{ 0x8002000E, "DISP_E_BADPARAMCOUNT" },
{ 0x8004CB00, "CBA_E_MALFORMED" },
{ 0x8004CB01, "CBA_E_UNKNOWNOBJECT" },
+ { 0x8004CB05, "CBA_E_INVALIDID" },
{ 0x8004CB09, "CBA_E_INVALIDCOOKIE" },
{ 0x8004CB0B, "CBA_E_QOSTYPEUNSUPPORTED" },
{ 0x8004CB0C, "CBA_E_QOSVALUEUNSUPPORTED" },
static int hf_dcerpc_cn_flags_maybe = -1;
static int hf_dcerpc_cn_flags_object = -1;
static int hf_dcerpc_drep = -1;
-static int hf_dcerpc_drep_byteorder = -1;
+ int hf_dcerpc_drep_byteorder = -1;
static int hf_dcerpc_drep_character = -1;
static int hf_dcerpc_drep_fp = -1;
static int hf_dcerpc_cn_frag_len = -1;
for (i = 0; (data = g_slist_nth_data(dcerpc_auth_subdissector_list, i)); i++) {
dcerpc_auth_subdissector *asd = (dcerpc_auth_subdissector *)data;
-
if (asd->auth_level == auth_level &&
asd->auth_type == auth_type)
return &asd->auth_fns;
dcerpc_uuid_key *key = g_malloc (sizeof (*key));
dcerpc_uuid_value *value = g_malloc (sizeof (*value));
header_field_info *hf_info;
+ module_t *samr_module;
+ const char *filter_name = proto_get_protocol_filter_name(proto);
key->uuid = *uuid;
key->ver = ver;
/* add this GUID to the global name resolving */
guids_add_uuid(uuid, proto_get_protocol_short_name (value->proto));
+
+ /* Register the samr.nt_password preference as obsolete */
+ /* This should be in packet-dcerpc-samr.c */
+ if (strcmp(filter_name, "samr") == 0) {
+ samr_module = prefs_register_protocol (proto, NULL);
+ prefs_register_obsolete_preference(samr_module, "nt_password");
+ }
}
/* Function to find the name of a registered protocol
+ (key->act_id.Data4[6] << 8) + (key->act_id.Data4[7] << 0));
}
+
/* to keep track of matched calls/responses
this one uses the same value struct as calls, but the key is the frame id
and call id; there can be more than one call in a frame.
/* real run, dissect the elements */
for(i=0;i<di->array_actual_count;i++){
+ old_offset = offset;
offset = (*fnct)(tvb, offset, pinfo, tree, drep);
+ if (offset <= old_offset)
+ THROW(ReportedBoundsError);
}
}
offset = dissect_ndr_uint32(tvb, offset, pinfo, string_tree, drep,
hf_dcerpc_array_actual_count, &len);
-
buffer_len = size_is * len;
+ hfinfo = proto_registrar_get_nth(hfindex);
/* Adjust offset */
if (offset % size_is)
offset += size_is - (offset % size_is);
-
if (size_is == sizeof(guint16)) {
/* XXX - use drep to determine the byte order? */
s = tvb_fake_unicode(tvb, offset, buffer_len / 2, TRUE);
* its value be the "fake Unicode" string.
*/
if (tree && buffer_len) {
- hfinfo = proto_registrar_get_nth(hfindex);
tvb_ensure_bytes_exist(tvb, offset, buffer_len);
if (hfinfo->type == FT_STRING) {
proto_tree_add_string(string_tree, hfindex, tvb, offset,
}
} else {
/*
- * "tvb_get_string()" throws an exception if the entire string
+ * "tvb_get_ephemeral_string()" throws an exception if the entire string
* isn't in the tvbuff. If the length is bogus, this should
* keep us from trying to allocate an immensely large buffer.
* (It won't help if the length is *valid* but immensely large,
* if we had an immensely large tvbuff....)
*/
tvb_ensure_bytes_exist(tvb, offset, buffer_len);
- s = tvb_get_string(tvb, offset, buffer_len);
+ s = tvb_get_ephemeral_string(tvb, offset, buffer_len);
if (tree && buffer_len)
proto_tree_add_item(string_tree, hfindex, tvb, offset,
buffer_len, drep[0] & 0x10);
if (data)
*data = s;
- else
- g_free(s);
offset += buffer_len;
FALSE, NULL);
}
+/* This function is aimed for PIDL useage and dissects a UNIQUE pointer to
+ * unicode string.
+ */
+int
+PIDL_dissect_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int chsize, int hfindex, guint32 param)
+{
+ dcerpc_info *di;
+ char *s = NULL;
+ gint levels = CB_STR_ITEM_LEVELS(param);
+
+ di=pinfo->private_data;
+
+ offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
+ chsize, hfindex,
+ FALSE, &s);
+
+ if(!di->conformant_run){
+ /* Append string to COL_INFO */
+ if (param & PIDL_SET_COL_INFO) {
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", s);
+ }
+ /* Save string to dcv->private_data */
+ if((param & PIDL_STR_SAVE)
+ && (!pinfo->fd->flags.visited)){
+ dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
+ dcv->private_data = se_strdup(s);
+ }
+ /* Append string to upper-level proto_items */
+ if (levels > 0 && tree && s && s[0]) {
+ proto_item_append_text(tree, ": %s", s);
+ tree = tree->parent;
+ levels--;
+ if (levels > 0) {
+ proto_item_append_text(tree, ": %s", s);
+ tree = tree->parent;
+ levels--;
+ while (levels > 0) {
+ proto_item_append_text(tree, " %s", s);
+ tree = tree->parent;
+ levels--;
+ }
+ }
+ }
+
+ }
+
+ g_free(s);
+ return offset;
+}
+
/* Dissect an NDR varying string of elements.
The length of each element is given by the 'size_is' parameter;
the elements are assumed to be characters or wide characters.
}
} else {
/*
- * "tvb_get_string()" throws an exception if the entire string
+ * "tvb_get_ephemeral_string()" throws an exception if the entire string
* isn't in the tvbuff. If the length is bogus, this should
* keep us from trying to allocate an immensely large buffer.
* (It won't help if the length is *valid* but immensely large,
* if we had an immensely large tvbuff....)
*/
tvb_ensure_bytes_exist(tvb, offset, buffer_len);
- s = tvb_get_string(tvb, offset, buffer_len);
+ s = tvb_get_ephemeral_string(tvb, offset, buffer_len);
if (tree && buffer_len)
proto_tree_add_item(string_tree, hfindex, tvb, offset,
buffer_len, drep[0] & 0x10);
if (data)
*data = s;
- else
- g_free(s);
offset += buffer_len;
return offset;
}
+
/* Dissect an varying string of chars.
This corresponds to IDL of the form '[string] char *foo'.
npd=g_slist_nth_data(ndr_pointer_list, 0);
ndr_pointer_list=g_slist_remove(ndr_pointer_list, npd);
- if(npd){
- g_free(npd);
- }
+ g_free(npd);
}
ndr_pointer_list=NULL;
*/
return offset;
}
-
/*TOP LEVEL REFERENCE POINTER*/
if( pointers_are_top_level
&&(type==NDR_POINTER_REF) ){
/* get the referent id */
offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, -1, &id);
-
tvb_ensure_bytes_exist(tvb, offset-4, 4);
/* we got a NULL pointer */
if(id==0){
show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree,
dcerpc_auth_info *auth_info, gboolean is_encrypted)
{
- int length, plain_length, auth_pad_len;
- guint auth_pad_offset;
+ int length, plain_length, auth_pad_len;
+ guint auth_pad_offset;
/*
* We don't show stub data unless we have some in the tvbuff;
* bytes, the reported number of bytes, not the number of bytes
* that happen to be in the tvbuff.
*/
- if (tvb_length_remaining (tvb, offset) > 0) {
- auth_pad_len = auth_info?auth_info->auth_pad_len:0;
- length = tvb_reported_length_remaining (tvb, offset);
+ if (tvb_length_remaining (tvb, offset) > 0) {
+ auth_pad_len = auth_info?auth_info->auth_pad_len:0;
+ length = tvb_reported_length_remaining (tvb, offset);
/* if auth_pad_len is larger than length then we ignore auth_pad_len totally */
- plain_length = length - auth_pad_len;
- if (plain_length < 1) {
+ plain_length = length - auth_pad_len;
+ if (plain_length < 1) {
plain_length = length;
auth_pad_len = 0;
- }
- auth_pad_offset = offset + plain_length;
-
- if (auth_info != NULL &&
- auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY) {
- if (is_encrypted) {
- tvb_ensure_bytes_exist(tvb, offset, length);
+ }
+ auth_pad_offset = offset + plain_length;
+ if (auth_info != NULL &&
+ auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY) {
+ if (is_encrypted) {
+ tvb_ensure_bytes_exist(tvb, offset, length);
proto_tree_add_text(dcerpc_tree, tvb, offset, length,
- "Encrypted stub data (%d byte%s)",
- length, plurality(length, "", "s"));
+ "Encrypted stub data (%d byte%s)",
+ length, plurality(length, "", "s"));
/* is the padding is still inside the encrypted blob, don't display it explicit */
- auth_pad_len = 0;
- } else {
- tvb_ensure_bytes_exist(tvb, offset, plain_length);
- proto_tree_add_text(dcerpc_tree, tvb, offset, plain_length,
- "Decrypted stub data (%d byte%s)",
- plain_length, plurality(plain_length, "", "s"));
- }
- } else {
- tvb_ensure_bytes_exist(tvb, offset, plain_length);
- proto_tree_add_text (dcerpc_tree, tvb, offset, plain_length,
- "Stub data (%d byte%s)", plain_length,
- plurality(plain_length, "", "s"));
- }
- /* If there is auth padding at the end of the stub, display it */
- if (auth_pad_len != 0) {
- tvb_ensure_bytes_exist(tvb, auth_pad_offset, auth_pad_len);
- proto_tree_add_text (dcerpc_tree, tvb, auth_pad_offset,
- auth_pad_len,
- "Auth Padding (%u byte%s)",
- auth_pad_len,
- plurality(auth_pad_len, "", "s"));
- }
+ auth_pad_len = 0;
+ }
+ else {
+ tvb_ensure_bytes_exist(tvb, offset, plain_length);
+ proto_tree_add_text(dcerpc_tree, tvb, offset, plain_length,
+ "Decrypted stub data (%d byte%s)",
+ plain_length, plurality(plain_length, "", "s"));
+ }
+ }
+ else {
+ tvb_ensure_bytes_exist(tvb, offset, plain_length);
+ proto_tree_add_text (dcerpc_tree, tvb, offset, plain_length,
+ "Stub data (%d byte%s)", plain_length,
+ plurality(plain_length, "", "s"));
+ }
+ /* If there is auth padding at the end of the stub, display it */
+ if (auth_pad_len != 0) {
+ tvb_ensure_bytes_exist(tvb, auth_pad_offset, auth_pad_len);
+ proto_tree_add_text (dcerpc_tree, tvb, auth_pad_offset,
+ auth_pad_len, "Auth Padding (%u byte%s)",
+ auth_pad_len, plurality(auth_pad_len, "", "s"));
}
+ }
}
static int
dcerpc_dissect_fnct_t *volatile sub_dissect;
const char *volatile saved_proto;
void *volatile saved_private_data;
- guint length, reported_length;
+ guint length = 0, reported_length = 0;
tvbuff_t *volatile stub_tvb;
volatile guint auth_pad_len;
volatile int auth_pad_offset;
proto_item *sub_item=NULL;
- proto_item *pi;
+ proto_item *pi, *hidden_item;
key.uuid = info->call_data->uuid;
key.ver = info->call_data->ver;
* for that UUID is disabled.
*/
- proto_tree_add_boolean_hidden(dcerpc_tree, hf_dcerpc_unknown_if_id,
- tvb, offset, 0, TRUE);
+ hidden_item = proto_tree_add_boolean(dcerpc_tree, hf_dcerpc_unknown_if_id,
+ tvb, offset, 0, TRUE);
+ PROTO_ITEM_SET_HIDDEN(hidden_item);
if (check_col (pinfo->cinfo, COL_INFO)) {
col_append_fstr (pinfo->cinfo, COL_INFO, " %s V%u",
guids_resolve_uuid_to_str(&info->call_data->uuid), info->call_data->ver);
proc->dissect_rqst : proc->dissect_resp;
if (tree) {
- sub_item = proto_tree_add_item (tree, sub_proto->proto_id, tvb, 0,
- -1, FALSE);
+ sub_item = proto_tree_add_item (tree, sub_proto->proto_id,
+ (decrypted_tvb != NULL)?decrypted_tvb:tvb,
+ 0, -1, FALSE);
if (sub_item) {
sub_tree = proto_item_add_subtree (sub_item, sub_proto->ett);
* Put the operation number into the tree along with
* the operation's name.
*/
- if(sub_dissect == NULL) {
- if (sub_proto->opnum_hf != -1)
+ if (sub_proto->opnum_hf != -1)
proto_tree_add_uint_format(sub_tree, sub_proto->opnum_hf,
tvb, 0, 0, info->call_data->opnum,
"Operation: %s (%u)",
name, info->call_data->opnum);
- else
+ else
proto_tree_add_uint_format(sub_tree, hf_dcerpc_op, tvb,
0, 0, info->call_data->opnum,
"Operation: %s (%u)",
name, info->call_data->opnum);
- }
if(info->ptype == PDU_REQ && info->call_data->rep_frame!=0) {
pi = proto_tree_add_uint(sub_tree, hf_dcerpc_response_in,
init_ndr_pointer_list(pinfo);
+ length = tvb_length(decrypted_tvb);
+ reported_length = tvb_reported_length(decrypted_tvb);
+
/*
* Remove the authentication padding from the stub data.
*/
if (auth_info != NULL && auth_info->auth_pad_len != 0) {
- length = tvb_length(decrypted_tvb);
- reported_length = tvb_reported_length(decrypted_tvb);
if (reported_length >= auth_info->auth_pad_len) {
/*
* OK, the padding length isn't so big that it
if (length > reported_length)
length = reported_length;
- stub_tvb = tvb_new_subset(tvb, 0, length, reported_length);
+ stub_tvb = tvb_new_subset(decrypted_tvb, 0, length, reported_length);
auth_pad_len = auth_info->auth_pad_len;
auth_pad_offset = reported_length;
} else {
stub_tvb = NULL;
auth_pad_len = reported_length;
auth_pad_offset = 0;
+ length = 0;
+ reported_length = 0;
}
} else {
/*
auth_pad_offset = 0;
}
+ if (sub_item) {
+ proto_item_set_len(sub_item, length);
+ }
+
if (stub_tvb != NULL) {
/*
* Catch all exceptions other than BoundsError, so that even
* dissect; just re-throw that exception.
*/
TRY {
- offset = sub_dissect (decrypted_tvb, 0, pinfo, sub_tree,
+ int remaining;
+
+ offset = sub_dissect (stub_tvb, 0, pinfo, sub_tree,
drep);
- if(tree) {
- proto_item_set_len(sub_item, offset);
- }
/* If we have a subdissector and it didn't dissect all
data in the tvb, make a note of it. */
- /* XXX - don't do this, as this could be just another RPC Req./Resp. in this PDU */
- /*if (tvb_reported_length_remaining(stub_tvb, offset) > 0) {
+ remaining = tvb_reported_length_remaining(stub_tvb, offset);
+ if (remaining > 0) {
+ proto_tree_add_text(sub_tree, stub_tvb, offset,
+ remaining,
+ "[Long frame (%d byte%s)]",
+ remaining,
+ plurality(remaining, "", "s"));
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO,
- "[Long frame (%d bytes)]",
- tvb_reported_length_remaining(stub_tvb, offset));
- }*/
+ "[Long frame (%d byte%s)]",
+ remaining,
+ plurality(remaining, "", "s"));
+
+ }
} CATCH(BoundsError) {
RETHROW;
} CATCH_ALL {
- show_exception(decrypted_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
+ show_exception(stub_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
} ENDTRY;
}
dcerpc_auth_info auth_info;
char *uuid_str;
const char *uuid_name = NULL;
- proto_item *iface_item;
+ proto_item *iface_item = NULL;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
hf_dcerpc_cn_max_xmit, NULL);
offset += 3;
for (i = 0; i < num_ctx_items; i++) {
- proto_item *ctx_item;
+ proto_item *ctx_item = NULL;
proto_tree *ctx_tree = NULL, *iface_tree = NULL;
gint ctx_offset = offset;
* prepend a delimiter */
col_append_fstr (pinfo->cinfo, COL_DCE_CTX, "#%u", ctx_id);
}
- }
+ }
/* save context ID for use with dcerpc_add_conv_to_bind_table() */
/* (if we have multiple contexts, this might cause "decode as"
conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
if (conv == NULL) {
+ fprintf(stderr,"Creating a new conv on packet %d\n",pinfo->fd->num);
conv = conversation_new (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
}
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
if (ctx_tree) {
proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
- offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s",
+ offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s",
guid_to_str((e_guid_t *) &trans_id));
}
offset += 16;
proto_item *dcerpc_tree_item;
save_fragmented = pinfo->fragmented;
-
length = tvb_length_remaining(tvb, offset);
reported_length = tvb_reported_length_remaining(tvb, offset);
if (reported_length < 0 ||
- (guint32)reported_length < auth_info->auth_size) {
+ (guint32)reported_length < auth_info->auth_size) {
/* We don't even have enough bytes for the authentication
stuff. */
- return;
+ return;
}
reported_length -= auth_info->auth_size;
if (length > reported_length)
- length = reported_length;
+ length = reported_length;
payload_tvb = tvb_new_subset(tvb, offset, length, reported_length);
auth_tvb=NULL;
/*dont bother if we dont have the entire tvb */
/*XXX we should really make sure we calculate auth_info->auth_data
- and use that one instead of this auth_tvb hack
- */
+ *and use that one instead of this auth_tvb hack
+ */
if(tvb_length(tvb)==tvb_reported_length(tvb)){
- if(tvb_length_remaining(tvb, offset+length)>8){
- auth_tvb = tvb_new_subset(tvb, offset+length+8, -1, -1);
- }
+ if(tvb_length_remaining(tvb, offset+length)>8){
+ auth_tvb = tvb_new_subset(tvb, offset+length+8, -1, -1);
+ }
}
/* Decrypt the PDU if it is encrypted */
/* Start out assuming we won't succeed in decrypting. */
decrypted_tvb = NULL;
+ /* Schannel needs informations into the footer (verifier) in order to setup decryptions keys
+ * so we call it in order to have a chance to decypher the data
+ */
+ if (DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN == auth_info->auth_type) {
+ dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, TRUE, auth_info);
+ }
if ((auth_fns = get_auth_subdissector_fns(
auth_info->auth_level, auth_info->auth_type))) {
tvbuff_t *result;
-
- result = decode_encrypted_data(
- payload_tvb, auth_tvb, pinfo, auth_fns,
- hdr->ptype == PDU_REQ, auth_info);
-
+ result = decode_encrypted_data( payload_tvb, auth_tvb, pinfo, auth_fns,
+ hdr->ptype == PDU_REQ, auth_info);
if (result) {
- if (dcerpc_tree)
- proto_tree_add_text(
- dcerpc_tree, payload_tvb, 0, -1,
+ if (dcerpc_tree) {
+ proto_tree_add_text(dcerpc_tree, payload_tvb, 0, -1,
"Encrypted stub data (%d byte%s)",
tvb_reported_length(payload_tvb),
-
- plurality(tvb_length(payload_tvb), "", "s"));
-
- add_new_data_source(
- pinfo, result, "Decrypted stub data");
-
+ plurality(tvb_length(payload_tvb), "", "s"));
+ }
+ add_new_data_source(pinfo, result, "Decrypted stub data");
/* We succeeded. */
decrypted_tvb = result;
}
}
- } else
+ }
+ else
decrypted_tvb = payload_tvb;
/* if this packet is not fragmented, just dissect it and exit */
- if(PFC_NOT_FRAGMENTED(hdr)){
- pinfo->fragmented = FALSE;
+ if(PFC_NOT_FRAGMENTED(hdr)) {
+ pinfo->fragmented = FALSE;
- dcerpc_try_handoff(
- pinfo, tree, dcerpc_tree, payload_tvb, decrypted_tvb,
- hdr->drep, di, auth_info);
+ dcerpc_try_handoff( pinfo, tree, dcerpc_tree, payload_tvb,
+ decrypted_tvb, hdr->drep, di, auth_info);
- pinfo->fragmented = save_fragmented;
- return;
+ pinfo->fragmented = save_fragmented;
+ return;
}
/* The packet is fragmented. */
pinfo->fragmented = TRUE;
- /* debug output of essential fragment data. */
- /* leave it here for future debugging sessions */
- /*printf("DCE num:%u offset:%u frag_len:%u tvb_len:%u\n",
+ /* debug output of essential fragment data. */
+ /* leave it here for future debugging sessions */
+ /*printf("DCE num:%u offset:%u frag_len:%u tvb_len:%u\n",
pinfo->fd->num, offset, hdr->frag_len, tvb_length(decrypted_tvb));*/
/* if we are not doing reassembly and this is the first fragment
nor the first fragment then there is nothing more we can do
so we just have to exit
*/
- if( !dcerpc_reassemble )
+ if( !dcerpc_reassemble || (tvb_length(tvb)!=tvb_reported_length(tvb)) )
goto end_cn_stub;
/* if we didnt get 'frame' we dont know where the PDU started and thus
/* defragmentation is a bit tricky, as there's no offset of the fragment
* in the protocol data.
*
- * just use fragment_add_seq_next() and hope that TCP/SMB segments coming
- * in with the correct sequence.
- */
+ * just use fragment_add_seq_next() and hope that TCP/SMB segments coming
+ * in with the correct sequence.
+ */
fd_head = fragment_add_seq_next(decrypted_tvb, 0, pinfo, frame,
dcerpc_co_fragment_table, dcerpc_co_reassemble_table,
tvb_length(decrypted_tvb),
tvbuff_t *next_tvb;
proto_item *frag_tree_item;
- next_tvb = tvb_new_real_data(fd_head->data, fd_head->len, fd_head->len);
- if(decrypted_tvb){
- tvb_set_child_real_data_tvbuff(decrypted_tvb, next_tvb);
- } else {
- tvb_set_child_real_data_tvbuff(payload_tvb, next_tvb);
- }
+ next_tvb = tvb_new_child_real_data((decrypted_tvb)?decrypted_tvb:payload_tvb,
+ fd_head->data, fd_head->len, fd_head->len);
+
add_new_data_source(pinfo, next_tvb, "Reassembled DCE/RPC");
show_fragment_tree(fd_head, &dcerpc_frag_items,
tree, pinfo, next_tvb, &frag_tree_item);
0);
if (!conv) {
+ fprintf(stderr,"Creating a new conv on this bind packet \n");
conv = conversation_new (
0,
&binding->addr_a,
guint32 alloc_hint;
proto_item *pi;
proto_item *parent_pi;
+ dcerpc_matched_key matched_key, *new_matched_key;
+ dcerpc_call_value *value;
offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
hf_dcerpc_cn_alloc_hint, &alloc_hint);
* prepend a delimiter */
col_append_fstr (pinfo->cinfo, COL_DCE_CTX, "#%u", ctx_id);
}
- }
-
+ }
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
hf_dcerpc_opnum, &opnum);
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id);
if (dcerpc_tree) {
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s",
+ offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s",
guid_to_str((e_guid_t *) &obj_id));
}
offset += 16;
* and we just have a security context?
*/
dissect_dcerpc_cn_auth (tvb, offset, pinfo, dcerpc_tree, hdr, FALSE, &auth_info);
-
conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
- if (!conv)
- show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
+ if (!conv) {
+ /*conv = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
+ pinfo->srcport, pinfo->destport, 0);*/
+ fprintf(stderr,"No conv showing raw stuf %d \n",pinfo->fd->num);
+ show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
+ }
else {
- dcerpc_matched_key matched_key, *new_matched_key;
- dcerpc_call_value *value;
-
- /* !!! we can NOT check flags.visited here since this will interact
- badly with when SMB handles (i.e. calls the subdissector)
- and desegmented pdu's .
- Instead we check if this pdu is already in the matched table or not
- */
- matched_key.frame = pinfo->fd->num;
- matched_key.call_id = hdr->call_id;
- value = g_hash_table_lookup(dcerpc_matched, &matched_key);
- if(!value){
- dcerpc_bind_key bind_key;
- dcerpc_bind_value *bind_value;
-
- bind_key.conv=conv;
- bind_key.ctx_id=ctx_id;
- bind_key.smb_fid=dcerpc_get_transport_salt(pinfo);
-
- if((bind_value=g_hash_table_lookup(dcerpc_binds, &bind_key)) ){
- if(!(hdr->flags&PFC_FIRST_FRAG)){
- dcerpc_cn_call_key call_key;
- dcerpc_call_value *call_value;
-
- call_key.conv=conv;
- call_key.call_id=hdr->call_id;
- call_key.smb_fid=dcerpc_get_transport_salt(pinfo);
- if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){
- new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
- *new_matched_key = matched_key;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
- value = call_value;
- }
- } else {
- dcerpc_cn_call_key *call_key;
- dcerpc_call_value *call_value;
-
- /* We found the binding and it is the first fragment
- (or a complete PDU) of a dcerpc pdu so just add
- the call to both the call table and the
- matched table
- */
- call_key=se_alloc (sizeof (dcerpc_cn_call_key));
- call_key->conv=conv;
- call_key->call_id=hdr->call_id;
- call_key->smb_fid=dcerpc_get_transport_salt(pinfo);
-
- /* if there is already a matching call in the table
- remove it so it is replaced with the new one */
- if(g_hash_table_lookup(dcerpc_cn_calls, call_key)){
- g_hash_table_remove(dcerpc_cn_calls, call_key);
- }
-
- call_value=se_alloc (sizeof (dcerpc_call_value));
- call_value->uuid = bind_value->uuid;
- call_value->ver = bind_value->ver;
- call_value->object_uuid = obj_id;
- call_value->opnum = opnum;
- call_value->req_frame=pinfo->fd->num;
- call_value->req_time=pinfo->fd->abs_ts;
- call_value->rep_frame=0;
- call_value->max_ptr=0;
- call_value->private_data = NULL;
- g_hash_table_insert (dcerpc_cn_calls, call_key, call_value);
-
- new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
- *new_matched_key = matched_key;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
- value = call_value;
- }
- }
- }
-
- if (value) {
- dcerpc_info *di;
-
- di=get_next_di();
- /* handoff this call */
- di->conv = conv;
- di->call_id = hdr->call_id;
- di->smb_fid = dcerpc_get_transport_salt(pinfo);
- di->ptype = PDU_REQ;
- di->call_data = value;
- di->hf_index = -1;
-
- if(value->rep_frame!=0){
- pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_response_in,
- tvb, 0, 0, value->rep_frame);
+ /* !!! we can NOT check flags.visited here since this will interact
+ badly with when SMB handles (i.e. calls the subdissector)
+ and desegmented pdu's .
+ Instead we check if this pdu is already in the matched table or not
+ */
+ matched_key.frame = pinfo->fd->num;
+ matched_key.call_id = hdr->call_id;
+ value = g_hash_table_lookup(dcerpc_matched, &matched_key);
+ if(!value) {
+ dcerpc_bind_key bind_key;
+ dcerpc_bind_value *bind_value;
+
+ bind_key.conv=conv;
+ bind_key.ctx_id=ctx_id;
+ bind_key.smb_fid=dcerpc_get_transport_salt(pinfo);
+ if((bind_value=g_hash_table_lookup(dcerpc_binds, &bind_key)) ){
+ if(!(hdr->flags&PFC_FIRST_FRAG)){
+ dcerpc_cn_call_key call_key;
+ dcerpc_call_value *call_value;
+
+ call_key.conv=conv;
+ call_key.call_id=hdr->call_id;
+ call_key.smb_fid=dcerpc_get_transport_salt(pinfo);
+ if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){
+ new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
+ *new_matched_key = matched_key;
+ g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
+ value = call_value;
+ }
+ }
+ else {
+ dcerpc_cn_call_key *call_key;
+ dcerpc_call_value *call_value;
+
+ /* We found the binding and it is the first fragment
+ (or a complete PDU) of a dcerpc pdu so just add
+ the call to both the call table and the
+ matched table
+ */
+ call_key=se_alloc (sizeof (dcerpc_cn_call_key));
+ call_key->conv=conv;
+ call_key->call_id=hdr->call_id;
+ call_key->smb_fid=dcerpc_get_transport_salt(pinfo);
+
+ /* if there is already a matching call in the table
+ remove it so it is replaced with the new one */
+ if(g_hash_table_lookup(dcerpc_cn_calls, call_key)){
+ g_hash_table_remove(dcerpc_cn_calls, call_key);
+ }
+
+ call_value=se_alloc (sizeof (dcerpc_call_value));
+ call_value->uuid = bind_value->uuid;
+ call_value->ver = bind_value->ver;
+ call_value->object_uuid = obj_id;
+ call_value->opnum = opnum;
+ call_value->req_frame=pinfo->fd->num;
+ call_value->req_time=pinfo->fd->abs_ts;
+ call_value->rep_frame=0;
+ call_value->max_ptr=0;
+ call_value->se_data = NULL;
+ call_value->private_data = NULL;
+ call_value->pol = NULL;
+ g_hash_table_insert (dcerpc_cn_calls, call_key, call_value);
+
+ new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
+ *new_matched_key = matched_key;
+ g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
+ value = call_value;
+ }
+ }
+ }
+ if (value) {
+ dcerpc_info *di;
+ di=get_next_di();
+ /* handoff this call */
+ di->conv = conv;
+ di->call_id = hdr->call_id;
+ di->smb_fid = dcerpc_get_transport_salt(pinfo);
+ di->ptype = PDU_REQ;
+ di->call_data = value;
+ di->hf_index = -1;
+
+ if(value->rep_frame!=0){
+ pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_response_in,
+ tvb, 0, 0, value->rep_frame);
PROTO_ITEM_SET_GENERATED(pi);
if(parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Resp: #%u]", value->rep_frame);
}
- }
-
- dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree,
- hdr, di, &auth_info, alloc_hint,
- value->req_frame);
- } else {
- /* no bind information, simply show stub data */
- pi = proto_tree_add_text(dcerpc_tree, tvb, offset, 0, "No bind info for this interface Context ID - capture start too late?");
- PROTO_ITEM_SET_GENERATED(pi);
- expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "No bind info for interface Context ID:%u",
- ctx_id);
- show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
- }
+ }
+ dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree,
+ hdr, di, &auth_info, alloc_hint,
+ value->req_frame);
+ }
+ else {
+ /* no bind information, simply show stub data */
+ pi = proto_tree_add_text(dcerpc_tree, tvb, offset, 0, "No bind info for this interface Context ID - capture start too late?");
+ PROTO_ITEM_SET_GENERATED(pi);
+ expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "No bind info for interface Context ID:%u",
+ ctx_id);
+ show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
}
-
- /* Dissect the verifier */
- dissect_dcerpc_verifier (tvb, pinfo, dcerpc_tree, hdr, &auth_info);
+ }
+ /* Dissect the verifier */
+ dissect_dcerpc_verifier (tvb, pinfo, dcerpc_tree, hdr, &auth_info);
}
}
if (check_col (pinfo->cinfo, COL_DCE_CTX)) {
- if(pinfo->dcectxid == 0) {
- col_append_fstr (pinfo->cinfo, COL_DCE_CTX, "%u", ctx_id);
+ if(pinfo->dcectxid == 0) {
+ col_append_fstr (pinfo->cinfo, COL_DCE_CTX, "%u", ctx_id);
} else {
/* this is not the first DCE-RPC request/response in this (TCP?-)PDU,
* prepend a delimiter */
col_append_fstr (pinfo->cinfo, COL_DCE_CTX, "#%u", ctx_id);
- }
- }
+ }
+ }
/* save context ID for use with dcerpc_add_conv_to_bind_table() */
/* no point in creating one here, really */
show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
} else {
- dcerpc_matched_key matched_key, *new_matched_key;
+ dcerpc_matched_key matched_key, *new_matched_key;
/* !!! we can NOT check flags.visited here since this will interact
badly with when SMB handles (i.e. calls the subdissector)
and desegmented pdu's .
Instead we check if this pdu is already in the matched table or not
*/
- matched_key.frame = pinfo->fd->num;
- matched_key.call_id = hdr->call_id;
- value=g_hash_table_lookup(dcerpc_matched, &matched_key);
- if(!value){
- dcerpc_cn_call_key call_key;
- dcerpc_call_value *call_value;
-
- call_key.conv=conv;
- call_key.call_id=hdr->call_id;
- call_key.smb_fid=dcerpc_get_transport_salt(pinfo);
-
- if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){
+ matched_key.frame = pinfo->fd->num;
+ matched_key.call_id = hdr->call_id;
+ value=g_hash_table_lookup(dcerpc_matched, &matched_key);
+ if(!value){
+ dcerpc_cn_call_key call_key;
+ dcerpc_call_value *call_value;
+
+ call_key.conv=conv;
+ call_key.call_id=hdr->call_id;
+ call_key.smb_fid=dcerpc_get_transport_salt(pinfo);
+
+ if((call_value=g_hash_table_lookup(dcerpc_cn_calls, &call_key))){
/* extra sanity check, only match them if the reply
came after the request */
- if(call_value->req_frame<pinfo->fd->num){
- new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
- *new_matched_key = matched_key;
- g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
- value = call_value;
- if(call_value->rep_frame==0){
- call_value->rep_frame=pinfo->fd->num;
- }
- }
- }
- }
+ if(call_value->req_frame<pinfo->fd->num){
+ new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
+ *new_matched_key = matched_key;
+ g_hash_table_insert (dcerpc_matched, new_matched_key, call_value);
+ value = call_value;
+ if(call_value->rep_frame==0) {
+ call_value->rep_frame=pinfo->fd->num;
+ }
+ }
+ }
+ }
- if (value) {
- dcerpc_info *di;
+ if (value) {
+ dcerpc_info *di;
- di=get_next_di();
- /* handoff this call */
- di->conv = conv;
- di->call_id = hdr->call_id;
- di->smb_fid = dcerpc_get_transport_salt(pinfo);
- di->ptype = PDU_RESP;
- di->call_data = value;
+ di=get_next_di();
+ /* handoff this call */
+ di->conv = conv;
+ di->call_id = hdr->call_id;
+ di->smb_fid = dcerpc_get_transport_salt(pinfo);
+ di->ptype = PDU_RESP;
+ di->call_data = value;
- proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum);
+ proto_tree_add_uint (dcerpc_tree, hf_dcerpc_opnum, tvb, 0, 0, value->opnum);
/* (optional) "Object UUID" from request */
if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) {
- pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s",
- guid_to_str((e_guid_t *) &value->object_uuid));
- PROTO_ITEM_SET_GENERATED(pi);
+ pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
+ offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &value->object_uuid));
+ PROTO_ITEM_SET_GENERATED(pi);
}
/* request in */
- if(value->req_frame!=0){
- nstime_t delta_ts;
- pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_request_in,
+ if(value->req_frame!=0) {
+ nstime_t delta_ts;
+ pi = proto_tree_add_uint(dcerpc_tree, hf_dcerpc_request_in,
tvb, 0, 0, value->req_frame);
- PROTO_ITEM_SET_GENERATED(pi);
- if(parent_pi != NULL) {
+ PROTO_ITEM_SET_GENERATED(pi);
+ if(parent_pi != NULL) {
proto_item_append_text(parent_pi, ", [Req: #%u]", value->req_frame);
- }
- nstime_delta(&delta_ts, &pinfo->fd->abs_ts, &value->req_time);
- pi = proto_tree_add_time(dcerpc_tree, hf_dcerpc_time, tvb, offset, 0, &delta_ts);
- PROTO_ITEM_SET_GENERATED(pi);
+ }
+ nstime_delta(&delta_ts, &pinfo->fd->abs_ts, &value->req_time);
+ pi = proto_tree_add_time(dcerpc_tree, hf_dcerpc_time, tvb, offset, 0, &delta_ts);
+ PROTO_ITEM_SET_GENERATED(pi);
} else {
- pi = proto_tree_add_text(dcerpc_tree,
+ pi = proto_tree_add_text(dcerpc_tree,
tvb, 0, 0, "No request to this DCE/RPC call found");
- expert_add_info_format(pinfo, pi, PI_SEQUENCE, PI_NOTE,
+ expert_add_info_format(pinfo, pi, PI_SEQUENCE, PI_NOTE,
"No request to this DCE/RPC call found");
- }
+ }
- dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree,
- hdr, di, &auth_info, alloc_hint,
- value->rep_frame);
- } else {
+ dissect_dcerpc_cn_stub (tvb, offset, pinfo, dcerpc_tree, tree,
+ hdr, di, &auth_info, alloc_hint,value->rep_frame);
+ } else {
/* no bind information, simply show stub data */
- pi = proto_tree_add_text(dcerpc_tree, tvb, offset, 0, "No bind info for this interface Context ID - capture start too late?");
- PROTO_ITEM_SET_GENERATED(pi);
- expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "No bind info for interface Context ID:%u",
- ctx_id);
- show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
- }
+ pi = proto_tree_add_text(dcerpc_tree, tvb, offset, 0, "No bind info for this interface Context ID - capture start too late?");
+ PROTO_ITEM_SET_GENERATED(pi);
+ expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "No bind info for interface Context ID:%u",ctx_id);
+ show_stub_data (tvb, offset, dcerpc_tree, &auth_info, TRUE);
+ }
}
-
/* Dissect the verifier */
dissect_dcerpc_verifier (tvb, pinfo, dcerpc_tree, hdr, &auth_info);
}
* prepend a delimiter */
col_append_fstr (pinfo->cinfo, COL_DCE_CTX, "#%u", ctx_id);
}
- }
+ }
offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
hf_dcerpc_cn_cancel_count, NULL);
pi = proto_tree_add_time(dcerpc_tree, hf_dcerpc_time, tvb, offset, 0, &delta_ts);
PROTO_ITEM_SET_GENERATED(pi);
} else {
- pi = proto_tree_add_text(dcerpc_tree,
+ pi = proto_tree_add_text(dcerpc_tree,
tvb, 0, 0, "No request to this DCE/RPC call found");
expert_add_info_format(pinfo, pi, PI_SEQUENCE, PI_NOTE,
"No request to this DCE/RPC call found");
} else {
/* PDU is fragmented and this isn't the first fragment */
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO,
+ col_append_str(pinfo->cinfo, COL_INFO,
" [DCE/RPC fragment]");
}
if (dcerpc_tree) {
TRUE);
}
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO,
+ col_append_str(pinfo->cinfo, COL_INFO,
" [DCE/RPC fragment]");
}
} else if(hdr->flags&PFC_LAST_FRAG){ /* LAST fragment */
tvbuff_t *next_tvb;
proto_item *frag_tree_item;
- next_tvb = tvb_new_real_data(fd_head->data, fd_head->len, fd_head->len);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+ next_tvb = tvb_new_child_real_data(tvb, fd_head->data, fd_head->len, fd_head->len);
add_new_data_source(pinfo, next_tvb, "Reassembled DCE/RPC");
show_fragment_tree(fd_head, &dcerpc_frag_items,
dcerpc_tree, pinfo, next_tvb, &frag_tree_item);
/* Reassembly not complete - some fragments
are missing */
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO,
+ col_append_str(pinfo->cinfo, COL_INFO,
" [DCE/RPC fragment]");
}
}
TRUE);
}
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO,
+ col_append_str(pinfo->cinfo, COL_INFO,
" [DCE/RPC fragment]");
}
}
} else {
/* PDU is fragmented and this isn't the first fragment */
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " [DCE/RPC fragment]");
+ col_append_str(pinfo->cinfo, COL_INFO, " [DCE/RPC fragment]");
}
if (dcerpc_tree) {
if (length > 0) {
/* We completed reassembly... */
if(pinfo->fd->num==fd_head->reassembled_in) {
/* ...and this is the reassembled RPC PDU */
- next_tvb = tvb_new_real_data(fd_head->data, fd_head->len, fd_head->len);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+ next_tvb = tvb_new_child_real_data(tvb, fd_head->data, fd_head->len, fd_head->len);
add_new_data_source(pinfo, next_tvb, "Reassembled DCE/RPC");
show_fragment_seq_tree(fd_head, &dcerpc_frag_items,
tree, pinfo, next_tvb, &pi);
} else {
/* Reassembly isn't completed yet */
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " [DCE/RPC fragment]");
+ col_append_str(pinfo->cinfo, COL_INFO, " [DCE/RPC fragment]");
}
}
}
call_value->req_time=pinfo->fd->abs_ts;
call_value->rep_frame=0;
call_value->max_ptr=0;
+ call_value->se_data = NULL;
call_value->private_data = NULL;
+ call_value->pol = NULL;
g_hash_table_insert (dcerpc_dg_calls, call_key, call_value);
new_matched_key = se_alloc(sizeof (dcerpc_matched_key));
v.req_frame = pinfo->fd->num;
v.rep_frame = 0;
v.max_ptr = 0;
+ v.se_data=NULL;
v.private_data=NULL;
value = &v;
}
v.opnum = hdr->opnum;
v.req_frame=0;
v.rep_frame=pinfo->fd->num;
+ v.se_data=NULL;
v.private_data=NULL;
value = &v;
}
pi = proto_tree_add_time(dcerpc_tree, hf_dcerpc_time, tvb, offset, 0, &delta_ts);
PROTO_ITEM_SET_GENERATED(pi);
} else {
- pi = proto_tree_add_text(dcerpc_tree,
+ pi = proto_tree_add_text(dcerpc_tree,
tvb, 0, 0, "No request to this DCE/RPC call found");
expert_add_info_format(pinfo, pi, PI_SEQUENCE, PI_NOTE,
"No request to this DCE/RPC call found");
int offset = 0;
conversation_t *conv;
int auth_level;
+ char *uuid_str;
+ const char *uuid_name = NULL;
/*
* Check if this looks like a CL DCERPC call. All dg packets
* have an 80 byte header on them. Which starts with
* version (4), pkt_type.
*/
- if (!tvb_bytes_exist (tvb, 0, sizeof (hdr))) {
+ if (tvb_length (tvb) < sizeof (hdr)) {
return FALSE;
}
if (tree) {
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s",
+ offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s",
guid_to_str((e_guid_t *) &hdr.obj_id));
}
offset += 16;
if (tree) {
- proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
- offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s",
- guid_to_str((e_guid_t *) &hdr.if_id));
+ uuid_str = guid_to_str((e_guid_t*)&hdr.if_id);
+ uuid_name = guids_get_uuid_name(&hdr.if_id);
+ if(uuid_name) {
+ proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
+ offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
+ } else {
+ proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
+ offset, 16, (e_guid_t *) &hdr.if_id, "Interface UUID: %s", uuid_str);
+ }
}
offset += 16;
conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
if (!conv) {
+ fprintf(stderr,"Creating a new conv on packet %d\n",pinfo->fd->num);
conv = conversation_new (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
pinfo->srcport, pinfo->destport, 0);
}
break;
case PDU_FACK:
- dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr);
+ /* Body is optional */
+ /* XXX - we assume "frag_len" is the length of the body */
+ if (hdr.frag_len != 0)
+ dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
case PDU_REJECT:
{ "Referent ID", "dcerpc.referent_id", FT_UINT32, BASE_HEX,
NULL, 0, "Referent ID for this NDR encoded pointer", HFILL }},
{ &hf_dcerpc_ver,
- { "Version", "dcerpc.ver", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Version", "dcerpc.ver", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_ver_minor,
- { "Version (minor)", "dcerpc.ver_minor", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Version (minor)", "dcerpc.ver_minor", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_packet_type,
- { "Packet type", "dcerpc.pkt_type", FT_UINT8, BASE_DEC, VALS (pckt_vals), 0x0, "", HFILL }},
+ { "Packet type", "dcerpc.pkt_type", FT_UINT8, BASE_DEC, VALS (pckt_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_flags,
- { "Packet Flags", "dcerpc.cn_flags", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Packet Flags", "dcerpc.cn_flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_first_frag,
- { "First Frag", "dcerpc.cn_flags.first_frag", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFC_FIRST_FRAG, "", HFILL }},
+ { "First Frag", "dcerpc.cn_flags.first_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_FIRST_FRAG, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_last_frag,
- { "Last Frag", "dcerpc.cn_flags.last_frag", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFC_LAST_FRAG, "", HFILL }},
+ { "Last Frag", "dcerpc.cn_flags.last_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_LAST_FRAG, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_cancel_pending,
- { "Cancel Pending", "dcerpc.cn_flags.cancel_pending", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFC_PENDING_CANCEL, "", HFILL }},
+ { "Cancel Pending", "dcerpc.cn_flags.cancel_pending", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_PENDING_CANCEL, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_reserved,
- { "Reserved", "dcerpc.cn_flags.reserved", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFC_RESERVED_1, "", HFILL }},
+ { "Reserved", "dcerpc.cn_flags.reserved", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_RESERVED_1, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_mpx,
- { "Multiplex", "dcerpc.cn_flags.mpx", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFC_CONC_MPX, "", HFILL }},
+ { "Multiplex", "dcerpc.cn_flags.mpx", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_CONC_MPX, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_dne,
- { "Did Not Execute", "dcerpc.cn_flags.dne", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFC_DID_NOT_EXECUTE, "", HFILL }},
+ { "Did Not Execute", "dcerpc.cn_flags.dne", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_DID_NOT_EXECUTE, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_maybe,
- { "Maybe", "dcerpc.cn_flags.maybe", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFC_MAYBE, "", HFILL }},
+ { "Maybe", "dcerpc.cn_flags.maybe", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_MAYBE, NULL, HFILL }},
{ &hf_dcerpc_cn_flags_object,
- { "Object", "dcerpc.cn_flags.object", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFC_OBJECT_UUID, "", HFILL }},
+ { "Object", "dcerpc.cn_flags.object", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFC_OBJECT_UUID, NULL, HFILL }},
{ &hf_dcerpc_drep,
- { "Data Representation", "dcerpc.drep", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Data Representation", "dcerpc.drep", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_drep_byteorder,
- { "Byte order", "dcerpc.drep.byteorder", FT_UINT8, BASE_DEC, VALS (drep_byteorder_vals), 0x0, "", HFILL }},
+ { "Byte order", "dcerpc.drep.byteorder", FT_UINT8, BASE_DEC, VALS (drep_byteorder_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_drep_character,
- { "Character", "dcerpc.drep.character", FT_UINT8, BASE_DEC, VALS (drep_character_vals), 0x0, "", HFILL }},
+ { "Character", "dcerpc.drep.character", FT_UINT8, BASE_DEC, VALS (drep_character_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_drep_fp,
- { "Floating-point", "dcerpc.drep.fp", FT_UINT8, BASE_DEC, VALS (drep_fp_vals), 0x0, "", HFILL }},
+ { "Floating-point", "dcerpc.drep.fp", FT_UINT8, BASE_DEC, VALS (drep_fp_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_frag_len,
- { "Frag Length", "dcerpc.cn_frag_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Frag Length", "dcerpc.cn_frag_len", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_auth_len,
- { "Auth Length", "dcerpc.cn_auth_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Auth Length", "dcerpc.cn_auth_len", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_call_id,
- { "Call ID", "dcerpc.cn_call_id", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Call ID", "dcerpc.cn_call_id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_max_xmit,
- { "Max Xmit Frag", "dcerpc.cn_max_xmit", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Max Xmit Frag", "dcerpc.cn_max_xmit", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_max_recv,
- { "Max Recv Frag", "dcerpc.cn_max_recv", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Max Recv Frag", "dcerpc.cn_max_recv", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_assoc_group,
- { "Assoc Group", "dcerpc.cn_assoc_group", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Assoc Group", "dcerpc.cn_assoc_group", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_num_ctx_items,
- { "Num Ctx Items", "dcerpc.cn_num_ctx_items", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Num Ctx Items", "dcerpc.cn_num_ctx_items", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_ctx_item,
- { "Ctx Item", "dcerpc.cn_ctx_item", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Ctx Item", "dcerpc.cn_ctx_item", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_ctx_id,
- { "Context ID", "dcerpc.cn_ctx_id", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Context ID", "dcerpc.cn_ctx_id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_num_trans_items,
- { "Num Trans Items", "dcerpc.cn_num_trans_items", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Num Trans Items", "dcerpc.cn_num_trans_items", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_abstract_syntax,
- { "Abstract Syntax", "dcerpc.cn_bind_abstract_syntax", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Abstract Syntax", "dcerpc.cn_bind_abstract_syntax", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_if_id,
- { "Interface UUID", "dcerpc.cn_bind_to_uuid", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Interface UUID", "dcerpc.cn_bind_to_uuid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_if_ver,
- { "Interface Ver", "dcerpc.cn_bind_if_ver", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Interface Ver", "dcerpc.cn_bind_if_ver", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_if_ver_minor,
- { "Interface Ver Minor", "dcerpc.cn_bind_if_ver_minor", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Interface Ver Minor", "dcerpc.cn_bind_if_ver_minor", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_trans_syntax,
- { "Transfer Syntax", "dcerpc.cn_bind_trans", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Transfer Syntax", "dcerpc.cn_bind_trans", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_trans_id,
- { "ID", "dcerpc.cn_bind_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "ID", "dcerpc.cn_bind_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_bind_trans_ver,
- { "ver", "dcerpc.cn_bind_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "ver", "dcerpc.cn_bind_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_alloc_hint,
- { "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_sec_addr_len,
- { "Scndry Addr len", "dcerpc.cn_sec_addr_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Scndry Addr len", "dcerpc.cn_sec_addr_len", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_sec_addr,
- { "Scndry Addr", "dcerpc.cn_sec_addr", FT_STRINGZ, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Scndry Addr", "dcerpc.cn_sec_addr", FT_STRINGZ, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_num_results,
- { "Num results", "dcerpc.cn_num_results", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Num results", "dcerpc.cn_num_results", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_ack_result,
- { "Ack result", "dcerpc.cn_ack_result", FT_UINT16, BASE_DEC, VALS(p_cont_result_vals), 0x0, "", HFILL }},
+ { "Ack result", "dcerpc.cn_ack_result", FT_UINT16, BASE_DEC, VALS(p_cont_result_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_ack_reason,
- { "Ack reason", "dcerpc.cn_ack_reason", FT_UINT16, BASE_DEC, VALS(p_provider_reason_vals), 0x0, "", HFILL }},
+ { "Ack reason", "dcerpc.cn_ack_reason", FT_UINT16, BASE_DEC, VALS(p_provider_reason_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_ack_trans_id,
- { "Transfer Syntax", "dcerpc.cn_ack_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Transfer Syntax", "dcerpc.cn_ack_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_ack_trans_ver,
- { "Syntax ver", "dcerpc.cn_ack_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Syntax ver", "dcerpc.cn_ack_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_reject_reason,
- { "Reject reason", "dcerpc.cn_reject_reason", FT_UINT16, BASE_DEC, VALS(reject_reason_vals), 0x0, "", HFILL }},
+ { "Reject reason", "dcerpc.cn_reject_reason", FT_UINT16, BASE_DEC, VALS(reject_reason_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_num_protocols,
- { "Number of protocols", "dcerpc.cn_num_protocols", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Number of protocols", "dcerpc.cn_num_protocols", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_protocol_ver_major,
- { "Protocol major version", "dcerpc.cn_protocol_ver_major", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Protocol major version", "dcerpc.cn_protocol_ver_major", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_protocol_ver_minor,
- { "Protocol minor version", "dcerpc.cn_protocol_ver_minor", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Protocol minor version", "dcerpc.cn_protocol_ver_minor", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_cancel_count,
- { "Cancel count", "dcerpc.cn_cancel_count", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Cancel count", "dcerpc.cn_cancel_count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_status,
- { "Status", "dcerpc.cn_status", FT_UINT32, BASE_HEX, VALS(reject_status_vals), 0x0, "", HFILL }},
+ { "Status", "dcerpc.cn_status", FT_UINT32, BASE_HEX, VALS(reject_status_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_cn_deseg_req,
- { "Desegmentation Required", "dcerpc.cn_deseg_req", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Desegmentation Required", "dcerpc.cn_deseg_req", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_type,
- { "Auth type", "dcerpc.auth_type", FT_UINT8, BASE_DEC, VALS (authn_protocol_vals), 0x0, "", HFILL }},
+ { "Auth type", "dcerpc.auth_type", FT_UINT8, BASE_DEC, VALS (authn_protocol_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_level,
- { "Auth level", "dcerpc.auth_level", FT_UINT8, BASE_DEC, VALS (authn_level_vals), 0x0, "", HFILL }},
+ { "Auth level", "dcerpc.auth_level", FT_UINT8, BASE_DEC, VALS (authn_level_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_pad_len,
- { "Auth pad len", "dcerpc.auth_pad_len", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Auth pad len", "dcerpc.auth_pad_len", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_rsrvd,
- { "Auth Rsrvd", "dcerpc.auth_rsrvd", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Auth Rsrvd", "dcerpc.auth_rsrvd", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_auth_ctx_id,
- { "Auth Context ID", "dcerpc.auth_ctx_id", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Auth Context ID", "dcerpc.auth_ctx_id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1,
- { "Flags1", "dcerpc.dg_flags1", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Flags1", "dcerpc.dg_flags1", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_rsrvd_01,
- { "Reserved", "dcerpc.dg_flags1_rsrvd_01", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL1_RESERVED_01, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags1_rsrvd_01", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_RESERVED_01, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_last_frag,
- { "Last Fragment", "dcerpc.dg_flags1_last_frag", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL1_LASTFRAG, "", HFILL }},
+ { "Last Fragment", "dcerpc.dg_flags1_last_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_LASTFRAG, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_frag,
- { "Fragment", "dcerpc.dg_flags1_frag", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL1_FRAG, "", HFILL }},
+ { "Fragment", "dcerpc.dg_flags1_frag", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_FRAG, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_nofack,
- { "No Fack", "dcerpc.dg_flags1_nofack", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL1_NOFACK, "", HFILL }},
+ { "No Fack", "dcerpc.dg_flags1_nofack", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_NOFACK, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_maybe,
- { "Maybe", "dcerpc.dg_flags1_maybe", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL1_MAYBE, "", HFILL }},
+ { "Maybe", "dcerpc.dg_flags1_maybe", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_MAYBE, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_idempotent,
- { "Idempotent", "dcerpc.dg_flags1_idempotent", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL1_IDEMPOTENT, "", HFILL }},
+ { "Idempotent", "dcerpc.dg_flags1_idempotent", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_IDEMPOTENT, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_broadcast,
- { "Broadcast", "dcerpc.dg_flags1_broadcast", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL1_BROADCAST, "", HFILL }},
+ { "Broadcast", "dcerpc.dg_flags1_broadcast", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_BROADCAST, NULL, HFILL }},
{ &hf_dcerpc_dg_flags1_rsrvd_80,
- { "Reserved", "dcerpc.dg_flags1_rsrvd_80", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL1_RESERVED_80, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags1_rsrvd_80", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL1_RESERVED_80, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2,
- { "Flags2", "dcerpc.dg_flags2", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Flags2", "dcerpc.dg_flags2", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_01,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_01", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL2_RESERVED_01, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_01", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_01, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_cancel_pending,
- { "Cancel Pending", "dcerpc.dg_flags2_cancel_pending", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL2_CANCEL_PENDING, "", HFILL }},
+ { "Cancel Pending", "dcerpc.dg_flags2_cancel_pending", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_CANCEL_PENDING, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_04,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_04", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL2_RESERVED_04, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_04", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_04, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_08,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_08", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL2_RESERVED_08, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_08", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_08, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_10,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_10", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL2_RESERVED_10, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_10", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_10, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_20,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_20", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL2_RESERVED_20, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_20", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_20, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_40,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_40", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL2_RESERVED_40, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_40", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_40, NULL, HFILL }},
{ &hf_dcerpc_dg_flags2_rsrvd_80,
- { "Reserved", "dcerpc.dg_flags2_rsrvd_80", FT_BOOLEAN, 8, TFS (&flags_set_truth), PFCL2_RESERVED_80, "", HFILL }},
+ { "Reserved", "dcerpc.dg_flags2_rsrvd_80", FT_BOOLEAN, 8, TFS (&tfs_set_notset), PFCL2_RESERVED_80, NULL, HFILL }},
{ &hf_dcerpc_dg_serial_lo,
- { "Serial Low", "dcerpc.dg_serial_lo", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Serial Low", "dcerpc.dg_serial_lo", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_serial_hi,
- { "Serial High", "dcerpc.dg_serial_hi", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Serial High", "dcerpc.dg_serial_hi", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_ahint,
- { "Activity Hint", "dcerpc.dg_ahint", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Activity Hint", "dcerpc.dg_ahint", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_ihint,
- { "Interface Hint", "dcerpc.dg_ihint", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Interface Hint", "dcerpc.dg_ihint", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_frag_len,
- { "Fragment len", "dcerpc.dg_frag_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Fragment len", "dcerpc.dg_frag_len", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_frag_num,
- { "Fragment num", "dcerpc.dg_frag_num", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Fragment num", "dcerpc.dg_frag_num", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_auth_proto,
- { "Auth proto", "dcerpc.dg_auth_proto", FT_UINT8, BASE_DEC, VALS (authn_protocol_vals), 0x0, "", HFILL }},
+ { "Auth proto", "dcerpc.dg_auth_proto", FT_UINT8, BASE_DEC, VALS (authn_protocol_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_seqnum,
- { "Sequence num", "dcerpc.dg_seqnum", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Sequence num", "dcerpc.dg_seqnum", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_server_boot,
- { "Server boot time", "dcerpc.dg_server_boot", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Server boot time", "dcerpc.dg_server_boot", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_if_ver,
- { "Interface Ver", "dcerpc.dg_if_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Interface Ver", "dcerpc.dg_if_ver", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_krb5_av_prot_level,
- { "Protection Level", "dcerpc.krb5_av.prot_level", FT_UINT8, BASE_DEC, VALS(authn_level_vals), 0x0, "", HFILL }},
+ { "Protection Level", "dcerpc.krb5_av.prot_level", FT_UINT8, BASE_DEC, VALS(authn_level_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_krb5_av_key_vers_num,
- { "Key Version Number", "dcerpc.krb5_av.key_vers_num", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Key Version Number", "dcerpc.krb5_av.key_vers_num", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_krb5_av_key_auth_verifier,
- { "Authentication Verifier", "dcerpc.krb5_av.auth_verifier", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Authentication Verifier", "dcerpc.krb5_av.auth_verifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_obj_id,
- { "Object", "dcerpc.obj_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Object", "dcerpc.obj_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_if_id,
- { "Interface", "dcerpc.dg_if_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Interface", "dcerpc.dg_if_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_act_id,
- { "Activity", "dcerpc.dg_act_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Activity", "dcerpc.dg_act_id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_opnum,
- { "Opnum", "dcerpc.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Opnum", "dcerpc.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_cancel_vers,
- { "Cancel Version", "dcerpc.dg_cancel_vers", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Cancel Version", "dcerpc.dg_cancel_vers", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_cancel_id,
- { "Cancel ID", "dcerpc.dg_cancel_id", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Cancel ID", "dcerpc.dg_cancel_id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_server_accepting_cancels,
- { "Server accepting cancels", "dcerpc.server_accepting_cancels", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Server accepting cancels", "dcerpc.server_accepting_cancels", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_fack_vers,
- { "FACK Version", "dcerpc.fack_vers", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "FACK Version", "dcerpc.fack_vers", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_fack_window_size,
- { "Window Size", "dcerpc.fack_window_size", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Window Size", "dcerpc.fack_window_size", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_fack_max_tsdu,
- { "Max TSDU", "dcerpc.fack_max_tsdu", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Max TSDU", "dcerpc.fack_max_tsdu", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_fack_max_frag_size,
- { "Max Frag Size", "dcerpc.fack_max_frag_size", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Max Frag Size", "dcerpc.fack_max_frag_size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_fack_serial_num,
- { "Serial Num", "dcerpc.fack_serial_num", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Serial Num", "dcerpc.fack_serial_num", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_fack_selack_len,
- { "Selective ACK Len", "dcerpc.fack_selack_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Selective ACK Len", "dcerpc.fack_selack_len", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_fack_selack,
- { "Selective ACK", "dcerpc.fack_selack", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
+ { "Selective ACK", "dcerpc.fack_selack", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_dg_status,
- { "Status", "dcerpc.dg_status", FT_UINT32, BASE_HEX, VALS(reject_status_vals), 0x0, "", HFILL }},
+ { "Status", "dcerpc.dg_status", FT_UINT32, BASE_HEX, VALS(reject_status_vals), 0x0, NULL, HFILL }},
{ &hf_dcerpc_array_max_count,
{ "Max Count", "dcerpc.array.max_count", FT_UINT32, BASE_DEC, NULL, 0x0, "Maximum Count: Number of elements in the array", HFILL }},
{ "Buffer", "dcerpc.array.buffer", FT_BYTES, BASE_NONE, NULL, 0x0, "Buffer: Buffer containing elements of the array", HFILL }},
{ &hf_dcerpc_op,
- { "Operation", "dcerpc.op", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
+ { "Operation", "dcerpc.op", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_fragments,
{ "Reassembled DCE/RPC Fragments", "dcerpc.fragments", FT_NONE, BASE_NONE,
{ &hf_dcerpc_fragment,
{ "DCE/RPC Fragment", "dcerpc.fragment", FT_FRAMENUM, BASE_NONE,
- NULL, 0x0, "DCE/RPC Fragment", HFILL }},
+ NULL, 0x0, NULL, HFILL }},
{ &hf_dcerpc_fragment_overlap,
{ "Fragment overlap", "dcerpc.fragment.overlap", FT_BOOLEAN, BASE_NONE,
NULL, 0x0, "The DCE/RPC PDU is completely reassembled in the packet with this number", HFILL }},
{ &hf_dcerpc_unknown_if_id,
- { "Unknown DCERPC interface id", "dcerpc.unknown_if_id", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "", HFILL }},
+ { "Unknown DCERPC interface id", "dcerpc.unknown_if_id", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }},
};
static gint *ett[] = {
&ett_dcerpc,