2001-07-11 01:25:45 +00:00
|
|
|
/* packet-dcerpc-epm.c
|
|
|
|
* Routines for dcerpc endpoint mapper dissection
|
|
|
|
* Copyright 2001, Todd Sabin <tas@webspan.net>
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2001-07-11 01:25:45 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-07-11 01:25:45 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2001-07-11 01:25:45 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2006-08-16 23:13:26 +00:00
|
|
|
#include <epan/expert.h>
|
2001-07-11 01:25:45 +00:00
|
|
|
#include "packet-dcerpc.h"
|
2002-10-21 18:07:20 +00:00
|
|
|
#include "packet-dcerpc-nt.h"
|
2001-07-11 01:25:45 +00:00
|
|
|
|
|
|
|
|
2004-12-19 10:30:33 +00:00
|
|
|
static int proto_epm3 = -1;
|
|
|
|
static int proto_epm4 = -1;
|
2001-07-11 01:25:45 +00:00
|
|
|
|
2002-06-24 00:03:18 +00:00
|
|
|
static int hf_epm_opnum = -1;
|
2001-11-27 09:27:29 +00:00
|
|
|
static int hf_epm_inquiry_type = -1;
|
|
|
|
static int hf_epm_object = -1;
|
|
|
|
static int hf_epm_if_id = -1;
|
|
|
|
static int hf_epm_ver_maj = -1;
|
|
|
|
static int hf_epm_ver_min = -1;
|
|
|
|
static int hf_epm_ver_opt = -1;
|
2002-05-26 10:51:06 +00:00
|
|
|
static int hf_epm_hnd = -1;
|
2001-11-27 09:27:29 +00:00
|
|
|
static int hf_epm_max_ents = -1;
|
|
|
|
static int hf_epm_num_ents = -1;
|
2002-05-26 10:51:06 +00:00
|
|
|
static int hf_epm_uuid = -1;
|
|
|
|
static int hf_epm_tower_length = -1;
|
2013-01-31 17:55:31 +00:00
|
|
|
/* static int hf_epm_tower_data = -1; */
|
2002-05-26 10:51:06 +00:00
|
|
|
static int hf_epm_max_towers = -1;
|
|
|
|
static int hf_epm_num_towers = -1;
|
|
|
|
static int hf_epm_rc = -1;
|
2002-10-21 18:07:20 +00:00
|
|
|
static int hf_epm_replace = -1;
|
2002-05-28 11:45:56 +00:00
|
|
|
static int hf_epm_tower_num_floors = -1;
|
|
|
|
static int hf_epm_tower_rhs_len = -1;
|
|
|
|
static int hf_epm_tower_lhs_len = -1;
|
|
|
|
static int hf_epm_tower_proto_id = -1;
|
2002-10-21 18:07:20 +00:00
|
|
|
static int hf_epm_annotation = -1;
|
|
|
|
static int hf_epm_ann_offset = -1;
|
|
|
|
static int hf_epm_ann_len = -1;
|
|
|
|
static int hf_epm_proto_named_pipes = -1;
|
|
|
|
static int hf_epm_proto_netbios_name = -1;
|
|
|
|
static int hf_epm_proto_ip = -1;
|
|
|
|
static int hf_epm_proto_udp_port = -1;
|
|
|
|
static int hf_epm_proto_tcp_port = -1;
|
2004-12-15 09:10:07 +00:00
|
|
|
static int hf_epm_proto_http_port = -1;
|
2001-11-27 09:27:29 +00:00
|
|
|
|
2001-07-11 01:25:45 +00:00
|
|
|
static gint ett_epm = -1;
|
2002-05-28 11:45:56 +00:00
|
|
|
static gint ett_epm_tower_floor = -1;
|
2002-10-21 18:07:20 +00:00
|
|
|
static gint ett_epm_entry = -1;
|
2001-07-11 01:25:45 +00:00
|
|
|
|
2004-12-19 10:30:33 +00:00
|
|
|
/* the UUID is identical for interface versions 3 and 4 */
|
2001-07-11 01:25:45 +00:00
|
|
|
static e_uuid_t uuid_epm = { 0xe1af8308, 0x5d1f, 0x11c9, { 0x91, 0xa4, 0x08, 0x00, 0x2b, 0x14, 0xa0, 0xfa } };
|
2004-12-19 10:30:33 +00:00
|
|
|
static guint16 ver_epm3 = 3;
|
|
|
|
static guint16 ver_epm4 = 4;
|
2001-07-11 01:25:45 +00:00
|
|
|
|
2006-08-16 23:13:26 +00:00
|
|
|
|
|
|
|
|
2003-11-10 20:22:39 +00:00
|
|
|
static const value_string ep_service[] = {
|
2010-05-10 15:54:57 +00:00
|
|
|
{ 0, "rpc_c_ep_all_elts" },
|
|
|
|
{ 1, "rpc_c_ep_match_by_if" },
|
|
|
|
{ 2, "rpc_c_ep_match_by_obj" },
|
|
|
|
{ 3, "rpc_c_ep_match_by_both" },
|
|
|
|
{ 0, NULL },
|
2003-11-10 20:22:39 +00:00
|
|
|
};
|
2001-07-11 01:25:45 +00:00
|
|
|
|
2002-10-21 18:07:20 +00:00
|
|
|
/* typedef struct {
|
|
|
|
unsigned int tower_len,
|
|
|
|
[size_is(tower_len)] char tower[];
|
|
|
|
} twr_t, *twr_p_t;
|
|
|
|
*/
|
2004-01-19 20:10:37 +00:00
|
|
|
static int epm_dissect_tower (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
|
2002-10-21 18:07:20 +00:00
|
|
|
|
|
|
|
|
2001-11-27 09:27:29 +00:00
|
|
|
static int
|
2002-10-21 18:07:20 +00:00
|
|
|
epm_dissect_pointer_IF_ID(tvbuff_t *tvb, int offset,
|
2010-05-10 15:54:57 +00:00
|
|
|
packet_info *pinfo, proto_tree *tree,
|
|
|
|
guint8 *drep)
|
2001-11-27 09:27:29 +00:00
|
|
|
{
|
2010-05-10 15:54:57 +00:00
|
|
|
dcerpc_info *di;
|
|
|
|
|
2013-03-02 22:54:39 +00:00
|
|
|
di=(dcerpc_info *)pinfo->private_data;
|
2010-05-10 15:54:57 +00:00
|
|
|
offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep,
|
|
|
|
di->hf_index, NULL);
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_ver_maj, NULL);
|
|
|
|
offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_ver_min, NULL);
|
|
|
|
return offset;
|
2002-10-21 18:07:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_pointer_UUID(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
2010-05-10 15:54:57 +00:00
|
|
|
dcerpc_info *di;
|
2002-10-21 18:07:20 +00:00
|
|
|
|
2013-03-02 22:54:39 +00:00
|
|
|
di=(dcerpc_info *)pinfo->private_data;
|
2010-05-10 15:54:57 +00:00
|
|
|
offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep,
|
|
|
|
di->hf_index, NULL);
|
|
|
|
return offset;
|
2002-10-21 18:07:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_ept_lookup_rqst (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_inquiry_type, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_pointer_UUID, NDR_POINTER_PTR,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Object:", hf_epm_object);
|
2002-10-21 18:07:20 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_pointer_IF_ID, NDR_POINTER_PTR,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Interface:", hf_epm_if_id);
|
2002-10-21 18:07:20 +00:00
|
|
|
|
2001-11-27 09:27:29 +00:00
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_ver_opt, NULL);
|
2002-10-25 01:16:02 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_hnd, NULL);
|
2001-11-27 09:27:29 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_max_ents, NULL);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-10-21 18:07:20 +00:00
|
|
|
static int
|
|
|
|
epm_dissect_ept_entry_t(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *parent_tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
|
|
|
proto_item *item=NULL;
|
|
|
|
proto_tree *tree=NULL;
|
|
|
|
int old_offset=offset;
|
|
|
|
guint32 len;
|
|
|
|
dcerpc_info *di;
|
2002-11-28 03:57:50 +00:00
|
|
|
const char *str;
|
2010-05-10 15:54:57 +00:00
|
|
|
|
2013-03-02 22:54:39 +00:00
|
|
|
di=(dcerpc_info *)pinfo->private_data;
|
2002-10-21 18:07:20 +00:00
|
|
|
if(di->conformant_run){
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(parent_tree){
|
|
|
|
item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Entry:");
|
|
|
|
tree = proto_item_add_subtree(item, ett_epm_entry);
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_object, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_tower, NDR_POINTER_PTR,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Tower pointer:", -1);
|
2002-10-21 18:07:20 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_ann_offset, NULL);
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_ann_len, &len);
|
2011-01-12 03:08:05 +00:00
|
|
|
str=tvb_get_ephemeral_string(tvb, offset, len);
|
2011-10-15 18:46:26 +00:00
|
|
|
proto_tree_add_item(tree, hf_epm_annotation, tvb, offset, len, ENC_ASCII|ENC_NA);
|
2002-10-21 18:07:20 +00:00
|
|
|
offset += len;
|
|
|
|
|
|
|
|
if(str&&str[0]){
|
2002-10-23 00:48:33 +00:00
|
|
|
if(parent_tree) {
|
2011-01-12 03:08:05 +00:00
|
|
|
proto_item_append_text(item, " Service:%s ", str);
|
|
|
|
proto_item_append_text(tree->parent, " Service:%s ", str);
|
2002-10-23 00:48:33 +00:00
|
|
|
}
|
2002-10-21 18:07:20 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
2011-01-12 03:08:05 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ", Service:%s", str);
|
2002-10-21 18:07:20 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
proto_item_set_len(item, offset-old_offset);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_ept_entry_t_array(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_ept_entry_t);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2001-11-27 09:27:29 +00:00
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
epm_dissect_ept_lookup_resp (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2001-11-27 09:27:29 +00:00
|
|
|
{
|
2001-12-06 23:30:36 +00:00
|
|
|
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
|
2002-05-26 10:51:06 +00:00
|
|
|
hf_epm_hnd, NULL);
|
2001-11-27 09:27:29 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_num_ents, NULL);
|
2002-10-21 18:07:20 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_ept_entry_t_array, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Entries:", -1);
|
2002-10-21 18:07:20 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_rc, NULL);
|
|
|
|
|
2001-11-27 09:27:29 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-05-26 10:51:06 +00:00
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
epm_dissect_uuid (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-05-26 10:51:06 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_uuid, NULL);
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2010-05-10 15:54:57 +00:00
|
|
|
#define PROTO_ID_OSI_OID 0x00
|
|
|
|
#define PROTO_ID_DNA_SESSCTL 0x02
|
|
|
|
#define PROTO_ID_DNA_SESSCTL_V3 0x03
|
|
|
|
#define PROTO_ID_DNA_NSP 0x04
|
|
|
|
#define PROTO_ID_OSI_TP4 0x05
|
|
|
|
#define PROTO_ID_OSI_CLNS 0x06
|
|
|
|
#define PROTO_ID_TCP 0x07
|
|
|
|
#define PROTO_ID_UDP 0x08
|
|
|
|
#define PROTO_ID_IP 0x09
|
|
|
|
#define PROTO_ID_RPC_CL 0x0a
|
|
|
|
#define PROTO_ID_RPC_CO 0x0b
|
|
|
|
#define PROTO_ID_SPX 0x0c /* from DCOM spec (is this correct?) */
|
|
|
|
#define PROTO_ID_UUID 0x0d
|
|
|
|
#define PROTO_ID_IPX 0x0e /* from DCOM spec (is this correct?) */
|
|
|
|
#define PROTO_ID_NAMED_PIPES 0x0f
|
|
|
|
#define PROTO_ID_NAMED_PIPES_2 0x10
|
|
|
|
#define PROTO_ID_NETBIOS 0x11
|
|
|
|
#define PROTO_ID_NETBEUI 0x12
|
|
|
|
#define PROTO_ID_NETWARE_SPX 0x13
|
|
|
|
#define PROTO_ID_NETWARE_IPX 0x14
|
|
|
|
#define PROTO_ID_ATALK_STREAM 0x16
|
|
|
|
#define PROTO_ID_ATALK_DATAGRAM 0x17
|
|
|
|
#define PROTO_ID_ATALK 0x18
|
|
|
|
#define PROTO_ID_NETBIOS_2 0x19
|
|
|
|
#define PROTO_ID_VINES_SPP 0x1a
|
|
|
|
#define PROTO_ID_VINES_IPC 0x1b
|
|
|
|
#define PROTO_ID_STREETTALK 0x1c
|
|
|
|
#define PROTO_ID_HTTP 0x1f
|
|
|
|
#define PROTO_ID_UNIX_DOMAIN 0x20
|
|
|
|
#define PROTO_ID_NULL 0x21
|
|
|
|
#define PROTO_ID_NETBIOS_3 0x22
|
2002-05-28 11:45:56 +00:00
|
|
|
|
|
|
|
static const value_string proto_id_vals[] = {
|
2010-05-10 15:54:57 +00:00
|
|
|
{ PROTO_ID_OSI_OID, "OSI OID"},
|
|
|
|
{ PROTO_ID_DNA_SESSCTL, "DNA Session Control"},
|
|
|
|
{ PROTO_ID_DNA_SESSCTL_V3, "DNA Session Control V3"},
|
|
|
|
{ PROTO_ID_DNA_NSP, "DNA NSP Transport"},
|
|
|
|
{ PROTO_ID_OSI_TP4, "OSI TP4"},
|
|
|
|
{ PROTO_ID_OSI_CLNS, "OSI CLNS or DNA Routing"},
|
|
|
|
{ PROTO_ID_TCP, "DOD TCP"},
|
|
|
|
{ PROTO_ID_UDP, "DOD UDP"},
|
|
|
|
{ PROTO_ID_IP, "DOD IP"},
|
|
|
|
{ PROTO_ID_RPC_CL, "RPC connectionless protocol"},
|
|
|
|
{ PROTO_ID_RPC_CO, "RPC connection-oriented protocol"},
|
|
|
|
{ PROTO_ID_SPX, "SPX?"},
|
|
|
|
{ PROTO_ID_UUID, "UUID"},
|
|
|
|
{ PROTO_ID_IPX, "IPX?"},
|
|
|
|
{ PROTO_ID_NAMED_PIPES, "Named Pipes"},
|
|
|
|
{ PROTO_ID_NAMED_PIPES_2, "Named Pipes"},
|
|
|
|
{ PROTO_ID_NETBIOS, "NetBIOS"},
|
|
|
|
{ PROTO_ID_NETBEUI, "NetBEUI"},
|
|
|
|
{ PROTO_ID_NETWARE_SPX, "Netware SPX"},
|
|
|
|
{ PROTO_ID_NETWARE_IPX, "Netware IPX"},
|
|
|
|
{ PROTO_ID_ATALK_STREAM, "Appletalk Stream"},
|
|
|
|
{ PROTO_ID_ATALK_DATAGRAM, "Appletalk Datagram"},
|
|
|
|
{ PROTO_ID_ATALK, "Appletalk"},
|
|
|
|
{ PROTO_ID_NETBIOS_2, "NetBIOS"},
|
|
|
|
{ PROTO_ID_VINES_SPP, "Vines SPP"},
|
|
|
|
{ PROTO_ID_VINES_IPC, "Vines IPC"},
|
|
|
|
{ PROTO_ID_STREETTALK, "StreetTalk"},
|
|
|
|
{ PROTO_ID_HTTP, "RPC over HTTP"},
|
|
|
|
{ PROTO_ID_UNIX_DOMAIN, "Unix Domain Socket"},
|
|
|
|
{ PROTO_ID_NULL, "null"},
|
|
|
|
{ PROTO_ID_NETBIOS_3, "NetBIOS"},
|
|
|
|
{ 0, NULL},
|
2002-05-28 11:45:56 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* XXX this function assumes LE encoding. can not use the NDR routines
|
|
|
|
since they assume padding.
|
2002-08-28 21:04:11 +00:00
|
|
|
*/
|
2002-05-28 11:45:56 +00:00
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
epm_dissect_tower_data (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2011-11-25 17:19:00 +00:00
|
|
|
guint8 *drep _U_)
|
2002-05-28 11:45:56 +00:00
|
|
|
{
|
2012-10-11 19:39:32 +00:00
|
|
|
guint16 num_floors, ii;
|
2002-05-28 11:45:56 +00:00
|
|
|
dcerpc_info *di;
|
2006-08-16 23:13:26 +00:00
|
|
|
const char *uuid_name;
|
2011-11-25 17:02:51 +00:00
|
|
|
guint8 u8little_endian = DREP_LITTLE_ENDIAN;
|
2002-05-28 11:45:56 +00:00
|
|
|
|
2013-03-02 22:54:39 +00:00
|
|
|
di=(dcerpc_info *)pinfo->private_data;
|
2002-05-28 11:45:56 +00:00
|
|
|
if(di->conformant_run){
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
num_floors = tvb_get_letohs(tvb, offset);
|
|
|
|
proto_tree_add_uint(tree, hf_epm_tower_num_floors, tvb, offset, 2, num_floors);
|
|
|
|
offset += 2;
|
|
|
|
|
2012-10-11 19:39:32 +00:00
|
|
|
for(ii=0;ii<num_floors;ii++){
|
2002-05-28 11:45:56 +00:00
|
|
|
proto_item *it = NULL;
|
|
|
|
proto_tree *tr = NULL;
|
2010-05-10 15:54:57 +00:00
|
|
|
int old_offset = offset;
|
2002-05-28 11:45:56 +00:00
|
|
|
guint16 len;
|
2010-05-10 15:54:57 +00:00
|
|
|
guint8 proto_id;
|
2002-05-28 11:45:56 +00:00
|
|
|
e_uuid_t uuid;
|
2006-08-16 23:13:26 +00:00
|
|
|
proto_item *pi;
|
2002-05-28 11:45:56 +00:00
|
|
|
|
2012-10-11 19:39:32 +00:00
|
|
|
it = proto_tree_add_text(tree, tvb, offset, 0, "Floor %d ", ii+1);
|
2002-05-28 11:45:56 +00:00
|
|
|
tr = proto_item_add_subtree(it, ett_epm_tower_floor);
|
|
|
|
|
|
|
|
len = tvb_get_letohs(tvb, offset);
|
|
|
|
proto_tree_add_uint(tr, hf_epm_tower_lhs_len, tvb, offset, 2, len);
|
|
|
|
offset += 2;
|
|
|
|
|
|
|
|
proto_id = tvb_get_guint8(tvb, offset);
|
|
|
|
proto_tree_add_uint(tr, hf_epm_tower_proto_id, tvb, offset, 1, proto_id);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-05-28 11:45:56 +00:00
|
|
|
switch(proto_id){
|
2003-10-20 20:18:52 +00:00
|
|
|
case PROTO_ID_UUID:
|
2011-11-25 17:02:51 +00:00
|
|
|
dcerpc_tvb_get_uuid (tvb, offset+1, &u8little_endian, &uuid);
|
2003-10-20 20:18:52 +00:00
|
|
|
|
2006-08-17 19:09:41 +00:00
|
|
|
uuid_name = guids_get_uuid_name(&uuid);
|
2006-08-16 23:13:26 +00:00
|
|
|
|
|
|
|
if(uuid_name != NULL) {
|
|
|
|
proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
|
|
|
|
"UUID: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
|
|
|
|
uuid_name,
|
|
|
|
uuid.Data1, uuid.Data2, uuid.Data3,
|
|
|
|
uuid.Data4[0], uuid.Data4[1],
|
|
|
|
uuid.Data4[2], uuid.Data4[3],
|
|
|
|
uuid.Data4[4], uuid.Data4[5],
|
|
|
|
uuid.Data4[6], uuid.Data4[7]);
|
|
|
|
} else {
|
|
|
|
proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
|
|
|
|
"UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
|
|
|
uuid.Data1, uuid.Data2, uuid.Data3,
|
|
|
|
uuid.Data4[0], uuid.Data4[1],
|
|
|
|
uuid.Data4[2], uuid.Data4[3],
|
|
|
|
uuid.Data4[4], uuid.Data4[5],
|
|
|
|
uuid.Data4[6], uuid.Data4[7]);
|
|
|
|
}
|
2003-11-10 20:22:39 +00:00
|
|
|
proto_tree_add_text(tr, tvb, offset+17, 2, "Version %d.%d", tvb_get_guint8(tvb, offset+17), tvb_get_guint8(tvb, offset+18));
|
2003-10-20 20:18:52 +00:00
|
|
|
|
2010-05-10 15:54:57 +00:00
|
|
|
{
|
|
|
|
guint16 version = tvb_get_ntohs(tvb, offset+17);
|
|
|
|
const char *service = dcerpc_get_proto_name(&uuid, version);
|
2011-10-06 22:05:11 +00:00
|
|
|
if (service || uuid_name) {
|
|
|
|
const char *s = service ? service : uuid_name;
|
|
|
|
proto_item_append_text(tr, "UUID: %s", s);
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", s);
|
|
|
|
} else {
|
2010-05-10 15:54:57 +00:00
|
|
|
proto_item_append_text(tr, "UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x Version %d.%d", uuid.Data1, uuid.Data2, uuid.Data3,
|
|
|
|
uuid.Data4[0], uuid.Data4[1],
|
|
|
|
uuid.Data4[2], uuid.Data4[3],
|
|
|
|
uuid.Data4[4], uuid.Data4[5],
|
|
|
|
uuid.Data4[6], uuid.Data4[7],
|
|
|
|
tvb_get_guint8(tvb, offset+17),
|
|
|
|
tvb_get_guint8(tvb, offset+18));
|
2011-10-06 22:05:11 +00:00
|
|
|
}
|
2010-05-10 15:54:57 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
2002-05-28 11:45:56 +00:00
|
|
|
offset += len;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-05-28 11:45:56 +00:00
|
|
|
len = tvb_get_letohs(tvb, offset);
|
2006-08-16 23:13:26 +00:00
|
|
|
pi = proto_tree_add_uint(tr, hf_epm_tower_rhs_len, tvb, offset, 2, len);
|
2002-05-28 11:45:56 +00:00
|
|
|
offset += 2;
|
|
|
|
|
|
|
|
switch(proto_id){
|
2003-10-20 20:18:52 +00:00
|
|
|
|
2006-08-28 21:12:44 +00:00
|
|
|
case PROTO_ID_UUID:
|
|
|
|
/* XXX - is this big or little endian? */
|
2011-10-06 03:35:44 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_ver_min, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2006-08-28 21:12:44 +00:00
|
|
|
break;
|
2003-10-20 20:18:52 +00:00
|
|
|
case PROTO_ID_TCP: /* this one is always big endian */
|
2011-10-06 03:35:44 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_proto_tcp_port, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2002-10-21 18:07:20 +00:00
|
|
|
proto_item_append_text(tr, "TCP Port:%d", tvb_get_ntohs(tvb, offset));
|
2002-05-28 11:45:56 +00:00
|
|
|
break;
|
2002-10-21 18:07:20 +00:00
|
|
|
|
2003-10-20 20:18:52 +00:00
|
|
|
case PROTO_ID_UDP: /* this one is always big endian */
|
2011-10-06 03:35:44 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_proto_udp_port, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2002-10-21 18:07:20 +00:00
|
|
|
proto_item_append_text(tr, "UDP Port:%d", tvb_get_ntohs(tvb, offset));
|
2002-05-28 11:45:56 +00:00
|
|
|
break;
|
2002-10-21 18:07:20 +00:00
|
|
|
|
2003-10-20 20:18:52 +00:00
|
|
|
case PROTO_ID_IP: /* this one is always big endian */
|
2011-10-10 00:39:31 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_proto_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2011-01-14 03:44:58 +00:00
|
|
|
proto_item_append_text(tr, "IP:%s", tvb_ip_to_str(tvb, offset));
|
2002-10-21 18:07:20 +00:00
|
|
|
break;
|
|
|
|
|
2010-05-10 15:54:57 +00:00
|
|
|
case PROTO_ID_RPC_CO:
|
|
|
|
proto_item_append_text(tr, "RPC connection-oriented protocol");
|
|
|
|
break;
|
2003-10-20 20:18:52 +00:00
|
|
|
|
2010-05-10 15:54:57 +00:00
|
|
|
case PROTO_ID_RPC_CL:
|
|
|
|
proto_item_append_text(tr, "RPC connectionless protocol");
|
2006-08-28 21:12:44 +00:00
|
|
|
/* XXX - is this big or little endian? */
|
2011-10-06 03:35:44 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_ver_min, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2010-05-10 15:54:57 +00:00
|
|
|
break;
|
2006-08-16 23:13:26 +00:00
|
|
|
|
2003-10-20 20:18:52 +00:00
|
|
|
case PROTO_ID_NAMED_PIPES: /* \\PIPE\xxx named pipe */
|
2011-10-15 18:46:26 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_proto_named_pipes, tvb, offset, len, ENC_ASCII|ENC_NA);
|
2011-01-12 03:08:05 +00:00
|
|
|
proto_item_append_text(tr, "NamedPipe:%s", tvb_get_ephemeral_string(tvb, offset, len));
|
2002-10-21 18:07:20 +00:00
|
|
|
break;
|
|
|
|
|
2003-10-20 20:18:52 +00:00
|
|
|
case PROTO_ID_NAMED_PIPES_2: /* PIPENAME named pipe */
|
2011-10-15 18:46:26 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_proto_named_pipes, tvb, offset, len, ENC_ASCII|ENC_NA);
|
2011-01-12 03:08:05 +00:00
|
|
|
proto_item_append_text(tr, "PIPE:%s", tvb_get_ephemeral_string(tvb, offset, len));
|
2002-10-21 18:07:20 +00:00
|
|
|
break;
|
|
|
|
|
2003-10-20 20:18:52 +00:00
|
|
|
case PROTO_ID_NETBIOS: /* \\NETBIOS netbios name */
|
2011-10-15 18:46:26 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_proto_netbios_name, tvb, offset, len, ENC_ASCII|ENC_NA);
|
2011-01-12 03:08:05 +00:00
|
|
|
proto_item_append_text(tr, "NetBIOS:%s", tvb_get_ephemeral_string(tvb, offset, len));
|
2002-05-28 11:45:56 +00:00
|
|
|
break;
|
2004-12-15 09:10:07 +00:00
|
|
|
case PROTO_ID_HTTP: /* RPC over HTTP */
|
2011-10-06 03:35:44 +00:00
|
|
|
proto_tree_add_item(tr, hf_epm_proto_http_port, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2004-12-15 09:10:07 +00:00
|
|
|
proto_item_append_text(tr, "RPC over HTTP Port:%d", tvb_get_ntohs(tvb, offset));
|
|
|
|
break;
|
2010-05-10 15:54:57 +00:00
|
|
|
|
2002-05-28 11:45:56 +00:00
|
|
|
default:
|
|
|
|
if(len){
|
2010-05-10 15:54:57 +00:00
|
|
|
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_WARN, "RightHandSide not decoded yet for proto_id 0x%x",
|
2006-08-16 23:13:26 +00:00
|
|
|
proto_id);
|
2010-05-10 15:54:57 +00:00
|
|
|
tvb_ensure_bytes_exist(tvb, offset, len);
|
2006-08-16 23:13:26 +00:00
|
|
|
proto_tree_add_text(tr, tvb, offset, len, "RightHandSide not decoded yet for proto_id 0x%x", proto_id);
|
2002-05-28 11:45:56 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
offset += len;
|
|
|
|
|
|
|
|
proto_item_set_len(it, offset-old_offset);
|
|
|
|
}
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2002-05-26 10:51:06 +00:00
|
|
|
/* typedef struct {
|
|
|
|
unsigned int tower_len,
|
|
|
|
[size_is(tower_len)] char tower[];
|
|
|
|
} twr_t, *twr_p_t;
|
|
|
|
*/
|
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
epm_dissect_tower (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-05-26 10:51:06 +00:00
|
|
|
{
|
2012-09-01 11:22:29 +00:00
|
|
|
guint3264 len;
|
2002-05-26 10:51:06 +00:00
|
|
|
dcerpc_info *di;
|
|
|
|
|
2013-03-02 22:54:39 +00:00
|
|
|
di=(dcerpc_info *)pinfo->private_data;
|
2002-05-26 10:51:06 +00:00
|
|
|
if(di->conformant_run){
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* first one is the header of the conformant array, second one is the
|
|
|
|
length field */
|
2012-09-01 11:22:29 +00:00
|
|
|
offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, drep,
|
2002-05-26 10:51:06 +00:00
|
|
|
hf_epm_tower_length, &len);
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_tower_length, NULL);
|
2002-05-28 11:45:56 +00:00
|
|
|
offset = epm_dissect_tower_data(tvb, offset, pinfo, tree, drep);
|
2002-05-26 10:51:06 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
epm_dissect_tower_pointer (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-05-26 10:51:06 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_tower, NDR_POINTER_PTR,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Tower pointer:", -1);
|
2002-05-26 10:51:06 +00:00
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
epm_dissect_tower_array (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-05-26 10:51:06 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_tower_pointer);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
epm_dissect_ept_map_rqst (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-05-26 10:51:06 +00:00
|
|
|
{
|
|
|
|
/* [in, ptr] uuid_p_t object */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_uuid, NDR_POINTER_PTR,
|
2003-11-21 08:40:00 +00:00
|
|
|
"UUID pointer:", -1);
|
2002-05-26 10:51:06 +00:00
|
|
|
|
|
|
|
/* [in, ptr] twr_p_t map_tower */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_tower, NDR_POINTER_PTR,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Tower pointer:", -1);
|
2002-05-26 10:51:06 +00:00
|
|
|
|
|
|
|
/* [in, out] ept_lookup_handle_t *entry_handle */
|
|
|
|
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_hnd, NULL);
|
|
|
|
|
|
|
|
/* [in] unsigned32 max_towers */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_max_towers, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2002-08-28 21:04:11 +00:00
|
|
|
epm_dissect_ept_map_resp (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-05-26 10:51:06 +00:00
|
|
|
{
|
|
|
|
/* [in, out] ept_lookup_handle_t *entry_handle */
|
|
|
|
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_hnd, NULL);
|
|
|
|
|
|
|
|
/* [out, ptr] unsigned32 *num_towers */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_num_towers, NULL);
|
|
|
|
|
|
|
|
/* [out, length_is(*num_towers), size_is(max_towers), ptr] twr_p_t towers[] */
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_tower_array, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Tower array:", -1);
|
2002-05-26 10:51:06 +00:00
|
|
|
|
|
|
|
/* [out] error_status_t *status */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_rc, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2001-11-27 09:27:29 +00:00
|
|
|
|
2002-10-21 18:07:20 +00:00
|
|
|
static int
|
|
|
|
epm_dissect_ept_entry_t_ucarray(tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_ept_entry_t);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_ept_insert_rqst (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_num_ents, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_ept_entry_t_ucarray, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Entries:", -1);
|
2002-10-21 18:07:20 +00:00
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_replace, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_ept_insert_resp (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
|
|
|
/* [out] error_status_t *status */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_rc, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_ept_delete_rqst (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_num_ents, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
|
|
|
|
epm_dissect_ept_entry_t_ucarray, NDR_POINTER_REF,
|
2003-01-28 06:39:41 +00:00
|
|
|
"Entries:", -1);
|
2002-10-21 18:07:20 +00:00
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_ept_delete_resp (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-21 18:07:20 +00:00
|
|
|
{
|
|
|
|
/* [out] error_status_t *status */
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_rc, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-10-25 01:16:02 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_ept_lookup_handle_free_rqst (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-25 01:16:02 +00:00
|
|
|
{
|
2003-11-21 08:40:00 +00:00
|
|
|
/* [in, out] ept_lookup_handle_t *entry_handle */
|
2002-10-25 01:16:02 +00:00
|
|
|
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_hnd, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
epm_dissect_ept_lookup_handle_free_resp (tvbuff_t *tvb, int offset,
|
|
|
|
packet_info *pinfo, proto_tree *tree,
|
2004-01-19 20:10:37 +00:00
|
|
|
guint8 *drep)
|
2002-10-25 01:16:02 +00:00
|
|
|
{
|
2003-11-21 08:40:00 +00:00
|
|
|
/* [in, out] ept_lookup_handle_t *entry_handle */
|
2002-10-25 01:16:02 +00:00
|
|
|
offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_hnd, NULL);
|
|
|
|
|
|
|
|
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
|
|
|
|
hf_epm_rc, NULL);
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2001-07-11 01:25:45 +00:00
|
|
|
static dcerpc_sub_dissector epm_dissectors[] = {
|
2010-05-10 15:54:57 +00:00
|
|
|
{ 0, "Insert",
|
|
|
|
epm_dissect_ept_insert_rqst,
|
|
|
|
epm_dissect_ept_insert_resp },
|
2002-10-21 18:07:20 +00:00
|
|
|
{ 1, "Delete",
|
2010-05-10 15:54:57 +00:00
|
|
|
epm_dissect_ept_delete_rqst,
|
|
|
|
epm_dissect_ept_delete_resp },
|
2002-10-21 18:07:20 +00:00
|
|
|
{ 2, "Lookup",
|
2010-05-10 15:54:57 +00:00
|
|
|
epm_dissect_ept_lookup_rqst,
|
|
|
|
epm_dissect_ept_lookup_resp },
|
2002-08-28 21:04:11 +00:00
|
|
|
{ 3, "Map",
|
2010-05-10 15:54:57 +00:00
|
|
|
epm_dissect_ept_map_rqst,
|
|
|
|
epm_dissect_ept_map_resp },
|
2002-10-25 01:16:02 +00:00
|
|
|
{ 4, "LookupHandleFree",
|
2010-05-10 15:54:57 +00:00
|
|
|
epm_dissect_ept_lookup_handle_free_rqst,
|
|
|
|
epm_dissect_ept_lookup_handle_free_resp },
|
2002-10-25 01:16:02 +00:00
|
|
|
{ 5, "InqObject", NULL, NULL },
|
|
|
|
{ 6, "MgmtDelete", NULL, NULL },
|
2002-05-31 00:31:13 +00:00
|
|
|
{ 0, NULL, NULL, NULL }
|
2001-07-11 01:25:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_epm (void)
|
|
|
|
{
|
2004-12-15 09:10:07 +00:00
|
|
|
static hf_register_info hf[] = {
|
2002-06-24 00:03:18 +00:00
|
|
|
{ &hf_epm_opnum,
|
2010-05-10 15:54:57 +00:00
|
|
|
{ "Operation", "epm.opnum", FT_UINT16, BASE_DEC,
|
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2001-11-27 09:27:29 +00:00
|
|
|
{ &hf_epm_inquiry_type,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, VALS(ep_service), 0x0, NULL, HFILL }},
|
2001-11-27 09:27:29 +00:00
|
|
|
{ &hf_epm_object,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Object", "epm.object", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
2001-11-27 09:27:29 +00:00
|
|
|
{ &hf_epm_if_id,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Interface", "epm.if_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
2001-11-27 09:27:29 +00:00
|
|
|
{ &hf_epm_ver_maj,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Version Major", "epm.ver_maj", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
2001-11-27 09:27:29 +00:00
|
|
|
{ &hf_epm_ver_min,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Version Minor", "epm.ver_min", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
2001-11-27 09:27:29 +00:00
|
|
|
{ &hf_epm_ver_opt,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Version Option", "epm.ver_opt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
2002-05-26 10:51:06 +00:00
|
|
|
{ &hf_epm_hnd,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Handle", "epm.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "Context handle", HFILL }},
|
2001-11-27 09:27:29 +00:00
|
|
|
{ &hf_epm_max_ents,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Max entries", "epm.max_ents", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
2001-11-27 09:27:29 +00:00
|
|
|
{ &hf_epm_num_ents,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Num entries", "epm.num_ents", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
2002-05-26 10:51:06 +00:00
|
|
|
{ &hf_epm_uuid,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "UUID", "epm.uuid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
2002-10-21 18:07:20 +00:00
|
|
|
{ &hf_epm_annotation,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Annotation", "epm.annotation", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
|
2002-10-21 18:07:20 +00:00
|
|
|
{ &hf_epm_proto_named_pipes,
|
|
|
|
{ "Named Pipe", "epm.proto.named_pipe", FT_STRING, BASE_NONE, NULL, 0x0, "Name of the named pipe for this service", HFILL }},
|
|
|
|
{ &hf_epm_proto_netbios_name,
|
|
|
|
{ "NetBIOS Name", "epm.proto.netbios_name", FT_STRING, BASE_NONE, NULL, 0x0, "NetBIOS name where this service can be found", HFILL }},
|
2002-05-26 10:51:06 +00:00
|
|
|
{ &hf_epm_tower_length,
|
|
|
|
{ "Length", "epm.tower.len", FT_UINT32, BASE_DEC, NULL, 0x0, "Length of tower data", HFILL }},
|
2013-01-31 17:55:31 +00:00
|
|
|
#if 0
|
2002-05-26 10:51:06 +00:00
|
|
|
{ &hf_epm_tower_data,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Tower", "epm.tower", FT_BYTES, BASE_NONE, NULL, 0x0, "Tower data", HFILL }},
|
2013-01-31 17:55:31 +00:00
|
|
|
#endif
|
2002-05-26 10:51:06 +00:00
|
|
|
{ &hf_epm_max_towers,
|
|
|
|
{ "Max Towers", "epm.max_towers", FT_UINT32, BASE_DEC, NULL, 0x0, "Maximum number of towers to return", HFILL }},
|
|
|
|
{ &hf_epm_num_towers,
|
|
|
|
{ "Num Towers", "epm.num_towers", FT_UINT32, BASE_DEC, NULL, 0x0, "Number number of towers to return", HFILL }},
|
2002-10-21 18:07:20 +00:00
|
|
|
{ &hf_epm_ann_offset,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Annotation offset", "epm.ann_offset", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
2002-10-21 18:07:20 +00:00
|
|
|
{ &hf_epm_ann_len,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
{ "Annotation length", "epm.ann_len", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
|
2002-05-26 10:51:06 +00:00
|
|
|
{ &hf_epm_rc,
|
|
|
|
{ "Return code", "epm.rc", FT_UINT32, BASE_HEX, NULL, 0x0, "EPM return value", HFILL }},
|
2002-10-21 18:07:20 +00:00
|
|
|
{ &hf_epm_replace,
|
|
|
|
{ "Replace", "epm.replace", FT_UINT8, BASE_DEC, NULL, 0x0, "Replace existing objects?", HFILL }},
|
2002-05-28 11:45:56 +00:00
|
|
|
{ &hf_epm_tower_num_floors,
|
|
|
|
{ "Number of floors", "epm.tower.num_floors", FT_UINT16, BASE_DEC, NULL, 0x0, "Number of floors in tower", HFILL }},
|
2002-10-21 18:07:20 +00:00
|
|
|
{ &hf_epm_proto_udp_port,
|
|
|
|
{ "UDP Port", "epm.proto.udp_port", FT_UINT16, BASE_DEC, NULL, 0x0, "UDP Port where this service can be found", HFILL }},
|
|
|
|
{ &hf_epm_proto_tcp_port,
|
|
|
|
{ "TCP Port", "epm.proto.tcp_port", FT_UINT16, BASE_DEC, NULL, 0x0, "TCP Port where this service can be found", HFILL }},
|
2004-12-15 09:10:07 +00:00
|
|
|
{ &hf_epm_proto_http_port,
|
2010-05-10 15:54:57 +00:00
|
|
|
{ "TCP Port", "epm.proto.http_port", FT_UINT16, BASE_DEC, NULL, 0x0, "TCP Port where this service can be found", HFILL }},
|
2002-05-28 11:45:56 +00:00
|
|
|
{ &hf_epm_tower_rhs_len,
|
|
|
|
{ "RHS Length", "epm.tower.rhs.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of RHS data", HFILL }},
|
|
|
|
{ &hf_epm_tower_lhs_len,
|
|
|
|
{ "LHS Length", "epm.tower.lhs.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of LHS data", HFILL }},
|
2002-10-21 18:07:20 +00:00
|
|
|
{ &hf_epm_proto_ip,
|
|
|
|
{ "IP", "epm.proto.ip", FT_IPv4, BASE_NONE, NULL, 0x0, "IP address where service is located", HFILL }},
|
2002-05-28 11:45:56 +00:00
|
|
|
{ &hf_epm_tower_proto_id,
|
2002-05-31 00:31:13 +00:00
|
|
|
{ "Protocol", "epm.tower.proto_id", FT_UINT8, BASE_HEX, VALS(proto_id_vals), 0x0, "Protocol identifier", HFILL }}
|
2001-11-27 09:27:29 +00:00
|
|
|
};
|
2004-12-15 09:10:07 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_epm,
|
|
|
|
&ett_epm_tower_floor,
|
|
|
|
&ett_epm_entry
|
|
|
|
};
|
2010-05-10 15:54:57 +00:00
|
|
|
|
2004-12-19 10:30:33 +00:00
|
|
|
/* interface version 3 */
|
|
|
|
proto_epm3 = proto_register_protocol ("DCE/RPC Endpoint Mapper", "EPM", "epm");
|
|
|
|
proto_register_field_array (proto_epm3, hf, array_length (hf));
|
2004-12-15 09:10:07 +00:00
|
|
|
proto_register_subtree_array (ett, array_length (ett));
|
2004-12-19 10:30:33 +00:00
|
|
|
|
|
|
|
/* interface version 4 */
|
2010-05-10 15:54:57 +00:00
|
|
|
proto_epm4 = proto_register_protocol ("DCE/RPC Endpoint Mapper v4", "EPMv4", "epm4");
|
2001-07-11 01:25:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_epm (void)
|
|
|
|
{
|
2004-12-15 09:10:07 +00:00
|
|
|
/* Register the protocol as dcerpc */
|
2004-12-19 10:30:33 +00:00
|
|
|
dcerpc_init_uuid (proto_epm3, ett_epm, &uuid_epm, ver_epm3, epm_dissectors, hf_epm_opnum);
|
|
|
|
dcerpc_init_uuid (proto_epm4, ett_epm, &uuid_epm, ver_epm4, epm_dissectors, hf_epm_opnum);
|
2001-07-11 01:25:45 +00:00
|
|
|
}
|
2011-10-06 22:05:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 4
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: nil
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=4 tabstop=8 expandtab:
|
|
|
|
* :indentSize=4:tabSize=8:noTabs=true:
|
|
|
|
*/
|