static int krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * tree, guint8 *drep) { guint32 keysize, spare1, remain; proto_item *item; tvbuff_t *krb5_tvb; proto_tree *subtree; /* * [in] handle_t h, * [in] unsigned32 len, * [in, size_is(len)] * byte message[], * [in] unsigned32 out_buf_len, */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1); item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA); subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5); remain = tvb_length_remaining(tvb, offset); krb5_tvb = tvb_new_subset (tvb, offset, remain, remain); offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL); return offset; }
static void dissect_payload_kink_ap_rep(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree){ proto_tree *payload_kink_ap_rep_tree; proto_item *ti; guint8 next_payload; guint payload_length; guint16 krb_ap_rep_length; int start_payload_offset = 0; /* Keep beginning of payload offset */ payload_length = tvb_get_ntohs(tvb, offset + TO_PAYLOAD_LENGTH); start_payload_offset = offset; /* Make the subtree */ ti = proto_tree_add_text(tree, tvb, offset, payload_length,"KINK_AP_REP"); payload_kink_ap_rep_tree = proto_item_add_subtree(ti, ett_payload_kink_ap_rep); next_payload = tvb_get_guint8(tvb, offset); proto_tree_add_uint(payload_kink_ap_rep_tree, hf_kink_next_payload, tvb, offset, 1, next_payload); offset ++; proto_tree_add_item(payload_kink_ap_rep_tree, hf_kink_reserved8, tvb, offset, 1, ENC_BIG_ENDIAN); offset ++; ti = proto_tree_add_uint(payload_kink_ap_rep_tree, hf_kink_payload_length, tvb, offset, 2, payload_length); if(payload_length <= PAYLOAD_HEADER){ expert_add_info_format(pinfo, ti, PI_PROTOCOL, PI_WARN, "This Payload Length is too small"); } offset += 2; /* Show time as UTC, not local time. */ proto_tree_add_item(payload_kink_ap_rep_tree, hf_kink_epoch, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; if(payload_length > PAYLOAD_HEADER){ tvbuff_t *krb_tvb; krb_ap_rep_length = payload_length - PAYLOAD_HEADER; krb_tvb=tvb_new_subset(tvb, offset, (krb_ap_rep_length>tvb_length_remaining(tvb, offset))?tvb_length_remaining(tvb, offset):krb_ap_rep_length, krb_ap_rep_length); keytype=kerberos_output_keytype(); dissect_kerberos_main(krb_tvb, pinfo, payload_kink_ap_rep_tree, FALSE, NULL); offset += krb_ap_rep_length; } /* This part consider the padding. Payload_length don't contain the padding. */ if(payload_length % PADDING != 0){ payload_length += (PADDING - (payload_length % PADDING)); } offset = start_payload_offset + payload_length; if(payload_length > 0) { control_payload(pinfo, tvb, offset, next_payload, tree); /* Recur control_payload() */ } }
static void dissect_payload_kink_krb_error(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree){ proto_tree *payload_kink_krb_error_tree; proto_item *ti; guint8 next_payload; guint8 reserved; guint payload_length; guint16 krb_error_length; int start_payload_offset = 0; /* Keep the begining of the payload offset */ payload_length = tvb_get_ntohs(tvb, offset + TO_PAYLOAD_LENGTH); start_payload_offset = offset; /* Make the subtree */ ti = proto_tree_add_text(tree, tvb, offset, payload_length,"KINK_KRB_ERROR"); payload_kink_krb_error_tree = proto_item_add_subtree(ti, ett_payload_kink_krb_error); next_payload = tvb_get_guint8(tvb, offset); proto_tree_add_uint(payload_kink_krb_error_tree, hf_kink_next_payload, tvb, offset, 1, next_payload); offset ++; reserved = tvb_get_guint8(tvb, offset); proto_tree_add_text(payload_kink_krb_error_tree, tvb, offset, 1, "RESERVED: %u", reserved); offset ++; if(payload_length <= KINK_KRB_ERROR_HEADER){ proto_tree_add_text(payload_kink_krb_error_tree, tvb, offset, 2, "This Payload Length is too small.: %u", payload_length); } else{ proto_tree_add_text(payload_kink_krb_error_tree, tvb, offset, 2, "Payload Length: %u", payload_length); offset += 2; } if(payload_length > KINK_KRB_ERROR_HEADER){ tvbuff_t *krb_tvb; krb_error_length = payload_length - KINK_KRB_ERROR_HEADER; krb_tvb=tvb_new_subset(tvb, offset, (krb_error_length>tvb_length_remaining(tvb, offset))?tvb_length_remaining(tvb, offset):krb_error_length, krb_error_length); dissect_kerberos_main(krb_tvb, pinfo, payload_kink_krb_error_tree, FALSE, NULL); offset += krb_error_length; } /* This part consider the padding. Payload_length don't contain the padding. */ if(payload_length % PADDING != 0){ payload_length += (PADDING - (payload_length % PADDING)); } offset = start_payload_offset + payload_length; if(payload_length > 0) { control_payload(pinfo, tvb, offset, next_payload, tree); /* Recur control_payload() */ } }
static int krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * tree, guint8 *drep) { guint32 resp_len, maxsize, spare1, keysize, remain; proto_item *item; tvbuff_t *krb5_tvb; proto_tree *subtree; /* * * [out] unsigned32 *resp_len, * [out, length_is(*resp_len), size_is(out_buf_len)] * byte out_buf[], * [out] error_status_t *st unsigned long * */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_resp_len, &resp_len); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_resp_max, &maxsize); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_resp_spare1, &spare1); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_krb5rpc_sendto_kdc_resp_keysize, &keysize); item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA); subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5); remain = tvb_length_remaining(tvb, offset); krb5_tvb = tvb_new_subset (tvb, offset, remain, remain); offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL); offset += 16; /* no idea what this is, probably just extended encrypted text. */ return offset; }
static void dissect_payload_kink_ap_rep(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree){ proto_tree *payload_kink_ap_rep_tree; proto_item *ti; guint8 next_payload; guint8 reserved; guint payload_length; guint16 krb_ap_rep_length; time_t timer; struct tm *tp; int start_payload_offset = 0; /* Keep begining of payload offset */ payload_length = tvb_get_ntohs(tvb, offset + TO_PAYLOAD_LENGTH); start_payload_offset = offset; /* Make the subtree */ ti = proto_tree_add_text(tree, tvb, offset, payload_length,"KINK_AP_REP"); payload_kink_ap_rep_tree = proto_item_add_subtree(ti, ett_payload_kink_ap_rep); next_payload = tvb_get_guint8(tvb, offset); proto_tree_add_uint(payload_kink_ap_rep_tree, hf_kink_next_payload, tvb, offset, 1, next_payload); offset ++; reserved = tvb_get_guint8(tvb, offset); proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 1, "RESERVED: %u", reserved); offset ++; if(payload_length <= PAYLOAD_HEADER){ proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 2, "This Payload Length is too small.: %u", payload_length); } else{ proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 2, "Payload Length: %u", payload_length); } offset += 2; /* Analize time by the utc. */ timer = tvb_get_ntohl(tvb, offset); tp = gmtime(&timer); if(tp){ proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 4, "EPOCH: month %u. day %u. year %u.%u.%u.%u by UTC", (tp->tm_mon)+1, tp->tm_mday, (tp->tm_year)+1900, tp->tm_hour, tp->tm_min, tp->tm_sec); } else { proto_tree_add_text(payload_kink_ap_rep_tree, tvb, offset, 4, "EPOCH: value invalid"); } offset += 4; if(payload_length > PAYLOAD_HEADER){ tvbuff_t *krb_tvb; krb_ap_rep_length = payload_length - PAYLOAD_HEADER; krb_tvb=tvb_new_subset(tvb, offset, (krb_ap_rep_length>tvb_length_remaining(tvb, offset))?tvb_length_remaining(tvb, offset):krb_ap_rep_length, krb_ap_rep_length); keytype=kerberos_output_keytype(); dissect_kerberos_main(krb_tvb, pinfo, payload_kink_ap_rep_tree, FALSE, NULL); offset += krb_ap_rep_length; } /* This part consider the padding. Payload_length don't contain the padding. */ if(payload_length % PADDING != 0){ payload_length += (PADDING - (payload_length % PADDING)); } offset = start_payload_offset + payload_length; if(payload_length > 0) { control_payload(pinfo, tvb, offset, next_payload, tree); /* Recur control_payload() */ } }