2 * Routines for packet disassembly
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
43 #include "timestamp.h"
45 #include "atalk-utils.h"
46 #include "ipv6-utils.h"
47 #include "sna-utils.h"
48 #include "osi-utils.h"
51 #include "addr_resolv.h"
54 #include "epan_dissect.h"
56 #include <epan/reassemble.h>
58 static gint proto_malformed = -1;
59 static dissector_handle_t frame_handle = NULL;
60 static dissector_handle_t data_handle = NULL;
62 const true_false_string flags_set_truth = {
70 frame_handle = find_dissector("frame");
71 data_handle = find_dissector("data");
72 proto_malformed = proto_get_id_by_filter_name("malformed");
82 * Given a tvbuff, and a length from a packet header, adjust the length
83 * of the tvbuff to reflect the specified length.
86 set_actual_length(tvbuff_t *tvb, guint specified_len)
88 if (specified_len < tvb_reported_length(tvb)) {
89 /* Adjust the length of this tvbuff to include only the specified
92 The dissector above the one calling us (the dissector above is
93 probably us) may use that to determine how much of its packet
95 tvb_set_reported_length(tvb, specified_len);
99 /* Allow protocols to register "init" routines, which are called before
100 we make a pass through a capture file and dissect all its packets
101 (e.g., when we read in a new capture file, or run a "filter packets"
102 or "colorize packets" pass over the current capture file). */
103 static GSList *init_routines;
106 register_init_routine(void (*func)(void))
108 init_routines = g_slist_append(init_routines, (gpointer)func);
111 typedef void (*void_func_t)(void);
113 /* Initialize all data structures used for dissection. */
115 call_init_routine(gpointer routine, gpointer dummy _U_)
117 void_func_t func = (void_func_t)routine;
122 * XXX - for now, these are the same; the "init" routines free whatever
123 * stuff is left over from any previous dissection, and then initialize
126 * We should probably split that into "init" and "cleanup" routines, for
130 init_dissection(void)
132 /* Initialize the table of conversations. */
133 epan_conversation_init();
135 /* Initialize the table of circuits. */
138 /* Initialize protocol-specific variables. */
139 g_slist_foreach(init_routines, &call_init_routine, NULL);
141 /* Initialize the common data structures for fragment reassembly.
142 Must be done *after* calling init routines, as those routines
143 may free up space for fragments, which they find by using the
144 data structures that "reassemble_init()" frees. */
149 cleanup_dissection(void)
154 /* Allow protocols to register a "cleanup" routine to be
155 * run after the initial sequential run through the packets.
156 * Note that the file can still be open after this; this is not
157 * the final cleanup. */
158 static GSList *postseq_cleanup_routines;
161 register_postseq_cleanup_routine(void_func_t func)
163 postseq_cleanup_routines = g_slist_append(postseq_cleanup_routines,
167 /* Call all the registered "postseq_cleanup" routines. */
169 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
171 void_func_t func = (void_func_t)routine;
176 postseq_cleanup_all_protocols(void)
178 g_slist_foreach(postseq_cleanup_routines,
179 &call_postseq_cleanup_routine, NULL);
182 /* Contains information about data sources. */
183 static GMemChunk *data_source_chunk = NULL;
186 * Add a new data source to the list of data sources for a frame, given
187 * the tvbuff for the data source and its name.
190 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
194 if (data_source_chunk == NULL) {
195 data_source_chunk = g_mem_chunk_new("data_source_chunk",
196 sizeof (data_source), 10 * sizeof (data_source),
199 src = g_mem_chunk_alloc(data_source_chunk);
202 * XXX - if we require this argument to be a string constant,
203 * we don't need to allocate a buffer for a copy and make a
204 * copy, and wouldn't need to free the buffer, either.
206 src->name = g_strdup_printf("%s (%u bytes)", name, tvb_length(tvb));
207 pinfo->data_src = g_slist_append(pinfo->data_src, src);
211 * Free up a frame's list of data sources.
214 free_data_sources(packet_info *pinfo)
219 for (src_le = pinfo->data_src; src_le != NULL; src_le = src_le->next) {
222 g_mem_chunk_free(data_source_chunk, src);
224 g_slist_free(pinfo->data_src);
225 pinfo->data_src = NULL;
228 /* Allow dissectors to register a "final_registration" routine
229 * that is run like the proto_register_XXX() routine, but the end
230 * end of the epan_init() function; that is, *after* all other
231 * subsystems, like dfilters, have finished initializing. This is
232 * useful for dissector registration routines which need to compile
233 * display filters. dfilters can't initialize itself until all protocols
234 * have registereed themselves. */
235 static GSList *final_registration_routines;
238 register_final_registration_routine(void (*func)(void))
240 final_registration_routines = g_slist_append(final_registration_routines,
244 /* Call all the registered "final_registration" routines. */
246 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
248 void_func_t func = (void_func_t)routine;
254 final_registration_all_protocols(void)
256 g_slist_foreach(final_registration_routines,
257 &call_final_registration_routine, NULL);
261 /* Creates the top-most tvbuff and calls dissect_frame() */
263 dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
264 const guchar *pd, frame_data *fd, column_info *cinfo)
268 edt->pi.current_proto = "<Missing Protocol Name>";
269 edt->pi.cinfo = cinfo;
271 edt->pi.pseudo_header = pseudo_header;
272 edt->pi.data_src = NULL;
273 edt->pi.dl_src.type = AT_NONE;
274 edt->pi.dl_src.len = 0;
275 edt->pi.dl_src.data = NULL;
276 edt->pi.dl_dst.type = AT_NONE;
277 edt->pi.dl_dst.len = 0;
278 edt->pi.dl_dst.data = NULL;
279 edt->pi.net_src.type = AT_NONE;
280 edt->pi.net_src.len = 0;
281 edt->pi.net_src.data = NULL;
282 edt->pi.net_dst.type = AT_NONE;
283 edt->pi.net_dst.len = 0;
284 edt->pi.net_dst.data = NULL;
285 edt->pi.src.type = AT_NONE;
287 edt->pi.src.data = NULL;
288 edt->pi.dst.type = AT_NONE;
290 edt->pi.dst.data = NULL;
291 edt->pi.ethertype = 0;
293 edt->pi.ipxptype = 0;
294 edt->pi.ctype = CT_NONE;
295 edt->pi.circuit_id = 0;
296 edt->pi.noreassembly_reason = "";
297 edt->pi.fragmented = FALSE;
298 edt->pi.in_error_pkt = FALSE;
299 edt->pi.ptype = PT_NONE;
301 edt->pi.destport = 0;
302 edt->pi.match_port = 0;
303 edt->pi.match_string = NULL;
304 edt->pi.can_desegment = 0;
305 edt->pi.want_pdu_tracking = 0;
306 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
307 edt->pi.private_data = NULL;
314 edt->pi.dcectxid = 0;
315 edt->pi.dcetransporttype = -1;
316 edt->pi.decrypt_gssapi_tvb = 0;
317 edt->pi.gssapi_wrap_tvb = NULL;
318 edt->pi.gssapi_encrypted_tvb = NULL;
319 edt->pi.gssapi_decrypted_tvb = NULL;
320 edt->pi.layer_names = NULL;
321 edt->pi.link_number = 0;
322 edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN;
325 edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
326 /* Add this tvbuffer into the data_src list */
327 add_new_data_source(&edt->pi, edt->tvb, "Frame");
329 /* Even though dissect_frame() catches all the exceptions a
330 * sub-dissector can throw, dissect_frame() itself may throw
331 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
332 * in this function. */
333 if(frame_handle != NULL)
334 call_dissector(frame_handle, edt->tvb, &edt->pi, edt->tree);
338 g_assert_not_reached();
340 CATCH(ReportedBoundsError) {
341 if(proto_malformed != -1){
342 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
343 "[Malformed Frame: Packet Length]" );
345 g_assert_not_reached();
350 fd->flags.visited = 1;
353 /*********************** code added for sub-dissector lookup *********************/
356 * An dissector handle.
358 struct dissector_handle {
359 const char *name; /* dissector name */
360 gboolean is_new; /* TRUE if new-style dissector */
365 protocol_t *protocol;
368 /* This function will return
369 * old style dissector :
370 * length of the payload or 1 of the payload is empty
372 * >0 this protocol was successfully dissected and this was this protocol.
373 * 0 this packet did not match this protocol.
375 * The only time this function will return 0 is if it is a new style dissector
376 * and if the dissector rejected the packet.
379 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
380 packet_info *pinfo, proto_tree *tree)
382 const char *saved_proto;
385 saved_proto = pinfo->current_proto;
387 if (handle->protocol != NULL) {
388 pinfo->current_proto =
389 proto_get_protocol_short_name(handle->protocol);
392 if (handle->is_new) {
393 ret = (*handle->dissector.new)(tvb, pinfo, tree);
395 (*handle->dissector.old)(tvb, pinfo, tree);
396 ret = tvb_length(tvb);
399 * XXX - a tvbuff can have 0 bytes of data in
400 * it, so we have to make sure we don't return
407 pinfo->current_proto = saved_proto;
413 * Call a dissector through a handle.
414 * If the protocol for that handle isn't enabled, return 0 without
415 * calling the dissector.
416 * Otherwise, if the handle refers to a new-style dissector, call the
417 * dissector and return its return value, otherwise call it and return
418 * the length of the tvbuff pointed to by the argument.
421 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb,
422 packet_info *pinfo_arg, proto_tree *tree)
424 packet_info *volatile pinfo = pinfo_arg;
425 const char *saved_proto;
426 guint16 saved_can_desegment;
428 gboolean save_writable;
429 volatile address save_dl_src;
430 volatile address save_dl_dst;
431 volatile address save_net_src;
432 volatile address save_net_dst;
433 volatile address save_src;
434 volatile address save_dst;
435 volatile gint saved_layer_names_len = 0;
437 if (handle->protocol != NULL &&
438 !proto_is_protocol_enabled(handle->protocol)) {
440 * The protocol isn't enabled.
445 saved_proto = pinfo->current_proto;
446 saved_can_desegment = pinfo->can_desegment;
448 if (pinfo->layer_names != NULL)
449 saved_layer_names_len = pinfo->layer_names->len;
452 * can_desegment is set to 2 by anyone which offers the
453 * desegmentation api/service.
454 * Then everytime a subdissector is called it is decremented
456 * Thus only the subdissector immediately on top of whoever
457 * offers this service can use it.
458 * We save the current value of "can_desegment" for the
459 * benefit of TCP proxying dissectors such as SOCKS, so they
460 * can restore it and allow the dissectors they call to use
461 * the desegmentation service.
463 pinfo->saved_can_desegment = saved_can_desegment;
464 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
465 if (handle->protocol != NULL) {
466 pinfo->current_proto =
467 proto_get_protocol_short_name(handle->protocol);
470 * Add the protocol name to the layers
472 if (pinfo->layer_names) {
473 if (pinfo->layer_names->len > 0)
474 g_string_append(pinfo->layer_names, ":");
475 g_string_append(pinfo->layer_names,
476 proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
480 if (pinfo->in_error_pkt) {
482 * This isn't a packet being transported inside
483 * the protocol whose dissector is calling us,
484 * it's a copy of a packet that caused an error
485 * in some protocol included in a packet that
486 * reports the error (e.g., an ICMP Unreachable
491 * Save the current state of the writability of
492 * the columns, and restore them after the
493 * dissector returns, so that the columns
494 * don't reflect the packet that got the error,
495 * they reflect the packet that reported the
498 save_writable = col_get_writable(pinfo->cinfo);
499 col_set_writable(pinfo->cinfo, FALSE);
500 save_dl_src = pinfo->dl_src;
501 save_dl_dst = pinfo->dl_dst;
502 save_net_src = pinfo->net_src;
503 save_net_dst = pinfo->net_dst;
504 save_src = pinfo->src;
505 save_dst = pinfo->dst;
507 /* Dissect the contained packet. */
509 ret = call_dissector_through_handle(handle, tvb,
514 * Restore the column writability and addresses.
516 col_set_writable(pinfo->cinfo, save_writable);
517 pinfo->dl_src = save_dl_src;
518 pinfo->dl_dst = save_dl_dst;
519 pinfo->net_src = save_net_src;
520 pinfo->net_dst = save_net_dst;
521 pinfo->src = save_src;
522 pinfo->dst = save_dst;
525 * Restore the current protocol, so any
526 * "Short Frame" indication reflects that
527 * protocol, not the protocol for the
528 * packet that got the error.
530 pinfo->current_proto = saved_proto;
533 * Restore the desegmentability state.
535 pinfo->can_desegment = saved_can_desegment;
538 * Rethrow the exception, so this will be
539 * reported as a short frame.
543 CATCH(ReportedBoundsError) {
545 * "ret" wasn't set because an exception was thrown
546 * before "call_dissector_through_handle()" returned.
547 * As it called something, at least one dissector
548 * accepted the packet, and, as an exception was
549 * thrown, not only was all the tvbuff dissected,
550 * a dissector tried dissecting past the end of
551 * the data in some tvbuff, so we'll assume that
552 * the entire tvbuff was dissected.
554 ret = tvb_length(tvb);
558 col_set_writable(pinfo->cinfo, save_writable);
559 pinfo->dl_src = save_dl_src;
560 pinfo->dl_dst = save_dl_dst;
561 pinfo->net_src = save_net_src;
562 pinfo->net_dst = save_net_dst;
563 pinfo->src = save_src;
564 pinfo->dst = save_dst;
565 pinfo->want_pdu_tracking = 0;
568 * Just call the subdissector.
570 ret = call_dissector_through_handle(handle, tvb, pinfo, tree);
575 * That dissector didn't accept the packet, so
576 * remove its protocol's name from the list
579 if (pinfo->layer_names != NULL) {
580 g_string_truncate(pinfo->layer_names,
581 saved_layer_names_len);
584 pinfo->current_proto = saved_proto;
585 pinfo->can_desegment = saved_can_desegment;
590 * An entry in the hash table portion of a dissector table.
593 dissector_handle_t initial;
594 dissector_handle_t current;
600 * "hash_table" is a hash table, indexed by port number, supplying
601 * a "struct dtbl_entry"; it records what dissector is assigned to
602 * that port number in that table.
604 * "dissector_handles" is a list of all dissectors that *could* be
605 * used in that table; not all of them are necessarily in the table,
606 * as they may be for protocols that don't have a fixed port number.
608 * "ui_name" is the name the dissector table has in the user interface.
610 * "type" is a field type giving the width of the port number for that
613 * "base" is the base in which to display the port number for that
616 struct dissector_table {
617 GHashTable *hash_table;
618 GSList *dissector_handles;
624 static GHashTable *dissector_tables = NULL;
626 /* Finds a dissector table by table name. */
628 find_dissector_table(const char *name)
630 g_assert(dissector_tables);
631 return g_hash_table_lookup( dissector_tables, name );
634 /* Find an entry in a uint dissector table. */
635 static dtbl_entry_t *
636 find_uint_dtbl_entry(dissector_table_t sub_dissectors, guint32 pattern)
638 switch (sub_dissectors->type) {
645 * You can do a port lookup in these tables.
651 * But you can't do a port lookup in any other types
654 g_assert_not_reached();
660 return g_hash_table_lookup(sub_dissectors->hash_table,
661 GUINT_TO_POINTER(pattern));
664 /* Add an entry to a uint dissector table. */
666 dissector_add(const char *name, guint32 pattern, dissector_handle_t handle)
668 dissector_table_t sub_dissectors = find_dissector_table( name);
669 dtbl_entry_t *dtbl_entry;
672 g_assert( sub_dissectors);
673 switch (sub_dissectors->type) {
680 * You can do a port lookup in these tables.
686 * But you can't do a port lookup in any other types
689 g_assert_not_reached();
692 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
693 dtbl_entry->current = handle;
694 dtbl_entry->initial = dtbl_entry->current;
696 /* do the table insertion */
697 g_hash_table_insert( sub_dissectors->hash_table,
698 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
701 * Now add it to the list of handles that could be used with this
702 * table, because it *is* being used with this table.
704 dissector_add_handle(name, handle);
707 /* Delete the entry for a dissector in a uint dissector table
708 with a particular pattern. */
710 /* NOTE: this doesn't use the dissector call variable. It is included to */
711 /* be consistant with the dissector_add and more importantly to be used */
712 /* if the technique of adding a temporary dissector is implemented. */
713 /* If temporary dissectors are deleted, then the original dissector must */
716 dissector_delete(const char *name, guint32 pattern,
717 dissector_handle_t handle _U_)
719 dissector_table_t sub_dissectors = find_dissector_table( name);
720 dtbl_entry_t *dtbl_entry;
723 g_assert( sub_dissectors);
728 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
730 if (dtbl_entry != NULL) {
734 g_hash_table_remove(sub_dissectors->hash_table,
735 GUINT_TO_POINTER(pattern));
738 * Now free up the entry.
744 /* Change the entry for a dissector in a uint dissector table
745 with a particular pattern to use a new dissector handle. */
747 dissector_change(const char *name, guint32 pattern, dissector_handle_t handle)
749 dissector_table_t sub_dissectors = find_dissector_table( name);
750 dtbl_entry_t *dtbl_entry;
753 g_assert( sub_dissectors);
756 * See if the entry already exists. If so, reuse it.
758 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
759 if (dtbl_entry != NULL) {
760 dtbl_entry->current = handle;
765 * Don't create an entry if there is no dissector handle - I.E. the
766 * user said not to decode something that wasn't being decoded
767 * in the first place.
772 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
773 dtbl_entry->initial = NULL;
774 dtbl_entry->current = handle;
776 /* do the table insertion */
777 g_hash_table_insert( sub_dissectors->hash_table,
778 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
781 /* Reset an entry in a uint dissector table to its initial value. */
783 dissector_reset(const char *name, guint32 pattern)
785 dissector_table_t sub_dissectors = find_dissector_table( name);
786 dtbl_entry_t *dtbl_entry;
789 g_assert( sub_dissectors);
794 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
796 if (dtbl_entry == NULL)
800 * Found - is there an initial value?
802 if (dtbl_entry->initial != NULL) {
803 dtbl_entry->current = dtbl_entry->initial;
805 g_hash_table_remove(sub_dissectors->hash_table,
806 GUINT_TO_POINTER(pattern));
811 /* Look for a given value in a given uint dissector table and, if found,
812 call the dissector with the arguments supplied, and return TRUE,
813 otherwise return FALSE. */
815 dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
816 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
818 dtbl_entry_t *dtbl_entry;
819 struct dissector_handle *handle;
820 guint32 saved_match_port;
823 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
824 if (dtbl_entry != NULL) {
826 * Is there currently a dissector handle for this entry?
828 handle = dtbl_entry->current;
829 if (handle == NULL) {
831 * No - pretend this dissector didn't exist,
832 * so that other dissectors might have a chance
833 * to dissect this packet.
839 * Save the current value of "pinfo->match_port",
840 * set it to the port that matched, call the
841 * dissector, and restore "pinfo->match_port".
843 saved_match_port = pinfo->match_port;
844 pinfo->match_port = port;
845 ret = call_dissector_work(handle, tvb, pinfo, tree);
846 pinfo->match_port = saved_match_port;
849 * If a new-style dissector returned 0, it means that
850 * it didn't think this tvbuff represented a packet for
851 * its protocol, and didn't dissect anything.
853 * Old-style dissectors can't reject the packet.
855 * 0 is also returned if the protocol wasn't enabled.
857 * If the packet was rejected, we return FALSE, so that
858 * other dissectors might have a chance to dissect this
859 * packet, otherwise we return TRUE.
866 /* Look for a given value in a given uint dissector table and, if found,
867 return the dissector handle for that value. */
869 dissector_get_port_handle(dissector_table_t sub_dissectors, guint32 port)
871 dtbl_entry_t *dtbl_entry;
873 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
874 if (dtbl_entry != NULL)
875 return dtbl_entry->current;
880 /* Find an entry in a string dissector table. */
881 static dtbl_entry_t *
882 find_string_dtbl_entry(dissector_table_t sub_dissectors, const gchar *pattern)
884 switch (sub_dissectors->type) {
889 * You can do a string lookup in these tables.
895 * But you can't do a string lookup in any other types
898 g_assert_not_reached();
904 return g_hash_table_lookup(sub_dissectors->hash_table, pattern);
907 /* Add an entry to a string dissector table. */
909 dissector_add_string(const char *name, const gchar *pattern,
910 dissector_handle_t handle)
912 dissector_table_t sub_dissectors = find_dissector_table( name);
913 dtbl_entry_t *dtbl_entry;
916 g_assert( sub_dissectors);
918 switch (sub_dissectors->type) {
923 * You can do a string lookup in these tables.
929 * But you can't do a string lookup in any other types
932 g_assert_not_reached();
935 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
936 dtbl_entry->current = handle;
937 dtbl_entry->initial = dtbl_entry->current;
939 /* do the table insertion */
940 g_hash_table_insert( sub_dissectors->hash_table, pattern,
941 (gpointer)dtbl_entry);
944 * Now add it to the list of handles that could be used with this
945 * table, because it *is* being used with this table.
947 dissector_add_handle(name, handle);
950 /* Delete the entry for a dissector in a string dissector table
951 with a particular pattern. */
953 /* NOTE: this doesn't use the dissector call variable. It is included to */
954 /* be consistant with the dissector_add_string and more importantly to */
955 /* be used if the technique of adding a temporary dissector is */
957 /* If temporary dissectors are deleted, then the original dissector must */
960 dissector_delete_string(const char *name, const gchar *pattern,
961 dissector_handle_t handle _U_)
963 dissector_table_t sub_dissectors = find_dissector_table( name);
964 dtbl_entry_t *dtbl_entry;
967 g_assert( sub_dissectors);
972 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
974 if (dtbl_entry != NULL) {
978 g_hash_table_remove(sub_dissectors->hash_table, pattern);
981 * Now free up the entry.
987 /* Change the entry for a dissector in a string dissector table
988 with a particular pattern to use a new dissector handle. */
990 dissector_change_string(const char *name, gchar *pattern,
991 dissector_handle_t handle)
993 dissector_table_t sub_dissectors = find_dissector_table( name);
994 dtbl_entry_t *dtbl_entry;
997 g_assert( sub_dissectors);
1000 * See if the entry already exists. If so, reuse it.
1002 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1003 if (dtbl_entry != NULL) {
1004 dtbl_entry->current = handle;
1009 * Don't create an entry if there is no dissector handle - I.E. the
1010 * user said not to decode something that wasn't being decoded
1011 * in the first place.
1016 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
1017 dtbl_entry->initial = NULL;
1018 dtbl_entry->current = handle;
1020 /* do the table insertion */
1021 g_hash_table_insert( sub_dissectors->hash_table, pattern,
1022 (gpointer)dtbl_entry);
1025 /* Reset an entry in a string sub-dissector table to its initial value. */
1027 dissector_reset_string(const char *name, const gchar *pattern)
1029 dissector_table_t sub_dissectors = find_dissector_table( name);
1030 dtbl_entry_t *dtbl_entry;
1033 g_assert( sub_dissectors);
1038 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1040 if (dtbl_entry == NULL)
1044 * Found - is there an initial value?
1046 if (dtbl_entry->initial != NULL) {
1047 dtbl_entry->current = dtbl_entry->initial;
1049 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1054 /* Look for a given string in a given dissector table and, if found, call
1055 the dissector with the arguments supplied, and return TRUE, otherwise
1058 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1059 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1061 dtbl_entry_t *dtbl_entry;
1062 struct dissector_handle *handle;
1064 const gchar *saved_match_string;
1066 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1067 if (dtbl_entry != NULL) {
1069 * Is there currently a dissector handle for this entry?
1071 handle = dtbl_entry->current;
1072 if (handle == NULL) {
1074 * No - pretend this dissector didn't exist,
1075 * so that other dissectors might have a chance
1076 * to dissect this packet.
1082 * Save the current value of "pinfo->match_string",
1083 * set it to the string that matched, call the
1084 * dissector, and restore "pinfo->match_string".
1086 saved_match_string = pinfo->match_string;
1087 pinfo->match_string = string;
1088 ret = call_dissector_work(handle, tvb, pinfo, tree);
1089 pinfo->match_string = saved_match_string;
1092 * If a new-style dissector returned 0, it means that
1093 * it didn't think this tvbuff represented a packet for
1094 * its protocol, and didn't dissect anything.
1096 * Old-style dissectors can't reject the packet.
1098 * 0 is also returned if the protocol wasn't enabled.
1100 * If the packet was rejected, we return FALSE, so that
1101 * other dissectors might have a chance to dissect this
1102 * packet, otherwise we return TRUE.
1109 /* Look for a given value in a given string dissector table and, if found,
1110 return the dissector handle for that value. */
1112 dissector_get_string_handle(dissector_table_t sub_dissectors,
1113 const gchar *string)
1115 dtbl_entry_t *dtbl_entry;
1117 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1118 if (dtbl_entry != NULL)
1119 return dtbl_entry->current;
1125 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1127 return dtbl_entry->current;
1130 /* Add a handle to the list of handles that *could* be used with this
1131 table. That list is used by code in the UI. */
1133 dissector_add_handle(const char *name, dissector_handle_t handle)
1135 dissector_table_t sub_dissectors = find_dissector_table( name);
1139 g_assert(sub_dissectors != NULL);
1141 /* Is it already in this list? */
1142 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1143 if (entry != NULL) {
1145 * Yes - don't insert it again.
1150 /* Add it to the list. */
1151 sub_dissectors->dissector_handles =
1152 g_slist_append(sub_dissectors->dissector_handles, (gpointer)handle);
1156 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1158 return dtbl_entry->initial;
1161 /**************************************************/
1163 /* Routines to walk dissector tables */
1165 /**************************************************/
1167 typedef struct dissector_foreach_info {
1168 gpointer caller_data;
1169 DATFunc caller_func;
1172 ftenum_t selector_type;
1173 } dissector_foreach_info_t;
1176 * Called for each entry in a dissector table.
1179 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1181 dissector_foreach_info_t *info;
1182 dtbl_entry_t *dtbl_entry;
1185 g_assert(user_data);
1188 if (dtbl_entry->current == NULL ||
1189 dtbl_entry->current->protocol == NULL) {
1191 * Either there is no dissector for this entry, or
1192 * the dissector doesn't have a protocol associated
1195 * XXX - should the latter check be done?
1201 info->caller_func(info->table_name, info->selector_type, key, value,
1206 * Called for each entry in the table of all dissector tables.
1209 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1211 dissector_table_t sub_dissectors;
1212 dissector_foreach_info_t *info;
1215 g_assert(user_data);
1217 sub_dissectors = value;
1219 info->table_name = (gchar*) key;
1220 info->selector_type = get_dissector_table_selector_type(info->table_name);
1221 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1225 * Walk all dissector tables calling a user supplied function on each
1229 dissector_all_tables_foreach (DATFunc func,
1232 dissector_foreach_info_t info;
1234 info.caller_data = user_data;
1235 info.caller_func = func;
1236 info.next_func = dissector_table_foreach_func;
1237 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1241 * Walk one dissector table's hash table calling a user supplied function
1245 dissector_table_foreach (char *name,
1249 dissector_foreach_info_t info;
1250 dissector_table_t sub_dissectors = find_dissector_table( name);
1252 info.table_name = name;
1253 info.selector_type = sub_dissectors->type;
1254 info.caller_func = func;
1255 info.caller_data = user_data;
1256 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1260 * Walk one dissector table's list of handles calling a user supplied
1261 * function on each entry.
1264 dissector_table_foreach_handle(char *name,
1265 DATFunc_handle func,
1268 dissector_table_t sub_dissectors = find_dissector_table( name);
1271 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1272 tmp = g_slist_next(tmp))
1273 func(name, tmp->data, user_data);
1277 * Called for each entry in a dissector table.
1280 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1282 dtbl_entry_t *dtbl_entry;
1283 dissector_foreach_info_t *info;
1286 g_assert(user_data);
1289 if (dtbl_entry->initial == dtbl_entry->current) {
1291 * Entry hasn't changed - don't call the function.
1297 info->caller_func(info->table_name, info->selector_type, key, value,
1302 * Walk all dissector tables calling a user supplied function only on
1303 * any entry that has been changed from its original state.
1306 dissector_all_tables_foreach_changed (DATFunc func,
1309 dissector_foreach_info_t info;
1311 info.caller_data = user_data;
1312 info.caller_func = func;
1313 info.next_func = dissector_table_foreach_changed_func;
1314 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1318 * Walk one dissector table calling a user supplied function only on
1319 * any entry that has been changed from its original state.
1322 dissector_table_foreach_changed (char *name,
1326 dissector_foreach_info_t info;
1327 dissector_table_t sub_dissectors = find_dissector_table( name);
1329 info.table_name = name;
1330 info.selector_type = sub_dissectors->type;
1331 info.caller_func = func;
1332 info.caller_data = user_data;
1333 g_hash_table_foreach(sub_dissectors->hash_table,
1334 dissector_table_foreach_changed_func, &info);
1337 typedef struct dissector_foreach_table_info {
1338 gpointer caller_data;
1339 DATFunc_table caller_func;
1340 } dissector_foreach_table_info_t;
1343 * Called for each entry in the table of all dissector tables.
1346 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
1348 dissector_table_t table;
1349 dissector_foreach_table_info_t *info;
1353 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
1357 * Walk all dissector tables calling a user supplied function on each
1361 dissector_all_tables_foreach_table (DATFunc_table func,
1364 dissector_foreach_table_info_t info;
1366 info.caller_data = user_data;
1367 info.caller_func = func;
1368 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
1372 register_dissector_table(const char *name, const char *ui_name, ftenum_t type,
1375 dissector_table_t sub_dissectors;
1377 /* Create our hash-of-hashes if it doesn't already exist */
1378 if (!dissector_tables) {
1379 dissector_tables = g_hash_table_new( g_str_hash, g_str_equal );
1380 g_assert(dissector_tables);
1383 /* Make sure the registration is unique */
1384 g_assert(!g_hash_table_lookup( dissector_tables, name ));
1386 /* Create and register the dissector table for this name; returns */
1387 /* a pointer to the dissector table. */
1388 sub_dissectors = g_malloc(sizeof (struct dissector_table));
1396 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
1397 * so we use "g_direct_hash()" and "g_direct_equal()".
1399 sub_dissectors->hash_table = g_hash_table_new( g_direct_hash,
1405 sub_dissectors->hash_table = g_hash_table_new( g_str_hash,
1410 g_assert_not_reached();
1412 sub_dissectors->dissector_handles = NULL;
1413 sub_dissectors->ui_name = ui_name;
1414 sub_dissectors->type = type;
1415 sub_dissectors->base = base;
1416 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
1417 return sub_dissectors;
1421 get_dissector_table_ui_name(const char *name)
1423 dissector_table_t sub_dissectors = find_dissector_table( name);
1425 return sub_dissectors->ui_name;
1429 get_dissector_table_selector_type(const char *name)
1431 dissector_table_t sub_dissectors = find_dissector_table( name);
1433 return sub_dissectors->type;
1437 get_dissector_table_base(const char *name)
1439 dissector_table_t sub_dissectors = find_dissector_table( name);
1441 return sub_dissectors->base;
1444 static GHashTable *heur_dissector_lists = NULL;
1447 heur_dissector_t dissector;
1448 protocol_t *protocol;
1449 } heur_dtbl_entry_t;
1451 /* Finds a heuristic dissector table by field name. */
1452 static heur_dissector_list_t *
1453 find_heur_dissector_list(const char *name)
1455 g_assert(heur_dissector_lists != NULL);
1456 return g_hash_table_lookup(heur_dissector_lists, name);
1460 heur_dissector_add(const char *name, heur_dissector_t dissector, int proto)
1462 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1463 heur_dtbl_entry_t *dtbl_entry;
1466 g_assert(sub_dissectors != NULL);
1468 dtbl_entry = g_malloc(sizeof (heur_dtbl_entry_t));
1469 dtbl_entry->dissector = dissector;
1470 dtbl_entry->protocol = find_protocol_by_id(proto);
1472 /* do the table insertion */
1473 *sub_dissectors = g_slist_append(*sub_dissectors, (gpointer)dtbl_entry);
1477 dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
1478 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1481 const char *saved_proto;
1483 heur_dtbl_entry_t *dtbl_entry;
1484 guint16 saved_can_desegment;
1485 gint saved_layer_names_len = 0;
1487 /* can_desegment is set to 2 by anyone which offers this api/service.
1488 then everytime a subdissector is called it is decremented by one.
1489 thus only the subdissector immediately ontop of whoever offers this
1491 We save the current value of "can_desegment" for the
1492 benefit of TCP proxying dissectors such as SOCKS, so they
1493 can restore it and allow the dissectors they call to use
1494 the desegmentation service.
1496 saved_can_desegment=pinfo->can_desegment;
1497 pinfo->saved_can_desegment = saved_can_desegment;
1498 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1501 saved_proto = pinfo->current_proto;
1503 if (pinfo->layer_names != NULL)
1504 saved_layer_names_len = pinfo->layer_names->len;
1506 for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
1507 /* XXX - why set this now and above? */
1508 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1509 dtbl_entry = (heur_dtbl_entry_t *)entry->data;
1511 if (dtbl_entry->protocol != NULL &&
1512 !proto_is_protocol_enabled(dtbl_entry->protocol)) {
1514 * No - don't try this dissector.
1519 if (dtbl_entry->protocol != NULL) {
1520 pinfo->current_proto =
1521 proto_get_protocol_short_name(dtbl_entry->protocol);
1525 * Add the protocol name to the layers; we'll remove it
1526 * if the dissector fails.
1528 if (pinfo->layer_names) {
1529 if (pinfo->layer_names->len > 0)
1530 g_string_append(pinfo->layer_names, ":");
1531 g_string_append(pinfo->layer_names,
1532 proto_get_protocol_filter_name(proto_get_id(dtbl_entry->protocol)));
1535 if ((*dtbl_entry->dissector)(tvb, pinfo, tree)) {
1540 * That dissector didn't accept the packet, so
1541 * remove its protocol's name from the list
1544 if (pinfo->layer_names != NULL) {
1545 g_string_truncate(pinfo->layer_names,
1546 saved_layer_names_len);
1550 pinfo->current_proto = saved_proto;
1551 pinfo->can_desegment=saved_can_desegment;
1556 register_heur_dissector_list(const char *name, heur_dissector_list_t *sub_dissectors)
1558 /* Create our hash-of-lists if it doesn't already exist */
1559 if (heur_dissector_lists == NULL) {
1560 heur_dissector_lists = g_hash_table_new(g_str_hash, g_str_equal);
1561 g_assert(heur_dissector_lists != NULL);
1564 /* Make sure the registration is unique */
1565 g_assert(g_hash_table_lookup(heur_dissector_lists, name) == NULL);
1567 *sub_dissectors = NULL; /* initially empty */
1568 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
1569 (gpointer) sub_dissectors);
1573 * Register dissectors by name; used if one dissector always calls a
1574 * particular dissector, or if it bases the decision of which dissector
1575 * to call on something other than a numerical value or on "try a bunch
1576 * of dissectors until one likes the packet".
1580 * List of registered dissectors.
1582 static GHashTable *registered_dissectors = NULL;
1584 /* Get the short name of the protocol for a dissector handle, if it has
1587 dissector_handle_get_short_name(dissector_handle_t handle)
1589 if (handle->protocol == NULL) {
1591 * No protocol (see, for example, the handle for
1592 * dissecting the set of protocols where the first
1593 * octet of the payload is an OSI network layer protocol
1598 return proto_get_protocol_short_name(handle->protocol);
1601 /* Get the index of the protocol for a dissector handle, if it has
1604 dissector_handle_get_protocol_index(dissector_handle_t handle)
1606 if (handle->protocol == NULL) {
1608 * No protocol (see, for example, the handle for
1609 * dissecting the set of protocols where the first
1610 * octet of the payload is an OSI network layer protocol
1615 return proto_get_id(handle->protocol);
1618 /* Find a registered dissector by name. */
1620 find_dissector(const char *name)
1622 g_assert(registered_dissectors != NULL);
1623 return g_hash_table_lookup(registered_dissectors, name);
1626 /* Create an anonymous handle for a dissector. */
1628 create_dissector_handle(dissector_t dissector, int proto)
1630 struct dissector_handle *handle;
1632 handle = g_malloc(sizeof (struct dissector_handle));
1633 handle->name = NULL;
1634 handle->is_new = FALSE;
1635 handle->dissector.old = dissector;
1636 handle->protocol = find_protocol_by_id(proto);
1642 new_create_dissector_handle(new_dissector_t dissector, int proto)
1644 struct dissector_handle *handle;
1646 handle = g_malloc(sizeof (struct dissector_handle));
1647 handle->name = NULL;
1648 handle->is_new = TRUE;
1649 handle->dissector.new = dissector;
1650 handle->protocol = find_protocol_by_id(proto);
1655 /* Register a dissector by name. */
1657 register_dissector(const char *name, dissector_t dissector, int proto)
1659 struct dissector_handle *handle;
1661 /* Create our hash table if it doesn't already exist */
1662 if (registered_dissectors == NULL) {
1663 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1664 g_assert(registered_dissectors != NULL);
1667 /* Make sure the registration is unique */
1668 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1670 handle = g_malloc(sizeof (struct dissector_handle));
1671 handle->name = name;
1672 handle->is_new = FALSE;
1673 handle->dissector.old = dissector;
1674 handle->protocol = find_protocol_by_id(proto);
1676 g_hash_table_insert(registered_dissectors, (gpointer)name,
1681 new_register_dissector(const char *name, new_dissector_t dissector, int proto)
1683 struct dissector_handle *handle;
1685 /* Create our hash table if it doesn't already exist */
1686 if (registered_dissectors == NULL) {
1687 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1688 g_assert(registered_dissectors != NULL);
1691 /* Make sure the registration is unique */
1692 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1694 handle = g_malloc(sizeof (struct dissector_handle));
1695 handle->name = name;
1696 handle->is_new = TRUE;
1697 handle->dissector.new = dissector;
1698 handle->protocol = find_protocol_by_id(proto);
1700 g_hash_table_insert(registered_dissectors, (gpointer)name,
1704 /* Call a dissector through a handle and if this fails call the "data"
1708 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
1709 packet_info *pinfo, proto_tree *tree)
1713 ret = call_dissector_work(handle, tvb, pinfo, tree);
1716 * The protocol was disabled, or the dissector rejected
1717 * it. Just dissect this packet as data.
1719 g_assert(data_handle != NULL);
1720 g_assert(data_handle->protocol != NULL);
1721 call_dissector(data_handle, tvb, pinfo, tree);
1722 return tvb_length(tvb);
1727 /* Call a dissector through a handle but if the dissector rejected it
1728 * return 0 instead of using the default "data" dissector.
1731 call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
1732 packet_info *pinfo, proto_tree *tree)
1736 ret = call_dissector_work(handle, tvb, pinfo, tree);
1741 * Dumps the "layer type"/"decode as" associations to stdout, similar
1742 * to the proto_registrar_dump_*() routines.
1744 * There is one record per line. The fields are tab-delimited.
1746 * Field 1 = layer type, e.g. "tcp.port"
1747 * Field 2 = selector in decimal
1748 * Field 3 = "decode as" name, e.g. "http"
1753 dissector_dump_decodes_display(gchar *table_name, ftenum_t selector_type _U_,
1754 gpointer key, gpointer value, gpointer user_data _U_)
1756 guint32 selector = (guint32) key;
1757 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1758 dtbl_entry_t *dtbl_entry;
1759 dissector_handle_t handle;
1763 g_assert(sub_dissectors);
1764 switch (sub_dissectors->type) {
1771 g_assert(dtbl_entry);
1773 handle = dtbl_entry->current;
1776 proto_id = dissector_handle_get_protocol_index(handle);
1778 if (proto_id != -1) {
1779 decode_as = proto_get_protocol_filter_name(proto_id);
1780 g_assert(decode_as != NULL);
1781 printf("%s\t%d\t%s\n", table_name, selector, decode_as);
1791 dissector_dump_decodes() {
1792 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);