Add support for IPv6 heuristic dissectors.

This adds limited support for heuristic subdissectors with IPv6. The initial motivation is STT but it should transparently work for other protocols using IP heuristic dissectors in a manner similar to the non-heuristic dissectors. The limitation is in regards to IPv6 extension headers. IPv6 has multiple checks against the next protocol table when determining when the protocol is an unknown extension header or not. This assumes that the check is cheap and has no side effects, neither of which is true for heuristic dissectors. As a compromise, this assumes that the next protocol is registered as protocol, even if is not the one that is ultimately dissected. Although not strictly correct, in practice this is true for existing protocols and likely future ones because the heuristic dissectors are overriding non-heuristic ones. Change-Id: Iff8cfc148ced5ca16191cc2b1879ad87e38d23cd Reviewed-on: https://code.wireshark.org/review/8197 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
author: Jesse Gross <jesse@nicira.com> 2015-04-25 20:29:30 -0700
committer: Pascal Quantin <pascal.quantin@gmail.com> 2015-05-03 18:30:31 +0000
commit: 26a3573f90291975d54e61a04f12b46fcc3931db (patch)
tree: 5711fb789a1d155fa54abb5ba3e0a3e0db89cdd6 /epan/dissectors/packet-ip.c
parent: 812d31122abd347a36fec98e43253c5a423e6dd3 (diff)
1 files changed, 30 insertions, 13 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c
index 22cf9a8772..80743175c6 100644
--- a/epan/dissectors/packet-ip.c
+++ b/epan/dissectors/packet-ip.c
@@ -1950,6 +1950,31 @@ static const true_false_string flags_sf_set_evil = {
   "Not evil"
 };
 
+gboolean
+ip_try_dissect(gboolean heur_first, tvbuff_t *tvb, packet_info *pinfo,
+               proto_tree *tree, ws_ip *iph)
+{
+  heur_dtbl_entry_t *hdtbl_entry;
+
+  if ((heur_first) && (dissector_try_heuristic(heur_subdissector_list, tvb,
+                       pinfo, tree, &hdtbl_entry, iph))) {
+    return TRUE;
+  }
+
+  if (dissector_try_uint_new(ip_dissector_table, iph->ip_p, tvb, pinfo,
+                             tree, TRUE, iph)) {
+    return TRUE;
+  }
+
+  if ((!heur_first) && (!dissector_try_heuristic(heur_subdissector_list, tvb,
+                                                 pinfo, tree, &hdtbl_entry,
+                                                 iph))) {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
 static void
 dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 {
@@ -1959,7 +1984,6 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
   int        offset = 0, dst_off;
   guint      hlen, optlen;
   guint16    flags;
-  guint8     nxt;
   guint16    ipsum;
   guint16    expected_cksum;
   fragment_head *ipfd_head = NULL;
@@ -1972,7 +1996,6 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
   proto_item *item = NULL, *ttl_item;
   proto_tree *checksum_tree;
   guint16 ttl;
-  heur_dtbl_entry_t *hdtbl_entry;
 
   tree = parent_tree;
   iph = (ws_ip *)wmem_alloc(wmem_packet_scope(), sizeof(ws_ip));
@@ -2349,7 +2372,6 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 
   /* Skip over header + options */
   offset += hlen;
-  nxt = iph->ip_p;  /* XXX - what if this isn't the same for all fragments? */
 
   /* If ip_defragment is on, this is a fragment, we have all the data
    * in the fragment, and the header checksum is valid, then just add
@@ -2420,18 +2442,13 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
      even be labeled as an IP frame; ideally, if a frame being dissected
      throws an exception, it'll be labeled as a mangled frame of the
      type in question. */
-  if ((try_heuristic_first) && (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, parent_tree, &hdtbl_entry, iph))) {
-    /* We're good */
-  } else if (!dissector_try_uint_new(ip_dissector_table, nxt, next_tvb, pinfo,
-                                 parent_tree, TRUE, iph)) {
-    if ((!try_heuristic_first) && (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, parent_tree, &hdtbl_entry, iph))) {
-      /* Unknown protocol */
-      if (update_col_info) {
-        col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
+  if (!ip_try_dissect(try_heuristic_first, next_tvb, pinfo, parent_tree, iph)) {
+    /* Unknown protocol */
+    if (update_col_info) {
+      col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
                    ipprotostr(iph->ip_p), iph->ip_p);
-      }
-      call_dissector(data_handle,next_tvb, pinfo, parent_tree);
     }
+    call_dissector(data_handle,next_tvb, pinfo, parent_tree);
   }
   pinfo->fragmented = save_fragmented;
 }
author	Jesse Gross <jesse@nicira.com>	2015-04-25 20:29:30 -0700
committer	Pascal Quantin <pascal.quantin@gmail.com>	2015-05-03 18:30:31 +0000
commit	26a3573f90291975d54e61a04f12b46fcc3931db (patch)
tree	5711fb789a1d155fa54abb5ba3e0a3e0db89cdd6 /epan/dissectors/packet-ip.c
parent	812d31122abd347a36fec98e43253c5a423e6dd3 (diff)