static int rs_misc_dissect_login_get_info_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { guint32 key_size; const guint8 *key_t1 = NULL; offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_rs_misc_login_get_info_rqst_var, NULL); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_rs_misc_login_get_info_rqst_key_size, &key_size); if (key_size){ /* Not able to yet decipher the OTHER versions of this call just yet. */ proto_tree_add_item_ret_string(tree, hf_rs_misc_login_get_info_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA, wmem_packet_scope(), &key_t1); offset += key_size; col_append_fstr(pinfo->cinfo, COL_INFO, "rs_login_get_info Request for: %s ", key_t1); } else { col_append_str(pinfo->cinfo, COL_INFO, "rs_login_get_info Request (other)"); } return offset; }
static void dissect_bfd_authentication(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int offset = 24; guint8 auth_type; guint8 auth_len; proto_item *auth_item = NULL; proto_tree *auth_tree = NULL; const guint8 *password; auth_type = tvb_get_guint8(tvb, offset); auth_len = tvb_get_guint8(tvb, offset + 1); if (tree) { auth_tree = proto_tree_add_subtree_format(tree, tvb, offset, auth_len, ett_bfd_auth, NULL, "Authentication: %s", val_to_str(auth_type, bfd_control_auth_type_values, "Unknown Authentication Type (%d)") ); proto_tree_add_item(auth_tree, hf_bfd_auth_type, tvb, offset, 1, ENC_BIG_ENDIAN); proto_tree_add_item(auth_tree, hf_bfd_auth_len, tvb, offset + 1, 1, ENC_BIG_ENDIAN); proto_tree_add_item(auth_tree, hf_bfd_auth_key, tvb, offset + 2, 1, ENC_BIG_ENDIAN); } switch (auth_type) { case BFD_AUTH_SIMPLE: proto_tree_add_item_ret_string(auth_tree, hf_bfd_auth_password, tvb, offset+3, auth_len-3, ENC_ASCII|ENC_NA, wmem_packet_scope(), &password); proto_item_append_text(auth_item, ": %s", password); break; case BFD_AUTH_MD5: case BFD_AUTH_MET_MD5: case BFD_AUTH_SHA1: case BFD_AUTH_MET_SHA1: if (auth_len != get_bfd_required_auth_len(auth_type)) { proto_tree_add_expert_format(auth_tree, pinfo, &ei_bfd_auth_len_invalid, tvb, offset, auth_len, "Length of authentication section (%d) is invalid for Authentication Type: %s", auth_len, val_to_str(auth_type, bfd_control_auth_type_values, "Unknown Authentication Type (%d)") ); proto_item_append_text(auth_item, ": Invalid Authentication Section"); } if (tree) { proto_tree_add_item(auth_tree, hf_bfd_auth_seq_num, tvb, offset+4, 4, ENC_BIG_ENDIAN); proto_tree_add_item(auth_tree, hf_bfd_checksum, tvb, offset+8, get_bfd_checksum_len(auth_type), ENC_NA); } break; default: break; } }
/* Info String */ static void dissect_m2tp_info_parameter(tvbuff_t *parameter_tvb, proto_tree *parameter_tree, proto_item *parameter_item) { guint16 length, info_string_length; const guint8 *info_string; if (parameter_tree) { length = tvb_get_ntohs(parameter_tvb, PARAMETER_LENGTH_OFFSET); info_string_length = length - PARAMETER_HEADER_LENGTH; proto_tree_add_item_ret_string(parameter_tree, hf_m2tp_info_string, parameter_tvb, INFO_STRING_OFFSET, info_string_length, ENC_ASCII, wmem_packet_scope(), &info_string); proto_item_set_text(parameter_item, "Info String (%.*s)", info_string_length, info_string); } }
static int dissect_sec_rgy_pname_t (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * parent_tree, dcerpc_info *di, guint8 * drep) { proto_item *item; proto_tree *tree; int old_offset = offset; const guint8 *principal; #define sec_rgy_pname_t_size 257 /* dissect sec_rgy_pname const signed32 sec_rgy_pname_t_size = 257; * Include final '\0' * typedef [string] char sec_rgy_pname_t[sec_rgy_pname_t_size]; */ guint32 string_size; if (di->conformant_run) { return offset; } tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_sec_rgy_pname_t, &item, "sec_rgy_pname_t"); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_sec_rgy_pname_t_size, &string_size); col_append_fstr (pinfo->cinfo, COL_INFO, " String_size:%u", string_size); if (string_size < sec_rgy_pname_t_size) { /* proto_tree_add_string(tree, id, tvb, start, length, value_ptr); */ proto_tree_add_item_ret_string(tree, hf_sec_rgy_pname_t_principalName_string, tvb, offset, string_size, ENC_ASCII|ENC_NA, wmem_packet_scope(), &principal); if (string_size > 1) { col_append_fstr (pinfo->cinfo, COL_INFO, " Principal:%s", principal); } offset += string_size; } else { col_append_fstr (pinfo->cinfo, COL_INFO, " :FIXME!: Invalid string length of %u", string_size); } proto_item_set_len (item, offset - old_offset); return offset; }
static int rs_acct_dissect_get_projlist_rqst (tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { guint32 key_size; const guint8 *keyx_t = NULL; offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_acct_get_projlist_rqst_var1, NULL); offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_rs_acct_get_projlist_rqst_key_size, &key_size); proto_tree_add_item_ret_string(tree, hf_rs_acct_get_projlist_rqst_key_t, tvb, offset, key_size, ENC_ASCII|ENC_NA, wmem_packet_scope(), &keyx_t); offset += key_size; col_append_fstr(pinfo->cinfo, COL_INFO, " Request for: %s", keyx_t); return offset; }
static void dissect_cbsp_content_ie(tvbuff_t *tvb, packet_info *pinfo, guint offset, gint len, proto_tree *tree, guint8 sms_encoding, proto_item *ti) { proto_item *cbs_page_item; tvbuff_t *next_tvb, *unpacked_tvb; const guint8 *pstr; proto_tree_add_item(tree, hf_cbsp_user_info_length, tvb, offset, 1, ENC_NA); cbs_page_item = proto_tree_add_item(tree, hf_cbsp_cb_msg_page, tvb, offset+1, len-1, ENC_NA); next_tvb = tvb_new_subset_length(tvb, offset+1, len-1); unpacked_tvb = dissect_cbs_data(sms_encoding, next_tvb, tree, pinfo, 0); if (tree) { guint captured_len = tvb_captured_length(unpacked_tvb); proto_tree *cbs_page_subtree = proto_item_add_subtree(cbs_page_item, ett_cbsp_cbs_page_content); proto_tree_add_item_ret_string(cbs_page_subtree, hf_cbsp_cbs_page_content, unpacked_tvb, 0, captured_len, ENC_UTF_8|ENC_NA, wmem_packet_scope(), &pstr); proto_item_append_text(ti, ": '%s'", pstr); } }
static void dissect_tftp_message(tftp_conv_info_t *tftp_info, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *tftp_tree; proto_item *ti; gint offset = 0; guint16 opcode; guint16 bytes; guint16 blocknum; guint i1; guint16 error; tvbuff_t *data_tvb = NULL; col_set_str(pinfo->cinfo, COL_PROTOCOL, "TFTP"); /* Protocol root */ ti = proto_tree_add_item(tree, proto_tftp, tvb, offset, -1, ENC_NA); tftp_tree = proto_item_add_subtree(ti, ett_tftp); /* Opcode */ opcode = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(tftp_tree, hf_tftp_opcode, tvb, offset, 2, opcode); col_add_str(pinfo->cinfo, COL_INFO, val_to_str(opcode, tftp_opcode_vals, "Unknown (0x%04x)")); offset += 2; /* read and write requests contain file names for other messages, we add the filenames from the conversation */ if (opcode!=TFTP_RRQ && opcode!=TFTP_WRQ) { if (tftp_info->source_file) { ti = proto_tree_add_string(tftp_tree, hf_tftp_source_file, tvb, 0, 0, tftp_info->source_file); PROTO_ITEM_SET_GENERATED(ti); } if (tftp_info->destination_file) { ti = proto_tree_add_string(tftp_tree, hf_tftp_destination_file, tvb, 0, 0, tftp_info->destination_file); PROTO_ITEM_SET_GENERATED(ti); } } switch (opcode) { case TFTP_RRQ: i1 = tvb_strsize(tvb, offset); proto_tree_add_item_ret_string(tftp_tree, hf_tftp_source_file, tvb, offset, i1, ENC_ASCII|ENC_NA, wmem_file_scope(), &tftp_info->source_file); /* we either have a source file name (for read requests) or a destination file name (for write requests) when we set one of the names, we clear the other */ tftp_info->destination_file = NULL; col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", tvb_format_stringzpad(tvb, offset, i1)); offset += i1; i1 = tvb_strsize(tvb, offset); proto_tree_add_item(tftp_tree, hf_tftp_transfer_type, tvb, offset, i1, ENC_ASCII|ENC_NA); col_append_fstr(pinfo->cinfo, COL_INFO, ", Transfer type: %s", tvb_format_stringzpad(tvb, offset, i1)); offset += i1; tftp_dissect_options(tvb, pinfo, offset, tftp_tree, opcode, tftp_info); break; case TFTP_WRQ: i1 = tvb_strsize(tvb, offset); proto_tree_add_item_ret_string(tftp_tree, hf_tftp_destination_file, tvb, offset, i1, ENC_ASCII|ENC_NA, wmem_file_scope(), &tftp_info->destination_file); tftp_info->source_file = NULL; /* see above */ col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", tvb_format_stringzpad(tvb, offset, i1)); offset += i1; i1 = tvb_strsize(tvb, offset); proto_tree_add_item(tftp_tree, hf_tftp_transfer_type, tvb, offset, i1, ENC_ASCII|ENC_NA); col_append_fstr(pinfo->cinfo, COL_INFO, ", Transfer type: %s", tvb_format_stringzpad(tvb, offset, i1)); offset += i1; tftp_dissect_options(tvb, pinfo, offset, tftp_tree, opcode, tftp_info); break; case TFTP_INFO: tftp_dissect_options(tvb, pinfo, offset, tftp_tree, opcode, tftp_info); break; case TFTP_DATA: blocknum = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(tftp_tree, hf_tftp_blocknum, tvb, offset, 2, blocknum); /* Sequence analysis on blocknums (first pass only) */ if (!pinfo->fd->flags.visited) { if (blocknum > tftp_info->next_block_num) { /* There is a gap. Don't try to recover from this. */ tftp_info->next_block_num = blocknum + 1; tftp_info->blocks_missing = TRUE; /* TODO: add info to a result table for showing expert info in later passes */ } else if (blocknum == tftp_info->next_block_num) { /* OK, inc what we expect next */ tftp_info->next_block_num++; } } offset += 2; /* Show number of bytes in this block, and whether it is the end of the file */ bytes = tvb_reported_length_remaining(tvb, offset); col_append_fstr(pinfo->cinfo, COL_INFO, ", Block: %i%s", blocknum, (bytes < tftp_info->blocksize)?" (last)":"" ); /* Show data in tree */ if (bytes > 0) { data_tvb = tvb_new_subset(tvb, offset, -1, bytes); call_data_dissector(data_tvb, pinfo, tree); } /* If Export Object tap is listening, need to accumulate blocks info list to send to tap. But if already know there are blocks missing, there is no point in trying. */ if (have_tap_listener(tftp_eo_tap) && !tftp_info->blocks_missing) { file_block_t *block; if (blocknum == 1) { /* Reset data for this conversation, freeing any accumulated blocks! */ cleanup_tftp_blocks(tftp_info); tftp_info->next_tap_block_num = 1; } if (blocknum != tftp_info->next_tap_block_num) { /* Ignore. Could be missing frames, or just clicking previous frame */ return; } if (bytes > 0) { /* Create a block for this block */ block = (file_block_t*)g_malloc(sizeof(file_block_t)); block->length = bytes; block->data = tvb_memdup(NULL, data_tvb, 0, bytes); /* Add to the end of the list (does involve traversing whole list..) */ tftp_info->block_list = g_slist_append(tftp_info->block_list, block); tftp_info->file_length += bytes; /* Look for next blocknum next time */ tftp_info->next_tap_block_num++; } /* Tap export object only when reach end of file */ if (bytes < tftp_info->blocksize) { tftp_eo_t *eo_info; /* If don't have a filename, won't tap file info */ if ((tftp_info->source_file == NULL) && (tftp_info->destination_file == NULL)) { cleanup_tftp_blocks(tftp_info); return; } /* Create the eo_info to pass to the listener */ eo_info = wmem_new(wmem_packet_scope(), tftp_eo_t); /* Set filename */ if (tftp_info->source_file) { eo_info->filename = g_strdup(tftp_info->source_file); } else if (tftp_info->destination_file) { eo_info->filename = g_strdup(tftp_info->destination_file); } /* Send block list, which will be combined and freed at tap. */ eo_info->payload_len = tftp_info->file_length; eo_info->pkt_num = blocknum; eo_info->block_list = tftp_info->block_list; /* Send to tap */ tap_queue_packet(tftp_eo_tap, pinfo, eo_info); /* Have sent, so forget list of blocks, and only pay attention if we get back to the first block again. */ tftp_info->block_list = NULL; tftp_info->next_tap_block_num = 1; } } break; case TFTP_ACK: blocknum = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(tftp_tree, hf_tftp_blocknum, tvb, offset, 2, blocknum); col_append_fstr(pinfo->cinfo, COL_INFO, ", Block: %i", blocknum); break; case TFTP_ERROR: error = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(tftp_tree, hf_tftp_error_code, tvb, offset, 2, error); col_append_fstr(pinfo->cinfo, COL_INFO, ", Code: %s", val_to_str(error, tftp_error_code_vals, "Unknown (%u)")); offset += 2; i1 = tvb_strsize(tvb, offset); proto_tree_add_item(tftp_tree, hf_tftp_error_string, tvb, offset, i1, ENC_ASCII|ENC_NA); col_append_fstr(pinfo->cinfo, COL_INFO, ", Message: %s", tvb_format_stringzpad(tvb, offset, i1)); expert_add_info(pinfo, NULL, &ei_tftp_blocksize_range); break; case TFTP_OACK: tftp_dissect_options(tvb, pinfo, offset, tftp_tree, opcode, tftp_info); break; default: proto_tree_add_item(tftp_tree, hf_tftp_data, tvb, offset, -1, ENC_NA); break; } }