1998-10-14 04:09:15 +00:00
|
|
|
/* packet-nbns.c
|
1999-09-03 01:43:09 +00:00
|
|
|
* Routines for NetBIOS-over-TCP packet disassembly (the name dates back
|
|
|
|
|
* to when it had only NBNS)
|
2001-11-13 23:55:44 +00:00
|
|
|
* Guy Harris <guy@alum.mit.edu>
|
1998-10-14 04:09:15 +00:00
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
1998-10-14 04:09:15 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
1998-10-14 04:09:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-10-14 04:09:15 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-10-14 04:09:15 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-10-14 04:09:15 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
# include "config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <string.h>
|
|
|
|
|
#include <glib.h>
|
2000-02-15 21:06:58 +00:00
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2006-03-20 10:52:53 +00:00
|
|
|
#include <epan/emem.h>
|
1998-10-14 19:35:00 +00:00
|
|
|
#include "packet-dns.h"
|
1999-09-03 01:43:09 +00:00
|
|
|
#include "packet-netbios.h"
|
2001-09-30 23:14:43 +00:00
|
|
|
#include "packet-tcp.h"
|
2002-01-07 00:16:32 +00:00
|
|
|
#include "packet-frame.h"
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2008-03-01 17:23:39 +00:00
|
|
|
#include <epan/strutil.h>
|
1998-10-14 04:09:15 +00:00
|
|
|
|
1999-07-29 05:47:07 +00:00
|
|
|
static int proto_nbns = -1;
|
2002-05-15 07:24:20 +00:00
|
|
|
static int hf_nbns_flags = -1;
|
|
|
|
|
static int hf_nbns_flags_response = -1;
|
|
|
|
|
static int hf_nbns_flags_opcode = -1;
|
|
|
|
|
static int hf_nbns_flags_authoritative = -1;
|
|
|
|
|
static int hf_nbns_flags_truncated = -1;
|
|
|
|
|
static int hf_nbns_flags_recdesired = -1;
|
|
|
|
|
static int hf_nbns_flags_recavail = -1;
|
|
|
|
|
static int hf_nbns_flags_broadcast = -1;
|
|
|
|
|
static int hf_nbns_flags_rcode = -1;
|
1999-10-17 12:53:01 +00:00
|
|
|
static int hf_nbns_transaction_id = -1;
|
|
|
|
|
static int hf_nbns_count_questions = -1;
|
|
|
|
|
static int hf_nbns_count_answers = -1;
|
|
|
|
|
static int hf_nbns_count_auth_rr = -1;
|
|
|
|
|
static int hf_nbns_count_add_rr = -1;
|
|
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_nbns = -1;
|
|
|
|
|
static gint ett_nbns_qd = -1;
|
|
|
|
|
static gint ett_nbns_flags = -1;
|
|
|
|
|
static gint ett_nbns_nb_flags = -1;
|
|
|
|
|
static gint ett_nbns_name_flags = -1;
|
|
|
|
|
static gint ett_nbns_rr = -1;
|
|
|
|
|
static gint ett_nbns_qry = -1;
|
|
|
|
|
static gint ett_nbns_ans = -1;
|
|
|
|
|
|
1999-07-29 05:47:07 +00:00
|
|
|
static int proto_nbdgm = -1;
|
1999-10-17 12:53:01 +00:00
|
|
|
static int hf_nbdgm_type = -1;
|
|
|
|
|
static int hf_nbdgm_fragment = -1;
|
|
|
|
|
static int hf_nbdgm_first = -1;
|
|
|
|
|
static int hf_nbdgm_node_type = -1;
|
|
|
|
|
static int hf_nbdgm_datagram_id = -1;
|
|
|
|
|
static int hf_nbdgm_src_ip = -1;
|
|
|
|
|
static int hf_nbdgm_src_port = -1;
|
|
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_nbdgm = -1;
|
|
|
|
|
|
1999-07-29 05:47:07 +00:00
|
|
|
static int proto_nbss = -1;
|
1999-10-17 12:53:01 +00:00
|
|
|
static int hf_nbss_type = -1;
|
|
|
|
|
static int hf_nbss_flags = -1;
|
2009-11-20 13:57:26 +00:00
|
|
|
static int hf_nbss_length = -1;
|
|
|
|
|
static int hf_nbss_cifs_length = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_nbss = -1;
|
|
|
|
|
static gint ett_nbss_flags = -1;
|
|
|
|
|
|
2001-09-13 07:56:53 +00:00
|
|
|
/* desegmentation of NBSS over TCP */
|
2001-09-17 02:07:00 +00:00
|
|
|
static gboolean nbss_desegment = TRUE;
|
2001-09-13 07:56:53 +00:00
|
|
|
|
2000-04-12 20:43:53 +00:00
|
|
|
/* See RFC 1001 and 1002 for information on the first three, and see
|
|
|
|
|
|
|
|
|
|
http://www.cifs.com/specs/draft-leach-cifs-v1-spec-01.txt
|
|
|
|
|
|
|
|
|
|
Appendix B, and various messages on the CIFS mailing list such as
|
|
|
|
|
|
|
|
|
|
http://discuss.microsoft.com/SCRIPTS/WA-MSD.EXE?A2=ind9811A&L=cifs&P=R386
|
|
|
|
|
|
|
|
|
|
for information on the fourth. */
|
2000-04-08 07:07:42 +00:00
|
|
|
#define UDP_PORT_NBNS 137
|
|
|
|
|
#define UDP_PORT_NBDGM 138
|
|
|
|
|
#define TCP_PORT_NBSS 139
|
2000-04-12 20:43:53 +00:00
|
|
|
#define TCP_PORT_CIFS 445
|
2000-04-08 07:07:42 +00:00
|
|
|
|
1998-10-14 04:09:15 +00:00
|
|
|
/* Packet structure taken from RFC 1002. See also RFC 1001.
|
1999-01-04 09:13:46 +00:00
|
|
|
* Opcode, flags, and rcode treated as "flags", similarly to DNS,
|
|
|
|
|
* to make it easier to lift the dissection code from "packet-dns.c". */
|
1998-10-14 04:09:15 +00:00
|
|
|
|
1999-01-04 09:13:46 +00:00
|
|
|
/* Offsets of fields in the NBNS header. */
|
|
|
|
|
#define NBNS_ID 0
|
|
|
|
|
#define NBNS_FLAGS 2
|
|
|
|
|
#define NBNS_QUEST 4
|
|
|
|
|
#define NBNS_ANS 6
|
|
|
|
|
#define NBNS_AUTH 8
|
|
|
|
|
#define NBNS_ADD 10
|
1998-10-14 04:09:15 +00:00
|
|
|
|
1999-01-04 09:13:46 +00:00
|
|
|
/* Length of NBNS header. */
|
|
|
|
|
#define NBNS_HDRLEN 12
|
1998-10-14 04:09:15 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
/* type values */
|
|
|
|
|
#define T_NB 32 /* NetBIOS name service RR */
|
|
|
|
|
#define T_NBSTAT 33 /* NetBIOS node status RR */
|
|
|
|
|
|
1999-01-04 09:13:46 +00:00
|
|
|
/* Bit fields in the flags */
|
|
|
|
|
#define F_RESPONSE (1<<15) /* packet is response */
|
|
|
|
|
#define F_OPCODE (0xF<<11) /* query opcode */
|
2002-05-15 07:24:20 +00:00
|
|
|
#define OPCODE_SHIFT 11
|
1999-01-04 09:13:46 +00:00
|
|
|
#define F_AUTHORITATIVE (1<<10) /* response is authoritative */
|
|
|
|
|
#define F_TRUNCATED (1<<9) /* response is truncated */
|
|
|
|
|
#define F_RECDESIRED (1<<8) /* recursion desired */
|
|
|
|
|
#define F_RECAVAIL (1<<7) /* recursion available */
|
|
|
|
|
#define F_BROADCAST (1<<4) /* broadcast/multicast packet */
|
|
|
|
|
#define F_RCODE (0xF<<0) /* reply code */
|
|
|
|
|
|
2002-05-15 07:24:20 +00:00
|
|
|
static const true_false_string tfs_flags_response = {
|
|
|
|
|
"Message is a response",
|
|
|
|
|
"Message is a query"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const true_false_string tfs_flags_authoritative = {
|
|
|
|
|
"Server is an authority for domain",
|
|
|
|
|
"Server is not an authority for domain"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const true_false_string tfs_flags_truncated = {
|
|
|
|
|
"Message is truncated",
|
|
|
|
|
"Message is not truncated"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const true_false_string tfs_flags_recdesired = {
|
|
|
|
|
"Do query recursively",
|
|
|
|
|
"Don't do query recursively"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const true_false_string tfs_flags_recavail = {
|
|
|
|
|
"Server can do recursive queries",
|
|
|
|
|
"Server can't do recursive queries"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const true_false_string tfs_flags_broadcast = {
|
|
|
|
|
"Broadcast packet",
|
|
|
|
|
"Not a broadcast packet"
|
|
|
|
|
};
|
|
|
|
|
|
1999-01-04 09:13:46 +00:00
|
|
|
/* Opcodes */
|
2002-05-15 07:24:20 +00:00
|
|
|
#define OPCODE_QUERY 0 /* standard query */
|
|
|
|
|
#define OPCODE_REGISTRATION 5 /* registration */
|
|
|
|
|
#define OPCODE_RELEASE 6 /* release name */
|
|
|
|
|
#define OPCODE_WACK 7 /* wait for acknowledgement */
|
|
|
|
|
#define OPCODE_REFRESH 8 /* refresh registration */
|
|
|
|
|
#define OPCODE_REFRESHALT 9 /* refresh registration (alternate opcode) */
|
|
|
|
|
#define OPCODE_MHREGISTRATION 15 /* multi-homed registration */
|
|
|
|
|
|
|
|
|
|
static const value_string opcode_vals[] = {
|
|
|
|
|
{ OPCODE_QUERY, "Name query" },
|
|
|
|
|
{ OPCODE_REGISTRATION, "Registration" },
|
|
|
|
|
{ OPCODE_RELEASE, "Release" },
|
|
|
|
|
{ OPCODE_WACK, "Wait for acknowledgment" },
|
|
|
|
|
{ OPCODE_REFRESH, "Refresh" },
|
|
|
|
|
{ OPCODE_REFRESHALT, "Refresh (alternate opcode)" },
|
|
|
|
|
{ OPCODE_MHREGISTRATION, "Multi-homed registration" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
1999-01-04 09:13:46 +00:00
|
|
|
|
|
|
|
|
/* Reply codes */
|
2002-05-15 07:24:20 +00:00
|
|
|
#define RCODE_NOERROR 0
|
|
|
|
|
#define RCODE_FMTERROR 1
|
|
|
|
|
#define RCODE_SERVFAIL 2
|
|
|
|
|
#define RCODE_NAMEERROR 3
|
|
|
|
|
#define RCODE_NOTIMPL 4
|
|
|
|
|
#define RCODE_REFUSED 5
|
|
|
|
|
#define RCODE_ACTIVE 6
|
|
|
|
|
#define RCODE_CONFLICT 7
|
|
|
|
|
|
|
|
|
|
static const value_string rcode_vals[] = {
|
|
|
|
|
{ RCODE_NOERROR, "No error" },
|
|
|
|
|
{ RCODE_FMTERROR, "Request was invalidly formatted" },
|
|
|
|
|
{ RCODE_SERVFAIL, "Server failure" },
|
|
|
|
|
{ RCODE_NAMEERROR, "Requested name does not exist" },
|
|
|
|
|
{ RCODE_NOTIMPL, "Request is not implemented" },
|
|
|
|
|
{ RCODE_REFUSED, "Request was refused" },
|
|
|
|
|
{ RCODE_ACTIVE, "Name is owned by another node" },
|
|
|
|
|
{ RCODE_CONFLICT, "Name is in conflict" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
1999-01-04 09:13:46 +00:00
|
|
|
|
1999-01-05 08:48:40 +00:00
|
|
|
/* Values for the "NB_FLAGS" field of RR data. From RFC 1001 and 1002,
|
|
|
|
|
* except for NB_FLAGS_ONT_H_NODE, which was discovered by looking at
|
|
|
|
|
* packet traces. */
|
|
|
|
|
#define NB_FLAGS_ONT (3<<(15-2)) /* bits for node type */
|
|
|
|
|
#define NB_FLAGS_ONT_B_NODE (0<<(15-2)) /* B-mode node */
|
|
|
|
|
#define NB_FLAGS_ONT_P_NODE (1<<(15-2)) /* P-mode node */
|
|
|
|
|
#define NB_FLAGS_ONT_M_NODE (2<<(15-2)) /* M-mode node */
|
|
|
|
|
#define NB_FLAGS_ONT_H_NODE (3<<(15-2)) /* H-mode node */
|
|
|
|
|
|
|
|
|
|
#define NB_FLAGS_G (1<<(15-0)) /* group name */
|
|
|
|
|
|
|
|
|
|
/* Values for the "NAME_FLAGS" field of a NODE_NAME entry in T_NBSTAT
|
2005-09-21 01:15:32 +00:00
|
|
|
* RR data. From RFC 1001 and 1002; as I remember, the "NAME_FLAGS"
|
|
|
|
|
* field doesn't include any special values for H-mode nodes, even
|
|
|
|
|
* though one can register them (if so, perhaps that was done to
|
|
|
|
|
* avoid surprising clients that don't know about H-mode nodes). */
|
1999-01-05 08:48:40 +00:00
|
|
|
#define NAME_FLAGS_PRM (1<<(15-6)) /* name is permanent node name */
|
|
|
|
|
|
|
|
|
|
#define NAME_FLAGS_ACT (1<<(15-5)) /* name is active */
|
|
|
|
|
|
|
|
|
|
#define NAME_FLAGS_CNF (1<<(15-4)) /* name is in conflict */
|
|
|
|
|
|
|
|
|
|
#define NAME_FLAGS_DRG (1<<(15-3)) /* name is being deregistered */
|
|
|
|
|
|
|
|
|
|
#define NAME_FLAGS_ONT (3<<(15-2)) /* bits for node type */
|
|
|
|
|
#define NAME_FLAGS_ONT_B_NODE (0<<(15-2)) /* B-mode node */
|
|
|
|
|
#define NAME_FLAGS_ONT_P_NODE (1<<(15-2)) /* P-mode node */
|
|
|
|
|
#define NAME_FLAGS_ONT_M_NODE (2<<(15-2)) /* M-mode node */
|
|
|
|
|
|
|
|
|
|
#define NAME_FLAGS_G (1<<(15-0)) /* group name */
|
|
|
|
|
|
2005-07-30 16:34:38 +00:00
|
|
|
static const char *
|
1998-10-14 19:35:00 +00:00
|
|
|
nbns_type_name (int type)
|
|
|
|
|
{
|
|
|
|
|
switch (type) {
|
|
|
|
|
case T_NB:
|
|
|
|
|
return "NB";
|
|
|
|
|
case T_NBSTAT:
|
|
|
|
|
return "NBSTAT";
|
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
return "unknown";
|
|
|
|
|
}
|
|
|
|
|
|
2000-11-19 16:58:57 +00:00
|
|
|
#define NBNAME_BUF_LEN 128
|
|
|
|
|
|
2004-12-26 00:22:16 +00:00
|
|
|
static proto_tree *
|
|
|
|
|
add_rr_to_tree(proto_item *trr, int rr_type, tvbuff_t *tvb, int offset,
|
2010-10-08 17:48:22 +00:00
|
|
|
const char *name, int namelen,
|
|
|
|
|
const char *type_name, const char *class_description,
|
|
|
|
|
guint ttl, gushort data_len)
|
2004-12-26 00:22:16 +00:00
|
|
|
{
|
|
|
|
|
proto_tree *rr_tree;
|
2010-09-23 21:46:31 +00:00
|
|
|
|
2004-12-26 00:22:16 +00:00
|
|
|
rr_tree = proto_item_add_subtree(trr, rr_type);
|
|
|
|
|
proto_tree_add_text(rr_tree, tvb, offset+1, namelen-1, "Name: %s", name);
|
|
|
|
|
offset += namelen;
|
|
|
|
|
proto_tree_add_text(rr_tree, tvb, offset, 2, "Type: %s", type_name);
|
|
|
|
|
offset += 2;
|
|
|
|
|
proto_tree_add_text(rr_tree, tvb, offset, 2, "Class: %s", class_description);
|
|
|
|
|
offset += 2;
|
|
|
|
|
proto_tree_add_text(rr_tree, tvb, offset, 4, "Time to live: %s",
|
|
|
|
|
time_secs_to_str(ttl));
|
|
|
|
|
offset += 4;
|
|
|
|
|
proto_tree_add_text(rr_tree, tvb, offset, 2, "Data length: %u", data_len);
|
|
|
|
|
return rr_tree;
|
|
|
|
|
}
|
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
static int
|
2001-07-02 07:11:40 +00:00
|
|
|
get_nbns_name(tvbuff_t *tvb, int offset, int nbns_data_offset,
|
2010-10-08 17:48:22 +00:00
|
|
|
char *name_ret, int name_ret_len, int *name_type_ret)
|
1998-10-14 19:35:00 +00:00
|
|
|
{
|
|
|
|
|
int name_len;
|
2009-03-23 12:41:56 +00:00
|
|
|
const guchar *name;
|
|
|
|
|
const guchar *nbname;
|
2008-06-25 09:12:35 +00:00
|
|
|
char *nbname_buf;
|
2009-03-23 12:41:56 +00:00
|
|
|
const guchar *pname;
|
2007-04-23 10:59:26 +00:00
|
|
|
char cname, cnbname;
|
1999-09-03 01:43:09 +00:00
|
|
|
int name_type;
|
2005-08-27 02:17:18 +00:00
|
|
|
char *pname_ret;
|
2010-01-18 23:16:10 +00:00
|
|
|
size_t idx = 0;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2008-06-25 09:12:35 +00:00
|
|
|
nbname_buf=ep_alloc(NBNAME_BUF_LEN);
|
|
|
|
|
nbname = nbname_buf;
|
2008-08-11 12:00:27 +00:00
|
|
|
/* XXX Fix data len */
|
|
|
|
|
name_len = get_dns_name(tvb, offset, 0, nbns_data_offset, &name);
|
1999-10-07 07:44:29 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
/* OK, now undo the first-level encoding. */
|
|
|
|
|
pname = &name[0];
|
2005-08-27 02:17:18 +00:00
|
|
|
pname_ret=name_ret;
|
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
for (;;) {
|
|
|
|
|
/* Every two characters of the first level-encoded name
|
|
|
|
|
* turn into one character in the decoded name. */
|
|
|
|
|
cname = *pname;
|
|
|
|
|
if (cname == '\0')
|
|
|
|
|
break; /* no more characters */
|
|
|
|
|
if (cname == '.')
|
|
|
|
|
break; /* scope ID follows */
|
|
|
|
|
if (cname < 'A' || cname > 'Z') {
|
|
|
|
|
/* Not legal. */
|
2006-01-20 21:18:18 +00:00
|
|
|
nbname="Illegal NetBIOS name (1st character not between A and Z in first-level encoding)";
|
1998-10-14 19:35:00 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
cname -= 'A';
|
|
|
|
|
cnbname = cname << 4;
|
|
|
|
|
pname++;
|
|
|
|
|
|
|
|
|
|
cname = *pname;
|
|
|
|
|
if (cname == '\0' || cname == '.') {
|
|
|
|
|
/* No more characters in the name - but we're in
|
|
|
|
|
* the middle of a pair. Not legal. */
|
2005-10-27 09:58:16 +00:00
|
|
|
nbname="Illegal NetBIOS name (odd number of bytes)";
|
1998-10-14 19:35:00 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
if (cname < 'A' || cname > 'Z') {
|
|
|
|
|
/* Not legal. */
|
2006-01-20 21:18:18 +00:00
|
|
|
nbname="Illegal NetBIOS name (2nd character not between A and Z in first-level encoding)";
|
1998-10-14 19:35:00 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
cname -= 'A';
|
|
|
|
|
cnbname |= cname;
|
|
|
|
|
pname++;
|
|
|
|
|
|
1999-09-03 01:43:09 +00:00
|
|
|
/* Do we have room to store the character? */
|
2010-01-18 23:16:10 +00:00
|
|
|
if (idx < NETBIOS_NAME_LEN) {
|
1999-09-03 01:43:09 +00:00
|
|
|
/* Yes - store the character. */
|
2010-01-18 23:16:10 +00:00
|
|
|
nbname_buf[idx++] = cnbname;
|
1999-09-03 01:43:09 +00:00
|
|
|
}
|
1998-10-14 19:35:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* NetBIOS names are supposed to be exactly 16 bytes long. */
|
2010-01-18 23:16:10 +00:00
|
|
|
if (idx != NETBIOS_NAME_LEN) {
|
1999-09-03 01:43:09 +00:00
|
|
|
/* It's not. */
|
2008-06-25 09:12:35 +00:00
|
|
|
g_snprintf(nbname_buf, NBNAME_BUF_LEN, "Illegal NetBIOS name (%lu bytes long)",
|
2010-01-18 23:16:10 +00:00
|
|
|
(unsigned long)idx);
|
1998-10-14 19:35:00 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
1999-09-03 01:43:09 +00:00
|
|
|
|
|
|
|
|
/* This one is; make its name printable. */
|
2006-01-20 21:18:18 +00:00
|
|
|
name_type = process_netbios_name(nbname, name_ret, name_ret_len);
|
2007-03-23 01:29:52 +00:00
|
|
|
pname_ret += MIN(strlen(name_ret), (size_t) name_ret_len);
|
2006-01-20 21:18:18 +00:00
|
|
|
pname_ret += MIN(name_ret_len-(pname_ret-name_ret),
|
2009-04-06 19:30:48 +00:00
|
|
|
g_snprintf(pname_ret, name_ret_len-(gulong)(pname_ret-name_ret), "<%02x>", name_type));
|
1998-10-14 19:35:00 +00:00
|
|
|
if (cname == '.') {
|
|
|
|
|
/* We have a scope ID, starting at "pname"; append that to
|
|
|
|
|
* the decoded host name. */
|
2009-04-06 19:30:48 +00:00
|
|
|
g_snprintf(pname_ret, name_ret_len-(gulong)(pname_ret-name_ret), "%s", pname);
|
1998-10-14 19:35:00 +00:00
|
|
|
}
|
1999-09-03 01:43:09 +00:00
|
|
|
if (name_type_ret != NULL)
|
|
|
|
|
*name_type_ret = name_type;
|
|
|
|
|
return name_len;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
|
|
|
|
bad:
|
1999-09-03 01:43:09 +00:00
|
|
|
if (name_type_ret != NULL)
|
|
|
|
|
*name_type_ret = -1;
|
2006-01-20 21:18:18 +00:00
|
|
|
/* This is only valid because nbname is always assigned an error string
|
|
|
|
|
* before jumping to bad: Otherwise nbname wouldn't be \0 terminated */
|
2009-04-06 19:30:48 +00:00
|
|
|
g_snprintf(pname_ret, name_ret_len-(gulong)(pname_ret-name_ret), "%s", nbname);
|
1998-11-21 04:00:31 +00:00
|
|
|
return name_len;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2001-07-02 07:11:40 +00:00
|
|
|
get_nbns_name_type_class(tvbuff_t *tvb, int offset, int nbns_data_offset,
|
2010-10-08 17:48:22 +00:00
|
|
|
char *name_ret, int *name_len_ret, int *name_type_ret,
|
|
|
|
|
int *type_ret, int *class_ret)
|
1998-11-21 04:00:31 +00:00
|
|
|
{
|
|
|
|
|
int name_len;
|
|
|
|
|
int type;
|
|
|
|
|
int class;
|
|
|
|
|
|
2010-09-23 21:46:31 +00:00
|
|
|
name_len = get_nbns_name(tvb, offset, nbns_data_offset, name_ret,
|
2005-08-27 02:17:18 +00:00
|
|
|
*name_len_ret, name_type_ret);
|
1999-10-07 09:21:38 +00:00
|
|
|
offset += name_len;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
type = tvb_get_ntohs(tvb, offset);
|
1998-11-21 04:00:31 +00:00
|
|
|
offset += 2;
|
1999-10-07 09:21:38 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
class = tvb_get_ntohs(tvb, offset);
|
1998-11-21 04:00:31 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
*type_ret = type;
|
|
|
|
|
*class_ret = class;
|
|
|
|
|
*name_len_ret = name_len;
|
|
|
|
|
|
1998-11-21 04:00:31 +00:00
|
|
|
return name_len + 4;
|
1998-10-14 19:35:00 +00:00
|
|
|
}
|
|
|
|
|
|
1999-09-03 01:43:09 +00:00
|
|
|
static void
|
2001-07-02 07:11:40 +00:00
|
|
|
add_name_and_type(proto_tree *tree, tvbuff_t *tvb, int offset, int len,
|
2010-10-08 17:48:22 +00:00
|
|
|
const char *tag, const char *name, int name_type)
|
1999-09-03 01:43:09 +00:00
|
|
|
{
|
|
|
|
|
if (name_type != -1) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(tree, tvb, offset, len, "%s: %s (%s)",
|
1999-09-03 01:43:09 +00:00
|
|
|
tag, name, netbios_name_type_descr(name_type));
|
|
|
|
|
} else {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(tree, tvb, offset, len, "%s: %s",
|
1999-09-03 01:43:09 +00:00
|
|
|
tag, name);
|
|
|
|
|
}
|
|
|
|
|
}
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2005-08-27 02:17:18 +00:00
|
|
|
#define MAX_NAME_LEN (NETBIOS_NAME_LEN - 1)*4 + MAXDNAME + 64
|
|
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
static int
|
2001-07-02 07:11:40 +00:00
|
|
|
dissect_nbns_query(tvbuff_t *tvb, int offset, int nbns_data_offset,
|
2010-10-08 17:48:22 +00:00
|
|
|
column_info *cinfo, proto_tree *nbns_tree)
|
1998-10-14 19:35:00 +00:00
|
|
|
{
|
|
|
|
|
int len;
|
2005-08-27 02:17:18 +00:00
|
|
|
char *name;
|
1998-10-14 19:35:00 +00:00
|
|
|
int name_len;
|
1999-09-03 01:43:09 +00:00
|
|
|
int name_type;
|
1998-10-14 19:35:00 +00:00
|
|
|
int type;
|
|
|
|
|
int class;
|
2005-07-30 16:34:38 +00:00
|
|
|
const char *type_name;
|
2001-07-02 07:11:40 +00:00
|
|
|
int data_offset;
|
|
|
|
|
int data_start;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *q_tree;
|
|
|
|
|
proto_item *tq;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2005-08-27 02:17:18 +00:00
|
|
|
name=ep_alloc(MAX_NAME_LEN);
|
2001-07-02 07:11:40 +00:00
|
|
|
data_start = data_offset = offset;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2005-08-27 02:17:18 +00:00
|
|
|
name_len=MAX_NAME_LEN;
|
2001-07-02 07:11:40 +00:00
|
|
|
len = get_nbns_name_type_class(tvb, offset, nbns_data_offset, name,
|
1999-09-03 01:43:09 +00:00
|
|
|
&name_len, &name_type, &type, &class);
|
2001-07-02 07:11:40 +00:00
|
|
|
data_offset += len;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
1998-10-15 06:40:51 +00:00
|
|
|
type_name = nbns_type_name(type);
|
|
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (cinfo != NULL)
|
|
|
|
|
col_append_fstr(cinfo, COL_INFO, " %s %s", type_name, name);
|
1999-11-08 09:16:52 +00:00
|
|
|
if (nbns_tree != NULL) {
|
2001-07-02 07:11:40 +00:00
|
|
|
tq = proto_tree_add_text(nbns_tree, tvb, offset, len,
|
2004-12-26 00:22:16 +00:00
|
|
|
"%s: type %s, class %s", name, type_name,
|
|
|
|
|
dns_class_name(class));
|
1999-11-16 11:44:20 +00:00
|
|
|
q_tree = proto_item_add_subtree(tq, ett_nbns_qd);
|
1998-10-15 06:40:51 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
add_name_and_type(q_tree, tvb, offset, name_len, "Name", name,
|
1999-11-08 09:16:52 +00:00
|
|
|
name_type);
|
|
|
|
|
offset += name_len;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(q_tree, tvb, offset, 2, "Type: %s", type_name);
|
1999-11-08 09:16:52 +00:00
|
|
|
offset += 2;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2004-12-26 00:22:16 +00:00
|
|
|
proto_tree_add_text(q_tree, tvb, offset, 2, "Class: %s",
|
2005-01-02 09:40:26 +00:00
|
|
|
dns_class_name(class));
|
1999-11-08 09:16:52 +00:00
|
|
|
offset += 2;
|
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
return data_offset - data_start;
|
1998-10-14 19:35:00 +00:00
|
|
|
}
|
|
|
|
|
|
1999-01-05 08:48:40 +00:00
|
|
|
static void
|
2002-09-12 00:10:58 +00:00
|
|
|
nbns_add_nbns_flags(column_info *cinfo, proto_tree *nbns_tree, tvbuff_t *tvb, int offset,
|
|
|
|
|
gushort flags, int is_wack)
|
1999-01-05 08:48:40 +00:00
|
|
|
{
|
2005-08-27 02:17:18 +00:00
|
|
|
char *buf;
|
2002-05-15 07:24:20 +00:00
|
|
|
guint16 opcode;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *field_tree;
|
|
|
|
|
proto_item *tf;
|
1999-01-05 08:48:40 +00:00
|
|
|
|
2005-10-27 09:58:16 +00:00
|
|
|
#define MAX_BUF_SIZE (128+1)
|
|
|
|
|
buf=ep_alloc(MAX_BUF_SIZE);
|
2004-01-05 19:31:44 +00:00
|
|
|
opcode = (guint16) ((flags & F_OPCODE) >> OPCODE_SHIFT);
|
2005-10-27 09:58:16 +00:00
|
|
|
g_snprintf(buf, MAX_BUF_SIZE, "%s", val_to_str(opcode, opcode_vals, "Unknown operation"));
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & F_RESPONSE && !is_wack) {
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, " response", MAX_BUF_SIZE);
|
|
|
|
|
g_strlcat(buf, ", ", MAX_BUF_SIZE);
|
|
|
|
|
g_strlcat(buf, val_to_str(flags & F_RCODE, rcode_vals, "Unknown error"), MAX_BUF_SIZE);
|
2008-02-02 17:25:40 +00:00
|
|
|
buf[MAX_BUF_SIZE-1] = '\0';
|
2010-10-08 17:48:22 +00:00
|
|
|
if ((flags & F_RCODE))
|
2002-09-12 00:10:58 +00:00
|
|
|
col_append_fstr(cinfo, COL_INFO, ", %s",
|
|
|
|
|
val_to_str(flags & F_RCODE, rcode_vals,
|
|
|
|
|
"Unknown error"));
|
1999-01-05 08:48:40 +00:00
|
|
|
}
|
2002-05-15 07:24:20 +00:00
|
|
|
tf = proto_tree_add_uint_format(nbns_tree, hf_nbns_flags,
|
|
|
|
|
tvb, offset, 2, flags, "Flags: 0x%04x (%s)", flags, buf);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_nbns_flags);
|
2002-05-15 07:24:20 +00:00
|
|
|
proto_tree_add_item(field_tree, hf_nbns_flags_response,
|
2011-10-10 00:39:31 +00:00
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
2002-05-15 07:24:20 +00:00
|
|
|
proto_tree_add_item(field_tree, hf_nbns_flags_opcode,
|
2011-10-06 03:35:44 +00:00
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & F_RESPONSE) {
|
2002-05-15 07:24:20 +00:00
|
|
|
proto_tree_add_item(field_tree, hf_nbns_flags_authoritative,
|
2011-10-10 00:39:31 +00:00
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
1999-01-05 08:48:40 +00:00
|
|
|
}
|
2002-05-15 07:24:20 +00:00
|
|
|
proto_tree_add_item(field_tree, hf_nbns_flags_truncated,
|
2011-10-10 00:39:31 +00:00
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
2002-05-15 07:24:20 +00:00
|
|
|
proto_tree_add_item(field_tree, hf_nbns_flags_recdesired,
|
2011-10-10 00:39:31 +00:00
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & F_RESPONSE) {
|
2002-05-15 07:24:20 +00:00
|
|
|
proto_tree_add_item(field_tree, hf_nbns_flags_recavail,
|
2011-10-10 00:39:31 +00:00
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
1999-01-05 08:48:40 +00:00
|
|
|
}
|
2002-05-15 07:24:20 +00:00
|
|
|
proto_tree_add_item(field_tree, hf_nbns_flags_broadcast,
|
2011-10-10 00:39:31 +00:00
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & F_RESPONSE && !is_wack) {
|
2002-05-15 07:24:20 +00:00
|
|
|
proto_tree_add_item(field_tree, hf_nbns_flags_rcode,
|
2011-10-06 03:35:44 +00:00
|
|
|
tvb, offset, 2, ENC_BIG_ENDIAN);
|
1999-01-05 08:48:40 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2002-08-02 23:36:07 +00:00
|
|
|
nbns_add_nb_flags(proto_tree *rr_tree, tvbuff_t *tvb, int offset, gushort flags)
|
1999-01-05 08:48:40 +00:00
|
|
|
{
|
2005-08-27 02:17:18 +00:00
|
|
|
char *buf;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *field_tree;
|
|
|
|
|
proto_item *tf;
|
1999-01-05 08:48:40 +00:00
|
|
|
static const value_string nb_flags_ont_vals[] = {
|
|
|
|
|
{ NB_FLAGS_ONT_B_NODE, "B-node" },
|
|
|
|
|
{ NB_FLAGS_ONT_P_NODE, "P-node" },
|
|
|
|
|
{ NB_FLAGS_ONT_M_NODE, "M-node" },
|
|
|
|
|
{ NB_FLAGS_ONT_H_NODE, "H-node" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2005-10-27 09:58:16 +00:00
|
|
|
buf=ep_alloc(MAX_BUF_SIZE);
|
|
|
|
|
g_snprintf(buf, MAX_BUF_SIZE, "%s", val_to_str(flags & NB_FLAGS_ONT, nb_flags_ont_vals,
|
1999-01-05 08:48:40 +00:00
|
|
|
"Unknown"));
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, ", ", MAX_BUF_SIZE);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & NB_FLAGS_G)
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, "group", MAX_BUF_SIZE);
|
1999-01-05 08:48:40 +00:00
|
|
|
else
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, "unique", MAX_BUF_SIZE);
|
2008-02-02 17:25:40 +00:00
|
|
|
buf[MAX_BUF_SIZE-1] = '\0';
|
2001-07-02 07:11:40 +00:00
|
|
|
tf = proto_tree_add_text(rr_tree, tvb, offset, 2, "Flags: 0x%x (%s)", flags,
|
1999-01-05 08:48:40 +00:00
|
|
|
buf);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_nbns_nb_flags);
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2, "%s",
|
1999-01-05 08:48:40 +00:00
|
|
|
decode_boolean_bitfield(flags, NB_FLAGS_G,
|
|
|
|
|
2*8,
|
|
|
|
|
"Group name",
|
|
|
|
|
"Unique name"));
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2, "%s",
|
1999-01-05 08:48:40 +00:00
|
|
|
decode_enumerated_bitfield(flags, NB_FLAGS_ONT,
|
|
|
|
|
2*8, nb_flags_ont_vals, "%s"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2001-07-02 07:11:40 +00:00
|
|
|
nbns_add_name_flags(proto_tree *rr_tree, tvbuff_t *tvb, int offset,
|
2010-10-08 17:48:22 +00:00
|
|
|
gushort flags)
|
1999-01-05 08:48:40 +00:00
|
|
|
{
|
2005-08-27 02:17:18 +00:00
|
|
|
char *buf;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_item *field_tree;
|
|
|
|
|
proto_item *tf;
|
1999-01-05 08:48:40 +00:00
|
|
|
static const value_string name_flags_ont_vals[] = {
|
|
|
|
|
{ NAME_FLAGS_ONT_B_NODE, "B-node" },
|
|
|
|
|
{ NAME_FLAGS_ONT_P_NODE, "P-node" },
|
|
|
|
|
{ NAME_FLAGS_ONT_M_NODE, "M-node" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2005-10-27 09:58:16 +00:00
|
|
|
buf=ep_alloc(MAX_BUF_SIZE);
|
|
|
|
|
g_snprintf(buf, MAX_BUF_SIZE, "%s", val_to_str(flags & NAME_FLAGS_ONT, name_flags_ont_vals,
|
1999-01-05 08:48:40 +00:00
|
|
|
"Unknown"));
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, ", ", MAX_BUF_SIZE);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & NAME_FLAGS_G)
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, "group", MAX_BUF_SIZE);
|
1999-01-05 08:48:40 +00:00
|
|
|
else
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, "unique", MAX_BUF_SIZE);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & NAME_FLAGS_DRG)
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, ", being deregistered", MAX_BUF_SIZE);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & NAME_FLAGS_CNF)
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, ", in conflict", MAX_BUF_SIZE);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & NAME_FLAGS_ACT)
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, ", active", MAX_BUF_SIZE);
|
1999-01-05 08:48:40 +00:00
|
|
|
if (flags & NAME_FLAGS_PRM)
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(buf, ", permanent node name", MAX_BUF_SIZE);
|
2008-02-02 17:25:40 +00:00
|
|
|
buf[MAX_BUF_SIZE-1] = '\0';
|
2001-07-02 07:11:40 +00:00
|
|
|
tf = proto_tree_add_text(rr_tree, tvb, offset, 2, "Name flags: 0x%x (%s)",
|
1999-01-05 08:48:40 +00:00
|
|
|
flags, buf);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_nbns_name_flags);
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2, "%s",
|
1999-01-05 08:48:40 +00:00
|
|
|
decode_boolean_bitfield(flags, NAME_FLAGS_G,
|
|
|
|
|
2*8,
|
|
|
|
|
"Group name",
|
|
|
|
|
"Unique name"));
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2, "%s",
|
1999-01-05 08:48:40 +00:00
|
|
|
decode_enumerated_bitfield(flags, NAME_FLAGS_ONT,
|
|
|
|
|
2*8, name_flags_ont_vals, "%s"));
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2, "%s",
|
1999-01-05 08:48:40 +00:00
|
|
|
decode_boolean_bitfield(flags, NAME_FLAGS_DRG,
|
|
|
|
|
2*8,
|
|
|
|
|
"Name is being deregistered",
|
|
|
|
|
"Name is not being deregistered"));
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2, "%s",
|
1999-01-05 08:48:40 +00:00
|
|
|
decode_boolean_bitfield(flags, NAME_FLAGS_CNF,
|
|
|
|
|
2*8,
|
|
|
|
|
"Name is in conflict",
|
|
|
|
|
"Name is not in conflict"));
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2, "%s",
|
1999-01-05 08:48:40 +00:00
|
|
|
decode_boolean_bitfield(flags, NAME_FLAGS_ACT,
|
|
|
|
|
2*8,
|
|
|
|
|
"Name is active",
|
|
|
|
|
"Name is not active"));
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2, "%s",
|
1999-01-05 08:48:40 +00:00
|
|
|
decode_boolean_bitfield(flags, NAME_FLAGS_PRM,
|
|
|
|
|
2*8,
|
|
|
|
|
"Permanent node name",
|
|
|
|
|
"Not permanent node name"));
|
|
|
|
|
}
|
1998-10-14 19:35:00 +00:00
|
|
|
|
|
|
|
|
static int
|
2001-07-02 07:11:40 +00:00
|
|
|
dissect_nbns_answer(tvbuff_t *tvb, int offset, int nbns_data_offset,
|
2010-10-08 17:48:22 +00:00
|
|
|
column_info *cinfo, proto_tree *nbns_tree, int opcode)
|
1998-10-14 19:35:00 +00:00
|
|
|
{
|
|
|
|
|
int len;
|
2005-08-27 02:17:18 +00:00
|
|
|
char *name;
|
1998-10-14 19:35:00 +00:00
|
|
|
int name_len;
|
1999-09-03 01:43:09 +00:00
|
|
|
int name_type;
|
1998-10-14 19:35:00 +00:00
|
|
|
int type;
|
|
|
|
|
int class;
|
2005-06-26 19:56:52 +00:00
|
|
|
const char *class_name;
|
2005-07-30 16:34:38 +00:00
|
|
|
const char *type_name;
|
2001-07-02 07:11:40 +00:00
|
|
|
int data_offset;
|
1999-10-07 07:44:29 +00:00
|
|
|
int cur_offset;
|
2001-07-02 07:11:40 +00:00
|
|
|
int data_start;
|
2002-08-02 23:36:07 +00:00
|
|
|
guint ttl;
|
|
|
|
|
gushort data_len;
|
|
|
|
|
gushort flags;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *rr_tree;
|
|
|
|
|
proto_item *trr;
|
2005-08-27 02:17:18 +00:00
|
|
|
char *name_str;
|
2002-08-02 23:36:07 +00:00
|
|
|
guint num_names;
|
2010-09-23 21:46:31 +00:00
|
|
|
char *nbname;
|
2002-08-02 23:36:07 +00:00
|
|
|
gushort name_flags;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
data_start = data_offset = offset;
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_offset = offset;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2005-08-27 02:17:18 +00:00
|
|
|
name=ep_alloc(MAX_NAME_LEN);
|
|
|
|
|
name_str=ep_alloc(MAX_NAME_LEN);
|
|
|
|
|
nbname=ep_alloc(16+4+1); /* 4 for [<last char>] */
|
|
|
|
|
|
|
|
|
|
name_len=MAX_NAME_LEN;
|
2001-07-02 07:11:40 +00:00
|
|
|
len = get_nbns_name_type_class(tvb, offset, nbns_data_offset, name,
|
1999-09-03 01:43:09 +00:00
|
|
|
&name_len, &name_type, &type, &class);
|
2001-07-02 07:11:40 +00:00
|
|
|
data_offset += len;
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_offset += len;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
|
|
|
|
type_name = nbns_type_name(type);
|
|
|
|
|
class_name = dns_class_name(class);
|
|
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
ttl = tvb_get_ntohl(tvb, data_offset);
|
|
|
|
|
data_offset += 4;
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_offset += 4;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
data_len = tvb_get_ntohs(tvb, data_offset);
|
|
|
|
|
data_offset += 2;
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_offset += 2;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
|
case T_NB: /* "NB" record */
|
2001-12-10 00:26:21 +00:00
|
|
|
if (cinfo != NULL) {
|
1999-11-08 09:16:52 +00:00
|
|
|
if (opcode != OPCODE_WACK) {
|
2001-12-10 00:26:21 +00:00
|
|
|
col_append_fstr(cinfo, COL_INFO, " %s %s",
|
2001-07-02 07:11:40 +00:00
|
|
|
type_name,
|
2011-01-14 03:44:58 +00:00
|
|
|
tvb_ip_to_str(tvb, data_offset+2));
|
1999-11-08 09:16:52 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (nbns_tree == NULL)
|
|
|
|
|
break;
|
2001-07-02 07:11:40 +00:00
|
|
|
trr = proto_tree_add_text(nbns_tree, tvb, offset,
|
|
|
|
|
(data_offset - data_start) + data_len,
|
1998-10-14 19:35:00 +00:00
|
|
|
"%s: type %s, class %s",
|
|
|
|
|
name, type_name, class_name);
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(name, " (", MAX_NAME_LEN);
|
|
|
|
|
g_strlcat(name, netbios_name_type_descr(name_type), MAX_NAME_LEN);
|
|
|
|
|
g_strlcat(name, ")", MAX_NAME_LEN);
|
2001-07-02 07:11:40 +00:00
|
|
|
rr_tree = add_rr_to_tree(trr, ett_nbns_rr, tvb, offset, name,
|
2005-01-02 09:40:26 +00:00
|
|
|
name_len, type_name, dns_class_name(class), ttl, data_len);
|
1998-10-14 19:35:00 +00:00
|
|
|
while (data_len > 0) {
|
1999-01-04 09:13:46 +00:00
|
|
|
if (opcode == OPCODE_WACK) {
|
1998-10-14 19:35:00 +00:00
|
|
|
/* WACK response. This doesn't contain the
|
|
|
|
|
* same type of RR data as other T_NB
|
|
|
|
|
* responses. */
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
flags = tvb_get_ntohs(tvb, cur_offset);
|
2002-09-12 00:10:58 +00:00
|
|
|
nbns_add_nbns_flags(cinfo, rr_tree, tvb, cur_offset,
|
1999-10-07 07:44:29 +00:00
|
|
|
flags, 1);
|
|
|
|
|
cur_offset += 2;
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len -= 2;
|
|
|
|
|
} else {
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
flags = tvb_get_ntohs(tvb, cur_offset);
|
|
|
|
|
nbns_add_nb_flags(rr_tree, tvb, cur_offset,
|
|
|
|
|
flags);
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_offset += 2;
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 4) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 4,
|
1998-10-14 22:37:02 +00:00
|
|
|
"Addr: %s",
|
2011-01-14 03:44:58 +00:00
|
|
|
tvb_ip_to_str(tvb, cur_offset));
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_offset += 4;
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len -= 4;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case T_NBSTAT: /* "NBSTAT" record */
|
2001-12-10 00:26:21 +00:00
|
|
|
if (cinfo != NULL)
|
|
|
|
|
col_append_fstr(cinfo, COL_INFO, " %s", type_name);
|
1999-11-08 09:16:52 +00:00
|
|
|
if (nbns_tree == NULL)
|
|
|
|
|
break;
|
2001-07-02 07:11:40 +00:00
|
|
|
trr = proto_tree_add_text(nbns_tree, tvb, offset,
|
|
|
|
|
(data_offset - data_start) + data_len,
|
1999-11-08 09:16:52 +00:00
|
|
|
"%s: type %s, class %s",
|
|
|
|
|
name, type_name, class_name);
|
2001-07-02 07:11:40 +00:00
|
|
|
rr_tree = add_rr_to_tree(trr, ett_nbns_rr, tvb, offset, name,
|
2005-01-02 09:40:26 +00:00
|
|
|
name_len, type_name, dns_class_name(class), ttl, data_len);
|
1999-11-08 09:16:52 +00:00
|
|
|
if (data_len < 1) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
num_names = tvb_get_guint8(tvb, cur_offset);
|
|
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 1,
|
1999-11-08 09:16:52 +00:00
|
|
|
"Number of names: %u", num_names);
|
|
|
|
|
cur_offset += 1;
|
|
|
|
|
|
|
|
|
|
while (num_names != 0) {
|
|
|
|
|
if (data_len < NETBIOS_NAME_LEN) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len, "(incomplete entry)");
|
1999-11-08 09:16:52 +00:00
|
|
|
goto out;
|
1998-10-14 19:35:00 +00:00
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
tvb_memcpy(tvb, (guint8 *)nbname, cur_offset,
|
|
|
|
|
NETBIOS_NAME_LEN);
|
1999-11-08 09:16:52 +00:00
|
|
|
name_type = process_netbios_name(nbname,
|
2006-01-20 21:18:18 +00:00
|
|
|
name_str, name_len);
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
NETBIOS_NAME_LEN, "Name: %s<%02x> (%s)",
|
|
|
|
|
name_str, name_type,
|
|
|
|
|
netbios_name_type_descr(name_type));
|
|
|
|
|
cur_offset += NETBIOS_NAME_LEN;
|
|
|
|
|
data_len -= NETBIOS_NAME_LEN;
|
1998-10-14 19:35:00 +00:00
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len, "(incomplete entry)");
|
1999-11-08 09:16:52 +00:00
|
|
|
goto out;
|
1998-10-14 19:35:00 +00:00
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
name_flags = tvb_get_ntohs(tvb, cur_offset);
|
|
|
|
|
nbns_add_name_flags(rr_tree, tvb, cur_offset,
|
|
|
|
|
name_flags);
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_offset += 2;
|
1998-10-14 19:35:00 +00:00
|
|
|
data_len -= 2;
|
|
|
|
|
|
1999-11-08 09:16:52 +00:00
|
|
|
num_names--;
|
|
|
|
|
}
|
1998-10-14 19:35:00 +00:00
|
|
|
|
1999-11-08 09:16:52 +00:00
|
|
|
if (data_len < 6) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 6,
|
1999-11-08 09:16:52 +00:00
|
|
|
"Unit ID: %s",
|
2011-01-21 02:48:55 +00:00
|
|
|
tvb_ether_to_str(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 6;
|
|
|
|
|
data_len -= 6;
|
|
|
|
|
|
|
|
|
|
if (data_len < 1) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 1,
|
|
|
|
|
"Jumpers: 0x%x", tvb_get_guint8(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 1;
|
|
|
|
|
data_len -= 1;
|
|
|
|
|
|
|
|
|
|
if (data_len < 1) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 1,
|
|
|
|
|
"Test result: 0x%x", tvb_get_guint8(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 1;
|
|
|
|
|
data_len -= 1;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Version number: 0x%x", tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Period of statistics: 0x%x",
|
|
|
|
|
tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Number of CRCs: %u", tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Number of alignment errors: %u",
|
|
|
|
|
tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Number of collisions: %u", tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Number of send aborts: %u", tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 4) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 4,
|
|
|
|
|
"Number of good sends: %u", tvb_get_ntohl(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 4;
|
|
|
|
|
data_len -= 4;
|
|
|
|
|
|
|
|
|
|
if (data_len < 4) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 4,
|
|
|
|
|
"Number of good receives: %u",
|
|
|
|
|
tvb_get_ntohl(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 4;
|
|
|
|
|
data_len -= 4;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Number of retransmits: %u", tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Number of no resource conditions: %u",
|
|
|
|
|
tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Number of command blocks: %u",
|
|
|
|
|
tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Number of pending sessions: %u",
|
|
|
|
|
tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Max number of pending sessions: %u",
|
|
|
|
|
tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
2001-07-02 07:11:40 +00:00
|
|
|
data_len -= 2;
|
1999-11-08 09:16:52 +00:00
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Max total sessions possible: %u",
|
|
|
|
|
tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
|
|
|
|
|
|
|
|
|
if (data_len < 2) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset,
|
1999-11-08 09:16:52 +00:00
|
|
|
data_len, "(incomplete entry)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, 2,
|
|
|
|
|
"Session data packet size: %u",
|
|
|
|
|
tvb_get_ntohs(tvb, cur_offset));
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_offset += 2;
|
|
|
|
|
data_len -= 2;
|
1998-10-14 19:35:00 +00:00
|
|
|
out:
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
2001-12-10 00:26:21 +00:00
|
|
|
if (cinfo != NULL)
|
|
|
|
|
col_append_fstr(cinfo, COL_INFO, " %s", type_name);
|
1999-11-08 09:16:52 +00:00
|
|
|
if (nbns_tree == NULL)
|
|
|
|
|
break;
|
2001-07-02 07:11:40 +00:00
|
|
|
trr = proto_tree_add_text(nbns_tree, tvb, offset,
|
|
|
|
|
(data_offset - data_start) + data_len,
|
1998-10-14 19:35:00 +00:00
|
|
|
"%s: type %s, class %s",
|
|
|
|
|
name, type_name, class_name);
|
2001-07-02 07:11:40 +00:00
|
|
|
rr_tree = add_rr_to_tree(trr, ett_nbns_rr, tvb, offset, name,
|
2005-01-02 09:40:26 +00:00
|
|
|
name_len, type_name, dns_class_name(class), ttl, data_len);
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(rr_tree, tvb, cur_offset, data_len, "Data");
|
|
|
|
|
cur_offset += data_len;
|
1998-10-14 19:35:00 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
return cur_offset - data_start;
|
1998-10-14 19:35:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2001-07-02 07:11:40 +00:00
|
|
|
dissect_query_records(tvbuff_t *tvb, int cur_off, int nbns_data_offset,
|
2010-10-08 17:48:22 +00:00
|
|
|
int count, column_info *cinfo, proto_tree *nbns_tree)
|
1998-10-14 19:35:00 +00:00
|
|
|
{
|
1999-10-07 07:44:29 +00:00
|
|
|
int start_off, add_off;
|
1999-11-08 09:16:52 +00:00
|
|
|
proto_tree *qatree = NULL;
|
|
|
|
|
proto_item *ti = NULL;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
start_off = cur_off;
|
1999-11-08 09:16:52 +00:00
|
|
|
if (nbns_tree != NULL) {
|
Allow a length of -1 to be specified when adding FT_NONE and FT_PROTOCOL
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
2002-01-20 22:12:39 +00:00
|
|
|
ti = proto_tree_add_text(nbns_tree, tvb, start_off, -1, "Queries");
|
1999-11-16 11:44:20 +00:00
|
|
|
qatree = proto_item_add_subtree(ti, ett_nbns_qry);
|
1999-11-08 09:16:52 +00:00
|
|
|
}
|
1999-10-07 07:44:29 +00:00
|
|
|
while (count-- > 0) {
|
2001-07-02 07:11:40 +00:00
|
|
|
add_off = dissect_nbns_query(tvb, cur_off, nbns_data_offset,
|
2001-12-10 00:26:21 +00:00
|
|
|
cinfo, qatree);
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_off += add_off;
|
|
|
|
|
}
|
1999-11-08 09:16:52 +00:00
|
|
|
if (ti != NULL)
|
|
|
|
|
proto_item_set_len(ti, cur_off - start_off);
|
1998-10-14 19:35:00 +00:00
|
|
|
|
|
|
|
|
return cur_off - start_off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2001-07-02 07:11:40 +00:00
|
|
|
dissect_answer_records(tvbuff_t *tvb, int cur_off, int nbns_data_offset,
|
2010-10-08 17:48:22 +00:00
|
|
|
int count, column_info *cinfo, proto_tree *nbns_tree,
|
|
|
|
|
int opcode, const char *name)
|
1998-10-14 19:35:00 +00:00
|
|
|
{
|
1999-10-07 07:44:29 +00:00
|
|
|
int start_off, add_off;
|
1999-11-08 09:16:52 +00:00
|
|
|
proto_tree *qatree = NULL;
|
|
|
|
|
proto_item *ti = NULL;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1998-10-14 19:35:00 +00:00
|
|
|
start_off = cur_off;
|
1999-11-08 09:16:52 +00:00
|
|
|
if (nbns_tree != NULL) {
|
2008-10-31 15:11:57 +00:00
|
|
|
ti = proto_tree_add_text(nbns_tree, tvb, start_off, -1, "%s", name);
|
1999-11-16 11:44:20 +00:00
|
|
|
qatree = proto_item_add_subtree(ti, ett_nbns_ans);
|
1999-11-08 09:16:52 +00:00
|
|
|
}
|
1999-10-07 07:44:29 +00:00
|
|
|
while (count-- > 0) {
|
2001-07-02 07:11:40 +00:00
|
|
|
add_off = dissect_nbns_answer(tvb, cur_off, nbns_data_offset,
|
2001-12-10 00:26:21 +00:00
|
|
|
cinfo, qatree, opcode);
|
1999-10-07 07:44:29 +00:00
|
|
|
cur_off += add_off;
|
|
|
|
|
}
|
1999-11-08 09:16:52 +00:00
|
|
|
if (ti != NULL)
|
|
|
|
|
proto_item_set_len(ti, cur_off - start_off);
|
1998-10-14 19:35:00 +00:00
|
|
|
return cur_off - start_off;
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-08 07:07:42 +00:00
|
|
|
static void
|
2001-07-02 07:11:40 +00:00
|
|
|
dissect_nbns(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
1998-10-14 04:09:15 +00:00
|
|
|
{
|
2001-07-02 07:11:40 +00:00
|
|
|
int offset = 0;
|
1999-10-07 07:44:29 +00:00
|
|
|
int nbns_data_offset;
|
2001-12-10 00:26:21 +00:00
|
|
|
column_info *cinfo;
|
1999-11-08 09:16:52 +00:00
|
|
|
proto_tree *nbns_tree = NULL;
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_item *ti;
|
2011-06-19 18:47:35 +00:00
|
|
|
guint16 id, flags, opcode, quest, ans, auth, add;
|
1998-10-14 19:35:00 +00:00
|
|
|
int cur_off;
|
1998-10-14 04:09:15 +00:00
|
|
|
|
1999-10-07 07:44:29 +00:00
|
|
|
nbns_data_offset = offset;
|
|
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NBNS");
|
2009-08-09 07:36:13 +00:00
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
1998-10-14 19:35:00 +00:00
|
|
|
|
1999-01-04 09:13:46 +00:00
|
|
|
/* To do: check for runts, errs, etc. */
|
2001-07-02 07:11:40 +00:00
|
|
|
id = tvb_get_ntohs(tvb, offset + NBNS_ID);
|
|
|
|
|
flags = tvb_get_ntohs(tvb, offset + NBNS_FLAGS);
|
2004-01-05 19:31:44 +00:00
|
|
|
opcode = (guint16) ((flags & F_OPCODE) >> OPCODE_SHIFT);
|
2001-07-02 07:11:40 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "%s%s",
|
2002-05-15 07:24:20 +00:00
|
|
|
val_to_str(opcode, opcode_vals, "Unknown operation (%u)"),
|
1999-01-04 09:13:46 +00:00
|
|
|
(flags & F_RESPONSE) ? " response" : "");
|
2001-12-10 00:26:21 +00:00
|
|
|
cinfo = pinfo->cinfo;
|
1999-11-08 09:16:52 +00:00
|
|
|
} else {
|
2001-12-10 00:26:21 +00:00
|
|
|
/* Set "cinfo" to NULL; we pass a NULL "cinfo" to the query
|
|
|
|
|
and answer dissectors, as a way of saying that they
|
|
|
|
|
shouldn't add stuff to the COL_INFO column (a call to
|
|
|
|
|
"check_col(cinfo, COL_INFO)" is more expensive than
|
|
|
|
|
a check that a pointer isn't NULL). */
|
|
|
|
|
cinfo = NULL;
|
1998-10-14 04:09:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (tree) {
|
Allow a length of -1 to be specified when adding FT_NONE and FT_PROTOCOL
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
2002-01-20 22:12:39 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_nbns, tvb, offset, -1,
|
2011-10-21 02:10:19 +00:00
|
|
|
ENC_NA);
|
1999-11-16 11:44:20 +00:00
|
|
|
nbns_tree = proto_item_add_subtree(ti, ett_nbns);
|
1998-10-14 04:09:15 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_uint(nbns_tree, hf_nbns_transaction_id, tvb,
|
1999-10-17 12:53:01 +00:00
|
|
|
offset + NBNS_ID, 2, id);
|
1999-01-04 09:13:46 +00:00
|
|
|
|
2002-09-12 00:10:58 +00:00
|
|
|
nbns_add_nbns_flags(pinfo->cinfo, nbns_tree, tvb, offset + NBNS_FLAGS,
|
2001-07-02 07:11:40 +00:00
|
|
|
flags, 0);
|
|
|
|
|
}
|
|
|
|
|
quest = tvb_get_ntohs(tvb, offset + NBNS_QUEST);
|
|
|
|
|
if (tree) {
|
|
|
|
|
proto_tree_add_uint(nbns_tree, hf_nbns_count_questions, tvb,
|
1999-10-17 12:53:01 +00:00
|
|
|
offset + NBNS_QUEST, 2, quest);
|
2001-07-02 07:11:40 +00:00
|
|
|
}
|
|
|
|
|
ans = tvb_get_ntohs(tvb, offset + NBNS_ANS);
|
|
|
|
|
if (tree) {
|
|
|
|
|
proto_tree_add_uint(nbns_tree, hf_nbns_count_answers, tvb,
|
1999-10-17 12:53:01 +00:00
|
|
|
offset + NBNS_ANS, 2, ans);
|
2001-07-02 07:11:40 +00:00
|
|
|
}
|
|
|
|
|
auth = tvb_get_ntohs(tvb, offset + NBNS_AUTH);
|
|
|
|
|
if (tree) {
|
|
|
|
|
proto_tree_add_uint(nbns_tree, hf_nbns_count_auth_rr, tvb,
|
1999-10-17 12:53:01 +00:00
|
|
|
offset + NBNS_AUTH, 2, auth);
|
2001-07-02 07:11:40 +00:00
|
|
|
}
|
|
|
|
|
add = tvb_get_ntohs(tvb, offset + NBNS_ADD);
|
|
|
|
|
if (tree) {
|
|
|
|
|
proto_tree_add_uint(nbns_tree, hf_nbns_count_add_rr, tvb,
|
1999-10-17 12:53:01 +00:00
|
|
|
offset + NBNS_ADD, 2, add);
|
1999-11-08 09:16:52 +00:00
|
|
|
}
|
1999-01-04 09:13:46 +00:00
|
|
|
|
1999-11-08 09:16:52 +00:00
|
|
|
cur_off = offset + NBNS_HDRLEN;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1999-11-08 09:16:52 +00:00
|
|
|
if (quest > 0) {
|
|
|
|
|
/* If this is a response, don't add information about the
|
|
|
|
|
queries to the summary, just add information about the
|
|
|
|
|
answers. */
|
2001-07-02 07:11:40 +00:00
|
|
|
cur_off += dissect_query_records(tvb, cur_off,
|
1999-11-08 09:16:52 +00:00
|
|
|
nbns_data_offset, quest,
|
2001-12-10 00:26:21 +00:00
|
|
|
(!(flags & F_RESPONSE) ? cinfo : NULL), nbns_tree);
|
1999-11-08 09:16:52 +00:00
|
|
|
}
|
1998-10-14 19:35:00 +00:00
|
|
|
|
1999-11-08 09:16:52 +00:00
|
|
|
if (ans > 0) {
|
|
|
|
|
/* If this is a request, don't add information about the
|
|
|
|
|
answers to the summary, just add information about the
|
|
|
|
|
queries. */
|
2001-07-02 07:11:40 +00:00
|
|
|
cur_off += dissect_answer_records(tvb, cur_off,
|
1999-11-08 09:16:52 +00:00
|
|
|
nbns_data_offset, ans,
|
2001-12-10 00:26:21 +00:00
|
|
|
((flags & F_RESPONSE) ? cinfo : NULL), nbns_tree,
|
2002-05-15 07:24:20 +00:00
|
|
|
opcode, "Answers");
|
1999-11-08 09:16:52 +00:00
|
|
|
}
|
1998-10-14 19:35:00 +00:00
|
|
|
|
1999-11-08 09:16:52 +00:00
|
|
|
if (tree) {
|
|
|
|
|
/* Don't add information about the authoritative name
|
|
|
|
|
servers, or the additional records, to the summary. */
|
1999-01-04 09:13:46 +00:00
|
|
|
if (auth > 0)
|
2001-07-02 07:11:40 +00:00
|
|
|
cur_off += dissect_answer_records(tvb, cur_off,
|
1999-10-07 07:44:29 +00:00
|
|
|
nbns_data_offset,
|
2002-05-15 07:24:20 +00:00
|
|
|
auth, NULL, nbns_tree, opcode,
|
1998-10-14 19:35:00 +00:00
|
|
|
"Authoritative nameservers");
|
|
|
|
|
|
1999-01-04 09:13:46 +00:00
|
|
|
if (add > 0)
|
2001-07-02 07:11:40 +00:00
|
|
|
cur_off += dissect_answer_records(tvb, cur_off,
|
1999-10-07 07:44:29 +00:00
|
|
|
nbns_data_offset,
|
2002-05-15 07:24:20 +00:00
|
|
|
add, NULL, nbns_tree, opcode,
|
1999-01-04 09:13:46 +00:00
|
|
|
"Additional records");
|
1998-10-14 04:09:15 +00:00
|
|
|
}
|
|
|
|
|
}
|
1998-11-20 05:54:08 +00:00
|
|
|
|
1999-04-30 03:16:03 +00:00
|
|
|
/* NetBIOS datagram packet, from RFC 1002, page 32 */
|
|
|
|
|
struct nbdgm_header {
|
|
|
|
|
guint8 msg_type;
|
|
|
|
|
struct {
|
|
|
|
|
guint8 more;
|
|
|
|
|
guint8 first;
|
|
|
|
|
guint8 node_type;
|
|
|
|
|
} flags;
|
|
|
|
|
guint16 dgm_id;
|
|
|
|
|
guint32 src_ip;
|
|
|
|
|
guint16 src_port;
|
|
|
|
|
|
|
|
|
|
/* For packets with data */
|
|
|
|
|
guint16 dgm_length;
|
|
|
|
|
guint16 pkt_offset;
|
|
|
|
|
|
|
|
|
|
/* For error packets */
|
|
|
|
|
guint8 error_code;
|
|
|
|
|
};
|
1998-11-20 05:54:08 +00:00
|
|
|
|
2001-08-05 10:00:35 +00:00
|
|
|
/*
|
|
|
|
|
* NBDS message types.
|
|
|
|
|
*/
|
|
|
|
|
#define NBDS_DIRECT_UNIQUE 0x10
|
|
|
|
|
#define NBDS_DIRECT_GROUP 0x11
|
|
|
|
|
#define NBDS_BROADCAST 0x12
|
|
|
|
|
#define NBDS_ERROR 0x13
|
|
|
|
|
#define NBDS_QUERY_REQUEST 0x14
|
|
|
|
|
#define NBDS_POS_QUERY_RESPONSE 0x15
|
|
|
|
|
#define NBDS_NEG_QUERY_RESPONSE 0x16
|
|
|
|
|
|
|
|
|
|
static const value_string nbds_msgtype_vals[] = {
|
|
|
|
|
{ NBDS_DIRECT_UNIQUE, "Direct_unique datagram" },
|
|
|
|
|
{ NBDS_DIRECT_GROUP, "Direct_group datagram" },
|
|
|
|
|
{ NBDS_BROADCAST, "Broadcast datagram" },
|
|
|
|
|
{ NBDS_ERROR, "Datagram error" },
|
|
|
|
|
{ NBDS_QUERY_REQUEST, "Datagram query request" },
|
|
|
|
|
{ NBDS_POS_QUERY_RESPONSE, "Datagram positive query response" },
|
|
|
|
|
{ NBDS_NEG_QUERY_RESPONSE, "Datagram negative query response" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const value_string node_type_vals[] = {
|
|
|
|
|
{ 0, "B node" },
|
|
|
|
|
{ 1, "P node" },
|
|
|
|
|
{ 2, "M node" },
|
|
|
|
|
{ 3, "NBDD" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2000-04-08 07:07:42 +00:00
|
|
|
static void
|
2001-07-02 07:11:40 +00:00
|
|
|
dissect_nbdgm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
1998-11-20 05:54:08 +00:00
|
|
|
{
|
2001-07-02 07:11:40 +00:00
|
|
|
int offset = 0;
|
1999-05-10 22:07:09 +00:00
|
|
|
proto_tree *nbdgm_tree = NULL;
|
2001-08-05 10:00:35 +00:00
|
|
|
proto_item *ti = NULL;
|
1998-11-20 05:54:08 +00:00
|
|
|
struct nbdgm_header header;
|
|
|
|
|
int flags;
|
|
|
|
|
int message_index;
|
2001-08-05 10:00:35 +00:00
|
|
|
tvbuff_t *next_tvb;
|
1998-11-20 05:54:08 +00:00
|
|
|
|
2001-08-05 10:00:35 +00:00
|
|
|
static const value_string error_codes[] = {
|
1998-11-20 05:54:08 +00:00
|
|
|
{ 0x82, "Destination name not present" },
|
|
|
|
|
{ 0x83, "Invalid source name format" },
|
|
|
|
|
{ 0x84, "Invalid destination name format" },
|
|
|
|
|
{ 0x00, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2005-08-27 02:17:18 +00:00
|
|
|
char *name;
|
1999-09-03 01:43:09 +00:00
|
|
|
int name_type;
|
1998-11-21 04:00:31 +00:00
|
|
|
int len;
|
1998-11-20 05:54:08 +00:00
|
|
|
|
2005-08-27 02:17:18 +00:00
|
|
|
name=ep_alloc(MAX_NAME_LEN);
|
|
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NBDS");
|
2009-08-09 07:36:13 +00:00
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
header.msg_type = tvb_get_guint8(tvb, offset);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
flags = tvb_get_guint8(tvb, offset+1);
|
1998-11-20 05:54:08 +00:00
|
|
|
header.flags.more = flags & 1;
|
|
|
|
|
header.flags.first = (flags & 2) >> 1;
|
|
|
|
|
header.flags.node_type = (flags & 12) >> 2;
|
|
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
header.dgm_id = tvb_get_ntohs(tvb, offset+2);
|
2005-09-11 21:25:37 +00:00
|
|
|
header.src_ip = tvb_get_ipv4(tvb, offset+4);
|
2001-07-02 07:11:40 +00:00
|
|
|
header.src_port = tvb_get_ntohs(tvb, offset+8);
|
1998-11-20 05:54:08 +00:00
|
|
|
|
2007-03-22 15:19:49 +00:00
|
|
|
/* avoid gcc warnings */
|
|
|
|
|
header.dgm_length = 0;
|
|
|
|
|
header.pkt_offset = 0;
|
|
|
|
|
header.error_code = 0;
|
2001-08-05 10:00:35 +00:00
|
|
|
switch (header.msg_type) {
|
|
|
|
|
|
|
|
|
|
case NBDS_DIRECT_UNIQUE:
|
|
|
|
|
case NBDS_DIRECT_GROUP:
|
|
|
|
|
case NBDS_BROADCAST:
|
2001-07-02 07:11:40 +00:00
|
|
|
header.dgm_length = tvb_get_ntohs(tvb, offset+10);
|
|
|
|
|
header.pkt_offset = tvb_get_ntohs(tvb, offset+12);
|
2001-08-05 10:00:35 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case NBDS_ERROR:
|
2004-01-06 02:42:50 +00:00
|
|
|
header.error_code = tvb_get_guint8(tvb, offset+10);
|
2001-08-05 10:00:35 +00:00
|
|
|
break;
|
1998-11-20 05:54:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message_index = header.msg_type - 0x0f;
|
|
|
|
|
if (message_index < 1 || message_index > 8) {
|
|
|
|
|
message_index = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2010-10-08 17:48:22 +00:00
|
|
|
col_add_str(pinfo->cinfo, COL_INFO,
|
2001-08-05 10:00:35 +00:00
|
|
|
val_to_str(header.msg_type, nbds_msgtype_vals,
|
2010-10-08 17:48:22 +00:00
|
|
|
"Unknown message type (0x%02X)"));
|
1998-11-20 05:54:08 +00:00
|
|
|
|
|
|
|
|
if (tree) {
|
Allow a length of -1 to be specified when adding FT_NONE and FT_PROTOCOL
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
2002-01-20 22:12:39 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_nbdgm, tvb, offset, -1,
|
2011-10-21 02:10:19 +00:00
|
|
|
ENC_NA);
|
1999-11-16 11:44:20 +00:00
|
|
|
nbdgm_tree = proto_item_add_subtree(ti, ett_nbdgm);
|
1998-11-20 05:54:08 +00:00
|
|
|
|
2001-08-05 10:00:35 +00:00
|
|
|
proto_tree_add_uint(nbdgm_tree, hf_nbdgm_type, tvb,
|
2002-08-28 21:04:11 +00:00
|
|
|
offset, 1,
|
2001-08-05 10:00:35 +00:00
|
|
|
header.msg_type);
|
|
|
|
|
proto_tree_add_boolean(nbdgm_tree, hf_nbdgm_fragment, tvb,
|
2002-08-28 21:04:11 +00:00
|
|
|
offset+1, 1,
|
2001-08-05 10:00:35 +00:00
|
|
|
header.flags.more);
|
|
|
|
|
proto_tree_add_boolean(nbdgm_tree, hf_nbdgm_first, tvb,
|
2002-08-28 21:04:11 +00:00
|
|
|
offset+1, 1,
|
2001-08-05 10:00:35 +00:00
|
|
|
header.flags.first);
|
|
|
|
|
proto_tree_add_uint(nbdgm_tree, hf_nbdgm_node_type, tvb,
|
2002-08-28 21:04:11 +00:00
|
|
|
offset+1, 1,
|
2001-08-05 10:00:35 +00:00
|
|
|
header.flags.node_type);
|
1999-10-17 12:53:01 +00:00
|
|
|
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_uint(nbdgm_tree, hf_nbdgm_datagram_id, tvb,
|
1999-10-17 12:53:01 +00:00
|
|
|
offset+2, 2, header.dgm_id);
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_ipv4(nbdgm_tree, hf_nbdgm_src_ip, tvb,
|
1999-10-17 12:53:01 +00:00
|
|
|
offset+4, 4, header.src_ip);
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_uint(nbdgm_tree, hf_nbdgm_src_port, tvb,
|
1999-10-17 12:53:01 +00:00
|
|
|
offset+8, 2, header.src_port);
|
|
|
|
|
|
1999-05-10 22:07:09 +00:00
|
|
|
}
|
1998-11-20 05:54:08 +00:00
|
|
|
|
1999-05-10 22:07:09 +00:00
|
|
|
offset += 10;
|
1998-11-20 05:54:08 +00:00
|
|
|
|
2001-08-05 10:00:35 +00:00
|
|
|
switch (header.msg_type) {
|
1998-11-20 05:54:08 +00:00
|
|
|
|
2001-08-05 10:00:35 +00:00
|
|
|
case NBDS_DIRECT_UNIQUE:
|
|
|
|
|
case NBDS_DIRECT_GROUP:
|
|
|
|
|
case NBDS_BROADCAST:
|
1999-05-10 22:07:09 +00:00
|
|
|
if (tree) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(nbdgm_tree, tvb, offset, 2,
|
1998-11-20 05:54:08 +00:00
|
|
|
"Datagram length: %d bytes", header.dgm_length);
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(nbdgm_tree, tvb, offset+2, 2,
|
1998-11-20 05:54:08 +00:00
|
|
|
"Packet offset: %d bytes", header.pkt_offset);
|
1999-05-10 22:07:09 +00:00
|
|
|
}
|
1998-11-20 05:54:08 +00:00
|
|
|
|
1999-05-10 22:07:09 +00:00
|
|
|
offset += 4;
|
1998-11-20 05:54:08 +00:00
|
|
|
|
1999-05-10 22:07:09 +00:00
|
|
|
/* Source name */
|
2005-08-27 02:17:18 +00:00
|
|
|
len = get_nbns_name(tvb, offset, offset, name, MAX_NAME_LEN, &name_type);
|
1998-11-20 05:54:08 +00:00
|
|
|
|
1999-05-10 22:07:09 +00:00
|
|
|
if (tree) {
|
2001-07-02 07:11:40 +00:00
|
|
|
add_name_and_type(nbdgm_tree, tvb, offset, len,
|
1999-09-03 01:43:09 +00:00
|
|
|
"Source name", name, name_type);
|
1999-05-10 22:07:09 +00:00
|
|
|
}
|
|
|
|
|
offset += len;
|
1998-11-20 05:54:08 +00:00
|
|
|
|
1999-05-10 22:07:09 +00:00
|
|
|
/* Destination name */
|
2005-08-27 02:17:18 +00:00
|
|
|
len = get_nbns_name(tvb, offset, offset, name, MAX_NAME_LEN, &name_type);
|
1998-11-20 05:54:08 +00:00
|
|
|
|
1999-05-10 22:07:09 +00:00
|
|
|
if (tree) {
|
2001-07-02 07:11:40 +00:00
|
|
|
add_name_and_type(nbdgm_tree, tvb, offset, len,
|
1999-09-03 01:43:09 +00:00
|
|
|
"Destination name", name, name_type);
|
1998-11-20 05:54:08 +00:00
|
|
|
}
|
1999-05-10 22:07:09 +00:00
|
|
|
offset += len;
|
|
|
|
|
|
2001-08-05 10:00:35 +00:00
|
|
|
/*
|
|
|
|
|
* Here we can pass the packet off to the next protocol.
|
|
|
|
|
* Set the length of our top-level tree item to include
|
|
|
|
|
* only our stuff.
|
2001-11-21 02:01:06 +00:00
|
|
|
*
|
|
|
|
|
* XXX - take the datagram length into account?
|
2001-08-05 10:00:35 +00:00
|
|
|
*/
|
2010-11-02 18:43:26 +00:00
|
|
|
if (ti != NULL)
|
|
|
|
|
proto_item_set_len(ti, offset);
|
2009-08-16 12:36:22 +00:00
|
|
|
next_tvb = tvb_new_subset_remaining(tvb, offset);
|
2001-09-29 00:57:36 +00:00
|
|
|
dissect_netbios_payload(next_tvb, pinfo, tree);
|
2001-08-05 10:00:35 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case NBDS_ERROR:
|
1999-05-10 22:07:09 +00:00
|
|
|
if (tree) {
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(nbdgm_tree, tvb, offset, 1, "Error code: %s",
|
1998-11-21 04:00:31 +00:00
|
|
|
val_to_str(header.error_code, error_codes, "Unknown (0x%x)"));
|
1998-11-20 05:54:08 +00:00
|
|
|
}
|
2001-08-05 10:00:35 +00:00
|
|
|
offset += 1;
|
2010-11-02 18:43:26 +00:00
|
|
|
if (ti != NULL)
|
|
|
|
|
proto_item_set_len(ti, offset);
|
2001-08-05 10:00:35 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case NBDS_QUERY_REQUEST:
|
|
|
|
|
case NBDS_POS_QUERY_RESPONSE:
|
|
|
|
|
case NBDS_NEG_QUERY_RESPONSE:
|
1999-05-10 22:07:09 +00:00
|
|
|
/* Destination name */
|
2005-08-27 02:17:18 +00:00
|
|
|
len = get_nbns_name(tvb, offset, offset, name, MAX_NAME_LEN, &name_type);
|
1998-11-20 05:54:08 +00:00
|
|
|
|
1999-05-10 22:07:09 +00:00
|
|
|
if (tree) {
|
2001-07-02 07:11:40 +00:00
|
|
|
add_name_and_type(nbdgm_tree, tvb, offset, len,
|
1999-09-03 01:43:09 +00:00
|
|
|
"Destination name", name, name_type);
|
1998-11-20 05:54:08 +00:00
|
|
|
}
|
2001-08-05 10:00:35 +00:00
|
|
|
offset += len;
|
2010-11-02 18:43:26 +00:00
|
|
|
if (ti != NULL)
|
|
|
|
|
proto_item_set_len(ti, offset);
|
2001-08-05 10:00:35 +00:00
|
|
|
break;
|
1998-11-20 05:54:08 +00:00
|
|
|
}
|
|
|
|
|
}
|
1999-04-30 03:16:03 +00:00
|
|
|
|
|
|
|
|
/*
|
2011-01-26 20:29:44 +00:00
|
|
|
* NetBIOS Session Service message types (RFC 1002).
|
1999-04-30 03:16:03 +00:00
|
|
|
*/
|
|
|
|
|
#define SESSION_MESSAGE 0x00
|
|
|
|
|
#define SESSION_REQUEST 0x81
|
|
|
|
|
#define POSITIVE_SESSION_RESPONSE 0x82
|
|
|
|
|
#define NEGATIVE_SESSION_RESPONSE 0x83
|
|
|
|
|
#define RETARGET_SESSION_RESPONSE 0x84
|
|
|
|
|
#define SESSION_KEEP_ALIVE 0x85
|
|
|
|
|
|
|
|
|
|
static const value_string message_types[] = {
|
|
|
|
|
{ SESSION_MESSAGE, "Session message" },
|
|
|
|
|
{ SESSION_REQUEST, "Session request" },
|
|
|
|
|
{ POSITIVE_SESSION_RESPONSE, "Positive session response" },
|
|
|
|
|
{ NEGATIVE_SESSION_RESPONSE, "Negative session response" },
|
|
|
|
|
{ RETARGET_SESSION_RESPONSE, "Retarget session response" },
|
|
|
|
|
{ SESSION_KEEP_ALIVE, "Session keep-alive" },
|
|
|
|
|
{ 0x0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* NetBIOS Session Service flags.
|
|
|
|
|
*/
|
|
|
|
|
#define NBSS_FLAGS_E 0x1
|
|
|
|
|
|
|
|
|
|
static const value_string error_codes[] = {
|
|
|
|
|
{ 0x80, "Not listening on called name" },
|
|
|
|
|
{ 0x81, "Not listening for called name" },
|
|
|
|
|
{ 0x82, "Called name not present" },
|
|
|
|
|
{ 0x83, "Called name present, but insufficient resources" },
|
|
|
|
|
{ 0x8F, "Unspecified error" },
|
|
|
|
|
{ 0x0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
2000-04-12 20:43:53 +00:00
|
|
|
* Dissect a single NBSS packet (there may be more than one in a given
|
|
|
|
|
* TCP segment).
|
|
|
|
|
*
|
|
|
|
|
* [ Hmmm, in my experience, I have never seen more than one NBSS in a
|
|
|
|
|
* single segment, since they mostly contain SMBs which are essentially
|
|
|
|
|
* a request response type protocol (RJS). ]
|
|
|
|
|
*
|
|
|
|
|
* [ However, under heavy load with many requests multiplexed on one
|
|
|
|
|
* session it is not unusual to see multiple requests in one TCP
|
|
|
|
|
* segment. Unfortunately, in this case a single session message is
|
|
|
|
|
* frequently split over multiple segments, which frustrates decoding
|
|
|
|
|
* (MMM). ]
|
1999-04-30 03:16:03 +00:00
|
|
|
*/
|
|
|
|
|
static int
|
2001-07-02 07:11:40 +00:00
|
|
|
dissect_nbss_packet(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2010-10-08 17:48:22 +00:00
|
|
|
proto_tree *tree, int is_cifs)
|
1999-04-30 03:16:03 +00:00
|
|
|
{
|
1999-05-10 20:02:57 +00:00
|
|
|
proto_tree *nbss_tree = NULL;
|
2001-08-05 10:00:35 +00:00
|
|
|
proto_item *ti = NULL;
|
1999-04-30 03:16:03 +00:00
|
|
|
proto_tree *field_tree;
|
|
|
|
|
proto_item *tf;
|
|
|
|
|
guint8 msg_type;
|
|
|
|
|
guint8 flags;
|
2002-01-07 00:16:32 +00:00
|
|
|
volatile int length;
|
2002-02-28 23:09:03 +00:00
|
|
|
int length_remaining;
|
1999-04-30 03:16:03 +00:00
|
|
|
int len;
|
2005-08-27 02:17:18 +00:00
|
|
|
char *name;
|
1999-09-03 01:43:09 +00:00
|
|
|
int name_type;
|
2001-09-29 00:57:36 +00:00
|
|
|
gint reported_len;
|
|
|
|
|
tvbuff_t *next_tvb;
|
2002-01-07 00:16:32 +00:00
|
|
|
const char *saved_proto;
|
2010-10-08 17:48:22 +00:00
|
|
|
void *pd_save;
|
1999-04-30 03:16:03 +00:00
|
|
|
|
2005-08-27 02:17:18 +00:00
|
|
|
name=ep_alloc(MAX_NAME_LEN);
|
|
|
|
|
|
2002-02-28 23:09:03 +00:00
|
|
|
/* Desegmentation */
|
|
|
|
|
length_remaining = tvb_length_remaining(tvb, offset);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Can we do reassembly?
|
|
|
|
|
*/
|
|
|
|
|
if (nbss_desegment && pinfo->can_desegment) {
|
|
|
|
|
/*
|
|
|
|
|
* Yes - is the NBSS header split across segment boundaries?
|
|
|
|
|
*/
|
|
|
|
|
if (length_remaining < 4) {
|
|
|
|
|
/*
|
|
|
|
|
* Yes. Tell our caller how many more bytes
|
|
|
|
|
* we need.
|
|
|
|
|
*/
|
|
|
|
|
return -(4 - length_remaining);
|
|
|
|
|
}
|
|
|
|
|
}
|
2000-04-12 20:43:53 +00:00
|
|
|
|
2002-02-28 23:09:03 +00:00
|
|
|
/*
|
|
|
|
|
* Get the length of the NBSS message.
|
|
|
|
|
*/
|
2000-04-12 20:43:53 +00:00
|
|
|
if (is_cifs) {
|
|
|
|
|
flags = 0;
|
2001-07-02 07:11:40 +00:00
|
|
|
length = tvb_get_ntoh24(tvb, offset + 1);
|
2000-04-12 20:43:53 +00:00
|
|
|
} else {
|
2001-07-02 07:11:40 +00:00
|
|
|
flags = tvb_get_guint8(tvb, offset + 1);
|
|
|
|
|
length = tvb_get_ntohs(tvb, offset + 2);
|
2000-04-12 20:43:53 +00:00
|
|
|
if (flags & NBSS_FLAGS_E)
|
|
|
|
|
length += 65536;
|
|
|
|
|
}
|
1999-04-30 03:16:03 +00:00
|
|
|
|
2004-02-24 09:40:38 +00:00
|
|
|
/* give a hint to TCP where the next PDU starts
|
|
|
|
|
* so that it can attempt to find it in case it starts
|
|
|
|
|
* somewhere in the middle of a segment.
|
|
|
|
|
*/
|
|
|
|
|
if(!pinfo->fd->flags.visited){
|
2005-08-25 07:45:57 +00:00
|
|
|
/* 'Only' SMB is transported ontop of this so make sure
|
|
|
|
|
* there is an SMB header there ...
|
|
|
|
|
*/
|
|
|
|
|
if( ((length+4)>tvb_reported_length_remaining(tvb, offset))
|
|
|
|
|
&&(tvb_length_remaining(tvb, offset)>=8)
|
|
|
|
|
&&(tvb_get_guint8(tvb,offset+5)=='S')
|
|
|
|
|
&&(tvb_get_guint8(tvb,offset+6)=='M')
|
|
|
|
|
&&(tvb_get_guint8(tvb,offset+7)=='B') ){
|
2004-02-24 09:40:38 +00:00
|
|
|
pinfo->want_pdu_tracking=2;
|
|
|
|
|
pinfo->bytes_until_next_pdu=(length+4)-tvb_reported_length_remaining(tvb, offset);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2002-02-28 23:09:03 +00:00
|
|
|
/*
|
|
|
|
|
* Can we do reassembly?
|
|
|
|
|
*/
|
|
|
|
|
if (nbss_desegment && pinfo->can_desegment) {
|
|
|
|
|
/*
|
|
|
|
|
* Yes - is the NBSS message split across segment boundaries?
|
|
|
|
|
*/
|
|
|
|
|
if (length_remaining < length + 4) {
|
2001-09-13 07:56:53 +00:00
|
|
|
/*
|
2002-02-28 23:09:03 +00:00
|
|
|
* Yes. Tell our caller how many more bytes
|
|
|
|
|
* we need.
|
2001-09-13 07:56:53 +00:00
|
|
|
*/
|
2002-02-28 23:09:03 +00:00
|
|
|
return -((length + 4) - length_remaining);
|
2001-09-13 07:56:53 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2002-02-28 23:09:03 +00:00
|
|
|
msg_type = tvb_get_guint8(tvb, offset);
|
|
|
|
|
|
1999-05-09 04:16:36 +00:00
|
|
|
if (tree) {
|
2011-10-21 02:10:19 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_nbss, tvb, offset, length + 4, ENC_NA);
|
1999-11-16 11:44:20 +00:00
|
|
|
nbss_tree = proto_item_add_subtree(ti, ett_nbss);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2011-01-26 20:29:44 +00:00
|
|
|
proto_tree_add_item(nbss_tree, hf_nbss_type, tvb, offset, 1, ENC_NA);
|
1999-05-09 04:16:36 +00:00
|
|
|
}
|
1999-04-30 03:16:03 +00:00
|
|
|
|
|
|
|
|
offset += 1;
|
|
|
|
|
|
2000-04-12 20:43:53 +00:00
|
|
|
if (is_cifs) {
|
|
|
|
|
if (tree) {
|
2011-10-06 03:35:44 +00:00
|
|
|
proto_tree_add_item(nbss_tree, hf_nbss_cifs_length, tvb, offset, 3, ENC_BIG_ENDIAN);
|
2000-04-12 20:43:53 +00:00
|
|
|
}
|
|
|
|
|
offset += 3;
|
|
|
|
|
} else {
|
|
|
|
|
if (tree) {
|
2001-07-02 07:11:40 +00:00
|
|
|
tf = proto_tree_add_uint(nbss_tree, hf_nbss_flags, tvb, offset, 1, flags);
|
2000-04-12 20:43:53 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_nbss_flags);
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1, "%s",
|
1999-05-09 04:16:36 +00:00
|
|
|
decode_boolean_bitfield(flags, NBSS_FLAGS_E,
|
2000-04-12 20:43:53 +00:00
|
|
|
8, "Add 65536 to length", "Add 0 to length"));
|
|
|
|
|
}
|
|
|
|
|
offset += 1;
|
1999-05-09 04:16:36 +00:00
|
|
|
|
2000-04-12 20:43:53 +00:00
|
|
|
if (tree) {
|
2009-11-20 14:12:15 +00:00
|
|
|
proto_tree_add_uint_format(nbss_tree, hf_nbss_length, tvb, offset, 2,
|
|
|
|
|
length, "Length: %u", length);
|
2000-04-12 20:43:53 +00:00
|
|
|
}
|
1999-04-30 03:16:03 +00:00
|
|
|
|
2000-04-12 20:43:53 +00:00
|
|
|
offset += 2;
|
1999-05-09 04:16:36 +00:00
|
|
|
}
|
|
|
|
|
|
1999-04-30 03:16:03 +00:00
|
|
|
switch (msg_type) {
|
|
|
|
|
|
|
|
|
|
case SESSION_REQUEST:
|
2005-08-27 02:17:18 +00:00
|
|
|
len = get_nbns_name(tvb, offset, offset, name, MAX_NAME_LEN, &name_type);
|
1999-05-09 04:16:36 +00:00
|
|
|
if (tree)
|
2001-07-02 07:11:40 +00:00
|
|
|
add_name_and_type(nbss_tree, tvb, offset, len,
|
1999-09-03 01:43:09 +00:00
|
|
|
"Called name", name, name_type);
|
1999-05-09 04:16:36 +00:00
|
|
|
offset += len;
|
|
|
|
|
|
2010-10-08 17:48:22 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ", to %s ", name);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-08-27 02:17:18 +00:00
|
|
|
len = get_nbns_name(tvb, offset, offset, name, MAX_NAME_LEN, &name_type);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1999-05-09 04:16:36 +00:00
|
|
|
if (tree)
|
2001-07-02 07:11:40 +00:00
|
|
|
add_name_and_type(nbss_tree, tvb, offset, len,
|
1999-09-03 01:43:09 +00:00
|
|
|
"Calling name", name, name_type);
|
1999-05-09 04:16:36 +00:00
|
|
|
|
2010-10-08 17:48:22 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, "from %s", name);
|
2002-08-07 00:43:13 +00:00
|
|
|
|
1999-05-09 04:16:36 +00:00
|
|
|
break;
|
1999-04-30 03:16:03 +00:00
|
|
|
|
|
|
|
|
case NEGATIVE_SESSION_RESPONSE:
|
2002-08-28 21:04:11 +00:00
|
|
|
if (tree)
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(nbss_tree, tvb, offset, 1,
|
1999-05-09 04:16:36 +00:00
|
|
|
"Error code: %s",
|
2001-07-02 07:11:40 +00:00
|
|
|
val_to_str(tvb_get_guint8(tvb, offset),
|
|
|
|
|
error_codes, "Unknown (%x)"));
|
2002-08-07 00:43:13 +00:00
|
|
|
|
2010-10-08 17:48:22 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
|
|
|
|
|
val_to_str(tvb_get_guint8(tvb, offset),
|
|
|
|
|
error_codes, "Unknown (%x)"));
|
2002-08-07 00:43:13 +00:00
|
|
|
|
1999-05-09 04:16:36 +00:00
|
|
|
break;
|
1999-04-30 03:16:03 +00:00
|
|
|
|
|
|
|
|
case RETARGET_SESSION_RESPONSE:
|
1999-05-09 04:16:36 +00:00
|
|
|
if (tree)
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(nbss_tree, tvb, offset, 4,
|
1999-05-09 04:16:36 +00:00
|
|
|
"Retarget IP address: %s",
|
2011-01-14 03:44:58 +00:00
|
|
|
tvb_ip_to_str(tvb, offset));
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1999-05-09 04:16:36 +00:00
|
|
|
offset += 4;
|
1999-04-30 03:16:03 +00:00
|
|
|
|
1999-05-09 04:16:36 +00:00
|
|
|
if (tree)
|
2001-07-02 07:11:40 +00:00
|
|
|
proto_tree_add_text(nbss_tree, tvb, offset, 2,
|
|
|
|
|
"Retarget port: %u",
|
|
|
|
|
tvb_get_ntohs(tvb, offset));
|
1999-05-09 04:16:36 +00:00
|
|
|
|
|
|
|
|
break;
|
1999-04-30 03:16:03 +00:00
|
|
|
|
|
|
|
|
case SESSION_MESSAGE:
|
1999-05-09 04:16:36 +00:00
|
|
|
/*
|
2001-09-29 00:57:36 +00:00
|
|
|
* Here we can pass the message off to the next protocol.
|
2001-08-05 10:00:35 +00:00
|
|
|
* Set the length of our top-level tree item to include
|
|
|
|
|
* only our stuff.
|
1999-05-09 04:16:36 +00:00
|
|
|
*/
|
2001-09-29 00:57:36 +00:00
|
|
|
len = tvb_length_remaining(tvb, offset);
|
|
|
|
|
reported_len = tvb_reported_length_remaining(tvb, offset);
|
|
|
|
|
if (len > length)
|
|
|
|
|
len = length;
|
|
|
|
|
if (reported_len > length)
|
|
|
|
|
reported_len = length;
|
2002-01-07 00:16:32 +00:00
|
|
|
|
2002-01-07 00:57:46 +00:00
|
|
|
next_tvb = tvb_new_subset(tvb, offset, len, reported_len);
|
|
|
|
|
|
2002-01-07 00:16:32 +00:00
|
|
|
/*
|
|
|
|
|
* Catch the ReportedBoundsError exception; if this
|
|
|
|
|
* particular message happens to get a ReportedBoundsError
|
|
|
|
|
* exception, that doesn't mean that we should stop
|
|
|
|
|
* dissecting NetBIOS messages within this frame or chunk
|
|
|
|
|
* of reassembled data.
|
|
|
|
|
*
|
|
|
|
|
* If it gets a BoundsError, we can stop, as there's nothing
|
|
|
|
|
* more to see, so we just re-throw it.
|
|
|
|
|
*/
|
2002-01-07 00:57:46 +00:00
|
|
|
saved_proto = pinfo->current_proto;
|
2010-10-08 17:48:22 +00:00
|
|
|
pd_save = pinfo->private_data;
|
2002-01-07 00:57:46 +00:00
|
|
|
TRY {
|
2002-01-07 00:16:32 +00:00
|
|
|
dissect_netbios_payload(next_tvb, pinfo, tree);
|
2002-01-07 00:57:46 +00:00
|
|
|
}
|
|
|
|
|
CATCH(BoundsError) {
|
|
|
|
|
RETHROW;
|
|
|
|
|
}
|
|
|
|
|
CATCH(ReportedBoundsError) {
|
2010-10-08 17:48:22 +00:00
|
|
|
/* Restore the private_data structure in case one of the
|
|
|
|
|
* called dissectors modified it (and, due to the exception,
|
|
|
|
|
* was unable to restore it).
|
|
|
|
|
*/
|
|
|
|
|
pinfo->private_data = pd_save;
|
Add support for reassembling RPC-over-TCP fragments, and do that in both
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
2002-02-18 23:51:55 +00:00
|
|
|
show_reported_bounds_error(tvb, pinfo, tree);
|
2002-01-07 00:16:32 +00:00
|
|
|
pinfo->current_proto = saved_proto;
|
2002-01-07 00:57:46 +00:00
|
|
|
}
|
|
|
|
|
ENDTRY;
|
1999-05-09 04:16:36 +00:00
|
|
|
break;
|
|
|
|
|
|
1999-04-30 03:16:03 +00:00
|
|
|
}
|
|
|
|
|
return length + 4;
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-08 07:07:42 +00:00
|
|
|
static void
|
2001-07-02 07:11:40 +00:00
|
|
|
dissect_nbss(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
1999-04-30 03:16:03 +00:00
|
|
|
{
|
2001-11-03 00:58:52 +00:00
|
|
|
struct tcpinfo *tcpinfo = pinfo->private_data;
|
2001-07-02 07:11:40 +00:00
|
|
|
int offset = 0;
|
1999-08-18 00:57:54 +00:00
|
|
|
int max_data;
|
2001-09-30 23:14:43 +00:00
|
|
|
guint8 msg_type;
|
|
|
|
|
guint8 flags;
|
|
|
|
|
guint32 length;
|
2001-07-02 07:11:40 +00:00
|
|
|
int len;
|
|
|
|
|
gboolean is_cifs;
|
2001-09-30 23:14:43 +00:00
|
|
|
proto_tree *nbss_tree;
|
|
|
|
|
proto_item *ti;
|
1999-04-30 03:16:03 +00:00
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NBSS");
|
2009-08-09 07:36:13 +00:00
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
max_data = tvb_length(tvb);
|
2001-07-02 07:11:40 +00:00
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
msg_type = tvb_get_guint8(tvb, offset);
|
2000-04-12 20:43:53 +00:00
|
|
|
|
2010-12-20 05:35:29 +00:00
|
|
|
if (pinfo->match_uint == TCP_PORT_CIFS) {
|
2000-04-12 21:42:31 +00:00
|
|
|
/*
|
|
|
|
|
* Windows 2000 CIFS clients can dispense completely
|
|
|
|
|
* with the NETBIOS encapsulation and directly use CIFS
|
|
|
|
|
* over TCP. As would be expected, the framing is
|
|
|
|
|
* identical, except that the length is 24 bits instead
|
|
|
|
|
* of 17. The only message types used are
|
|
|
|
|
* SESSION_MESSAGE and SESSION_KEEP_ALIVE.
|
|
|
|
|
*/
|
2000-04-12 20:43:53 +00:00
|
|
|
is_cifs = TRUE;
|
|
|
|
|
} else {
|
|
|
|
|
is_cifs = FALSE;
|
|
|
|
|
}
|
1999-04-30 03:16:03 +00:00
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
/*
|
|
|
|
|
* This might be a continuation of an earlier message.
|
|
|
|
|
* (Yes, that might be true even if we're doing TCP reassembly,
|
|
|
|
|
* as the first TCP segment in the capture might start in the
|
|
|
|
|
* middle of an NBNS message.)
|
|
|
|
|
*/
|
1999-08-21 08:45:09 +00:00
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
/*
|
|
|
|
|
* If this isn't reassembled data, check to see whether it
|
|
|
|
|
* looks like a continuation of a message.
|
|
|
|
|
* (If it is reassembled data, it shouldn't be a continuation,
|
|
|
|
|
* as reassembly should've gathered the continuations together
|
|
|
|
|
* into a message.)
|
|
|
|
|
*/
|
|
|
|
|
if (!tcpinfo->is_reassembled) {
|
|
|
|
|
if (max_data < 4) {
|
|
|
|
|
/*
|
|
|
|
|
* Not enough data for an NBSS header; assume
|
|
|
|
|
* it's a continuation of a message.
|
|
|
|
|
*
|
|
|
|
|
* XXX - if there's not enough data, we should
|
|
|
|
|
* attempt to reassemble the data, if the first byte
|
|
|
|
|
* is a valid message type.
|
|
|
|
|
*/
|
|
|
|
|
goto continuation;
|
|
|
|
|
}
|
1999-08-21 08:45:09 +00:00
|
|
|
|
2011-03-04 15:09:29 +00:00
|
|
|
/*
|
|
|
|
|
* The larged size in for non-SMB NBSS traffic is
|
|
|
|
|
* 17 bits (0x1FFFF).
|
|
|
|
|
*
|
|
|
|
|
* The SMB1 unix extensions and the SMB2 multi credit
|
|
|
|
|
* feature allow more than 17 bits (0x1FFFF), they allow
|
|
|
|
|
* 24 bits (0xFFFFFF).
|
|
|
|
|
*
|
|
|
|
|
* So if it is a SESSION_MESSAGE and SMB1 or SMB2
|
|
|
|
|
* mark it as is_cifs.
|
|
|
|
|
*/
|
|
|
|
|
if (tvb_length_remaining(tvb, offset) >=8
|
|
|
|
|
&& tvb_get_guint8(tvb,offset+0) == SESSION_MESSAGE
|
|
|
|
|
&& tvb_get_guint8(tvb,offset+5) == 'S'
|
|
|
|
|
&& tvb_get_guint8(tvb,offset+6) == 'M'
|
|
|
|
|
&& tvb_get_guint8(tvb,offset+7) == 'B') {
|
|
|
|
|
is_cifs = TRUE;
|
|
|
|
|
} else {
|
|
|
|
|
is_cifs = FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
/*
|
|
|
|
|
* We have enough data for an NBSS header.
|
|
|
|
|
* Get the flags and length of the message,
|
|
|
|
|
* and see if they're sane.
|
|
|
|
|
*/
|
|
|
|
|
if (is_cifs) {
|
|
|
|
|
flags = 0;
|
|
|
|
|
length = tvb_get_ntoh24(tvb, offset + 1);
|
|
|
|
|
} else {
|
|
|
|
|
flags = tvb_get_guint8(tvb, offset + 1);
|
|
|
|
|
length = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
|
if (flags & NBSS_FLAGS_E)
|
2011-03-04 15:09:29 +00:00
|
|
|
length += 0x10000;
|
2001-09-30 23:14:43 +00:00
|
|
|
}
|
|
|
|
|
if ((flags & (~NBSS_FLAGS_E)) != 0) {
|
|
|
|
|
/*
|
|
|
|
|
* A bogus flag was set; assume it's a continuation.
|
|
|
|
|
*/
|
|
|
|
|
goto continuation;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (msg_type) {
|
|
|
|
|
|
|
|
|
|
case SESSION_MESSAGE:
|
|
|
|
|
/*
|
|
|
|
|
* This is variable-length.
|
|
|
|
|
* All we know is that it shouldn't be zero.
|
|
|
|
|
* (XXX - can we get zero-length messages?
|
|
|
|
|
* Not with SMB, but perhaps other NetBIOS-based
|
|
|
|
|
* protocols have them.)
|
|
|
|
|
*/
|
|
|
|
|
if (length == 0)
|
|
|
|
|
goto continuation;
|
2010-07-06 04:32:21 +00:00
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
break;
|
1999-08-21 08:45:09 +00:00
|
|
|
|
2001-09-30 23:14:43 +00:00
|
|
|
case SESSION_REQUEST:
|
|
|
|
|
/*
|
|
|
|
|
* This is variable-length.
|
|
|
|
|
* The names are DNS-encoded 32-byte values;
|
|
|
|
|
* we need at least 2 bytes (one for each name;
|
|
|
|
|
* actually, we should have more for the first
|
|
|
|
|
* name, as there's no name preceding it so
|
|
|
|
|
* there should be no compression), and we
|
|
|
|
|
* shouldn't have more than 128 bytes (actually,
|
|
|
|
|
* we shouldn't have that many).
|
2001-10-12 01:41:03 +00:00
|
|
|
*
|
2010-05-25 00:35:44 +00:00
|
|
|
* XXX - actually, Mac OS X 10.1 (yes, that's
|
2001-10-12 01:41:03 +00:00
|
|
|
* redundant, but that's what Apple calls it,
|
2010-05-25 00:35:44 +00:00
|
|
|
* not Mac OS X.1) puts names longer than 16
|
2001-10-12 01:41:03 +00:00
|
|
|
* characters into session request messages,
|
|
|
|
|
* so we can have more than 32 bytes of
|
|
|
|
|
* name value, so we can have more than 128
|
|
|
|
|
* bytes of data.
|
2001-09-30 23:14:43 +00:00
|
|
|
*/
|
2001-10-12 01:41:03 +00:00
|
|
|
if (length < 2 || length > 256)
|
2001-09-30 23:14:43 +00:00
|
|
|
goto continuation;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case POSITIVE_SESSION_RESPONSE:
|
|
|
|
|
/*
|
|
|
|
|
* This has no data, so the length must be zero.
|
|
|
|
|
*/
|
|
|
|
|
if (length != 0)
|
|
|
|
|
goto continuation;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case NEGATIVE_SESSION_RESPONSE:
|
|
|
|
|
/*
|
|
|
|
|
* This has 1 byte of data.
|
|
|
|
|
*/
|
|
|
|
|
if (length != 1)
|
|
|
|
|
goto continuation;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case RETARGET_SESSION_RESPONSE:
|
|
|
|
|
/*
|
|
|
|
|
* This has 6 bytes of data.
|
|
|
|
|
*/
|
|
|
|
|
if (length != 6)
|
|
|
|
|
goto continuation;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case SESSION_KEEP_ALIVE:
|
|
|
|
|
/*
|
|
|
|
|
* This has no data, so the length must be zero.
|
|
|
|
|
*/
|
|
|
|
|
if (length != 0)
|
|
|
|
|
goto continuation;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
/*
|
|
|
|
|
* Unknown message type; assume it's a continuation.
|
|
|
|
|
*/
|
|
|
|
|
goto continuation;
|
|
|
|
|
}
|
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2010-10-08 17:48:22 +00:00
|
|
|
col_add_str(pinfo->cinfo, COL_INFO,
|
2001-09-30 23:14:43 +00:00
|
|
|
val_to_str(msg_type, message_types, "Unknown (%02x)"));
|
1999-04-30 03:16:03 +00:00
|
|
|
|
2002-05-01 08:34:04 +00:00
|
|
|
while (tvb_reported_length_remaining(tvb, offset) > 0) {
|
|
|
|
|
len = dissect_nbss_packet(tvb, offset, pinfo, tree, is_cifs);
|
2002-02-28 23:09:03 +00:00
|
|
|
if (len < 0) {
|
|
|
|
|
/*
|
|
|
|
|
* We need more data to dissect this, and
|
|
|
|
|
* desegmentation is enabled. "-len" is the
|
|
|
|
|
* number of additional bytes of data we need.
|
|
|
|
|
*
|
|
|
|
|
* Tell the TCP dissector where the data for this
|
|
|
|
|
* message starts in the data it handed us, and
|
|
|
|
|
* how many more bytes we need, and return.
|
|
|
|
|
*/
|
|
|
|
|
pinfo->desegment_offset = offset;
|
|
|
|
|
pinfo->desegment_len = -len;
|
|
|
|
|
return;
|
|
|
|
|
}
|
1999-08-18 00:57:54 +00:00
|
|
|
offset += len;
|
1999-04-30 03:16:03 +00:00
|
|
|
}
|
2001-09-30 23:14:43 +00:00
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
continuation:
|
|
|
|
|
/*
|
|
|
|
|
* It looks like a continuation.
|
|
|
|
|
*/
|
2009-08-09 07:01:26 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "NBSS Continuation Message");
|
2001-09-30 23:14:43 +00:00
|
|
|
|
|
|
|
|
if (tree) {
|
2011-10-21 02:10:19 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_nbss, tvb, 0, -1, ENC_NA);
|
2001-09-30 23:14:43 +00:00
|
|
|
nbss_tree = proto_item_add_subtree(ti, ett_nbss);
|
2002-05-01 08:34:04 +00:00
|
|
|
proto_tree_add_text(nbss_tree, tvb, 0, -1, "Continuation data");
|
2001-09-30 23:14:43 +00:00
|
|
|
}
|
1999-04-30 03:16:03 +00:00
|
|
|
}
|
1999-07-29 05:47:07 +00:00
|
|
|
|
|
|
|
|
void
|
|
|
|
|
proto_register_nbt(void)
|
|
|
|
|
{
|
1999-10-17 12:53:01 +00:00
|
|
|
|
|
|
|
|
static hf_register_info hf_nbns[] = {
|
2002-05-15 07:24:20 +00:00
|
|
|
{ &hf_nbns_flags,
|
|
|
|
|
{ "Flags", "nbns.flags",
|
|
|
|
|
FT_UINT16, BASE_HEX, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
2002-05-15 07:24:20 +00:00
|
|
|
{ &hf_nbns_flags_response,
|
|
|
|
|
{ "Response", "nbns.flags.response",
|
|
|
|
|
FT_BOOLEAN, 16, TFS(&tfs_flags_response), F_RESPONSE,
|
|
|
|
|
"Is the message a response?", HFILL }},
|
|
|
|
|
{ &hf_nbns_flags_opcode,
|
|
|
|
|
{ "Opcode", "nbns.flags.opcode",
|
|
|
|
|
FT_UINT16, BASE_DEC, VALS(opcode_vals), F_OPCODE,
|
|
|
|
|
"Operation code", HFILL }},
|
|
|
|
|
{ &hf_nbns_flags_authoritative,
|
|
|
|
|
{ "Authoritative", "nbns.flags.authoritative",
|
|
|
|
|
FT_BOOLEAN, 16, TFS(&tfs_flags_authoritative), F_AUTHORITATIVE,
|
|
|
|
|
"Is the server is an authority for the domain?", HFILL }},
|
|
|
|
|
{ &hf_nbns_flags_truncated,
|
|
|
|
|
{ "Truncated", "nbns.flags.truncated",
|
|
|
|
|
FT_BOOLEAN, 16, TFS(&tfs_flags_truncated), F_TRUNCATED,
|
|
|
|
|
"Is the message truncated?", HFILL }},
|
|
|
|
|
{ &hf_nbns_flags_recdesired,
|
|
|
|
|
{ "Recursion desired", "nbns.flags.recdesired",
|
|
|
|
|
FT_BOOLEAN, 16, TFS(&tfs_flags_recdesired), F_RECDESIRED,
|
|
|
|
|
"Do query recursively?", HFILL }},
|
|
|
|
|
{ &hf_nbns_flags_recavail,
|
|
|
|
|
{ "Recursion available", "nbns.flags.recavail",
|
|
|
|
|
FT_BOOLEAN, 16, TFS(&tfs_flags_recavail), F_RECAVAIL,
|
|
|
|
|
"Can the server do recursive queries?", HFILL }},
|
|
|
|
|
{ &hf_nbns_flags_broadcast,
|
|
|
|
|
{ "Broadcast", "nbns.flags.broadcast",
|
|
|
|
|
FT_BOOLEAN, 16, TFS(&tfs_flags_broadcast), F_BROADCAST,
|
|
|
|
|
"Is this a broadcast packet?", HFILL }},
|
|
|
|
|
{ &hf_nbns_flags_rcode,
|
|
|
|
|
{ "Reply code", "nbns.flags.rcode",
|
|
|
|
|
FT_UINT16, BASE_DEC, VALS(rcode_vals), F_RCODE,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbns_transaction_id,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Transaction ID", "nbns.id",
|
1999-10-17 12:53:01 +00:00
|
|
|
FT_UINT16, BASE_HEX, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Identification of transaction", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbns_count_questions,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Questions", "nbns.count.queries",
|
1999-10-17 12:53:01 +00:00
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Number of queries in packet", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbns_count_answers,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Answer RRs", "nbns.count.answers",
|
1999-10-17 12:53:01 +00:00
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Number of answers in packet", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbns_count_auth_rr,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Authority RRs", "nbns.count.auth_rr",
|
1999-10-17 12:53:01 +00:00
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Number of authoritative records in packet", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbns_count_add_rr,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Additional RRs", "nbns.count.add_rr",
|
1999-10-17 12:53:01 +00:00
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Number of additional records in packet", HFILL }}
|
1999-10-17 12:53:01 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static hf_register_info hf_nbdgm[] = {
|
|
|
|
|
{ &hf_nbdgm_type,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Message Type", "nbdgm.type",
|
2001-08-05 10:00:35 +00:00
|
|
|
FT_UINT8, BASE_DEC, VALS(nbds_msgtype_vals), 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"NBDGM message type", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbdgm_fragment,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "More fragments follow", "nbdgm.next",
|
2009-04-07 12:20:41 +00:00
|
|
|
FT_BOOLEAN, BASE_NONE, TFS(&tfs_yes_no), 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"TRUE if more fragments follow", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbdgm_first,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "This is first fragment", "nbdgm.first",
|
2009-04-07 12:20:41 +00:00
|
|
|
FT_BOOLEAN, BASE_NONE, TFS(&tfs_yes_no), 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"TRUE if first fragment", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbdgm_node_type,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Node Type", "nbdgm.node_type",
|
2001-08-05 10:00:35 +00:00
|
|
|
FT_UINT8, BASE_DEC, VALS(node_type_vals), 0x0,
|
2010-09-23 21:46:31 +00:00
|
|
|
NULL, HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbdgm_datagram_id,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Datagram ID", "nbdgm.dgram_id",
|
1999-10-17 12:53:01 +00:00
|
|
|
FT_UINT16, BASE_HEX, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Datagram identifier", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbdgm_src_ip,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Source IP", "nbdgm.src.ip",
|
1999-10-17 12:53:01 +00:00
|
|
|
FT_IPv4, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Source IPv4 address", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbdgm_src_port,
|
|
|
|
|
{ "Source Port", "nbdgm.src.port",
|
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x0,
|
2010-09-23 21:46:31 +00:00
|
|
|
NULL, HFILL }}
|
1999-10-17 12:53:01 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static hf_register_info hf_nbss[] = {
|
|
|
|
|
{ &hf_nbss_type,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Message Type", "nbss.type",
|
2011-01-26 20:29:44 +00:00
|
|
|
FT_UINT8, BASE_HEX, VALS(message_types), 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"NBSS message type", HFILL }},
|
1999-10-17 12:53:01 +00:00
|
|
|
{ &hf_nbss_flags,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Flags", "nbss.flags",
|
1999-10-17 12:53:01 +00:00
|
|
|
FT_UINT8, BASE_HEX, NULL, 0x0,
|
2009-11-20 13:57:26 +00:00
|
|
|
"NBSS message flags", HFILL }},
|
|
|
|
|
{ &hf_nbss_length,
|
|
|
|
|
{ "Length", "nbss.length",
|
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x0,
|
2011-01-26 20:29:44 +00:00
|
|
|
"Length of trailer (payload) following this field in bytes", HFILL }},
|
2009-11-20 13:57:26 +00:00
|
|
|
{ &hf_nbss_cifs_length,
|
|
|
|
|
{ "Length", "nbss.length",
|
|
|
|
|
FT_UINT24, BASE_DEC, NULL, 0x0,
|
2011-01-26 20:29:44 +00:00
|
|
|
"Length trailer (payload) following this field in bytes", HFILL }}
|
1999-10-17 12:53:01 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
|
&ett_nbns,
|
|
|
|
|
&ett_nbns_qd,
|
|
|
|
|
&ett_nbns_flags,
|
|
|
|
|
&ett_nbns_nb_flags,
|
|
|
|
|
&ett_nbns_name_flags,
|
|
|
|
|
&ett_nbns_rr,
|
|
|
|
|
&ett_nbns_qry,
|
|
|
|
|
&ett_nbns_ans,
|
|
|
|
|
&ett_nbdgm,
|
|
|
|
|
&ett_nbss,
|
|
|
|
|
&ett_nbss_flags,
|
|
|
|
|
};
|
2001-09-13 07:56:53 +00:00
|
|
|
module_t *nbss_module;
|
1999-10-17 12:53:01 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_nbns = proto_register_protocol("NetBIOS Name Service", "NBNS", "nbns");
|
1999-10-17 12:53:01 +00:00
|
|
|
proto_register_field_array(proto_nbns, hf_nbns, array_length(hf_nbns));
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_nbdgm = proto_register_protocol("NetBIOS Datagram Service",
|
|
|
|
|
"NBDS", "nbdgm");
|
1999-10-17 12:53:01 +00:00
|
|
|
proto_register_field_array(proto_nbdgm, hf_nbdgm, array_length(hf_nbdgm));
|
|
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_nbss = proto_register_protocol("NetBIOS Session Service",
|
|
|
|
|
"NBSS", "nbss");
|
1999-10-17 12:53:01 +00:00
|
|
|
proto_register_field_array(proto_nbss, hf_nbss, array_length(hf_nbss));
|
|
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2001-09-13 07:56:53 +00:00
|
|
|
|
|
|
|
|
nbss_module = prefs_register_protocol(proto_nbss, NULL);
|
|
|
|
|
prefs_register_bool_preference(nbss_module, "desegment_nbss_commands",
|
2004-08-21 09:02:52 +00:00
|
|
|
"Reassemble NBSS packets spanning multiple TCP segments",
|
|
|
|
|
"Whether the NBSS dissector should reassemble packets spanning multiple TCP segments."
|
|
|
|
|
" To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
|
2001-09-13 07:56:53 +00:00
|
|
|
&nbss_desegment);
|
1999-07-29 05:47:07 +00:00
|
|
|
}
|
2000-04-08 07:07:42 +00:00
|
|
|
|
|
|
|
|
void
|
|
|
|
|
proto_reg_handoff_nbt(void)
|
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t nbns_handle, nbdgm_handle, nbss_handle;
|
|
|
|
|
|
|
|
|
|
nbns_handle = create_dissector_handle(dissect_nbns, proto_nbns);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("udp.port", UDP_PORT_NBNS, nbns_handle);
|
2001-12-03 04:00:26 +00:00
|
|
|
nbdgm_handle = create_dissector_handle(dissect_nbdgm, proto_nbdgm);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("udp.port", UDP_PORT_NBDGM, nbdgm_handle);
|
2001-12-03 04:00:26 +00:00
|
|
|
nbss_handle = create_dissector_handle(dissect_nbss, proto_nbss);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("tcp.port", TCP_PORT_NBSS, nbss_handle);
|
|
|
|
|
dissector_add_uint("tcp.port", TCP_PORT_CIFS, nbss_handle);
|
2000-04-08 07:07:42 +00:00
|
|
|
}
|