On Thu, May 6, 2021 at 7:17 PM Stefan Metzmacher <metze@xxxxxxxxx> wrote:
>
> Hi Steve,
>
> > +/*
> > + * Dump full key (32 byte encrypt/decrypt keys instead of 16 bytes)
> > + * is needed if GCM256 (stronger encryption) negotiated
> > + */
> > +struct smb3_full_key_debug_info {
> > + __u64 Suid;
> > + __u16 cipher_type;
> > + __u8 auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */
>
> Why this? With kerberos the authentication key can be 32 bytes too.
>
> Why are you exporting it at all?
I don't remember the original reason for why it was thought wireshark
could use this.
Aurelien,
Do you remember the context/reasons for each of the exported fields?
--
Thanks,
Steve
