diff --git a/asn1/atn-ulcs/atn-ulcs.cnf b/asn1/atn-ulcs/atn-ulcs.cnf index 5ec06ab0e3..4307146488 100644 --- a/asn1/atn-ulcs/atn-ulcs.cnf +++ b/asn1/atn-ulcs/atn-ulcs.cnf @@ -49,6 +49,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar proto_item *ti = NULL; proto_tree *atn_ulcs_tree = NULL; atn_conversation_t *atn_cv = NULL; + heur_dtbl_entry_t *hdtbl_entry; /* extract bitstring into new tvb buffer */ offset = dissect_per_bit_string( @@ -113,6 +114,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar tvb_new_subset_remaining(tvb_usr,0), actx->pinfo, root_tree, + &hdtbl_entry, NULL); break; } @@ -123,6 +125,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar tvb_new_subset_remaining(tvb_usr,0), actx->pinfo, root_tree, + &hdtbl_entry, NULL); } break; @@ -458,6 +461,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar tvbuff_t *tvb_usr = NULL; packet_info * pinfo = actx->pinfo; atn_conversation_t *atn_cv = NULL; + heur_dtbl_entry_t *hdtbl_entry; /* decode bit-string user data within ACSE */ offset = dissect_per_bit_string( @@ -525,6 +529,7 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar tvb_new_subset_remaining(tvb_usr,0), actx->pinfo, root_tree, + &hdtbl_entry, NULL); break; } @@ -535,11 +540,12 @@ PDV-list/presentation-data-values/arbitrary pdv-list_presentation-data-values_ar tvb_new_subset_remaining(tvb_usr,0), actx->pinfo, root_tree, + &hdtbl_entry, NULL); } } - offset += tvb_length_remaining(tvb, offset); + offset += tvb_reported_length_remaining(tvb, offset); #.END diff --git a/asn1/atn-ulcs/packet-atn-ulcs-template.c b/asn1/atn-ulcs/packet-atn-ulcs-template.c index 0445b29e05..3350d18f32 100644 --- a/asn1/atn-ulcs/packet-atn-ulcs-template.c +++ b/asn1/atn-ulcs/packet-atn-ulcs-template.c @@ -746,7 +746,7 @@ static gboolean dissect_atn_ulcs_heur( { /* do we have enough data*/ /* at least session + presentation data or pdv-list */ - if (tvb_length(tvb) < 2){ + if (tvb_captured_length(tvb) < 2){ return FALSE; } /* check for session/presentation/ACSE PDU's */ diff --git a/asn1/credssp/credssp.cnf b/asn1/credssp/credssp.cnf index 26b1d57df0..6a2f301c04 100644 --- a/asn1/credssp/credssp.cnf +++ b/asn1/credssp/credssp.cnf @@ -43,12 +43,13 @@ TSRequest #.FN_BODY NegoData/_item/negoToken tvbuff_t *token_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry; %(DEFAULT_BODY)s if(token_tvb != NULL) dissector_try_heuristic(credssp_heur_subdissector_list, - token_tvb, actx->pinfo, proto_tree_get_root(tree), NULL); + token_tvb, actx->pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL); #.END diff --git a/asn1/credssp/packet-credssp-template.c b/asn1/credssp/packet-credssp-template.c index 31457f28dd..7cde346be8 100644 --- a/asn1/credssp/packet-credssp-template.c +++ b/asn1/credssp/packet-credssp-template.c @@ -106,10 +106,12 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, if((length == 1) && (tvb_get_guint8(tvb, offset) == 2)) { if (have_tap_listener(exported_pdu_tap)) { exp_pdu_data_t *exp_pdu_data; + guint8 tags_bit_field; - exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, - (EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | - EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT)); + tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+ + EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; + + exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); diff --git a/asn1/mpeg-pes/packet-mpeg-pes-template.c b/asn1/mpeg-pes/packet-mpeg-pes-template.c index 4d99fa2b98..ead94ed698 100644 --- a/asn1/mpeg-pes/packet-mpeg-pes-template.c +++ b/asn1/mpeg-pes/packet-mpeg-pes-template.c @@ -314,7 +314,7 @@ dissect_mpeg_pes_header_data(tvbuff_t *tvb, packet_info *pinfo, if (flags2 & PRIVATE_DATA_FLAG) { proto_tree_add_item(tree, hf_mpeg_pes_private_data, tvb, - offset, 16, ENC_BIG_ENDIAN); + offset, 16, ENC_NA); offset += 16; } if (flags2 & PACK_LENGTH_FLAG) { @@ -544,7 +544,9 @@ static heur_dissector_list_t heur_subdissector_list; static void dissect_mpeg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) { + heur_dtbl_entry_t *hdtbl_entry; + + if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) { col_set_str(pinfo->cinfo, COL_PROTOCOL, "MPEG"); col_clear(pinfo->cinfo, COL_INFO); if (tree) diff --git a/asn1/t125/t125.cnf b/asn1/t125/t125.cnf index 8e015a93da..ab058dd549 100644 --- a/asn1/t125/t125.cnf +++ b/asn1/t125/t125.cnf @@ -96,19 +96,22 @@ ConnectMCSPDU #.FN_BODY Connect-Initial/_untag/userData VAL_PTR = &next_tvb #.FN_BODY Connect-Initial/_untag/userData tvbuff_t *next_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry; %(DEFAULT_BODY)s if(next_tvb) dissector_try_heuristic(t125_heur_subdissector_list, next_tvb, - actx->pinfo, top_tree, NULL); + actx->pinfo, top_tree, &hdtbl_entry, NULL); #.END #.FN_BODY Connect-Response/_untag/userData VAL_PTR = &next_tvb #.FN_BODY Connect-Response/_untag/userData tvbuff_t *next_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry; + %(DEFAULT_BODY)s if(next_tvb) dissector_try_heuristic(t125_heur_subdissector_list, next_tvb, - actx->pinfo, top_tree, NULL); + actx->pinfo, top_tree, &hdtbl_entry, NULL); #.END diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc index dce2aaca64..b7969473a3 100644 --- a/docbook/release-notes.asciidoc +++ b/docbook/release-notes.asciidoc @@ -214,6 +214,9 @@ The libwireshark API has undergone some major changes: tvb_captured_length for clarity, and tvb_get_string and tvb_get_stringz have been deprecated in favour of tvb_get_string_enc and tvb_get_stringz_enc. +* dissector_try_heuristic() signature has been changed to return heur_dtbl_entry_t + to make it possible to save it and use it in subsequent calls to avoid the overhead + of going trough the heuristics list. == Getting Wireshark diff --git a/epan/dissectors/packet-atn-ulcs.c b/epan/dissectors/packet-atn-ulcs.c index edfdc2a61e..3fdb7029ca 100644 --- a/epan/dissectors/packet-atn-ulcs.c +++ b/epan/dissectors/packet-atn-ulcs.c @@ -381,6 +381,7 @@ dissect_atn_ulcs_T_pdv_list_presentation_data_values_arbitrary(tvbuff_t *tvb _U_ proto_item *ti = NULL; proto_tree *atn_ulcs_tree = NULL; atn_conversation_t *atn_cv = NULL; + heur_dtbl_entry_t *hdtbl_entry; /* extract bitstring into new tvb buffer */ offset = dissect_per_bit_string( @@ -445,6 +446,7 @@ dissect_atn_ulcs_T_pdv_list_presentation_data_values_arbitrary(tvbuff_t *tvb _U_ tvb_new_subset_remaining(tvb_usr,0), actx->pinfo, root_tree, + &hdtbl_entry, NULL); break; } @@ -455,6 +457,7 @@ dissect_atn_ulcs_T_pdv_list_presentation_data_values_arbitrary(tvbuff_t *tvb _U_ tvb_new_subset_remaining(tvb_usr,0), actx->pinfo, root_tree, + &hdtbl_entry, NULL); } break; @@ -592,6 +595,7 @@ dissect_atn_ulcs_T_externalt_encoding_arbitrary(tvbuff_t *tvb _U_, int offset _U tvbuff_t *tvb_usr = NULL; packet_info * pinfo = actx->pinfo; atn_conversation_t *atn_cv = NULL; + heur_dtbl_entry_t *hdtbl_entry; /* decode bit-string user data within ACSE */ offset = dissect_per_bit_string( @@ -659,6 +663,7 @@ dissect_atn_ulcs_T_externalt_encoding_arbitrary(tvbuff_t *tvb _U_, int offset _U tvb_new_subset_remaining(tvb_usr,0), actx->pinfo, root_tree, + &hdtbl_entry, NULL); break; } @@ -669,11 +674,12 @@ dissect_atn_ulcs_T_externalt_encoding_arbitrary(tvbuff_t *tvb _U_, int offset _U tvb_new_subset_remaining(tvb_usr,0), actx->pinfo, root_tree, + &hdtbl_entry, NULL); } } - offset += tvb_length_remaining(tvb, offset); + offset += tvb_reported_length_remaining(tvb, offset); return offset; @@ -2142,7 +2148,7 @@ static gboolean dissect_atn_ulcs_heur( { /* do we have enough data*/ /* at least session + presentation data or pdv-list */ - if (tvb_length(tvb) < 2){ + if (tvb_captured_length(tvb) < 2){ return FALSE; } /* check for session/presentation/ACSE PDU's */ diff --git a/epan/dissectors/packet-cip.c b/epan/dissectors/packet-cip.c index c0c52d6fed..ab1d0e33e8 100644 --- a/epan/dissectors/packet-cip.c +++ b/epan/dissectors/packet-cip.c @@ -6147,6 +6147,7 @@ dissect_cip_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, packet_info cip_simple_request_info_t path_info; dissector_handle_t dissector; gint service_index; + heur_dtbl_entry_t *hdtbl_entry; p_save_proto_data = p_get_proto_data(wmem_file_scope(), pinfo, proto_cip, 0); p_remove_proto_data(wmem_file_scope(), pinfo, proto_cip, 0); @@ -6239,7 +6240,7 @@ dissect_cip_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, packet_info if (service_index >= 0) { /* See if object dissector wants to override generic service handling */ - if(!dissector_try_heuristic(heur_subdissector_service, tvb, pinfo, item_tree, NULL)) + if(!dissector_try_heuristic(heur_subdissector_service, tvb, pinfo, item_tree, &hdtbl_entry, NULL)) { dissect_cip_generic_service_rsp(tvb, pinfo, cip_tree); } @@ -6315,7 +6316,7 @@ dissect_cip_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, packet_info if (service_index >= 0) { /* See if object dissector wants to override generic service handling */ - if(!dissector_try_heuristic(heur_subdissector_service, tvb, pinfo, item_tree, NULL)) + if(!dissector_try_heuristic(heur_subdissector_service, tvb, pinfo, item_tree, &hdtbl_entry, NULL)) { dissect_cip_generic_service_req(tvb, pinfo, cip_tree, &path_info); } diff --git a/epan/dissectors/packet-clnp.c b/epan/dissectors/packet-clnp.c index 2236783d52..d03ed621f0 100644 --- a/epan/dissectors/packet-clnp.c +++ b/epan/dissectors/packet-clnp.c @@ -235,6 +235,7 @@ dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) tvbuff_t *next_tvb; gboolean update_col_info = TRUE; gboolean save_fragmented; + heur_dtbl_entry_t *hdtbl_entry; col_set_str(pinfo->cinfo, COL_PROTOCOL, "CLNP"); col_clear(pinfo->cinfo, COL_INFO); @@ -563,7 +564,7 @@ dissect_clnp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } } if (dissector_try_heuristic(clnp_heur_subdissector_list, next_tvb, - pinfo, tree, NULL)) { + pinfo, tree, &hdtbl_entry, NULL)) { pinfo->fragmented = save_fragmented; return; /* yes, it appears to be one of the protocols in the heuristic list */ } diff --git a/epan/dissectors/packet-credssp.c b/epan/dissectors/packet-credssp.c index f22cfb37ea..cf95f40d63 100644 --- a/epan/dissectors/packet-credssp.c +++ b/epan/dissectors/packet-credssp.c @@ -113,6 +113,7 @@ static int dissect_credssp_T_negoToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { #line 45 "../../asn1/credssp/credssp.cnf" tvbuff_t *token_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry; offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &token_tvb); @@ -120,7 +121,7 @@ dissect_credssp_T_negoToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of if(token_tvb != NULL) dissector_try_heuristic(credssp_heur_subdissector_list, - token_tvb, actx->pinfo, proto_tree_get_root(tree), NULL); + token_tvb, actx->pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL); @@ -378,10 +379,12 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, if((length == 1) && (tvb_get_guint8(tvb, offset) == 2)) { if (have_tap_listener(exported_pdu_tap)) { exp_pdu_data_t *exp_pdu_data; - guint8 tags= EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT | - EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT; + guint8 tags_bit_field; - exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags, 1); + tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+ + EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT; + + exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags_bit_field, 1); exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb); exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb); @@ -507,7 +510,7 @@ void proto_register_credssp(void) { "OCTET_STRING", HFILL }}, /*--- End of included file: packet-credssp-hfarr.c ---*/ -#line 150 "../../asn1/credssp/packet-credssp-template.c" +#line 152 "../../asn1/credssp/packet-credssp-template.c" }; /* List of subtrees */ @@ -525,7 +528,7 @@ void proto_register_credssp(void) { &ett_credssp_TSRequest, /*--- End of included file: packet-credssp-ettarr.c ---*/ -#line 156 "../../asn1/credssp/packet-credssp-template.c" +#line 158 "../../asn1/credssp/packet-credssp-template.c" }; diff --git a/epan/dissectors/packet-dccp.c b/epan/dissectors/packet-dccp.c index 06567aa0e6..b8b2af88e5 100644 --- a/epan/dissectors/packet-dccp.c +++ b/epan/dissectors/packet-dccp.c @@ -201,6 +201,7 @@ decode_dccp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, { tvbuff_t *next_tvb; int low_port, high_port; + heur_dtbl_entry_t *hdtbl_entry; next_tvb = tvb_new_subset_remaining(tvb, offset); @@ -216,7 +217,7 @@ decode_dccp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, if (try_heuristic_first) { /* do lookup with the heuristic subdissector table */ if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, - tree, NULL)) { + tree, &hdtbl_entry, NULL)) { return; } } @@ -260,7 +261,7 @@ decode_dccp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, if (!try_heuristic_first) { /* do lookup with the heuristic subdissector table */ if (dissector_try_heuristic(heur_subdissector_list, next_tvb, - pinfo, tree, NULL)) { + pinfo, tree, &hdtbl_entry, NULL)) { return; } } diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 7bb8a7689a..0a3cc6917c 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -815,6 +815,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *dtls_record_tree; SslAssociation *association; SslDataInfo *appl_data; + heur_dtbl_entry_t *hdtbl_entry; /* * Get the record layer fields of interest @@ -1054,7 +1055,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, } else { /* try heuristic subdissectors */ - dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, NULL); + dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, &hdtbl_entry, NULL); } if (dissected) break; diff --git a/epan/dissectors/packet-epl.c b/epan/dissectors/packet-epl.c index c1338c107f..67b8e5c41d 100644 --- a/epan/dissectors/packet-epl.c +++ b/epan/dissectors/packet-epl.c @@ -1234,6 +1234,7 @@ dissect_eplpdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean udp proto_item *ti; proto_tree *epl_tree = NULL, *epl_src_item, *epl_dest_item; gint offset = 0; + heur_dtbl_entry_t *hdtbl_entry; if (tvb_reported_length(tvb) < 3) { @@ -1260,7 +1261,7 @@ dissect_eplpdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean udp * give that protocol a chance to make a heuristic dissection, before we continue * to dissect it as a normal EPL packet. */ - if (dissector_try_heuristic(heur_epl_subdissector_list, tvb, pinfo, tree, &epl_mtyp)) + if (dissector_try_heuristic(heur_epl_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, &epl_mtyp)) return TRUE; /* tap */ @@ -1435,14 +1436,15 @@ static gint dissect_epl_payload ( proto_tree *epl_tree, tvbuff_t *tvb, packet_info *pinfo, gint offset, gint len, guint8 msgType ) { gint off = 0; - tvbuff_t * payload_tvb = NULL;; + tvbuff_t * payload_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry = NULL; off = offset; if (len > 0) { payload_tvb = tvb_new_subset(tvb, off, len, tvb_reported_length_remaining(tvb, offset) ); - if ( ! dissector_try_heuristic(heur_epl_data_subdissector_list, payload_tvb, pinfo, epl_tree, &msgType)) + if ( ! dissector_try_heuristic(heur_epl_data_subdissector_list, payload_tvb, pinfo, epl_tree, &hdtbl_entry, &msgType)) call_dissector(data_dissector, payload_tvb, pinfo, epl_tree); off += len; diff --git a/epan/dissectors/packet-eth.c b/epan/dissectors/packet-eth.c index 1bf82b4d21..6f86193061 100644 --- a/epan/dissectors/packet-eth.c +++ b/epan/dissectors/packet-eth.c @@ -229,6 +229,7 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, proto_item *addr_item; proto_tree *addr_tree=NULL; ethertype_data_t ethertype_data; + heur_dtbl_entry_t *hdtbl_entry = NULL; ehdr_num++; if(ehdr_num>=4){ @@ -259,7 +260,7 @@ dissect_eth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, * a first look before we assume that it's actually an * Ethernet packet. */ - if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, parent_tree, NULL)) + if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, parent_tree, &hdtbl_entry, NULL)) return fh_tree; if (ehdr->type <= IEEE_802_3_MAX_LEN) { @@ -578,6 +579,7 @@ add_ethernet_trailer(packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree, of the trailer are an FCS. */ proto_item *item; proto_tree *checksum_tree; + heur_dtbl_entry_t *hdtbl_entry; if (trailer_tvb) { guint trailer_length, trailer_reported_length; @@ -656,7 +658,7 @@ add_ethernet_trailer(packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree, we actually have a trailer. */ if (tvb_reported_length(real_trailer_tvb) != 0) { if (dissector_try_heuristic(eth_trailer_subdissector_list, - real_trailer_tvb, pinfo, tree, NULL) ) { + real_trailer_tvb, pinfo, tree, &hdtbl_entry, NULL) ) { /* If we're not sure that there is a FCS, all trailer data has been given to the ethernet-trailer dissector, so stop dissecting here */ diff --git a/epan/dissectors/packet-http.c b/epan/dissectors/packet-http.c index f7358a6860..048341baa1 100644 --- a/epan/dissectors/packet-http.c +++ b/epan/dissectors/packet-http.c @@ -713,6 +713,7 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, /*guint i;*/ /*http_info_value_t *si;*/ http_eo_t *eo_info; + heur_dtbl_entry_t *hdtbl_entry; /* * If this should be a request or response, do this quick check to see if @@ -1456,7 +1457,7 @@ dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, * dissect the payload - try the heuristic subdissectors. */ dissected = dissector_try_heuristic(heur_subdissector_list, - next_tvb, pinfo, tree, NULL); + next_tvb, pinfo, tree, &hdtbl_entry, NULL); } if (dissected) { diff --git a/epan/dissectors/packet-ieee802154.c b/epan/dissectors/packet-ieee802154.c index 3f4f1d1dfc..c02ce07d81 100644 --- a/epan/dissectors/packet-ieee802154.c +++ b/epan/dissectors/packet-ieee802154.c @@ -628,6 +628,8 @@ dissect_ieee802154_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, g ieee802154_short_addr addr16; ieee802154_hints_t *ieee_hints; + heur_dtbl_entry_t *hdtbl_entry; + packet->short_table = ieee802154_map.short_table; /* Allocate frame data with hints for upper layers */ @@ -1071,7 +1073,7 @@ dissect_ieee802154_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, g /* Beacon and Data packets contain a payload. */ if ((fcs_ok || !ieee802154_fcs_ok) && (tvb_reported_length(payload_tvb)>0)) { /* Attempt heuristic subdissection. */ - if (!dissector_try_heuristic(ieee802154_heur_subdissector_list, payload_tvb, pinfo, tree, packet)) { + if (!dissector_try_heuristic(ieee802154_heur_subdissector_list, payload_tvb, pinfo, tree, &hdtbl_entry, packet)) { /* Could not subdissect, call the data dissector instead. */ call_dissector(data_handle, payload_tvb, pinfo, tree); } diff --git a/epan/dissectors/packet-infiniband.c b/epan/dissectors/packet-infiniband.c index 8435791fe3..0cd39cec12 100644 --- a/epan/dissectors/packet-infiniband.c +++ b/epan/dissectors/packet-infiniband.c @@ -2285,6 +2285,7 @@ static void parse_PAYLOAD(proto_tree *parentTree, guint16 etype, reserved; const char *saved_proto; volatile gboolean dissector_found = FALSE; + heur_dtbl_entry_t *hdtbl_entry; if (!tvb_bytes_exist(tvb, *offset, length)) /* previously consumed bytes + offset was all the data - none or corrupt payload */ { @@ -2464,7 +2465,7 @@ static void parse_PAYLOAD(proto_tree *parentTree, /* Try any heuristic dissectors that requested a chance to try and dissect IB payloads */ if (!dissector_found) { - dissector_found = dissector_try_heuristic(heur_dissectors_payload, next_tvb, pinfo, parentTree, info); + dissector_found = dissector_try_heuristic(heur_dissectors_payload, next_tvb, pinfo, parentTree, &hdtbl_entry, info); } if (!dissector_found) { @@ -2858,6 +2859,7 @@ static void parse_COM_MGT(proto_tree *parentTree, packet_info *pinfo, tvbuff_t * proto_item *CM_header_item; proto_tree *CM_header_tree; tvbuff_t *next_tvb; + heur_dtbl_entry_t *hdtbl_entry; local_gid = (guint8 *)wmem_alloc(wmem_packet_scope(), GID_SIZE); remote_gid = (guint8 *)wmem_alloc(wmem_packet_scope(), GID_SIZE); @@ -2981,7 +2983,7 @@ static void parse_COM_MGT(proto_tree *parentTree, packet_info *pinfo, tvbuff_t * /* give a chance for subdissectors to analyze the private data */ next_tvb = tvb_new_subset(tvb, local_offset, 92, -1); - if (! dissector_try_heuristic(heur_dissectors_cm_private, next_tvb, pinfo, parentTree, NULL) ) + if (! dissector_try_heuristic(heur_dissectors_cm_private, next_tvb, pinfo, parentTree, &hdtbl_entry, NULL) ) /* if none reported success, add this as raw "data" */ proto_tree_add_item(CM_header_tree, hf_cm_req_private_data, tvb, local_offset, 92, ENC_NA); @@ -3070,7 +3072,7 @@ static void parse_COM_MGT(proto_tree *parentTree, packet_info *pinfo, tvbuff_t * /* give a chance for subdissectors to get the private data */ next_tvb = tvb_new_subset(tvb, local_offset, 196, -1); - if (! dissector_try_heuristic(heur_dissectors_cm_private, next_tvb, pinfo, parentTree, NULL) ) + if (! dissector_try_heuristic(heur_dissectors_cm_private, next_tvb, pinfo, parentTree, &hdtbl_entry, NULL) ) /* if none reported success, add this as raw "data" */ proto_tree_add_item(CM_header_tree, hf_cm_rep_privatedata, tvb, local_offset, 196, ENC_NA); diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index a3cc33eef1..f3eb08cae7 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -1951,6 +1951,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) proto_item *item = NULL, *ttl_item; proto_tree *checksum_tree; guint16 ttl; + heur_dtbl_entry_t *hdtbl_entry; tree = parent_tree; iph = (ws_ip *)wmem_alloc(wmem_packet_scope(), sizeof(ws_ip)); @@ -2403,11 +2404,11 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) even be labeled as an IP frame; ideally, if a frame being dissected throws an exception, it'll be labeled as a mangled frame of the type in question. */ - if ((try_heuristic_first) && (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, iph))) { + if ((try_heuristic_first) && (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, iph))) { /* We're good */ } else if (!dissector_try_uint_new(ip_dissector_table, nxt, next_tvb, pinfo, parent_tree, TRUE, iph)) { - if ((!try_heuristic_first) && (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, iph))) { + if ((!try_heuristic_first) && (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, iph))) { /* Unknown protocol */ if (update_col_info) { col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)", diff --git a/epan/dissectors/packet-iwarp-ddp-rdmap.c b/epan/dissectors/packet-iwarp-ddp-rdmap.c index 6bfa01bbcd..2cc7424b60 100644 --- a/epan/dissectors/packet-iwarp-ddp-rdmap.c +++ b/epan/dissectors/packet-iwarp-ddp-rdmap.c @@ -264,8 +264,10 @@ static void dissect_rdmap_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, struct rdmapinfo *info) { + heur_dtbl_entry_t *hdtbl_entry; + if (!dissector_try_heuristic(rdmap_heur_subdissector_list, - tvb, pinfo, tree, info)) { + tvb, pinfo, tree, &hdtbl_entry, info)) { call_dissector(data_handle, tvb, pinfo, tree); } } diff --git a/epan/dissectors/packet-lbmc.c b/epan/dissectors/packet-lbmc.c index 100a908f23..7926271ae7 100644 --- a/epan/dissectors/packet-lbmc.c +++ b/epan/dissectors/packet-lbmc.c @@ -10883,6 +10883,7 @@ int lbmc_dissect_lbmc_packet(tvbuff_t * tvb, int offset, packet_info * pinfo, pr puim_stream_info = NULL; tcp_sid_info.set = FALSE; has_source_index = FALSE; + while ((tvb_reported_length_remaining(lbmc_tvb, pkt_offset) >= L_LBMC_BASIC_HDR_T) && (next_hdr != LBMC_NHDR_DATA) && (next_hdr != LBMC_NHDR_NONE)) { tvbuff_t * hdr_tvb = NULL; @@ -11353,6 +11354,8 @@ int lbmc_dissect_lbmc_packet(tvbuff_t * tvb, int offset, packet_info * pinfo, pr gboolean msg_reassembled = FALSE; lbmc_message_entry_t * msg = NULL; gboolean dissector_found = FALSE; + heur_dtbl_entry_t *hdtbl_entry; + if (frag_info.fragment_found == 0) { @@ -11559,7 +11562,7 @@ int lbmc_dissect_lbmc_packet(tvbuff_t * tvb, int offset, packet_info * pinfo, pr } if (lbmc_use_heuristic_subdissectors) { - dissector_found = dissector_try_heuristic(lbmc_heuristic_subdissector_list, data_tvb, pinfo, subtree, NULL); + dissector_found = dissector_try_heuristic(lbmc_heuristic_subdissector_list, data_tvb, pinfo, subtree, &hdtbl_entry, NULL); } if (!dissector_found) { diff --git a/epan/dissectors/packet-media.c b/epan/dissectors/packet-media.c index 671c56c8c0..01a295a1e1 100644 --- a/epan/dissectors/packet-media.c +++ b/epan/dissectors/packet-media.c @@ -46,8 +46,9 @@ dissect_media(tvbuff_t *tvb, packet_info *pinfo , proto_tree *tree, void* data) int bytes; proto_item *ti; proto_tree *media_tree = 0; + heur_dtbl_entry_t *hdtbl_entry; - if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, data)) { + if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, data)) { return tvb_length(tvb); } diff --git a/epan/dissectors/packet-mime-encap.c b/epan/dissectors/packet-mime-encap.c index af74011979..069e790ad1 100644 --- a/epan/dissectors/packet-mime-encap.c +++ b/epan/dissectors/packet-mime-encap.c @@ -39,13 +39,14 @@ static void dissect_mime_encap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item* item; + heur_dtbl_entry_t *hdtbl_entry; /* XXX, COL_INFO */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "MIME_FILE"); item = proto_tree_add_item(tree, proto_mime_encap, tvb, 0, -1, ENC_NA); - if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) { + if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) { proto_item_append_text(item, " (Unhandled)"); call_dissector(data_handle, tvb, pinfo, tree); } diff --git a/epan/dissectors/packet-mpeg-pes.c b/epan/dissectors/packet-mpeg-pes.c index 03a38fcd31..2b03160086 100644 --- a/epan/dissectors/packet-mpeg-pes.c +++ b/epan/dissectors/packet-mpeg-pes.c @@ -985,7 +985,9 @@ static heur_dissector_list_t heur_subdissector_list; static void dissect_mpeg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) { + heur_dtbl_entry_t *hdtbl_entry; + + if (!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) { col_set_str(pinfo->cinfo, COL_PROTOCOL, "MPEG"); col_clear(pinfo->cinfo, COL_INFO); if (tree) @@ -1202,7 +1204,7 @@ proto_register_mpeg_pes(void) "BIT_STRING_SIZE_16", HFILL }}, /*--- End of included file: packet-mpeg-pes-hfarr.c ---*/ -#line 560 "../../asn1/mpeg-pes/packet-mpeg-pes-template.c" +#line 562 "../../asn1/mpeg-pes/packet-mpeg-pes-template.c" { &hf_mpeg_pes_pack_header, { "Pack header", "mpeg-pes.pack", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, @@ -1320,7 +1322,7 @@ proto_register_mpeg_pes(void) &ett_mpeg_pes_Picture, /*--- End of included file: packet-mpeg-pes-ettarr.c ---*/ -#line 667 "../../asn1/mpeg-pes/packet-mpeg-pes-template.c" +#line 669 "../../asn1/mpeg-pes/packet-mpeg-pes-template.c" &ett_mpeg_pes_pack_header, &ett_mpeg_pes_header_data, &ett_mpeg_pes_trick_mode diff --git a/epan/dissectors/packet-mq.c b/epan/dissectors/packet-mq.c index 062abe3dbe..3359dbae68 100644 --- a/epan/dissectors/packet-mq.c +++ b/epan/dissectors/packet-mq.c @@ -2494,6 +2494,7 @@ static void dissect_mq_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) gboolean bEBCDIC = FALSE; gint iDistributionListSize = 0; mq_parm_t *p_mq_parm; + heur_dtbl_entry_t *hdtbl_entry; p_mq_parm = wmem_new0(wmem_packet_scope(), mq_parm_t); @@ -3672,7 +3673,7 @@ static void dissect_mq_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) sizeof(p_mq_parm->mq_format)); next_tvb = tvb_new_subset_remaining(tvb, offset); - if (!dissector_try_heuristic(mq_heur_subdissector_list, next_tvb, pinfo, mqroot_tree, p_mq_parm)) + if (!dissector_try_heuristic(mq_heur_subdissector_list, next_tvb, pinfo, mqroot_tree, &hdtbl_entry, p_mq_parm)) call_dissector(data_handle, next_tvb, pinfo, mqroot_tree); } else diff --git a/epan/dissectors/packet-netbios.c b/epan/dissectors/packet-netbios.c index e164d36cf7..a4309eed97 100644 --- a/epan/dissectors/packet-netbios.c +++ b/epan/dissectors/packet-netbios.c @@ -1064,12 +1064,14 @@ static heur_dissector_list_t netbios_heur_subdissector_list; void dissect_netbios_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + heur_dtbl_entry_t *hdtbl_entry; + /* * Try the heuristic dissectors for NetBIOS; if none of them * accept the packet, dissect it as data. */ if (!dissector_try_heuristic(netbios_heur_subdissector_list, - tvb, pinfo, tree, NULL)) + tvb, pinfo, tree, &hdtbl_entry, NULL)) call_dissector(data_handle,tvb, pinfo, tree); } diff --git a/epan/dissectors/packet-ositp.c b/epan/dissectors/packet-ositp.c index c8ab64d58b..b286bf26e6 100644 --- a/epan/dissectors/packet-ositp.c +++ b/epan/dissectors/packet-ositp.c @@ -937,19 +937,20 @@ static int ositp_decode_DT(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu, gboolean uses_inactive_subset, gboolean *subdissector_found) { - proto_tree *cotp_tree = NULL; - proto_item *ti; - gboolean is_extended; - gboolean is_class_234; - guint32 dst_ref; - guint32 *prev_dst_ref; - guint tpdu_nr; - gboolean fragment = FALSE; - guint32 fragment_length = 0; - tvbuff_t *next_tvb; - fragment_head *fd_head; - conversation_t *conv; - guint tpdu_len; + proto_tree *cotp_tree = NULL; + proto_item *ti; + gboolean is_extended; + gboolean is_class_234; + guint32 dst_ref; + guint32 *prev_dst_ref; + guint tpdu_nr; + gboolean fragment = FALSE; + guint32 fragment_length = 0; + tvbuff_t *next_tvb; + fragment_head *fd_head; + conversation_t *conv; + guint tpdu_len; + heur_dtbl_entry_t *hdtbl_entry; /* DT TPDUs have user data, so they run to the end of the containing PDU */ tpdu_len = tvb_reported_length_remaining(tvb, offset); @@ -1229,7 +1230,7 @@ static int ositp_decode_DT(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu, if (uses_inactive_subset) { if (dissector_try_heuristic(cotp_is_heur_subdissector_list, next_tvb, - pinfo, tree, NULL)) { + pinfo, tree, &hdtbl_entry, NULL)) { *subdissector_found = TRUE; } else { /* Fill in other Dissectors using inactive subset here */ @@ -1244,7 +1245,7 @@ static int ositp_decode_DT(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu, */ if ((!cotp_reassemble) || ((cotp_reassemble) && (!fragment))) { if (dissector_try_heuristic(cotp_heur_subdissector_list, next_tvb, pinfo, - tree, NULL)) { + tree, &hdtbl_entry, NULL)) { *subdissector_found = TRUE; } else { call_dissector(data_handle,next_tvb, pinfo, tree); @@ -1560,6 +1561,7 @@ static int ositp_decode_CC(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu, guint8 class_option; tvbuff_t *next_tvb; guint tpdu_len; + heur_dtbl_entry_t *hdtbl_entry; src_ref = tvb_get_ntohs(tvb, offset + P_SRC_REF); @@ -1655,7 +1657,7 @@ static int ositp_decode_CC(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu, next_tvb = tvb_new_subset_remaining(tvb, offset); if (!uses_inactive_subset){ if (dissector_try_heuristic(cotp_heur_subdissector_list, next_tvb, pinfo, - tree, NULL)) { + tree, &hdtbl_entry, NULL)) { *subdissector_found = TRUE; } else { call_dissector(data_handle,next_tvb, pinfo, tree); @@ -2109,6 +2111,7 @@ static int ositp_decode_UD(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu, proto_tree *cltp_tree = NULL; tvbuff_t *next_tvb; guint tpdu_len; + heur_dtbl_entry_t *hdtbl_entry; /* UD TPDUs have user data, so they run to the end of the containing PDU */ tpdu_len = tvb_reported_length_remaining(tvb, offset); @@ -2135,7 +2138,7 @@ static int ositp_decode_UD(tvbuff_t *tvb, int offset, guint8 li, guint8 tpdu, next_tvb = tvb_new_subset_remaining(tvb, offset); if (dissector_try_heuristic(cltp_heur_subdissector_list, next_tvb, - pinfo, tree, NULL)) { + pinfo, tree, &hdtbl_entry, NULL)) { *subdissector_found = TRUE; } else { call_dissector(data_handle,next_tvb, pinfo, tree); diff --git a/epan/dissectors/packet-pgm.c b/epan/dissectors/packet-pgm.c index 33088c5516..6dc1f3c95f 100644 --- a/epan/dissectors/packet-pgm.c +++ b/epan/dissectors/packet-pgm.c @@ -779,6 +779,7 @@ decode_pgm_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, { tvbuff_t *next_tvb; int found = 0; + heur_dtbl_entry_t *hdtbl_entry; next_tvb = tvb_new_subset_remaining(tvb, offset); @@ -794,7 +795,7 @@ decode_pgm_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, return; /* do lookup with the heuristic subdissector table */ - if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) + if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) return; /* Oh, well, we don't know this; dissect it as data. */ diff --git a/epan/dissectors/packet-q931.c b/epan/dissectors/packet-q931.c index 701e21ca75..5bc7c94f0c 100644 --- a/epan/dissectors/packet-q931.c +++ b/epan/dissectors/packet-q931.c @@ -2485,6 +2485,7 @@ dissect_q931_user_user_ie(tvbuff_t *tvb, packet_info *pinfo, int offset, int len { guint8 octet; tvbuff_t *next_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry; if (len == 0) return; @@ -2503,7 +2504,7 @@ dissect_q931_user_user_ie(tvbuff_t *tvb, packet_info *pinfo, int offset, int len case Q931_PROTOCOL_DISCRIMINATOR_USER: next_tvb = tvb_new_subset(tvb, offset, len, len); proto_tree_add_text(tree, tvb, offset, len, "User information: %d octets", len); - if (!dissector_try_heuristic(q931_user_heur_subdissector_list, next_tvb, pinfo, tree, NULL)) { + if (!dissector_try_heuristic(q931_user_heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) { call_dissector_only(data_handle, next_tvb, pinfo, tree, NULL); } break; diff --git a/epan/dissectors/packet-sccp.c b/epan/dissectors/packet-sccp.c index 00e7eb5325..2e848e2da2 100644 --- a/epan/dissectors/packet-sccp.c +++ b/epan/dissectors/packet-sccp.c @@ -2308,6 +2308,7 @@ dissect_sccp_data_param(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint8 other_ssn = INVALID_SSN; const mtp3_addr_pc_t *dpc = NULL; const mtp3_addr_pc_t *opc = NULL; + heur_dtbl_entry_t *hdtbl_entry; if ((trace_sccp) && (assoc && assoc != &no_assoc)) { pinfo->sccp_info = assoc->curr_msg; @@ -2380,7 +2381,7 @@ dissect_sccp_data_param(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } /* try heuristic subdissector list to see if there are any takers */ - if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) { + if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) { return; } diff --git a/epan/dissectors/packet-sctp.c b/epan/dissectors/packet-sctp.c index 8b91d87b1e..500b409a46 100644 --- a/epan/dissectors/packet-sctp.c +++ b/epan/dissectors/packet-sctp.c @@ -2361,11 +2361,12 @@ static gboolean dissect_payload(tvbuff_t *payload_tvb, packet_info *pinfo, proto_tree *tree, guint32 ppi) { guint32 low_port, high_port; + heur_dtbl_entry_t *hdtbl_entry; if (enable_ulp_dissection) { if (try_heuristic_first) { /* do lookup with the heuristic subdissector table */ - if (dissector_try_heuristic(sctp_heur_subdissector_list, payload_tvb, pinfo, tree, GUINT_TO_POINTER(ppi))) + if (dissector_try_heuristic(sctp_heur_subdissector_list, payload_tvb, pinfo, tree, &hdtbl_entry, GUINT_TO_POINTER(ppi))) return TRUE; } @@ -2404,7 +2405,7 @@ dissect_payload(tvbuff_t *payload_tvb, packet_info *pinfo, proto_tree *tree, gui if (!try_heuristic_first) { /* do lookup with the heuristic subdissector table */ - if (dissector_try_heuristic(sctp_heur_subdissector_list, payload_tvb, pinfo, tree, GUINT_TO_POINTER(ppi))) + if (dissector_try_heuristic(sctp_heur_subdissector_list, payload_tvb, pinfo, tree, &hdtbl_entry, GUINT_TO_POINTER(ppi))) return TRUE; } } diff --git a/epan/dissectors/packet-sercosiii.c b/epan/dissectors/packet-sercosiii.c index f18b766765..85241ad3b8 100644 --- a/epan/dissectors/packet-sercosiii.c +++ b/epan/dissectors/packet-sercosiii.c @@ -1187,6 +1187,7 @@ dissect_siii(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) const char *tel_ch = "?"; const char *tel_type = "?"; guint tel_no = 0; + heur_dtbl_entry_t *hdtbl_entry; /* setup columns */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "SERCOS III V1.1"); @@ -1197,7 +1198,7 @@ dissect_siii(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * give that protocol a chance to make a heuristic dissection, before we continue * to dissect it as a normal SercosIII packet. */ - if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, NULL)) + if (dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) return; /* check what we got on our hand */ diff --git a/epan/dissectors/packet-sip.c b/epan/dissectors/packet-sip.c index 8fa3451eff..b801bee9c5 100644 --- a/epan/dissectors/packet-sip.c +++ b/epan/dissectors/packet-sip.c @@ -2345,6 +2345,8 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info guint request_for_response = 0; guint32 response_time = 0; int strlen_to_copy; + heur_dtbl_entry_t *hdtbl_entry; + /* * If this should be a request of response, do this quick check to see if * it begins with a string... @@ -2531,10 +2533,6 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info proto_tree *tc_uri_item_tree = NULL; uri_offset_info uri_offsets; - - - - linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); if (linelen == 0) { /* @@ -3597,7 +3595,7 @@ dissect_sip_common(tvbuff_t *tvb, int offset, int remaining_length, packet_info found_match?"TRUE":"FALSE")); DINDENT(); if (!(dissector_try_heuristic(heur_subdissector_list, - next_tvb, pinfo, message_body_tree, NULL))) { + next_tvb, pinfo, message_body_tree, &hdtbl_entry, NULL))) { int tmp_offset = 0; while (tvb_offset_exists(next_tvb, tmp_offset)) { tvb_find_line_end(next_tvb, tmp_offset, -1, &next_offset, FALSE); diff --git a/epan/dissectors/packet-smb-direct.c b/epan/dissectors/packet-smb-direct.c index 1550161387..9cd1d064fb 100644 --- a/epan/dissectors/packet-smb-direct.c +++ b/epan/dissectors/packet-smb-direct.c @@ -126,6 +126,7 @@ dissect_smb_direct_payload(tvbuff_t *tvb, packet_info *pinfo, tvbuff_t *payload_tvb = NULL; gboolean more_frags = FALSE; gboolean fd_head_not_cached = FALSE; + heur_dtbl_entry_t *hdtbl_entry; if (!smb_direct_reassemble) { payload_tvb = tvb; @@ -191,7 +192,7 @@ dissect_smb_direct_payload(tvbuff_t *tvb, packet_info *pinfo, dissect_payload: pinfo->fragmented = FALSE; if (!dissector_try_heuristic(smb_direct_heur_subdissector_list, - payload_tvb, pinfo, tree, NULL)) { + payload_tvb, pinfo, tree, &hdtbl_entry, NULL)) { call_dissector(data_handle, payload_tvb, pinfo, tree); } done: diff --git a/epan/dissectors/packet-smb-pipe.c b/epan/dissectors/packet-smb-pipe.c index f72e21aa35..2a3a5a45cf 100644 --- a/epan/dissectors/packet-smb-pipe.c +++ b/epan/dissectors/packet-smb-pipe.c @@ -3242,6 +3242,8 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree tvbuff_t *new_tvb; proto_item *frag_tree_item; + heur_dtbl_entry_t *hdtbl_entry; + dcerpc_set_transport_salt(fid, pinfo); /* @@ -3263,7 +3265,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree and bail out */ if(!pinfo->can_desegment){ - result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL); + result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL); goto clean_up_and_exit; } @@ -3294,7 +3296,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree * Try the heuristic dissectors and see if we * find someone that recognizes this payload. */ - result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL); + result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL); /* no this didnt look like something we know */ if(!result){ @@ -3345,7 +3347,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree tree, pinfo, d_tvb, &frag_tree_item); /* dissect the full PDU */ - result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL); + result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL); } goto clean_up_and_exit; } @@ -3365,12 +3367,12 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree /* we didnt find it, try any of the heuristic dissectors and bail out */ - result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL); + result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL); goto clean_up_and_exit; } if(!(fd_head->flags&FD_DEFRAGMENTED)){ /* we dont have a fully reassembled frame */ - result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL); + result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL); goto clean_up_and_exit; } @@ -3394,7 +3396,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree tree, pinfo, d_tvb, &frag_tree_item); /* dissect the full PDU */ - result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, NULL); + result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree, &hdtbl_entry, NULL); diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c index 8f0f56bf10..7d165088fe 100644 --- a/epan/dissectors/packet-smb2.c +++ b/epan/dissectors/packet-smb2.c @@ -4062,10 +4062,12 @@ static int dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, proto_tree *top_tree) { tvbuff_t *dcerpc_tvb; + heur_dtbl_entry_t *hdtbl_entry; + dcerpc_tvb = tvb_new_subset(tvb, offset, MIN((int)datalen, tvb_length_remaining(tvb, offset)), datalen); /* dissect the full PDU */ - dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, top_tree, NULL); + dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, top_tree, &hdtbl_entry, NULL); offset += datalen; diff --git a/epan/dissectors/packet-soupbintcp.c b/epan/dissectors/packet-soupbintcp.c index 746d283bb4..dd0033a67d 100644 --- a/epan/dissectors/packet-soupbintcp.c +++ b/epan/dissectors/packet-soupbintcp.c @@ -188,6 +188,7 @@ dissect_soupbintcp_common( guint8 pkt_type; gint offset = 0; guint this_seq = 0, next_seq; + heur_dtbl_entry_t *hdtbl_entry; /* Get the 16-bit big-endian SOUP packet length */ expected_len = tvb_get_ntohs(tvb, 0); @@ -428,6 +429,7 @@ dissect_soupbintcp_common( sub_tvb, pinfo, tree, + &hdtbl_entry, NULL)) { return; } diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 230422ba45..4cbd898950 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -1353,6 +1353,7 @@ process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo, proto_tree *tree, SslAssociation *association) { tvbuff_t *next_tvb; + heur_dtbl_entry_t *hdtbl_entry; next_tvb = tvb_new_subset_remaining(tvb, offset); @@ -1360,7 +1361,7 @@ process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo, ssl_debug_printf("dissect_ssl3_record found association %p\n", (void *)association); if (dissector_try_heuristic(ssl_heur_subdissector_list, next_tvb, - pinfo, proto_tree_get_root(tree), NULL)) { + pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL)) { } else { if (have_tap_listener(exported_pdu_tap)) { exp_pdu_data_t *exp_pdu_data; diff --git a/epan/dissectors/packet-stun.c b/epan/dissectors/packet-stun.c index f539b85027..12713b0bc9 100644 --- a/epan/dissectors/packet-stun.c +++ b/epan/dissectors/packet-stun.c @@ -350,6 +350,7 @@ static int dissect_stun_message_channel_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint16 msg_type _U_, guint msg_length _U_) { tvbuff_t *next_tvb; + heur_dtbl_entry_t *hdtbl_entry; col_set_str(pinfo->cinfo, COL_PROTOCOL, "STUN"); col_set_str(pinfo->cinfo, COL_INFO, "ChannelData TURN Message"); @@ -369,7 +370,7 @@ dissect_stun_message_channel_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree next_tvb = tvb_new_subset_remaining(tvb, CHANNEL_DATA_HDR_LEN); - if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) { + if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) { call_dissector_only(data_handle, next_tvb, pinfo, tree, NULL); } @@ -402,6 +403,7 @@ dissect_stun_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboole stun_transaction_t *stun_trans; wmem_tree_key_t transaction_id_key[2]; guint32 transaction_id[3]; + heur_dtbl_entry_t *hdtbl_entry; /* * Check if the frame is really meant for us. @@ -989,7 +991,7 @@ dissect_stun_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboole next_tvb = tvb_new_subset(tvb, offset, att_length, att_length); - if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, att_tree, NULL)) { + if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, att_tree, &hdtbl_entry, NULL)) { call_dissector_only(data_handle, next_tvb, pinfo, att_tree, NULL); } diff --git a/epan/dissectors/packet-sua.c b/epan/dissectors/packet-sua.c index 40b28b8631..155d5c064e 100644 --- a/epan/dissectors/packet-sua.c +++ b/epan/dissectors/packet-sua.c @@ -2156,6 +2156,8 @@ dissect_sua_message(tvbuff_t *message_tvb, packet_info *pinfo, proto_tree *sua_t tvbuff_t *common_header_tvb; tvbuff_t *parameters_tvb; tvbuff_t *data_tvb = NULL; + + heur_dtbl_entry_t *hdtbl_entry; #if 0 proto_tree *assoc_tree; #endif @@ -2277,7 +2279,7 @@ dissect_sua_message(tvbuff_t *message_tvb, packet_info *pinfo, proto_tree *sua_t !dissector_try_uint(sccp_ssn_dissector_table, source_ssn, data_tvb, pinfo, tree))) { /* try heuristic subdissector list to see if there are any takers */ - if (dissector_try_heuristic(heur_subdissector_list, data_tvb, pinfo, tree, NULL)) { + if (dissector_try_heuristic(heur_subdissector_list, data_tvb, pinfo, tree, &hdtbl_entry, NULL)) { return; } /* No sub-dissection occurred, treat it as raw data */ diff --git a/epan/dissectors/packet-t125.c b/epan/dissectors/packet-t125.c index 67a76398ae..1d91634019 100644 --- a/epan/dissectors/packet-t125.c +++ b/epan/dissectors/packet-t125.c @@ -182,12 +182,13 @@ static int dissect_t125_T_userData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { #line 98 "../../asn1/t125/t125.cnf" tvbuff_t *next_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry; offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &next_tvb); if(next_tvb) dissector_try_heuristic(t125_heur_subdissector_list, next_tvb, - actx->pinfo, top_tree, NULL); + actx->pinfo, top_tree, &hdtbl_entry, NULL); return offset; @@ -257,14 +258,16 @@ dissect_t125_Result(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_ static int dissect_t125_T_userData_01(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 107 "../../asn1/t125/t125.cnf" +#line 108 "../../asn1/t125/t125.cnf" tvbuff_t *next_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry; + offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &next_tvb); if(next_tvb) dissector_try_heuristic(t125_heur_subdissector_list, next_tvb, - actx->pinfo, top_tree, NULL); + actx->pinfo, top_tree, &hdtbl_entry, NULL); return offset; diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index 906edb23f1..7e184889d9 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -3847,6 +3847,7 @@ decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, int low_port, high_port; int save_desegment_offset; guint32 save_desegment_len; + heur_dtbl_entry_t *hdtbl_entry; /* Don't call subdissectors for keepalives. Even though they do contain * payload "data", it's just garbage. Display any data the keepalive @@ -3882,7 +3883,7 @@ decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, /* do lookup with the heuristic subdissector table */ save_desegment_offset = pinfo->desegment_offset; save_desegment_len = pinfo->desegment_len; - if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, tcpinfo)) { + if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, tcpinfo)) { pinfo->want_pdu_tracking -= !!(pinfo->want_pdu_tracking); return TRUE; } @@ -3943,7 +3944,7 @@ decode_tcp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, /* do lookup with the heuristic subdissector table */ save_desegment_offset = pinfo->desegment_offset; save_desegment_len = pinfo->desegment_len; - if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, tcpinfo)) { + if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, tcpinfo)) { pinfo->want_pdu_tracking -= !!(pinfo->want_pdu_tracking); return TRUE; } diff --git a/epan/dissectors/packet-tipc.c b/epan/dissectors/packet-tipc.c index 88155cc9ae..a900dc635c 100644 --- a/epan/dissectors/packet-tipc.c +++ b/epan/dissectors/packet-tipc.c @@ -1558,12 +1558,13 @@ static void call_tipc_v2_data_subdissectors(tvbuff_t *data_tvb, packet_info *pinfo, guint32 *name_type_p, guint8 user) { if (dissect_tipc_data) { + heur_dtbl_entry_t *hdtbl_entry; /* dissection of TIPC data is set in preferences */ /* check for heuristic dissectors if specified in the * preferences to try them first */ if (try_heuristic_first) { - if (dissector_try_heuristic(tipc_heur_subdissector_list, data_tvb, pinfo, top_tree, NULL)) + if (dissector_try_heuristic(tipc_heur_subdissector_list, data_tvb, pinfo, top_tree, &hdtbl_entry, NULL)) return; } /* This triggers if a dissectors if @@ -1607,7 +1608,7 @@ call_tipc_v2_data_subdissectors(tvbuff_t *data_tvb, packet_info *pinfo, guint32 /* check for heuristic dissectors if specified in the * preferences not to try them first */ if (!try_heuristic_first) { - if (dissector_try_heuristic(tipc_heur_subdissector_list, data_tvb, pinfo, top_tree, NULL)) + if (dissector_try_heuristic(tipc_heur_subdissector_list, data_tvb, pinfo, top_tree, &hdtbl_entry, NULL)) return; } } diff --git a/epan/dissectors/packet-turnchannel.c b/epan/dissectors/packet-turnchannel.c index 63c31950c7..c9637af694 100644 --- a/epan/dissectors/packet-turnchannel.c +++ b/epan/dissectors/packet-turnchannel.c @@ -66,6 +66,7 @@ dissect_turnchannel_message(tvbuff_t *tvb, packet_info *pinfo, guint16 data_len; proto_item *ti; proto_tree *turnchannel_tree; + heur_dtbl_entry_t *hdtbl_entry; len = tvb_length(tvb); /* First, make sure we have enough data to do the check. */ @@ -112,7 +113,7 @@ dissect_turnchannel_message(tvbuff_t *tvb, packet_info *pinfo, if (!dissector_try_heuristic(heur_subdissector_list, - next_tvb, pinfo, tree, NULL)) { + next_tvb, pinfo, tree, &hdtbl_entry, NULL)) { call_dissector(data_handle,next_tvb, pinfo, tree); } } diff --git a/epan/dissectors/packet-udp.c b/epan/dissectors/packet-udp.c index 3585624e8b..7c312ebd33 100644 --- a/epan/dissectors/packet-udp.c +++ b/epan/dissectors/packet-udp.c @@ -178,9 +178,8 @@ static gboolean try_heuristic_first = FALSE; /* Per-packet-info for UDP */ typedef struct { - gboolean found_heuristic; - -} udp_p_info_t; + heur_dtbl_entry_t *heur_dtbl_entry; +} udp_p_info_t; /* XXX - redefined here to not create UI dependencies */ #define UTF8_LEFTWARDS_ARROW "\xe2\x86\x90" /* 8592 / 0x2190 */ @@ -333,19 +332,9 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, int low_port, high_port; gint len, reported_len; udp_p_info_t *udp_p_info = NULL; - gboolean prev_heur_found = FALSE; /* Save curr_layer_num as it might be changed by subdissector */ guint8 curr_layer_num = pinfo->curr_layer_num; - - if (pinfo->fd->flags.visited) { - udp_p_info = (udp_p_info_t*)p_get_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, pinfo->curr_layer_num); - if (udp_p_info) { - prev_heur_found = udp_p_info->found_heuristic; - } - }else{ - /* Force heuristic check on first pass */ - prev_heur_found = TRUE; - } + heur_dtbl_entry_t *hdtbl_entry; len = tvb_captured_length_remaining(tvb, offset); reported_len = tvb_reported_length_remaining(tvb, offset); @@ -368,7 +357,15 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, if (have_tap_listener(udp_follow_tap)) tap_queue_packet(udp_follow_tap, pinfo, next_tvb); -/* determine if this packet is part of a conversation and call dissector */ + if (pinfo->fd->flags.visited) { + udp_p_info = (udp_p_info_t*)p_get_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, pinfo->curr_layer_num); + if (udp_p_info) { + call_heur_dissector_direct(udp_p_info->heur_dtbl_entry, next_tvb, pinfo, tree, NULL); + return; + } + } + + /* determine if this packet is part of a conversation and call dissector */ /* for the conversation if available */ if (try_conversation_dissector(&pinfo->dst, &pinfo->src, PT_UDP, @@ -376,12 +373,12 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, return; } - if (try_heuristic_first && prev_heur_found) { + if (try_heuristic_first) { /* Do lookup with the heuristic subdissector table */ - if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) { + if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) { if (!udp_p_info) { udp_p_info = wmem_new0(wmem_file_scope(), udp_p_info_t); - udp_p_info->found_heuristic = TRUE; + udp_p_info->heur_dtbl_entry = hdtbl_entry; p_add_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, curr_layer_num, udp_p_info); } return; @@ -418,12 +415,12 @@ decode_udp_ports(tvbuff_t *tvb, int offset, packet_info *pinfo, dissector_try_uint(udp_dissector_table, high_port, next_tvb, pinfo, tree)) return; - if (!try_heuristic_first && prev_heur_found) { + if (!try_heuristic_first) { /* Do lookup with the heuristic subdissector table */ - if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) { + if (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) { if (!udp_p_info) { udp_p_info = wmem_new0(wmem_file_scope(), udp_p_info_t); - udp_p_info->found_heuristic = TRUE; + udp_p_info->heur_dtbl_entry = hdtbl_entry; p_add_proto_data(wmem_file_scope(), pinfo, hfi_udp->id, curr_layer_num, udp_p_info); } return; diff --git a/epan/dissectors/packet-usb.c b/epan/dissectors/packet-usb.c index a2d1fe4d54..f241641c7a 100644 --- a/epan/dissectors/packet-usb.c +++ b/epan/dissectors/packet-usb.c @@ -2383,6 +2383,7 @@ try_dissect_next_protocol(proto_tree *tree, proto_tree *parent, tvbuff_t *next_t guint32 k_frame_number; guint32 k_device_address; guint32 k_bus_id; + heur_dtbl_entry_t *hdtbl_entry; /* try dissect by "usb.device" */ if (tvb_length(next_tvb) > 0 && @@ -2487,7 +2488,7 @@ try_dissect_next_protocol(proto_tree *tree, proto_tree *parent, tvbuff_t *next_t usb_dissector_table = NULL; } - if (try_heuristics && dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, parent, usb_conv_info)) { + if (try_heuristics && dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, parent, &hdtbl_entry, usb_conv_info)) { offset += tvb_length(next_tvb); } else if (usb_dissector_table && dissector_try_uint_new(usb_dissector_table, usb_conv_info->interfaceClass, next_tvb, pinfo, parent, TRUE, usb_conv_info)) { diff --git a/epan/dissectors/packet-vines.c b/epan/dissectors/packet-vines.c index ff72d900fb..92276aada9 100644 --- a/epan/dissectors/packet-vines.c +++ b/epan/dissectors/packet-vines.c @@ -791,6 +791,7 @@ dissect_vines_ipc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_tree *vipc_tree = NULL, *control_tree; proto_item *ti; tvbuff_t *next_tvb; + heur_dtbl_entry_t *hdtbl_entry; col_set_str(pinfo->cinfo, COL_PROTOCOL, "VIPC"); col_clear(pinfo->cinfo, COL_INFO); @@ -890,7 +891,7 @@ dissect_vines_ipc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) next_tvb = tvb_new_subset_remaining(tvb, offset); if (viph.vipc_pkttype != PKTTYPE_DATA || !dissector_try_heuristic(vines_ipc_heur_subdissector_list, - next_tvb, pinfo, tree, NULL)) + next_tvb, pinfo, tree, &hdtbl_entry, NULL)) call_dissector(data_handle, next_tvb, pinfo, tree); } @@ -1003,6 +1004,7 @@ dissect_vines_spp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_tree *vspp_tree, *control_tree; proto_item *ti; tvbuff_t *next_tvb; + heur_dtbl_entry_t *hdtbl_entry; col_set_str(pinfo->cinfo, COL_PROTOCOL, "VSPP"); col_clear(pinfo->cinfo, COL_INFO); @@ -1061,7 +1063,7 @@ dissect_vines_spp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) next_tvb = tvb_new_subset_remaining(tvb, offset); if (viph.vspp_pkttype != PKTTYPE_DATA || !dissector_try_heuristic(vines_spp_heur_subdissector_list, - next_tvb, pinfo, tree, NULL)) + next_tvb, pinfo, tree, &hdtbl_entry, NULL)) call_dissector(data_handle, next_tvb, pinfo, tree); } diff --git a/epan/dissectors/packet-websocket.c b/epan/dissectors/packet-websocket.c index f291cf1273..1f473af28d 100644 --- a/epan/dissectors/packet-websocket.c +++ b/epan/dissectors/packet-websocket.c @@ -162,6 +162,7 @@ dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, p dissector_handle_t handle; proto_tree *pl_tree, *mask_tree = NULL; tvbuff_t *payload_tvb = NULL; + heur_dtbl_entry_t *hdtbl_entry; /* Payload */ ti = proto_tree_add_item(ws_tree, hf_ws_payload, tvb, offset, payload_length, ENC_NA); @@ -180,7 +181,7 @@ dissect_websocket_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, p if (handle != NULL) { call_dissector_only(handle, payload_tvb, pinfo, tree, NULL); } else { - dissector_try_heuristic(heur_subdissector_list, payload_tvb, pinfo, tree, NULL); + dissector_try_heuristic(heur_subdissector_list, payload_tvb, pinfo, tree, &hdtbl_entry, NULL); } /* Extension Data */ diff --git a/epan/dissectors/packet-wsp.c b/epan/dissectors/packet-wsp.c index 2f0e00894c..7ed42ae3b7 100644 --- a/epan/dissectors/packet-wsp.c +++ b/epan/dissectors/packet-wsp.c @@ -4916,6 +4916,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const char *contentTypeStr; tvbuff_t *tmp_tvb; gboolean found_match; + heur_dtbl_entry_t *hdtbl_entry; /* Set up structures we will need to add the protocol subtree and manage it */ proto_item *proto_ti = NULL; /* for the proto entry */ @@ -5155,7 +5156,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } if (! found_match) { if (! dissector_try_heuristic(heur_subdissector_list, - tmp_tvb, pinfo, tree, NULL)) { + tmp_tvb, pinfo, tree, &hdtbl_entry, NULL)) { guint8* save_private_data = (guint8 *)pinfo->private_data; pinfo->match_string = contentTypeStr; @@ -5248,7 +5249,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } if (! found_match) { if (! dissector_try_heuristic(heur_subdissector_list, - tmp_tvb, pinfo, tree, NULL)) { + tmp_tvb, pinfo, tree, &hdtbl_entry, NULL)) { guint8* save_private_data = (guint8 *)pinfo->private_data; pinfo->match_string = contentTypeStr; @@ -5332,7 +5333,7 @@ dissect_wsp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } if (! found_match) { if (! dissector_try_heuristic(heur_subdissector_list, - tmp_tvb, pinfo, tree, NULL)) { + tmp_tvb, pinfo, tree, &hdtbl_entry, NULL)) { guint8* save_private_data = (guint8 *)pinfo->private_data; pinfo->match_string = contentTypeStr; @@ -5862,6 +5863,8 @@ add_multipart_data (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo) proto_item *ti = NULL; proto_tree *mpart_tree = NULL; + heur_dtbl_entry_t *hdtbl_entry; + DebugLog(("add_multipart_data(): offset = %u, byte = 0x%02x: ", offset, tvb_get_guint8(tvb,offset))); nEntries = tvb_get_guintvar (tvb, offset, &count); @@ -5930,7 +5933,7 @@ add_multipart_data (proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo) } if (! found_match) { if (! dissector_try_heuristic(heur_subdissector_list, - tmp_tvb, pinfo, mpart_tree, NULL)) { + tmp_tvb, pinfo, mpart_tree, &hdtbl_entry, NULL)) { guint8* save_private_data = (guint8 *)pinfo->private_data; pinfo->match_string = contentTypeStr; diff --git a/epan/dissectors/packet-x25.c b/epan/dissectors/packet-x25.c index 33589fe6be..8cbfd525f0 100644 --- a/epan/dissectors/packet-x25.c +++ b/epan/dissectors/packet-x25.c @@ -1297,6 +1297,7 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint payload_len; guint32 frag_key; fragment_head *fd_head; + heur_dtbl_entry_t *hdtbl_entry; guint8 spi; @@ -2071,7 +2072,7 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* Try the heuristic dissectors. */ if (dissector_try_heuristic(x25_heur_subdissector_list, next_tvb, pinfo, - tree, NULL)) { + tree, &hdtbl_entry, NULL)) { return; } diff --git a/epan/packet.c b/epan/packet.c index 5e378880d0..9866f47174 100644 --- a/epan/packet.c +++ b/epan/packet.c @@ -1932,15 +1932,16 @@ heur_dissector_set_enabled(const char *name, heur_dissector_t dissector, const i gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb, - packet_info *pinfo, proto_tree *tree, void *data) + packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **heur_dtbl_entry, void *data) { gboolean status; const char *saved_curr_proto; const char *saved_heur_list_name; GSList *entry; - heur_dtbl_entry_t *hdtbl_entry; guint16 saved_can_desegment; guint saved_layers_len = 0; + heur_dtbl_entry_t *hdtbl_entry; + int proto_id; /* can_desegment is set to 2 by anyone which offers this api/service. then everytime a subdissector is called it is decremented by one. @@ -1960,6 +1961,7 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb, saved_heur_list_name = pinfo->heur_list_name; saved_layers_len = wmem_list_count(pinfo->layers); + *heur_dtbl_entry = NULL; for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) { /* XXX - why set this now and above? */ @@ -1967,13 +1969,14 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb, hdtbl_entry = (heur_dtbl_entry_t *)entry->data; if (hdtbl_entry->protocol != NULL && - (!proto_is_protocol_enabled(hdtbl_entry->protocol)||(hdtbl_entry->enabled==FALSE))) { + (!proto_is_protocol_enabled(hdtbl_entry->protocol)||(hdtbl_entry->enabled==FALSE))) { /* * No - don't try this dissector. */ continue; } + proto_id = proto_get_id(hdtbl_entry->protocol); if (hdtbl_entry->protocol != NULL) { /* do NOT change this behavior - wslua uses the protocol short name set here in order to determine which Lua-based heurisitc dissector to call */ @@ -1984,21 +1987,19 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb, * Add the protocol name to the layers; we'll remove it * if the dissector fails. */ - wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_get_id(hdtbl_entry->protocol))); + wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_id)); } pinfo->heur_list_name = hdtbl_entry->list_name; - EP_CHECK_CANARY(("before calling heuristic dissector for protocol: %s", - proto_get_protocol_filter_name(proto_get_id(hdtbl_entry->protocol)))); - if ((*hdtbl_entry->dissector)(tvb, pinfo, tree, data)) { - EP_CHECK_CANARY(("after heuristic dissector for protocol: %s has accepted and dissected packet", - proto_get_protocol_filter_name(proto_get_id(hdtbl_entry->protocol)))); + EP_CHECK_CANARY(("before calling heuristic dissector for protocol: %s", proto_get_protocol_filter_name(proto_id))); + if ((hdtbl_entry->dissector)(tvb, pinfo, tree, data)) { + EP_CHECK_CANARY(("after heuristic dissector for protocol: %s has accepted and dissected packet", proto_get_protocol_filter_name(proto_id))); + *heur_dtbl_entry = hdtbl_entry; status = TRUE; break; } else { - EP_CHECK_CANARY(("after heuristic dissector for protocol: %s has returned false", - proto_get_protocol_filter_name(proto_get_id(hdtbl_entry->protocol)))); + EP_CHECK_CANARY(("after heuristic dissector for protocol: %s has returned false", proto_get_protocol_filter_name(proto_id))); /* * That dissector didn't accept the packet, so @@ -2281,6 +2282,58 @@ call_dissector(dissector_handle_t handle, tvbuff_t *tvb, return call_dissector_with_data(handle, tvb, pinfo, tree, NULL); } + +/* + * Call a heuristic dissector through a heur_dtbl_entry + */ +void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb, + packet_info *pinfo, proto_tree *tree, void *data) +{ + const char *saved_curr_proto; + const char *saved_heur_list_name; + guint16 saved_can_desegment; + + int proto_id; + + g_assert(heur_dtbl_entry); + + /* can_desegment is set to 2 by anyone which offers this api/service. + then everytime a subdissector is called it is decremented by one. + thus only the subdissector immediately ontop of whoever offers this + service can use it. + We save the current value of "can_desegment" for the + benefit of TCP proxying dissectors such as SOCKS, so they + can restore it and allow the dissectors they call to use + the desegmentation service. + */ + saved_can_desegment = pinfo->can_desegment; + pinfo->saved_can_desegment = saved_can_desegment; + pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0); + + saved_curr_proto = pinfo->current_proto; + saved_heur_list_name = pinfo->heur_list_name; + + proto_id = proto_get_id(heur_dtbl_entry->protocol); + + if (heur_dtbl_entry->protocol != NULL) { + /* do NOT change this behavior - wslua uses the protocol short name set here in order + to determine which Lua-based heurisitc dissector to call */ + pinfo->current_proto = proto_get_protocol_short_name(heur_dtbl_entry->protocol); + wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_id)); + } + + EP_CHECK_CANARY(("before calling heuristic dissector for protocol: %s", proto_get_protocol_filter_name(proto_id))); + + /* call the dissector, as we have saved the result heuristic failure is an error */ + if(!(*heur_dtbl_entry->dissector)(tvb, pinfo, tree, data)) + g_assert_not_reached(); + + /* Restore info from caller */ + pinfo->can_desegment = saved_can_desegment; + pinfo->current_proto = saved_curr_proto; + pinfo->heur_list_name = saved_heur_list_name; + +} /* * Dumps the "layer type"/"decode as" associations to stdout, similar * to the proto_registrar_dump_*() routines. diff --git a/epan/packet.h b/epan/packet.h index 4958f396f3..fe7af8a35c 100644 --- a/epan/packet.h +++ b/epan/packet.h @@ -366,11 +366,12 @@ WS_DLL_PUBLIC gboolean has_heur_dissector_list(const gchar *name); * @param tvb the tvbuff with the (remaining) packet data * @param pinfo the packet info of this packet (additional info) * @param tree the protocol tree to be build or NULL + * @param returns the last tried dissectors hdtbl_entry. * @param data parameter to pass to subdissector * @return TRUE if the packet was recognized by the sub-dissector (stop dissection here) */ WS_DLL_PUBLIC gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors, - tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); + tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **hdtbl_entry, void *data); /** Add a sub-dissector to a heuristic dissector list. * Call this in the proto_handoff function of the sub-dissector. @@ -401,37 +402,37 @@ WS_DLL_PUBLIC void heur_dissector_delete(const char *name, heur_dissector_t diss */ extern void heur_dissector_set_enabled(const char *name, heur_dissector_t dissector, const int proto, const gboolean enabled); -/* Register a dissector. */ +/** Register a dissector. */ WS_DLL_PUBLIC dissector_handle_t register_dissector(const char *name, dissector_t dissector, const int proto); WS_DLL_PUBLIC dissector_handle_t new_register_dissector(const char *name, new_dissector_t dissector, const int proto); -/* Get the long name of the protocol for a dissector handle. */ +/** Get the long name of the protocol for a dissector handle. */ extern const char *dissector_handle_get_long_name(const dissector_handle_t handle); -/* Get the short name of the protocol for a dissector handle. */ +/** Get the short name of the protocol for a dissector handle. */ WS_DLL_PUBLIC const char *dissector_handle_get_short_name(const dissector_handle_t handle); -/* Get the index of the protocol for a dissector handle. */ +/** Get the index of the protocol for a dissector handle. */ WS_DLL_PUBLIC int dissector_handle_get_protocol_index(const dissector_handle_t handle); -/* Get a GList of all registered dissector names. */ +/** Get a GList of all registered dissector names. */ WS_DLL_PUBLIC GList* get_dissector_names(void); -/* Find a dissector by name. */ +/** Find a dissector by name. */ WS_DLL_PUBLIC dissector_handle_t find_dissector(const char *name); -/* Get a dissector name from handle. */ +/** Get a dissector name from handle. */ WS_DLL_PUBLIC const char *dissector_handle_get_dissector_name(const dissector_handle_t handle); -/* Create an anonymous handle for a dissector. */ +/** Create an anonymous handle for a dissector. */ WS_DLL_PUBLIC dissector_handle_t create_dissector_handle(dissector_t dissector, const int proto); WS_DLL_PUBLIC dissector_handle_t new_create_dissector_handle(new_dissector_t dissector, const int proto); -/* Call a dissector through a handle and if no dissector was found +/** Call a dissector through a handle and if no dissector was found * pass it over to the "data" dissector instead. * * @param handle The dissector to call. @@ -449,7 +450,7 @@ WS_DLL_PUBLIC int call_dissector_with_data(dissector_handle_t handle, tvbuff_t * WS_DLL_PUBLIC int call_dissector(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); -/* Call a dissector through a handle but if no dissector was found +/** Call a dissector through a handle but if no dissector was found * just return 0 and do not call the "data" dissector instead. * * @param handle The dissector to call. @@ -465,6 +466,17 @@ WS_DLL_PUBLIC int call_dissector(dissector_handle_t handle, tvbuff_t *tvb, WS_DLL_PUBLIC int call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); +/** + * @param heur_dtbl_entry The heur_dtbl_entry of the dissector to call. + * @param tvb The buffer to dissect. + * @param pinfo Packet Info. + * @param tree The protocol tree. + * @param data parameter to pass to dissector + */ + +WS_DLL_PUBLIC void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb, + packet_info *pinfo, proto_tree *tree, void *data); + /* Do all one-time initialization. */ extern void dissect_init(void); diff --git a/plugins/ethercat/packet-ethercat-datagram.c b/plugins/ethercat/packet-ethercat-datagram.c index 62f8ec9ed3..2c55934a24 100644 --- a/plugins/ethercat/packet-ethercat-datagram.c +++ b/plugins/ethercat/packet-ethercat-datagram.c @@ -452,6 +452,7 @@ static void dissect_ecat_datagram(tvbuff_t *tvb, packet_info *pinfo, proto_tree const guint datagram_length = tvb_length_remaining(tvb, offset); guint datagram_padding_bytes = 0; EcParserHDR ecHdr; + heur_dtbl_entry_t *hdtbl_entry; col_set_str(pinfo->cinfo, COL_PROTOCOL, "ECAT"); @@ -732,7 +733,7 @@ static void dissect_ecat_datagram(tvbuff_t *tvb, packet_info *pinfo, proto_tree init_dc_measure(pDC, tvb, suboffset); /* Allow sub dissectors to have a chance with this data */ - if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, NULL)) + if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, &hdtbl_entry, NULL)) { /* No sub dissector did recognize this data, dissect it as data only */ aitem = proto_tree_add_item(ecat_datagram_tree, hf_ecat_data, tvb, suboffset, ecHdr.len & 0x07ff, ENC_NA); @@ -815,7 +816,7 @@ static void dissect_ecat_datagram(tvbuff_t *tvb, packet_info *pinfo, proto_tree if ( dataLength > 0 ) { /* Allow sub dissectors to have a chance with this data */ - if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, NULL)) + if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, &hdtbl_entry, NULL)) { /* No sub dissector did recognize this data, dissect it as data only */ proto_tree_add_item(ecat_datagram_tree, hf_ecat_data, tvb, startOfData, dataLength, ENC_NA); @@ -833,7 +834,7 @@ static void dissect_ecat_datagram(tvbuff_t *tvb, packet_info *pinfo, proto_tree if( tree ) { /* Allow sub dissectors to have a chance with this data */ - if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, NULL)) + if(!dissector_try_heuristic(heur_subdissector_list, tvb, pinfo, ecat_datagram_tree, &hdtbl_entry, NULL)) { /* No sub dissector did recognize this data, dissect it as data only */ proto_tree_add_item(ecat_datagram_tree, hf_ecat_data, tvb, suboffset, ecHdr.len & 0x07ff, ENC_NA); diff --git a/plugins/profinet/packet-dcerpc-pn-io.c b/plugins/profinet/packet-dcerpc-pn-io.c index de611d4c3c..945a4ca0ca 100644 --- a/plugins/profinet/packet-dcerpc-pn-io.c +++ b/plugins/profinet/packet-dcerpc-pn-io.c @@ -9415,13 +9415,14 @@ dissect_PNIO_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 *drep = &drep_data; guint8 u8CBAVersion; guint16 u16FrameID; + heur_dtbl_entry_t *hdtbl_entry; /* * In case the packet is a protocol encoded in the basic PNIO transport stream, * give that protocol a chance to make a heuristic dissection, before we continue * to dissect it as a normal PNIO packet. */ - if (dissector_try_heuristic(heur_pn_subdissector_list, tvb, pinfo, tree, NULL)) + if (dissector_try_heuristic(heur_pn_subdissector_list, tvb, pinfo, tree, &hdtbl_entry, NULL)) return TRUE; /* the sub tvb will NOT contain the frame_id here! */ diff --git a/plugins/profinet/packet-pn-rt.c b/plugins/profinet/packet-pn-rt.c index 996bc73062..a93a4ce2ea 100644 --- a/plugins/profinet/packet-pn-rt.c +++ b/plugins/profinet/packet-pn-rt.c @@ -495,6 +495,7 @@ dissect_pn_rt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) gchar szFieldSummary[100]; tvbuff_t *next_tvb; gboolean bCyclic; + heur_dtbl_entry_t *hdtbl_entry; /* If the link-layer dissector for the protocol above us knows whether @@ -806,7 +807,7 @@ dissect_pn_rt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) next_tvb = tvb_new_subset(tvb, 2, data_len, data_len); /* ask heuristics, if some sub-dissector is interested in this packet payload */ - if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, NULL)) { + if (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) { /*col_set_str(pinfo->cinfo, COL_INFO, "Unknown");*/ /* Oh, well, we don't know this; dissect it as data. */