more accurate rpc decoding. Since now there are many different RCP protocols and EtherApe handles only ONC-RPC, mark it clearly
1.1 --- a/src/decode_proto.c Sun Nov 08 19:42:57 2009 +0100
1.2 +++ b/src/decode_proto.c Sun Nov 08 20:28:57 2009 +0100
1.3 @@ -1209,6 +1209,8 @@
1.4 static gboolean
1.5 get_rpc (decode_proto_t *dp, gboolean is_udp)
1.6 {
1.7 + int rpcstart;
1.8 + uint32_t rpcver;
1.9 enum rpc_type msg_type;
1.10 enum rpc_program msg_program;
1.11 const gchar *rpc_prot = NULL;
1.12 @@ -1218,15 +1220,11 @@
1.13 return FALSE; /* not big enough */
1.14
1.15 if (is_udp)
1.16 - {
1.17 - msg_type = pntohl (dp->cur_packet + 4);
1.18 - msg_program = pntohl (dp->cur_packet + 12);
1.19 - }
1.20 + rpcstart = 0;
1.21 else
1.22 - {
1.23 - msg_type = pntohl (dp->cur_packet + 8);
1.24 - msg_program = pntohl (dp->cur_packet + 16);
1.25 - }
1.26 + rpcstart = 4;
1.27 +
1.28 + msg_type = pntohl (dp->cur_packet + rpcstart + 4);
1.29
1.30 switch (msg_type)
1.31 {
1.32 @@ -1238,11 +1236,16 @@
1.33 if (!(rpc_prot = find_conversation (dp->global_dst_address, 0,
1.34 dp->global_dst_port, 0)))
1.35 return FALSE;
1.36 - decode_proto_add(dp, "RPC");
1.37 + decode_proto_add(dp, "ONC-RPC");
1.38 decode_proto_add(dp, rpc_prot);
1.39 return TRUE;
1.40
1.41 case RPC_CALL:
1.42 + rpcver = pntohl (dp->cur_packet + rpcstart + 8);
1.43 + if (rpcver != 2)
1.44 + return FALSE; /* only ONC-RPC v2 */
1.45 +
1.46 + msg_program = pntohl (dp->cur_packet + rpcstart + 12);
1.47 switch (msg_program)
1.48 {
1.49 case BOOTPARAMS_PROGRAM:
1.50 @@ -1282,7 +1285,7 @@
1.51 add_conversation (dp->global_src_address, 0,
1.52 dp->global_src_port, 0, rpc_prot);
1.53
1.54 - decode_proto_add(dp, "RPC");
1.55 + decode_proto_add(dp, "ONC-RPC");
1.56 decode_proto_add(dp, rpc_prot);
1.57 return TRUE;
1.58