Ethereal-dev: Re: [Ethereal-dev] Fwd: SSL Dissector Bug (EAP-TLS) with 802.1Xand SSL
On Thu, 2006-02-16 at 21:45 +0100, Thomas Sillaber wrote:
> capture file is attached
The attached patch should fix the issue.
pinfo->net_src and pinfo->net_dst where used to set up conversation, but
this fields are null on eap stream. use pinfo->src and pinfo->dst
instead.
The patch also enable strict checking in the 'follow ssl stream' dialog.
Paolo
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Noleggia on line i tuoi DVD preferiti, 3 DVD subito GRATIS a casa tua!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=4630&d=17-2
Index: gtk/ssl-dlg.c
===================================================================
--- gtk/ssl-dlg.c (revision 17329)
+++ gtk/ssl-dlg.c (working copy)
@@ -171,6 +171,10 @@
return 0;
}
+extern int
+packet_is_ssl(epan_dissect_t* edt);
+
+
/* Follow the SSL stream, if any, to which the last packet that we called
a dissection routine on belongs (this might be the most recently
selected packet, or it might be the last packet in the file). */
@@ -193,19 +197,25 @@
GString* msg;
/* we got ssl so we can follow */
- if (cfile.edt->pi.ipproto != 6) {
- simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
- "Error following stream. Please make\n"
- "sure you have an SSL packet selected.");
- return;
+ if (!packet_is_ssl(cfile.edt)) {
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
+ "Error following stream. Please make\n"
+ "sure you have an SSL packet selected.");
+ return;
}
follow_info = g_new0(follow_info_t, 1);
-
/* Create a new filter that matches all packets in the SSL stream,
and set the display filter entry accordingly */
reset_tcp_reassembly();
follow_filter = build_follow_filter(&cfile.edt->pi);
+ if (!follow_filter)
+ {
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
+ "Error creating filter for this stream.\n"
+ "A network layer header is needed");
+ return;
+ }
/* Set the display filter entry accordingly */
filter_te = OBJECT_GET_DATA(w, E_DFILTER_TE_KEY);
Index: gtk/menu.c
===================================================================
--- gtk/menu.c (revision 17329)
+++ gtk/menu.c (working copy)
@@ -1959,7 +1959,7 @@
return node_data->enabled;
}
-static int
+int
packet_is_ssl(epan_dissect_t* edt)
{
GPtrArray* array;
Index: epan/dissectors/packet-ssl.c
===================================================================
--- epan/dissectors/packet-ssl.c (revision 17329)
+++ epan/dissectors/packet-ssl.c (working copy)
@@ -1216,11 +1216,11 @@
/* we need to know witch side of conversation is speaking*/
if (ssl_packet_from_server(pinfo->srcport)) {
- dummy.addr = pinfo->net_src;
+ dummy.addr = pinfo->src;
dummy.port = pinfo->srcport;
}
else {
- dummy.addr = pinfo->net_dst;
+ dummy.addr = pinfo->dst;
dummy.port = pinfo->destport;
}
ssl_debug_printf("dissect_ssl server %hhd.%hhd.%hhd.%hhd:%d\n",