Add DCE/RPC over TCP dissector to "force" DCE/RPC when heuristics fail
Add a simple dissection function for DCE/RPC that just calls tcp_dissect_pdus and doesn't do any heuristics checks. This can be used to handle cases where TCP PDU is too small for DCE/RPC heuristics checks and user knows the data is DCE/RPC and can set it through Decode As. Bug: 6392 Change-Id: I9e4960282ea64d20499f7d5a330f48f30a092b30 Reviewed-on: https://code.wireshark.org/review/21951 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Michael Mann
parent
b58e23846e
commit
aabb8fd594
|
|
@ -5657,7 +5657,7 @@ dissect_dcerpc_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* da
|
|||
}
|
||||
|
||||
static gboolean
|
||||
dissect_dcerpc_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
||||
dissect_dcerpc_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
||||
{
|
||||
dcerpc_decode_as_data* decode_data;
|
||||
|
||||
|
|
@ -5671,6 +5671,18 @@ dissect_dcerpc_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *da
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
static int
|
||||
dissect_dcerpc_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
||||
{
|
||||
dcerpc_decode_as_data* decode_data;
|
||||
|
||||
decode_data = dcerpc_get_decode_data(pinfo);
|
||||
decode_data->dcetransporttype = DCE_TRANSPORT_UNKNOWN;
|
||||
|
||||
tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, 10, get_dcerpc_pdu_len, dissect_dcerpc_pdu, data);
|
||||
return tvb_captured_length(tvb);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
dissect_dcerpc_cn_smbpipe(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
|
||||
{
|
||||
|
|
@ -6968,7 +6980,9 @@ proto_register_dcerpc(void)
|
|||
void
|
||||
proto_reg_handoff_dcerpc(void)
|
||||
{
|
||||
heur_dissector_add("tcp", dissect_dcerpc_tcp, "DCE/RPC over TCP", "dcerpc_tcp", proto_dcerpc, HEURISTIC_ENABLE);
|
||||
dissector_handle_t dcerpc_tcp_handle;
|
||||
|
||||
heur_dissector_add("tcp", dissect_dcerpc_tcp_heur, "DCE/RPC over TCP", "dcerpc_tcp", proto_dcerpc, HEURISTIC_ENABLE);
|
||||
heur_dissector_add("netbios", dissect_dcerpc_cn_pk, "DCE/RPC over NetBios", "dcerpc_netbios", proto_dcerpc, HEURISTIC_ENABLE);
|
||||
heur_dissector_add("udp", dissect_dcerpc_dg, "DCE/RPC over UDP", "dcerpc_udp", proto_dcerpc, HEURISTIC_ENABLE);
|
||||
heur_dissector_add("smb_transact", dissect_dcerpc_cn_smbpipe, "DCE/RPC over SMB", "dcerpc_smb_transact", proto_dcerpc, HEURISTIC_ENABLE);
|
||||
|
|
@ -6976,6 +6990,9 @@ proto_reg_handoff_dcerpc(void)
|
|||
heur_dissector_add("http", dissect_dcerpc_cn_bs, "DCE/RPC over HTTP", "dcerpc_http", proto_dcerpc, HEURISTIC_ENABLE);
|
||||
dcerpc_smb_init(proto_dcerpc);
|
||||
|
||||
dcerpc_tcp_handle = create_dissector_handle(dissect_dcerpc_tcp, proto_dcerpc);
|
||||
dissector_add_for_decode_as("tcp.port", dcerpc_tcp_handle);
|
||||
|
||||
guids_add_uuid(&uuid_data_repr_proto, "32bit NDR");
|
||||
guids_add_uuid(&uuid_ndr64, "64bit NDR");
|
||||
guids_add_uuid(&uuid_asyncemsmdb, "async MAPI");
|
||||
|
|
|
|||
Loading…
Reference in New Issue