static void
dissect_whoent(tvbuff_t *tvb, int offset, proto_tree *tree)
{
proto_tree *whoent_tree = NULL;
proto_item *whoent_ti = NULL;
int line_offset = offset;
guint8 *out_line;
guint8 *out_name;
nstime_t ts;
int whoent_num = 0;
guint32 idle_secs; /* say that out loud... */
ts.nsecs = 0;
while (tvb_reported_length_remaining(tvb, line_offset) > 0
&& whoent_num < MAX_NUM_WHOENTS) {
whoent_ti = proto_tree_add_item(tree, hf_who_whoent, tvb,
line_offset, SIZE_OF_WHOENT, ENC_NA);
whoent_tree = proto_item_add_subtree(whoent_ti, ett_whoent);
out_line = tvb_get_stringzpad(wmem_packet_scope(), tvb, line_offset, 8, ENC_ASCII|ENC_NA);
proto_tree_add_string(whoent_tree, hf_who_tty, tvb, line_offset,
8, out_line);
line_offset += 8;
out_name = tvb_get_stringzpad(wmem_packet_scope(), tvb, line_offset, 8, ENC_ASCII|ENC_NA);
proto_tree_add_string(whoent_tree, hf_who_uid, tvb, line_offset,
8, out_name);
line_offset += 8;
ts.secs = tvb_get_ntohl(tvb, line_offset);
proto_tree_add_time(whoent_tree, hf_who_timeon, tvb,
line_offset, 4, &ts);
line_offset += 4;
idle_secs = tvb_get_ntohl(tvb, line_offset);
proto_tree_add_uint_format(whoent_tree, hf_who_idle, tvb,
line_offset, 4, idle_secs, "Idle: %s",
time_secs_to_str(wmem_packet_scope(), idle_secs));
line_offset += 4;
whoent_num++;
}
}
static void
dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
int offset = 0;
guint8 cmd;
proto_tree *tree = NULL;
proto_item *item = NULL;
guint32 periodicity;
guint8 *host_name;
gint namelen;
guint8 server_count;
guint8 os_major_ver, os_minor_ver;
const gchar *windows_version;
int i;
guint32 uptime;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
col_clear(pinfo->cinfo, COL_INFO);
cmd = tvb_get_guint8(tvb, offset);
/* Put in something, and replace it later */
col_add_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));
item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, ENC_NA);
tree = proto_item_add_subtree(item, ett_browse);
/* command */
proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
offset += 1;
switch (cmd) {
case BROWSE_DOMAIN_ANNOUNCEMENT:
case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
case BROWSE_HOST_ANNOUNCE: {
/* update count */
proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* periodicity (in milliseconds) */
periodicity = tvb_get_letohl(tvb, offset);
proto_tree_add_uint_format_value(tree, hf_periodicity, tvb, offset, 4,
periodicity,
"%s",
time_msecs_to_str(wmem_packet_scope(), periodicity));
offset += 4;
/* server name */
host_name = tvb_get_stringzpad(wmem_packet_scope(), tvb, offset, HOST_NAME_LEN, ENC_CP437|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);
proto_tree_add_string_format(tree, hf_server_name,
tvb, offset, HOST_NAME_LEN,
host_name,
(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
"Domain/Workgroup: %s":
"Host Name: %s",
host_name);
offset += HOST_NAME_LEN;
/* Windows version (See "OSVERSIONINFO Structure" on MSDN) */
os_major_ver = tvb_get_guint8(tvb, offset);
os_minor_ver = tvb_get_guint8(tvb, offset+1);
SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version);
proto_tree_add_string(tree, hf_windows_version, tvb, offset, 2, windows_version);
/* OS major version */
proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* OS minor version */
proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* server type flags */
offset = dissect_smb_server_type_flags(
tvb, offset, pinfo, tree, NULL, TRUE);
if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT && tvb_get_letohs (tvb, offset + 2) != 0xAA55) {
/*
* Network Monitor claims this is a "Comment
* Pointer". I don't believe it.
*
* It's not a browser protocol major/minor
* version number, and signature constant,
* however.
*/
proto_tree_add_item(tree, hf_mysterious_field, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
} else {
/* browser protocol major version */
proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* browser protocol minor version */
proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* signature constant */
proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
}
/* master browser server name or server comment */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree,
(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
hf_mb_server_name : hf_server_comment,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
break;
}
case BROWSE_REQUEST_ANNOUNCE: {
guint8 *computer_name;
/* unused/unknown flags */
proto_tree_add_item(tree, hf_unused_flags,
tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* name of computer to which to send reply */
computer_name = tvb_get_stringz_enc(wmem_packet_scope(), tvb, offset, &namelen, ENC_ASCII);
proto_tree_add_string(tree, hf_response_computer_name,
tvb, offset, namelen, computer_name);
col_append_fstr(pinfo->cinfo, COL_INFO, " %s", computer_name);
break;
}
case BROWSE_ELECTION_REQUEST:
/* election version */
proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* criterion */
dissect_election_criterion(tvb, tree, offset);
offset += 4;
/* server uptime */
uptime = tvb_get_letohl(tvb, offset);
proto_tree_add_uint_format_value(tree, hf_server_uptime,
tvb, offset, 4, uptime,
"%s",
time_msecs_to_str(wmem_packet_scope(), uptime));
offset += 4;
/* next 4 bytes must be zero */
offset += 4;
/* server name */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_server_name,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
break;
case BROWSE_BACKUP_LIST_REQUEST:
/* backup list requested count */
proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
/* backup requested token */
proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
break;
case BROWSE_BACKUP_LIST_RESPONSE:
/* backup list requested count */
server_count = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1,
server_count);
offset += 1;
/* backup requested token */
proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
/* backup server names */
for (i = 0; i < server_count; i++) {
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_backup_server,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
offset += namelen;
}
break;
case BROWSE_MASTER_ANNOUNCEMENT:
/* master browser server name */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_mb_server_name,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
break;
case BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT: {
static const int * flags[] = {
&hf_mb_reset_demote,
&hf_mb_reset_flush,
&hf_mb_reset_stop,
NULL
};
proto_tree_add_bitmask(tree, tvb, offset, hf_mb_reset_command, ett_browse_reset_cmd_flags, flags, ENC_NA);
break;
}
case BROWSE_BECOME_BACKUP:
/* name of browser to promote */
namelen = tvb_strsize(tvb, offset);
proto_tree_add_item(tree, hf_browser_to_promote,
tvb, offset, namelen, ENC_ASCII|ENC_NA);
break;
}
}
static void
dissect_who(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
proto_tree *who_tree = NULL;
proto_item *who_ti = NULL;
guint8 *server_name;
double loadav_5 = 0.0, loadav_10 = 0.0, loadav_15 = 0.0;
nstime_t ts;
/* Summary information */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "WHO");
col_clear(pinfo->cinfo, COL_INFO);
ts.nsecs = 0;
if (tree) {
who_ti = proto_tree_add_item(tree, proto_who, tvb, offset, -1,
ENC_NA);
who_tree = proto_item_add_subtree(who_ti, ett_who);
}
if (tree)
proto_tree_add_item(who_tree, hf_who_vers, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
if (tree)
proto_tree_add_item(who_tree, hf_who_type, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
/* 2 filler bytes */
offset += 2;
if (tree) {
ts.secs = tvb_get_ntohl(tvb, offset);
proto_tree_add_time(who_tree, hf_who_sendtime, tvb, offset, 4,
&ts);
}
offset += 4;
if (tree) {
ts.secs = tvb_get_ntohl(tvb, offset);
proto_tree_add_time(who_tree, hf_who_recvtime, tvb, offset, 4,
&ts);
}
offset += 4;
server_name = tvb_get_stringzpad(wmem_packet_scope(), tvb, offset, 32, ENC_ASCII|ENC_NA);
if (tree)
proto_tree_add_string(who_tree, hf_who_hostname, tvb, offset,
32, server_name);
offset += 32;
loadav_5 = (double) tvb_get_ntohl(tvb, offset) / 100.0;
if (tree)
proto_tree_add_double(who_tree, hf_who_loadav_5, tvb, offset,
4, loadav_5);
offset += 4;
loadav_10 = (double) tvb_get_ntohl(tvb, offset) / 100.0;
if (tree)
proto_tree_add_double(who_tree, hf_who_loadav_10, tvb, offset,
4, loadav_10);
offset += 4;
loadav_15 = (double) tvb_get_ntohl(tvb, offset) / 100.0;
if (tree)
proto_tree_add_double(who_tree, hf_who_loadav_15, tvb, offset,
4, loadav_15);
offset += 4;
/* Summary information */
col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %.02f %.02f %.02f",
server_name, loadav_5, loadav_10, loadav_15);
if (tree) {
ts.secs = tvb_get_ntohl(tvb, offset);
proto_tree_add_time(who_tree, hf_who_boottime, tvb, offset, 4,
&ts);
offset += 4;
dissect_whoent(tvb, offset, who_tree);
}
}
