From Jean-Baptiste Marchand update the proto_tree_add_ for UUIDs in the

dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that it is possible to use display filters on these items. svn path=/trunk/; revision=6547
2002-11-02 22:14:21 +00:00 · 2002-11-02 22:14:21 +00:00 · d5e3008fff
parent ee9c00c024
commit d5e3008fff
4 changed files with 119 additions and 76 deletions
--- a/4
+++ b/4
@ -1477,6 +1477,10 @@ Fritz Budiyanto <fritzb88 [AT] yahoo.com> {
 	Fix for GTP Packet Transfer Command IE
 }

+Jean-Baptiste Marchand <Jean-Baptiste.Marchand [AT] hsc.fr> {
+	Make it possible to filter on UUIDs
+}
+
 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
 give his permission to use his version of snprintf.c.

--- a/packet-dcerpc-ndr.c
+++ b/packet-dcerpc-ndr.c
@ -2,7 +2,7 @@
 * Routines for DCERPC NDR dissection
 * Copyright 2001, Todd Sabin <tas@webspan.net>
 *
- * $Id: packet-dcerpc-ndr.c,v 1.11 2002/10/19 03:03:42 guy Exp $
+ * $Id: packet-dcerpc-ndr.c,v 1.12 2002/11/02 22:14:21 sahlberg Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -194,6 +194,9 @@ dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
 {
    e_uuid_t uuid;
    dcerpc_info *di;
+    char uuid_str[DCERPC_UUID_STR_LEN]; 
+    int uuid_str_len;
+    char *proto_str;

    di=pinfo->private_data;
    if(di->conformant_run){
@ -207,14 +210,18 @@ dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
    }
    dcerpc_tvb_get_uuid (tvb, offset, drep, &uuid);
    if (tree) {
-        proto_tree_add_string_format (tree, hfindex, tvb, offset, 16, "",
-                                      "%s: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                                      proto_registrar_get_name(hfindex),
-                                      uuid.Data1, uuid.Data2, uuid.Data3,
-                                      uuid.Data4[0], uuid.Data4[1],
-                                      uuid.Data4[2], uuid.Data4[3],
-                                      uuid.Data4[4], uuid.Data4[5],
-                                      uuid.Data4[6], uuid.Data4[7]);
+	proto_str=proto_registrar_get_name(hfindex);
+	uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN, 
+                                "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                                uuid.Data1, uuid.Data2, uuid.Data3,
+                                uuid.Data4[0], uuid.Data4[1],
+                                uuid.Data4[2], uuid.Data4[3],
+                                uuid.Data4[4], uuid.Data4[5],
+                                uuid.Data4[6], uuid.Data4[7]);
+        if (uuid_str_len >= DCERPC_UUID_STR_LEN)
+		memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
+        proto_tree_add_string_format (tree, hfindex, tvb, offset, 16, 
+		proto_str, "%s (%s)", proto_str, uuid_str);
    }
    if (pdata) {
        *pdata = uuid;
--- a/packet-dcerpc.c
+++ b/packet-dcerpc.c
@ -2,7 +2,7 @@
 * Routines for DCERPC packet disassembly
 * Copyright 2001, Todd Sabin <tas@webspan.net>
 *
- * $Id: packet-dcerpc.c,v 1.83 2002/10/25 01:08:42 guy Exp $
+ * $Id: packet-dcerpc.c,v 1.84 2002/11/02 22:14:21 sahlberg Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -1562,6 +1562,8 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr
    guint32 trans_ver;
    guint16 if_ver, if_ver_minor;
    int offset = 16;
+    char uuid_str[DCERPC_UUID_STR_LEN]; 
+    int uuid_str_len;

    offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
                                    hf_dcerpc_cn_max_xmit, NULL);
@ -1587,14 +1589,17 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr

      dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &if_id);
      if (dcerpc_tree) {
+	  uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN, 
+			          "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                                  if_id.Data1, if_id.Data2, if_id.Data3,
+                                  if_id.Data4[0], if_id.Data4[1],
+                                  if_id.Data4[2], if_id.Data4[3],
+                                  if_id.Data4[4], if_id.Data4[5],
+                                  if_id.Data4[6], if_id.Data4[7]);
+	  if (uuid_str_len >= DCERPC_UUID_STR_LEN)
+		  memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
          proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_cn_bind_if_id, tvb,
-                                        offset, 16, "HMMM",
-                                        "Interface UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                                        if_id.Data1, if_id.Data2, if_id.Data3,
-                                        if_id.Data4[0], if_id.Data4[1],
-                                        if_id.Data4[2], if_id.Data4[3],
-                                        if_id.Data4[4], if_id.Data4[5],
-                                        if_id.Data4[6], if_id.Data4[7]);
+                                        offset, 16, uuid_str, "Interface UUID: %s", uuid_str);
      }
      offset += 16;

@ -1669,14 +1674,17 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr
      for (j = 0; j < num_trans_items; j++) {
        dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
        if (dcerpc_tree) {
+	    uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN, 
+                                  "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                                  trans_id.Data1, trans_id.Data2, trans_id.Data3,
+                                  trans_id.Data4[0], trans_id.Data4[1],
+                                  trans_id.Data4[2], trans_id.Data4[3],
+                                  trans_id.Data4[4], trans_id.Data4[5],
+                                  trans_id.Data4[6], trans_id.Data4[7]);
+	  if (uuid_str_len >= DCERPC_UUID_STR_LEN)
+		  memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
            proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_cn_bind_trans_id, tvb,
-                                          offset, 16, "HMMM",
-                                          "Transfer Syntax: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                                          trans_id.Data1, trans_id.Data2, trans_id.Data3,
-                                          trans_id.Data4[0], trans_id.Data4[1],
-                                          trans_id.Data4[2], trans_id.Data4[3],
-                                          trans_id.Data4[4], trans_id.Data4[5],
-                                          trans_id.Data4[6], trans_id.Data4[7]);
+                                          offset, 16, uuid_str, "Transfer Syntax: %s", uuid_str);
        }
        offset += 16;

@ -1705,6 +1713,8 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerp
    guint16 reason;
    e_uuid_t trans_id;
    guint32 trans_ver;
+    char uuid_str[DCERPC_UUID_STR_LEN]; 
+    int uuid_str_len;

    int offset = 16;

@ -1753,14 +1763,17 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerp

        dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
        if (dcerpc_tree) {
+	    uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN, 
+                                  "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                                  trans_id.Data1, trans_id.Data2, trans_id.Data3,
+                                  trans_id.Data4[0], trans_id.Data4[1],
+                                  trans_id.Data4[2], trans_id.Data4[3],
+                                  trans_id.Data4[4], trans_id.Data4[5],
+                                  trans_id.Data4[6], trans_id.Data4[7]);
+	    if (uuid_str_len >= DCERPC_UUID_STR_LEN)
+		  memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
            proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_cn_ack_trans_id, tvb,
-                                          offset, 16, "HMMM",
-                                          "Transfer Syntax: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                                          trans_id.Data1, trans_id.Data2, trans_id.Data3,
-                                          trans_id.Data4[0], trans_id.Data4[1],
-                                          trans_id.Data4[2], trans_id.Data4[3],
-                                          trans_id.Data4[4], trans_id.Data4[5],
-                                          trans_id.Data4[6], trans_id.Data4[7]);
+                                          offset, 16, uuid_str, "Transfer Syntax: %s", uuid_str);
        }
        offset += 16;

@ -1969,6 +1982,8 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr
    int offset = 16;
    guint32 alloc_hint;
    int length;
+    char uuid_str[DCERPC_UUID_STR_LEN]; 
+    int uuid_str_len;

    offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
                                    hf_dcerpc_cn_alloc_hint, &alloc_hint);
@ -1987,18 +2002,21 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr
    if (hdr->flags & PFC_OBJECT_UUID) {
        dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id);
        if (dcerpc_tree) {
+	    uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN, 
+                                    "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                                    obj_id.Data1, obj_id.Data2, obj_id.Data3,
+                                    obj_id.Data4[0],
+                                    obj_id.Data4[1],
+                                    obj_id.Data4[2],
+                                    obj_id.Data4[3],
+                                    obj_id.Data4[4],
+                                    obj_id.Data4[5],
+                                    obj_id.Data4[6],
+                                    obj_id.Data4[7]);
+	    if (uuid_str_len >= DCERPC_UUID_STR_LEN)
+		  memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
            proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
-                                          offset, 16, "HMMM",
-                                          "Object UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                                          obj_id.Data1, obj_id.Data2, obj_id.Data3,
-                                          obj_id.Data4[0],
-                                          obj_id.Data4[1],
-                                          obj_id.Data4[2],
-                                          obj_id.Data4[3],
-                                          obj_id.Data4[4],
-                                          obj_id.Data4[5],
-                                          obj_id.Data4[6],
-                                          obj_id.Data4[7]);
+                                          offset, 16, uuid_str, "Object UUID: %s", uuid_str);
        }
        offset += 16;
    }
@ -3082,6 +3100,8 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
    int offset = 0;
    conversation_t *conv;
    int auth_level;
+    char uuid_str[DCERPC_UUID_STR_LEN]; 
+    int uuid_str_len;

    /*
     * Check if this looks like a CL DCERPC call.  All dg packets
@ -3197,50 +3217,59 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
    offset++;

    if (tree) {
+	uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN, 
+                                "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                                hdr.obj_id.Data1, hdr.obj_id.Data2, hdr.obj_id.Data3,
+                                hdr.obj_id.Data4[0],
+                                hdr.obj_id.Data4[1],
+                                hdr.obj_id.Data4[2],
+                                hdr.obj_id.Data4[3],
+                                hdr.obj_id.Data4[4],
+                                hdr.obj_id.Data4[5],
+                                hdr.obj_id.Data4[6],
+                                hdr.obj_id.Data4[7]);
+        if (uuid_str_len >= DCERPC_UUID_STR_LEN)
+		memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
        proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
-                                      offset, 16, "HMMM",
-                                      "Object: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                                      hdr.obj_id.Data1, hdr.obj_id.Data2, hdr.obj_id.Data3,
-                                      hdr.obj_id.Data4[0],
-                                      hdr.obj_id.Data4[1],
-                                      hdr.obj_id.Data4[2],
-                                      hdr.obj_id.Data4[3],
-                                      hdr.obj_id.Data4[4],
-                                      hdr.obj_id.Data4[5],
-                                      hdr.obj_id.Data4[6],
-                                      hdr.obj_id.Data4[7]);
+                                      offset, 16, uuid_str, "Object: %s", uuid_str);
    }
    offset += 16;

    if (tree) {
+	uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN, 
+                                "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                                hdr.if_id.Data1, hdr.if_id.Data2, hdr.if_id.Data3,
+                                hdr.if_id.Data4[0],
+                                hdr.if_id.Data4[1],
+                                hdr.if_id.Data4[2],
+                                hdr.if_id.Data4[3],
+                                hdr.if_id.Data4[4],
+                                hdr.if_id.Data4[5],
+                                hdr.if_id.Data4[6],
+                                hdr.if_id.Data4[7]);
+        if (uuid_str_len >= DCERPC_UUID_STR_LEN)
+		memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
        proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
-                                      offset, 16, "HMMM",
-                                      "Interface: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                                      hdr.if_id.Data1, hdr.if_id.Data2, hdr.if_id.Data3,
-                                      hdr.if_id.Data4[0],
-                                      hdr.if_id.Data4[1],
-                                      hdr.if_id.Data4[2],
-                                      hdr.if_id.Data4[3],
-                                      hdr.if_id.Data4[4],
-                                      hdr.if_id.Data4[5],
-                                      hdr.if_id.Data4[6],
-                                      hdr.if_id.Data4[7]);
+                                      offset, 16, uuid_str, "Interface: %s", uuid_str);
    }
    offset += 16;

    if (tree) {
+	uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN, 
+                                "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                                hdr.act_id.Data1, hdr.act_id.Data2, hdr.act_id.Data3,
+                                hdr.act_id.Data4[0],
+                                hdr.act_id.Data4[1],
+                                hdr.act_id.Data4[2],
+                                hdr.act_id.Data4[3],
+                                hdr.act_id.Data4[4],
+                                hdr.act_id.Data4[5],
+                                hdr.act_id.Data4[6],
+                                hdr.act_id.Data4[7]);
+        if (uuid_str_len >= DCERPC_UUID_STR_LEN)
+		memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
        proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
-                                      offset, 16, "HMMM",
-                                      "Activity: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
-                                      hdr.act_id.Data1, hdr.act_id.Data2, hdr.act_id.Data3,
-                                      hdr.act_id.Data4[0],
-                                      hdr.act_id.Data4[1],
-                                      hdr.act_id.Data4[2],
-                                      hdr.act_id.Data4[3],
-                                      hdr.act_id.Data4[4],
-                                      hdr.act_id.Data4[5],
-                                      hdr.act_id.Data4[6],
-                                      hdr.act_id.Data4[7]);
+                                      offset, 16, uuid_str, "Activity: %s", uuid_str);
    }
    offset += 16;

--- a/packet-dcerpc.h
+++ b/packet-dcerpc.h
@ -1,7 +1,7 @@
 /* packet-dcerpc.h
 * Copyright 2001, Todd Sabin <tas@webspan.net>
 *
- * $Id: packet-dcerpc.h,v 1.24 2002/10/25 01:08:42 guy Exp $
+ * $Id: packet-dcerpc.h,v 1.25 2002/11/02 22:14:21 sahlberg Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -34,6 +34,9 @@ typedef struct _e_uuid_t {
    guint8 Data4[8];
 } e_uuid_t;

+/* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
+#define DCERPC_UUID_STR_LEN 36+1
+
 typedef struct _e_ctx_hnd {
    guint32 Data1;
    e_uuid_t uuid;