diff options
| author | cmaynard <cmaynard@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-06-01 18:34:41 +0000 |
|---|---|---|
| committer | cmaynard <cmaynard@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-06-01 18:34:41 +0000 |
| commit | dbfa7bf514f1b91a8f65906d3d16a2833b4280a4 (patch) | |
| tree | 8c6cbc1e19da637eb57e037589ef9863c0adbcde /epan/dissectors/packet-dtls.c | |
| parent | 7024c0a8b717f710dd4b5753e83e231a05b35c0c (diff) | |
From Michael Chen via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5863, with some additional enhancements by me: Add dtls heuristics.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37511 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-dtls.c')
| -rw-r--r-- | epan/dissectors/packet-dtls.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index b1ac0ed488..cc8fac7125 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -2399,6 +2399,61 @@ proto_register_dtls(void) register_heur_dissector_list("dtls", &heur_subdissector_list); } +static gboolean +dissect_dtls_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + /* Stronger confirmation of DTLS packet is provided by verifying the + * payload length against the remainder of the UDP packet size. */ + guint length = tvb_length(tvb); + guint offset = 0; + + if (tvb_reported_length(tvb) == length) { + while (offset + 13 <= length && looks_like_dtls(tvb, offset)) { + /* Advance offset to the end of the current DTLS record */ + offset += tvb_get_ntohs(tvb, offset + 11) + 13; + if (offset == length) { + dissect_dtls(tvb, pinfo, tree); + return TRUE; + } + } + + if (pinfo->fragmented && offset >= 13) { + dissect_dtls(tvb, pinfo, tree); + return TRUE; + } + return FALSE; + } + + /* We've got a truncated packet - do our best with what we've got. */ + while (tvb_length_remaining(tvb, offset) >= 3) { + if (!looks_like_dtls(tvb, offset)) + return FALSE; + + offset += 3; + if (tvb_length_remaining(tvb, offset) >= 10 ) { + offset += tvb_get_ntohs(tvb, offset + 8) + 10; + } else { + /* Dissect what we've got, which might be as little as 3 bytes. */ + dissect_dtls(tvb, pinfo, tree); + return TRUE; + } + if (offset == length) { + /* Can this ever happen? Well, just in case ... */ + dissect_dtls(tvb, pinfo, tree); + return TRUE; + } + } + + /* One last check to see if the current offset is at least less than the + * original number of bytes present before truncation or we're dealing with + * a packet fragment that's also been truncated. */ + if ((length >= 3) && (offset <= tvb_reported_length(tvb) || pinfo->fragmented)) { + dissect_dtls(tvb, pinfo, tree); + return TRUE; + } + return FALSE; +} + /* If this dissector uses sub-dissector registration add a registration * routine. This format is required because a script is used to find * these routines and create the code that calls these routines. @@ -2409,4 +2464,6 @@ proto_reg_handoff_dtls(void) /* add now dissector to default ports.*/ dtls_parse(); + + heur_dissector_add("udp", dissect_dtls_heur, proto_dtls); } |