aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-dcerpc.c
diff options
context:
space:
mode:
authorBill Meier <wmeier@newsguy.com>2012-05-07 22:11:34 +0000
committerBill Meier <wmeier@newsguy.com>2012-05-07 22:11:34 +0000
commitc055ca8c7e2457c348d5ae22e3b779b99a11ffec (patch)
tree2aee6168b7f96c0437a0c388646b7dd19030de0c /epan/dissectors/packet-dcerpc.c
parent8d33dddd11955bb267cc2f747279c91f1a381beb (diff)
General minor cleanup including:
- remove unneeded #includes; - use val_to_str_const() as appropriate; - reformat hf[] entries; - reformat long lines; - use #if 0/#endif to coment out code instead of /* ... */; - remove boilerplate comments; - whitespace & indentation svn path=/trunk/; revision=42487
Diffstat (limited to 'epan/dissectors/packet-dcerpc.c')
-rw-r--r--epan/dissectors/packet-dcerpc.c2495
1 files changed, 1255 insertions, 1240 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index e943d1f121..c7e732bbe1 100644
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -34,32 +34,39 @@
#endif
#include <string.h>
-#include <ctype.h>
#include <glib.h>
+
#include <epan/packet.h>
-#include <epan/dissectors/packet-dcerpc.h>
#include <epan/conversation.h>
#include <epan/prefs.h>
#include <epan/reassemble.h>
#include <epan/tap.h>
#include <epan/emem.h>
-#include <epan/dissectors/packet-frame.h>
-#include <epan/dissectors/packet-dcerpc-nt.h>
#include <epan/expert.h>
#include <epan/strutil.h>
#include <epan/addr_resolv.h>
+#include <epan/dissectors/packet-frame.h>
+#include <epan/dissectors/packet-dcerpc.h>
+#include <epan/dissectors/packet-dcerpc-nt.h>
static int dcerpc_tap = -1;
/* 32bit Network Data Representation, see DCE/RPC Appendix I */
-static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } };
+static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9,
+ { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } };
+
/* 64bit Network Data Representation, introduced in Windows Server 2008 */
-static e_uuid_t uuid_ndr64 = { 0x71710533, 0xbeba, 0x4937, { 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 } };
+static e_uuid_t uuid_ndr64 = { 0x71710533, 0xbeba, 0x4937,
+ { 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 } };
+
/* Bind Time Feature Negotiation, see [MS-RPCE] 3.3.1.5.3 */
-static e_uuid_t uuid_bind_time_feature_nego = { 0x6cb71c2c, 0x9812, 0x4540, { 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
+static e_uuid_t uuid_bind_time_feature_nego = { 0x6cb71c2c, 0x9812, 0x4540,
+ { 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
+
/* see [MS-OXRPC] Appendix A: Full IDL, http://msdn.microsoft.com/en-us/library/ee217991%28v=exchg.80%29.aspx */
-static e_uuid_t uuid_asyncemsmdb = { 0x5261574a, 0x4572, 0x206e, { 0xb2, 0x68, 0x6b, 0x19, 0x92, 0x13, 0xb4, 0xe4 } };
+static e_uuid_t uuid_asyncemsmdb = { 0x5261574a, 0x4572, 0x206e,
+ { 0xb2, 0x68, 0x6b, 0x19, 0x92, 0x13, 0xb4, 0xe4 } };
static const value_string pckt_vals[] = {
{ PDU_REQ, "Request"},
@@ -200,7 +207,7 @@ static const value_string authn_level_vals[] = {
* and FALSE otherwise.
*/
#define PFC_NOT_FRAGMENTED(hdr) \
- ((hdr->flags&(PFC_FIRST_FRAG|PFC_LAST_FRAG))==(PFC_FIRST_FRAG|PFC_LAST_FRAG))
+ ((hdr->flags&(PFC_FIRST_FRAG|PFC_LAST_FRAG)) == (PFC_FIRST_FRAG|PFC_LAST_FRAG))
/*
* Presentation context negotiation result.
@@ -613,11 +620,11 @@ static dcerpc_info *
get_next_di(void)
{
static dcerpc_info di[20];
- static int di_counter=0;
+ static int di_counter = 0;
di_counter++;
- if(di_counter>=20){
- di_counter=0;
+ if (di_counter >= 20) {
+ di_counter = 0;
}
memset(&di[di_counter], 0, sizeof(dcerpc_info));
@@ -667,13 +674,13 @@ static dcerpc_auth_subdissector_fns *get_auth_subdissector_fns(
guint8 auth_level, guint8 auth_type)
{
gpointer data;
- int i;
+ int i;
for (i = 0; (data = g_slist_nth_data(dcerpc_auth_subdissector_list, i)); i++) {
dcerpc_auth_subdissector *asd = (dcerpc_auth_subdissector *)data;
- if (asd->auth_level == auth_level &&
- asd->auth_type == auth_type)
+ if ((asd->auth_level == auth_level) &&
+ (asd->auth_type == auth_type))
return &asd->auth_fns;
}
@@ -774,19 +781,19 @@ static tvbuff_t *decode_encrypted_data(tvbuff_t *data_tvb,
*/
/* the registered subdissectors */
-GHashTable *dcerpc_uuids=NULL;
+GHashTable *dcerpc_uuids = NULL;
static gint
-dcerpc_uuid_equal (gconstpointer k1, gconstpointer k2)
+dcerpc_uuid_equal(gconstpointer k1, gconstpointer k2)
{
const dcerpc_uuid_key *key1 = (const dcerpc_uuid_key *)k1;
const dcerpc_uuid_key *key2 = (const dcerpc_uuid_key *)k2;
- return ((memcmp (&key1->uuid, &key2->uuid, sizeof (e_uuid_t)) == 0)
+ return ((memcmp(&key1->uuid, &key2->uuid, sizeof (e_uuid_t)) == 0)
&& (key1->ver == key2->ver));
}
static guint
-dcerpc_uuid_hash (gconstpointer k)
+dcerpc_uuid_hash(gconstpointer k)
{
const dcerpc_uuid_key *key = (const dcerpc_uuid_key *)k;
/* This isn't perfect, but the Data1 part of these is almost always
@@ -795,37 +802,37 @@ dcerpc_uuid_hash (gconstpointer k)
}
void
-dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
- dcerpc_sub_dissector *procs, int opnum_hf)
+dcerpc_init_uuid(int proto, int ett, e_uuid_t *uuid, guint16 ver,
+ dcerpc_sub_dissector *procs, int opnum_hf)
{
- dcerpc_uuid_key *key = g_malloc (sizeof (*key));
- dcerpc_uuid_value *value = g_malloc (sizeof (*value));
+ dcerpc_uuid_key *key = g_malloc(sizeof (*key));
+ dcerpc_uuid_value *value = g_malloc(sizeof (*value));
header_field_info *hf_info;
- module_t *samr_module;
- const char *filter_name = proto_get_protocol_filter_name(proto);
+ module_t *samr_module;
+ const char *filter_name = proto_get_protocol_filter_name(proto);
key->uuid = *uuid;
key->ver = ver;
- value->proto = find_protocol_by_id(proto);
+ value->proto = find_protocol_by_id(proto);
value->proto_id = proto;
- value->ett = ett;
- value->name = proto_get_protocol_short_name (value->proto);
- value->procs = procs;
+ value->ett = ett;
+ value->name = proto_get_protocol_short_name(value->proto);
+ value->procs = procs;
value->opnum_hf = opnum_hf;
- g_hash_table_insert (dcerpc_uuids, key, value);
+ g_hash_table_insert(dcerpc_uuids, key, value);
hf_info = proto_registrar_get_nth(opnum_hf);
hf_info->strings = value_string_from_subdissectors(procs);
/* add this GUID to the global name resolving */
- guids_add_uuid(uuid, proto_get_protocol_short_name (value->proto));
+ guids_add_uuid(uuid, proto_get_protocol_short_name(value->proto));
/* Register the samr.nt_password preference as obsolete */
/* This should be in packet-dcerpc-samr.c */
if (strcmp(filter_name, "samr") == 0) {
- samr_module = prefs_register_protocol (proto, NULL);
+ samr_module = prefs_register_protocol(proto, NULL);
prefs_register_obsolete_preference(samr_module, "nt_password");
}
}
@@ -836,12 +843,12 @@ dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
const char *
dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver)
{
- dcerpc_uuid_key key;
+ dcerpc_uuid_key key;
dcerpc_uuid_value *sub_proto;
key.uuid = *uuid;
key.ver = ver;
- if(!(sub_proto = g_hash_table_lookup (dcerpc_uuids, &key))){
+ if (!(sub_proto = g_hash_table_lookup(dcerpc_uuids, &key))) {
return NULL;
}
return sub_proto->name;
@@ -853,12 +860,12 @@ dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver)
int
dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver)
{
- dcerpc_uuid_key key;
+ dcerpc_uuid_key key;
dcerpc_uuid_value *sub_proto;
key.uuid = *uuid;
key.ver = ver;
- if(!(sub_proto = g_hash_table_lookup (dcerpc_uuids, &key))){
+ if (!(sub_proto = g_hash_table_lookup(dcerpc_uuids, &key))) {
return -1;
}
return sub_proto->opnum_hf;
@@ -869,8 +876,9 @@ dcerpc_get_proto_hf_opnum(e_uuid_t *uuid, guint16 ver)
value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd)
{
- value_string *vs = NULL;
- int i, num_sd = 0;
+ value_string *vs = NULL;
+ int i;
+ int num_sd = 0;
again:
for (i = 0; sd[i].name; i++) {
@@ -898,12 +906,12 @@ again:
dcerpc_sub_dissector *
dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver)
{
- dcerpc_uuid_key key;
+ dcerpc_uuid_key key;
dcerpc_uuid_value *sub_proto;
key.uuid = *uuid;
key.ver = ver;
- if(!(sub_proto = g_hash_table_lookup (dcerpc_uuids, &key))){
+ if (!(sub_proto = g_hash_table_lookup(dcerpc_uuids, &key))) {
return NULL;
}
return sub_proto->procs;
@@ -917,37 +925,37 @@ dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver)
* Note that we always specify a SMB FID. For non-SMB transports this
* value is 0.
*/
-static GHashTable *dcerpc_binds=NULL;
+static GHashTable *dcerpc_binds = NULL;
typedef struct _dcerpc_bind_key {
conversation_t *conv;
- guint16 ctx_id;
- guint16 smb_fid;
+ guint16 ctx_id;
+ guint16 smb_fid;
} dcerpc_bind_key;
typedef struct _dcerpc_bind_value {
e_uuid_t uuid;
- guint16 ver;
+ guint16 ver;
e_uuid_t transport;
} dcerpc_bind_value;
static gint
-dcerpc_bind_equal (gconstpointer k1, gconstpointer k2)
+dcerpc_bind_equal(gconstpointer k1, gconstpointer k2)
{
const dcerpc_bind_key *key1 = (const dcerpc_bind_key *)k1;
const dcerpc_bind_key *key2 = (const dcerpc_bind_key *)k2;
- return (key1->conv == key2->conv
- && key1->ctx_id == key2->ctx_id
- && key1->smb_fid == key2->smb_fid);
+ return ((key1->conv == key2->conv)
+ && (key1->ctx_id == key2->ctx_id)
+ && (key1->smb_fid == key2->smb_fid));
}
static guint
-dcerpc_bind_hash (gconstpointer k)
+dcerpc_bind_hash(gconstpointer k)
{
const dcerpc_bind_key *key = (const dcerpc_bind_key *)k;
guint hash;
- hash=GPOINTER_TO_UINT(key->conv) + key->ctx_id + key->smb_fid;
+ hash = GPOINTER_TO_UINT(key->conv) + key->ctx_id + key->smb_fid;
return hash;
}
@@ -956,8 +964,8 @@ dcerpc_bind_hash (gconstpointer k)
* To keep track of callid mappings. Should really use some generic
* conversation support instead.
*/
-static GHashTable *dcerpc_cn_calls=NULL;
-static GHashTable *dcerpc_dg_calls=NULL;
+static GHashTable *dcerpc_cn_calls = NULL;
+static GHashTable *dcerpc_dg_calls = NULL;
typedef struct _dcerpc_cn_call_key {
conversation_t *conv;
@@ -967,48 +975,48 @@ typedef struct _dcerpc_cn_call_key {
typedef struct _dcerpc_dg_call_key {
conversation_t *conv;
- guint32 seqnum;
- e_uuid_t act_id ;
+ guint32 seqnum;
+ e_uuid_t act_id ;
} dcerpc_dg_call_key;
static gint
-dcerpc_cn_call_equal (gconstpointer k1, gconstpointer k2)
+dcerpc_cn_call_equal(gconstpointer k1, gconstpointer k2)
{
const dcerpc_cn_call_key *key1 = (const dcerpc_cn_call_key *)k1;
const dcerpc_cn_call_key *key2 = (const dcerpc_cn_call_key *)k2;
- return (key1->conv == key2->conv
- && key1->call_id == key2->call_id
- && key1->smb_fid == key2->smb_fid);
+ return ((key1->conv == key2->conv)
+ && (key1->call_id == key2->call_id)
+ && (key1->smb_fid == key2->smb_fid));
}
static gint
-dcerpc_dg_call_equal (gconstpointer k1, gconstpointer k2)
+dcerpc_dg_call_equal(gconstpointer k1, gconstpointer k2)
{
const dcerpc_dg_call_key *key1 = (const dcerpc_dg_call_key *)k1;
const dcerpc_dg_call_key *key2 = (const dcerpc_dg_call_key *)k2;
- return (key1->conv == key2->conv
- && key1->seqnum == key2->seqnum
- && (memcmp (&key1->act_id, &key2->act_id, sizeof (e_uuid_t)) == 0));
+ return ((key1->conv == key2->conv)
+ && (key1->seqnum == key2->seqnum)
+ && ((memcmp(&key1->act_id, &key2->act_id, sizeof (e_uuid_t)) == 0)));
}
static guint
-dcerpc_cn_call_hash (gconstpointer k)
+dcerpc_cn_call_hash(gconstpointer k)
{
const dcerpc_cn_call_key *key = (const dcerpc_cn_call_key *)k;
return GPOINTER_TO_UINT(key->conv) + key->call_id + key->smb_fid;
}
static guint
-dcerpc_dg_call_hash (gconstpointer k)
+dcerpc_dg_call_hash(gconstpointer k)
{
const dcerpc_dg_call_key *key = (const dcerpc_dg_call_key *)k;
return (GPOINTER_TO_UINT(key->conv) + key->seqnum + key->act_id.Data1
- + (key->act_id.Data2 << 16) + key->act_id.Data3
+ + (key->act_id.Data2 << 16) + key->act_id.Data3
+ (key->act_id.Data4[0] << 24) + (key->act_id.Data4[1] << 16)
- + (key->act_id.Data4[2] << 8) + (key->act_id.Data4[3] << 0)
+ + (key->act_id.Data4[2] << 8) + (key->act_id.Data4[3] << 0)
+ (key->act_id.Data4[4] << 24) + (key->act_id.Data4[5] << 16)
- + (key->act_id.Data4[6] << 8) + (key->act_id.Data4[7] << 0));
+ + (key->act_id.Data4[6] << 8) + (key->act_id.Data4[7] << 0));
}
/* to keep track of matched calls/responses
@@ -1018,7 +1026,7 @@ dcerpc_dg_call_hash (gconstpointer k)
XXX - why not just use the same keys as are used for calls?
*/
-static GHashTable *dcerpc_matched=NULL;
+static GHashTable *dcerpc_matched = NULL;
typedef struct _dcerpc_matched_key {
guint32 frame;
@@ -1026,16 +1034,16 @@ typedef struct _dcerpc_matched_key {
} dcerpc_matched_key;
static gint
-dcerpc_matched_equal (gconstpointer k1, gconstpointer k2)
+dcerpc_matched_equal(gconstpointer k1, gconstpointer k2)
{
const dcerpc_matched_key *key1 = (const dcerpc_matched_key *)k1;
const dcerpc_matched_key *key2 = (const dcerpc_matched_key *)k2;
- return (key1->frame == key2->frame
- && key1->call_id == key2->call_id);
+ return ((key1->frame == key2->frame)
+ && (key1->call_id == key2->call_id));
}
static guint
-dcerpc_matched_hash (gconstpointer k)
+dcerpc_matched_hash(gconstpointer k)
{
const dcerpc_matched_key *key = (const dcerpc_matched_key *)k;
return key->frame;
@@ -1048,15 +1056,15 @@ dcerpc_matched_hash (gconstpointer k)
*/
int
-dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
- proto_tree *tree, guint8 *drep,
- int hfindex, guint8 *pdata)
+dissect_dcerpc_uint8(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
+ proto_tree *tree, guint8 *drep,
+ int hfindex, guint8 *pdata)
{
guint8 data;
- data = tvb_get_guint8 (tvb, offset);
+ data = tvb_get_guint8(tvb, offset);
if (tree) {
- proto_tree_add_item (tree, hfindex, tvb, offset, 1, DREP_ENC_INTEGER(drep));
+ proto_tree_add_item(tree, hfindex, tvb, offset, 1, DREP_ENC_INTEGER(drep));
}
if (pdata)
*pdata = data;
@@ -1064,18 +1072,18 @@ dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
}
int
-dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
- proto_tree *tree, guint8 *drep,
- int hfindex, guint16 *pdata)
+dissect_dcerpc_uint16(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
+ proto_tree *tree, guint8 *drep,
+ int hfindex, guint16 *pdata)
{
guint16 data;
data = ((drep[0] & DREP_LITTLE_ENDIAN)
- ? tvb_get_letohs (tvb, offset)
- : tvb_get_ntohs (tvb, offset));
+ ? tvb_get_letohs(tvb, offset)
+ : tvb_get_ntohs(tvb, offset));
if (tree) {
- proto_tree_add_item (tree, hfindex, tvb, offset, 2, DREP_ENC_INTEGER(drep));
+ proto_tree_add_item(tree, hfindex, tvb, offset, 2, DREP_ENC_INTEGER(drep));
}
if (pdata)
*pdata = data;
@@ -1083,18 +1091,18 @@ dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
}
int
-dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
- proto_tree *tree, guint8 *drep,
- int hfindex, guint32 *pdata)
+dissect_dcerpc_uint32(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
+ proto_tree *tree, guint8 *drep,
+ int hfindex, guint32 *pdata)
{
guint32 data;
data = ((drep[0] & DREP_LITTLE_ENDIAN)
- ? tvb_get_letohl (tvb, offset)
- : tvb_get_ntohl (tvb, offset));
+ ? tvb_get_letohl(tvb, offset)
+ : tvb_get_ntohl(tvb, offset));
if (tree) {
- proto_tree_add_item (tree, hfindex, tvb, offset, 4, DREP_ENC_INTEGER(drep));
+ proto_tree_add_item(tree, hfindex, tvb, offset, 4, DREP_ENC_INTEGER(drep));
}
if (pdata)
*pdata = data;
@@ -1103,25 +1111,25 @@ dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
/* handles 32 bit unix time_t */
int
-dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
- proto_tree *tree, guint8 *drep,
- int hfindex, guint32 *pdata)
+dissect_dcerpc_time_t(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
+ proto_tree *tree, guint8 *drep,
+ int hfindex, guint32 *pdata)
{
guint32 data;
nstime_t tv;
data = ((drep[0] & DREP_LITTLE_ENDIAN)
- ? tvb_get_letohl (tvb, offset)
- : tvb_get_ntohl (tvb, offset));
+ ? tvb_get_letohl(tvb, offset)
+ : tvb_get_ntohl(tvb, offset));
- tv.secs=data;
- tv.nsecs=0;
+ tv.secs = data;
+ tv.nsecs = 0;
if (tree) {
- if(data==0xffffffff){
+ if (data == 0xffffffff) {
/* special case, no time specified */
proto_tree_add_time_format_value(tree, hfindex, tvb, offset, 4, &tv, "No time specified");
} else {
- proto_tree_add_time (tree, hfindex, tvb, offset, 4, &tv);
+ proto_tree_add_time(tree, hfindex, tvb, offset, 4, &tv);
}
}
if (pdata)
@@ -1131,15 +1139,15 @@ dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
}
int
-dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
- proto_tree *tree, guint8 *drep,
- int hfindex, guint64 *pdata)
+dissect_dcerpc_uint64(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
+ proto_tree *tree, guint8 *drep,
+ int hfindex, guint64 *pdata)
{
guint64 data;
data = ((drep[0] & DREP_LITTLE_ENDIAN)
- ? tvb_get_letoh64 (tvb, offset)
- : tvb_get_ntoh64 (tvb, offset));
+ ? tvb_get_letoh64(tvb, offset)
+ : tvb_get_ntoh64(tvb, offset));
if (tree) {
header_field_info *hfinfo;
@@ -1150,7 +1158,7 @@ dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
*/
hfinfo = proto_registrar_get_nth(hfindex);
- switch(hfinfo->type) {
+ switch (hfinfo->type) {
case FT_UINT64:
proto_tree_add_uint64(tree, hfindex, tvb, offset, 8, data);
break;
@@ -1158,7 +1166,7 @@ dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
proto_tree_add_int64(tree, hfindex, tvb, offset, 8, data);
break;
default:
- DISSECTOR_ASSERT(data<=G_MAXUINT32);
+ DISSECTOR_ASSERT(data <= G_MAXUINT32);
proto_tree_add_uint(tree, hfindex, tvb, offset, 8, (guint32)data);
}
}
@@ -1176,7 +1184,7 @@ dissect_dcerpc_float(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
gfloat data;
- switch(drep[1]) {
+ switch (drep[1]) {
case(DCE_RPC_DREP_FP_IEEE):
data = ((drep[0] & DREP_LITTLE_ENDIAN)
? tvb_get_letohieee_float(tvb, offset)
@@ -1210,7 +1218,7 @@ dissect_dcerpc_double(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
gdouble data;
- switch(drep[1]) {
+ switch (drep[1]) {
case(DCE_RPC_DREP_FP_IEEE):
data = ((drep[0] & DREP_LITTLE_ENDIAN)
? tvb_get_letohieee_double(tvb, offset)
@@ -1237,17 +1245,17 @@ dissect_dcerpc_double(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
int
-dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
- proto_tree *tree, guint8 *drep,
- int hfindex, e_uuid_t *pdata)
+dissect_dcerpc_uuid_t(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
+ proto_tree *tree, guint8 *drep,
+ int hfindex, e_uuid_t *pdata)
{
e_uuid_t uuid;
if (drep[0] & DREP_LITTLE_ENDIAN) {
- tvb_get_letohguid (tvb, offset, (e_guid_t *) &uuid);
+ tvb_get_letohguid(tvb, offset, (e_guid_t *) &uuid);
} else {
- tvb_get_ntohguid (tvb, offset, (e_guid_t *) &uuid);
+ tvb_get_ntohguid(tvb, offset, (e_guid_t *) &uuid);
}
if (tree) {
proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
@@ -1263,32 +1271,32 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
* a couple simpler things
*/
guint16
-dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, guint8 *drep)
+dcerpc_tvb_get_ntohs(tvbuff_t *tvb, gint offset, guint8 *drep)
{
if (drep[0] & DREP_LITTLE_ENDIAN) {
- return tvb_get_letohs (tvb, offset);
+ return tvb_get_letohs(tvb, offset);
} else {
- return tvb_get_ntohs (tvb, offset);
+ return tvb_get_ntohs(tvb, offset);
}
}
guint32
-dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, guint8 *drep)
+dcerpc_tvb_get_ntohl(tvbuff_t *tvb, gint offset, guint8 *drep)
{
if (drep[0] & DREP_LITTLE_ENDIAN) {
- return tvb_get_letohl (tvb, offset);
+ return tvb_get_letohl(tvb, offset);
} else {
- return tvb_get_ntohl (tvb, offset);
+ return tvb_get_ntohl(tvb, offset);
}
}
void
-dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid)
+dcerpc_tvb_get_uuid(tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid)
{
if (drep[0] & DREP_LITTLE_ENDIAN) {
- tvb_get_letohguid (tvb, offset, (e_guid_t *) uuid);
+ tvb_get_letohguid(tvb, offset, (e_guid_t *) uuid);
} else {
- tvb_get_ntohguid (tvb, offset, (e_guid_t *) uuid);
+ tvb_get_ntohguid(tvb, offset, (e_guid_t *) uuid);
}
}
@@ -1300,35 +1308,35 @@ dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
dcerpc_dissect_fnct_t *fnct)
{
- guint32 i;
+ guint32 i;
dcerpc_info *di;
- int old_offset;
- int conformance_size = 4;
+ int old_offset;
+ int conformance_size = 4;
- di=pinfo->private_data;
+ di = pinfo->private_data;
if (di->call_data->flags & DCERPC_IS_NDR64) {
conformance_size = 8;
}
- if(di->conformant_run){
+ if (di->conformant_run) {
guint64 val;
/* conformant run, just dissect the max_count header */
- old_offset=offset;
- di->conformant_run=0;
- offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
+ old_offset = offset;
+ di->conformant_run = 0;
+ offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep,
hf_dcerpc_array_max_count, &val);
di->array_max_count = (gint32)val;
- di->array_max_count_offset=offset-conformance_size;
- di->conformant_run=1;
- di->conformant_eaten=offset-old_offset;
+ di->array_max_count_offset = offset-conformance_size;
+ di->conformant_run = 1;
+ di->conformant_eaten = offset-old_offset;
} else {
/* we don't remember where in the bytestream this field was */
proto_tree_add_uint(tree, hf_dcerpc_array_max_count, tvb, di->array_max_count_offset, conformance_size, di->array_max_count);
/* real run, dissect the elements */
- for(i=0;i<di->array_max_count;i++){
+ for(i=0; i<di->array_max_count; i++) {
offset = (*fnct)(tvb, offset, pinfo, tree, drep);
}
}
@@ -1341,40 +1349,40 @@ dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
dcerpc_dissect_fnct_t *fnct)
{
- guint32 i;
+ guint32 i;
dcerpc_info *di;
- int old_offset;
- int conformance_size = 4;
+ int old_offset;
+ int conformance_size = 4;
- di=pinfo->private_data;
+ di = pinfo->private_data;
if (di->call_data->flags & DCERPC_IS_NDR64) {
conformance_size = 8;
}
- if(di->conformant_run){
+ if (di->conformant_run) {
guint64 val;
/* conformant run, just dissect the max_count header */
- old_offset=offset;
- di->conformant_run=0;
- offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
+ old_offset = offset;
+ di->conformant_run = 0;
+ offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep,
hf_dcerpc_array_max_count, &val);
- DISSECTOR_ASSERT(val<=G_MAXUINT32);
+ DISSECTOR_ASSERT(val <= G_MAXUINT32);
di->array_max_count = (guint32)val;
- di->array_max_count_offset=offset-conformance_size;
- offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
+ di->array_max_count_offset = offset-conformance_size;
+ offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep,
hf_dcerpc_array_offset, &val);
- DISSECTOR_ASSERT(val<=G_MAXUINT32);
+ DISSECTOR_ASSERT(val <= G_MAXUINT32);
di->array_offset = (guint32)val;
- di->array_offset_offset=offset-conformance_size;
- offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
+ di->array_offset_offset = offset-conformance_size;
+ offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep,
hf_dcerpc_array_actual_count, &val);
- DISSECTOR_ASSERT(val<=G_MAXUINT32);
- di->array_actual_count=(guint32)val;
- di->array_actual_count_offset=offset-conformance_size;
- di->conformant_run=1;
- di->conformant_eaten=offset-old_offset;
+ DISSECTOR_ASSERT(val <= G_MAXUINT32);
+ di->array_actual_count = (guint32)val;
+ di->array_actual_count_offset = offset-conformance_size;
+ di->conformant_run = 1;
+ di->conformant_eaten = offset-old_offset;
} else {
/* we don't remember where in the bytestream these fields were */
proto_tree_add_uint(tree, hf_dcerpc_array_max_count, tvb, di->array_max_count_offset, conformance_size, di->array_max_count);
@@ -1382,7 +1390,7 @@ dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree_add_uint(tree, hf_dcerpc_array_actual_count, tvb, di->array_actual_count_offset, conformance_size, di->array_actual_count);
/* real run, dissect the elements */
- for(i=0;i<di->array_actual_count;i++){
+ for(i=0 ;i<di->array_actual_count; i++) {
old_offset = offset;
offset = (*fnct)(tvb, offset, pinfo, tree, drep);
if (offset <= old_offset)
@@ -1398,42 +1406,42 @@ dissect_ndr_uvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
dcerpc_dissect_fnct_t *fnct)
{
- guint32 i;
+ guint32 i;
dcerpc_info *di;
- int old_offset;
- int conformance_size = 4;
+ int old_offset;
+ int conformance_size = 4;
- di=pinfo->private_data;
+ di = pinfo->private_data;
if (di->call_data->flags & DCERPC_IS_NDR64) {
conformance_size = 8;
}
- if(di->conformant_run){
+ if (di->conformant_run) {
guint64 val;
/* conformant run, just dissect the max_count header */
- old_offset=offset;
- di->conformant_run=0;
- offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
+ old_offset = offset;
+ di->conformant_run = 0;
+ offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep,
hf_dcerpc_array_offset, &val);
- DISSECTOR_ASSERT(val<=G_MAXUINT32);
- di->array_offset=(guint32)val;
- di->array_offset_offset=offset-conformance_size;
- offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
+ DISSECTOR_ASSERT(val <= G_MAXUINT32);
+ di->array_offset = (guint32)val;
+ di->array_offset_offset = offset-conformance_size;
+ offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep,
hf_dcerpc_array_actual_count, &val);
- DISSECTOR_ASSERT(val<=G_MAXUINT32);
- di->array_actual_count=(guint32)val;
- di->array_actual_count_offset=offset-conformance_size;
- di->conformant_run=1;
- di->conformant_eaten=offset-old_offset;
+ DISSECTOR_ASSERT(val <= G_MAXUINT32);
+ di->array_actual_count = (guint32)val;
+ di->array_actual_count_offset = offset-conformance_size;
+ di->conformant_run = 1;
+ di->conformant_eaten = offset-old_offset;
} else {
/* we don't remember where in the bytestream these fields were */
proto_tree_add_uint(tree, hf_dcerpc_array_offset, tvb, di->array_offset_offset, conformance_size, di->array_offset);
proto_tree_add_uint(tree, hf_dcerpc_array_actual_count, tvb, di->array_actual_count_offset, conformance_size, di->array_actual_count);
/* real run, dissect the elements */
- for(i=0;i<di->array_actual_count;i++){
+ for(i=0; i<di->array_actual_count; i++) {
offset = (*fnct)(tvb, offset, pinfo, tree, drep);
}
}
@@ -1449,7 +1457,7 @@ dissect_ndr_uvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
than showing each byte as an individual element.
XXX - which of those is really the IDL type for, for example,
- the encrypted data in some MAPI packets? (Microsoft haven't
+ the encrypted data in some MAPI packets? (Microsoft hasn't
released that IDL.)
XXX - does this need to do all the conformant array stuff that
@@ -1461,10 +1469,10 @@ dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
dcerpc_info *di;
- guint64 len;
+ guint64 len;
- di=pinfo->private_data;
- if(di->conformant_run){
+ di = pinfo->private_data;
+ if (di->conformant_run) {
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
}
@@ -1480,7 +1488,7 @@ dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, drep,
hf_dcerpc_array_actual_count, &len);
- DISSECTOR_ASSERT(len<=G_MAXUINT32);
+ DISSECTOR_ASSERT(len <= G_MAXUINT32);
if (tree && len) {
tvb_ensure_bytes_exist(tvb, offset, (guint32)len);
proto_tree_add_item(tree, hf_dcerpc_array_buffer,
@@ -1505,16 +1513,16 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int size_is,
int hfindex, gboolean add_subtree, char **data)
{
- dcerpc_info *di;
- proto_item *string_item;
- proto_tree *string_tree;
- guint64 len;
- guint32 buffer_len;
- char *s;
+ dcerpc_info *di;
+ proto_item *string_item;
+ proto_tree *string_tree;
+ guint64 len;
+ guint32 buffer_len;
+ char *s;
header_field_info *hfinfo;
- di=pinfo->private_data;
- if(di->conformant_run){
+ di = pinfo->private_data;
+ if (di->conformant_run) {
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
}
@@ -1539,7 +1547,7 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
offset = dissect_ndr_uint3264(tvb, offset, pinfo, string_tree, drep,
hf_dcerpc_array_actual_count, &len);
- DISSECTOR_ASSERT(len<=G_MAXUINT32);
+ DISSECTOR_ASSERT(len <= G_MAXUINT32);
buffer_len = size_is * (guint32)len;
/* Adjust offset */
@@ -1576,7 +1584,7 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
*
* XXX - if this is an octet string, does the byte order
* matter? Will this ever be anything *other* than an
- * octet string? What if size_is is neither 1 nor 2?
+ * octet string? What if size_is is neither 1 nor 2?
*/
tvb_ensure_bytes_exist(tvb, offset, buffer_len);
s = tvb_get_ephemeral_string(tvb, offset, buffer_len);
@@ -1612,7 +1620,7 @@ dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
dcerpc_info *di;
- di=pinfo->private_data;
+ di = pinfo->private_data;
return dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
sizeof(guint8), di->hf_index,
@@ -1633,7 +1641,7 @@ dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
dcerpc_info *di;
- di=pinfo->private_data;
+ di = pinfo->private_data;
return dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
sizeof(guint16), di->hf_index,
@@ -1647,28 +1655,28 @@ int
PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int chsize, int hfindex, guint32 param)
{
dcerpc_info *di;
- char *s = NULL;
- gint levels = CB_STR_ITEM_LEVELS(param);
+ char *s = NULL;
+ gint levels = CB_STR_ITEM_LEVELS(param);
- di=pinfo->private_data;
+ di = pinfo->private_data;
offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
chsize, hfindex,
FALSE, &s);
- if(!di->conformant_run){
+ if (!di->conformant_run) {
/* Append string to COL_INFO */
if (param & PIDL_SET_COL_INFO) {
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", s);
}
/* Save string to dcv->private_data */
- if((param & PIDL_STR_SAVE)
- && (!pinfo->fd->flags.visited)){
+ if ((param & PIDL_STR_SAVE)
+ && (!pinfo->fd->flags.visited)) {
dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
dcv->private_data = se_strdup(s);
}
/* Append string to upper-level proto_items */
- if (levels > 0 && tree && s && s[0]) {
+ if ((levels > 0) && tree && s && s[0]) {
proto_item_append_text(tree, ": %s", s);
tree = tree->parent;
levels--;
@@ -1699,16 +1707,16 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int size_is,
int hfindex, gboolean add_subtree, char **data)
{
- dcerpc_info *di;
- proto_item *string_item;
- proto_tree *string_tree;
- guint64 len;
- guint32 buffer_len;
- char *s;
+ dcerpc_info *di;
+ proto_item *string_item;
+ proto_tree *string_tree;
+ guint64 len;
+ guint32 buffer_len;
+ char *s;
header_field_info *hfinfo;
- di=pinfo->private_data;
- if(di->conformant_run){
+ di = pinfo->private_data;
+ if (di->conformant_run) {
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
}
@@ -1729,7 +1737,7 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
offset = dissect_ndr_uint3264(tvb, offset, pinfo, string_tree, drep,
hf_dcerpc_array_actual_count, &len);
- DISSECTOR_ASSERT(len<=G_MAXUINT32);
+ DISSECTOR_ASSERT(len <= G_MAXUINT32);
buffer_len = size_is * (guint32)len;
/* Adjust offset */
@@ -1766,7 +1774,7 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
*
* XXX - if this is an octet string, does the byte order
* matter? Will this ever be anything *other* than an
- * octet string? What if size_is is neither 1 nor 2?
+ * octet string? What if size_is is neither 1 nor 2?
*/
tvb_ensure_bytes_exist(tvb, offset, buffer_len);
s = tvb_get_ephemeral_string(tvb, offset, buffer_len);
@@ -1802,7 +1810,7 @@ dissect_ndr_char_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
dcerpc_info *di;
- di=pinfo->private_data;
+ di = pinfo->private_data;
return dissect_ndr_vstring(tvb, offset, pinfo, tree, drep,
sizeof(guint8), di->hf_index,
@@ -1823,7 +1831,7 @@ dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
dcerpc_info *di;
- di=pinfo->private_data;
+ di = pinfo->private_data;
return dissect_ndr_vstring(tvb, offset, pinfo, tree, drep,
sizeof(guint16), di->hf_index,
@@ -1836,21 +1844,21 @@ dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
static GSList *ndr_pointer_list = NULL;
/* position where in the list to insert newly encountered pointers */
-static int ndr_pointer_list_pos=0;
+static int ndr_pointer_list_pos = 0;
/* Boolean controlling whether pointers are top-level or embedded */
static gboolean pointers_are_top_level = TRUE;
-/* as a kludge, we represent all embedded reference pointers as id==-1
+/* as a kludge, we represent all embedded reference pointers as id == -1
hoping that his will not collide with any non-ref pointers */
typedef struct ndr_pointer_data {
- guint32 id;
- proto_item *item; /* proto_item for pointer */
- proto_tree *tree; /* subtree of above item */
- dcerpc_dissect_fnct_t *fnct; /*if non-NULL, we have not called it yet*/
- int hf_index;
+ guint32 id;
+ proto_item *item; /* proto_item for pointer */
+ proto_tree *tree; /* subtree of above item */
+ dcerpc_dissect_fnct_t *fnct; /*if non-NULL, we have not called it yet*/
+ int hf_index;
dcerpc_callback_fnct_t *callback;
- void *callback_args;
+ void *callback_args;
} ndr_pointer_data_t;
void
@@ -1858,57 +1866,57 @@ init_ndr_pointer_list(packet_info *pinfo)
{
dcerpc_info *di;
- di=pinfo->private_data;
- di->conformant_run=0;
+ di = pinfo->private_data;
+ di->conformant_run = 0;
- while(ndr_pointer_list){
+ while (ndr_pointer_list) {
ndr_pointer_data_t *npd;
- npd=g_slist_nth_data(ndr_pointer_list, 0);
- ndr_pointer_list=g_slist_remove(ndr_pointer_list, npd);
+ npd = g_slist_nth_data(ndr_pointer_list, 0);
+ ndr_pointer_list = g_slist_remove(ndr_pointer_list, npd);
g_free(npd);
}
- ndr_pointer_list=NULL;
- ndr_pointer_list_pos=0;
- pointers_are_top_level=TRUE;
+ ndr_pointer_list = NULL;
+ ndr_pointer_list_pos = 0;
+ pointers_are_top_level = TRUE;
}
int
dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8 *drep)
{
- int found_new_pointer;
+ int found_new_pointer;
dcerpc_info *di;
- int old_offset;
- int next_pointer;
+ int old_offset;
+ int next_pointer;
- next_pointer=0;
- di=pinfo->private_data;
+ next_pointer = 0;
+ di = pinfo->private_data;
do{
int i, len;
- found_new_pointer=0;
- len=g_slist_length(ndr_pointer_list);
- for(i=next_pointer;i<len;i++){
+ found_new_pointer = 0;
+ len = g_slist_length(ndr_pointer_list);
+ for(i=next_pointer; i<len; i++) {
ndr_pointer_data_t *tnpd;
- tnpd=g_slist_nth_data(ndr_pointer_list, i);
- if(tnpd->fnct){
+ tnpd = g_slist_nth_data(ndr_pointer_list, i);
+ if (tnpd->fnct) {
dcerpc_dissect_fnct_t *fnct;
- next_pointer=i+1;
- found_new_pointer=1;
- fnct=tnpd->fnct;
- tnpd->fnct=NULL;
- ndr_pointer_list_pos=i+1;
- di->hf_index=tnpd->hf_index;
+ next_pointer = i+1;
+ found_new_pointer = 1;
+ fnct = tnpd->fnct;
+ tnpd->fnct = NULL;
+ ndr_pointer_list_pos = i+1;
+ di->hf_index = tnpd->hf_index;
/* first a run to handle any conformant
array headers */
- di->conformant_run=1;
- di->conformant_eaten=0;
+ di->conformant_run = 1;
+ di->conformant_eaten = 0;
old_offset = offset;
offset = (*(fnct))(tvb, offset, pinfo, NULL, drep);
- DISSECTOR_ASSERT((offset-old_offset)==di->conformant_eaten);
+ DISSECTOR_ASSERT((offset-old_offset) == di->conformant_eaten);
/* This is to check for any bugs in the dissectors.
*
* Basically, the NDR representation will store all
@@ -1924,12 +1932,12 @@ dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8
* For this reason, all pointers to types (both aggregate
* and scalar, for simplicity no distinction is made)
* will have its dissector called twice.
- * The dissector will first be called with conformant_run==1
+ * The dissector will first be called with conformant_run == 1
* in which mode the dissector MUST NOT consume any data from
* the tvbuff (i.e. may not dissect anything) except the
* initial control block for arrays.
* The second time the dissector is called, with
- * conformant_run==0, all other data for the type will be
+ * conformant_run == 0, all other data for the type will be
* dissected.
*
* All dissect_ndr_<type> dissectors are already prepared
@@ -1945,8 +1953,8 @@ dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8
*
* dcerpc_info *di;
*
- * di=pinfo->private_data;
- * if(di->conformant_run){
+ * di = pinfo->private_data;
+ * if (di->conformant_run) {
* return offset;
* }
*
@@ -1956,7 +1964,7 @@ dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8
*/
/* now we dissect the actual pointer */
- di->conformant_run=0;
+ di->conformant_run = 0;
old_offset = offset;
offset = (*(fnct))(tvb, offset, pinfo, tnpd->tree, drep);
if (tnpd->callback)
@@ -1964,7 +1972,7 @@ dissect_deferred_pointers(packet_info *pinfo, tvbuff_t *tvb, int offset, guint8
break;
}
}
- } while(found_new_pointer);
+ } while (found_new_pointer);
return offset;
}
@@ -1978,43 +1986,43 @@ add_pointer_to_list(packet_info *pinfo, proto_tree *tree, proto_item *item,
ndr_pointer_data_t *npd;
/* check if this pointer is valid */
- if(id!=0xffffffff){
+ if (id != 0xffffffff) {
dcerpc_info *di;
dcerpc_call_value *value;
- di=pinfo->private_data;
- value=di->call_data;
+ di = pinfo->private_data;
+ value = di->call_data;
- if(di->ptype == PDU_REQ){
- if(!(pinfo->fd->flags.visited)){
- if(id>value->max_ptr){
- value->max_ptr=id;
+ if (di->ptype == PDU_REQ) {
+ if (!(pinfo->fd->flags.visited)) {
+ if (id > value->max_ptr) {
+ value->max_ptr = id;
}
}
} else {
/* if we haven't seen the request bail out since we cant
know whether this is the first non-NULL instance
or not */
- if(value->req_frame==0){
+ if (value->req_frame == 0) {
/* XXX THROW EXCEPTION */
}
/* We saw this one in the request frame, nothing to
dissect later */
- if(id<=value->max_ptr){
+ if (id <= value->max_ptr) {
return;
}
}
}
- npd=g_malloc(sizeof(ndr_pointer_data_t));
- npd->id=id;
- npd->tree=tree;
- npd->item=item;
- npd->fnct=fnct;
- npd->hf_index=hf_index;
- npd->callback=callback;
- npd->callback_args=callback_args;
+ npd = g_malloc(sizeof(ndr_pointer_data_t));
+ npd->id = id;
+ npd->tree = tree;
+ npd->item = item;
+ npd->fnct = fnct;
+ npd->hf_index = hf_index;
+ npd->callback = callback;
+ npd->callback_args = callback_args;
ndr_pointer_list = g_slist_insert(ndr_pointer_list, npd,
ndr_pointer_list_pos);
ndr_pointer_list_pos++;
@@ -2025,13 +2033,13 @@ static int
find_pointer_index(guint32 id)
{
ndr_pointer_data_t *npd;
- int i,len;
+ int i,len;
- len=g_slist_length(ndr_pointer_list);
- for(i=0;i<len;i++){
- npd=g_slist_nth_data(ndr_pointer_list, i);
- if(npd){
- if(npd->id==id){
+ len = g_slist_length(ndr_pointer_list);
+ for(i=0; i<len; i++) {
+ npd = g_slist_nth_data(ndr_pointer_list, i);
+ if (npd) {
+ if (npd->id == id) {
return i;
}
}
@@ -2066,12 +2074,12 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
dcerpc_callback_fnct_t *callback, void *callback_args)
{
dcerpc_info *di;
- proto_tree *tr = NULL;
- gint start_offset = offset;
- int pointer_size = 4;
+ proto_tree *tr = NULL;
+ gint start_offset = offset;
+ int pointer_size = 4;
- di=pinfo->private_data;
- if(di->conformant_run){
+ di = pinfo->private_data;
+ if (di->conformant_run) {
/* this call was only for dissecting the header for any
embedded conformant array. we will not parse any
pointers in this mode.
@@ -2084,14 +2092,14 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/*TOP LEVEL REFERENCE POINTER*/
- if( pointers_are_top_level
- &&(type==NDR_POINTER_REF) ){
+ if ( pointers_are_top_level
+ && (type == NDR_POINTER_REF) ) {
proto_item *item;
/* we must find out a nice way to do the length here */
- item=proto_tree_add_text(tree, tvb, offset, 0,
- "%s", text);
- tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
+ item = proto_tree_add_text(tree, tvb, offset, 0,
+ "%s", text);
+ tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data);
add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff,
hf_index, callback, callback_args);
@@ -2099,8 +2107,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/*TOP LEVEL FULL POINTER*/
- if( pointers_are_top_level
- && (type==NDR_POINTER_PTR) ){
+ if ( pointers_are_top_level
+ && (type == NDR_POINTER_PTR) ) {
int idx;
guint64 id;
proto_item *item;
@@ -2110,7 +2118,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* we got a NULL pointer */
- if(id==0){
+ if (id == 0) {
proto_tree_add_text(tree, tvb, offset-pointer_size,
pointer_size,
"(NULL pointer) %s",text);
@@ -2118,11 +2126,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/* see if we have seen this pointer before */
- DISSECTOR_ASSERT(id<=G_MAXUINT32);
- idx=find_pointer_index((guint32)id);
+ DISSECTOR_ASSERT(id <= G_MAXUINT32);
+ idx = find_pointer_index((guint32)id);
/* we have seen this pointer before */
- if(idx>=0){
+ if (idx >= 0) {
proto_tree_add_text(tree, tvb, offset-pointer_size,
pointer_size,
"(duplicate PTR) %s",text);
@@ -2130,10 +2138,10 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-pointer_size,
- pointer_size,
- "%s", text);
- tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
+ item = proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
+ "%s", text);
+ tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data);
proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
offset-pointer_size, pointer_size, (guint32)id);
add_pointer_to_list(pinfo, tr, item, fnct, (guint32)id, hf_index,
@@ -2141,8 +2149,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
goto after_ref_id;
}
/*TOP LEVEL UNIQUE POINTER*/
- if( pointers_are_top_level
- && (type==NDR_POINTER_UNIQUE) ){
+ if ( pointers_are_top_level
+ && (type == NDR_POINTER_UNIQUE) ) {
guint64 id;
proto_item *item;
@@ -2151,7 +2159,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* we got a NULL pointer */
- if(id==0){
+ if (id == 0) {
proto_tree_add_text(tree, tvb, offset-pointer_size,
pointer_size,
"(NULL pointer) %s",text);
@@ -2159,11 +2167,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/* new pointer */
- DISSECTOR_ASSERT(id<=G_MAXUINT32);
- item=proto_tree_add_text(tree, tvb, offset-pointer_size,
- pointer_size,
- "%s", text);
- tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
+ DISSECTOR_ASSERT(id <= G_MAXUINT32);
+ item = proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
+ "%s", text);
+ tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data);
proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
offset-pointer_size, pointer_size, (guint32)id);
add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff,
@@ -2172,8 +2180,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/*EMBEDDED REFERENCE POINTER*/
- if( (!pointers_are_top_level)
- && (type==NDR_POINTER_REF) ){
+ if ( (!pointers_are_top_level)
+ && (type == NDR_POINTER_REF) ) {
guint64 id;
proto_item *item;
@@ -2182,11 +2190,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-pointer_size,
+ item = proto_tree_add_text(tree, tvb, offset-pointer_size,
pointer_size,
"%s",text);
- tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
- DISSECTOR_ASSERT(id<=G_MAXUINT32);
+ tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data);
+ DISSECTOR_ASSERT(id <= G_MAXUINT32);
proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
offset-pointer_size, pointer_size, (guint32)id);
add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff,
@@ -2195,8 +2203,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/*EMBEDDED UNIQUE POINTER*/
- if( (!pointers_are_top_level)
- && (type==NDR_POINTER_UNIQUE) ){
+ if ( (!pointers_are_top_level)
+ && (type == NDR_POINTER_UNIQUE) ) {
guint64 id;
proto_item *item;
@@ -2205,7 +2213,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* we got a NULL pointer */
- if(id==0){
+ if (id == 0) {
proto_tree_add_text(tree, tvb, offset-pointer_size,
pointer_size,
"(NULL pointer) %s", text);
@@ -2213,11 +2221,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-pointer_size,
- pointer_size,
- "%s",text);
- tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
- DISSECTOR_ASSERT(id<=G_MAXUINT32);
+ item = proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
+ "%s",text);
+ tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data);
+ DISSECTOR_ASSERT(id <= G_MAXUINT32);
proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
offset-pointer_size, pointer_size, (guint32)id);
add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff,
@@ -2226,8 +2234,8 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/*EMBEDDED FULL POINTER*/
- if( (!pointers_are_top_level)
- && (type==NDR_POINTER_PTR) ){
+ if ( (!pointers_are_top_level)
+ && (type == NDR_POINTER_PTR) ) {
int idx;
guint64 id;
proto_item *item;
@@ -2237,7 +2245,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* we got a NULL pointer */
- if(id==0){
+ if (id == 0) {
proto_tree_add_text(tree, tvb, offset-pointer_size,
pointer_size,
"(NULL pointer) %s",text);
@@ -2245,11 +2253,11 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/* see if we have seen this pointer before */
- DISSECTOR_ASSERT(id<=G_MAXUINT32);
- idx=find_pointer_index((guint32)id);
+ DISSECTOR_ASSERT(id <= G_MAXUINT32);
+ idx = find_pointer_index((guint32)id);
/* we have seen this pointer before */
- if(idx>=0){
+ if (idx >= 0) {
proto_tree_add_text(tree, tvb, offset-pointer_size,
pointer_size,
"(duplicate PTR) %s",text);
@@ -2257,10 +2265,10 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-pointer_size,
- pointer_size,
- "%s", text);
- tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
+ item = proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
+ "%s", text);
+ tr = proto_item_add_subtree(item,ett_dcerpc_pointer_data);
proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
offset-pointer_size, pointer_size, (guint32)id);
add_pointer_to_list(pinfo, tr, item, fnct, (guint32)id, hf_index,
@@ -2273,14 +2281,14 @@ after_ref_id:
/* After each top level pointer we have dissected we have to
dissect all deferrals before we move on to the next top level
argument */
- if(pointers_are_top_level==TRUE){
- pointers_are_top_level=FALSE;
+ if (pointers_are_top_level == TRUE) {
+ pointers_are_top_level = FALSE;
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
- pointers_are_top_level=TRUE;
+ pointers_are_top_level = TRUE;
}
/* Set the length for the new subtree */
- if (tr){
+ if (tr) {
proto_item_set_len(tr, offset-start_offset);
}
return offset;
@@ -2302,8 +2310,8 @@ dissect_ndr_toplevel_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
{
int ret;
- pointers_are_top_level=TRUE;
- ret=dissect_ndr_pointer_cb(
+ pointers_are_top_level = TRUE;
+ ret = dissect_ndr_pointer_cb(
tvb, offset, pinfo, tree, drep, fnct, type, text, hf_index,
NULL, NULL);
return ret;
@@ -2315,18 +2323,18 @@ dissect_ndr_embedded_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
{
int ret;
- pointers_are_top_level=FALSE;
- ret=dissect_ndr_pointer_cb(
+ pointers_are_top_level = FALSE;
+ ret = dissect_ndr_pointer_cb(
tvb, offset, pinfo, tree, drep, fnct, type, text, hf_index,
NULL, NULL);
return ret;
}
static void
-show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree,
- dcerpc_auth_info *auth_info, gboolean is_encrypted)
+show_stub_data(tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree,
+ dcerpc_auth_info *auth_info, gboolean is_encrypted)
{
- int length, plain_length, auth_pad_len;
+ int length, plain_length, auth_pad_len;
guint auth_pad_offset;
/*
@@ -2335,9 +2343,9 @@ show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree,
* bytes, the reported number of bytes, not the number of bytes
* that happen to be in the tvbuff.
*/
- if (tvb_length_remaining (tvb, offset) > 0) {
+ if (tvb_length_remaining(tvb, offset) > 0) {
auth_pad_len = auth_info?auth_info->auth_pad_len:0;
- length = tvb_reported_length_remaining (tvb, offset);
+ length = tvb_reported_length_remaining(tvb, offset);
/* if auth_pad_len is larger than length then we ignore auth_pad_len totally */
plain_length = length - auth_pad_len;
@@ -2347,8 +2355,8 @@ show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree,
}
auth_pad_offset = offset + plain_length;
- if (auth_info != NULL &&
- auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY) {
+ if ((auth_info != NULL) &&
+ (auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY)) {
if (is_encrypted) {
tvb_ensure_bytes_exist(tvb, offset, length);
proto_tree_add_text(dcerpc_tree, tvb, offset, length,
@@ -2364,49 +2372,50 @@ show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree,
}
} else {
tvb_ensure_bytes_exist(tvb, offset, plain_length);
- proto_tree_add_text (dcerpc_tree, tvb, offset, plain_length,
- "Stub data (%d byte%s)", plain_length,
- plurality(plain_length, "", "s"));
+ proto_tree_add_text(dcerpc_tree, tvb, offset, plain_length,
+ "Stub data (%d byte%s)", plain_length,
+ plurality(plain_length, "", "s"));
}
/* If there is auth padding at the end of the stub, display it */
if (auth_pad_len != 0) {
tvb_ensure_bytes_exist(tvb, auth_pad_offset, auth_pad_len);
- proto_tree_add_text (dcerpc_tree, tvb, auth_pad_offset,
- auth_pad_len,
- "Auth Padding (%u byte%s)",
- auth_pad_len,
- plurality(auth_pad_len, "", "s"));
+ proto_tree_add_text(dcerpc_tree, tvb, auth_pad_offset,
+ auth_pad_len,
+ "Auth Padding (%u byte%s)",
+ auth_pad_len,
+ plurality(auth_pad_len, "", "s"));
}
}
}
static int
-dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
- proto_tree *dcerpc_tree,
- tvbuff_t *volatile tvb, tvbuff_t *decrypted_tvb,
- guint8 *drep, dcerpc_info *info,
- dcerpc_auth_info *auth_info)
+dcerpc_try_handoff(packet_info *pinfo, proto_tree *tree,
+ proto_tree *dcerpc_tree,
+ tvbuff_t *volatile tvb, tvbuff_t *decrypted_tvb,
+ guint8 *drep, dcerpc_info *info,
+ dcerpc_auth_info *auth_info)
{
- volatile gint offset = 0;
- dcerpc_uuid_key key;
- dcerpc_uuid_value *sub_proto;
- proto_tree *volatile sub_tree = NULL;
+ volatile gint offset = 0;
+ dcerpc_uuid_key key;
+ dcerpc_uuid_value *sub_proto;
+ proto_tree *volatile sub_tree = NULL;
dcerpc_sub_dissector *proc;
- const gchar *name = NULL;
+ const gchar *name = NULL;
+ const char *volatile saved_proto;
+ void *volatile saved_private_data;
+ guint length = 0, reported_length = 0;
+ tvbuff_t *volatile stub_tvb;
+ volatile guint auth_pad_len;
+ volatile int auth_pad_offset;
+ proto_item *sub_item = NULL;
+ proto_item *pi, *hidden_item;
+
dcerpc_dissect_fnct_t *volatile sub_dissect;
- const char *volatile saved_proto;
- void *volatile saved_private_data;
- guint length = 0, reported_length = 0;
- tvbuff_t *volatile stub_tvb;
- volatile guint auth_pad_len;
- volatile int auth_pad_offset;
- proto_item *sub_item=NULL;
- proto_item *pi, *hidden_item;
key.uuid = info->call_data->uuid;
key.ver = info->call_data->ver;
- if ((sub_proto = g_hash_table_lookup (dcerpc_uuids, &key)) == NULL
+ if ((sub_proto = g_hash_table_lookup(dcerpc_uuids, &key)) == NULL
|| !proto_is_protocol_enabled(sub_proto->proto)) {
/*
* We don't have a dissector for this UUID, or the protocol
@@ -2416,14 +2425,14 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
hidden_item = proto_tree_add_boolean(dcerpc_tree, hf_dcerpc_unknown_if_id,
tvb, offset, 0, TRUE);
PROTO_ITEM_SET_HIDDEN(hidden_item);
- col_append_fstr (pinfo->cinfo, COL_INFO, " %s V%u",
+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u",
guids_resolve_uuid_to_str(&info->call_data->uuid), info->call_data->ver);
if (decrypted_tvb != NULL) {
- show_stub_data (decrypted_tvb, 0, dcerpc_tree, auth_info,
- FALSE);
+ show_stub_data(decrypted_tvb, 0, dcerpc_tree, auth_info,
+ FALSE);
} else
- show_stub_data (tvb, 0, dcerpc_tree, auth_info, TRUE);
+ show_stub_data(tvb, 0, dcerpc_tree, auth_info, TRUE);
return -1;
}
@@ -2437,21 +2446,21 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
if (!name)
name = "Unknown?!";
- col_set_str (pinfo->cinfo, COL_PROTOCOL, sub_proto->name);
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, sub_proto->name);
- col_add_fstr (pinfo->cinfo, COL_INFO, "%s %s",
- name, (info->ptype == PDU_REQ) ? "request" : "response");
+ col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s",
+ name, (info->ptype == PDU_REQ) ? "request" : "response");
sub_dissect = (info->ptype == PDU_REQ) ?
proc->dissect_rqst : proc->dissect_resp;
if (tree) {
- sub_item = proto_tree_add_item (tree, sub_proto->proto_id,
- (decrypted_tvb != NULL)?decrypted_tvb:tvb,
- 0, -1, ENC_NA);
+ sub_item = proto_tree_add_item(tree, sub_proto->proto_id,
+ (decrypted_tvb != NULL)?decrypted_tvb:tvb,
+ 0, -1, ENC_NA);
if (sub_item) {
- sub_tree = proto_item_add_subtree (sub_item, sub_proto->ett);
+ sub_tree = proto_item_add_subtree(sub_item, sub_proto->ett);
proto_item_append_text(sub_item, ", %s", name);
}
@@ -2470,12 +2479,12 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
"Operation: %s (%u)",
name, info->call_data->opnum);
- if(info->ptype == PDU_REQ && info->call_data->rep_frame!=0) {
+ if ((info->ptype == PDU_REQ) && (info->call_data->rep_frame != 0)) {
pi = proto_tree_add_uint(sub_tree, hf_dcerpc_response_in,
tvb, 0, 0, info->call_data->rep_frame);
PROTO_ITEM_SET_GENERATED(pi);
}
- if(info->ptype == PDU_RESP && info->call_data->req_frame!=0) {
+ if ((info->ptype == PDU_RESP) && (info->call_data->req_frame != 0)) {
pi = proto_tree_add_uint(sub_tree, hf_dcerpc_request_in,
tvb, 0, 0, info->call_data->req_frame);
PROTO_ITEM_SET_GENERATED(pi);
@@ -2487,10 +2496,10 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
the encrypted payload. */
if (sub_dissect) {
/* We have a subdissector - call it. */
- saved_proto = pinfo->current_proto;
- saved_private_data = pinfo->private_data;
+ saved_proto = pinfo->current_proto;
+ saved_private_data = pinfo->private_data;
pinfo->current_proto = sub_proto->name;
- pinfo->private_data = (void *)info;
+ pinfo->private_data = (void *)info;
init_ndr_pointer_list(pinfo);
@@ -2500,7 +2509,7 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
/*
* Remove the authentication padding from the stub data.
*/
- if (auth_info != NULL && auth_info->auth_pad_len != 0) {
+ if ((auth_info != NULL) && (auth_info->auth_pad_len != 0)) {
if (reported_length >= auth_info->auth_pad_len) {
/*
* OK, the padding length isn't so big that it
@@ -2560,7 +2569,7 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
TRY {
int remaining;
- offset = sub_dissect (stub_tvb, 0, pinfo, sub_tree,
+ offset = sub_dissect(stub_tvb, 0, pinfo, sub_tree,
drep);
/* If we have a subdissector and it didn't dissect all
@@ -2588,34 +2597,34 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
/* If there is auth padding at the end of the stub, display it */
if (auth_pad_len != 0) {
tvb_ensure_bytes_exist(tvb, auth_pad_offset, auth_pad_len);
- proto_tree_add_text (sub_tree, decrypted_tvb, auth_pad_offset,
- auth_pad_len,
- "Auth Padding (%u byte%s)",
- auth_pad_len,
- plurality(auth_pad_len, "", "s"));
+ proto_tree_add_text(sub_tree, decrypted_tvb, auth_pad_offset,
+ auth_pad_len,
+ "Auth Padding (%u byte%s)",
+ auth_pad_len,
+ plurality(auth_pad_len, "", "s"));
}
pinfo->current_proto = saved_proto;
- pinfo->private_data = saved_private_data;
+ pinfo->private_data = saved_private_data;
} else {
/* No subdissector - show it as stub data. */
- if(decrypted_tvb){
- show_stub_data (decrypted_tvb, 0, sub_tree, auth_info, FALSE);
+ if (decrypted_tvb) {
+ show_stub_data(decrypted_tvb, 0, sub_tree, auth_info, FALSE);
} else {
- show_stub_data (tvb, 0, sub_tree, auth_info, TRUE);
+ show_stub_data(tvb, 0, sub_tree, auth_info, TRUE);
}
}
} else
- show_stub_data (tvb, 0, sub_tree, auth_info, TRUE);
+ show_stub_data(tvb, 0, sub_tree, auth_info, TRUE);
tap_queue_packet(dcerpc_tap, pinfo, info);
return 0;
}
static int
-dissect_dcerpc_verifier (tvbuff_t *tvb, packet_info *pinfo,
- proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr,
- dcerpc_auth_info *auth_info)
+dissect_dcerpc_verifier(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr,
+ dcerpc_auth_info *auth_info)
{
int auth_offset;
@@ -2646,8 +2655,8 @@ dissect_dcerpc_verifier (tvbuff_t *tvb, packet_info *pinfo,
} ENDTRY;
} else {
tvb_ensure_bytes_exist(tvb, 0, hdr->auth_len);
- proto_tree_add_text (dcerpc_tree, auth_tvb, 0, hdr->auth_len,
- "Auth Verifier");
+ proto_tree_add_text(dcerpc_tree, auth_tvb, 0, hdr->auth_len,
+ "Auth Verifier");
}
}
@@ -2655,9 +2664,9 @@ dissect_dcerpc_verifier (tvbuff_t *tvb, packet_info *pinfo,
}
static void
-dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr,
- gboolean are_credentials, dcerpc_auth_info *auth_info)
+dissect_dcerpc_cn_auth(tvbuff_t *tvb, int stub_offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr,
+ gboolean are_credentials, dcerpc_auth_info *auth_info)
{
volatile int offset;
@@ -2665,9 +2674,9 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo,
* Initially set auth_level and auth_type to zero to indicate that we
* haven't yet seen any authentication level information.
*/
- auth_info->auth_level = 0;
- auth_info->auth_type = 0;
- auth_info->auth_size = 0;
+ auth_info->auth_level = 0;
+ auth_info->auth_type = 0;
+ auth_info->auth_size = 0;
auth_info->auth_pad_len = 0;
/*
@@ -2683,7 +2692,7 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo,
*/
if (hdr->auth_len
- && (hdr->auth_len + 8 <= hdr->frag_len - stub_offset)) {
+ && ((hdr->auth_len + 8) <= (hdr->frag_len - stub_offset))) {
/*
* Yes, there is authentication data, and the length is valid.
@@ -2705,20 +2714,20 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo,
* dissect after this, such as stub data.
*/
TRY {
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_auth_type,
- &auth_info->auth_type);
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_auth_level,
- &auth_info->auth_level);
-
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_auth_pad_len,
- &auth_info->auth_pad_len);
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_auth_rsrvd, NULL);
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_auth_ctx_id, NULL);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_auth_type,
+ &auth_info->auth_type);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_auth_level,
+ &auth_info->auth_level);
+
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_auth_pad_len,
+ &auth_info->auth_pad_len);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_auth_rsrvd, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_auth_ctx_id, NULL);
/*
* Dissect the authentication data.
@@ -2736,7 +2745,7 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo,
dissect_auth_verf(auth_tvb, pinfo, dcerpc_tree, auth_fns,
hdr, auth_info);
else
- proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len,
+ proto_tree_add_text(dcerpc_tree, tvb, offset, hdr->auth_len,
"Auth Credentials");
}
@@ -2761,9 +2770,9 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, int stub_offset, packet_info *pinfo,
* as well in the future.
*/
-guint16 dcerpc_get_transport_salt (packet_info *pinfo)
+guint16 dcerpc_get_transport_salt(packet_info *pinfo)
{
- switch(pinfo->dcetransporttype){
+ switch (pinfo->dcetransporttype) {
case DCE_CN_TRANSPORT_SMBPIPE:
/* DCERPC over smb */
return pinfo->dcetransportsalt;
@@ -2778,35 +2787,35 @@ guint16 dcerpc_get_transport_salt (packet_info *pinfo)
*/
static void
-dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
+dissect_dcerpc_cn_bind(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
{
- conversation_t *conv = find_or_create_conversation(pinfo);
- guint8 num_ctx_items = 0;
- guint i;
- guint16 ctx_id;
- guint8 num_trans_items;
- guint j;
- e_uuid_t if_id;
- e_uuid_t trans_id;
- guint32 trans_ver;
- guint16 if_ver, if_ver_minor;
- dcerpc_auth_info auth_info;
- char *uuid_str;
- const char *uuid_name = NULL;
- proto_item *iface_item = NULL;
-
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_max_xmit, NULL);
-
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_max_recv, NULL);
-
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_assoc_group, NULL);
-
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_num_ctx_items, &num_ctx_items);
+ conversation_t *conv = find_or_create_conversation(pinfo);
+ guint8 num_ctx_items = 0;
+ guint i;
+ guint16 ctx_id;
+ guint8 num_trans_items;
+ guint j;
+ e_uuid_t if_id;
+ e_uuid_t trans_id;
+ guint32 trans_ver;
+ guint16 if_ver, if_ver_minor;
+ dcerpc_auth_info auth_info;
+ char *uuid_str;
+ const char *uuid_name = NULL;
+ proto_item *iface_item = NULL;
+
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_max_xmit, NULL);
+
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_max_recv, NULL);
+
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_assoc_group, NULL);
+
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_num_ctx_items, &num_ctx_items);
/* padding */
offset += 3;
@@ -2818,8 +2827,8 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *ctx_tree = NULL, *iface_tree = NULL;
gint ctx_offset = offset;
- dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep,
- hf_dcerpc_cn_ctx_id, &ctx_id);
+ dissect_dcerpc_uint16(tvb, offset, pinfo, NULL, hdr->drep,
+ hf_dcerpc_cn_ctx_id, &ctx_id);
/* save context ID for use with dcerpc_add_conv_to_bind_table() */
/* (if we have multiple contexts, this might cause "decode as"
@@ -2833,19 +2842,19 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
ctx_tree = proto_item_add_subtree(ctx_item, ett_dcerpc_cn_ctx);
}
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, ctx_tree, hdr->drep,
- hf_dcerpc_cn_ctx_id, &ctx_id);
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, ctx_tree, hdr->drep,
- hf_dcerpc_cn_num_trans_items, &num_trans_items);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree, hdr->drep,
+ hf_dcerpc_cn_ctx_id, &ctx_id);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, ctx_tree, hdr->drep,
+ hf_dcerpc_cn_num_trans_items, &num_trans_items);
- if(dcerpc_tree) {
+ if (dcerpc_tree) {
proto_item_append_text(ctx_item, "[%u]: ID:%u", i+1, ctx_id);
}
/* padding */
offset += 1;
- dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &if_id);
+ dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &if_id);
if (ctx_tree) {
iface_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_abstract_syntax, tvb, offset, 0, ENC_NA);
@@ -2853,28 +2862,28 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
uuid_str = guid_to_str((e_guid_t*)&if_id);
uuid_name = guids_get_uuid_name(&if_id);
- if(uuid_name) {
- proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
- offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
+ if (uuid_name) {
+ proto_tree_add_guid_format(iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
+ offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
proto_item_append_text(iface_item, ": %s", uuid_name);
} else {
- proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
- offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str);
+ proto_tree_add_guid_format(iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
+ offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str);
proto_item_append_text(iface_item, ": %s", uuid_str);
}
}
offset += 16;
if (hdr->drep[0] & DREP_LITTLE_ENDIAN) {
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, iface_tree, hdr->drep,
- hf_dcerpc_cn_bind_if_ver, &if_ver);
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, iface_tree, hdr->drep,
- hf_dcerpc_cn_bind_if_ver_minor, &if_ver_minor);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, iface_tree, hdr->drep,
+ hf_dcerpc_cn_bind_if_ver, &if_ver);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, iface_tree, hdr->drep,
+ hf_dcerpc_cn_bind_if_ver_minor, &if_ver_minor);
} else {
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, iface_tree, hdr->drep,
- hf_dcerpc_cn_bind_if_ver_minor, &if_ver_minor);
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, iface_tree, hdr->drep,
- hf_dcerpc_cn_bind_if_ver, &if_ver);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, iface_tree, hdr->drep,
+ hf_dcerpc_cn_bind_if_ver_minor, &if_ver_minor);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, iface_tree, hdr->drep,
+ hf_dcerpc_cn_bind_if_ver, &if_ver);
}
if (ctx_tree) {
@@ -2887,7 +2896,7 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *trans_tree = NULL;
proto_item *trans_item = NULL;
- dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
+ dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &trans_id);
if (ctx_tree) {
trans_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_trans_syntax, tvb, offset, 0, ENC_NA);
@@ -2896,56 +2905,57 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
uuid_str = guid_to_str((e_guid_t *) &trans_id);
uuid_name = guids_get_uuid_name(&trans_id);
- if(uuid_name) {
- proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
- offset, 16, (e_guid_t *) &trans_id, "Transport Syntax: %s UUID:%s", uuid_name, uuid_str);
+ if (uuid_name) {
+ proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
+ offset, 16, (e_guid_t *) &trans_id,
+ "Transport Syntax: %s UUID:%s", uuid_name, uuid_str);
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_name);
} else {
- proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
- offset, 16, (e_guid_t *) &trans_id, "Transport Syntax: %s", uuid_str);
+ proto_tree_add_guid_format(trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
+ offset, 16, (e_guid_t *) &trans_id, "Transport Syntax: %s", uuid_str);
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str);
}
}
offset += 16;
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, trans_tree, hdr->drep,
- hf_dcerpc_cn_bind_trans_ver, &trans_ver);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, trans_tree, hdr->drep,
+ hf_dcerpc_cn_bind_trans_ver, &trans_ver);
if (ctx_tree) {
proto_item_set_len(trans_item, 20);
proto_item_append_text(trans_item, " V%u", trans_ver);
}
}
- /* if this is the first time we see this packet, we need to
+ /* if this is the first time we've seen this packet, we need to
update the dcerpc_binds table so that any later calls can
match to the interface.
XXX We assume that BINDs will NEVER be fragmented.
*/
- if(!(pinfo->fd->flags.visited)){
- dcerpc_bind_key *key;
+ if (!(pinfo->fd->flags.visited)) {
+ dcerpc_bind_key *key;
dcerpc_bind_value *value;
- key = se_alloc (sizeof (dcerpc_bind_key));
+ key = se_alloc(sizeof (dcerpc_bind_key));
key->conv = conv;
key->ctx_id = ctx_id;
key->smb_fid = dcerpc_get_transport_salt(pinfo);
- value = se_alloc (sizeof (dcerpc_bind_value));
+ value = se_alloc(sizeof (dcerpc_bind_value));
value->uuid = if_id;
value->ver = if_ver;
- value->transport=trans_id;
+ value->transport = trans_id;
/* add this entry to the bind table */
- g_hash_table_insert (dcerpc_binds, key, value);
+ g_hash_table_insert(dcerpc_binds, key, value);
}
- if (i > 0)
- col_append_fstr(pinfo->cinfo, COL_INFO, ",");
- col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u.%u (%s)",
- guids_resolve_uuid_to_str(&if_id), if_ver, if_ver_minor,
- guids_resolve_uuid_to_str(&trans_id));
+ if (i > 0)
+ col_append_fstr(pinfo->cinfo, COL_INFO, ",");
+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u.%u (%s)",
+ guids_resolve_uuid_to_str(&if_id), if_ver, if_ver_minor,
+ guids_resolve_uuid_to_str(&trans_id));
- if(ctx_tree) {
+ if (ctx_tree) {
proto_item_set_len(ctx_item, offset - ctx_offset);
}
}
@@ -2955,39 +2965,39 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
* an authentication header, and associate it with an authentication
* context, so subsequent PDUs can use that context.
*/
- dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, &auth_info);
+ dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, &auth_info);
}
static void
-dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
+dissect_dcerpc_cn_bind_ack(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
{
- guint16 max_xmit, max_recv;
- guint16 sec_addr_len;
- guint8 num_results;
- guint i;
- guint16 result = 0;
- guint16 reason = 0;
- e_uuid_t trans_id;
- guint32 trans_ver;
- dcerpc_auth_info auth_info;
- const char *uuid_name = NULL;
-
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_max_xmit, &max_xmit);
-
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_max_recv, &max_recv);
-
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_assoc_group, NULL);
-
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_sec_addr_len, &sec_addr_len);
+ guint16 max_xmit, max_recv;
+ guint16 sec_addr_len;
+ guint8 num_results;
+ guint i;
+ guint16 result = 0;
+ guint16 reason = 0;
+ e_uuid_t trans_id;
+ guint32 trans_ver;
+ dcerpc_auth_info auth_info;
+ const char *uuid_name = NULL;
+
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_max_xmit, &max_xmit);
+
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_max_recv, &max_recv);
+
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_assoc_group, NULL);
+
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_sec_addr_len, &sec_addr_len);
if (sec_addr_len != 0) {
tvb_ensure_bytes_exist(tvb, offset, sec_addr_len);
- proto_tree_add_item (dcerpc_tree, hf_dcerpc_cn_sec_addr, tvb, offset,
- sec_addr_len, ENC_ASCII|ENC_NA);
+ proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_sec_addr, tvb, offset,
+ sec_addr_len, ENC_ASCII|ENC_NA);
offset += sec_addr_len;
}
@@ -2995,31 +3005,31 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset += 4 - offset % 4;
}
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_num_results, &num_results);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_num_results, &num_results);
/* padding */
offset += 3;
col_append_fstr(pinfo->cinfo, COL_INFO, ", max_xmit: %u max_recv: %u, %u results:",
- max_xmit, max_recv, num_results);
+ max_xmit, max_recv, num_results);
for (i = 0; i < num_results; i++) {
proto_tree *ctx_tree = NULL;
- if(dcerpc_tree){
+ if (dcerpc_tree) {
proto_item *ctx_item;
ctx_item = proto_tree_add_text(dcerpc_tree, tvb, offset, 24, "Context ID[%u]", i+1);
ctx_tree = proto_item_add_subtree(ctx_item, ett_dcerpc_cn_ctx);
}
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, ctx_tree,
- hdr->drep, hf_dcerpc_cn_ack_result,
- &result);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree,
+ hdr->drep, hf_dcerpc_cn_ack_result,
+ &result);
if (result != 0) {
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, ctx_tree,
- hdr->drep, hf_dcerpc_cn_ack_reason,
- &reason);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, ctx_tree,
+ hdr->drep, hf_dcerpc_cn_ack_reason,
+ &reason);
} else {
/*
* The reason for rejection isn't meaningful, and often isn't
@@ -3028,59 +3038,59 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset += 2;
}
- dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
+ dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &trans_id);
uuid_name = guids_get_uuid_name(&trans_id);
if (ctx_tree) {
- proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
- offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s",
- uuid_name?uuid_name:guid_to_str((e_guid_t *) &trans_id));
+ proto_tree_add_guid_format(ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
+ offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s",
+ uuid_name?uuid_name:guid_to_str((e_guid_t *) &trans_id));
}
offset += 16;
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, ctx_tree, hdr->drep,
- hf_dcerpc_cn_ack_trans_ver, &trans_ver);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, ctx_tree, hdr->drep,
+ hf_dcerpc_cn_ack_trans_ver, &trans_ver);
- if (i > 0)
- col_append_fstr(pinfo->cinfo, COL_INFO, ",");
- col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
- val_to_str(result, p_cont_result_vals, "Unknown result (%u)"));
+ if (i > 0)
+ col_append_fstr(pinfo->cinfo, COL_INFO, ",");
+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s",
+ val_to_str(result, p_cont_result_vals, "Unknown result (%u)"));
}
/*
* XXX - do we need to do anything with the authentication level
* we get back from this?
*/
- dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, &auth_info);
+ dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, &auth_info);
}
static void
-dissect_dcerpc_cn_bind_nak (tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
+dissect_dcerpc_cn_bind_nak(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
{
guint16 reason;
- guint8 num_protocols;
- guint i;
+ guint8 num_protocols;
+ guint i;
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_cn_reject_reason,
- &reason);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_cn_reject_reason,
+ &reason);
- col_append_fstr (pinfo->cinfo, COL_INFO, " reason: %s",
- val_to_str(reason, reject_reason_vals, "Unknown (%u)"));
+ col_append_fstr(pinfo->cinfo, COL_INFO, " reason: %s",
+ val_to_str(reason, reject_reason_vals, "Unknown (%u)"));
if (reason == PROTOCOL_VERSION_NOT_SUPPORTED) {
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_num_protocols,
- &num_protocols);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_num_protocols,
+ &num_protocols);
for (i = 0; i < num_protocols; i++) {
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_cn_protocol_ver_major,
- NULL);
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_cn_protocol_ver_minor,
- NULL);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_cn_protocol_ver_major,
+ NULL);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_cn_protocol_ver_minor,
+ NULL);
}
}
}
@@ -3094,10 +3104,10 @@ static const char *
fragment_type(guint8 flags)
{
static const char* t[4] = {
- "Mid",
- "1st",
- "Last",
- "Single"
+ "Mid",
+ "1st",
+ "Last",
+ "Single"
};
return t[flags & PFC_FRAG_MASK];
}
@@ -3105,15 +3115,15 @@ fragment_type(guint8 flags)
/* Dissect stub data (payload) of a DCERPC packet. */
static void
-dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, proto_tree *tree,
- e_dce_cn_common_hdr_t *hdr, dcerpc_info *di,
- dcerpc_auth_info *auth_info, guint32 alloc_hint _U_,
- guint32 frame)
+dissect_dcerpc_cn_stub(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, proto_tree *tree,
+ e_dce_cn_common_hdr_t *hdr, dcerpc_info *di,
+ dcerpc_auth_info *auth_info, guint32 alloc_hint _U_,
+ guint32 frame)
{
- gint length, reported_length;
- gboolean save_fragmented;
- fragment_data *fd_head=NULL;
+ gint length, reported_length;
+ gboolean save_fragmented;
+ fragment_data *fd_head = NULL;
tvbuff_t *auth_tvb, *payload_tvb, *decrypted_tvb;
proto_item *pi;
@@ -3135,13 +3145,13 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
length = reported_length;
payload_tvb = tvb_new_subset(tvb, offset, length, reported_length);
- auth_tvb=NULL;
+ auth_tvb = NULL;
/*don't bother if we don't have the entire tvb */
/*XXX we should really make sure we calculate auth_info->auth_data
and use that one instead of this auth_tvb hack
*/
- if(tvb_length(tvb)==tvb_reported_length(tvb)){
- if(tvb_length_remaining(tvb, offset+length)>8){
+ if (tvb_length(tvb) == tvb_reported_length(tvb)) {
+ if (tvb_length_remaining(tvb, offset+length) > 8) {
auth_tvb = tvb_new_subset_remaining(tvb, offset+length+8);
}
}
@@ -3149,7 +3159,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
/* Decrypt the PDU if it is encrypted */
if (auth_info->auth_type &&
- auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY) {
+ (auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY)) {
/*
* We know the authentication type, and the authentication
* level is "Packet privacy", meaning the payload is
@@ -3163,7 +3173,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
* so we call it in order to have a chance to decipher the data
*/
if (DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN == auth_info->auth_type) {
- dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, auth_info);
+ dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, auth_info);
}
if ((auth_fns = get_auth_subdissector_fns(
@@ -3194,7 +3204,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
decrypted_tvb = payload_tvb;
/* if this packet is not fragmented, just dissect it and exit */
- if(PFC_NOT_FRAGMENTED(hdr)){
+ if (PFC_NOT_FRAGMENTED(hdr)) {
pinfo->fragmented = FALSE;
dcerpc_try_handoff(
@@ -3218,14 +3228,14 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
XXX - if we're not doing reassembly, can we decrypt an
encrypted stub?
*/
- if( (!dcerpc_reassemble) && hdr->flags&PFC_FIRST_FRAG ){
+ if ( (!dcerpc_reassemble) && (hdr->flags & PFC_FIRST_FRAG) ) {
dcerpc_try_handoff(
pinfo, tree, dcerpc_tree, payload_tvb, decrypted_tvb,
hdr->drep, di, auth_info);
- expert_add_info_format(pinfo, NULL, PI_REASSEMBLE, PI_CHAT,
- "%s fragment", fragment_type(hdr->flags));
+ expert_add_info_format(pinfo, NULL, PI_REASSEMBLE, PI_CHAT,
+ "%s fragment", fragment_type(hdr->flags));
pinfo->fragmented = save_fragmented;
return;
@@ -3235,8 +3245,8 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
and if so dissect the full pdu.
then exit
*/
- if(pinfo->fd->flags.visited){
- fd_head=fragment_get_reassembled(frame, dcerpc_co_reassemble_table);
+ if (pinfo->fd->flags.visited) {
+ fd_head = fragment_get_reassembled(frame, dcerpc_co_reassemble_table);
goto end_cn_stub;
}
@@ -3244,13 +3254,13 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
nor the first fragment then there is nothing more we can do
so we just have to exit
*/
- if( !dcerpc_reassemble || (tvb_length(tvb)!=tvb_reported_length(tvb)) )
+ if ( !dcerpc_reassemble || (tvb_length(tvb) != tvb_reported_length(tvb)) )
goto end_cn_stub;
/* if we didn't get 'frame' we don't know where the PDU started and thus
it is pointless to continue
*/
- if(!frame)
+ if (!frame)
goto end_cn_stub;
/* from now on we must attempt to reassemble the PDU
@@ -3284,9 +3294,9 @@ end_cn_stub:
* (multiple fragments in one PDU are possible!)
* dissect the full PDU
*/
- if(fd_head && (fd_head->flags&FD_DEFRAGMENTED) ){
+ if (fd_head && (fd_head->flags & FD_DEFRAGMENTED) ) {
- if(pinfo->fd->num==fd_head->reassembled_in && (hdr->flags&PFC_LAST_FRAG) ){
+ if ((pinfo->fd->num == fd_head->reassembled_in) && (hdr->flags & PFC_LAST_FRAG) ) {
tvbuff_t *next_tvb;
proto_item *frag_tree_item;
@@ -3299,7 +3309,7 @@ end_cn_stub:
/* the toplevel fragment subtree is now behind all desegmented data,
* move it right behind the DCE/RPC tree */
dcerpc_tree_item = proto_tree_get_parent(dcerpc_tree);
- if(frag_tree_item && dcerpc_tree_item) {
+ if (frag_tree_item && dcerpc_tree_item) {
proto_tree_move_item(tree, dcerpc_tree_item, frag_tree_item);
}
@@ -3309,11 +3319,11 @@ end_cn_stub:
"%s fragment, reassembled",
fragment_type(hdr->flags));
- dcerpc_try_handoff (pinfo, tree, dcerpc_tree, next_tvb,
- next_tvb, hdr->drep, di, auth_info);
+ dcerpc_try_handoff(pinfo, tree, dcerpc_tree, next_tvb,
+ next_tvb, hdr->drep, di, auth_info);
} else {
- if(decrypted_tvb){
+ if (decrypted_tvb) {
pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_reassembled_in,
decrypted_tvb, 0, 0, fd_head->reassembled_in);
} else {
@@ -3322,7 +3332,7 @@ end_cn_stub:
}
PROTO_ITEM_SET_GENERATED(pi);
parent_pi = proto_tree_get_parent(dcerpc_tree);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Reas: #%u]", fd_head->reassembled_in);
}
col_append_fstr(pinfo->cinfo, COL_INFO,
@@ -3336,10 +3346,10 @@ end_cn_stub:
expert_add_info_format(pinfo, NULL, PI_REASSEMBLE, PI_CHAT,
"%s fragment", fragment_type(hdr->flags));
- if(decrypted_tvb){
- show_stub_data (decrypted_tvb, 0, tree, auth_info, FALSE);
+ if (decrypted_tvb) {
+ show_stub_data(decrypted_tvb, 0, tree, auth_info, FALSE);
} else {
- show_stub_data (payload_tvb, 0, tree, auth_info, TRUE);
+ show_stub_data(payload_tvb, 0, tree, auth_info, TRUE);
}
}
@@ -3359,10 +3369,10 @@ struct _dcerpc_bind_value *
dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding)
{
dcerpc_bind_value *bind_value;
- dcerpc_bind_key *key;
- conversation_t *conv;
+ dcerpc_bind_key *key;
+ conversation_t *conv;
- conv = find_conversation (
+ conv = find_conversation(
0,
&binding->addr_a,
&binding->addr_b,
@@ -3372,7 +3382,7 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding)
0);
if (!conv) {
- conv = conversation_new (
+ conv = conversation_new(
0,
&binding->addr_a,
&binding->addr_b,
@@ -3382,14 +3392,14 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding)
0);
}
- bind_value = se_alloc (sizeof (dcerpc_bind_value));
+ bind_value = se_alloc(sizeof (dcerpc_bind_value));
bind_value->uuid = binding->uuid;
bind_value->ver = binding->ver;
/* For now, assume all DCE/RPC we pick from "decode as" is using
standard ndr and not ndr64.
We should make this selectable from the dialog in the future
*/
- bind_value->transport=uuid_data_repr_proto;
+ bind_value->transport = uuid_data_repr_proto;
key = se_alloc(sizeof (dcerpc_bind_key));
key->conv = conv;
@@ -3404,44 +3414,44 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding)
}
static void
-dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, proto_tree *tree,
- e_dce_cn_common_hdr_t *hdr)
+dissect_dcerpc_cn_rqst(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, proto_tree *tree,
+ e_dce_cn_common_hdr_t *hdr)
{
- conversation_t *conv;
- guint16 ctx_id;
- guint16 opnum;
- e_uuid_t obj_id = DCERPC_UUID_NULL;
- dcerpc_auth_info auth_info;
- guint32 alloc_hint;
- proto_item *pi;
- proto_item *parent_pi;
-
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_alloc_hint, &alloc_hint);
-
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_ctx_id, &ctx_id);
+ conversation_t *conv;
+ guint16 ctx_id;
+ guint16 opnum;
+ e_uuid_t obj_id = DCERPC_UUID_NULL;
+ dcerpc_auth_info auth_info;
+ guint32 alloc_hint;
+ proto_item *pi;
+ proto_item *parent_pi;
+
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_alloc_hint, &alloc_hint);
+
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_ctx_id, &ctx_id);
parent_pi = proto_tree_get_parent(dcerpc_tree);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, " Ctx: %u", ctx_id);
}
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_opnum, &opnum);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_opnum, &opnum);
/* save context ID for use with dcerpc_add_conv_to_bind_table() */
pinfo->dcectxid = ctx_id;
- col_append_fstr (pinfo->cinfo, COL_INFO, " opnum: %u ctx_id: %u",
- opnum, ctx_id);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " opnum: %u ctx_id: %u",
+ opnum, ctx_id);
if (hdr->flags & PFC_OBJECT_UUID) {
- dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id);
+ dcerpc_tvb_get_uuid(tvb, offset, hdr->drep, &obj_id);
if (dcerpc_tree) {
- proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s",
- guid_to_str((e_guid_t *) &obj_id));
+ proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_obj_id, tvb,
+ offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &obj_id));
}
offset += 16;
}
@@ -3450,12 +3460,12 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
* XXX - what if this was set when the connection was set up,
* and we just have a security context?
*/
- dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info);
+ dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info);
- conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
- pinfo->srcport, pinfo->destport, 0);
+ conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
+ pinfo->srcport, pinfo->destport, 0);
if (!conv)
- show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
+ show_stub_data(tvb, offset, dcerpc_tree, &auth_info, TRUE);
else {
dcerpc_matched_key matched_key, *new_matched_key;
dcerpc_call_value *value;
@@ -3468,26 +3478,26 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
matched_key.frame = pinfo->fd->num;
matched_key.call_id = hdr->call_id;
value = g_hash_table_lookup(dcerpc_matched, &matched_key);
- if(!value){
+ if (!value) {
dcerpc_bind_key bind_key;
dcerpc_bind_value *bind_value;
- bind_key.conv=conv;
- bind_key.ctx_id=ctx_id;
- bind_key.smb_fid=dcerpc_get_transport_salt(pinfo);
+ bind_key.conv = conv;
+ bind_key.ctx_id = ctx_id;
+ bind_key.smb_fid = dcerpc_get_transport_salt(pinfo);
- if((bind_value=g_hash_table_lookup(dcerpc_binds, &bind_key)) ){
- if(!(hdr->flags&PFC_FIRST_FRAG)){
+ if ((bind_value = g_hash_table_lookup(dcerpc_binds, &bind_key)) ) {
+ if (!(hdr->flags&PFC_FIRST_FRAG)) {
dcerpc_cn_call_key call_key;
dcerpc_call_value *call_value;
- call_key.conv=conv;
- call_key.call_id=hdr->call_id;
- call_key.smb_fid=dcerpc_get_transport_salt(pinfo);
- if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){
+ call_key.conv = conv;
+ call_key.call_id = hdr->call_id;
+ call_key.smb_fid = dcerpc_get_transport_salt(pinfo);
+ if ((call_value = g_hash_table_lookup(dcerpc_cn_calls, &call_key))) {
new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
*new_matched_key = matched_key;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
+ g_hash_table_insert(dcerpc_matched, new_matched_key, call_value);
value = call_value;
}
} else {
@@ -3499,26 +3509,26 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
the call to both the call table and the
matched table
*/
- call_key=se_alloc (sizeof (dcerpc_cn_call_key));
- call_key->conv=conv;
- call_key->call_id=hdr->call_id;
- call_key->smb_fid=dcerpc_get_transport_salt(pinfo);
+ call_key = se_alloc(sizeof (dcerpc_cn_call_key));
+ call_key->conv = conv;
+ call_key->call_id = hdr->call_id;
+ call_key->smb_fid = dcerpc_get_transport_salt(pinfo);
/* if there is already a matching call in the table
remove it so it is replaced with the new one */
- if(g_hash_table_lookup(dcerpc_cn_calls, call_key)){
+ if (g_hash_table_lookup(dcerpc_cn_calls, call_key)) {
g_hash_table_remove(dcerpc_cn_calls, call_key);
}
- call_value=se_alloc (sizeof (dcerpc_call_value));
+ call_value = se_alloc(sizeof (dcerpc_call_value));
call_value->uuid = bind_value->uuid;
call_value->ver = bind_value->ver;
call_value->object_uuid = obj_id;
call_value->opnum = opnum;
- call_value->req_frame=pinfo->fd->num;
- call_value->req_time=pinfo->fd->abs_ts;
- call_value->rep_frame=0;
- call_value->max_ptr=0;
+ call_value->req_frame = pinfo->fd->num;
+ call_value->req_time = pinfo->fd->abs_ts;
+ call_value->rep_frame = 0;
+ call_value->max_ptr = 0;
call_value->se_data = NULL;
call_value->private_data = NULL;
call_value->pol = NULL;
@@ -3527,11 +3537,11 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
call_value->flags |= DCERPC_IS_NDR64;
}
- g_hash_table_insert (dcerpc_cn_calls, call_key, call_value);
+ g_hash_table_insert(dcerpc_cn_calls, call_key, call_value);
new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
*new_matched_key = matched_key;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
+ g_hash_table_insert(dcerpc_matched, new_matched_key, call_value);
value = call_value;
}
}
@@ -3540,7 +3550,7 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (value) {
dcerpc_info *di;
- di=get_next_di();
+ di = get_next_di();
/* handoff this call */
di->conv = conv;
di->call_id = hdr->call_id;
@@ -3549,16 +3559,16 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
di->call_data = value;
di->hf_index = -1;
- if(value->rep_frame!=0){
+ if (value->rep_frame != 0) {
pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_response_in,
tvb, 0, 0, value->rep_frame);
PROTO_ITEM_SET_GENERATED(pi);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Resp: #%u]", value->rep_frame);
}
}
- dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree,
+ dissect_dcerpc_cn_stub(tvb, offset, pinfo, dcerpc_tree, tree,
hdr, di, &auth_info, alloc_hint,
value->req_frame);
} else {
@@ -3567,46 +3577,46 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
PROTO_ITEM_SET_GENERATED(pi);
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "No bind info for interface Context ID:%u",
ctx_id);
- show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
+ show_stub_data(tvb, offset, dcerpc_tree, &auth_info, TRUE);
}
}
/* Dissect the verifier */
- dissect_dcerpc_verifier (tvb, pinfo, dcerpc_tree, hdr, &auth_info);
+ dissect_dcerpc_verifier(tvb, pinfo, dcerpc_tree, hdr, &auth_info);
}
static void
-dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, proto_tree *tree,
- e_dce_cn_common_hdr_t *hdr)
+dissect_dcerpc_cn_resp(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, proto_tree *tree,
+ e_dce_cn_common_hdr_t *hdr)
{
- dcerpc_call_value *value = NULL;
- conversation_t *conv;
- guint16 ctx_id;
- dcerpc_auth_info auth_info;
- guint32 alloc_hint;
- proto_item *pi;
- proto_item *parent_pi;
- e_uuid_t obj_id_null = DCERPC_UUID_NULL;
-
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_alloc_hint, &alloc_hint);
-
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_ctx_id, &ctx_id);
+ dcerpc_call_value *value = NULL;
+ conversation_t *conv;
+ guint16 ctx_id;
+ dcerpc_auth_info auth_info;
+ guint32 alloc_hint;
+ proto_item *pi;
+ proto_item *parent_pi;
+ e_uuid_t obj_id_null = DCERPC_UUID_NULL;
+
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_alloc_hint, &alloc_hint);
+
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_ctx_id, &ctx_id);
parent_pi = proto_tree_get_parent(dcerpc_tree);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, " Ctx: %u", ctx_id);
}
/* save context ID for use with dcerpc_add_conv_to_bind_table() */
pinfo->dcectxid = ctx_id;
- col_append_fstr (pinfo->cinfo, COL_INFO, " ctx_id: %u", ctx_id);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " ctx_id: %u", ctx_id);
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_cancel_count, NULL);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_cancel_count, NULL);
/* padding */
offset++;
@@ -3614,14 +3624,14 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
* XXX - what if this was set when the connection was set up,
* and we just have a security context?
*/
- dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info);
+ dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info);
- conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
- pinfo->srcport, pinfo->destport, 0);
+ conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
+ pinfo->srcport, pinfo->destport, 0);
if (!conv) {
/* no point in creating one here, really */
- show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
+ show_stub_data(tvb, offset, dcerpc_tree, &auth_info, TRUE);
} else {
dcerpc_matched_key matched_key, *new_matched_key;
@@ -3632,25 +3642,25 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
*/
matched_key.frame = pinfo->fd->num;
matched_key.call_id = hdr->call_id;
- value=g_hash_table_lookup(dcerpc_matched, &matched_key);
- if(!value){
+ value = g_hash_table_lookup(dcerpc_matched, &matched_key);
+ if (!value) {
dcerpc_cn_call_key call_key;
dcerpc_call_value *call_value;
- call_key.conv=conv;
- call_key.call_id=hdr->call_id;
- call_key.smb_fid=dcerpc_get_transport_salt(pinfo);
+ call_key.conv = conv;
+ call_key.call_id = hdr->call_id;
+ call_key.smb_fid = dcerpc_get_transport_salt(pinfo);
- if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){
+ if ((call_value = g_hash_table_lookup(dcerpc_cn_calls, &call_key))) {
/* extra sanity check, only match them if the reply
came after the request */
- if(call_value->req_frame<pinfo->fd->num){
+ if (call_value->req_frame<pinfo->fd->num) {
new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
*new_matched_key = matched_key;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
+ g_hash_table_insert(dcerpc_matched, new_matched_key, call_value);
value = call_value;
- if(call_value->rep_frame==0){
- call_value->rep_frame=pinfo->fd->num;
+ if (call_value->rep_frame == 0) {
+ call_value->rep_frame = pinfo->fd->num;
}
}
}
@@ -3659,7 +3669,7 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (value) {
dcerpc_info *di;
- di=get_next_di();
+ di = get_next_di();
/* handoff this call */
di->conv = conv;
di->call_id = hdr->call_id;
@@ -3667,23 +3677,23 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
di->ptype = PDU_RESP;
di->call_data = value;
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum);
/* (optional) "Object UUID" from request */
- if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) {
- pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s",
- guid_to_str((e_guid_t *) &value->object_uuid));
+ if (value && dcerpc_tree && (memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0)) {
+ pi = proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_obj_id, tvb,
+ offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &value->object_uuid));
PROTO_ITEM_SET_GENERATED(pi);
}
/* request in */
- if(value->req_frame!=0){
+ if (value->req_frame != 0) {
nstime_t delta_ts;
pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_request_in,
tvb, 0, 0, value->req_frame);
PROTO_ITEM_SET_GENERATED(pi);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Req: #%u]", value->req_frame);
}
nstime_delta(&delta_ts, &pinfo->fd->abs_ts, &value->req_time);
@@ -3696,54 +3706,56 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
"No request to this DCE/RPC call found");
}
- dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree,
- hdr, di, &auth_info, alloc_hint,
- value->rep_frame);
+ dissect_dcerpc_cn_stub(tvb, offset, pinfo, dcerpc_tree, tree,
+ hdr, di, &auth_info, alloc_hint,
+ value->rep_frame);
} else {
/* no bind information, simply show stub data */
pi = proto_tree_add_text(dcerpc_tree, tvb, offset, 0, "No bind info for this interface Context ID - capture start too late?");
PROTO_ITEM_SET_GENERATED(pi);
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "No bind info for interface Context ID:%u",
ctx_id);
- show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
+ show_stub_data(tvb, offset, dcerpc_tree, &auth_info, TRUE);
}
}
/* Dissect the verifier */
- dissect_dcerpc_verifier (tvb, pinfo, dcerpc_tree, hdr, &auth_info);
+ dissect_dcerpc_verifier(tvb, pinfo, dcerpc_tree, hdr, &auth_info);
}
static void
-dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
+dissect_dcerpc_cn_fault(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
{
dcerpc_call_value *value = NULL;
- conversation_t *conv;
- guint16 ctx_id;
- guint32 status;
- guint32 alloc_hint;
- dcerpc_auth_info auth_info;
- proto_item *pi = NULL;
+ conversation_t *conv;
+ guint16 ctx_id;
+ guint32 status;
+ guint32 alloc_hint;
+ dcerpc_auth_info auth_info;
+ proto_item *pi = NULL;
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_alloc_hint, &alloc_hint);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_alloc_hint, &alloc_hint);
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_ctx_id, &ctx_id);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_ctx_id, &ctx_id);
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_cancel_count, NULL);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_cancel_count, NULL);
/* padding */
offset++;
- /*offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_status, &status);*/
+#if 0
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_status, &status);
+#endif
status = ((hdr->drep[0] & DREP_LITTLE_ENDIAN)
- ? tvb_get_letohl (tvb, offset)
- : tvb_get_ntohl (tvb, offset));
+ ? tvb_get_letohl(tvb, offset)
+ : tvb_get_ntohl(tvb, offset));
if (dcerpc_tree) {
- pi = proto_tree_add_item (dcerpc_tree, hf_dcerpc_cn_status, tvb, offset, 4, DREP_ENC_INTEGER(hdr->drep));
+ pi = proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_status, tvb, offset, 4, DREP_ENC_INTEGER(hdr->drep));
}
offset+=4;
@@ -3753,10 +3765,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* save context ID for use with dcerpc_add_conv_to_bind_table() */
pinfo->dcectxid = ctx_id;
- col_append_fstr (pinfo->cinfo, COL_INFO,
- " ctx_id: %u status: %s", ctx_id,
- val_to_str(status, reject_status_vals,
- "Unknown (0x%08x)"));
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ " ctx_id: %u status: %s", ctx_id,
+ val_to_str(status, reject_status_vals,
+ "Unknown (0x%08x)"));
/* padding */
offset += 4;
@@ -3765,10 +3777,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
* XXX - what if this was set when the connection was set up,
* and we just have a security context?
*/
- dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info);
+ dissect_dcerpc_cn_auth(tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info);
- conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
- pinfo->srcport, pinfo->destport, 0);
+ conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
+ pinfo->srcport, pinfo->destport, 0);
if (!conv) {
/* no point in creating one here, really */
} else {
@@ -3781,23 +3793,23 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
*/
matched_key.frame = pinfo->fd->num;
matched_key.call_id = hdr->call_id;
- value=g_hash_table_lookup(dcerpc_matched, &matched_key);
- if(!value){
+ value = g_hash_table_lookup(dcerpc_matched, &matched_key);
+ if (!value) {
dcerpc_cn_call_key call_key;
dcerpc_call_value *call_value;
- call_key.conv=conv;
- call_key.call_id=hdr->call_id;
- call_key.smb_fid=dcerpc_get_transport_salt(pinfo);
+ call_key.conv = conv;
+ call_key.call_id = hdr->call_id;
+ call_key.smb_fid = dcerpc_get_transport_salt(pinfo);
- if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){
+ if ((call_value = g_hash_table_lookup(dcerpc_cn_calls, &call_key))) {
new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
*new_matched_key = matched_key;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
+ g_hash_table_insert(dcerpc_matched, new_matched_key, call_value);
value = call_value;
- if(call_value->rep_frame==0){
- call_value->rep_frame=pinfo->fd->num;
+ if (call_value->rep_frame == 0) {
+ call_value->rep_frame = pinfo->fd->num;
}
}
@@ -3808,7 +3820,7 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
dcerpc_info *di;
proto_item *parent_pi;
- di=get_next_di();
+ di = get_next_di();
/* handoff this call */
di->conv = conv;
di->call_id = hdr->call_id;
@@ -3816,14 +3828,14 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
di->ptype = PDU_FAULT;
di->call_data = value;
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum);
- if(value->req_frame!=0){
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum);
+ if (value->req_frame != 0) {
nstime_t delta_ts;
pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_request_in,
tvb, 0, 0, value->req_frame);
PROTO_ITEM_SET_GENERATED(pi);
parent_pi = proto_tree_get_parent(dcerpc_tree);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Req: #%u]", value->req_frame);
}
nstime_delta(&delta_ts, &pinfo->fd->abs_ts, &value->req_time);
@@ -3854,9 +3866,9 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
the entire PDU, or if we don't have all the data in this
fragment, just call the handoff directly if this is the
first fragment or the PDU isn't fragmented. */
- if( (!dcerpc_reassemble) || PFC_NOT_FRAGMENTED(hdr) ||
- !tvb_bytes_exist(tvb, offset, stub_length) ){
- if(hdr->flags&PFC_FIRST_FRAG){
+ if ( (!dcerpc_reassemble) || PFC_NOT_FRAGMENTED(hdr) ||
+ !tvb_bytes_exist(tvb, offset, stub_length) ) {
+ if (hdr->flags&PFC_FIRST_FRAG) {
/* First fragment, possibly the only fragment */
/*
* XXX - should there be a third routine for each
@@ -3871,10 +3883,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (dcerpc_tree) {
if (stub_length > 0) {
tvb_ensure_bytes_exist(tvb, offset, stub_length);
- proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length,
- "Fault stub data (%d byte%s)",
- stub_length,
- plurality(stub_length, "", "s"));
+ proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length,
+ "Fault stub data (%d byte%s)",
+ stub_length,
+ plurality(stub_length, "", "s"));
}
}
} else {
@@ -3882,10 +3894,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (dcerpc_tree) {
if (stub_length > 0) {
tvb_ensure_bytes_exist(tvb, offset, stub_length);
- proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length,
- "Fragment data (%d byte%s)",
- stub_length,
- plurality(stub_length, "", "s"));
+ proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length,
+ "Fragment data (%d byte%s)",
+ stub_length,
+ plurality(stub_length, "", "s"));
}
}
}
@@ -3897,21 +3909,21 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (dcerpc_tree) {
if (length > 0) {
tvb_ensure_bytes_exist(tvb, offset, stub_length);
- proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length,
- "Fragment data (%d byte%s)",
- stub_length,
- plurality(stub_length, "", "s"));
+ proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length,
+ "Fragment data (%d byte%s)",
+ stub_length,
+ plurality(stub_length, "", "s"));
}
}
- if(hdr->flags&PFC_FIRST_FRAG){ /* FIRST fragment */
- if( (!pinfo->fd->flags.visited) && value->rep_frame ){
+ if (hdr->flags&PFC_FIRST_FRAG) { /* FIRST fragment */
+ if ( (!pinfo->fd->flags.visited) && value->rep_frame ) {
fragment_add_seq_next(tvb, offset, pinfo, value->rep_frame,
dcerpc_co_fragment_table, dcerpc_co_reassemble_table,
stub_length,
TRUE);
}
- } else if(hdr->flags&PFC_LAST_FRAG){ /* LAST fragment */
- if( value->rep_frame ){
+ } else if (hdr->flags&PFC_LAST_FRAG) { /* LAST fragment */
+ if ( value->rep_frame ) {
fragment_data *fd_head;
fd_head = fragment_add_seq_next(tvb, offset, pinfo,
@@ -3920,7 +3932,7 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
stub_length,
TRUE);
- if(fd_head){
+ if (fd_head) {
/* We completed reassembly */
tvbuff_t *next_tvb;
proto_item *frag_tree_item;
@@ -3943,16 +3955,16 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (dcerpc_tree) {
if (length > 0) {
tvb_ensure_bytes_exist(tvb, offset, stub_length);
- proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length,
- "Fault stub data (%d byte%s)",
- stub_length,
- plurality(stub_length, "", "s"));
+ proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length,
+ "Fault stub data (%d byte%s)",
+ stub_length,
+ plurality(stub_length, "", "s"));
}
}
}
}
} else { /* MIDDLE fragment(s) */
- if( (!pinfo->fd->flags.visited) && value->rep_frame ){
+ if ( (!pinfo->fd->flags.visited) && value->rep_frame ) {
fragment_add_seq_next(tvb, offset, pinfo, value->rep_frame,
dcerpc_co_fragment_table, dcerpc_co_reassemble_table,
stub_length,
@@ -3965,36 +3977,36 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
static void
-dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
+dissect_dcerpc_cn_rts(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, e_dce_cn_common_hdr_t *hdr)
{
- proto_item *tf = NULL;
+ proto_item *tf = NULL;
proto_tree *cn_rts_pdu_tree = NULL;
- guint16 rts_flags;
- guint16 commands_nb = 0;
- guint32 *cmd;
- guint32 i;
- const char *info_str = NULL;
+ guint16 rts_flags;
+ guint16 commands_nb = 0;
+ guint32 *cmd;
+ guint32 i;
+ const char *info_str = NULL;
/* Dissect specific RTS header */
- rts_flags = dcerpc_tvb_get_ntohs (tvb, offset, hdr->drep);
+ rts_flags = dcerpc_tvb_get_ntohs(tvb, offset, hdr->drep);
if (dcerpc_tree) {
proto_tree *cn_rts_flags_tree;
- tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_rts_flags, tvb, offset, 2, rts_flags);
+ tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_rts_flags, tvb, offset, 2, rts_flags);
cn_rts_flags_tree = proto_item_add_subtree(tf, ett_dcerpc_cn_rts_flags);
- proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_none, tvb, offset, 1, rts_flags);
- proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_ping, tvb, offset, 1, rts_flags);
- proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_other_cmd, tvb, offset, 1, rts_flags);
- proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_recycle_channel, tvb, offset, 1, rts_flags);
- proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_in_channel, tvb, offset, 1, rts_flags);
- proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_out_channel, tvb, offset, 1, rts_flags);
- proto_tree_add_boolean (cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_eof, tvb, offset, 1, rts_flags);
+ proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_none, tvb, offset, 1, rts_flags);
+ proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_ping, tvb, offset, 1, rts_flags);
+ proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_other_cmd, tvb, offset, 1, rts_flags);
+ proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_recycle_channel, tvb, offset, 1, rts_flags);
+ proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_in_channel, tvb, offset, 1, rts_flags);
+ proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_out_channel, tvb, offset, 1, rts_flags);
+ proto_tree_add_boolean(cn_rts_flags_tree, hf_dcerpc_cn_rts_flags_eof, tvb, offset, 1, rts_flags);
}
offset += 2;
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
- hf_dcerpc_cn_rts_commands_nb, &commands_nb);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree, hdr->drep,
+ hf_dcerpc_cn_rts_commands_nb, &commands_nb);
/* Create the RTS PDU tree - we do not yet know its name */
tf = proto_tree_add_text(dcerpc_tree, tvb, offset, tvb_length_remaining(tvb, offset), "RTS PDU: %u commands", commands_nb);
@@ -4005,44 +4017,44 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* Dissect commands */
for (i = 0; i < commands_nb; ++i) {
proto_tree *cn_rts_command_tree = NULL;
- const guint32 command = dcerpc_tvb_get_ntohl (tvb, offset, hdr->drep);
+ const guint32 command = dcerpc_tvb_get_ntohl(tvb, offset, hdr->drep);
cmd[i] = command;
- tf = proto_tree_add_uint (cn_rts_pdu_tree, hf_dcerpc_cn_rts_command, tvb, offset, 4, command);
+ tf = proto_tree_add_uint(cn_rts_pdu_tree, hf_dcerpc_cn_rts_command, tvb, offset, 4, command);
cn_rts_command_tree = proto_item_add_subtree(tf, ett_dcerpc_cn_rts_command);
offset += 4;
switch (command) {
case RTS_CMD_RECEIVEWINDOWSIZE:
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_receivewindowsize, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_receivewindowsize, NULL);
break;
case RTS_CMD_FLOWCONTROLACK:
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_bytesreceived, NULL);
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_availablewindow, NULL);
- offset = dissect_dcerpc_uuid_t (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_channelcookie, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_bytesreceived, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_availablewindow, NULL);
+ offset = dissect_dcerpc_uuid_t(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_fack_channelcookie, NULL);
break;
case RTS_CMD_CONNECTIONTIMEOUT:
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_connectiontimeout, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_connectiontimeout, NULL);
break;
case RTS_CMD_COOKIE:
- offset = dissect_dcerpc_uuid_t (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_cookie, NULL);
+ offset = dissect_dcerpc_uuid_t(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_cookie, NULL);
break;
case RTS_CMD_CHANNELLIFETIME:
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_channellifetime, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_channellifetime, NULL);
break;
case RTS_CMD_CLIENTKEEPALIVE:
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_clientkeepalive, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_clientkeepalive, NULL);
break;
case RTS_CMD_VERSION:
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_version, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_version, NULL);
break;
case RTS_CMD_EMPTY:
break;
case RTS_CMD_PADDING: {
guint8 *padding;
- const guint32 conformance_count = dcerpc_tvb_get_ntohl (tvb, offset, hdr->drep);
- proto_tree_add_uint (cn_rts_command_tree, hf_dcerpc_cn_rts_command_conformancecount, tvb, offset, 4, conformance_count);
+ const guint32 conformance_count = dcerpc_tvb_get_ntohl(tvb, offset, hdr->drep);
+ proto_tree_add_uint(cn_rts_command_tree, hf_dcerpc_cn_rts_command_conformancecount, tvb, offset, 4, conformance_count);
offset += 4;
padding = tvb_memdup(tvb, offset, conformance_count);
- proto_tree_add_bytes (cn_rts_command_tree, hf_dcerpc_cn_rts_command_padding, tvb, offset, conformance_count, padding);
+ proto_tree_add_bytes(cn_rts_command_tree, hf_dcerpc_cn_rts_command_padding, tvb, offset, conformance_count, padding);
offset += conformance_count;
} break;
case RTS_CMD_NEGATIVEANCE:
@@ -4051,8 +4063,8 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo,
break;
case RTS_CMD_CLIENTADDRESS: {
guint8 *padding;
- const guint32 addrtype = dcerpc_tvb_get_ntohl (tvb, offset, hdr->drep);
- proto_tree_add_uint (cn_rts_command_tree, hf_dcerpc_cn_rts_command_addrtype, tvb, offset, 4, addrtype);
+ const guint32 addrtype = dcerpc_tvb_get_ntohl(tvb, offset, hdr->drep);
+ proto_tree_add_uint(cn_rts_command_tree, hf_dcerpc_cn_rts_command_addrtype, tvb, offset, 4, addrtype);
offset += 4;
switch (addrtype) {
case RTS_IPV4: {
@@ -4068,17 +4080,17 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo,
} break;
}
padding = tvb_memdup(tvb, offset, 12);
- proto_tree_add_bytes (cn_rts_command_tree, hf_dcerpc_cn_rts_command_padding, tvb, offset, 12, padding);
+ proto_tree_add_bytes(cn_rts_command_tree, hf_dcerpc_cn_rts_command_padding, tvb, offset, 12, padding);
offset += 12;
} break;
case RTS_CMD_ASSOCIATIONGROUPID:
- offset = dissect_dcerpc_uuid_t (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_associationgroupid, NULL);
+ offset = dissect_dcerpc_uuid_t(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_associationgroupid, NULL);
break;
case RTS_CMD_DESTINATION:
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_forwarddestination, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_forwarddestination, NULL);
break;
case RTS_CMD_PINGTRAFFICSENTNOTIFY:
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_pingtrafficsentnotify, NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, cn_rts_command_tree, hdr->drep, hf_dcerpc_cn_rts_command_pingtrafficsentnotify, NULL);
break;
default:
proto_tree_add_text(cn_rts_command_tree, tvb, offset, 0, "unknown RTS command number");
@@ -4175,7 +4187,7 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
break;
case RTS_FLAG_RECYCLE_CHANNEL:
- switch(commands_nb) {
+ switch (commands_nb) {
case 1:
if (cmd[0] == 0xD) {
info_str = "OUT_R1/A1,OUT_R1/A2,OUT_R2/A1,OUT_R2/A2";
@@ -4282,20 +4294,20 @@ dissect_dcerpc_cn_rts (tvbuff_t *tvb, gint offset, packet_info *pinfo,
* pinfo->private_data structure to expect.
*/
static gboolean
-dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *tree, gboolean can_desegment, int *pkt_len)
+dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, gboolean can_desegment, int *pkt_len)
{
- static const guint8 nulls[4] = { 0 };
- int start_offset;
- int padding = 0;
- proto_item *ti = NULL;
- proto_item *tf = NULL;
- proto_tree *dcerpc_tree = NULL;
- proto_tree *cn_flags_tree = NULL;
- proto_tree *drep_tree = NULL;
- e_dce_cn_common_hdr_t hdr;
- dcerpc_auth_info auth_info;
- tvbuff_t *fragment_tvb;
+ static const guint8 nulls[4] = { 0 };
+ int start_offset;
+ int padding = 0;
+ proto_item *ti = NULL;
+ proto_item *tf = NULL;
+ proto_tree *dcerpc_tree = NULL;
+ proto_tree *cn_flags_tree = NULL;
+ proto_tree *drep_tree = NULL;
+ e_dce_cn_common_hdr_t hdr;
+ dcerpc_auth_info auth_info;
+ tvbuff_t *fragment_tvb;
/*
* when done over nbt, dcerpc requests are padded with 4 bytes of null
@@ -4306,7 +4318,7 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo,
* the 4 bytes of null padding, and make that the dissector
* used for "netbios".
*/
- if (tvb_memeql (tvb, offset, nulls, 4) == 0) {
+ if (tvb_memeql(tvb, offset, nulls, 4) == 0) {
/*
* Skip the padding.
@@ -4317,59 +4329,59 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo,
/*
* Check if this looks like a C/O DCERPC call
*/
- if (!tvb_bytes_exist (tvb, offset, sizeof (hdr))) {
+ if (!tvb_bytes_exist(tvb, offset, sizeof (hdr))) {
return FALSE; /* not enough information to check */
}
start_offset = offset;
- hdr.rpc_ver = tvb_get_guint8 (tvb, offset++);
+ hdr.rpc_ver = tvb_get_guint8(tvb, offset++);
if (hdr.rpc_ver != 5)
return FALSE;
- hdr.rpc_ver_minor = tvb_get_guint8 (tvb, offset++);
- if (hdr.rpc_ver_minor != 0 && hdr.rpc_ver_minor != 1)
+ hdr.rpc_ver_minor = tvb_get_guint8(tvb, offset++);
+ if ((hdr.rpc_ver_minor != 0) && (hdr.rpc_ver_minor != 1))
return FALSE;
- hdr.ptype = tvb_get_guint8 (tvb, offset++);
+ hdr.ptype = tvb_get_guint8(tvb, offset++);
if (hdr.ptype > PDU_RTS)
return FALSE;
- hdr.flags = tvb_get_guint8 (tvb, offset++);
- tvb_memcpy (tvb, (guint8 *)hdr.drep, offset, sizeof (hdr.drep));
+ hdr.flags = tvb_get_guint8(tvb, offset++);
+ tvb_memcpy(tvb, (guint8 *)hdr.drep, offset, sizeof (hdr.drep));
offset += sizeof (hdr.drep);
- hdr.frag_len = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep);
+ hdr.frag_len = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep);
offset += 2;
- hdr.auth_len = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep);
+ hdr.auth_len = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep);
offset += 2;
- hdr.call_id = dcerpc_tvb_get_ntohl (tvb, offset, hdr.drep);
+ hdr.call_id = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep);
offset += 4;
- if(pinfo->dcectxid == 0) {
- col_append_fstr (pinfo->cinfo, COL_DCE_CALL, "%u", hdr.call_id);
+ if (pinfo->dcectxid == 0) {
+ col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "%u", hdr.call_id);
} else {
/* this is not the first DCE-RPC request/response in this (TCP?-)PDU,
* prepend a delimiter */
- col_append_fstr (pinfo->cinfo, COL_DCE_CALL, "#%u", hdr.call_id);
+ col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "#%u", hdr.call_id);
}
if (can_desegment && pinfo->can_desegment
&& !tvb_bytes_exist(tvb, start_offset, hdr.frag_len)) {
pinfo->desegment_offset = start_offset;
- pinfo->desegment_len = hdr.frag_len - tvb_length_remaining (tvb, start_offset);
+ pinfo->desegment_len = hdr.frag_len - tvb_length_remaining(tvb, start_offset);
*pkt_len = 0; /* desegmentation required */
return TRUE;
}
- col_set_str (pinfo->cinfo, COL_PROTOCOL, "DCERPC");
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCERPC");
- if(pinfo->dcectxid != 0) {
+ if (pinfo->dcectxid != 0) {
/* this is not the first DCE-RPC request/response in this (TCP?-)PDU,
* append a delimiter and set a column fence */
- col_append_str (pinfo->cinfo, COL_INFO, " # ");
+ col_append_str(pinfo->cinfo, COL_INFO, " # ");
col_set_fence(pinfo->cinfo,COL_INFO);
}
- col_add_fstr (pinfo->cinfo, COL_INFO, "%s: call_id: %u",
- pckt_vals[hdr.ptype].strptr, hdr.call_id);
+ col_add_fstr(pinfo->cinfo, COL_INFO, "%s: call_id: %u",
+ pckt_vals[hdr.ptype].strptr, hdr.call_id);
- if(pinfo->dcectxid != 0) {
+ if (pinfo->dcectxid != 0) {
/* this is not the first DCE-RPC request/response in this (TCP?-)PDU */
expert_add_info_format(pinfo, NULL, PI_SEQUENCE, PI_CHAT, "Multiple DCE/RPC fragments/PDU's in one packet");
}
@@ -4377,66 +4389,67 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo,
offset = start_offset;
tvb_ensure_bytes_exist(tvb, offset, 16);
if (tree) {
- ti = proto_tree_add_item (tree, proto_dcerpc, tvb, offset, hdr.frag_len, ENC_NA);
- dcerpc_tree = proto_item_add_subtree (ti, ett_dcerpc);
+ ti = proto_tree_add_item(tree, proto_dcerpc, tvb, offset, hdr.frag_len, ENC_NA);
+ dcerpc_tree = proto_item_add_subtree(ti, ett_dcerpc);
}
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_ver, tvb, offset, 1, hdr.rpc_ver);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_ver, tvb, offset, 1, hdr.rpc_ver);
offset++;
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_ver_minor, tvb, offset, 1, hdr.rpc_ver_minor);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_ver_minor, tvb, offset, 1, hdr.rpc_ver_minor);
offset++;
- tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_packet_type, tvb, offset, 1, hdr.ptype);
+ tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_packet_type, tvb, offset, 1, hdr.ptype);
offset++;
- /* XXX - too much "output noise", removed for now
- if(hdr.ptype == PDU_BIND || hdr.ptype == PDU_ALTER ||
+#if 0 /* XXX - too much "output noise", removed for now */
+ if (hdr.ptype == PDU_BIND || hdr.ptype == PDU_ALTER ||
hdr.ptype == PDU_BIND_ACK || hdr.ptype == PDU_ALTER_ACK)
expert_add_info_format(pinfo, tf, PI_SEQUENCE, PI_CHAT, "Context change: %s",
- val_to_str(hdr.ptype, pckt_vals, "(0x%x)"));*/
- if(hdr.ptype == PDU_BIND_NAK)
+ val_to_str(hdr.ptype, pckt_vals, "(0x%x)"));
+#endif
+ if (hdr.ptype == PDU_BIND_NAK)
expert_add_info_format(pinfo, tf, PI_SEQUENCE, PI_WARN, "Bind not acknowledged");
if (tree) {
proto_item_append_text(ti, " %s, Fragment: %s",
- val_to_str(hdr.ptype, pckt_vals, "Unknown (0x%02x)"),
- fragment_type(hdr.flags));
+ val_to_str(hdr.ptype, pckt_vals, "Unknown (0x%02x)"),
+ fragment_type(hdr.flags));
- tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_flags, tvb, offset, 1, hdr.flags);
- cn_flags_tree = proto_item_add_subtree (tf, ett_dcerpc_cn_flags);
+ tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_flags, tvb, offset, 1, hdr.flags);
+ cn_flags_tree = proto_item_add_subtree(tf, ett_dcerpc_cn_flags);
}
- proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_object, tvb, offset, 1, hdr.flags);
- proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_maybe, tvb, offset, 1, hdr.flags);
- proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_dne, tvb, offset, 1, hdr.flags);
- proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_mpx, tvb, offset, 1, hdr.flags);
- proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_reserved, tvb, offset, 1, hdr.flags);
- proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_cancel_pending, tvb, offset, 1, hdr.flags);
- proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_last_frag, tvb, offset, 1, hdr.flags);
- proto_tree_add_boolean (cn_flags_tree, hf_dcerpc_cn_flags_first_frag, tvb, offset, 1, hdr.flags);
+ proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_object, tvb, offset, 1, hdr.flags);
+ proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_maybe, tvb, offset, 1, hdr.flags);
+ proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_dne, tvb, offset, 1, hdr.flags);
+ proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_mpx, tvb, offset, 1, hdr.flags);
+ proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_reserved, tvb, offset, 1, hdr.flags);
+ proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_cancel_pending, tvb, offset, 1, hdr.flags);
+ proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_last_frag, tvb, offset, 1, hdr.flags);
+ proto_tree_add_boolean(cn_flags_tree, hf_dcerpc_cn_flags_first_frag, tvb, offset, 1, hdr.flags);
offset++;
col_append_fstr(pinfo->cinfo, COL_INFO, " Fragment: %s", fragment_type(hdr.flags));
- if(dcerpc_tree){
- tf = proto_tree_add_bytes (dcerpc_tree, hf_dcerpc_drep, tvb, offset, 4, hdr.drep);
- drep_tree = proto_item_add_subtree (tf, ett_dcerpc_drep);
+ if (dcerpc_tree) {
+ tf = proto_tree_add_bytes(dcerpc_tree, hf_dcerpc_drep, tvb, offset, 4, hdr.drep);
+ drep_tree = proto_item_add_subtree(tf, ett_dcerpc_drep);
}
proto_tree_add_uint(drep_tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, hdr.drep[0] >> 4);
proto_tree_add_uint(drep_tree, hf_dcerpc_drep_character, tvb, offset, 1, hdr.drep[0] & 0x0f);
proto_tree_add_uint(drep_tree, hf_dcerpc_drep_fp, tvb, offset+1, 1, hdr.drep[1]);
offset += sizeof (hdr.drep);
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_frag_len, tvb, offset, 2, hdr.frag_len);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_frag_len, tvb, offset, 2, hdr.frag_len);
offset += 2;
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_auth_len, tvb, offset, 2, hdr.auth_len);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_auth_len, tvb, offset, 2, hdr.auth_len);
offset += 2;
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_cn_call_id, tvb, offset, 4, hdr.call_id);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_cn_call_id, tvb, offset, 4, hdr.call_id);
offset += 4;
- if(ti){
+ if (ti) {
proto_item_append_text(ti, ", FragLen: %u, Call: %u", hdr.frag_len, hdr.call_id);
}
@@ -4474,36 +4487,36 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo,
switch (hdr.ptype) {
case PDU_BIND:
case PDU_ALTER:
- dissect_dcerpc_cn_bind (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_cn_bind(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_BIND_ACK:
case PDU_ALTER_ACK:
- dissect_dcerpc_cn_bind_ack (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_cn_bind_ack(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_AUTH3:
/*
* Nothing after the common header other than credentials.
*/
- dissect_dcerpc_cn_auth (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, TRUE,
- &auth_info);
+ dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, TRUE,
+ &auth_info);
break;
case PDU_REQ:
- dissect_dcerpc_cn_rqst (fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr);
+ dissect_dcerpc_cn_rqst(fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr);
break;
case PDU_RESP:
- dissect_dcerpc_cn_resp (fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr);
+ dissect_dcerpc_cn_resp(fragment_tvb, offset, pinfo, dcerpc_tree, tree, &hdr);
break;
case PDU_FAULT:
- dissect_dcerpc_cn_fault (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_cn_fault(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_BIND_NAK:
- dissect_dcerpc_cn_bind_nak (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_cn_bind_nak(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_CO_CANCEL:
@@ -4512,8 +4525,8 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo,
* Nothing after the common header other than an authentication
* verifier.
*/
- dissect_dcerpc_cn_auth (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE,
- &auth_info);
+ dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE,
+ &auth_info);
break;
case PDU_SHUTDOWN:
@@ -4523,13 +4536,13 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo,
*/
break;
case PDU_RTS:
- dissect_dcerpc_cn_rts (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_cn_rts(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
default:
/* might as well dissect the auth info */
- dissect_dcerpc_cn_auth (fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE,
- &auth_info);
+ dissect_dcerpc_cn_auth(fragment_tvb, offset, pinfo, dcerpc_tree, &hdr, FALSE,
+ &auth_info);
break;
}
return TRUE;
@@ -4540,14 +4553,14 @@ dissect_dcerpc_cn (tvbuff_t *tvb, int offset, packet_info *pinfo,
* transports
*/
static gboolean
-dissect_dcerpc_cn_pk (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+dissect_dcerpc_cn_pk(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/*
* Only one PDU per transport packet, and only one transport
* packet per PDU.
*/
- pinfo->dcetransporttype=DCE_TRANSPORT_UNKNOWN;
- if (!dissect_dcerpc_cn (tvb, 0, pinfo, tree, FALSE, NULL)) {
+ pinfo->dcetransporttype = DCE_TRANSPORT_UNKNOWN;
+ if (!dissect_dcerpc_cn(tvb, 0, pinfo, tree, FALSE, NULL)) {
/*
* It wasn't a DCERPC PDU.
*/
@@ -4567,12 +4580,12 @@ dissect_dcerpc_cn_pk (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
* to be able to know what kind of private_data structure to expect.
*/
static gboolean
-dissect_dcerpc_cn_bs_body (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+dissect_dcerpc_cn_bs_body(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- volatile int offset = 0;
- int pdu_len = 0;
+ volatile int offset = 0;
+ int pdu_len = 0;
volatile gboolean dcerpc_pdus = 0;
- volatile gboolean ret = FALSE;
+ volatile gboolean ret = FALSE;
/*
* There may be multiple PDUs per transport packet; keep
@@ -4590,7 +4603,7 @@ dissect_dcerpc_cn_bs_body (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
*/
TRY {
pdu_len = 0;
- if(dissect_dcerpc_cn (tvb, offset, pinfo, tree,
+ if (dissect_dcerpc_cn(tvb, offset, pinfo, tree,
dcerpc_cn_desegment, &pdu_len)) {
dcerpc_pdus++;
}
@@ -4644,35 +4657,35 @@ dissect_dcerpc_cn_bs_body (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
}
static gboolean
-dissect_dcerpc_cn_bs (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+dissect_dcerpc_cn_bs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- pinfo->dcetransporttype=DCE_TRANSPORT_UNKNOWN;
+ pinfo->dcetransporttype = DCE_TRANSPORT_UNKNOWN;
return dissect_dcerpc_cn_bs_body(tvb, pinfo, tree);
}
static gboolean
-dissect_dcerpc_cn_smbpipe (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+dissect_dcerpc_cn_smbpipe(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- pinfo->dcetransporttype=DCE_CN_TRANSPORT_SMBPIPE;
+ pinfo->dcetransporttype = DCE_CN_TRANSPORT_SMBPIPE;
return dissect_dcerpc_cn_bs_body(tvb, pinfo, tree);
}
static gboolean
-dissect_dcerpc_cn_smb2 (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+dissect_dcerpc_cn_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- pinfo->dcetransporttype=DCE_TRANSPORT_UNKNOWN;
+ pinfo->dcetransporttype = DCE_TRANSPORT_UNKNOWN;
return dissect_dcerpc_cn_bs_body(tvb, pinfo, tree);
}
static void
-dissect_dcerpc_dg_auth (tvbuff_t *tvb, int offset, proto_tree *dcerpc_tree,
- e_dce_dg_common_hdr_t *hdr, int *auth_level_p)
+dissect_dcerpc_dg_auth(tvbuff_t *tvb, int offset, proto_tree *dcerpc_tree,
+ e_dce_dg_common_hdr_t *hdr, int *auth_level_p)
{
- proto_item *ti = NULL;
+ proto_item *ti = NULL;
proto_tree *auth_tree = NULL;
- guint8 protection_level;
+ guint8 protection_level;
/*
* Initially set "*auth_level_p" to -1 to indicate that we haven't
@@ -4694,73 +4707,73 @@ dissect_dcerpc_dg_auth (tvbuff_t *tvb, int offset, proto_tree *dcerpc_tree,
switch (hdr->auth_proto) {
case DCE_C_RPC_AUTHN_PROTOCOL_KRB5:
- ti = proto_tree_add_text (dcerpc_tree, tvb, offset, -1, "Kerberos authentication verifier");
- auth_tree = proto_item_add_subtree (ti, ett_dcerpc_krb5_auth_verf);
- protection_level = tvb_get_guint8 (tvb, offset);
+ ti = proto_tree_add_text(dcerpc_tree, tvb, offset, -1, "Kerberos authentication verifier");
+ auth_tree = proto_item_add_subtree(ti, ett_dcerpc_krb5_auth_verf);
+ protection_level = tvb_get_guint8(tvb, offset);
if (auth_level_p != NULL)
*auth_level_p = protection_level;
- proto_tree_add_uint (auth_tree, hf_dcerpc_krb5_av_prot_level, tvb, offset, 1, protection_level);
+ proto_tree_add_uint(auth_tree, hf_dcerpc_krb5_av_prot_level, tvb, offset, 1, protection_level);
offset++;
- proto_tree_add_item (auth_tree, hf_dcerpc_krb5_av_key_vers_num, tvb, offset, 1, ENC_BIG_ENDIAN);
+ proto_tree_add_item(auth_tree, hf_dcerpc_krb5_av_key_vers_num, tvb, offset, 1, ENC_BIG_ENDIAN);
offset++;
if (protection_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY)
offset += 6; /* 6 bytes of padding */
else
offset += 2; /* 2 bytes of padding */
- proto_tree_add_item (auth_tree, hf_dcerpc_krb5_av_key_auth_verifier, tvb, offset, 16, ENC_NA);
+ proto_tree_add_item(auth_tree, hf_dcerpc_krb5_av_key_auth_verifier, tvb, offset, 16, ENC_NA);
offset += 16;
break;
default:
- proto_tree_add_text (dcerpc_tree, tvb, offset, -1, "Authentication verifier");
+ proto_tree_add_text(dcerpc_tree, tvb, offset, -1, "Authentication verifier");
break;
}
}
}
static void
-dissect_dcerpc_dg_cancel_ack (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree,
- e_dce_dg_common_hdr_t *hdr)
+dissect_dcerpc_dg_cancel_ack(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree,
+ e_dce_dg_common_hdr_t *hdr)
{
guint32 version;
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_cancel_vers,
- &version);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_cancel_vers,
+ &version);
switch (version) {
case 0:
/* The only version we know about */
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_cancel_id,
- NULL);
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_server_accepting_cancels,
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_cancel_id,
NULL);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_server_accepting_cancels,
+ NULL);
break;
}
}
static void
-dissect_dcerpc_dg_cancel (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree,
- e_dce_dg_common_hdr_t *hdr)
+dissect_dcerpc_dg_cancel(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree,
+ e_dce_dg_common_hdr_t *hdr)
{
guint32 version;
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_cancel_vers,
- &version);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_cancel_vers,
+ &version);
switch (version) {
case 0:
/* The only version we know about */
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_cancel_id,
- NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_cancel_id,
+ NULL);
/* XXX - are NDR Booleans 32 bits? */
/* XXX - the RPC reference in chapter: "the cancel PDU" doesn't mention
@@ -4773,18 +4786,18 @@ dissect_dcerpc_dg_cancel (tvbuff_t *tvb, int offset, packet_info *pinfo,
}
static void
-dissect_dcerpc_dg_fack (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree,
- e_dce_dg_common_hdr_t *hdr)
+dissect_dcerpc_dg_fack(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree,
+ e_dce_dg_common_hdr_t *hdr)
{
- guint8 version;
+ guint8 version;
guint16 serial_num;
guint16 selack_len;
- guint i;
+ guint i;
- offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_fack_vers,
- &version);
+ offset = dissect_dcerpc_uint8(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_fack_vers,
+ &version);
/* padding */
offset++;
@@ -4792,27 +4805,27 @@ dissect_dcerpc_dg_fack (tvbuff_t *tvb, int offset, packet_info *pinfo,
case 0: /* The only version documented in the DCE RPC 1.1 spec */
case 1: /* This appears to be the same */
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_fack_window_size,
- NULL);
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_fack_max_tsdu,
- NULL);
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_fack_max_frag_size,
- NULL);
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_fack_serial_num,
- &serial_num);
- col_append_fstr (pinfo->cinfo, COL_INFO, " serial: %u",
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_fack_window_size,
+ NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_fack_max_tsdu,
+ NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_fack_max_frag_size,
+ NULL);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_fack_serial_num,
+ &serial_num);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " serial: %u",
serial_num);
- offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_fack_selack_len,
- &selack_len);
+ offset = dissect_dcerpc_uint16(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_fack_selack_len,
+ &selack_len);
for (i = 0; i < selack_len; i++) {
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_fack_selack,
- NULL);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_fack_selack,
+ NULL);
}
break;
@@ -4820,15 +4833,15 @@ dissect_dcerpc_dg_fack (tvbuff_t *tvb, int offset, packet_info *pinfo,
}
static void
-dissect_dcerpc_dg_reject_fault (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree,
- e_dce_dg_common_hdr_t *hdr)
+dissect_dcerpc_dg_reject_fault(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree,
+ e_dce_dg_common_hdr_t *hdr)
{
guint32 status;
- offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree,
- hdr->drep, hf_dcerpc_dg_status,
- &status);
+ offset = dissect_dcerpc_uint32(tvb, offset, pinfo, dcerpc_tree,
+ hdr->drep, hf_dcerpc_dg_status,
+ &status);
col_append_fstr (pinfo->cinfo, COL_INFO,
": status: %s",
@@ -4836,22 +4849,22 @@ dissect_dcerpc_dg_reject_fault (tvbuff_t *tvb, int offset, packet_info *pinfo,
}
static void
-dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, proto_tree *tree,
- e_dce_dg_common_hdr_t *hdr, dcerpc_info *di)
+dissect_dcerpc_dg_stub(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, proto_tree *tree,
+ e_dce_dg_common_hdr_t *hdr, dcerpc_info *di)
{
- int length, reported_length, stub_length;
- gboolean save_fragmented;
+ int length, reported_length, stub_length;
+ gboolean save_fragmented;
fragment_data *fd_head;
- tvbuff_t *next_tvb;
- proto_item *pi;
- proto_item *parent_pi;
+ tvbuff_t *next_tvb;
+ proto_item *pi;
+ proto_item *parent_pi;
- col_append_fstr (pinfo->cinfo, COL_INFO, " opnum: %u len: %u",
- di->call_data->opnum, hdr->frag_len );
+ col_append_fstr(pinfo->cinfo, COL_INFO, " opnum: %u len: %u",
+ di->call_data->opnum, hdr->frag_len );
- length = tvb_length_remaining (tvb, offset);
- reported_length = tvb_reported_length_remaining (tvb, offset);
+ length = tvb_length_remaining(tvb, offset);
+ reported_length = tvb_reported_length_remaining(tvb, offset);
stub_length = hdr->frag_len;
if (length > stub_length)
length = stub_length;
@@ -4865,9 +4878,9 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
not reassembled at a lower layer) that doesn't include all
the data in the fragment, just call the handoff directly if
this is the first fragment or the PDU isn't fragmented. */
- if( (!dcerpc_reassemble) || !(hdr->flags1 & PFCL1_FRAG) ||
- !tvb_bytes_exist(tvb, offset, stub_length) ){
- if(hdr->frag_num == 0) {
+ if ( (!dcerpc_reassemble) || !(hdr->flags1 & PFCL1_FRAG) ||
+ !tvb_bytes_exist(tvb, offset, stub_length) ) {
+ if (hdr->frag_num == 0) {
/* First fragment, possibly the only fragment */
@@ -4876,19 +4889,19 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
* XXX - authentication info?
*/
pinfo->fragmented = (hdr->flags1 & PFCL1_FRAG);
- next_tvb = tvb_new_subset (tvb, offset, length,
- reported_length);
- dcerpc_try_handoff (pinfo, tree, dcerpc_tree, next_tvb,
- next_tvb, hdr->drep, di, NULL);
+ next_tvb = tvb_new_subset(tvb, offset, length,
+ reported_length);
+ dcerpc_try_handoff(pinfo, tree, dcerpc_tree, next_tvb,
+ next_tvb, hdr->drep, di, NULL);
} else {
/* PDU is fragmented and this isn't the first fragment */
if (dcerpc_tree) {
if (length > 0) {
tvb_ensure_bytes_exist(tvb, offset, stub_length);
- proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length,
- "Fragment data (%d byte%s)",
- stub_length,
- plurality(stub_length, "", "s"));
+ proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length,
+ "Fragment data (%d byte%s)",
+ stub_length,
+ plurality(stub_length, "", "s"));
}
}
}
@@ -4900,9 +4913,9 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
if (dcerpc_tree) {
if (length > 0) {
tvb_ensure_bytes_exist(tvb, offset, stub_length);
- proto_tree_add_text (dcerpc_tree, tvb, offset, stub_length,
- "Fragment data (%d byte%s)", stub_length,
- plurality(stub_length, "", "s"));
+ proto_tree_add_text(dcerpc_tree, tvb, offset, stub_length,
+ "Fragment data (%d byte%s)", stub_length,
+ plurality(stub_length, "", "s"));
}
}
@@ -4912,7 +4925,7 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
!(hdr->flags1 & PFCL1_LASTFRAG));
if (fd_head != NULL) {
/* We completed reassembly... */
- if(pinfo->fd->num==fd_head->reassembled_in) {
+ if (pinfo->fd->num == fd_head->reassembled_in) {
/* ...and this is the reassembled RPC PDU */
next_tvb = tvb_new_child_real_data(tvb, fd_head->data, fd_head->len, fd_head->len);
add_new_data_source(pinfo, next_tvb, "Reassembled DCE/RPC");
@@ -4923,15 +4936,15 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
* XXX - authentication info?
*/
pinfo->fragmented = FALSE;
- dcerpc_try_handoff (pinfo, tree, dcerpc_tree, next_tvb,
- next_tvb, hdr->drep, di, NULL);
+ dcerpc_try_handoff(pinfo, tree, dcerpc_tree, next_tvb,
+ next_tvb, hdr->drep, di, NULL);
} else {
/* ...and this isn't the reassembled RPC PDU */
pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_reassembled_in,
tvb, 0, 0, fd_head->reassembled_in);
PROTO_ITEM_SET_GENERATED(pi);
parent_pi = proto_tree_get_parent(dcerpc_tree);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Reas: #%u]", fd_head->reassembled_in);
}
col_append_fstr(pinfo->cinfo, COL_INFO,
@@ -4943,52 +4956,52 @@ dissect_dcerpc_dg_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
}
static void
-dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, proto_tree *tree,
- e_dce_dg_common_hdr_t *hdr, conversation_t *conv)
+dissect_dcerpc_dg_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, proto_tree *tree,
+ e_dce_dg_common_hdr_t *hdr, conversation_t *conv)
{
- dcerpc_info *di;
- dcerpc_call_value *value, v;
- dcerpc_matched_key matched_key, *new_matched_key;
- proto_item *pi;
- proto_item *parent_pi;
-
- di=get_next_di();
- if(!(pinfo->fd->flags.visited)){
+ dcerpc_info *di;
+ dcerpc_call_value *value, v;
+ dcerpc_matched_key matched_key, *new_matched_key;
+ proto_item *pi;
+ proto_item *parent_pi;
+
+ di = get_next_di();
+ if (!(pinfo->fd->flags.visited)) {
dcerpc_call_value *call_value;
dcerpc_dg_call_key *call_key;
- call_key=se_alloc (sizeof (dcerpc_dg_call_key));
- call_key->conv=conv;
- call_key->seqnum=hdr->seqnum;
- call_key->act_id=hdr->act_id;
+ call_key = se_alloc(sizeof (dcerpc_dg_call_key));
+ call_key->conv = conv;
+ call_key->seqnum = hdr->seqnum;
+ call_key->act_id = hdr->act_id;
- call_value=se_alloc (sizeof (dcerpc_call_value));
+ call_value = se_alloc(sizeof (dcerpc_call_value));
call_value->uuid = hdr->if_id;
call_value->ver = hdr->if_ver;
call_value->object_uuid = hdr->obj_id;
call_value->opnum = hdr->opnum;
- call_value->req_frame=pinfo->fd->num;
- call_value->req_time=pinfo->fd->abs_ts;
- call_value->rep_frame=0;
- call_value->max_ptr=0;
+ call_value->req_frame = pinfo->fd->num;
+ call_value->req_time = pinfo->fd->abs_ts;
+ call_value->rep_frame = 0;
+ call_value->max_ptr = 0;
call_value->se_data = NULL;
call_value->private_data = NULL;
call_value->pol = NULL;
/* NDR64 is not available on dg transports ?*/
call_value->flags = 0;
- g_hash_table_insert (dcerpc_dg_calls, call_key, call_value);
+ g_hash_table_insert(dcerpc_dg_calls, call_key, call_value);
- new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
+ new_matched_key = se_alloc(sizeof(dcerpc_matched_key));
new_matched_key->frame = pinfo->fd->num;
new_matched_key->call_id = hdr->seqnum;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
+ g_hash_table_insert(dcerpc_matched, new_matched_key, call_value);
}
matched_key.frame = pinfo->fd->num;
matched_key.call_id = hdr->seqnum;
- value=g_hash_table_lookup(dcerpc_matched, &matched_key);
+ value = g_hash_table_lookup(dcerpc_matched, &matched_key);
if (!value) {
v.uuid = hdr->if_id;
v.ver = hdr->if_ver;
@@ -4997,8 +5010,8 @@ dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo,
v.req_frame = pinfo->fd->num;
v.rep_frame = 0;
v.max_ptr = 0;
- v.se_data=NULL;
- v.private_data=NULL;
+ v.se_data = NULL;
+ v.private_data = NULL;
value = &v;
}
@@ -5008,61 +5021,61 @@ dissect_dcerpc_dg_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo,
di->ptype = PDU_REQ;
di->call_data = value;
- if(value->rep_frame!=0){
+ if (value->rep_frame != 0) {
pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_response_in,
tvb, 0, 0, value->rep_frame);
PROTO_ITEM_SET_GENERATED(pi);
parent_pi = proto_tree_get_parent(dcerpc_tree);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Resp: #%u]", value->rep_frame);
}
}
- dissect_dcerpc_dg_stub (tvb, offset, pinfo, dcerpc_tree, tree, hdr, di);
+ dissect_dcerpc_dg_stub(tvb, offset, pinfo, dcerpc_tree, tree, hdr, di);
}
static void
-dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree, proto_tree *tree,
- e_dce_dg_common_hdr_t *hdr, conversation_t *conv)
+dissect_dcerpc_dg_resp(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree, proto_tree *tree,
+ e_dce_dg_common_hdr_t *hdr, conversation_t *conv)
{
- dcerpc_info *di;
- dcerpc_call_value *value, v;
- dcerpc_matched_key matched_key, *new_matched_key;
- proto_item *pi;
- proto_item *parent_pi;
-
- di=get_next_di();
- if(!(pinfo->fd->flags.visited)){
+ dcerpc_info *di;
+ dcerpc_call_value *value, v;
+ dcerpc_matched_key matched_key, *new_matched_key;
+ proto_item *pi;
+ proto_item *parent_pi;
+
+ di = get_next_di();
+ if (!(pinfo->fd->flags.visited)) {
dcerpc_call_value *call_value;
dcerpc_dg_call_key call_key;
- call_key.conv=conv;
- call_key.seqnum=hdr->seqnum;
- call_key.act_id=hdr->act_id;
+ call_key.conv = conv;
+ call_key.seqnum = hdr->seqnum;
+ call_key.act_id = hdr->act_id;
- if((call_value=g_hash_table_lookup(dcerpc_dg_calls, &call_key))){
+ if ((call_value = g_hash_table_lookup(dcerpc_dg_calls, &call_key))) {
new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
new_matched_key->frame = pinfo->fd->num;
new_matched_key->call_id = hdr->seqnum;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
- if(call_value->rep_frame==0){
- call_value->rep_frame=pinfo->fd->num;
+ g_hash_table_insert(dcerpc_matched, new_matched_key, call_value);
+ if (call_value->rep_frame == 0) {
+ call_value->rep_frame = pinfo->fd->num;
}
}
}
matched_key.frame = pinfo->fd->num;
matched_key.call_id = hdr->seqnum;
- value=g_hash_table_lookup(dcerpc_matched, &matched_key);
+ value = g_hash_table_lookup(dcerpc_matched, &matched_key);
if (!value) {
v.uuid = hdr->if_id;
v.ver = hdr->if_ver;
v.object_uuid = hdr->obj_id;
v.opnum = hdr->opnum;
- v.req_frame=0;
- v.rep_frame=pinfo->fd->num;
- v.se_data=NULL;
- v.private_data=NULL;
+ v.req_frame = 0;
+ v.rep_frame = pinfo->fd->num;
+ v.se_data = NULL;
+ v.private_data = NULL;
value = &v;
}
@@ -5072,13 +5085,13 @@ dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo,
di->ptype = PDU_RESP;
di->call_data = value;
- if(value->req_frame!=0){
+ if (value->req_frame != 0) {
nstime_t delta_ts;
pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_request_in,
tvb, 0, 0, value->req_frame);
PROTO_ITEM_SET_GENERATED(pi);
parent_pi = proto_tree_get_parent(dcerpc_tree);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Req: #%u]", value->req_frame);
}
nstime_delta(&delta_ts, &pinfo->fd->abs_ts, &value->req_time);
@@ -5090,24 +5103,24 @@ dissect_dcerpc_dg_resp (tvbuff_t *tvb, int offset, packet_info *pinfo,
expert_add_info_format(pinfo, pi, PI_SEQUENCE, PI_NOTE,
"No request to this DCE/RPC call found");
}
- dissect_dcerpc_dg_stub (tvb, offset, pinfo, dcerpc_tree, tree, hdr, di);
+ dissect_dcerpc_dg_stub(tvb, offset, pinfo, dcerpc_tree, tree, hdr, di);
}
static void
-dissect_dcerpc_dg_ping_ack (tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *dcerpc_tree,
- e_dce_dg_common_hdr_t *hdr, conversation_t *conv)
+dissect_dcerpc_dg_ping_ack(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *dcerpc_tree,
+ e_dce_dg_common_hdr_t *hdr, conversation_t *conv)
{
- proto_item *parent_pi;
-/* if(!(pinfo->fd->flags.visited)){*/
- dcerpc_call_value *call_value;
- dcerpc_dg_call_key call_key;
+ proto_item *parent_pi;
+/* if (!(pinfo->fd->flags.visited)) {*/
+ dcerpc_call_value *call_value;
+ dcerpc_dg_call_key call_key;
- call_key.conv=conv;
- call_key.seqnum=hdr->seqnum;
- call_key.act_id=hdr->act_id;
+ call_key.conv = conv;
+ call_key.seqnum = hdr->seqnum;
+ call_key.act_id = hdr->act_id;
- if((call_value=g_hash_table_lookup(dcerpc_dg_calls, &call_key))){
+ if ((call_value = g_hash_table_lookup(dcerpc_dg_calls, &call_key))) {
proto_item *pi;
nstime_t delta_ts;
@@ -5115,7 +5128,7 @@ dissect_dcerpc_dg_ping_ack (tvbuff_t *tvb, int offset, packet_info *pinfo,
tvb, 0, 0, call_value->req_frame);
PROTO_ITEM_SET_GENERATED(pi);
parent_pi = proto_tree_get_parent(dcerpc_tree);
- if(parent_pi != NULL) {
+ if (parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Req: #%u]", call_value->req_frame);
}
@@ -5132,88 +5145,88 @@ dissect_dcerpc_dg_ping_ack (tvbuff_t *tvb, int offset, packet_info *pinfo,
* DCERPC dissector for connectionless calls
*/
static gboolean
-dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+dissect_dcerpc_dg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- proto_item *ti = NULL;
- proto_item *tf = NULL;
- proto_tree *dcerpc_tree = NULL;
- proto_tree *dg_flags1_tree = NULL;
- proto_tree *dg_flags2_tree = NULL;
- proto_tree *drep_tree = NULL;
- e_dce_dg_common_hdr_t hdr;
- int offset = 0;
- conversation_t *conv;
- int auth_level;
- char *uuid_str;
- const char *uuid_name = NULL;
+ proto_item *ti = NULL;
+ proto_item *tf = NULL;
+ proto_tree *dcerpc_tree = NULL;
+ proto_tree *dg_flags1_tree = NULL;
+ proto_tree *dg_flags2_tree = NULL;
+ proto_tree *drep_tree = NULL;
+ e_dce_dg_common_hdr_t hdr;
+ int offset = 0;
+ conversation_t *conv;
+ int auth_level;
+ char *uuid_str;
+ const char *uuid_name = NULL;
/*
* Check if this looks like a CL DCERPC call. All dg packets
* have an 80 byte header on them. Which starts with
* version (4), pkt_type.
*/
- if (tvb_length (tvb) < sizeof (hdr)) {
+ if (tvb_length(tvb) < sizeof (hdr)) {
return FALSE;
}
/* Version must be 4 */
- hdr.rpc_ver = tvb_get_guint8 (tvb, offset++);
+ hdr.rpc_ver = tvb_get_guint8(tvb, offset++);
if (hdr.rpc_ver != 4)
return FALSE;
- /* Type must be <=19 or its not DCE/RPC */
- hdr.ptype = tvb_get_guint8 (tvb, offset++);
+ /* Type must be <= 19 or its not DCE/RPC */
+ hdr.ptype = tvb_get_guint8(tvb, offset++);
if (hdr.ptype > 19)
return FALSE;
/* flags1 has bit 1 and 8 as reserved so if any of them are set, it is
probably not a DCE/RPC packet
*/
- hdr.flags1 = tvb_get_guint8 (tvb, offset++);
- if(hdr.flags1&0x81)
+ hdr.flags1 = tvb_get_guint8(tvb, offset++);
+ if (hdr.flags1&0x81)
return FALSE;
/* flags2 has all bits except bit 2 as reserved so if any of them are set
it is probably not DCE/RPC.
*/
- hdr.flags2 = tvb_get_guint8 (tvb, offset++);
- if(hdr.flags2&0xfd)
+ hdr.flags2 = tvb_get_guint8(tvb, offset++);
+ if (hdr.flags2&0xfd)
return FALSE;
- col_set_str (pinfo->cinfo, COL_PROTOCOL, "DCERPC");
- col_add_str (pinfo->cinfo, COL_INFO, pckt_vals[hdr.ptype].strptr);
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "DCERPC");
+ col_add_str(pinfo->cinfo, COL_INFO, pckt_vals[hdr.ptype].strptr);
- tvb_memcpy (tvb, (guint8 *)hdr.drep, offset, sizeof (hdr.drep));
+ tvb_memcpy(tvb, (guint8 *)hdr.drep, offset, sizeof (hdr.drep));
offset += sizeof (hdr.drep);
- hdr.serial_hi = tvb_get_guint8 (tvb, offset++);
- dcerpc_tvb_get_uuid (tvb, offset, hdr.drep, &hdr.obj_id);
+ hdr.serial_hi = tvb_get_guint8(tvb, offset++);
+ dcerpc_tvb_get_uuid(tvb, offset, hdr.drep, &hdr.obj_id);
offset += 16;
- dcerpc_tvb_get_uuid (tvb, offset, hdr.drep, &hdr.if_id);
+ dcerpc_tvb_get_uuid(tvb, offset, hdr.drep, &hdr.if_id);
offset += 16;
- dcerpc_tvb_get_uuid (tvb, offset, hdr.drep, &hdr.act_id);
+ dcerpc_tvb_get_uuid(tvb, offset, hdr.drep, &hdr.act_id);
offset += 16;
- hdr.server_boot = dcerpc_tvb_get_ntohl (tvb, offset, hdr.drep);
+ hdr.server_boot = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep);
offset += 4;
- hdr.if_ver = dcerpc_tvb_get_ntohl (tvb, offset, hdr.drep);
+ hdr.if_ver = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep);
offset += 4;
- hdr.seqnum = dcerpc_tvb_get_ntohl (tvb, offset, hdr.drep);
+ hdr.seqnum = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep);
offset += 4;
- hdr.opnum = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep);
+ hdr.opnum = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep);
offset += 2;
- hdr.ihint = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep);
+ hdr.ihint = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep);
offset += 2;
- hdr.ahint = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep);
+ hdr.ahint = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep);
offset += 2;
- hdr.frag_len = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep);
+ hdr.frag_len = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep);
offset += 2;
- hdr.frag_num = dcerpc_tvb_get_ntohs (tvb, offset, hdr.drep);
+ hdr.frag_num = dcerpc_tvb_get_ntohs(tvb, offset, hdr.drep);
offset += 2;
- hdr.auth_proto = tvb_get_guint8 (tvb, offset++);
- hdr.serial_lo = tvb_get_guint8 (tvb, offset++);
+ hdr.auth_proto = tvb_get_guint8(tvb, offset++);
+ hdr.serial_lo = tvb_get_guint8(tvb, offset++);
if (tree) {
- ti = proto_tree_add_item (tree, proto_dcerpc, tvb, 0, -1, ENC_NA);
+ ti = proto_tree_add_item(tree, proto_dcerpc, tvb, 0, -1, ENC_NA);
if (ti) {
dcerpc_tree = proto_item_add_subtree(ti, ett_dcerpc);
proto_item_append_text(ti, " %s, Seq: %u, Serial: %u, Frag: %u, FragLen: %u",
@@ -5225,26 +5238,26 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
offset = 0;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_ver, tvb, offset, 1, hdr.rpc_ver);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_ver, tvb, offset, 1, hdr.rpc_ver);
offset++;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_packet_type, tvb, offset, 1, hdr.ptype);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_packet_type, tvb, offset, 1, hdr.ptype);
offset++;
if (tree) {
- tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_flags1, tvb, offset, 1, hdr.flags1);
- dg_flags1_tree = proto_item_add_subtree (tf, ett_dcerpc_dg_flags1);
+ tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_flags1, tvb, offset, 1, hdr.flags1);
+ dg_flags1_tree = proto_item_add_subtree(tf, ett_dcerpc_dg_flags1);
if (dg_flags1_tree) {
- proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_rsrvd_80, tvb, offset, 1, hdr.flags1);
- proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_broadcast, tvb, offset, 1, hdr.flags1);
- proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_idempotent, tvb, offset, 1, hdr.flags1);
- proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_maybe, tvb, offset, 1, hdr.flags1);
- proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_nofack, tvb, offset, 1, hdr.flags1);
- proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_frag, tvb, offset, 1, hdr.flags1);
- proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_last_frag, tvb, offset, 1, hdr.flags1);
- proto_tree_add_boolean (dg_flags1_tree, hf_dcerpc_dg_flags1_rsrvd_01, tvb, offset, 1, hdr.flags1);
- if(hdr.flags1) {
+ proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_rsrvd_80, tvb, offset, 1, hdr.flags1);
+ proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_broadcast, tvb, offset, 1, hdr.flags1);
+ proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_idempotent, tvb, offset, 1, hdr.flags1);
+ proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_maybe, tvb, offset, 1, hdr.flags1);
+ proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_nofack, tvb, offset, 1, hdr.flags1);
+ proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_frag, tvb, offset, 1, hdr.flags1);
+ proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_last_frag, tvb, offset, 1, hdr.flags1);
+ proto_tree_add_boolean(dg_flags1_tree, hf_dcerpc_dg_flags1_rsrvd_01, tvb, offset, 1, hdr.flags1);
+ if (hdr.flags1) {
proto_item_append_text(tf, " %s%s%s%s%s%s",
(hdr.flags1 & PFCL1_BROADCAST) ? "\"Broadcast\" " : "",
(hdr.flags1 & PFCL1_IDEMPOTENT) ? "\"Idempotent\" " : "",
@@ -5258,18 +5271,18 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
offset++;
if (tree) {
- tf = proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_flags2, tvb, offset, 1, hdr.flags2);
- dg_flags2_tree = proto_item_add_subtree (tf, ett_dcerpc_dg_flags2);
+ tf = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_flags2, tvb, offset, 1, hdr.flags2);
+ dg_flags2_tree = proto_item_add_subtree(tf, ett_dcerpc_dg_flags2);
if (dg_flags2_tree) {
- proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_80, tvb, offset, 1, hdr.flags2);
- proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_40, tvb, offset, 1, hdr.flags2);
- proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_20, tvb, offset, 1, hdr.flags2);
- proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_10, tvb, offset, 1, hdr.flags2);
- proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_08, tvb, offset, 1, hdr.flags2);
- proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_04, tvb, offset, 1, hdr.flags2);
- proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_cancel_pending, tvb, offset, 1, hdr.flags2);
- proto_tree_add_boolean (dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_01, tvb, offset, 1, hdr.flags2);
- if(hdr.flags2) {
+ proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_80, tvb, offset, 1, hdr.flags2);
+ proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_40, tvb, offset, 1, hdr.flags2);
+ proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_20, tvb, offset, 1, hdr.flags2);
+ proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_10, tvb, offset, 1, hdr.flags2);
+ proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_08, tvb, offset, 1, hdr.flags2);
+ proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_04, tvb, offset, 1, hdr.flags2);
+ proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_cancel_pending, tvb, offset, 1, hdr.flags2);
+ proto_tree_add_boolean(dg_flags2_tree, hf_dcerpc_dg_flags2_rsrvd_01, tvb, offset, 1, hdr.flags2);
+ if (hdr.flags2) {
proto_item_append_text(tf, " %s",
(hdr.flags2 & PFCL2_CANCEL_PENDING) ? "\"Cancel Pending\" " : "");
}
@@ -5278,48 +5291,48 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
offset++;
if (tree) {
- tf = proto_tree_add_bytes (dcerpc_tree, hf_dcerpc_drep, tvb, offset, sizeof (hdr.drep), hdr.drep);
- drep_tree = proto_item_add_subtree (tf, ett_dcerpc_drep);
+ tf = proto_tree_add_bytes(dcerpc_tree, hf_dcerpc_drep, tvb, offset, sizeof (hdr.drep), hdr.drep);
+ drep_tree = proto_item_add_subtree(tf, ett_dcerpc_drep);
if (drep_tree) {
proto_tree_add_uint(drep_tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, hdr.drep[0] >> 4);
proto_tree_add_uint(drep_tree, hf_dcerpc_drep_character, tvb, offset, 1, hdr.drep[0] & 0x0f);
proto_tree_add_uint(drep_tree, hf_dcerpc_drep_fp, tvb, offset+1, 1, hdr.drep[1]);
proto_item_append_text(tf, " (Order: %s, Char: %s, Float: %s)",
- val_to_str(hdr.drep[0] >> 4, drep_byteorder_vals, "Unknown"),
- val_to_str(hdr.drep[0] & 0x0f, drep_character_vals, "Unknown"),
- val_to_str(hdr.drep[1], drep_fp_vals, "Unknown"));
+ val_to_str_const(hdr.drep[0] >> 4, drep_byteorder_vals, "Unknown"),
+ val_to_str_const(hdr.drep[0] & 0x0f, drep_character_vals, "Unknown"),
+ val_to_str_const(hdr.drep[1], drep_fp_vals, "Unknown"));
}
}
offset += sizeof (hdr.drep);
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_serial_hi, tvb, offset, 1, hdr.serial_hi);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_serial_hi, tvb, offset, 1, hdr.serial_hi);
offset++;
if (tree) {
- proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s",
- guid_to_str((e_guid_t *) &hdr.obj_id));
+ proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_obj_id, tvb,
+ offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &hdr.obj_id));
}
offset += 16;
if (tree) {
uuid_str = guid_to_str((e_guid_t*)&hdr.if_id);
uuid_name = guids_get_uuid_name(&hdr.if_id);
- if(uuid_name) {
- proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
- offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
+ if (uuid_name) {
+ proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
+ offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
} else {
- proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
- offset, 16, (e_guid_t *) &hdr.if_id, "Interface UUID: %s", uuid_str);
+ proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
+ offset, 16, (e_guid_t *) &hdr.if_id, "Interface UUID: %s", uuid_str);
}
}
offset += 16;
if (tree) {
- proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
- offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s",
- guid_to_str((e_guid_t *) &hdr.act_id));
+ proto_tree_add_guid_format(dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
+ offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s",
+ guid_to_str((e_guid_t *) &hdr.act_id));
}
offset += 16;
@@ -5330,60 +5343,60 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
server_boot.nsecs = 0;
if (hdr.server_boot == 0)
- proto_tree_add_time_format (dcerpc_tree, hf_dcerpc_dg_server_boot,
- tvb, offset, 4, &server_boot,
- "Server boot time: Unknown (0)");
+ proto_tree_add_time_format(dcerpc_tree, hf_dcerpc_dg_server_boot,
+ tvb, offset, 4, &server_boot,
+ "Server boot time: Unknown (0)");
else
- proto_tree_add_time (dcerpc_tree, hf_dcerpc_dg_server_boot,
- tvb, offset, 4, &server_boot);
+ proto_tree_add_time(dcerpc_tree, hf_dcerpc_dg_server_boot,
+ tvb, offset, 4, &server_boot);
}
offset += 4;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_if_ver, tvb, offset, 4, hdr.if_ver);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_if_ver, tvb, offset, 4, hdr.if_ver);
offset += 4;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_seqnum, tvb, offset, 4, hdr.seqnum);
- col_append_fstr (pinfo->cinfo, COL_INFO, ": seq: %u", hdr.seqnum);
- col_append_fstr (pinfo->cinfo, COL_DCE_CALL, "%u", hdr.seqnum);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_seqnum, tvb, offset, 4, hdr.seqnum);
+ col_append_fstr(pinfo->cinfo, COL_INFO, ": seq: %u", hdr.seqnum);
+ col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "%u", hdr.seqnum);
offset += 4;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, offset, 2, hdr.opnum);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_opnum, tvb, offset, 2, hdr.opnum);
offset += 2;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_ihint, tvb, offset, 2, hdr.ihint);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_ihint, tvb, offset, 2, hdr.ihint);
offset += 2;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_ahint, tvb, offset, 2, hdr.ahint);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_ahint, tvb, offset, 2, hdr.ahint);
offset += 2;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_frag_len, tvb, offset, 2, hdr.frag_len);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_frag_len, tvb, offset, 2, hdr.frag_len);
offset += 2;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_frag_num, tvb, offset, 2, hdr.frag_num);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_frag_num, tvb, offset, 2, hdr.frag_num);
if (hdr.flags1 & PFCL1_FRAG) {
/* Fragmented - put the fragment number into the Info column */
- col_append_fstr (pinfo->cinfo, COL_INFO, " frag: %u",
+ col_append_fstr(pinfo->cinfo, COL_INFO, " frag: %u",
hdr.frag_num);
}
offset += 2;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_auth_proto, tvb, offset, 1, hdr.auth_proto);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_auth_proto, tvb, offset, 1, hdr.auth_proto);
offset++;
if (tree)
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_serial_lo, tvb, offset, 1, hdr.serial_lo);
+ proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_serial_lo, tvb, offset, 1, hdr.serial_lo);
if (hdr.flags1 & PFCL1_FRAG) {
/* Fragmented - put the serial number into the Info column */
- col_append_fstr (pinfo->cinfo, COL_INFO, " serial: %u",
- (hdr.serial_hi << 8) | hdr.serial_lo);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " serial: %u",
+ (hdr.serial_hi << 8) | hdr.serial_lo);
}
offset++;
@@ -5393,8 +5406,8 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
* DCE_C_AUTHN_LEVEL_PKT_PRIVACY, we can't dissect the
* stub data.
*/
- dissect_dcerpc_dg_auth (tvb, offset, dcerpc_tree, &hdr,
- &auth_level);
+ dissect_dcerpc_dg_auth(tvb, offset, dcerpc_tree, &hdr,
+ &auth_level);
}
/*
@@ -5420,7 +5433,7 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/* Body is optional */
/* XXX - we assume "frag_len" is the length of the body */
if (hdr.frag_len != 0)
- dissect_dcerpc_dg_cancel_ack (tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_dg_cancel_ack(tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_CL_CANCEL:
@@ -5431,40 +5444,40 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
*/
/* XXX - we assume "frag_len" is the length of the body */
if (hdr.frag_len != 0)
- dissect_dcerpc_dg_cancel (tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_dg_cancel(tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_NOCALL:
/* Body is optional; if present, it's the same as PDU_FACK */
/* XXX - we assume "frag_len" is the length of the body */
if (hdr.frag_len != 0)
- dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_dg_fack(tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_FACK:
/* Body is optional */
/* XXX - we assume "frag_len" is the length of the body */
if (hdr.frag_len != 0)
- dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_dg_fack(tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_REJECT:
case PDU_FAULT:
- dissect_dcerpc_dg_reject_fault (tvb, offset, pinfo, dcerpc_tree, &hdr);
+ dissect_dcerpc_dg_reject_fault(tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_REQ:
- dissect_dcerpc_dg_rqst (tvb, offset, pinfo, dcerpc_tree, tree, &hdr, conv);
+ dissect_dcerpc_dg_rqst(tvb, offset, pinfo, dcerpc_tree, tree, &hdr, conv);
break;
case PDU_RESP:
- dissect_dcerpc_dg_resp (tvb, offset, pinfo, dcerpc_tree, tree, &hdr, conv);
+ dissect_dcerpc_dg_resp(tvb, offset, pinfo, dcerpc_tree, tree, &hdr, conv);
break;
/* these requests have no body */
case PDU_ACK:
case PDU_PING:
- dissect_dcerpc_dg_ping_ack (tvb, offset, pinfo, dcerpc_tree, &hdr, conv);
+ dissect_dcerpc_dg_ping_ack(tvb, offset, pinfo, dcerpc_tree, &hdr, conv);
break;
case PDU_WORKING:
default:
@@ -5475,39 +5488,39 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
}
static void
-dcerpc_init_protocol (void)
+dcerpc_init_protocol(void)
{
/* structures and data for BIND */
- if (dcerpc_binds){
- g_hash_table_destroy (dcerpc_binds);
- dcerpc_binds=NULL;
+ if (dcerpc_binds) {
+ g_hash_table_destroy(dcerpc_binds);
+ dcerpc_binds = NULL;
}
- if(!dcerpc_binds){
- dcerpc_binds = g_hash_table_new (dcerpc_bind_hash, dcerpc_bind_equal);
+ if (!dcerpc_binds) {
+ dcerpc_binds = g_hash_table_new(dcerpc_bind_hash, dcerpc_bind_equal);
}
/* structures and data for CALL */
- if (dcerpc_cn_calls){
- g_hash_table_destroy (dcerpc_cn_calls);
+ if (dcerpc_cn_calls) {
+ g_hash_table_destroy(dcerpc_cn_calls);
}
- dcerpc_cn_calls = g_hash_table_new (dcerpc_cn_call_hash, dcerpc_cn_call_equal);
- if (dcerpc_dg_calls){
- g_hash_table_destroy (dcerpc_dg_calls);
+ dcerpc_cn_calls = g_hash_table_new(dcerpc_cn_call_hash, dcerpc_cn_call_equal);
+ if (dcerpc_dg_calls) {
+ g_hash_table_destroy(dcerpc_dg_calls);
}
- dcerpc_dg_calls = g_hash_table_new (dcerpc_dg_call_hash, dcerpc_dg_call_equal);
+ dcerpc_dg_calls = g_hash_table_new(dcerpc_dg_call_hash, dcerpc_dg_call_equal);
/* structure and data for MATCHED */
- if (dcerpc_matched){
- g_hash_table_destroy (dcerpc_matched);
+ if (dcerpc_matched) {
+ g_hash_table_destroy(dcerpc_matched);
}
- dcerpc_matched = g_hash_table_new (dcerpc_matched_hash, dcerpc_matched_equal);
+ dcerpc_matched = g_hash_table_new(dcerpc_matched_hash, dcerpc_matched_equal);
/* call the registered hooks */
g_hook_list_invoke(&dcerpc_hooks_init_protos, FALSE /* not may_recurse */);
}
void
-proto_register_dcerpc (void)
+proto_register_dcerpc(void)
{
static hf_register_info hf[] = {
{ &hf_dcerpc_request_in,
@@ -5524,33 +5537,33 @@ proto_register_dcerpc (void)
{ &hf_dcerpc_ver_minor,
{ "Version (minor)", "dcerpc.ver_minor", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_packet_type,
- { "Packet type", "dcerpc.pkt_type", FT_UINT8, BASE_DEC, VALS (pckt_vals), 0x0, NULL, HFILL }},
+ { "Packet type", "dcerpc.pkt_type", FT_UINT8, BASE_DEC, VALS(pckt_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_flags,
{ "Packet Flags", "dcerpc.cn_flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_first_frag,
- { "First Frag", "dcerpc.cn_flags.first_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_FIRST_FRAG, NULL, HFILL }},
+ { "First Frag", "dcerpc.cn_flags.first_frag", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_FIRST_FRAG, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_last_frag,
- { "Last Frag", "dcerpc.cn_flags.last_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_LAST_FRAG, NULL, HFILL }},
+ { "Last Frag", "dcerpc.cn_flags.last_frag", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_LAST_FRAG, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_cancel_pending,
- { "Cancel Pending", "dcerpc.cn_flags.cancel_pending", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_PENDING_CANCEL, NULL, HFILL }},
+ { "Cancel Pending", "dcerpc.cn_flags.cancel_pending", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_PENDING_CANCEL, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_reserved,
- { "Reserved", "dcerpc.cn_flags.reserved", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_RESERVED_1, NULL, HFILL }},
+ { "Reserved", "dcerpc.cn_flags.reserved", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_RESERVED_1, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_mpx,
- { "Multiplex", "dcerpc.cn_flags.mpx", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_CONC_MPX, NULL, HFILL }},
+ { "Multiplex", "dcerpc.cn_flags.mpx", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_CONC_MPX, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_dne,
- { "Did Not Execute", "dcerpc.cn_flags.dne", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_DID_NOT_EXECUTE, NULL, HFILL }},
+ { "Did Not Execute", "dcerpc.cn_flags.dne", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_DID_NOT_EXECUTE, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_maybe,
- { "Maybe", "dcerpc.cn_flags.maybe", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_MAYBE, NULL, HFILL }},
+ { "Maybe", "dcerpc.cn_flags.maybe", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_MAYBE, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_object,
- { "Object", "dcerpc.cn_flags.object", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_OBJECT_UUID, NULL, HFILL }},
+ { "Object", "dcerpc.cn_flags.object", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFC_OBJECT_UUID, NULL, HFILL }},
{ &hf_dcerpc_drep,
{ "Data Representation", "dcerpc.drep", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_drep_byteorder,
- { "Byte order", "dcerpc.drep.byteorder", FT_UINT8, BASE_DEC, VALS (drep_byteorder_vals), 0x0, NULL, HFILL }},
+ { "Byte order", "dcerpc.drep.byteorder", FT_UINT8, BASE_DEC, VALS(drep_byteorder_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_drep_character,
- { "Character", "dcerpc.drep.character", FT_UINT8, BASE_DEC, VALS (drep_character_vals), 0x0, NULL, HFILL }},
+ { "Character", "dcerpc.drep.character", FT_UINT8, BASE_DEC, VALS(drep_character_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_drep_fp,
- { "Floating-point", "dcerpc.drep.fp", FT_UINT8, BASE_DEC, VALS (drep_fp_vals), 0x0, NULL, HFILL }},
+ { "Floating-point", "dcerpc.drep.fp", FT_UINT8, BASE_DEC, VALS(drep_fp_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_frag_len,
{ "Frag Length", "dcerpc.cn_frag_len", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_auth_len,
@@ -5616,9 +5629,9 @@ proto_register_dcerpc (void)
{ &hf_dcerpc_cn_deseg_req,
{ "Desegmentation Required", "dcerpc.cn_deseg_req", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_type,
- { "Auth type", "dcerpc.auth_type", FT_UINT8, BASE_DEC, VALS (authn_protocol_vals), 0x0, NULL, HFILL }},
+ { "Auth type", "dcerpc.auth_type", FT_UINT8, BASE_DEC, VALS(authn_protocol_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_level,
- { "Auth level", "dcerpc.auth_level", FT_UINT8, BASE_DEC, VALS (authn_level_vals), 0x0, NULL, HFILL }},
+ { "Auth level", "dcerpc.auth_level", FT_UINT8, BASE_DEC, VALS(authn_level_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_pad_len,
{ "Auth pad len", "dcerpc.auth_pad_len", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_rsrvd,
@@ -5628,39 +5641,39 @@ proto_register_dcerpc (void)
{ &hf_dcerpc_dg_flags1,
{ "Flags1", "dcerpc.dg_flags1", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_rsrvd_01,
- { "Reserved", "dcerpc.dg_flags1_rsrvd_01", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_RESERVED_01, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags1_rsrvd_01", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_RESERVED_01, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_last_frag,
- { "Last Fragment", "dcerpc.dg_flags1_last_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_LASTFRAG, NULL, HFILL }},
+ { "Last Fragment", "dcerpc.dg_flags1_last_frag", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_LASTFRAG, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_frag,
- { "Fragment", "dcerpc.dg_flags1_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_FRAG, NULL, HFILL }},
+ { "Fragment", "dcerpc.dg_flags1_frag", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_FRAG, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_nofack,
- { "No Fack", "dcerpc.dg_flags1_nofack", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_NOFACK, NULL, HFILL }},
+ { "No Fack", "dcerpc.dg_flags1_nofack", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_NOFACK, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_maybe,
- { "Maybe", "dcerpc.dg_flags1_maybe", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_MAYBE, NULL, HFILL }},
+ { "Maybe", "dcerpc.dg_flags1_maybe", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_MAYBE, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_idempotent,
- { "Idempotent", "dcerpc.dg_flags1_idempotent", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_IDEMPOTENT, NULL, HFILL }},
+ { "Idempotent", "dcerpc.dg_flags1_idempotent", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_IDEMPOTENT, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_broadcast,
- { "Broadcast", "dcerpc.dg_flags1_broadcast", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_BROADCAST, NULL, HFILL }},
+ { "Broadcast", "dcerpc.dg_flags1_broadcast", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_BROADCAST, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_rsrvd_80,
- { "Reserved", "dcerpc.dg_flags1_rsrvd_80", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_RESERVED_80, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags1_rsrvd_80", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL1_RESERVED_80, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2,
{ "Flags2", "dcerpc.dg_flags2", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_01,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_01", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_01, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_01", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_01, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_cancel_pending,
- { "Cancel Pending", "dcerpc.dg_flags2_cancel_pending", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_CANCEL_PENDING, NULL, HFILL }},
+ { "Cancel Pending", "dcerpc.dg_flags2_cancel_pending", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_CANCEL_PENDING, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_04,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_04", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_04, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_04", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_04, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_08,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_08", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_08, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_08", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_08, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_10,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_10", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_10, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_10", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_10, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_20,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_20", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_20, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_20", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_20, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_40,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_40", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_40, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_40", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_40, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_80,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_80", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_80, NULL, HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_80", FT_BOOLEAN, 8, TFS(&tfs_set_notset), PFCL2_RESERVED_80, NULL, HFILL }},
{ &hf_dcerpc_dg_serial_lo,
{ "Serial Low", "dcerpc.dg_serial_lo", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_serial_hi,
@@ -5674,7 +5687,7 @@ proto_register_dcerpc (void)
{ &hf_dcerpc_dg_frag_num,
{ "Fragment num", "dcerpc.dg_frag_num", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_auth_proto,
- { "Auth proto", "dcerpc.dg_auth_proto", FT_UINT8, BASE_DEC, VALS (authn_protocol_vals), 0x0, NULL, HFILL }},
+ { "Auth proto", "dcerpc.dg_auth_proto", FT_UINT8, BASE_DEC, VALS(authn_protocol_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_seqnum,
{ "Sequence num", "dcerpc.dg_seqnum", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_server_boot,
@@ -5862,38 +5875,40 @@ proto_register_dcerpc (void)
};
module_t *dcerpc_module;
- proto_dcerpc = proto_register_protocol ("Distributed Computing Environment / Remote Procedure Call (DCE/RPC)", "DCERPC", "dcerpc");
- proto_register_field_array (proto_dcerpc, hf, array_length (hf));
- proto_register_subtree_array (ett, array_length (ett));
- register_init_routine (dcerpc_init_protocol);
- dcerpc_module = prefs_register_protocol (proto_dcerpc, NULL);
- prefs_register_bool_preference (dcerpc_module,
- "desegment_dcerpc",
- "Reassemble DCE/RPC messages spanning multiple TCP segments",
- "Whether the DCE/RPC dissector should reassemble messages spanning multiple TCP segments."
- " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
- &dcerpc_cn_desegment);
- prefs_register_bool_preference (dcerpc_module,
- "reassemble_dcerpc",
- "Reassemble DCE/RPC fragments",
- "Whether the DCE/RPC dissector should reassemble fragmented DCE/RPC PDUs",
- &dcerpc_reassemble);
+ proto_dcerpc = proto_register_protocol("Distributed Computing Environment / Remote Procedure Call (DCE/RPC)", "DCERPC", "dcerpc");
+ proto_register_field_array(proto_dcerpc, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+ register_init_routine(dcerpc_init_protocol);
+ dcerpc_module = prefs_register_protocol(proto_dcerpc, NULL);
+ prefs_register_bool_preference(dcerpc_module,
+ "desegment_dcerpc",
+ "Reassemble DCE/RPC messages spanning multiple TCP segments",
+ "Whether the DCE/RPC dissector should reassemble messages"
+ " spanning multiple TCP segments."
+ " To use this option, you must also enable"
+ " \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
+ &dcerpc_cn_desegment);
+ prefs_register_bool_preference(dcerpc_module,
+ "reassemble_dcerpc",
+ "Reassemble DCE/RPC fragments",
+ "Whether the DCE/RPC dissector should reassemble fragmented DCE/RPC PDUs",
+ &dcerpc_reassemble);
register_init_routine(dcerpc_reassemble_init);
- dcerpc_uuids = g_hash_table_new (dcerpc_uuid_hash, dcerpc_uuid_equal);
- dcerpc_tap=register_tap("dcerpc");
+ dcerpc_uuids = g_hash_table_new(dcerpc_uuid_hash, dcerpc_uuid_equal);
+ dcerpc_tap = register_tap("dcerpc");
g_hook_list_init(&dcerpc_hooks_init_protos, sizeof(GHook));
}
void
-proto_reg_handoff_dcerpc (void)
+proto_reg_handoff_dcerpc(void)
{
- heur_dissector_add ("tcp", dissect_dcerpc_cn_bs, proto_dcerpc);
- heur_dissector_add ("netbios", dissect_dcerpc_cn_pk, proto_dcerpc);
- heur_dissector_add ("udp", dissect_dcerpc_dg, proto_dcerpc);
- heur_dissector_add ("smb_transact", dissect_dcerpc_cn_smbpipe, proto_dcerpc);
- heur_dissector_add ("smb2_heur_subdissectors", dissect_dcerpc_cn_smb2, proto_dcerpc);
- heur_dissector_add ("http", dissect_dcerpc_cn_bs, proto_dcerpc);
+ heur_dissector_add("tcp", dissect_dcerpc_cn_bs, proto_dcerpc);
+ heur_dissector_add("netbios", dissect_dcerpc_cn_pk, proto_dcerpc);
+ heur_dissector_add("udp", dissect_dcerpc_dg, proto_dcerpc);
+ heur_dissector_add("smb_transact", dissect_dcerpc_cn_smbpipe, proto_dcerpc);
+ heur_dissector_add("smb2_heur_subdissectors", dissect_dcerpc_cn_smb2, proto_dcerpc);
+ heur_dissector_add("http", dissect_dcerpc_cn_bs, proto_dcerpc);
dcerpc_smb_init(proto_dcerpc);
guids_add_uuid(&uuid_data_repr_proto, "32bit NDR");
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-19 15:41:42 +0000