Hello,
I'm trying to write a new dissector.
The protocol is over TLS so in order to do dissection I need to decrypt TLS (dumping the key setting SSLKEYLOGFILE variable).
So inside the new dissector I'm writing I need first to call the ssl decryption and then starting parsing payload bytes.
What is the right way to use the API?
I tried this...mimic the PROTOABBREV skeleton and then add ssl_dissector add in the proto_reg_handoff
but it wil result in a crash with this error message
Main Warn QObject::setParent: Cannot set parent, new parent is in a different thread
void
proto_reg_handoff_newproto(void)
{
dissector_handle_t newproto_handle;
/* Use create_dissector_handle() to indicate that dissect_PROTOABBREV()
* returns the number of bytes it dissected (or 0 if it thinks the packet
* does not belong to PROTONAME).
*/
newproto_handle = create_dissector_handle(dissect_newproto,
proto_
newproto );
ssl_dissector_add(NEWPROTO_TCP_PORT, newproto_handle);
}
I could made it work if in the void proto_register_newproto(void)
I do these operations (not creating the handle dissector in the_reg_handoff_newproto)
newproto_handle = register_dissector("newproto", dissect_newproto, proto_newproto);
and in the reg_handoff_newproto I just make the call ssl_dissector_add(...)
and then when the callback dissect_newproto is called then in the tvb buffer I can see the decrypted bytes (provided I set for TLS the right file with the dumped key).
What is the proper way to achieve what I'm trying to do?
Thanks a lot.
Seba
