Brian Vandenberg wrote:
I'm writing a dissector that relies on the http dissector. The
server's I'll be monitoring use ssl, so there's a requirement to use the
ssl dissector to decrypt the packets and hand them off to the http
dissector.
Requests & responses are both treated properly during dissection, so
that isn't an issue. That is, with one caveat: for some reason, the
following code never causes the columns to be changed in my dissector,
and it also seems to fail to do the same thing in the http dissector:
if (check_col (pinfo->cinfo, COL_PROTOCOL))
col_set_str (pinfo->cinfo, COL_PROTOCOL, "ABBRV");
if (check_col (pinfo->cinfo, COL_INFO))
col_set_str (pinfo->cinfo, COL_INFO, "Some info");
The columns continue to say:
Protocol: TLSv1
Info: [SSL segment of a reassembled PDU]
So, three questions: has anyone else seen this before, is this a bug,
and is there a workaround?
Are you sure your dissector get's called at all?
It looks like an SSL reassembling is going on, without a data chunk for
the upper layer protocol.
Regards, ULFL