Added parsing of PORTMAP GETPORT functions.
authorsahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>
Thu, 9 May 2002 12:10:06 +0000 (12:10 +0000)
committersahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>
Thu, 9 May 2002 12:10:06 +0000 (12:10 +0000)
When we see PRTOMAP GETPORT calls for UDP, make sure all further UDP packets to  or from
this port goes to the ONC-RPC dissector regardless of the port on the other side.

We need this because if there is ONC-RPC traffic going between the ONC-RPC Program port to a port which has a normal ethereal dissector, ethereal would dissect the traffic as the protocol associated with the other port instead.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5430 f5534014-38df-0310-8fa8-9805f1628bb7

epan/conversation.c
packet-portmap.c
packet-rpc.c
packet-rpc.h

index 7c74dadfe3c7a7bb7474ec176deb23251efba09f..b0a6c3c96e145c1bbb9ed7e07c2dd48cdd069b16 100644 (file)
@@ -1,7 +1,7 @@
 /* conversation.c
  * Routines for building lists of packets that are part of a "conversation"
  *
- * $Id: conversation.c,v 1.17 2001/11/29 09:05:25 guy Exp $
+ * $Id: conversation.c,v 1.18 2002/05/09 12:10:06 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -775,7 +775,7 @@ find_conversation(address *addr_a, address *addr_b, port_type ptype,
         * one address/port pair.
         *
         * First try looking for a conversation with the specified address A
-        * and port B as the first address and port.
+        * and port A as the first address and port.
         * (Neither "addr_b" nor "port_b" take part in this lookup.)
         */
        conversation =
index 604990c3612b9aaa3fb619d0023180b43e9b5b52..dff5543f12c2108d2dc9b22636c357ec1e521cfd 100644 (file)
@@ -1,7 +1,7 @@
 /* packet-portmap.c
  * Routines for portmap dissection
  *
- * $Id: packet-portmap.c,v 1.35 2002/04/14 23:04:03 guy Exp $
+ * $Id: packet-portmap.c,v 1.36 2002/05/09 12:10:05 sahlberg Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -37,6 +37,8 @@
 #include "packet-rpc.h"
 #include "packet-portmap.h"
 #include "ipproto.h"
+#include "epan/conversation.h"
+#include "epan/packet_info.h"
 
 /*
  * See:
@@ -66,6 +68,8 @@ static gint ett_portmap = -1;
 static gint ett_portmap_rpcb = -1;
 static gint ett_portmap_entry = -1;
 
+static dissector_handle_t rpc_handle;
+static dissector_handle_t rpc_tcp_handle;
 
 /* Dissect a getport call */
 static int
@@ -75,6 +79,17 @@ dissect_getport_call(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
        guint32 proto;
        guint32 prog;
 
+       /* make sure we remember protocol type until the reply packet */
+       if(!pinfo->fd->flags.visited){
+               rpc_call_info_value *rpc_call=pinfo->private_data;
+               if(rpc_call){
+                       proto = tvb_get_ntohl(tvb, offset+8);
+                       if(proto==17){  /* only do this for UDP */
+                               rpc_call->private_data=(void *)PT_UDP;
+                       }
+               }
+       }
+
        if ( tree )
        {
                prog = tvb_get_ntohl(tvb, offset+0);
@@ -99,6 +114,24 @@ static int
 dissect_getport_reply(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
        proto_tree *tree)
 {
+       /* we might have learnt a <ipaddr><protocol><port> mapping for ONC-RPC*/
+       if(!pinfo->fd->flags.visited){
+               rpc_call_info_value *rpc_call=pinfo->private_data;
+               /* only do this for UDP, TCP does not need anything like this */
+               if(rpc_call && ((int)rpc_call->private_data==PT_UDP) ){
+                       guint32 port;
+                       port=tvb_get_ntohl(tvb, offset);
+                       if(port){
+                               conversation_t *conv;
+                               conv=find_conversation(&pinfo->src, &pinfo->dst, (port_type)rpc_call->private_data, port, 0, NO_ADDR_B|NO_PORT_B);
+                               if(!conv){
+                                       conv=conversation_new(&pinfo->src, &pinfo->dst, (port_type)rpc_call->private_data, port, 0, NO_ADDR_B|NO_PORT_B);
+                               }
+                               conversation_set_dissector(conv, rpc_handle);
+                       }
+               }
+       }
+                               
        offset = dissect_rpc_uint32(tvb, tree, hf_portmap_port,
            offset);
        return offset;
@@ -530,4 +563,6 @@ proto_reg_handoff_portmap(void)
        rpc_init_proc_table(PORTMAP_PROGRAM, 2, portmap2_proc);
        rpc_init_proc_table(PORTMAP_PROGRAM, 3, portmap3_proc);
        rpc_init_proc_table(PORTMAP_PROGRAM, 4, portmap4_proc);
+       rpc_handle = find_dissector("rpc");
+       rpc_tcp_handle = find_dissector("rpc-tcp");
 }
index 3bff439dd5e683ac2c7c181d8aa18514365b2466..9ab1febc75fb3b6be9fa3d4fe0788ff9141d1066 100644 (file)
@@ -2,7 +2,7 @@
  * Routines for rpc dissection
  * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de>
  * 
- * $Id: packet-rpc.c,v 1.90 2002/04/03 13:24:12 girlich Exp $
+ * $Id: packet-rpc.c,v 1.91 2002/05/09 12:10:05 sahlberg Exp $
  * 
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -1198,6 +1198,7 @@ dissect_rpc_indir_call(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
                        rpc_call->prog = prog;
                        rpc_call->vers = vers;
                        rpc_call->proc = proc;
+                       rpc_call->private_data = NULL;
 
                        /*
                         * XXX - what about RPCSEC_GSS?
@@ -1767,6 +1768,7 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
                        rpc_call->prog = prog;
                        rpc_call->vers = vers;
                        rpc_call->proc = proc;
+                       rpc_call->private_data = NULL;
                        rpc_call->xid = xid;
                        rpc_call->flavor = flavor;
                        rpc_call->gss_proc = gss_proc;
@@ -1780,6 +1782,12 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
                            rpc_call);
                }
 
+               if(rpc_call && rpc_call->rep_num){
+                       proto_tree_add_text(rpc_tree, tvb, 0, 0,
+                           "The reply to this request is in frame %u",
+                           rpc_call->rep_num);
+               }
+
                offset += 16;
 
                offset = dissect_rpc_cred(tvb, rpc_tree, offset);
@@ -1803,21 +1811,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
                gss_proc = rpc_call->gss_proc;
                gss_svc = rpc_call->gss_svc;
 
-               /* Indicate the frame to which this is a reply. */
-               proto_tree_add_text(rpc_tree, tvb, 0, 0,
-                   "This is a reply to a request in frame %u",
-                   rpc_call->req_num);
-               ns.secs= pinfo->fd->abs_secs-rpc_call->req_time.secs;
-               ns.nsecs=pinfo->fd->abs_usecs*1000-rpc_call->req_time.nsecs;
-               if(ns.nsecs<0){
-                       ns.nsecs+=1000000000;
-                       ns.secs--;
-               }
-               proto_tree_add_time(rpc_tree, hf_rpc_time, tvb, offset, 0,
-                               &ns);
-
-
-
                if (rpc_call->proc_info != NULL) {
                        dissect_function = rpc_call->proc_info->dissect_reply;
                        if (rpc_call->proc_info->name != NULL) {
@@ -1873,6 +1866,29 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
                                "Procedure: %s (%u)", procname, proc);
                }
 
+               reply_state = tvb_get_ntohl(tvb,offset+0);
+               if (rpc_tree) {
+                       proto_tree_add_uint(rpc_tree, hf_rpc_state_reply, tvb,
+                               offset+0, 4, reply_state);
+               }
+               offset += 4;
+
+               /* Indicate the frame to which this is a reply. */
+               if(rpc_call && rpc_call->req_num){
+                       proto_tree_add_text(rpc_tree, tvb, 0, 0,
+                           "This is a reply to a request in frame %u",
+                           rpc_call->req_num);
+                       ns.secs= pinfo->fd->abs_secs-rpc_call->req_time.secs;
+                       ns.nsecs=pinfo->fd->abs_usecs*1000-rpc_call->req_time.nsecs;
+                       if(ns.nsecs<0){
+                               ns.nsecs+=1000000000;
+                               ns.secs--;
+                       }
+                       proto_tree_add_time(rpc_tree, hf_rpc_time, tvb, offset, 0,
+                               &ns);
+               }
+
+
                if (rpc_call->rep_num == 0) {
                        /* We have not yet seen a reply to that call, so
                           this must be the first reply; remember its
@@ -1897,13 +1913,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
                        }
                }
 
-               reply_state = tvb_get_ntohl(tvb,offset+0);
-               if (rpc_tree) {
-                       proto_tree_add_uint(rpc_tree, hf_rpc_state_reply, tvb,
-                               offset+0, 4, reply_state);
-               }
-               offset += 4;
-
                if (reply_state == MSG_ACCEPTED) {
                        offset = dissect_rpc_verf(tvb, rpc_tree, offset, msg_type);
                        accept_state = tvb_get_ntohl(tvb,offset+0);
@@ -2914,6 +2923,9 @@ proto_register_rpc(void)
                "Whether the RPC dissector should defragment multi-fragment RPC-over-TCP messages",
                &rpc_defragment);
 
+       register_dissector("rpc", dissect_rpc, proto_rpc);
+       register_dissector("rpc-tcp", dissect_rpc_tcp, proto_rpc);
+
        /*
         * Init the hash tables.  Dissectors for RPC protocols must
         * have a "handoff registration" routine that registers the
index 143d73d33780f6e5f2caabe1ba055b4862010e90..23f5adfb812e736b746f5cac888999d071a5c085 100644 (file)
@@ -1,6 +1,6 @@
 /* packet-rpc.h
  *
- * $Id: packet-rpc.h,v 1.35 2002/04/03 13:24:13 girlich Exp $
+ * $Id: packet-rpc.h,v 1.36 2002/05/09 12:10:05 sahlberg Exp $
  *
  * (c) 1999 Uwe Girlich
  *
@@ -93,6 +93,7 @@ typedef struct _rpc_call_info_value {
        struct _rpc_proc_info_value*    proc_info;
        gboolean request;       /* Is this a request or not ?*/
        nstime_t req_time;
+       void *private_data;
 } rpc_call_info_value;