Added parsing of PORTMAP GETPORT functions.

When we see PRTOMAP GETPORT calls for UDP, make sure all further UDP packets to  or from
this port goes to the ONC-RPC dissector regardless of the port on the other side.

We need this because if there is ONC-RPC traffic going between the ONC-RPC Program port to a port which has a normal ethereal dissector, ethereal would dissect the traffic as the protocol associated with the other port instead.

svn path=/trunk/; revision=5430

epan/conversation.c

@@ -1,7 +1,7 @@
 /* conversation.c
  * Routines for building lists of packets that are part of a "conversation"
  *
- * $Id: conversation.c,v 1.17 2001/11/29 09:05:25 guy Exp $
+ * $Id: conversation.c,v 1.18 2002/05/09 12:10:06 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -775,7 +775,7 @@ find_conversation(address *addr_a, address *addr_b, port_type ptype,
 	 * one address/port pair.
 	 *
 	 * First try looking for a conversation with the specified address A
-	 * and port B as the first address and port.
+	 * and port A as the first address and port.
 	 * (Neither "addr_b" nor "port_b" take part in this lookup.)
 	 */
 	conversation =

packet-portmap.c

@@ -1,7 +1,7 @@
 /* packet-portmap.c
  * Routines for portmap dissection
  *
- * $Id: packet-portmap.c,v 1.35 2002/04/14 23:04:03 guy Exp $
+ * $Id: packet-portmap.c,v 1.36 2002/05/09 12:10:05 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -37,6 +37,8 @@
 #include "packet-rpc.h"
 #include "packet-portmap.h"
 #include "ipproto.h"
+#include "epan/conversation.h"
+#include "epan/packet_info.h"
 
 /*
  * See:
@@ -66,6 +68,8 @@ static gint ett_portmap = -1;
 static gint ett_portmap_rpcb = -1;
 static gint ett_portmap_entry = -1;
 
+static dissector_handle_t rpc_handle;
+static dissector_handle_t rpc_tcp_handle;
 
 /* Dissect a getport call */
 static int
@@ -75,6 +79,17 @@ dissect_getport_call(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
 	guint32 proto;
 	guint32 prog;
 
+	/* make sure we remember protocol type until the reply packet */
+	if(!pinfo->fd->flags.visited){
+		rpc_call_info_value *rpc_call=pinfo->private_data;
+		if(rpc_call){
+			proto = tvb_get_ntohl(tvb, offset+8);
+			if(proto==17){  /* only do this for UDP */
+				rpc_call->private_data=(void *)PT_UDP;
+			}
+		}
+	}
+
 	if ( tree )
 	{
 		prog = tvb_get_ntohl(tvb, offset+0);
@@ -99,6 +114,24 @@ static int
 dissect_getport_reply(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
 	proto_tree *tree)
 {
+	/* we might have learnt a <ipaddr><protocol><port> mapping for ONC-RPC*/
+	if(!pinfo->fd->flags.visited){
+		rpc_call_info_value *rpc_call=pinfo->private_data;
+		/* only do this for UDP, TCP does not need anything like this */
+		if(rpc_call && ((int)rpc_call->private_data==PT_UDP) ){
+			guint32 port;
+			port=tvb_get_ntohl(tvb, offset);
+			if(port){
+				conversation_t *conv;
+				conv=find_conversation(&pinfo->src, &pinfo->dst, (port_type)rpc_call->private_data, port, 0, NO_ADDR_B|NO_PORT_B);
+				if(!conv){
+					conv=conversation_new(&pinfo->src, &pinfo->dst, (port_type)rpc_call->private_data, port, 0, NO_ADDR_B|NO_PORT_B);
+				}
+				conversation_set_dissector(conv, rpc_handle);
+			}
+		}
+	}
+				
 	offset = dissect_rpc_uint32(tvb, tree, hf_portmap_port,
 	    offset);
 	return offset;
@@ -530,4 +563,6 @@ proto_reg_handoff_portmap(void)
 	rpc_init_proc_table(PORTMAP_PROGRAM, 2, portmap2_proc);
 	rpc_init_proc_table(PORTMAP_PROGRAM, 3, portmap3_proc);
 	rpc_init_proc_table(PORTMAP_PROGRAM, 4, portmap4_proc);
+	rpc_handle = find_dissector("rpc");
+	rpc_tcp_handle = find_dissector("rpc-tcp");
 }

packet-rpc.c

@@ -2,7 +2,7 @@
  * Routines for rpc dissection
  * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
  * 
- * $Id: packet-rpc.c,v 1.90 2002/04/03 13:24:12 girlich Exp $
+ * $Id: packet-rpc.c,v 1.91 2002/05/09 12:10:05 sahlberg Exp $
  * 
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -1198,6 +1198,7 @@ dissect_rpc_indir_call(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 			rpc_call->prog = prog;
 			rpc_call->vers = vers;
 			rpc_call->proc = proc;
+			rpc_call->private_data = NULL;
 
 			/*
 			 * XXX - what about RPCSEC_GSS?
@@ -1767,6 +1768,7 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 			rpc_call->prog = prog;
 			rpc_call->vers = vers;
 			rpc_call->proc = proc;
+			rpc_call->private_data = NULL;
 			rpc_call->xid = xid;
 			rpc_call->flavor = flavor;
 			rpc_call->gss_proc = gss_proc;
@@ -1780,6 +1782,12 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 			    rpc_call);
 		}
 
+		if(rpc_call && rpc_call->rep_num){
+			proto_tree_add_text(rpc_tree, tvb, 0, 0,
+			    "The reply to this request is in frame %u",
+			    rpc_call->rep_num);
+		}
+
 		offset += 16;
 
 		offset = dissect_rpc_cred(tvb, rpc_tree, offset);
@@ -1803,21 +1811,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 		gss_proc = rpc_call->gss_proc;
 		gss_svc = rpc_call->gss_svc;
 
-		/* Indicate the frame to which this is a reply. */
-		proto_tree_add_text(rpc_tree, tvb, 0, 0,
-		    "This is a reply to a request in frame %u",
-		    rpc_call->req_num);
-		ns.secs= pinfo->fd->abs_secs-rpc_call->req_time.secs;
-		ns.nsecs=pinfo->fd->abs_usecs*1000-rpc_call->req_time.nsecs;
-		if(ns.nsecs<0){
-			ns.nsecs+=1000000000;
-			ns.secs--;
-		}
-		proto_tree_add_time(rpc_tree, hf_rpc_time, tvb, offset, 0,
-				&ns);
-
-
-
 		if (rpc_call->proc_info != NULL) {
 			dissect_function = rpc_call->proc_info->dissect_reply;
 			if (rpc_call->proc_info->name != NULL) {
@@ -1873,6 +1866,29 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 				"Procedure: %s (%u)", procname, proc);
 		}
 
+		reply_state = tvb_get_ntohl(tvb,offset+0);
+		if (rpc_tree) {
+			proto_tree_add_uint(rpc_tree, hf_rpc_state_reply, tvb,
+				offset+0, 4, reply_state);
+		}
+		offset += 4;
+
+		/* Indicate the frame to which this is a reply. */
+		if(rpc_call && rpc_call->req_num){
+			proto_tree_add_text(rpc_tree, tvb, 0, 0,
+			    "This is a reply to a request in frame %u",
+			    rpc_call->req_num);
+			ns.secs= pinfo->fd->abs_secs-rpc_call->req_time.secs;
+			ns.nsecs=pinfo->fd->abs_usecs*1000-rpc_call->req_time.nsecs;
+			if(ns.nsecs<0){
+				ns.nsecs+=1000000000;
+				ns.secs--;
+			}
+			proto_tree_add_time(rpc_tree, hf_rpc_time, tvb, offset, 0,
+				&ns);
+		}
+
+
 		if (rpc_call->rep_num == 0) {
 			/* We have not yet seen a reply to that call, so
 			   this must be the first reply; remember its
@@ -1897,13 +1913,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 			}
 		}
 
-		reply_state = tvb_get_ntohl(tvb,offset+0);
-		if (rpc_tree) {
-			proto_tree_add_uint(rpc_tree, hf_rpc_state_reply, tvb,
-				offset+0, 4, reply_state);
-		}
-		offset += 4;
-
 		if (reply_state == MSG_ACCEPTED) {
 			offset = dissect_rpc_verf(tvb, rpc_tree, offset, msg_type);
 			accept_state = tvb_get_ntohl(tvb,offset+0);
@@ -2914,6 +2923,9 @@ proto_register_rpc(void)
 		"Whether the RPC dissector should defragment multi-fragment RPC-over-TCP messages",
 		&rpc_defragment);
 
+	register_dissector("rpc", dissect_rpc, proto_rpc);
+	register_dissector("rpc-tcp", dissect_rpc_tcp, proto_rpc);
+
 	/*
 	 * Init the hash tables.  Dissectors for RPC protocols must
 	 * have a "handoff registration" routine that registers the

packet-rpc.h

@@ -1,6 +1,6 @@
 /* packet-rpc.h
  *
- * $Id: packet-rpc.h,v 1.35 2002/04/03 13:24:13 girlich Exp $
+ * $Id: packet-rpc.h,v 1.36 2002/05/09 12:10:05 sahlberg Exp $
  *
  * (c) 1999 Uwe Girlich
  *
@@ -93,6 +93,7 @@ typedef struct _rpc_call_info_value {
 	struct _rpc_proc_info_value*	proc_info;
 	gboolean request;	/* Is this a request or not ?*/
 	nstime_t req_time;
+	void *private_data;
 } rpc_call_info_value;