diff options
| author | Guy Harris <guy@alum.mit.edu> | 2002-10-21 18:07:20 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2002-10-21 18:07:20 +0000 |
| commit | 074e1fe9ca0ec5f83d529b3095108f52e8df0f43 (patch) | |
| tree | ecd1bbd8ee248cd221aab728988cc49ad419e5f0 | |
| parent | 62e7954c94a2d565267a73d9b80646bbbe22b763 (diff) | |
From Ronnie Sahlberg:
Addition of Lookup, Insert and Delete calls.
Changes to make presentation of tower floors nicer.
svn path=/trunk/; revision=6461
| -rw-r--r-- | packet-dcerpc-epm.c | 300 |
1 files changed, 265 insertions, 35 deletions
diff --git a/packet-dcerpc-epm.c b/packet-dcerpc-epm.c index ecacc7f195..48956a9113 100644 --- a/packet-dcerpc-epm.c +++ b/packet-dcerpc-epm.c @@ -2,7 +2,7 @@ * Routines for dcerpc endpoint mapper dissection * Copyright 2001, Todd Sabin <tas@webspan.net> * - * $Id: packet-dcerpc-epm.c,v 1.14 2002/08/28 21:00:09 jmayer Exp $ + * $Id: packet-dcerpc-epm.c,v 1.15 2002/10/21 18:07:20 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -33,15 +33,14 @@ #include <glib.h> #include <epan/packet.h> #include "packet-dcerpc.h" +#include "packet-dcerpc-nt.h" static int proto_epm = -1; static int hf_epm_opnum = -1; static int hf_epm_inquiry_type = -1; -static int hf_epm_object_p = -1; static int hf_epm_object = -1; -static int hf_epm_if_id_p = -1; static int hf_epm_if_id = -1; static int hf_epm_ver_maj = -1; static int hf_epm_ver_min = -1; @@ -55,42 +54,82 @@ static int hf_epm_tower_data = -1; static int hf_epm_max_towers = -1; static int hf_epm_num_towers = -1; static int hf_epm_rc = -1; +static int hf_epm_replace = -1; static int hf_epm_tower_num_floors = -1; static int hf_epm_tower_rhs_len = -1; static int hf_epm_tower_lhs_len = -1; static int hf_epm_tower_proto_id = -1; +static int hf_epm_annotation = -1; +static int hf_epm_ann_offset = -1; +static int hf_epm_ann_len = -1; +static int hf_epm_proto_named_pipes = -1; +static int hf_epm_proto_netbios_name = -1; +static int hf_epm_proto_ip = -1; +static int hf_epm_proto_udp_port = -1; +static int hf_epm_proto_tcp_port = -1; static gint ett_epm = -1; static gint ett_epm_tower_floor = -1; +static gint ett_epm_entry = -1; static e_uuid_t uuid_epm = { 0xe1af8308, 0x5d1f, 0x11c9, { 0x91, 0xa4, 0x08, 0x00, 0x2b, 0x14, 0xa0, 0xfa } }; static guint16 ver_epm = 3; +/* typedef struct { + unsigned int tower_len, + [size_is(tower_len)] char tower[]; + } twr_t, *twr_p_t; +*/ +static int epm_dissect_tower (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep); + + static int -epm_dissect_ept_lookup_rqst (tvbuff_t *tvb, int offset, +epm_dissect_pointer_IF_ID(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) { - guint32 dummy; - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_epm_inquiry_type, NULL); - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_epm_object_p, &dummy); - if (dummy) { - offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, - hf_epm_object, NULL); - } - offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, - hf_epm_if_id_p, &dummy); - if (dummy) { + dcerpc_info *di; + + di=pinfo->private_data; offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, - hf_epm_if_id, NULL); + di->hf_index, NULL); offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep, hf_epm_ver_maj, NULL); offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep, hf_epm_ver_min, NULL); - } + return offset; +} + +static int +epm_dissect_pointer_UUID(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + dcerpc_info *di; + + di=pinfo->private_data; + offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, + di->hf_index, NULL); + return offset; +} + +static int +epm_dissect_ept_lookup_rqst (tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_inquiry_type, NULL); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + epm_dissect_pointer_UUID, NDR_POINTER_PTR, + "Object:", hf_epm_object, 0); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + epm_dissect_pointer_IF_ID, NDR_POINTER_PTR, + "Interface:", hf_epm_if_id, 0); + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_epm_ver_opt, NULL); if (tree) { @@ -106,6 +145,69 @@ epm_dissect_ept_lookup_rqst (tvbuff_t *tvb, int offset, static int +epm_dissect_ept_entry_t(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *parent_tree, + char *drep) +{ + proto_item *item=NULL; + proto_tree *tree=NULL; + int old_offset=offset; + guint32 len; + gint strlen; + dcerpc_info *di; + char *str; + + di=pinfo->private_data; + if(di->conformant_run){ + return offset; + } + + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Entry:"); + tree = proto_item_add_subtree(item, ett_epm_entry); + } + + offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep, + hf_epm_object, NULL); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + epm_dissect_tower, NDR_POINTER_PTR, + "Tower pointer:", -1, 1); + + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_ann_offset, NULL); + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_ann_len, &len); + str=(char *)tvb_get_ptr(tvb, offset, -1); + strlen=len; + strlen=MIN(strlen,tvb_length_remaining(tvb, offset)); + proto_tree_add_item(tree, hf_epm_annotation, tvb, offset, len, TRUE); + offset += len; + + if(str&&str[0]){ + proto_item_append_text(tree, " Service:%*s ", strlen, str); + proto_item_append_text(tree->parent, " Service:%*s ", strlen, str); + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, ", Service:%*s", strlen, str); + } + } + + proto_item_set_len(item, offset-old_offset); + return offset; +} + +static int +epm_dissect_ept_entry_t_array(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, + epm_dissect_ept_entry_t); + + return offset; +} + +static int epm_dissect_ept_lookup_resp (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) @@ -115,7 +217,14 @@ epm_dissect_ept_lookup_resp (tvbuff_t *tvb, int offset, offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_epm_num_ents, NULL); - /* FIXME: more to do here */ + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + epm_dissect_ept_entry_t_array, NDR_POINTER_REF, + "Entries:", -1, 1); + + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_rc, NULL); + return offset; } @@ -146,6 +255,7 @@ static const value_string proto_id_vals[] = { { 0x02, "DNA Session Control"}, { 0x03, "DNA Session Control V3"}, { 0x04, "DNA NSP Transport"}, + { 0x0f, "Named Pipes"}, { 0x10, "Named Pipes"}, { 0x11, "NetBIOS"}, { 0x12, "NetBEUI"}, @@ -193,7 +303,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset, guint8 proto_id; e_uuid_t uuid; - it = proto_tree_add_text(tree, tvb, offset, 0, "Floor %d", i); + it = proto_tree_add_text(tree, tvb, offset, 0, "Floor %d ", i); tr = proto_item_add_subtree(it, ett_epm_tower_floor); len = tvb_get_letohs(tvb, offset); @@ -224,13 +334,33 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset, switch(proto_id){ case 0x07: /* TCP this one is always big endian */ - proto_tree_add_text(tr, tvb, offset, 2, "TCP Port: %d", tvb_get_ntohs(tvb, offset)); + proto_tree_add_item(tr, hf_epm_proto_tcp_port, tvb, offset, 2, FALSE); + proto_item_append_text(tr, "TCP Port:%d", tvb_get_ntohs(tvb, offset)); break; + case 0x08: /* UDP this one is always big endian */ - proto_tree_add_text(tr, tvb, offset, 2, "UDP Port: %d", tvb_get_ntohs(tvb, offset)); + proto_tree_add_item(tr, hf_epm_proto_udp_port, tvb, offset, 2, FALSE); + proto_item_append_text(tr, "UDP Port:%d", tvb_get_ntohs(tvb, offset)); break; + case 0x09: /* IP this one is always big endian */ - proto_tree_add_text(tr, tvb, offset, 4, "IP address: %s", ip_to_str(tvb_get_ptr(tvb, offset, 4))); + proto_tree_add_item(tr, hf_epm_proto_ip, tvb, offset, 4, TRUE); + proto_item_append_text(tr, "IP:%s", ip_to_str(tvb_get_ptr(tvb, offset, 4))); + break; + + case 0x0f: /* \\PIPE\xxx named pipe */ + proto_tree_add_item(tr, hf_epm_proto_named_pipes, tvb, offset, len, TRUE); + proto_item_append_text(tr, "NamedPipe:%*s",MIN(len,tvb_length_remaining(tvb, offset)), tvb_get_ptr(tvb, offset, -1)); + break; + + case 0x10: /* PIPENAME named pipe */ + proto_tree_add_item(tr, hf_epm_proto_named_pipes, tvb, offset, len, TRUE); + proto_item_append_text(tr, "PIPE:%*s",MIN(len,tvb_length_remaining(tvb, offset)), tvb_get_ptr(tvb, offset, -1)); + break; + + case 0x11: /* \\NETBIOS netbios name */ + proto_tree_add_item(tr, hf_epm_proto_netbios_name, tvb, offset, len, TRUE); + proto_item_append_text(tr, "NetBIOS:%*s",MIN(len,tvb_length_remaining(tvb, offset)), tvb_get_ptr(tvb, offset, -1)); break; default: if(len){ @@ -352,10 +482,95 @@ epm_dissect_ept_map_resp (tvbuff_t *tvb, int offset, return offset; } +static int +epm_dissect_ept_entry_t_ucarray(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, + epm_dissect_ept_entry_t); + + return offset; +} + +static int +epm_dissect_ept_insert_rqst (tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + /* [in, out] ept_lookup_handle_t *entry_handle */ + offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep, + hf_epm_hnd, NULL); + + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_num_ents, NULL); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + epm_dissect_ept_entry_t_ucarray, NDR_POINTER_REF, + "Entries:", -1, 1); + + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_replace, NULL); + + return offset; +} + + + +static int +epm_dissect_ept_insert_resp (tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + /* [out] error_status_t *status */ + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_rc, NULL); + + return offset; +} + + +static int +epm_dissect_ept_delete_rqst (tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep, + hf_epm_hnd, NULL); + + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_num_ents, NULL); + + offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, + epm_dissect_ept_entry_t_ucarray, NDR_POINTER_REF, + "Entries:", -1, 1); + + return offset; +} + + + +static int +epm_dissect_ept_delete_resp (tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, + char *drep) +{ + /* [out] error_status_t *status */ + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, + hf_epm_rc, NULL); + + return offset; +} + + static dcerpc_sub_dissector epm_dissectors[] = { - { 0, "ept_insert", NULL, NULL }, - { 1, "ept_delete", NULL, NULL }, - { 2, "ept_lookup", + { 0, "Insert", + epm_dissect_ept_insert_rqst, + epm_dissect_ept_insert_resp }, + { 1, "Delete", + epm_dissect_ept_delete_rqst, + epm_dissect_ept_delete_resp }, + { 2, "Lookup", epm_dissect_ept_lookup_rqst, epm_dissect_ept_lookup_resp }, { 3, "Map", @@ -368,10 +583,10 @@ static dcerpc_sub_dissector epm_dissectors[] = { }; static const value_string epm_opnum_vals[] = { - { 0, "insert" }, - { 1, "delete" }, - { 2, "lookup" }, - { 3, "map" }, + { 0, "Insert" }, + { 1, "Delete" }, + { 2, "Lookup" }, + { 3, "Map" }, { 4, "lookup_handle_free" }, { 5, "inq_object" }, { 6, "mgmt_delete" }, @@ -387,12 +602,8 @@ proto_register_epm (void) VALS(epm_opnum_vals), 0x0, "Operation", HFILL }}, { &hf_epm_inquiry_type, { "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, - { &hf_epm_object_p, - { "Object pointer", "epm.object_p", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_epm_object, { "Object", "epm.object", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, - { &hf_epm_if_id_p, - { "Interface pointer", "epm.if_id_p", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_epm_if_id, { "Interface", "epm.if_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_epm_ver_maj, @@ -409,6 +620,12 @@ proto_register_epm (void) { "Num entries", "epm.num_ents", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_epm_uuid, { "UUID", "epm.uuid", FT_STRING, BASE_NONE, NULL, 0x0, "UUID", HFILL }}, + { &hf_epm_annotation, + { "Annotation", "epm.annotation", FT_STRING, BASE_NONE, NULL, 0x0, "Annotation", HFILL }}, + { &hf_epm_proto_named_pipes, + { "Named Pipe", "epm.proto.named_pipe", FT_STRING, BASE_NONE, NULL, 0x0, "Name of the named pipe for this service", HFILL }}, + { &hf_epm_proto_netbios_name, + { "NetBIOS Name", "epm.proto.netbios_name", FT_STRING, BASE_NONE, NULL, 0x0, "NetBIOS name where this service can be found", HFILL }}, { &hf_epm_tower_length, { "Length", "epm.tower.len", FT_UINT32, BASE_DEC, NULL, 0x0, "Length of tower data", HFILL }}, { &hf_epm_tower_data, @@ -417,21 +634,34 @@ proto_register_epm (void) { "Max Towers", "epm.max_towers", FT_UINT32, BASE_DEC, NULL, 0x0, "Maximum number of towers to return", HFILL }}, { &hf_epm_num_towers, { "Num Towers", "epm.num_towers", FT_UINT32, BASE_DEC, NULL, 0x0, "Number number of towers to return", HFILL }}, + { &hf_epm_ann_offset, + { "Annotation offset", "epm.ann_offset", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_epm_ann_len, + { "Annotation length", "epm.ann_len", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_epm_rc, { "Return code", "epm.rc", FT_UINT32, BASE_HEX, NULL, 0x0, "EPM return value", HFILL }}, + { &hf_epm_replace, + { "Replace", "epm.replace", FT_UINT8, BASE_DEC, NULL, 0x0, "Replace existing objects?", HFILL }}, { &hf_epm_tower_num_floors, { "Number of floors", "epm.tower.num_floors", FT_UINT16, BASE_DEC, NULL, 0x0, "Number of floors in tower", HFILL }}, + { &hf_epm_proto_udp_port, + { "UDP Port", "epm.proto.udp_port", FT_UINT16, BASE_DEC, NULL, 0x0, "UDP Port where this service can be found", HFILL }}, + { &hf_epm_proto_tcp_port, + { "TCP Port", "epm.proto.tcp_port", FT_UINT16, BASE_DEC, NULL, 0x0, "TCP Port where this service can be found", HFILL }}, { &hf_epm_tower_rhs_len, { "RHS Length", "epm.tower.rhs.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of RHS data", HFILL }}, { &hf_epm_tower_lhs_len, { "LHS Length", "epm.tower.lhs.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of LHS data", HFILL }}, + { &hf_epm_proto_ip, + { "IP", "epm.proto.ip", FT_IPv4, BASE_NONE, NULL, 0x0, "IP address where service is located", HFILL }}, { &hf_epm_tower_proto_id, { "Protocol", "epm.tower.proto_id", FT_UINT8, BASE_HEX, VALS(proto_id_vals), 0x0, "Protocol identifier", HFILL }} }; static gint *ett[] = { &ett_epm, - &ett_epm_tower_floor + &ett_epm_tower_floor, + &ett_epm_entry }; proto_epm = proto_register_protocol ("DCE/RPC Endpoint Mapper", "EPM", "epm"); proto_register_field_array (proto_epm, hf, array_length (hf)); |