From 3ad3db9658ae3fbb1c6c1a91c639a3b44405b7c1 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Sun, 2 Sep 2001 22:49:56 +0000 Subject: Don't attempt to fetch the authentication flavor from a call if it's not available - just mark it as "authentication flavor unknown". Don't dissect the next protocol if the authentication flavor is unknown. This lets us get some more work done on short frames (although if you really want to analyze ONC RPC traffic, you should make the snapshot length large enough to capture enough of the frames). svn path=/trunk/; revision=3891 --- packet-rpc.c | 43 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 8 deletions(-) (limited to 'packet-rpc.c') diff --git a/packet-rpc.c b/packet-rpc.c index f50bc88ea1..fa1927e733 100644 --- a/packet-rpc.c +++ b/packet-rpc.c @@ -2,7 +2,7 @@ * Routines for rpc dissection * Copyright 1999, Uwe Girlich * - * $Id: packet-rpc.c,v 1.65 2001/08/30 18:33:30 guy Exp $ + * $Id: packet-rpc.c,v 1.66 2001/09/02 22:49:56 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -377,6 +377,7 @@ typedef struct _rpc_call_info_value { guint32 prog; guint32 vers; guint32 proc; + gboolean flavor_known; /* true if authentication flavor known */ guint32 flavor; guint32 gss_proc; guint32 gss_svc; @@ -1161,6 +1162,12 @@ dissect_rpc_indir_call(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rpc_call->prog = prog; rpc_call->vers = vers; rpc_call->proc = proc; + + /* + * XXX - what about RPCSEC_GSS? + * Do we have to worry about it? + */ + rpc_call->flavor_known = TRUE; rpc_call->flavor = 0; rpc_call->gss_proc = 0; rpc_call->gss_svc = 0; @@ -1309,6 +1316,7 @@ dissect_rpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) unsigned int prog = 0; unsigned int vers = 0; unsigned int proc = 0; + gboolean flavor_known = FALSE; unsigned int flavor = 0; unsigned int gss_proc = 0; unsigned int gss_svc = 0; @@ -1499,13 +1507,6 @@ dissect_rpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proc = tvb_get_ntohl(tvb, offset+12); - /* Check for RPCSEC_GSS */ - flavor = tvb_get_ntohl(tvb, offset+16); - if (flavor == RPCSEC_GSS) { - gss_proc = tvb_get_ntohl(tvb, offset+28); - gss_svc = tvb_get_ntohl(tvb, offset+36); - } - key.prog = prog; key.vers = vers; key.proc = proc; @@ -1538,6 +1539,16 @@ dissect_rpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) xid); } + /* Check for RPCSEC_GSS */ + if (tvb_bytes_exist(tvb, offset+16, 4)) { + flavor_known = TRUE; + flavor = tvb_get_ntohl(tvb, offset+16); + if (flavor == RPCSEC_GSS) { + gss_proc = tvb_get_ntohl(tvb, offset+28); + gss_svc = tvb_get_ntohl(tvb, offset+36); + } + } + /* Keep track of the address and port whence the call came, and the port to which the call is being sent, so that we can match up calls wityh replies. (We don't worry @@ -1594,6 +1605,7 @@ dissect_rpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) rpc_call->prog = prog; rpc_call->vers = vers; rpc_call->proc = proc; + rpc_call->flavor_known = flavor_known; rpc_call->flavor = flavor; rpc_call->gss_proc = gss_proc; rpc_call->gss_svc = gss_svc; @@ -1618,6 +1630,7 @@ dissect_rpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) prog = rpc_call->prog; vers = rpc_call->vers; proc = rpc_call->proc; + flavor_known = rpc_call->flavor_known; flavor = rpc_call->flavor; gss_proc = rpc_call->gss_proc; gss_svc = rpc_call->gss_svc; @@ -1811,6 +1824,20 @@ dissect_rpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (!proto_is_protocol_enabled(proto)) dissect_function = NULL; + /* + * If we don't know the authentication flavor, we don't know whether + * we have to do any special processing for RPCSEC_GSS, so don't + * process the call or reply. + */ + if (!flavor_known) { + /* + * OK, just report the data as "unknown flavor, can't + * dissect". + */ + proto_tree_add_text(ptree, tvb, offset, tvb_length_remaining(tvb, offset), + "Unknown authentication flavor - cannot dissect"); + return TRUE; + } /* RPCSEC_GSS processing. */ if (flavor == RPCSEC_GSS) { switch (gss_proc) { -- cgit v1.2.3