snort: do not unconditionally prime tcp.reassembled_in
Priming has some side-effects, do not do it unless the user explicitly enables a preference. This transfers the owernship of wanted_hfids to set_postdissector_wanted_hfids. Ping-Bug: 13996 Change-Id: I77389f54d9a505cf6f2e4deb5f6ee6e508417270 Reviewed-on: https://code.wireshark.org/review/23231 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
b3f5700ed4
commit
6cd7d99cb9
|
@ -1245,6 +1245,17 @@ static void snort_start(void)
|
|||
NULL
|
||||
};
|
||||
|
||||
/* Enable field priming if required. */
|
||||
if (snort_alert_in_reassembled_frame) {
|
||||
/* Add items we want to try to get to find before we get called.
|
||||
For now, just ask for tcp.reassembled_in, which won't be seen
|
||||
on the first pass through the packets. */
|
||||
GArray *wanted_hfids = g_array_new(FALSE, FALSE, (guint)sizeof(int));
|
||||
int id = proto_registrar_get_id_byname("tcp.reassembled_in");
|
||||
g_array_append_val(wanted_hfids, id);
|
||||
set_postdissector_wanted_hfids(snort_handle, wanted_hfids);
|
||||
}
|
||||
|
||||
/* Nothing to do if not enabled, but registered init function gets called anyway */
|
||||
if ((pref_snort_alerts_source == FromNowhere) ||
|
||||
!proto_is_protocol_enabled(find_protocol_by_id(proto_snort))) {
|
||||
|
@ -1355,6 +1366,9 @@ static void snort_file_cleanup(void)
|
|||
if (g_snort_config) {
|
||||
delete_config(&g_snort_config);
|
||||
}
|
||||
|
||||
/* Disable field priming that got enabled in the init routine. */
|
||||
set_postdissector_wanted_hfids(snort_handle, NULL);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -1364,14 +1378,6 @@ proto_reg_handoff_snort(void)
|
|||
* work as a non-root user (couldn't read stdin)
|
||||
* TODO: could run snort just to get the version number and check the config file is readable?
|
||||
* TODO: could make snort config parsing less forgiving and use that as a test? */
|
||||
|
||||
/* Add items we want to try to get to find before we get called.
|
||||
For now, just ask for tcp.reassembled_in, which won't be seen
|
||||
on the first pass through the packets. */
|
||||
GArray *wanted_hfids = g_array_new(FALSE, FALSE, (guint)sizeof(int));
|
||||
int id = proto_registrar_get_id_byname("tcp.reassembled_in");
|
||||
g_array_append_val(wanted_hfids, id);
|
||||
set_postdissector_wanted_hfids(snort_handle, wanted_hfids);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
Loading…
Reference in New Issue