ssl decryption in a dissector

[Sebastiano Di Paola <sebastiano.dipaola () gmail com>]

Hello,
I'm trying to write a new dissector.
The protocol is over TLS so in order to do dissection I need to decrypt TLS
(dumping the key setting SSLKEYLOGFILE variable).
So inside the new dissector I'm writing I need first to call the ssl
decryption and then starting parsing payload bytes.
What is the right way to use the API?

I tried this...mimic the PROTOABBREV skeleton and then add ssl_dissector
add in the proto_reg_handoff
but it wil result in a crash with this error message
 Main Warn QObject::setParent: Cannot set parent, new parent is in a
different thread

void
proto_reg_handoff_newproto(void)
{
    dissector_handle_t  newproto_handle;

    /* Use create_dissector_handle() to indicate that dissect_PROTOABBREV()
     * returns the number of bytes it dissected (or 0 if it thinks the
packet
     * does not belong to PROTONAME).
     */
    newproto_handle = create_dissector_handle(dissect_newproto,
            proto_ newproto );
     ssl_dissector_add(NEWPROTO_TCP_PORT, newproto_handle);
}


I could made it work if in the  void proto_register_newproto(void)
I do these operations (not creating the handle dissector in
the_reg_handoff_newproto)

 newproto_handle = register_dissector("newproto", dissect_newproto,
proto_newproto);

and in the reg_handoff_newproto I just make the call ssl_dissector_add(...)
and then when the callback dissect_newproto is called then in the tvb
buffer I can see the decrypted bytes (provided I set for TLS the right file
with the dumped key).

What is the proper way to achieve what I'm trying to do?

Thanks a lot.
Seba

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe