2 * Routines for portmap dissection
4 * $Id: packet-portmap.c,v 1.35 2002/04/14 23:04:03 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * Copied from packet-smb.c
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #ifdef HAVE_SYS_TYPES_H
33 #include <sys/types.h>
37 #include "packet-rpc.h"
38 #include "packet-portmap.h"
44 * RFC 1833, "Binding Protocols for ONC RPC Version 2".
47 static int proto_portmap = -1;
48 static int hf_portmap_proto = -1;
49 static int hf_portmap_prog = -1;
50 static int hf_portmap_proc = -1;
51 static int hf_portmap_version = -1;
52 static int hf_portmap_port = -1;
53 static int hf_portmap_answer = -1;
54 static int hf_portmap_args = -1;
55 static int hf_portmap_result = -1;
56 static int hf_portmap_rpcb = -1;
57 static int hf_portmap_rpcb_prog = -1;
58 static int hf_portmap_rpcb_version = -1;
59 static int hf_portmap_rpcb_netid = -1;
60 static int hf_portmap_rpcb_addr = -1;
61 static int hf_portmap_rpcb_owner = -1;
62 static int hf_portmap_uaddr = -1;
65 static gint ett_portmap = -1;
66 static gint ett_portmap_rpcb = -1;
67 static gint ett_portmap_entry = -1;
70 /* Dissect a getport call */
72 dissect_getport_call(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
80 prog = tvb_get_ntohl(tvb, offset+0);
81 proto_tree_add_uint_format(tree, hf_portmap_prog, tvb,
82 offset, 4, prog, "Program: %s (%u)",
83 rpc_prog_name(prog), prog);
84 proto_tree_add_item(tree, hf_portmap_version, tvb,
87 proto = tvb_get_ntohl(tvb, offset+8);
88 proto_tree_add_uint_format(tree, hf_portmap_proto, tvb,
89 offset+8, 4, proto, "Proto: %s (%u)", ipprotostr(proto), proto);
91 proto_tree_add_item(tree, hf_portmap_port, tvb,
99 dissect_getport_reply(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
102 offset = dissect_rpc_uint32(tvb, tree, hf_portmap_port,
107 /* Dissect a 'set' call */
109 dissect_set_call(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
117 prog = tvb_get_ntohl(tvb, offset+0);
118 proto_tree_add_uint_format(tree, hf_portmap_prog, tvb,
119 offset, 4, prog, "Program: %s (%d)",
120 rpc_prog_name(prog), prog);
121 proto_tree_add_item(tree, hf_portmap_version, tvb,
124 proto = tvb_get_ntohl(tvb, offset+8);
125 proto_tree_add_uint_format(tree, hf_portmap_proto,tvb,
126 offset+8, 4, proto, "Proto: %s (%d)", ipprotostr(proto), proto);
128 proto_tree_add_item(tree, hf_portmap_port, tvb,
129 offset+12, 4, FALSE);
135 /* Dissect a 'unset' call */
137 dissect_unset_call(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
145 prog = tvb_get_ntohl(tvb, offset+0);
146 proto_tree_add_uint_format(tree, hf_portmap_prog, tvb,
147 offset, 4, prog, "Program: %s (%d)",
148 rpc_prog_name(prog), prog);
149 proto_tree_add_item(tree, hf_portmap_version, tvb,
152 proto = tvb_get_ntohl(tvb, offset+8);
153 proto_tree_add_uint(tree, hf_portmap_proto, tvb,
156 proto_tree_add_item(tree, hf_portmap_port, tvb,
157 offset+12, 4, FALSE);
164 dissect_set_reply(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
167 offset = dissect_rpc_bool(tvb, tree, hf_portmap_answer,
173 dissect_dump_entry(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
176 int prog, version, proto, port;
177 proto_item *ti, *subtree;
179 prog = tvb_get_ntohl(tvb, offset+0);
180 version = tvb_get_ntohl(tvb, offset+4);
181 proto = tvb_get_ntohl(tvb, offset+8);
182 port = tvb_get_ntohl(tvb, offset+12);
185 ti = proto_tree_add_text(tree, tvb, offset, 16,
186 "Map Entry: %s (%u) V%d",
187 rpc_prog_name(prog), prog, version);
188 subtree = proto_item_add_subtree(ti, ett_portmap_entry);
190 proto_tree_add_uint_format(subtree, hf_portmap_prog, tvb,
192 "Program: %s (%u)", rpc_prog_name(prog), prog);
193 proto_tree_add_uint(subtree, hf_portmap_version, tvb,
194 offset+4, 4, version);
195 proto_tree_add_uint_format(subtree, hf_portmap_proto, tvb,
197 "Protocol: %s (0x%02x)", ipprotostr(proto), proto);
198 proto_tree_add_uint(subtree, hf_portmap_port, tvb,
206 dissect_dump_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
209 offset = dissect_rpc_list(tvb, pinfo, tree, offset,
214 /* Dissect a callit call */
216 dissect_callit_call(tvbuff_t *tvb, int offset, packet_info *pinfo,
219 guint32 prog, vers, proc;
221 prog = tvb_get_ntohl(tvb, offset+0);
224 proto_tree_add_uint_format(tree, hf_portmap_prog, tvb,
225 offset, 4, prog, "Program: %s (%u)",
226 rpc_prog_name(prog), prog);
229 vers = tvb_get_ntohl(tvb, offset+4);
232 proto_tree_add_uint(tree, hf_portmap_version, tvb,
236 proc = tvb_get_ntohl(tvb, offset+8);
239 proto_tree_add_uint_format(tree, hf_portmap_proc, tvb,
240 offset+8, 4, proc, "Procedure: %s (%u)",
241 rpc_proc_name(prog, vers, proc), proc);
246 /* Dissect the arguments for this procedure.
247 Make the columns non-writable, so the dissector won't change
248 them out from under us. */
249 col_set_writable(pinfo->cinfo, FALSE);
250 offset = dissect_rpc_indir_call(tvb, pinfo, tree, offset,
251 hf_portmap_args, prog, vers, proc);
256 /* Dissect a callit reply */
258 dissect_callit_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
263 proto_tree_add_item(tree, hf_portmap_port, tvb,
268 /* Dissect the result of this procedure.
269 Make the columns non-writable, so the dissector won't change
270 them out from under us. */
271 col_set_writable(pinfo->cinfo, FALSE);
272 offset = dissect_rpc_indir_reply(tvb, pinfo, tree, offset,
273 hf_portmap_result, hf_portmap_prog, hf_portmap_version,
279 /* proc number, "proc name", dissect_request, dissect_reply */
280 /* NULL as function pointer means: type of arguments is "void". */
281 static const vsff portmap1_proc[] = {
282 { PORTMAPPROC_NULL, "NULL", NULL, NULL },
283 { PORTMAPPROC_SET, "SET", NULL, NULL },
284 { PORTMAPPROC_UNSET, "UNSET", NULL, NULL },
285 { PORTMAPPROC_GETPORT, "GETPORT", NULL, NULL },
286 { PORTMAPPROC_DUMP, "DUMP", NULL, NULL },
287 { PORTMAPPROC_CALLIT, "CALLIT", NULL, NULL },
288 { 0, NULL, NULL, NULL }
290 /* end of Portmap version 1 */
292 static const vsff portmap2_proc[] = {
293 { PORTMAPPROC_NULL, "NULL",
295 { PORTMAPPROC_SET, "SET",
296 dissect_set_call, dissect_set_reply },
297 { PORTMAPPROC_UNSET, "UNSET",
298 dissect_unset_call, dissect_set_reply },
299 { PORTMAPPROC_GETPORT, "GETPORT",
300 dissect_getport_call, dissect_getport_reply },
301 { PORTMAPPROC_DUMP, "DUMP",
302 NULL, dissect_dump_reply },
303 { PORTMAPPROC_CALLIT, "CALLIT",
304 dissect_callit_call, dissect_callit_reply },
305 { 0, NULL, NULL, NULL }
307 /* end of Portmap version 2 */
310 /* RFC 1833, Page 3 */
312 dissect_rpcb(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree)
314 proto_item* rpcb_item = NULL;
315 proto_tree* rpcb_tree = NULL;
316 int old_offset = offset;
320 rpcb_item = proto_tree_add_item(tree, hf_portmap_rpcb, tvb,
323 rpcb_tree = proto_item_add_subtree(rpcb_item, ett_portmap_rpcb);
326 prog = tvb_get_ntohl(tvb, offset);
328 proto_tree_add_uint_format(rpcb_tree, hf_portmap_rpcb_prog, tvb,
330 "Program: %s (%u)", rpc_prog_name(prog), prog);
333 offset = dissect_rpc_uint32(tvb, rpcb_tree,
334 hf_portmap_rpcb_version, offset);
335 offset = dissect_rpc_string(tvb, rpcb_tree,
336 hf_portmap_rpcb_netid, offset, NULL);
337 offset = dissect_rpc_string(tvb, rpcb_tree,
338 hf_portmap_rpcb_addr, offset, NULL);
339 offset = dissect_rpc_string(tvb, rpcb_tree,
340 hf_portmap_rpcb_owner, offset, NULL);
342 /* now we know, that rpcb is shorter */
344 proto_item_set_len(rpcb_item, offset - old_offset);
352 /* RFC 1833, Page 7 */
354 dissect_rpcb3_getaddr_call(tvbuff_t *tvb, int offset, packet_info *pinfo,
357 offset = dissect_rpcb(tvb, offset, pinfo, tree);
363 /* RFC 1833, Page 7 */
365 dissect_rpcb3_getaddr_reply(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
368 offset = dissect_rpc_string(tvb, tree,
369 hf_portmap_uaddr, offset, NULL);
375 /* RFC 1833, Page 7 */
377 dissect_rpcb3_dump_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
380 offset = dissect_rpc_list(tvb, pinfo, tree, offset, dissect_rpcb);
384 /* RFC 1833, page 4 */
386 dissect_rpcb_rmtcallres(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
389 /* Dissect the remote universal address. */
390 offset = dissect_rpc_string(tvb, tree,
391 hf_portmap_rpcb_addr, offset, NULL);
393 /* Dissect the result of this procedure.
394 Make the columns non-writable, so the dissector won't change
395 them out from under us. */
396 col_set_writable(pinfo->cinfo, FALSE);
397 offset = dissect_rpc_indir_reply(tvb, pinfo, tree, offset,
398 hf_portmap_result, hf_portmap_prog, hf_portmap_version,
405 /* Portmapper version 3, RFC 1833, Page 7 */
406 static const vsff portmap3_proc[] = {
407 { RPCBPROC_NULL, "NULL",
409 { RPCBPROC_SET, "SET",
411 { RPCBPROC_UNSET, "UNSET",
413 { RPCBPROC_GETADDR, "GETADDR",
414 dissect_rpcb3_getaddr_call, dissect_rpcb3_getaddr_reply},
415 { RPCBPROC_DUMP, "DUMP",
416 NULL, dissect_rpcb3_dump_reply },
417 { RPCBPROC_CALLIT, "CALLIT",
418 dissect_callit_call, dissect_rpcb_rmtcallres },
419 { RPCBPROC_GETTIME, "GETTIME",
421 { RPCBPROC_UADDR2TADDR, "UADDR2TADDR",
423 { RPCBPROC_TADDR2UADDR, "TADDR2UADDR",
425 { 0, NULL, NULL, NULL }
427 /* end of Portmap version 3 */
430 /* Portmapper version 4, RFC 1833, Page 8 */
431 static const vsff portmap4_proc[] = {
432 { RPCBPROC_NULL, "NULL",
434 { RPCBPROC_SET, "SET",
436 { RPCBPROC_UNSET, "UNSET",
438 { RPCBPROC_GETADDR, "GETADDR",
439 dissect_rpcb3_getaddr_call, dissect_rpcb3_getaddr_reply},
440 { RPCBPROC_DUMP, "DUMP",
441 NULL, dissect_rpcb3_dump_reply },
442 { RPCBPROC_BCAST, "BCAST",
443 dissect_callit_call, dissect_rpcb_rmtcallres },
444 { RPCBPROC_GETTIME, "GETTIME",
446 { RPCBPROC_UADDR2TADDR, "UADDR2TADDR",
448 { RPCBPROC_TADDR2UADDR, "TADDR2UADDR",
450 { RPCBPROC_GETVERSADDR, "GETVERSADDR",
452 { RPCBPROC_INDIRECT, "INDIRECT",
453 dissect_callit_call, dissect_rpcb_rmtcallres },
454 { RPCBPROC_GETADDRLIST, "GETADDRLIST",
456 { RPCBPROC_GETSTAT, "GETSTAT",
458 { 0, NULL, NULL, NULL }
460 /* end of Portmap version 4 */
463 proto_register_portmap(void)
465 static hf_register_info hf[] = {
466 { &hf_portmap_prog, {
467 "Program", "portmap.prog", FT_UINT32, BASE_DEC,
468 NULL, 0, "Program", HFILL }},
469 { &hf_portmap_port, {
470 "Port", "portmap.port", FT_UINT32, BASE_DEC,
471 NULL, 0, "Port", HFILL }},
472 { &hf_portmap_proc, {
473 "Procedure", "portmap.proc", FT_UINT32, BASE_DEC,
474 NULL, 0, "Procedure", HFILL }},
475 { &hf_portmap_proto, {
476 "Protocol", "portmap.proto", FT_UINT32, BASE_DEC,
477 NULL, 0, "Protocol", HFILL }},
478 { &hf_portmap_version, {
479 "Version", "portmap.version", FT_UINT32, BASE_DEC,
480 NULL, 0, "Version", HFILL }},
481 { &hf_portmap_answer, {
482 "Answer", "portmap.answer", FT_BOOLEAN, BASE_DEC,
483 NULL, 0, "Answer", HFILL }},
484 { &hf_portmap_args, {
485 "Arguments", "portmap.args", FT_BYTES, BASE_HEX,
486 NULL, 0, "Arguments", HFILL }},
487 { &hf_portmap_result, {
488 "Result", "portmap.result", FT_BYTES, BASE_HEX,
489 NULL, 0, "Result", HFILL }},
490 { &hf_portmap_rpcb, {
491 "RPCB", "portmap.rpcb", FT_NONE, 0,
492 NULL, 0, "RPCB", HFILL }},
493 { &hf_portmap_rpcb_prog, {
494 "Program", "portmap.rpcb.prog", FT_UINT32, BASE_DEC,
495 NULL, 0, "Program", HFILL }},
496 { &hf_portmap_rpcb_version, {
497 "Version", "portmap.rpcb.version", FT_UINT32, BASE_DEC,
498 NULL, 0, "Version", HFILL }},
499 { &hf_portmap_rpcb_netid, {
500 "Network Id", "portmap.rpcb.netid", FT_STRING, BASE_DEC,
501 NULL, 0, "Network Id", HFILL }},
502 { &hf_portmap_rpcb_addr, { /* address in rpcb structure in request */
503 "Universal Address", "portmap.rpcb.addr", FT_STRING, BASE_DEC,
504 NULL, 0, "Universal Address", HFILL }},
505 { &hf_portmap_rpcb_owner, {
506 "Owner of this Service", "portmap.rpcb.owner", FT_STRING, BASE_DEC,
507 NULL, 0, "Owner of this Service", HFILL }},
508 { &hf_portmap_uaddr, { /* address in RPCBPROC_GETADDR reply */
509 "Universal Address", "portmap.uaddr", FT_STRING, BASE_DEC,
510 NULL, 0, "Universal Address", HFILL }},
512 static gint *ett[] = {
518 proto_portmap = proto_register_protocol("Portmap", "Portmap", "portmap");
519 proto_register_field_array(proto_portmap, hf, array_length(hf));
520 proto_register_subtree_array(ett, array_length(ett));
524 proto_reg_handoff_portmap(void)
526 /* Register the protocol as RPC */
527 rpc_init_prog(proto_portmap, PORTMAP_PROGRAM, ett_portmap);
528 /* Register the procedure tables */
529 rpc_init_proc_table(PORTMAP_PROGRAM, 1, portmap1_proc);
530 rpc_init_proc_table(PORTMAP_PROGRAM, 2, portmap2_proc);
531 rpc_init_proc_table(PORTMAP_PROGRAM, 3, portmap3_proc);
532 rpc_init_proc_table(PORTMAP_PROGRAM, 4, portmap4_proc);
git.samba.org / obnox / wireshark / wip.git / blob