/src/wireshark/epan/dissectors/packet-msproxy.c
Line | Count | Source |
1 | | /* packet-msproxy.c |
2 | | * Routines for Microsoft Proxy packet dissection |
3 | | * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com> |
4 | | * |
5 | | * Wireshark - Network traffic analyzer |
6 | | * By Gerald Combs <gerald@wireshark.org> |
7 | | * Copyright 1998 Gerald Combs |
8 | | * |
9 | | * SPDX-License-Identifier: GPL-2.0-or-later |
10 | | * |
11 | | * This was derived from the dante socks implementation source code. |
12 | | * Most of the information came from common.h and msproxy_clientprotocol.c |
13 | | * |
14 | | * See http://www.inet.no/dante for more information |
15 | | */ |
16 | | |
17 | | /************************************************************************ |
18 | | * * |
19 | | * Notes: These are possible command values. User input is welcome * |
20 | | * * |
21 | | * Command = 0x040a - Remote host closed connection (maybe ?? ) * |
22 | | * Command = 0x0411 - Remote host closed connection * |
23 | | * Command = 0x0413 - Local host closed connection or SYN worked * |
24 | | * * |
25 | | ************************************************************************/ |
26 | | |
27 | | |
28 | | |
29 | | |
30 | | #include "config.h" |
31 | | |
32 | | #include <epan/packet.h> |
33 | | #include <epan/expert.h> |
34 | | |
35 | | #include "packet-tcp.h" |
36 | | #include "packet-udp.h" |
37 | | |
38 | | void proto_register_msproxy(void); |
39 | | void proto_reg_handoff_msproxy(void); |
40 | | |
41 | | |
42 | | static int proto_msproxy; |
43 | | |
44 | | static int ett_msproxy; |
45 | | static int ett_msproxy_name; |
46 | | |
47 | | static int hf_msproxy_cmd; |
48 | | static int hf_msproxy_clntport; |
49 | | |
50 | | static int hf_msproxy_dstaddr; |
51 | | |
52 | | /* static int hf_msproxy_srcport; */ |
53 | | static int hf_msproxy_dstport; |
54 | | static int hf_msproxy_serverport; |
55 | | static int hf_msproxy_serveraddr; |
56 | | static int hf_msproxy_bindport; |
57 | | static int hf_msproxy_bindaddr; |
58 | | static int hf_msproxy_boundport; |
59 | | static int hf_msproxy_bind_id; |
60 | | static int hf_msproxy_resolvaddr; |
61 | | |
62 | | static int hf_msproxy_client_id; |
63 | | static int hf_msproxy_version; |
64 | | static int hf_msproxy_server_id; |
65 | | static int hf_msproxy_server_ack; |
66 | | static int hf_msproxy_client_ack; |
67 | | static int hf_msproxy_seq_num; |
68 | | static int hf_msproxy_rwsp_signature; |
69 | | static int hf_msproxy_ntlmssp_signature; |
70 | | |
71 | | static int hf_msproxy_server_int_addr; |
72 | | static int hf_msproxy_server_int_port; |
73 | | static int hf_msproxy_server_ext_addr; |
74 | | static int hf_msproxy_server_ext_port; |
75 | | |
76 | | /* Generated from convert_proto_tree_add_text.pl */ |
77 | | static int hf_msproxy_host_name; |
78 | | static int hf_msproxy_address_offset; |
79 | | static int hf_msproxy_client_computer_name; |
80 | | static int hf_msproxy_nt_domain; |
81 | | static int hf_msproxy_req_resolve_length; |
82 | | static int hf_msproxy_application_name; |
83 | | static int hf_msproxy_user_name; |
84 | | static int hf_msproxy_application; |
85 | | |
86 | | static expert_field ei_msproxy_unknown; |
87 | | static expert_field ei_msproxy_unhandled; |
88 | | |
89 | | static dissector_handle_t msproxy_sub_handle; |
90 | | |
91 | | |
92 | 24 | #define UDP_PORT_MSPROXY 1745 |
93 | | |
94 | | #define N_MSPROXY_HELLO 0x05 /* packet 1 from client */ |
95 | | #define N_MSPROXY_ACK 0x10 /* packet 1 from server */ |
96 | | #define N_MSPROXY_USERINFO_ACK 0x04 /* packet 2 from server */ |
97 | | #define N_MSPROXY_AUTH 0x47 /* packet 3 from client */ |
98 | | #define N_MSPROXY_RESOLVE 0x07 /* Resolve request */ |
99 | | |
100 | | |
101 | | /*$$$ 0x0500 was dante value, I see 0x05ff and 0x0500 */ |
102 | | |
103 | 0 | #define MSPROXY_HELLO 0x0500 |
104 | 0 | #define MSPROXY_HELLO_2 0x05ff |
105 | | |
106 | 0 | #define MSPROXY_HELLO_ACK 0x1000 |
107 | | |
108 | 0 | #define MSPROXY_USERINFO 0x1000 |
109 | 3 | #define MSPROXY_USERINFO_ACK 0x0400 |
110 | | |
111 | 0 | #define MSPROXY_AUTH 0x4700 |
112 | 0 | #define MSPROXY_AUTH_1_ACK 0x4714 |
113 | 0 | #define MSPROXY_AUTH_2 0x4701 |
114 | 0 | #define MSPROXY_AUTH_2_ACK 0x4715 |
115 | 0 | #define MSPROXY_AUTH_2_ACK2 0x4716 |
116 | | |
117 | 0 | #define MSPROXY_RESOLVE 0x070d |
118 | 0 | #define MSPROXY_RESOLVE_ACK 0x070f |
119 | | |
120 | 0 | #define MSPROXY_BIND 0x0704 |
121 | | #define MSPROXY_BIND_ACK 0x0706 |
122 | | |
123 | 0 | #define MSPROXY_TCP_BIND 0x0707 |
124 | 0 | #define MSPROXY_TCP_BIND_ACK 0x0708 |
125 | | |
126 | 0 | #define MSPROXY_LISTEN 0x0406 |
127 | | |
128 | 0 | #define MSPROXY_BINDINFO 0x0709 |
129 | | |
130 | 0 | #define MSPROXY_BINDINFO_ACK 0x070a |
131 | | |
132 | 0 | #define MSPROXY_CONNECT 0x071e |
133 | 0 | #define MSPROXY_CONNECT_ACK 0x0703 |
134 | | |
135 | 0 | #define MSPROXY_UDPASSOCIATE 0x0705 |
136 | 0 | #define MSPROXY_UDPASSOCIATE_ACK 0x0706 |
137 | | |
138 | 0 | #define MSPROXY_UDP_BIND_REQ 0x070b |
139 | | |
140 | 0 | #define MSPROXY_CONNECTED 0x042c |
141 | 0 | #define MSPROXY_SESSIONEND 0x251e |
142 | | |
143 | 0 | #define MSPROXY_BIND_AUTHFAILED 0x0804 |
144 | 0 | #define MSPROXY_CONNECT_AUTHFAILED 0x081e |
145 | 6 | #define MSPROXY_CONNREFUSED 0x4 /* low 12 bits seem to vary. */ |
146 | | |
147 | 8 | #define FROM_SERVER 1 /* direction of packet data for get_msproxy_cmd_name */ |
148 | 2 | #define FROM_CLIENT 0 |
149 | | |
150 | | |
151 | | |
152 | | |
153 | | /*$$$ should this be the same as redirect_entry_t ?? */ |
154 | | /* then the add_conversation could just copy the structure */ |
155 | | /* using the same allocation (instance for you object guys) */ |
156 | | /* wouldn't work because there may be multiple child conversations */ |
157 | | /* from the same MSProxy conversation */ |
158 | | |
159 | | typedef struct { |
160 | | uint32_t dst_addr; |
161 | | uint32_t clnt_port; |
162 | | uint32_t dst_port; |
163 | | uint32_t server_int_port; |
164 | | conversation_type ctype; |
165 | | }hash_entry_t; |
166 | | |
167 | | |
168 | | /************** conversation hash stuff ***************/ |
169 | | |
170 | | typedef struct { |
171 | | uint32_t remote_addr; |
172 | | uint32_t clnt_port; |
173 | | uint32_t server_int_port; |
174 | | uint32_t remote_port; |
175 | | conversation_type ctype; |
176 | | }redirect_entry_t; |
177 | | |
178 | | |
179 | | /************** negotiated conversation hash stuff ***************/ |
180 | | |
181 | | |
182 | | static int msproxy_sub_dissector( tvbuff_t *tvb, packet_info *pinfo, |
183 | 0 | proto_tree *tree, void* data _U_) { |
184 | | |
185 | | /* Conversation dissector called from TCP or UDP dissector. Decode and */ |
186 | | /* display the msproxy header, the pass the rest of the data to the tcp */ |
187 | | /* or udp port decode routine to handle the payload. */ |
188 | |
|
189 | 0 | uint32_t *ptr; |
190 | 0 | redirect_entry_t *redirect_info; |
191 | 0 | conversation_t *conversation; |
192 | 0 | proto_tree *msp_tree; |
193 | 0 | proto_item *ti; |
194 | |
|
195 | 0 | conversation = find_conversation_pinfo(pinfo, 0); |
196 | |
|
197 | 0 | DISSECTOR_ASSERT( conversation); /* should always find a conversation */ |
198 | |
|
199 | 0 | redirect_info = (redirect_entry_t *)conversation_get_proto_data(conversation, |
200 | 0 | proto_msproxy); |
201 | |
|
202 | 0 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "MS Proxy"); |
203 | |
|
204 | 0 | col_set_str(pinfo->cinfo, COL_INFO, |
205 | 0 | (( redirect_info->ctype == CONVERSATION_TCP) ? "TCP stream" : |
206 | 0 | "UDP packets")); |
207 | |
|
208 | 0 | if ( tree) { |
209 | 0 | ti = proto_tree_add_item( tree, proto_msproxy, tvb, 0, 0, |
210 | 0 | ENC_NA ); |
211 | |
|
212 | 0 | msp_tree = proto_item_add_subtree(ti, ett_msproxy); |
213 | |
|
214 | 0 | proto_tree_add_uint( msp_tree, hf_msproxy_dstport, tvb, 0, 0, |
215 | 0 | redirect_info->remote_port); |
216 | |
|
217 | 0 | proto_tree_add_ipv4( msp_tree, hf_msproxy_dstaddr, tvb, 0, 0, |
218 | 0 | redirect_info->remote_addr); |
219 | |
|
220 | 0 | } |
221 | | |
222 | | /* set pinfo->{src/dst port} and call the TCP or UDP sub-dissector lookup */ |
223 | |
|
224 | 0 | if ( pinfo->srcport == redirect_info->clnt_port) |
225 | 0 | ptr = &pinfo->destport; |
226 | 0 | else |
227 | 0 | ptr = &pinfo->srcport; |
228 | |
|
229 | 0 | *ptr = redirect_info->remote_port; |
230 | |
|
231 | 0 | if ( redirect_info->ctype == CONVERSATION_TCP) |
232 | 0 | decode_tcp_ports( tvb, 0, pinfo, tree, pinfo->srcport, |
233 | 0 | pinfo->destport, NULL, NULL); |
234 | 0 | else |
235 | 0 | decode_udp_ports( tvb, 0, pinfo, tree, pinfo->srcport, |
236 | 0 | pinfo->destport, -1); |
237 | |
|
238 | 0 | *ptr = redirect_info->server_int_port; |
239 | 0 | return tvb_captured_length(tvb); |
240 | 0 | } |
241 | | |
242 | | |
243 | | |
244 | | static void add_msproxy_conversation( packet_info *pinfo, |
245 | 0 | hash_entry_t *hash_info){ |
246 | | |
247 | | /* check to see if a conversation already exists, if it does assume */ |
248 | | /* it's our conversation and quit. Otherwise create a new conversation. */ |
249 | | /* Load the conversation dissector to our dissector and load the */ |
250 | | /* conversation data structure with the info needed to call the TCP or */ |
251 | | /* UDP port decoder. */ |
252 | | |
253 | | /* NOTE: Currently this assumes that the conversation will be created */ |
254 | | /* during a packet from the server. If that changes, pinfo->src */ |
255 | | /* and pinfo->dst will not be correct and this routine will have */ |
256 | | /* to change. */ |
257 | |
|
258 | 0 | conversation_t *conversation; |
259 | 0 | redirect_entry_t *new_conv_info; |
260 | |
|
261 | 0 | if (pinfo->fd->visited) { |
262 | | /* |
263 | | * We've already processed this frame once, so we |
264 | | * should already have done this. |
265 | | */ |
266 | 0 | return; |
267 | 0 | } |
268 | | |
269 | 0 | conversation = find_conversation( pinfo->num, &pinfo->src, |
270 | 0 | &pinfo->dst, hash_info->ctype, hash_info->server_int_port, |
271 | 0 | hash_info->clnt_port, 0); |
272 | |
|
273 | 0 | if ( !conversation) { |
274 | 0 | conversation = conversation_new( pinfo->num, &pinfo->src, &pinfo->dst, |
275 | 0 | hash_info->ctype, hash_info->server_int_port, |
276 | 0 | hash_info->clnt_port, 0); |
277 | 0 | } |
278 | 0 | conversation_set_dissector(conversation, msproxy_sub_handle); |
279 | |
|
280 | 0 | new_conv_info = wmem_new(wmem_file_scope(), redirect_entry_t); |
281 | |
|
282 | 0 | new_conv_info->remote_addr = hash_info->dst_addr; |
283 | 0 | new_conv_info->clnt_port = hash_info->clnt_port; |
284 | 0 | new_conv_info->remote_port = hash_info->dst_port; |
285 | 0 | new_conv_info->server_int_port = hash_info->server_int_port; |
286 | 0 | new_conv_info->ctype = hash_info->ctype; |
287 | |
|
288 | 0 | conversation_add_proto_data(conversation, proto_msproxy, |
289 | 0 | new_conv_info); |
290 | 0 | } |
291 | | |
292 | | |
293 | | |
294 | | static int display_application_name(tvbuff_t *tvb, int offset, |
295 | 0 | proto_tree *tree) { |
296 | | |
297 | | /* display the application name in the proto tree. */ |
298 | | |
299 | | /* NOTE: this routine assumes that the tree pointer is valid (not NULL) */ |
300 | |
|
301 | 0 | int length; |
302 | |
|
303 | 0 | length = tvb_strnlen( tvb, offset, 255); |
304 | 0 | proto_tree_add_item(tree, hf_msproxy_application, tvb, offset, length, ENC_ASCII); |
305 | |
|
306 | 0 | return length; |
307 | 0 | } |
308 | | |
309 | | |
310 | 10 | static const char *get_msproxy_cmd_name( int cmd, int direction) { |
311 | | |
312 | | /* return the command name string for cmd */ |
313 | | |
314 | 10 | switch (cmd){ |
315 | 0 | case MSPROXY_HELLO_2: |
316 | 0 | case MSPROXY_HELLO: return "Hello"; |
317 | | |
318 | | /* MSPROXY_HELLO_ACK & MSPROXY_USERINFO have the same value (0x1000). */ |
319 | | /* So use the direction flag to determine which to use. */ |
320 | | |
321 | 0 | case MSPROXY_USERINFO: |
322 | 0 | if ( direction == FROM_SERVER) |
323 | 0 | return "Hello Acknowledge"; |
324 | 0 | else |
325 | 0 | return "User Info"; |
326 | 2 | case MSPROXY_USERINFO_ACK: return "User Info Acknowledge"; |
327 | 0 | case MSPROXY_AUTH: return "Authentication"; |
328 | 0 | case MSPROXY_AUTH_1_ACK: return "Authentication Acknowledge"; |
329 | 0 | case MSPROXY_AUTH_2: return "Authentication 2"; |
330 | 0 | case MSPROXY_AUTH_2_ACK: return "Authentication 2 Acknowledge"; |
331 | 0 | case MSPROXY_RESOLVE: return "Resolve"; |
332 | 0 | case MSPROXY_RESOLVE_ACK: return "Resolve Acknowledge"; |
333 | 0 | case MSPROXY_BIND: return "Bind"; |
334 | 0 | case MSPROXY_TCP_BIND: return "TCP Bind"; |
335 | 0 | case MSPROXY_TCP_BIND_ACK: return "TCP Bind Acknowledge"; |
336 | 0 | case MSPROXY_LISTEN: return "Listen"; |
337 | 0 | case MSPROXY_BINDINFO: return "Bind Info"; |
338 | 0 | case MSPROXY_BINDINFO_ACK: return "Bind Info Acknowledge"; |
339 | 0 | case MSPROXY_CONNECT: return "Connect"; |
340 | 0 | case MSPROXY_CONNECT_ACK: return "Connect Acknowledge"; |
341 | 0 | case MSPROXY_UDPASSOCIATE: return "UDP Associate"; |
342 | 0 | case MSPROXY_UDP_BIND_REQ: return "UDP Bind"; |
343 | 0 | case MSPROXY_UDPASSOCIATE_ACK: return "Bind or Associate Acknowledge"; |
344 | 0 | case MSPROXY_CONNECTED: return "Connected"; |
345 | 0 | case MSPROXY_SESSIONEND: return "Session End"; |
346 | | |
347 | 8 | default: return "Unknown"; |
348 | 10 | } |
349 | 10 | } |
350 | | |
351 | | |
352 | | |
353 | | static void dissect_user_info_2(tvbuff_t *tvb, int offset, |
354 | 0 | proto_tree *tree) { |
355 | | |
356 | | /* decode the user, application, computer name */ |
357 | | |
358 | |
|
359 | 0 | int length; |
360 | |
|
361 | 0 | if ( tree) { |
362 | 0 | length = tvb_strnlen( tvb, offset, 255); |
363 | 0 | if (length == -1) |
364 | 0 | return; |
365 | 0 | proto_tree_add_item(tree, hf_msproxy_user_name, tvb, offset, length + 1, ENC_ASCII); |
366 | 0 | offset += length + 2; |
367 | |
|
368 | 0 | length = tvb_strnlen( tvb, offset, 255); |
369 | 0 | if (length == -1) |
370 | 0 | return; |
371 | 0 | proto_tree_add_item(tree, hf_msproxy_application_name, tvb, offset, length + 1, ENC_ASCII); |
372 | 0 | offset += length + 1; |
373 | |
|
374 | 0 | length = tvb_strnlen( tvb, offset, 255); |
375 | 0 | if (length == -1) |
376 | 0 | return; |
377 | 0 | proto_tree_add_item(tree, hf_msproxy_client_computer_name, tvb, offset, length + 1, ENC_ASCII); |
378 | 0 | } |
379 | 0 | } |
380 | | |
381 | | |
382 | | |
383 | | static void dissect_msproxy_request_1(tvbuff_t *tvb, int offset, |
384 | 0 | proto_tree *tree) { |
385 | | |
386 | | /* decode the request _1 structure */ |
387 | | |
388 | |
|
389 | 0 | offset += 182; |
390 | |
|
391 | 0 | dissect_user_info_2( tvb, offset, tree); |
392 | |
|
393 | 0 | } |
394 | | |
395 | | |
396 | | |
397 | | static void dissect_bind(tvbuff_t *tvb, int offset, |
398 | 0 | proto_tree *tree, hash_entry_t *conv_info) { |
399 | | |
400 | | /* decode the bind request */ |
401 | |
|
402 | 0 | offset += 18; |
403 | |
|
404 | 0 | if ( tree) |
405 | 0 | proto_tree_add_item( tree, hf_msproxy_bindaddr, tvb, offset, 4, |
406 | 0 | ENC_BIG_ENDIAN); |
407 | 0 | offset += 4; |
408 | |
|
409 | 0 | if ( tree) |
410 | 0 | proto_tree_add_item( tree, hf_msproxy_bindport, tvb, offset, 2, |
411 | 0 | ENC_BIG_ENDIAN); |
412 | 0 | offset += 6; |
413 | |
|
414 | 0 | if ( tree) |
415 | 0 | proto_tree_add_item( tree, hf_msproxy_clntport, tvb, offset, 2, |
416 | 0 | ENC_BIG_ENDIAN); |
417 | 0 | offset += 2; |
418 | |
|
419 | 0 | conv_info->clnt_port = tvb_get_ntohs( tvb, offset); |
420 | 0 | offset += 6; |
421 | |
|
422 | 0 | if ( tree){ |
423 | 0 | proto_tree_add_item( tree, hf_msproxy_boundport, tvb, offset, 2, |
424 | 0 | ENC_BIG_ENDIAN); |
425 | |
|
426 | 0 | offset += 82; |
427 | 0 | display_application_name( tvb, offset, tree); |
428 | 0 | } |
429 | 0 | } |
430 | | |
431 | | |
432 | | |
433 | | static int dissect_auth(tvbuff_t *tvb, int offset, |
434 | 0 | proto_tree *tree) { |
435 | | |
436 | | /* decode the authorization request */ |
437 | | |
438 | |
|
439 | 0 | offset += 134; |
440 | 0 | if ( tree) { |
441 | 0 | proto_tree_add_item( tree, hf_msproxy_ntlmssp_signature, tvb, offset, 7, ENC_ASCII); |
442 | 0 | } |
443 | 0 | offset += 7; |
444 | |
|
445 | 0 | return offset; |
446 | 0 | } |
447 | | |
448 | | |
449 | | |
450 | | static void dissect_tcp_bind(tvbuff_t *tvb, int offset, |
451 | 0 | proto_tree *tree, hash_entry_t *conv_info) { |
452 | | |
453 | | /* decode the bind packet. Set the protocol type in the conversation */ |
454 | | /* information so the bind_info can use it to create the payload */ |
455 | | /* dissector. */ |
456 | | |
457 | |
|
458 | 0 | conv_info->ctype = CONVERSATION_TCP; |
459 | |
|
460 | 0 | if ( tree) { |
461 | 0 | offset += 6; |
462 | |
|
463 | 0 | proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4, |
464 | 0 | ENC_BIG_ENDIAN); |
465 | 0 | offset += 16; |
466 | |
|
467 | 0 | proto_tree_add_item( tree, hf_msproxy_boundport, tvb, offset, 2, |
468 | 0 | ENC_BIG_ENDIAN); |
469 | |
|
470 | 0 | offset += 96; |
471 | 0 | display_application_name( tvb, offset, tree); |
472 | 0 | } |
473 | 0 | } |
474 | | |
475 | | |
476 | | static void dissect_request_connect(tvbuff_t *tvb, int offset, |
477 | 0 | proto_tree *tree, hash_entry_t *conv_info) { |
478 | | |
479 | | /* decode the connect request, display */ |
480 | |
|
481 | 0 | conv_info->ctype = CONVERSATION_TCP; |
482 | |
|
483 | 0 | offset += 20; |
484 | |
|
485 | 0 | if ( tree) |
486 | 0 | proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2, |
487 | 0 | ENC_BIG_ENDIAN); |
488 | |
|
489 | 0 | conv_info->dst_port = tvb_get_ntohs( tvb, offset); |
490 | 0 | offset += 2; |
491 | |
|
492 | 0 | if ( tree) |
493 | 0 | proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4, |
494 | 0 | ENC_BIG_ENDIAN); |
495 | |
|
496 | 0 | conv_info->dst_addr = tvb_get_ipv4( tvb, offset); |
497 | |
|
498 | 0 | offset += 12; |
499 | |
|
500 | 0 | conv_info->clnt_port = tvb_get_ntohs( tvb, offset); |
501 | |
|
502 | 0 | if ( tree){ |
503 | 0 | proto_tree_add_uint( tree, hf_msproxy_clntport, tvb, offset, 2, |
504 | 0 | conv_info->clnt_port); |
505 | |
|
506 | 0 | offset += 84; |
507 | |
|
508 | 0 | display_application_name( tvb, offset, tree); |
509 | 0 | } |
510 | 0 | } |
511 | | |
512 | | |
513 | 0 | static void dissect_bind_info_ack(tvbuff_t *tvb, int offset, proto_tree *tree) { |
514 | | |
515 | | /* decode the client bind info ack */ |
516 | | |
517 | |
|
518 | 0 | if ( tree){ |
519 | 0 | offset += 6; |
520 | |
|
521 | 0 | proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4, |
522 | 0 | ENC_BIG_ENDIAN); |
523 | 0 | offset += 14; |
524 | |
|
525 | 0 | proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2, |
526 | 0 | ENC_BIG_ENDIAN); |
527 | 0 | offset += 2; |
528 | |
|
529 | 0 | proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4, |
530 | 0 | ENC_BIG_ENDIAN); |
531 | 0 | offset += 12; |
532 | |
|
533 | 0 | proto_tree_add_item( tree, hf_msproxy_server_int_port, tvb, |
534 | 0 | offset, 2, ENC_BIG_ENDIAN); |
535 | 0 | offset += 4; |
536 | |
|
537 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb, |
538 | 0 | offset, 2, ENC_BIG_ENDIAN); |
539 | 0 | offset += 2; |
540 | |
|
541 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb, |
542 | 0 | offset, 4, ENC_BIG_ENDIAN); |
543 | |
|
544 | 0 | offset += 78; |
545 | 0 | display_application_name( tvb, offset, tree); |
546 | 0 | } |
547 | 0 | } |
548 | | |
549 | | |
550 | | static void dissect_request_resolve(tvbuff_t *tvb, int offset, |
551 | 0 | proto_tree *tree, packet_info *pinfo) { |
552 | | |
553 | | /* dissect the request resolve structure */ |
554 | | /* display a string with a length, characters encoding */ |
555 | | /* they are displayed under a tree with the name in Label variable */ |
556 | | /* return the length of the string and the length byte */ |
557 | |
|
558 | 0 | proto_tree *name_tree; |
559 | |
|
560 | 0 | int length = tvb_get_uint8( tvb, offset); |
561 | |
|
562 | 0 | if ( tree){ |
563 | 0 | name_tree = proto_tree_add_subtree_format(tree, tvb, offset, length + 1, |
564 | 0 | ett_msproxy_name, NULL, "Host Name: %s", |
565 | 0 | tvb_get_string_enc( pinfo->pool, tvb, offset + 18, length, ENC_ASCII)); |
566 | |
|
567 | 0 | proto_tree_add_item(name_tree, hf_msproxy_req_resolve_length, tvb, offset, 1, ENC_NA); |
568 | |
|
569 | 0 | ++offset; |
570 | 0 | offset += 17; |
571 | |
|
572 | 0 | proto_tree_add_item(name_tree, hf_msproxy_host_name, tvb, offset, length, ENC_ASCII); |
573 | 0 | } |
574 | 0 | } |
575 | | |
576 | | |
577 | | |
578 | | static void dissect_udp_bind(tvbuff_t *tvb, int offset, |
579 | 0 | proto_tree *tree, hash_entry_t *conv_info) { |
580 | | |
581 | | /* |
582 | | * Dissect the udp bind request. Load the conversation key type |
583 | | * (CONVERSATION_UDP) and the remote address so bind_info |
584 | | * can use it to create conversation dissector. |
585 | | */ |
586 | |
|
587 | 0 | conv_info->ctype = CONVERSATION_UDP; |
588 | | |
589 | |
|
590 | 0 | offset += 8; |
591 | |
|
592 | 0 | if ( tree) |
593 | 0 | proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4, |
594 | 0 | ENC_BIG_ENDIAN); |
595 | 0 | offset += 12; |
596 | | |
597 | |
|
598 | 0 | if ( tree) |
599 | 0 | proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2, |
600 | 0 | ENC_BIG_ENDIAN); |
601 | 0 | offset += 2; |
602 | |
|
603 | 0 | if ( tree) |
604 | 0 | proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4, |
605 | 0 | ENC_BIG_ENDIAN); |
606 | |
|
607 | 0 | offset += 96; |
608 | |
|
609 | 0 | if ( tree) |
610 | 0 | display_application_name( tvb, offset, tree); |
611 | 0 | } |
612 | | |
613 | | |
614 | | static void dissect_udp_assoc(tvbuff_t *tvb, int offset, |
615 | 0 | proto_tree *tree, hash_entry_t *conv_info) { |
616 | | |
617 | | /* dissect the udp associate request. And load client port into */ |
618 | | /* conversation data structure for later. */ |
619 | | |
620 | |
|
621 | 0 | offset += 28; |
622 | |
|
623 | 0 | if ( tree) |
624 | 0 | proto_tree_add_item( tree, hf_msproxy_clntport, tvb, offset, 2, |
625 | 0 | ENC_BIG_ENDIAN); |
626 | |
|
627 | 0 | conv_info->clnt_port = tvb_get_ntohs( tvb, offset); |
628 | |
|
629 | 0 | offset += 90; |
630 | |
|
631 | 0 | if ( tree) |
632 | 0 | display_application_name( tvb, offset, tree); |
633 | 0 | } |
634 | | |
635 | | |
636 | | static void dissect_msproxy_request(tvbuff_t *tvb, packet_info *pinfo, |
637 | 1 | proto_tree *tree, hash_entry_t *conv_info) { |
638 | | |
639 | 1 | unsigned offset = 0; |
640 | 1 | int cmd; |
641 | 1 | proto_item* cmd_item; |
642 | | |
643 | 1 | proto_tree_add_item( tree, hf_msproxy_client_id, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
644 | 1 | offset += 4; |
645 | | |
646 | 1 | proto_tree_add_item( tree, hf_msproxy_version, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
647 | 1 | offset += 4; |
648 | | |
649 | 1 | proto_tree_add_item( tree, hf_msproxy_server_id, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
650 | 1 | offset += 4; |
651 | | |
652 | 1 | proto_tree_add_item( tree, hf_msproxy_server_ack, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
653 | 1 | offset += 4; |
654 | | |
655 | 1 | proto_tree_add_item( tree, hf_msproxy_seq_num, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
656 | 1 | offset += 8; |
657 | | |
658 | 1 | proto_tree_add_item( tree, hf_msproxy_rwsp_signature, tvb, offset, 4, ENC_ASCII); |
659 | 1 | offset += 12; |
660 | | |
661 | 1 | cmd = tvb_get_ntohs( tvb, offset); |
662 | | |
663 | 1 | cmd_item = proto_tree_add_uint_format_value( tree, hf_msproxy_cmd, tvb, offset, 2, |
664 | 1 | cmd, "%s (0x%02x)", |
665 | 1 | get_msproxy_cmd_name( cmd, FROM_CLIENT), |
666 | 1 | cmd); |
667 | | |
668 | 1 | offset += 2; |
669 | | |
670 | 1 | switch (cmd){ |
671 | 0 | case MSPROXY_AUTH: |
672 | 0 | dissect_auth( tvb, offset, tree); |
673 | 0 | break; |
674 | | |
675 | 0 | case MSPROXY_BIND: |
676 | 0 | dissect_bind( tvb, offset, tree, conv_info); |
677 | 0 | break; |
678 | | |
679 | 0 | case MSPROXY_UDP_BIND_REQ: |
680 | 0 | dissect_udp_bind( tvb, offset, tree, conv_info); |
681 | 0 | break; |
682 | | |
683 | 0 | case MSPROXY_AUTH_2: /*$$ this is probably wrong place for this */ |
684 | 0 | case MSPROXY_TCP_BIND: |
685 | 0 | dissect_tcp_bind( tvb, offset, tree, conv_info); |
686 | 0 | break; |
687 | | |
688 | 0 | case MSPROXY_RESOLVE: |
689 | 0 | dissect_request_resolve( tvb, offset, tree, pinfo); |
690 | 0 | break; |
691 | | |
692 | 0 | case MSPROXY_CONNECT: |
693 | 0 | case MSPROXY_LISTEN: |
694 | 0 | dissect_request_connect( tvb, offset, tree, |
695 | 0 | conv_info); |
696 | 0 | break; |
697 | | |
698 | 0 | case MSPROXY_BINDINFO_ACK: |
699 | 0 | dissect_bind_info_ack( tvb, offset, tree); |
700 | 0 | break; |
701 | | |
702 | 0 | case MSPROXY_HELLO: |
703 | 0 | case MSPROXY_HELLO_2: |
704 | 0 | dissect_msproxy_request_1( tvb, offset, tree); |
705 | 0 | break; |
706 | | |
707 | 0 | case MSPROXY_UDPASSOCIATE: |
708 | 0 | dissect_udp_assoc( tvb, offset, tree, conv_info); |
709 | 0 | break; |
710 | 1 | default: |
711 | 1 | expert_add_info_format(pinfo, cmd_item, &ei_msproxy_unhandled, |
712 | 1 | "Unhandled request command (report this, please)"); |
713 | 1 | } |
714 | 1 | } |
715 | | |
716 | | |
717 | | |
718 | 0 | static int dissect_hello_ack(tvbuff_t *tvb, int offset, proto_tree *tree) { |
719 | | |
720 | | /* decode the hello acknowledge packet */ |
721 | |
|
722 | 0 | offset += 60; |
723 | |
|
724 | 0 | proto_tree_add_item( tree, hf_msproxy_serverport, tvb, offset, 2, ENC_BIG_ENDIAN); |
725 | 0 | offset += 2; |
726 | 0 | proto_tree_add_item( tree, hf_msproxy_serveraddr, tvb, offset, 4, ENC_BIG_ENDIAN); |
727 | 0 | offset += 4; |
728 | |
|
729 | 0 | return offset; |
730 | 0 | } |
731 | | |
732 | | |
733 | | |
734 | | /* XXX - implement me */ |
735 | | static int dissect_user_info_ack(tvbuff_t *tvb _U_, int offset, |
736 | 1 | proto_tree *tree _U_) { |
737 | | |
738 | | /* decode the response _2 structure */ |
739 | | |
740 | 1 | offset += 18; |
741 | | |
742 | 1 | offset += 2; |
743 | | |
744 | 1 | return offset; |
745 | 1 | } |
746 | | |
747 | | |
748 | | |
749 | | static void dissect_udpassociate_ack(tvbuff_t *tvb, int offset, |
750 | 0 | proto_tree *tree) { |
751 | |
|
752 | 0 | offset += 6; |
753 | |
|
754 | 0 | if ( tree) { |
755 | 0 | proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4, |
756 | 0 | ENC_BIG_ENDIAN); |
757 | 0 | offset += 14; |
758 | |
|
759 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb, |
760 | 0 | offset, 2, ENC_BIG_ENDIAN); |
761 | 0 | offset += 2; |
762 | |
|
763 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb, |
764 | 0 | offset, 4, ENC_BIG_ENDIAN); |
765 | |
|
766 | 0 | offset += 96; |
767 | 0 | display_application_name( tvb, offset, tree); |
768 | 0 | } |
769 | 0 | } |
770 | | |
771 | | |
772 | | |
773 | | static void dissect_auth_1_ack(tvbuff_t *tvb, int offset, |
774 | 0 | proto_tree *tree) { |
775 | |
|
776 | 0 | offset += 134; |
777 | 0 | if ( tree) { |
778 | 0 | proto_tree_add_item( tree, hf_msproxy_ntlmssp_signature, tvb, offset, 7, ENC_ASCII); |
779 | 0 | offset += 48; |
780 | | |
781 | | /* XXX - always 255? */ |
782 | 0 | proto_tree_add_item(tree, hf_msproxy_nt_domain, tvb, offset, 255, ENC_ASCII); |
783 | 0 | } |
784 | 0 | } |
785 | | |
786 | | |
787 | | |
788 | | /* XXX - implement me */ |
789 | | static int dissect_msproxy_response_4( tvbuff_t *tvb _U_, int offset, |
790 | 0 | proto_tree *tree _U_) { |
791 | | |
792 | | /* decode the response _4 structure */ |
793 | |
|
794 | 0 | offset += 134; |
795 | |
|
796 | 0 | return offset; |
797 | 0 | } |
798 | | |
799 | | |
800 | | |
801 | | static void dissect_connect_ack( tvbuff_t *tvb, int offset, packet_info *pinfo, |
802 | 0 | proto_tree *tree, hash_entry_t *conv_info) { |
803 | | |
804 | | /* decode the connect ack packet */ |
805 | 0 | offset += 20; |
806 | |
|
807 | 0 | if ( tree) |
808 | 0 | proto_tree_add_item( tree, hf_msproxy_server_int_port, tvb, |
809 | 0 | offset, 2, ENC_BIG_ENDIAN); |
810 | | |
811 | |
|
812 | 0 | conv_info->ctype = CONVERSATION_TCP; |
813 | 0 | conv_info->server_int_port = tvb_get_ntohs( tvb, offset); |
814 | 0 | offset += 2; |
815 | |
|
816 | 0 | if ( tree){ |
817 | 0 | proto_tree_add_item( tree, hf_msproxy_server_int_addr, tvb, |
818 | 0 | offset, 4, ENC_BIG_ENDIAN); |
819 | 0 | offset += 14; |
820 | |
|
821 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb, |
822 | 0 | offset, 2, ENC_BIG_ENDIAN); |
823 | 0 | offset += 2; |
824 | |
|
825 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb, |
826 | 0 | offset, 4, ENC_BIG_ENDIAN); |
827 | 0 | offset += 80; |
828 | |
|
829 | 0 | display_application_name( tvb, offset, tree); |
830 | 0 | } |
831 | |
|
832 | 0 | add_msproxy_conversation( pinfo, conv_info); |
833 | 0 | } |
834 | | |
835 | | |
836 | | |
837 | 0 | static void dissect_tcp_bind_ack( tvbuff_t *tvb, int offset, proto_tree *tree) { |
838 | | |
839 | | /* decode the tcp bind */ |
840 | |
|
841 | 0 | if ( tree) { |
842 | 0 | offset += 6; |
843 | |
|
844 | 0 | proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4, |
845 | 0 | ENC_BIG_ENDIAN); |
846 | 0 | offset += 16; |
847 | |
|
848 | 0 | proto_tree_add_item( tree, hf_msproxy_server_int_port, tvb, |
849 | 0 | offset, 2, ENC_BIG_ENDIAN); |
850 | 0 | offset += 6; |
851 | |
|
852 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb, |
853 | 0 | offset, 2, ENC_BIG_ENDIAN); |
854 | 0 | offset += 2; |
855 | |
|
856 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb, |
857 | 0 | offset, 4, ENC_BIG_ENDIAN); |
858 | |
|
859 | 0 | offset += 88; |
860 | |
|
861 | 0 | display_application_name( tvb, offset, tree); |
862 | 0 | } |
863 | 0 | } |
864 | | |
865 | | |
866 | | |
867 | | static void dissect_bind_info( tvbuff_t *tvb, int offset, packet_info *pinfo, |
868 | 0 | proto_tree *tree, hash_entry_t *conv_info) { |
869 | | |
870 | | /* decode the Bind info response from server */ |
871 | |
|
872 | 0 | offset += 6; |
873 | |
|
874 | 0 | if ( tree) |
875 | 0 | proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4, |
876 | 0 | ENC_BIG_ENDIAN); |
877 | 0 | offset += 14; |
878 | | |
879 | |
|
880 | 0 | conv_info->dst_port = tvb_get_ntohs( tvb, offset); |
881 | 0 | if ( tree) |
882 | 0 | proto_tree_add_uint( tree, hf_msproxy_dstport, tvb, offset, 2, |
883 | 0 | conv_info->dst_port); |
884 | 0 | offset += 2; |
885 | |
|
886 | 0 | conv_info->dst_addr = tvb_get_ipv4( tvb, offset); |
887 | 0 | if ( tree) |
888 | 0 | proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4, |
889 | 0 | ENC_BIG_ENDIAN); |
890 | 0 | offset += 12; |
891 | |
|
892 | 0 | conv_info->server_int_port = tvb_get_ntohs( tvb, offset); |
893 | 0 | if ( tree) |
894 | 0 | proto_tree_add_uint( tree, hf_msproxy_server_int_port, tvb, |
895 | 0 | offset, 2, conv_info->server_int_port); |
896 | 0 | offset += 4; |
897 | |
|
898 | 0 | if ( tree) { |
899 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb, |
900 | 0 | offset, 2, ENC_BIG_ENDIAN); |
901 | 0 | offset += 2; |
902 | |
|
903 | 0 | proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb, |
904 | 0 | offset, 4, ENC_BIG_ENDIAN); |
905 | |
|
906 | 0 | offset += 78; |
907 | 0 | display_application_name( tvb, offset, tree); |
908 | |
|
909 | 0 | } |
910 | |
|
911 | 0 | add_msproxy_conversation( pinfo, conv_info); |
912 | 0 | } |
913 | | |
914 | | |
915 | | |
916 | 0 | static void dissect_resolve(tvbuff_t *tvb, int offset, proto_tree *tree) { |
917 | | |
918 | | /* dissect the response resolve structure */ |
919 | | /* display a string with a length, characters encoding */ |
920 | | /* they are displayed under a tree with the name in Label variable */ |
921 | | /* return the length of the string and the length byte */ |
922 | |
|
923 | 0 | if ( tree) { |
924 | 0 | int addr_offset; |
925 | |
|
926 | 0 | addr_offset = tvb_get_uint8( tvb, offset); |
927 | |
|
928 | 0 | proto_tree_add_item(tree, hf_msproxy_address_offset, tvb, offset, 1, ENC_NA); |
929 | |
|
930 | 0 | ++offset; |
931 | |
|
932 | 0 | offset += 13; |
933 | |
|
934 | 0 | offset += addr_offset; |
935 | |
|
936 | 0 | proto_tree_add_item( tree, hf_msproxy_resolvaddr, tvb, offset, 4, |
937 | 0 | ENC_BIG_ENDIAN); |
938 | 0 | } |
939 | 0 | } |
940 | | |
941 | | |
942 | | |
943 | | static void dissect_msproxy_response(tvbuff_t *tvb, packet_info *pinfo, |
944 | 4 | proto_tree *tree, hash_entry_t *conv_info) { |
945 | | |
946 | 4 | unsigned offset = 0; |
947 | 4 | int cmd; |
948 | 4 | proto_item* ti; |
949 | | |
950 | 4 | if ( tree) { |
951 | 4 | proto_tree_add_item( tree, hf_msproxy_client_id, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
952 | 4 | offset += 4; |
953 | | |
954 | 4 | proto_tree_add_item( tree, hf_msproxy_version, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
955 | 4 | offset += 4; |
956 | | |
957 | 4 | proto_tree_add_item( tree, hf_msproxy_server_id, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
958 | 4 | offset += 4; |
959 | | |
960 | 4 | proto_tree_add_item( tree, hf_msproxy_client_ack, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
961 | 4 | offset += 4; |
962 | | |
963 | 4 | proto_tree_add_item( tree, hf_msproxy_seq_num, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
964 | 4 | offset += 8; |
965 | | |
966 | 4 | proto_tree_add_item( tree, hf_msproxy_rwsp_signature, tvb, offset, 4, ENC_ASCII); |
967 | 4 | offset += 12; |
968 | 4 | } |
969 | 0 | else |
970 | 0 | offset += 36; |
971 | | |
972 | 4 | cmd = tvb_get_ntohs( tvb, offset); |
973 | | |
974 | 4 | ti = proto_tree_add_uint_format_value( tree, hf_msproxy_cmd, tvb, offset, 2, |
975 | 4 | cmd, "0x%02x (%s)", cmd, |
976 | 4 | get_msproxy_cmd_name( cmd, FROM_SERVER)); |
977 | 4 | offset += 2; |
978 | | |
979 | 4 | switch (cmd) { |
980 | 0 | case MSPROXY_HELLO_ACK: |
981 | 0 | dissect_hello_ack( tvb, offset, tree); |
982 | 0 | break; |
983 | | |
984 | 1 | case MSPROXY_USERINFO_ACK: |
985 | 1 | dissect_user_info_ack( tvb, offset, tree); |
986 | 1 | break; |
987 | | |
988 | 0 | case MSPROXY_AUTH_1_ACK: |
989 | 0 | dissect_auth_1_ack( tvb, offset, tree); |
990 | 0 | break; |
991 | | |
992 | | /* this also handle the MSPROXY_BIND_ACK ??? check this */ |
993 | | |
994 | 0 | case MSPROXY_UDPASSOCIATE_ACK: |
995 | 0 | dissect_udpassociate_ack( tvb, offset, tree); |
996 | 0 | break; |
997 | | |
998 | 0 | case MSPROXY_AUTH_2_ACK: |
999 | 0 | case MSPROXY_AUTH_2_ACK2: |
1000 | 0 | dissect_msproxy_response_4( tvb, offset, tree); |
1001 | 0 | break; |
1002 | | |
1003 | 0 | case MSPROXY_TCP_BIND_ACK: |
1004 | 0 | dissect_tcp_bind_ack( tvb, offset, tree); |
1005 | 0 | break; |
1006 | | |
1007 | 0 | case MSPROXY_CONNECT_ACK: |
1008 | 0 | dissect_connect_ack( tvb, offset, pinfo, tree, |
1009 | 0 | conv_info); |
1010 | 0 | break; |
1011 | | |
1012 | 0 | case MSPROXY_BINDINFO: |
1013 | 0 | dissect_bind_info( tvb, offset, pinfo, tree, conv_info); |
1014 | 0 | break; |
1015 | | |
1016 | 0 | case MSPROXY_RESOLVE_ACK: |
1017 | 0 | dissect_resolve( tvb, offset, tree); |
1018 | 0 | break; |
1019 | | |
1020 | 0 | case MSPROXY_CONNECT_AUTHFAILED: |
1021 | 0 | case MSPROXY_BIND_AUTHFAILED: |
1022 | 0 | expert_add_info(pinfo, ti, &ei_msproxy_unknown); |
1023 | 0 | break; |
1024 | | |
1025 | 3 | default: |
1026 | | |
1027 | 3 | if ((((cmd >> 8) == MSPROXY_CONNREFUSED) || |
1028 | 3 | ((cmd >> 12) == MSPROXY_CONNREFUSED))) |
1029 | 1 | expert_add_info(pinfo, ti, &ei_msproxy_unknown); |
1030 | 2 | else |
1031 | 2 | expert_add_info(pinfo, ti, &ei_msproxy_unhandled); |
1032 | 4 | } |
1033 | | |
1034 | | |
1035 | 4 | } |
1036 | | |
1037 | | |
1038 | | |
1039 | 5 | static int dissect_msproxy(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) { |
1040 | | |
1041 | 5 | proto_tree *msproxy_tree; |
1042 | 5 | proto_item *ti; |
1043 | 5 | unsigned int cmd; |
1044 | | |
1045 | | |
1046 | 5 | hash_entry_t *hash_info; |
1047 | 5 | conversation_t *conversation; |
1048 | | |
1049 | 5 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "MSproxy"); |
1050 | 5 | col_clear(pinfo->cinfo, COL_INFO); |
1051 | | |
1052 | 5 | conversation = find_or_create_conversation(pinfo); |
1053 | | |
1054 | 5 | hash_info = (hash_entry_t *)conversation_get_proto_data(conversation, proto_msproxy); |
1055 | 5 | if ( !hash_info) { |
1056 | 2 | hash_info = wmem_new0(wmem_file_scope(), hash_entry_t); |
1057 | 2 | conversation_add_proto_data(conversation, proto_msproxy, |
1058 | 2 | hash_info); |
1059 | 2 | } |
1060 | | |
1061 | 5 | cmd = tvb_get_ntohs( tvb, 36); |
1062 | | |
1063 | 5 | if ( pinfo->srcport == UDP_PORT_MSPROXY) |
1064 | 4 | col_add_fstr( pinfo->cinfo, COL_INFO, "Server message: %s", |
1065 | 4 | get_msproxy_cmd_name( cmd, FROM_SERVER)); |
1066 | 1 | else |
1067 | 1 | col_add_fstr(pinfo->cinfo, COL_INFO, "Client message: %s", |
1068 | 1 | get_msproxy_cmd_name( cmd, FROM_CLIENT)); |
1069 | | |
1070 | 5 | ti = proto_tree_add_item( tree, proto_msproxy, tvb, 0, -1, ENC_NA ); |
1071 | 5 | msproxy_tree = proto_item_add_subtree(ti, ett_msproxy); |
1072 | | |
1073 | 5 | if ( pinfo->srcport == UDP_PORT_MSPROXY) |
1074 | 4 | dissect_msproxy_response( tvb, pinfo, msproxy_tree, hash_info); |
1075 | 1 | else |
1076 | 1 | dissect_msproxy_request( tvb, pinfo, msproxy_tree, hash_info); |
1077 | | |
1078 | 5 | return tvb_captured_length(tvb); |
1079 | 5 | } |
1080 | | |
1081 | | |
1082 | | void |
1083 | 14 | proto_register_msproxy( void){ |
1084 | | |
1085 | | /* Prep the msproxy protocol, for now, just register it */ |
1086 | | |
1087 | 14 | static int *ett[] = { |
1088 | 14 | &ett_msproxy, |
1089 | 14 | &ett_msproxy_name |
1090 | 14 | }; |
1091 | 14 | static hf_register_info hf[] = { |
1092 | | |
1093 | 14 | { &hf_msproxy_cmd, |
1094 | 14 | { "Command", "msproxy.command", FT_UINT16, BASE_DEC, |
1095 | 14 | NULL, 0x0, NULL, HFILL |
1096 | 14 | } |
1097 | 14 | }, |
1098 | | |
1099 | 14 | { &hf_msproxy_dstaddr, |
1100 | 14 | { "Destination Address", "msproxy.dstaddr", FT_IPv4, BASE_NONE, NULL, |
1101 | 14 | 0x0, NULL, HFILL |
1102 | 14 | } |
1103 | 14 | }, |
1104 | | |
1105 | | #if 0 |
1106 | | { &hf_msproxy_srcport, |
1107 | | { "Source Port", "msproxy.srcport", FT_UINT16, |
1108 | | BASE_DEC, NULL, 0x0, NULL, HFILL |
1109 | | } |
1110 | | }, |
1111 | | #endif |
1112 | 14 | { &hf_msproxy_dstport, |
1113 | 14 | { "Destination Port", "msproxy.dstport", FT_UINT16, |
1114 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1115 | 14 | } |
1116 | 14 | }, |
1117 | 14 | { &hf_msproxy_clntport, |
1118 | 14 | { "Client Port", "msproxy.clntport", FT_UINT16, |
1119 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1120 | 14 | } |
1121 | 14 | }, |
1122 | 14 | { &hf_msproxy_server_ext_addr, |
1123 | 14 | { "Server External Address", "msproxy.server_ext_addr", FT_IPv4, BASE_NONE, NULL, |
1124 | 14 | 0x0, NULL, HFILL |
1125 | 14 | } |
1126 | 14 | }, |
1127 | | |
1128 | 14 | { &hf_msproxy_server_ext_port, |
1129 | 14 | { "Server External Port", "msproxy.server_ext_port", FT_UINT16, |
1130 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1131 | 14 | } |
1132 | 14 | }, |
1133 | | |
1134 | 14 | { &hf_msproxy_server_int_addr, |
1135 | 14 | { "Server Internal Address", "msproxy.server_int_addr", FT_IPv4, BASE_NONE, NULL, |
1136 | 14 | 0x0, NULL, HFILL |
1137 | 14 | } |
1138 | 14 | }, |
1139 | | |
1140 | 14 | { &hf_msproxy_server_int_port, |
1141 | 14 | { "Server Internal Port", "msproxy.server_int_port", FT_UINT16, |
1142 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1143 | 14 | } |
1144 | 14 | }, |
1145 | 14 | { &hf_msproxy_serverport, |
1146 | 14 | { "Server Port", "msproxy.serverport", FT_UINT16, |
1147 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1148 | 14 | } |
1149 | 14 | }, |
1150 | 14 | { &hf_msproxy_bindport, |
1151 | 14 | { "Bind Port", "msproxy.bindport", FT_UINT16, |
1152 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1153 | 14 | } |
1154 | 14 | }, |
1155 | 14 | { &hf_msproxy_boundport, |
1156 | 14 | { "Bound Port", "msproxy.boundport", FT_UINT16, |
1157 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1158 | 14 | } |
1159 | 14 | }, |
1160 | 14 | { &hf_msproxy_serveraddr, |
1161 | 14 | { "Server Address", "msproxy.serveraddr", FT_IPv4, BASE_NONE, NULL, |
1162 | 14 | 0x0, NULL, HFILL |
1163 | 14 | } |
1164 | 14 | }, |
1165 | 14 | { &hf_msproxy_bindaddr, |
1166 | 14 | { "Destination", "msproxy.bindaddr", FT_IPv4, BASE_NONE, NULL, |
1167 | 14 | 0x0, NULL, HFILL |
1168 | 14 | } |
1169 | 14 | }, |
1170 | 14 | { &hf_msproxy_bind_id, |
1171 | 14 | { "Bound Port Id", "msproxy.bindid", FT_UINT32, |
1172 | 14 | BASE_HEX, NULL, 0x0, NULL, HFILL |
1173 | 14 | } |
1174 | 14 | }, |
1175 | 14 | { &hf_msproxy_resolvaddr, |
1176 | 14 | { "Address", "msproxy.resolvaddr", FT_IPv4, BASE_NONE, NULL, |
1177 | 14 | 0x0, NULL, HFILL |
1178 | 14 | } |
1179 | 14 | }, |
1180 | 14 | { &hf_msproxy_client_id, |
1181 | 14 | { "Client Id", "msproxy.client_id", FT_UINT32, |
1182 | 14 | BASE_HEX, NULL, 0x0, NULL, HFILL |
1183 | 14 | } |
1184 | 14 | }, |
1185 | 14 | { &hf_msproxy_version, |
1186 | 14 | { "Version", "msproxy.version", FT_UINT32, |
1187 | 14 | BASE_HEX, NULL, 0x0, NULL, HFILL |
1188 | 14 | } |
1189 | 14 | }, |
1190 | 14 | { &hf_msproxy_server_id, |
1191 | 14 | { "Server id", "msproxy.server_id", FT_UINT32, |
1192 | 14 | BASE_HEX, NULL, 0x0, NULL, HFILL |
1193 | 14 | } |
1194 | 14 | }, |
1195 | 14 | { &hf_msproxy_server_ack, |
1196 | 14 | { "Server ack", "msproxy.server_ack", FT_UINT8, |
1197 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1198 | 14 | } |
1199 | 14 | }, |
1200 | 14 | { &hf_msproxy_client_ack, |
1201 | 14 | { "Client ack", "msproxy.client_ack", FT_UINT8, |
1202 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1203 | 14 | } |
1204 | 14 | }, |
1205 | 14 | { &hf_msproxy_seq_num, |
1206 | 14 | { "Sequence Number", "msproxy.seq_num", FT_UINT8, |
1207 | 14 | BASE_DEC, NULL, 0x0, NULL, HFILL |
1208 | 14 | } |
1209 | 14 | }, |
1210 | 14 | { &hf_msproxy_rwsp_signature, |
1211 | 14 | { "RWSP signature", "msproxy.rwsp_signature", FT_STRING, BASE_NONE, NULL, |
1212 | 14 | 0x0, NULL, HFILL |
1213 | 14 | } |
1214 | 14 | }, |
1215 | 14 | { &hf_msproxy_ntlmssp_signature, |
1216 | 14 | { "NTLMSSP signature", "msproxy.ntlmssp_signature", FT_STRING, BASE_NONE, NULL, |
1217 | 14 | 0x0, NULL, HFILL |
1218 | 14 | } |
1219 | 14 | }, |
1220 | | |
1221 | | /* Generated from convert_proto_tree_add_text.pl */ |
1222 | 14 | { &hf_msproxy_application, { "Application", "msproxy.application", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
1223 | 14 | { &hf_msproxy_user_name, { "User name", "msproxy.user_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
1224 | 14 | { &hf_msproxy_application_name, { "Application name", "msproxy.application_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
1225 | 14 | { &hf_msproxy_client_computer_name, { "Client computer name", "msproxy.client_computer_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
1226 | 14 | { &hf_msproxy_req_resolve_length, { "Length", "msproxy.req_resolve.length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
1227 | 14 | { &hf_msproxy_host_name, { "Host Name", "msproxy.host_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
1228 | 14 | { &hf_msproxy_nt_domain, { "NT domain", "msproxy.nt_domain", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
1229 | 14 | { &hf_msproxy_address_offset, { "Address offset", "msproxy.address_offset", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |
1230 | 14 | }; |
1231 | | |
1232 | 14 | static ei_register_info ei[] = { |
1233 | 14 | { &ei_msproxy_unknown, |
1234 | 14 | { "msproxy.unknown", PI_UNDECODED, PI_WARN, "No know information (help wanted)", EXPFILL }}, |
1235 | 14 | { &ei_msproxy_unhandled, |
1236 | 14 | { "msproxy.command.unhandled", PI_UNDECODED, PI_WARN, "Unhandled response command (report this, please)", EXPFILL }}, |
1237 | 14 | }; |
1238 | | |
1239 | 14 | expert_module_t* expert_msproxy; |
1240 | | |
1241 | 14 | proto_msproxy = proto_register_protocol( "MS Proxy Protocol", "MS Proxy", "msproxy"); |
1242 | | |
1243 | 14 | proto_register_field_array(proto_msproxy, hf, array_length(hf)); |
1244 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
1245 | 14 | expert_msproxy = expert_register_protocol(proto_msproxy); |
1246 | 14 | expert_register_field_array(expert_msproxy, ei, array_length(ei)); |
1247 | | |
1248 | 14 | msproxy_sub_handle = register_dissector("msproxy", msproxy_sub_dissector, |
1249 | 14 | proto_msproxy); |
1250 | 14 | } |
1251 | | |
1252 | | |
1253 | | void |
1254 | 14 | proto_reg_handoff_msproxy(void) { |
1255 | | |
1256 | | /* dissector install routine */ |
1257 | | |
1258 | 14 | dissector_handle_t msproxy_handle; |
1259 | | |
1260 | 14 | msproxy_handle = create_dissector_handle(dissect_msproxy, proto_msproxy); |
1261 | 14 | dissector_add_uint_with_preference("udp.port", UDP_PORT_MSPROXY, msproxy_handle); |
1262 | 14 | } |
1263 | | |
1264 | | /* |
1265 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
1266 | | * |
1267 | | * Local variables: |
1268 | | * c-basic-offset: 8 |
1269 | | * tab-width: 8 |
1270 | | * indent-tabs-mode: t |
1271 | | * End: |
1272 | | * |
1273 | | * vi: set shiftwidth=8 tabstop=8 noexpandtab: |
1274 | | * :indentSize=8:tabSize=8:noTabs=false: |
1275 | | */ |