/* packet-ncp.c * Routines for NetWare Core Protocol * Gilbert Ramirez * * $Id: packet-ncp.c,v 1.7 1998/11/17 04:28:59 gerald Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #include #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif #include "ethereal.h" #include "packet.h" #include "packet-ipx.h" #include "packet-ncp.h" /* The information in this module comes from: NetWare LAN Analysis, Second Edition Laura A. Chappell and Dan E. Hakes (c) 1994 Novell, Inc. Novell Press, San Jose. ISBN: 0-7821-1362-1 And from the ncpfs source code by Volker Lendecke */ static value_string request_reply_values[] = { { 0x1111, "Create a service connection" }, { 0x2222, "Service request" }, { 0x3333, "Service reply" }, { 0x5555, "Destroy service connection" }, { 0x7777, "Burst mode transfer" }, { 0x9999, "Request being processed" }, { 0x0000, NULL } }; static value_string ncp2222_func[] = { { 17, "Print and Queue Services" }, { 21, "Message Services" }, { 22, "File and Directory Services" }, { 23, "Binding and Rights Services" }, { 34, "Transaction Tacking Services" }, { 35, "Apple File Services" }, { 72, "File Services" }, /* guess */ { 86, "Extended Attributes Services" }, { 87, "File and Directory Services" }, { 88, "Auditing Services" }, { 104, "Netware Directory Services" }, { 123, "Netware 4.x Statistical Information Services" }, { 0, NULL } }; static char* ncp2222_subfunc(u_short func, u_short subfunc) { value_string *info_ptr = NULL; /* Accounting Services */ static value_string ncp_23[] = { { 150, "Get Current Account Status" }, { 151, "Submit Account Charge" }, { 152, "Submit Account Hold" }, { 153, "Submit Account Note" }, { 0, NULL } }; /* Apple File Services */ static value_string ncp_35[] = { { 1, "AFP Create Directory" }, { 2, "AFP Create File" }, { 3, "AFP Delete" }, { 4, "AFP Get Entry ID from Name" }, { 5, "AFP Get File Information" }, { 6, "AFP Get Entry ID From NetWare Handle" }, { 7, "AFP Rename" }, { 8, "AFP Open File Fork" }, { 9, "AFP Set File Information" }, { 10, "AFP Scan File Information" }, { 11, "AFP 2.0 Alloc Temporary Directory Handle" }, { 12, "AFP Get Entry ID from Name Path" }, { 13, "AFP 2.0 Create Directory" }, { 14, "AFP 2.0 Create File" }, /* ??? { 15, "AFP 2.0 Delete File" }, just guessing */ { 16, "AFP 2.0 Set File Information" }, { 17, "AFP 2.0 Scan File Information" }, { 18, "AFP Get DOS Name from Entry ID" }, { 19, "AFP Get Macintosh Info on Deleted File" }, { 0, NULL } }; /* File services */ /* guess */ static value_string ncp_72[] = { { 0xbb, "Read" }, { 0, NULL } }; /* Auditing Services */ static value_string ncp_88[] = { { 1, "Query Volume Audit Status" }, { 2, "Add Audit Property" }, { 3, "Add Auditor Access" }, { 0, NULL } }; switch (func) { case 23: info_ptr = ncp_23; break; case 35: info_ptr = ncp_35; break; case 72: info_ptr = ncp_72; break; case 88: info_ptr = ncp_88; break; default: return "Unknown function"; } return val_to_str(subfunc, info_ptr, "Unknown"); } void ncp_read(GtkWidget *tree, const u_char *pd, int offset) { struct ncp_read_header header; memcpy(header.handle, &pd[offset], 6); header.offset = pntohl(&pd[offset+6]); header.bytes = pntohs(&pd[offset+10]); add_item_to_tree(tree, offset, 6, "File Handle: 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X ", header.handle[0], header.handle[1], header.handle[2], header.handle[3], header.handle[4], header.handle[5]); add_item_to_tree(tree, offset+6, 4, "Starting Offset: %d", header.offset); add_item_to_tree(tree, offset+10, 2, "Bytes to Read: %d", header.bytes); } void dissect_ncp(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) { GtkWidget *ncp_tree, *ti; guint16 ncp_type; int ncp_hdr; struct ncp_common_header header; struct ncp_request_header request; struct ncp_reply_header reply; char *ncp_type_text[] = { "Unknown", "Request", "Reply" }; ncp_type = pntohs(&pd[offset]); header.type = ncp_type; header.sequence = pd[offset+2]; header.conn_low = pd[offset+3]; header.task = pd[offset+4]; header.conn_high = pd[offset+5]; if (ncp_type == 0x1111 || ncp_type == 0x2222 || ncp_type == 0x5555 || ncp_type == 0x7777) { ncp_hdr = 7; request.function = pd[offset+6]; } else if (ncp_type == 0x3333 || ncp_type == 0x9999) { ncp_hdr = 8; reply.completion_code = pd[offset+6]; reply.connection_state = pd[offset+7]; } else { ncp_hdr = 6; /* in order to get ncp_type_text[0] */ } if (check_col(fd, COL_PROTOCOL)) col_add_str(fd, COL_PROTOCOL, "NCP"); if (check_col(fd, COL_INFO)) /* I take advantage of the ncp_hdr length to use as an index into * ncp_type_text[]. Ugly hack, but quick. */ col_add_fstr(fd, COL_INFO, "%s", ncp_type_text[ncp_hdr - 6]); if (tree) { ti = add_item_to_tree(GTK_WIDGET(tree), offset, END_OF_FRAME, "NetWare Core Protocol"); ncp_tree = gtk_tree_new(); add_subtree(ti, ncp_tree, ETT_NCP); add_item_to_tree(ncp_tree, offset, 2, "Type: %s", val_to_str( header.type, request_reply_values, "Unknown (%04X)")); add_item_to_tree(ncp_tree, offset+2, 1, "Sequence Number: %d", header.sequence); add_item_to_tree(ncp_tree, offset+3, 1, "Connection Number Low: %d", header.conn_low); add_item_to_tree(ncp_tree, offset+4, 1, "Task Number: %d", header.task); add_item_to_tree(ncp_tree, offset+5, 1, "Connection Number High: %d", header.conn_high); if (ncp_hdr == 8) { add_item_to_tree(ncp_tree, offset+6, 1, "Completion Code: %d", reply.completion_code); add_item_to_tree(ncp_tree, offset+7, 1, "Connection Status: %d", reply.connection_state); } else { add_item_to_tree(ncp_tree, offset+6, 1, "Function Code: %s (%d)", match_strval(request.function, ncp2222_func), request.function); } offset += ncp_hdr; if (ncp_type == 0x2222) { /* my offset is different now */ add_item_to_tree(ncp_tree, offset, 1, "Subfunction Code: %s (%d)", ncp2222_subfunc(pd[offset-1], pd[offset]), pd[offset]); if (request.function == 0x48) { ncp_read(ncp_tree, pd, offset+1); } else { dissect_data(pd, offset, fd, tree); } } else { dissect_data(pd, offset, fd, tree); } } }