From 7ec441d440b3f4fef45cb2287542764368a0fdec Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg Date: Sat, 10 Sep 2011 11:15:20 +0000 Subject: DCE/RPC: FRSRPC: updates to the FRS dissector From: Matthieu Patou svn path=/trunk/; revision=38958 --- epan/dissectors/pidl/frsrpc.cnf | 70 +++++++++++++++++++++++++++++++++++++++++ epan/dissectors/pidl/frsrpc.idl | 2 +- 2 files changed, 71 insertions(+), 1 deletion(-) (limited to 'epan/dissectors/pidl') diff --git a/epan/dissectors/pidl/frsrpc.cnf b/epan/dissectors/pidl/frsrpc.cnf index 1619ee40e2..060f91ab94 100644 --- a/epan/dissectors/pidl/frsrpc.cnf +++ b/epan/dissectors/pidl/frsrpc.cnf @@ -7,6 +7,8 @@ HF_FIELD hf_CommPktChunk "Chunk" "frsrpc.chunk.ctr.chunk" FT_NONE BASE_NONE NULL MANUAL frsrpc_dissect_struct_frsrpc_CommPktChunkCtr MANUAL frsrpc_dissect_element_CommPktChangeOrderCommand_file_name +MANUAL frsrpc_dissect_enum_CommPktCommand +MANUAL frsrpc_dissect_struct_CommPktChunk CODE START static int @@ -25,6 +27,74 @@ frsrpc_dissect_element_CommPktChangeOrderCommand_file_name(tvbuff_t *tvb _U_, in return offset; } +int +frsrpc_dissect_struct_CommPktChunk(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + guint1632 type; + int i = 0; + const char *s = NULL; + proto_item *item = NULL; + proto_tree *tree = NULL; + dcerpc_info *di = pinfo->private_data; + int old_offset; + + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_frsrpc_frsrpc_CommPktChunk); + } + + offset = frsrpc_dissect_element_CommPktChunk_type(tvb, offset, pinfo, tree, drep, &type); + + offset = frsrpc_dissect_element_CommPktChunk_data(tvb, offset, pinfo, tree, drep, &type); + + for (i=0; frsrpc_frsrpc_CommPktChunkType_vals[i].strptr; i++) { + if (frsrpc_frsrpc_CommPktChunkType_vals[i].value == type) { + s = frsrpc_frsrpc_CommPktChunkType_vals[i].strptr; + } + } + if (s != NULL) { + proto_item_append_text(item, ", type = %s", s); + } + proto_item_set_len(item, offset-old_offset); + + + if (di->call_data->flags & DCERPC_IS_NDR64) { + ALIGN_TO_3_BYTES; + } + + return offset; +} + +int +frsrpc_dissect_enum_CommPktCommand(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 *param _U_) +{ + guint32 parameter=0; + int i = 0; + const char *s = NULL; + if(param){ + parameter=(guint32)*param; + } + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_index, ¶meter); + + for (i=0; frsrpc_frsrpc_CommPktCommand_vals[i].strptr != NULL; i++) { + if (frsrpc_frsrpc_CommPktCommand_vals[i].value == parameter) { + s = frsrpc_frsrpc_CommPktCommand_vals[i].strptr; + } + } + if (s!= NULL && check_col(pinfo->cinfo, COL_INFO)) + col_append_fstr(pinfo->cinfo, COL_INFO, ",command = %s", + s); + + if(param){ + *param=(guint32)parameter; + } + return offset; +} + + static int frsrpc_dissect_struct_frsrpc_CommPktChunkCtr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep _U_, int hf_index, guint32 param _U_) { diff --git a/epan/dissectors/pidl/frsrpc.idl b/epan/dissectors/pidl/frsrpc.idl index fb7e2728c0..5dad888122 100644 --- a/epan/dissectors/pidl/frsrpc.idl +++ b/epan/dissectors/pidl/frsrpc.idl @@ -281,7 +281,7 @@ interface frsrpc [case(FRSRPC_COMM_PKT_CHUNK_COMPRESSION_GUID)] GUID compression_guid; [case(FRSRPC_COMM_PKT_CHUNK_BLOCK)] - [flag(NDR_REMAINING)] DATA_BLOB block; + DATA_BLOB block; [case(FRSRPC_COMM_PKT_CHUNK_BLOCK_SIZE)] hyper block_size; [case(FRSRPC_COMM_PKT_CHUNK_FILE_SIZE)] -- cgit v1.2.3