2 * Copyright 2001, Todd Sabin <tas@webspan.net>
4 * $Id: packet-dcerpc.h,v 1.29 2003/02/07 22:44:54 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 #ifndef __PACKET_DCERPC_H__
26 #define __PACKET_DCERPC_H__
28 #include <epan/conversation.h>
30 typedef struct _e_uuid_t {
37 /* %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x */
38 #define DCERPC_UUID_STR_LEN 36+1
40 typedef struct _e_ctx_hnd {
45 typedef struct _e_dce_cn_common_hdr_t {
54 } e_dce_cn_common_hdr_t;
56 typedef struct _e_dce_dg_common_hdr_t {
76 } e_dce_dg_common_hdr_t;
88 #define PDU_CL_CANCEL 8
90 #define PDU_CANCEL_ACK 10
92 #define PDU_BIND_ACK 12
93 #define PDU_BIND_NAK 13
95 #define PDU_ALTER_ACK 15
97 #define PDU_SHUTDOWN 17
98 #define PDU_CO_CANCEL 18
99 #define PDU_ORPHANED 19
103 * helpers for packet-dcerpc.c and packet-dcerpc-ndr.c
104 * If you're writing a subdissector, you almost certainly want the
105 * NDR functions below.
107 guint16 dcerpc_tvb_get_ntohs (tvbuff_t *tvb, gint offset, char *drep);
108 guint32 dcerpc_tvb_get_ntohl (tvbuff_t *tvb, gint offset, char *drep);
109 void dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, char *drep, e_uuid_t *uuid);
110 int dissect_dcerpc_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
111 proto_tree *tree, char *drep,
112 int hfindex, guint8 *pdata);
113 int dissect_dcerpc_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
114 proto_tree *tree, char *drep,
115 int hfindex, guint16 *pdata);
116 int dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
117 proto_tree *tree, char *drep,
118 int hfindex, guint32 *pdata);
119 int dissect_dcerpc_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
120 proto_tree *tree, char *drep,
121 int hfindex, unsigned char *pdata);
122 int dissect_dcerpc_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
123 proto_tree *tree, char *drep,
124 int hfindex, gfloat *pdata);
125 int dissect_dcerpc_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
126 proto_tree *tree, char *drep,
127 int hfindex, gdouble *pdata);
128 int dissect_dcerpc_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
129 proto_tree *tree, char *drep,
130 int hfindex, guint32 *pdata);
132 * NDR routines for subdissectors.
134 int dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
135 proto_tree *tree, char *drep,
136 int hfindex, guint8 *pdata);
137 int dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
138 proto_tree *tree, char *drep,
139 int hfindex, guint16 *pdata);
140 int dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
141 proto_tree *tree, char *drep,
142 int hfindex, guint32 *pdata);
143 int dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
144 proto_tree *tree, char *drep,
145 int hfindex, unsigned char *pdata);
146 int dissect_ndr_float (tvbuff_t *tvb, gint offset, packet_info *pinfo,
147 proto_tree *tree, char *drep,
148 int hfindex, gfloat *pdata);
149 int dissect_ndr_double (tvbuff_t *tvb, gint offset, packet_info *pinfo,
150 proto_tree *tree, char *drep,
151 int hfindex, gdouble *pdata);
152 int dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
153 proto_tree *tree, char *drep,
154 int hfindex, guint32 *pdata);
155 int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
156 proto_tree *tree, char *drep,
157 int hfindex, e_uuid_t *pdata);
158 int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
159 proto_tree *tree, char *drep,
160 int hfindex, e_ctx_hnd *pdata);
162 typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep);
164 typedef void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset, void *callback_args);
166 #define NDR_POINTER_REF 1
167 #define NDR_POINTER_UNIQUE 2
168 #define NDR_POINTER_PTR 3
170 int dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
171 proto_tree *tree, char *drep,
172 dcerpc_dissect_fnct_t *fnct, int type, char *text,
173 int hf_index, dcerpc_callback_fnct_t *callback,
174 void *callback_args);
176 int dissect_ndr_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
177 proto_tree *tree, char *drep,
178 dcerpc_dissect_fnct_t *fnct, int type, char *text,
181 /* dissect a NDR unidimensional conformant array */
182 int dissect_ndr_ucarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
183 proto_tree *tree, char *drep,
184 dcerpc_dissect_fnct_t *fnct);
186 /* dissect a NDR unidimensional conformant and varying array */
187 int dissect_ndr_ucvarray(tvbuff_t *tvb, gint offset, packet_info *pinfo,
188 proto_tree *tree, char *drep,
189 dcerpc_dissect_fnct_t *fnct);
191 int dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo,
192 proto_tree *tree, char *drep);
194 char *fake_unicode(tvbuff_t *tvb, int offset, int len);
196 int dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
197 proto_tree *tree, char *drep, int size_is,
198 int hfinfo, gboolean add_subtree);
199 int dissect_ndr_char_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
200 proto_tree *tree, char *drep);
201 int dissect_ndr_wchar_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo,
202 proto_tree *tree, char *drep);
204 typedef struct _dcerpc_sub_dissector {
207 dcerpc_dissect_fnct_t *dissect_rqst;
208 dcerpc_dissect_fnct_t *dissect_resp;
209 } dcerpc_sub_dissector;
211 /* registration function for subdissectors */
212 void dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver, dcerpc_sub_dissector *procs, int opnum_hf);
213 char *dcerpc_get_proto_name(e_uuid_t *uuid, guint16 ver);
214 dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver);
217 /* Private data structure to pass to DCERPC dissector. This is used to
218 pass transport specific information down to the dissector from the
219 dissector that parsed this encapsulated calls. */
221 #define DCERPC_TRANSPORT_SMB 1
223 typedef struct _dcerpc_private_info {
224 int transport_type; /* Tag */
227 struct { /* DCERPC_TRANSPORT_SMB */
231 } dcerpc_private_info;
233 /* Private data passed to subdissectors from the main DCERPC dissector. */
234 typedef struct _dcerpc_call_value {
245 typedef struct _dcerpc_info {
246 conversation_t *conv; /* Which TCP stream we are in */
247 guint32 call_id; /* Context id for this call */
248 guint16 smb_fid; /* FID for DCERPC over SMB */
250 gboolean conformant_run;
251 gint32 conformant_eaten; /* how many bytes did the conformant run eat?*/
252 guint32 array_max_count; /* max_count for conformant arrays */
253 guint32 array_max_count_offset;
254 guint32 array_offset;
255 guint32 array_offset_offset;
256 guint32 array_actual_count;
257 guint32 array_actual_count_offset;
259 dcerpc_call_value *call_data;
264 /* the registered subdissectors */
265 extern GHashTable *dcerpc_uuids;
267 typedef struct _dcerpc_uuid_key {
272 typedef struct _dcerpc_uuid_value {
276 dcerpc_sub_dissector *procs;
281 #endif /* packet-dcerpc.h */