Dissector decrypting TLS on a variable Port

asked 2021-05-27 11:07:47 +0000


I'm working on a dissector to dissect TLS encrypted packages.

I use the ssl_dissector_add(PORT, my_handle) function in the proto_reg_handoff method, to decrypt the TLS packages, which works fine as long as i use for PORT a static number from the start, or 0.

If I use 0, my dissector is being added to the "decode as" list and therefore it needs to be selected by the user. I want the behaviour you would get if PORT would be a static number, and thats where my issue starts:

The port on which my dissector should be running on can be variable from pcap trace to pcap trace. Before the communication with that protocol starts there is a package that provides me with the information on which port the communication will be on. I can store that value, but at that time there is no use for it anymore to put it into that ssl_dissector_add function.

I guess i have to go some layer above of the dissector to handle that, but i couldnt find any information about how to integrate something like that. Maybe someone can guide me how such an implementation would be done since I'm kinda new to this as well.

edit retag flag offensive close merge delete