Wireshark-dev: [Wireshark-dev] Dissecting TLS and non-TLS using the same ports

From: Markku Leiniö <markku@xxxxxx>
Date: Thu, 13 Jul 2023 17:48:52 +0300
Hi,

In my Zabbix dissector I'm currently using dissector_add_uint_range_with_preference("tcp.port", ZABBIX_TCP_PORTS, zabbix_handle) to define the TCP ports (defaulting to "10050,10051").
I'm now attempting to use ssl_dissector_add() to dissect also 
TLS-encrypted Zabbix protocol packets, using the same ports (that's how 
Zabbix works: some agents use TLS, some don't, and they all connect to 
the same port on the server). I see port number 0 being used in some 
dissectors (for example in packet-kafka.c), but that does not seem to 
work. From some comments I understand that it enables to use manual 
"Decode as" or something like that.
So, apparently I need to use ssl_dissector_add() with all the configured 
ports. I see examples of using range_foreach() to do that, so I used it 
like this:
       range_t *zabbix_tcp_range;
       zabbix_tcp_range = prefs_get_range_value("zabbix", "tcp.port");
range_foreach(zabbix_tcp_range, range_add_zabbix_tls_callback, NULL);
It seems to work with TLS packets, but now it won't dissect non-TLS 
Zabbix packets at all.
In Lua (with my previous dissector) I was able to do simply this:

DissectorTable.get("tcp.port"):add(default_settings.ports, zabbix_protocol) DissectorTable.get("tls.port"):add(default_settings.ports, zabbix_protocol)
and that worked fine, it dissected both TLS and non-TLS packets correctly.

How do I get the same behaviour with C dissector?

Markku