diff options
author | ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7> | 2004-09-04 11:35:26 +0000 |
---|---|---|
committer | ulfl <ulfl@f5534014-38df-0310-8fa8-9805f1628bb7> | 2004-09-04 11:35:26 +0000 |
commit | 1eb1584d06f00787255cb50043bcc5f84c3b6142 (patch) | |
tree | 638f9ce56469670151fdc27cb0f321ae7db65a35 /epan | |
parent | a23539263da9969fda6ec321da6c0363b52bc5e5 (diff) |
From Eric Wedel: backend things for "Decode As" of DCE-RPC interfaces
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11894 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-dcerpc.c | 70 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc.h | 8 | ||||
-rw-r--r-- | epan/packet.c | 2 | ||||
-rw-r--r-- | epan/packet_info.h | 4 |
4 files changed, 84 insertions, 0 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index 19c79fea6a..0cf75db889 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -282,6 +282,7 @@ static const value_string reject_status_vals[] = { /* we need to keep track of what transport were used, ie what handle we came * in through so we know what kind of pinfo->private_data was passed to us. */ +/* Value of -1 is reserved for "not DCE packet" in packet_info.dcetransporttype. */ #define DCE_TRANSPORT_UNKNOWN 0 #define DCE_CN_TRANSPORT_SMBPIPE 1 @@ -2271,6 +2272,12 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep, hf_dcerpc_cn_ctx_id, &ctx_id); + /* save context ID for use with add_conv_to_dcerpc_bind_table() */ + /* (if we have multiple contexts, this might cause "decode as" + * to behave unpredictably) */ + pinfo->dcectxid = ctx_id; + pinfo->dcetransporttype = transport_type; + if (dcerpc_tree) { proto_item *ctx_item; @@ -2799,6 +2806,57 @@ end_cn_stub: pinfo->fragmented = save_fragmented; } +/** + * Registers a conversation/UUID binding association, so that + * we can invoke the proper sub-dissector for a given DCERPC + * conversation. + * + * @param conv Conversation, generally located by call to + * \ref find_conversation(). + * @param ctx_id Context ID extracted from DCERPC packet which + * is part of target conversation. + * @param pinfo Packet info for packet containing ctx_id. + * @param uuid UUID to bind conversation to. + * @param ver UUID version, qualifier for UUID. + * + * @return Pointer to newly-added UUID/conversation binding. + */ +struct _dcerpc_bind_value * +add_conv_to_dcerpc_bind_table(conversation_t *conv, + guint16 ctx_id, + packet_info *pinfo, + e_uuid_t uuid, + guint16 ver) +{ + dcerpc_bind_value *bind_value; + dcerpc_bind_key *key; + + if (conv == NULL) { + /* oops, no conversation to add */ + return NULL; + } + + bind_value = g_mem_chunk_alloc (dcerpc_bind_value_chunk); + bind_value->uuid = uuid; + bind_value->ver = ver; + + key = g_mem_chunk_alloc(dcerpc_bind_key_chunk); + key->conv = conv; + key->ctx_id = ctx_id; + key->smb_fid = get_transport_salt(pinfo, pinfo->dcetransporttype); + + /* add this entry to the bind table, first removing any + previous ones that are identical + */ + if(g_hash_table_lookup(dcerpc_binds, key)){ + g_hash_table_remove(dcerpc_binds, key); + } + g_hash_table_insert(dcerpc_binds, key, bind_value); + + return bind_value; + +} + static void dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *dcerpc_tree, proto_tree *tree, @@ -2823,6 +2881,10 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, hf_dcerpc_opnum, &opnum); + /* save context ID for use with add_conv_to_dcerpc_bind_table() */ + pinfo->dcectxid = ctx_id; + pinfo->dcetransporttype = transport_type; + if (check_col (pinfo->cinfo, COL_INFO)) { col_append_fstr (pinfo->cinfo, COL_INFO, " opnum: %u ctx_id: %u", opnum, ctx_id); @@ -2980,6 +3042,10 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, hf_dcerpc_cn_ctx_id, &ctx_id); + /* save context ID for use with add_conv_to_dcerpc_bind_table() */ + pinfo->dcectxid = ctx_id; + pinfo->dcetransporttype = transport_type; + if (check_col (pinfo->cinfo, COL_INFO)) { col_append_fstr (pinfo->cinfo, COL_INFO, " ctx_id: %u", ctx_id); } @@ -3094,6 +3160,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo, offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, hf_dcerpc_cn_status, &status); + /* save context ID for use with add_conv_to_dcerpc_bind_table() */ + pinfo->dcectxid = ctx_id; + pinfo->dcetransporttype = transport_type; + if (check_col (pinfo->cinfo, COL_INFO)) { col_append_fstr (pinfo->cinfo, COL_INFO, " ctx_id: %u status: %s", ctx_id, diff --git a/epan/dissectors/packet-dcerpc.h b/epan/dissectors/packet-dcerpc.h index be76c321ae..32d5d30756 100644 --- a/epan/dissectors/packet-dcerpc.h +++ b/epan/dissectors/packet-dcerpc.h @@ -311,6 +311,14 @@ typedef struct _dcerpc_auth_subdissector_fns { void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type, dcerpc_auth_subdissector_fns *fns); +/* Helper for "decode as" dialog to set up a UUID/conversation binding. */ +struct _dcerpc_bind_value * +add_conv_to_dcerpc_bind_table(conversation_t *conv, + guint16 ctx_id, + packet_info *pinfo, + e_uuid_t uuid, + guint16 ver); + /* Authentication services */ /* diff --git a/epan/packet.c b/epan/packet.c index 90f1eee8d4..aaf1bf7af1 100644 --- a/epan/packet.c +++ b/epan/packet.c @@ -297,6 +297,8 @@ dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header, edt->pi.src_idx = 0; edt->pi.dst_idx = 0; edt->pi.vsan = 0; + edt->pi.dcectxid = 0; + edt->pi.dcetransporttype = -1; TRY { edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len); diff --git a/epan/packet_info.h b/epan/packet_info.h index aa9e445b45..3a1828fef4 100644 --- a/epan/packet_info.h +++ b/epan/packet_info.h @@ -122,6 +122,10 @@ typedef struct _packet_info { guint16 src_idx; /* Source port index (Cisco MDS-specific) */ guint16 dst_idx; /* Dest port index (Cisco MDS-specific) */ guint16 vsan; /* Fibre channel/Cisco MDS-specific */ + guint16 dcectxid; /* Context ID (DCERPC-specific) */ + int dcetransporttype; /* Transport type, tag for private_data (DCERPC-specific) + * Value -1 means "not a DCERPC packet" + */ void *private_data; /* pointer to data passed from one dissector to another */ } packet_info; |