2 * Routines for packet disassembly
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
43 #include "timestamp.h"
45 #include "atalk-utils.h"
46 #include "ipv6-utils.h"
47 #include "sna-utils.h"
48 #include "osi-utils.h"
51 #include "addr_resolv.h"
54 #include "epan_dissect.h"
56 #include <epan/reassemble.h>
58 static gint proto_malformed = -1;
59 static dissector_handle_t frame_handle = NULL;
60 static dissector_handle_t data_handle = NULL;
62 const true_false_string flags_set_truth = {
70 frame_handle = find_dissector("frame");
71 data_handle = find_dissector("data");
72 proto_malformed = proto_get_id_by_filter_name("malformed");
82 * Given a tvbuff, and a length from a packet header, adjust the length
83 * of the tvbuff to reflect the specified length.
86 set_actual_length(tvbuff_t *tvb, guint specified_len)
88 if (specified_len < tvb_reported_length(tvb)) {
89 /* Adjust the length of this tvbuff to include only the specified
92 The dissector above the one calling us (the dissector above is
93 probably us) may use that to determine how much of its packet
95 tvb_set_reported_length(tvb, specified_len);
99 /* Allow protocols to register "init" routines, which are called before
100 we make a pass through a capture file and dissect all its packets
101 (e.g., when we read in a new capture file, or run a "filter packets"
102 or "colorize packets" pass over the current capture file). */
103 static GSList *init_routines;
106 register_init_routine(void (*func)(void))
108 init_routines = g_slist_append(init_routines, (gpointer)func);
111 typedef void (*void_func_t)(void);
113 /* Initialize all data structures used for dissection. */
115 call_init_routine(gpointer routine, gpointer dummy _U_)
117 void_func_t func = (void_func_t)routine;
122 * XXX - for now, these are the same; the "init" routines free whatever
123 * stuff is left over from any previous dissection, and then initialize
126 * We should probably split that into "init" and "cleanup" routines, for
130 init_dissection(void)
132 /* Initialize the table of conversations. */
133 epan_conversation_init();
135 /* Initialize the table of circuits. */
138 /* Initialize protocol-specific variables. */
139 g_slist_foreach(init_routines, &call_init_routine, NULL);
141 /* Initialize the common data structures for fragment reassembly.
142 Must be done *after* calling init routines, as those routines
143 may free up space for fragments, which they find by using the
144 data structures that "reassemble_init()" frees. */
149 cleanup_dissection(void)
154 /* Allow protocols to register a "cleanup" routine to be
155 * run after the initial sequential run through the packets.
156 * Note that the file can still be open after this; this is not
157 * the final cleanup. */
158 static GSList *postseq_cleanup_routines;
161 register_postseq_cleanup_routine(void_func_t func)
163 postseq_cleanup_routines = g_slist_append(postseq_cleanup_routines,
167 /* Call all the registered "postseq_cleanup" routines. */
169 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
171 void_func_t func = (void_func_t)routine;
176 postseq_cleanup_all_protocols(void)
178 g_slist_foreach(postseq_cleanup_routines,
179 &call_postseq_cleanup_routine, NULL);
182 /* Contains information about data sources. */
183 static GMemChunk *data_source_chunk = NULL;
186 * Add a new data source to the list of data sources for a frame, given
187 * the tvbuff for the data source and its name.
190 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, char *name)
194 if (data_source_chunk == NULL) {
195 data_source_chunk = g_mem_chunk_new("data_source_chunk",
196 sizeof (data_source), 10 * sizeof (data_source),
199 src = g_mem_chunk_alloc(data_source_chunk);
202 * XXX - if we require this argument to be a string constant,
203 * we don't need to allocate a buffer for a copy and make a
204 * copy, and wouldn't need to free the buffer, either.
206 src->name = g_strdup_printf("%s (%u bytes)", name, tvb_length(tvb));
207 pinfo->data_src = g_slist_append(pinfo->data_src, src);
211 * Free up a frame's list of data sources.
214 free_data_sources(packet_info *pinfo)
219 for (src_le = pinfo->data_src; src_le != NULL; src_le = src_le->next) {
222 g_mem_chunk_free(data_source_chunk, src);
224 g_slist_free(pinfo->data_src);
225 pinfo->data_src = NULL;
228 /* Allow dissectors to register a "final_registration" routine
229 * that is run like the proto_register_XXX() routine, but the end
230 * end of the epan_init() function; that is, *after* all other
231 * subsystems, like dfilters, have finished initializing. This is
232 * useful for dissector registration routines which need to compile
233 * display filters. dfilters can't initialize itself until all protocols
234 * have registereed themselves. */
235 static GSList *final_registration_routines;
238 register_final_registration_routine(void (*func)(void))
240 final_registration_routines = g_slist_append(final_registration_routines,
244 /* Call all the registered "final_registration" routines. */
246 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
248 void_func_t func = (void_func_t)routine;
254 final_registration_all_protocols(void)
256 g_slist_foreach(final_registration_routines,
257 &call_final_registration_routine, NULL);
261 /* Creates the top-most tvbuff and calls dissect_frame() */
263 dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
264 const guchar *pd, frame_data *fd, column_info *cinfo)
268 edt->pi.current_proto = "<Missing Protocol Name>";
269 edt->pi.cinfo = cinfo;
271 edt->pi.pseudo_header = pseudo_header;
272 edt->pi.data_src = NULL;
273 edt->pi.dl_src.type = AT_NONE;
274 edt->pi.dl_src.len = 0;
275 edt->pi.dl_src.data = NULL;
276 edt->pi.dl_dst.type = AT_NONE;
277 edt->pi.dl_dst.len = 0;
278 edt->pi.dl_dst.data = NULL;
279 edt->pi.net_src.type = AT_NONE;
280 edt->pi.net_src.len = 0;
281 edt->pi.net_src.data = NULL;
282 edt->pi.net_dst.type = AT_NONE;
283 edt->pi.net_dst.len = 0;
284 edt->pi.net_dst.data = NULL;
285 edt->pi.src.type = AT_NONE;
287 edt->pi.src.data = NULL;
288 edt->pi.dst.type = AT_NONE;
290 edt->pi.dst.data = NULL;
291 edt->pi.ethertype = 0;
293 edt->pi.ipxptype = 0;
294 edt->pi.ctype = CT_NONE;
295 edt->pi.circuit_id = 0;
296 edt->pi.noreassembly_reason = "";
297 edt->pi.fragmented = FALSE;
298 edt->pi.in_error_pkt = FALSE;
299 edt->pi.ptype = PT_NONE;
301 edt->pi.destport = 0;
302 edt->pi.match_port = 0;
303 edt->pi.match_string = NULL;
304 edt->pi.can_desegment = 0;
305 edt->pi.want_pdu_tracking = 0;
306 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
307 edt->pi.private_data = NULL;
314 edt->pi.dcectxid = 0;
315 edt->pi.dcetransporttype = -1;
316 edt->pi.decrypt_gssapi_tvb = 0;
317 edt->pi.gssapi_wrap_tvb = NULL;
318 edt->pi.gssapi_encrypted_tvb = NULL;
319 edt->pi.gssapi_decrypted_tvb = NULL;
320 edt->pi.layer_names = NULL;
323 edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
324 /* Add this tvbuffer into the data_src list */
325 add_new_data_source(&edt->pi, edt->tvb, "Frame");
327 /* Even though dissect_frame() catches all the exceptions a
328 * sub-dissector can throw, dissect_frame() itself may throw
329 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
330 * in this function. */
331 if(frame_handle != NULL)
332 call_dissector(frame_handle, edt->tvb, &edt->pi, edt->tree);
336 g_assert_not_reached();
338 CATCH(ReportedBoundsError) {
339 if(proto_malformed != -1){
340 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
341 "[Malformed Frame: Packet Length]" );
344 g_assert_not_reached();
349 fd->flags.visited = 1;
352 /*********************** code added for sub-dissector lookup *********************/
355 * An dissector handle.
357 struct dissector_handle {
358 const char *name; /* dissector name */
359 gboolean is_new; /* TRUE if new-style dissector */
364 protocol_t *protocol;
368 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
369 packet_info *pinfo, proto_tree *tree)
371 const char *saved_proto;
374 saved_proto = pinfo->current_proto;
376 if (handle->protocol != NULL) {
377 pinfo->current_proto =
378 proto_get_protocol_short_name(handle->protocol);
382 ret = (*handle->dissector.new)(tvb, pinfo, tree);
384 (*handle->dissector.old)(tvb, pinfo, tree);
385 ret = tvb_length(tvb);
388 * XXX - a tvbuff can have 0 bytes of data in
389 * it, so we have to make sure we don't return
396 pinfo->current_proto = saved_proto;
402 * Call a dissector through a handle.
403 * If the protocol for that handle isn't enabled, return 0 without
404 * calling the dissector.
405 * Otherwise, if the handle refers to a new-style dissector, call the
406 * dissector and return its return value, otherwise call it and return
407 * the length of the tvbuff pointed to by the argument.
410 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb,
411 packet_info *pinfo_arg, proto_tree *tree)
413 packet_info *volatile pinfo = pinfo_arg;
414 const char *saved_proto;
415 guint16 saved_can_desegment;
417 gboolean save_writable;
418 volatile address save_dl_src;
419 volatile address save_dl_dst;
420 volatile address save_net_src;
421 volatile address save_net_dst;
422 volatile address save_src;
423 volatile address save_dst;
424 volatile gint saved_layer_names_len = 0;
426 if (handle->protocol != NULL &&
427 !proto_is_protocol_enabled(handle->protocol)) {
429 * The protocol isn't enabled.
434 saved_proto = pinfo->current_proto;
435 saved_can_desegment = pinfo->can_desegment;
437 if (pinfo->layer_names != NULL)
438 saved_layer_names_len = pinfo->layer_names->len;
441 * can_desegment is set to 2 by anyone which offers the
442 * desegmentation api/service.
443 * Then everytime a subdissector is called it is decremented
445 * Thus only the subdissector immediately on top of whoever
446 * offers this service can use it.
447 * We save the current value of "can_desegment" for the
448 * benefit of TCP proxying dissectors such as SOCKS, so they
449 * can restore it and allow the dissectors they call to use
450 * the desegmentation service.
452 pinfo->saved_can_desegment = saved_can_desegment;
453 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
454 if (handle->protocol != NULL) {
455 pinfo->current_proto =
456 proto_get_protocol_short_name(handle->protocol);
459 * Add the protocol name to the layers
461 if (pinfo->layer_names) {
462 if (pinfo->layer_names->len > 0)
463 g_string_append(pinfo->layer_names, ":");
464 g_string_append(pinfo->layer_names,
465 proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
469 if (pinfo->in_error_pkt) {
471 * This isn't a packet being transported inside
472 * the protocol whose dissector is calling us,
473 * it's a copy of a packet that caused an error
474 * in some protocol included in a packet that
475 * reports the error (e.g., an ICMP Unreachable
480 * Save the current state of the writability of
481 * the columns, and restore them after the
482 * dissector returns, so that the columns
483 * don't reflect the packet that got the error,
484 * they reflect the packet that reported the
487 save_writable = col_get_writable(pinfo->cinfo);
488 col_set_writable(pinfo->cinfo, FALSE);
489 save_dl_src = pinfo->dl_src;
490 save_dl_dst = pinfo->dl_dst;
491 save_net_src = pinfo->net_src;
492 save_net_dst = pinfo->net_dst;
493 save_src = pinfo->src;
494 save_dst = pinfo->dst;
496 /* Dissect the contained packet. */
498 ret = call_dissector_through_handle(handle, tvb,
503 * Restore the column writability and addresses.
505 col_set_writable(pinfo->cinfo, save_writable);
506 pinfo->dl_src = save_dl_src;
507 pinfo->dl_dst = save_dl_dst;
508 pinfo->net_src = save_net_src;
509 pinfo->net_dst = save_net_dst;
510 pinfo->src = save_src;
511 pinfo->dst = save_dst;
514 * Restore the current protocol, so any
515 * "Short Frame" indication reflects that
516 * protocol, not the protocol for the
517 * packet that got the error.
519 pinfo->current_proto = saved_proto;
522 * Restore the desegmentability state.
524 pinfo->can_desegment = saved_can_desegment;
527 * Rethrow the exception, so this will be
528 * reported as a short frame.
532 CATCH(ReportedBoundsError) {
534 * "ret" wasn't set because an exception was thrown
535 * before "call_dissector_through_handle()" returned.
536 * As it called something, at least one dissector
537 * accepted the packet, and, as an exception was
538 * thrown, not only was all the tvbuff dissected,
539 * a dissector tried dissecting past the end of
540 * the data in some tvbuff, so we'll assume that
541 * the entire tvbuff was dissected.
543 ret = tvb_length(tvb);
547 col_set_writable(pinfo->cinfo, save_writable);
548 pinfo->dl_src = save_dl_src;
549 pinfo->dl_dst = save_dl_dst;
550 pinfo->net_src = save_net_src;
551 pinfo->net_dst = save_net_dst;
552 pinfo->src = save_src;
553 pinfo->dst = save_dst;
554 pinfo->want_pdu_tracking = 0;
557 * Just call the subdissector.
559 ret = call_dissector_through_handle(handle, tvb, pinfo, tree);
564 * That dissector didn't accept the packet, so
565 * remove its protocol's name from the list
568 if (pinfo->layer_names != NULL) {
569 g_string_truncate(pinfo->layer_names,
570 saved_layer_names_len);
573 pinfo->current_proto = saved_proto;
574 pinfo->can_desegment = saved_can_desegment;
579 * An entry in the hash table portion of a dissector table.
582 dissector_handle_t initial;
583 dissector_handle_t current;
589 * "hash_table" is a hash table, indexed by port number, supplying
590 * a "struct dtbl_entry"; it records what dissector is assigned to
591 * that port number in that table.
593 * "dissector_handles" is a list of all dissectors that *could* be
594 * used in that table; not all of them are necessarily in the table,
595 * as they may be for protocols that don't have a fixed port number.
597 * "ui_name" is the name the dissector table has in the user interface.
599 * "type" is a field type giving the width of the port number for that
602 * "base" is the base in which to display the port number for that
605 struct dissector_table {
606 GHashTable *hash_table;
607 GSList *dissector_handles;
613 static GHashTable *dissector_tables = NULL;
615 /* Finds a dissector table by table name. */
617 find_dissector_table(const char *name)
619 g_assert(dissector_tables);
620 return g_hash_table_lookup( dissector_tables, name );
623 /* Find an entry in a uint dissector table. */
624 static dtbl_entry_t *
625 find_uint_dtbl_entry(dissector_table_t sub_dissectors, guint32 pattern)
627 switch (sub_dissectors->type) {
634 * You can do a port lookup in these tables.
640 * But you can't do a port lookup in any other types
643 g_assert_not_reached();
649 return g_hash_table_lookup(sub_dissectors->hash_table,
650 GUINT_TO_POINTER(pattern));
653 /* Add an entry to a uint dissector table. */
655 dissector_add(const char *name, guint32 pattern, dissector_handle_t handle)
657 dissector_table_t sub_dissectors = find_dissector_table( name);
658 dtbl_entry_t *dtbl_entry;
661 g_assert( sub_dissectors);
662 switch (sub_dissectors->type) {
669 * You can do a port lookup in these tables.
675 * But you can't do a port lookup in any other types
678 g_assert_not_reached();
681 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
682 dtbl_entry->current = handle;
683 dtbl_entry->initial = dtbl_entry->current;
685 /* do the table insertion */
686 g_hash_table_insert( sub_dissectors->hash_table,
687 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
690 * Now add it to the list of handles that could be used with this
691 * table, because it *is* being used with this table.
693 dissector_add_handle(name, handle);
696 /* Delete the entry for a dissector in a uint dissector table
697 with a particular pattern. */
699 /* NOTE: this doesn't use the dissector call variable. It is included to */
700 /* be consistant with the dissector_add and more importantly to be used */
701 /* if the technique of adding a temporary dissector is implemented. */
702 /* If temporary dissectors are deleted, then the original dissector must */
705 dissector_delete(const char *name, guint32 pattern,
706 dissector_handle_t handle _U_)
708 dissector_table_t sub_dissectors = find_dissector_table( name);
709 dtbl_entry_t *dtbl_entry;
712 g_assert( sub_dissectors);
717 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
719 if (dtbl_entry != NULL) {
723 g_hash_table_remove(sub_dissectors->hash_table,
724 GUINT_TO_POINTER(pattern));
727 * Now free up the entry.
733 /* Change the entry for a dissector in a uint dissector table
734 with a particular pattern to use a new dissector handle. */
736 dissector_change(const char *name, guint32 pattern, dissector_handle_t handle)
738 dissector_table_t sub_dissectors = find_dissector_table( name);
739 dtbl_entry_t *dtbl_entry;
742 g_assert( sub_dissectors);
745 * See if the entry already exists. If so, reuse it.
747 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
748 if (dtbl_entry != NULL) {
749 dtbl_entry->current = handle;
754 * Don't create an entry if there is no dissector handle - I.E. the
755 * user said not to decode something that wasn't being decoded
756 * in the first place.
761 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
762 dtbl_entry->initial = NULL;
763 dtbl_entry->current = handle;
765 /* do the table insertion */
766 g_hash_table_insert( sub_dissectors->hash_table,
767 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
770 /* Reset an entry in a uint dissector table to its initial value. */
772 dissector_reset(const char *name, guint32 pattern)
774 dissector_table_t sub_dissectors = find_dissector_table( name);
775 dtbl_entry_t *dtbl_entry;
778 g_assert( sub_dissectors);
783 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
785 if (dtbl_entry == NULL)
789 * Found - is there an initial value?
791 if (dtbl_entry->initial != NULL) {
792 dtbl_entry->current = dtbl_entry->initial;
794 g_hash_table_remove(sub_dissectors->hash_table,
795 GUINT_TO_POINTER(pattern));
800 /* Look for a given value in a given uint dissector table and, if found,
801 call the dissector with the arguments supplied, and return TRUE,
802 otherwise return FALSE. */
804 dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
805 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
807 dtbl_entry_t *dtbl_entry;
808 struct dissector_handle *handle;
809 guint32 saved_match_port;
812 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
813 if (dtbl_entry != NULL) {
815 * Is there currently a dissector handle for this entry?
817 handle = dtbl_entry->current;
818 if (handle == NULL) {
820 * No - pretend this dissector didn't exist,
821 * so that other dissectors might have a chance
822 * to dissect this packet.
828 * Save the current value of "pinfo->match_port",
829 * set it to the port that matched, call the
830 * dissector, and restore "pinfo->match_port".
832 saved_match_port = pinfo->match_port;
833 pinfo->match_port = port;
834 ret = call_dissector_work(handle, tvb, pinfo, tree);
835 pinfo->match_port = saved_match_port;
838 * If a new-style dissector returned 0, it means that
839 * it didn't think this tvbuff represented a packet for
840 * its protocol, and didn't dissect anything.
842 * Old-style dissectors can't reject the packet.
844 * 0 is also returned if the protocol wasn't enabled.
846 * If the packet was rejected, we return FALSE, so that
847 * other dissectors might have a chance to dissect this
848 * packet, otherwise we return TRUE.
855 /* Look for a given value in a given uint dissector table and, if found,
856 return the dissector handle for that value. */
858 dissector_get_port_handle(dissector_table_t sub_dissectors, guint32 port)
860 dtbl_entry_t *dtbl_entry;
862 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
863 if (dtbl_entry != NULL)
864 return dtbl_entry->current;
869 /* Find an entry in a string dissector table. */
870 static dtbl_entry_t *
871 find_string_dtbl_entry(dissector_table_t sub_dissectors, const gchar *pattern)
873 switch (sub_dissectors->type) {
878 * You can do a string lookup in these tables.
884 * But you can't do a string lookup in any other types
887 g_assert_not_reached();
893 return g_hash_table_lookup(sub_dissectors->hash_table, pattern);
896 /* Add an entry to a string dissector table. */
898 dissector_add_string(const char *name, gchar *pattern,
899 dissector_handle_t handle)
901 dissector_table_t sub_dissectors = find_dissector_table( name);
902 dtbl_entry_t *dtbl_entry;
905 g_assert( sub_dissectors);
907 switch (sub_dissectors->type) {
912 * You can do a string lookup in these tables.
918 * But you can't do a string lookup in any other types
921 g_assert_not_reached();
924 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
925 dtbl_entry->current = handle;
926 dtbl_entry->initial = dtbl_entry->current;
928 /* do the table insertion */
929 g_hash_table_insert( sub_dissectors->hash_table, pattern,
930 (gpointer)dtbl_entry);
933 * Now add it to the list of handles that could be used with this
934 * table, because it *is* being used with this table.
936 dissector_add_handle(name, handle);
939 /* Delete the entry for a dissector in a string dissector table
940 with a particular pattern. */
942 /* NOTE: this doesn't use the dissector call variable. It is included to */
943 /* be consistant with the dissector_add_string and more importantly to */
944 /* be used if the technique of adding a temporary dissector is */
946 /* If temporary dissectors are deleted, then the original dissector must */
949 dissector_delete_string(const char *name, const gchar *pattern,
950 dissector_handle_t handle _U_)
952 dissector_table_t sub_dissectors = find_dissector_table( name);
953 dtbl_entry_t *dtbl_entry;
956 g_assert( sub_dissectors);
961 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
963 if (dtbl_entry != NULL) {
967 g_hash_table_remove(sub_dissectors->hash_table, pattern);
970 * Now free up the entry.
976 /* Change the entry for a dissector in a string dissector table
977 with a particular pattern to use a new dissector handle. */
979 dissector_change_string(const char *name, gchar *pattern,
980 dissector_handle_t handle)
982 dissector_table_t sub_dissectors = find_dissector_table( name);
983 dtbl_entry_t *dtbl_entry;
986 g_assert( sub_dissectors);
989 * See if the entry already exists. If so, reuse it.
991 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
992 if (dtbl_entry != NULL) {
993 dtbl_entry->current = handle;
998 * Don't create an entry if there is no dissector handle - I.E. the
999 * user said not to decode something that wasn't being decoded
1000 * in the first place.
1005 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
1006 dtbl_entry->initial = NULL;
1007 dtbl_entry->current = handle;
1009 /* do the table insertion */
1010 g_hash_table_insert( sub_dissectors->hash_table, pattern,
1011 (gpointer)dtbl_entry);
1014 /* Reset an entry in a string sub-dissector table to its initial value. */
1016 dissector_reset_string(const char *name, const gchar *pattern)
1018 dissector_table_t sub_dissectors = find_dissector_table( name);
1019 dtbl_entry_t *dtbl_entry;
1022 g_assert( sub_dissectors);
1027 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1029 if (dtbl_entry == NULL)
1033 * Found - is there an initial value?
1035 if (dtbl_entry->initial != NULL) {
1036 dtbl_entry->current = dtbl_entry->initial;
1038 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1043 /* Look for a given string in a given dissector table and, if found, call
1044 the dissector with the arguments supplied, and return TRUE, otherwise
1047 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1048 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1050 dtbl_entry_t *dtbl_entry;
1051 struct dissector_handle *handle;
1053 const gchar *saved_match_string;
1055 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1056 if (dtbl_entry != NULL) {
1058 * Is there currently a dissector handle for this entry?
1060 handle = dtbl_entry->current;
1061 if (handle == NULL) {
1063 * No - pretend this dissector didn't exist,
1064 * so that other dissectors might have a chance
1065 * to dissect this packet.
1071 * Save the current value of "pinfo->match_string",
1072 * set it to the string that matched, call the
1073 * dissector, and restore "pinfo->match_string".
1075 saved_match_string = pinfo->match_string;
1076 pinfo->match_string = string;
1077 ret = call_dissector_work(handle, tvb, pinfo, tree);
1078 pinfo->match_string = saved_match_string;
1081 * If a new-style dissector returned 0, it means that
1082 * it didn't think this tvbuff represented a packet for
1083 * its protocol, and didn't dissect anything.
1085 * Old-style dissectors can't reject the packet.
1087 * 0 is also returned if the protocol wasn't enabled.
1089 * If the packet was rejected, we return FALSE, so that
1090 * other dissectors might have a chance to dissect this
1091 * packet, otherwise we return TRUE.
1098 /* Look for a given value in a given string dissector table and, if found,
1099 return the dissector handle for that value. */
1101 dissector_get_string_handle(dissector_table_t sub_dissectors,
1102 const gchar *string)
1104 dtbl_entry_t *dtbl_entry;
1106 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1107 if (dtbl_entry != NULL)
1108 return dtbl_entry->current;
1114 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1116 return dtbl_entry->current;
1119 /* Add a handle to the list of handles that *could* be used with this
1120 table. That list is used by code in the UI. */
1122 dissector_add_handle(const char *name, dissector_handle_t handle)
1124 dissector_table_t sub_dissectors = find_dissector_table( name);
1128 g_assert(sub_dissectors != NULL);
1130 /* Is it already in this list? */
1131 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1132 if (entry != NULL) {
1134 * Yes - don't insert it again.
1139 /* Add it to the list. */
1140 sub_dissectors->dissector_handles =
1141 g_slist_append(sub_dissectors->dissector_handles, (gpointer)handle);
1145 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1147 return dtbl_entry->initial;
1150 /**************************************************/
1152 /* Routines to walk dissector tables */
1154 /**************************************************/
1156 typedef struct dissector_foreach_info {
1157 gpointer caller_data;
1158 DATFunc caller_func;
1161 ftenum_t selector_type;
1162 } dissector_foreach_info_t;
1165 * Called for each entry in a dissector table.
1168 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1170 dissector_foreach_info_t *info;
1171 dtbl_entry_t *dtbl_entry;
1174 g_assert(user_data);
1177 if (dtbl_entry->current == NULL ||
1178 dtbl_entry->current->protocol == NULL) {
1180 * Either there is no dissector for this entry, or
1181 * the dissector doesn't have a protocol associated
1184 * XXX - should the latter check be done?
1190 info->caller_func(info->table_name, info->selector_type, key, value,
1195 * Called for each entry in the table of all dissector tables.
1198 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1200 dissector_table_t sub_dissectors;
1201 dissector_foreach_info_t *info;
1204 g_assert(user_data);
1206 sub_dissectors = value;
1208 info->table_name = (gchar*) key;
1209 info->selector_type = get_dissector_table_selector_type(info->table_name);
1210 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1214 * Walk all dissector tables calling a user supplied function on each
1218 dissector_all_tables_foreach (DATFunc func,
1221 dissector_foreach_info_t info;
1223 info.caller_data = user_data;
1224 info.caller_func = func;
1225 info.next_func = dissector_table_foreach_func;
1226 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1230 * Walk one dissector table's hash table calling a user supplied function
1234 dissector_table_foreach (char *name,
1238 dissector_foreach_info_t info;
1239 dissector_table_t sub_dissectors = find_dissector_table( name);
1241 info.table_name = name;
1242 info.selector_type = sub_dissectors->type;
1243 info.caller_func = func;
1244 info.caller_data = user_data;
1245 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1249 * Walk one dissector table's list of handles calling a user supplied
1250 * function on each entry.
1253 dissector_table_foreach_handle(char *name,
1254 DATFunc_handle func,
1257 dissector_table_t sub_dissectors = find_dissector_table( name);
1260 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1261 tmp = g_slist_next(tmp))
1262 func(name, tmp->data, user_data);
1266 * Called for each entry in a dissector table.
1269 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1271 dtbl_entry_t *dtbl_entry;
1272 dissector_foreach_info_t *info;
1275 g_assert(user_data);
1278 if (dtbl_entry->initial == dtbl_entry->current) {
1280 * Entry hasn't changed - don't call the function.
1286 info->caller_func(info->table_name, info->selector_type, key, value,
1291 * Walk all dissector tables calling a user supplied function only on
1292 * any entry that has been changed from its original state.
1295 dissector_all_tables_foreach_changed (DATFunc func,
1298 dissector_foreach_info_t info;
1300 info.caller_data = user_data;
1301 info.caller_func = func;
1302 info.next_func = dissector_table_foreach_changed_func;
1303 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1307 * Walk one dissector table calling a user supplied function only on
1308 * any entry that has been changed from its original state.
1311 dissector_table_foreach_changed (char *name,
1315 dissector_foreach_info_t info;
1316 dissector_table_t sub_dissectors = find_dissector_table( name);
1318 info.table_name = name;
1319 info.selector_type = sub_dissectors->type;
1320 info.caller_func = func;
1321 info.caller_data = user_data;
1322 g_hash_table_foreach(sub_dissectors->hash_table,
1323 dissector_table_foreach_changed_func, &info);
1326 typedef struct dissector_foreach_table_info {
1327 gpointer caller_data;
1328 DATFunc_table caller_func;
1329 } dissector_foreach_table_info_t;
1332 * Called for each entry in the table of all dissector tables.
1335 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
1337 dissector_table_t table;
1338 dissector_foreach_table_info_t *info;
1342 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
1346 * Walk all dissector tables calling a user supplied function on each
1350 dissector_all_tables_foreach_table (DATFunc_table func,
1353 dissector_foreach_table_info_t info;
1355 info.caller_data = user_data;
1356 info.caller_func = func;
1357 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
1361 register_dissector_table(const char *name, char *ui_name, ftenum_t type,
1364 dissector_table_t sub_dissectors;
1366 /* Create our hash-of-hashes if it doesn't already exist */
1367 if (!dissector_tables) {
1368 dissector_tables = g_hash_table_new( g_str_hash, g_str_equal );
1369 g_assert(dissector_tables);
1372 /* Make sure the registration is unique */
1373 g_assert(!g_hash_table_lookup( dissector_tables, name ));
1375 /* Create and register the dissector table for this name; returns */
1376 /* a pointer to the dissector table. */
1377 sub_dissectors = g_malloc(sizeof (struct dissector_table));
1385 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
1386 * so we use "g_direct_hash()" and "g_direct_equal()".
1388 sub_dissectors->hash_table = g_hash_table_new( g_direct_hash,
1394 sub_dissectors->hash_table = g_hash_table_new( g_str_hash,
1399 g_assert_not_reached();
1401 sub_dissectors->dissector_handles = NULL;
1402 sub_dissectors->ui_name = ui_name;
1403 sub_dissectors->type = type;
1404 sub_dissectors->base = base;
1405 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
1406 return sub_dissectors;
1410 get_dissector_table_ui_name(const char *name)
1412 dissector_table_t sub_dissectors = find_dissector_table( name);
1414 return sub_dissectors->ui_name;
1418 get_dissector_table_selector_type(const char *name)
1420 dissector_table_t sub_dissectors = find_dissector_table( name);
1422 return sub_dissectors->type;
1426 get_dissector_table_base(const char *name)
1428 dissector_table_t sub_dissectors = find_dissector_table( name);
1430 return sub_dissectors->base;
1433 static GHashTable *heur_dissector_lists = NULL;
1436 heur_dissector_t dissector;
1437 protocol_t *protocol;
1438 } heur_dtbl_entry_t;
1440 /* Finds a heuristic dissector table by field name. */
1441 static heur_dissector_list_t *
1442 find_heur_dissector_list(const char *name)
1444 g_assert(heur_dissector_lists != NULL);
1445 return g_hash_table_lookup(heur_dissector_lists, name);
1449 heur_dissector_add(const char *name, heur_dissector_t dissector, int proto)
1451 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1452 heur_dtbl_entry_t *dtbl_entry;
1455 g_assert(sub_dissectors != NULL);
1457 dtbl_entry = g_malloc(sizeof (heur_dtbl_entry_t));
1458 dtbl_entry->dissector = dissector;
1459 dtbl_entry->protocol = find_protocol_by_id(proto);
1461 /* do the table insertion */
1462 *sub_dissectors = g_slist_append(*sub_dissectors, (gpointer)dtbl_entry);
1466 dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
1467 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1470 const char *saved_proto;
1472 heur_dtbl_entry_t *dtbl_entry;
1473 guint16 saved_can_desegment;
1474 gint saved_layer_names_len = 0;
1476 /* can_desegment is set to 2 by anyone which offers this api/service.
1477 then everytime a subdissector is called it is decremented by one.
1478 thus only the subdissector immediately ontop of whoever offers this
1480 We save the current value of "can_desegment" for the
1481 benefit of TCP proxying dissectors such as SOCKS, so they
1482 can restore it and allow the dissectors they call to use
1483 the desegmentation service.
1485 saved_can_desegment=pinfo->can_desegment;
1486 pinfo->saved_can_desegment = saved_can_desegment;
1487 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1490 saved_proto = pinfo->current_proto;
1492 if (pinfo->layer_names != NULL)
1493 saved_layer_names_len = pinfo->layer_names->len;
1495 for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
1496 /* XXX - why set this now and above? */
1497 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1498 dtbl_entry = (heur_dtbl_entry_t *)entry->data;
1500 if (dtbl_entry->protocol != NULL &&
1501 !proto_is_protocol_enabled(dtbl_entry->protocol)) {
1503 * No - don't try this dissector.
1508 if (dtbl_entry->protocol != NULL) {
1509 pinfo->current_proto =
1510 proto_get_protocol_short_name(dtbl_entry->protocol);
1514 * Add the protocol name to the layers; we'll remove it
1515 * if the dissector fails.
1517 if (pinfo->layer_names) {
1518 if (pinfo->layer_names->len > 0)
1519 g_string_append(pinfo->layer_names, ":");
1520 g_string_append(pinfo->layer_names,
1521 proto_get_protocol_filter_name(proto_get_id(dtbl_entry->protocol)));
1524 if ((*dtbl_entry->dissector)(tvb, pinfo, tree)) {
1529 * That dissector didn't accept the packet, so
1530 * remove its protocol's name from the list
1533 if (pinfo->layer_names != NULL) {
1534 g_string_truncate(pinfo->layer_names,
1535 saved_layer_names_len);
1539 pinfo->current_proto = saved_proto;
1540 pinfo->can_desegment=saved_can_desegment;
1545 register_heur_dissector_list(const char *name, heur_dissector_list_t *sub_dissectors)
1547 /* Create our hash-of-lists if it doesn't already exist */
1548 if (heur_dissector_lists == NULL) {
1549 heur_dissector_lists = g_hash_table_new(g_str_hash, g_str_equal);
1550 g_assert(heur_dissector_lists != NULL);
1553 /* Make sure the registration is unique */
1554 g_assert(g_hash_table_lookup(heur_dissector_lists, name) == NULL);
1556 *sub_dissectors = NULL; /* initially empty */
1557 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
1558 (gpointer) sub_dissectors);
1562 * Register dissectors by name; used if one dissector always calls a
1563 * particular dissector, or if it bases the decision of which dissector
1564 * to call on something other than a numerical value or on "try a bunch
1565 * of dissectors until one likes the packet".
1569 * List of registered dissectors.
1571 static GHashTable *registered_dissectors = NULL;
1573 /* Get the short name of the protocol for a dissector handle, if it has
1576 dissector_handle_get_short_name(dissector_handle_t handle)
1578 if (handle->protocol == NULL) {
1580 * No protocol (see, for example, the handle for
1581 * dissecting the set of protocols where the first
1582 * octet of the payload is an OSI network layer protocol
1587 return proto_get_protocol_short_name(handle->protocol);
1590 /* Get the index of the protocol for a dissector handle, if it has
1593 dissector_handle_get_protocol_index(dissector_handle_t handle)
1595 if (handle->protocol == NULL) {
1597 * No protocol (see, for example, the handle for
1598 * dissecting the set of protocols where the first
1599 * octet of the payload is an OSI network layer protocol
1604 return proto_get_id(handle->protocol);
1607 /* Find a registered dissector by name. */
1609 find_dissector(const char *name)
1611 g_assert(registered_dissectors != NULL);
1612 return g_hash_table_lookup(registered_dissectors, name);
1615 /* Create an anonymous handle for a dissector. */
1617 create_dissector_handle(dissector_t dissector, int proto)
1619 struct dissector_handle *handle;
1621 handle = g_malloc(sizeof (struct dissector_handle));
1622 handle->name = NULL;
1623 handle->is_new = FALSE;
1624 handle->dissector.old = dissector;
1625 handle->protocol = find_protocol_by_id(proto);
1631 new_create_dissector_handle(new_dissector_t dissector, int proto)
1633 struct dissector_handle *handle;
1635 handle = g_malloc(sizeof (struct dissector_handle));
1636 handle->name = NULL;
1637 handle->is_new = TRUE;
1638 handle->dissector.new = dissector;
1639 handle->protocol = find_protocol_by_id(proto);
1644 /* Register a dissector by name. */
1646 register_dissector(const char *name, dissector_t dissector, int proto)
1648 struct dissector_handle *handle;
1650 /* Create our hash table if it doesn't already exist */
1651 if (registered_dissectors == NULL) {
1652 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1653 g_assert(registered_dissectors != NULL);
1656 /* Make sure the registration is unique */
1657 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1659 handle = g_malloc(sizeof (struct dissector_handle));
1660 handle->name = name;
1661 handle->is_new = FALSE;
1662 handle->dissector.old = dissector;
1663 handle->protocol = find_protocol_by_id(proto);
1665 g_hash_table_insert(registered_dissectors, (gpointer)name,
1670 new_register_dissector(const char *name, new_dissector_t dissector, int proto)
1672 struct dissector_handle *handle;
1674 /* Create our hash table if it doesn't already exist */
1675 if (registered_dissectors == NULL) {
1676 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1677 g_assert(registered_dissectors != NULL);
1680 /* Make sure the registration is unique */
1681 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1683 handle = g_malloc(sizeof (struct dissector_handle));
1684 handle->name = name;
1685 handle->is_new = TRUE;
1686 handle->dissector.new = dissector;
1687 handle->protocol = find_protocol_by_id(proto);
1689 g_hash_table_insert(registered_dissectors, (gpointer)name,
1693 /* Call a dissector through a handle. */
1695 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
1696 packet_info *pinfo, proto_tree *tree)
1700 ret = call_dissector_work(handle, tvb, pinfo, tree);
1703 * The protocol was disabled, or the dissector rejected
1704 * it. Just dissect this packet as data.
1706 g_assert(data_handle != NULL);
1707 g_assert(data_handle->protocol != NULL);
1708 call_dissector(data_handle, tvb, pinfo, tree);
1709 return tvb_length(tvb);
1715 * Dumps the "layer type"/"decode as" associations to stdout, similar
1716 * to the proto_registrar_dump_*() routines.
1718 * There is one record per line. The fields are tab-delimited.
1720 * Field 1 = layer type, e.g. "tcp.port"
1721 * Field 2 = selector in decimal
1722 * Field 3 = "decode as" name, e.g. "http"
1727 dissector_dump_decodes_display(gchar *table_name, ftenum_t selector_type _U_,
1728 gpointer key, gpointer value, gpointer user_data _U_)
1730 guint32 selector = (guint32) key;
1731 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1732 dtbl_entry_t *dtbl_entry;
1733 dissector_handle_t handle;
1737 g_assert(sub_dissectors);
1738 switch (sub_dissectors->type) {
1745 g_assert(dtbl_entry);
1747 handle = dtbl_entry->current;
1750 proto_id = dissector_handle_get_protocol_index(handle);
1752 if (proto_id != -1) {
1753 decode_as = proto_get_protocol_filter_name(proto_id);
1754 g_assert(decode_as != NULL);
1755 printf("%s\t%d\t%s\n", table_name, selector, decode_as);
1765 dissector_dump_decodes() {
1766 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);