/* packet-dcerpc.h
* Copyright 2001, Todd Sabin <tas@webspan.net>
+ * Copyright 2003, Tim Potter <tpot@samba.org>
*
- * $Id: packet-dcerpc.h,v 1.3 2001/11/18 22:44:07 guy Exp $
+ * $Id: packet-dcerpc.h,v 1.34 2003/08/04 02:48:58 tpot Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
- *
+ *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#ifndef __PACKET_DCERPC_H__
#define __PACKET_DCERPC_H__
+#include <epan/conversation.h>
+
typedef struct _e_uuid_t {
guint32 Data1;
guint16 Data2;
guint8 Data4[8];
} e_uuid_t;
+/* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
+#define DCERPC_UUID_STR_LEN 36+1
+
+typedef struct _e_ctx_hnd {
+ guint32 Data1;
+ e_uuid_t uuid;
+} e_ctx_hnd;
+
typedef struct _e_dce_cn_common_hdr_t {
guint8 rpc_ver;
guint8 rpc_ver_minor;
-#define PDU_REQ 0
-#define PDU_PING 1
-#define PDU_RESP 2
-#define PDU_FAULT 3
-#define PDU_WORKING 4
-#define PDU_NOCALL 5
-#define PDU_REJECT 6
-#define PDU_ACK 7
-#define PDU_FACK 9
-#define PDU_BIND 11
-#define PDU_BIND_ACK 12
-#define PDU_BIND_NAK 13
-#define PDU_ALTER 14
-#define PDU_ALTER_ACK 15
-#define PDU_AUTH3 16
+#define PDU_REQ 0
+#define PDU_PING 1
+#define PDU_RESP 2
+#define PDU_FAULT 3
+#define PDU_WORKING 4
+#define PDU_NOCALL 5
+#define PDU_REJECT 6
+#define PDU_ACK 7
+#define PDU_CL_CANCEL 8
+#define PDU_FACK 9
+#define PDU_CANCEL_ACK 10
+#define PDU_BIND 11
+#define PDU_BIND_ACK 12
+#define PDU_BIND_NAK 13
+#define PDU_ALTER 14
+#define PDU_ALTER_ACK 15
+#define PDU_AUTH3 16
+#define PDU_SHUTDOWN 17
+#define PDU_CO_CANCEL 18
+#define PDU_ORPHANED 19
+/*
+ * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
+ * If you're writing a subdissector, you almost certainly want the
+ * NDR functions below.
+ */
guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, char *drep);
guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, char *drep);
void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, char *drep, e_uuid_t *uuid);
+int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, guint8 *pdata);
+int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, guint16 *pdata);
+int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, guint32 *pdata);
+int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, unsigned char *pdata);
+int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, gfloat *pdata);
+int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, gdouble *pdata);
+int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, guint32 *pdata);
+/*
+ * NDR routines for subdissectors.
+ */
+int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, guint8 *pdata);
+int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, guint16 *pdata);
+int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, guint32 *pdata);
+int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, unsigned char *pdata);
+int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, gfloat *pdata);
+int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, gdouble *pdata);
+int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, guint32 *pdata);
+int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, e_uuid_t *pdata);
+int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ int hfindex, e_ctx_hnd *pdata);
+
+typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep);
+
+typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
+
+#define NDR_POINTER_REF 1
+#define NDR_POINTER_UNIQUE 2
+#define NDR_POINTER_PTR 3
+
+int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ dcerpc_dissect_fnct_t *fnct, int type, char *text,
+ int hf_index, dcerpc_callback_fnct_t *callback,
+ void *callback_args);
+
+int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ dcerpc_dissect_fnct_t *fnct, int type, char *text,
+ int hf_index);
+
+/* dissect a NDR unidimensional conformant array */
+int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ dcerpc_dissect_fnct_t *fnct);
+
+/* dissect a NDR unidimensional conformant and varying array */
+int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, char *drep,
+ dcerpc_dissect_fnct_t *fnct);
+
+int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, char *drep);
-typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);
+int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, char *drep, int size_is,
+ int hfinfo, gboolean add_subtree,
+ char **data);
+int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, char *drep);
+int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, char *drep);
typedef struct _dcerpc_sub_dissector {
guint16 num;
} dcerpc_sub_dissector;
/* registration function for subdissectors */
-void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs);
+void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
+char *dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver);
+dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver);
+
+/* Create a opnum, name value_string from a subdissector list */
+
+value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
/* Private data structure to pass to DCERPC dissector. This is used to
pass transport specific information down to the dissector from the
} data;
} dcerpc_private_info;
+/* Private data passed to subdissectors from the main DCERPC dissector. */
+typedef struct _dcerpc_call_value {
+ e_uuid_t uuid;
+ guint16 ver;
+ guint16 opnum;
+ guint32 req_frame;
+ nstime_t req_time;
+ guint32 rep_frame;
+ guint32 max_ptr;
+ void *private_data;
+} dcerpc_call_value;
+
+typedef struct _dcerpc_info {
+ conversation_t *conv; /* Which TCP stream we are in */
+ guint32 call_id; /* Context id for this call */
+ guint16 smb_fid; /* FID for DCERPC over SMB */
+ gboolean request;
+ gboolean conformant_run;
+ gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
+ guint32 array_max_count; /* max_count for conformant arrays */
+ guint32 array_max_count_offset;
+ guint32 array_offset;
+ guint32 array_offset_offset;
+ guint32 array_actual_count;
+ guint32 array_actual_count_offset;
+ int hf_index;
+ dcerpc_call_value *call_data;
+ void *private_data;
+} dcerpc_info;
+
+
+/* the registered subdissectors */
+extern GHashTable *dcerpc_uuids;
+
+typedef struct _dcerpc_uuid_key {
+ e_uuid_t uuid;
+ guint16 ver;
+} dcerpc_uuid_key;
+
+typedef struct _dcerpc_uuid_value {
+ int proto;
+ int ett;
+ gchar *name;
+ dcerpc_sub_dissector *procs;
+ int opnum_hf;
+} dcerpc_uuid_value;
+
+/* Authenticated pipe registration functions and miscellanea */
+
+typedef struct _decrpc_auth_subdissector_fns {
+ dcerpc_dissect_fnct_t *bind_fn;
+ dcerpc_dissect_fnct_t *bind_ack_fn;
+ dcerpc_dissect_fnct_t *auth3_fn;
+ dcerpc_dissect_fnct_t *req_verf_fn;
+ dcerpc_dissect_fnct_t *resp_verf_fn;
+ dcerpc_dissect_fnct_t *req_data_fn;
+ dcerpc_dissect_fnct_t *resp_data_fn;
+} dcerpc_auth_subdissector_fns;
+
+void register_dcerpc_auth_subdissector(guint8 auth_level, guint8 auth_type,
+ dcerpc_auth_subdissector_fns *fns);
+
+/* Authentication services */
+
+#define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
+#define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
+#define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
+#define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
+#define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
+
+/* Protection levels */
+
+#define DCE_C_AUTHN_LEVEL_NONE 1
+#define DCE_C_AUTHN_LEVEL_CONNECT 2
+#define DCE_C_AUTHN_LEVEL_CALL 3
+#define DCE_C_AUTHN_LEVEL_PKT 4
+#define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
+#define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
+
+typedef struct _decrypted_info_t {
+ tvbuff_t *decr_tvb;
+ proto_tree *decr_tree;
+} decrypted_info_t;
+
#endif /* packet-dcerpc.h */