Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3203] New: [PATCH] Tor Dissector

Date: Thu, 15 Jan 2009 12:53:34 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3203

           Summary: [PATCH] Tor Dissector
           Product: Wireshark
           Version: SVN
          Platform: All
               URL: http://roberthogan.net/stuff/dissector/
        OS/Version: Ubuntu
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: robert@xxxxxxxxxxxxxxx



hoganrobert <robert@xxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2683|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=2683)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2683)
Tor Dissector

Build Information:
wireshark 1.1.2 (SVN Rev 27128)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.9, with GLib 2.16.6, with libpcap 0.9.8, with libz
1.2.3.3, without POSIX capabilities, with libpcre 7.4, without SMI, without
c-ares, without ADNS, without Lua, with GnuTLS 2.0.4, with Gcrypt
1.4.4-svn1375,
with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux 2.6.24-23-generic, with libpcap version 0.9.8.

Built using gcc 4.2.4 (Ubuntu 4.2.4-1ubuntu3).

--
I'm in the final stages of preparing a dissector for the Tor protocol. I think
I'm at the stage where I need a code review to get any further with it. I'm
also at the stage where I need to know if a Tor dissector is something the
Wireshark project is interested in!

Further information about Tor: http://www.torproject.org

Tor protocol specifications:

 * https://svn.torproject.org/svn/tor/trunk/doc/spec/tor-spec.txt
 * https://svn.torproject.org/svn/tor/trunk/doc/spec/rend-spec.txt

Updates to the patch are available at:

http://roberthogan.net/stuff/dissector/patches/

Instructions for applying and using the patch are available at:

http://roberthogan.net/stuff/dissector/tordissector-README.txt

Some notes on the Tor dissector:

 * It currently requires a patch to Tor. This patch is available at:
    http://roberthogan.net/stuff/dissector/patches/tor-dissector.diff
   The Tor devs have agreed in principle to apply the patch (or a version
   of it) after their current change freeze.
 * To decrypt Tor's TLS traffic I had to modify packet-ssl-utils.c
   and packet-ssl.c to accept TLS Master Keys for decrypting TLS
   traffic.
 * Libgcrypt does not currently support AES-CTR mode for blocks of text
   that are not a multiple of the cipher's block size. For this reason,
   packet-tor.c contains a wrapper function to implement CTR mode. The
   libgcrypt maintainer intends to address this issue in the next version
   of libgcrypt.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.