From a51047ec6d8c6ae55612557b96b0f7b252576f3c Mon Sep 17 00:00:00 2001
From: balintm <martina@balint.eu>
Date: Tue, 4 Jul 2017 10:42:18 +0100
Subject: [PATCH 1/2] padding comes before flags

I am not able to find it in RFC, but all of the pcaps I came across  (https://wiki.wireshark.org/SampleCaptures) contain padding in-front of flags.
---
 src/analyzer/protocol/krb/krb-protocol.pac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/analyzer/protocol/krb/krb-protocol.pac b/src/analyzer/protocol/krb/krb-protocol.pac
index a237f6b0fa..0b336b3024 100644
--- a/src/analyzer/protocol/krb/krb-protocol.pac
+++ b/src/analyzer/protocol/krb/krb-protocol.pac
@@ -136,8 +136,8 @@ type KRB_AP_REQ(is_orig: bool) = record {
 
 type KRB_AP_Options = record {
 	meta 	: SequenceElement(false);
+		: padding[meta.meta.length - 4];
 	flags	: uint32;
-		: padding[1];
 } &let {
 	reserved	: bool = (flags & 0x80000000) > 0;
 	use_session_key	: bool = (flags & 0x40000000) > 0;

From 83ebdb65a90695e32fd472157613704b62eeae5a Mon Sep 17 00:00:00 2001
From: balintm <martina@balint.eu>
Date: Fri, 7 Jul 2017 11:31:58 +0100
Subject: [PATCH 2/2] Update krb-protocol.pac

---
 src/analyzer/protocol/krb/krb-protocol.pac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/analyzer/protocol/krb/krb-protocol.pac b/src/analyzer/protocol/krb/krb-protocol.pac
index 0b336b3024..8f68bebe0d 100644
--- a/src/analyzer/protocol/krb/krb-protocol.pac
+++ b/src/analyzer/protocol/krb/krb-protocol.pac
@@ -136,7 +136,7 @@ type KRB_AP_REQ(is_orig: bool) = record {
 
 type KRB_AP_Options = record {
 	meta 	: SequenceElement(false);
-		: padding[meta.meta.length - 4];
+		: padding[1];
 	flags	: uint32;
 } &let {
 	reserved	: bool = (flags & 0x80000000) > 0;