From Toralf Foerster via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5432 :

The attached patch against that dissector contains :

FIX:
- counting statistics over encrypted packages (line 610 ff)

NEW:
- tag sametime message type 0x0025 as known

MISC:
- better comment
- new line clean ups


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35077 f5534014-38df-0310-8fa8-9805f1628bb7

1 files changed, 18 insertions, 7 deletions

diff --git a/epan/dissectors/packet-sametime.c b/epan/dissectors/packet-sametime.c
index 72351f5159..f6c5d1a7bb 100644
--- a/epan/dissectors/packet-sametime.c
+++ b/epan/dissectors/packet-sametime.c
@@ -39,7 +39,7 @@ static int proto_sametime = -1;
 static guint global_sametime_port = DEFAULT_SAMETIME_PORT;
 static dissector_handle_t sametime_handle;
 
-/* Preference */
+/*preferences*/
 static gboolean global_sametime_show_length = FALSE;
 static gboolean global_sametime_reassemble_packets = TRUE;
 
@@ -110,6 +110,7 @@ typedef struct SametimeTap {
 #define SAMETIME_MESSAGETYPE_HANDSHAKE		0x0000
 
 #define SAMETIME_MESSAGETYPE_HANDSHAKE_ACK	0x8000
+#define SAMETIME_MESSAGETYPE_HANDSHAKE_SYN	0x0025
 #define SAMETIME_MESSAGETYPE_LOGIN		0x0001
 #define SAMETIME_MESSAGETYPE_LOGIN_ACK		0x8001
 #define SAMETIME_MESSAGETYPE_LOGIN_REDIRECT	0x0018
@@ -126,10 +127,12 @@ typedef struct SametimeTap {
 #define SAMETIME_MESSAGETYPE_ADMIN		0x0019
 #define SAMETIME_MESSAGETYPE_ANNOUNCE		0x0022
 
+
 static const value_string messagetypenames[] = {
 	{  SAMETIME_MESSAGETYPE_HEARTBEAT,   		"HEARTBEAT" },
 
 	{  SAMETIME_MESSAGETYPE_HANDSHAKE, 		"HANDSHAKE" },
+	{  SAMETIME_MESSAGETYPE_HANDSHAKE_SYN, 		"HANDSHAKE_SYN" },
 	{  SAMETIME_MESSAGETYPE_HANDSHAKE_ACK, 		"HANDSHAKE_ACK" },
 	{  SAMETIME_MESSAGETYPE_LOGIN, 			"LOGIN" },
 	{  SAMETIME_MESSAGETYPE_LOGIN_ACK, 		"LOGIN_ACK" },
@@ -157,16 +160,17 @@ static const value_string optionnames[] = {
 	{  0x0,    				"" },
 	{  SAMETIME_MESSAGEOPTION_ENCRYPT,	"ENCRYPT" },
 	{  SAMETIME_MESSAGEOPTION_HAS_ATTRIBS,	"HAS_ATTRIBS" },
+
 	{ 0, NULL }
 };
 
 static const value_string userstatusnames[] = {
-	{ 0x0020, "ACTIVE" },	/* I am available */
-	{ 0x0040, "IDLE" },	/* ? */
-	{ 0x0060, "AWAY" },	/* I am away */
-	{ 0x0080, "BUSY" },	/* Please do not disturb me */
+	{ 0x0020, "ACTIVE" },	/* "I am available" */
+	{ 0x0040, "IDLE" },	/* never seen in the wild, maybe non-pc :-) ? */
+	{ 0x0060, "AWAY" },	/* "I am away from my computer now" */
+	{ 0x0080, "BUSY" },	/* "Please do not disturb me" */
+	{ 0x0008, "MEETING" },	/* "I am in a meeting" */
 
-	{ 0x0008, "MEETING" },	/* I have a meeting */
 	{ 0, NULL }
 };
 
@@ -577,6 +581,9 @@ dissect_sametime_content(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 			dissect_handshake_ack(tvb, sametime_tree, offset);
 			break;
 
+		case SAMETIME_MESSAGETYPE_HANDSHAKE_SYN:
+			break;
+
 		case SAMETIME_MESSAGETYPE_LOGIN:
 			dissect_login(tvb, sametime_tree, offset);
 			break;
@@ -610,6 +617,8 @@ dissect_sametime_content(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 			break;
 
 		default:
+			/* do not fill the statistics with useless data from encrypted packages */
+			sinfo->message_type = -1;
 			break;
 		}
 	}
@@ -661,6 +670,8 @@ get_sametime_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
 {
 	/* XXX: Actually: the length of the tvb will always be 4 or greater at this point */
 	/*      because tcp_dissect_pdus was called with 4 as a required "fixed length".  */
+	/*	But newer variants of this protocol with a full encrypted network stream  */
+	/*	may require a more sophisticated dissection logic here                    */
 	guint32 N = tvb_length_remaining(tvb, offset);
 
 	return (N < 4) ? N : tvb_get_ntohl(tvb, offset) + 4;
@@ -900,6 +911,7 @@ proto_register_sametime(void)
 				       10, &global_sametime_port);
 }
 
+
 /*
 	create / register
 */
@@ -921,6 +933,5 @@ proto_reg_handoff_sametime(void)
 
 	dissector_add("tcp.port", global_sametime_port, sametime_handle);
 	saved_sametime_tcp_port = global_sametime_port;
-
 }