2 * Routines for SMB Browser packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb-browse.c,v 1.36 2004/01/19 20:10:36 jmayer Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
38 #include <epan/packet.h>
41 #include "packet-smb-browse.h"
42 #include "packet-dcerpc.h"
44 static int proto_smb_browse = -1;
45 static int hf_command = -1;
46 static int hf_update_count = -1;
47 static int hf_periodicity = -1;
48 static int hf_server_name = -1;
49 static int hf_mb_server_name = -1;
50 static int hf_mb_reset_command = -1;
51 static int hf_mb_reset_demote = -1;
52 static int hf_mb_reset_flush = -1;
53 static int hf_mb_reset_stop = -1;
54 static int hf_os_major = -1;
55 static int hf_os_minor = -1;
56 static int hf_server_type = -1;
57 static int hf_server_type_workstation = -1;
58 static int hf_server_type_server = -1;
59 static int hf_server_type_sql = -1;
60 static int hf_server_type_domain = -1;
61 static int hf_server_type_backup = -1;
62 static int hf_server_type_time = -1;
63 static int hf_server_type_apple = -1;
64 static int hf_server_type_novell = -1;
65 static int hf_server_type_member = -1;
66 static int hf_server_type_print = -1;
67 static int hf_server_type_dialin = -1;
68 static int hf_server_type_xenix = -1;
69 static int hf_server_type_ntw = -1;
70 static int hf_server_type_wfw = -1;
71 static int hf_server_type_nts = -1;
72 static int hf_server_type_potentialb = -1;
73 static int hf_server_type_backupb = -1;
74 static int hf_server_type_masterb = -1;
75 static int hf_server_type_domainmasterb = -1;
76 static int hf_server_type_osf = -1;
77 static int hf_server_type_vms = -1;
78 static int hf_server_type_w95 = -1;
79 static int hf_server_type_local = -1;
80 static int hf_server_type_domainenum = -1;
81 static int hf_election_version = -1;
82 static int hf_proto_major = -1;
83 static int hf_proto_minor = -1;
84 static int hf_sig_const = -1;
85 static int hf_server_comment = -1;
86 static int hf_unused_flags = -1;
87 static int hf_response_computer_name = -1;
88 static int hf_election_criteria = -1;
89 static int hf_election_desire = -1;
90 static int hf_election_desire_flags_backup = -1;
91 static int hf_election_desire_flags_standby = -1;
92 static int hf_election_desire_flags_master = -1;
93 static int hf_election_desire_flags_domain_master = -1;
94 static int hf_election_desire_flags_wins = -1;
95 static int hf_election_desire_flags_nt = -1;
96 static int hf_election_revision = -1;
97 static int hf_election_os = -1;
98 static int hf_election_os_wfw = -1;
99 static int hf_election_os_ntw = -1;
100 static int hf_election_os_nts = -1;
101 static int hf_server_uptime = -1;
102 static int hf_backup_count = -1;
103 static int hf_backup_token = -1;
104 static int hf_backup_server = -1;
105 static int hf_browser_to_promote = -1;
107 static gint ett_browse = -1;
108 static gint ett_browse_flags = -1;
109 static gint ett_browse_election_criteria = -1;
110 static gint ett_browse_election_os = -1;
111 static gint ett_browse_election_desire = -1;
112 static gint ett_browse_reset_cmd_flags = -1;
114 #define SERVER_WORKSTATION 0
115 #define SERVER_SERVER 1
116 #define SERVER_SQL_SERVER 2
117 #define SERVER_DOMAIN_CONTROLLER 3
118 #define SERVER_BACKUP_CONTROLLER 4
119 #define SERVER_TIME_SOURCE 5
120 #define SERVER_APPLE_SERVER 6
121 #define SERVER_NOVELL_SERVER 7
122 #define SERVER_DOMAIN_MEMBER_SERVER 8
123 #define SERVER_PRINT_QUEUE_SERVER 9
124 #define SERVER_DIALIN_SERVER 10
125 #define SERVER_XENIX_SERVER 11
126 #define SERVER_NT_WORKSTATION 12
127 #define SERVER_WINDOWS_FOR_WORKGROUPS 13
128 #define SERVER_NT_SERVER 15
129 #define SERVER_POTENTIAL_BROWSER 16
130 #define SERVER_BACKUP_BROWSER 17
131 #define SERVER_MASTER_BROWSER 18
132 #define SERVER_DOMAIN_MASTER_BROWSER 19
133 #define SERVER_OSF 20
134 #define SERVER_VMS 21
135 #define SERVER_WINDOWS_95 22
136 #define SERVER_LOCAL_LIST_ONLY 30
137 #define SERVER_DOMAIN_ENUM 31
139 static const value_string server_types[] = {
140 {SERVER_WORKSTATION, "Workstation"},
141 {SERVER_SERVER, "Server"},
142 {SERVER_SQL_SERVER, "SQL Server"},
143 {SERVER_DOMAIN_CONTROLLER, "Domain Controller"},
144 {SERVER_BACKUP_CONTROLLER, "Backup Controller"},
145 {SERVER_TIME_SOURCE, "Time Source"},
146 {SERVER_APPLE_SERVER, "Apple Server"},
147 {SERVER_NOVELL_SERVER, "Novell Server"},
148 {SERVER_DOMAIN_MEMBER_SERVER, "Domain Member Server"},
149 {SERVER_PRINT_QUEUE_SERVER, "Print Queue Server"},
150 {SERVER_DIALIN_SERVER, "Dialin Server"},
151 {SERVER_XENIX_SERVER, "Xenix Server"},
152 {SERVER_NT_WORKSTATION, "NT Workstation"},
153 {SERVER_WINDOWS_FOR_WORKGROUPS, "Windows for Workgroups"},
154 {SERVER_NT_SERVER, "NT Server"},
155 {SERVER_POTENTIAL_BROWSER, "Potential Browser"},
156 {SERVER_BACKUP_BROWSER, "Backup Browser"},
157 {SERVER_MASTER_BROWSER, "Master Browser"},
158 {SERVER_DOMAIN_MASTER_BROWSER, "Domain Master Browser"},
161 {SERVER_WINDOWS_95, "Windows 95 or above"},
162 {SERVER_LOCAL_LIST_ONLY, "Local List Only"},
163 {SERVER_DOMAIN_ENUM, "Domain Enum"},
167 static const value_string resetbrowserstate_command_names[] = {
168 { 0x01, "Stop being a master browser and become a backup browser"},
169 { 0x02, "Discard browse lists, stop being a master browser, and try again"},
170 { 0x04, "Stop being a master browser for ever"},
174 static true_false_string tfs_demote_to_backup = {
175 "Demote an LMB to a Backup Browser",
176 "Do not demote an LMB to a Backup Browser"
179 static true_false_string tfs_flush_browse_list = {
180 "Flush the Browse List",
181 "Do not Flush the Browse List"
184 static true_false_string tfs_stop_being_lmb = {
185 "Stop Being a Local Master Browser",
186 "Do not Stop Being a Local Master Browser"
189 static const true_false_string tfs_workstation = {
190 "This is a Workstation",
191 "This is NOT a Workstation"
193 static const true_false_string tfs_server = {
195 "This is NOT a Server"
197 static const true_false_string tfs_sql = {
198 "This is an SQL server",
199 "This is NOT an SQL server"
201 static const true_false_string tfs_domain = {
202 "This is a Domain Controller",
203 "This is NOT a Domain Controller"
205 static const true_false_string tfs_backup = {
206 "This is a Backup Controller",
207 "This is NOT a Backup Controller"
209 static const true_false_string tfs_time = {
210 "This is a Time Source",
211 "This is NOT a Time Source"
213 static const true_false_string tfs_apple = {
214 "This is an Apple host",
215 "This is NOT an Apple host"
217 static const true_false_string tfs_novell = {
218 "This is a Novell server",
219 "This is NOT a Novell server"
221 static const true_false_string tfs_member = {
222 "This is a Domain Member server",
223 "This is NOT a Domain Member server"
225 static const true_false_string tfs_print = {
226 "This is a Print Queue server",
227 "This is NOT a Print Queue server"
229 static const true_false_string tfs_dialin = {
230 "This is a Dialin server",
231 "This is NOT a Dialin server"
233 static const true_false_string tfs_xenix = {
234 "This is a Xenix server",
235 "This is NOT a Xenix server"
237 static const true_false_string tfs_ntw = {
238 "This is an NT Workstation",
239 "This is NOT an NT Workstation"
241 static const true_false_string tfs_wfw = {
242 "This is a WfW host",
243 "This is NOT a WfW host"
245 static const true_false_string tfs_nts = {
246 "This is an NT Server",
247 "This is NOT an NT Server"
249 static const true_false_string tfs_potentialb = {
250 "This is a Potential Browser",
251 "This is NOT a Potential Browser"
253 static const true_false_string tfs_backupb = {
254 "This is a Backup Browser",
255 "This is NOT a Backup Browser"
257 static const true_false_string tfs_masterb = {
258 "This is a Master Browser",
259 "This is NOT a Master Browser"
261 static const true_false_string tfs_domainmasterb = {
262 "This is a Domain Master Browser",
263 "This is NOT a Domain Master Browser"
265 static const true_false_string tfs_osf = {
266 "This is an OSF host",
267 "This is NOT an OSF host"
269 static const true_false_string tfs_vms = {
270 "This is a VMS host",
271 "This is NOT a VMS host"
273 static const true_false_string tfs_w95 = {
274 "This is a Windows 95 or above host",
275 "This is NOT a Windows 95 or above host"
277 static const true_false_string tfs_local = {
278 "This is a local list only request",
279 "This is NOT a local list only request"
281 static const true_false_string tfs_domainenum = {
282 "This is a Domain Enum request",
283 "This is NOT a Domain Enum request"
286 #define DESIRE_BACKUP 0
287 #define DESIRE_STANDBY 1
288 #define DESIRE_MASTER 2
289 #define DESIRE_DOMAIN_MASTER 3
290 #define DESIRE_WINS 5
293 static const value_string desire_flags[] = {
294 {DESIRE_BACKUP, "Backup Browse Server"},
295 {DESIRE_STANDBY, "Standby Browse Server"},
296 {DESIRE_MASTER, "Master Browser"},
297 {DESIRE_DOMAIN_MASTER, "Domain Master Browse Server"},
298 {DESIRE_WINS, "WINS Client"},
299 {DESIRE_NT, "Windows NT Advanced Server"},
303 static const true_false_string tfs_desire_backup = {
304 "Backup Browse Server",
305 "NOT Backup Browse Server"
307 static const true_false_string tfs_desire_standby = {
308 "Standby Browse Server",
309 "NOT Standby Browse Server"
311 static const true_false_string tfs_desire_master = {
315 static const true_false_string tfs_desire_domain_master = {
316 "Domain Master Browse Server",
317 "NOT Domain Master Browse Server"
319 static const true_false_string tfs_desire_wins = {
323 static const true_false_string tfs_desire_nt = {
324 "Windows NT Advanced Server",
325 "NOT Windows NT Advanced Server"
328 #define BROWSE_HOST_ANNOUNCE 1
329 #define BROWSE_REQUEST_ANNOUNCE 2
330 #define BROWSE_ELECTION_REQUEST 8
331 #define BROWSE_BACKUP_LIST_REQUEST 9
332 #define BROWSE_BACKUP_LIST_RESPONSE 10
333 #define BROWSE_BECOME_BACKUP 11
334 #define BROWSE_DOMAIN_ANNOUNCEMENT 12
335 #define BROWSE_MASTER_ANNOUNCEMENT 13
336 #define BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT 14
337 #define BROWSE_LOCAL_MASTER_ANNOUNCEMENT 15
339 static const value_string commands[] = {
340 {BROWSE_HOST_ANNOUNCE, "Host Announcement"},
341 {BROWSE_REQUEST_ANNOUNCE, "Request Announcement"},
342 {BROWSE_ELECTION_REQUEST, "Browser Election Request"},
343 {BROWSE_BACKUP_LIST_REQUEST, "Get Backup List Request"},
344 {BROWSE_BACKUP_LIST_RESPONSE, "Get Backup List Response"},
345 {BROWSE_BECOME_BACKUP, "Become Backup Browser"},
346 {BROWSE_DOMAIN_ANNOUNCEMENT, "Domain/Workgroup Announcement"},
347 {BROWSE_MASTER_ANNOUNCEMENT, "Master Announcement"},
348 {BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT, "Reset Browser State Announcement"},
349 {BROWSE_LOCAL_MASTER_ANNOUNCEMENT,"Local Master Announcement"},
357 static const value_string os_flags[] = {
358 {OS_WFW, "Windows for Workgroups"},
359 {OS_NTW, "Windows NT Workstation"},
360 {OS_NTS, "Windows NT Server"},
364 static const true_false_string tfs_os_wfw = {
365 "Windows for Workgroups",
366 "Not Windows for Workgroups"
368 static const true_false_string tfs_os_ntw = {
369 "Windows NT Workstation",
370 "Not Windows NT Workstation"
372 static const true_false_string tfs_os_nts = {
374 "Not Windows NT Server"
378 dissect_election_criterion_os(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
380 proto_tree *tree = NULL;
381 proto_item *item = NULL;
384 os = tvb_get_guint8(tvb, offset);
387 item = proto_tree_add_uint(parent_tree, hf_election_os, tvb, offset, 1, os);
388 tree = proto_item_add_subtree(item, ett_browse_election_os);
391 proto_tree_add_boolean(tree, hf_election_os_wfw,
393 proto_tree_add_boolean(tree, hf_election_os_ntw,
395 proto_tree_add_boolean(tree, hf_election_os_nts,
401 dissect_election_criterion_desire(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
403 proto_tree *tree = NULL;
404 proto_item *item = NULL;
407 desire = tvb_get_guint8(tvb, offset);
410 item = proto_tree_add_uint(parent_tree, hf_election_desire, tvb, offset, 1, desire);
411 tree = proto_item_add_subtree(item, ett_browse_election_desire);
414 proto_tree_add_boolean(tree, hf_election_desire_flags_backup,
415 tvb, offset, 1, desire);
416 proto_tree_add_boolean(tree, hf_election_desire_flags_standby,
417 tvb, offset, 1, desire);
418 proto_tree_add_boolean(tree, hf_election_desire_flags_master,
419 tvb, offset, 1, desire);
420 proto_tree_add_boolean(tree, hf_election_desire_flags_domain_master,
421 tvb, offset, 1, desire);
422 proto_tree_add_boolean(tree, hf_election_desire_flags_wins,
423 tvb, offset, 1, desire);
424 proto_tree_add_boolean(tree, hf_election_desire_flags_nt,
425 tvb, offset, 1, desire);
430 dissect_election_criterion(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
432 proto_tree *tree = NULL;
433 proto_item *item = NULL;
436 criterion = tvb_get_letohl(tvb, offset);
439 item = proto_tree_add_uint(parent_tree, hf_election_criteria, tvb, offset, 4, criterion);
440 tree = proto_item_add_subtree(item, ett_browse_election_criteria);
443 /* election desire */
444 dissect_election_criterion_desire(tvb, tree, offset);
447 /* browser protocol major version */
448 proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, TRUE);
451 /* browser protocol minor version */
452 proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, TRUE);
456 dissect_election_criterion_os(tvb, tree, offset);
462 * XXX - this causes non-browser packets to have browser fields.
465 dissect_smb_server_type_flags(tvbuff_t *tvb, int offset, packet_info *pinfo,
466 proto_tree *parent_tree, guint8 *drep,
469 proto_tree *tree = NULL;
470 proto_item *item = NULL;
476 * Called from a DCE RPC protocol dissector, for a
477 * protocol where a 32-bit NDR integer contains
478 * an server type mask; extract the server type mask
481 offset = dissect_ndr_uint32(
482 tvb, offset, pinfo, tree, drep, hf_server_type, &flags);
485 * Called from SMB browser or RAS, where the server type
486 * mask is just a 4-byte little-endian quantity with no
487 * special NDR alignment requirement; extract it with
488 * "tvb_get_letohl()".
490 flags = tvb_get_letohl(tvb, offset);
495 item = proto_tree_add_uint(parent_tree, hf_server_type, tvb, offset, 4, flags);
496 tree = proto_item_add_subtree(item, ett_browse_flags);
500 /* Append the type(s) of the system to the COL_INFO line ... */
501 if (check_col(pinfo->cinfo, COL_INFO)) {
502 for (i = 0; i < 32; i++) {
503 if (flags & (1<<i)) {
504 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
505 val_to_str(i, server_types,
506 "Unknown server type:%d"));
512 proto_tree_add_boolean(tree, hf_server_type_workstation,
513 tvb, offset, 4, flags);
514 proto_tree_add_boolean(tree, hf_server_type_server,
515 tvb, offset, 4, flags);
516 proto_tree_add_boolean(tree, hf_server_type_sql,
517 tvb, offset, 4, flags);
518 proto_tree_add_boolean(tree, hf_server_type_domain,
519 tvb, offset, 4, flags);
520 proto_tree_add_boolean(tree, hf_server_type_backup,
521 tvb, offset, 4, flags);
522 proto_tree_add_boolean(tree, hf_server_type_time,
523 tvb, offset, 4, flags);
524 proto_tree_add_boolean(tree, hf_server_type_apple,
525 tvb, offset, 4, flags);
526 proto_tree_add_boolean(tree, hf_server_type_novell,
527 tvb, offset, 4, flags);
528 proto_tree_add_boolean(tree, hf_server_type_member,
529 tvb, offset, 4, flags);
530 proto_tree_add_boolean(tree, hf_server_type_print,
531 tvb, offset, 4, flags);
532 proto_tree_add_boolean(tree, hf_server_type_dialin,
533 tvb, offset, 4, flags);
534 proto_tree_add_boolean(tree, hf_server_type_xenix,
535 tvb, offset, 4, flags);
536 proto_tree_add_boolean(tree, hf_server_type_ntw,
537 tvb, offset, 4, flags);
538 proto_tree_add_boolean(tree, hf_server_type_wfw,
539 tvb, offset, 4, flags);
540 proto_tree_add_boolean(tree, hf_server_type_nts,
541 tvb, offset, 4, flags);
542 proto_tree_add_boolean(tree, hf_server_type_potentialb,
543 tvb, offset, 4, flags);
544 proto_tree_add_boolean(tree, hf_server_type_backupb,
545 tvb, offset, 4, flags);
546 proto_tree_add_boolean(tree, hf_server_type_masterb,
547 tvb, offset, 4, flags);
548 proto_tree_add_boolean(tree, hf_server_type_domainmasterb,
549 tvb, offset, 4, flags);
550 proto_tree_add_boolean(tree, hf_server_type_osf,
551 tvb, offset, 4, flags);
552 proto_tree_add_boolean(tree, hf_server_type_vms,
553 tvb, offset, 4, flags);
554 proto_tree_add_boolean(tree, hf_server_type_w95,
555 tvb, offset, 4, flags);
556 proto_tree_add_boolean(tree, hf_server_type_local,
557 tvb, offset, 4, flags);
558 proto_tree_add_boolean(tree, hf_server_type_domainenum,
559 tvb, offset, 4, flags);
566 dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
570 proto_tree *tree = NULL;
571 proto_item *item = NULL;
573 guint8 host_name[17];
575 guint8 server_count, reset_cmd;
579 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
580 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
582 if (check_col(pinfo->cinfo, COL_INFO)) {
583 col_clear(pinfo->cinfo, COL_INFO);
586 cmd = tvb_get_guint8(tvb, offset);
588 if (check_col(pinfo->cinfo, COL_INFO)) {
589 /* Put in something, and replace it later */
590 col_set_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));
595 item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, TRUE);
597 tree = proto_item_add_subtree(item, ett_browse);
601 proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
605 case BROWSE_DOMAIN_ANNOUNCEMENT:
606 case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
607 case BROWSE_HOST_ANNOUNCE: {
609 proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, TRUE);
612 /* periodicity (in milliseconds) */
613 periodicity = tvb_get_letohl(tvb, offset);
614 proto_tree_add_uint_format(tree, hf_periodicity, tvb, offset, 4,
616 "Update Periodicity: %s",
617 time_msecs_to_str(periodicity));
621 tvb_get_nstringz0(tvb, offset, sizeof(host_name), host_name);
622 if (check_col(pinfo->cinfo, COL_INFO)) {
623 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);
625 proto_tree_add_string_format(tree, hf_server_name,
628 (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
629 "Domain/Workgroup: %s":
634 /* OS major version */
635 proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, TRUE);
638 /* OS minor version */
639 proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, TRUE);
642 /* server type flags */
643 offset = dissect_smb_server_type_flags(
644 tvb, offset, pinfo, tree, NULL, TRUE);
646 if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT) {
648 * Network Monitor claims this is a "Comment
649 * Pointer". I don't believe it.
651 * It's not a browser protocol major/minor
652 * version number, and signature constant,
655 proto_tree_add_text(tree, tvb, offset, 4,
656 "Mysterious Field: 0x%08x",
657 tvb_get_letohl(tvb, offset));
660 /* browser protocol major version */
661 proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, TRUE);
664 /* browser protocol minor version */
665 proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, TRUE);
668 /* signature constant */
669 proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, TRUE);
673 /* master browser server name or server comment */
674 namelen = tvb_strsize(tvb, offset);
675 proto_tree_add_item(tree,
676 (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
677 hf_mb_server_name : hf_server_comment,
678 tvb, offset, namelen, TRUE);
682 case BROWSE_REQUEST_ANNOUNCE: {
683 guint8 *computer_name;
685 /* unused/unknown flags */
686 proto_tree_add_item(tree, hf_unused_flags,
687 tvb, offset, 1, TRUE);
690 /* name of computer to which to send reply */
691 computer_name = tvb_get_stringz(tvb, offset, &namelen);
692 proto_tree_add_string(tree, hf_response_computer_name,
693 tvb, offset, namelen, computer_name);
694 if (check_col(pinfo->cinfo, COL_INFO))
696 pinfo->cinfo, COL_INFO, " %s", computer_name);
697 g_free(computer_name);
702 case BROWSE_ELECTION_REQUEST:
703 /* election version */
704 proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, TRUE);
708 dissect_election_criterion(tvb, tree, offset);
712 uptime = tvb_get_letohl(tvb, offset);
713 proto_tree_add_uint_format(tree, hf_server_uptime,
714 tvb, offset, 4, uptime,
716 time_msecs_to_str(uptime));
719 /* next 4 bytes must be zero */
723 namelen = tvb_strsize(tvb, offset);
724 proto_tree_add_item(tree, hf_server_name,
725 tvb, offset, namelen, TRUE);
729 case BROWSE_BACKUP_LIST_REQUEST:
730 /* backup list requested count */
731 proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, TRUE);
734 /* backup requested token */
735 proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, TRUE);
739 case BROWSE_BACKUP_LIST_RESPONSE:
740 /* backup list requested count */
741 server_count = tvb_get_guint8(tvb, offset);
742 proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1,
746 /* backup requested token */
747 proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, TRUE);
750 /* backup server names */
751 for (i = 0; i < server_count; i++) {
752 namelen = tvb_strsize(tvb, offset);
753 proto_tree_add_item(tree, hf_backup_server,
754 tvb, offset, namelen, TRUE);
759 case BROWSE_MASTER_ANNOUNCEMENT:
760 /* master browser server name */
761 namelen = tvb_strsize(tvb, offset);
762 proto_tree_add_item(tree, hf_mb_server_name,
763 tvb, offset, namelen, TRUE);
767 case BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT: {
768 proto_tree *sub_tree;
769 proto_item *reset_item;
771 /* the subcommand follows ... one of three values */
773 reset_cmd = tvb_get_guint8(tvb, offset);
774 reset_item = proto_tree_add_uint(tree, hf_mb_reset_command, tvb,
775 offset, 1, reset_cmd);
776 sub_tree = proto_item_add_subtree(item, ett_browse_reset_cmd_flags);
777 proto_tree_add_boolean(sub_tree, hf_mb_reset_demote, tvb,
778 offset, 1, reset_cmd);
779 proto_tree_add_boolean(sub_tree, hf_mb_reset_flush, tvb,
780 offset, 1, reset_cmd);
781 proto_tree_add_boolean(sub_tree, hf_mb_reset_stop, tvb,
782 offset, 1, reset_cmd);
787 case BROWSE_BECOME_BACKUP:
788 /* name of browser to promote */
789 namelen = tvb_strsize(tvb, offset);
790 proto_tree_add_item(tree, hf_browser_to_promote,
791 tvb, offset, namelen, TRUE);
798 * It appears that browser announcements sent to \MAILSLOT\LANMAN aren't
799 * the same as browser announcements sent to \MAILSLOT\BROWSE.
800 * Was that an older version of the protocol?
804 * http://www.samba.org/samba/ftp/specs/brow_rev.txt
806 * gives both formats of host announcement packets, saying that
807 * "[The first] format seems wrong", that one being what appears to
808 * show up in \MAILSLOT\LANMAN packets, and that "[The second one]
809 * may be better", that one being what appears to show up in
810 * \MAILSLOT\BROWSE packets.
812 * XXX - what other browser packets go out to that mailslot?
815 dissect_mailslot_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
819 proto_tree *tree = NULL;
820 proto_item *item = NULL;
822 const guint8 *host_name;
825 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
826 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
828 if (check_col(pinfo->cinfo, COL_INFO)) {
829 col_clear(pinfo->cinfo, COL_INFO);
832 cmd = tvb_get_guint8(tvb, offset);
834 if (check_col(pinfo->cinfo, COL_INFO)) {
835 /* Put in something, and replace it later */
836 col_set_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));
841 item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, TRUE);
843 tree = proto_item_add_subtree(item, ett_browse);
847 proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
851 case BROWSE_DOMAIN_ANNOUNCEMENT:
852 case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
853 case BROWSE_HOST_ANNOUNCE:
856 proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, TRUE);
859 /* server type flags */
860 offset = dissect_smb_server_type_flags(
861 tvb, offset, pinfo, tree, NULL, TRUE);
863 /* OS major version */
864 proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, TRUE);
867 /* OS minor version */
868 proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, TRUE);
871 /* periodicity (in seconds; convert to milliseconds) */
872 periodicity = tvb_get_letohs(tvb, offset)*1000;
873 proto_tree_add_uint_format(tree, hf_periodicity, tvb, offset, 2,
875 "Update Periodicity: %s",
876 time_msecs_to_str(periodicity));
880 namelen = tvb_strsize(tvb, offset);
881 host_name = tvb_get_ptr(tvb, offset, namelen);
882 if (check_col(pinfo->cinfo, COL_INFO)) {
883 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);
885 proto_tree_add_item(tree, hf_server_name,
886 tvb, offset, namelen, TRUE);
889 /* master browser server name or server comment */
890 namelen = tvb_strsize(tvb, offset);
891 proto_tree_add_item(tree,
892 (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
893 hf_mb_server_name : hf_server_comment,
894 tvb, offset, namelen, TRUE);
901 proto_register_smb_browse(void)
903 static hf_register_info hf[] = {
905 { "Command", "browser.command", FT_UINT8, BASE_HEX,
906 VALS(commands), 0, "Browse command opcode", HFILL }},
909 { "Update Count", "browser.update_count", FT_UINT8, BASE_DEC,
910 NULL, 0, "Browse Update Count", HFILL }},
913 { "Update Periodicity", "browser.period", FT_UINT32, BASE_DEC,
914 NULL, 0, "Update Periodicity in ms", HFILL }},
917 { "Server Name", "browser.server", FT_STRING, BASE_NONE,
918 NULL, 0, "BROWSE Server Name", HFILL }},
920 { &hf_mb_server_name,
921 { "Master Browser Server Name", "browser.mb_server", FT_STRING, BASE_NONE,
922 NULL, 0, "BROWSE Master Browser Server Name", HFILL }},
924 { &hf_mb_reset_command,
925 { "ResetBrowserState Command", "browser.reset_cmd", FT_UINT8,
926 BASE_HEX, VALS(&resetbrowserstate_command_names), 0,
927 "ResetBrowserState Command", HFILL }},
928 { &hf_mb_reset_demote,
929 { "Demote LMB", "browser.reset_cmd.demote", FT_BOOLEAN,
930 8, TFS(&tfs_demote_to_backup), 0x01, "Demote LMB", HFILL}},
931 { &hf_mb_reset_flush,
932 { "Flush Browse List", "browser.reset_cmd.flush", FT_BOOLEAN,
933 8, TFS(&tfs_flush_browse_list), 0x02, "Flush Browse List", HFILL}},
935 { "Stop Being LMB", "browser.reset_cmd.stop_lmb", FT_BOOLEAN,
936 8, TFS(&tfs_stop_being_lmb), 0x04, "Stop Being LMB", HFILL}},
938 { "OS Major Version", "browser.os_major", FT_UINT8, BASE_DEC,
939 NULL, 0, "Operating System Major Version", HFILL }},
942 { "OS Minor Version", "browser.os_minor", FT_UINT8, BASE_DEC,
943 NULL, 0, "Operating System Minor Version", HFILL }},
946 { "Server Type", "browser.server_type", FT_UINT32, BASE_HEX,
947 NULL, 0, "Server Type Flags", HFILL }},
949 { &hf_server_type_workstation,
950 { "Workstation", "browser.server_type.workstation", FT_BOOLEAN, 32,
951 TFS(&tfs_workstation), 1<<SERVER_WORKSTATION, "Is This A Workstation?", HFILL }},
953 { &hf_server_type_server,
954 { "Server", "browser.server_type.server", FT_BOOLEAN, 32,
955 TFS(&tfs_server), 1<<SERVER_SERVER, "Is This A Server?", HFILL }},
957 { &hf_server_type_sql,
958 { "SQL", "browser.server_type.sql", FT_BOOLEAN, 32,
959 TFS(&tfs_sql), 1<<SERVER_SQL_SERVER, "Is This A SQL Server?", HFILL }},
961 { &hf_server_type_domain,
962 { "Domain Controller", "browser.server_type.domain_controller", FT_BOOLEAN, 32,
963 TFS(&tfs_domain), 1<<SERVER_DOMAIN_CONTROLLER, "Is This A Domain Controller?", HFILL }},
965 { &hf_server_type_backup,
966 { "Backup Controller", "browser.server_type.backup_controller", FT_BOOLEAN, 32,
967 TFS(&tfs_backup), 1<<SERVER_BACKUP_CONTROLLER, "Is This A Backup Domain Controller?", HFILL }},
969 { &hf_server_type_time,
970 { "Time Source", "browser.server_type.time", FT_BOOLEAN, 32,
971 TFS(&tfs_time), 1<<SERVER_TIME_SOURCE, "Is This A Time Source?", HFILL }},
973 { &hf_server_type_apple,
974 { "Apple", "browser.server_type.apple", FT_BOOLEAN, 32,
975 TFS(&tfs_apple), 1<<SERVER_APPLE_SERVER, "Is This An Apple Server ?", HFILL }},
977 { &hf_server_type_novell,
978 { "Novell", "browser.server_type.novell", FT_BOOLEAN, 32,
979 TFS(&tfs_novell), 1<<SERVER_NOVELL_SERVER, "Is This A Novell Server?", HFILL }},
981 { &hf_server_type_member,
982 { "Member", "browser.server_type.member", FT_BOOLEAN, 32,
983 TFS(&tfs_member), 1<<SERVER_DOMAIN_MEMBER_SERVER, "Is This A Domain Member Server?", HFILL }},
985 { &hf_server_type_print,
986 { "Print", "browser.server_type.print", FT_BOOLEAN, 32,
987 TFS(&tfs_print), 1<<SERVER_PRINT_QUEUE_SERVER, "Is This A Print Server?", HFILL }},
989 { &hf_server_type_dialin,
990 { "Dialin", "browser.server_type.dialin", FT_BOOLEAN, 32,
991 TFS(&tfs_dialin), 1<<SERVER_DIALIN_SERVER, "Is This A Dialin Server?", HFILL }},
993 { &hf_server_type_xenix,
994 { "Xenix", "browser.server_type.xenix", FT_BOOLEAN, 32,
995 TFS(&tfs_xenix), 1<<SERVER_XENIX_SERVER, "Is This A Xenix Server?", HFILL }},
997 { &hf_server_type_ntw,
998 { "NT Workstation", "browser.server_type.ntw", FT_BOOLEAN, 32,
999 TFS(&tfs_ntw), 1<<SERVER_NT_WORKSTATION, "Is This A NT Workstation?", HFILL }},
1001 { &hf_server_type_wfw,
1002 { "WfW", "browser.server_type.wfw", FT_BOOLEAN, 32,
1003 TFS(&tfs_wfw), 1<<SERVER_WINDOWS_FOR_WORKGROUPS, "Is This A Windows For Workgroups Server?", HFILL }},
1005 { &hf_server_type_nts,
1006 { "NT Server", "browser.server_type.nts", FT_BOOLEAN, 32,
1007 TFS(&tfs_nts), 1<<SERVER_NT_SERVER, "Is This A NT Server?", HFILL }},
1009 { &hf_server_type_potentialb,
1010 { "Potential Browser", "browser.server_type.browser.potential", FT_BOOLEAN, 32,
1011 TFS(&tfs_potentialb), 1<<SERVER_POTENTIAL_BROWSER, "Is This A Potential Browser?", HFILL }},
1013 { &hf_server_type_backupb,
1014 { "Backup Browser", "browser.server_type.browser.backup", FT_BOOLEAN, 32,
1015 TFS(&tfs_backupb), 1<<SERVER_BACKUP_BROWSER, "Is This A Backup Browser?", HFILL }},
1017 { &hf_server_type_masterb,
1018 { "Master Browser", "browser.server_type.browser.master", FT_BOOLEAN, 32,
1019 TFS(&tfs_masterb), 1<<SERVER_MASTER_BROWSER, "Is This A Master Browser?", HFILL }},
1021 { &hf_server_type_domainmasterb,
1022 { "Domain Master Browser", "browser.server_type.browser.domain_master", FT_BOOLEAN, 32,
1023 TFS(&tfs_domainmasterb), 1<<SERVER_DOMAIN_MASTER_BROWSER, "Is This A Domain Master Browser?", HFILL }},
1025 { &hf_server_type_osf,
1026 { "OSF", "browser.server_type.osf", FT_BOOLEAN, 32,
1027 TFS(&tfs_osf), 1<<SERVER_OSF, "Is This An OSF server ?", HFILL }},
1029 { &hf_server_type_vms,
1030 { "VMS", "browser.server_type.vms", FT_BOOLEAN, 32,
1031 TFS(&tfs_vms), 1<<SERVER_VMS, "Is This A VMS Server?", HFILL }},
1033 { &hf_server_type_w95,
1034 { "Windows 95+", "browser.server_type.w95", FT_BOOLEAN, 32,
1035 TFS(&tfs_w95), 1<<SERVER_WINDOWS_95, "Is This A Windows 95 or above server?", HFILL }},
1037 { &hf_server_type_local,
1038 { "Local", "browser.server_type.local", FT_BOOLEAN, 32,
1039 TFS(&tfs_local), 1<<SERVER_LOCAL_LIST_ONLY, "Is This A Local List Only request?", HFILL }},
1041 { &hf_server_type_domainenum,
1042 { "Domain Enum", "browser.server_type.domainenum", FT_BOOLEAN, 32,
1043 TFS(&tfs_domainenum), 1<<SERVER_DOMAIN_ENUM, "Is This A Domain Enum request?", HFILL }},
1045 { &hf_election_version,
1046 { "Election Version", "browser.election.version", FT_UINT8, BASE_DEC,
1047 NULL, 0, "Election Version", HFILL }},
1050 { "Browser Protocol Major Version", "browser.proto_major", FT_UINT8, BASE_DEC,
1051 NULL, 0, "Browser Protocol Major Version", HFILL }},
1054 { "Browser Protocol Minor Version", "browser.proto_minor", FT_UINT8, BASE_DEC,
1055 NULL, 0, "Browser Protocol Minor Version", HFILL }},
1058 { "Signature", "browser.sig", FT_UINT16, BASE_HEX,
1059 NULL, 0, "Signature Constant", HFILL }},
1061 { &hf_server_comment,
1062 { "Host Comment", "browser.comment", FT_STRINGZ, BASE_NONE,
1063 NULL, 0, "Server Comment", HFILL }},
1066 { "Unused flags", "browser.unused", FT_UINT8, BASE_HEX,
1067 NULL, 0, "Unused/unknown flags", HFILL }},
1069 { &hf_response_computer_name,
1070 { "Response Computer Name", "browser.response_computer_name", FT_STRINGZ, BASE_NONE,
1071 NULL, 0, "Response Computer Name", HFILL }},
1073 { &hf_election_criteria,
1074 { "Election Criteria", "browser.election.criteria", FT_UINT32, BASE_HEX,
1075 NULL, 0, "Election Criteria", HFILL }},
1077 { &hf_election_desire,
1078 { "Election Desire", "browser.election.desire", FT_UINT8, BASE_HEX,
1079 NULL, 0, "Election Desire", HFILL }},
1081 { &hf_election_desire_flags_backup,
1082 { "Backup", "browser.election.desire.backup", FT_BOOLEAN, 8,
1083 TFS(&tfs_desire_backup), 1<<DESIRE_BACKUP, "Is this a backup server", HFILL }},
1085 { &hf_election_desire_flags_standby,
1086 { "Standby", "browser.election.desire.standby", FT_BOOLEAN, 8,
1087 TFS(&tfs_desire_standby), 1<<DESIRE_STANDBY, "Is this a standby server?", HFILL }},
1089 { &hf_election_desire_flags_master,
1090 { "Master", "browser.election.desire.master", FT_BOOLEAN, 8,
1091 TFS(&tfs_desire_master), 1<<DESIRE_MASTER, "Is this a master server", HFILL }},
1093 { &hf_election_desire_flags_domain_master,
1094 { "Domain Master", "browser.election.desire.domain_master", FT_BOOLEAN, 8,
1095 TFS(&tfs_desire_domain_master), 1<<DESIRE_DOMAIN_MASTER, "Is this a domain master", HFILL }},
1097 { &hf_election_desire_flags_wins,
1098 { "WINS", "browser.election.desire.wins", FT_BOOLEAN, 8,
1099 TFS(&tfs_desire_wins), 1<<DESIRE_WINS, "Is this a WINS server", HFILL }},
1101 { &hf_election_desire_flags_nt,
1102 { "NT", "browser.election.desire.nt", FT_BOOLEAN, 8,
1103 TFS(&tfs_desire_nt), 1<<DESIRE_NT, "Is this a NT server", HFILL }},
1105 { &hf_election_revision,
1106 { "Election Revision", "browser.election.revision", FT_UINT16, BASE_DEC,
1107 NULL, 0, "Election Revision", HFILL }},
1110 { "Election OS", "browser.election.os", FT_UINT8, BASE_HEX,
1111 NULL, 0, "Election OS", HFILL }},
1113 { &hf_election_os_wfw,
1114 { "WfW", "browser.election.os.wfw", FT_BOOLEAN, 8,
1115 TFS(&tfs_os_wfw), 1<<OS_WFW, "Is this a WfW host?", HFILL }},
1117 { &hf_election_os_ntw,
1118 { "NT Workstation", "browser.election.os.ntw", FT_BOOLEAN, 8,
1119 TFS(&tfs_os_ntw), 1<<OS_NTW, "Is this a NT Workstation?", HFILL }},
1121 { &hf_election_os_nts,
1122 { "NT Server", "browser.election.os.nts", FT_BOOLEAN, 8,
1123 TFS(&tfs_os_nts), 1<<OS_NTS, "Is this a NT Server?", HFILL }},
1125 { &hf_server_uptime,
1126 { "Uptime", "browser.uptime", FT_UINT32, BASE_DEC,
1127 NULL, 0, "Server uptime in ms", HFILL }},
1130 { "Backup List Requested Count", "browser.backup.count", FT_UINT8, BASE_DEC,
1131 NULL, 0, "Backup list requested count", HFILL }},
1134 { "Backup Request Token", "browser.backup.token", FT_UINT32, BASE_DEC,
1135 NULL, 0, "Backup requested/response token", HFILL }},
1137 { &hf_backup_server,
1138 { "Backup Server", "browser.backup.server", FT_STRING, BASE_NONE,
1139 NULL, 0, "Backup Server Name", HFILL }},
1141 { &hf_browser_to_promote,
1142 { "Browser to Promote", "browser.browser_to_promote", FT_STRINGZ, BASE_NONE,
1143 NULL, 0, "Browser to Promote", HFILL }},
1147 static gint *ett[] = {
1150 &ett_browse_election_criteria,
1151 &ett_browse_election_os,
1152 &ett_browse_election_desire,
1153 &ett_browse_reset_cmd_flags,
1156 proto_smb_browse = proto_register_protocol("Microsoft Windows Browser Protocol",
1157 "BROWSER", "browser");
1159 proto_register_field_array(proto_smb_browse, hf, array_length(hf));
1160 proto_register_subtree_array(ett, array_length(ett));
1162 register_dissector("mailslot_browse", dissect_mailslot_browse,
1164 register_dissector("mailslot_lanman", dissect_mailslot_lanman,
git.samba.org / obnox / wireshark / wip.git / blob