diff options
-rw-r--r-- | epan/CMakeLists.txt | 1 | ||||
-rw-r--r-- | epan/dissectors/Makefile.common | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc-witness.c | 1652 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc-witness.h | 46 | ||||
-rw-r--r-- | epan/dissectors/pidl/witness.cnf | 203 | ||||
-rw-r--r-- | epan/dissectors/pidl/witness.idl | 152 |
6 files changed, 2055 insertions, 0 deletions
diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index c3dd03641e..9601b75568 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -191,6 +191,7 @@ set(PIDL_DISSECTOR_SRC dissectors/packet-dcerpc-rfr.c dissectors/packet-dcerpc-srvsvc.c dissectors/packet-dcerpc-winreg.c + dissectors/packet-dcerpc-witness.c dissectors/packet-dcerpc-wkssvc.c dissectors/packet-dcerpc-wzcsvc.c ) diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index b9ef0f1e60..4ae891cda5 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -64,6 +64,7 @@ PIDL_DISSECTOR_SRC = \ packet-dcerpc-rfr.c \ packet-dcerpc-srvsvc.c \ packet-dcerpc-winreg.c \ + packet-dcerpc-witness.c \ packet-dcerpc-wkssvc.c \ packet-dcerpc-wzcsvc.c diff --git a/epan/dissectors/packet-dcerpc-witness.c b/epan/dissectors/packet-dcerpc-witness.c new file mode 100644 index 0000000000..82c24f9799 --- /dev/null +++ b/epan/dissectors/packet-dcerpc-witness.c @@ -0,0 +1,1652 @@ +/* DO NOT EDIT + This file was automatically generated by Pidl + from pidl/witness.idl and pidl/witness.cnf. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Wireshark team. + Instructions on how to download and install Pidl can be + found at https://wiki.wireshark.org/Pidl +*/ + + +#include "config.h" +#include <glib.h> +#include <string.h> +#include <epan/packet.h> + +#include "packet-dcerpc.h" +#include "packet-dcerpc-nt.h" +#include "packet-windows-common.h" +#include "packet-dcerpc-witness.h" +void proto_register_dcerpc_witness(void); +void proto_reg_handoff_dcerpc_witness(void); + +/* Ett declarations */ +static gint ett_dcerpc_witness = -1; +static gint ett_witness_witness_interfaceInfo_flags = -1; +static gint ett_witness_witness_interfaceInfo = -1; +static gint ett_witness_witness_interfaceList = -1; +static gint ett_witness_witness_ResourceChange = -1; +static gint ett_witness_witness_IPaddrInfo_flags = -1; +static gint ett_witness_witness_IPaddrInfo = -1; +static gint ett_witness_witness_IPaddrInfoList = -1; +static gint ett_witness_witness_notifyResponse_message = -1; +static gint ett_witness_witness_notifyResponse = -1; +static gint ett_witness_witness_RegisterEx_flags = -1; + + +/* Header field declarations */ +static gint hf_witness_opnum = -1; +static gint hf_witness_werror = -1; +static gint hf_witness_witness_AsyncNotify_context_handle = -1; +static gint hf_witness_witness_AsyncNotify_response = -1; +static gint hf_witness_witness_GetInterfaceList_interface_list = -1; +static gint hf_witness_witness_IPaddrInfoList_addr = -1; +static gint hf_witness_witness_IPaddrInfoList_length = -1; +static gint hf_witness_witness_IPaddrInfoList_num = -1; +static gint hf_witness_witness_IPaddrInfoList_reserved = -1; +static gint hf_witness_witness_IPaddrInfo_flags = -1; +static gint hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_OFFLINE = -1; +static gint hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_ONLINE = -1; +static gint hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_V4 = -1; +static gint hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_V6 = -1; +static gint hf_witness_witness_IPaddrInfo_ipv4 = -1; +static gint hf_witness_witness_IPaddrInfo_ipv6 = -1; +static gint hf_witness_witness_RegisterEx_client_computer_name = -1; +static gint hf_witness_witness_RegisterEx_context_handle = -1; +static gint hf_witness_witness_RegisterEx_flags = -1; +static gint hf_witness_witness_RegisterEx_flags_WITNESS_REGISTER_IP_NOTIFICATION = -1; +static gint hf_witness_witness_RegisterEx_flags_WITNESS_REGISTER_NONE = -1; +static gint hf_witness_witness_RegisterEx_ip_address = -1; +static gint hf_witness_witness_RegisterEx_net_name = -1; +static gint hf_witness_witness_RegisterEx_share_name = -1; +static gint hf_witness_witness_RegisterEx_timeout = -1; +static gint hf_witness_witness_RegisterEx_version = -1; +static gint hf_witness_witness_Register_client_computer_name = -1; +static gint hf_witness_witness_Register_context_handle = -1; +static gint hf_witness_witness_Register_ip_address = -1; +static gint hf_witness_witness_Register_net_name = -1; +static gint hf_witness_witness_Register_version = -1; +static gint hf_witness_witness_ResourceChange_length = -1; +static gint hf_witness_witness_ResourceChange_name = -1; +static gint hf_witness_witness_ResourceChange_type = -1; +static gint hf_witness_witness_UnRegister_context_handle = -1; +static gint hf_witness_witness_interfaceInfo_flags = -1; +static gint hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_IPv4_VALID = -1; +static gint hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_IPv6_VALID = -1; +static gint hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_WITNESS_IF = -1; +static gint hf_witness_witness_interfaceInfo_group_name = -1; +static gint hf_witness_witness_interfaceInfo_ipv4 = -1; +static gint hf_witness_witness_interfaceInfo_ipv6 = -1; +static gint hf_witness_witness_interfaceInfo_state = -1; +static gint hf_witness_witness_interfaceInfo_version = -1; +static gint hf_witness_witness_interfaceList_interfaces = -1; +static gint hf_witness_witness_interfaceList_num_interfaces = -1; +static gint hf_witness_witness_notifyResponse_length = -1; +static gint hf_witness_witness_notifyResponse_message_client_move = -1; +static gint hf_witness_witness_notifyResponse_message_data = -1; +static gint hf_witness_witness_notifyResponse_message_ip_change = -1; +static gint hf_witness_witness_notifyResponse_message_resource_change = -1; +static gint hf_witness_witness_notifyResponse_message_share_move = -1; +static gint hf_witness_witness_notifyResponse_messages = -1; +static gint hf_witness_witness_notifyResponse_messages_ = -1; +static gint hf_witness_witness_notifyResponse_num = -1; +static gint hf_witness_witness_notifyResponse_type = -1; + +static gint proto_dcerpc_witness = -1; +/* Version information */ + + +static e_guid_t uuid_dcerpc_witness = { + 0xccd8c074, 0xd0e5, 0x4a40, + { 0x92, 0xb4, 0xd0, 0x74, 0xfa, 0xa6, 0xba, 0x28 } +}; +static guint16 ver_dcerpc_witness = 1; + +const value_string witness_witness_version_vals[] = { + { WITNESS_V1, "WITNESS_V1" }, + { WITNESS_V2, "WITNESS_V2" }, + { WITNESS_UNSPECIFIED_VERSION, "WITNESS_UNSPECIFIED_VERSION" }, +{ 0, NULL } +}; +const value_string witness_witness_interfaceInfo_state_vals[] = { + { WITNESS_STATE_UNKNOWN, "WITNESS_STATE_UNKNOWN" }, + { WITNESS_STATE_AVAILABLE, "WITNESS_STATE_AVAILABLE" }, + { WITNESS_STATE_UNAVAILABLE, "WITNESS_STATE_UNAVAILABLE" }, +{ 0, NULL } +}; +static const true_false_string witness_interfaceInfo_flags_WITNESS_INFO_IPv4_VALID_tfs = { + "WITNESS_INFO_IPv4_VALID is SET", + "WITNESS_INFO_IPv4_VALID is NOT SET", +}; +static const true_false_string witness_interfaceInfo_flags_WITNESS_INFO_IPv6_VALID_tfs = { + "WITNESS_INFO_IPv6_VALID is SET", + "WITNESS_INFO_IPv6_VALID is NOT SET", +}; +static const true_false_string witness_interfaceInfo_flags_WITNESS_INFO_WITNESS_IF_tfs = { + "WITNESS_INFO_WITNESS_IF is SET", + "WITNESS_INFO_WITNESS_IF is NOT SET", +}; +static int witness_dissect_element_interfaceInfo_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_interfaceInfo_state(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_interfaceInfo_ipv4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_interfaceInfo_ipv6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_interfaceInfo_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_interfaceList_num_interfaces(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_interfaceList_interfaces(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_interfaceList_interfaces_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_interfaceList_interfaces__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +const value_string witness_witness_notifyResponse_type_vals[] = { + { WITNESS_NOTIFY_RESOURCE_CHANGE, "WITNESS_NOTIFY_RESOURCE_CHANGE" }, + { WITNESS_NOTIFY_CLIENT_MOVE, "WITNESS_NOTIFY_CLIENT_MOVE" }, + { WITNESS_NOTIFY_SHARE_MOVE, "WITNESS_NOTIFY_SHARE_MOVE" }, + { WITNESS_NOTIFY_IP_CHANGE, "WITNESS_NOTIFY_IP_CHANGE" }, +{ 0, NULL } +}; +const value_string witness_witness_ResourceChange_type_vals[] = { + { WITNESS_RESOURCE_STATE_UNKNOWN, "WITNESS_RESOURCE_STATE_UNKNOWN" }, + { WITNESS_RESOURCE_STATE_AVAILABLE, "WITNESS_RESOURCE_STATE_AVAILABLE" }, + { WITNESS_RESOURCE_STATE_UNAVAILABLE, "WITNESS_RESOURCE_STATE_UNAVAILABLE" }, +{ 0, NULL } +}; +static int witness_dissect_element_ResourceChange_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_ResourceChange_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_ResourceChange_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static const true_false_string witness_IPaddrInfo_flags_WITNESS_IPADDR_V4_tfs = { + "WITNESS_IPADDR_V4 is SET", + "WITNESS_IPADDR_V4 is NOT SET", +}; +static const true_false_string witness_IPaddrInfo_flags_WITNESS_IPADDR_V6_tfs = { + "WITNESS_IPADDR_V6 is SET", + "WITNESS_IPADDR_V6 is NOT SET", +}; +static const true_false_string witness_IPaddrInfo_flags_WITNESS_IPADDR_ONLINE_tfs = { + "WITNESS_IPADDR_ONLINE is SET", + "WITNESS_IPADDR_ONLINE is NOT SET", +}; +static const true_false_string witness_IPaddrInfo_flags_WITNESS_IPADDR_OFFLINE_tfs = { + "WITNESS_IPADDR_OFFLINE is SET", + "WITNESS_IPADDR_OFFLINE is NOT SET", +}; +static int witness_dissect_element_IPaddrInfo_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_IPaddrInfo_ipv4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_IPaddrInfo_ipv6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_IPaddrInfoList_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_IPaddrInfoList_reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_IPaddrInfoList_num(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_notifyResponse_message_resource_change(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_notifyResponse_message_client_move(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_notifyResponse_message_share_move(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_notifyResponse_message_ip_change(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_notifyResponse_message_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_notifyResponse_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *type); +static int witness_dissect_element_notifyResponse_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_notifyResponse_num(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static const true_false_string witness_RegisterEx_flags_WITNESS_REGISTER_NONE_tfs = { + "WITNESS_REGISTER_NONE is SET", + "WITNESS_REGISTER_NONE is NOT SET", +}; +static const true_false_string witness_RegisterEx_flags_WITNESS_REGISTER_IP_NOTIFICATION_tfs = { + "WITNESS_REGISTER_IP_NOTIFICATION is SET", + "WITNESS_REGISTER_IP_NOTIFICATION is NOT SET", +}; +static int witness_dissect_element_GetInterfaceList_interface_list(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_GetInterfaceList_interface_list_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_GetInterfaceList_interface_list__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_context_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_context_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_net_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_net_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_ip_address(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_ip_address_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_client_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_Register_client_computer_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_UnRegister_context_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_AsyncNotify_context_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_AsyncNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_AsyncNotify_response_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_AsyncNotify_response__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_context_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_context_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_net_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_net_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_share_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_share_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_ip_address(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_ip_address_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_client_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_client_computer_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int witness_dissect_element_RegisterEx_timeout(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); + #include "packet-smb-common.h" + #include "to_str.h" +static int +witness_dissect_notifyResponse_message(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +static int +witness_dissect_notifyResponse_message_(tvbuff_t *tvb, int offset, int length _U_, packet_info *pinfo, + proto_tree *tree, dcerpc_info *di, guint8 *drep _U_) +{ + guint32 *type = (guint32 *)di->private_data; + guint8 le_drep[4] = { DREP_LITTLE_ENDIAN, }; + return witness_dissect_notifyResponse_message(tvb, offset, pinfo, tree, di, le_drep, + hf_witness_witness_notifyResponse_messages_, *type); +} +static int +witness_dissect_element_notifyResponse_messages(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info *di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_ucarray_block(tvb, offset, pinfo, tree, di, drep, + witness_dissect_notifyResponse_message_); + return offset; +} +int +witness_dissect_struct_notifyResponse(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + guint32 *type = NULL; + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + ALIGN_TO_4_BYTES; + ALIGN_TO_4_BYTES; + old_offset = offset; + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_witness_witness_notifyResponse); + } + type = wmem_new0(wmem_packet_scope(), guint32); + offset = witness_dissect_element_notifyResponse_type(tvb, offset, pinfo, tree, di, drep, type); + offset = witness_dissect_element_notifyResponse_length(tvb, offset, pinfo, tree, di, drep); + offset = witness_dissect_element_notifyResponse_num(tvb, offset, pinfo, tree, di, drep); + di->private_data = type; + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, + witness_dissect_element_notifyResponse_messages, + NDR_POINTER_UNIQUE, "Pointer to Message Buffer (uint8)", + hf_witness_witness_notifyResponse_messages); + proto_item_set_len(item, offset-old_offset); + if (di->call_data->flags & DCERPC_IS_NDR64) { + ALIGN_TO_4_BYTES; + } + return offset; +} +static int +witness_dissect_element_IPaddrInfoList_addr(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_IPaddrInfo(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_IPaddrInfoList_addr,0); + return offset; +} +int +witness_dissect_struct_IPaddrInfoList(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + gboolean oldalign = di->no_align; + int old_offset; + guint32 i, num; + di->no_align = TRUE; + old_offset = offset; + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_witness_witness_IPaddrInfoList); + } + offset = witness_dissect_element_IPaddrInfoList_length(tvb, offset, pinfo, tree, di, drep); + offset = witness_dissect_element_IPaddrInfoList_reserved(tvb, offset, pinfo, tree, di, drep); + num = tvb_get_letohl(tvb, offset); + offset = witness_dissect_element_IPaddrInfoList_num(tvb, offset, pinfo, tree, di, drep); + for (i = 0; i < num; i++) { + offset = witness_dissect_element_IPaddrInfoList_addr(tvb, offset, pinfo, tree, di, drep); + } + proto_item_set_len(item, offset-old_offset); + di->no_align = oldalign; + return offset; +} +static int +witness_dissect_element_interfaceInfo_group_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *parent_tree, dcerpc_info *di _U_, guint8 *drep _U_) +{ + const gchar *str; + int len = 260; + guint16 bc = tvb_captured_length_remaining(tvb, offset); + str = get_unicode_or_ascii_string(tvb, &offset, TRUE, &len, TRUE, TRUE, &bc); + if (str) { + proto_item *pi; + pi = proto_tree_add_string(parent_tree, hf_witness_witness_interfaceInfo_group_name, tvb, offset, 2*260, str); + proto_item_append_text(pi, " [%d]", len); + proto_item_append_text(parent_tree, ": %s", str); + } else { + } + return offset + 2*260; +} +static int +PIDL_dissect_ipv4address(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep _U_, int hfindex, guint32 param) +{ + if (di->conformant_run) { + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + if (!di->no_align && (offset % 4)) { + offset += 4 - (offset % 4); + } + proto_tree_add_item(tree, hfindex, tvb, offset, 4, ENC_BIG_ENDIAN); + if (param & PIDL_SET_COL_INFO) { + const char *ip = tvb_ip_to_str(tvb, offset); + header_field_info *hf_info = proto_registrar_get_nth(hfindex); + proto_item_append_text(proto_tree_get_parent(tree), " %s:%s", hf_info->name, ip); + col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, ip); + } + return offset + 4; +} +static int +PIDL_dissect_ipv6address(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep _U_, int hfindex, guint32 param) +{ + if (di->conformant_run) { + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + if (!di->no_align && (offset % 2)) { + offset += 2 - (offset % 2); + } + proto_tree_add_item(tree, hfindex, tvb, offset, 16, ENC_BIG_ENDIAN); + if (param & PIDL_SET_COL_INFO) { + const char *ip = tvb_ip6_to_str(tvb, offset); + header_field_info *hf_info = proto_registrar_get_nth(hfindex); + proto_item_append_text(proto_tree_get_parent(tree), " %s:%s", hf_info->name, ip); + col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, ip); + } + return offset + 16; +} + + +/* IDL: enum { */ +/* IDL: WITNESS_V1=0x00010001, */ +/* IDL: WITNESS_V2=0x00020000, */ +/* IDL: WITNESS_UNSPECIFIED_VERSION=0xFFFFFFFF, */ +/* IDL: } */ + +int +witness_dissect_enum_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_) +{ + guint32 parameter=0; + if (param) { + parameter = *param; + } + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_index, ¶meter); + if (param) { + *param = parameter; + } + return offset; +} + + +/* IDL: enum { */ +/* IDL: WITNESS_STATE_UNKNOWN=0x00, */ +/* IDL: WITNESS_STATE_AVAILABLE=0x01, */ +/* IDL: WITNESS_STATE_UNAVAILABLE=0xff, */ +/* IDL: } */ + +int +witness_dissect_enum_interfaceInfo_state(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint16 *param _U_) +{ + guint16 parameter=0; + if (param) { + parameter = *param; + } + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, di, drep, hf_index, ¶meter); + if (param) { + *param = parameter; + } + return offset; +} + + +/* IDL: bitmap { */ +/* IDL: WITNESS_INFO_IPv4_VALID = 0x01 , */ +/* IDL: WITNESS_INFO_IPv6_VALID = 0x02 , */ +/* IDL: WITNESS_INFO_WITNESS_IF = 0x04 , */ +/* IDL: } */ + +int +witness_dissect_bitmap_interfaceInfo_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + + guint32 flags; + ALIGN_TO_4_BYTES; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, 4, DREP_ENC_INTEGER(drep)); + tree = proto_item_add_subtree(item,ett_witness_witness_interfaceInfo_flags); + } + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, -1, &flags); + proto_item_append_text(item, ": "); + + if (!flags) + proto_item_append_text(item, "(No values set)"); + + proto_tree_add_boolean(tree, hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_IPv4_VALID, tvb, offset-4, 4, flags); + if (flags&( 0x01 )){ + proto_item_append_text(item, "WITNESS_INFO_IPv4_VALID"); + if (flags & (~( 0x01 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x01 )); + + proto_tree_add_boolean(tree, hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_IPv6_VALID, tvb, offset-4, 4, flags); + if (flags&( 0x02 )){ + proto_item_append_text(item, "WITNESS_INFO_IPv6_VALID"); + if (flags & (~( 0x02 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x02 )); + + proto_tree_add_boolean(tree, hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_WITNESS_IF, tvb, offset-4, 4, flags); + if (flags&( 0x04 )){ + proto_item_append_text(item, "WITNESS_INFO_WITNESS_IF"); + if (flags & (~( 0x04 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x04 )); + + if (flags) { + proto_item_append_text(item, "Unknown bitmap value 0x%x", flags); + } + + return offset; +} + + +/* IDL: struct { */ +/* IDL: [charset(UTF16)] [to_null(1)] uint16 group_name[260]; */ +/* IDL: witness_version version; */ +/* IDL: witness_interfaceInfo_state state; */ +/* IDL: [flag(LIBNDR_FLAG_BIGENDIAN)] ipv4address ipv4; */ +/* IDL: [flag(LIBNDR_FLAG_BIGENDIAN)] ipv6address ipv6; */ +/* IDL: witness_interfaceInfo_flags flags; */ +/* IDL: } */ + +static int +witness_dissect_element_interfaceInfo_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_enum_version(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_interfaceInfo_version, 0); + + return offset; +} + +static int +witness_dissect_element_interfaceInfo_state(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_enum_interfaceInfo_state(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_interfaceInfo_state, 0); + + return offset; +} + +static int +witness_dissect_element_interfaceInfo_ipv4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset=PIDL_dissect_ipv4address(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_interfaceInfo_ipv4, PIDL_SET_COL_INFO); + + return offset; +} + +static int +witness_dissect_element_interfaceInfo_ipv6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset=PIDL_dissect_ipv6address(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_interfaceInfo_ipv6, PIDL_SET_COL_INFO); + + return offset; +} + +static int +witness_dissect_element_interfaceInfo_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_bitmap_interfaceInfo_flags(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_interfaceInfo_flags, 0); + + return offset; +} + +int +witness_dissect_struct_interfaceInfo(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_witness_witness_interfaceInfo); + } + + offset = witness_dissect_element_interfaceInfo_group_name(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_interfaceInfo_version(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_interfaceInfo_state(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_interfaceInfo_ipv4(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_interfaceInfo_ipv6(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_interfaceInfo_flags(tvb, offset, pinfo, tree, di, drep); + + + proto_item_set_len(item, offset-old_offset); + + + if (di->call_data->flags & DCERPC_IS_NDR64) { + ALIGN_TO_4_BYTES; + } + + return offset; +} + + +/* IDL: struct { */ +/* IDL: uint32 num_interfaces; */ +/* IDL: [size_is(num_interfaces)] [unique(1)] witness_interfaceInfo *interfaces; */ +/* IDL: } */ + +static int +witness_dissect_element_interfaceList_num_interfaces(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_interfaceList_num_interfaces, 0); + + return offset; +} + +static int +witness_dissect_element_interfaceList_interfaces(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_interfaceList_interfaces_, NDR_POINTER_UNIQUE, "Pointer to Interfaces (witness_interfaceInfo)",hf_witness_witness_interfaceList_interfaces); + + return offset; +} + +static int +witness_dissect_element_interfaceList_interfaces_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_interfaceList_interfaces__); + + return offset; +} + +static int +witness_dissect_element_interfaceList_interfaces__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_interfaceInfo(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_interfaceList_interfaces,0); + + return offset; +} + +int +witness_dissect_struct_interfaceList(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_5_BYTES; + + ALIGN_TO_5_BYTES; + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_witness_witness_interfaceList); + } + + offset = witness_dissect_element_interfaceList_num_interfaces(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_interfaceList_interfaces(tvb, offset, pinfo, tree, di, drep); + + + proto_item_set_len(item, offset-old_offset); + + + if (di->call_data->flags & DCERPC_IS_NDR64) { + ALIGN_TO_5_BYTES; + } + + return offset; +} + + +/* IDL: enum { */ +/* IDL: WITNESS_NOTIFY_RESOURCE_CHANGE=1, */ +/* IDL: WITNESS_NOTIFY_CLIENT_MOVE=2, */ +/* IDL: WITNESS_NOTIFY_SHARE_MOVE=3, */ +/* IDL: WITNESS_NOTIFY_IP_CHANGE=4, */ +/* IDL: } */ + +int +witness_dissect_enum_notifyResponse_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_) +{ + guint32 parameter=0; + if (param) { + parameter = *param; + } + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_index, ¶meter); + if (param) { + *param = parameter; + } + return offset; +} + + +/* IDL: enum { */ +/* IDL: WITNESS_RESOURCE_STATE_UNKNOWN=0x00, */ +/* IDL: WITNESS_RESOURCE_STATE_AVAILABLE=0x01, */ +/* IDL: WITNESS_RESOURCE_STATE_UNAVAILABLE=0xff, */ +/* IDL: } */ + +int +witness_dissect_enum_ResourceChange_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_) +{ + guint32 parameter=0; + if (param) { + parameter = *param; + } + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_index, ¶meter); + if (param) { + *param = parameter; + } + return offset; +} + + +/* IDL: struct { */ +/* IDL: [value(ndr_size_witness_ResourceChange(r,ndr->flags))] uint32 length; */ +/* IDL: witness_ResourceChange_type type; */ +/* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string name; */ +/* IDL: } */ + +static int +witness_dissect_element_ResourceChange_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_ResourceChange_length, 0); + + return offset; +} + +static int +witness_dissect_element_ResourceChange_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_enum_ResourceChange_type(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_ResourceChange_type, 0); + + return offset; +} + +static int +witness_dissect_element_ResourceChange_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_null_term_wstring(tvb, offset, pinfo, tree, drep, hf_witness_witness_ResourceChange_name , 0); + + return offset; +} + +int +witness_dissect_struct_ResourceChange(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + gboolean oldalign = di->no_align; + int old_offset; + + + di->no_align = TRUE; + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_witness_witness_ResourceChange); + } + + offset = witness_dissect_element_ResourceChange_length(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_ResourceChange_type(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_ResourceChange_name(tvb, offset, pinfo, tree, di, drep); + + + proto_item_set_len(item, offset-old_offset); + + + di->no_align = oldalign; + + return offset; +} + + +/* IDL: bitmap { */ +/* IDL: WITNESS_IPADDR_V4 = 0x01 , */ +/* IDL: WITNESS_IPADDR_V6 = 0x02 , */ +/* IDL: WITNESS_IPADDR_ONLINE = 0x08 , */ +/* IDL: WITNESS_IPADDR_OFFLINE = 0x10 , */ +/* IDL: } */ + +int +witness_dissect_bitmap_IPaddrInfo_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + + guint32 flags; + ALIGN_TO_4_BYTES; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, 4, DREP_ENC_INTEGER(drep)); + tree = proto_item_add_subtree(item,ett_witness_witness_IPaddrInfo_flags); + } + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, -1, &flags); + proto_item_append_text(item, ": "); + + if (!flags) + proto_item_append_text(item, "(No values set)"); + + proto_tree_add_boolean(tree, hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_V4, tvb, offset-4, 4, flags); + if (flags&( 0x01 )){ + proto_item_append_text(item, "WITNESS_IPADDR_V4"); + if (flags & (~( 0x01 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x01 )); + + proto_tree_add_boolean(tree, hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_V6, tvb, offset-4, 4, flags); + if (flags&( 0x02 )){ + proto_item_append_text(item, "WITNESS_IPADDR_V6"); + if (flags & (~( 0x02 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x02 )); + + proto_tree_add_boolean(tree, hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_ONLINE, tvb, offset-4, 4, flags); + if (flags&( 0x08 )){ + proto_item_append_text(item, "WITNESS_IPADDR_ONLINE"); + if (flags & (~( 0x08 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x08 )); + + proto_tree_add_boolean(tree, hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_OFFLINE, tvb, offset-4, 4, flags); + if (flags&( 0x10 )){ + proto_item_append_text(item, "WITNESS_IPADDR_OFFLINE"); + if (flags & (~( 0x10 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x10 )); + + if (flags) { + proto_item_append_text(item, "Unknown bitmap value 0x%x", flags); + } + + return offset; +} + + +/* IDL: struct { */ +/* IDL: witness_IPaddrInfo_flags flags; */ +/* IDL: ipv4address ipv4; */ +/* IDL: ipv6address ipv6; */ +/* IDL: } */ + +static int +witness_dissect_element_IPaddrInfo_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_bitmap_IPaddrInfo_flags(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_IPaddrInfo_flags, 0); + + return offset; +} + +static int +witness_dissect_element_IPaddrInfo_ipv4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset=PIDL_dissect_ipv4address(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_IPaddrInfo_ipv4, PIDL_SET_COL_INFO); + + return offset; +} + +static int +witness_dissect_element_IPaddrInfo_ipv6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset=PIDL_dissect_ipv6address(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_IPaddrInfo_ipv6, PIDL_SET_COL_INFO); + + return offset; +} + +int +witness_dissect_struct_IPaddrInfo(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + gboolean oldalign = di->no_align; + int old_offset; + + + di->no_align = TRUE; + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_witness_witness_IPaddrInfo); + } + + offset = witness_dissect_element_IPaddrInfo_flags(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_IPaddrInfo_ipv4(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_IPaddrInfo_ipv6(tvb, offset, pinfo, tree, di, drep); + + + proto_item_set_len(item, offset-old_offset); + + + di->no_align = oldalign; + + return offset; +} + + +/* IDL: struct { */ +/* IDL: [value(r->num*ndr_size_witness_IPaddrInfo(r->addr,ndr->flags))] uint32 length; */ +/* IDL: [value(0)] uint32 reserved; */ +/* IDL: uint32 num; */ +/* IDL: witness_IPaddrInfo addr[num]; */ +/* IDL: } */ + +static int +witness_dissect_element_IPaddrInfoList_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_IPaddrInfoList_length, 0); + + return offset; +} + +static int +witness_dissect_element_IPaddrInfoList_reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_IPaddrInfoList_reserved, 0); + + return offset; +} + +static int +witness_dissect_element_IPaddrInfoList_num(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_IPaddrInfoList_num, 0); + + return offset; +} + + +/* IDL: [flag(LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_LITTLE_ENDIAN)] [nodiscriminant(1)] [public(1)] [switch_type(witness_notifyResponse_type)] union { */ +/* IDL: [case(WITNESS_NOTIFY_RESOURCE_CHANGE)] [case(WITNESS_NOTIFY_RESOURCE_CHANGE)] witness_ResourceChange resource_change; */ +/* IDL: [case(WITNESS_NOTIFY_CLIENT_MOVE)] [case(WITNESS_NOTIFY_CLIENT_MOVE)] witness_IPaddrInfoList client_move; */ +/* IDL: [case(WITNESS_NOTIFY_SHARE_MOVE)] [case(WITNESS_NOTIFY_SHARE_MOVE)] witness_IPaddrInfoList share_move; */ +/* IDL: [case(WITNESS_NOTIFY_IP_CHANGE)] [case(WITNESS_NOTIFY_IP_CHANGE)] witness_IPaddrInfoList ip_change; */ +/* IDL: [default] ; */ +/* IDL: } */ + +static int +witness_dissect_element_notifyResponse_message_resource_change(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_ResourceChange(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_notifyResponse_message_resource_change,0); + + return offset; +} + +static int +witness_dissect_element_notifyResponse_message_client_move(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_IPaddrInfoList(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_notifyResponse_message_client_move,0); + + return offset; +} + +static int +witness_dissect_element_notifyResponse_message_share_move(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_IPaddrInfoList(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_notifyResponse_message_share_move,0); + + return offset; +} + +static int +witness_dissect_element_notifyResponse_message_ip_change(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_IPaddrInfoList(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_notifyResponse_message_ip_change,0); + + return offset; +} + +static int +witness_dissect_element_notifyResponse_message_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_datablob(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_notifyResponse_message_data, 1); + + return offset; +} + +static int +witness_dissect_notifyResponse_message(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + guint32 level = param; + + old_offset = offset; + if (parent_tree) { + tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_witness_witness_notifyResponse_message, &item, "witness_notifyResponse_message"); + } + + switch(level) { + case WITNESS_NOTIFY_RESOURCE_CHANGE: + offset = witness_dissect_element_notifyResponse_message_resource_change(tvb, offset, pinfo, tree, di, drep); + break; + + case WITNESS_NOTIFY_CLIENT_MOVE: + offset = witness_dissect_element_notifyResponse_message_client_move(tvb, offset, pinfo, tree, di, drep); + break; + + case WITNESS_NOTIFY_SHARE_MOVE: + offset = witness_dissect_element_notifyResponse_message_share_move(tvb, offset, pinfo, tree, di, drep); + break; + + case WITNESS_NOTIFY_IP_CHANGE: + offset = witness_dissect_element_notifyResponse_message_ip_change(tvb, offset, pinfo, tree, di, drep); + break; + + default: + offset = witness_dissect_element_notifyResponse_message_data(tvb, offset, pinfo, tree, di, drep); + break; + } + proto_item_set_len(item, offset-old_offset); + + + return offset; +} + +/* IDL: struct { */ +/* IDL: witness_notifyResponse_type type; */ +/* IDL: [value(ndr_size_witness_notifyResponse(r,ndr->flags)-20)] uint32 length; */ +/* IDL: uint32 num; */ +/* IDL: [flag(LIBNDR_FLAG_REMAINING)] [subcontext(4)] [subcontext_size(length)] [switch_is(type)] witness_notifyResponse_message messages[num]; */ +/* IDL: } */ + +static int +witness_dissect_element_notifyResponse_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint32 *type) +{ + offset = witness_dissect_enum_notifyResponse_type(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_notifyResponse_type, type); + + return offset; +} + +static int +witness_dissect_element_notifyResponse_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_notifyResponse_length, 0); + + return offset; +} + +static int +witness_dissect_element_notifyResponse_num(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_notifyResponse_num, 0); + + return offset; +} + + +/* IDL: bitmap { */ +/* IDL: WITNESS_REGISTER_NONE = 0x00 , */ +/* IDL: WITNESS_REGISTER_IP_NOTIFICATION = 0x01 , */ +/* IDL: } */ + +int +witness_dissect_bitmap_RegisterEx_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + + guint32 flags; + ALIGN_TO_4_BYTES; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, 4, DREP_ENC_INTEGER(drep)); + tree = proto_item_add_subtree(item,ett_witness_witness_RegisterEx_flags); + } + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, -1, &flags); + proto_item_append_text(item, ": "); + + if (!flags) + proto_item_append_text(item, "(No values set)"); + + proto_tree_add_boolean(tree, hf_witness_witness_RegisterEx_flags_WITNESS_REGISTER_NONE, tvb, offset-4, 4, flags); + if (flags&( 0x00 )){ + proto_item_append_text(item, "WITNESS_REGISTER_NONE"); + if (flags & (~( 0x00 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x00 )); + + proto_tree_add_boolean(tree, hf_witness_witness_RegisterEx_flags_WITNESS_REGISTER_IP_NOTIFICATION, tvb, offset-4, 4, flags); + if (flags&( 0x01 )){ + proto_item_append_text(item, "WITNESS_REGISTER_IP_NOTIFICATION"); + if (flags & (~( 0x01 ))) + proto_item_append_text(item, ", "); + } + flags&=(~( 0x01 )); + + if (flags) { + proto_item_append_text(item, "Unknown bitmap value 0x%x", flags); + } + + return offset; +} + +static int +witness_dissect_element_GetInterfaceList_interface_list(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_GetInterfaceList_interface_list_, NDR_POINTER_REF, "Pointer to Interface List (witness_interfaceList)",hf_witness_witness_GetInterfaceList_interface_list); + + return offset; +} + +static int +witness_dissect_element_GetInterfaceList_interface_list_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_GetInterfaceList_interface_list__, NDR_POINTER_UNIQUE, "Pointer to Interface List (witness_interfaceList)",hf_witness_witness_GetInterfaceList_interface_list); + + return offset; +} + +static int +witness_dissect_element_GetInterfaceList_interface_list__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_interfaceList(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_GetInterfaceList_interface_list,0); + + return offset; +} + +/* IDL: WERROR witness_GetInterfaceList( */ +/* IDL: [out] [ref] witness_interfaceList **interface_list */ +/* IDL: ); */ + +static int +witness_dissect_GetInterfaceList_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + guint32 status; + + di->dcerpc_procedure_name="GetInterfaceList"; + offset = witness_dissect_element_GetInterfaceList_interface_list(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_werror, &status); + + if (status != 0) + col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x")); + + return offset; +} + +static int +witness_dissect_GetInterfaceList_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="GetInterfaceList"; + return offset; +} + +static int +witness_dissect_element_Register_context_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_Register_context_handle_, NDR_POINTER_REF, "Pointer to Context Handle (policy_handle)",hf_witness_witness_Register_context_handle); + + return offset; +} + +static int +witness_dissect_element_Register_context_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_Register_context_handle, 0); + + return offset; +} + +static int +witness_dissect_element_Register_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_enum_version(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_Register_version, 0); + + return offset; +} + +static int +witness_dissect_element_Register_net_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_Register_net_name_, NDR_POINTER_UNIQUE, "Pointer to Net Name (uint16)",hf_witness_witness_Register_net_name); + + return offset; +} + +static int +witness_dissect_element_Register_net_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_witness_witness_Register_net_name, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +witness_dissect_element_Register_ip_address(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_Register_ip_address_, NDR_POINTER_UNIQUE, "Pointer to Ip Address (uint16)",hf_witness_witness_Register_ip_address); + + return offset; +} + +static int +witness_dissect_element_Register_ip_address_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_witness_witness_Register_ip_address, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +witness_dissect_element_Register_client_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_Register_client_computer_name_, NDR_POINTER_UNIQUE, "Pointer to Client Computer Name (uint16)",hf_witness_witness_Register_client_computer_name); + + return offset; +} + +static int +witness_dissect_element_Register_client_computer_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_witness_witness_Register_client_computer_name, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +/* IDL: WERROR witness_Register( */ +/* IDL: [out] [ref] policy_handle *context_handle, */ +/* IDL: [in] witness_version version, */ +/* IDL: [charset(UTF16)] [in] [unique(1)] uint16 *net_name, */ +/* IDL: [charset(UTF16)] [in] [unique(1)] uint16 *ip_address, */ +/* IDL: [charset(UTF16)] [in] [unique(1)] uint16 *client_computer_name */ +/* IDL: ); */ + +static int +witness_dissect_Register_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + guint32 status; + + di->dcerpc_procedure_name="Register"; + offset = witness_dissect_element_Register_context_handle(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_werror, &status); + + if (status != 0) + col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x")); + + return offset; +} + +static int +witness_dissect_Register_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="Register"; + offset = witness_dissect_element_Register_version(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_Register_net_name(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_Register_ip_address(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_Register_client_computer_name(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + return offset; +} + +static int +witness_dissect_element_UnRegister_context_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_UnRegister_context_handle, 0); + + return offset; +} + +/* IDL: WERROR witness_UnRegister( */ +/* IDL: [in] policy_handle context_handle */ +/* IDL: ); */ + +static int +witness_dissect_UnRegister_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + guint32 status; + + di->dcerpc_procedure_name="UnRegister"; + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_werror, &status); + + if (status != 0) + col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x")); + + return offset; +} + +static int +witness_dissect_UnRegister_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="UnRegister"; + offset = witness_dissect_element_UnRegister_context_handle(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + return offset; +} + +static int +witness_dissect_element_AsyncNotify_context_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_AsyncNotify_context_handle, 0); + + return offset; +} + +static int +witness_dissect_element_AsyncNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_AsyncNotify_response_, NDR_POINTER_REF, "Pointer to Response (witness_notifyResponse)",hf_witness_witness_AsyncNotify_response); + + return offset; +} + +static int +witness_dissect_element_AsyncNotify_response_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_AsyncNotify_response__, NDR_POINTER_UNIQUE, "Pointer to Response (witness_notifyResponse)",hf_witness_witness_AsyncNotify_response); + + return offset; +} + +static int +witness_dissect_element_AsyncNotify_response__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_notifyResponse(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_AsyncNotify_response,0); + + return offset; +} + +/* IDL: WERROR witness_AsyncNotify( */ +/* IDL: [in] policy_handle context_handle, */ +/* IDL: [out] [ref] witness_notifyResponse **response */ +/* IDL: ); */ + +static int +witness_dissect_AsyncNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + guint32 status; + + di->dcerpc_procedure_name="AsyncNotify"; + offset = witness_dissect_element_AsyncNotify_response(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_werror, &status); + + if (status != 0) + col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x")); + + return offset; +} + +static int +witness_dissect_AsyncNotify_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="AsyncNotify"; + offset = witness_dissect_element_AsyncNotify_context_handle(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + return offset; +} + +static int +witness_dissect_element_RegisterEx_context_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_RegisterEx_context_handle_, NDR_POINTER_REF, "Pointer to Context Handle (policy_handle)",hf_witness_witness_RegisterEx_context_handle); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_context_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_RegisterEx_context_handle, 0); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_enum_version(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_RegisterEx_version, 0); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_net_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_RegisterEx_net_name_, NDR_POINTER_UNIQUE, "Pointer to Net Name (uint16)",hf_witness_witness_RegisterEx_net_name); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_net_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_witness_witness_RegisterEx_net_name, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_share_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_RegisterEx_share_name_, NDR_POINTER_UNIQUE, "Pointer to Share Name (uint16)",hf_witness_witness_RegisterEx_share_name); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_share_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_witness_witness_RegisterEx_share_name, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_ip_address(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_RegisterEx_ip_address_, NDR_POINTER_UNIQUE, "Pointer to Ip Address (uint16)",hf_witness_witness_RegisterEx_ip_address); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_ip_address_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_witness_witness_RegisterEx_ip_address, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_client_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, witness_dissect_element_RegisterEx_client_computer_name_, NDR_POINTER_UNIQUE, "Pointer to Client Computer Name (uint16)",hf_witness_witness_RegisterEx_client_computer_name); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_client_computer_name_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint16), hf_witness_witness_RegisterEx_client_computer_name, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_bitmap_RegisterEx_flags(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_RegisterEx_flags, 0); + + return offset; +} + +static int +witness_dissect_element_RegisterEx_timeout(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_witness_RegisterEx_timeout, 0); + + return offset; +} + +/* IDL: WERROR witness_RegisterEx( */ +/* IDL: [out] [ref] policy_handle *context_handle, */ +/* IDL: [in] witness_version version, */ +/* IDL: [charset(UTF16)] [in] [unique(1)] uint16 *net_name, */ +/* IDL: [charset(UTF16)] [in] [unique(1)] uint16 *share_name, */ +/* IDL: [charset(UTF16)] [in] [unique(1)] uint16 *ip_address, */ +/* IDL: [charset(UTF16)] [in] [unique(1)] uint16 *client_computer_name, */ +/* IDL: [in] witness_RegisterEx_flags flags, */ +/* IDL: [in] uint32 timeout */ +/* IDL: ); */ + +static int +witness_dissect_RegisterEx_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + guint32 status; + + di->dcerpc_procedure_name="RegisterEx"; + offset = witness_dissect_element_RegisterEx_context_handle(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_witness_werror, &status); + + if (status != 0) + col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, WERR_errors, "Unknown DOS error 0x%08x")); + + return offset; +} + +static int +witness_dissect_RegisterEx_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="RegisterEx"; + offset = witness_dissect_element_RegisterEx_version(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_RegisterEx_net_name(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_RegisterEx_share_name(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_RegisterEx_ip_address(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_RegisterEx_client_computer_name(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_RegisterEx_flags(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = witness_dissect_element_RegisterEx_timeout(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + return offset; +} + + +static dcerpc_sub_dissector witness_dissectors[] = { + { 0, "GetInterfaceList", + witness_dissect_GetInterfaceList_request, witness_dissect_GetInterfaceList_response}, + { 1, "Register", + witness_dissect_Register_request, witness_dissect_Register_response}, + { 2, "UnRegister", + witness_dissect_UnRegister_request, witness_dissect_UnRegister_response}, + { 3, "AsyncNotify", + witness_dissect_AsyncNotify_request, witness_dissect_AsyncNotify_response}, + { 4, "RegisterEx", + witness_dissect_RegisterEx_request, witness_dissect_RegisterEx_response}, + { 0, NULL, NULL, NULL } +}; + +void proto_register_dcerpc_witness(void) +{ + static hf_register_info hf[] = { + { &hf_witness_opnum, + { "Operation", "witness.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_werror, + { "Windows Error", "witness.werror", FT_UINT32, BASE_HEX, VALS(WERR_errors), 0, NULL, HFILL }}, + { &hf_witness_witness_AsyncNotify_context_handle, + { "Context Handle", "witness.witness_AsyncNotify.context_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_AsyncNotify_response, + { "Response", "witness.witness_AsyncNotify.response", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_GetInterfaceList_interface_list, + { "Interface List", "witness.witness_GetInterfaceList.interface_list", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfoList_addr, + { "Addr", "witness.witness_IPaddrInfoList.addr", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfoList_length, + { "Length", "witness.witness_IPaddrInfoList.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfoList_num, + { "Num", "witness.witness_IPaddrInfoList.num", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfoList_reserved, + { "Reserved", "witness.witness_IPaddrInfoList.reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfo_flags, + { "Flags", "witness.witness_IPaddrInfo.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_OFFLINE, + { "Witness Ipaddr Offline", "witness.witness_IPaddrInfo_flags.WITNESS_IPADDR_OFFLINE", FT_BOOLEAN, 32, TFS(&witness_IPaddrInfo_flags_WITNESS_IPADDR_OFFLINE_tfs), ( 0x10 ), NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_ONLINE, + { "Witness Ipaddr Online", "witness.witness_IPaddrInfo_flags.WITNESS_IPADDR_ONLINE", FT_BOOLEAN, 32, TFS(&witness_IPaddrInfo_flags_WITNESS_IPADDR_ONLINE_tfs), ( 0x08 ), NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_V4, + { "Witness Ipaddr V4", "witness.witness_IPaddrInfo_flags.WITNESS_IPADDR_V4", FT_BOOLEAN, 32, TFS(&witness_IPaddrInfo_flags_WITNESS_IPADDR_V4_tfs), ( 0x01 ), NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfo_flags_WITNESS_IPADDR_V6, + { "Witness Ipaddr V6", "witness.witness_IPaddrInfo_flags.WITNESS_IPADDR_V6", FT_BOOLEAN, 32, TFS(&witness_IPaddrInfo_flags_WITNESS_IPADDR_V6_tfs), ( 0x02 ), NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfo_ipv4, + { "Ipv4", "witness.witness_IPaddrInfo.ipv4", FT_IPv4, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_IPaddrInfo_ipv6, + { "Ipv6", "witness.witness_IPaddrInfo.ipv6", FT_IPv6, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_client_computer_name, + { "Client Computer Name", "witness.witness_RegisterEx.client_computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_context_handle, + { "Context Handle", "witness.witness_RegisterEx.context_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_flags, + { "Flags", "witness.witness_RegisterEx.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_flags_WITNESS_REGISTER_IP_NOTIFICATION, + { "Witness Register Ip Notification", "witness.witness_RegisterEx_flags.WITNESS_REGISTER_IP_NOTIFICATION", FT_BOOLEAN, 32, TFS(&witness_RegisterEx_flags_WITNESS_REGISTER_IP_NOTIFICATION_tfs), ( 0x01 ), NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_flags_WITNESS_REGISTER_NONE, + { "Witness Register None", "witness.witness_RegisterEx_flags.WITNESS_REGISTER_NONE", FT_BOOLEAN, 32, TFS(&witness_RegisterEx_flags_WITNESS_REGISTER_NONE_tfs), ( 0x00 ), NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_ip_address, + { "Ip Address", "witness.witness_RegisterEx.ip_address", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_net_name, + { "Net Name", "witness.witness_RegisterEx.net_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_share_name, + { "Share Name", "witness.witness_RegisterEx.share_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_timeout, + { "Timeout", "witness.witness_RegisterEx.timeout", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_RegisterEx_version, + { "Version", "witness.witness_RegisterEx.version", FT_UINT32, BASE_DEC, VALS(witness_witness_version_vals), 0, NULL, HFILL }}, + { &hf_witness_witness_Register_client_computer_name, + { "Client Computer Name", "witness.witness_Register.client_computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_Register_context_handle, + { "Context Handle", "witness.witness_Register.context_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_Register_ip_address, + { "Ip Address", "witness.witness_Register.ip_address", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_Register_net_name, + { "Net Name", "witness.witness_Register.net_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_Register_version, + { "Version", "witness.witness_Register.version", FT_UINT32, BASE_DEC, VALS(witness_witness_version_vals), 0, NULL, HFILL }}, + { &hf_witness_witness_ResourceChange_length, + { "Length", "witness.witness_ResourceChange.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_ResourceChange_name, + { "Name", "witness.witness_ResourceChange.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_ResourceChange_type, + { "Type", "witness.witness_ResourceChange.type", FT_UINT32, BASE_DEC, VALS(witness_witness_ResourceChange_type_vals), 0, NULL, HFILL }}, + { &hf_witness_witness_UnRegister_context_handle, + { "Context Handle", "witness.witness_UnRegister.context_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_flags, + { "Flags", "witness.witness_interfaceInfo.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_IPv4_VALID, + { "Witness Info Ipv4 Valid", "witness.witness_interfaceInfo_flags.WITNESS_INFO_IPv4_VALID", FT_BOOLEAN, 32, TFS(&witness_interfaceInfo_flags_WITNESS_INFO_IPv4_VALID_tfs), ( 0x01 ), NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_IPv6_VALID, + { "Witness Info Ipv6 Valid", "witness.witness_interfaceInfo_flags.WITNESS_INFO_IPv6_VALID", FT_BOOLEAN, 32, TFS(&witness_interfaceInfo_flags_WITNESS_INFO_IPv6_VALID_tfs), ( 0x02 ), NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_flags_WITNESS_INFO_WITNESS_IF, + { "Witness Info Witness If", "witness.witness_interfaceInfo_flags.WITNESS_INFO_WITNESS_IF", FT_BOOLEAN, 32, TFS(&witness_interfaceInfo_flags_WITNESS_INFO_WITNESS_IF_tfs), ( 0x04 ), NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_group_name, + { "Group Name", "witness.witness_interfaceInfo.group_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_ipv4, + { "Ipv4", "witness.witness_interfaceInfo.ipv4", FT_IPv4, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_ipv6, + { "Ipv6", "witness.witness_interfaceInfo.ipv6", FT_IPv6, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_state, + { "State", "witness.witness_interfaceInfo.state", FT_UINT16, BASE_DEC, VALS(witness_witness_interfaceInfo_state_vals), 0, NULL, HFILL }}, + { &hf_witness_witness_interfaceInfo_version, + { "Version", "witness.witness_interfaceInfo.version", FT_UINT32, BASE_DEC, VALS(witness_witness_version_vals), 0, NULL, HFILL }}, + { &hf_witness_witness_interfaceList_interfaces, + { "Interfaces", "witness.witness_interfaceList.interfaces", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_interfaceList_num_interfaces, + { "Num Interfaces", "witness.witness_interfaceList.num_interfaces", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_length, + { "Length", "witness.witness_notifyResponse.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_message_client_move, + { "Client Move", "witness.witness_notifyResponse_message.client_move", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_message_data, + { "Data", "witness.witness_notifyResponse_message.data", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_message_ip_change, + { "Ip Change", "witness.witness_notifyResponse_message.ip_change", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_message_resource_change, + { "Resource Change", "witness.witness_notifyResponse_message.resource_change", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_message_share_move, + { "Share Move", "witness.witness_notifyResponse_message.share_move", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_messages, + { "Messages", "witness.witness_notifyResponse.messages", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_messages_, + { "Messages", "witness.witness_notifyResponse.messages_", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_num, + { "Num", "witness.witness_notifyResponse.num", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_witness_witness_notifyResponse_type, + { "Type", "witness.witness_notifyResponse.type", FT_UINT32, BASE_DEC, VALS(witness_witness_notifyResponse_type_vals), 0, NULL, HFILL }}, + }; + + + static gint *ett[] = { + &ett_dcerpc_witness, + &ett_witness_witness_interfaceInfo_flags, + &ett_witness_witness_interfaceInfo, + &ett_witness_witness_interfaceList, + &ett_witness_witness_ResourceChange, + &ett_witness_witness_IPaddrInfo_flags, + &ett_witness_witness_IPaddrInfo, + &ett_witness_witness_IPaddrInfoList, + &ett_witness_witness_notifyResponse_message, + &ett_witness_witness_notifyResponse, + &ett_witness_witness_RegisterEx_flags, + }; + + proto_dcerpc_witness = proto_register_protocol("SMB Witness Service", "WITNESS", "witness"); + proto_register_field_array(proto_dcerpc_witness, hf, array_length (hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void proto_reg_handoff_dcerpc_witness(void) +{ + dcerpc_init_uuid(proto_dcerpc_witness, ett_dcerpc_witness, + &uuid_dcerpc_witness, ver_dcerpc_witness, + witness_dissectors, hf_witness_opnum); +} diff --git a/epan/dissectors/packet-dcerpc-witness.h b/epan/dissectors/packet-dcerpc-witness.h new file mode 100644 index 0000000000..f2f9e8eed2 --- /dev/null +++ b/epan/dissectors/packet-dcerpc-witness.h @@ -0,0 +1,46 @@ +/* DO NOT EDIT + This file was automatically generated by Pidl + from pidl/witness.idl and pidl/witness.cnf. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Wireshark team. + Instructions on how to download and install Pidl can be + found at https://wiki.wireshark.org/Pidl +*/ + +#include "packet-dcerpc-misc.h" + +#ifndef __PACKET_DCERPC_WITNESS_H +#define __PACKET_DCERPC_WITNESS_H + +#define WITNESS_V1 (0x00010001) +#define WITNESS_V2 (0x00020000) +#define WITNESS_UNSPECIFIED_VERSION (0xFFFFFFFF) +extern const value_string witness_witness_version_vals[]; +int witness_dissect_enum_version(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_); +#define WITNESS_STATE_UNKNOWN (0x00) +#define WITNESS_STATE_AVAILABLE (0x01) +#define WITNESS_STATE_UNAVAILABLE (0xff) +extern const value_string witness_witness_interfaceInfo_state_vals[]; +int witness_dissect_enum_interfaceInfo_state(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint16 *param _U_); +int witness_dissect_bitmap_interfaceInfo_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +int witness_dissect_struct_interfaceInfo(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +int witness_dissect_struct_interfaceList(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +#define WITNESS_NOTIFY_RESOURCE_CHANGE (1) +#define WITNESS_NOTIFY_CLIENT_MOVE (2) +#define WITNESS_NOTIFY_SHARE_MOVE (3) +#define WITNESS_NOTIFY_IP_CHANGE (4) +extern const value_string witness_witness_notifyResponse_type_vals[]; +int witness_dissect_enum_notifyResponse_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_); +#define WITNESS_RESOURCE_STATE_UNKNOWN (0x00) +#define WITNESS_RESOURCE_STATE_AVAILABLE (0x01) +#define WITNESS_RESOURCE_STATE_UNAVAILABLE (0xff) +extern const value_string witness_witness_ResourceChange_type_vals[]; +int witness_dissect_enum_ResourceChange_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_); +int witness_dissect_struct_ResourceChange(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +int witness_dissect_bitmap_IPaddrInfo_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +int witness_dissect_struct_IPaddrInfo(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +int witness_dissect_struct_IPaddrInfoList(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +int witness_dissect_struct_notifyResponse(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +int witness_dissect_bitmap_RegisterEx_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +#endif /* __PACKET_DCERPC_WITNESS_H */ diff --git a/epan/dissectors/pidl/witness.cnf b/epan/dissectors/pidl/witness.cnf new file mode 100644 index 0000000000..a934e424e7 --- /dev/null +++ b/epan/dissectors/pidl/witness.cnf @@ -0,0 +1,203 @@ +MANUAL witness_dissect_element_interfaceInfo_group_name +NOEMIT witness_dissect_element_interfaceInfo_group_name +MANUAL witness_dissect_struct_notifyResponse +MANUAL witness_dissect_element_notifyResponse_messages +NOEMIT witness_dissect_element_notifyResponse_messages +MANUAL witness_dissect_struct_IPaddrInfoList +NOEMIT witness_dissect_struct_IPaddrInfoList +NOEMIT witness_dissect_element_IPaddrInfoList_addr + +HF_FIELD hf_witness_witness_notifyResponse_messages_ "Messages" "witness.witness_notifyResponse.messages_" FT_NONE BASE_NONE NULL 0 "" "" "" + +TYPE ipv4address "offset=PIDL_dissect_ipv4address(tvb, offset, pinfo, tree, di, drep, @HF@, PIDL_SET_COL_INFO);" FT_IPv4 BASE_NONE 0 NULL 4 + +TYPE ipv6address "offset=PIDL_dissect_ipv6address(tvb, offset, pinfo, tree, di, drep, @HF@, PIDL_SET_COL_INFO);" FT_IPv6 BASE_NONE 0 NULL 2 + +CODE START + + #include "packet-smb-common.h" + #include "to_str.h" + +static int +witness_dissect_notifyResponse_message(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); + +static int +witness_dissect_notifyResponse_message_(tvbuff_t *tvb, int offset, int length _U_, packet_info *pinfo, + proto_tree *tree, dcerpc_info *di, guint8 *drep _U_) +{ + guint32 *type = (guint32 *)di->private_data; + guint8 le_drep[4] = { DREP_LITTLE_ENDIAN, }; + return witness_dissect_notifyResponse_message(tvb, offset, pinfo, tree, di, le_drep, + hf_witness_witness_notifyResponse_messages_, *type); +} + +static int +witness_dissect_element_notifyResponse_messages(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info *di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_ucarray_block(tvb, offset, pinfo, tree, di, drep, + witness_dissect_notifyResponse_message_); + return offset; +} + +int +witness_dissect_struct_notifyResponse(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + guint32 *type = NULL; + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_witness_witness_notifyResponse); + } + + type = wmem_new0(wmem_packet_scope(), guint32); + + offset = witness_dissect_element_notifyResponse_type(tvb, offset, pinfo, tree, di, drep, type); + + offset = witness_dissect_element_notifyResponse_length(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_notifyResponse_num(tvb, offset, pinfo, tree, di, drep); + + di->private_data = type; + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep, + witness_dissect_element_notifyResponse_messages, + NDR_POINTER_UNIQUE, "Pointer to Message Buffer (uint8)", + hf_witness_witness_notifyResponse_messages); + + proto_item_set_len(item, offset-old_offset); + + if (di->call_data->flags & DCERPC_IS_NDR64) { + ALIGN_TO_4_BYTES; + } + + return offset; +} + +static int +witness_dissect_element_IPaddrInfoList_addr(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = witness_dissect_struct_IPaddrInfo(tvb,offset,pinfo,tree,di,drep,hf_witness_witness_IPaddrInfoList_addr,0); + + return offset; +} + +int +witness_dissect_struct_IPaddrInfoList(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + gboolean oldalign = di->no_align; + int old_offset; + guint32 i, num; + + di->no_align = TRUE; + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_witness_witness_IPaddrInfoList); + } + + offset = witness_dissect_element_IPaddrInfoList_length(tvb, offset, pinfo, tree, di, drep); + + offset = witness_dissect_element_IPaddrInfoList_reserved(tvb, offset, pinfo, tree, di, drep); + + num = tvb_get_letohl(tvb, offset); + + offset = witness_dissect_element_IPaddrInfoList_num(tvb, offset, pinfo, tree, di, drep); + + for (i = 0; i < num; i++) { + offset = witness_dissect_element_IPaddrInfoList_addr(tvb, offset, pinfo, tree, di, drep); + } + + proto_item_set_len(item, offset-old_offset); + + di->no_align = oldalign; + + return offset; +} + +static int +witness_dissect_element_interfaceInfo_group_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *parent_tree, dcerpc_info *di _U_, guint8 *drep _U_) +{ + const gchar *str; + int len = 260; + guint16 bc = tvb_captured_length_remaining(tvb, offset); + + str = get_unicode_or_ascii_string(tvb, &offset, TRUE, &len, TRUE, TRUE, &bc); + + if (str) { + proto_item *pi; + pi = proto_tree_add_string(parent_tree, hf_witness_witness_interfaceInfo_group_name, tvb, offset, 2*260, str); + proto_item_append_text(pi, " [%d]", len); + proto_item_append_text(parent_tree, ": %s", str); + + } else { + } + + return offset + 2*260; +} + +static int +PIDL_dissect_ipv4address(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep _U_, int hfindex, guint32 param) +{ + if (di->conformant_run) { + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + + + if (!di->no_align && (offset % 4)) { + offset += 4 - (offset % 4); + } + + proto_tree_add_item(tree, hfindex, tvb, offset, 4, ENC_BIG_ENDIAN); + + if (param & PIDL_SET_COL_INFO) { + const char *ip = tvb_ip_to_str(tvb, offset); + header_field_info *hf_info = proto_registrar_get_nth(hfindex); + + proto_item_append_text(proto_tree_get_parent(tree), " %s:%s", hf_info->name, ip); + + col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, ip); + } + return offset + 4; +} + +static int +PIDL_dissect_ipv6address(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep _U_, int hfindex, guint32 param) +{ + if (di->conformant_run) { + /* just a run to handle conformant arrays, no scalars to dissect */ + return offset; + } + + + if (!di->no_align && (offset % 2)) { + offset += 2 - (offset % 2); + } + + proto_tree_add_item(tree, hfindex, tvb, offset, 16, ENC_BIG_ENDIAN); + + if (param & PIDL_SET_COL_INFO) { + const char *ip = tvb_ip6_to_str(tvb, offset); + header_field_info *hf_info = proto_registrar_get_nth(hfindex); + + proto_item_append_text(proto_tree_get_parent(tree), " %s:%s", hf_info->name, ip); + + col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, ip); + } + + return offset + 16; +} + +CODE END diff --git a/epan/dissectors/pidl/witness.idl b/epan/dissectors/pidl/witness.idl new file mode 100644 index 0000000000..febae2524a --- /dev/null +++ b/epan/dissectors/pidl/witness.idl @@ -0,0 +1,152 @@ +#include "idl_types.h" + +import "misc.idl"; + +[ + uuid("ccd8c074-d0e5-4a40-92b4-d074faa6ba28"), + version(1.1), + pointer_default(unique), + helpstring("SMB Witness Service"), + helper("../librpc/ndr/ndr_witness.h"), + endpoint("ncacn_ip_tcp:") +] +interface witness +{ + typedef [v1_enum] enum { + WITNESS_V1 = 0x00010001, + WITNESS_V2 = 0x00020000, + WITNESS_UNSPECIFIED_VERSION = 0xFFFFFFFF + } witness_version; + + /*****************/ + /* Function 0x00 */ + + typedef [enum16bit] enum { + WITNESS_STATE_UNKNOWN = 0x00, + WITNESS_STATE_AVAILABLE = 0x01, + WITNESS_STATE_UNAVAILABLE = 0xff + } witness_interfaceInfo_state; + + typedef [bitmap32bit] bitmap { + WITNESS_INFO_IPv4_VALID = 0x01, + WITNESS_INFO_IPv6_VALID = 0x02, + WITNESS_INFO_WITNESS_IF = 0x04 + } witness_interfaceInfo_flags; + + typedef struct { + [charset(UTF16),to_null] uint16 group_name[260]; + witness_version version; + witness_interfaceInfo_state state; + [flag(NDR_BIG_ENDIAN)] ipv4address ipv4; + [flag(NDR_BIG_ENDIAN)] ipv6address ipv6; + witness_interfaceInfo_flags flags; + } witness_interfaceInfo; + + typedef struct { + uint32 num_interfaces; + [size_is(num_interfaces)] witness_interfaceInfo *interfaces; + } witness_interfaceList; + + [public] WERROR witness_GetInterfaceList( + [out] witness_interfaceList **interface_list + ); + + /*****************/ + /* Function 0x01 */ + + [public] WERROR witness_Register( + [out,ref] policy_handle *context_handle, + [in] witness_version version, + [in,unique,string,charset(UTF16)] uint16 *net_name, + [in,unique,string,charset(UTF16)] uint16 *ip_address, + [in,unique,string,charset(UTF16)] uint16 *client_computer_name + ); + + /*****************/ + /* Function 0x02 */ + + [public] WERROR witness_UnRegister( + [in] policy_handle context_handle + ); + + /*****************/ + /* Function 0x03 */ + + typedef [v1_enum,public] enum { + WITNESS_NOTIFY_RESOURCE_CHANGE = 1, + WITNESS_NOTIFY_CLIENT_MOVE = 2, + WITNESS_NOTIFY_SHARE_MOVE = 3, + WITNESS_NOTIFY_IP_CHANGE = 4 + } witness_notifyResponse_type; + + typedef [v1_enum] enum { + WITNESS_RESOURCE_STATE_UNKNOWN = 0x00, + WITNESS_RESOURCE_STATE_AVAILABLE = 0x01, + WITNESS_RESOURCE_STATE_UNAVAILABLE = 0xff + } witness_ResourceChange_type; + + typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN),gensize,public] struct { + [value(ndr_size_witness_ResourceChange(r,ndr->flags))] uint32 length; + witness_ResourceChange_type type; + nstring name; + } witness_ResourceChange; + + typedef [bitmap32bit] bitmap { + WITNESS_IPADDR_V4 = 0x01, + WITNESS_IPADDR_V6 = 0x02, + WITNESS_IPADDR_ONLINE = 0x08, + WITNESS_IPADDR_OFFLINE = 0x10 + } witness_IPaddrInfo_flags; + + typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN),gensize] struct { + witness_IPaddrInfo_flags flags; + ipv4address ipv4; + ipv6address ipv6; + } witness_IPaddrInfo; + + typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN)] struct { + [value(r->num*ndr_size_witness_IPaddrInfo(r->addr, ndr->flags))] uint32 length; + [value(0)] uint32 reserved; + uint32 num; + witness_IPaddrInfo addr[num]; + } witness_IPaddrInfoList; + + typedef [public,switch_type(witness_notifyResponse_type),nodiscriminant, flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN)] union { + [case(WITNESS_NOTIFY_RESOURCE_CHANGE)] witness_ResourceChange resource_change; + [case(WITNESS_NOTIFY_CLIENT_MOVE)] witness_IPaddrInfoList client_move; + [case(WITNESS_NOTIFY_SHARE_MOVE)] witness_IPaddrInfoList share_move; + [case(WITNESS_NOTIFY_IP_CHANGE)] witness_IPaddrInfoList ip_change; + [default,flag(NDR_REMAINING)] DATA_BLOB data; + } witness_notifyResponse_message; + + typedef [flag(NDR_PAHEX),gensize,public,nopush,nopull] struct { + witness_notifyResponse_type type; + [value(ndr_size_witness_notifyResponse(r, ndr->flags)-20)] uint32 length; + uint32 num; + [subcontext(4), subcontext_size(length), flag(NDR_REMAINING), switch_is(type)] witness_notifyResponse_message messages[num]; + } witness_notifyResponse; + + [public] WERROR witness_AsyncNotify( + [in] policy_handle context_handle, + [out] witness_notifyResponse **response + ); + + /*****************/ + /* Function 0x04 */ + + typedef [bitmap32bit] bitmap { + WITNESS_REGISTER_NONE = 0x00, + WITNESS_REGISTER_IP_NOTIFICATION = 0x01 + } witness_RegisterEx_flags; + + WERROR witness_RegisterEx( + [out,ref] policy_handle *context_handle, + [in] witness_version version, + [in,unique,string,charset(UTF16)] uint16 *net_name, + [in,unique,string,charset(UTF16)] uint16 *share_name, + [in,unique,string,charset(UTF16)] uint16 *ip_address, + [in,unique,string,charset(UTF16)] uint16 *client_computer_name, + [in] witness_RegisterEx_flags flags, + [in] uint32 timeout + ); +} |