2 * Routines for SQL ORcle packet dissection
4 * The initial Wireshark version of this file was imported from the
5 * ClearSight source code package.
6 * No author/copyright given in the original file.
10 * Wireshark - Network traffic analyzer
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 #define TCP_PORT_TNS 1522 /* XXX 1521 collides with packet-tns.c */
34 #include <epan/packet.h>
35 #include "packet-sqloracle.h"
36 #define SWAP_UI16(ui16) (((ui16)>>8 & 0xff) | ((ui16)<<8 & 0xff00))
39 #define OPTION_CANCEL 0x80
40 #define OPTION_FETCH 0x40
41 #define OPTION_EXCUTE 0x20
42 #define OPTION_DEFINE 0x10
43 #define OPTION_BIND 0x08
44 #define OPTION_DESC_BIND 0x04
45 #define OPTION_PARSE 0x02
48 #define OPTION_PLSQL 0x80
49 #define OPTION_PARSE2 0x40
50 #define OPTION_VECTOR 0x04
51 #define OPTION_FETCH2 0x02
52 #define OPTION_COMMIT 0x01
57 static gint proto_sqloracle = -1;
58 static gint ett_sqloracle = -1;
59 static gint ett_sqloracle_operation = -1;
61 static int hf_sqloracle_operation = -1;
62 static int hf_sqloracle_func_type = -1;
63 /* static int hf_sqloracle_stmt_length = -1; */
64 static int hf_sqloracle_stmt = -1;
65 /* static int hf_sqloracle_v8ttluds_tname = -1;
66 static int hf_sqloracle_v8ttluds_sname = -1;
67 static int hf_sqloracle_v8ttluds_columnname = -1;
68 static int hf_sqloracle_v8ttluds_scrlength = -1;
69 static int hf_sqloracle_v8ttluds_nullallow = -1;
70 static int hf_sqloracle_v8ttluds_header= -1;
71 static int hf_sqloracle_v8ttloac_formuse = -1;
72 static int hf_sqloracle_v8ttloac_ncs = -1;
73 static int hf_sqloracle_v8ttloac_oid = -1;
74 static int hf_sqloracle_v8ttloac_header =-1;
75 static int hf_sqloracle_ttloac_flag2 = -1;
76 static int hf_sqloracle_ttloac_mal = -1;
77 static int hf_sqloracle_ttloac_varcharlen = -1;
78 static int hf_sqloracle_ttloac_dummy = -1;
79 static int hf_sqloracle_ttloac_scalesize = -1;
80 static int hf_sqloracle_ttloac_prefix = -1;
81 static int hf_sqloracle_ttloac_flag1 = -1;
82 static int hf_sqloracle_ttloac_type = -1;
83 static int hf_sqloracle_ttloac_header = -1;
85 static int hf_sqloracle_flag = -1;
86 static int hf_sqloracle_num_column = -1;
87 /* static int hf_sqloracle_v8ttloac_vsn = -1; */
88 static int hf_sqloracle_itemNum = -1;
89 static int hf_sqloracle_numItersThisTime = -1;
90 static int hf_sqloracle_uacBufLength = -1;
92 static dissector_handle_t data_handle;
93 static dissector_handle_t sqloracle_handle;
94 static char m_pCurQuery[2025];
96 static int m_numOfUpdate =0;
97 /* static int m_tnsErrors = 0; */
98 static int m_numOfSelect = 0;
99 static int m_numOfInsert = 0;
100 static int m_numOfDelete = 0;
101 static int m_numOfRollback = 0;
102 static int m_numOfSet = 0;
103 static int m_numOfStart = 0;
104 static int m_numOfCommit = 0;
105 static int m_numOfOtherStatement = 0;
106 static int m_numOfTransaction = 0;
107 /* static int m_bReAssembling = 0; */
108 /* SQLORACLE flags */
109 /*static const true_false_string flags_set_truth =
114 static const value_string sqloracle_operation_type[] = {
115 {NET8_TYPE_SETPROP, "Set protocol" },
116 {NET8_TYPE_SETDATAREP, "Set data representations" },
117 {NET8_TYPE_USERTOSERVER, "User request" },
118 {NET8_TYPE_ERRORSTATUS, "Error: No data found" },
119 {NET8_TYPE_AUAS, "Access user address space" },
120 {NET8_TYPE_ROWTRANSFER, "Row transfer header" },
121 {NET8_TYPE_ROWDATA, "Row transfer data follows" },
122 {NET8_TYPE_OPIPARAM, "Return OPI parameter" },
123 {NET8_TYPE_FUNCCOMPLETE, "Oracle function complete"},
124 {NET8_TYPE_TTINOER, "N Error return definitions follow"},
125 {NET8_TYPE_TTIIOV, "Sending I/O Vec only for fast UPI"},
126 {NET8_TYPE_TTISLG, "Send long for fast UPI"},
127 {NET8_TYPE_TTIICA, "Invoke user callback"},
128 {NET8_TYPE_TTILOBD, "LOB/FILE data follows"},
129 {NET8_TYPE_TTIWRN, "Warning messages - may be a set of them"},
130 {NET8_TYPE_DESCINFO, "Describe information"},
131 {NET8_TYPE_PIGGYBACKFUNC, "Piggyback function follows"},
132 {NET8_TYPE_TTI3GL, "signals special action for untrusted callout support"},
133 {NET8_TYPE_TTIFOB, "Flush Out Bind data in DML/w RETURN when error"},
134 {NET8_TYPE_SECURENEG, "Secure Network Services Negotiation"},
138 static const value_string sql_func_type[] = {
139 {NET8_USER_FUNC_OLOGON, " Logon to Oracle"},
140 {NET8_USER_FUNC_OPENCURSOR, "Open cursor" },
141 {NET8_USER_FUNC_PARSE, "Parse statement" },
142 {NET8_USER_FUNC_EXECUTE, "Execute statement" },
143 {NET8_USER_FUNC_OFETCH, " Fetch row" },
144 {NET8_USER_FUNC_CLOSECURSOR, "Close cursor" },
145 {NET8_USER_FUNC_OLOGOFF, "Logoff" },
146 {NET8_USER_FUNC_ODSCRIBE, "Describe select list column" },
147 {NET8_USER_FUNC_ODEFIN, "Define where column goes" },
148 {NET8_USER_FUNC_OCOMON, "Autocommit On" },
149 {NET8_USER_FUNC_OCOMOFF, "Autocommit Off" },
150 {NET8_USER_FUNC_OCOMMIT, "Commit" },
151 {NET8_USER_FUNC_OROLLBACK, "Rollback" },
152 {NET8_USER_FUNC_OSFE, "Set fatal error options" },
153 {NET8_USER_FUNC_ORESUME, "Resume current operation" },
154 {NET8_USER_FUNC_OVERSN, "Get version-date string" },
155 {NET8_USER_FUNC_OTEMP, "(Obsolete)" },
156 {NET8_USER_FUNC_CANCEL, "Cancel Operation" },
157 {NET8_USER_FUNC_OGEM, "Get error message" },
158 {NET8_USER_FUNC_OSPECIAL, "Special function" },
159 {NET8_USER_FUNC_OABORT, "Abort" },
160 {NET8_USER_FUNC_ODQRID, "Dequeue by rowid" },
161 {NET8_USER_FUNC_OLNGF6, "Fetch long value" },
162 {NET8_USER_FUNC_OHOWMANY, "How Many Items?" },
163 {NET8_USER_FUNC_OINIT, "Initialize Database" },
164 {NET8_USER_FUNC_OCHANGEU, "Change user_id" },
165 {NET8_USER_FUNC_OBINDRP, "Bind by reference positional" },
166 {NET8_USER_FUNC_OGETBV, "Get n'th Bind Variable" },
167 {NET8_USER_FUNC_OGETIV, "Get n'th Into Variable" },
168 {NET8_USER_FUNC_OBINDRV, "Bind by reference" },
169 {NET8_USER_FUNC_OBINDRN, "Bind by reference numeric" },
170 {NET8_USER_FUNC_OPARSEX, "Parse And Execute" },
171 {NET8_USER_FUNC_OPARSYN, "Parse for Syntax only" },
172 {NET8_USER_FUNC_OPARSDI, "Parse for Syntax & SQL Dictionary lookup" },
173 {NET8_USER_FUNC_OCONTINUE, "Continue serving after eof" },
174 {NET8_USER_FUNC_ODSCRARR, "Describe Columns" },
175 {NET8_USER_FUNC_OLCCINI, "Init sys pars command table" },
176 {NET8_USER_FUNC_OLCCFIN, "Finalize sys pars command table" },
177 {NET8_USER_FUNC_OLCCPUT, "Put sys par in command table" },
178 {NET8_USER_FUNC_OV6STRT, "Start Oracle (V6)" },
179 {NET8_USER_FUNC_OV6STOP, "Poll for shut down Oracle (V6)" },
180 {NET8_USER_FUNC_ORIP, "Run independent process (V6)" },
181 {NET8_USER_FUNC_OARCHIVE, "Archive op (V6)" },
182 {NET8_USER_FUNC_OMRSTART, "Media recovery - start (V6)" },
183 {NET8_USER_FUNC_OMRRECTS, "Media recovery - record tablespace to recover (V6)"},
184 {NET8_USER_FUNC_OMRGSLSQ, "Media recovery - get starting log seq # (V6)" },
185 {NET8_USER_FUNC_OMRREC, "Media recovery - recover using offline log (V6)" },
186 {NET8_USER_FUNC_OMRCAN, "Media recovery - cancel media recovery (V6)" },
187 {NET8_USER_FUNC_O2LOGON, "Logon to ORACLE" },
188 {NET8_USER_FUNC_OVERSION, "Get Version/Date String" },
189 {NET8_USER_FUNC_OINIT2, "New init call (supersedes OINIT)" },
190 {NET8_USER_FUNC_OCLOALL, "Reserved for MAC; close all cursors" },
191 {NET8_USER_FUNC_OALL, "Bundled execution call" },
192 {NET8_USER_FUNC_OTEX, "Transaction execute call (OS/2)" },
193 {NET8_USER_FUNC_OSDAUTH, "Set DBA authorization call (OS/2)" },
194 {NET8_USER_FUNC_OUDLFUN, "Direct loader: functions" },
195 {NET8_USER_FUNC_OUDLBUF, "Direct loader: buffer transfer" },
196 {NET8_USER_FUNC_OK2RPC, "Distrib. trans. mgr. RPC" },
197 {NET8_USER_FUNC_ODSCIDX, "Describe indexes for distributed query" },
198 {NET8_USER_FUNC_OSESOPN, "Session operations" },
199 {NET8_USER_FUNC_OEXECSCN, "Execute using synchronized system commit numbers" },
200 {NET8_USER_FUNC_OALL7, "New V8 Bundle call" },
201 {NET8_USER_FUNC_OLONGF, "Long fetch version 7" },
202 {NET8_USER_FUNC_OEXECA, "Call opiexe from opiall" },
203 {NET8_USER_FUNC_OSQL7, "Parse call" },
204 {NET8_USER_FUNC_OOBS, "(Obsolete)" },
205 {NET8_USER_FUNC_ORPC, "RPC Call from pl" },
206 {NET8_USER_FUNC_OEXFEN, "OEXFEN" },
207 {NET8_USER_FUNC_OXAOPN, "XA operation" },
208 {NET8_USER_FUNC_OKGL, "KGL call" },
209 {NET8_USER_FUNC_03LOGON, "LogonB"},
210 {NET8_USER_FUNC_03LOGA, "LogonA"},
211 {NET8_USER_FUNC_OFNSTM, "Do Streaming Operation"},
212 {NET8_USER_FUNC_OPENSESS, "Open Session"},
213 {NET8_USER_FUNC_O71XAOPN, "X/Open XA operations"},
214 {NET8_USER_FUNC_ODEBUG, "Debug"},
215 {NET8_USER_FUNC_ODEBUGS, "Special Debug"},
216 {NET8_USER_FUNC_OXAST, "XA Start"},
217 {NET8_USER_FUNC_OXACM, "XA Commit"},
218 {NET8_USER_FUNC_OXAPR, "XA Prepare"},
219 {NET8_USER_FUNC_OXDP, "XA Import"},
220 {NET8_USER_FUNC_OKOD, "Get Object Value From Reference"},
221 {NET8_USER_FUNC_OCONNECT, "Connect"},
222 {NET8_USER_FUNC_OCBK, "call (kernel side only)"},
223 {NET8_USER_FUNC_OALL8, "OALL8"},
224 {NET8_USER_FUNC_OFNSTM2, "OFNSTM without the begintxn"},
225 {NET8_USER_FUNC_OLOBOPS, "LOB Operation"},
226 {NET8_USER_FUNC_OFILECRT, "FILE create call"},
227 {NET8_USER_FUNC_ODNY, "New Describe"},
228 {NET8_USER_FUNC_OCONNECT, "code for non blocking attach host"},
229 {NET8_USER_FUNC_OOPENRCS, "Open a recursive cursor"},
230 {NET8_USER_FUNC_OKPRALL, "Bundled KPR execution"},
231 {NET8_USER_FUNC_OPLS, "Bundled PL/SQL execution"},
232 {NET8_USER_FUNC_OTXSE, "transaction start, attach, detach"},
233 {NET8_USER_FUNC_OTXEN, "transaction commit, rollback, recover"},
234 {NET8_USER_FUNC_OCCA, "Cursor Close All"},
235 {NET8_USER_FUNC_OFOI, "Failover info piggyback"},
236 {NET8_USER_FUNC_O80SES, "V8 session switching piggyback"},
237 {NET8_USER_FUNC_ODDF, "Do Dummy Defines"},
238 {NET8_USER_FUNC_OLRMINI, "init sys pars"},
239 {NET8_USER_FUNC_OLRMFIN, "finalize sys pars"},
240 {NET8_USER_FUNC_OLRMPUT, "put sys par in par space"},
241 {NET8_USER_FUNC_OLRMTRM, "terminate sys pars"},
242 {NET8_USER_FUNC_OEXFENA, "execute but don't unmap (used from opiall0)"},
243 {NET8_USER_FUNC_OINIUCB, "OINIT for Untrusted CallBacks"},
244 {NET8_USER_FUNC_AUTH, "Authentication Call"},
245 {NET8_USER_FUNC_OFGI, "FailOver Get Instance Info"},
246 {NET8_USER_FUNC_OOTCO, "Oracle Transaction service COmmit remote sites"},
247 {NET8_USER_FUNC_GETSESSKEY, "Get the session key"},
248 {NET8_USER_FUNC_ODSY, "V8 Describe Any"},
249 {NET8_USER_FUNC_OCANA, "Cancel All"},
250 {NET8_USER_FUNC_OAQEQ, "AQ EnQueue"},
251 {NET8_USER_FUNC_OAQDQ, "AQ Dequeue"},
252 {NET8_USER_FUNC_ORFS, "RFS call"},
253 {NET8_USER_FUNC_OKPN, "Kernel Programmatic Notification"},
261 /*+------------------------------------------------------
263 * Convert hex data to character string
264 *--------------------------------------------------------
266 char * convertHexToString(BYTE *pSrc, UI16_T length)
270 char hex[17] = "0123456789ABCDEF";
272 int limit = 2*length;
273 if (limit >= sizeof(buf) - 3)
274 limit = sizeof(buf) - 3;
277 for( i=0; i<limit; i+=2)
279 buf[i] = hex[*pSrc>>4];
280 buf[i+1] = hex[*pSrc&0x0F];
286 for(int i=0; i<length*2; i++)
288 buf[i] = hex[*pSrc>>4];
289 buf[++i] = hex[*pSrc&0x0F];
292 buf[length*2] = '\0';
295 /* hexString = buf; */
296 strcpy (hexString, buf);
301 static void ParseSqlStatement(/*char *appMsg,*/ UI8_P pSqlData, UI16_T dataLen)
303 char *pSqlModifyData = (I8_P)m_pCurQuery;
306 while (*pSqlData != '\1' && *pSqlData != '\0' && i < dataLen)
310 *pSqlModifyData = ' ';
314 *pSqlModifyData = *pSqlData;
322 *pSqlModifyData = '\0';
325 appMsg = (I8_P)m_pCurQuery;
328 if (strncasecmp((I8_P)m_pCurQuery, "update", 6) == 0)
332 pSummaryStat->m_numOfUpdate++;
333 if (m_pServerNode != NULL)
334 m_pServerNode->m_numOfUpdate++;
337 else if (strncasecmp((I8_P)m_pCurQuery, "select", 6) == 0)
341 pSummaryStat->m_numOfSelect++;
342 if (m_pServerNode != NULL)
343 m_pServerNode->m_numOfSelect++;
346 else if (strncasecmp((I8_P)m_pCurQuery, "insert", 6) == 0)
350 pSummaryStat->m_numOfInsert++;
351 if (m_pServerNode != NULL)
352 m_pServerNode->m_numOfInsert++;
355 else if (strncasecmp((I8_P)m_pCurQuery, "delete", 6) == 0)
359 pSummaryStat->m_numOfDelete++;
360 if (m_pServerNode != NULL)
361 m_pServerNode->m_numOfDelete++;
364 else if (strncasecmp((I8_P)m_pCurQuery, "rollback", 8) == 0)
368 pSummaryStat->m_numOfRollback++;
369 if (m_pServerNode != NULL)
370 m_pServerNode->m_numOfRollback++;
373 else if (strncasecmp((I8_P)m_pCurQuery, "set", 3) == 0)
377 pSummaryStat->m_numOfSet++;
378 if (m_pServerNode != NULL)
379 m_pServerNode->m_numOfSet++;
382 else if (strncasecmp((I8_P)m_pCurQuery, "start", 5) == 0)
386 pSummaryStat->m_numOfStart++;
387 if (m_pServerNode != NULL)
388 m_pServerNode->m_numOfStart++;
391 else if (strncasecmp((I8_P)m_pCurQuery, "commit", 6) == 0)
395 pSummaryStat->m_numOfCommit++;
396 if (m_pServerNode != NULL)
397 m_pServerNode->m_numOfCommit++;
402 m_numOfOtherStatement++;
404 pSummaryStat->m_numOfOtherStatement++;
405 if (m_pServerNode != NULL)
406 m_pServerNode->m_numOfOtherStatement++;
410 m_numOfTransaction++;
412 m_pSummaryStat->m_numOfTransaction++;
413 if (m_pServerNode != NULL)
414 m_pServerNode->m_numOfTransaction++;
419 static gboolean FindBeginningSQLString(UI8_P *pBuf, UI16_T *pDataLen, int lookSize)
421 /* the position could still be off by x bytes, check if it happened to be landing on an address */
422 /* int i = 31; /+ allow upto 8 bad bytes */
423 UI8_P pString = *pBuf;
424 gboolean bAlpha1 = isalpha(pString[0]) != 0;
425 gboolean bAlpha2 = isalpha(pString[1]) != 0;
426 gboolean bAlpha3 = isalpha(pString[2]) != 0;
427 gboolean bAlpha4 = isalpha(pString[3]) != 0;
428 gboolean bComment = FALSE;
429 UI16_T dataLen = *pDataLen;
430 while ( (dataLen > 2) && (lookSize > 0) && ((bAlpha1 == FALSE) || (bAlpha2 == FALSE) || (bAlpha3 == FALSE) || (bAlpha4 == FALSE)))
432 /* check if we need to find the ending comment */
435 if (*((UI16_P)pString) == 0x2F2A) /* ending comment */
438 pString ++; /* skip the comment */
446 /* check if there is a comment string prepended to the statement */
447 if (*((UI16_P)pString) == 0x2A2F) /* beginning of comment */
452 bAlpha2 = isalpha(pString[1]) != 0;
453 bAlpha3 = isalpha(pString[2]) != 0;
454 bAlpha4 = isalpha(pString[3]) != 0;
459 bAlpha2 = isalpha(pString[1]) != 0;
460 bAlpha3 = isalpha(pString[2]) != 0;
461 bAlpha4 = isalpha(pString[3]) != 0;
463 /* don't count the zeros */
464 if (*((UI8_P)pString) != 0x0)
468 if (bAlpha1 && bAlpha2 && bAlpha3 && bAlpha4)
478 static gboolean ParseCommand(proto_tree *tree,tvbuff_t *tvb, int offset, packet_info *pinfo,UI16_T dataLen)
480 UI8_T pAddress[1024];
481 UI16_T SQLDataLen = dataLen;
484 for (i=0; i<1024;i++)
488 tvb_memcpy (tvb, pAddress,offset, dataLen);
489 pAddr = (UI8_P)pAddress;
490 /* see if SQL statement is there */
491 if (FindBeginningSQLString((UI8_P*)&pAddr, &SQLDataLen, 0x30) == TRUE)
493 ParseSqlStatement( pAddr, dataLen);
495 proto_tree_add_text(tree, tvb, offset+dataLen-SQLDataLen, SQLDataLen,
496 "SQL statement = %s",m_pCurQuery);
497 if (check_col(pinfo->cinfo, COL_INFO))
498 col_clear(pinfo->cinfo, COL_INFO);
499 if (check_col(pinfo->cinfo, COL_INFO))
500 col_add_fstr(pinfo->cinfo, COL_INFO, "%s",m_pCurQuery );
507 static gboolean ParseNewCommand( proto_tree *tree,tvbuff_t *tvb, int offset, packet_info *pinfo, UI16_T dataLen)
509 UI8_T pAddress[1024];
510 /* find the first sequence of zeros */
511 int amount = dataLen - 12;
512 int i = 0, sqlamount;
514 tvb_memcpy (tvb, pAddress,offset, dataLen);
515 pAddr = (UI8_P)&pAddress;
516 for (; i < amount; i++)
518 if (*((UI32_P)((UI8_P)pAddr++)) == 0x0000)
521 /* was there a sequence of 4 zeros */
525 return FALSE; /* went past, can not be a sql command */
527 /* look for the end of the zeros */
528 amount = dataLen - i - 4; /* rest of the data */
530 for (i = 0; *pAddr++ == 0 && i < amount; i++);
534 return FALSE; /* no values after zeros */
537 amount -= i + 1; /* rest of the data */
539 /* see if SQL statement is there */
541 if (FindBeginningSQLString((UI8_P*)&pAddr, (UI16_P)&sqlamount, 13) == TRUE)
543 ParseSqlStatement( pAddr, amount);
544 if (check_col(pinfo->cinfo, COL_INFO))
545 col_clear(pinfo->cinfo, COL_INFO);
546 if (check_col(pinfo->cinfo, COL_INFO))
547 col_add_fstr(pinfo->cinfo, COL_INFO, "%s",m_pCurQuery );
548 proto_tree_add_text(tree, tvb, offset+amount-sqlamount, sqlamount,
549 "SQL statement = %s",m_pCurQuery);
560 dissect_sqloracle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
562 proto_item *ti = NULL;
563 proto_tree *sqloracle_tree = NULL;
564 int offset = 0,dataLen,nocol,numItersThisTime,flag,iterNum,uacBufLength;
565 guint8 header_operation,func_type=0;
566 m_pCurQuery[0] = '0';
569 pinfo->current_proto = "SQLORACLE";
570 if ( check_col( pinfo->cinfo, COL_PROTOCOL ))
571 col_set_str( pinfo->cinfo, COL_PROTOCOL, "SQL" );
572 if (check_col(pinfo->cinfo, COL_INFO))
573 col_clear(pinfo->cinfo, COL_INFO);
575 header_operation = tvb_get_guint8(tvb, offset);
576 dataLen = tvb_reported_length_remaining(tvb, offset);
577 if (header_operation != NET8_TYPE_FUNCCOMPLETE)
578 func_type = tvb_get_guint8(tvb, offset+1);
580 if ( check_col(pinfo->cinfo, COL_INFO))
582 col_add_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(header_operation, sqloracle_operation_type, ""));
587 ti = proto_tree_add_item(tree, proto_sqloracle, tvb, 0, -1, FALSE);
588 sqloracle_tree = proto_item_add_subtree(ti, ett_sqloracle);
589 proto_tree_add_uint(sqloracle_tree, hf_sqloracle_operation, tvb, offset, 1,header_operation);
590 if (func_type && header_operation !=NET8_TYPE_ROWTRANSFER)
591 proto_tree_add_uint(sqloracle_tree, hf_sqloracle_func_type, tvb, offset+1, 1,func_type);
594 switch (header_operation)
596 case NET8_TYPE_USERTOSERVER: /* 0x3 */
597 if ( check_col(pinfo->cinfo, COL_INFO))
599 col_append_fstr(pinfo->cinfo, COL_INFO, ":%s ", val_to_str(func_type, sql_func_type, ""));
603 case NET8_USER_FUNC_PARSE:
604 ParseCommand(sqloracle_tree,tvb,offset+0x0B,pinfo,dataLen-0x0B);
606 case NET8_USER_FUNC_OALL:
607 case NET8_USER_FUNC_OALL8:
608 /* command could be embedded in this packet
609 * filtered_for_hh02_and_hh05.enc has commands that are not 0x2f offset
610 * try to detect the difference by looking at the offset 0x12 for 6 zeros
612 if (dataLen > (0x19 + 8)) /* assume minimum of 8 chars for the command */
614 /* piggybacked functions will recursive call this routine to process the command */
615 if (ParseCommand(sqloracle_tree,tvb, offset+0x12, pinfo,dataLen - 0x12) == TRUE)
619 case NET8_USER_FUNC_OSQL7: /* 0x4A */
620 /* command could be embedded in this packet */
621 /* aig oracle.enc has smaller data */
622 if (dataLen > (0x2A /*0x30/0x14*/ + 8)) /* minimum of 8 chars */
624 if (ParseCommand(sqloracle_tree,tvb, offset + 0x2A /*0x30/0x14*/, pinfo,dataLen - 0x2A /*0x30/0x14*/) == TRUE)
629 case NET8_USER_FUNC_OALL7: /* 0x47 */
630 /* command could be embedded in this packet */
631 if (dataLen > (0x2A /*0x30/0x14*/ + 8)) /* minimum of 8 chars */
633 if (ParseCommand(sqloracle_tree,tvb, offset + 0x14, pinfo,dataLen - 0x14) == TRUE)
635 if (check_col(pinfo->cinfo, COL_INFO))
636 col_add_fstr(pinfo->cinfo, COL_INFO, "%s",m_pCurQuery );
640 /* appdncr.enc has this smaller command */
641 if (ParseCommand(sqloracle_tree,tvb, offset + 0x30, pinfo,dataLen - 0x30) == TRUE)
647 case NET8_TYPE_ROWTRANSFER: /* 0x06 */
649 proto_tree_add_uint(sqloracle_tree, hf_sqloracle_flag, tvb, offset+1, 1,flag);
650 nocol = tvb_get_guint8(tvb, offset+2);
651 iterNum = tvb_get_guint8(tvb, offset+3);
652 numItersThisTime = tvb_get_ntohs(tvb, offset+5);
653 uacBufLength = tvb_get_ntohs(tvb, offset+7);
654 proto_tree_add_uint(sqloracle_tree, hf_sqloracle_num_column, tvb, offset+2, 1,nocol);
655 proto_tree_add_uint(sqloracle_tree, hf_sqloracle_itemNum, tvb, offset+3, 1,iterNum);
656 proto_tree_add_uint(sqloracle_tree, hf_sqloracle_numItersThisTime, tvb, offset+5, 2,numItersThisTime);
657 proto_tree_add_uint(sqloracle_tree, hf_sqloracle_uacBufLength, tvb, offset+7, 2,uacBufLength);
665 } /* dissect_sqloracle */
668 proto_register_sqloracle(void)
670 static hf_register_info hf[] =
672 { &hf_sqloracle_operation,
673 { "Basic Operation", "sqloracle.operation", FT_UINT8, BASE_DEC, VALS(sqloracle_operation_type), 0x0, "", HFILL }
675 { &hf_sqloracle_func_type,
676 { "Function Type", "sqloracle.type", FT_UINT8, BASE_DEC, VALS(sql_func_type), 0x0, "", HFILL }
678 { &hf_sqloracle_flag,
679 { "flag", "sqloracle.flag", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
681 { &hf_sqloracle_num_column,
682 { "Number of Columns", "sqloracle.nocolumn", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
684 { &hf_sqloracle_itemNum,
685 { "Iteration Number", "sqloracle.itemNum", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
687 { &hf_sqloracle_numItersThisTime,
688 { "# of iterations this time", "sqloracle.numItersThisTime", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
690 { &hf_sqloracle_uacBufLength,
691 { "user access buffer length", "sqloracle.uacBufLength", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }
693 /* { &hf_sqloracle_ttloac_header,
694 { "TTLOAC Header", "sqloracle.ttloac_header", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
697 { &hf_sqloracle_ttloac_type,
698 { "type", "sqloracle.ttloac_type", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
700 { &hf_sqloracle_ttloac_flag1,
701 { "flag1", "sqloracle.ttloac_flag1", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
703 { &hf_sqloracle_ttloac_prefix,
704 { "prefix", "sqloracle.ttloac_prefix", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
706 { &hf_sqloracle_ttloac_scalesize,
707 { "scale size", "sqloracle.ttloac_scalesize", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
709 { &hf_sqloracle_ttloac_dummy,
710 { "dummy", "sqloracle.ottloac_dummy", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
712 { &hf_sqloracle_ttloac_varcharlen,
713 { "varcharlen", "sqloracle.ttloac_varcharlen", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
715 { &hf_sqloracle_ttloac_mal,
716 { "mal", "sqloracle.ttloac_mal", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
718 { &hf_sqloracle_ttloac_flag2,
719 { "flag2", "sqloracle.ttloac_flag2", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
721 { &hf_sqloracle_v8ttloac_header,
722 { "V8TTLOAC Header", "sqloracle.v8ttloac_header", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
725 { &hf_sqloracle_v8ttloac_oid,
726 { "oid", "sqloracle.v8ttloac_oid", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
728 { &hf_sqloracle_v8ttloac_vsn,
729 { "vsn", "sqloracle.v8ttloac_vsn", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
731 { &hf_sqloracle_v8ttloac_ncs,
732 { "ncs", "sqloracle.v8ttloac_ncs", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
734 { &hf_sqloracle_v8ttloac_formuse,
735 { "FormUse", "sqloracle.v8ttloac_formuse", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
737 { &hf_sqloracle_v8ttluds_header,
738 { "V8TTLUDS Header", "sqloracle.v8ttluds_header", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
741 { &hf_sqloracle_v8ttluds_nullallow,
742 { "null allowed", "sqloracle.v8ttluds_nullallow", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
744 { &hf_sqloracle_v8ttluds_scrlength,
745 { "screen length", "sqloracle.v8ttluds_scrlength", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
747 { &hf_sqloracle_v8ttluds_columnname,
748 { "column name", "sqloracle.v8ttluds_columnname", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
750 { &hf_sqloracle_v8ttluds_sname,
751 { "sName", "sqloracle.v8ttluds_snname", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
753 { &hf_sqloracle_v8ttluds_tname,
754 { "tName", "sqloracle.v8ttluds_tname", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }
756 { &hf_sqloracle_stmt_length,
757 { "SQL Statement Length", "sqloracle.stmtlength", FT_UINT8, BASE_DEC, NULL, 0x0,
759 */ { &hf_sqloracle_stmt,
760 { "SQL statement", "sqloracle.stmt", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }
767 &ett_sqloracle_operation,
770 proto_sqloracle = proto_register_protocol("SQL -Net8 Data", "SQL", "sqloracle");
771 proto_register_field_array(proto_sqloracle, hf, array_length(hf));
772 proto_register_subtree_array(ett, array_length(ett));
775 register_dissector("sqloracle", dissect_sqloracle, proto_sqloracle);
779 proto_reg_handoff_sqloracle(void)
782 sqloracle_handle = create_dissector_handle(dissect_sqloracle, proto_sqloracle);
783 dissector_add("tns.port", TCP_PORT_TNS, sqloracle_handle);
784 data_handle = find_dissector("data");