2011-09-21 07:35:51 +00:00
/* Packet-rdp.c
* Routines for Remote Desktop Protocol ( RDP ) packet dissection
* Copyright 2010 , Graeme Lunt
*
* Wireshark - Network traffic analyzer
* By Gerald Combs < gerald @ wireshark . org >
* Copyright 1998 Gerald Combs
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation ; either version 2
* of the License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
2012-06-28 22:56:06 +00:00
* Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA .
2011-09-21 07:35:51 +00:00
*/
2012-11-23 21:11:47 +00:00
/*
* See : " [MS -RDPBCGR] Remote Desktop Protocol: Basic Connectivity and Graphics Remoting "
*/
2012-09-20 02:03:38 +00:00
# include "config.h"
2011-09-21 07:35:51 +00:00
# include <glib.h>
2012-05-12 22:14:02 +00:00
2011-09-21 07:35:51 +00:00
# include <epan/packet.h>
# include <epan/prefs.h>
2013-09-15 17:50:35 +00:00
# include <epan/wmem/wmem.h>
2011-09-21 07:35:51 +00:00
# include <epan/conversation.h>
# include <epan/asn1.h>
# include "packet-tpkt.h"
# include "packet-ssl.h"
# include "packet-t124.h"
# define PNAME "Remote Desktop Protocol"
# define PSNAME "RDP"
# define PFNAME "rdp"
2013-12-13 06:55:20 +00:00
2011-09-21 07:35:51 +00:00
static guint global_rdp_tcp_port = 3389 ;
static dissector_handle_t tpkt_handle ;
2013-12-13 06:55:20 +00:00
void proto_register_rdp ( void ) ;
void proto_reg_handoff_rdp ( void ) ;
2012-11-23 21:11:47 +00:00
static void prefs_register_rdp ( void ) ;
2011-09-21 07:35:51 +00:00
static int proto_rdp = - 1 ;
static int ett_rdp = - 1 ;
static int ett_rdp_SendData = - 1 ;
2012-11-23 21:11:47 +00:00
2011-09-21 07:35:51 +00:00
static int ett_rdp_ClientData = - 1 ;
static int ett_rdp_clientCoreData = - 1 ;
static int ett_rdp_clientSecurityData = - 1 ;
static int ett_rdp_clientNetworkData = - 1 ;
static int ett_rdp_clientClusterData = - 1 ;
static int ett_rdp_clientUnknownData = - 1 ;
static int ett_rdp_ServerData = - 1 ;
static int ett_rdp_serverCoreData = - 1 ;
static int ett_rdp_serverSecurityData = - 1 ;
static int ett_rdp_serverNetworkData = - 1 ;
static int ett_rdp_serverUnknownData = - 1 ;
static int ett_rdp_channelIdArray = - 1 ;
static int ett_rdp_securityExchangePDU = - 1 ;
static int ett_rdp_clientInfoPDU = - 1 ;
static int ett_rdp_validClientLicenseData = - 1 ;
static int ett_rdp_shareControlHeader = - 1 ;
static int ett_rdp_pduType = - 1 ;
static int ett_rdp_flags = - 1 ;
static int ett_rdp_compressedType = - 1 ;
static int ett_rdp_mapFlags = - 1 ;
static int ett_rdp_options = - 1 ;
static int ett_rdp_channelDefArray = - 1 ;
static int ett_rdp_channelDef = - 1 ;
static int ett_rdp_channelPDUHeader = - 1 ;
static int ett_rdp_channelFlags = - 1 ;
static int ett_rdp_capabilitySet = - 1 ;
static int ett_rdp_StandardDate = - 1 ;
static int ett_rdp_DaylightDate = - 1 ;
static int ett_rdp_clientTimeZone = - 1 ;
static int hf_rdp_ClientData = - 1 ;
static int hf_rdp_SendData = - 1 ;
static int hf_rdp_clientCoreData = - 1 ;
static int hf_rdp_clientSecurityData = - 1 ;
static int hf_rdp_clientNetworkData = - 1 ;
static int hf_rdp_clientClusterData = - 1 ;
static int hf_rdp_clientUnknownData = - 1 ;
static int hf_rdp_ServerData = - 1 ;
static int hf_rdp_serverCoreData = - 1 ;
static int hf_rdp_serverSecurityData = - 1 ;
static int hf_rdp_serverNetworkData = - 1 ;
static int hf_rdp_serverUnknownData = - 1 ;
2012-11-23 21:11:47 +00:00
2011-09-21 07:35:51 +00:00
static int hf_rdp_securityExchangePDU = - 1 ;
static int hf_rdp_clientInfoPDU = - 1 ;
static int hf_rdp_validClientLicenseData = - 1 ;
2012-11-23 21:11:47 +00:00
2011-09-21 07:35:51 +00:00
static int hf_rdp_headerType = - 1 ;
static int hf_rdp_headerLength = - 1 ;
static int hf_rdp_versionMajor = - 1 ;
static int hf_rdp_versionMinor = - 1 ;
static int hf_rdp_desktopWidth = - 1 ;
static int hf_rdp_desktopHeight = - 1 ;
static int hf_rdp_colorDepth = - 1 ;
static int hf_rdp_SASSequence = - 1 ;
static int hf_rdp_keyboardLayout = - 1 ;
static int hf_rdp_clientBuild = - 1 ;
static int hf_rdp_clientName = - 1 ;
static int hf_rdp_keyboardType = - 1 ;
static int hf_rdp_keyboardSubType = - 1 ;
static int hf_rdp_keyboardFunctionKey = - 1 ;
static int hf_rdp_imeFileName = - 1 ;
static int hf_rdp_postBeta2ColorDepth = - 1 ;
static int hf_rdp_clientProductId = - 1 ;
static int hf_rdp_serialNumber = - 1 ;
static int hf_rdp_highColorDepth = - 1 ;
static int hf_rdp_supportedColorDepths = - 1 ;
static int hf_rdp_earlyCapabilityFlags = - 1 ;
static int hf_rdp_clientDigProductId = - 1 ;
static int hf_rdp_connectionType = - 1 ;
static int hf_rdp_pad1octet = - 1 ;
static int hf_rdp_serverSelectedProtocol = - 1 ;
2012-11-23 21:11:47 +00:00
2011-09-21 07:35:51 +00:00
static int hf_rdp_encryptionMethods = - 1 ;
static int hf_rdp_extEncryptionMethods = - 1 ;
2012-11-23 21:11:47 +00:00
static int hf_rdp_cluster_flags = - 1 ;
static int hf_rdp_redirectedSessionId = - 1 ;
2011-09-21 07:35:51 +00:00
static int hf_rdp_encryptionMethod = - 1 ;
static int hf_rdp_encryptionLevel = - 1 ;
static int hf_rdp_serverRandomLen = - 1 ;
static int hf_rdp_serverCertLen = - 1 ;
static int hf_rdp_serverRandom = - 1 ;
static int hf_rdp_serverCertificate = - 1 ;
static int hf_rdp_clientRequestedProtocols = - 1 ;
static int hf_rdp_MCSChannelId = - 1 ;
static int hf_rdp_channelCount = - 1 ;
static int hf_rdp_channelIdArray = - 1 ;
static int hf_rdp_Pad = - 1 ;
static int hf_rdp_length = - 1 ;
static int hf_rdp_encryptedClientRandom = - 1 ;
static int hf_rdp_dataSignature = - 1 ;
static int hf_rdp_fipsLength = - 1 ;
static int hf_rdp_fipsVersion = - 1 ;
static int hf_rdp_padlen = - 1 ;
static int hf_rdp_flags = - 1 ;
static int hf_rdp_flagsPkt = - 1 ;
static int hf_rdp_flagsEncrypt = - 1 ;
static int hf_rdp_flagsResetSeqno = - 1 ;
static int hf_rdp_flagsIgnoreSeqno = - 1 ;
static int hf_rdp_flagsLicenseEncrypt = - 1 ;
static int hf_rdp_flagsSecureChecksum = - 1 ;
static int hf_rdp_flagsFlagsHiValid = - 1 ;
static int hf_rdp_flagsHi = - 1 ;
static int hf_rdp_codePage = - 1 ;
static int hf_rdp_optionFlags = - 1 ;
static int hf_rdp_cbDomain = - 1 ;
static int hf_rdp_cbUserName = - 1 ;
static int hf_rdp_cbPassword = - 1 ;
static int hf_rdp_cbAlternateShell = - 1 ;
static int hf_rdp_cbWorkingDir = - 1 ;
static int hf_rdp_cbClientAddress = - 1 ;
static int hf_rdp_cbClientDir = - 1 ;
static int hf_rdp_cbAutoReconnectLen = - 1 ;
static int hf_rdp_domain = - 1 ;
static int hf_rdp_userName = - 1 ;
static int hf_rdp_password = - 1 ;
static int hf_rdp_alternateShell = - 1 ;
static int hf_rdp_workingDir = - 1 ;
static int hf_rdp_clientAddressFamily = - 1 ;
static int hf_rdp_clientAddress = - 1 ;
static int hf_rdp_clientDir = - 1 ;
static int hf_rdp_clientTimeZone = - 1 ;
static int hf_rdp_clientSessionId = - 1 ;
static int hf_rdp_performanceFlags = - 1 ;
static int hf_rdp_autoReconnectCookie = - 1 ;
static int hf_rdp_reserved1 = - 1 ;
static int hf_rdp_reserved2 = - 1 ;
static int hf_rdp_bMsgType = - 1 ;
static int hf_rdp_bVersion = - 1 ;
static int hf_rdp_wMsgSize = - 1 ;
static int hf_rdp_wBlobType = - 1 ;
static int hf_rdp_wBlobLen = - 1 ;
static int hf_rdp_blobData = - 1 ;
static int hf_rdp_shareControlHeader = - 1 ;
static int hf_rdp_totalLength = - 1 ;
static int hf_rdp_pduType = - 1 ;
static int hf_rdp_pduTypeType = - 1 ;
static int hf_rdp_pduTypeVersionLow = - 1 ;
static int hf_rdp_pduTypeVersionHigh = - 1 ;
static int hf_rdp_pduSource = - 1 ;
static int hf_rdp_shareId = - 1 ;
static int hf_rdp_pad1 = - 1 ;
static int hf_rdp_streamId = - 1 ;
static int hf_rdp_uncompressedLength = - 1 ;
static int hf_rdp_pduType2 = - 1 ;
static int hf_rdp_compressedType = - 1 ;
static int hf_rdp_compressedTypeType = - 1 ;
static int hf_rdp_compressedTypeCompressed = - 1 ;
static int hf_rdp_compressedTypeAtFront = - 1 ;
static int hf_rdp_compressedTypeFlushed = - 1 ;
static int hf_rdp_compressedLength = - 1 ;
static int hf_rdp_wErrorCode = - 1 ;
static int hf_rdp_wStateTransition = - 1 ;
static int hf_rdp_numberEntries = - 1 ;
static int hf_rdp_totalNumberEntries = - 1 ;
static int hf_rdp_mapFlags = - 1 ;
static int hf_rdp_fontMapFirst = - 1 ;
static int hf_rdp_fontMapLast = - 1 ;
/* Control */
static int hf_rdp_action = - 1 ;
static int hf_rdp_grantId = - 1 ;
static int hf_rdp_controlId = - 1 ;
/* Synchronize */
static int hf_rdp_messageType = - 1 ;
static int hf_rdp_targetUser = - 1 ;
/* BitmapCache Persistent List */
static int hf_rdp_numEntriesCache0 = - 1 ;
static int hf_rdp_numEntriesCache1 = - 1 ;
static int hf_rdp_numEntriesCache2 = - 1 ;
static int hf_rdp_numEntriesCache3 = - 1 ;
static int hf_rdp_numEntriesCache4 = - 1 ;
static int hf_rdp_totalEntriesCache0 = - 1 ;
static int hf_rdp_totalEntriesCache1 = - 1 ;
static int hf_rdp_totalEntriesCache2 = - 1 ;
static int hf_rdp_totalEntriesCache3 = - 1 ;
static int hf_rdp_totalEntriesCache4 = - 1 ;
static int hf_rdp_bBitMask = - 1 ;
static int hf_rdp_Pad2 = - 1 ;
static int hf_rdp_Pad3 = - 1 ;
/* BitmapCache Persistent List Entry */
2013-01-26 18:54:53 +00:00
/* static int hf_rdp_Key1 = -1; */
/* static int hf_rdp_Key2 = -1; */
2011-09-21 07:35:51 +00:00
/* FontList */
2011-09-21 23:42:55 +00:00
#if 0
2011-09-21 07:35:51 +00:00
static int hf_rdp_numberFonts = - 1 ;
static int hf_rdp_totalNumFonts = - 1 ;
static int hf_rdp_listFlags = - 1 ;
2011-09-21 23:42:55 +00:00
# endif
2011-09-21 07:35:51 +00:00
static int hf_rdp_entrySize = - 1 ;
/* Confirm Active PDU */
static int hf_rdp_originatorId = - 1 ;
static int hf_rdp_lengthSourceDescriptor = - 1 ;
static int hf_rdp_lengthCombinedCapabilities = - 1 ;
static int hf_rdp_sourceDescriptor = - 1 ;
static int hf_rdp_numberCapabilities = - 1 ;
static int hf_rdp_pad2Octets = - 1 ;
static int hf_rdp_capabilitySet = - 1 ;
static int hf_rdp_capabilitySetType = - 1 ;
static int hf_rdp_lengthCapability = - 1 ;
static int hf_rdp_capabilityData = - 1 ;
static int hf_rdp_sessionId = - 1 ;
2013-01-26 18:54:53 +00:00
/* static int hf_rdp_unknownData = -1; */
2011-09-21 07:35:51 +00:00
static int hf_rdp_notYetImplemented = - 1 ;
static int hf_rdp_encrypted = - 1 ;
2013-01-26 18:54:53 +00:00
/* static int hf_rdp_compressed = -1; */
2011-09-21 07:35:51 +00:00
static int hf_rdp_channelDefArray = - 1 ;
static int hf_rdp_channelDef = - 1 ;
static int hf_rdp_name = - 1 ;
static int hf_rdp_options = - 1 ;
static int hf_rdp_optionsInitialized = - 1 ;
static int hf_rdp_optionsEncryptRDP = - 1 ;
static int hf_rdp_optionsEncryptSC = - 1 ;
static int hf_rdp_optionsEncryptCS = - 1 ;
static int hf_rdp_optionsPriHigh = - 1 ;
static int hf_rdp_optionsPriMed = - 1 ;
static int hf_rdp_optionsPriLow = - 1 ;
static int hf_rdp_optionsCompressRDP = - 1 ;
static int hf_rdp_optionsCompress = - 1 ;
static int hf_rdp_optionsShowProtocol = - 1 ;
2013-01-26 21:42:36 +00:00
static int hf_rdp_optionsRemoteControlPersistent = - 1 ;
2011-09-21 07:35:51 +00:00
static int hf_rdp_channelPDUHeader = - 1 ;
static int hf_rdp_channelFlags = - 1 ;
static int hf_rdp_channelFlagFirst = - 1 ;
static int hf_rdp_channelFlagLast = - 1 ;
static int hf_rdp_channelFlagShowProtocol = - 1 ;
static int hf_rdp_channelFlagSuspend = - 1 ;
static int hf_rdp_channelFlagResume = - 1 ;
static int hf_rdp_channelPacketCompressed = - 1 ;
static int hf_rdp_channelPacketAtFront = - 1 ;
static int hf_rdp_channelPacketFlushed = - 1 ;
static int hf_rdp_channelPacketCompressionType = - 1 ;
static int hf_rdp_virtualChannelData = - 1 ;
static int hf_rdp_wYear = - 1 ;
static int hf_rdp_wMonth = - 1 ;
static int hf_rdp_wDayOfWeek = - 1 ;
static int hf_rdp_wDay = - 1 ;
static int hf_rdp_wHour = - 1 ;
static int hf_rdp_wMinute = - 1 ;
static int hf_rdp_wSecond = - 1 ;
static int hf_rdp_wMilliseconds = - 1 ;
static int hf_rdp_Bias = - 1 ;
static int hf_rdp_StandardName = - 1 ;
static int hf_rdp_StandardDate = - 1 ;
static int hf_rdp_StandardBias = - 1 ;
static int hf_rdp_DaylightName = - 1 ;
static int hf_rdp_DaylightDate = - 1 ;
static int hf_rdp_DaylightBias = - 1 ;
2012-11-23 21:11:47 +00:00
static int hf_rdp_unused = - 1 ;
2011-09-21 07:35:51 +00:00
# define CS_CORE 0xC001
# define CS_SECURITY 0xC002
# define CS_NET 0xC003
# define CS_CLUSTER 0xC004
# define SC_CORE 0x0C01
# define SC_SECURITY 0x0C02
# define SC_NET 0x0C03
# define SEC_EXCHANGE_PKT 0x0001
# define SEC_ENCRYPT 0x0008
# define SEC_RESET_SEQNO 0x0010
# define SEC_IGNORE_SEQNO 0x0020
# define SEC_INFO_PKT 0x0040
# define SEC_LICENSE_PKT 0x0080
# define SEC_LICENSE_ENCRYPT_CS 0x0200
# define SEC_LICENSE_ENCRYPT_SC 0x0200
# define SEC_REDIRECTION_PKT 0x0400
# define SEC_SECURE_CHECKSUM 0x0800
# define SEC_FLAGSHI_VALID 0x8000
# define SEC_PKT_MASK 0x04c1
# define ENCRYPTION_METHOD_NONE 0x00000000
# define ENCRYPTION_METHOD_40BIT 0x00000001
# define ENCRYPTION_METHOD_128BIT 0x00000002
# define ENCRYPTION_METHOD_56BIT 0x00000008
# define ENCRYPTION_METHOD_FIPS 0x00000010
# define ENCRYPTION_LEVEL_NONE 0x00000000
# define ENCRYPTION_LEVEL_LOW 0x00000001
# define ENCRYPTION_LEVEL_CLIENT_COMPATIBLE 0x00000002
# define ENCRYPTION_LEVEL_HIGH 0x00000003
# define ENCRYPTION_LEVEL_FIPS 0x00000004
/* sent by server */
# define LICENSE_REQUEST 0x01
# define PLATFORM_CHALLENGE 0x02
# define NEW_LICENSE 0x03
# define UPGRADE_LICENSE 0x04
/* sent by client */
# define LICENSE_INFO 0x12
# define NEW_LICENSE_REQUEST 0x13
# define PLATFORM_CHALLENGE_RESPONSE 0x15
/* sent by either */
# define ERROR_ALERT 0xff
# define ERR_INVALID_SERVER_CERTIFICIATE 0x00000001
# define ERR_NO_LICENSE 0x00000002
# define ERR_INVALID_MAC 0x00000003
# define ERR_INVALID_SCOPE 0x00000004
# define ERR_NO_LICENSE_SERVER 0x00000006
# define STATUS_VALID_CLIENT 0x00000007
# define ERR_INVALID_CLIENT 0x00000008
# define ERR_INVALID_PRODUCTID 0x0000000B
# define ERR_INVALID_MESSAGE_LEN 0x0000000C
# define ST_TOTAL_ABORT 0x00000001
# define ST_NO_TRANSITION 0x00000002
# define ST_RESET_PHASE_TO_START 0x00000003
# define ST_RESEND_LAST_MESSAGE 0x00000004
# define BB_DATA_BLOB 0x0001
# define BB_RANDOM_BLOB 0x0002
# define BB_CERTIFICATE_BLOB 0x0003
# define BB_ERROR_BLOB 0x0004
# define BB_ENCRYPTED_DATA_BLOB 0x0009
# define BB_KEY_EXCHG_ALG_BLOB 0x000D
# define BB_SCOPE_BLOB 0x000E
# define BB_CLIENT_USER_NAME_BLOB 0x000F
# define BB_CLIENT_MACHINE_NAME_BLOB 0x0010
# define PDUTYPE_TYPE_MASK 0x000F
# define PDUTYPE_VERSIONLOW_MASK 0x00F0
# define PDUTYPE_VERSIONHIGH_MASK 0xFF00
# define PDUTYPE_DEMANDACTIVEPDU 0x1
# define PDUTYPE_CONFIRMACTIVEPDU 0x3
# define PDUTYPE_DEACTIVATEALLPDU 0x6
# define PDUTYPE_DATAPDU 0x7
# define PDUTYPE_SERVER_REDIR_PKT 0xA
# define TS_PROTOCOL_VERSION 0x1
# define PDUTYPE2_UPDATE 0x02
# define PDUTYPE2_CONTROL 0x14
# define PDUTYPE2_POINTER 0x1B
# define PDUTYPE2_INPUT 0x1C
# define PDUTYPE2_SYNCHRONIZE 0x1F
# define PDUTYPE2_REFRESH_RECT 0x21
# define PDUTYPE2_PLAY_SOUND 0x22
# define PDUTYPE2_SUPPRESS_OUTPUT 0x23
# define PDUTYPE2_SHUTDOWN_REQUEST 0x24
# define PDUTYPE2_SHUTDOWN_DENIED 0x25
# define PDUTYPE2_SAVE_SESSION_INFO 0x26
# define PDUTYPE2_FONTLIST 0x27
# define PDUTYPE2_FONTMAP 0x28
# define PDUTYPE2_SET_KEYBOARD_INDICATORS 0x29
# define PDUTYPE2_BITMAPCACHE_PERSISTENT_LIST 0x2B
# define PDUTYPE2_BITMAPCACHE_ERROR_PDU 0x2C
# define PDUTYPE2_SET_KEYBOARD_IME_STATUS 0x2D
# define PDUTYPE2_OFFSCRCACHE_ERROR_PDU 0x2E
# define PDUTYPE2_SET_ERROR_INFO_PDU 0x2F
# define PDUTYPE2_DRAWNINEGRID_ERROR_PDU 0x30
# define PDUTYPE2_DRAWGDIPLUS_ERROR_PDU 0x31
# define PDUTYPE2_ARC_STATUS_PDU 0x32
# define PDUTYPE2_STATUS_INFO_PDU 0x36
# define PDUTYPE2_MONITOR_LAYOUT_PDU 0x37
# define PACKET_COMPRESSED 0x20
# define PACKET_AT_FRONT 0x40
# define PACKET_FLUSHED 0x80
# define PacketCompressionTypeMask 0x0f
# define PACKET_COMPR_TYPE_8K 0x0
# define PACKET_COMPR_TYPE_64K 0x1
# define PACKET_COMPR_TYPE_RDP6 0x2
# define PACKET_COMPR_TYPE_RDP61 0x3
2011-09-25 15:09:44 +00:00
# define CHANNEL_FLAG_FIRST 0x00000001
2011-09-21 07:35:51 +00:00
# define CHANNEL_FLAG_LAST 0x00000002
# define CHANNEL_FLAG_SHOW_PROTOCOL 0x00000010
# define CHANNEL_FLAG_SUSPEND 0x00000020
# define CHANNEL_FLAG_RESUME 0x00000040
# define CHANNEL_PACKET_COMPRESSED 0x00200000
# define CHANNEL_PACKET_AT_FRONT 0x00400000
# define CHANNEL_PACKET_FLUSHED 0x00800000
# define ChannelCompressionTypeMask 0x000f0000
# define CHANNEL_COMPR_TYPE_8K 0x00000000
# define CHANNEL_COMPR_TYPE_64K 0x00010000
# define CHANNEL_COMPR_TYPE_RDP6 0x00020000
# define CHANNEL_COMPR_TYPE_RDP61 0x00030000
# define MapFlagsMask 0xffff
# define FONTMAP_FIRST 0x0001
# define FONTMAP_LAST 0x0002
/* There may well be others */
# define CTRLACTION_REQUEST_CONTROL 0x0001
# define CTRLACTION_GRANTED_CONTROL 0x0002
# define CTRLACTION_DETACH 0x0003
# define CTRLACTION_COOPERATE 0x0004
# define CAPSTYPE_GENERAL 0x0001
# define CAPSTYPE_BITMAP 0x0002
# define CAPSTYPE_ORDER 0x0003
# define CAPSTYPE_BITMAPCACHE 0x0004
# define CAPSTYPE_CONTROL 0x0005
# define CAPSTYPE_ACTIVATION 0x0007
# define CAPSTYPE_POINTER 0x0008
# define CAPSTYPE_SHARE 0x0009
# define CAPSTYPE_COLORCACHE 0x000A
# define CAPSTYPE_SOUND 0x000C
# define CAPSTYPE_INPUT 0x000D
# define CAPSTYPE_FONT 0x000E
# define CAPSTYPE_BRUSH 0x000F
# define CAPSTYPE_GLYPHCACHE 0x0010
# define CAPSTYPE_OFFSCREENCACHE 0x0011
# define CAPSTYPE_BITMAPCACHE_HOSTSUPPORT 0x0012
# define CAPSTYPE_BITMAPCACHE_REV2 0x0013
# define CAPSTYPE_BITMAPCACHE_VIRTUALCHANNEL 0x0014
# define CAPSTYPE_DRAWNINEGRIDCACHE 0x0015
# define CAPSTYPE_DRAWGDIPLUS 0x0016
# define CAPSTYPE_RAIL 0x0017
# define CAPSTYPE_WINDOW 0x0018
# define CAPSTYPE_COMPDESK 0x0019
# define CAPSTYPE_MULTIFRAGMENTUPDATE 0x001A
# define CAPSTYPE_LARGE_POINTER 0x001B
# define CAPSTYPE_SURFACE_COMMANDS 0x001C
# define CAPSTYPE_BITMAP_CODECS 0x001D
2012-05-12 22:14:02 +00:00
# define CHANNEL_OPTION_INITIALIZED 0x80000000
# define CHANNEL_OPTION_ENCRYPT_RDP 0x40000000
# define CHANNEL_OPTION_ENCRYPT_SC 0x20000000
# define CHANNEL_OPTION_ENCRYPT_CS 0x10000000
# define CHANNEL_OPTION_PRI_HIGH 0x08000000
# define CHANNEL_OPTION_PRI_MED 0x04000000
# define CHANNEL_OPTION_PRI_LOW 0x02000000
# define CHANNEL_OPTION_COMPRESS_RDP 0x00800000
# define CHANNEL_OPTION_COMPRESS 0x00400000
# define CHANNEL_OPTION_SHOW_PROTOCOL 0x00200000
# define CHANNEL_OPTION_REMOTE_CONTROL_PERSISTENT 0x00100000
2011-09-21 07:35:51 +00:00
# define MAX_CHANNELS 31
typedef struct rdp_conv_info_t {
guint32 staticChannelId ;
guint32 encryptionMethod ;
guint32 encryptionLevel ;
guint32 licenseAgreed ;
guint8 maxChannels ;
value_string channels [ MAX_CHANNELS + 1 ] ; /* we may need to hold more information later */
} rdp_conv_info_t ;
# define RDP_FI_NONE 0x00
# define RDP_FI_OPTIONAL 0x01
2012-05-10 02:20:37 +00:00
# define RDP_FI_STRING 0x02
2013-12-18 21:36:15 +00:00
# define RDP_FI_UNICODE 0x04 /* field is always Unicode (UTF-16) */
# define RDP_FI_ANSI 0x08 /* field is always ANSI (code page) */
# define RDP_FI_NOINCOFFSET 0x10 /* do not increase the offset */
# define RDP_FI_SUBTREE 0x20
# define RDP_FI_INFO_FLAGS 0x40
2011-09-21 07:35:51 +00:00
typedef struct rdp_field_info_t {
2013-12-14 13:36:54 +00:00
const int * pfield ;
2012-11-23 21:11:47 +00:00
gint32 fixedLength ;
2011-09-21 07:35:51 +00:00
guint32 * variableLength ;
2012-11-23 21:11:47 +00:00
int offsetOrTree ;
guint32 flags ;
2013-12-14 13:36:54 +00:00
const struct rdp_field_info_t * subfields ;
2011-09-21 07:35:51 +00:00
} rdp_field_info_t ;
# define FI_FIXEDLEN(_hf_, _len_) { _hf_, _len_, NULL, 0, 0, NULL }
2013-12-18 21:36:15 +00:00
# define FI_FIXEDLEN_ANSI_STRING(_hf_, _len_) { _hf_, _len_, NULL, 0, RDP_FI_STRING|RDP_FI_ANSI, NULL }
2011-09-21 07:35:51 +00:00
# define FI_VALUE(_hf_, _len_, _value_) { _hf_, _len_, &_value_, 0, 0, NULL }
# define FI_VARLEN(_hf, _length_) { _hf_, 0, &_length_, 0, 0, NULL }
# define FI_SUBTREE(_hf_, _len_, _ett_, _sf_) { _hf_, _len_, NULL, _ett_, RDP_FI_SUBTREE, _sf_ }
2013-12-14 13:36:54 +00:00
# define FI_TERMINATOR {NULL, 0, NULL, 0, 0, NULL}
2011-09-21 07:35:51 +00:00
static const value_string rdp_headerType_vals [ ] = {
{ CS_CORE , " clientCoreData " } ,
{ CS_SECURITY , " clientSecurityData " } ,
2011-09-21 23:42:55 +00:00
{ CS_NET , " clientNetworkData " } ,
{ CS_CLUSTER , " clientClusterData " } ,
2011-09-21 07:35:51 +00:00
{ SC_CORE , " serverCoreData " } ,
{ SC_SECURITY , " serverSecurityData " } ,
2011-09-21 23:42:55 +00:00
{ SC_NET , " serverNetworkData " } ,
2011-09-21 07:35:51 +00:00
{ 0 , NULL }
} ;
static const value_string rdp_colorDepth_vals [ ] = {
{ 0xCA00 , " 4 bits-per-pixel (bpp) " } ,
{ 0xCA01 , " 8 bits-per-pixel (bpp) " } ,
{ 0xCA02 , " 15-bit 555 RGB mask " } ,
{ 0xCA03 , " 16-bit 565 RGB mask " } ,
{ 0xCA04 , " 24-bit RGB mask " } ,
{ 0 , NULL }
} ;
static const value_string rdp_highColorDepth_vals [ ] = {
{ 0x0004 , " 4 bits-per-pixel (bpp) " } ,
{ 0x0008 , " 8 bits-per-pixel (bpp) " } ,
{ 0x000F , " 15-bit 555 RGB mask " } ,
{ 0x0010 , " 16-bit 565 RGB mask " } ,
{ 0x0018 , " 24-bit RGB mask " } ,
{ 0 , NULL }
} ;
static const value_string rdp_keyboardType_vals [ ] = {
{ 1 , " IBM PC/XT or compatible (83-key) keyboard " } ,
{ 2 , " Olivetti \" ICO \" (102-key) keyboard " } ,
{ 3 , " IBM PC/AT (84-key) and similar keyboards " } ,
{ 4 , " IBM enhanced (101-key or 102-key) keyboard " } ,
{ 5 , " Noki 1050 and similar keyboards " } ,
{ 6 , " Nokia 9140 and similar keyboards " } ,
{ 7 , " Japanese keyboard " } ,
{ 0 , NULL }
} ;
static const value_string rdp_connectionType_vals [ ] = {
{ 1 , " Modem (56 Kbps) " } ,
{ 2 , " Low-speed broadband (256 Kbps - 2Mbps) " } ,
{ 3 , " Satellite (2 Mbps - 16Mbps with high latency) " } ,
{ 4 , " High-speed broadband (2 Mbps - 10Mbps) " } ,
{ 5 , " WAN (10 Mbps or higher with high latency) " } ,
{ 6 , " LAN (10 Mbps or higher " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_requestedProtocols_vals [ ] = {
{ 0 , " Standard RDP Security " } ,
{ 1 , " TLS 1.0 " } ,
{ 2 , " Credential Security Support Provider protocol (CredSSP) " } ,
{ 3 , " Credential Security Support Provider protocol (CredSSP) " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_flagsPkt_vals [ ] = {
2012-05-12 22:14:02 +00:00
{ 0 , " (None) " } ,
{ SEC_EXCHANGE_PKT , " Security Exchange PDU " } ,
{ SEC_INFO_PKT , " Client Info PDU " } ,
{ SEC_LICENSE_PKT , " Licensing PDU " } ,
2011-09-21 07:35:51 +00:00
{ SEC_REDIRECTION_PKT , " Standard Security Server Redirection PDU " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_encryptionMethod_vals [ ] = {
2012-05-12 22:14:02 +00:00
{ ENCRYPTION_METHOD_NONE , " None " } ,
{ ENCRYPTION_METHOD_40BIT , " 40-bit RC4 " } ,
2011-09-21 07:35:51 +00:00
{ ENCRYPTION_METHOD_128BIT , " 128-bit RC4 " } ,
2012-05-12 22:14:02 +00:00
{ ENCRYPTION_METHOD_56BIT , " 56-bit RC4 " } ,
{ ENCRYPTION_METHOD_FIPS , " FIPS140-1 3DES " } ,
2011-09-21 07:35:51 +00:00
{ 0 , NULL } ,
} ;
static const value_string rdp_encryptionLevel_vals [ ] = {
2012-05-12 22:14:02 +00:00
{ ENCRYPTION_LEVEL_NONE , " None " } ,
{ ENCRYPTION_LEVEL_LOW , " Low " } ,
2011-09-21 07:35:51 +00:00
{ ENCRYPTION_LEVEL_CLIENT_COMPATIBLE , " Client Compatible " } ,
2012-05-12 22:14:02 +00:00
{ ENCRYPTION_LEVEL_HIGH , " High " } ,
{ ENCRYPTION_LEVEL_FIPS , " FIPS140-1 " } ,
2011-09-21 07:35:51 +00:00
{ 0 , NULL } ,
} ;
static const value_string rdp_bMsgType_vals [ ] = {
2012-05-12 22:14:02 +00:00
{ LICENSE_REQUEST , " License Request " } ,
{ PLATFORM_CHALLENGE , " Platform Challenge " } ,
{ NEW_LICENSE , " New License " } ,
{ UPGRADE_LICENSE , " Upgrade License " } ,
{ LICENSE_INFO , " License Info " } ,
{ NEW_LICENSE_REQUEST , " New License Request " } ,
2011-09-21 07:35:51 +00:00
{ PLATFORM_CHALLENGE_RESPONSE , " Platform Challenge Response " } ,
2012-05-12 22:14:02 +00:00
{ ERROR_ALERT , " Error Alert " } ,
2011-09-21 07:35:51 +00:00
{ 0 , NULL } ,
} ;
static const value_string rdp_wErrorCode_vals [ ] = {
2012-05-12 22:14:02 +00:00
{ ERR_INVALID_SERVER_CERTIFICIATE , " Invalid Server Certificate " } ,
{ ERR_NO_LICENSE , " No License " } ,
{ ERR_INVALID_MAC , " Invalid MAC " } ,
{ ERR_INVALID_SCOPE , " Invalid Scope " } ,
{ ERR_NO_LICENSE_SERVER , " No License Server " } ,
{ STATUS_VALID_CLIENT , " Valid Client " } ,
{ ERR_INVALID_CLIENT , " Invalid Client " } ,
{ ERR_INVALID_PRODUCTID , " Invalid Product Id " } ,
{ ERR_INVALID_MESSAGE_LEN , " Invalid Message Length " } ,
2011-09-21 07:35:51 +00:00
{ 0 , NULL } ,
} ;
static const value_string rdp_wStateTransition_vals [ ] = {
{ ST_TOTAL_ABORT , " Total Abort " } ,
{ ST_NO_TRANSITION , " No Transition " } ,
2011-09-21 23:42:55 +00:00
{ ST_RESET_PHASE_TO_START , " Reset Phase to Start " } ,
2011-09-21 07:35:51 +00:00
{ ST_RESEND_LAST_MESSAGE , " Resend Last Message " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_wBlobType_vals [ ] = {
{ BB_DATA_BLOB , " Data " } ,
{ BB_RANDOM_BLOB , " Random " } ,
{ BB_CERTIFICATE_BLOB , " Certificate " } ,
{ BB_ERROR_BLOB , " Error " } ,
2011-09-21 23:42:55 +00:00
{ BB_ENCRYPTED_DATA_BLOB , " Encrypted Data " } ,
2011-09-21 07:35:51 +00:00
{ BB_KEY_EXCHG_ALG_BLOB , " Key Exchange Algorithm " } ,
{ BB_SCOPE_BLOB , " Scope " } ,
{ BB_CLIENT_USER_NAME_BLOB , " Client User Name " } ,
{ BB_CLIENT_MACHINE_NAME_BLOB , " Client Machine Name " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_pduTypeType_vals [ ] = {
{ PDUTYPE_DEMANDACTIVEPDU , " Demand Active PDU " } ,
{ PDUTYPE_CONFIRMACTIVEPDU , " Confirm Active PDU " } ,
{ PDUTYPE_DEACTIVATEALLPDU , " Deactivate All PDU " } ,
{ PDUTYPE_DATAPDU , " Data PDU " } ,
{ PDUTYPE_SERVER_REDIR_PKT , " Server Redirection PDU " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_pduType2_vals [ ] = {
{ PDUTYPE2_UPDATE , " Update " } ,
{ PDUTYPE2_CONTROL , " Control " } ,
{ PDUTYPE2_POINTER , " Pointer " } ,
{ PDUTYPE2_INPUT , " Input " } ,
{ PDUTYPE2_SYNCHRONIZE , " Synchronize " } ,
{ PDUTYPE2_REFRESH_RECT , " Refresh Rect " } ,
{ PDUTYPE2_PLAY_SOUND , " Play Sound " } ,
{ PDUTYPE2_SUPPRESS_OUTPUT , " Suppress Output " } ,
{ PDUTYPE2_SHUTDOWN_REQUEST , " Shutdown Request " } ,
{ PDUTYPE2_SHUTDOWN_DENIED , " Shutdown Denied " } ,
{ PDUTYPE2_SAVE_SESSION_INFO , " Save Session Info " } ,
{ PDUTYPE2_FONTLIST , " FontList " } ,
{ PDUTYPE2_FONTMAP , " FontMap " } ,
{ PDUTYPE2_SET_KEYBOARD_INDICATORS , " Set Keyboard Indicators " } ,
{ PDUTYPE2_BITMAPCACHE_PERSISTENT_LIST , " BitmapCache Persistent List " } ,
{ PDUTYPE2_BITMAPCACHE_ERROR_PDU , " BitmapCache Error " } ,
{ PDUTYPE2_SET_KEYBOARD_IME_STATUS , " Set Keyboard IME Status " } ,
{ PDUTYPE2_OFFSCRCACHE_ERROR_PDU , " OffScrCache Error " } ,
{ PDUTYPE2_SET_ERROR_INFO_PDU , " Set Error Info " } ,
{ PDUTYPE2_DRAWNINEGRID_ERROR_PDU , " DrawNineGrid Error " } ,
{ PDUTYPE2_DRAWGDIPLUS_ERROR_PDU , " DrawGDIPlus Error " } ,
{ PDUTYPE2_ARC_STATUS_PDU , " Arc Status " } ,
{ PDUTYPE2_STATUS_INFO_PDU , " Status Info " } ,
{ PDUTYPE2_MONITOR_LAYOUT_PDU , " Monitor Layout " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_compressionType_vals [ ] = {
{ PACKET_COMPR_TYPE_8K , " RDP 4.0 bulk compression " } ,
{ PACKET_COMPR_TYPE_64K , " RDP 5.0 bulk compression " } ,
{ PACKET_COMPR_TYPE_RDP6 , " RDP 6.0 bulk compression " } ,
{ PACKET_COMPR_TYPE_RDP61 , " RDP 6.1 bulk compression " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_channelCompressionType_vals [ ] = {
{ CHANNEL_COMPR_TYPE_8K , " RDP 4.0 bulk compression " } ,
{ CHANNEL_COMPR_TYPE_64K , " RDP 5.0 bulk compression " } ,
{ CHANNEL_COMPR_TYPE_RDP6 , " RDP 6.0 bulk compression " } ,
{ CHANNEL_COMPR_TYPE_RDP61 , " RDP 6.1 bulk compression " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_action_vals [ ] = {
{ CTRLACTION_REQUEST_CONTROL , " Request control " } ,
{ CTRLACTION_GRANTED_CONTROL , " Granted control " } ,
{ CTRLACTION_DETACH , " Detach " } ,
{ CTRLACTION_COOPERATE , " Cooperate " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_capabilityType_vals [ ] = {
2012-05-12 22:14:02 +00:00
{ CAPSTYPE_GENERAL , " General " } ,
{ CAPSTYPE_BITMAP , " Bitmap " } ,
{ CAPSTYPE_ORDER , " Order " } ,
{ CAPSTYPE_BITMAPCACHE , " Bitmap Cache " } ,
{ CAPSTYPE_CONTROL , " Control " } ,
{ CAPSTYPE_ACTIVATION , " Activation " } ,
{ CAPSTYPE_POINTER , " Pointer " } ,
{ CAPSTYPE_SHARE , " Share " } ,
{ CAPSTYPE_COLORCACHE , " Color Cache " } ,
{ CAPSTYPE_SOUND , " Sound " } ,
{ CAPSTYPE_INPUT , " Input " } ,
{ CAPSTYPE_FONT , " Font " } ,
{ CAPSTYPE_BRUSH , " Brush " } ,
{ CAPSTYPE_GLYPHCACHE , " Glyph Cache " } ,
{ CAPSTYPE_OFFSCREENCACHE , " Off-screen Cache " } ,
{ CAPSTYPE_BITMAPCACHE_HOSTSUPPORT , " Bitmap Cache Host Support " } ,
{ CAPSTYPE_BITMAPCACHE_REV2 , " Bitmap Cache Rev 2 " } ,
2011-09-21 07:35:51 +00:00
{ CAPSTYPE_BITMAPCACHE_VIRTUALCHANNEL , " Virtual Channel " } ,
2012-05-12 22:14:02 +00:00
{ CAPSTYPE_DRAWNINEGRIDCACHE , " Draw Nine Grid Cache " } ,
{ CAPSTYPE_DRAWGDIPLUS , " Draw GDI Plus " } ,
{ CAPSTYPE_RAIL , " Rail " } ,
{ CAPSTYPE_WINDOW , " Window " } ,
{ CAPSTYPE_COMPDESK , " Comp Desk " } ,
{ CAPSTYPE_MULTIFRAGMENTUPDATE , " Multi-Fragment Update " } ,
{ CAPSTYPE_LARGE_POINTER , " Large Pointer " } ,
{ CAPSTYPE_SURFACE_COMMANDS , " Surface Commands " } ,
{ CAPSTYPE_BITMAP_CODECS , " Bitmap Codecs " } ,
2011-09-21 07:35:51 +00:00
{ 0 , NULL } ,
} ;
static const value_string rdp_wDayOfWeek_vals [ ] = {
{ 0 , " Sunday " } ,
{ 1 , " Monday " } ,
{ 2 , " Tuesday " } ,
{ 3 , " Wednesday " } ,
{ 4 , " Thursday " } ,
{ 5 , " Friday " } ,
{ 6 , " Saturday " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_wDay_vals [ ] = {
{ 1 , " First occurrence " } ,
{ 2 , " Second occurrence " } ,
{ 3 , " Third occurrence " } ,
{ 4 , " Fourth occurrence " } ,
{ 5 , " Last occurrence " } ,
{ 0 , NULL } ,
} ;
static const value_string rdp_wMonth_vals [ ] = {
{ 1 , " January " } ,
{ 2 , " February " } ,
{ 3 , " March " } ,
{ 4 , " April " } ,
{ 5 , " May " } ,
{ 6 , " June " } ,
{ 7 , " July " } ,
{ 8 , " August " } ,
{ 9 , " September " } ,
{ 10 , " October " } ,
{ 11 , " November " } ,
{ 12 , " December " } ,
{ 0 , NULL } ,
} ;
2013-12-18 21:36:15 +00:00
/*
* Flags in the flags field of a TS_INFO_PACKET .
* XXX - define more , and show them underneath that field .
*/
# define INFO_UNICODE 0x00000010
static rdp_conv_info_t *
rdp_get_conversation_data ( packet_info * pinfo )
{
conversation_t * conversation ;
rdp_conv_info_t * rdp_info ;
conversation = find_or_create_conversation ( pinfo ) ;
rdp_info = ( rdp_conv_info_t * ) conversation_get_proto_data ( conversation , proto_rdp ) ;
if ( rdp_info = = NULL ) {
rdp_info = wmem_new0 ( wmem_file_scope ( ) , rdp_conv_info_t ) ;
rdp_info - > staticChannelId = - 1 ;
rdp_info - > encryptionMethod = 0 ;
rdp_info - > encryptionLevel = 0 ;
rdp_info - > licenseAgreed = 0 ;
rdp_info - > maxChannels = 0 ;
conversation_add_proto_data ( conversation , proto_rdp , rdp_info ) ;
}
return rdp_info ;
}
2011-09-21 07:35:51 +00:00
2011-09-25 15:09:44 +00:00
static int
2013-12-14 13:36:54 +00:00
dissect_rdp_fields ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , const rdp_field_info_t * fields , int totlen )
2011-09-21 07:35:51 +00:00
{
2013-12-14 13:36:54 +00:00
const rdp_field_info_t * c ;
2012-11-23 21:11:47 +00:00
gint len ;
int base_offset = offset ;
2013-12-18 22:15:56 +00:00
guint32 info_flags = 0 ;
2013-12-18 21:36:15 +00:00
guint encoding ;
2011-09-21 07:35:51 +00:00
2013-12-14 13:36:54 +00:00
while ( ( ( c = fields + + ) - > pfield ) ! = NULL ) {
2012-05-12 22:14:02 +00:00
if ( ( c - > fixedLength = = 0 ) & & ( c - > variableLength ) ) {
2011-09-25 15:09:44 +00:00
len = * ( c - > variableLength ) ;
2011-09-21 07:35:51 +00:00
} else {
len = c - > fixedLength ;
2012-11-23 21:11:47 +00:00
if ( ( c - > variableLength ) & & ( c - > fixedLength < = 4 ) ) {
switch ( c - > fixedLength ) {
case 1 :
* ( c - > variableLength ) = tvb_get_guint8 ( tvb , offset ) ;
break ;
case 2 :
2012-05-12 22:14:02 +00:00
* ( c - > variableLength ) = tvb_get_letohs ( tvb , offset ) ;
2012-11-23 21:11:47 +00:00
break ;
case 4 :
2012-05-12 22:14:02 +00:00
* ( c - > variableLength ) = tvb_get_letohl ( tvb , offset ) ;
2012-11-23 21:11:47 +00:00
break ;
default :
REPORT_DISSECTOR_BUG ( " Invalid length " ) ;
}
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
* ( c - > variableLength ) + = c - > offsetOrTree ; /* XXX: ??? */
2011-09-21 07:35:51 +00:00
}
}
2012-11-23 21:11:47 +00:00
if ( len ) {
2012-05-12 22:14:02 +00:00
proto_item * pi ;
2013-12-18 21:36:15 +00:00
if ( c - > flags & RDP_FI_STRING ) {
/* If this is always Unicode, or if the INFO_UNICODE flag is set,
treat this as UTF - 16 ; otherwise , treat it as " ANSI " . */
if ( c - > flags & RDP_FI_UNICODE )
encoding = ENC_UTF_16 | ENC_LITTLE_ENDIAN ;
else if ( c - > flags & RDP_FI_ANSI )
encoding = ENC_ASCII | ENC_NA ; /* XXX - code page */
else {
/* Could be Unicode, could be ANSI, based on INFO_UNICODE flag */
encoding = ( info_flags & INFO_UNICODE ) ? ENC_UTF_16 | ENC_LITTLE_ENDIAN : ENC_ASCII | ENC_NA ; /* XXX - code page */
}
} else
encoding = ENC_LITTLE_ENDIAN ;
pi = proto_tree_add_item ( tree , * c - > pfield , tvb , offset , len , encoding ) ;
if ( c - > flags & RDP_FI_INFO_FLAGS ) {
/* TS_INFO_PACKET flags field; save it for later use */
DISSECTOR_ASSERT ( len = = 4 ) ;
info_flags = tvb_get_letohl ( tvb , offset ) ;
2011-09-21 07:35:51 +00:00
}
2012-05-12 22:14:02 +00:00
if ( c - > flags & RDP_FI_SUBTREE ) {
proto_tree * next_tree ;
if ( c - > offsetOrTree ! = - 1 )
next_tree = proto_item_add_subtree ( pi , c - > offsetOrTree ) ;
else
2012-11-23 21:11:47 +00:00
REPORT_DISSECTOR_BUG ( " Tree Error!! " ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( c - > subfields )
2012-11-23 21:11:47 +00:00
dissect_rdp_fields ( tvb , offset , pinfo , next_tree , c - > subfields , 0 ) ;
2011-09-21 07:35:51 +00:00
}
2012-05-12 22:14:02 +00:00
if ( ! ( c - > flags & RDP_FI_NOINCOFFSET ) )
offset + = len ;
2011-09-21 07:35:51 +00:00
}
2012-11-23 21:11:47 +00:00
if ( ( totlen > 0 ) & & ( ( offset - base_offset ) > = totlen ) )
break ; /* we're done: skip optional fields */
/* XXX: err if > totlen ?? */
2011-09-21 07:35:51 +00:00
}
return offset ;
}
2011-11-19 16:15:07 +00:00
static int
dissect_rdp_nyi ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , const char * info )
{
2011-11-19 16:24:19 +00:00
rdp_field_info_t nyi_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_notYetImplemented , - 1 , NULL , 0 , 0 , NULL } ,
2011-11-19 16:24:19 +00:00
FI_TERMINATOR
} ;
2011-11-19 16:15:07 +00:00
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , nyi_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( ( tree ! = NULL ) & & ( info ! = NULL ) )
2011-09-21 07:35:51 +00:00
proto_item_append_text ( tree - > last_child , " (%s) " , info ) ;
return offset ;
}
2011-09-25 15:09:44 +00:00
static int
dissect_rdp_encrypted ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , const char * info )
2011-09-21 07:35:51 +00:00
{
rdp_field_info_t enc_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_encrypted , - 1 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , enc_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( ( tree ! = NULL ) & & ( info ! = NULL ) )
2011-09-21 07:35:51 +00:00
proto_item_append_text ( tree - > last_child , " (%s) " , info ) ;
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " , " , " [Encrypted] " ) ;
return offset ;
}
2011-09-25 15:09:44 +00:00
static int
2012-11-23 21:11:47 +00:00
dissect_rdp_clientNetworkData ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint length , rdp_conv_info_t * rdp_info )
2011-09-21 07:35:51 +00:00
{
2012-05-12 22:14:02 +00:00
proto_tree * next_tree ;
proto_item * pi ;
guint32 channelCount = 0 ;
2011-09-21 07:35:51 +00:00
rdp_field_info_t net_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
FI_VALUE ( & hf_rdp_channelCount , 4 , channelCount ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t option_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_optionsInitialized , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsEncryptRDP , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsEncryptSC , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsEncryptCS , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsPriHigh , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsPriMed , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsPriLow , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsCompressRDP , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsCompress , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsShowProtocol , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_optionsRemoteControlPersistent , 4 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR ,
} ;
rdp_field_info_t channel_fields [ ] = {
2013-12-18 21:36:15 +00:00
FI_FIXEDLEN_ANSI_STRING ( & hf_rdp_name , 8 ) ,
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_options , 4 , ett_rdp_options , option_fields ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t def_fields [ ] = {
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_channelDef , 12 , ett_rdp_channelDef , channel_fields ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2012-05-12 22:14:02 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_clientNetworkData , tvb , offset , length , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
next_tree = proto_item_add_subtree ( pi , ett_rdp_clientNetworkData ) ;
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , next_tree , net_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( channelCount > 0 ) {
2012-11-23 21:11:47 +00:00
guint i ;
2012-05-12 22:14:02 +00:00
pi = proto_tree_add_item ( next_tree , hf_rdp_channelDefArray , tvb , offset , channelCount * 12 , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
next_tree = proto_item_add_subtree ( pi , ett_rdp_channelDefArray ) ;
2012-05-12 22:14:02 +00:00
if ( rdp_info )
2011-12-28 16:53:50 +00:00
rdp_info - > maxChannels = MIN ( channelCount , MAX_CHANNELS ) ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
for ( i = 0 ; i < MIN ( channelCount , MAX_CHANNELS ) ; i + + ) {
2012-05-12 22:14:02 +00:00
if ( rdp_info ) {
2011-12-28 16:36:57 +00:00
rdp_info - > channels [ i ] . value = - 1 ; /* unset */
2013-09-22 15:50:55 +00:00
rdp_info - > channels [ i ] . strptr = tvb_get_string ( wmem_packet_scope ( ) , tvb , offset , 8 ) ;
2011-09-21 07:35:51 +00:00
}
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , next_tree , def_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
}
2012-05-12 22:14:02 +00:00
if ( rdp_info ) {
2011-12-28 16:36:57 +00:00
/* value_strings are normally terminated with a {0, NULL} entry */
2012-11-23 21:11:47 +00:00
rdp_info - > channels [ i ] . value = 0 ;
2011-10-30 06:47:27 +00:00
rdp_info - > channels [ i ] . strptr = NULL ;
}
2011-09-21 07:35:51 +00:00
}
return offset ;
}
2011-09-21 23:42:55 +00:00
static int
2011-09-21 07:35:51 +00:00
dissect_rdp_basicSecurityHeader ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint32 * flags_ptr ) {
guint32 flags = 0 ;
rdp_field_info_t secFlags_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_flagsPkt , 2 , & flags , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsEncrypt , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsResetSeqno , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsIgnoreSeqno , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsLicenseEncrypt , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsSecureChecksum , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsFlagsHiValid , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t flags_fields [ ] = {
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_flags , 2 , ett_rdp_flags , secFlags_fields ) ,
FI_FIXEDLEN ( & hf_rdp_flagsHi , 2 ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , flags_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( flags_ptr )
2011-09-21 07:35:51 +00:00
* flags_ptr = flags ;
2011-09-21 23:42:55 +00:00
2011-09-21 07:35:51 +00:00
return offset ;
}
2011-09-21 23:42:55 +00:00
static int
2011-09-25 15:09:44 +00:00
dissect_rdp_securityHeader ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , rdp_conv_info_t * rdp_info , gboolean alwaysBasic , guint32 * flags_ptr ) {
2011-09-21 23:42:55 +00:00
2011-09-21 07:35:51 +00:00
rdp_field_info_t fips_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_fipsLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_fipsVersion , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_padlen , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_dataSignature , 8 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t enc_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_dataSignature , 8 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2013-12-14 13:36:54 +00:00
const rdp_field_info_t * fields = NULL ;
2011-09-21 23:42:55 +00:00
2012-05-12 22:14:02 +00:00
if ( rdp_info ) {
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( alwaysBasic | | ( rdp_info - > encryptionLevel ! = ENCRYPTION_LEVEL_NONE ) )
2011-09-21 07:35:51 +00:00
offset = dissect_rdp_basicSecurityHeader ( tvb , offset , pinfo , tree , flags_ptr ) ;
2012-05-12 22:14:02 +00:00
if ( rdp_info - > encryptionMethod &
( ENCRYPTION_METHOD_40BIT |
ENCRYPTION_METHOD_128BIT |
ENCRYPTION_METHOD_56BIT ) ) {
2011-09-21 07:35:51 +00:00
fields = enc_fields ;
2012-05-12 22:14:02 +00:00
} else if ( rdp_info - > encryptionMethod = = ENCRYPTION_METHOD_FIPS ) {
2011-09-21 07:35:51 +00:00
fields = fips_fields ;
}
2012-05-12 22:14:02 +00:00
if ( fields )
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , fields , 0 ) ;
2011-09-21 07:35:51 +00:00
}
return offset ;
2011-09-21 23:42:55 +00:00
}
2011-09-21 07:35:51 +00:00
static int
2011-09-25 15:09:44 +00:00
dissect_rdp_channelPDU ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree ) {
2011-09-21 23:42:55 +00:00
2011-09-21 07:35:51 +00:00
guint32 length = 0 ;
rdp_field_info_t flag_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_channelFlagFirst , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_channelFlagLast , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_channelFlagShowProtocol , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_channelFlagSuspend , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_channelFlagResume , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_channelPacketCompressed , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_channelPacketAtFront , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_channelPacketFlushed , 4 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_channelPacketCompressionType , 4 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t channel_fields [ ] = {
2013-12-14 13:36:54 +00:00
FI_VALUE ( & hf_rdp_length , 4 , length ) ,
FI_SUBTREE ( & hf_rdp_channelFlags , 4 , ett_rdp_channelFlags , flag_fields ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t channelPDU_fields [ ] = {
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_channelPDUHeader , 8 , ett_rdp_channelPDUHeader , channel_fields ) ,
FI_FIXEDLEN ( & hf_rdp_virtualChannelData , - 1 ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2011-09-21 23:42:55 +00:00
2011-09-21 07:35:51 +00:00
/* length is the uncompressed length, and the PDU may be compressed */
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , channelPDU_fields , 0 ) ;
2011-09-21 23:42:55 +00:00
2011-09-21 07:35:51 +00:00
return offset ;
}
static int
2011-09-25 15:09:44 +00:00
dissect_rdp_shareDataHeader ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree ) {
2013-12-13 02:55:05 +00:00
guint32 pduType2 = 0 ;
2011-09-21 07:35:51 +00:00
guint32 compressedType ;
guint32 action = 0 ;
rdp_field_info_t compressed_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_compressedTypeType , 1 , & compressedType , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_compressedTypeCompressed , 1 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_compressedTypeAtFront , 1 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_compressedTypeFlushed , 1 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t share_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_shareId , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_pad1 , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_streamId , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_uncompressedLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_pduType2 , 1 , & pduType2 , 0 , 0 , NULL } ,
FI_SUBTREE ( & hf_rdp_compressedType , 1 , ett_rdp_compressedType , compressed_fields ) ,
{ & hf_rdp_compressedLength , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t control_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_action , 2 , & action , 0 , 0 , NULL } ,
{ & hf_rdp_grantId , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_controlId , 4 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t sync_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_messageType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_targetUser , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t mapflags_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_fontMapFirst , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_fontMapLast , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t fontmap_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_numberEntries , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_totalNumberEntries , 2 , NULL , 0 , 0 , NULL } ,
FI_SUBTREE ( & hf_rdp_mapFlags , 2 , ett_rdp_mapFlags , mapflags_fields ) ,
{ & hf_rdp_entrySize , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t persistent_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_numEntriesCache0 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_numEntriesCache1 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_numEntriesCache2 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_numEntriesCache3 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_numEntriesCache4 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_totalEntriesCache0 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_totalEntriesCache1 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_totalEntriesCache2 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_totalEntriesCache3 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_totalEntriesCache4 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_bBitMask , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_Pad2 , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_Pad3 , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2013-12-14 13:36:54 +00:00
const rdp_field_info_t * fields ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , share_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( pduType2 ! = PDUTYPE2_CONTROL )
2012-08-10 22:55:02 +00:00
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " , " , val_to_str_const ( pduType2 , rdp_pduType2_vals , " Unknown " ) ) ;
2011-09-21 07:35:51 +00:00
fields = NULL ;
switch ( pduType2 ) {
case PDUTYPE2_UPDATE :
break ;
case PDUTYPE2_CONTROL :
fields = control_fields ;
break ;
case PDUTYPE2_POINTER :
break ;
case PDUTYPE2_INPUT :
break ;
case PDUTYPE2_SYNCHRONIZE :
fields = sync_fields ;
break ;
case PDUTYPE2_REFRESH_RECT :
break ;
case PDUTYPE2_PLAY_SOUND :
break ;
case PDUTYPE2_SUPPRESS_OUTPUT :
break ;
case PDUTYPE2_SHUTDOWN_REQUEST :
break ;
case PDUTYPE2_SHUTDOWN_DENIED :
break ;
case PDUTYPE2_SAVE_SESSION_INFO :
break ;
case PDUTYPE2_FONTLIST :
break ;
case PDUTYPE2_FONTMAP :
fields = fontmap_fields ;
break ;
case PDUTYPE2_SET_KEYBOARD_INDICATORS :
break ;
case PDUTYPE2_BITMAPCACHE_PERSISTENT_LIST :
fields = persistent_fields ;
break ;
case PDUTYPE2_BITMAPCACHE_ERROR_PDU :
break ;
case PDUTYPE2_SET_KEYBOARD_IME_STATUS :
break ;
case PDUTYPE2_OFFSCRCACHE_ERROR_PDU :
break ;
case PDUTYPE2_SET_ERROR_INFO_PDU :
break ;
case PDUTYPE2_DRAWNINEGRID_ERROR_PDU :
break ;
case PDUTYPE2_DRAWGDIPLUS_ERROR_PDU :
break ;
case PDUTYPE2_ARC_STATUS_PDU :
break ;
case PDUTYPE2_STATUS_INFO_PDU :
break ;
case PDUTYPE2_MONITOR_LAYOUT_PDU :
break ;
default :
break ;
}
2012-05-12 22:14:02 +00:00
if ( fields ) {
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , fields , 0 ) ;
2011-09-21 07:35:51 +00:00
}
2012-05-12 22:14:02 +00:00
if ( pduType2 = = PDUTYPE2_CONTROL )
2012-08-10 22:55:02 +00:00
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " , " , val_to_str_const ( action , rdp_action_vals , " Unknown " ) ) ;
2011-09-21 07:35:51 +00:00
return offset ;
}
static int
2011-09-25 15:09:44 +00:00
dissect_rdp_capabilitySets ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint32 numberCapabilities ) {
2012-11-23 21:11:47 +00:00
guint i ;
2011-09-21 07:35:51 +00:00
guint32 lengthCapability ;
rdp_field_info_t cs_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_capabilitySetType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_lengthCapability , 2 , & lengthCapability , - 4 , 0 , NULL } ,
{ & hf_rdp_capabilityData , 0 , & lengthCapability , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t set_fields [ ] = {
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_capabilitySet , 0 , ett_rdp_capabilitySet , cs_fields ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2011-09-21 23:42:55 +00:00
2012-11-23 21:11:47 +00:00
for ( i = 0 ; i < numberCapabilities ; i + + ) {
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , set_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
}
return offset ;
}
static int
2011-09-25 15:09:44 +00:00
dissect_rdp_demandActivePDU ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree ) {
2011-09-21 07:35:51 +00:00
guint32 lengthSourceDescriptor ;
2013-12-13 02:55:05 +00:00
guint32 numberCapabilities = 0 ;
2011-09-21 07:35:51 +00:00
rdp_field_info_t fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_shareId , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_lengthSourceDescriptor , 2 , & lengthSourceDescriptor , 0 , 0 , NULL } ,
{ & hf_rdp_lengthCombinedCapabilities , 2 , NULL , 0 , 0 , NULL } ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_sourceDescriptor , 0 , & lengthSourceDescriptor , 0 , RDP_FI_STRING | RDP_FI_ANSI , NULL } , /* XXX - T.128 says this is T.50, which is ISO 646, which is only ASCII in its US form */
2013-12-14 13:36:54 +00:00
{ & hf_rdp_numberCapabilities , 2 , & numberCapabilities , 0 , 0 , NULL } ,
{ & hf_rdp_pad2Octets , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t final_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_sessionId , 4 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , fields , 0 ) ;
2011-09-21 07:35:51 +00:00
offset = dissect_rdp_capabilitySets ( tvb , offset , pinfo , tree , numberCapabilities ) ;
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , final_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
return offset ;
}
static int
2011-09-25 15:09:44 +00:00
dissect_rdp_confirmActivePDU ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree ) {
2011-09-21 07:35:51 +00:00
guint32 lengthSourceDescriptor ;
2013-12-13 02:55:05 +00:00
guint32 numberCapabilities = 0 ;
2011-09-21 07:35:51 +00:00
rdp_field_info_t fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_shareId , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_originatorId , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_lengthSourceDescriptor , 2 , & lengthSourceDescriptor , 0 , 0 , NULL } ,
{ & hf_rdp_lengthCombinedCapabilities , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_sourceDescriptor , 0 , & lengthSourceDescriptor , 0 , 0 , NULL } ,
{ & hf_rdp_numberCapabilities , 2 , & numberCapabilities , 0 , 0 , NULL } ,
{ & hf_rdp_pad2Octets , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , tree , fields , 0 ) ;
2011-09-21 07:35:51 +00:00
offset = dissect_rdp_capabilitySets ( tvb , offset , pinfo , tree , numberCapabilities ) ;
return offset ;
}
static proto_tree *
2011-09-25 15:09:44 +00:00
dissect_rdp ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * parent_tree )
2011-09-21 07:35:51 +00:00
{
2012-05-12 22:14:02 +00:00
proto_item * item ;
proto_tree * tree ;
2011-09-21 07:35:51 +00:00
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " RDP " ) ;
col_clear ( pinfo - > cinfo , COL_INFO ) ;
2012-11-23 21:11:47 +00:00
item = proto_tree_add_item ( parent_tree , proto_rdp , tvb , 0 , - 1 , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
tree = proto_item_add_subtree ( item , ett_rdp ) ;
return tree ;
}
2012-05-12 22:14:02 +00:00
static void
2011-09-25 15:09:44 +00:00
dissect_rdp_SendData ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree ) {
2012-05-12 22:14:02 +00:00
proto_item * pi ;
int offset = 0 ;
guint32 flags = 0 ;
guint32 cbDomain , cbUserName , cbPassword , cbAlternateShell , cbWorkingDir ,
2013-12-13 02:55:05 +00:00
cbClientAddress , cbClientDir , cbAutoReconnectLen , wBlobLen , pduType = 0 ;
2012-05-12 22:14:02 +00:00
guint32 bMsgType ;
guint32 encryptedLen = 0 ;
conversation_t * conversation ;
rdp_conv_info_t * rdp_info ;
2011-09-21 07:35:51 +00:00
rdp_field_info_t secFlags_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_flagsPkt , 2 , & flags , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsEncrypt , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsResetSeqno , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsIgnoreSeqno , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsLicenseEncrypt , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsSecureChecksum , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_flagsFlagsHiValid , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t se_fields [ ] = {
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_flags , 2 , ett_rdp_flags , secFlags_fields ) ,
FI_FIXEDLEN ( & hf_rdp_flagsHi , 2 ) ,
{ & hf_rdp_length , 4 , & encryptedLen , 0 , 0 , NULL } ,
{ & hf_rdp_encryptedClientRandom , 0 , & encryptedLen , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t systime_fields [ ] = {
2013-12-14 13:36:54 +00:00
FI_FIXEDLEN ( & hf_rdp_wYear , 2 ) ,
FI_FIXEDLEN ( & hf_rdp_wMonth , 2 ) ,
FI_FIXEDLEN ( & hf_rdp_wDayOfWeek , 2 ) ,
FI_FIXEDLEN ( & hf_rdp_wDay , 2 ) ,
FI_FIXEDLEN ( & hf_rdp_wHour , 2 ) ,
FI_FIXEDLEN ( & hf_rdp_wMinute , 2 ) ,
FI_FIXEDLEN ( & hf_rdp_wSecond , 2 ) ,
FI_FIXEDLEN ( & hf_rdp_wMilliseconds , 2 ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR ,
} ;
rdp_field_info_t tz_info_fields [ ] = {
2013-12-14 13:36:54 +00:00
FI_FIXEDLEN ( & hf_rdp_Bias , 4 ) ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_StandardName , 64 , NULL , 0 , RDP_FI_STRING | RDP_FI_UNICODE , NULL } ,
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_StandardDate , 16 , ett_rdp_StandardDate , systime_fields ) ,
FI_FIXEDLEN ( & hf_rdp_StandardBias , 4 ) ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_DaylightName , 64 , NULL , 0 , RDP_FI_STRING | RDP_FI_UNICODE , NULL } ,
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_DaylightDate , 16 , ett_rdp_DaylightDate , systime_fields ) ,
FI_FIXEDLEN ( & hf_rdp_DaylightBias , 4 ) ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR ,
} ;
rdp_field_info_t ue_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_codePage , 4 , NULL , 0 , 0 , NULL } ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_optionFlags , 4 , NULL , 0 , RDP_FI_INFO_FLAGS , NULL } ,
2013-12-14 13:36:54 +00:00
{ & hf_rdp_cbDomain , 2 , & cbDomain , 2 , 0 , NULL } ,
{ & hf_rdp_cbUserName , 2 , & cbUserName , 2 , 0 , NULL } ,
{ & hf_rdp_cbPassword , 2 , & cbPassword , 2 , 0 , NULL } ,
{ & hf_rdp_cbAlternateShell , 2 , & cbAlternateShell , 2 , 0 , NULL } ,
{ & hf_rdp_cbWorkingDir , 2 , & cbWorkingDir , 2 , 0 , NULL } ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_domain , 0 , & cbDomain , 0 , RDP_FI_STRING , NULL } ,
{ & hf_rdp_userName , 0 , & cbUserName , 0 , RDP_FI_STRING , NULL } ,
{ & hf_rdp_password , 0 , & cbPassword , 0 , RDP_FI_STRING , NULL } ,
{ & hf_rdp_alternateShell , 0 , & cbAlternateShell , 0 , RDP_FI_STRING , NULL } ,
{ & hf_rdp_workingDir , 0 , & cbWorkingDir , 0 , RDP_FI_STRING , NULL } ,
2013-12-14 13:36:54 +00:00
{ & hf_rdp_clientAddressFamily , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_cbClientAddress , 2 , & cbClientAddress , 0 , 0 , NULL } ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_clientAddress , 0 , & cbClientAddress , 0 , RDP_FI_STRING , NULL } ,
2013-12-14 13:36:54 +00:00
{ & hf_rdp_cbClientDir , 2 , & cbClientDir , 0 , 0 , NULL } ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_clientDir , 0 , & cbClientDir , 0 , RDP_FI_STRING , NULL } ,
2013-12-14 13:36:54 +00:00
FI_SUBTREE ( & hf_rdp_clientTimeZone , 172 , ett_rdp_clientTimeZone , tz_info_fields ) ,
{ & hf_rdp_clientSessionId , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_performanceFlags , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_cbAutoReconnectLen , 2 , & cbAutoReconnectLen , 0 , 0 , NULL } ,
{ & hf_rdp_autoReconnectCookie , 0 , & cbAutoReconnectLen , 0 , 0 , NULL } ,
{ & hf_rdp_reserved1 , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_reserved2 , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t msg_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_bMsgType , 1 , & bMsgType , 0 , 0 , NULL } ,
{ & hf_rdp_bVersion , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_wMsgSize , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t error_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_wErrorCode , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_wStateTransition , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_wBlobType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_wBlobLen , 2 , & wBlobLen , 0 , 0 , NULL } ,
{ & hf_rdp_blobData , 0 , & wBlobLen , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2011-09-21 23:42:55 +00:00
2011-09-21 07:35:51 +00:00
rdp_field_info_t pdu_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_pduTypeType , 2 , & pduType , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_pduTypeVersionLow , 2 , NULL , 0 , RDP_FI_NOINCOFFSET , NULL } ,
{ & hf_rdp_pduTypeVersionHigh , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t ctrl_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_totalLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_pduType , 2 , NULL , ett_rdp_pduType , RDP_FI_SUBTREE ,
2011-09-21 07:35:51 +00:00
pdu_fields } ,
2013-12-14 13:36:54 +00:00
{ & hf_rdp_pduSource , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2012-07-09 01:49:02 +00:00
2011-09-21 07:35:51 +00:00
tree = dissect_rdp ( tvb , pinfo , tree ) ;
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_SendData , tvb , offset , - 1 , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
tree = proto_item_add_subtree ( pi , ett_rdp_SendData ) ;
conversation = find_or_create_conversation ( pinfo ) ;
2013-03-19 22:03:00 +00:00
rdp_info = ( rdp_conv_info_t * ) conversation_get_proto_data ( conversation , proto_rdp ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( rdp_info & &
2012-11-23 21:11:47 +00:00
( ( rdp_info - > licenseAgreed = = 0 ) | |
( pinfo - > fd - > num < = rdp_info - > licenseAgreed ) ) ) {
2011-09-21 07:35:51 +00:00
/* licensing stage hasn't been completed */
2012-05-12 22:14:02 +00:00
proto_tree * next_tree ;
2011-09-21 07:35:51 +00:00
flags = tvb_get_letohs ( tvb , offset ) ;
switch ( flags & SEC_PKT_MASK ) {
case SEC_EXCHANGE_PKT :
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_securityExchangePDU , tvb , offset , - 1 , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
next_tree = proto_item_add_subtree ( pi , ett_rdp_securityExchangePDU ) ;
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " " , " SecurityExchange " ) ;
2012-11-23 21:11:47 +00:00
/*offset=*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , se_fields , 0 ) ;
2011-09-21 23:42:55 +00:00
2011-09-21 07:35:51 +00:00
break ;
2011-09-21 23:42:55 +00:00
2011-09-21 07:35:51 +00:00
case SEC_INFO_PKT :
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_clientInfoPDU , tvb , offset , - 1 , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
next_tree = proto_item_add_subtree ( pi , ett_rdp_clientInfoPDU ) ;
2012-05-12 22:14:02 +00:00
2011-09-21 07:35:51 +00:00
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " " , " ClientInfo " ) ;
offset = dissect_rdp_securityHeader ( tvb , offset , pinfo , next_tree , rdp_info , TRUE , NULL ) ;
2012-05-12 22:14:02 +00:00
if ( ! ( flags & SEC_ENCRYPT ) ) {
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , ue_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
} else {
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_encrypted ( tvb , offset , pinfo , next_tree , NULL ) ;
2011-09-21 07:35:51 +00:00
}
break ;
2012-11-23 21:11:47 +00:00
2011-09-21 07:35:51 +00:00
case SEC_LICENSE_PKT :
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_validClientLicenseData , tvb , offset , - 1 , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
next_tree = proto_item_add_subtree ( pi , ett_rdp_validClientLicenseData ) ;
offset = dissect_rdp_securityHeader ( tvb , offset , pinfo , next_tree , rdp_info , TRUE , NULL ) ;
2012-05-12 22:14:02 +00:00
if ( ! ( flags & SEC_ENCRYPT ) ) {
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , next_tree , msg_fields , 0 ) ;
2012-05-12 22:14:02 +00:00
2012-08-10 22:55:02 +00:00
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " , " , val_to_str_const ( bMsgType , rdp_bMsgType_vals , " Unknown " ) ) ;
2012-05-12 22:14:02 +00:00
switch ( bMsgType ) {
case LICENSE_REQUEST :
case PLATFORM_CHALLENGE :
case NEW_LICENSE :
case UPGRADE_LICENSE :
case LICENSE_INFO :
case NEW_LICENSE_REQUEST :
case PLATFORM_CHALLENGE_RESPONSE :
/* RDPELE Not supported */
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_nyi ( tvb , offset , pinfo , next_tree , " RDPELE not implemented " ) ;
2012-05-12 22:14:02 +00:00
break ;
case ERROR_ALERT :
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , error_fields , 0 ) ;
2012-05-12 22:14:02 +00:00
rdp_info - > licenseAgreed = pinfo - > fd - > num ;
break ;
default :
/* Unknown msgType */
break ;
}
2011-09-21 07:35:51 +00:00
} else {
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_encrypted ( tvb , offset , pinfo , next_tree , NULL ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
/* XXX: we assume the license is agreed in this exchange */
rdp_info - > licenseAgreed = pinfo - > fd - > num ;
2011-09-21 07:35:51 +00:00
}
break ;
2012-11-23 21:11:47 +00:00
2011-09-21 07:35:51 +00:00
case SEC_REDIRECTION_PKT :
/* NotYetImplemented */
break ;
2012-11-23 21:11:47 +00:00
2011-09-21 07:35:51 +00:00
default :
break ;
}
2012-05-12 22:14:02 +00:00
return ;
} /* licensing stage */
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( rdp_info & & ( t124_get_last_channelId ( ) = = rdp_info - > staticChannelId ) ) {
2011-09-21 23:42:55 +00:00
2012-05-12 22:14:02 +00:00
offset = dissect_rdp_securityHeader ( tvb , offset , pinfo , tree , rdp_info , FALSE , & flags ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
if ( ! ( flags & SEC_ENCRYPT ) ) {
proto_tree * next_tree ;
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_shareControlHeader , tvb , offset , - 1 , ENC_NA ) ;
2012-05-12 22:14:02 +00:00
next_tree = proto_item_add_subtree ( pi , ett_rdp_shareControlHeader ) ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
offset = dissect_rdp_fields ( tvb , offset , pinfo , next_tree , ctrl_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
pduType & = PDUTYPE_TYPE_MASK ; /* mask out just the type */
2011-09-21 23:42:55 +00:00
2012-05-12 22:14:02 +00:00
if ( pduType ! = PDUTYPE_DATAPDU )
2012-08-10 22:55:02 +00:00
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " , " , val_to_str_const ( pduType , rdp_pduTypeType_vals , " Unknown " ) ) ;
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
switch ( pduType ) {
case PDUTYPE_DEMANDACTIVEPDU :
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_demandActivePDU ( tvb , offset , pinfo , next_tree ) ;
2012-05-12 22:14:02 +00:00
break ;
case PDUTYPE_CONFIRMACTIVEPDU :
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_confirmActivePDU ( tvb , offset , pinfo , next_tree ) ;
2012-05-12 22:14:02 +00:00
break ;
case PDUTYPE_DEACTIVATEALLPDU :
break ;
case PDUTYPE_DATAPDU :
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_shareDataHeader ( tvb , offset , pinfo , next_tree ) ;
2012-05-12 22:14:02 +00:00
break ;
case PDUTYPE_SERVER_REDIR_PKT :
break ;
default :
break ;
}
} else {
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_encrypted ( tvb , offset , pinfo , tree , NULL ) ;
2011-09-21 07:35:51 +00:00
}
2012-05-12 22:14:02 +00:00
/* we may get multiple control headers in a single frame */
col_set_fence ( pinfo - > cinfo , COL_INFO ) ;
return ;
} /* (rdp_info && (t124_get_last_channelId() == rdp_info->staticChannelId)) */
/* Virtual Channel */
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " " , " Virtual Channel PDU " ) ;
offset = dissect_rdp_securityHeader ( tvb , offset , pinfo , tree , rdp_info , FALSE , & flags ) ;
if ( ! ( flags & SEC_ENCRYPT ) )
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_channelPDU ( tvb , offset , pinfo , tree ) ;
2012-05-12 22:14:02 +00:00
else
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_encrypted ( tvb , offset , pinfo , tree , " Channel PDU " ) ;
2011-09-21 07:35:51 +00:00
}
2012-05-12 22:14:02 +00:00
static void
2011-09-25 15:09:44 +00:00
dissect_rdp_ClientData ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree ) {
2012-05-12 22:14:02 +00:00
int offset = 0 ;
proto_item * pi ;
proto_tree * next_tree ;
guint16 type ;
2012-11-23 21:11:47 +00:00
guint length ;
2012-05-12 22:14:02 +00:00
rdp_conv_info_t * rdp_info ;
2011-09-21 07:35:51 +00:00
rdp_field_info_t header_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t core_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_versionMajor , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_versionMinor , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_desktopWidth , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_desktopHeight , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_colorDepth , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_SASSequence , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_keyboardLayout , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_clientBuild , 4 , NULL , 0 , 0 , NULL } ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_clientName , 32 , NULL , 0 , RDP_FI_STRING | RDP_FI_UNICODE , NULL } ,
2013-12-14 13:36:54 +00:00
{ & hf_rdp_keyboardType , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_keyboardSubType , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_keyboardFunctionKey , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_imeFileName , 64 , NULL , 0 , 0 , NULL } ,
2012-11-23 21:11:47 +00:00
/* The following fields are *optional*. */
/* I.E., a sequence of one or more of the trailing */
/* fields at the end of the Data Block need not be */
/* present. The length from the header field determines */
/* the actual number of fields which are present. */
2013-12-14 13:36:54 +00:00
{ & hf_rdp_postBeta2ColorDepth , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_clientProductId , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_serialNumber , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_highColorDepth , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_supportedColorDepths , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_earlyCapabilityFlags , 2 , NULL , 0 , 0 , NULL } ,
2013-12-18 21:36:15 +00:00
{ & hf_rdp_clientDigProductId , 64 , NULL , 0 , RDP_FI_STRING | RDP_FI_UNICODE , NULL } , /* XXX - is this always a string? MS-RDPBCGR doesn't say so */
2013-12-14 13:36:54 +00:00
{ & hf_rdp_connectionType , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_pad1octet , 1 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_serverSelectedProtocol , 4 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t security_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_encryptionMethods , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_extEncryptionMethods , 4 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t cluster_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_cluster_flags , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_redirectedSessionId , 4 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
tree = dissect_rdp ( tvb , pinfo , tree ) ;
2013-12-18 21:36:15 +00:00
rdp_info = rdp_get_conversation_data ( pinfo ) ;
2011-09-21 07:35:51 +00:00
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " " , " ClientData " ) ;
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_ClientData , tvb , offset , - 1 , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
tree = proto_item_add_subtree ( pi , ett_rdp_ClientData ) ;
2012-11-23 21:11:47 +00:00
/* Advance through the data blocks using the length from the header for each block.
* ToDo : Expert if actual amount dissected ( based upon field array ) is not equal to length ? ?
* Note : If length is less than the header size ( 4 bytes ) offset is advanced by 4 bytes
* to ensure that dissection eventually terminates .
*/
while ( tvb_reported_length_remaining ( tvb , offset ) > 0 ) {
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
type = tvb_get_letohs ( tvb , offset ) ;
2011-09-21 07:35:51 +00:00
length = tvb_get_letohs ( tvb , offset + 2 ) ;
2012-05-12 22:14:02 +00:00
#if 0
printf ( " offset=%d, type=%x, length=%d, remaining=%d \n " ,
offset , type , length , tvb_length_remaining ( tvb , offset ) ) ;
# endif
2011-09-21 07:35:51 +00:00
switch ( type ) {
case CS_CORE :
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_clientCoreData , tvb , offset , length , ENC_NA ) ;
next_tree = proto_item_add_subtree ( pi , ett_rdp_clientCoreData ) ;
/*offset =*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , core_fields , length ) ;
2011-09-21 07:35:51 +00:00
break ;
2012-11-23 21:11:47 +00:00
case CS_SECURITY :
pi = proto_tree_add_item ( tree , hf_rdp_clientSecurityData , tvb , offset , length , ENC_NA ) ;
next_tree = proto_item_add_subtree ( pi , ett_rdp_clientSecurityData ) ;
/*offset =*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , security_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
break ;
2012-11-23 21:11:47 +00:00
case CS_NET :
/*offset =*/ dissect_rdp_clientNetworkData ( tvb , offset , pinfo , tree , length , rdp_info ) ;
2011-09-21 07:35:51 +00:00
break ;
2011-09-21 23:42:55 +00:00
2012-11-23 21:11:47 +00:00
case CS_CLUSTER :
pi = proto_tree_add_item ( tree , hf_rdp_clientClusterData , tvb , offset , length , ENC_NA ) ;
next_tree = proto_item_add_subtree ( pi , ett_rdp_clientClusterData ) ;
/*offset =*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , cluster_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
break ;
2012-11-23 21:11:47 +00:00
default : /* unknown */
pi = proto_tree_add_item ( tree , hf_rdp_clientUnknownData , tvb , offset , length , ENC_NA ) ;
next_tree = proto_item_add_subtree ( pi , ett_rdp_clientUnknownData ) ;
/*offset =*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , header_fields , 0 ) ;
break ;
2011-09-21 07:35:51 +00:00
}
2012-11-23 21:11:47 +00:00
offset + = MAX ( 4 , length ) ; /* Use length from header, but advance at least 4 bytes */
2011-09-21 07:35:51 +00:00
}
}
2012-05-12 22:14:02 +00:00
static void
2011-09-25 15:09:44 +00:00
dissect_rdp_ServerData ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree ) {
2012-05-12 22:14:02 +00:00
int offset = 0 ;
proto_item * pi ;
proto_tree * next_tree ;
guint16 type ;
2012-11-23 21:11:47 +00:00
guint length ;
2012-05-12 22:14:02 +00:00
guint32 serverRandomLen = 0 ;
guint32 serverCertLen = 0 ;
guint32 encryptionMethod = 0 ;
guint32 encryptionLevel = 0 ;
guint32 channelCount = 0 ;
guint32 channelId = 0 ;
2012-11-23 21:11:47 +00:00
guint i ;
2012-05-12 22:14:02 +00:00
rdp_conv_info_t * rdp_info ;
2011-09-21 07:35:51 +00:00
rdp_field_info_t header_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t sc_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_versionMajor , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_versionMinor , 2 , NULL , 0 , 0 , NULL } ,
2012-11-23 21:11:47 +00:00
/* The following fields are *optional*. */
/* I.E., a sequence of one or more of the trailing */
/* fields at the end of the Data Block need not be */
/* present. The length from the header field determines */
/* the actual number of fields which are present. */
2013-12-14 13:36:54 +00:00
{ & hf_rdp_clientRequestedProtocols , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_earlyCapabilityFlags , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t ss_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_encryptionMethod , 4 , & encryptionMethod , 0 , 0 , NULL } ,
{ & hf_rdp_encryptionLevel , 4 , & encryptionLevel , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2012-11-23 21:11:47 +00:00
rdp_field_info_t ss_encryption_len_unused_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_unused , 4 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_unused , 4 , NULL , 0 , 0 , NULL } ,
2012-11-23 21:11:47 +00:00
} ;
2011-09-21 07:35:51 +00:00
rdp_field_info_t encryption_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_serverRandomLen , 4 , & serverRandomLen , 0 , 0 , NULL } ,
{ & hf_rdp_serverCertLen , 4 , & serverCertLen , 0 , 0 , NULL } ,
{ & hf_rdp_serverRandom , 0 , & serverRandomLen , 0 , 0 , NULL } ,
{ & hf_rdp_serverCertificate , 0 , & serverCertLen , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t sn_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_headerType , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_headerLength , 2 , NULL , 0 , 0 , NULL } ,
{ & hf_rdp_MCSChannelId , 2 , & channelId , 0 , 0 , NULL } ,
{ & hf_rdp_channelCount , 2 , & channelCount , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t array_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_channelIdArray , 0 /*(channelCount * 2)*/ , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t channel_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_MCSChannelId , 2 , & channelId , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
rdp_field_info_t pad_fields [ ] = {
2013-12-14 13:36:54 +00:00
{ & hf_rdp_Pad , 2 , NULL , 0 , 0 , NULL } ,
2011-09-21 07:35:51 +00:00
FI_TERMINATOR
} ;
2012-05-12 22:14:02 +00:00
tree = dissect_rdp ( tvb , pinfo , tree ) ;
2011-09-21 07:35:51 +00:00
2013-12-18 21:36:15 +00:00
rdp_info = rdp_get_conversation_data ( pinfo ) ;
2011-09-21 07:35:51 +00:00
col_append_sep_str ( pinfo - > cinfo , COL_INFO , " " , " ServerData " ) ;
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_ServerData , tvb , offset , - 1 , ENC_NA ) ;
2011-09-21 07:35:51 +00:00
tree = proto_item_add_subtree ( pi , ett_rdp_ServerData ) ;
2012-11-23 21:11:47 +00:00
/* Advance through the data blocks using the length from the header for each block.
* ToDo : Expert if actual amount dissected ( based upon field array ) is not equal to length ? ?
* Note : If length is less than the header size ( 4 bytes ) offset is advanced by 4 bytes
* to ensure that dissection eventually terminates .
*/
2012-05-12 22:14:02 +00:00
while ( tvb_length_remaining ( tvb , offset ) > 0 ) {
2011-09-21 07:35:51 +00:00
2012-05-12 22:14:02 +00:00
type = tvb_get_letohs ( tvb , offset ) ;
2011-09-21 07:35:51 +00:00
length = tvb_get_letohs ( tvb , offset + 2 ) ;
2011-09-21 23:42:55 +00:00
/* printf("offset=%d, type=%x, length=%d, remaining=%d\n",
2012-05-12 22:14:02 +00:00
offset , type , length , tvb_length_remaining ( tvb , offset ) ) ; */
2011-09-21 07:35:51 +00:00
switch ( type ) {
case SC_CORE :
2012-11-23 21:11:47 +00:00
pi = proto_tree_add_item ( tree , hf_rdp_serverCoreData , tvb , offset , length , ENC_NA ) ;
next_tree = proto_item_add_subtree ( pi , ett_rdp_serverCoreData ) ;
/*offset =*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , sc_fields , length ) ;
break ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
case SC_SECURITY : {
gint lcl_offset ;
pi = proto_tree_add_item ( tree , hf_rdp_serverSecurityData , tvb , offset , length , ENC_NA ) ;
next_tree = proto_item_add_subtree ( pi , ett_rdp_serverSecurityData ) ;
2011-09-21 23:42:55 +00:00
2012-11-23 21:11:47 +00:00
lcl_offset = dissect_rdp_fields ( tvb , offset , pinfo , next_tree , ss_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
col_append_sep_fstr ( pinfo - > cinfo , COL_INFO , " " , " Encryption: %s (%s) " ,
val_to_str_const ( encryptionMethod , rdp_encryptionMethod_vals , " Unknown " ) ,
val_to_str_const ( encryptionLevel , rdp_encryptionLevel_vals , " Unknown " ) ) ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
if ( ( encryptionLevel ! = 0 ) | | ( encryptionMethod ! = 0 ) ) {
/*lcl_offset =*/ dissect_rdp_fields ( tvb , lcl_offset , pinfo , next_tree , encryption_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
} else {
2012-11-23 21:11:47 +00:00
/*lcl_offset =*/ dissect_rdp_fields ( tvb , lcl_offset , pinfo , next_tree , ss_encryption_len_unused_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
}
2012-11-23 21:11:47 +00:00
rdp_info - > encryptionMethod = encryptionMethod ;
rdp_info - > encryptionLevel = encryptionLevel ;
break ;
}
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
case SC_NET : {
gint lcl_offset ;
pi = proto_tree_add_item ( tree , hf_rdp_serverNetworkData , tvb , offset , length , ENC_NA ) ;
next_tree = proto_item_add_subtree ( pi , ett_rdp_serverNetworkData ) ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
lcl_offset = dissect_rdp_fields ( tvb , offset , pinfo , next_tree , sn_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
rdp_info - > staticChannelId = channelId ;
register_t124_sd_dissector ( pinfo , channelId , dissect_rdp_SendData , proto_rdp ) ;
2011-09-21 23:42:55 +00:00
2012-11-23 21:11:47 +00:00
if ( channelCount > 0 ) {
array_fields [ 0 ] . fixedLength = channelCount * 2 ;
dissect_rdp_fields ( tvb , lcl_offset , pinfo , next_tree , array_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
if ( next_tree )
next_tree = proto_item_add_subtree ( next_tree - > last_child , ett_rdp_channelIdArray ) ;
for ( i = 0 ; i < channelCount ; i + + ) {
lcl_offset = dissect_rdp_fields ( tvb , lcl_offset , pinfo , next_tree , channel_fields , 0 ) ;
if ( i < MAX_CHANNELS )
rdp_info - > channels [ i ] . value = channelId ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
/* register SendData on this for now */
register_t124_sd_dissector ( pinfo , channelId , dissect_rdp_SendData , proto_rdp ) ;
2012-05-12 22:14:02 +00:00
}
2012-11-23 21:11:47 +00:00
if ( channelCount % 2 )
/*lcl_offset =*/ dissect_rdp_fields ( tvb , lcl_offset , pinfo , next_tree , pad_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
}
break ;
2012-11-23 21:11:47 +00:00
}
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
default : /* unknown */
pi = proto_tree_add_item ( tree , hf_rdp_serverUnknownData , tvb , offset , length , ENC_NA ) ;
next_tree = proto_item_add_subtree ( pi , ett_rdp_serverUnknownData ) ;
2011-09-21 07:35:51 +00:00
2012-11-23 21:11:47 +00:00
/*offset =*/ dissect_rdp_fields ( tvb , offset , pinfo , next_tree , header_fields , 0 ) ;
2011-09-21 07:35:51 +00:00
break ;
}
2012-11-23 21:11:47 +00:00
offset + = MAX ( 4 , length ) ; /* Use length from header, but advance at least 4 bytes */
2011-09-21 07:35:51 +00:00
}
}
/*--- proto_register_rdp -------------------------------------------*/
2011-09-25 15:09:44 +00:00
void
proto_register_rdp ( void ) {
2011-09-21 07:35:51 +00:00
/* List of fields */
static hf_register_info hf [ ] = {
{ & hf_rdp_ClientData ,
{ " ClientData " , " rdp.clientData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_SendData ,
{ " SendData " , " rdp.sendData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientCoreData ,
{ " clientCoreData " , " rdp.client.coreData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientSecurityData ,
{ " clientSecurityData " , " rdp.client.securityData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientNetworkData ,
{ " clientNetworkData " , " rdp.client.networkData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientClusterData ,
{ " clientClusterData " , " rdp.client.clusterData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientUnknownData ,
{ " clientUnknownData " , " rdp.unknownData.client " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_ServerData ,
{ " ServerData " , " rdp.serverData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverCoreData ,
{ " serverCoreData " , " rdp.server.coreData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverSecurityData ,
{ " serverSecurityData " , " rdp.server.securityData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverNetworkData ,
{ " serverNetworkData " , " rdp.server.networkData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverUnknownData ,
{ " serverUnknownData " , " rdp.unknownData.server " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_securityExchangePDU ,
{ " securityExchangePDU " , " rdp.securityExchangePDU " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientInfoPDU ,
{ " clientInfoPDU " , " rdp.clientInfoPDU " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_validClientLicenseData ,
{ " validClientLicenseData " , " rdp.validClientLicenseData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_headerType ,
{ " headerType " , " rdp.header.type " ,
FT_UINT16 , BASE_HEX , VALS ( rdp_headerType_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_headerLength ,
{ " headerLength " , " rdp.header.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_versionMajor ,
{ " versionMajor " , " rdp.version.major " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_versionMinor ,
{ " versionMinor " , " rdp.version.minor " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_desktopWidth ,
{ " desktopWidth " , " rdp.desktop.width " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_desktopHeight ,
{ " desktopHeight " , " rdp.desktop.height " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_colorDepth ,
{ " colorDepth " , " rdp.colorDepth " ,
FT_UINT16 , BASE_HEX , VALS ( rdp_colorDepth_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_SASSequence ,
{ " SASSequence " , " rdp.SASSequence " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_keyboardLayout ,
{ " keyboardLayout " , " rdp.keyboardLayout " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientBuild ,
{ " clientBuild " , " rdp.client.build " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientName ,
{ " clientName " , " rdp.client.name " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* supposed to be null-terminated */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_keyboardType ,
{ " keyboardType " , " rdp.keyboard.type " ,
FT_UINT32 , BASE_DEC , VALS ( rdp_keyboardType_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_keyboardSubType ,
{ " keyboardSubType " , " rdp.keyboard.subtype " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_keyboardFunctionKey ,
{ " keyboardFunctionKey " , " rdp.keyboard.functionkey " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_imeFileName ,
{ " imeFileName " , " rdp.imeFileName " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_postBeta2ColorDepth ,
{ " postBeta2ColorDepth " , " rdp.postBeta2ColorDepth " ,
FT_UINT16 , BASE_HEX , VALS ( rdp_colorDepth_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientProductId ,
{ " clientProductId " , " rdp.client.productId " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serialNumber ,
{ " serialNumber " , " rdp.serialNumber " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_highColorDepth ,
{ " highColorDepth " , " rdp.highColorDepth " ,
FT_UINT16 , BASE_HEX , VALS ( rdp_highColorDepth_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_supportedColorDepths ,
{ " supportedColorDepths " , " rdp.supportedColorDepths " ,
FT_UINT16 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_earlyCapabilityFlags ,
{ " earlyCapabilityFlags " , " rdp.earlyCapabilityFlags " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientDigProductId ,
{ " clientDigProductId " , " rdp.client.digProductId " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* XXX - is this always a string? MS-RDPBCGR doesn't say so */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_connectionType ,
{ " connectionType " , " rdp.connectionType " ,
FT_UINT8 , BASE_DEC , VALS ( rdp_connectionType_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_pad1octet ,
{ " pad1octet " , " rdp.pad1octet " ,
FT_UINT8 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverSelectedProtocol ,
{ " serverSelectedProtocol " , " rdp.serverSelectedProtocol " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_encryptionMethods ,
{ " encryptionMethods " , " rdp.encryptionMethods " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_extEncryptionMethods ,
{ " extEncryptionMethods " , " rdp.extEncryptionMethods " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
2012-11-23 21:11:47 +00:00
{ & hf_rdp_cluster_flags , /* ToDo: Display flags in detail */
{ " clusterFlags " , " rdp.clusterFlags " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_redirectedSessionId ,
{ " redirectedSessionId " , " rdp.redirectedSessionId " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
2011-09-21 07:35:51 +00:00
{ & hf_rdp_encryptionMethod ,
{ " encryptionMethod " , " rdp.encryptionMethod " ,
FT_UINT32 , BASE_HEX , VALS ( rdp_encryptionMethod_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_encryptionLevel ,
{ " encryptionLevel " , " rdp.encryptionLevel " ,
FT_UINT32 , BASE_HEX , VALS ( rdp_encryptionLevel_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverRandomLen ,
{ " serverRandomLen " , " rdp.serverRandomLen " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverCertLen ,
{ " serverCertLen " , " rdp.serverCertLen " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverRandom ,
{ " serverRandom " , " rdp.serverRandom " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_serverCertificate ,
{ " serverCertificate " , " rdp.serverCertificate " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientRequestedProtocols ,
{ " clientRequestedProtocols " , " rdp.client.requestedProtocols " ,
FT_UINT32 , BASE_HEX , VALS ( rdp_requestedProtocols_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_MCSChannelId ,
{ " MCSChannelId " , " rdp.MCSChannelId " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_channelCount ,
{ " channelCount " , " rdp.channelCount " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_channelIdArray ,
{ " channelIdArray " , " rdp.channelIdArray " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_Pad ,
{ " Pad " , " rdp.Pad " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_flags ,
{ " flags " , " rdp.flags " ,
FT_UINT16 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_channelFlags ,
{ " channelFlags " , " rdp.channelFlags " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_flagsPkt ,
{ " flagsPkt " , " rdp.flags.pkt " ,
FT_UINT16 , BASE_HEX , VALS ( rdp_flagsPkt_vals ) , SEC_PKT_MASK ,
NULL , HFILL } } ,
{ & hf_rdp_flagsEncrypt ,
{ " flagsEncrypt " , " rdp.flags.encrypt " ,
FT_UINT16 , BASE_HEX , NULL , SEC_ENCRYPT ,
NULL , HFILL } } ,
{ & hf_rdp_flagsResetSeqno ,
{ " flagsResetSeqno " , " rdp.flags.resetseqno " ,
FT_UINT16 , BASE_HEX , NULL , SEC_RESET_SEQNO ,
NULL , HFILL } } ,
{ & hf_rdp_flagsIgnoreSeqno ,
{ " flagsIgnoreSeqno " , " rdp.flags.ignoreseqno " ,
FT_UINT16 , BASE_HEX , NULL , SEC_IGNORE_SEQNO ,
NULL , HFILL } } ,
{ & hf_rdp_flagsLicenseEncrypt ,
{ " flagsLicenseEncrypt " , " rdp.flags.licenseencrypt " ,
FT_UINT16 , BASE_HEX , NULL , SEC_LICENSE_ENCRYPT_CS ,
NULL , HFILL } } ,
{ & hf_rdp_flagsSecureChecksum ,
{ " flagsSecureChecksum " , " rdp.flags.securechecksum " ,
FT_UINT16 , BASE_HEX , NULL , SEC_SECURE_CHECKSUM ,
NULL , HFILL } } ,
{ & hf_rdp_flagsFlagsHiValid ,
{ " flagsHiValid " , " rdp.flags.flagshivalid " ,
FT_UINT16 , BASE_HEX , NULL , SEC_FLAGSHI_VALID ,
NULL , HFILL } } ,
{ & hf_rdp_flagsHi ,
{ " flagsHi " , " rdp.flagsHi " ,
FT_UINT16 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_length ,
{ " length " , " rdp.length " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_encryptedClientRandom ,
{ " encryptedClientRandom " , " rdp.encryptedClientRandom " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_dataSignature ,
{ " dataSignature " , " rdp.dataSignature " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_fipsLength ,
{ " fipsLength " , " rdp.fipsLength " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_fipsVersion ,
{ " fipsVersion " , " rdp.fipsVersion " ,
FT_UINT8 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_padlen ,
{ " padlen " , " rdp.padlen " ,
FT_UINT8 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_codePage ,
{ " codePage " , " rdp.codePage " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_optionFlags ,
{ " optionFlags " , " rdp.optionFlags " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_cbDomain ,
{ " cbDomain " , " rdp.domain.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_cbUserName ,
{ " cbUserName " , " rdp.userName.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_cbPassword ,
{ " cbPassword " , " rdp.password.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_cbAlternateShell ,
{ " cbAlternateShell " , " rdp.alternateShell.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_cbWorkingDir ,
{ " cbWorkingDir " , " rdp.workingDir.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_cbClientAddress ,
{ " cbClientAddress " , " rdp.client.address.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_cbClientDir ,
{ " cbClientDir " , " rdp.client.dir.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_cbAutoReconnectLen ,
{ " cbAutoReconnectLen " , " rdp.autoReconnectCookie.length " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_domain ,
{ " domain " , " rdp.domain " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* null-terminated, count includes terminator */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_userName ,
{ " userName " , " rdp.userName " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* null-terminated, count includes terminator */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_password ,
{ " password " , " rdp.password " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* null-terminated, count includes terminator */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_alternateShell ,
{ " alternateShell " , " rdp.alternateShell " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* null-terminated, count includes terminator */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_workingDir ,
{ " workingDir " , " rdp.workingDir " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* null-terminated, count includes terminator */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_clientAddressFamily ,
{ " clientAddressFamily " , " rdp.client.addressFamily " ,
FT_UINT16 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientAddress ,
{ " clientAddress " , " rdp.client.address " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* null-terminated, count includes terminator */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_clientDir ,
{ " clientDir " , " rdp.client.dir " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* null-terminated, count includes terminator */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_clientTimeZone ,
{ " clientTimeZone " , " rdp.client.timeZone " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_clientSessionId ,
{ " clientSessionId " , " rdp.client.sessionId " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_performanceFlags ,
{ " performanceFlags " , " rdp.performanceFlags " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_autoReconnectCookie ,
{ " autoReconnectCookie " , " rdp.autoReconnectCookie " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_reserved1 ,
{ " reserved1 " , " rdp.reserved1 " ,
FT_UINT16 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_reserved2 ,
{ " reserved2 " , " rdp.reserved2 " ,
FT_UINT16 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_bMsgType ,
{ " bMsgType " , " rdp.bMsgType " ,
FT_UINT8 , BASE_HEX , VALS ( rdp_bMsgType_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_bVersion ,
{ " bVersion " , " rdp.bVersion " ,
FT_UINT8 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wMsgSize ,
{ " wMsgSize " , " rdp.wMsgSize " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wBlobType ,
{ " wBlobType " , " rdp.wBlobType " ,
FT_UINT16 , BASE_DEC , VALS ( rdp_wBlobType_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wBlobLen ,
{ " wBlobLen " , " rdp.wBlobLen " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_blobData ,
{ " blobData " , " rdp.blobData " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_shareControlHeader ,
{ " shareControlHeader " , " rdp.shareControlHeader " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_channelPDUHeader ,
{ " channelPDUHeader " , " rdp.channelPDUHeader " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_virtualChannelData ,
{ " virtualChannelData " , " rdp.virtualChannelData " ,
FT_BYTES , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_totalLength ,
{ " totalLength " , " rdp.totalLength " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_pduType ,
{ " pduType " , " rdp.pduType " ,
2011-09-21 23:42:55 +00:00
FT_UINT16 , BASE_HEX , NULL , 0 ,
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_pduTypeType ,
{ " pduTypeType " , " rdp.pduType.type " ,
FT_UINT16 , BASE_HEX , VALS ( rdp_pduTypeType_vals ) , PDUTYPE_TYPE_MASK ,
NULL , HFILL } } ,
{ & hf_rdp_pduTypeVersionLow ,
{ " pduTypeVersionLow " , " rdp.pduType.versionLow " ,
FT_UINT16 , BASE_DEC , NULL , PDUTYPE_VERSIONLOW_MASK ,
NULL , HFILL } } ,
{ & hf_rdp_pduTypeVersionHigh ,
{ " pduTypeVersionHigh " , " rdp.pduType.versionHigh " ,
FT_UINT16 , BASE_DEC , NULL , PDUTYPE_VERSIONHIGH_MASK ,
NULL , HFILL } } ,
{ & hf_rdp_pduSource ,
{ " pduSource " , " rdp.pduSource " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_shareId ,
{ " shareId " , " rdp.shareId " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_pad1 ,
{ " pad1 " , " rdp.pad1 " ,
FT_UINT8 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_streamId ,
{ " streamId " , " rdp.streamId " ,
FT_UINT8 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_uncompressedLength ,
{ " uncompressedLength " , " rdp.uncompressedLength " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_pduType2 ,
{ " pduType2 " , " rdp.pduType2 " ,
FT_UINT8 , BASE_DEC , VALS ( rdp_pduType2_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_compressedType ,
{ " compressedType " , " rdp.compressedType " ,
FT_UINT8 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_compressedTypeType ,
{ " compressedTypeType " , " rdp.compressedType.type " ,
2011-09-25 15:09:44 +00:00
FT_UINT8 , BASE_HEX , VALS ( rdp_compressionType_vals ) ,
2012-05-12 22:14:02 +00:00
PacketCompressionTypeMask ,
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_compressedTypeCompressed ,
{ " compressedTypeCompressed " , " rdp.compressedType.compressed " ,
FT_UINT8 , BASE_HEX , NULL , PACKET_COMPRESSED ,
NULL , HFILL } } ,
{ & hf_rdp_compressedTypeAtFront ,
{ " compressedTypeAtFront " , " rdp.compressedType.atFront " ,
FT_UINT8 , BASE_HEX , NULL , PACKET_AT_FRONT ,
NULL , HFILL } } ,
{ & hf_rdp_compressedTypeFlushed ,
{ " compressedTypeFlushed " , " rdp.compressedType.flushed " ,
FT_UINT8 , BASE_HEX , NULL , PACKET_FLUSHED ,
NULL , HFILL } } ,
{ & hf_rdp_compressedLength ,
{ " compressedLength " , " rdp.compressedLength " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wErrorCode ,
{ " errorCode " , " rdp.errorCode " ,
FT_UINT32 , BASE_DEC , VALS ( rdp_wErrorCode_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wStateTransition ,
{ " stateTransition " , " rdp.stateTransition " ,
FT_UINT32 , BASE_DEC , VALS ( rdp_wStateTransition_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_numberEntries ,
{ " numberEntries " , " rdp.numberEntries " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_totalNumberEntries ,
{ " totalNumberEntries " , " rdp.totalNumberEntries " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_mapFlags ,
{ " mapFlags " , " rdp.mapFlags " ,
2011-09-21 23:42:55 +00:00
FT_UINT16 , BASE_HEX , NULL , 0 ,
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_fontMapFirst ,
{ " fontMapFirst " , " rdp.mapFlags.fontMapFirst " ,
2011-09-21 23:42:55 +00:00
FT_UINT16 , BASE_HEX , NULL , FONTMAP_FIRST ,
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_fontMapLast ,
{ " fontMapLast " , " rdp.mapFlags.fontMapLast " ,
2011-09-21 23:42:55 +00:00
FT_UINT16 , BASE_HEX , NULL , FONTMAP_LAST ,
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_entrySize ,
{ " entrySize " , " rdp.entrySize " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_action ,
{ " action " , " rdp.action " ,
2011-09-21 23:42:55 +00:00
FT_UINT16 , BASE_HEX , VALS ( rdp_action_vals ) ,
2012-05-12 22:14:02 +00:00
0 ,
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_grantId ,
{ " grantId " , " rdp.grantId " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_controlId ,
{ " controlId " , " rdp.controlId " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_messageType ,
{ " messageType " , " rdp.messageType " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_targetUser ,
{ " targetUser " , " rdp.targetUser " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_numEntriesCache0 ,
{ " numEntriesCache0 " , " rdp.numEntriesCache0 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_numEntriesCache1 ,
{ " numEntriesCache1 " , " rdp.numEntriesCache1 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_numEntriesCache2 ,
{ " numEntriesCache2 " , " rdp.numEntriesCache2 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_numEntriesCache3 ,
{ " numEntriesCache3 " , " rdp.numEntriesCache3 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_numEntriesCache4 ,
{ " numEntriesCache4 " , " rdp.numEntriesCache4 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_totalEntriesCache0 ,
{ " totalEntriesCache0 " , " rdp.totalEntriesCache0 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_totalEntriesCache1 ,
{ " totalEntriesCache1 " , " rdp.totalEntriesCache1 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_totalEntriesCache2 ,
{ " totalEntriesCache2 " , " rdp.totalEntriesCache2 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_totalEntriesCache3 ,
{ " totalEntriesCache3 " , " rdp.totalEntriesCache3 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_totalEntriesCache4 ,
{ " totalEntriesCache4 " , " rdp.totalEntriesCache4 " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_bBitMask ,
{ " bBitMask " , " rdp.bBitMask " ,
FT_UINT8 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_Pad2 ,
{ " Pad2 " , " rdp.Pad2 " ,
FT_UINT8 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_Pad3 ,
{ " Pad3 " , " rdp.Pad3 " ,
FT_UINT16 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
2013-01-31 18:31:28 +00:00
#if 0
2011-09-21 07:35:51 +00:00
{ & hf_rdp_Key1 ,
{ " Key1 " , " rdp.Key1 " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
2013-01-31 18:31:28 +00:00
# endif
#if 0
2011-09-21 07:35:51 +00:00
{ & hf_rdp_Key2 ,
{ " Key2 " , " rdp.Key2 " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
2013-01-31 18:31:28 +00:00
# endif
2011-09-21 07:35:51 +00:00
{ & hf_rdp_originatorId ,
{ " originatorId " , " rdp.OriginatorId " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_lengthSourceDescriptor ,
{ " lengthSourceDescriptor " , " rdp.lengthSourceDescriptor " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_lengthCombinedCapabilities ,
{ " lengthCombinedCapabilities " , " rdp.lengthCombinedCapabilities " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_sourceDescriptor ,
{ " sourceDescriptor " , " rdp.sourceDescriptor " ,
FT_STRING , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_numberCapabilities ,
{ " numberCapabilities " , " rdp.numberCapabilities " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_pad2Octets ,
{ " pad2Octets " , " rdp.pad2Octets " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_capabilitySetType ,
{ " capabilitySetType " , " rdp.capabilitySetType " ,
FT_UINT16 , BASE_HEX , VALS ( rdp_capabilityType_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_capabilitySet ,
{ " capabilitySet " , " rdp.capabilitySet " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_lengthCapability ,
{ " lengthCapability " , " rdp.lengthCapability " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_capabilityData ,
{ " capabilityData " , " rdp.capabilityData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
2013-01-31 18:31:28 +00:00
#if 0
2011-09-21 07:35:51 +00:00
{ & hf_rdp_unknownData ,
{ " unknownData " , " rdp.unknownData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
2013-01-31 18:31:28 +00:00
# endif
2011-09-21 07:35:51 +00:00
{ & hf_rdp_notYetImplemented ,
{ " notYetImplemented " , " rdp.notYetImplemented " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_encrypted ,
{ " encryptedData " , " rdp.encryptedData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
2013-01-31 18:31:28 +00:00
#if 0
2011-09-21 07:35:51 +00:00
{ & hf_rdp_compressed ,
{ " compressedData " , " rdp.compressedData " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
2013-01-31 18:31:28 +00:00
# endif
2011-09-21 07:35:51 +00:00
{ & hf_rdp_sessionId ,
{ " sessionId " , " rdp.sessionId " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_channelDefArray ,
{ " channelDefArray " , " rdp.channelDefArray " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_channelDef ,
{ " channelDef " , " rdp.channelDef " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_name ,
{ " name " , " rdp.name " ,
FT_STRING , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_options ,
{ " options " , " rdp.options " ,
FT_UINT32 , BASE_HEX , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_optionsInitialized ,
{ " optionsInitialized " , " rdp.options.initialized " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_INITIALIZED ,
NULL , HFILL } } ,
{ & hf_rdp_optionsEncryptRDP ,
{ " encryptRDP " , " rdp.options.encrypt.rdp " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_ENCRYPT_RDP ,
NULL , HFILL } } ,
{ & hf_rdp_optionsEncryptSC ,
{ " encryptSC " , " rdp.options.encrypt.sc " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_ENCRYPT_SC ,
NULL , HFILL } } ,
{ & hf_rdp_optionsEncryptCS ,
{ " encryptCS " , " rdp.options.encrypt.cs " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_ENCRYPT_CS ,
NULL , HFILL } } ,
{ & hf_rdp_optionsPriHigh ,
{ " priorityHigh " , " rdp.options.priority.high " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_PRI_HIGH ,
NULL , HFILL } } ,
{ & hf_rdp_optionsPriMed ,
{ " priorityMed " , " rdp.options.priority.med " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_PRI_MED ,
NULL , HFILL } } ,
{ & hf_rdp_optionsPriLow ,
{ " priorityLow " , " rdp.options.priority.low " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_PRI_LOW ,
NULL , HFILL } } ,
{ & hf_rdp_optionsCompressRDP ,
{ " compressRDP " , " rdp.options.compress.rdp " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_COMPRESS_RDP ,
NULL , HFILL } } ,
{ & hf_rdp_optionsCompress ,
{ " compress " , " rdp.options.compress " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_COMPRESS ,
NULL , HFILL } } ,
{ & hf_rdp_optionsShowProtocol ,
{ " showProtocol " , " rdp.options.showprotocol " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_SHOW_PROTOCOL ,
NULL , HFILL } } ,
{ & hf_rdp_optionsRemoteControlPersistent ,
{ " remoteControlPersistent " , " rdp.options.remotecontrolpersistent " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_OPTION_REMOTE_CONTROL_PERSISTENT ,
NULL , HFILL } } ,
{ & hf_rdp_channelFlagFirst ,
{ " channelFlagFirst " , " rdp.channelFlag.first " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_FLAG_FIRST ,
NULL , HFILL } } ,
{ & hf_rdp_channelFlagLast ,
{ " channelFlagLast " , " rdp.channelFlag.last " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_FLAG_LAST ,
NULL , HFILL } } ,
{ & hf_rdp_channelFlagShowProtocol ,
{ " channelFlagShowProtocol " , " rdp.channelFlag.showProtocol " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_FLAG_SHOW_PROTOCOL ,
NULL , HFILL } } ,
{ & hf_rdp_channelFlagSuspend ,
{ " channelFlagSuspend " , " rdp.channelFlag.suspend " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_FLAG_SUSPEND ,
NULL , HFILL } } ,
{ & hf_rdp_channelFlagResume ,
{ " channelFlagResume " , " rdp.channelFlag.resume " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_FLAG_RESUME ,
NULL , HFILL } } ,
{ & hf_rdp_channelPacketCompressed ,
{ " channelPacketCompressed " , " rdp.channelPacket.compressed " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_PACKET_COMPRESSED ,
NULL , HFILL } } ,
{ & hf_rdp_channelPacketAtFront ,
{ " channelPacketAtFront " , " rdp.channelPacket.atFront " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_PACKET_AT_FRONT ,
NULL , HFILL } } ,
{ & hf_rdp_channelPacketFlushed ,
{ " channelPacketFlushed " , " rdp.channelPacket.flushed " ,
FT_UINT32 , BASE_HEX , NULL , CHANNEL_PACKET_FLUSHED ,
NULL , HFILL } } ,
{ & hf_rdp_channelPacketCompressionType ,
{ " channelPacketCompresssionType " , " rdp.channelPacket.compressionType " ,
FT_UINT32 , BASE_HEX , VALS ( rdp_channelCompressionType_vals ) , ChannelCompressionTypeMask ,
NULL , HFILL } } ,
{ & hf_rdp_wYear ,
{ " wYear " , " rdp.wYear " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wMonth ,
{ " wMonth " , " rdp.wMonth " ,
FT_UINT16 , BASE_DEC , VALS ( rdp_wMonth_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wDayOfWeek ,
{ " wDayOfWeek " , " rdp.wDayOfWeek " ,
FT_UINT16 , BASE_DEC , VALS ( rdp_wDayOfWeek_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wDay ,
{ " wDay " , " rdp.wDay " ,
FT_UINT16 , BASE_DEC , VALS ( rdp_wDay_vals ) , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wHour ,
{ " wHour " , " rdp.wHour " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wMinute ,
{ " wMinute " , " rdp.wMinute " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wSecond ,
{ " wSecond " , " rdp.wSecond " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_wMilliseconds ,
{ " wMilliseconds " , " rdp.wMilliseconds " ,
FT_UINT16 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_Bias ,
{ " Bias " , " rdp.Bias " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_StandardBias ,
{ " StandardBias " , " rdp.Bias.standard " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_DaylightBias ,
{ " DaylightBias " , " rdp.Bias.daylight " ,
FT_UINT32 , BASE_DEC , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_StandardName ,
{ " StandardName " , " rdp.Name.Standard " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* zero-padded, not null-terminated */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_StandardDate ,
{ " StandardDate " , " rdp.Date.Standard " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
{ & hf_rdp_DaylightName ,
{ " DaylightName " , " rdp.Name.Daylight " ,
2013-12-18 21:36:15 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0 , /* zero-padded, not null-terminated */
2011-09-21 07:35:51 +00:00
NULL , HFILL } } ,
{ & hf_rdp_DaylightDate ,
{ " DaylightDate " , " rdp.Date.Daylight " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
2012-11-23 21:11:47 +00:00
{ & hf_rdp_unused ,
{ " Unused " , " rdp.unused " ,
FT_NONE , BASE_NONE , NULL , 0 ,
NULL , HFILL } } ,
2011-09-21 07:35:51 +00:00
} ;
/* List of subtrees */
static gint * ett [ ] = {
2012-05-12 22:14:02 +00:00
& ett_rdp ,
& ett_rdp_ClientData ,
& ett_rdp_ServerData ,
& ett_rdp_SendData ,
& ett_rdp_capabilitySet ,
& ett_rdp_channelDef ,
& ett_rdp_channelDefArray ,
& ett_rdp_channelFlags ,
& ett_rdp_channelIdArray ,
& ett_rdp_channelPDUHeader ,
& ett_rdp_clientClusterData ,
& ett_rdp_clientCoreData ,
& ett_rdp_clientInfoPDU ,
& ett_rdp_clientNetworkData ,
& ett_rdp_clientSecurityData ,
& ett_rdp_clientUnknownData ,
& ett_rdp_compressedType ,
& ett_rdp_flags ,
& ett_rdp_mapFlags ,
& ett_rdp_options ,
& ett_rdp_pduType ,
& ett_rdp_securityExchangePDU ,
& ett_rdp_serverCoreData ,
& ett_rdp_serverNetworkData ,
& ett_rdp_serverSecurityData ,
& ett_rdp_serverUnknownData ,
& ett_rdp_shareControlHeader ,
& ett_rdp_validClientLicenseData ,
& ett_rdp_StandardDate ,
& ett_rdp_DaylightDate ,
& ett_rdp_clientTimeZone ,
2011-09-21 07:35:51 +00:00
} ;
module_t * rdp_module ;
/* Register protocol */
proto_rdp = proto_register_protocol ( PNAME , PSNAME , PFNAME ) ;
/* Register fields and subtrees */
proto_register_field_array ( proto_rdp , hf , array_length ( hf ) ) ;
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
/* new_register_dissector("rdp", dissect_rdp, proto_rdp); */
/* Register our configuration options for RDP, particularly our port */
rdp_module = prefs_register_protocol ( proto_rdp , prefs_register_rdp ) ;
prefs_register_uint_preference ( rdp_module , " tcp.port " , " RDP TCP Port " ,
2012-05-12 22:14:02 +00:00
" Set the port for RDP operations (if other "
" than the default of 3389) " ,
10 , & global_rdp_tcp_port ) ;
2011-09-21 07:35:51 +00:00
}
2011-09-25 15:09:44 +00:00
void
proto_reg_handoff_rdp ( void )
2011-09-21 07:35:51 +00:00
{
/* remember the tpkt handler for change in preferences */
tpkt_handle = find_dissector ( " tpkt " ) ;
prefs_register_rdp ( ) ;
register_t124_ns_dissector ( " Duca " , dissect_rdp_ClientData , proto_rdp ) ;
register_t124_ns_dissector ( " McDn " , dissect_rdp_ServerData , proto_rdp ) ;
}
2011-09-25 15:09:44 +00:00
static void
prefs_register_rdp ( void ) {
2011-09-21 07:35:51 +00:00
static guint tcp_port = 0 ;
/* de-register the old port */
/* port 102 is registered by TPKT - don't undo this! */
2012-05-12 22:14:02 +00:00
if ( ( tcp_port > 0 ) & & ( tcp_port ! = 102 ) & & tpkt_handle )
2011-09-21 07:35:51 +00:00
dissector_delete_uint ( " tcp.port " , tcp_port , tpkt_handle ) ;
/* Set our port number for future use */
tcp_port = global_rdp_tcp_port ;
2012-05-12 22:14:02 +00:00
if ( ( tcp_port > 0 ) & & ( tcp_port ! = 102 ) & & tpkt_handle )
2011-09-21 07:35:51 +00:00
dissector_add_uint ( " tcp.port " , tcp_port , tpkt_handle ) ;
}