Uwe Girlich's ONC RPC and NFS dissectors.

svn path=/trunk/; revision=945

AUTHORS

@@ -157,6 +157,10 @@ Kojak <kojak@bigwig.net> {
 	ICQ support
 }
 
+Uwe Girlich <Uwe.Girlich@philosys.de> {
+	ONC RPC and NFS support
+}
+
 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to
 give his permission to use his version of snprintf.c.
 

Makefile.am

@@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Ethereal
 #
-# $Id: Makefile.am,v 1.99 1999/10/27 02:41:11 gram Exp $
+# $Id: Makefile.am,v 1.100 1999/10/29 01:04:16 guy Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@zing.org>
@@ -75,6 +75,8 @@ DISSECTOR_SOURCES = \
 	packet-ncp.h   \
 	packet-netbios.c \
 	packet-netbios.h \
+	packet-nfs.c   \
+	packet-nfs.h   \
 	packet-nntp.c  \
 	packet-ntp.c  \
 	packet-ntp.h  \
@@ -89,6 +91,8 @@ DISSECTOR_SOURCES = \
 	packet-pptp.c  \
 	packet-radius.c\
 	packet-raw.c   \
+	packet-rpc.c   \
+	packet-rpc.h   \
 	packet-rip.c   \
 	packet-rip.h   \
 	packet-ripng.c \

conversation.h

@@ -1,7 +1,7 @@
 /* conversation.h
  * Routines for building lists of packets that are part of a "conversation"
  *
- * $Id: conversation.h,v 1.2 1999/10/24 07:27:18 guy Exp $
+ * $Id: conversation.h,v 1.3 1999/10/29 01:04:17 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -23,6 +23,9 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  */
 
+#ifndef __CONVERSATION_H__
+#define __CONVERSATION_H__
+
 /*
  * Data structure representing a conversation.
  */
@@ -37,3 +40,5 @@ conversation_t *conversation_new(address *src, address *dst, port_type ptype,
     guint16 src_port, guint16 dst_port, void *data);
 conversation_t *find_conversation(address *src, address *dst, port_type ptype,
     guint16 src_port, guint16 dst_port);
+
+#endif /* conversation.h */

doc/ethereal.pod.template

@@ -622,6 +622,7 @@ B<http://ethereal.zing.org>.
   Nathan Neulinger         <nneul@umr.edu>
   Tomislav Vujec           <tvujec@carnet.hr>
   Kojak                    <kojak@bigwig.net>
+  Uwe Girlich              <Uwe.Girlich@philosys.de>
 
 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his
 permission to use his version of snprintf.c.

file.c

@@ -1,7 +1,7 @@
 /* file.c
  * File I/O routines
  *
- * $Id: file.c,v 1.114 1999/10/22 08:56:13 guy Exp $
+ * $Id: file.c,v 1.115 1999/10/29 01:04:17 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -149,6 +149,7 @@ open_cap_file(char *fname, capture_file *cf) {
   /* Initialize protocol-specific variables */
   afs_init_protocol();
   ncp_init_protocol();
+  rpc_init_protocol();
   smb_init_protocol();
 
   cf->wth = wth;

gtk/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * $Id: main.c,v 1.28 1999/10/24 00:55:59 guy Exp $
+ * $Id: main.c,v 1.29 1999/10/29 01:04:44 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -156,6 +156,7 @@ about_ethereal( GtkWidget *w, gpointer data ) {
 		"Nathan Neulinger         <nneul@umr.edu>\n"
 		"Tomislav Vujec           <tvujec@carnet.hr>\n"
 		"Kojak                    <kojak@bigwig.net>\n"
+		"Uwe Girlich              <Uwe.Girlich@philosys.de>\n"
 
 		"\nSee http://ethereal.zing.org for more information",
                 VERSION, comp_info_str);
@@ -523,6 +524,7 @@ file_quit_cmd_cb (GtkWidget *widget, gpointer data) {
 /* call initialization routines at program startup time */
 static void
 ethereal_proto_init(void) {
+  init_dissect_rpc();
   proto_init();
   init_dissect_udp();
   dfilter_init();

packet-udp.c

@@ -1,7 +1,7 @@
 /* packet-udp.c
  * Routines for UDP packet disassembly
  *
- * $Id: packet-udp.c,v 1.32 1999/10/24 00:55:48 guy Exp $
+ * $Id: packet-udp.c,v 1.33 1999/10/29 01:04:18 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -43,6 +43,7 @@
 #include <glib.h>
 #include "packet.h"
 #include "resolv.h"
+#include "packet-rpc.h"
 
 int proto_udp = -1;		
 int hf_udp_srcport = -1;
@@ -222,6 +223,54 @@ dissect_udp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
   pi.srcport = uh_sport;
   pi.destport = uh_dport;
 
+  /* RPC */
+  if (BYTES_ARE_IN_FRAME(offset,8)) {
+    guint32		rpc_msgtype;
+
+    /* both directions need at least this */
+    rpc_msgtype = EXTRACT_UINT(pd,offset+4);
+
+    /* check for RPC reply */
+    if (rpc_msgtype == RPC_REPLY) {
+      rpc_call_info	rpc_key;
+      rpc_call_info	*rpc_value;
+      conversation_t	*conversation;
+
+      conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
+        pi.srcport, pi.destport);
+      if (conversation) {
+        /* It makes only sense to look for the corresponding RPC request,
+           if there was a conversation. */
+        rpc_key.xid = EXTRACT_UINT(pd,offset+0);
+        rpc_key.conversation = conversation;
+        if ((rpc_value=rpc_call_lookup(&rpc_key)) != NULL) {
+            dissect_rpc(pd,offset,fd,tree,rpc_msgtype,(void*)rpc_value);
+          return;
+        }
+      }
+    }
+
+    /* check for RPC call */
+    if (BYTES_ARE_IN_FRAME(offset,16)) {
+      guint32 rpc_vers;
+      rpc_prog_info_key rpc_prog_key;
+      rpc_prog_info_value *rpc_prog_info;
+
+      /* xid can be anything, we dont check it */
+      /* msgtype is already defined */
+      rpc_vers = EXTRACT_UINT(pd,offset+8);
+      rpc_prog_key.prog = EXTRACT_UINT(pd,offset+12);
+      if (rpc_msgtype == RPC_CALL &&
+          rpc_vers == 2 &&
+          ((rpc_prog_info = g_hash_table_lookup(rpc_progs, &rpc_prog_key)) != NULL))
+      {
+        dissect_rpc(pd,offset,fd,tree,rpc_msgtype,(void*)rpc_prog_info);
+        return;
+      }
+    }
+  }
+  /* end of RPC */
+
   /* XXX - we should do all of this through the table of ports. */
 #define PORT_IS(port)	(uh_sport == port || uh_dport == port)
   if (PORT_IS(UDP_PORT_BOOTPS))

packet.h

@@ -1,7 +1,7 @@
 /* packet.h
  * Definitions for packet disassembly structures and routines
  *
- * $Id: packet.h,v 1.121 1999/10/25 20:28:20 guy Exp $
+ * $Id: packet.h,v 1.122 1999/10/29 01:04:18 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@zing.org>
@@ -422,6 +422,20 @@ enum {
 	ETT_SNA_RH_2,
 	ETT_SNA_RU,
 	ETT_YHOO,
+	ETT_RPC,
+	ETT_RPC_CRED,
+	ETT_RPC_VERF,
+	ETT_RPC_GIDS,
+	ETT_NFS,
+	ETT_NFS2_FH,
+	ETT_NFS3_FH,
+	ETT_BOOT,
+	ETT_MNT,
+	ETT_NLM,
+	ETT_PMAP,
+	ETT_STAT,
+	ETT_YPBIND,
+	ETT_YPSERV,
 	NUM_TREE_TYPES	/* last item number plus one */
 };
 
@@ -468,6 +482,7 @@ void       col_append_str(frame_data *, gint, gchar *);
 void blank_packetinfo(void);
 
 void afs_init_protocol(void);
+void rpc_init_protocol(void);
 void smb_init_protocol(void);
 
 void dissect_packet(const u_char *, frame_data *, proto_tree *);
@@ -603,6 +618,9 @@ void dissect_smb(const u_char *, int, frame_data *, proto_tree *, int);
 void dissect_pptp(const u_char *, int, frame_data *, proto_tree *);
 void dissect_gre(const u_char *, int, frame_data *, proto_tree *);
 
+void dissect_rpc(const u_char *, int, frame_data *, proto_tree *, guint32, void*);
+
+void init_dissect_rpc(void);
 void init_dissect_udp(void);
 void init_dissect_x25(void);