osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

various UUID/GUID based changes. 

I think I've changed all corresponding appearances from FT_STRING to FT_GUID, so assert the FT_ type as it should only be a FT_GUID now.

Add a generic implementation in guid_utils.h to have a way to store data about GUID to name resolving (something like value_string for e.g. int). It might be better to have a single registry for all GUID's of all dissectors and implement the GUID name resolving into the proto_tree_add... functions.

svn path=/trunk/; revision=18935
This commit is contained in:
Ulf Lamping 2006-08-16 23:13:26 +00:00
parent eb7c653073
commit de0594b9a5
10 changed files with 409 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
epan/Makefile.common
View File

@ -55,6 +55,7 @@ LIBWIRESHARK_SRC = \
follow.c \
frame_data.c \
funnel.c \
guid-utils.c \
h225-persistentdata.c \
in_cksum.c \
ipproto.c \
@ -135,6 +136,7 @@ LIBWIRESHARK_INCLUDES = \
funnel.h \
gnuc_format_check.h \
greproto.h \
guid-utils.h \
h225-persistentdata.h \
iax2_codec_type.h \
in_cksum.h \
@ -142,7 +144,6 @@ LIBWIRESHARK_INCLUDES = \
ipproto.h \
ipv4.h \
ipv6-utils.h \
guid-utils.h \
lapd_sapi.h \
llcsaps.h \
next_tvb.h \

59
epan/dissectors/packet-dcerpc-epm.c
View File

@ -32,6 +32,7 @@
#include <glib.h>
#include <epan/packet.h>
#include <epan/expert.h>
#include "packet-dcerpc.h"
#include "packet-dcerpc-nt.h"
@ -79,6 +80,11 @@ static e_uuid_t uuid_epm = { 0xe1af8308, 0x5d1f, 0x11c9, { 0x91, 0xa4, 0x08, 0x0
static guint16 ver_epm3 = 3;
static guint16 ver_epm4 = 4;
GHashTable *uuids=NULL;
static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } };
static const value_string ep_service[] = {
{ 0, "rpc_c_ep_all_elts" },
{ 1, "rpc_c_ep_match_by_if" },
@ -324,6 +330,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
{
guint16 num_floors, i;
dcerpc_info *di;
const char *uuid_name;
di=pinfo->private_data;
if(di->conformant_run){
@ -341,6 +348,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
guint16 len;
guint8 proto_id;
e_uuid_t uuid;
proto_item *pi;
it = proto_tree_add_text(tree, tvb, offset, 0, "Floor %d ", i);
tr = proto_item_add_subtree(it, ett_epm_tower_floor);
@ -356,20 +364,33 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
case PROTO_ID_UUID:
dcerpc_tvb_get_uuid (tvb, offset+1, drep, &uuid);
proto_tree_add_string_format (tr, hf_epm_uuid, tvb, offset+1, 16, "",
"UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
uuid_name = guids_get_guid_name(uuids, (e_guid_t *) &uuid);
if(uuid_name != NULL) {
proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
"UUID: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
uuid_name,
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
} else {
proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
"UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
}
proto_tree_add_text(tr, tvb, offset+17, 2, "Version %d.%d", tvb_get_guint8(tvb, offset+17), tvb_get_guint8(tvb, offset+18));
{
guint16 version = tvb_get_ntohs(tvb, offset+17);
const char *service = dcerpc_get_proto_name(&uuid, version);
if (service)
proto_item_append_text(tr, "UUID: %s", service);
if (service || uuid_name)
proto_item_append_text(tr, "UUID: %s", service ? service : uuid_name);
else
proto_item_append_text(tr, "UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x Version %d.%d", uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
@ -384,7 +405,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
offset += len;
len = tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tr, hf_epm_tower_rhs_len, tvb, offset, 2, len);
pi = proto_tree_add_uint(tr, hf_epm_tower_rhs_len, tvb, offset, 2, len);
offset += 2;
switch(proto_id){
@ -408,6 +429,11 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
proto_item_append_text(tr, "RPC connection-oriented protocol");
break;
case PROTO_ID_RPC_CL:
proto_item_append_text(tr, "RPC connectionless protocol");
/* XXX - two (zero) bytes still undecoded, don't know what it is */
break;
case PROTO_ID_NAMED_PIPES: /* \\PIPE\xxx named pipe */
tvb_ensure_bytes_exist(tvb, offset, len);
proto_tree_add_item(tr, hf_epm_proto_named_pipes, tvb, offset, len, TRUE);
@ -432,8 +458,10 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
default:
if(len){
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_WARN, "RightHandSide not decoded yet for proto_id 0x%x",
proto_id);
tvb_ensure_bytes_exist(tvb, offset, len);
proto_tree_add_text(tr, tvb, offset, len, "not decoded yet");
proto_tree_add_text(tr, tvb, offset, len, "RightHandSide not decoded yet for proto_id 0x%x", proto_id);
}
}
offset += len;
@ -677,9 +705,9 @@ proto_register_epm (void)
{ &hf_epm_inquiry_type,
{ "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, VALS(ep_service), 0x0, "", HFILL }},
{ &hf_epm_object,
{ "Object", "epm.object", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "Object", "epm.object", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_epm_if_id,
{ "Interface", "epm.if_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "Interface", "epm.if_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_epm_ver_maj,
{ "Version Major", "epm.ver_maj", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_epm_ver_min,
@ -693,7 +721,7 @@ proto_register_epm (void)
{ &hf_epm_num_ents,
{ "Num entries", "epm.num_ents", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_epm_uuid,
{ "UUID", "epm.uuid", FT_STRING, BASE_NONE, NULL, 0x0, "UUID", HFILL }},
{ "UUID", "epm.uuid", FT_GUID, BASE_NONE, NULL, 0x0, "UUID", HFILL }},
{ &hf_epm_annotation,
{ "Annotation", "epm.annotation", FT_STRING, BASE_NONE, NULL, 0x0, "Annotation", HFILL }},
{ &hf_epm_proto_named_pipes,
@ -739,6 +767,9 @@ proto_register_epm (void)
&ett_epm_entry
};
uuids = guids_new();
guids_add_guid(uuids, (e_guid_t *) &uuid_data_repr_proto, "Version 1.1 network data representation protocol", NULL);
/* interface version 3 */
proto_epm3 = proto_register_protocol ("DCE/RPC Endpoint Mapper", "EPM", "epm");
proto_register_field_array (proto_epm3, hf, array_length (hf));

157
epan/dissectors/packet-dcerpc.c
View File

@ -369,11 +369,14 @@ static int hf_dcerpc_cn_max_xmit = -1;
static int hf_dcerpc_cn_max_recv = -1;
static int hf_dcerpc_cn_assoc_group = -1;
static int hf_dcerpc_cn_num_ctx_items = -1;
static int hf_dcerpc_cn_ctx_item = -1;
static int hf_dcerpc_cn_ctx_id = -1;
static int hf_dcerpc_cn_num_trans_items = -1;
static int hf_dcerpc_cn_bind_abstract_syntax = -1;
static int hf_dcerpc_cn_bind_if_id = -1;
static int hf_dcerpc_cn_bind_if_ver = -1;
static int hf_dcerpc_cn_bind_if_ver_minor = -1;
static int hf_dcerpc_cn_bind_trans_syntax = -1;
static int hf_dcerpc_cn_bind_trans_id = -1;
static int hf_dcerpc_cn_bind_trans_ver = -1;
static int hf_dcerpc_cn_alloc_hint = -1;
@ -462,6 +465,7 @@ static gint ett_dcerpc = -1;
static gint ett_dcerpc_cn_flags = -1;
static gint ett_dcerpc_cn_ctx = -1;
static gint ett_dcerpc_cn_iface = -1;
static gint ett_dcerpc_cn_trans_syntax = -1;
static gint ett_dcerpc_drep = -1;
static gint ett_dcerpc_dg_flags1 = -1;
static gint ett_dcerpc_dg_flags2 = -1;
@ -1143,18 +1147,18 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
int hfindex, e_uuid_t *pdata)
{
e_uuid_t uuid;
header_field_info* hfi;
#if 0
header_field_info* hfi;
gchar *uuid_name;
#endif
dcerpc_tvb_get_uuid (tvb, offset, drep, &uuid);
if (tree) {
#if 0
/* get name of protocol field to prepend it later */
hfi = proto_registrar_get_nth(hfindex);
#if 0
/* XXX - get the name won't work correct, as we don't know the version of this uuid (if it has one) */
/* look for a registered uuid name */
uuid_name = dcerpc_get_uuid_name(&uuid, 0);
@ -1172,21 +1176,9 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
} else {
#endif
/* GUID have changed from FT_STRING to FT_GUID
but we havent changed all dissectors yet.
(XXX - have we changed all dissectors?).
*/
if(hfi->type==FT_GUID){
proto_tree_add_item(tree, hfindex, tvb, offset, 16, (drep[0] & 0x10));
} else {
/* we don't know the name of this uuid */
proto_tree_add_string_format (tree, hfindex, tvb, offset, 16, "",
"%s: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
hfi->name,
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
}
proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
#if 0
}
#endif
@ -2622,9 +2614,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
char uuid_str[DCERPC_UUID_STR_LEN];
int uuid_str_len;
dcerpc_auth_info auth_info;
char *uuid_name = NULL;
#ifdef _WIN32
char uuid_name[MAX_PATH];
char uuid_name2[MAX_PATH];
#endif
proto_item *iface_item;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
hf_dcerpc_cn_max_xmit, NULL);
@ -2642,9 +2636,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset += 3;
for (i = 0; i < num_ctx_items; i++) {
proto_item *ctx_item;
proto_tree *ctx_tree = NULL, *iface_tree = NULL;
gint ctx_offset = offset;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep,
dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep,
hf_dcerpc_cn_ctx_id, &ctx_id);
if (check_col (pinfo->cinfo, COL_DCE_CTX)) {
@ -2663,25 +2659,29 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
pinfo->dcectxid = ctx_id;
if (dcerpc_tree) {
proto_item *ctx_item;
ctx_item = proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_ctx_id,
tvb, offset - 2, 2,
ctx_item = proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_ctx_item,
tvb, offset, 0,
hdr->drep[0] & 0x10);
ctx_tree = proto_item_add_subtree(ctx_item, ett_dcerpc_cn_ctx);
}
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, ctx_tree, hdr->drep,
hf_dcerpc_cn_ctx_id, &ctx_id);
offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, ctx_tree, hdr->drep,
hf_dcerpc_cn_num_trans_items, &num_trans_items);
if(dcerpc_tree) {
proto_item_append_text(ctx_item, "[%u]: ID:%u", i+1, ctx_id);
}
/* padding */
offset += 1;
/* XXX - use "dissect_ndr_uuid_t()"? */
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &if_id);
if (ctx_tree) {
proto_item *iface_item;
iface_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_abstract_syntax, tvb, offset, 0, FALSE);
iface_tree = proto_item_add_subtree(iface_item, ett_dcerpc_cn_iface);
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
@ -2693,15 +2693,21 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
#ifdef _WIN32
if(ResolveWin32UUID(if_id, uuid_name, MAX_PATH))
iface_item = proto_tree_add_string_format (ctx_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, uuid_str, "Interface: %s\tUUID: %s", uuid_name, uuid_str);
else
if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH)) {
uuid_name = uuid_name2;
}
if(uuid_name) {
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
proto_item_append_text(iface_item, "%s", uuid_name);
} else {
#endif
iface_item = proto_tree_add_string_format (ctx_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, uuid_str, "Interface UUID: %s", uuid_str);
iface_tree = proto_item_add_subtree(iface_item, ett_dcerpc_cn_iface);
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str);
proto_item_append_text(iface_item, "%s", uuid_str);
}
}
offset += 16;
@ -2717,6 +2723,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
hf_dcerpc_cn_bind_if_ver, &if_ver);
}
if (ctx_tree) {
proto_item_append_text(iface_item, " V%u.%u", if_ver, if_ver_minor);
proto_item_set_len(iface_item, 20);
}
if (!saw_ctx_item) {
conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
@ -2767,9 +2778,9 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %s", value->name);
else
#ifdef _WIN32
if(ResolveWin32UUID(if_id, uuid_name, MAX_PATH))
if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH))
col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
uuid_name, if_id.Data1, if_id.Data2, if_id.Data3,
uuid_name2, if_id.Data1, if_id.Data2, if_id.Data3,
if_id.Data4[0], if_id.Data4[1],
if_id.Data4[2], if_id.Data4[3],
if_id.Data4[4], if_id.Data4[5],
@ -2789,9 +2800,15 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
for (j = 0; j < num_trans_items; j++) {
/* XXX - use "dissect_ndr_uuid_t()"? */
proto_tree *trans_tree = NULL;
proto_item *trans_item = NULL;
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
if (iface_tree) {
if (ctx_tree) {
trans_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_trans_syntax, tvb, offset, 0, FALSE);
trans_tree = proto_item_add_subtree(trans_item, ett_dcerpc_cn_trans_syntax);
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
trans_id.Data1, trans_id.Data2, trans_id.Data3,
@ -2801,13 +2818,22 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
trans_id.Data4[6], trans_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_string_format (iface_tree, hf_dcerpc_cn_bind_trans_id, tvb,
offset, 16, uuid_str, "Transfer Syntax: %s", uuid_str);
proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str);
}
offset += 16;
offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, iface_tree, hdr->drep,
offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, trans_tree, hdr->drep,
hf_dcerpc_cn_bind_trans_ver, &trans_ver);
if (ctx_tree) {
proto_item_set_len(trans_item, 20);
proto_item_append_text(trans_item, " V%u", trans_ver);
}
}
if(ctx_tree) {
proto_item_set_len(ctx_item, offset - ctx_offset);
}
}
@ -2868,7 +2894,7 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if(dcerpc_tree){
proto_item *ctx_item;
ctx_item = proto_tree_add_text(dcerpc_tree, tvb, offset, 24, "Context ID: %d", i);
ctx_item = proto_tree_add_text(dcerpc_tree, tvb, offset, 24, "Context ID[%u]", i+1);
ctx_tree = proto_item_add_subtree(ctx_item, ett_dcerpc_cn_ctx);
}
@ -2887,7 +2913,6 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
offset += 2;
}
/* XXX - use "dissect_ndr_uuid_t()"? */
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
if (ctx_tree) {
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
@ -2899,8 +2924,8 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
trans_id.Data4[6], trans_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_string_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
offset, 16, uuid_str, "Transfer Syntax: %s", uuid_str);
proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
}
offset += 16;
@ -3344,7 +3369,6 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
if (hdr->flags & PFC_OBJECT_UUID) {
/* XXX - use "dissect_ndr_uuid_t()"? */
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id);
if (dcerpc_tree) {
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
@ -3360,8 +3384,8 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
obj_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 16, uuid_str, "Object UUID: %s", uuid_str);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s", uuid_str);
}
offset += 16;
}
@ -3599,7 +3623,6 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* (optional) "Object UUID" from request */
if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) {
/* XXX - use "dissect_ndr_uuid_t()"? */
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
value->object_uuid.Data1, value->object_uuid.Data2, value->object_uuid.Data3,
@ -3613,8 +3636,8 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
value->object_uuid.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
pi = proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 0, uuid_str, "Object UUID: %s", uuid_str);
pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s", uuid_str);
PROTO_ITEM_SET_GENERATED(pi);
}
@ -4980,7 +5003,6 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
offset++;
if (tree) {
/* XXX - use "dissect_ndr_uuid_t()"? */
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
hdr.obj_id.Data1, hdr.obj_id.Data2, hdr.obj_id.Data3,
@ -4994,13 +5016,12 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
hdr.obj_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 16, uuid_str, "Object UUID: %s", uuid_str);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s", uuid_str);
}
offset += 16;
if (tree) {
/* XXX - use "dissect_ndr_uuid_t()"? */
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
hdr.if_id.Data1, hdr.if_id.Data2, hdr.if_id.Data3,
@ -5014,13 +5035,12 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
hdr.if_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
offset, 16, uuid_str, "Interface: %s", uuid_str);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s", uuid_str);
}
offset += 16;
if (tree) {
/* XXX - use "dissect_ndr_uuid_t()"? */
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
hdr.act_id.Data1, hdr.act_id.Data2, hdr.act_id.Data3,
@ -5034,8 +5054,8 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
hdr.act_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
offset, 16, uuid_str, "Activity: %s", uuid_str);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s", uuid_str);
}
offset += 16;
@ -5291,20 +5311,26 @@ proto_register_dcerpc (void)
{ "Assoc Group", "dcerpc.cn_assoc_group", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_num_ctx_items,
{ "Num Ctx Items", "dcerpc.cn_num_ctx_items", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_ctx_item,
{ "Ctx Item", "dcerpc.cn_ctx_item", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_ctx_id,
{ "Context ID", "dcerpc.cn_ctx_id", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_num_trans_items,
{ "Num Trans Items", "dcerpc.cn_num_trans_items", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_bind_abstract_syntax,
{ "Abstract Syntax", "dcerpc.cn_bind_abstract_syntax", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_bind_if_id,
{ "Interface UUID", "dcerpc.cn_bind_to_uuid", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "Interface UUID", "dcerpc.cn_bind_to_uuid", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_bind_if_ver,
{ "Interface Ver", "dcerpc.cn_bind_if_ver", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_bind_if_ver_minor,
{ "Interface Ver Minor", "dcerpc.cn_bind_if_ver_minor", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_bind_trans_syntax,
{ "Transfer Syntax", "dcerpc.cn_bind_trans", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_bind_trans_id,
{ "Transfer Syntax", "dcerpc.cn_bind_trans_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "ID", "dcerpc.cn_bind_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_bind_trans_ver,
{ "Syntax ver", "dcerpc.cn_bind_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ "ver", "dcerpc.cn_bind_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_alloc_hint,
{ "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_sec_addr_len,
@ -5318,7 +5344,7 @@ proto_register_dcerpc (void)
{ &hf_dcerpc_cn_ack_reason,
{ "Ack reason", "dcerpc.cn_ack_reason", FT_UINT16, BASE_DEC, VALS(p_provider_reason_vals), 0x0, "", HFILL }},
{ &hf_dcerpc_cn_ack_trans_id,
{ "Transfer Syntax", "dcerpc.cn_ack_trans_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "Transfer Syntax", "dcerpc.cn_ack_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_ack_trans_ver,
{ "Syntax ver", "dcerpc.cn_ack_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_cn_reject_reason,
@ -5408,11 +5434,11 @@ proto_register_dcerpc (void)
{ &hf_dcerpc_krb5_av_key_auth_verifier,
{ "Authentication Verifier", "dcerpc.krb5_av.auth_verifier", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_obj_id,
{ "Object", "dcerpc.obj_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "Object", "dcerpc.obj_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_dg_if_id,
{ "Interface", "dcerpc.dg_if_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "Interface", "dcerpc.dg_if_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_dg_act_id,
{ "Activity", "dcerpc.dg_act_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "Activity", "dcerpc.dg_act_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcerpc_opnum,
{ "Opnum", "dcerpc.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
@ -5508,6 +5534,7 @@ proto_register_dcerpc (void)
&ett_dcerpc_cn_flags,
&ett_dcerpc_cn_ctx,
&ett_dcerpc_cn_iface,
&ett_dcerpc_cn_trans_syntax,
&ett_dcerpc_drep,
&ett_dcerpc_dg_flags1,
&ett_dcerpc_dg_flags2,

21
epan/dissectors/packet-dcom-cba.c
View File

@ -84,11 +84,7 @@ static int hf_cba_save_ldev_name = -1;
static int hf_cba_save_result = -1;
/* fake protocols (these are simply classes) */
static int proto_coclass_CBAPhysicalDevice = -1;
static gint ett_coclass_CBAPhysicalDevice = -1;
static e_uuid_t uuid_coclass_CBAPhysicalDevice = { 0xcba00000, 0x6c97, 0x11d1, { 0x82, 0x71, 0x00, 0xa0, 0x24, 0x42, 0xdf, 0x7d } };
static guint16 ver_coclass_CBAPhysicalDevice = 0;
/* CBA interfaces */
@ -1122,12 +1118,6 @@ dissect_ICBAGroupError_GroupError_resp(tvbuff_t *tvb, int offset,
}
/* sub dissector table of ICBAPhysicalDevice class (fake only) */
static dcerpc_sub_dissector coclass_ICBAPhysicalDevice_dissectors[] = {
{ 0, NULL, NULL, NULL },
};
/* sub dissector table of ICBAPhysicalDevice / ICBAPhysicalDevice2 interface */
static dcerpc_sub_dissector ICBAPhysicalDevice_dissectors[] = {
{ 0, "QueryInterface", NULL, NULL },
@ -1457,11 +1447,6 @@ proto_register_dcom_cba (void)
{ "OldGroupError", "cba.grouperror_old", FT_UINT16, BASE_HEX, VALS(cba_grouperror_vals), 0x0, "", HFILL }},
};
ett[0] = &ett_coclass_CBAPhysicalDevice;
proto_coclass_CBAPhysicalDevice = proto_register_protocol ("CBAPhysicalDevice", "CBAPDev", "cba_pdev_class");
proto_register_subtree_array (ett, array_length (ett));
ett[0] = &ett_ICBAPhysicalDevice;
proto_ICBAPhysicalDevice = proto_register_protocol ("ICBAPhysicalDevice", "ICBAPDev", "cba_pdev");
proto_register_field_array(proto_ICBAPhysicalDevice, hf_cba_pdev_array, array_length(hf_cba_pdev_array));
@ -1540,10 +1525,8 @@ proto_register_dcom_cba (void)
void
proto_reg_handoff_dcom_cba (void)
{
/* Register the DCOM coclass */
dcom_register_server_coclass(proto_coclass_CBAPhysicalDevice, ett_coclass_CBAPhysicalDevice,
&uuid_coclass_CBAPhysicalDevice, ver_coclass_CBAPhysicalDevice,
coclass_ICBAPhysicalDevice_dissectors, hf_cba_opnum);
/* Register the CBA class ID */
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_coclass_CBAPhysicalDevice, "CBA", NULL);
/* Register the interfaces */
dcerpc_init_uuid(proto_ICBAPhysicalDevice, ett_ICBAPhysicalDevice,

4
epan/dissectors/packet-dcom-remact.c
View File

@ -78,7 +78,7 @@ dissect_remact_remote_activation_rqst(tvbuff_t *tvb, int offset,
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep,
hf_dcom_clsid, "CLSID", -1, &clsid);
hf_dcom_clsid, -1, &clsid);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
@ -106,7 +106,7 @@ dissect_remact_remote_activation_rqst(tvbuff_t *tvb, int offset,
u32ItemIdx = 1;
while (u32Interfaces--) {
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep,
hf_dcom_iid, "IID", u32ArraySize, &iid);
hf_dcom_iid, u32ItemIdx, &iid);
u32ItemIdx++;
}

2
epan/dissectors/packet-dcom-remunkn.c
View File

@ -120,7 +120,7 @@ dissect_remunk_remqueryinterface_rqst(tvbuff_t *tvb, int offset,
for (u32ItemIdx = 0; u32ArraySize--; u32ItemIdx++) {
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep,
hf_dcom_iid, "IID", u32ItemIdx+1, &iid);
hf_dcom_iid, u32ItemIdx+1, &iid);
if(call != NULL) {
call->iids[u32ItemIdx] = iid;
}

226
epan/dissectors/packet-dcom.c
View File

@ -215,8 +215,13 @@ static int hf_dcom_vt_bstr = -1;
static int hf_dcom_vt_byref = -1;
static int hf_dcom_vt_dispatch = -1;
static e_uuid_t uuid_debug_ext = { 0xf1f19680, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
static e_uuid_t uuid_ext_error_ext = { 0xf1f19681, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
static e_uuid_t uuid_debug_ext = { 0xf1f19680, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
static e_uuid_t uuid_ext_error_ext ={ 0xf1f19681, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
static e_uuid_t ipid_rem_unknown = { 0x00000131, 0x1234, 0x5678, { 0xCA, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
static e_uuid_t iid_unknown = { 0x00000000, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
static e_uuid_t uuid_null = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} };
static e_uuid_t iid_class_factory = { 0x00000001, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
GList *dcom_machines;
GList *dcom_interfaces;
@ -227,66 +232,7 @@ static const value_string dcom_thisthat_flag_vals[] = {
};
typedef struct _guid_key {
e_guid_t guid;
} guid_key;
typedef struct _guid_value {
const gchar *name;
void *private_data;
} guid_value;
GHashTable *guids=NULL;
static gint
guid_equal (gconstpointer k1, gconstpointer k2)
{
const guid_key *key1 = (const guid_key *)k1;
const guid_key *key2 = (const guid_key *)k2;
return ((memcmp (&key1->guid, &key2->guid, sizeof (e_guid_t)) == 0));
}
static guint
guid_hash (gconstpointer k)
{
const guid_key *key = (const guid_key *)k;
/* This isn't perfect, but the Data1 part of these is almost always
unique. */
return key->guid.data1;
}
void guid_add_name(e_guid_t *guid, gchar *name, void *private_data)
{
guid_key *key = g_malloc (sizeof (*key));
guid_value *value = g_malloc (sizeof (*value));
key->guid = *guid;
value->name = name;
value->private_data = private_data;
g_hash_table_insert (guids, key, value);
}
/* try to get registered name for this guid */
const gchar *guid_get_name(e_guid_t *guid)
{
guid_key key;
guid_value *value;
/* try to get registered guid "name" of if_id */
key.guid = *guid;
if ((value = g_hash_table_lookup (guids, &key)) != NULL) {
return value->name;
}
return NULL;
}
GHashTable *dcom_uuids=NULL;
void dcom_interface_dump(void) {
@ -781,7 +727,7 @@ dissect_dcom_extent(tvbuff_t *tvb, int offset,
hf_dcom_extent_id, &uuidExtend);
/* look for a registered uuid name */
if((uuid_name = guid_get_name( (e_guid_t *) &uuidExtend)) != NULL) {
if((uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuidExtend)) != NULL) {
proto_tree_add_guid_format_value(sub_tree, hf_dcom_extent_id, tvb,
offset, sizeof(e_uuid_t), (e_guid_t *) &uuidExtend, "%s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
uuid_name,
@ -1481,29 +1427,145 @@ dissect_dcom_VARIANT(tvbuff_t *tvb, int offset, packet_info *pinfo,
int
dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
dissect_dcom_UUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
int hfindex, const gchar *field_name, int field_index, e_uuid_t *uuid)
int hfindex, e_uuid_t *pdata)
{
const gchar *uuid_name;
proto_item *pi;
header_field_info *hfi;
e_uuid_t uuid;
#ifdef _WIN32
char uuid_name2[MAX_PATH];
#endif
/* XXX - this is far from being performance optimized! */
/* get the UUID, but don't put it into the tree */
offset = dissect_ndr_uuid_t(tvb, offset, pinfo, NULL, drep,
hfindex, &uuid);
/* look for a registered uuid name */
uuid_name = dcerpc_get_uuid_name(&uuid, 0);
if(uuid_name == NULL) {
uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuid);
}
#ifdef _WIN32
if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) {
uuid_name = uuid_name2;
}
#endif
/* add to the tree */
hfi = proto_registrar_get_nth(hfindex);
pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid, "%s: ", hfi->name);
/* give an expert info, if UUID is not known and not of a "temporary" kind */
if( uuid_name == NULL &&
strcmp(hfi->name, "Causality ID") != 0 &&
strcmp(hfi->name, "IPID") != 0)
{
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s",
hfi->name, guid_to_str( (e_guid_t *) &uuid));
}
if(uuid_name) {
proto_item_append_text(pi, "%s (", uuid_name);
}
proto_item_append_text(pi, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
if(uuid_name) {
proto_item_append_text(pi, ")", uuid_name);
}
if(pdata != NULL) {
*pdata = uuid;
}
return offset;
}
offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep,
int
dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
int hfindex, int field_index, e_uuid_t *uuid)
{
const gchar *uuid_name;
proto_item *pi;
header_field_info *hfi;
#ifdef _WIN32
char uuid_name2[MAX_PATH];
#endif
/* XXX - this is far from being performance optimized! */
/* get the UUID, but don't put it into the tree */
offset = dissect_ndr_uuid_t(tvb, offset, pinfo, NULL, drep,
hfindex, uuid);
/* look for a registered uuid name */
uuid_name = dcerpc_get_uuid_name(uuid, 0);
if(uuid_name == NULL) {
uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) uuid);
}
#ifdef _WIN32
if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) {
uuid_name = uuid_name2;
}
#endif
/* add to the tree */
hfi = proto_registrar_get_nth(hfindex);
pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) uuid, "%s", hfi->name);
/* give an expert info, if UUID is not known and not of a "temporary" kind */
if( uuid_name == NULL &&
strcmp(hfi->name, "Causality ID") != 0 &&
strcmp(hfi->name, "IPID") != 0)
{
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s",
hfi->name, guid_to_str( (e_guid_t *) uuid));
}
if (field_index != -1) {
proto_item_append_text(pi, "[%u]: ", field_index);
} else {
proto_item_append_text(pi, ": ", field_index);
}
if(uuid_name) {
proto_item_append_text(pi, "%s (", uuid_name);
}
proto_item_append_text(pi, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
uuid->Data1, uuid->Data2, uuid->Data3,
uuid->Data4[0], uuid->Data4[1],
uuid->Data4[2], uuid->Data4[3],
uuid->Data4[4], uuid->Data4[5],
uuid->Data4[6], uuid->Data4[7]);
if(uuid_name) {
proto_item_append_text(pi, ")", uuid_name);
}
/* update column info now */
if (check_col(pinfo->cinfo, COL_INFO)) {
/* XXX: improve it: getting the hash value is done the second time here */
/* look for a registered uuid name */
uuid_name = dcerpc_get_uuid_name(uuid, 0);
if (field_index != -1) {
col_append_fstr(pinfo->cinfo, COL_INFO, " %s[%u]=%s",
field_name, field_index, (uuid_name) ? uuid_name : "???");
hfi->name, field_index, (uuid_name) ? uuid_name : "???");
} else {
col_append_fstr(pinfo->cinfo, COL_INFO, " %s=%s",
field_name, (uuid_name) ? uuid_name : "???");
hfi->name, (uuid_name) ? uuid_name : "???");
}
}
@ -1724,6 +1786,7 @@ dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo,
guint32 first_ip = 0;
guint32 curr_ip = 0;
struct in_addr ipaddr;
proto_item *pi;
/* add subtree header */
@ -1750,7 +1813,7 @@ dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo,
u32Start = offset;
/* we don't know the (zero terminated) input length, use the buffer length instead */
offset = dcom_tvb_get_nwstringz0(tvb, offset, u32MaxStr, szStr, u32MaxStr, &isPrintable);
proto_tree_add_string(subsub_tree, hf_dcom_dualstringarray_string_network_addr,
pi = proto_tree_add_string(subsub_tree, hf_dcom_dualstringarray_string_network_addr,
tvb, u32Start, offset - u32Start, szStr);
/* convert ip address (if it is dotted decimal) */
@ -1769,7 +1832,7 @@ dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo,
first_ip = curr_ip;
} else {
if(first_ip != curr_ip) {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE,
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE,
"DUALSTRINGARRAY: multiple IP's %s %s",
ip_to_str( (char *) &first_ip), ip_to_str( (char *) &curr_ip));
}
@ -2262,10 +2325,15 @@ proto_register_dcom (void)
proto_register_field_array(proto_dcom, hf_dcom_sa_array, array_length(hf_dcom_sa_array));
proto_register_subtree_array (ett_dcom, array_length (ett_dcom));
guids = g_hash_table_new (guid_hash, guid_equal);
guid_add_name( (e_guid_t *) &uuid_debug_ext, "Debug Information Body Extension", NULL);
guid_add_name( (e_guid_t *) &uuid_ext_error_ext, "Extended Error Info Body Extension", NULL);
/* register some "well known" UUID's */
dcom_uuids = guids_new();
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_debug_ext, "Debug Information Body Extension", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_ext_error_ext, "Extended Error Info Body Extension", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &ipid_rem_unknown, "IRemUnknown", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &iid_unknown, "IUnknown", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_null, "NULL", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &iid_class_factory, "IClassFactory", NULL);
/* preferences */
dcom_module = prefs_register_protocol(proto_dcom, proto_reg_handoff_dcom);

14
epan/dissectors/packet-dcom.h
View File

@ -36,6 +36,8 @@ extern int hf_dcom_oxid;
extern int hf_dcom_oid;
extern int hf_dcom_ipid;
extern GHashTable *dcom_uuids;
/* preferences */
extern int dcom_prefs_display_unmarshalling_details;
@ -88,18 +90,24 @@ dissect_dcom_that(tvbuff_t *tvb, int offset,
#define dissect_dcom_DWORD dissect_ndr_uint32
#define dissect_dcom_I8 dissect_ndr_uint64
#define dissect_dcom_ID dissect_ndr_duint32
#define dissect_dcom_UUID dissect_ndr_uuid_t
#define dissect_dcom_FILETIME dissect_ndr_duint32 /* ToBeDone */
#define dissect_dcom_VARIANT_BOOL dissect_ndr_uint16
#define dissect_dcom_FLOAT dissect_ndr_float
#define dissect_dcom_DOUBLE dissect_ndr_double
#define dissect_dcom_DATE dissect_ndr_double
extern int
dissect_dcom_UUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
int hfindex, e_uuid_t *uuid);
extern int
dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
int hfindex, const gchar *field_name, int field_index, e_uuid_t *uuid);
extern const gchar* dcom_uuid_to_str(e_uuid_t *uuid);
int hfindex, int field_index, e_uuid_t *uuid);
extern const gchar*
dcom_uuid_to_str(e_uuid_t *uuid);
extern int
dissect_dcom_indexed_WORD(tvbuff_t *tvb, int offset, packet_info *pinfo,

88
epan/guid-utils.c Normal file
View File

@ -0,0 +1,88 @@
/* guid-utils.c
* GUID handling
*
* $Id$
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
*
* Copyright 1998 Gerald Combs
*
* MobileIPv6 support added by Tomislav Borosa <tomislav.borosa@siemens.hr>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <string.h>
#include <glib.h>
#include "guid-utils.h"
static gint
guid_equal (gconstpointer k1, gconstpointer k2)
{
const guid_key *key1 = (const guid_key *)k1;
const guid_key *key2 = (const guid_key *)k2;
return ((memcmp (&key1->guid, &key2->guid, sizeof (e_guid_t)) == 0));
}
static guint
guid_hash (gconstpointer k)
{
const guid_key *key = (const guid_key *)k;
/* This isn't perfect, but the Data1 part of these is almost always
unique. */
return key->guid.data1;
}
GHashTable *guids_new(void)
{
return g_hash_table_new (guid_hash, guid_equal);
}
void guids_add_guid(GHashTable *guids, e_guid_t *guid, gchar *name, void *private_data)
{
guid_key *key = g_malloc (sizeof (*key));
guid_value *value = g_malloc (sizeof (*value));
key->guid = *guid;
value->name = name;
g_hash_table_insert (guids, key, value);
}
/* try to get registered name for this guid */
const gchar *guids_get_guid_name(GHashTable *guids, e_guid_t *guid)
{
guid_key key;
guid_value *value;
/* try to get registered guid "name" of if_id */
key.guid = *guid;
if ((value = g_hash_table_lookup (guids, &key)) != NULL) {
return value->name;
}
return NULL;
}

19
epan/guid-utils.h
View File

@ -39,4 +39,23 @@ typedef struct _e_guid_t {
guint8 data4[8];
} e_guid_t;
/* GUID "registry" */
typedef struct _guid_key {
e_guid_t guid;
} guid_key;
typedef struct _guid_value {
const gchar *name;
} guid_value;
extern GHashTable *guids_new(void);
/* add a GUID (don't forget to init the GHashTable) */
extern void guids_add_guid(GHashTable *guids, e_guid_t *guid, gchar *name, void *private_data);
/* try to get registered name for this guid */
extern const gchar *guids_get_guid_name(GHashTable *guids, e_guid_t *guid);
#endif /* __GUID_UTILS_H__ */