Wireshark-commits: [Wireshark-commits] master 95a37ff: SMB2: allow users to give decryption keys di
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=95a37ff2fe1017bd2a97e9f0d96d9fd0faffdbf4
Submitter: "Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
95a37ff by Aurelien Aptel (aaptel@xxxxxxxx):
SMB2: allow users to give decryption keys directly
Previously users could only give a session key via
uat:smb2_seskey_list:<id>,<seskey>
which was used to generate the decryption keys, as long as the trace
contained the session establishement.
Users have often asked about how to decrypt traffic captured in the
middle of an existing session but this wasn't possible.
This commit extends uat:smb2_seskey_list with 2 extra columns to store
decryption keys so that traffic can be decrypted at any point of the
session.
This has the side effect of changing the current syntax from:
... -o uat:smb2_seskey_list:<id>,<seskey>
To:
... -o 'uat:smb2_seskey_list:<id>,<seskey>,"",""'
(make sure the quoting is right)
Change-Id: I810d464b6f3e749de39b4428d73e0d6be29f3152
Reviewed-on: https://code.wireshark.org/review/36135
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Actions performed:
from de66541 SMB2: ipv4 address is stored in big endian
add 95a37ff SMB2: allow users to give decryption keys directly
Summary of changes:
epan/dissectors/packet-smb2.c | 129 ++++++++++++++++++++++++++++++------------
epan/dissectors/packet-smb2.h | 5 +-
test/suite_decryption.py | 10 ++--
3 files changed, 102 insertions(+), 42 deletions(-)
