diff options
Diffstat (limited to 'epan')
-rwxr-xr-x | epan/dissectors/dcerpc/drsuapi/drsuapi.cnf | 4 | ||||
-rw-r--r-- | epan/dissectors/dcerpc/drsuapi/drsuapi.idl | 4 | ||||
-rwxr-xr-x | epan/dissectors/dcerpc/drsuapi/template.c | 47 | ||||
-rw-r--r-- | epan/dissectors/dcerpc/idl2eth.c | 140 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc-drsuapi.c | 68 |
5 files changed, 181 insertions, 82 deletions
diff --git a/epan/dissectors/dcerpc/drsuapi/drsuapi.cnf b/epan/dissectors/dcerpc/drsuapi/drsuapi.cnf index 5501f40ffd..66f7243a70 100755 --- a/epan/dissectors/dcerpc/drsuapi/drsuapi.cnf +++ b/epan/dissectors/dcerpc/drsuapi/drsuapi.cnf @@ -3,3 +3,7 @@ #We dont know this type yet TYPE a_string drsuapi_dissect_a_string FT_STRING BASE_NONE 0 NULL 4 # +# this one is better/easier to just implement by hand +NOEMIT drsuapi_dissect_DsReplicaSyncRequest1Info_nc_dn +NOEMIT ucarray_drsuapi_dissect_DsReplicaSyncRequest1Info_nc_dn +# diff --git a/epan/dissectors/dcerpc/drsuapi/drsuapi.idl b/epan/dissectors/dcerpc/drsuapi/drsuapi.idl index 074bbe26e6..01a9f710af 100644 --- a/epan/dissectors/dcerpc/drsuapi/drsuapi.idl +++ b/epan/dissectors/dcerpc/drsuapi/drsuapi.idl @@ -120,10 +120,10 @@ interface drsuapi uint32 unknown1; uint32 unknown2; GUID guid1; - /* this looks like a SID followed by a uint32 which is zero */ + /* this looks like a domain SID followed by a uint32 which is zero */ uint8 byte_array[28]; uint32 str_len; - [size_is(str_len)] uint16 nc_dn[]; + [size_is(str_len+1)] uint16 nc_dn[]; } drsuapi_DsReplicaSyncRequest1Info; typedef bitmap { diff --git a/epan/dissectors/dcerpc/drsuapi/template.c b/epan/dissectors/dcerpc/drsuapi/template.c index 5a715da15f..4465106c60 100755 --- a/epan/dissectors/dcerpc/drsuapi/template.c +++ b/epan/dissectors/dcerpc/drsuapi/template.c @@ -41,11 +41,54 @@ #include "packet-dcerpc-drsuapi.h" static int proto_drsuapi = -1; +static int hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn = -1; ETH_HF ETH_ETT static int +ucarray_drsuapi_dissect_DsReplicaSyncRequest1Info_nc_dn(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + header_field_info *hfinfo; + static guint32 len; + dcerpc_info *di; + char *s; + int old_offset; + + di=pinfo->private_data; + if(di->conformant_run){ + /*just a run to handle conformant arrays, nothing to dissect + but we need to remember how long this array was. + see packet-dcerpc.c for examples of conformant_run + and what it is. + */ + old_offset=offset; + offset=dissect_dcerpc_uint32(tvb, offset, pinfo, NULL, drep, -1, &len); + di->array_max_count_offset=offset-4; + di->conformant_run=1; + di->conformant_eaten=offset-old_offset; + return offset; + } + + ALIGN_TO_2_BYTES; + + s = tvb_fake_unicode(tvb, offset, len, TRUE); + if (tree && len) { + hfinfo = proto_registrar_get_nth(hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn); + if (hfinfo->type == FT_STRING) { + proto_tree_add_string(tree, hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, tvb, offset, + len, s); + } else { + proto_tree_add_item(tree, hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, tvb, offset, + len, drep[0] & 0x10); + } + } + + offset+=2*len; + return offset; +} + +static int drsuapi_dissect_a_string(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_) { offset=dissect_ndr_vstring(tvb, offset, pinfo, tree, drep, 1, hf_index, FALSE, NULL); @@ -58,6 +101,10 @@ void proto_register_drsuapi(void) { static hf_register_info hf[] = { + { &hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, + { "nc_dn", "drsuapi.DsReplicaSyncRequest1Info.nc_dn", FT_STRING, BASE_DEC, + NULL, 0, + "", HFILL }}, ETH_HFARR }; diff --git a/epan/dissectors/dcerpc/idl2eth.c b/epan/dissectors/dcerpc/idl2eth.c index 61f853a763..64765b610c 100644 --- a/epan/dissectors/dcerpc/idl2eth.c +++ b/epan/dissectors/dcerpc/idl2eth.c @@ -1510,44 +1510,56 @@ void parsetypedefstruct(int pass) sprintf(tmpstr, "%s_dissect_%s_%s", ifname, struct_name, field_name); ptmpstr=strdup(tmpstr); - sprintf(filter_name, "%s.%s.%s", ifname, struct_name, field_name); - hf=register_hf_field(hf_index, field_name, filter_name, type_item->ft_type, type_item->base_type, type_item->vals, type_item->mask, ""); - FPRINTF(eth_code, "static int\n"); - FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", ptmpstr); - FPRINTF(eth_code, "{\n"); - FPRINTF(eth_code, " guint32 param=%s;\n",find_dissector_param_value(ptmpstr)); - FPRINTF(eth_code, " offset=%s(tvb, offset, pinfo, tree, drep, %s, param);\n", type_item->dissector, hf); - FPRINTF(eth_code, " return offset;\n"); - FPRINTF(eth_code, "}\n"); - FPRINTF(eth_code, "\n"); + if(check_if_to_emit(tmpstr)){ + sprintf(filter_name, "%s.%s.%s", ifname, struct_name, field_name); + hf=register_hf_field(hf_index, field_name, filter_name, type_item->ft_type, type_item->base_type, type_item->vals, type_item->mask, ""); + FPRINTF(eth_code, "static int\n"); + FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", ptmpstr); + FPRINTF(eth_code, "{\n"); + FPRINTF(eth_code, " guint32 param=%s;\n",find_dissector_param_value(ptmpstr)); + FPRINTF(eth_code, " offset=%s(tvb, offset, pinfo, tree, drep, %s, param);\n", type_item->dissector, hf); + FPRINTF(eth_code, " return offset;\n"); + FPRINTF(eth_code, "}\n"); + FPRINTF(eth_code, "\n"); + } else { + FPRINTF(NULL,"NOEMIT Skipping this struct item :%s\n",tmpstr); + } if(is_array_of_pointers){ pointer_type=pi->type; pi=pi->next; sprintf(tmpstr, "%s_%s", pointer_type, ptmpstr); - FPRINTF(eth_code, "static int\n"); - FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); - FPRINTF(eth_code, "{\n"); - FPRINTF(eth_code, " offset=dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, %s, %s, \"%s\", -1);\n", ptmpstr, ptr_to_define(pointer_type), field_name); - FPRINTF(eth_code, " return offset;\n"); - FPRINTF(eth_code, "}\n"); - FPRINTF(eth_code, "\n"); + if(check_if_to_emit(tmpstr)){ + FPRINTF(eth_code, "static int\n"); + FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); + FPRINTF(eth_code, "{\n"); + FPRINTF(eth_code, " offset=dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, %s, %s, \"%s\", -1);\n", ptmpstr, ptr_to_define(pointer_type), field_name); + FPRINTF(eth_code, " return offset;\n"); + FPRINTF(eth_code, "}\n"); + FPRINTF(eth_code, "\n"); + } else { + FPRINTF(NULL,"NOEMIT Skipping this struct item :%s\n",tmpstr); + } ptmpstr=strdup(tmpstr); } else if(fixed_array_size){ sprintf(tmpstr, "fixedarray_%s", ptmpstr); - FPRINTF(eth_code, "static int\n"); - FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); - FPRINTF(eth_code, "{\n"); - FPRINTF(eth_code, " int count=%d;\n",fixed_array_size); - FPRINTF(eth_code, " while(count--){\n"); - FPRINTF(eth_code, " offset=%s(tvb, offset, pinfo, tree, drep);\n", ptmpstr); - FPRINTF(eth_code, " }\n"); - FPRINTF(eth_code, "\n"); - FPRINTF(eth_code, " return offset;\n"); - FPRINTF(eth_code, "}\n"); - FPRINTF(eth_code, "\n"); + if(check_if_to_emit(tmpstr)){ + FPRINTF(eth_code, "static int\n"); + FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); + FPRINTF(eth_code, "{\n"); + FPRINTF(eth_code, " int count=%d;\n",fixed_array_size); + FPRINTF(eth_code, " while(count--){\n"); + FPRINTF(eth_code, " offset=%s(tvb, offset, pinfo, tree, drep);\n", ptmpstr); + FPRINTF(eth_code, " }\n"); + FPRINTF(eth_code, "\n"); + FPRINTF(eth_code, " return offset;\n"); + FPRINTF(eth_code, "}\n"); + FPRINTF(eth_code, "\n"); + } else { + FPRINTF(NULL,"NOEMIT Skipping this struct item :%s\n",tmpstr); + } ptmpstr=strdup(tmpstr); } @@ -1558,35 +1570,47 @@ void parsetypedefstruct(int pass) break; case BI_SIZE_IS: sprintf(tmpstr, "ucarray_%s", ptmpstr); - FPRINTF(eth_code, "static int\n"); - FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); - FPRINTF(eth_code, "{\n"); - FPRINTF(eth_code, " offset=dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, %s);\n", ptmpstr); - FPRINTF(eth_code, " return offset;\n"); - FPRINTF(eth_code, "}\n"); - FPRINTF(eth_code, "\n"); + if(check_if_to_emit(tmpstr)){ + FPRINTF(eth_code, "static int\n"); + FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); + FPRINTF(eth_code, "{\n"); + FPRINTF(eth_code, " offset=dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, %s);\n", ptmpstr); + FPRINTF(eth_code, " return offset;\n"); + FPRINTF(eth_code, "}\n"); + FPRINTF(eth_code, "\n"); + } else { + FPRINTF(NULL,"NOEMIT Skipping this struct item :%s\n",tmpstr); + } ptmpstr=strdup(tmpstr); break; case BI_LENGTH_IS: sprintf(tmpstr, "uvarray_%s", ptmpstr); - FPRINTF(eth_code, "static int\n"); - FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); - FPRINTF(eth_code, "{\n"); - FPRINTF(eth_code, " offset=dissect_ndr_uvarray(tvb, offset, pinfo, tree, drep, %s);\n", ptmpstr); - FPRINTF(eth_code, " return offset;\n"); - FPRINTF(eth_code, "}\n"); - FPRINTF(eth_code, "\n"); + if(check_if_to_emit(tmpstr)){ + FPRINTF(eth_code, "static int\n"); + FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); + FPRINTF(eth_code, "{\n"); + FPRINTF(eth_code, " offset=dissect_ndr_uvarray(tvb, offset, pinfo, tree, drep, %s);\n", ptmpstr); + FPRINTF(eth_code, " return offset;\n"); + FPRINTF(eth_code, "}\n"); + FPRINTF(eth_code, "\n"); + } else { + FPRINTF(NULL,"NOEMIT Skipping this struct item :%s\n",tmpstr); + } ptmpstr=strdup(tmpstr); break; case BI_SIZE_IS|BI_LENGTH_IS: sprintf(tmpstr, "ucvarray_%s", ptmpstr); - FPRINTF(eth_code, "static int\n"); - FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); - FPRINTF(eth_code, "{\n"); - FPRINTF(eth_code, " offset=dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, %s);\n", ptmpstr); - FPRINTF(eth_code, " return offset;\n"); - FPRINTF(eth_code, "}\n"); - FPRINTF(eth_code, "\n"); + if(check_if_to_emit(tmpstr)){ + FPRINTF(eth_code, "static int\n"); + FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); + FPRINTF(eth_code, "{\n"); + FPRINTF(eth_code, " offset=dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, %s);\n", ptmpstr); + FPRINTF(eth_code, " return offset;\n"); + FPRINTF(eth_code, "}\n"); + FPRINTF(eth_code, "\n"); + } else { + FPRINTF(NULL,"NOEMIT Skipping this struct item :%s\n",tmpstr); + } ptmpstr=strdup(tmpstr); break; default: @@ -1600,13 +1624,17 @@ void parsetypedefstruct(int pass) pointer_type=pi->type; pi=pi->next; sprintf(tmpstr, "%s_%s", pointer_type, ptmpstr); - FPRINTF(eth_code, "static int\n"); - FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); - FPRINTF(eth_code, "{\n"); - FPRINTF(eth_code, " offset=dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, %s, %s, \"%s\", -1);\n", ptmpstr, ptr_to_define(pointer_type), field_name); - FPRINTF(eth_code, " return offset;\n"); - FPRINTF(eth_code, "}\n"); - FPRINTF(eth_code, "\n"); + if(check_if_to_emit(tmpstr)){ + FPRINTF(eth_code, "static int\n"); + FPRINTF(eth_code, "%s(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)\n", tmpstr); + FPRINTF(eth_code, "{\n"); + FPRINTF(eth_code, " offset=dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, %s, %s, \"%s\", -1);\n", ptmpstr, ptr_to_define(pointer_type), field_name); + FPRINTF(eth_code, " return offset;\n"); + FPRINTF(eth_code, "}\n"); + FPRINTF(eth_code, "\n"); + } else { + FPRINTF(NULL,"NOEMIT Skipping this struct item :%s\n",tmpstr); + } ptmpstr=strdup(tmpstr); } diff --git a/epan/dissectors/packet-dcerpc-drsuapi.c b/epan/dissectors/packet-dcerpc-drsuapi.c index 54a42452e0..7b47d774f8 100644 --- a/epan/dissectors/packet-dcerpc-drsuapi.c +++ b/epan/dissectors/packet-dcerpc-drsuapi.c @@ -41,6 +41,7 @@ #include "packet-dcerpc-drsuapi.h" static int proto_drsuapi = -1; +static int hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn = -1; /* INCLUDED FILE : ETH_HF */ @@ -93,7 +94,6 @@ static int hf_drsuapi_DsReplicaSyncRequest1Info_unknown2 = -1; static int hf_drsuapi_DsReplicaSyncRequest1Info_guid1 = -1; static int hf_drsuapi_DsReplicaSyncRequest1Info_byte_array = -1; static int hf_drsuapi_DsReplicaSyncRequest1Info_str_len = -1; -static int hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn = -1; static int hf_drsuapi_DsReplicaSyncOptions_DRSUAPI_DS_REPLICA_SYNC_ASYNCHRONOUS_OPERATION = -1; static int hf_drsuapi_DsReplicaSyncOptions_DRSUAPI_DS_REPLICA_SYNC_WRITEABLE = -1; static int hf_drsuapi_DsReplicaSyncOptions_DRSUAPI_DS_REPLICA_SYNC_PERIODIC = -1; @@ -446,11 +446,47 @@ static gint ett_drsuapi_DsReplicaInfo = -1; static int -drsuapi_dissect_u_string(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_) +ucarray_drsuapi_dissect_DsReplicaSyncRequest1Info_nc_dn(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { - offset=dissect_ndr_vstring(tvb, offset, pinfo, tree, drep, 2, hf_index, FALSE, NULL); - return offset; + header_field_info *hfinfo; + static guint32 len; + dcerpc_info *di; + char *s; + int old_offset; + + di=pinfo->private_data; + if(di->conformant_run){ + /*just a run to handle conformant arrays, nothing to dissect + but we need to remember how long this array was. + see packet-dcerpc.c for examples of conformant_run + and what it is. + */ + old_offset=offset; + offset=dissect_dcerpc_uint32(tvb, offset, pinfo, NULL, drep, -1, &len); + di->array_max_count_offset=offset-4; + di->conformant_run=1; + di->conformant_eaten=offset-old_offset; + return offset; + } + + ALIGN_TO_2_BYTES; + + s = tvb_fake_unicode(tvb, offset, len, TRUE); + if (tree && len) { + hfinfo = proto_registrar_get_nth(hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn); + if (hfinfo->type == FT_STRING) { + proto_tree_add_string(tree, hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, tvb, offset, + len, s); + } else { + proto_tree_add_item(tree, hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, tvb, offset, + len, drep[0] & 0x10); + } + } + + offset+=2*len; + return offset; } + static int drsuapi_dissect_a_string(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_) { @@ -1123,21 +1159,6 @@ drsuapi_dissect_uint16(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree return offset; } -static int -drsuapi_dissect_DsReplicaSyncRequest1Info_nc_dn(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) -{ - guint32 param=0; - offset=drsuapi_dissect_uint16(tvb, offset, pinfo, tree, drep, hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, param); - return offset; -} - -static int -ucarray_drsuapi_dissect_DsReplicaSyncRequest1Info_nc_dn(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) -{ - offset=dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, drsuapi_dissect_DsReplicaSyncRequest1Info_nc_dn); - return offset; -} - int drsuapi_dissect_DsReplicaSyncRequest1Info(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) @@ -6491,6 +6512,10 @@ void proto_register_drsuapi(void) { static hf_register_info hf[] = { + { &hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, + { "nc_dn", "drsuapi.DsReplicaSyncRequest1Info.nc_dn", FT_STRING, BASE_DEC, + NULL, 0, + "", HFILL }}, @@ -6740,11 +6765,6 @@ proto_register_drsuapi(void) NULL, 0, "", HFILL }}, - { &hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, - { "nc_dn", "drsuapi.DsReplicaSyncRequest1Info.nc_dn", FT_UINT16, BASE_DEC, - NULL, 0, - "", HFILL }}, - { &hf_drsuapi_DsReplicaSyncOptions_DRSUAPI_DS_REPLICA_SYNC_ASYNCHRONOUS_OPERATION, { "DRSUAPI_DS_REPLICA_SYNC_ASYNCHRONOUS_OPERATION", "drsuapi.DsReplicaSyncOptions.DRSUAPI_DS_REPLICA_SYNC_ASYNCHRONOUS_OPERATION", FT_BOOLEAN, 32, TFS(&DRSUAPI_DS_REPLICA_SYNC_ASYNCHRONOUS_OPERATION_tfs), 0x00000001, |