From Eric Wedel: backend things for "Decode As" of DCE-RPC interfaces

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11894 f5534014-38df-0310-8fa8-9805f1628bb7
author: ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7> 2004-09-04 11:35:26 +0000
committer: ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7> 2004-09-04 11:35:26 +0000
commit: 1eb1584d06f00787255cb50043bcc5f84c3b6142 (patch)
tree: 638f9ce56469670151fdc27cb0f321ae7db65a35 /epan
parent: a23539263da9969fda6ec321da6c0363b52bc5e5 (diff)
4 files changed, 84 insertions, 0 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index 19c79fea6a..0cf75db889 100644
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -282,6 +282,7 @@ static const value_string reject_status_vals[] = {
 /* we need to keep track of what transport were used, ie what handle we came
  * in through so we know what kind of pinfo->private_data was passed to us.
  */
+/* Value of -1 is reserved for "not DCE packet" in packet_info.dcetransporttype. */
 #define DCE_TRANSPORT_UNKNOWN		0
 #define DCE_CN_TRANSPORT_SMBPIPE	1
 
@@ -2271,6 +2272,12 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
       offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep,
                                       hf_dcerpc_cn_ctx_id, &ctx_id);
 
+      /* save context ID for use with add_conv_to_dcerpc_bind_table() */
+      /* (if we have multiple contexts, this might cause "decode as"
+       *  to behave unpredictably) */
+      pinfo->dcectxid = ctx_id;
+      pinfo->dcetransporttype = transport_type;
+
       if (dcerpc_tree) {
 	      proto_item *ctx_item;
 
@@ -2799,6 +2806,57 @@ end_cn_stub:
     pinfo->fragmented = save_fragmented;
 }
 
+/**
+ *  Registers a conversation/UUID binding association, so that
+ *  we can invoke the proper sub-dissector for a given DCERPC
+ *  conversation.
+ * 
+ *  @param conv Conversation, generally located by call to
+ *                \ref find_conversation().
+ *  @param ctx_id Context ID extracted from DCERPC packet which
+ *                is part of target conversation.
+ *  @param pinfo Packet info for packet containing ctx_id.
+ *  @param uuid UUID to bind conversation to.
+ *  @param ver UUID version, qualifier for UUID.
+ * 
+ *  @return Pointer to newly-added UUID/conversation binding.
+ */
+struct _dcerpc_bind_value *
+add_conv_to_dcerpc_bind_table(conversation_t *conv,
+                              guint16 ctx_id,
+                              packet_info *pinfo,
+                              e_uuid_t uuid,
+                              guint16 ver)
+{
+    dcerpc_bind_value *bind_value;
+    dcerpc_bind_key *key;
+ 
+    if (conv == NULL) {
+        /* oops, no conversation to add */
+        return NULL;
+    }
+
+    bind_value = g_mem_chunk_alloc (dcerpc_bind_value_chunk);
+    bind_value->uuid = uuid;
+    bind_value->ver = ver;
+
+    key = g_mem_chunk_alloc(dcerpc_bind_key_chunk);
+    key->conv = conv;
+    key->ctx_id = ctx_id;
+    key->smb_fid = get_transport_salt(pinfo, pinfo->dcetransporttype);
+ 
+    /* add this entry to the bind table, first removing any
+       previous ones that are identical
+     */
+    if(g_hash_table_lookup(dcerpc_binds, key)){
+            g_hash_table_remove(dcerpc_binds, key);
+    }
+    g_hash_table_insert(dcerpc_binds, key, bind_value);
+
+    return bind_value;
+
+}
+
 static void
 dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, 
 			proto_tree *dcerpc_tree, proto_tree *tree,
@@ -2823,6 +2881,10 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
     offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
                                     hf_dcerpc_opnum, &opnum);
 
+    /* save context ID for use with add_conv_to_dcerpc_bind_table() */
+    pinfo->dcectxid = ctx_id;
+    pinfo->dcetransporttype = transport_type;
+
     if (check_col (pinfo->cinfo, COL_INFO)) {
         col_append_fstr (pinfo->cinfo, COL_INFO, " opnum: %u ctx_id: %u",
                          opnum, ctx_id);
@@ -2980,6 +3042,10 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
     offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
                                     hf_dcerpc_cn_ctx_id, &ctx_id);
 
+    /* save context ID for use with add_conv_to_dcerpc_bind_table() */
+    pinfo->dcectxid = ctx_id;
+    pinfo->dcetransporttype = transport_type;
+
     if (check_col (pinfo->cinfo, COL_INFO)) {
         col_append_fstr (pinfo->cinfo, COL_INFO, " ctx_id: %u", ctx_id);
     }
@@ -3094,6 +3160,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
     offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
                                     hf_dcerpc_cn_status, &status);
 
+    /* save context ID for use with add_conv_to_dcerpc_bind_table() */
+    pinfo->dcectxid = ctx_id;
+    pinfo->dcetransporttype = transport_type;
+
     if (check_col (pinfo->cinfo, COL_INFO)) {
         col_append_fstr (pinfo->cinfo, COL_INFO,
                       " ctx_id: %u status: %s", ctx_id,
diff --git a/epan/dissectors/packet-dcerpc.h b/epan/dissectors/packet-dcerpc.h
index be76c321ae..32d5d30756 100644
--- a/epan/dissectors/packet-dcerpc.h
+++ b/epan/dissectors/packet-dcerpc.h
@@ -311,6 +311,14 @@ typedef struct _dcerpc_auth_subdissector_fns {
 void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
 				       dcerpc_auth_subdissector_fns *fns);
 
+/* Helper for "decode as" dialog to set up a UUID/conversation binding. */
+struct _dcerpc_bind_value *
+add_conv_to_dcerpc_bind_table(conversation_t *conv,
+                              guint16 ctx_id,
+                              packet_info *pinfo,
+                              e_uuid_t uuid,
+                              guint16 ver);
+
 /* Authentication services */
 
 /* 
diff --git a/epan/packet.c b/epan/packet.c
index 90f1eee8d4..aaf1bf7af1 100644
--- a/epan/packet.c
+++ b/epan/packet.c
@@ -297,6 +297,8 @@ dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
         edt->pi.src_idx = 0;
         edt->pi.dst_idx = 0;
         edt->pi.vsan = 0;
+        edt->pi.dcectxid = 0;
+        edt->pi.dcetransporttype = -1;
 
 	TRY {
 		edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
diff --git a/epan/packet_info.h b/epan/packet_info.h
index aa9e445b45..3a1828fef4 100644
--- a/epan/packet_info.h
+++ b/epan/packet_info.h
@@ -122,6 +122,10 @@ typedef struct _packet_info {
   guint16 src_idx;              /* Source port index (Cisco MDS-specific) */
   guint16 dst_idx;              /* Dest port index (Cisco MDS-specific) */
   guint16 vsan;                 /* Fibre channel/Cisco MDS-specific */
+  guint16 dcectxid;             /* Context ID (DCERPC-specific) */
+  int     dcetransporttype;     /* Transport type, tag for private_data (DCERPC-specific)
+                                 * Value -1 means "not a DCERPC packet"
+                                 */
   void    *private_data;	/* pointer to data passed from one dissector to another */
 } packet_info;
author	ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7>	2004-09-04 11:35:26 +0000
committer	ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7>	2004-09-04 11:35:26 +0000
commit	1eb1584d06f00787255cb50043bcc5f84c3b6142 (patch)
tree	638f9ce56469670151fdc27cb0f321ae7db65a35 /epan
parent	a23539263da9969fda6ec321da6c0363b52bc5e5 (diff)