Wireshark · Wireshark-dev: Re: [Wireshark-dev] SSL + DTLS

["authesserre samuel" <sauthess@xxxxxxxxx>]

hi,

I think that ssl one is already included in ethereal (he is in svn
since a long time)

for ssl I think it can be possible to remove debug

but dtls work on openssl version 0.9.b who contains many errors (I
have listed them on openssl-dev mailing list and correct 2 of them)
but in current time i havent time to finish implementation of dtls
(i'll try to correct it during july and dtls dissector in the same
time)
the dtls dissector implementation is here to help persons who works
(like me) on dtls ....
to conclude I think it isn't the great time to remove debug because it
can be usefull (to person who wants to create another implementation
of dtls or to correct openssl....)

for preferences it's a good idea i will do modifications in minimum time....

Regards,

samuel



On 6/28/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> when changing the format of the preference string   you may also want
> to change the field separator from ':' to something else, maybe ',' ?
>
> (why?   think ssl with IPv6 addresses)
>
>
> On 6/28/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > Ok,  I have thought about the dissectors a bit more and I dont feel
> > the copy pinfo to a new one and fake the port numbers are really the
> > best solution.
> > First of all  it wouldnt be able to handle protocols that are purely
> > heuritical and are not hard assigned to a specific port.
> > The current fake new pinfo  just feels wrong.
> >
> >
> > I would suggest the following two changes to both dissectors
> >
> > 1, remove all the debug output lines.   they clutter the code and make
> > it hard to read.     the feature is stable enough now that we dont
> > really need them right?
> >
> > 2, instead of that   tunneled port in preferences and the copy and
> > fake a new pinfo thing before spawning off to subdissectors,
> > can you change it to instead associate ssl sessions by protocol name
> > and call the handle for the protocol.
> >
> > I.e. associate tcp port 443   with "http" instead of "the protocol
> > tunneled at port 80"
> >
> > Change the preferences andf get rid of "ssl ports list" and also the
> > "debug" field.
> > Change the RSA key field to the format
> > IPADDRESS:PORT:protocolname:keyfile
> >
> > 127.0.0.1:443:http:/patrh/to/file.key
> >
> > and have it find the dissector for http by name and instead of by
> > whatever is hard tied to port 80.
> >
> > also then get rid of the pinfo faking and mangling.
> >
> >
> >
> >
> >
> >
> > On 6/27/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:
> > > the SSL dissector was made by paolo abeni so structure was chosen by him,
> > >
> > > if I change DTLS plugin the problem will stay in SSL. am I rigth ?
> > >
> > > I have to change twice ?
> > >
> > > (before starting working I would like to know exactly where is the
> > > problem because the patch modify the two dissectors)
> > >
> > > regards,
> > >
> > > On 6/27/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > > > also if you can get rid of the debug statements   unless you really
> > need
> > > them.
> > > >
> > > >
> > > >
> > > > On 6/27/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > > > > Checked in.
> > > > >
> > > > >
> > > > > Can you make these additional changes :
> > > > >
> > > > > 1, replace the GHashTables with se_tree binary trees?   see emem.h
> > and
> > > > > README.malloc
> > > > >
> > > > > 2, have a look at and update the wiki?    I added an example capture
> > > > > from one of your emails to the list to the wiki.
> > > > >
> > > > >
> > > > >
> > > > > On 6/15/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:
> > > > > > Hi,
> > > > > >
> > > > > > enclosed find the new patch made on svn ....
> > > > > >
> > > > > > it make the same that I've say last mail but since I've found
> > another
> > > > > > error in OpenSSL implementation : DTLS implementation doesn't add
> > two
> > > > > > bytes long before Pre Master Secret in RSA key exchange (in
> > > > > > ClientKeyExchange message..)
> > > > > >
> > > > > > I've corrected Version problem and this problem in openssl and I
> > will
> > > > > > send a patch tomorrow
> > > > > > (I've done the correction in DTLS dissector too)
> > > > > > If my corrections will be integrated I send here new patch.(If I
> > have
> > > > > > enougth time I would like to implement that's missing in DTLS
> > > > > > implementation like replay or packet loss handling)
> > > > > >
> > > > > > My problem is integration in wireshark because a lot of things in
> > > DTLS
> > > > > > and SSL dissectors are same and I don't know how to make the code
> > > > > > maintainable (Ive put things in packet-ssl-utils but I don't know
> > if
> > > > > > it is a good choice...). The DTLS dissector is a copy of SSL
> > > dissector
> > > > > > that I adapted...but I don't know how I can do otherwise
> > > > > >
> > > > > > regards,
> > > > > >
> > > > > > Samuel
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On 6/14/06, Joerg Mayer <jmayer@xxxxxxxxx> wrote:
> > > > > > > On Mon, Jun 12, 2006 at 04:52:15PM +0200, authesserre samuel
> > wrote:
> > > > > > > > >It's a new patch (and certainly the last of me) for SSL and
> > DTLS
> > > > > > > > >decryption.
> > > > > > > > >The SSL one isn't new, it correct some bugs .... (like alert
> > > > > > decryption)
> > > > > > >
> > > > > > > I tried to apply your patch to current wireshark svn, and it
> > > failed.
> > > > > > > Can you please recreate it against the current svn sources?
> > > > > > >
> > > > > > > Thanks
> > > > > > >        Joerg
> > > > > > > _______________________________________________
> > > > > > > Ethereal-dev mailing list
> > > > > > > Ethereal-dev@xxxxxxxxxxxx
> > > > > > > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > ++++++++++++++++++++++++++
> > > > > > + Authesserre Samuel            +
> > > > > > + 12 rue de la défense passive+
> > > > > > + 14000 CAEN                      +
> > > > > > + FRANCE                           +
> > > > > > + 06-27-28-13-32                   +
> > > > > > + sauthess@xxxxxxxxx          +
> > > > > > ++++++++++++++++++++++++++
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> > > --
> > > ++++++++++++++++++++++++++
> > > + Authesserre Samuel            +
> > > + 12 rue de la défense passive+
> > > + 14000 CAEN                      +
> > > + FRANCE                           +
> > > + 06-27-28-13-32                   +
> > > + sauthess@xxxxxxxxx          +
> > > ++++++++++++++++++++++++++
> > >
> >


--
++++++++++++++++++++++++++
+ Authesserre Samuel            +
+ 12 rue de la défense passive+
+ 14000 CAEN                      +
+ FRANCE                           +
+ 06-27-28-13-32                   +
+ sauthess@xxxxxxxxx          +
++++++++++++++++++++++++++