osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Add ability to export PDUs for heuristic dissectors also 

Change-Id: I1bf1aa9794f9b4f106edffd4986fc0b1014522fa
Reviewed-on: https://code.wireshark.org/review/9099
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This commit is contained in:
Pascal Quantin 2015-06-24 12:21:42 -07:00
parent f5b09f2c8a
commit cdc7d25004
17 changed files with 133 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
epan/dissectors/packet-credssp.c
View File

@ -387,7 +387,7 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+
EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, "credssp", -1, &tags_bit_field, 1);
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "credssp", &tags_bit_field, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);

2
epan/dissectors/packet-diameter.c
View File

@ -342,7 +342,7 @@ export_diameter_pdu(packet_info *pinfo, tvbuff_t *tvb)
tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT +
EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, "diameter", -1, &tags_bit_field, 1);
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "diameter", &tags_bit_field, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);

32
epan/dissectors/packet-dtls.c
View File

@ -636,8 +636,21 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
return ret;
}
static void
export_pdu_packet(tvbuff_t *tvb, packet_info *pinfo, guint tag, const gchar *name)
{
exp_pdu_data_t *exp_pdu_data;
guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, tag, name, &tags, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
exp_pdu_data->pdu_tvb = tvb;
tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
}
/*********************************************************************
@ -931,18 +944,8 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
ssl_print_data("decrypted app data",appl_data->plain_data.data, appl_data->plain_data.data_len);
if (have_tap_listener(exported_pdu_tap)) {
exp_pdu_data_t *exp_pdu_data;
guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(session->app_handle), -1,
&tags, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(next_tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(next_tvb);
exp_pdu_data->pdu_tvb = next_tvb;
tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_PROTO_NAME,
dissector_handle_get_dissector_name(session->app_handle));
}
dissected = call_dissector_only(session->app_handle, next_tvb, pinfo, top_tree, NULL);
@ -950,6 +953,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
else {
/* try heuristic subdissectors */
dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, &hdtbl_entry, NULL);
if (dissected && have_tap_listener(exported_pdu_tap)) {
gchar *name = wmem_strconcat(wmem_packet_scope(), hdtbl_entry->list_name, "##",
proto_get_protocol_short_name(hdtbl_entry->protocol), NULL);
export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_HEUR_PROTO_NAME, name);
}
}
pinfo->match_uint = saved_match_port;
if (dissected)

2
epan/dissectors/packet-dvbci.c
View File

@ -3442,7 +3442,7 @@ dissect_sac_msg(guint32 tag, tvbuff_t *tvb, gint offset,
tags[0] = 0;
tags[1] = EXP_PDU_TAG_DVBCI_EVT_BIT;
exp_pdu_data = load_export_pdu_tags(
pinfo, EXPORTED_SAC_MSG_PROTO, -1, tags, 2);
pinfo, EXP_PDU_TAG_PROTO_NAME, EXPORTED_SAC_MSG_PROTO, tags, 2);
exp_pdu_data->tvb_captured_length = tvb_captured_length(clear_sac_msg_tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(clear_sac_msg_tvb);

32
epan/dissectors/packet-exported_pdu.c
View File

@ -38,6 +38,7 @@ static int hf_exported_pdu_tag = -1;
static int hf_exported_pdu_tag_len = -1;
static int hf_exported_pdu_unknown_tag = -1;
static int hf_exported_pdu_prot_name = -1;
static int hf_exported_pdu_heur_prot_name = -1;
static int hf_exported_pdu_ipv4_src = -1;
static int hf_exported_pdu_ipv4_dst = -1;
static int hf_exported_pdu_ipv6_src = -1;
@ -56,15 +57,17 @@ static int hf_exported_pdu_exported_pdu = -1;
static gint ett_exported_pdu = -1;
static gint ett_exported_pdu_tag = -1;
#define EXPORTED_PDU_NEXT_PROTO_STR 0
#define EXPORTED_PDU_NEXT_PROTO_STR 0
#define EXPORTED_PDU_NEXT_HEUR_PROTO_STR 1
static const value_string exported_pdu_tag_vals[] = {
{ EXP_PDU_TAG_END_OF_OPT, "End-of-options" },
/* 1 - 9 reserved */
{ EXP_PDU_TAG_OPTIONS_LENGTH, "Total length of the options excluding this TLV" },
{ EXP_PDU_TAG_LINKTYPE, "Linktype value" },
{ EXP_PDU_TAG_PROTO_NAME, "PDU content protocol name" },
{ EXP_PDU_TAG_HEUR_PROTO_NAME, "PDU content heuristic protocol name" },
/* Add protocol type related tags here */
/* 13 - 19 reserved */
/* 14 - 19 reserved */
{ EXP_PDU_TAG_IPV4_SRC, "IPv4 Source Address" },
{ EXP_PDU_TAG_IPV4_DST, "IPv4 Destination Address" },
{ EXP_PDU_TAG_IPV6_SRC, "IPv6 Source Address" },
@ -121,6 +124,11 @@ dissect_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
proto_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, tag_len, ENC_UTF_8|ENC_NA);
proto_tree_add_item(tag_tree, hf_exported_pdu_prot_name, tvb, offset, tag_len, ENC_UTF_8|ENC_NA);
break;
case EXP_PDU_TAG_HEUR_PROTO_NAME:
next_proto_type = EXPORTED_PDU_NEXT_HEUR_PROTO_STR;
proto_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, tag_len, ENC_UTF_8|ENC_NA);
proto_tree_add_item(tag_tree, hf_exported_pdu_heur_prot_name, tvb, offset, tag_len, ENC_UTF_8|ENC_NA);
break;
case EXP_PDU_TAG_IPV4_SRC:
proto_tree_add_item(tag_tree, hf_exported_pdu_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN);
TVB_SET_ADDRESS(&pinfo->net_src, AT_IPv4, tvb, offset, 4);
@ -201,6 +209,21 @@ dissect_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
call_dissector(proto_handle, payload_tvb, pinfo, tree);
}
break;
case EXPORTED_PDU_NEXT_HEUR_PROTO_STR:
{
gchar **heur_proto_str = wmem_strsplit(wmem_packet_scope(), proto_name, "##", 2);
if (heur_proto_str && heur_proto_str[0] && heur_proto_str[1]) {
heur_dissector_list_t heur_list = find_heur_dissector_list(heur_proto_str[0]);
if (heur_list) {
heur_dtbl_entry_t *heur_diss = find_heur_dissector_by_short_name(heur_list, heur_proto_str[1]);
if (heur_diss) {
col_clear(pinfo->cinfo, COL_PROTOCOL);
call_heur_dissector_direct(heur_diss, payload_tvb, pinfo, tree, NULL);
}
}
}
break;
}
default:
break;
}
@ -237,6 +260,11 @@ proto_register_exported_pdu(void)
FT_STRING, BASE_NONE, NULL, 0,
NULL, HFILL }
},
{ &hf_exported_pdu_heur_prot_name,
{ "Heuristic Protocol Name", "exported_pdu.heur_prot_name",
FT_STRING, BASE_NONE, NULL, 0,
NULL, HFILL }
},
{ &hf_exported_pdu_ipv4_src,
{ "IPv4 Src", "exported_pdu.ipv4_src",
FT_IPv4, BASE_NONE, NULL, 0,

3
epan/dissectors/packet-ipsec.c
View File

@ -1108,7 +1108,8 @@ export_ipsec_pdu(dissector_handle_t dissector_handle, packet_info *pinfo, tvbuff
guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(dissector_handle), -1,
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME,
dissector_handle_get_dissector_name(dissector_handle),
&tags, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);

2
epan/dissectors/packet-logcat-text.c
View File

@ -224,7 +224,7 @@ static void add_exported_pdu(tvbuff_t *tvb, packet_info *pinfo, const char * sub
if (have_tap_listener(exported_pdu_tap)) {
exp_pdu_data_t *exp_pdu_data;
exp_pdu_data = load_export_pdu_tags(pinfo, subdissector_name, -1, NULL, 0);
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, subdissector_name, NULL, 0);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
exp_pdu_data->pdu_tvb = tvb;

2
epan/dissectors/packet-logcat.c
View File

@ -191,7 +191,7 @@ dissect_logcat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _
if (have_tap_listener(exported_pdu_tap)) {
exp_pdu_data_t *exp_pdu_data;
exp_pdu_data = load_export_pdu_tags(pinfo, "logcat", -1, NULL, 0);
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "logcat", NULL, 0);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
exp_pdu_data->pdu_tvb = tvb;

2
epan/dissectors/packet-reload-framing.c
View File

@ -178,7 +178,7 @@ dissect_reload_framing_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr
guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, "reload-framing", -1, &tags, 1);
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "reload-framing", &tags, 1);
exp_pdu_data->tvb_captured_length = effective_length;
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);

2
epan/dissectors/packet-sctp.c
View File

@ -3173,7 +3173,7 @@ export_sctp_data_chunk(packet_info *pinfo, tvbuff_t *tvb, const gchar *proto_nam
tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+
EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, proto_name, -1, &tags_bit_field, 1);
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, proto_name, &tags_bit_field, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);

2
epan/dissectors/packet-sip.c
View File

@ -1049,7 +1049,7 @@ export_sip_pdu(packet_info *pinfo, tvbuff_t *tvb)
tags_bit_field = EXP_PDU_TAG_IP_SRC_BIT + EXP_PDU_TAG_IP_DST_BIT + EXP_PDU_TAG_SRC_PORT_BIT+
EXP_PDU_TAG_DST_PORT_BIT + EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, "sip", -1, &tags_bit_field, 1);
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, "sip", &tags_bit_field, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);

35
epan/dissectors/packet-ssl.c
View File

@ -1283,6 +1283,22 @@ again:
}
}
static void
export_pdu_packet(tvbuff_t *tvb, packet_info *pinfo, guint tag, const gchar *name)
{
exp_pdu_data_t *exp_pdu_data;
guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, tag, name, &tags, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
exp_pdu_data->pdu_tvb = tvb;
tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
}
static void
process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo,
proto_tree *tree, SslSession *session)
@ -1300,20 +1316,15 @@ process_ssl_payload(tvbuff_t *tvb, volatile int offset, packet_info *pinfo,
if (dissector_try_heuristic(ssl_heur_subdissector_list, next_tvb,
pinfo, proto_tree_get_root(tree), &hdtbl_entry, NULL)) {
if (have_tap_listener(exported_pdu_tap)) {
gchar *name = wmem_strconcat(wmem_packet_scope(), hdtbl_entry->list_name, "##",
proto_get_protocol_short_name(hdtbl_entry->protocol), NULL);
export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_HEUR_PROTO_NAME, name);
}
} else {
if (have_tap_listener(exported_pdu_tap)) {
exp_pdu_data_t *exp_pdu_data;
guint8 tags = EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(session->app_handle), -1,
&tags, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(next_tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(next_tvb);
exp_pdu_data->pdu_tvb = next_tvb;
tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
export_pdu_packet(next_tvb, pinfo, EXP_PDU_TAG_PROTO_NAME,
dissector_handle_get_dissector_name(session->app_handle));
}
saved_match_port = pinfo->match_uint;
if (ssl_packet_from_server(session, ssl_associations, pinfo)) {

2
epan/dissectors/packet-user_encap.c
View File

@ -95,7 +95,7 @@ static void export_pdu(tvbuff_t *tvb, packet_info* pinfo, char *proto_name)
guint8 exp_pdu_data_tag;
exp_pdu_data_tag = EXP_PDU_TAG_ORIG_FNO_BIT;
exp_pdu_data = load_export_pdu_tags(pinfo, proto_name, -1, &exp_pdu_data_tag, 1);
exp_pdu_data = load_export_pdu_tags(pinfo, EXP_PDU_TAG_PROTO_NAME, proto_name, &exp_pdu_data_tag, 1);
exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
exp_pdu_data->pdu_tvb = tvb;

7
epan/exported_pdu.c
View File

@ -36,12 +36,13 @@ GSList *export_pdu_tap_name_list = NULL;
/**
* Allocates and fills the exp_pdu_data_t struct according to the wanted_exp_tags
* bit field of wanted_exp_tags_len bytes length
* If proto_name is != NULL, wtap_encap must be -1 or vice-versa
* tag_type should be either EXP_PDU_TAG_PROTO_NAME or EXP_PDU_TAG_HEUR_PROTO_NAME
* proto_name interpretation depends on tag_type value
*
* The tags in the tag buffer SHOULD be added in numerical order.
*/
exp_pdu_data_t *
load_export_pdu_tags(packet_info *pinfo, const char* proto_name, int wtap_encap _U_,
load_export_pdu_tags(packet_info *pinfo, guint tag_type, const char* proto_name,
guint8 *wanted_exp_tags, guint16 wanted_exp_tags_len)
{
exp_pdu_data_t *exp_pdu_data;
@ -130,7 +131,7 @@ load_export_pdu_tags(packet_info *pinfo, const char* proto_name, int wtap_encap
if(proto_name){
exp_pdu_data->tlv_buffer[i] = 0;
i++;
exp_pdu_data->tlv_buffer[i] = EXP_PDU_TAG_PROTO_NAME;
exp_pdu_data->tlv_buffer[i] = tag_type;
i++;
exp_pdu_data->tlv_buffer[i] = 0;
i++;

18
epan/exported_pdu.h
View File

@ -83,11 +83,14 @@ WS_DLL_PUBLIC GSList *get_export_pdu_tap_list(void);
#define EXP_PDU_TAG_END_OF_OPT 0 /**< End-of-options Tag. */
/* 1 - 9 reserved */
#define EXP_PDU_TAG_OPTIONS_LENGTH 10 /**< Total length of the options excluding this TLV */
#define EXP_PDU_TAG_LINKTYPE 11 /**< The value part is the linktype value defined by tcpdump
* http://www.tcpdump.org/linktypes.html
*/
#define EXP_PDU_TAG_LINKTYPE 11 /**< Deprecated - do not use */
#define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string
* of the short protocol name used by Wireshark e.g "sip"
* of the registered dissector used by Wireshark e.g "sip"
* Will be used to call the next dissector.
*/
#define EXP_PDU_TAG_HEUR_PROTO_NAME 13 /**< The value part should be an ASCII non NULL terminated string
* composed of the heuristic table name followed by "##" followed
* by protocol short name of the used heuristic dissector e.g "ssl##HTTP2"
* Will be used to call the next dissector.
*/
/* Add protocol type related tags here.
@ -150,12 +153,13 @@ typedef struct _exp_pdu_data_t {
/**
* Allocates and fills the exp_pdu_data_t struct according to the wanted_exp_tags
* bit field of wanted_exp_tags_len bytes length
* If proto_name is != NULL, wtap_encap must be -1 or vice-versa
* tag_type should be either EXP_PDU_TAG_PROTO_NAME or EXP_PDU_TAG_HEUR_PROTO_NAME
* proto_name interpretation depends on tag_type value
*
* The tags in the tag buffer SHOULD be added in numerical order.
*/
WS_DLL_PUBLIC exp_pdu_data_t *load_export_pdu_tags(packet_info *pinfo, const char* proto_name,
int wtap_encap, guint8 *wanted_exp_tags, guint16 wanted_exp_tags_len);
WS_DLL_PUBLIC exp_pdu_data_t *load_export_pdu_tags(packet_info *pinfo, guint tag_type, const char* proto_name,
guint8 *wanted_exp_tags, guint16 wanted_exp_tags_len);
#ifdef __cplusplus
}

29
epan/packet.c
View File

@ -1882,6 +1882,24 @@ has_heur_dissector_list(const gchar *name) {
return (find_heur_dissector_list(name) != NULL);
}
static int
find_matching_heur_dissector_by_short_name(gconstpointer a, gconstpointer b) {
const gchar *str_a = proto_get_protocol_short_name(((const heur_dtbl_entry_t *)a)->protocol);
const gchar *str_b = (const gchar*)b;
return strcmp(str_a, str_b);
}
heur_dtbl_entry_t*
find_heur_dissector_by_short_name(heur_dissector_list_t heur_list, const char *short_name)
{
GSList *found_entry = g_slist_find_custom(heur_list->dissectors,
(gpointer) short_name,
find_matching_heur_dissector_by_short_name);
return found_entry ? (heur_dtbl_entry_t *)(found_entry->data) : NULL;
}
void
heur_dissector_add(const char *name, heur_dissector_t dissector, const int proto)
{
@ -2415,8 +2433,6 @@ void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tv
const char *saved_heur_list_name;
guint16 saved_can_desegment;
int proto_id;
g_assert(heur_dtbl_entry);
/* can_desegment is set to 2 by anyone which offers this api/service.
@ -2435,13 +2451,18 @@ void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tv
saved_curr_proto = pinfo->current_proto;
saved_heur_list_name = pinfo->heur_list_name;
proto_id = proto_get_id(heur_dtbl_entry->protocol);
if (!heur_dtbl_entry->enabled ||
(heur_dtbl_entry->protocol != NULL && !proto_is_protocol_enabled(heur_dtbl_entry->protocol))) {
g_assert(data_handle->protocol != NULL);
call_dissector_work(data_handle, tvb, pinfo, tree, TRUE, NULL);
return;
}
if (heur_dtbl_entry->protocol != NULL) {
/* do NOT change this behavior - wslua uses the protocol short name set here in order
to determine which Lua-based heurisitc dissector to call */
pinfo->current_proto = proto_get_protocol_short_name(heur_dtbl_entry->protocol);
wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_id));
wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_get_id(heur_dtbl_entry->protocol)));
}
pinfo->heur_list_name = heur_dtbl_entry->list_name;

9
epan/packet.h
View File

@ -415,6 +415,15 @@ WS_DLL_PUBLIC gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissect
*/
WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list(const char *name);
/** Find a heuristic dissector by short protocol name in a heuristic table.
*
* @param heur_list heuristic dissector table
* @param short_name short name of the protocol to look at
* @return pointer to the heuristic dissector entry, NULL if not such dissector exists
*/
WS_DLL_PUBLIC heur_dtbl_entry_t* find_heur_dissector_by_short_name(heur_dissector_list_t heur_list,
const char *short_name);
/** Add a sub-dissector to a heuristic dissector list.
* Call this in the proto_handoff function of the sub-dissector.
*