From Stefan Wenk: SIP heuristic dissector.

svn path=/trunk/; revision=5418

AUTHORS

@@ -1177,6 +1177,10 @@ Kan Sasaki <sasaki[AT]fcc.ad.jp> {
 	VSA decoding and other changes to RADIUS
 }
 
+Stefan Wenk <stefan.wenk[AT]gmx.at> {
+	SIP heuristic dissector
+}
+
 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
 give his permission to use his version of snprintf.c.
 

doc/ethereal.pod.template

@@ -1416,6 +1416,7 @@ B<http://www.ethereal.com>.
   Devin Heitmueller        <dheitmueller[AT]netilla.com>
   Chenjiang Hu             <chu[AT]chiaro.com>
   Kan Sasaki               <sasaki[AT]fcc.ad.jp>
+  Stefan Wenk              <stefan.wenk[AT]gmx.at>
 
 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his
 permission to use his version of snprintf.c.

packet-sip.c

@@ -15,7 +15,7 @@
  * Copyright 2000, Heikki Vatiainen <hessu@cs.tut.fi>
  * Copyright 2001, Jean-Francois Mule <jfm@clarent.com>
  *
- * $Id: packet-sip.c,v 1.26 2002/05/01 08:11:07 guy Exp $
+ * $Id: packet-sip.c,v 1.27 2002/05/08 20:29:46 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -98,14 +98,14 @@ static void dissect_sip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
         gboolean is_request, is_known_request;
         char *req_descr;
 
-	/*
-	 * Note that "tvb_strneql()" doesn't throw exceptions, so
-	 * "sip_is_request()" won't throw an exception.
-	 *
-	 * Note that "tvb_find_line_end()" will return a value that
-	 * is not longer than what's in the buffer, so the
-	 * "tvb_get_ptr()" call s below won't throw exceptions.
-	 */
+        /*
+         * Note that "tvb_strneql()" doesn't throw exceptions, so
+         * "sip_is_request()" won't throw an exception.
+         *
+         * Note that "tvb_find_line_end()" will return a value that
+         * is not longer than what's in the buffer, so the
+         * "tvb_get_ptr()" call s below won't throw exceptions.
+         */
         offset = 0;
         eol = tvb_find_line_end(tvb, 0, -1, &next_offset);
         /* XXX - Check for a valid status message as well. */
@@ -175,6 +175,43 @@ static void dissect_sip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
         return;
 }
 
+static gboolean
+dissect_sip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+        gint eol, next_offset;
+
+        /*
+         * This is a heuristic dissector, which means we get all the
+         * UDP and TCP traffic not sent to a known dissector and not
+         * claimed by a heuristic dissector called before us!
+         * So we first check if the frame is really meant for us.
+         */
+
+        /* check for a request */
+
+        if (tvb_strneql(tvb, 0, SIP2_HDR, SIP2_HDR_LEN) != 0)  {
+                /*
+                 * Not a request; check for a response.
+                 */
+                eol = tvb_find_line_end(tvb, 0, -1, &next_offset);
+                if ((eol > (gint)SIP2_HDR_LEN) &&
+                    (tvb_strneql(tvb, eol - SIP2_HDR_LEN + 1, SIP2_HDR , SIP2_HDR_LEN - 1) != 0)) {
+                        /*
+                         * Not a response, either.
+                         */
+                        return FALSE;
+                }
+        }
+
+        /*
+         * The message seems to be a valid SIP message!
+         */
+        dissect_sip(tvb, pinfo, tree);
+
+        return TRUE;
+}
+
+
 /* Returns the offset to the start of the optional message-body, or
  * -1 if not found.
  */
@@ -283,6 +320,9 @@ proto_reg_handoff_sip(void)
         dissector_add("tcp.port", TCP_PORT_SIP, sip_handle);
         dissector_add("udp.port", UDP_PORT_SIP, sip_handle);
 
+        heur_dissector_add( "udp", dissect_sip_heur, proto_sip );
+        heur_dissector_add( "tcp", dissect_sip_heur, proto_sip );
+
         /*
          * Get a handle for the SDP dissector.
          */