diff options
author | Bill Meier <wmeier@newsguy.com> | 2012-05-07 22:11:34 +0000 |
---|---|---|
committer | Bill Meier <wmeier@newsguy.com> | 2012-05-07 22:11:34 +0000 |
commit | c055ca8c7e2457c348d5ae22e3b779b99a11ffec (patch) | |
tree | 2aee6168b7f96c0437a0c388646b7dd19030de0c /epan/dissectors/packet-dcerpc.c | |
parent | 8d33dddd11955bb267cc2f747279c91f1a381beb (diff) |
General minor cleanup including:
- remove unneeded #includes;
- use val_to_str_const() as appropriate;
- reformat hf[] entries;
- reformat long lines;
- use #if 0/#endif to coment out code instead of /* ... */;
- remove boilerplate comments;
- whitespace & indentation
svn path=/trunk/; revision=42487
Diffstat (limited to 'epan/dissectors/packet-dcerpc.c')
-rw-r--r-- | epan/dissectors/packet-dcerpc.c | 2495 |
1 files changed, 1255 insertions, 1240 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index e943d1f121..c7e732bbe1 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -34,32 +34,39 @@ #endif #include <string.h> -#include <ctype.h> #include <glib.h> + #include <epan/packet.h> -#include <epan/dissectors/packet-dcerpc.h> #include <epan/conversation.h> #include <epan/prefs.h> #include <epan/reassemble.h> #include <epan/tap.h> #include <epan/emem.h> -#include <epan/dissectors/packet-frame.h> -#include <epan/dissectors/packet-dcerpc-nt.h> #include <epan/expert.h> #include <epan/strutil.h> #include <epan/addr_resolv.h> +#include <epan/dissectors/packet-frame.h> +#include <epan/dissectors/packet-dcerpc.h> +#include <epan/dissectors/packet-dcerpc-nt.h> static int dcerpc_tap = -1; /* 32bit Network Data Representation, see DCE/RPC Appendix I */ -static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } }; +static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, + { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } }; + /* 64bit Network Data Representation, introduced in Windows Server 2008 */ -static e_uuid_t uuid_ndr64 = { 0x71710533, 0xbeba, 0x4937, { 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 } }; +static e_uuid_t uuid_ndr64 = { 0x71710533, 0xbeba, 0x4937, + { 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 } }; + /* Bind Time Feature Negotiation, see [MS-RPCE] 3.3.1.5.3 */ -static e_uuid_t uuid_bind_time_feature_nego = { 0x6cb71c2c, 0x9812, 0x4540, { 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; +static e_uuid_t uuid_bind_time_feature_nego = { 0x6cb71c2c, 0x9812, 0x4540, + { 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; + /* see [MS-OXRPC] Appendix A: Full IDL, http://msdn.microsoft.com/en-us/library/ee217991%28v=exchg.80%29.aspx */ -static e_uuid_t uuid_asyncemsmdb = { 0x5261574a, 0x4572, 0x206e, { 0xb2, 0x68, 0x6b, 0x19, 0x92, 0x13, 0xb4, 0xe4 } }; +static e_uuid_t uuid_asyncemsmdb = { 0x5261574a, 0x4572, 0x206e, + { 0xb2, 0x68, 0x6b, 0x19, 0x92, 0x13, 0xb4, 0xe4 } }; static const value_string pckt_vals[] = { { PDU_REQ, "Request"}, @@ -200,7 +207,7 @@ static const value_string authn_level_vals[] = { * and FALSE otherwise. */ #define PFC_NOT_FRAGMENTED(hdr) \ - ((hdr->flags&(PFC_FIRST_FRAG|PFC_LAST_FRAG))==(PFC_FIRST_FRAG|PFC_LAST_FRAG)) + ((hdr->flags&(PFC_FIRST_FRAG|PFC_LAST_FRAG)) == (PFC_FIRST_FRAG|PFC_LAST_FRAG)) /* * Presentation context negotiation result. @@ -613,11 +620,11 @@ static dcerpc_info * get_next_di(void) { static dcerpc_info di[20]; - static int di_counter=0; + static int di_counter = 0; di_counter++; - if(di_counter>=20){ - di_counter=0; + if (di_counter >= 20) { + di_counter = 0; } memset(&di[di_counter], 0, sizeof(dcerpc_info)); @@ -667,13 +674,13 @@ static dcerpc_auth_subdissector_fns *get_auth_subdissector_fns( guint8 auth_level, guint8 auth_type) { gpointer data; - int i; + int i; for (i = 0; (data = g_slist_nth_data(dcerpc_auth_subdissector_list, i)); i++) { dcerpc_auth_subdissector *asd = (dcerpc_auth_subdissector *)data; - if (asd->auth_level == auth_level && - asd->auth_type == auth_type) + if ((asd->auth_level == auth_level) && + (asd->auth_type == auth_type)) return &asd->auth_fns; } @@ -774,19 +781,19 @@ static tvbuff_t *decode_encrypted_data(tvbuff_t *data_tvb, */ /* the registered subdissectors */ -GHashTable *dcerpc_uuids=NULL; +GHashTable *dcerpc_uuids = NULL; static gint -dcerpc_uuid_equal (gconstpointer k1, gconstpointer k2) +dcerpc_uuid_equal(gconstpointer k1, gconstpointer k2) { const dcerpc_uuid_key *key1 = (const dcerpc_uuid_key *)k1; const dcerpc_uuid_key *key2 = (const dcerpc_uuid_key *)k2; - return ((memcmp (&key1->uuid, &key2->uuid, sizeof (e_uuid_t)) == 0) + return ((memcmp(&key1->uuid, &key2->uuid, sizeof (e_uuid_t)) == 0) && (key1->ver == key2->ver)); } static guint -dcerpc_uuid_hash (gconstpointer k) +dcerpc_uuid_hash(gconstpointer k) { const dcerpc_uuid_key *key = (const dcerpc_uuid_key *)k; /* This isn't perfect, but the Data1 part of these is almost always @@ -795,37 +802,37 @@ dcerpc_uuid_hash (gconstpointer k) } void -dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, - dcerpc_sub_dissector *procs, int opnum_hf) +dcerpc_init_uuid(int proto, int ett, e_uuid_t *uuid, guint16 ver, + dcerpc_sub_dissector *procs, int opnum_hf) { - dcerpc_uuid_key *key = g_malloc (sizeof (*key)); - dcerpc_uuid_value *value = g_malloc (sizeof (*value)); + dcerpc_uuid_key *key = g_malloc(sizeof (*key)); + dcerpc_uuid_value *value = g_malloc(sizeof (*value)); header_field_info *hf_info; - module_t *samr_module; - const char *filter_name = proto_get_protocol_filter_name(proto); + module_t *samr_module; + const char *filter_name = proto_get_protocol_filter_name(proto); key->uuid = *uuid; key->ver = ver; - value->proto = find_protocol_by_id(proto); + value->proto = find_protocol_by_id(proto); value->proto_id = proto; - value->ett = ett; - value->name = proto_get_protocol_short_name (value->proto); - value->procs = procs; + value->ett = ett; + value->name = proto_get_protocol_short_name(value->proto); + value->procs = procs; value->opnum_hf = opnum_hf; - g_hash_table_insert (dcerpc_uuids, key, value); + g_hash_table_insert(dcerpc_uuids, key, value); hf_info = proto_registrar_get_nth(opnum_hf); hf_info->strings = value_string_from_subdissectors(procs); /* add this GUID to the global name resolving */ - guids_add_uuid(uuid, proto_get_protocol_short_name (value->proto)); + guids_add_uuid(uuid, proto_get_protocol_short_name(value->proto)); /* Register the samr.nt_password preference as obsolete */ /* This should be in packet-dcerpc-samr.c */ if (strcmp(filter_name, "samr") == 0) { - samr_module = prefs_register_protocol (proto, NULL); + samr_module = prefs_register_protocol(proto, NULL); prefs_register_obsolete_preference(samr_module, "nt_password"); } } @@ -836,12 +843,12 @@ dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, const char * dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver) { - dcerpc_uuid_key key; + dcerpc_uuid_key key; dcerpc_uuid_value *sub_proto; key.uuid = *uuid; key.ver = ver; - if(!(sub_proto = g_hash_table_lookup (dcerpc_uuids, &key))){ + if (!(sub_proto = g_hash_table_lookup(dcerpc_uuids, &key))) { return NULL; } return sub_proto->name; @@ -853,12 +860,12 @@ dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver) int dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver) { - dcerpc_uuid_key key; + dcerpc_uuid_key key; dcerpc_uuid_value *sub_proto; key.uuid = *uuid; key.ver = ver; - if(!(sub_proto = g_hash_table_lookup (dcerpc_uuids, &key))){ + if (!(sub_proto = g_hash_table_lookup(dcerpc_uuids, &key))) { return -1; } return sub_proto->opnum_hf; @@ -869,8 +876,9 @@ dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver) value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd) { - value_string *vs = NULL; - int i, num_sd = 0; + value_string *vs = NULL; + int i; + int num_sd = 0; again: for (i = 0; sd[i].name; i++) { @@ -898,12 +906,12 @@ again: dcerpc_sub_dissector * dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver) { - dcerpc_uuid_key key; + dcerpc_uuid_key key; dcerpc_uuid_value *sub_proto; key.uuid = *uuid; key.ver = ver; - if(!(sub_proto = g_hash_table_lookup (dcerpc_uuids, &key))){ + if (!(sub_proto = g_hash_table_lookup(dcerpc_uuids, &key))) { return NULL; } return sub_proto->procs; @@ -917,37 +925,37 @@ dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver) * Note that we always specify a SMB FID. For non-SMB transports this * value is 0. */ -static GHashTable *dcerpc_binds=NULL; +static GHashTable *dcerpc_binds = NULL; typedef struct _dcerpc_bind_key { conversation_t *conv; - guint16 ctx_id; - guint16 smb_fid; + guint16 ctx_id; + guint16 smb_fid; } dcerpc_bind_key; typedef struct _dcerpc_bind_value { e_uuid_t uuid; - guint16 ver; + guint16 ver; e_uuid_t transport; } dcerpc_bind_value; static gint -dcerpc_bind_equal (gconstpointer k1, gconstpointer k2) +dcerpc_bind_equal(gconstpointer k1, gconstpointer k2) { const dcerpc_bind_key *key1 = (const dcerpc_bind_key *)k1; const dcerpc_bind_key *key2 = (const dcerpc_bind_key *)k2; - return (key1->conv == key2->conv - && key1->ctx_id == key2->ctx_id - && key1->smb_fid == key2->smb_fid); + return ((key1->conv == key2->conv) + && (key1->ctx_id == key2->ctx_id) + && (key1->smb_fid == key2->smb_fid)); } static guint -dcerpc_bind_hash (gconstpointer k) +dcerpc_bind_hash(gconstpointer k) { const dcerpc_bind_key *key = (const dcerpc_bind_key *)k; guint hash; - hash=GPOINTER_TO_UINT(key->conv) + key->ctx_id + key->smb_fid; + hash = GPOINTER_TO_UINT(key->conv) + key->ctx_id + key->smb_fid; return hash; } @@ -956,8 +964,8 @@ dcerpc_bind_hash (gconstpointer k) * To keep track of callid mappings. Should really use some generic * conversation support instead. */ -static GHashTable *dcerpc_cn_calls=NULL; -static GHashTable *dcerpc_dg_calls=NULL; +static GHashTable *dcerpc_cn_calls = NULL; +static GHashTable *dcerpc_dg_calls = NULL; typedef struct _dcerpc_cn_call_key { conversation_t *conv; @@ -967,48 +975,48 @@ typedef struct _dcerpc_cn_call_key { typedef struct _dcerpc_dg_call_key { conversation_t *conv; - guint32 seqnum; - e_uuid_t act_id ; + guint32 seqnum; + e_uuid_t act_id ; } dcerpc_dg_call_key; static gint -dcerpc_cn_call_equal (gconstpointer k1, gconstpointer k2) +dcerpc_cn_call_equal(gconstpointer k1, gconstpointer k2) { const dcerpc_cn_call_key *key1 = (const dcerpc_cn_call_key *)k1; const dcerpc_cn_call_key *key2 = (const dcerpc_cn_call_key *)k2; - return (key1->conv == key2->conv - && key1->call_id == key2->call_id - && key1->smb_fid == key2->smb_fid); + return ((key1->conv == key2->conv) + && (key1->call_id == key2->call_id) + && (key1->smb_fid == key2->smb_fid)); } static gint -dcerpc_dg_call_equal (gconstpointer k1, gconstpointer k2) +dcerpc_dg_call_equal(gconstpointer k1, gconstpointer k2) { const dcerpc_dg_call_key *key1 = (const dcerpc_dg_call_key *)k1; const dcerpc_dg_call_key *key2 = (const dcerpc_dg_call_key *)k2; - return (key1->conv == key2->conv - && key1->seqnum == key2->seqnum - && (memcmp (&key1->act_id, &key2->act_id, sizeof (e_uuid_t)) == 0)); + return ((key1->conv == key2->conv) + && (key1->seqnum == key2->seqnum) + && ((memcmp(&key1->act_id, &key2->act_id, sizeof (e_uuid_t)) == 0))); } static guint -dcerpc_cn_call_hash (gconstpointer k) +dcerpc_cn_call_hash(gconstpointer k) { const dcerpc_cn_call_key *key = (const dcerpc_cn_call_key *)k; return GPOINTER_TO_UINT(key->conv) + key->call_id + key->smb_fid; } static guint -dcerpc_dg_call_hash (gconstpointer k) +dcerpc_dg_call_hash(gconstpointer k) { const dcerpc_dg_call_key *key = (const dcerpc_dg_call_key *)k; return (GPOINTER_TO_UINT(key->conv) + key->seqnum + key->act_id.Data1 - + (key->act_id.Data2 << 16) + key->act_id.Data3 + + (key->act_id.Data2 << 16) + key->act_id.Data3 + (key->act_id.Data4[0] << 24) + (key->act_id.Data4[1] << 16) - + (key->act_id.Data4[2] << 8) + (key->act_id.Data4[3] << 0) + + (key->act_id.Data4[2] << 8) + (key->act_id.Data4[3] << 0) + (key->act_id.Data4[4] << 24) + (key->act_id.Data4[5] << 16) - + (key->act_id.Data4[6] << 8) + (key->act_id.Data4[7] << 0)); + + (key->act_id.Data4[6] << 8) + (key->act_id.Data4[7] << 0)); } /* to keep track of matched calls/responses @@ -1018,7 +1026,7 @@ dcerpc_dg_call_hash (gconstpointer k) XXX - why not just use the same keys as are used for calls? */ -static GHashTable *dcerpc_matched=NULL; +static GHashTable *dcerpc_matched = NULL; typedef struct _dcerpc_matched_key { guint32 frame; @@ -1026,16 +1034,16 @@ typedef struct _dcerpc_matched_key { } dcerpc_matched_key; static gint -dcerpc_matched_equal (gconstpointer k1, gconstpointer k2) +dcerpc_matched_equal(gconstpointer k1, gconstpointer k2) { const dcerpc_matched_key *key1 = (const dcerpc_matched_key *)k1; const dcerpc_matched_key *key2 = (const dcerpc_matched_key *)k2; - return (key1->frame == key2->frame - && key1->call_id == key2->call_id); + return ((key1->frame == key2->frame) + && (key1->call_id == key2->call_id)); } static guint -dcerpc_matched_hash (gconstpointer k) +dcerpc_matched_hash(gconstpointer k) { const dcerpc_matched_key *key = (const dcerpc_matched_key *)k; return key->frame; @@ -1048,15 +1056,15 @@ dcerpc_matched_hash (gconstpointer k) */ int -dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, - proto_tree *tree, guint8 *drep, - int hfindex, guint8 *pdata) +dissect_dcerpc_uint8(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + proto_tree *tree, guint8 *drep, + int hfindex, guint8 *pdata) { guint8 data; - data = tvb_get_guint8 (tvb, offset); + data = tvb_get_guint8(tvb, offset); if (tree) { - proto_tree_add_item (tree, hfindex, tvb, offset, 1, DREP_ENC_INTEGER(drep)); + proto_tree_add_item(tree, hfindex, tvb, offset, 1, DREP_ENC_INTEGER(drep)); } if (pdata) *pdata = data; @@ -1064,18 +1072,18 @@ dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, } int -dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, - proto_tree *tree, guint8 *drep, - int hfindex, guint16 *pdata) +dissect_dcerpc_uint16(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + proto_tree *tree, guint8 *drep, + int hfindex, guint16 *pdata) { guint16 data; data = ((drep[0] & DREP_LITTLE_ENDIAN) - ? tvb_get_letohs (tvb, offset) - : tvb_get_ntohs (tvb, offset)); + ? tvb_get_letohs(tvb, offset) + : tvb_get_ntohs(tvb, offset)); if (tree) { - proto_tree_add_item (tree, hfindex, tvb, offset, 2, DREP_ENC_INTEGER(drep)); + proto_tree_add_item(tree, hfindex, tvb, offset, 2, DREP_ENC_INTEGER(drep)); } if (pdata) *pdata = data; @@ -1083,18 +1091,18 @@ dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, } int -dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, - proto_tree *tree, guint8 *drep, - int hfindex, guint32 *pdata) +dissect_dcerpc_uint32(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + proto_tree *tree, guint8 *drep, + int hfindex, guint32 *pdata) { guint32 data; data = ((drep[0] & DREP_LITTLE_ENDIAN) - ? tvb_get_letohl (tvb, offset) - : tvb_get_ntohl (tvb, offset)); + ? tvb_get_letohl(tvb, offset) + : tvb_get_ntohl(tvb, offset)); if (tree) { - proto_tree_add_item (tree, hfindex, tvb, offset, 4, DREP_ENC_INTEGER(drep)); + proto_tree_add_item(tree, hfindex, tvb, offset, 4, DREP_ENC_INTEGER(drep)); } if (pdata) *pdata = data; @@ -1103,25 +1111,25 @@ dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, /* handles 32 bit unix time_t */ int -dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, - proto_tree *tree, guint8 *drep, - int hfindex, guint32 *pdata) +dissect_dcerpc_time_t(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + proto_tree *tree, guint8 *drep, + int hfindex, guint32 *pdata) { guint32 data; nstime_t tv; data = ((drep[0] & DREP_LITTLE_ENDIAN) - ? tvb_get_letohl (tvb, offset) - : tvb_get_ntohl (tvb, offset)); + ? tvb_get_letohl(tvb, offset) + : tvb_get_ntohl(tvb, offset)); - tv.secs=data; - tv.nsecs=0; + tv.secs = data; + tv.nsecs = 0; if (tree) { - if(data==0xffffffff){ + if (data == 0xffffffff) { /* special case, no time specified */ proto_tree_add_time_format_value(tree, hfindex, tvb, offset, 4, &tv, "No time specified"); } else { - proto_tree_add_time (tree, hfindex, tvb, offset, 4, &tv); + proto_tree_add_time(tree, hfindex, tvb, offset, 4, &tv); } } if (pdata) @@ -1131,15 +1139,15 @@ dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, } int -dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, - proto_tree *tree, guint8 *drep, - int hfindex, guint64 *pdata) +dissect_dcerpc_uint64(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + proto_tree *tree, guint8 *drep, + int hfindex, guint64 *pdata) { guint64 data; data = ((drep[0] & DREP_LITTLE_ENDIAN) - ? tvb_get_letoh64 (tvb, offset) - : tvb_get_ntoh64 (tvb, offset)); + ? tvb_get_letoh64(tvb, offset) + : tvb_get_ntoh64(tvb, offset)); if (tree) { header_field_info *hfinfo; @@ -1150,7 +1158,7 @@ dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, */ hfinfo = proto_registrar_get_nth(hfindex); - switch(hfinfo->type) { + switch (hfinfo->type) { case FT_UINT64: proto_tree_add_uint64(tree, hfindex, tvb, offset, 8, data); break; @@ -1158,7 +1166,7 @@ dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, proto_tree_add_int64(tree, hfindex, tvb, offset, 8, data); break; default: - DISSECTOR_ASSERT(data<=G_MAXUINT32); + DISSECTOR_ASSERT(data <= G_MAXUINT32); proto_tree_add_uint(tree, hfindex, tvb, offset, 8, (guint32)data); } } @@ -1176,7 +1184,7 @@ dissect_dcerpc_float(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, gfloat data; - switch(drep[1]) { + switch (drep[1]) { case(DCE_RPC_DREP_FP_IEEE): data = ((drep[0] & DREP_LITTLE_ENDIAN) ? tvb_get_letohieee_float(tvb, offset) @@ -1210,7 +1218,7 @@ dissect_dcerpc_double(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, gdouble data; - switch(drep[1]) { + switch (drep[1]) { case(DCE_RPC_DREP_FP_IEEE): data = ((drep[0] & DREP_LITTLE_ENDIAN) ? tvb_get_letohieee_double(tvb, offset) @@ -1237,17 +1245,17 @@ dissect_dcerpc_double(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, int -dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, - proto_tree *tree, guint8 *drep, - int hfindex, e_uuid_t *pdata) +dissect_dcerpc_uuid_t(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + proto_tree *tree, guint8 *drep, + int hfindex, e_uuid_t *pdata) { e_uuid_t uuid; if (drep[0] & DREP_LITTLE_ENDIAN) { - tvb_get_letohguid (tvb, offset, (e_guid_t *) &uuid); + tvb_get_letohguid(tvb, offset, (e_guid_t *) &uuid); } else { - tvb_get_ntohguid (tvb, offset, (e_guid_t *) &uuid); + tvb_get_ntohguid(tvb, offset, (e_guid_t *) &uuid); } if (tree) { proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid); @@ -1263,32 +1271,32 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, * a couple simpler things */ guint16 -dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep) +dcerpc_tvb_get_ntohs(tvbuff_t *tvb, gint offset, guint8 *drep) { if (drep[0] & DREP_LITTLE_ENDIAN) { - return tvb_get_letohs (tvb, offset); + return tvb_get_letohs(tvb, offset); } else { - return tvb_get_ntohs (tvb, offset); + return tvb_get_ntohs(tvb, offset); } } guint32 -dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep) +dcerpc_tvb_get_ntohl(tvbuff_t *tvb, gint offset, guint8 *drep) { if (drep[0] & DREP_LITTLE_ENDIAN) { - return tvb_get_letohl (tvb, offset); + return tvb_get_letohl(tvb, offset); } else { - return tvb_get_ntohl (tvb, offset); + return tvb_get_ntohl(tvb, offset); } } void -dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid) +dcerpc_tvb_get_uuid(tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid) { if (drep[0] & DREP_LITTLE_ENDIAN) { - tvb_get_letohguid (tvb, offset, (e_guid_t *) uuid); + tvb_get_letohguid(tvb, offset, (e_guid_t *) uuid); } else { - tvb_get_ntohguid (tvb, offset, (e_guid_t *) uuid); + tvb_get_ntohguid(tvb, offset, (e_guid_t *) uuid); } } @@ -1300,35 +1308,35 @@ dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, dcerpc_dissect_fnct_t *fnct) { - guint32 i; + guint32 i; dcerpc_info *di; - int old_offset; - int conformance_size = 4; + int old_offset; + int conformance_size = 4; - di=pinfo->private_data; + di = pinfo->private_data; if (di->call_data->flags & DCERPC_IS_NDR64) { conformance_size = 8; } - if(di->conformant_run){ + if (di->conformant_run) { guint64 val; /* conformant run, just dissect the max_count header */ - old_offset=offset; - di->conformant_run=0; - offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep, + old_offset = offset; + di->conformant_run = 0; + offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep, hf_dcerpc_array_max_count, &val); di->array_max_count = (gint32)val; - di->array_max_count_offset=offset-conformance_size; - di->conformant_run=1; - di->conformant_eaten=offset-old_offset; + di->array_max_count_offset = offset-conformance_size; + di->conformant_run = 1; + di->conformant_eaten = offset-old_offset; } else { /* we don't remember where in the bytestream this field was */ proto_tree_add_uint(tree, hf_dcerpc_array_max_count, tvb, di->array_max_count_offset, conformance_size, di->array_max_count); /* real run, dissect the elements */ - for(i=0;i<di->array_max_count;i++){ + for(i=0; i<di->array_max_count; i++) { offset = (*fnct)(tvb, offset, pinfo, tree, drep); } } @@ -1341,40 +1349,40 @@ dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, dcerpc_dissect_fnct_t *fnct) { - guint32 i; + guint32 i; dcerpc_info *di; - int old_offset; - int conformance_size = 4; + int old_offset; + int conformance_size = 4; - di=pinfo->private_data; + di = pinfo->private_data; if (di->call_data->flags & DCERPC_IS_NDR64) { conformance_size = 8; } - if(di->conformant_run){ + if (di->conformant_run) { guint64 val; /* conformant run, just dissect the max_count header */ - old_offset=offset; - di->conformant_run=0; - offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep, + old_offset = offset; + di->conformant_run = 0; + offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep, hf_dcerpc_array_max_count, &val); - DISSECTOR_ASSERT(val<=G_MAXUINT32); + DISSECTOR_ASSERT(val <= G_MAXUINT32); di->array_max_count = (guint32)val; - di->array_max_count_offset=offset-conformance_size; - offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep, + di->array_max_count_offset = offset-conformance_size; + offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep, hf_dcerpc_array_offset, &val); - DISSECTOR_ASSERT(val<=G_MAXUINT32); + DISSECTOR_ASSERT(val <= G_MAXUINT32); di->array_offset = (guint32)val; - di->array_offset_offset=offset-conformance_size; - offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep, + di->array_offset_offset = offset-conformance_size; + offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep, hf_dcerpc_array_actual_count, &val); - DISSECTOR_ASSERT(val<=G_MAXUINT32); - di->array_actual_count=(guint32)val; - di->array_actual_count_offset=offset-conformance_size; - di->conformant_run=1; - di->conformant_eaten=offset-old_offset; + DISSECTOR_ASSERT(val <= G_MAXUINT32); + di->array_actual_count = (guint32)val; + di->array_actual_count_offset = offset-conformance_size; + di->conformant_run = 1; + di->conformant_eaten = offset-old_offset; } else { /* we don't remember where in the bytestream these fields were */ proto_tree_add_uint(tree, hf_dcerpc_array_max_count, tvb, di->array_max_count_offset, conformance_size, di->array_max_count); @@ -1382,7 +1390,7 @@ dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree_add_uint(tree, hf_dcerpc_array_actual_count, tvb, di->array_actual_count_offset, conformance_size, di->array_actual_count); /* real run, dissect the elements */ - for(i=0;i<di->array_actual_count;i++){ + for(i=0 ;i<di->array_actual_count; i++) { old_offset = offset; offset = (*fnct)(tvb, offset, pinfo, tree, drep); if (offset <= old_offset) @@ -1398,42 +1406,42 @@ dissect_ndr_uvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, dcerpc_dissect_fnct_t *fnct) { - guint32 i; + guint32 i; dcerpc_info *di; - int old_offset; - int conformance_size = 4; + int old_offset; + int conformance_size = 4; - di=pinfo->private_data; + di = pinfo->private_data; if (di->call_data->flags & DCERPC_IS_NDR64) { conformance_size = 8; } - if(di->conformant_run){ + if (di->conformant_run) { guint64 val; /* conformant run, just dissect the max_count header */ - old_offset=offset; - di->conformant_run=0; - offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep, + old_offset = offset; + di->conformant_run = 0; + offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep, hf_dcerpc_array_offset, &val); - DISSECTOR_ASSERT(val<=G_MAXUINT32); - di->array_offset=(guint32)val; - di->array_offset_offset=offset-conformance_size; - offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep, + DISSECTOR_ASSERT(val <= G_MAXUINT32); + di->array_offset = (guint32)val; + di->array_offset_offset = offset-conformance_size; + offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep, hf_dcerpc_array_actual_count, &val); - DISSECTOR_ASSERT(val<=G_MAXUINT32); - di->array_actual_count=(guint32)val; - di->array_actual_count_offset=offset-conformance_size; - di->conformant_run=1; - di->conformant_eaten=offset-old_offset; + DISSECTOR_ASSERT(val <= G_MAXUINT32); + di->array_actual_count = (guint32)val; + di->array_actual_count_offset = offset-conformance_size; + di->conformant_run = 1; + di->conformant_eaten = offset-old_offset; } else { /* we don't remember where in the bytestream these fields were */ proto_tree_add_uint(tree, hf_dcerpc_array_offset, tvb, di->array_offset_offset, conformance_size, di->array_offset); proto_tree_add_uint(tree, hf_dcerpc_array_actual_count, tvb, di->array_actual_count_offset, conformance_size, di->array_actual_count); /* real run, dissect the elements */ - for(i=0;i<di->array_actual_count;i++){ + for(i=0; i<di->array_actual_count; i++) { offset = (*fnct)(tvb, offset, pinfo, tree, drep); } } @@ -1449,7 +1457,7 @@ dissect_ndr_uvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo, than showing each byte as an individual element. XXX - which of those is really the IDL type for, for example, - the encrypted data in some MAPI packets? (Microsoft haven't + the encrypted data in some MAPI packets? (Microsoft hasn't released that IDL.) XXX - does this need to do all the conformant array stuff that @@ -1461,10 +1469,10 @@ dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { dcerpc_info *di; - guint64 len; + guint64 len; - di=pinfo->private_data; - if(di->conformant_run){ + di = pinfo->private_data; + if (di->conformant_run) { /* just a run to handle conformant arrays, no scalars to dissect */ return offset; } @@ -1480,7 +1488,7 @@ dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo, offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep, hf_dcerpc_array_actual_count, &len); - DISSECTOR_ASSERT(len<=G_MAXUINT32); + DISSECTOR_ASSERT(len <= G_MAXUINT32); if (tree && len) { tvb_ensure_bytes_exist(tvb, offset, (guint32)len); proto_tree_add_item(tree, hf_dcerpc_array_buffer, @@ -1505,16 +1513,16 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int size_is, int hfindex, gboolean add_subtree, char **data) { - dcerpc_info *di; - proto_item *string_item; - proto_tree *string_tree; - guint64 len; - guint32 buffer_len; - char *s; + dcerpc_info *di; + proto_item *string_item; + proto_tree *string_tree; + guint64 len; + guint32 buffer_len; + char *s; header_field_info *hfinfo; - di=pinfo->private_data; - if(di->conformant_run){ + di = pinfo->private_data; + if (di->conformant_run) { /* just a run to handle conformant arrays, no scalars to dissect */ return offset; } @@ -1539,7 +1547,7 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, offset = dissect_ndr_uint3264(tvb, offset, pinfo, string_tree, drep, hf_dcerpc_array_actual_count, &len); - DISSECTOR_ASSERT(len<=G_MAXUINT32); + DISSECTOR_ASSERT(len <= G_MAXUINT32); buffer_len = size_is * (guint32)len; /* Adjust offset */ @@ -1576,7 +1584,7 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, * * XXX - if this is an octet string, does the byte order * matter? Will this ever be anything *other* than an - * octet string? What if size_is is neither 1 nor 2? + * octet string? What if size_is is neither 1 nor 2? */ tvb_ensure_bytes_exist(tvb, offset, buffer_len); s = tvb_get_ephemeral_string(tvb, offset, buffer_len); @@ -1612,7 +1620,7 @@ dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { dcerpc_info *di; - di=pinfo->private_data; + di = pinfo->private_data; return dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep, sizeof(guint8), di->hf_index, @@ -1633,7 +1641,7 @@ dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { dcerpc_info *di; - di=pinfo->private_data; + di = pinfo->private_data; return dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep, sizeof(guint16), di->hf_index, @@ -1647,28 +1655,28 @@ int PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int chsize, int hfindex, guint32 param) { dcerpc_info *di; - char *s = NULL; - gint levels = CB_STR_ITEM_LEVELS(param); + char *s = NULL; + gint levels = CB_STR_ITEM_LEVELS(param); - di=pinfo->private_data; + di = pinfo->private_data; offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep, chsize, hfindex, FALSE, &s); - if(!di->conformant_run){ + if (!di->conformant_run) { /* Append string to COL_INFO */ if (param & PIDL_SET_COL_INFO) { col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", s); } /* Save string to dcv->private_data */ - if((param & PIDL_STR_SAVE) - && (!pinfo->fd->flags.visited)){ + if ((param & PIDL_STR_SAVE) + && (!pinfo->fd->flags.visited)) { dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data; dcv->private_data = se_strdup(s); } /* Append string to upper-level proto_items */ - if (levels > 0 && tree && s && s[0]) { + if ((levels > 0) && tree && s && s[0]) { proto_item_append_text(tree, ": %s", s); tree = tree->parent; levels--; @@ -1699,16 +1707,16 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int size_is, int hfindex, gboolean add_subtree, char **data) { - dcerpc_info *di; - proto_item *string_item; - proto_tree *string_tree; - guint64 len; - guint32 buffer_len; - char *s; + dcerpc_info *di; + proto_item *string_item; + proto_tree *string_tree; + guint64 len; + guint32 buffer_len; + char *s; header_field_info *hfinfo; - di=pinfo->private_data; - if(di->conformant_run){ + di = pinfo->private_data; + if (di->conformant_run) { /* just a run to handle conformant arrays, no scalars to dissect */ return offset; } @@ -1729,7 +1737,7 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, offset = dissect_ndr_uint3264(tvb, offset, pinfo, string_tree, drep, hf_dcerpc_array_actual_count, &len); - DISSECTOR_ASSERT(len<=G_MAXUINT32); + DISSECTOR_ASSERT(len <= G_MAXUINT32); buffer_len = size_is * (guint32)len; /* Adjust offset */ @@ -1766,7 +1774,7 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, * * XXX - if this is an octet string, does the byte order * matter? Will this ever be anything *other* than an - * octet string? What if size_is is neither 1 nor 2? + * octet string? What if size_is is neither 1 nor 2? */ tvb_ensure_bytes_exist(tvb, offset, buffer_len); s = tvb_get_ephemeral_string(tvb, offset, buffer_len); @@ -1802,7 +1810,7 @@ dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { dcerpc_info *di; - di=pinfo->private_data; + di = pinfo->private_data; return dissect_ndr_vstring(tvb, offset, pinfo, tree, drep, sizeof(guint8), di->hf_index, @@ -1823,7 +1831,7 @@ dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { dcerpc_info *di; - di=pinfo->private_data; + di = pinfo->private_data; return dissect_ndr_vstring(tvb, offset, pinfo, tree, drep, sizeof(guint16), di->hf_index, @@ -1836,21 +1844,21 @@ dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, static GSList *ndr_pointer_list = NULL; /* position where in the list to insert newly encountered pointers */ -static int ndr_pointer_list_pos=0; +static int ndr_pointer_list_pos = 0; /* Boolean controlling whether pointers are top-level or embedded */ static gboolean pointers_are_top_level = TRUE; -/* as a kludge, we represent all embedded reference pointers as id==-1 +/* as a kludge, we represent all embedded reference pointers as id == -1 hoping that his will not collide with any non-ref pointers */ typedef struct ndr_pointer_data { - guint32 id; - proto_item *item; /* proto_item for pointer */ - proto_tree *tree; /* subtree of above item */ - dcerpc_dissect_fnct_t *fnct; /*if non-NULL, we have not called it yet*/ - int hf_index; + guint32 id; + proto_item *item; /* proto_item for pointer */ + proto_tree *tree; /* subtree of above item */ + dcerpc_dissect_fnct_t *fnct; /*if non-NULL, we have not called it yet*/ + int hf_index; dcerpc_callback_fnct_t *callback; - void *callback_args; + void *callback_args; } ndr_pointer_data_t; void @@ -1858,57 +1866,57 @@ init_ndr_pointer_list(packet_info *pinfo) { dcerpc_info *di; - di=pinfo->private_data; - di->conformant_run=0; + di = pinfo->private_data; + di->conformant_run = 0; - while(ndr_pointer_list){ + while (ndr_pointer_list) { ndr_pointer_data_t *npd; - npd=g_slist_nth_data(ndr_pointer_list, 0); - ndr_pointer_list=g_slist_remove(ndr_pointer_list, npd); + npd = g_slist_nth_data(ndr_pointer_list, 0); + ndr_pointer_list = g_slist_remove(ndr_pointer_list, npd); g_free(npd); } - ndr_pointer_list=NULL; - ndr_pointer_list_pos=0; - pointers_are_top_level=TRUE; + ndr_pointer_list = NULL; + ndr_pointer_list_pos = 0; + pointers_are_top_level = TRUE; } int dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8 *drep) { - int found_new_pointer; + int found_new_pointer; dcerpc_info *di; - int old_offset; - int next_pointer; + int old_offset; + int next_pointer; - next_pointer=0; - di=pinfo->private_data; + next_pointer = 0; + di = pinfo->private_data; do{ int i, len; - found_new_pointer=0; - len=g_slist_length(ndr_pointer_list); - for(i=next_pointer;i<len;i++){ + found_new_pointer = 0; + len = g_slist_length(ndr_pointer_list); + for(i=next_pointer; i<len; i++) { ndr_pointer_data_t *tnpd; - tnpd=g_slist_nth_data(ndr_pointer_list, i); - if(tnpd->fnct){ + tnpd = g_slist_nth_data(ndr_pointer_list, i); + if (tnpd->fnct) { dcerpc_dissect_fnct_t *fnct; - next_pointer=i+1; - found_new_pointer=1; - fnct=tnpd->fnct; - tnpd->fnct=NULL; - ndr_pointer_list_pos=i+1; - di->hf_index=tnpd->hf_index; + next_pointer = i+1; + found_new_pointer = 1; + fnct = tnpd->fnct; + tnpd->fnct = NULL; + ndr_pointer_list_pos = i+1; + di->hf_index = tnpd->hf_index; /* first a run to handle any conformant array headers */ - di->conformant_run=1; - di->conformant_eaten=0; + di->conformant_run = 1; + di->conformant_eaten = 0; old_offset = offset; offset = (*(fnct))(tvb, offset, pinfo, NULL, drep); - DISSECTOR_ASSERT((offset-old_offset)==di->conformant_eaten); + DISSECTOR_ASSERT((offset-old_offset) == di->conformant_eaten); /* This is to check for any bugs in the dissectors. * * Basically, the NDR representation will store all @@ -1924,12 +1932,12 @@ dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8 * For this reason, all pointers to types (both aggregate * and scalar, for simplicity no distinction is made) * will have its dissector called twice. - * The dissector will first be called with conformant_run==1 + * The dissector will first be called with conformant_run == 1 * in which mode the dissector MUST NOT consume any data from * the tvbuff (i.e. may not dissect anything) except the * initial control block for arrays. * The second time the dissector is called, with - * conformant_run==0, all other data for the type will be + * conformant_run == 0, all other data for the type will be * dissected. * * All dissect_ndr_<type> dissectors are already prepared @@ -1945,8 +1953,8 @@ dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8 * * dcerpc_info *di; * - * di=pinfo->private_data; - * if(di->conformant_run){ + * di = pinfo->private_data; + * if (di->conformant_run) { * return offset; * } * @@ -1956,7 +1964,7 @@ dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8 */ /* now we dissect the actual pointer */ - di->conformant_run=0; + di->conformant_run = 0; old_offset = offset; offset = (*(fnct))(tvb, offset, pinfo, tnpd->tree, drep); if (tnpd->callback) @@ -1964,7 +1972,7 @@ dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8 break; } } - } while(found_new_pointer); + } while (found_new_pointer); return offset; } @@ -1978,43 +1986,43 @@ add_pointer_to_list(packet_info *pinfo, proto_tree *tree, proto_item *item, ndr_pointer_data_t *npd; /* check if this pointer is valid */ - if(id!=0xffffffff){ + if (id != 0xffffffff) { dcerpc_info *di; dcerpc_call_value *value; - di=pinfo->private_data; - value=di->call_data; + di = pinfo->private_data; + value = di->call_data; - if(di->ptype == PDU_REQ){ - if(!(pinfo->fd->flags.visited)){ - if(id>value->max_ptr){ - value->max_ptr=id; + if (di->ptype == PDU_REQ) { + if (!(pinfo->fd->flags.visited)) { + if (id > value->max_ptr) { + value->max_ptr = id; } } } else { /* if we haven't seen the request bail out since we cant know whether this is the first non-NULL instance or not */ - if(value->req_frame==0){ + if (value->req_frame == 0) { /* XXX THROW EXCEPTION */ } /* We saw this one in the request frame, nothing to dissect later */ - if(id<=value->max_ptr){ + if (id <= value->max_ptr) { return; } } } - npd=g_malloc(sizeof(ndr_pointer_data_t)); - npd->id=id; - npd->tree=tree; - npd->item=item; - npd->fnct=fnct; - npd->hf_index=hf_index; - npd->callback=callback; - npd->callback_args=callback_args; + npd = g_malloc(sizeof(ndr_pointer_data_t)); + npd->id = id; + npd->tree = tree; + npd->item = item; + npd->fnct = fnct; + npd->hf_index = hf_index; + npd->callback = callback; + npd->callback_args = callback_args; ndr_pointer_list = g_slist_insert(ndr_pointer_list, npd, ndr_pointer_list_pos); ndr_pointer_list_pos++; @@ -2025,13 +2033,13 @@ static int find_pointer_index(guint32 id) { ndr_pointer_data_t *npd; - int i,len; + int i,len; - len=g_slist_length(ndr_pointer_list); - for(i=0;i<len;i++){ - npd=g_slist_nth_data(ndr_pointer_list, i); - if(npd){ - if(npd->id==id){ + len = g_slist_length(ndr_pointer_list); + for(i=0; i<len; i++) { + npd = g_slist_nth_data(ndr_pointer_list, i); + if (npd) { + if (npd->id == id) { return i; } } @@ -2066,12 +2074,12 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, dcerpc_callback_fnct_t *callback, void *callback_args) { dcerpc_info *di; - proto_tree *tr = NULL; - gint start_offset = offset; - int pointer_size = 4; + proto_tree *tr = NULL; + gint start_offset = offset; + int pointer_size = 4; - di=pinfo->private_data; - if(di->conformant_run){ + di = pinfo->private_data; + if (di->conformant_run) { /* this call was only for dissecting the header for any embedded conformant array. we will not parse any pointers in this mode. @@ -2084,14 +2092,14 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, /*TOP LEVEL REFERENCE POINTER*/ - if( pointers_are_top_level - &&(type==NDR_POINTER_REF) ){ + if ( pointers_are_top_level + && (type == NDR_POINTER_REF) ) { proto_item *item; /* we must find out a nice way to do the length here */ - item=proto_tree_add_text(tree, tvb, offset, 0, - "%s", text); - tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data); + item = proto_tree_add_text(tree, tvb, offset, 0, + "%s", text); + tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data); add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff, hf_index, callback, callback_args); @@ -2099,8 +2107,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /*TOP LEVEL FULL POINTER*/ - if( pointers_are_top_level - && (type==NDR_POINTER_PTR) ){ + if ( pointers_are_top_level + && (type == NDR_POINTER_PTR) ) { int idx; guint64 id; proto_item *item; @@ -2110,7 +2118,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size); /* we got a NULL pointer */ - if(id==0){ + if (id == 0) { proto_tree_add_text(tree, tvb, offset-pointer_size, pointer_size, "(NULL pointer) %s",text); @@ -2118,11 +2126,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /* see if we have seen this pointer before */ - DISSECTOR_ASSERT(id<=G_MAXUINT32); - idx=find_pointer_index((guint32)id); + DISSECTOR_ASSERT(id <= G_MAXUINT32); + idx = find_pointer_index((guint32)id); /* we have seen this pointer before */ - if(idx>=0){ + if (idx >= 0) { proto_tree_add_text(tree, tvb, offset-pointer_size, pointer_size, "(duplicate PTR) %s",text); @@ -2130,10 +2138,10 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /* new pointer */ - item=proto_tree_add_text(tree, tvb, offset-pointer_size, - pointer_size, - "%s", text); - tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data); + item = proto_tree_add_text(tree, tvb, offset-pointer_size, + pointer_size, + "%s", text); + tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data); proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-pointer_size, pointer_size, (guint32)id); add_pointer_to_list(pinfo, tr, item, fnct, (guint32)id, hf_index, @@ -2141,8 +2149,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, goto after_ref_id; } /*TOP LEVEL UNIQUE POINTER*/ - if( pointers_are_top_level - && (type==NDR_POINTER_UNIQUE) ){ + if ( pointers_are_top_level + && (type == NDR_POINTER_UNIQUE) ) { guint64 id; proto_item *item; @@ -2151,7 +2159,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size); /* we got a NULL pointer */ - if(id==0){ + if (id == 0) { proto_tree_add_text(tree, tvb, offset-pointer_size, pointer_size, "(NULL pointer) %s",text); @@ -2159,11 +2167,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /* new pointer */ - DISSECTOR_ASSERT(id<=G_MAXUINT32); - item=proto_tree_add_text(tree, tvb, offset-pointer_size, - pointer_size, - "%s", text); - tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data); + DISSECTOR_ASSERT(id <= G_MAXUINT32); + item = proto_tree_add_text(tree, tvb, offset-pointer_size, + pointer_size, + "%s", text); + tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data); proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-pointer_size, pointer_size, (guint32)id); add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff, @@ -2172,8 +2180,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /*EMBEDDED REFERENCE POINTER*/ - if( (!pointers_are_top_level) - && (type==NDR_POINTER_REF) ){ + if ( (!pointers_are_top_level) + && (type == NDR_POINTER_REF) ) { guint64 id; proto_item *item; @@ -2182,11 +2190,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size); /* new pointer */ - item=proto_tree_add_text(tree, tvb, offset-pointer_size, + item = proto_tree_add_text(tree, tvb, offset-pointer_size, pointer_size, "%s",text); - tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data); - DISSECTOR_ASSERT(id<=G_MAXUINT32); + tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data); + DISSECTOR_ASSERT(id <= G_MAXUINT32); proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-pointer_size, pointer_size, (guint32)id); add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff, @@ -2195,8 +2203,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /*EMBEDDED UNIQUE POINTER*/ - if( (!pointers_are_top_level) - && (type==NDR_POINTER_UNIQUE) ){ + if ( (!pointers_are_top_level) + && (type == NDR_POINTER_UNIQUE) ) { guint64 id; proto_item *item; @@ -2205,7 +2213,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size); /* we got a NULL pointer */ - if(id==0){ + if (id == 0) { proto_tree_add_text(tree, tvb, offset-pointer_size, pointer_size, "(NULL pointer) %s", text); @@ -2213,11 +2221,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /* new pointer */ - item=proto_tree_add_text(tree, tvb, offset-pointer_size, - pointer_size, - "%s",text); - tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data); - DISSECTOR_ASSERT(id<=G_MAXUINT32); + item = proto_tree_add_text(tree, tvb, offset-pointer_size, + pointer_size, + "%s",text); + tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data); + DISSECTOR_ASSERT(id <= G_MAXUINT32); proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-pointer_size, pointer_size, (guint32)id); add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff, @@ -2226,8 +2234,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /*EMBEDDED FULL POINTER*/ - if( (!pointers_are_top_level) - && (type==NDR_POINTER_PTR) ){ + if ( (!pointers_are_top_level) + && (type == NDR_POINTER_PTR) ) { int idx; guint64 id; proto_item *item; @@ -2237,7 +2245,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size); /* we got a NULL pointer */ - if(id==0){ + if (id == 0) { proto_tree_add_text(tree, tvb, offset-pointer_size, pointer_size, "(NULL pointer) %s",text); @@ -2245,11 +2253,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /* see if we have seen this pointer before */ - DISSECTOR_ASSERT(id<=G_MAXUINT32); - idx=find_pointer_index((guint32)id); + DISSECTOR_ASSERT(id <= G_MAXUINT32); + idx = find_pointer_index((guint32)id); /* we have seen this pointer before */ - if(idx>=0){ + if (idx >= 0) { proto_tree_add_text(tree, tvb, offset-pointer_size, pointer_size, "(duplicate PTR) %s",text); @@ -2257,10 +2265,10 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo, } /* new pointer */ - item=proto_tree_add_text(tree, tvb, offset-pointer_size, - pointer_size, - "%s", text); - tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data); + item = proto_tree_add_text(tree, tvb, offset-pointer_size, + pointer_size, + "%s", text); + tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data); proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-pointer_size, pointer_size, (guint32)id); add_pointer_to_list(pinfo, tr, item, fnct, (guint32)id, hf_index, @@ -2273,14 +2281,14 @@ after_ref_id: /* After each top level pointer we have dissected we have to dissect all deferrals before we move on to the next top level argument */ - if(pointers_are_top_level==TRUE){ - pointers_are_top_level=FALSE; + if (pointers_are_top_level == TRUE) { + pointers_are_top_level = FALSE; offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); - pointers_are_top_level=TRUE; + pointers_are_top_level = TRUE; } /* Set the length for the new subtree */ - if (tr){ + if (tr) { proto_item_set_len(tr, offset-start_offset); } return offset; @@ -2302,8 +2310,8 @@ dissect_ndr_toplevel_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo, { int ret; - pointers_are_top_level=TRUE; - ret=dissect_ndr_pointer_cb( + pointers_are_top_level = TRUE; + ret = dissect_ndr_pointer_cb( tvb, offset, pinfo, tree, drep, fnct, type, text, hf_index, NULL, NULL); return ret; @@ -2315,18 +2323,18 @@ dissect_ndr_embedded_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo, { int ret; - pointers_are_top_level=FALSE; - ret=dissect_ndr_pointer_cb( + pointers_are_top_level = FALSE; + ret = dissect_ndr_pointer_cb( tvb, offset, pinfo, tree, drep, fnct, type, text, hf_index, NULL, NULL); return ret; } static void -show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree, - dcerpc_auth_info *auth_info, gboolean is_encrypted) +show_stub_data(tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree, + dcerpc_auth_info *auth_info, gboolean is_encrypted) { - int length, plain_length, auth_pad_len; + int length, plain_length, auth_pad_len; guint auth_pad_offset; /* @@ -2335,9 +2343,9 @@ show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree, * bytes, the reported number of bytes, not the number of bytes * that happen to be in the tvbuff. */ - if (tvb_length_remaining (tvb, offset) > 0) { + if (tvb_length_remaining(tvb, offset) > 0) { auth_pad_len = auth_info?auth_info->auth_pad_len:0; - length = tvb_reported_length_remaining (tvb, offset); + length = tvb_reported_length_remaining(tvb, offset); /* if auth_pad_len is larger than length then we ignore auth_pad_len totally */ plain_length = length - auth_pad_len; @@ -2347,8 +2355,8 @@ show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree, } auth_pad_offset = offset + plain_length; - if (auth_info != NULL && - auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY) { + if ((auth_info != NULL) && + (auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY)) { if (is_encrypted) { tvb_ensure_bytes_exist(tvb, offset, length); proto_tree_add_text(dcerpc_tree, tvb, offset, length, @@ -2364,49 +2372,50 @@ show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree, } } else { tvb_ensure_bytes_exist(tvb, offset, plain_length); - proto_tree_add_text (dcerpc_tree, tvb, offset, plain_length, - "Stub data (%d byte%s)", plain_length, - plurality(plain_length, "", "s")); + proto_tree_add_text(dcerpc_tree, tvb, offset, plain_length, + "Stub data (%d byte%s)", plain_length, + plurality(plain_length, "", "s")); } /* If there is auth padding at the end of the stub, display it */ if (auth_pad_len != 0) { tvb_ensure_bytes_exist(tvb, auth_pad_offset, auth_pad_len); - proto_tree_add_text (dcerpc_tree, tvb, auth_pad_offset, - auth_pad_len, - "Auth Padding (%u byte%s)", - auth_pad_len, - plurality(auth_pad_len, "", "s")); + proto_tree_add_text(dcerpc_tree, tvb, auth_pad_offset, + auth_pad_len, + "Auth Padding (%u byte%s)", + auth_pad_len, + plurality(auth_pad_len, "", "s")); } } } static int -dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, - proto_tree *dcerpc_tree, - tvbuff_t *volatile tvb, tvbuff_t *decrypted_tvb, - guint8 *drep, dcerpc_info *info, - dcerpc_auth_info *auth_info) +dcerpc_try_handoff(packet_info *pinfo, proto_tree *tree, + proto_tree *dcerpc_tree, + tvbuff_t *volatile tvb, tvbuff_t *decrypted_tvb, + guint8 *drep, dcerpc_info *info, + dcerpc_auth_info *auth_info) { - volatile gint offset = 0; - dcerpc_uuid_key key; - dcerpc_uuid_value *sub_proto; - proto_tree *volatile sub_tree = NULL; + volatile gint offset = 0; + dcerpc_uuid_key key; + dcerpc_uuid_value *sub_proto; + proto_tree *volatile sub_tree = NULL; dcerpc_sub_dissector *proc; - const gchar *name = NULL; + const gchar *name = NULL; + const char *volatile saved_proto; + void *volatile saved_private_data; + guint length = 0, reported_length = 0; + tvbuff_t *volatile stub_tvb; + volatile guint auth_pad_len; + volatile int auth_pad_offset; + proto_item *sub_item = NULL; + proto_item *pi, *hidden_item; + dcerpc_dissect_fnct_t *volatile sub_dissect; - const char *volatile saved_proto; - void *volatile saved_private_data; - guint length = 0, reported_length = 0; - tvbuff_t *volatile stub_tvb; - volatile guint auth_pad_len; - volatile int auth_pad_offset; - proto_item *sub_item=NULL; - proto_item *pi, *hidden_item; key.uuid = info->call_data->uuid; key.ver = info->call_data->ver; - if ((sub_proto = g_hash_table_lookup (dcerpc_uuids, &key)) == NULL + if ((sub_proto = g_hash_table_lookup(dcerpc_uuids, &key)) == NULL || !proto_is_protocol_enabled(sub_proto->proto)) { /* * We don't have a dissector for this UUID, or the protocol @@ -2416,14 +2425,14 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, hidden_item = proto_tree_add_boolean(dcerpc_tree, hf_dcerpc_unknown_if_id, tvb, offset, 0, TRUE); PROTO_ITEM_SET_HIDDEN(hidden_item); - col_append_fstr (pinfo->cinfo, COL_INFO, " %s V%u", + col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u", guids_resolve_uuid_to_str(&info->call_data->uuid), info->call_data->ver); if (decrypted_tvb != NULL) { - show_stub_data (decrypted_tvb, 0, dcerpc_tree, auth_info, - FALSE); + show_stub_data(decrypted_tvb, 0, dcerpc_tree, auth_info, + FALSE); } else - show_stub_data (tvb, 0, dcerpc_tree, auth_info, TRUE); + show_stub_data(tvb, 0, dcerpc_tree, auth_info, TRUE); return -1; } @@ -2437,21 +2446,21 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, if (!name) name = "Unknown?!"; - col_set_str (pinfo->cinfo, COL_PROTOCOL, sub_proto->name); + col_set_str(pinfo->cinfo, COL_PROTOCOL, sub_proto->name); - col_add_fstr (pinfo->cinfo, COL_INFO, "%s %s", - name, (info->ptype == PDU_REQ) ? "request" : "response"); + col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s", + name, (info->ptype == PDU_REQ) ? "request" : "response"); sub_dissect = (info->ptype == PDU_REQ) ? proc->dissect_rqst : proc->dissect_resp; if (tree) { - sub_item = proto_tree_add_item (tree, sub_proto->proto_id, - (decrypted_tvb != NULL)?decrypted_tvb:tvb, - 0, -1, ENC_NA); + sub_item = proto_tree_add_item(tree, sub_proto->proto_id, + (decrypted_tvb != NULL)?decrypted_tvb:tvb, + 0, -1, ENC_NA); if (sub_item) { - sub_tree = proto_item_add_subtree (sub_item, sub_proto->ett); + sub_tree = proto_item_add_subtree(sub_item, sub_proto->ett); proto_item_append_text(sub_item, ", %s", name); } @@ -2470,12 +2479,12 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, "Operation: %s (%u)", name, info->call_data->opnum); - if(info->ptype == PDU_REQ && info->call_data->rep_frame!=0) { + if ((info->ptype == PDU_REQ) && (info->call_data->rep_frame != 0)) { pi = proto_tree_add_uint(sub_tree, hf_dcerpc_response_in, tvb, 0, 0, info->call_data->rep_frame); PROTO_ITEM_SET_GENERATED(pi); } - if(info->ptype == PDU_RESP && info->call_data->req_frame!=0) { + if ((info->ptype == PDU_RESP) && (info->call_data->req_frame != 0)) { pi = proto_tree_add_uint(sub_tree, hf_dcerpc_request_in, tvb, 0, 0, info->call_data->req_frame); PROTO_ITEM_SET_GENERATED(pi); @@ -2487,10 +2496,10 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, the encrypted payload. */ if (sub_dissect) { /* We have a subdissector - call it. */ - saved_proto = pinfo->current_proto; - saved_private_data = pinfo->private_data; + saved_proto = pinfo->current_proto; + saved_private_data = pinfo->private_data; pinfo->current_proto = sub_proto->name; - pinfo->private_data = (void *)info; + pinfo->private_data = (void *)info; init_ndr_pointer_list(pinfo); @@ -2500,7 +2509,7 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, /* * Remove the authentication padding from the stub data. */ - if (auth_info != NULL && auth_info->auth_pad_len != 0) { + if ((auth_info != NULL) && (auth_info->auth_pad_len != 0)) { if (reported_length >= auth_info->auth_pad_len) { /* * OK, the padding length isn't so big that it @@ -2560,7 +2569,7 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, TRY { int remaining; - offset = sub_dissect (stub_tvb, 0, pinfo, sub_tree, + offset = sub_dissect(stub_tvb, 0, pinfo, sub_tree, drep); /* If we have a subdissector and it didn't dissect all @@ -2588,34 +2597,34 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, /* If there is auth padding at the end of the stub, display it */ if (auth_pad_len != 0) { tvb_ensure_bytes_exist(tvb, auth_pad_offset, auth_pad_len); - proto_tree_add_text (sub_tree, decrypted_tvb, auth_pad_offset, - auth_pad_len, - "Auth Padding (%u byte%s)", - auth_pad_len, - plurality(auth_pad_len, "", "s")); + proto_tree_add_text(sub_tree, decrypted_tvb, auth_pad_offset, + auth_pad_len, + "Auth Padding (%u byte%s)", + auth_pad_len, + plurality(auth_pad_len, "", "s")); } pinfo->current_proto = saved_proto; - pinfo->private_data = saved_private_data; + pinfo->private_data = saved_private_data; } else { /* No subdissector - show it as stub data. */ - if(decrypted_tvb){ - show_stub_data (decrypted_tvb, 0, sub_tree, auth_info, FALSE); + if (decrypted_tvb) { + show_stub_data(decrypted_tvb, 0, sub_tree, auth_info, FALSE); } else { - show_stub_data (tvb, 0, sub_tree, auth_info, TRUE); + show_stub_data(tvb, 0, sub_tree, auth_info, TRUE); } } } else - show_stub_data (tvb, 0, sub_tree, auth_info, TRUE); + show_stub_data(tvb, 0, sub_tree, auth_info, TRUE); tap_queue_packet(dcerpc_tap, pinfo, info); return 0; } static int -dissect_dcerpc_verifier (tvbuff_t *tvb, packet_info *pinfo, - proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr, - dcerpc_auth_info *auth_info) +dissect_dcerpc_verifier(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr, + dcerpc_auth_info *auth_info) { int auth_offset; @@ -2646,8 +2655,8 @@ dissect_dcerpc_verifier (tvbuff_t *tvb, packet_info *pinfo, } ENDTRY; } else { tvb_ensure_bytes_exist(tvb, 0, hdr->auth_len); - proto_tree_add_text (dcerpc_tree, auth_tvb, 0, hdr->auth_len, - "Auth Verifier"); + proto_tree_add_text(dcerpc_tree, auth_tvb, 0, hdr->auth_len, + "Auth Verifier"); } } @@ -2655,9 +2664,9 @@ dissect_dcerpc_verifier (tvbuff_t *tvb, packet_info *pinfo, } static void -dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo, - proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr, - gboolean are_credentials, dcerpc_auth_info *auth_info) +dissect_dcerpc_cn_auth(tvbuff_t *tvb, int stub_offset, packet_info *pinfo, + proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr, + gboolean are_credentials, dcerpc_auth_info *auth_info) { volatile int offset; @@ -2665,9 +2674,9 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo, * Initially set auth_level and auth_type to zero to indicate that we * haven't yet seen any authentication level information. */ - auth_info->auth_level = 0; - auth_info->auth_type = 0; - auth_info->auth_size = 0; + auth_info->auth_level = 0; + auth_info->auth_type = 0; + auth_info->auth_size = 0; auth_info->auth_pad_len = 0; /* @@ -2683,7 +2692,7 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo, */ if (hdr->auth_len - && (hdr->auth_len + 8 <= hdr->frag_len - stub_offset)) { + && ((hdr->auth_len + 8) <= (hdr->frag_len - stub_offset))) { /* * Yes, there is authentication data, and the length is valid. @@ -2705,20 +2714,20 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo, * dissect after this, such as stub data. */ TRY { - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_auth_type, - &auth_info->auth_type); - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_auth_level, - &auth_info->auth_level); - - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_auth_pad_len, - &auth_info->auth_pad_len); - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_auth_rsrvd, NULL); - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_auth_ctx_id, NULL); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_type, + &auth_info->auth_type); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_level, + &auth_info->auth_level); + + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_pad_len, + &auth_info->auth_pad_len); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_rsrvd, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_ctx_id, NULL); /* * Dissect the authentication data. @@ -2736,7 +2745,7 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo, dissect_auth_verf(auth_tvb, pinfo, dcerpc_tree, auth_fns, hdr, auth_info); else - proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len, + proto_tree_add_text(dcerpc_tree, tvb, offset, hdr->auth_len, "Auth Credentials"); } @@ -2761,9 +2770,9 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo, * as well in the future. */ -guint16 dcerpc_get_transport_salt (packet_info *pinfo) +guint16 dcerpc_get_transport_salt(packet_info *pinfo) { - switch(pinfo->dcetransporttype){ + switch (pinfo->dcetransporttype) { case DCE_CN_TRANSPORT_SMBPIPE: /* DCERPC over smb */ return pinfo->dcetransportsalt; @@ -2778,35 +2787,35 @@ guint16 dcerpc_get_transport_salt (packet_info *pinfo) */ static void -dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) +dissect_dcerpc_cn_bind(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) { - conversation_t *conv = find_or_create_conversation(pinfo); - guint8 num_ctx_items = 0; - guint i; - guint16 ctx_id; - guint8 num_trans_items; - guint j; - e_uuid_t if_id; - e_uuid_t trans_id; - guint32 trans_ver; - guint16 if_ver, if_ver_minor; - dcerpc_auth_info auth_info; - char *uuid_str; - const char *uuid_name = NULL; - proto_item *iface_item = NULL; - - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_max_xmit, NULL); - - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_max_recv, NULL); - - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_assoc_group, NULL); - - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_num_ctx_items, &num_ctx_items); + conversation_t *conv = find_or_create_conversation(pinfo); + guint8 num_ctx_items = 0; + guint i; + guint16 ctx_id; + guint8 num_trans_items; + guint j; + e_uuid_t if_id; + e_uuid_t trans_id; + guint32 trans_ver; + guint16 if_ver, if_ver_minor; + dcerpc_auth_info auth_info; + char *uuid_str; + const char *uuid_name = NULL; + proto_item *iface_item = NULL; + + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_max_xmit, NULL); + + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_max_recv, NULL); + + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_assoc_group, NULL); + + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_num_ctx_items, &num_ctx_items); /* padding */ offset += 3; @@ -2818,8 +2827,8 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *ctx_tree = NULL, *iface_tree = NULL; gint ctx_offset = offset; - dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep, - hf_dcerpc_cn_ctx_id, &ctx_id); + dissect_dcerpc_uint16(tvb, offset, pinfo, NULL, hdr->drep, + hf_dcerpc_cn_ctx_id, &ctx_id); /* save context ID for use with dcerpc_add_conv_to_bind_table() */ /* (if we have multiple contexts, this might cause "decode as" @@ -2833,19 +2842,19 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, ctx_tree = proto_item_add_subtree(ctx_item, ett_dcerpc_cn_ctx); } - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, ctx_tree, hdr->drep, - hf_dcerpc_cn_ctx_id, &ctx_id); - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, ctx_tree, hdr->drep, - hf_dcerpc_cn_num_trans_items, &num_trans_items); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree, hdr->drep, + hf_dcerpc_cn_ctx_id, &ctx_id); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, ctx_tree, hdr->drep, + hf_dcerpc_cn_num_trans_items, &num_trans_items); - if(dcerpc_tree) { + if (dcerpc_tree) { proto_item_append_text(ctx_item, "[%u]: ID:%u", i+1, ctx_id); } /* padding */ offset += 1; - dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &if_id); + dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &if_id); if (ctx_tree) { iface_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_abstract_syntax, tvb, offset, 0, ENC_NA); @@ -2853,28 +2862,28 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, uuid_str = guid_to_str((e_guid_t*)&if_id); uuid_name = guids_get_uuid_name(&if_id); - if(uuid_name) { - proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb, - offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str); + if (uuid_name) { + proto_tree_add_guid_format(iface_tree, hf_dcerpc_cn_bind_if_id, tvb, + offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str); proto_item_append_text(iface_item, ": %s", uuid_name); } else { - proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb, - offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str); + proto_tree_add_guid_format(iface_tree, hf_dcerpc_cn_bind_if_id, tvb, + offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str); proto_item_append_text(iface_item, ": %s", uuid_str); } } offset += 16; if (hdr->drep[0] & DREP_LITTLE_ENDIAN) { - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, iface_tree, hdr->drep, - hf_dcerpc_cn_bind_if_ver, &if_ver); - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, iface_tree, hdr->drep, - hf_dcerpc_cn_bind_if_ver_minor, &if_ver_minor); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, iface_tree, hdr->drep, + hf_dcerpc_cn_bind_if_ver, &if_ver); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, iface_tree, hdr->drep, + hf_dcerpc_cn_bind_if_ver_minor, &if_ver_minor); } else { - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, iface_tree, hdr->drep, - hf_dcerpc_cn_bind_if_ver_minor, &if_ver_minor); - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, iface_tree, hdr->drep, - hf_dcerpc_cn_bind_if_ver, &if_ver); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, iface_tree, hdr->drep, + hf_dcerpc_cn_bind_if_ver_minor, &if_ver_minor); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, iface_tree, hdr->drep, + hf_dcerpc_cn_bind_if_ver, &if_ver); } if (ctx_tree) { @@ -2887,7 +2896,7 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *trans_tree = NULL; proto_item *trans_item = NULL; - dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id); + dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &trans_id); if (ctx_tree) { trans_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_trans_syntax, tvb, offset, 0, ENC_NA); @@ -2896,56 +2905,57 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, uuid_str = guid_to_str((e_guid_t *) &trans_id); uuid_name = guids_get_uuid_name(&trans_id); - if(uuid_name) { - proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, - offset, 16, (e_guid_t *) &trans_id, "Transport Syntax: %s UUID:%s", uuid_name, uuid_str); + if (uuid_name) { + proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, + offset, 16, (e_guid_t *) &trans_id, + "Transport Syntax: %s UUID:%s", uuid_name, uuid_str); proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_name); } else { - proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, - offset, 16, (e_guid_t *) &trans_id, "Transport Syntax: %s", uuid_str); + proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, + offset, 16, (e_guid_t *) &trans_id, "Transport Syntax: %s", uuid_str); proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str); } } offset += 16; - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, trans_tree, hdr->drep, - hf_dcerpc_cn_bind_trans_ver, &trans_ver); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, trans_tree, hdr->drep, + hf_dcerpc_cn_bind_trans_ver, &trans_ver); if (ctx_tree) { proto_item_set_len(trans_item, 20); proto_item_append_text(trans_item, " V%u", trans_ver); } } - /* if this is the first time we see this packet, we need to + /* if this is the first time we've seen this packet, we need to update the dcerpc_binds table so that any later calls can match to the interface. XXX We assume that BINDs will NEVER be fragmented. */ - if(!(pinfo->fd->flags.visited)){ - dcerpc_bind_key *key; + if (!(pinfo->fd->flags.visited)) { + dcerpc_bind_key *key; dcerpc_bind_value *value; - key = se_alloc (sizeof (dcerpc_bind_key)); + key = se_alloc(sizeof (dcerpc_bind_key)); key->conv = conv; key->ctx_id = ctx_id; key->smb_fid = dcerpc_get_transport_salt(pinfo); - value = se_alloc (sizeof (dcerpc_bind_value)); + value = se_alloc(sizeof (dcerpc_bind_value)); value->uuid = if_id; value->ver = if_ver; - value->transport=trans_id; + value->transport = trans_id; /* add this entry to the bind table */ - g_hash_table_insert (dcerpc_binds, key, value); + g_hash_table_insert(dcerpc_binds, key, value); } - if (i > 0) - col_append_fstr(pinfo->cinfo, COL_INFO, ","); - col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u.%u (%s)", - guids_resolve_uuid_to_str(&if_id), if_ver, if_ver_minor, - guids_resolve_uuid_to_str(&trans_id)); + if (i > 0) + col_append_fstr(pinfo->cinfo, COL_INFO, ","); + col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u.%u (%s)", + guids_resolve_uuid_to_str(&if_id), if_ver, if_ver_minor, + guids_resolve_uuid_to_str(&trans_id)); - if(ctx_tree) { + if (ctx_tree) { proto_item_set_len(ctx_item, offset - ctx_offset); } } @@ -2955,39 +2965,39 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, * an authentication header, and associate it with an authentication * context, so subsequent PDUs can use that context. */ - dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, &auth_info); + dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, &auth_info); } static void -dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) +dissect_dcerpc_cn_bind_ack(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) { - guint16 max_xmit, max_recv; - guint16 sec_addr_len; - guint8 num_results; - guint i; - guint16 result = 0; - guint16 reason = 0; - e_uuid_t trans_id; - guint32 trans_ver; - dcerpc_auth_info auth_info; - const char *uuid_name = NULL; - - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_max_xmit, &max_xmit); - - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_max_recv, &max_recv); - - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_assoc_group, NULL); - - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_sec_addr_len, &sec_addr_len); + guint16 max_xmit, max_recv; + guint16 sec_addr_len; + guint8 num_results; + guint i; + guint16 result = 0; + guint16 reason = 0; + e_uuid_t trans_id; + guint32 trans_ver; + dcerpc_auth_info auth_info; + const char *uuid_name = NULL; + + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_max_xmit, &max_xmit); + + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_max_recv, &max_recv); + + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_assoc_group, NULL); + + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_sec_addr_len, &sec_addr_len); if (sec_addr_len != 0) { tvb_ensure_bytes_exist(tvb, offset, sec_addr_len); - proto_tree_add_item (dcerpc_tree, hf_dcerpc_cn_sec_addr, tvb, offset, - sec_addr_len, ENC_ASCII|ENC_NA); + proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_sec_addr, tvb, offset, + sec_addr_len, ENC_ASCII|ENC_NA); offset += sec_addr_len; } @@ -2995,31 +3005,31 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo, offset += 4 - offset % 4; } - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_num_results, &num_results); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_num_results, &num_results); /* padding */ offset += 3; col_append_fstr(pinfo->cinfo, COL_INFO, ", max_xmit: %u max_recv: %u, %u results:", - max_xmit, max_recv, num_results); + max_xmit, max_recv, num_results); for (i = 0; i < num_results; i++) { proto_tree *ctx_tree = NULL; - if(dcerpc_tree){ + if (dcerpc_tree) { proto_item *ctx_item; ctx_item = proto_tree_add_text(dcerpc_tree, tvb, offset, 24, "Context ID[%u]", i+1); ctx_tree = proto_item_add_subtree(ctx_item, ett_dcerpc_cn_ctx); } - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, ctx_tree, - hdr->drep, hf_dcerpc_cn_ack_result, - &result); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree, + hdr->drep, hf_dcerpc_cn_ack_result, + &result); if (result != 0) { - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, ctx_tree, - hdr->drep, hf_dcerpc_cn_ack_reason, - &reason); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree, + hdr->drep, hf_dcerpc_cn_ack_reason, + &reason); } else { /* * The reason for rejection isn't meaningful, and often isn't @@ -3028,59 +3038,59 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo, offset += 2; } - dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id); + dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &trans_id); uuid_name = guids_get_uuid_name(&trans_id); if (ctx_tree) { - proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb, - offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", - uuid_name?uuid_name:guid_to_str((e_guid_t *) &trans_id)); + proto_tree_add_guid_format(ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb, + offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", + uuid_name?uuid_name:guid_to_str((e_guid_t *) &trans_id)); } offset += 16; - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, ctx_tree, hdr->drep, - hf_dcerpc_cn_ack_trans_ver, &trans_ver); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, ctx_tree, hdr->drep, + hf_dcerpc_cn_ack_trans_ver, &trans_ver); - if (i > 0) - col_append_fstr(pinfo->cinfo, COL_INFO, ","); - col_append_fstr(pinfo->cinfo, COL_INFO, " %s", - val_to_str(result, p_cont_result_vals, "Unknown result (%u)")); + if (i > 0) + col_append_fstr(pinfo->cinfo, COL_INFO, ","); + col_append_fstr(pinfo->cinfo, COL_INFO, " %s", + val_to_str(result, p_cont_result_vals, "Unknown result (%u)")); } /* * XXX - do we need to do anything with the authentication level * we get back from this? */ - dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, &auth_info); + dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, &auth_info); } static void -dissect_dcerpc_cn_bind_nak (tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) +dissect_dcerpc_cn_bind_nak(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) { guint16 reason; - guint8 num_protocols; - guint i; + guint8 num_protocols; + guint i; - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_cn_reject_reason, - &reason); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_cn_reject_reason, + &reason); - col_append_fstr (pinfo->cinfo, COL_INFO, " reason: %s", - val_to_str(reason, reject_reason_vals, "Unknown (%u)")); + col_append_fstr(pinfo->cinfo, COL_INFO, " reason: %s", + val_to_str(reason, reject_reason_vals, "Unknown (%u)")); if (reason == PROTOCOL_VERSION_NOT_SUPPORTED) { - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_num_protocols, - &num_protocols); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_num_protocols, + &num_protocols); for (i = 0; i < num_protocols; i++) { - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_cn_protocol_ver_major, - NULL); - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_cn_protocol_ver_minor, - NULL); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_cn_protocol_ver_major, + NULL); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_cn_protocol_ver_minor, + NULL); } } } @@ -3094,10 +3104,10 @@ static const char * fragment_type(guint8 flags) { static const char* t[4] = { - "Mid", - "1st", - "Last", - "Single" + "Mid", + "1st", + "Last", + "Single" }; return t[flags & PFC_FRAG_MASK]; } @@ -3105,15 +3115,15 @@ fragment_type(guint8 flags) /* Dissect stub data (payload) of a DCERPC packet. */ static void -dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, proto_tree *tree, - e_dce_cn_common_hdr_t *hdr, dcerpc_info *di, - dcerpc_auth_info *auth_info, guint32 alloc_hint _U_, - guint32 frame) +dissect_dcerpc_cn_stub(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, proto_tree *tree, + e_dce_cn_common_hdr_t *hdr, dcerpc_info *di, + dcerpc_auth_info *auth_info, guint32 alloc_hint _U_, + guint32 frame) { - gint length, reported_length; - gboolean save_fragmented; - fragment_data *fd_head=NULL; + gint length, reported_length; + gboolean save_fragmented; + fragment_data *fd_head = NULL; tvbuff_t *auth_tvb, *payload_tvb, *decrypted_tvb; proto_item *pi; @@ -3135,13 +3145,13 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, length = reported_length; payload_tvb = tvb_new_subset(tvb, offset, length, reported_length); - auth_tvb=NULL; + auth_tvb = NULL; /*don't bother if we don't have the entire tvb */ /*XXX we should really make sure we calculate auth_info->auth_data and use that one instead of this auth_tvb hack */ - if(tvb_length(tvb)==tvb_reported_length(tvb)){ - if(tvb_length_remaining(tvb, offset+length)>8){ + if (tvb_length(tvb) == tvb_reported_length(tvb)) { + if (tvb_length_remaining(tvb, offset+length) > 8) { auth_tvb = tvb_new_subset_remaining(tvb, offset+length+8); } } @@ -3149,7 +3159,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, /* Decrypt the PDU if it is encrypted */ if (auth_info->auth_type && - auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY) { + (auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY)) { /* * We know the authentication type, and the authentication * level is "Packet privacy", meaning the payload is @@ -3163,7 +3173,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, * so we call it in order to have a chance to decipher the data */ if (DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN == auth_info->auth_type) { - dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, auth_info); + dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, auth_info); } if ((auth_fns = get_auth_subdissector_fns( @@ -3194,7 +3204,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, decrypted_tvb = payload_tvb; /* if this packet is not fragmented, just dissect it and exit */ - if(PFC_NOT_FRAGMENTED(hdr)){ + if (PFC_NOT_FRAGMENTED(hdr)) { pinfo->fragmented = FALSE; dcerpc_try_handoff( @@ -3218,14 +3228,14 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, XXX - if we're not doing reassembly, can we decrypt an encrypted stub? */ - if( (!dcerpc_reassemble) && hdr->flags&PFC_FIRST_FRAG ){ + if ( (!dcerpc_reassemble) && (hdr->flags & PFC_FIRST_FRAG) ) { dcerpc_try_handoff( pinfo, tree, dcerpc_tree, payload_tvb, decrypted_tvb, hdr->drep, di, auth_info); - expert_add_info_format(pinfo, NULL, PI_REASSEMBLE, PI_CHAT, - "%s fragment", fragment_type(hdr->flags)); + expert_add_info_format(pinfo, NULL, PI_REASSEMBLE, PI_CHAT, + "%s fragment", fragment_type(hdr->flags)); pinfo->fragmented = save_fragmented; return; @@ -3235,8 +3245,8 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, and if so dissect the full pdu. then exit */ - if(pinfo->fd->flags.visited){ - fd_head=fragment_get_reassembled(frame, dcerpc_co_reassemble_table); + if (pinfo->fd->flags.visited) { + fd_head = fragment_get_reassembled(frame, dcerpc_co_reassemble_table); goto end_cn_stub; } @@ -3244,13 +3254,13 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, nor the first fragment then there is nothing more we can do so we just have to exit */ - if( !dcerpc_reassemble || (tvb_length(tvb)!=tvb_reported_length(tvb)) ) + if ( !dcerpc_reassemble || (tvb_length(tvb) != tvb_reported_length(tvb)) ) goto end_cn_stub; /* if we didn't get 'frame' we don't know where the PDU started and thus it is pointless to continue */ - if(!frame) + if (!frame) goto end_cn_stub; /* from now on we must attempt to reassemble the PDU @@ -3284,9 +3294,9 @@ end_cn_stub: * (multiple fragments in one PDU are possible!) * dissect the full PDU */ - if(fd_head && (fd_head->flags&FD_DEFRAGMENTED) ){ + if (fd_head && (fd_head->flags & FD_DEFRAGMENTED) ) { - if(pinfo->fd->num==fd_head->reassembled_in && (hdr->flags&PFC_LAST_FRAG) ){ + if ((pinfo->fd->num == fd_head->reassembled_in) && (hdr->flags & PFC_LAST_FRAG) ) { tvbuff_t *next_tvb; proto_item *frag_tree_item; @@ -3299,7 +3309,7 @@ end_cn_stub: /* the toplevel fragment subtree is now behind all desegmented data, * move it right behind the DCE/RPC tree */ dcerpc_tree_item = proto_tree_get_parent(dcerpc_tree); - if(frag_tree_item && dcerpc_tree_item) { + if (frag_tree_item && dcerpc_tree_item) { proto_tree_move_item(tree, dcerpc_tree_item, frag_tree_item); } @@ -3309,11 +3319,11 @@ end_cn_stub: "%s fragment, reassembled", fragment_type(hdr->flags)); - dcerpc_try_handoff (pinfo, tree, dcerpc_tree, next_tvb, - next_tvb, hdr->drep, di, auth_info); + dcerpc_try_handoff(pinfo, tree, dcerpc_tree, next_tvb, + next_tvb, hdr->drep, di, auth_info); } else { - if(decrypted_tvb){ + if (decrypted_tvb) { pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_reassembled_in, decrypted_tvb, 0, 0, fd_head->reassembled_in); } else { @@ -3322,7 +3332,7 @@ end_cn_stub: } PROTO_ITEM_SET_GENERATED(pi); parent_pi = proto_tree_get_parent(dcerpc_tree); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, ", [Reas: #%u]", fd_head->reassembled_in); } col_append_fstr(pinfo->cinfo, COL_INFO, @@ -3336,10 +3346,10 @@ end_cn_stub: expert_add_info_format(pinfo, NULL, PI_REASSEMBLE, PI_CHAT, "%s fragment", fragment_type(hdr->flags)); - if(decrypted_tvb){ - show_stub_data (decrypted_tvb, 0, tree, auth_info, FALSE); + if (decrypted_tvb) { + show_stub_data(decrypted_tvb, 0, tree, auth_info, FALSE); } else { - show_stub_data (payload_tvb, 0, tree, auth_info, TRUE); + show_stub_data(payload_tvb, 0, tree, auth_info, TRUE); } } @@ -3359,10 +3369,10 @@ struct _dcerpc_bind_value * dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding) { dcerpc_bind_value *bind_value; - dcerpc_bind_key *key; - conversation_t *conv; + dcerpc_bind_key *key; + conversation_t *conv; - conv = find_conversation ( + conv = find_conversation( 0, &binding->addr_a, &binding->addr_b, @@ -3372,7 +3382,7 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding) 0); if (!conv) { - conv = conversation_new ( + conv = conversation_new( 0, &binding->addr_a, &binding->addr_b, @@ -3382,14 +3392,14 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding) 0); } - bind_value = se_alloc (sizeof (dcerpc_bind_value)); + bind_value = se_alloc(sizeof (dcerpc_bind_value)); bind_value->uuid = binding->uuid; bind_value->ver = binding->ver; /* For now, assume all DCE/RPC we pick from "decode as" is using standard ndr and not ndr64. We should make this selectable from the dialog in the future */ - bind_value->transport=uuid_data_repr_proto; + bind_value->transport = uuid_data_repr_proto; key = se_alloc(sizeof (dcerpc_bind_key)); key->conv = conv; @@ -3404,44 +3414,44 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding) } static void -dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *dcerpc_tree, proto_tree *tree, - e_dce_cn_common_hdr_t *hdr) +dissect_dcerpc_cn_rqst(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *dcerpc_tree, proto_tree *tree, + e_dce_cn_common_hdr_t *hdr) { - conversation_t *conv; - guint16 ctx_id; - guint16 opnum; - e_uuid_t obj_id = DCERPC_UUID_NULL; - dcerpc_auth_info auth_info; - guint32 alloc_hint; - proto_item *pi; - proto_item *parent_pi; - - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_alloc_hint, &alloc_hint); - - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_ctx_id, &ctx_id); + conversation_t *conv; + guint16 ctx_id; + guint16 opnum; + e_uuid_t obj_id = DCERPC_UUID_NULL; + dcerpc_auth_info auth_info; + guint32 alloc_hint; + proto_item *pi; + proto_item *parent_pi; + + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_alloc_hint, &alloc_hint); + + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_ctx_id, &ctx_id); parent_pi = proto_tree_get_parent(dcerpc_tree); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, " Ctx: %u", ctx_id); } - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_opnum, &opnum); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_opnum, &opnum); /* save context ID for use with dcerpc_add_conv_to_bind_table() */ pinfo->dcectxid = ctx_id; - col_append_fstr (pinfo->cinfo, COL_INFO, " opnum: %u ctx_id: %u", - opnum, ctx_id); + col_append_fstr(pinfo->cinfo, COL_INFO, " opnum: %u ctx_id: %u", + opnum, ctx_id); if (hdr->flags & PFC_OBJECT_UUID) { - dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id); + dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &obj_id); if (dcerpc_tree) { - proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, - offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s", - guid_to_str((e_guid_t *) &obj_id)); + proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_obj_id, tvb, + offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s", + guid_to_str((e_guid_t *) &obj_id)); } offset += 16; } @@ -3450,12 +3460,12 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, * XXX - what if this was set when the connection was set up, * and we just have a security context? */ - dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info); + dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info); - conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, - pinfo->srcport, pinfo->destport, 0); + conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); if (!conv) - show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE); + show_stub_data(tvb, offset, dcerpc_tree, &auth_info, TRUE); else { dcerpc_matched_key matched_key, *new_matched_key; dcerpc_call_value *value; @@ -3468,26 +3478,26 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, matched_key.frame = pinfo->fd->num; matched_key.call_id = hdr->call_id; value = g_hash_table_lookup(dcerpc_matched, &matched_key); - if(!value){ + if (!value) { dcerpc_bind_key bind_key; dcerpc_bind_value *bind_value; - bind_key.conv=conv; - bind_key.ctx_id=ctx_id; - bind_key.smb_fid=dcerpc_get_transport_salt(pinfo); + bind_key.conv = conv; + bind_key.ctx_id = ctx_id; + bind_key.smb_fid = dcerpc_get_transport_salt(pinfo); - if((bind_value=g_hash_table_lookup(dcerpc_binds, &bind_key)) ){ - if(!(hdr->flags&PFC_FIRST_FRAG)){ + if ((bind_value = g_hash_table_lookup(dcerpc_binds, &bind_key)) ) { + if (!(hdr->flags&PFC_FIRST_FRAG)) { dcerpc_cn_call_key call_key; dcerpc_call_value *call_value; - call_key.conv=conv; - call_key.call_id=hdr->call_id; - call_key.smb_fid=dcerpc_get_transport_salt(pinfo); - if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){ + call_key.conv = conv; + call_key.call_id = hdr->call_id; + call_key.smb_fid = dcerpc_get_transport_salt(pinfo); + if ((call_value = g_hash_table_lookup(dcerpc_cn_calls, &call_key))) { new_matched_key = se_alloc(sizeof (dcerpc_matched_key)); *new_matched_key = matched_key; - g_hash_table_insert (dcerpc_matched, new_matched_key, call_value); + g_hash_table_insert(dcerpc_matched, new_matched_key, call_value); value = call_value; } } else { @@ -3499,26 +3509,26 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, the call to both the call table and the matched table */ - call_key=se_alloc (sizeof (dcerpc_cn_call_key)); - call_key->conv=conv; - call_key->call_id=hdr->call_id; - call_key->smb_fid=dcerpc_get_transport_salt(pinfo); + call_key = se_alloc(sizeof (dcerpc_cn_call_key)); + call_key->conv = conv; + call_key->call_id = hdr->call_id; + call_key->smb_fid = dcerpc_get_transport_salt(pinfo); /* if there is already a matching call in the table remove it so it is replaced with the new one */ - if(g_hash_table_lookup(dcerpc_cn_calls, call_key)){ + if (g_hash_table_lookup(dcerpc_cn_calls, call_key)) { g_hash_table_remove(dcerpc_cn_calls, call_key); } - call_value=se_alloc (sizeof (dcerpc_call_value)); + call_value = se_alloc(sizeof (dcerpc_call_value)); call_value->uuid = bind_value->uuid; call_value->ver = bind_value->ver; call_value->object_uuid = obj_id; call_value->opnum = opnum; - call_value->req_frame=pinfo->fd->num; - call_value->req_time=pinfo->fd->abs_ts; - call_value->rep_frame=0; - call_value->max_ptr=0; + call_value->req_frame = pinfo->fd->num; + call_value->req_time = pinfo->fd->abs_ts; + call_value->rep_frame = 0; + call_value->max_ptr = 0; call_value->se_data = NULL; call_value->private_data = NULL; call_value->pol = NULL; @@ -3527,11 +3537,11 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, call_value->flags |= DCERPC_IS_NDR64; } - g_hash_table_insert (dcerpc_cn_calls, call_key, call_value); + g_hash_table_insert(dcerpc_cn_calls, call_key, call_value); new_matched_key = se_alloc(sizeof (dcerpc_matched_key)); *new_matched_key = matched_key; - g_hash_table_insert (dcerpc_matched, new_matched_key, call_value); + g_hash_table_insert(dcerpc_matched, new_matched_key, call_value); value = call_value; } } @@ -3540,7 +3550,7 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, if (value) { dcerpc_info *di; - di=get_next_di(); + di = get_next_di(); /* handoff this call */ di->conv = conv; di->call_id = hdr->call_id; @@ -3549,16 +3559,16 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, di->call_data = value; di->hf_index = -1; - if(value->rep_frame!=0){ + if (value->rep_frame != 0) { pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_response_in, tvb, 0, 0, value->rep_frame); PROTO_ITEM_SET_GENERATED(pi); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, ", [Resp: #%u]", value->rep_frame); } } - dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree, + dissect_dcerpc_cn_stub(tvb, offset, pinfo, dcerpc_tree, tree, hdr, di, &auth_info, alloc_hint, value->req_frame); } else { @@ -3567,46 +3577,46 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, PROTO_ITEM_SET_GENERATED(pi); expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "No bind info for interface Context ID:%u", ctx_id); - show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE); + show_stub_data(tvb, offset, dcerpc_tree, &auth_info, TRUE); } } /* Dissect the verifier */ - dissect_dcerpc_verifier (tvb, pinfo, dcerpc_tree, hdr, &auth_info); + dissect_dcerpc_verifier(tvb, pinfo, dcerpc_tree, hdr, &auth_info); } static void -dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *dcerpc_tree, proto_tree *tree, - e_dce_cn_common_hdr_t *hdr) +dissect_dcerpc_cn_resp(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *dcerpc_tree, proto_tree *tree, + e_dce_cn_common_hdr_t *hdr) { - dcerpc_call_value *value = NULL; - conversation_t *conv; - guint16 ctx_id; - dcerpc_auth_info auth_info; - guint32 alloc_hint; - proto_item *pi; - proto_item *parent_pi; - e_uuid_t obj_id_null = DCERPC_UUID_NULL; - - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_alloc_hint, &alloc_hint); - - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_ctx_id, &ctx_id); + dcerpc_call_value *value = NULL; + conversation_t *conv; + guint16 ctx_id; + dcerpc_auth_info auth_info; + guint32 alloc_hint; + proto_item *pi; + proto_item *parent_pi; + e_uuid_t obj_id_null = DCERPC_UUID_NULL; + + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_alloc_hint, &alloc_hint); + + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_ctx_id, &ctx_id); parent_pi = proto_tree_get_parent(dcerpc_tree); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, " Ctx: %u", ctx_id); } /* save context ID for use with dcerpc_add_conv_to_bind_table() */ pinfo->dcectxid = ctx_id; - col_append_fstr (pinfo->cinfo, COL_INFO, " ctx_id: %u", ctx_id); + col_append_fstr(pinfo->cinfo, COL_INFO, " ctx_id: %u", ctx_id); - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_cancel_count, NULL); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_cancel_count, NULL); /* padding */ offset++; @@ -3614,14 +3624,14 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, * XXX - what if this was set when the connection was set up, * and we just have a security context? */ - dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info); + dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info); - conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, - pinfo->srcport, pinfo->destport, 0); + conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); if (!conv) { /* no point in creating one here, really */ - show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE); + show_stub_data(tvb, offset, dcerpc_tree, &auth_info, TRUE); } else { dcerpc_matched_key matched_key, *new_matched_key; @@ -3632,25 +3642,25 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, */ matched_key.frame = pinfo->fd->num; matched_key.call_id = hdr->call_id; - value=g_hash_table_lookup(dcerpc_matched, &matched_key); - if(!value){ + value = g_hash_table_lookup(dcerpc_matched, &matched_key); + if (!value) { dcerpc_cn_call_key call_key; dcerpc_call_value *call_value; - call_key.conv=conv; - call_key.call_id=hdr->call_id; - call_key.smb_fid=dcerpc_get_transport_salt(pinfo); + call_key.conv = conv; + call_key.call_id = hdr->call_id; + call_key.smb_fid = dcerpc_get_transport_salt(pinfo); - if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){ + if ((call_value = g_hash_table_lookup(dcerpc_cn_calls, &call_key))) { /* extra sanity check, only match them if the reply came after the request */ - if(call_value->req_frame<pinfo->fd->num){ + if (call_value->req_frame<pinfo->fd->num) { new_matched_key = se_alloc(sizeof (dcerpc_matched_key)); *new_matched_key = matched_key; - g_hash_table_insert (dcerpc_matched, new_matched_key, call_value); + g_hash_table_insert(dcerpc_matched, new_matched_key, call_value); value = call_value; - if(call_value->rep_frame==0){ - call_value->rep_frame=pinfo->fd->num; + if (call_value->rep_frame == 0) { + call_value->rep_frame = pinfo->fd->num; } } } @@ -3659,7 +3669,7 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, if (value) { dcerpc_info *di; - di=get_next_di(); + di = get_next_di(); /* handoff this call */ di->conv = conv; di->call_id = hdr->call_id; @@ -3667,23 +3677,23 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, di->ptype = PDU_RESP; di->call_data = value; - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum); /* (optional) "Object UUID" from request */ - if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) { - pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, - offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s", - guid_to_str((e_guid_t *) &value->object_uuid)); + if (value && dcerpc_tree && (memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0)) { + pi = proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_obj_id, tvb, + offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s", + guid_to_str((e_guid_t *) &value->object_uuid)); PROTO_ITEM_SET_GENERATED(pi); } /* request in */ - if(value->req_frame!=0){ + if (value->req_frame != 0) { nstime_t delta_ts; pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_request_in, tvb, 0, 0, value->req_frame); PROTO_ITEM_SET_GENERATED(pi); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, ", [Req: #%u]", value->req_frame); } nstime_delta(&delta_ts, &pinfo->fd->abs_ts, &value->req_time); @@ -3696,54 +3706,56 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, "No request to this DCE/RPC call found"); } - dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree, - hdr, di, &auth_info, alloc_hint, - value->rep_frame); + dissect_dcerpc_cn_stub(tvb, offset, pinfo, dcerpc_tree, tree, + hdr, di, &auth_info, alloc_hint, + value->rep_frame); } else { /* no bind information, simply show stub data */ pi = proto_tree_add_text(dcerpc_tree, tvb, offset, 0, "No bind info for this interface Context ID - capture start too late?"); PROTO_ITEM_SET_GENERATED(pi); expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "No bind info for interface Context ID:%u", ctx_id); - show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE); + show_stub_data(tvb, offset, dcerpc_tree, &auth_info, TRUE); } } /* Dissect the verifier */ - dissect_dcerpc_verifier (tvb, pinfo, dcerpc_tree, hdr, &auth_info); + dissect_dcerpc_verifier(tvb, pinfo, dcerpc_tree, hdr, &auth_info); } static void -dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) +dissect_dcerpc_cn_fault(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) { dcerpc_call_value *value = NULL; - conversation_t *conv; - guint16 ctx_id; - guint32 status; - guint32 alloc_hint; - dcerpc_auth_info auth_info; - proto_item *pi = NULL; + conversation_t *conv; + guint16 ctx_id; + guint32 status; + guint32 alloc_hint; + dcerpc_auth_info auth_info; + proto_item *pi = NULL; - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_alloc_hint, &alloc_hint); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_alloc_hint, &alloc_hint); - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_ctx_id, &ctx_id); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_ctx_id, &ctx_id); - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_cancel_count, NULL); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_cancel_count, NULL); /* padding */ offset++; - /*offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_status, &status);*/ +#if 0 + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_status, &status); +#endif status = ((hdr->drep[0] & DREP_LITTLE_ENDIAN) - ? tvb_get_letohl (tvb, offset) - : tvb_get_ntohl (tvb, offset)); + ? tvb_get_letohl(tvb, offset) + : tvb_get_ntohl(tvb, offset)); if (dcerpc_tree) { - pi = proto_tree_add_item (dcerpc_tree, hf_dcerpc_cn_status, tvb, offset, 4, DREP_ENC_INTEGER(hdr->drep)); + pi = proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_status, tvb, offset, 4, DREP_ENC_INTEGER(hdr->drep)); } offset+=4; @@ -3753,10 +3765,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, /* save context ID for use with dcerpc_add_conv_to_bind_table() */ pinfo->dcectxid = ctx_id; - col_append_fstr (pinfo->cinfo, COL_INFO, - " ctx_id: %u status: %s", ctx_id, - val_to_str(status, reject_status_vals, - "Unknown (0x%08x)")); + col_append_fstr(pinfo->cinfo, COL_INFO, + " ctx_id: %u status: %s", ctx_id, + val_to_str(status, reject_status_vals, + "Unknown (0x%08x)")); /* padding */ offset += 4; @@ -3765,10 +3777,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, * XXX - what if this was set when the connection was set up, * and we just have a security context? */ - dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info); + dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info); - conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, - pinfo->srcport, pinfo->destport, 0); + conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); if (!conv) { /* no point in creating one here, really */ } else { @@ -3781,23 +3793,23 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, */ matched_key.frame = pinfo->fd->num; matched_key.call_id = hdr->call_id; - value=g_hash_table_lookup(dcerpc_matched, &matched_key); - if(!value){ + value = g_hash_table_lookup(dcerpc_matched, &matched_key); + if (!value) { dcerpc_cn_call_key call_key; dcerpc_call_value *call_value; - call_key.conv=conv; - call_key.call_id=hdr->call_id; - call_key.smb_fid=dcerpc_get_transport_salt(pinfo); + call_key.conv = conv; + call_key.call_id = hdr->call_id; + call_key.smb_fid = dcerpc_get_transport_salt(pinfo); - if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){ + if ((call_value = g_hash_table_lookup(dcerpc_cn_calls, &call_key))) { new_matched_key = se_alloc(sizeof (dcerpc_matched_key)); *new_matched_key = matched_key; - g_hash_table_insert (dcerpc_matched, new_matched_key, call_value); + g_hash_table_insert(dcerpc_matched, new_matched_key, call_value); value = call_value; - if(call_value->rep_frame==0){ - call_value->rep_frame=pinfo->fd->num; + if (call_value->rep_frame == 0) { + call_value->rep_frame = pinfo->fd->num; } } @@ -3808,7 +3820,7 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, dcerpc_info *di; proto_item *parent_pi; - di=get_next_di(); + di = get_next_di(); /* handoff this call */ di->conv = conv; di->call_id = hdr->call_id; @@ -3816,14 +3828,14 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, di->ptype = PDU_FAULT; di->call_data = value; - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum); - if(value->req_frame!=0){ + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum); + if (value->req_frame != 0) { nstime_t delta_ts; pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_request_in, tvb, 0, 0, value->req_frame); PROTO_ITEM_SET_GENERATED(pi); parent_pi = proto_tree_get_parent(dcerpc_tree); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, ", [Req: #%u]", value->req_frame); } nstime_delta(&delta_ts, &pinfo->fd->abs_ts, &value->req_time); @@ -3854,9 +3866,9 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, the entire PDU, or if we don't have all the data in this fragment, just call the handoff directly if this is the first fragment or the PDU isn't fragmented. */ - if( (!dcerpc_reassemble) || PFC_NOT_FRAGMENTED(hdr) || - !tvb_bytes_exist(tvb, offset, stub_length) ){ - if(hdr->flags&PFC_FIRST_FRAG){ + if ( (!dcerpc_reassemble) || PFC_NOT_FRAGMENTED(hdr) || + !tvb_bytes_exist(tvb, offset, stub_length) ) { + if (hdr->flags&PFC_FIRST_FRAG) { /* First fragment, possibly the only fragment */ /* * XXX - should there be a third routine for each @@ -3871,10 +3883,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, if (dcerpc_tree) { if (stub_length > 0) { tvb_ensure_bytes_exist(tvb, offset, stub_length); - proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, - "Fault stub data (%d byte%s)", - stub_length, - plurality(stub_length, "", "s")); + proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length, + "Fault stub data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } } else { @@ -3882,10 +3894,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, if (dcerpc_tree) { if (stub_length > 0) { tvb_ensure_bytes_exist(tvb, offset, stub_length); - proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, - "Fragment data (%d byte%s)", - stub_length, - plurality(stub_length, "", "s")); + proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } } @@ -3897,21 +3909,21 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, if (dcerpc_tree) { if (length > 0) { tvb_ensure_bytes_exist(tvb, offset, stub_length); - proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, - "Fragment data (%d byte%s)", - stub_length, - plurality(stub_length, "", "s")); + proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } - if(hdr->flags&PFC_FIRST_FRAG){ /* FIRST fragment */ - if( (!pinfo->fd->flags.visited) && value->rep_frame ){ + if (hdr->flags&PFC_FIRST_FRAG) { /* FIRST fragment */ + if ( (!pinfo->fd->flags.visited) && value->rep_frame ) { fragment_add_seq_next(tvb, offset, pinfo, value->rep_frame, dcerpc_co_fragment_table, dcerpc_co_reassemble_table, stub_length, TRUE); } - } else if(hdr->flags&PFC_LAST_FRAG){ /* LAST fragment */ - if( value->rep_frame ){ + } else if (hdr->flags&PFC_LAST_FRAG) { /* LAST fragment */ + if ( value->rep_frame ) { fragment_data *fd_head; fd_head = fragment_add_seq_next(tvb, offset, pinfo, @@ -3920,7 +3932,7 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, stub_length, TRUE); - if(fd_head){ + if (fd_head) { /* We completed reassembly */ tvbuff_t *next_tvb; proto_item *frag_tree_item; @@ -3943,16 +3955,16 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, if (dcerpc_tree) { if (length > 0) { tvb_ensure_bytes_exist(tvb, offset, stub_length); - proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, - "Fault stub data (%d byte%s)", - stub_length, - plurality(stub_length, "", "s")); + proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length, + "Fault stub data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } } } } else { /* MIDDLE fragment(s) */ - if( (!pinfo->fd->flags.visited) && value->rep_frame ){ + if ( (!pinfo->fd->flags.visited) && value->rep_frame ) { fragment_add_seq_next(tvb, offset, pinfo, value->rep_frame, dcerpc_co_fragment_table, dcerpc_co_reassemble_table, stub_length, @@ -3965,36 +3977,36 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, } static void -dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) +dissect_dcerpc_cn_rts(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr) { - proto_item *tf = NULL; + proto_item *tf = NULL; proto_tree *cn_rts_pdu_tree = NULL; - guint16 rts_flags; - guint16 commands_nb = 0; - guint32 *cmd; - guint32 i; - const char *info_str = NULL; + guint16 rts_flags; + guint16 commands_nb = 0; + guint32 *cmd; + guint32 i; + const char *info_str = NULL; /* Dissect specific RTS header */ - rts_flags = dcerpc_tvb_get_ntohs (tvb, offset, hdr->drep); + rts_flags = dcerpc_tvb_get_ntohs(tvb, offset, hdr->drep); if (dcerpc_tree) { proto_tree *cn_rts_flags_tree; - tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_rts_flags, tvb, offset, 2, rts_flags); + tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_rts_flags, tvb, offset, 2, rts_flags); cn_rts_flags_tree = proto_item_add_subtree(tf, ett_dcerpc_cn_rts_flags); - proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_none, tvb, offset, 1, rts_flags); - proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_ping, tvb, offset, 1, rts_flags); - proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_other_cmd, tvb, offset, 1, rts_flags); - proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_recycle_channel, tvb, offset, 1, rts_flags); - proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_in_channel, tvb, offset, 1, rts_flags); - proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_out_channel, tvb, offset, 1, rts_flags); - proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_eof, tvb, offset, 1, rts_flags); + proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_none, tvb, offset, 1, rts_flags); + proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_ping, tvb, offset, 1, rts_flags); + proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_other_cmd, tvb, offset, 1, rts_flags); + proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_recycle_channel, tvb, offset, 1, rts_flags); + proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_in_channel, tvb, offset, 1, rts_flags); + proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_out_channel, tvb, offset, 1, rts_flags); + proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_eof, tvb, offset, 1, rts_flags); } offset += 2; - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, - hf_dcerpc_cn_rts_commands_nb, &commands_nb); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_cn_rts_commands_nb, &commands_nb); /* Create the RTS PDU tree - we do not yet know its name */ tf = proto_tree_add_text(dcerpc_tree, tvb, offset, tvb_length_remaining(tvb, offset), "RTS PDU: %u commands", commands_nb); @@ -4005,44 +4017,44 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo, /* Dissect commands */ for (i = 0; i < commands_nb; ++i) { proto_tree *cn_rts_command_tree = NULL; - const guint32 command = dcerpc_tvb_get_ntohl (tvb, offset, hdr->drep); + const guint32 command = dcerpc_tvb_get_ntohl(tvb, offset, hdr->drep); cmd[i] = command; - tf = proto_tree_add_uint (cn_rts_pdu_tree, hf_dcerpc_cn_rts_command, tvb, offset, 4, command); + tf = proto_tree_add_uint(cn_rts_pdu_tree, hf_dcerpc_cn_rts_command, tvb, offset, 4, command); cn_rts_command_tree = proto_item_add_subtree(tf, ett_dcerpc_cn_rts_command); offset += 4; switch (command) { case RTS_CMD_RECEIVEWINDOWSIZE: - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_receivewindowsize, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_receivewindowsize, NULL); break; case RTS_CMD_FLOWCONTROLACK: - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_bytesreceived, NULL); - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_availablewindow, NULL); - offset = dissect_dcerpc_uuid_t (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_channelcookie, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_bytesreceived, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_availablewindow, NULL); + offset = dissect_dcerpc_uuid_t(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_channelcookie, NULL); break; case RTS_CMD_CONNECTIONTIMEOUT: - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_connectiontimeout, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_connectiontimeout, NULL); break; case RTS_CMD_COOKIE: - offset = dissect_dcerpc_uuid_t (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_cookie, NULL); + offset = dissect_dcerpc_uuid_t(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_cookie, NULL); break; case RTS_CMD_CHANNELLIFETIME: - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_channellifetime, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_channellifetime, NULL); break; case RTS_CMD_CLIENTKEEPALIVE: - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_clientkeepalive, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_clientkeepalive, NULL); break; case RTS_CMD_VERSION: - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_version, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_version, NULL); break; case RTS_CMD_EMPTY: break; case RTS_CMD_PADDING: { guint8 *padding; - const guint32 conformance_count = dcerpc_tvb_get_ntohl (tvb, offset, hdr->drep); - proto_tree_add_uint (cn_rts_command_tree, hf_dcerpc_cn_rts_command_conformancecount, tvb, offset, 4, conformance_count); + const guint32 conformance_count = dcerpc_tvb_get_ntohl(tvb, offset, hdr->drep); + proto_tree_add_uint(cn_rts_command_tree, hf_dcerpc_cn_rts_command_conformancecount, tvb, offset, 4, conformance_count); offset += 4; padding = tvb_memdup(tvb, offset, conformance_count); - proto_tree_add_bytes (cn_rts_command_tree, hf_dcerpc_cn_rts_command_padding, tvb, offset, conformance_count, padding); + proto_tree_add_bytes(cn_rts_command_tree, hf_dcerpc_cn_rts_command_padding, tvb, offset, conformance_count, padding); offset += conformance_count; } break; case RTS_CMD_NEGATIVEANCE: @@ -4051,8 +4063,8 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo, break; case RTS_CMD_CLIENTADDRESS: { guint8 *padding; - const guint32 addrtype = dcerpc_tvb_get_ntohl (tvb, offset, hdr->drep); - proto_tree_add_uint (cn_rts_command_tree, hf_dcerpc_cn_rts_command_addrtype, tvb, offset, 4, addrtype); + const guint32 addrtype = dcerpc_tvb_get_ntohl(tvb, offset, hdr->drep); + proto_tree_add_uint(cn_rts_command_tree, hf_dcerpc_cn_rts_command_addrtype, tvb, offset, 4, addrtype); offset += 4; switch (addrtype) { case RTS_IPV4: { @@ -4068,17 +4080,17 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo, } break; } padding = tvb_memdup(tvb, offset, 12); - proto_tree_add_bytes (cn_rts_command_tree, hf_dcerpc_cn_rts_command_padding, tvb, offset, 12, padding); + proto_tree_add_bytes(cn_rts_command_tree, hf_dcerpc_cn_rts_command_padding, tvb, offset, 12, padding); offset += 12; } break; case RTS_CMD_ASSOCIATIONGROUPID: - offset = dissect_dcerpc_uuid_t (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_associationgroupid, NULL); + offset = dissect_dcerpc_uuid_t(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_associationgroupid, NULL); break; case RTS_CMD_DESTINATION: - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_forwarddestination, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_forwarddestination, NULL); break; case RTS_CMD_PINGTRAFFICSENTNOTIFY: - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_pingtrafficsentnotify, NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_pingtrafficsentnotify, NULL); break; default: proto_tree_add_text(cn_rts_command_tree, tvb, offset, 0, "unknown RTS command number"); @@ -4175,7 +4187,7 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo, } break; case RTS_FLAG_RECYCLE_CHANNEL: - switch(commands_nb) { + switch (commands_nb) { case 1: if (cmd[0] == 0xD) { info_str = "OUT_R1/A1,OUT_R1/A2,OUT_R2/A1,OUT_R2/A2"; @@ -4282,20 +4294,20 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo, * pinfo->private_data structure to expect. */ static gboolean -dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, gboolean can_desegment, int *pkt_len) +dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, gboolean can_desegment, int *pkt_len) { - static const guint8 nulls[4] = { 0 }; - int start_offset; - int padding = 0; - proto_item *ti = NULL; - proto_item *tf = NULL; - proto_tree *dcerpc_tree = NULL; - proto_tree *cn_flags_tree = NULL; - proto_tree *drep_tree = NULL; - e_dce_cn_common_hdr_t hdr; - dcerpc_auth_info auth_info; - tvbuff_t *fragment_tvb; + static const guint8 nulls[4] = { 0 }; + int start_offset; + int padding = 0; + proto_item *ti = NULL; + proto_item *tf = NULL; + proto_tree *dcerpc_tree = NULL; + proto_tree *cn_flags_tree = NULL; + proto_tree *drep_tree = NULL; + e_dce_cn_common_hdr_t hdr; + dcerpc_auth_info auth_info; + tvbuff_t *fragment_tvb; /* * when done over nbt, dcerpc requests are padded with 4 bytes of null @@ -4306,7 +4318,7 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, * the 4 bytes of null padding, and make that the dissector * used for "netbios". */ - if (tvb_memeql (tvb, offset, nulls, 4) == 0) { + if (tvb_memeql(tvb, offset, nulls, 4) == 0) { /* * Skip the padding. @@ -4317,59 +4329,59 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, /* * Check if this looks like a C/O DCERPC call */ - if (!tvb_bytes_exist (tvb, offset, sizeof (hdr))) { + if (!tvb_bytes_exist(tvb, offset, sizeof (hdr))) { return FALSE; /* not enough information to check */ } start_offset = offset; - hdr.rpc_ver = tvb_get_guint8 (tvb, offset++); + hdr.rpc_ver = tvb_get_guint8(tvb, offset++); if (hdr.rpc_ver != 5) return FALSE; - hdr.rpc_ver_minor = tvb_get_guint8 (tvb, offset++); - if (hdr.rpc_ver_minor != 0 && hdr.rpc_ver_minor != 1) + hdr.rpc_ver_minor = tvb_get_guint8(tvb, offset++); + if ((hdr.rpc_ver_minor != 0) && (hdr.rpc_ver_minor != 1)) return FALSE; - hdr.ptype = tvb_get_guint8 (tvb, offset++); + hdr.ptype = tvb_get_guint8(tvb, offset++); if (hdr.ptype > PDU_RTS) return FALSE; - hdr.flags = tvb_get_guint8 (tvb, offset++); - tvb_memcpy (tvb, (guint8 *)hdr.drep, offset, sizeof (hdr.drep)); + hdr.flags = tvb_get_guint8(tvb, offset++); + tvb_memcpy(tvb, (guint8 *)hdr.drep, offset, sizeof (hdr.drep)); offset += sizeof (hdr.drep); - hdr.frag_len = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep); + hdr.frag_len = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep); offset += 2; - hdr.auth_len = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep); + hdr.auth_len = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep); offset += 2; - hdr.call_id = dcerpc_tvb_get_ntohl (tvb, offset, hdr.drep); + hdr.call_id = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep); offset += 4; - if(pinfo->dcectxid == 0) { - col_append_fstr (pinfo->cinfo, COL_DCE_CALL, "%u", hdr.call_id); + if (pinfo->dcectxid == 0) { + col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "%u", hdr.call_id); } else { /* this is not the first DCE-RPC request/response in this (TCP?-)PDU, * prepend a delimiter */ - col_append_fstr (pinfo->cinfo, COL_DCE_CALL, "#%u", hdr.call_id); + col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "#%u", hdr.call_id); } if (can_desegment && pinfo->can_desegment && !tvb_bytes_exist(tvb, start_offset, hdr.frag_len)) { pinfo->desegment_offset = start_offset; - pinfo->desegment_len = hdr.frag_len - tvb_length_remaining (tvb, start_offset); + pinfo->desegment_len = hdr.frag_len - tvb_length_remaining(tvb, start_offset); *pkt_len = 0; /* desegmentation required */ return TRUE; } - col_set_str (pinfo->cinfo, COL_PROTOCOL, "DCERPC"); + col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCERPC"); - if(pinfo->dcectxid != 0) { + if (pinfo->dcectxid != 0) { /* this is not the first DCE-RPC request/response in this (TCP?-)PDU, * append a delimiter and set a column fence */ - col_append_str (pinfo->cinfo, COL_INFO, " # "); + col_append_str(pinfo->cinfo, COL_INFO, " # "); col_set_fence(pinfo->cinfo,COL_INFO); } - col_add_fstr (pinfo->cinfo, COL_INFO, "%s: call_id: %u", - pckt_vals[hdr.ptype].strptr, hdr.call_id); + col_add_fstr(pinfo->cinfo, COL_INFO, "%s: call_id: %u", + pckt_vals[hdr.ptype].strptr, hdr.call_id); - if(pinfo->dcectxid != 0) { + if (pinfo->dcectxid != 0) { /* this is not the first DCE-RPC request/response in this (TCP?-)PDU */ expert_add_info_format(pinfo, NULL, PI_SEQUENCE, PI_CHAT, "Multiple DCE/RPC fragments/PDU's in one packet"); } @@ -4377,66 +4389,67 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, offset = start_offset; tvb_ensure_bytes_exist(tvb, offset, 16); if (tree) { - ti = proto_tree_add_item (tree, proto_dcerpc, tvb, offset, hdr.frag_len, ENC_NA); - dcerpc_tree = proto_item_add_subtree (ti, ett_dcerpc); + ti = proto_tree_add_item(tree, proto_dcerpc, tvb, offset, hdr.frag_len, ENC_NA); + dcerpc_tree = proto_item_add_subtree(ti, ett_dcerpc); } - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_ver, tvb, offset, 1, hdr.rpc_ver); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_ver, tvb, offset, 1, hdr.rpc_ver); offset++; - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_ver_minor, tvb, offset, 1, hdr.rpc_ver_minor); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_ver_minor, tvb, offset, 1, hdr.rpc_ver_minor); offset++; - tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_packet_type, tvb, offset, 1, hdr.ptype); + tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_packet_type, tvb, offset, 1, hdr.ptype); offset++; - /* XXX - too much "output noise", removed for now - if(hdr.ptype == PDU_BIND || hdr.ptype == PDU_ALTER || +#if 0 /* XXX - too much "output noise", removed for now */ + if (hdr.ptype == PDU_BIND || hdr.ptype == PDU_ALTER || hdr.ptype == PDU_BIND_ACK || hdr.ptype == PDU_ALTER_ACK) expert_add_info_format(pinfo, tf, PI_SEQUENCE, PI_CHAT, "Context change: %s", - val_to_str(hdr.ptype, pckt_vals, "(0x%x)"));*/ - if(hdr.ptype == PDU_BIND_NAK) + val_to_str(hdr.ptype, pckt_vals, "(0x%x)")); +#endif + if (hdr.ptype == PDU_BIND_NAK) expert_add_info_format(pinfo, tf, PI_SEQUENCE, PI_WARN, "Bind not acknowledged"); if (tree) { proto_item_append_text(ti, " %s, Fragment: %s", - val_to_str(hdr.ptype, pckt_vals, "Unknown (0x%02x)"), - fragment_type(hdr.flags)); + val_to_str(hdr.ptype, pckt_vals, "Unknown (0x%02x)"), + fragment_type(hdr.flags)); - tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_flags, tvb, offset, 1, hdr.flags); - cn_flags_tree = proto_item_add_subtree (tf, ett_dcerpc_cn_flags); + tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_flags, tvb, offset, 1, hdr.flags); + cn_flags_tree = proto_item_add_subtree(tf, ett_dcerpc_cn_flags); } - proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_object, tvb, offset, 1, hdr.flags); - proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_maybe, tvb, offset, 1, hdr.flags); - proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_dne, tvb, offset, 1, hdr.flags); - proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_mpx, tvb, offset, 1, hdr.flags); - proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_reserved, tvb, offset, 1, hdr.flags); - proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_cancel_pending, tvb, offset, 1, hdr.flags); - proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_last_frag, tvb, offset, 1, hdr.flags); - proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_first_frag, tvb, offset, 1, hdr.flags); + proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_object, tvb, offset, 1, hdr.flags); + proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_maybe, tvb, offset, 1, hdr.flags); + proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_dne, tvb, offset, 1, hdr.flags); + proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_mpx, tvb, offset, 1, hdr.flags); + proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_reserved, tvb, offset, 1, hdr.flags); + proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_cancel_pending, tvb, offset, 1, hdr.flags); + proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_last_frag, tvb, offset, 1, hdr.flags); + proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_first_frag, tvb, offset, 1, hdr.flags); offset++; col_append_fstr(pinfo->cinfo, COL_INFO, " Fragment: %s", fragment_type(hdr.flags)); - if(dcerpc_tree){ - tf = proto_tree_add_bytes (dcerpc_tree, hf_dcerpc_drep, tvb, offset, 4, hdr.drep); - drep_tree = proto_item_add_subtree (tf, ett_dcerpc_drep); + if (dcerpc_tree) { + tf = proto_tree_add_bytes(dcerpc_tree, hf_dcerpc_drep, tvb, offset, 4, hdr.drep); + drep_tree = proto_item_add_subtree(tf, ett_dcerpc_drep); } proto_tree_add_uint(drep_tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, hdr.drep[0] >> 4); proto_tree_add_uint(drep_tree, hf_dcerpc_drep_character, tvb, offset, 1, hdr.drep[0] & 0x0f); proto_tree_add_uint(drep_tree, hf_dcerpc_drep_fp, tvb, offset+1, 1, hdr.drep[1]); offset += sizeof (hdr.drep); - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_frag_len, tvb, offset, 2, hdr.frag_len); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_frag_len, tvb, offset, 2, hdr.frag_len); offset += 2; - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_auth_len, tvb, offset, 2, hdr.auth_len); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_auth_len, tvb, offset, 2, hdr.auth_len); offset += 2; - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_call_id, tvb, offset, 4, hdr.call_id); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_call_id, tvb, offset, 4, hdr.call_id); offset += 4; - if(ti){ + if (ti) { proto_item_append_text(ti, ", FragLen: %u, Call: %u", hdr.frag_len, hdr.call_id); } @@ -4474,36 +4487,36 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, switch (hdr.ptype) { case PDU_BIND: case PDU_ALTER: - dissect_dcerpc_cn_bind (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_cn_bind(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_BIND_ACK: case PDU_ALTER_ACK: - dissect_dcerpc_cn_bind_ack (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_cn_bind_ack(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_AUTH3: /* * Nothing after the common header other than credentials. */ - dissect_dcerpc_cn_auth (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, TRUE, - &auth_info); + dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, TRUE, + &auth_info); break; case PDU_REQ: - dissect_dcerpc_cn_rqst (fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr); + dissect_dcerpc_cn_rqst(fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr); break; case PDU_RESP: - dissect_dcerpc_cn_resp (fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr); + dissect_dcerpc_cn_resp(fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr); break; case PDU_FAULT: - dissect_dcerpc_cn_fault (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_cn_fault(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_BIND_NAK: - dissect_dcerpc_cn_bind_nak (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_cn_bind_nak(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_CO_CANCEL: @@ -4512,8 +4525,8 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, * Nothing after the common header other than an authentication * verifier. */ - dissect_dcerpc_cn_auth (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE, - &auth_info); + dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE, + &auth_info); break; case PDU_SHUTDOWN: @@ -4523,13 +4536,13 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, */ break; case PDU_RTS: - dissect_dcerpc_cn_rts (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_cn_rts(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr); break; default: /* might as well dissect the auth info */ - dissect_dcerpc_cn_auth (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE, - &auth_info); + dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE, + &auth_info); break; } return TRUE; @@ -4540,14 +4553,14 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo, * transports */ static gboolean -dissect_dcerpc_cn_pk (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +dissect_dcerpc_cn_pk(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { /* * Only one PDU per transport packet, and only one transport * packet per PDU. */ - pinfo->dcetransporttype=DCE_TRANSPORT_UNKNOWN; - if (!dissect_dcerpc_cn (tvb, 0, pinfo, tree, FALSE, NULL)) { + pinfo->dcetransporttype = DCE_TRANSPORT_UNKNOWN; + if (!dissect_dcerpc_cn(tvb, 0, pinfo, tree, FALSE, NULL)) { /* * It wasn't a DCERPC PDU. */ @@ -4567,12 +4580,12 @@ dissect_dcerpc_cn_pk (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * to be able to know what kind of private_data structure to expect. */ static gboolean -dissect_dcerpc_cn_bs_body (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +dissect_dcerpc_cn_bs_body(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - volatile int offset = 0; - int pdu_len = 0; + volatile int offset = 0; + int pdu_len = 0; volatile gboolean dcerpc_pdus = 0; - volatile gboolean ret = FALSE; + volatile gboolean ret = FALSE; /* * There may be multiple PDUs per transport packet; keep @@ -4590,7 +4603,7 @@ dissect_dcerpc_cn_bs_body (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) */ TRY { pdu_len = 0; - if(dissect_dcerpc_cn (tvb, offset, pinfo, tree, + if (dissect_dcerpc_cn(tvb, offset, pinfo, tree, dcerpc_cn_desegment, &pdu_len)) { dcerpc_pdus++; } @@ -4644,35 +4657,35 @@ dissect_dcerpc_cn_bs_body (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } static gboolean -dissect_dcerpc_cn_bs (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +dissect_dcerpc_cn_bs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - pinfo->dcetransporttype=DCE_TRANSPORT_UNKNOWN; + pinfo->dcetransporttype = DCE_TRANSPORT_UNKNOWN; return dissect_dcerpc_cn_bs_body(tvb, pinfo, tree); } static gboolean -dissect_dcerpc_cn_smbpipe (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +dissect_dcerpc_cn_smbpipe(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - pinfo->dcetransporttype=DCE_CN_TRANSPORT_SMBPIPE; + pinfo->dcetransporttype = DCE_CN_TRANSPORT_SMBPIPE; return dissect_dcerpc_cn_bs_body(tvb, pinfo, tree); } static gboolean -dissect_dcerpc_cn_smb2 (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +dissect_dcerpc_cn_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - pinfo->dcetransporttype=DCE_TRANSPORT_UNKNOWN; + pinfo->dcetransporttype = DCE_TRANSPORT_UNKNOWN; return dissect_dcerpc_cn_bs_body(tvb, pinfo, tree); } static void -dissect_dcerpc_dg_auth (tvbuff_t *tvb, int offset, proto_tree *dcerpc_tree, - e_dce_dg_common_hdr_t *hdr, int *auth_level_p) +dissect_dcerpc_dg_auth(tvbuff_t *tvb, int offset, proto_tree *dcerpc_tree, + e_dce_dg_common_hdr_t *hdr, int *auth_level_p) { - proto_item *ti = NULL; + proto_item *ti = NULL; proto_tree *auth_tree = NULL; - guint8 protection_level; + guint8 protection_level; /* * Initially set "*auth_level_p" to -1 to indicate that we haven't @@ -4694,73 +4707,73 @@ dissect_dcerpc_dg_auth (tvbuff_t *tvb, int offset, proto_tree *dcerpc_tree, switch (hdr->auth_proto) { case DCE_C_RPC_AUTHN_PROTOCOL_KRB5: - ti = proto_tree_add_text (dcerpc_tree, tvb, offset, -1, "Kerberos authentication verifier"); - auth_tree = proto_item_add_subtree (ti, ett_dcerpc_krb5_auth_verf); - protection_level = tvb_get_guint8 (tvb, offset); + ti = proto_tree_add_text(dcerpc_tree, tvb, offset, -1, "Kerberos authentication verifier"); + auth_tree = proto_item_add_subtree(ti, ett_dcerpc_krb5_auth_verf); + protection_level = tvb_get_guint8(tvb, offset); if (auth_level_p != NULL) *auth_level_p = protection_level; - proto_tree_add_uint (auth_tree, hf_dcerpc_krb5_av_prot_level, tvb, offset, 1, protection_level); + proto_tree_add_uint(auth_tree, hf_dcerpc_krb5_av_prot_level, tvb, offset, 1, protection_level); offset++; - proto_tree_add_item (auth_tree, hf_dcerpc_krb5_av_key_vers_num, tvb, offset, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(auth_tree, hf_dcerpc_krb5_av_key_vers_num, tvb, offset, 1, ENC_BIG_ENDIAN); offset++; if (protection_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY) offset += 6; /* 6 bytes of padding */ else offset += 2; /* 2 bytes of padding */ - proto_tree_add_item (auth_tree, hf_dcerpc_krb5_av_key_auth_verifier, tvb, offset, 16, ENC_NA); + proto_tree_add_item(auth_tree, hf_dcerpc_krb5_av_key_auth_verifier, tvb, offset, 16, ENC_NA); offset += 16; break; default: - proto_tree_add_text (dcerpc_tree, tvb, offset, -1, "Authentication verifier"); + proto_tree_add_text(dcerpc_tree, tvb, offset, -1, "Authentication verifier"); break; } } } static void -dissect_dcerpc_dg_cancel_ack (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, - e_dce_dg_common_hdr_t *hdr) +dissect_dcerpc_dg_cancel_ack(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, + e_dce_dg_common_hdr_t *hdr) { guint32 version; - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_cancel_vers, - &version); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_cancel_vers, + &version); switch (version) { case 0: /* The only version we know about */ - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_cancel_id, - NULL); - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_server_accepting_cancels, + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_cancel_id, NULL); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_server_accepting_cancels, + NULL); break; } } static void -dissect_dcerpc_dg_cancel (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, - e_dce_dg_common_hdr_t *hdr) +dissect_dcerpc_dg_cancel(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, + e_dce_dg_common_hdr_t *hdr) { guint32 version; - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_cancel_vers, - &version); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_cancel_vers, + &version); switch (version) { case 0: /* The only version we know about */ - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_cancel_id, - NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_cancel_id, + NULL); /* XXX - are NDR Booleans 32 bits? */ /* XXX - the RPC reference in chapter: "the cancel PDU" doesn't mention @@ -4773,18 +4786,18 @@ dissect_dcerpc_dg_cancel (tvbuff_t *tvb, int offset, packet_info *pinfo, } static void -dissect_dcerpc_dg_fack (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, - e_dce_dg_common_hdr_t *hdr) +dissect_dcerpc_dg_fack(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, + e_dce_dg_common_hdr_t *hdr) { - guint8 version; + guint8 version; guint16 serial_num; guint16 selack_len; - guint i; + guint i; - offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_fack_vers, - &version); + offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_fack_vers, + &version); /* padding */ offset++; @@ -4792,27 +4805,27 @@ dissect_dcerpc_dg_fack (tvbuff_t *tvb, int offset, packet_info *pinfo, case 0: /* The only version documented in the DCE RPC 1.1 spec */ case 1: /* This appears to be the same */ - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_fack_window_size, - NULL); - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_fack_max_tsdu, - NULL); - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_fack_max_frag_size, - NULL); - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_fack_serial_num, - &serial_num); - col_append_fstr (pinfo->cinfo, COL_INFO, " serial: %u", + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_fack_window_size, + NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_fack_max_tsdu, + NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_fack_max_frag_size, + NULL); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_fack_serial_num, + &serial_num); + col_append_fstr(pinfo->cinfo, COL_INFO, " serial: %u", serial_num); - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_fack_selack_len, - &selack_len); + offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_fack_selack_len, + &selack_len); for (i = 0; i < selack_len; i++) { - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_fack_selack, - NULL); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_fack_selack, + NULL); } break; @@ -4820,15 +4833,15 @@ dissect_dcerpc_dg_fack (tvbuff_t *tvb, int offset, packet_info *pinfo, } static void -dissect_dcerpc_dg_reject_fault (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, - e_dce_dg_common_hdr_t *hdr) +dissect_dcerpc_dg_reject_fault(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, + e_dce_dg_common_hdr_t *hdr) { guint32 status; - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, - hdr->drep, hf_dcerpc_dg_status, - &status); + offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, + hdr->drep, hf_dcerpc_dg_status, + &status); col_append_fstr (pinfo->cinfo, COL_INFO, ": status: %s", @@ -4836,22 +4849,22 @@ dissect_dcerpc_dg_reject_fault (tvbuff_t *tvb, int offset, packet_info *pinfo, } static void -dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, proto_tree *tree, - e_dce_dg_common_hdr_t *hdr, dcerpc_info *di) +dissect_dcerpc_dg_stub(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, proto_tree *tree, + e_dce_dg_common_hdr_t *hdr, dcerpc_info *di) { - int length, reported_length, stub_length; - gboolean save_fragmented; + int length, reported_length, stub_length; + gboolean save_fragmented; fragment_data *fd_head; - tvbuff_t *next_tvb; - proto_item *pi; - proto_item *parent_pi; + tvbuff_t *next_tvb; + proto_item *pi; + proto_item *parent_pi; - col_append_fstr (pinfo->cinfo, COL_INFO, " opnum: %u len: %u", - di->call_data->opnum, hdr->frag_len ); + col_append_fstr(pinfo->cinfo, COL_INFO, " opnum: %u len: %u", + di->call_data->opnum, hdr->frag_len ); - length = tvb_length_remaining (tvb, offset); - reported_length = tvb_reported_length_remaining (tvb, offset); + length = tvb_length_remaining(tvb, offset); + reported_length = tvb_reported_length_remaining(tvb, offset); stub_length = hdr->frag_len; if (length > stub_length) length = stub_length; @@ -4865,9 +4878,9 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, not reassembled at a lower layer) that doesn't include all the data in the fragment, just call the handoff directly if this is the first fragment or the PDU isn't fragmented. */ - if( (!dcerpc_reassemble) || !(hdr->flags1 & PFCL1_FRAG) || - !tvb_bytes_exist(tvb, offset, stub_length) ){ - if(hdr->frag_num == 0) { + if ( (!dcerpc_reassemble) || !(hdr->flags1 & PFCL1_FRAG) || + !tvb_bytes_exist(tvb, offset, stub_length) ) { + if (hdr->frag_num == 0) { /* First fragment, possibly the only fragment */ @@ -4876,19 +4889,19 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, * XXX - authentication info? */ pinfo->fragmented = (hdr->flags1 & PFCL1_FRAG); - next_tvb = tvb_new_subset (tvb, offset, length, - reported_length); - dcerpc_try_handoff (pinfo, tree, dcerpc_tree, next_tvb, - next_tvb, hdr->drep, di, NULL); + next_tvb = tvb_new_subset(tvb, offset, length, + reported_length); + dcerpc_try_handoff(pinfo, tree, dcerpc_tree, next_tvb, + next_tvb, hdr->drep, di, NULL); } else { /* PDU is fragmented and this isn't the first fragment */ if (dcerpc_tree) { if (length > 0) { tvb_ensure_bytes_exist(tvb, offset, stub_length); - proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, - "Fragment data (%d byte%s)", - stub_length, - plurality(stub_length, "", "s")); + proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", + stub_length, + plurality(stub_length, "", "s")); } } } @@ -4900,9 +4913,9 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, if (dcerpc_tree) { if (length > 0) { tvb_ensure_bytes_exist(tvb, offset, stub_length); - proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length, - "Fragment data (%d byte%s)", stub_length, - plurality(stub_length, "", "s")); + proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length, + "Fragment data (%d byte%s)", stub_length, + plurality(stub_length, "", "s")); } } @@ -4912,7 +4925,7 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, !(hdr->flags1 & PFCL1_LASTFRAG)); if (fd_head != NULL) { /* We completed reassembly... */ - if(pinfo->fd->num==fd_head->reassembled_in) { + if (pinfo->fd->num == fd_head->reassembled_in) { /* ...and this is the reassembled RPC PDU */ next_tvb = tvb_new_child_real_data(tvb, fd_head->data, fd_head->len, fd_head->len); add_new_data_source(pinfo, next_tvb, "Reassembled DCE/RPC"); @@ -4923,15 +4936,15 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, * XXX - authentication info? */ pinfo->fragmented = FALSE; - dcerpc_try_handoff (pinfo, tree, dcerpc_tree, next_tvb, - next_tvb, hdr->drep, di, NULL); + dcerpc_try_handoff(pinfo, tree, dcerpc_tree, next_tvb, + next_tvb, hdr->drep, di, NULL); } else { /* ...and this isn't the reassembled RPC PDU */ pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_reassembled_in, tvb, 0, 0, fd_head->reassembled_in); PROTO_ITEM_SET_GENERATED(pi); parent_pi = proto_tree_get_parent(dcerpc_tree); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, ", [Reas: #%u]", fd_head->reassembled_in); } col_append_fstr(pinfo->cinfo, COL_INFO, @@ -4943,52 +4956,52 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo, } static void -dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, proto_tree *tree, - e_dce_dg_common_hdr_t *hdr, conversation_t *conv) +dissect_dcerpc_dg_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, proto_tree *tree, + e_dce_dg_common_hdr_t *hdr, conversation_t *conv) { - dcerpc_info *di; - dcerpc_call_value *value, v; - dcerpc_matched_key matched_key, *new_matched_key; - proto_item *pi; - proto_item *parent_pi; - - di=get_next_di(); - if(!(pinfo->fd->flags.visited)){ + dcerpc_info *di; + dcerpc_call_value *value, v; + dcerpc_matched_key matched_key, *new_matched_key; + proto_item *pi; + proto_item *parent_pi; + + di = get_next_di(); + if (!(pinfo->fd->flags.visited)) { dcerpc_call_value *call_value; dcerpc_dg_call_key *call_key; - call_key=se_alloc (sizeof (dcerpc_dg_call_key)); - call_key->conv=conv; - call_key->seqnum=hdr->seqnum; - call_key->act_id=hdr->act_id; + call_key = se_alloc(sizeof (dcerpc_dg_call_key)); + call_key->conv = conv; + call_key->seqnum = hdr->seqnum; + call_key->act_id = hdr->act_id; - call_value=se_alloc (sizeof (dcerpc_call_value)); + call_value = se_alloc(sizeof (dcerpc_call_value)); call_value->uuid = hdr->if_id; call_value->ver = hdr->if_ver; call_value->object_uuid = hdr->obj_id; call_value->opnum = hdr->opnum; - call_value->req_frame=pinfo->fd->num; - call_value->req_time=pinfo->fd->abs_ts; - call_value->rep_frame=0; - call_value->max_ptr=0; + call_value->req_frame = pinfo->fd->num; + call_value->req_time = pinfo->fd->abs_ts; + call_value->rep_frame = 0; + call_value->max_ptr = 0; call_value->se_data = NULL; call_value->private_data = NULL; call_value->pol = NULL; /* NDR64 is not available on dg transports ?*/ call_value->flags = 0; - g_hash_table_insert (dcerpc_dg_calls, call_key, call_value); + g_hash_table_insert(dcerpc_dg_calls, call_key, call_value); - new_matched_key = se_alloc(sizeof (dcerpc_matched_key)); + new_matched_key = se_alloc(sizeof(dcerpc_matched_key)); new_matched_key->frame = pinfo->fd->num; new_matched_key->call_id = hdr->seqnum; - g_hash_table_insert (dcerpc_matched, new_matched_key, call_value); + g_hash_table_insert(dcerpc_matched, new_matched_key, call_value); } matched_key.frame = pinfo->fd->num; matched_key.call_id = hdr->seqnum; - value=g_hash_table_lookup(dcerpc_matched, &matched_key); + value = g_hash_table_lookup(dcerpc_matched, &matched_key); if (!value) { v.uuid = hdr->if_id; v.ver = hdr->if_ver; @@ -4997,8 +5010,8 @@ dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, v.req_frame = pinfo->fd->num; v.rep_frame = 0; v.max_ptr = 0; - v.se_data=NULL; - v.private_data=NULL; + v.se_data = NULL; + v.private_data = NULL; value = &v; } @@ -5008,61 +5021,61 @@ dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, di->ptype = PDU_REQ; di->call_data = value; - if(value->rep_frame!=0){ + if (value->rep_frame != 0) { pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_response_in, tvb, 0, 0, value->rep_frame); PROTO_ITEM_SET_GENERATED(pi); parent_pi = proto_tree_get_parent(dcerpc_tree); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, ", [Resp: #%u]", value->rep_frame); } } - dissect_dcerpc_dg_stub (tvb, offset, pinfo, dcerpc_tree, tree, hdr, di); + dissect_dcerpc_dg_stub(tvb, offset, pinfo, dcerpc_tree, tree, hdr, di); } static void -dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, proto_tree *tree, - e_dce_dg_common_hdr_t *hdr, conversation_t *conv) +dissect_dcerpc_dg_resp(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, proto_tree *tree, + e_dce_dg_common_hdr_t *hdr, conversation_t *conv) { - dcerpc_info *di; - dcerpc_call_value *value, v; - dcerpc_matched_key matched_key, *new_matched_key; - proto_item *pi; - proto_item *parent_pi; - - di=get_next_di(); - if(!(pinfo->fd->flags.visited)){ + dcerpc_info *di; + dcerpc_call_value *value, v; + dcerpc_matched_key matched_key, *new_matched_key; + proto_item *pi; + proto_item *parent_pi; + + di = get_next_di(); + if (!(pinfo->fd->flags.visited)) { dcerpc_call_value *call_value; dcerpc_dg_call_key call_key; - call_key.conv=conv; - call_key.seqnum=hdr->seqnum; - call_key.act_id=hdr->act_id; + call_key.conv = conv; + call_key.seqnum = hdr->seqnum; + call_key.act_id = hdr->act_id; - if((call_value=g_hash_table_lookup(dcerpc_dg_calls, &call_key))){ + if ((call_value = g_hash_table_lookup(dcerpc_dg_calls, &call_key))) { new_matched_key = se_alloc(sizeof (dcerpc_matched_key)); new_matched_key->frame = pinfo->fd->num; new_matched_key->call_id = hdr->seqnum; - g_hash_table_insert (dcerpc_matched, new_matched_key, call_value); - if(call_value->rep_frame==0){ - call_value->rep_frame=pinfo->fd->num; + g_hash_table_insert(dcerpc_matched, new_matched_key, call_value); + if (call_value->rep_frame == 0) { + call_value->rep_frame = pinfo->fd->num; } } } matched_key.frame = pinfo->fd->num; matched_key.call_id = hdr->seqnum; - value=g_hash_table_lookup(dcerpc_matched, &matched_key); + value = g_hash_table_lookup(dcerpc_matched, &matched_key); if (!value) { v.uuid = hdr->if_id; v.ver = hdr->if_ver; v.object_uuid = hdr->obj_id; v.opnum = hdr->opnum; - v.req_frame=0; - v.rep_frame=pinfo->fd->num; - v.se_data=NULL; - v.private_data=NULL; + v.req_frame = 0; + v.rep_frame = pinfo->fd->num; + v.se_data = NULL; + v.private_data = NULL; value = &v; } @@ -5072,13 +5085,13 @@ dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo, di->ptype = PDU_RESP; di->call_data = value; - if(value->req_frame!=0){ + if (value->req_frame != 0) { nstime_t delta_ts; pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_request_in, tvb, 0, 0, value->req_frame); PROTO_ITEM_SET_GENERATED(pi); parent_pi = proto_tree_get_parent(dcerpc_tree); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, ", [Req: #%u]", value->req_frame); } nstime_delta(&delta_ts, &pinfo->fd->abs_ts, &value->req_time); @@ -5090,24 +5103,24 @@ dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo, expert_add_info_format(pinfo, pi, PI_SEQUENCE, PI_NOTE, "No request to this DCE/RPC call found"); } - dissect_dcerpc_dg_stub (tvb, offset, pinfo, dcerpc_tree, tree, hdr, di); + dissect_dcerpc_dg_stub(tvb, offset, pinfo, dcerpc_tree, tree, hdr, di); } static void -dissect_dcerpc_dg_ping_ack (tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *dcerpc_tree, - e_dce_dg_common_hdr_t *hdr, conversation_t *conv) +dissect_dcerpc_dg_ping_ack(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *dcerpc_tree, + e_dce_dg_common_hdr_t *hdr, conversation_t *conv) { - proto_item *parent_pi; -/* if(!(pinfo->fd->flags.visited)){*/ - dcerpc_call_value *call_value; - dcerpc_dg_call_key call_key; + proto_item *parent_pi; +/* if (!(pinfo->fd->flags.visited)) {*/ + dcerpc_call_value *call_value; + dcerpc_dg_call_key call_key; - call_key.conv=conv; - call_key.seqnum=hdr->seqnum; - call_key.act_id=hdr->act_id; + call_key.conv = conv; + call_key.seqnum = hdr->seqnum; + call_key.act_id = hdr->act_id; - if((call_value=g_hash_table_lookup(dcerpc_dg_calls, &call_key))){ + if ((call_value = g_hash_table_lookup(dcerpc_dg_calls, &call_key))) { proto_item *pi; nstime_t delta_ts; @@ -5115,7 +5128,7 @@ dissect_dcerpc_dg_ping_ack (tvbuff_t *tvb, int offset, packet_info *pinfo, tvb, 0, 0, call_value->req_frame); PROTO_ITEM_SET_GENERATED(pi); parent_pi = proto_tree_get_parent(dcerpc_tree); - if(parent_pi != NULL) { + if (parent_pi != NULL) { proto_item_append_text(parent_pi, ", [Req: #%u]", call_value->req_frame); } @@ -5132,88 +5145,88 @@ dissect_dcerpc_dg_ping_ack (tvbuff_t *tvb, int offset, packet_info *pinfo, * DCERPC dissector for connectionless calls */ static gboolean -dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +dissect_dcerpc_dg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - proto_item *ti = NULL; - proto_item *tf = NULL; - proto_tree *dcerpc_tree = NULL; - proto_tree *dg_flags1_tree = NULL; - proto_tree *dg_flags2_tree = NULL; - proto_tree *drep_tree = NULL; - e_dce_dg_common_hdr_t hdr; - int offset = 0; - conversation_t *conv; - int auth_level; - char *uuid_str; - const char *uuid_name = NULL; + proto_item *ti = NULL; + proto_item *tf = NULL; + proto_tree *dcerpc_tree = NULL; + proto_tree *dg_flags1_tree = NULL; + proto_tree *dg_flags2_tree = NULL; + proto_tree *drep_tree = NULL; + e_dce_dg_common_hdr_t hdr; + int offset = 0; + conversation_t *conv; + int auth_level; + char *uuid_str; + const char *uuid_name = NULL; /* * Check if this looks like a CL DCERPC call. All dg packets * have an 80 byte header on them. Which starts with * version (4), pkt_type. */ - if (tvb_length (tvb) < sizeof (hdr)) { + if (tvb_length(tvb) < sizeof (hdr)) { return FALSE; } /* Version must be 4 */ - hdr.rpc_ver = tvb_get_guint8 (tvb, offset++); + hdr.rpc_ver = tvb_get_guint8(tvb, offset++); if (hdr.rpc_ver != 4) return FALSE; - /* Type must be <=19 or its not DCE/RPC */ - hdr.ptype = tvb_get_guint8 (tvb, offset++); + /* Type must be <= 19 or its not DCE/RPC */ + hdr.ptype = tvb_get_guint8(tvb, offset++); if (hdr.ptype > 19) return FALSE; /* flags1 has bit 1 and 8 as reserved so if any of them are set, it is probably not a DCE/RPC packet */ - hdr.flags1 = tvb_get_guint8 (tvb, offset++); - if(hdr.flags1&0x81) + hdr.flags1 = tvb_get_guint8(tvb, offset++); + if (hdr.flags1&0x81) return FALSE; /* flags2 has all bits except bit 2 as reserved so if any of them are set it is probably not DCE/RPC. */ - hdr.flags2 = tvb_get_guint8 (tvb, offset++); - if(hdr.flags2&0xfd) + hdr.flags2 = tvb_get_guint8(tvb, offset++); + if (hdr.flags2&0xfd) return FALSE; - col_set_str (pinfo->cinfo, COL_PROTOCOL, "DCERPC"); - col_add_str (pinfo->cinfo, COL_INFO, pckt_vals[hdr.ptype].strptr); + col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCERPC"); + col_add_str(pinfo->cinfo, COL_INFO, pckt_vals[hdr.ptype].strptr); - tvb_memcpy (tvb, (guint8 *)hdr.drep, offset, sizeof (hdr.drep)); + tvb_memcpy(tvb, (guint8 *)hdr.drep, offset, sizeof (hdr.drep)); offset += sizeof (hdr.drep); - hdr.serial_hi = tvb_get_guint8 (tvb, offset++); - dcerpc_tvb_get_uuid (tvb, offset, hdr.drep, &hdr.obj_id); + hdr.serial_hi = tvb_get_guint8(tvb, offset++); + dcerpc_tvb_get_uuid(tvb, offset, hdr.drep, &hdr.obj_id); offset += 16; - dcerpc_tvb_get_uuid (tvb, offset, hdr.drep, &hdr.if_id); + dcerpc_tvb_get_uuid(tvb, offset, hdr.drep, &hdr.if_id); offset += 16; - dcerpc_tvb_get_uuid (tvb, offset, hdr.drep, &hdr.act_id); + dcerpc_tvb_get_uuid(tvb, offset, hdr.drep, &hdr.act_id); offset += 16; - hdr.server_boot = dcerpc_tvb_get_ntohl (tvb, offset, hdr.drep); + hdr.server_boot = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep); offset += 4; - hdr.if_ver = dcerpc_tvb_get_ntohl (tvb, offset, hdr.drep); + hdr.if_ver = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep); offset += 4; - hdr.seqnum = dcerpc_tvb_get_ntohl (tvb, offset, hdr.drep); + hdr.seqnum = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep); offset += 4; - hdr.opnum = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep); + hdr.opnum = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep); offset += 2; - hdr.ihint = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep); + hdr.ihint = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep); offset += 2; - hdr.ahint = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep); + hdr.ahint = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep); offset += 2; - hdr.frag_len = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep); + hdr.frag_len = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep); offset += 2; - hdr.frag_num = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep); + hdr.frag_num = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep); offset += 2; - hdr.auth_proto = tvb_get_guint8 (tvb, offset++); - hdr.serial_lo = tvb_get_guint8 (tvb, offset++); + hdr.auth_proto = tvb_get_guint8(tvb, offset++); + hdr.serial_lo = tvb_get_guint8(tvb, offset++); if (tree) { - ti = proto_tree_add_item (tree, proto_dcerpc, tvb, 0, -1, ENC_NA); + ti = proto_tree_add_item(tree, proto_dcerpc, tvb, 0, -1, ENC_NA); if (ti) { dcerpc_tree = proto_item_add_subtree(ti, ett_dcerpc); proto_item_append_text(ti, " %s, Seq: %u, Serial: %u, Frag: %u, FragLen: %u", @@ -5225,26 +5238,26 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) offset = 0; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_ver, tvb, offset, 1, hdr.rpc_ver); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_ver, tvb, offset, 1, hdr.rpc_ver); offset++; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_packet_type, tvb, offset, 1, hdr.ptype); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_packet_type, tvb, offset, 1, hdr.ptype); offset++; if (tree) { - tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_flags1, tvb, offset, 1, hdr.flags1); - dg_flags1_tree = proto_item_add_subtree (tf, ett_dcerpc_dg_flags1); + tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_flags1, tvb, offset, 1, hdr.flags1); + dg_flags1_tree = proto_item_add_subtree(tf, ett_dcerpc_dg_flags1); if (dg_flags1_tree) { - proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_rsrvd_80, tvb, offset, 1, hdr.flags1); - proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_broadcast, tvb, offset, 1, hdr.flags1); - proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_idempotent, tvb, offset, 1, hdr.flags1); - proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_maybe, tvb, offset, 1, hdr.flags1); - proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_nofack, tvb, offset, 1, hdr.flags1); - proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_frag, tvb, offset, 1, hdr.flags1); - proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_last_frag, tvb, offset, 1, hdr.flags1); - proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_rsrvd_01, tvb, offset, 1, hdr.flags1); - if(hdr.flags1) { + proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_rsrvd_80, tvb, offset, 1, hdr.flags1); + proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_broadcast, tvb, offset, 1, hdr.flags1); + proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_idempotent, tvb, offset, 1, hdr.flags1); + proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_maybe, tvb, offset, 1, hdr.flags1); + proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_nofack, tvb, offset, 1, hdr.flags1); + proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_frag, tvb, offset, 1, hdr.flags1); + proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_last_frag, tvb, offset, 1, hdr.flags1); + proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_rsrvd_01, tvb, offset, 1, hdr.flags1); + if (hdr.flags1) { proto_item_append_text(tf, " %s%s%s%s%s%s", (hdr.flags1 & PFCL1_BROADCAST) ? "\"Broadcast\" " : "", (hdr.flags1 & PFCL1_IDEMPOTENT) ? "\"Idempotent\" " : "", @@ -5258,18 +5271,18 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) offset++; if (tree) { - tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_flags2, tvb, offset, 1, hdr.flags2); - dg_flags2_tree = proto_item_add_subtree (tf, ett_dcerpc_dg_flags2); + tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_flags2, tvb, offset, 1, hdr.flags2); + dg_flags2_tree = proto_item_add_subtree(tf, ett_dcerpc_dg_flags2); if (dg_flags2_tree) { - proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_80, tvb, offset, 1, hdr.flags2); - proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_40, tvb, offset, 1, hdr.flags2); - proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_20, tvb, offset, 1, hdr.flags2); - proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_10, tvb, offset, 1, hdr.flags2); - proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_08, tvb, offset, 1, hdr.flags2); - proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_04, tvb, offset, 1, hdr.flags2); - proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_cancel_pending, tvb, offset, 1, hdr.flags2); - proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_01, tvb, offset, 1, hdr.flags2); - if(hdr.flags2) { + proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_80, tvb, offset, 1, hdr.flags2); + proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_40, tvb, offset, 1, hdr.flags2); + proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_20, tvb, offset, 1, hdr.flags2); + proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_10, tvb, offset, 1, hdr.flags2); + proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_08, tvb, offset, 1, hdr.flags2); + proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_04, tvb, offset, 1, hdr.flags2); + proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_cancel_pending, tvb, offset, 1, hdr.flags2); + proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_01, tvb, offset, 1, hdr.flags2); + if (hdr.flags2) { proto_item_append_text(tf, " %s", (hdr.flags2 & PFCL2_CANCEL_PENDING) ? "\"Cancel Pending\" " : ""); } @@ -5278,48 +5291,48 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) offset++; if (tree) { - tf = proto_tree_add_bytes (dcerpc_tree, hf_dcerpc_drep, tvb, offset, sizeof (hdr.drep), hdr.drep); - drep_tree = proto_item_add_subtree (tf, ett_dcerpc_drep); + tf = proto_tree_add_bytes(dcerpc_tree, hf_dcerpc_drep, tvb, offset, sizeof (hdr.drep), hdr.drep); + drep_tree = proto_item_add_subtree(tf, ett_dcerpc_drep); if (drep_tree) { proto_tree_add_uint(drep_tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, hdr.drep[0] >> 4); proto_tree_add_uint(drep_tree, hf_dcerpc_drep_character, tvb, offset, 1, hdr.drep[0] & 0x0f); proto_tree_add_uint(drep_tree, hf_dcerpc_drep_fp, tvb, offset+1, 1, hdr.drep[1]); proto_item_append_text(tf, " (Order: %s, Char: %s, Float: %s)", - val_to_str(hdr.drep[0] >> 4, drep_byteorder_vals, "Unknown"), - val_to_str(hdr.drep[0] & 0x0f, drep_character_vals, "Unknown"), - val_to_str(hdr.drep[1], drep_fp_vals, "Unknown")); + val_to_str_const(hdr.drep[0] >> 4, drep_byteorder_vals, "Unknown"), + val_to_str_const(hdr.drep[0] & 0x0f, drep_character_vals, "Unknown"), + val_to_str_const(hdr.drep[1], drep_fp_vals, "Unknown")); } } offset += sizeof (hdr.drep); if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_serial_hi, tvb, offset, 1, hdr.serial_hi); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_serial_hi, tvb, offset, 1, hdr.serial_hi); offset++; if (tree) { - proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, - offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s", - guid_to_str((e_guid_t *) &hdr.obj_id)); + proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_obj_id, tvb, + offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s", + guid_to_str((e_guid_t *) &hdr.obj_id)); } offset += 16; if (tree) { uuid_str = guid_to_str((e_guid_t*)&hdr.if_id); uuid_name = guids_get_uuid_name(&hdr.if_id); - if(uuid_name) { - proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb, - offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s UUID: %s", uuid_name, uuid_str); + if (uuid_name) { + proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_dg_if_id, tvb, + offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s UUID: %s", uuid_name, uuid_str); } else { - proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb, - offset, 16, (e_guid_t *) &hdr.if_id, "Interface UUID: %s", uuid_str); + proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_dg_if_id, tvb, + offset, 16, (e_guid_t *) &hdr.if_id, "Interface UUID: %s", uuid_str); } } offset += 16; if (tree) { - proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb, - offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s", - guid_to_str((e_guid_t *) &hdr.act_id)); + proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_dg_act_id, tvb, + offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s", + guid_to_str((e_guid_t *) &hdr.act_id)); } offset += 16; @@ -5330,60 +5343,60 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) server_boot.nsecs = 0; if (hdr.server_boot == 0) - proto_tree_add_time_format (dcerpc_tree, hf_dcerpc_dg_server_boot, - tvb, offset, 4, &server_boot, - "Server boot time: Unknown (0)"); + proto_tree_add_time_format(dcerpc_tree, hf_dcerpc_dg_server_boot, + tvb, offset, 4, &server_boot, + "Server boot time: Unknown (0)"); else - proto_tree_add_time (dcerpc_tree, hf_dcerpc_dg_server_boot, - tvb, offset, 4, &server_boot); + proto_tree_add_time(dcerpc_tree, hf_dcerpc_dg_server_boot, + tvb, offset, 4, &server_boot); } offset += 4; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_if_ver, tvb, offset, 4, hdr.if_ver); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_if_ver, tvb, offset, 4, hdr.if_ver); offset += 4; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_seqnum, tvb, offset, 4, hdr.seqnum); - col_append_fstr (pinfo->cinfo, COL_INFO, ": seq: %u", hdr.seqnum); - col_append_fstr (pinfo->cinfo, COL_DCE_CALL, "%u", hdr.seqnum); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_seqnum, tvb, offset, 4, hdr.seqnum); + col_append_fstr(pinfo->cinfo, COL_INFO, ": seq: %u", hdr.seqnum); + col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "%u", hdr.seqnum); offset += 4; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, offset, 2, hdr.opnum); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_opnum, tvb, offset, 2, hdr.opnum); offset += 2; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_ihint, tvb, offset, 2, hdr.ihint); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_ihint, tvb, offset, 2, hdr.ihint); offset += 2; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_ahint, tvb, offset, 2, hdr.ahint); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_ahint, tvb, offset, 2, hdr.ahint); offset += 2; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_frag_len, tvb, offset, 2, hdr.frag_len); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_frag_len, tvb, offset, 2, hdr.frag_len); offset += 2; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_frag_num, tvb, offset, 2, hdr.frag_num); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_frag_num, tvb, offset, 2, hdr.frag_num); if (hdr.flags1 & PFCL1_FRAG) { /* Fragmented - put the fragment number into the Info column */ - col_append_fstr (pinfo->cinfo, COL_INFO, " frag: %u", + col_append_fstr(pinfo->cinfo, COL_INFO, " frag: %u", hdr.frag_num); } offset += 2; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_auth_proto, tvb, offset, 1, hdr.auth_proto); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_auth_proto, tvb, offset, 1, hdr.auth_proto); offset++; if (tree) - proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_serial_lo, tvb, offset, 1, hdr.serial_lo); + proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_serial_lo, tvb, offset, 1, hdr.serial_lo); if (hdr.flags1 & PFCL1_FRAG) { /* Fragmented - put the serial number into the Info column */ - col_append_fstr (pinfo->cinfo, COL_INFO, " serial: %u", - (hdr.serial_hi << 8) | hdr.serial_lo); + col_append_fstr(pinfo->cinfo, COL_INFO, " serial: %u", + (hdr.serial_hi << 8) | hdr.serial_lo); } offset++; @@ -5393,8 +5406,8 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * DCE_C_AUTHN_LEVEL_PKT_PRIVACY, we can't dissect the * stub data. */ - dissect_dcerpc_dg_auth (tvb, offset, dcerpc_tree, &hdr, - &auth_level); + dissect_dcerpc_dg_auth(tvb, offset, dcerpc_tree, &hdr, + &auth_level); } /* @@ -5420,7 +5433,7 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Body is optional */ /* XXX - we assume "frag_len" is the length of the body */ if (hdr.frag_len != 0) - dissect_dcerpc_dg_cancel_ack (tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_dg_cancel_ack(tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_CL_CANCEL: @@ -5431,40 +5444,40 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) */ /* XXX - we assume "frag_len" is the length of the body */ if (hdr.frag_len != 0) - dissect_dcerpc_dg_cancel (tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_dg_cancel(tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_NOCALL: /* Body is optional; if present, it's the same as PDU_FACK */ /* XXX - we assume "frag_len" is the length of the body */ if (hdr.frag_len != 0) - dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_dg_fack(tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_FACK: /* Body is optional */ /* XXX - we assume "frag_len" is the length of the body */ if (hdr.frag_len != 0) - dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_dg_fack(tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_REJECT: case PDU_FAULT: - dissect_dcerpc_dg_reject_fault (tvb, offset, pinfo, dcerpc_tree, &hdr); + dissect_dcerpc_dg_reject_fault(tvb, offset, pinfo, dcerpc_tree, &hdr); break; case PDU_REQ: - dissect_dcerpc_dg_rqst (tvb, offset, pinfo, dcerpc_tree, tree, &hdr, conv); + dissect_dcerpc_dg_rqst(tvb, offset, pinfo, dcerpc_tree, tree, &hdr, conv); break; case PDU_RESP: - dissect_dcerpc_dg_resp (tvb, offset, pinfo, dcerpc_tree, tree, &hdr, conv); + dissect_dcerpc_dg_resp(tvb, offset, pinfo, dcerpc_tree, tree, &hdr, conv); break; /* these requests have no body */ case PDU_ACK: case PDU_PING: - dissect_dcerpc_dg_ping_ack (tvb, offset, pinfo, dcerpc_tree, &hdr, conv); + dissect_dcerpc_dg_ping_ack(tvb, offset, pinfo, dcerpc_tree, &hdr, conv); break; case PDU_WORKING: default: @@ -5475,39 +5488,39 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } static void -dcerpc_init_protocol (void) +dcerpc_init_protocol(void) { /* structures and data for BIND */ - if (dcerpc_binds){ - g_hash_table_destroy (dcerpc_binds); - dcerpc_binds=NULL; + if (dcerpc_binds) { + g_hash_table_destroy(dcerpc_binds); + dcerpc_binds = NULL; } - if(!dcerpc_binds){ - dcerpc_binds = g_hash_table_new (dcerpc_bind_hash, dcerpc_bind_equal); + if (!dcerpc_binds) { + dcerpc_binds = g_hash_table_new(dcerpc_bind_hash, dcerpc_bind_equal); } /* structures and data for CALL */ - if (dcerpc_cn_calls){ - g_hash_table_destroy (dcerpc_cn_calls); + if (dcerpc_cn_calls) { + g_hash_table_destroy(dcerpc_cn_calls); } - dcerpc_cn_calls = g_hash_table_new (dcerpc_cn_call_hash, dcerpc_cn_call_equal); - if (dcerpc_dg_calls){ - g_hash_table_destroy (dcerpc_dg_calls); + dcerpc_cn_calls = g_hash_table_new(dcerpc_cn_call_hash, dcerpc_cn_call_equal); + if (dcerpc_dg_calls) { + g_hash_table_destroy(dcerpc_dg_calls); } - dcerpc_dg_calls = g_hash_table_new (dcerpc_dg_call_hash, dcerpc_dg_call_equal); + dcerpc_dg_calls = g_hash_table_new(dcerpc_dg_call_hash, dcerpc_dg_call_equal); /* structure and data for MATCHED */ - if (dcerpc_matched){ - g_hash_table_destroy (dcerpc_matched); + if (dcerpc_matched) { + g_hash_table_destroy(dcerpc_matched); } - dcerpc_matched = g_hash_table_new (dcerpc_matched_hash, dcerpc_matched_equal); + dcerpc_matched = g_hash_table_new(dcerpc_matched_hash, dcerpc_matched_equal); /* call the registered hooks */ g_hook_list_invoke(&dcerpc_hooks_init_protos, FALSE /* not may_recurse */); } void -proto_register_dcerpc (void) +proto_register_dcerpc(void) { static hf_register_info hf[] = { { &hf_dcerpc_request_in, @@ -5524,33 +5537,33 @@ proto_register_dcerpc (void) { &hf_dcerpc_ver_minor, { "Version (minor)", "dcerpc.ver_minor", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_packet_type, - { "Packet type", "dcerpc.pkt_type", FT_UINT8, BASE_DEC, VALS (pckt_vals), 0x0, NULL, HFILL }}, + { "Packet type", "dcerpc.pkt_type", FT_UINT8, BASE_DEC, VALS(pckt_vals), 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_flags, { "Packet Flags", "dcerpc.cn_flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_flags_first_frag, - { "First Frag", "dcerpc.cn_flags.first_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_FIRST_FRAG, NULL, HFILL }}, + { "First Frag", "dcerpc.cn_flags.first_frag", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_FIRST_FRAG, NULL, HFILL }}, { &hf_dcerpc_cn_flags_last_frag, - { "Last Frag", "dcerpc.cn_flags.last_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_LAST_FRAG, NULL, HFILL }}, + { "Last Frag", "dcerpc.cn_flags.last_frag", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_LAST_FRAG, NULL, HFILL }}, { &hf_dcerpc_cn_flags_cancel_pending, - { "Cancel Pending", "dcerpc.cn_flags.cancel_pending", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_PENDING_CANCEL, NULL, HFILL }}, + { "Cancel Pending", "dcerpc.cn_flags.cancel_pending", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_PENDING_CANCEL, NULL, HFILL }}, { &hf_dcerpc_cn_flags_reserved, - { "Reserved", "dcerpc.cn_flags.reserved", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_RESERVED_1, NULL, HFILL }}, + { "Reserved", "dcerpc.cn_flags.reserved", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_RESERVED_1, NULL, HFILL }}, { &hf_dcerpc_cn_flags_mpx, - { "Multiplex", "dcerpc.cn_flags.mpx", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_CONC_MPX, NULL, HFILL }}, + { "Multiplex", "dcerpc.cn_flags.mpx", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_CONC_MPX, NULL, HFILL }}, { &hf_dcerpc_cn_flags_dne, - { "Did Not Execute", "dcerpc.cn_flags.dne", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_DID_NOT_EXECUTE, NULL, HFILL }}, + { "Did Not Execute", "dcerpc.cn_flags.dne", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_DID_NOT_EXECUTE, NULL, HFILL }}, { &hf_dcerpc_cn_flags_maybe, - { "Maybe", "dcerpc.cn_flags.maybe", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_MAYBE, NULL, HFILL }}, + { "Maybe", "dcerpc.cn_flags.maybe", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_MAYBE, NULL, HFILL }}, { &hf_dcerpc_cn_flags_object, - { "Object", "dcerpc.cn_flags.object", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_OBJECT_UUID, NULL, HFILL }}, + { "Object", "dcerpc.cn_flags.object", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_OBJECT_UUID, NULL, HFILL }}, { &hf_dcerpc_drep, { "Data Representation", "dcerpc.drep", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_drep_byteorder, - { "Byte order", "dcerpc.drep.byteorder", FT_UINT8, BASE_DEC, VALS (drep_byteorder_vals), 0x0, NULL, HFILL }}, + { "Byte order", "dcerpc.drep.byteorder", FT_UINT8, BASE_DEC, VALS(drep_byteorder_vals), 0x0, NULL, HFILL }}, { &hf_dcerpc_drep_character, - { "Character", "dcerpc.drep.character", FT_UINT8, BASE_DEC, VALS (drep_character_vals), 0x0, NULL, HFILL }}, + { "Character", "dcerpc.drep.character", FT_UINT8, BASE_DEC, VALS(drep_character_vals), 0x0, NULL, HFILL }}, { &hf_dcerpc_drep_fp, - { "Floating-point", "dcerpc.drep.fp", FT_UINT8, BASE_DEC, VALS (drep_fp_vals), 0x0, NULL, HFILL }}, + { "Floating-point", "dcerpc.drep.fp", FT_UINT8, BASE_DEC, VALS(drep_fp_vals), 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_frag_len, { "Frag Length", "dcerpc.cn_frag_len", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_cn_auth_len, @@ -5616,9 +5629,9 @@ proto_register_dcerpc (void) { &hf_dcerpc_cn_deseg_req, { "Desegmentation Required", "dcerpc.cn_deseg_req", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_auth_type, - { "Auth type", "dcerpc.auth_type", FT_UINT8, BASE_DEC, VALS (authn_protocol_vals), 0x0, NULL, HFILL }}, + { "Auth type", "dcerpc.auth_type", FT_UINT8, BASE_DEC, VALS(authn_protocol_vals), 0x0, NULL, HFILL }}, { &hf_dcerpc_auth_level, - { "Auth level", "dcerpc.auth_level", FT_UINT8, BASE_DEC, VALS (authn_level_vals), 0x0, NULL, HFILL }}, + { "Auth level", "dcerpc.auth_level", FT_UINT8, BASE_DEC, VALS(authn_level_vals), 0x0, NULL, HFILL }}, { &hf_dcerpc_auth_pad_len, { "Auth pad len", "dcerpc.auth_pad_len", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_auth_rsrvd, @@ -5628,39 +5641,39 @@ proto_register_dcerpc (void) { &hf_dcerpc_dg_flags1, { "Flags1", "dcerpc.dg_flags1", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_dg_flags1_rsrvd_01, - { "Reserved", "dcerpc.dg_flags1_rsrvd_01", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_RESERVED_01, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags1_rsrvd_01", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_RESERVED_01, NULL, HFILL }}, { &hf_dcerpc_dg_flags1_last_frag, - { "Last Fragment", "dcerpc.dg_flags1_last_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_LASTFRAG, NULL, HFILL }}, + { "Last Fragment", "dcerpc.dg_flags1_last_frag", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_LASTFRAG, NULL, HFILL }}, { &hf_dcerpc_dg_flags1_frag, - { "Fragment", "dcerpc.dg_flags1_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_FRAG, NULL, HFILL }}, + { "Fragment", "dcerpc.dg_flags1_frag", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_FRAG, NULL, HFILL }}, { &hf_dcerpc_dg_flags1_nofack, - { "No Fack", "dcerpc.dg_flags1_nofack", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_NOFACK, NULL, HFILL }}, + { "No Fack", "dcerpc.dg_flags1_nofack", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_NOFACK, NULL, HFILL }}, { &hf_dcerpc_dg_flags1_maybe, - { "Maybe", "dcerpc.dg_flags1_maybe", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_MAYBE, NULL, HFILL }}, + { "Maybe", "dcerpc.dg_flags1_maybe", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_MAYBE, NULL, HFILL }}, { &hf_dcerpc_dg_flags1_idempotent, - { "Idempotent", "dcerpc.dg_flags1_idempotent", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_IDEMPOTENT, NULL, HFILL }}, + { "Idempotent", "dcerpc.dg_flags1_idempotent", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_IDEMPOTENT, NULL, HFILL }}, { &hf_dcerpc_dg_flags1_broadcast, - { "Broadcast", "dcerpc.dg_flags1_broadcast", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_BROADCAST, NULL, HFILL }}, + { "Broadcast", "dcerpc.dg_flags1_broadcast", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_BROADCAST, NULL, HFILL }}, { &hf_dcerpc_dg_flags1_rsrvd_80, - { "Reserved", "dcerpc.dg_flags1_rsrvd_80", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_RESERVED_80, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags1_rsrvd_80", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_RESERVED_80, NULL, HFILL }}, { &hf_dcerpc_dg_flags2, { "Flags2", "dcerpc.dg_flags2", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_dg_flags2_rsrvd_01, - { "Reserved", "dcerpc.dg_flags2_rsrvd_01", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_01, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags2_rsrvd_01", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_01, NULL, HFILL }}, { &hf_dcerpc_dg_flags2_cancel_pending, - { "Cancel Pending", "dcerpc.dg_flags2_cancel_pending", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_CANCEL_PENDING, NULL, HFILL }}, + { "Cancel Pending", "dcerpc.dg_flags2_cancel_pending", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_CANCEL_PENDING, NULL, HFILL }}, { &hf_dcerpc_dg_flags2_rsrvd_04, - { "Reserved", "dcerpc.dg_flags2_rsrvd_04", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_04, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags2_rsrvd_04", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_04, NULL, HFILL }}, { &hf_dcerpc_dg_flags2_rsrvd_08, - { "Reserved", "dcerpc.dg_flags2_rsrvd_08", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_08, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags2_rsrvd_08", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_08, NULL, HFILL }}, { &hf_dcerpc_dg_flags2_rsrvd_10, - { "Reserved", "dcerpc.dg_flags2_rsrvd_10", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_10, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags2_rsrvd_10", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_10, NULL, HFILL }}, { &hf_dcerpc_dg_flags2_rsrvd_20, - { "Reserved", "dcerpc.dg_flags2_rsrvd_20", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_20, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags2_rsrvd_20", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_20, NULL, HFILL }}, { &hf_dcerpc_dg_flags2_rsrvd_40, - { "Reserved", "dcerpc.dg_flags2_rsrvd_40", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_40, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags2_rsrvd_40", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_40, NULL, HFILL }}, { &hf_dcerpc_dg_flags2_rsrvd_80, - { "Reserved", "dcerpc.dg_flags2_rsrvd_80", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_80, NULL, HFILL }}, + { "Reserved", "dcerpc.dg_flags2_rsrvd_80", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_80, NULL, HFILL }}, { &hf_dcerpc_dg_serial_lo, { "Serial Low", "dcerpc.dg_serial_lo", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_dg_serial_hi, @@ -5674,7 +5687,7 @@ proto_register_dcerpc (void) { &hf_dcerpc_dg_frag_num, { "Fragment num", "dcerpc.dg_frag_num", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_dg_auth_proto, - { "Auth proto", "dcerpc.dg_auth_proto", FT_UINT8, BASE_DEC, VALS (authn_protocol_vals), 0x0, NULL, HFILL }}, + { "Auth proto", "dcerpc.dg_auth_proto", FT_UINT8, BASE_DEC, VALS(authn_protocol_vals), 0x0, NULL, HFILL }}, { &hf_dcerpc_dg_seqnum, { "Sequence num", "dcerpc.dg_seqnum", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, { &hf_dcerpc_dg_server_boot, @@ -5862,38 +5875,40 @@ proto_register_dcerpc (void) }; module_t *dcerpc_module; - proto_dcerpc = proto_register_protocol ("Distributed Computing Environment / Remote Procedure Call (DCE/RPC)", "DCERPC", "dcerpc"); - proto_register_field_array (proto_dcerpc, hf, array_length (hf)); - proto_register_subtree_array (ett, array_length (ett)); - register_init_routine (dcerpc_init_protocol); - dcerpc_module = prefs_register_protocol (proto_dcerpc, NULL); - prefs_register_bool_preference (dcerpc_module, - "desegment_dcerpc", - "Reassemble DCE/RPC messages spanning multiple TCP segments", - "Whether the DCE/RPC dissector should reassemble messages spanning multiple TCP segments." - " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", - &dcerpc_cn_desegment); - prefs_register_bool_preference (dcerpc_module, - "reassemble_dcerpc", - "Reassemble DCE/RPC fragments", - "Whether the DCE/RPC dissector should reassemble fragmented DCE/RPC PDUs", - &dcerpc_reassemble); + proto_dcerpc = proto_register_protocol("Distributed Computing Environment / Remote Procedure Call (DCE/RPC)", "DCERPC", "dcerpc"); + proto_register_field_array(proto_dcerpc, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + register_init_routine(dcerpc_init_protocol); + dcerpc_module = prefs_register_protocol(proto_dcerpc, NULL); + prefs_register_bool_preference(dcerpc_module, + "desegment_dcerpc", + "Reassemble DCE/RPC messages spanning multiple TCP segments", + "Whether the DCE/RPC dissector should reassemble messages" + " spanning multiple TCP segments." + " To use this option, you must also enable" + " \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", + &dcerpc_cn_desegment); + prefs_register_bool_preference(dcerpc_module, + "reassemble_dcerpc", + "Reassemble DCE/RPC fragments", + "Whether the DCE/RPC dissector should reassemble fragmented DCE/RPC PDUs", + &dcerpc_reassemble); register_init_routine(dcerpc_reassemble_init); - dcerpc_uuids = g_hash_table_new (dcerpc_uuid_hash, dcerpc_uuid_equal); - dcerpc_tap=register_tap("dcerpc"); + dcerpc_uuids = g_hash_table_new(dcerpc_uuid_hash, dcerpc_uuid_equal); + dcerpc_tap = register_tap("dcerpc"); g_hook_list_init(&dcerpc_hooks_init_protos, sizeof(GHook)); } void -proto_reg_handoff_dcerpc (void) +proto_reg_handoff_dcerpc(void) { - heur_dissector_add ("tcp", dissect_dcerpc_cn_bs, proto_dcerpc); - heur_dissector_add ("netbios", dissect_dcerpc_cn_pk, proto_dcerpc); - heur_dissector_add ("udp", dissect_dcerpc_dg, proto_dcerpc); - heur_dissector_add ("smb_transact", dissect_dcerpc_cn_smbpipe, proto_dcerpc); - heur_dissector_add ("smb2_heur_subdissectors", dissect_dcerpc_cn_smb2, proto_dcerpc); - heur_dissector_add ("http", dissect_dcerpc_cn_bs, proto_dcerpc); + heur_dissector_add("tcp", dissect_dcerpc_cn_bs, proto_dcerpc); + heur_dissector_add("netbios", dissect_dcerpc_cn_pk, proto_dcerpc); + heur_dissector_add("udp", dissect_dcerpc_dg, proto_dcerpc); + heur_dissector_add("smb_transact", dissect_dcerpc_cn_smbpipe, proto_dcerpc); + heur_dissector_add("smb2_heur_subdissectors", dissect_dcerpc_cn_smb2, proto_dcerpc); + heur_dissector_add("http", dissect_dcerpc_cn_bs, proto_dcerpc); dcerpc_smb_init(proto_dcerpc); guids_add_uuid(&uuid_data_repr_proto, "32bit NDR"); |