osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

From Tim Potter: use the FID, for DCE RPC-over-SMB, as part of the 

conversation matching.

svn path=/trunk/; revision=4220
This commit is contained in:
Guy Harris 2001-11-18 22:44:08 +00:00
parent dbec2dc1e8
commit 8c358fd83e
5 changed files with 60 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
AUTHORS
View File

@ -896,6 +896,8 @@ Tim Potter <tpot[AT]samba.org> {
Display the FID in the Info column of NT Create and X replies
Display the setup words in some SMB Transaction messages and
extract the FID from them
Use the FID, for DCE RPC-over-SMB, as part of the conversation
matching
}
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to

32
packet-dcerpc.c
View File

@ -2,7 +2,7 @@
* Routines for DCERPC packet disassembly
* Copyright 2001, Todd Sabin <tas@webspan.net>
*
* $Id: packet-dcerpc.c,v 1.14 2001/11/12 09:04:11 guy Exp $
* $Id: packet-dcerpc.c,v 1.15 2001/11/18 22:44:07 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -234,6 +234,7 @@ static GHashTable *dcerpc_convs;
typedef struct _dcerpc_conv_key {
conversation_t *conv;
guint16 ctx_id;
guint16 smb_fid;
} dcerpc_conv_key;
static GMemChunk *dcerpc_conv_key_chunk;
@ -251,14 +252,15 @@ dcerpc_conv_equal (gconstpointer k1, gconstpointer k2)
dcerpc_conv_key *key1 = (dcerpc_conv_key *)k1;
dcerpc_conv_key *key2 = (dcerpc_conv_key *)k2;
return (key1->conv == key2->conv
&& key1->ctx_id == key2->ctx_id);
&& key1->ctx_id == key2->ctx_id
&& key1->smb_fid == key2->smb_fid);
}
static guint
dcerpc_conv_hash (gconstpointer k)
{
dcerpc_conv_key *key = (dcerpc_conv_key *)k;
return ((guint)key->conv) + key->ctx_id;
return ((guint)key->conv) + key->ctx_id + key->smb_fid;
}
@ -450,8 +452,10 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
}
if (tree) {
sub_item = proto_tree_add_item (tree, sub_proto->proto, tvb, offset,
tvb_length (tvb) - offset, FALSE);
if (sub_item) {
sub_tree = proto_item_add_subtree (sub_item, sub_proto->ett);
}
@ -536,6 +540,26 @@ dissect_dcerpc_cn_auth (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr
}
/* We need to hash in the SMB fid number to generate a unique hash table
key as DCERPC over SMB allows several pipes over the same TCP/IP
socket. */
static guint16 get_smb_fid(void *private_data)
{
dcerpc_private_info *priv = (dcerpc_private_info *)private_data;
if (!priv)
return 0; /* Nothing to see here */
/* DCERPC over smb */
if (priv->transport_type == DCERPC_TRANSPORT_SMB)
return priv->data.smb.fid;
/* Some other transport... */
return 0;
}
/*
* Connection oriented packet types
@ -618,6 +642,7 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr
key = g_mem_chunk_alloc (dcerpc_conv_key_chunk);
key->conv = conv;
key->ctx_id = ctx_id;
key->smb_fid = get_smb_fid(pinfo->private_data);
value = g_mem_chunk_alloc (dcerpc_conv_value_chunk);
value->uuid = if_id;
@ -798,6 +823,7 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr
key.conv = conv;
key.ctx_id = ctx_id;
key.smb_fid = get_smb_fid(pinfo->private_data);
value = g_hash_table_lookup (dcerpc_convs, &key);
if (value) {

17
packet-dcerpc.h
View File

@ -1,7 +1,7 @@
/* packet-dcerpc.h
* Copyright 2001, Todd Sabin <tas@webspan.net>
*
* $Id: packet-dcerpc.h,v 1.2 2001/07/11 01:25:45 guy Exp $
* $Id: packet-dcerpc.h,v 1.3 2001/11/18 22:44:07 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -100,5 +100,20 @@ typedef struct _dcerpc_sub_dissector {
/* registration function for subdissectors */
void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs);
/* Private data structure to pass to DCERPC dissector. This is used to
pass transport specific information down to the dissector from the
dissector that parsed this encapsulated calls. */
#define DCERPC_TRANSPORT_SMB 1
typedef struct _dcerpc_private_info {
int transport_type; /* Tag */
union {
struct { /* DCERPC_TRANSPORT_SMB */
guint16 fid;
} smb;
} data;
} dcerpc_private_info;
#endif /* packet-dcerpc.h */

12
packet-smb-pipe.c
View File

@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets
* significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
* Guy Harris 2001
*
* $Id: packet-smb-pipe.c,v 1.43 2001/11/18 02:51:19 guy Exp $
* $Id: packet-smb-pipe.c,v 1.44 2001/11/18 22:44:07 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -54,6 +54,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets
#include "smb.h"
#include "packet-smb-pipe.h"
#include "packet-smb-browse.h"
#include "packet-dcerpc.h"
static int proto_smb_lanman = -1;
static int hf_function_code = -1;
@ -2177,11 +2178,20 @@ static heur_dissector_list_t msrpc_heur_subdissector_list;
static gboolean
dissect_pipe_msrpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
dcerpc_private_info dcerpc_priv;
smb_info_t *smb_priv = (smb_info_t *)pinfo->private_data;
gboolean result;
dcerpc_priv.transport_type = DCERPC_TRANSPORT_SMB;
dcerpc_priv.data.smb.fid = smb_priv->fid;
pinfo->private_data = &dcerpc_priv;
result = dissector_try_heuristic(msrpc_heur_subdissector_list, tvb,
pinfo, parent_tree);
pinfo->private_data = smb_priv;
if (!result)
dissect_data(tvb, 0, pinfo, parent_tree);

3
smb.h
View File

@ -2,7 +2,7 @@
* Defines for smb packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
* $Id: smb.h,v 1.21 2001/11/18 02:51:20 guy Exp $
* $Id: smb.h,v 1.22 2001/11/18 22:44:08 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -665,6 +665,7 @@ typedef struct smb_info {
gboolean request; /* Is this a request? */
gboolean unidir;
int info_count;
guint16 fid;
smb_saved_info_t *sip; /* smb_saved_info_t, if any, for this */
} smb_info_t;