diff options
author | Mathias Kurth <mathias.kurth@commsolid.com> | 2018-02-23 15:31:18 +0100 |
---|---|---|
committer | Martin Mathieson <martin.r.mathieson@googlemail.com> | 2018-03-02 13:52:26 +0000 |
commit | 51165cfcb741319925322d3779d7e2214b890fd7 (patch) | |
tree | fd9b7c7019dc3e0a9a7e91d3cebf1773769364b8 | |
parent | 8451a8efdacc4a43d9df10571c7b09610eca7295 (diff) |
NAS-EPS: added heuristic udp dissector
Change-Id: I5df909ac55be5d00f73bd2403b2c7d4b3d1494ca
Reviewed-on: https://code.wireshark.org/review/26050
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
-rw-r--r-- | epan/dissectors/packet-nas_eps.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/epan/dissectors/packet-nas_eps.c b/epan/dissectors/packet-nas_eps.c index 9bfdb95acf..047f39012d 100644 --- a/epan/dissectors/packet-nas_eps.c +++ b/epan/dissectors/packet-nas_eps.c @@ -7750,9 +7750,44 @@ proto_register_nas_eps(void) &g_nas_eps_user_data_container_as_ip); } +/* Heuristic dissector looks for "nas-eps" string at packet start */ +static gboolean dissect_nas_eps_heur(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, void *data _U_) +{ + gint offset = 0; + tvbuff_t *nas_tvb; + + /* Needs to be at least as long as: + - the signature string + - at least one byte of NAS PDU payload */ + if (tvb_captured_length_remaining(tvb, offset) < (gint)(strlen(PFNAME)+1)) { + return FALSE; + } + + /* OK, compare with signature string */ + if (tvb_strneql(tvb, offset, PFNAME, strlen(PFNAME)) != 0) { + return FALSE; + } + offset += (gint)strlen(PFNAME); + + /* Clear protocol name */ + col_clear(pinfo->cinfo, COL_PROTOCOL); + + /* Clear info column */ + col_clear(pinfo->cinfo, COL_INFO); + + /* Create tvb that starts at actual NAS PDU */ + nas_tvb = tvb_new_subset_remaining(tvb, offset); + dissect_nas_eps(nas_tvb, pinfo, tree, NULL); + + return TRUE; +} + void proto_reg_handoff_nas_eps(void) { + heur_dissector_add("udp", dissect_nas_eps_heur, "NAS-EPS over UDP", "nas_eps_udp", proto_nas_eps, HEURISTIC_DISABLE); + gsm_a_dtap_handle = find_dissector_add_dependency("gsm_a_dtap", proto_nas_eps); lpp_handle = find_dissector_add_dependency("lpp", proto_nas_eps); nbifom_handle = find_dissector_add_dependency("nbifom", proto_nas_eps); |