2 * Routines for MSX mapi packet dissection
4 * $Id: packet-mapi.c,v 1.20 2002/01/24 09:20:49 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * Copied from packet-tftp.c
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
33 #ifdef HAVE_SYS_TYPES_H
34 # include <sys/types.h>
37 #ifdef HAVE_NETINET_IN_H
38 # include <netinet/in.h>
43 #include <epan/packet.h>
45 static int proto_mapi = -1;
46 static int hf_mapi_request = -1;
47 static int hf_mapi_response = -1;
49 static gint ett_mapi = -1;
51 #define TCP_PORT_MAPI 1065
54 dissect_mapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
56 proto_tree *mapi_tree, *ti;
58 if (check_col(pinfo->cinfo, COL_PROTOCOL))
59 col_set_str(pinfo->cinfo, COL_PROTOCOL, "MAPI");
61 if (check_col(pinfo->cinfo, COL_INFO))
63 col_add_fstr(pinfo->cinfo, COL_INFO, "%s",
64 (pinfo->match_port == pinfo->destport) ? "Request" : "Response");
68 * XXX - MAPI is based on MS RPC, i.e. on DCE RPC.
69 * Unfortunately, at least as I read the DCE RPC 1.1 spec's
70 * description of RPC PDUs, not all PDUs necessarily have
71 * an interface UUID for connection-oriented RPC, and MAPI
72 * runs over TCP - i.e., it uses connection-oriented RPC - so if
73 * somebody ever does a dissector for the MAPI RPC calls,
74 * it's not clear how we'd arrange to call that dissector for
75 * MAPI calls if we haven't seen a bind operation.
77 * Currently, the DCE RPC dissector doesn't dissect enough
78 * to determine what service is being called, so without
79 * a dissector for the TCP port TCP_PORT_MAPI, MAPI traffic
80 * would just be identified as DCE RPC traffic, and, as per
81 * the above, even if the DCE RPC dissector did dissect enough
82 * to determine what service is being called, we might still
83 * need to check the port number to recognize MAPI traffic.
87 ti = proto_tree_add_item(tree, proto_mapi, tvb, 0, -1, FALSE);
88 mapi_tree = proto_item_add_subtree(ti, ett_mapi);
90 if (pinfo->match_port == pinfo->destport)
92 proto_tree_add_boolean_hidden(mapi_tree, hf_mapi_request, tvb,
94 proto_tree_add_text(mapi_tree, tvb, 0, -1,
95 "Request: <opaque data>" );
99 proto_tree_add_boolean_hidden(mapi_tree, hf_mapi_response, tvb,
101 proto_tree_add_text(mapi_tree, tvb, 0, -1,
102 "Response: <opaque data>");
108 proto_register_mapi(void)
110 static hf_register_info hf[] = {
112 { "Response", "mapi.response",
113 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
114 "TRUE if MAPI response", HFILL }},
117 { "Request", "mapi.request",
118 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
119 "TRUE if MAPI request", HFILL }}
122 static gint *ett[] = {
125 proto_mapi = proto_register_protocol("MAPI", "MAPI", "mapi");
126 proto_register_field_array(proto_mapi, hf, array_length(hf));
127 proto_register_subtree_array(ett, array_length(ett));
131 proto_reg_handoff_mapi(void)
133 dissector_handle_t mapi_handle;
135 mapi_handle = create_dissector_handle(dissect_mapi, proto_mapi);
136 dissector_add("tcp.port", TCP_PORT_MAPI, mapi_handle);