2
2
* Routines for dtls dissection
3
3
* Copyright (c) 2006, Authesserre Samuel <sauthess@gmail.com>
5
* $Id: packet-dtls.c 19037 2006-08-26 00:05:26Z guy $
5
* $Id: packet-dtls.c 20405 2007-01-12 10:25:03Z kukosa $
7
7
* Wireshark - Network traffic analyzer
8
8
* By Gerald Combs <gerald@wireshark.org>
477
477
content_type, tvb_get_ptr(tvb, offset, record_length),
478
478
record_length, dtls_decrypted_data.data, &dtls_decrypted_data_avail) == 0)
480
if (ret && save_plaintext)
483
pi = p_get_proto_data(pinfo->fd, proto_dtls);
487
ssl_debug_printf("decrypt_dtls_record: allocating app_data %d "
488
"bytes for app data\n", dtls_decrypted_data_avail);
489
/* first app data record: allocate and put packet data*/
490
pi = se_alloc0(sizeof(SslPacketInfo));
491
pi->app_data.data = se_alloc(dtls_decrypted_data_avail);
492
pi->app_data.data_len = dtls_decrypted_data_avail;
493
memcpy(pi->app_data.data, dtls_decrypted_data.data, dtls_decrypted_data_avail);
497
/* update previus record*/
498
ssl_debug_printf("decrypt_dtls_record: reallocating app_data "
499
"%d bytes for app data (total %d appdata bytes)\n",
500
dtls_decrypted_data_avail, pi->app_data.data_len + dtls_decrypted_data_avail);
501
store = se_alloc(pi->app_data.data_len + dtls_decrypted_data_avail);
502
memcpy(store, pi->app_data.data, pi->app_data.data_len);
503
memcpy(&store[pi->app_data.data_len], dtls_decrypted_data.data, dtls_decrypted_data_avail);
504
pi->app_data.data_len += (dtls_decrypted_data_avail);
506
/* old decrypted data ptr here appare to be leaked, but it's
507
* collected by emem allocator */
508
pi->app_data.data = store;
510
/* data ptr is changed, so remove old one and re-add the new one*/
511
ssl_debug_printf("decrypt_dtls_record: removing old app_data ptr\n");
512
p_remove_proto_data(pinfo->fd, proto_dtls);
515
ssl_debug_printf("decrypt_dtls_record: setting decrypted app_data ptr %p\n",pi);
516
p_add_proto_data(pinfo->fd, proto_dtls, pi);
481
if (ret && save_plaintext) {
482
ssl_add_data_info(proto_dtls, pinfo, dtls_decrypted_data.data, dtls_decrypted_data_avail, TVB_RAW_OFFSET(tvb)+offset, 0);
777
744
offset, record_length, 0);
779
746
/* show decrypted data info, if available */
780
pi = p_get_proto_data(pinfo->fd, proto_dtls);
781
if (pi && pi->app_data.data)
747
appl_data = ssl_get_data_info(proto_dtls, pinfo, TVB_RAW_OFFSET(tvb)+offset);
748
if (appl_data && (appl_data->plain_data.data_len > 0))
785
751
/* try to dissect decrypted data*/
786
752
ssl_debug_printf("dissect_dtls_record decrypted len %d\n",
787
pi->app_data.data_len);
789
/* create new tvbuff for the decrypted data */
790
new_tvb = tvb_new_real_data(pi->app_data.data,
791
pi->app_data.data_len, pi->app_data.data_len);
792
tvb_set_free_cb(new_tvb, g_free);
793
/* tvb_set_child_real_data_tvbuff(tvb, new_tvb); */
795
add_new_data_source(pinfo, new_tvb, "Decrypted DTLS data");
753
appl_data->plain_data.data_len);
755
/* create a new TVB structure for desegmented data */
756
next_tvb = tvb_new_real_data(appl_data->plain_data.data, appl_data->plain_data.data_len, appl_data->plain_data.data_len);
758
/* add this tvb as a child to the original one */
759
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
761
add_new_data_source(pinfo, next_tvb, "Decrypted DTLS data");
797
763
/* find out a dissector using server port*/
798
764
if (association && association->handle) {
799
765
ssl_debug_printf("dissect_dtls_record found association %p\n", association);
800
ssl_print_text_data("decrypted app data",pi->app_data.data,
801
pi->app_data.data_len);
766
ssl_print_text_data("decrypted app data",appl_data->plain_data.data, appl_data->plain_data.data_len);
803
call_dissector(association->handle, new_tvb, pinfo, top_tree);
768
call_dissector(association->handle, next_tvb, pinfo, top_tree);