[Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>]

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93ed72642b3bc0771c6099c4861a39c080040b0e
Submitter: Michael Mann (mmann78@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

93ed726 by Peter Wu (peter@xxxxxxxxxxxxx):

    ssl,dtls,ssl-utils: Prepare for STARTTLS handling
    
    All STARTTLS-like dissectors (protocols which can switch to SSL/TLS
    after a protocol command) currently fail to get called after decryption.
    The reason for this is that the port is not registered for SSL
    dissection via ssl_dissector_add. Besides this, the MySQL dissector
    breaks in the event of multiple segments because it does not properly
    set desegmentation.
    
    The call path TCP | App | SSL | App is a bad, error-prone pattern which
    requires duplication of required functionality in dissectors. This patch
    enables to bypass the App (TCP | SSL | App) by registering a SSL as
    conversation dissector after a STARTTLS switch.
    
    Logical overview of changes:
    
     - Move srv_addr, srv_ptype and srv_port to SslSession and adjust the
       users. This allows passing SslSession around which will never be null
       unlike SslDecryptSession. This is needed for looking up the packet
       direction (server or client) before calling a subdissector.
     - Add app_handle to store the dissector and last_nontls_frame the
       frame that initiated STARTTLS.
     - The same app_handle is now used to store the dissector handle from
       a ssl association.
     - Moved conversation data (SslDecryptSession) to ssl-utils to avoid
       code duplication. Merge ssl_session_init into it. The new
       ssl_session_get() is needed for STARTTLS frame/handle storage.
     - Introduce new "ssl_starttls_ack" function to signal the last non-TLS
       packet.
     - Ensure that match_uint is set before calling the conversation
       dissector. This ensures that dissectors using match_uint to check
       the direction of a packet (client vs. server) see the TCP port
       instead of the IP proto. At least the MySQL and SMTP dissectors
       require such special treatment.
     - Move epan/conversation.h outside HAVE_LIBGNUTLS, remove from dtls
       (as it is already included by ssl-utils).
     - Various comment/debug string updates. Remove outdated comment before
       SSL association lookup.
    
    Besides setting match_uint and caching the app_handle, existing
    dissectors should not be affected by this patch. Follow-up patches
    will update existing dissectors to use the new ssl_starttls_ack
    interface.
    
    Bug: 9515
    Change-Id: I795d16b6a901e672a5d89e922adc7e5bbcda0333
    Reviewed-on: https://code.wireshark.org/review/6872
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Petri-Dish: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
    

Actions performed:

    from  5b2a05c   [IS-IS LSP] Add support for Adj-SID & LAN-Adj-SID subTLV
    adds  93ed726   ssl,dtls,ssl-utils: Prepare for STARTTLS handling


Summary of changes:
 epan/dissectors/packet-dtls.c      |   80 ++++++++++++++++----------
 epan/dissectors/packet-ssl-utils.c |   85 +++++++++++++++++++++++-----
 epan/dissectors/packet-ssl-utils.h |   43 ++++++++++----
 epan/dissectors/packet-ssl.c       |  109 ++++++++++++++++++------------------
 4 files changed, 207 insertions(+), 110 deletions(-)