diff options
author | John Thacker <johnthacker@gmail.com> | 2021-10-03 12:53:52 -0400 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-10-04 06:58:46 +0000 |
commit | 5c185238a49bb6b2120d5a32f75ba99e0891919f (patch) | |
tree | f8d945b7ccab3b7d7a376a61058262e13d5aa2dd | |
parent | e05f704606c5787a9f7899eebb29686f8a8e8a02 (diff) |
BT-DHT: Test packets even if the dissector is set
BitTorrent clients use the same UDP conversation for both DHT and
uTP, switching back and forth between the two at connection start.
So even if the dissector has been set for the conversation or
ports to BT-DHT, test the packet and reject it if not DHT in order
to give the uTP dissector a chance. Fix #17626
-rw-r--r-- | epan/dissectors/packet-bt-dht.c | 46 |
1 files changed, 33 insertions, 13 deletions
diff --git a/epan/dissectors/packet-bt-dht.c b/epan/dissectors/packet-bt-dht.c index a47a4f82c5..e1cab24b31 100644 --- a/epan/dissectors/packet-bt-dht.c +++ b/epan/dissectors/packet-bt-dht.c @@ -526,9 +526,38 @@ dissect_bencoded_dict(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint return offset; } +static gboolean +test_bt_dht(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_) +{ + + /* try dissecting */ + /* Assume dictionary (d) is followed by a one char long (1:) key string. */ + + if(tvb_captured_length_remaining(tvb, offset) < 4) + return FALSE; + + if(tvb_memeql(tvb, offset, "d1:", 3) != 0) + return FALSE; + + /* Is 'key' a valid key ? */ + if(try_val_to_str(tvb_get_guint8(tvb, offset+3), short_key_name_value_string) == NULL) + return FALSE; + + return TRUE; +} + static int -dissect_bt_dht(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +dissect_bt_dht(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { + /* BitTorrent clients use the same UDP connection for DHT as for uTP. + * So even if this has been set as the dissector for this conversation + * or port, test it and reject it if not BT-DHT in order to give other + * dissectors, especially BT-uTP, a chance. + */ + if (!test_bt_dht(pinfo, tvb, 0, data)) { + return 0; + } + col_set_str(pinfo->cinfo, COL_PROTOCOL, "BT-DHT"); col_clear(pinfo->cinfo, COL_INFO); col_set_str(pinfo->cinfo, COL_INFO, "BitTorrent DHT Protocol"); @@ -538,22 +567,13 @@ dissect_bt_dht(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ static gboolean dissect_bt_dht_heur (tvbuff_t *tvb, packet_info *pinfo, - proto_tree *tree, void *data _U_) + proto_tree *tree, void *data) { conversation_t *conversation; - /* try dissecting */ - /* Assume dictionary (d) is followed by a one char long (1:) key string. */ - - if(tvb_captured_length(tvb) < 4) - return FALSE; - - if(tvb_memeql(tvb, 0, "d1:", 3) != 0) - return FALSE; - - /* Is 'key' a valid key ? */ - if(try_val_to_str(tvb_get_guint8(tvb, 3), short_key_name_value_string) == NULL) + if (!test_bt_dht(pinfo, tvb, 0, data)) { return FALSE; + } conversation = find_or_create_conversation(pinfo); conversation_set_dissector(conversation, bt_dht_handle); |