As an addendum to this, one thing I tried for tracking this down was to set a conditional breakpoint to watch for each instance of an execution of add_new_data_source where the name of the data source contains the text "Reassembled SSL", then set a watch for tvb->real_data+c, for some c that jumps to a particular part of the decrypted packet that contains a unique sessionid to have a quick means of looking for duplicate calls to add_new_data_source for the same chunk, but each sessionid receives only one call.
Is there another function other than add_new_data_source that can add a tab to the bottom when dissecting something? -Brian Brian Vandenberg wrote: > I found a bug about 9-10 months ago in the SSL dissector that was > never fixed, so I'm trying to find/fix the problem myself, but I'm > having a hard time tracking it down. > > Essentially this is what happens: > > * POST to server occurs, the SSL chunk isn't fragmented. > * When SSL dissector decrypts it a single new data source is added and > displayed entitled "Decrypted SSL Data" > * The new data source is then passed to the http dissector. > * ... > * A response from the server is sent, the SSL chunk *IS* fragmented. > * The SSL dissector decrypts each chunk then reconstructs it; four new > data sources are added: > ** Decrypted SSL data (X bytes) > ** Reassembled SSL (Y bytes) > ** Decrypted SSL data (Z bytes) > ** Reassembled SSL (Y bytes) > ** note that both 'Reassembled' data sources have the same size, and the > exact same data. > * The reassembled chunks are *both* passed to the http dissector. > > The problem is that the SSL dissector is adding the same reassembled > chunk as a new data source twice (possibly more, if it is broken up into > more than 2 chunks, but so far I've only seen it broken in two chunks). > I've spent a couple of days on this, and though I think I'm close, I > just don't know enough about the Wireshark API, so I'm making very slow > progress. > > I expected that it would be as simple as going to line 920 of > packet-ssl.c, set a breakpoint, observe that the line is executed twice > for each packet where this occurs, then figure out why it executes more > than once ... but it only executes that line once for each packet where > this occurs, and I don't see another line of code that tries to add a > new data source with the text "Reassembled SSL", . I haven't managed to > find where the 2nd call to add_new_data_source takes place. > > I'm going to continue working on this, however, if anyone has a > suggestion, or see's something I'm missing, I'd appreciate the help. > > -Brian > > Anders Broman wrote: > >> Hi, >> ETR 091 (ETSI ETR 091 ed.1 (1993-07)) downloadable from ETSI. >> http://www.etsi.org/services_products/freestandard/home.htm >> Regards >> Anders >> >> ________________________________________ >> Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Kukosa, Tomas >> Skickat: den 30 maj 2007 23:19 >> Till: [email protected] >> Ämne: Re: [Wireshark-dev] [Wireshark-commits] rev 22008:/trunk/asn1/gsmmap/ >> /trunk/asn1/gsmmap/:MAP-ApplicationContexts.asn >> MAP-BS-Code.asnMAP-CH-DataTypes.asn >> MAP-CommonDataTypes.asnMAP-ER-DataTypes.asn MAP-GR-DataTypes.asn ... >> >> Hi, >> >> which document the MobileDomainDefinitions.asn comes from? >> >> I have tries do find any reference in the 3GPP TS 29.002 but without any >> success. >> >> Regards, >> Tomas >> >> ________________________________________ >> Od: [EMAIL PROTECTED] za uživatele [EMAIL PROTECTED] >> Odesláno: st 30.5.2007 21:03 >> Komu: [EMAIL PROTECTED] >> Předmět: [Wireshark-commits] rev 22008: /trunk/asn1/gsmmap/ >> /trunk/asn1/gsmmap/: MAP-ApplicationContexts.asn MAP-BS-Code.asn >> MAP-CH-DataTypes.asn MAP-CommonDataTypes.asn MAP-ER-DataTypes.asn >> MAP-GR-DataTypes.asn ... >> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=22008 >> >> User: etxrab >> Date: 2007/05/30 07:03 PM >> >> Log: >> Add separate asn1 files that may be used later. >> >> Directory: /trunk/asn1/gsmmap/ >> Changes Path Action >> +196 -0 MAP-ApplicationContexts.asn Added >> +130 -0 MAP-BS-Code.asn Added >> +463 -0 MAP-CH-DataTypes.asn Added >> +627 -0 MAP-CommonDataTypes.asn Added >> +406 -0 MAP-ER-DataTypes.asn Added >> +197 -0 MAP-GR-DataTypes.asn Added >> +2596 -0 MAP-MS-DataTypes.asn Added >> +214 -0 MAP-OM-DataTypes.asn Added >> +246 -0 MAP-SM-DataTypes.asn Added >> +186 -0 MAP-SS-Code.asn Added >> +341 -0 MAP-SS-DataTypes.asn Added >> >> >> (3 files not shown) >> _______________________________________________ >> Wireshark-commits mailing list >> [EMAIL PROTECTED] >> http://www.wireshark.org/mailman/listinfo/wireshark-commits >> >> _______________________________________________ >> Wireshark-dev mailing list >> [email protected] >> http://www.wireshark.org/mailman/listinfo/wireshark-dev >> >> > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
