fix TLS error in praseing PCAP #12
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hey @songwei163, Thanks for this! I think this probably explains what #9, #10 and #11 have also been seeing and the fix seems simple enough. I'm a bit hesitant to merge this though, as this removes backwards compatibility with older versions of Wireshark that didn't have this setup. Would it be possible for you to adjust the code to check for both versions/options of the TLS data location and use the correct one depending on which seems present in the JSON tshark output? That way older setups won't break with this merge. Thanks again, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fix TLS error in praseing PCAP
In version 3.6.5 of tshark,there is a problem when convert pcap to qlog.
{ "qlog_version": "draft-01", "description": "", "traces": [ { "error_description": "Error: ParserPCAP: no tls info known for the first QUIC initial, not supported! Are you sure the trace decrypted? : [object Object],I noticed that some fields changed when tshark converted the JSON file.
"quic.frame": [ { "quic.frame_type": "6", "quic.crypto.offset": "0", "quic.crypto.length": "90", "quic.crypto.crypto_data": "", "tls": { "tls.handshake": { "tls.handshake.type": "2",So I changed the logic to identify an encrypted frame.