diff options
Diffstat (limited to 'epan/dissectors')
| -rw-r--r-- | epan/dissectors/packet-credssp.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-diameter.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-dtls.c | 32 | ||||
| -rw-r--r-- | epan/dissectors/packet-dvbci.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-exported_pdu.c | 32 | ||||
| -rw-r--r-- | epan/dissectors/packet-ipsec.c | 3 | ||||
| -rw-r--r-- | epan/dissectors/packet-logcat-text.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-logcat.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-reload-framing.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-sctp.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-sip.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 35 | ||||
| -rw-r--r-- | epan/dissectors/packet-user_encap.c | 2 |
13 files changed, 84 insertions, 36 deletions
diff --git a/epan/dissectors/packet-credssp.c b/epan/dissectors/packet-credssp.c index 03eea460da..d418e17578 100644 --- a/epan/dissectors/packet-credssp.c +++ b/epan/dissectors/packet-credssp.c @@ -387,7 +387,7 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+ EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags_bit_field, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "credssp", &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-diameter.c b/epan/dissectors/packet-diameter.c index b4e3e4a4ae..c3b63c01dc 100644 --- a/epan/dissectors/packet-diameter.c +++ b/epan/dissectors/packet-diameter.c @@ -342,7 +342,7 @@ export_diameter_pdu(packet_info *pinfo, tvbuff_t *tvb) tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT + EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, "diameter", -1, &tags_bit_field, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "diameter", &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 59334cc449..cd9da7db20 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -636,8 +636,21 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, return ret; } +static void +export_pdu_packet(tvbuff_t *tvb, packet_info *pinfo, guint tag, const gchar *name) +{ + exp_pdu_data_t *exp_pdu_data; + guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | + EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; + exp_pdu_data = load_export_pdu_tags(pinfo, tag, name, &tags, 1); + exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); + exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); + exp_pdu_data->pdu_tvb = tvb; + + tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data); +} /********************************************************************* @@ -931,18 +944,8 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, ssl_print_data("decrypted app data",appl_data->plain_data.data, appl_data->plain_data.data_len); if (have_tap_listener(exported_pdu_tap)) { - exp_pdu_data_t *exp_pdu_data; - guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | - EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; - - exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(session->app_handle), -1, - &tags, 1); - - exp_pdu_data->tvb_captured_length = tvb_captured_length(next_tvb); - exp_pdu_data->tvb_reported_length = tvb_reported_length(next_tvb); - exp_pdu_data->pdu_tvb = next_tvb; - - tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data); + export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_PROTO_NAME, + dissector_handle_get_dissector_name(session->app_handle)); } dissected = call_dissector_only(session->app_handle, next_tvb, pinfo, top_tree, NULL); @@ -950,6 +953,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, else { /* try heuristic subdissectors */ dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, &hdtbl_entry, NULL); + if (dissected && have_tap_listener(exported_pdu_tap)) { + gchar *name = wmem_strconcat(wmem_packet_scope(), hdtbl_entry->list_name, "##", + proto_get_protocol_short_name(hdtbl_entry->protocol), NULL); + export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_HEUR_PROTO_NAME, name); + } } pinfo->match_uint = saved_match_port; if (dissected) diff --git a/epan/dissectors/packet-dvbci.c b/epan/dissectors/packet-dvbci.c index 84c303a3b1..83bd1343c1 100644 --- a/epan/dissectors/packet-dvbci.c +++ b/epan/dissectors/packet-dvbci.c @@ -3442,7 +3442,7 @@ dissect_sac_msg(guint32 tag, tvbuff_t *tvb, gint offset, tags[0] = 0; tags[1] = EXP_PDU_TAG_DVBCI_EVT_BIT; exp_pdu_data = load_export_pdu_tags( - pinfo, EXPORTED_SAC_MSG_PROTO, -1, tags, 2); + pinfo, EXP_PDU_TAG_PROTO_NAME, EXPORTED_SAC_MSG_PROTO, tags, 2); exp_pdu_data->tvb_captured_length = tvb_captured_length(clear_sac_msg_tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(clear_sac_msg_tvb); diff --git a/epan/dissectors/packet-exported_pdu.c b/epan/dissectors/packet-exported_pdu.c index 6307e47faf..a08c48a120 100644 --- a/epan/dissectors/packet-exported_pdu.c +++ b/epan/dissectors/packet-exported_pdu.c @@ -38,6 +38,7 @@ static int hf_exported_pdu_tag = -1; static int hf_exported_pdu_tag_len = -1; static int hf_exported_pdu_unknown_tag = -1; static int hf_exported_pdu_prot_name = -1; +static int hf_exported_pdu_heur_prot_name = -1; static int hf_exported_pdu_ipv4_src = -1; static int hf_exported_pdu_ipv4_dst = -1; static int hf_exported_pdu_ipv6_src = -1; @@ -56,15 +57,17 @@ static int hf_exported_pdu_exported_pdu = -1; static gint ett_exported_pdu = -1; static gint ett_exported_pdu_tag = -1; -#define EXPORTED_PDU_NEXT_PROTO_STR 0 +#define EXPORTED_PDU_NEXT_PROTO_STR 0 +#define EXPORTED_PDU_NEXT_HEUR_PROTO_STR 1 static const value_string exported_pdu_tag_vals[] = { { EXP_PDU_TAG_END_OF_OPT, "End-of-options" }, /* 1 - 9 reserved */ { EXP_PDU_TAG_OPTIONS_LENGTH, "Total length of the options excluding this TLV" }, { EXP_PDU_TAG_LINKTYPE, "Linktype value" }, { EXP_PDU_TAG_PROTO_NAME, "PDU content protocol name" }, + { EXP_PDU_TAG_HEUR_PROTO_NAME, "PDU content heuristic protocol name" }, /* Add protocol type related tags here */ -/* 13 - 19 reserved */ +/* 14 - 19 reserved */ { EXP_PDU_TAG_IPV4_SRC, "IPv4 Source Address" }, { EXP_PDU_TAG_IPV4_DST, "IPv4 Destination Address" }, { EXP_PDU_TAG_IPV6_SRC, "IPv6 Source Address" }, @@ -121,6 +124,11 @@ dissect_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, tag_len, ENC_UTF_8|ENC_NA); proto_tree_add_item(tag_tree, hf_exported_pdu_prot_name, tvb, offset, tag_len, ENC_UTF_8|ENC_NA); break; + case EXP_PDU_TAG_HEUR_PROTO_NAME: + next_proto_type = EXPORTED_PDU_NEXT_HEUR_PROTO_STR; + proto_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, tag_len, ENC_UTF_8|ENC_NA); + proto_tree_add_item(tag_tree, hf_exported_pdu_heur_prot_name, tvb, offset, tag_len, ENC_UTF_8|ENC_NA); + break; case EXP_PDU_TAG_IPV4_SRC: proto_tree_add_item(tag_tree, hf_exported_pdu_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN); TVB_SET_ADDRESS(&pinfo->net_src, AT_IPv4, tvb, offset, 4); @@ -201,6 +209,21 @@ dissect_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) call_dissector(proto_handle, payload_tvb, pinfo, tree); } break; + case EXPORTED_PDU_NEXT_HEUR_PROTO_STR: + { + gchar **heur_proto_str = wmem_strsplit(wmem_packet_scope(), proto_name, "##", 2); + if (heur_proto_str && heur_proto_str[0] && heur_proto_str[1]) { + heur_dissector_list_t heur_list = find_heur_dissector_list(heur_proto_str[0]); + if (heur_list) { + heur_dtbl_entry_t *heur_diss = find_heur_dissector_by_short_name(heur_list, heur_proto_str[1]); + if (heur_diss) { + col_clear(pinfo->cinfo, COL_PROTOCOL); + call_heur_dissector_direct(heur_diss, payload_tvb, pinfo, tree, NULL); + } + } + } + break; + } default: break; } @@ -237,6 +260,11 @@ proto_register_exported_pdu(void) FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_exported_pdu_heur_prot_name, + { "Heuristic Protocol Name", "exported_pdu.heur_prot_name", + FT_STRING, BASE_NONE, NULL, 0, + NULL, HFILL } + }, { &hf_exported_pdu_ipv4_src, { "IPv4 Src", "exported_pdu.ipv4_src", FT_IPv4, BASE_NONE, NULL, 0, diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c index e39b1565c8..d87abd9f41 100644 --- a/epan/dissectors/packet-ipsec.c +++ b/epan/dissectors/packet-ipsec.c @@ -1108,7 +1108,8 @@ export_ipsec_pdu(dissector_handle_t dissector_handle, packet_info *pinfo, tvbuff guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(dissector_handle), -1, + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, + dissector_handle_get_dissector_name(dissector_handle), &tags, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); diff --git a/epan/dissectors/packet-logcat-text.c b/epan/dissectors/packet-logcat-text.c index a50ac77556..b0139ef3f1 100644 --- a/epan/dissectors/packet-logcat-text.c +++ b/epan/dissectors/packet-logcat-text.c @@ -224,7 +224,7 @@ static void add_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, const char * sub if (have_tap_listener(exported_pdu_tap)) { exp_pdu_data_t *exp_pdu_data; - exp_pdu_data = load_export_pdu_tags(pinfo, subdissector_name, -1, NULL, 0); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, subdissector_name, NULL, 0); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); exp_pdu_data->pdu_tvb = tvb; diff --git a/epan/dissectors/packet-logcat.c b/epan/dissectors/packet-logcat.c index 4d51dc6691..5b69329be1 100644 --- a/epan/dissectors/packet-logcat.c +++ b/epan/dissectors/packet-logcat.c @@ -191,7 +191,7 @@ dissect_logcat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ if (have_tap_listener(exported_pdu_tap)) { exp_pdu_data_t *exp_pdu_data; - exp_pdu_data = load_export_pdu_tags(pinfo, "logcat", -1, NULL, 0); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "logcat", NULL, 0); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); exp_pdu_data->pdu_tvb = tvb; diff --git a/epan/dissectors/packet-reload-framing.c b/epan/dissectors/packet-reload-framing.c index 15f6a4cf99..d2f6bbe67b 100644 --- a/epan/dissectors/packet-reload-framing.c +++ b/epan/dissectors/packet-reload-framing.c @@ -178,7 +178,7 @@ dissect_reload_framing_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, "reload-framing", -1, &tags, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "reload-framing", &tags, 1); exp_pdu_data->tvb_captured_length = effective_length; exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-sctp.c b/epan/dissectors/packet-sctp.c index a49c5a7e78..f7b241a890 100644 --- a/epan/dissectors/packet-sctp.c +++ b/epan/dissectors/packet-sctp.c @@ -3173,7 +3173,7 @@ export_sctp_data_chunk(packet_info *pinfo, tvbuff_t *tvb, const gchar *proto_nam tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+ EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, proto_name, -1, &tags_bit_field, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, proto_name, &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-sip.c b/epan/dissectors/packet-sip.c index 3a01f084e8..532c8443db 100644 --- a/epan/dissectors/packet-sip.c +++ b/epan/dissectors/packet-sip.c @@ -1049,7 +1049,7 @@ export_sip_pdu(packet_info *pinfo, tvbuff_t *tvb) tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+ EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, "sip", -1, &tags_bit_field, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "sip", &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index d827db4ef9..742f5673e1 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -1284,6 +1284,22 @@ again: } static void +export_pdu_packet(tvbuff_t *tvb, packet_info *pinfo, guint tag, const gchar *name) +{ + exp_pdu_data_t *exp_pdu_data; + guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | + EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; + + exp_pdu_data = load_export_pdu_tags(pinfo, tag, name, &tags, 1); + + exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); + exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); + exp_pdu_data->pdu_tvb = tvb; + + tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data); +} + +static void process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo, proto_tree *tree, SslSession *session) { @@ -1300,20 +1316,15 @@ process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo, if (dissector_try_heuristic(ssl_heur_subdissector_list, next_tvb, pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL)) { + if (have_tap_listener(exported_pdu_tap)) { + gchar *name = wmem_strconcat(wmem_packet_scope(), hdtbl_entry->list_name, "##", + proto_get_protocol_short_name(hdtbl_entry->protocol), NULL); + export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_HEUR_PROTO_NAME, name); + } } else { if (have_tap_listener(exported_pdu_tap)) { - exp_pdu_data_t *exp_pdu_data; - guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | - EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; - - exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(session->app_handle), -1, - &tags, 1); - - exp_pdu_data->tvb_captured_length = tvb_captured_length(next_tvb); - exp_pdu_data->tvb_reported_length = tvb_reported_length(next_tvb); - exp_pdu_data->pdu_tvb = next_tvb; - - tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data); + export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_PROTO_NAME, + dissector_handle_get_dissector_name(session->app_handle)); } saved_match_port = pinfo->match_uint; if (ssl_packet_from_server(session, ssl_associations, pinfo)) { diff --git a/epan/dissectors/packet-user_encap.c b/epan/dissectors/packet-user_encap.c index 0abc27a500..52ce26c068 100644 --- a/epan/dissectors/packet-user_encap.c +++ b/epan/dissectors/packet-user_encap.c @@ -95,7 +95,7 @@ static void export_pdu(tvbuff_t *tvb, packet_info* pinfo, char *proto_name) guint8 exp_pdu_data_tag; exp_pdu_data_tag = EXP_PDU_TAG_ORIG_FNO_BIT; - exp_pdu_data = load_export_pdu_tags(pinfo, proto_name, -1, &exp_pdu_data_tag, 1); + exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, proto_name, &exp_pdu_data_tag, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); exp_pdu_data->pdu_tvb = tvb; |