Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5863] New: DTLS and RELOAD enhancements and bug fixes

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 26 Apr 2011 17:03:59 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5863

           Summary: DTLS and RELOAD enhancements and bug fixes
           Product: Wireshark
           Version: 1.5.x (Experimental)
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: michaelc@xxxxxxxxxxxxxxx


Created an attachment (id=6235)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6235)
Source code changes and diff against rev 36461

Build Information:
wireshark 1.5.1-SVN-36461 (SVN Rev 36461 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.24.2, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI

0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Apr

 4 2011), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

--
Attached are some enhancements I made to DTLS and RELOAD dissects against the
Wireshark 1.5.1 Rev 36461 source:

1. Reload framing protocol no longer encapsulates the Reload message, instead
the latter is in its own tree following Reload framing, much like IP, UDP, etc.

2. Similarly, DTLS no longer encapsulates its data payload if the payload can
be dissected. The recognized payload is in its own tree following the DTLS,
much like IP, UDP, etc.

3. DTLS is added to the heuristic table of UDP.

4. DTLS now has its own heuristic table for dissecting its payload, and
reload-framing is added to this DTLS heuristic table.

5. A guaranteed null pointer access violation is fixed in packet-ssl-utils.c
when DTLS succeeded in dissecting its payload.

6. DTLS will try to dissect its payload if the agreed upon cipher is
RSA-NULL-MD5 (0x0001) or RSA-NULL-SHA (0x0002), even when DTLS is not
configured with the client/server private keys.

One should be able to load the reload-ring-of-two-rsa-null.pcap file in the
attachment without setting up the private key and see all the Reload packets.

Thank you

Michael Chen
IDS Software

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube