static int
rs_misc_dissect_login_get_info_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 key_size;
const guint8 *key_t1 = NULL;
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
hf_rs_misc_login_get_info_rqst_var, NULL);
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
hf_rs_misc_login_get_info_rqst_key_size, &key_size);
if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */
proto_tree_add_item_ret_string(tree, hf_rs_misc_login_get_info_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA, wmem_packet_scope(), &key_t1);
offset += key_size;
col_append_fstr(pinfo->cinfo, COL_INFO,
"rs_login_get_info Request for: %s ", key_t1);
} else {
col_append_str(pinfo->cinfo, COL_INFO,
"rs_login_get_info Request (other)");
}
return offset;
}
static void
dissect_bfd_authentication(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 24;
guint8 auth_type;
guint8 auth_len;
proto_item *auth_item = NULL;
proto_tree *auth_tree = NULL;
const guint8 *password;
auth_type = tvb_get_guint8(tvb, offset);
auth_len = tvb_get_guint8(tvb, offset + 1);
if (tree) {
auth_tree = proto_tree_add_subtree_format(tree, tvb, offset, auth_len,
ett_bfd_auth, NULL, "Authentication: %s",
val_to_str(auth_type,
bfd_control_auth_type_values,
"Unknown Authentication Type (%d)") );
proto_tree_add_item(auth_tree, hf_bfd_auth_type, tvb, offset, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(auth_tree, hf_bfd_auth_len, tvb, offset + 1, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(auth_tree, hf_bfd_auth_key, tvb, offset + 2, 1, ENC_BIG_ENDIAN);
}
switch (auth_type) {
case BFD_AUTH_SIMPLE:
proto_tree_add_item_ret_string(auth_tree, hf_bfd_auth_password, tvb, offset+3,
auth_len-3, ENC_ASCII|ENC_NA, wmem_packet_scope(), &password);
proto_item_append_text(auth_item, ": %s", password);
break;
case BFD_AUTH_MD5:
case BFD_AUTH_MET_MD5:
case BFD_AUTH_SHA1:
case BFD_AUTH_MET_SHA1:
if (auth_len != get_bfd_required_auth_len(auth_type)) {
proto_tree_add_expert_format(auth_tree, pinfo, &ei_bfd_auth_len_invalid, tvb, offset, auth_len,
"Length of authentication section (%d) is invalid for Authentication Type: %s",
auth_len, val_to_str(auth_type, bfd_control_auth_type_values, "Unknown Authentication Type (%d)") );
proto_item_append_text(auth_item, ": Invalid Authentication Section");
}
if (tree) {
proto_tree_add_item(auth_tree, hf_bfd_auth_seq_num, tvb, offset+4, 4, ENC_BIG_ENDIAN);
proto_tree_add_item(auth_tree, hf_bfd_checksum, tvb, offset+8, get_bfd_checksum_len(auth_type), ENC_NA);
}
break;
default:
break;
}
}
/* Info String */
static void
dissect_m2tp_info_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item)
{
guint16 length, info_string_length;
const guint8 *info_string;
if (parameter_tree) {
length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET);
info_string_length = length - PARAMETER_HEADER_LENGTH;
proto_tree_add_item_ret_string(parameter_tree, hf_m2tp_info_string, parameter_tvb, INFO_STRING_OFFSET, info_string_length, ENC_ASCII, wmem_packet_scope(), &info_string);
proto_item_set_text(parameter_item, "Info String (%.*s)", info_string_length, info_string);
}
}
static int
dissect_sec_rgy_pname_t (tvbuff_t * tvb, int offset,
packet_info * pinfo, proto_tree * parent_tree,
dcerpc_info *di, guint8 * drep)
{
proto_item *item;
proto_tree *tree;
int old_offset = offset;
const guint8 *principal;
#define sec_rgy_pname_t_size 257
/*
dissect sec_rgy_pname const signed32 sec_rgy_pname_t_size = 257; * Include final '\0' *
typedef [string] char sec_rgy_pname_t[sec_rgy_pname_t_size];
*/
guint32 string_size;
if (di->conformant_run)
{
return offset;
}
tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_sec_rgy_pname_t, &item, "sec_rgy_pname_t");
offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
hf_sec_rgy_pname_t_size, &string_size);
col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size);
if (string_size < sec_rgy_pname_t_size)
{
/* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */
proto_tree_add_item_ret_string(tree, hf_sec_rgy_pname_t_principalName_string,
tvb, offset, string_size, ENC_ASCII|ENC_NA, wmem_packet_scope(), &principal);
if (string_size > 1)
{
col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s", principal);
}
offset += string_size;
}
else
{
col_append_fstr (pinfo->cinfo, COL_INFO,
" :FIXME!: Invalid string length of %u",
string_size);
}
proto_item_set_len (item, offset - old_offset);
return offset;
}
static int
rs_acct_dissect_get_projlist_rqst (tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 key_size;
const guint8 *keyx_t = NULL;
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_rs_acct_get_projlist_rqst_var1, NULL);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
hf_rs_acct_get_projlist_rqst_key_size, &key_size);
proto_tree_add_item_ret_string(tree, hf_rs_acct_get_projlist_rqst_key_t,
tvb, offset, key_size, ENC_ASCII|ENC_NA, wmem_packet_scope(), &keyx_t);
offset += key_size;
col_append_fstr(pinfo->cinfo, COL_INFO,
" Request for: %s", keyx_t);
return offset;
}
static void
dissect_cbsp_content_ie(tvbuff_t *tvb, packet_info *pinfo, guint offset, gint len, proto_tree *tree,
guint8 sms_encoding, proto_item *ti)
{
proto_item *cbs_page_item;
tvbuff_t *next_tvb, *unpacked_tvb;
const guint8 *pstr;
proto_tree_add_item(tree, hf_cbsp_user_info_length, tvb, offset, 1, ENC_NA);
cbs_page_item = proto_tree_add_item(tree, hf_cbsp_cb_msg_page, tvb, offset+1, len-1, ENC_NA);
next_tvb = tvb_new_subset_length(tvb, offset+1, len-1);
unpacked_tvb = dissect_cbs_data(sms_encoding, next_tvb, tree, pinfo, 0);
if (tree) {
guint captured_len = tvb_captured_length(unpacked_tvb);
proto_tree *cbs_page_subtree = proto_item_add_subtree(cbs_page_item, ett_cbsp_cbs_page_content);
proto_tree_add_item_ret_string(cbs_page_subtree, hf_cbsp_cbs_page_content, unpacked_tvb,
0, captured_len, ENC_UTF_8|ENC_NA, wmem_packet_scope(),
&pstr);
proto_item_append_text(ti, ": '%s'", pstr);
}
}
static void dissect_tftp_message(tftp_conv_info_t *tftp_info,
tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree)
{
proto_tree *tftp_tree;
proto_item *ti;
gint offset = 0;
guint16 opcode;
guint16 bytes;
guint16 blocknum;
guint i1;
guint16 error;
tvbuff_t *data_tvb = NULL;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TFTP");
/* Protocol root */
ti = proto_tree_add_item(tree, proto_tftp, tvb, offset, -1, ENC_NA);
tftp_tree = proto_item_add_subtree(ti, ett_tftp);
/* Opcode */
opcode = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tftp_tree, hf_tftp_opcode, tvb, offset, 2, opcode);
col_add_str(pinfo->cinfo, COL_INFO,
val_to_str(opcode, tftp_opcode_vals, "Unknown (0x%04x)"));
offset += 2;
/* read and write requests contain file names
for other messages, we add the filenames from the conversation */
if (opcode!=TFTP_RRQ && opcode!=TFTP_WRQ) {
if (tftp_info->source_file) {
ti = proto_tree_add_string(tftp_tree, hf_tftp_source_file, tvb,
0, 0, tftp_info->source_file);
PROTO_ITEM_SET_GENERATED(ti);
}
if (tftp_info->destination_file) {
ti = proto_tree_add_string(tftp_tree, hf_tftp_destination_file, tvb,
0, 0, tftp_info->destination_file);
PROTO_ITEM_SET_GENERATED(ti);
}
}
switch (opcode) {
case TFTP_RRQ:
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item_ret_string(tftp_tree, hf_tftp_source_file,
tvb, offset, i1, ENC_ASCII|ENC_NA, wmem_file_scope(), &tftp_info->source_file);
/* we either have a source file name (for read requests) or a
destination file name (for write requests)
when we set one of the names, we clear the other */
tftp_info->destination_file = NULL;
col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s",
tvb_format_stringzpad(tvb, offset, i1));
offset += i1;
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item(tftp_tree, hf_tftp_transfer_type,
tvb, offset, i1, ENC_ASCII|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Transfer type: %s",
tvb_format_stringzpad(tvb, offset, i1));
offset += i1;
tftp_dissect_options(tvb, pinfo, offset, tftp_tree,
opcode, tftp_info);
break;
case TFTP_WRQ:
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item_ret_string(tftp_tree, hf_tftp_destination_file,
tvb, offset, i1, ENC_ASCII|ENC_NA, wmem_file_scope(), &tftp_info->destination_file);
tftp_info->source_file = NULL; /* see above */
col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s",
tvb_format_stringzpad(tvb, offset, i1));
offset += i1;
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item(tftp_tree, hf_tftp_transfer_type,
tvb, offset, i1, ENC_ASCII|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Transfer type: %s",
tvb_format_stringzpad(tvb, offset, i1));
offset += i1;
tftp_dissect_options(tvb, pinfo, offset, tftp_tree,
opcode, tftp_info);
break;
case TFTP_INFO:
tftp_dissect_options(tvb, pinfo, offset, tftp_tree,
opcode, tftp_info);
break;
case TFTP_DATA:
blocknum = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tftp_tree, hf_tftp_blocknum, tvb, offset, 2,
blocknum);
/* Sequence analysis on blocknums (first pass only) */
if (!pinfo->fd->flags.visited) {
if (blocknum > tftp_info->next_block_num) {
/* There is a gap. Don't try to recover from this. */
tftp_info->next_block_num = blocknum + 1;
tftp_info->blocks_missing = TRUE;
/* TODO: add info to a result table for showing expert info in later passes */
}
else if (blocknum == tftp_info->next_block_num) {
/* OK, inc what we expect next */
tftp_info->next_block_num++;
}
}
offset += 2;
/* Show number of bytes in this block, and whether it is the end of the file */
bytes = tvb_reported_length_remaining(tvb, offset);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Block: %i%s",
blocknum,
(bytes < tftp_info->blocksize)?" (last)":"" );
/* Show data in tree */
if (bytes > 0) {
data_tvb = tvb_new_subset(tvb, offset, -1, bytes);
call_data_dissector(data_tvb, pinfo, tree);
}
/* If Export Object tap is listening, need to accumulate blocks info list
to send to tap. But if already know there are blocks missing, there is no
point in trying. */
if (have_tap_listener(tftp_eo_tap) && !tftp_info->blocks_missing) {
file_block_t *block;
if (blocknum == 1) {
/* Reset data for this conversation, freeing any accumulated blocks! */
cleanup_tftp_blocks(tftp_info);
tftp_info->next_tap_block_num = 1;
}
if (blocknum != tftp_info->next_tap_block_num) {
/* Ignore. Could be missing frames, or just clicking previous frame */
return;
}
if (bytes > 0) {
/* Create a block for this block */
block = (file_block_t*)g_malloc(sizeof(file_block_t));
block->length = bytes;
block->data = tvb_memdup(NULL, data_tvb, 0, bytes);
/* Add to the end of the list (does involve traversing whole list..) */
tftp_info->block_list = g_slist_append(tftp_info->block_list, block);
tftp_info->file_length += bytes;
/* Look for next blocknum next time */
tftp_info->next_tap_block_num++;
}
/* Tap export object only when reach end of file */
if (bytes < tftp_info->blocksize) {
tftp_eo_t *eo_info;
/* If don't have a filename, won't tap file info */
if ((tftp_info->source_file == NULL) && (tftp_info->destination_file == NULL)) {
cleanup_tftp_blocks(tftp_info);
return;
}
/* Create the eo_info to pass to the listener */
eo_info = wmem_new(wmem_packet_scope(), tftp_eo_t);
/* Set filename */
if (tftp_info->source_file) {
eo_info->filename = g_strdup(tftp_info->source_file);
}
else if (tftp_info->destination_file) {
eo_info->filename = g_strdup(tftp_info->destination_file);
}
/* Send block list, which will be combined and freed at tap. */
eo_info->payload_len = tftp_info->file_length;
eo_info->pkt_num = blocknum;
eo_info->block_list = tftp_info->block_list;
/* Send to tap */
tap_queue_packet(tftp_eo_tap, pinfo, eo_info);
/* Have sent, so forget list of blocks, and only pay attention if we
get back to the first block again. */
tftp_info->block_list = NULL;
tftp_info->next_tap_block_num = 1;
}
}
break;
case TFTP_ACK:
blocknum = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tftp_tree, hf_tftp_blocknum, tvb, offset, 2,
blocknum);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Block: %i",
blocknum);
break;
case TFTP_ERROR:
error = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tftp_tree, hf_tftp_error_code, tvb, offset, 2,
error);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Code: %s",
val_to_str(error, tftp_error_code_vals, "Unknown (%u)"));
offset += 2;
i1 = tvb_strsize(tvb, offset);
proto_tree_add_item(tftp_tree, hf_tftp_error_string, tvb, offset,
i1, ENC_ASCII|ENC_NA);
col_append_fstr(pinfo->cinfo, COL_INFO, ", Message: %s",
tvb_format_stringzpad(tvb, offset, i1));
expert_add_info(pinfo, NULL, &ei_tftp_blocksize_range);
break;
case TFTP_OACK:
tftp_dissect_options(tvb, pinfo, offset, tftp_tree,
opcode, tftp_info);
break;
default:
proto_tree_add_item(tftp_tree, hf_tftp_data, tvb, offset, -1, ENC_NA);
break;
}
}
