Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin

From: Martin Warnes <martin@xxxxxxxxxxxxxxxxx>
Date: Fri, 12 Jan 2007 20:05:03 +0000

Stephen Fisher wrote the following on 12/01/2007 19:34:
On Fri, Jan 12, 2007 at 07:19:59PM +0000, Martin Warnes wrote:

The Connect:Direct protocol in this case is just a header record:

		54 43 50 32 00 02 00 10 00 00 00 09  .S..TCP2........
0050   80 00 00 00 38 00 00 00

and the SSL payload:

		16 03 01 00 04 0e 00 00  ....8...........
0060 00

In this case, your dissector should call the SSL dissector once its done processing its own data. See epan/dissector/packet-eap.c for an example of calling SSL as a sub-dissector (look for each instance of "ssl_handle" and how it builds next_tvb before calling it).


Steve
That's what I thought I was doing, from my code:

         if (isSSL)
       {
         if (cdirect_ssldissection)
           {
             next_tvb =
           tvb_new_subset (tvb, tvb_get_ntohs (tvb, 6) + rhlen,
                   tvb_get_ntohs (tvb, 10), -1);
}
             call_dissector (ssl_handle, next_tvb, pinfo, cdirect_tree);

           }
       }
       }

The actual dissection of the SSL data works fine, it's just that when I select "Follow SSL stream" I always get a empty panel. I always assumed it was because the SSL was not atop TCP, I'll take a closer look when I get a spare moment.

Thanks .. Martin

----------------------------------------------------------
Scanned by ClamAV antivirus system - http://www.clamav.net
Virus signatures last updated: Fri Jan 12 18:33:21 2007