Hi, all:
I am dissecting some encrypted protocols (sorry I can't talk about it in
detail) in Ethereal v0.9.3, I have to get data_ptr by using "(guint8
*)tvb_get_ptr(...)" and do our algorithm.
However, there is a bug described below: After inputing some available
filter in "Open Capture File" dialog box, the routine will do
epan_dissect_run(...) in function read_packet(...) at file.c:799. Then the
argument "buf" will be modified by encrypting protocol. So if this packet
passes rfcode, the routine will do epan_dissect_run(...) in function
add_packet_to_packet_list(...) at file.c:663. But the "buf" has been
encrypted that the subdissectors can't konw, it is encrypted again. The data
is not correct any longer.
I have one way to resolve it:
file.c:796
if (cf->rfcode) {
+ const u_char *buf_new = g_malloc(fdata->cap_len);
+ memcpy(buf_new, buf, fdata->cap_len);
edt = epan_dissect_new(TRUE, FALSE);
epan_dissect_prime_dfilter(edt, cf->rfcode);
- epan_dissect_run(edt, pseudo_header, buf, fdata, NULL);
+ epan_dissect_run(edt, pseudo_header, buf_new, fdata, NULL);
passed = dfilter_apply_edt(cf->rfcode, edt);
epan_dissect_free(edt);
+ g_free(buf_new);
}
How do you think about it?
Dose any one have a better way to dissect encrypted protocol rather than
using "(guint8 *)tvb_get_ptr(...)"?
B.R.
Buding