diff options
author | Evan Huus <eapache@gmail.com> | 2012-07-28 03:09:46 +0000 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2012-07-28 03:09:46 +0000 |
commit | 3ed453c4d5dd1695cfd7e55041efc40c620d22f6 (patch) | |
tree | e019c8a65a02c3172f563aa12cd0718ad98ef056 /epan/dissectors/packet-xmpp-core.c | |
parent | 51fdf55f2321b88172dc94a0dc6672e78b89aec1 (diff) |
Decode SSL streams in XMPP sessions. Fixes:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3177
The logic is rather conservative for now, but I imagine false negatives are
better than false positives for this sort of thing.
svn path=/trunk/; revision=44088
Diffstat (limited to 'epan/dissectors/packet-xmpp-core.c')
-rw-r--r-- | epan/dissectors/packet-xmpp-core.c | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/epan/dissectors/packet-xmpp-core.c b/epan/dissectors/packet-xmpp-core.c index 0abfa9060e..70c3613d0e 100644 --- a/epan/dissectors/packet-xmpp-core.c +++ b/epan/dissectors/packet-xmpp-core.c @@ -702,7 +702,8 @@ xmpp_features_mechanisms(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xm } void -xmpp_starttls(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet) +xmpp_starttls(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info) { proto_item *tls_item; proto_tree *tls_tree; @@ -716,12 +717,21 @@ xmpp_starttls(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_ tls_item = proto_tree_add_item(tree, hf_xmpp_starttls, tvb, packet->offset, packet->length, ENC_BIG_ENDIAN); tls_tree = proto_item_add_subtree(tls_item, ett_xmpp_starttls); + if (xmpp_info->ssl_start && xmpp_info->ssl_start != pinfo->fd->num) { + expert_add_info_format(pinfo, tls_item, PI_PROTOCOL, PI_WARN, + "Already saw STARTTLS in frame %u", xmpp_info->ssl_start); + } + else { + xmpp_info->ssl_start = pinfo->fd->num; + } + xmpp_display_attrs(tls_tree, packet, pinfo, tvb, attrs_info, array_length(attrs_info)); xmpp_display_elems(tls_tree, packet, pinfo, tvb, NULL, 0); } void -xmpp_proceed(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t *packet) +xmpp_proceed(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, + xmpp_element_t *packet, xmpp_conv_info_t *xmpp_info) { proto_item *proceed_item; proto_tree *proceed_tree; @@ -735,6 +745,19 @@ xmpp_proceed(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, xmpp_element_t proceed_item = proto_tree_add_item(tree, hf_xmpp_proceed, tvb, packet->offset, packet->length, ENC_BIG_ENDIAN); proceed_tree = proto_item_add_subtree(proceed_item, ett_xmpp_proceed); + if (!xmpp_info->ssl_start) { + expert_add_info_format(pinfo, proceed_item, PI_PROTOCOL, PI_WARN, + "Haven't seen a STARTTLS, did the capture start in the middle of a session?"); + } + + if (xmpp_info->ssl_proceed && xmpp_info->ssl_proceed != pinfo->fd->num) { + expert_add_info_format(pinfo, proceed_item, PI_PROTOCOL, PI_WARN, + "Already saw PROCEED in frame %u", xmpp_info->ssl_proceed); + } + else { + xmpp_info->ssl_proceed = pinfo->fd->num; + } + xmpp_display_attrs(proceed_tree, packet, pinfo, tvb, attrs_info, array_length(attrs_info)); xmpp_display_elems(proceed_tree, packet, pinfo, tvb, NULL, 0); } |