From 8a1649c5a5ff7c8bdf38cbf54ed5138c1773bfd7 Mon Sep 17 00:00:00 2001
From: David Fort <contact@hardening-consulting.com>
Date: Sun, 29 Aug 2021 10:49:12 +0200
Subject: rdpudp: dissect the RDP UDP protocol

This patch adds a dissector to analyze the RDP UDP protocol according
to MS-RDPEUDP and MS-RDPEUDP2.
---
 epan/dissectors/packet-rdp_drdynvc.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'epan/dissectors/packet-rdp_drdynvc.c')

diff --git a/epan/dissectors/packet-rdp_drdynvc.c b/epan/dissectors/packet-rdp_drdynvc.c
index fa92d2ce1e..93f86a8891 100644
--- a/epan/dissectors/packet-rdp_drdynvc.c
+++ b/epan/dissectors/packet-rdp_drdynvc.c
@@ -16,6 +16,7 @@
 #include <epan/prefs.h>
 #include <epan/conversation.h>
 #include "packet-rdp.h"
+#include "packet-rdpudp.h"
 
 void proto_register_rdp_drdynvc(void);
 void proto_reg_handoff_drdynvc(void);
@@ -219,6 +220,30 @@ find_channel_name_by_id(packet_info *pinfo, drdynvc_conv_info_t *dyninfo, guint3
 	return NULL;
 }
 
+static gboolean
+rdp_isServerAddressTarget(packet_info *pinfo)
+{
+	conversation_t *conv;
+	rdp_conv_info_t *rdp_info;
+	rdpudp_conv_info_t *rdpudp_info;
+
+	conv = find_conversation_pinfo(pinfo, 0);
+	if (!conv)
+		return FALSE;
+
+	rdp_info = (rdp_conv_info_t *)conversation_get_proto_data(conv, proto_rdp);
+	if (rdp_info) {
+		rdp_server_address_t *server = &rdp_info->serverAddr;
+		return addresses_equal(&server->addr, &pinfo->dst) && (pinfo->destport == server->port);
+	}
+
+	rdpudp_info = (rdpudp_conv_info_t *)conversation_get_proto_data(conv, proto_rdpudp);
+	if (!rdpudp_info)
+		return FALSE;
+
+	return addresses_equal(&rdpudp_info->server_addr, &pinfo->dst) && (rdpudp_info->server_port == pinfo->destport);
+}
+
 
 static int
 dissect_rdp_drdynvc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data _U_)
-- 
cgit v1.2.3