functionality you have added to the dissector very useful.
>>>Hope I can provide you with some feedback in a few weeks.
>>>
>>>Thank you,
>>>Alex Filonenko
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: ethereal-dev-bounces@ethereal.com
>>>>[mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of
>>>>Frederic Roudaut
>>>>Sent: Friday, February 24, 2006 10:01 AM
>>>>To: Ethereal development
>>>>Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>>>>
>>>>
>>>>Hi,
>>>>
>>>>finally, I have updated my dissector using libgcrypt.
>>>>It does not use openssl anymore.
>>>>If gnutls is installed, all should work.
>>>>Thus, now it should decrypt and dissect
>>>>(transport/tunnel/several encapsulations ...) :
>>>>
>>>>- NULL Encryption Algorithm
>>>>- TripleDES-CBC [RFC2451] : keylen 192 bits.
>>>>- AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
>>>>- AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>>>>32 bits will be used as nonce.
>>>>- DES-CBC [RFC2405] : keylen 64 bits
>>>>
>>>>I also have added :
>>>>
>>>>- BLOWFISH-CBC : keylen 128 bits.
>>>>- TWOFISH-CBC : keylen 128/256 bits.
>>>>
>>>>You have to indicate the Authentication algorithm even if all
>>>>Algorithms since it uses 12 bytes in the Auth field should
>>>>work (have a look to the README to understand why I put it
>>>>;-) ). If you consider I have to throw it away please tell me.
>>>>
>>>>HMAC-SHA1-96 [RFC2404]
>>>>NULL
>>>>AES-XCBC-MAC-96 [RFC3566]
>>>>HMAC-MD5-96 [RFC2403]
>>>>
>>>>In the attachment you will get :
>>>>- this dissector
>>>>- a new README
>>>>- some example capture files with associated preferences
>>>>files (and setkey config files)
>>>>
>>>>
>>>>Best Regards,
>>>>
>>>>
>>>>----
>>>>Frederic
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>Frédéric ROUDAUT
>>>>IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
>>>>Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>>>>
>>>>
>>>>
>>>>
>>>_______________________________________________
>>>Ethereal-dev mailing list
>>>Ethereal-dev@ethereal.com
>>>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>>
>>>
>>>
>>--
>>DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert:
>>GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl
>>_______________________________________________
>>Ethereal-dev mailing list
>>Ethereal-dev@ethereal.com
>>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>>
>>
>>
>
>
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@ethereal.com
>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Frederic,

I am using ESP decryption features of your dissector and it is very useful.
I have one question though. How can I use arbitrary (non-ASCII) encryption key with preferences available for ESP? Is the key limited to ASCII characters only?

Thank you,
Alex

-----Original Message-----
From: Filonenko Alexander-AAF013
Sent: Friday, February 24, 2006 4:43 PM
To: 'Ethereal development'
Subject: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload

Frederic,

I find IPsec functionality you have added to the dissector very useful.
Hope I can provide you with some feedback in a few weeks.

Thank you,
Alex Filonenko

> -----Original Message-----
> From: ethereal-dev-bounces@ethereal.com
> [mailto:ethereal-dev-bounces@ethereal.com] On Behalf Of Frederic
> Roudaut
> Sent: Friday, February 24, 2006 10:01 AM
> To: Ethereal development
> Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
>
>
> Hi,
>
> finally, I have updated my dissector using libgcrypt.
> It does not use openssl anymore.
> If gnutls is installed, all should work.
> Thus, now it should decrypt and dissect (transport/tunnel/several
> encapsulations ...) :
>
> - NULL Encryption Algorithm
> - TripleDES-CBC [RFC2451] : keylen 192 bits.
> - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
> - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
> 32 bits will be used as nonce.
> - DES-CBC [RFC2405] : keylen 64 bits
>
> I also have added :
>
> - BLOWFISH-CBC : keylen 128 bits.
> - TWOFISH-CBC : keylen 128/256 bits.
>
> You have to indicate the Authentication algorithm even if all
> Algorithms since it uses 12 bytes in the Auth field should work (have
> a look to the README to understand why I put it
> ;-) ). If you consider I have to throw it away please tell me.
>
> HMAC-SHA1-96 [RFC2404]
> NULL
> AES-XCBC-MAC-96 [RFC3566]
> HMAC-MD5-96 [RFC2403]
>
> In the attachment you will get :
> - this dissector
> - a new README
> - some example capture files with associated preferences files (and
> setkey config files)
>
>
> Best Regards,
>
>
> ----
> Frederic
>
>
>
>
>
>
> --
> Frédéric ROUDAUT
> IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
> Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
>
>
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev

-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-dev@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-dev
-------------------

-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-dev@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-dev
-------------------

-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-dev@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-dev
-------------------

On Tue, Aug 01, 2006 at 04:43:24PM -0400, Filonenko Alexander-AAF013 wrote:
> Thank you for the response. While adding this feature, do you plan to add another checkbox in the ESP preferences so the user can switch between ASCII/hex modes for encryption keys?

Maybe opening a bug for this on bugs.wireshark.org could make sure that
this isn't forgotten?

ciao
Joerg

--
Joerg Mayer <jmayer@loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev