[Brian Vandenberg <phantal@xxxxxxxxx>]

 As an addendum to this, one thing I tried for tracking this down was 
to set a conditional breakpoint to watch for each instance of an 
execution of add_new_data_source where the name of the data source 
contains the text "Reassembled SSL", then set a watch for 
tvb->real_data+c, for some c that jumps to a particular part of the 
decrypted packet that contains a unique sessionid to have a quick means 
of looking for duplicate calls to add_new_data_source for the same 
chunk, but each sessionid receives only one call.

 Is there another function other than add_new_data_source that can add 
a tab to the bottom when dissecting something?

-Brian

Brian Vandenberg wrote:
>   I found a bug about 9-10 months ago in the SSL dissector that was 
> never fixed, so I'm trying to find/fix the problem myself, but I'm 
> having a hard time tracking it down.
>
>   Essentially this is what happens:
>
> * POST to server occurs, the SSL chunk isn't fragmented.
> * When SSL dissector decrypts it a single new data source is added and 
> displayed entitled "Decrypted SSL Data"
> * The new data source is then passed to the http dissector.
> * ...
> * A response from the server is sent, the SSL chunk *IS* fragmented.
> * The SSL dissector decrypts each chunk then reconstructs it; four new 
> data sources are added:
> ** Decrypted SSL data (X bytes)
> ** Reassembled SSL (Y bytes)
> ** Decrypted SSL data (Z bytes)
> ** Reassembled SSL (Y bytes)
> ** note that both 'Reassembled' data sources have the same size, and the 
> exact same data.
> * The reassembled chunks are *both* passed to the http dissector.
>
>   The problem is that the SSL dissector is adding the same reassembled 
> chunk as a new data source twice (possibly more, if it is broken up into 
> more than 2 chunks, but so far I've only seen it broken in two chunks).  
> I've spent a couple of days on this, and though I think I'm close, I 
> just don't know enough about the Wireshark API, so I'm making very slow 
> progress.
>
>   I expected that it would be as simple as going to line 920 of 
> packet-ssl.c, set a breakpoint, observe that the line is executed twice 
> for each packet where this occurs, then figure out why it executes more 
> than once ... but it only executes that line once for each packet where 
> this occurs, and I don't see another line of code that tries to add a 
> new data source with the text "Reassembled SSL", .  I haven't managed to 
> find where the 2nd call to add_new_data_source takes place.
>
>   I'm going to continue working on this, however, if anyone has a 
> suggestion, or see's something I'm missing, I'd appreciate the help.
>
> -Brian
>
> Anders Broman wrote:
>   
> > Hi,
> > ETR 091 (ETSI ETR 091 ed.1 (1993-07)) downloadable from ETSI.
> > http://www.etsi.org/services_products/freestandard/home.htm
> > Regards
> > Anders
> >
> > ________________________________________
> > Från: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Kukosa, Tomas
> > Skickat: den 30 maj 2007 23:19
> > Till: wireshark-dev@xxxxxxxxxxxxx
> > Ämne: Re: [Wireshark-dev] [Wireshark-commits] rev 22008:/trunk/asn1/gsmmap/ /trunk/asn1/gsmmap/:MAP-ApplicationContexts.asn MAP-BS-Code.asnMAP-CH-DataTypes.asn MAP-CommonDataTypes.asnMAP-ER-DataTypes.asn MAP-GR-DataTypes.asn ...
> >
> > Hi,
> >  
> > which document the MobileDomainDefinitions.asn comes from?
> >  
> > I have tries do find any reference in the 3GPP TS 29.002 but without any success.
> >  
> > Regards,
> >   Tomas
> >
> > ________________________________________
> > Od: wireshark-commits-bounces@xxxxxxxxxxxxx za uživatele etxrab@xxxxxxxxxxxxx
> > Odesláno: st 30.5.2007 21:03
> > Komu: wireshark-commits@xxxxxxxxxxxxx
> > Předmět: [Wireshark-commits] rev 22008: /trunk/asn1/gsmmap/ /trunk/asn1/gsmmap/: MAP-ApplicationContexts.asn MAP-BS-Code.asn MAP-CH-DataTypes.asn MAP-CommonDataTypes.asn MAP-ER-DataTypes.asn MAP-GR-DataTypes.asn ...
> > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=22008
> >
> > User: etxrab
> > Date: 2007/05/30 07:03 PM
> >
> > Log:
> >  Add separate asn1 files that may be used later.
> >
> > Directory: /trunk/asn1/gsmmap/
> >   Changes    Path                           Action
> >   +196 -0    MAP-ApplicationContexts.asn    Added
> >   +130 -0    MAP-BS-Code.asn                Added
> >   +463 -0    MAP-CH-DataTypes.asn           Added
> >   +627 -0    MAP-CommonDataTypes.asn        Added
> >   +406 -0    MAP-ER-DataTypes.asn           Added
> >   +197 -0    MAP-GR-DataTypes.asn           Added
> >   +2596 -0   MAP-MS-DataTypes.asn           Added
> >   +214 -0    MAP-OM-DataTypes.asn           Added
> >   +246 -0    MAP-SM-DataTypes.asn           Added
> >   +186 -0    MAP-SS-Code.asn                Added
> >   +341 -0    MAP-SS-DataTypes.asn           Added
> >
> >
> > (3 files not shown)
> > _______________________________________________
> > Wireshark-commits mailing list
> > Wireshark-commits@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-commits
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >   
> >     
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>