From 1f2dbd7bdfd6bba5d5ef7867a0689e349dca3283 Mon Sep 17 00:00:00 2001 From: ulfl Date: Thu, 22 Sep 2005 21:16:54 +0000 Subject: enhance heuristics: some Siemens SIMATIC protocols also use COTP, and shouldn't be misinterpreted as SES. the starter in this case is fixed to 0x32 (SES_MINOR_SYNC_ACK for SES), so if the following parameter type is unknown, it's probably SIMATIC and not SES git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@15966 f5534014-38df-0310-8fa8-9805f1628bb7 --- epan/dissectors/packet-ses.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'epan/dissectors/packet-ses.c') diff --git a/epan/dissectors/packet-ses.c b/epan/dissectors/packet-ses.c index 9b57f17c67..6c95f6989b 100644 --- a/epan/dissectors/packet-ses.c +++ b/epan/dissectors/packet-ses.c @@ -1759,6 +1759,17 @@ dissect_ses_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) return FALSE; /* no, it isn't a session PDU */ } + /* some Siemens SIMATIC protocols also use COTP, and shouldn't be + * misinterpreted as SES. + * the starter in this case is fixed to 0x32 (SES_MINOR_SYNC_ACK for SES), + * so if the parameter type is unknown, it's probably SIMATIC */ + if(type == 0x32 && tvb_bytes_exist(tvb, 0, 3)) { + type = tvb_get_guint8(tvb, offset+2); + if (match_strval(type, param_vals) == NULL) { + return FALSE; /* it's probably a SIMATIC protocol */ + } + } + /* OK,let's check SPDU length */ /* get length of SPDU */ len = get_item_len(tvb, offset+1, &len_len); -- cgit v1.2.3