Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-dev: [Ethereal-dev] frsrpc and frsapi dissectors

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jean-Baptiste Marchand <Jean-Baptiste.Marchand@xxxxxx>
Date: Fri, 9 Jul 2004 17:18:18 +0200
Hello,

the 4 attached files are DCE RPC stub dissectors for the frsrpc and
frsapi MSRPC interfaces. These interfaces are implemented by the File
Replication Service.

Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand@xxxxxx
HSC - http://www.hsc.fr/
/* packet-dcerpc-frsrpc.c
 * Routines for the frs (File Replication Service) MSRPC interface 
 * Copyright 2004 Jean-Baptiste Marchand <jbm@xxxxxx>
 *
 * $Id$
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */


#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <glib.h>
#include <epan/packet.h>
#include "packet-dcerpc.h"
#include "packet-dcerpc-frsrpc.h"

static int proto_dcerpc_frsrpc = -1;

static int hf_frsrpc_opnum = 0;

static gint ett_dcerpc_frsrpc = -1;

/*
IDL [ uuid(f5cc59b4-4264-101a-8c59-08002b2f8426),
IDL  version(1.1),
IDL  implicit_handle(handle_t rpc_binding)
IDL ] interface frsrpc
*/


static e_uuid_t uuid_dcerpc_frsrpc = {
	0xf5cc59b4, 0x4264, 0x101a,
	{ 0x8c, 0x59, 0x08, 0x00, 0x2b, 0x2f, 0x84, 0x26 }
};

static guint16 ver_dcerpc_frsrpc = 1; 


static dcerpc_sub_dissector dcerpc_frsrpc_dissectors[] = {
	{ FRSRPC_SEND_COMM_PKT, "FrsRpcSendCommPkt", 
		NULL, NULL },
	{ FRSRPC_VERIFY_PROMOTION_PARENT, "FrsRpcVerifyPromotionParent", 
		NULL, NULL },
	{ FRSRPC_START_PROMOTION_PARENT, "FrsRpcStartPromotionParent", 
		NULL, NULL },
	{ FRSRPC_NOP, "FrsRpcNop", NULL, NULL },
/* operations 4 to 9 are apparently identical */
	{ FRSRPC_BACKUP_COMPLETE, "FrsRpcBackupComplete", NULL, NULL },
	{ FRSRPC_BACKUP_COMPLETE_5, "FrsRpcBackupComplete", NULL, NULL },
	{ FRSRPC_BACKUP_COMPLETE_6, "FrsRpcBackupComplete", NULL, NULL },
	{ FRSRPC_BACKUP_COMPLETE_7, "FrsRpcBackupComplete", NULL, NULL },
	{ FRSRPC_BACKUP_COMPLETE_8, "FrsRpcBackupComplete", NULL, NULL },
	{ FRSRPC_BACKUP_COMPLETE_9, "FrsRpcBackupComplete", NULL, NULL },
	{ FRSRPC_VERIFY_PROMOTION_PARENT_EX, "FrsRpcVerifyPromotionParentEx",
		NULL, NULL },
        { 0, NULL, NULL,  NULL }
};


void
proto_register_dcerpc_frsrpc(void)
{

        static hf_register_info hf[] = {

		{ &hf_frsrpc_opnum, 
		  { "Operation", "frsrpc.opnum", FT_UINT16, BASE_DEC,
		   NULL, 0x0, "Operation", HFILL }},	
	};


        static gint *ett[] = {
                &ett_dcerpc_frsrpc,
        };


	proto_dcerpc_frsrpc = proto_register_protocol(
		"Microsoft File Replication Service", "FRSRPC", "frsrpc");

	proto_register_field_array(proto_dcerpc_frsrpc, hf, array_length(hf));

        proto_register_subtree_array(ett, array_length(ett));

}


void
proto_reg_handoff_dcerpc_frsrpc(void)
{
	/* register protocol as dcerpc */

	dcerpc_init_uuid(
		proto_dcerpc_frsrpc, ett_dcerpc_frsrpc, &uuid_dcerpc_frsrpc,
		ver_dcerpc_frsrpc, dcerpc_frsrpc_dissectors, hf_frsrpc_opnum);
}
/* packet-dcerpc-frsrpc.h
 * Routines for the frs (File Replication Service) MSRPC interface 
 * Copyright 2004 Jean-Baptiste Marchand <jbm@xxxxxx>
 *
 * $Id$
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

#ifndef __PACKET_DCERPC_FRSRPC_H
#define __PACKET_DCERPC_FRSRPC_H

/* MSRPC functions available in the frsrpc interface */

#define FRSRPC_SEND_COMM_PKT 			0x00
#define FRSRPC_VERIFY_PROMOTION_PARENT		0x01
#define FRSRPC_START_PROMOTION_PARENT 		0x02
#define FRSRPC_NOP				0x03
#define FRSRPC_BACKUP_COMPLETE			0x04
#define FRSRPC_BACKUP_COMPLETE_5		0x05
#define FRSRPC_BACKUP_COMPLETE_6		0x06
#define FRSRPC_BACKUP_COMPLETE_7		0x07
#define FRSRPC_BACKUP_COMPLETE_8		0x08
#define FRSRPC_BACKUP_COMPLETE_9		0x09
#define FRSRPC_VERIFY_PROMOTION_PARENT_EX 	0x0a

#endif /* packet-dcerpc-frsrpc.h */
/* packet-dcerpc-frsapi.c
 * Routines for the frs API (File Replication Service) MSRPC interface 
 * Copyright 2004 Jean-Baptiste Marchand <jbm@xxxxxx>
 *
 * $Id$
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */


#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <glib.h>
#include <epan/packet.h>
#include "packet-dcerpc.h"
#include "packet-dcerpc-frsapi.h"

static int proto_dcerpc_frsapi = -1;

static int hf_frsapi_opnum = 0;

static gint ett_dcerpc_frsapi = -1;

/*
IDL [ uuid(d049b186-814f-11d1-9a3c-00c04fc9b232),
IDL  version(1.1),
IDL  implicit_handle(handle_t rpc_binding)
IDL ] interface frsapi
*/

static e_uuid_t uuid_dcerpc_frsapi = {
	0xd049b186, 0x814f, 0x11d1,
	{ 0x9a, 0x3c, 0x00, 0xc0, 0x4f, 0xc9, 0xb2, 0x32 }
};

static guint16 ver_dcerpc_frsapi = 1; 


static dcerpc_sub_dissector dcerpc_frsapi_dissectors[] = {
	{  FRSAPI_VERIFY_PROMOTION, "VerifyPromotion", NULL, NULL },
	{  FRSAPI_PROMOTION_STATUS, "PromotionStatus", NULL, NULL },
	{  FRSAPI_START_DEMOTION, "StartDemotion", NULL, NULL },
	{  FRSAPI_COMMIT_DEMOTION, "CommitDemotion", NULL, NULL },
	{  FRSAPI_SET_DS_POLLING_INTERVAL_W, "Set_DsPollingIntervalW", NULL, NULL },
	{  FRSAPI_GET_DS_POLLING_INTERVAL_W, "Get_DsPollingIntervalW", NULL, NULL },
	{  FRSAPI_VERIFY_PROMOTION_W, "VerifyPromotionW", NULL, NULL },
	{  FRSAPI_INFO_W, "InfoW", NULL, NULL },
	{  FRSAPI_IS_PATH_REPLICATED, "IsPathReplicated", NULL, NULL },
	{  FRSAPI_WRITER_COMMAND, "WriterCommand", NULL, NULL },
	{ 0, NULL, NULL,  NULL }
};

void
proto_register_dcerpc_frsapi(void)
{

        static hf_register_info hf[] = {

		{ &hf_frsapi_opnum, 
		  { "Operation", "frsapi.opnum", FT_UINT16, BASE_DEC,
		   NULL, 0x0, "Operation", HFILL }},	
	};


        static gint *ett[] = {
                &ett_dcerpc_frsapi,
        };


	proto_dcerpc_frsapi = proto_register_protocol(
		"Microsoft File Replication Service API", "FRSAPI", "frsapi");

	proto_register_field_array(proto_dcerpc_frsapi, hf, array_length(hf));

        proto_register_subtree_array(ett, array_length(ett));

}


void
proto_reg_handoff_dcerpc_frsapi(void)
{
	/* register protocol as dcerpc */

	dcerpc_init_uuid(
		proto_dcerpc_frsapi, ett_dcerpc_frsapi, &uuid_dcerpc_frsapi,
		ver_dcerpc_frsapi, dcerpc_frsapi_dissectors, hf_frsapi_opnum);
}
/* packet-dcerpc-frsapi.h
 * Routines for the frs API (File Replication Service) MSRPC interface 
 * Copyright 2004 Jean-Baptiste Marchand <jbm@xxxxxx>
 *
 * $Id$
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

#ifndef __PACKET_DCERPC_FRSAPI_H
#define __PACKET_DCERPC_FRSAPI_H

/* MSRPC functions available in the frsapi interface */

#define FRSAPI_VERIFY_PROMOTION			0x00
#define FRSAPI_PROMOTION_STATUS			0x01
#define FRSAPI_START_DEMOTION			0x02
#define FRSAPI_COMMIT_DEMOTION			0x03
#define FRSAPI_SET_DS_POLLING_INTERVAL_W	0x04
#define FRSAPI_GET_DS_POLLING_INTERVAL_W	0x05
#define FRSAPI_VERIFY_PROMOTION_W		0x06
#define FRSAPI_INFO_W				0x07
#define FRSAPI_IS_PATH_REPLICATED		0x08
#define FRSAPI_WRITER_COMMAND			0x09

#endif /* packet-dcerpc-frsapi.h */