/* * packet-winsrepl.c * * Routines for WINS Replication packet dissection * * Copyright 2005 Stefan Metzmacher * * $Id$ * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #include #include #include #include #include #include #include #include #include #include #include "packet-windows-common.h" #include "packet-netbios.h" #include "packet-tcp.h" static gboolean winsrepl_reassemble = TRUE; static int proto_winsrepl = -1; static int hf_winsrepl_size = -1; static int hf_winsrepl_opcode = -1; static int hf_winsrepl_assoc_ctx = -1; static int hf_winsrepl_mess_type = -1; static int hf_winsrepl_start_minor_version = -1; static int hf_winsrepl_start_major_version = -1; static int hf_winsrepl_stop_reason = -1; static int hf_winsrepl_replication_command = -1; static int hf_winsrepl_owner_address = -1; static int hf_winsrepl_owner_max_version = -1; static int hf_winsrepl_owner_min_version = -1; static int hf_winsrepl_owner_type = -1; static int hf_winsrepl_table_partner_count = -1; static int hf_winsrepl_table_initiator = -1; static int hf_winsrepl_ip_owner = -1; static int hf_winsrepl_ip_ip = -1; static int hf_winsrepl_addr_list_num_ips = -1; static int hf_winsrepl_name_len = -1; static int hf_winsrepl_name_flags = -1; static int hf_winsrepl_name_flags_rectype = -1; static int hf_winsrepl_name_flags_recstate = -1; static int hf_winsrepl_name_flags_local = -1; static int hf_winsrepl_name_flags_hosttype = -1; static int hf_winsrepl_name_flags_static = -1; static int hf_winsrepl_name_group_flag = -1; static int hf_winsrepl_name_version_id = -1; static int hf_winsrepl_name_unknown = -1; static int hf_winsrepl_reply_num_names = -1; static gint ett_winsrepl = -1; static gint ett_winsrepl_start = -1; static gint ett_winsrepl_stop = -1; static gint ett_winsrepl_replication = -1; static gint ett_winsrepl_owner = -1; static gint ett_winsrepl_table_reply = -1; static gint ett_winsrepl_ip = -1; static gint ett_winsrepl_addr_list = -1; static gint ett_winsrepl_name = -1; static gint ett_winsrepl_send_reply = -1; static gint ett_winsrepl_flags = -1; #define WINS_REPLICATION_PORT ( 42 ) #define WREPL_OPCODE_BITS ( 0x7800 ) enum wrepl_replication_cmd { WREPL_REPL_TABLE_QUERY=0, WREPL_REPL_TABLE_REPLY=1, WREPL_REPL_SEND_REQUEST=2, WREPL_REPL_SEND_REPLY=3, WREPL_REPL_UPDATE=4, WREPL_REPL_UPDATE2=5, WREPL_REPL_INFORM=8, WREPL_REPL_INFORM2=9 }; enum wrepl_mess_type { WREPL_START_ASSOCIATION=0, WREPL_START_ASSOCIATION_REPLY=1, WREPL_STOP_ASSOCIATION=2, WREPL_REPLICATION=3 }; static unsigned int glb_winsrepl_tcp_port = WINS_REPLICATION_PORT; static const value_string replication_cmd_vals[] = { {WREPL_REPL_TABLE_QUERY, "WREPL_REPL_TABLE_QUERY"}, {WREPL_REPL_TABLE_REPLY, "WREPL_REPL_TABLE_REPLY"}, {WREPL_REPL_SEND_REQUEST, "WREPL_REPL_SEND_REQUEST"}, {WREPL_REPL_SEND_REPLY, "WREPL_REPL_SEND_REPLY"}, {WREPL_REPL_UPDATE, "WREPL_REPL_UPDATE"}, {WREPL_REPL_UPDATE2, "WREPL_REPL_UPDATE2"}, {WREPL_REPL_INFORM, "WREPL_REPL_INFORM"}, {WREPL_REPL_INFORM2, "WREPL_REPL_INFORM2"}, {0, NULL} }; static const value_string message_type_vals[] = { {WREPL_START_ASSOCIATION, "WREPL_START_ASSOCIATION"}, {WREPL_START_ASSOCIATION_REPLY, "WREPL_START_ASSOCIATION_REPLY"}, {WREPL_STOP_ASSOCIATION, "WREPL_STOP_ASSOCIATION"}, {WREPL_REPLICATION, "WREPL_REPLICATION"}, {0, NULL} }; #define WREPL_NAME_TYPE_MASK 0x03 #define WREPL_NAME_TYPE_UNIQUE 0x00 #define WREPL_NAME_TYPE_NORMAL_GROUP 0x01 #define WREPL_NAME_TYPE_SPECIAL_GROUP 0x02 #define WREPL_NAME_TYPE_MULTIHOMED 0x03 static const value_string rectype_vals[] = { {WREPL_NAME_TYPE_UNIQUE, "Unique"}, {WREPL_NAME_TYPE_NORMAL_GROUP, "Normal group"}, {WREPL_NAME_TYPE_SPECIAL_GROUP, "Speical group"}, {WREPL_NAME_TYPE_MULTIHOMED, "Multihomed"}, {0, NULL} }; static const value_string recstate_vals[] = { {0x00, "Active"}, {0x01, "Released"}, {0x02, "Tombstoned"}, {0x03, "Deleted"}, {0, NULL} }; static const value_string hosttype_vals[] = { {0x00, "B-node"}, {0x01, "P-node"}, {0x02, "M-node"}, {0x03, "H-node"}, {0, NULL} }; static int dissect_winsrepl_start(tvbuff_t *winsrepl_tvb, _U_ packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { proto_item *start_item = NULL; proto_tree *start_tree = NULL; if (winsrepl_tree) { start_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, -1 , "WREPL_START_ASSOCIATION"); start_tree = proto_item_add_subtree(start_item, ett_winsrepl_start); } /* ASSOC_CTX */ proto_tree_add_item(start_tree, hf_winsrepl_assoc_ctx, winsrepl_tvb, winsrepl_offset, 4, FALSE); winsrepl_offset += 4; /* MINOR VERSION */ proto_tree_add_item(start_tree, hf_winsrepl_start_minor_version, winsrepl_tvb, winsrepl_offset, 2, FALSE); winsrepl_offset += 2; /* MAJOR VERSION */ proto_tree_add_item(start_tree, hf_winsrepl_start_major_version, winsrepl_tvb, winsrepl_offset, 2, FALSE); winsrepl_offset += 2; return winsrepl_offset; } static int dissect_winsrepl_stop(tvbuff_t *winsrepl_tvb, _U_ packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { guint32 reason; proto_item *stop_item = NULL; proto_tree *stop_tree = NULL; if (winsrepl_tree) { stop_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, -1 , "WREPL_STOP_ASSOCIATION"); stop_tree = proto_item_add_subtree(stop_item, ett_winsrepl_stop); } /* REASON */ reason = tvb_get_ntohl(winsrepl_tvb, winsrepl_offset); proto_tree_add_uint(stop_tree, hf_winsrepl_stop_reason, winsrepl_tvb, winsrepl_offset, 4, reason); winsrepl_offset += 4; proto_item_append_text(stop_item, ", Reason: 0x%08X", reason); return winsrepl_offset; } static int dissect_winsrepl_table_query(tvbuff_t *winsrepl_tvb _U_, packet_info *pinfo _U_, int winsrepl_offset, proto_tree *winsrepl_tree _U_) { /* Nothing to do here */ return winsrepl_offset; } static int dissect_winsrepl_wins_owner(tvbuff_t *winsrepl_tvb, _U_ packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree, proto_tree *sub_tree, guint32 index) { proto_item *owner_item = NULL; proto_tree *owner_tree = NULL; if (sub_tree) { owner_item = proto_tree_add_text(sub_tree, winsrepl_tvb, winsrepl_offset, 24 , "WINS Owner [%u]", index); owner_tree = proto_item_add_subtree(owner_item, ett_winsrepl_owner); } else if (winsrepl_tree) { owner_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, 24 , "WINS Owner"); owner_tree = proto_item_add_subtree(owner_item, ett_winsrepl_owner); } /* ADDRESS */ proto_tree_add_item(owner_tree, hf_winsrepl_owner_address, winsrepl_tvb, winsrepl_offset, 4, FALSE); winsrepl_offset += 4; /* MAX_VERSION */ proto_tree_add_item(owner_tree, hf_winsrepl_owner_max_version, winsrepl_tvb, winsrepl_offset, 8, FALSE); winsrepl_offset += 8; /* MIN_VERSION */ proto_tree_add_item(owner_tree, hf_winsrepl_owner_min_version, winsrepl_tvb, winsrepl_offset, 8, FALSE); winsrepl_offset += 8; /* TYPE */ proto_tree_add_item(owner_tree, hf_winsrepl_owner_type, winsrepl_tvb, winsrepl_offset, 4, FALSE); winsrepl_offset += 4; return winsrepl_offset; } static int dissect_winsrepl_table_reply(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { proto_item *table_item = NULL; proto_tree *table_tree = NULL; guint32 partner_count; guint32 i; if (winsrepl_tree) { table_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, -1 , "WREPL_REPL_TABLE_REPLY"); table_tree = proto_item_add_subtree(table_item, ett_winsrepl_table_reply); } /* PARTNER COUNT */ partner_count = tvb_get_ntohl(winsrepl_tvb, winsrepl_offset); proto_tree_add_uint(table_tree, hf_winsrepl_table_partner_count, winsrepl_tvb, winsrepl_offset, 4, partner_count); winsrepl_offset += 4; for (i=0; i < partner_count; i++) { winsrepl_offset = dissect_winsrepl_wins_owner(winsrepl_tvb, pinfo, winsrepl_offset, table_tree, table_tree, i); } /* INITIATOR */ proto_tree_add_item(table_tree, hf_winsrepl_table_initiator, winsrepl_tvb, winsrepl_offset, 4, FALSE); winsrepl_offset += 4; return winsrepl_offset; } static int dissect_winsrepl_send_request(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { winsrepl_offset = dissect_winsrepl_wins_owner(winsrepl_tvb, pinfo, winsrepl_offset, winsrepl_tree, NULL, 0); return winsrepl_offset; } static int dissect_winsrepl_wins_ip(tvbuff_t *winsrepl_tvb, _U_ packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree, guint32 *addr, proto_tree *sub_tree, guint32 index) { proto_item *ip_item = NULL; proto_tree *ip_tree = NULL; if (sub_tree) { ip_item = proto_tree_add_text(sub_tree, winsrepl_tvb, winsrepl_offset, 8 , "WINS IP [%u]", index); ip_tree = proto_item_add_subtree(ip_item, ett_winsrepl_ip); } else if (winsrepl_tree) { ip_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, 8 , "WINS IP"); ip_tree = proto_item_add_subtree(ip_item, ett_winsrepl_ip); } /* OWNER */ proto_tree_add_item(ip_tree, hf_winsrepl_ip_owner, winsrepl_tvb, winsrepl_offset, 4, FALSE); winsrepl_offset += 4; /* IP */ *addr = tvb_get_ipv4(winsrepl_tvb, winsrepl_offset); proto_tree_add_ipv4(ip_tree, hf_winsrepl_ip_ip, winsrepl_tvb, winsrepl_offset, 4, *addr); proto_item_append_text(ip_item, ": %s", ip_to_str((guint8 *)addr)); winsrepl_offset += 4; return winsrepl_offset; } static int dissect_winsrepl_wins_address_list(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree, proto_item *parent_item) { proto_item *addr_list_item = NULL; proto_tree *addr_list_tree = NULL; int old_offset = winsrepl_offset; guint32 num_ips; guint32 ip; guint32 i; if (winsrepl_tree) { addr_list_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, -1 , "WINS Address List"); addr_list_tree = proto_item_add_subtree(addr_list_item, ett_winsrepl_addr_list); } /* NUM_IPS */ num_ips = tvb_get_letohl(winsrepl_tvb, winsrepl_offset); proto_tree_add_uint(addr_list_tree, hf_winsrepl_addr_list_num_ips, winsrepl_tvb, winsrepl_offset, 4, num_ips); winsrepl_offset += 4; for (i=0; i < num_ips; i++) { winsrepl_offset = dissect_winsrepl_wins_ip(winsrepl_tvb, pinfo, winsrepl_offset, addr_list_tree, &ip, addr_list_tree, i); if (i == 0) { proto_item_append_text(parent_item, ": %s", ip_to_str((guint8 *)&ip)); proto_item_append_text(addr_list_item, ": %s", ip_to_str((guint8 *)&ip)); } else { proto_item_append_text(parent_item, ", %s", ip_to_str((guint8 *)&ip)); proto_item_append_text(addr_list_item, ", %s", ip_to_str((guint8 *)&ip)); } } proto_item_set_len(addr_list_item, winsrepl_offset - old_offset); return winsrepl_offset; } static int dissect_winsrepl_wins_name(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree, proto_tree *sub_tree, guint32 index) { proto_item *name_item = NULL; proto_tree *name_tree = NULL; proto_item *flags_item; proto_tree *flags_tree; int old_offset = winsrepl_offset; tvbuff_t *name_tvb = NULL; guint32 name_len; char name_str[(NETBIOS_NAME_LEN - 1)*4 + 1]; int name_type; guint32 flags; guint32 addr; if (sub_tree) { name_item = proto_tree_add_text(sub_tree, winsrepl_tvb, winsrepl_offset, -1 , "WINS Name [%u]", index); name_tree = proto_item_add_subtree(name_item, ett_winsrepl_name); } else if (winsrepl_tree) { name_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, -1 , "WINS Name"); name_tree = proto_item_add_subtree(name_item, ett_winsrepl_name); } /* NAME_LEN */ name_len = tvb_get_ntohl(winsrepl_tvb, winsrepl_offset); if ((gint) name_len < 1) { proto_tree_add_text(name_tree, winsrepl_tvb, winsrepl_offset, 4, "Bad name length: %u", name_len); THROW(ReportedBoundsError); } proto_tree_add_uint(name_tree, hf_winsrepl_name_len, winsrepl_tvb, winsrepl_offset, 4, name_len); winsrepl_offset += 4; /* NAME: TODO! */ /* * XXX - apparently, according to the Samba code for handling * WINS replication, there's a bug in a lot of versions of Windows, * including W2K SP2, wherein the first and last bytes of the * name (the last byte being the name type) are swapped if * the type is 0x1b. I think I've seen this in at least * one capture. */ name_tvb = tvb_new_subset(winsrepl_tvb, winsrepl_offset, name_len, name_len); netbios_add_name("Name", name_tvb, 0, name_tree); name_type = get_netbios_name(name_tvb, 0, name_str, (NETBIOS_NAME_LEN - 1)*4 + 1); proto_item_append_text(name_item, ": %s<%02x>", name_str, name_type); winsrepl_offset += name_len; /* ALIGN to 4 Byte */ winsrepl_offset += ((winsrepl_offset & (4-1)) == 0 ? 0 : (4 - (winsrepl_offset & (4-1)))); /* FLAGS */ /* * XXX - there appear to be more flag bits, but I didn't see * anything in the Samba code about them. */ flags = tvb_get_ntohl(winsrepl_tvb, winsrepl_offset); flags_item = proto_tree_add_uint(name_tree, hf_winsrepl_name_flags, winsrepl_tvb, winsrepl_offset, 4, flags); flags_tree = proto_item_add_subtree(flags_item, ett_winsrepl_flags); proto_tree_add_uint(flags_tree, hf_winsrepl_name_flags_rectype, winsrepl_tvb, winsrepl_offset, 4, flags); proto_tree_add_uint(flags_tree, hf_winsrepl_name_flags_recstate, winsrepl_tvb, winsrepl_offset, 4, flags); proto_tree_add_boolean(flags_tree, hf_winsrepl_name_flags_local, winsrepl_tvb, winsrepl_offset, 4, flags); proto_tree_add_uint(flags_tree, hf_winsrepl_name_flags_hosttype, winsrepl_tvb, winsrepl_offset, 4, flags); proto_tree_add_boolean(flags_tree, hf_winsrepl_name_flags_static, winsrepl_tvb, winsrepl_offset, 4, flags); winsrepl_offset += 4; /* GROUP_FLAG */ /* XXX - is this just a Boolean? */ proto_tree_add_item(name_tree, hf_winsrepl_name_group_flag, winsrepl_tvb, winsrepl_offset, 4, TRUE); winsrepl_offset += 4; /* Version ID */ proto_tree_add_item(name_tree, hf_winsrepl_name_version_id, winsrepl_tvb, winsrepl_offset, 8, FALSE); winsrepl_offset += 8; switch (flags & WREPL_NAME_TYPE_MASK) { case WREPL_NAME_TYPE_UNIQUE: case WREPL_NAME_TYPE_NORMAL_GROUP: /* Single address */ addr = tvb_get_ipv4(winsrepl_tvb, winsrepl_offset); proto_tree_add_ipv4(name_tree, hf_winsrepl_ip_ip, winsrepl_tvb, winsrepl_offset, 4, addr); proto_item_append_text(name_item, ": %s", ip_to_str((guint8 *)&addr)); winsrepl_offset += 4; break; case WREPL_NAME_TYPE_SPECIAL_GROUP: case WREPL_NAME_TYPE_MULTIHOMED: /* Address list */ winsrepl_offset = dissect_winsrepl_wins_address_list(winsrepl_tvb, pinfo, winsrepl_offset, name_tree, name_item); break; } /* UNKNOWN, little or big endian??? */ proto_tree_add_item(name_tree, hf_winsrepl_name_unknown, winsrepl_tvb, winsrepl_offset, 4, FALSE); winsrepl_offset += 4; proto_item_set_len(name_item, winsrepl_offset - old_offset); return winsrepl_offset; } static int dissect_winsrepl_send_reply(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { proto_item *rep_item = NULL; proto_tree *rep_tree = NULL; guint32 num_names; guint32 i; if (winsrepl_tree) { rep_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, -1 , "WREPL_REPL_SEND_REPLY"); rep_tree = proto_item_add_subtree(rep_item, ett_winsrepl_send_reply); } /* NUM NAMES */ num_names = tvb_get_ntohl(winsrepl_tvb, winsrepl_offset); proto_tree_add_uint(rep_tree, hf_winsrepl_reply_num_names, winsrepl_tvb, winsrepl_offset, 4, num_names); winsrepl_offset += 4; for (i=0; i < num_names; i++) { winsrepl_offset = dissect_winsrepl_wins_name(winsrepl_tvb, pinfo, winsrepl_offset, rep_tree, rep_tree, i); } return winsrepl_offset; } static int dissect_winsrepl_update(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { winsrepl_offset = dissect_winsrepl_table_reply(winsrepl_tvb, pinfo, winsrepl_offset, winsrepl_tree); return winsrepl_offset; } static int dissect_winsrepl_update2(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { winsrepl_offset = dissect_winsrepl_table_reply(winsrepl_tvb, pinfo, winsrepl_offset, winsrepl_tree); return winsrepl_offset; } static int dissect_winsrepl_inform(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { winsrepl_offset = dissect_winsrepl_table_reply(winsrepl_tvb, pinfo, winsrepl_offset, winsrepl_tree); return winsrepl_offset; } static int dissect_winsrepl_inform2(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_tree *winsrepl_tree) { winsrepl_offset = dissect_winsrepl_table_reply(winsrepl_tvb, pinfo, winsrepl_offset, winsrepl_tree); return winsrepl_offset; } static int dissect_winsrepl_replication(tvbuff_t *winsrepl_tvb, packet_info *pinfo, int winsrepl_offset, proto_item *winsrepl_item, proto_tree *winsrepl_tree) { proto_item *repl_item = NULL; proto_tree *repl_tree = NULL; enum wrepl_replication_cmd command; if (winsrepl_tree) { repl_item = proto_tree_add_text(winsrepl_tree, winsrepl_tvb, winsrepl_offset, -1 , "WREPL_REPLICATION"); repl_tree = proto_item_add_subtree(repl_item, ett_winsrepl_replication); } /* REPLIICATION_CMD */ command = tvb_get_ntohl(winsrepl_tvb, winsrepl_offset); proto_tree_add_uint(repl_tree, hf_winsrepl_replication_command, winsrepl_tvb, winsrepl_offset, 4, command); winsrepl_offset += 4; switch (command) { case WREPL_REPL_TABLE_QUERY: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_REPL_TABLE_QUERY"); } proto_item_append_text(winsrepl_item, ", WREPL_REPL_TABLE_QUERY"); proto_item_append_text(repl_item, ", WREPL_REPL_TABLE_QUERY"); winsrepl_offset = dissect_winsrepl_table_query(winsrepl_tvb, pinfo, winsrepl_offset, repl_tree); break; case WREPL_REPL_TABLE_REPLY: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_REPL_TABLE_REPLY"); } proto_item_append_text(winsrepl_item, ", WREPL_REPL_TABLE_REPLY"); proto_item_append_text(repl_item, ", WREPL_REPL_TABLE_REPLY"); winsrepl_offset = dissect_winsrepl_table_reply(winsrepl_tvb, pinfo, winsrepl_offset, repl_tree); break; case WREPL_REPL_SEND_REQUEST: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_REPL_SEND_REQUEST"); } proto_item_append_text(winsrepl_item, ", WREPL_REPL_SEND_REQUEST"); proto_item_append_text(repl_item, ", WREPL_REPL_SEND_REQUEST"); winsrepl_offset = dissect_winsrepl_send_request(winsrepl_tvb, pinfo, winsrepl_offset, repl_tree); break; case WREPL_REPL_SEND_REPLY: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_REPL_SEND_REPLY"); } proto_item_append_text(winsrepl_item, ", WREPL_REPL_SEND_REPLY"); proto_item_append_text(repl_item, ", WREPL_REPL_SEND_REPLY"); winsrepl_offset = dissect_winsrepl_send_reply(winsrepl_tvb, pinfo, winsrepl_offset, repl_tree); break; case WREPL_REPL_UPDATE: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_REPL_UPDATE"); } proto_item_append_text(winsrepl_item, ", WREPL_REPL_UPDATE"); proto_item_append_text(repl_item, ", WREPL_REPL_UPDATE"); winsrepl_offset = dissect_winsrepl_update(winsrepl_tvb, pinfo, winsrepl_offset, repl_tree); break; case WREPL_REPL_UPDATE2: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_REPL_UPDATE2"); } proto_item_append_text(winsrepl_item, ",WREPL_REPL_UPDATE2"); proto_item_append_text(repl_item, ",WREPL_REPL_UPDATE2"); winsrepl_offset = dissect_winsrepl_update2(winsrepl_tvb, pinfo, winsrepl_offset, repl_tree); break; case WREPL_REPL_INFORM: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_REPL_INFORM"); } proto_item_append_text(winsrepl_item, ", WREPL_REPL_INFORM"); proto_item_append_text(repl_item, ", WREPL_REPL_INFORM"); winsrepl_offset = dissect_winsrepl_inform(winsrepl_tvb, pinfo, winsrepl_offset, repl_tree); break; case WREPL_REPL_INFORM2: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_REPL_INFORM2"); } proto_item_append_text(winsrepl_item, ", WREPL_REPL_INFORM2"); proto_item_append_text(repl_item, ", WREPL_REPL_INFORM2"); winsrepl_offset = dissect_winsrepl_inform2(winsrepl_tvb, pinfo, winsrepl_offset, repl_tree); break; } return winsrepl_offset; } static void dissect_winsrepl_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) { int offset = 0; proto_item *winsrepl_item = NULL; proto_tree *winsrepl_tree = NULL; enum wrepl_mess_type mess_type; if (check_col(pinfo->cinfo, COL_PROTOCOL)){ col_set_str(pinfo->cinfo, COL_PROTOCOL, "WINS-Replication"); } if (check_col(pinfo->cinfo, COL_INFO)){ col_clear(pinfo->cinfo, COL_INFO); } if (parent_tree) { winsrepl_item = proto_tree_add_item(parent_tree, proto_winsrepl, tvb, offset, -1, FALSE); winsrepl_tree = proto_item_add_subtree(winsrepl_item, ett_winsrepl); } /* SIZE */ proto_tree_add_item(winsrepl_tree, hf_winsrepl_size, tvb, offset, 4, FALSE); offset += 4; /* OPCODE */ proto_tree_add_item(winsrepl_tree, hf_winsrepl_opcode, tvb, offset, 4, FALSE); offset += 4; /* ASSOC_CTX */ proto_tree_add_item(winsrepl_tree, hf_winsrepl_assoc_ctx, tvb, offset, 4, FALSE); offset += 4; /* MESSAGE_TYPE */ mess_type = tvb_get_ntohl(tvb, offset); proto_tree_add_uint(winsrepl_tree, hf_winsrepl_mess_type, tvb, offset, 4, mess_type); offset += 4; switch (mess_type) { case WREPL_START_ASSOCIATION: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_START_ASSOCIATION"); } proto_item_append_text(winsrepl_item, ", WREPL_START_ASSOCIATION"); offset = dissect_winsrepl_start(tvb, pinfo, offset, winsrepl_tree); break; case WREPL_START_ASSOCIATION_REPLY: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_START_ASSOCIATION_REPLY"); } proto_item_append_text(winsrepl_item, ", WREPL_START_ASSOCIATION_REPLY"); offset = dissect_winsrepl_start(tvb, pinfo, offset, winsrepl_tree); break; case WREPL_STOP_ASSOCIATION: if (check_col(pinfo->cinfo, COL_INFO)) { col_set_str(pinfo->cinfo, COL_INFO, "WREPL_STOP_ASSOCIATION"); } proto_item_append_text(winsrepl_item, ", WREPL_STOP_ASSOCIATION"); offset = dissect_winsrepl_stop(tvb, pinfo, offset, winsrepl_tree); break; case WREPL_REPLICATION: offset = dissect_winsrepl_replication(tvb, pinfo, offset, winsrepl_item, winsrepl_tree); break; } return; } static guint get_winsrepl_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) { guint pdu_len; pdu_len=tvb_get_ntohl(tvb, offset); return pdu_len+4; } static void dissect_winsrepl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) { tcp_dissect_pdus(tvb, pinfo, parent_tree, winsrepl_reassemble, 4, get_winsrepl_pdu_len, dissect_winsrepl_pdu); } void proto_register_winsrepl(void) { static hf_register_info hf[] = { { &hf_winsrepl_size, { "Packet Size", "winsrepl.size", FT_UINT32, BASE_DEC, NULL, 0x0, "WINS Replication Packet Size", HFILL }}, { &hf_winsrepl_opcode, { "Opcode", "winsrepl.opcode", FT_UINT32, BASE_HEX, NULL, 0x0, "WINS Replication Opcode", HFILL }}, { &hf_winsrepl_assoc_ctx, { "Assoc_Ctx", "winsrepl.assoc_ctx", FT_UINT32, BASE_HEX, NULL, 0x0, "WINS Replication Assoc_Ctx", HFILL }}, { &hf_winsrepl_mess_type, { "Message_Type", "winsrepl.message_type", FT_UINT32, BASE_DEC, VALS(message_type_vals), 0x0, "WINS Replication Message_Type", HFILL }}, { &hf_winsrepl_start_minor_version, { "Minor Version", "winsrepl.minor_version", FT_UINT16, BASE_DEC, NULL, 0x0, "WINS Replication Minor Version", HFILL }}, { &hf_winsrepl_start_major_version, { "Major Version", "winsrepl.major_version", FT_UINT16, BASE_DEC, NULL, 0x0, "WINS Replication Major Version", HFILL }}, { &hf_winsrepl_stop_reason, { "Reason", "winsrepl.reason", FT_UINT32, BASE_HEX, NULL, 0x0, "WINS Replication Reason", HFILL }}, { &hf_winsrepl_replication_command, { "Replication Command", "winsrepl.repl_cmd", FT_UINT32, BASE_HEX, VALS(replication_cmd_vals), 0x0, "WINS Replication Command", HFILL }}, { &hf_winsrepl_owner_address, { "Owner Address", "winsrepl.owner_address", FT_IPv4, BASE_NONE, NULL, 0x0, "WINS Replication Owner Address", HFILL }}, { &hf_winsrepl_owner_max_version, { "Max Version", "winsrepl.max_version", FT_UINT64, BASE_DEC, NULL, 0x0, "WINS Replication Max Version", HFILL }}, { &hf_winsrepl_owner_min_version, { "Min Version", "winsrepl.min_version", FT_UINT64, BASE_DEC, NULL, 0x0, "WINS Replication Min Version", HFILL }}, { &hf_winsrepl_owner_type, { "Owner Type", "winsrepl.owner_type", FT_UINT32, BASE_DEC, NULL, 0x0, "WINS Replication Owner Type", HFILL }}, { &hf_winsrepl_table_partner_count, { "Partner Count", "winsrepl.partner_count", FT_UINT32, BASE_DEC, NULL, 0x0, "WINS Replication Partner Count", HFILL }}, { &hf_winsrepl_table_initiator, { "Initiator", "winsrepl.initiator", FT_IPv4, BASE_NONE, NULL, 0x0, "WINS Replication Initiator", HFILL }}, { &hf_winsrepl_ip_owner, { "IP Owner", "winsrepl.ip_owner", FT_IPv4, BASE_NONE, NULL, 0x0, "WINS Replication IP Owner", HFILL }}, { &hf_winsrepl_ip_ip, { "IP Address", "winsrepl.ip_address", FT_IPv4, BASE_NONE, NULL, 0x0, "WINS Replication IP Address", HFILL }}, { &hf_winsrepl_addr_list_num_ips, { "Num IPs", "winsrepl.num_ips", FT_UINT32, BASE_DEC, NULL, 0x0, "WINS Replication Num IPs", HFILL }}, { &hf_winsrepl_name_len, { "Name Len", "winsrepl.name_len", FT_UINT32, BASE_DEC, NULL, 0x0, "WINS Replication Name Len", HFILL }}, { &hf_winsrepl_name_flags, { "Name Flags", "winsrepl.name_flags", FT_UINT32, BASE_HEX, NULL, 0x0, "WINS Replication Name Flags", HFILL }}, { &hf_winsrepl_name_flags_rectype, { "Record Type", "winsrepl.name_flags.rectype", FT_UINT32, BASE_HEX, VALS(rectype_vals), 0x00000003, "WINS Replication Name Flags Record Type", HFILL }}, { &hf_winsrepl_name_flags_recstate, { "Record State", "winsrepl.name_flags.recstate", FT_UINT32, BASE_HEX, VALS(recstate_vals), 0x0000000C, "WINS Replication Name Flags Record State", HFILL }}, { &hf_winsrepl_name_flags_local, { "Local", "winsrepl.name_flags.local", FT_BOOLEAN, 32, NULL, 0x00000010, "WINS Replication Name Flags Local Flag", HFILL }}, { &hf_winsrepl_name_flags_hosttype, { "Host Type", "winsrepl.name_flags.hosttype", FT_UINT32, BASE_HEX, VALS(hosttype_vals), 0x00000060, "WINS Replication Name Flags Host Type", HFILL }}, { &hf_winsrepl_name_flags_static, { "Static", "winsrepl.name_flags.static", FT_BOOLEAN, 32, NULL, 0x00000080, "WINS Replication Name Flags Static Flag", HFILL }}, { &hf_winsrepl_name_group_flag, { "Name Group Flag", "winsrepl.name_group_flag", FT_UINT32, BASE_HEX, NULL, 0x0, "WINS Replication Name Group Flag", HFILL }}, { &hf_winsrepl_name_version_id, { "Name Version Id", "winsrepl.name_version_id", FT_UINT64, BASE_DEC, NULL, 0x0, "WINS Replication Name Version Id", HFILL }}, { &hf_winsrepl_name_unknown, { "Unknown IP", "winsrepl.unknown", FT_IPv4, BASE_NONE, NULL, 0x0, "WINS Replication Unknown IP", HFILL }}, { &hf_winsrepl_reply_num_names, { "Num Names", "winsrepl.num_names", FT_UINT32, BASE_DEC, NULL, 0x0, "WINS Replication Num Names", HFILL }}, }; static gint *ett[] = { &ett_winsrepl, &ett_winsrepl_start, &ett_winsrepl_stop, &ett_winsrepl_replication, &ett_winsrepl_owner, &ett_winsrepl_table_reply, &ett_winsrepl_ip, &ett_winsrepl_addr_list, &ett_winsrepl_name, &ett_winsrepl_send_reply, &ett_winsrepl_flags, }; module_t *winsrepl_module; proto_winsrepl = proto_register_protocol("WINS (Windows Internet Name Service) Replication", "WINS-Replication", "winsrepl"); proto_register_subtree_array(ett, array_length(ett)); proto_register_field_array(proto_winsrepl, hf, array_length(hf)); winsrepl_module = prefs_register_protocol(proto_winsrepl, NULL); prefs_register_bool_preference(winsrepl_module, "reassemble", "Reassemble WINS-Replication messages spanning multiple TCP segments", "Whether the WINS-Replication dissector should reassemble messages spanning multiple TCP segments." " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", &winsrepl_reassemble); } void proto_reg_handoff_winsrepl(void) { dissector_handle_t winsrepl_handle; winsrepl_handle = create_dissector_handle(dissect_winsrepl, proto_winsrepl); dissector_add("tcp.port", glb_winsrepl_tcp_port, winsrepl_handle); }