Hi,
which version do you use? I have rewritten SSL reasembling about one month ago.
I have it tested witch segmented H.225 and SIP and it works well.
Tomas
Mailcode: NdD2sKHg
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Brian Vandenberg
Sent: Thursday, May 31, 2007 12:40 AM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] help needed in tracking down a bug in SSL dissector
I found a bug about 9-10 months ago in the SSL dissector that was
never fixed, so I'm trying to find/fix the problem myself, but I'm
having a hard time tracking it down.
Essentially this is what happens:
* POST to server occurs, the SSL chunk isn't fragmented.
* When SSL dissector decrypts it a single new data source is added and
displayed entitled "Decrypted SSL Data"
* The new data source is then passed to the http dissector.
* ...
* A response from the server is sent, the SSL chunk *IS* fragmented.
* The SSL dissector decrypts each chunk then reconstructs it; four new
data sources are added:
** Decrypted SSL data (X bytes)
** Reassembled SSL (Y bytes)
** Decrypted SSL data (Z bytes)
** Reassembled SSL (Y bytes)
** note that both 'Reassembled' data sources have the same size, and the
exact same data.
* The reassembled chunks are *both* passed to the http dissector.
The problem is that the SSL dissector is adding the same reassembled
chunk as a new data source twice (possibly more, if it is broken up into
more than 2 chunks, but so far I've only seen it broken in two chunks).
I've spent a couple of days on this, and though I think I'm close, I
just don't know enough about the Wireshark API, so I'm making very slow
progress.
I expected that it would be as simple as going to line 920 of
packet-ssl.c, set a breakpoint, observe that the line is executed twice
for each packet where this occurs, then figure out why it executes more
than once ... but it only executes that line once for each packet where
this occurs, and I don't see another line of code that tries to add a
new data source with the text "Reassembled SSL", . I haven't managed to
find where the 2nd call to add_new_data_source takes place.
I'm going to continue working on this, however, if anyone has a
suggestion, or see's something I'm missing, I'd appreciate the help.
-Brian
Anders Broman wrote:
> Hi,
> ETR 091 (ETSI ETR 091 ed.1 (1993-07)) downloadable from ETSI.
> http://www.etsi.org/services_products/freestandard/home.htm
> Regards
> Anders
>
> ________________________________________
> Från: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Kukosa, Tomas
> Skickat: den 30 maj 2007 23:19
> Till: wireshark-dev@xxxxxxxxxxxxx
> Ämne: Re: [Wireshark-dev] [Wireshark-commits] rev 22008:/trunk/asn1/gsmmap/ /trunk/asn1/gsmmap/:MAP-ApplicationContexts.asn MAP-BS-Code.asnMAP-CH-DataTypes.asn MAP-CommonDataTypes.asnMAP-ER-DataTypes.asn MAP-GR-DataTypes.asn ...
>
> Hi,
>
> which document the MobileDomainDefinitions.asn comes from?
>
> I have tries do find any reference in the 3GPP TS 29.002 but without any success.
>
> Regards,
> Tomas
>
> ________________________________________
> Od: wireshark-commits-bounces@xxxxxxxxxxxxx za uživatele etxrab@xxxxxxxxxxxxx
> Odesláno: st 30.5.2007 21:03
> Komu: wireshark-commits@xxxxxxxxxxxxx
> Předmět: [Wireshark-commits] rev 22008: /trunk/asn1/gsmmap/ /trunk/asn1/gsmmap/: MAP-ApplicationContexts.asn MAP-BS-Code.asn MAP-CH-DataTypes.asn MAP-CommonDataTypes.asn MAP-ER-DataTypes.asn MAP-GR-DataTypes.asn ...
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=22008
>
> User: etxrab
> Date: 2007/05/30 07:03 PM
>
> Log:
> Add separate asn1 files that may be used later.
>
> Directory: /trunk/asn1/gsmmap/
> Changes Path Action
> +196 -0 MAP-ApplicationContexts.asn Added
> +130 -0 MAP-BS-Code.asn Added
> +463 -0 MAP-CH-DataTypes.asn Added
> +627 -0 MAP-CommonDataTypes.asn Added
> +406 -0 MAP-ER-DataTypes.asn Added
> +197 -0 MAP-GR-DataTypes.asn Added
> +2596 -0 MAP-MS-DataTypes.asn Added
> +214 -0 MAP-OM-DataTypes.asn Added
> +246 -0 MAP-SM-DataTypes.asn Added
> +186 -0 MAP-SS-Code.asn Added
> +341 -0 MAP-SS-DataTypes.asn Added
>
>
> (3 files not shown)
> _______________________________________________
> Wireshark-commits mailing list
> Wireshark-commits@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-commits
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
