2 * Routines for packet disassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
43 #include "timestamp.h"
45 #include "atalk-utils.h"
46 #include "sna-utils.h"
47 #include "osi-utils.h"
50 #include "addr_resolv.h"
53 #include "epan_dissect.h"
56 #include <epan/reassemble.h>
57 #include <epan/stream.h>
58 #include <epan/expert.h>
60 static gint proto_malformed = -1;
61 static dissector_handle_t frame_handle = NULL;
62 static dissector_handle_t data_handle = NULL;
67 frame_handle = find_dissector("frame");
68 data_handle = find_dissector("data");
69 proto_malformed = proto_get_id_by_filter_name("malformed");
79 * Given a tvbuff, and a length from a packet header, adjust the length
80 * of the tvbuff to reflect the specified length.
83 set_actual_length(tvbuff_t *tvb, guint specified_len)
85 if (specified_len < tvb_reported_length(tvb)) {
86 /* Adjust the length of this tvbuff to include only the specified
89 The dissector above the one calling us (the dissector above is
90 probably us) may use that to determine how much of its packet
92 tvb_set_reported_length(tvb, specified_len);
96 /* Allow protocols to register "init" routines, which are called before
97 we make a pass through a capture file and dissect all its packets
98 (e.g., when we read in a new capture file, or run a "filter packets"
99 or "colorize packets" pass over the current capture file). */
100 static GSList *init_routines;
103 register_init_routine(void (*func)(void))
105 init_routines = g_slist_append(init_routines, (gpointer)func);
108 typedef void (*void_func_t)(void);
110 /* Initialize all data structures used for dissection. */
112 call_init_routine(gpointer routine, gpointer dummy _U_)
114 void_func_t func = (void_func_t)routine;
119 * XXX - for now, these are the same; the "init" routines free whatever
120 * stuff is left over from any previous dissection, and then initialize
123 * We should probably split that into "init" and "cleanup" routines, for
127 init_dissection(void)
129 /* Reclaim and reinitialize all memory of seasonal scope */
132 /* Initialize the table of conversations. */
133 epan_conversation_init();
135 /* Initialize the table of circuits. */
138 /* Initialize protocol-specific variables. */
139 g_slist_foreach(init_routines, &call_init_routine, NULL);
141 /* Initialize the common data structures for fragment reassembly.
142 Must be done *after* calling init routines, as those routines
143 may free up space for fragments, which they find by using the
144 data structures that "reassemble_init()" frees. */
147 /* Initialize the stream-handling tables */
150 /* Initialize the expert infos */
155 cleanup_dissection(void)
160 /* Allow protocols to register a "cleanup" routine to be
161 * run after the initial sequential run through the packets.
162 * Note that the file can still be open after this; this is not
163 * the final cleanup. */
164 static GSList *postseq_cleanup_routines;
167 register_postseq_cleanup_routine(void_func_t func)
169 postseq_cleanup_routines = g_slist_append(postseq_cleanup_routines,
173 /* Call all the registered "postseq_cleanup" routines. */
175 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
177 void_func_t func = (void_func_t)routine;
182 postseq_cleanup_all_protocols(void)
184 g_slist_foreach(postseq_cleanup_routines,
185 &call_postseq_cleanup_routine, NULL);
189 * Add a new data source to the list of data sources for a frame, given
190 * the tvbuff for the data source and its name.
193 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
197 src = ep_alloc(sizeof (data_source));
200 * XXX - if we require this argument to be a string constant,
201 * we don't need to allocate a buffer for a copy and make a
202 * copy, and wouldn't need to free the buffer, either.
204 src->name = ep_strdup_printf("%s (%u bytes)", name, tvb_length(tvb));
205 pinfo->data_src = g_slist_append(pinfo->data_src, src);
209 * Free up a frame's list of data sources.
212 free_data_sources(packet_info *pinfo)
214 g_slist_free(pinfo->data_src);
215 pinfo->data_src = NULL;
218 /* Allow dissectors to register a "final_registration" routine
219 * that is run like the proto_register_XXX() routine, but at the
220 * end of the epan_init() function; that is, *after* all other
221 * subsystems, like dfilters, have finished initializing. This is
222 * useful for dissector registration routines which need to compile
223 * display filters. dfilters can't initialize itself until all protocols
224 * have registered themselves. */
225 static GSList *final_registration_routines;
228 register_final_registration_routine(void (*func)(void))
230 final_registration_routines = g_slist_append(final_registration_routines,
234 /* Call all the registered "final_registration" routines. */
236 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
238 void_func_t func = (void_func_t)routine;
244 final_registration_all_protocols(void)
246 g_slist_foreach(final_registration_routines,
247 &call_final_registration_routine, NULL);
251 /* Creates the top-most tvbuff and calls dissect_frame() */
253 dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
254 const guchar *pd, frame_data *fd, column_info *cinfo)
258 edt->pi.current_proto = "<Missing Protocol Name>";
259 edt->pi.cinfo = cinfo;
261 edt->pi.pseudo_header = pseudo_header;
262 edt->pi.data_src = NULL;
263 edt->pi.dl_src.type = AT_NONE;
264 edt->pi.dl_src.len = 0;
265 edt->pi.dl_src.data = NULL;
266 edt->pi.dl_dst.type = AT_NONE;
267 edt->pi.dl_dst.len = 0;
268 edt->pi.dl_dst.data = NULL;
269 edt->pi.net_src.type = AT_NONE;
270 edt->pi.net_src.len = 0;
271 edt->pi.net_src.data = NULL;
272 edt->pi.net_dst.type = AT_NONE;
273 edt->pi.net_dst.len = 0;
274 edt->pi.net_dst.data = NULL;
275 edt->pi.src.type = AT_NONE;
277 edt->pi.src.data = NULL;
278 edt->pi.dst.type = AT_NONE;
280 edt->pi.dst.data = NULL;
281 edt->pi.ethertype = 0;
283 edt->pi.ipxptype = 0;
284 edt->pi.ctype = CT_NONE;
285 edt->pi.circuit_id = 0;
286 edt->pi.noreassembly_reason = "";
287 edt->pi.fragmented = FALSE;
288 edt->pi.in_error_pkt = FALSE;
289 edt->pi.ptype = PT_NONE;
291 edt->pi.destport = 0;
292 edt->pi.match_port = 0;
293 edt->pi.match_string = NULL;
294 edt->pi.can_desegment = 0;
295 edt->pi.want_pdu_tracking = 0;
296 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
297 edt->pi.private_data = NULL;
304 edt->pi.dcectxid = 0;
305 edt->pi.dcetransporttype = -1;
306 edt->pi.decrypt_gssapi_tvb = 0;
307 edt->pi.gssapi_wrap_tvb = NULL;
308 edt->pi.gssapi_encrypted_tvb = NULL;
309 edt->pi.gssapi_decrypted_tvb = NULL;
310 edt->pi.layer_names = NULL;
311 edt->pi.link_number = 0;
312 edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN;
313 edt->pi.profinet_conv = NULL;
314 edt->pi.profinet_type = 0;
315 edt->pi.usb_conv_info = NULL;
316 edt->pi.tcp_tree = NULL;
317 edt->pi.dcerpc_procedure_name="";
318 edt->pi.sccp_info = NULL;
321 edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
322 /* Add this tvbuffer into the data_src list */
323 add_new_data_source(&edt->pi, edt->tvb, "Frame");
325 /* Even though dissect_frame() catches all the exceptions a
326 * sub-dissector can throw, dissect_frame() itself may throw
327 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
328 * in this function. */
329 if(frame_handle != NULL)
330 call_dissector(frame_handle, edt->tvb, &edt->pi, edt->tree);
334 g_assert_not_reached();
336 CATCH(ReportedBoundsError) {
337 if(proto_malformed != -1){
338 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
339 "[Malformed Frame: Packet Length]" );
341 g_assert_not_reached();
344 CATCH(OutOfMemoryError) {
349 fd->flags.visited = 1;
352 /*********************** code added for sub-dissector lookup *********************/
355 * An dissector handle.
357 struct dissector_handle {
358 const char *name; /* dissector name */
359 gboolean is_new; /* TRUE if new-style dissector */
364 protocol_t *protocol;
367 /* This function will return
368 * old style dissector :
369 * length of the payload or 1 of the payload is empty
371 * >0 this protocol was successfully dissected and this was this protocol.
372 * 0 this packet did not match this protocol.
374 * The only time this function will return 0 is if it is a new style dissector
375 * and if the dissector rejected the packet.
378 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
379 packet_info *pinfo, proto_tree *tree)
381 const char *saved_proto;
384 saved_proto = pinfo->current_proto;
386 if (handle->protocol != NULL) {
387 pinfo->current_proto =
388 proto_get_protocol_short_name(handle->protocol);
391 if (handle->is_new) {
392 ret = (*handle->dissector.new)(tvb, pinfo, tree);
394 (*handle->dissector.old)(tvb, pinfo, tree);
395 ret = tvb_length(tvb);
398 * XXX - a tvbuff can have 0 bytes of data in
399 * it, so we have to make sure we don't return
406 pinfo->current_proto = saved_proto;
412 * Call a dissector through a handle.
413 * If the protocol for that handle isn't enabled, return 0 without
414 * calling the dissector.
415 * Otherwise, if the handle refers to a new-style dissector, call the
416 * dissector and return its return value, otherwise call it and return
417 * the length of the tvbuff pointed to by the argument.
420 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb,
421 packet_info *pinfo_arg, proto_tree *tree)
423 packet_info *volatile pinfo = pinfo_arg;
424 const char *saved_proto;
425 guint16 saved_can_desegment;
426 volatile int ret = 0;
427 gboolean save_writable;
428 volatile address save_dl_src;
429 volatile address save_dl_dst;
430 volatile address save_net_src;
431 volatile address save_net_dst;
432 volatile address save_src;
433 volatile address save_dst;
434 volatile gint saved_layer_names_len = 0;
436 if (handle->protocol != NULL &&
437 !proto_is_protocol_enabled(handle->protocol)) {
439 * The protocol isn't enabled.
444 saved_proto = pinfo->current_proto;
445 saved_can_desegment = pinfo->can_desegment;
447 if (pinfo->layer_names != NULL)
448 saved_layer_names_len = pinfo->layer_names->len;
451 * can_desegment is set to 2 by anyone which offers the
452 * desegmentation api/service.
453 * Then everytime a subdissector is called it is decremented
455 * Thus only the subdissector immediately on top of whoever
456 * offers this service can use it.
457 * We save the current value of "can_desegment" for the
458 * benefit of TCP proxying dissectors such as SOCKS, so they
459 * can restore it and allow the dissectors they call to use
460 * the desegmentation service.
462 pinfo->saved_can_desegment = saved_can_desegment;
463 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
464 if (handle->protocol != NULL) {
465 pinfo->current_proto =
466 proto_get_protocol_short_name(handle->protocol);
469 * Add the protocol name to the layers
471 if (pinfo->layer_names) {
472 if (pinfo->layer_names->len > 0)
473 g_string_append(pinfo->layer_names, ":");
474 g_string_append(pinfo->layer_names,
475 proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
479 if (pinfo->in_error_pkt) {
481 * This isn't a packet being transported inside
482 * the protocol whose dissector is calling us,
483 * it's a copy of a packet that caused an error
484 * in some protocol included in a packet that
485 * reports the error (e.g., an ICMP Unreachable
490 * Save the current state of the writability of
491 * the columns, and restore them after the
492 * dissector returns, so that the columns
493 * don't reflect the packet that got the error,
494 * they reflect the packet that reported the
497 save_writable = col_get_writable(pinfo->cinfo);
498 col_set_writable(pinfo->cinfo, FALSE);
499 save_dl_src = pinfo->dl_src;
500 save_dl_dst = pinfo->dl_dst;
501 save_net_src = pinfo->net_src;
502 save_net_dst = pinfo->net_dst;
503 save_src = pinfo->src;
504 save_dst = pinfo->dst;
506 /* Dissect the contained packet. */
508 ret = call_dissector_through_handle(handle, tvb,
513 * Restore the column writability and addresses.
515 col_set_writable(pinfo->cinfo, save_writable);
516 pinfo->dl_src = save_dl_src;
517 pinfo->dl_dst = save_dl_dst;
518 pinfo->net_src = save_net_src;
519 pinfo->net_dst = save_net_dst;
520 pinfo->src = save_src;
521 pinfo->dst = save_dst;
524 * Restore the current protocol, so any
525 * "Short Frame" indication reflects that
526 * protocol, not the protocol for the
527 * packet that got the error.
529 pinfo->current_proto = saved_proto;
532 * Restore the desegmentability state.
534 pinfo->can_desegment = saved_can_desegment;
537 * Rethrow the exception, so this will be
538 * reported as a short frame.
542 CATCH(ReportedBoundsError) {
544 * "ret" wasn't set because an exception was thrown
545 * before "call_dissector_through_handle()" returned.
546 * As it called something, at least one dissector
547 * accepted the packet, and, as an exception was
548 * thrown, not only was all the tvbuff dissected,
549 * a dissector tried dissecting past the end of
550 * the data in some tvbuff, so we'll assume that
551 * the entire tvbuff was dissected.
553 ret = tvb_length(tvb);
555 CATCH(OutOfMemoryError) {
560 col_set_writable(pinfo->cinfo, save_writable);
561 pinfo->dl_src = save_dl_src;
562 pinfo->dl_dst = save_dl_dst;
563 pinfo->net_src = save_net_src;
564 pinfo->net_dst = save_net_dst;
565 pinfo->src = save_src;
566 pinfo->dst = save_dst;
567 pinfo->want_pdu_tracking = 0;
570 * Just call the subdissector.
572 ret = call_dissector_through_handle(handle, tvb, pinfo, tree);
577 * That dissector didn't accept the packet, so
578 * remove its protocol's name from the list
581 if (pinfo->layer_names != NULL) {
582 g_string_truncate(pinfo->layer_names,
583 saved_layer_names_len);
586 pinfo->current_proto = saved_proto;
587 pinfo->can_desegment = saved_can_desegment;
592 * An entry in the hash table portion of a dissector table.
595 dissector_handle_t initial;
596 dissector_handle_t current;
602 * "hash_table" is a hash table, indexed by port number, supplying
603 * a "struct dtbl_entry"; it records what dissector is assigned to
604 * that port number in that table.
606 * "dissector_handles" is a list of all dissectors that *could* be
607 * used in that table; not all of them are necessarily in the table,
608 * as they may be for protocols that don't have a fixed port number.
610 * "ui_name" is the name the dissector table has in the user interface.
612 * "type" is a field type giving the width of the port number for that
615 * "base" is the base in which to display the port number for that
618 struct dissector_table {
619 GHashTable *hash_table;
620 GSList *dissector_handles;
626 static GHashTable *dissector_tables = NULL;
628 /* Finds a dissector table by table name. */
630 find_dissector_table(const char *name)
632 g_assert(dissector_tables);
633 return g_hash_table_lookup( dissector_tables, name );
636 /* Find an entry in a uint dissector table. */
637 static dtbl_entry_t *
638 find_uint_dtbl_entry(dissector_table_t sub_dissectors, guint32 pattern)
640 switch (sub_dissectors->type) {
647 * You can do a port lookup in these tables.
653 * But you can't do a port lookup in any other types
656 g_assert_not_reached();
662 return g_hash_table_lookup(sub_dissectors->hash_table,
663 GUINT_TO_POINTER(pattern));
666 /* Add an entry to a uint dissector table. */
668 dissector_add(const char *name, guint32 pattern, dissector_handle_t handle)
670 dissector_table_t sub_dissectors;
671 dtbl_entry_t *dtbl_entry;
673 sub_dissectors = find_dissector_table(name);
675 g_assert(sub_dissectors);
676 switch (sub_dissectors->type) {
683 * You can do a port lookup in these tables.
689 * But you can't do a port lookup in any other types
692 g_assert_not_reached();
695 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
696 dtbl_entry->current = handle;
697 dtbl_entry->initial = dtbl_entry->current;
699 /* do the table insertion */
700 g_hash_table_insert( sub_dissectors->hash_table,
701 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
704 * Now add it to the list of handles that could be used with this
705 * table, because it *is* being used with this table.
707 dissector_add_handle(name, handle);
710 /* Delete the entry for a dissector in a uint dissector table
711 with a particular pattern. */
713 /* NOTE: this doesn't use the dissector call variable. It is included to */
714 /* be consistant with the dissector_add and more importantly to be used */
715 /* if the technique of adding a temporary dissector is implemented. */
716 /* If temporary dissectors are deleted, then the original dissector must */
719 dissector_delete(const char *name, guint32 pattern,
720 dissector_handle_t handle _U_)
722 dissector_table_t sub_dissectors = find_dissector_table( name);
723 dtbl_entry_t *dtbl_entry;
726 g_assert( sub_dissectors);
731 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
733 if (dtbl_entry != NULL) {
737 g_hash_table_remove(sub_dissectors->hash_table,
738 GUINT_TO_POINTER(pattern));
741 * Now free up the entry.
747 /* Change the entry for a dissector in a uint dissector table
748 with a particular pattern to use a new dissector handle. */
750 dissector_change(const char *name, guint32 pattern, dissector_handle_t handle)
752 dissector_table_t sub_dissectors = find_dissector_table( name);
753 dtbl_entry_t *dtbl_entry;
756 g_assert( sub_dissectors);
759 * See if the entry already exists. If so, reuse it.
761 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
762 if (dtbl_entry != NULL) {
763 dtbl_entry->current = handle;
768 * Don't create an entry if there is no dissector handle - I.E. the
769 * user said not to decode something that wasn't being decoded
770 * in the first place.
775 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
776 dtbl_entry->initial = NULL;
777 dtbl_entry->current = handle;
779 /* do the table insertion */
780 g_hash_table_insert( sub_dissectors->hash_table,
781 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
784 /* Reset an entry in a uint dissector table to its initial value. */
786 dissector_reset(const char *name, guint32 pattern)
788 dissector_table_t sub_dissectors = find_dissector_table( name);
789 dtbl_entry_t *dtbl_entry;
792 g_assert( sub_dissectors);
797 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
799 if (dtbl_entry == NULL)
803 * Found - is there an initial value?
805 if (dtbl_entry->initial != NULL) {
806 dtbl_entry->current = dtbl_entry->initial;
808 g_hash_table_remove(sub_dissectors->hash_table,
809 GUINT_TO_POINTER(pattern));
814 /* Look for a given value in a given uint dissector table and, if found,
815 call the dissector with the arguments supplied, and return TRUE,
816 otherwise return FALSE. */
818 dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
819 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
821 dtbl_entry_t *dtbl_entry;
822 struct dissector_handle *handle;
823 guint32 saved_match_port;
826 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
827 if (dtbl_entry != NULL) {
829 * Is there currently a dissector handle for this entry?
831 handle = dtbl_entry->current;
832 if (handle == NULL) {
834 * No - pretend this dissector didn't exist,
835 * so that other dissectors might have a chance
836 * to dissect this packet.
842 * Save the current value of "pinfo->match_port",
843 * set it to the port that matched, call the
844 * dissector, and restore "pinfo->match_port".
846 saved_match_port = pinfo->match_port;
847 pinfo->match_port = port;
848 ret = call_dissector_work(handle, tvb, pinfo, tree);
849 pinfo->match_port = saved_match_port;
852 * If a new-style dissector returned 0, it means that
853 * it didn't think this tvbuff represented a packet for
854 * its protocol, and didn't dissect anything.
856 * Old-style dissectors can't reject the packet.
858 * 0 is also returned if the protocol wasn't enabled.
860 * If the packet was rejected, we return FALSE, so that
861 * other dissectors might have a chance to dissect this
862 * packet, otherwise we return TRUE.
869 /* Look for a given value in a given uint dissector table and, if found,
870 return the dissector handle for that value. */
872 dissector_get_port_handle(dissector_table_t sub_dissectors, guint32 port)
874 dtbl_entry_t *dtbl_entry;
876 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
877 if (dtbl_entry != NULL)
878 return dtbl_entry->current;
883 /* Find an entry in a string dissector table. */
884 static dtbl_entry_t *
885 find_string_dtbl_entry(dissector_table_t sub_dissectors, const gchar *pattern)
887 switch (sub_dissectors->type) {
892 * You can do a string lookup in these tables.
898 * But you can't do a string lookup in any other types
901 g_assert_not_reached();
907 return g_hash_table_lookup(sub_dissectors->hash_table, pattern);
910 /* Add an entry to a string dissector table. */
912 dissector_add_string(const char *name, const gchar *pattern,
913 dissector_handle_t handle)
915 dissector_table_t sub_dissectors = find_dissector_table( name);
916 dtbl_entry_t *dtbl_entry;
919 g_assert( sub_dissectors);
921 switch (sub_dissectors->type) {
926 * You can do a string lookup in these tables.
932 * But you can't do a string lookup in any other types
935 g_assert_not_reached();
938 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
939 dtbl_entry->current = handle;
940 dtbl_entry->initial = dtbl_entry->current;
942 /* do the table insertion */
943 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)pattern,
944 (gpointer)dtbl_entry);
947 * Now add it to the list of handles that could be used with this
948 * table, because it *is* being used with this table.
950 dissector_add_handle(name, handle);
953 /* Delete the entry for a dissector in a string dissector table
954 with a particular pattern. */
956 /* NOTE: this doesn't use the dissector call variable. It is included to */
957 /* be consistant with the dissector_add_string and more importantly to */
958 /* be used if the technique of adding a temporary dissector is */
960 /* If temporary dissectors are deleted, then the original dissector must */
963 dissector_delete_string(const char *name, const gchar *pattern,
964 dissector_handle_t handle _U_)
966 dissector_table_t sub_dissectors = find_dissector_table( name);
967 dtbl_entry_t *dtbl_entry;
970 g_assert( sub_dissectors);
975 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
977 if (dtbl_entry != NULL) {
981 g_hash_table_remove(sub_dissectors->hash_table, pattern);
984 * Now free up the entry.
990 /* Change the entry for a dissector in a string dissector table
991 with a particular pattern to use a new dissector handle. */
993 dissector_change_string(const char *name, gchar *pattern,
994 dissector_handle_t handle)
996 dissector_table_t sub_dissectors = find_dissector_table( name);
997 dtbl_entry_t *dtbl_entry;
1000 g_assert( sub_dissectors);
1003 * See if the entry already exists. If so, reuse it.
1005 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1006 if (dtbl_entry != NULL) {
1007 dtbl_entry->current = handle;
1012 * Don't create an entry if there is no dissector handle - I.E. the
1013 * user said not to decode something that wasn't being decoded
1014 * in the first place.
1019 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
1020 dtbl_entry->initial = NULL;
1021 dtbl_entry->current = handle;
1023 /* do the table insertion */
1024 g_hash_table_insert( sub_dissectors->hash_table, pattern,
1025 (gpointer)dtbl_entry);
1028 /* Reset an entry in a string sub-dissector table to its initial value. */
1030 dissector_reset_string(const char *name, const gchar *pattern)
1032 dissector_table_t sub_dissectors = find_dissector_table( name);
1033 dtbl_entry_t *dtbl_entry;
1036 g_assert( sub_dissectors);
1041 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1043 if (dtbl_entry == NULL)
1047 * Found - is there an initial value?
1049 if (dtbl_entry->initial != NULL) {
1050 dtbl_entry->current = dtbl_entry->initial;
1052 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1057 /* Look for a given string in a given dissector table and, if found, call
1058 the dissector with the arguments supplied, and return TRUE, otherwise
1061 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1062 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1064 dtbl_entry_t *dtbl_entry;
1065 struct dissector_handle *handle;
1067 const gchar *saved_match_string;
1069 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1070 if (dtbl_entry != NULL) {
1072 * Is there currently a dissector handle for this entry?
1074 handle = dtbl_entry->current;
1075 if (handle == NULL) {
1077 * No - pretend this dissector didn't exist,
1078 * so that other dissectors might have a chance
1079 * to dissect this packet.
1085 * Save the current value of "pinfo->match_string",
1086 * set it to the string that matched, call the
1087 * dissector, and restore "pinfo->match_string".
1089 saved_match_string = pinfo->match_string;
1090 pinfo->match_string = string;
1091 ret = call_dissector_work(handle, tvb, pinfo, tree);
1092 pinfo->match_string = saved_match_string;
1095 * If a new-style dissector returned 0, it means that
1096 * it didn't think this tvbuff represented a packet for
1097 * its protocol, and didn't dissect anything.
1099 * Old-style dissectors can't reject the packet.
1101 * 0 is also returned if the protocol wasn't enabled.
1103 * If the packet was rejected, we return FALSE, so that
1104 * other dissectors might have a chance to dissect this
1105 * packet, otherwise we return TRUE.
1112 /* Look for a given value in a given string dissector table and, if found,
1113 return the dissector handle for that value. */
1115 dissector_get_string_handle(dissector_table_t sub_dissectors,
1116 const gchar *string)
1118 dtbl_entry_t *dtbl_entry;
1120 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1121 if (dtbl_entry != NULL)
1122 return dtbl_entry->current;
1128 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1130 return dtbl_entry->current;
1133 /* Add a handle to the list of handles that *could* be used with this
1134 table. That list is used by code in the UI. */
1136 dissector_add_handle(const char *name, dissector_handle_t handle)
1138 dissector_table_t sub_dissectors = find_dissector_table( name);
1142 g_assert(sub_dissectors != NULL);
1144 /* Is it already in this list? */
1145 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1146 if (entry != NULL) {
1148 * Yes - don't insert it again.
1153 /* Add it to the list. */
1154 sub_dissectors->dissector_handles =
1155 g_slist_append(sub_dissectors->dissector_handles, (gpointer)handle);
1159 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1161 return dtbl_entry->initial;
1164 /**************************************************/
1166 /* Routines to walk dissector tables */
1168 /**************************************************/
1170 typedef struct dissector_foreach_info {
1171 gpointer caller_data;
1172 DATFunc caller_func;
1174 const gchar *table_name;
1175 ftenum_t selector_type;
1176 } dissector_foreach_info_t;
1179 * Called for each entry in a dissector table.
1182 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1184 dissector_foreach_info_t *info;
1185 dtbl_entry_t *dtbl_entry;
1188 g_assert(user_data);
1191 if (dtbl_entry->current == NULL ||
1192 dtbl_entry->current->protocol == NULL) {
1194 * Either there is no dissector for this entry, or
1195 * the dissector doesn't have a protocol associated
1198 * XXX - should the latter check be done?
1204 info->caller_func(info->table_name, info->selector_type, key, value,
1209 * Called for each entry in the table of all dissector tables.
1212 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1214 dissector_table_t sub_dissectors;
1215 dissector_foreach_info_t *info;
1218 g_assert(user_data);
1220 sub_dissectors = value;
1222 info->table_name = (gchar*) key;
1223 info->selector_type = get_dissector_table_selector_type(info->table_name);
1224 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1228 * Walk all dissector tables calling a user supplied function on each
1232 dissector_all_tables_foreach (DATFunc func,
1235 dissector_foreach_info_t info;
1237 info.caller_data = user_data;
1238 info.caller_func = func;
1239 info.next_func = dissector_table_foreach_func;
1240 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1244 * Walk one dissector table's hash table calling a user supplied function
1248 dissector_table_foreach (const char *name,
1252 dissector_foreach_info_t info;
1253 dissector_table_t sub_dissectors = find_dissector_table( name);
1255 info.table_name = name;
1256 info.selector_type = sub_dissectors->type;
1257 info.caller_func = func;
1258 info.caller_data = user_data;
1259 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1263 * Walk one dissector table's list of handles calling a user supplied
1264 * function on each entry.
1267 dissector_table_foreach_handle(const char *name,
1268 DATFunc_handle func,
1271 dissector_table_t sub_dissectors = find_dissector_table( name);
1274 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1275 tmp = g_slist_next(tmp))
1276 func(name, tmp->data, user_data);
1280 * Called for each entry in a dissector table.
1283 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1285 dtbl_entry_t *dtbl_entry;
1286 dissector_foreach_info_t *info;
1289 g_assert(user_data);
1292 if (dtbl_entry->initial == dtbl_entry->current) {
1294 * Entry hasn't changed - don't call the function.
1300 info->caller_func(info->table_name, info->selector_type, key, value,
1305 * Walk all dissector tables calling a user supplied function only on
1306 * any entry that has been changed from its original state.
1309 dissector_all_tables_foreach_changed (DATFunc func,
1312 dissector_foreach_info_t info;
1314 info.caller_data = user_data;
1315 info.caller_func = func;
1316 info.next_func = dissector_table_foreach_changed_func;
1317 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1321 * Walk one dissector table calling a user supplied function only on
1322 * any entry that has been changed from its original state.
1325 dissector_table_foreach_changed (const char *name,
1329 dissector_foreach_info_t info;
1330 dissector_table_t sub_dissectors = find_dissector_table( name);
1332 info.table_name = name;
1333 info.selector_type = sub_dissectors->type;
1334 info.caller_func = func;
1335 info.caller_data = user_data;
1336 g_hash_table_foreach(sub_dissectors->hash_table,
1337 dissector_table_foreach_changed_func, &info);
1340 typedef struct dissector_foreach_table_info {
1341 gpointer caller_data;
1342 DATFunc_table caller_func;
1343 } dissector_foreach_table_info_t;
1346 * Called for each entry in the table of all dissector tables.
1349 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
1351 dissector_table_t table;
1352 dissector_foreach_table_info_t *info;
1356 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
1360 * Walk all dissector tables calling a user supplied function on each
1364 dissector_all_tables_foreach_table (DATFunc_table func,
1367 dissector_foreach_table_info_t info;
1369 info.caller_data = user_data;
1370 info.caller_func = func;
1371 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
1375 register_dissector_table(const char *name, const char *ui_name, ftenum_t type,
1378 dissector_table_t sub_dissectors;
1380 /* Create our hash-of-hashes if it doesn't already exist */
1381 if (!dissector_tables) {
1382 dissector_tables = g_hash_table_new( g_str_hash, g_str_equal );
1383 g_assert(dissector_tables);
1386 /* Make sure the registration is unique */
1387 g_assert(!g_hash_table_lookup( dissector_tables, name ));
1389 /* Create and register the dissector table for this name; returns */
1390 /* a pointer to the dissector table. */
1391 sub_dissectors = g_malloc(sizeof (struct dissector_table));
1399 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
1400 * so we use "g_direct_hash()" and "g_direct_equal()".
1402 sub_dissectors->hash_table = g_hash_table_new( g_direct_hash,
1408 sub_dissectors->hash_table = g_hash_table_new( g_str_hash,
1413 g_assert_not_reached();
1415 sub_dissectors->dissector_handles = NULL;
1416 sub_dissectors->ui_name = ui_name;
1417 sub_dissectors->type = type;
1418 sub_dissectors->base = base;
1419 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
1420 return sub_dissectors;
1424 get_dissector_table_ui_name(const char *name)
1426 dissector_table_t sub_dissectors = find_dissector_table( name);
1428 return sub_dissectors->ui_name;
1432 get_dissector_table_selector_type(const char *name)
1434 dissector_table_t sub_dissectors = find_dissector_table( name);
1436 return sub_dissectors->type;
1440 get_dissector_table_base(const char *name)
1442 dissector_table_t sub_dissectors = find_dissector_table( name);
1444 return sub_dissectors->base;
1447 static GHashTable *heur_dissector_lists = NULL;
1450 heur_dissector_t dissector;
1451 protocol_t *protocol;
1452 } heur_dtbl_entry_t;
1454 /* Finds a heuristic dissector table by field name. */
1455 static heur_dissector_list_t *
1456 find_heur_dissector_list(const char *name)
1458 g_assert(heur_dissector_lists != NULL);
1459 return g_hash_table_lookup(heur_dissector_lists, name);
1463 heur_dissector_add(const char *name, heur_dissector_t dissector, int proto)
1465 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1466 heur_dtbl_entry_t *dtbl_entry;
1469 g_assert(sub_dissectors != NULL);
1471 dtbl_entry = g_malloc(sizeof (heur_dtbl_entry_t));
1472 dtbl_entry->dissector = dissector;
1473 dtbl_entry->protocol = find_protocol_by_id(proto);
1475 /* do the table insertion */
1476 *sub_dissectors = g_slist_append(*sub_dissectors, (gpointer)dtbl_entry);
1481 static int find_matching_heur_dissector( gconstpointer a, gconstpointer b) {
1482 const heur_dtbl_entry_t *dtbl_entry_a = (const heur_dtbl_entry_t *) a;
1483 const heur_dtbl_entry_t *dtbl_entry_b = (const heur_dtbl_entry_t *) b;
1484 return (dtbl_entry_a->dissector == dtbl_entry_b->dissector) &&
1485 (dtbl_entry_a->protocol == dtbl_entry_b->protocol) ? 0 : 1;
1488 void heur_dissector_delete(const char *name, heur_dissector_t dissector, int proto) {
1489 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1490 heur_dtbl_entry_t dtbl_entry;
1491 GSList* found_entry;
1494 g_assert(sub_dissectors != NULL);
1496 dtbl_entry.dissector = dissector;
1498 dtbl_entry.protocol = find_protocol_by_id(proto);
1500 found_entry = g_slist_find_custom(*sub_dissectors, (gpointer) &dtbl_entry, find_matching_heur_dissector);
1503 *sub_dissectors = g_slist_remove_link(*sub_dissectors, found_entry);
1504 g_free(g_slist_nth_data(found_entry, 1));
1505 g_slist_free_1(found_entry);
1511 dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
1512 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1515 const char *saved_proto;
1517 heur_dtbl_entry_t *dtbl_entry;
1518 guint16 saved_can_desegment;
1519 gint saved_layer_names_len = 0;
1521 /* can_desegment is set to 2 by anyone which offers this api/service.
1522 then everytime a subdissector is called it is decremented by one.
1523 thus only the subdissector immediately ontop of whoever offers this
1525 We save the current value of "can_desegment" for the
1526 benefit of TCP proxying dissectors such as SOCKS, so they
1527 can restore it and allow the dissectors they call to use
1528 the desegmentation service.
1530 saved_can_desegment=pinfo->can_desegment;
1531 pinfo->saved_can_desegment = saved_can_desegment;
1532 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1535 saved_proto = pinfo->current_proto;
1537 if (pinfo->layer_names != NULL)
1538 saved_layer_names_len = pinfo->layer_names->len;
1540 for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
1541 /* XXX - why set this now and above? */
1542 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1543 dtbl_entry = (heur_dtbl_entry_t *)entry->data;
1545 if (dtbl_entry->protocol != NULL &&
1546 !proto_is_protocol_enabled(dtbl_entry->protocol)) {
1548 * No - don't try this dissector.
1553 if (dtbl_entry->protocol != NULL) {
1554 pinfo->current_proto =
1555 proto_get_protocol_short_name(dtbl_entry->protocol);
1558 * Add the protocol name to the layers; we'll remove it
1559 * if the dissector fails.
1561 if (pinfo->layer_names) {
1562 if (pinfo->layer_names->len > 0)
1563 g_string_append(pinfo->layer_names, ":");
1564 g_string_append(pinfo->layer_names,
1565 proto_get_protocol_filter_name(proto_get_id(dtbl_entry->protocol)));
1569 if ((*dtbl_entry->dissector)(tvb, pinfo, tree)) {
1574 * That dissector didn't accept the packet, so
1575 * remove its protocol's name from the list
1578 if (pinfo->layer_names != NULL) {
1579 g_string_truncate(pinfo->layer_names,
1580 saved_layer_names_len);
1584 pinfo->current_proto = saved_proto;
1585 pinfo->can_desegment=saved_can_desegment;
1590 register_heur_dissector_list(const char *name, heur_dissector_list_t *sub_dissectors)
1592 /* Create our hash-of-lists if it doesn't already exist */
1593 if (heur_dissector_lists == NULL) {
1594 heur_dissector_lists = g_hash_table_new(g_str_hash, g_str_equal);
1595 g_assert(heur_dissector_lists != NULL);
1598 /* Make sure the registration is unique */
1599 g_assert(g_hash_table_lookup(heur_dissector_lists, name) == NULL);
1601 *sub_dissectors = NULL; /* initially empty */
1602 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
1603 (gpointer) sub_dissectors);
1607 * Register dissectors by name; used if one dissector always calls a
1608 * particular dissector, or if it bases the decision of which dissector
1609 * to call on something other than a numerical value or on "try a bunch
1610 * of dissectors until one likes the packet".
1614 * List of registered dissectors.
1616 static GHashTable *registered_dissectors = NULL;
1618 /* Get the short name of the protocol for a dissector handle, if it has
1621 dissector_handle_get_short_name(dissector_handle_t handle)
1623 if (handle->protocol == NULL) {
1625 * No protocol (see, for example, the handle for
1626 * dissecting the set of protocols where the first
1627 * octet of the payload is an OSI network layer protocol
1632 return proto_get_protocol_short_name(handle->protocol);
1635 /* Get the index of the protocol for a dissector handle, if it has
1638 dissector_handle_get_protocol_index(dissector_handle_t handle)
1640 if (handle->protocol == NULL) {
1642 * No protocol (see, for example, the handle for
1643 * dissecting the set of protocols where the first
1644 * octet of the payload is an OSI network layer protocol
1649 return proto_get_id(handle->protocol);
1652 /* Find a registered dissector by name. */
1654 find_dissector(const char *name)
1656 g_assert(registered_dissectors != NULL);
1657 return g_hash_table_lookup(registered_dissectors, name);
1660 /* Create an anonymous handle for a dissector. */
1662 create_dissector_handle(dissector_t dissector, int proto)
1664 struct dissector_handle *handle;
1666 handle = g_malloc(sizeof (struct dissector_handle));
1667 handle->name = NULL;
1668 handle->is_new = FALSE;
1669 handle->dissector.old = dissector;
1670 handle->protocol = find_protocol_by_id(proto);
1676 new_create_dissector_handle(new_dissector_t dissector, int proto)
1678 struct dissector_handle *handle;
1680 handle = g_malloc(sizeof (struct dissector_handle));
1681 handle->name = NULL;
1682 handle->is_new = TRUE;
1683 handle->dissector.new = dissector;
1684 handle->protocol = find_protocol_by_id(proto);
1689 /* Register a dissector by name. */
1691 register_dissector(const char *name, dissector_t dissector, int proto)
1693 struct dissector_handle *handle;
1695 /* Create our hash table if it doesn't already exist */
1696 if (registered_dissectors == NULL) {
1697 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1698 g_assert(registered_dissectors != NULL);
1701 /* Make sure the registration is unique */
1702 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1704 handle = g_malloc(sizeof (struct dissector_handle));
1705 handle->name = name;
1706 handle->is_new = FALSE;
1707 handle->dissector.old = dissector;
1708 handle->protocol = find_protocol_by_id(proto);
1710 g_hash_table_insert(registered_dissectors, (gpointer)name,
1715 new_register_dissector(const char *name, new_dissector_t dissector, int proto)
1717 struct dissector_handle *handle;
1719 /* Create our hash table if it doesn't already exist */
1720 if (registered_dissectors == NULL) {
1721 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1722 g_assert(registered_dissectors != NULL);
1725 /* Make sure the registration is unique */
1726 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1728 handle = g_malloc(sizeof (struct dissector_handle));
1729 handle->name = name;
1730 handle->is_new = TRUE;
1731 handle->dissector.new = dissector;
1732 handle->protocol = find_protocol_by_id(proto);
1734 g_hash_table_insert(registered_dissectors, (gpointer)name,
1738 /* Call a dissector through a handle and if this fails call the "data"
1742 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
1743 packet_info *pinfo, proto_tree *tree)
1747 g_assert(handle != NULL);
1748 ret = call_dissector_work(handle, tvb, pinfo, tree);
1751 * The protocol was disabled, or the dissector rejected
1752 * it. Just dissect this packet as data.
1754 g_assert(data_handle != NULL);
1755 g_assert(data_handle->protocol != NULL);
1756 call_dissector(data_handle, tvb, pinfo, tree);
1757 return tvb_length(tvb);
1762 /* Call a dissector through a handle but if the dissector rejected it
1763 * return 0 instead of using the default "data" dissector.
1766 call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
1767 packet_info *pinfo, proto_tree *tree)
1771 ret = call_dissector_work(handle, tvb, pinfo, tree);
1776 * Dumps the "layer type"/"decode as" associations to stdout, similar
1777 * to the proto_registrar_dump_*() routines.
1779 * There is one record per line. The fields are tab-delimited.
1781 * Field 1 = layer type, e.g. "tcp.port"
1782 * Field 2 = selector in decimal
1783 * Field 3 = "decode as" name, e.g. "http"
1788 dissector_dump_decodes_display(const gchar *table_name,
1789 ftenum_t selector_type _U_, gpointer key, gpointer value,
1790 gpointer user_data _U_)
1792 guint32 selector = (guint32)(unsigned long) key;
1793 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1794 dtbl_entry_t *dtbl_entry;
1795 dissector_handle_t handle;
1797 const gchar *decode_as;
1799 g_assert(sub_dissectors);
1800 switch (sub_dissectors->type) {
1807 g_assert(dtbl_entry);
1809 handle = dtbl_entry->current;
1812 proto_id = dissector_handle_get_protocol_index(handle);
1814 if (proto_id != -1) {
1815 decode_as = proto_get_protocol_filter_name(proto_id);
1816 g_assert(decode_as != NULL);
1817 printf("%s\t%u\t%s\n", table_name, selector, decode_as);
1827 dissector_dump_decodes() {
1828 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);
1831 static GPtrArray* post_dissectors = NULL;
1832 static guint num_of_postdissectors = 0;
1834 void register_postdissector(dissector_handle_t handle) {
1835 if (!post_dissectors)
1836 post_dissectors = g_ptr_array_new();
1838 g_ptr_array_add(post_dissectors, handle);
1839 num_of_postdissectors++;
1842 extern void call_all_postdissectors(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
1844 for(i=0;i<num_of_postdissectors;i++) {
1845 call_dissector((dissector_handle_t) g_ptr_array_index(post_dissectors,i),