On Oct 14, 2011, at 2:05 PM, Ed Beroset wrote: > Guy Harris wrote: >> >> On Oct 14, 2011, at 1:16 PM, Ed Beroset wrote: >> >>> if (PNODE_FINFO(tree)->hfinfo->id == hf_c1222_user_information) >>> pkt_tree = proto_item_get_parent_nth(tree, 2); else return FALSE; >> >> None of that has anything to do with adding hf_c1222_crypto_good to >> the protocol tree, which is what is relevant for making a >> "c1222.crypto_good" field work; where is the code that adds that to >> the tree? > > It does, but it's a bit indirect. If the call to that function returns > false, it's an indication that the encryption validation failed for some > reason.
If "that function" is canonify_unencrypted_header(), then, if it returns false, it's an indication that the canonicalization of the header failed for some reason, so you can't even try to do the crypto. If that can be done in a different fashion, as per my earlier suggestion, that code shouldn't even exist. The code that actually does the crypto is in dissect_epsem(), which should only be called after all the header fields have been dissected. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
