On Oct 14, 2011, at 2:05 PM, Ed Beroset wrote:
> Guy Harris wrote:
>>
>> On Oct 14, 2011, at 1:16 PM, Ed Beroset wrote:
>>
>>> if (PNODE_FINFO(tree)->hfinfo->id == hf_c1222_user_information)
>>> pkt_tree = proto_item_get_parent_nth(tree, 2); else return FALSE;
>>
>> None of that has anything to do with adding hf_c1222_crypto_good to
>> the protocol tree, which is what is relevant for making a
>> "c1222.crypto_good" field work; where is the code that adds that to
>> the tree?
>
> It does, but it's a bit indirect. If the call to that function returns false, it's an indication that the encryption validation failed for some reason.
If "that function" is canonify_unencrypted_header(), then, if it returns false, it's an indication that the canonicalization of the header failed for some reason, so you can't even try to do the crypto. If that can be done in a different fashion, as per my earlier suggestion, that code shouldn't even exist.
The code that actually does the crypto is in dissect_epsem(), which should only be called after all the header fields have been dissected.
