diff options
author | Guy Harris <guy@alum.mit.edu> | 2015-07-20 22:05:09 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2015-07-21 05:05:35 +0000 |
commit | 70d1c7238fd8e456d8b26afe1d5eb85149d40dd8 (patch) | |
tree | 6b4e7be31cfef9ebbfbcbbbba4289992abfce5d4 | |
parent | 8e4ae943b257280def01ee8fb4670d2a70370a59 (diff) |
Don't make dummy RPC program entries.
Just hand the payload off to the data dissector.
Change-Id: I59a61ec6352ef0b0c51382d68ca23b00010eb723
Reviewed-on: https://code.wireshark.org/review/9733
Reviewed-by: Guy Harris <guy@alum.mit.edu>
-rw-r--r-- | epan/dissectors/packet-rpc.c | 98 |
1 files changed, 38 insertions, 60 deletions
diff --git a/epan/dissectors/packet-rpc.c b/epan/dissectors/packet-rpc.c index 59dfd25d3a..915ae0fa15 100644 --- a/epan/dissectors/packet-rpc.c +++ b/epan/dissectors/packet-rpc.c @@ -1918,41 +1918,6 @@ dissect_rpc_continuation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } -/** - * Produce a dummy RPC program entry for the given RPC program key - * and version values. - */ - -static void -make_fake_rpc_prog_if_needed (guint32 prpc_prog_key, guint prog_ver) -{ - /* sanity check: no one uses versions > 10 */ - if(prog_ver>10){ - return; - } - - if(g_hash_table_lookup(rpc_progs, GUINT_TO_POINTER(prpc_prog_key)) == NULL) { - /* ok this is not a known rpc program so we - * will have to fake it. - */ - int proto_rpc_unknown_program; - char *NAME, *Name, *name; - static const vsff unknown_proc[] = { - { 0,"NULL",dissect_rpc_void,dissect_rpc_void }, - { 0,NULL,NULL,NULL } - }; - - NAME = g_strdup_printf("Unknown RPC Program:%d", prpc_prog_key); - Name = g_strdup_printf("RPC:%d", prpc_prog_key); - name = g_strdup_printf("rpc%d", prpc_prog_key); - proto_rpc_unknown_program = proto_register_protocol(NAME, Name, name); - - rpc_init_prog(proto_rpc_unknown_program, prpc_prog_key, ett_rpc_unknown_program); - rpc_init_proc_table(proto_rpc, prpc_prog_key, prog_ver, unknown_proc, hf_rpc_procedure); - - } -} - int dissect_rpc_void(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { @@ -2068,28 +2033,43 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if (tvb_get_ntohl(tvb, offset + 8) != 2 ){ return FALSE; } - /* let the user be able to weaken the heuristics if he need - * to look at proprietary protocols not known - * to wireshark. - */ - if(rpc_dissect_unknown_programs){ + /* Do we know this program? */ + if( (rpc_prog = (rpc_prog_info_value *)g_hash_table_lookup(rpc_progs, GUINT_TO_POINTER(rpc_prog_key))) != NULL) { + /* Yes. */ + proto = rpc_prog->proto; + proto_id = rpc_prog->proto_id; + ett = rpc_prog->ett; + progname = rpc_prog->progname; + } else { guint32 version; - /* if the user has specified that he wants to try to - * dissect even completely unknown RPC program numbers + /* No. + * If the user has specified that he wants to try to + * dissect even completely unknown RPC program numbers, * then let him do that. - * In this case we only check that the program number - * is neither 0 nor -1 which is better than nothing. + */ + if(!rpc_dissect_unknown_programs){ + /* They didn't, so just fail. */ + return FALSE; + } + /* Yes. Use some heuristics to keep from matching + * any packet with a 2 in the appropriate location. + * We check that the program number is neither + * 0 nor -1, and that the version is <= 10, which + * is better than nothing. */ if(rpc_prog_key==0 || rpc_prog_key==0xffffffff){ return FALSE; } version=tvb_get_ntohl(tvb, offset+16); - make_fake_rpc_prog_if_needed (rpc_prog_key, version); - } - if( (rpc_prog = (rpc_prog_info_value *)g_hash_table_lookup(rpc_progs, GUINT_TO_POINTER(rpc_prog_key))) == NULL) { - /* They're not, so it's probably not an RPC call. */ - return FALSE; + if(version>10){ + return FALSE; + } + + proto = NULL; + proto_id = 0; + ett = ett_rpc_unknown_program; + progname = wmem_strdup_printf(wmem_packet_scope(), "Unknown RPC program %u", rpc_prog_key); } break; @@ -2228,13 +2208,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, switch (msg_type) { case RPC_CALL: - /* we know already the proto-entry, the ETT-const, - and "rpc_prog" */ - proto = rpc_prog->proto; - proto_id = rpc_prog->proto_id; - ett = rpc_prog->ett; - progname = rpc_prog->progname; - rpcvers = tvb_get_ntohl(tvb, offset); if (rpc_tree) { proto_tree_add_uint(rpc_tree, @@ -2269,8 +2242,10 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, procname = dissector_handle_get_dissector_name(dissect_function); } else { - /* happens only with strange program versions or - non-existing dissectors */ + /* happens only with unknown program or version + * numbers + */ + dissect_function = data_handle; procname=wmem_strdup_printf(wmem_packet_scope(), "proc-%u", proc); } @@ -2497,6 +2472,10 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, procname = dissector_handle_get_dissector_name(dissect_function); } else { + /* happens only with unknown program or version + * numbers + */ + dissect_function = data_handle; procname=wmem_strdup_printf(wmem_packet_scope(), "proc-%u", rpc_call->proc); } @@ -2795,7 +2774,7 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* proto==0 if this is an unknown program */ if( (proto==0) || !proto_is_protocol_enabled(proto)){ - dissect_function = NULL; + dissect_function = data_handle; } /* @@ -4198,4 +4177,3 @@ proto_reg_handoff_rpc(void) * ex: set shiftwidth=8 tabstop=8 noexpandtab: * :indentSize=8:tabSize=8:noTabs=false: */ - |