Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: wireshark dissector logformat revamp #2345

wants to merge 9 commits into
base: master


Copy link

commented Feb 11, 2019

Improvements to the beta version of the wireshark plugin integration.

Wireshark plugin needs to be revamped to be able to take advantage of this new key output format, which is a work in progress. I'll update this PR once that is done.

arowser added 3 commits Nov 27, 2018
tal_hexstr(NULL, &cs->rk, sizeof(cs->rk)),
tal_hexstr(NULL, &cs->r_ck, sizeof(cs->r_ck)));

if (fputs(keys, fp) == -1) {

This comment has been minimized.

Copy link

niftynei Feb 12, 2019

Author Collaborator

@rustyrussell fputs fails the check-discouraged-functions check -- what would you recommend we replace it with?

wireshark-dissector: write both keys, mapped to host
previous iteration of the wireshark plugin used the length_mac
as the 'key' for the sending key. instead, let's map the
sending + receiving keys to the node's wireaddress, so that
wireshark can look them up by hostname.

sending key mapped as:    ->addr:port sending_key
receiving key mapped as:  <-addr:port receiving_key

currently borked -- updating the keys fails on delete.

@niftynei niftynei force-pushed the niftynei:nifty/dissector branch 2 times, most recently from 55844d9 to 6010565 Feb 12, 2019


void dissector_remove_connection(const char *our_addr, const char *peer_addr)

This comment has been minimized.

Copy link

niftynei Feb 12, 2019

Author Collaborator

currently unused...

niftynei and others added 5 commits Feb 12, 2019
wireshark-dissector: pivot to incrementing keys in wireshark
Keeping a mapping of channels to keys in a single file isn't the
best idea. Instead, let's print out all the starting info for a
channel, and allow the wireshark plugin to increment the keys
for itself, in a round of merry brute force-age.

This pivot means that we now keep a directory of files, one
for each peer connection. On connect, we print the crypto state
to the file.

WIP: getting the IP address and port for the local socket. Coming soon!
connectd: extract helper to get wireaddr of local end of socket.
Signed-off-by: Rusty Russell <>
wireshark-dissector: use local name in file address
Print out local ip + socket as filename for keyset for a connection,
so that wireshark can figure out which connection the keys belong to.

@niftynei niftynei force-pushed the niftynei:nifty/dissector branch from 6010565 to 9ba8879 Feb 12, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
4 participants
You can’t perform that action at this time.