aboutsummaryrefslogtreecommitdiffstats
path: root/packet-nbipx.c
diff options
context:
space:
mode:
authorGuy Harris <guy@alum.mit.edu>1999-09-03 03:22:19 +0000
committerGuy Harris <guy@alum.mit.edu>1999-09-03 03:22:19 +0000
commitfdc29358f301f0d30d5878bde9c93295333b63c7 (patch)
tree1dd4301e74b7255a33883d2e3062c87480354f94 /packet-nbipx.c
parent27c0d2d022ebb3dbab6cacf96fbdb744e7b6f58e (diff)
Stuff to IPX socket 0x0455 (NetBIOS), and to sockets 0x0551 and 0x0553
(NWLink), are sufficiently different that they should be handled in different routines. Change the decode to match NetMon a bit more. svn path=/trunk/; revision=631
Diffstat (limited to 'packet-nbipx.c')
-rw-r--r--packet-nbipx.c363
1 files changed, 216 insertions, 147 deletions
diff --git a/packet-nbipx.c b/packet-nbipx.c
index 22c9d3be0d..ade2aed1e6 100644
--- a/packet-nbipx.c
+++ b/packet-nbipx.c
@@ -2,7 +2,7 @@
* Routines for NetBIOS over IPX packet disassembly
* Gilbert Ramirez <gram@verdict.uthscsa.edu>
*
- * $Id: packet-nbipx.c,v 1.13 1999/09/03 00:38:50 guy Exp $
+ * $Id: packet-nbipx.c,v 1.14 1999/09/03 03:22:19 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@@ -45,8 +45,8 @@ enum nbipx_protocol {
};
static void
-nbipx_ns(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
- enum nbipx_protocol nbipx, int max_data);
+dissect_nbipx_ns(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
+ int max_data);
static void
dissect_nbipx_dg(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
int max_data);
@@ -113,6 +113,9 @@ dissect_nbipx(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
{
int max_data = pi.captured_len - offset;
+ if (check_col(fd, COL_PROTOCOL))
+ col_add_str(fd, COL_PROTOCOL, "NBIPX");
+
/*
* As said above, we look at the length of the packet to decide
* whether to treat it as a name-service packet or a datagram
@@ -120,176 +123,103 @@ dissect_nbipx(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
* LOCATION* in different types of packet...).
*/
if (END_OF_FRAME == 50)
- nbipx_ns(pd, offset, fd, tree, NETBIOS_NETWARE, max_data);
+ dissect_nbipx_ns(pd, offset, fd, tree, max_data);
else
dissect_nbipx_dg(pd, offset, fd, tree, max_data);
}
-void
-dissect_nwlink_dg(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
+static void
+add_routers(proto_tree *tree, const u_char *pd, int offset)
{
- int max_data = pi.captured_len - offset;
-
- nbipx_ns(pd, offset, fd, tree, NETBIOS_NWLINK, max_data);
+ int i;
+ int rtr_offset;
+ guint32 router;
+
+ /* Eight routers are listed */
+ for (i = 0; i < 8; i++) {
+ rtr_offset = offset + (i << 2);
+ memcpy(&router, &pd[rtr_offset], 4);
+ if (router != 0) {
+ proto_tree_add_text(tree, rtr_offset, 4, "IPX Network: %s",
+ ipxnet_to_string((guint8*)&router));
+ }
+ }
}
-
static void
-nbipx_ns(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
- enum nbipx_protocol nbipx, int max_data)
+dissect_nbipx_ns(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
+ int max_data)
{
proto_tree *nbipx_tree;
proto_item *ti;
- int i;
guint8 packet_type;
guint8 name_type_flag;
proto_tree *name_type_flag_tree;
proto_item *tf;
- int name_offset;
char name[(NETBIOS_NAME_LEN - 1)*4 + 1];
int name_type;
- char node_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
- int node_name_type = 0;
- int rtr_offset;
- guint32 router[8];
-
- if (nbipx == NETBIOS_NETWARE) {
- name_offset = 34;
- }
- else {
- name_offset = 36;
- }
-
name_type_flag = pd[offset+32];
packet_type = pd[offset+33];
- name_type = get_netbios_name(pd, offset+name_offset, name);
-
- if (nbipx == NETBIOS_NWLINK)
- node_name_type = get_netbios_name(pd, offset+52, node_name);
-
- if (check_col(fd, COL_PROTOCOL)) {
- if (nbipx == NETBIOS_NETWARE) {
- col_add_str(fd, COL_PROTOCOL, "NBIPX");
- }
- else {
- col_add_str(fd, COL_PROTOCOL, "NWLink");
- }
- }
+ name_type = get_netbios_name(pd, offset+34, name);
if (check_col(fd, COL_INFO)) {
- if (nbipx == NETBIOS_NETWARE) {
- switch (packet_type) {
- case NBIPX_FIND_NAME:
- case NBIPX_NAME_RECOGNIZED:
- case NBIPX_CHECK_NAME:
- case NBIPX_NAME_IN_USE:
- case NBIPX_DEREGISTER_NAME:
- col_add_fstr(fd, COL_INFO, "%s %s<%02x>",
- val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"),
- name, name_type);
- break;
+ switch (packet_type) {
+ case NBIPX_FIND_NAME:
+ case NBIPX_NAME_RECOGNIZED:
+ case NBIPX_CHECK_NAME:
+ case NBIPX_NAME_IN_USE:
+ case NBIPX_DEREGISTER_NAME:
+ col_add_fstr(fd, COL_INFO, "%s %s<%02x>",
+ val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"),
+ name, name_type);
+ break;
- default:
- col_add_fstr(fd, COL_INFO, "%s",
- val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"));
- break;
- }
- }
- else {
- switch (packet_type) {
- case NWLINK_NAME_QUERY:
- col_add_fstr(fd, COL_INFO, "Name Query for %s<%02x>",
- name, name_type);
- break;
-
- case NWLINK_SMB:
- /* Session? */
- col_add_fstr(fd, COL_INFO, "SMB over NBIPX");
- break;
-
- case NWLINK_NETBIOS_DATAGRAM:
- /* Datagram? (Where did we see this?) */
- col_add_fstr(fd, COL_INFO, "NetBIOS datagram over NBIPX");
- break;
-
- default:
- col_add_str(fd, COL_INFO, "NetBIOS over IPX (NWLink)");
- break;
- }
+ default:
+ col_add_fstr(fd, COL_INFO, "%s",
+ val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"));
+ break;
}
}
if (tree) {
- ti = proto_tree_add_item(tree, proto_nbipx, offset, 68, NULL);
+ ti = proto_tree_add_item(tree, proto_nbipx, offset, 50, NULL);
nbipx_tree = proto_item_add_subtree(ti, ETT_NBIPX);
- if (nbipx == NETBIOS_NETWARE) {
- proto_tree_add_text(nbipx_tree, offset+33, 1,
- "Packet Type: %s (%02X)",
- val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"),
- packet_type);
- } else {
- proto_tree_add_text(nbipx_tree, offset+33, 1,
- "Packet Type: %s (%02X)",
- val_to_str(packet_type, nwlink_data_stream_type_vals, "Unknown"),
- packet_type);
- }
-
- /* Eight routers are listed */
- for (i = 0; i < 8; i++) {
- rtr_offset = offset + (i << 2);
- memcpy(&router[i], &pd[rtr_offset], 4);
- if (router[i] != 0) {
- proto_tree_add_text(nbipx_tree, rtr_offset, 4, "IPX Network: %s",
- ipxnet_to_string((guint8*)&router[i]));
- }
- }
+ add_routers(nbipx_tree, pd, offset);
tf = proto_tree_add_text(nbipx_tree, offset+32, 1,
- "Name type flag: 0x%02x",
- name_type_flag);
+ "Name type flag: 0x%02x", name_type_flag);
name_type_flag_tree = proto_item_add_subtree(tf,
- ETT_NBIPX_NAME_TYPE_FLAGS);
- proto_tree_add_text(name_type_flag_tree, offset+32, 1, "%s",
- decode_boolean_bitfield(name_type_flag, 0x80, 8,
- "Group name", "Unique name"));
- proto_tree_add_text(name_type_flag_tree, offset+32, 1, "%s",
- decode_boolean_bitfield(name_type_flag, 0x40, 8,
- "Name in use", "Name not used"));
- proto_tree_add_text(name_type_flag_tree, offset+32, 1, "%s",
- decode_boolean_bitfield(name_type_flag, 0x04, 8,
- "Name registered", "Name not registered"));
- proto_tree_add_text(name_type_flag_tree, offset+32, 1, "%s",
- decode_boolean_bitfield(name_type_flag, 0x02, 8,
- "Name duplicated", "Name not duplicated"));
- proto_tree_add_text(name_type_flag_tree, offset+32, 1, "%s",
- decode_boolean_bitfield(name_type_flag, 0x01, 8,
- "Name deregistered", "Name not deregistered"));
-
- if (nbipx == NETBIOS_NETWARE) {
- netbios_add_name("Name", &pd[offset], offset,
- name_offset, nbipx_tree);
- }
- else {
- netbios_add_name("Group name", &pd[offset], offset,
- name_offset, nbipx_tree);
- netbios_add_name("Node name", &pd[offset], offset,
- 52, nbipx_tree);
- }
- }
-
- if (nbipx == NETBIOS_NWLINK) {
- switch (packet_type) {
- case NWLINK_SMB:
- case NWLINK_NETBIOS_DATAGRAM:
- dissect_smb(pd, offset + 68, fd, tree, max_data - 68);
- break;
-
- default:
- dissect_data(pd, offset + 68, fd, tree);
- break;
- }
+ ETT_NBIPX_NAME_TYPE_FLAGS);
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x80, 8,
+ "Group name", "Unique name"));
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x40, 8,
+ "Name in use", "Name not used"));
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x04, 8,
+ "Name registered", "Name not registered"));
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x02, 8,
+ "Name duplicated", "Name not duplicated"));
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x01, 8,
+ "Name deregistered", "Name not deregistered"));
+
+ proto_tree_add_text(nbipx_tree, offset+33, 1,
+ "Packet Type: %s (%02X)",
+ val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"),
+ packet_type);
+
+ netbios_add_name("Name", &pd[offset], offset,
+ 34, nbipx_tree);
}
}
@@ -300,22 +230,20 @@ dissect_nbipx_dg(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
proto_tree *nbipx_tree;
proto_item *ti;
- if (check_col(fd, COL_PROTOCOL))
- col_add_str(fd, COL_PROTOCOL, "NetBIOS");
-
if (check_col(fd, COL_INFO))
col_add_fstr(fd, COL_INFO, "NetBIOS datagram over NBIPX");
if (tree) {
- ti = proto_tree_add_item(tree, proto_nbipx, offset, 68, NULL);
+ ti = proto_tree_add_item(tree, proto_nbipx, offset,
+ 2+16+16, NULL);
nbipx_tree = proto_item_add_subtree(ti, ETT_NBIPX);
+ proto_tree_add_text(nbipx_tree, offset, 1,
+ "Connection control: 0x%02x", pd[offset]);
proto_tree_add_text(nbipx_tree, offset+1, 1,
"Packet Type: %s (%02X)",
val_to_str(pd[offset+1], nbipx_data_stream_type_vals, "Unknown"),
pd[offset+1]);
- proto_tree_add_text(nbipx_tree, offset, 1,
- "Connection control: 0x%02x", pd[offset]);
netbios_add_name("Receiver's Name", &pd[offset],
offset, 2, nbipx_tree);
netbios_add_name("Sender's Name", &pd[offset],
@@ -326,6 +254,147 @@ dissect_nbipx_dg(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
}
void
+dissect_nwlink_dg(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
+{
+ int max_data = pi.captured_len - offset;
+ proto_tree *nbipx_tree;
+ proto_item *ti;
+ guint8 packet_type;
+ guint8 name_type_flag;
+ proto_tree *name_type_flag_tree;
+ proto_item *tf;
+ char name[(NETBIOS_NAME_LEN - 1)*4 + 1];
+ int name_type;
+ char node_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
+ int node_name_type = 0;
+
+ name_type_flag = pd[offset+32];
+ packet_type = pd[offset+33];
+ name_type = get_netbios_name(pd, offset+36, name);
+ node_name_type = get_netbios_name(pd, offset+52, node_name);
+
+ if (check_col(fd, COL_PROTOCOL))
+ col_add_str(fd, COL_PROTOCOL, "NWLink");
+
+ if (check_col(fd, COL_INFO)) {
+ /*
+ * XXX - Microsoft Network Monitor thinks that the octet
+ * at 32 is a packet type, e.g. "mailslot write" for
+ * browser announcements, and that the octet at 33 is a
+ * name type, in the sense of the 16th byte of a
+ * NetBIOS name.
+ *
+ * A name type of 2 shows up in a "host announcement",
+ * and a name type of 3 shows up in a "local master
+ * annoumcement", so maybe that field really *is* a
+ * name type - the fact that it's not associated with
+ * any of the NetBIOS names in the packet nonwithstanding.
+ *
+ * I haven't seen any packets with the name type octet
+ * being anything other than 2 or 3, so I don't know
+ * whether those are name service operations; however,
+ * given that NWLink, unlike socket-0x0455 NBIPX,
+ * has separate sockets for name queries and datagrams,
+ * it may be that this really is a name type, and that
+ * these are all datagrams, not name queries.
+ */
+ switch (packet_type) {
+ case NWLINK_NAME_QUERY:
+ col_add_fstr(fd, COL_INFO, "Name Query for %s<%02x>",
+ name, name_type);
+ break;
+
+ case NWLINK_SMB:
+ /* Session? */
+ col_add_fstr(fd, COL_INFO, "SMB over NBIPX");
+ break;
+
+ case NWLINK_NETBIOS_DATAGRAM:
+ /* Datagram? (Where did we see this?) */
+ col_add_fstr(fd, COL_INFO, "NetBIOS datagram over NBIPX");
+ break;
+
+ default:
+ col_add_str(fd, COL_INFO, "NetBIOS over IPX (NWLink)");
+ break;
+ }
+ }
+
+ if (tree) {
+ ti = proto_tree_add_item(tree, proto_nbipx, offset, 68, NULL);
+ nbipx_tree = proto_item_add_subtree(ti, ETT_NBIPX);
+
+ add_routers(nbipx_tree, pd, offset);
+
+ /*
+ * XXX - is "packet_type" really a packet type? See
+ * above.
+ */
+ if (packet_type != NWLINK_SMB &&
+ packet_type != NWLINK_NETBIOS_DATAGRAM) {
+ tf = proto_tree_add_text(nbipx_tree, offset+32, 1,
+ "Name type flag: 0x%02x",
+ name_type_flag);
+ name_type_flag_tree = proto_item_add_subtree(tf,
+ ETT_NBIPX_NAME_TYPE_FLAGS);
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x80, 8,
+ "Group name", "Unique name"));
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x40, 8,
+ "Name in use", "Name not used"));
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x04, 8,
+ "Name registered", "Name not registered"));
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x02, 8,
+ "Name duplicated", "Name not duplicated"));
+ proto_tree_add_text(name_type_flag_tree, offset+32,
+ 1, "%s",
+ decode_boolean_bitfield(name_type_flag, 0x01, 8,
+ "Name deregistered", "Name not deregistered"));
+
+ netbios_add_name("Group name", &pd[offset], offset,
+ 36, nbipx_tree);
+ netbios_add_name("Node name", &pd[offset], offset,
+ 52, nbipx_tree);
+ proto_tree_add_text(nbipx_tree, offset+33, 1,
+ "Packet Type: %s (%02X)",
+ val_to_str(packet_type, nwlink_data_stream_type_vals, "Unknown"),
+ packet_type);
+ } else {
+ proto_tree_add_text(nbipx_tree, offset+32, 1,
+ "Packet type: 0x%02x", name_type_flag);
+ proto_tree_add_text(nbipx_tree, offset+33, 1,
+ "Name Type: %s (0x%02x)",
+ netbios_name_type_descr(packet_type),
+ packet_type);
+ proto_tree_add_text(nbipx_tree, offset+34, 2,
+ "Message ID: 0x%04x", pletohs(&pd[offset+34]));
+ netbios_add_name("Requested name", &pd[offset], offset,
+ 36, nbipx_tree);
+ netbios_add_name("Source name", &pd[offset], offset,
+ 52, nbipx_tree);
+ }
+ }
+
+ switch (packet_type) {
+ case NWLINK_SMB:
+ case NWLINK_NETBIOS_DATAGRAM:
+ dissect_smb(pd, offset + 68, fd, tree, max_data - 68);
+ break;
+
+ default:
+ dissect_data(pd, offset + 68, fd, tree);
+ break;
+ }
+}
+
+void
proto_register_nbipx(void)
{
/* static hf_register_info hf[] = {