diff options
Diffstat (limited to 'epan/dissectors')
| -rw-r--r-- | epan/dissectors/packet-dcerpc.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index cd6060d82c..0840c8a169 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -5657,7 +5657,7 @@ dissect_dcerpc_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* da } static gboolean -dissect_dcerpc_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +dissect_dcerpc_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dcerpc_decode_as_data* decode_data; @@ -5671,6 +5671,18 @@ dissect_dcerpc_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *da return TRUE; } +static int +dissect_dcerpc_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + dcerpc_decode_as_data* decode_data; + + decode_data = dcerpc_get_decode_data(pinfo); + decode_data->dcetransporttype = DCE_TRANSPORT_UNKNOWN; + + tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, 10, get_dcerpc_pdu_len, dissect_dcerpc_pdu, data); + return tvb_captured_length(tvb); +} + static gboolean dissect_dcerpc_cn_smbpipe(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { @@ -6968,7 +6980,9 @@ proto_register_dcerpc(void) void proto_reg_handoff_dcerpc(void) { - heur_dissector_add("tcp", dissect_dcerpc_tcp, "DCE/RPC over TCP", "dcerpc_tcp", proto_dcerpc, HEURISTIC_ENABLE); + dissector_handle_t dcerpc_tcp_handle; + + heur_dissector_add("tcp", dissect_dcerpc_tcp_heur, "DCE/RPC over TCP", "dcerpc_tcp", proto_dcerpc, HEURISTIC_ENABLE); heur_dissector_add("netbios", dissect_dcerpc_cn_pk, "DCE/RPC over NetBios", "dcerpc_netbios", proto_dcerpc, HEURISTIC_ENABLE); heur_dissector_add("udp", dissect_dcerpc_dg, "DCE/RPC over UDP", "dcerpc_udp", proto_dcerpc, HEURISTIC_ENABLE); heur_dissector_add("smb_transact", dissect_dcerpc_cn_smbpipe, "DCE/RPC over SMB", "dcerpc_smb_transact", proto_dcerpc, HEURISTIC_ENABLE); @@ -6976,6 +6990,9 @@ proto_reg_handoff_dcerpc(void) heur_dissector_add("http", dissect_dcerpc_cn_bs, "DCE/RPC over HTTP", "dcerpc_http", proto_dcerpc, HEURISTIC_ENABLE); dcerpc_smb_init(proto_dcerpc); + dcerpc_tcp_handle = create_dissector_handle(dissect_dcerpc_tcp, proto_dcerpc); + dissector_add_for_decode_as("tcp.port", dcerpc_tcp_handle); + guids_add_uuid(&uuid_data_repr_proto, "32bit NDR"); guids_add_uuid(&uuid_ndr64, "64bit NDR"); guids_add_uuid(&uuid_asyncemsmdb, "async MAPI"); |