diff options
| -rw-r--r-- | packet-q931.c | 108 | ||||
| -rw-r--r-- | packet-tpkt.c | 68 | ||||
| -rw-r--r-- | packet-tpkt.h | 13 |
3 files changed, 82 insertions, 107 deletions
diff --git a/packet-q931.c b/packet-q931.c index 2914e05278..f05a866b10 100644 --- a/packet-q931.c +++ b/packet-q931.c @@ -2,7 +2,7 @@ * Routines for Q.931 frame disassembly * Guy Harris <guy@alum.mit.edu> * - * $Id: packet-q931.c,v 1.35 2002/01/24 09:20:50 guy Exp $ + * $Id: packet-q931.c,v 1.36 2002/02/02 02:51:20 guy Exp $ * * Modified by Andreas Sikkema for possible use with H.323 * @@ -106,7 +106,7 @@ static gint ett_q931_ie = -1; #define Q931_STATUS_ENQUIRY 0x75 static const value_string q931_message_type_vals[] = { - { Q931_ESCAPE, "ESCAPE" }, + { Q931_ESCAPE, "ESCAPE" }, { Q931_ALERTING, "ALERTING" }, { Q931_CALL_PROCEEDING, "CALL PROCEEDING" }, { Q931_CONNECT, "CONNECT" }, @@ -2096,9 +2096,10 @@ static const value_string q931_codeset_vals[] = { static gboolean q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - gboolean started_heuristic) + gboolean is_heuristic) { int offset = 0; + int q931_offset; proto_tree *q931_tree = NULL; proto_item *ti; proto_tree *ie_tree; @@ -2130,96 +2131,61 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, */ #endif - protocol_discriminator = tvb_get_guint8( tvb, offset ); - /* Keep the protocol discriminator for later use */ - - if ( started_heuristic ) { + if ( is_heuristic ) { /* - * The heuristic Q.931 message should conform to this + * The heuristic Q.931 dissector checks for TPKT-encapsulated + * Q.931 packets. */ - if ( protocol_discriminator != NLPID_Q_931 ) - return FALSE; - - if ( ! is_tpkt( tvb, &offset ) ) - return FALSE; - - if ( tvb_length_remaining( tvb, offset ) <= 3 ) + q931_offset = offset; + lv_tpkt_len = is_tpkt( tvb, &q931_offset ); + if (lv_tpkt_len == -1) { + /* + * It's not a TPKT packet; reject it. + */ return FALSE; - } + } - /* - * The first byte should be < 8 (3 is TPKT, rest is Q.931) - */ - if ( protocol_discriminator < NLPID_Q_931 ) { /* * The minimum length of a Q.931 message is 3: * 1 byte for the protocol discriminator, * 1 for the call_reference length, * and one for the message type. + * + * Check that we have that many bytes past the + * TPKT header. */ - if ( tvb_length_remaining( tvb, offset ) <= 3 ) - return FALSE; - - /* - * OK, there are a couple of bytes available, but is there - * also a protocol discriminator? - */ - if ( tvb_length_remaining( tvb, offset ) > 4 ) { - /* Reread the protocol discriminator */ - protocol_discriminator = - tvb_get_guint8( tvb, offset + 4); - } else { - /* No discriminator available */ - protocol_discriminator = 0; - } - - /* - * If it's not H.323 related Q.931 no heuristic action needed - * Dangerous, there might be other uses for this code..... - */ - if (started_heuristic && protocol_discriminator != NLPID_Q_931) + if ( !tvb_bytes_exist( tvb, q931_offset, 3 ) ) return FALSE; /* - * Always check if it's a real TPKT message + * And check that we have that many bytes in the TPKT + * packet. */ - if ( ! is_tpkt( tvb, &offset ) ) + if (lv_tpkt_len < 3) return FALSE; - lv_tpkt_len = dissect_tpkt_header( tvb, &offset, pinfo, tree ); - if (lv_tpkt_len == -1) { - /* - * TPKT isn't enabled. - */ + /* Read the protocol discriminator */ + protocol_discriminator = tvb_get_guint8(tvb, q931_offset); + if (protocol_discriminator != NLPID_Q_931) { + /* Doesn't look like Q.931 inside TPKT */ return FALSE; } /* - * Check if it's an empty TPKT message (the next one might be a - * real Q.931 message) - * Skip TPKT length! + * Dissect the TPKT header. */ - if ( tvb_length_remaining( tvb, offset ) < lv_tpkt_len - 4 ) { - return TRUE; - } + dissect_tpkt_header( tvb, offset, pinfo, tree ); + + offset = q931_offset; /* - * Reset the current_proto variable because dissect_tpkt - * messed with it + * Reset the current_proto variable because + * "dissect_tpkt_header()" messed with it. */ - if ( started_heuristic ) - pinfo->current_proto = "Q.931 HEUR"; - else - pinfo->current_proto = "Q.931"; - } - - /* - * The minimum length of a Q.931 message is - * 3, 1 byte for the protocol discr. 1 for the call_reference length, - * and one for the message type. - */ - if ( tvb_length_remaining( tvb, offset ) <= 3 ) { - return FALSE; + pinfo->current_proto = "Q.931"; + } else { + protocol_discriminator = tvb_get_guint8( tvb, offset ); + /* Keep the protocol discriminator for later use */ } if (check_col(pinfo->cinfo, COL_PROTOCOL)) @@ -2358,6 +2324,8 @@ q931_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, * IE having the values 0x7E and 0x05 resp. * See http://www.mbuf.org/~moto/h323/h323decoder.html * + * XXX - should we base this on whether this is the + * heuristic dissector or not? */ if ( ( tvb_get_guint8( tvb, offset ) == 0x7E ) && @@ -2599,7 +2567,7 @@ dissect_q931_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * * which says it's for "h323hostcall"? */ - pinfo->current_proto = "Q.931 HEUR"; + pinfo->current_proto = "Q.931"; return q931_dissector(tvb, pinfo, tree, TRUE); } diff --git a/packet-tpkt.c b/packet-tpkt.c index a932a5b082..270c7641c4 100644 --- a/packet-tpkt.c +++ b/packet-tpkt.c @@ -7,7 +7,7 @@ * Routine to dissect RFC 1006 TPKT packet containing OSI TP PDU * Copyright 2001, Martin Thomas <Martin_A_Thomas@yahoo.com> * - * $Id: packet-tpkt.c,v 1.10 2002/01/21 07:36:44 guy Exp $ + * $Id: packet-tpkt.c,v 1.11 2002/02/02 02:51:20 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -64,55 +64,61 @@ static dissector_handle_t osi_tp_handle; /* * Check whether this could be a TPKT-encapsulated PDU. + * Returns -1 if it's not. + * Sets "*offset" to the offset of the first byte past the TPKT header, + * and returns the length from the TPKT header, if it is. */ -gboolean -is_tpkt( tvbuff_t *tvb, unsigned int* offset ) +int +is_tpkt( tvbuff_t *tvb, int *offset ) { + guint16 data_len; + + /* + * If TPKT is disabled, don't dissect it, just return -1, meaning + * "this isn't TPKT". + */ + if (!proto_is_protocol_enabled(proto_tpkt)) + return -1; + /* There should at least be 4 bytes left in the frame */ - if ( (*offset) + 4 > tvb_length( tvb ) ) - return FALSE; /* there isn't */ - /* + if ( (*offset) + 4 > (int)tvb_length( tvb ) ) + return -1; /* there aren't */ + + /* * The first octet should be 3 and the second one should be 0 - * The H.323 implementers guide suggests that this migh not + * The H.323 implementers guide suggests that this might not * always be the case.... */ if ( ! ( ( tvb_get_guint8( tvb, ( *offset ) ) == 3 ) && ( tvb_get_guint8( tvb, ( *offset ) + 1 ) == 0 ) ) ) - return FALSE; /* They're not */ + return -1; /* They're not */ + + data_len = tvb_get_ntohs( tvb, ( *offset ) + 2 ); - return TRUE; + *offset += 4; + return data_len; } /* * Dissect the TPKT header; called from the TPKT dissector, as well as * from dissectors such as the dissector for Q.931-over-TCP. * - * Returns -1 if TPKT isn't enabled, otherwise returns the PDU length - * from the TPKT header. - * - * Sets "*offset" to the offset following the TPKT header. + * Returns the PDU length from the TPKT header. */ int -dissect_tpkt_header( tvbuff_t *tvb, unsigned int* offset, packet_info *pinfo, proto_tree *tree ) +dissect_tpkt_header( tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree ) { proto_item *ti = NULL; proto_tree *tpkt_tree = NULL; guint16 data_len; - /* - * If TPKT is disabled, don't dissect it, just return -1, meaning - * "this isn't TPKT". - */ - if (!proto_is_protocol_enabled(proto_tpkt)) - return -1; - pinfo->current_proto = "TPKT"; if ( check_col( pinfo->cinfo, COL_PROTOCOL ) ) { col_set_str( pinfo->cinfo, COL_PROTOCOL, "TPKT" ); } - data_len = tvb_get_ntohs( tvb, (*offset) + 2 ); + data_len = tvb_get_ntohs( tvb, offset + 2 ); if ( check_col( pinfo->cinfo, COL_INFO) ) { col_add_fstr( pinfo->cinfo, COL_INFO, "TPKT Data length = %u", @@ -120,27 +126,26 @@ dissect_tpkt_header( tvbuff_t *tvb, unsigned int* offset, packet_info *pinfo, pr } if ( tree ) { - ti = proto_tree_add_item( tree, proto_tpkt, tvb, (*offset), 4, + ti = proto_tree_add_item( tree, proto_tpkt, tvb, offset, 4, FALSE ); tpkt_tree = proto_item_add_subtree( ti, ett_tpkt ); /* Version 1st octet */ proto_tree_add_item( tpkt_tree, hf_tpkt_version, tvb, - (*offset), 1, FALSE ); - (*offset)++; + offset, 1, FALSE ); + offset++; /* Reserved octet*/ proto_tree_add_item( tpkt_tree, hf_tpkt_reserved, tvb, - (*offset), 1, FALSE ); - (*offset)++; + offset, 1, FALSE ); + offset++; } else { - (*offset) += 2; + offset += 2; } if ( tree ) proto_tree_add_uint( tpkt_tree, hf_tpkt_length, tvb, - (*offset), 2, data_len ); + offset, 2, data_len ); - (*offset) += 2; return data_len; } @@ -157,7 +162,8 @@ dissect_tpkt( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree ) tvbuff_t *next_tvb; /* Dissect the TPKT header. */ - tpkt_len = dissect_tpkt_header(tvb, &offset, pinfo, tree); + tpkt_len = dissect_tpkt_header(tvb, offset, pinfo, tree); + offset += 4; /* * Now hand the minimum of (what's in this frame, what the TPKT diff --git a/packet-tpkt.h b/packet-tpkt.h index 588e1c7a33..9afc02a01a 100644 --- a/packet-tpkt.h +++ b/packet-tpkt.h @@ -5,7 +5,7 @@ * Copyright 2000, Philips Electronics N.V. * Andreas Sikkema <andreas.sikkema@philips.com> * - * $Id: packet-tpkt.h,v 1.4 2001/06/12 06:31:14 guy Exp $ + * $Id: packet-tpkt.h,v 1.5 2002/02/02 02:51:20 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -28,8 +28,11 @@ /* * Check whether this could be a TPKT-encapsulated PDU. + * Returns -1 if it's not. + * Sets "*offset" to the offset of the first byte past the TPKT header, + * and returns the length from the TPKT header, if it is. */ -gboolean is_tpkt( tvbuff_t *tvb, unsigned int* offset ); +int is_tpkt( tvbuff_t *tvb, int *offset ); /* @@ -38,8 +41,6 @@ gboolean is_tpkt( tvbuff_t *tvb, unsigned int* offset ); * * Returns -1 if TPKT isn't enabled, otherwise returns the PDU length * from the TPKT header. - * - * Sets "*offset" to the offset following the TPKT header. */ -int dissect_tpkt_header( tvbuff_t *tvb, unsigned int* offset, - packet_info *pinfo, proto_tree *tree ); +int dissect_tpkt_header( tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree ); |