Fix for bug 2452:

Tighten heuristics on DirectPlay player to player messages, so that RTP isn't mistaken as such.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@24965 f5534014-38df-0310-8fa8-9805f1628bb7

1 files changed, 17 insertions, 1 deletions

diff --git a/epan/dissectors/packet-dplay.c b/epan/dissectors/packet-dplay.c
index 6471b769b6..6151f05017 100644
--- a/epan/dissectors/packet-dplay.c
+++ b/epan/dissectors/packet-dplay.c
@@ -29,6 +29,14 @@
 # include "config.h"
 #endif
 
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>           /* needed to define AF_ values on Windows */
+#endif
+
 #include <epan/packet.h>
 #include <epan/prefs.h>
 #include <epan/emem.h>
@@ -356,7 +364,7 @@ static const value_string dplay_command_val[] = {
 
 static const value_string dplay_af_val[] = {
     { 0x0002, "AF_INET" },
-    { 0x0006, "AF_IPX" },
+    { 0x0006, "AF_IPX" },  /* XXX - sys/socket.h: AF_IPX is 4 ? */
     { 0     , NULL},
 };
 
@@ -1197,8 +1205,16 @@ static gboolean heur_dissect_dplay(tvbuff_t *tvb, packet_info *pinfo, proto_tree
     token = tvb_get_letohl(tvb, 0);
     token = (token & 0xfff00000) >> 20;
     if (token == 0xfab || token == 0xbab || token == 0xcab) {
+      /* Check the s_addr_in structure */
+      if (tvb_get_letohs(tvb, 4) == AF_INET) {
+        int offset;
+        for (offset = 12; offset <= 20; offset++)
+          if (tvb_get_guint8(tvb, offset) != 0)
+            return FALSE;
+
         dissect_dplay_player_msg(tvb, pinfo, tree);
         return TRUE;
+      }
     }
 
     return FALSE;