2 * Routines for packet disassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
43 #include "timestamp.h"
45 #include "atalk-utils.h"
46 #include "sna-utils.h"
47 #include "osi-utils.h"
50 #include "addr_resolv.h"
53 #include "epan_dissect.h"
56 #include <epan/reassemble.h>
57 #include <epan/stream.h>
58 #include <epan/expert.h>
60 static gint proto_malformed = -1;
61 static dissector_handle_t frame_handle = NULL;
62 static dissector_handle_t data_handle = NULL;
67 frame_handle = find_dissector("frame");
68 data_handle = find_dissector("data");
69 proto_malformed = proto_get_id_by_filter_name("malformed");
79 * Given a tvbuff, and a length from a packet header, adjust the length
80 * of the tvbuff to reflect the specified length.
83 set_actual_length(tvbuff_t *tvb, guint specified_len)
85 if (specified_len < tvb_reported_length(tvb)) {
86 /* Adjust the length of this tvbuff to include only the specified
89 The dissector above the one calling us (the dissector above is
90 probably us) may use that to determine how much of its packet
92 tvb_set_reported_length(tvb, specified_len);
96 /* Allow protocols to register "init" routines, which are called before
97 we make a pass through a capture file and dissect all its packets
98 (e.g., when we read in a new capture file, or run a "filter packets"
99 or "colorize packets" pass over the current capture file). */
100 static GSList *init_routines;
103 register_init_routine(void (*func)(void))
105 init_routines = g_slist_append(init_routines, (gpointer)func);
108 typedef void (*void_func_t)(void);
110 /* Initialize all data structures used for dissection. */
112 call_init_routine(gpointer routine, gpointer dummy _U_)
114 void_func_t func = (void_func_t)routine;
119 * XXX - for now, these are the same; the "init" routines free whatever
120 * stuff is left over from any previous dissection, and then initialize
123 * We should probably split that into "init" and "cleanup" routines, for
127 init_dissection(void)
129 /* Reclaim and reinitialize all memory of seasonal scope */
132 /* Initialize the table of conversations. */
133 epan_conversation_init();
135 /* Initialize the table of circuits. */
138 /* Initialize protocol-specific variables. */
139 g_slist_foreach(init_routines, &call_init_routine, NULL);
141 /* Initialize the common data structures for fragment reassembly.
142 Must be done *after* calling init routines, as those routines
143 may free up space for fragments, which they find by using the
144 data structures that "reassemble_init()" frees. */
147 /* Initialize the stream-handling tables */
150 /* Initialize the expert infos */
155 cleanup_dissection(void)
160 /* Allow protocols to register a "cleanup" routine to be
161 * run after the initial sequential run through the packets.
162 * Note that the file can still be open after this; this is not
163 * the final cleanup. */
164 static GSList *postseq_cleanup_routines;
167 register_postseq_cleanup_routine(void_func_t func)
169 postseq_cleanup_routines = g_slist_append(postseq_cleanup_routines,
173 /* Call all the registered "postseq_cleanup" routines. */
175 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
177 void_func_t func = (void_func_t)routine;
182 postseq_cleanup_all_protocols(void)
184 g_slist_foreach(postseq_cleanup_routines,
185 &call_postseq_cleanup_routine, NULL);
189 * Add a new data source to the list of data sources for a frame, given
190 * the tvbuff for the data source and its name.
193 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
197 src = ep_alloc(sizeof (data_source));
200 * XXX - if we require this argument to be a string constant,
201 * we don't need to allocate a buffer for a copy and make a
202 * copy, and wouldn't need to free the buffer, either.
204 src->name = ep_strdup_printf("%s (%u bytes)", name, tvb_length(tvb));
205 pinfo->data_src = g_slist_append(pinfo->data_src, src);
209 * Free up a frame's list of data sources.
212 free_data_sources(packet_info *pinfo)
214 g_slist_free(pinfo->data_src);
215 pinfo->data_src = NULL;
218 /* Allow dissectors to register a "final_registration" routine
219 * that is run like the proto_register_XXX() routine, but at the
220 * end of the epan_init() function; that is, *after* all other
221 * subsystems, like dfilters, have finished initializing. This is
222 * useful for dissector registration routines which need to compile
223 * display filters. dfilters can't initialize itself until all protocols
224 * have registered themselves. */
225 static GSList *final_registration_routines;
228 register_final_registration_routine(void (*func)(void))
230 final_registration_routines = g_slist_append(final_registration_routines,
234 /* Call all the registered "final_registration" routines. */
236 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
238 void_func_t func = (void_func_t)routine;
244 final_registration_all_protocols(void)
246 g_slist_foreach(final_registration_routines,
247 &call_final_registration_routine, NULL);
251 /* Creates the top-most tvbuff and calls dissect_frame() */
253 dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
254 const guchar *pd, frame_data *fd, column_info *cinfo)
258 edt->pi.current_proto = "<Missing Protocol Name>";
259 edt->pi.cinfo = cinfo;
261 edt->pi.pseudo_header = pseudo_header;
262 edt->pi.data_src = NULL;
263 edt->pi.dl_src.type = AT_NONE;
264 edt->pi.dl_src.len = 0;
265 edt->pi.dl_src.data = NULL;
266 edt->pi.dl_dst.type = AT_NONE;
267 edt->pi.dl_dst.len = 0;
268 edt->pi.dl_dst.data = NULL;
269 edt->pi.net_src.type = AT_NONE;
270 edt->pi.net_src.len = 0;
271 edt->pi.net_src.data = NULL;
272 edt->pi.net_dst.type = AT_NONE;
273 edt->pi.net_dst.len = 0;
274 edt->pi.net_dst.data = NULL;
275 edt->pi.src.type = AT_NONE;
277 edt->pi.src.data = NULL;
278 edt->pi.dst.type = AT_NONE;
280 edt->pi.dst.data = NULL;
281 edt->pi.ethertype = 0;
283 edt->pi.ipxptype = 0;
284 edt->pi.ctype = CT_NONE;
285 edt->pi.circuit_id = 0;
286 edt->pi.noreassembly_reason = "";
287 edt->pi.fragmented = FALSE;
288 edt->pi.in_error_pkt = FALSE;
289 edt->pi.ptype = PT_NONE;
291 edt->pi.destport = 0;
292 edt->pi.match_port = 0;
293 edt->pi.match_string = NULL;
294 edt->pi.can_desegment = 0;
295 edt->pi.want_pdu_tracking = 0;
296 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
297 edt->pi.private_data = NULL;
304 edt->pi.dcectxid = 0;
305 edt->pi.dcetransporttype = -1;
306 edt->pi.decrypt_gssapi_tvb = 0;
307 edt->pi.gssapi_wrap_tvb = NULL;
308 edt->pi.gssapi_encrypted_tvb = NULL;
309 edt->pi.gssapi_decrypted_tvb = NULL;
310 edt->pi.layer_names = NULL;
311 edt->pi.link_number = 0;
312 edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN;
313 edt->pi.profinet_conv = NULL;
314 edt->pi.profinet_type = 0;
315 edt->pi.usb_conv_info = NULL;
316 edt->pi.tcp_tree = NULL;
317 edt->pi.dcerpc_procedure_name="";
318 edt->pi.sccp_info = NULL;
319 edt->pi.clnp_srcref = 0;
320 edt->pi.clnp_dstref = 0;
323 edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
324 /* Add this tvbuffer into the data_src list */
325 add_new_data_source(&edt->pi, edt->tvb, "Frame");
327 /* Even though dissect_frame() catches all the exceptions a
328 * sub-dissector can throw, dissect_frame() itself may throw
329 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
330 * in this function. */
331 if(frame_handle != NULL)
332 call_dissector(frame_handle, edt->tvb, &edt->pi, edt->tree);
336 g_assert_not_reached();
338 CATCH(ReportedBoundsError) {
339 if(proto_malformed != -1){
340 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
341 "[Malformed Frame: Packet Length]" );
343 g_assert_not_reached();
346 CATCH(OutOfMemoryError) {
351 fd->flags.visited = 1;
354 /*********************** code added for sub-dissector lookup *********************/
357 * An dissector handle.
359 struct dissector_handle {
360 const char *name; /* dissector name */
361 gboolean is_new; /* TRUE if new-style dissector */
366 protocol_t *protocol;
369 /* This function will return
370 * old style dissector :
371 * length of the payload or 1 of the payload is empty
373 * >0 this protocol was successfully dissected and this was this protocol.
374 * 0 this packet did not match this protocol.
376 * The only time this function will return 0 is if it is a new style dissector
377 * and if the dissector rejected the packet.
380 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
381 packet_info *pinfo, proto_tree *tree)
383 const char *saved_proto;
386 saved_proto = pinfo->current_proto;
388 if (handle->protocol != NULL) {
389 pinfo->current_proto =
390 proto_get_protocol_short_name(handle->protocol);
393 if (handle->is_new) {
394 ret = (*handle->dissector.new)(tvb, pinfo, tree);
396 (*handle->dissector.old)(tvb, pinfo, tree);
397 ret = tvb_length(tvb);
400 * XXX - a tvbuff can have 0 bytes of data in
401 * it, so we have to make sure we don't return
408 pinfo->current_proto = saved_proto;
414 * Call a dissector through a handle.
415 * If the protocol for that handle isn't enabled, return 0 without
416 * calling the dissector.
417 * Otherwise, if the handle refers to a new-style dissector, call the
418 * dissector and return its return value, otherwise call it and return
419 * the length of the tvbuff pointed to by the argument.
422 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb,
423 packet_info *pinfo_arg, proto_tree *tree)
425 packet_info *volatile pinfo = pinfo_arg;
426 const char *saved_proto;
427 guint16 saved_can_desegment;
428 volatile int ret = 0;
429 gboolean save_writable;
430 volatile address save_dl_src;
431 volatile address save_dl_dst;
432 volatile address save_net_src;
433 volatile address save_net_dst;
434 volatile address save_src;
435 volatile address save_dst;
436 volatile gint saved_layer_names_len = 0;
438 if (handle->protocol != NULL &&
439 !proto_is_protocol_enabled(handle->protocol)) {
441 * The protocol isn't enabled.
446 saved_proto = pinfo->current_proto;
447 saved_can_desegment = pinfo->can_desegment;
449 if (pinfo->layer_names != NULL)
450 saved_layer_names_len = pinfo->layer_names->len;
453 * can_desegment is set to 2 by anyone which offers the
454 * desegmentation api/service.
455 * Then everytime a subdissector is called it is decremented
457 * Thus only the subdissector immediately on top of whoever
458 * offers this service can use it.
459 * We save the current value of "can_desegment" for the
460 * benefit of TCP proxying dissectors such as SOCKS, so they
461 * can restore it and allow the dissectors they call to use
462 * the desegmentation service.
464 pinfo->saved_can_desegment = saved_can_desegment;
465 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
466 if (handle->protocol != NULL) {
467 pinfo->current_proto =
468 proto_get_protocol_short_name(handle->protocol);
471 * Add the protocol name to the layers
473 if (pinfo->layer_names) {
474 if (pinfo->layer_names->len > 0)
475 g_string_append(pinfo->layer_names, ":");
476 g_string_append(pinfo->layer_names,
477 proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
481 if (pinfo->in_error_pkt) {
483 * This isn't a packet being transported inside
484 * the protocol whose dissector is calling us,
485 * it's a copy of a packet that caused an error
486 * in some protocol included in a packet that
487 * reports the error (e.g., an ICMP Unreachable
492 * Save the current state of the writability of
493 * the columns, and restore them after the
494 * dissector returns, so that the columns
495 * don't reflect the packet that got the error,
496 * they reflect the packet that reported the
499 save_writable = col_get_writable(pinfo->cinfo);
500 col_set_writable(pinfo->cinfo, FALSE);
501 save_dl_src = pinfo->dl_src;
502 save_dl_dst = pinfo->dl_dst;
503 save_net_src = pinfo->net_src;
504 save_net_dst = pinfo->net_dst;
505 save_src = pinfo->src;
506 save_dst = pinfo->dst;
508 /* Dissect the contained packet. */
510 ret = call_dissector_through_handle(handle, tvb,
515 * Restore the column writability and addresses.
517 col_set_writable(pinfo->cinfo, save_writable);
518 pinfo->dl_src = save_dl_src;
519 pinfo->dl_dst = save_dl_dst;
520 pinfo->net_src = save_net_src;
521 pinfo->net_dst = save_net_dst;
522 pinfo->src = save_src;
523 pinfo->dst = save_dst;
526 * Restore the current protocol, so any
527 * "Short Frame" indication reflects that
528 * protocol, not the protocol for the
529 * packet that got the error.
531 pinfo->current_proto = saved_proto;
534 * Restore the desegmentability state.
536 pinfo->can_desegment = saved_can_desegment;
539 * Rethrow the exception, so this will be
540 * reported as a short frame.
544 CATCH(ReportedBoundsError) {
546 * "ret" wasn't set because an exception was thrown
547 * before "call_dissector_through_handle()" returned.
548 * As it called something, at least one dissector
549 * accepted the packet, and, as an exception was
550 * thrown, not only was all the tvbuff dissected,
551 * a dissector tried dissecting past the end of
552 * the data in some tvbuff, so we'll assume that
553 * the entire tvbuff was dissected.
555 ret = tvb_length(tvb);
557 CATCH(OutOfMemoryError) {
562 col_set_writable(pinfo->cinfo, save_writable);
563 pinfo->dl_src = save_dl_src;
564 pinfo->dl_dst = save_dl_dst;
565 pinfo->net_src = save_net_src;
566 pinfo->net_dst = save_net_dst;
567 pinfo->src = save_src;
568 pinfo->dst = save_dst;
569 pinfo->want_pdu_tracking = 0;
572 * Just call the subdissector.
574 ret = call_dissector_through_handle(handle, tvb, pinfo, tree);
579 * That dissector didn't accept the packet, so
580 * remove its protocol's name from the list
583 if (pinfo->layer_names != NULL) {
584 g_string_truncate(pinfo->layer_names,
585 saved_layer_names_len);
588 pinfo->current_proto = saved_proto;
589 pinfo->can_desegment = saved_can_desegment;
594 * An entry in the hash table portion of a dissector table.
597 dissector_handle_t initial;
598 dissector_handle_t current;
604 * "hash_table" is a hash table, indexed by port number, supplying
605 * a "struct dtbl_entry"; it records what dissector is assigned to
606 * that port number in that table.
608 * "dissector_handles" is a list of all dissectors that *could* be
609 * used in that table; not all of them are necessarily in the table,
610 * as they may be for protocols that don't have a fixed port number.
612 * "ui_name" is the name the dissector table has in the user interface.
614 * "type" is a field type giving the width of the port number for that
617 * "base" is the base in which to display the port number for that
620 struct dissector_table {
621 GHashTable *hash_table;
622 GSList *dissector_handles;
628 static GHashTable *dissector_tables = NULL;
630 /* Finds a dissector table by table name. */
632 find_dissector_table(const char *name)
634 g_assert(dissector_tables);
635 return g_hash_table_lookup( dissector_tables, name );
638 /* Find an entry in a uint dissector table. */
639 static dtbl_entry_t *
640 find_uint_dtbl_entry(dissector_table_t sub_dissectors, guint32 pattern)
642 switch (sub_dissectors->type) {
649 * You can do a port lookup in these tables.
655 * But you can't do a port lookup in any other types
658 g_assert_not_reached();
664 return g_hash_table_lookup(sub_dissectors->hash_table,
665 GUINT_TO_POINTER(pattern));
668 /* Add an entry to a uint dissector table. */
670 dissector_add(const char *name, guint32 pattern, dissector_handle_t handle)
672 dissector_table_t sub_dissectors;
673 dtbl_entry_t *dtbl_entry;
675 sub_dissectors = find_dissector_table(name);
677 g_assert(sub_dissectors);
678 switch (sub_dissectors->type) {
685 * You can do a port lookup in these tables.
691 * But you can't do a port lookup in any other types
694 g_assert_not_reached();
697 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
698 dtbl_entry->current = handle;
699 dtbl_entry->initial = dtbl_entry->current;
701 /* do the table insertion */
702 g_hash_table_insert( sub_dissectors->hash_table,
703 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
706 * Now add it to the list of handles that could be used with this
707 * table, because it *is* being used with this table.
709 dissector_add_handle(name, handle);
712 /* Delete the entry for a dissector in a uint dissector table
713 with a particular pattern. */
715 /* NOTE: this doesn't use the dissector call variable. It is included to */
716 /* be consistant with the dissector_add and more importantly to be used */
717 /* if the technique of adding a temporary dissector is implemented. */
718 /* If temporary dissectors are deleted, then the original dissector must */
721 dissector_delete(const char *name, guint32 pattern,
722 dissector_handle_t handle _U_)
724 dissector_table_t sub_dissectors = find_dissector_table( name);
725 dtbl_entry_t *dtbl_entry;
728 g_assert( sub_dissectors);
733 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
735 if (dtbl_entry != NULL) {
739 g_hash_table_remove(sub_dissectors->hash_table,
740 GUINT_TO_POINTER(pattern));
743 * Now free up the entry.
749 /* Change the entry for a dissector in a uint dissector table
750 with a particular pattern to use a new dissector handle. */
752 dissector_change(const char *name, guint32 pattern, dissector_handle_t handle)
754 dissector_table_t sub_dissectors = find_dissector_table( name);
755 dtbl_entry_t *dtbl_entry;
758 g_assert( sub_dissectors);
761 * See if the entry already exists. If so, reuse it.
763 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
764 if (dtbl_entry != NULL) {
765 dtbl_entry->current = handle;
770 * Don't create an entry if there is no dissector handle - I.E. the
771 * user said not to decode something that wasn't being decoded
772 * in the first place.
777 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
778 dtbl_entry->initial = NULL;
779 dtbl_entry->current = handle;
781 /* do the table insertion */
782 g_hash_table_insert( sub_dissectors->hash_table,
783 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
786 /* Reset an entry in a uint dissector table to its initial value. */
788 dissector_reset(const char *name, guint32 pattern)
790 dissector_table_t sub_dissectors = find_dissector_table( name);
791 dtbl_entry_t *dtbl_entry;
794 g_assert( sub_dissectors);
799 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
801 if (dtbl_entry == NULL)
805 * Found - is there an initial value?
807 if (dtbl_entry->initial != NULL) {
808 dtbl_entry->current = dtbl_entry->initial;
810 g_hash_table_remove(sub_dissectors->hash_table,
811 GUINT_TO_POINTER(pattern));
816 /* Look for a given value in a given uint dissector table and, if found,
817 call the dissector with the arguments supplied, and return TRUE,
818 otherwise return FALSE. */
820 dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
821 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
823 dtbl_entry_t *dtbl_entry;
824 struct dissector_handle *handle;
825 guint32 saved_match_port;
828 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
829 if (dtbl_entry != NULL) {
831 * Is there currently a dissector handle for this entry?
833 handle = dtbl_entry->current;
834 if (handle == NULL) {
836 * No - pretend this dissector didn't exist,
837 * so that other dissectors might have a chance
838 * to dissect this packet.
844 * Save the current value of "pinfo->match_port",
845 * set it to the port that matched, call the
846 * dissector, and restore "pinfo->match_port".
848 saved_match_port = pinfo->match_port;
849 pinfo->match_port = port;
850 ret = call_dissector_work(handle, tvb, pinfo, tree);
851 pinfo->match_port = saved_match_port;
854 * If a new-style dissector returned 0, it means that
855 * it didn't think this tvbuff represented a packet for
856 * its protocol, and didn't dissect anything.
858 * Old-style dissectors can't reject the packet.
860 * 0 is also returned if the protocol wasn't enabled.
862 * If the packet was rejected, we return FALSE, so that
863 * other dissectors might have a chance to dissect this
864 * packet, otherwise we return TRUE.
871 /* Look for a given value in a given uint dissector table and, if found,
872 return the dissector handle for that value. */
874 dissector_get_port_handle(dissector_table_t sub_dissectors, guint32 port)
876 dtbl_entry_t *dtbl_entry;
878 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
879 if (dtbl_entry != NULL)
880 return dtbl_entry->current;
885 /* Find an entry in a string dissector table. */
886 static dtbl_entry_t *
887 find_string_dtbl_entry(dissector_table_t sub_dissectors, const gchar *pattern)
889 switch (sub_dissectors->type) {
894 * You can do a string lookup in these tables.
900 * But you can't do a string lookup in any other types
903 g_assert_not_reached();
909 return g_hash_table_lookup(sub_dissectors->hash_table, pattern);
912 /* Add an entry to a string dissector table. */
914 dissector_add_string(const char *name, const gchar *pattern,
915 dissector_handle_t handle)
917 dissector_table_t sub_dissectors = find_dissector_table( name);
918 dtbl_entry_t *dtbl_entry;
921 g_assert( sub_dissectors);
923 switch (sub_dissectors->type) {
928 * You can do a string lookup in these tables.
934 * But you can't do a string lookup in any other types
937 g_assert_not_reached();
940 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
941 dtbl_entry->current = handle;
942 dtbl_entry->initial = dtbl_entry->current;
944 /* do the table insertion */
945 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)pattern,
946 (gpointer)dtbl_entry);
949 * Now add it to the list of handles that could be used with this
950 * table, because it *is* being used with this table.
952 dissector_add_handle(name, handle);
955 /* Delete the entry for a dissector in a string dissector table
956 with a particular pattern. */
958 /* NOTE: this doesn't use the dissector call variable. It is included to */
959 /* be consistant with the dissector_add_string and more importantly to */
960 /* be used if the technique of adding a temporary dissector is */
962 /* If temporary dissectors are deleted, then the original dissector must */
965 dissector_delete_string(const char *name, const gchar *pattern,
966 dissector_handle_t handle _U_)
968 dissector_table_t sub_dissectors = find_dissector_table( name);
969 dtbl_entry_t *dtbl_entry;
972 g_assert( sub_dissectors);
977 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
979 if (dtbl_entry != NULL) {
983 g_hash_table_remove(sub_dissectors->hash_table, pattern);
986 * Now free up the entry.
992 /* Change the entry for a dissector in a string dissector table
993 with a particular pattern to use a new dissector handle. */
995 dissector_change_string(const char *name, gchar *pattern,
996 dissector_handle_t handle)
998 dissector_table_t sub_dissectors = find_dissector_table( name);
999 dtbl_entry_t *dtbl_entry;
1002 g_assert( sub_dissectors);
1005 * See if the entry already exists. If so, reuse it.
1007 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1008 if (dtbl_entry != NULL) {
1009 dtbl_entry->current = handle;
1014 * Don't create an entry if there is no dissector handle - I.E. the
1015 * user said not to decode something that wasn't being decoded
1016 * in the first place.
1021 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
1022 dtbl_entry->initial = NULL;
1023 dtbl_entry->current = handle;
1025 /* do the table insertion */
1026 g_hash_table_insert( sub_dissectors->hash_table, pattern,
1027 (gpointer)dtbl_entry);
1030 /* Reset an entry in a string sub-dissector table to its initial value. */
1032 dissector_reset_string(const char *name, const gchar *pattern)
1034 dissector_table_t sub_dissectors = find_dissector_table( name);
1035 dtbl_entry_t *dtbl_entry;
1038 g_assert( sub_dissectors);
1043 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1045 if (dtbl_entry == NULL)
1049 * Found - is there an initial value?
1051 if (dtbl_entry->initial != NULL) {
1052 dtbl_entry->current = dtbl_entry->initial;
1054 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1059 /* Look for a given string in a given dissector table and, if found, call
1060 the dissector with the arguments supplied, and return TRUE, otherwise
1063 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1064 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1066 dtbl_entry_t *dtbl_entry;
1067 struct dissector_handle *handle;
1069 const gchar *saved_match_string;
1071 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1072 if (dtbl_entry != NULL) {
1074 * Is there currently a dissector handle for this entry?
1076 handle = dtbl_entry->current;
1077 if (handle == NULL) {
1079 * No - pretend this dissector didn't exist,
1080 * so that other dissectors might have a chance
1081 * to dissect this packet.
1087 * Save the current value of "pinfo->match_string",
1088 * set it to the string that matched, call the
1089 * dissector, and restore "pinfo->match_string".
1091 saved_match_string = pinfo->match_string;
1092 pinfo->match_string = string;
1093 ret = call_dissector_work(handle, tvb, pinfo, tree);
1094 pinfo->match_string = saved_match_string;
1097 * If a new-style dissector returned 0, it means that
1098 * it didn't think this tvbuff represented a packet for
1099 * its protocol, and didn't dissect anything.
1101 * Old-style dissectors can't reject the packet.
1103 * 0 is also returned if the protocol wasn't enabled.
1105 * If the packet was rejected, we return FALSE, so that
1106 * other dissectors might have a chance to dissect this
1107 * packet, otherwise we return TRUE.
1114 /* Look for a given value in a given string dissector table and, if found,
1115 return the dissector handle for that value. */
1117 dissector_get_string_handle(dissector_table_t sub_dissectors,
1118 const gchar *string)
1120 dtbl_entry_t *dtbl_entry;
1122 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1123 if (dtbl_entry != NULL)
1124 return dtbl_entry->current;
1130 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1132 return dtbl_entry->current;
1135 /* Add a handle to the list of handles that *could* be used with this
1136 table. That list is used by code in the UI. */
1138 dissector_add_handle(const char *name, dissector_handle_t handle)
1140 dissector_table_t sub_dissectors = find_dissector_table( name);
1144 g_assert(sub_dissectors != NULL);
1146 /* Is it already in this list? */
1147 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1148 if (entry != NULL) {
1150 * Yes - don't insert it again.
1155 /* Add it to the list. */
1156 sub_dissectors->dissector_handles =
1157 g_slist_append(sub_dissectors->dissector_handles, (gpointer)handle);
1161 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1163 return dtbl_entry->initial;
1166 /**************************************************/
1168 /* Routines to walk dissector tables */
1170 /**************************************************/
1172 typedef struct dissector_foreach_info {
1173 gpointer caller_data;
1174 DATFunc caller_func;
1176 const gchar *table_name;
1177 ftenum_t selector_type;
1178 } dissector_foreach_info_t;
1181 * Called for each entry in a dissector table.
1184 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1186 dissector_foreach_info_t *info;
1187 dtbl_entry_t *dtbl_entry;
1190 g_assert(user_data);
1193 if (dtbl_entry->current == NULL ||
1194 dtbl_entry->current->protocol == NULL) {
1196 * Either there is no dissector for this entry, or
1197 * the dissector doesn't have a protocol associated
1200 * XXX - should the latter check be done?
1206 info->caller_func(info->table_name, info->selector_type, key, value,
1211 * Called for each entry in the table of all dissector tables.
1214 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1216 dissector_table_t sub_dissectors;
1217 dissector_foreach_info_t *info;
1220 g_assert(user_data);
1222 sub_dissectors = value;
1224 info->table_name = (gchar*) key;
1225 info->selector_type = get_dissector_table_selector_type(info->table_name);
1226 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1230 * Walk all dissector tables calling a user supplied function on each
1234 dissector_all_tables_foreach (DATFunc func,
1237 dissector_foreach_info_t info;
1239 info.caller_data = user_data;
1240 info.caller_func = func;
1241 info.next_func = dissector_table_foreach_func;
1242 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1246 * Walk one dissector table's hash table calling a user supplied function
1250 dissector_table_foreach (const char *name,
1254 dissector_foreach_info_t info;
1255 dissector_table_t sub_dissectors = find_dissector_table( name);
1257 info.table_name = name;
1258 info.selector_type = sub_dissectors->type;
1259 info.caller_func = func;
1260 info.caller_data = user_data;
1261 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1265 * Walk one dissector table's list of handles calling a user supplied
1266 * function on each entry.
1269 dissector_table_foreach_handle(const char *name,
1270 DATFunc_handle func,
1273 dissector_table_t sub_dissectors = find_dissector_table( name);
1276 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1277 tmp = g_slist_next(tmp))
1278 func(name, tmp->data, user_data);
1282 * Called for each entry in a dissector table.
1285 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1287 dtbl_entry_t *dtbl_entry;
1288 dissector_foreach_info_t *info;
1291 g_assert(user_data);
1294 if (dtbl_entry->initial == dtbl_entry->current) {
1296 * Entry hasn't changed - don't call the function.
1302 info->caller_func(info->table_name, info->selector_type, key, value,
1307 * Walk all dissector tables calling a user supplied function only on
1308 * any entry that has been changed from its original state.
1311 dissector_all_tables_foreach_changed (DATFunc func,
1314 dissector_foreach_info_t info;
1316 info.caller_data = user_data;
1317 info.caller_func = func;
1318 info.next_func = dissector_table_foreach_changed_func;
1319 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1323 * Walk one dissector table calling a user supplied function only on
1324 * any entry that has been changed from its original state.
1327 dissector_table_foreach_changed (const char *name,
1331 dissector_foreach_info_t info;
1332 dissector_table_t sub_dissectors = find_dissector_table( name);
1334 info.table_name = name;
1335 info.selector_type = sub_dissectors->type;
1336 info.caller_func = func;
1337 info.caller_data = user_data;
1338 g_hash_table_foreach(sub_dissectors->hash_table,
1339 dissector_table_foreach_changed_func, &info);
1342 typedef struct dissector_foreach_table_info {
1343 gpointer caller_data;
1344 DATFunc_table caller_func;
1345 } dissector_foreach_table_info_t;
1348 * Called for each entry in the table of all dissector tables.
1351 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
1353 dissector_table_t table;
1354 dissector_foreach_table_info_t *info;
1358 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
1362 * Walk all dissector tables calling a user supplied function on each
1366 dissector_all_tables_foreach_table (DATFunc_table func,
1369 dissector_foreach_table_info_t info;
1371 info.caller_data = user_data;
1372 info.caller_func = func;
1373 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
1377 register_dissector_table(const char *name, const char *ui_name, ftenum_t type,
1380 dissector_table_t sub_dissectors;
1382 /* Create our hash-of-hashes if it doesn't already exist */
1383 if (!dissector_tables) {
1384 dissector_tables = g_hash_table_new( g_str_hash, g_str_equal );
1385 g_assert(dissector_tables);
1388 /* Make sure the registration is unique */
1389 g_assert(!g_hash_table_lookup( dissector_tables, name ));
1391 /* Create and register the dissector table for this name; returns */
1392 /* a pointer to the dissector table. */
1393 sub_dissectors = g_malloc(sizeof (struct dissector_table));
1401 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
1402 * so we use "g_direct_hash()" and "g_direct_equal()".
1404 sub_dissectors->hash_table = g_hash_table_new( g_direct_hash,
1410 sub_dissectors->hash_table = g_hash_table_new( g_str_hash,
1415 g_assert_not_reached();
1417 sub_dissectors->dissector_handles = NULL;
1418 sub_dissectors->ui_name = ui_name;
1419 sub_dissectors->type = type;
1420 sub_dissectors->base = base;
1421 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
1422 return sub_dissectors;
1426 get_dissector_table_ui_name(const char *name)
1428 dissector_table_t sub_dissectors = find_dissector_table( name);
1430 return sub_dissectors->ui_name;
1434 get_dissector_table_selector_type(const char *name)
1436 dissector_table_t sub_dissectors = find_dissector_table( name);
1438 return sub_dissectors->type;
1442 get_dissector_table_base(const char *name)
1444 dissector_table_t sub_dissectors = find_dissector_table( name);
1446 return sub_dissectors->base;
1449 static GHashTable *heur_dissector_lists = NULL;
1452 heur_dissector_t dissector;
1453 protocol_t *protocol;
1454 } heur_dtbl_entry_t;
1456 /* Finds a heuristic dissector table by field name. */
1457 static heur_dissector_list_t *
1458 find_heur_dissector_list(const char *name)
1460 g_assert(heur_dissector_lists != NULL);
1461 return g_hash_table_lookup(heur_dissector_lists, name);
1465 heur_dissector_add(const char *name, heur_dissector_t dissector, int proto)
1467 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1468 heur_dtbl_entry_t *dtbl_entry;
1471 g_assert(sub_dissectors != NULL);
1473 dtbl_entry = g_malloc(sizeof (heur_dtbl_entry_t));
1474 dtbl_entry->dissector = dissector;
1475 dtbl_entry->protocol = find_protocol_by_id(proto);
1477 /* do the table insertion */
1478 *sub_dissectors = g_slist_append(*sub_dissectors, (gpointer)dtbl_entry);
1483 static int find_matching_heur_dissector( gconstpointer a, gconstpointer b) {
1484 const heur_dtbl_entry_t *dtbl_entry_a = (const heur_dtbl_entry_t *) a;
1485 const heur_dtbl_entry_t *dtbl_entry_b = (const heur_dtbl_entry_t *) b;
1486 return (dtbl_entry_a->dissector == dtbl_entry_b->dissector) &&
1487 (dtbl_entry_a->protocol == dtbl_entry_b->protocol) ? 0 : 1;
1490 void heur_dissector_delete(const char *name, heur_dissector_t dissector, int proto) {
1491 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1492 heur_dtbl_entry_t dtbl_entry;
1493 GSList* found_entry;
1496 g_assert(sub_dissectors != NULL);
1498 dtbl_entry.dissector = dissector;
1500 dtbl_entry.protocol = find_protocol_by_id(proto);
1502 found_entry = g_slist_find_custom(*sub_dissectors, (gpointer) &dtbl_entry, find_matching_heur_dissector);
1505 *sub_dissectors = g_slist_remove_link(*sub_dissectors, found_entry);
1506 g_free(g_slist_nth_data(found_entry, 1));
1507 g_slist_free_1(found_entry);
1513 dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
1514 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1517 const char *saved_proto;
1519 heur_dtbl_entry_t *dtbl_entry;
1520 guint16 saved_can_desegment;
1521 gint saved_layer_names_len = 0;
1523 /* can_desegment is set to 2 by anyone which offers this api/service.
1524 then everytime a subdissector is called it is decremented by one.
1525 thus only the subdissector immediately ontop of whoever offers this
1527 We save the current value of "can_desegment" for the
1528 benefit of TCP proxying dissectors such as SOCKS, so they
1529 can restore it and allow the dissectors they call to use
1530 the desegmentation service.
1532 saved_can_desegment=pinfo->can_desegment;
1533 pinfo->saved_can_desegment = saved_can_desegment;
1534 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1537 saved_proto = pinfo->current_proto;
1539 if (pinfo->layer_names != NULL)
1540 saved_layer_names_len = pinfo->layer_names->len;
1542 for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
1543 /* XXX - why set this now and above? */
1544 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1545 dtbl_entry = (heur_dtbl_entry_t *)entry->data;
1547 if (dtbl_entry->protocol != NULL &&
1548 !proto_is_protocol_enabled(dtbl_entry->protocol)) {
1550 * No - don't try this dissector.
1555 if (dtbl_entry->protocol != NULL) {
1556 pinfo->current_proto =
1557 proto_get_protocol_short_name(dtbl_entry->protocol);
1560 * Add the protocol name to the layers; we'll remove it
1561 * if the dissector fails.
1563 if (pinfo->layer_names) {
1564 if (pinfo->layer_names->len > 0)
1565 g_string_append(pinfo->layer_names, ":");
1566 g_string_append(pinfo->layer_names,
1567 proto_get_protocol_filter_name(proto_get_id(dtbl_entry->protocol)));
1571 if ((*dtbl_entry->dissector)(tvb, pinfo, tree)) {
1576 * That dissector didn't accept the packet, so
1577 * remove its protocol's name from the list
1580 if (pinfo->layer_names != NULL) {
1581 g_string_truncate(pinfo->layer_names,
1582 saved_layer_names_len);
1586 pinfo->current_proto = saved_proto;
1587 pinfo->can_desegment=saved_can_desegment;
1592 register_heur_dissector_list(const char *name, heur_dissector_list_t *sub_dissectors)
1594 /* Create our hash-of-lists if it doesn't already exist */
1595 if (heur_dissector_lists == NULL) {
1596 heur_dissector_lists = g_hash_table_new(g_str_hash, g_str_equal);
1597 g_assert(heur_dissector_lists != NULL);
1600 /* Make sure the registration is unique */
1601 g_assert(g_hash_table_lookup(heur_dissector_lists, name) == NULL);
1603 *sub_dissectors = NULL; /* initially empty */
1604 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
1605 (gpointer) sub_dissectors);
1609 * Register dissectors by name; used if one dissector always calls a
1610 * particular dissector, or if it bases the decision of which dissector
1611 * to call on something other than a numerical value or on "try a bunch
1612 * of dissectors until one likes the packet".
1616 * List of registered dissectors.
1618 static GHashTable *registered_dissectors = NULL;
1620 /* Get the short name of the protocol for a dissector handle, if it has
1623 dissector_handle_get_short_name(dissector_handle_t handle)
1625 if (handle->protocol == NULL) {
1627 * No protocol (see, for example, the handle for
1628 * dissecting the set of protocols where the first
1629 * octet of the payload is an OSI network layer protocol
1634 return proto_get_protocol_short_name(handle->protocol);
1637 /* Get the index of the protocol for a dissector handle, if it has
1640 dissector_handle_get_protocol_index(dissector_handle_t handle)
1642 if (handle->protocol == NULL) {
1644 * No protocol (see, for example, the handle for
1645 * dissecting the set of protocols where the first
1646 * octet of the payload is an OSI network layer protocol
1651 return proto_get_id(handle->protocol);
1654 /* Find a registered dissector by name. */
1656 find_dissector(const char *name)
1658 g_assert(registered_dissectors != NULL);
1659 return g_hash_table_lookup(registered_dissectors, name);
1662 /* Create an anonymous handle for a dissector. */
1664 create_dissector_handle(dissector_t dissector, int proto)
1666 struct dissector_handle *handle;
1668 handle = g_malloc(sizeof (struct dissector_handle));
1669 handle->name = NULL;
1670 handle->is_new = FALSE;
1671 handle->dissector.old = dissector;
1672 handle->protocol = find_protocol_by_id(proto);
1678 new_create_dissector_handle(new_dissector_t dissector, int proto)
1680 struct dissector_handle *handle;
1682 handle = g_malloc(sizeof (struct dissector_handle));
1683 handle->name = NULL;
1684 handle->is_new = TRUE;
1685 handle->dissector.new = dissector;
1686 handle->protocol = find_protocol_by_id(proto);
1691 /* Register a dissector by name. */
1693 register_dissector(const char *name, dissector_t dissector, int proto)
1695 struct dissector_handle *handle;
1697 /* Create our hash table if it doesn't already exist */
1698 if (registered_dissectors == NULL) {
1699 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1700 g_assert(registered_dissectors != NULL);
1703 /* Make sure the registration is unique */
1704 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1706 handle = g_malloc(sizeof (struct dissector_handle));
1707 handle->name = name;
1708 handle->is_new = FALSE;
1709 handle->dissector.old = dissector;
1710 handle->protocol = find_protocol_by_id(proto);
1712 g_hash_table_insert(registered_dissectors, (gpointer)name,
1717 new_register_dissector(const char *name, new_dissector_t dissector, int proto)
1719 struct dissector_handle *handle;
1721 /* Create our hash table if it doesn't already exist */
1722 if (registered_dissectors == NULL) {
1723 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1724 g_assert(registered_dissectors != NULL);
1727 /* Make sure the registration is unique */
1728 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1730 handle = g_malloc(sizeof (struct dissector_handle));
1731 handle->name = name;
1732 handle->is_new = TRUE;
1733 handle->dissector.new = dissector;
1734 handle->protocol = find_protocol_by_id(proto);
1736 g_hash_table_insert(registered_dissectors, (gpointer)name,
1740 /* Call a dissector through a handle and if this fails call the "data"
1744 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
1745 packet_info *pinfo, proto_tree *tree)
1749 g_assert(handle != NULL);
1750 ret = call_dissector_work(handle, tvb, pinfo, tree);
1753 * The protocol was disabled, or the dissector rejected
1754 * it. Just dissect this packet as data.
1756 g_assert(data_handle != NULL);
1757 g_assert(data_handle->protocol != NULL);
1758 call_dissector(data_handle, tvb, pinfo, tree);
1759 return tvb_length(tvb);
1764 /* Call a dissector through a handle but if the dissector rejected it
1765 * return 0 instead of using the default "data" dissector.
1768 call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
1769 packet_info *pinfo, proto_tree *tree)
1773 ret = call_dissector_work(handle, tvb, pinfo, tree);
1778 * Dumps the "layer type"/"decode as" associations to stdout, similar
1779 * to the proto_registrar_dump_*() routines.
1781 * There is one record per line. The fields are tab-delimited.
1783 * Field 1 = layer type, e.g. "tcp.port"
1784 * Field 2 = selector in decimal
1785 * Field 3 = "decode as" name, e.g. "http"
1790 dissector_dump_decodes_display(const gchar *table_name,
1791 ftenum_t selector_type _U_, gpointer key, gpointer value,
1792 gpointer user_data _U_)
1794 guint32 selector = (guint32)(unsigned long) key;
1795 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1796 dtbl_entry_t *dtbl_entry;
1797 dissector_handle_t handle;
1799 const gchar *decode_as;
1801 g_assert(sub_dissectors);
1802 switch (sub_dissectors->type) {
1809 g_assert(dtbl_entry);
1811 handle = dtbl_entry->current;
1814 proto_id = dissector_handle_get_protocol_index(handle);
1816 if (proto_id != -1) {
1817 decode_as = proto_get_protocol_filter_name(proto_id);
1818 g_assert(decode_as != NULL);
1819 printf("%s\t%u\t%s\n", table_name, selector, decode_as);
1829 dissector_dump_decodes() {
1830 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);
1833 static GPtrArray* post_dissectors = NULL;
1834 static guint num_of_postdissectors = 0;
1836 void register_postdissector(dissector_handle_t handle) {
1837 if (!post_dissectors)
1838 post_dissectors = g_ptr_array_new();
1840 g_ptr_array_add(post_dissectors, handle);
1841 num_of_postdissectors++;
1844 extern void call_all_postdissectors(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
1846 for(i=0;i<num_of_postdissectors;i++) {
1847 call_dissector((dissector_handle_t) g_ptr_array_index(post_dissectors,i),
git.samba.org / metze / wireshark / wip.git / blob