On Thu, Feb 23, 2017 at 10:21 PM, Peter Wu <[email protected]> wrote:
> On Thu, Feb 23, 2017 at 12:49:51PM -0800, Guy Harris wrote: > > On Feb 23, 2017, at 11:56 AM, Erik de Jong <[email protected]> wrote: > > > > > During my day job I have noticed that sometimes combinations of > > > certain platforms have trouble dealing with SIP digest > > > authorization. Reasons for this range from bugs in the SIP stack to > > > wrong escapes for special characters in configuration files > > > generated for automated set provisioning. I have written a Lua > > > script that will allow me to enter credentials and check if the > > > digest hash in a SIP authorization line is indeed the correct hash > > > for those credentials. I've written a proof of concept where this > > > functionality is added to the SIP dissector itself and I'm wondering > > > whether this is appropriate to submit for review or that these kind > > > of diagnostics are better left in an external script as it is not > > > really a dissection of the packet. > > > > 1) We already do validation of checksums in dissectors. > > > > 2) Wireshark is a packet *analyzer*, not a packet *dissector*. > > > > So there's no reason *not* to do digest hash checks in Wireshark, and if > the dissector is the best place, there's no reason not to do them there. > > Validation of the protocol fields (like checksums) can be done without > external input and would be nice. On violation, these could add "expert > info" to the tree. > > But for Authorization digests in SIP, this would require external input > (credentials), possibly through a preference (filename or UAT). I think > it is better as separate script (since the input format can be different > depending on the user), but wouldn't object if a patch is proposed. > That's why I was inquiring. Expert info is a really great way to report validation mismatches, but there is external input required - I'd opt for a UAT. Same principle could be applied for HTTP digests by the way. > -- > Kind regards, > Peter Wu > https://lekensteyn.nl > ____________________________________________________________ > _______________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject= > unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
