Wireshark-dev: Re: [Wireshark-dev] SSL + DTLS
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 28 Jun 2006 07:43:42 +0000
when changing the format of the preference string you may also want to change the field separator from ':' to something else, maybe ',' ? (why? think ssl with IPv6 addresses) On 6/28/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
Ok, I have thought about the dissectors a bit more and I dont feel the copy pinfo to a new one and fake the port numbers are really the best solution. First of all it wouldnt be able to handle protocols that are purely heuritical and are not hard assigned to a specific port. The current fake new pinfo just feels wrong. I would suggest the following two changes to both dissectors 1, remove all the debug output lines. they clutter the code and make it hard to read. the feature is stable enough now that we dont really need them right? 2, instead of that tunneled port in preferences and the copy and fake a new pinfo thing before spawning off to subdissectors, can you change it to instead associate ssl sessions by protocol name and call the handle for the protocol. I.e. associate tcp port 443 with "http" instead of "the protocol tunneled at port 80" Change the preferences andf get rid of "ssl ports list" and also the "debug" field. Change the RSA key field to the format IPADDRESS:PORT:protocolname:keyfile 127.0.0.1:443:http:/patrh/to/file.key and have it find the dissector for http by name and instead of by whatever is hard tied to port 80. also then get rid of the pinfo faking and mangling. On 6/27/06, authesserre samuel <sauthess@xxxxxxxxx> wrote: > the SSL dissector was made by paolo abeni so structure was chosen by him, > > if I change DTLS plugin the problem will stay in SSL. am I rigth ? > > I have to change twice ? > > (before starting working I would like to know exactly where is the > problem because the patch modify the two dissectors) > > regards, > > On 6/27/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote: > > also if you can get rid of the debug statements unless you really need > them. > > > > > > > > On 6/27/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote: > > > Checked in. > > > > > > > > > Can you make these additional changes : > > > > > > 1, replace the GHashTables with se_tree binary trees? see emem.h and > > > README.malloc > > > > > > 2, have a look at and update the wiki? I added an example capture > > > from one of your emails to the list to the wiki. > > > > > > > > > > > > On 6/15/06, authesserre samuel <sauthess@xxxxxxxxx> wrote: > > > > Hi, > > > > > > > > enclosed find the new patch made on svn .... > > > > > > > > it make the same that I've say last mail but since I've found another > > > > error in OpenSSL implementation : DTLS implementation doesn't add two > > > > bytes long before Pre Master Secret in RSA key exchange (in > > > > ClientKeyExchange message..) > > > > > > > > I've corrected Version problem and this problem in openssl and I will > > > > send a patch tomorrow > > > > (I've done the correction in DTLS dissector too) > > > > If my corrections will be integrated I send here new patch.(If I have > > > > enougth time I would like to implement that's missing in DTLS > > > > implementation like replay or packet loss handling) > > > > > > > > My problem is integration in wireshark because a lot of things in > DTLS > > > > and SSL dissectors are same and I don't know how to make the code > > > > maintainable (Ive put things in packet-ssl-utils but I don't know if > > > > it is a good choice...). The DTLS dissector is a copy of SSL > dissector > > > > that I adapted...but I don't know how I can do otherwise > > > > > > > > regards, > > > > > > > > Samuel > > > > > > > > > > > > > > > > > > > > On 6/14/06, Joerg Mayer <jmayer@xxxxxxxxx> wrote: > > > > > On Mon, Jun 12, 2006 at 04:52:15PM +0200, authesserre samuel wrote: > > > > > > >It's a new patch (and certainly the last of me) for SSL and DTLS > > > > > > >decryption. > > > > > > >The SSL one isn't new, it correct some bugs .... (like alert > > > > decryption) > > > > > > > > > > I tried to apply your patch to current wireshark svn, and it > failed. > > > > > Can you please recreate it against the current svn sources? > > > > > > > > > > Thanks > > > > > Joerg > > > > > _______________________________________________ > > > > > Ethereal-dev mailing list > > > > > Ethereal-dev@xxxxxxxxxxxx > > > > > http://www.ethereal.com/mailman/listinfo/ethereal-dev > > > > > > > > > > > > > > > > > -- > > > > ++++++++++++++++++++++++++ > > > > + Authesserre Samuel + > > > > + 12 rue de la défense passive+ > > > > + 14000 CAEN + > > > > + FRANCE + > > > > + 06-27-28-13-32 + > > > > + sauthess@xxxxxxxxx + > > > > ++++++++++++++++++++++++++ > > > > > > > > > > > > > > > > -- > ++++++++++++++++++++++++++ > + Authesserre Samuel + > + 12 rue de la défense passive+ > + 14000 CAEN + > + FRANCE + > + 06-27-28-13-32 + > + sauthess@xxxxxxxxx + > ++++++++++++++++++++++++++ >
- Follow-Ups:
- Re: [Wireshark-dev] SSL + DTLS
- From: authesserre samuel
- Re: [Wireshark-dev] SSL + DTLS
- References:
- Re: [Wireshark-dev] [PATCH] SSL + DTLS
- From: authesserre samuel
- Re: [Wireshark-dev] SSL + DTLS
- From: ronnie sahlberg
- Re: [Wireshark-dev] SSL + DTLS
- From: ronnie sahlberg
- Re: [Wireshark-dev] SSL + DTLS
- From: authesserre samuel
- Re: [Wireshark-dev] SSL + DTLS
- From: ronnie sahlberg
- Re: [Wireshark-dev] [PATCH] SSL + DTLS
- Prev by Date: Re: [Wireshark-dev] SSL + DTLS
- Next by Date: [Wireshark-dev] Label, anyone?
- Previous by thread: Re: [Wireshark-dev] SSL + DTLS
- Next by thread: Re: [Wireshark-dev] SSL + DTLS
- Index(es):