Skip to content

pcapgo: add read/write support for Decryption Secrets Block (DSB). #1042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

pcapgo: add read/write support for Decryption Secrets Block (DSB). #1042

wants to merge 2 commits into from

Conversation

cfc4n
Copy link

@cfc4n cfc4n commented Aug 5, 2022
edited
Loading

Support reading and writing pcapng files with DSBs.
the same as https//github.com/wireshark/wireshark

The TLS dissector will be updated in the future to make use of these secrets.
pcapng spec update: IETF-OPSAWG-WG/draft-ietf-opsawg-pcap#54

DSB block format:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                   Block Type = 0x0000000A                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                          Secrets Type                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |                         Secrets Length                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 /                                                               /
   /                          Secrets Data                         /
   /              (variable length, padded to 32 bits)             /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                       Options (variable)                      /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                       Block Total Length                      /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Use Case:
gojue/ecapture#153

@google-cla
Copy link

google-cla bot commented Aug 5, 2022

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@cfc4n
pcapgo : add Decryption Secrets Block writer/reader.
cebe087 
A Decryption Secrets Block (DSB) stores (session) secrets that enable decryption of packets within the capture file.

see https://github.com/pcapng/pcapng/blob/master/draft-tuexen-opsawg-pcapng.md for more info.

Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@stv0g
Copy link

stv0g commented Aug 18, 2022

LGTM. We need this as well.

@gconnell Any chance to get this merged?

stv0g
stv0g reviewed Aug 18, 2022
View reviewed changes
@mosajjal
Copy link

hey there. feel free to move this to the new fork (gopacket/gopacket) and I'll take a look at it.

@stv0g stv0g mentioned this pull request Aug 22, 2022
Merged
@stv0g
Copy link

stv0g commented Aug 22, 2022

@mosajjal I create another PR in the fork.

Could you briefly elaborate why there is a fork? Or why there is a need for one?
I couldnt find any note or issue in the new repo explaining it.

@stv0g
Copy link

stv0g commented Aug 22, 2022

Nevermind, I found #1016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@stv0g stv0g stv0g left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cfc4n @stv0g @mosajjal