add a field in pinfo where dcerpc/pidl can store the name of the current dcerpc procedure

use this field in the policy handle helper to indicate not only which frames the handle was opened/close in but also the name of the function that opened it. eventually, when other pidl support infrastructure is developed it would be nice if this could be expanded to also contain the name of the object/handle opened. svn path=/trunk/; revision=20895
2007-02-21 20:21:11 +00:00 · 2007-02-21 20:21:11 +00:00 · 8ed1260c2c
parent aa49bdf665
commit 8ed1260c2c
3 changed files with 24 additions and 1 deletions
--- a/epan/dissectors/packet-dcerpc-nt.c
+++ b/epan/dissectors/packet-dcerpc-nt.c
@ -944,12 +944,31 @@ PIDL_dissect_policy_hnd(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 		      proto_tree *tree, guint8 *drep, int hfindex,
 		      guint32 param)
 {
+	e_ctx_hnd policy_hnd;
+	dcerpc_info *di;
+
+	di=pinfo->private_data;
+
 	offset=dissect_nt_hnd(tvb, offset, pinfo,
 		      tree, drep, hfindex,
-		      NULL, NULL,
+		      &policy_hnd, NULL,
 		      param&PIDL_POLHND_OPEN, param&PIDL_POLHND_CLOSE,
 		      HND_TYPE_CTX_HANDLE);

+	/* If this was an open/create and we dont yet have a policy name 
+	 * then create one.
+	 * XXX We do not yet have the infrastructure to know the name of the 
+	 * actual object  so just show it as <...> for the time being.
+	 */
+	if((param&PIDL_POLHND_OPEN) 
+	&& !pinfo->fd->flags.visited
+	&& !di->conformant_run){
+		char *pol_name=NULL;
+
+		pol_name=ep_strdup_printf("%s(<...>)", pinfo->dcerpc_procedure_name);	
+		dcerpc_smb_store_pol_name(&policy_hnd, pinfo, pol_name);
+	}
+
 	return offset;
 }

--- a/epan/packet.c
+++ b/epan/packet.c
@ -313,6 +313,7 @@ dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
 	edt->pi.profinet_type = 0;
        edt->pi.usb_conv_info = NULL;
        edt->pi.tcp_tree = NULL;
+	edt->pi.dcerpc_procedure_name="";

 	TRY {
 		edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);
--- a/epan/packet_info.h
+++ b/epan/packet_info.h
@ -176,6 +176,9 @@ typedef struct _packet_info {
  guint16 profinet_type; 	/* the type of PROFINET packet (0: not a PROFINET packet) */
  void *usb_conv_info;
  void *tcp_tree;		/* proto_tree for the tcp layer */
+
+  char *dcerpc_procedure_name;	/* Used by PIDL to store the name of the current dcerpc procedure */
+
 } packet_info;

 #endif /* __PACKET_INFO_H__ */