osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

From Eric Wedel: backend things for "Decode As" of DCE-RPC interfaces 

svn path=/trunk/; revision=11894
This commit is contained in:
Ulf Lamping 2004-09-04 11:35:26 +00:00
parent 38863005ae
commit 4777e5ef7b
4 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
epan/dissectors/packet-dcerpc.c
View File

@ -282,6 +282,7 @@ static const value_string reject_status_vals[] = {
/* we need to keep track of what transport were used, ie what handle we came
* in through so we know what kind of pinfo->private_data was passed to us.
*/
/* Value of -1 is reserved for "not DCE packet" in packet_info.dcetransporttype. */
#define DCE_TRANSPORT_UNKNOWN 0
#define DCE_CN_TRANSPORT_SMBPIPE 1
@ -2271,6 +2272,12 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep,
hf_dcerpc_cn_ctx_id, &ctx_id);
/* save context ID for use with add_conv_to_dcerpc_bind_table() */
/* (if we have multiple contexts, this might cause "decode as"
* to behave unpredictably) */
pinfo->dcectxid = ctx_id;
pinfo->dcetransporttype = transport_type;
if (dcerpc_tree) {
proto_item *ctx_item;
@ -2799,6 +2806,57 @@ end_cn_stub:
pinfo->fragmented = save_fragmented;
}
/**
* Registers a conversation/UUID binding association, so that
* we can invoke the proper sub-dissector for a given DCERPC
* conversation.
*
* @param conv Conversation, generally located by call to
* \ref find_conversation().
* @param ctx_id Context ID extracted from DCERPC packet which
* is part of target conversation.
* @param pinfo Packet info for packet containing ctx_id.
* @param uuid UUID to bind conversation to.
* @param ver UUID version, qualifier for UUID.
*
* @return Pointer to newly-added UUID/conversation binding.
*/
struct _dcerpc_bind_value *
add_conv_to_dcerpc_bind_table(conversation_t *conv,
guint16 ctx_id,
packet_info *pinfo,
e_uuid_t uuid,
guint16 ver)
{
dcerpc_bind_value *bind_value;
dcerpc_bind_key *key;
if (conv == NULL) {
/* oops, no conversation to add */
return NULL;
}
bind_value = g_mem_chunk_alloc (dcerpc_bind_value_chunk);
bind_value->uuid = uuid;
bind_value->ver = ver;
key = g_mem_chunk_alloc(dcerpc_bind_key_chunk);
key->conv = conv;
key->ctx_id = ctx_id;
key->smb_fid = get_transport_salt(pinfo, pinfo->dcetransporttype);
/* add this entry to the bind table, first removing any
previous ones that are identical
*/
if(g_hash_table_lookup(dcerpc_binds, key)){
g_hash_table_remove(dcerpc_binds, key);
}
g_hash_table_insert(dcerpc_binds, key, bind_value);
return bind_value;
}
static void
dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *dcerpc_tree, proto_tree *tree,
@ -2823,6 +2881,10 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
hf_dcerpc_opnum, &opnum);
/* save context ID for use with add_conv_to_dcerpc_bind_table() */
pinfo->dcectxid = ctx_id;
pinfo->dcetransporttype = transport_type;
if (check_col (pinfo->cinfo, COL_INFO)) {
col_append_fstr (pinfo->cinfo, COL_INFO, " opnum: %u ctx_id: %u",
opnum, ctx_id);
@ -2980,6 +3042,10 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
hf_dcerpc_cn_ctx_id, &ctx_id);
/* save context ID for use with add_conv_to_dcerpc_bind_table() */
pinfo->dcectxid = ctx_id;
pinfo->dcetransporttype = transport_type;
if (check_col (pinfo->cinfo, COL_INFO)) {
col_append_fstr (pinfo->cinfo, COL_INFO, " ctx_id: %u", ctx_id);
}
@ -3094,6 +3160,10 @@ dissect_dcerpc_cn_fault (tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
hf_dcerpc_cn_status, &status);
/* save context ID for use with add_conv_to_dcerpc_bind_table() */
pinfo->dcectxid = ctx_id;
pinfo->dcetransporttype = transport_type;
if (check_col (pinfo->cinfo, COL_INFO)) {
col_append_fstr (pinfo->cinfo, COL_INFO,
" ctx_id: %u status: %s", ctx_id,

8
epan/dissectors/packet-dcerpc.h
View File

@ -311,6 +311,14 @@ typedef struct _dcerpc_auth_subdissector_fns {
void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
dcerpc_auth_subdissector_fns *fns);
/* Helper for "decode as" dialog to set up a UUID/conversation binding. */
struct _dcerpc_bind_value *
add_conv_to_dcerpc_bind_table(conversation_t *conv,
guint16 ctx_id,
packet_info *pinfo,
e_uuid_t uuid,
guint16 ver);
/* Authentication services */
/*

2
epan/packet.c
View File

@ -297,6 +297,8 @@ dissect_packet(epan_dissect_t *edt, union wtap_pseudo_header *pseudo_header,
edt->pi.src_idx = 0;
edt->pi.dst_idx = 0;
edt->pi.vsan = 0;
edt->pi.dcectxid = 0;
edt->pi.dcetransporttype = -1;
TRY {
edt->tvb = tvb_new_real_data(pd, fd->cap_len, fd->pkt_len);

4
epan/packet_info.h
View File

@ -122,6 +122,10 @@ typedef struct _packet_info {
guint16 src_idx; /* Source port index (Cisco MDS-specific) */
guint16 dst_idx; /* Dest port index (Cisco MDS-specific) */
guint16 vsan; /* Fibre channel/Cisco MDS-specific */
guint16 dcectxid; /* Context ID (DCERPC-specific) */
int dcetransporttype; /* Transport type, tag for private_data (DCERPC-specific)
* Value -1 means "not a DCERPC packet"
*/
void *private_data; /* pointer to data passed from one dissector to another */
} packet_info;