/src/wireshark/epan/dissectors/packet-tnef.c
Line | Count | Source |
1 | | /* packet-tnef.c |
2 | | * Routines for Transport-Neutral Encapsulation Format (TNEF) packet disassembly |
3 | | * |
4 | | * Copyright (c) 2007 by Graeme Lunt |
5 | | * |
6 | | * Wireshark - Network traffic analyzer |
7 | | * By Gerald Combs <gerald@wireshark.org> |
8 | | * Copyright 1999 Gerald Combs |
9 | | * |
10 | | * SPDX-License-Identifier: GPL-2.0-or-later |
11 | | */ |
12 | | |
13 | | #include "config.h" |
14 | | |
15 | | #include <epan/packet.h> |
16 | | #include <epan/expert.h> |
17 | | |
18 | | #include <wiretap/tnef.h> |
19 | | |
20 | | #include <wsutil/ws_padding_to.h> |
21 | | |
22 | | #include "packet-dcerpc.h" |
23 | | #include "packet-dcerpc-nspi.h" |
24 | | #include "packet-ber.h" |
25 | | |
26 | 14 | #define PNAME "Transport-Neutral Encapsulation Format" |
27 | 14 | #define PSNAME "TNEF" |
28 | 28 | #define PFNAME "tnef" |
29 | | |
30 | | #define ATP_TRIPLES (0x0000) |
31 | 0 | #define ATP_STRING (0x0001) |
32 | | #define ATP_TEXT (0x0002) |
33 | 0 | #define ATP_DATE (0x0003) |
34 | | #define ATP_SHORT (0x0004) |
35 | | #define ATP_LONG (0x0005) |
36 | | #define ATP_BYTE (0x0006) |
37 | | #define ATP_WORD (0x0007) |
38 | | #define ATP_DWORD (0x0008) |
39 | | #define ATP_MAX (0x0009) |
40 | | |
41 | 0 | #define ATT_OWNER (0x00060000) /* handled */ |
42 | 0 | #define ATT_SENT_FOR (0x00060001) /* handled */ |
43 | | #define ATT_DELEGATE (0x00060002) |
44 | | #define ATT_DATE_START (0x00030006) /* handled */ |
45 | | #define ATT_DATE_END (0x00030007) /* handled */ |
46 | | #define ATT_AID_OWNER (0x00040008) |
47 | | #define ATT_REQUEST_RES (0x00040009) |
48 | | |
49 | | #define ATT_FROM (0x00008000) |
50 | | #define ATT_SUBJECT (0x00018004) |
51 | | #define ATT_DATE_SENT (0x00038005) /* handled */ |
52 | | #define ATT_DATE_RECD (0x00038006) /* handled */ |
53 | | #define ATT_MESSAGE_STATUS (0x00068007) |
54 | 0 | #define ATT_MESSAGE_CLASS (0x00078008) /* handled */ |
55 | | #define ATT_MESSAGE_ID (0x00018009) |
56 | | #define ATT_PARENT_ID (0x0001800A) /* handled */ |
57 | | #define ATT_CONVERSATION_ID (0x0001800B) /* handled */ |
58 | | #define ATT_BODY (0x0002800C) |
59 | 0 | #define ATT_PRIORITY (0x0004800D) /* handled */ |
60 | | #define ATT_ATTACH_DATA (0x0006800F) |
61 | | #define ATT_ATTACH_TITLE (0x00018010) /* handled */ |
62 | | #define ATT_ATTACH_META_FILE (0x00068011) |
63 | | #define ATT_ATTACH_CREATE_DATE (0x00038012) /* handled */ |
64 | | #define ATT_ATTACH_MODIFY_DATE (0x00038013) /* handled */ |
65 | | #define ATT_DATE_MODIFIED (0x00038020) /* handled */ |
66 | | |
67 | | #define ATT_ATTACH_TRANSPORT_FILENAME (0x00069001) |
68 | | #define ATT_ATTACH_REND_DATA (0x00069002) |
69 | 0 | #define ATT_MAPI_PROPS (0x00069003) /* handled */ |
70 | | #define ATT_RECIP_TABLE (0x00069004) |
71 | | #define ATT_ATTACHMENT (0x00069005) |
72 | 0 | #define ATT_TNEF_VERSION (0x00089006) /* handled */ |
73 | 0 | #define ATT_OEM_CODEPAGE (0x00069007) /* handled */ |
74 | 0 | #define ATT_ORIGINAL_MESSAGE_CLASS (0x00079008) /* handled */ |
75 | | |
76 | | void proto_register_tnef(void); |
77 | | void proto_reg_handoff_tnef(void); |
78 | | |
79 | | static int proto_tnef; |
80 | | |
81 | | static int hf_tnef_signature; |
82 | | static int hf_tnef_key; |
83 | | static int hf_tnef_attribute; |
84 | | static int hf_tnef_attribute_lvl; |
85 | | static int hf_tnef_attribute_tag; |
86 | | static int hf_tnef_attribute_tag_type; |
87 | | static int hf_tnef_attribute_tag_id; |
88 | | static int hf_tnef_attribute_length; |
89 | | static int hf_tnef_attribute_value; |
90 | | static int hf_tnef_attribute_string; |
91 | | static int hf_tnef_attribute_date; |
92 | | static int hf_tnef_attribute_display_name; |
93 | | static int hf_tnef_attribute_email_address; |
94 | | static int hf_tnef_attribute_checksum; |
95 | | static int hf_tnef_mapi_props; |
96 | | static int hf_tnef_oem_codepage; |
97 | | static int hf_tnef_version; |
98 | | static int hf_tnef_message_class; |
99 | | static int hf_tnef_original_message_class; |
100 | | static int hf_tnef_priority; |
101 | | static int hf_tnef_mapi_props_count; |
102 | | |
103 | | static int hf_tnef_property; |
104 | | static int hf_tnef_property_tag; |
105 | | static int hf_tnef_property_tag_type; |
106 | | static int hf_tnef_property_tag_id; |
107 | | static int hf_tnef_property_tag_set; |
108 | | static int hf_tnef_property_tag_kind; |
109 | | static int hf_tnef_property_tag_name_id; |
110 | | static int hf_tnef_property_tag_name_length; |
111 | | static int hf_tnef_property_tag_name_string; |
112 | | static int hf_tnef_property_padding; |
113 | | static int hf_tnef_padding; |
114 | | |
115 | | static int hf_tnef_values_count; |
116 | | static int hf_tnef_value_length; |
117 | | |
118 | | static int hf_tnef_attribute_date_year; |
119 | | static int hf_tnef_attribute_date_month; |
120 | | static int hf_tnef_attribute_date_day; |
121 | | static int hf_tnef_attribute_date_hour; |
122 | | static int hf_tnef_attribute_date_minute; |
123 | | static int hf_tnef_attribute_date_second; |
124 | | static int hf_tnef_attribute_date_day_of_week; |
125 | | |
126 | | static int hf_tnef_PropValue_i; |
127 | | static int hf_tnef_PropValue_l; |
128 | | static int hf_tnef_PropValue_b; |
129 | | static int hf_tnef_PropValue_lpszA; |
130 | | static int hf_tnef_PropValue_lpszW; |
131 | | static int hf_tnef_PropValue_lpguid; |
132 | | static int hf_tnef_PropValue_bin; |
133 | | static int hf_tnef_PropValue_ft; |
134 | | static int hf_tnef_PropValue_err; |
135 | | static int hf_tnef_PropValue_MVi; |
136 | | static int hf_tnef_PropValue_MVl; |
137 | | static int hf_tnef_PropValue_MVszA; |
138 | | static int hf_tnef_PropValue_MVbin; |
139 | | static int hf_tnef_PropValue_MVguid; |
140 | | static int hf_tnef_PropValue_MVszW; |
141 | | static int hf_tnef_PropValue_MVft; |
142 | | static int hf_tnef_PropValue_null; |
143 | | static int hf_tnef_PropValue_object; |
144 | | |
145 | | static int ett_tnef; |
146 | | static int ett_tnef_attribute; |
147 | | static int ett_tnef_attribute_tag; |
148 | | static int ett_tnef_mapi_props; |
149 | | static int ett_tnef_property; |
150 | | static int ett_tnef_property_tag; |
151 | | static int ett_tnef_counted_items; |
152 | | static int ett_tnef_attribute_date; |
153 | | static int ett_tnef_attribute_address; |
154 | | |
155 | | static expert_field ei_tnef_expect_single_item; |
156 | | static expert_field ei_tnef_incorrect_signature; |
157 | | |
158 | | static dissector_handle_t tnef_handle; |
159 | | |
160 | | static const value_string tnef_Lvl_vals[] = { |
161 | | { 1, "LVL-MESSAGE" }, |
162 | | { 2, "LVL-ATTACHMENT" }, |
163 | | { 0, NULL } |
164 | | }; |
165 | | |
166 | | static const value_string tnef_Priority_vals[] = { |
167 | | { 1, "Low" }, |
168 | | { 2, "High" }, |
169 | | { 3, "Normal" }, |
170 | | { 0, NULL } |
171 | | }; |
172 | | |
173 | | static const value_string tnef_Types_vals[] = { |
174 | | { ATP_TRIPLES, "Triples" }, |
175 | | { ATP_STRING, "String"}, |
176 | | { ATP_TEXT, "Text" }, |
177 | | { ATP_DATE, "Date"}, |
178 | | { ATP_SHORT, "Short"}, |
179 | | { ATP_LONG, "Long"}, |
180 | | { ATP_BYTE, "Byte"}, |
181 | | { ATP_WORD, "Word"}, |
182 | | { ATP_DWORD, "DWord"}, |
183 | | { ATP_MAX, "Max"}, |
184 | | { 0, NULL } |
185 | | }; |
186 | | |
187 | | static const value_string weekday_vals[] = { |
188 | | {0, "Sunday"}, |
189 | | {1, "Monday"}, |
190 | | {2, "Tuesday"}, |
191 | | {3, "Wednesday"}, |
192 | | {4, "Thursday"}, |
193 | | {5, "Friday"}, |
194 | | {6, "Saturday"}, |
195 | | {0, NULL} |
196 | | }; |
197 | | |
198 | | static const value_string tnef_Attribute_vals[] = { |
199 | | { ATT_OWNER, "ATT_OWNER" }, |
200 | | { ATT_SENT_FOR, "ATT_SENT_FOR" }, |
201 | | { ATT_DELEGATE, "ATT_DELEGATE" }, |
202 | | { ATT_OWNER, "ATT_OWNER" }, |
203 | | { ATT_DATE_START, "ATT_DATE_START" }, |
204 | | { ATT_DATE_END, "ATT_DATE_END" }, |
205 | | { ATT_AID_OWNER, "ATT_AID_OWNER" }, |
206 | | { ATT_REQUEST_RES, "ATT_REQUEST_RES" }, |
207 | | { ATT_FROM, "ATT_FROM" }, |
208 | | { ATT_SUBJECT, "ATT_SUBJECT" }, |
209 | | { ATT_DATE_SENT, "ATT_DATE_SENT" }, |
210 | | { ATT_DATE_RECD, "ATT_DATE_RECD" }, |
211 | | { ATT_MESSAGE_STATUS, "ATT_MESSAGE_STATUS" }, |
212 | | { ATT_MESSAGE_CLASS, "ATT_MESSAGE_CLASS" }, |
213 | | { ATT_MESSAGE_ID, "ATT_MESSAGE_ID" }, |
214 | | { ATT_PARENT_ID, "ATT_PARENT_ID" }, |
215 | | { ATT_CONVERSATION_ID, "ATT_CONVERSATION_ID" }, |
216 | | { ATT_BODY, "ATT_BODY" }, |
217 | | { ATT_PRIORITY, "ATT_PRIORITY" }, |
218 | | { ATT_ATTACH_DATA, "ATT_ATTACH_DATA" }, |
219 | | { ATT_ATTACH_TITLE, "ATT_ATTACH_TITLE" }, |
220 | | { ATT_ATTACH_META_FILE, "ATT_ATTACH_META_FILE" }, |
221 | | { ATT_ATTACH_CREATE_DATE, "ATT_ATTACH_CREATE_DATE" }, |
222 | | { ATT_ATTACH_MODIFY_DATE, "ATT_ATTACH_MODIFY_DATE" }, |
223 | | { ATT_DATE_MODIFIED, "ATT_DATE_MODIFIED" }, |
224 | | { ATT_ATTACH_TRANSPORT_FILENAME, "ATT_ATTACH_TRANSPORT_FILENAME" }, |
225 | | { ATT_ATTACH_REND_DATA, "ATT_ATTACH_REND_DATA" }, |
226 | | { ATT_MAPI_PROPS, "ATT_MAPI_PROPS" }, |
227 | | { ATT_RECIP_TABLE, "ATT_RECIP_TABLE" }, |
228 | | { ATT_ATTACHMENT, "ATT_ATTACHMENT" }, |
229 | | { ATT_TNEF_VERSION, "ATT_TNEF_VERSION" }, |
230 | | { ATT_OEM_CODEPAGE, "ATT_OEM_CODEPAGE" }, |
231 | | { ATT_ORIGINAL_MESSAGE_CLASS, "ATT_ORIGINAL_MESSAGE_CLASS" }, |
232 | | { 0, NULL } |
233 | | }; |
234 | | |
235 | | static int dissect_counted_values(tvbuff_t *tvb, int offset, int hf_id, packet_info *pinfo, proto_tree *tree, bool single, unsigned encoding) |
236 | 0 | { |
237 | 0 | proto_item *item; |
238 | 0 | uint32_t length, count, i; |
239 | |
|
240 | 0 | count = tvb_get_letohl(tvb, offset); |
241 | 0 | proto_tree_add_item(tree, hf_tnef_values_count, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
242 | |
|
243 | 0 | if(count > 1) { |
244 | 0 | if(single) { |
245 | 0 | item = proto_tree_add_expert_format(tree, pinfo, &ei_tnef_expect_single_item, tvb, offset, 4, |
246 | 0 | "Expecting a single item but found %d", count); |
247 | 0 | tree = proto_item_add_subtree(item, ett_tnef_counted_items); |
248 | 0 | } |
249 | 0 | } |
250 | |
|
251 | 0 | offset += 4; |
252 | |
|
253 | 0 | for(i = 0; i < count; i++) { |
254 | |
|
255 | 0 | length = tvb_get_letohl(tvb, offset); |
256 | 0 | proto_tree_add_item(tree, hf_tnef_value_length, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
257 | 0 | offset += 4; |
258 | |
|
259 | 0 | proto_tree_add_item(tree, hf_id, tvb, offset, length, encoding); |
260 | 0 | offset += length; |
261 | | |
262 | | /* XXX: may be padding ? */ |
263 | |
|
264 | 0 | } |
265 | |
|
266 | 0 | return offset; |
267 | 0 | } |
268 | | |
269 | | static int dissect_counted_address(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree) |
270 | 0 | { |
271 | 0 | uint16_t length; |
272 | |
|
273 | 0 | length = tvb_get_letohs(tvb, offset); |
274 | 0 | proto_tree_add_item(tree, hf_tnef_value_length, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
275 | 0 | offset += 2; |
276 | |
|
277 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_display_name, tvb, offset, length, ENC_ASCII); |
278 | 0 | offset += length; |
279 | |
|
280 | 0 | length = tvb_get_letohs(tvb, offset); |
281 | 0 | proto_tree_add_item(tree, hf_tnef_value_length, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
282 | 0 | offset += 2; |
283 | |
|
284 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_email_address, tvb, offset, length, ENC_ASCII); |
285 | 0 | offset += length; |
286 | |
|
287 | 0 | return offset; |
288 | 0 | } |
289 | | |
290 | | |
291 | | static void dissect_DTR(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree) |
292 | 0 | { |
293 | 0 | int offset; |
294 | |
|
295 | 0 | offset = 0; |
296 | |
|
297 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_date_year, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
298 | 0 | offset +=2; |
299 | |
|
300 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_date_month, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
301 | 0 | offset +=2; |
302 | |
|
303 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_date_day, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
304 | 0 | offset +=2; |
305 | |
|
306 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_date_hour, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
307 | 0 | offset +=2; |
308 | |
|
309 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_date_minute, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
310 | 0 | offset +=2; |
311 | |
|
312 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_date_second, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
313 | 0 | offset +=2; |
314 | |
|
315 | 0 | proto_tree_add_item(tree, hf_tnef_attribute_date_day_of_week, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
316 | | /*offset +=2;*/ |
317 | 0 | } |
318 | | |
319 | | |
320 | | static void dissect_mapiprops(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, unsigned oem_encoding) |
321 | 0 | { |
322 | 0 | proto_item *item, *prop_item; |
323 | 0 | proto_tree *prop_tree, *tag_tree; |
324 | 0 | uint32_t /*count,*/ tag, tag_kind, tag_length; |
325 | 0 | uint16_t padding; |
326 | 0 | int offset, start_offset; |
327 | |
|
328 | 0 | uint8_t drep[] = {0x10 /* LE */, /* DCE_RPC_DREP_FP_IEEE */ 0 }; |
329 | 0 | static dcerpc_info di; |
330 | 0 | static dcerpc_call_value call_data; |
331 | |
|
332 | 0 | offset = 0; |
333 | |
|
334 | 0 | di.conformant_run = 0; |
335 | | /* we need di->call_data->flags.NDR64 == 0 */ |
336 | 0 | di.call_data = &call_data; |
337 | 0 | di.dcerpc_procedure_name = ""; |
338 | | |
339 | | /* first the count */ |
340 | 0 | proto_tree_add_item(tree, hf_tnef_mapi_props_count, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
341 | | /*count = tvb_get_letohl(tvb, offset);*/ |
342 | |
|
343 | 0 | offset += 4; |
344 | |
|
345 | 0 | while(tvb_reported_length_remaining(tvb, offset) > 0 ) { |
346 | |
|
347 | 0 | start_offset = offset; |
348 | | |
349 | | /* get the property tag */ |
350 | |
|
351 | 0 | prop_item = proto_tree_add_item(tree, hf_tnef_property, tvb, offset, -1, ENC_NA); |
352 | 0 | prop_tree = proto_item_add_subtree(prop_item, ett_tnef_property); |
353 | |
|
354 | 0 | item = proto_tree_add_item(prop_tree, hf_tnef_property_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
355 | 0 | tag_tree = proto_item_add_subtree(item, ett_tnef_property_tag); |
356 | | |
357 | | /* add a nice name to the property */ |
358 | 0 | tag = tvb_get_letohl(tvb, offset); |
359 | 0 | proto_item_append_text(prop_item, " %s", val_to_str(pinfo->pool, tag, nspi_MAPITAGS_vals, "Unknown tag (0x%08lx)")); |
360 | |
|
361 | 0 | proto_tree_add_item(tag_tree, hf_tnef_property_tag_type, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
362 | 0 | offset += 2; |
363 | |
|
364 | 0 | proto_tree_add_item(tag_tree, hf_tnef_property_tag_id, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
365 | 0 | offset += 2; |
366 | |
|
367 | 0 | if(tag & 0x80000000) { |
368 | 0 | const uint8_t* name_string = NULL; |
369 | | |
370 | | /* it is a named property */ |
371 | 0 | proto_tree_add_item(tag_tree, hf_tnef_property_tag_set, tvb, offset, 16, ENC_LITTLE_ENDIAN); |
372 | 0 | offset += 16; |
373 | |
|
374 | 0 | tag_kind = tvb_get_letohl(tvb, offset); |
375 | 0 | proto_tree_add_item(tag_tree, hf_tnef_property_tag_kind, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
376 | 0 | offset += 4; |
377 | |
|
378 | 0 | if(tag_kind == 0) { |
379 | 0 | proto_tree_add_item(tag_tree, hf_tnef_property_tag_name_id, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
380 | 0 | offset += 4; |
381 | 0 | } else { |
382 | 0 | tag_length = tvb_get_letohl(tvb, offset); |
383 | 0 | proto_tree_add_item(tag_tree, hf_tnef_property_tag_name_length, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
384 | 0 | offset += 4; |
385 | |
|
386 | 0 | proto_tree_add_item_ret_string(tag_tree, hf_tnef_property_tag_name_string, tvb, offset, tag_length, |
387 | 0 | ENC_UTF_16|ENC_LITTLE_ENDIAN, pinfo->pool, &name_string); |
388 | 0 | offset += tag_length; |
389 | |
|
390 | 0 | if((padding = WS_PADDING_TO_4(tag_length)) != 0) { |
391 | 0 | proto_tree_add_item(tag_tree, hf_tnef_property_padding, tvb, offset, padding, ENC_NA); |
392 | 0 | offset += padding; |
393 | 0 | } |
394 | 0 | } |
395 | 0 | proto_item_append_text(prop_item, " [Named Property"); |
396 | 0 | if (name_string) |
397 | 0 | proto_item_append_text(prop_item, ": %s", name_string); |
398 | 0 | proto_item_append_text(prop_item, "]"); |
399 | 0 | } |
400 | |
|
401 | 0 | switch(tag) { |
402 | | /* handle any specific tags here */ |
403 | 0 | default: |
404 | | /* otherwise just use the type */ |
405 | 0 | switch(tag & 0x0000ffff) { |
406 | 0 | case PT_I2: |
407 | 0 | offset = PIDL_dissect_uint16(tvb, offset, pinfo, prop_tree, &di, drep, hf_tnef_PropValue_i, 0); |
408 | 0 | break; |
409 | 0 | case PT_LONG: |
410 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, prop_tree, &di, drep, hf_tnef_PropValue_l, 0); |
411 | 0 | break; |
412 | 0 | case PT_BOOLEAN: |
413 | 0 | offset = PIDL_dissect_uint16(tvb, offset, pinfo, prop_tree, &di, drep, hf_tnef_PropValue_b, 0); |
414 | 0 | break; |
415 | 0 | case PT_STRING8: |
416 | 0 | offset = dissect_counted_values(tvb, offset, hf_tnef_PropValue_lpszA, pinfo, prop_tree, true, oem_encoding); |
417 | 0 | break; |
418 | 0 | case PT_BINARY: |
419 | 0 | offset = dissect_counted_values(tvb, offset, hf_tnef_PropValue_bin, pinfo, prop_tree, true, ENC_NA); |
420 | 0 | break; |
421 | 0 | case PT_UNICODE: |
422 | 0 | offset = dissect_counted_values (tvb, offset, hf_tnef_PropValue_lpszW, pinfo, prop_tree, true, ENC_UTF_16|ENC_LITTLE_ENDIAN); |
423 | 0 | break; |
424 | 0 | case PT_CLSID: |
425 | 0 | offset = nspi_dissect_struct_MAPIUID(tvb, offset, pinfo, prop_tree, &di, drep, hf_tnef_PropValue_lpguid, 0); |
426 | 0 | break; |
427 | 0 | case PT_SYSTIME: |
428 | 0 | offset = nspi_dissect_struct_FILETIME(tvb,offset,pinfo,prop_tree,&di,drep,hf_tnef_PropValue_ft,0); |
429 | 0 | break; |
430 | 0 | case PT_ERROR: |
431 | 0 | offset = nspi_dissect_enum_MAPISTATUS(tvb, offset, pinfo, prop_tree, &di, drep, hf_tnef_PropValue_err, 0); |
432 | 0 | break; |
433 | 0 | case PT_MV_I2: |
434 | 0 | offset = nspi_dissect_struct_SShortArray(tvb,offset,pinfo,prop_tree,&di,drep,hf_tnef_PropValue_MVi,0); |
435 | 0 | break; |
436 | 0 | case PT_MV_LONG: |
437 | 0 | offset = nspi_dissect_struct_MV_LONG_STRUCT(tvb,offset,pinfo,prop_tree,&di,drep,hf_tnef_PropValue_MVl,0); |
438 | 0 | break; |
439 | 0 | case PT_MV_STRING8: |
440 | 0 | offset = nspi_dissect_struct_SLPSTRArray(tvb,offset,pinfo,prop_tree,&di,drep,hf_tnef_PropValue_MVszA,0); |
441 | 0 | break; |
442 | 0 | case PT_MV_BINARY: |
443 | 0 | offset = nspi_dissect_struct_SBinaryArray(tvb,offset,pinfo,prop_tree,&di,drep,hf_tnef_PropValue_MVbin,0); |
444 | 0 | break; |
445 | 0 | case PT_MV_CLSID: |
446 | 0 | offset = nspi_dissect_struct_SGuidArray(tvb,offset,pinfo,prop_tree,&di,drep,hf_tnef_PropValue_MVguid,0); |
447 | 0 | break; |
448 | 0 | case PT_MV_UNICODE: |
449 | 0 | offset = nspi_dissect_struct_MV_UNICODE_STRUCT(tvb,offset,pinfo,prop_tree,&di,drep,hf_tnef_PropValue_MVszW,0); |
450 | 0 | break; |
451 | 0 | case PT_MV_SYSTIME: |
452 | 0 | offset = nspi_dissect_struct_SDateTimeArray(tvb,offset,pinfo,prop_tree,&di,drep,hf_tnef_PropValue_MVft,0); |
453 | 0 | break; |
454 | 0 | case PT_NULL: |
455 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, prop_tree, &di, drep, hf_tnef_PropValue_null, 0); |
456 | 0 | break; |
457 | 0 | case PT_OBJECT: |
458 | 0 | offset = PIDL_dissect_uint32(tvb, offset, pinfo, prop_tree, &di, drep, hf_tnef_PropValue_object, 0); |
459 | 0 | break; |
460 | 0 | } |
461 | 0 | } |
462 | | |
463 | | /* we may need to pad to a 4-byte boundary */ |
464 | 0 | if((padding = WS_PADDING_TO_4(offset - start_offset)) != 0) { |
465 | | |
466 | | /* we need to pad */ |
467 | 0 | proto_tree_add_item(prop_tree, hf_tnef_property_padding, tvb, offset, padding, ENC_NA); |
468 | |
|
469 | 0 | offset += padding; |
470 | 0 | } |
471 | |
|
472 | 0 | proto_item_set_len(prop_item, offset - start_offset); |
473 | 0 | } |
474 | 0 | } |
475 | | |
476 | | |
477 | | static int dissect_tnef(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
478 | 0 | { |
479 | 0 | proto_item *attr_item, *item; |
480 | 0 | proto_tree *attr_tree, *tag_tree, *props_tree, *addr_tree, *date_tree; |
481 | 0 | uint32_t tag, length, signature; |
482 | 0 | int offset, start_offset; |
483 | 0 | tvbuff_t *next_tvb; |
484 | 0 | uint64_t oem_code_page; |
485 | 0 | unsigned oem_encoding = ENC_ASCII|ENC_NA; |
486 | |
|
487 | 0 | if(tree){ |
488 | 0 | item = proto_tree_add_item(tree, proto_tnef, tvb, 0, -1, ENC_NA); |
489 | 0 | tree = proto_item_add_subtree(item, ett_tnef); |
490 | 0 | } |
491 | |
|
492 | 0 | offset = 0; |
493 | | |
494 | | /* first the signature */ |
495 | 0 | signature = tvb_get_letohl(tvb, offset); |
496 | 0 | item = proto_tree_add_item(tree, hf_tnef_signature, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
497 | 0 | offset += 4; |
498 | | |
499 | | /* check the signature */ |
500 | 0 | if(signature != TNEF_SIGNATURE) { |
501 | |
|
502 | 0 | expert_add_info_format(pinfo, item, &ei_tnef_incorrect_signature, |
503 | 0 | " [Incorrect, should be 0x%x. No further dissection possible. Check any Content-Transfer-Encoding has been removed.]", TNEF_SIGNATURE); |
504 | 0 | return offset; |
505 | |
|
506 | 0 | } else { |
507 | |
|
508 | 0 | proto_item_append_text(item, " [Correct]"); |
509 | |
|
510 | 0 | } |
511 | | |
512 | 0 | proto_tree_add_item(tree, hf_tnef_key, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
513 | 0 | offset += 2; |
514 | |
|
515 | 0 | while(tvb_reported_length_remaining(tvb, offset) > 9 ) { /* there must be at least a level (1), tag (4) and length (4) to be valid */ |
516 | |
|
517 | 0 | start_offset = offset; |
518 | |
|
519 | 0 | attr_item = proto_tree_add_item(tree, hf_tnef_attribute, tvb, offset, -1, ENC_NA); |
520 | 0 | attr_tree = proto_item_add_subtree(attr_item, ett_tnef_attribute); |
521 | |
|
522 | 0 | proto_tree_add_item(attr_tree, hf_tnef_attribute_lvl, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
523 | 0 | offset += 1; |
524 | |
|
525 | 0 | item = proto_tree_add_item(attr_tree, hf_tnef_attribute_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
526 | 0 | tag_tree = proto_item_add_subtree(item, ett_tnef_attribute_tag); |
527 | | |
528 | | /* add a nice name to the property */ |
529 | 0 | tag = tvb_get_letohl(tvb, offset); |
530 | 0 | proto_item_append_text(attr_item, " %s", val_to_str(pinfo->pool, tag, tnef_Attribute_vals, "Unknown tag (0x%08lx)")); |
531 | |
|
532 | 0 | proto_tree_add_item(tag_tree, hf_tnef_attribute_tag_id, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
533 | 0 | offset += 2; |
534 | |
|
535 | 0 | proto_tree_add_item(tag_tree, hf_tnef_attribute_tag_type, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
536 | | /* remember the type for the value dissection */ |
537 | 0 | offset += 2; |
538 | |
|
539 | 0 | length = tvb_get_letohl(tvb, offset); |
540 | 0 | proto_tree_add_item(attr_tree, hf_tnef_attribute_length, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
541 | 0 | offset += 4; |
542 | |
|
543 | 0 | switch(tag) { |
544 | 0 | case ATT_OEM_CODEPAGE: |
545 | 0 | proto_tree_add_item_ret_uint64(attr_tree, hf_tnef_oem_codepage, tvb, offset, length, ENC_LITTLE_ENDIAN, &oem_code_page); |
546 | 0 | switch (oem_code_page) { |
547 | | |
548 | 0 | case 1250: |
549 | 0 | oem_encoding = ENC_WINDOWS_1250|ENC_NA; |
550 | 0 | break; |
551 | | |
552 | 0 | case 1251: |
553 | 0 | oem_encoding = ENC_WINDOWS_1251|ENC_NA; |
554 | 0 | break; |
555 | | |
556 | 0 | case 1252: |
557 | 0 | oem_encoding = ENC_WINDOWS_1252|ENC_NA; |
558 | 0 | break; |
559 | | |
560 | 0 | default: |
561 | 0 | oem_encoding = ENC_ASCII|ENC_NA; /* XXX - support more code pages */ |
562 | 0 | break; |
563 | 0 | } |
564 | 0 | break; |
565 | 0 | case ATT_TNEF_VERSION: |
566 | 0 | proto_tree_add_item(attr_tree, hf_tnef_version, tvb, offset, length, ENC_LITTLE_ENDIAN); |
567 | 0 | break; |
568 | 0 | case ATT_MESSAGE_CLASS: |
569 | 0 | proto_tree_add_item(attr_tree, hf_tnef_message_class, tvb, offset, length, ENC_ASCII); |
570 | 0 | break; |
571 | 0 | case ATT_ORIGINAL_MESSAGE_CLASS: |
572 | 0 | proto_tree_add_item(attr_tree, hf_tnef_original_message_class, tvb, offset, length, ENC_ASCII); |
573 | 0 | break; |
574 | 0 | case ATT_MAPI_PROPS: |
575 | 0 | item = proto_tree_add_item(attr_tree, hf_tnef_mapi_props, tvb, offset, length, ENC_NA); |
576 | 0 | props_tree = proto_item_add_subtree(item, ett_tnef_mapi_props); |
577 | |
|
578 | 0 | next_tvb = tvb_new_subset_length(tvb, offset, length); |
579 | |
|
580 | 0 | dissect_mapiprops(next_tvb, pinfo, props_tree, oem_encoding); |
581 | |
|
582 | 0 | break; |
583 | 0 | case ATT_OWNER: |
584 | 0 | case ATT_SENT_FOR: |
585 | 0 | addr_tree = proto_item_add_subtree(item, ett_tnef_attribute_address); |
586 | |
|
587 | 0 | (void)dissect_counted_address(tvb, offset, pinfo, addr_tree); |
588 | |
|
589 | 0 | break; |
590 | 0 | case ATT_PRIORITY: |
591 | 0 | proto_tree_add_item(attr_tree, hf_tnef_priority, tvb, offset, length, ENC_LITTLE_ENDIAN); |
592 | 0 | break; |
593 | 0 | default: |
594 | | /* just do it on the type */ |
595 | 0 | switch((tag >> 16) & 0xffff) { |
596 | 0 | case ATP_DATE: |
597 | 0 | item = proto_tree_add_item(attr_tree, hf_tnef_attribute_date, tvb, offset, length, ENC_NA); |
598 | 0 | date_tree = proto_item_add_subtree(item, ett_tnef_attribute_date); |
599 | |
|
600 | 0 | next_tvb = tvb_new_subset_length(tvb, offset, length); |
601 | |
|
602 | 0 | dissect_DTR(next_tvb, pinfo, date_tree); |
603 | |
|
604 | 0 | break; |
605 | 0 | case ATP_STRING: |
606 | 0 | { |
607 | 0 | const uint8_t* atp; |
608 | 0 | proto_tree_add_item_ret_string(attr_tree, hf_tnef_attribute_string, tvb, offset, length, oem_encoding, pinfo->pool, &atp); |
609 | 0 | proto_item_append_text(attr_item, " %s", atp); |
610 | 0 | } |
611 | 0 | break; |
612 | 0 | default: |
613 | 0 | proto_tree_add_item(attr_tree, hf_tnef_attribute_value, tvb, offset, length, ENC_NA); |
614 | 0 | break; |
615 | 0 | } |
616 | 0 | } |
617 | | |
618 | | /* check for overflow */ |
619 | 0 | if (offset + length > (uint32_t)offset) { |
620 | 0 | offset += length; |
621 | 0 | } |
622 | |
|
623 | 0 | proto_tree_add_checksum(attr_tree, tvb, offset, hf_tnef_attribute_checksum, -1, NULL, pinfo, 0, ENC_LITTLE_ENDIAN, PROTO_CHECKSUM_NO_FLAGS); |
624 | 0 | offset += 2; |
625 | |
|
626 | 0 | proto_item_set_len(attr_item, offset - start_offset); |
627 | 0 | } |
628 | | |
629 | | /* there may be some padding */ |
630 | 0 | if(tvb_reported_length_remaining(tvb, offset)) /* XXX: Not sure if they is really padding or not */ |
631 | 0 | proto_tree_add_item(tree, hf_tnef_padding, tvb, offset, tvb_reported_length_remaining(tvb, offset), ENC_NA); |
632 | |
|
633 | 0 | return tvb_captured_length(tvb); |
634 | 0 | } |
635 | | |
636 | | static int dissect_tnef_file(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
637 | 0 | { |
638 | 0 | col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME); |
639 | |
|
640 | 0 | col_set_str(pinfo->cinfo, COL_DEF_SRC, PSNAME " encoded file"); |
641 | |
|
642 | 0 | col_append_str(pinfo->cinfo, COL_INFO, PNAME); |
643 | |
|
644 | 0 | dissect_tnef(tvb, pinfo, tree, NULL); |
645 | 0 | return tvb_captured_length(tvb); |
646 | 0 | } |
647 | | |
648 | | /* Register all the bits needed by the filtering engine */ |
649 | | |
650 | | void |
651 | | proto_register_tnef(void) |
652 | 14 | { |
653 | 14 | static hf_register_info hf[] = { |
654 | 14 | { &hf_tnef_signature, |
655 | 14 | { "Signature", "tnef.signature", FT_UINT32, BASE_HEX, NULL, 0x0, |
656 | 14 | NULL, HFILL }}, |
657 | 14 | { &hf_tnef_key, |
658 | 14 | { "Key", "tnef.key", FT_UINT16, BASE_HEX, NULL, 0x0, |
659 | 14 | NULL, HFILL }}, |
660 | 14 | { &hf_tnef_attribute, |
661 | 14 | { "Attribute", "tnef.attribute", FT_NONE, BASE_NONE, NULL, 0x0, |
662 | 14 | NULL, HFILL }}, |
663 | 14 | { &hf_tnef_attribute_lvl, |
664 | 14 | { "Type", "tnef.attribute.lvl", FT_UINT8, BASE_DEC, VALS(tnef_Lvl_vals), 0x0, |
665 | 14 | NULL, HFILL }}, |
666 | 14 | { &hf_tnef_attribute_tag, |
667 | 14 | { "Tag", "tnef.attribute.tag", FT_UINT32, BASE_HEX, VALS(tnef_Attribute_vals), 0x0, |
668 | 14 | NULL, HFILL }}, |
669 | 14 | { &hf_tnef_attribute_tag_type, |
670 | 14 | { "Type", "tnef.attribute.tag.type", FT_UINT16, BASE_HEX, VALS(tnef_Types_vals), 0x0, |
671 | 14 | NULL, HFILL }}, |
672 | 14 | { &hf_tnef_attribute_tag_id, |
673 | 14 | { "Tag", "tnef.attribute.tag.id", FT_UINT16, BASE_HEX, NULL, 0x0, |
674 | 14 | NULL, HFILL }}, |
675 | 14 | { &hf_tnef_attribute_length, |
676 | 14 | { "Length", "tnef.attribute.length", FT_UINT32, BASE_DEC, NULL, 0x0, |
677 | 14 | NULL, HFILL }}, |
678 | 14 | { &hf_tnef_attribute_value, |
679 | 14 | { "Value", "tnef.attribute.value", FT_NONE, BASE_NONE, NULL, 0x0, |
680 | 14 | NULL, HFILL }}, |
681 | 14 | { &hf_tnef_attribute_string, |
682 | 14 | { "String", "tnef.attribute.string", FT_STRING, BASE_NONE, NULL, 0x0, |
683 | 14 | NULL, HFILL }}, |
684 | 14 | { &hf_tnef_attribute_date, |
685 | 14 | { "Date", "tnef.attribute.date", FT_NONE, BASE_NONE, NULL, 0x0, |
686 | 14 | NULL, HFILL }}, |
687 | 14 | { &hf_tnef_attribute_display_name, |
688 | 14 | { "Display Name", "tnef.attribute.display_name", FT_STRING, BASE_NONE, NULL, 0x0, |
689 | 14 | NULL, HFILL }}, |
690 | 14 | { &hf_tnef_attribute_email_address, |
691 | 14 | { "Email Address", "tnef.attribute.email_address", FT_STRING, BASE_NONE, NULL, 0x0, |
692 | 14 | NULL, HFILL }}, |
693 | 14 | { &hf_tnef_attribute_date_year, |
694 | 14 | { "Year", "tnef.attribute.date.year", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
695 | 14 | { &hf_tnef_attribute_date_month, |
696 | 14 | { "Month", "tnef.attribute.date.month", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
697 | 14 | { &hf_tnef_attribute_date_day, |
698 | 14 | { "Day", "tnef.attribute.date.day", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
699 | 14 | { &hf_tnef_attribute_date_hour, |
700 | 14 | { "Hour", "tnef.attribute.date.hour", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
701 | 14 | { &hf_tnef_attribute_date_minute, |
702 | 14 | { "Minute", "tnef.attribute.date.minute", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
703 | 14 | { &hf_tnef_attribute_date_second, |
704 | 14 | { "Second", "tnef.attribute.date.second", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
705 | 14 | { &hf_tnef_attribute_date_day_of_week, |
706 | 14 | { "Day Of Week", "tnef.attribute.date.day_of_week", FT_UINT16, BASE_DEC, VALS(weekday_vals), 0, NULL, HFILL }}, |
707 | 14 | { &hf_tnef_attribute_checksum, |
708 | 14 | { "Checksum", "tnef.attribute.checksum", FT_UINT16, BASE_HEX, NULL, 0x0, |
709 | 14 | NULL, HFILL }}, |
710 | 14 | { &hf_tnef_mapi_props, |
711 | 14 | { "MAPI Properties", "tnef.mapi_props", FT_NONE, BASE_NONE, NULL, 0x0, |
712 | 14 | NULL, HFILL }}, |
713 | 14 | { &hf_tnef_version, |
714 | 14 | { "Version", "tnef.version", FT_UINT32, BASE_HEX, NULL, 0x0, |
715 | 14 | NULL, HFILL }}, |
716 | 14 | { &hf_tnef_oem_codepage, |
717 | 14 | { "OEM Codepage", "tnef.oem_codepage", FT_UINT64, BASE_DEC, NULL, 0x0, |
718 | 14 | NULL, HFILL }}, |
719 | 14 | { &hf_tnef_message_class, |
720 | 14 | { "Message Class", "tnef.message_class", FT_STRING, BASE_NONE, NULL, 0x0, |
721 | 14 | NULL, HFILL }}, |
722 | 14 | { &hf_tnef_original_message_class, |
723 | 14 | { "Original Message Class", "tnef.message_class.original", FT_STRING, BASE_NONE, NULL, 0x0, |
724 | 14 | NULL, HFILL }}, |
725 | 14 | { &hf_tnef_priority, |
726 | 14 | { "Priority", "tnef.priority", FT_UINT16, BASE_DEC, VALS(tnef_Priority_vals), 0x0, |
727 | 14 | NULL, HFILL }}, |
728 | 14 | { &hf_tnef_mapi_props_count, |
729 | 14 | { "Count", "tnef.mapi_props.count", FT_UINT32, BASE_DEC, NULL, 0x0, |
730 | 14 | NULL, HFILL }}, |
731 | 14 | { &hf_tnef_property, |
732 | 14 | { "Property", "tnef.property", FT_NONE, BASE_NONE, NULL, 0x0, |
733 | 14 | NULL, HFILL }}, |
734 | 14 | { &hf_tnef_property_tag, |
735 | 14 | { "Tag", "tnef.property.tag", FT_UINT32, BASE_HEX, VALS(nspi_MAPITAGS_vals), 0x0, |
736 | 14 | NULL, HFILL }}, |
737 | 14 | { &hf_tnef_property_tag_type, |
738 | 14 | { "Type", "tnef.property.tag.type", FT_UINT16, BASE_HEX, VALS(nspi_property_types_vals), 0x0, |
739 | 14 | NULL, HFILL }}, |
740 | 14 | { &hf_tnef_property_tag_id, |
741 | 14 | { "Tag", "tnef.property.tag.id", FT_UINT16, BASE_HEX, NULL, 0x0, |
742 | 14 | NULL, HFILL }}, |
743 | 14 | { &hf_tnef_property_tag_set, |
744 | 14 | { "Set", "tnef.attribute.tag.set", FT_GUID, BASE_NONE, NULL, 0x0, |
745 | 14 | NULL, HFILL }}, |
746 | 14 | { &hf_tnef_property_tag_kind, |
747 | 14 | { "Kind", "tnef.attribute.tag.kind", FT_UINT32, BASE_DEC, NULL, 0x0, |
748 | 14 | NULL, HFILL }}, |
749 | 14 | { &hf_tnef_property_tag_name_id, |
750 | 14 | { "Name", "tnef.attribute.tag.name.id", FT_UINT32, BASE_HEX, NULL, 0x0, |
751 | 14 | NULL, HFILL }}, |
752 | 14 | { &hf_tnef_property_tag_name_length, |
753 | 14 | { "Length", "tnef.attribute.tag.name.length", FT_UINT32, BASE_DEC, NULL, 0x0, |
754 | 14 | NULL, HFILL }}, |
755 | 14 | { &hf_tnef_property_tag_name_string, |
756 | 14 | { "Name", "tnef.attribute.tag.name.string", FT_STRING, BASE_NONE, NULL, 0x0, |
757 | 14 | NULL, HFILL }}, |
758 | 14 | { &hf_tnef_property_padding, |
759 | 14 | { "Padding", "tnef.property.padding", FT_NONE, BASE_NONE, NULL, 0x0, |
760 | 14 | NULL, HFILL }}, |
761 | 14 | { &hf_tnef_padding, |
762 | 14 | { "Padding", "tnef.padding", FT_NONE, BASE_NONE, NULL, 0x0, |
763 | 14 | NULL, HFILL }}, |
764 | 14 | { &hf_tnef_values_count, |
765 | 14 | { "Count", "tnef.values.count", FT_UINT32, BASE_DEC, NULL, 0x0, |
766 | 14 | NULL, HFILL }}, |
767 | 14 | { &hf_tnef_value_length, |
768 | 14 | { "Length", "tnef.value.length", FT_UINT32, BASE_DEC, NULL, 0x0, |
769 | 14 | NULL, HFILL }}, |
770 | 14 | { &hf_tnef_PropValue_i, |
771 | 14 | { "I", "tnef.PropValue.i", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
772 | 14 | { &hf_tnef_PropValue_l, |
773 | 14 | { "L", "tnef.PropValue.l", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, |
774 | 14 | { &hf_tnef_PropValue_b, |
775 | 14 | { "B", "tnef.PropValue.b", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, |
776 | 14 | { &hf_tnef_PropValue_lpszA, |
777 | 14 | { "Lpsza", "tnef.PropValue.lpszA", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, |
778 | 14 | { &hf_tnef_PropValue_lpszW, |
779 | 14 | { "Lpszw", "tnef.PropValue.lpszW", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, |
780 | 14 | { &hf_tnef_PropValue_lpguid, |
781 | 14 | { "Lpguid", "tnef.PropValue.lpguid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
782 | 14 | { &hf_tnef_PropValue_bin, |
783 | 14 | { "Bin", "tnef.PropValue.bin", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
784 | 14 | { &hf_tnef_PropValue_ft, |
785 | 14 | { "Ft", "tnef.PropValue.ft", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
786 | 14 | { &hf_tnef_PropValue_err, |
787 | 14 | { "Err", "tnef.PropValue.err", FT_UINT32, BASE_DEC, VALS(nspi_MAPISTATUS_vals), 0, NULL, HFILL }}, |
788 | 14 | { &hf_tnef_PropValue_MVi, |
789 | 14 | { "Mvi", "tnef.PropValue.MVi", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
790 | 14 | { &hf_tnef_PropValue_MVl, |
791 | 14 | { "Mvl", "tnef.PropValue.MVl", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
792 | 14 | { &hf_tnef_PropValue_MVszA, |
793 | 14 | { "Mvsza", "tnef.PropValue.MVszA", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
794 | 14 | { &hf_tnef_PropValue_MVbin, |
795 | 14 | { "Mvbin", "tnef.PropValue.MVbin", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
796 | 14 | { &hf_tnef_PropValue_MVguid, |
797 | 14 | { "Mvguid", "tnef.PropValue.MVguid", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
798 | 14 | { &hf_tnef_PropValue_MVszW, |
799 | 14 | { "Mvszw", "tnef.PropValue.MVszW", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
800 | 14 | { &hf_tnef_PropValue_MVft, |
801 | 14 | { "Mvft", "tnef.PropValue.MVft", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
802 | 14 | { &hf_tnef_PropValue_null, |
803 | 14 | { "Null", "tnef.PropValue.null", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, |
804 | 14 | { &hf_tnef_PropValue_object, |
805 | 14 | { "Object", "tnef.PropValue.object", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, |
806 | 14 | }; |
807 | 14 | static int *ett[] = { |
808 | 14 | &ett_tnef, |
809 | 14 | &ett_tnef_attribute, |
810 | 14 | &ett_tnef_attribute_tag, |
811 | 14 | &ett_tnef_mapi_props, |
812 | 14 | &ett_tnef_property, |
813 | 14 | &ett_tnef_property_tag, |
814 | 14 | &ett_tnef_counted_items, |
815 | 14 | &ett_tnef_attribute_date, |
816 | 14 | &ett_tnef_attribute_address, |
817 | 14 | }; |
818 | | |
819 | 14 | static ei_register_info ei[] = { |
820 | 14 | { &ei_tnef_expect_single_item, { "tnef.expect_single_item", PI_MALFORMED, PI_ERROR, "Expected single item", EXPFILL }}, |
821 | 14 | { &ei_tnef_incorrect_signature, { "tnef.signature.incorrect", PI_MALFORMED, PI_WARN, "Incorrect signature", EXPFILL }}, |
822 | 14 | }; |
823 | | |
824 | 14 | expert_module_t* expert_tnef; |
825 | | |
826 | 14 | proto_tnef = proto_register_protocol(PNAME, PSNAME, PFNAME); |
827 | | |
828 | 14 | proto_register_field_array(proto_tnef, hf, array_length(hf)); |
829 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
830 | 14 | expert_tnef = expert_register_protocol(proto_tnef); |
831 | 14 | expert_register_field_array(expert_tnef, ei, array_length(ei)); |
832 | | |
833 | | /* Allow dissector to find be found by name. */ |
834 | 14 | tnef_handle = register_dissector(PFNAME, dissect_tnef, proto_tnef); |
835 | | |
836 | 14 | } |
837 | | |
838 | | /* The registration hand-off routine */ |
839 | | void |
840 | | proto_reg_handoff_tnef(void) |
841 | 14 | { |
842 | 14 | dissector_handle_t tnef_file_handle; |
843 | | |
844 | 14 | tnef_file_handle = create_dissector_handle(dissect_tnef_file, proto_tnef); |
845 | | |
846 | 14 | dissector_add_string("media_type", "application/ms-tnef", tnef_handle); |
847 | | |
848 | | /* X.400 file transfer bodypart */ |
849 | 14 | register_ber_oid_dissector_handle("1.2.840.113556.3.10.1", tnef_handle, proto_tnef, "id-et-tnef"); |
850 | | |
851 | 14 | dissector_add_uint("wtap_encap", WTAP_ENCAP_TNEF, tnef_file_handle); |
852 | 14 | } |
853 | | |
854 | | /* |
855 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
856 | | * |
857 | | * Local Variables: |
858 | | * c-basic-offset: 2 |
859 | | * tab-width: 8 |
860 | | * indent-tabs-mode: nil |
861 | | * End: |
862 | | * |
863 | | * ex: set shiftwidth=2 tabstop=8 expandtab: |
864 | | * :indentSize=2:tabSize=8:noTabs=true: |
865 | | */ |