tpkt: don't have the heuristic enforce TPKT dissecting
Most RDP connections starts with TPKT and then switch to TLS, so enforcing TPKT for the whole conversation makes the decoding fail.
This commit is contained in:
parent
d90d525dd7
commit
bf158b3e41
|
@ -222,7 +222,7 @@ find_channel_name_by_id(packet_info *pinfo, drdynvc_conv_info_t *dyninfo, guint3
|
|||
if (dynChannel)
|
||||
return dynChannel->name;
|
||||
|
||||
/* scan fort static channel in the RDP dissector */
|
||||
/* scan for static channel in the RDP dissector */
|
||||
conv = find_conversation_pinfo(pinfo, 0);
|
||||
rdp_info = (rdp_conv_info_t *)conversation_get_proto_data(conv, proto_rdp);
|
||||
if (!rdp_info)
|
||||
|
|
|
@ -619,11 +619,11 @@ dissect_rdpudp_v2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rdpudp_co
|
|||
seqPtr = (guint64 *)p_get_proto_data(wmem_file_scope(), pinfo, proto_rdpudp, RDPUDP_FULLSEQ_KEY);
|
||||
}
|
||||
proto_item_set_generated(
|
||||
proto_tree_add_uint(data_tree, pf_rdpudp2_DataChannelFullSeqNumber, tvb2, offset, 2, *seqPtr)
|
||||
proto_tree_add_uint(data_tree, pf_rdpudp2_DataChannelFullSeqNumber, tvb2, offset, 2, (guint16)*seqPtr)
|
||||
);
|
||||
offset += 2;
|
||||
|
||||
chunk = wmem_tree_lookup32(targetTree, *seqPtr);
|
||||
chunk = wmem_tree_lookup32(targetTree, (guint32)*seqPtr);
|
||||
data_tvb = tvb_new_composite();
|
||||
|
||||
if (chunk)
|
||||
|
@ -641,7 +641,7 @@ dissect_rdpudp_v2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rdpudp_co
|
|||
if (!PINFO_FD_VISITED(pinfo) && pinfo->desegment_len) {
|
||||
gint remaining = tvb_captured_length_remaining(subtvb, pinfo->desegment_offset);
|
||||
chunk = tvb_clone_offset_len(data_tvb, pinfo->desegment_offset, remaining);
|
||||
wmem_tree_insert32(targetTree, *seqPtr + 1, chunk);
|
||||
wmem_tree_insert32(targetTree, (guint32)(*seqPtr + 1), chunk);
|
||||
}
|
||||
|
||||
offset = tvb_captured_length(tvb2);
|
||||
|
|
|
@ -594,8 +594,6 @@ dissect_ascii_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* da
|
|||
static int
|
||||
dissect_tpkt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
||||
{
|
||||
conversation_t *conversation;
|
||||
|
||||
if (is_tpkt(tvb, 0) == -1) {
|
||||
/* Doesn't look like TPKT directly. Might be over TLS, so reject
|
||||
* and let the TLS heuristic dissector take a look
|
||||
|
@ -603,8 +601,6 @@ dissect_tpkt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat
|
|||
return 0;
|
||||
}
|
||||
|
||||
conversation = find_or_create_conversation(pinfo);
|
||||
conversation_set_dissector(conversation, tpkt_handle);
|
||||
return dissect_tpkt(tvb, pinfo, tree, data);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue