osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Parse client and server blocks of settings data introduced in newer RDP versions 

Change-Id: I46b4557623921e1c2c093ca5e3e75908826358e3
Reviewed-on: https://code.wireshark.org/review/3681
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Eugene Sukhodolin 2014-08-17 20:10:06 -07:00 committed by Anders Broman
parent 018b84de84
commit 30f3a71621
1 changed files with 175 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
epan/dissectors/packet-rdp.c
View File

@ -60,11 +60,17 @@ static int ett_rdp_clientCoreData = -1;
static int ett_rdp_clientSecurityData = -1;
static int ett_rdp_clientNetworkData = -1;
static int ett_rdp_clientClusterData = -1;
static int ett_rdp_clientMonitorData = -1;
static int ett_rdp_clientMsgChannelData = -1;
static int ett_rdp_clientMonitorExData = -1;
static int ett_rdp_clientMultiTransportData = -1;
static int ett_rdp_clientUnknownData = -1;
static int ett_rdp_ServerData = -1;
static int ett_rdp_serverCoreData = -1;
static int ett_rdp_serverSecurityData = -1;
static int ett_rdp_serverNetworkData = -1;
static int ett_rdp_serverMsgChannelData = -1;
static int ett_rdp_serverMultiTransportData = -1;
static int ett_rdp_serverUnknownData = -1;
static int ett_rdp_channelIdArray = -1;
static int ett_rdp_securityExchangePDU = -1;
@ -92,11 +98,17 @@ static int hf_rdp_clientCoreData = -1;
static int hf_rdp_clientSecurityData = -1;
static int hf_rdp_clientNetworkData = -1;
static int hf_rdp_clientClusterData = -1;
static int hf_rdp_clientMonitorData = -1;
static int hf_rdp_clientMsgChannelData = -1;
static int hf_rdp_clientMonitorExData = -1;
static int hf_rdp_clientMultiTransportData = -1;
static int hf_rdp_clientUnknownData = -1;
static int hf_rdp_ServerData = -1;
static int hf_rdp_serverCoreData = -1;
static int hf_rdp_serverSecurityData = -1;
static int hf_rdp_serverNetworkData = -1;
static int hf_rdp_serverMsgChannelData = -1;
static int hf_rdp_serverMultiTransportData = -1;
static int hf_rdp_serverUnknownData = -1;
static int hf_rdp_securityExchangePDU = -1;
@ -133,6 +145,12 @@ static int hf_rdp_encryptionMethods = -1;
static int hf_rdp_extEncryptionMethods = -1;
static int hf_rdp_cluster_flags = -1;
static int hf_rdp_redirectedSessionId = -1;
static int hf_rdp_msgChannelFlags = -1;
static int hf_rdp_msgChannelId = -1;
static int hf_rdp_monitorExFlags = -1;
static int hf_rdp_monitorAttributeSize = -1;
static int hf_rdp_monitorCount = -1;
static int hf_rdp_multiTransportFlags = -1;
static int hf_rdp_encryptionMethod = -1;
@ -320,14 +338,20 @@ static int hf_rdp_DaylightBias = -1;
static int hf_rdp_unused = -1;
#define CS_CORE 0xC001
#define CS_SECURITY 0xC002
#define CS_NET 0xC003
#define CS_CLUSTER 0xC004
#define CS_CORE 0xC001
#define CS_SECURITY 0xC002
#define CS_NET 0xC003
#define CS_CLUSTER 0xC004
#define CS_MONITOR 0xC005
#define CS_MCS_MSGCHANNEL 0xC006
#define CS_MONITOR_EX 0xC008
#define CS_MULTITRANSPORT 0xC00A
#define SC_CORE 0x0C01
#define SC_SECURITY 0x0C02
#define SC_NET 0x0C03
#define SC_CORE 0x0C01
#define SC_SECURITY 0x0C02
#define SC_NET 0x0C03
#define SC_MCS_MSGCHANNEL 0x0C04
#define SC_MULTITRANSPORT 0x0C08
#define SEC_EXCHANGE_PKT 0x0001
#define SEC_ENCRYPT 0x0008
@ -543,13 +567,19 @@ typedef struct rdp_field_info_t {
#define FI_TERMINATOR {NULL, 0, NULL, 0, 0, NULL}
static const value_string rdp_headerType_vals[] = {
{ CS_CORE, "clientCoreData" },
{ CS_SECURITY, "clientSecurityData" },
{ CS_NET, "clientNetworkData" },
{ CS_CLUSTER, "clientClusterData" },
{ SC_CORE, "serverCoreData" },
{ SC_SECURITY, "serverSecurityData" },
{ SC_NET, "serverNetworkData" },
{ CS_CORE, "clientCoreData" },
{ CS_SECURITY, "clientSecurityData" },
{ CS_NET, "clientNetworkData" },
{ CS_CLUSTER, "clientClusterData" },
{ CS_MONITOR, "clientMonitorData" },
{ CS_MCS_MSGCHANNEL, "clientMsgChannelData" },
{ CS_MONITOR_EX, "clientMonitorExData" },
{ CS_MULTITRANSPORT, "clientMultiTransportData" },
{ SC_CORE, "serverCoreData" },
{ SC_SECURITY, "serverSecurityData" },
{ SC_NET, "serverNetworkData" },
{ SC_MCS_MSGCHANNEL, "serverMsgChannelData" },
{ SC_MULTITRANSPORT, "serverMultiTransportData" },
{ 0, NULL }
};
@ -580,7 +610,7 @@ static const value_string rdp_keyboardType_vals[] = {
{ 5, "Noki 1050 and similar keyboards" },
{ 6, "Nokia 9140 and similar keyboards" },
{ 7, "Japanese keyboard" },
{ 0, NULL }
{ 0, NULL }
};
static const value_string rdp_connectionType_vals[] = {
@ -589,7 +619,8 @@ static const value_string rdp_connectionType_vals[] = {
{ 3, "Satellite (2 Mbps - 16Mbps with high latency)" },
{ 4, "High-speed broadband (2 Mbps - 10Mbps)" },
{ 5, "WAN (10 Mbps or higher with high latency)" },
{ 6, "LAN (10 Mbps or higher" },
{ 6, "LAN (10 Mbps or higher)" },
{ 7, "Auto Detect" },
{ 0, NULL},
};
@ -1667,6 +1698,32 @@ dissect_rdp_ClientData(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
{&hf_rdp_redirectedSessionId, 4, NULL, 0, 0, NULL },
FI_TERMINATOR
};
rdp_field_info_t msgchannel_fields[] = {
{&hf_rdp_headerType, 2, NULL, 0, 0, NULL },
{&hf_rdp_headerLength, 2, NULL, 0, 0, NULL },
{&hf_rdp_msgChannelFlags, 4, NULL, 0, 0, NULL },
FI_TERMINATOR
};
rdp_field_info_t monitor_fields[] = {
{&hf_rdp_headerType, 2, NULL, 0, 0, NULL },
{&hf_rdp_headerLength, 2, NULL, 0, 0, NULL },
{&hf_rdp_monitorCount, 4, NULL, 0, 0, NULL },
FI_TERMINATOR
};
rdp_field_info_t monitorex_fields[] = {
{&hf_rdp_headerType, 2, NULL, 0, 0, NULL },
{&hf_rdp_headerLength, 2, NULL, 0, 0, NULL },
{&hf_rdp_monitorExFlags, 4, NULL, 0, 0, NULL },
{&hf_rdp_monitorAttributeSize, 4, NULL, 0, 0, NULL },
{&hf_rdp_monitorCount, 4, NULL, 0, 0, NULL },
FI_TERMINATOR
};
rdp_field_info_t multitransport_fields[] = {
{&hf_rdp_headerType, 2, NULL, 0, 0, NULL },
{&hf_rdp_headerLength, 2, NULL, 0, 0, NULL },
{&hf_rdp_multiTransportFlags, 4, NULL, 0, 0, NULL },
FI_TERMINATOR
};
tree = dissect_rdp(tvb, pinfo, tree);
@ -1717,6 +1774,30 @@ dissect_rdp_ClientData(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
break;
case CS_MONITOR:
pi = proto_tree_add_item(tree, hf_rdp_clientMonitorData, tvb, offset, length, ENC_NA);
next_tree = proto_item_add_subtree(pi, ett_rdp_clientMonitorData);
/*offset =*/ dissect_rdp_fields(tvb, offset, pinfo, next_tree, monitor_fields, 0);
break;
case CS_MONITOR_EX:
pi = proto_tree_add_item(tree, hf_rdp_clientMonitorExData, tvb, offset, length, ENC_NA);
next_tree = proto_item_add_subtree(pi, ett_rdp_clientMonitorExData);
/*offset =*/ dissect_rdp_fields(tvb, offset, pinfo, next_tree, monitorex_fields, 0);
break;
case CS_MCS_MSGCHANNEL:
pi = proto_tree_add_item(tree, hf_rdp_clientMsgChannelData, tvb, offset, length, ENC_NA);
next_tree = proto_item_add_subtree(pi, ett_rdp_clientMsgChannelData);
/*offset =*/ dissect_rdp_fields(tvb, offset, pinfo, next_tree, msgchannel_fields, 0);
break;
case CS_MULTITRANSPORT:
pi = proto_tree_add_item(tree, hf_rdp_clientMultiTransportData, tvb, offset, length, ENC_NA);
next_tree = proto_item_add_subtree(pi, ett_rdp_clientMultiTransportData);
/*offset =*/ dissect_rdp_fields(tvb, offset, pinfo, next_tree, multitransport_fields, 0);
break;
default: /* unknown */
pi = proto_tree_add_item(tree, hf_rdp_clientUnknownData, tvb, offset, length, ENC_NA);
next_tree = proto_item_add_subtree(pi, ett_rdp_clientUnknownData);
@ -1795,6 +1876,18 @@ dissect_rdp_ServerData(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
{&hf_rdp_Pad, 2, NULL, 0, 0, NULL },
FI_TERMINATOR
};
rdp_field_info_t msgchannel_fields[] = {
{&hf_rdp_headerType, 2, NULL, 0, 0, NULL },
{&hf_rdp_headerLength, 2, NULL, 0, 0, NULL },
{&hf_rdp_msgChannelId, 2, NULL, 0, 0, NULL },
FI_TERMINATOR
};
rdp_field_info_t multitransport_fields[] = {
{&hf_rdp_headerType, 2, NULL, 0, 0, NULL },
{&hf_rdp_headerLength, 2, NULL, 0, 0, NULL },
{&hf_rdp_multiTransportFlags, 4, NULL, 0, 0, NULL },
FI_TERMINATOR
};
tree = dissect_rdp(tvb, pinfo, tree);
@ -1875,6 +1968,18 @@ dissect_rdp_ServerData(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
break;
}
case SC_MCS_MSGCHANNEL:
pi = proto_tree_add_item(tree, hf_rdp_serverMsgChannelData, tvb, offset, length, ENC_NA);
next_tree = proto_item_add_subtree(pi, ett_rdp_serverMsgChannelData);
/*offset =*/ dissect_rdp_fields(tvb, offset, pinfo, next_tree, msgchannel_fields, length);
break;
case SC_MULTITRANSPORT:
pi = proto_tree_add_item(tree, hf_rdp_serverMultiTransportData, tvb, offset, length, ENC_NA);
next_tree = proto_item_add_subtree(pi, ett_rdp_serverMultiTransportData);
/*offset =*/ dissect_rdp_fields(tvb, offset, pinfo, next_tree, multitransport_fields, length);
break;
default: /* unknown */
pi = proto_tree_add_item(tree, hf_rdp_serverUnknownData, tvb, offset, length, ENC_NA);
next_tree = proto_item_add_subtree(pi, ett_rdp_serverUnknownData);
@ -1916,6 +2021,22 @@ proto_register_rdp(void) {
{ "clientClusterData", "rdp.client.clusterData",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_clientMonitorData,
{ "clientMonitorData", "rdp.client.monitorData",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_clientMsgChannelData,
{ "clientMsgChannelData", "rdp.client.msgChannelData",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_clientMonitorExData,
{ "clientMonitorExData", "rdp.client.monitorExData",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_clientMultiTransportData,
{ "clientMultiTransportData", "rdp.client.multiTransportData",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_clientUnknownData,
{ "clientUnknownData", "rdp.unknownData.client",
FT_NONE, BASE_NONE, NULL, 0,
@ -1936,6 +2057,14 @@ proto_register_rdp(void) {
{ "serverNetworkData", "rdp.server.networkData",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_serverMsgChannelData,
{ "serverMsgChannelData", "rdp.server.msgChannelData",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_serverMultiTransportData,
{ "serverMultiTransportData", "rdp.server.multiTransportData",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_serverUnknownData,
{ "serverUnknownData", "rdp.unknownData.server",
FT_NONE, BASE_NONE, NULL, 0,
@ -2068,6 +2197,30 @@ proto_register_rdp(void) {
{ "redirectedSessionId", "rdp.redirectedSessionId",
FT_UINT32, BASE_HEX, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_msgChannelFlags,
{ "msgChannelFlags", "rdp.msgChannelFlags",
FT_UINT32, BASE_HEX, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_msgChannelId,
{ "msgChannelId", "rdp.msgChannelId",
FT_UINT16, BASE_DEC, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_monitorExFlags,
{ "monitorExFlags", "rdp.monitorExFlags",
FT_UINT32, BASE_HEX, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_monitorAttributeSize,
{ "monitorAttributeSize", "rdp.monitorAttributeSize",
FT_UINT32, BASE_DEC, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_monitorCount,
{ "monitorCount", "rdp.monitorCount",
FT_UINT32, BASE_DEC, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_multiTransportFlags,
{ "multiTransportFlags", "rdp.multiTransportFlags",
FT_UINT32, BASE_HEX, NULL, 0,
NULL, HFILL }},
{ &hf_rdp_encryptionMethod,
{ "encryptionMethod", "rdp.encryptionMethod",
FT_UINT32, BASE_HEX, VALS(rdp_encryptionMethod_vals), 0,
@ -2735,6 +2888,10 @@ proto_register_rdp(void) {
&ett_rdp_clientClusterData,
&ett_rdp_clientCoreData,
&ett_rdp_clientInfoPDU,
&ett_rdp_clientMonitorData,
&ett_rdp_clientMonitorExData,
&ett_rdp_clientMsgChannelData,
&ett_rdp_clientMultiTransportData,
&ett_rdp_clientNetworkData,
&ett_rdp_clientSecurityData,
&ett_rdp_clientUnknownData,
@ -2745,6 +2902,8 @@ proto_register_rdp(void) {
&ett_rdp_pduType,
&ett_rdp_securityExchangePDU,
&ett_rdp_serverCoreData,
&ett_rdp_serverMsgChannelData,
&ett_rdp_serverMultiTransportData,
&ett_rdp_serverNetworkData,
&ett_rdp_serverSecurityData,
&ett_rdp_serverUnknownData,