tags 737355 upstream wontfix - patch severity 737355 wishlist thanks Hi Alexander,
On 02/02/2014 12:39 AM, Alexander Prinsier wrote: > Package: wireshark > Version: 1.10.5-2 > Severity: normal > Tags: patch > > Wireshark only decrypts ISAKMP packets when pre-shared key authentication > (PSK) is used. This patch enables the same mechanism when pre-shared > authentication in combination with XAuth is used. It is a different > authentication method, but the decryption works the same. > > Patch is easy: change line 3355 of epan/dissectors/packet-isakmp.c to: > > decr->is_psk = (tvb_get_ntohs(tvb, offset) == 0x01 /* PSK */ || > tvb_get_ntohs(tvb, offset) == 0xFDE9 /* XAuth */) ? TRUE : FALSE; Could you please link a relevant RFC or similar document? According to RFC 2409 the value 65001 is for private use [1]. I found an expired draft [2] supporting your proposed change, but the draft also suggests using a Vendor ID for making the interpretation of the private value unambiguous. If you would like to extend Wireshark to decode packets conforming to the draft please handle the Vendor ID and submit your patch upstream. Thanks, Balint [1] http://tools.ietf.org/html/rfc2409#page-34 [2] http://tools.ietf.org/html/draft-ietf-ipsec-isakmp-xauth-06
signature.asc
Description: OpenPGP digital signature
