> Here is a dissector for SSL/TLS.
Checked in.
> Comments, criticisms, and corrections are welcome ;-)
It's always wrong to pass a null "value" pointer to any of the
"proto_string_add_format" routines - if you're adding a string to the
protocol tree, you *must* give it a value, otherwise attempts to filter
on it will cause a core dump.
If you just want to put a text item into the protocol tree, use
"proto_tree_add_text()".
However, if you want to put a time stamp into the protocol tree, use
"proto_tree_add_time()"; the time stamp has to be in a UNIX-style
"struct timeval" format. If you're just putting a 32-bit UNIX-style
"time_t" absolute time stamp into the tree, then:
the field for it should be of type FT_ABSOLUTE_TIME;
the "tv_sec" field of the "struct timeval" should have the UNIX
"time_t" value;
the "tv_usec" field should be 0.
I've changed the code to do that.
Also, there's a "plurality()" macro to that takes a number and two
strings as arguments - if the number is 1, it evaluates to the first
string, otherwise it evaluates to the second; I changed the "%d byte%s"
stuff to use "plurality()" (and, if the byte count is unsigned, to use
"%u").
In addition, not only must COL_INFO be set before anything is fetched
from the tvbuff, so must COL_PROTOCOL, so that, if an exception is
thrown due to, for example, a too-short capture length, the columns
reflect the protocol being dissected, not the protocol above it. If, in
the dissection of the protocol, you can give more detailed information
in either of those fields, the field can be set again; I changed the
dissector to initially set COL_PROTOCOL to "SSL" - it still gets set
later if it doesn't throw an exception before getting the version.
