epan/dissectors/packet-rdp_snd.c

   1 /* Packet-rdp_snd.c
   2  * Routines for the audio output RDP channel
   3  * Copyright 2023, David Fort <contact@hardening-consulting.com>
   4  *
   5  * Wireshark - Network traffic analyzer
   6  * By Gerald Combs <gerald@wireshark.org>
   7  * Copyright 1998 Gerald Combs
   8  *
   9  * SPDX-License-Identifier: GPL-2.0-or-later
  10  */
  11
  12 /*
  13  * See: "[MS-RDPEA] "
  14  */
  15
  16 #include "config.h"
  17
  18 #include <epan/packet.h>
  19 #include <epan/prefs.h>
  20 #include <epan/conversation.h>
  21 #include <epan/expert.h>
  22 #include <epan/value_string.h>
  23
  24 #include "packet-rdpudp.h"
  25
  26 #define PNAME  "RDP audio output virtual channel Protocol"
  27 #define PSNAME "rdpsnd"
  28 #define PFNAME "rdp_snd"
  29
  30 void proto_register_rdp_snd(void);
  31 void proto_reg_handoff_rdp_snd(void);
  32
  33
  34 static int proto_rdp_snd;
  35
  36 static int hf_snd_msgType;
  37 static int hf_snd_bPad;
  38 static int hf_snd_bodySize;
  39
  40 static int ett_rdp_snd;
  41
  42
  43 enum {
  44         SNDC_CLOSE = 0x01,
  45         SNDC_WAVE = 0x02,
  46         SNDC_SETVOLUME = 0x03,
  47         SNDC_SETPITCH = 0x04,
  48         SNDC_WAVECONFIRM = 0x05,
  49         SNDC_TRAINING = 0x06,
  50         SNDC_FORMATS = 0x07,
  51         SNDC_CRYPTKEY = 0x08,
  52         SNDC_WAVEENCRYPT = 0x09,
  53         SNDC_UDPWAVE = 0x0A,
  54         SNDC_UDPWAVELAST = 0x0B,
  55         SNDC_QUALITYMODE = 0x0C,
  56         SNDC_WAVE2 = 0x0D,
  57 };
  58
  59
  60 static const value_string rdp_snd_order_vals[] = {
  61         { SNDC_CLOSE, "Close"},
  62         { SNDC_WAVE, "Wave"},
  63         { SNDC_SETVOLUME, "Set volume"},
  64         { SNDC_SETPITCH, "Set pitch"},
  65         { SNDC_WAVECONFIRM, "Wave confirm"},
  66         { SNDC_TRAINING, "Training"},
  67         { SNDC_FORMATS, "Formats"},
  68         { SNDC_CRYPTKEY, "Crypt key"},
  69         { SNDC_WAVEENCRYPT, "Wave encrypt"},
  70         { SNDC_UDPWAVE, "Udp wave"},
  71         { SNDC_UDPWAVELAST, "Udp wave last"},
  72         { SNDC_QUALITYMODE, "Quality mode"},
  73         { SNDC_WAVE2, "Wave 2"},
  74         { 0x0, NULL},
  75 };
  76
  77
  78 static int
  79 dissect_rdp_snd(tvbuff_t *tvb _U_, packet_info *pinfo, proto_tree *parent_tree _U_, void *data _U_)
  80 {
  81         proto_item *item;
  82         int nextOffset, offset = 0;
  83         uint32_t cmdId = 0;
  84         uint32_t pduLength;
  85         proto_tree *tree;
  86
  87         parent_tree = proto_tree_get_root(parent_tree);
  88         col_set_str(pinfo->cinfo, COL_PROTOCOL, "RDPSND");
  89         col_clear(pinfo->cinfo, COL_INFO);
  90
  91         pduLength = tvb_get_uint32(tvb, offset + 2, ENC_LITTLE_ENDIAN) + 4;
  92         nextOffset = offset + pduLength;
  93
  94         item = proto_tree_add_item(parent_tree, proto_rdp_snd, tvb, offset, pduLength, ENC_NA);
  95         tree = proto_item_add_subtree(item, ett_rdp_snd);
  96
  97         proto_tree_add_item_ret_uint(tree, hf_snd_msgType, tvb, offset, 1, ENC_LITTLE_ENDIAN, &cmdId);
  98         offset += 1;
  99
 100         proto_tree_add_item(tree, hf_snd_bPad, tvb, offset, 1, ENC_LITTLE_ENDIAN);
 101         offset += 1;
 102
 103         proto_tree_add_item(tree, hf_snd_bodySize, tvb, offset, 2, ENC_LITTLE_ENDIAN);
 104         //offset += 2;
 105
 106         col_set_str(pinfo->cinfo, COL_INFO, val_to_str_const(cmdId, rdp_snd_order_vals, "Unknown rdpsnd command"));
 107
 108         switch (cmdId) {
 109         case SNDC_CLOSE:
 110         case SNDC_WAVE:
 111         case SNDC_SETVOLUME:
 112         case SNDC_SETPITCH:
 113         case SNDC_WAVECONFIRM:
 114         case SNDC_TRAINING:
 115         case SNDC_FORMATS:
 116         case SNDC_CRYPTKEY:
 117         case SNDC_WAVEENCRYPT:
 118         case SNDC_UDPWAVE:
 119         case SNDC_UDPWAVELAST:
 120         case SNDC_QUALITYMODE:
 121         case SNDC_WAVE2:
 122         default:
 123                 break;
 124         }
 125
 126         offset = nextOffset;
 127         return offset;
 128 }
 129
 130
 131 void proto_register_rdp_snd(void) {
 132         static hf_register_info hf[] = {
 133                 { &hf_snd_msgType,
 134                   { "MsgrType", "rdp_snd.msgtype",
 135                     FT_UINT8, BASE_HEX, VALS(rdp_snd_order_vals), 0x0,
 136                         NULL, HFILL }
 137                 },
 138                 { &hf_snd_bPad,
 139                   { "bPad", "rdp_snd.bpad",
 140                         FT_UINT8, BASE_HEX, NULL, 0x0,
 141                         NULL, HFILL }
 142                 },
 143                 { &hf_snd_bodySize,
 144                   { "BodySize", "rdp_snd.bodysize",
 145                         FT_UINT16, BASE_DEC, NULL, 0x0,
 146                         NULL, HFILL }
 147                 },
 148         };
 149
 150         static int *ett[] = {
 151                 &ett_rdp_snd,
 152         };
 153
 154         proto_rdp_snd = proto_register_protocol(PNAME, PSNAME, PFNAME);
 155
 156         /* Register fields and subtrees */
 157         proto_register_field_array(proto_rdp_snd, hf, array_length(hf));
 158         proto_register_subtree_array(ett, array_length(ett));
 159
 160         register_dissector("rdp_snd", dissect_rdp_snd, proto_rdp_snd);
 161 }
 162
 163 void proto_reg_handoff_rdp_snd(void) {
 164 }