diff options
| author | David Fort <contact@hardening-consulting.com> | 2021-07-08 12:24:35 +0200 |
|---|---|---|
| committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-09-07 08:13:57 +0000 |
| commit | a3eafc6a5b960643977689d1a5ef8e4daf8631ff (patch) | |
| tree | ac024e05bd145280a50b38ff0110cedff430506f /epan | |
| parent | 1bf1a1ea7c489da8aca61146ef90b975fc3d5876 (diff) | |
rdp: parses heartbeat messages
This patch adds parsing for Heartbeat packets and also fixes the ett that was used
for this tree.
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-rdp.c | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/epan/dissectors/packet-rdp.c b/epan/dissectors/packet-rdp.c index 3ca2e673a1..d88ee5c8b8 100644 --- a/epan/dissectors/packet-rdp.c +++ b/epan/dissectors/packet-rdp.c @@ -88,6 +88,7 @@ static int ett_rdp_DaylightDate = -1; static int ett_rdp_clientTimeZone = -1; static int ett_rdp_mt_req = -1; static int ett_rdp_mt_rsp = -1; +static int ett_rdp_heartbeat = -1; static expert_field ei_rdp_neg_len_invalid = EI_INIT; static expert_field ei_rdp_not_correlation_info = EI_INIT; @@ -214,6 +215,10 @@ static int hf_rdp_flagsAutodetectResp = -1; static int hf_rdp_flagsHeartbeat = -1; static int hf_rdp_flagsTransportReq = -1; static int hf_rdp_flagsTransportResp = -1; +static int hf_rdp_heartbeat_reserved = -1; +static int hf_rdp_heartbeat_period = -1; +static int hf_rdp_heartbeat_count1 = -1; +static int hf_rdp_heartbeat_count2 = -1; static int hf_rdp_mt_req_requestId = -1; static int hf_rdp_mt_req_protocol = -1; static int hf_rdp_mt_req_reserved = -1; @@ -1628,13 +1633,23 @@ dissect_rdp_MessageChannelData(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr ett_rdp_mt_req, NULL, "Autodetect response"); dissect_rdp_nyi(tvb, offset, pinfo, next_tree, "bandwidth packets not implemented yet"); + } else if (flags & SEC_HEARTBEAT) { + rdp_field_info_t heartbeat_fields[] = { + { &hf_rdp_heartbeat_reserved, 1, NULL, 0, 0, NULL }, + { &hf_rdp_heartbeat_period, 1, NULL, 0, 0, NULL }, + { &hf_rdp_heartbeat_count1, 1, NULL, 0, 0, NULL }, + { &hf_rdp_heartbeat_count2, 1, NULL, 0, 0, NULL }, + FI_TERMINATOR + }; + col_append_sep_str(pinfo->cinfo, COL_INFO, " ", "Heartbeat"); next_tree = proto_tree_add_subtree(tree, tvb, offset, -1, - ett_rdp_mt_req, NULL, "Heartbeat"); - dissect_rdp_nyi(tvb, offset, pinfo, next_tree, - "bandwidth packets not implemented yet"); + ett_rdp_heartbeat, NULL, "Heartbeat"); + + offset = dissect_rdp_fields(tvb, offset, pinfo, next_tree, + heartbeat_fields, 0); } return tvb_captured_length(tvb); @@ -3020,6 +3035,22 @@ proto_register_rdp(void) { { "length", "rdp.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_rdp_heartbeat_reserved, + { "reserved", "rdp.heartbeat.reserved", + FT_UINT8, BASE_HEX, NULL, 0, + NULL, HFILL}}, + { &hf_rdp_heartbeat_period, + { "Period", "rdp.heartbeat.period", + FT_UINT8, BASE_DEC, NULL, 0, + NULL, HFILL}}, + { &hf_rdp_heartbeat_count1, + { "Count1", "rdp.heartbeat.count1", + FT_UINT8, BASE_DEC, NULL, 0, + NULL, HFILL}}, + { &hf_rdp_heartbeat_count2, + { "Count1", "rdp.heartbeat.count2", + FT_UINT8, BASE_DEC, NULL, 0, + NULL, HFILL}}, { &hf_rdp_mt_req_requestId, { "Request id", "rdp.mtreq.requestid", FT_UINT32, BASE_HEX, NULL, 0, @@ -3639,6 +3670,7 @@ proto_register_rdp(void) { &ett_rdp_compressedType, &ett_rdp_mt_req, &ett_rdp_mt_rsp, + &ett_rdp_heartbeat, &ett_rdp_flags, &ett_rdp_mapFlags, &ett_rdp_options, |