aboutsummaryrefslogtreecommitdiffstats
path: root/epan
diff options
context:
space:
mode:
authorUli Heilmeier <uh@heilmeier.eu>2017-07-25 22:12:52 +0200
committerMichael Mann <mmann78@netscape.net>2017-07-31 11:19:41 +0000
commit6cff9c8da6a8190258f3b392312297ca2ac11e33 (patch)
treebed90f63abb4da9c052e06fa324ac093e69ade04 /epan
parent38b7660eeddbda98d406dd130f2a3bda08ca1977 (diff)
Netflow: Reassemble flows spanning multiple PDUs
Flows records can span multiple PDUs (e.g when using TCP). This commit adds the preference to reassemble flows. Bug: 13915 Change-Id: I10eb0d9ee5ff5cc06ff52d0d0c8c468140e0273b Reviewed-on: https://code.wireshark.org/review/22792 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan')
-rw-r--r--epan/dissectors/packet-netflow.c31
1 files changed, 30 insertions, 1 deletions
diff --git a/epan/dissectors/packet-netflow.c b/epan/dissectors/packet-netflow.c
index 0ba6011d70..d14c99564f 100644
--- a/epan/dissectors/packet-netflow.c
+++ b/epan/dissectors/packet-netflow.c
@@ -161,6 +161,7 @@ void proto_reg_handoff_netflow(void);
#define IPFIX_UDP_PORTS "4739"
#define REVPEN 29305
static dissector_handle_t netflow_handle;
+static dissector_handle_t netflow_tcp_handle;
/* If you want sort of safely to send enterprise specific element IDs
using v9 you need to stake a claim in the wilds with the high bit
@@ -177,6 +178,8 @@ static range_t *global_netflow_ports = NULL;
*/
static range_t *global_ipfix_ports = NULL;
+static gboolean netflow_preference_desegment = TRUE;
+
/*
* Flowset (template) ID's
*/
@@ -16629,11 +16632,36 @@ proto_register_netflow(void)
" (default: " G_STRINGIFY(V9_TMPLT_MAX_FIELDS_DEF) ")",
10, &v9_tmplt_max_fields);
+ prefs_register_bool_preference(netflow_module, "desegment", "Reassemble Netflow v10 messages spanning multiple TCP segments.", "Whether the Netflow/Ipfix dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", &netflow_preference_desegment);
+
v9_v10_tmplt_table = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), v9_v10_tmplt_table_hash, v9_v10_tmplt_table_equal);
netflow_sequence_analysis_domain_hash = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), g_direct_hash, g_direct_equal);
netflow_sequence_analysis_result_hash = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), g_direct_hash, g_direct_equal);
}
+static guint
+get_netflow_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
+{
+ unsigned int ver;
+ guint16 plen;
+
+ ver = tvb_get_ntohs(tvb, offset);
+ if (ver == 10) {
+ plen = tvb_get_ntohs(tvb, offset+2);
+ } else {
+ plen = tvb_reported_length(tvb);
+ }
+
+ return plen;
+}
+
+static int
+dissect_tcp_netflow(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
+{
+ tcp_dissect_pdus(tvb, pinfo, tree, netflow_preference_desegment, 4, get_netflow_pdu_len,
+ dissect_netflow, data);
+ return tvb_reported_length(tvb);
+}
/*
* protocol/port association
@@ -16665,9 +16693,10 @@ proto_reg_handoff_netflow(void)
if (!netflow_prefs_initialized) {
netflow_handle = create_dissector_handle(dissect_netflow, proto_netflow);
+ netflow_tcp_handle = create_dissector_handle(dissect_tcp_netflow, proto_netflow);
netflow_prefs_initialized = TRUE;
dissector_add_uint("wtap_encap", WTAP_ENCAP_RAW_IPFIX, netflow_handle);
- dissector_add_uint_range_with_preference("tcp.port", IPFIX_UDP_PORTS, netflow_handle);
+ dissector_add_uint_range_with_preference("tcp.port", IPFIX_UDP_PORTS, netflow_tcp_handle);
} else {
dissector_delete_uint_range("udp.port", netflow_ports, netflow_handle);
wmem_free(wmem_epan_scope(), netflow_ports);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 16:29:52 +0000