diff options
| author | Jeff Morriss <jeff.morriss@ulticom.com> | 2012-03-02 03:39:16 +0000 |
|---|---|---|
| committer | Jeff Morriss <jeff.morriss@ulticom.com> | 2012-03-02 03:39:16 +0000 |
| commit | bb9b8880af5e40893ea3ac137d9de57f7783b43c (patch) | |
| tree | 7b73299fe1ffffac54d5046bb694d76e10fffbd2 /epan/dissectors/packet-cipmotion.c | |
| parent | 1ff7c5d916952de778b580ce8cca81ec9ef0fc70 (diff) | |
From Michael Mann via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6893 :
The attached patches fix the following issues:
1. CIP-Motion shouldn't be a heuristic dissector. CIP-Motion packets are
determined by specific fields in a CIP ForwardOpen. I ran into situations
where CIP-Motion's "vague" heuristics incorrectly dissected packets meant for
CIP-Safety. Of course this requires the ForwardOpen to be in the trace, but it
is the most deterministic way to have CIP-Motion packets.
2. Minor bugfix to the CIP-Safety dissector. A couple of fields were
"missing", causing errant malformed packets.
svn path=/trunk/; revision=41283
Diffstat (limited to 'epan/dissectors/packet-cipmotion.c')
| -rw-r--r-- | epan/dissectors/packet-cipmotion.c | 30 |
1 files changed, 2 insertions, 28 deletions
diff --git a/epan/dissectors/packet-cipmotion.c b/epan/dissectors/packet-cipmotion.c index ee547a4b81..ba2fddcf5f 100644 --- a/epan/dissectors/packet-cipmotion.c +++ b/epan/dissectors/packet-cipmotion.c @@ -1888,33 +1888,6 @@ dissect_cipmotion(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree) } } -static gboolean -dissect_cipmotion_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) -{ - if ( - /* The total message size is 10 bytes long at a minimum, 2 bytes for the - * update id and 8 bytes for the protocol header */ - (tvb_length(tvb) >= 10) && - /* The connection format is between 4 and 7 (fixed format message is very unlikely) */ - ( (tvb_get_guint8(tvb, 2) >= 4) || - (tvb_get_guint8(tvb, 2) <= 7) ) && - /* The datagram format revision is 2 */ - (tvb_get_guint8(tvb, 3) == 2) && - /* The node control field is a maximum of Fh */ - (tvb_get_guint8(tvb, 5) <= 0x0F) && - /* If all valid bits are set in the time data set the value is 0x0F at a maximum */ - (tvb_get_guint8(tvb, 9) <= 0x0F) ) - { - /* ...then attempt a dissection */ - dissect_cipmotion(tvb, pinfo, tree); - return TRUE; - } - else - { - return FALSE; - } -} - /* * Function name: proto_register_cipmotion * @@ -2181,6 +2154,8 @@ proto_register_cipmotion(void) /* Register the subtrees for the protocol dissection */ proto_register_subtree_array(cip_subtree, array_length(cip_subtree)); + + register_dissector( "cipmotion", dissect_cipmotion, proto_cipmotion); } /* @@ -2194,7 +2169,6 @@ proto_register_cipmotion(void) void proto_reg_handoff_cipmotion(void) { - heur_dissector_add("enip.cpf.conndata", dissect_cipmotion_heur, proto_cipmotion); } |