2 * Routines for packet disassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
43 #include "timestamp.h"
45 #include "atalk-utils.h"
46 #include "sna-utils.h"
47 #include "osi-utils.h"
50 #include "addr_resolv.h"
53 #include "epan_dissect.h"
56 #include <epan/reassemble.h>
57 #include <epan/stream.h>
58 #include <epan/expert.h>
60 static gint proto_malformed = -1;
61 static dissector_handle_t frame_handle = NULL;
62 static dissector_handle_t data_handle = NULL;
64 const true_false_string flags_set_truth = {
72 frame_handle = find_dissector("frame");
73 data_handle = find_dissector("data");
74 proto_malformed = proto_get_id_by_filter_name("malformed");
84 * Given a tvbuff, and a length from a packet header, adjust the length
85 * of the tvbuff to reflect the specified length.
88 set_actual_length(tvbuff_t *tvb, guint specified_len)
90 if (specified_len < tvb_reported_length(tvb)) {
91 /* Adjust the length of this tvbuff to include only the specified
94 The dissector above the one calling us (the dissector above is
95 probably us) may use that to determine how much of its packet
97 tvb_set_reported_length(tvb, specified_len);
101 /* Allow protocols to register "init" routines, which are called before
102 we make a pass through a capture file and dissect all its packets
103 (e.g., when we read in a new capture file, or run a "filter packets"
104 or "colorize packets" pass over the current capture file). */
105 static GSList *init_routines;
108 register_init_routine(void (*func)(void))
110 init_routines = g_slist_append(init_routines, (gpointer)func);
113 typedef void (*void_func_t)(void);
115 /* Initialize all data structures used for dissection. */
117 call_init_routine(gpointer routine, gpointer dummy _U_)
119 void_func_t func = (void_func_t)routine;
124 * XXX - for now, these are the same; the "init" routines free whatever
125 * stuff is left over from any previous dissection, and then initialize
128 * We should probably split that into "init" and "cleanup" routines, for
132 init_dissection(void)
134 /* Reclaim and reinitialize all memory of seasonal scope */
137 /* Initialize the table of conversations. */
138 epan_conversation_init();
140 /* Initialize the table of circuits. */
143 /* Initialize protocol-specific variables. */
144 g_slist_foreach(init_routines, &call_init_routine, NULL);
146 /* Initialize the common data structures for fragment reassembly.
147 Must be done *after* calling init routines, as those routines
148 may free up space for fragments, which they find by using the
149 data structures that "reassemble_init()" frees. */
152 /* Initialize the stream-handling tables */
155 /* Initialize the expert infos */
160 cleanup_dissection(void)
165 /* Allow protocols to register a "cleanup" routine to be
166 * run after the initial sequential run through the packets.
167 * Note that the file can still be open after this; this is not
168 * the final cleanup. */
169 static GSList *postseq_cleanup_routines;
172 register_postseq_cleanup_routine(void_func_t func)
174 postseq_cleanup_routines = g_slist_append(postseq_cleanup_routines,
178 /* Call all the registered "postseq_cleanup" routines. */
180 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
182 void_func_t func = (void_func_t)routine;
187 postseq_cleanup_all_protocols(void)
189 g_slist_foreach(postseq_cleanup_routines,
190 &call_postseq_cleanup_routine, NULL);
194 * Add a new data source to the list of data sources for a frame, given
195 * the tvbuff for the data source and its name.
198 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
202 src = ep_alloc(sizeof (data_source));
205 * XXX - if we require this argument to be a string constant,
206 * we don't need to allocate a buffer for a copy and make a
207 * copy, and wouldn't need to free the buffer, either.
209 src->name = ep_strdup_printf("%s (%u bytes)", name, tvb_length(tvb));
210 pinfo->data_src = g_slist_append(pinfo->data_src, src);
214 * Free up a frame's list of data sources.
217 free_data_sources(packet_info *pinfo)
219 g_slist_free(pinfo->data_src);
220 pinfo->data_src = NULL;
223 /* Allow dissectors to register a "final_registration" routine
224 * that is run like the proto_register_XXX() routine, but at the
225 * end of the epan_init() function; that is, *after* all other
226 * subsystems, like dfilters, have finished initializing. This is
227 * useful for dissector registration routines which need to compile
228 * display filters. dfilters can't initialize itself until all protocols
229 * have registered themselves. */
230 static GSList *final_registration_routines;
233 register_final_registration_routine(void (*func)(void))
235 final_registration_routines = g_slist_append(final_registration_routines,
239 /* Call all the registered "final_registration" routines. */
241 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
243 void_func_t func = (void_func_t)routine;
249 final_registration_all_protocols(void)
251 g_slist_foreach(final_registration_routines,
252 &call_final_registration_routine, NULL);
256 /* Creates the top-most tvbuff and calls dissect_frame() */
258 dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
259 const guchar *pd, frame_data *fd, column_info *cinfo)
263 edt->pi.current_proto = "<Missing Protocol Name>";
264 edt->pi.cinfo = cinfo;
266 edt->pi.pseudo_header = pseudo_header;
267 edt->pi.data_src = NULL;
268 edt->pi.dl_src.type = AT_NONE;
269 edt->pi.dl_src.len = 0;
270 edt->pi.dl_src.data = NULL;
271 edt->pi.dl_dst.type = AT_NONE;
272 edt->pi.dl_dst.len = 0;
273 edt->pi.dl_dst.data = NULL;
274 edt->pi.net_src.type = AT_NONE;
275 edt->pi.net_src.len = 0;
276 edt->pi.net_src.data = NULL;
277 edt->pi.net_dst.type = AT_NONE;
278 edt->pi.net_dst.len = 0;
279 edt->pi.net_dst.data = NULL;
280 edt->pi.src.type = AT_NONE;
282 edt->pi.src.data = NULL;
283 edt->pi.dst.type = AT_NONE;
285 edt->pi.dst.data = NULL;
286 edt->pi.ethertype = 0;
288 edt->pi.ipxptype = 0;
289 edt->pi.ctype = CT_NONE;
290 edt->pi.circuit_id = 0;
291 edt->pi.noreassembly_reason = "";
292 edt->pi.fragmented = FALSE;
293 edt->pi.in_error_pkt = FALSE;
294 edt->pi.ptype = PT_NONE;
296 edt->pi.destport = 0;
297 edt->pi.match_port = 0;
298 edt->pi.match_string = NULL;
299 edt->pi.can_desegment = 0;
300 edt->pi.want_pdu_tracking = 0;
301 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
302 edt->pi.private_data = NULL;
309 edt->pi.dcectxid = 0;
310 edt->pi.dcetransporttype = -1;
311 edt->pi.decrypt_gssapi_tvb = 0;
312 edt->pi.gssapi_wrap_tvb = NULL;
313 edt->pi.gssapi_encrypted_tvb = NULL;
314 edt->pi.gssapi_decrypted_tvb = NULL;
315 edt->pi.layer_names = NULL;
316 edt->pi.link_number = 0;
317 edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN;
318 edt->pi.profinet_type = 0;
319 edt->pi.usb_conv_info = NULL;
320 edt->pi.tcp_tree = NULL;
323 edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
324 /* Add this tvbuffer into the data_src list */
325 add_new_data_source(&edt->pi, edt->tvb, "Frame");
327 /* Even though dissect_frame() catches all the exceptions a
328 * sub-dissector can throw, dissect_frame() itself may throw
329 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
330 * in this function. */
331 if(frame_handle != NULL)
332 call_dissector(frame_handle, edt->tvb, &edt->pi, edt->tree);
336 g_assert_not_reached();
338 CATCH(ReportedBoundsError) {
339 if(proto_malformed != -1){
340 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
341 "[Malformed Frame: Packet Length]" );
343 g_assert_not_reached();
348 fd->flags.visited = 1;
351 /*********************** code added for sub-dissector lookup *********************/
354 * An dissector handle.
356 struct dissector_handle {
357 const char *name; /* dissector name */
358 gboolean is_new; /* TRUE if new-style dissector */
363 protocol_t *protocol;
366 /* This function will return
367 * old style dissector :
368 * length of the payload or 1 of the payload is empty
370 * >0 this protocol was successfully dissected and this was this protocol.
371 * 0 this packet did not match this protocol.
373 * The only time this function will return 0 is if it is a new style dissector
374 * and if the dissector rejected the packet.
377 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
378 packet_info *pinfo, proto_tree *tree)
380 const char *saved_proto;
383 saved_proto = pinfo->current_proto;
385 if (handle->protocol != NULL) {
386 pinfo->current_proto =
387 proto_get_protocol_short_name(handle->protocol);
390 if (handle->is_new) {
391 ret = (*handle->dissector.new)(tvb, pinfo, tree);
393 (*handle->dissector.old)(tvb, pinfo, tree);
394 ret = tvb_length(tvb);
397 * XXX - a tvbuff can have 0 bytes of data in
398 * it, so we have to make sure we don't return
405 pinfo->current_proto = saved_proto;
411 * Call a dissector through a handle.
412 * If the protocol for that handle isn't enabled, return 0 without
413 * calling the dissector.
414 * Otherwise, if the handle refers to a new-style dissector, call the
415 * dissector and return its return value, otherwise call it and return
416 * the length of the tvbuff pointed to by the argument.
419 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb,
420 packet_info *pinfo_arg, proto_tree *tree)
422 packet_info *volatile pinfo = pinfo_arg;
423 const char *saved_proto;
424 guint16 saved_can_desegment;
425 volatile int ret = 0;
426 gboolean save_writable;
427 volatile address save_dl_src;
428 volatile address save_dl_dst;
429 volatile address save_net_src;
430 volatile address save_net_dst;
431 volatile address save_src;
432 volatile address save_dst;
433 volatile gint saved_layer_names_len = 0;
435 if (handle->protocol != NULL &&
436 !proto_is_protocol_enabled(handle->protocol)) {
438 * The protocol isn't enabled.
443 saved_proto = pinfo->current_proto;
444 saved_can_desegment = pinfo->can_desegment;
446 if (pinfo->layer_names != NULL)
447 saved_layer_names_len = pinfo->layer_names->len;
450 * can_desegment is set to 2 by anyone which offers the
451 * desegmentation api/service.
452 * Then everytime a subdissector is called it is decremented
454 * Thus only the subdissector immediately on top of whoever
455 * offers this service can use it.
456 * We save the current value of "can_desegment" for the
457 * benefit of TCP proxying dissectors such as SOCKS, so they
458 * can restore it and allow the dissectors they call to use
459 * the desegmentation service.
461 pinfo->saved_can_desegment = saved_can_desegment;
462 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
463 if (handle->protocol != NULL) {
464 pinfo->current_proto =
465 proto_get_protocol_short_name(handle->protocol);
468 * Add the protocol name to the layers
470 if (pinfo->layer_names) {
471 if (pinfo->layer_names->len > 0)
472 g_string_append(pinfo->layer_names, ":");
473 g_string_append(pinfo->layer_names,
474 proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
478 if (pinfo->in_error_pkt) {
480 * This isn't a packet being transported inside
481 * the protocol whose dissector is calling us,
482 * it's a copy of a packet that caused an error
483 * in some protocol included in a packet that
484 * reports the error (e.g., an ICMP Unreachable
489 * Save the current state of the writability of
490 * the columns, and restore them after the
491 * dissector returns, so that the columns
492 * don't reflect the packet that got the error,
493 * they reflect the packet that reported the
496 save_writable = col_get_writable(pinfo->cinfo);
497 col_set_writable(pinfo->cinfo, FALSE);
498 save_dl_src = pinfo->dl_src;
499 save_dl_dst = pinfo->dl_dst;
500 save_net_src = pinfo->net_src;
501 save_net_dst = pinfo->net_dst;
502 save_src = pinfo->src;
503 save_dst = pinfo->dst;
505 /* Dissect the contained packet. */
507 ret = call_dissector_through_handle(handle, tvb,
512 * Restore the column writability and addresses.
514 col_set_writable(pinfo->cinfo, save_writable);
515 pinfo->dl_src = save_dl_src;
516 pinfo->dl_dst = save_dl_dst;
517 pinfo->net_src = save_net_src;
518 pinfo->net_dst = save_net_dst;
519 pinfo->src = save_src;
520 pinfo->dst = save_dst;
523 * Restore the current protocol, so any
524 * "Short Frame" indication reflects that
525 * protocol, not the protocol for the
526 * packet that got the error.
528 pinfo->current_proto = saved_proto;
531 * Restore the desegmentability state.
533 pinfo->can_desegment = saved_can_desegment;
536 * Rethrow the exception, so this will be
537 * reported as a short frame.
541 CATCH(ReportedBoundsError) {
543 * "ret" wasn't set because an exception was thrown
544 * before "call_dissector_through_handle()" returned.
545 * As it called something, at least one dissector
546 * accepted the packet, and, as an exception was
547 * thrown, not only was all the tvbuff dissected,
548 * a dissector tried dissecting past the end of
549 * the data in some tvbuff, so we'll assume that
550 * the entire tvbuff was dissected.
552 ret = tvb_length(tvb);
556 col_set_writable(pinfo->cinfo, save_writable);
557 pinfo->dl_src = save_dl_src;
558 pinfo->dl_dst = save_dl_dst;
559 pinfo->net_src = save_net_src;
560 pinfo->net_dst = save_net_dst;
561 pinfo->src = save_src;
562 pinfo->dst = save_dst;
563 pinfo->want_pdu_tracking = 0;
566 * Just call the subdissector.
568 ret = call_dissector_through_handle(handle, tvb, pinfo, tree);
573 * That dissector didn't accept the packet, so
574 * remove its protocol's name from the list
577 if (pinfo->layer_names != NULL) {
578 g_string_truncate(pinfo->layer_names,
579 saved_layer_names_len);
582 pinfo->current_proto = saved_proto;
583 pinfo->can_desegment = saved_can_desegment;
588 * An entry in the hash table portion of a dissector table.
591 dissector_handle_t initial;
592 dissector_handle_t current;
598 * "hash_table" is a hash table, indexed by port number, supplying
599 * a "struct dtbl_entry"; it records what dissector is assigned to
600 * that port number in that table.
602 * "dissector_handles" is a list of all dissectors that *could* be
603 * used in that table; not all of them are necessarily in the table,
604 * as they may be for protocols that don't have a fixed port number.
606 * "ui_name" is the name the dissector table has in the user interface.
608 * "type" is a field type giving the width of the port number for that
611 * "base" is the base in which to display the port number for that
614 struct dissector_table {
615 GHashTable *hash_table;
616 GSList *dissector_handles;
622 static GHashTable *dissector_tables = NULL;
624 /* Finds a dissector table by table name. */
626 find_dissector_table(const char *name)
628 g_assert(dissector_tables);
629 return g_hash_table_lookup( dissector_tables, name );
632 /* Find an entry in a uint dissector table. */
633 static dtbl_entry_t *
634 find_uint_dtbl_entry(dissector_table_t sub_dissectors, guint32 pattern)
636 switch (sub_dissectors->type) {
643 * You can do a port lookup in these tables.
649 * But you can't do a port lookup in any other types
652 g_assert_not_reached();
658 return g_hash_table_lookup(sub_dissectors->hash_table,
659 GUINT_TO_POINTER(pattern));
662 /* Add an entry to a uint dissector table. */
664 dissector_add(const char *name, guint32 pattern, dissector_handle_t handle)
666 dissector_table_t sub_dissectors = find_dissector_table( name);
667 dtbl_entry_t *dtbl_entry;
670 g_assert( sub_dissectors);
671 switch (sub_dissectors->type) {
678 * You can do a port lookup in these tables.
684 * But you can't do a port lookup in any other types
687 g_assert_not_reached();
690 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
691 dtbl_entry->current = handle;
692 dtbl_entry->initial = dtbl_entry->current;
694 /* do the table insertion */
695 g_hash_table_insert( sub_dissectors->hash_table,
696 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
699 * Now add it to the list of handles that could be used with this
700 * table, because it *is* being used with this table.
702 dissector_add_handle(name, handle);
705 /* Delete the entry for a dissector in a uint dissector table
706 with a particular pattern. */
708 /* NOTE: this doesn't use the dissector call variable. It is included to */
709 /* be consistant with the dissector_add and more importantly to be used */
710 /* if the technique of adding a temporary dissector is implemented. */
711 /* If temporary dissectors are deleted, then the original dissector must */
714 dissector_delete(const char *name, guint32 pattern,
715 dissector_handle_t handle _U_)
717 dissector_table_t sub_dissectors = find_dissector_table( name);
718 dtbl_entry_t *dtbl_entry;
721 g_assert( sub_dissectors);
726 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
728 if (dtbl_entry != NULL) {
732 g_hash_table_remove(sub_dissectors->hash_table,
733 GUINT_TO_POINTER(pattern));
736 * Now free up the entry.
742 /* Change the entry for a dissector in a uint dissector table
743 with a particular pattern to use a new dissector handle. */
745 dissector_change(const char *name, guint32 pattern, dissector_handle_t handle)
747 dissector_table_t sub_dissectors = find_dissector_table( name);
748 dtbl_entry_t *dtbl_entry;
751 g_assert( sub_dissectors);
754 * See if the entry already exists. If so, reuse it.
756 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
757 if (dtbl_entry != NULL) {
758 dtbl_entry->current = handle;
763 * Don't create an entry if there is no dissector handle - I.E. the
764 * user said not to decode something that wasn't being decoded
765 * in the first place.
770 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
771 dtbl_entry->initial = NULL;
772 dtbl_entry->current = handle;
774 /* do the table insertion */
775 g_hash_table_insert( sub_dissectors->hash_table,
776 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
779 /* Reset an entry in a uint dissector table to its initial value. */
781 dissector_reset(const char *name, guint32 pattern)
783 dissector_table_t sub_dissectors = find_dissector_table( name);
784 dtbl_entry_t *dtbl_entry;
787 g_assert( sub_dissectors);
792 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
794 if (dtbl_entry == NULL)
798 * Found - is there an initial value?
800 if (dtbl_entry->initial != NULL) {
801 dtbl_entry->current = dtbl_entry->initial;
803 g_hash_table_remove(sub_dissectors->hash_table,
804 GUINT_TO_POINTER(pattern));
809 /* Look for a given value in a given uint dissector table and, if found,
810 call the dissector with the arguments supplied, and return TRUE,
811 otherwise return FALSE. */
813 dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
814 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
816 dtbl_entry_t *dtbl_entry;
817 struct dissector_handle *handle;
818 guint32 saved_match_port;
821 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
822 if (dtbl_entry != NULL) {
824 * Is there currently a dissector handle for this entry?
826 handle = dtbl_entry->current;
827 if (handle == NULL) {
829 * No - pretend this dissector didn't exist,
830 * so that other dissectors might have a chance
831 * to dissect this packet.
837 * Save the current value of "pinfo->match_port",
838 * set it to the port that matched, call the
839 * dissector, and restore "pinfo->match_port".
841 saved_match_port = pinfo->match_port;
842 pinfo->match_port = port;
843 ret = call_dissector_work(handle, tvb, pinfo, tree);
844 pinfo->match_port = saved_match_port;
847 * If a new-style dissector returned 0, it means that
848 * it didn't think this tvbuff represented a packet for
849 * its protocol, and didn't dissect anything.
851 * Old-style dissectors can't reject the packet.
853 * 0 is also returned if the protocol wasn't enabled.
855 * If the packet was rejected, we return FALSE, so that
856 * other dissectors might have a chance to dissect this
857 * packet, otherwise we return TRUE.
864 /* Look for a given value in a given uint dissector table and, if found,
865 return the dissector handle for that value. */
867 dissector_get_port_handle(dissector_table_t sub_dissectors, guint32 port)
869 dtbl_entry_t *dtbl_entry;
871 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
872 if (dtbl_entry != NULL)
873 return dtbl_entry->current;
878 /* Find an entry in a string dissector table. */
879 static dtbl_entry_t *
880 find_string_dtbl_entry(dissector_table_t sub_dissectors, const gchar *pattern)
882 switch (sub_dissectors->type) {
887 * You can do a string lookup in these tables.
893 * But you can't do a string lookup in any other types
896 g_assert_not_reached();
902 return g_hash_table_lookup(sub_dissectors->hash_table, pattern);
905 /* Add an entry to a string dissector table. */
907 dissector_add_string(const char *name, const gchar *pattern,
908 dissector_handle_t handle)
910 dissector_table_t sub_dissectors = find_dissector_table( name);
911 dtbl_entry_t *dtbl_entry;
914 g_assert( sub_dissectors);
916 switch (sub_dissectors->type) {
921 * You can do a string lookup in these tables.
927 * But you can't do a string lookup in any other types
930 g_assert_not_reached();
933 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
934 dtbl_entry->current = handle;
935 dtbl_entry->initial = dtbl_entry->current;
937 /* do the table insertion */
938 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)pattern,
939 (gpointer)dtbl_entry);
942 * Now add it to the list of handles that could be used with this
943 * table, because it *is* being used with this table.
945 dissector_add_handle(name, handle);
948 /* Delete the entry for a dissector in a string dissector table
949 with a particular pattern. */
951 /* NOTE: this doesn't use the dissector call variable. It is included to */
952 /* be consistant with the dissector_add_string and more importantly to */
953 /* be used if the technique of adding a temporary dissector is */
955 /* If temporary dissectors are deleted, then the original dissector must */
958 dissector_delete_string(const char *name, const gchar *pattern,
959 dissector_handle_t handle _U_)
961 dissector_table_t sub_dissectors = find_dissector_table( name);
962 dtbl_entry_t *dtbl_entry;
965 g_assert( sub_dissectors);
970 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
972 if (dtbl_entry != NULL) {
976 g_hash_table_remove(sub_dissectors->hash_table, pattern);
979 * Now free up the entry.
985 /* Change the entry for a dissector in a string dissector table
986 with a particular pattern to use a new dissector handle. */
988 dissector_change_string(const char *name, gchar *pattern,
989 dissector_handle_t handle)
991 dissector_table_t sub_dissectors = find_dissector_table( name);
992 dtbl_entry_t *dtbl_entry;
995 g_assert( sub_dissectors);
998 * See if the entry already exists. If so, reuse it.
1000 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1001 if (dtbl_entry != NULL) {
1002 dtbl_entry->current = handle;
1007 * Don't create an entry if there is no dissector handle - I.E. the
1008 * user said not to decode something that wasn't being decoded
1009 * in the first place.
1014 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
1015 dtbl_entry->initial = NULL;
1016 dtbl_entry->current = handle;
1018 /* do the table insertion */
1019 g_hash_table_insert( sub_dissectors->hash_table, pattern,
1020 (gpointer)dtbl_entry);
1023 /* Reset an entry in a string sub-dissector table to its initial value. */
1025 dissector_reset_string(const char *name, const gchar *pattern)
1027 dissector_table_t sub_dissectors = find_dissector_table( name);
1028 dtbl_entry_t *dtbl_entry;
1031 g_assert( sub_dissectors);
1036 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1038 if (dtbl_entry == NULL)
1042 * Found - is there an initial value?
1044 if (dtbl_entry->initial != NULL) {
1045 dtbl_entry->current = dtbl_entry->initial;
1047 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1052 /* Look for a given string in a given dissector table and, if found, call
1053 the dissector with the arguments supplied, and return TRUE, otherwise
1056 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1057 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1059 dtbl_entry_t *dtbl_entry;
1060 struct dissector_handle *handle;
1062 const gchar *saved_match_string;
1064 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1065 if (dtbl_entry != NULL) {
1067 * Is there currently a dissector handle for this entry?
1069 handle = dtbl_entry->current;
1070 if (handle == NULL) {
1072 * No - pretend this dissector didn't exist,
1073 * so that other dissectors might have a chance
1074 * to dissect this packet.
1080 * Save the current value of "pinfo->match_string",
1081 * set it to the string that matched, call the
1082 * dissector, and restore "pinfo->match_string".
1084 saved_match_string = pinfo->match_string;
1085 pinfo->match_string = string;
1086 ret = call_dissector_work(handle, tvb, pinfo, tree);
1087 pinfo->match_string = saved_match_string;
1090 * If a new-style dissector returned 0, it means that
1091 * it didn't think this tvbuff represented a packet for
1092 * its protocol, and didn't dissect anything.
1094 * Old-style dissectors can't reject the packet.
1096 * 0 is also returned if the protocol wasn't enabled.
1098 * If the packet was rejected, we return FALSE, so that
1099 * other dissectors might have a chance to dissect this
1100 * packet, otherwise we return TRUE.
1107 /* Look for a given value in a given string dissector table and, if found,
1108 return the dissector handle for that value. */
1110 dissector_get_string_handle(dissector_table_t sub_dissectors,
1111 const gchar *string)
1113 dtbl_entry_t *dtbl_entry;
1115 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1116 if (dtbl_entry != NULL)
1117 return dtbl_entry->current;
1123 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1125 return dtbl_entry->current;
1128 /* Add a handle to the list of handles that *could* be used with this
1129 table. That list is used by code in the UI. */
1131 dissector_add_handle(const char *name, dissector_handle_t handle)
1133 dissector_table_t sub_dissectors = find_dissector_table( name);
1137 g_assert(sub_dissectors != NULL);
1139 /* Is it already in this list? */
1140 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1141 if (entry != NULL) {
1143 * Yes - don't insert it again.
1148 /* Add it to the list. */
1149 sub_dissectors->dissector_handles =
1150 g_slist_append(sub_dissectors->dissector_handles, (gpointer)handle);
1154 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1156 return dtbl_entry->initial;
1159 /**************************************************/
1161 /* Routines to walk dissector tables */
1163 /**************************************************/
1165 typedef struct dissector_foreach_info {
1166 gpointer caller_data;
1167 DATFunc caller_func;
1170 ftenum_t selector_type;
1171 } dissector_foreach_info_t;
1174 * Called for each entry in a dissector table.
1177 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1179 dissector_foreach_info_t *info;
1180 dtbl_entry_t *dtbl_entry;
1183 g_assert(user_data);
1186 if (dtbl_entry->current == NULL ||
1187 dtbl_entry->current->protocol == NULL) {
1189 * Either there is no dissector for this entry, or
1190 * the dissector doesn't have a protocol associated
1193 * XXX - should the latter check be done?
1199 info->caller_func(info->table_name, info->selector_type, key, value,
1204 * Called for each entry in the table of all dissector tables.
1207 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1209 dissector_table_t sub_dissectors;
1210 dissector_foreach_info_t *info;
1213 g_assert(user_data);
1215 sub_dissectors = value;
1217 info->table_name = (gchar*) key;
1218 info->selector_type = get_dissector_table_selector_type(info->table_name);
1219 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1223 * Walk all dissector tables calling a user supplied function on each
1227 dissector_all_tables_foreach (DATFunc func,
1230 dissector_foreach_info_t info;
1232 info.caller_data = user_data;
1233 info.caller_func = func;
1234 info.next_func = dissector_table_foreach_func;
1235 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1239 * Walk one dissector table's hash table calling a user supplied function
1243 dissector_table_foreach (char *name,
1247 dissector_foreach_info_t info;
1248 dissector_table_t sub_dissectors = find_dissector_table( name);
1250 info.table_name = name;
1251 info.selector_type = sub_dissectors->type;
1252 info.caller_func = func;
1253 info.caller_data = user_data;
1254 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1258 * Walk one dissector table's list of handles calling a user supplied
1259 * function on each entry.
1262 dissector_table_foreach_handle(const char *name,
1263 DATFunc_handle func,
1266 dissector_table_t sub_dissectors = find_dissector_table( name);
1269 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1270 tmp = g_slist_next(tmp))
1271 func(name, tmp->data, user_data);
1275 * Called for each entry in a dissector table.
1278 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1280 dtbl_entry_t *dtbl_entry;
1281 dissector_foreach_info_t *info;
1284 g_assert(user_data);
1287 if (dtbl_entry->initial == dtbl_entry->current) {
1289 * Entry hasn't changed - don't call the function.
1295 info->caller_func(info->table_name, info->selector_type, key, value,
1300 * Walk all dissector tables calling a user supplied function only on
1301 * any entry that has been changed from its original state.
1304 dissector_all_tables_foreach_changed (DATFunc func,
1307 dissector_foreach_info_t info;
1309 info.caller_data = user_data;
1310 info.caller_func = func;
1311 info.next_func = dissector_table_foreach_changed_func;
1312 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1316 * Walk one dissector table calling a user supplied function only on
1317 * any entry that has been changed from its original state.
1320 dissector_table_foreach_changed (char *name,
1324 dissector_foreach_info_t info;
1325 dissector_table_t sub_dissectors = find_dissector_table( name);
1327 info.table_name = name;
1328 info.selector_type = sub_dissectors->type;
1329 info.caller_func = func;
1330 info.caller_data = user_data;
1331 g_hash_table_foreach(sub_dissectors->hash_table,
1332 dissector_table_foreach_changed_func, &info);
1335 typedef struct dissector_foreach_table_info {
1336 gpointer caller_data;
1337 DATFunc_table caller_func;
1338 } dissector_foreach_table_info_t;
1341 * Called for each entry in the table of all dissector tables.
1344 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
1346 dissector_table_t table;
1347 dissector_foreach_table_info_t *info;
1351 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
1355 * Walk all dissector tables calling a user supplied function on each
1359 dissector_all_tables_foreach_table (DATFunc_table func,
1362 dissector_foreach_table_info_t info;
1364 info.caller_data = user_data;
1365 info.caller_func = func;
1366 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
1370 register_dissector_table(const char *name, const char *ui_name, ftenum_t type,
1373 dissector_table_t sub_dissectors;
1375 /* Create our hash-of-hashes if it doesn't already exist */
1376 if (!dissector_tables) {
1377 dissector_tables = g_hash_table_new( g_str_hash, g_str_equal );
1378 g_assert(dissector_tables);
1381 /* Make sure the registration is unique */
1382 g_assert(!g_hash_table_lookup( dissector_tables, name ));
1384 /* Create and register the dissector table for this name; returns */
1385 /* a pointer to the dissector table. */
1386 sub_dissectors = g_malloc(sizeof (struct dissector_table));
1394 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
1395 * so we use "g_direct_hash()" and "g_direct_equal()".
1397 sub_dissectors->hash_table = g_hash_table_new( g_direct_hash,
1403 sub_dissectors->hash_table = g_hash_table_new( g_str_hash,
1408 g_assert_not_reached();
1410 sub_dissectors->dissector_handles = NULL;
1411 sub_dissectors->ui_name = ui_name;
1412 sub_dissectors->type = type;
1413 sub_dissectors->base = base;
1414 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
1415 return sub_dissectors;
1419 get_dissector_table_ui_name(const char *name)
1421 dissector_table_t sub_dissectors = find_dissector_table( name);
1423 return sub_dissectors->ui_name;
1427 get_dissector_table_selector_type(const char *name)
1429 dissector_table_t sub_dissectors = find_dissector_table( name);
1431 return sub_dissectors->type;
1435 get_dissector_table_base(const char *name)
1437 dissector_table_t sub_dissectors = find_dissector_table( name);
1439 return sub_dissectors->base;
1442 static GHashTable *heur_dissector_lists = NULL;
1445 heur_dissector_t dissector;
1446 protocol_t *protocol;
1447 } heur_dtbl_entry_t;
1449 /* Finds a heuristic dissector table by field name. */
1450 static heur_dissector_list_t *
1451 find_heur_dissector_list(const char *name)
1453 g_assert(heur_dissector_lists != NULL);
1454 return g_hash_table_lookup(heur_dissector_lists, name);
1458 heur_dissector_add(const char *name, heur_dissector_t dissector, int proto)
1460 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1461 heur_dtbl_entry_t *dtbl_entry;
1464 g_assert(sub_dissectors != NULL);
1466 dtbl_entry = g_malloc(sizeof (heur_dtbl_entry_t));
1467 dtbl_entry->dissector = dissector;
1468 dtbl_entry->protocol = find_protocol_by_id(proto);
1470 /* do the table insertion */
1471 *sub_dissectors = g_slist_append(*sub_dissectors, (gpointer)dtbl_entry);
1475 dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
1476 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1479 const char *saved_proto;
1481 heur_dtbl_entry_t *dtbl_entry;
1482 guint16 saved_can_desegment;
1483 gint saved_layer_names_len = 0;
1485 /* can_desegment is set to 2 by anyone which offers this api/service.
1486 then everytime a subdissector is called it is decremented by one.
1487 thus only the subdissector immediately ontop of whoever offers this
1489 We save the current value of "can_desegment" for the
1490 benefit of TCP proxying dissectors such as SOCKS, so they
1491 can restore it and allow the dissectors they call to use
1492 the desegmentation service.
1494 saved_can_desegment=pinfo->can_desegment;
1495 pinfo->saved_can_desegment = saved_can_desegment;
1496 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1499 saved_proto = pinfo->current_proto;
1501 if (pinfo->layer_names != NULL)
1502 saved_layer_names_len = pinfo->layer_names->len;
1504 for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
1505 /* XXX - why set this now and above? */
1506 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1507 dtbl_entry = (heur_dtbl_entry_t *)entry->data;
1509 if (dtbl_entry->protocol != NULL &&
1510 !proto_is_protocol_enabled(dtbl_entry->protocol)) {
1512 * No - don't try this dissector.
1517 if (dtbl_entry->protocol != NULL) {
1518 pinfo->current_proto =
1519 proto_get_protocol_short_name(dtbl_entry->protocol);
1522 * Add the protocol name to the layers; we'll remove it
1523 * if the dissector fails.
1525 if (pinfo->layer_names) {
1526 if (pinfo->layer_names->len > 0)
1527 g_string_append(pinfo->layer_names, ":");
1528 g_string_append(pinfo->layer_names,
1529 proto_get_protocol_filter_name(proto_get_id(dtbl_entry->protocol)));
1533 if ((*dtbl_entry->dissector)(tvb, pinfo, tree)) {
1538 * That dissector didn't accept the packet, so
1539 * remove its protocol's name from the list
1542 if (pinfo->layer_names != NULL) {
1543 g_string_truncate(pinfo->layer_names,
1544 saved_layer_names_len);
1548 pinfo->current_proto = saved_proto;
1549 pinfo->can_desegment=saved_can_desegment;
1554 register_heur_dissector_list(const char *name, heur_dissector_list_t *sub_dissectors)
1556 /* Create our hash-of-lists if it doesn't already exist */
1557 if (heur_dissector_lists == NULL) {
1558 heur_dissector_lists = g_hash_table_new(g_str_hash, g_str_equal);
1559 g_assert(heur_dissector_lists != NULL);
1562 /* Make sure the registration is unique */
1563 g_assert(g_hash_table_lookup(heur_dissector_lists, name) == NULL);
1565 *sub_dissectors = NULL; /* initially empty */
1566 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
1567 (gpointer) sub_dissectors);
1571 * Register dissectors by name; used if one dissector always calls a
1572 * particular dissector, or if it bases the decision of which dissector
1573 * to call on something other than a numerical value or on "try a bunch
1574 * of dissectors until one likes the packet".
1578 * List of registered dissectors.
1580 static GHashTable *registered_dissectors = NULL;
1582 /* Get the short name of the protocol for a dissector handle, if it has
1585 dissector_handle_get_short_name(dissector_handle_t handle)
1587 if (handle->protocol == NULL) {
1589 * No protocol (see, for example, the handle for
1590 * dissecting the set of protocols where the first
1591 * octet of the payload is an OSI network layer protocol
1596 return proto_get_protocol_short_name(handle->protocol);
1599 /* Get the index of the protocol for a dissector handle, if it has
1602 dissector_handle_get_protocol_index(dissector_handle_t handle)
1604 if (handle->protocol == NULL) {
1606 * No protocol (see, for example, the handle for
1607 * dissecting the set of protocols where the first
1608 * octet of the payload is an OSI network layer protocol
1613 return proto_get_id(handle->protocol);
1616 /* Find a registered dissector by name. */
1618 find_dissector(const char *name)
1620 g_assert(registered_dissectors != NULL);
1621 return g_hash_table_lookup(registered_dissectors, name);
1624 /* Create an anonymous handle for a dissector. */
1626 create_dissector_handle(dissector_t dissector, int proto)
1628 struct dissector_handle *handle;
1630 handle = g_malloc(sizeof (struct dissector_handle));
1631 handle->name = NULL;
1632 handle->is_new = FALSE;
1633 handle->dissector.old = dissector;
1634 handle->protocol = find_protocol_by_id(proto);
1640 new_create_dissector_handle(new_dissector_t dissector, int proto)
1642 struct dissector_handle *handle;
1644 handle = g_malloc(sizeof (struct dissector_handle));
1645 handle->name = NULL;
1646 handle->is_new = TRUE;
1647 handle->dissector.new = dissector;
1648 handle->protocol = find_protocol_by_id(proto);
1653 /* Register a dissector by name. */
1655 register_dissector(const char *name, dissector_t dissector, int proto)
1657 struct dissector_handle *handle;
1659 /* Create our hash table if it doesn't already exist */
1660 if (registered_dissectors == NULL) {
1661 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1662 g_assert(registered_dissectors != NULL);
1665 /* Make sure the registration is unique */
1666 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1668 handle = g_malloc(sizeof (struct dissector_handle));
1669 handle->name = name;
1670 handle->is_new = FALSE;
1671 handle->dissector.old = dissector;
1672 handle->protocol = find_protocol_by_id(proto);
1674 g_hash_table_insert(registered_dissectors, (gpointer)name,
1679 new_register_dissector(const char *name, new_dissector_t dissector, int proto)
1681 struct dissector_handle *handle;
1683 /* Create our hash table if it doesn't already exist */
1684 if (registered_dissectors == NULL) {
1685 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1686 g_assert(registered_dissectors != NULL);
1689 /* Make sure the registration is unique */
1690 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1692 handle = g_malloc(sizeof (struct dissector_handle));
1693 handle->name = name;
1694 handle->is_new = TRUE;
1695 handle->dissector.new = dissector;
1696 handle->protocol = find_protocol_by_id(proto);
1698 g_hash_table_insert(registered_dissectors, (gpointer)name,
1702 /* Call a dissector through a handle and if this fails call the "data"
1706 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
1707 packet_info *pinfo, proto_tree *tree)
1711 g_assert(handle != NULL);
1712 ret = call_dissector_work(handle, tvb, pinfo, tree);
1715 * The protocol was disabled, or the dissector rejected
1716 * it. Just dissect this packet as data.
1718 g_assert(data_handle != NULL);
1719 g_assert(data_handle->protocol != NULL);
1720 call_dissector(data_handle, tvb, pinfo, tree);
1721 return tvb_length(tvb);
1726 /* Call a dissector through a handle but if the dissector rejected it
1727 * return 0 instead of using the default "data" dissector.
1730 call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
1731 packet_info *pinfo, proto_tree *tree)
1735 ret = call_dissector_work(handle, tvb, pinfo, tree);
1740 * Dumps the "layer type"/"decode as" associations to stdout, similar
1741 * to the proto_registrar_dump_*() routines.
1743 * There is one record per line. The fields are tab-delimited.
1745 * Field 1 = layer type, e.g. "tcp.port"
1746 * Field 2 = selector in decimal
1747 * Field 3 = "decode as" name, e.g. "http"
1752 dissector_dump_decodes_display(gchar *table_name, ftenum_t selector_type _U_,
1753 gpointer key, gpointer value, gpointer user_data _U_)
1755 guint32 selector = (guint32) key;
1756 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1757 dtbl_entry_t *dtbl_entry;
1758 dissector_handle_t handle;
1760 const gchar *decode_as;
1762 g_assert(sub_dissectors);
1763 switch (sub_dissectors->type) {
1770 g_assert(dtbl_entry);
1772 handle = dtbl_entry->current;
1775 proto_id = dissector_handle_get_protocol_index(handle);
1777 if (proto_id != -1) {
1778 decode_as = proto_get_protocol_filter_name(proto_id);
1779 g_assert(decode_as != NULL);
1780 printf("%s\t%u\t%s\n", table_name, selector, decode_as);
1790 dissector_dump_decodes() {
1791 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);
1794 static GPtrArray* post_dissectors = NULL;
1795 static guint num_of_postdissectors = 0;
1797 void register_postdissector(dissector_handle_t handle) {
1798 if (!post_dissectors)
1799 post_dissectors = g_ptr_array_new();
1801 g_ptr_array_add(post_dissectors, handle);
1802 num_of_postdissectors++;
1805 extern void call_all_postdissectors(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
1807 for(i=0;i<num_of_postdissectors;i++) {
1808 call_dissector((dissector_handle_t) g_ptr_array_index(post_dissectors,i),