2 * Routines for MSX mapi packet dissection
4 * $Id: packet-mapi.c,v 1.16 2001/06/18 02:17:48 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@zing.org>
8 * Copyright 1998 Gerald Combs
10 * Copied from packet-tftp.c
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
33 #ifdef HAVE_SYS_TYPES_H
34 # include <sys/types.h>
37 #ifdef HAVE_NETINET_IN_H
38 # include <netinet/in.h>
45 static int proto_mapi = -1;
46 static int hf_mapi_request = -1;
47 static int hf_mapi_response = -1;
49 static gint ett_mapi = -1;
51 #define TCP_PORT_MAPI 1065
54 dissect_mapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
56 proto_tree *mapi_tree, *ti;
58 if (check_col(pinfo->fd, COL_PROTOCOL))
59 col_set_str(pinfo->fd, COL_PROTOCOL, "MAPI");
61 if (check_col(pinfo->fd, COL_INFO))
63 col_add_fstr(pinfo->fd, COL_INFO, "%s",
64 (pinfo->match_port == pinfo->destport) ? "Request" : "Response");
68 * XXX - MAPI is based on MS RPC, i.e. on DCE RPC.
69 * Unfortunately, at least as I read the DCE RPC 1.1 spec's
70 * description of RPC PDUs, not all PDUs necessarily have
71 * an interface UUID for connection-oriented RPC, and MAPI
72 * runs over TCP - i.e., it uses connection-oriented RPC - so if
73 * somebody ever does a dissector for the MAPI RPC calls,
74 * it's not clear how we'd arrange to call that dissector for
75 * MAPI calls if we haven't seen a bind operation.
77 * Currently, the DCE RPC dissector doesn't dissect enough
78 * to determine what service is being called, so without
79 * a dissector for the TCP port TCP_PORT_MAPI, MAPI traffic
80 * would just be identified as DCE RPC traffic, and, as per
81 * the above, even if the DCE RPC dissector did dissect enough
82 * to determine what service is being called, we might still
83 * need to check the port number to recognize MAPI traffic.
87 ti = proto_tree_add_item(tree, proto_mapi, tvb, 0,
88 tvb_length(tvb), FALSE);
89 mapi_tree = proto_item_add_subtree(ti, ett_mapi);
91 if (pinfo->match_port == pinfo->destport)
93 proto_tree_add_boolean_hidden(mapi_tree, hf_mapi_request, tvb,
94 0, tvb_length(tvb), TRUE);
95 proto_tree_add_text(mapi_tree, tvb, 0,
96 tvb_length(tvb), "Request: <opaque data>" );
100 proto_tree_add_boolean_hidden(mapi_tree, hf_mapi_response, tvb,
101 0, tvb_length(tvb), TRUE);
102 proto_tree_add_text(mapi_tree, tvb, 0,
103 tvb_length(tvb), "Response: <opaque data>");
109 proto_register_mapi(void)
111 static hf_register_info hf[] = {
113 { "Response", "mapi.response",
114 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
115 "TRUE if MAPI response", HFILL }},
118 { "Request", "mapi.request",
119 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
120 "TRUE if MAPI request", HFILL }}
123 static gint *ett[] = {
126 proto_mapi = proto_register_protocol("MAPI", "MAPI", "mapi");
127 proto_register_field_array(proto_mapi, hf, array_length(hf));
128 proto_register_subtree_array(ett, array_length(ett));
132 proto_reg_handoff_mapi(void)
134 dissector_add("tcp.port", TCP_PORT_MAPI, dissect_mapi, proto_mapi);