Expanded bootparams dissector to handle decoding getfile calls and replies.

Added proto_registrar_get_name routine to proto.c to retrieve the name of particular proto_tree field. Added dissect_rpc_string_item to packet-rpc.c. This routine does the same thing as dissect_rpc_string, except it takes a hfindex of a proto_tree item instead of a name. It uses the p_r_get_name call to get the name, and adds the actual string content as a hidden field (so that the subtree highlights the entire data area - length, data, and padding). There is only one call to dissect_rpc_string, so I believe that this routine should replace it. svn path=/trunk/; revision=1011
1999-11-11 16:20:25 +00:00 · 1999-11-11 16:20:25 +00:00 · 6043b610ed
parent 76710fcc54
commit 6043b610ed
6 changed files with 154 additions and 11 deletions
--- a/3
+++ b/3
@ -153,7 +153,8 @@ Nathan Neulinger <nneul@umr.edu> {
 	Andrew File System protocol support
 	802.1q VLAN support
 	RPC Portmap dissector
-	Stubs for ypbind/ypserv/ypxfr/bootparams rpc dissectors
+	RPC Bootparams dissector
+	Stubs for ypbind/ypserv/ypxfr rpc dissectors
 }

 Tomislav Vujec <tvujec@carnet.hr> {
--- a/packet-bootparams.c
+++ b/packet-bootparams.c
@ -1,7 +1,7 @@
 /* packet-bootparams.c
 * Routines for bootparams dissection
 *
- * $Id: packet-bootparams.c,v 1.2 1999/11/10 21:05:09 nneul Exp $
+ * $Id: packet-bootparams.c,v 1.3 1999/11/11 16:20:24 nneul Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@unicom.net>
@ -28,24 +28,87 @@
 #include "config.h"
 #endif

-
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif

+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+
+#include <string.h>
+#include <glib.h>

 #include "packet-rpc.h"
 #include "packet-bootparams.h"

 static int proto_bootparams = -1;
+static int hf_bootparams_host = -1;
+static int hf_bootparams_fileid = -1;
+static int hf_bootparams_filepath = -1;
+static int hf_bootparams_addresstype = -1;
+static int hf_bootparams_address = -1;
+
+/* Dissect a getfile call */
+int dissect_getfile_call(const u_char *pd, int offset, frame_data *fd,
+	proto_tree *tree)
+{
+	if ( tree )
+	{
+		offset = dissect_rpc_string_item(pd,offset,fd,tree,hf_bootparams_host);
+		offset = dissect_rpc_string_item(pd,offset,fd,tree,hf_bootparams_fileid);
+	}
+	
+	return offset;
+}
+
+/* Dissect a getfile reply */
+int dissect_getfile_reply(const u_char *pd, int offset, frame_data *fd,
+	proto_tree *tree)
+{
+	guint32 type;
+	guint32 ipaddr;
+
+	if ( tree )
+	{
+		offset = dissect_rpc_string_item(pd,offset,fd,tree,hf_bootparams_host);
+
+		/* get the address type */
+		if ( !BYTES_ARE_IN_FRAME(offset, 1)) return offset;
+		type = pntohl(&pd[offset]); /* type of address */
+		proto_tree_add_item(tree, hf_bootparams_addresstype,
+			offset, 4, type);
+		offset += 4;
+
+		if ( type != 1 ) /* only know how to handle this type of address */
+		{
+			return offset;
+		}
+
+		/* get the address itself - weird ass format */
+		if ( ! BYTES_ARE_IN_FRAME(offset, 16)) return offset;
+		ipaddr = (pd[offset+3]<<24) + (pd[offset+7]<<16) +
+			(pd[offset+11]<<8) + (pd[offset+15]);
+		proto_tree_add_item(tree, hf_bootparams_address, 
+			offset, 16, ntohl(ipaddr));
+		offset += 16;
+
+		offset = dissect_rpc_string_item(pd,offset,fd,tree,hf_bootparams_filepath);
+	}
+	
+	return offset;
+}

 /* proc number, "proc name", dissect_request, dissect_reply */
 /* NULL as function pointer means: take the generic one. */
 const vsff bootparams1_proc[] = {
-	{ BOOTPARAMSPROC_NULL,	"NULL",		NULL,				NULL },
-	{ BOOTPARAMSPROC_WHOAMI,	"WHOAMI",		NULL,				NULL },
-	{ BOOTPARAMSPROC_GETFILE,	"GETFILE",		NULL,				NULL },
-	{ 0,	NULL,		NULL,				NULL }
+	{ BOOTPARAMSPROC_NULL, "NULL",
+		NULL, NULL },
+	{ BOOTPARAMSPROC_WHOAMI, "WHOAMI", 
+		NULL, NULL },
+	{ BOOTPARAMSPROC_GETFILE, "GETFILE", 
+		dissect_getfile_call, dissect_getfile_reply },
+	{ 0, NULL, NULL, NULL }
 };
 /* end of Bootparams version 1 */

@ -53,7 +116,26 @@ const vsff bootparams1_proc[] = {
 void
 proto_register_bootparams(void)
 {
+	static hf_register_info hf[] = {
+		{ &hf_bootparams_host, {
+			"Host", "bootparams.host", FT_STRING, BASE_DEC,
+			NULL, 0, "Host" }},
+		{ &hf_bootparams_fileid, {
+			"File ID", "bootparams.fileid", FT_STRING, BASE_DEC,
+			NULL, 0, "File ID" }},
+		{ &hf_bootparams_filepath, {
+			"File Path", "bootparams.filepath", FT_STRING, BASE_DEC,
+			NULL, 0, "File Path" }},
+		{ &hf_bootparams_addresstype, {
+			"Address Type", "bootparams.addresstype", FT_UINT32, BASE_DEC,
+			NULL, 0, "Address Type" }},
+		{ &hf_bootparams_address, {
+			"Address", "bootparams.address", FT_IPv4, BASE_DEC,
+			NULL, 0, "Address" }},
+	};
+
 	proto_bootparams = proto_register_protocol("Boot Parameters", "bootparams");
+	proto_register_field_array(proto_bootparams, hf, array_length(hf));

 	/* Register the protocol as RPC */
 	rpc_init_prog(proto_bootparams, BOOTPARAMS_PROGRAM, ETT_BOOTPARAMS);
--- a/packet-rpc.c
+++ b/packet-rpc.c
@ -2,7 +2,7 @@
 * Routines for rpc dissection
 * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
 * 
- * $Id: packet-rpc.c,v 1.6 1999/11/10 17:23:54 nneul Exp $
+ * $Id: packet-rpc.c,v 1.7 1999/11/11 16:20:24 nneul Exp $
 * 
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@unicom.net>
@ -391,6 +391,49 @@ dissect_rpc_string(const u_char *pd, int offset, frame_data *fd, proto_tree *tre
 	return offset;
 }

+int
+dissect_rpc_string_item(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int hfindex)
+{
+	proto_item *string_item;
+	proto_tree *string_tree = NULL;
+
+	guint32 string_length;
+	guint32 string_fill;
+	guint32 string_length_full;
+	char string_buffer[RPC_STRING_MAXBUF];
+
+	if (!BYTES_ARE_IN_FRAME(offset,4)) return offset;
+	string_length = EXTRACT_UINT(pd,offset+0);
+	string_length_full = roundup(string_length);
+	string_fill = string_length_full - string_length;
+	if (!BYTES_ARE_IN_FRAME(offset+4,string_length_full)) return offset;
+	if (string_length>=sizeof(string_buffer)) return offset;
+	memcpy(string_buffer,pd+offset+4,string_length);
+	string_buffer[string_length] = '\0';
+	if (tree) {
+		string_item = proto_tree_add_text(tree,offset+0,
+			4+string_length_full,
+			"%s: %s", proto_registrar_get_name(hfindex), string_buffer);
+		proto_tree_add_item_hidden(tree, hfindex, offset+4,
+			string_length, string_buffer);
+		if (string_item) {
+			string_tree = proto_item_add_subtree(string_item, ETT_RPC_STRING);
+		}
+	}
+	if (string_tree) {
+		proto_tree_add_text(string_tree,offset+0,4,
+			"length: %u", string_length);
+		proto_tree_add_text(string_tree,offset+4,string_length,
+			"text: %s", string_buffer);
+		if (string_fill)
+			proto_tree_add_text(string_tree,offset+4+string_length,string_fill,
+				"fill bytes: opaque data");
+	}
+
+	offset += 4 + string_length_full;
+	return offset;
+}
+

 void
 dissect_rpc_auth( const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
--- a/packet-rpc.h
+++ b/packet-rpc.h
@ -1,5 +1,5 @@
 /* packet-rpc.h (c) 1999 Uwe Girlich */
-/* $Id: packet-rpc.h,v 1.2 1999/11/05 07:16:23 guy Exp $ */
+/* $Id: packet-rpc.h,v 1.3 1999/11/11 16:20:25 nneul Exp $ */

 #ifndef __PACKET_RPC_H__
 #define __PACKET_RPC_H__
@ -96,6 +96,10 @@ extern void init_dissect_rpc();
 extern void cleanup_dissect_rpc();

 extern unsigned int roundup(unsigned int a);
+extern int dissect_rpc_string(const u_char *pd, int offset, frame_data *fd,
+	proto_tree *tree, char* name);
+extern int dissect_rpc_string_item(const u_char *pd, int offset, frame_data *fd,
+	proto_tree *tree, int hfindex);
 extern int dissect_rpc_uint32(const u_char *pd, int offset, frame_data *fd,
 	proto_tree *tree, char* name, char* type);
 extern int dissect_rpc_uint64(const u_char *pd, int offset, frame_data *fd,
--- a/proto.c
+++ b/proto.c
@ -1,7 +1,7 @@
 /* proto.c
 * Routines for protocol tree
 *
- * $Id: proto.c,v 1.46 1999/10/20 06:28:28 guy Exp $
+ * $Id: proto.c,v 1.47 1999/11/11 16:20:25 nneul Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -951,6 +951,16 @@ proto_registrar_n(void)
 	return gpa_hfinfo->len;
 }

+char*
+proto_registrar_get_name(int n)
+{
+    struct header_field_info *hfinfo;
+    hfinfo = find_hfinfo_record(n);
+    if (hfinfo)
+        return hfinfo->name;
+    else        return NULL;
+}
+
 char*
 proto_registrar_get_abbrev(int n)
 {
--- a/proto.h
+++ b/proto.h
@ -1,7 +1,7 @@
 /* proto.h
 * Definitions for protocol display
 *
- * $Id: proto.h,v 1.17 1999/10/12 06:20:24 gram Exp $
+ * $Id: proto.h,v 1.18 1999/11/11 16:20:25 nneul Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -189,6 +189,9 @@ proto_item_fill_label(field_info *fi, gchar *label_str);
 /* Returns number of items (protocols or header fields) registered. */
 int proto_registrar_n(void);

+/* Returns char* to name for item # n (0-indexed) */
+char* proto_registrar_get_name(int n);
+
 /* Returns char* to abbrev for item # n (0-indexed) */
 char* proto_registrar_get_abbrev(int n);