2000-08-20 19:40:47 +00:00
|
|
|
/* packet-msproxy.c
|
2000-04-20 02:18:53 +00:00
|
|
|
* Routines for Microsoft Proxy packet dissection
|
|
|
|
* Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2000-04-20 02:18:53 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2000-04-20 02:18:53 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-04-20 02:18:53 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-04-20 02:18:53 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-04-20 02:18:53 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*
|
2002-08-28 21:04:11 +00:00
|
|
|
* This was derived from the dante socks implementation source code.
|
2000-04-20 02:18:53 +00:00
|
|
|
* Most of the information came from common.h and msproxy_clientprotocol.c
|
|
|
|
*
|
2002-08-28 21:04:11 +00:00
|
|
|
* See http://www.inet.no/dante for more information
|
2000-04-20 02:18:53 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/************************************************************************
|
|
|
|
* *
|
|
|
|
* Notes: These are possible command values. User input is welcome *
|
|
|
|
* *
|
|
|
|
* Command = 0x040a - Remote host closed connection (maybe ?? ) *
|
|
|
|
* Command = 0x0411 - Remote host closed connection *
|
|
|
|
* Command = 0x0413 - Local host closed connection or SYN worked *
|
|
|
|
* *
|
|
|
|
************************************************************************/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <glib.h>
|
2000-08-11 13:37:21 +00:00
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2004-08-06 19:57:49 +00:00
|
|
|
#include <epan/addr_resolv.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/conversation.h>
|
2005-08-12 09:56:28 +00:00
|
|
|
#include <epan/emem.h>
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
#include "packet-tcp.h"
|
|
|
|
#include "packet-udp.h"
|
|
|
|
|
|
|
|
extern void udp_hash_add(guint16 proto,
|
2002-08-02 23:36:07 +00:00
|
|
|
void (*dissect)(const guchar *, int, frame_data *, proto_tree *));
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
static int proto_msproxy = -1;
|
|
|
|
|
|
|
|
static int ett_msproxy = -1;
|
|
|
|
static int ett_msproxy_name = -1;
|
|
|
|
|
|
|
|
static int hf_msproxy_cmd = -1;
|
|
|
|
static int hf_msproxy_clntport = -1;
|
|
|
|
|
|
|
|
static int hf_msproxy_dstaddr = -1;
|
|
|
|
|
|
|
|
static int hf_msproxy_srcport = -1;
|
|
|
|
static int hf_msproxy_dstport = -1;
|
|
|
|
static int hf_msproxy_serverport = -1;
|
|
|
|
static int hf_msproxy_serveraddr = -1;
|
|
|
|
static int hf_msproxy_bindport = -1;
|
|
|
|
static int hf_msproxy_bindaddr = -1;
|
|
|
|
static int hf_msproxy_boundport = -1;
|
|
|
|
static int hf_msproxy_bind_id = -1;
|
|
|
|
static int hf_msproxy_resolvaddr = -1;
|
|
|
|
|
|
|
|
static int hf_msproxy_server_int_addr = -1;
|
|
|
|
static int hf_msproxy_server_int_port = -1;
|
|
|
|
static int hf_msproxy_server_ext_addr = -1;
|
|
|
|
static int hf_msproxy_server_ext_port = -1;
|
|
|
|
|
2001-11-27 07:13:32 +00:00
|
|
|
static dissector_handle_t msproxy_sub_handle;
|
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
#define UDP_PORT_MSPROXY 1745
|
|
|
|
|
|
|
|
#define N_MSPROXY_HELLO 0x05 /* packet 1 from client */
|
|
|
|
#define N_MSPROXY_ACK 0x10 /* packet 1 from server */
|
|
|
|
#define N_MSPROXY_USERINFO_ACK 0x04 /* packet 2 from server */
|
|
|
|
#define N_MSPROXY_AUTH 0x47 /* packet 3 from client */
|
|
|
|
#define N_MSPROXY_RESOLVE 0x07 /* Resolve request */
|
|
|
|
|
|
|
|
|
|
|
|
/*$$$ 0x0500 was dante value, I see 0x05ff and 0x0500 */
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_HELLO 0x0500
|
|
|
|
#define MSPROXY_HELLO_2 0x05ff
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_HELLO_ACK 0x1000
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_USERINFO 0x1000
|
|
|
|
#define MSPROXY_USERINFO_ACK 0x0400
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_AUTH 0x4700
|
2000-04-20 02:18:53 +00:00
|
|
|
#define MSPROXY_AUTH_1_ACK 0x4714
|
|
|
|
#define MSPROXY_AUTH_2 0x4701
|
|
|
|
#define MSPROXY_AUTH_2_ACK 0x4715
|
|
|
|
#define MSPROXY_AUTH_2_ACK2 0x4716
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_RESOLVE 0x070d
|
2000-04-20 02:18:53 +00:00
|
|
|
#define MSPROXY_RESOLVE_ACK 0x070f
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_BIND 0x0704
|
|
|
|
#define MSPROXY_BIND_ACK 0x0706
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
#define MSPROXY_TCP_BIND 0x0707
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_TCP_BIND_ACK 0x0708
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_LISTEN 0x0406
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
#define MSPROXY_BINDINFO 0x0709
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_BINDINFO_ACK 0x070a
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_CONNECT 0x071e
|
|
|
|
#define MSPROXY_CONNECT_ACK 0x0703
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_UDPASSOCIATE 0x0705
|
|
|
|
#define MSPROXY_UDPASSOCIATE_ACK 0x0706
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
#define MSPROXY_UDP_BIND_REQ 0x070b
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_CONNECTED 0x042c
|
|
|
|
#define MSPROXY_SESSIONEND 0x251e
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
#define MSPROXY_BIND_AUTHFAILED 0x0804
|
|
|
|
#define MSPROXY_CONNECT_AUTHFAILED 0x081e
|
2000-04-20 02:18:53 +00:00
|
|
|
#define MSPROXY_CONNREFUSED 0x4 /* low 12 bits seem to vary. */
|
|
|
|
|
|
|
|
#define FROM_SERVER 1 /* direction of packet data for get_msproxy_cmd_name */
|
|
|
|
#define FROM_CLIENT 0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*$$$ should this be the same as redirect_entry_t ?? */
|
|
|
|
/* then the add_conversation could just copy the structure */
|
|
|
|
/* using the same allocation (instance for you object guys) */
|
|
|
|
/* wouldn't work because there may be multiple child conversations */
|
|
|
|
/* from the same MSProxy conversation */
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
guint32 dst_addr;
|
|
|
|
guint32 clnt_port;
|
|
|
|
guint32 dst_port;
|
|
|
|
guint32 server_int_port;
|
|
|
|
int proto;
|
|
|
|
}hash_entry_t;
|
|
|
|
|
|
|
|
|
|
|
|
/************** conversation hash stuff ***************/
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
guint32 remote_addr;
|
|
|
|
guint32 clnt_port;
|
|
|
|
guint32 server_int_port;
|
|
|
|
guint32 remote_port;
|
|
|
|
int proto;
|
|
|
|
}redirect_entry_t;
|
|
|
|
|
|
|
|
|
|
|
|
/************** negotiated conversation hash stuff ***************/
|
|
|
|
|
|
|
|
|
|
|
|
static guint32 last_row= 0; /* used to see if packet is new */
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void msproxy_sub_dissector( tvbuff_t *tvb, packet_info *pinfo,
|
2000-04-20 02:18:53 +00:00
|
|
|
proto_tree *tree) {
|
|
|
|
|
|
|
|
/* Conversation dissector called from TCP or UDP dissector. Decode and */
|
2001-11-27 07:13:32 +00:00
|
|
|
/* display the msproxy header, the pass the rest of the data to the tcp */
|
2000-04-20 02:18:53 +00:00
|
|
|
/* or udp port decode routine to handle the payload. */
|
|
|
|
|
|
|
|
guint32 *ptr;
|
|
|
|
redirect_entry_t *redirect_info;
|
|
|
|
conversation_t *conversation;
|
|
|
|
proto_tree *msp_tree;
|
|
|
|
proto_item *ti;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = find_conversation( pinfo->fd->num, &pinfo->src, &pinfo->dst,
|
2001-03-22 08:39:08 +00:00
|
|
|
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2005-06-10 18:28:22 +00:00
|
|
|
DISSECTOR_ASSERT( conversation); /* should always find a conversation */
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-09-03 10:33:12 +00:00
|
|
|
redirect_info = conversation_get_proto_data(conversation,
|
|
|
|
proto_msproxy);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MS Proxy");
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_set_str(pinfo->cinfo, COL_INFO,
|
2000-04-20 02:18:53 +00:00
|
|
|
(( redirect_info->proto == PT_TCP) ? "TCP stream" :
|
|
|
|
"UDP packets"));
|
|
|
|
|
|
|
|
if ( tree) {
|
2001-03-22 08:39:08 +00:00
|
|
|
ti = proto_tree_add_item( tree, proto_msproxy, tvb, 0, 0,
|
2000-05-31 05:09:07 +00:00
|
|
|
FALSE );
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
msp_tree = proto_item_add_subtree(ti, ett_msproxy);
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_uint( msp_tree, hf_msproxy_dstport, tvb, 0, 0,
|
|
|
|
redirect_info->remote_port);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_ipv4( msp_tree, hf_msproxy_dstaddr, tvb, 0, 0,
|
2000-04-20 02:18:53 +00:00
|
|
|
redirect_info->remote_addr);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
/* set pinfo->{src/dst port} and call the UDP sub-dissector lookup */
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
if ( pinfo->srcport == redirect_info->clnt_port)
|
2001-03-22 08:39:08 +00:00
|
|
|
ptr = &pinfo->destport;
|
2000-04-20 02:18:53 +00:00
|
|
|
else
|
2001-03-22 08:39:08 +00:00
|
|
|
ptr = &pinfo->srcport;
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
*ptr = redirect_info->remote_port;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
if ( redirect_info->proto == PT_TCP)
|
2001-03-22 08:39:08 +00:00
|
|
|
decode_tcp_ports( tvb, 0, pinfo, tree, pinfo->srcport,
|
2006-03-02 09:33:49 +00:00
|
|
|
pinfo->destport, NULL);
|
2000-04-20 02:18:53 +00:00
|
|
|
else
|
2001-03-22 08:39:08 +00:00
|
|
|
decode_udp_ports( tvb, 0, pinfo, tree, pinfo->srcport,
|
2004-01-22 20:43:17 +00:00
|
|
|
pinfo->destport, -1);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
*ptr = redirect_info->server_int_port;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void add_msproxy_conversation( packet_info *pinfo,
|
|
|
|
hash_entry_t *hash_info){
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* check to see if a conversation already exists, if it does assume */
|
|
|
|
/* it's our conversation and quit. Otherwise create a new conversation. */
|
|
|
|
/* Load the conversation dissector to our dissector and load the */
|
|
|
|
/* conversation data structure with the info needed to call the TCP or */
|
|
|
|
/* UDP port decoder. */
|
|
|
|
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
/* NOTE: Currently this assume that the conversation will be created */
|
2001-03-22 08:39:08 +00:00
|
|
|
/* during a packet from the server. If that changes, pinfo->src */
|
|
|
|
/* and pinfo->dst will not be correct and this routine will have */
|
|
|
|
/* to change. */
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-09-03 10:33:12 +00:00
|
|
|
conversation_t *conversation;
|
2000-04-20 02:18:53 +00:00
|
|
|
redirect_entry_t *new_conv_info;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-09-03 10:33:12 +00:00
|
|
|
if (pinfo->fd->flags.visited) {
|
|
|
|
/*
|
|
|
|
* We've already processed this frame once, so we
|
|
|
|
* should already have done this.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = find_conversation( pinfo->fd->num, &pinfo->src,
|
2001-03-22 08:39:08 +00:00
|
|
|
&pinfo->dst, hash_info->proto, hash_info->server_int_port,
|
2000-10-21 05:52:28 +00:00
|
|
|
hash_info->clnt_port, 0);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-09-03 10:33:12 +00:00
|
|
|
if ( !conversation) {
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = conversation_new( pinfo->fd->num, &pinfo->src, &pinfo->dst,
|
2001-09-03 10:33:12 +00:00
|
|
|
hash_info->proto, hash_info->server_int_port,
|
|
|
|
hash_info->clnt_port, 0);
|
|
|
|
}
|
2001-11-27 07:13:32 +00:00
|
|
|
conversation_set_dissector(conversation, msproxy_sub_handle);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2005-08-12 09:56:28 +00:00
|
|
|
new_conv_info = se_alloc(sizeof(redirect_entry_t));
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
new_conv_info->remote_addr = hash_info->dst_addr;
|
|
|
|
new_conv_info->clnt_port = hash_info->clnt_port;
|
|
|
|
new_conv_info->remote_port = hash_info->dst_port;
|
|
|
|
new_conv_info->server_int_port = hash_info->server_int_port;
|
|
|
|
new_conv_info->proto = hash_info->proto;
|
2001-09-03 10:33:12 +00:00
|
|
|
|
|
|
|
conversation_add_proto_data(conversation, proto_msproxy,
|
|
|
|
new_conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static int display_application_name(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree) {
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
/* display the application name in the proto tree. */
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/* NOTE: this routine assumes that the tree pointer is valid (not NULL) */
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
int length;
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
length = tvb_strnlen( tvb, offset, 255);
|
|
|
|
proto_tree_add_text( tree, tvb, offset, length, "Application: %.*s",
|
|
|
|
length, tvb_get_ptr( tvb, offset, length));
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
return length;
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2005-07-30 16:34:38 +00:00
|
|
|
static const char *get_msproxy_cmd_name( int cmd, int direction) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* return the command name string for cmd */
|
|
|
|
|
|
|
|
switch (cmd){
|
|
|
|
case MSPROXY_HELLO_2:
|
2002-08-28 21:04:11 +00:00
|
|
|
case MSPROXY_HELLO: return "Hello";
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* MSPROXY_HELLO_ACK & MSPROXY_USERINFO have the same value (0x1000). */
|
|
|
|
/* So use the direction flag to determine which to use. */
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
case MSPROXY_USERINFO:
|
2000-04-20 02:18:53 +00:00
|
|
|
if ( direction == FROM_SERVER)
|
|
|
|
return "Hello Acknowledge";
|
|
|
|
else
|
|
|
|
return "User Info";
|
|
|
|
case MSPROXY_USERINFO_ACK: return "User Info Acknowledge";
|
|
|
|
case MSPROXY_AUTH: return "Authentication";
|
|
|
|
case MSPROXY_AUTH_1_ACK: return "Authentication Acknowledge";
|
|
|
|
case MSPROXY_AUTH_2: return "Authentication 2";
|
|
|
|
case MSPROXY_AUTH_2_ACK: return "Authentication 2 Acknowledge";
|
|
|
|
case MSPROXY_RESOLVE: return "Resolve";
|
|
|
|
case MSPROXY_RESOLVE_ACK: return "Resolve Acknowledge";
|
|
|
|
case MSPROXY_BIND: return "Bind";
|
|
|
|
case MSPROXY_TCP_BIND: return "TCP Bind";
|
|
|
|
case MSPROXY_TCP_BIND_ACK: return "TCP Bind Acknowledge";
|
|
|
|
case MSPROXY_LISTEN: return "Listen";
|
|
|
|
case MSPROXY_BINDINFO: return "Bind Info";
|
|
|
|
case MSPROXY_BINDINFO_ACK: return "Bind Info Acknowledge";
|
|
|
|
case MSPROXY_CONNECT: return "Connect";
|
|
|
|
case MSPROXY_CONNECT_ACK: return "Connect Acknowledge";
|
|
|
|
case MSPROXY_UDPASSOCIATE: return "UDP Associate";
|
|
|
|
case MSPROXY_UDP_BIND_REQ: return "UDP Bind";
|
|
|
|
case MSPROXY_UDPASSOCIATE_ACK: return "Bind or Associate Acknowledge";
|
|
|
|
case MSPROXY_CONNECTED: return "Connected";
|
|
|
|
case MSPROXY_SESSIONEND: return "Session End";
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
default: return "Unknown";
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
static void dissect_user_info_2(tvbuff_t *tvb, int offset,
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the user, application, computer name */
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
int length;
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
if ( tree) {
|
|
|
|
length = tvb_strnlen( tvb, offset, 255);
|
|
|
|
if (length == -1)
|
|
|
|
return;
|
|
|
|
proto_tree_add_text( tree, tvb, offset, length + 1,
|
|
|
|
"User name: %.*s", length,
|
|
|
|
tvb_get_ptr( tvb, offset, length));
|
|
|
|
offset += length + 2;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
length = tvb_strnlen( tvb, offset, 255);
|
|
|
|
if (length == -1)
|
|
|
|
return;
|
|
|
|
proto_tree_add_text( tree, tvb, offset, length + 1,
|
|
|
|
"Application name: %.*s", length,
|
|
|
|
tvb_get_ptr( tvb, offset, length));
|
|
|
|
offset += length + 1;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
length = tvb_strnlen( tvb, offset, 255);
|
|
|
|
if (length == -1)
|
|
|
|
return;
|
|
|
|
proto_tree_add_text( tree, tvb, offset, length + 1,
|
|
|
|
"Client computer name: %.*s", length,
|
|
|
|
tvb_get_ptr( tvb, offset, length));
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_msproxy_request_1(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the request _1 structure */
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
offset += 182;
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_user_info_2( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
static void dissect_bind(tvbuff_t *tvb, int offset,
|
2000-04-20 02:18:53 +00:00
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
|
|
|
|
|
|
|
/* decode the bind request */
|
|
|
|
|
|
|
|
offset += 18;
|
|
|
|
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_bindaddr, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_bindport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 6;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_clntport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
conv_info->clnt_port = tvb_get_ntohs( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 6;
|
|
|
|
|
|
|
|
if ( tree){
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_boundport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 82;
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_auth(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the authorization request */
|
|
|
|
|
|
|
|
if ( tree) {
|
|
|
|
offset += 134;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 7, "NTLMSSP signature: %.7s",
|
|
|
|
tvb_get_ptr( tvb, offset, 7));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 7;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_tcp_bind(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the bind packet. Set the protocol type in the conversation */
|
|
|
|
/* information so the bind_info can use it to create the payload */
|
|
|
|
/* dissector. */
|
|
|
|
|
|
|
|
|
|
|
|
conv_info->proto = PT_TCP;
|
|
|
|
|
|
|
|
if ( tree) {
|
|
|
|
offset += 6;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 16;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_boundport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 96;
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_request_connect(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the connect request, display */
|
|
|
|
|
|
|
|
conv_info->proto = PT_TCP;
|
|
|
|
|
|
|
|
offset += 20;
|
|
|
|
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
conv_info->dst_port = tvb_get_ntohs( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4,
|
|
|
|
FALSE);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2005-09-11 21:25:37 +00:00
|
|
|
conv_info->dst_addr = tvb_get_ipv4( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 12;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
conv_info->clnt_port = tvb_get_ntohs( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
if ( tree){
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_uint( tree, hf_msproxy_clntport, tvb, offset, 2,
|
|
|
|
conv_info->clnt_port);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 84;
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
static void dissect_bind_info_ack(tvbuff_t *tvb, int offset, proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the client bind info ack */
|
|
|
|
|
|
|
|
|
|
|
|
if ( tree){
|
|
|
|
offset += 6;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 14;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 12;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_int_port, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
|
|
|
|
offset, 4, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 78;
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_request_resolve(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* dissect the request resolve structure */
|
|
|
|
/* display a string with a length, characters encoding */
|
|
|
|
/* they are displayed under a tree with the name in Label variable */
|
|
|
|
/* return the length of the string and the length byte */
|
|
|
|
|
|
|
|
proto_tree *name_tree;
|
|
|
|
proto_item *ti;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
int length = tvb_get_guint8( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
if ( tree){
|
2001-03-22 08:39:08 +00:00
|
|
|
ti = proto_tree_add_text(tree, tvb, offset, length + 1,
|
|
|
|
"Host Name: %.*s", length,
|
|
|
|
tvb_get_ptr( tvb, offset + 18, length));
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
name_tree = proto_item_add_subtree(ti, ett_msproxy_name);
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( name_tree, tvb, offset, 1, "Length: %d",
|
|
|
|
length);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
++offset;
|
|
|
|
offset += 17;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( name_tree, tvb, offset, length, "String: %s",
|
|
|
|
tvb_get_ptr( tvb, offset, length));
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_udp_bind(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* Dissect the udp bind request. Load the protocol id (PT_UDP) and the */
|
|
|
|
/* remote address so bind_info can use it to create conversation */
|
|
|
|
/* dissector. */
|
|
|
|
|
|
|
|
conv_info->proto = PT_UDP;
|
|
|
|
|
|
|
|
|
|
|
|
offset += 8;
|
|
|
|
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 12;
|
|
|
|
|
|
|
|
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
if ( tree)
|
2002-04-02 01:28:14 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4,
|
2001-03-22 08:39:08 +00:00
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 96;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
if ( tree)
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_udp_assoc(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* dissect the udp associate request. And load client port into */
|
|
|
|
/* conversation data structure for later. */
|
|
|
|
|
|
|
|
|
|
|
|
offset += 28;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_clntport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
conv_info->clnt_port = tvb_get_ntohs( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 90;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
if ( tree)
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
static void dissect_msproxy_request(tvbuff_t *tvb,
|
2000-04-20 02:18:53 +00:00
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
int offset = 0;
|
2000-04-20 02:18:53 +00:00
|
|
|
int cmd;
|
|
|
|
|
|
|
|
if ( tree) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 4, "Client id: 0x%0x",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_letohl( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
|
|
|
proto_tree_add_text( tree, tvb, offset, 4, "Version: 0x%04x",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_letohl( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 4, "Server id: 0x%0x",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_letohl( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 1, "Server ack: %u",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_guint8( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 1, "Sequence Number: %u",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_guint8( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 8;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 4, "RWSP signature: %.4s",
|
|
|
|
tvb_get_ptr( tvb, offset, 4));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 12;
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2000-04-20 02:18:53 +00:00
|
|
|
else /* no tree */
|
|
|
|
offset += 36;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
cmd = tvb_get_ntohs( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_uint_format( tree, hf_msproxy_cmd, tvb, offset, 2,
|
2002-08-28 21:04:11 +00:00
|
|
|
cmd, "Command: 0x%02x (%s)", cmd,
|
2000-04-20 02:18:53 +00:00
|
|
|
get_msproxy_cmd_name( cmd, FROM_CLIENT));
|
|
|
|
|
|
|
|
offset += 2;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
switch (cmd){
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_AUTH:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_auth( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_BIND:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_bind( tvb, offset, tree, conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2001-03-22 08:39:08 +00:00
|
|
|
|
|
|
|
case MSPROXY_UDP_BIND_REQ:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_udp_bind( tvb, offset, tree, conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_AUTH_2: /*$$ this is probably wrong place for this */
|
|
|
|
case MSPROXY_TCP_BIND:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_tcp_bind( tvb, offset, tree, conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_RESOLVE:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_request_resolve( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_CONNECT:
|
|
|
|
case MSPROXY_LISTEN:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_request_connect( tvb, offset, tree,
|
2000-04-20 02:18:53 +00:00
|
|
|
conv_info);
|
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_BINDINFO_ACK:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_bind_info_ack( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case MSPROXY_HELLO:
|
|
|
|
case MSPROXY_HELLO_2:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_msproxy_request_1( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case MSPROXY_UDPASSOCIATE:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_udp_assoc( tvb, offset, tree, conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 0,
|
2000-04-20 02:18:53 +00:00
|
|
|
"Unhandled request command (report this, please)");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
static void dissect_hello_ack(tvbuff_t *tvb, int offset, proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the hello acknowledge packet */
|
|
|
|
|
|
|
|
offset += 60;
|
|
|
|
|
|
|
|
if ( tree) {
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_serverport, tvb, offset, 2,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_serveraddr, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-07-16 05:39:25 +00:00
|
|
|
/* XXX - implement me */
|
2003-05-23 05:06:49 +00:00
|
|
|
static void dissect_user_info_ack(tvbuff_t *tvb _U_, int offset,
|
|
|
|
proto_tree *tree _U_) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the response _2 structure */
|
|
|
|
|
|
|
|
offset += 18;
|
|
|
|
|
|
|
|
offset += 2;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
static void dissect_udpassociate_ack(tvbuff_t *tvb, int offset,
|
2002-05-01 08:17:09 +00:00
|
|
|
proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 6;
|
|
|
|
|
|
|
|
if ( tree) {
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 14;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
|
|
|
|
offset, 4, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 96;
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
static void dissect_auth_1_ack(tvbuff_t *tvb, int offset,
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 134;
|
|
|
|
if ( tree) {
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 7, "NTLMSSP signature: %.7s",
|
|
|
|
tvb_get_ptr( tvb, offset, 7));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 48;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
/* XXX - always 255? */
|
|
|
|
proto_tree_add_text( tree, tvb, offset, 255, "NT domain: %.255s",
|
|
|
|
tvb_get_ptr( tvb, offset, 255));
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-07-16 05:39:25 +00:00
|
|
|
/* XXX - implement me */
|
2003-05-23 05:06:49 +00:00
|
|
|
static void dissect_msproxy_response_4( tvbuff_t *tvb _U_, int offset,
|
|
|
|
proto_tree *tree _U_) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the response _4 structure */
|
|
|
|
|
|
|
|
offset += 134;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_connect_ack( tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2000-04-20 02:18:53 +00:00
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
|
|
|
|
|
|
|
/* decode the connect ack packet */
|
|
|
|
offset += 20;
|
|
|
|
|
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_int_port, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
conv_info->proto = PT_TCP;
|
2001-03-22 08:39:08 +00:00
|
|
|
conv_info->server_int_port = tvb_get_ntohs( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
if ( tree){
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_int_addr, tvb,
|
2001-04-09 15:54:17 +00:00
|
|
|
offset, 4, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 14;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
|
|
|
|
offset, 4, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 80;
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
add_msproxy_conversation( pinfo, conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
static void dissect_tcp_bind_ack( tvbuff_t *tvb, int offset, proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* decode the tcp bind */
|
|
|
|
|
|
|
|
if ( tree) {
|
|
|
|
offset += 6;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 16;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_uint( tree, hf_msproxy_server_int_port, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 6;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
|
|
|
|
offset, 4, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 88;
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_bind_info( tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2000-04-20 02:18:53 +00:00
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
|
|
|
|
|
|
|
/* decode the Bind info response from server */
|
|
|
|
|
|
|
|
offset += 6;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 14;
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
conv_info->dst_port = tvb_get_ntohs( tvb, offset);
|
2002-08-28 21:04:11 +00:00
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_uint( tree, hf_msproxy_dstport, tvb, offset, 2,
|
|
|
|
conv_info->dst_port);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2005-09-11 21:25:37 +00:00
|
|
|
conv_info->dst_addr = tvb_get_ipv4( tvb, offset);
|
2000-04-20 02:18:53 +00:00
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 12;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
conv_info->server_int_port = tvb_get_ntohs( tvb, offset);
|
2002-08-28 21:04:11 +00:00
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_uint( tree, hf_msproxy_server_int_port, tvb,
|
|
|
|
offset, 2, conv_info->server_int_port);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
if ( tree) {
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
|
|
|
|
offset, 2, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 2;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
|
|
|
|
offset, 4, FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 78;
|
2002-05-01 08:17:09 +00:00
|
|
|
display_application_name( tvb, offset, tree);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
add_msproxy_conversation( pinfo, conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2002-05-01 08:17:09 +00:00
|
|
|
static void dissect_resolve(tvbuff_t *tvb, int offset, proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
/* dissect the response resolve structure */
|
|
|
|
/* display a string with a length, characters encoding */
|
|
|
|
/* they are displayed under a tree with the name in Label variable */
|
|
|
|
/* return the length of the string and the length byte */
|
|
|
|
|
|
|
|
if ( tree) {
|
2001-03-22 06:55:58 +00:00
|
|
|
int addr_offset;
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
addr_offset = tvb_get_guint8( tvb, offset);
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 1, "Address offset: %d",
|
2000-04-20 02:18:53 +00:00
|
|
|
addr_offset);
|
|
|
|
|
|
|
|
++offset;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 13;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
offset += addr_offset;
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_item( tree, hf_msproxy_resolvaddr, tvb, offset, 4,
|
|
|
|
FALSE);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_msproxy_response(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
|
proto_tree *tree, hash_entry_t *conv_info) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
int offset = 0;
|
2000-04-20 02:18:53 +00:00
|
|
|
int cmd;
|
|
|
|
|
|
|
|
if ( tree) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 4, "Client id: 0x%0x",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_letohl( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 4, "Version: 0x%04x",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_letohl( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 4, "Server id: 0x%04x",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_letohl( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 1, "Client ack: 0x%02x",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_guint8( tvb, offset));
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 1, "Sequence Number: 0x%02x",
|
2001-03-22 08:39:08 +00:00
|
|
|
tvb_get_guint8( tvb, offset));
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
offset += 8;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 4, "RWSP signature: %.4s",
|
|
|
|
tvb_get_ptr( tvb, offset, 4));
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
offset += 12;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
offset += 36;
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
cmd = tvb_get_ntohs( tvb, offset);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_uint_format( tree, hf_msproxy_cmd, tvb, offset, 2,
|
2002-08-28 21:04:11 +00:00
|
|
|
cmd, "Command: 0x%02x (%s)", cmd,
|
2000-04-20 02:18:53 +00:00
|
|
|
get_msproxy_cmd_name( cmd, FROM_SERVER));
|
|
|
|
offset += 2;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
switch (cmd) {
|
|
|
|
case MSPROXY_HELLO_ACK:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_hello_ack( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_USERINFO_ACK:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_user_info_ack( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_AUTH_1_ACK:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_auth_1_ack( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
/* this also handle the MSPROXY_BIND_ACK ??? check this */
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
case MSPROXY_UDPASSOCIATE_ACK:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_udpassociate_ack( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_AUTH_2_ACK:
|
|
|
|
case MSPROXY_AUTH_2_ACK2:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_msproxy_response_4( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case MSPROXY_TCP_BIND_ACK:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_tcp_bind_ack( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case MSPROXY_CONNECT_ACK:
|
2001-03-22 08:39:08 +00:00
|
|
|
dissect_connect_ack( tvb, offset, pinfo, tree,
|
|
|
|
conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case MSPROXY_BINDINFO:
|
2001-03-22 08:39:08 +00:00
|
|
|
dissect_bind_info( tvb, offset, pinfo, tree, conv_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_RESOLVE_ACK:
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_resolve( tvb, offset, tree);
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
case MSPROXY_CONNECT_AUTHFAILED:
|
|
|
|
case MSPROXY_BIND_AUTHFAILED:
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 0, "No know information (help wanted)");
|
2000-04-20 02:18:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
|
|
|
if (tree &&
|
|
|
|
(((cmd >> 8) == MSPROXY_CONNREFUSED) ||
|
|
|
|
((cmd >> 12) == MSPROXY_CONNREFUSED)))
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 0,
|
2000-04-20 02:18:53 +00:00
|
|
|
"No know information (help wanted)");
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
else if ( tree)
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_tree_add_text( tree, tvb, offset, 0,
|
2000-04-20 02:18:53 +00:00
|
|
|
"Unhandled response command (report this, please)");
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
static void dissect_msproxy(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
proto_tree *msproxy_tree = NULL;
|
|
|
|
proto_item *ti;
|
|
|
|
unsigned int cmd;
|
|
|
|
|
|
|
|
|
|
|
|
hash_entry_t *hash_info;
|
|
|
|
conversation_t *conversation;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MSproxy");
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = find_conversation( pinfo->fd->num, &pinfo->src, &pinfo->dst,
|
2001-03-22 08:39:08 +00:00
|
|
|
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2001-09-03 10:33:12 +00:00
|
|
|
if ( !conversation) {
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = conversation_new( pinfo->fd->num, &pinfo->src, &pinfo->dst,
|
2001-09-03 10:33:12 +00:00
|
|
|
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
|
|
|
|
}
|
|
|
|
hash_info = conversation_get_proto_data(conversation, proto_msproxy);
|
|
|
|
if ( !hash_info) {
|
2005-08-12 09:56:28 +00:00
|
|
|
hash_info = se_alloc(sizeof(hash_entry_t));
|
2001-09-03 10:33:12 +00:00
|
|
|
conversation_add_proto_data(conversation, proto_msproxy,
|
|
|
|
hash_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)){
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
cmd = tvb_get_ntohs( tvb, 36);
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
if ( pinfo->srcport == UDP_PORT_MSPROXY)
|
2001-12-10 00:26:21 +00:00
|
|
|
col_add_fstr( pinfo->cinfo, COL_INFO, "Server message: %s",
|
2000-04-20 02:18:53 +00:00
|
|
|
get_msproxy_cmd_name( cmd, FROM_SERVER));
|
|
|
|
else
|
2001-12-10 00:26:21 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "Client message: %s",
|
2000-04-20 02:18:53 +00:00
|
|
|
get_msproxy_cmd_name( cmd, FROM_CLIENT));
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (tree) { /* if proto tree, decode data */
|
2002-01-24 09:20:54 +00:00
|
|
|
ti = proto_tree_add_item( tree, proto_msproxy, tvb, 0, -1,
|
|
|
|
FALSE );
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
msproxy_tree = proto_item_add_subtree(ti, ett_msproxy);
|
|
|
|
}
|
|
|
|
|
2001-03-22 08:39:08 +00:00
|
|
|
if ( pinfo->srcport == UDP_PORT_MSPROXY)
|
|
|
|
dissect_msproxy_response( tvb, pinfo, msproxy_tree, hash_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
else
|
2002-05-01 08:17:09 +00:00
|
|
|
dissect_msproxy_request( tvb, msproxy_tree, hash_info);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void msproxy_reinit( void){
|
|
|
|
|
|
|
|
/* Do the cleanup work when a new pass through the packet list is */
|
2005-08-12 09:56:28 +00:00
|
|
|
/* performed. Reset the highest row seen counter */
|
2000-04-20 02:18:53 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
last_row = 0;
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_msproxy( void){
|
|
|
|
|
|
|
|
/* Prep the msproxy protocol, for now, just register it */
|
|
|
|
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_msproxy,
|
|
|
|
&ett_msproxy_name
|
|
|
|
};
|
|
|
|
static hf_register_info hf[] = {
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
{ &hf_msproxy_cmd,
|
|
|
|
{ "Command", "msproxy.command", FT_UINT16, BASE_DEC,
|
2001-06-18 02:18:27 +00:00
|
|
|
NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
{ &hf_msproxy_dstaddr,
|
|
|
|
{ "Destination Address", "msproxy.dstaddr", FT_IPv4, BASE_NONE, NULL,
|
2001-06-18 02:18:27 +00:00
|
|
|
0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
|
|
|
|
{ &hf_msproxy_srcport,
|
|
|
|
{ "Source Port", "msproxy.srcport", FT_UINT16,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_DEC, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_dstport,
|
|
|
|
{ "Destination Port", "msproxy.dstport", FT_UINT16,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_DEC, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_clntport,
|
|
|
|
{ "Client Port", "msproxy.clntport", FT_UINT16,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_DEC, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_server_ext_addr,
|
|
|
|
{ "Server External Address", "msproxy.server_ext_addr", FT_IPv4, BASE_NONE, NULL,
|
2001-06-18 02:18:27 +00:00
|
|
|
0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
{ &hf_msproxy_server_ext_port,
|
|
|
|
{ "Server External Port", "msproxy.server_ext_port", FT_UINT16,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_DEC, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
|
|
|
|
{ &hf_msproxy_server_int_addr,
|
|
|
|
{ "Server Internal Address", "msproxy.server_int_addr", FT_IPv4, BASE_NONE, NULL,
|
2001-06-18 02:18:27 +00:00
|
|
|
0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-04-20 02:18:53 +00:00
|
|
|
{ &hf_msproxy_server_int_port,
|
|
|
|
{ "Server Internal Port", "msproxy.server_int_port", FT_UINT16,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_DEC, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_serverport,
|
|
|
|
{ "Server Port", "msproxy.serverport", FT_UINT16,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_DEC, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_bindport,
|
|
|
|
{ "Bind Port", "msproxy.bindport", FT_UINT16,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_DEC, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_boundport,
|
|
|
|
{ "Bound Port", "msproxy.boundport", FT_UINT16,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_DEC, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_serveraddr,
|
|
|
|
{ "Server Address", "msproxy.serveraddr", FT_IPv4, BASE_NONE, NULL,
|
2001-06-18 02:18:27 +00:00
|
|
|
0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_bindaddr,
|
|
|
|
{ "Destination", "msproxy.bindaddr", FT_IPv4, BASE_NONE, NULL,
|
2001-06-18 02:18:27 +00:00
|
|
|
0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_bind_id,
|
|
|
|
{ "Bound Port Id", "msproxy.bindid", FT_UINT32,
|
2001-06-18 02:18:27 +00:00
|
|
|
BASE_HEX, NULL, 0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{ &hf_msproxy_resolvaddr,
|
|
|
|
{ "Address", "msproxy.resolvaddr", FT_IPv4, BASE_NONE, NULL,
|
2001-06-18 02:18:27 +00:00
|
|
|
0x0, "", HFILL
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
};
|
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_msproxy = proto_register_protocol( "MS Proxy Protocol",
|
|
|
|
"MS Proxy", "msproxy");
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
proto_register_field_array(proto_msproxy, hf, array_length(hf));
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-04-20 02:18:53 +00:00
|
|
|
|
|
|
|
register_init_routine( &msproxy_reinit); /* register re-init routine */
|
2001-11-27 07:13:32 +00:00
|
|
|
|
|
|
|
msproxy_sub_handle = create_dissector_handle(msproxy_sub_dissector,
|
|
|
|
proto_msproxy);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_msproxy(void) {
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/* dissector install routine */
|
2001-11-27 07:13:32 +00:00
|
|
|
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t msproxy_handle;
|
|
|
|
|
|
|
|
msproxy_handle = create_dissector_handle(dissect_msproxy,
|
2001-03-22 08:39:08 +00:00
|
|
|
proto_msproxy);
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_add("udp.port", UDP_PORT_MSPROXY, msproxy_handle);
|
2000-04-20 02:18:53 +00:00
|
|
|
}
|