Coverage Report

Created: 2026-06-30 07:22

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/wireshark/epan/dissectors/packet-msproxy.c
Line
Count
Source
1
/* packet-msproxy.c
2
 * Routines for Microsoft Proxy packet dissection
3
 * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com>
4
 *
5
 * Wireshark - Network traffic analyzer
6
 * By Gerald Combs <gerald@wireshark.org>
7
 * Copyright 1998 Gerald Combs
8
 *
9
 * SPDX-License-Identifier: GPL-2.0-or-later
10
 *
11
 * This was derived from the dante socks implementation source code.
12
 * Most of the information came from common.h and msproxy_clientprotocol.c
13
 *
14
 * See http://www.inet.no/dante for more information
15
 */
16
17
/************************************************************************
18
 *                                                                      *
19
 *  Notes: These are possible command values. User input is welcome     *
20
 *                                                                      *
21
 *  Command = 0x040a - Remote host closed connection (maybe ?? )        *
22
 *  Command = 0x0411 - Remote host closed connection                    *
23
 *  Command = 0x0413 - Local host closed connection or SYN worked       *
24
 *                                                                      *
25
 ************************************************************************/
26
27
28
29
30
#include "config.h"
31
32
#include <epan/packet.h>
33
#include <epan/expert.h>
34
35
#include "packet-tcp.h"
36
#include "packet-udp.h"
37
38
void proto_register_msproxy(void);
39
void proto_reg_handoff_msproxy(void);
40
41
42
static int proto_msproxy;
43
44
static int ett_msproxy;
45
static int ett_msproxy_name;
46
47
static int hf_msproxy_cmd;
48
static int hf_msproxy_clntport;
49
50
static int hf_msproxy_dstaddr;
51
52
/* static int hf_msproxy_srcport; */
53
static int hf_msproxy_dstport;
54
static int hf_msproxy_serverport;
55
static int hf_msproxy_serveraddr;
56
static int hf_msproxy_bindport;
57
static int hf_msproxy_bindaddr;
58
static int hf_msproxy_boundport;
59
static int hf_msproxy_bind_id;
60
static int hf_msproxy_resolvaddr;
61
62
static int hf_msproxy_client_id;
63
static int hf_msproxy_version;
64
static int hf_msproxy_server_id;
65
static int hf_msproxy_server_ack;
66
static int hf_msproxy_client_ack;
67
static int hf_msproxy_seq_num;
68
static int hf_msproxy_rwsp_signature;
69
static int hf_msproxy_ntlmssp_signature;
70
71
static int hf_msproxy_server_int_addr;
72
static int hf_msproxy_server_int_port;
73
static int hf_msproxy_server_ext_addr;
74
static int hf_msproxy_server_ext_port;
75
76
/* Generated from convert_proto_tree_add_text.pl */
77
static int hf_msproxy_host_name;
78
static int hf_msproxy_address_offset;
79
static int hf_msproxy_client_computer_name;
80
static int hf_msproxy_nt_domain;
81
static int hf_msproxy_req_resolve_length;
82
static int hf_msproxy_application_name;
83
static int hf_msproxy_user_name;
84
static int hf_msproxy_application;
85
86
static expert_field ei_msproxy_unknown;
87
static expert_field ei_msproxy_unhandled;
88
89
static dissector_handle_t msproxy_sub_handle;
90
91
92
24
#define UDP_PORT_MSPROXY 1745
93
94
#define N_MSPROXY_HELLO     0x05  /* packet 1 from client */
95
#define N_MSPROXY_ACK     0x10  /* packet 1 from server */
96
#define N_MSPROXY_USERINFO_ACK    0x04  /* packet 2 from server */
97
#define N_MSPROXY_AUTH      0x47  /* packet 3 from client */
98
#define N_MSPROXY_RESOLVE   0x07  /* Resolve request  */
99
100
101
/*$$$ 0x0500 was dante value, I see 0x05ff and 0x0500 */
102
103
0
#define MSPROXY_HELLO     0x0500
104
0
#define MSPROXY_HELLO_2     0x05ff
105
106
0
#define MSPROXY_HELLO_ACK   0x1000
107
108
0
#define MSPROXY_USERINFO    0x1000
109
3
#define MSPROXY_USERINFO_ACK    0x0400
110
111
0
#define MSPROXY_AUTH      0x4700
112
0
#define MSPROXY_AUTH_1_ACK    0x4714
113
0
#define MSPROXY_AUTH_2      0x4701
114
0
#define MSPROXY_AUTH_2_ACK    0x4715
115
0
#define MSPROXY_AUTH_2_ACK2   0x4716
116
117
0
#define MSPROXY_RESOLVE     0x070d
118
0
#define MSPROXY_RESOLVE_ACK   0x070f
119
120
0
#define MSPROXY_BIND      0x0704
121
#define MSPROXY_BIND_ACK    0x0706
122
123
0
#define MSPROXY_TCP_BIND    0x0707
124
0
#define MSPROXY_TCP_BIND_ACK    0x0708
125
126
0
#define MSPROXY_LISTEN      0x0406
127
128
0
#define MSPROXY_BINDINFO    0x0709
129
130
0
#define MSPROXY_BINDINFO_ACK    0x070a
131
132
0
#define MSPROXY_CONNECT     0x071e
133
0
#define MSPROXY_CONNECT_ACK   0x0703
134
135
0
#define MSPROXY_UDPASSOCIATE    0x0705
136
0
#define MSPROXY_UDPASSOCIATE_ACK  0x0706
137
138
0
#define MSPROXY_UDP_BIND_REQ    0x070b
139
140
0
#define MSPROXY_CONNECTED   0x042c
141
0
#define MSPROXY_SESSIONEND    0x251e
142
143
0
#define MSPROXY_BIND_AUTHFAILED   0x0804
144
0
#define MSPROXY_CONNECT_AUTHFAILED  0x081e
145
6
#define MSPROXY_CONNREFUSED   0x4    /* low 12 bits seem to vary.  */
146
147
8
#define FROM_SERVER 1      /* direction of packet data for get_msproxy_cmd_name */
148
2
#define FROM_CLIENT 0
149
150
151
152
153
/*$$$ should this be the same as redirect_entry_t ?? */
154
/*  then the add_conversation could just copy the structure */
155
/* using the same allocation (instance  for you object guys)  */
156
/* wouldn't work because there may be multiple child conversations */
157
/* from the same MSProxy conversation */
158
159
typedef struct {
160
  uint32_t  dst_addr;
161
  uint32_t  clnt_port;
162
  uint32_t  dst_port;
163
  uint32_t  server_int_port;
164
  conversation_type ctype;
165
}hash_entry_t;
166
167
168
/************** conversation hash stuff ***************/
169
170
typedef struct {
171
  uint32_t  remote_addr;
172
  uint32_t  clnt_port;
173
  uint32_t  server_int_port;
174
  uint32_t  remote_port;
175
  conversation_type ctype;
176
}redirect_entry_t;
177
178
179
/************** negotiated conversation hash stuff ***************/
180
181
182
static int msproxy_sub_dissector( tvbuff_t *tvb, packet_info *pinfo,
183
0
    proto_tree *tree, void* data _U_) {
184
185
/* Conversation dissector called from TCP or UDP dissector. Decode and  */
186
/* display the msproxy header, the pass the rest of the data to the tcp */
187
/* or udp port decode routine to  handle the payload.     */
188
189
0
  uint32_t *ptr;
190
0
  redirect_entry_t *redirect_info;
191
0
  conversation_t *conversation;
192
0
  proto_tree      *msp_tree;
193
0
  proto_item      *ti;
194
195
0
  conversation = find_conversation_pinfo(pinfo, 0);
196
197
0
  DISSECTOR_ASSERT( conversation);  /* should always find a conversation */
198
199
0
  redirect_info = (redirect_entry_t *)conversation_get_proto_data(conversation,
200
0
    proto_msproxy);
201
202
0
  col_set_str(pinfo->cinfo, COL_PROTOCOL, "MS Proxy");
203
204
0
  col_set_str(pinfo->cinfo, COL_INFO,
205
0
      (( redirect_info->ctype == CONVERSATION_TCP) ? "TCP stream" :
206
0
       "UDP packets"));
207
208
0
  if ( tree) {
209
0
    ti = proto_tree_add_item( tree, proto_msproxy, tvb, 0, 0,
210
0
            ENC_NA );
211
212
0
    msp_tree = proto_item_add_subtree(ti, ett_msproxy);
213
214
0
    proto_tree_add_uint( msp_tree, hf_msproxy_dstport, tvb, 0, 0,
215
0
      redirect_info->remote_port);
216
217
0
    proto_tree_add_ipv4( msp_tree, hf_msproxy_dstaddr, tvb, 0, 0,
218
0
      redirect_info->remote_addr);
219
220
0
  }
221
222
/* set pinfo->{src/dst port} and call the TCP or UDP sub-dissector lookup */
223
224
0
  if ( pinfo->srcport == redirect_info->clnt_port)
225
0
    ptr = &pinfo->destport;
226
0
  else
227
0
    ptr = &pinfo->srcport;
228
229
0
  *ptr = redirect_info->remote_port;
230
231
0
  if ( redirect_info->ctype == CONVERSATION_TCP)
232
0
    decode_tcp_ports( tvb, 0, pinfo, tree, pinfo->srcport,
233
0
      pinfo->destport, NULL, NULL);
234
0
  else
235
0
    decode_udp_ports( tvb, 0, pinfo, tree, pinfo->srcport,
236
0
      pinfo->destport, -1);
237
238
0
  *ptr = redirect_info->server_int_port;
239
0
  return tvb_captured_length(tvb);
240
0
}
241
242
243
244
static void add_msproxy_conversation( packet_info *pinfo,
245
0
  hash_entry_t *hash_info){
246
247
/* check to see if a conversation already exists, if it does assume   */
248
/* it's our conversation and quit. Otherwise create a new conversation. */
249
/* Load the conversation dissector to our  dissector and load the */
250
/* conversation data structure with the info needed to call the TCP or  */
251
/* UDP port decoder.              */
252
253
/* NOTE: Currently this assumes that the conversation will be created   */
254
/*  during a packet from the server.  If that changes, pinfo->src */
255
/*  and pinfo->dst will not be correct and this routine will have */
256
/*  to change.              */
257
258
0
  conversation_t *conversation;
259
0
  redirect_entry_t *new_conv_info;
260
261
0
  if (pinfo->fd->visited) {
262
    /*
263
     * We've already processed this frame once, so we
264
     * should already have done this.
265
     */
266
0
    return;
267
0
  }
268
269
0
  conversation = find_conversation( pinfo->num, &pinfo->src,
270
0
    &pinfo->dst, hash_info->ctype, hash_info->server_int_port,
271
0
    hash_info->clnt_port, 0);
272
273
0
  if ( !conversation) {
274
0
    conversation = conversation_new( pinfo->num, &pinfo->src, &pinfo->dst,
275
0
      hash_info->ctype, hash_info->server_int_port,
276
0
      hash_info->clnt_port, 0);
277
0
  }
278
0
  conversation_set_dissector(conversation, msproxy_sub_handle);
279
280
0
  new_conv_info = wmem_new(wmem_file_scope(), redirect_entry_t);
281
282
0
  new_conv_info->remote_addr = hash_info->dst_addr;
283
0
  new_conv_info->clnt_port = hash_info->clnt_port;
284
0
  new_conv_info->remote_port = hash_info->dst_port;
285
0
  new_conv_info->server_int_port = hash_info->server_int_port;
286
0
  new_conv_info->ctype = hash_info->ctype;
287
288
0
  conversation_add_proto_data(conversation, proto_msproxy,
289
0
    new_conv_info);
290
0
}
291
292
293
294
static int display_application_name(tvbuff_t *tvb, int offset,
295
0
  proto_tree *tree) {
296
297
/* display the application name in the proto tree.        */
298
299
/* NOTE: this routine assumes that the tree pointer is valid (not NULL) */
300
301
0
  int length;
302
303
0
  length = tvb_strnlen( tvb, offset, 255);
304
0
  proto_tree_add_item(tree, hf_msproxy_application, tvb, offset, length, ENC_ASCII);
305
306
0
  return length;
307
0
}
308
309
310
10
static const char *get_msproxy_cmd_name( int cmd, int direction) {
311
312
/* return the command name string for cmd */
313
314
10
  switch (cmd){
315
0
    case MSPROXY_HELLO_2:
316
0
    case MSPROXY_HELLO:     return "Hello";
317
318
/* MSPROXY_HELLO_ACK & MSPROXY_USERINFO have the same value (0x1000). */
319
/* So use the direction flag to determine which to use.     */
320
321
0
    case MSPROXY_USERINFO:
322
0
      if ( direction == FROM_SERVER)
323
0
        return "Hello Acknowledge";
324
0
      else
325
0
        return "User Info";
326
2
    case MSPROXY_USERINFO_ACK:   return "User Info Acknowledge";
327
0
    case MSPROXY_AUTH:     return "Authentication";
328
0
    case MSPROXY_AUTH_1_ACK:   return "Authentication Acknowledge";
329
0
    case MSPROXY_AUTH_2:     return "Authentication 2";
330
0
    case MSPROXY_AUTH_2_ACK:   return "Authentication 2 Acknowledge";
331
0
    case MSPROXY_RESOLVE:     return "Resolve";
332
0
    case MSPROXY_RESOLVE_ACK:   return "Resolve Acknowledge";
333
0
    case MSPROXY_BIND:     return "Bind";
334
0
    case MSPROXY_TCP_BIND:     return "TCP Bind";
335
0
    case MSPROXY_TCP_BIND_ACK:   return "TCP Bind Acknowledge";
336
0
    case MSPROXY_LISTEN:     return "Listen";
337
0
    case MSPROXY_BINDINFO:     return "Bind Info";
338
0
    case MSPROXY_BINDINFO_ACK:   return "Bind Info Acknowledge";
339
0
    case MSPROXY_CONNECT:     return "Connect";
340
0
    case MSPROXY_CONNECT_ACK:   return "Connect Acknowledge";
341
0
    case MSPROXY_UDPASSOCIATE:   return "UDP Associate";
342
0
    case MSPROXY_UDP_BIND_REQ:   return "UDP Bind";
343
0
    case MSPROXY_UDPASSOCIATE_ACK: return "Bind or Associate Acknowledge";
344
0
    case MSPROXY_CONNECTED:   return "Connected";
345
0
    case MSPROXY_SESSIONEND: return "Session End";
346
347
8
    default:      return "Unknown";
348
10
  }
349
10
}
350
351
352
353
static void dissect_user_info_2(tvbuff_t *tvb, int offset,
354
0
  proto_tree *tree) {
355
356
/* decode the user, application, computer name  */
357
358
359
0
  int length;
360
361
0
  if ( tree) {
362
0
    length = tvb_strnlen( tvb, offset, 255);
363
0
    if (length == -1)
364
0
      return;
365
0
    proto_tree_add_item(tree, hf_msproxy_user_name, tvb, offset, length + 1, ENC_ASCII);
366
0
    offset += length + 2;
367
368
0
    length = tvb_strnlen( tvb, offset, 255);
369
0
    if (length == -1)
370
0
      return;
371
0
    proto_tree_add_item(tree, hf_msproxy_application_name, tvb, offset, length + 1, ENC_ASCII);
372
0
    offset += length + 1;
373
374
0
    length = tvb_strnlen( tvb, offset, 255);
375
0
    if (length == -1)
376
0
      return;
377
0
    proto_tree_add_item(tree, hf_msproxy_client_computer_name, tvb, offset, length + 1, ENC_ASCII);
378
0
  }
379
0
}
380
381
382
383
static void dissect_msproxy_request_1(tvbuff_t *tvb, int offset,
384
0
  proto_tree *tree) {
385
386
/* decode the request _1 structure  */
387
388
389
0
  offset += 182;
390
391
0
  dissect_user_info_2( tvb, offset, tree);
392
393
0
}
394
395
396
397
static void dissect_bind(tvbuff_t *tvb, int offset,
398
0
   proto_tree *tree, hash_entry_t *conv_info) {
399
400
/* decode the bind request   */
401
402
0
  offset += 18;
403
404
0
  if ( tree)
405
0
    proto_tree_add_item( tree, hf_msproxy_bindaddr, tvb, offset, 4,
406
0
      ENC_BIG_ENDIAN);
407
0
  offset += 4;
408
409
0
  if ( tree)
410
0
    proto_tree_add_item( tree, hf_msproxy_bindport, tvb, offset, 2,
411
0
       ENC_BIG_ENDIAN);
412
0
  offset += 6;
413
414
0
  if ( tree)
415
0
    proto_tree_add_item( tree, hf_msproxy_clntport, tvb, offset, 2,
416
0
       ENC_BIG_ENDIAN);
417
0
  offset += 2;
418
419
0
  conv_info->clnt_port = tvb_get_ntohs( tvb, offset);
420
0
  offset += 6;
421
422
0
  if ( tree){
423
0
    proto_tree_add_item( tree, hf_msproxy_boundport, tvb, offset, 2,
424
0
      ENC_BIG_ENDIAN);
425
426
0
    offset += 82;
427
0
    display_application_name( tvb, offset, tree);
428
0
  }
429
0
}
430
431
432
433
static int dissect_auth(tvbuff_t *tvb, int offset,
434
0
  proto_tree *tree) {
435
436
/* decode the authorization request  */
437
438
439
0
  offset += 134;
440
0
  if ( tree) {
441
0
    proto_tree_add_item( tree, hf_msproxy_ntlmssp_signature, tvb, offset, 7, ENC_ASCII);
442
0
  }
443
0
  offset += 7;
444
445
0
  return offset;
446
0
}
447
448
449
450
static void dissect_tcp_bind(tvbuff_t *tvb, int offset,
451
0
  proto_tree *tree, hash_entry_t *conv_info) {
452
453
/* decode the bind packet. Set the protocol type in the conversation  */
454
/* information so the bind_info can use it to create the payload  */
455
/* dissector.               */
456
457
458
0
  conv_info->ctype = CONVERSATION_TCP;
459
460
0
  if ( tree) {
461
0
    offset += 6;
462
463
0
    proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
464
0
      ENC_BIG_ENDIAN);
465
0
    offset += 16;
466
467
0
    proto_tree_add_item( tree, hf_msproxy_boundport, tvb, offset, 2,
468
0
      ENC_BIG_ENDIAN);
469
470
0
    offset += 96;
471
0
    display_application_name( tvb, offset, tree);
472
0
  }
473
0
}
474
475
476
static void dissect_request_connect(tvbuff_t *tvb, int offset,
477
0
  proto_tree *tree, hash_entry_t *conv_info) {
478
479
/* decode the connect request, display  */
480
481
0
  conv_info->ctype = CONVERSATION_TCP;
482
483
0
  offset += 20;
484
485
0
  if ( tree)
486
0
    proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2,
487
0
      ENC_BIG_ENDIAN);
488
489
0
  conv_info->dst_port = tvb_get_ntohs( tvb, offset);
490
0
  offset += 2;
491
492
0
  if ( tree)
493
0
    proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4,
494
0
      ENC_BIG_ENDIAN);
495
496
0
  conv_info->dst_addr = tvb_get_ipv4( tvb, offset);
497
498
0
  offset += 12;
499
500
0
  conv_info->clnt_port = tvb_get_ntohs( tvb, offset);
501
502
0
  if ( tree){
503
0
    proto_tree_add_uint( tree, hf_msproxy_clntport, tvb, offset, 2,
504
0
      conv_info->clnt_port);
505
506
0
    offset += 84;
507
508
0
    display_application_name( tvb, offset, tree);
509
0
  }
510
0
}
511
512
513
0
static void dissect_bind_info_ack(tvbuff_t *tvb, int offset, proto_tree *tree) {
514
515
/* decode the client bind info ack  */
516
517
518
0
  if ( tree){
519
0
    offset += 6;
520
521
0
    proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
522
0
      ENC_BIG_ENDIAN);
523
0
    offset += 14;
524
525
0
    proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2,
526
0
      ENC_BIG_ENDIAN);
527
0
    offset += 2;
528
529
0
    proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4,
530
0
      ENC_BIG_ENDIAN);
531
0
    offset += 12;
532
533
0
    proto_tree_add_item( tree, hf_msproxy_server_int_port, tvb,
534
0
      offset, 2, ENC_BIG_ENDIAN);
535
0
    offset += 4;
536
537
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
538
0
      offset, 2, ENC_BIG_ENDIAN);
539
0
    offset += 2;
540
541
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
542
0
      offset, 4, ENC_BIG_ENDIAN);
543
544
0
    offset += 78;
545
0
    display_application_name( tvb, offset, tree);
546
0
  }
547
0
}
548
549
550
static void dissect_request_resolve(tvbuff_t *tvb, int offset,
551
0
  proto_tree *tree, packet_info *pinfo) {
552
553
/* dissect the request resolve structure */
554
/* display a string with a length, characters encoding */
555
/* they are displayed under a tree with the name in Label variable */
556
/* return the length of the string and the length byte */
557
558
0
  proto_tree      *name_tree;
559
560
0
  int length = tvb_get_uint8( tvb, offset);
561
562
0
  if ( tree){
563
0
    name_tree = proto_tree_add_subtree_format(tree, tvb, offset, length + 1,
564
0
      ett_msproxy_name, NULL, "Host Name: %s",
565
0
      tvb_get_string_enc( pinfo->pool,  tvb, offset + 18, length, ENC_ASCII));
566
567
0
    proto_tree_add_item(name_tree, hf_msproxy_req_resolve_length, tvb, offset, 1, ENC_NA);
568
569
0
    ++offset;
570
0
    offset += 17;
571
572
0
    proto_tree_add_item(name_tree, hf_msproxy_host_name, tvb, offset, length, ENC_ASCII);
573
0
  }
574
0
}
575
576
577
578
static void dissect_udp_bind(tvbuff_t *tvb, int offset,
579
0
  proto_tree *tree, hash_entry_t *conv_info) {
580
581
/*
582
 * Dissect the udp bind request.  Load the conversation key type
583
 * (CONVERSATION_UDP) and the remote address so bind_info
584
 * can use it to create conversation dissector.
585
 */
586
587
0
  conv_info->ctype = CONVERSATION_UDP;
588
589
590
0
  offset += 8;
591
592
0
  if ( tree)
593
0
    proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
594
0
      ENC_BIG_ENDIAN);
595
0
  offset += 12;
596
597
598
0
  if ( tree)
599
0
    proto_tree_add_item( tree, hf_msproxy_dstport, tvb, offset, 2,
600
0
      ENC_BIG_ENDIAN);
601
0
  offset += 2;
602
603
0
  if ( tree)
604
0
    proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4,
605
0
      ENC_BIG_ENDIAN);
606
607
0
  offset += 96;
608
609
0
  if ( tree)
610
0
    display_application_name( tvb, offset, tree);
611
0
}
612
613
614
static void dissect_udp_assoc(tvbuff_t *tvb, int offset,
615
0
  proto_tree *tree, hash_entry_t *conv_info) {
616
617
/* dissect the udp associate request. And load client port into   */
618
/* conversation data structure for later.       */
619
620
621
0
  offset += 28;
622
623
0
  if ( tree)
624
0
    proto_tree_add_item( tree, hf_msproxy_clntport, tvb, offset, 2,
625
0
      ENC_BIG_ENDIAN);
626
627
0
  conv_info->clnt_port = tvb_get_ntohs( tvb, offset);
628
629
0
  offset += 90;
630
631
0
  if ( tree)
632
0
    display_application_name( tvb, offset, tree);
633
0
}
634
635
636
static void dissect_msproxy_request(tvbuff_t *tvb, packet_info *pinfo,
637
1
  proto_tree *tree, hash_entry_t *conv_info) {
638
639
1
  unsigned offset = 0;
640
1
  int cmd;
641
1
    proto_item* cmd_item;
642
643
1
  proto_tree_add_item( tree, hf_msproxy_client_id, tvb, offset, 4, ENC_LITTLE_ENDIAN);
644
1
  offset += 4;
645
646
1
  proto_tree_add_item( tree, hf_msproxy_version, tvb, offset, 4, ENC_LITTLE_ENDIAN);
647
1
  offset += 4;
648
649
1
  proto_tree_add_item( tree, hf_msproxy_server_id, tvb, offset, 4, ENC_LITTLE_ENDIAN);
650
1
  offset += 4;
651
652
1
  proto_tree_add_item( tree, hf_msproxy_server_ack, tvb, offset, 1, ENC_LITTLE_ENDIAN);
653
1
  offset += 4;
654
655
1
  proto_tree_add_item( tree, hf_msproxy_seq_num, tvb, offset, 1, ENC_LITTLE_ENDIAN);
656
1
  offset += 8;
657
658
1
  proto_tree_add_item( tree, hf_msproxy_rwsp_signature, tvb, offset, 4, ENC_ASCII);
659
1
  offset += 12;
660
661
1
  cmd = tvb_get_ntohs( tvb, offset);
662
663
1
  cmd_item = proto_tree_add_uint_format_value( tree, hf_msproxy_cmd, tvb, offset, 2,
664
1
      cmd, "%s (0x%02x)",
665
1
      get_msproxy_cmd_name( cmd, FROM_CLIENT),
666
1
      cmd);
667
668
1
  offset += 2;
669
670
1
  switch (cmd){
671
0
    case MSPROXY_AUTH:
672
0
      dissect_auth( tvb, offset, tree);
673
0
      break;
674
675
0
    case MSPROXY_BIND:
676
0
      dissect_bind( tvb, offset, tree, conv_info);
677
0
      break;
678
679
0
    case MSPROXY_UDP_BIND_REQ:
680
0
      dissect_udp_bind( tvb, offset, tree, conv_info);
681
0
      break;
682
683
0
    case MSPROXY_AUTH_2: /*$$ this is probably wrong place for this */
684
0
    case MSPROXY_TCP_BIND:
685
0
      dissect_tcp_bind( tvb, offset, tree, conv_info);
686
0
      break;
687
688
0
    case MSPROXY_RESOLVE:
689
0
      dissect_request_resolve( tvb, offset, tree, pinfo);
690
0
      break;
691
692
0
    case MSPROXY_CONNECT:
693
0
    case MSPROXY_LISTEN:
694
0
      dissect_request_connect( tvb, offset, tree,
695
0
        conv_info);
696
0
      break;
697
698
0
    case MSPROXY_BINDINFO_ACK:
699
0
      dissect_bind_info_ack( tvb, offset, tree);
700
0
      break;
701
702
0
    case MSPROXY_HELLO:
703
0
    case MSPROXY_HELLO_2:
704
0
      dissect_msproxy_request_1( tvb, offset, tree);
705
0
      break;
706
707
0
    case  MSPROXY_UDPASSOCIATE:
708
0
      dissect_udp_assoc( tvb, offset, tree, conv_info);
709
0
      break;
710
1
    default:
711
1
      expert_add_info_format(pinfo, cmd_item, &ei_msproxy_unhandled,
712
1
          "Unhandled request command (report this, please)");
713
1
  }
714
1
}
715
716
717
718
0
static int dissect_hello_ack(tvbuff_t *tvb, int offset, proto_tree *tree) {
719
720
/* decode the hello acknowledge packet  */
721
722
0
  offset += 60;
723
724
0
  proto_tree_add_item( tree, hf_msproxy_serverport, tvb, offset, 2, ENC_BIG_ENDIAN);
725
0
  offset += 2;
726
0
  proto_tree_add_item( tree, hf_msproxy_serveraddr, tvb, offset, 4, ENC_BIG_ENDIAN);
727
0
  offset += 4;
728
729
0
  return offset;
730
0
}
731
732
733
734
/* XXX - implement me */
735
static int dissect_user_info_ack(tvbuff_t *tvb _U_, int offset,
736
1
  proto_tree *tree _U_) {
737
738
/* decode the  response _2 structure  */
739
740
1
  offset += 18;
741
742
1
  offset += 2;
743
744
1
  return offset;
745
1
}
746
747
748
749
static void dissect_udpassociate_ack(tvbuff_t *tvb, int offset,
750
0
  proto_tree *tree) {
751
752
0
  offset += 6;
753
754
0
  if ( tree) {
755
0
    proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
756
0
      ENC_BIG_ENDIAN);
757
0
    offset += 14;
758
759
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
760
0
      offset, 2, ENC_BIG_ENDIAN);
761
0
    offset += 2;
762
763
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
764
0
      offset, 4, ENC_BIG_ENDIAN);
765
766
0
    offset += 96;
767
0
    display_application_name( tvb, offset, tree);
768
0
  }
769
0
}
770
771
772
773
static void dissect_auth_1_ack(tvbuff_t *tvb, int offset,
774
0
  proto_tree *tree) {
775
776
0
  offset += 134;
777
0
  if ( tree) {
778
0
    proto_tree_add_item( tree, hf_msproxy_ntlmssp_signature, tvb, offset, 7, ENC_ASCII);
779
0
    offset += 48;
780
781
    /* XXX - always 255? */
782
0
    proto_tree_add_item(tree, hf_msproxy_nt_domain, tvb, offset, 255, ENC_ASCII);
783
0
  }
784
0
}
785
786
787
788
/* XXX - implement me */
789
static int dissect_msproxy_response_4( tvbuff_t *tvb _U_, int offset,
790
0
  proto_tree *tree _U_) {
791
792
/* decode the response _4 structure  */
793
794
0
  offset += 134;
795
796
0
  return offset;
797
0
}
798
799
800
801
static void dissect_connect_ack( tvbuff_t *tvb, int offset, packet_info *pinfo,
802
0
  proto_tree *tree, hash_entry_t *conv_info) {
803
804
/* decode the connect ack packet  */
805
0
  offset += 20;
806
807
0
  if ( tree)
808
0
    proto_tree_add_item( tree, hf_msproxy_server_int_port, tvb,
809
0
      offset, 2, ENC_BIG_ENDIAN);
810
811
812
0
  conv_info->ctype = CONVERSATION_TCP;
813
0
  conv_info->server_int_port = tvb_get_ntohs( tvb, offset);
814
0
  offset += 2;
815
816
0
  if ( tree){
817
0
    proto_tree_add_item( tree, hf_msproxy_server_int_addr, tvb,
818
0
      offset, 4, ENC_BIG_ENDIAN);
819
0
    offset += 14;
820
821
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
822
0
      offset, 2, ENC_BIG_ENDIAN);
823
0
    offset += 2;
824
825
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
826
0
      offset, 4, ENC_BIG_ENDIAN);
827
0
    offset += 80;
828
829
0
    display_application_name( tvb, offset, tree);
830
0
  }
831
832
0
  add_msproxy_conversation( pinfo, conv_info);
833
0
}
834
835
836
837
0
static void dissect_tcp_bind_ack( tvbuff_t *tvb, int offset, proto_tree *tree) {
838
839
/* decode the tcp bind */
840
841
0
  if ( tree) {
842
0
    offset += 6;
843
844
0
    proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
845
0
      ENC_BIG_ENDIAN);
846
0
    offset += 16;
847
848
0
    proto_tree_add_item( tree, hf_msproxy_server_int_port, tvb,
849
0
      offset, 2, ENC_BIG_ENDIAN);
850
0
    offset += 6;
851
852
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
853
0
      offset, 2, ENC_BIG_ENDIAN);
854
0
    offset += 2;
855
856
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
857
0
      offset, 4, ENC_BIG_ENDIAN);
858
859
0
    offset += 88;
860
861
0
    display_application_name( tvb, offset, tree);
862
0
  }
863
0
}
864
865
866
867
static void dissect_bind_info( tvbuff_t *tvb, int offset, packet_info *pinfo,
868
0
  proto_tree *tree, hash_entry_t *conv_info) {
869
870
/* decode the Bind info response from server */
871
872
0
  offset += 6;
873
874
0
  if ( tree)
875
0
    proto_tree_add_item( tree, hf_msproxy_bind_id, tvb, offset, 4,
876
0
      ENC_BIG_ENDIAN);
877
0
  offset += 14;
878
879
880
0
  conv_info->dst_port = tvb_get_ntohs( tvb, offset);
881
0
  if ( tree)
882
0
    proto_tree_add_uint( tree, hf_msproxy_dstport, tvb, offset, 2,
883
0
      conv_info->dst_port);
884
0
  offset += 2;
885
886
0
  conv_info->dst_addr = tvb_get_ipv4( tvb, offset);
887
0
  if ( tree)
888
0
    proto_tree_add_item( tree, hf_msproxy_dstaddr, tvb, offset, 4,
889
0
      ENC_BIG_ENDIAN);
890
0
  offset += 12;
891
892
0
  conv_info->server_int_port = tvb_get_ntohs( tvb, offset);
893
0
  if ( tree)
894
0
    proto_tree_add_uint( tree, hf_msproxy_server_int_port, tvb,
895
0
      offset, 2, conv_info->server_int_port);
896
0
  offset += 4;
897
898
0
  if ( tree) {
899
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_port, tvb,
900
0
      offset, 2, ENC_BIG_ENDIAN);
901
0
    offset += 2;
902
903
0
    proto_tree_add_item( tree, hf_msproxy_server_ext_addr, tvb,
904
0
      offset, 4, ENC_BIG_ENDIAN);
905
906
0
    offset += 78;
907
0
    display_application_name( tvb, offset, tree);
908
909
0
  }
910
911
0
  add_msproxy_conversation( pinfo, conv_info);
912
0
}
913
914
915
916
0
static void dissect_resolve(tvbuff_t *tvb, int offset, proto_tree *tree) {
917
918
/* dissect the  response resolve structure */
919
/* display a string with a length, characters encoding */
920
/* they are displayed under a tree with the name in Label variable */
921
/* return the length of the string and the length byte */
922
923
0
  if ( tree) {
924
0
    int addr_offset;
925
926
0
    addr_offset = tvb_get_uint8( tvb, offset);
927
928
0
    proto_tree_add_item(tree, hf_msproxy_address_offset, tvb, offset, 1, ENC_NA);
929
930
0
    ++offset;
931
932
0
    offset += 13;
933
934
0
    offset += addr_offset;
935
936
0
    proto_tree_add_item( tree, hf_msproxy_resolvaddr, tvb, offset, 4,
937
0
      ENC_BIG_ENDIAN);
938
0
  }
939
0
}
940
941
942
943
static void dissect_msproxy_response(tvbuff_t *tvb, packet_info *pinfo,
944
4
    proto_tree *tree, hash_entry_t *conv_info) {
945
946
4
  unsigned offset = 0;
947
4
  int cmd;
948
4
  proto_item* ti;
949
950
4
  if ( tree) {
951
4
    proto_tree_add_item( tree, hf_msproxy_client_id, tvb, offset, 4, ENC_LITTLE_ENDIAN);
952
4
    offset += 4;
953
954
4
    proto_tree_add_item( tree, hf_msproxy_version, tvb, offset, 4, ENC_LITTLE_ENDIAN);
955
4
    offset += 4;
956
957
4
    proto_tree_add_item( tree, hf_msproxy_server_id, tvb, offset, 4, ENC_LITTLE_ENDIAN);
958
4
    offset += 4;
959
960
4
    proto_tree_add_item( tree, hf_msproxy_client_ack, tvb, offset, 1, ENC_LITTLE_ENDIAN);
961
4
    offset += 4;
962
963
4
    proto_tree_add_item( tree, hf_msproxy_seq_num, tvb, offset, 1, ENC_LITTLE_ENDIAN);
964
4
    offset += 8;
965
966
4
    proto_tree_add_item( tree, hf_msproxy_rwsp_signature, tvb, offset, 4, ENC_ASCII);
967
4
    offset += 12;
968
4
  }
969
0
  else
970
0
    offset += 36;
971
972
4
  cmd = tvb_get_ntohs( tvb, offset);
973
974
4
  ti = proto_tree_add_uint_format_value( tree, hf_msproxy_cmd, tvb, offset, 2,
975
4
      cmd, "0x%02x (%s)", cmd,
976
4
      get_msproxy_cmd_name( cmd, FROM_SERVER));
977
4
  offset += 2;
978
979
4
  switch (cmd) {
980
0
    case MSPROXY_HELLO_ACK:
981
0
      dissect_hello_ack( tvb, offset, tree);
982
0
      break;
983
984
1
    case MSPROXY_USERINFO_ACK:
985
1
      dissect_user_info_ack( tvb, offset, tree);
986
1
      break;
987
988
0
    case MSPROXY_AUTH_1_ACK:
989
0
      dissect_auth_1_ack( tvb, offset, tree);
990
0
      break;
991
992
/* this also handle the MSPROXY_BIND_ACK ??? check this */
993
994
0
    case MSPROXY_UDPASSOCIATE_ACK:
995
0
      dissect_udpassociate_ack( tvb, offset, tree);
996
0
      break;
997
998
0
    case MSPROXY_AUTH_2_ACK:
999
0
    case MSPROXY_AUTH_2_ACK2:
1000
0
      dissect_msproxy_response_4( tvb, offset, tree);
1001
0
      break;
1002
1003
0
    case MSPROXY_TCP_BIND_ACK:
1004
0
      dissect_tcp_bind_ack( tvb, offset, tree);
1005
0
      break;
1006
1007
0
    case MSPROXY_CONNECT_ACK:
1008
0
      dissect_connect_ack( tvb, offset, pinfo, tree,
1009
0
        conv_info);
1010
0
      break;
1011
1012
0
    case MSPROXY_BINDINFO:
1013
0
      dissect_bind_info( tvb, offset, pinfo, tree, conv_info);
1014
0
      break;
1015
1016
0
    case MSPROXY_RESOLVE_ACK:
1017
0
      dissect_resolve( tvb, offset, tree);
1018
0
      break;
1019
1020
0
    case MSPROXY_CONNECT_AUTHFAILED:
1021
0
    case MSPROXY_BIND_AUTHFAILED:
1022
0
      expert_add_info(pinfo, ti, &ei_msproxy_unknown);
1023
0
      break;
1024
1025
3
    default:
1026
1027
3
      if ((((cmd >> 8) ==  MSPROXY_CONNREFUSED) ||
1028
3
        ((cmd >> 12) ==  MSPROXY_CONNREFUSED)))
1029
1
        expert_add_info(pinfo, ti, &ei_msproxy_unknown);
1030
2
      else
1031
2
        expert_add_info(pinfo, ti, &ei_msproxy_unhandled);
1032
4
  }
1033
1034
1035
4
}
1036
1037
1038
1039
5
static int dissect_msproxy(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) {
1040
1041
5
  proto_tree      *msproxy_tree;
1042
5
  proto_item      *ti;
1043
5
  unsigned int  cmd;
1044
1045
1046
5
  hash_entry_t *hash_info;
1047
5
  conversation_t *conversation;
1048
1049
5
  col_set_str(pinfo->cinfo, COL_PROTOCOL, "MSproxy");
1050
5
  col_clear(pinfo->cinfo, COL_INFO);
1051
1052
5
  conversation = find_or_create_conversation(pinfo);
1053
1054
5
  hash_info = (hash_entry_t *)conversation_get_proto_data(conversation, proto_msproxy);
1055
5
  if ( !hash_info) {
1056
2
    hash_info = wmem_new0(wmem_file_scope(), hash_entry_t);
1057
2
    conversation_add_proto_data(conversation, proto_msproxy,
1058
2
      hash_info);
1059
2
  }
1060
1061
5
  cmd = tvb_get_ntohs( tvb, 36);
1062
1063
5
  if ( pinfo->srcport == UDP_PORT_MSPROXY)
1064
4
    col_add_fstr( pinfo->cinfo, COL_INFO, "Server message: %s",
1065
4
      get_msproxy_cmd_name( cmd, FROM_SERVER));
1066
1
  else
1067
1
    col_add_fstr(pinfo->cinfo, COL_INFO, "Client message: %s",
1068
1
      get_msproxy_cmd_name( cmd, FROM_CLIENT));
1069
1070
5
  ti = proto_tree_add_item( tree, proto_msproxy, tvb, 0, -1, ENC_NA );
1071
5
  msproxy_tree = proto_item_add_subtree(ti, ett_msproxy);
1072
1073
5
  if ( pinfo->srcport == UDP_PORT_MSPROXY)
1074
4
    dissect_msproxy_response( tvb, pinfo, msproxy_tree, hash_info);
1075
1
  else
1076
1
    dissect_msproxy_request( tvb, pinfo, msproxy_tree, hash_info);
1077
1078
5
  return tvb_captured_length(tvb);
1079
5
}
1080
1081
1082
void
1083
14
proto_register_msproxy( void){
1084
1085
/* Prep the msproxy protocol, for now, just register it */
1086
1087
14
  static int *ett[] = {
1088
14
    &ett_msproxy,
1089
14
    &ett_msproxy_name
1090
14
  };
1091
14
  static hf_register_info hf[] = {
1092
1093
14
    { &hf_msproxy_cmd,
1094
14
      { "Command", "msproxy.command", FT_UINT16, BASE_DEC,
1095
14
        NULL, 0x0, NULL, HFILL
1096
14
      }
1097
14
    },
1098
1099
14
    { &hf_msproxy_dstaddr,
1100
14
      { "Destination Address", "msproxy.dstaddr", FT_IPv4, BASE_NONE, NULL,
1101
14
        0x0, NULL, HFILL
1102
14
      }
1103
14
    },
1104
1105
#if 0
1106
    { &hf_msproxy_srcport,
1107
      { "Source Port", "msproxy.srcport", FT_UINT16,
1108
        BASE_DEC, NULL, 0x0, NULL, HFILL
1109
      }
1110
    },
1111
#endif
1112
14
    { &hf_msproxy_dstport,
1113
14
      { "Destination Port", "msproxy.dstport", FT_UINT16,
1114
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1115
14
      }
1116
14
    },
1117
14
    { &hf_msproxy_clntport,
1118
14
      { "Client Port",  "msproxy.clntport", FT_UINT16,
1119
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1120
14
      }
1121
14
    },
1122
14
    { &hf_msproxy_server_ext_addr,
1123
14
      { "Server External Address", "msproxy.server_ext_addr", FT_IPv4, BASE_NONE, NULL,
1124
14
        0x0, NULL, HFILL
1125
14
      }
1126
14
    },
1127
1128
14
    { &hf_msproxy_server_ext_port,
1129
14
      { "Server External Port", "msproxy.server_ext_port", FT_UINT16,
1130
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1131
14
      }
1132
14
    },
1133
1134
14
    { &hf_msproxy_server_int_addr,
1135
14
      { "Server Internal Address", "msproxy.server_int_addr", FT_IPv4, BASE_NONE, NULL,
1136
14
        0x0, NULL, HFILL
1137
14
      }
1138
14
    },
1139
1140
14
    { &hf_msproxy_server_int_port,
1141
14
      { "Server Internal Port", "msproxy.server_int_port", FT_UINT16,
1142
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1143
14
      }
1144
14
    },
1145
14
    { &hf_msproxy_serverport,
1146
14
      { "Server Port",  "msproxy.serverport", FT_UINT16,
1147
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1148
14
      }
1149
14
    },
1150
14
    { &hf_msproxy_bindport,
1151
14
      { "Bind Port",  "msproxy.bindport", FT_UINT16,
1152
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1153
14
      }
1154
14
    },
1155
14
    { &hf_msproxy_boundport,
1156
14
      { "Bound Port", "msproxy.boundport", FT_UINT16,
1157
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1158
14
      }
1159
14
    },
1160
14
    { &hf_msproxy_serveraddr,
1161
14
      { "Server Address", "msproxy.serveraddr", FT_IPv4, BASE_NONE, NULL,
1162
14
        0x0, NULL, HFILL
1163
14
      }
1164
14
    },
1165
14
    { &hf_msproxy_bindaddr,
1166
14
      { "Destination", "msproxy.bindaddr", FT_IPv4, BASE_NONE, NULL,
1167
14
        0x0, NULL, HFILL
1168
14
      }
1169
14
    },
1170
14
    { &hf_msproxy_bind_id,
1171
14
      { "Bound Port Id",  "msproxy.bindid", FT_UINT32,
1172
14
        BASE_HEX, NULL, 0x0, NULL, HFILL
1173
14
      }
1174
14
    },
1175
14
    { &hf_msproxy_resolvaddr,
1176
14
      { "Address", "msproxy.resolvaddr", FT_IPv4, BASE_NONE, NULL,
1177
14
        0x0, NULL, HFILL
1178
14
      }
1179
14
    },
1180
14
    { &hf_msproxy_client_id,
1181
14
      { "Client Id",  "msproxy.client_id", FT_UINT32,
1182
14
        BASE_HEX, NULL, 0x0, NULL, HFILL
1183
14
      }
1184
14
    },
1185
14
    { &hf_msproxy_version,
1186
14
      { "Version",  "msproxy.version", FT_UINT32,
1187
14
        BASE_HEX, NULL, 0x0, NULL, HFILL
1188
14
      }
1189
14
    },
1190
14
    { &hf_msproxy_server_id,
1191
14
      { "Server id",  "msproxy.server_id", FT_UINT32,
1192
14
        BASE_HEX, NULL, 0x0, NULL, HFILL
1193
14
      }
1194
14
    },
1195
14
    { &hf_msproxy_server_ack,
1196
14
      { "Server ack", "msproxy.server_ack", FT_UINT8,
1197
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1198
14
      }
1199
14
    },
1200
14
    { &hf_msproxy_client_ack,
1201
14
      { "Client ack", "msproxy.client_ack", FT_UINT8,
1202
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1203
14
      }
1204
14
    },
1205
14
    { &hf_msproxy_seq_num,
1206
14
      { "Sequence Number",  "msproxy.seq_num", FT_UINT8,
1207
14
        BASE_DEC, NULL, 0x0, NULL, HFILL
1208
14
      }
1209
14
    },
1210
14
    { &hf_msproxy_rwsp_signature,
1211
14
      { "RWSP signature", "msproxy.rwsp_signature", FT_STRING, BASE_NONE, NULL,
1212
14
        0x0, NULL, HFILL
1213
14
      }
1214
14
    },
1215
14
    { &hf_msproxy_ntlmssp_signature,
1216
14
      { "NTLMSSP signature", "msproxy.ntlmssp_signature", FT_STRING, BASE_NONE, NULL,
1217
14
        0x0, NULL, HFILL
1218
14
      }
1219
14
    },
1220
1221
    /* Generated from convert_proto_tree_add_text.pl */
1222
14
    { &hf_msproxy_application, { "Application", "msproxy.application", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1223
14
    { &hf_msproxy_user_name, { "User name", "msproxy.user_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1224
14
    { &hf_msproxy_application_name, { "Application name", "msproxy.application_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1225
14
    { &hf_msproxy_client_computer_name, { "Client computer name", "msproxy.client_computer_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1226
14
    { &hf_msproxy_req_resolve_length, { "Length", "msproxy.req_resolve.length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1227
14
    { &hf_msproxy_host_name, { "Host Name", "msproxy.host_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1228
14
    { &hf_msproxy_nt_domain, { "NT domain", "msproxy.nt_domain", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1229
14
    { &hf_msproxy_address_offset, { "Address offset", "msproxy.address_offset", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1230
14
  };
1231
1232
14
  static ei_register_info ei[] = {
1233
14
    { &ei_msproxy_unknown,
1234
14
      { "msproxy.unknown", PI_UNDECODED, PI_WARN, "No know information (help wanted)", EXPFILL }},
1235
14
    { &ei_msproxy_unhandled,
1236
14
      { "msproxy.command.unhandled", PI_UNDECODED, PI_WARN, "Unhandled response command (report this, please)", EXPFILL }},
1237
14
  };
1238
1239
14
  expert_module_t* expert_msproxy;
1240
1241
14
  proto_msproxy = proto_register_protocol( "MS Proxy Protocol", "MS Proxy", "msproxy");
1242
1243
14
  proto_register_field_array(proto_msproxy, hf, array_length(hf));
1244
14
  proto_register_subtree_array(ett, array_length(ett));
1245
14
  expert_msproxy = expert_register_protocol(proto_msproxy);
1246
14
  expert_register_field_array(expert_msproxy, ei, array_length(ei));
1247
1248
14
  msproxy_sub_handle = register_dissector("msproxy", msproxy_sub_dissector,
1249
14
    proto_msproxy);
1250
14
}
1251
1252
1253
void
1254
14
proto_reg_handoff_msproxy(void) {
1255
1256
  /* dissector install routine */
1257
1258
14
  dissector_handle_t msproxy_handle;
1259
1260
14
  msproxy_handle = create_dissector_handle(dissect_msproxy, proto_msproxy);
1261
14
  dissector_add_uint_with_preference("udp.port", UDP_PORT_MSPROXY, msproxy_handle);
1262
14
}
1263
1264
/*
1265
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
1266
 *
1267
 * Local variables:
1268
 * c-basic-offset: 8
1269
 * tab-width: 8
1270
 * indent-tabs-mode: t
1271
 * End:
1272
 *
1273
 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1274
 * :indentSize=8:tabSize=8:noTabs=false:
1275
 */