search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-tpkt.c
blobdde662644b98b86512b31aff52c7b79a8704486a
1 /* packet-tpkt.c
2 *
3 * Routine to check for RFC 1006 TPKT header and to dissect TPKT header
4 * Copyright 2000, Philips Electronics N.V.
5 * Andreas Sikkema <h323@ramdyne.nl>
6 *
7 * Routine to dissect RFC 1006 TPKT packet containing OSI TP PDU
8 * Copyright 2001, Martin Thomas <Martin_A_Thomas@yahoo.com>
9 *
10 * Wireshark - Network traffic analyzer
11 * By Gerald Combs <gerald@wireshark.org>
12 * Copyright 1998 Gerald Combs
13 *
14 * SPDX-License-Identifier: GPL-2.0-or-later
15 */
16
17 #include "config.h"
18
19 #include <epan/packet.h>
20 #include <epan/exceptions.h>
21 #include <epan/prefs.h>
22 #include <epan/show_exception.h>
23 #include <epan/conversation.h>
24
25 #include "packet-tpkt.h"
26
27 void proto_register_tpkt(void);
28 void proto_reg_handoff_tpkt(void);
29
30 static heur_dissector_list_t tpkt_heur_subdissector_list;
31
32 /* TPKT header fields */
33 static int proto_tpkt;
34 static int proto_tpkt_heur;
35 static protocol_t *proto_tpkt_ptr;
36 static int hf_tpkt_version;
37 static int hf_tpkt_reserved;
38 static int hf_tpkt_length;
39 static int hf_tpkt_continuation_data;
40
41
42 /* TPKT fields defining a sub tree */
43 static int ett_tpkt;
44
45 /* desegmentation of OSI over TPKT over TCP */
46 static bool tpkt_desegment = true;
47
48 #define TCP_PORT_TPKT_RANGE "102"
49
50 /* IANA registered port for RDP (as ms-wbt-server) */
51 #define TCP_PORT_RDP 3389
52
53 /* find the dissector for OSI TP (aka COTP) */
54 static dissector_handle_t osi_tp_handle;
55 static dissector_handle_t tpkt_handle;
56
57 #define DEFAULT_TPKT_PORT_RANGE "102"
58
59 /*
60 * Check whether this could be a TPKT-encapsulated PDU.
61 * Returns -1 if it's not, and the PDU length from the TPKT header
62 * if it is.
63 *
64 * "min_len" is the minimum length of the PDU; the length field in the
65 * TPKT header must be at least "4+min_len" in order for this to be a
66 * valid TPKT PDU for the protocol in question.
67 */
68 int
69 is_tpkt(tvbuff_t *tvb, int min_len)
70 {
71 uint16_t pkt_len;
72
73 /*
74 * If TPKT is disabled, don't dissect it, just return -1, meaning
75 * "this isn't TPKT".
76 */
77 if (!proto_is_protocol_enabled(proto_tpkt_ptr))
78 return -1;
79
80 /* There should at least be 4 bytes left in the frame */
81 if (tvb_captured_length(tvb) < 4)
82 return -1; /* there aren't */
83
84 /*
85 * The first octet should be 3 and the second one should be 0
86 * The H.323 implementers guide suggests that this might not
87 * always be the case....
88 */
89 if (!(tvb_get_uint8(tvb, 0) == 3 && tvb_get_uint8(tvb, 1) == 0))
90 return -1; /* they're not */
91
92 /*
93 * Get the length from the TPKT header. Make sure it's large
94 * enough.
95 */
96 pkt_len = tvb_get_ntohs(tvb, 2);
97 if (pkt_len < 4 + min_len)
98 return -1; /* it's not */
99
100 /*
101 * Return the length from the header.
102 */
103 return pkt_len;
104 }
105 uint16_t
106 is_asciitpkt(tvbuff_t *tvb)
107 {
108 uint16_t count;
109 /*
110 * If TPKT is disabled, don't dissect it, just return -1, meaning
111 * "this isn't TPKT".
112 */
113 if (!proto_is_protocol_enabled(proto_tpkt_ptr))
114 return -1;
115
116 /* There should at least be 8 bytes left in the frame */
117 if (!tvb_bytes_exist(tvb, 0, 8))
118 return -1; /* there aren't */
119
120 /*
121 * The first four octets should be alphanumeric ASCII
122 */
123 for (count = 0; count <=7 ; count ++)
124 {
125 if(!g_ascii_isalnum(tvb_get_uint8(tvb,count)))
126 {
127 return 0;
128 }
129 }
130 return 1;
131
132
133 }
134 static int
135 parseLengthText ( uint8_t* pTpktData )
136 {
137 int value = 0;
138 const uint8_t * pData = pTpktData;
139 int bitvalue = 0, count1 = 3;
140 int count;
141 for (count = 0; count <= 3; count++)
142 {
143 if (('0' <= *(pData + count)) && (*(pData + count) <= '9'))
144 bitvalue = *(pData + count) - 48;
145 else if (('a' <= *(pData + count)) && (*(pData + count) <= 'f' ))
146 bitvalue = *(pData + count) - 87;
147 else if (('A' <= *(pData + count)) && (*(pData + count) <= 'F' ))
148 bitvalue = *(pData + count) - 55;
149
150 value += bitvalue << (4*count1);
151 count1--;
152 }
153 return value;
154 }
155 static int
156 parseVersionText ( uint8_t* pTpktData )
157 {
158 int value = 0;
159 uint8_t * pData = pTpktData;
160 int bitvalue = 0, count1 = 1;
161 int count;
162 for (count = 0; count <= 1; count++)
163 {
164 if (('0' <= *(pData + count)) && (*(pData + count) <= '9'))
165 bitvalue = *(pData + count) - 48;
166 else if (('a' <= *(pData + count)) && (*(pData + count) <= 'f' ))
167 bitvalue = *(pData + count) - 87;
168 else if (('A' <= *(pData + count)) && (*(pData + count) <= 'F' ))
169 bitvalue = *(pData + count) - 55;
170
171 value += bitvalue << (4*count1);
172 count1--;
173 }
174
175 return value;
176 }
177 static int
178 parseReservedText ( uint8_t* pTpktData )
179 {
180 int value = 0;
181 uint8_t * pData = pTpktData;
182 int bitvalue = 0, count1 = 1;
183 int count;
184 for (count = 0; count <= 1; count++)
185 {
186 if (('0' <= *(pData + count)) && (*(pData + count) <= '9'))
187 bitvalue = *(pData + count) - 48;
188 else if (('a' <= *(pData + count)) && (*(pData + count) <= 'f' ))
189 bitvalue = *(pData + count) - 87;
190 else if (('A' <= *(pData + count)) && (*(pData + count) <= 'F' ))
191 bitvalue = *(pData + count) - 55;
192
193 value += bitvalue << (4*count1);
194 count1--;
195 }
196
197 return value;
198 }
199
200 /*
201 * Length of the TPKT text-layer header.
202 */
203 static const int TEXT_LAYER_LENGTH = 9;
204
205 /*
206 * Dissect ASCII TPKT-encapsulated data in a TCP stream.
207 */
208 void
209 dissect_asciitpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
210 dissector_handle_t subdissector_handle)
211 {
212 proto_item *ti = NULL;
213 proto_tree *tpkt_tree = NULL;
214 volatile int offset = 0;
215 int length_remaining;
216 int data_len;
217 volatile int mgcp_packet_len = 0;
218 int mgcp_version = 0;
219 int mgcp_reserved = 0;
220 volatile int length;
221 tvbuff_t *volatile next_tvb;
222 const char *saved_proto;
223 uint8_t string[4];
224
225 /*
226 * If we're reassembling segmented TPKT PDUs, empty the COL_INFO
227 * column, so subdissectors can append information
228 * without having to worry about emptying the column.
229 *
230 * We use "col_add_str()" because the subdissector
231 * might be appending information to the column, in
232 * which case we'd have to zero the buffer out explicitly
233 * anyway.
234 */
235 if (tpkt_desegment)
236 col_clear(pinfo->cinfo, COL_INFO);
237
238 while (tvb_reported_length_remaining(tvb, offset) != 0) {
239 /*
240 * Is the first byte of this putative TPKT header
241 * a valid TPKT version number, i.e. 3?
242 */
243 if (tvb_get_uint8(tvb, offset) != 48) {
244 /*
245 * No, so don't assume this is a TPKT header;
246 * we might be in the middle of TPKT data,
247 * so don't get the length and don't try to
248 * do reassembly.
249 */
250 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
251 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
252 if (tree) {
253 ti = proto_tree_add_item(tree, proto_tpkt, tvb,
254 offset, -1, ENC_NA);
255 tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
256
257 proto_tree_add_item(tpkt_tree, hf_tpkt_continuation_data, tvb, offset, -1, ENC_NA);
258 }
259 return;
260 }
261
262 length_remaining = tvb_captured_length_remaining(tvb, offset);
263
264 /*
265 * Get the length from the TPKT header.
266 */
267
268 tvb_memcpy(tvb, (uint8_t *)string, offset, 2);
269 mgcp_version = parseVersionText(string);
270 tvb_memcpy(tvb, (uint8_t *)string, offset +2, 2);
271 mgcp_reserved = parseReservedText(string);
272 tvb_memcpy(tvb, (uint8_t *)string, offset + 4, 4);
273 mgcp_packet_len = parseLengthText(string);
274 data_len = mgcp_packet_len;
275
276 /*
277 * Dissect the TPKT header.
278 * Save and restore "pinfo->current_proto".
279 */
280 saved_proto = pinfo->current_proto;
281 pinfo->current_proto = "TPKT";
282
283 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
284 /*
285 * Don't add the TPKT header information if we're
286 * reassembling segmented TPKT PDUs or if this
287 * PDU isn't reassembled.
288 *
289 * XXX - the first is so that subdissectors can append
290 * information without getting TPKT stuff in the middle;
291 * why the second?
292 */
293 if (!tpkt_desegment && !pinfo->fragmented) {
294 col_add_fstr(pinfo->cinfo, COL_INFO,
295 "TPKT Data length = %u", data_len);
296 }
297
298 if (tree) {
299 ti = proto_tree_add_item(tree, proto_tpkt, tvb,
300 offset, 8, ENC_NA);
301 tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
302 proto_item_set_text(ti, "TPKT");
303
304 /* Version */
305 proto_tree_add_uint(tpkt_tree, hf_tpkt_version, tvb,
306 offset, 2, mgcp_version);
307
308 /* Reserved octet*/
309 proto_tree_add_uint(tpkt_tree, hf_tpkt_reserved, tvb,
310 offset + 2, 2, mgcp_reserved);
311
312 /* Length */
313 proto_tree_add_uint(tpkt_tree, hf_tpkt_length, tvb,
314 offset + 4, 4, mgcp_packet_len);
315 }
316 pinfo->current_proto = saved_proto;
317
318 /* Skip the TPKT header. */
319 offset += TEXT_LAYER_LENGTH;
320 length = length_remaining - TEXT_LAYER_LENGTH;
321 if (length > data_len)
322 length = data_len;
323
324 next_tvb = tvb_new_subset_length_caplen(tvb, offset,length, data_len);
325
326 /*
327 * Call the subdissector.
328 *
329 * If it gets an error that means there's no point in
330 * dissecting any more TPKT messages, rethrow the
331 * exception in question.
332 *
333 * If it gets any other error, report it and continue, as that
334 * means that TPKT message got an error, but that doesn't mean
335 * we should stop dissecting TPKT messages within this frame
336 * or chunk of reassembled data.
337 */
338 TRY {
339 call_dissector(subdissector_handle, next_tvb, pinfo,
340 tree);
341 }
342 CATCH_NONFATAL_ERRORS {
343
344 show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
345 }
346 ENDTRY;
347
348 /*
349 * Skip the payload.
350 */
351 offset += data_len;
352 }
353 }
354
355 /*
356 * Dissect TPKT-encapsulated data in a TCP stream.
357 */
358 void
359 dissect_tpkt_encap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
360 bool desegment, dissector_handle_t subdissector_handle)
361 {
362 proto_item *ti = NULL;
363 proto_tree *tpkt_tree = NULL;
364 volatile int offset = 0;
365 int length_remaining;
366 int data_len;
367 volatile int length;
368 tvbuff_t *volatile next_tvb;
369 const char *saved_proto;
370 heur_dtbl_entry_t *hdtbl_entry;
371
372 /*
373 * If we're reassembling segmented TPKT PDUs, empty the COL_INFO
374 * column, so subdissectors can append information
375 * without having to worry about emptying the column.
376 *
377 * We use "col_add_str()" because the subdissector
378 * might be appending information to the column, in
379 * which case we'd have to zero the buffer out explicitly
380 * anyway.
381 */
382 if (desegment)
383 col_clear(pinfo->cinfo, COL_INFO);
384
385 while (tvb_reported_length_remaining(tvb, offset) != 0) {
386 /*
387 * Is the first byte of this putative TPKT header
388 * a valid TPKT version number, i.e. 3?
389 */
390 if (tvb_get_uint8(tvb, offset) != 3) {
391 /*
392 * No, so don't assume this is a TPKT header;
393 * we might be in the middle of TPKT data,
394 * so don't get the length and don't try to
395 * do reassembly.
396 */
397
398 if (dissector_try_heuristic(tpkt_heur_subdissector_list, tvb,
399 pinfo, proto_tree_get_root(tree),
400 &hdtbl_entry, NULL)) {
401 return;
402 }
403
404 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
405 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
406 if (tree) {
407 ti = proto_tree_add_item(tree, proto_tpkt, tvb,
408 offset, -1, ENC_NA);
409 tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
410
411 proto_tree_add_item(tpkt_tree, hf_tpkt_continuation_data, tvb, offset, -1, ENC_NA);
412 }
413 return;
414 }
415
416 length_remaining = tvb_captured_length_remaining(tvb, offset);
417
418 /*
419 * Can we do reassembly?
420 */
421 if (desegment && pinfo->can_desegment) {
422 /*
423 * Yes - is the TPKT header split across segment
424 * boundaries?
425 */
426 if (length_remaining < 4) {
427 /*
428 * Yes. Tell the TCP dissector where the data
429 * for this message starts in the data it
430 * handed us and that we need "some more data."
431 * Don't tell it exactly how many bytes we need
432 * because if/when we ask for even more (after
433 * the header) that will break reassembly.
434 */
435 pinfo->desegment_offset = offset;
436 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
437 return;
438 }
439 }
440
441 /*
442 * Get the length from the TPKT header.
443 */
444 data_len = tvb_get_ntohs(tvb, offset + 2);
445
446 /*
447 * Can we do reassembly?
448 */
449 if (desegment && pinfo->can_desegment) {
450 /*
451 * Yes - is the payload split across segment
452 * boundaries?
453 */
454 if (length_remaining < data_len) {
455 /*
456 * Yes. Tell the TCP dissector where
457 * the data for this message starts in
458 * the data it handed us, and how many
459 * more bytes we need, and return.
460 */
461 pinfo->desegment_offset = offset;
462 pinfo->desegment_len =
463 data_len - length_remaining;
464 return;
465 }
466 }
467
468 /*
469 * Dissect the TPKT header.
470 * Save and restore "pinfo->current_proto".
471 */
472 saved_proto = pinfo->current_proto;
473 pinfo->current_proto = "TPKT";
474
475 col_set_str(pinfo->cinfo, COL_PROTOCOL, "TPKT");
476 /*
477 * Don't add the TPKT header information if we're
478 * reassembling segmented TPKT PDUs or if this
479 * PDU isn't reassembled.
480 *
481 * XXX - the first is so that subdissectors can append
482 * information without getting TPKT stuff in the middle;
483 * why the second?
484 */
485 if (!desegment && !pinfo->fragmented) {
486 col_add_fstr(pinfo->cinfo, COL_INFO,
487 "TPKT Data length = %u", data_len);
488 }
489
490 if (tree) {
491 ti = proto_tree_add_item(tree, proto_tpkt, tvb,
492 offset, 4, ENC_NA);
493 tpkt_tree = proto_item_add_subtree(ti, ett_tpkt);
494 proto_item_set_text(ti, "TPKT");
495
496 /* Version */
497 proto_tree_add_item(tpkt_tree, hf_tpkt_version, tvb,
498 offset, 1, ENC_BIG_ENDIAN);
499 proto_item_append_text(ti, ", Version: 3");
500
501 /* Reserved octet*/
502 proto_tree_add_item(tpkt_tree, hf_tpkt_reserved, tvb,
503 offset + 1, 1, ENC_BIG_ENDIAN);
504
505 /* Length */
506 proto_tree_add_uint(tpkt_tree, hf_tpkt_length, tvb,
507 offset + 2, 2, data_len);
508 proto_item_append_text(ti, ", Length: %u", data_len);
509 }
510 pinfo->current_proto = saved_proto;
511
512 /* Skip the TPKT header. */
513 offset += 4;
514 data_len -= 4;
515
516 /*
517 * Construct a tvbuff containing the amount of the payload
518 * we have available. Make its reported length the
519 * amount of data in this TPKT packet.
520 *
521 * XXX - if reassembly isn't enabled. the subdissector
522 * will throw a BoundsError exception, rather than a
523 * ReportedBoundsError exception. We really want
524 * a tvbuff where the length is "length", the reported
525 * length is "plen + 2", and the "if the snapshot length
526 * were infinite" length were the minimum of the
527 * reported length of the tvbuff handed to us and "plen+2",
528 * with a new type of exception thrown if the offset is
529 * within the reported length but beyond that third length,
530 * with that exception getting the "Unreassembled Packet"
531 * error.
532 */
533 length = length_remaining - 4;
534 if (length > data_len)
535 length = data_len;
536 next_tvb = tvb_new_subset_length_caplen(tvb, offset, length, data_len);
537
538 /*
539 * Call the subdissector.
540 *
541 * If it gets an error that means there's no point in
542 * dissecting any more TPKT messages, rethrow the
543 * exception in question.
544 *
545 * If it gets any other error, report it and continue,
546 * as that means that TPKT message got an error, but
547 * that doesn't mean we should stop dissecting TPKT
548 * messages within this frame or chunk of reassembled
549 * data.
550 */
551 TRY {
552 call_dissector(subdissector_handle, next_tvb, pinfo,
553 tree);
554 }
555 CATCH_NONFATAL_ERRORS {
556 show_exception(tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
557 }
558 ENDTRY;
559
560 /*
561 * Skip the payload.
562 */
563 offset += length;
564 }
565 }
566
567 /*
568 * Dissect RFC 1006 TPKT, which wraps a TPKT header around an OSI TP
569 * PDU.
570 */
571 static int
572 dissect_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
573 {
574 dissect_tpkt_encap(tvb, pinfo, tree, tpkt_desegment, osi_tp_handle);
575 return tvb_captured_length(tvb);
576 }
577
578 /*
579 * Dissect ASCII TPKT, which wraps a ASCII TPKT header around an OSI TP
580 * PDU.
581 */
582 #if 0
583 static int
584 dissect_ascii_tpkt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
585 {
586 dissect_asciitpkt(tvb, pinfo, tree, osi_tp_handle);
587 return tvb_captured_length(tvb);
588 }
589 #endif
590
591 /* A heuristic dissector for TPKT. This is useful for RDP, where TLS may
592 * or may not be present depending on the RDP security settings.
593 */
594 static int
595 dissect_tpkt_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
596 {
597 if (is_tpkt(tvb, 0) == -1) {
598 /* Doesn't look like TPKT directly. Might be over TLS, so reject
599 * and let the TLS heuristic dissector take a look
600 */
601 return 0;
602 }
603
604 return dissect_tpkt(tvb, pinfo, tree, data);
605 }
606
607 static bool
608 dissect_tpkt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
609 {
610 return dissect_tpkt_tcp(tvb, pinfo, tree, data) > 0;
611 }
612
613 void
614 proto_register_tpkt(void)
615 {
616 static hf_register_info hf[] = {
617 {
618 &hf_tpkt_version,
619 {
620 "Version",
621 "tpkt.version",
622 FT_UINT16,
623 BASE_DEC,
624 NULL,
625 0x0,
626 "Version, only version 3 is defined", HFILL
627 }
628 },
629 {
630 &hf_tpkt_reserved,
631 {
632 "Reserved",
633 "tpkt.reserved",
634 FT_UINT8,
635 BASE_DEC,
636 NULL,
637 0x0,
638 "Reserved, should be 0", HFILL
639 }
640 },
641 {
642 &hf_tpkt_length,
643 {
644 "Length",
645 "tpkt.length",
646 FT_UINT16,
647 BASE_DEC,
648 NULL,
649 0x0,
650 "Length of data unit, including this header", HFILL
651 }
652 },
653 {
654 &hf_tpkt_continuation_data,
655 {
656 "Continuation data",
657 "tpkt.continuation_data",
658 FT_BYTES,
659 BASE_NONE,
660 NULL,
661 0x0,
662 NULL, HFILL
663 }
664 },
665 };
666
667 static int *ett[] =
668 {
669 &ett_tpkt,
670 };
671 module_t *tpkt_module;
672
673 proto_tpkt = proto_register_protocol("TPKT - ISO on TCP - RFC1006", "TPKT", "tpkt");
674 proto_tpkt_ptr = find_protocol_by_id(proto_tpkt);
675 proto_register_field_array(proto_tpkt, hf, array_length(hf));
676 proto_register_subtree_array(ett, array_length(ett));
677 tpkt_handle = register_dissector("tpkt", dissect_tpkt, proto_tpkt);
678
679 tpkt_module = prefs_register_protocol(proto_tpkt, NULL);
680 prefs_register_bool_preference(tpkt_module, "desegment",
681 "Reassemble TPKT messages spanning multiple TCP segments",
682 "Whether the TPKT dissector should reassemble messages spanning multiple TCP segments. "
683 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
684 &tpkt_desegment);
685
686 /* heuristic dissectors for preamble CredSSP before RDP and Fast-Path RDP packets */
687 tpkt_heur_subdissector_list = register_heur_dissector_list_with_description("tpkt", "TPKT fragment", proto_tpkt);
688
689 proto_tpkt_heur = proto_register_protocol_in_name_only("TPKT Heuristic (for RDP)", "TPKT Heuristic (for RDP)", "tpkt", proto_tpkt, FT_PROTOCOL);
690 }
691
692 void
693 proto_reg_handoff_tpkt(void)
694 {
695 osi_tp_handle = find_dissector("ositp");
696 dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_TPKT_RANGE, tpkt_handle);
697
698 /* ssl_dissector_add registers TLS as the dissector for TCP for the
699 * given port. We can't use it, since on port 3389 TPKT (for RDP) can be
700 * over TLS or directly over TCP, depending on the RDP security settings.
701 * TPKT heuristics are also too weak to enable in general. Instead,
702 * use the heuristic dissector by default just on the RDP port, and
703 * if rejected the TLS heuristic dissector will be tried.
704 */
705 dissector_add_uint("tls.port", TCP_PORT_RDP, tpkt_handle);
706 dissector_add_uint("tcp.port", TCP_PORT_RDP, create_dissector_handle(dissect_tpkt_tcp, proto_tpkt_heur));
707 heur_dissector_add("tcp", dissect_tpkt_heur, "TPKT over TCP", "tpkt_tcp", proto_tpkt, HEURISTIC_DISABLE);
708
709 /*
710 tpkt_ascii_handle = create_dissector_handle(dissect_ascii_tpkt, proto_tpkt);
711 dissector_add_uint("tcp.port", TCP_PORT_TPKT, tpkt_ascii_handle);
712 */
713
714 }
715
716 /*
717 * Editor modelines - https://www.wireshark.org/tools/modelines.html
718 *
719 * Local variables:
720 * c-basic-offset: 4
721 * tab-width: 8
722 * indent-tabs-mode: nil
723 * End:
724 *
725 * vi: set shiftwidth=4 tabstop=8 expandtab:
726 * :indentSize=4:tabSize=8:noTabs=true:
727 */
Metzes wireshark repo