예제 #1
0
static void
dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
	int offset = 0;
	guint8 cmd;
	proto_tree *tree = NULL;
	proto_item *item = NULL;
	guint32 periodicity;
	guint8 *host_name;
	gint namelen;
	guint8 server_count;
	guint8 os_major_ver, os_minor_ver;
	const gchar *windows_version;
	int i;
	guint32 uptime;

	col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
	col_clear(pinfo->cinfo, COL_INFO);

	cmd = tvb_get_guint8(tvb, offset);

	/* Put in something, and replace it later */
	col_add_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));


	item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, ENC_NA);
	tree = proto_item_add_subtree(item, ett_browse);

	/* command */
	proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
	offset += 1;

	switch (cmd) {
	case BROWSE_DOMAIN_ANNOUNCEMENT:
	case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
	case BROWSE_HOST_ANNOUNCE: {
		/* update count */
		proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* periodicity (in milliseconds) */
		periodicity = tvb_get_letohl(tvb, offset);
		proto_tree_add_uint_format_value(tree, hf_periodicity, tvb, offset, 4,
		    periodicity,
		    "%s",
		    time_msecs_to_str(wmem_packet_scope(), periodicity));
		offset += 4;

		/* server name */
		host_name = tvb_get_stringzpad(wmem_packet_scope(), tvb, offset, HOST_NAME_LEN, ENC_CP437|ENC_NA);
		col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);
		proto_tree_add_string_format(tree, hf_server_name,
			tvb, offset, HOST_NAME_LEN,
			host_name,
			(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
				"Domain/Workgroup: %s":
				"Host Name: %s",
			host_name);
		offset += HOST_NAME_LEN;

		/* Windows version (See "OSVERSIONINFO Structure" on MSDN) */
		os_major_ver = tvb_get_guint8(tvb, offset);
		os_minor_ver = tvb_get_guint8(tvb, offset+1);

		SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version);
		proto_tree_add_string(tree, hf_windows_version, tvb, offset, 2, windows_version);

		/* OS major version */
		proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* OS minor version */
		proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* server type flags */
		offset = dissect_smb_server_type_flags(
			tvb, offset, pinfo, tree, NULL, TRUE);

		if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT && tvb_get_letohs (tvb, offset + 2) != 0xAA55) {
			/*
			 * Network Monitor claims this is a "Comment
			 * Pointer".  I don't believe it.
			 *
			 * It's not a browser protocol major/minor
			 * version number, and signature constant,
			 * however.
			 */
			proto_tree_add_item(tree, hf_mysterious_field, tvb, offset, 4, ENC_LITTLE_ENDIAN);
			offset += 4;
		} else {
			/* browser protocol major version */
			proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);
			offset += 1;

			/* browser protocol minor version */
			proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);
			offset += 1;

			/* signature constant */
			proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, ENC_LITTLE_ENDIAN);
			offset += 2;
		}

		/* master browser server name or server comment */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree,
			(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
			    hf_mb_server_name : hf_server_comment,
			tvb, offset, namelen, ENC_ASCII|ENC_NA);
		break;
	}
	case BROWSE_REQUEST_ANNOUNCE: {
		guint8 *computer_name;

		/* unused/unknown flags */
		proto_tree_add_item(tree, hf_unused_flags,
			tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* name of computer to which to send reply */
		computer_name = tvb_get_stringz_enc(wmem_packet_scope(), tvb, offset, &namelen, ENC_ASCII);
		proto_tree_add_string(tree, hf_response_computer_name,
			tvb, offset, namelen, computer_name);
		col_append_fstr(pinfo->cinfo, COL_INFO, " %s", computer_name);
		break;
	}

	case BROWSE_ELECTION_REQUEST:
		/* election version */
		proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* criterion */
		dissect_election_criterion(tvb, tree, offset);
		offset += 4;

		/* server uptime */
		uptime = tvb_get_letohl(tvb, offset);
		proto_tree_add_uint_format_value(tree, hf_server_uptime,
		    tvb, offset, 4, uptime,
		    "%s",
		    time_msecs_to_str(wmem_packet_scope(), uptime));
		offset += 4;

		/* next 4 bytes must be zero */
		offset += 4;

		/* server name */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree, hf_server_name,
			tvb, offset, namelen, ENC_ASCII|ENC_NA);
		break;

	case BROWSE_BACKUP_LIST_REQUEST:
		/* backup list requested count */
		proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* backup requested token */
		proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
		break;

	case BROWSE_BACKUP_LIST_RESPONSE:
		/* backup list requested count */
		server_count = tvb_get_guint8(tvb, offset);
		proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1,
		    server_count);
		offset += 1;

		/* backup requested token */
		proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
		offset += 4;

		/* backup server names */
		for (i = 0; i < server_count; i++) {
			namelen = tvb_strsize(tvb, offset);
			proto_tree_add_item(tree, hf_backup_server,
				tvb, offset, namelen, ENC_ASCII|ENC_NA);
			offset += namelen;
		}
		break;

	case BROWSE_MASTER_ANNOUNCEMENT:
		/* master browser server name */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree, hf_mb_server_name,
			tvb, offset, namelen, ENC_ASCII|ENC_NA);
		break;

	case BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT: {
		static const int * flags[] = {
			&hf_mb_reset_demote,
			&hf_mb_reset_flush,
			&hf_mb_reset_stop,
			NULL
		};

		proto_tree_add_bitmask(tree, tvb, offset, hf_mb_reset_command, ett_browse_reset_cmd_flags, flags, ENC_NA);
		break;
	}

	case BROWSE_BECOME_BACKUP:
		/* name of browser to promote */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree, hf_browser_to_promote,
			tvb, offset, namelen, ENC_ASCII|ENC_NA);
		break;
	}
}
예제 #2
0
/*
 * It appears that browser announcements sent to \MAILSLOT\LANMAN aren't
 * the same as browser announcements sent to \MAILSLOT\BROWSE.
 * Was that an older version of the protocol?
 *
 * The document at
 *
 *	http://www.samba.org/samba/ftp/specs/brow_rev.txt
 *
 * gives both formats of host announcement packets, saying that
 * "[The first] format seems wrong", that one being what appears to
 * show up in \MAILSLOT\LANMAN packets, and that "[The second one]
 * may be better", that one being what appears to show up in
 * \MAILSLOT\BROWSE packets.
 *
 * XXX - what other browser packets go out to that mailslot?
 */
static void
dissect_mailslot_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
	int offset = 0;
	guint8 cmd;
	proto_tree *tree = NULL;
	proto_item *item = NULL;
	guint32 periodicity;
	const guint8 *host_name;
	guint8 os_major_ver, os_minor_ver;
	const gchar *windows_version;
	guint namelen;

	col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
	col_clear(pinfo->cinfo, COL_INFO);

	cmd = tvb_get_guint8(tvb, offset);

	/* Put in something, and replace it later */
	col_add_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));

	if (parent_tree) {
		item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, ENC_NA);

		tree = proto_item_add_subtree(item, ett_browse);
	}

	/* command */
	proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
	offset += 1;

	switch (cmd) {
	case BROWSE_DOMAIN_ANNOUNCEMENT:
	case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
	case BROWSE_HOST_ANNOUNCE:
		/* update count */
		proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* server type flags */
		offset = dissect_smb_server_type_flags(
			tvb, offset, pinfo, tree, NULL, TRUE);

		/* OS version string (See "OSVERSIONINFO Structure" on MSDN) */
		os_major_ver = tvb_get_guint8(tvb, offset);
		os_minor_ver = tvb_get_guint8(tvb, offset+1);

		SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version);
		proto_tree_add_string(tree, hf_windows_version, tvb, offset, 2, windows_version);

		/* OS major version */
		proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* OS minor version */
		proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);
		offset += 1;

		/* periodicity (in seconds; convert to milliseconds) */
		periodicity = tvb_get_letohs(tvb, offset)*1000;
		proto_tree_add_uint_format_value(tree, hf_periodicity, tvb, offset, 2,
		    periodicity,
		    "%s",
		    time_msecs_to_str(wmem_packet_scope(), periodicity));
		offset += 2;

		/* server name */
		host_name = tvb_get_stringz_enc(wmem_packet_scope(), tvb, offset, &namelen, ENC_CP437|ENC_NA);
		col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);

		proto_tree_add_item(tree, hf_server_name,
			tvb, offset, namelen, ENC_ASCII|ENC_NA);
		offset += namelen;

		/* master browser server name or server comment */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree,
			(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
			    hf_mb_server_name : hf_server_comment,
			tvb, offset, namelen, ENC_CP437|ENC_NA);
		break;
	}
}
예제 #3
0
static void
dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
	int offset = 0;
	guint8 cmd;
	proto_tree *tree = NULL;
	proto_item *item = NULL;
	guint32 periodicity;
	gchar host_name[17];
	gchar *utf8_host_name;
	gint namelen;
	guint8 server_count, reset_cmd;
	guint8 os_major_ver, os_minor_ver;
	gchar *windows_version = NULL;
	int i;
	guint32 uptime;

	col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
	col_clear(pinfo->cinfo, COL_INFO);

	cmd = tvb_get_guint8(tvb, offset);

	if (check_col(pinfo->cinfo, COL_INFO)) {
		/* Put in something, and replace it later */
		col_add_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));
	}


	if (parent_tree) {
		item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, TRUE);

		tree = proto_item_add_subtree(item, ett_browse);
	}

	/* command */
	proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
	offset += 1;

	switch (cmd) {
	case BROWSE_DOMAIN_ANNOUNCEMENT:
	case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
	case BROWSE_HOST_ANNOUNCE: {
		/* update count */
		proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, TRUE);
		offset += 1;

		/* periodicity (in milliseconds) */
		periodicity = tvb_get_letohl(tvb, offset);
		proto_tree_add_uint_format(tree, hf_periodicity, tvb, offset, 4,
		    periodicity,
		    "Update Periodicity: %s",
		    time_msecs_to_str(periodicity));
		offset += 4;

		/* server name */
		tvb_get_nstringz0(tvb, offset, sizeof(host_name), host_name);
		utf8_host_name = g_convert(host_name, strlen(host_name),
			"UTF-8", "CP437", NULL, NULL, NULL);
		if (utf8_host_name == NULL)
			utf8_host_name = host_name;
		if (check_col(pinfo->cinfo, COL_INFO)) {
			col_append_fstr(pinfo->cinfo, COL_INFO, " %s", utf8_host_name);
		}
		proto_tree_add_string_format(tree, hf_server_name,
			tvb, offset, 16,
			utf8_host_name,
			(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
				"Domain/Workgroup: %s":
				"Host Name: %s",
			utf8_host_name);
		if (utf8_host_name != host_name)
			g_free(utf8_host_name);
		offset += 16;

		/* Windows version (See "OSVERSIONINFO Structure" on MSDN) */
		os_major_ver = tvb_get_guint8(tvb, offset);
		os_minor_ver = tvb_get_guint8(tvb, offset+1);

		SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version);

		if(windows_version)
		  proto_tree_add_text(tree, tvb, offset, 2, "Windows version: %s", windows_version);

		/* OS major version */
		proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, TRUE);
		offset += 1;

		/* OS minor version */
		proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, TRUE);
		offset += 1;

		/* server type flags */
		offset = dissect_smb_server_type_flags(
			tvb, offset, pinfo, tree, NULL, TRUE);

		if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT && tvb_get_letohs (tvb, offset + 2) != 0xAA55) {
			/*
			 * Network Monitor claims this is a "Comment
			 * Pointer".  I don't believe it.
			 *
			 * It's not a browser protocol major/minor
			 * version number, and signature constant,
			 * however.
			 */
			proto_tree_add_text(tree, tvb, offset, 4,
			    "Mysterious Field: 0x%08x",
			    tvb_get_letohl(tvb, offset));
			offset += 4;
		} else {
			/* browser protocol major version */
			proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, TRUE);
			offset += 1;

			/* browser protocol minor version */
			proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, TRUE);
			offset += 1;

			/* signature constant */
			proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, TRUE);
			offset += 2;
		}

		/* master browser server name or server comment */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree,
			(cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
			    hf_mb_server_name : hf_server_comment,
			tvb, offset, namelen, TRUE);
		offset += namelen;
		break;
	}
	case BROWSE_REQUEST_ANNOUNCE: {
		guint8 *computer_name;

		/* unused/unknown flags */
		proto_tree_add_item(tree, hf_unused_flags,
			tvb, offset, 1, TRUE);
		offset += 1;

		/* name of computer to which to send reply */
		computer_name = tvb_get_ephemeral_stringz(tvb, offset, &namelen);
		proto_tree_add_string(tree, hf_response_computer_name,
			tvb, offset, namelen, computer_name);
		if (check_col(pinfo->cinfo, COL_INFO))
			col_append_fstr(
				pinfo->cinfo, COL_INFO, " %s", computer_name);
		offset += namelen;
		break;
	}

	case BROWSE_ELECTION_REQUEST:
		/* election version */
		proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, TRUE);
		offset += 1;

		/* criterion */
		dissect_election_criterion(tvb, tree, offset);
		offset += 4;

		/* server uptime */
		uptime = tvb_get_letohl(tvb, offset);
		proto_tree_add_uint_format(tree, hf_server_uptime,
		    tvb, offset, 4, uptime,
		    "Uptime: %s",
		    time_msecs_to_str(uptime));
		offset += 4;

		/* next 4 bytes must be zero */
		offset += 4;

		/* server name */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree, hf_server_name,
			tvb, offset, namelen, TRUE);
		offset += namelen;
		break;

	case BROWSE_BACKUP_LIST_REQUEST:
		/* backup list requested count */
		proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, TRUE);
		offset += 1;

		/* backup requested token */
		proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, TRUE);
		offset += 4;
		break;

	case BROWSE_BACKUP_LIST_RESPONSE:
		/* backup list requested count */
		server_count = tvb_get_guint8(tvb, offset);
		proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1,
		    server_count);
		offset += 1;

		/* backup requested token */
		proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, TRUE);
		offset += 4;

		/* backup server names */
		for (i = 0; i < server_count; i++) {
			namelen = tvb_strsize(tvb, offset);
			proto_tree_add_item(tree, hf_backup_server,
				tvb, offset, namelen, TRUE);
			offset += namelen;
		}
		break;

	case BROWSE_MASTER_ANNOUNCEMENT:
		/* master browser server name */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree, hf_mb_server_name,
			tvb, offset, namelen, TRUE);
		offset += namelen;
		break;

	case BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT: {
	        proto_tree *sub_tree;
	        proto_item *reset_item;

		/* the subcommand follows ... one of three values */

	        reset_cmd = tvb_get_guint8(tvb, offset);
		reset_item = proto_tree_add_uint(tree, hf_mb_reset_command, tvb,
						 offset, 1, reset_cmd);
		sub_tree = proto_item_add_subtree(item, ett_browse_reset_cmd_flags);
		proto_tree_add_boolean(sub_tree, hf_mb_reset_demote, tvb,
				       offset, 1, reset_cmd);
		proto_tree_add_boolean(sub_tree, hf_mb_reset_flush, tvb,
				       offset, 1, reset_cmd);
		proto_tree_add_boolean(sub_tree, hf_mb_reset_stop, tvb,
				       offset, 1, reset_cmd);
		offset += 1;
		break;
	}

	case BROWSE_BECOME_BACKUP:
		/* name of browser to promote */
		namelen = tvb_strsize(tvb, offset);
		proto_tree_add_item(tree, hf_browser_to_promote,
			tvb, offset, namelen, TRUE);
		offset += namelen;
		break;
	}
}