Hi,
Are there any positive or negative reactions to this? Will somebody fix it?
Michael
Michael Mueller wrote:
Sorry, I forgot to append the patch.
Tcpdump -E doesn't work for 3des-cbc encryption with hmac-md5 authentication (tested with tcpdump-2004.09.22 on Linux 2.6). The reason is that in esp_print_decode_onesecret(), print-esp.c authlen is left 0 instead of setting it to 12 for *-cbc encryptions. The 12 byte authlen is required for
hmac-md5 by rfc2403 hmac-sha1 by rfc2404
and seems to have the same value for other authentication algorithms too. I don't think that authlen should depend on the encryption algorithm used. I append a patch that sets it to 12. I hope that this is good for all cases. Otherwise specifying authlen on the command line would be an alternative.
Michael - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
------------------------------------------------------------------------
*** print-esp.c.orig Thu Sep 23 17:28:12 2004
--- print-esp.c Fri Sep 24 13:57:35 2004
*************** static void esp_print_decode_onesecret(n
*** 223,229 ****
int len;
size_t i;
const EVP_CIPHER *evp;
- int authlen = 0;
/* skip any blank spaces */
while (isspace((unsigned char)*decode))
--- 223,228 ----
*************** static void esp_print_decode_onesecret(n
*** 242,248 ****
"-hmac96")) {
p = strstr(decode, "-hmac96");
*p = '\0';
- authlen = 12;
}
if (strlen(decode) > strlen("-cbc") &&
!strcmp(decode + strlen(decode) - strlen("-cbc"), "-cbc")) {
--- 241,246 ----
*************** static void esp_print_decode_onesecret(n
*** 259,265 ****
}
sa1.evp = evp;
! sa1.authlen = authlen;
sa1.ivlen = EVP_CIPHER_iv_length(evp);
colon++;
--- 257,263 ----
}
sa1.evp = evp;
! sa1.authlen = 12;
sa1.ivlen = EVP_CIPHER_iv_length(evp);
colon++;
------------------------------------------------------------------------
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
