Wireshark-dev: Re: [Wireshark-dev] [Ethereal-dev] Dissector SSL : patch + bugs
From: "ronnie sahlberg" <[email protected]>
Date: Fri, 23 Jun 2006 08:48:00 +1000
did anyone check this patch in?

On 5/19/06, authesserre samuel <[email protected]> wrote:
Sorry for spam I forgot to attach the file....
I correct my mistake...

sorry for this mistake

Samuel


On 5/19/06, authesserre samuel < [email protected]> wrote:
hi,

You will find at the end of this mail the patch for 0.99.0 version of ethereal that integrate modifications for TLS 1.1  and renegotiation  (made  in colaboration with  Paolo Abeni  < [email protected]>, the decryption modifications author)
I have, I think follow your advices...
put the patch in ethereal 0.99.0 directory and run "patch -p1 < ethereal-0.99.0-TLS1.1.patch" command.
To not have problem with TCP checksums disable it in options. (I haven't time to find problem now but I will search later)

I have one question : how the ethereal file versionning work ? (for example $Id: packet-tcp.c 17681 2006-03-20 10:52:53Z sahlberg $)
If someone can explain me how thats work or where I can find solution I will thank him ;)

I wish that's will be useful

regards,

Samuel



On 5/18/06, authesserre samuel <[email protected]> wrote:
hi,

Thanks for your answer  ;)
I will follow your advices...
I precise that for comparisons I have followed the scheme in the file that I modify (== 0x300 isnt mine ;) )
It's my first work on ethereal's dissector and I have some difficulties ;)
I have made another adaptation of ssl dissector to decrypt DTLS, dissection is ok and decryption too but HMAC calculation isn't good that's why I work on TLS 1.1 before finish my dissector and give you the result ;)

I have found the problem : TCP checksum calculation aren't good so desegmentation is impossible..... (I have tested in tcp dissector to not test checksum and in ssl debug I can see decrypted data (with good HMAC calculation ;) ) )
I will search to correct the problem

thanks

Samuel


---------- Forwarded message ----------
From: Jaap Keuter < [email protected]>
Date: May 18, 2006 3:13 PM
Subject: Re: [Ethereal-dev] Dissector SSL : patch + bugs
To: Ethereal development < [email protected] >

Hi Samuel,

Thank you for looking into this. I've glanced through your code (I'm no
expert on this stuff) and can only make the following suggestions:
1. Please supply patches against the development tree. 'svn diff' or
'diff -ur' provide the most usable patch files. This way you can leave out
the SAMUEL marks and can we look at just the changes.
2. Please don't leave out the dot in the version, use TLSV1DOT1_... as
symbol
3. Please use the defines. You define TLSV1DOT1_VERSION, so please  use
that in the code, in comparisons like ->version == TLSV1DOT1_VERSION).

Thanx,
Jaap

On Thu, 18 May 2006, authesserre samuel wrote:

> Hi,
>
> This little mail to give you a little adaptation of SSL/TLS dissector who
> allow TLS 1.1 dissection. (all differences are marked by /* SAMUEL */ that
> allow you to compare easily the 2 versions)
> I have realized this with mod_gnutls for apache (the only free
> implementation I've found of TLS 1.1) and opera (who is the only web
> navigator that use TLS 1.1).
>
> I have founded an error in the original plugin that I don't success to
> correct :
> the TCP desegmentation doesn't work correctly, I give you capture of TLS 1.0and
> 1.1 but the result is the same. I have compared http dissector with ssl
> dissector and the source are similar (the desegmentation part... ;) ) so I
> don't understand where the problem come from (the pinfo->can_desegment = 0
> in all time so this can't work correctly, but normally it should be equal to
> 1 ??).
>
> Use of mod_gnutls allow me to see an other bug : it's due to segmentation of
> application data in SSL/TLS :  the gnutls module put header and data of HTTP
> traffic in differents TCP packets so the data is bad analysed and the plugin
> show "data (n bytes)" (in the log the capture and decryption is good) (see
> packet 24 and 25 of the TLS 1.1 capture for exemple)
> The problem is that we can't see the data of the packet whereas the data are
> correctly decrypted....
>
> I have already send a mail to the creator of the decryption part of the
> plugin but I think that the error came with the first version of the plugin
> so I ask you help...
>
> best regards
>
> --
> ++++++++++++++++++++++++++
> + Authesserre Samuel            +
> + 12 rue de la défense passive+
> + 14000 CAEN                      +
> + FRANCE                           +
> + 06-27-28-13-32                   +
> + [email protected]          +
> ++++++++++++++++++++++++++
>

_______________________________________________
Ethereal-dev mailing list
[email protected]
http://www.ethereal.com/mailman/listinfo/ethereal-dev


--

++++++++++++++++++++++++++
+ Authesserre Samuel            +
+ 12 rue de la défense passive+
+ 14000 CAEN                      +
+ FRANCE                           +
+ 06-27-28-13-32                   +
+ [email protected]          +
++++++++++++++++++++++++++



--

++++++++++++++++++++++++++
+ Authesserre Samuel            +
+ 12 rue de la défense passive+
+ 14000 CAEN                      +
+ FRANCE                           +
+ 06-27-28-13-32                   +
+ [email protected]          +
++++++++++++++++++++++++++



--

++++++++++++++++++++++++++
+ Authesserre Samuel            +
+ 12 rue de la défense passive+
+ 14000 CAEN                      +
+ FRANCE                           +
+ 06-27-28-13-32                   +
+ [email protected]          +
++++++++++++++++++++++++++

_______________________________________________
Ethereal-dev mailing list
[email protected]
http://www.ethereal.com/mailman/listinfo/ethereal-dev