Added Uwe's update to RPC.

svn path=/trunk/; revision=1069
1999-11-19 13:09:56 +00:00 · 1999-11-19 13:09:56 +00:00 · f8f41fe3c6
parent 8963fabad6
commit f8f41fe3c6
6 changed files with 354 additions and 54 deletions
--- a/packet-mount.c
+++ b/packet-mount.c
@ -1,7 +1,7 @@
 /* packet-mount.c
 * Routines for mount dissection
 *
- * $Id: packet-mount.c,v 1.4 1999/11/16 11:42:38 guy Exp $
+ * $Id: packet-mount.c,v 1.5 1999/11/19 13:09:55 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@unicom.net>
@ -36,10 +36,14 @@

 #include "packet-rpc.h"
 #include "packet-mount.h"
+#include "packet-nfs.h"


 static int proto_mount = -1;
 static int hf_mount_path = -1;
+static int hf_mount_status = -1;
+static int hf_mount_flavors = -1;
+static int hf_mount_flavor = -1;

 static gint ett_mount = -1;

@ -75,11 +79,82 @@ const vsff mount1_proc[] = {
 /* end of mount version 1 */


+/* RFC 1813, Page 107 */
+const value_string mount3_mountstat3[] = 
+{
+	{	0,	"OK" },
+	{	1,	"ERR_PERM" },
+	{	2,	"ERR_NOENT" },
+	{	5,	"ERR_IO" },
+	{	13,	"ERR_ACCESS" },
+	{	20,	"ERR_NOTDIR" },
+	{	22,	"ERR_INVAL" },
+	{	63,	"ERR_NAMETOOLONG" },
+	{	10004,	"ERR_NOTSUPP" },
+	{	10006,	"ERR_SERVERFAULT" },
+	{	0,	NULL }
+};
+
+
+/* RFC 1813, Page 107 */
+int
+dissect_mountstat3(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,
+	int hfindex, guint32* status)
+{
+	guint32 mountstat3;
+
+	if (!BYTES_ARE_IN_FRAME(offset,4)) return offset;
+	mountstat3 = EXTRACT_UINT(pd, offset+0);
+
+	if (tree) {
+		proto_tree_add_item(tree, hfindex, offset, 4, mountstat3);
+	}
+	
+	offset += 4;
+	*status = mountstat3;
+	return offset;
+}
+
+
+/* RFC 1831, Page 109 */
+int dissect_mount3_mnt_reply(const u_char *pd, int offset, frame_data *fd,
+	proto_tree *tree)
+{
+	guint32 status;
+	guint32 auth_flavors;
+	guint32 auth_flavor;
+	guint32 auth_flavor_i;
+	
+	offset = dissect_mountstat3(pd, offset, fd, tree, hf_mount_status, &status);
+	switch (status) {
+		case 0:
+			offset = dissect_nfs_fh3(pd,offset,fd,tree,"fhandle");
+			if (!BYTES_ARE_IN_FRAME(offset,4)) return offset;
+			auth_flavors = EXTRACT_UINT(pd,offset+0);
+			proto_tree_add_item(tree,hf_mount_flavors,
+				offset, 4, auth_flavors);
+			offset += 4;
+			for (auth_flavor_i = 0 ; auth_flavor_i < hf_mount_flavors ; auth_flavor_i++) {
+				if (!BYTES_ARE_IN_FRAME(offset,4)) return offset;
+				auth_flavor = EXTRACT_UINT(pd,offset+0);
+				proto_tree_add_item(tree,hf_mount_flavor,
+					offset, 4, auth_flavor);
+				offset += 4;
+			}
+		break;
+		default:
+			/* void */
+		break;
+	}
+	
+	return offset;
+}
+
 /* Mount protocol version 3, RFC 1813 */
 const vsff mount3_proc[] = {
 	{ 0, "NULL", NULL, NULL },
 	{ MOUNTPROC_MNT, "MNT",
-		dissect_mount_dirpath_call, NULL },
+		dissect_mount_dirpath_call, dissect_mount3_mnt_reply },
 	{ MOUNTPROC_DUMP, "DUMP",
 		NULL, NULL },
 	{ MOUNTPROC_UMNT, "UMNT",
@ -100,6 +175,15 @@ proto_register_mount(void)
 		{ &hf_mount_path, {
 			"Path", "mount.path", FT_STRING, BASE_DEC,
 			NULL, 0, "Path" }},
+		{ &hf_mount_status, {
+			"Status", "mount.status", FT_UINT32, BASE_DEC,
+			mount3_mountstat3, 0, "Status" }},
+		{ &hf_mount_flavors, {
+			"Flavors", "mount.flavors", FT_UINT32, BASE_DEC,
+			NULL, 0, "Flavors" }},
+		{ &hf_mount_flavor, {
+			"Flavor", "mount.flavor", FT_UINT32, BASE_DEC,
+			rpc_auth_flavor, 0, "Flavor" }},
 	};
 	static gint *ett[] = {
 		&ett_mount,
--- a/packet-nfs.c
+++ b/packet-nfs.c
@ -2,7 +2,7 @@
 * Routines for nfs dissection
 * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
 *
- * $Id: packet-nfs.c,v 1.5 1999/11/16 11:42:41 guy Exp $
+ * $Id: packet-nfs.c,v 1.6 1999/11/19 13:09:55 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@unicom.net>
@ -442,7 +442,7 @@ dissect_nfs2_setattr_reply(const u_char* pd, int offset, frame_data* fd, proto_t
 const vsff nfs2_proc[] = {
 	{ 0,	"NULL",		NULL,				NULL },
 	{ 1,	"GETATTR",	dissect_nfs2_getattr_call,	dissect_nfs2_getattr_reply },
-	{ 2,	"SETATTR",	dissect_nfs2_any_call,		dissect_nfs2_setattr_reply },
+	{ 2,	"SETATTR",	dissect_nfs2_setattr_call,	dissect_nfs2_setattr_reply },
 	{ 3,	"ROOT",		NULL,				NULL },
 	{ 4,	"LOOKUP",	dissect_nfs2_any_call,		dissect_nfs2_any_reply },
 	{ 5,	"READLINK",	dissect_nfs2_any_call,		dissect_nfs2_any_reply },
@ -723,18 +723,18 @@ dissect_specdata3(const u_char *pd, int offset, frame_data *fd, proto_tree *tree
 int
 dissect_nfs_fh3(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, char* name)
 {
-	guint fh_len;
-	guint fh_len_full;
-	guint fh_fill;
+	guint fh3_len;
+	guint fh3_len_full;
+	guint fh3_fill;
 	proto_item* fitem;
 	proto_tree* ftree = NULL;

-	fh_len = EXTRACT_UINT(pd, offset+0);
-	fh_len_full = rpc_roundup(fh_len);
-	fh_fill = fh_len_full - fh_len;
+	fh3_len = EXTRACT_UINT(pd, offset+0);
+	fh3_len_full = rpc_roundup(fh3_len);
+	fh3_fill = fh3_len_full - fh3_len;
 	
 	if (tree) {
-		fitem = proto_tree_add_text(tree, offset, 4+fh_len_full,
+		fitem = proto_tree_add_text(tree, offset, 4+fh3_len_full,
 			"%s", name);
 		if (fitem)
 			ftree = proto_item_add_subtree(fitem, ett_nfs_fh3);
@ -742,14 +742,14 @@ dissect_nfs_fh3(const u_char *pd, int offset, frame_data *fd, proto_tree *tree,

 	if (ftree) {
 		proto_tree_add_text(ftree,offset+0,4,
-					"length: %u", fh_len);
-		proto_tree_add_text(ftree,offset+4,fh_len,
+					"length: %u", fh3_len);
+		proto_tree_add_text(ftree,offset+4,fh3_len,
 					"file handle (opaque data)");
-		if (fh_fill)
-			proto_tree_add_text(ftree,offset+4+fh_len,fh_fill,
+		if (fh3_fill)
+			proto_tree_add_text(ftree,offset+4+fh3_len,fh3_fill,
 				"fill bytes");
 	}
-	offset += 4 + fh_len_full;
+	offset += 4 + fh3_len_full;
 	return offset;
 }

--- a/packet-portmap.c
+++ b/packet-portmap.c
@ -1,7 +1,7 @@
 /* packet-portmap.c
 * Routines for portmap dissection
 *
- * $Id: packet-portmap.c,v 1.7 1999/11/16 11:42:47 guy Exp $
+ * $Id: packet-portmap.c,v 1.8 1999/11/19 13:09:56 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@unicom.net>
@ -37,6 +37,7 @@
 #include "packet-rpc.h"
 #include "packet-portmap.h"

+
 static int proto_portmap = -1;
 static int hf_portmap_proto = -1;
 static int hf_portmap_prog = -1;
@ -44,8 +45,22 @@ static int hf_portmap_proc = -1;
 static int hf_portmap_version = -1;
 static int hf_portmap_port = -1;
 static int hf_portmap_answer = -1;
+static int hf_portmap_rpcb = -1;
+static int hf_portmap_rpcb_prog = -1;
+static int hf_portmap_rpcb_version = -1;
+static int hf_portmap_rpcb_netid = -1;
+static int hf_portmap_rpcb_addr = -1;
+static int hf_portmap_rpcb_owner = -1;
+static int hf_portmap_uaddr = -1;
+static int hf_portmap_value_follows = -1;
+

 static gint ett_portmap = -1;
+static gint ett_portmap_rpcb = -1;
+
+
+static struct true_false_string yesno = { "Yes", "No" };
+

 /* Dissect a getport call */
 int dissect_getport_call(const u_char *pd, int offset, frame_data *fd,
@ -59,14 +74,14 @@ int dissect_getport_call(const u_char *pd, int offset, frame_data *fd,
 	{
 		prog = pntohl(&pd[offset+0]);
 		proto_tree_add_item_format(tree, hf_portmap_prog,
-			offset, 4, prog, "Program: %s (%d)",
+			offset, 4, prog, "Program: %s (%u)",
 			rpc_prog_name(prog), prog);
 		proto_tree_add_item(tree, hf_portmap_version,
 			offset+4, 4, pntohl(&pd[offset+4]));

 		proto = pntohl(&pd[offset+8]);
 		proto_tree_add_item_format(tree, hf_portmap_proto,
-			offset+8, 4, proto, "Proto: %s (%d)", ipprotostr(proto), proto);
+			offset+8, 4, proto, "Proto: %s (%u)", ipprotostr(proto), proto);

 		proto_tree_add_item(tree, hf_portmap_port,
 			offset+12, 4, pntohl(&pd[offset+12]));
@ -188,6 +203,95 @@ const vsff portmap2_proc[] = {
 /* end of Portmap version 2 */


+/* RFC 1833, Page 3 */
+int dissect_rpcb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int hfindex)
+{
+	proto_item* rpcb_item = NULL;
+	proto_tree* rpcb_tree = NULL;
+	int old_offset = offset;
+	guint32 prog;
+	guint32 version;
+
+	if (tree) {
+		rpcb_item = proto_tree_add_item(tree, hfindex,
+			offset+0, END_OF_FRAME, NULL);
+		if (rpcb_item)
+			rpcb_tree = proto_item_add_subtree(rpcb_item, ett_portmap_rpcb);
+	}
+
+	if (!BYTES_ARE_IN_FRAME(offset, 4)) return offset;
+	prog = EXTRACT_UINT(pd, offset + 0);
+	if (rpcb_tree)
+		proto_tree_add_item_format(rpcb_tree, hf_portmap_rpcb_prog,
+			offset+0, 4, prog, 
+			"Program: %s (%u)", rpc_prog_name(prog), prog);
+	offset += 4;
+
+	if (!BYTES_ARE_IN_FRAME(offset, 4)) return offset;
+	version = EXTRACT_UINT(pd, offset + 0);
+	if (rpcb_tree)
+		proto_tree_add_item(rpcb_tree, hf_portmap_rpcb_version,
+			offset+0, 4, version);
+	offset += 4;
+
+	offset = dissect_rpc_string(pd, offset, fd, rpcb_tree, hf_portmap_rpcb_netid);
+	offset = dissect_rpc_string(pd, offset, fd, rpcb_tree, hf_portmap_rpcb_addr);
+	offset = dissect_rpc_string(pd, offset, fd, rpcb_tree, hf_portmap_rpcb_owner);
+
+	/* now we know, that rpcb is shorter */
+	if (rpcb_item) {
+		proto_item_set_len(rpcb_item, offset - old_offset);
+	}
+
+	return offset;
+}
+
+
+
+/* RFC 1833, Page 7 */
+int dissect_rpcb3_getaddr_call(const u_char *pd, int offset, frame_data *fd,
+	proto_tree *tree)
+{
+	offset = dissect_rpcb(pd, offset, fd, tree, hf_portmap_rpcb);
+
+	return offset;
+}
+
+
+/* RFC 1833, Page 7 */
+int dissect_rpcb3_getaddr_reply(const u_char *pd, int offset, frame_data *fd,
+	proto_tree *tree)
+{
+	offset = dissect_rpc_string(pd, offset, fd, tree, hf_portmap_uaddr);
+
+	return offset;
+}
+
+
+/* RFC 1833, Page 7 */
+int dissect_rpcb3_dump_reply(const u_char *pd, int offset, frame_data *fd,
+	proto_tree *tree)
+{
+	guint32 value_follows;
+	
+	while (1) {
+		if (!BYTES_ARE_IN_FRAME(offset,4)) break;
+		value_follows = EXTRACT_UINT(pd, offset+0);
+		proto_tree_add_item(tree,hf_portmap_value_follows,
+			offset+0, 4, value_follows);
+		offset += 4;
+		if (value_follows == 1) {
+			offset = dissect_rpcb(pd, offset, fd, tree, hf_portmap_rpcb);
+		}
+		else {
+			break;
+		}
+	}
+
+	return offset;
+}
+
+
 /* Portmapper version 3, RFC 1833, Page 7 */
 const vsff portmap3_proc[] = {
 	{ RPCBPROC_NULL,	"NULL",
@ -197,9 +301,9 @@ const vsff portmap3_proc[] = {
 	{ RPCBPROC_UNSET,	"UNSET",
 		NULL, NULL },
 	{ RPCBPROC_GETADDR,	"GETADDR",
-		NULL, NULL},
+		dissect_rpcb3_getaddr_call, dissect_rpcb3_getaddr_reply},
 	{ RPCBPROC_DUMP,	"DUMP",
-		NULL, NULL },
+		NULL, dissect_rpcb3_dump_reply },
 	{ RPCBPROC_CALLIT,	"CALLIT",
 		NULL, NULL },
 	{ RPCBPROC_GETTIME,	"GETTIME",
@ -222,9 +326,9 @@ const vsff portmap4_proc[] = {
 	{ RPCBPROC_UNSET,	"UNSET",
 		NULL, NULL },
 	{ RPCBPROC_GETADDR,	"GETADDR",
-		NULL, NULL},
+		dissect_rpcb3_getaddr_call, dissect_rpcb3_getaddr_reply},
 	{ RPCBPROC_DUMP,	"DUMP",
-		NULL, NULL },
+		NULL, dissect_rpcb3_dump_reply },
 	{ RPCBPROC_BCAST,	"BCAST",
 		NULL, NULL },
 	{ RPCBPROC_GETTIME,	"GETTIME",
@ -267,9 +371,34 @@ proto_register_portmap(void)
 		{ &hf_portmap_answer, {
 			"Answer", "portmap.answer", FT_BOOLEAN, BASE_DEC,
 			NULL, 0, "Answer" }},
+		{ &hf_portmap_rpcb, {
+			"RPCB", "portmap.rpcb", FT_NONE, 0,
+			NULL, 0, "RPCB" }},
+		{ &hf_portmap_rpcb_prog, {
+			"Program", "portmap.rpcb.prog", FT_UINT32, BASE_DEC,
+			NULL, 0, "Program" }},
+		{ &hf_portmap_rpcb_version, {
+			"Version", "portmap.rpcb.version", FT_UINT32, BASE_DEC,
+			NULL, 0, "Version" }},
+		{ &hf_portmap_rpcb_netid, {
+			"Network Id", "portmap.rpcb.netid", FT_STRING, BASE_DEC,
+			NULL, 0, "Network Id" }},
+		{ &hf_portmap_rpcb_addr, {
+			"Universal Address", "portmap.rpcb.addr", FT_STRING, BASE_DEC,
+			NULL, 0, "Universal Address" }},
+		{ &hf_portmap_rpcb_owner, {
+			"Owner of this Service", "portmap.rpcb.owner", FT_STRING, BASE_DEC,
+			NULL, 0, "Owner of this Service" }},
+		{ &hf_portmap_uaddr, {
+			"Universal Address", "portmap.uaddr", FT_STRING, BASE_DEC,
+			NULL, 0, "Universal Address" }},
+		{ &hf_portmap_value_follows, {
+			"Value Follows", "portmap.value_follows", FT_BOOLEAN, BASE_NONE,
+			&yesno, 0, "Value Follows" }},
 	};
 	static gint *ett[] = {
 		&ett_portmap,
+		&ett_portmap_rpcb
 	};

 	proto_portmap = proto_register_protocol("Portmap", "portmap");
--- a/packet-rpc.c
+++ b/packet-rpc.c
@ -2,7 +2,7 @@
 * Routines for rpc dissection
 * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
 * 
- * $Id: packet-rpc.c,v 1.17 1999/11/17 21:58:32 guy Exp $
+ * $Id: packet-rpc.c,v 1.18 1999/11/19 13:09:56 gram Exp $
 * 
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@unicom.net>
@ -42,6 +42,11 @@
 #include "packet-rpc.h"


+#define RPC_RM_FRAGLEN  0x7fffffffL
+
+static struct true_false_string yesno = { "Yes", "No" };
+
+
 static const value_string rpc_msg_type[3] = {
 	{ RPC_CALL, "Call" },
 	{ RPC_REPLY, "Reply" },
@ -54,7 +59,7 @@ static const value_string rpc_reply_state[3] = {
 	{ 0, NULL }
 };

-static const value_string rpc_auth_flavor[5] = {
+value_string rpc_auth_flavor[] = {
 	{ AUTH_NULL, "AUTH_NULL" },
 	{ AUTH_UNIX, "AUTH_UNIX" },
 	{ AUTH_SHORT, "AUTH_SHORT" },
@ -89,6 +94,8 @@ static const value_string rpc_auth_state[6] = {

 /* the protocol number */
 static int proto_rpc = -1;
+static int hf_rpc_lastfrag = -1;
+static int hf_rpc_fraglen = -1;
 static int hf_rpc_xid = -1;
 static int hf_rpc_msgtype = -1;
 static int hf_rpc_version = -1;
@ -378,33 +385,66 @@ char* name, char* type)
 }


-
-/* arbitrary limit */
-#define RPC_STRING_MAXBUF 2048
-
 int
 dissect_rpc_string(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int hfindex)
 {
-	proto_item *string_item;
+	proto_item *string_item = NULL;
 	proto_tree *string_tree = NULL;
+	int old_offset = offset;

-	guint32 string_length;
-	guint32 string_fill;
+	int truncated_length = 0;
+	guint32 string_length = 0;
+	guint32 string_length_packet;
+	guint32 string_length_copy = 0;
 	guint32 string_length_full;
-	char string_buffer[RPC_STRING_MAXBUF];
+	guint32 string_fill = 0;
+	char *string_buffer = NULL;
+	char *string_buffer_print = NULL;
+
+	if (BYTES_ARE_IN_FRAME(offset,4)) {
+		string_length = EXTRACT_UINT(pd,offset+0);
+		string_length_full = rpc_roundup(string_length);
+		string_length_packet = pi.captured_len - (offset + 4);
+		if (string_length > string_length_packet) {
+			string_length_copy = string_length_packet;
+			string_fill = 0;
+		}
+		else {
+			string_length_copy = string_length;
+			string_fill = string_length_full - string_length;
+		}
+		string_buffer = (char*)g_malloc(string_length_copy + 1);
+		memcpy(string_buffer,pd+offset+4,string_length_copy);
+		string_buffer[string_length_copy] = '\0';
+
+		/* I use here strdup functions. This works only, if the
+		   string does not contain 0 bytes. */
+
+		/* calculate a nice printable string */
+		if (string_length) {
+			if (string_length != string_length_copy) {
+				string_buffer_print = (char*)g_malloc(string_length_copy + 1 + 12);
+				memcpy(string_buffer_print,string_buffer,string_length_copy);
+				memcpy(string_buffer_print+string_length_copy,
+					"<TRUNCATED>", 12);
+			}
+			else {
+				string_buffer_print = g_strdup(string_buffer);
+			}
+		}
+		else {
+			string_buffer_print = g_strdup("<EMPTY>");
+		}
+	}
+	else {
+		truncated_length = 1;
+		string_buffer = g_strdup("");
+		string_buffer_print = g_strdup("<TRUNCATED>");
+	}

-	if (!BYTES_ARE_IN_FRAME(offset,4)) return offset;
-	string_length = EXTRACT_UINT(pd,offset+0);
-	string_length_full = rpc_roundup(string_length);
-	string_fill = string_length_full - string_length;
-	if (!BYTES_ARE_IN_FRAME(offset+4,string_length_full)) return offset;
-	if (string_length>=sizeof(string_buffer)) return offset;
-	memcpy(string_buffer,pd+offset+4,string_length);
-	string_buffer[string_length] = '\0';
 	if (tree) {
-		string_item = proto_tree_add_text(tree,offset+0,
-			4+string_length_full,
-			"%s: %s", proto_registrar_get_name(hfindex), string_buffer);
+		string_item = proto_tree_add_text(tree,offset+0, END_OF_FRAME,
+			"%s: %s", proto_registrar_get_name(hfindex), string_buffer_print);
 		proto_tree_add_item_hidden(tree, hfindex, offset+4,
 			string_length, string_buffer);
 		if (string_item) {
@ -412,16 +452,33 @@ dissect_rpc_string(const u_char *pd, int offset, frame_data *fd, proto_tree *tre
 		}
 	}
 	if (string_tree) {
-		proto_tree_add_text(string_tree,offset+0,4,
-			"length: %u", string_length);
-		proto_tree_add_text(string_tree,offset+4,string_length,
-			"text: %s", string_buffer);
-		if (string_fill)
-			proto_tree_add_text(string_tree,offset+4+string_length,string_fill,
+		if (truncated_length) {
+			proto_tree_add_text(string_tree,
+				offset,pi.captured_len-offset,
+				"length: <TRUNCATED>");
+			offset = pi.captured_len;
+		}
+		else {
+			proto_tree_add_text(string_tree,offset+0,4,
+				"length: %u", string_length);
+			offset += 4;
+		}
+		proto_tree_add_text(string_tree,offset,string_length_copy,
+			"text: %s", string_buffer_print);
+		offset += string_length_copy;
+		if (string_fill) {
+			proto_tree_add_text(string_tree,offset,string_fill,
 				"fill bytes: opaque data");
+			offset += string_fill;
+		}
 	}

-	offset += 4 + string_length_full;
+	if (string_item) {
+		proto_item_set_len(string_item, offset - old_offset);
+	}
+
+	if (string_buffer       != NULL) g_free (string_buffer      );
+	if (string_buffer_print != NULL) g_free (string_buffer_print);
 	return offset;
 }

@ -613,6 +670,9 @@ dissect_rpc( const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
 	proto_tree *ptree = NULL;
 	int offset_old = offset;

+	int use_rm = 0;
+	guint32 rpc_rm = 0;
+
 	rpc_call_info	rpc_call_msg;
 	rpc_proc_info_key	key;
 	rpc_proc_info_value	*value = NULL;
@ -621,6 +681,17 @@ dissect_rpc( const u_char *pd, int offset, frame_data *fd, proto_tree *tree)

 	dissect_function_t *dissect_function = NULL;

+	/* TCP uses record marking */
+	use_rm = (pi.ptype == PT_TCP);
+
+	/* the first 4 bytes are special in "record marking  mode" */
+	if (use_rm) {
+		if (!BYTES_ARE_IN_FRAME(offset,4))
+			return FALSE;
+		rpc_rm = EXTRACT_UINT(pd,offset);
+		offset += 4;
+	}
+
 	/*
 	 * Check to see whether this looks like an RPC call or reply.
 	 */
@ -700,6 +771,13 @@ dissect_rpc( const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
 		}
 	}

+	if (use_rm && rpc_tree) {
+		proto_tree_add_item(rpc_tree,hf_rpc_lastfrag,
+			offset-4, 4, (rpc_rm >> 31) & 0x1);
+		proto_tree_add_item(rpc_tree,hf_rpc_fraglen,
+			offset-4, 4, rpc_rm & RPC_RM_FRAGLEN);
+	}
+
 	xid      = EXTRACT_UINT(pd,offset+0);
 	if (rpc_tree) {
 		proto_tree_add_item_format(rpc_tree,hf_rpc_xid,
@ -1015,6 +1093,7 @@ dissect_rpc_prog:
 	return TRUE;
 }

+
 /* Discard any state we've saved. */
 static void
 rpc_init_protocol(void)
@ -1030,6 +1109,12 @@ void
 proto_register_rpc(void)
 {
 	static hf_register_info hf[] = {
+		{ &hf_rpc_lastfrag, {
+			"Last Fragment", "rpc.lastfrag", FT_BOOLEAN, BASE_NONE,
+			&yesno, 0, "Last Fragment" }},
+		{ &hf_rpc_fraglen, {
+			"Fragment Length", "rpc.fraglen", FT_UINT32, BASE_DEC,
+			NULL, 0, "Fragment Length" }},
 		{ &hf_rpc_xid, {
 			"XID", "rpc.xid", FT_UINT32, BASE_HEX,
 			NULL, 0, "XID" }},
--- a/packet-rpc.h
+++ b/packet-rpc.h
@ -1,5 +1,5 @@
 /* packet-rpc.h (c) 1999 Uwe Girlich */
-/* $Id: packet-rpc.h,v 1.7 1999/11/16 11:42:52 guy Exp $ */
+/* $Id: packet-rpc.h,v 1.8 1999/11/19 13:09:56 gram Exp $ */

 #ifndef __PACKET_RPC_H__
 #define __PACKET_RPC_H__
@ -84,6 +84,8 @@ typedef struct _rpc_call_info {

 #define RPC_CALL_TABLE_LENGTH 1000

+extern value_string rpc_auth_flavor[];
+
 extern void rpc_call_insert(rpc_call_info *call);
 extern rpc_call_info* rpc_call_lookup(rpc_call_info *call);

--- a/packet-tcp.c
+++ b/packet-tcp.c
@ -1,7 +1,7 @@
 /* packet-tcp.c
 * Routines for TCP packet disassembly
 *
- * $Id: packet-tcp.c,v 1.44 1999/11/16 11:42:59 guy Exp $
+ * $Id: packet-tcp.c,v 1.45 1999/11/19 13:09:56 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -476,7 +476,7 @@ dissect_tcp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
     (it could be an ACK-only packet) */
  if (packet_max > offset) {

-    /* ONC RPC.  We can't base this on anything in the UDP header; we have
+    /* ONC RPC.  We can't base this on anything in the TCP header; we have
       to look at the payload.  If "dissect_rpc()" returns TRUE, it was
       an RPC packet, otherwise it's some other type of packet. */
    if (dissect_rpc(pd, offset, fd, tree))