forked from osmocom/wireshark
Added parsing of PORTMAP GETPORT functions.
When we see PRTOMAP GETPORT calls for UDP, make sure all further UDP packets to or from this port goes to the ONC-RPC dissector regardless of the port on the other side. We need this because if there is ONC-RPC traffic going between the ONC-RPC Program port to a port which has a normal ethereal dissector, ethereal would dissect the traffic as the protocol associated with the other port instead. svn path=/trunk/; revision=5430
This commit is contained in:
parent
a0c1d24f5f
commit
9625720a39
|
@ -1,7 +1,7 @@
|
|||
/* conversation.c
|
||||
* Routines for building lists of packets that are part of a "conversation"
|
||||
*
|
||||
* $Id: conversation.c,v 1.17 2001/11/29 09:05:25 guy Exp $
|
||||
* $Id: conversation.c,v 1.18 2002/05/09 12:10:06 sahlberg Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -775,7 +775,7 @@ find_conversation(address *addr_a, address *addr_b, port_type ptype,
|
|||
* one address/port pair.
|
||||
*
|
||||
* First try looking for a conversation with the specified address A
|
||||
* and port B as the first address and port.
|
||||
* and port A as the first address and port.
|
||||
* (Neither "addr_b" nor "port_b" take part in this lookup.)
|
||||
*/
|
||||
conversation =
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* packet-portmap.c
|
||||
* Routines for portmap dissection
|
||||
*
|
||||
* $Id: packet-portmap.c,v 1.35 2002/04/14 23:04:03 guy Exp $
|
||||
* $Id: packet-portmap.c,v 1.36 2002/05/09 12:10:05 sahlberg Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -37,6 +37,8 @@
|
|||
#include "packet-rpc.h"
|
||||
#include "packet-portmap.h"
|
||||
#include "ipproto.h"
|
||||
#include "epan/conversation.h"
|
||||
#include "epan/packet_info.h"
|
||||
|
||||
/*
|
||||
* See:
|
||||
|
@ -66,6 +68,8 @@ static gint ett_portmap = -1;
|
|||
static gint ett_portmap_rpcb = -1;
|
||||
static gint ett_portmap_entry = -1;
|
||||
|
||||
static dissector_handle_t rpc_handle;
|
||||
static dissector_handle_t rpc_tcp_handle;
|
||||
|
||||
/* Dissect a getport call */
|
||||
static int
|
||||
|
@ -75,6 +79,17 @@ dissect_getport_call(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
|
|||
guint32 proto;
|
||||
guint32 prog;
|
||||
|
||||
/* make sure we remember protocol type until the reply packet */
|
||||
if(!pinfo->fd->flags.visited){
|
||||
rpc_call_info_value *rpc_call=pinfo->private_data;
|
||||
if(rpc_call){
|
||||
proto = tvb_get_ntohl(tvb, offset+8);
|
||||
if(proto==17){ /* only do this for UDP */
|
||||
rpc_call->private_data=(void *)PT_UDP;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( tree )
|
||||
{
|
||||
prog = tvb_get_ntohl(tvb, offset+0);
|
||||
|
@ -99,6 +114,24 @@ static int
|
|||
dissect_getport_reply(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
|
||||
proto_tree *tree)
|
||||
{
|
||||
/* we might have learnt a <ipaddr><protocol><port> mapping for ONC-RPC*/
|
||||
if(!pinfo->fd->flags.visited){
|
||||
rpc_call_info_value *rpc_call=pinfo->private_data;
|
||||
/* only do this for UDP, TCP does not need anything like this */
|
||||
if(rpc_call && ((int)rpc_call->private_data==PT_UDP) ){
|
||||
guint32 port;
|
||||
port=tvb_get_ntohl(tvb, offset);
|
||||
if(port){
|
||||
conversation_t *conv;
|
||||
conv=find_conversation(&pinfo->src, &pinfo->dst, (port_type)rpc_call->private_data, port, 0, NO_ADDR_B|NO_PORT_B);
|
||||
if(!conv){
|
||||
conv=conversation_new(&pinfo->src, &pinfo->dst, (port_type)rpc_call->private_data, port, 0, NO_ADDR_B|NO_PORT_B);
|
||||
}
|
||||
conversation_set_dissector(conv, rpc_handle);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
offset = dissect_rpc_uint32(tvb, tree, hf_portmap_port,
|
||||
offset);
|
||||
return offset;
|
||||
|
@ -530,4 +563,6 @@ proto_reg_handoff_portmap(void)
|
|||
rpc_init_proc_table(PORTMAP_PROGRAM, 2, portmap2_proc);
|
||||
rpc_init_proc_table(PORTMAP_PROGRAM, 3, portmap3_proc);
|
||||
rpc_init_proc_table(PORTMAP_PROGRAM, 4, portmap4_proc);
|
||||
rpc_handle = find_dissector("rpc");
|
||||
rpc_tcp_handle = find_dissector("rpc-tcp");
|
||||
}
|
||||
|
|
58
packet-rpc.c
58
packet-rpc.c
|
@ -2,7 +2,7 @@
|
|||
* Routines for rpc dissection
|
||||
* Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
|
||||
*
|
||||
* $Id: packet-rpc.c,v 1.90 2002/04/03 13:24:12 girlich Exp $
|
||||
* $Id: packet-rpc.c,v 1.91 2002/05/09 12:10:05 sahlberg Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -1198,6 +1198,7 @@ dissect_rpc_indir_call(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
rpc_call->prog = prog;
|
||||
rpc_call->vers = vers;
|
||||
rpc_call->proc = proc;
|
||||
rpc_call->private_data = NULL;
|
||||
|
||||
/*
|
||||
* XXX - what about RPCSEC_GSS?
|
||||
|
@ -1767,6 +1768,7 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
rpc_call->prog = prog;
|
||||
rpc_call->vers = vers;
|
||||
rpc_call->proc = proc;
|
||||
rpc_call->private_data = NULL;
|
||||
rpc_call->xid = xid;
|
||||
rpc_call->flavor = flavor;
|
||||
rpc_call->gss_proc = gss_proc;
|
||||
|
@ -1780,6 +1782,12 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
rpc_call);
|
||||
}
|
||||
|
||||
if(rpc_call && rpc_call->rep_num){
|
||||
proto_tree_add_text(rpc_tree, tvb, 0, 0,
|
||||
"The reply to this request is in frame %u",
|
||||
rpc_call->rep_num);
|
||||
}
|
||||
|
||||
offset += 16;
|
||||
|
||||
offset = dissect_rpc_cred(tvb, rpc_tree, offset);
|
||||
|
@ -1803,21 +1811,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
gss_proc = rpc_call->gss_proc;
|
||||
gss_svc = rpc_call->gss_svc;
|
||||
|
||||
/* Indicate the frame to which this is a reply. */
|
||||
proto_tree_add_text(rpc_tree, tvb, 0, 0,
|
||||
"This is a reply to a request in frame %u",
|
||||
rpc_call->req_num);
|
||||
ns.secs= pinfo->fd->abs_secs-rpc_call->req_time.secs;
|
||||
ns.nsecs=pinfo->fd->abs_usecs*1000-rpc_call->req_time.nsecs;
|
||||
if(ns.nsecs<0){
|
||||
ns.nsecs+=1000000000;
|
||||
ns.secs--;
|
||||
}
|
||||
proto_tree_add_time(rpc_tree, hf_rpc_time, tvb, offset, 0,
|
||||
&ns);
|
||||
|
||||
|
||||
|
||||
if (rpc_call->proc_info != NULL) {
|
||||
dissect_function = rpc_call->proc_info->dissect_reply;
|
||||
if (rpc_call->proc_info->name != NULL) {
|
||||
|
@ -1873,6 +1866,29 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
"Procedure: %s (%u)", procname, proc);
|
||||
}
|
||||
|
||||
reply_state = tvb_get_ntohl(tvb,offset+0);
|
||||
if (rpc_tree) {
|
||||
proto_tree_add_uint(rpc_tree, hf_rpc_state_reply, tvb,
|
||||
offset+0, 4, reply_state);
|
||||
}
|
||||
offset += 4;
|
||||
|
||||
/* Indicate the frame to which this is a reply. */
|
||||
if(rpc_call && rpc_call->req_num){
|
||||
proto_tree_add_text(rpc_tree, tvb, 0, 0,
|
||||
"This is a reply to a request in frame %u",
|
||||
rpc_call->req_num);
|
||||
ns.secs= pinfo->fd->abs_secs-rpc_call->req_time.secs;
|
||||
ns.nsecs=pinfo->fd->abs_usecs*1000-rpc_call->req_time.nsecs;
|
||||
if(ns.nsecs<0){
|
||||
ns.nsecs+=1000000000;
|
||||
ns.secs--;
|
||||
}
|
||||
proto_tree_add_time(rpc_tree, hf_rpc_time, tvb, offset, 0,
|
||||
&ns);
|
||||
}
|
||||
|
||||
|
||||
if (rpc_call->rep_num == 0) {
|
||||
/* We have not yet seen a reply to that call, so
|
||||
this must be the first reply; remember its
|
||||
|
@ -1897,13 +1913,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
}
|
||||
}
|
||||
|
||||
reply_state = tvb_get_ntohl(tvb,offset+0);
|
||||
if (rpc_tree) {
|
||||
proto_tree_add_uint(rpc_tree, hf_rpc_state_reply, tvb,
|
||||
offset+0, 4, reply_state);
|
||||
}
|
||||
offset += 4;
|
||||
|
||||
if (reply_state == MSG_ACCEPTED) {
|
||||
offset = dissect_rpc_verf(tvb, rpc_tree, offset, msg_type);
|
||||
accept_state = tvb_get_ntohl(tvb,offset+0);
|
||||
|
@ -2914,6 +2923,9 @@ proto_register_rpc(void)
|
|||
"Whether the RPC dissector should defragment multi-fragment RPC-over-TCP messages",
|
||||
&rpc_defragment);
|
||||
|
||||
register_dissector("rpc", dissect_rpc, proto_rpc);
|
||||
register_dissector("rpc-tcp", dissect_rpc_tcp, proto_rpc);
|
||||
|
||||
/*
|
||||
* Init the hash tables. Dissectors for RPC protocols must
|
||||
* have a "handoff registration" routine that registers the
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* packet-rpc.h
|
||||
*
|
||||
* $Id: packet-rpc.h,v 1.35 2002/04/03 13:24:13 girlich Exp $
|
||||
* $Id: packet-rpc.h,v 1.36 2002/05/09 12:10:05 sahlberg Exp $
|
||||
*
|
||||
* (c) 1999 Uwe Girlich
|
||||
*
|
||||
|
@ -93,6 +93,7 @@ typedef struct _rpc_call_info_value {
|
|||
struct _rpc_proc_info_value* proc_info;
|
||||
gboolean request; /* Is this a request or not ?*/
|
||||
nstime_t req_time;
|
||||
void *private_data;
|
||||
} rpc_call_info_value;
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue