Wireshark · Ethereal-dev: Re: [Ethereal-dev] DCERPC Data Representation field

[Todd Sabin <tas@xxxxxxxxxxx>]

Pasi Eronen <pasi.eronen@xxxxxxxx> writes:

> Hi,
> 
> The following patch adds decoding of the "data representation" 
> field found in connection-oriented DCERPC packets.
> 
> Could someone take a look at it and commit it?
> 

Thanks,

The patch below does a couple things: Fixes a typo in the offset used
for the floating point byte (offset should be offset+1), changes
cn_drep* to just drep* (since it's the same for connection oriented
and connectionless packets), and adds the corresponding code to the
connectionless side of things.


Todd


===================================================================
RCS file: /cvsroot/ethereal/packet-dcerpc.c,v
retrieving revision 1.11
diff -u -r1.11 packet-dcerpc.c
--- packet-dcerpc.c	2001/09/30 21:56:24	1.11
+++ packet-dcerpc.c	2001/10/05 19:54:40
@@ -99,10 +99,10 @@
 static int hf_dcerpc_cn_flags_dne = -1;
 static int hf_dcerpc_cn_flags_maybe = -1;
 static int hf_dcerpc_cn_flags_object = -1;
-static int hf_dcerpc_cn_drep = -1;
-static int hf_dcerpc_cn_drep_byteorder = -1;
-static int hf_dcerpc_cn_drep_character = -1;
-static int hf_dcerpc_cn_drep_fp = -1;
+static int hf_dcerpc_drep = -1;
+static int hf_dcerpc_drep_byteorder = -1;
+static int hf_dcerpc_drep_character = -1;
+static int hf_dcerpc_drep_fp = -1;
 static int hf_dcerpc_cn_frag_len = -1;
 static int hf_dcerpc_cn_auth_len = -1;
 static int hf_dcerpc_cn_call_id = -1;
@@ -165,7 +165,7 @@
 
 static gint ett_dcerpc = -1;
 static gint ett_dcerpc_cn_flags = -1;
-static gint ett_dcerpc_cn_drep = -1;
+static gint ett_dcerpc_drep = -1;
 static gint ett_dcerpc_dg_flags1 = -1;
 static gint ett_dcerpc_dg_flags2 = -1;
 
@@ -879,7 +879,7 @@
     proto_item *tf = NULL;
     proto_tree *dcerpc_tree = NULL;
     proto_tree *cn_flags_tree = NULL;
-    proto_tree *cn_drep_tree = NULL;
+    proto_tree *drep_tree = NULL;
     e_dce_cn_common_hdr_t hdr;
     int offset = 0;
 
@@ -945,12 +945,12 @@
         }
         offset++;
 
-        tf = proto_tree_add_bytes (dcerpc_tree, hf_dcerpc_cn_drep, tvb, offset, 4, hdr.drep);
-        cn_drep_tree = proto_item_add_subtree(tf, ett_dcerpc_cn_drep);
-        if (cn_drep_tree) {
-            proto_tree_add_uint(cn_drep_tree, hf_dcerpc_cn_drep_byteorder, tvb, offset, 1, hdr.drep[0] >> 4);
-            proto_tree_add_uint(cn_drep_tree, hf_dcerpc_cn_drep_character, tvb, offset, 1, hdr.drep[0] & 0x0f);
-            proto_tree_add_uint(cn_drep_tree, hf_dcerpc_cn_drep_fp, tvb, offset, 1, hdr.drep[1]);
+        tf = proto_tree_add_bytes (dcerpc_tree, hf_dcerpc_drep, tvb, offset, 4, hdr.drep);
+        drep_tree = proto_item_add_subtree (tf, ett_dcerpc_drep);
+        if (drep_tree) {
+            proto_tree_add_uint(drep_tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, hdr.drep[0] >> 4);
+            proto_tree_add_uint(drep_tree, hf_dcerpc_drep_character, tvb, offset, 1, hdr.drep[0] & 0x0f);
+            proto_tree_add_uint(drep_tree, hf_dcerpc_drep_fp, tvb, offset+1, 1, hdr.drep[1]);
         }
         offset += sizeof (hdr.drep);
 
@@ -1004,6 +1004,7 @@
     proto_tree *dcerpc_tree = NULL;
     proto_tree *dg_flags1_tree = NULL;
     proto_tree *dg_flags2_tree = NULL;
+    proto_tree *drep_tree = NULL;
     e_dce_dg_common_hdr_t hdr;
     int offset = 0;
     conversation_t *conv;
@@ -1096,7 +1097,13 @@
         }
         offset++;
 
-        proto_tree_add_text (dcerpc_tree, tvb, offset, sizeof (hdr.drep), "Data Rep");
+        tf = proto_tree_add_bytes (dcerpc_tree, hf_dcerpc_drep, tvb, offset, sizeof (hdr.drep), hdr.drep);
+        drep_tree = proto_item_add_subtree (tf, ett_dcerpc_drep);
+        if (drep_tree) {
+            proto_tree_add_uint(drep_tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, hdr.drep[0] >> 4);
+            proto_tree_add_uint(drep_tree, hf_dcerpc_drep_character, tvb, offset, 1, hdr.drep[0] & 0x0f);
+            proto_tree_add_uint(drep_tree, hf_dcerpc_drep_fp, tvb, offset+1, 1, hdr.drep[1]);
+        }
         offset += sizeof (hdr.drep);
 
         proto_tree_add_uint (dcerpc_tree, hf_dcerpc_dg_serial_hi, tvb, offset++, 1, hdr.serial_hi);
@@ -1282,14 +1289,14 @@
           { "Maybe", "dcerpc.cn_flags.maybe", FT_BOOLEAN, 8, TFS (&flags_set_truth), 0x40, "", HFILL }},
         { &hf_dcerpc_cn_flags_object,
           { "Object", "dcerpc.cn_flags.object", FT_BOOLEAN, 8, TFS (&flags_set_truth), 0x80, "", HFILL }},
-        { &hf_dcerpc_cn_drep,
-          { "Data Representation", "dcerpc.cn_drep", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }},
-        { &hf_dcerpc_cn_drep_byteorder,
-          { "Byte order", "dcerpc.cn_drep.byteorder", FT_UINT8, BASE_DEC, VALS (drep_byteorder_vals), 0x0, "", HFILL }},
-        { &hf_dcerpc_cn_drep_character,
-          { "Character", "dcerpc.cn_drep.character", FT_UINT8, BASE_DEC, VALS (drep_character_vals), 0x0, "", HFILL }},
-        { &hf_dcerpc_cn_drep_fp,
-          { "Floating-point", "dcerpc.cn_drep.fp", FT_UINT8, BASE_DEC, VALS (drep_fp_vals), 0x0, "", HFILL }},
+        { &hf_dcerpc_drep,
+          { "Data Representation", "dcerpc.drep", FT_BYTES, BASE_HEX, NULL, 0x0, "", HFILL }},
+        { &hf_dcerpc_drep_byteorder,
+          { "Byte order", "dcerpc.drep.byteorder", FT_UINT8, BASE_DEC, VALS (drep_byteorder_vals), 0x0, "", HFILL }},
+        { &hf_dcerpc_drep_character,
+          { "Character", "dcerpc.drep.character", FT_UINT8, BASE_DEC, VALS (drep_character_vals), 0x0, "", HFILL }},
+        { &hf_dcerpc_drep_fp,
+          { "Floating-point", "dcerpc.drep.fp", FT_UINT8, BASE_DEC, VALS (drep_fp_vals), 0x0, "", HFILL }},
         { &hf_dcerpc_cn_frag_len,
           { "Frag Length", "dcerpc.cn_frag_len", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
         { &hf_dcerpc_cn_auth_len,
@@ -1414,7 +1421,7 @@
     static gint *ett[] = {
         &ett_dcerpc,
         &ett_dcerpc_cn_flags,
-        &ett_dcerpc_cn_drep,
+        &ett_dcerpc_drep,
         &ett_dcerpc_dg_flags1,
         &ett_dcerpc_dg_flags2,
     };