2 * Routines for SMB Browser packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb-browse.c,v 1.19 2001/12/10 00:25:34 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
51 #include "packet-smb-browse.h"
53 static int proto_smb_browse = -1;
54 static int hf_command = -1;
55 static int hf_update_count = -1;
56 static int hf_periodicity = -1;
57 static int hf_server_name = -1;
58 static int hf_mb_server_name = -1;
59 static int hf_os_major = -1;
60 static int hf_os_minor = -1;
61 static int hf_server_type = -1;
62 static int hf_server_type_workstation = -1;
63 static int hf_server_type_server = -1;
64 static int hf_server_type_sql = -1;
65 static int hf_server_type_domain = -1;
66 static int hf_server_type_backup = -1;
67 static int hf_server_type_time = -1;
68 static int hf_server_type_apple = -1;
69 static int hf_server_type_novell = -1;
70 static int hf_server_type_member = -1;
71 static int hf_server_type_print = -1;
72 static int hf_server_type_dialin = -1;
73 static int hf_server_type_xenix = -1;
74 static int hf_server_type_ntw = -1;
75 static int hf_server_type_wfw = -1;
76 static int hf_server_type_nts = -1;
77 static int hf_server_type_potentialb = -1;
78 static int hf_server_type_backupb = -1;
79 static int hf_server_type_masterb = -1;
80 static int hf_server_type_domainmasterb = -1;
81 static int hf_server_type_osf = -1;
82 static int hf_server_type_vms = -1;
83 static int hf_server_type_w95 = -1;
84 static int hf_server_type_local = -1;
85 static int hf_server_type_domainenum = -1;
86 static int hf_election_version = -1;
87 static int hf_proto_major = -1;
88 static int hf_proto_minor = -1;
89 static int hf_sig_const = -1;
90 static int hf_server_comment = -1;
91 static int hf_unused_flags = -1;
92 static int hf_response_computer_name = -1;
93 static int hf_election_criteria = -1;
94 static int hf_election_desire = -1;
95 static int hf_election_desire_flags_backup = -1;
96 static int hf_election_desire_flags_standby = -1;
97 static int hf_election_desire_flags_master = -1;
98 static int hf_election_desire_flags_domain_master = -1;
99 static int hf_election_desire_flags_wins = -1;
100 static int hf_election_desire_flags_nt = -1;
101 static int hf_election_revision = -1;
102 static int hf_election_os = -1;
103 static int hf_election_os_wfw = -1;
104 static int hf_election_os_ntw = -1;
105 static int hf_election_os_nts = -1;
106 static int hf_server_uptime = -1;
107 static int hf_backup_count = -1;
108 static int hf_backup_token = -1;
109 static int hf_backup_server = -1;
110 static int hf_browser_to_promote = -1;
112 static gint ett_browse = -1;
113 static gint ett_browse_flags = -1;
114 static gint ett_browse_election_criteria = -1;
115 static gint ett_browse_election_os = -1;
116 static gint ett_browse_election_desire = -1;
119 #define SERVER_WORKSTATION 0
120 #define SERVER_SERVER 1
121 #define SERVER_SQL_SERVER 2
122 #define SERVER_DOMAIN_CONTROLLER 3
123 #define SERVER_BACKUP_CONTROLLER 4
124 #define SERVER_TIME_SOURCE 5
125 #define SERVER_APPLE_SERVER 6
126 #define SERVER_NOVELL_SERVER 7
127 #define SERVER_DOMAIN_MEMBER_SERVER 8
128 #define SERVER_PRINT_QUEUE_SERVER 9
129 #define SERVER_DIALIN_SERVER 10
130 #define SERVER_XENIX_SERVER 11
131 #define SERVER_NT_WORKSTATION 12
132 #define SERVER_WINDOWS_FOR_WORKGROUPS 13
133 #define SERVER_NT_SERVER 15
134 #define SERVER_POTENTIAL_BROWSER 16
135 #define SERVER_BACKUP_BROWSER 17
136 #define SERVER_MASTER_BROWSER 18
137 #define SERVER_DOMAIN_MASTER_BROWSER 19
138 #define SERVER_OSF 20
139 #define SERVER_VMS 21
140 #define SERVER_WINDOWS_95 22
141 #define SERVER_LOCAL_LIST_ONLY 30
142 #define SERVER_DOMAIN_ENUM 31
144 static const value_string server_types[] = {
145 {SERVER_WORKSTATION, "Workstation"},
146 {SERVER_SERVER, "Server"},
147 {SERVER_SQL_SERVER, "SQL Server"},
148 {SERVER_DOMAIN_CONTROLLER, "Domain Controller"},
149 {SERVER_BACKUP_CONTROLLER, "Backup Controller"},
150 {SERVER_TIME_SOURCE, "Time Source"},
151 {SERVER_APPLE_SERVER, "Apple Server"},
152 {SERVER_NOVELL_SERVER, "Novell Server"},
153 {SERVER_DOMAIN_MEMBER_SERVER, "Domain Member Server"},
154 {SERVER_PRINT_QUEUE_SERVER, "Print Queue Server"},
155 {SERVER_DIALIN_SERVER, "Dialin Server"},
156 {SERVER_XENIX_SERVER, "Xenix Server"},
157 {SERVER_NT_WORKSTATION, "NT Workstation"},
158 {SERVER_WINDOWS_FOR_WORKGROUPS, "Windows for Workgroups"},
159 {SERVER_NT_SERVER, "NT Server"},
160 {SERVER_POTENTIAL_BROWSER, "Potential Browser"},
161 {SERVER_BACKUP_BROWSER, "Backup Browser"},
162 {SERVER_MASTER_BROWSER, "Master Browser"},
163 {SERVER_DOMAIN_MASTER_BROWSER, "Domain Master Browser"},
166 {SERVER_WINDOWS_95, "Windows 95 or above"},
167 {SERVER_LOCAL_LIST_ONLY, "Local List Only"},
168 {SERVER_DOMAIN_ENUM, "Domain Enum"},
172 static const true_false_string tfs_workstation = {
173 "This is a Workstation",
174 "This is NOT a Workstation"
176 static const true_false_string tfs_server = {
178 "This is NOT a Server"
180 static const true_false_string tfs_sql = {
181 "This is an SQL server",
182 "This is NOT an SQL server"
184 static const true_false_string tfs_domain = {
185 "This is a Domain Controller",
186 "This is NOT a Domain Controller"
188 static const true_false_string tfs_backup = {
189 "This is a Backup Controller",
190 "This is NOT a Backup Controller"
192 static const true_false_string tfs_time = {
193 "This is a Time Source",
194 "This is NOT a Time Source"
196 static const true_false_string tfs_apple = {
197 "This is an Apple host",
198 "This is NOT an Apple host"
200 static const true_false_string tfs_novell = {
201 "This is a Novell server",
202 "This is NOT a Novell server"
204 static const true_false_string tfs_member = {
205 "This is a Domain Member server",
206 "This is NOT a Domain Member server"
208 static const true_false_string tfs_print = {
209 "This is a Print Queue server",
210 "This is NOT a Print Queue server"
212 static const true_false_string tfs_dialin = {
213 "This is a Dialin server",
214 "This is NOT a Dialin server"
216 static const true_false_string tfs_xenix = {
217 "This is a Xenix server",
218 "This is NOT a Xenix server"
220 static const true_false_string tfs_ntw = {
221 "This is an NT Workstation",
222 "This is NOT an NT Workstation"
224 static const true_false_string tfs_wfw = {
225 "This is a WfW host",
226 "This is NOT a WfW host"
228 static const true_false_string tfs_nts = {
229 "This is an NT Server",
230 "This is NOT an NT Server"
232 static const true_false_string tfs_potentialb = {
233 "This is a Potential Browser",
234 "This is NOT a Potential Browser"
236 static const true_false_string tfs_backupb = {
237 "This is a Backup Browser",
238 "This is NOT a Backup Browser"
240 static const true_false_string tfs_masterb = {
241 "This is a Master Browser",
242 "This is NOT a Master Browser"
244 static const true_false_string tfs_domainmasterb = {
245 "This is a Domain Master Browser",
246 "This is NOT a Domain Master Browser"
248 static const true_false_string tfs_osf = {
249 "This is an OSF host",
250 "This is NOT an OSF host"
252 static const true_false_string tfs_vms = {
253 "This is a VMS host",
254 "This is NOT a VMS host"
256 static const true_false_string tfs_w95 = {
257 "This is a Windows 95 or above host",
258 "This is NOT a Windows 95 or above host"
260 static const true_false_string tfs_local = {
261 "This is a local list only request",
262 "This is NOT a local list only request"
264 static const true_false_string tfs_domainenum = {
265 "This is a Domain Enum request",
266 "This is NOT a Domain Enum request"
269 #define DESIRE_BACKUP 0
270 #define DESIRE_STANDBY 1
271 #define DESIRE_MASTER 2
272 #define DESIRE_DOMAIN_MASTER 3
273 #define DESIRE_WINS 5
276 static const value_string desire_flags[] = {
277 {DESIRE_BACKUP, "Backup Browse Server"},
278 {DESIRE_STANDBY, "Standby Browse Server"},
279 {DESIRE_MASTER, "Master Browser"},
280 {DESIRE_DOMAIN_MASTER, "Domain Master Browse Server"},
281 {DESIRE_WINS, "WINS Client"},
282 {DESIRE_NT, "Windows NT Advanced Server"},
286 static const true_false_string tfs_desire_backup = {
287 "Backup Browse Server",
288 "NOT Backup Browse Server"
290 static const true_false_string tfs_desire_standby = {
291 "Standby Browse Server",
292 "NOT Standby Browse Server"
294 static const true_false_string tfs_desire_master = {
298 static const true_false_string tfs_desire_domain_master = {
299 "Domain Master Browse Server",
300 "NOT Domain Master Browse Server"
302 static const true_false_string tfs_desire_wins = {
306 static const true_false_string tfs_desire_nt = {
307 "Windows NT Advanced Server",
308 "NOT Windows NT Advanced Server"
311 #define BROWSE_HOST_ANNOUNCE 1
312 #define BROWSE_REQUEST_ANNOUNCE 2
313 #define BROWSE_ELECTION_REQUEST 8
314 #define BROWSE_BACKUP_LIST_REQUEST 9
315 #define BROWSE_BACKUP_LIST_RESPONSE 10
316 #define BROWSE_BECOME_BACKUP 11
317 #define BROWSE_DOMAIN_ANNOUNCEMENT 12
318 #define BROWSE_MASTER_ANNOUNCEMENT 13
319 #define BROWSE_LOCAL_MASTER_ANNOUNCEMENT 15
321 static const value_string commands[] = {
322 {BROWSE_HOST_ANNOUNCE, "Host Announcement"},
323 {BROWSE_REQUEST_ANNOUNCE, "Request Announcement"},
324 {BROWSE_ELECTION_REQUEST, "Browser Election Request"},
325 {BROWSE_BACKUP_LIST_REQUEST, "Get Backup List Request"},
326 {BROWSE_BACKUP_LIST_RESPONSE, "Get Backup List Response"},
327 {BROWSE_BECOME_BACKUP, "Become Backup Browser"},
328 {BROWSE_DOMAIN_ANNOUNCEMENT, "Domain/Workgroup Announcement"},
329 {BROWSE_MASTER_ANNOUNCEMENT, "Master Announcement"},
330 {BROWSE_LOCAL_MASTER_ANNOUNCEMENT,"Local Master Announcement"},
338 static const value_string os_flags[] = {
339 {OS_WFW, "Windows for Workgroups"},
340 {OS_NTW, "Windows NT Workstation"},
341 {OS_NTS, "Windows NT Server"},
345 static const true_false_string tfs_os_wfw = {
346 "Windows for Workgroups",
347 "Not Windows for Workgroups"
349 static const true_false_string tfs_os_ntw = {
350 "Windows NT Workstation",
351 "Not Windows NT Workstation"
353 static const true_false_string tfs_os_nts = {
355 "Not Windows NT Server"
359 dissect_election_criterion_os(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
361 proto_tree *tree = NULL;
362 proto_item *item = NULL;
365 os = tvb_get_guint8(tvb, offset);
368 item = proto_tree_add_uint(parent_tree, hf_election_os, tvb, offset, 1, os);
369 tree = proto_item_add_subtree(item, ett_browse_election_os);
372 proto_tree_add_boolean(tree, hf_election_os_wfw,
374 proto_tree_add_boolean(tree, hf_election_os_ntw,
376 proto_tree_add_boolean(tree, hf_election_os_nts,
382 dissect_election_criterion_desire(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
384 proto_tree *tree = NULL;
385 proto_item *item = NULL;
388 desire = tvb_get_guint8(tvb, offset);
391 item = proto_tree_add_uint(parent_tree, hf_election_desire, tvb, offset, 1, desire);
392 tree = proto_item_add_subtree(item, ett_browse_election_desire);
395 proto_tree_add_boolean(tree, hf_election_desire_flags_backup,
396 tvb, offset, 1, desire);
397 proto_tree_add_boolean(tree, hf_election_desire_flags_standby,
398 tvb, offset, 1, desire);
399 proto_tree_add_boolean(tree, hf_election_desire_flags_master,
400 tvb, offset, 1, desire);
401 proto_tree_add_boolean(tree, hf_election_desire_flags_domain_master,
402 tvb, offset, 1, desire);
403 proto_tree_add_boolean(tree, hf_election_desire_flags_wins,
404 tvb, offset, 1, desire);
405 proto_tree_add_boolean(tree, hf_election_desire_flags_nt,
406 tvb, offset, 1, desire);
411 dissect_election_criterion(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
413 proto_tree *tree = NULL;
414 proto_item *item = NULL;
417 criterion = tvb_get_letohl(tvb, offset);
420 item = proto_tree_add_uint(parent_tree, hf_election_criteria, tvb, offset, 4, criterion);
421 tree = proto_item_add_subtree(item, ett_browse_election_criteria);
424 /* election desire */
425 dissect_election_criterion_desire(tvb, pinfo, tree, offset);
428 /* browser protocol major version */
429 proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, TRUE);
432 /* browser protocol minor version */
433 proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, TRUE);
437 dissect_election_criterion_os(tvb, pinfo, tree, offset);
443 * XXX - this causes non-browser packets to have browser fields.
446 dissect_smb_server_type_flags(tvbuff_t *tvb, packet_info *pinfo,
447 proto_tree *parent_tree, int offset, gboolean infoflag)
449 proto_tree *tree = NULL;
450 proto_item *item = NULL;
454 flags = tvb_get_letohl(tvb, offset);
457 item = proto_tree_add_uint(parent_tree, hf_server_type, tvb, offset, 4, flags);
458 tree = proto_item_add_subtree(item, ett_browse_flags);
462 /* Append the type(s) of the system to the COL_INFO line ... */
463 if (check_col(pinfo->cinfo, COL_INFO)) {
464 for (i = 0; i < 32; i++) {
465 if (flags & (1<<i)) {
466 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
467 val_to_str(i, server_types,
468 "Unknown server type:%d"));
474 proto_tree_add_boolean(tree, hf_server_type_workstation,
475 tvb, offset, 4, flags);
476 proto_tree_add_boolean(tree, hf_server_type_server,
477 tvb, offset, 4, flags);
478 proto_tree_add_boolean(tree, hf_server_type_sql,
479 tvb, offset, 4, flags);
480 proto_tree_add_boolean(tree, hf_server_type_domain,
481 tvb, offset, 4, flags);
482 proto_tree_add_boolean(tree, hf_server_type_backup,
483 tvb, offset, 4, flags);
484 proto_tree_add_boolean(tree, hf_server_type_time,
485 tvb, offset, 4, flags);
486 proto_tree_add_boolean(tree, hf_server_type_apple,
487 tvb, offset, 4, flags);
488 proto_tree_add_boolean(tree, hf_server_type_novell,
489 tvb, offset, 4, flags);
490 proto_tree_add_boolean(tree, hf_server_type_member,
491 tvb, offset, 4, flags);
492 proto_tree_add_boolean(tree, hf_server_type_print,
493 tvb, offset, 4, flags);
494 proto_tree_add_boolean(tree, hf_server_type_dialin,
495 tvb, offset, 4, flags);
496 proto_tree_add_boolean(tree, hf_server_type_xenix,
497 tvb, offset, 4, flags);
498 proto_tree_add_boolean(tree, hf_server_type_ntw,
499 tvb, offset, 4, flags);
500 proto_tree_add_boolean(tree, hf_server_type_wfw,
501 tvb, offset, 4, flags);
502 proto_tree_add_boolean(tree, hf_server_type_nts,
503 tvb, offset, 4, flags);
504 proto_tree_add_boolean(tree, hf_server_type_potentialb,
505 tvb, offset, 4, flags);
506 proto_tree_add_boolean(tree, hf_server_type_backupb,
507 tvb, offset, 4, flags);
508 proto_tree_add_boolean(tree, hf_server_type_masterb,
509 tvb, offset, 4, flags);
510 proto_tree_add_boolean(tree, hf_server_type_domainmasterb,
511 tvb, offset, 4, flags);
512 proto_tree_add_boolean(tree, hf_server_type_osf,
513 tvb, offset, 4, flags);
514 proto_tree_add_boolean(tree, hf_server_type_vms,
515 tvb, offset, 4, flags);
516 proto_tree_add_boolean(tree, hf_server_type_w95,
517 tvb, offset, 4, flags);
518 proto_tree_add_boolean(tree, hf_server_type_local,
519 tvb, offset, 4, flags);
520 proto_tree_add_boolean(tree, hf_server_type_domainenum,
521 tvb, offset, 4, flags);
527 dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
531 proto_tree *tree = NULL;
532 proto_item *item = NULL;
540 if (!proto_is_protocol_enabled(proto_smb_browse)) {
544 pinfo->current_proto = "BROWSER";
546 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
547 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
549 if (check_col(pinfo->cinfo, COL_INFO)) {
550 col_clear(pinfo->cinfo, COL_INFO);
553 cmd = tvb_get_guint8(tvb, offset);
555 if (check_col(pinfo->cinfo, COL_INFO)) {
556 /* Put in something, and replace it later */
557 col_set_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));
562 item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, tvb_length_remaining(tvb, offset), TRUE);
564 tree = proto_item_add_subtree(item, ett_browse);
568 proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
572 case BROWSE_DOMAIN_ANNOUNCEMENT:
573 case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
574 case BROWSE_HOST_ANNOUNCE:
576 proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, TRUE);
579 /* periodicity (in milliseconds) */
580 periodicity = tvb_get_letohl(tvb, offset);
581 proto_tree_add_uint_format(tree, hf_periodicity, tvb, offset, 4,
583 "Update Periodicity: %s",
584 time_msecs_to_str(periodicity));
588 tvb_get_nstringz0(tvb, offset, 16, host_name);
589 if (check_col(pinfo->cinfo, COL_INFO)) {
590 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);
592 proto_tree_add_string_format(tree, hf_server_name,
595 (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
596 "Domain/Workgroup: %s":
601 /* OS major version */
602 proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, TRUE);
605 /* OS minor version */
606 proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, TRUE);
609 /* server type flags */
610 dissect_smb_server_type_flags(tvb, pinfo, tree, offset, TRUE);
613 if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT) {
615 * Network Monitor claims this is a "Comment
616 * Pointer". I don't believe it.
618 * It's not a browser protocol major/minor
619 * version number, and signature constant,
622 proto_tree_add_text(tree, tvb, offset, 4,
623 "Mysterious Field: 0x%08x",
624 tvb_get_letohl(tvb, offset));
627 /* browser protocol major version */
628 proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, TRUE);
631 /* browser protocol minor version */
632 proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, TRUE);
635 /* signature constant */
636 proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, TRUE);
640 /* master browser server name or server comment */
641 namelen = tvb_strsize(tvb, offset);
642 proto_tree_add_item(tree,
643 (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
644 hf_mb_server_name : hf_server_comment,
645 tvb, offset, namelen, TRUE);
649 case BROWSE_REQUEST_ANNOUNCE:
650 /* unused/unknown flags */
651 proto_tree_add_item(tree, hf_unused_flags,
652 tvb, offset, 1, TRUE);
655 /* name of computer to which to send reply */
656 namelen = tvb_strsize(tvb, offset);
657 proto_tree_add_item(tree, hf_response_computer_name,
658 tvb, offset, namelen, TRUE);
662 case BROWSE_ELECTION_REQUEST:
663 /* election version */
664 proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, TRUE);
668 dissect_election_criterion(tvb, pinfo, tree, offset);
672 uptime = tvb_get_letohl(tvb, offset);
673 proto_tree_add_uint_format(tree, hf_server_uptime,
674 tvb, offset, 4, uptime,
676 time_msecs_to_str(uptime));
679 /* next 4 bytes must be zero */
683 namelen = tvb_strsize(tvb, offset);
684 proto_tree_add_item(tree, hf_server_name,
685 tvb, offset, namelen, TRUE);
689 case BROWSE_BACKUP_LIST_REQUEST:
690 /* backup list requested count */
691 proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, TRUE);
694 /* backup requested token */
695 proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, TRUE);
699 case BROWSE_BACKUP_LIST_RESPONSE:
700 /* backup list requested count */
701 server_count = tvb_get_guint8(tvb, offset);
702 proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1,
706 /* backup requested token */
707 proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, TRUE);
710 /* backup server names */
711 for (i = 0; i < server_count; i++) {
712 namelen = tvb_strsize(tvb, offset);
713 proto_tree_add_item(tree, hf_backup_server,
714 tvb, offset, namelen, TRUE);
719 case BROWSE_MASTER_ANNOUNCEMENT:
720 /* master browser server name */
721 namelen = tvb_strsize(tvb, offset);
722 proto_tree_add_item(tree, hf_mb_server_name,
723 tvb, offset, namelen, TRUE);
727 case BROWSE_BECOME_BACKUP:
728 /* name of browser to promote */
729 namelen = tvb_strsize(tvb, offset);
730 proto_tree_add_item(tree, hf_browser_to_promote,
731 tvb, offset, namelen, TRUE);
740 * It appears that browser announcements sent to \MAILSLOT\LANMAN aren't
741 * the same as browser announcements sent to \MAILSLOT\BROWSE.
742 * Was that an older version of the protocol?
746 * http://www.samba.org/samba/ftp/specs/brow_rev.txt
748 * gives both formats of host announcement packets, saying that
749 * "[The first] format seems wrong", that one being what appears to
750 * show up in \MAILSLOT\LANMAN packets, and that "[The second one]
751 * may be better", that one being what appears to show up in
752 * \MAILSLOT\BROWSE packets.
754 * XXX - what other browser packets go out to that mailslot?
757 dissect_mailslot_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
761 proto_tree *tree = NULL;
762 proto_item *item = NULL;
764 const char *host_name;
767 if (!proto_is_protocol_enabled(proto_smb_browse)) {
771 pinfo->current_proto = "BROWSER";
773 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
774 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");
776 if (check_col(pinfo->cinfo, COL_INFO)) {
777 col_clear(pinfo->cinfo, COL_INFO);
780 cmd = tvb_get_guint8(tvb, offset);
782 if (check_col(pinfo->cinfo, COL_INFO)) {
783 /* Put in something, and replace it later */
784 col_set_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x"));
789 item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, tvb_length_remaining(tvb, offset), TRUE);
791 tree = proto_item_add_subtree(item, ett_browse);
795 proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);
799 case BROWSE_DOMAIN_ANNOUNCEMENT:
800 case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:
801 case BROWSE_HOST_ANNOUNCE:
803 proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, TRUE);
806 /* server type flags */
807 dissect_smb_server_type_flags(tvb, pinfo, tree, offset,
811 /* OS major version */
812 proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, TRUE);
815 /* OS minor version */
816 proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, TRUE);
819 /* periodicity (in seconds; convert to milliseconds) */
820 periodicity = tvb_get_letohs(tvb, offset)*1000;
821 proto_tree_add_uint_format(tree, hf_periodicity, tvb, offset, 2,
823 "Update Periodicity: %s",
824 time_msecs_to_str(periodicity));
828 namelen = tvb_strsize(tvb, offset);
829 host_name = tvb_get_ptr(tvb, offset, namelen);
830 if (check_col(pinfo->cinfo, COL_INFO)) {
831 col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);
833 proto_tree_add_item(tree, hf_server_name,
834 tvb, offset, namelen, TRUE);
837 /* master browser server name or server comment */
838 namelen = tvb_strsize(tvb, offset);
839 proto_tree_add_item(tree,
840 (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?
841 hf_mb_server_name : hf_server_comment,
842 tvb, offset, namelen, TRUE);
851 proto_register_smb_browse(void)
853 static hf_register_info hf[] = {
855 { "Command", "browser.command", FT_UINT8, BASE_HEX,
856 VALS(commands), 0, "Browse command opcode", HFILL }},
859 { "Update Count", "browser.update_count", FT_UINT8, BASE_DEC,
860 NULL, 0, "Browse Update Count", HFILL }},
863 { "Update Periodicity", "browser.period", FT_UINT32, BASE_DEC,
864 NULL, 0, "Update Periodicity in ms", HFILL }},
867 { "Server Name", "browser.server", FT_STRING, BASE_NONE,
868 NULL, 0, "BROWSE Server Name", HFILL }},
870 { &hf_mb_server_name,
871 { "Master Browser Server Name", "browser.mb_server", FT_STRING, BASE_NONE,
872 NULL, 0, "BROWSE Master Browser Server Name", HFILL }},
875 { "OS Major Version", "browser.os_major", FT_UINT8, BASE_DEC,
876 NULL, 0, "Operating System Major Version", HFILL }},
879 { "OS Minor Version", "browser.os_minor", FT_UINT8, BASE_DEC,
880 NULL, 0, "Operating System Minor Version", HFILL }},
883 { "Server Type", "browser.server_type", FT_UINT32, BASE_HEX,
884 NULL, 0, "Server Type Flags", HFILL }},
886 { &hf_server_type_workstation,
887 { "Workstation", "browser.server_type.workstation", FT_BOOLEAN, 32,
888 TFS(&tfs_workstation), 1<<SERVER_WORKSTATION, "Is This A Workstation?", HFILL }},
890 { &hf_server_type_server,
891 { "Server", "browser.server_type.server", FT_BOOLEAN, 32,
892 TFS(&tfs_server), 1<<SERVER_SERVER, "Is This A Server?", HFILL }},
894 { &hf_server_type_sql,
895 { "SQL", "browser.server_type.sql", FT_BOOLEAN, 32,
896 TFS(&tfs_sql), 1<<SERVER_SQL_SERVER, "Is This A SQL Server?", HFILL }},
898 { &hf_server_type_domain,
899 { "Domain Controller", "browser.server_type.domain_controller", FT_BOOLEAN, 32,
900 TFS(&tfs_domain), 1<<SERVER_DOMAIN_CONTROLLER, "Is This A Domain Controller?", HFILL }},
902 { &hf_server_type_backup,
903 { "Backup Controller", "browser.server_type.backup_controller", FT_BOOLEAN, 32,
904 TFS(&tfs_backup), 1<<SERVER_BACKUP_CONTROLLER, "Is This A Backup Domain Controller?", HFILL }},
906 { &hf_server_type_time,
907 { "Time Source", "browser.server_type.time", FT_BOOLEAN, 32,
908 TFS(&tfs_time), 1<<SERVER_TIME_SOURCE, "Is This A Time Source?", HFILL }},
910 { &hf_server_type_apple,
911 { "Apple", "browser.server_type.apple", FT_BOOLEAN, 32,
912 TFS(&tfs_apple), 1<<SERVER_APPLE_SERVER, "Is This An Apple Server ?", HFILL }},
914 { &hf_server_type_novell,
915 { "Novell", "browser.server_type.novell", FT_BOOLEAN, 32,
916 TFS(&tfs_novell), 1<<SERVER_NOVELL_SERVER, "Is This A Novell Server?", HFILL }},
918 { &hf_server_type_member,
919 { "Member", "browser.server_type.member", FT_BOOLEAN, 32,
920 TFS(&tfs_member), 1<<SERVER_DOMAIN_MEMBER_SERVER, "Is This A Domain Member Server?", HFILL }},
922 { &hf_server_type_print,
923 { "Print", "browser.server_type.print", FT_BOOLEAN, 32,
924 TFS(&tfs_print), 1<<SERVER_PRINT_QUEUE_SERVER, "Is This A Print Server?", HFILL }},
926 { &hf_server_type_dialin,
927 { "Dialin", "browser.server_type.dialin", FT_BOOLEAN, 32,
928 TFS(&tfs_dialin), 1<<SERVER_DIALIN_SERVER, "Is This A Dialin Server?", HFILL }},
930 { &hf_server_type_xenix,
931 { "Xenix", "browser.server_type.xenix", FT_BOOLEAN, 32,
932 TFS(&tfs_xenix), 1<<SERVER_XENIX_SERVER, "Is This A Xenix Server?", HFILL }},
934 { &hf_server_type_ntw,
935 { "NT Workstation", "browser.server_type.ntw", FT_BOOLEAN, 32,
936 TFS(&tfs_ntw), 1<<SERVER_NT_WORKSTATION, "Is This A NT Workstation?", HFILL }},
938 { &hf_server_type_wfw,
939 { "WfW", "browser.server_type.wfw", FT_BOOLEAN, 32,
940 TFS(&tfs_wfw), 1<<SERVER_WINDOWS_FOR_WORKGROUPS, "Is This A Windows For Workgroups Server?", HFILL }},
942 { &hf_server_type_nts,
943 { "NT Server", "browser.server_type.nts", FT_BOOLEAN, 32,
944 TFS(&tfs_nts), 1<<SERVER_NT_SERVER, "Is This A NT Server?", HFILL }},
946 { &hf_server_type_potentialb,
947 { "Potential Browser", "browser.server_type.browser.potential", FT_BOOLEAN, 32,
948 TFS(&tfs_potentialb), 1<<SERVER_POTENTIAL_BROWSER, "Is This A Potential Browser?", HFILL }},
950 { &hf_server_type_backupb,
951 { "Backup Browser", "browser.server_type.browser.backup", FT_BOOLEAN, 32,
952 TFS(&tfs_backupb), 1<<SERVER_BACKUP_BROWSER, "Is This A Backup Browser?", HFILL }},
954 { &hf_server_type_masterb,
955 { "Master Browser", "browser.server_type.browser.master", FT_BOOLEAN, 32,
956 TFS(&tfs_masterb), 1<<SERVER_MASTER_BROWSER, "Is This A Master Browser?", HFILL }},
958 { &hf_server_type_domainmasterb,
959 { "Domain Master Browser", "browser.server_type.browser.domain_master", FT_BOOLEAN, 32,
960 TFS(&tfs_domainmasterb), 1<<SERVER_DOMAIN_MASTER_BROWSER, "Is This A Domain Master Browser?", HFILL }},
962 { &hf_server_type_osf,
963 { "OSF", "browser.server_type.osf", FT_BOOLEAN, 32,
964 TFS(&tfs_osf), 1<<SERVER_OSF, "Is This An OSF server ?", HFILL }},
966 { &hf_server_type_vms,
967 { "VMS", "browser.server_type.vms", FT_BOOLEAN, 32,
968 TFS(&tfs_vms), 1<<SERVER_VMS, "Is This A VMS Server?", HFILL }},
970 { &hf_server_type_w95,
971 { "Windows 95+", "browser.server_type.w95", FT_BOOLEAN, 32,
972 TFS(&tfs_w95), 1<<SERVER_WINDOWS_95, "Is This A Windows 95 or above server?", HFILL }},
974 { &hf_server_type_local,
975 { "Local", "browser.server_type.local", FT_BOOLEAN, 32,
976 TFS(&tfs_local), 1<<SERVER_LOCAL_LIST_ONLY, "Is This A Local List Only request?", HFILL }},
978 { &hf_server_type_domainenum,
979 { "Domain Enum", "browser.server_type.domainenum", FT_BOOLEAN, 32,
980 TFS(&tfs_domainenum), 1<<SERVER_DOMAIN_ENUM, "Is This A Domain Enum request?", HFILL }},
982 { &hf_election_version,
983 { "Election Version", "browser.election.version", FT_UINT8, BASE_DEC,
984 NULL, 0, "Election Version", HFILL }},
987 { "Browser Protocol Major Version", "browser.proto_major", FT_UINT8, BASE_DEC,
988 NULL, 0, "Browser Protocol Major Version", HFILL }},
991 { "Browser Protocol Minor Version", "browser.proto_minor", FT_UINT8, BASE_DEC,
992 NULL, 0, "Browser Protocol Minor Version", HFILL }},
995 { "Signature", "browser.sig", FT_UINT16, BASE_HEX,
996 NULL, 0, "Signature Constant", HFILL }},
998 { &hf_server_comment,
999 { "Host Comment", "browser.comment", FT_STRINGZ, BASE_NONE,
1000 NULL, 0, "Server Comment", HFILL }},
1003 { "Unused flags", "browser.unused", FT_UINT8, BASE_HEX,
1004 NULL, 0, "Unused/unknown flags", HFILL }},
1006 { &hf_response_computer_name,
1007 { "Response Computer Name", "browser.response_computer_name", FT_STRINGZ, BASE_NONE,
1008 NULL, 0, "Response Computer Name", HFILL }},
1010 { &hf_election_criteria,
1011 { "Election Criteria", "browser.election.criteria", FT_UINT32, BASE_HEX,
1012 NULL, 0, "Election Criteria", HFILL }},
1014 { &hf_election_desire,
1015 { "Election Desire", "browser.election.desire", FT_UINT8, BASE_HEX,
1016 NULL, 0, "Election Desire", HFILL }},
1018 { &hf_election_desire_flags_backup,
1019 { "Backup", "browser.election.desire.backup", FT_BOOLEAN, 8,
1020 TFS(&tfs_desire_backup), 1<<DESIRE_BACKUP, "Is this a backup server", HFILL }},
1022 { &hf_election_desire_flags_standby,
1023 { "Standby", "browser.election.desire.standby", FT_BOOLEAN, 8,
1024 TFS(&tfs_desire_standby), 1<<DESIRE_STANDBY, "Is this a standby server?", HFILL }},
1026 { &hf_election_desire_flags_master,
1027 { "Master", "browser.election.desire.master", FT_BOOLEAN, 8,
1028 TFS(&tfs_desire_master), 1<<DESIRE_MASTER, "Is this a master server", HFILL }},
1030 { &hf_election_desire_flags_domain_master,
1031 { "Domain Master", "browser.election.desire.domain_master", FT_BOOLEAN, 8,
1032 TFS(&tfs_desire_domain_master), 1<<DESIRE_DOMAIN_MASTER, "Is this a domain master", HFILL }},
1034 { &hf_election_desire_flags_wins,
1035 { "WINS", "browser.election.desire.wins", FT_BOOLEAN, 8,
1036 TFS(&tfs_desire_wins), 1<<DESIRE_WINS, "Is this a WINS server", HFILL }},
1038 { &hf_election_desire_flags_nt,
1039 { "NT", "browser.election.desire.nt", FT_BOOLEAN, 8,
1040 TFS(&tfs_desire_nt), 1<<DESIRE_NT, "Is this a NT server", HFILL }},
1042 { &hf_election_revision,
1043 { "Election Revision", "browser.election.revision", FT_UINT16, BASE_DEC,
1044 NULL, 0, "Election Revision", HFILL }},
1047 { "Election OS", "browser.election.os", FT_UINT8, BASE_HEX,
1048 NULL, 0, "Election OS", HFILL }},
1050 { &hf_election_os_wfw,
1051 { "WfW", "browser.election.os.wfw", FT_BOOLEAN, 8,
1052 TFS(&tfs_os_wfw), 1<<OS_WFW, "Is this a WfW host?", HFILL }},
1054 { &hf_election_os_ntw,
1055 { "NT Workstation", "browser.election.os.ntw", FT_BOOLEAN, 8,
1056 TFS(&tfs_os_ntw), 1<<OS_NTW, "Is this a NT Workstation?", HFILL }},
1058 { &hf_election_os_nts,
1059 { "NT Server", "browser.election.os.nts", FT_BOOLEAN, 8,
1060 TFS(&tfs_os_nts), 1<<OS_NTS, "Is this a NT Server?", HFILL }},
1062 { &hf_server_uptime,
1063 { "Uptime", "browser.uptime", FT_UINT32, BASE_DEC,
1064 NULL, 0, "Server uptime in ms", HFILL }},
1067 { "Backup List Requested Count", "browser.backup.count", FT_UINT8, BASE_DEC,
1068 NULL, 0, "Backup list requested count", HFILL }},
1071 { "Backup Request Token", "browser.backup.token", FT_UINT32, BASE_DEC,
1072 NULL, 0, "Backup requested/response token", HFILL }},
1074 { &hf_backup_server,
1075 { "Backup Server", "browser.backup.server", FT_STRING, BASE_NONE,
1076 NULL, 0, "Backup Server Name", HFILL }},
1078 { &hf_browser_to_promote,
1079 { "Browser to Promote", "browser.browser_to_promote", FT_STRINGZ, BASE_NONE,
1080 NULL, 0, "Browser to Promote", HFILL }},
1084 static gint *ett[] = {
1087 &ett_browse_election_criteria,
1088 &ett_browse_election_os,
1089 &ett_browse_election_desire
1092 proto_smb_browse = proto_register_protocol("Microsoft Windows Browser Protocol",
1093 "BROWSER", "browser");
1095 proto_register_field_array(proto_smb_browse, hf, array_length(hf));
1096 proto_register_subtree_array(ett, array_length(ett));