2 * Routines for packet disassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
43 #include "timestamp.h"
45 #include "atalk-utils.h"
46 #include "sna-utils.h"
47 #include "osi-utils.h"
50 #include "addr_resolv.h"
53 #include "epan_dissect.h"
56 #include <epan/reassemble.h>
57 #include <epan/stream.h>
58 #include <epan/expert.h>
60 static gint proto_malformed = -1;
61 static dissector_handle_t frame_handle = NULL;
62 static dissector_handle_t data_handle = NULL;
67 frame_handle = find_dissector("frame");
68 data_handle = find_dissector("data");
69 proto_malformed = proto_get_id_by_filter_name("malformed");
79 * Given a tvbuff, and a length from a packet header, adjust the length
80 * of the tvbuff to reflect the specified length.
83 set_actual_length(tvbuff_t *tvb, guint specified_len)
85 if (specified_len < tvb_reported_length(tvb)) {
86 /* Adjust the length of this tvbuff to include only the specified
89 The dissector above the one calling us (the dissector above is
90 probably us) may use that to determine how much of its packet
92 tvb_set_reported_length(tvb, specified_len);
96 /* Allow protocols to register "init" routines, which are called before
97 we make a pass through a capture file and dissect all its packets
98 (e.g., when we read in a new capture file, or run a "filter packets"
99 or "colorize packets" pass over the current capture file). */
100 static GSList *init_routines;
103 register_init_routine(void (*func)(void))
105 init_routines = g_slist_append(init_routines, (gpointer)func);
108 typedef void (*void_func_t)(void);
110 /* Initialize all data structures used for dissection. */
112 call_init_routine(gpointer routine, gpointer dummy _U_)
114 void_func_t func = (void_func_t)routine;
119 * XXX - for now, these are the same; the "init" routines free whatever
120 * stuff is left over from any previous dissection, and then initialize
123 * We should probably split that into "init" and "cleanup" routines, for
127 init_dissection(void)
129 /* Reclaim and reinitialize all memory of seasonal scope */
132 /* Initialize the table of conversations. */
133 epan_conversation_init();
135 /* Initialize the table of circuits. */
138 /* Initialize protocol-specific variables. */
139 g_slist_foreach(init_routines, &call_init_routine, NULL);
141 /* Initialize the common data structures for fragment reassembly.
142 Must be done *after* calling init routines, as those routines
143 may free up space for fragments, which they find by using the
144 data structures that "reassemble_init()" frees. */
147 /* Initialize the stream-handling tables */
150 /* Initialize the expert infos */
155 cleanup_dissection(void)
160 /* Allow protocols to register a "cleanup" routine to be
161 * run after the initial sequential run through the packets.
162 * Note that the file can still be open after this; this is not
163 * the final cleanup. */
164 static GSList *postseq_cleanup_routines;
167 register_postseq_cleanup_routine(void_func_t func)
169 postseq_cleanup_routines = g_slist_append(postseq_cleanup_routines,
173 /* Call all the registered "postseq_cleanup" routines. */
175 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
177 void_func_t func = (void_func_t)routine;
182 postseq_cleanup_all_protocols(void)
184 g_slist_foreach(postseq_cleanup_routines,
185 &call_postseq_cleanup_routine, NULL);
189 * Add a new data source to the list of data sources for a frame, given
190 * the tvbuff for the data source and its name.
193 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
197 src = ep_alloc(sizeof (data_source));
200 * XXX - if we require this argument to be a string constant,
201 * we don't need to allocate a buffer for a copy and make a
202 * copy, and wouldn't need to free the buffer, either.
204 src->name = ep_strdup_printf("%s (%u bytes)", name, tvb_length(tvb));
205 pinfo->data_src = g_slist_append(pinfo->data_src, src);
209 * Free up a frame's list of data sources.
212 free_data_sources(packet_info *pinfo)
214 g_slist_free(pinfo->data_src);
215 pinfo->data_src = NULL;
218 /* Allow dissectors to register a "final_registration" routine
219 * that is run like the proto_register_XXX() routine, but at the
220 * end of the epan_init() function; that is, *after* all other
221 * subsystems, like dfilters, have finished initializing. This is
222 * useful for dissector registration routines which need to compile
223 * display filters. dfilters can't initialize itself until all protocols
224 * have registered themselves. */
225 static GSList *final_registration_routines;
228 register_final_registration_routine(void (*func)(void))
230 final_registration_routines = g_slist_append(final_registration_routines,
234 /* Call all the registered "final_registration" routines. */
236 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
238 void_func_t func = (void_func_t)routine;
244 final_registration_all_protocols(void)
246 g_slist_foreach(final_registration_routines,
247 &call_final_registration_routine, NULL);
251 /* Creates the top-most tvbuff and calls dissect_frame() */
253 dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
254 const guchar *pd, frame_data *fd, column_info *cinfo)
258 edt->pi.current_proto = "<Missing Protocol Name>";
259 edt->pi.cinfo = cinfo;
261 edt->pi.pseudo_header = pseudo_header;
262 edt->pi.data_src = NULL;
263 edt->pi.dl_src.type = AT_NONE;
264 edt->pi.dl_src.len = 0;
265 edt->pi.dl_src.data = NULL;
266 edt->pi.dl_dst.type = AT_NONE;
267 edt->pi.dl_dst.len = 0;
268 edt->pi.dl_dst.data = NULL;
269 edt->pi.net_src.type = AT_NONE;
270 edt->pi.net_src.len = 0;
271 edt->pi.net_src.data = NULL;
272 edt->pi.net_dst.type = AT_NONE;
273 edt->pi.net_dst.len = 0;
274 edt->pi.net_dst.data = NULL;
275 edt->pi.src.type = AT_NONE;
277 edt->pi.src.data = NULL;
278 edt->pi.dst.type = AT_NONE;
280 edt->pi.dst.data = NULL;
281 edt->pi.ethertype = 0;
283 edt->pi.ipxptype = 0;
284 edt->pi.ctype = CT_NONE;
285 edt->pi.circuit_id = 0;
286 edt->pi.noreassembly_reason = "";
287 edt->pi.fragmented = FALSE;
288 edt->pi.in_error_pkt = FALSE;
289 edt->pi.ptype = PT_NONE;
291 edt->pi.destport = 0;
292 edt->pi.match_port = 0;
293 edt->pi.match_string = NULL;
294 edt->pi.can_desegment = 0;
295 edt->pi.want_pdu_tracking = 0;
296 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
297 edt->pi.private_data = NULL;
304 edt->pi.dcectxid = 0;
305 edt->pi.dcetransporttype = -1;
306 edt->pi.decrypt_gssapi_tvb = 0;
307 edt->pi.gssapi_wrap_tvb = NULL;
308 edt->pi.gssapi_encrypted_tvb = NULL;
309 edt->pi.gssapi_decrypted_tvb = NULL;
310 edt->pi.layer_names = NULL;
311 edt->pi.link_number = 0;
312 edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN;
313 edt->pi.profinet_type = 0;
314 edt->pi.usb_conv_info = NULL;
315 edt->pi.tcp_tree = NULL;
318 edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
319 /* Add this tvbuffer into the data_src list */
320 add_new_data_source(&edt->pi, edt->tvb, "Frame");
322 /* Even though dissect_frame() catches all the exceptions a
323 * sub-dissector can throw, dissect_frame() itself may throw
324 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
325 * in this function. */
326 if(frame_handle != NULL)
327 call_dissector(frame_handle, edt->tvb, &edt->pi, edt->tree);
331 g_assert_not_reached();
333 CATCH(ReportedBoundsError) {
334 if(proto_malformed != -1){
335 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
336 "[Malformed Frame: Packet Length]" );
338 g_assert_not_reached();
341 CATCH(OutOfMemoryError) {
346 fd->flags.visited = 1;
349 /*********************** code added for sub-dissector lookup *********************/
352 * An dissector handle.
354 struct dissector_handle {
355 const char *name; /* dissector name */
356 gboolean is_new; /* TRUE if new-style dissector */
361 protocol_t *protocol;
364 /* This function will return
365 * old style dissector :
366 * length of the payload or 1 of the payload is empty
368 * >0 this protocol was successfully dissected and this was this protocol.
369 * 0 this packet did not match this protocol.
371 * The only time this function will return 0 is if it is a new style dissector
372 * and if the dissector rejected the packet.
375 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
376 packet_info *pinfo, proto_tree *tree)
378 const char *saved_proto;
381 saved_proto = pinfo->current_proto;
383 if (handle->protocol != NULL) {
384 pinfo->current_proto =
385 proto_get_protocol_short_name(handle->protocol);
388 if (handle->is_new) {
389 ret = (*handle->dissector.new)(tvb, pinfo, tree);
391 (*handle->dissector.old)(tvb, pinfo, tree);
392 ret = tvb_length(tvb);
395 * XXX - a tvbuff can have 0 bytes of data in
396 * it, so we have to make sure we don't return
403 pinfo->current_proto = saved_proto;
409 * Call a dissector through a handle.
410 * If the protocol for that handle isn't enabled, return 0 without
411 * calling the dissector.
412 * Otherwise, if the handle refers to a new-style dissector, call the
413 * dissector and return its return value, otherwise call it and return
414 * the length of the tvbuff pointed to by the argument.
417 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb,
418 packet_info *pinfo_arg, proto_tree *tree)
420 packet_info *volatile pinfo = pinfo_arg;
421 const char *saved_proto;
422 guint16 saved_can_desegment;
423 volatile int ret = 0;
424 gboolean save_writable;
425 volatile address save_dl_src;
426 volatile address save_dl_dst;
427 volatile address save_net_src;
428 volatile address save_net_dst;
429 volatile address save_src;
430 volatile address save_dst;
431 volatile gint saved_layer_names_len = 0;
433 if (handle->protocol != NULL &&
434 !proto_is_protocol_enabled(handle->protocol)) {
436 * The protocol isn't enabled.
441 saved_proto = pinfo->current_proto;
442 saved_can_desegment = pinfo->can_desegment;
444 if (pinfo->layer_names != NULL)
445 saved_layer_names_len = pinfo->layer_names->len;
448 * can_desegment is set to 2 by anyone which offers the
449 * desegmentation api/service.
450 * Then everytime a subdissector is called it is decremented
452 * Thus only the subdissector immediately on top of whoever
453 * offers this service can use it.
454 * We save the current value of "can_desegment" for the
455 * benefit of TCP proxying dissectors such as SOCKS, so they
456 * can restore it and allow the dissectors they call to use
457 * the desegmentation service.
459 pinfo->saved_can_desegment = saved_can_desegment;
460 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
461 if (handle->protocol != NULL) {
462 pinfo->current_proto =
463 proto_get_protocol_short_name(handle->protocol);
466 * Add the protocol name to the layers
468 if (pinfo->layer_names) {
469 if (pinfo->layer_names->len > 0)
470 g_string_append(pinfo->layer_names, ":");
471 g_string_append(pinfo->layer_names,
472 proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
476 if (pinfo->in_error_pkt) {
478 * This isn't a packet being transported inside
479 * the protocol whose dissector is calling us,
480 * it's a copy of a packet that caused an error
481 * in some protocol included in a packet that
482 * reports the error (e.g., an ICMP Unreachable
487 * Save the current state of the writability of
488 * the columns, and restore them after the
489 * dissector returns, so that the columns
490 * don't reflect the packet that got the error,
491 * they reflect the packet that reported the
494 save_writable = col_get_writable(pinfo->cinfo);
495 col_set_writable(pinfo->cinfo, FALSE);
496 save_dl_src = pinfo->dl_src;
497 save_dl_dst = pinfo->dl_dst;
498 save_net_src = pinfo->net_src;
499 save_net_dst = pinfo->net_dst;
500 save_src = pinfo->src;
501 save_dst = pinfo->dst;
503 /* Dissect the contained packet. */
505 ret = call_dissector_through_handle(handle, tvb,
510 * Restore the column writability and addresses.
512 col_set_writable(pinfo->cinfo, save_writable);
513 pinfo->dl_src = save_dl_src;
514 pinfo->dl_dst = save_dl_dst;
515 pinfo->net_src = save_net_src;
516 pinfo->net_dst = save_net_dst;
517 pinfo->src = save_src;
518 pinfo->dst = save_dst;
521 * Restore the current protocol, so any
522 * "Short Frame" indication reflects that
523 * protocol, not the protocol for the
524 * packet that got the error.
526 pinfo->current_proto = saved_proto;
529 * Restore the desegmentability state.
531 pinfo->can_desegment = saved_can_desegment;
534 * Rethrow the exception, so this will be
535 * reported as a short frame.
539 CATCH(ReportedBoundsError) {
541 * "ret" wasn't set because an exception was thrown
542 * before "call_dissector_through_handle()" returned.
543 * As it called something, at least one dissector
544 * accepted the packet, and, as an exception was
545 * thrown, not only was all the tvbuff dissected,
546 * a dissector tried dissecting past the end of
547 * the data in some tvbuff, so we'll assume that
548 * the entire tvbuff was dissected.
550 ret = tvb_length(tvb);
552 CATCH(OutOfMemoryError) {
557 col_set_writable(pinfo->cinfo, save_writable);
558 pinfo->dl_src = save_dl_src;
559 pinfo->dl_dst = save_dl_dst;
560 pinfo->net_src = save_net_src;
561 pinfo->net_dst = save_net_dst;
562 pinfo->src = save_src;
563 pinfo->dst = save_dst;
564 pinfo->want_pdu_tracking = 0;
567 * Just call the subdissector.
569 ret = call_dissector_through_handle(handle, tvb, pinfo, tree);
574 * That dissector didn't accept the packet, so
575 * remove its protocol's name from the list
578 if (pinfo->layer_names != NULL) {
579 g_string_truncate(pinfo->layer_names,
580 saved_layer_names_len);
583 pinfo->current_proto = saved_proto;
584 pinfo->can_desegment = saved_can_desegment;
589 * An entry in the hash table portion of a dissector table.
592 dissector_handle_t initial;
593 dissector_handle_t current;
599 * "hash_table" is a hash table, indexed by port number, supplying
600 * a "struct dtbl_entry"; it records what dissector is assigned to
601 * that port number in that table.
603 * "dissector_handles" is a list of all dissectors that *could* be
604 * used in that table; not all of them are necessarily in the table,
605 * as they may be for protocols that don't have a fixed port number.
607 * "ui_name" is the name the dissector table has in the user interface.
609 * "type" is a field type giving the width of the port number for that
612 * "base" is the base in which to display the port number for that
615 struct dissector_table {
616 GHashTable *hash_table;
617 GSList *dissector_handles;
623 static GHashTable *dissector_tables = NULL;
625 /* Finds a dissector table by table name. */
627 find_dissector_table(const char *name)
629 g_assert(dissector_tables);
630 return g_hash_table_lookup( dissector_tables, name );
633 /* Find an entry in a uint dissector table. */
634 static dtbl_entry_t *
635 find_uint_dtbl_entry(dissector_table_t sub_dissectors, guint32 pattern)
637 switch (sub_dissectors->type) {
644 * You can do a port lookup in these tables.
650 * But you can't do a port lookup in any other types
653 g_assert_not_reached();
659 return g_hash_table_lookup(sub_dissectors->hash_table,
660 GUINT_TO_POINTER(pattern));
663 /* Add an entry to a uint dissector table. */
665 dissector_add(const char *name, guint32 pattern, dissector_handle_t handle)
667 dissector_table_t sub_dissectors = find_dissector_table( name);
668 dtbl_entry_t *dtbl_entry;
671 g_assert( sub_dissectors);
672 switch (sub_dissectors->type) {
679 * You can do a port lookup in these tables.
685 * But you can't do a port lookup in any other types
688 g_assert_not_reached();
691 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
692 dtbl_entry->current = handle;
693 dtbl_entry->initial = dtbl_entry->current;
695 /* do the table insertion */
696 g_hash_table_insert( sub_dissectors->hash_table,
697 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
700 * Now add it to the list of handles that could be used with this
701 * table, because it *is* being used with this table.
703 dissector_add_handle(name, handle);
706 /* Delete the entry for a dissector in a uint dissector table
707 with a particular pattern. */
709 /* NOTE: this doesn't use the dissector call variable. It is included to */
710 /* be consistant with the dissector_add and more importantly to be used */
711 /* if the technique of adding a temporary dissector is implemented. */
712 /* If temporary dissectors are deleted, then the original dissector must */
715 dissector_delete(const char *name, guint32 pattern,
716 dissector_handle_t handle _U_)
718 dissector_table_t sub_dissectors = find_dissector_table( name);
719 dtbl_entry_t *dtbl_entry;
722 g_assert( sub_dissectors);
727 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
729 if (dtbl_entry != NULL) {
733 g_hash_table_remove(sub_dissectors->hash_table,
734 GUINT_TO_POINTER(pattern));
737 * Now free up the entry.
743 /* Change the entry for a dissector in a uint dissector table
744 with a particular pattern to use a new dissector handle. */
746 dissector_change(const char *name, guint32 pattern, dissector_handle_t handle)
748 dissector_table_t sub_dissectors = find_dissector_table( name);
749 dtbl_entry_t *dtbl_entry;
752 g_assert( sub_dissectors);
755 * See if the entry already exists. If so, reuse it.
757 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
758 if (dtbl_entry != NULL) {
759 dtbl_entry->current = handle;
764 * Don't create an entry if there is no dissector handle - I.E. the
765 * user said not to decode something that wasn't being decoded
766 * in the first place.
771 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
772 dtbl_entry->initial = NULL;
773 dtbl_entry->current = handle;
775 /* do the table insertion */
776 g_hash_table_insert( sub_dissectors->hash_table,
777 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
780 /* Reset an entry in a uint dissector table to its initial value. */
782 dissector_reset(const char *name, guint32 pattern)
784 dissector_table_t sub_dissectors = find_dissector_table( name);
785 dtbl_entry_t *dtbl_entry;
788 g_assert( sub_dissectors);
793 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
795 if (dtbl_entry == NULL)
799 * Found - is there an initial value?
801 if (dtbl_entry->initial != NULL) {
802 dtbl_entry->current = dtbl_entry->initial;
804 g_hash_table_remove(sub_dissectors->hash_table,
805 GUINT_TO_POINTER(pattern));
810 /* Look for a given value in a given uint dissector table and, if found,
811 call the dissector with the arguments supplied, and return TRUE,
812 otherwise return FALSE. */
814 dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
815 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
817 dtbl_entry_t *dtbl_entry;
818 struct dissector_handle *handle;
819 guint32 saved_match_port;
822 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
823 if (dtbl_entry != NULL) {
825 * Is there currently a dissector handle for this entry?
827 handle = dtbl_entry->current;
828 if (handle == NULL) {
830 * No - pretend this dissector didn't exist,
831 * so that other dissectors might have a chance
832 * to dissect this packet.
838 * Save the current value of "pinfo->match_port",
839 * set it to the port that matched, call the
840 * dissector, and restore "pinfo->match_port".
842 saved_match_port = pinfo->match_port;
843 pinfo->match_port = port;
844 ret = call_dissector_work(handle, tvb, pinfo, tree);
845 pinfo->match_port = saved_match_port;
848 * If a new-style dissector returned 0, it means that
849 * it didn't think this tvbuff represented a packet for
850 * its protocol, and didn't dissect anything.
852 * Old-style dissectors can't reject the packet.
854 * 0 is also returned if the protocol wasn't enabled.
856 * If the packet was rejected, we return FALSE, so that
857 * other dissectors might have a chance to dissect this
858 * packet, otherwise we return TRUE.
865 /* Look for a given value in a given uint dissector table and, if found,
866 return the dissector handle for that value. */
868 dissector_get_port_handle(dissector_table_t sub_dissectors, guint32 port)
870 dtbl_entry_t *dtbl_entry;
872 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
873 if (dtbl_entry != NULL)
874 return dtbl_entry->current;
879 /* Find an entry in a string dissector table. */
880 static dtbl_entry_t *
881 find_string_dtbl_entry(dissector_table_t sub_dissectors, const gchar *pattern)
883 switch (sub_dissectors->type) {
888 * You can do a string lookup in these tables.
894 * But you can't do a string lookup in any other types
897 g_assert_not_reached();
903 return g_hash_table_lookup(sub_dissectors->hash_table, pattern);
906 /* Add an entry to a string dissector table. */
908 dissector_add_string(const char *name, const gchar *pattern,
909 dissector_handle_t handle)
911 dissector_table_t sub_dissectors = find_dissector_table( name);
912 dtbl_entry_t *dtbl_entry;
915 g_assert( sub_dissectors);
917 switch (sub_dissectors->type) {
922 * You can do a string lookup in these tables.
928 * But you can't do a string lookup in any other types
931 g_assert_not_reached();
934 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
935 dtbl_entry->current = handle;
936 dtbl_entry->initial = dtbl_entry->current;
938 /* do the table insertion */
939 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)pattern,
940 (gpointer)dtbl_entry);
943 * Now add it to the list of handles that could be used with this
944 * table, because it *is* being used with this table.
946 dissector_add_handle(name, handle);
949 /* Delete the entry for a dissector in a string dissector table
950 with a particular pattern. */
952 /* NOTE: this doesn't use the dissector call variable. It is included to */
953 /* be consistant with the dissector_add_string and more importantly to */
954 /* be used if the technique of adding a temporary dissector is */
956 /* If temporary dissectors are deleted, then the original dissector must */
959 dissector_delete_string(const char *name, const gchar *pattern,
960 dissector_handle_t handle _U_)
962 dissector_table_t sub_dissectors = find_dissector_table( name);
963 dtbl_entry_t *dtbl_entry;
966 g_assert( sub_dissectors);
971 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
973 if (dtbl_entry != NULL) {
977 g_hash_table_remove(sub_dissectors->hash_table, pattern);
980 * Now free up the entry.
986 /* Change the entry for a dissector in a string dissector table
987 with a particular pattern to use a new dissector handle. */
989 dissector_change_string(const char *name, gchar *pattern,
990 dissector_handle_t handle)
992 dissector_table_t sub_dissectors = find_dissector_table( name);
993 dtbl_entry_t *dtbl_entry;
996 g_assert( sub_dissectors);
999 * See if the entry already exists. If so, reuse it.
1001 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1002 if (dtbl_entry != NULL) {
1003 dtbl_entry->current = handle;
1008 * Don't create an entry if there is no dissector handle - I.E. the
1009 * user said not to decode something that wasn't being decoded
1010 * in the first place.
1015 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
1016 dtbl_entry->initial = NULL;
1017 dtbl_entry->current = handle;
1019 /* do the table insertion */
1020 g_hash_table_insert( sub_dissectors->hash_table, pattern,
1021 (gpointer)dtbl_entry);
1024 /* Reset an entry in a string sub-dissector table to its initial value. */
1026 dissector_reset_string(const char *name, const gchar *pattern)
1028 dissector_table_t sub_dissectors = find_dissector_table( name);
1029 dtbl_entry_t *dtbl_entry;
1032 g_assert( sub_dissectors);
1037 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1039 if (dtbl_entry == NULL)
1043 * Found - is there an initial value?
1045 if (dtbl_entry->initial != NULL) {
1046 dtbl_entry->current = dtbl_entry->initial;
1048 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1053 /* Look for a given string in a given dissector table and, if found, call
1054 the dissector with the arguments supplied, and return TRUE, otherwise
1057 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1058 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1060 dtbl_entry_t *dtbl_entry;
1061 struct dissector_handle *handle;
1063 const gchar *saved_match_string;
1065 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1066 if (dtbl_entry != NULL) {
1068 * Is there currently a dissector handle for this entry?
1070 handle = dtbl_entry->current;
1071 if (handle == NULL) {
1073 * No - pretend this dissector didn't exist,
1074 * so that other dissectors might have a chance
1075 * to dissect this packet.
1081 * Save the current value of "pinfo->match_string",
1082 * set it to the string that matched, call the
1083 * dissector, and restore "pinfo->match_string".
1085 saved_match_string = pinfo->match_string;
1086 pinfo->match_string = string;
1087 ret = call_dissector_work(handle, tvb, pinfo, tree);
1088 pinfo->match_string = saved_match_string;
1091 * If a new-style dissector returned 0, it means that
1092 * it didn't think this tvbuff represented a packet for
1093 * its protocol, and didn't dissect anything.
1095 * Old-style dissectors can't reject the packet.
1097 * 0 is also returned if the protocol wasn't enabled.
1099 * If the packet was rejected, we return FALSE, so that
1100 * other dissectors might have a chance to dissect this
1101 * packet, otherwise we return TRUE.
1108 /* Look for a given value in a given string dissector table and, if found,
1109 return the dissector handle for that value. */
1111 dissector_get_string_handle(dissector_table_t sub_dissectors,
1112 const gchar *string)
1114 dtbl_entry_t *dtbl_entry;
1116 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1117 if (dtbl_entry != NULL)
1118 return dtbl_entry->current;
1124 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1126 return dtbl_entry->current;
1129 /* Add a handle to the list of handles that *could* be used with this
1130 table. That list is used by code in the UI. */
1132 dissector_add_handle(const char *name, dissector_handle_t handle)
1134 dissector_table_t sub_dissectors = find_dissector_table( name);
1138 g_assert(sub_dissectors != NULL);
1140 /* Is it already in this list? */
1141 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1142 if (entry != NULL) {
1144 * Yes - don't insert it again.
1149 /* Add it to the list. */
1150 sub_dissectors->dissector_handles =
1151 g_slist_append(sub_dissectors->dissector_handles, (gpointer)handle);
1155 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1157 return dtbl_entry->initial;
1160 /**************************************************/
1162 /* Routines to walk dissector tables */
1164 /**************************************************/
1166 typedef struct dissector_foreach_info {
1167 gpointer caller_data;
1168 DATFunc caller_func;
1171 ftenum_t selector_type;
1172 } dissector_foreach_info_t;
1175 * Called for each entry in a dissector table.
1178 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1180 dissector_foreach_info_t *info;
1181 dtbl_entry_t *dtbl_entry;
1184 g_assert(user_data);
1187 if (dtbl_entry->current == NULL ||
1188 dtbl_entry->current->protocol == NULL) {
1190 * Either there is no dissector for this entry, or
1191 * the dissector doesn't have a protocol associated
1194 * XXX - should the latter check be done?
1200 info->caller_func(info->table_name, info->selector_type, key, value,
1205 * Called for each entry in the table of all dissector tables.
1208 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1210 dissector_table_t sub_dissectors;
1211 dissector_foreach_info_t *info;
1214 g_assert(user_data);
1216 sub_dissectors = value;
1218 info->table_name = (gchar*) key;
1219 info->selector_type = get_dissector_table_selector_type(info->table_name);
1220 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1224 * Walk all dissector tables calling a user supplied function on each
1228 dissector_all_tables_foreach (DATFunc func,
1231 dissector_foreach_info_t info;
1233 info.caller_data = user_data;
1234 info.caller_func = func;
1235 info.next_func = dissector_table_foreach_func;
1236 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1240 * Walk one dissector table's hash table calling a user supplied function
1244 dissector_table_foreach (char *name,
1248 dissector_foreach_info_t info;
1249 dissector_table_t sub_dissectors = find_dissector_table( name);
1251 info.table_name = name;
1252 info.selector_type = sub_dissectors->type;
1253 info.caller_func = func;
1254 info.caller_data = user_data;
1255 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1259 * Walk one dissector table's list of handles calling a user supplied
1260 * function on each entry.
1263 dissector_table_foreach_handle(const char *name,
1264 DATFunc_handle func,
1267 dissector_table_t sub_dissectors = find_dissector_table( name);
1270 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1271 tmp = g_slist_next(tmp))
1272 func(name, tmp->data, user_data);
1276 * Called for each entry in a dissector table.
1279 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1281 dtbl_entry_t *dtbl_entry;
1282 dissector_foreach_info_t *info;
1285 g_assert(user_data);
1288 if (dtbl_entry->initial == dtbl_entry->current) {
1290 * Entry hasn't changed - don't call the function.
1296 info->caller_func(info->table_name, info->selector_type, key, value,
1301 * Walk all dissector tables calling a user supplied function only on
1302 * any entry that has been changed from its original state.
1305 dissector_all_tables_foreach_changed (DATFunc func,
1308 dissector_foreach_info_t info;
1310 info.caller_data = user_data;
1311 info.caller_func = func;
1312 info.next_func = dissector_table_foreach_changed_func;
1313 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1317 * Walk one dissector table calling a user supplied function only on
1318 * any entry that has been changed from its original state.
1321 dissector_table_foreach_changed (char *name,
1325 dissector_foreach_info_t info;
1326 dissector_table_t sub_dissectors = find_dissector_table( name);
1328 info.table_name = name;
1329 info.selector_type = sub_dissectors->type;
1330 info.caller_func = func;
1331 info.caller_data = user_data;
1332 g_hash_table_foreach(sub_dissectors->hash_table,
1333 dissector_table_foreach_changed_func, &info);
1336 typedef struct dissector_foreach_table_info {
1337 gpointer caller_data;
1338 DATFunc_table caller_func;
1339 } dissector_foreach_table_info_t;
1342 * Called for each entry in the table of all dissector tables.
1345 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
1347 dissector_table_t table;
1348 dissector_foreach_table_info_t *info;
1352 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
1356 * Walk all dissector tables calling a user supplied function on each
1360 dissector_all_tables_foreach_table (DATFunc_table func,
1363 dissector_foreach_table_info_t info;
1365 info.caller_data = user_data;
1366 info.caller_func = func;
1367 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
1371 register_dissector_table(const char *name, const char *ui_name, ftenum_t type,
1374 dissector_table_t sub_dissectors;
1376 /* Create our hash-of-hashes if it doesn't already exist */
1377 if (!dissector_tables) {
1378 dissector_tables = g_hash_table_new( g_str_hash, g_str_equal );
1379 g_assert(dissector_tables);
1382 /* Make sure the registration is unique */
1383 g_assert(!g_hash_table_lookup( dissector_tables, name ));
1385 /* Create and register the dissector table for this name; returns */
1386 /* a pointer to the dissector table. */
1387 sub_dissectors = g_malloc(sizeof (struct dissector_table));
1395 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
1396 * so we use "g_direct_hash()" and "g_direct_equal()".
1398 sub_dissectors->hash_table = g_hash_table_new( g_direct_hash,
1404 sub_dissectors->hash_table = g_hash_table_new( g_str_hash,
1409 g_assert_not_reached();
1411 sub_dissectors->dissector_handles = NULL;
1412 sub_dissectors->ui_name = ui_name;
1413 sub_dissectors->type = type;
1414 sub_dissectors->base = base;
1415 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
1416 return sub_dissectors;
1420 get_dissector_table_ui_name(const char *name)
1422 dissector_table_t sub_dissectors = find_dissector_table( name);
1424 return sub_dissectors->ui_name;
1428 get_dissector_table_selector_type(const char *name)
1430 dissector_table_t sub_dissectors = find_dissector_table( name);
1432 return sub_dissectors->type;
1436 get_dissector_table_base(const char *name)
1438 dissector_table_t sub_dissectors = find_dissector_table( name);
1440 return sub_dissectors->base;
1443 static GHashTable *heur_dissector_lists = NULL;
1446 heur_dissector_t dissector;
1447 protocol_t *protocol;
1448 } heur_dtbl_entry_t;
1450 /* Finds a heuristic dissector table by field name. */
1451 static heur_dissector_list_t *
1452 find_heur_dissector_list(const char *name)
1454 g_assert(heur_dissector_lists != NULL);
1455 return g_hash_table_lookup(heur_dissector_lists, name);
1459 heur_dissector_add(const char *name, heur_dissector_t dissector, int proto)
1461 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1462 heur_dtbl_entry_t *dtbl_entry;
1465 g_assert(sub_dissectors != NULL);
1467 dtbl_entry = g_malloc(sizeof (heur_dtbl_entry_t));
1468 dtbl_entry->dissector = dissector;
1469 dtbl_entry->protocol = find_protocol_by_id(proto);
1471 /* do the table insertion */
1472 *sub_dissectors = g_slist_append(*sub_dissectors, (gpointer)dtbl_entry);
1476 dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
1477 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1480 const char *saved_proto;
1482 heur_dtbl_entry_t *dtbl_entry;
1483 guint16 saved_can_desegment;
1484 gint saved_layer_names_len = 0;
1486 /* can_desegment is set to 2 by anyone which offers this api/service.
1487 then everytime a subdissector is called it is decremented by one.
1488 thus only the subdissector immediately ontop of whoever offers this
1490 We save the current value of "can_desegment" for the
1491 benefit of TCP proxying dissectors such as SOCKS, so they
1492 can restore it and allow the dissectors they call to use
1493 the desegmentation service.
1495 saved_can_desegment=pinfo->can_desegment;
1496 pinfo->saved_can_desegment = saved_can_desegment;
1497 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1500 saved_proto = pinfo->current_proto;
1502 if (pinfo->layer_names != NULL)
1503 saved_layer_names_len = pinfo->layer_names->len;
1505 for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
1506 /* XXX - why set this now and above? */
1507 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1508 dtbl_entry = (heur_dtbl_entry_t *)entry->data;
1510 if (dtbl_entry->protocol != NULL &&
1511 !proto_is_protocol_enabled(dtbl_entry->protocol)) {
1513 * No - don't try this dissector.
1518 if (dtbl_entry->protocol != NULL) {
1519 pinfo->current_proto =
1520 proto_get_protocol_short_name(dtbl_entry->protocol);
1523 * Add the protocol name to the layers; we'll remove it
1524 * if the dissector fails.
1526 if (pinfo->layer_names) {
1527 if (pinfo->layer_names->len > 0)
1528 g_string_append(pinfo->layer_names, ":");
1529 g_string_append(pinfo->layer_names,
1530 proto_get_protocol_filter_name(proto_get_id(dtbl_entry->protocol)));
1534 if ((*dtbl_entry->dissector)(tvb, pinfo, tree)) {
1539 * That dissector didn't accept the packet, so
1540 * remove its protocol's name from the list
1543 if (pinfo->layer_names != NULL) {
1544 g_string_truncate(pinfo->layer_names,
1545 saved_layer_names_len);
1549 pinfo->current_proto = saved_proto;
1550 pinfo->can_desegment=saved_can_desegment;
1555 register_heur_dissector_list(const char *name, heur_dissector_list_t *sub_dissectors)
1557 /* Create our hash-of-lists if it doesn't already exist */
1558 if (heur_dissector_lists == NULL) {
1559 heur_dissector_lists = g_hash_table_new(g_str_hash, g_str_equal);
1560 g_assert(heur_dissector_lists != NULL);
1563 /* Make sure the registration is unique */
1564 g_assert(g_hash_table_lookup(heur_dissector_lists, name) == NULL);
1566 *sub_dissectors = NULL; /* initially empty */
1567 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
1568 (gpointer) sub_dissectors);
1572 * Register dissectors by name; used if one dissector always calls a
1573 * particular dissector, or if it bases the decision of which dissector
1574 * to call on something other than a numerical value or on "try a bunch
1575 * of dissectors until one likes the packet".
1579 * List of registered dissectors.
1581 static GHashTable *registered_dissectors = NULL;
1583 /* Get the short name of the protocol for a dissector handle, if it has
1586 dissector_handle_get_short_name(dissector_handle_t handle)
1588 if (handle->protocol == NULL) {
1590 * No protocol (see, for example, the handle for
1591 * dissecting the set of protocols where the first
1592 * octet of the payload is an OSI network layer protocol
1597 return proto_get_protocol_short_name(handle->protocol);
1600 /* Get the index of the protocol for a dissector handle, if it has
1603 dissector_handle_get_protocol_index(dissector_handle_t handle)
1605 if (handle->protocol == NULL) {
1607 * No protocol (see, for example, the handle for
1608 * dissecting the set of protocols where the first
1609 * octet of the payload is an OSI network layer protocol
1614 return proto_get_id(handle->protocol);
1617 /* Find a registered dissector by name. */
1619 find_dissector(const char *name)
1621 g_assert(registered_dissectors != NULL);
1622 return g_hash_table_lookup(registered_dissectors, name);
1625 /* Create an anonymous handle for a dissector. */
1627 create_dissector_handle(dissector_t dissector, int proto)
1629 struct dissector_handle *handle;
1631 handle = g_malloc(sizeof (struct dissector_handle));
1632 handle->name = NULL;
1633 handle->is_new = FALSE;
1634 handle->dissector.old = dissector;
1635 handle->protocol = find_protocol_by_id(proto);
1641 new_create_dissector_handle(new_dissector_t dissector, int proto)
1643 struct dissector_handle *handle;
1645 handle = g_malloc(sizeof (struct dissector_handle));
1646 handle->name = NULL;
1647 handle->is_new = TRUE;
1648 handle->dissector.new = dissector;
1649 handle->protocol = find_protocol_by_id(proto);
1654 /* Register a dissector by name. */
1656 register_dissector(const char *name, dissector_t dissector, int proto)
1658 struct dissector_handle *handle;
1660 /* Create our hash table if it doesn't already exist */
1661 if (registered_dissectors == NULL) {
1662 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1663 g_assert(registered_dissectors != NULL);
1666 /* Make sure the registration is unique */
1667 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1669 handle = g_malloc(sizeof (struct dissector_handle));
1670 handle->name = name;
1671 handle->is_new = FALSE;
1672 handle->dissector.old = dissector;
1673 handle->protocol = find_protocol_by_id(proto);
1675 g_hash_table_insert(registered_dissectors, (gpointer)name,
1680 new_register_dissector(const char *name, new_dissector_t dissector, int proto)
1682 struct dissector_handle *handle;
1684 /* Create our hash table if it doesn't already exist */
1685 if (registered_dissectors == NULL) {
1686 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1687 g_assert(registered_dissectors != NULL);
1690 /* Make sure the registration is unique */
1691 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1693 handle = g_malloc(sizeof (struct dissector_handle));
1694 handle->name = name;
1695 handle->is_new = TRUE;
1696 handle->dissector.new = dissector;
1697 handle->protocol = find_protocol_by_id(proto);
1699 g_hash_table_insert(registered_dissectors, (gpointer)name,
1703 /* Call a dissector through a handle and if this fails call the "data"
1707 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
1708 packet_info *pinfo, proto_tree *tree)
1712 g_assert(handle != NULL);
1713 ret = call_dissector_work(handle, tvb, pinfo, tree);
1716 * The protocol was disabled, or the dissector rejected
1717 * it. Just dissect this packet as data.
1719 g_assert(data_handle != NULL);
1720 g_assert(data_handle->protocol != NULL);
1721 call_dissector(data_handle, tvb, pinfo, tree);
1722 return tvb_length(tvb);
1727 /* Call a dissector through a handle but if the dissector rejected it
1728 * return 0 instead of using the default "data" dissector.
1731 call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
1732 packet_info *pinfo, proto_tree *tree)
1736 ret = call_dissector_work(handle, tvb, pinfo, tree);
1741 * Dumps the "layer type"/"decode as" associations to stdout, similar
1742 * to the proto_registrar_dump_*() routines.
1744 * There is one record per line. The fields are tab-delimited.
1746 * Field 1 = layer type, e.g. "tcp.port"
1747 * Field 2 = selector in decimal
1748 * Field 3 = "decode as" name, e.g. "http"
1753 dissector_dump_decodes_display(gchar *table_name, ftenum_t selector_type _U_,
1754 gpointer key, gpointer value, gpointer user_data _U_)
1756 guint32 selector = (guint32) key;
1757 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1758 dtbl_entry_t *dtbl_entry;
1759 dissector_handle_t handle;
1761 const gchar *decode_as;
1763 g_assert(sub_dissectors);
1764 switch (sub_dissectors->type) {
1771 g_assert(dtbl_entry);
1773 handle = dtbl_entry->current;
1776 proto_id = dissector_handle_get_protocol_index(handle);
1778 if (proto_id != -1) {
1779 decode_as = proto_get_protocol_filter_name(proto_id);
1780 g_assert(decode_as != NULL);
1781 printf("%s\t%u\t%s\n", table_name, selector, decode_as);
1791 dissector_dump_decodes() {
1792 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);
1795 static GPtrArray* post_dissectors = NULL;
1796 static guint num_of_postdissectors = 0;
1798 void register_postdissector(dissector_handle_t handle) {
1799 if (!post_dissectors)
1800 post_dissectors = g_ptr_array_new();
1802 g_ptr_array_add(post_dissectors, handle);
1803 num_of_postdissectors++;
1806 extern void call_all_postdissectors(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
1808 for(i=0;i<num_of_postdissectors;i++) {
1809 call_dissector((dissector_handle_t) g_ptr_array_index(post_dissectors,i),