On Tue, 30 Sep 2003, Frank Cusack wrote: > Hi, > > I'd like to be able to verify NFS rpcsec_gss credentials/verifiers. My idea > is that I have my kernel dump the key used, and I import that into ethereal, > associating it with a specific context handle.
OK, similar things are possible with CIFS, from what I can see ... > - Where is the best place to add code to do the validation? Is this > suitable for a plugin? I would suggest that perhaps we don't want a plugin. The approach that the NTLMSSP code takes is to have a preference where you can enter the password, but means all NTLMSSP sessions use the same info. What would be good is to be able to select a conversation and add per-conversation data, in this case, the key. However, that will require some additional infrastructure and a way to extend the concept of conversations beyond simply tcp (although that might already be there). > - Where is the easiest place to add this code, if different than the above? All over the place, I think. Some in the gtk directory, then some in conversations.c or whatever, and finally, some in the RPC dissector or the NFS dissector. > - What is the fastest way to have ethereal read the key info? I figured > on just creating some well known filename which the plugin or nfs > dissector (?) would read. Say /tmp/ethereal.nfs.rpcsec_gss.<handle> > which would contain the key in 0x ascii-hex format (and where <handle> > is in ascii-hex format). Have the user specify it from the GUI and or command line (for tethereal). > - Would you include this in the distribution? Yes. Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
