2 * Routines for packet disassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
43 #include "timestamp.h"
45 #include "atalk-utils.h"
46 #include "sna-utils.h"
47 #include "osi-utils.h"
50 #include "addr_resolv.h"
53 #include "epan_dissect.h"
56 #include <epan/reassemble.h>
57 #include <epan/stream.h>
58 #include <epan/expert.h>
60 static gint proto_malformed = -1;
61 static dissector_handle_t frame_handle = NULL;
62 static dissector_handle_t data_handle = NULL;
67 frame_handle = find_dissector("frame");
68 data_handle = find_dissector("data");
69 proto_malformed = proto_get_id_by_filter_name("malformed");
79 * Given a tvbuff, and a length from a packet header, adjust the length
80 * of the tvbuff to reflect the specified length.
83 set_actual_length(tvbuff_t *tvb, guint specified_len)
85 if (specified_len < tvb_reported_length(tvb)) {
86 /* Adjust the length of this tvbuff to include only the specified
89 The dissector above the one calling us (the dissector above is
90 probably us) may use that to determine how much of its packet
92 tvb_set_reported_length(tvb, specified_len);
96 /* Allow protocols to register "init" routines, which are called before
97 we make a pass through a capture file and dissect all its packets
98 (e.g., when we read in a new capture file, or run a "filter packets"
99 or "colorize packets" pass over the current capture file). */
100 static GSList *init_routines;
103 register_init_routine(void (*func)(void))
105 init_routines = g_slist_append(init_routines, (gpointer)func);
108 typedef void (*void_func_t)(void);
110 /* Initialize all data structures used for dissection. */
112 call_init_routine(gpointer routine, gpointer dummy _U_)
114 void_func_t func = (void_func_t)routine;
119 * XXX - for now, these are the same; the "init" routines free whatever
120 * stuff is left over from any previous dissection, and then initialize
123 * We should probably split that into "init" and "cleanup" routines, for
127 init_dissection(void)
129 /* Reclaim and reinitialize all memory of seasonal scope */
132 /* Initialize the table of conversations. */
133 epan_conversation_init();
135 /* Initialize the table of circuits. */
138 /* Initialize protocol-specific variables. */
139 g_slist_foreach(init_routines, &call_init_routine, NULL);
141 /* Initialize the common data structures for fragment reassembly.
142 Must be done *after* calling init routines, as those routines
143 may free up space for fragments, which they find by using the
144 data structures that "reassemble_init()" frees. */
147 /* Initialize the stream-handling tables */
150 /* Initialize the expert infos */
155 cleanup_dissection(void)
160 /* Allow protocols to register a "cleanup" routine to be
161 * run after the initial sequential run through the packets.
162 * Note that the file can still be open after this; this is not
163 * the final cleanup. */
164 static GSList *postseq_cleanup_routines;
167 register_postseq_cleanup_routine(void_func_t func)
169 postseq_cleanup_routines = g_slist_append(postseq_cleanup_routines,
173 /* Call all the registered "postseq_cleanup" routines. */
175 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
177 void_func_t func = (void_func_t)routine;
182 postseq_cleanup_all_protocols(void)
184 g_slist_foreach(postseq_cleanup_routines,
185 &call_postseq_cleanup_routine, NULL);
189 * Add a new data source to the list of data sources for a frame, given
190 * the tvbuff for the data source and its name.
193 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
197 src = ep_alloc(sizeof (data_source));
200 * XXX - if we require this argument to be a string constant,
201 * we don't need to allocate a buffer for a copy and make a
202 * copy, and wouldn't need to free the buffer, either.
204 src->name = ep_strdup_printf("%s (%u bytes)", name, tvb_length(tvb));
205 pinfo->data_src = g_slist_append(pinfo->data_src, src);
209 * Free up a frame's list of data sources.
212 free_data_sources(packet_info *pinfo)
214 g_slist_free(pinfo->data_src);
215 pinfo->data_src = NULL;
218 /* Allow dissectors to register a "final_registration" routine
219 * that is run like the proto_register_XXX() routine, but at the
220 * end of the epan_init() function; that is, *after* all other
221 * subsystems, like dfilters, have finished initializing. This is
222 * useful for dissector registration routines which need to compile
223 * display filters. dfilters can't initialize itself until all protocols
224 * have registered themselves. */
225 static GSList *final_registration_routines;
228 register_final_registration_routine(void (*func)(void))
230 final_registration_routines = g_slist_append(final_registration_routines,
234 /* Call all the registered "final_registration" routines. */
236 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
238 void_func_t func = (void_func_t)routine;
244 final_registration_all_protocols(void)
246 g_slist_foreach(final_registration_routines,
247 &call_final_registration_routine, NULL);
251 /* Creates the top-most tvbuff and calls dissect_frame() */
253 dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
254 const guchar *pd, frame_data *fd, column_info *cinfo)
258 edt->pi.current_proto = "<Missing Protocol Name>";
259 edt->pi.cinfo = cinfo;
261 edt->pi.pseudo_header = pseudo_header;
262 edt->pi.data_src = NULL;
263 edt->pi.dl_src.type = AT_NONE;
264 edt->pi.dl_src.len = 0;
265 edt->pi.dl_src.data = NULL;
266 edt->pi.dl_dst.type = AT_NONE;
267 edt->pi.dl_dst.len = 0;
268 edt->pi.dl_dst.data = NULL;
269 edt->pi.net_src.type = AT_NONE;
270 edt->pi.net_src.len = 0;
271 edt->pi.net_src.data = NULL;
272 edt->pi.net_dst.type = AT_NONE;
273 edt->pi.net_dst.len = 0;
274 edt->pi.net_dst.data = NULL;
275 edt->pi.src.type = AT_NONE;
277 edt->pi.src.data = NULL;
278 edt->pi.dst.type = AT_NONE;
280 edt->pi.dst.data = NULL;
281 edt->pi.ethertype = 0;
283 edt->pi.ipxptype = 0;
284 edt->pi.ctype = CT_NONE;
285 edt->pi.circuit_id = 0;
286 edt->pi.noreassembly_reason = "";
287 edt->pi.fragmented = FALSE;
288 edt->pi.in_error_pkt = FALSE;
289 edt->pi.ptype = PT_NONE;
291 edt->pi.destport = 0;
292 edt->pi.match_port = 0;
293 edt->pi.match_string = NULL;
294 edt->pi.can_desegment = 0;
295 edt->pi.want_pdu_tracking = 0;
296 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
297 edt->pi.private_data = NULL;
304 edt->pi.dcectxid = 0;
305 edt->pi.dcetransporttype = -1;
306 edt->pi.decrypt_gssapi_tvb = 0;
307 edt->pi.gssapi_wrap_tvb = NULL;
308 edt->pi.gssapi_encrypted_tvb = NULL;
309 edt->pi.gssapi_decrypted_tvb = NULL;
310 edt->pi.layer_names = NULL;
311 edt->pi.link_number = 0;
312 edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN;
313 edt->pi.profinet_type = 0;
314 edt->pi.usb_conv_info = NULL;
315 edt->pi.tcp_tree = NULL;
316 edt->pi.dcerpc_procedure_name="";
317 edt->pi.sccp_info = NULL;
320 edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
321 /* Add this tvbuffer into the data_src list */
322 add_new_data_source(&edt->pi, edt->tvb, "Frame");
324 /* Even though dissect_frame() catches all the exceptions a
325 * sub-dissector can throw, dissect_frame() itself may throw
326 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
327 * in this function. */
328 if(frame_handle != NULL)
329 call_dissector(frame_handle, edt->tvb, &edt->pi, edt->tree);
333 g_assert_not_reached();
335 CATCH(ReportedBoundsError) {
336 if(proto_malformed != -1){
337 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
338 "[Malformed Frame: Packet Length]" );
340 g_assert_not_reached();
343 CATCH(OutOfMemoryError) {
348 fd->flags.visited = 1;
351 /*********************** code added for sub-dissector lookup *********************/
354 * An dissector handle.
356 struct dissector_handle {
357 const char *name; /* dissector name */
358 gboolean is_new; /* TRUE if new-style dissector */
363 protocol_t *protocol;
366 /* This function will return
367 * old style dissector :
368 * length of the payload or 1 of the payload is empty
370 * >0 this protocol was successfully dissected and this was this protocol.
371 * 0 this packet did not match this protocol.
373 * The only time this function will return 0 is if it is a new style dissector
374 * and if the dissector rejected the packet.
377 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
378 packet_info *pinfo, proto_tree *tree)
380 const char *saved_proto;
383 saved_proto = pinfo->current_proto;
385 if (handle->protocol != NULL) {
386 pinfo->current_proto =
387 proto_get_protocol_short_name(handle->protocol);
390 if (handle->is_new) {
391 ret = (*handle->dissector.new)(tvb, pinfo, tree);
393 (*handle->dissector.old)(tvb, pinfo, tree);
394 ret = tvb_length(tvb);
397 * XXX - a tvbuff can have 0 bytes of data in
398 * it, so we have to make sure we don't return
405 pinfo->current_proto = saved_proto;
411 * Call a dissector through a handle.
412 * If the protocol for that handle isn't enabled, return 0 without
413 * calling the dissector.
414 * Otherwise, if the handle refers to a new-style dissector, call the
415 * dissector and return its return value, otherwise call it and return
416 * the length of the tvbuff pointed to by the argument.
419 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb,
420 packet_info *pinfo_arg, proto_tree *tree)
422 packet_info *volatile pinfo = pinfo_arg;
423 const char *saved_proto;
424 guint16 saved_can_desegment;
425 volatile int ret = 0;
426 gboolean save_writable;
427 volatile address save_dl_src;
428 volatile address save_dl_dst;
429 volatile address save_net_src;
430 volatile address save_net_dst;
431 volatile address save_src;
432 volatile address save_dst;
433 volatile gint saved_layer_names_len = 0;
435 if (handle->protocol != NULL &&
436 !proto_is_protocol_enabled(handle->protocol)) {
438 * The protocol isn't enabled.
443 saved_proto = pinfo->current_proto;
444 saved_can_desegment = pinfo->can_desegment;
446 if (pinfo->layer_names != NULL)
447 saved_layer_names_len = pinfo->layer_names->len;
450 * can_desegment is set to 2 by anyone which offers the
451 * desegmentation api/service.
452 * Then everytime a subdissector is called it is decremented
454 * Thus only the subdissector immediately on top of whoever
455 * offers this service can use it.
456 * We save the current value of "can_desegment" for the
457 * benefit of TCP proxying dissectors such as SOCKS, so they
458 * can restore it and allow the dissectors they call to use
459 * the desegmentation service.
461 pinfo->saved_can_desegment = saved_can_desegment;
462 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
463 if (handle->protocol != NULL) {
464 pinfo->current_proto =
465 proto_get_protocol_short_name(handle->protocol);
468 * Add the protocol name to the layers
470 if (pinfo->layer_names) {
471 if (pinfo->layer_names->len > 0)
472 g_string_append(pinfo->layer_names, ":");
473 g_string_append(pinfo->layer_names,
474 proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
478 if (pinfo->in_error_pkt) {
480 * This isn't a packet being transported inside
481 * the protocol whose dissector is calling us,
482 * it's a copy of a packet that caused an error
483 * in some protocol included in a packet that
484 * reports the error (e.g., an ICMP Unreachable
489 * Save the current state of the writability of
490 * the columns, and restore them after the
491 * dissector returns, so that the columns
492 * don't reflect the packet that got the error,
493 * they reflect the packet that reported the
496 save_writable = col_get_writable(pinfo->cinfo);
497 col_set_writable(pinfo->cinfo, FALSE);
498 save_dl_src = pinfo->dl_src;
499 save_dl_dst = pinfo->dl_dst;
500 save_net_src = pinfo->net_src;
501 save_net_dst = pinfo->net_dst;
502 save_src = pinfo->src;
503 save_dst = pinfo->dst;
505 /* Dissect the contained packet. */
507 ret = call_dissector_through_handle(handle, tvb,
512 * Restore the column writability and addresses.
514 col_set_writable(pinfo->cinfo, save_writable);
515 pinfo->dl_src = save_dl_src;
516 pinfo->dl_dst = save_dl_dst;
517 pinfo->net_src = save_net_src;
518 pinfo->net_dst = save_net_dst;
519 pinfo->src = save_src;
520 pinfo->dst = save_dst;
523 * Restore the current protocol, so any
524 * "Short Frame" indication reflects that
525 * protocol, not the protocol for the
526 * packet that got the error.
528 pinfo->current_proto = saved_proto;
531 * Restore the desegmentability state.
533 pinfo->can_desegment = saved_can_desegment;
536 * Rethrow the exception, so this will be
537 * reported as a short frame.
541 CATCH(ReportedBoundsError) {
543 * "ret" wasn't set because an exception was thrown
544 * before "call_dissector_through_handle()" returned.
545 * As it called something, at least one dissector
546 * accepted the packet, and, as an exception was
547 * thrown, not only was all the tvbuff dissected,
548 * a dissector tried dissecting past the end of
549 * the data in some tvbuff, so we'll assume that
550 * the entire tvbuff was dissected.
552 ret = tvb_length(tvb);
554 CATCH(OutOfMemoryError) {
559 col_set_writable(pinfo->cinfo, save_writable);
560 pinfo->dl_src = save_dl_src;
561 pinfo->dl_dst = save_dl_dst;
562 pinfo->net_src = save_net_src;
563 pinfo->net_dst = save_net_dst;
564 pinfo->src = save_src;
565 pinfo->dst = save_dst;
566 pinfo->want_pdu_tracking = 0;
569 * Just call the subdissector.
571 ret = call_dissector_through_handle(handle, tvb, pinfo, tree);
576 * That dissector didn't accept the packet, so
577 * remove its protocol's name from the list
580 if (pinfo->layer_names != NULL) {
581 g_string_truncate(pinfo->layer_names,
582 saved_layer_names_len);
585 pinfo->current_proto = saved_proto;
586 pinfo->can_desegment = saved_can_desegment;
591 * An entry in the hash table portion of a dissector table.
594 dissector_handle_t initial;
595 dissector_handle_t current;
601 * "hash_table" is a hash table, indexed by port number, supplying
602 * a "struct dtbl_entry"; it records what dissector is assigned to
603 * that port number in that table.
605 * "dissector_handles" is a list of all dissectors that *could* be
606 * used in that table; not all of them are necessarily in the table,
607 * as they may be for protocols that don't have a fixed port number.
609 * "ui_name" is the name the dissector table has in the user interface.
611 * "type" is a field type giving the width of the port number for that
614 * "base" is the base in which to display the port number for that
617 struct dissector_table {
618 GHashTable *hash_table;
619 GSList *dissector_handles;
625 static GHashTable *dissector_tables = NULL;
627 /* Finds a dissector table by table name. */
629 find_dissector_table(const char *name)
631 g_assert(dissector_tables);
632 return g_hash_table_lookup( dissector_tables, name );
635 /* Find an entry in a uint dissector table. */
636 static dtbl_entry_t *
637 find_uint_dtbl_entry(dissector_table_t sub_dissectors, guint32 pattern)
639 switch (sub_dissectors->type) {
646 * You can do a port lookup in these tables.
652 * But you can't do a port lookup in any other types
655 g_assert_not_reached();
661 return g_hash_table_lookup(sub_dissectors->hash_table,
662 GUINT_TO_POINTER(pattern));
665 /* Add an entry to a uint dissector table. */
667 dissector_add(const char *name, guint32 pattern, dissector_handle_t handle)
669 dissector_table_t sub_dissectors;
670 dtbl_entry_t *dtbl_entry;
672 sub_dissectors = find_dissector_table(name);
674 g_assert(sub_dissectors);
675 switch (sub_dissectors->type) {
682 * You can do a port lookup in these tables.
688 * But you can't do a port lookup in any other types
691 g_assert_not_reached();
694 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
695 dtbl_entry->current = handle;
696 dtbl_entry->initial = dtbl_entry->current;
698 /* do the table insertion */
699 g_hash_table_insert( sub_dissectors->hash_table,
700 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
703 * Now add it to the list of handles that could be used with this
704 * table, because it *is* being used with this table.
706 dissector_add_handle(name, handle);
709 /* Delete the entry for a dissector in a uint dissector table
710 with a particular pattern. */
712 /* NOTE: this doesn't use the dissector call variable. It is included to */
713 /* be consistant with the dissector_add and more importantly to be used */
714 /* if the technique of adding a temporary dissector is implemented. */
715 /* If temporary dissectors are deleted, then the original dissector must */
718 dissector_delete(const char *name, guint32 pattern,
719 dissector_handle_t handle _U_)
721 dissector_table_t sub_dissectors = find_dissector_table( name);
722 dtbl_entry_t *dtbl_entry;
725 g_assert( sub_dissectors);
730 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
732 if (dtbl_entry != NULL) {
736 g_hash_table_remove(sub_dissectors->hash_table,
737 GUINT_TO_POINTER(pattern));
740 * Now free up the entry.
746 /* Change the entry for a dissector in a uint dissector table
747 with a particular pattern to use a new dissector handle. */
749 dissector_change(const char *name, guint32 pattern, dissector_handle_t handle)
751 dissector_table_t sub_dissectors = find_dissector_table( name);
752 dtbl_entry_t *dtbl_entry;
755 g_assert( sub_dissectors);
758 * See if the entry already exists. If so, reuse it.
760 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
761 if (dtbl_entry != NULL) {
762 dtbl_entry->current = handle;
767 * Don't create an entry if there is no dissector handle - I.E. the
768 * user said not to decode something that wasn't being decoded
769 * in the first place.
774 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
775 dtbl_entry->initial = NULL;
776 dtbl_entry->current = handle;
778 /* do the table insertion */
779 g_hash_table_insert( sub_dissectors->hash_table,
780 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
783 /* Reset an entry in a uint dissector table to its initial value. */
785 dissector_reset(const char *name, guint32 pattern)
787 dissector_table_t sub_dissectors = find_dissector_table( name);
788 dtbl_entry_t *dtbl_entry;
791 g_assert( sub_dissectors);
796 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
798 if (dtbl_entry == NULL)
802 * Found - is there an initial value?
804 if (dtbl_entry->initial != NULL) {
805 dtbl_entry->current = dtbl_entry->initial;
807 g_hash_table_remove(sub_dissectors->hash_table,
808 GUINT_TO_POINTER(pattern));
813 /* Look for a given value in a given uint dissector table and, if found,
814 call the dissector with the arguments supplied, and return TRUE,
815 otherwise return FALSE. */
817 dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
818 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
820 dtbl_entry_t *dtbl_entry;
821 struct dissector_handle *handle;
822 guint32 saved_match_port;
825 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
826 if (dtbl_entry != NULL) {
828 * Is there currently a dissector handle for this entry?
830 handle = dtbl_entry->current;
831 if (handle == NULL) {
833 * No - pretend this dissector didn't exist,
834 * so that other dissectors might have a chance
835 * to dissect this packet.
841 * Save the current value of "pinfo->match_port",
842 * set it to the port that matched, call the
843 * dissector, and restore "pinfo->match_port".
845 saved_match_port = pinfo->match_port;
846 pinfo->match_port = port;
847 ret = call_dissector_work(handle, tvb, pinfo, tree);
848 pinfo->match_port = saved_match_port;
851 * If a new-style dissector returned 0, it means that
852 * it didn't think this tvbuff represented a packet for
853 * its protocol, and didn't dissect anything.
855 * Old-style dissectors can't reject the packet.
857 * 0 is also returned if the protocol wasn't enabled.
859 * If the packet was rejected, we return FALSE, so that
860 * other dissectors might have a chance to dissect this
861 * packet, otherwise we return TRUE.
868 /* Look for a given value in a given uint dissector table and, if found,
869 return the dissector handle for that value. */
871 dissector_get_port_handle(dissector_table_t sub_dissectors, guint32 port)
873 dtbl_entry_t *dtbl_entry;
875 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
876 if (dtbl_entry != NULL)
877 return dtbl_entry->current;
882 /* Find an entry in a string dissector table. */
883 static dtbl_entry_t *
884 find_string_dtbl_entry(dissector_table_t sub_dissectors, const gchar *pattern)
886 switch (sub_dissectors->type) {
891 * You can do a string lookup in these tables.
897 * But you can't do a string lookup in any other types
900 g_assert_not_reached();
906 return g_hash_table_lookup(sub_dissectors->hash_table, pattern);
909 /* Add an entry to a string dissector table. */
911 dissector_add_string(const char *name, const gchar *pattern,
912 dissector_handle_t handle)
914 dissector_table_t sub_dissectors = find_dissector_table( name);
915 dtbl_entry_t *dtbl_entry;
918 g_assert( sub_dissectors);
920 switch (sub_dissectors->type) {
925 * You can do a string lookup in these tables.
931 * But you can't do a string lookup in any other types
934 g_assert_not_reached();
937 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
938 dtbl_entry->current = handle;
939 dtbl_entry->initial = dtbl_entry->current;
941 /* do the table insertion */
942 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)pattern,
943 (gpointer)dtbl_entry);
946 * Now add it to the list of handles that could be used with this
947 * table, because it *is* being used with this table.
949 dissector_add_handle(name, handle);
952 /* Delete the entry for a dissector in a string dissector table
953 with a particular pattern. */
955 /* NOTE: this doesn't use the dissector call variable. It is included to */
956 /* be consistant with the dissector_add_string and more importantly to */
957 /* be used if the technique of adding a temporary dissector is */
959 /* If temporary dissectors are deleted, then the original dissector must */
962 dissector_delete_string(const char *name, const gchar *pattern,
963 dissector_handle_t handle _U_)
965 dissector_table_t sub_dissectors = find_dissector_table( name);
966 dtbl_entry_t *dtbl_entry;
969 g_assert( sub_dissectors);
974 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
976 if (dtbl_entry != NULL) {
980 g_hash_table_remove(sub_dissectors->hash_table, pattern);
983 * Now free up the entry.
989 /* Change the entry for a dissector in a string dissector table
990 with a particular pattern to use a new dissector handle. */
992 dissector_change_string(const char *name, gchar *pattern,
993 dissector_handle_t handle)
995 dissector_table_t sub_dissectors = find_dissector_table( name);
996 dtbl_entry_t *dtbl_entry;
999 g_assert( sub_dissectors);
1002 * See if the entry already exists. If so, reuse it.
1004 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1005 if (dtbl_entry != NULL) {
1006 dtbl_entry->current = handle;
1011 * Don't create an entry if there is no dissector handle - I.E. the
1012 * user said not to decode something that wasn't being decoded
1013 * in the first place.
1018 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
1019 dtbl_entry->initial = NULL;
1020 dtbl_entry->current = handle;
1022 /* do the table insertion */
1023 g_hash_table_insert( sub_dissectors->hash_table, pattern,
1024 (gpointer)dtbl_entry);
1027 /* Reset an entry in a string sub-dissector table to its initial value. */
1029 dissector_reset_string(const char *name, const gchar *pattern)
1031 dissector_table_t sub_dissectors = find_dissector_table( name);
1032 dtbl_entry_t *dtbl_entry;
1035 g_assert( sub_dissectors);
1040 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1042 if (dtbl_entry == NULL)
1046 * Found - is there an initial value?
1048 if (dtbl_entry->initial != NULL) {
1049 dtbl_entry->current = dtbl_entry->initial;
1051 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1056 /* Look for a given string in a given dissector table and, if found, call
1057 the dissector with the arguments supplied, and return TRUE, otherwise
1060 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1061 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1063 dtbl_entry_t *dtbl_entry;
1064 struct dissector_handle *handle;
1066 const gchar *saved_match_string;
1068 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1069 if (dtbl_entry != NULL) {
1071 * Is there currently a dissector handle for this entry?
1073 handle = dtbl_entry->current;
1074 if (handle == NULL) {
1076 * No - pretend this dissector didn't exist,
1077 * so that other dissectors might have a chance
1078 * to dissect this packet.
1084 * Save the current value of "pinfo->match_string",
1085 * set it to the string that matched, call the
1086 * dissector, and restore "pinfo->match_string".
1088 saved_match_string = pinfo->match_string;
1089 pinfo->match_string = string;
1090 ret = call_dissector_work(handle, tvb, pinfo, tree);
1091 pinfo->match_string = saved_match_string;
1094 * If a new-style dissector returned 0, it means that
1095 * it didn't think this tvbuff represented a packet for
1096 * its protocol, and didn't dissect anything.
1098 * Old-style dissectors can't reject the packet.
1100 * 0 is also returned if the protocol wasn't enabled.
1102 * If the packet was rejected, we return FALSE, so that
1103 * other dissectors might have a chance to dissect this
1104 * packet, otherwise we return TRUE.
1111 /* Look for a given value in a given string dissector table and, if found,
1112 return the dissector handle for that value. */
1114 dissector_get_string_handle(dissector_table_t sub_dissectors,
1115 const gchar *string)
1117 dtbl_entry_t *dtbl_entry;
1119 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1120 if (dtbl_entry != NULL)
1121 return dtbl_entry->current;
1127 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1129 return dtbl_entry->current;
1132 /* Add a handle to the list of handles that *could* be used with this
1133 table. That list is used by code in the UI. */
1135 dissector_add_handle(const char *name, dissector_handle_t handle)
1137 dissector_table_t sub_dissectors = find_dissector_table( name);
1141 g_assert(sub_dissectors != NULL);
1143 /* Is it already in this list? */
1144 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1145 if (entry != NULL) {
1147 * Yes - don't insert it again.
1152 /* Add it to the list. */
1153 sub_dissectors->dissector_handles =
1154 g_slist_append(sub_dissectors->dissector_handles, (gpointer)handle);
1158 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1160 return dtbl_entry->initial;
1163 /**************************************************/
1165 /* Routines to walk dissector tables */
1167 /**************************************************/
1169 typedef struct dissector_foreach_info {
1170 gpointer caller_data;
1171 DATFunc caller_func;
1173 const gchar *table_name;
1174 ftenum_t selector_type;
1175 } dissector_foreach_info_t;
1178 * Called for each entry in a dissector table.
1181 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1183 dissector_foreach_info_t *info;
1184 dtbl_entry_t *dtbl_entry;
1187 g_assert(user_data);
1190 if (dtbl_entry->current == NULL ||
1191 dtbl_entry->current->protocol == NULL) {
1193 * Either there is no dissector for this entry, or
1194 * the dissector doesn't have a protocol associated
1197 * XXX - should the latter check be done?
1203 info->caller_func(info->table_name, info->selector_type, key, value,
1208 * Called for each entry in the table of all dissector tables.
1211 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1213 dissector_table_t sub_dissectors;
1214 dissector_foreach_info_t *info;
1217 g_assert(user_data);
1219 sub_dissectors = value;
1221 info->table_name = (gchar*) key;
1222 info->selector_type = get_dissector_table_selector_type(info->table_name);
1223 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1227 * Walk all dissector tables calling a user supplied function on each
1231 dissector_all_tables_foreach (DATFunc func,
1234 dissector_foreach_info_t info;
1236 info.caller_data = user_data;
1237 info.caller_func = func;
1238 info.next_func = dissector_table_foreach_func;
1239 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1243 * Walk one dissector table's hash table calling a user supplied function
1247 dissector_table_foreach (const char *name,
1251 dissector_foreach_info_t info;
1252 dissector_table_t sub_dissectors = find_dissector_table( name);
1254 info.table_name = name;
1255 info.selector_type = sub_dissectors->type;
1256 info.caller_func = func;
1257 info.caller_data = user_data;
1258 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1262 * Walk one dissector table's list of handles calling a user supplied
1263 * function on each entry.
1266 dissector_table_foreach_handle(const char *name,
1267 DATFunc_handle func,
1270 dissector_table_t sub_dissectors = find_dissector_table( name);
1273 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1274 tmp = g_slist_next(tmp))
1275 func(name, tmp->data, user_data);
1279 * Called for each entry in a dissector table.
1282 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1284 dtbl_entry_t *dtbl_entry;
1285 dissector_foreach_info_t *info;
1288 g_assert(user_data);
1291 if (dtbl_entry->initial == dtbl_entry->current) {
1293 * Entry hasn't changed - don't call the function.
1299 info->caller_func(info->table_name, info->selector_type, key, value,
1304 * Walk all dissector tables calling a user supplied function only on
1305 * any entry that has been changed from its original state.
1308 dissector_all_tables_foreach_changed (DATFunc func,
1311 dissector_foreach_info_t info;
1313 info.caller_data = user_data;
1314 info.caller_func = func;
1315 info.next_func = dissector_table_foreach_changed_func;
1316 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1320 * Walk one dissector table calling a user supplied function only on
1321 * any entry that has been changed from its original state.
1324 dissector_table_foreach_changed (const char *name,
1328 dissector_foreach_info_t info;
1329 dissector_table_t sub_dissectors = find_dissector_table( name);
1331 info.table_name = name;
1332 info.selector_type = sub_dissectors->type;
1333 info.caller_func = func;
1334 info.caller_data = user_data;
1335 g_hash_table_foreach(sub_dissectors->hash_table,
1336 dissector_table_foreach_changed_func, &info);
1339 typedef struct dissector_foreach_table_info {
1340 gpointer caller_data;
1341 DATFunc_table caller_func;
1342 } dissector_foreach_table_info_t;
1345 * Called for each entry in the table of all dissector tables.
1348 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
1350 dissector_table_t table;
1351 dissector_foreach_table_info_t *info;
1355 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
1359 * Walk all dissector tables calling a user supplied function on each
1363 dissector_all_tables_foreach_table (DATFunc_table func,
1366 dissector_foreach_table_info_t info;
1368 info.caller_data = user_data;
1369 info.caller_func = func;
1370 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
1374 register_dissector_table(const char *name, const char *ui_name, ftenum_t type,
1377 dissector_table_t sub_dissectors;
1379 /* Create our hash-of-hashes if it doesn't already exist */
1380 if (!dissector_tables) {
1381 dissector_tables = g_hash_table_new( g_str_hash, g_str_equal );
1382 g_assert(dissector_tables);
1385 /* Make sure the registration is unique */
1386 g_assert(!g_hash_table_lookup( dissector_tables, name ));
1388 /* Create and register the dissector table for this name; returns */
1389 /* a pointer to the dissector table. */
1390 sub_dissectors = g_malloc(sizeof (struct dissector_table));
1398 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
1399 * so we use "g_direct_hash()" and "g_direct_equal()".
1401 sub_dissectors->hash_table = g_hash_table_new( g_direct_hash,
1407 sub_dissectors->hash_table = g_hash_table_new( g_str_hash,
1412 g_assert_not_reached();
1414 sub_dissectors->dissector_handles = NULL;
1415 sub_dissectors->ui_name = ui_name;
1416 sub_dissectors->type = type;
1417 sub_dissectors->base = base;
1418 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
1419 return sub_dissectors;
1423 get_dissector_table_ui_name(const char *name)
1425 dissector_table_t sub_dissectors = find_dissector_table( name);
1427 return sub_dissectors->ui_name;
1431 get_dissector_table_selector_type(const char *name)
1433 dissector_table_t sub_dissectors = find_dissector_table( name);
1435 return sub_dissectors->type;
1439 get_dissector_table_base(const char *name)
1441 dissector_table_t sub_dissectors = find_dissector_table( name);
1443 return sub_dissectors->base;
1446 static GHashTable *heur_dissector_lists = NULL;
1449 heur_dissector_t dissector;
1450 protocol_t *protocol;
1451 } heur_dtbl_entry_t;
1453 /* Finds a heuristic dissector table by field name. */
1454 static heur_dissector_list_t *
1455 find_heur_dissector_list(const char *name)
1457 g_assert(heur_dissector_lists != NULL);
1458 return g_hash_table_lookup(heur_dissector_lists, name);
1462 heur_dissector_add(const char *name, heur_dissector_t dissector, int proto)
1464 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1465 heur_dtbl_entry_t *dtbl_entry;
1468 g_assert(sub_dissectors != NULL);
1470 dtbl_entry = g_malloc(sizeof (heur_dtbl_entry_t));
1471 dtbl_entry->dissector = dissector;
1472 dtbl_entry->protocol = find_protocol_by_id(proto);
1474 /* do the table insertion */
1475 *sub_dissectors = g_slist_append(*sub_dissectors, (gpointer)dtbl_entry);
1479 dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
1480 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1483 const char *saved_proto;
1485 heur_dtbl_entry_t *dtbl_entry;
1486 guint16 saved_can_desegment;
1487 gint saved_layer_names_len = 0;
1489 /* can_desegment is set to 2 by anyone which offers this api/service.
1490 then everytime a subdissector is called it is decremented by one.
1491 thus only the subdissector immediately ontop of whoever offers this
1493 We save the current value of "can_desegment" for the
1494 benefit of TCP proxying dissectors such as SOCKS, so they
1495 can restore it and allow the dissectors they call to use
1496 the desegmentation service.
1498 saved_can_desegment=pinfo->can_desegment;
1499 pinfo->saved_can_desegment = saved_can_desegment;
1500 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1503 saved_proto = pinfo->current_proto;
1505 if (pinfo->layer_names != NULL)
1506 saved_layer_names_len = pinfo->layer_names->len;
1508 for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
1509 /* XXX - why set this now and above? */
1510 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1511 dtbl_entry = (heur_dtbl_entry_t *)entry->data;
1513 if (dtbl_entry->protocol != NULL &&
1514 !proto_is_protocol_enabled(dtbl_entry->protocol)) {
1516 * No - don't try this dissector.
1521 if (dtbl_entry->protocol != NULL) {
1522 pinfo->current_proto =
1523 proto_get_protocol_short_name(dtbl_entry->protocol);
1526 * Add the protocol name to the layers; we'll remove it
1527 * if the dissector fails.
1529 if (pinfo->layer_names) {
1530 if (pinfo->layer_names->len > 0)
1531 g_string_append(pinfo->layer_names, ":");
1532 g_string_append(pinfo->layer_names,
1533 proto_get_protocol_filter_name(proto_get_id(dtbl_entry->protocol)));
1537 if ((*dtbl_entry->dissector)(tvb, pinfo, tree)) {
1542 * That dissector didn't accept the packet, so
1543 * remove its protocol's name from the list
1546 if (pinfo->layer_names != NULL) {
1547 g_string_truncate(pinfo->layer_names,
1548 saved_layer_names_len);
1552 pinfo->current_proto = saved_proto;
1553 pinfo->can_desegment=saved_can_desegment;
1558 register_heur_dissector_list(const char *name, heur_dissector_list_t *sub_dissectors)
1560 /* Create our hash-of-lists if it doesn't already exist */
1561 if (heur_dissector_lists == NULL) {
1562 heur_dissector_lists = g_hash_table_new(g_str_hash, g_str_equal);
1563 g_assert(heur_dissector_lists != NULL);
1566 /* Make sure the registration is unique */
1567 g_assert(g_hash_table_lookup(heur_dissector_lists, name) == NULL);
1569 *sub_dissectors = NULL; /* initially empty */
1570 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
1571 (gpointer) sub_dissectors);
1575 * Register dissectors by name; used if one dissector always calls a
1576 * particular dissector, or if it bases the decision of which dissector
1577 * to call on something other than a numerical value or on "try a bunch
1578 * of dissectors until one likes the packet".
1582 * List of registered dissectors.
1584 static GHashTable *registered_dissectors = NULL;
1586 /* Get the short name of the protocol for a dissector handle, if it has
1589 dissector_handle_get_short_name(dissector_handle_t handle)
1591 if (handle->protocol == NULL) {
1593 * No protocol (see, for example, the handle for
1594 * dissecting the set of protocols where the first
1595 * octet of the payload is an OSI network layer protocol
1600 return proto_get_protocol_short_name(handle->protocol);
1603 /* Get the index of the protocol for a dissector handle, if it has
1606 dissector_handle_get_protocol_index(dissector_handle_t handle)
1608 if (handle->protocol == NULL) {
1610 * No protocol (see, for example, the handle for
1611 * dissecting the set of protocols where the first
1612 * octet of the payload is an OSI network layer protocol
1617 return proto_get_id(handle->protocol);
1620 /* Find a registered dissector by name. */
1622 find_dissector(const char *name)
1624 g_assert(registered_dissectors != NULL);
1625 return g_hash_table_lookup(registered_dissectors, name);
1628 /* Create an anonymous handle for a dissector. */
1630 create_dissector_handle(dissector_t dissector, int proto)
1632 struct dissector_handle *handle;
1634 handle = g_malloc(sizeof (struct dissector_handle));
1635 handle->name = NULL;
1636 handle->is_new = FALSE;
1637 handle->dissector.old = dissector;
1638 handle->protocol = find_protocol_by_id(proto);
1644 new_create_dissector_handle(new_dissector_t dissector, int proto)
1646 struct dissector_handle *handle;
1648 handle = g_malloc(sizeof (struct dissector_handle));
1649 handle->name = NULL;
1650 handle->is_new = TRUE;
1651 handle->dissector.new = dissector;
1652 handle->protocol = find_protocol_by_id(proto);
1657 /* Register a dissector by name. */
1659 register_dissector(const char *name, dissector_t dissector, int proto)
1661 struct dissector_handle *handle;
1663 /* Create our hash table if it doesn't already exist */
1664 if (registered_dissectors == NULL) {
1665 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1666 g_assert(registered_dissectors != NULL);
1669 /* Make sure the registration is unique */
1670 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1672 handle = g_malloc(sizeof (struct dissector_handle));
1673 handle->name = name;
1674 handle->is_new = FALSE;
1675 handle->dissector.old = dissector;
1676 handle->protocol = find_protocol_by_id(proto);
1678 g_hash_table_insert(registered_dissectors, (gpointer)name,
1683 new_register_dissector(const char *name, new_dissector_t dissector, int proto)
1685 struct dissector_handle *handle;
1687 /* Create our hash table if it doesn't already exist */
1688 if (registered_dissectors == NULL) {
1689 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1690 g_assert(registered_dissectors != NULL);
1693 /* Make sure the registration is unique */
1694 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1696 handle = g_malloc(sizeof (struct dissector_handle));
1697 handle->name = name;
1698 handle->is_new = TRUE;
1699 handle->dissector.new = dissector;
1700 handle->protocol = find_protocol_by_id(proto);
1702 g_hash_table_insert(registered_dissectors, (gpointer)name,
1706 /* Call a dissector through a handle and if this fails call the "data"
1710 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
1711 packet_info *pinfo, proto_tree *tree)
1715 g_assert(handle != NULL);
1716 ret = call_dissector_work(handle, tvb, pinfo, tree);
1719 * The protocol was disabled, or the dissector rejected
1720 * it. Just dissect this packet as data.
1722 g_assert(data_handle != NULL);
1723 g_assert(data_handle->protocol != NULL);
1724 call_dissector(data_handle, tvb, pinfo, tree);
1725 return tvb_length(tvb);
1730 /* Call a dissector through a handle but if the dissector rejected it
1731 * return 0 instead of using the default "data" dissector.
1734 call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
1735 packet_info *pinfo, proto_tree *tree)
1739 ret = call_dissector_work(handle, tvb, pinfo, tree);
1744 * Dumps the "layer type"/"decode as" associations to stdout, similar
1745 * to the proto_registrar_dump_*() routines.
1747 * There is one record per line. The fields are tab-delimited.
1749 * Field 1 = layer type, e.g. "tcp.port"
1750 * Field 2 = selector in decimal
1751 * Field 3 = "decode as" name, e.g. "http"
1756 dissector_dump_decodes_display(const gchar *table_name,
1757 ftenum_t selector_type _U_, gpointer key, gpointer value,
1758 gpointer user_data _U_)
1760 guint32 selector = (guint32)(unsigned long) key;
1761 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1762 dtbl_entry_t *dtbl_entry;
1763 dissector_handle_t handle;
1765 const gchar *decode_as;
1767 g_assert(sub_dissectors);
1768 switch (sub_dissectors->type) {
1775 g_assert(dtbl_entry);
1777 handle = dtbl_entry->current;
1780 proto_id = dissector_handle_get_protocol_index(handle);
1782 if (proto_id != -1) {
1783 decode_as = proto_get_protocol_filter_name(proto_id);
1784 g_assert(decode_as != NULL);
1785 printf("%s\t%u\t%s\n", table_name, selector, decode_as);
1795 dissector_dump_decodes() {
1796 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);
1799 static GPtrArray* post_dissectors = NULL;
1800 static guint num_of_postdissectors = 0;
1802 void register_postdissector(dissector_handle_t handle) {
1803 if (!post_dissectors)
1804 post_dissectors = g_ptr_array_new();
1806 g_ptr_array_add(post_dissectors, handle);
1807 num_of_postdissectors++;
1810 extern void call_all_postdissectors(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
1812 for(i=0;i<num_of_postdissectors;i++) {
1813 call_dissector((dissector_handle_t) g_ptr_array_index(post_dissectors,i),