723
779
/* Try IP Prim heuristic if configured to */
724
780
if (catapult_dct2000_try_ipprim_heuristic)
726
guint32 source_addr = 0, dest_addr = 0;
727
guint16 source_port = 0, dest_port = 0;
782
guint32 source_addr_offset = 0, dest_addr_offset = 0;
783
guint32 source_port_offset = 0, dest_port_offset = 0;
728
784
port_type type_of_port = PT_NONE;
785
int offset_before_ipprim_header = offset;
730
787
heur_protocol_handle = look_for_dissector(protocol_name);
731
788
if ((heur_protocol_handle != 0) &&
732
find_ipprim_data_offset(tvb, &offset, &source_addr, &dest_addr,
733
&source_port, &dest_port, &type_of_port))
789
find_ipprim_data_offset(tvb, &offset,
790
&source_addr_offset, &dest_addr_offset,
791
&source_port_offset, &dest_port_offset,
735
794
proto_tree *ipprim_tree;
737
796
protocol_handle = heur_protocol_handle;
739
if (source_addr && check_col(pinfo->cinfo, COL_DEF_SRC))
798
if (source_addr_offset && check_col(pinfo->cinfo, COL_DEF_SRC))
741
800
col_append_fstr(pinfo->cinfo, COL_DEF_SRC,
742
"(%s:%u)", (char*)get_hostname(source_addr), source_port);
802
(char*)get_hostname(tvb_get_ipv4(tvb, source_addr_offset)),
803
tvb_get_ntohs(tvb, source_port_offset));
744
if (dest_addr && check_col(pinfo->cinfo, COL_DEF_DST))
805
if (dest_addr_offset && check_col(pinfo->cinfo, COL_DEF_DST))
746
807
col_append_fstr(pinfo->cinfo, COL_DEF_DST,
747
"(%s:%u)", (char*)get_hostname(dest_addr), dest_port);
809
(char*)get_hostname(tvb_get_ipv4(tvb, dest_addr_offset)),
810
tvb_get_ntohs(tvb, dest_port_offset));
750
813
/* Add address parameters to tree */
751
814
/* Unfortunately can't automatically create a conversation filter for this...
752
815
I could create a fake IP header from these details, but then it would be tricky
753
816
to get FP dissector called as it has no well-known ports or heuristics... */
754
ti = proto_tree_add_string_format(dct2000_tree, hf_catapult_dct2000_ipprim_addresses, tvb, offset, 0,
817
ti = proto_tree_add_string_format(dct2000_tree, hf_catapult_dct2000_ipprim_addresses,
818
tvb, offset_before_ipprim_header, 0,
755
819
"", "IPPrim transport (%s): %s:%u -> %s:%u",
756
820
(type_of_port == PT_UDP) ? "UDP" : "TCP",
757
(char *)get_hostname(source_addr), source_port,
758
(char *)get_hostname(dest_addr), dest_port);
821
(source_addr_offset) ?
822
(char *)get_hostname(tvb_get_ipv4(tvb, source_addr_offset)) :
824
(source_port_offset) ?
825
tvb_get_ntohs(tvb, source_port_offset) :
828
(char *)get_hostname(tvb_get_ipv4(tvb, dest_addr_offset)) :
831
tvb_get_ntohs(tvb, dest_port_offset) :
759
833
ipprim_tree = proto_item_add_subtree(ti, ett_catapult_dct2000_ipprim);
762
if (source_addr != 0)
836
if (source_addr_offset != 0)
764
838
proto_item *addr_ti;
765
proto_tree_add_ipv4(ipprim_tree, hf_catapult_dct2000_ipprim_src_addr,
766
tvb, offset, 0, source_addr);
767
addr_ti = proto_tree_add_ipv4(ipprim_tree, hf_catapult_dct2000_ipprim_addr,
768
tvb, offset, 0, source_addr);
839
proto_tree_add_item(ipprim_tree, hf_catapult_dct2000_ipprim_src_addr,
840
tvb, source_addr_offset, 4, FALSE);
841
addr_ti = proto_tree_add_item(ipprim_tree, hf_catapult_dct2000_ipprim_addr,
842
tvb, source_addr_offset, 4, FALSE);
769
843
PROTO_ITEM_SET_HIDDEN(addr_ti);
771
if (source_port != 0)
845
if (source_port_offset != 0)
773
847
proto_item *port_ti;
774
proto_tree_add_uint(ipprim_tree,
848
proto_tree_add_item(ipprim_tree,
775
849
(type_of_port == PT_UDP) ?
776
850
hf_catapult_dct2000_ipprim_udp_src_port :
777
851
hf_catapult_dct2000_ipprim_tcp_src_port,
778
tvb, offset, 0, source_port);
779
port_ti = proto_tree_add_uint(ipprim_tree,
852
tvb, source_port_offset, 2, FALSE);
853
port_ti = proto_tree_add_item(ipprim_tree,
780
854
(type_of_port == PT_UDP) ?
781
855
hf_catapult_dct2000_ipprim_udp_port :
782
856
hf_catapult_dct2000_ipprim_tcp_port,
783
tvb, offset, 0, source_port);
857
tvb, source_port_offset, 2, FALSE);
784
858
PROTO_ITEM_SET_HIDDEN(port_ti);
860
if (dest_addr_offset != 0)
788
862
proto_item *addr_ti;
789
proto_tree_add_ipv4(ipprim_tree, hf_catapult_dct2000_ipprim_dst_addr,
790
tvb, offset, 0, dest_addr);
791
addr_ti = proto_tree_add_ipv4(ipprim_tree, hf_catapult_dct2000_ipprim_addr,
792
tvb, offset, 0, dest_addr);
863
proto_tree_add_item(ipprim_tree, hf_catapult_dct2000_ipprim_dst_addr,
864
tvb, dest_addr_offset, 4, FALSE);
865
addr_ti = proto_tree_add_item(ipprim_tree, hf_catapult_dct2000_ipprim_addr,
866
tvb, dest_addr_offset, 4, FALSE);
793
867
PROTO_ITEM_SET_HIDDEN(addr_ti);
869
if (dest_port_offset != 0)
797
871
proto_item *port_ti;
798
proto_tree_add_uint(ipprim_tree,
872
proto_tree_add_item(ipprim_tree,
799
873
(type_of_port == PT_UDP) ?
800
874
hf_catapult_dct2000_ipprim_udp_dst_port :
801
875
hf_catapult_dct2000_ipprim_tcp_dst_port,
802
tvb, offset, 0, dest_port);
803
port_ti = proto_tree_add_uint(ipprim_tree,
876
tvb, dest_port_offset, 2, FALSE);
877
port_ti = proto_tree_add_item(ipprim_tree,
804
878
(type_of_port == PT_UDP) ?
805
879
hf_catapult_dct2000_ipprim_udp_port :
806
880
hf_catapult_dct2000_ipprim_tcp_port,
807
tvb, offset, 0, dest_port);
881
tvb, dest_port_offset, 2, FALSE);
808
882
PROTO_ITEM_SET_HIDDEN(port_ti);
885
/* Set length for IPPrim tree */
886
proto_item_set_len(ipprim_tree, offset - offset_before_ipprim_header);
1028
1121
/* Determines whether for not-handled protocols we should try to parse it if:
1029
1122
- it looks like its embedded in an ipprim message, AND
1030
- the DCT2000 protocol name matches an wireshark dissector name */
1123
- the DCT2000 protocol name matches a wireshark dissector name */
1031
1124
prefs_register_bool_preference(catapult_dct2000_module, "ipprim_heuristic",
1032
1125
"Use IP Primitive heuristic",
1033
1126
"If a payload looks like its embedded in an "
1034
"IP primitive message, and there is an wireshark "
1127
"IP primitive message, and there is a wireshark "
1035
1128
"dissector matching the DCT2000 protocol name, "
1036
1129
"try parsing the payload using that dissector",
1037
1130
&catapult_dct2000_try_ipprim_heuristic);
1039
1132
/* Determines whether for not-handled protocols we should try to parse it if:
1040
1133
- it looks like its embedded in an sctpprim message, AND
1041
- the DCT2000 protocol name matches an wireshark dissector name */
1134
- the DCT2000 protocol name matches n wireshark dissector name */
1042
1135
prefs_register_bool_preference(catapult_dct2000_module, "sctpprim_heuristic",
1043
1136
"Use SCTP Primitive heuristic",
1044
1137
"If a payload looks like its embedded in an "
1045
"SCTP primitive message, and there is an wireshark "
1138
"SCTP primitive message, and there is a wireshark "
1046
1139
"dissector matching the DCT2000 protocol name, "
1047
1140
"try parsing the payload using that dissector",
1048
1141
&catapult_dct2000_try_sctpprim_heuristic);