Mercurial > hg > freeDiameter
view contrib/wireshark/wireshark-1.2.7-diameter-tls.patch @ 1562:6219359a36a9 default tip
Merge latest changes from proposed branch
| author | Sebastien Decugis <sdecugis@freediameter.net> |
|---|---|
| date | Mon, 21 Jun 2021 19:08:18 +0800 |
| parents | c0c0a7781b09 |
| children |
line wrap: on
line source
diff -Nur wireshark-1.2.7/epan/conversation.c wireshark-1.2.7-fD/epan/conversation.c --- wireshark-1.2.7/epan/conversation.c 2010-04-01 01:44:39.000000000 +0900 +++ wireshark-1.2.7-fD/epan/conversation.c 2011-02-23 14:26:35.000000000 +0900 @@ -40,6 +40,11 @@ static GHashTable *conversation_hashtable_exact = NULL; /* + * Hash table for conversations without strid. + */ +static GHashTable *conversation_hashtable_no_strid = NULL; + +/* * Hash table for conversations with one wildcard address. */ static GHashTable *conversation_hashtable_no_addr2 = NULL; @@ -63,6 +68,7 @@ port_type ptype; guint32 port1; guint32 port2; + guint32 strid; } conversation_key; #endif /* @@ -193,6 +199,7 @@ hash_val += key->port1; ADD_ADDRESS_TO_HASH(hash_val, &key->addr2); hash_val += key->port2; + hash_val += key->strid; return hash_val; } @@ -217,6 +224,78 @@ */ if (v1->port1 == v2->port1 && v1->port2 == v2->port2 && + v1->strid == v2->strid && + ADDRESSES_EQUAL(&v1->addr1, &v2->addr1) && + ADDRESSES_EQUAL(&v1->addr2, &v2->addr2)) { + /* + * Yes. It's the same conversation, and the two + * address/port pairs are going in the same direction. + */ + return 1; + } + + /* + * Is the first port 2 the same as the second port 1, the first + * port 1 the same as the second port 2, the first address 2 + * the same as the second address 1, and the first address 1 + * the same as the second address 2? + */ + if (v1->port2 == v2->port1 && + v1->port1 == v2->port2 && + v1->strid == v2->strid && + ADDRESSES_EQUAL(&v1->addr2, &v2->addr1) && + ADDRESSES_EQUAL(&v1->addr1, &v2->addr2)) { + /* + * Yes. It's the same conversation, and the two + * address/port pairs are going in opposite directions. + */ + return 1; + } + + /* + * The addresses or the ports don't match. + */ + return 0; +} + +/* + * Compute the hash value for two given address/port pairs if the match + * has a wildcard stream id. + */ +static guint +conversation_hash_no_strid(gconstpointer v) +{ + const conversation_key *key = (const conversation_key *)v; + guint hash_val; + + hash_val = 0; + ADD_ADDRESS_TO_HASH(hash_val, &key->addr1); + hash_val += key->port1; + hash_val += key->port2; + + return hash_val; +} + +/* + * Compare two conversation keys, except for the stream id value. + */ +static gint +conversation_match_no_strid(gconstpointer v, gconstpointer w) +{ + const conversation_key *v1 = (const conversation_key *)v; + const conversation_key *v2 = (const conversation_key *)w; + + if (v1->ptype != v2->ptype) + return 0; /* different types of port */ + + /* + * Are the first and second port 1 values the same, the first and + * second port 2 values the same, the first and second address + * 1 values the same, and the first and second address 2 values + * the same? + */ + if (v1->port1 == v2->port1 && + v1->port2 == v2->port2 && ADDRESSES_EQUAL(&v1->addr1, &v2->addr1) && ADDRESSES_EQUAL(&v1->addr2, &v2->addr2)) { /* @@ -263,6 +342,7 @@ ADD_ADDRESS_TO_HASH(hash_val, &key->addr1); hash_val += key->port1; hash_val += key->port2; + hash_val += key->strid; return hash_val; } @@ -289,6 +369,7 @@ */ if (v1->port1 == v2->port1 && v1->port2 == v2->port2 && + v1->strid == v2->strid && ADDRESSES_EQUAL(&v1->addr1, &v2->addr1)) { /* * Yes. It's the same conversation, and the two @@ -317,6 +398,7 @@ ADD_ADDRESS_TO_HASH(hash_val, &key->addr1); hash_val += key->port1; ADD_ADDRESS_TO_HASH(hash_val, &key->addr2); + hash_val += key->strid; return hash_val; } @@ -342,6 +424,7 @@ * address 2 values the same? */ if (v1->port1 == v2->port1 && + v1->strid == v2->strid && ADDRESSES_EQUAL(&v1->addr1, &v2->addr1) && ADDRESSES_EQUAL(&v1->addr2, &v2->addr2)) { /* @@ -370,6 +453,7 @@ hash_val = 0; ADD_ADDRESS_TO_HASH(hash_val, &key->addr1); hash_val += key->port1; + hash_val += key->strid; return hash_val; } @@ -394,6 +478,7 @@ * and second address 1 values the same? */ if (v1->port1 == v2->port1 && + v1->strid == v2->strid && ADDRESSES_EQUAL(&v1->addr1, &v2->addr1)) { /* * Yes. It's the same conversation, and the two @@ -420,6 +505,8 @@ conversation_keys = NULL; if (conversation_hashtable_exact != NULL) g_hash_table_destroy(conversation_hashtable_exact); + if (conversation_hashtable_no_strid != NULL) + g_hash_table_destroy(conversation_hashtable_no_strid); if (conversation_hashtable_no_addr2 != NULL) g_hash_table_destroy(conversation_hashtable_no_addr2); if (conversation_hashtable_no_port2 != NULL) @@ -438,6 +525,9 @@ conversation_hashtable_exact = g_hash_table_new(conversation_hash_exact, conversation_match_exact); + conversation_hashtable_no_strid = + g_hash_table_new(conversation_hash_no_strid, + conversation_match_no_strid); conversation_hashtable_no_addr2 = g_hash_table_new(conversation_hash_no_addr2, conversation_match_no_addr2); @@ -466,6 +556,15 @@ conversation_new(guint32 setup_frame, address *addr1, address *addr2, port_type ptype, guint32 port1, guint32 port2, guint options) { + return conversation_new_ext(setup_frame, addr1, addr2, ptype, + port1, port2, options & ~(DISTINCT_SCTP_STREAMID), 0); + +} + +conversation_t * +conversation_new_ext(guint32 setup_frame, address *addr1, address *addr2, port_type ptype, + guint32 port1, guint32 port2, guint options, guint16 strid) +{ /* DISSECTOR_ASSERT(!(options | CONVERSATION_TEMPLATE) || ((options | (NO_ADDR2 | NO_PORT2 | NO_PORT2_FORCE))) && "A conversation template may not be constructed without wildcard options"); @@ -486,7 +585,11 @@ if (options & (NO_PORT2|NO_PORT2_FORCE)) { hashtable = conversation_hashtable_no_port2; } else { - hashtable = conversation_hashtable_exact; + if (options & DISTINCT_SCTP_STREAMID) { + hashtable = conversation_hashtable_exact; + } else { + hashtable = conversation_hashtable_no_strid; + } } } @@ -495,6 +598,7 @@ existing_key.ptype = ptype; existing_key.port1 = port1; existing_key.port2 = port2; + existing_key.strid = strid; conversation = g_hash_table_lookup(hashtable, &existing_key); tc = conversation; /* Remember if lookup was successful */ @@ -507,6 +611,7 @@ new_key->ptype = ptype; new_key->port1 = port1; new_key->port2 = port2; + new_key->strid = strid; if (conversation) { for (; conversation->next; conversation = conversation->next) @@ -568,8 +673,13 @@ g_hash_table_insert(conversation_hashtable_no_addr2, conv->key_ptr, conv); } else { - g_hash_table_insert(conversation_hashtable_exact, - conv->key_ptr, conv); + if (conv->options & DISTINCT_SCTP_STREAMID) { + g_hash_table_insert(conversation_hashtable_exact, + conv->key_ptr, conv); + } else { + g_hash_table_insert(conversation_hashtable_no_strid, + conv->key_ptr, conv); + } } } @@ -602,18 +712,23 @@ g_hash_table_insert(conversation_hashtable_no_port2, conv->key_ptr, conv); } else { - g_hash_table_insert(conversation_hashtable_exact, - conv->key_ptr, conv); + if (conv->options & DISTINCT_SCTP_STREAMID) { + g_hash_table_insert(conversation_hashtable_exact, + conv->key_ptr, conv); + } else { + g_hash_table_insert(conversation_hashtable_no_strid, + conv->key_ptr, conv); + } } } /* * Search a particular hash table for a conversation with the specified - * {addr1, port1, addr2, port2} and set up before frame_num. + * {addr1, port1, addr2, port2, strid} and set up before frame_num. */ static conversation_t * conversation_lookup_hashtable(GHashTable *hashtable, guint32 frame_num, address *addr1, address *addr2, - port_type ptype, guint32 port1, guint32 port2) + port_type ptype, guint32 port1, guint32 port2, guint16 strid) { conversation_t* conversation; conversation_t* match; @@ -628,6 +743,7 @@ key.ptype = ptype; key.port1 = port1; key.port2 = port2; + key.strid = strid; match = g_hash_table_lookup(hashtable, &key); @@ -685,12 +801,19 @@ find_conversation(guint32 frame_num, address *addr_a, address *addr_b, port_type ptype, guint32 port_a, guint32 port_b, guint options) { + return find_conversation_ext(frame_num, addr_a, addr_b, ptype, + port_a, port_b, options | IGNORE_SCTP_STREAMID, 0); +} +conversation_t * +find_conversation_ext(guint32 frame_num, address *addr_a, address *addr_b, port_type ptype, + guint32 port_a, guint32 port_b, guint options, guint16 strid) +{ conversation_t *conversation; /* - * First try an exact match, if we have two addresses and ports. + * First try an exact match, if we have two addresses and ports and strid. */ - if (!(options & (NO_ADDR_B|NO_PORT_B))) { + if (!(options & (NO_ADDR_B|NO_PORT_B|IGNORE_SCTP_STREAMID))) { /* * Neither search address B nor search port B are wildcarded, * start out with an exact match. @@ -699,7 +822,7 @@ conversation = conversation_lookup_hashtable(conversation_hashtable_exact, frame_num, addr_a, addr_b, ptype, - port_a, port_b); + port_a, port_b, strid); if ((conversation == NULL) && (addr_a->type == AT_FC)) { /* In Fibre channel, OXID & RXID are never swapped as * TCP/UDP ports are in TCP/IP. @@ -707,7 +830,33 @@ conversation = conversation_lookup_hashtable(conversation_hashtable_exact, frame_num, addr_b, addr_a, ptype, - port_a, port_b); + port_a, port_b, strid); + } + if (conversation != NULL) + return conversation; + } + + /* + * Then, ignoring strid try an exact match, if we have two addresses and ports. + */ + if (!(options & (NO_ADDR_B|NO_PORT_B|NO_IGNORE_SCTP_STREAMID))) { + /* + * Neither search address B nor search port B are wildcarded, + * start out with an exact match. + * Exact matches check both directions. + */ + conversation = + conversation_lookup_hashtable(conversation_hashtable_no_strid, + frame_num, addr_a, addr_b, ptype, + port_a, port_b, strid); + if ((conversation == NULL) && (addr_a->type == AT_FC)) { + /* In Fibre channel, OXID & RXID are never swapped as + * TCP/UDP ports are in TCP/IP. + */ + conversation = + conversation_lookup_hashtable(conversation_hashtable_no_strid, + frame_num, addr_b, addr_a, ptype, + port_a, port_b, strid); } if (conversation != NULL) return conversation; @@ -729,7 +878,7 @@ */ conversation = conversation_lookup_hashtable(conversation_hashtable_no_addr2, - frame_num, addr_a, addr_b, ptype, port_a, port_b); + frame_num, addr_a, addr_b, ptype, port_a, port_b, strid); if ((conversation == NULL) && (addr_a->type == AT_FC)) { /* In Fibre channel, OXID & RXID are never swapped as * TCP/UDP ports are in TCP/IP. @@ -737,7 +886,7 @@ conversation = conversation_lookup_hashtable(conversation_hashtable_no_addr2, frame_num, addr_b, addr_a, ptype, - port_a, port_b); + port_a, port_b, strid); } if (conversation != NULL) { /* @@ -779,7 +928,7 @@ if (!(options & NO_ADDR_B)) { conversation = conversation_lookup_hashtable(conversation_hashtable_no_addr2, - frame_num, addr_b, addr_a, ptype, port_b, port_a); + frame_num, addr_b, addr_a, ptype, port_b, port_a, strid); if (conversation != NULL) { /* * If this is for a connection-oriented @@ -821,14 +970,14 @@ */ conversation = conversation_lookup_hashtable(conversation_hashtable_no_port2, - frame_num, addr_a, addr_b, ptype, port_a, port_b); + frame_num, addr_a, addr_b, ptype, port_a, port_b, strid); if ((conversation == NULL) && (addr_a->type == AT_FC)) { /* In Fibre channel, OXID & RXID are never swapped as * TCP/UDP ports are in TCP/IP */ conversation = conversation_lookup_hashtable(conversation_hashtable_no_port2, - frame_num, addr_b, addr_a, ptype, port_a, port_b); + frame_num, addr_b, addr_a, ptype, port_a, port_b, strid); } if (conversation != NULL) { /* @@ -870,7 +1019,7 @@ if (!(options & NO_PORT_B)) { conversation = conversation_lookup_hashtable(conversation_hashtable_no_port2, - frame_num, addr_b, addr_a, ptype, port_b, port_a); + frame_num, addr_b, addr_a, ptype, port_b, port_a, strid); if (conversation != NULL) { /* * If this is for a connection-oriented @@ -907,7 +1056,7 @@ */ conversation = conversation_lookup_hashtable(conversation_hashtable_no_addr2_or_port2, - frame_num, addr_a, addr_b, ptype, port_a, port_b); + frame_num, addr_a, addr_b, ptype, port_a, port_b, strid); if (conversation != NULL) { /* * If this is for a connection-oriented protocol: @@ -952,11 +1101,11 @@ if (addr_a->type == AT_FC) conversation = conversation_lookup_hashtable(conversation_hashtable_no_addr2_or_port2, - frame_num, addr_b, addr_a, ptype, port_a, port_b); + frame_num, addr_b, addr_a, ptype, port_a, port_b, strid); else conversation = conversation_lookup_hashtable(conversation_hashtable_no_addr2_or_port2, - frame_num, addr_b, addr_a, ptype, port_b, port_a); + frame_num, addr_b, addr_a, ptype, port_b, port_a, strid); if (conversation != NULL) { /* * If this is for a connection-oriented protocol, set the diff -Nur wireshark-1.2.7/epan/conversation.h wireshark-1.2.7-fD/epan/conversation.h --- wireshark-1.2.7/epan/conversation.h 2010-04-01 01:44:39.000000000 +0900 +++ wireshark-1.2.7-fD/epan/conversation.h 2011-02-23 14:25:44.000000000 +0900 @@ -39,11 +39,13 @@ * TEMPLATE flag will be altered once the first connections (connection * oriented protocols only) to include the newly found information which * matched the wildcard options. + * DISTINCT_SCTP_STREAMID will also save the SCTP stream identifier, if any. */ #define NO_ADDR2 0x01 #define NO_PORT2 0x02 #define NO_PORT2_FORCE 0x04 #define CONVERSATION_TEMPLATE 0x08 +#define DISTINCT_SCTP_STREAMID 0x10 /* * Flags to pass to "find_conversation()" to indicate that the address B @@ -51,6 +53,8 @@ */ #define NO_ADDR_B 0x01 #define NO_PORT_B 0x02 +#define IGNORE_SCTP_STREAMID 0x04 +#define NO_IGNORE_SCTP_STREAMID 0x08 #include "packet.h" /* for conversation dissector type */ @@ -64,6 +68,7 @@ port_type ptype; guint32 port1; guint32 port2; + guint16 strid; } conversation_key; typedef struct conversation { @@ -85,6 +90,13 @@ extern conversation_t *find_conversation(guint32 frame_num, address *addr_a, address *addr_b, port_type ptype, guint32 port_a, guint32 port_b, guint options); +/* for SCTP stream */ +extern conversation_t *conversation_new_ext(guint32 setup_frame, address *addr1, address *addr2, + port_type ptype, guint32 port1, guint32 port2, guint options, guint16 strid); +extern conversation_t *find_conversation_ext(guint32 frame_num, address *addr_a, address *addr_b, + port_type ptype, guint32 port_a, guint32 port_b, guint options, guint16 strid); + + extern void conversation_add_proto_data(conversation_t *conv, int proto, void *proto_data); extern void *conversation_get_proto_data(conversation_t *conv, int proto); diff -Nur wireshark-1.2.7/epan/dissectors/packet-diameter.c wireshark-1.2.7-fD/epan/dissectors/packet-diameter.c --- wireshark-1.2.7/epan/dissectors/packet-diameter.c 2010-04-01 01:44:21.000000000 +0900 +++ wireshark-1.2.7-fD/epan/dissectors/packet-diameter.c 2011-02-23 13:33:10.000000000 +0900 @@ -63,8 +63,10 @@ #include "packet-ntp.h" #include "packet-diameter.h" #include "diam_dict.h" +#include "packet-ssl.h" #define SCTP_PORT_DIAMETER 3868 +#define SCTP_TLS_PORT_DIAMETER 3869 /* Diameter Header Flags */ /* RPETrrrrCCCCCCCCCCCCCCCCCCCCCCCC */ @@ -271,10 +273,13 @@ static guint gbl_diameterSctpPort=SCTP_PORT_DIAMETER; +static guint gbl_diameterSctpTlsPort=SCTP_TLS_PORT_DIAMETER; static dissector_handle_t diameter_tcp_handle; static range_t *global_diameter_tcp_port_range; +static range_t *global_diameter_tcp_tls_port_range; #define DEFAULT_DIAMETER_PORT_RANGE "3868" +#define DEFAULT_DIAMETER_TLS_PORT_RANGE "3869" /* desegmentation of Diameter over TCP */ static gboolean gbl_diameter_desegment = TRUE; @@ -1358,13 +1363,27 @@ dissector_add("tcp.port", port, diameter_tcp_handle); } +static void +range_delete_callback_sec(guint32 port) +{ + ssl_dissector_delete(port, "diameter", TRUE); +} + +static void +range_add_callback_sec(guint32 port) +{ + ssl_dissector_add(port, "diameter", TRUE); +} + void proto_reg_handoff_diameter(void) { static gboolean Initialized=FALSE; static guint SctpPort; + static guint SctpsPort; static dissector_handle_t diameter_handle; static range_t *diameter_tcp_port_range; + static range_t *diameters_tcp_port_range; if (!Initialized) { diameter_handle = find_dissector("diameter"); @@ -1382,20 +1401,27 @@ /* AVP Code: 463 EAP-Reissued-Payload */ dissector_add("diameter.base", 463, new_create_dissector_handle(dissect_diameter_eap_payload, proto_diameter)); + + /* set port for future deletes */ + diameter_tcp_port_range = range_copy(global_diameter_tcp_port_range); + range_foreach(diameter_tcp_port_range, range_add_callback); + diameters_tcp_port_range = range_copy(global_diameter_tcp_tls_port_range); + range_foreach(diameters_tcp_port_range, range_add_callback_sec); + + dissector_add("sctp.port", gbl_diameterSctpPort, diameter_handle); + ssl_dissector_add(gbl_diameterSctpTlsPort, "diameter", TRUE); Initialized=TRUE; } else { range_foreach(diameter_tcp_port_range, range_delete_callback); g_free(diameter_tcp_port_range); + range_foreach(diameters_tcp_port_range, range_delete_callback_sec); + g_free(diameters_tcp_port_range); dissector_delete("sctp.port", SctpPort, diameter_handle); } - /* set port for future deletes */ - diameter_tcp_port_range = range_copy(global_diameter_tcp_port_range); - range_foreach(diameter_tcp_port_range, range_add_callback); - SctpPort=gbl_diameterSctpPort; - dissector_add("sctp.port", gbl_diameterSctpPort, diameter_handle); + } /* registration with the filtering engine */ @@ -1543,8 +1569,9 @@ diameter_dissector_table = register_dissector_table("diameter.base", "DIAMETER_3GPP_AVPS", FT_UINT32, BASE_DEC); diameter_3gpp_avp_dissector_table = register_dissector_table("diameter.3gpp", "DIAMETER_3GPP_AVPS", FT_UINT32, BASE_DEC); - /* Set default TCP ports */ + /* Set default TCP & TLS ports */ range_convert_str(&global_diameter_tcp_port_range, DEFAULT_DIAMETER_PORT_RANGE, MAX_UDP_PORT); + range_convert_str(&global_diameter_tcp_tls_port_range, DEFAULT_DIAMETER_TLS_PORT_RANGE, MAX_UDP_PORT); /* Register configuration options for ports */ diameter_module = prefs_register_protocol(proto_diameter, diff -Nur wireshark-1.2.7/epan/dissectors/packet-sctp.c wireshark-1.2.7-fD/epan/dissectors/packet-sctp.c --- wireshark-1.2.7/epan/dissectors/packet-sctp.c 2010-04-01 01:44:28.000000000 +0900 +++ wireshark-1.2.7-fD/epan/dissectors/packet-sctp.c 2011-02-23 13:54:13.000000000 +0900 @@ -2693,6 +2693,7 @@ b_bit = tvb_get_guint8(chunk_tvb, CHUNK_FLAGS_OFFSET) & SCTP_DATA_CHUNK_B_BIT; u_bit = tvb_get_guint8(chunk_tvb, CHUNK_FLAGS_OFFSET) & SCTP_DATA_CHUNK_U_BIT; stream_id = tvb_get_ntohs(chunk_tvb, DATA_CHUNK_STREAM_ID_OFFSET); + pinfo->strid = stream_id; stream_seq_num = tvb_get_ntohs(chunk_tvb, DATA_CHUNK_STREAM_SEQ_NUMBER_OFFSET); tsn = tvb_get_ntohl(chunk_tvb, DATA_CHUNK_TSN_OFFSET); diff -Nur wireshark-1.2.7/epan/dissectors/packet-ssl.c wireshark-1.2.7-fD/epan/dissectors/packet-ssl.c --- wireshark-1.2.7/epan/dissectors/packet-ssl.c 2010-04-01 01:44:34.000000000 +0900 +++ wireshark-1.2.7-fD/epan/dissectors/packet-ssl.c 2011-02-23 14:56:36.000000000 +0900 @@ -500,6 +500,7 @@ guint* conv_version; Ssl_private_key_t * private_key; guint32 port; + guint16 strid; ti = NULL; ssl_tree = NULL; @@ -507,9 +508,14 @@ first_record_in_frame = TRUE; ssl_session = NULL; port = 0; + strid = 0; ssl_debug_printf("\ndissect_ssl enter frame #%u (%s)\n", pinfo->fd->num, (pinfo->fd->flags.visited)?"already visited":"first time"); + + if (pinfo->ptype == PT_SCTP) { + ssl_debug_printf("\ndissect_ssl SCTP stream %hd\n", pinfo->strid); + } /* Track the version using conversations to reduce the * chance that a packet that simply *looks* like a v2 or @@ -523,14 +529,14 @@ * the conv_version, must set the copy in the conversation * in addition to conv_version */ - conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, - pinfo->srcport, pinfo->destport, 0); + conversation = find_conversation_ext(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, NO_IGNORE_SCTP_STREAMID, pinfo->strid); if (!conversation) { /* create a new conversation */ - conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, - pinfo->srcport, pinfo->destport, 0); + conversation = conversation_new_ext(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, (pinfo->ptype == PT_SCTP) ? DISTINCT_SCTP_STREAMID : 0, pinfo->strid); ssl_debug_printf(" new conversation = %p created\n", (void *)conversation); } conv_data = conversation_get_proto_data(conversation, proto_ssl); @@ -549,7 +555,7 @@ conversation_add_proto_data(conversation, proto_ssl, ssl_session); /* we need to know which side of the conversation is speaking */ - if (ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)) { + if (ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype != PT_UDP)) { dummy.addr = pinfo->src; dummy.port = port = pinfo->srcport; } else { @@ -762,7 +768,7 @@ * add decrypted data to this packet info */ ssl_debug_printf("decrypt_ssl3_record: app_data len %d ssl, state 0x%02X\n", record_length, ssl->state); - direction = ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP); + direction = ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype != PT_UDP); /* retrieve decoder for this packet direction */ if (direction != 0) { @@ -1504,7 +1510,7 @@ col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec"); dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree, offset, conv_version, content_type); - if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)); + if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype != PT_UDP)); break; case SSL_ID_ALERT: { @@ -1566,8 +1572,8 @@ /* we need dissector information when the selected packet is shown. * ssl session pointer is NULL at that time, so we can't access * info cached there*/ - association = ssl_association_find(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP); - association = association ? association: ssl_association_find(ssl_associations, pinfo->destport, pinfo->ptype == PT_TCP); + association = ssl_association_find(ssl_associations, pinfo->srcport, pinfo->ptype != PT_UDP); + association = association ? association: ssl_association_find(ssl_associations, pinfo->destport, pinfo->ptype != PT_UDP); proto_item_set_text(ssl_record_tree, "%s Record Layer: %s Protocol: %s", diff -Nur wireshark-1.2.7/epan/dissectors/packet-ssl-utils.c wireshark-1.2.7-fD/epan/dissectors/packet-ssl-utils.c --- wireshark-1.2.7/epan/dissectors/packet-ssl-utils.c 2010-04-01 01:44:27.000000000 +0900 +++ wireshark-1.2.7-fD/epan/dissectors/packet-ssl-utils.c 2011-02-23 13:33:10.000000000 +0900 @@ -2713,9 +2713,10 @@ fprintf(stderr, "association_add() could not find handle for protocol:%s\n",protocol); } else { if(port) { - if(tcp) + if(tcp) { dissector_add("tcp.port", port, handle); - else + dissector_add("sctp.port", port, handle); + } else dissector_add("udp.port", port, handle); } g_tree_insert(associations, assoc, assoc); diff -Nur wireshark-1.2.7/epan/packet_info.h wireshark-1.2.7-fD/epan/packet_info.h --- wireshark-1.2.7/epan/packet_info.h 2010-04-01 01:44:40.000000000 +0900 +++ wireshark-1.2.7-fD/epan/packet_info.h 2011-02-23 13:54:52.000000000 +0900 @@ -169,6 +169,7 @@ tvbuff_t *gssapi_decrypted_tvb; gboolean gssapi_data_encrypted; + guint16 strid; /* Stream Id of the last DATA chunk in the packet */ guint32 ppid; /* SCTP PPI of current DATA chunk */ guint32 ppids[MAX_NUMBER_OF_PPIDS]; /* The first NUMBER_OF_PPIDS PPIDS which are present * in the SCTP packet