Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] packet-kerberos.c: hand-written or ASN.1?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Wed, 27 Jan 2010 19:30:57 +1100
ouch,   it is partially machinegenerated!

when did that happen ? :-)


On Wed, Jan 27, 2010 at 7:30 PM, ronnie sahlberg
<ronniesahlberg@xxxxxxxxx> wrote:
> packet-kerberos.c is handwritten.
>
> packet-kerberos contains a whoole lot more than just rfc1510
> (it even handles a pre rfc version of 1510 with a slightly different
> asn, used by packetcable)
>
>
> The vast majority of the code in apcket-kerberos.c is not really the
> actual pdu definitions as of 1510
> but things likes vast numbers of microsoft (and other) extensions to
> various fields.
>
> value strings   that are not defined in 1510
>
> and of course, the whole decryption code   and microsoft PAC code.
>
>
> Since the packetstructure in rfc1510 is such a very small part of
> packet-kerberos.c  I dont think it is worth it to move it to
> machinegenerated code.
> (and if doing so, we would have to use a modified asn anyway, to not
> break packetcable)
>
>
>
> I think it is best if you just enhance the hf fields, one by one, as
> you find them too terse.
>
>
>
>
> regards
> ronnie sahlberg
>
>
>
>
> On Wed, Jan 27, 2010 at 6:25 PM, Stephen Fisher
> <steve@xxxxxxxxxxxxxxxxxx> wrote:
>> I've started working with Kerberos at work, and I was analyzing packets
>> with Wireshark when I noticed that a number of the packet detail field
>> names are pretty terse.  Is packet-kerberos.c written by hand, generated
>> with ASN.1 or both?  I'm guessing both.  Is there a move to change it to
>> entirely one way or the other?  I was wanting to expand some field names
>> for things such as cusec.  I realize that hf_krb_cusec has a description
>> for the status line of "micro second component of client time" but I
>> still think that cusec could be expanded in the details pane.  Maybe
>> something like "Client microseconds" or "Microseconds" under a Client
>> tree title.
>>
>>
>> Steve
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube