svn commit: lorikeet r246 - in trunk/ethereal: . ndrdump

tpot at samba.org tpot at samba.org
Sun Mar 13 02:57:35 GMT 2005


Author: tpot
Date: 2005-03-13 02:57:35 +0000 (Sun, 13 Mar 2005)
New Revision: 246

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=246

Log:
Ethereal plugin to use the output of ndrdump to generate parser output.

Needs a patch to ndrdump to accept data from stdin.

Added:
   trunk/ethereal/ndrdump/
   trunk/ethereal/ndrdump/Makefile
   trunk/ethereal/ndrdump/moduleinfo.c
   trunk/ethereal/ndrdump/moduleinfo.h
   trunk/ethereal/ndrdump/ndrdump.c


Changeset:
Added: trunk/ethereal/ndrdump/Makefile
===================================================================
--- trunk/ethereal/ndrdump/Makefile	2005-03-13 00:34:15 UTC (rev 245)
+++ trunk/ethereal/ndrdump/Makefile	2005-03-13 02:57:35 UTC (rev 246)
@@ -0,0 +1,9 @@
+PLUGIN = ndrdump.so
+
+CFLAGS = -I ../include $(shell pkg-config --cflags glib-2.0) -g
+LDFLAGS= -shared -Wl,--export-dynamic -Wl,-soname -Wl,$(PLUGIN)
+
+OBJS = moduleinfo.o ndrdump.o
+
+ndrdump.so: $(OBJS)
+	$(CC) -o $(PLUGIN) $(OBJS) $(LDFLAGS)

Copied: trunk/ethereal/ndrdump/moduleinfo.c (from rev 244, trunk/ethereal/pidl/moduleinfo.c)

Copied: trunk/ethereal/ndrdump/moduleinfo.h (from rev 244, trunk/ethereal/pidl/moduleinfo.h)

Added: trunk/ethereal/ndrdump/ndrdump.c
===================================================================
--- trunk/ethereal/ndrdump/ndrdump.c	2005-03-13 00:34:15 UTC (rev 245)
+++ trunk/ethereal/ndrdump/ndrdump.c	2005-03-13 02:57:35 UTC (rev 246)
@@ -0,0 +1,172 @@
+#include "config.h"
+
+#include <gmodule.h>
+#include "plugins/plugin_api.h"
+#include "epan/packet.h"
+#include "epan/dissectors/packet-dcerpc.h"
+
+#include <sys/types.h>
+#include <sys/wait.h>
+
+static int proto_dcerpc_samr = -1;
+
+static gint ett_dcerpc_samr = -1;
+
+static int hf_samr_opnum = -1;
+
+static e_uuid_t uuid_dcerpc_samr = {
+        0x12345778, 0x1234, 0xabcd,
+        { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac }
+};
+
+static guint16 ver_dcerpc_samr = 1.0;
+
+static void process_data(char *data, int data_len, proto_tree *tree,
+			 tvbuff_t *tvb, int offset)
+{
+	gchar **lines = g_strsplit(data, "\n", 0);
+
+	if (*lines) {		/* skip opcode */
+		proto_tree_add_text(tree, tvb, offset, 0, *lines);
+		lines++;
+	}
+
+	if (*lines) {		/* skip in/out */
+		proto_tree_add_text(tree, tvb, offset, 0, *lines);
+		lines++;
+	}
+
+#define END_TOKEN "pull returned"
+
+	while (*lines) {
+		if (strncmp(*lines, END_TOKEN, strlen(END_TOKEN)) == 0) {
+			proto_tree_add_text(tree, tvb, offset, 0, 
+					    *lines + strlen(END_TOKEN));
+			break;
+		}
+		
+		proto_tree_add_text(tree, tvb, offset, 0, *lines);
+		lines++;
+	}
+}
+
+static int
+ndrdump_dissect_packet(tvbuff_t *tvb, int offset, packet_info *pinfo,
+		       proto_tree *tree, guint8 *drep)
+{
+	dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
+	dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
+	int read_pipe[2], write_pipe[2];
+	pid_t child_pid;
+	int status;
+
+	/* Create pipe to ndrdump */
+
+	if (pipe(read_pipe) == -1 || pipe(write_pipe) == -1) {
+		perror("pipe");
+		return 1;
+	}
+
+	if ((child_pid = fork()) == -1) {
+		perror("fork");
+		return 1;
+	}
+
+#define	PARENT_READ	read_pipe[0]
+#define	CHILD_WRITE	read_pipe[1]
+#define CHILD_READ	write_pipe[0]
+#define PARENT_WRITE	write_pipe[1]
+
+	if (child_pid == 0) {
+
+		close(PARENT_WRITE);
+		close(PARENT_READ);
+		
+		dup2(CHILD_READ, fileno(stdin));
+		dup2(CHILD_WRITE, fileno(stdout));
+
+		char *opnum;
+		asprintf(&opnum, "%d", dcv->opnum);
+
+		execlp("ndrdump", "ndrdump", "samr", opnum, 
+		       (di->ptype == PDU_REQ) ? "in" : "out", NULL);
+		exit(1);
+	}
+
+	close(CHILD_READ);
+	close(CHILD_WRITE);
+
+	/* Write data */
+
+	char *tvb_data = (char *)tvb_get_ptr(tvb, offset, -1);
+
+	int result = write(PARENT_WRITE, tvb_data, 
+			   tvb_length_remaining(tvb, offset));
+	
+	close(PARENT_WRITE);
+
+	/* Read ndrdump output */
+
+	char *data = NULL, buf[255];
+	int num_read, data_len = 0;
+
+	while((num_read = read(PARENT_READ, buf, 255)) > 0) {
+		data = realloc(data, data_len + num_read);
+		memcpy(data + data_len, buf, num_read);
+		data_len += num_read;
+	}
+
+	if (data && data_len) 
+		process_data(data, data_len, tree, tvb, offset);
+
+	waitpid(child_pid, &status, 0);
+
+	if (WIFSIGNALED(status)) {
+		g_warning("ndrdump caught signal %d\n", WTERMSIG(status));
+	}
+
+	if (WEXITSTATUS(status) != 0) {
+	}	
+
+	return offset + tvb_length_remaining(tvb, offset);
+}
+
+static dcerpc_sub_dissector ndrdump_dissectors[] = {
+        { 0, "Opnum 0", ndrdump_dissect_packet, ndrdump_dissect_packet },
+        { 1, "Opnum 1", ndrdump_dissect_packet, ndrdump_dissect_packet },
+        { 2, "Opnum 2", ndrdump_dissect_packet, ndrdump_dissect_packet },
+        { 3, "Opnum 3", ndrdump_dissect_packet, ndrdump_dissect_packet },
+        { 4, "Opnum 4", ndrdump_dissect_packet, ndrdump_dissect_packet },
+        {0, NULL, NULL,  NULL }
+};
+
+G_MODULE_EXPORT void
+plugin_reg_handoff(void)
+{
+	dcerpc_init_uuid(proto_dcerpc_samr, ett_dcerpc_samr,
+			 &uuid_dcerpc_samr, ver_dcerpc_samr,
+			 ndrdump_dissectors, hf_samr_opnum);
+}
+
+G_MODULE_EXPORT void
+plugin_init(plugin_address_table_t *pat)
+{
+	static gint *ett[] = {
+		&ett_dcerpc_samr,
+	};
+
+        static hf_register_info hf[] = {
+		{ &hf_samr_opnum,
+		  { "Operation", "samr.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
+	};
+
+	plugin_address_table_init(pat);
+
+	proto_dcerpc_samr = 
+		proto_register_protocol("ndrdump_samr", "ndrdump_samr", 
+					"ndrdump_samr");
+
+	proto_register_subtree_array(ett, array_length(ett));
+
+	proto_register_field_array(proto_dcerpc_samr, hf, array_length(hf));
+}



More information about the samba-cvs mailing list