2 * Routines for packet disassembly
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
43 #include "timestamp.h"
45 #include "atalk-utils.h"
46 #include "sna-utils.h"
47 #include "osi-utils.h"
50 #include "addr_resolv.h"
53 #include "epan_dissect.h"
56 #include <epan/reassemble.h>
58 static gint proto_malformed = -1;
59 static dissector_handle_t frame_handle = NULL;
60 static dissector_handle_t data_handle = NULL;
62 const true_false_string flags_set_truth = {
70 frame_handle = find_dissector("frame");
71 data_handle = find_dissector("data");
72 proto_malformed = proto_get_id_by_filter_name("malformed");
82 * Given a tvbuff, and a length from a packet header, adjust the length
83 * of the tvbuff to reflect the specified length.
86 set_actual_length(tvbuff_t *tvb, guint specified_len)
88 if (specified_len < tvb_reported_length(tvb)) {
89 /* Adjust the length of this tvbuff to include only the specified
92 The dissector above the one calling us (the dissector above is
93 probably us) may use that to determine how much of its packet
95 tvb_set_reported_length(tvb, specified_len);
99 /* Allow protocols to register "init" routines, which are called before
100 we make a pass through a capture file and dissect all its packets
101 (e.g., when we read in a new capture file, or run a "filter packets"
102 or "colorize packets" pass over the current capture file). */
103 static GSList *init_routines;
106 register_init_routine(void (*func)(void))
108 init_routines = g_slist_append(init_routines, (gpointer)func);
111 typedef void (*void_func_t)(void);
113 /* Initialize all data structures used for dissection. */
115 call_init_routine(gpointer routine, gpointer dummy _U_)
117 void_func_t func = (void_func_t)routine;
122 * XXX - for now, these are the same; the "init" routines free whatever
123 * stuff is left over from any previous dissection, and then initialize
126 * We should probably split that into "init" and "cleanup" routines, for
130 init_dissection(void)
132 /* Reclaim and reinitialize all memory of seasonal scope */
135 /* Initialize the table of conversations. */
136 epan_conversation_init();
138 /* Initialize the table of circuits. */
141 /* Initialize protocol-specific variables. */
142 g_slist_foreach(init_routines, &call_init_routine, NULL);
144 /* Initialize the common data structures for fragment reassembly.
145 Must be done *after* calling init routines, as those routines
146 may free up space for fragments, which they find by using the
147 data structures that "reassemble_init()" frees. */
152 cleanup_dissection(void)
157 /* Allow protocols to register a "cleanup" routine to be
158 * run after the initial sequential run through the packets.
159 * Note that the file can still be open after this; this is not
160 * the final cleanup. */
161 static GSList *postseq_cleanup_routines;
164 register_postseq_cleanup_routine(void_func_t func)
166 postseq_cleanup_routines = g_slist_append(postseq_cleanup_routines,
170 /* Call all the registered "postseq_cleanup" routines. */
172 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
174 void_func_t func = (void_func_t)routine;
179 postseq_cleanup_all_protocols(void)
181 g_slist_foreach(postseq_cleanup_routines,
182 &call_postseq_cleanup_routine, NULL);
186 * Add a new data source to the list of data sources for a frame, given
187 * the tvbuff for the data source and its name.
190 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
194 src = ep_alloc(sizeof (data_source));
197 * XXX - if we require this argument to be a string constant,
198 * we don't need to allocate a buffer for a copy and make a
199 * copy, and wouldn't need to free the buffer, either.
201 src->name = ep_strdup_printf("%s (%u bytes)", name, tvb_length(tvb));
202 pinfo->data_src = g_slist_append(pinfo->data_src, src);
206 * Free up a frame's list of data sources.
209 free_data_sources(packet_info *pinfo)
211 g_slist_free(pinfo->data_src);
212 pinfo->data_src = NULL;
215 /* Allow dissectors to register a "final_registration" routine
216 * that is run like the proto_register_XXX() routine, but the end
217 * end of the epan_init() function; that is, *after* all other
218 * subsystems, like dfilters, have finished initializing. This is
219 * useful for dissector registration routines which need to compile
220 * display filters. dfilters can't initialize itself until all protocols
221 * have registereed themselves. */
222 static GSList *final_registration_routines;
225 register_final_registration_routine(void (*func)(void))
227 final_registration_routines = g_slist_append(final_registration_routines,
231 /* Call all the registered "final_registration" routines. */
233 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
235 void_func_t func = (void_func_t)routine;
241 final_registration_all_protocols(void)
243 g_slist_foreach(final_registration_routines,
244 &call_final_registration_routine, NULL);
248 /* Creates the top-most tvbuff and calls dissect_frame() */
250 dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
251 const guchar *pd, frame_data *fd, column_info *cinfo)
255 edt->pi.current_proto = "<Missing Protocol Name>";
256 edt->pi.cinfo = cinfo;
258 edt->pi.pseudo_header = pseudo_header;
259 edt->pi.data_src = NULL;
260 edt->pi.dl_src.type = AT_NONE;
261 edt->pi.dl_src.len = 0;
262 edt->pi.dl_src.data = NULL;
263 edt->pi.dl_dst.type = AT_NONE;
264 edt->pi.dl_dst.len = 0;
265 edt->pi.dl_dst.data = NULL;
266 edt->pi.net_src.type = AT_NONE;
267 edt->pi.net_src.len = 0;
268 edt->pi.net_src.data = NULL;
269 edt->pi.net_dst.type = AT_NONE;
270 edt->pi.net_dst.len = 0;
271 edt->pi.net_dst.data = NULL;
272 edt->pi.src.type = AT_NONE;
274 edt->pi.src.data = NULL;
275 edt->pi.dst.type = AT_NONE;
277 edt->pi.dst.data = NULL;
278 edt->pi.ethertype = 0;
280 edt->pi.ipxptype = 0;
281 edt->pi.ctype = CT_NONE;
282 edt->pi.circuit_id = 0;
283 edt->pi.noreassembly_reason = "";
284 edt->pi.fragmented = FALSE;
285 edt->pi.in_error_pkt = FALSE;
286 edt->pi.ptype = PT_NONE;
288 edt->pi.destport = 0;
289 edt->pi.match_port = 0;
290 edt->pi.match_string = NULL;
291 edt->pi.can_desegment = 0;
292 edt->pi.want_pdu_tracking = 0;
293 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
294 edt->pi.private_data = NULL;
301 edt->pi.dcectxid = 0;
302 edt->pi.dcetransporttype = -1;
303 edt->pi.decrypt_gssapi_tvb = 0;
304 edt->pi.gssapi_wrap_tvb = NULL;
305 edt->pi.gssapi_encrypted_tvb = NULL;
306 edt->pi.gssapi_decrypted_tvb = NULL;
307 edt->pi.layer_names = NULL;
308 edt->pi.link_number = 0;
309 edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN;
312 edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
313 /* Add this tvbuffer into the data_src list */
314 add_new_data_source(&edt->pi, edt->tvb, "Frame");
316 /* Even though dissect_frame() catches all the exceptions a
317 * sub-dissector can throw, dissect_frame() itself may throw
318 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
319 * in this function. */
320 if(frame_handle != NULL)
321 call_dissector(frame_handle, edt->tvb, &edt->pi, edt->tree);
325 g_assert_not_reached();
327 CATCH(ReportedBoundsError) {
328 if(proto_malformed != -1){
329 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
330 "[Malformed Frame: Packet Length]" );
332 g_assert_not_reached();
337 fd->flags.visited = 1;
340 /*********************** code added for sub-dissector lookup *********************/
343 * An dissector handle.
345 struct dissector_handle {
346 const char *name; /* dissector name */
347 gboolean is_new; /* TRUE if new-style dissector */
352 protocol_t *protocol;
355 /* This function will return
356 * old style dissector :
357 * length of the payload or 1 of the payload is empty
359 * >0 this protocol was successfully dissected and this was this protocol.
360 * 0 this packet did not match this protocol.
362 * The only time this function will return 0 is if it is a new style dissector
363 * and if the dissector rejected the packet.
366 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
367 packet_info *pinfo, proto_tree *tree)
369 const char *saved_proto;
372 saved_proto = pinfo->current_proto;
374 if (handle->protocol != NULL) {
375 pinfo->current_proto =
376 proto_get_protocol_short_name(handle->protocol);
379 if (handle->is_new) {
380 ret = (*handle->dissector.new)(tvb, pinfo, tree);
382 (*handle->dissector.old)(tvb, pinfo, tree);
383 ret = tvb_length(tvb);
386 * XXX - a tvbuff can have 0 bytes of data in
387 * it, so we have to make sure we don't return
394 pinfo->current_proto = saved_proto;
400 * Call a dissector through a handle.
401 * If the protocol for that handle isn't enabled, return 0 without
402 * calling the dissector.
403 * Otherwise, if the handle refers to a new-style dissector, call the
404 * dissector and return its return value, otherwise call it and return
405 * the length of the tvbuff pointed to by the argument.
408 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb,
409 packet_info *pinfo_arg, proto_tree *tree)
411 packet_info *volatile pinfo = pinfo_arg;
412 const char *saved_proto;
413 guint16 saved_can_desegment;
415 gboolean save_writable;
416 volatile address save_dl_src;
417 volatile address save_dl_dst;
418 volatile address save_net_src;
419 volatile address save_net_dst;
420 volatile address save_src;
421 volatile address save_dst;
422 volatile gint saved_layer_names_len = 0;
424 if (handle->protocol != NULL &&
425 !proto_is_protocol_enabled(handle->protocol)) {
427 * The protocol isn't enabled.
432 saved_proto = pinfo->current_proto;
433 saved_can_desegment = pinfo->can_desegment;
435 if (pinfo->layer_names != NULL)
436 saved_layer_names_len = pinfo->layer_names->len;
439 * can_desegment is set to 2 by anyone which offers the
440 * desegmentation api/service.
441 * Then everytime a subdissector is called it is decremented
443 * Thus only the subdissector immediately on top of whoever
444 * offers this service can use it.
445 * We save the current value of "can_desegment" for the
446 * benefit of TCP proxying dissectors such as SOCKS, so they
447 * can restore it and allow the dissectors they call to use
448 * the desegmentation service.
450 pinfo->saved_can_desegment = saved_can_desegment;
451 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
452 if (handle->protocol != NULL) {
453 pinfo->current_proto =
454 proto_get_protocol_short_name(handle->protocol);
457 * Add the protocol name to the layers
459 if (pinfo->layer_names) {
460 if (pinfo->layer_names->len > 0)
461 g_string_append(pinfo->layer_names, ":");
462 g_string_append(pinfo->layer_names,
463 proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
467 if (pinfo->in_error_pkt) {
469 * This isn't a packet being transported inside
470 * the protocol whose dissector is calling us,
471 * it's a copy of a packet that caused an error
472 * in some protocol included in a packet that
473 * reports the error (e.g., an ICMP Unreachable
478 * Save the current state of the writability of
479 * the columns, and restore them after the
480 * dissector returns, so that the columns
481 * don't reflect the packet that got the error,
482 * they reflect the packet that reported the
485 save_writable = col_get_writable(pinfo->cinfo);
486 col_set_writable(pinfo->cinfo, FALSE);
487 save_dl_src = pinfo->dl_src;
488 save_dl_dst = pinfo->dl_dst;
489 save_net_src = pinfo->net_src;
490 save_net_dst = pinfo->net_dst;
491 save_src = pinfo->src;
492 save_dst = pinfo->dst;
494 /* Dissect the contained packet. */
496 ret = call_dissector_through_handle(handle, tvb,
501 * Restore the column writability and addresses.
503 col_set_writable(pinfo->cinfo, save_writable);
504 pinfo->dl_src = save_dl_src;
505 pinfo->dl_dst = save_dl_dst;
506 pinfo->net_src = save_net_src;
507 pinfo->net_dst = save_net_dst;
508 pinfo->src = save_src;
509 pinfo->dst = save_dst;
512 * Restore the current protocol, so any
513 * "Short Frame" indication reflects that
514 * protocol, not the protocol for the
515 * packet that got the error.
517 pinfo->current_proto = saved_proto;
520 * Restore the desegmentability state.
522 pinfo->can_desegment = saved_can_desegment;
525 * Rethrow the exception, so this will be
526 * reported as a short frame.
530 CATCH(ReportedBoundsError) {
532 * "ret" wasn't set because an exception was thrown
533 * before "call_dissector_through_handle()" returned.
534 * As it called something, at least one dissector
535 * accepted the packet, and, as an exception was
536 * thrown, not only was all the tvbuff dissected,
537 * a dissector tried dissecting past the end of
538 * the data in some tvbuff, so we'll assume that
539 * the entire tvbuff was dissected.
541 ret = tvb_length(tvb);
545 col_set_writable(pinfo->cinfo, save_writable);
546 pinfo->dl_src = save_dl_src;
547 pinfo->dl_dst = save_dl_dst;
548 pinfo->net_src = save_net_src;
549 pinfo->net_dst = save_net_dst;
550 pinfo->src = save_src;
551 pinfo->dst = save_dst;
552 pinfo->want_pdu_tracking = 0;
555 * Just call the subdissector.
557 ret = call_dissector_through_handle(handle, tvb, pinfo, tree);
562 * That dissector didn't accept the packet, so
563 * remove its protocol's name from the list
566 if (pinfo->layer_names != NULL) {
567 g_string_truncate(pinfo->layer_names,
568 saved_layer_names_len);
571 pinfo->current_proto = saved_proto;
572 pinfo->can_desegment = saved_can_desegment;
577 * An entry in the hash table portion of a dissector table.
580 dissector_handle_t initial;
581 dissector_handle_t current;
587 * "hash_table" is a hash table, indexed by port number, supplying
588 * a "struct dtbl_entry"; it records what dissector is assigned to
589 * that port number in that table.
591 * "dissector_handles" is a list of all dissectors that *could* be
592 * used in that table; not all of them are necessarily in the table,
593 * as they may be for protocols that don't have a fixed port number.
595 * "ui_name" is the name the dissector table has in the user interface.
597 * "type" is a field type giving the width of the port number for that
600 * "base" is the base in which to display the port number for that
603 struct dissector_table {
604 GHashTable *hash_table;
605 GSList *dissector_handles;
611 static GHashTable *dissector_tables = NULL;
613 /* Finds a dissector table by table name. */
615 find_dissector_table(const char *name)
617 g_assert(dissector_tables);
618 return g_hash_table_lookup( dissector_tables, name );
621 /* Find an entry in a uint dissector table. */
622 static dtbl_entry_t *
623 find_uint_dtbl_entry(dissector_table_t sub_dissectors, guint32 pattern)
625 switch (sub_dissectors->type) {
632 * You can do a port lookup in these tables.
638 * But you can't do a port lookup in any other types
641 g_assert_not_reached();
647 return g_hash_table_lookup(sub_dissectors->hash_table,
648 GUINT_TO_POINTER(pattern));
651 /* Add an entry to a uint dissector table. */
653 dissector_add(const char *name, guint32 pattern, dissector_handle_t handle)
655 dissector_table_t sub_dissectors = find_dissector_table( name);
656 dtbl_entry_t *dtbl_entry;
659 g_assert( sub_dissectors);
660 switch (sub_dissectors->type) {
667 * You can do a port lookup in these tables.
673 * But you can't do a port lookup in any other types
676 g_assert_not_reached();
679 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
680 dtbl_entry->current = handle;
681 dtbl_entry->initial = dtbl_entry->current;
683 /* do the table insertion */
684 g_hash_table_insert( sub_dissectors->hash_table,
685 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
688 * Now add it to the list of handles that could be used with this
689 * table, because it *is* being used with this table.
691 dissector_add_handle(name, handle);
694 /* Delete the entry for a dissector in a uint dissector table
695 with a particular pattern. */
697 /* NOTE: this doesn't use the dissector call variable. It is included to */
698 /* be consistant with the dissector_add and more importantly to be used */
699 /* if the technique of adding a temporary dissector is implemented. */
700 /* If temporary dissectors are deleted, then the original dissector must */
703 dissector_delete(const char *name, guint32 pattern,
704 dissector_handle_t handle _U_)
706 dissector_table_t sub_dissectors = find_dissector_table( name);
707 dtbl_entry_t *dtbl_entry;
710 g_assert( sub_dissectors);
715 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
717 if (dtbl_entry != NULL) {
721 g_hash_table_remove(sub_dissectors->hash_table,
722 GUINT_TO_POINTER(pattern));
725 * Now free up the entry.
731 /* Change the entry for a dissector in a uint dissector table
732 with a particular pattern to use a new dissector handle. */
734 dissector_change(const char *name, guint32 pattern, dissector_handle_t handle)
736 dissector_table_t sub_dissectors = find_dissector_table( name);
737 dtbl_entry_t *dtbl_entry;
740 g_assert( sub_dissectors);
743 * See if the entry already exists. If so, reuse it.
745 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
746 if (dtbl_entry != NULL) {
747 dtbl_entry->current = handle;
752 * Don't create an entry if there is no dissector handle - I.E. the
753 * user said not to decode something that wasn't being decoded
754 * in the first place.
759 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
760 dtbl_entry->initial = NULL;
761 dtbl_entry->current = handle;
763 /* do the table insertion */
764 g_hash_table_insert( sub_dissectors->hash_table,
765 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
768 /* Reset an entry in a uint dissector table to its initial value. */
770 dissector_reset(const char *name, guint32 pattern)
772 dissector_table_t sub_dissectors = find_dissector_table( name);
773 dtbl_entry_t *dtbl_entry;
776 g_assert( sub_dissectors);
781 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
783 if (dtbl_entry == NULL)
787 * Found - is there an initial value?
789 if (dtbl_entry->initial != NULL) {
790 dtbl_entry->current = dtbl_entry->initial;
792 g_hash_table_remove(sub_dissectors->hash_table,
793 GUINT_TO_POINTER(pattern));
798 /* Look for a given value in a given uint dissector table and, if found,
799 call the dissector with the arguments supplied, and return TRUE,
800 otherwise return FALSE. */
802 dissector_try_port(dissector_table_t sub_dissectors, guint32 port,
803 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
805 dtbl_entry_t *dtbl_entry;
806 struct dissector_handle *handle;
807 guint32 saved_match_port;
810 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
811 if (dtbl_entry != NULL) {
813 * Is there currently a dissector handle for this entry?
815 handle = dtbl_entry->current;
816 if (handle == NULL) {
818 * No - pretend this dissector didn't exist,
819 * so that other dissectors might have a chance
820 * to dissect this packet.
826 * Save the current value of "pinfo->match_port",
827 * set it to the port that matched, call the
828 * dissector, and restore "pinfo->match_port".
830 saved_match_port = pinfo->match_port;
831 pinfo->match_port = port;
832 ret = call_dissector_work(handle, tvb, pinfo, tree);
833 pinfo->match_port = saved_match_port;
836 * If a new-style dissector returned 0, it means that
837 * it didn't think this tvbuff represented a packet for
838 * its protocol, and didn't dissect anything.
840 * Old-style dissectors can't reject the packet.
842 * 0 is also returned if the protocol wasn't enabled.
844 * If the packet was rejected, we return FALSE, so that
845 * other dissectors might have a chance to dissect this
846 * packet, otherwise we return TRUE.
853 /* Look for a given value in a given uint dissector table and, if found,
854 return the dissector handle for that value. */
856 dissector_get_port_handle(dissector_table_t sub_dissectors, guint32 port)
858 dtbl_entry_t *dtbl_entry;
860 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, port);
861 if (dtbl_entry != NULL)
862 return dtbl_entry->current;
867 /* Find an entry in a string dissector table. */
868 static dtbl_entry_t *
869 find_string_dtbl_entry(dissector_table_t sub_dissectors, const gchar *pattern)
871 switch (sub_dissectors->type) {
876 * You can do a string lookup in these tables.
882 * But you can't do a string lookup in any other types
885 g_assert_not_reached();
891 return g_hash_table_lookup(sub_dissectors->hash_table, pattern);
894 /* Add an entry to a string dissector table. */
896 dissector_add_string(const char *name, const gchar *pattern,
897 dissector_handle_t handle)
899 dissector_table_t sub_dissectors = find_dissector_table( name);
900 dtbl_entry_t *dtbl_entry;
903 g_assert( sub_dissectors);
905 switch (sub_dissectors->type) {
910 * You can do a string lookup in these tables.
916 * But you can't do a string lookup in any other types
919 g_assert_not_reached();
922 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
923 dtbl_entry->current = handle;
924 dtbl_entry->initial = dtbl_entry->current;
926 /* do the table insertion */
927 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)pattern,
928 (gpointer)dtbl_entry);
931 * Now add it to the list of handles that could be used with this
932 * table, because it *is* being used with this table.
934 dissector_add_handle(name, handle);
937 /* Delete the entry for a dissector in a string dissector table
938 with a particular pattern. */
940 /* NOTE: this doesn't use the dissector call variable. It is included to */
941 /* be consistant with the dissector_add_string and more importantly to */
942 /* be used if the technique of adding a temporary dissector is */
944 /* If temporary dissectors are deleted, then the original dissector must */
947 dissector_delete_string(const char *name, const gchar *pattern,
948 dissector_handle_t handle _U_)
950 dissector_table_t sub_dissectors = find_dissector_table( name);
951 dtbl_entry_t *dtbl_entry;
954 g_assert( sub_dissectors);
959 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
961 if (dtbl_entry != NULL) {
965 g_hash_table_remove(sub_dissectors->hash_table, pattern);
968 * Now free up the entry.
974 /* Change the entry for a dissector in a string dissector table
975 with a particular pattern to use a new dissector handle. */
977 dissector_change_string(const char *name, gchar *pattern,
978 dissector_handle_t handle)
980 dissector_table_t sub_dissectors = find_dissector_table( name);
981 dtbl_entry_t *dtbl_entry;
984 g_assert( sub_dissectors);
987 * See if the entry already exists. If so, reuse it.
989 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
990 if (dtbl_entry != NULL) {
991 dtbl_entry->current = handle;
996 * Don't create an entry if there is no dissector handle - I.E. the
997 * user said not to decode something that wasn't being decoded
998 * in the first place.
1003 dtbl_entry = g_malloc(sizeof (dtbl_entry_t));
1004 dtbl_entry->initial = NULL;
1005 dtbl_entry->current = handle;
1007 /* do the table insertion */
1008 g_hash_table_insert( sub_dissectors->hash_table, pattern,
1009 (gpointer)dtbl_entry);
1012 /* Reset an entry in a string sub-dissector table to its initial value. */
1014 dissector_reset_string(const char *name, const gchar *pattern)
1016 dissector_table_t sub_dissectors = find_dissector_table( name);
1017 dtbl_entry_t *dtbl_entry;
1020 g_assert( sub_dissectors);
1025 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1027 if (dtbl_entry == NULL)
1031 * Found - is there an initial value?
1033 if (dtbl_entry->initial != NULL) {
1034 dtbl_entry->current = dtbl_entry->initial;
1036 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1041 /* Look for a given string in a given dissector table and, if found, call
1042 the dissector with the arguments supplied, and return TRUE, otherwise
1045 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1046 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1048 dtbl_entry_t *dtbl_entry;
1049 struct dissector_handle *handle;
1051 const gchar *saved_match_string;
1053 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1054 if (dtbl_entry != NULL) {
1056 * Is there currently a dissector handle for this entry?
1058 handle = dtbl_entry->current;
1059 if (handle == NULL) {
1061 * No - pretend this dissector didn't exist,
1062 * so that other dissectors might have a chance
1063 * to dissect this packet.
1069 * Save the current value of "pinfo->match_string",
1070 * set it to the string that matched, call the
1071 * dissector, and restore "pinfo->match_string".
1073 saved_match_string = pinfo->match_string;
1074 pinfo->match_string = string;
1075 ret = call_dissector_work(handle, tvb, pinfo, tree);
1076 pinfo->match_string = saved_match_string;
1079 * If a new-style dissector returned 0, it means that
1080 * it didn't think this tvbuff represented a packet for
1081 * its protocol, and didn't dissect anything.
1083 * Old-style dissectors can't reject the packet.
1085 * 0 is also returned if the protocol wasn't enabled.
1087 * If the packet was rejected, we return FALSE, so that
1088 * other dissectors might have a chance to dissect this
1089 * packet, otherwise we return TRUE.
1096 /* Look for a given value in a given string dissector table and, if found,
1097 return the dissector handle for that value. */
1099 dissector_get_string_handle(dissector_table_t sub_dissectors,
1100 const gchar *string)
1102 dtbl_entry_t *dtbl_entry;
1104 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1105 if (dtbl_entry != NULL)
1106 return dtbl_entry->current;
1112 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1114 return dtbl_entry->current;
1117 /* Add a handle to the list of handles that *could* be used with this
1118 table. That list is used by code in the UI. */
1120 dissector_add_handle(const char *name, dissector_handle_t handle)
1122 dissector_table_t sub_dissectors = find_dissector_table( name);
1126 g_assert(sub_dissectors != NULL);
1128 /* Is it already in this list? */
1129 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1130 if (entry != NULL) {
1132 * Yes - don't insert it again.
1137 /* Add it to the list. */
1138 sub_dissectors->dissector_handles =
1139 g_slist_append(sub_dissectors->dissector_handles, (gpointer)handle);
1143 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1145 return dtbl_entry->initial;
1148 /**************************************************/
1150 /* Routines to walk dissector tables */
1152 /**************************************************/
1154 typedef struct dissector_foreach_info {
1155 gpointer caller_data;
1156 DATFunc caller_func;
1159 ftenum_t selector_type;
1160 } dissector_foreach_info_t;
1163 * Called for each entry in a dissector table.
1166 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1168 dissector_foreach_info_t *info;
1169 dtbl_entry_t *dtbl_entry;
1172 g_assert(user_data);
1175 if (dtbl_entry->current == NULL ||
1176 dtbl_entry->current->protocol == NULL) {
1178 * Either there is no dissector for this entry, or
1179 * the dissector doesn't have a protocol associated
1182 * XXX - should the latter check be done?
1188 info->caller_func(info->table_name, info->selector_type, key, value,
1193 * Called for each entry in the table of all dissector tables.
1196 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1198 dissector_table_t sub_dissectors;
1199 dissector_foreach_info_t *info;
1202 g_assert(user_data);
1204 sub_dissectors = value;
1206 info->table_name = (gchar*) key;
1207 info->selector_type = get_dissector_table_selector_type(info->table_name);
1208 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1212 * Walk all dissector tables calling a user supplied function on each
1216 dissector_all_tables_foreach (DATFunc func,
1219 dissector_foreach_info_t info;
1221 info.caller_data = user_data;
1222 info.caller_func = func;
1223 info.next_func = dissector_table_foreach_func;
1224 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1228 * Walk one dissector table's hash table calling a user supplied function
1232 dissector_table_foreach (char *name,
1236 dissector_foreach_info_t info;
1237 dissector_table_t sub_dissectors = find_dissector_table( name);
1239 info.table_name = name;
1240 info.selector_type = sub_dissectors->type;
1241 info.caller_func = func;
1242 info.caller_data = user_data;
1243 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1247 * Walk one dissector table's list of handles calling a user supplied
1248 * function on each entry.
1251 dissector_table_foreach_handle(const char *name,
1252 DATFunc_handle func,
1255 dissector_table_t sub_dissectors = find_dissector_table( name);
1258 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1259 tmp = g_slist_next(tmp))
1260 func(name, tmp->data, user_data);
1264 * Called for each entry in a dissector table.
1267 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1269 dtbl_entry_t *dtbl_entry;
1270 dissector_foreach_info_t *info;
1273 g_assert(user_data);
1276 if (dtbl_entry->initial == dtbl_entry->current) {
1278 * Entry hasn't changed - don't call the function.
1284 info->caller_func(info->table_name, info->selector_type, key, value,
1289 * Walk all dissector tables calling a user supplied function only on
1290 * any entry that has been changed from its original state.
1293 dissector_all_tables_foreach_changed (DATFunc func,
1296 dissector_foreach_info_t info;
1298 info.caller_data = user_data;
1299 info.caller_func = func;
1300 info.next_func = dissector_table_foreach_changed_func;
1301 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1305 * Walk one dissector table calling a user supplied function only on
1306 * any entry that has been changed from its original state.
1309 dissector_table_foreach_changed (char *name,
1313 dissector_foreach_info_t info;
1314 dissector_table_t sub_dissectors = find_dissector_table( name);
1316 info.table_name = name;
1317 info.selector_type = sub_dissectors->type;
1318 info.caller_func = func;
1319 info.caller_data = user_data;
1320 g_hash_table_foreach(sub_dissectors->hash_table,
1321 dissector_table_foreach_changed_func, &info);
1324 typedef struct dissector_foreach_table_info {
1325 gpointer caller_data;
1326 DATFunc_table caller_func;
1327 } dissector_foreach_table_info_t;
1330 * Called for each entry in the table of all dissector tables.
1333 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
1335 dissector_table_t table;
1336 dissector_foreach_table_info_t *info;
1340 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
1344 * Walk all dissector tables calling a user supplied function on each
1348 dissector_all_tables_foreach_table (DATFunc_table func,
1351 dissector_foreach_table_info_t info;
1353 info.caller_data = user_data;
1354 info.caller_func = func;
1355 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
1359 register_dissector_table(const char *name, const char *ui_name, ftenum_t type,
1362 dissector_table_t sub_dissectors;
1364 /* Create our hash-of-hashes if it doesn't already exist */
1365 if (!dissector_tables) {
1366 dissector_tables = g_hash_table_new( g_str_hash, g_str_equal );
1367 g_assert(dissector_tables);
1370 /* Make sure the registration is unique */
1371 g_assert(!g_hash_table_lookup( dissector_tables, name ));
1373 /* Create and register the dissector table for this name; returns */
1374 /* a pointer to the dissector table. */
1375 sub_dissectors = g_malloc(sizeof (struct dissector_table));
1383 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
1384 * so we use "g_direct_hash()" and "g_direct_equal()".
1386 sub_dissectors->hash_table = g_hash_table_new( g_direct_hash,
1392 sub_dissectors->hash_table = g_hash_table_new( g_str_hash,
1397 g_assert_not_reached();
1399 sub_dissectors->dissector_handles = NULL;
1400 sub_dissectors->ui_name = ui_name;
1401 sub_dissectors->type = type;
1402 sub_dissectors->base = base;
1403 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
1404 return sub_dissectors;
1408 get_dissector_table_ui_name(const char *name)
1410 dissector_table_t sub_dissectors = find_dissector_table( name);
1412 return sub_dissectors->ui_name;
1416 get_dissector_table_selector_type(const char *name)
1418 dissector_table_t sub_dissectors = find_dissector_table( name);
1420 return sub_dissectors->type;
1424 get_dissector_table_base(const char *name)
1426 dissector_table_t sub_dissectors = find_dissector_table( name);
1428 return sub_dissectors->base;
1431 static GHashTable *heur_dissector_lists = NULL;
1434 heur_dissector_t dissector;
1435 protocol_t *protocol;
1436 } heur_dtbl_entry_t;
1438 /* Finds a heuristic dissector table by field name. */
1439 static heur_dissector_list_t *
1440 find_heur_dissector_list(const char *name)
1442 g_assert(heur_dissector_lists != NULL);
1443 return g_hash_table_lookup(heur_dissector_lists, name);
1447 heur_dissector_add(const char *name, heur_dissector_t dissector, int proto)
1449 heur_dissector_list_t *sub_dissectors = find_heur_dissector_list(name);
1450 heur_dtbl_entry_t *dtbl_entry;
1453 g_assert(sub_dissectors != NULL);
1455 dtbl_entry = g_malloc(sizeof (heur_dtbl_entry_t));
1456 dtbl_entry->dissector = dissector;
1457 dtbl_entry->protocol = find_protocol_by_id(proto);
1459 /* do the table insertion */
1460 *sub_dissectors = g_slist_append(*sub_dissectors, (gpointer)dtbl_entry);
1464 dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
1465 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1468 const char *saved_proto;
1470 heur_dtbl_entry_t *dtbl_entry;
1471 guint16 saved_can_desegment;
1472 gint saved_layer_names_len = 0;
1474 /* can_desegment is set to 2 by anyone which offers this api/service.
1475 then everytime a subdissector is called it is decremented by one.
1476 thus only the subdissector immediately ontop of whoever offers this
1478 We save the current value of "can_desegment" for the
1479 benefit of TCP proxying dissectors such as SOCKS, so they
1480 can restore it and allow the dissectors they call to use
1481 the desegmentation service.
1483 saved_can_desegment=pinfo->can_desegment;
1484 pinfo->saved_can_desegment = saved_can_desegment;
1485 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1488 saved_proto = pinfo->current_proto;
1490 if (pinfo->layer_names != NULL)
1491 saved_layer_names_len = pinfo->layer_names->len;
1493 for (entry = sub_dissectors; entry != NULL; entry = g_slist_next(entry)) {
1494 /* XXX - why set this now and above? */
1495 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
1496 dtbl_entry = (heur_dtbl_entry_t *)entry->data;
1498 if (dtbl_entry->protocol != NULL &&
1499 !proto_is_protocol_enabled(dtbl_entry->protocol)) {
1501 * No - don't try this dissector.
1506 if (dtbl_entry->protocol != NULL) {
1507 pinfo->current_proto =
1508 proto_get_protocol_short_name(dtbl_entry->protocol);
1512 * Add the protocol name to the layers; we'll remove it
1513 * if the dissector fails.
1515 if (pinfo->layer_names) {
1516 if (pinfo->layer_names->len > 0)
1517 g_string_append(pinfo->layer_names, ":");
1518 g_string_append(pinfo->layer_names,
1519 proto_get_protocol_filter_name(proto_get_id(dtbl_entry->protocol)));
1522 if ((*dtbl_entry->dissector)(tvb, pinfo, tree)) {
1527 * That dissector didn't accept the packet, so
1528 * remove its protocol's name from the list
1531 if (pinfo->layer_names != NULL) {
1532 g_string_truncate(pinfo->layer_names,
1533 saved_layer_names_len);
1537 pinfo->current_proto = saved_proto;
1538 pinfo->can_desegment=saved_can_desegment;
1543 register_heur_dissector_list(const char *name, heur_dissector_list_t *sub_dissectors)
1545 /* Create our hash-of-lists if it doesn't already exist */
1546 if (heur_dissector_lists == NULL) {
1547 heur_dissector_lists = g_hash_table_new(g_str_hash, g_str_equal);
1548 g_assert(heur_dissector_lists != NULL);
1551 /* Make sure the registration is unique */
1552 g_assert(g_hash_table_lookup(heur_dissector_lists, name) == NULL);
1554 *sub_dissectors = NULL; /* initially empty */
1555 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
1556 (gpointer) sub_dissectors);
1560 * Register dissectors by name; used if one dissector always calls a
1561 * particular dissector, or if it bases the decision of which dissector
1562 * to call on something other than a numerical value or on "try a bunch
1563 * of dissectors until one likes the packet".
1567 * List of registered dissectors.
1569 static GHashTable *registered_dissectors = NULL;
1571 /* Get the short name of the protocol for a dissector handle, if it has
1574 dissector_handle_get_short_name(dissector_handle_t handle)
1576 if (handle->protocol == NULL) {
1578 * No protocol (see, for example, the handle for
1579 * dissecting the set of protocols where the first
1580 * octet of the payload is an OSI network layer protocol
1585 return proto_get_protocol_short_name(handle->protocol);
1588 /* Get the index of the protocol for a dissector handle, if it has
1591 dissector_handle_get_protocol_index(dissector_handle_t handle)
1593 if (handle->protocol == NULL) {
1595 * No protocol (see, for example, the handle for
1596 * dissecting the set of protocols where the first
1597 * octet of the payload is an OSI network layer protocol
1602 return proto_get_id(handle->protocol);
1605 /* Find a registered dissector by name. */
1607 find_dissector(const char *name)
1609 g_assert(registered_dissectors != NULL);
1610 return g_hash_table_lookup(registered_dissectors, name);
1613 /* Create an anonymous handle for a dissector. */
1615 create_dissector_handle(dissector_t dissector, int proto)
1617 struct dissector_handle *handle;
1619 handle = g_malloc(sizeof (struct dissector_handle));
1620 handle->name = NULL;
1621 handle->is_new = FALSE;
1622 handle->dissector.old = dissector;
1623 handle->protocol = find_protocol_by_id(proto);
1629 new_create_dissector_handle(new_dissector_t dissector, int proto)
1631 struct dissector_handle *handle;
1633 handle = g_malloc(sizeof (struct dissector_handle));
1634 handle->name = NULL;
1635 handle->is_new = TRUE;
1636 handle->dissector.new = dissector;
1637 handle->protocol = find_protocol_by_id(proto);
1642 /* Register a dissector by name. */
1644 register_dissector(const char *name, dissector_t dissector, int proto)
1646 struct dissector_handle *handle;
1648 /* Create our hash table if it doesn't already exist */
1649 if (registered_dissectors == NULL) {
1650 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1651 g_assert(registered_dissectors != NULL);
1654 /* Make sure the registration is unique */
1655 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1657 handle = g_malloc(sizeof (struct dissector_handle));
1658 handle->name = name;
1659 handle->is_new = FALSE;
1660 handle->dissector.old = dissector;
1661 handle->protocol = find_protocol_by_id(proto);
1663 g_hash_table_insert(registered_dissectors, (gpointer)name,
1668 new_register_dissector(const char *name, new_dissector_t dissector, int proto)
1670 struct dissector_handle *handle;
1672 /* Create our hash table if it doesn't already exist */
1673 if (registered_dissectors == NULL) {
1674 registered_dissectors = g_hash_table_new(g_str_hash, g_str_equal);
1675 g_assert(registered_dissectors != NULL);
1678 /* Make sure the registration is unique */
1679 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
1681 handle = g_malloc(sizeof (struct dissector_handle));
1682 handle->name = name;
1683 handle->is_new = TRUE;
1684 handle->dissector.new = dissector;
1685 handle->protocol = find_protocol_by_id(proto);
1687 g_hash_table_insert(registered_dissectors, (gpointer)name,
1691 /* Call a dissector through a handle and if this fails call the "data"
1695 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
1696 packet_info *pinfo, proto_tree *tree)
1700 ret = call_dissector_work(handle, tvb, pinfo, tree);
1703 * The protocol was disabled, or the dissector rejected
1704 * it. Just dissect this packet as data.
1706 g_assert(data_handle != NULL);
1707 g_assert(data_handle->protocol != NULL);
1708 call_dissector(data_handle, tvb, pinfo, tree);
1709 return tvb_length(tvb);
1714 /* Call a dissector through a handle but if the dissector rejected it
1715 * return 0 instead of using the default "data" dissector.
1718 call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
1719 packet_info *pinfo, proto_tree *tree)
1723 ret = call_dissector_work(handle, tvb, pinfo, tree);
1728 * Dumps the "layer type"/"decode as" associations to stdout, similar
1729 * to the proto_registrar_dump_*() routines.
1731 * There is one record per line. The fields are tab-delimited.
1733 * Field 1 = layer type, e.g. "tcp.port"
1734 * Field 2 = selector in decimal
1735 * Field 3 = "decode as" name, e.g. "http"
1740 dissector_dump_decodes_display(gchar *table_name, ftenum_t selector_type _U_,
1741 gpointer key, gpointer value, gpointer user_data _U_)
1743 guint32 selector = (guint32) key;
1744 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1745 dtbl_entry_t *dtbl_entry;
1746 dissector_handle_t handle;
1748 const gchar *decode_as;
1750 g_assert(sub_dissectors);
1751 switch (sub_dissectors->type) {
1758 g_assert(dtbl_entry);
1760 handle = dtbl_entry->current;
1763 proto_id = dissector_handle_get_protocol_index(handle);
1765 if (proto_id != -1) {
1766 decode_as = proto_get_protocol_filter_name(proto_id);
1767 g_assert(decode_as != NULL);
1768 printf("%s\t%u\t%s\n", table_name, selector, decode_as);
1778 dissector_dump_decodes() {
1779 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);