Wireshark-dev: [Wireshark-dev] packet-hislip & tls

From: Guido Kiener <Guido.Kiener@xxxxxxxxxxxxxxxxx>
Date: Wed, 29 Jan 2020 22:05:04 +0000

Hi all,

Our working group defines the HiSLIP 2.0 protocol over TLS. I could extend the new messages (e.g. like STARTTLS) and pass over the encrypted data with ssl_starttls_ack(tls_handle, pinfo, hislip_handle);

For performance/debug reason we also have a requirement to switch back the TLS connection (sockets) to plain text (e.g. when sensitive data is already exchanged). This is done with the ‘close notify’ alerts. I can see the plain text within the TLS dissector marked as ‘Continuation Data’, but I would like to see the packets again with the hislip dissector.

Question: Can you please give me a hint how I can fall back to the hislip dissector? Is there another dissector (code) where I can copy the logic?

-Guido