* Routines for DCERPC packet disassembly
* Copyright 2001, Todd Sabin <tas@webspan.net>
*
- * $Id: packet-dcerpc.c,v 1.121 2003/05/14 22:09:52 sharpe Exp $
+ * $Id: packet-dcerpc.c,v 1.122 2003/05/15 01:59:23 tpot Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
#include "packet-frame.h"
#include "packet-ntlmssp.h"
#include "packet-dcerpc-nt.h"
+#include "packet-dcerpc-netlogon.h"
static int dcerpc_tap = -1;
}
case DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN: {
-
- /* TODO: Fill me in when we know what goes here */
-
- proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len,
- "Secure Channel Auth Credentials");
- break;
+ tvbuff_t *secchan_tvb;
+
+ secchan_tvb = tvb_new_subset(
+ tvb, offset, hdr->auth_len, hdr->auth_len);
+
+ switch(hdr->ptype) {
+ case PDU_BIND:
+ netlogon_dissect_secchan_bind_creds(
+ secchan_tvb, 0, pinfo, dcerpc_tree,
+ hdr->drep);
+ break;
+ case PDU_BIND_ACK:
+ netlogon_dissect_secchan_bind_ack_creds(
+ secchan_tvb, 0, pinfo, dcerpc_tree,
+ hdr->drep);
+ break;
+ default:
+ proto_tree_add_text(
+ dcerpc_tree, secchan_tvb, 0, hdr->auth_len,
+ "Secure Channel Credentials");
+ }
+ break;
}
default:
}
}
+/* Return a string describing a DCE/RPC fragment as first, middle, or end
+ fragment. */
+
+#define PFC_FRAG_MASK 0x03
+
+static char *
+fragment_type(guint8 flags)
+{
+ flags = flags & PFC_FRAG_MASK;
+
+ if (flags == PFC_FIRST_FRAG)
+ return "first";
+
+ if (flags == 0)
+ return "middle";
+
+ if (flags == PFC_LAST_FRAG)
+ return "last";
+
+ if (flags == (PFC_FIRST_FRAG | PFC_LAST_FRAG))
+ return "whole";
+
+ return "unknown";
+}
+
static void
dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *dcerpc_tree, proto_tree *tree,
proto_tree_add_uint(dcerpc_tree, hf_dcerpc_reassembled_in, tvb, 0, 0, fd_head->reassembled_in);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
- " [DCE/RPC fragment]");
+ " [DCE/RPC %s fragment]", fragment_type(hdr->flags));
}
}
} else {
are missing */
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
- " [DCE/RPC fragment]");
+ " [DCE/RPC %s fragment]", fragment_type(hdr->flags));
}
}