search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-dtpt.c
blob477ecb9ea4fe95b520ec19bdf4a0942c2977f1c7
1 /* packet-dtpt.c
2 * Routines for Microsoft ActiveSync Desktop Pass-Through (DTPT) packet
3 * dissection
4 *
5 * Uwe Girlich <uwe@planetquake.com>
6 * http://www.synce.org/moin/ProtocolDocumentation/DesktopPassThrough
7 *
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
11 *
12 * Copied from packet-quake.c
13 *
14 * SPDX-License-Identifier: GPL-2.0-or-later
15 */
16
17 #include "config.h"
18
19
20 #include <epan/packet.h>
21 #include <epan/conversation.h>
22 #include <epan/to_str.h>
23 #include <epan/aftypes.h>
24 #include <epan/ipproto.h>
25 #include <epan/tfs.h>
26
27 void proto_register_dtpt(void);
28
29 static int proto_dtpt;
30
31 static int hf_dtpt_version;
32 static int hf_dtpt_message_type;
33 static int hf_dtpt_flags;
34 static int hf_dtpt_flags_deep;
35 static int hf_dtpt_flags_containers;
36 static int hf_dtpt_flags_nocontainers;
37 static int hf_dtpt_flags_nearest;
38 static int hf_dtpt_flags_return_name;
39 static int hf_dtpt_flags_return_type;
40 static int hf_dtpt_flags_return_version;
41 static int hf_dtpt_flags_return_comment;
42 static int hf_dtpt_flags_return_addr;
43 static int hf_dtpt_flags_return_blob;
44 static int hf_dtpt_flags_return_aliases;
45 static int hf_dtpt_flags_return_query_string;
46 static int hf_dtpt_flags_flushcache;
47 static int hf_dtpt_flags_flushprevious;
48 static int hf_dtpt_flags_res_service;
49 static int hf_dtpt_payload_size;
50 static int hf_dtpt_handle;
51 static int hf_dtpt_error;
52 static int hf_dtpt_buffer_size;
53 static int hf_dtpt_data_size;
54 static int hf_dtpt_queryset_rawsize;
55 static int hf_dtpt_queryset_size;
56 static int hf_dtpt_queryset_service_instance_name_pointer;
57 static int hf_dtpt_queryset_service_class_id_pointer;
58 static int hf_dtpt_queryset_version;
59 static int hf_dtpt_queryset_comment_pointer;
60 static int hf_dtpt_queryset_namespace;
61 static int hf_dtpt_queryset_provider_id_pointer;
62 static int hf_dtpt_queryset_context_pointer;
63 static int hf_dtpt_queryset_protocols_number;
64 static int hf_dtpt_queryset_protocols_pointer;
65 static int hf_dtpt_queryset_query_string_pointer;
66 static int hf_dtpt_queryset_cs_addrs_number;
67 static int hf_dtpt_queryset_cs_addrs_pointer;
68 static int hf_dtpt_queryset_output_flags;
69 static int hf_dtpt_queryset_blob_pointer;
70 static int hf_dtpt_wstring_length;
71 static int hf_dtpt_wstring_data;
72 static int hf_dtpt_guid_length;
73 static int hf_dtpt_guid_data;
74 static int hf_dtpt_service_instance_name;
75 static int hf_dtpt_service_class_id;
76 static int hf_dtpt_comment;
77 static int hf_dtpt_ns_provider_id;
78 static int hf_dtpt_context;
79 static int hf_dtpt_protocols_number;
80 static int hf_dtpt_protocols_length;
81 static int hf_dtpt_protocol_family;
82 static int hf_dtpt_protocol_protocol;
83 static int hf_dtpt_query_string;
84 static int hf_dtpt_cs_addrs_number;
85 static int hf_dtpt_cs_addrs_length1;
86 static int hf_dtpt_cs_addr_socket_type;
87 static int hf_dtpt_cs_addr_protocol;
88 static int hf_dtpt_cs_addr_local_pointer;
89 static int hf_dtpt_cs_addr_local_length;
90 static int hf_dtpt_cs_addr_local;
91 static int hf_dtpt_cs_addr_remote_pointer;
92 static int hf_dtpt_cs_addr_remote_length;
93 static int hf_dtpt_cs_addr_remote;
94 static int hf_dtpt_sockaddr_length;
95 static int hf_dtpt_sockaddr_family;
96 static int hf_dtpt_sockaddr_port;
97 static int hf_dtpt_sockaddr_address;
98 static int hf_dtpt_blob_rawsize;
99 static int hf_dtpt_blob_size;
100 static int hf_dtpt_blob_data_pointer;
101 static int hf_dtpt_blob_data_length;
102 static int hf_dtpt_blob_data;
103 static int hf_dtpt_connect_addr;
104 static int hf_dtpt_padding;
105
106 static int ett_dtpt;
107 static int ett_dtpt_flags;
108 static int ett_dtpt_queryset;
109 static int ett_dtpt_wstring;
110 static int ett_dtpt_guid;
111 static int ett_dtpt_protocols;
112 static int ett_dtpt_protocol;
113 static int ett_dtpt_cs_addrs;
114 static int ett_dtpt_cs_addr1;
115 static int ett_dtpt_cs_addr2;
116 static int ett_dtpt_sockaddr;
117 static int ett_dtpt_blobraw;
118 static int ett_dtpt_blob;
119
120
121
122 static dissector_handle_t dtpt_handle;
123 static dissector_handle_t dtpt_conversation_handle;
124 /** static dissector_handle_t dtpt_data_handle; **/
125
126
127 /* Server port */
128 #define TCP_SERVER_PORT 5721
129
130 static const value_string names_message_type[] = {
131 #define LookupBeginRequest 9
132 { LookupBeginRequest, "LookupBeginRequest" },
133 #define LookupBeginResponse 10
134 { LookupBeginResponse, "LookupBeginResponse" },
135 #define LookupNextRequest 11
136 { LookupNextRequest, "LookupNextRequest" },
137 #define LookupNextResponse 12
138 { LookupNextResponse, "LookupNextResponse" },
139 #define LookupEndRequest 13
140 { LookupEndRequest, "LookupEndRequest" },
141 #define ConnectRequest 1
142 { ConnectRequest, "ConnectRequest" },
143 #define ConnectResponseOK 0x5A
144 { ConnectResponseOK, "ConnectResponseOK" },
145 #define ConnectResponseERR 0x5B
146 { ConnectResponseERR, "ConnectResponseERR" },
147 { 0, NULL }
148 };
149
150 static const value_string names_error[] = {
151 { 0, "OK" },
152 { 10014, "WSAEFAULT" },
153 { 10060, "WSAETIMEDOUT" },
154 { 10108, "WSASERVICE_NOT_FOUND" },
155 { 11001, "WSAHOST_NOT_FOUND" },
156 { 0, NULL }
157 };
158
159 static const value_string names_family[] = {
160 { WINSOCK_AF_INET, "AF_INET" },
161 { 0, NULL }
162 };
163
164 /*
165 * Winsock's SOCK_ values. These are probably the same as they are on
166 * other OSes, as they probably all come from 4.2BSD, but it's still
167 * best to define them ourselves (to avoid problems if other OSes
168 * define them differently, and to avoid having to include system
169 * header files that might require a bunch of other includes).
170 */
171 #define WINSOCK_SOCK_STREAM 1
172 #define WINSOCK_SOCK_DGRAM 2
173 #define WINSOCK_SOCK_RAW 3
174
175 static const value_string names_socket_type[] = {
176 { WINSOCK_SOCK_STREAM, "SOCK_STREAM" },
177 { WINSOCK_SOCK_DGRAM, "SOCK_DGRAM" },
178 { WINSOCK_SOCK_RAW, "SOCK_RAW" },
179 { 0, NULL }
180 };
181
182 #define DTPT_PROTO_IP 0
183 #define DTPT_PROTO_TCP IP_PROTO_TCP
184 #define DTPT_PROTO_UDP IP_PROTO_UDP
185
186 static const value_string names_protocol[] = {
187 { DTPT_PROTO_IP, "IPPROTO_IP" },
188 { DTPT_PROTO_TCP, "IPPROTO_TCP" },
189 { DTPT_PROTO_UDP, "IPPROTP_UDP" },
190 { 0, NULL }
191 };
192
193 #define LUP_DEEP 0x00000001
194 #define LUP_CONTAINERS 0x00000002
195 #define LUP_NOCONTAINERS 0x00000004
196 #define LUP_NEAREST 0x00000008
197 #define LUP_RETURN_NAME 0x00000010
198 #define LUP_RETURN_TYPE 0x00000020
199 #define LUP_RETURN_VERSION 0x00000040
200 #define LUP_RETURN_COMMENT 0x00000080
201 #define LUP_RETURN_ADDR 0x00000100
202 #define LUP_RETURN_BLOB 0x00000200
203 #define LUP_RETURN_ALIASES 0x00000400
204 #define LUP_RETURN_QUERY_STRING 0x00000800
205 #define LUP_FLUSHCACHE 0x00001000
206 #define LUP_FLUSHPREVIOUS 0x00002000
207 #define LUP_RES_SERVICE 0x00008000
208
209 #define SOCKADDR_WITH_LEN 1
210 #define SOCKADDR_CONNECT 2
211
212 static int
213 dissect_dtpt_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
214 static int
215 dissect_dtpt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_);
216
217
218 static int
219 dissect_dtpt_wstring(tvbuff_t *tvb, unsigned offset, proto_tree *tree, packet_info *pinfo, int hfindex)
220 {
221 uint32_t wstring_length;
222 uint32_t wstring_size;
223 char *wstring_data = NULL;
224 uint32_t wstring_padding = 0;
225
226 wstring_length = tvb_get_letohl(tvb, offset);
227 wstring_data = tvb_get_string_enc(pinfo->pool, tvb, offset+4, wstring_length, ENC_UTF_16|ENC_LITTLE_ENDIAN);
228 wstring_size = wstring_length;
229 if (wstring_size%4) {
230 wstring_padding = (4-wstring_size%4);
231 wstring_size += wstring_padding;
232 }
233 if (tree) {
234 proto_item *dtpt_wstring_item;
235 proto_tree *dtpt_wstring_tree;
236 dtpt_wstring_item = proto_tree_add_string(tree, hfindex,
237 tvb, offset+0, 4+wstring_size, wstring_data);
238 dtpt_wstring_tree = proto_item_add_subtree(dtpt_wstring_item, ett_dtpt_wstring);
239 if (dtpt_wstring_tree) {
240 proto_tree_add_uint(dtpt_wstring_tree, hf_dtpt_wstring_length,
241 tvb, offset+0, 4, wstring_length);
242 if (wstring_length)
243 proto_tree_add_string(dtpt_wstring_tree, hf_dtpt_wstring_data,
244 tvb, offset+4, wstring_length, wstring_data);
245 if (wstring_padding)
246 proto_tree_add_item(dtpt_wstring_tree, hf_dtpt_padding, tvb,
247 offset+4+wstring_length,wstring_padding, ENC_NA);
248 }
249 }
250 offset += 4+wstring_size;
251 return offset;
252 }
253
254 static int
255 dissect_dtpt_guid(tvbuff_t *tvb, unsigned offset, proto_tree *tree, packet_info *pinfo, int hfindex)
256 {
257 uint32_t guid_length;
258
259 guid_length = tvb_get_letohl(tvb, offset);
260 if (tree) {
261 e_guid_t guid;
262 proto_item *dtpt_guid_item = NULL;
263 proto_tree *dtpt_guid_tree = NULL;
264 const char *guid_name = NULL;
265
266 if (guid_length) {
267 tvb_get_guid(tvb, offset+4, &guid, ENC_LITTLE_ENDIAN);
268 }
269 else {
270 memset(&guid, 0, sizeof(guid));
271 }
272 dtpt_guid_item = proto_tree_add_guid(tree, hfindex, tvb, offset, 4 + guid_length, &guid);
273 if (dtpt_guid_item) {
274 guid_name = guids_get_guid_name(&guid, pinfo->pool);
275 if (guid_name != NULL)
276 proto_item_set_text(dtpt_guid_item, "%s: %s (%s)",
277 proto_registrar_get_name(hfindex), guid_name, guid_to_str(pinfo->pool, &guid));
278 dtpt_guid_tree = proto_item_add_subtree(dtpt_guid_item, ett_dtpt_guid);
279 }
280 if (dtpt_guid_tree) {
281 proto_item *dtpt_guid_data_item = NULL;
282
283 proto_tree_add_uint(dtpt_guid_tree, hf_dtpt_guid_length,
284 tvb, offset, 4, guid_length);
285 if (guid_length) {
286 dtpt_guid_data_item = proto_tree_add_guid(dtpt_guid_tree, hf_dtpt_guid_data,
287 tvb, offset+4, guid_length, &guid);
288 if (guid_name != NULL && dtpt_guid_data_item != NULL) {
289 proto_item_set_text(dtpt_guid_data_item, "%s: %s (%s)",
290 proto_registrar_get_name(hf_dtpt_guid_data),
291 guid_name, guid_to_str(pinfo->pool, &guid));
292 }
293 }
294 }
295 }
296 offset+=4;
297 offset+=guid_length;
298
299 return offset;
300 }
301
302 static int
303 dissect_dtpt_sockaddr(tvbuff_t *tvb, unsigned offset, proto_tree *tree, packet_info *pinfo, int hfindex, int sockaddr_type)
304 {
305 uint32_t sockaddr_length = 0;
306 proto_item *sockaddr_item = NULL;
307 proto_tree *sockaddr_tree = NULL;
308 uint32_t sockaddr_len1 = 0;
309 uint32_t sockaddr_len2 = 0;
310
311 switch (sockaddr_type) {
312 case SOCKADDR_WITH_LEN:
313 sockaddr_len1=4;
314 sockaddr_len2=16;
315 break;
316 case SOCKADDR_CONNECT:
317 sockaddr_len1=0;
318 sockaddr_len2=30;
319 break;
320 }
321
322 if (sockaddr_type == SOCKADDR_WITH_LEN)
323 sockaddr_length = tvb_get_letohl(tvb, offset + 0);
324
325 if (tree) {
326 sockaddr_tree = proto_tree_add_subtree(tree, tvb, offset, sockaddr_len1+sockaddr_len2,
327 ett_dtpt_sockaddr, NULL, proto_registrar_get_name(hfindex));
328
329 if (sockaddr_type == SOCKADDR_WITH_LEN)
330 proto_tree_add_uint(sockaddr_tree, hf_dtpt_sockaddr_length,
331 tvb, offset+0, 4, sockaddr_length);
332 }
333
334 offset += sockaddr_len1;
335
336 if (sockaddr_tree) {
337 switch (sockaddr_type) {
338 case SOCKADDR_WITH_LEN: {
339 uint16_t family;
340
341 family = tvb_get_letohs(tvb, offset);
342 proto_tree_add_uint(sockaddr_tree, hf_dtpt_sockaddr_family,
343 tvb, offset, 2, family);
344 switch (family) {
345 case WINSOCK_AF_INET: {
346 uint16_t port;
347
348 port = tvb_get_ntohs(tvb,offset+2);
349 proto_tree_add_uint(sockaddr_tree, hf_dtpt_sockaddr_port,
350 tvb, offset+2,2,port);
351 proto_tree_add_item(sockaddr_tree, hf_dtpt_sockaddr_address,
352 tvb, offset+4,4,ENC_BIG_ENDIAN);
353 proto_tree_add_item(sockaddr_tree, hf_dtpt_padding, tvb, offset+8, 8, ENC_NA);
354 proto_item_append_text(sockaddr_item, ": %s:%d", tvb_ip_to_str(pinfo->pool, tvb,offset+4), port);
355 }
356 break;
357 }
358 }
359 break;
360 case SOCKADDR_CONNECT: {
361 uint32_t family;
362
363 family = tvb_get_letohl(tvb, offset+0);
364 proto_tree_add_uint(sockaddr_tree, hf_dtpt_sockaddr_family,
365 tvb, offset+0, 4, family);
366 switch (family) {
367 case WINSOCK_AF_INET: {
368 uint16_t port;
369
370 proto_tree_add_item(sockaddr_tree, hf_dtpt_padding, tvb, offset+4, 4, ENC_NA);
371 port = tvb_get_ntohs(tvb,offset+8);
372 proto_tree_add_uint(sockaddr_tree, hf_dtpt_sockaddr_port,
373 tvb, offset+8,2,port);
374 proto_tree_add_item(sockaddr_tree, hf_dtpt_sockaddr_address,
375 tvb, offset+10,4,ENC_BIG_ENDIAN);
376 proto_tree_add_item(sockaddr_tree, hf_dtpt_padding, tvb, offset+14, 16, ENC_NA);
377 proto_item_append_text(sockaddr_item, ": %s:%d", tvb_ip_to_str(pinfo->pool, tvb,offset+10), port);
378 }
379 break;
380 }
381 }
382 break;
383 }
384
385 }
386 offset += sockaddr_len2;
387 return offset;
388 }
389
390 static int
391 dissect_dtpt_conversation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
392 {
393 unsigned offset = 0;
394
395 /* First try to decode it as "normal" DTPT packets. */
396 offset = dissect_dtpt(tvb, pinfo, tree, NULL);
397
398 if (offset == 0) {
399 /* No, maybe it was a DTPT data packet. */
400 offset = dissect_dtpt_data(tvb, pinfo, tree);
401 }
402
403 /* Handle any remaining bytes ... */
404 if (tvb_reported_length_remaining(tvb, offset) > 0) {
405 /* ... as data. */
406 call_data_dissector(tvb_new_subset_remaining(tvb, offset), pinfo, tree);
407 }
408 return tvb_reported_length(tvb);
409 }
410
411
412 static int
413 dissect_dtpt_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
414 {
415 proto_item *dtpt_item;
416 proto_tree *dtpt_tree;
417 proto_tree *dtpt_queryset_tree;
418 unsigned offset = 0;
419 uint32_t queryset_rawsize;
420 uint32_t queryset_size;
421 uint32_t num_protocols;
422 uint32_t protocols_length = 0;
423 uint32_t addrs_start;
424 uint32_t num_addrs;
425 uint32_t addrs_length1 = 0;
426 proto_item *dtpt_addrs_item = NULL;
427 proto_tree *dtpt_addrs_tree = NULL;
428 uint32_t blob_rawsize = 0;
429 uint32_t blob_size = 0;
430 uint32_t blob_data_length;
431
432 queryset_rawsize = tvb_get_letohl(tvb, offset + 0);
433 if (queryset_rawsize != 60) return 0;
434 queryset_size = tvb_get_letohl(tvb, offset + 4);
435 if (queryset_size != 60) return 0;
436
437 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTPT");
438 col_set_str(pinfo->cinfo, COL_INFO, "QuerySet");
439
440 dtpt_item = proto_tree_add_item(tree, proto_dtpt, tvb, 0, -1, ENC_NA);
441 dtpt_tree = proto_item_add_subtree(dtpt_item, ett_dtpt);
442
443 if (dtpt_tree) {
444 proto_tree_add_uint(dtpt_tree, hf_dtpt_queryset_rawsize,
445 tvb, 0, 4, queryset_rawsize);
446
447 dtpt_queryset_tree = proto_tree_add_subtree(dtpt_tree, tvb, 4, 60,
448 ett_dtpt_queryset, NULL, "QuerySet raw");
449
450 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_size,
451 tvb, offset+4+0, 4, ENC_LITTLE_ENDIAN);
452 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_service_instance_name_pointer,
453 tvb, offset+4+4, 4, ENC_LITTLE_ENDIAN);
454 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_service_class_id_pointer,
455 tvb, offset+4+8, 4, ENC_LITTLE_ENDIAN);
456 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_version,
457 tvb, offset+4+12, 4, ENC_LITTLE_ENDIAN);
458 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_comment_pointer,
459 tvb, offset+4+16, 4, ENC_LITTLE_ENDIAN);
460 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_namespace,
461 tvb, offset+4+20, 4, ENC_LITTLE_ENDIAN);
462 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_provider_id_pointer,
463 tvb, offset+4+24, 4, ENC_LITTLE_ENDIAN);
464 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_context_pointer,
465 tvb, offset+4+28, 4, ENC_LITTLE_ENDIAN);
466 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_protocols_number,
467 tvb, offset+4+32, 4, ENC_LITTLE_ENDIAN);
468 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_protocols_pointer,
469 tvb, offset+4+36, 4, ENC_LITTLE_ENDIAN);
470 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_query_string_pointer,
471 tvb, offset+4+40, 4, ENC_LITTLE_ENDIAN);
472 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_cs_addrs_number,
473 tvb, offset+4+44, 4, ENC_LITTLE_ENDIAN);
474 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_cs_addrs_pointer,
475 tvb, offset+4+48, 4, ENC_LITTLE_ENDIAN);
476 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_output_flags,
477 tvb, offset+4+52, 4, ENC_LITTLE_ENDIAN);
478 proto_tree_add_item(dtpt_queryset_tree, hf_dtpt_queryset_blob_pointer,
479 tvb, offset+4+56, 4, ENC_LITTLE_ENDIAN);
480 }
481
482 offset += 4;
483 offset += 60;
484
485 offset = dissect_dtpt_wstring(tvb, offset, dtpt_tree, pinfo, hf_dtpt_service_instance_name);
486 offset = dissect_dtpt_guid (tvb, offset, dtpt_tree, pinfo, hf_dtpt_service_class_id );
487 offset = dissect_dtpt_wstring(tvb, offset, dtpt_tree, pinfo, hf_dtpt_comment );
488 offset = dissect_dtpt_guid (tvb, offset, dtpt_tree, pinfo, hf_dtpt_ns_provider_id );
489 offset = dissect_dtpt_wstring(tvb, offset, dtpt_tree, pinfo, hf_dtpt_context );
490 num_protocols = tvb_get_letohl(tvb, offset);
491 if (num_protocols>0) {
492 protocols_length = tvb_get_letohl(tvb, offset+4);
493 }
494 if (dtpt_tree) {
495 proto_tree *dtpt_protocols_tree = NULL;
496 uint32_t i;
497
498 dtpt_protocols_tree = proto_tree_add_subtree_format(dtpt_tree,
499 tvb, offset, 4+(num_protocols>0?4:0)+num_protocols*8,
500 ett_dtpt_protocols, NULL, "Protocols: %d", num_protocols);
501
502 if (dtpt_protocols_tree) {
503 proto_tree_add_uint(dtpt_protocols_tree, hf_dtpt_protocols_number,
504 tvb, offset, 4, num_protocols);
505 if (num_protocols>0)
506 proto_tree_add_uint(dtpt_protocols_tree, hf_dtpt_protocols_length,
507 tvb, offset+4, 4, protocols_length);
508 for (i=0;i<num_protocols;i++) {
509 proto_tree *dtpt_protocol_tree = NULL;
510
511 dtpt_protocol_tree = proto_tree_add_subtree_format(dtpt_protocols_tree,
512 tvb, offset+4+4+i*8, 8, ett_dtpt_protocol, NULL, "Protocol[%d]", i+1);
513
514 proto_tree_add_item(dtpt_protocol_tree, hf_dtpt_protocol_family,
515 tvb, offset+4+4+i*8, 4, ENC_LITTLE_ENDIAN);
516 proto_tree_add_item(dtpt_protocol_tree, hf_dtpt_protocol_protocol,
517 tvb, offset+4+4+i*8+4, 4, ENC_LITTLE_ENDIAN);
518 }
519 }
520 }
521 offset += 4 + (num_protocols>0?4:0) + num_protocols*8;
522 offset = dissect_dtpt_wstring(tvb, offset, dtpt_tree, pinfo, hf_dtpt_query_string);
523
524 addrs_start = offset;
525 num_addrs = tvb_get_letohl(tvb, offset);
526 if (num_addrs>0) {
527 addrs_length1 = tvb_get_letohl(tvb, offset+4);
528 }
529 if (dtpt_tree) {
530 dtpt_addrs_tree = proto_tree_add_subtree(dtpt_tree,
531 tvb, offset, -1, ett_dtpt_cs_addrs, &dtpt_addrs_item, "Addresses");
532 if (dtpt_addrs_tree) {
533 proto_tree_add_uint(dtpt_addrs_tree, hf_dtpt_cs_addrs_number,
534 tvb, offset, 4, num_addrs);
535 if (num_addrs>0)
536 proto_tree_add_uint(dtpt_addrs_tree, hf_dtpt_cs_addrs_length1,
537 tvb, offset+4, 4, addrs_length1);
538 }
539 }
540 offset += 4 + (num_addrs>0?4:0);
541
542 if (num_addrs>0) {
543 uint32_t i;
544 uint32_t offset2;
545
546 offset2 = offset + 24*num_addrs;
547
548 for (i=0;i<num_addrs;i++,offset+=24) {
549 proto_tree *dtpt_addr1_tree = NULL;
550 proto_item *dtpt_addr2_item = NULL;
551 proto_tree *dtpt_addr2_tree = NULL;
552 uint32_t offset2_start;
553
554 if (dtpt_addrs_tree) {
555 dtpt_addr1_tree = proto_tree_add_subtree_format(dtpt_addrs_tree,
556 tvb, offset, 24, ett_dtpt_cs_addr1, NULL, "Address[%u] Part 1", i+1);
557
558 proto_tree_add_item(dtpt_addr1_tree, hf_dtpt_cs_addr_local_pointer,
559 tvb, offset+ 0, 4, ENC_LITTLE_ENDIAN);
560 proto_tree_add_item(dtpt_addr1_tree, hf_dtpt_cs_addr_local_length,
561 tvb, offset+ 4, 4, ENC_LITTLE_ENDIAN);
562 proto_tree_add_item(dtpt_addr1_tree, hf_dtpt_cs_addr_remote_pointer,
563 tvb, offset+ 8, 4, ENC_LITTLE_ENDIAN);
564 proto_tree_add_item(dtpt_addr1_tree, hf_dtpt_cs_addr_remote_length,
565 tvb, offset+12, 4, ENC_LITTLE_ENDIAN);
566 proto_tree_add_item(dtpt_addr1_tree, hf_dtpt_cs_addr_socket_type,
567 tvb, offset+16, 4, ENC_LITTLE_ENDIAN);
568 proto_tree_add_item(dtpt_addr1_tree, hf_dtpt_cs_addr_protocol,
569 tvb, offset+20, 4, ENC_LITTLE_ENDIAN);
570
571 dtpt_addr2_tree = proto_tree_add_subtree_format(dtpt_addrs_tree,
572 tvb, offset2, -1, ett_dtpt_cs_addr2, &dtpt_addr2_item, "Address[%u] Part 2", i+1);
573 }
574
575 offset2_start = offset2;
576
577 offset2 = dissect_dtpt_sockaddr(tvb, offset2, dtpt_addr2_tree, pinfo, hf_dtpt_cs_addr_local, SOCKADDR_WITH_LEN);
578 offset2 = dissect_dtpt_sockaddr(tvb, offset2, dtpt_addr2_tree, pinfo, hf_dtpt_cs_addr_remote, SOCKADDR_WITH_LEN);
579
580 proto_item_set_len(dtpt_addr2_item,
581 offset2 - offset2_start);
582 }
583 offset = offset2;
584 }
585
586 proto_item_set_len(dtpt_addrs_item, offset - addrs_start);
587 proto_item_set_len(dtpt_item, offset);
588
589 blob_rawsize = tvb_get_letohl(tvb, offset);
590 if (blob_rawsize>=4) {
591 blob_size = tvb_get_letohl(tvb,offset+4+0);
592 }
593
594 if (dtpt_tree) {
595 proto_tree *dtpt_blobraw_tree;
596
597 proto_tree_add_uint(dtpt_tree, hf_dtpt_blob_rawsize,
598 tvb, offset+0, 4, blob_rawsize);
599 if (blob_rawsize>0) {
600 dtpt_blobraw_tree = proto_tree_add_subtree(dtpt_tree,
601 tvb, offset+4, blob_rawsize, ett_dtpt_blobraw, NULL, "Blob raw");
602
603 if (dtpt_blobraw_tree) {
604 proto_tree_add_uint(dtpt_blobraw_tree, hf_dtpt_blob_size,
605 tvb, offset+4+0, 4, blob_size);
606 proto_tree_add_item(dtpt_blobraw_tree, hf_dtpt_blob_data_pointer,
607 tvb, offset+4+4, 4, ENC_LITTLE_ENDIAN);
608 }
609 }
610 }
611
612 offset += 4+blob_rawsize;
613
614 proto_item_set_len(dtpt_item, offset);
615
616 if (blob_size>0) {
617 proto_tree *dtpt_blob_tree;
618
619 blob_data_length = tvb_get_letohl(tvb,offset);
620
621 if (dtpt_tree) {
622 dtpt_blob_tree = proto_tree_add_subtree(dtpt_tree,
623 tvb, offset, 4+blob_data_length, ett_dtpt_blob, NULL, "Blob");
624
625 if (dtpt_blob_tree) {
626 proto_tree_add_uint(dtpt_blob_tree, hf_dtpt_blob_data_length,
627 tvb, offset+0, 4, blob_data_length);
628 proto_tree_add_item(dtpt_blob_tree, hf_dtpt_blob_data,
629 tvb, offset+4, blob_data_length, ENC_NA);
630 }
631 }
632 offset += 4+blob_data_length;
633 if (dtpt_item)
634 proto_item_set_len(dtpt_item, offset);
635 }
636
637 return offset;
638 }
639
640 static int
641 dissect_dtpt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
642 {
643 proto_tree *dtpt_tree;
644 proto_item *dtpt_item;
645 uint8_t version;
646 uint8_t message_type;
647 uint32_t payload_size;
648
649 version = tvb_get_uint8(tvb, 0);
650 if (version != 1) return 0;
651 message_type = tvb_get_uint8(tvb, 1);
652 switch (message_type) {
653 case LookupBeginRequest:
654 case LookupBeginResponse:
655 case LookupNextRequest:
656 case LookupNextResponse:
657 case LookupEndRequest:
658 if (tvb_reported_length(tvb) != 20) return 0;
659 break;
660 case ConnectRequest:
661 case ConnectResponseOK:
662 case ConnectResponseERR:
663 if (tvb_reported_length(tvb) != 36) return 0;
664 break;
665 default:
666 return 0;
667 }
668
669 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTPT");
670 col_add_str(pinfo->cinfo, COL_INFO, val_to_str(message_type, names_message_type, "Unknown (%d)"));
671
672 if (message_type == LookupBeginRequest) {
673 conversation_t *c;
674 c = find_or_create_conversation(pinfo);
675 conversation_set_dissector(c, dtpt_conversation_handle);
676 }
677
678 dtpt_item = proto_tree_add_item(tree, proto_dtpt, tvb, 0, -1, ENC_NA);
679 dtpt_tree = proto_item_add_subtree(dtpt_item, ett_dtpt);
680
681 if (dtpt_tree) {
682 proto_tree_add_uint(dtpt_tree, hf_dtpt_version,
683 tvb, 0, 1, version);
684 proto_tree_add_uint(dtpt_tree, hf_dtpt_message_type,
685 tvb, 1, 1, message_type);
686
687 switch (message_type) {
688 case LookupBeginRequest: {
689 static int * const flags[] = {
690 &hf_dtpt_flags_res_service,
691 &hf_dtpt_flags_flushprevious,
692 &hf_dtpt_flags_flushcache,
693 &hf_dtpt_flags_return_query_string,
694 &hf_dtpt_flags_return_aliases,
695 &hf_dtpt_flags_return_blob,
696 &hf_dtpt_flags_return_addr,
697 &hf_dtpt_flags_return_comment,
698 &hf_dtpt_flags_return_version,
699 &hf_dtpt_flags_return_type,
700 &hf_dtpt_flags_return_name,
701 &hf_dtpt_flags_nearest,
702 &hf_dtpt_flags_nocontainers,
703 &hf_dtpt_flags_containers,
704 &hf_dtpt_flags_deep,
705 NULL
706 };
707
708 proto_tree_add_bitmask(dtpt_tree, tvb, 12, hf_dtpt_flags, ett_dtpt_flags, flags, ENC_LITTLE_ENDIAN);
709
710 payload_size = tvb_get_letohl(tvb, 16);
711 proto_tree_add_uint(dtpt_tree, hf_dtpt_payload_size,
712 tvb, 16, 4, payload_size);
713 }
714 break;
715 case LookupBeginResponse: {
716 proto_tree_add_item(dtpt_tree, hf_dtpt_handle,
717 tvb, 4, 8, ENC_LITTLE_ENDIAN);
718 proto_tree_add_item(dtpt_tree, hf_dtpt_error,
719 tvb, 12, 4, ENC_LITTLE_ENDIAN);
720 }
721 break;
722 case LookupNextRequest: {
723 proto_tree_add_item(dtpt_tree, hf_dtpt_handle,
724 tvb, 4, 8, ENC_LITTLE_ENDIAN);
725 proto_tree_add_item(dtpt_tree, hf_dtpt_buffer_size,
726 tvb, 16, 4, ENC_LITTLE_ENDIAN);
727 }
728 break;
729 case LookupNextResponse: {
730 proto_tree_add_item(dtpt_tree, hf_dtpt_error,
731 tvb, 12, 4, ENC_LITTLE_ENDIAN);
732 proto_tree_add_item(dtpt_tree, hf_dtpt_data_size,
733 tvb, 16, 4, ENC_LITTLE_ENDIAN);
734 }
735 break;
736 case LookupEndRequest: {
737 proto_tree_add_item(dtpt_tree, hf_dtpt_handle,
738 tvb, 4, 8, ENC_LITTLE_ENDIAN);
739 }
740 break;
741 case ConnectRequest: {
742 dissect_dtpt_sockaddr(tvb, 2, dtpt_tree, pinfo, hf_dtpt_connect_addr, SOCKADDR_CONNECT);
743 proto_tree_add_item(dtpt_tree, hf_dtpt_error,
744 tvb, 32, 4, ENC_LITTLE_ENDIAN);
745 }
746 break;
747 case ConnectResponseOK: {
748 dissect_dtpt_sockaddr(tvb, 2, dtpt_tree, pinfo, hf_dtpt_connect_addr, SOCKADDR_CONNECT);
749 proto_tree_add_item(dtpt_tree, hf_dtpt_error,
750 tvb, 32, 4, ENC_LITTLE_ENDIAN);
751 }
752 break;
753 case ConnectResponseERR: {
754 dissect_dtpt_sockaddr(tvb, 2, dtpt_tree, pinfo, hf_dtpt_connect_addr, SOCKADDR_CONNECT);
755 proto_tree_add_item(dtpt_tree, hf_dtpt_error,
756 tvb, 32, 4, ENC_LITTLE_ENDIAN);
757 }
758 break;
759 }
760 }
761
762 return tvb_captured_length(tvb);
763 }
764
765 void proto_reg_handoff_dtpt(void);
766
767 void
768 proto_register_dtpt(void)
769 {
770 static hf_register_info hf[] = {
771 { &hf_dtpt_version,
772 { "Version", "dtpt.version",
773 FT_UINT8, BASE_DEC, NULL, 0x0,
774 "Protocol Version", HFILL }},
775
776 { &hf_dtpt_message_type,
777 { "Message Type", "dtpt.message_type",
778 FT_UINT8, BASE_DEC, VALS(names_message_type), 0x0,
779 "Packet Message Type", HFILL }},
780
781 { &hf_dtpt_flags,
782 { "ControlFlags", "dtpt.flags",
783 FT_UINT32, BASE_HEX, NULL, 0x0,
784 "ControlFlags as documented for WSALookupServiceBegin", HFILL }},
785
786 { &hf_dtpt_flags_deep,
787 { "DEEP", "dtpt.flags.deep",
788 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_DEEP,
789 NULL, HFILL }},
790
791 { &hf_dtpt_flags_containers,
792 { "CONTAINERS", "dtpt.flags.containers",
793 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_CONTAINERS,
794 NULL, HFILL }},
795
796 { &hf_dtpt_flags_nocontainers,
797 { "NOCONTAINERS", "dtpt.flags.nocontainers",
798 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_NOCONTAINERS,
799 NULL, HFILL }},
800
801 { &hf_dtpt_flags_nearest,
802 { "NEAREST", "dtpt.flags.nearest",
803 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_NEAREST,
804 NULL, HFILL }},
805
806 { &hf_dtpt_flags_return_name,
807 { "RETURN_NAME", "dtpt.flags.return_name",
808 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RETURN_NAME,
809 NULL, HFILL }},
810
811 { &hf_dtpt_flags_return_type,
812 { "RETURN_TYPE", "dtpt.flags.return_type",
813 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RETURN_TYPE,
814 NULL, HFILL }},
815
816 { &hf_dtpt_flags_return_version,
817 { "RETURN_VERSION", "dtpt.flags.return_version",
818 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RETURN_VERSION,
819 NULL, HFILL }},
820
821 { &hf_dtpt_flags_return_comment,
822 { "RETURN_COMMENT", "dtpt.flags.return_comment",
823 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RETURN_COMMENT,
824 NULL, HFILL }},
825
826 { &hf_dtpt_flags_return_addr,
827 { "RETURN_ADDR", "dtpt.flags.return_addr",
828 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RETURN_ADDR,
829 NULL, HFILL }},
830
831 { &hf_dtpt_flags_return_blob,
832 { "RETURN_BLOB", "dtpt.flags.return_blob",
833 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RETURN_BLOB,
834 NULL, HFILL }},
835
836 { &hf_dtpt_flags_return_aliases,
837 { "RETURN_ALIASES", "dtpt.flags.return_aliases",
838 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RETURN_ALIASES,
839 NULL, HFILL }},
840
841 { &hf_dtpt_flags_return_query_string,
842 { "RETURN_QUERY_STRING", "dtpt.flags.return_query_string",
843 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RETURN_QUERY_STRING,
844 NULL, HFILL }},
845
846 { &hf_dtpt_flags_flushcache,
847 { "FLUSHCACHE", "dtpt.flags.flushcache",
848 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_FLUSHCACHE,
849 NULL, HFILL }},
850
851 { &hf_dtpt_flags_flushprevious,
852 { "FLUSHPREVIOUS", "dtpt.flags.flushprevious",
853 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_FLUSHPREVIOUS,
854 NULL, HFILL }},
855
856 { &hf_dtpt_flags_res_service,
857 { "RES_SERVICE", "dtpt.flags.res_service",
858 FT_BOOLEAN, 32, TFS(&tfs_set_notset), LUP_RES_SERVICE,
859 NULL, HFILL }},
860
861 { &hf_dtpt_payload_size,
862 { "Payload Size", "dtpt.payload_size",
863 FT_UINT32, BASE_DEC, NULL, 0x0,
864 "Payload Size of the following packet containing a serialized WSAQUERYSET", HFILL }},
865
866 { &hf_dtpt_handle,
867 { "Handle", "dtpt.handle",
868 FT_UINT64, BASE_HEX, NULL, 0x0,
869 "Lookup handle", HFILL }},
870
871 { &hf_dtpt_error,
872 { "Last Error", "dtpt.error",
873 FT_UINT32, BASE_DEC, VALS(names_error), 0x0,
874 NULL, HFILL }},
875
876 { &hf_dtpt_buffer_size,
877 { "Buffer Size", "dtpt.buffer_size",
878 FT_UINT32, BASE_DEC, NULL, 0x0,
879 NULL, HFILL }},
880
881 { &hf_dtpt_data_size,
882 { "Data Size", "dtpt.data_size",
883 FT_UINT32, BASE_DEC, NULL, 0x0,
884 NULL, HFILL }},
885
886 { &hf_dtpt_queryset_rawsize,
887 { "QuerySet Size", "dtpt.queryset_size",
888 FT_UINT32, BASE_DEC, NULL, 0x0,
889 "Size of the binary WSAQUERYSET", HFILL }},
890
891 { &hf_dtpt_queryset_size,
892 { "dwSize", "dtpt.queryset.dwSize",
893 FT_UINT32, BASE_DEC, NULL, 0x0,
894 "dwSize field in WSAQUERYSET", HFILL }},
895
896 { &hf_dtpt_queryset_service_instance_name_pointer,
897 { "lpszServiceInstanceName", "dtpt.queryset.lpszServiceInstanceName",
898 FT_UINT32, BASE_HEX, NULL, 0x0,
899 "lpszServiceInstanceName field in WSAQUERYSET", HFILL }},
900
901 { &hf_dtpt_queryset_service_class_id_pointer,
902 { "lpServiceClassId", "dtpt.queryset.lpServiceClassId",
903 FT_UINT32, BASE_HEX, NULL, 0x0,
904 "lpServiceClassId in the WSAQUERYSET", HFILL }},
905
906 { &hf_dtpt_queryset_version,
907 { "lpVersion", "dtpt.queryset.lpVersion",
908 FT_UINT32, BASE_DEC, NULL, 0x0,
909 "lpVersion in WSAQUERYSET", HFILL }},
910
911 { &hf_dtpt_queryset_comment_pointer,
912 { "lpszComment", "dtpt.lpszComment",
913 FT_UINT32, BASE_HEX, NULL, 0x0,
914 "lpszComment field in WSAQUERYSET", HFILL }},
915
916 { &hf_dtpt_queryset_namespace,
917 { "dwNameSpace", "dtpt.queryset.dwNameSpace",
918 FT_UINT32, BASE_DEC, NULL, 0x0,
919 "dwNameSpace field in WSAQUERYSE", HFILL }},
920
921 { &hf_dtpt_queryset_provider_id_pointer,
922 { "lpNSProviderId", "dtpt.queryset.lpNSProviderId",
923 FT_UINT32, BASE_HEX, NULL, 0x0,
924 "lpNSProviderId field in WSAQUERYSET", HFILL }},
925
926 { &hf_dtpt_queryset_context_pointer,
927 { "lpszContext", "dtpt.queryset.lpszContext",
928 FT_UINT32, BASE_HEX, NULL, 0x0,
929 "lpszContext field in WSAQUERYSET", HFILL }},
930
931 { &hf_dtpt_queryset_protocols_number,
932 { "dwNumberOfProtocols", "dtpt.queryset.dwNumberOfProtocols",
933 FT_UINT32, BASE_DEC, NULL, 0x0,
934 "dwNumberOfProtocols field in WSAQUERYSET", HFILL }},
935
936 { &hf_dtpt_queryset_protocols_pointer,
937 { "lpafpProtocols", "dtpt.queryset.lpafpProtocols",
938 FT_UINT32, BASE_HEX, NULL, 0x0,
939 "lpafpProtocols field in WSAQUERYSET", HFILL }},
940
941 { &hf_dtpt_queryset_query_string_pointer,
942 { "lpszQueryString", "dtpt.queryset.lpszQueryString",
943 FT_UINT32, BASE_HEX, NULL, 0x0,
944 "lpszQueryString field in WSAQUERYSET", HFILL }},
945
946 { &hf_dtpt_queryset_cs_addrs_number,
947 { "dwNumberOfCsAddrs", "dtpt.queryset.dwNumberOfCsAddrs",
948 FT_UINT32, BASE_DEC, NULL, 0x0,
949 "dwNumberOfCsAddrs field in WSAQUERYSET", HFILL }},
950
951 { &hf_dtpt_queryset_cs_addrs_pointer,
952 { "lpcsaBuffer", "dtpt.queryset.lpcsaBuffer",
953 FT_UINT32, BASE_HEX, NULL, 0x0,
954 "lpcsaBuffer field in WSAQUERYSET", HFILL }},
955
956 { &hf_dtpt_queryset_output_flags,
957 { "dwOutputFlags", "dtpt.queryset.dwOutputFlags",
958 FT_UINT32, BASE_HEX, NULL, 0x0,
959 "dwOutputFlags field in WSAQUERYSET", HFILL }},
960
961 { &hf_dtpt_queryset_blob_pointer,
962 { "lpBlob", "dtpt.queryset.lpBlob",
963 FT_UINT32, BASE_HEX, NULL, 0x0,
964 "lpBlob field in WSAQUERYSET", HFILL }},
965
966 { &hf_dtpt_wstring_length,
967 { "Length", "dtpt.wstring.length",
968 FT_UINT32, BASE_DEC, NULL, 0x0,
969 "String Length", HFILL }},
970
971 { &hf_dtpt_wstring_data,
972 { "Data", "dtpt.wstring.data",
973 FT_STRING, BASE_NONE, NULL, 0x0,
974 "String Data", HFILL }},
975
976 { &hf_dtpt_guid_length,
977 { "Length", "dtpt.guid.length",
978 FT_UINT32, BASE_DEC, NULL, 0x0,
979 "GUID Length", HFILL }},
980
981 { &hf_dtpt_guid_data,
982 { "Data", "dtpt.guid.data",
983 FT_GUID, BASE_NONE, NULL, 0x0,
984 "GUID Data", HFILL }},
985
986 { &hf_dtpt_service_instance_name,
987 { "Service Instance Name", "dtpt.service_instance_name",
988 FT_STRINGZ, BASE_NONE, NULL, 0x0,
989 NULL, HFILL }},
990
991 { &hf_dtpt_service_class_id,
992 { "Service Class ID", "dtpt.service_class_id",
993 FT_GUID, BASE_NONE, NULL, 0x0,
994 NULL, HFILL }},
995
996 { &hf_dtpt_comment,
997 { "Comment", "dtpt.comment",
998 FT_STRINGZ, BASE_NONE, NULL, 0x0,
999 NULL, HFILL }},
1000
1001 { &hf_dtpt_ns_provider_id,
1002 { "NS Provider ID", "dtpt.ns_provider_id",
1003 FT_GUID, BASE_NONE, NULL, 0x0,
1004 NULL, HFILL }},
1005
1006 { &hf_dtpt_context,
1007 { "Context", "dtpt.context",
1008 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1009 NULL, HFILL }},
1010
1011 { &hf_dtpt_protocols_number,
1012 { "Number of Protocols", "dtpt.protocols.number",
1013 FT_UINT32, BASE_DEC, NULL, 0x0,
1014 NULL, HFILL }},
1015
1016 { &hf_dtpt_protocols_length,
1017 { "Length of Protocols", "dtpt.protocols.length",
1018 FT_UINT32, BASE_DEC, NULL, 0x0,
1019 NULL, HFILL }},
1020
1021 { &hf_dtpt_protocol_family,
1022 { "Family", "dtpt.protocol.family",
1023 FT_UINT32, BASE_DEC, VALS(names_family), 0x0,
1024 "Protocol Family", HFILL }},
1025
1026 { &hf_dtpt_protocol_protocol,
1027 { "Protocol", "dtpt.protocol.protocol",
1028 FT_UINT32, BASE_DEC, VALS(names_protocol), 0x0,
1029 "Protocol Protocol", HFILL }},
1030
1031 { &hf_dtpt_query_string,
1032 { "Query String", "dtpt.query_string",
1033 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1034 NULL, HFILL }},
1035
1036 { &hf_dtpt_cs_addrs_number,
1037 { "Number of CS Addresses", "dtpt.cs_addrs.number",
1038 FT_UINT32, BASE_DEC, NULL, 0x0,
1039 NULL, HFILL }},
1040
1041 { &hf_dtpt_cs_addrs_length1,
1042 { "Length of CS Addresses Part 1", "dtpt.cs_addrs.length1",
1043 FT_UINT32, BASE_DEC, NULL, 0x0,
1044 NULL, HFILL }},
1045
1046 { &hf_dtpt_cs_addr_socket_type,
1047 { "Socket Type", "dtpt.cs_addrs.socket_type",
1048 FT_UINT32, BASE_DEC, VALS(names_socket_type), 0x0,
1049 NULL, HFILL }},
1050
1051 { &hf_dtpt_cs_addr_protocol,
1052 { "Protocol", "dtpt.cs_addrs.protocol",
1053 FT_UINT32, BASE_DEC, VALS(names_protocol), 0x0,
1054 NULL, HFILL }},
1055
1056 { &hf_dtpt_cs_addr_local_pointer,
1057 { "Local Address Pointer", "dtpt.cs_addr.local_pointer",
1058 FT_UINT32, BASE_HEX, NULL, 0x0,
1059 NULL, HFILL }},
1060
1061 { &hf_dtpt_cs_addr_local_length,
1062 { "Local Address Length", "dtpt.cs_addr.local_length",
1063 FT_UINT32, BASE_DEC, NULL, 0x0,
1064 "Local Address Pointer", HFILL }},
1065
1066 { &hf_dtpt_cs_addr_local,
1067 { "Local Address", "dtpt.cs_addr.local",
1068 FT_UINT32, BASE_DEC, NULL, 0x0,
1069 NULL, HFILL }},
1070
1071 { &hf_dtpt_cs_addr_remote_pointer,
1072 { "Remote Address Pointer", "dtpt.cs_addr.remote_pointer",
1073 FT_UINT32, BASE_HEX, NULL, 0x0,
1074 NULL, HFILL }},
1075
1076 { &hf_dtpt_cs_addr_remote_length,
1077 { "Remote Address Length", "dtpt.cs_addr.remote_length",
1078 FT_UINT32, BASE_DEC, NULL, 0x0,
1079 "Remote Address Pointer", HFILL }},
1080
1081 { &hf_dtpt_cs_addr_remote,
1082 { "Remote Address", "dtpt.cs_addr.remote",
1083 FT_UINT32, BASE_DEC, NULL, 0x0,
1084 NULL, HFILL }},
1085
1086 { &hf_dtpt_sockaddr_length,
1087 { "Length", "dtpt.sockaddr.length",
1088 FT_UINT16, BASE_DEC, NULL, 0x0,
1089 "Socket Address Length", HFILL }},
1090
1091 { &hf_dtpt_sockaddr_family,
1092 { "Family", "dtpt.sockaddr.family",
1093 FT_UINT16, BASE_DEC, VALS(names_family), 0x0,
1094 "Socket Address Family", HFILL }},
1095
1096 { &hf_dtpt_sockaddr_port,
1097 { "Port", "dtpt.sockaddr.port",
1098 FT_UINT16, BASE_DEC, NULL, 0x0,
1099 "Socket Address Port", HFILL }},
1100
1101 { &hf_dtpt_sockaddr_address,
1102 { "Address", "dtpt.sockaddr.address",
1103 FT_IPv4, BASE_NONE, NULL, 0x0,
1104 "Socket Address Address", HFILL }},
1105
1106 { &hf_dtpt_blob_rawsize,
1107 { "Blob Size", "dtpt.blob_size",
1108 FT_UINT32, BASE_DEC, NULL, 0x0,
1109 "Size of the binary BLOB", HFILL }},
1110
1111 { &hf_dtpt_blob_size,
1112 { "cbSize", "dtpt.blob.cbSize",
1113 FT_UINT32, BASE_DEC, NULL, 0x0,
1114 "cbSize field in BLOB", HFILL }},
1115
1116 { &hf_dtpt_blob_data_pointer,
1117 { "pBlobData", "dtpt.blob.pBlobData",
1118 FT_UINT32, BASE_HEX, NULL, 0x0,
1119 "pBlobData field in BLOB", HFILL }},
1120
1121 { &hf_dtpt_blob_data_length,
1122 { "Length", "dtpt.blob.data_length",
1123 FT_UINT32, BASE_DEC, NULL, 0x0,
1124 "Length of the Blob Data Block", HFILL }},
1125
1126 { &hf_dtpt_blob_data,
1127 { "Data", "dtpt.blob.data",
1128 FT_BYTES, BASE_NONE, NULL, 0x0,
1129 "Blob Data Block", HFILL }},
1130
1131 { &hf_dtpt_connect_addr,
1132 { "Address", "dtpt.connect_addr",
1133 FT_UINT32, BASE_DEC, NULL, 0x0,
1134 "Connect to Address", HFILL }},
1135
1136 { &hf_dtpt_padding,
1137 { "Padding", "dtpt.padding",
1138 FT_BYTES, BASE_NONE, NULL, 0x0,
1139 NULL, HFILL }},
1140 };
1141 static int *ett[] = {
1142 &ett_dtpt,
1143 &ett_dtpt_flags,
1144 &ett_dtpt_queryset,
1145 &ett_dtpt_wstring,
1146 &ett_dtpt_guid,
1147 &ett_dtpt_protocols,
1148 &ett_dtpt_protocol,
1149 &ett_dtpt_cs_addrs,
1150 &ett_dtpt_cs_addr1,
1151 &ett_dtpt_cs_addr2,
1152 &ett_dtpt_sockaddr,
1153 &ett_dtpt_blobraw,
1154 &ett_dtpt_blob,
1155 };
1156 e_guid_t guid_svcid_inet_hostaddrbyname = {0x0002A803, 0x0000, 0x0000, {0xC0,0,0,0,0,0,0,0x46}};
1157 e_guid_t guid_svcid_inet_hostaddrbyinetstring = {0x0002A801, 0x0000, 0x0000, {0xC0,0,0,0,0,0,0,0x46}};
1158 guids_add_guid(&guid_svcid_inet_hostaddrbyname, "SVCID_INET_HOSTADDRBYNAME");
1159 guids_add_guid(&guid_svcid_inet_hostaddrbyinetstring, "SVCID_INET_HOSTADDRBYINETSTRING");
1160
1161 proto_dtpt = proto_register_protocol("DeskTop PassThrough Protocol",
1162 "DTPT", "dtpt");
1163 proto_register_field_array(proto_dtpt, hf, array_length(hf));
1164 proto_register_subtree_array(ett, array_length(ett));
1165
1166 dtpt_handle = register_dissector("dtpt", dissect_dtpt, proto_dtpt);
1167 dtpt_conversation_handle = register_dissector("dtpt_conversation", dissect_dtpt_conversation, proto_dtpt);
1168 /** dtpt_data_handle = register_dissector("dtpt_data", dissect_dtpt_data, proto_dtpt); **/
1169 }
1170
1171
1172 void
1173 proto_reg_handoff_dtpt(void)
1174 {
1175 dissector_add_uint_with_preference("tcp.port", TCP_SERVER_PORT, dtpt_handle);
1176 }
1177
1178 /*
1179 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1180 *
1181 * Local variables:
1182 * c-basic-offset: 8
1183 * tab-width: 8
1184 * indent-tabs-mode: t
1185 * End:
1186 *
1187 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1188 * :indentSize=8:tabSize=8:noTabs=false:
1189 */
Metzes wireshark repo