diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2017-08-25 18:37:25 -0700 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2017-08-28 23:48:57 +0000 |
| commit | 6cd7d99cb98c17c593948753d2a3b2a65d4f6040 (patch) | |
| tree | eb1bfd5dedae0b95bea78cb99a08e0c2e93d7570 /epan/dissectors/packet-snort.c | |
| parent | b3f5700ed4f3d5913d94dd0920fbc9df57adb090 (diff) | |
snort: do not unconditionally prime tcp.reassembled_in
Priming has some side-effects, do not do it unless the user explicitly
enables a preference. This transfers the owernship of wanted_hfids to
set_postdissector_wanted_hfids.
Ping-Bug: 13996
Change-Id: I77389f54d9a505cf6f2e4deb5f6ee6e508417270
Reviewed-on: https://code.wireshark.org/review/23231
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-snort.c')
| -rw-r--r-- | epan/dissectors/packet-snort.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/epan/dissectors/packet-snort.c b/epan/dissectors/packet-snort.c index 27a90a4d78..563ac2ae30 100644 --- a/epan/dissectors/packet-snort.c +++ b/epan/dissectors/packet-snort.c @@ -1245,6 +1245,17 @@ static void snort_start(void) NULL }; + /* Enable field priming if required. */ + if (snort_alert_in_reassembled_frame) { + /* Add items we want to try to get to find before we get called. + For now, just ask for tcp.reassembled_in, which won't be seen + on the first pass through the packets. */ + GArray *wanted_hfids = g_array_new(FALSE, FALSE, (guint)sizeof(int)); + int id = proto_registrar_get_id_byname("tcp.reassembled_in"); + g_array_append_val(wanted_hfids, id); + set_postdissector_wanted_hfids(snort_handle, wanted_hfids); + } + /* Nothing to do if not enabled, but registered init function gets called anyway */ if ((pref_snort_alerts_source == FromNowhere) || !proto_is_protocol_enabled(find_protocol_by_id(proto_snort))) { @@ -1355,6 +1366,9 @@ static void snort_file_cleanup(void) if (g_snort_config) { delete_config(&g_snort_config); } + + /* Disable field priming that got enabled in the init routine. */ + set_postdissector_wanted_hfids(snort_handle, NULL); } void @@ -1364,14 +1378,6 @@ proto_reg_handoff_snort(void) * work as a non-root user (couldn't read stdin) * TODO: could run snort just to get the version number and check the config file is readable? * TODO: could make snort config parsing less forgiving and use that as a test? */ - - /* Add items we want to try to get to find before we get called. - For now, just ask for tcp.reassembled_in, which won't be seen - on the first pass through the packets. */ - GArray *wanted_hfids = g_array_new(FALSE, FALSE, (guint)sizeof(int)); - int id = proto_registrar_get_id_byname("tcp.reassembled_in"); - g_array_append_val(wanted_hfids, id); - set_postdissector_wanted_hfids(snort_handle, wanted_hfids); } void |