Ethereal-dev: [Ethereal-dev] [PATCH] Oscar_ICQ and DCOM updates
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Jelmer Vernooij <jelmer@xxxxxxxxx>
Date: Thu, 12 Aug 2004 00:29:05 +0200
Hi, Here's a few updates for both Oscar-ICQ and the various DCOM interfaces over DCERPC. Cheers, Jelmer
Index: epan/dissectors/Makefile.common
===================================================================
--- epan/dissectors/Makefile.common (revision 11619)
+++ epan/dissectors/Makefile.common (working copy)
@@ -182,6 +182,9 @@
packet-dcerpc-update.c \
packet-dcerpc-wkssvc.c \
packet-dcerpc.c \
+ packet-dcerpc-iremunkn.c \
+ packet-dcerpc-iremunkn2.c \
+ packet-dcerpc-sysact.c \
packet-dcm.c \
packet-ddtp.c \
packet-dec-bpdu.c \
Index: epan/dissectors/packet-dcerpc-iremunkn.c
===================================================================
--- epan/dissectors/packet-dcerpc-iremunkn.c (revision 0)
+++ epan/dissectors/packet-dcerpc-iremunkn.c (revision 0)
@@ -0,0 +1,78 @@
+/* packet-dcerpc-iremunkn.c
+ * Routines for the IRemUnknown interface
+ * Copyright 2004, Jelmer Vernooij <jelmer@xxxxxxxxx>
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <string.h>
+
+#include <glib.h>
+#include <epan/packet.h>
+#include "packet-dcerpc.h"
+#include "packet-dcerpc-dcom.h"
+#include "packet-smb-common.h"
+
+static int proto_IRemUnknown = -1;
+
+static int hf_opnum = -1;
+
+static gint ett_IRemUnknown = -1;
+
+static e_uuid_t uuid_IRemUnknown = { 0x00000131, 0x0000, 0x0000, { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
+static guint16 ver_IRemUnknown = 0;
+
+static dcerpc_sub_dissector IRemUnknown_dissectors[] = {
+ { 0, "QueryInterface", NULL, NULL },
+ { 1, "AddRef", NULL, NULL },
+ { 2, "Release", NULL, NULL },
+ { 3, "RemQueryInterface", NULL, NULL },
+ { 4, "RemAddRef", NULL, NULL },
+ { 5, "RemRelease", NULL, NULL },
+ { 0, NULL, NULL, NULL },
+};
+
+void
+proto_register_IRemUnknown (void)
+{
+ static hf_register_info hf[] = {
+ { &hf_opnum,
+ { "Operation", "IRemUnknown.opnum", FT_UINT16, BASE_DEC,
+ NULL, 0x0, "", HFILL }},
+ };
+ static gint *ett[] = {
+ &ett_IRemUnknown
+ };
+ proto_IRemUnknown = proto_register_protocol ("IRemUnknown IRemUnknown Resolver", "IRemUnknown", "IRemUnknown");
+ proto_register_field_array (proto_IRemUnknown, hf, array_length (hf));
+ proto_register_subtree_array (ett, array_length (ett));
+}
+
+void
+proto_reg_handoff_IRemUnknown (void)
+{
+ /* Register the protocol as dcerpc */
+ dcerpc_init_uuid (proto_IRemUnknown, ett_IRemUnknown, &uuid_IRemUnknown, ver_IRemUnknown, IRemUnknown_dissectors, hf_opnum);
+}
Property changes on: epan/dissectors/packet-dcerpc-iremunkn.c
___________________________________________________________________
Name: svn:eol-style
+ native
Index: epan/dissectors/packet-dcerpc-oxid.c
===================================================================
--- epan/dissectors/packet-dcerpc-oxid.c (revision 11619)
+++ epan/dissectors/packet-dcerpc-oxid.c (working copy)
@@ -133,6 +133,8 @@
case 0x8:
return "NCADG_IP_UDP";
break;
+ case 0x9:
+ return "NCACN_IP";
case 0xC:
return "NCACN_SPX";
break;
@@ -269,7 +271,7 @@
static gint *ett[] = {
&ett_oxid
};
- proto_oxid = proto_register_protocol ("DCOM OXID Resolver", "OXID", "oxid");
+ proto_oxid = proto_register_protocol ("DCOM OXID Resolver", "IOXIDResolver", "oxid");
proto_register_field_array (proto_oxid, hf, array_length (hf));
proto_register_subtree_array (ett, array_length (ett));
}
Index: epan/dissectors/packet-dcerpc-iremunkn2.c
===================================================================
--- epan/dissectors/packet-dcerpc-iremunkn2.c (revision 0)
+++ epan/dissectors/packet-dcerpc-iremunkn2.c (revision 0)
@@ -0,0 +1,79 @@
+/* packet-dcerpc-iremunkn2.c
+ * Routines for the IRemUnknown2 interface
+ * Copyright 2004, Jelmer Vernooij <jelmer@xxxxxxxxx>
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <string.h>
+
+#include <glib.h>
+#include <epan/packet.h>
+#include "packet-dcerpc.h"
+#include "packet-dcerpc-dcom.h"
+#include "packet-smb-common.h"
+
+static int proto_IRemUnknown2 = -1;
+
+static int hf_opnum = -1;
+
+static gint ett_IRemUnknown2 = -1;
+
+static e_uuid_t uuid_IRemUnknown2 = { 0x00000143, 0x0000, 0x0000, { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
+static guint16 ver_IRemUnknown2 = 0;
+
+static dcerpc_sub_dissector IRemUnknown2_dissectors[] = {
+ { 0, "QueryInterface", NULL, NULL },
+ { 1, "AddRef", NULL, NULL },
+ { 2, "Release", NULL, NULL },
+ { 3, "RemQueryInterface", NULL, NULL },
+ { 4, "RemAddRef", NULL, NULL },
+ { 5, "RemRelease", NULL, NULL },
+ { 6, "RemQueryInterface2", NULL, NULL },
+ { 0, NULL, NULL, NULL },
+};
+
+void
+proto_register_IRemUnknown2 (void)
+{
+ static hf_register_info hf[] = {
+ { &hf_opnum,
+ { "Operation", "IRemUnknown2.opnum", FT_UINT16, BASE_DEC,
+ NULL, 0x0, "", HFILL }},
+ };
+ static gint *ett[] = {
+ &ett_IRemUnknown2
+ };
+ proto_IRemUnknown2 = proto_register_protocol ("IRemUnknown2 IRemUnknown2 Resolver", "IRemUnknown2", "IRemUnknown2");
+ proto_register_field_array (proto_IRemUnknown2, hf, array_length (hf));
+ proto_register_subtree_array (ett, array_length (ett));
+}
+
+void
+proto_reg_handoff_IRemUnknown2 (void)
+{
+ /* Register the protocol as dcerpc */
+ dcerpc_init_uuid (proto_IRemUnknown2, ett_IRemUnknown2, &uuid_IRemUnknown2, ver_IRemUnknown2, IRemUnknown2_dissectors, hf_opnum);
+}
Property changes on: epan/dissectors/packet-dcerpc-iremunkn2.c
___________________________________________________________________
Name: svn:eol-style
+ native
Index: epan/dissectors/packet-aim-icq.c
===================================================================
--- epan/dissectors/packet-aim-icq.c (revision 11619)
+++ epan/dissectors/packet-aim-icq.c (working copy)
@@ -57,6 +57,21 @@
{ 0, NULL }
};
+#define ICQ_CLI_OFFLINE_MESSAGE_REQ 0x003c
+#define ICQ_CLI_DELETE_OFFLINE_MSGS 0x003e
+#define ICQ_SRV_END_OF_OFFLINE_MSGS 0x0042
+#define ICQ_CLI_META_INFO_REQ 0x07d0
+#define ICQ_SRV_META_INFO_REPL 0x07da
+
+static const value_string aim_icq_data_types[] = {
+ { ICQ_CLI_OFFLINE_MESSAGE_REQ, "Offline Message Request" },
+ { ICQ_SRV_END_OF_OFFLINE_MSGS, "End Of Offline Messages Reply" },
+ { ICQ_CLI_DELETE_OFFLINE_MSGS, "Delete Offline Messages Request" },
+ { ICQ_CLI_META_INFO_REQ, "Metainfo Request" },
+ { ICQ_SRV_META_INFO_REPL, "Metainfo Reply" },
+ { 0, NULL }
+};
+
int dissect_aim_tlv_value_icq(proto_item *ti, guint16, tvbuff_t *);
#define TLV_ICQ_META_DATA 0x0001
@@ -71,10 +86,32 @@
/* Initialize the subtree pointers */
static gint ett_aim_icq = -1;
+static gint ett_aim_icq_tlv = -1;
+
+static gint hf_icq_tlv_data_chunk_size = -1;
+static gint hf_icq_tlv_request_owner_uid = -1;
+static gint hf_icq_tlv_request_type = -1;
+static gint hf_icq_tlv_request_seq_num = -1;
+
int dissect_aim_tlv_value_icq(proto_item *ti _U_, guint16 subtype _U_, tvbuff_t *tvb _U_)
{
- /* FIXME */
+ int offset = 0;
+ proto_tree *t = proto_item_add_subtree(ti, ett_aim_icq_tlv);
+
+ proto_tree_add_item(t, hf_icq_tlv_data_chunk_size, tvb, offset, 2, tvb_get_ntohs(tvb, offset));
+ offset += 2;
+
+ proto_tree_add_item(t, hf_icq_tlv_request_owner_uid, tvb, offset, 4, tvb_get_ntoh24(tvb, offset));
+ offset += 4;
+
+ proto_tree_add_item(t, hf_icq_tlv_request_type, tvb, offset, 2, tvb_get_ntohs(tvb, offset));
+ offset += 2;
+
+
+ proto_tree_add_item(t, hf_icq_tlv_request_seq_num, tvb, offset, 2, tvb_get_ntohs(tvb, offset));
+ offset += 2;
+
return 0;
}
@@ -87,10 +124,10 @@
case FAMILY_ICQ_ERROR:
return dissect_aim_snac_error(tvb, pinfo, offset, tree);
case FAMILY_ICQ_LOGINREQUEST:
+ case FAMILY_ICQ_LOGINRESPONSE:
return dissect_aim_tlv(tvb, pinfo, offset, tree, icq_tlv);
- case FAMILY_ICQ_LOGINRESPONSE:
case FAMILY_ICQ_AUTHREQUEST:
- case FAMILY_ICQ_AUTHRESPONSE:
+ case FAMILY_ICQ_AUTHRESPONSE:
/* FIXME */
default:
return 0;
@@ -103,19 +140,32 @@
{
/* Setup list of header fields */
-/* static hf_register_info hf[] = {
- };*/
+ static hf_register_info hf[] = {
+ { &hf_icq_tlv_data_chunk_size,
+ { "Data chunk size", "aim_icq.chunk_size", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL },
+ },
+ { &hf_icq_tlv_request_owner_uid,
+ { "Owner UID", "aim_icq.owner_uid", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL},
+ },
+ { &hf_icq_tlv_request_type,
+ {"Request Type", "aim_icq.request_type", FT_UINT16, BASE_DEC, VALS(aim_icq_data_types), 0x0, "", HFILL},
+ },
+ { &hf_icq_tlv_request_seq_num,
+ {"Request Sequence Number", "aim_icq.request_seq_number", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL},
+ },
+ };
/* Setup protocol subtree array */
static gint *ett[] = {
&ett_aim_icq,
+ &ett_aim_icq_tlv
};
/* Register the protocol name and description */
proto_aim_icq = proto_register_protocol("AIM ICQ", "AIM ICQ", "aim_icq");
/* Required function calls to register the header fields and subtrees used */
- /*proto_register_field_array(proto_aim_icq, hf, array_length(hf));*/
+ proto_register_field_array(proto_aim_icq, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
Index: epan/dissectors/packet-dcerpc-sysact.c
===================================================================
--- epan/dissectors/packet-dcerpc-sysact.c (revision 0)
+++ epan/dissectors/packet-dcerpc-sysact.c (revision 0)
@@ -0,0 +1,73 @@
+/* packet-dcerpc-sysact.c
+ * Routines for the ISystemActivator interface
+ * Copyright 2004, Jelmer Vernooij <jelmer@xxxxxxxxx>
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <string.h>
+
+#include <glib.h>
+#include <epan/packet.h>
+#include "packet-dcerpc.h"
+#include "packet-dcerpc-dcom.h"
+#include "packet-smb-common.h"
+
+static int proto_ISystemActivator = -1;
+
+static int hf_opnum = -1;
+
+static gint ett_ISystemActivator = -1;
+
+static e_uuid_t uuid_ISystemActivator = { 0x000001a0, 0x0000, 0x0000, { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
+static guint16 ver_ISystemActivator = 0;
+
+static dcerpc_sub_dissector ISystemActivator_dissectors[] = {
+ { 0, "RemQueryInterface2", NULL, NULL },
+ { 0, NULL, NULL, NULL },
+};
+
+void
+proto_register_ISystemActivator (void)
+{
+ static hf_register_info hf[] = {
+ { &hf_opnum,
+ { "Operation", "ISystemActivator.opnum", FT_UINT16, BASE_DEC,
+ NULL, 0x0, "", HFILL }},
+ };
+ static gint *ett[] = {
+ &ett_ISystemActivator
+ };
+ proto_ISystemActivator = proto_register_protocol ("ISystemActivator ISystemActivator Resolver", "ISystemActivator", "ISystemActivator");
+ proto_register_field_array (proto_ISystemActivator, hf, array_length (hf));
+ proto_register_subtree_array (ett, array_length (ett));
+}
+
+void
+proto_reg_handoff_ISystemActivator (void)
+{
+ /* Register the protocol as dcerpc */
+ dcerpc_init_uuid (proto_ISystemActivator, ett_ISystemActivator, &uuid_ISystemActivator, ver_ISystemActivator, ISystemActivator_dissectors, hf_opnum);
+}
Property changes on: epan/dissectors/packet-dcerpc-sysact.c
___________________________________________________________________
Name: svn:eol-style
+ native
- Follow-Ups:
- Re: [Ethereal-dev] [PATCH] Oscar_ICQ and DCOM updates
- From: Guy Harris
- Re: [Ethereal-dev] [PATCH] Oscar_ICQ and DCOM updates
- Prev by Date: [Ethereal-dev] Any outstanding issues in 0.10.6?
- Next by Date: Re: [Ethereal-dev] Any outstanding issues in 0.10.6?
- Previous by thread: Re: [Ethereal-dev] Any outstanding issues in 0.10.6?
- Next by thread: Re: [Ethereal-dev] [PATCH] Oscar_ICQ and DCOM updates
- Index(es):
- Get Wireshark
- Download
- Code of Conduct