From 51165cfcb741319925322d3779d7e2214b890fd7 Mon Sep 17 00:00:00 2001
From: Mathias Kurth <mathias.kurth@commsolid.com>
Date: Fri, 23 Feb 2018 15:31:18 +0100
Subject: NAS-EPS: added heuristic udp dissector

Change-Id: I5df909ac55be5d00f73bd2403b2c7d4b3d1494ca
Reviewed-on: https://code.wireshark.org/review/26050
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
---
 epan/dissectors/packet-nas_eps.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

(limited to 'epan/dissectors/packet-nas_eps.c')

diff --git a/epan/dissectors/packet-nas_eps.c b/epan/dissectors/packet-nas_eps.c
index 9bfdb95acf..047f39012d 100644
--- a/epan/dissectors/packet-nas_eps.c
+++ b/epan/dissectors/packet-nas_eps.c
@@ -7750,9 +7750,44 @@ proto_register_nas_eps(void)
                                    &g_nas_eps_user_data_container_as_ip);
 }
 
+/* Heuristic dissector looks for "nas-eps" string at packet start  */
+static gboolean dissect_nas_eps_heur(tvbuff_t *tvb, packet_info *pinfo,
+                                     proto_tree *tree, void *data _U_)
+{
+    gint                 offset = 0;
+    tvbuff_t             *nas_tvb;
+
+    /* Needs to be at least as long as:
+       - the signature string
+       - at least one byte of NAS PDU payload */
+    if (tvb_captured_length_remaining(tvb, offset) < (gint)(strlen(PFNAME)+1)) {
+        return FALSE;
+    }
+
+    /* OK, compare with signature string */
+    if (tvb_strneql(tvb, offset, PFNAME, strlen(PFNAME)) != 0) {
+        return FALSE;
+    }
+    offset += (gint)strlen(PFNAME);
+
+    /* Clear protocol name */
+    col_clear(pinfo->cinfo, COL_PROTOCOL);
+
+    /* Clear info column */
+    col_clear(pinfo->cinfo, COL_INFO);
+
+    /* Create tvb that starts at actual NAS PDU */
+    nas_tvb = tvb_new_subset_remaining(tvb, offset);
+    dissect_nas_eps(nas_tvb, pinfo, tree, NULL);
+
+    return TRUE;
+}
+
 void
 proto_reg_handoff_nas_eps(void)
 {
+    heur_dissector_add("udp", dissect_nas_eps_heur, "NAS-EPS over UDP", "nas_eps_udp", proto_nas_eps, HEURISTIC_DISABLE);
+
     gsm_a_dtap_handle = find_dissector_add_dependency("gsm_a_dtap", proto_nas_eps);
     lpp_handle = find_dissector_add_dependency("lpp", proto_nas_eps);
     nbifom_handle = find_dissector_add_dependency("nbifom", proto_nas_eps);
-- 
cgit v1.2.3