diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2018-11-17 13:56:12 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2018-11-20 05:12:37 +0000 |
| commit | 52a667143929ace46929bfb6ad15b6a856cdbe77 (patch) | |
| tree | 97dfedc45dd07c47116ba06cb13457f04a5d48df /wiretap/pcapng_module.h | |
| parent | ad21e3121f3307ee6cc2b4a2b296ef6dd83152ed (diff) | |
wiretap: add read/write support for Decryption Secrets Block (DSB)
Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54
As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.
Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.
If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.
The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).
Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap/pcapng_module.h')
| -rw-r--r-- | wiretap/pcapng_module.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/wiretap/pcapng_module.h b/wiretap/pcapng_module.h index 01abd39f49..78396f4265 100644 --- a/wiretap/pcapng_module.h +++ b/wiretap/pcapng_module.h @@ -25,6 +25,7 @@ #define BLOCK_TYPE_IRIG_TS 0x00000007 /* IRIG Timestamp Block */ #define BLOCK_TYPE_ARINC_429 0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */ #define BLOCK_TYPE_SYSTEMD_JOURNAL 0x00000009 /* systemd journal entry */ +#define BLOCK_TYPE_DSB 0x0000000A /* Decryption Secrets Block */ #define BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */ #define BLOCK_TYPE_SYSDIG_EVF 0x00000208 /* Sysdig Event Block with flags */ |