Wireshark · Ethereal-dev: [Ethereal-dev] Two small fixes to packet-dcerpc-epm.c

Ethereal-dev: [Ethereal-dev] Two small fixes to packet-dcerpc-epm.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>

Date: Mon, 10 Nov 2003 17:01:53 +0200

1. Adds dissection of inquiry type (rpc_c_ep_all_elts /rpc_c_ep_match_by_if / rpc_c_ep_match_by_obj / rpc_c_ep_match_by_both).2. The version field seems incorrect to me - I believe it is usuallyshould be version 2.0, not 0.2.I suspect that the insertion of version information to the hash table isalso wrong, (and the get for the version should have used _letohl() ) -but I did not change it.


Diff'ed against 0.9.16.

Thanks,
Yaniv.

--- packet-dcerpc-epm.c	Wed Oct 22 03:07:41 2003
+++ packet-dcerpc-epm.yaniv.c	Mon Nov 10 17:00:30 2003
@@ -75,6 +75,13 @@
 static e_uuid_t uuid_epm = { 0xe1af8308, 0x5d1f, 0x11c9, { 0x91, 0xa4, 0x08, 0x00, 0x2b, 0x14, 0xa0, 0xfa } };
 static guint16  ver_epm = 3;
 
+static const value_string ep_service[] = {
+	{ 0, "rpc_c_ep_all_elts" },
+	{ 1, "rpc_c_ep_match_by_if" },
+	{ 2, "rpc_c_ep_match_by_obj" },
+	{ 3, "rpc_c_ep_match_by_both" },
+	{ 0, NULL },
+};
 
 /* typedef struct {
       unsigned int tower_len,
@@ -351,10 +358,10 @@
                           uuid.Data4[2], uuid.Data4[3],
                           uuid.Data4[4], uuid.Data4[5],
                           uuid.Data4[6], uuid.Data4[7]);
-            proto_tree_add_text(tr, tvb, offset+17, 2, "Version %d.%d", tvb_get_guint8(tvb, offset+18), tvb_get_guint8(tvb, offset+17));
+            proto_tree_add_text(tr, tvb, offset+17, 2, "Version %d.%d", tvb_get_guint8(tvb, offset+17), tvb_get_guint8(tvb, offset+18));
 
 	    {
-	        guint16 version = tvb_get_ntohs(tvb, offset+17);
+		guint16 version = tvb_get_ntohs(tvb, offset+17); 
 		char *service = dcerpc_get_proto_name(&uuid, version);
 		if (service)
 		    proto_item_append_text(tr, "UUID: %s", service);
@@ -364,8 +371,8 @@
 					   uuid.Data4[2], uuid.Data4[3],
 					   uuid.Data4[4], uuid.Data4[5],
 					   uuid.Data4[6], uuid.Data4[7],
-					   tvb_get_guint8(tvb, offset+18), 
-					   tvb_get_guint8(tvb, offset+17));
+					   tvb_get_guint8(tvb, offset+17), 
+					   tvb_get_guint8(tvb, offset+18));
 	    }
 	    break;
 	}
@@ -668,7 +675,7 @@
 	  { "Operation", "epm.opnum", FT_UINT16, BASE_DEC,
 	    NULL, 0x0, "Operation", HFILL }},
         { &hf_epm_inquiry_type,
-          { "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
+          { "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, VALS(ep_service), 0x0, "", HFILL }},
         { &hf_epm_object,
           { "Object", "epm.object", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
         { &hf_epm_if_id,

Follow-Ups:
- Re: [Ethereal-dev] Two small fixes to packet-dcerpc-epm.c
  - From: Guy Harris

Prev by Date: RE: [Ethereal-dev] config.nmake problem
Next by Date: [Ethereal-dev] Invalid LAPB frames
Previous by thread: [Ethereal-dev] ASN.1 dissector causes exit problems because it can't find default.tt
Next by thread: Re: [Ethereal-dev] Two small fixes to packet-dcerpc-epm.c
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$