Stephen Fisher wrote the following on 12/01/2007 19:34:
On Fri, Jan 12, 2007 at 07:19:59PM +0000, Martin Warnes wrote:
The Connect:Direct protocol in this case is just a header record:
54 43 50 32 00 02 00 10 00 00 00 09 .S..TCP2........
0050 80 00 00 00 38 00 00 00
and the SSL payload:
16 03 01 00 04 0e 00 00 ....8...........
0060 00
In this case, your dissector should call the SSL dissector once its done
processing its own data. See epan/dissector/packet-eap.c for an example
of calling SSL as a sub-dissector (look for each instance of "ssl_handle"
and how it builds next_tvb before calling it).
Steve
That's what I thought I was doing, from my code:
if (isSSL)
{
if (cdirect_ssldissection)
{
next_tvb =
tvb_new_subset (tvb, tvb_get_ntohs (tvb, 6) + rhlen,
tvb_get_ntohs (tvb, 10), -1);
}
call_dissector (ssl_handle, next_tvb, pinfo, cdirect_tree);
}
}
}
The actual dissection of the SSL data works fine, it's just that when I
select "Follow SSL stream" I always get a empty panel. I always assumed
it was because the SSL was not atop TCP, I'll take a closer look when I
get a spare moment.
Thanks .. Martin
----------------------------------------------------------
Scanned by ClamAV antivirus system - http://www.clamav.net
Virus signatures last updated: Fri Jan 12 18:33:21 2007