When looking for dissectors for the source and destination port numbers

in TCP, UDP, and SCTP, try the lower port number first, and then the higher port number; this means that, for packets where a dissector is registered for *both* port numbers: 1) we pick the same dissector for traffic going in both directions; 2) we prefer the port number that's more likely to be the right one (as that prefers well-known ports to reserved ports); although there is, of course, no guarantee that any such strategy will always pick the right port number. Ignore port numbers of 0, as some dissectors use a port number of 0 to disable the port, and as RFC 768 says that the source port in UDP datagrams is optional and is 0 if not used. svn path=/trunk/; revision=5656
author: Guy Harris <guy@alum.mit.edu> 2002-06-08 21:54:52 +0000
committer: Guy Harris <guy@alum.mit.edu> 2002-06-08 21:54:52 +0000
commit: 2be8f3e875aa6f9f32837904e0f6252bf86c0298 (patch)
tree: f913a56fe5ed2c9b52e7323513f1c3597cb2e1bf
parent: 9920d2c2578b8ff6bca57cc72b4971a02c0605f0 (diff)
3 files changed, 103 insertions, 25 deletions
diff --git a/packet-sctp.c b/packet-sctp.c
index 47536178b0..1587dd937e 100644
--- a/packet-sctp.c
+++ b/packet-sctp.c
@@ -10,7 +10,7 @@
  * - support for reassembly
  * - code cleanup
  *
- * $Id: packet-sctp.c,v 1.37 2002/05/30 08:34:18 guy Exp $
+ * $Id: packet-sctp.c,v 1.38 2002/06/08 21:54:52 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -1317,24 +1317,51 @@ static gboolean
 dissect_payload(tvbuff_t *payload_tvb, packet_info *pinfo, proto_tree *tree,
 		proto_tree *chunk_tree, guint32 ppi, guint16 payload_length, guint16 padding_length)
 {
-  /* do lookup with the subdissector table */
-  if (dissector_try_port (sctp_ppi_dissector_table, ppi,  payload_tvb, pinfo, tree) ||
-      dissector_try_port(sctp_port_dissector_table, pinfo->srcport,  payload_tvb, pinfo, tree) ||
-      dissector_try_port(sctp_port_dissector_table, pinfo->destport, payload_tvb, pinfo, tree)){
+  guint32 low_port, high_port;
+
+  /* Do lookups with the subdissector table.
+
+     When trying port numbers, we try the port number with the lower value
+     first, followed by the port number with the higher value.  This means
+     that, for packets where a dissector is registered for *both* port
+     numbers, and where there's no match on the PPI:
+
+	1) we pick the same dissector for traffic going in both directions;
+
+	2) we prefer the port number that's more likely to be the right
+	   one (as that prefers well-known ports to reserved ports);
+
+     although there is, of course, no guarantee that any such strategy
+     will always pick the right port number.
+
+     XXX - we ignore port numbers of 0, as some dissectors use a port
+     number of 0 to disable the port. */
+  if (dissector_try_port(sctp_ppi_dissector_table, ppi, payload_tvb, pinfo, tree))
     return TRUE;
+  if (pinfo->srcport > pinfo->destport) {
+    low_port = pinfo->destport;
+    high_port = pinfo->srcport;
+  } else {
+    low_port = pinfo->srcport;
+    high_port = pinfo->destport;
   }
-  else {
-    if (check_col(pinfo->cinfo, COL_INFO))
-      col_append_str(pinfo->cinfo, COL_INFO, "DATA ");
-    proto_tree_add_text(chunk_tree, payload_tvb, 0, payload_length,
-			"Payload (%u byte%s)",
-			payload_length, plurality(payload_length, "", "s")); 
-    if (padding_length > 0)
-      proto_tree_add_text(chunk_tree, payload_tvb, payload_length, padding_length,
-			  "Padding: %u byte%s",
-			  padding_length, plurality(padding_length, "", "s"));
-    return FALSE;
-  }
+  if (low_port != 0 &&
+      dissector_try_port(sctp_port_dissector_table, low_port, payload_tvb, pinfo, tree))
+    return TRUE;
+  if (high_port != 0 &&
+      dissector_try_port(sctp_port_dissector_table, high_port, payload_tvb, pinfo, tree))
+    return TRUE;
+
+  if (check_col(pinfo->cinfo, COL_INFO))
+    col_append_str(pinfo->cinfo, COL_INFO, "DATA ");
+  proto_tree_add_text(chunk_tree, payload_tvb, 0, payload_length,
+		      "Payload (%u byte%s)",
+		      payload_length, plurality(payload_length, "", "s")); 
+  if (padding_length > 0)
+    proto_tree_add_text(chunk_tree, payload_tvb, payload_length, padding_length,
+			"Padding: %u byte%s",
+			padding_length, plurality(padding_length, "", "s"));
+  return FALSE;
 }
 
 static gboolean
diff --git a/packet-tcp.c b/packet-tcp.c
index c8a1db09ac..515075d9d1 100644
--- a/packet-tcp.c
+++ b/packet-tcp.c
@@ -1,7 +1,7 @@
 /* packet-tcp.c
  * Routines for TCP packet disassembly
  *
- * $Id: packet-tcp.c,v 1.143 2002/06/04 07:03:46 guy Exp $
+ * $Id: packet-tcp.c,v 1.144 2002/06/08 21:54:52 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -1023,6 +1023,7 @@ decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
 	proto_tree *tree, int src_port, int dst_port)
 {
   tvbuff_t *next_tvb;
+  int low_port, high_port;
 
   next_tvb = tvb_new_subset(tvb, offset, -1, -1);
 
@@ -1033,9 +1034,33 @@ decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
 		src_port, dst_port, next_tvb, pinfo, tree))
     return;
 
-  /* do lookup with the subdissector table */
-  if (dissector_try_port(subdissector_table, src_port, next_tvb, pinfo, tree) ||
-      dissector_try_port(subdissector_table, dst_port, next_tvb, pinfo, tree))
+  /* Do lookups with the subdissector table.
+     We try the port number with the lower value first, followed by the
+     port number with the higher value.  This means that, for packets
+     where a dissector is registered for *both* port numbers:
+
+	1) we pick the same dissector for traffic going in both directions;
+
+	2) we prefer the port number that's more likely to be the right
+	   one (as that prefers well-known ports to reserved ports);
+
+     although there is, of course, no guarantee that any such strategy
+     will always pick the right port number.
+
+     XXX - we ignore port numbers of 0, as some dissectors use a port
+     number of 0 to disable the port. */
+  if (src_port > dst_port) {
+    low_port = dst_port;
+    high_port = src_port;
+  } else {
+    low_port = src_port;
+    high_port = dst_port;
+  }
+  if (low_port != 0 &&
+      dissector_try_port(subdissector_table, low_port, next_tvb, pinfo, tree))
+    return;
+  if (high_port != 0 &&
+      dissector_try_port(subdissector_table, high_port, next_tvb, pinfo, tree))
     return;
 
   /* do lookup with the heuristic subdissector table */
diff --git a/packet-udp.c b/packet-udp.c
index aab65d01ad..32d8ce4ed4 100644
--- a/packet-udp.c
+++ b/packet-udp.c
@@ -1,7 +1,7 @@
 /* packet-udp.c
  * Routines for UDP packet disassembly
  *
- * $Id: packet-udp.c,v 1.102 2002/01/22 15:05:43 nneul Exp $
+ * $Id: packet-udp.c,v 1.103 2002/06/08 21:54:51 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -88,6 +88,7 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
 	proto_tree *tree, int uh_sport, int uh_dport)
 {
   tvbuff_t *next_tvb;
+  int low_port, high_port;
 
   next_tvb = tvb_new_subset(tvb, offset, -1, -1);
 
@@ -98,9 +99,34 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
 		uh_sport, uh_dport, next_tvb, pinfo, tree))
     return;
 
-  /* do lookup with the subdissector table */
-  if (dissector_try_port(udp_dissector_table, uh_sport, next_tvb, pinfo, tree) ||
-      dissector_try_port(udp_dissector_table, uh_dport, next_tvb, pinfo, tree))
+  /* Do lookups with the subdissector table.
+     We try the port number with the lower value first, followed by the
+     port number with the higher value.  This means that, for packets
+     where a dissector is registered for *both* port numbers:
+
+	1) we pick the same dissector for traffic going in both directions;
+
+	2) we prefer the port number that's more likely to be the right
+	   one (as that prefers well-known ports to reserved ports);
+
+     although there is, of course, no guarantee that any such strategy
+     will always pick the right port number.
+
+     XXX - we ignore port numbers of 0, as some dissectors use a port
+     number of 0 to disable the port, and as RFC 768 says that the source
+     port in UDP datagrams is optional and is 0 if not used. */
+  if (uh_sport > uh_dport) {
+    low_port = uh_dport;
+    high_port = uh_sport;
+  } else {
+    low_port = uh_sport;
+    high_port = uh_dport;
+  }
+  if (low_port != 0 &&
+      dissector_try_port(udp_dissector_table, low_port, next_tvb, pinfo, tree))
+    return;
+  if (high_port != 0 &&
+      dissector_try_port(udp_dissector_table, high_port, next_tvb, pinfo, tree))
     return;
 
   /* do lookup with the heuristic subdissector table */
author	Guy Harris <guy@alum.mit.edu>	2002-06-08 21:54:52 +0000
committer	Guy Harris <guy@alum.mit.edu>	2002-06-08 21:54:52 +0000
commit	2be8f3e875aa6f9f32837904e0f6252bf86c0298 (patch)
tree	f913a56fe5ed2c9b52e7323513f1c3597cb2e1bf
parent	9920d2c2578b8ff6bca57cc72b4971a02c0605f0 (diff)