aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-dcerpc.c
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/packet-dcerpc.c')
-rw-r--r--epan/dissectors/packet-dcerpc.c576
1 files changed, 309 insertions, 267 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index 862cb2dd77..5785987549 100644
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -26,7 +26,8 @@
#include "config.h"
-#include <stdio.h>
+#include <guid-utils.h>
+#include <stdio.h> /* for sscanf() */
#include <epan/packet.h>
#include <epan/exceptions.h>
#include <epan/prefs.h>
@@ -47,7 +48,9 @@
void proto_register_dcerpc(void);
void proto_reg_handoff_dcerpc(void);
-static int dcerpc_tap = -1;
+static dissector_handle_t dcerpc_tcp_handle;
+
+static int dcerpc_tap;
/* 32bit Network Data Representation, see DCE/RPC Appendix I */
static e_guid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9,
@@ -426,169 +429,169 @@ static const value_string rts_forward_destination_vals[] = {
#define DCE_CN_TRANSPORT_SMBPIPE 1
-static int proto_dcerpc = -1;
+static int proto_dcerpc;
/* field defines */
-static int hf_dcerpc_request_in = -1;
-static int hf_dcerpc_time = -1;
-static int hf_dcerpc_response_in = -1;
-static int hf_dcerpc_ver = -1;
-static int hf_dcerpc_ver_minor = -1;
-static int hf_dcerpc_packet_type = -1;
-static int hf_dcerpc_cn_flags = -1;
-static int hf_dcerpc_cn_flags_first_frag = -1;
-static int hf_dcerpc_cn_flags_last_frag = -1;
-static int hf_dcerpc_cn_flags_cancel_pending = -1;
-static int hf_dcerpc_cn_flags_reserved = -1;
-static int hf_dcerpc_cn_flags_mpx = -1;
-static int hf_dcerpc_cn_flags_dne = -1;
-static int hf_dcerpc_cn_flags_maybe = -1;
-static int hf_dcerpc_cn_flags_object = -1;
-static int hf_dcerpc_drep = -1;
- int hf_dcerpc_drep_byteorder = -1;
- int hf_dcerpc_ndr_padding = -1;
-static int hf_dcerpc_drep_character = -1;
-static int hf_dcerpc_drep_fp = -1;
-static int hf_dcerpc_cn_frag_len = -1;
-static int hf_dcerpc_cn_auth_len = -1;
-static int hf_dcerpc_cn_call_id = -1;
-static int hf_dcerpc_cn_max_xmit = -1;
-static int hf_dcerpc_cn_max_recv = -1;
-static int hf_dcerpc_cn_assoc_group = -1;
-static int hf_dcerpc_cn_num_ctx_items = -1;
-static int hf_dcerpc_cn_ctx_item = -1;
-static int hf_dcerpc_cn_ctx_id = -1;
-static int hf_dcerpc_cn_num_trans_items = -1;
-static int hf_dcerpc_cn_bind_abstract_syntax = -1;
-static int hf_dcerpc_cn_bind_if_id = -1;
-static int hf_dcerpc_cn_bind_if_ver = -1;
-static int hf_dcerpc_cn_bind_if_ver_minor = -1;
-static int hf_dcerpc_cn_bind_trans_syntax = -1;
-static int hf_dcerpc_cn_bind_trans_id = -1;
-static int hf_dcerpc_cn_bind_trans_ver = -1;
-static int hf_dcerpc_cn_bind_trans_btfn = -1;
-static int hf_dcerpc_cn_bind_trans_btfn_01 = -1;
-static int hf_dcerpc_cn_bind_trans_btfn_02 = -1;
-static int hf_dcerpc_cn_alloc_hint = -1;
-static int hf_dcerpc_cn_sec_addr_len = -1;
-static int hf_dcerpc_cn_sec_addr = -1;
-static int hf_dcerpc_cn_num_results = -1;
-static int hf_dcerpc_cn_ack_result = -1;
-static int hf_dcerpc_cn_ack_reason = -1;
-static int hf_dcerpc_cn_ack_trans_id = -1;
-static int hf_dcerpc_cn_ack_trans_ver = -1;
-static int hf_dcerpc_cn_reject_reason = -1;
-static int hf_dcerpc_cn_num_protocols = -1;
-static int hf_dcerpc_cn_protocol_ver_major = -1;
-static int hf_dcerpc_cn_protocol_ver_minor = -1;
-static int hf_dcerpc_cn_cancel_count = -1;
-static int hf_dcerpc_cn_fault_flags = -1;
-static int hf_dcerpc_cn_fault_flags_extended_error_info = -1;
-static int hf_dcerpc_cn_status = -1;
-static int hf_dcerpc_cn_deseg_req = -1;
-static int hf_dcerpc_cn_rts_flags = -1;
-static int hf_dcerpc_cn_rts_flags_ping = -1;
-static int hf_dcerpc_cn_rts_flags_other_cmd = -1;
-static int hf_dcerpc_cn_rts_flags_recycle_channel = -1;
-static int hf_dcerpc_cn_rts_flags_in_channel = -1;
-static int hf_dcerpc_cn_rts_flags_out_channel = -1;
-static int hf_dcerpc_cn_rts_flags_eof = -1;
-static int hf_dcerpc_cn_rts_commands_nb = -1;
-static int hf_dcerpc_cn_rts_command = -1;
-static int hf_dcerpc_cn_rts_command_receivewindowsize = -1;
-static int hf_dcerpc_cn_rts_command_fack_bytesreceived = -1;
-static int hf_dcerpc_cn_rts_command_fack_availablewindow = -1;
-static int hf_dcerpc_cn_rts_command_fack_channelcookie = -1;
-static int hf_dcerpc_cn_rts_command_connectiontimeout = -1;
-static int hf_dcerpc_cn_rts_command_cookie = -1;
-static int hf_dcerpc_cn_rts_command_channellifetime = -1;
-static int hf_dcerpc_cn_rts_command_clientkeepalive = -1;
-static int hf_dcerpc_cn_rts_command_version = -1;
-static int hf_dcerpc_cn_rts_command_conformancecount = -1;
-static int hf_dcerpc_cn_rts_command_padding = -1;
-static int hf_dcerpc_cn_rts_command_addrtype = -1;
-static int hf_dcerpc_cn_rts_command_associationgroupid = -1;
-static int hf_dcerpc_cn_rts_command_forwarddestination = -1;
-static int hf_dcerpc_cn_rts_command_pingtrafficsentnotify = -1;
-static int hf_dcerpc_auth_type = -1;
-static int hf_dcerpc_auth_level = -1;
-static int hf_dcerpc_auth_pad_len = -1;
-static int hf_dcerpc_auth_rsrvd = -1;
-static int hf_dcerpc_auth_ctx_id = -1;
-static int hf_dcerpc_dg_flags1 = -1;
-static int hf_dcerpc_dg_flags1_rsrvd_01 = -1;
-static int hf_dcerpc_dg_flags1_last_frag = -1;
-static int hf_dcerpc_dg_flags1_frag = -1;
-static int hf_dcerpc_dg_flags1_nofack = -1;
-static int hf_dcerpc_dg_flags1_maybe = -1;
-static int hf_dcerpc_dg_flags1_idempotent = -1;
-static int hf_dcerpc_dg_flags1_broadcast = -1;
-static int hf_dcerpc_dg_flags1_rsrvd_80 = -1;
-static int hf_dcerpc_dg_flags2 = -1;
-static int hf_dcerpc_dg_flags2_rsrvd_01 = -1;
-static int hf_dcerpc_dg_flags2_cancel_pending = -1;
-static int hf_dcerpc_dg_flags2_rsrvd_04 = -1;
-static int hf_dcerpc_dg_flags2_rsrvd_08 = -1;
-static int hf_dcerpc_dg_flags2_rsrvd_10 = -1;
-static int hf_dcerpc_dg_flags2_rsrvd_20 = -1;
-static int hf_dcerpc_dg_flags2_rsrvd_40 = -1;
-static int hf_dcerpc_dg_flags2_rsrvd_80 = -1;
-static int hf_dcerpc_dg_serial_hi = -1;
-static int hf_dcerpc_obj_id = -1;
-static int hf_dcerpc_dg_if_id = -1;
-static int hf_dcerpc_dg_act_id = -1;
-static int hf_dcerpc_dg_serial_lo = -1;
-static int hf_dcerpc_dg_ahint = -1;
-static int hf_dcerpc_dg_ihint = -1;
-static int hf_dcerpc_dg_frag_len = -1;
-static int hf_dcerpc_dg_frag_num = -1;
-static int hf_dcerpc_dg_auth_proto = -1;
-static int hf_dcerpc_opnum = -1;
-static int hf_dcerpc_dg_seqnum = -1;
-static int hf_dcerpc_dg_server_boot = -1;
-static int hf_dcerpc_dg_if_ver = -1;
-static int hf_dcerpc_krb5_av_prot_level = -1;
-static int hf_dcerpc_krb5_av_key_vers_num = -1;
-static int hf_dcerpc_krb5_av_key_auth_verifier = -1;
-static int hf_dcerpc_dg_cancel_vers = -1;
-static int hf_dcerpc_dg_cancel_id = -1;
-static int hf_dcerpc_dg_server_accepting_cancels = -1;
-static int hf_dcerpc_dg_fack_vers = -1;
-static int hf_dcerpc_dg_fack_window_size = -1;
-static int hf_dcerpc_dg_fack_max_tsdu = -1;
-static int hf_dcerpc_dg_fack_max_frag_size = -1;
-static int hf_dcerpc_dg_fack_serial_num = -1;
-static int hf_dcerpc_dg_fack_selack_len = -1;
-static int hf_dcerpc_dg_fack_selack = -1;
-static int hf_dcerpc_dg_status = -1;
-static int hf_dcerpc_array_max_count = -1;
-static int hf_dcerpc_array_offset = -1;
-static int hf_dcerpc_array_actual_count = -1;
-static int hf_dcerpc_op = -1;
-static int hf_dcerpc_referent_id32 = -1;
-static int hf_dcerpc_referent_id64 = -1;
-static int hf_dcerpc_null_pointer = -1;
-static int hf_dcerpc_fragments = -1;
-static int hf_dcerpc_fragment = -1;
-static int hf_dcerpc_fragment_overlap = -1;
-static int hf_dcerpc_fragment_overlap_conflict = -1;
-static int hf_dcerpc_fragment_multiple_tails = -1;
-static int hf_dcerpc_fragment_too_long_fragment = -1;
-static int hf_dcerpc_fragment_error = -1;
-static int hf_dcerpc_fragment_count = -1;
-static int hf_dcerpc_reassembled_in = -1;
-static int hf_dcerpc_reassembled_length = -1;
-static int hf_dcerpc_unknown_if_id = -1;
-static int hf_dcerpc_sec_vt_signature = -1;
-static int hf_dcerpc_sec_vt_command = -1;
-static int hf_dcerpc_sec_vt_command_cmd = -1;
-static int hf_dcerpc_sec_vt_command_end = -1;
-static int hf_dcerpc_sec_vt_command_must = -1;
-static int hf_dcerpc_sec_vt_command_length = -1;
-static int hf_dcerpc_sec_vt_bitmask = -1;
-static int hf_dcerpc_sec_vt_bitmask_sign = -1;
-static int hf_dcerpc_sec_vt_pcontext_uuid = -1;
-static int hf_dcerpc_sec_vt_pcontext_ver = -1;
+static int hf_dcerpc_request_in;
+static int hf_dcerpc_time;
+static int hf_dcerpc_response_in;
+static int hf_dcerpc_ver;
+static int hf_dcerpc_ver_minor;
+static int hf_dcerpc_packet_type;
+static int hf_dcerpc_cn_flags;
+static int hf_dcerpc_cn_flags_first_frag;
+static int hf_dcerpc_cn_flags_last_frag;
+static int hf_dcerpc_cn_flags_cancel_pending;
+static int hf_dcerpc_cn_flags_reserved;
+static int hf_dcerpc_cn_flags_mpx;
+static int hf_dcerpc_cn_flags_dne;
+static int hf_dcerpc_cn_flags_maybe;
+static int hf_dcerpc_cn_flags_object;
+static int hf_dcerpc_drep;
+ int hf_dcerpc_drep_byteorder;
+ int hf_dcerpc_ndr_padding;
+static int hf_dcerpc_drep_character;
+static int hf_dcerpc_drep_fp;
+static int hf_dcerpc_cn_frag_len;
+static int hf_dcerpc_cn_auth_len;
+static int hf_dcerpc_cn_call_id;
+static int hf_dcerpc_cn_max_xmit;
+static int hf_dcerpc_cn_max_recv;
+static int hf_dcerpc_cn_assoc_group;
+static int hf_dcerpc_cn_num_ctx_items;
+static int hf_dcerpc_cn_ctx_item;
+static int hf_dcerpc_cn_ctx_id;
+static int hf_dcerpc_cn_num_trans_items;
+static int hf_dcerpc_cn_bind_abstract_syntax;
+static int hf_dcerpc_cn_bind_if_id;
+static int hf_dcerpc_cn_bind_if_ver;
+static int hf_dcerpc_cn_bind_if_ver_minor;
+static int hf_dcerpc_cn_bind_trans_syntax;
+static int hf_dcerpc_cn_bind_trans_id;
+static int hf_dcerpc_cn_bind_trans_ver;
+static int hf_dcerpc_cn_bind_trans_btfn;
+static int hf_dcerpc_cn_bind_trans_btfn_01;
+static int hf_dcerpc_cn_bind_trans_btfn_02;
+static int hf_dcerpc_cn_alloc_hint;
+static int hf_dcerpc_cn_sec_addr_len;
+static int hf_dcerpc_cn_sec_addr;
+static int hf_dcerpc_cn_num_results;
+static int hf_dcerpc_cn_ack_result;
+static int hf_dcerpc_cn_ack_reason;
+static int hf_dcerpc_cn_ack_trans_id;
+static int hf_dcerpc_cn_ack_trans_ver;
+static int hf_dcerpc_cn_reject_reason;
+static int hf_dcerpc_cn_num_protocols;
+static int hf_dcerpc_cn_protocol_ver_major;
+static int hf_dcerpc_cn_protocol_ver_minor;
+static int hf_dcerpc_cn_cancel_count;
+static int hf_dcerpc_cn_fault_flags;
+static int hf_dcerpc_cn_fault_flags_extended_error_info;
+static int hf_dcerpc_cn_status;
+static int hf_dcerpc_cn_deseg_req;
+static int hf_dcerpc_cn_rts_flags;
+static int hf_dcerpc_cn_rts_flags_ping;
+static int hf_dcerpc_cn_rts_flags_other_cmd;
+static int hf_dcerpc_cn_rts_flags_recycle_channel;
+static int hf_dcerpc_cn_rts_flags_in_channel;
+static int hf_dcerpc_cn_rts_flags_out_channel;
+static int hf_dcerpc_cn_rts_flags_eof;
+static int hf_dcerpc_cn_rts_commands_nb;
+static int hf_dcerpc_cn_rts_command;
+static int hf_dcerpc_cn_rts_command_receivewindowsize;
+static int hf_dcerpc_cn_rts_command_fack_bytesreceived;
+static int hf_dcerpc_cn_rts_command_fack_availablewindow;
+static int hf_dcerpc_cn_rts_command_fack_channelcookie;
+static int hf_dcerpc_cn_rts_command_connectiontimeout;
+static int hf_dcerpc_cn_rts_command_cookie;
+static int hf_dcerpc_cn_rts_command_channellifetime;
+static int hf_dcerpc_cn_rts_command_clientkeepalive;
+static int hf_dcerpc_cn_rts_command_version;
+static int hf_dcerpc_cn_rts_command_conformancecount;
+static int hf_dcerpc_cn_rts_command_padding;
+static int hf_dcerpc_cn_rts_command_addrtype;
+static int hf_dcerpc_cn_rts_command_associationgroupid;
+static int hf_dcerpc_cn_rts_command_forwarddestination;
+static int hf_dcerpc_cn_rts_command_pingtrafficsentnotify;
+static int hf_dcerpc_auth_type;
+static int hf_dcerpc_auth_level;
+static int hf_dcerpc_auth_pad_len;
+static int hf_dcerpc_auth_rsrvd;
+static int hf_dcerpc_auth_ctx_id;
+static int hf_dcerpc_dg_flags1;
+static int hf_dcerpc_dg_flags1_rsrvd_01;
+static int hf_dcerpc_dg_flags1_last_frag;
+static int hf_dcerpc_dg_flags1_frag;
+static int hf_dcerpc_dg_flags1_nofack;
+static int hf_dcerpc_dg_flags1_maybe;
+static int hf_dcerpc_dg_flags1_idempotent;
+static int hf_dcerpc_dg_flags1_broadcast;
+static int hf_dcerpc_dg_flags1_rsrvd_80;
+static int hf_dcerpc_dg_flags2;
+static int hf_dcerpc_dg_flags2_rsrvd_01;
+static int hf_dcerpc_dg_flags2_cancel_pending;
+static int hf_dcerpc_dg_flags2_rsrvd_04;
+static int hf_dcerpc_dg_flags2_rsrvd_08;
+static int hf_dcerpc_dg_flags2_rsrvd_10;
+static int hf_dcerpc_dg_flags2_rsrvd_20;
+static int hf_dcerpc_dg_flags2_rsrvd_40;
+static int hf_dcerpc_dg_flags2_rsrvd_80;
+static int hf_dcerpc_dg_serial_hi;
+static int hf_dcerpc_obj_id;
+static int hf_dcerpc_dg_if_id;
+static int hf_dcerpc_dg_act_id;
+static int hf_dcerpc_dg_serial_lo;
+static int hf_dcerpc_dg_ahint;
+static int hf_dcerpc_dg_ihint;
+static int hf_dcerpc_dg_frag_len;
+static int hf_dcerpc_dg_frag_num;
+static int hf_dcerpc_dg_auth_proto;
+static int hf_dcerpc_opnum;
+static int hf_dcerpc_dg_seqnum;
+static int hf_dcerpc_dg_server_boot;
+static int hf_dcerpc_dg_if_ver;
+static int hf_dcerpc_krb5_av_prot_level;
+static int hf_dcerpc_krb5_av_key_vers_num;
+static int hf_dcerpc_krb5_av_key_auth_verifier;
+static int hf_dcerpc_dg_cancel_vers;
+static int hf_dcerpc_dg_cancel_id;
+static int hf_dcerpc_dg_server_accepting_cancels;
+static int hf_dcerpc_dg_fack_vers;
+static int hf_dcerpc_dg_fack_window_size;
+static int hf_dcerpc_dg_fack_max_tsdu;
+static int hf_dcerpc_dg_fack_max_frag_size;
+static int hf_dcerpc_dg_fack_serial_num;
+static int hf_dcerpc_dg_fack_selack_len;
+static int hf_dcerpc_dg_fack_selack;
+static int hf_dcerpc_dg_status;
+static int hf_dcerpc_array_max_count;
+static int hf_dcerpc_array_offset;
+static int hf_dcerpc_array_actual_count;
+static int hf_dcerpc_op;
+static int hf_dcerpc_referent_id32;
+static int hf_dcerpc_referent_id64;
+static int hf_dcerpc_null_pointer;
+static int hf_dcerpc_fragments;
+static int hf_dcerpc_fragment;
+static int hf_dcerpc_fragment_overlap;
+static int hf_dcerpc_fragment_overlap_conflict;
+static int hf_dcerpc_fragment_multiple_tails;
+static int hf_dcerpc_fragment_too_long_fragment;
+static int hf_dcerpc_fragment_error;
+static int hf_dcerpc_fragment_count;
+static int hf_dcerpc_reassembled_in;
+static int hf_dcerpc_reassembled_length;
+static int hf_dcerpc_unknown_if_id;
+static int hf_dcerpc_sec_vt_signature;
+static int hf_dcerpc_sec_vt_command;
+static int hf_dcerpc_sec_vt_command_cmd;
+static int hf_dcerpc_sec_vt_command_end;
+static int hf_dcerpc_sec_vt_command_must;
+static int hf_dcerpc_sec_vt_command_length;
+static int hf_dcerpc_sec_vt_bitmask;
+static int hf_dcerpc_sec_vt_bitmask_sign;
+static int hf_dcerpc_sec_vt_pcontext_uuid;
+static int hf_dcerpc_sec_vt_pcontext_ver;
static int * const sec_vt_command_fields[] = {
&hf_dcerpc_sec_vt_command_cmd,
@@ -596,25 +599,25 @@ static int * const sec_vt_command_fields[] = {
&hf_dcerpc_sec_vt_command_must,
NULL
};
-static int hf_dcerpc_reserved = -1;
-static int hf_dcerpc_unknown = -1;
-static int hf_dcerpc_missalign = -1;
+static int hf_dcerpc_reserved;
+static int hf_dcerpc_unknown;
+static int hf_dcerpc_missalign;
/* Generated from convert_proto_tree_add_text.pl */
-static int hf_dcerpc_duplicate_ptr = -1;
-static int hf_dcerpc_encrypted_stub_data = -1;
-static int hf_dcerpc_decrypted_stub_data = -1;
-static int hf_dcerpc_payload_stub_data = -1;
-static int hf_dcerpc_stub_data_with_sec_vt = -1;
-static int hf_dcerpc_stub_data = -1;
-static int hf_dcerpc_auth_padding = -1;
-static int hf_dcerpc_auth_info = -1;
-static int hf_dcerpc_auth_credentials = -1;
-static int hf_dcerpc_fault_stub_data = -1;
-static int hf_dcerpc_fragment_data = -1;
-static int hf_dcerpc_cmd_client_ipv4 = -1;
-static int hf_dcerpc_cmd_client_ipv6 = -1;
-static int hf_dcerpc_authentication_verifier = -1;
+static int hf_dcerpc_duplicate_ptr;
+static int hf_dcerpc_encrypted_stub_data;
+static int hf_dcerpc_decrypted_stub_data;
+static int hf_dcerpc_payload_stub_data;
+static int hf_dcerpc_stub_data_with_sec_vt;
+static int hf_dcerpc_stub_data;
+static int hf_dcerpc_auth_padding;
+static int hf_dcerpc_auth_info;
+static int hf_dcerpc_auth_credentials;
+static int hf_dcerpc_fault_stub_data;
+static int hf_dcerpc_fragment_data;
+static int hf_dcerpc_cmd_client_ipv4;
+static int hf_dcerpc_cmd_client_ipv6;
+static int hf_dcerpc_authentication_verifier;
static int * const dcerpc_cn_bind_trans_btfn_fields[] = {
&hf_dcerpc_cn_bind_trans_btfn_01,
@@ -639,48 +642,48 @@ static const value_string sec_vt_command_cmd_vals[] = {
{0, NULL}
};
-static gint ett_dcerpc = -1;
-static gint ett_dcerpc_cn_flags = -1;
-static gint ett_dcerpc_cn_ctx = -1;
-static gint ett_dcerpc_cn_iface = -1;
-static gint ett_dcerpc_cn_trans_syntax = -1;
-static gint ett_dcerpc_cn_trans_btfn = -1;
-static gint ett_dcerpc_cn_bind_trans_btfn = -1;
-static gint ett_dcerpc_cn_rts_flags = -1;
-static gint ett_dcerpc_cn_rts_command = -1;
-static gint ett_dcerpc_cn_rts_pdu = -1;
-static gint ett_dcerpc_drep = -1;
-static gint ett_dcerpc_dg_flags1 = -1;
-static gint ett_dcerpc_dg_flags2 = -1;
-static gint ett_dcerpc_pointer_data = -1;
-static gint ett_dcerpc_string = -1;
-static gint ett_dcerpc_fragments = -1;
-static gint ett_dcerpc_fragment = -1;
-static gint ett_dcerpc_krb5_auth_verf = -1;
-static gint ett_dcerpc_auth_info = -1;
-static gint ett_dcerpc_verification_trailer = -1;
-static gint ett_dcerpc_sec_vt_command = -1;
-static gint ett_dcerpc_sec_vt_bitmask = -1;
-static gint ett_dcerpc_sec_vt_pcontext = -1;
-static gint ett_dcerpc_sec_vt_header = -1;
-static gint ett_dcerpc_complete_stub_data = -1;
-static gint ett_dcerpc_fault_flags = -1;
-static gint ett_dcerpc_fault_stub_data = -1;
-
-static expert_field ei_dcerpc_fragment_multiple = EI_INIT;
-static expert_field ei_dcerpc_cn_status = EI_INIT;
-static expert_field ei_dcerpc_fragment_reassembled = EI_INIT;
-static expert_field ei_dcerpc_fragment = EI_INIT;
-static expert_field ei_dcerpc_no_request_found = EI_INIT;
-/* static expert_field ei_dcerpc_context_change = EI_INIT; */
-static expert_field ei_dcerpc_cn_ctx_id_no_bind = EI_INIT;
-static expert_field ei_dcerpc_bind_not_acknowledged = EI_INIT;
-static expert_field ei_dcerpc_verifier_unavailable = EI_INIT;
-static expert_field ei_dcerpc_invalid_pdu_authentication_attempt = EI_INIT;
+static gint ett_dcerpc;
+static gint ett_dcerpc_cn_flags;
+static gint ett_dcerpc_cn_ctx;
+static gint ett_dcerpc_cn_iface;
+static gint ett_dcerpc_cn_trans_syntax;
+static gint ett_dcerpc_cn_trans_btfn;
+static gint ett_dcerpc_cn_bind_trans_btfn;
+static gint ett_dcerpc_cn_rts_flags;
+static gint ett_dcerpc_cn_rts_command;
+static gint ett_dcerpc_cn_rts_pdu;
+static gint ett_dcerpc_drep;
+static gint ett_dcerpc_dg_flags1;
+static gint ett_dcerpc_dg_flags2;
+static gint ett_dcerpc_pointer_data;
+static gint ett_dcerpc_string;
+static gint ett_dcerpc_fragments;
+static gint ett_dcerpc_fragment;
+static gint ett_dcerpc_krb5_auth_verf;
+static gint ett_dcerpc_auth_info;
+static gint ett_dcerpc_verification_trailer;
+static gint ett_dcerpc_sec_vt_command;
+static gint ett_dcerpc_sec_vt_bitmask;
+static gint ett_dcerpc_sec_vt_pcontext;
+static gint ett_dcerpc_sec_vt_header;
+static gint ett_dcerpc_complete_stub_data;
+static gint ett_dcerpc_fault_flags;
+static gint ett_dcerpc_fault_stub_data;
+
+static expert_field ei_dcerpc_fragment_multiple;
+static expert_field ei_dcerpc_cn_status;
+static expert_field ei_dcerpc_fragment_reassembled;
+static expert_field ei_dcerpc_fragment;
+static expert_field ei_dcerpc_no_request_found;
+/* static expert_field ei_dcerpc_context_change; */
+static expert_field ei_dcerpc_cn_ctx_id_no_bind;
+static expert_field ei_dcerpc_bind_not_acknowledged;
+static expert_field ei_dcerpc_verifier_unavailable;
+static expert_field ei_dcerpc_invalid_pdu_authentication_attempt;
/* Generated from convert_proto_tree_add_text.pl */
-static expert_field ei_dcerpc_long_frame = EI_INIT;
-static expert_field ei_dcerpc_cn_rts_command = EI_INIT;
-static expert_field ei_dcerpc_not_implemented = EI_INIT;
+static expert_field ei_dcerpc_long_frame;
+static expert_field ei_dcerpc_cn_rts_command;
+static expert_field ei_dcerpc_not_implemented;
static const guint8 TRAILER_SIGNATURE[] = {0x8a, 0xe3, 0x13, 0x71, 0x02, 0xf4, 0x36, 0x71};
static tvbuff_t *tvb_trailer_signature = NULL;
@@ -762,7 +765,7 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding)
0,
&binding->addr_a,
&binding->addr_b,
- conversation_pt_to_endpoint_type(binding->ptype),
+ conversation_pt_to_conversation_type(binding->ptype),
binding->port_a,
binding->port_b,
0);
@@ -772,7 +775,7 @@ dcerpc_add_conv_to_bind_table(decode_dcerpc_bind_values_t *binding)
0,
&binding->addr_a,
&binding->addr_b,
- conversation_pt_to_endpoint_type(binding->ptype),
+ conversation_pt_to_conversation_type(binding->ptype),
binding->port_a,
binding->port_b,
0);
@@ -878,7 +881,7 @@ dcerpc_prompt(packet_info *pinfo, gchar* result)
g_string_append(str, "&\r\n");
g_string_append_printf(str, "%s: %u\r\n", address_str->str, pinfo->destport);
g_string_append_printf(str, "&\r\nContext ID: %u\r\n", decode_data->dcectxid);
- g_string_append_printf(str, "&\r\nSMB FID: %"G_GINT64_MODIFIER"u\r\n",
+ g_string_append_printf(str, "&\r\nSMB FID: %"PRIu64"\r\n",
dcerpc_get_transport_salt(pinfo));
g_string_append(str, "with:\r\n");
@@ -995,7 +998,7 @@ dcerpc_decode_as_change(const char *name, gconstpointer pattern, gconstpointer h
{
const decode_dcerpc_bind_values_t *binding = (const decode_dcerpc_bind_values_t*)pattern;
decode_dcerpc_bind_values_t *stored_binding;
- guid_key *key = *((guid_key *const *)handle);
+ const guid_key *key = (const guid_key *)handle;
/* remove a probably existing old binding */
decode_dcerpc_binding_reset(name, binding);
@@ -1199,7 +1202,7 @@ void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
d->auth_level = auth_level;
d->auth_type = auth_type;
- memcpy(&d->auth_fns, fns, sizeof(dcerpc_auth_subdissector_fns));
+ d->auth_fns = *fns;
dcerpc_auth_subdissector_list = g_slist_append(dcerpc_auth_subdissector_list, d);
}
@@ -1656,6 +1659,28 @@ dissect_dcerpc_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *d
return tvb_captured_length(tvb);
}
+static void
+dcerpc_init_finalize(dissector_handle_t guid_handle, guid_key *key, dcerpc_uuid_value *value)
+{
+ module_t *samr_module;
+ const char *filter_name = proto_get_protocol_filter_name(value->proto_id);
+
+ g_hash_table_insert(dcerpc_uuids, key, value);
+
+ /* Register the GUID with the dissector table */
+ dissector_add_guid( "dcerpc.uuid", key, guid_handle );
+
+ /* add this GUID to the global name resolving */
+ guids_add_uuid(&key->guid, proto_get_protocol_short_name(value->proto));
+
+ /* Register the samr.nt_password preference as obsolete */
+ /* This should be in packet-dcerpc-samr.c */
+ if (strcmp(filter_name, "samr") == 0) {
+ samr_module = prefs_register_protocol_obsolete(value->proto_id);
+ prefs_register_obsolete_preference(samr_module, "nt_password");
+ }
+}
+
void
dcerpc_init_uuid(int proto, int ett, e_guid_t *uuid, guint16 ver,
dcerpc_sub_dissector *procs, int opnum_hf)
@@ -1663,8 +1688,6 @@ dcerpc_init_uuid(int proto, int ett, e_guid_t *uuid, guint16 ver,
guid_key *key = (guid_key *)g_malloc(sizeof (*key));
dcerpc_uuid_value *value = (dcerpc_uuid_value *)g_malloc(sizeof (*value));
header_field_info *hf_info;
- module_t *samr_module;
- const char *filter_name = proto_get_protocol_filter_name(proto);
dissector_handle_t guid_handle;
key->guid = *uuid;
@@ -1677,24 +1700,37 @@ dcerpc_init_uuid(int proto, int ett, e_guid_t *uuid, guint16 ver,
value->procs = procs;
value->opnum_hf = opnum_hf;
- g_hash_table_insert(dcerpc_uuids, key, value);
-
hf_info = proto_registrar_get_nth(opnum_hf);
hf_info->strings = value_string_from_subdissectors(procs);
/* Register the GUID with the dissector table */
guid_handle = create_dissector_handle( dissect_dcerpc_guid, proto);
- dissector_add_guid( "dcerpc.uuid", key, guid_handle );
- /* add this GUID to the global name resolving */
- guids_add_uuid(uuid, proto_get_protocol_short_name(value->proto));
+ dcerpc_init_finalize(guid_handle, key, value);
+}
- /* Register the samr.nt_password preference as obsolete */
- /* This should be in packet-dcerpc-samr.c */
- if (strcmp(filter_name, "samr") == 0) {
- samr_module = prefs_register_protocol_obsolete(proto);
- prefs_register_obsolete_preference(samr_module, "nt_password");
+void
+dcerpc_init_from_handle(int proto, e_guid_t *uuid, guint16 ver,
+ dissector_handle_t guid_handle)
+{
+ guid_key *key = (guid_key *)g_malloc(sizeof (*key));
+ dcerpc_uuid_value *value = (dcerpc_uuid_value *)g_malloc(sizeof (*value));
+
+ key->guid = *uuid;
+ key->ver = ver;
+
+ value->proto = find_protocol_by_id(proto);
+ value->proto_id = proto;
+ value->ett = -1;
+ value->name = proto_get_protocol_short_name(value->proto);
+ value->opnum_hf = 0;
+
+ if (g_hash_table_contains(dcerpc_uuids, key)) {
+ g_hash_table_remove(dcerpc_uuids, key);
+ guids_delete_guid(uuid);
}
+
+ dcerpc_init_finalize(guid_handle, key, value);
}
/* Function to find the name of a registered protocol
@@ -1714,7 +1750,7 @@ dcerpc_get_proto_name(e_guid_t *uuid, guint16 ver)
return NULL;
}
- return dissector_handle_get_short_name(handle);
+ return dissector_handle_get_protocol_short_name(handle);
}
/* Function to find the opnum hf-field of a registered protocol
@@ -1985,7 +2021,7 @@ dcerpcstat_init(struct register_srt* srt, GArray* srt_array)
}
static tap_packet_status
-dcerpcstat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv)
+dcerpcstat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv, tap_flags_t flags _U_)
{
guint i = 0;
srt_stat_table *dcerpc_srt_table;
@@ -2039,11 +2075,11 @@ dcerpcstat_param(register_srt_t* srt, const char* opt_arg, char** err)
&d1,&d2,&d3,&d40,&d41,&d42,&d43,&d44,&d45,&d46,&d47,&major,&minor,&pos) == 13)
{
if ((major < 0) || (major > 65535)) {
- *err = g_strdup_printf("dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535", major);
+ *err = ws_strdup_printf("dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535", major);
return pos;
}
if ((minor < 0) || (minor > 65535)) {
- *err = g_strdup_printf("dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535", minor);
+ *err = ws_strdup_printf("dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535", minor);
return pos;
}
ver = major;
@@ -2079,7 +2115,7 @@ dcerpcstat_param(register_srt_t* srt, const char* opt_arg, char** err)
}
else
{
- *err = g_strdup_printf("<uuid>,<major version>.<minor version>[,<filter>]");
+ *err = ws_strdup_printf("<uuid>,<major version>.<minor version>[,<filter>]");
}
return pos;
@@ -2911,7 +2947,7 @@ dissect_ndr_wchar_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
/* ndr pointer handling */
/* Should we re-read the size of the list ?
- * Instead of re-calculating the size everytime, use the stored value unless this
+ * Instead of re-calculating the size every time, use the stored value unless this
* flag is set which means: re-read the size of the list
*/
static gboolean must_check_size = FALSE;
@@ -4218,7 +4254,7 @@ dissect_dcerpc_cn_bind_ack(tvbuff_t *tvb, gint offset, packet_info *pinfo,
hf_dcerpc_cn_sec_addr_len, &sec_addr_len);
if (sec_addr_len != 0) {
proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_sec_addr, tvb, offset,
- sec_addr_len, ENC_ASCII|ENC_NA);
+ sec_addr_len, ENC_ASCII);
offset += sec_addr_len;
}
@@ -4450,7 +4486,7 @@ dissect_dcerpc_cn_stub(tvbuff_t *tvb, int offset, packet_info *pinfo,
then exit
*/
if (pinfo->fd->visited) {
- fd_head = fragment_get_reassembled(&dcerpc_co_reassembly_table, frame);
+ fd_head = fragment_get_reassembled_id(&dcerpc_co_reassembly_table, pinfo, frame);
goto end_cn_stub;
}
@@ -5438,6 +5474,7 @@ dissect_dcerpc_cn_rts(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
}
+/* Test to see if this looks like a connection oriented PDU */
static gboolean
is_dcerpc(tvbuff_t *tvb, int offset, packet_info *pinfo _U_)
{
@@ -5445,6 +5482,7 @@ is_dcerpc(tvbuff_t *tvb, int offset, packet_info *pinfo _U_)
guint8 rpc_ver_minor;
guint8 ptype;
guint8 drep[4];
+ guint16 frag_len;
if (!tvb_bytes_exist(tvb, offset, sizeof(e_dce_cn_common_hdr_t)))
return FALSE; /* not enough information to check */
@@ -5466,6 +5504,11 @@ is_dcerpc(tvbuff_t *tvb, int offset, packet_info *pinfo _U_)
return FALSE;
if (drep[1] > DCE_RPC_DREP_FP_IBM)
return FALSE;
+ offset += (int)sizeof(drep);
+ frag_len = dcerpc_tvb_get_ntohs(tvb, offset, drep);
+ if (frag_len < sizeof(e_dce_cn_common_hdr_t)) {
+ return FALSE;
+ }
return TRUE;
}
@@ -5539,14 +5582,6 @@ dissect_dcerpc_cn(tvbuff_t *tvb, int offset, packet_info *pinfo,
hdr.call_id = dcerpc_tvb_get_ntohl(tvb, offset, hdr.drep);
/*offset += 4;*/
- if (decode_data->dcectxid == 0) {
- col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "%u", hdr.call_id);
- } else {
- /* this is not the first DCE-RPC request/response in this (TCP?-)PDU,
- * prepend a delimiter */
- col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "#%u", hdr.call_id);
- }
-
if (can_desegment && pinfo->can_desegment
&& !tvb_bytes_exist(tvb, start_offset, hdr.frag_len)) {
pinfo->desegment_offset = start_offset;
@@ -5861,15 +5896,24 @@ dissect_dcerpc_cn_bs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *
static guint
get_dcerpc_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
- int offset _U_, void *data _U_)
+ int offset, void *data _U_)
{
guint8 drep[4];
guint16 frag_len;
- /* XXX: why does htis not take offset into account? */
- tvb_memcpy(tvb, (guint8 *)drep, 4, sizeof(drep));
- frag_len = dcerpc_tvb_get_ntohs(tvb, 8, drep);
+ tvb_memcpy(tvb, (guint8 *)drep, offset+4, sizeof(drep));
+ frag_len = dcerpc_tvb_get_ntohs(tvb, offset+8, drep);
+ if (!frag_len) {
+ /* tcp_dissect_pdus() interprets a 0 return value as meaning
+ * "a PDU starts here, but the length cannot be determined yet, so
+ * we need at least one more segment." However, a frag_len of 0 here
+ * is instead a bogus length. Instead return 1, another bogus length
+ * also less than our fixed length, so that the TCP dissector will
+ * correctly interpret it as a bogus and report an error.
+ */
+ frag_len = 1;
+ }
return frag_len;
}
@@ -5895,7 +5939,7 @@ dissect_dcerpc_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi
decode_data = dcerpc_get_decode_data(pinfo);
decode_data->dcetransporttype = DCE_TRANSPORT_UNKNOWN;
- tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, 10, get_dcerpc_pdu_len, dissect_dcerpc_pdu, data);
+ tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, sizeof(e_dce_cn_common_hdr_t), get_dcerpc_pdu_len, dissect_dcerpc_pdu, data);
return TRUE;
}
@@ -5907,7 +5951,7 @@ dissect_dcerpc_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *da
decode_data = dcerpc_get_decode_data(pinfo);
decode_data->dcetransporttype = DCE_TRANSPORT_UNKNOWN;
- tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, 10, get_dcerpc_pdu_len, dissect_dcerpc_pdu, data);
+ tcp_dissect_pdus(tvb, pinfo, tree, dcerpc_cn_desegment, sizeof(e_dce_cn_common_hdr_t), get_dcerpc_pdu_len, dissect_dcerpc_pdu, data);
return tvb_captured_length(tvb);
}
@@ -6566,7 +6610,6 @@ dissect_dcerpc_dg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat
if (tree)
proto_tree_add_uint(dcerpc_tree, hf_dcerpc_dg_seqnum, tvb, offset, 4, hdr.seqnum);
col_append_fstr(pinfo->cinfo, COL_INFO, ": seq: %u", hdr.seqnum);
- col_append_fstr(pinfo->cinfo, COL_DCE_CALL, "%u", hdr.seqnum);
offset += 4;
if (tree)
@@ -6796,9 +6839,9 @@ proto_register_dcerpc(void)
{ &hf_dcerpc_cn_bind_trans_btfn, /* [MS-RPCE] 2.2.2.14 */
{"Bind Time Features", "dcerpc.cn_bind_trans_btfn", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_trans_btfn_01,
- { "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 16, NULL, 0x01, NULL, HFILL }},
+ { "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 16, NULL, 0x0001, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_trans_btfn_02,
- { "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 16, NULL, 0x02, NULL, HFILL }},
+ { "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 16, NULL, 0x0002, NULL, HFILL }},
{ &hf_dcerpc_cn_alloc_hint,
{ "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_sec_addr_len,
@@ -7164,7 +7207,7 @@ proto_register_dcerpc(void)
expert_dcerpc = expert_register_protocol(proto_dcerpc);
expert_register_field_array(expert_dcerpc, ei, array_length(ei));
- uuid_dissector_table = register_dissector_table("dcerpc.uuid", "DCE/RPC UUIDs", proto_dcerpc, FT_GUID, BASE_HEX);
+ uuid_dissector_table = register_dissector_table(DCERPC_TABLE_NAME, "DCE/RPC UUIDs", proto_dcerpc, FT_GUID, BASE_HEX);
/* structures and data for BIND */
dcerpc_binds = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), dcerpc_bind_hash, dcerpc_bind_equal);
@@ -7219,14 +7262,14 @@ proto_register_dcerpc(void)
sizeof(TRAILER_SIGNATURE),
sizeof(TRAILER_SIGNATURE));
+ dcerpc_tcp_handle = register_dissector("dcerpc.tcp", dissect_dcerpc_tcp, proto_dcerpc);
+
register_shutdown_routine(dcerpc_shutdown);
}
void
proto_reg_handoff_dcerpc(void)
{
- dissector_handle_t dcerpc_tcp_handle;
-
heur_dissector_add("tcp", dissect_dcerpc_tcp_heur, "DCE/RPC over TCP", "dcerpc_tcp", proto_dcerpc, HEURISTIC_ENABLE);
heur_dissector_add("netbios", dissect_dcerpc_cn_pk, "DCE/RPC over NetBios", "dcerpc_netbios", proto_dcerpc, HEURISTIC_ENABLE);
heur_dissector_add("udp", dissect_dcerpc_dg, "DCE/RPC over UDP", "dcerpc_udp", proto_dcerpc, HEURISTIC_ENABLE);
@@ -7235,7 +7278,6 @@ proto_reg_handoff_dcerpc(void)
heur_dissector_add("http", dissect_dcerpc_cn_bs, "DCE/RPC over HTTP", "dcerpc_http", proto_dcerpc, HEURISTIC_ENABLE);
dcerpc_smb_init(proto_dcerpc);
- dcerpc_tcp_handle = create_dissector_handle(dissect_dcerpc_tcp, proto_dcerpc);
dissector_add_for_decode_as("tcp.port", dcerpc_tcp_handle);
guids_add_uuid(&uuid_data_repr_proto, "32bit NDR");
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 02:06:00 +0000