search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/ C99 drsuapi
[wireshark-sm.git] / epan / dissectors / packet-dcerpc-conv.c
blob4f68d750ce79ece685f60314759f253b9f24bdf7
1 /* packet-dcerpc-conv.c
2 * Routines for dcerpc conv dissection
3 * Copyright 2001, Todd Sabin <tas@webspan.net>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include "config.h"
13
14
15 #include <epan/packet.h>
16 #include "packet-dcerpc.h"
17 #include "packet-dcerpc-dce122.h"
18
19 void proto_register_conv (void);
20 void proto_reg_handoff_conv (void);
21
22 static int proto_conv;
23 static int hf_conv_opnum;
24 static int hf_conv_rc;
25 static int hf_conv_who_are_you_rqst_actuid;
26 static int hf_conv_who_are_you_rqst_boot_time;
27 static int hf_conv_who_are_you2_rqst_actuid;
28 static int hf_conv_who_are_you2_rqst_boot_time;
29 static int hf_conv_who_are_you_resp_seq;
30 static int hf_conv_who_are_you2_resp_seq;
31 static int hf_conv_who_are_you2_resp_casuuid;
32
33 static int ett_conv;
34
35
36 static e_guid_t uuid_conv = { 0x333a2276, 0x0000, 0x0000, { 0x0d, 0x00, 0x00, 0x80, 0x9c, 0x00, 0x00, 0x00 } };
37 static uint16_t ver_conv = 3;
38
39
40 static int
41 conv_dissect_who_are_you_rqst (tvbuff_t *tvb, int offset,
42 packet_info *pinfo, proto_tree *tree,
43 dcerpc_info *di, uint8_t *drep)
44 {
45 /*
46 * [in] uuid_t *actuid,
47 * [in] unsigned32 boot_time,
48 */
49 e_guid_t actuid;
50
51 offset = dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you_rqst_actuid, &actuid);
52 offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you_rqst_boot_time, NULL);
53
54 col_add_fstr(pinfo->cinfo, COL_INFO,
55 "conv_who_are_you request actuid: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
56 actuid.data1, actuid.data2, actuid.data3,
57 actuid.data4[0], actuid.data4[1], actuid.data4[2], actuid.data4[3],
58 actuid.data4[4], actuid.data4[5], actuid.data4[6], actuid.data4[7]);
59
60 return offset;
61 }
62
63 static int
64 conv_dissect_who_are_you_resp (tvbuff_t *tvb, int offset,
65 packet_info *pinfo, proto_tree *tree,
66 dcerpc_info *di, uint8_t *drep)
67 {
68 /*
69 * [out] unsigned32 *seq,
70 * [out] unsigned32 *st
71 */
72 uint32_t seq, st;
73
74 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you_resp_seq, &seq);
75 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_conv_rc, &st);
76
77
78 col_add_fstr(pinfo->cinfo, COL_INFO, "conv_who_are_you response seq:%u st:%s",
79 seq, val_to_str_ext(st, &dce_error_vals_ext, "%u"));
80
81 return offset;
82 }
83
84
85
86 static int
87 conv_dissect_who_are_you2_rqst (tvbuff_t *tvb, int offset,
88 packet_info *pinfo, proto_tree *tree,
89 dcerpc_info *di, uint8_t *drep)
90 {
91 /*
92 * [in] uuid_t *actuid,
93 * [in] unsigned32 boot_time,
94 */
95 e_guid_t actuid;
96
97 offset = dissect_ndr_uuid_t(tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you2_rqst_actuid, &actuid);
98 offset = dissect_ndr_time_t(tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you2_rqst_boot_time, NULL);
99
100 col_add_fstr(pinfo->cinfo, COL_INFO,
101 "conv_who_are_you2 request actuid: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
102 actuid.data1, actuid.data2, actuid.data3,
103 actuid.data4[0], actuid.data4[1], actuid.data4[2], actuid.data4[3],
104 actuid.data4[4], actuid.data4[5], actuid.data4[6], actuid.data4[7]);
105
106 return offset;
107 }
108 static int
109 conv_dissect_who_are_you2_resp (tvbuff_t *tvb, int offset,
110 packet_info *pinfo, proto_tree *tree,
111 dcerpc_info *di, uint8_t *drep)
112 {
113 /*
114 * [out] unsigned32 *seq,
115 * [out] uuid_t *cas_uuid,
116 *
117 * [out] unsigned32 *st
118 */
119 uint32_t seq, st;
120 e_guid_t cas_uuid;
121
122 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you2_resp_seq, &seq);
123 offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, di, drep, hf_conv_who_are_you2_resp_casuuid, &cas_uuid);
124 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_conv_rc, &st);
125
126 col_add_fstr(pinfo->cinfo, COL_INFO,
127 "conv_who_are_you2 response seq:%u st:%s cas:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
128 seq, val_to_str_ext(st, &dce_error_vals_ext, "%u"),
129 cas_uuid.data1, cas_uuid.data2, cas_uuid.data3,
130 cas_uuid.data4[0], cas_uuid.data4[1], cas_uuid.data4[2], cas_uuid.data4[3],
131 cas_uuid.data4[4], cas_uuid.data4[5], cas_uuid.data4[6], cas_uuid.data4[7]);
132
133 return offset;
134 }
135
136
137 static const dcerpc_sub_dissector conv_dissectors[] = {
138 { 0, "who_are_you",
139 conv_dissect_who_are_you_rqst, conv_dissect_who_are_you_resp },
140 { 1, "who_are_you2",
141 conv_dissect_who_are_you2_rqst, conv_dissect_who_are_you2_resp },
142 { 2, "are_you_there",
143 NULL, NULL },
144 { 3, "who_are_you_auth",
145 NULL, NULL },
146 { 4, "who_are_you_auth_more",
147 NULL, NULL },
148 { 0, NULL, NULL, NULL }
149 };
150
151 void
152 proto_register_conv (void)
153 {
154 static hf_register_info hf[] = {
155 { &hf_conv_opnum,
156 { "Operation", "conv.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
157 { &hf_conv_rc,
158 {"Status", "conv.status", FT_UINT32, BASE_DEC|BASE_EXT_STRING, &dce_error_vals_ext, 0x0, NULL, HFILL }},
159
160 { &hf_conv_who_are_you_rqst_actuid,
161 {"Activity UID", "conv.who_are_you_rqst_actuid", FT_GUID, BASE_NONE, NULL, 0x0, "UUID", HFILL }},
162 { &hf_conv_who_are_you_rqst_boot_time,
163 {"Boot time", "conv.who_are_you_rqst_boot_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, NULL, HFILL }},
164 { &hf_conv_who_are_you2_rqst_actuid,
165 {"Activity UID", "conv.who_are_you2_rqst_actuid", FT_GUID, BASE_NONE, NULL, 0x0, "UUID", HFILL }},
166 { &hf_conv_who_are_you2_rqst_boot_time,
167 {"Boot time", "conv.who_are_you2_rqst_boot_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, NULL, HFILL }},
168
169 { &hf_conv_who_are_you_resp_seq,
170 {"Sequence Number", "conv.who_are_you_resp_seq", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
171 { &hf_conv_who_are_you2_resp_seq,
172 {"Sequence Number", "conv.who_are_you2_resp_seq", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
173 { &hf_conv_who_are_you2_resp_casuuid,
174 {"Client's address space UUID", "conv.who_are_you2_resp_casuuid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }}
175 };
176
177 static int *ett[] = {
178 &ett_conv
179 };
180 proto_conv = proto_register_protocol ("DCE/RPC Conversation Manager", "CONV", "conv");
181 proto_register_field_array (proto_conv, hf, array_length (hf));
182 proto_register_subtree_array (ett, array_length (ett));
183 }
184
185 void
186 proto_reg_handoff_conv (void)
187 {
188 /* Register the protocol as dcerpc */
189 dcerpc_init_uuid (proto_conv, ett_conv, &uuid_conv, ver_conv, conv_dissectors, hf_conv_opnum);
190 }
191
192 /*
193 * Editor modelines - https://www.wireshark.org/tools/modelines.html
194 *
195 * Local variables:
196 * c-basic-offset: 8
197 * tab-width: 8
198 * indent-tabs-mode: t
199 * End:
200 *
201 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
202 * :indentSize=8:tabSize=8:noTabs=false:
203 */
Metzes wireshark repo