Added heuristics to ICMP and ICMPv6 dissectors to decode the payload.

2021-08-19 16:11:59 +02:00 · 2021-08-19 16:11:59 +02:00 · 042001fb55
parent a104403dad
commit 042001fb55
2 changed files with 17 additions and 3 deletions
--- a/epan/dissectors/packet-icmp.c
+++ b/epan/dissectors/packet-icmp.c
@ -43,6 +43,7 @@
 void proto_register_icmp(void);
 void proto_reg_handoff_icmp(void);

+static heur_dissector_list_t icmp_heur_subdissector_list;
 static int icmp_tap = -1;

 /* Conversation related data */
@ -1757,8 +1758,11 @@ dissect_icmp(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data)
 								8 + 8),
 				       pinfo, icmp_tree);
 		} else {
-			call_data_dissector(tvb_new_subset_remaining(tvb, 8),
-				       pinfo, icmp_tree);
+			heur_dtbl_entry_t *hdtbl_entry;
+			next_tvb = tvb_new_subset_remaining(tvb, 8);
+			if (!dissector_try_heuristic(icmp_heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL)) {
+				call_data_dissector(next_tvb, pinfo, icmp_tree);
+			}
 		}
 		break;

@ -2326,6 +2330,7 @@ void proto_register_icmp(void)

 	register_seq_analysis("icmp", "ICMP Flows", proto_icmp, NULL, TL_REQUIRES_COLUMNS, icmp_seq_analysis_packet);
 	icmp_handle = register_dissector("icmp", dissect_icmp, proto_icmp);
+	icmp_heur_subdissector_list = register_heur_dissector_list("icmp", proto_icmp);
 	register_dissector("icmp_extension", dissect_icmp_extension, proto_icmp);
 	icmp_tap = register_tap("icmp");
 }
--- a/epan/dissectors/packet-icmpv6.c
+++ b/epan/dissectors/packet-icmpv6.c
@ -530,6 +530,7 @@ static int hf_icmpv6_da_lifetime = -1;
 static int hf_icmpv6_da_eui64 = -1;
 static int hf_icmpv6_da_raddr = -1;

+static heur_dissector_list_t icmpv6_heur_subdissector_list;
 static int icmpv6_tap = -1;

 /* RFC 7731 MPL (159) */
@ -4182,8 +4183,15 @@ dissect_icmpv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
                    trans = transaction_end(pinfo, icmp6_tree, conv_key);
                }
            }
+            heur_dtbl_entry_t *hdtbl_entry;
            next_tvb = tvb_new_subset_remaining(tvb, offset);
-            offset += call_data_dissector(next_tvb, pinfo, icmp6_tree);
+            gboolean result = dissector_try_heuristic(icmpv6_heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, NULL);
+            if (!result) {
+                offset += call_data_dissector(next_tvb, pinfo, icmp6_tree);
+            }
+            else {
+                offset += tvb_reported_length(next_tvb);
+            }
        }
    }

@ -6179,6 +6187,7 @@ proto_register_icmpv6(void)

    register_seq_analysis("icmpv6", "ICMPv6 Flows", proto_icmpv6, NULL, TL_REQUIRES_COLUMNS, icmpv6_seq_analysis_packet);
    icmpv6_handle = register_dissector("icmpv6", dissect_icmpv6, proto_icmpv6);
+    icmpv6_heur_subdissector_list = register_heur_dissector_list("icmpv6", proto_icmpv6);
    icmpv6_tap = register_tap("icmpv6");
 }