diff options
| -rw-r--r-- | epan/conversation.c | 4 | ||||
| -rw-r--r-- | packet-portmap.c | 37 | ||||
| -rw-r--r-- | packet-rpc.c | 58 | ||||
| -rw-r--r-- | packet-rpc.h | 3 |
4 files changed, 75 insertions, 27 deletions
diff --git a/epan/conversation.c b/epan/conversation.c index 7c74dadfe3..b0a6c3c96e 100644 --- a/epan/conversation.c +++ b/epan/conversation.c @@ -1,7 +1,7 @@ /* conversation.c * Routines for building lists of packets that are part of a "conversation" * - * $Id: conversation.c,v 1.17 2001/11/29 09:05:25 guy Exp $ + * $Id: conversation.c,v 1.18 2002/05/09 12:10:06 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -775,7 +775,7 @@ find_conversation(address *addr_a, address *addr_b, port_type ptype, * one address/port pair. * * First try looking for a conversation with the specified address A - * and port B as the first address and port. + * and port A as the first address and port. * (Neither "addr_b" nor "port_b" take part in this lookup.) */ conversation = diff --git a/packet-portmap.c b/packet-portmap.c index 604990c361..dff5543f12 100644 --- a/packet-portmap.c +++ b/packet-portmap.c @@ -1,7 +1,7 @@ /* packet-portmap.c * Routines for portmap dissection * - * $Id: packet-portmap.c,v 1.35 2002/04/14 23:04:03 guy Exp $ + * $Id: packet-portmap.c,v 1.36 2002/05/09 12:10:05 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -37,6 +37,8 @@ #include "packet-rpc.h" #include "packet-portmap.h" #include "ipproto.h" +#include "epan/conversation.h" +#include "epan/packet_info.h" /* * See: @@ -66,6 +68,8 @@ static gint ett_portmap = -1; static gint ett_portmap_rpcb = -1; static gint ett_portmap_entry = -1; +static dissector_handle_t rpc_handle; +static dissector_handle_t rpc_tcp_handle; /* Dissect a getport call */ static int @@ -75,6 +79,17 @@ dissect_getport_call(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, guint32 proto; guint32 prog; + /* make sure we remember protocol type until the reply packet */ + if(!pinfo->fd->flags.visited){ + rpc_call_info_value *rpc_call=pinfo->private_data; + if(rpc_call){ + proto = tvb_get_ntohl(tvb, offset+8); + if(proto==17){ /* only do this for UDP */ + rpc_call->private_data=(void *)PT_UDP; + } + } + } + if ( tree ) { prog = tvb_get_ntohl(tvb, offset+0); @@ -99,6 +114,24 @@ static int dissect_getport_reply(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree) { + /* we might have learnt a <ipaddr><protocol><port> mapping for ONC-RPC*/ + if(!pinfo->fd->flags.visited){ + rpc_call_info_value *rpc_call=pinfo->private_data; + /* only do this for UDP, TCP does not need anything like this */ + if(rpc_call && ((int)rpc_call->private_data==PT_UDP) ){ + guint32 port; + port=tvb_get_ntohl(tvb, offset); + if(port){ + conversation_t *conv; + conv=find_conversation(&pinfo->src, &pinfo->dst, (port_type)rpc_call->private_data, port, 0, NO_ADDR_B|NO_PORT_B); + if(!conv){ + conv=conversation_new(&pinfo->src, &pinfo->dst, (port_type)rpc_call->private_data, port, 0, NO_ADDR_B|NO_PORT_B); + } + conversation_set_dissector(conv, rpc_handle); + } + } + } + offset = dissect_rpc_uint32(tvb, tree, hf_portmap_port, offset); return offset; @@ -530,4 +563,6 @@ proto_reg_handoff_portmap(void) rpc_init_proc_table(PORTMAP_PROGRAM, 2, portmap2_proc); rpc_init_proc_table(PORTMAP_PROGRAM, 3, portmap3_proc); rpc_init_proc_table(PORTMAP_PROGRAM, 4, portmap4_proc); + rpc_handle = find_dissector("rpc"); + rpc_tcp_handle = find_dissector("rpc-tcp"); } diff --git a/packet-rpc.c b/packet-rpc.c index 3bff439dd5..9ab1febc75 100644 --- a/packet-rpc.c +++ b/packet-rpc.c @@ -2,7 +2,7 @@ * Routines for rpc dissection * Copyright 1999, Uwe Girlich <Uwe.Girlich@philosys.de> * - * $Id: packet-rpc.c,v 1.90 2002/04/03 13:24:12 girlich Exp $ + * $Id: packet-rpc.c,v 1.91 2002/05/09 12:10:05 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1198,6 +1198,7 @@ dissect_rpc_indir_call(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rpc_call->prog = prog; rpc_call->vers = vers; rpc_call->proc = proc; + rpc_call->private_data = NULL; /* * XXX - what about RPCSEC_GSS? @@ -1767,6 +1768,7 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rpc_call->prog = prog; rpc_call->vers = vers; rpc_call->proc = proc; + rpc_call->private_data = NULL; rpc_call->xid = xid; rpc_call->flavor = flavor; rpc_call->gss_proc = gss_proc; @@ -1780,6 +1782,12 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, rpc_call); } + if(rpc_call && rpc_call->rep_num){ + proto_tree_add_text(rpc_tree, tvb, 0, 0, + "The reply to this request is in frame %u", + rpc_call->rep_num); + } + offset += 16; offset = dissect_rpc_cred(tvb, rpc_tree, offset); @@ -1803,21 +1811,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gss_proc = rpc_call->gss_proc; gss_svc = rpc_call->gss_svc; - /* Indicate the frame to which this is a reply. */ - proto_tree_add_text(rpc_tree, tvb, 0, 0, - "This is a reply to a request in frame %u", - rpc_call->req_num); - ns.secs= pinfo->fd->abs_secs-rpc_call->req_time.secs; - ns.nsecs=pinfo->fd->abs_usecs*1000-rpc_call->req_time.nsecs; - if(ns.nsecs<0){ - ns.nsecs+=1000000000; - ns.secs--; - } - proto_tree_add_time(rpc_tree, hf_rpc_time, tvb, offset, 0, - &ns); - - - if (rpc_call->proc_info != NULL) { dissect_function = rpc_call->proc_info->dissect_reply; if (rpc_call->proc_info->name != NULL) { @@ -1873,6 +1866,29 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, "Procedure: %s (%u)", procname, proc); } + reply_state = tvb_get_ntohl(tvb,offset+0); + if (rpc_tree) { + proto_tree_add_uint(rpc_tree, hf_rpc_state_reply, tvb, + offset+0, 4, reply_state); + } + offset += 4; + + /* Indicate the frame to which this is a reply. */ + if(rpc_call && rpc_call->req_num){ + proto_tree_add_text(rpc_tree, tvb, 0, 0, + "This is a reply to a request in frame %u", + rpc_call->req_num); + ns.secs= pinfo->fd->abs_secs-rpc_call->req_time.secs; + ns.nsecs=pinfo->fd->abs_usecs*1000-rpc_call->req_time.nsecs; + if(ns.nsecs<0){ + ns.nsecs+=1000000000; + ns.secs--; + } + proto_tree_add_time(rpc_tree, hf_rpc_time, tvb, offset, 0, + &ns); + } + + if (rpc_call->rep_num == 0) { /* We have not yet seen a reply to that call, so this must be the first reply; remember its @@ -1897,13 +1913,6 @@ dissect_rpc_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } } - reply_state = tvb_get_ntohl(tvb,offset+0); - if (rpc_tree) { - proto_tree_add_uint(rpc_tree, hf_rpc_state_reply, tvb, - offset+0, 4, reply_state); - } - offset += 4; - if (reply_state == MSG_ACCEPTED) { offset = dissect_rpc_verf(tvb, rpc_tree, offset, msg_type); accept_state = tvb_get_ntohl(tvb,offset+0); @@ -2914,6 +2923,9 @@ proto_register_rpc(void) "Whether the RPC dissector should defragment multi-fragment RPC-over-TCP messages", &rpc_defragment); + register_dissector("rpc", dissect_rpc, proto_rpc); + register_dissector("rpc-tcp", dissect_rpc_tcp, proto_rpc); + /* * Init the hash tables. Dissectors for RPC protocols must * have a "handoff registration" routine that registers the diff --git a/packet-rpc.h b/packet-rpc.h index 143d73d337..23f5adfb81 100644 --- a/packet-rpc.h +++ b/packet-rpc.h @@ -1,6 +1,6 @@ /* packet-rpc.h * - * $Id: packet-rpc.h,v 1.35 2002/04/03 13:24:13 girlich Exp $ + * $Id: packet-rpc.h,v 1.36 2002/05/09 12:10:05 sahlberg Exp $ * * (c) 1999 Uwe Girlich * @@ -93,6 +93,7 @@ typedef struct _rpc_call_info_value { struct _rpc_proc_info_value* proc_info; gboolean request; /* Is this a request or not ?*/ nstime_t req_time; + void *private_data; } rpc_call_info_value; |