Wireshark-dev: [Wireshark-dev] TLS desegmentation
From: "Kukosa, Tomas" <[email protected]>
Date: Thu, 28 Dec 2006 13:24:57 +0100
Hi all,

I try to understand how TLS decryption and desegmentation is implemented
but I am still more and more confused.

What folllowing condition means?
  /* if application data desegmentation is allowed and needed */
  if(ssl_desegment_app_data && *need_desegmentation)
    ssl_desegment_ssl_app_data(ssl,pinfo);
  }

The need_desegmentation variable is used in the res of code to say if
TLS over TCP decegmentation is necessary.
Why it is used for application data?

I guess it has to handle two kind of desegmentation: TLS over TCP and
Application data over TLS. I think it should not be mixed up.

Other strange thing is that all decrypted data from ane frame are
automatically merged together into SslPacketInfo.
I.e. when packet contains more application data records then
subdissector is called each time with all data from all records. The
result is that in the tree I can see my prtocol more times.

Any light in this dark is wellcome.

Best regards,
  Tomas