Some fixes to atsvc from Jean-Baptiste Marchand ...

svn path=/trunk/; revision=7798
2003-06-06 17:09:18 +00:00 · 2003-06-06 17:09:18 +00:00 · 48774ccaf1
parent 13994411a9
commit 48774ccaf1
1 changed files with 273 additions and 65 deletions
--- a/packet-dcerpc-atsvc.c
+++ b/packet-dcerpc-atsvc.c
@ -2,7 +2,7 @@
 * Routines for SMB \pipe\atsvc packet disassembly
 * Copyright 2003 Jean-Baptiste Marchand <jbm@hsc.fr>
 *
- * $Id: packet-dcerpc-atsvc.c,v 1.1 2003/05/28 22:43:57 sharpe Exp $
+ * $Id: packet-dcerpc-atsvc.c,v 1.2 2003/06/06 17:09:18 sharpe Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -23,6 +23,7 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@ -38,6 +39,7 @@
 static int proto_dcerpc_atsvc = -1;

 static int hf_atsvc_server = -1;
+static int hf_atsvc_command = -1;
 static int hf_atsvc_opnum = -1;
 static int hf_atsvc_rc = -1;
 static int hf_atsvc_job_id = -1;
@ -52,6 +54,12 @@ static int hf_atsvc_job_flags_add_current_date = -1;
 static int hf_atsvc_job_flags_runs_today = -1;
 static int hf_atsvc_job_flags_exec_error = -1;
 static int hf_atsvc_job_flags_run_periodically = -1;
+static int hf_atsvc_job_enum_hnd = -1;
+static int hf_atsvc_jobs_count = -1;
+static int hf_atsvc_enum_handle = -1;
+static int hf_atsvc_pref_max = -1;
+static int hf_atsvc_num_entries = -1;
+static int hf_atsvc_total_entries = -1;

 static gint ett_dcerpc_atsvc = -1;
 static gint ett_dcerpc_atsvc_job = -1;
@ -85,49 +93,41 @@ static guint16 ver_dcerpc_atsvc = 1;
 */

 static int
-dissect_atsvc_AT_INFO(tvbuff_t *tvb, int offset,
+atsvc_dissect_AT_INFO_fields(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	proto_item *item = NULL;
-	proto_tree *subtree = NULL;
 	proto_tree *flags_tree = NULL;
 	guint32 job_time;
 	guint8 job_flags;
 	guint8 job_hour, job_min, job_sec;
 	guint16 job_msec;
+	dcerpc_info *di = (dcerpc_info *) pinfo->private_data;

+	offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
+			0, &job_time);

-	if (tree) {
-		item = proto_tree_add_text(tree, tvb, offset, -1, "Job");
-		subtree = proto_item_add_subtree(item, ett_dcerpc_atsvc_job);
-	}
+	job_hour = job_time / 3600000;
+	job_min = (job_time - job_hour * 3600000) / 60000;
+	job_sec = (job_time - (job_hour * 3600000) - (job_min * 60000)) / 1000;
+	job_msec = (job_time - (job_hour * 3600000) - (job_min * 60000) - (job_sec * 1000));

-	if (subtree) {
+	proto_tree_add_uint_format(tree, hf_atsvc_job_time, tvb, offset - 4,
+			4, job_time, "Time: %02d:%02d:%02d:%03d", job_hour, job_min, job_sec, job_msec);

-		offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
-				0, &job_time);
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+			hf_atsvc_job_days_of_month, NULL);

-		job_hour = job_time / 3600000;
-		job_min = (job_time - job_hour * 3600000) / 60000;
-		job_sec = (job_time - (job_hour * 3600000) - (job_min * 60000)) / 1000;
-		job_msec = (job_time - (job_hour * 3600000) - (job_min * 60000) - (job_sec * 1000));
+	offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep,
+			hf_atsvc_job_days_of_week, NULL);

-		proto_tree_add_uint_format(subtree, hf_atsvc_job_time, tvb, offset - 4,
-				4, job_time, "Time: %02d:%02d:%02d:%03d", job_hour, job_min, job_sec, job_msec);
+	offset = dissect_ndr_uint8(tvb, offset, pinfo, NULL, drep,
+			0, &job_flags);

-		offset = dissect_ndr_uint32(tvb, offset, pinfo, subtree, drep,
-				hf_atsvc_job_days_of_month, NULL);
+	item = proto_tree_add_text(tree, tvb, offset-1, 1, "Flags: 0x%02x", job_flags);
+	flags_tree = proto_item_add_subtree(item, ett_dcerpc_atsvc_job_flags);

-		offset = dissect_ndr_uint8(tvb, offset, pinfo, subtree, drep,
-				hf_atsvc_job_days_of_week, NULL);
-
-		offset = dissect_ndr_uint8(tvb, offset, pinfo, NULL, drep,
-					0, &job_flags);
-
-		item = proto_tree_add_text(subtree, tvb, offset-1, 1, "Flags: 0x%02x", job_flags);
-		flags_tree = proto_item_add_subtree(item, ett_dcerpc_atsvc_job_flags);
-
-		if (flags_tree) {
+	if (flags_tree) {

 #define JOB_RUN_PERIODICALLY 0x01
 #define JOB_EXEC_ERROR 0x02
@ -135,41 +135,109 @@ dissect_atsvc_AT_INFO(tvbuff_t *tvb, int offset,
 #define JOB_ADD_CURRENT_DATE 0x08
 #define JOB_NONINTERACTIVE 0x10

+		if (di->call_data->opnum == ATSVC_JOB_ADD) { 

 			if (job_flags & JOB_RUN_PERIODICALLY) {
 				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_run_periodically,
 						tvb, offset-1, 1, job_flags);
 			}
+			else {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_run_periodically,
+						tvb, offset-1, 1, 0);
+			}
+
+
+			if (job_flags & JOB_ADD_CURRENT_DATE) {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_add_current_date,
+						tvb, offset-1, 1, job_flags);
+			}
+			else {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_add_current_date,
+						tvb, offset-1, 1, 0);
+			}
+
+
+			if (job_flags & JOB_NONINTERACTIVE) {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_noninteractive,
+						tvb, offset-1, 1, job_flags);
+			}
+			else {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_noninteractive,
+						tvb, offset-1, 1, job_flags);
+			}
+
+		}
+
+		if ((di->call_data->opnum == ATSVC_JOB_GETINFO) 
+				|| (di->call_data->opnum == ATSVC_JOB_ENUM)) {
+
+
+			if (job_flags & JOB_RUN_PERIODICALLY) {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_run_periodically,
+						tvb, offset-1, 1, job_flags);
+			}
+			else {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_run_periodically,
+						tvb, offset-1, 1, 0);
+			}
+

 			if (job_flags & JOB_EXEC_ERROR) {
 				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_exec_error,
 						tvb, offset-1, 1, job_flags);
 			}
+			else {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_exec_error,
+						tvb, offset-1, 1, 0);
+			}
+

 			if (job_flags & JOB_RUNS_TODAY) {
 				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_runs_today,
 						tvb, offset-1, 1, job_flags);
 			}
-
-			if (job_flags & JOB_ADD_CURRENT_DATE) {
-				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_add_current_date,
-						tvb, offset-1, 1, job_flags);
+			else {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_runs_today,
+						tvb, offset-1, 1, 0);
 			}

 			if (job_flags & JOB_NONINTERACTIVE) {
 				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_noninteractive,
 						tvb, offset-1, 1, job_flags);
 			}
-				
+			else {
+				proto_tree_add_boolean(flags_tree, hf_atsvc_job_flags_noninteractive,
+						tvb, offset-1, 1, job_flags);
+			}

-		offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, subtree, drep,
-				NDR_POINTER_UNIQUE, "Command", hf_atsvc_server, 0);
 		}
+
 	}

+	offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
+			NDR_POINTER_UNIQUE, "Command", hf_atsvc_command, 0);
+
 	return offset;
 }

+static int
+atsvc_dissect_AT_INFO(tvbuff_t *tvb, int offset,
+	packet_info *pinfo, proto_tree *tree, char *drep)
+{
+	proto_item *item = NULL;
+	proto_tree *subtree = NULL;
+
+	if (tree) {
+		item = proto_tree_add_text(tree, tvb, offset, -1, "Job");
+		subtree = proto_item_add_subtree(item, ett_dcerpc_atsvc_job);
+	}
+
+	offset = atsvc_dissect_AT_INFO_fields(tvb, offset, pinfo, subtree, drep);
+
+	return offset;
+}
+
+

 /*
 IDL long NetrJobAdd(
@ -186,7 +254,7 @@ atsvc_dissect_add_rqst(tvbuff_t *tvb, int offset,
        offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
 			NDR_POINTER_UNIQUE, "Server", hf_atsvc_server, 0);

-	offset = dissect_atsvc_AT_INFO(tvb, offset, pinfo, tree, drep);
+	offset = atsvc_dissect_AT_INFO(tvb, offset, pinfo, tree, drep);

 	return offset;
 }
@ -251,32 +319,82 @@ atsvc_dissect_del_reply(tvbuff_t *tvb, int offset,
 */

 static int
-dissect_atsvc_AT_ENUM(tvbuff_t *tvb, int offset,
+atsvc_dissect_AT_ENUM(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-			hf_atsvc_job_id, NULL);
+	proto_item *item = NULL;
+	proto_tree *subtree = NULL;
+	guint32 job_id;

-	offset = dissect_atsvc_AT_INFO(tvb, offset, pinfo, tree, drep);
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep,
+			0, &job_id);
+
+	if (tree) {
+		item = proto_tree_add_text(tree, tvb, offset, -1, "Job %d", job_id);
+		subtree = proto_item_add_subtree(item, ett_dcerpc_atsvc_job);
+	}
+
+	proto_tree_add_uint_format(subtree, hf_atsvc_job_id, tvb, offset - 4,
+			4, job_id, "Job ID: %d", job_id);
+
+	offset = atsvc_dissect_AT_INFO_fields(tvb, offset, pinfo, subtree, drep);
+
+	return offset;
+}
+
+
+static int
+atsvc_dissect_ENUM_HANDLE(tvbuff_t *tvb, int offset,
+			   packet_info *pinfo, proto_tree *tree,
+			   char *drep)
+{
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+			      hf_atsvc_enum_handle, 0);
+	return offset;
+
+}
+
+static int
+atsvc_dissect_AT_ENUM_array(tvbuff_t *tvb, int offset,
+				     packet_info *pinfo, proto_tree *tree,
+				     char *drep)
+{
+	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
+			atsvc_dissect_AT_ENUM);

 	return offset;
 }

 /*
 IDL typedef struct {
- IDL   long element_27;
- IDL   [size_is(element_27)] [unique] AT_ENUM *element_28;
- IDL } TYPE_2;
+ IDL   long EntriesRead; 
+ IDL   [size_is(EntriesRead)] [unique] AT_ENUM *first_entry;
+ IDL } AT_ENUM_CONTAINER;
 */

+static int
+atsvc_dissect_AT_ENUM_CONTAINER(tvbuff_t *tvb, int offset,
+				     packet_info *pinfo, proto_tree *tree,
+				     char *drep)
+{
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+		hf_atsvc_num_entries, NULL);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+		atsvc_dissect_AT_ENUM_array, NDR_POINTER_UNIQUE,
+		"AT_ENUM array:", -1);
+
+	return offset;
+}
+

 /*
 IDL long NetrJobEnum(
 IDL       [in] [unique] [string] wchar_t *Servername,
- IDL   [in,out] [ref] TYPE_2 *PointerToBuffer,
+ IDL   [in,out] [ref] AT_ENUM_CONTAINER *PointerToBuffer,
 IDL       [in] long PreferredMaximumLength,
- IDL      [out] [ref] long *element_38,
- IDL   [in,out] [unique] long *element_39
+ IDL      [out] [ref] long *TotalEntries,
+ IDL   [in,out] [unique] long *ResumeHandle
 IDL );
 */

@ -287,6 +405,17 @@ atsvc_dissect_enum_rqst(tvbuff_t *tvb, int offset,
        offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, drep,
 			NDR_POINTER_UNIQUE, "Server", hf_atsvc_server, 0);

+  	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			atsvc_dissect_AT_ENUM_CONTAINER,
+			NDR_POINTER_REF, "Job list", -1);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, 
+			hf_atsvc_pref_max, 0);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, 
+				     atsvc_dissect_ENUM_HANDLE,
+				     NDR_POINTER_UNIQUE, "Enum Handle", -1);
+
 	return offset;
 }

@ -294,13 +423,27 @@ static int
 atsvc_dissect_enum_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
+  	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+			atsvc_dissect_AT_ENUM_CONTAINER,
+			NDR_POINTER_REF, "Job list", -1);
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
+				    hf_atsvc_total_entries, 0);
+
+	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, 
+				     atsvc_dissect_ENUM_HANDLE,
+				     NDR_POINTER_UNIQUE, "Enum Handle", -1);
+
+	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
+			hf_atsvc_rc, NULL);
+
 	return offset;
 }


 /*
 IDL long NetrJobGetInfo(
- IDL       [in] [unique] [string] wchar_t *ServerName,
+ IDL       [in] [unique] [string] wchar_t *Servername,
 IDL       [in] long JobId,
 IDL      [out] [ref] AT_INFO **PointerToBuffer
 IDL );
@ -324,15 +467,19 @@ atsvc_dissect_getinfo_reply(tvbuff_t *tvb, int offset,
 	packet_info *pinfo, proto_tree *tree, char *drep)
 {
 	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-			dissect_atsvc_AT_INFO, NDR_POINTER_UNIQUE,
+			atsvc_dissect_AT_INFO, NDR_POINTER_UNIQUE,
 			"Job info", -1);
+
+	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
+			hf_atsvc_rc, NULL);
+
 	return offset;
 }

 static dcerpc_sub_dissector dcerpc_atsvc_dissectors[] = {
 	{ ATSVC_JOB_ADD, "NetrJobAdd", atsvc_dissect_add_rqst, atsvc_dissect_add_reply },
 	{ ATSVC_JOB_DEL, "NetrJobDel", atsvc_dissect_del_rqst, atsvc_dissect_del_reply },
-	{ ATSVC_JOB_ENUM, "NetrJobEnum", atsvc_dissect_enum_rqst, NULL },
+	{ ATSVC_JOB_ENUM, "NetrJobEnum", atsvc_dissect_enum_rqst, atsvc_dissect_enum_reply },
 	{ ATSVC_JOB_GETINFO, "NetrJobGetInfo", atsvc_dissect_getinfo_rqst, atsvc_dissect_getinfo_reply },
        { 0, NULL, NULL,  NULL }
 };
@ -346,9 +493,46 @@ static const value_string atsvc_opnum_vals[] = {
 	{ 0, NULL }
 };

+static const value_string atsvc_job_day_of_month[] = {
+	{       0x00, "n/a" },
+	{       0x01, "01" },
+	{       0x02, "02" },
+	{       0x04, "03" },
+	{       0x08, "04" },
+	{       0x10, "05" },
+	{       0x20, "06" },
+	{       0x40, "07" },
+	{       0x80, "08" },
+	{      0x100, "09" },
+	{      0x200, "10" },
+	{      0x400, "11" },
+	{      0x800, "12" },
+	{     0x1000, "13" },
+	{     0x2000, "14" },
+	{     0x4000, "15" },
+	{     0x8000, "16" },
+	{    0x10000, "17" },
+	{    0x20000, "18" },
+	{    0x40000, "19" },
+	{    0x80000, "20" },
+	{   0x100000, "21" },
+	{   0x200000, "22" },
+	{   0x400000, "23" },
+	{   0x800000, "24" },
+	{  0x1000000, "25" },
+	{  0x2000000, "26" },
+	{  0x4000000, "27" },
+	{  0x8000000, "28" },
+	{ 0x10000000, "29" },
+	{ 0x20000000, "30" },
+	{ 0x40000000, "31" },
+	{ 0, NULL }
+};
+
+

 static const value_string atsvc_job_day_of_week[] = {
-	{ 0x00, "Today" },
+	{ 0x00, "n/a" },
 	{ 0x01, "Monday" },
 	{ 0x02, "Tuesday" },
 	{ 0x04, "Wednesday" },
@ -365,8 +549,8 @@ static const true_false_string tfs_job_flags_type = {
 };

 static const true_false_string tfs_job_flags_exec_error = {
-	"Last job execution was successful",
-	"Last job execution failed"
+	"Last job execution FAILED",
+	"Last job execution was successful"
 };

 static const true_false_string tfs_job_flags_runs_today = {
@ -375,8 +559,8 @@ static const true_false_string tfs_job_flags_runs_today = {
 };

 static const true_false_string tfs_job_flags_add_current_date = {
-	"Job relative to current date",
-	"Job NOT relative to current date"
+	"Job is scheduled relative to current day of month",
+	"Job is NOT scheduled relative to current day of month"
 };

 static const true_false_string tfs_job_flags_noninteractive = {
@ -394,13 +578,17 @@ proto_register_dcerpc_atsvc(void)
 		    { "Server", "atsvc.server", FT_STRING, BASE_NONE,
 		      NULL, 0x0, "Server Name", HFILL}},

+	  	{ &hf_atsvc_command,
+		    { "Command", "atsvc.command", FT_STRING, BASE_NONE,
+		      NULL, 0x0, "Command to execute", HFILL}},
+
 		{ &hf_atsvc_opnum, 
 		  { "Operation", "atsvc.opnum", FT_UINT16, BASE_DEC,
 		   VALS(atsvc_opnum_vals), 0x0, "Operation", HFILL }},	

 		{&hf_atsvc_rc,
 		  { "Return code", "atsvc.rc", FT_UINT32, BASE_HEX,
-		    VALS(NT_errors), 0x0, "Eventlog return status code", HFILL }}, 
+		    VALS(NT_errors), 0x0, "atsvc status code", HFILL }}, 

 	  	{ &hf_atsvc_job_id,
 		    { "Job ID", "atsvc.job_id", FT_UINT32,
@ -412,7 +600,7 @@ proto_register_dcerpc_atsvc(void)

 	  	{ &hf_atsvc_job_days_of_month,
 		    { "Job day of the month", "atsvc.job_day_of_month", FT_UINT32,
-		      BASE_DEC, NULL, 0x0, "Job day of the month", HFILL}},
+		      BASE_DEC, VALS(atsvc_job_day_of_month), 0x0, "Job day of the month", HFILL}},

 	  	{ &hf_atsvc_job_days_of_week,
 		    { "Job day of the week", "atsvc.job_day_of_week", FT_UINT8,
@ -435,23 +623,45 @@ proto_register_dcerpc_atsvc(void)
 	 		TFS(&tfs_job_flags_type), JOB_RUN_PERIODICALLY, "Job type", HFILL }},

 		{ &hf_atsvc_job_flags_exec_error,
-		    { "Last job execution error", "atsvc.jobs.flags.exec_error", FT_BOOLEAN, 8,
-	 		TFS(&tfs_job_flags_exec_error), JOB_EXEC_ERROR, "Last job execution failed?", HFILL }},
+		    { "Last job execution status", "atsvc.jobs.flags.exec_error", FT_BOOLEAN, 8,
+	 		TFS(&tfs_job_flags_exec_error), JOB_EXEC_ERROR, "Last job execution status", HFILL }},

 		{ &hf_atsvc_job_flags_runs_today,
-		    { "Job scheduled to execute today", "atsvc.jobs.flags.runs_today", FT_BOOLEAN, 8,
-	 		TFS(&tfs_job_flags_runs_today), JOB_RUNS_TODAY, "Job runs today?", HFILL }},
+		    { "Job schedule", "atsvc.jobs.flags.runs_today", FT_BOOLEAN, 8,
+	 		TFS(&tfs_job_flags_runs_today), JOB_RUNS_TODAY, "Job schedule", HFILL }},

 		{ &hf_atsvc_job_flags_add_current_date,
-		    { "Job relative to current date?", "atsvc.jobs.flags.add_current_date", FT_BOOLEAN, 8,
-	 		TFS(&tfs_job_flags_add_current_date), JOB_ADD_CURRENT_DATE, "Job relative to current date?", HFILL }},
+		    { "Job relative to current day of month", "atsvc.jobs.flags.add_current_date", FT_BOOLEAN, 8,
+	 		TFS(&tfs_job_flags_add_current_date), JOB_ADD_CURRENT_DATE, "Job relative to current day of month", HFILL }},

 		{ &hf_atsvc_job_flags_noninteractive,
 		    { "Job interactive status", "atsvc.jobs.flags.noninteractive", FT_BOOLEAN, 8,
 	 		TFS(&tfs_job_flags_noninteractive), JOB_NONINTERACTIVE, "Job interactive status", HFILL }},

-	};
+        	{ &hf_atsvc_job_enum_hnd,
+	            { "Handle", "atsvc.job.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "Context handle", HFILL }},

+	  	{ &hf_atsvc_jobs_count,
+		    { "Jobs count", "atsvc.jobs_count", FT_UINT32,
+		      BASE_DEC, NULL, 0x0, "Number of jobs", HFILL}},
+
+	      { &hf_atsvc_enum_handle,
+  	            { "Enumeration handle", "atsvc.enum_hnd", FT_BYTES,
+		      BASE_HEX, NULL, 0x0, "Enumeration Handle", HFILL}},
+
+	      { &hf_atsvc_pref_max, 
+		    { "Preferred max length", "atsvc.pref.max.len", FT_INT32,
+     		    BASE_DEC, NULL, 0x0, "Preferred max length", HFILL}},
+
+	      { &hf_atsvc_num_entries, 
+	           { "Returned entries", "atsvc.num.entries", FT_INT32,
+	           BASE_DEC, NULL, 0x0, "Number of returned entries", HFILL}},
+
+   	      { &hf_atsvc_total_entries, 
+	           { "Total entries", "atsvc.total.entries", FT_INT32,
+	           BASE_DEC, NULL, 0x0, "Total number of available entries", HFILL}},
+
+	};

        static gint *ett[] = {
                &ett_dcerpc_atsvc,
@ -481,5 +691,3 @@ proto_reg_handoff_dcerpc_atsvc(void)
 		ver_dcerpc_atsvc, dcerpc_atsvc_dissectors, hf_atsvc_opnum);

 }
-
-