diff options
-rw-r--r-- | asn1/h225/packet-h225-template.c | 36 | ||||
-rw-r--r-- | epan/dissectors/packet-h225.c | 46 | ||||
-rw-r--r-- | epan/dissectors/packet-q931.c | 13 | ||||
-rw-r--r-- | epan/dissectors/packet-sip.c | 13 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 27 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.h | 1 | ||||
-rw-r--r-- | epan/libwireshark.def | 2 | ||||
-rw-r--r-- | epan/proto.c | 10 | ||||
-rw-r--r-- | epan/proto.h | 5 |
10 files changed, 118 insertions, 36 deletions
diff --git a/asn1/h225/packet-h225-template.c b/asn1/h225/packet-h225-template.c index 88e5e901ec..da2775d38a 100644 --- a/asn1/h225/packet-h225-template.c +++ b/asn1/h225/packet-h225-template.c @@ -55,6 +55,7 @@ #include "packet-h235.h" #include "packet-h245.h" #include "packet-q931.h" +#include "packet-ssl.h" #define PNAME "H323-MESSAGES" @@ -64,6 +65,7 @@ #define UDP_PORT_RAS1 1718 #define UDP_PORT_RAS2 1719 #define TCP_PORT_CS 1720 +#define TLS_PORT_CS 1300 static void reset_h225_packet_info(h225_packet_info *pi); static void ras_call_matching(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, h225_packet_info *pi); @@ -103,7 +105,6 @@ static int hf_h225_ras_req_frame = -1; static int hf_h225_ras_rsp_frame = -1; static int hf_h225_ras_dup = -1; static int hf_h225_ras_deltatime = -1; -static int hf_h225_fastStart_item_length = -1; #include "packet-h225-hf.c" @@ -112,11 +113,13 @@ static gint ett_h225 = -1; #include "packet-h225-ett.c" /* Preferences */ +static guint h225_tls_port = TLS_PORT_CS; static gboolean h225_reassembly = TRUE; static gboolean h225_h245_in_tree = TRUE; static gboolean h225_tp_in_tree = TRUE; /* Global variables */ +static guint saved_h225_tls_port; static guint32 ipv4_address; static guint32 ipv4_port; guint32 T38_manufacturer_code; @@ -136,6 +139,9 @@ static const char *tpOID; #include "packet-h225-fn.c" +/* Forward declaration we need below */ +void proto_reg_handoff_h225(void); + static int dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { @@ -242,9 +248,6 @@ void proto_register_h225(void) { { &hf_h225_ras_deltatime, { "RAS Service Response Time", "h225.ras.timedelta", FT_RELATIVE_TIME, BASE_NONE, NULL, 0, "Timedelta between RAS-Request and RAS-Response", HFILL }}, - { &hf_h225_fastStart_item_length, - { "fastStart item length", "h225.fastStart_item_length", FT_UINT32, BASE_DEC, - NULL, 0, "fastStart item length", HFILL }}, #include "packet-h225-hfarr.c" }; @@ -262,7 +265,11 @@ void proto_register_h225(void) { proto_register_field_array(proto_h225, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); - h225_module = prefs_register_protocol(proto_h225, NULL); + h225_module = prefs_register_protocol(proto_h225, proto_reg_handoff_h225); + prefs_register_uint_preference(h225_module, "tls.port", + "H.225 TLS Port", + "H.225 Server TLS Port", + 10, &h225_tls_port); prefs_register_bool_preference(h225_module, "reassembly", "Reassemble H.225 messages spanning multiple TCP segments", "Whether the H.225 dissector should reassemble messages spanning multiple TCP segments." @@ -297,7 +304,22 @@ void proto_register_h225(void) { void proto_reg_handoff_h225(void) { - h225ras_handle=new_create_dissector_handle(dissect_h225_h225_RasMessage, proto_h225); + static gboolean h225_prefs_initialized = FALSE; + + if (h225_prefs_initialized) { + } else { + h225ras_handle=new_create_dissector_handle(dissect_h225_h225_RasMessage, proto_h225); + dissector_add("udp.port", UDP_PORT_RAS1, h225ras_handle); + dissector_add("udp.port", UDP_PORT_RAS2, h225ras_handle); + + ssl_dissector_delete(saved_h225_tls_port, "q931", TRUE); + + h225_prefs_initialized = TRUE; + } + + saved_h225_tls_port = h225_tls_port; + ssl_dissector_add(saved_h225_tls_port, "q931.tpkt", TRUE); + H323UserInformation_handle=find_dissector("h323ui"); h245_handle = find_dissector("h245"); @@ -305,8 +327,6 @@ proto_reg_handoff_h225(void) h4501_handle = find_dissector("h4501"); data_handle = find_dissector("data"); - dissector_add("udp.port", UDP_PORT_RAS1, h225ras_handle); - dissector_add("udp.port", UDP_PORT_RAS2, h225ras_handle); } diff --git a/epan/dissectors/packet-h225.c b/epan/dissectors/packet-h225.c index 24636567ce..1da392cb2b 100644 --- a/epan/dissectors/packet-h225.c +++ b/epan/dissectors/packet-h225.c @@ -63,6 +63,7 @@ #include "packet-h235.h" #include "packet-h245.h" #include "packet-q931.h" +#include "packet-ssl.h" #define PNAME "H323-MESSAGES" @@ -72,6 +73,7 @@ #define UDP_PORT_RAS1 1718 #define UDP_PORT_RAS2 1719 #define TCP_PORT_CS 1720 +#define TLS_PORT_CS 1300 static void reset_h225_packet_info(h225_packet_info *pi); static void ras_call_matching(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, h225_packet_info *pi); @@ -111,7 +113,6 @@ static int hf_h225_ras_req_frame = -1; static int hf_h225_ras_rsp_frame = -1; static int hf_h225_ras_dup = -1; static int hf_h225_ras_deltatime = -1; -static int hf_h225_fastStart_item_length = -1; /*--- Included file: packet-h225-hf.c ---*/ @@ -880,7 +881,7 @@ static int hf_h225_stopped = -1; /* NULL */ static int hf_h225_notAvailable = -1; /* NULL */ /*--- End of included file: packet-h225-hf.c ---*/ -#line 109 "packet-h225-template.c" +#line 110 "packet-h225-template.c" /* Initialize the subtree pointers */ static gint ett_h225 = -1; @@ -1126,14 +1127,16 @@ static gint ett_h225_ServiceControlResponse = -1; static gint ett_h225_T_result = -1; /*--- End of included file: packet-h225-ett.c ---*/ -#line 113 "packet-h225-template.c" +#line 114 "packet-h225-template.c" /* Preferences */ +static guint h225_tls_port = TLS_PORT_CS; static gboolean h225_reassembly = TRUE; static gboolean h225_h245_in_tree = TRUE; static gboolean h225_tp_in_tree = TRUE; /* Global variables */ +static guint saved_h225_tls_port; static guint32 ipv4_address; static guint32 ipv4_port; guint32 T38_manufacturer_code; @@ -7309,9 +7312,12 @@ dissect_h225_RasMessage(tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_t /*--- End of included file: packet-h225-fn.c ---*/ -#line 137 "packet-h225-template.c" +#line 140 "packet-h225-template.c" +/* Forward declaration we need below */ +void proto_reg_handoff_h225(void); + static int dissect_h225_H323UserInformation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { @@ -7418,9 +7424,6 @@ void proto_register_h225(void) { { &hf_h225_ras_deltatime, { "RAS Service Response Time", "h225.ras.timedelta", FT_RELATIVE_TIME, BASE_NONE, NULL, 0, "Timedelta between RAS-Request and RAS-Response", HFILL }}, - { &hf_h225_fastStart_item_length, - { "fastStart item length", "h225.fastStart_item_length", FT_UINT32, BASE_DEC, - NULL, 0, "fastStart item length", HFILL }}, /*--- Included file: packet-h225-hfarr.c ---*/ @@ -10475,7 +10478,7 @@ void proto_register_h225(void) { "h225.NULL", HFILL }}, /*--- End of included file: packet-h225-hfarr.c ---*/ -#line 250 "packet-h225-template.c" +#line 253 "packet-h225-template.c" }; /* List of subtrees */ @@ -10723,7 +10726,7 @@ void proto_register_h225(void) { &ett_h225_T_result, /*--- End of included file: packet-h225-ettarr.c ---*/ -#line 256 "packet-h225-template.c" +#line 259 "packet-h225-template.c" }; module_t *h225_module; @@ -10733,7 +10736,11 @@ void proto_register_h225(void) { proto_register_field_array(proto_h225, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); - h225_module = prefs_register_protocol(proto_h225, NULL); + h225_module = prefs_register_protocol(proto_h225, proto_reg_handoff_h225); + prefs_register_uint_preference(h225_module, "tls.port", + "H.225 TLS Port", + "H.225 Server TLS Port", + 10, &h225_tls_port); prefs_register_bool_preference(h225_module, "reassembly", "Reassemble H.225 messages spanning multiple TCP segments", "Whether the H.225 dissector should reassemble messages spanning multiple TCP segments." @@ -10768,7 +10775,22 @@ void proto_register_h225(void) { void proto_reg_handoff_h225(void) { - h225ras_handle=new_create_dissector_handle(dissect_h225_h225_RasMessage, proto_h225); + static gboolean h225_prefs_initialized = FALSE; + + if (h225_prefs_initialized) { + } else { + h225ras_handle=new_create_dissector_handle(dissect_h225_h225_RasMessage, proto_h225); + dissector_add("udp.port", UDP_PORT_RAS1, h225ras_handle); + dissector_add("udp.port", UDP_PORT_RAS2, h225ras_handle); + + ssl_dissector_delete(saved_h225_tls_port, "q931", TRUE); + + h225_prefs_initialized = TRUE; + } + + saved_h225_tls_port = h225_tls_port; + ssl_dissector_add(saved_h225_tls_port, "q931.tpkt", TRUE); + H323UserInformation_handle=find_dissector("h323ui"); h245_handle = find_dissector("h245"); @@ -10776,8 +10798,6 @@ proto_reg_handoff_h225(void) h4501_handle = find_dissector("h4501"); data_handle = find_dissector("data"); - dissector_add("udp.port", UDP_PORT_RAS1, h225ras_handle); - dissector_add("udp.port", UDP_PORT_RAS2, h225ras_handle); } diff --git a/epan/dissectors/packet-q931.c b/epan/dissectors/packet-q931.c index 715a0ccf8c..3ec47632a0 100644 --- a/epan/dissectors/packet-q931.c +++ b/epan/dissectors/packet-q931.c @@ -145,6 +145,7 @@ static dissector_table_t ie_dissector_table; static gboolean q931_desegment = TRUE; static dissector_handle_t h225_handle; +static dissector_handle_t q931_tpkt_handle; static dissector_handle_t q931_tpkt_pdu_handle; static void @@ -2998,7 +2999,7 @@ dissect_q931_IEs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *root_tree, * Q.931-over-TPKT-over-TCP. */ static gboolean -dissect_q931_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +dissect_q931_tpkt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int lv_tpkt_len; @@ -3068,6 +3069,12 @@ dissect_q931_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } static void +dissect_q931_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + dissect_q931_tpkt_heur(tvb, pinfo, tree); +} + +static void dissect_q931_tpkt_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { dissect_q931_pdu(tvb, pinfo, tree, TRUE); @@ -3279,6 +3286,8 @@ proto_register_q931(void) register_init_routine(q931_init); register_dissector("q931", dissect_q931, proto_q931); + register_dissector("q931.tpkt", dissect_q931_tpkt, proto_q931); + q931_tpkt_handle = find_dissector("q931.tpkt"); q931_tpkt_pdu_handle = create_dissector_handle(dissect_q931_tpkt_pdu, proto_q931); register_dissector("q931.ie", dissect_q931_ie_cs0, proto_q931); @@ -3321,7 +3330,7 @@ proto_reg_handoff_q931(void) /* * For H.323. */ - heur_dissector_add("tcp", dissect_q931_tpkt, proto_q931); + heur_dissector_add("tcp", dissect_q931_tpkt_heur, proto_q931); } static void reset_q931_packet_info(q931_packet_info *pi) diff --git a/epan/dissectors/packet-sip.c b/epan/dissectors/packet-sip.c index ae287db43f..4e97c4a1d2 100644 --- a/epan/dissectors/packet-sip.c +++ b/epan/dissectors/packet-sip.c @@ -64,13 +64,19 @@ #include <epan/expert.h> #include "packet-tcp.h" +#include "packet-ssl.h" #define TCP_PORT_SIP 5060 #define UDP_PORT_SIP 5060 +#define TLS_PORT_SIP 5061 static gint sip_tap = -1; static dissector_handle_t sigcomp_handle; +/* Dissectors */ +static dissector_handle_t sip_handle = NULL; +static dissector_handle_t sip_tcp_handle = NULL; + /* Initialize the protocol and registered fields */ static gint proto_sip = -1; static gint proto_raw_sip = -1; @@ -3019,6 +3025,9 @@ void proto_register_sip(void) proto_raw_sip = proto_register_protocol("Session Initiation Protocol (SIP as raw text)", "Raw_SIP", "raw_sip"); new_register_dissector("sip", dissect_sip, proto_sip); + sip_handle = find_dissector("sip"); + register_dissector("sip.tcp", dissect_sip_tcp, proto_sip); + sip_tcp_handle = find_dissector("sip.tcp"); /* Required function calls to register the header fields and subtrees used */ proto_register_field_array(proto_sip, hf, array_length(hf)); @@ -3068,15 +3077,13 @@ void proto_register_sip(void) void proto_reg_handoff_sip(void) { - dissector_handle_t sip_handle, sip_tcp_handle; - sip_handle = new_create_dissector_handle(dissect_sip, proto_sip); dissector_add("udp.port", UDP_PORT_SIP, sip_handle); dissector_add_string("media_type", "message/sip", sip_handle); sigcomp_handle = find_dissector("sigcomp"); - sip_tcp_handle = create_dissector_handle(dissect_sip_tcp, proto_sip); dissector_add("tcp.port", TCP_PORT_SIP, sip_tcp_handle); + ssl_dissector_add(TLS_PORT_SIP, "sip.tcp", TRUE); heur_dissector_add("udp", dissect_sip_heur, proto_sip); heur_dissector_add("tcp", dissect_sip_tcp_heur, proto_sip); diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 14cf400e31..358e941f6b 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -1509,6 +1509,7 @@ ssl_assoc_from_key_list(gpointer key _U_, gpointer data, gpointer user_data) { if (((SslAssociation*)data)->from_key_list) ep_stack_push((ep_stack_t)user_data, data); + return FALSE; } int diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 196bec7282..d196654741 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -116,11 +116,6 @@ static gboolean ssl_desegment = TRUE; static gboolean ssl_desegment_app_data = TRUE; -/* we need to remember the top tree so that subdissectors we call are created - * at the root and not deep down inside the SSL decode - */ -static proto_tree *top_tree; - /********************************************************************* * @@ -549,8 +544,6 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) first_record_in_frame = TRUE; ssl_session = NULL; - top_tree=tree; - /* Track the version using conversations to reduce the * chance that a packet that simply *looks* like a v2 or * v3 packet is dissected improperly. This also allows @@ -1081,12 +1074,15 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, /* try to retrive and use decrypted handshake record, if any. */ decrypted = ssl_get_record_info(proto_ssl, pinfo, offset); - if (decrypted) + if (decrypted) { + /* add desegmented data to the data source list */ + add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0, decrypted->length, conv_version, ssl, content_type); - else + } else { dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset, record_length, conv_version, ssl, content_type); + } break; } case SSL_ID_APP_DATA: @@ -1149,7 +1145,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, ssl_print_text_data("decrypted app data",pi->app_data.data, pi->app_data.data_len); - call_dissector(association->handle, new_tvb, pinfo, top_tree); + call_dissector(association->handle, new_tvb, pinfo, proto_tree_get_root(tree)); } } break; @@ -3783,3 +3779,14 @@ ssl_dissector_add(guint port, gchar *protocol, gboolean tcp) ssl_association_add(ssl_associations, ssl_handle, port, protocol, tcp, FALSE); } + +void +ssl_dissector_delete(guint port, gchar *protocol, gboolean tcp) +{ + SslAssociation *assoc; + + assoc = ssl_association_find(ssl_associations, port, tcp); + if (assoc && (assoc->handle == find_dissector(protocol))) { + ssl_association_remove(ssl_associations, assoc); + } +} diff --git a/epan/dissectors/packet-ssl.h b/epan/dissectors/packet-ssl.h index d3f8f34633..f019cb3226 100644 --- a/epan/dissectors/packet-ssl.h +++ b/epan/dissectors/packet-ssl.h @@ -26,5 +26,6 @@ #define __PACKET_SSL_H__ extern void ssl_dissector_add(guint port, gchar *protocol, gboolean tcp); +extern void ssl_dissector_delete(guint port, gchar *protocol, gboolean tcp); #endif /* __PACKET_SSL_H__ */ diff --git a/epan/libwireshark.def b/epan/libwireshark.def index aa82c36609..cc15f4e386 100644 --- a/epan/libwireshark.def +++ b/epan/libwireshark.def @@ -565,6 +565,7 @@ proto_tree_add_uint64_format proto_tree_add_uint64_format_value proto_tree_children_foreach proto_tree_get_parent +proto_tree_get_root proto_tree_move_item p_add_proto_data p_get_proto_data @@ -631,6 +632,7 @@ smb_cmd_vals DATA smb2_cmd_vals DATA sminmpec_values DATA ssl_dissector_add +ssl_dissector_delete start_requested_stats started_with_special_privs stats_tree_branch_max_namelen diff --git a/epan/proto.c b/epan/proto.c index e218e8a77a..6adde0dda5 100644 --- a/epan/proto.c +++ b/epan/proto.c @@ -3174,6 +3174,16 @@ proto_tree_get_parent(proto_tree *tree) { return (proto_item*) tree; } +proto_tree* +proto_tree_get_root(proto_tree *tree) { + /* dont bother if tree is not visible */ + if( (!tree) || (!(PTREE_DATA(tree)->visible)) ) + return (NULL); + while (tree->parent) { + tree = tree->parent; + } + return tree; +} void proto_tree_move_item(proto_tree *tree, proto_item *fixed_item, proto_item *item_to_move) diff --git a/epan/proto.h b/epan/proto.h index 3e139cdbba..ead06e0fd4 100644 --- a/epan/proto.h +++ b/epan/proto.h @@ -427,6 +427,11 @@ proto_tree_prime_hfid(proto_tree *tree, int hfid); @return parent item */ extern proto_item* proto_tree_get_parent(proto_tree *tree); +/** Get the root tree from any subtree. + @param tree the tree to get the root from + @return root tree */ +extern proto_tree* proto_tree_get_root(proto_tree *tree); + /** Move an existing item behind another existing item. @param tree the tree to which both items belong @param fixed_item the item which keeps it's position |