Package: wireshark Version: 1.10.5-2 Severity: normal Tags: patch Wireshark only decrypts ISAKMP packets when pre-shared key authentication (PSK) is used. This patch enables the same mechanism when pre-shared authentication in combination with XAuth is used. It is a different authentication method, but the decryption works the same.
Patch is easy: change line 3355 of epan/dissectors/packet-isakmp.c to: decr->is_psk = (tvb_get_ntohs(tvb, offset) == 0x01 /* PSK */ || tvb_get_ntohs(tvb, offset) == 0xFDE9 /* XAuth */) ? TRUE : FALSE; This problem likely also exists upstream. Regards, Alexander -- System Information: Debian Release: 7.3 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages wireshark depends on: ii libc6 2.17-97 ii libcairo2 1.12.2-3 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libgtk-3-0 3.4.2-7 ii libpango1.0-0 1.30.0-1 ii libpcap0.8 1.3.0-1 ii libportaudio2 19+svn20111121-1 ii libwireshark3 1.10.5-2 ii libwiretap3 1.10.5-2 ii libwsutil3 1.10.5-2 ii wireshark-common 1.10.5-2 ii xdg-utils 1.1.0~rc1+git20111210-6 ii zlib1g 1:1.2.7.dfsg-13 wireshark recommends no packages. wireshark suggests no packages. -- no debconf information
Description: Enable decryption of ISAKMP packets when XAuth is used Wireshark only decrypts ISAKMP packets when pre-shared key authentication (PSK) is used. This patch enables the same mechanism when pre-shared authentication in combination with XAuth is used. It is a different authentication method, but the decryption works the same. --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin: <vendor|upstream|other>, <url of original patch> Bug: <url in upstream bugtracker> Bug-Debian: http://bugs.debian.org/<bugnumber> Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber> Forwarded: <no|not-needed|url proving that it has been forwarded> Reviewed-By: <name and email of someone who approved the patch> Last-Update: <YYYY-MM-DD> --- wireshark-1.10.5.orig/epan/dissectors/packet-isakmp.c +++ wireshark-1.10.5/epan/dissectors/packet-isakmp.c @@ -3352,7 +3352,7 @@ dissect_transform_ike_attribute(tvbuff_t proto_tree_add_item(sub_transform_attr_type_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, optlen, ENC_BIG_ENDIAN); proto_item_append_text(transform_attr_type_item," : %s", val_to_str(tvb_get_ntohs(tvb, offset), transform_attr_authmeth_type, "Unknown %d")); #ifdef HAVE_LIBGCRYPT - decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE; + decr->is_psk = (tvb_get_ntohs(tvb, offset) == 0x01 /* PSK */ || tvb_get_ntohs(tvb, offset) == 0xFDE9 /* XAuth */) ? TRUE : FALSE; #endif break; case IKE_ATTR_GROUP_DESCRIPTION:
