Wireshark-dev: Re: [Wireshark-dev] help needed in tracking down a bug in SSL dissector
From: "Kukosa, Tomas" <[email protected]>
Date: Fri, 1 Jun 2007 07:27:57 +0200

which version do you use? I have rewritten SSL reasembling about one month ago.
I have it tested witch segmented H.225 and SIP and it works well.


Mailcode: NdD2sKHg
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Brian Vandenberg
Sent: Thursday, May 31, 2007 12:40 AM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] help needed in tracking down a bug in SSL dissector

  I found a bug about 9-10 months ago in the SSL dissector that was 
never fixed, so I'm trying to find/fix the problem myself, but I'm 
having a hard time tracking it down.

  Essentially this is what happens:

* POST to server occurs, the SSL chunk isn't fragmented.
* When SSL dissector decrypts it a single new data source is added and 
displayed entitled "Decrypted SSL Data"
* The new data source is then passed to the http dissector.
* ...
* A response from the server is sent, the SSL chunk *IS* fragmented.
* The SSL dissector decrypts each chunk then reconstructs it; four new 
data sources are added:
** Decrypted SSL data (X bytes)
** Reassembled SSL (Y bytes)
** Decrypted SSL data (Z bytes)
** Reassembled SSL (Y bytes)
** note that both 'Reassembled' data sources have the same size, and the 
exact same data.
* The reassembled chunks are *both* passed to the http dissector.

  The problem is that the SSL dissector is adding the same reassembled 
chunk as a new data source twice (possibly more, if it is broken up into 
more than 2 chunks, but so far I've only seen it broken in two chunks).  
I've spent a couple of days on this, and though I think I'm close, I 
just don't know enough about the Wireshark API, so I'm making very slow 

  I expected that it would be as simple as going to line 920 of 
packet-ssl.c, set a breakpoint, observe that the line is executed twice 
for each packet where this occurs, then figure out why it executes more 
than once ... but it only executes that line once for each packet where 
this occurs, and I don't see another line of code that tries to add a 
new data source with the text "Reassembled SSL", .  I haven't managed to 
find where the 2nd call to add_new_data_source takes place.

  I'm going to continue working on this, however, if anyone has a 
suggestion, or see's something I'm missing, I'd appreciate the help.


Anders Broman wrote:
> Hi,
> ETR 091 (ETSI ETR 091 ed.1 (1993-07)) downloadable from ETSI.
> http://www.etsi.org/services_products/freestandard/home.htm
> Regards
> Anders
> ________________________________________
> Från: [email protected] [mailto:[email protected]] För Kukosa, Tomas
> Skickat: den 30 maj 2007 23:19
> Till: [email protected]
> Ämne: Re: [Wireshark-dev] [Wireshark-commits] rev 22008:/trunk/asn1/gsmmap/ /trunk/asn1/gsmmap/:MAP-ApplicationContexts.asn MAP-BS-Code.asnMAP-CH-DataTypes.asn MAP-CommonDataTypes.asnMAP-ER-DataTypes.asn MAP-GR-DataTypes.asn ...
> Hi,
> which document the MobileDomainDefinitions.asn comes from?
> I have tries do find any reference in the 3GPP TS 29.002 but without any success.
> Regards,
>   Tomas
> ________________________________________
> Od: [email protected] za uživatele [email protected]
> Odesláno: st 30.5.2007 21:03
> Komu: [email protected]
> Předmět: [Wireshark-commits] rev 22008: /trunk/asn1/gsmmap/ /trunk/asn1/gsmmap/: MAP-ApplicationContexts.asn MAP-BS-Code.asn MAP-CH-DataTypes.asn MAP-CommonDataTypes.asn MAP-ER-DataTypes.asn MAP-GR-DataTypes.asn ...
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=22008
> User: etxrab
> Date: 2007/05/30 07:03 PM
> Log:
>  Add separate asn1 files that may be used later.
> Directory: /trunk/asn1/gsmmap/
>   Changes    Path                           Action
>   +196 -0    MAP-ApplicationContexts.asn    Added
>   +130 -0    MAP-BS-Code.asn                Added
>   +463 -0    MAP-CH-DataTypes.asn           Added
>   +627 -0    MAP-CommonDataTypes.asn        Added
>   +406 -0    MAP-ER-DataTypes.asn           Added
>   +197 -0    MAP-GR-DataTypes.asn           Added
>   +2596 -0   MAP-MS-DataTypes.asn           Added
>   +214 -0    MAP-OM-DataTypes.asn           Added
>   +246 -0    MAP-SM-DataTypes.asn           Added
>   +186 -0    MAP-SS-Code.asn                Added
>   +341 -0    MAP-SS-DataTypes.asn           Added
> (3 files not shown)
> _______________________________________________
> Wireshark-commits mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-commits
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
Wireshark-dev mailing list
[email protected]