/* packet-smb-browse.c

 * Routines for SMB Browser packet dissection

 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>

 *

 * Wireshark - Network traffic analyzer

 * By Gerald Combs <gerald@wireshark.org>

 * Copyright 1998 Gerald Combs

 *

 * Copied from packet-pop.c

 *

 * SPDX-License-Identifier: GPL-2.0-or-later

 */

#include "config.h"

#include <epan/packet.h>

#include <epan/to_str.h>

#include <epan/tfs.h>

#include <wsutil/array.h>

#include "packet-smb-browse.h"

#include "packet-dcerpc.h"

void proto_register_smb_browse(void);

static int proto_smb_browse;

static int hf_command;

static int hf_update_count;

static int hf_periodicity;

static int hf_server_name;

static int hf_mb_server_name;

static int hf_mb_reset_command;

static int hf_mb_reset_demote;

static int hf_mb_reset_flush;

static int hf_mb_reset_stop;

static int hf_os_major;

static int hf_os_minor;

static int hf_server_type;

static int hf_server_type_workstation;

static int hf_server_type_server;

static int hf_server_type_sql;

static int hf_server_type_domain;

static int hf_server_type_backup;

static int hf_server_type_time;

static int hf_server_type_apple;

static int hf_server_type_novell;

static int hf_server_type_member;

static int hf_server_type_print;

static int hf_server_type_dialin;

static int hf_server_type_xenix;

static int hf_server_type_ntw;

static int hf_server_type_wfw;

static int hf_server_type_nts;

static int hf_server_type_potentialb;

static int hf_server_type_backupb;

static int hf_server_type_masterb;

static int hf_server_type_domainmasterb;

static int hf_server_type_osf;

static int hf_server_type_vms;

static int hf_server_type_w95;

static int hf_server_type_dfs;

static int hf_server_type_local;

static int hf_server_type_domainenum;

static int hf_election_version;

static int hf_proto_major;

static int hf_proto_minor;

static int hf_sig_const;

static int hf_server_comment;

static int hf_unused_flags;

static int hf_response_computer_name;

static int hf_election_criteria;

static int hf_election_desire;

static int hf_election_desire_flags_backup;

static int hf_election_desire_flags_standby;

static int hf_election_desire_flags_master;

static int hf_election_desire_flags_domain_master;

static int hf_election_desire_flags_wins;

static int hf_election_desire_flags_nt;

/* static int hf_election_revision; */

static int hf_election_os;

static int hf_election_os_wfw;

static int hf_election_os_ntw;

static int hf_election_os_nts;

static int hf_server_uptime;

static int hf_backup_count;

static int hf_backup_token;

static int hf_backup_server;

static int hf_browser_to_promote;

static int hf_windows_version;

static int hf_mysterious_field;

static int ett_browse;

static int ett_browse_flags;

static int ett_browse_election_criteria;

static int ett_browse_election_os;

static int ett_browse_election_desire;

static int ett_browse_reset_cmd_flags;

#define SERVER_WORKSTATION     0

#define SERVER_SERVER      1

#define SERVER_SQL_SERVER    2

#define SERVER_DOMAIN_CONTROLLER   3

#define SERVER_BACKUP_CONTROLLER   4

#define SERVER_TIME_SOURCE     5

#define SERVER_APPLE_SERVER    6

#define SERVER_NOVELL_SERVER     7

#define SERVER_DOMAIN_MEMBER_SERVER  8

#define SERVER_PRINT_QUEUE_SERVER  9

#define SERVER_DIALIN_SERVER    10

#define SERVER_XENIX_SERVER   11

#define SERVER_NT_WORKSTATION   12

#define SERVER_WINDOWS_FOR_WORKGROUPS 13

#define SERVER_NT_SERVER    15

#define SERVER_POTENTIAL_BROWSER  16

#define SERVER_BACKUP_BROWSER   17

#define SERVER_MASTER_BROWSER   18

#define SERVER_DOMAIN_MASTER_BROWSER  19

#define SERVER_OSF      20

#define SERVER_VMS      21

#define SERVER_WINDOWS_95   22

#define SERVER_DFS_SERVER   23

#define SERVER_LOCAL_LIST_ONLY    30

#define SERVER_DOMAIN_ENUM    31

static const value_string server_types[] = {

  {SERVER_WORKSTATION,    "Workstation"},

  {SERVER_SERVER,     "Server"},

  {SERVER_SQL_SERVER,   "SQL Server"},

  {SERVER_DOMAIN_CONTROLLER,  "Domain Controller"},

  {SERVER_BACKUP_CONTROLLER,  "Backup Controller"},

  {SERVER_TIME_SOURCE,    "Time Source"},

  {SERVER_APPLE_SERVER,   "Apple Server"},

  {SERVER_NOVELL_SERVER,    "Novell Server"},

  {SERVER_DOMAIN_MEMBER_SERVER, "Domain Member Server"},

  {SERVER_PRINT_QUEUE_SERVER, "Print Queue Server"},

  {SERVER_DIALIN_SERVER,    "Dialin Server"},

  {SERVER_XENIX_SERVER,   "Xenix Server"},

  {SERVER_NT_WORKSTATION,   "NT Workstation"},

  {SERVER_WINDOWS_FOR_WORKGROUPS, "Windows for Workgroups"},

  {SERVER_NT_SERVER,    "NT Server"},

  {SERVER_POTENTIAL_BROWSER,  "Potential Browser"},

  {SERVER_BACKUP_BROWSER,   "Backup Browser"},

  {SERVER_MASTER_BROWSER,   "Master Browser"},

  {SERVER_DOMAIN_MASTER_BROWSER,  "Domain Master Browser"},

  {SERVER_OSF,      "OSF"},

  {SERVER_VMS,      "VMS"},

  {SERVER_WINDOWS_95,   "Windows 95 or above"},

  {SERVER_DFS_SERVER,   "DFS server"},

  {SERVER_LOCAL_LIST_ONLY,  "Local List Only"},

  {SERVER_DOMAIN_ENUM,    "Domain Enum"},

  {0, NULL}

};

#define SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version) \

  if(os_major_ver == 6 && os_minor_ver == 1)       \

    windows_version = "Windows 7 or Windows Server 2008 R2";   \

                  \

  else if(os_major_ver == 6 && os_minor_ver == 0)     \

    windows_version = "Windows Vista or Windows Server 2008";   \

                  \

  else if(os_major_ver == 5 && os_minor_ver == 2)     \

    windows_version = "Windows Server 2003 R2 or Windows Server 2003"; \

                  \

  else if(os_major_ver == 5 && os_minor_ver == 1)     \

    windows_version = "Windows XP";         \

                  \

  else if(os_major_ver == 5 && os_minor_ver == 0)     \

    windows_version = "Windows 2000";         \

                  \

  else                  \

    windows_version = "";

static const value_string resetbrowserstate_command_names[] = {

  { 0x01, "Stop being a master browser and become a backup browser"},

  { 0x02, "Discard browse lists, stop being a master browser, and try again"},

  { 0x04, "Stop being a master browser for ever"},

  { 0, NULL}

};

static true_false_string tfs_demote_to_backup = {

  "Demote an LMB to a Backup Browser",

  "Do not demote an LMB to a Backup Browser"

};

static true_false_string tfs_flush_browse_list = {

  "Flush the Browse List",

  "Do not Flush the Browse List"

};

static true_false_string tfs_stop_being_lmb = {

  "Stop Being a Local Master Browser",

  "Do not Stop Being a Local Master Browser"

};

static const true_false_string tfs_workstation = {

  "This is a Workstation",

  "This is NOT a Workstation"

};

static const true_false_string tfs_server = {

  "This is a Server",

  "This is NOT a Server"

};

static const true_false_string tfs_sql = {

  "This is an SQL server",

  "This is NOT an SQL server"

};

static const true_false_string tfs_domain = {

  "This is a Domain Controller",

  "This is NOT a Domain Controller"

};

static const true_false_string tfs_backup = {

  "This is a Backup Controller",

  "This is NOT a Backup Controller"

};

static const true_false_string tfs_time = {

  "This is a Time Source",

  "This is NOT a Time Source"

};

static const true_false_string tfs_apple = {

  "This is an Apple host",

  "This is NOT an Apple host"

};

static const true_false_string tfs_novell = {

  "This is a Novell server",

  "This is NOT a Novell server"

};

static const true_false_string tfs_member = {

  "This is a Domain Member server",

  "This is NOT a Domain Member server"

};

static const true_false_string tfs_print = {

  "This is a Print Queue server",

  "This is NOT a Print Queue server"

};

static const true_false_string tfs_dialin = {

  "This is a Dialin server",

  "This is NOT a Dialin server"

};

static const true_false_string tfs_xenix = {

  "This is a Xenix server",

  "This is NOT a Xenix server"

};

static const true_false_string tfs_ntw = {

  "This is an NT Workstation",

  "This is NOT an NT Workstation"

};

static const true_false_string tfs_wfw = {

  "This is a WfW host",

  "This is NOT a WfW host"

};

static const true_false_string tfs_nts = {

  "This is an NT Server",

  "This is NOT an NT Server"

};

static const true_false_string tfs_potentialb = {

  "This is a Potential Browser",

  "This is NOT a Potential Browser"

};

static const true_false_string tfs_backupb = {

  "This is a Backup Browser",

  "This is NOT a Backup Browser"

};

static const true_false_string tfs_masterb = {

  "This is a Master Browser",

  "This is NOT a Master Browser"

};

static const true_false_string tfs_domainmasterb = {

  "This is a Domain Master Browser",

  "This is NOT a Domain Master Browser"

};

static const true_false_string tfs_osf = {

  "This is an OSF host",

  "This is NOT an OSF host"

};

static const true_false_string tfs_vms = {

  "This is a VMS host",

  "This is NOT a VMS host"

};

static const true_false_string tfs_w95 = {

  "This is a Windows 95 or above host",

  "This is NOT a Windows 95 or above host"

};

static const true_false_string tfs_dfs = {

  "This is a DFS server",

  "THis is NOT a DFS server"

};

static const true_false_string tfs_local = {

  "This is a local list only request",

  "This is NOT a local list only request"

};

static const true_false_string tfs_domainenum = {

  "This is a Domain Enum request",

  "This is NOT a Domain Enum request"

};

#define DESIRE_BACKUP     0

#define DESIRE_STANDBY      1

#define DESIRE_MASTER     2

#define DESIRE_DOMAIN_MASTER    3

#define DESIRE_WINS     5

#define DESIRE_NT     7

static const true_false_string tfs_desire_backup = {

  "Backup Browse Server",

  "NOT Backup Browse Server"

};

static const true_false_string tfs_desire_standby = {

  "Standby Browse Server",

  "NOT Standby Browse Server"

};

static const true_false_string tfs_desire_master = {

  "Master Browser",

  "NOT Master Browser"

};

static const true_false_string tfs_desire_domain_master = {

  "Domain Master Browse Server",

  "NOT Domain Master Browse Server"

};

static const true_false_string tfs_desire_wins = {

  "WINS Client",

  "NOT WINS Client"

};

static const true_false_string tfs_desire_nt = {

  "Windows NT Advanced Server",

  "NOT Windows NT Advanced Server"

};

#define BROWSE_HOST_ANNOUNCE       1

#define BROWSE_REQUEST_ANNOUNCE      2

#define BROWSE_ELECTION_REQUEST      8

#define BROWSE_BACKUP_LIST_REQUEST     9

#define BROWSE_BACKUP_LIST_RESPONSE   10

#define BROWSE_BECOME_BACKUP      11

#define BROWSE_DOMAIN_ANNOUNCEMENT    12

#define BROWSE_MASTER_ANNOUNCEMENT    13

#define BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT   14

#define BROWSE_LOCAL_MASTER_ANNOUNCEMENT  15

static const value_string commands[] = {

  {BROWSE_HOST_ANNOUNCE,      "Host Announcement"},

  {BROWSE_REQUEST_ANNOUNCE,   "Request Announcement"},

  {BROWSE_ELECTION_REQUEST,   "Browser Election Request"},

  {BROWSE_BACKUP_LIST_REQUEST,    "Get Backup List Request"},

  {BROWSE_BACKUP_LIST_RESPONSE,   "Get Backup List Response"},

  {BROWSE_BECOME_BACKUP,      "Become Backup Browser"},

  {BROWSE_DOMAIN_ANNOUNCEMENT,    "Domain/Workgroup Announcement"},

  {BROWSE_MASTER_ANNOUNCEMENT,    "Master Announcement"},

  {BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT, "Reset Browser State Announcement"},

  {BROWSE_LOCAL_MASTER_ANNOUNCEMENT,  "Local Master Announcement"},

  {0,       NULL}

};

#define OS_WFW        0

#define OS_NTW        4

#define OS_NTS        5

static const true_false_string tfs_os_wfw = {

  "Windows for Workgroups",

  "Not Windows for Workgroups"

};

static const true_false_string tfs_os_ntw = {

  "Windows NT Workstation",

  "Not Windows NT Workstation"

};

static const true_false_string tfs_os_nts = {

  "Windows NT Server",

  "Not Windows NT Server"

};

static void

dissect_election_criterion_os(tvbuff_t *tvb, proto_tree *parent_tree, int offset)

{

  static int * const flags[] = {

    &hf_election_os_wfw,

    &hf_election_os_ntw,

    &hf_election_os_nts,

    NULL

  };

  proto_tree_add_bitmask(parent_tree, tvb, offset, hf_election_os, ett_browse_election_os, flags, ENC_NA);

}

static void

dissect_election_criterion_desire(tvbuff_t *tvb, proto_tree *parent_tree, int offset)

{

  static int * const flags[] = {

    &hf_election_desire_flags_backup,

    &hf_election_desire_flags_standby,

    &hf_election_desire_flags_master,

    &hf_election_desire_flags_domain_master,

    &hf_election_desire_flags_wins,

    &hf_election_desire_flags_nt,

    NULL

  };

  proto_tree_add_bitmask(parent_tree, tvb, offset, hf_election_desire, ett_browse_election_desire, flags, ENC_NA);

}

static void

dissect_election_criterion(tvbuff_t *tvb, proto_tree *parent_tree, int offset)

{

  proto_tree *tree = NULL;

  proto_item *item = NULL;

  uint32_t criterion;

  criterion = tvb_get_letohl(tvb, offset);

  if (parent_tree) {

    item = proto_tree_add_uint(parent_tree, hf_election_criteria, tvb, offset, 4, criterion);

          tree = proto_item_add_subtree(item, ett_browse_election_criteria);

  }

  /* election desire */

  dissect_election_criterion_desire(tvb, tree, offset);

  offset += 1;

  /* browser protocol major version */

  proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);

  offset += 1;

  /* browser protocol minor version */

  proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);

  offset += 1;

  /* election os */

  dissect_election_criterion_os(tvb, tree, offset);

}

/*

 * XXX - this causes non-browser packets to have browser fields.

 */

int

dissect_smb_server_type_flags(tvbuff_t *tvb, int offset, packet_info *pinfo,

            proto_tree *parent_tree, uint8_t *drep,

            bool infoflag)

{

  uint32_t flags;

  int i;

  static int * const type_flags[] = {

    &hf_server_type_workstation,

    &hf_server_type_server,

    &hf_server_type_sql,

    &hf_server_type_domain,

    &hf_server_type_backup,

    &hf_server_type_time,

    &hf_server_type_apple,

    &hf_server_type_novell,

    &hf_server_type_member,

    &hf_server_type_print,

    &hf_server_type_dialin,

    &hf_server_type_xenix,

    &hf_server_type_ntw,

    &hf_server_type_wfw,

    &hf_server_type_nts,

    &hf_server_type_potentialb,

    &hf_server_type_backupb,

    &hf_server_type_masterb,

    &hf_server_type_domainmasterb,

    &hf_server_type_osf,

    &hf_server_type_vms,

    &hf_server_type_w95,

    &hf_server_type_dfs,

    &hf_server_type_local,

    &hf_server_type_domainenum,

    NULL

  };

  if (drep != NULL) {

    /*

     * Called from a DCE RPC protocol dissector, for a

     * protocol where a 32-bit NDR integer contains

     * an server type mask; extract the server type mask

     * with an NDR call (but don't put it into the

     * protocol tree, as we can't get a pointer to the

     * item it puts in, and thus can't put a tree below

     * it with the values of the individual bits).

     */

    offset = dissect_ndr_uint32(

      tvb, offset, pinfo, NULL, NULL, drep, hf_server_type, &flags);

  } else {

    /*

     * Called from SMB browser or RAP, where the server type

     * mask is just a 4-byte little-endian quantity with no

     * special NDR alignment requirement; extract it with

     * "tvb_get_letohl()".

     */

    flags = tvb_get_letohl(tvb, offset);

    offset += 4;

  }

  if (infoflag) {

    /* Append the type(s) of the system to the COL_INFO line ... */

    for (i = 0; i < 32; i++) {

      if (flags & (1U<<i)) {

        col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",

          val_to_str(pinfo->pool, i, server_types,

          "Unknown server type:%d"));

      }

    }

  }

  proto_tree_add_bitmask_value(parent_tree, tvb, offset-4,

    hf_server_type, ett_browse_flags, type_flags, flags);

  return offset;

}

#define HOST_NAME_LEN 16

static int

dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)

{

  int offset = 0;

  uint8_t cmd;

  proto_tree *tree = NULL;

  proto_item *item = NULL;

  uint32_t periodicity;

  char *host_name;

  int namelen;

  uint8_t server_count;

  uint8_t os_major_ver, os_minor_ver;

  const char *windows_version;

  int i;

  uint32_t uptime;

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");

  col_clear(pinfo->cinfo, COL_INFO);

  cmd = tvb_get_uint8(tvb, offset);

  /* Put in something, and replace it later */

  col_add_str(pinfo->cinfo, COL_INFO, val_to_str(pinfo->pool, cmd, commands, "Unknown command:0x%02x"));

  item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, ENC_NA);

  tree = proto_item_add_subtree(item, ett_browse);

  /* command */

  proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);

  offset += 1;

  switch (cmd) {

  case BROWSE_DOMAIN_ANNOUNCEMENT:

  case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:

  case BROWSE_HOST_ANNOUNCE: {

    /* update count */

    proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* periodicity (in milliseconds) */

    periodicity = tvb_get_letohl(tvb, offset);

    proto_tree_add_uint_format_value(tree, hf_periodicity, tvb, offset, 4,

        periodicity,

        "%s",

        signed_time_msecs_to_str(pinfo->pool, periodicity));

    offset += 4;

    /* server name */

    host_name = (char*)tvb_get_stringzpad(pinfo->pool, tvb, offset, HOST_NAME_LEN, ENC_CP437|ENC_NA);

    col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);

    proto_tree_add_string_format(tree, hf_server_name,

      tvb, offset, HOST_NAME_LEN,

      host_name,

      (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?

        "Domain/Workgroup: %s":

        "Host Name: %s",

      host_name);

    offset += HOST_NAME_LEN;

    /* Windows version (See "OSVERSIONINFO Structure" on MSDN) */

    os_major_ver = tvb_get_uint8(tvb, offset);

    os_minor_ver = tvb_get_uint8(tvb, offset+1);

    SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version);

    proto_tree_add_string(tree, hf_windows_version, tvb, offset, 2, windows_version);

    /* OS major version */

    proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* OS minor version */

    proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* server type flags */

    offset = dissect_smb_server_type_flags(

      tvb, offset, pinfo, tree, NULL, true);

    if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT && tvb_get_letohs (tvb, offset + 2) != 0xAA55) {

      /*

       * Network Monitor claims this is a "Comment

       * Pointer".  I don't believe it.

       *

       * It's not a browser protocol major/minor

       * version number, and signature constant,

       * however.

       */

      proto_tree_add_item(tree, hf_mysterious_field, tvb, offset, 4, ENC_LITTLE_ENDIAN);

      offset += 4;

    } else {

      /* browser protocol major version */

      proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);

      offset += 1;

      /* browser protocol minor version */

      proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);

      offset += 1;

      /* signature constant */

      proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, ENC_LITTLE_ENDIAN);

      offset += 2;

    }

    /* master browser server name or server comment */

    namelen = tvb_strsize(tvb, offset);

    proto_tree_add_item(tree,

      (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?

          hf_mb_server_name : hf_server_comment,

      tvb, offset, namelen, ENC_ASCII|ENC_NA);

    break;

  }

  case BROWSE_REQUEST_ANNOUNCE: {

    char *computer_name;

    /* unused/unknown flags */

    proto_tree_add_item(tree, hf_unused_flags,

      tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* name of computer to which to send reply */

    proto_tree_add_item_ret_string(tree, hf_response_computer_name,

      tvb, offset, -1, ENC_ASCII, pinfo->pool, (const uint8_t**)&computer_name);

    col_append_fstr(pinfo->cinfo, COL_INFO, " %s", computer_name);

    break;

  }

  case BROWSE_ELECTION_REQUEST:

    /* election version */

    proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* criterion */

    dissect_election_criterion(tvb, tree, offset);

    offset += 4;

    /* server uptime */

    uptime = tvb_get_letohl(tvb, offset);

    proto_tree_add_uint_format_value(tree, hf_server_uptime,

        tvb, offset, 4, uptime,

        "%s",

        signed_time_msecs_to_str(pinfo->pool, uptime));

    offset += 4;

    /* next 4 bytes must be zero */

    offset += 4;

    /* server name */

    namelen = tvb_strsize(tvb, offset);

    proto_tree_add_item(tree, hf_server_name,

      tvb, offset, namelen, ENC_ASCII);

    break;

  case BROWSE_BACKUP_LIST_REQUEST:

    /* backup list requested count */

    proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* backup requested token */

    proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);

    break;

  case BROWSE_BACKUP_LIST_RESPONSE:

    /* backup list requested count */

    server_count = tvb_get_uint8(tvb, offset);

    proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1,

        server_count);

    offset += 1;

    /* backup requested token */

    proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);

    offset += 4;

    /* backup server names */

    for (i = 0; i < server_count; i++) {

      namelen = tvb_strsize(tvb, offset);

      proto_tree_add_item(tree, hf_backup_server,

        tvb, offset, namelen, ENC_ASCII);

      offset += namelen;

    }

    break;

  case BROWSE_MASTER_ANNOUNCEMENT:

    /* master browser server name */

    namelen = tvb_strsize(tvb, offset);

    proto_tree_add_item(tree, hf_mb_server_name,

      tvb, offset, namelen, ENC_ASCII);

    break;

  case BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT: {

    static int * const flags[] = {

      &hf_mb_reset_demote,

      &hf_mb_reset_flush,

      &hf_mb_reset_stop,

      NULL

    };

    proto_tree_add_bitmask(tree, tvb, offset, hf_mb_reset_command, ett_browse_reset_cmd_flags, flags, ENC_NA);

    break;

  }

  case BROWSE_BECOME_BACKUP:

    /* name of browser to promote */

    namelen = tvb_strsize(tvb, offset);

    proto_tree_add_item(tree, hf_browser_to_promote,

      tvb, offset, namelen, ENC_ASCII);

    break;

  }

  return tvb_captured_length(tvb);

}

/*

 * It appears that browser announcements sent to \MAILSLOT\LANMAN aren't

 * the same as browser announcements sent to \MAILSLOT\BROWSE.

 * Was that an older version of the protocol?

 *

 * The document at

 *

 *  http://www.samba.org/samba/ftp/specs/brow_rev.txt

 *

 * gives both formats of host announcement packets, saying that

 * "[The first] format seems wrong", that one being what appears to

 * show up in \MAILSLOT\LANMAN packets, and that "[The second one]

 * may be better", that one being what appears to show up in

 * \MAILSLOT\BROWSE packets.

 *

 * XXX - what other browser packets go out to that mailslot?

 */

static int

dissect_mailslot_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)

{

  int offset = 0;

  uint8_t cmd;

  proto_tree *tree;

  proto_item *item;

  uint32_t periodicity;

  const uint8_t *host_name;

  uint8_t os_major_ver, os_minor_ver;

  const char *windows_version;

  unsigned namelen;

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER");

  col_clear(pinfo->cinfo, COL_INFO);

  cmd = tvb_get_uint8(tvb, offset);

  /* Put in something, and replace it later */

  col_add_str(pinfo->cinfo, COL_INFO, val_to_str(pinfo->pool, cmd, commands, "Unknown command:0x%02x"));

  item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, ENC_NA);

  tree = proto_item_add_subtree(item, ett_browse);

  /* command */

  proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd);

  offset += 1;

  switch (cmd) {

  case BROWSE_DOMAIN_ANNOUNCEMENT:

  case BROWSE_LOCAL_MASTER_ANNOUNCEMENT:

  case BROWSE_HOST_ANNOUNCE:

    /* update count */

    proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* server type flags */

    offset = dissect_smb_server_type_flags(

      tvb, offset, pinfo, tree, NULL, true);

    /* OS version string (See "OSVERSIONINFO Structure" on MSDN) */

    os_major_ver = tvb_get_uint8(tvb, offset);

    os_minor_ver = tvb_get_uint8(tvb, offset+1);

    SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version);

    proto_tree_add_string(tree, hf_windows_version, tvb, offset, 2, windows_version);

    /* OS major version */

    proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* OS minor version */

    proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN);

    offset += 1;

    /* periodicity (in seconds; convert to milliseconds) */

    periodicity = tvb_get_letohs(tvb, offset)*1000;

    proto_tree_add_uint_format_value(tree, hf_periodicity, tvb, offset, 2,

        periodicity,

        "%s",

        signed_time_msecs_to_str(pinfo->pool, periodicity));

    offset += 2;

    /* server name */

    host_name = tvb_get_stringz_enc(pinfo->pool, tvb, offset, &namelen, ENC_CP437|ENC_NA);

    col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name);

    proto_tree_add_item(tree, hf_server_name,

      tvb, offset, namelen, ENC_ASCII);

    offset += namelen;

    /* master browser server name or server comment */

    namelen = tvb_strsize(tvb, offset);

    proto_tree_add_item(tree,

      (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)?

          hf_mb_server_name : hf_server_comment,

      tvb, offset, namelen, ENC_CP437|ENC_NA);

    break;

  }

  return tvb_captured_length(tvb);

}

void

proto_register_smb_browse(void)

{

  static hf_register_info hf[] = {

    { &hf_command,

      { "Command", "browser.command", FT_UINT8, BASE_HEX,

      VALS(commands), 0, "Browse command opcode", HFILL }},

    { &hf_update_count,

      { "Update Count", "browser.update_count", FT_UINT8, BASE_DEC,

      NULL, 0, "Browse Update Count", HFILL }},

    { &hf_periodicity,

      { "Update Periodicity", "browser.period", FT_UINT32, BASE_DEC,

      NULL, 0, "Update Periodicity in ms", HFILL }},

    { &hf_server_name,

      { "Server Name", "browser.server", FT_STRING, BASE_NONE,

      NULL, 0, "BROWSE Server Name", HFILL }},

    { &hf_mb_server_name,

      { "Master Browser Server Name", "browser.mb_server", FT_STRING, BASE_NONE,

      NULL, 0, "BROWSE Master Browser Server Name", HFILL }},

    { &hf_mb_reset_command,

      { "ResetBrowserState Command", "browser.reset_cmd", FT_UINT8,

        BASE_HEX, VALS(resetbrowserstate_command_names), 0,

        NULL, HFILL }},

    { &hf_mb_reset_demote,

      { "Demote LMB", "browser.reset_cmd.demote", FT_BOOLEAN,

        8, TFS(&tfs_demote_to_backup), 0x01, NULL, HFILL}},

    { &hf_mb_reset_flush,

      { "Flush Browse List", "browser.reset_cmd.flush", FT_BOOLEAN,

        8, TFS(&tfs_flush_browse_list), 0x02, NULL, HFILL}},

    { &hf_mb_reset_stop,

      { "Stop Being LMB", "browser.reset_cmd.stop_lmb", FT_BOOLEAN,

        8, TFS(&tfs_stop_being_lmb), 0x04, NULL, HFILL}},

    { &hf_os_major,

      { "OS Major Version", "browser.os_major", FT_UINT8, BASE_DEC,

      NULL, 0, "Operating System Major Version", HFILL }},

    { &hf_os_minor,

      { "OS Minor Version", "browser.os_minor", FT_UINT8, BASE_DEC,

      NULL, 0, "Operating System Minor Version", HFILL }},

    { &hf_server_type,

      { "Server Type", "browser.server_type", FT_UINT32, BASE_HEX,

      NULL, 0, "Server Type Flags", HFILL }},

    { &hf_server_type_workstation,

      { "Workstation", "browser.server_type.workstation", FT_BOOLEAN, 32,

      TFS(&tfs_workstation), 1U<<SERVER_WORKSTATION, "Is This A Workstation?", HFILL }},

    { &hf_server_type_server,

      { "Server", "browser.server_type.server", FT_BOOLEAN, 32,

      TFS(&tfs_server), 1U<<SERVER_SERVER, "Is This A Server?", HFILL }},

    { &hf_server_type_sql,

      { "SQL", "browser.server_type.sql", FT_BOOLEAN, 32,

      TFS(&tfs_sql), 1U<<SERVER_SQL_SERVER, "Is This A SQL Server?", HFILL }},

    { &hf_server_type_domain,

      { "Domain Controller", "browser.server_type.domain_controller", FT_BOOLEAN, 32,

      TFS(&tfs_domain), 1U<<SERVER_DOMAIN_CONTROLLER, "Is This A Domain Controller?", HFILL }},

    { &hf_server_type_backup,

      { "Backup Controller", "browser.server_type.backup_controller", FT_BOOLEAN, 32,

      TFS(&tfs_backup), 1U<<SERVER_BACKUP_CONTROLLER, "Is This A Backup Domain Controller?", HFILL }},

    { &hf_server_type_time,

      { "Time Source", "browser.server_type.time", FT_BOOLEAN, 32,

      TFS(&tfs_time), 1U<<SERVER_TIME_SOURCE, "Is This A Time Source?", HFILL }},

    { &hf_server_type_apple,

      { "Apple", "browser.server_type.apple", FT_BOOLEAN, 32,

      TFS(&tfs_apple), 1U<<SERVER_APPLE_SERVER, "Is This An Apple Server ?", HFILL }},

    { &hf_server_type_novell,

      { "Novell", "browser.server_type.novell", FT_BOOLEAN, 32,

      TFS(&tfs_novell), 1U<<SERVER_NOVELL_SERVER, "Is This A Novell Server?", HFILL }},

    { &hf_server_type_member,

      { "Member", "browser.server_type.member", FT_BOOLEAN, 32,

      TFS(&tfs_member), 1U<<SERVER_DOMAIN_MEMBER_SERVER, "Is This A Domain Member Server?", HFILL }},

    { &hf_server_type_print,

      { "Print", "browser.server_type.print", FT_BOOLEAN, 32,

      TFS(&tfs_print), 1U<<SERVER_PRINT_QUEUE_SERVER, "Is This A Print Server?", HFILL }},

    { &hf_server_type_dialin,

      { "Dialin", "browser.server_type.dialin", FT_BOOLEAN, 32,

      TFS(&tfs_dialin), 1U<<SERVER_DIALIN_SERVER, "Is This A Dialin Server?", HFILL }},

    { &hf_server_type_xenix,

      { "Xenix", "browser.server_type.xenix", FT_BOOLEAN, 32,

      TFS(&tfs_xenix), 1U<<SERVER_XENIX_SERVER, "Is This A Xenix Server?", HFILL }},

    { &hf_server_type_ntw,

      { "NT Workstation", "browser.server_type.ntw", FT_BOOLEAN, 32,

      TFS(&tfs_ntw), 1U<<SERVER_NT_WORKSTATION, "Is This A NT Workstation?", HFILL }},

    { &hf_server_type_wfw,

      { "WfW", "browser.server_type.wfw", FT_BOOLEAN, 32,

      TFS(&tfs_wfw), 1U<<SERVER_WINDOWS_FOR_WORKGROUPS, "Is This A Windows For Workgroups Server?", HFILL }},

    { &hf_server_type_nts,

      { "NT Server", "browser.server_type.nts", FT_BOOLEAN, 32,

      TFS(&tfs_nts), 1U<<SERVER_NT_SERVER, "Is This A NT Server?", HFILL }},

    { &hf_server_type_potentialb,

      { "Potential Browser", "browser.server_type.browser.potential", FT_BOOLEAN, 32,

      TFS(&tfs_potentialb), 1U<<SERVER_POTENTIAL_BROWSER, "Is This A Potential Browser?", HFILL }},

    { &hf_server_type_backupb,

      { "Backup Browser", "browser.server_type.browser.backup", FT_BOOLEAN, 32,

      TFS(&tfs_backupb), 1U<<SERVER_BACKUP_BROWSER, "Is This A Backup Browser?", HFILL }},

    { &hf_server_type_masterb,

      { "Master Browser", "browser.server_type.browser.master", FT_BOOLEAN, 32,

      TFS(&tfs_masterb), 1U<<SERVER_MASTER_BROWSER, "Is This A Master Browser?", HFILL }},

    { &hf_server_type_domainmasterb,

      { "Domain Master Browser", "browser.server_type.browser.domain_master", FT_BOOLEAN, 32,

      TFS(&tfs_domainmasterb), 1U<<SERVER_DOMAIN_MASTER_BROWSER, "Is This A Domain Master Browser?", HFILL }},

    { &hf_server_type_osf,

      { "OSF", "browser.server_type.osf", FT_BOOLEAN, 32,

      TFS(&tfs_osf), 1U<<SERVER_OSF, "Is This An OSF server ?", HFILL }},

    { &hf_server_type_vms,

      { "VMS", "browser.server_type.vms", FT_BOOLEAN, 32,

      TFS(&tfs_vms), 1U<<SERVER_VMS, "Is This A VMS Server?", HFILL }},

    { &hf_server_type_w95,

      { "Windows 95+", "browser.server_type.w95", FT_BOOLEAN, 32,

      TFS(&tfs_w95), 1U<<SERVER_WINDOWS_95, "Is This A Windows 95 or above server?", HFILL }},

    { &hf_server_type_dfs,

      { "DFS", "browser.server_type.dfs", FT_BOOLEAN, 32,

      TFS(&tfs_dfs), 1U<<SERVER_DFS_SERVER, "Is This A DFS server?", HFILL }},

    { &hf_server_type_local,

      { "Local", "browser.server_type.local", FT_BOOLEAN, 32,

      TFS(&tfs_local), 1U<<SERVER_LOCAL_LIST_ONLY, "Is This A Local List Only request?", HFILL }},

    { &hf_server_type_domainenum,

      { "Domain Enum", "browser.server_type.domainenum", FT_BOOLEAN, 32,

      TFS(&tfs_domainenum), 1U<<SERVER_DOMAIN_ENUM, "Is This A Domain Enum request?", HFILL }},

    { &hf_election_version,

      { "Election Version", "browser.election.version", FT_UINT8, BASE_DEC,

      NULL, 0, NULL, HFILL }},

    { &hf_proto_major,

      { "Browser Protocol Major Version", "browser.proto_major", FT_UINT8, BASE_DEC,

      NULL, 0, NULL, HFILL }},

    { &hf_proto_minor,

      { "Browser Protocol Minor Version", "browser.proto_minor", FT_UINT8, BASE_DEC,

      NULL, 0, NULL, HFILL }},

    { &hf_sig_const,

      { "Signature", "browser.sig", FT_UINT16, BASE_HEX,

      NULL, 0, "Signature Constant", HFILL }},