Wireshark-dev: [Wireshark-dev] NULL encrypted ESP(IPsec) payloads
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Tue, 11 Oct 2011 13:55:06 +0200
Hi,
I'm looking at en NULL encrypted ESP payload, trying to display it in Wireshark, in order to do so
The preferences
"Attempt to detect/decode NULL encrypted ESP payloads" must be "ticked" ( No supprise)
"Attempt to detect/decode encrypted ESP payloads" must be "un-ticked" is that realy corrrect? Or should this patch be applied?
 
C:\wireshark\trunk>svn diff
Index: epan/dissectors/packet-ipsec.c
===================================================================
--- epan/dissectors/packet-ipsec.c      (revision 889)
+++ epan/dissectors/packet-ipsec.c      (working copy)
@@ -1099,8 +1099,7 @@
 
#ifdef HAVE_LIBGCRYPT
   /* The SAD is not activated */
-  if(g_esp_enable_null_encryption_decode_heuristic &&
-    !g_esp_enable_encryption_decode)
+  if(g_esp_enable_null_encryption_decode_heuristic)
     null_encryption_decode_heuristic = TRUE;
 
   if(g_esp_enable_encryption_decode || g_esp_enable_authentication_check)