osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

tpkt: don't have the heuristic enforce TPKT dissecting 

Most RDP connections starts with TPKT and then switch to TLS, so enforcing TPKT
for the whole conversation makes the decoding fail.
This commit is contained in:
David Fort 2022-11-09 15:26:37 +01:00 committed by Alexis La Goutte
parent d90d525dd7
commit bf158b3e41
3 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
epan/dissectors/packet-rdp_drdynvc.c
View File

@ -222,7 +222,7 @@ find_channel_name_by_id(packet_info *pinfo, drdynvc_conv_info_t *dyninfo, guint3
if (dynChannel)
return dynChannel->name;
/* scan fort static channel in the RDP dissector */
/* scan for static channel in the RDP dissector */
conv = find_conversation_pinfo(pinfo, 0);
rdp_info = (rdp_conv_info_t *)conversation_get_proto_data(conv, proto_rdp);
if (!rdp_info)

6
epan/dissectors/packet-rdpudp.c
View File

@ -619,11 +619,11 @@ dissect_rdpudp_v2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rdpudp_co
seqPtr = (guint64 *)p_get_proto_data(wmem_file_scope(), pinfo, proto_rdpudp, RDPUDP_FULLSEQ_KEY);
}
proto_item_set_generated(
proto_tree_add_uint(data_tree, pf_rdpudp2_DataChannelFullSeqNumber, tvb2, offset, 2, *seqPtr)
proto_tree_add_uint(data_tree, pf_rdpudp2_DataChannelFullSeqNumber, tvb2, offset, 2, (guint16)*seqPtr)
);
offset += 2;
chunk = wmem_tree_lookup32(targetTree, *seqPtr);
chunk = wmem_tree_lookup32(targetTree, (guint32)*seqPtr);
data_tvb = tvb_new_composite();
if (chunk)
@ -641,7 +641,7 @@ dissect_rdpudp_v2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rdpudp_co
if (!PINFO_FD_VISITED(pinfo) && pinfo->desegment_len) {
gint remaining = tvb_captured_length_remaining(subtvb, pinfo->desegment_offset);
chunk = tvb_clone_offset_len(data_tvb, pinfo->desegment_offset, remaining);
wmem_tree_insert32(targetTree, *seqPtr + 1, chunk);
wmem_tree_insert32(targetTree, (guint32)(*seqPtr + 1), chunk);
}
offset = tvb_captured_length(tvb2);

4
epan/dissectors/packet-tpkt.c
View File

@ -594,8 +594,6 @@ dissect_ascii_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* da
static int
dissect_tpkt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
conversation_t *conversation;
if (is_tpkt(tvb, 0) == -1) {
/* Doesn't look like TPKT directly. Might be over TLS, so reject
* and let the TLS heuristic dissector take a look
@ -603,8 +601,6 @@ dissect_tpkt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat
return 0;
}
conversation = find_or_create_conversation(pinfo);
conversation_set_dissector(conversation, tpkt_handle);
return dissect_tpkt(tvb, pinfo, tree, data);
}