Michael Mueller wrote:
Are there any positive or negative reactions to this? Will somebody fix it?
I'd check in the patch if somebody resolved the issue
Tcpdump -E doesn't work for 3des-cbc encryption with hmac-md5 authentication (tested with tcpdump-2004.09.22 on Linux 2.6). The reason is that in esp_print_decode_onesecret(), print-esp.c authlen is left 0 instead of setting it to 12 for *-cbc encryptions. The 12 byte authlen is required for
hmac-md5 by rfc2403 hmac-sha1 by rfc2404
and seems to have the same value for other authentication algorithms too. I don't think that authlen should depend on the encryption algorithm used. I append a patch that sets it to 12. I hope that this is good for all cases. Otherwise specifying authlen on the command line would be an alternative.
either by saying that 12 is the right authlen for all encryption algorithms, saying it's not and supplying a way (including a patch) to figure out what the right authlen is, or saying it's not, saying you can't determine it from the packet contents, and supplying a patch to add the authentication length on the command line (and if nobody on the list says "that won't work" or "here's a better way to do it" or something such as that).
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
