Coverage Report

Created: 2026-03-30 07:00

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/wireshark/epan/dissectors/packet-rdp_conctrl.c
Line
Count
Source
1
/* packet-rdp_conctrl.c
2
 * Routines for the CONCTRL RDP channel
3
 * Copyright 2025, David Fort <contact@hardening-consulting.com>
4
 *
5
 * Wireshark - Network traffic analyzer
6
 * By Gerald Combs <gerald@wireshark.org>
7
 * Copyright 1998 Gerald Combs
8
 *
9
 * SPDX-License-Identifier: GPL-2.0-or-later
10
 */
11
12
13
#include "config.h"
14
15
#include <epan/packet.h>
16
#include <epan/prefs.h>
17
#include <epan/conversation.h>
18
19
void proto_register_rdp_conctrl(void);
20
void proto_reg_handoff_rdp_conctrl(void);
21
22
static int proto_rdp_conctrl;
23
24
static int hf_conctrl_orderType;
25
static int hf_conctrl_realmSz;
26
static int hf_conctrl_realm;
27
static int hf_conctrl_loginSz;
28
static int hf_conctrl_login;
29
30
static int ett_rdp_conctrl;
31
32
static int
33
dissect_rdp_conctrl(tvbuff_t *tvb _U_, packet_info *pinfo, proto_tree *parent_tree _U_, void *data _U_)
34
0
{
35
0
  int offset = 0;
36
  //bool packetToServer = rdp_isServerAddressTarget(pinfo);
37
38
0
  parent_tree = proto_tree_get_root(parent_tree);
39
0
  col_set_str(pinfo->cinfo, COL_PROTOCOL, "CONCTRL");
40
41
0
  proto_item *item = proto_tree_add_item(parent_tree, proto_rdp_conctrl, tvb, 0, 0, ENC_NA);
42
0
  proto_tree *tree = proto_item_add_subtree(item, ett_rdp_conctrl);
43
44
0
  uint32_t cmdId;
45
0
  proto_tree_add_item_ret_uint(tree, hf_conctrl_orderType, tvb, offset, 2, ENC_LITTLE_ENDIAN, &cmdId);
46
0
  offset += 2;
47
48
0
  switch (cmdId) {
49
0
  case 1:
50
    /* client capa ? */
51
0
  case 2:
52
    /* server capa ? */
53
0
    break;
54
0
  case 8:
55
    /* close */
56
0
    break;
57
0
  case 0x10: {
58
    /* session info on the server */
59
0
    offset += 12;
60
61
0
    uint32_t realmLen;
62
0
    proto_tree_add_item_ret_uint(tree, hf_conctrl_realmSz, tvb, offset, 4, ENC_LITTLE_ENDIAN, &realmLen);
63
0
    offset += 4;
64
65
0
    uint32_t loginLen;
66
0
    proto_tree_add_item_ret_uint(tree, hf_conctrl_loginSz, tvb, offset, 4, ENC_LITTLE_ENDIAN, &loginLen);
67
0
    offset += 4;
68
69
0
    proto_tree_add_item(tree, hf_conctrl_realm, tvb, offset, realmLen, ENC_UTF_16|ENC_LITTLE_ENDIAN);
70
0
    offset += realmLen;
71
72
0
    proto_tree_add_item(tree, hf_conctrl_login, tvb, offset, loginLen, ENC_UTF_16|ENC_LITTLE_ENDIAN);
73
    //offset += realmLen;
74
0
    break;
75
0
  }
76
0
  }
77
78
0
  return offset;
79
0
}
80
81
14
void proto_register_rdp_conctrl(void) {
82
14
  static hf_register_info hf[] = {
83
14
    { &hf_conctrl_orderType,
84
14
      { "OrderType", "rdp_conctrl.ordertype",
85
14
      FT_UINT16, BASE_HEX, NULL, 0x0,
86
14
      NULL, HFILL }
87
14
    },
88
14
    { &hf_conctrl_realmSz,
89
14
      { "Realm size", "rdp_conctrl.realmsize",
90
14
      FT_UINT32, BASE_HEX, NULL, 0x0,
91
14
      NULL, HFILL }
92
14
    },
93
14
    { &hf_conctrl_realm,
94
14
      { "Realm", "rdp_conctrl.realm",
95
14
      FT_STRINGZ, BASE_NONE, NULL, 0x0,
96
14
      NULL, HFILL }
97
14
    },
98
14
    { &hf_conctrl_loginSz,
99
14
      { "Login size", "rdp_conctrl.loginsize",
100
14
      FT_UINT32, BASE_HEX, NULL, 0x0,
101
14
      NULL, HFILL }
102
14
    },
103
14
    { &hf_conctrl_login,
104
14
      { "Login", "rdp_conctrl.login",
105
14
      FT_STRINGZ, BASE_NONE, NULL, 0x0,
106
14
      NULL, HFILL }
107
14
    },
108
14
  };
109
110
14
  static int *ett[] = {
111
14
    &ett_rdp_conctrl,
112
14
  };
113
114
115
14
  proto_rdp_conctrl = proto_register_protocol("RDP Conctrl virtual channel Protocol", "CONCTRL", "rdp_conctrl");
116
117
  /* Register fields and subtrees */
118
14
  proto_register_field_array(proto_rdp_conctrl, hf, array_length(hf));
119
14
  proto_register_subtree_array(ett, array_length(ett));
120
121
14
  register_dissector("rdp_conctrl", dissect_rdp_conctrl, proto_rdp_conctrl);
122
14
}
123
124
14
void proto_reg_handoff_rdp_conctrl(void) {
125
14
}