osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

snort: do not unconditionally prime tcp.reassembled_in 

Priming has some side-effects, do not do it unless the user explicitly
enables a preference. This transfers the owernship of wanted_hfids to
set_postdissector_wanted_hfids.

Ping-Bug: 13996
Change-Id: I77389f54d9a505cf6f2e4deb5f6ee6e508417270
Reviewed-on: https://code.wireshark.org/review/23231
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Peter Wu 2017-08-25 18:37:25 -07:00 committed by Michael Mann
parent b3f5700ed4
commit 6cd7d99cb9
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
epan/dissectors/packet-snort.c
View File

@ -1245,6 +1245,17 @@ static void snort_start(void)
NULL
};
/* Enable field priming if required. */
if (snort_alert_in_reassembled_frame) {
/* Add items we want to try to get to find before we get called.
For now, just ask for tcp.reassembled_in, which won't be seen
on the first pass through the packets. */
GArray *wanted_hfids = g_array_new(FALSE, FALSE, (guint)sizeof(int));
int id = proto_registrar_get_id_byname("tcp.reassembled_in");
g_array_append_val(wanted_hfids, id);
set_postdissector_wanted_hfids(snort_handle, wanted_hfids);
}
/* Nothing to do if not enabled, but registered init function gets called anyway */
if ((pref_snort_alerts_source == FromNowhere) ||
!proto_is_protocol_enabled(find_protocol_by_id(proto_snort))) {
@ -1355,6 +1366,9 @@ static void snort_file_cleanup(void)
if (g_snort_config) {
delete_config(&g_snort_config);
}
/* Disable field priming that got enabled in the init routine. */
set_postdissector_wanted_hfids(snort_handle, NULL);
}
void
@ -1364,14 +1378,6 @@ proto_reg_handoff_snort(void)
* work as a non-root user (couldn't read stdin)
* TODO: could run snort just to get the version number and check the config file is readable?
* TODO: could make snort config parsing less forgiving and use that as a test? */
/* Add items we want to try to get to find before we get called.
For now, just ask for tcp.reassembled_in, which won't be seen
on the first pass through the packets. */
GArray *wanted_hfids = g_array_new(FALSE, FALSE, (guint)sizeof(int));
int id = proto_registrar_get_id_byname("tcp.reassembled_in");
g_array_append_val(wanted_hfids, id);
set_postdissector_wanted_hfids(snort_handle, wanted_hfids);
}
void