search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: 2nd try to match RowsetProperties
[wireshark-wip.git] / epan / dissectors / packet-dcerpc-epm.c
blob4b9a1e08366e51989fb2dba67ffb502773b01e7a
1 /* packet-dcerpc-epm.c
2 * Routines for dcerpc endpoint mapper dissection
3 * Copyright 2001, Todd Sabin <tas@webspan.net>
4 *
5 * $Id$
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26 #include "config.h"
27
28 #include <glib.h>
29 #include <epan/packet.h>
30 #include <epan/to_str.h>
31 #include <epan/expert.h>
32 #include "packet-dcerpc.h"
33 #include "packet-dcerpc-nt.h"
34
35
36 static int proto_epm3 = -1;
37 static int proto_epm4 = -1;
38
39 static int hf_epm_opnum = -1;
40 static int hf_epm_inquiry_type = -1;
41 static int hf_epm_object = -1;
42 static int hf_epm_if_id = -1;
43 static int hf_epm_ver_maj = -1;
44 static int hf_epm_ver_min = -1;
45 static int hf_epm_ver_opt = -1;
46 static int hf_epm_hnd = -1;
47 static int hf_epm_max_ents = -1;
48 static int hf_epm_num_ents = -1;
49 static int hf_epm_uuid = -1;
50 static int hf_epm_tower_length = -1;
51 /* static int hf_epm_tower_data = -1; */
52 static int hf_epm_max_towers = -1;
53 static int hf_epm_num_towers = -1;
54 static int hf_epm_rc = -1;
55 static int hf_epm_replace = -1;
56 static int hf_epm_tower_num_floors = -1;
57 static int hf_epm_tower_rhs_len = -1;
58 static int hf_epm_tower_lhs_len = -1;
59 static int hf_epm_tower_proto_id = -1;
60 static int hf_epm_annotation = -1;
61 static int hf_epm_ann_offset = -1;
62 static int hf_epm_ann_len = -1;
63 static int hf_epm_proto_named_pipes = -1;
64 static int hf_epm_proto_netbios_name = -1;
65 static int hf_epm_proto_ip = -1;
66 static int hf_epm_proto_udp_port = -1;
67 static int hf_epm_proto_tcp_port = -1;
68 static int hf_epm_proto_http_port = -1;
69
70 static gint ett_epm = -1;
71 static gint ett_epm_tower_floor = -1;
72 static gint ett_epm_entry = -1;
73
74 static expert_field ei_epm_proto_undecoded = EI_INIT;
75
76
77 /* the UUID is identical for interface versions 3 and 4 */
78 static e_uuid_t uuid_epm = { 0xe1af8308, 0x5d1f, 0x11c9, { 0x91, 0xa4, 0x08, 0x00, 0x2b, 0x14, 0xa0, 0xfa } };
79 static guint16 ver_epm3 = 3;
80 static guint16 ver_epm4 = 4;
81
82
83
84 static const value_string ep_service[] = {
85 { 0, "rpc_c_ep_all_elts" },
86 { 1, "rpc_c_ep_match_by_if" },
87 { 2, "rpc_c_ep_match_by_obj" },
88 { 3, "rpc_c_ep_match_by_both" },
89 { 0, NULL },
90 };
91
92 /* typedef struct {
93 unsigned int tower_len,
94 [size_is(tower_len)] char tower[];
95 } twr_t, *twr_p_t;
96 */
97 static int epm_dissect_tower (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
98
99
100 static int
101 epm_dissect_pointer_IF_ID(tvbuff_t *tvb, int offset,
102 packet_info *pinfo, proto_tree *tree,
103 dcerpc_info *di, guint8 *drep)
104 {
105 offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, di, drep,
106 di->hf_index, NULL);
107 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, di, drep,
108 hf_epm_ver_maj, NULL);
109 offset = dissect_ndr_uint16 (tvb, offset, pinfo, tree, di, drep,
110 hf_epm_ver_min, NULL);
111 return offset;
112 }
113
114 static int
115 epm_dissect_pointer_UUID(tvbuff_t *tvb, int offset,
116 packet_info *pinfo, proto_tree *tree,
117 dcerpc_info *di, guint8 *drep)
118 {
119 offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, di, drep,
120 di->hf_index, NULL);
121 return offset;
122 }
123
124 static int
125 epm_dissect_ept_lookup_rqst (tvbuff_t *tvb, int offset,
126 packet_info *pinfo, proto_tree *tree,
127 dcerpc_info *di, guint8 *drep)
128 {
129 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
130 hf_epm_inquiry_type, NULL);
131
132 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
133 epm_dissect_pointer_UUID, NDR_POINTER_PTR,
134 "Object:", hf_epm_object);
135
136 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
137 epm_dissect_pointer_IF_ID, NDR_POINTER_PTR,
138 "Interface:", hf_epm_if_id);
139
140 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
141 hf_epm_ver_opt, NULL);
142
143 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
144 hf_epm_hnd, NULL);
145
146 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
147 hf_epm_max_ents, NULL);
148 return offset;
149 }
150
151
152 static int
153 epm_dissect_ept_entry_t(tvbuff_t *tvb, int offset,
154 packet_info *pinfo, proto_tree *parent_tree,
155 dcerpc_info *di, guint8 *drep)
156 {
157 proto_item *item=NULL;
158 proto_tree *tree=NULL;
159 int old_offset=offset;
160 guint32 len;
161 const char *str;
162
163 if(di->conformant_run){
164 return offset;
165 }
166
167 if(parent_tree){
168 item = proto_tree_add_text(parent_tree, tvb, offset, -1, "Entry:");
169 tree = proto_item_add_subtree(item, ett_epm_entry);
170 }
171
172 offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, di, drep,
173 hf_epm_object, NULL);
174
175 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
176 epm_dissect_tower, NDR_POINTER_PTR,
177 "Tower pointer:", -1);
178
179 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
180 hf_epm_ann_offset, NULL);
181 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
182 hf_epm_ann_len, &len);
183 str=tvb_get_string(wmem_packet_scope(), tvb, offset, len);
184 proto_tree_add_item(tree, hf_epm_annotation, tvb, offset, len, ENC_ASCII|ENC_NA);
185 offset += len;
186
187 if(str&&str[0]){
188 if(parent_tree) {
189 proto_item_append_text(item, " Service:%s ", str);
190 proto_item_append_text(tree->parent, " Service:%s ", str);
191 }
192 col_append_fstr(pinfo->cinfo, COL_INFO, ", Service:%s", str);
193 }
194
195 proto_item_set_len(item, offset-old_offset);
196 return offset;
197 }
198
199 static int
200 epm_dissect_ept_entry_t_array(tvbuff_t *tvb, int offset,
201 packet_info *pinfo, proto_tree *tree,
202 dcerpc_info *di, guint8 *drep)
203 {
204 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, di, drep,
205 epm_dissect_ept_entry_t);
206
207 return offset;
208 }
209
210 static int
211 epm_dissect_ept_lookup_resp (tvbuff_t *tvb, int offset,
212 packet_info *pinfo, proto_tree *tree,
213 dcerpc_info *di, guint8 *drep)
214 {
215 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
216 hf_epm_hnd, NULL);
217
218 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
219 hf_epm_num_ents, NULL);
220
221 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
222 epm_dissect_ept_entry_t_array, NDR_POINTER_REF,
223 "Entries:", -1);
224
225 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
226 hf_epm_rc, NULL);
227
228 return offset;
229 }
230
231 static int
232 epm_dissect_uuid (tvbuff_t *tvb, int offset,
233 packet_info *pinfo, proto_tree *tree,
234 dcerpc_info *di, guint8 *drep)
235 {
236 offset = dissect_ndr_uuid_t (tvb, offset, pinfo, tree, di, drep,
237 hf_epm_uuid, NULL);
238 return offset;
239 }
240
241 #define PROTO_ID_OSI_OID 0x00
242 #define PROTO_ID_DNA_SESSCTL 0x02
243 #define PROTO_ID_DNA_SESSCTL_V3 0x03
244 #define PROTO_ID_DNA_NSP 0x04
245 #define PROTO_ID_OSI_TP4 0x05
246 #define PROTO_ID_OSI_CLNS 0x06
247 #define PROTO_ID_TCP 0x07
248 #define PROTO_ID_UDP 0x08
249 #define PROTO_ID_IP 0x09
250 #define PROTO_ID_RPC_CL 0x0a
251 #define PROTO_ID_RPC_CO 0x0b
252 #define PROTO_ID_SPX 0x0c /* from DCOM spec (is this correct?) */
253 #define PROTO_ID_UUID 0x0d
254 #define PROTO_ID_IPX 0x0e /* from DCOM spec (is this correct?) */
255 #define PROTO_ID_NAMED_PIPES 0x0f
256 #define PROTO_ID_NAMED_PIPES_2 0x10
257 #define PROTO_ID_NETBIOS 0x11
258 #define PROTO_ID_NETBEUI 0x12
259 #define PROTO_ID_NETWARE_SPX 0x13
260 #define PROTO_ID_NETWARE_IPX 0x14
261 #define PROTO_ID_ATALK_STREAM 0x16
262 #define PROTO_ID_ATALK_DATAGRAM 0x17
263 #define PROTO_ID_ATALK 0x18
264 #define PROTO_ID_NETBIOS_2 0x19
265 #define PROTO_ID_VINES_SPP 0x1a
266 #define PROTO_ID_VINES_IPC 0x1b
267 #define PROTO_ID_STREETTALK 0x1c
268 #define PROTO_ID_HTTP 0x1f
269 #define PROTO_ID_UNIX_DOMAIN 0x20
270 #define PROTO_ID_NULL 0x21
271 #define PROTO_ID_NETBIOS_3 0x22
272
273 static const value_string proto_id_vals[] = {
274 { PROTO_ID_OSI_OID, "OSI OID"},
275 { PROTO_ID_DNA_SESSCTL, "DNA Session Control"},
276 { PROTO_ID_DNA_SESSCTL_V3, "DNA Session Control V3"},
277 { PROTO_ID_DNA_NSP, "DNA NSP Transport"},
278 { PROTO_ID_OSI_TP4, "OSI TP4"},
279 { PROTO_ID_OSI_CLNS, "OSI CLNS or DNA Routing"},
280 { PROTO_ID_TCP, "DOD TCP"},
281 { PROTO_ID_UDP, "DOD UDP"},
282 { PROTO_ID_IP, "DOD IP"},
283 { PROTO_ID_RPC_CL, "RPC connectionless protocol"},
284 { PROTO_ID_RPC_CO, "RPC connection-oriented protocol"},
285 { PROTO_ID_SPX, "SPX?"},
286 { PROTO_ID_UUID, "UUID"},
287 { PROTO_ID_IPX, "IPX?"},
288 { PROTO_ID_NAMED_PIPES, "Named Pipes"},
289 { PROTO_ID_NAMED_PIPES_2, "Named Pipes"},
290 { PROTO_ID_NETBIOS, "NetBIOS"},
291 { PROTO_ID_NETBEUI, "NetBEUI"},
292 { PROTO_ID_NETWARE_SPX, "Netware SPX"},
293 { PROTO_ID_NETWARE_IPX, "Netware IPX"},
294 { PROTO_ID_ATALK_STREAM, "Appletalk Stream"},
295 { PROTO_ID_ATALK_DATAGRAM, "Appletalk Datagram"},
296 { PROTO_ID_ATALK, "Appletalk"},
297 { PROTO_ID_NETBIOS_2, "NetBIOS"},
298 { PROTO_ID_VINES_SPP, "Vines SPP"},
299 { PROTO_ID_VINES_IPC, "Vines IPC"},
300 { PROTO_ID_STREETTALK, "StreetTalk"},
301 { PROTO_ID_HTTP, "RPC over HTTP"},
302 { PROTO_ID_UNIX_DOMAIN, "Unix Domain Socket"},
303 { PROTO_ID_NULL, "null"},
304 { PROTO_ID_NETBIOS_3, "NetBIOS"},
305 { 0, NULL},
306 };
307
308
309 /* XXX this function assumes LE encoding. can not use the NDR routines
310 since they assume padding.
311 */
312 static int
313 epm_dissect_tower_data (tvbuff_t *tvb, int offset,
314 packet_info *pinfo, proto_tree *tree,
315 dcerpc_info *di, guint8 *drep _U_)
316 {
317 guint16 num_floors, ii;
318 const char *uuid_name;
319 guint8 u8little_endian = DREP_LITTLE_ENDIAN;
320
321 if(di->conformant_run){
322 return offset;
323 }
324
325 num_floors = tvb_get_letohs(tvb, offset);
326 proto_tree_add_uint(tree, hf_epm_tower_num_floors, tvb, offset, 2, num_floors);
327 offset += 2;
328
329 for(ii=0;ii<num_floors;ii++){
330 proto_item *it = NULL;
331 proto_tree *tr = NULL;
332 int old_offset = offset;
333 guint16 len;
334 guint8 proto_id;
335 e_uuid_t uuid;
336 proto_item *pi;
337
338 it = proto_tree_add_text(tree, tvb, offset, 0, "Floor %d ", ii+1);
339 tr = proto_item_add_subtree(it, ett_epm_tower_floor);
340
341 len = tvb_get_letohs(tvb, offset);
342 proto_tree_add_uint(tr, hf_epm_tower_lhs_len, tvb, offset, 2, len);
343 offset += 2;
344
345 proto_id = tvb_get_guint8(tvb, offset);
346 proto_tree_add_uint(tr, hf_epm_tower_proto_id, tvb, offset, 1, proto_id);
347
348 switch(proto_id){
349 case PROTO_ID_UUID:
350 dcerpc_tvb_get_uuid (tvb, offset+1, &u8little_endian, &uuid);
351
352 uuid_name = guids_get_uuid_name(&uuid);
353
354 if(uuid_name != NULL) {
355 proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
356 "UUID: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
357 uuid_name,
358 uuid.Data1, uuid.Data2, uuid.Data3,
359 uuid.Data4[0], uuid.Data4[1],
360 uuid.Data4[2], uuid.Data4[3],
361 uuid.Data4[4], uuid.Data4[5],
362 uuid.Data4[6], uuid.Data4[7]);
363 } else {
364 proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
365 "UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
366 uuid.Data1, uuid.Data2, uuid.Data3,
367 uuid.Data4[0], uuid.Data4[1],
368 uuid.Data4[2], uuid.Data4[3],
369 uuid.Data4[4], uuid.Data4[5],
370 uuid.Data4[6], uuid.Data4[7]);
371 }
372 proto_tree_add_text(tr, tvb, offset+17, 2, "Version %d.%d", tvb_get_guint8(tvb, offset+17), tvb_get_guint8(tvb, offset+18));
373
374 {
375 guint16 version = tvb_get_ntohs(tvb, offset+17);
376 const char *service = dcerpc_get_proto_name(&uuid, version);
377 if (service || uuid_name) {
378 const char *s = service ? service : uuid_name;
379 proto_item_append_text(tr, "UUID: %s", s);
380 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", s);
381 } else {
382 proto_item_append_text(tr, "UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x Version %d.%d", uuid.Data1, uuid.Data2, uuid.Data3,
383 uuid.Data4[0], uuid.Data4[1],
384 uuid.Data4[2], uuid.Data4[3],
385 uuid.Data4[4], uuid.Data4[5],
386 uuid.Data4[6], uuid.Data4[7],
387 tvb_get_guint8(tvb, offset+17),
388 tvb_get_guint8(tvb, offset+18));
389 }
390 }
391 break;
392 }
393 offset += len;
394
395 len = tvb_get_letohs(tvb, offset);
396 pi = proto_tree_add_uint(tr, hf_epm_tower_rhs_len, tvb, offset, 2, len);
397 offset += 2;
398
399 switch(proto_id){
400
401 case PROTO_ID_UUID:
402 /* XXX - is this big or little endian? */
403 proto_tree_add_item(tr, hf_epm_ver_min, tvb, offset, 2, ENC_BIG_ENDIAN);
404 break;
405 case PROTO_ID_TCP: /* this one is always big endian */
406 proto_tree_add_item(tr, hf_epm_proto_tcp_port, tvb, offset, 2, ENC_BIG_ENDIAN);
407 proto_item_append_text(tr, "TCP Port:%d", tvb_get_ntohs(tvb, offset));
408 break;
409
410 case PROTO_ID_UDP: /* this one is always big endian */
411 proto_tree_add_item(tr, hf_epm_proto_udp_port, tvb, offset, 2, ENC_BIG_ENDIAN);
412 proto_item_append_text(tr, "UDP Port:%d", tvb_get_ntohs(tvb, offset));
413 break;
414
415 case PROTO_ID_IP: /* this one is always big endian */
416 proto_tree_add_item(tr, hf_epm_proto_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
417 proto_item_append_text(tr, "IP:%s", tvb_ip_to_str(tvb, offset));
418 break;
419
420 case PROTO_ID_RPC_CO:
421 proto_item_append_text(tr, "RPC connection-oriented protocol");
422 break;
423
424 case PROTO_ID_RPC_CL:
425 proto_item_append_text(tr, "RPC connectionless protocol");
426 /* XXX - is this big or little endian? */
427 proto_tree_add_item(tr, hf_epm_ver_min, tvb, offset, 2, ENC_BIG_ENDIAN);
428 break;
429
430 case PROTO_ID_NAMED_PIPES: /* \\PIPE\xxx named pipe */
431 proto_tree_add_item(tr, hf_epm_proto_named_pipes, tvb, offset, len, ENC_ASCII|ENC_NA);
432 proto_item_append_text(tr, "NamedPipe:%s", tvb_get_string(wmem_packet_scope(), tvb, offset, len));
433 break;
434
435 case PROTO_ID_NAMED_PIPES_2: /* PIPENAME named pipe */
436 proto_tree_add_item(tr, hf_epm_proto_named_pipes, tvb, offset, len, ENC_ASCII|ENC_NA);
437 proto_item_append_text(tr, "PIPE:%s", tvb_get_string(wmem_packet_scope(), tvb, offset, len));
438 break;
439
440 case PROTO_ID_NETBIOS: /* \\NETBIOS netbios name */
441 proto_tree_add_item(tr, hf_epm_proto_netbios_name, tvb, offset, len, ENC_ASCII|ENC_NA);
442 proto_item_append_text(tr, "NetBIOS:%s", tvb_get_string(wmem_packet_scope(), tvb, offset, len));
443 break;
444 case PROTO_ID_HTTP: /* RPC over HTTP */
445 proto_tree_add_item(tr, hf_epm_proto_http_port, tvb, offset, 2, ENC_BIG_ENDIAN);
446 proto_item_append_text(tr, "RPC over HTTP Port:%d", tvb_get_ntohs(tvb, offset));
447 break;
448
449 default:
450 if(len){
451 expert_add_info_format(pinfo, pi, &ei_epm_proto_undecoded, "RightHandSide not decoded yet for proto_id 0x%x",
452 proto_id);
453 }
454 }
455 offset += len;
456
457 proto_item_set_len(it, offset-old_offset);
458 }
459 return offset;
460 }
461
462 /* typedef struct {
463 unsigned int tower_len,
464 [size_is(tower_len)] char tower[];
465 } twr_t, *twr_p_t;
466 */
467 static int
468 epm_dissect_tower (tvbuff_t *tvb, int offset,
469 packet_info *pinfo, proto_tree *tree,
470 dcerpc_info *di, guint8 *drep)
471 {
472 guint3264 len;
473
474 if(di->conformant_run){
475 return offset;
476 }
477
478 /* first one is the header of the conformant array, second one is the
479 length field */
480 offset = dissect_ndr_uint3264 (tvb, offset, pinfo, tree, di, drep,
481 hf_epm_tower_length, &len);
482 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
483 hf_epm_tower_length, NULL);
484 offset = epm_dissect_tower_data(tvb, offset, pinfo, tree, di, drep);
485
486 return offset;
487 }
488 static int
489 epm_dissect_tower_pointer (tvbuff_t *tvb, int offset,
490 packet_info *pinfo, proto_tree *tree,
491 dcerpc_info *di, guint8 *drep)
492 {
493 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
494 epm_dissect_tower, NDR_POINTER_PTR,
495 "Tower pointer:", -1);
496 return offset;
497 }
498 static int
499 epm_dissect_tower_array (tvbuff_t *tvb, int offset,
500 packet_info *pinfo, proto_tree *tree,
501 dcerpc_info *di, guint8 *drep)
502 {
503 offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, di, drep,
504 epm_dissect_tower_pointer);
505
506 return offset;
507 }
508
509 static int
510 epm_dissect_ept_map_rqst (tvbuff_t *tvb, int offset,
511 packet_info *pinfo, proto_tree *tree,
512 dcerpc_info *di, guint8 *drep)
513 {
514 /* [in, ptr] uuid_p_t object */
515 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
516 epm_dissect_uuid, NDR_POINTER_PTR,
517 "UUID pointer:", -1);
518
519 /* [in, ptr] twr_p_t map_tower */
520 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
521 epm_dissect_tower, NDR_POINTER_PTR,
522 "Tower pointer:", -1);
523
524 /* [in, out] ept_lookup_handle_t *entry_handle */
525 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
526 hf_epm_hnd, NULL);
527
528 /* [in] unsigned32 max_towers */
529 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
530 hf_epm_max_towers, NULL);
531
532 return offset;
533 }
534
535 static int
536 epm_dissect_ept_map_resp (tvbuff_t *tvb, int offset,
537 packet_info *pinfo, proto_tree *tree,
538 dcerpc_info *di, guint8 *drep)
539 {
540 /* [in, out] ept_lookup_handle_t *entry_handle */
541 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
542 hf_epm_hnd, NULL);
543
544 /* [out, ptr] unsigned32 *num_towers */
545 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
546 hf_epm_num_towers, NULL);
547
548 /* [out, length_is(*num_towers), size_is(max_towers), ptr] twr_p_t towers[] */
549 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
550 epm_dissect_tower_array, NDR_POINTER_REF,
551 "Tower array:", -1);
552
553 /* [out] error_status_t *status */
554 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
555 hf_epm_rc, NULL);
556
557 return offset;
558 }
559
560 static int
561 epm_dissect_ept_entry_t_ucarray(tvbuff_t *tvb, int offset,
562 packet_info *pinfo, proto_tree *tree,
563 dcerpc_info *di, guint8 *drep)
564 {
565 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
566 epm_dissect_ept_entry_t);
567
568 return offset;
569 }
570
571 static int
572 epm_dissect_ept_insert_rqst (tvbuff_t *tvb, int offset,
573 packet_info *pinfo, proto_tree *tree,
574 dcerpc_info *di, guint8 *drep)
575 {
576 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
577 hf_epm_num_ents, NULL);
578
579 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
580 epm_dissect_ept_entry_t_ucarray, NDR_POINTER_REF,
581 "Entries:", -1);
582
583 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
584 hf_epm_replace, NULL);
585
586 return offset;
587 }
588
589
590
591 static int
592 epm_dissect_ept_insert_resp (tvbuff_t *tvb, int offset,
593 packet_info *pinfo, proto_tree *tree,
594 dcerpc_info *di _U_, guint8 *drep)
595 {
596 /* [out] error_status_t *status */
597 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
598 hf_epm_rc, NULL);
599
600 return offset;
601 }
602
603
604 static int
605 epm_dissect_ept_delete_rqst (tvbuff_t *tvb, int offset,
606 packet_info *pinfo, proto_tree *tree,
607 dcerpc_info *di, guint8 *drep)
608 {
609 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
610 hf_epm_num_ents, NULL);
611
612 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
613 epm_dissect_ept_entry_t_ucarray, NDR_POINTER_REF,
614 "Entries:", -1);
615
616 return offset;
617 }
618
619
620
621 static int
622 epm_dissect_ept_delete_resp (tvbuff_t *tvb, int offset,
623 packet_info *pinfo, proto_tree *tree,
624 dcerpc_info *di _U_, guint8 *drep)
625 {
626 /* [out] error_status_t *status */
627 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
628 hf_epm_rc, NULL);
629
630 return offset;
631 }
632
633
634
635 static int
636 epm_dissect_ept_lookup_handle_free_rqst (tvbuff_t *tvb, int offset,
637 packet_info *pinfo, proto_tree *tree,
638 dcerpc_info *di, guint8 *drep)
639 {
640 /* [in, out] ept_lookup_handle_t *entry_handle */
641 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
642 hf_epm_hnd, NULL);
643
644 return offset;
645 }
646
647 static int
648 epm_dissect_ept_lookup_handle_free_resp (tvbuff_t *tvb, int offset,
649 packet_info *pinfo, proto_tree *tree,
650 dcerpc_info *di, guint8 *drep)
651 {
652 /* [in, out] ept_lookup_handle_t *entry_handle */
653 offset = dissect_ndr_ctx_hnd (tvb, offset, pinfo, tree, di, drep,
654 hf_epm_hnd, NULL);
655
656 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
657 hf_epm_rc, NULL);
658
659 return offset;
660 }
661
662
663 static dcerpc_sub_dissector epm_dissectors[] = {
664 { 0, "Insert",
665 epm_dissect_ept_insert_rqst,
666 epm_dissect_ept_insert_resp },
667 { 1, "Delete",
668 epm_dissect_ept_delete_rqst,
669 epm_dissect_ept_delete_resp },
670 { 2, "Lookup",
671 epm_dissect_ept_lookup_rqst,
672 epm_dissect_ept_lookup_resp },
673 { 3, "Map",
674 epm_dissect_ept_map_rqst,
675 epm_dissect_ept_map_resp },
676 { 4, "LookupHandleFree",
677 epm_dissect_ept_lookup_handle_free_rqst,
678 epm_dissect_ept_lookup_handle_free_resp },
679 { 5, "InqObject", NULL, NULL },
680 { 6, "MgmtDelete", NULL, NULL },
681 { 0, NULL, NULL, NULL }
682 };
683
684 void
685 proto_register_epm (void)
686 {
687 static hf_register_info hf[] = {
688 { &hf_epm_opnum,
689 { "Operation", "epm.opnum", FT_UINT16, BASE_DEC,
690 NULL, 0x0, NULL, HFILL }},
691 { &hf_epm_inquiry_type,
692 { "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, VALS(ep_service), 0x0, NULL, HFILL }},
693 { &hf_epm_object,
694 { "Object", "epm.object", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
695 { &hf_epm_if_id,
696 { "Interface", "epm.if_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
697 { &hf_epm_ver_maj,
698 { "Version Major", "epm.ver_maj", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
699 { &hf_epm_ver_min,
700 { "Version Minor", "epm.ver_min", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
701 { &hf_epm_ver_opt,
702 { "Version Option", "epm.ver_opt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
703 { &hf_epm_hnd,
704 { "Handle", "epm.hnd", FT_BYTES, BASE_NONE, NULL, 0x0, "Context handle", HFILL }},
705 { &hf_epm_max_ents,
706 { "Max entries", "epm.max_ents", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
707 { &hf_epm_num_ents,
708 { "Num entries", "epm.num_ents", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
709 { &hf_epm_uuid,
710 { "UUID", "epm.uuid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
711 { &hf_epm_annotation,
712 { "Annotation", "epm.annotation", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
713 { &hf_epm_proto_named_pipes,
714 { "Named Pipe", "epm.proto.named_pipe", FT_STRING, BASE_NONE, NULL, 0x0, "Name of the named pipe for this service", HFILL }},
715 { &hf_epm_proto_netbios_name,
716 { "NetBIOS Name", "epm.proto.netbios_name", FT_STRING, BASE_NONE, NULL, 0x0, "NetBIOS name where this service can be found", HFILL }},
717 { &hf_epm_tower_length,
718 { "Length", "epm.tower.len", FT_UINT32, BASE_DEC, NULL, 0x0, "Length of tower data", HFILL }},
719 #if 0
720 { &hf_epm_tower_data,
721 { "Tower", "epm.tower", FT_BYTES, BASE_NONE, NULL, 0x0, "Tower data", HFILL }},
722 #endif
723 { &hf_epm_max_towers,
724 { "Max Towers", "epm.max_towers", FT_UINT32, BASE_DEC, NULL, 0x0, "Maximum number of towers to return", HFILL }},
725 { &hf_epm_num_towers,
726 { "Num Towers", "epm.num_towers", FT_UINT32, BASE_DEC, NULL, 0x0, "Number number of towers to return", HFILL }},
727 { &hf_epm_ann_offset,
728 { "Annotation offset", "epm.ann_offset", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
729 { &hf_epm_ann_len,
730 { "Annotation length", "epm.ann_len", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
731 { &hf_epm_rc,
732 { "Return code", "epm.rc", FT_UINT32, BASE_HEX, NULL, 0x0, "EPM return value", HFILL }},
733 { &hf_epm_replace,
734 { "Replace", "epm.replace", FT_UINT8, BASE_DEC, NULL, 0x0, "Replace existing objects?", HFILL }},
735 { &hf_epm_tower_num_floors,
736 { "Number of floors", "epm.tower.num_floors", FT_UINT16, BASE_DEC, NULL, 0x0, "Number of floors in tower", HFILL }},
737 { &hf_epm_proto_udp_port,
738 { "UDP Port", "epm.proto.udp_port", FT_UINT16, BASE_DEC, NULL, 0x0, "UDP Port where this service can be found", HFILL }},
739 { &hf_epm_proto_tcp_port,
740 { "TCP Port", "epm.proto.tcp_port", FT_UINT16, BASE_DEC, NULL, 0x0, "TCP Port where this service can be found", HFILL }},
741 { &hf_epm_proto_http_port,
742 { "TCP Port", "epm.proto.http_port", FT_UINT16, BASE_DEC, NULL, 0x0, "TCP Port where this service can be found", HFILL }},
743 { &hf_epm_tower_rhs_len,
744 { "RHS Length", "epm.tower.rhs.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of RHS data", HFILL }},
745 { &hf_epm_tower_lhs_len,
746 { "LHS Length", "epm.tower.lhs.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of LHS data", HFILL }},
747 { &hf_epm_proto_ip,
748 { "IP", "epm.proto.ip", FT_IPv4, BASE_NONE, NULL, 0x0, "IP address where service is located", HFILL }},
749 { &hf_epm_tower_proto_id,
750 { "Protocol", "epm.tower.proto_id", FT_UINT8, BASE_HEX, VALS(proto_id_vals), 0x0, "Protocol identifier", HFILL }}
751 };
752 static gint *ett[] = {
753 &ett_epm,
754 &ett_epm_tower_floor,
755 &ett_epm_entry
756 };
757
758 static ei_register_info ei[] = {
759 { &ei_epm_proto_undecoded, { "epm.proto_id.undecoded", PI_UNDECODED, PI_WARN, "RightHandSide not decoded yet for proto_id", EXPFILL }},
760 };
761
762 expert_module_t* expert_epm3;
763
764 /* interface version 3 */
765 proto_epm3 = proto_register_protocol ("DCE/RPC Endpoint Mapper", "EPM", "epm");
766 proto_register_field_array (proto_epm3, hf, array_length (hf));
767 proto_register_subtree_array (ett, array_length (ett));
768 expert_epm3 = expert_register_protocol(proto_epm3);
769 expert_register_field_array(expert_epm3, ei, array_length(ei));
770
771 /* interface version 4 */
772 proto_epm4 = proto_register_protocol ("DCE/RPC Endpoint Mapper v4", "EPMv4", "epm4");
773 }
774
775 void
776 proto_reg_handoff_epm (void)
777 {
778 /* Register the protocol as dcerpc */
779 dcerpc_init_uuid (proto_epm3, ett_epm, &uuid_epm, ver_epm3, epm_dissectors, hf_epm_opnum);
780 dcerpc_init_uuid (proto_epm4, ett_epm, &uuid_epm, ver_epm4, epm_dissectors, hf_epm_opnum);
781 }
782
783 /*
784 * Editor modelines - http://www.wireshark.org/tools/modelines.html
785 *
786 * Local variables:
787 * c-basic-offset: 4
788 * tab-width: 8
789 * indent-tabs-mode: nil
790 * End:
791 *
792 * vi: set shiftwidth=4 tabstop=8 expandtab:
793 * :indentSize=4:tabSize=8:noTabs=true:
794 */