|
|
//=============================================================================
// FILE: SPParser.cpp
//
// Description: DirectPlay Service Provider Parser
//
//
// Modification History:
//
// Michael Milirud 08/Aug/2000 Created
//=============================================================================
//#define FRAME_NAMES
//#define FRAME_DROPS
//==================//
// Standard headers //
//==================//
#include <winsock2.h>
#include <wsipx.h>
#include <ws2tcpip.h>
#include <tchar.h>
//=====================//
// Proprietary headers //
//=====================//
#include "dpaddr.h" // DPNA_DEFAULT_PORT definition
// Prototypes
#include "SPParser.hpp"
namespace DPlaySP{
// SP protocol header
#include "MessageStructures.h"
} // DPlaySP namespace
namespace{ HPROTOCOL g_hSPProtocol;
//=============================//
// Return Address Family field //-----------------------------------------------------------------------------------
//=============================//
LABELED_BYTE arr_RetAddrFamilyByteLabels[] = { { AF_IPX, "IPX protocol" }, { AF_INET, "IPv4 protocol" }, { AF_INET6, "IPv6 protocol" } };
SET LabeledRetAddrFamilyByteSet = { sizeof(arr_RetAddrFamilyByteLabels) / sizeof(LABELED_BYTE), arr_RetAddrFamilyByteLabels };
//================//
// Data Tag field //------------------------------------------------------------------------------------------------
//================//
LABELED_BYTE arr_CommandByteLabels[] = { { ENUM_DATA_KIND, "Enumeration Query" }, { ENUM_RESPONSE_DATA_KIND, "Response to Enumeration Query" }, { PROXIED_ENUM_DATA_KIND, "Proxied Enumeration Query" } };
SET LabeledCommandByteSet = { sizeof(arr_CommandByteLabels) / sizeof(LABELED_BYTE), arr_CommandByteLabels };
////////////////////////////////
// Custom Property Formatters //=====================================================================================
////////////////////////////////
// DESCRIPTION: Custom description formatter for the Service Provider packet summary
//
// ARGUMENTS: io_pProperyInstance - Data of the property's instance
//
// RETURNS: NOTHING
//
VOID WINAPIV FormatPropertyInstance_SPSummary( LPPROPERTYINST io_pProperyInstance ) { using namespace DPlaySP;
// Check what SP frame we are dealing with
const PREPEND_BUFFER& rSPFrame = *reinterpret_cast<PREPEND_BUFFER*>(io_pProperyInstance->lpData); //
switch ( rSPFrame.GenericHeader.bSPCommandByte ) { case ENUM_DATA_KIND: // Service Provider Query
{ strcpy(io_pProperyInstance->szPropertyText, "Enumeration Request"); break; }
case ENUM_RESPONSE_DATA_KIND: // Service Provider Response
{ strcpy(io_pProperyInstance->szPropertyText, "Enumeration Response"); break; }
case PROXIED_ENUM_DATA_KIND: // Service Provider Proxied Query
{ strcpy(io_pProperyInstance->szPropertyText, "Proxied Enumeration Request"); break; }
default: { strcpy(io_pProperyInstance->szPropertyText, "User Data"); break; } }
} // FormatPropertyInstance_SPSummary
//==================//
// Properties table //-----------------------------------------------------------------------------------------------
//==================//
PROPERTYINFO g_arr_SPProperties[] = {
// SP packet summary property (SP_SUMMARY)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"", // label
"DPlay Service Provider packet", // status-bar comment
PROP_TYPE_SUMMARY, // data type
PROP_QUAL_NONE, // data type qualifier
NULL, // labeled bit set
512, // description's maximum length
FormatPropertyInstance_SPSummary // generic formatter
},
// Leading Zero property (SP_LEADZERO)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Leading zero tag", // label
"Leading zero tag field", // status-bar comment
PROP_TYPE_BYTE, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Data Tag property (SP_COMMAND)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Command", // label
"Command field", // status-bar comment
PROP_TYPE_BYTE, // data type
PROP_QUAL_LABELED_SET, // data type qualifier.
&LabeledCommandByteSet, // labeled byte set
512, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Enumeration Key property (SP_ENUMPAYLOAD)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Enum Payload", // label
"Enumeration Payload field", // status-bar comment
PROP_TYPE_WORD, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Enumeration Key property (SP_ENUMKEY)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Enum Key", // label
"Enumeration Key field", // status-bar comment
PROP_TYPE_WORD, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Enumeration Response Key property (SP_ENUMRESPKEY)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Enum Response Key", // label
"Enumeration Response Key", // status-bar comment
PROP_TYPE_WORD, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Enumeration Response Key property (SP_RTTINDEX)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"RTT Index", // label
"RTT Index field", // status-bar comment
PROP_TYPE_WORD, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
}, // Size of the return address property (SP_RETADDRSIZE)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Return Address's Size", // label
"Size of the return address", // status-bar comment
PROP_TYPE_BYTE, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Return Address Socket Family property (SP_RETADDRFAMILY)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Socket Family", // label
"Socket Family field", // status-bar comment
PROP_TYPE_WORD, // data type
PROP_QUAL_LABELED_SET, // data type qualifier.
&LabeledRetAddrFamilyByteSet, // labeled byte set
512, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Return Address Socket Family property (SP_RETADDR_IPX)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"IPX Address", // label
"IPX Address field", // status-bar comment
PROP_TYPE_IPX_ADDRESS, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Return Address Socket (SP_RETADDRSOCKET_IPX)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Socket", // label
"Socket field", // status-bar comment
PROP_TYPE_WORD, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
}, // Return Address Socket Family property (SP_RETADDR_IP)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"IP Address", // label
"IP Address field", // status-bar comment
PROP_TYPE_IP_ADDRESS, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
},
// Return Address Socket (SP_RETADDRPORT_IP)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"Port", // label
"Port field", // status-bar comment
PROP_TYPE_WORD, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
}, // Return Address Socket Family property (SP_RETADDR_IPV6)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"IPv6 Address", // label
"IPv6 Address field", // status-bar comment
PROP_TYPE_IP6_ADDRESS, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled byte set
64, // description's maximum length
FormatPropertyInstance // generic formatter
},
// User Data (SP_USERDATA)
{ 0, // handle placeholder (MBZ)
0, // reserved (MBZ)
"User Data", // label
"User Data", // status-bar comment
PROP_TYPE_RAW_DATA, // data type
PROP_QUAL_NONE, // data type qualifier.
NULL, // labeled bit set
64, // description's maximum length
FormatPropertyInstance // generic formatter
}
};
enum { nNUM_OF_SP_PROPS = sizeof(g_arr_SPProperties) / sizeof(PROPERTYINFO) };
// Properties' indices
enum { SP_SUMMARY = 0, SP_LEADZERO, SP_COMMAND, SP_ENUMPAYLOAD, SP_ENUMKEY, SP_ENUMRESPKEY, SP_RTTINDEX, SP_RETADDRSIZE, SP_RETADDRFAMILY, SP_RETADDR_IPX, SP_RETADDRSOCKET_IPX, SP_RETADDR_IP, SP_RETADDRPORT_IP, SP_RETADDR_IPV6, SP_USERDATA };
// Platform independent memory accessor of big endian words
inline WORD ReadBigEndianWord( BYTE* i_pbData ) { return (*i_pbData << 8) | *(i_pbData+1); }
// DESCRIPTION: DPlay packet validation predicate.
//
// ARGUMENTS: i_hFrame - The handle to the frame that contains the data.
// i_hPrevProtocol - Handle of the previous protocol.
// i_pbMacFrame - The pointer to the first byte of the frame; the pointer provides a way to view
// the data that the other parsers recognize.
//
// RETURNS: DPlay packet = TRUE; NOT a DPlay packet = FALSE
//
bool IsDPlayPacket( HFRAME i_hFrame, HPROTOCOL i_hPrevProtocol, LPBYTE i_pbMacFrame ) {
const PROTOCOLINFO* pPrevProtocolInfo = GetProtocolInfo(i_hPrevProtocol); DWORD dwPrevProtocolOffset = GetProtocolStartOffsetHandle(i_hFrame, i_hPrevProtocol);
WORD wSrcPort, wDstPort;
if ( strncmp(reinterpret_cast<const char*>(pPrevProtocolInfo->ProtocolName), "UDP", sizeof(pPrevProtocolInfo->ProtocolName)) == 0 ) { // Extracting the source and destination ports of the packet from its UDP header
wSrcPort = ReadBigEndianWord(i_pbMacFrame + dwPrevProtocolOffset); wDstPort = ReadBigEndianWord(i_pbMacFrame + dwPrevProtocolOffset + 2); } else if ( strncmp(reinterpret_cast<const char*>(pPrevProtocolInfo->ProtocolName), "IPX", sizeof(pPrevProtocolInfo->ProtocolName)) == 0 ) { // Extracting the source and destination ports of the packet from its IPX header
wSrcPort = ReadBigEndianWord(i_pbMacFrame + dwPrevProtocolOffset + 16); // source address socket
wDstPort = ReadBigEndianWord(i_pbMacFrame + dwPrevProtocolOffset + 28); // destination address socket
} else { // Should never happen!
return false; }
//===========//
// Constants //
//===========//
//
static bool bTriedRetrievingUserPorts = false; static bool bRetrievedUserPorts = false;
static DWORD dwMinUserPort, dwMaxUserPort;
// Retrieval from the registry is attempted only once
if ( !bTriedRetrievingUserPorts ) { bTriedRetrievingUserPorts = true; HKEY hKey = NULL; if (RegOpenKeyEx(HKEY_CURRENT_USER, _T("Software\\Microsoft\\DirectPlay\\Parsers"), 0, KEY_READ, &hKey) == ERROR_SUCCESS) { DWORD dwType = NULL; DWORD dwCount = sizeof(DWORD); if (RegQueryValueEx(hKey, _T("MinUserPort"), NULL, &dwType, (LPBYTE)&dwMinUserPort, &dwCount) == ERROR_SUCCESS && RegQueryValueEx(hKey, _T("MaxUserPort"), NULL, &dwType, (LPBYTE)&dwMaxUserPort, &dwCount) == ERROR_SUCCESS ) { bRetrievedUserPorts = true; } RegCloseKey(hKey); } }
if ( bRetrievedUserPorts && ((wSrcPort >= dwMinUserPort) && (wSrcPort <= dwMaxUserPort)) && ((wDstPort >= dwMinUserPort) && (wDstPort <= dwMaxUserPort)) ) { // Is a valid DPlay packet
return true; }
// Make sure both endpoints are using the SP port range [2302, 2400], or the DPNServer port {6073}, or [MinUsePort, MaxUserPort] (if provided by the user)
WORD wPort = wSrcPort; for ( int nPorts = 0; nPorts < 2; ++nPorts, wPort = wDstPort ) { if ( ( !bRetrievedUserPorts || (wPort < dwMinUserPort) || (wPort > dwMaxUserPort) ) && ( (wPort < BASE_DPLAY8_PORT) || (wPort > MAX_DPLAY8_PORT) ) && ( wPort != DPNA_DPNSVR_PORT ) ) { // Not a valid DPlay packet
return false; } }
// Is a valid DPlay packet
return true;
} // IsDPlayPacket
} // anonymous namespace
// DESCRIPTION: Creates and fills-in a properties database for the protocol.
// Network Monitor uses this database to determine which properties the protocol supports.
//
// ARGUMENTS: i_hSPProtocol - The handle of the protocol provided by the Network Monitor.
//
// RETURNS: NOTHING
//
DPLAYPARSER_API VOID BHAPI SPRegister( HPROTOCOL i_hSPProtocol ) {
CreatePropertyDatabase(i_hSPProtocol, nNUM_OF_SP_PROPS);
// Add the properties to the database
for( int nProp=0; nProp < nNUM_OF_SP_PROPS; ++nProp ) { AddProperty(i_hSPProtocol, &g_arr_SPProperties[nProp]); }
} // SPRegister
// DESCRIPTION: Frees the resources used to create the protocol property database.
//
// ARGUMENTS: i_hSPProtocol - The handle of the protocol provided by the Network Monitor.
//
// RETURNS: NOTHING
//
DPLAYPARSER_API VOID WINAPI SPDeregister( HPROTOCOL i_hProtocol ){
DestroyPropertyDatabase(i_hProtocol);
} // SPDeregister
namespace{
// DESCRIPTION: Parses the SP frame to find its size (in bytes) NOT including the user data
//
// ARGUMENTS: i_pbSPFrame - Pointer to the start of the unclaimed data. Typically, the unclaimed data is located
// in the middle of a frame because a previous parser has claimed data before this parser.
//
// RETURNS: Size of the specified SP frame (in bytes)
//
int SPHeaderSize( LPBYTE i_pbSPFrame ) { using namespace DPlaySP;
// Check what SP frame we are dealing with
const PREPEND_BUFFER& rSPFrame = *reinterpret_cast<PREPEND_BUFFER*>(i_pbSPFrame); //
switch ( rSPFrame.GenericHeader.bSPCommandByte ) { case ENUM_DATA_KIND: // Service Provider Query
{ return sizeof(rSPFrame.EnumDataHeader); } case ENUM_RESPONSE_DATA_KIND: // Service Provider Response
{ return sizeof(rSPFrame.EnumResponseDataHeader); }
case PROXIED_ENUM_DATA_KIND: // Service Provider Proxied Query
{ return sizeof(rSPFrame.ProxiedEnumDataHeader); }
default: // user data starting with a nonzero byte
{ return 0; // no header
} }
} // SPHeaderSize
} // Anonymous namespace
// DESCRIPTION: Indicates whether a piece of data is recognized as the protocol that the parser detects.
//
// ARGUMENTS: i_hFrame - The handle to the frame that contains the data.
// i_pbMacFrame - The pointer to the first byte of the frame; the pointer provides a way to view
// the data that the other parsers recognize.
// i_pbSPFrame - Pointer to the start of the unclaimed data. Typically, the unclaimed data is located
// in the middle of a frame because a previous parser has claimed data before this parser.
// i_dwMacType - MAC value of the first protocol in a frame. Typically, the i_dwMacType value is used
// when the parser must identify the first protocol in the frame. Can be one of the following:
// MAC_TYPE_ETHERNET = 802.3, MAC_TYPE_TOKENRING = 802.5, MAC_TYPE_FDDI ANSI = X3T9.5.
// i_dwBytesLeft - The remaining number of bytes from a location in the frame to the end of the frame.
// i_hPrevProtocol - Handle of the previous protocol.
// i_dwPrevProtOffset - Offset of the previous protocol (from the beginning of the frame).
// o_pdwProtocolStatus - Protocol status indicator. Must be one of the following: PROTOCOL_STATUS_RECOGNIZED,
// PROTOCOL_STATUS_NOT_RECOGNIZED, PROTOCOL_STATUS_CLAIMED, PROTOCOL_STATUS_NEXT_PROTOCOL.
// o_phNextProtocol - Placeholder for the handle of the next protocol. This parameter is set when the parser identifies
// the protocol that follows its own protocol.
// io_pdwptrInstData - On input, a pointer to the instance data from the previous protocol.
// On output, a pointer to the instance data for the current protocol.
//
// RETURNS: If the function is successful, the return value is a pointer to the first byte after the recognized parser data.
// If the parser claims all the remaining data, the return value is NULL. If the function is unsuccessful, the return
// value is the initial value of the i_pbSPFrame parameter.
//
DPLAYPARSER_API LPBYTE BHAPI SPRecognizeFrame( HFRAME i_hFrame, ULPBYTE i_upbMacFrame, ULPBYTE i_upbSPFrame, DWORD i_dwMacType, DWORD i_dwBytesLeft, HPROTOCOL i_hPrevProtocol, DWORD i_dwPrevProtOffset, LPDWORD o_pdwProtocolStatus, LPHPROTOCOL o_phNextProtocol, PDWORD_PTR io_pdwptrInstData ){ using namespace DPlaySP;
// Validate the amount of unclaimed data
enum { nMIN_SPHeaderSize = sizeof(PREPEND_BUFFER::_GENERIC_HEADER) };
// Validate the packet as DPlay SP type
if ( (i_dwBytesLeft < nMIN_SPHeaderSize) || !IsDPlayPacket(i_hFrame, i_hPrevProtocol, i_upbMacFrame) ) { // Assume the unclaimed data is not recognizable
*o_pdwProtocolStatus = PROTOCOL_STATUS_NOT_RECOGNIZED; return i_upbSPFrame; }
//==========================//
// Get the DPlay frame size //
//==========================//
const PROTOCOLINFO* pPrevProtocolInfo = GetProtocolInfo(i_hPrevProtocol); WORD wDPlayFrameSize = 0;
if ( strncmp(reinterpret_cast<const char*>(pPrevProtocolInfo->ProtocolName), "UDP", sizeof(pPrevProtocolInfo->ProtocolName)) == 0 ) { // Extracting the UDP frame size
WORD wUDPFrameSize = ReadBigEndianWord(i_upbMacFrame + i_dwPrevProtOffset + 4);
enum { nUDP_HEADER_SIZE = 8 }; wDPlayFrameSize = wUDPFrameSize - nUDP_HEADER_SIZE; } else if ( strncmp(reinterpret_cast<const char*>(pPrevProtocolInfo->ProtocolName), "IPX", sizeof(pPrevProtocolInfo->ProtocolName)) == 0 ) { // Extracting the IPX frame size
WORD wIPXFrameSize = ReadBigEndianWord(i_upbMacFrame + i_dwPrevProtOffset + 2); // source address socket
enum { nIPX_HEADER_SIZE = 30 }; wDPlayFrameSize = wIPXFrameSize - nIPX_HEADER_SIZE; } else { ; // TODO: ASSERT HERE
}
// Pass along the size of the Transport frame
DWORD_PTR dwptrTransportFrameSize = wDPlayFrameSize - SPHeaderSize(i_upbSPFrame); *io_pdwptrInstData = dwptrTransportFrameSize;
const PREPEND_BUFFER& rSPFrame = *reinterpret_cast<PREPEND_BUFFER*>(i_upbSPFrame);
if ( rSPFrame.GenericHeader.bSPLeadByte == SP_HEADER_LEAD_BYTE ) // SP packet
{ *o_pdwProtocolStatus = PROTOCOL_STATUS_RECOGNIZED; *o_phNextProtocol = NULL; } else // user data (DPlay v8 Transport packet)
{ // Notify NetMon about the handoff protocol
*o_pdwProtocolStatus = PROTOCOL_STATUS_NEXT_PROTOCOL; *o_phNextProtocol = GetProtocolFromName("DPLAYTRANSPORT");
return i_upbSPFrame; } // Claim the rest of the data
return NULL;
} // SPRecognizeFrame
// DESCRIPTION: Maps the properties that exist in a piece of recognized data to specific locations.
//
// ARGUMENTS: i_hFrame - Handle of the frame that is being parsed.
// i_pbMacFram - Pointer to the first byte in the frame.
// i_pbSPFrame - Pointer to the start of the recognized data.
// i_dwMacType - MAC value of the first protocol in a frame. Typically, the i_dwMacType value is used
// when the parser must identify the first protocol in the frame. Can be one of the following:
// MAC_TYPE_ETHERNET = 802.3, MAC_TYPE_TOKENRING = 802.5, MAC_TYPE_FDDI ANSI = X3T9.5.
// i_dwBytesLeft - The remaining number of bytes in a frame (starting from the beginning of the recognized data).
// i_hPrevProtocol - Handle of the previous protocol.
// i_dwPrevProtOffset - Offset of the previous protocol (starting from the beginning of the frame).
// i_dwptrInstData - Pointer to the instance data that the previous protocol provides.
//
// RETURNS: Must return NULL
//
DPLAYPARSER_API LPBYTE BHAPI SPAttachProperties( HFRAME i_hFrame, ULPBYTE i_upbMacFrame, ULPBYTE i_upbSPFrame, DWORD i_dwMacType, DWORD i_dwBytesLeft, HPROTOCOL i_hPrevProtocol, DWORD i_dwPrevProtOffset, DWORD_PTR i_dwptrInstData ){ using namespace DPlaySP;
//===================//
// Attach Properties //
//===================//
// Summary line
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_SUMMARY].hProperty, i_dwBytesLeft, i_upbSPFrame, 0, 0, 0);
// Protection against NetMon
if ( *i_upbSPFrame ) { return NULL; }
// Check what SP frame we are dealing with
PREPEND_BUFFER& rSPFrame = *reinterpret_cast<PREPEND_BUFFER*>(i_upbSPFrame);
// Leading Zero tag field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_LEADZERO].hProperty, sizeof(rSPFrame.GenericHeader.bSPLeadByte), &rSPFrame.GenericHeader.bSPLeadByte, 0, 1, 0);
// Command field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_COMMAND].hProperty, sizeof(rSPFrame.GenericHeader.bSPCommandByte), &rSPFrame.GenericHeader.bSPCommandByte, 0, 1, 0); switch ( rSPFrame.GenericHeader.bSPCommandByte ) { case ENUM_DATA_KIND: // Service Provider's Enumeration Request
{ // Enum payload field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_ENUMPAYLOAD].hProperty, sizeof(rSPFrame.EnumDataHeader.wEnumPayload), &rSPFrame.EnumDataHeader.wEnumPayload, 0, 1, 0); // Enum Key field
DWORD dwEnumKey = rSPFrame.EnumDataHeader.wEnumPayload & ~ENUM_RTT_MASK; AttachPropertyInstanceEx(i_hFrame, g_arr_SPProperties[SP_ENUMKEY].hProperty, sizeof(rSPFrame.EnumDataHeader.wEnumPayload), &rSPFrame.EnumDataHeader.wEnumPayload, sizeof(dwEnumKey), &dwEnumKey, 0, 2, 0); // RTT index field
BYTE byRTTIndex = rSPFrame.EnumDataHeader.wEnumPayload & ENUM_RTT_MASK; AttachPropertyInstanceEx(i_hFrame, g_arr_SPProperties[SP_RTTINDEX].hProperty, sizeof(rSPFrame.EnumDataHeader.wEnumPayload), &rSPFrame.EnumDataHeader.wEnumPayload, sizeof(byRTTIndex), &byRTTIndex, 0, 2, 0); break; }
case ENUM_RESPONSE_DATA_KIND: // Service Provider's Enumeration Response
{ // Enum payload field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_ENUMPAYLOAD].hProperty, sizeof(rSPFrame.EnumResponseDataHeader.wEnumResponsePayload), &rSPFrame.EnumResponseDataHeader.wEnumResponsePayload, 0, 1, 0); // Enum Key field
DWORD dwEnumKey = rSPFrame.EnumResponseDataHeader.wEnumResponsePayload & ~ENUM_RTT_MASK; AttachPropertyInstanceEx(i_hFrame, g_arr_SPProperties[SP_ENUMRESPKEY].hProperty, sizeof(rSPFrame.EnumResponseDataHeader.wEnumResponsePayload), &rSPFrame.EnumResponseDataHeader.wEnumResponsePayload, sizeof(dwEnumKey), &dwEnumKey, 0, 2, 0); // RTT index field
BYTE byRTTIndex = rSPFrame.EnumDataHeader.wEnumPayload & ENUM_RTT_MASK; AttachPropertyInstanceEx(i_hFrame, g_arr_SPProperties[SP_RTTINDEX].hProperty, sizeof(rSPFrame.EnumResponseDataHeader.wEnumResponsePayload), &rSPFrame.EnumResponseDataHeader.wEnumResponsePayload, sizeof(byRTTIndex), &byRTTIndex, 0, 2, 0); break; }
case PROXIED_ENUM_DATA_KIND: // Service Provider's Proxied Enumeration Query
{ // Return Address Size field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_RETADDRSIZE].hProperty, sizeof(rSPFrame.ProxiedEnumDataHeader.ReturnAddress), &rSPFrame.ProxiedEnumDataHeader.ReturnAddress, 0, 1, 0); // Enum Key field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_ENUMKEY].hProperty, sizeof(rSPFrame.ProxiedEnumDataHeader.wEnumKey), &rSPFrame.ProxiedEnumDataHeader.wEnumKey, 0, 1, 0);
// Return Address Socket Address Family field
//
// Technically we don't know that this is not the smaller non-IPv6 capable version of
// this message. However, since PROXIED_ENUM_DATA_KIND is only ever sent locally, it
// won't even show up in the parser, so it doesn't really matter.
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_RETADDRFAMILY].hProperty, sizeof(rSPFrame.ProxiedEnumDataHeader.ReturnAddress.AddressGeneric.sa_family), &rSPFrame.ProxiedEnumDataHeader.ReturnAddress.AddressGeneric.sa_family, 0, 1, 0);
switch ( rSPFrame.ProxiedEnumDataHeader.ReturnAddress.AddressGeneric.sa_family ) { case AF_IPX: { SOCKADDR_IPX& rIPXAddress = rSPFrame.ProxiedEnumDataHeader.ReturnAddress.AddressIPX;
// Return Address field (IPX Network Number + Node Number)
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_RETADDR_IPX].hProperty, sizeof(rIPXAddress.sa_netnum) + sizeof(rIPXAddress.sa_nodenum), &rIPXAddress.sa_netnum, 0, 1, 0);
// Return Address Socket Address IPX Socket Number field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_RETADDRSOCKET_IPX].hProperty, sizeof(rIPXAddress.sa_socket), &rIPXAddress.sa_socket, 0, 1, 0);
break; }
case AF_INET: { SOCKADDR_IN& rIPAddress = rSPFrame.ProxiedEnumDataHeader.ReturnAddress.AddressIPv4;
// Return Address field (IP Address)
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_RETADDR_IP].hProperty, sizeof(rIPAddress.sin_addr), &rIPAddress.sin_addr, 0, 1, 0);
// Return Address Port field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_RETADDRPORT_IP].hProperty, sizeof(rIPAddress.sin_port), &rIPAddress.sin_port, 0, 1, 0);
break; }
case AF_INET6: { SOCKADDR_IN6& rIPv6Address = rSPFrame.ProxiedEnumDataHeader.ReturnAddress.AddressIPv6;
// Return Address field (IP Address)
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_RETADDR_IPV6].hProperty, sizeof(rIPv6Address.sin6_addr), &rIPv6Address.sin6_addr, 0, 1, 0);
// Return Address Port field
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_RETADDRPORT_IP].hProperty, sizeof(rIPv6Address.sin6_port), &rIPv6Address.sin6_port, 0, 1, 0);
break; }
default: { // TODO: DPF(0, "Unknown socket type!");
break; } }
break; } }
size_t sztSPHeaderSize = SPHeaderSize(i_upbSPFrame); if ( i_dwBytesLeft > sztSPHeaderSize ) { size_t sztUserDataSize = i_dwBytesLeft - sztSPHeaderSize;
// User data
AttachPropertyInstance(i_hFrame, g_arr_SPProperties[SP_USERDATA].hProperty, sztUserDataSize, i_upbSPFrame + sztSPHeaderSize, 0, 1, 0); }
return NULL;
} // SPAttachProperties
// DESCRIPTION: Formats the data that is displayed in the details pane of the Network Monitor UI.
//
// ARGUMENTS: i_hFrame - Handle of the frame that is being parsed.
// i_pbMacFrame - Pointer to the first byte of a frame.
// i_pbCoreFrame - Pointer to the beginning of the protocol data in a frame.
// i_dwPropertyInsts - Number of PROPERTYINST structures provided by lpPropInst.
// i_pPropInst - Pointer to an array of PROPERTYINST structures.
//
// RETURNS: If the function is successful, the return value is a pointer to the first byte after the recognized data in a frame,
// or NULL if the recognized data is the last piece of data in a frame. If the function is unsuccessful, the return value
// is the initial value of i_pbSPFrame.
//
DPLAYPARSER_API DWORD BHAPI SPFormatProperties( HFRAME i_hFrame, ULPBYTE i_upbMacFrame, ULPBYTE i_upbSPFrame, DWORD i_dwPropertyInsts, LPPROPERTYINST i_pPropInst ){
// Loop through the property instances...
while( i_dwPropertyInsts-- > 0) { // ...and call the formatter for each
reinterpret_cast<FORMAT>(i_pPropInst->lpPropertyInfo->InstanceData)(i_pPropInst); ++i_pPropInst; }
// TODO: MAKE SURE THIS SHOULD NOT BE TRUE
return NMERR_SUCCESS;
} // SPFormatProperties
// DESCRIPTION: Notifies Network Monitor that DPlay v8 Transport protocol parser exists.
//
// ARGUMENTS: NONE
//
// RETURNS: TRUE - success, FALSE - failure
//
bool CreateSPProtocol( void ){
// The entry points to the export functions that Network Monitor uses to operate the parser
ENTRYPOINTS SPEntryPoints = { // SPParser Entry Points
SPRegister, SPDeregister, SPRecognizeFrame, SPAttachProperties, SPFormatProperties };
// The first active instance of this parser needs to register with the kernel
g_hSPProtocol = CreateProtocol("DPLAYSP", &SPEntryPoints, ENTRYPOINTS_SIZE); return (g_hSPProtocol ? TRUE : FALSE);
} // CreateSPProtocol
// DESCRIPTION: Removes the DPlay v8 Transport protocol parser from the Network Monitor's database of parsers
//
// ARGUMENTS: NONE
//
// RETURNS: NOTHING
//
void DestroySPProtocol( void ){
DestroyProtocol(g_hSPProtocol);
} // DestroySPProtocol
|
