diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2015-06-24 12:21:42 -0700 |
---|---|---|
committer | Pascal Quantin <pascal.quantin@gmail.com> | 2015-06-25 00:10:13 +0000 |
commit | cdc7d2500469fe9cfe84d805957b8c3644cc27a1 (patch) | |
tree | 21d29e9a312dab0c72b7f9f82f23b56c015d7cf6 /epan | |
parent | f5b09f2c8af8d3f21adc89b2f19c47cdff65f775 (diff) |
Add ability to export PDUs for heuristic dissectors also
Change-Id: I1bf1aa9794f9b4f106edffd4986fc0b1014522fa
Reviewed-on: https://code.wireshark.org/review/9099
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-credssp.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-diameter.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-dtls.c | 32 | ||||
-rw-r--r-- | epan/dissectors/packet-dvbci.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-exported_pdu.c | 32 | ||||
-rw-r--r-- | epan/dissectors/packet-ipsec.c | 3 | ||||
-rw-r--r-- | epan/dissectors/packet-logcat-text.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-logcat.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-reload-framing.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-sctp.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-sip.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 35 | ||||
-rw-r--r-- | epan/dissectors/packet-user_encap.c | 2 | ||||
-rw-r--r-- | epan/exported_pdu.c | 7 | ||||
-rw-r--r-- | epan/exported_pdu.h | 18 | ||||
-rw-r--r-- | epan/packet.c | 29 | ||||
-rw-r--r-- | epan/packet.h | 9 |
17 files changed, 133 insertions, 50 deletions
diff --git a/epan/dissectors/packet-credssp.c b/epan/dissectors/packet-credssp.c index 03eea460da..d418e17578 100644 --- a/epan/dissectors/packet-credssp.c +++ b/epan/dissectors/packet-credssp.c @@ -387,7 +387,7 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+ EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags_bit_field, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "credssp", &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-diameter.c b/epan/dissectors/packet-diameter.c index b4e3e4a4ae..c3b63c01dc 100644 --- a/epan/dissectors/packet-diameter.c +++ b/epan/dissectors/packet-diameter.c @@ -342,7 +342,7 @@ export_diameter_pdu(packet_info *pinfo, tvbuff_t *tvb) tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT + EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, "diameter", -1, &tags_bit_field, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "diameter", &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 59334cc449..cd9da7db20 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -636,8 +636,21 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, return ret; } +static void +export_pdu_packet(tvbuff_t *tvb, packet_info *pinfo, guint tag, const gchar *name) +{ + exp_pdu_data_t *exp_pdu_data; + guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | + EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; + exp_pdu_data = load_export_pdu_tags(pinfo, tag, name, &tags, 1); + exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); + exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); + exp_pdu_data->pdu_tvb = tvb; + + tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data); +} /********************************************************************* @@ -931,18 +944,8 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, ssl_print_data("decrypted app data",appl_data->plain_data.data, appl_data->plain_data.data_len); if (have_tap_listener(exported_pdu_tap)) { - exp_pdu_data_t *exp_pdu_data; - guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | - EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; - - exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(session->app_handle), -1, - &tags, 1); - - exp_pdu_data->tvb_captured_length = tvb_captured_length(next_tvb); - exp_pdu_data->tvb_reported_length = tvb_reported_length(next_tvb); - exp_pdu_data->pdu_tvb = next_tvb; - - tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data); + export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_PROTO_NAME, + dissector_handle_get_dissector_name(session->app_handle)); } dissected = call_dissector_only(session->app_handle, next_tvb, pinfo, top_tree, NULL); @@ -950,6 +953,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, else { /* try heuristic subdissectors */ dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, &hdtbl_entry, NULL); + if (dissected && have_tap_listener(exported_pdu_tap)) { + gchar *name = wmem_strconcat(wmem_packet_scope(), hdtbl_entry->list_name, "##", + proto_get_protocol_short_name(hdtbl_entry->protocol), NULL); + export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_HEUR_PROTO_NAME, name); + } } pinfo->match_uint = saved_match_port; if (dissected) diff --git a/epan/dissectors/packet-dvbci.c b/epan/dissectors/packet-dvbci.c index 84c303a3b1..83bd1343c1 100644 --- a/epan/dissectors/packet-dvbci.c +++ b/epan/dissectors/packet-dvbci.c @@ -3442,7 +3442,7 @@ dissect_sac_msg(guint32 tag, tvbuff_t *tvb, gint offset, tags[0] = 0; tags[1] = EXP_PDU_TAG_DVBCI_EVT_BIT; exp_pdu_data = load_export_pdu_tags( - pinfo, EXPORTED_SAC_MSG_PROTO, -1, tags, 2); + pinfo, EXP_PDU_TAG_PROTO_NAME, EXPORTED_SAC_MSG_PROTO, tags, 2); exp_pdu_data->tvb_captured_length = tvb_captured_length(clear_sac_msg_tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(clear_sac_msg_tvb); diff --git a/epan/dissectors/packet-exported_pdu.c b/epan/dissectors/packet-exported_pdu.c index 6307e47faf..a08c48a120 100644 --- a/epan/dissectors/packet-exported_pdu.c +++ b/epan/dissectors/packet-exported_pdu.c @@ -38,6 +38,7 @@ static int hf_exported_pdu_tag = -1; static int hf_exported_pdu_tag_len = -1; static int hf_exported_pdu_unknown_tag = -1; static int hf_exported_pdu_prot_name = -1; +static int hf_exported_pdu_heur_prot_name = -1; static int hf_exported_pdu_ipv4_src = -1; static int hf_exported_pdu_ipv4_dst = -1; static int hf_exported_pdu_ipv6_src = -1; @@ -56,15 +57,17 @@ static int hf_exported_pdu_exported_pdu = -1; static gint ett_exported_pdu = -1; static gint ett_exported_pdu_tag = -1; -#define EXPORTED_PDU_NEXT_PROTO_STR 0 +#define EXPORTED_PDU_NEXT_PROTO_STR 0 +#define EXPORTED_PDU_NEXT_HEUR_PROTO_STR 1 static const value_string exported_pdu_tag_vals[] = { { EXP_PDU_TAG_END_OF_OPT, "End-of-options" }, /* 1 - 9 reserved */ { EXP_PDU_TAG_OPTIONS_LENGTH, "Total length of the options excluding this TLV" }, { EXP_PDU_TAG_LINKTYPE, "Linktype value" }, { EXP_PDU_TAG_PROTO_NAME, "PDU content protocol name" }, + { EXP_PDU_TAG_HEUR_PROTO_NAME, "PDU content heuristic protocol name" }, /* Add protocol type related tags here */ -/* 13 - 19 reserved */ +/* 14 - 19 reserved */ { EXP_PDU_TAG_IPV4_SRC, "IPv4 Source Address" }, { EXP_PDU_TAG_IPV4_DST, "IPv4 Destination Address" }, { EXP_PDU_TAG_IPV6_SRC, "IPv6 Source Address" }, @@ -121,6 +124,11 @@ dissect_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, tag_len, ENC_UTF_8|ENC_NA); proto_tree_add_item(tag_tree, hf_exported_pdu_prot_name, tvb, offset, tag_len, ENC_UTF_8|ENC_NA); break; + case EXP_PDU_TAG_HEUR_PROTO_NAME: + next_proto_type = EXPORTED_PDU_NEXT_HEUR_PROTO_STR; + proto_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, tag_len, ENC_UTF_8|ENC_NA); + proto_tree_add_item(tag_tree, hf_exported_pdu_heur_prot_name, tvb, offset, tag_len, ENC_UTF_8|ENC_NA); + break; case EXP_PDU_TAG_IPV4_SRC: proto_tree_add_item(tag_tree, hf_exported_pdu_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN); TVB_SET_ADDRESS(&pinfo->net_src, AT_IPv4, tvb, offset, 4); @@ -201,6 +209,21 @@ dissect_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) call_dissector(proto_handle, payload_tvb, pinfo, tree); } break; + case EXPORTED_PDU_NEXT_HEUR_PROTO_STR: + { + gchar **heur_proto_str = wmem_strsplit(wmem_packet_scope(), proto_name, "##", 2); + if (heur_proto_str && heur_proto_str[0] && heur_proto_str[1]) { + heur_dissector_list_t heur_list = find_heur_dissector_list(heur_proto_str[0]); + if (heur_list) { + heur_dtbl_entry_t *heur_diss = find_heur_dissector_by_short_name(heur_list, heur_proto_str[1]); + if (heur_diss) { + col_clear(pinfo->cinfo, COL_PROTOCOL); + call_heur_dissector_direct(heur_diss, payload_tvb, pinfo, tree, NULL); + } + } + } + break; + } default: break; } @@ -237,6 +260,11 @@ proto_register_exported_pdu(void) FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_exported_pdu_heur_prot_name, + { "Heuristic Protocol Name", "exported_pdu.heur_prot_name", + FT_STRING, BASE_NONE, NULL, 0, + NULL, HFILL } + }, { &hf_exported_pdu_ipv4_src, { "IPv4 Src", "exported_pdu.ipv4_src", FT_IPv4, BASE_NONE, NULL, 0, diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c index e39b1565c8..d87abd9f41 100644 --- a/epan/dissectors/packet-ipsec.c +++ b/epan/dissectors/packet-ipsec.c @@ -1108,7 +1108,8 @@ export_ipsec_pdu(dissector_handle_t dissector_handle, packet_info *pinfo, tvbuff guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(dissector_handle), -1, + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, + dissector_handle_get_dissector_name(dissector_handle), &tags, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); diff --git a/epan/dissectors/packet-logcat-text.c b/epan/dissectors/packet-logcat-text.c index a50ac77556..b0139ef3f1 100644 --- a/epan/dissectors/packet-logcat-text.c +++ b/epan/dissectors/packet-logcat-text.c @@ -224,7 +224,7 @@ static void add_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, const char * sub if (have_tap_listener(exported_pdu_tap)) { exp_pdu_data_t *exp_pdu_data; - exp_pdu_data = load_export_pdu_tags(pinfo, subdissector_name, -1, NULL, 0); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, subdissector_name, NULL, 0); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); exp_pdu_data->pdu_tvb = tvb; diff --git a/epan/dissectors/packet-logcat.c b/epan/dissectors/packet-logcat.c index 4d51dc6691..5b69329be1 100644 --- a/epan/dissectors/packet-logcat.c +++ b/epan/dissectors/packet-logcat.c @@ -191,7 +191,7 @@ dissect_logcat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ if (have_tap_listener(exported_pdu_tap)) { exp_pdu_data_t *exp_pdu_data; - exp_pdu_data = load_export_pdu_tags(pinfo, "logcat", -1, NULL, 0); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "logcat", NULL, 0); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); exp_pdu_data->pdu_tvb = tvb; diff --git a/epan/dissectors/packet-reload-framing.c b/epan/dissectors/packet-reload-framing.c index 15f6a4cf99..d2f6bbe67b 100644 --- a/epan/dissectors/packet-reload-framing.c +++ b/epan/dissectors/packet-reload-framing.c @@ -178,7 +178,7 @@ dissect_reload_framing_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, "reload-framing", -1, &tags, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "reload-framing", &tags, 1); exp_pdu_data->tvb_captured_length = effective_length; exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-sctp.c b/epan/dissectors/packet-sctp.c index a49c5a7e78..f7b241a890 100644 --- a/epan/dissectors/packet-sctp.c +++ b/epan/dissectors/packet-sctp.c @@ -3173,7 +3173,7 @@ export_sctp_data_chunk(packet_info *pinfo, tvbuff_t *tvb, const gchar *proto_nam tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+ EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, proto_name, -1, &tags_bit_field, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, proto_name, &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-sip.c b/epan/dissectors/packet-sip.c index 3a01f084e8..532c8443db 100644 --- a/epan/dissectors/packet-sip.c +++ b/epan/dissectors/packet-sip.c @@ -1049,7 +1049,7 @@ export_sip_pdu(packet_info *pinfo, tvbuff_t *tvb) tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+ EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, "sip", -1, &tags_bit_field, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "sip", &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index d827db4ef9..742f5673e1 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -1284,6 +1284,22 @@ again: } static void +export_pdu_packet(tvbuff_t *tvb, packet_info *pinfo, guint tag, const gchar *name) +{ + exp_pdu_data_t *exp_pdu_data; + guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | + EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; + + exp_pdu_data = load_export_pdu_tags(pinfo, tag, name, &tags, 1); + + exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); + exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); + exp_pdu_data->pdu_tvb = tvb; + + tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data); +} + +static void process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo, proto_tree *tree, SslSession *session) { @@ -1300,20 +1316,15 @@ process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo, if (dissector_try_heuristic(ssl_heur_subdissector_list, next_tvb, pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL)) { + if (have_tap_listener(exported_pdu_tap)) { + gchar *name = wmem_strconcat(wmem_packet_scope(), hdtbl_entry->list_name, "##", + proto_get_protocol_short_name(hdtbl_entry->protocol), NULL); + export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_HEUR_PROTO_NAME, name); + } } else { if (have_tap_listener(exported_pdu_tap)) { - exp_pdu_data_t *exp_pdu_data; - guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | - EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; - - exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(session->app_handle), -1, - &tags, 1); - - exp_pdu_data->tvb_captured_length = tvb_captured_length(next_tvb); - exp_pdu_data->tvb_reported_length = tvb_reported_length(next_tvb); - exp_pdu_data->pdu_tvb = next_tvb; - - tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data); + export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_PROTO_NAME, + dissector_handle_get_dissector_name(session->app_handle)); } saved_match_port = pinfo->match_uint; if (ssl_packet_from_server(session, ssl_associations, pinfo)) { diff --git a/epan/dissectors/packet-user_encap.c b/epan/dissectors/packet-user_encap.c index 0abc27a500..52ce26c068 100644 --- a/epan/dissectors/packet-user_encap.c +++ b/epan/dissectors/packet-user_encap.c @@ -95,7 +95,7 @@ static void export_pdu(tvbuff_t *tvb, packet_info* pinfo, char *proto_name) guint8 exp_pdu_data_tag; exp_pdu_data_tag = EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, proto_name, -1, &exp_pdu_data_tag, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, proto_name, &exp_pdu_data_tag, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); exp_pdu_data->pdu_tvb = tvb; diff --git a/epan/exported_pdu.c b/epan/exported_pdu.c index a4cb7076b3..84ac43ef41 100644 --- a/epan/exported_pdu.c +++ b/epan/exported_pdu.c @@ -36,12 +36,13 @@ GSList *export_pdu_tap_name_list = NULL; /** * Allocates and fills the exp_pdu_data_t struct according to the wanted_exp_tags * bit field of wanted_exp_tags_len bytes length - * If proto_name is != NULL, wtap_encap must be -1 or vice-versa + * tag_type should be either EXP_PDU_TAG_PROTO_NAME or EXP_PDU_TAG_HEUR_PROTO_NAME + * proto_name interpretation depends on tag_type value * * The tags in the tag buffer SHOULD be added in numerical order. */ exp_pdu_data_t * -load_export_pdu_tags(packet_info *pinfo, const char* proto_name, int wtap_encap _U_, +load_export_pdu_tags(packet_info *pinfo, guint tag_type, const char* proto_name, guint8 *wanted_exp_tags, guint16 wanted_exp_tags_len) { exp_pdu_data_t *exp_pdu_data; @@ -130,7 +131,7 @@ load_export_pdu_tags(packet_info *pinfo, const char* proto_name, int wtap_encap if(proto_name){ exp_pdu_data->tlv_buffer[i] = 0; i++; - exp_pdu_data->tlv_buffer[i] = EXP_PDU_TAG_PROTO_NAME; + exp_pdu_data->tlv_buffer[i] = tag_type; i++; exp_pdu_data->tlv_buffer[i] = 0; i++; diff --git a/epan/exported_pdu.h b/epan/exported_pdu.h index bb336d4e77..5750be8396 100644 --- a/epan/exported_pdu.h +++ b/epan/exported_pdu.h @@ -83,11 +83,14 @@ WS_DLL_PUBLIC GSList *get_export_pdu_tap_list(void); #define EXP_PDU_TAG_END_OF_OPT 0 /**< End-of-options Tag. */ /* 1 - 9 reserved */ #define EXP_PDU_TAG_OPTIONS_LENGTH 10 /**< Total length of the options excluding this TLV */ -#define EXP_PDU_TAG_LINKTYPE 11 /**< The value part is the linktype value defined by tcpdump - * http://www.tcpdump.org/linktypes.html - */ +#define EXP_PDU_TAG_LINKTYPE 11 /**< Deprecated - do not use */ #define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string - * of the short protocol name used by Wireshark e.g "sip" + * of the registered dissector used by Wireshark e.g "sip" + * Will be used to call the next dissector. + */ +#define EXP_PDU_TAG_HEUR_PROTO_NAME 13 /**< The value part should be an ASCII non NULL terminated string + * composed of the heuristic table name followed by "##" followed + * by protocol short name of the used heuristic dissector e.g "ssl##HTTP2" * Will be used to call the next dissector. */ /* Add protocol type related tags here. @@ -150,12 +153,13 @@ typedef struct _exp_pdu_data_t { /** * Allocates and fills the exp_pdu_data_t struct according to the wanted_exp_tags * bit field of wanted_exp_tags_len bytes length - * If proto_name is != NULL, wtap_encap must be -1 or vice-versa + * tag_type should be either EXP_PDU_TAG_PROTO_NAME or EXP_PDU_TAG_HEUR_PROTO_NAME + * proto_name interpretation depends on tag_type value * * The tags in the tag buffer SHOULD be added in numerical order. */ -WS_DLL_PUBLIC exp_pdu_data_t *load_export_pdu_tags(packet_info *pinfo, const char* proto_name, - int wtap_encap, guint8 *wanted_exp_tags, guint16 wanted_exp_tags_len); +WS_DLL_PUBLIC exp_pdu_data_t *load_export_pdu_tags(packet_info *pinfo, guint tag_type, const char* proto_name, + guint8 *wanted_exp_tags, guint16 wanted_exp_tags_len); #ifdef __cplusplus } diff --git a/epan/packet.c b/epan/packet.c index 5c1b1c96e7..dcd8d059d6 100644 --- a/epan/packet.c +++ b/epan/packet.c @@ -1882,6 +1882,24 @@ has_heur_dissector_list(const gchar *name) { return (find_heur_dissector_list(name) != NULL); } + +static int +find_matching_heur_dissector_by_short_name(gconstpointer a, gconstpointer b) { + const gchar *str_a = proto_get_protocol_short_name(((const heur_dtbl_entry_t *)a)->protocol); + const gchar *str_b = (const gchar*)b; + + return strcmp(str_a, str_b); +} + +heur_dtbl_entry_t* +find_heur_dissector_by_short_name(heur_dissector_list_t heur_list, const char *short_name) +{ + GSList *found_entry = g_slist_find_custom(heur_list->dissectors, + (gpointer) short_name, + find_matching_heur_dissector_by_short_name); + return found_entry ? (heur_dtbl_entry_t *)(found_entry->data) : NULL; +} + void heur_dissector_add(const char *name, heur_dissector_t dissector, const int proto) { @@ -2415,8 +2433,6 @@ void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tv const char *saved_heur_list_name; guint16 saved_can_desegment; - int proto_id; - g_assert(heur_dtbl_entry); /* can_desegment is set to 2 by anyone which offers this api/service. @@ -2435,13 +2451,18 @@ void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tv saved_curr_proto = pinfo->current_proto; saved_heur_list_name = pinfo->heur_list_name; - proto_id = proto_get_id(heur_dtbl_entry->protocol); + if (!heur_dtbl_entry->enabled || + (heur_dtbl_entry->protocol != NULL && !proto_is_protocol_enabled(heur_dtbl_entry->protocol))) { + g_assert(data_handle->protocol != NULL); + call_dissector_work(data_handle, tvb, pinfo, tree, TRUE, NULL); + return; + } if (heur_dtbl_entry->protocol != NULL) { /* do NOT change this behavior - wslua uses the protocol short name set here in order to determine which Lua-based heurisitc dissector to call */ pinfo->current_proto = proto_get_protocol_short_name(heur_dtbl_entry->protocol); - wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_id)); + wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_get_id(heur_dtbl_entry->protocol))); } pinfo->heur_list_name = heur_dtbl_entry->list_name; diff --git a/epan/packet.h b/epan/packet.h index a087120fb0..f4182bf4b4 100644 --- a/epan/packet.h +++ b/epan/packet.h @@ -415,6 +415,15 @@ WS_DLL_PUBLIC gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissect */ WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list(const char *name); +/** Find a heuristic dissector by short protocol name in a heuristic table. + * + * @param heur_list heuristic dissector table + * @param short_name short name of the protocol to look at + * @return pointer to the heuristic dissector entry, NULL if not such dissector exists + */ +WS_DLL_PUBLIC heur_dtbl_entry_t* find_heur_dissector_by_short_name(heur_dissector_list_t heur_list, + const char *short_name); + /** Add a sub-dissector to a heuristic dissector list. * Call this in the proto_handoff function of the sub-dissector. * |