2 * Routines for DCERPC NDR dissection
3 * Copyright 2001, Todd Sabin <tas@webspan.net>
5 * $Id: packet-dcerpc-ndr.c,v 1.14 2003/11/21 02:48:11 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #include <epan/packet.h>
35 #include "packet-dcerpc.h"
39 * The NDR routines are for use by dcerpc subdissetors. They're
40 * primarily for making sure things are aligned properly according
41 * to the rules of NDR.
45 dissect_ndr_uint8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
46 proto_tree *tree, char *drep,
47 int hfindex, guint8 *pdata)
51 di=pinfo->private_data;
52 if(di->conformant_run){
53 /* just a run to handle conformant arrays, no scalars to dissect */
57 /* no alignment needed */
58 return dissect_dcerpc_uint8 (tvb, offset, pinfo,
59 tree, drep, hfindex, pdata);
63 dissect_ndr_uint16 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
64 proto_tree *tree, char *drep,
65 int hfindex, guint16 *pdata)
69 di=pinfo->private_data;
70 if(di->conformant_run){
71 /* just a run to handle conformant arrays, no scalars to dissect */
79 return dissect_dcerpc_uint16 (tvb, offset, pinfo,
80 tree, drep, hfindex, pdata);
84 dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
85 proto_tree *tree, char *drep,
86 int hfindex, guint32 *pdata)
90 di=pinfo->private_data;
91 if(di->conformant_run){
92 /* just a run to handle conformant arrays, no scalars to dissect */
98 offset += 4 - (offset % 4);
100 return dissect_dcerpc_uint32 (tvb, offset, pinfo,
101 tree, drep, hfindex, pdata);
105 dissect_ndr_uint64 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
106 proto_tree *tree, char *drep,
107 int hfindex, unsigned char *pdata)
111 di=pinfo->private_data;
112 if(di->conformant_run){
113 /* just a run to handle conformant arrays, no scalars to dissect */
118 offset += 4 - (offset % 4);
120 return dissect_dcerpc_uint64 (tvb, offset, pinfo,
121 tree, drep, hfindex, pdata);
126 dissect_ndr_float(tvbuff_t *tvb, gint offset, packet_info *pinfo,
127 proto_tree *tree, char *drep,
128 int hfindex, gfloat *pdata)
133 di=pinfo->private_data;
134 if(di->conformant_run){
135 /* just a run to handle conformant arrays, no scalars to dissect */
140 offset += 4 - (offset % 4);
142 return dissect_dcerpc_float(tvb, offset, pinfo,
143 tree, drep, hfindex, pdata);
148 dissect_ndr_double(tvbuff_t *tvb, gint offset, packet_info *pinfo,
149 proto_tree *tree, char *drep,
150 int hfindex, gdouble *pdata)
155 di=pinfo->private_data;
156 if(di->conformant_run){
157 /* just a run to handle conformant arrays, no scalars to dissect */
162 offset += 8 - (offset % 8);
164 return dissect_dcerpc_double(tvb, offset, pinfo,
165 tree, drep, hfindex, pdata);
168 /* handles unix 32 bit time_t */
170 dissect_ndr_time_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
171 proto_tree *tree, char *drep,
172 int hfindex, guint32 *pdata)
176 di=pinfo->private_data;
177 if(di->conformant_run){
178 /* just a run to handle conformant arrays, no scalars to dissect */
184 offset += 4 - (offset % 4);
186 return dissect_dcerpc_time_t (tvb, offset, pinfo,
187 tree, drep, hfindex, pdata);
191 dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
192 proto_tree *tree, char *drep,
193 int hfindex, e_uuid_t *pdata)
197 char uuid_str[DCERPC_UUID_STR_LEN];
200 di=pinfo->private_data;
201 if(di->conformant_run){
202 /* just a run to handle conformant arrays, no scalars to dissect */
206 /* uuid's are aligned to 4 bytes, due to initial uint32 in struct */
208 offset += 4 - (offset % 4);
210 dcerpc_tvb_get_uuid (tvb, offset, drep, &uuid);
213 * XXX - look up the UUID to see if it's registered, and use
214 * the name of the protocol? Unfortunately, we need the version
217 uuid_str_len = snprintf(uuid_str, DCERPC_UUID_STR_LEN,
218 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
219 uuid.Data1, uuid.Data2, uuid.Data3,
220 uuid.Data4[0], uuid.Data4[1],
221 uuid.Data4[2], uuid.Data4[3],
222 uuid.Data4[4], uuid.Data4[5],
223 uuid.Data4[6], uuid.Data4[7]);
224 if (uuid_str_len >= DCERPC_UUID_STR_LEN)
225 memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
226 proto_tree_add_string_format (tree, hfindex, tvb, offset, 16,
228 proto_registrar_get_name(hfindex),
238 * XXX - at least according to the DCE RPC 1.1 "nbase.idl", an
239 * "ndr_context_handle" is an unsigned32 "context_handle_attributes"
240 * and a uuid_t "context_handle_uuid". The attributes do not appear to
241 * be used, and always appear to be set to 0, in the DCE RPC 1.1 code.
243 * Should we display an "ndr_context_handle" with a tree holding the
244 * attributes and the uuid_t?
247 dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
248 proto_tree *tree, char *drep,
249 int hfindex, e_ctx_hnd *pdata)
251 static e_ctx_hnd ctx_hnd;
254 di=pinfo->private_data;
255 if(di->conformant_run){
256 /* just a run to handle conformant arrays, no scalars to dissect */
261 offset += 4 - (offset % 4);
263 ctx_hnd.attributes = dcerpc_tvb_get_ntohl (tvb, offset, drep);
264 dcerpc_tvb_get_uuid (tvb, offset+4, drep, &ctx_hnd.uuid);
266 /* Bytes is bytes - don't worry about the data representation */
267 proto_tree_add_item (tree, hfindex, tvb, offset, 20, FALSE);