diff options
author | Martin Mathieson <martin.r.mathieson@googlemail.com> | 2017-04-26 21:46:14 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2017-05-02 14:57:15 +0000 |
commit | fc931b8d912ce1be08129b578eba8c26da12813c (patch) | |
tree | a90242babd2f39710f8d891a2e288c765859bd39 | |
parent | 66d6ff9f98edea9efe848f35fc3a0e853c5b86c6 (diff) | |
download | wireshark-fc931b8d912ce1be08129b578eba8c26da12813c.tar.gz |
Snort: Ask for needed fields.
Doesn't seem to make a difference at the moment, but ask
for it regardless.
Change-Id: I94ff4f1321b2b2f2cde23f3281a6b79fd7048009
Reviewed-on: https://code.wireshark.org/review/21436
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r-- | epan/dissectors/packet-snort.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/epan/dissectors/packet-snort.c b/epan/dissectors/packet-snort.c index b1f0c5bef5..1df1a0564f 100644 --- a/epan/dissectors/packet-snort.c +++ b/epan/dissectors/packet-snort.c @@ -109,6 +109,8 @@ static int ett_snort_global_stats = -1; static expert_field ei_snort_alert = EI_INIT; static expert_field ei_snort_content_not_matched = EI_INIT; +static dissector_handle_t snort_handle; + /*****************************************/ /* Preferences */ @@ -1342,6 +1344,14 @@ proto_reg_handoff_snort(void) * work as a non-root user (couldn't read stdin) * TODO: could run snort just to get the version number and check the config file is readable? * TODO: could make snort config parsing less forgiving and use that as a test? */ + + /* Add items we want to try to get to find before we get called. + For now, just ask for tcp.reassembled_in, which won't be seen + on the first pass through the packets. */ + GArray *wanted_hfids = g_array_new(FALSE, FALSE, (guint)sizeof(int)); + int id = proto_registrar_get_id_byname("tcp.reassembled_in"); + g_array_append_val(wanted_hfids, id); + set_postdissector_wanted_hfids(snort_handle, wanted_hfids); } void @@ -1453,8 +1463,6 @@ proto_register_snort(void) expert_module_t* expert_snort; - - dissector_handle_t snort_handle; module_t *snort_module; proto_snort = proto_register_protocol("Snort Alerts", "Snort", "snort"); |