osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Change the signature of dissector_try_heuristic() to return hdtbl_entry 

which can be used to call the found heuristic dissector on the next pass.

Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.

Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
AndersBroman 2014-05-20 12:54:20 +02:00 committed by Anders Broman
parent bb01c7ac38
commit 2cfda31ff0
55 changed files with 299 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
asn1/atn-ulcs/atn-ulcs.cnf
View File

@ -49,6 +49,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar
proto_item *ti = NULL;
proto_tree *atn_ulcs_tree = NULL;
atn_conversation_t *atn_cv = NULL;
heur_dtbl_entry_t *hdtbl_entry;
/* extract bitstring into new tvb buffer */
offset = dissect_per_bit_string(
@ -113,6 +114,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar
tvb_new_subset_remaining(tvb_usr,0),
actx->pinfo,
root_tree,
&hdtbl_entry,
NULL);
break;
}
@ -123,6 +125,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar
tvb_new_subset_remaining(tvb_usr,0),
actx->pinfo,
root_tree,
&hdtbl_entry,
NULL);
}
break;
@ -458,6 +461,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar
tvbuff_t *tvb_usr = NULL;
packet_info * pinfo = actx->pinfo;
atn_conversation_t *atn_cv = NULL;
heur_dtbl_entry_t *hdtbl_entry;
/* decode bit-string user data within ACSE */
offset = dissect_per_bit_string(
@ -525,6 +529,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar
tvb_new_subset_remaining(tvb_usr,0),
actx->pinfo,
root_tree,
&hdtbl_entry,
NULL);
break;
}
@ -535,11 +540,12 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar
tvb_new_subset_remaining(tvb_usr,0),
actx->pinfo,
root_tree,
&hdtbl_entry,
NULL);
}
}
offset += tvb_length_remaining(tvb, offset);
offset += tvb_reported_length_remaining(tvb, offset);
#.END

2
asn1/atn-ulcs/packet-atn-ulcs-template.c
View File

@ -746,7 +746,7 @@ static gboolean dissect_atn_ulcs_heur(
{
/* do we have enough data*/
/* at least session + presentation data or pdv-list */
if (tvb_length(tvb) < 2){
if (tvb_captured_length(tvb) < 2){
return FALSE; }
/* check for session/presentation/ACSE PDU's */

3
asn1/credssp/credssp.cnf
View File

@ -43,12 +43,13 @@ TSRequest
#.FN_BODY NegoData/_item/negoToken
tvbuff_t *token_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
%(DEFAULT_BODY)s
if(token_tvb != NULL)
dissector_try_heuristic(credssp_heur_subdissector_list,
token_tvb, actx->pinfo, proto_tree_get_root(tree), NULL);
token_tvb, actx->pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL);
#.END

8
asn1/credssp/packet-credssp-template.c
View File

@ -106,10 +106,12 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
if((length == 1) && (tvb_get_guint8(tvb, offset) == 2)) {
if (have_tap_listener(exported_pdu_tap)) {
exp_pdu_data_t *exp_pdu_data;
guint8 tags_bit_field;
exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1,
(EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT));
tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+
EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags_bit_field, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);

6
asn1/mpeg-pes/packet-mpeg-pes-template.c
View File

@ -314,7 +314,7 @@ dissect_mpeg_pes_header_data(tvbuff_t *tvb, packet_info *pinfo,
if (flags2 & PRIVATE_DATA_FLAG) {
proto_tree_add_item(tree, hf_mpeg_pes_private_data, tvb,
offset, 16, ENC_BIG_ENDIAN);
offset, 16, ENC_NA);
offset += 16;
}
if (flags2 & PACK_LENGTH_FLAG) {
@ -544,7 +544,9 @@ static heur_dissector_list_t heur_subdissector_list;
static void
dissect_mpeg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) {
heur_dtbl_entry_t *hdtbl_entry;
if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MPEG");
col_clear(pinfo->cinfo, COL_INFO);
if (tree)

7
asn1/t125/t125.cnf
View File

@ -96,19 +96,22 @@ ConnectMCSPDU
#.FN_BODY Connect-Initial/_untag/userData VAL_PTR = &next_tvb
#.FN_BODY Connect-Initial/_untag/userData
tvbuff_t *next_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
%(DEFAULT_BODY)s
if(next_tvb)
dissector_try_heuristic(t125_heur_subdissector_list, next_tvb,
actx->pinfo, top_tree, NULL);
actx->pinfo, top_tree, &hdtbl_entry, NULL);
#.END
#.FN_BODY Connect-Response/_untag/userData VAL_PTR = &next_tvb
#.FN_BODY Connect-Response/_untag/userData
tvbuff_t *next_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
%(DEFAULT_BODY)s
if(next_tvb)
dissector_try_heuristic(t125_heur_subdissector_list, next_tvb,
actx->pinfo, top_tree, NULL);
actx->pinfo, top_tree, &hdtbl_entry, NULL);
#.END

3
docbook/release-notes.asciidoc
View File

@ -214,6 +214,9 @@ The libwireshark API has undergone some major changes:
tvb_captured_length for clarity, and tvb_get_string and tvb_get_stringz
have been deprecated in favour of tvb_get_string_enc and
tvb_get_stringz_enc.
* dissector_try_heuristic() signature has been changed to return heur_dtbl_entry_t
to make it possible to save it and use it in subsequent calls to avoid the overhead
of going trough the heuristics list.
== Getting Wireshark

10
epan/dissectors/packet-atn-ulcs.c
View File

@ -381,6 +381,7 @@ dissect_atn_ulcs_T_pdv_list_presentation_data_values_arbitrary(tvbuff_t *tvb _U_
proto_item *ti = NULL;
proto_tree *atn_ulcs_tree = NULL;
atn_conversation_t *atn_cv = NULL;
heur_dtbl_entry_t *hdtbl_entry;
/* extract bitstring into new tvb buffer */
offset = dissect_per_bit_string(
@ -445,6 +446,7 @@ dissect_atn_ulcs_T_pdv_list_presentation_data_values_arbitrary(tvbuff_t *tvb _U_
tvb_new_subset_remaining(tvb_usr,0),
actx->pinfo,
root_tree,
&hdtbl_entry,
NULL);
break;
}
@ -455,6 +457,7 @@ dissect_atn_ulcs_T_pdv_list_presentation_data_values_arbitrary(tvbuff_t *tvb _U_
tvb_new_subset_remaining(tvb_usr,0),
actx->pinfo,
root_tree,
&hdtbl_entry,
NULL);
}
break;
@ -592,6 +595,7 @@ dissect_atn_ulcs_T_externalt_encoding_arbitrary(tvbuff_t *tvb _U_, int offset _U
tvbuff_t *tvb_usr = NULL;
packet_info * pinfo = actx->pinfo;
atn_conversation_t *atn_cv = NULL;
heur_dtbl_entry_t *hdtbl_entry;
/* decode bit-string user data within ACSE */
offset = dissect_per_bit_string(
@ -659,6 +663,7 @@ dissect_atn_ulcs_T_externalt_encoding_arbitrary(tvbuff_t *tvb _U_, int offset _U
tvb_new_subset_remaining(tvb_usr,0),
actx->pinfo,
root_tree,
&hdtbl_entry,
NULL);
break;
}
@ -669,11 +674,12 @@ dissect_atn_ulcs_T_externalt_encoding_arbitrary(tvbuff_t *tvb _U_, int offset _U
tvb_new_subset_remaining(tvb_usr,0),
actx->pinfo,
root_tree,
&hdtbl_entry,
NULL);
}
}
offset += tvb_length_remaining(tvb, offset);
offset += tvb_reported_length_remaining(tvb, offset);
return offset;
@ -2142,7 +2148,7 @@ static gboolean dissect_atn_ulcs_heur(
{
/* do we have enough data*/
/* at least session + presentation data or pdv-list */
if (tvb_length(tvb) < 2){
if (tvb_captured_length(tvb) < 2){
return FALSE; }
/* check for session/presentation/ACSE PDU's */

5
epan/dissectors/packet-cip.c
View File

@ -6147,6 +6147,7 @@ dissect_cip_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, packet_info
cip_simple_request_info_t path_info;
dissector_handle_t dissector;
gint service_index;
heur_dtbl_entry_t *hdtbl_entry;
p_save_proto_data = p_get_proto_data(wmem_file_scope(), pinfo, proto_cip, 0);
p_remove_proto_data(wmem_file_scope(), pinfo, proto_cip, 0);
@ -6239,7 +6240,7 @@ dissect_cip_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, packet_info
if (service_index >= 0)
{
/* See if object dissector wants to override generic service handling */
if(!dissector_try_heuristic(heur_subdissector_service, tvb, pinfo, item_tree, NULL))
if(!dissector_try_heuristic(heur_subdissector_service, tvb, pinfo, item_tree, &hdtbl_entry, NULL))
{
dissect_cip_generic_service_rsp(tvb, pinfo, cip_tree);
}
@ -6315,7 +6316,7 @@ dissect_cip_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, packet_info
if (service_index >= 0)
{
/* See if object dissector wants to override generic service handling */
if(!dissector_try_heuristic(heur_subdissector_service, tvb, pinfo, item_tree, NULL))
if(!dissector_try_heuristic(heur_subdissector_service, tvb, pinfo, item_tree, &hdtbl_entry, NULL))
{
dissect_cip_generic_service_req(tvb, pinfo, cip_tree, &path_info);
}

3
epan/dissectors/packet-clnp.c
View File

@ -235,6 +235,7 @@ dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
tvbuff_t *next_tvb;
gboolean update_col_info = TRUE;
gboolean save_fragmented;
heur_dtbl_entry_t *hdtbl_entry;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "CLNP");
col_clear(pinfo->cinfo, COL_INFO);
@ -563,7 +564,7 @@ dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
}
}
if (dissector_try_heuristic(clnp_heur_subdissector_list, next_tvb,
pinfo, tree, NULL)) {
pinfo, tree, &hdtbl_entry, NULL)) {
pinfo->fragmented = save_fragmented;
return; /* yes, it appears to be one of the protocols in the heuristic list */
}

15
epan/dissectors/packet-credssp.c
View File

@ -113,6 +113,7 @@ static int
dissect_credssp_T_negoToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 45 "../../asn1/credssp/credssp.cnf"
tvbuff_t *token_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
&token_tvb);
@ -120,7 +121,7 @@ dissect_credssp_T_negoToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
if(token_tvb != NULL)
dissector_try_heuristic(credssp_heur_subdissector_list,
token_tvb, actx->pinfo, proto_tree_get_root(tree), NULL);
token_tvb, actx->pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL);
@ -378,10 +379,12 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
if((length == 1) && (tvb_get_guint8(tvb, offset) == 2)) {
if (have_tap_listener(exported_pdu_tap)) {
exp_pdu_data_t *exp_pdu_data;
guint8 tags= EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT;
guint8 tags_bit_field;
exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags, 1);
tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+
EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags_bit_field, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
@ -507,7 +510,7 @@ void proto_register_credssp(void) {
"OCTET_STRING", HFILL }},
/*--- End of included file: packet-credssp-hfarr.c ---*/
#line 150 "../../asn1/credssp/packet-credssp-template.c"
#line 152 "../../asn1/credssp/packet-credssp-template.c"
};
/* List of subtrees */
@ -525,7 +528,7 @@ void proto_register_credssp(void) {
&ett_credssp_TSRequest,
/*--- End of included file: packet-credssp-ettarr.c ---*/
#line 156 "../../asn1/credssp/packet-credssp-template.c"
#line 158 "../../asn1/credssp/packet-credssp-template.c"
};

5
epan/dissectors/packet-dccp.c
View File

@ -201,6 +201,7 @@ decode_dccp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
{
tvbuff_t *next_tvb;
int low_port, high_port;
heur_dtbl_entry_t *hdtbl_entry;
next_tvb = tvb_new_subset_remaining(tvb, offset);
@ -216,7 +217,7 @@ decode_dccp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
if (try_heuristic_first) {
/* do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo,
tree, NULL)) {
tree, &hdtbl_entry, NULL)) {
return;
}
}
@ -260,7 +261,7 @@ decode_dccp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
if (!try_heuristic_first) {
/* do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb,
pinfo, tree, NULL)) {
pinfo, tree, &hdtbl_entry, NULL)) {
return;
}
}

3
epan/dissectors/packet-dtls.c
View File

@ -815,6 +815,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *dtls_record_tree;
SslAssociation *association;
SslDataInfo *appl_data;
heur_dtbl_entry_t *hdtbl_entry;
/*
* Get the record layer fields of interest
@ -1054,7 +1055,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
}
else {
/* try heuristic subdissectors */
dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, NULL);
dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, &hdtbl_entry, NULL);
}
if (dissected)
break;

8
epan/dissectors/packet-epl.c
View File

@ -1234,6 +1234,7 @@ dissect_eplpdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean udp
proto_item *ti;
proto_tree *epl_tree = NULL, *epl_src_item, *epl_dest_item;
gint offset = 0;
heur_dtbl_entry_t *hdtbl_entry;
if (tvb_reported_length(tvb) < 3)
{
@ -1260,7 +1261,7 @@ dissect_eplpdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean udp
* give that protocol a chance to make a heuristic dissection, before we continue
* to dissect it as a normal EPL packet.
*/
if (dissector_try_heuristic(heur_epl_subdissector_list, tvb, pinfo, tree, &epl_mtyp))
if (dissector_try_heuristic(heur_epl_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, &epl_mtyp))
return TRUE;
/* tap */
@ -1435,14 +1436,15 @@ static gint
dissect_epl_payload ( proto_tree *epl_tree, tvbuff_t *tvb, packet_info *pinfo, gint offset, gint len, guint8 msgType )
{
gint off = 0;
tvbuff_t * payload_tvb = NULL;;
tvbuff_t * payload_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry = NULL;
off = offset;
if (len > 0)
{
payload_tvb = tvb_new_subset(tvb, off, len, tvb_reported_length_remaining(tvb, offset) );
if ( ! dissector_try_heuristic(heur_epl_data_subdissector_list, payload_tvb, pinfo, epl_tree, &msgType))
if ( ! dissector_try_heuristic(heur_epl_data_subdissector_list, payload_tvb, pinfo, epl_tree, &hdtbl_entry, &msgType))
call_dissector(data_dissector, payload_tvb, pinfo, epl_tree);
off += len;

6
epan/dissectors/packet-eth.c
View File

@ -229,6 +229,7 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
proto_item *addr_item;
proto_tree *addr_tree=NULL;
ethertype_data_t ethertype_data;
heur_dtbl_entry_t *hdtbl_entry = NULL;
ehdr_num++;
if(ehdr_num>=4){
@ -259,7 +260,7 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
* a first look before we assume that it's actually an
* Ethernet packet.
*/
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, parent_tree, NULL))
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, parent_tree, &hdtbl_entry, NULL))
return fh_tree;
if (ehdr->type <= IEEE_802_3_MAX_LEN) {
@ -578,6 +579,7 @@ add_ethernet_trailer(packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree,
of the trailer are an FCS. */
proto_item *item;
proto_tree *checksum_tree;
heur_dtbl_entry_t *hdtbl_entry;
if (trailer_tvb) {
guint trailer_length, trailer_reported_length;
@ -656,7 +658,7 @@ add_ethernet_trailer(packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree,
we actually have a trailer. */
if (tvb_reported_length(real_trailer_tvb) != 0) {
if (dissector_try_heuristic(eth_trailer_subdissector_list,
real_trailer_tvb, pinfo, tree, NULL) ) {
real_trailer_tvb, pinfo, tree, &hdtbl_entry, NULL) ) {
/* If we're not sure that there is a FCS, all trailer data
has been given to the ethernet-trailer dissector, so
stop dissecting here */

3
epan/dissectors/packet-http.c
View File

@ -713,6 +713,7 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo,
/*guint i;*/
/*http_info_value_t *si;*/
http_eo_t *eo_info;
heur_dtbl_entry_t *hdtbl_entry;
/*
* If this should be a request or response, do this quick check to see if
@ -1456,7 +1457,7 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo,
* dissect the payload - try the heuristic subdissectors.
*/
dissected = dissector_try_heuristic(heur_subdissector_list,
next_tvb, pinfo, tree, NULL);
next_tvb, pinfo, tree, &hdtbl_entry, NULL);
}
if (dissected) {

4
epan/dissectors/packet-ieee802154.c
View File

@ -628,6 +628,8 @@ dissect_ieee802154_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, g
ieee802154_short_addr addr16;
ieee802154_hints_t *ieee_hints;
heur_dtbl_entry_t *hdtbl_entry;
packet->short_table = ieee802154_map.short_table;
/* Allocate frame data with hints for upper layers */
@ -1071,7 +1073,7 @@ dissect_ieee802154_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, g
/* Beacon and Data packets contain a payload. */
if ((fcs_ok || !ieee802154_fcs_ok) && (tvb_reported_length(payload_tvb)>0)) {
/* Attempt heuristic subdissection. */
if (!dissector_try_heuristic(ieee802154_heur_subdissector_list, payload_tvb, pinfo, tree, packet)) {
if (!dissector_try_heuristic(ieee802154_heur_subdissector_list, payload_tvb, pinfo, tree, &hdtbl_entry, packet)) {
/* Could not subdissect, call the data dissector instead. */
call_dissector(data_handle, payload_tvb, pinfo, tree);
}

8
epan/dissectors/packet-infiniband.c
View File

@ -2285,6 +2285,7 @@ static void parse_PAYLOAD(proto_tree *parentTree,
guint16 etype, reserved;
const char *saved_proto;
volatile gboolean dissector_found = FALSE;
heur_dtbl_entry_t *hdtbl_entry;
if (!tvb_bytes_exist(tvb, *offset, length)) /* previously consumed bytes + offset was all the data - none or corrupt payload */
{
@ -2464,7 +2465,7 @@ static void parse_PAYLOAD(proto_tree *parentTree,
/* Try any heuristic dissectors that requested a chance to try and dissect IB payloads */
if (!dissector_found) {
dissector_found = dissector_try_heuristic(heur_dissectors_payload, next_tvb, pinfo, parentTree, info);
dissector_found = dissector_try_heuristic(heur_dissectors_payload, next_tvb, pinfo, parentTree, &hdtbl_entry, info);
}
if (!dissector_found) {
@ -2858,6 +2859,7 @@ static void parse_COM_MGT(proto_tree *parentTree, packet_info *pinfo, tvbuff_t *
proto_item *CM_header_item;
proto_tree *CM_header_tree;
tvbuff_t *next_tvb;
heur_dtbl_entry_t *hdtbl_entry;
local_gid = (guint8 *)wmem_alloc(wmem_packet_scope(), GID_SIZE);
remote_gid = (guint8 *)wmem_alloc(wmem_packet_scope(), GID_SIZE);
@ -2981,7 +2983,7 @@ static void parse_COM_MGT(proto_tree *parentTree, packet_info *pinfo, tvbuff_t *
/* give a chance for subdissectors to analyze the private data */
next_tvb = tvb_new_subset(tvb, local_offset, 92, -1);
if (! dissector_try_heuristic(heur_dissectors_cm_private, next_tvb, pinfo, parentTree, NULL) )
if (! dissector_try_heuristic(heur_dissectors_cm_private, next_tvb, pinfo, parentTree, &hdtbl_entry, NULL) )
/* if none reported success, add this as raw "data" */
proto_tree_add_item(CM_header_tree, hf_cm_req_private_data, tvb, local_offset, 92, ENC_NA);
@ -3070,7 +3072,7 @@ static void parse_COM_MGT(proto_tree *parentTree, packet_info *pinfo, tvbuff_t *
/* give a chance for subdissectors to get the private data */
next_tvb = tvb_new_subset(tvb, local_offset, 196, -1);
if (! dissector_try_heuristic(heur_dissectors_cm_private, next_tvb, pinfo, parentTree, NULL) )
if (! dissector_try_heuristic(heur_dissectors_cm_private, next_tvb, pinfo, parentTree, &hdtbl_entry, NULL) )
/* if none reported success, add this as raw "data" */
proto_tree_add_item(CM_header_tree, hf_cm_rep_privatedata, tvb, local_offset, 196, ENC_NA);

5
epan/dissectors/packet-ip.c
View File

@ -1951,6 +1951,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
proto_item *item = NULL, *ttl_item;
proto_tree *checksum_tree;
guint16 ttl;
heur_dtbl_entry_t *hdtbl_entry;
tree = parent_tree;
iph = (ws_ip *)wmem_alloc(wmem_packet_scope(), sizeof(ws_ip));
@ -2403,11 +2404,11 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
even be labeled as an IP frame; ideally, if a frame being dissected
throws an exception, it'll be labeled as a mangled frame of the
type in question. */
if ((try_heuristic_first) && (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, iph))) {
if ((try_heuristic_first) && (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, iph))) {
/* We're good */
} else if (!dissector_try_uint_new(ip_dissector_table, nxt, next_tvb, pinfo,
parent_tree, TRUE, iph)) {
if ((!try_heuristic_first) && (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, iph))) {
if ((!try_heuristic_first) && (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, iph))) {
/* Unknown protocol */
if (update_col_info) {
col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",

4
epan/dissectors/packet-iwarp-ddp-rdmap.c
View File

@ -264,8 +264,10 @@ static void
dissect_rdmap_payload(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, struct rdmapinfo *info)
{
heur_dtbl_entry_t *hdtbl_entry;
if (!dissector_try_heuristic(rdmap_heur_subdissector_list,
tvb, pinfo, tree, info)) {
tvb, pinfo, tree, &hdtbl_entry, info)) {
call_dissector(data_handle, tvb, pinfo, tree);
}
}

5
epan/dissectors/packet-lbmc.c
View File

@ -10883,6 +10883,7 @@ int lbmc_dissect_lbmc_packet(tvbuff_t * tvb, int offset, packet_info * pinfo, pr
puim_stream_info = NULL;
tcp_sid_info.set = FALSE;
has_source_index = FALSE;
while ((tvb_reported_length_remaining(lbmc_tvb, pkt_offset) >= L_LBMC_BASIC_HDR_T) && (next_hdr != LBMC_NHDR_DATA) && (next_hdr != LBMC_NHDR_NONE))
{
tvbuff_t * hdr_tvb = NULL;
@ -11353,6 +11354,8 @@ int lbmc_dissect_lbmc_packet(tvbuff_t * tvb, int offset, packet_info * pinfo, pr
gboolean msg_reassembled = FALSE;
lbmc_message_entry_t * msg = NULL;
gboolean dissector_found = FALSE;
heur_dtbl_entry_t *hdtbl_entry;
if (frag_info.fragment_found == 0)
{
@ -11559,7 +11562,7 @@ int lbmc_dissect_lbmc_packet(tvbuff_t * tvb, int offset, packet_info * pinfo, pr
}
if (lbmc_use_heuristic_subdissectors)
{
dissector_found = dissector_try_heuristic(lbmc_heuristic_subdissector_list, data_tvb, pinfo, subtree, NULL);
dissector_found = dissector_try_heuristic(lbmc_heuristic_subdissector_list, data_tvb, pinfo, subtree, &hdtbl_entry, NULL);
}
if (!dissector_found)
{

3
epan/dissectors/packet-media.c
View File

@ -46,8 +46,9 @@ dissect_media(tvbuff_t *tvb, packet_info *pinfo , proto_tree *tree, void* data)
int bytes;
proto_item *ti;
proto_tree *media_tree = 0;
heur_dtbl_entry_t *hdtbl_entry;
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, data)) {
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, data)) {
return tvb_length(tvb);
}

3
epan/dissectors/packet-mime-encap.c
View File

@ -39,13 +39,14 @@ static void
dissect_mime_encap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item* item;
heur_dtbl_entry_t *hdtbl_entry;
/* XXX, COL_INFO */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MIME_FILE");
item = proto_tree_add_item(tree, proto_mime_encap, tvb, 0, -1, ENC_NA);
if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) {
if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) {
proto_item_append_text(item, " (Unhandled)");
call_dissector(data_handle, tvb, pinfo, tree);
}

8
epan/dissectors/packet-mpeg-pes.c
View File

@ -985,7 +985,9 @@ static heur_dissector_list_t heur_subdissector_list;
static void
dissect_mpeg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) {
heur_dtbl_entry_t *hdtbl_entry;
if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MPEG");
col_clear(pinfo->cinfo, COL_INFO);
if (tree)
@ -1202,7 +1204,7 @@ proto_register_mpeg_pes(void)
"BIT_STRING_SIZE_16", HFILL }},
/*--- End of included file: packet-mpeg-pes-hfarr.c ---*/
#line 560 "../../asn1/mpeg-pes/packet-mpeg-pes-template.c"
#line 562 "../../asn1/mpeg-pes/packet-mpeg-pes-template.c"
{ &hf_mpeg_pes_pack_header,
{ "Pack header", "mpeg-pes.pack",
FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
@ -1320,7 +1322,7 @@ proto_register_mpeg_pes(void)
&ett_mpeg_pes_Picture,
/*--- End of included file: packet-mpeg-pes-ettarr.c ---*/
#line 667 "../../asn1/mpeg-pes/packet-mpeg-pes-template.c"
#line 669 "../../asn1/mpeg-pes/packet-mpeg-pes-template.c"
&ett_mpeg_pes_pack_header,
&ett_mpeg_pes_header_data,
&ett_mpeg_pes_trick_mode

3
epan/dissectors/packet-mq.c
View File

@ -2494,6 +2494,7 @@ static void dissect_mq_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
gboolean bEBCDIC = FALSE;
gint iDistributionListSize = 0;
mq_parm_t *p_mq_parm;
heur_dtbl_entry_t *hdtbl_entry;
p_mq_parm = wmem_new0(wmem_packet_scope(), mq_parm_t);
@ -3672,7 +3673,7 @@ static void dissect_mq_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
sizeof(p_mq_parm->mq_format));
next_tvb = tvb_new_subset_remaining(tvb, offset);
if (!dissector_try_heuristic(mq_heur_subdissector_list, next_tvb, pinfo, mqroot_tree, p_mq_parm))
if (!dissector_try_heuristic(mq_heur_subdissector_list, next_tvb, pinfo, mqroot_tree, &hdtbl_entry, p_mq_parm))
call_dissector(data_handle, next_tvb, pinfo, mqroot_tree);
}
else

4
epan/dissectors/packet-netbios.c
View File

@ -1064,12 +1064,14 @@ static heur_dissector_list_t netbios_heur_subdissector_list;
void
dissect_netbios_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
heur_dtbl_entry_t *hdtbl_entry;
/*
* Try the heuristic dissectors for NetBIOS; if none of them
* accept the packet, dissect it as data.
*/
if (!dissector_try_heuristic(netbios_heur_subdissector_list,
tvb, pinfo, tree, NULL))
tvb, pinfo, tree, &hdtbl_entry, NULL))
call_dissector(data_handle,tvb, pinfo, tree);
}

37
epan/dissectors/packet-ositp.c
View File

@ -937,19 +937,20 @@ static int ositp_decode_DT(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu,
gboolean uses_inactive_subset,
gboolean *subdissector_found)
{
proto_tree *cotp_tree = NULL;
proto_item *ti;
gboolean is_extended;
gboolean is_class_234;
guint32 dst_ref;
guint32 *prev_dst_ref;
guint tpdu_nr;
gboolean fragment = FALSE;
guint32 fragment_length = 0;
tvbuff_t *next_tvb;
fragment_head *fd_head;
conversation_t *conv;
guint tpdu_len;
proto_tree *cotp_tree = NULL;
proto_item *ti;
gboolean is_extended;
gboolean is_class_234;
guint32 dst_ref;
guint32 *prev_dst_ref;
guint tpdu_nr;
gboolean fragment = FALSE;
guint32 fragment_length = 0;
tvbuff_t *next_tvb;
fragment_head *fd_head;
conversation_t *conv;
guint tpdu_len;
heur_dtbl_entry_t *hdtbl_entry;
/* DT TPDUs have user data, so they run to the end of the containing PDU */
tpdu_len = tvb_reported_length_remaining(tvb, offset);
@ -1229,7 +1230,7 @@ static int ositp_decode_DT(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu,
if (uses_inactive_subset) {
if (dissector_try_heuristic(cotp_is_heur_subdissector_list, next_tvb,
pinfo, tree, NULL)) {
pinfo, tree, &hdtbl_entry, NULL)) {
*subdissector_found = TRUE;
} else {
/* Fill in other Dissectors using inactive subset here */
@ -1244,7 +1245,7 @@ static int ositp_decode_DT(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu,
*/
if ((!cotp_reassemble) || ((cotp_reassemble) && (!fragment))) {
if (dissector_try_heuristic(cotp_heur_subdissector_list, next_tvb, pinfo,
tree, NULL)) {
tree, &hdtbl_entry, NULL)) {
*subdissector_found = TRUE;
} else {
call_dissector(data_handle,next_tvb, pinfo, tree);
@ -1560,6 +1561,7 @@ static int ositp_decode_CC(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu,
guint8 class_option;
tvbuff_t *next_tvb;
guint tpdu_len;
heur_dtbl_entry_t *hdtbl_entry;
src_ref = tvb_get_ntohs(tvb, offset + P_SRC_REF);
@ -1655,7 +1657,7 @@ static int ositp_decode_CC(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu,
next_tvb = tvb_new_subset_remaining(tvb, offset);
if (!uses_inactive_subset){
if (dissector_try_heuristic(cotp_heur_subdissector_list, next_tvb, pinfo,
tree, NULL)) {
tree, &hdtbl_entry, NULL)) {
*subdissector_found = TRUE;
} else {
call_dissector(data_handle,next_tvb, pinfo, tree);
@ -2109,6 +2111,7 @@ static int ositp_decode_UD(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu,
proto_tree *cltp_tree = NULL;
tvbuff_t *next_tvb;
guint tpdu_len;
heur_dtbl_entry_t *hdtbl_entry;
/* UD TPDUs have user data, so they run to the end of the containing PDU */
tpdu_len = tvb_reported_length_remaining(tvb, offset);
@ -2135,7 +2138,7 @@ static int ositp_decode_UD(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu,
next_tvb = tvb_new_subset_remaining(tvb, offset);
if (dissector_try_heuristic(cltp_heur_subdissector_list, next_tvb,
pinfo, tree, NULL)) {
pinfo, tree, &hdtbl_entry, NULL)) {
*subdissector_found = TRUE;
} else {
call_dissector(data_handle,next_tvb, pinfo, tree);

3
epan/dissectors/packet-pgm.c
View File

@ -779,6 +779,7 @@ decode_pgm_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
{
tvbuff_t *next_tvb;
int found = 0;
heur_dtbl_entry_t *hdtbl_entry;
next_tvb = tvb_new_subset_remaining(tvb, offset);
@ -794,7 +795,7 @@ decode_pgm_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
return;
/* do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL))
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL))
return;
/* Oh, well, we don't know this; dissect it as data. */

3
epan/dissectors/packet-q931.c
View File

@ -2485,6 +2485,7 @@ dissect_q931_user_user_ie(tvbuff_t *tvb, packet_info *pinfo, int offset, int len
{
guint8 octet;
tvbuff_t *next_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
if (len == 0)
return;
@ -2503,7 +2504,7 @@ dissect_q931_user_user_ie(tvbuff_t *tvb, packet_info *pinfo, int offset, int len
case Q931_PROTOCOL_DISCRIMINATOR_USER:
next_tvb = tvb_new_subset(tvb, offset, len, len);
proto_tree_add_text(tree, tvb, offset, len, "User information: %d octets", len);
if (!dissector_try_heuristic(q931_user_heur_subdissector_list, next_tvb, pinfo, tree, NULL)) {
if (!dissector_try_heuristic(q931_user_heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
call_dissector_only(data_handle, next_tvb, pinfo, tree, NULL);
}
break;

3
epan/dissectors/packet-sccp.c
View File

@ -2308,6 +2308,7 @@ dissect_sccp_data_param(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
guint8 other_ssn = INVALID_SSN;
const mtp3_addr_pc_t *dpc = NULL;
const mtp3_addr_pc_t *opc = NULL;
heur_dtbl_entry_t *hdtbl_entry;
if ((trace_sccp) && (assoc && assoc != &no_assoc)) {
pinfo->sccp_info = assoc->curr_msg;
@ -2380,7 +2381,7 @@ dissect_sccp_data_param(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
}
/* try heuristic subdissector list to see if there are any takers */
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) {
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) {
return;
}

5
epan/dissectors/packet-sctp.c
View File

@ -2361,11 +2361,12 @@ static gboolean
dissect_payload(tvbuff_t *payload_tvb, packet_info *pinfo, proto_tree *tree, guint32 ppi)
{
guint32 low_port, high_port;
heur_dtbl_entry_t *hdtbl_entry;
if (enable_ulp_dissection) {
if (try_heuristic_first) {
/* do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(sctp_heur_subdissector_list, payload_tvb, pinfo, tree, GUINT_TO_POINTER(ppi)))
if (dissector_try_heuristic(sctp_heur_subdissector_list, payload_tvb, pinfo, tree, &hdtbl_entry, GUINT_TO_POINTER(ppi)))
return TRUE;
}
@ -2404,7 +2405,7 @@ dissect_payload(tvbuff_t *payload_tvb, packet_info *pinfo, proto_tree *tree, gui
if (!try_heuristic_first) {
/* do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(sctp_heur_subdissector_list, payload_tvb, pinfo, tree, GUINT_TO_POINTER(ppi)))
if (dissector_try_heuristic(sctp_heur_subdissector_list, payload_tvb, pinfo, tree, &hdtbl_entry, GUINT_TO_POINTER(ppi)))
return TRUE;
}
}

3
epan/dissectors/packet-sercosiii.c
View File

@ -1187,6 +1187,7 @@ dissect_siii(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
const char *tel_ch = "?";
const char *tel_type = "?";
guint tel_no = 0;
heur_dtbl_entry_t *hdtbl_entry;
/* setup columns */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SERCOS III V1.1");
@ -1197,7 +1198,7 @@ dissect_siii(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
* give that protocol a chance to make a heuristic dissection, before we continue
* to dissect it as a normal SercosIII packet.
*/
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL))
if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL))
return;
/* check what we got on our hand */

8
epan/dissectors/packet-sip.c
View File

@ -2345,6 +2345,8 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info
guint request_for_response = 0;
guint32 response_time = 0;
int strlen_to_copy;
heur_dtbl_entry_t *hdtbl_entry;
/*
* If this should be a request of response, do this quick check to see if
* it begins with a string...
@ -2531,10 +2533,6 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info
proto_tree *tc_uri_item_tree = NULL;
uri_offset_info uri_offsets;
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
if (linelen == 0) {
/*
@ -3597,7 +3595,7 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info
found_match?"TRUE":"FALSE"));
DINDENT();
if (!(dissector_try_heuristic(heur_subdissector_list,
next_tvb, pinfo, message_body_tree, NULL))) {
next_tvb, pinfo, message_body_tree, &hdtbl_entry, NULL))) {
int tmp_offset = 0;
while (tvb_offset_exists(next_tvb, tmp_offset)) {
tvb_find_line_end(next_tvb, tmp_offset, -1, &next_offset, FALSE);

3
epan/dissectors/packet-smb-direct.c
View File

@ -126,6 +126,7 @@ dissect_smb_direct_payload(tvbuff_t *tvb, packet_info *pinfo,
tvbuff_t *payload_tvb = NULL;
gboolean more_frags = FALSE;
gboolean fd_head_not_cached = FALSE;
heur_dtbl_entry_t *hdtbl_entry;
if (!smb_direct_reassemble) {
payload_tvb = tvb;
@ -191,7 +192,7 @@ dissect_smb_direct_payload(tvbuff_t *tvb, packet_info *pinfo,
dissect_payload:
pinfo->fragmented = FALSE;
if (!dissector_try_heuristic(smb_direct_heur_subdissector_list,
payload_tvb, pinfo, tree, NULL)) {
payload_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
call_dissector(data_handle, payload_tvb, pinfo, tree);
}
done:

14
epan/dissectors/packet-smb-pipe.c
View File

@ -3242,6 +3242,8 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
tvbuff_t *new_tvb;
proto_item *frag_tree_item;
heur_dtbl_entry_t *hdtbl_entry;
dcerpc_set_transport_salt(fid, pinfo);
/*
@ -3263,7 +3265,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
and bail out
*/
if(!pinfo->can_desegment){
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL);
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL);
goto clean_up_and_exit;
}
@ -3294,7 +3296,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
* Try the heuristic dissectors and see if we
* find someone that recognizes this payload.
*/
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL);
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL);
/* no this didnt look like something we know */
if(!result){
@ -3345,7 +3347,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
tree, pinfo, d_tvb, &frag_tree_item);
/* dissect the full PDU */
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL);
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL);
}
goto clean_up_and_exit;
}
@ -3365,12 +3367,12 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
/* we didnt find it, try any of the heuristic dissectors
and bail out
*/
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL);
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL);
goto clean_up_and_exit;
}
if(!(fd_head->flags&FD_DEFRAGMENTED)){
/* we dont have a fully reassembled frame */
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL);
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL);
goto clean_up_and_exit;
}
@ -3394,7 +3396,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
tree, pinfo, d_tvb, &frag_tree_item);
/* dissect the full PDU */
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL);
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL);

4
epan/dissectors/packet-smb2.c
View File

@ -4062,10 +4062,12 @@ static int
dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, proto_tree *top_tree)
{
tvbuff_t *dcerpc_tvb;
heur_dtbl_entry_t *hdtbl_entry;
dcerpc_tvb = tvb_new_subset(tvb, offset, MIN((int)datalen, tvb_length_remaining(tvb, offset)), datalen);
/* dissect the full PDU */
dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, top_tree, NULL);
dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, top_tree, &hdtbl_entry, NULL);
offset += datalen;

2
epan/dissectors/packet-soupbintcp.c
View File

@ -188,6 +188,7 @@ dissect_soupbintcp_common(
guint8 pkt_type;
gint offset = 0;
guint this_seq = 0, next_seq;
heur_dtbl_entry_t *hdtbl_entry;
/* Get the 16-bit big-endian SOUP packet length */
expected_len = tvb_get_ntohs(tvb, 0);
@ -428,6 +429,7 @@ dissect_soupbintcp_common(
sub_tvb,
pinfo,
tree,
&hdtbl_entry,
NULL)) {
return;
}

3
epan/dissectors/packet-ssl.c
View File

@ -1353,6 +1353,7 @@ process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo,
proto_tree *tree, SslAssociation *association)
{
tvbuff_t *next_tvb;
heur_dtbl_entry_t *hdtbl_entry;
next_tvb = tvb_new_subset_remaining(tvb, offset);
@ -1360,7 +1361,7 @@ process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo,
ssl_debug_printf("dissect_ssl3_record found association %p\n", (void *)association);
if (dissector_try_heuristic(ssl_heur_subdissector_list, next_tvb,
pinfo, proto_tree_get_root(tree), NULL)) {
pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL)) {
} else {
if (have_tap_listener(exported_pdu_tap)) {
exp_pdu_data_t *exp_pdu_data;

6
epan/dissectors/packet-stun.c
View File

@ -350,6 +350,7 @@ static int
dissect_stun_message_channel_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint16 msg_type _U_, guint msg_length _U_)
{
tvbuff_t *next_tvb;
heur_dtbl_entry_t *hdtbl_entry;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "STUN");
col_set_str(pinfo->cinfo, COL_INFO, "ChannelData TURN Message");
@ -369,7 +370,7 @@ dissect_stun_message_channel_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree
next_tvb = tvb_new_subset_remaining(tvb, CHANNEL_DATA_HDR_LEN);
if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) {
if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
call_dissector_only(data_handle, next_tvb, pinfo, tree, NULL);
}
@ -402,6 +403,7 @@ dissect_stun_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboole
stun_transaction_t *stun_trans;
wmem_tree_key_t transaction_id_key[2];
guint32 transaction_id[3];
heur_dtbl_entry_t *hdtbl_entry;
/*
* Check if the frame is really meant for us.
@ -989,7 +991,7 @@ dissect_stun_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboole
next_tvb = tvb_new_subset(tvb, offset, att_length, att_length);
if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, att_tree, NULL)) {
if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, att_tree, &hdtbl_entry, NULL)) {
call_dissector_only(data_handle, next_tvb, pinfo, att_tree, NULL);
}

4
epan/dissectors/packet-sua.c
View File

@ -2156,6 +2156,8 @@ dissect_sua_message(tvbuff_t *message_tvb, packet_info *pinfo, proto_tree *sua_t
tvbuff_t *common_header_tvb;
tvbuff_t *parameters_tvb;
tvbuff_t *data_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
#if 0
proto_tree *assoc_tree;
#endif
@ -2277,7 +2279,7 @@ dissect_sua_message(tvbuff_t *message_tvb, packet_info *pinfo, proto_tree *sua_t
!dissector_try_uint(sccp_ssn_dissector_table, source_ssn, data_tvb, pinfo, tree)))
{
/* try heuristic subdissector list to see if there are any takers */
if (dissector_try_heuristic(heur_subdissector_list, data_tvb, pinfo, tree, NULL)) {
if (dissector_try_heuristic(heur_subdissector_list, data_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
return;
}
/* No sub-dissection occurred, treat it as raw data */

9
epan/dissectors/packet-t125.c
View File

@ -182,12 +182,13 @@ static int
dissect_t125_T_userData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 98 "../../asn1/t125/t125.cnf"
tvbuff_t *next_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
&next_tvb);
if(next_tvb)
dissector_try_heuristic(t125_heur_subdissector_list, next_tvb,
actx->pinfo, top_tree, NULL);
actx->pinfo, top_tree, &hdtbl_entry, NULL);
return offset;
@ -257,14 +258,16 @@ dissect_t125_Result(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_
static int
dissect_t125_T_userData_01(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 107 "../../asn1/t125/t125.cnf"
#line 108 "../../asn1/t125/t125.cnf"
tvbuff_t *next_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
&next_tvb);
if(next_tvb)
dissector_try_heuristic(t125_heur_subdissector_list, next_tvb,
actx->pinfo, top_tree, NULL);
actx->pinfo, top_tree, &hdtbl_entry, NULL);
return offset;

5
epan/dissectors/packet-tcp.c
View File

@ -3847,6 +3847,7 @@ decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
int low_port, high_port;
int save_desegment_offset;
guint32 save_desegment_len;
heur_dtbl_entry_t *hdtbl_entry;
/* Don't call subdissectors for keepalives. Even though they do contain
* payload "data", it's just garbage. Display any data the keepalive
@ -3882,7 +3883,7 @@ decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
/* do lookup with the heuristic subdissector table */
save_desegment_offset = pinfo->desegment_offset;
save_desegment_len = pinfo->desegment_len;
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, tcpinfo)) {
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, tcpinfo)) {
pinfo->want_pdu_tracking -= !!(pinfo->want_pdu_tracking);
return TRUE;
}
@ -3943,7 +3944,7 @@ decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
/* do lookup with the heuristic subdissector table */
save_desegment_offset = pinfo->desegment_offset;
save_desegment_len = pinfo->desegment_len;
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, tcpinfo)) {
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, tcpinfo)) {
pinfo->want_pdu_tracking -= !!(pinfo->want_pdu_tracking);
return TRUE;
}

5
epan/dissectors/packet-tipc.c
View File

@ -1558,12 +1558,13 @@ static void
call_tipc_v2_data_subdissectors(tvbuff_t *data_tvb, packet_info *pinfo, guint32 *name_type_p, guint8 user)
{
if (dissect_tipc_data) {
heur_dtbl_entry_t *hdtbl_entry;
/* dissection of TIPC data is set in preferences */
/* check for heuristic dissectors if specified in the
* preferences to try them first */
if (try_heuristic_first) {
if (dissector_try_heuristic(tipc_heur_subdissector_list, data_tvb, pinfo, top_tree, NULL))
if (dissector_try_heuristic(tipc_heur_subdissector_list, data_tvb, pinfo, top_tree, &hdtbl_entry, NULL))
return;
}
/* This triggers if a dissectors if
@ -1607,7 +1608,7 @@ call_tipc_v2_data_subdissectors(tvbuff_t *data_tvb, packet_info *pinfo, guint32
/* check for heuristic dissectors if specified in the
* preferences not to try them first */
if (!try_heuristic_first) {
if (dissector_try_heuristic(tipc_heur_subdissector_list, data_tvb, pinfo, top_tree, NULL))
if (dissector_try_heuristic(tipc_heur_subdissector_list, data_tvb, pinfo, top_tree, &hdtbl_entry, NULL))
return;
}
}

3
epan/dissectors/packet-turnchannel.c
View File

@ -66,6 +66,7 @@ dissect_turnchannel_message(tvbuff_t *tvb, packet_info *pinfo,
guint16 data_len;
proto_item *ti;
proto_tree *turnchannel_tree;
heur_dtbl_entry_t *hdtbl_entry;
len = tvb_length(tvb);
/* First, make sure we have enough data to do the check. */
@ -112,7 +113,7 @@ dissect_turnchannel_message(tvbuff_t *tvb, packet_info *pinfo,
if (!dissector_try_heuristic(heur_subdissector_list,
next_tvb, pinfo, tree, NULL)) {
next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
call_dissector(data_handle,next_tvb, pinfo, tree);
}
}

39
epan/dissectors/packet-udp.c
View File

@ -178,9 +178,8 @@ static gboolean try_heuristic_first = FALSE;
/* Per-packet-info for UDP */
typedef struct
{
gboolean found_heuristic;
} udp_p_info_t;
heur_dtbl_entry_t *heur_dtbl_entry;
} udp_p_info_t;
/* XXX - redefined here to not create UI dependencies */
#define UTF8_LEFTWARDS_ARROW "\xe2\x86\x90" /* 8592 / 0x2190 */
@ -333,19 +332,9 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
int low_port, high_port;
gint len, reported_len;
udp_p_info_t *udp_p_info = NULL;
gboolean prev_heur_found = FALSE;
/* Save curr_layer_num as it might be changed by subdissector */
guint8 curr_layer_num = pinfo->curr_layer_num;
if (pinfo->fd->flags.visited) {
udp_p_info = (udp_p_info_t*)p_get_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, pinfo->curr_layer_num);
if (udp_p_info) {
prev_heur_found = udp_p_info->found_heuristic;
}
}else{
/* Force heuristic check on first pass */
prev_heur_found = TRUE;
}
heur_dtbl_entry_t *hdtbl_entry;
len = tvb_captured_length_remaining(tvb, offset);
reported_len = tvb_reported_length_remaining(tvb, offset);
@ -368,7 +357,15 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
if (have_tap_listener(udp_follow_tap))
tap_queue_packet(udp_follow_tap, pinfo, next_tvb);
/* determine if this packet is part of a conversation and call dissector */
if (pinfo->fd->flags.visited) {
udp_p_info = (udp_p_info_t*)p_get_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, pinfo->curr_layer_num);
if (udp_p_info) {
call_heur_dissector_direct(udp_p_info->heur_dtbl_entry, next_tvb, pinfo, tree, NULL);
return;
}
}
/* determine if this packet is part of a conversation and call dissector */
/* for the conversation if available */
if (try_conversation_dissector(&pinfo->dst, &pinfo->src, PT_UDP,
@ -376,12 +373,12 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
return;
}
if (try_heuristic_first && prev_heur_found) {
if (try_heuristic_first) {
/* Do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) {
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
if (!udp_p_info) {
udp_p_info = wmem_new0(wmem_file_scope(), udp_p_info_t);
udp_p_info->found_heuristic = TRUE;
udp_p_info->heur_dtbl_entry = hdtbl_entry;
p_add_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, curr_layer_num, udp_p_info);
}
return;
@ -418,12 +415,12 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo,
dissector_try_uint(udp_dissector_table, high_port, next_tvb, pinfo, tree))
return;
if (!try_heuristic_first && prev_heur_found) {
if (!try_heuristic_first) {
/* Do lookup with the heuristic subdissector table */
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) {
if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
if (!udp_p_info) {
udp_p_info = wmem_new0(wmem_file_scope(), udp_p_info_t);
udp_p_info->found_heuristic = TRUE;
udp_p_info->heur_dtbl_entry = hdtbl_entry;
p_add_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, curr_layer_num, udp_p_info);
}
return;

3
epan/dissectors/packet-usb.c
View File

@ -2383,6 +2383,7 @@ try_dissect_next_protocol(proto_tree *tree, proto_tree *parent, tvbuff_t *next_t
guint32 k_frame_number;
guint32 k_device_address;
guint32 k_bus_id;
heur_dtbl_entry_t *hdtbl_entry;
/* try dissect by "usb.device" */
if (tvb_length(next_tvb) > 0 &&
@ -2487,7 +2488,7 @@ try_dissect_next_protocol(proto_tree *tree, proto_tree *parent, tvbuff_t *next_t
usb_dissector_table = NULL;
}
if (try_heuristics && dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, parent, usb_conv_info)) {
if (try_heuristics && dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, parent, &hdtbl_entry, usb_conv_info)) {
offset += tvb_length(next_tvb);
} else if (usb_dissector_table &&
dissector_try_uint_new(usb_dissector_table, usb_conv_info->interfaceClass, next_tvb, pinfo, parent, TRUE, usb_conv_info)) {

6
epan/dissectors/packet-vines.c
View File

@ -791,6 +791,7 @@ dissect_vines_ipc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
proto_tree *vipc_tree = NULL, *control_tree;
proto_item *ti;
tvbuff_t *next_tvb;
heur_dtbl_entry_t *hdtbl_entry;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "VIPC");
col_clear(pinfo->cinfo, COL_INFO);
@ -890,7 +891,7 @@ dissect_vines_ipc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
next_tvb = tvb_new_subset_remaining(tvb, offset);
if (viph.vipc_pkttype != PKTTYPE_DATA ||
!dissector_try_heuristic(vines_ipc_heur_subdissector_list,
next_tvb, pinfo, tree, NULL))
next_tvb, pinfo, tree, &hdtbl_entry, NULL))
call_dissector(data_handle, next_tvb, pinfo, tree);
}
@ -1003,6 +1004,7 @@ dissect_vines_spp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
proto_tree *vspp_tree, *control_tree;
proto_item *ti;
tvbuff_t *next_tvb;
heur_dtbl_entry_t *hdtbl_entry;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "VSPP");
col_clear(pinfo->cinfo, COL_INFO);
@ -1061,7 +1063,7 @@ dissect_vines_spp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
next_tvb = tvb_new_subset_remaining(tvb, offset);
if (viph.vspp_pkttype != PKTTYPE_DATA ||
!dissector_try_heuristic(vines_spp_heur_subdissector_list,
next_tvb, pinfo, tree, NULL))
next_tvb, pinfo, tree, &hdtbl_entry, NULL))
call_dissector(data_handle, next_tvb, pinfo, tree);
}

3
epan/dissectors/packet-websocket.c
View File

@ -162,6 +162,7 @@ dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, p
dissector_handle_t handle;
proto_tree *pl_tree, *mask_tree = NULL;
tvbuff_t *payload_tvb = NULL;
heur_dtbl_entry_t *hdtbl_entry;
/* Payload */
ti = proto_tree_add_item(ws_tree, hf_ws_payload, tvb, offset, payload_length, ENC_NA);
@ -180,7 +181,7 @@ dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, p
if (handle != NULL) {
call_dissector_only(handle, payload_tvb, pinfo, tree, NULL);
} else {
dissector_try_heuristic(heur_subdissector_list, payload_tvb, pinfo, tree, NULL);
dissector_try_heuristic(heur_subdissector_list, payload_tvb, pinfo, tree, &hdtbl_entry, NULL);
}
/* Extension Data */

11
epan/dissectors/packet-wsp.c
View File

@ -4916,6 +4916,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
const char *contentTypeStr;
tvbuff_t *tmp_tvb;
gboolean found_match;
heur_dtbl_entry_t *hdtbl_entry;
/* Set up structures we will need to add the protocol subtree and manage it */
proto_item *proto_ti = NULL; /* for the proto entry */
@ -5155,7 +5156,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
}
if (! found_match) {
if (! dissector_try_heuristic(heur_subdissector_list,
tmp_tvb, pinfo, tree, NULL)) {
tmp_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
guint8* save_private_data = (guint8 *)pinfo->private_data;
pinfo->match_string = contentTypeStr;
@ -5248,7 +5249,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
}
if (! found_match) {
if (! dissector_try_heuristic(heur_subdissector_list,
tmp_tvb, pinfo, tree, NULL)) {
tmp_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
guint8* save_private_data = (guint8 *)pinfo->private_data;
pinfo->match_string = contentTypeStr;
@ -5332,7 +5333,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
}
if (! found_match) {
if (! dissector_try_heuristic(heur_subdissector_list,
tmp_tvb, pinfo, tree, NULL)) {
tmp_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
guint8* save_private_data = (guint8 *)pinfo->private_data;
pinfo->match_string = contentTypeStr;
@ -5862,6 +5863,8 @@ add_multipart_data (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo)
proto_item *ti = NULL;
proto_tree *mpart_tree = NULL;
heur_dtbl_entry_t *hdtbl_entry;
DebugLog(("add_multipart_data(): offset = %u, byte = 0x%02x: ",
offset, tvb_get_guint8(tvb,offset)));
nEntries = tvb_get_guintvar (tvb, offset, &count);
@ -5930,7 +5933,7 @@ add_multipart_data (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo)
}
if (! found_match) {
if (! dissector_try_heuristic(heur_subdissector_list,
tmp_tvb, pinfo, mpart_tree, NULL)) {
tmp_tvb, pinfo, mpart_tree, &hdtbl_entry, NULL)) {
guint8* save_private_data = (guint8 *)pinfo->private_data;
pinfo->match_string = contentTypeStr;

3
epan/dissectors/packet-x25.c
View File

@ -1297,6 +1297,7 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
gint payload_len;
guint32 frag_key;
fragment_head *fd_head;
heur_dtbl_entry_t *hdtbl_entry;
guint8 spi;
@ -2071,7 +2072,7 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
/* Try the heuristic dissectors. */
if (dissector_try_heuristic(x25_heur_subdissector_list, next_tvb, pinfo,
tree, NULL)) {
tree, &hdtbl_entry, NULL)) {
return;
}

75
epan/packet.c
View File

@ -1932,15 +1932,16 @@ heur_dissector_set_enabled(const char *name, heur_dissector_t dissector, const i
gboolean
dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree, void *data)
packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **heur_dtbl_entry, void *data)
{
gboolean status;
const char *saved_curr_proto;
const char *saved_heur_list_name;
GSList *entry;
heur_dtbl_entry_t *hdtbl_entry;
guint16 saved_can_desegment;
guint saved_layers_len = 0;
heur_dtbl_entry_t *hdtbl_entry;
int proto_id;
/* can_desegment is set to 2 by anyone which offers this api/service.
then everytime a subdissector is called it is decremented by one.
@ -1960,6 +1961,7 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb,
saved_heur_list_name = pinfo->heur_list_name;
saved_layers_len = wmem_list_count(pinfo->layers);
*heur_dtbl_entry = NULL;
for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
/* XXX - why set this now and above? */
@ -1967,13 +1969,14 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb,
hdtbl_entry = (heur_dtbl_entry_t *)entry->data;
if (hdtbl_entry->protocol != NULL &&
(!proto_is_protocol_enabled(hdtbl_entry->protocol)||(hdtbl_entry->enabled==FALSE))) {
(!proto_is_protocol_enabled(hdtbl_entry->protocol)||(hdtbl_entry->enabled==FALSE))) {
/*
* No - don't try this dissector.
*/
continue;
}
proto_id = proto_get_id(hdtbl_entry->protocol);
if (hdtbl_entry->protocol != NULL) {
/* do NOT change this behavior - wslua uses the protocol short name set here in order
to determine which Lua-based heurisitc dissector to call */
@ -1984,21 +1987,19 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb,
* Add the protocol name to the layers; we'll remove it
* if the dissector fails.
*/
wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_get_id(hdtbl_entry->protocol)));
wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_id));
}
pinfo->heur_list_name = hdtbl_entry->list_name;
EP_CHECK_CANARY(("before calling heuristic dissector for protocol: %s",
proto_get_protocol_filter_name(proto_get_id(hdtbl_entry->protocol))));
if ((*hdtbl_entry->dissector)(tvb, pinfo, tree, data)) {
EP_CHECK_CANARY(("after heuristic dissector for protocol: %s has accepted and dissected packet",
proto_get_protocol_filter_name(proto_get_id(hdtbl_entry->protocol))));
EP_CHECK_CANARY(("before calling heuristic dissector for protocol: %s", proto_get_protocol_filter_name(proto_id)));
if ((hdtbl_entry->dissector)(tvb, pinfo, tree, data)) {
EP_CHECK_CANARY(("after heuristic dissector for protocol: %s has accepted and dissected packet", proto_get_protocol_filter_name(proto_id)));
*heur_dtbl_entry = hdtbl_entry;
status = TRUE;
break;
} else {
EP_CHECK_CANARY(("after heuristic dissector for protocol: %s has returned false",
proto_get_protocol_filter_name(proto_get_id(hdtbl_entry->protocol))));
EP_CHECK_CANARY(("after heuristic dissector for protocol: %s has returned false", proto_get_protocol_filter_name(proto_id)));
/*
* That dissector didn't accept the packet, so
@ -2281,6 +2282,58 @@ call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
return call_dissector_with_data(handle, tvb, pinfo, tree, NULL);
}
/*
* Call a heuristic dissector through a heur_dtbl_entry
*/
void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree, void *data)
{
const char *saved_curr_proto;
const char *saved_heur_list_name;
guint16 saved_can_desegment;
int proto_id;
g_assert(heur_dtbl_entry);
/* can_desegment is set to 2 by anyone which offers this api/service.
then everytime a subdissector is called it is decremented by one.
thus only the subdissector immediately ontop of whoever offers this
service can use it.
We save the current value of "can_desegment" for the
benefit of TCP proxying dissectors such as SOCKS, so they
can restore it and allow the dissectors they call to use
the desegmentation service.
*/
saved_can_desegment = pinfo->can_desegment;
pinfo->saved_can_desegment = saved_can_desegment;
pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
saved_curr_proto = pinfo->current_proto;
saved_heur_list_name = pinfo->heur_list_name;
proto_id = proto_get_id(heur_dtbl_entry->protocol);
if (heur_dtbl_entry->protocol != NULL) {
/* do NOT change this behavior - wslua uses the protocol short name set here in order
to determine which Lua-based heurisitc dissector to call */
pinfo->current_proto = proto_get_protocol_short_name(heur_dtbl_entry->protocol);
wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_id));
}
EP_CHECK_CANARY(("before calling heuristic dissector for protocol: %s", proto_get_protocol_filter_name(proto_id)));
/* call the dissector, as we have saved the result heuristic failure is an error */
if(!(*heur_dtbl_entry->dissector)(tvb, pinfo, tree, data))
g_assert_not_reached();
/* Restore info from caller */
pinfo->can_desegment = saved_can_desegment;
pinfo->current_proto = saved_curr_proto;
pinfo->heur_list_name = saved_heur_list_name;
}
/*
* Dumps the "layer type"/"decode as" associations to stdout, similar
* to the proto_registrar_dump_*() routines.

34
epan/packet.h
View File

@ -366,11 +366,12 @@ WS_DLL_PUBLIC gboolean has_heur_dissector_list(const gchar *name);
* @param tvb the tvbuff with the (remaining) packet data
* @param pinfo the packet info of this packet (additional info)
* @param tree the protocol tree to be build or NULL
* @param returns the last tried dissectors hdtbl_entry.
* @param data parameter to pass to subdissector
* @return TRUE if the packet was recognized by the sub-dissector (stop dissection here)
*/
WS_DLL_PUBLIC gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **hdtbl_entry, void *data);
/** Add a sub-dissector to a heuristic dissector list.
* Call this in the proto_handoff function of the sub-dissector.
@ -401,37 +402,37 @@ WS_DLL_PUBLIC void heur_dissector_delete(const char *name, heur_dissector_t diss
*/
extern void heur_dissector_set_enabled(const char *name, heur_dissector_t dissector, const int proto, const gboolean enabled);
/* Register a dissector. */
/** Register a dissector. */
WS_DLL_PUBLIC dissector_handle_t register_dissector(const char *name, dissector_t dissector,
const int proto);
WS_DLL_PUBLIC dissector_handle_t new_register_dissector(const char *name, new_dissector_t dissector,
const int proto);
/* Get the long name of the protocol for a dissector handle. */
/** Get the long name of the protocol for a dissector handle. */
extern const char *dissector_handle_get_long_name(const dissector_handle_t handle);
/* Get the short name of the protocol for a dissector handle. */
/** Get the short name of the protocol for a dissector handle. */
WS_DLL_PUBLIC const char *dissector_handle_get_short_name(const dissector_handle_t handle);
/* Get the index of the protocol for a dissector handle. */
/** Get the index of the protocol for a dissector handle. */
WS_DLL_PUBLIC int dissector_handle_get_protocol_index(const dissector_handle_t handle);
/* Get a GList of all registered dissector names. */
/** Get a GList of all registered dissector names. */
WS_DLL_PUBLIC GList* get_dissector_names(void);
/* Find a dissector by name. */
/** Find a dissector by name. */
WS_DLL_PUBLIC dissector_handle_t find_dissector(const char *name);
/* Get a dissector name from handle. */
/** Get a dissector name from handle. */
WS_DLL_PUBLIC const char *dissector_handle_get_dissector_name(const dissector_handle_t handle);
/* Create an anonymous handle for a dissector. */
/** Create an anonymous handle for a dissector. */
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle(dissector_t dissector,
const int proto);
WS_DLL_PUBLIC dissector_handle_t new_create_dissector_handle(new_dissector_t dissector,
const int proto);
/* Call a dissector through a handle and if no dissector was found
/** Call a dissector through a handle and if no dissector was found
* pass it over to the "data" dissector instead.
*
* @param handle The dissector to call.
@ -449,7 +450,7 @@ WS_DLL_PUBLIC int call_dissector_with_data(dissector_handle_t handle, tvbuff_t *
WS_DLL_PUBLIC int call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree);
/* Call a dissector through a handle but if no dissector was found
/** Call a dissector through a handle but if no dissector was found
* just return 0 and do not call the "data" dissector instead.
*
* @param handle The dissector to call.
@ -465,6 +466,17 @@ WS_DLL_PUBLIC int call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
WS_DLL_PUBLIC int call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree, void *data);
/**
* @param heur_dtbl_entry The heur_dtbl_entry of the dissector to call.
* @param tvb The buffer to dissect.
* @param pinfo Packet Info.
* @param tree The protocol tree.
* @param data parameter to pass to dissector
*/
WS_DLL_PUBLIC void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree, void *data);
/* Do all one-time initialization. */
extern void dissect_init(void);

7
plugins/ethercat/packet-ethercat-datagram.c
View File

@ -452,6 +452,7 @@ static void dissect_ecat_datagram(tvbuff_t *tvb, packet_info *pinfo, proto_tree
const guint datagram_length = tvb_length_remaining(tvb, offset);
guint datagram_padding_bytes = 0;
EcParserHDR ecHdr;
heur_dtbl_entry_t *hdtbl_entry;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ECAT");
@ -732,7 +733,7 @@ static void dissect_ecat_datagram(tvbuff_t *tvb, packet_info *pinfo, proto_tree
init_dc_measure(pDC, tvb, suboffset);
/* Allow sub dissectors to have a chance with this data */
if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, NULL))
if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, &hdtbl_entry, NULL))
{
/* No sub dissector did recognize this data, dissect it as data only */
aitem = proto_tree_add_item(ecat_datagram_tree, hf_ecat_data, tvb, suboffset, ecHdr.len & 0x07ff, ENC_NA);
@ -815,7 +816,7 @@ static void dissect_ecat_datagram(tvbuff_t *tvb, packet_info *pinfo, proto_tree
if ( dataLength > 0 )
{
/* Allow sub dissectors to have a chance with this data */
if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, NULL))
if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, &hdtbl_entry, NULL))
{
/* No sub dissector did recognize this data, dissect it as data only */
proto_tree_add_item(ecat_datagram_tree, hf_ecat_data, tvb, startOfData, dataLength, ENC_NA);
@ -833,7 +834,7 @@ static void dissect_ecat_datagram(tvbuff_t *tvb, packet_info *pinfo, proto_tree
if( tree )
{
/* Allow sub dissectors to have a chance with this data */
if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, NULL))
if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, &hdtbl_entry, NULL))
{
/* No sub dissector did recognize this data, dissect it as data only */
proto_tree_add_item(ecat_datagram_tree, hf_ecat_data, tvb, suboffset, ecHdr.len & 0x07ff, ENC_NA);

3
plugins/profinet/packet-dcerpc-pn-io.c
View File

@ -9415,13 +9415,14 @@ dissect_PNIO_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
guint8 *drep = &drep_data;
guint8 u8CBAVersion;
guint16 u16FrameID;
heur_dtbl_entry_t *hdtbl_entry;
/*
* In case the packet is a protocol encoded in the basic PNIO transport stream,
* give that protocol a chance to make a heuristic dissection, before we continue
* to dissect it as a normal PNIO packet.
*/
if (dissector_try_heuristic(heur_pn_subdissector_list, tvb, pinfo, tree, NULL))
if (dissector_try_heuristic(heur_pn_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL))
return TRUE;
/* the sub tvb will NOT contain the frame_id here! */

3
plugins/profinet/packet-pn-rt.c
View File

@ -495,6 +495,7 @@ dissect_pn_rt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
gchar szFieldSummary[100];
tvbuff_t *next_tvb;
gboolean bCyclic;
heur_dtbl_entry_t *hdtbl_entry;
/* If the link-layer dissector for the protocol above us knows whether
@ -806,7 +807,7 @@ dissect_pn_rt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
next_tvb = tvb_new_subset(tvb, 2, data_len, data_len);
/* ask heuristics, if some sub-dissector is interested in this packet payload */
if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) {
if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
/*col_set_str(pinfo->cinfo, COL_INFO, "Unknown");*/
/* Oh, well, we don't know this; dissect it as data. */