diff options
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-dcerpc-frsrpc.c | 109 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc-nt.c | 10 | ||||
-rw-r--r-- | epan/dissectors/pidl/frsrpc.cnf | 70 | ||||
-rw-r--r-- | epan/dissectors/pidl/frsrpc.idl | 2 |
4 files changed, 137 insertions, 54 deletions
diff --git a/epan/dissectors/packet-dcerpc-frsrpc.c b/epan/dissectors/packet-dcerpc-frsrpc.c index 3fb6e92a9b..7008c3f5bf 100644 --- a/epan/dissectors/packet-dcerpc-frsrpc.c +++ b/epan/dissectors/packet-dcerpc-frsrpc.c @@ -658,6 +658,61 @@ frsrpc_dissect_element_CommPktChangeOrderCommand_file_name(tvbuff_t *tvb _U_, in } return offset; } +int +frsrpc_dissect_struct_CommPktChunk(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + guint1632 type; + int i = 0; + const char *s = NULL; + proto_item *item = NULL; + proto_tree *tree = NULL; + dcerpc_info *di = pinfo->private_data; + int old_offset; + old_offset = offset; + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_frsrpc_frsrpc_CommPktChunk); + } + + offset = frsrpc_dissect_element_CommPktChunk_type(tvb, offset, pinfo, tree, drep, &type); + offset = frsrpc_dissect_element_CommPktChunk_data(tvb, offset, pinfo, tree, drep, &type); + for (i=0; frsrpc_frsrpc_CommPktChunkType_vals[i].strptr; i++) { + if (frsrpc_frsrpc_CommPktChunkType_vals[i].value == type) { + s = frsrpc_frsrpc_CommPktChunkType_vals[i].strptr; + } + } + if (s != NULL) { + proto_item_append_text(item, ", type = %s", s); + } + proto_item_set_len(item, offset-old_offset); + if (di->call_data->flags & DCERPC_IS_NDR64) { + ALIGN_TO_3_BYTES; + } + return offset; +} +int +frsrpc_dissect_enum_CommPktCommand(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_) +{ + guint32 parameter=0; + int i = 0; + const char *s = NULL; + if(param){ + parameter=(guint32)*param; + } + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_index, ¶meter); + for (i=0; frsrpc_frsrpc_CommPktCommand_vals[i].strptr != NULL; i++) { + if (frsrpc_frsrpc_CommPktCommand_vals[i].value == parameter) { + s = frsrpc_frsrpc_CommPktCommand_vals[i].strptr; + } + } + if (s!= NULL && check_col(pinfo->cinfo, COL_INFO)) + col_append_fstr(pinfo->cinfo, COL_INFO, ",command = %s", + s); + if(param){ + *param=(guint32)parameter; + } + return offset; +} static int frsrpc_dissect_struct_frsrpc_CommPktChunkCtr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep _U_, int hf_index, guint32 param _U_) { @@ -2221,20 +2276,6 @@ frsrpc_dissect_struct_CommPktChangeOrderRecordExtension(tvbuff_t *tvb _U_, int o /* IDL: FRSRPC_COMMAND_SEND_STAGE=0x00000228, */ /* IDL: } */ -int -frsrpc_dissect_enum_CommPktCommand(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_) -{ - guint32 parameter=0; - if(param){ - parameter=(guint32)*param; - } - offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_index, ¶meter); - if(param){ - *param=(guint32)parameter; - } - return offset; -} - /* IDL: enum { */ /* IDL: FRSRPC_COMM_PKT_CHUNK_BOP=0x0001, */ @@ -2291,7 +2332,7 @@ frsrpc_dissect_enum_CommPktChunkType(tvbuff_t *tvb _U_, int offset _U_, packet_i /* IDL: [case(FRSRPC_COMM_PKT_CHUNK_JOIN_TIME)] [subcontext(4)] [case(FRSRPC_COMM_PKT_CHUNK_JOIN_TIME)] NTTIME join_time; */ /* IDL: [case(FRSRPC_COMM_PKT_CHUNK_REPLICA_VERSION_GUID)] [subcontext(4)] [case(FRSRPC_COMM_PKT_CHUNK_REPLICA_VERSION_GUID)] GUID replica_version_guid; */ /* IDL: [case(FRSRPC_COMM_PKT_CHUNK_COMPRESSION_GUID)] [case(FRSRPC_COMM_PKT_CHUNK_COMPRESSION_GUID)] GUID compression_guid; */ -/* IDL: [case(FRSRPC_COMM_PKT_CHUNK_BLOCK)] [flag(LIBNDR_FLAG_REMAINING)] [case(FRSRPC_COMM_PKT_CHUNK_BLOCK)] DATA_BLOB block; */ +/* IDL: [case(FRSRPC_COMM_PKT_CHUNK_BLOCK)] [case(FRSRPC_COMM_PKT_CHUNK_BLOCK)] DATA_BLOB block; */ /* IDL: [case(FRSRPC_COMM_PKT_CHUNK_BLOCK_SIZE)] [case(FRSRPC_COMM_PKT_CHUNK_BLOCK_SIZE)] hyper block_size; */ /* IDL: [case(FRSRPC_COMM_PKT_CHUNK_FILE_SIZE)] [case(FRSRPC_COMM_PKT_CHUNK_FILE_SIZE)] hyper file_size; */ /* IDL: [case(FRSRPC_COMM_PKT_CHUNK_FILE_OFFSET)] [case(FRSRPC_COMM_PKT_CHUNK_FILE_OFFSET)] hyper file_offset; */ @@ -2483,7 +2524,7 @@ frsrpc_dissect_element_CommPktChunkData_compression_guid(tvbuff_t *tvb _U_, int static int frsrpc_dissect_element_CommPktChunkData_block(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) { - offset = dissect_ndr_datablob(tvb, offset, pinfo, tree, drep, hf_frsrpc_frsrpc_CommPktChunkData_block, 1); + offset = dissect_ndr_datablob(tvb, offset, pinfo, tree, drep, hf_frsrpc_frsrpc_CommPktChunkData_block, 0); return offset; } @@ -2796,38 +2837,6 @@ frsrpc_dissect_element_CommPktChunk_data_(tvbuff_t *tvb _U_, int offset _U_, pac return offset; } -int -frsrpc_dissect_struct_CommPktChunk(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) -{ - guint1632 type; - proto_item *item = NULL; - proto_tree *tree = NULL; - dcerpc_info *di = pinfo->private_data; - int old_offset; - - - old_offset = offset; - - if (parent_tree) { - item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); - tree = proto_item_add_subtree(item, ett_frsrpc_frsrpc_CommPktChunk); - } - - offset = frsrpc_dissect_element_CommPktChunk_type(tvb, offset, pinfo, tree, drep, &type); - - offset = frsrpc_dissect_element_CommPktChunk_data(tvb, offset, pinfo, tree, drep, &type); - - - proto_item_set_len(item, offset-old_offset); - - - if (di->call_data->flags & DCERPC_IS_NDR64) { - ALIGN_TO_3_BYTES; - } - - return offset; -} - /* IDL: struct { */ /* IDL: uint32 num_chunks; */ @@ -3769,7 +3778,7 @@ void proto_register_dcerpc_frsrpc(void) { &hf_frsrpc_frsrpc_CommPktChunkData_join_guid, { "Join Guid", "frsrpc.frsrpc_CommPktChunkData.join_guid", FT_GUID, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_frsrpc_frsrpc_FrsVerifyPromotionParent___ndr_guid_size, - { "Ndr Guid Size", "frsrpc.frsrpc_FrsVerifyPromotionParent.__ndr_guid_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { " Ndr Guid Size", "frsrpc.frsrpc_FrsVerifyPromotionParent.__ndr_guid_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_frsrpc_frsrpc_FrsSendCommPktReq_data_handle, { "Data Handle", "frsrpc.frsrpc_FrsSendCommPktReq.data_handle", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_frsrpc_frsrpc_CommPktChangeOrderCommand_content_cmd, @@ -3789,7 +3798,7 @@ void proto_register_dcerpc_frsrpc(void) { &hf_frsrpc_frsrpc_CommPktChangeOrderCommand_spare2guid_p1, { "Spare2guid P1", "frsrpc.frsrpc_CommPktChangeOrderCommand.spare2guid_p1", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_frsrpc_frsrpc_FrsStartPromotionParent___ndr_guid_size, - { "Ndr Guid Size", "frsrpc.frsrpc_FrsStartPromotionParent.__ndr_guid_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { " Ndr Guid Size", "frsrpc.frsrpc_FrsStartPromotionParent.__ndr_guid_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, { &hf_frsrpc_frsrpc_CommPktChunkData_gvsn_, { "Subcontext length", "frsrpc.frsrpc_CommPktChunkData.subcontext", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, { &hf_frsrpc_frsrpc_CommPktChunkData_replica_version_guid, diff --git a/epan/dissectors/packet-dcerpc-nt.c b/epan/dissectors/packet-dcerpc-nt.c index 724d4b4f07..3a0107c7b1 100644 --- a/epan/dissectors/packet-dcerpc-nt.c +++ b/epan/dissectors/packet-dcerpc-nt.c @@ -46,7 +46,7 @@ int hf_nt_error; int hf_nt_cs_size = -1; static int hf_lsa_String_name_len = -1; static int hf_lsa_String_name_size = -1; - +static int hf_nt_data_blob_len = -1; static gint ett_nt_unicode_string = -1; static gint ett_lsa_String = -1; @@ -96,9 +96,9 @@ dissect_ndr_datablob(tvbuff_t *tvb, int offset, packet_info *pinfo, len = tvb_length_remaining (tvb, offset); } else { offset = dissect_ndr_uint32(tvb, offset, pinfo, subtree, drep, - hf_index, &len); + hf_nt_data_blob_len, &len); } - proto_tree_add_text(tree, tvb, offset, len, "Blob data"); + proto_tree_add_text(subtree, tvb, offset, len, "Blob data"); offset += len; return offset; } @@ -1968,6 +1968,10 @@ void dcerpc_smb_init(int proto_dcerpc) { &hf_lsa_String_name_size, { "Name Size", "dcerpc.lsa_String.name_size", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, + + { &hf_nt_data_blob_len, + { "Blob size", "dcerpc.nt.blob.size", + FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, }; static gint *ett[] = { diff --git a/epan/dissectors/pidl/frsrpc.cnf b/epan/dissectors/pidl/frsrpc.cnf index 1619ee40e2..060f91ab94 100644 --- a/epan/dissectors/pidl/frsrpc.cnf +++ b/epan/dissectors/pidl/frsrpc.cnf @@ -7,6 +7,8 @@ HF_FIELD hf_CommPktChunk "Chunk" "frsrpc.chunk.ctr.chunk" FT_NONE BASE_NONE NULL MANUAL frsrpc_dissect_struct_frsrpc_CommPktChunkCtr MANUAL frsrpc_dissect_element_CommPktChangeOrderCommand_file_name +MANUAL frsrpc_dissect_enum_CommPktCommand +MANUAL frsrpc_dissect_struct_CommPktChunk CODE START static int @@ -25,6 +27,74 @@ frsrpc_dissect_element_CommPktChangeOrderCommand_file_name(tvbuff_t *tvb _U_, in return offset; } +int +frsrpc_dissect_struct_CommPktChunk(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + guint1632 type; + int i = 0; + const char *s = NULL; + proto_item *item = NULL; + proto_tree *tree = NULL; + dcerpc_info *di = pinfo->private_data; + int old_offset; + + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_frsrpc_frsrpc_CommPktChunk); + } + + offset = frsrpc_dissect_element_CommPktChunk_type(tvb, offset, pinfo, tree, drep, &type); + + offset = frsrpc_dissect_element_CommPktChunk_data(tvb, offset, pinfo, tree, drep, &type); + + for (i=0; frsrpc_frsrpc_CommPktChunkType_vals[i].strptr; i++) { + if (frsrpc_frsrpc_CommPktChunkType_vals[i].value == type) { + s = frsrpc_frsrpc_CommPktChunkType_vals[i].strptr; + } + } + if (s != NULL) { + proto_item_append_text(item, ", type = %s", s); + } + proto_item_set_len(item, offset-old_offset); + + + if (di->call_data->flags & DCERPC_IS_NDR64) { + ALIGN_TO_3_BYTES; + } + + return offset; +} + +int +frsrpc_dissect_enum_CommPktCommand(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_) +{ + guint32 parameter=0; + int i = 0; + const char *s = NULL; + if(param){ + parameter=(guint32)*param; + } + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_index, ¶meter); + + for (i=0; frsrpc_frsrpc_CommPktCommand_vals[i].strptr != NULL; i++) { + if (frsrpc_frsrpc_CommPktCommand_vals[i].value == parameter) { + s = frsrpc_frsrpc_CommPktCommand_vals[i].strptr; + } + } + if (s!= NULL && check_col(pinfo->cinfo, COL_INFO)) + col_append_fstr(pinfo->cinfo, COL_INFO, ",command = %s", + s); + + if(param){ + *param=(guint32)parameter; + } + return offset; +} + + static int frsrpc_dissect_struct_frsrpc_CommPktChunkCtr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep _U_, int hf_index, guint32 param _U_) { diff --git a/epan/dissectors/pidl/frsrpc.idl b/epan/dissectors/pidl/frsrpc.idl index fb7e2728c0..5dad888122 100644 --- a/epan/dissectors/pidl/frsrpc.idl +++ b/epan/dissectors/pidl/frsrpc.idl @@ -281,7 +281,7 @@ interface frsrpc [case(FRSRPC_COMM_PKT_CHUNK_COMPRESSION_GUID)] GUID compression_guid; [case(FRSRPC_COMM_PKT_CHUNK_BLOCK)] - [flag(NDR_REMAINING)] DATA_BLOB block; + DATA_BLOB block; [case(FRSRPC_COMM_PKT_CHUNK_BLOCK_SIZE)] hyper block_size; [case(FRSRPC_COMM_PKT_CHUNK_FILE_SIZE)] |