Wireshark-dev: Re: [Wireshark-dev] SSL + DTLS
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 28 Jun 2006 07:25:15 +0000
since the ssl crypto stuff has not been in any official release yet
there wouldnt really be any problem by making these incompatible
preference changes.



On 6/28/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
Ok,  I have thought about the dissectors a bit more and I dont feel
the copy pinfo to a new one and fake the port numbers are really the
best solution.
First of all  it wouldnt be able to handle protocols that are purely
heuritical and are not hard assigned to a specific port.
The current fake new pinfo  just feels wrong.


I would suggest the following two changes to both dissectors

1, remove all the debug output lines.   they clutter the code and make
it hard to read.     the feature is stable enough now that we dont
really need them right?

2, instead of that   tunneled port in preferences and the copy and
fake a new pinfo thing before spawning off to subdissectors,
can you change it to instead associate ssl sessions by protocol name
and call the handle for the protocol.

I.e. associate tcp port 443   with "http" instead of "the protocol
tunneled at port 80"

Change the preferences andf get rid of "ssl ports list" and also the
"debug" field.
Change the RSA key field to the format
IPADDRESS:PORT:protocolname:keyfile

127.0.0.1:443:http:/patrh/to/file.key

and have it find the dissector for http by name and instead of by
whatever is hard tied to port 80.

also then get rid of the pinfo faking and mangling.






On 6/27/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:
> the SSL dissector was made by paolo abeni so structure was chosen by him,
>
> if I change DTLS plugin the problem will stay in SSL. am I rigth ?
>
> I have to change twice ?
>
> (before starting working I would like to know exactly where is the
> problem because the patch modify the two dissectors)
>
> regards,
>
> On 6/27/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > also if you can get rid of the debug statements   unless you really
need
> them.
> >
> >
> >
> > On 6/27/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > > Checked in.
> > >
> > >
> > > Can you make these additional changes :
> > >
> > > 1, replace the GHashTables with se_tree binary trees?   see emem.h
and
> > > README.malloc
> > >
> > > 2, have a look at and update the wiki?    I added an example capture
> > > from one of your emails to the list to the wiki.
> > >
> > >
> > >
> > > On 6/15/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:
> > > > Hi,
> > > >
> > > > enclosed find the new patch made on svn ....
> > > >
> > > > it make the same that I've say last mail but since I've found
another
> > > > error in OpenSSL implementation : DTLS implementation doesn't add
two
> > > > bytes long before Pre Master Secret in RSA key exchange (in
> > > > ClientKeyExchange message..)
> > > >
> > > > I've corrected Version problem and this problem in openssl and I
will
> > > > send a patch tomorrow
> > > > (I've done the correction in DTLS dissector too)
> > > > If my corrections will be integrated I send here new patch.(If I
have
> > > > enougth time I would like to implement that's missing in DTLS
> > > > implementation like replay or packet loss handling)
> > > >
> > > > My problem is integration in wireshark because a lot of things in
> DTLS
> > > > and SSL dissectors are same and I don't know how to make the code
> > > > maintainable (Ive put things in packet-ssl-utils but I don't know
if
> > > > it is a good choice...). The DTLS dissector is a copy of SSL
> dissector
> > > > that I adapted...but I don't know how I can do otherwise
> > > >
> > > > regards,
> > > >
> > > > Samuel
> > > >
> > > >
> > > >
> > > >
> > > > On 6/14/06, Joerg Mayer <jmayer@xxxxxxxxx> wrote:
> > > > > On Mon, Jun 12, 2006 at 04:52:15PM +0200, authesserre samuel
wrote:
> > > > > > >It's a new patch (and certainly the last of me) for SSL and
DTLS
> > > > > > >decryption.
> > > > > > >The SSL one isn't new, it correct some bugs .... (like alert
> > > > decryption)
> > > > >
> > > > > I tried to apply your patch to current wireshark svn, and it
> failed.
> > > > > Can you please recreate it against the current svn sources?
> > > > >
> > > > > Thanks
> > > > >        Joerg
> > > > > _______________________________________________
> > > > > Ethereal-dev mailing list
> > > > > Ethereal-dev@xxxxxxxxxxxx
> > > > > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> > > > >
> > > >
> > > >
> > > > --
> > > > ++++++++++++++++++++++++++
> > > > + Authesserre Samuel            +
> > > > + 12 rue de la défense passive+
> > > > + 14000 CAEN                      +
> > > > + FRANCE                           +
> > > > + 06-27-28-13-32                   +
> > > > + sauthess@xxxxxxxxx          +
> > > > ++++++++++++++++++++++++++
> > > >
> > > >
> > >
> >
>
>
> --
> ++++++++++++++++++++++++++
> + Authesserre Samuel            +
> + 12 rue de la défense passive+
> + 14000 CAEN                      +
> + FRANCE                           +
> + 06-27-28-13-32                   +
> + sauthess@xxxxxxxxx          +
> ++++++++++++++++++++++++++
>