diff options
| author | Gilbert Ramirez <gram@alumni.rice.edu> | 2002-08-23 17:47:31 +0000 |
|---|---|---|
| committer | Gilbert Ramirez <gram@alumni.rice.edu> | 2002-08-23 17:47:31 +0000 |
| commit | 34180e1bf2829b12c4dc8548022a37ba64af9336 (patch) | |
| tree | 97a508856c93b29427970b09a53f33516bd6488e | |
| parent | 3cba66311d634f076b40be37d415c3917a2f97e7 (diff) | |
From Greg Morris:
1. Secret Store Services (NCP 94) (ncp2222.py)
2. NMAS (NCP 92) (ncp2222.py)
3. NDS information in summary screen (packet-ncp.c & packet-ncp2222.inc)
4. Sever broadcast packets (NCP type 0xbbbb) to notify workstation to clear op-lock (packet-ncp.c)
5. Large Internet Packets (LIP) (packet-ncp.c)
6. Unicode Support. (unicode_to_string function in packet-ncp2222.inc & ncp2222.py)
svn path=/trunk/; revision=6069
| -rwxr-xr-x | ncp2222.py | 186 | ||||
| -rw-r--r-- | packet-ncp-int.h | 8 | ||||
| -rw-r--r-- | packet-ncp.c | 101 | ||||
| -rw-r--r-- | packet-ncp2222.inc | 541 |
4 files changed, 729 insertions, 107 deletions
diff --git a/ncp2222.py b/ncp2222.py index 36ec22c117..9f744da0b2 100755 --- a/ncp2222.py +++ b/ncp2222.py @@ -1,5 +1,5 @@ #!/usr/bin/env python - + """ Creates C code from a table of NCP type 0x2222 packet types. (And 0x3333, which are the replies, but the packets are more commonly @@ -24,7 +24,7 @@ http://developer.novell.com/ndk/doc/docui/index.htm#../ncp/ncp__enu/data/ for a badly-formatted HTML version of the same PDF. -$Id: ncp2222.py,v 1.30 2002/06/26 07:29:41 guy Exp $ +$Id: ncp2222.py,v 1.31 2002/08/23 17:47:30 gram Exp $ Copyright (c) 2000-2002 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -57,8 +57,7 @@ packets = [] compcode_lists = None ptvc_lists = None msg = None - - + REC_START = 0 REC_LENGTH = 1 REC_FIELD = 2 @@ -760,7 +759,10 @@ class Type: def NWTime(self): self.special_fmt = "NCP_FMT_NW_TIME" - + + def NWUnicode(self): + self.special_fmt = "NCP_FMT_UNICODE" + def SpecialFmt(self): return self.special_fmt @@ -955,7 +957,7 @@ class val_string(Type): value_repr = self.value_format % 0 result = result + "\t{ %s,\tNULL },\n" % (value_repr) result = result + "};\n" - + REC_VAL_STRING_RES = self.value_format % value return result def ValuesCName(self): @@ -1366,7 +1368,7 @@ CategoryName = stringz("category_name", "Category Name") CCFileHandle = bytes("cc_file_handle", "File Handle", 4) CCFunction = val_string8("cc_function", "OP-Lock Flag", [ [ 0x01, "Clear OP-Lock" ], - [ 0x02, "Achnowledge Callback" ], + [ 0x02, "Acknowledge Callback" ], [ 0x03, "Decline Callback" ], ]) ChangeBits = bitfield16("change_bits", "Change Bits", [ @@ -1784,7 +1786,19 @@ DstQueueID = uint32("dst_queue_id", "Destination Queue ID") DuplicateRepliesSent = uint16("duplicate_replies_sent", "Duplicate Replies Sent") EAAccessFlag = bitfield16("ea_access_flag", "EA Access Flag", [ + bf_boolean16(0x0001, "ea_permanent_memory", "Permanent Memory"), + bf_boolean16(0x0002, "ea_deep_freeze", "Deep Freeze"), + bf_boolean16(0x0004, "ea_in_progress", "In Progress"), + bf_boolean16(0x0008, "ea_header_being_enlarged", "Header Being Enlarged"), + bf_boolean16(0x0010, "ea_new_tally_used", "New Tally Used"), + bf_boolean16(0x0020, "ea_tally_need_update", "Tally Need Update"), + bf_boolean16(0x0040, "ea_score_card_present", "Score Card Present"), bf_boolean16(0x0080, "ea_need_bit_flag", "EA Need Bit Flag"), + bf_boolean16(0x0100, "ea_write_privileges", "Write Privileges"), + bf_boolean16(0x0200, "ea_read_privileges", "Read Privileges"), + bf_boolean16(0x0400, "ea_delete_privileges", "Delete Privileges"), + bf_boolean16(0x0800, "ea_system_ea_only", "System EA Only"), + bf_boolean16(0x1000, "ea_write_in_progress", "Write In Progress"), ]) EABytesWritten = uint32("ea_bytes_written", "Bytes Written") EACount = uint32("ea_count", "Count") @@ -1917,6 +1931,7 @@ EAFlags = val_string16("ea_flags", "EA Flags", [ EAHandle = uint32("ea_handle", "EA Handle") EAHandle.Display("BASE_HEX") EAHandleOrNetWareHandleOrVolume = uint32("ea_handle_or_netware_handle_or_volume", "EAHandle or NetWare Handle or Volume (see EAFlags)") +EAHandleOrNetWareHandleOrVolume.Display("BASE_HEX") EAKey = nstring16("ea_key", "EA Key") EAKeySize = uint32("ea_key_size", "Key Size") EAKeySizeDuplicated = uint32("ea_key_size_duplicated", "Key Size Duplicated") @@ -2857,6 +2872,7 @@ NDSVerb = val_string16("nds_verb", "NDS Verb", [ [ 75, "Low Level Join" ], [ 76, "Abort Low Level Join" ], [ 77, "Get All Servers" ], + [ 255, "EDirectory Call" ], ]) NDSNewVerb = val_string16("nds_new_verb", "NDS Verb", [ ]) @@ -3795,7 +3811,8 @@ TransportType = val_string8("transport_type", "Communications [ 0x06, "Transmission Control Protocol (TCP)" ], ]) TreeLength = uint32("tree_length", "Tree Length") -TreeName = fw_string("tree_name", "Tree Name", 48) +TreeName = nstring32("tree_name", "Tree Name") +TreeName.NWUnicode() TrusteeRights = bitfield16("trustee_rights_low", "Trustee Rights", [ bf_boolean16(0x0001, "trustee_rights_read", "Read"), bf_boolean16(0x0002, "trustee_rights_write", "Write"), @@ -4901,13 +4918,11 @@ PhyLockStruct = struct("phy_lock_struct", [ LockType, ], "Physical Locks") PingVersion9 = struct("ping_version_9", [ - TreeLength, TreeName, ]) PingVersion10 = struct("ping_version_10", [ - TreeLength, - Reserved8, - nstring32("tree_uni_name", "Tree Name" ), + Reserved12, + TreeName, ]) printInfo = struct("print_info_struct", [ PrintFlags, @@ -5197,6 +5212,7 @@ def define_errors(): errors[0x0106] = "Invalid Parameter" errors[0x0107] = "Invalid Number of Minutes to Delay" errors[0x0108] = "Invalid Start or Network Number" + errors[0x0109] = "Cannot Obtain License" errors[0x0200] = "One or more clients in the send list are not logged in" errors[0x0201] = "Queue server cannot attach" @@ -5302,8 +5318,12 @@ def define_errors(): errors[0xa201] = "I/O Lock Error" errors[0xa400] = "Invalid directory rename attempted" + errors[0xa600] = "Auditor Access has been Removed" errors[0xa700] = "Error Auditing Version" + errors[0xa800] = "Invalid Support Module ID" + errors[0xa801] = "No Auditing Access Rights" + errors[0xbe00] = "Invalid Data Stream" errors[0xbf00] = "Requests for this name space are not valid on this volume" @@ -5452,6 +5472,7 @@ def define_errors(): errors[0xfb06] = "Unknown Request" errors[0xfb07] = "Invalid Subfunction Request" errors[0xfb08] = "Attempt to use an invalid parameter (drive number, path, or flag value) during a set drive path call" + errors[0xfb09] = "NMAS not installed on this server, NCP NOT Supported" errors[0xfc00] = "The message queue cannot accept another message" errors[0xfc01] = "The trustee associated with ObjectId does not exist" @@ -5605,9 +5626,14 @@ static int ptvc_struct_int_storage; static int hf_ncp_func = -1; static int hf_ncp_length = -1; static int hf_ncp_subfunc = -1; +static int hf_ncp_fragment_handle = -1; static int hf_ncp_completion_code = -1; static int hf_ncp_connection_status = -1; static int hf_ncp_req_frame_num = -1; +static int hf_ncp_fragment_size = -1; +static int hf_ncp_message_size = -1; +static int hf_ncp_nds_flag = -1; +static int hf_ncp_nds_verb = -1; """ # Look at all packet types in the packets collection, and cull information @@ -5952,7 +5978,22 @@ proto_register_ncp2222(void) { &hf_ncp_completion_code, { "Completion Code", "ncp.completion_code", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }}, - /* + { &hf_ncp_fragment_handle, + { "Fragment Handle", "ncp.ndsfrag", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_ncp_fragment_size, + { "Fragment Size", "ncp.ndsfragsize", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_ncp_message_size, + { "Message Size", "ncp.ndsmessagesize", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, + + { &hf_ncp_nds_flag, + { "Flags", "ncp.ndsflag", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, + + { &hf_ncp_nds_verb, + { "NDS Verb", "ncp.ndsverb", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }}, + + /* * XXX - the page at * * http://www.odyssea.com/whats_new/tcpipnet/tcpipnet.html @@ -6876,10 +6917,29 @@ def define_ncp2222(): rec( 11, 1, SequenceByte ), rec( 12, (1, 255), Path ), ], info_str=(Path, "Scan for Extended Trustees: %s", ", %s")) - pkt.Reply(15, [ + pkt.Reply(91, [ rec( 8, 1, NumberOfEntries, var="x" ), - rec( 9, 4, ObjectID, repeat="x" ), - rec( 13, 2, AccessRightsMaskWord, repeat="x" ), + rec( 9, 4, ObjectID ), + rec( 13, 4, ObjectID ), + rec( 17, 4, ObjectID ), + rec( 21, 4, ObjectID ), + rec( 25, 4, ObjectID ), + rec( 29, 4, ObjectID ), + rec( 33, 4, ObjectID ), + rec( 37, 4, ObjectID ), + rec( 41, 4, ObjectID ), + rec( 45, 4, ObjectID ), + rec( 49, 4, ObjectID ), + rec( 53, 4, ObjectID ), + rec( 57, 4, ObjectID ), + rec( 61, 4, ObjectID ), + rec( 65, 4, ObjectID ), + rec( 69, 4, ObjectID ), + rec( 73, 4, ObjectID ), + rec( 77, 4, ObjectID ), + rec( 81, 4, ObjectID ), + rec( 85, 4, ObjectID ), + rec( 89, 2, AccessRightsMaskWord, repeat="x" ), ]) pkt.CompletionCodes([0x0000, 0x9800, 0x9b00, 0x9c00]) # 2222/1627, 22/39 @@ -7395,7 +7455,7 @@ def define_ncp2222(): rec( 10, 1, RequestCode ), ]) pkt.Reply(8) - pkt.CompletionCodes([0x0000, 0x7a00, 0x7b00, 0x7c00, 0xe000, 0xfb06, 0xfd00]) + pkt.CompletionCodes([0x0000, 0x0109, 0x7a00, 0x7b00, 0x7c00, 0xe000, 0xfb06, 0xfd00]) # 2222/171E, 23/30 pkt = NCP(0x171E, "Set Watchdog Delay Interval", 'file') pkt.Request( 14, [ @@ -7500,7 +7560,7 @@ def define_ncp2222(): rec( 10, 4, ObjectID, BE ), rec( 14, 2, ObjectType, BE ), rec( 16, (1,48), ObjectName ), - ], info_str=(ObjectName, "Scann Bindery Object: %s", ", %s")) + ], info_str=(ObjectName, "Scan Bindery Object: %s", ", %s")) pkt.Reply(65, [ rec( 8, 4, ObjectID, BE ), rec( 12, 2, ObjectType, BE ), @@ -10781,8 +10841,8 @@ def define_ncp2222(): pkt.CompletionCodes([0x0000, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8d00, 0x8f00, 0x9001, 0x9600, 0x9804, 0x9b03, 0x9c03, 0xbf00, 0xfd00, 0xff16]) - # 2222/5720, 87/32 # Tested and fixed on 6-14-02 GM - pkt = NCP(0x5720, "Open/Create File or Subdirectory with Callback", 'file', has_length=0) + # 2222/5720, 87/32 + pkt = NCP(0x5720, "Open/Create File or Subdirectory with Callback", 'file', has_length=0) pkt.Request((30, 284), [ rec( 8, 1, NameSpace ), rec( 9, 1, OpenCreateMode ), @@ -11149,7 +11209,7 @@ def define_ncp2222(): ]) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5802, 8802 pkt = NCP(0x5802, "Add User Audit Property", "auditing", has_length=0) pkt.Request(25, [ @@ -11162,168 +11222,176 @@ def define_ncp2222(): pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5803, 8803 pkt = NCP(0x5803, "Add Auditor Access", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5804, 8804 pkt = NCP(0x5804, "Change Auditor Volume Password", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5805, 8805 pkt = NCP(0x5805, "Check Auditor Access", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5806, 8806 pkt = NCP(0x5806, "Delete User Audit Property", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5807, 8807 pkt = NCP(0x5807, "Disable Auditing On A Volume", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5808, 8808 pkt = NCP(0x5808, "Enable Auditing On A Volume", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5809, 8809 pkt = NCP(0x5809, "Query User Being Audited", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/580A, 88,10 pkt = NCP(0x580A, "Read Audit Bit Map", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/580B, 88,11 pkt = NCP(0x580B, "Read Audit File Configuration Header", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/580D, 88,13 pkt = NCP(0x580D, "Remove Auditor Access", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/580E, 88,14 pkt = NCP(0x580E, "Reset Audit File", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) + + # 2222/580F, 88,15 + pkt = NCP(0x580F, "Auditing NCP", "auditing", has_length=0) + pkt.Request(8) + pkt.Reply(8) + pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, + 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5810, 88,16 pkt = NCP(0x5810, "Write Audit Bit Map", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5811, 88,17 pkt = NCP(0x5811, "Write Audit File Configuration Header", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5812, 88,18 pkt = NCP(0x5812, "Change Auditor Volume Password2", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5813, 88,19 pkt = NCP(0x5813, "Return Audit Flags", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5814, 88,20 pkt = NCP(0x5814, "Close Old Audit File", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5816, 88,22 pkt = NCP(0x5816, "Check Level Two Access", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5817, 88,23 pkt = NCP(0x5817, "Return Old Audit File List", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5818, 88,24 pkt = NCP(0x5818, "Init Audit File Reads", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5819, 88,25 pkt = NCP(0x5819, "Read Auditing File", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/581A, 88,26 pkt = NCP(0x581A, "Delete Old Audit File", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/581E, 88,30 pkt = NCP(0x581E, "Restart Volume auditing", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/581F, 88,31 pkt = NCP(0x581F, "Set Volume Password", "auditing", has_length=0) pkt.Request(8) pkt.Reply(8) pkt.CompletionCodes([0x0000, 0x7300, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, - 0x9804, 0x9b03, 0x9c03, 0xfd00, 0xff16]) + 0x9804, 0x9b03, 0x9c03, 0xa600, 0xa801, 0xfd00, 0xff16]) # 2222/5A01, 90/00 pkt = NCP(0x5A01, "Parse Tree", 'file') pkt.Request(26, [ @@ -11513,6 +11581,12 @@ def define_ncp2222(): pkt.CompletionCodes([0x0000, 0x7e01, 0x8000, 0x8101, 0x8401, 0x8501, 0x8701, 0x8800, 0x8d00, 0x8f00, 0x9001, 0x9600, 0x9804, 0x9b03, 0x9c03, 0xa800, 0xfd00, 0xff16]) + + # 2222/5E, 94 + pkt = NCP(0x5e, "NMAS Communications Packet", 'comm') + pkt.Request(7) + pkt.Reply(8) + pkt.CompletionCodes([0x0000, 0xfb09]) # 2222/61, 97 pkt = NCP(0x61, "Get Big Packet NCP Max Packet Size", 'comm') pkt.Request(10, [ @@ -11562,9 +11636,15 @@ def define_ncp2222(): # 2222/6801, 104/01 pkt = NCP(0x6801, "Ping for NDS NCP", "nds", has_length=0) pkt.Request(8) - pkt.Reply( 10, [ + pkt.Reply(10, [ rec( 8, 2, PingVersion ), + rec( 10, 2, Reserved ), + srec(PingVersion9, req_cond="ncp.ping_version==9"), + srec(PingVersion10, req_cond="ncp.ping_version==10"), + #rec( 12, 4, Reserved4 ), + #rec( 16, (4,48), TreeName ), ]) + pkt.ReqCondSizeVariable() pkt.CompletionCodes([0x0000, 0x8100, 0xfb04, 0xfe0c]) # 2222/6802, 104/02 # @@ -11578,16 +11658,16 @@ def define_ncp2222(): # does only the first one have it? # pkt = NCP(0x6802, "Send NDS Fragmented Request/Reply", "nds", has_length=0) - pkt.Request(26, [ - rec( 8, 4, FraggerHandle ), - rec( 12, 4, FragSize ), - rec( 16, 4, TotalRequest ), - rec( 20, 4, NDSFlags ), - rec( 24, 2, NDSVerb, LE ), + pkt.Request(8) +# rec( 8, 4, FraggerHandle ), +# rec( 12, 4, FragSize ), +# rec( 16, 4, TotalRequest ), +# rec( 20, 4, NDSFlags ), +# rec( 24, 2, NDSVerb, LE ), # rec( 26, 2, Reserved2), # srec(NDS8Struct, req_cond="ncp.nds_verb==0x00fe"), # srec(NDS7Struct, req_cond="ncp.nds_verb!=0x00fe"), - ]) +# ]) pkt.Reply(8) pkt.ReqCondSizeVariable() pkt.CompletionCodes([0x0000]) diff --git a/packet-ncp-int.h b/packet-ncp-int.h index d48f10c605..1bee9bf700 100644 --- a/packet-ncp-int.h +++ b/packet-ncp-int.h @@ -2,7 +2,7 @@ * Structures and functions for NetWare Core Protocol. * Gilbert Ramirez <gram@alumni.rice.edu> * - * $Id: packet-ncp-int.h,v 1.9 2002/05/17 23:17:22 gram Exp $ + * $Id: packet-ncp-int.h,v 1.10 2002/08/23 17:47:31 gram Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -43,6 +43,7 @@ struct _ptvc_record { #define NCP_FMT_NONE 0 #define NCP_FMT_NW_DATE 1 #define NCP_FMT_NW_TIME 2 +#define NCP_FMT_UNICODE 3 struct _sub_ptvc_record { gint *ett; @@ -87,6 +88,9 @@ void dissect_ncp_request(tvbuff_t*, packet_info*, guint16, void dissect_ncp_reply(tvbuff_t *, packet_info*, guint16, guint8, guint16, proto_tree*); +void dissect_nds_request(tvbuff_t*, packet_info*, guint16, + guint8, guint16, proto_tree*); + extern int proto_ncp; extern gint ett_ncp; @@ -100,5 +104,7 @@ extern gint ett_ncp; #define NCP_DEALLOCATE_SLOT 0x5555 #define NCP_BURST_MODE_XFER 0x7777 #define NCP_POSITIVE_ACK 0x9999 +#define NCP_BROADCAST_SLOT 0xbbbb +#define NCP_LIP_ECHO 0x4c69 #endif diff --git a/packet-ncp.c b/packet-ncp.c index 856fd78a10..84662793c0 100644 --- a/packet-ncp.c +++ b/packet-ncp.c @@ -2,8 +2,10 @@ * Routines for NetWare Core Protocol * Gilbert Ramirez <gram@alumni.rice.edu> * Modified to allow NCP over TCP/IP decodes by James Coe <jammer@cin.net> + * Modified to decode server op-lock + * & NDS packets by Greg Morris <gmorris@novell.com> * - * $Id: packet-ncp.c,v 1.65 2002/08/02 23:35:54 jmayer Exp $ + * $Id: packet-ncp.c,v 1.66 2002/08/23 17:47:31 gram Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -24,10 +26,18 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -#ifdef HAVE_CONFIG_H +#ifdef HAVE_CONFIG_H # include "config.h" #endif +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif + +#ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +#endif + #include <string.h> #include <glib.h> #include <epan/packet.h> @@ -64,16 +74,22 @@ static int hf_ncp_data_bytes = -1; static int hf_ncp_missing_fraglist_count = -1; static int hf_ncp_missing_data_offset = -1; static int hf_ncp_missing_data_count = -1; +static int hf_ncp_oplock_flag = -1; +static int hf_ncp_oplock_handle = -1; static int hf_ncp_completion_code = -1; static int hf_ncp_connection_status = -1; static int hf_ncp_slot = -1; static int hf_ncp_control_code = -1; +static int hf_ncp_fragment_handle = -1; +static int hf_lip_echo = -1; + gint ett_ncp = -1; static gint ett_ncp_system_flags = -1; /* desegmentation of NCP over TCP */ static gboolean ncp_desegment = TRUE; +static ncp_nds_true = FALSE; static dissector_handle_t data_handle; @@ -135,7 +151,7 @@ struct ncp_common_header { guint8 conn_low; guint8 task; guint8 conn_high; /* type=0x5555 doesn't have this */ -}; +}; static value_string ncp_type_vals[] = { @@ -144,8 +160,10 @@ static value_string ncp_type_vals[] = { { NCP_SERVICE_REPLY, "Service reply" }, { NCP_WATCHDOG, "Watchdog" }, { NCP_DEALLOCATE_SLOT, "Destroy service connection" }, + { NCP_BROADCAST_SLOT, "Server Broadcast" }, { NCP_BURST_MODE_XFER, "Burst mode transfer" }, { NCP_POSITIVE_ACK, "Request being processed" }, + { NCP_LIP_ECHO, "Large Internet Packet Echo" }, { 0, NULL } }; @@ -174,6 +192,7 @@ dissect_ncp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *flags_tree = NULL; guint16 data_len = 0; guint16 missing_fraglist_count = 0; + guint16 ncp_nds_verb; int hdr_offset = 0; int commhdr; int offset; @@ -254,19 +273,19 @@ dissect_ncp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, */ switch (header.type) { - case NCP_ALLOCATE_SLOT: /* Allocate Slot Request */ - case NCP_SERVICE_REQUEST: /* Server NCP Request */ - case NCP_SERVICE_REPLY: /* Server NCP Reply */ - case NCP_WATCHDOG: /* Watchdog Packet */ - case NCP_DEALLOCATE_SLOT: /* Deallocate Slot Request */ - case NCP_POSITIVE_ACK: /* Positive Acknowledgement */ - default: - proto_tree_add_uint(ncp_tree, hf_ncp_seq, tvb, commhdr + 2, 1, header.sequence); + case NCP_BROADCAST_SLOT: /* Server Broadcast */ + proto_tree_add_uint(ncp_tree, hf_ncp_seq, tvb, commhdr + 2, 1, header.sequence); proto_tree_add_uint(ncp_tree, hf_ncp_connection,tvb, commhdr + 3, 3, nw_connection); proto_tree_add_item(ncp_tree, hf_ncp_task, tvb, commhdr + 4, 1, FALSE); - break; + proto_tree_add_item(ncp_tree, hf_ncp_oplock_flag, tvb, commhdr + 9, 1, FALSE); + proto_tree_add_item(ncp_tree, hf_ncp_oplock_handle, tvb, commhdr + 10, 4, FALSE); + break; - case NCP_BURST_MODE_XFER: /* Packet Burst Packet */ + case NCP_LIP_ECHO: /* Lip Echo Packet */ + proto_tree_add_item(ncp_tree, hf_lip_echo, tvb, commhdr, 13, FALSE); + break; + + case NCP_BURST_MODE_XFER: /* Packet Burst Packet */ /* * XXX - we should keep track of whether there's a burst * outstanding on a connection and, if not, treat the @@ -360,6 +379,18 @@ dissect_ncp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_item(ncp_tree, hf_ncp_missing_fraglist_count, tvb, commhdr + 34, 2, FALSE); break; + + case NCP_SERVICE_REQUEST: /* Server NCP Request */ + case NCP_SERVICE_REPLY: /* Server NCP Reply */ + case NCP_ALLOCATE_SLOT: /* Allocate Slot Request */ + case NCP_WATCHDOG: /* Watchdog Packet */ + case NCP_DEALLOCATE_SLOT: /* Deallocate Slot Request */ + case NCP_POSITIVE_ACK: /* Positive Acknowledgement */ + default: + proto_tree_add_uint(ncp_tree, hf_ncp_seq, tvb, commhdr + 2, 1, header.sequence); + proto_tree_add_uint(ncp_tree, hf_ncp_connection,tvb, commhdr + 3, 3, nw_connection); + proto_tree_add_item(ncp_tree, hf_ncp_task, tvb, commhdr + 4, 1, FALSE); + break; } /* @@ -368,14 +399,30 @@ dissect_ncp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, switch (header.type) { case NCP_ALLOCATE_SLOT: /* Allocate Slot Request */ - case NCP_SERVICE_REQUEST: /* Server NCP Request */ + case NCP_SERVICE_REQUEST: /* Server NCP Request */ case NCP_DEALLOCATE_SLOT: /* Deallocate Slot Request */ + case NCP_BROADCAST_SLOT: /* Server Broadcast Packet */ next_tvb = tvb_new_subset(tvb, hdr_offset, -1, -1); - dissect_ncp_request(next_tvb, pinfo, nw_connection, + if (tvb_get_guint8(tvb, commhdr+6)==0x68) { + ncp_nds_verb = tvb_get_ntohl(tvb, commhdr+4); + if (tvb_get_guint8(tvb, commhdr+7)==0x02) { /* NDS Packet to decode */ + dissect_nds_request(next_tvb, pinfo, nw_connection, + header.sequence, header.type, ncp_tree); + } + else + { + dissect_ncp_request(next_tvb, pinfo, nw_connection, + header.sequence, header.type, ncp_tree); + } + } + else + { + dissect_ncp_request(next_tvb, pinfo, nw_connection, header.sequence, header.type, ncp_tree); + } break; - case NCP_SERVICE_REPLY: /* Server NCP Reply */ + case NCP_SERVICE_REPLY: /* Server NCP Reply */ case NCP_POSITIVE_ACK: /* Positive Acknowledgement */ next_tvb = tvb_new_subset(tvb, hdr_offset, -1, -1); dissect_ncp_reply(next_tvb, pinfo, nw_connection, @@ -441,6 +488,10 @@ dissect_ncp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } break; + case NCP_LIP_ECHO: /* LIP Echo Packet */ + proto_tree_add_text(ncp_tree, tvb, commhdr, -1, + "Lip Echo Packet"); + break; default: if (tree) { proto_tree_add_text(ncp_tree, tvb, commhdr + 6, -1, @@ -534,6 +585,14 @@ proto_register_ncp(void) { "Task Number", "ncp.task", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_ncp_oplock_flag, + { "Oplock Flag", "ncp.oplock_flag", + FT_UINT8, BASE_HEX, NULL, 0x0, + "", HFILL }}, + { &hf_ncp_oplock_handle, + { "File Handle", "ncp.oplock_handle", + FT_UINT16, BASE_HEX, NULL, 0x0, + "", HFILL }}, { &hf_ncp_stream_type, { "Stream Type", "ncp.stream_type", FT_UINT8, BASE_HEX, NULL, 0x0, @@ -618,6 +677,14 @@ proto_register_ncp(void) { "Control Code", "ncp.control_code", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_ncp_fragment_handle, + { "Fragment Handle", "ncp.fragger_hndl", + FT_UINT16, BASE_HEX, NULL, 0x0, + "", HFILL }}, + { &hf_lip_echo, + { "Large Internet Packet Echo", "ncp.lip_echo", + FT_STRING, BASE_NONE, NULL, 0x0, + "", HFILL }}, }; static gint *ett[] = { &ett_ncp, @@ -652,3 +719,5 @@ proto_reg_handoff_ncp(void) data_handle = find_dissector("data"); } + + diff --git a/packet-ncp2222.inc b/packet-ncp2222.inc index 1c17e05c75..76e203aeb8 100644 --- a/packet-ncp2222.inc +++ b/packet-ncp2222.inc @@ -6,8 +6,9 @@ * that all the data tables in packet-ncp2222.c can remain static. * * Gilbert Ramirez <gram@alumni.rice.edu> + * Modified to decode NDS packets by Greg Morris <gmorris@novell.com> * - * $Id: packet-ncp2222.inc,v 1.13 2002/05/16 09:59:52 guy Exp $ + * $Id: packet-ncp2222.inc,v 1.14 2002/08/23 17:47:31 gram Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -243,7 +244,14 @@ get_item_value(proto_item *item) return fvalue_get_integer(PITEM_FINFO(item)->value); } -char* + +char * +get_item_string(proto_item *item) +{ + return fvalue_get(PITEM_FINFO(item)->value); +} + +char * get_item_name(proto_item *item) { return PITEM_FINFO(item)->hfinfo->name; @@ -280,6 +288,11 @@ typedef struct { guint second; } nw_time_t; +typedef struct { + char * buffer; +} nw_uni_t; + + /* Given an integer, fill in a nw_date_t struct. */ static void uint_to_nwdate(guint data, nw_date_t *nwdate) @@ -299,6 +312,31 @@ uint_to_nwtime(guint data, nw_time_t *nwtime) nwtime->hour = ((data & 0xf800) >> 11) + 1; } +static void +unicode_to_string(char * data, nw_uni_t *nw_uni) +{ + guint32 i; + guint16 character; + int offset = 0; + guint32 length = 0; + char * buffer = ""; + + length = strlen(data); + + if (data[1] == 0x00){ + + for (i = 0; i < length; i++) { + character = data[offset]; + buffer[i] = character & 0xff; + offset += 2; + } + } + else + { + buffer = data; + } + nw_uni->buffer = buffer; +} static proto_item* padd_normal(ptvcursor_t *ptvc, const ptvc_record *rec) @@ -349,6 +387,29 @@ padd_time(ptvcursor_t *ptvc, const ptvc_record *rec) } +/* Convert a string from little-endian unicode to ascii. At the moment we + fake it by taking every odd byte. )-: The caller must free the + result returned. */ +static proto_item* +padd_uni(ptvcursor_t *ptvc, const ptvc_record *rec) +{ + proto_item *item; + nw_uni_t nw_uni; + guint offset; + + offset = ptvcursor_current_offset(ptvc); + + item = ptvcursor_add(ptvc, *rec->hf_ptr, + rec->length, rec->endianness); + + unicode_to_string(get_item_string(item), &nw_uni); + + proto_item_set_text(item, get_item_name(item)); + proto_item_append_text(item, " %s", + nw_uni.buffer); + + return item; +} /* Add a value for a ptvc_record, and process the sub-ptvc_record * that it points to. */ @@ -488,6 +549,9 @@ _process_ptvc_record(ptvcursor_t *ptvc, const ptvc_record *rec, case NCP_FMT_NW_TIME: func = padd_time; break; + case NCP_FMT_UNICODE: + func = padd_uni; + break; default: g_assert_not_reached(); } @@ -523,6 +587,9 @@ _process_ptvc_record(ptvcursor_t *ptvc, const ptvc_record *rec, case NCP_FMT_NW_TIME: func = padd_time; break; + case NCP_FMT_UNICODE: + func = padd_uni; + break; default: g_assert_not_reached(); } @@ -591,7 +658,7 @@ ncp_error_string(const error_equivalency *errors, guint8 completion_code) errors++; } - return "Unknown"; + return "Unknown Error Code"; } static const ncp_record ncp1111_request = @@ -602,6 +669,10 @@ static const ncp_record ncp5555_request = { 0x01, 0x00, NO_SUBFUNC, "Destroy Connection Service", NCP_GROUP_CONNECTION, NULL, NULL, ncp_0x2_errors, NULL, NO_REQ_COND_SIZE, NULL }; +static const ncp_record ncpbbbb_request = + { 0x01, 0x00, NO_SUBFUNC, "Server Broadcast Message", NCP_GROUP_CONNECTION, + NULL, NULL, ncp_0x2_errors, NULL, NO_REQ_COND_SIZE, NULL }; + /* Wrapper around proto_tree_free() */ void free_proto_tree(void *tree) { @@ -619,7 +690,7 @@ dissect_ncp_request(tvbuff_t *tvb, packet_info *pinfo, gboolean requires_subfunc; gboolean has_length = TRUE; ncp_req_hash_value *request_value = NULL; - const ncp_record *ncp_rec = NULL; + const ncp_record *ncp_rec = NULL; conversation_t *conversation; ptvcursor_t *ptvc = NULL; proto_tree *temp_tree = NULL; @@ -650,28 +721,31 @@ dissect_ncp_request(tvbuff_t *tvb, packet_info *pinfo, case NCP_DEALLOCATE_SLOT: ncp_rec = &ncp5555_request; break; + case NCP_BROADCAST_SLOT: + ncp_rec = &ncpbbbb_request; + break; default: ncp_rec = NULL; } /* Fill in the INFO column. */ if (check_col(pinfo->cinfo, COL_INFO)) { - if (ncp_rec) { - col_add_fstr(pinfo->cinfo, COL_INFO, "C %s", ncp_rec->name); - } - else { - if (requires_subfunc) { - col_add_fstr(pinfo->cinfo, COL_INFO, - "C Unknown Function %d %d (0x%02X/0x%02x)", - func, subfunc, func, subfunc); - } - else { - col_add_fstr(pinfo->cinfo, COL_INFO, - "C Unknown Function %d (0x%02x)", - func, func); - } - } - } + if (ncp_rec) { + col_add_fstr(pinfo->cinfo, COL_INFO, "C %s", ncp_rec->name); + } + else { + if (requires_subfunc) { + col_add_fstr(pinfo->cinfo, COL_INFO, + "C Unknown Function %d %d (0x%02X/0x%02x)", + func, subfunc, func, subfunc); + } + else { + col_add_fstr(pinfo->cinfo, COL_INFO, + "C Unknown Function %d (0x%02x)", + func, func); + } + } + } if (!pinfo->fd->flags.visited) { /* This is the first time we've looked at this packet. @@ -701,22 +775,22 @@ dissect_ncp_request(tvbuff_t *tvb, packet_info *pinfo, * a proto_tree, then wonderful. If we don't, we need to build * one. */ if (ncp_rec) { - if (ncp_rec->req_cond_indexes) { - run_req_cond = TRUE; - } - /* Only create info string if COL_INFO is available. */ - if (ncp_rec->req_info_str && check_col(pinfo->cinfo, COL_INFO)) { - run_info_str = TRUE; - } - /* We also have to use a tree if we have to construct an info_str */ - if ((run_info_str || run_req_cond) && !ncp_tree) { - proto_item *ti; - - temp_tree = proto_tree_create_root(); - proto_tree_set_visible(temp_tree, FALSE); - ti = proto_tree_add_item(temp_tree, proto_ncp, tvb, 0, -1, FALSE); - ncp_tree = proto_item_add_subtree(ti, ett_ncp); - } + if (ncp_rec->req_cond_indexes) { + run_req_cond = TRUE; + } + /* Only create info string if COL_INFO is available. */ + if (ncp_rec->req_info_str && check_col(pinfo->cinfo, COL_INFO)) { + run_info_str = TRUE; + } + /* We also have to use a tree if we have to construct an info_str */ + if ((run_info_str || run_req_cond) && !ncp_tree) { + proto_item *ti; + + temp_tree = proto_tree_create_root(); + proto_tree_set_visible(temp_tree, FALSE); + ti = proto_tree_add_item(temp_tree, proto_ncp, tvb, 0, -1, FALSE); + ncp_tree = proto_item_add_subtree(ti, ett_ncp); + } } } @@ -757,7 +831,7 @@ dissect_ncp_request(tvbuff_t *tvb, packet_info *pinfo, PT_NCP, nw_connection, nw_connection, 0); switch (type) { - case NCP_ALLOCATE_SLOT: + case NCP_BROADCAST_SLOT: ; /* nothing */ break; @@ -917,6 +991,9 @@ dissect_ncp_reply(tvbuff_t *tvb, packet_info *pinfo, } if (check_col(pinfo->cinfo, COL_INFO)) { + if (ncp_rec && ncp_rec->func==0x68 && ncp_rec->subfunc==0x02){ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "NDS"); + } col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s", type == NCP_SERVICE_REPLY ? "R" : "ACK", error_string); @@ -987,3 +1064,393 @@ dissect_ncp_reply(tvbuff_t *tvb, packet_info *pinfo, } } } + +void +dissect_nds_request(tvbuff_t *tvb, packet_info *pinfo, + guint16 nw_connection, guint8 sequence, + guint16 type, proto_tree *ncp_tree) +{ + guint8 func, subfunc = 0; + ncp_req_hash_value *request_value = NULL; + const ncp_record *ncp_rec = NULL; + conversation_t *conversation; + ptvcursor_t *ptvc = NULL; + proto_tree *temp_tree = NULL; + guint8 nds_verb = 0; + char * verb_string = ""; + guint16 nds_frag = 0; + + func = tvb_get_guint8(tvb, 6); + subfunc = tvb_get_guint8(tvb, 7); + + ncp_rec = ncp_record_find(func, subfunc); + + /* Check to see if this is a fragment packet */ + nds_frag = tvb_get_ntohl(tvb, 8); + + /* Get NDS Verb */ + if (nds_frag == 0xffff) { + nds_verb = tvb_get_guint8(tvb, 24); + if (nds_verb == 0xfe) { + nds_verb = tvb_get_guint8(tvb, 32); + } + switch(nds_verb) { + + case 0x01: + verb_string = "Resolve Name"; + break; + case 0x02: + verb_string = "Read Entry Information"; + break; + case 0x03: + verb_string = "Read"; + break; + case 0x04: + verb_string = "Compare"; + break; + case 0x05: + verb_string = "List"; + break; + case 0x06: + verb_string = "Search Entries"; + break; + case 0x07: + verb_string = "Add Entry"; + break; + case 0x08: + verb_string = "Remove Entry"; + break; + case 0x09: + verb_string = "Modify Entry"; + break; + case 0x0a: + verb_string = "Modify RDN"; + break; + case 0x0b: + verb_string = "Create Attribute"; + break; + case 0x0c: + verb_string = "Read Attribute Definition"; + break; + case 0x0d: + verb_string = "Remove Attribute Definition"; + break; + case 0x0e: + verb_string = "Define Class"; + break; + case 0x0f: + verb_string = "Read Class Definition"; + break; + case 0x10: + verb_string = "Modify Class Definition"; + break; + case 0x11: + verb_string = "Remove Class Definition"; + break; + case 0x12: + verb_string = "List Containable Classes"; + break; + case 0x13: + verb_string = "Get Effective Rights"; + break; + case 0x14: + verb_string = "Add Partition"; + break; + case 0x15: + verb_string = "Remove Partition"; + break; + case 0x16: + verb_string = "List Partitions"; + break; + case 0x17: + verb_string = "Split Partition"; + break; + case 0x18: + verb_string = "Join Partitions"; + break; + case 0x19: + verb_string = "Add Replica"; + break; + case 0x1a: + verb_string = "Remove Replica"; + break; + case 0x1b: + verb_string = "Open Stream"; + break; + case 0x1c: + verb_string = "Search Filter"; + break; + case 0x1d: + verb_string = "Create Subordinate Reference"; + break; + case 0x1e: + verb_string = "Link Replica"; + break; + case 0x1f: + verb_string = "Change Replica Type"; + break; + case 0x20: + verb_string = "Start Update Schema"; + break; + case 0x21: + verb_string = "End Update Schema"; + break; + case 0x22: + verb_string = "Update Schema"; + break; + case 0x23: + verb_string = "Start Update Replica"; + break; + case 0x24: + verb_string = "End Update Replica"; + break; + case 0x25: + verb_string = "Update Replica"; + break; + case 0x26: + verb_string = "Synchronize Partition"; + break; + case 0x27: + verb_string = "Synchronize Schema"; + break; + case 0x28: + verb_string = "Read Syntaxes"; + break; + case 0x29: + verb_string = "Get Replica Root ID"; + break; + case 0x2a: + verb_string = "Begin Move Entry"; + break; + case 0x2b: + verb_string = "Finish Move Entry"; + break; + case 0x2c: + verb_string = "Release Moved Entry"; + break; + case 0x2d: + verb_string = "Backup Entry"; + break; + case 0x2e: + verb_string = "Restore Entry"; + break; + case 0x2f: + verb_string = "Save DIB"; + break; + case 0x30: + verb_string = "Control"; + break; + case 0x31: + verb_string = "Remove Backlink"; + break; + case 0x32: + verb_string = "Close Iteration"; + break; + case 0x33: + verb_string = "Mutate Entry"; + break; + case 0x34: + verb_string = "Audit Skulking"; + break; + case 0x35: + verb_string = "Get Server Address"; + break; + case 0x36: + verb_string = "Set Keys"; + break; + case 0x37: + verb_string = "Change Password"; + break; + case 0x38: + verb_string = "Verify Password"; + break; + case 0x39: + verb_string = "Begin Login"; + break; + case 0x3a: + verb_string = "Finish Login"; + break; + case 0x3b: + verb_string = "Begin Authentication"; + break; + case 0x3c: + verb_string = "Finish Authentication"; + break; + case 0x3d: + verb_string = "Logout"; + break; + case 0x3e: + verb_string = "Repair Ring"; + break; + case 0x3f: + verb_string = "Repair Timestamps"; + break; + case 0x40: + verb_string = "Create Back Link"; + break; + case 0x41: + verb_string = "Delete External Reference"; + break; + case 0x42: + verb_string = "Rename External Reference"; + break; + case 0x43: + verb_string = "Create Directory Entry"; + break; + case 0x44: + verb_string = "Remove Directory Entry"; + break; + case 0x45: + verb_string = "Designate New Master"; + break; + case 0x46: + verb_string = "Change Tree Name"; + break; + case 0x47: + verb_string = "Partition Entry Count"; + break; + case 0x48: + verb_string = "Check Login Restrictions"; + break; + case 0x49: + verb_string = "Start Join"; + break; + case 0x4a: + verb_string = "Low Level Split"; + break; + case 0x4b: + verb_string = "Low Level Join"; + break; + case 0x4c: + verb_string = "Abort Low Level Join"; + break; + case 0x4d: + verb_string = "Get All Servers"; + break; + default: + verb_string = "NDS Continuation Fragment"; + } + } + /* Fill in the INFO column. */ + if (check_col(pinfo->cinfo, COL_INFO)) { + if (ncp_rec) { + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "NDS"); + if (nds_frag != 0xffff) { + col_add_fstr(pinfo->cinfo, COL_INFO, "Continuation Fragment"); + } + else { + col_add_fstr(pinfo->cinfo, COL_INFO, "C NDS %s", verb_string); + } + } + else { + col_add_fstr(pinfo->cinfo, COL_INFO, + "C Unknown Function %d (0x%02x)", + func, func); + } + + } + if (!pinfo->fd->flags.visited) { + + /* This is the first time we've looked at this packet. + Keep track of the address and connection whence the request + came, and the address and connection to which the request + is being sent, so that we can match up calls with replies. + (We don't include the sequence number, as we may want + to have all packets over the same connection treated + as being part of a single conversation so that we can + let the user select that conversation to be displayed.) */ + + conversation = find_conversation(&pinfo->src, &pinfo->dst, + PT_NCP, nw_connection, nw_connection, 0); + + if (conversation == NULL) { + /* It's not part of any conversation - create a new one. */ + conversation = conversation_new(&pinfo->src, &pinfo->dst, + PT_NCP, nw_connection, nw_connection, 0); + } + + request_value = ncp_hash_insert(conversation, sequence, ncp_rec); + request_value->req_frame_num = pinfo->fd->num; + + /* If this is the first time we're examining the packet, + * check to see if this NCP type uses a "request condition". + * If so, we have to build a proto_tree because request conditions + * use display filters to work, and without a proto_tree, + * display filters can't possibly work. If we already have + * a proto_tree, then wonderful. If we don't, we need to build + * one. */ + if (ncp_rec) { + proto_item *ti; + + temp_tree = proto_tree_create_root(); + proto_tree_set_visible(temp_tree, FALSE); + ti = proto_tree_add_item(temp_tree, proto_ncp, tvb, 0, -1, FALSE); + ncp_tree = proto_item_add_subtree(ti, ett_ncp); + } + } + + if (ncp_tree) { + /* If the dissection throws an exception, be sure to free + * the temporary proto_tree that was created. Because of the + * way the CLEANUP_PUSH macro works, we can't put it in an 'if' + * block; it has to be in the same scope as the terminating + * CLEANUP_POP or CLEANUP_POP_AND_ALLOC. So, we always + * call CLEANUP_POP and friends, but the value of temp_tree is + * NULL if no cleanup is needed, and non-null if cleanup is needed. + */ + + CLEANUP_PUSH(free_proto_tree, temp_tree); + + conversation = find_conversation(&pinfo->src, &pinfo->dst, + PT_NCP, nw_connection, nw_connection, 0); + + switch (type) { + case NCP_BROADCAST_SLOT: + ; /* nothing */ + break; + + case NCP_SERVICE_REQUEST: + proto_tree_add_uint_format(ncp_tree, hf_ncp_func, tvb, 6, 1, + func, "Function: %d (0x%02X), %s", + func, func, ncp_rec ? ncp_rec->name : "Unknown"); + + proto_tree_add_uint_format(ncp_tree, hf_ncp_subfunc, tvb, 7, 1, + subfunc, "SubFunction: %d (0x%02x)", + subfunc, subfunc); + + proto_tree_add_uint_format(ncp_tree, hf_ncp_fragment_handle, tvb, 8, 4, + nds_frag, "Fragment Handle: (0x%x)", + nds_frag); + + if (nds_frag == 0xffff) { + + proto_tree_add_item(ncp_tree, hf_ncp_fragment_size, tvb, 12, 4, TRUE); + + proto_tree_add_item(ncp_tree, hf_ncp_message_size, tvb, 16, 4, TRUE); + + proto_tree_add_item(ncp_tree, hf_ncp_nds_flag, tvb, 20, 4, FALSE); + + proto_tree_add_uint_format(ncp_tree, hf_ncp_nds_verb, tvb, 24, 1, + nds_verb, "NDS Verb: %d, (0x%02x), %s", + nds_verb, nds_verb, verb_string); + } + break; + + default: + ; /* nothing */ + break; + } + ptvc = ptvcursor_new(ncp_tree, tvb, 7); + if (ncp_rec && ncp_rec->request_ptvc) { + clear_repeat_vars(); + process_ptvc_record(ptvc, ncp_rec->request_ptvc, NULL, TRUE, ncp_rec); + } + ptvcursor_free(ptvc); + + /* Free the temporary proto_tree */ + CLEANUP_CALL_AND_POP; + } + +} + |