enhance heuristics:

some Siemens SIMATIC protocols also use COTP, and shouldn't be misinterpreted as SES. the starter in this case is fixed to 0x32 (SES_MINOR_SYNC_ACK for SES), so if the following parameter type is unknown, it's probably SIMATIC and not SES git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@15966 f5534014-38df-0310-8fa8-9805f1628bb7
author: ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7> 2005-09-22 21:16:54 +0000
committer: ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7> 2005-09-22 21:16:54 +0000
commit: 1f2dbd7bdfd6bba5d5ef7867a0689e349dca3283 (patch)
tree: 2076ad521a7d356b59324ea9524b918196b0b1de /epan/dissectors/packet-ses.c
parent: 5a1384718de46178f97d07da20c0d9f14f40ca1d (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ses.c b/epan/dissectors/packet-ses.c
index 9b57f17c67..6c95f6989b 100644
--- a/epan/dissectors/packet-ses.c
+++ b/epan/dissectors/packet-ses.c
@@ -1759,6 +1759,17 @@ dissect_ses_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 		return FALSE;  /* no, it isn't a session PDU */
 	}
 
+	/* some Siemens SIMATIC protocols also use COTP, and shouldn't be 
+	 * misinterpreted as SES.
+	 * the starter in this case is fixed to 0x32 (SES_MINOR_SYNC_ACK for SES), 
+	 * so if the parameter type is unknown, it's probably SIMATIC */
+	if(type == 0x32 && tvb_bytes_exist(tvb, 0, 3)) {
+		type = tvb_get_guint8(tvb, offset+2);
+		if (match_strval(type, param_vals) == NULL) {
+			return FALSE; /* it's probably a SIMATIC protocol */
+		}
+	}
+
 	/*  OK,let's check SPDU length  */
 	/*  get length of SPDU */
 	len = get_item_len(tvb, offset+1, &len_len);
author	ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7>	2005-09-22 21:16:54 +0000
committer	ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7>	2005-09-22 21:16:54 +0000
commit	1f2dbd7bdfd6bba5d5ef7867a0689e349dca3283 (patch)
tree	2076ad521a7d356b59324ea9524b918196b0b1de /epan/dissectors/packet-ses.c
parent	5a1384718de46178f97d07da20c0d9f14f40ca1d (diff)