summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xtools/build-clang.sh30
-rw-r--r--tools/smartcard-interpreter.py572
-rwxr-xr-xtools/update-settings-tests349
-rw-r--r--tools/wireshark/rdp-udp.lua709
4 files changed, 1660 insertions, 0 deletions
diff --git a/tools/build-clang.sh b/tools/build-clang.sh
new file mode 100755
index 0000000..9f83cf5
--- /dev/null
+++ b/tools/build-clang.sh
@@ -0,0 +1,30 @@
+#!/bin/bash -xe
+SCRIPT_PATH=$(dirname "${BASH_SOURCE[0]}")
+SCRIPT_PATH=$(realpath "$SCRIPT_PATH")
+
+WARN_FLAGS="-Weverything -Wno-padded -Wno-assign-enum -Wno-switch-enum \
+ -Wno-declaration-after-statement -Wno-c++98-compat -Wno-c++98-compat-pedantic \
+ -Wno-cast-align -Wno-covered-switch-default -Wno-documentation-unknown-command \
+ -Wno-documentation -Wno-documentation-html"
+
+cmake \
+ -GNinja \
+ -DCMAKE_TOOLCHAIN_FILE="$SCRIPT_PATH/../cmake/ClangToolchain.cmake" \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_FIND_LIBRARY_SUFFIXES=".a;.so" \
+ -DBUILD_SHARED_LIBS=OFF \
+ -Bclang \
+ -S"$SCRIPT_PATH/.." \
+ -DCMAKE_INSTALL_PREFIX=/tmp/xxx \
+ -DWITH_SERVER=ON \
+ -DWITH_SAMPLE=ON \
+ -DWITH_CAIRO=ON \
+ -DWITH_FFMPEG=ON \
+ -DWITH_DSP_FFMPEG=ON \
+ -DWITH_PKCS11=ON \
+ -DWITH_SOZR=ON \
+ -DWITH_WAYLAND=ON \
+ -DWITH_WEBVIEW=ON \
+ -DWITH_SWSCALE=ON \
+ -DCMAKE_C_FLAGS="$WARN_FLAGS" \
+ -DCMAKE_CXX_FLAGS="$WARN_FLAGS"
diff --git a/tools/smartcard-interpreter.py b/tools/smartcard-interpreter.py
new file mode 100644
index 0000000..2fd1605
--- /dev/null
+++ b/tools/smartcard-interpreter.py
@@ -0,0 +1,572 @@
+#!/usr/bin/env python3
+#
+# Copyright 2022 David Fort <contact@hardening-consulting.com>
+#
+# This script is meant to parse some FreeRDP logs in DEBUG mode (WLOG_LEVEL=DEBUG) and interpret the
+# smartcard traffic, dissecting the PIV or GIDS commands
+#
+# usage:
+# * live: WLOG_LEVEL=DEBUG xfreerdp <args with smartcard> | python3 smartcard-interpreter.py
+# * on an existing log file: python3 smartcard-interpreter.py <log file>
+#
+import sys
+import codecs
+
+
+CMD_NAMES = {
+ 0x04: "DESACTIVATE FILE",
+ 0x0C: "ERASE RECORD",
+ 0x0E: "ERASE BINARY",
+ 0x0F: "ERASE BINARY",
+ 0x20: "VERIFY",
+ 0x21: "VERIFY",
+ 0x22: "MSE",
+ 0x24: "CHANGE REFERENCE DATA",
+ 0x25: "MSE",
+ 0x26: "DISABLE VERIFICATION REQUIREMENT",
+ 0x28: "ENABLE VERIFICATION REQUIREMENT",
+ 0x2A: "PSO",
+ 0x2C: "RESET RETRY COUNTER",
+ 0x2D: "RESET RETRY COUNTER",
+ 0x44: "ACTIVATE FILE",
+ 0x46: "GENERATE ASYMMETRIC KEY PAIR",
+ 0x47: "GENERATE ASYMMETRIC KEY PAIR",
+ 0x84: "GET CHALLENGE",
+ 0x86: "GENERAL AUTHENTICATE",
+ 0x87: "GENERAL AUTHENTICATE",
+ 0x88: "INTERNAL AUTHENTICATE",
+ 0xA0: "SEARCH BINARY",
+ 0xA1: "SEARCH BINARY",
+ 0xA2: "SEARCH RECORD",
+ 0xA4: "SELECT",
+ 0xB0: "READ BINARY",
+ 0xB1: "READ BINARY",
+ 0xB2: "READ RECORD",
+ 0xB3: "READ RECORD",
+ 0xC0: "GET RESPONSE",
+ 0xC2: "ENVELOPPE",
+ 0xC3: "ENVELOPPE",
+ 0xCA: "GET DATA",
+ 0xCB: "GET DATA",
+ 0xD0: "WRITE BINARY",
+ 0xD1: "WRITE BINARY",
+ 0xD2: "WRITE RECORD",
+ 0xD6: "UPDATE BINARY",
+ 0xD7: "UPDATE BINARY",
+ 0xDA: "PUT DATA",
+ 0xDB: "PUT DATA",
+ 0xDC: "UPDATE RECORD",
+ 0xDD: "UPDATE RECORD",
+ 0xE0: "CREATE FILE",
+ 0xE2: "APPEND RECORD",
+ 0xE4: "DELETE FILE",
+ 0xE6: "TERMINATE DF",
+ 0xE8: "TERMINATE EF",
+ 0xFE: "TERMINATE CARD USAGE",
+}
+
+AIDs = {
+ "a00000039742544659": "MsGidsAID",
+ "a000000308": "PIV",
+ "a0000003974349445f0100": "SC PNP",
+}
+
+FIDs = {
+ 0x0000: "Current EF",
+ 0x2F00: "EF.DIR",
+ 0x2F01: "EF.ATR",
+ 0x3FFF: "Current application(ADF)",
+}
+
+DOs = {
+ "df1f": "DO_FILESYSTEMTABLE",
+ "df20": "DO_CARDID",
+ "df21": "DO_CARDAPPS",
+ "df22": "DO_CARDCF",
+ "df23": "DO_CMAPFILE",
+ "df24": "DO_KXC00",
+}
+
+ERROR_CODES = {
+ 0x9000: "success",
+ 0x6282: "end of file or record",
+ 0x63C0: "warning counter 0",
+ 0x63C1: "warning counter 1",
+ 0x63C2: "warning counter 2",
+ 0x63C3: "warning counter 3",
+ 0x63C4: "warning counter 4",
+ 0x63C5: "warning counter 5",
+ 0x63C6: "warning counter 6",
+ 0x63C7: "warning counter 7",
+ 0x63C8: "warning counter 8",
+ 0x63C9: "warning counter 9",
+ 0x6982: "security status not satisfied",
+ 0x6985: "condition of use not satisfied",
+ 0x6A80: "incorrect parameter cmd data field",
+ 0x6A81: "function not suppported",
+ 0x6A82: "file or application not found",
+ 0x6A83: "record not found",
+ 0x6A88: "REFERENCE DATA NOT FOUND",
+ 0x6D00: "unsupported",
+}
+
+PIV_OIDs = {
+ "5fc101": "X.509 Certificate for Card Authentication",
+ "5fc102": "Card Holder Unique Identifier",
+ "5fc103": "Cardholder Fingerprints",
+ "5fc105": "X.509 Certificate for PIV Authentication",
+ "5fc106": "Security Object",
+ "5fc107": "Card Capability Container",
+ "5fc108": "Cardholder Facial Image",
+ "5fc10a": "X.509 Certificate for Digital Signature",
+ "5fc10b": "X.509 Certificate for Key Management",
+ "5fc10d": "Retired X.509 Certificate for Key Management 1",
+ "5fc10e": "Retired X.509 Certificate for Key Management 2",
+ "5fc10f": "Retired X.509 Certificate for Key Management 3",
+}
+
+class ApplicationDummy(object):
+ def __init__(self, aid):
+ self.aid = aid
+
+ def getAID(self):
+ return self.aid
+
+ def selectResult(self, fci, status, body):
+ return 'selectResult(%s, %s, %s)\n' %(fci, status, body.hex())
+
+ def getData(self, fileId, bytes):
+ return 'getData(0x%x, %s)\n' %(fileId, bytes.hex())
+
+ def getDataResult(self, status, body):
+ return 'getDataResult(0x%x, %s)\n' %(status, body.hex())
+
+ def mse(self, body):
+ return body.hex()
+
+ def mseResult(self, status, body):
+ return body.hex()
+
+ def pso(self, body):
+ return body.hex()
+
+ def psoResult(self, status, body):
+ return body.hex()
+
+
+class ApplicationPIV(object):
+ def __init__(self, aid):
+ self.lastGet = None
+ self.aid = aid
+
+ def getAID(self):
+ return self.aid
+
+ def selectResult(self, selectT, status, body):
+ ret = ''
+ appTag = body[0]
+ appLen = body[1]
+
+ body = body[2:2+appLen]
+ while len(body) > 2:
+ tag = body[0]
+ tagLen = body[1]
+ if selectT == "FCI":
+ if tag == 0x4f:
+ ret += "\tpiv version: %s\n" % body[2:2 + tagLen].hex()
+ elif tag == 0x79:
+ subBody = body[2:2 + tagLen]
+
+ subTag = subBody[0]
+ subLen = subBody[1]
+
+ content = subBody.hex()
+ if subTag == 0x4f:
+ v = content[4:]
+ if v.startswith('a000000308'):
+ content = 'NIST RID'
+ ret += '\tCoexistent tag allocation authority: %s\n' % content
+
+ elif tag == 0x50:
+ ret += '\tapplication label\n'
+ elif tag == 0xac:
+ ret += '\tCryptographic algorithms supported\n'
+ else:
+ rety += '\tunknown tag 0x%x\n' % tag
+
+ else:
+ ret += "\tTODO: selectType %s\n" % selectT
+
+ body = body[2+tagLen:]
+
+ return ret
+
+ def getData(self, fileId, bytes):
+ ret = "\tfileId=%s\n" % FIDs.get(fileId, "%0.4x" % fileId)
+
+ lc = bytes[4]
+ tag = bytes[5]
+ tagLen = bytes[6]
+
+ if lc == 4:
+ ret += "\tdoId=%0.4x\n"% (bytes[7] * 256 + bytes[8])
+
+ elif lc == 0xa:
+ keyStr = ''
+ # TLV
+ i = 7
+ tag = bytes[i]
+ tagLen = bytes[i+1]
+ keyRef = bytes[i+3]
+ keyStr = "key(tag=0x%x len=%d ref=0x%x)=" % (tag, tagLen, keyRef)
+ i = i + 2 + tagLen
+
+ tag = bytes[i]
+ tagLen = bytes[i+1]
+ keyStr += "value(tag=0x%x len=%d)"
+ elif lc == 5:
+ if tag == 0x5C:
+ tagStr = bytes[7:].hex()
+ ret += '\ttag: %s(%s)\n' % (tagStr, PIV_OIDs.get(tagStr, '<unknown>'))
+ self.lastGet = tagStr
+ else:
+ ret += "\tunknown key access\n"
+
+ return ret
+
+ def getDataResult(self, status, body):
+ ret = ''
+ if not len(body):
+ return ''
+ appTag = body[0]
+ appLen = body[1]
+
+ body = body[2:2+appLen]
+ while len(body) > 2:
+ tag = body[0]
+ tagLen = body[1]
+ tagBody = body[2:2+tagLen]
+
+ if self.lastGet in ('5fc102',):
+ # Card holder Unique Identifier
+ if tag == 0x30:
+ ret += '\tFASC-N: %s\n' % tagBody.hex()
+ elif tag == 0x34:
+ ret += '\tGUID: %s\n' % tagBody.hex()
+ elif tag == 0x35:
+ ret += '\texpirationDate: %s\n' % tagBody.decode('utf8')
+ elif tag == 0x3e:
+ ret += '\tIssuer Asymmetric Signature: %s\n' % tagBody.hex()
+ else:
+ ret += "\tunknown tag=0x%x len=%d content=%s\n" % (tag, tagLen, tagBody.hex())
+ else:
+ ret += "\t%s: unknown tag=0x%x len=%d content=%s\n" % (self.lastGet, tag, tagLen, tagBody.hex())
+
+ body = body[2+tagLen:]
+
+ return ret
+
+ def mse(self, body):
+ return body.hex()
+
+ def mseResult(self, status, body):
+ return body.hex()
+
+ def pso(self, body):
+ return body.hex()
+
+ def psoResult(self, status, body):
+ return body.hex()
+
+
+
+class ApplicationGids(object):
+ def __init__(self, aid):
+ self.aid = aid
+ self.lastDo = None
+
+ def getAID(self):
+ return self.aid
+
+ def parseFcp(self, bytes):
+ ret = ''
+ tag = bytes[0]
+ tagLen = bytes[1]
+
+ body = bytes[2:2+tagLen]
+
+ if tag == 0x62:
+ ret += '\tFCP\n'
+
+ while len(body) > 2:
+ tag2 = body[0]
+ tag2Len = body[1]
+ tag2Body = body[2:2+tag2Len]
+
+ if tag2 == 0x82:
+ ret += '\t\tFileDescriptor: %s\n' % tag2Body.hex()
+ elif tag2 == 0x8a:
+ ret += '\t\tLifeCycleByte: %s\n' % tag2Body.hex()
+ elif tag2 == 0x84:
+ ret += '\t\tDF name: %s\n' % tag2Body.encode('utf8')
+ elif tag2 == 0x8C:
+ ret += '\t\tSecurityAttributes: %s\n' % tag2Body.hex()
+ else:
+ ret += '\t\tunhandled tag=0x%x body=%s\n' % (tag2, tag2Body.hex())
+
+ body = body[2+tag2Len:]
+
+ return ret
+
+ def parseFci(self, bytes):
+ ret = ''
+ tag = bytes[0]
+ tagLen = bytes[1]
+
+ body = bytes[2:2+tagLen]
+
+ if tag == 0x61:
+ ret += '\tFCI\n'
+
+ while len(body) > 2:
+ tag2 = body[0]
+ tag2Len = body[1]
+ tag2Body = body[2:2+tag2Len]
+
+ if tag2 == 0x4F:
+ ret += '\t\tApplication AID: %s\n' % tag2Body.hex()
+
+ elif tag2 == 0x50:
+ ret += '\t\tApplication label: %s\n' % tag2Body.encode('utf8')
+
+ elif tag2 == 0x73:
+ body2 = tag2Body
+ tokens = []
+ while len(body2) > 2:
+ tag3 = body2[0]
+ tag3Len = body2[1]
+
+ if tag3 == 0x40:
+ v = body2[2]
+ if v & 0x80:
+ tokens.append('mutualAuthSymAlgo')
+ if v & 0x40:
+ tokens.append('extAuthSymAlgo')
+ if v & 0x20:
+ tokens.append('keyEstabIntAuthECC')
+
+
+ body2 = body2[2+tag3Len:]
+
+ ret += '\t\tDiscretionary data objects: %s\n' % ",".join(tokens)
+ else:
+ ret += '\t\tunhandled tag=0x%x body=%s\n' % (tag2, tag2Body.hex())
+
+ body = body[2+tag2Len:]
+
+ return ret
+
+
+ def selectResult(self, selectT, status, body):
+ if not len(body):
+ return ''
+
+ if selectT == 'FCP':
+ return self.parseFcp(body)
+ elif selectT == 'FCI':
+ return self.parseFci(body)
+ else:
+ return '\tselectResult(%s, %s, %s)\n' % (selectT, status, body.hex())
+
+ def getData(self, fileId, bytes):
+ lc = bytes[4]
+ tag = bytes[5]
+ tagLen = bytes[6]
+
+ if tag == 0x5c:
+ doStr = bytes[7:7+tagLen].hex()
+ ret = '\tDO=%s\n' % DOs.get(doStr, "<%s>" % doStr)
+ self.lastDo = doStr
+ else:
+ ret = '\tunknown tag=0%x len=%d v=%s' % (tag, tagLen, bytes[7:7+tagLen].hex())
+
+ return ret
+
+ def getDataResult(self, status, body):
+ ret = ''
+ '''
+ while len(body) > 2:
+ tag = body[0]
+ tagLen = body[1]
+
+ ret += '\ttag=0x%x len=%d content=%s\n' % (tag, tagLen, body[2:2+tagLen].hex())
+
+ body = body[2+tagLen:]
+ '''
+ return ret
+
+ def mse(self, body):
+ return body.hex()
+
+ def mseResult(self, status, body):
+ return body.hex()
+
+ def pso(self, body):
+ return body.hex()
+
+ def psoResult(self, status, body):
+ return body.hex()
+
+
+
+def createAppByAid(aid):
+ if aid == "a000000308":
+ return ApplicationPIV(aid)
+
+ elif aid in ('a00000039742544659',):
+ return ApplicationGids(aid)
+
+ return ApplicationDummy(aid)
+
+
+if __name__ == '__main__':
+ if len(sys.argv) > 1:
+ fin = open(sys.argv[1], "r")
+ else:
+ fin = sys.stdin
+
+ lineno = 0
+ lastCmd = 0
+ lastSelect = None
+ lastSelectFCI = False
+ lastGetItem = None
+ currentApp = None
+
+ for l in fin.readlines():
+ lineno += 1
+
+ if not len(l):
+ continue
+
+ # smartcard loggers have changed
+ #if l.find("[DEBUG][com.freerdp.channels.smartcard.client]") == -1:
+ # continue
+
+ body = ''
+ recvKey = 'pbRecvBuffer: { '
+
+ pos = l.find(recvKey)
+ if pos != -1:
+ toCard = False
+
+ pos += len(recvKey)
+ pos2 = l.find(' }', pos)
+ if pos2 == -1:
+ print("line %d: invalid recvBuffer")
+ continue
+
+ else:
+ toCard = True
+ sendKey = 'pbSendBuffer: { '
+ pos = l.find(sendKey)
+ if pos == -1:
+ continue
+ pos += len(sendKey)
+
+ pos2 = l.find(' }', pos)
+ if pos2 == -1:
+ print("line %d: invalid sendBuffer")
+ continue
+
+ body = l[pos:pos2]
+
+ print(l[0:-1])
+ bytes = codecs.decode(body, 'hex')
+ if toCard:
+ (cla, ins, p1, p2) = bytes[0:4]
+ cmdName = CMD_NAMES.get(ins, "<COMMAND 0x%x>" % ins)
+ print(cmdName + ":")
+
+ if cmdName == "SELECT":
+ lc = bytes[4]
+ i = 5
+
+ if p1 == 0x00:
+ print("\tselectByFID: %0.2x%0.2x" % (bytes[i], bytes[i+1]))
+ i = i + lc
+
+ elif p1 == 0x4:
+ aid = bytes[i:i+lc].hex()
+ lastSelect = AIDs.get(aid, '')
+ print("\tselectByAID: %s(%s)" % (aid, lastSelect))
+
+ if p2 == 0x00:
+ lastSelectT = "FCI"
+ print('\tFCI')
+ elif p2 == 0x04:
+ print('\tFCP')
+ lastSelectT = "FCP"
+ elif p2 == 0x08:
+ print('\tFMD')
+ lastSelectT = "FMD"
+
+ if not currentApp or currentApp.getAID() != aid:
+ currentApp = createAppByAid(aid)
+
+
+ elif cmdName == "VERIFY":
+ lc = bytes[4]
+ P2_DATA_QUALIFIER = {
+ 0x00: "Card global password",
+ 0x01: "RFU",
+ 0x80: "Application password",
+ 0x81: "Application resetting password",
+ 0x82: "Application security status resetting code",
+ }
+
+ pin=''
+ if lc:
+ pin = ", pin='" + bytes[5:5+lc-2].decode('utf8)') + "'"
+
+ print("\t%s%s" % (P2_DATA_QUALIFIER.get(p2, "<unknown>"), pin))
+
+ elif cmdName == "GET DATA":
+ lc = bytes[4]
+ fileId = p1 * 256 + p2
+
+ ret = currentApp.getData(fileId, bytes)
+ print("%s" % ret)
+
+ elif cmdName == "MSE":
+ ret = currentApp.mse(bytes[5:5+lc])
+ print("%s" % ret)
+
+ elif cmdName == "PSO":
+ ret = currentApp.pso(bytes[5:5+lc])
+ print("%s" % ret)
+ else:
+ print('handle %s' % cmdName)
+
+ lastCmd = cmdName
+
+ else:
+ # Responses
+ status = bytes[-1] + bytes[-2] * 256
+ body = bytes[0:-2]
+ print("status=0x%0.4x(%s)" % (status, ERROR_CODES.get(status, "<unknown>")))
+
+ if not len(body):
+ continue
+
+ ret = ''
+ if lastCmd == "SELECT":
+ ret = currentApp.selectResult(lastSelectT, status, body)
+ elif lastCmd == "GET DATA":
+ ret = currentApp.getDataResult(status, body)
+ elif lastCmd == "MSE":
+ ret = currentApp.mseResult(status, body)
+ elif lastCmd == "PSO":
+ ret = currentApp.psoResult(status, body)
+
+ if ret:
+ print("%s" % ret) \ No newline at end of file
diff --git a/tools/update-settings-tests b/tools/update-settings-tests
new file mode 100755
index 0000000..bd8e439
--- /dev/null
+++ b/tools/update-settings-tests
@@ -0,0 +1,349 @@
+#!/usr/bin/env python3
+import os
+import sys
+
+def get_values(entry_dict, entry_type):
+ values = []
+ if '*' == entry_type:
+ for key in list(entry_dict.keys()):
+ if entry_type in key:
+ values += entry_dict[key]
+ entry_dict.pop(key, None)
+ elif entry_type in dict(entry_dict):
+ values = entry_dict[entry_type]
+ entry_dict.pop(entry_type, None)
+ if values:
+ return sorted(values)
+ return values
+
+def write_entry(f, entry_dict, entry_type, entry_name):
+ values = get_values(entry_dict, entry_type)
+ if not values:
+ return
+
+ f.write('#define have_' + entry_name.lower() + '_list_indices\n')
+ f.write('static const size_t ' + entry_name.lower() + '_list_indices[] =\n')
+ f.write('{\n')
+
+ for val in values:
+ f.write('\tFreeRDP_' + val + ',\n')
+
+ f.write('};\n\n')
+
+def write_str_case(f, entry_idx, val):
+ entry_types = ['BOOL', 'UINT16', 'INT16', 'UINT32', 'INT32', 'UINT64', 'INT64', 'STRING', 'POINTER']
+ f.write('\t\t{FreeRDP_' + val + ', FREERDP_SETTINGS_TYPE_' + str(entry_types[entry_idx]) + ', "FreeRDP_' + val + '"},\n')
+
+def write_str(f, entry_dict):
+ f.write('typedef enum {\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_BOOL,\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_UINT16,\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_INT16,\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_UINT32,\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_INT32,\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_UINT64,\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_INT64,\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_STRING,\n')
+ f.write('\tFREERDP_SETTINGS_TYPE_POINTER\n')
+ f.write('} FREERDP_SETTINGS_TYPE;\n')
+ f.write('\n')
+ f.write('struct settings_str_entry {\n')
+ f.write('\tSSIZE_T id;\n')
+ f.write('\tSSIZE_T type;\n')
+ f.write('\tconst char* str;\n')
+ f.write('};\n')
+ f.write('static const struct settings_str_entry settings_map[] =\n')
+ f.write('{\n')
+
+ entry_types = ['BOOL', 'UINT16', 'INT16', 'UINT32', 'INT32', 'UINT64', 'INT64', 'char*', '*']
+ for entry_type in entry_types:
+ values = get_values(entry_dict, entry_type)
+ if values:
+ for val in values:
+ write_str_case(f, entry_types.index(entry_type), val)
+ f.write('};\n\n')
+ f.write('\n')
+
+def write_getter_case(f, val):
+ f.write('\t\tcase FreeRDP_' + val + ':\n')
+ f.write('\t\t\treturn settings->' + val + ';\n\n')
+
+def write_getter_body(f, values, ret):
+ f.write('{\n')
+ f.write('\tWINPR_ASSERT(settings);\n\n')
+ f.write('\tswitch (id)\n')
+ f.write('\t{\n')
+ if values:
+ for val in values:
+ write_getter_case(f, val)
+ f.write('\t\tdefault:\n')
+ f.write('\t\t\tWLog_ERR(TAG, "Invalid key index %" PRIuz " [%s|%s]", id, freerdp_settings_get_name_for_key(id), freerdp_settings_get_type_name_for_key(id));\n')
+ f.write('\t\t\tWINPR_ASSERT(FALSE);\n')
+ f.write('\t\t\treturn ' + ret + ';\n')
+ f.write('\t}\n')
+ f.write('}\n\n')
+
+def write_getter(f, entry_dict, entry_type, entry_name, postfix):
+ isString = 'string' in entry_name
+ isPointer = 'pointer' in entry_name
+ values = get_values(entry_dict, entry_type)
+
+ typestr = 'FreeRDP_Settings_Keys_' + entry_name.capitalize()
+ typestr = typestr.replace('_Uint', '_UInt')
+
+ if isPointer:
+ f.write('void*')
+ elif isString:
+ f.write('const ' + entry_type)
+ else:
+ f.write(entry_type)
+
+ if isPointer:
+ f.write(' freerdp_settings_get_pointer_writable(rdpSettings* settings, ' + typestr + ' id)\n')
+ else:
+ f.write(' freerdp_settings_get_' + entry_name.lower() + '(const rdpSettings* settings, ' + typestr + ' id)\n')
+ if isString or isPointer:
+ ret = 'NULL';
+ elif 'bool' in entry_name:
+ ret = 'FALSE';
+ else:
+ ret = '0';
+
+ write_getter_body(f, values, ret)
+
+ if isString:
+ f.write('char* freerdp_settings_get_' + entry_name.lower() + '_writable(rdpSettings* settings, ' + typestr + ' id)\n')
+ write_getter_body(f, values, ret)
+
+def write_setter_case(f, val, postfix, isPointer):
+ f.write('\t\tcase FreeRDP_' + val + ':\n')
+ if isPointer:
+ f.write('\t\t\tsettings->' + val + ' = cnv.v;\n')
+ f.write('\t\t\tbreak;\n\n')
+ elif not postfix:
+ f.write('\t\t\tsettings->' + val + ' = cnv.c;\n')
+ f.write('\t\t\tbreak;\n\n')
+ elif len(postfix) <= 1:
+ f.write('\t\t\treturn update_string' + postfix + '(&settings->' + val + ', cnv.c, len);\n\n')
+ else:
+ f.write('\t\t\treturn update_string' + postfix + '(&settings->' + val + ', cnv.cc, len, cleanup);\n\n')
+
+def write_setter(f, entry_dict, entry_type, entry_name, postfix):
+ isString = 'string' in entry_name
+ isPointer = 'pointer' in entry_name
+ values = get_values(entry_dict, entry_type)
+
+ typestr = 'FreeRDP_Settings_Keys_' + entry_name.capitalize()
+ typestr = typestr.replace('_Uint', '_UInt')
+ f.write('BOOL freerdp_settings_set_' + entry_name.lower())
+ f.write(postfix)
+ f.write('(rdpSettings* settings, ' + typestr + ' id, ')
+ if isString and len(postfix) > 1 or isPointer:
+ f.write('const ')
+ if not isPointer:
+ f.write(entry_type + ' val')
+ else:
+ f.write('void* val')
+ if isString and len(postfix) <= 1:
+ f.write(', size_t len)\n')
+ elif isString:
+ f.write(', size_t len, BOOL cleanup)\n')
+ else:
+ f.write(')\n')
+ f.write('{\n')
+ f.write('\tunion\n')
+ f.write('\t{\n')
+ f.write('\t\tvoid* v;\n')
+ f.write('\t\tconst void* cv;\n')
+ if not isPointer:
+ f.write(' ' + entry_type + ' c;\n')
+ f.write(' const ' + entry_type + ' cc;\n')
+ f.write('} cnv;\n')
+
+ f.write('\tWINPR_ASSERT(settings);\n\n')
+ if isPointer:
+ f.write('\tcnv.cv = val;\n\n')
+ elif isString:
+ f.write('\tcnv.cc = val;\n\n')
+ else:
+ f.write('\tcnv.c = val;\n\n')
+ f.write('\tswitch (id)\n')
+ f.write('\t{\n')
+ if values:
+ for val in values:
+ write_setter_case(f, val, postfix, isPointer)
+ f.write('\t\tdefault:\n')
+ f.write('\t\t\tWLog_ERR(TAG, "Invalid key index %" PRIuz " [%s|%s]", id, freerdp_settings_get_name_for_key(id), freerdp_settings_get_type_name_for_key(id));\n')
+ f.write('\t\t\treturn FALSE;\n')
+ f.write('\t}\n')
+ f.write('\treturn TRUE;\n')
+ f.write('}\n\n')
+ f.write('\n')
+ if isString and len(postfix) <= 1:
+ f.write('BOOL freerdp_settings_set_string_len(rdpSettings* settings, FreeRDP_Settings_Keys_String id, const char* val, size_t len)\n')
+ f.write('{\n')
+ f.write('\treturn freerdp_settings_set_string_copy_(settings, id, val, len, TRUE);\n')
+ f.write('}\n')
+ f.write('\n')
+
+ f.write('BOOL freerdp_settings_set_string(rdpSettings* settings, FreeRDP_Settings_Keys_String id, const char* val)\n')
+ f.write('{\n')
+ f.write('\tsize_t len = 0;\n')
+ f.write('\tif (val) len = strlen(val);\n')
+ f.write('\treturn freerdp_settings_set_string_copy_(settings, id, val, len, TRUE);\n')
+ f.write('}\n')
+ f.write('\n')
+
+name = os.path.dirname(os.path.realpath(__file__))
+begin = "WARNING: this data structure is carefully padded for ABI stability!"
+end = "WARNING: End of ABI stable zone!"
+
+print('begin parsing settings header')
+try:
+ type_list = dict()
+
+ with open(name + "/../include/freerdp/settings_types_private.h", "r") as f:
+ lines = f.readlines()
+ started = False
+ for line in lines:
+ if not started:
+ if begin in line:
+ started = True
+ continue
+
+ if end in line:
+ break
+
+ sline = line.strip()
+ if not sline:
+ continue
+ if sline.startswith('/'):
+ continue
+ if sline.startswith('*'):
+ continue
+ if 'padding' in sline:
+ continue
+
+ if sline.startswith('SETTINGS_DEPRECATED(ALIGN64'):
+ sline = sline[27:].strip()
+
+ sline = sline[:sline.find(');')]
+ pair = sline.split()
+ if pair[0] in type_list:
+ type_list[pair[0]].append(pair[1])
+ else:
+ type_list[pair[0]] = [pair[1]]
+
+ with open(name + '/../libfreerdp/common/settings_getters.c', 'w+') as f:
+ f.write('/* Generated by ' + '' + ' */\n\n')
+ f.write('#include "../core/settings.h"\n\n')
+ f.write('#include <winpr/assert.h>\n')
+ f.write('#include <freerdp/settings.h>\n')
+ f.write('#include <freerdp/log.h>\n\n')
+ f.write('#define TAG FREERDP_TAG("common.settings")\n\n')
+
+ f.write('static void free_string(char** current, BOOL cleanup)\n')
+ f.write('{\n')
+ f.write('\tif (cleanup)\n')
+ f.write('\t{\n')
+ f.write('\t\tif (*current)\n')
+ f.write('\t\t\tmemset(*current, 0, strlen(*current));\n')
+ f.write('\t\tfree(*current);\n')
+ f.write('\t\t(*current) = NULL;\n')
+ f.write('\t}\n')
+ f.write('}\n\n')
+
+ f.write('static BOOL alloc_empty_string(char** current, const char* next, size_t next_len)\n')
+ f.write('{\n')
+ f.write('\tif (!next && (next_len > 0))\n')
+ f.write('\t{\n')
+ f.write('\t\t*current = calloc(next_len, 1);\n')
+ f.write('\t\treturn (*current != NULL);\n')
+ f.write('\t}\n')
+ f.write('\treturn FALSE;\n')
+ f.write('}\n\n')
+
+
+ f.write('static BOOL update_string_copy_(char** current, const char* next, size_t next_len, BOOL cleanup)\n')
+ f.write('{\n')
+ f.write('\tfree_string(current, cleanup);\n')
+ f.write('\n')
+ f.write('\tif (alloc_empty_string(current, next, next_len))\n')
+ f.write('\t\treturn TRUE;\n')
+ f.write('\n')
+ f.write('\t*current = (next ? strndup(next, next_len) : NULL);\n')
+ f.write('\treturn !next || (*current != NULL);\n')
+ f.write('}\n\n')
+
+ f.write('static BOOL update_string_(char** current, char* next, size_t next_len)\n')
+ f.write('{\n')
+ f.write('\tfree_string(current, TRUE);\n')
+ f.write('\n')
+ f.write('\tif (alloc_empty_string(current, next, next_len))\n')
+ f.write('\t\treturn TRUE;\n')
+ f.write('\n')
+ f.write('\t*current = next;\n')
+ f.write('\treturn !next || (*current != NULL);\n')
+ f.write('}\n\n')
+
+ getter_list = dict(type_list)
+ setter_list = dict(type_list)
+ setter_list2 = dict(type_list)
+ write_getter(f, getter_list, 'BOOL', 'bool', '')
+ write_setter(f, setter_list, 'BOOL', 'bool', '')
+ write_getter(f, getter_list, 'UINT16', 'uint16', '')
+ write_setter(f, setter_list, 'UINT16', 'uint16', '')
+ write_getter(f, getter_list, 'INT16', 'int16', '')
+ write_setter(f, setter_list, 'INT16', 'int16', '')
+ write_getter(f, getter_list, 'UINT32', 'uint32', '')
+ write_setter(f, setter_list, 'UINT32', 'uint32', '')
+ write_getter(f, getter_list, 'INT32', 'int32', '')
+ write_setter(f, setter_list, 'INT32', 'int32', '')
+ write_getter(f, getter_list, 'UINT64', 'uint64', '')
+ write_setter(f, setter_list, 'UINT64', 'uint64', '')
+ write_getter(f, getter_list, 'INT64', 'int64', '')
+ write_setter(f, setter_list, 'INT64', 'int64', '')
+ write_getter(f, getter_list, 'char*', 'string', '_')
+ write_setter(f, setter_list, 'char*', 'string', '_')
+ write_setter(f, setter_list2, 'char*', 'string', '_copy_')
+ write_getter(f, getter_list, '*', 'pointer', '')
+ write_setter(f, setter_list, '*', 'pointer', '')
+
+ f.write('\n')
+
+ with open(name + '/../libfreerdp/common/settings_str.h', 'w+') as f:
+ f.write('/* Generated by ' + '' + ' */\n\n')
+ f.write('#ifndef FREERDP_CORE_SETTINGS_STR_H\n')
+ f.write('#define FREERDP_CORE_SETTINGS_STR_H\n\n')
+ f.write('#include "../core/settings.h"\n\n')
+ f.write('#include <freerdp/settings.h>\n')
+ f.write('#include <freerdp/log.h>\n\n')
+ f.write('#define TAG FREERDP_TAG("common.settings")\n\n')
+
+ getter_list = dict(type_list)
+ write_str(f, getter_list)
+ f.write('#endif\n')
+ f.write('\n')
+
+
+ with open(name + '/../libfreerdp/core/test/settings_property_lists.h', 'w+') as f:
+ f.write('#ifndef TEST_SETTINGS_PROPERTY_LISTS\n')
+ f.write('#define TEST_SETTINGS_PROPERTY_LISTS\n\n')
+
+ write_entry(f, type_list, 'BOOL', 'bool')
+ write_entry(f, type_list, 'UINT16', 'uint16')
+ write_entry(f, type_list, 'INT16', 'int16')
+ write_entry(f, type_list, 'UINT32', 'uint32')
+ write_entry(f, type_list, 'INT32', 'int32')
+ write_entry(f, type_list, 'UINT64', 'uint64')
+ write_entry(f, type_list, 'INT64', 'int64')
+ write_entry(f, type_list, 'char*', 'string')
+ write_entry(f, type_list, '*', 'pointer')
+
+ f.write('#endif /* TEST_SETTINGS_PROPERTY_LISTS */\n\n')
+
+ print('remaining:\n' + str(type_list))
+except IOError as e:
+ print('failed to parse settings header ' + str(e))
+ sys.exit(-1)
+print('ended parsing settings header')
diff --git a/tools/wireshark/rdp-udp.lua b/tools/wireshark/rdp-udp.lua
new file mode 100644
index 0000000..ce80ece
--- /dev/null
+++ b/tools/wireshark/rdp-udp.lua
@@ -0,0 +1,709 @@
+--[[
+ RDP UDP transport dissector for wireshark
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Copyright 2021 David Fort <contact@hardening-consulting.com>
+--]]
+
+local sslDissector = Dissector.get ("tls")
+local dtlsDissector = Dissector.get ("dtls")
+
+local dprint = function(...)
+ print(table.concat({"Lua:", ...}," "))
+end
+
+local dprint2 = dprint
+
+dprint2("loading RDP-UDP with wireshark=", get_version())
+
+local rdpudp = Proto("rdpudp", "UDP transport for RDP")
+
+-- UDP1 fields
+local pf_udp_snSourceAck = ProtoField.uint32("rdpudp.snsourceack", "snSourceAck", base.HEX)
+local pf_udp_ReceiveWindowSize = ProtoField.uint16("rdpudp.receivewindowsize", "ReceiveWindowSize", base.DEC)
+local pf_udp_flags = ProtoField.uint16("rdpudp.flags", "Flags", base.HEX)
+
+RDPUDP_SYN = 0x0001
+RDPUDP_FIN = 0x0002
+RDPUDP_ACK = 0x0004
+RDPUDP_DATA = 0x0008
+RDPUDP_FEC = 0x0010
+RDPUDP_CN = 0x0020
+RDPUDP_CWR = 0x0040
+RDPUDP_AOA = 0x0100
+RDPUDP_SYNLOSSY = 0x0200
+RDPUDP_ACKDELAYED = 0x0400
+RDPUDP_CORRELATIONID = 0x0800
+RDPUDP_SYNEX = 0x1000
+
+local pf_udp_flag_syn = ProtoField.bool("rdpudp.flags.syn", "Syn", base.HEX, nil, RDPUDP_SYN)
+local pf_udp_flag_fin = ProtoField.bool("rdpudp.flags.fin", "Fin", base.HEX, nil, RDPUDP_FIN)
+local pf_udp_flag_ack = ProtoField.bool("rdpudp.flags.ack", "Ack", base.HEX, nil, RDPUDP_ACK)
+local pf_udp_flag_data = ProtoField.bool("rdpudp.flags.data", "Data", base.HEX, nil, RDPUDP_DATA)
+local pf_udp_flag_fec = ProtoField.bool("rdpudp.flags.fec", "FECData", base.HEX, nil, RDPUDP_FEC)
+local pf_udp_flag_cn = ProtoField.bool("rdpudp.flags.cn", "CN", base.HEX, nil, RDPUDP_CN)
+local pf_udp_flag_cwr = ProtoField.bool("rdpudp.flags.cwr", "CWR", base.HEX, nil, RDPUDP_CWR)
+local pf_udp_flag_aoa = ProtoField.bool("rdpudp.flags.aoa", "Ack of Acks", base.HEX, nil, RDPUDP_AOA)
+local pf_udp_flag_synlossy = ProtoField.bool("rdpudp.flags.synlossy", "Syn lossy", base.HEX, nil, RDPUDP_SYNLOSSY)
+local pf_udp_flag_ackdelayed = ProtoField.bool("rdpudp.flags.ackdelayed", "Ack delayed", base.HEX, nil, RDPUDP_ACKDELAYED)
+local pf_udp_flag_correlationId = ProtoField.bool("rdpudp.flags.correlationid", "Correlation id", base.HEX, nil, RDPUDP_CORRELATIONID)
+local pf_udp_flag_synex = ProtoField.bool("rdpudp.flags.synex", "SynEx", base.HEX, nil, RDPUDP_SYNEX)
+
+local pf_udp_snInitialSequenceNumber = ProtoField.uint32("rdpudp.initialsequencenumber", "Initial SequenceNumber", base.HEX)
+local pf_udp_upstreamMtu = ProtoField.uint16("rdpudp.upstreammtu", "Upstream MTU", base.DEC)
+local pf_udp_downstreamMtu = ProtoField.uint16("rdpudp.downstreammtu", "DownStream MTU", base.DEC)
+
+local pf_udp_correlationId = ProtoField.new("Correlation Id", "rdpudp.correlationid", ftypes.BYTES)
+
+local pf_udp_synex_flags = ProtoField.uint16("rdpudp.synex.flags", "Flags", base.HEX)
+local pf_udp_synex_flag_version = ProtoField.bool("rdpudp.synex.flags.versioninfo", "Version info", base.HEX, nil, 0x0001)
+local pf_udp_synex_version = ProtoField.uint16("rdpudp.synex.version", "Version", base.HEX, {[1]="Version 1", [2]="Version 2", [0x101]="Version 3"})
+local pf_udp_synex_cookiehash = ProtoField.new("Cookie Hash", "rdpudp.synex.cookiehash", ftypes.BYTES)
+
+local pf_udp_ack_vectorsize = ProtoField.uint16("rdpudp.ack.vectorsize", "uAckVectorSize", base.DEC)
+local pf_udp_ack_item = ProtoField.uint8("rdpudp.ack.item", "Ack item", base.HEX)
+local pf_udp_ack_item_state = ProtoField.uint8("rdpudp.ack.item.state", "VECTOR_ELEMENT_STATE", base.HEX, {[0]="Received", [1]="Reserved 1", [2]="Reserved 2", [3]="Pending"}, 0xc0)
+local pf_udp_ack_item_rle = ProtoField.uint8("rdpudp.ack.item.rle", "Run length", base.DEC, nil, 0x3f)
+
+local pf_udp_fec_coded = ProtoField.uint32("rdpudp.fec.coded", "snCoded", base.HEX)
+local pf_udp_fec_sourcestart = ProtoField.uint32("rdpudp.fec.sourcestart", "snSourceStart", base.HEX)
+local pf_udp_fec_range = ProtoField.uint8("rdpudp.fec.range", "Range", base.DEC)
+local pf_udp_fec_fecindex = ProtoField.uint8("rdpudp.fec.fecindex", "Fec index", base.HEX)
+
+local pf_udp_resetseqenum = ProtoField.uint32("rdpudp.resetSeqNum", "snResetSeqNum", base.HEX)
+
+local pf_udp_source_sncoded = ProtoField.uint32("rdpudp.data.sncoded", "snCoded", base.HEX)
+local pf_udp_source_snSourceStart = ProtoField.uint32("rdpudp.data.sourceStart", "snSourceStart", base.HEX)
+
+
+-- UDP2 fields
+local pf_PacketPrefixByte = ProtoField.new("PacketPrefixByte", "rdpudp2.prefixbyte", ftypes.UINT8, nil, base.HEX)
+
+local pf_packetType = ProtoField.uint8("rdpudp2.packetType", "PacketType", base.HEX, {[0] = "Data", [8] = "Dummy"}, 0x1e, "type of packet")
+
+RDPUDP2_ACK = 0x0001
+RDPUDP2_DATA = 0x0004
+RDPUDP2_ACKVEC = 0x0008
+RDPUDP2_AOA = 0x0010
+RDPUDP2_OVERHEAD = 0x0040
+RDPUDP2_DELAYACK = 0x00100
+
+local pf_flags = ProtoField.uint16("rdpudp2.flags", "Flags", base.HEX, nil, 0xfff, "flags")
+local pf_flag_ack = ProtoField.bool("rdpudp2.flags.ack", "Ack", base.HEX, nil, RDPUDP2_ACK, "packet contains Ack payload")
+local pf_flag_data = ProtoField.bool("rdpudp2.flags.data", "Data", base.HEX, nil, RDPUDP2_DATA, "packet contains Data payload")
+local pf_flag_ackvec = ProtoField.bool("rdpudp2.flags.ackvec", "AckVec", base.HEX, nil, RDPUDP2_ACKVEC, "packet contains AckVec payload")
+local pf_flag_aoa = ProtoField.bool("rdpudp2.flags.ackofacks", "AckOfAcks", base.HEX, nil, RDPUDP2_AOA, "packet contains AckOfAcks payload")
+local pf_flag_overhead = ProtoField.bool("rdpudp2.flags.overheadsize", "OverheadSize", base.HEX, nil, RDPUDP2_OVERHEAD, "packet contains OverheadSize payload")
+local pf_flag_delayackinfo = ProtoField.bool("rdpudp2.flags.delayackinfo", "DelayedAckInfo", base.HEX, nil, RDPUDP2_DELAYACK, "packet contains DelayedAckInfo payload")
+
+local pf_logWindow = ProtoField.uint16("rdpudp2.logWindow", "LogWindow", base.DEC, nil, 0xf000, "flags")
+
+local pf_AckSeq = ProtoField.uint16("rdpudp2.ack.seqnum", "Base Seq", base.HEX)
+local pf_AckTs = ProtoField.uint24("rdpudp2.ack.ts", "receivedTS", base.DEC)
+local pf_AckSendTimeGap = ProtoField.uint8("rdpudp2.ack.sendTimeGap", "sendTimeGap", base.DEC)
+local pf_ndelayedAcks = ProtoField.uint8("rdpudp2.ack.numDelayedAcks", "NumDelayedAcks", base.DEC, nil, 0x0f)
+local pf_delayedTimeScale = ProtoField.uint8("rdpudp2.ack.delayedTimeScale", "delayedTimeScale", base.DEC, nil, 0xf0)
+local pf_delayedAcks = ProtoField.new("Delayed acks", "rdpudp2.ack.delayedAcks", ftypes.BYTES)
+local pf_delayedAck = ProtoField.uint8("rdpudp2.ack.delayedAck", "Delayed ack", base.DEC)
+
+local pf_OverHeadSize = ProtoField.uint8("rdpudp2.overheadsize", "Overhead size", base.DEC)
+
+local pf_DelayAckMax = ProtoField.uint8("rdpudp2.delayackinfo.max", "MaxDelayedAcks", base.DEC)
+local pf_DelayAckTimeout = ProtoField.uint8("rdpudp2.delayackinfo.timeout", "DelayedAckTimeoutInMs", base.DEC)
+
+local pf_AckOfAcks = ProtoField.uint16("rdpudp2.ackofacks", "Ack of Acks", base.HEX)
+
+local pf_DataSeqNumber = ProtoField.uint16("rdpudp2.data.seqnum", "sequence number", base.HEX)
+local pf_DataChannelSeqNumber = ProtoField.uint16("rdpudp2.data.channelseqnumber", "Channel sequence number", base.HEX)
+local pf_Data = ProtoField.new("Data", "rdpudp2.data", ftypes.BYTES)
+
+local pf_AckvecBaseSeq = ProtoField.uint16("rdpudp2.ackvec.baseseqnum", "Base sequence number", base.HEX)
+local pf_AckvecCodecAckVecSize = ProtoField.uint16("rdpudp2.ackvec.codecackvecsize", "Codec ackvec size", base.DEC, nil, 0x7f)
+local pf_AckvecHaveTs = ProtoField.bool("rdpudp2.ackvec.havets", "have timestamp", base.DEC, nil, 0x80)
+local pf_AckvecTimeStamp = ProtoField.uint24("rdpudp2.ackvec.timestamp", "Timestamp", base.HEX)
+local pf_AckvecCodedAck = ProtoField.uint8("rdpudp2.ackvec.codecAck", "Coded Ack", base.HEX)
+local pf_AckvecCodedAckMode = ProtoField.uint8("rdpudp2.ackvec.codecAckMode", "Mode", base.HEX, {[0]="Bitmap", [1]="Run length"}, 0x80)
+local pf_AckvecCodedAckRleState = ProtoField.uint8("rdpudp2.ackvec.codecAckRleState", "State", base.HEX, {[0]="lost",[1]="received"}, 0x40)
+local pf_AckvecCodedAckRleLen = ProtoField.uint8("rdpudp2.ackvec.codecAckRleLen", "Length", base.DEC, nil, 0x3f)
+
+rdpudp.fields = {
+ -- UDP1
+ pf_udp_snSourceAck, pf_udp_ReceiveWindowSize, pf_udp_flags, pf_udp_flag_syn,
+ pf_udp_flag_fin, pf_udp_flag_ack, pf_udp_flag_data, pf_udp_flag_fec, pf_udp_flag_cn,
+ pf_udp_flag_cwr, pf_udp_flag_aoa, pf_udp_flag_synlossy, pf_udp_flag_ackdelayed,
+ pf_udp_flag_correlationId, pf_udp_flag_synex,
+ pf_udp_snInitialSequenceNumber, pf_udp_upstreamMtu, pf_udp_downstreamMtu,
+ pf_udp_correlationId,
+ pf_udp_synex_flags, pf_udp_synex_flag_version, pf_udp_synex_version, pf_udp_synex_cookiehash,
+ pf_udp_ack_vectorsize, pf_udp_ack_item, pf_udp_ack_item_state, pf_udp_ack_item_rle,
+ pf_udp_fec_coded, pf_udp_fec_sourcestart, pf_udp_fec_range, pf_udp_fec_fecindex,
+ pf_udp_resetseqenum,
+ pf_udp_source_sncoded, pf_udp_source_snSourceStart,
+
+ -- UDP2
+ pf_PacketPrefixByte, pf_packetType,
+ pf_flags, pf_flag_ack, pf_flag_data, pf_flag_ackvec, pf_flag_aoa, pf_flag_overhead, pf_flag_delayackinfo,
+ pf_logWindow,
+ pf_Ack, pf_AckSeq, pf_AckTs, pf_AckSendTimeGap, pf_ndelayedAcks, pf_delayedTimeScale, pf_delayedAcks,
+ pf_OverHeadSize,
+ pf_DelayAckMax, pf_DelayAckTimeout,
+ pf_AckOfAcks,
+ pf_DataSeqNumber, pf_Data, pf_DataChannelSeqNumber,
+ pf_Ackvec, pf_AckvecBaseSeq, pf_AckvecCodecAckVecSize, pf_AckvecHaveTs, pf_AckvecTimeStamp, pf_AckvecCodedAck, pf_AckvecCodedAckMode,
+ pf_AckvecCodedAckRleState, pf_AckvecCodedAckRleLen
+}
+
+rdpudp.prefs.track_udp2_peer_states = Pref.bool("Track state of UDP2 peers", true, "Keep track of state of UDP2 peers (receiver and sender windows")
+rdpudp.prefs.debug_ssl = Pref.bool("SSL debug message", false, "print verbose message of the SSL fragments reassembly")
+
+
+
+local field_rdpudp_flags = Field.new("rdpudp.flags")
+local field_rdpudp2_packetType = Field.new("rdpudp2.packetType")
+local field_rdpudp2_channelSeqNumber = Field.new("rdpudp2.data.channelseqnumber")
+local field_rdpudp2_ackvec_base = Field.new("rdpudp2.ackvec.baseseqnum")
+
+function unwrapPacket(tvbuf)
+ local len = tvbuf:reported_length_remaining()
+ local ret = tvbuf:bytes(7, 1) .. tvbuf:bytes(1, 6) .. tvbuf:bytes(0, 1) .. tvbuf:bytes(8, len-8)
+ --dprint2("iput first bytes=", tvbuf:bytes(0, 9):tohex(true, " "))
+ --dprint2("oput first bytes=", ret:subset(0, 9):tohex(true, " "))
+ return ret:tvb("RDP-UDP unwrapped")
+end
+
+function rdpudp.init()
+ udpComms = {}
+end
+
+function computePacketKey(pktinfo)
+ local addr_lo = pktinfo.net_src
+ local addr_hi = pktinfo.net_dst
+ local port_lo = pktinfo.src_port
+ local port_hi = pktinfo.dst_port
+
+ if addr_lo > addr_hi then
+ addr_hi, addr_lo = addr_lo, addr_hi
+ port_hi, port_lo = port_lo, port_hi
+ end
+
+ return tostring(addr_lo) .. ":" .. tostring(port_lo) .. " -> " .. tostring(addr_hi) .. ":" .. tostring(port_hi)
+end
+
+function tableItem(pktinfo)
+ local key = computePacketKey(pktinfo)
+ local ret = udpComms[key]
+ if ret == nil then
+ dprint2(pktinfo.number .. " creating entry for " .. key)
+ udpComms[key] = { isLossy = false, switchToUdp2 = nil, sslFragments = {},
+ serverAddr = nil, clientAddr = nil,
+ serverState = { receiveLow = nil, receiveHigh = nil, senderLow = nil, senderHigh = nil },
+ clientState = { receiveLow = nil, receiveHigh = nil, senderLow = nil, senderHigh = nil }
+ }
+ ret = udpComms[key]
+ end
+ return ret
+end
+
+function doAlign(v, alignment)
+ local rest = v % alignment
+ if rest ~= 0 then
+ return v + alignment - rest
+ end
+ return v
+end
+
+function dissectV1(tvbuf, pktinfo, tree)
+ --dprint2("dissecting in UDP1 mode")
+ local pktlen = tvbuf:reported_length_remaining()
+
+ tree:add(pf_udp_snSourceAck, tvbuf:range(0, 4))
+ tree:add(pf_udp_ReceiveWindowSize, tvbuf:range(4, 2))
+ local flagsRange = tvbuf:range(6, 2)
+ local flagsItem = tree:add(pf_udp_flags, flagsRange)
+ --
+ flagsItem:add(pf_udp_flag_syn, flagsRange)
+ flagsItem:add(pf_udp_flag_fin, flagsRange)
+ flagsItem:add(pf_udp_flag_ack, flagsRange)
+ flagsItem:add(pf_udp_flag_data, flagsRange)
+ flagsItem:add(pf_udp_flag_fec, flagsRange)
+ flagsItem:add(pf_udp_flag_cn, flagsRange)
+ flagsItem:add(pf_udp_flag_cwr, flagsRange)
+ flagsItem:add(pf_udp_flag_aoa, flagsRange)
+ flagsItem:add(pf_udp_flag_synlossy, flagsRange)
+ flagsItem:add(pf_udp_flag_ackdelayed, flagsRange)
+ flagsItem:add(pf_udp_flag_correlationId, flagsRange)
+ flagsItem:add(pf_udp_flag_synex, flagsRange)
+
+ startAt = 8
+ local flags = flagsRange:uint()
+ local haveSyn = bit32.band(flags, RDPUDP_SYN) ~= 0
+ local haveAck = bit32.band(flags, RDPUDP_ACK) ~= 0
+ local isLossySyn = bit32.band(flags, RDPUDP_SYNLOSSY) ~= 0
+ local tableRecord = tableItem(pktinfo)
+
+
+ if isLossySyn then
+ tableRecord.isLossy = true
+ end
+
+ if haveSyn then
+ -- dprint2("rdpudp - SYN")
+ local synItem = tree:add("Syn", tvbuf:range(startAt, 8))
+
+ synItem:add(pf_udp_snInitialSequenceNumber, tvbuf:range(startAt, 4))
+ synItem:add(pf_udp_upstreamMtu, tvbuf:range(startAt+4, 2))
+ synItem:add(pf_udp_downstreamMtu, tvbuf:range(startAt+6, 2))
+
+ startAt = startAt + 8
+ end
+
+ if bit32.band(flags, RDPUDP_CORRELATIONID) ~= 0 then
+ -- dprint2("rdpudp - CorrelationId")
+ tree:add(pf_udp_correlationId, tvbuf:range(startAt, 16))
+ startAt = startAt + 32
+ end
+
+ if bit32.band(flags, RDPUDP_SYNEX) ~= 0 then
+ -- dprint2("rdpudp - SynEx")
+ local synexItem = tree:add("SynEx")
+
+ local synexFlagsRange = tvbuf:range(startAt, 2)
+ local synexFlags = synexItem:add(pf_udp_synex_flags, synexFlagsRange);
+ --
+ synexFlags:add(pf_udp_synex_flag_version, synexFlagsRange)
+ local exflags = synexFlagsRange:uint()
+ startAt = startAt + 2
+ if bit32.band(exflags, 1) ~= 0 then
+ synexItem:add(pf_udp_synex_version, tvbuf:range(startAt, 2))
+ local versionVal = tvbuf:range(startAt, 2):uint()
+ startAt = startAt + 2
+
+ if versionVal == 0x101 then
+ if not haveAck then
+ synexItem:add(pf_udp_synex_cookiehash, tvbuf:range(startAt, 32))
+ startAt = startAt + 32
+ else
+ -- switch to UDP2
+ tableRecord.switchToUdp2 = pktinfo.number
+ end
+ end
+ end
+
+ local mask = RDPUDP_SYN + RDPUDP_ACK
+ if bit32.band(flags, mask) == mask then
+ tableRecord.serverAddr = tostring(pktinfo.net_src)
+ tableRecord.clientAddr = tostring(pktinfo.net_dst)
+ -- dprint2(pktinfo.number .. ": key='" .. computePacketKey(pktinfo) ..
+ -- "' setting server=" .. tableRecord.serverAddr .. " client=" .. tableRecord.clientAddr)
+ end
+ end
+
+ if haveAck and not haveSyn then
+ -- dprint2("rdpudp - Ack")
+ local ackItem = tree:add("Ack")
+ ackItem:add(pf_udp_ack_vectorsize, tvbuf:range(startAt, 2))
+
+ local i = 0
+ uAckVectorSize = tvbuf:range(startAt, 2):uint()
+ while i < uAckVectorSize do
+ local ackRange = tvbuf:range(startAt + 2 + i, 1)
+ local ack = ackItem:add(pf_udp_ack_item, ackRange)
+ ack:add(pf_udp_ack_item_state, ackRange)
+ ack:add(pf_udp_ack_item_rle, ackRange)
+ i = i + 1
+ end -- while
+
+ -- aligned on a dword (4 bytes) boundary
+ -- dprint2("pktinfo=",pktinfo.number," blockSz=",doAlign(2 + uAckVectorSize, 4))
+ startAt = startAt + doAlign(2 + uAckVectorSize, 4)
+ end
+
+ if bit32.band(flags, RDPUDP_FEC) ~= 0 then
+ -- dprint2("rdpudp - FEC header")
+ local fecItem = tree:add("FEC", tvbuf:range(startAt, 12))
+ fecItem:add(pf_udp_fec_coded, tvbuf:range(startAt, 4))
+ fecItem:add(pf_udp_fec_sourcestart, tvbuf:range(startAt+4, 4))
+ fecItem:add(pf_udp_fec_range, tvbuf:range(startAt+8, 1))
+ fecItem:add(pf_udp_fec_fecindex, tvbuf:range(startAt+9, 1))
+
+ startAt = startAt + (4 * 3)
+ end
+
+ if bit32.band(flags, RDPUDP_AOA) ~= 0 then
+ -- dprint2("rdpudp - AOA")
+ tree:add(pf_udp_resetseqenum, tvbuf:range(startAt, 4))
+ startAt = startAt + 4
+ end
+
+ if bit32.band(flags, RDPUDP_DATA) ~= 0 then
+ -- dprint2("rdpudp - Data")
+ local dataItem = tree:add("Data")
+ dataItem:add(pf_udp_source_sncoded, tvbuf:range(startAt, 4))
+ dataItem:add(pf_udp_source_snSourceStart, tvbuf:range(startAt+4, 4))
+ startAt = startAt + 8
+
+ local payload = tvbuf:range(startAt)
+ local subTvb = payload:tvb("payload")
+ if tableRecord.isLossy then
+ dtlsDissector:call(subTvb, pktinfo, dataItem)
+ else
+ sslDissector:call(subTvb, pktinfo, dataItem)
+ end
+ end
+
+ return pktlen
+end
+
+-- given a tvb containing SSL records returns the part of the buffer that has complete
+-- SSL records
+function getCompleteSslRecordsLen(tvb)
+ local startAt = 0
+ local remLen = tvb:reported_length_remaining()
+
+ while remLen > 5 do
+ local recordLen = 5 + tvb:range(startAt+3, 2):uint()
+ if remLen < recordLen then
+ break
+ end
+ startAt = startAt + recordLen
+ remLen = remLen - recordLen
+ end -- while
+
+ return startAt;
+end
+
+TLS_OK = 0
+TLS_SHORT = 1
+TLS_NOT_TLS = 2
+TLS_NOT_COMPLETE = 3
+sslResNames = {[0]="TLS_OK", [1]="TLS_SHORT", [2]="TLS_NOT_TLS", [3]="TLS_NOT_COMPLETE"}
+
+function checkSslRecord(tvb)
+ local remLen = tvb:reported_length_remaining()
+
+ if remLen <= 5 then
+ return TLS_SHORT, 0
+ end
+
+ local b0 = tvb:range(0, 1):uint()
+ if b0 < 0x14 or b0 > 0x17 then
+ -- dprint2("doesn't look like a SSL record, b0=",b0)
+ return TLS_NOT_TLS, 0
+ end
+
+ local recordLen = 5 + tvb:range(3, 2):uint()
+ if remLen < recordLen then
+ return TLS_NOT_COMPLETE, recordLen
+ end
+ return TLS_OK, recordLen
+end
+
+
+function getSslFragments(pktinfo)
+ local addr0 = pktinfo.net_src
+ local addr1 = pktinfo.net_dst
+ local port0 = pktinfo.src_port
+ local port1 = pktinfo.dst_port
+ local key = tostring(addr0) .. ":" .. tostring(port0) .. "->" .. tostring(addr1) .. ":" .. tostring(port1)
+
+ local tableRecord = tableItem(pktinfo)
+ if tableRecord.sslFragments[key] == nil then
+ tableRecord.sslFragments[key] = {}
+ end
+
+ return tableRecord.sslFragments[key]
+end
+
+function dissectV2(in_tvbuf, pktinfo, tree)
+ -- dprint2("dissecting in UDP2 mode")
+ local pktlen = in_tvbuf:reported_length_remaining()
+ if pktlen < 7 then
+ dprint2("packet ", pktinfo.number, " too short, len=", pktlen)
+ return
+ end
+
+ local conversation = tableItem(pktinfo)
+ local sourceState = nil
+ local targetState = nil
+ if rdpudp.prefs.track_udp2_peer_states then
+ if tostring(pktinfo.net_dst) == conversation.serverAddr then
+ sourceState = conversation.clientState
+ targetState = conversation.serverState
+ else
+ sourceState = conversation.serverState
+ targetState = conversation.clientState
+ end
+ end
+
+ pktinfo.cols.info = ""
+ local info = "("
+ local tvbuf = unwrapPacket(in_tvbuf)
+ local prefixRange = tvbuf:range(0, 1)
+ local prefix_tree = tree:add(pf_PacketPrefixByte, prefixRange)
+ --
+ local packetType = prefix_tree:add(pf_packetType, prefixRange)
+
+ local flagsRange = tvbuf:range(1,2)
+ local flagsTree = tree:add_le(pf_flags, flagsRange)
+ --
+ flagsTree:add_packet_field(pf_flag_ack, flagsRange, ENC_LITTLE_ENDIAN)
+ flagsTree:add_le(pf_flag_data, flagsRange)
+ flagsTree:add_le(pf_flag_ackvec, flagsRange)
+ flagsTree:add_le(pf_flag_aoa, flagsRange)
+ flagsTree:add_le(pf_flag_overhead, flagsRange)
+ flagsTree:add_le(pf_flag_delayackinfo, flagsRange)
+
+ tree:add_le(pf_logWindow, flagsRange)
+
+ local flags = tvbuf:range(1,2):le_uint()
+
+ local startAt = 3
+ if bit32.band(flags, RDPUDP2_ACK) ~= 0 then
+ -- dprint2("got ACK payload")
+ info = info .. "ACK,"
+ local ackTree = tree:add("Ack")
+
+ ackTree:add_le(pf_AckSeq, tvbuf:range(startAt, 2))
+ ackTree:add_le(pf_AckTs, tvbuf:range(startAt+2, 3))
+ ackTree:add(pf_AckSendTimeGap, tvbuf:range(startAt+5, 1))
+ ackTree:add(pf_ndelayedAcks, tvbuf:range(startAt+6, 1))
+ ackTree:add(pf_delayedTimeScale, tvbuf:range(startAt+6, 1))
+
+ local ackSeq = tvbuf:range(startAt, 2):le_uint()
+ local ackTs = tvbuf:range(startAt+2, 3):le_uint()
+ local nacks = bit32.band(tvbuf:range(startAt+6, 1):le_uint(), 0xf)
+ local delayAckTimeScale = bit32.rshift(bit32.band(tvbuf:range(startAt+6, 1):le_uint(), 0xf0), 4)
+ -- dprint2(pktinfo.number,": nACKs=", nacks, "delayAckTS=", bit32.rshift(delayAckTimeScale, 4))
+
+ if rdpudp.prefs.track_udp2_peer_states then
+ targetState.senderLow = ackSeq
+ end
+
+ startAt = startAt + 7
+ if nacks ~= 0 then
+ local acksItem = ackTree:add(pf_delayedAcks, tvbuf:range(startAt, nacks))
+ local i
+ for i = nacks-1, 0, -1 do
+ local ackDelay = tvbuf:range(startAt+i, 1):le_uint() * bit32.lshift(1, delayAckTimeScale)
+ acksItem:add(pf_delayedAck, tvbuf:range(startAt+i, 1), "seq=0x" .. string.format("%0.4x", ackSeq-i-1) .. " ts=" .. ackTs-ackDelay)
+ end
+ acksItem:add(pf_delayedAck, tvbuf:range(startAt, nacks), "seq=0x" .. string.format("%0.4x", ackSeq) .. " ts=" .. ackTs):set_generated()
+ end
+ startAt = startAt + nacks
+ end
+
+ if bit32.band(flags, RDPUDP2_OVERHEAD) ~= 0 then
+ info = info .. "OVERHEAD,"
+
+ tree:add_le(pf_OverHeadSize, tvbuf:range(startAt, 1))
+ startAt = startAt + 1
+ end
+
+ if bit32.band(flags, RDPUDP2_DELAYACK) ~= 0 then
+ info = info .. "DELAYEDACK,"
+
+ local delayAckItem = tree:add("DelayAckInfo", tvbuf:range(startAt, 3))
+ delayAckItem:add_le(pf_DelayAckMax, tvbuf:range(startAt, 1))
+ delayAckItem:add_le(pf_DelayAckTimeout, tvbuf:range(startAt+1, 2))
+ startAt = startAt + 3
+ end
+
+ if bit32.band(flags, RDPUDP2_AOA) ~= 0 then
+ info = info .. "AOA,"
+ tree:add_le(pf_AckOfAcks, tvbuf:range(startAt, 2))
+ startAt = startAt + 2
+ end
+
+ local dataTree
+ local isDummy = (field_rdpudp2_packetType()() == 0x8)
+ if bit32.band(flags, RDPUDP2_DATA) ~= 0 then
+ if isDummy then
+ info = info .. "DUMMY,"
+ else
+ info = info .. "DATA,"
+ end
+ dataTree = tree:add(isDummy and "Dummy Data" or "Data")
+ dataTree:add_le(pf_DataSeqNumber, tvbuf:range(startAt, 2))
+ startAt = startAt + 2
+ end
+
+ if bit32.band(flags, RDPUDP2_ACKVEC) ~= 0 then
+ -- dprint2("got ACKVEC payload")
+ info = info .. "ACKVEC,"
+
+ local codedAckVecSizeA = tvbuf:range(startAt+2, 1):le_uint()
+ local codedAckVecSize = bit32.band(codedAckVecSizeA, 0x7f)
+ local haveTs = bit32.band(codedAckVecSizeA, 0x80) ~= 0
+
+ local ackVecTree = tree:add("AckVec")
+ ackVecTree:add_le(pf_AckvecBaseSeq, tvbuf:range(startAt, 2))
+ ackVecTree:add(pf_AckvecCodecAckVecSize, tvbuf:range(startAt+2, 1))
+ ackVecTree:add(pf_AckvecHaveTs, tvbuf:range(startAt+2, 1))
+ startAt = startAt + 3
+ if haveTs then
+ ackVecTree:add_le(pf_AckvecTimeStamp, tvbuf:range(startAt, 4))
+ startAt = startAt + 4
+ end
+ local codedAckVector = ackVecTree:add("Vector", tvbuf:range(startAt, codedAckVecSize))
+ local seqNumber = field_rdpudp2_ackvec_base()()
+ for i = 0, codedAckVecSize-1, 1 do
+ local bRange = tvbuf:range(startAt + i, 1)
+ local b = bRange:uint()
+
+ local codedAck = codedAckVector:add(pf_AckvecCodedAck, bRange, b)
+ codedAck:add(pf_AckvecCodedAckMode, bRange)
+
+ local itemString = "";
+ if bit32.band(b, 0x80) == 0 then
+ -- bitmap length mode
+ itemString = string.format("bitmap(0x%0.2x): ", b)
+ local mask = 0x1
+ for j = 0, 7-1 do
+ flag = "!"
+ if bit32.band(b, mask) ~= 0 then
+ flag = ""
+ end
+
+ itemString = itemString .. " " .. flag .. string.format("%0.4x", seqNumber)
+ mask = mask * 2
+ seqNumber = seqNumber + 1
+ end
+ else
+ -- run length mode
+ codedAck:add(pf_AckvecCodedAckRleState, bRange)
+ codedAck:add(pf_AckvecCodedAckRleLen, bRange)
+
+ local rleLen = bit32.band(b, 0x3f)
+ itemString = "rle(len=" .. rleLen .. "): ".. (bit32.band(b, 0x40) and "received" or "lost") ..
+ string.format(" %0.4x -> %0.4x", seqNumber, seqNumber + rleLen)
+ seqNumber = seqNumber + rleLen
+ end
+
+ codedAck:set_text(itemString)
+
+ end
+
+ startAt = startAt + codedAckVecSize
+ end
+
+ if not isDummy and bit32.band(flags, RDPUDP2_DATA) ~= 0 then
+ dataTree:add_le(pf_DataChannelSeqNumber, tvbuf:range(startAt, 2))
+ local payload = tvbuf:range(startAt + 2)
+ local subTvb = payload:tvb("payload")
+
+ local channelSeqId = field_rdpudp2_channelSeqNumber()()
+ local sslFragments = getSslFragments(pktinfo)
+ local workTvb = nil
+
+ local sslRes, recordLen = checkSslRecord(subTvb)
+ if rdpudp.prefs.debug_ssl then
+ dprint2("packet=", pktinfo.number, " channelSeq=", channelSeqId,
+ " dataLen=", subTvb:reported_length_remaining(),
+ " sslRes=", sslResNames[sslRes],
+ " recordLen=", recordLen)
+ end
+ if sslRes == TLS_OK then
+ workTvb = subTvb
+ elseif sslRes == TLS_SHORT or sslRes == TLS_NOT_COMPLETE then
+ if rdpudp.prefs.debug_ssl then
+ dprint2("packet=", pktinfo.number, " recording fragment len=", subTvb:len())
+ end
+
+ local frag = ByteArray.new()
+ frag:append(subTvb:bytes())
+ sslFragments[channelSeqId] = frag
+
+ elseif sslRes == TLS_NOT_TLS then
+ local prevFragment = sslFragments[channelSeqId-1]
+ if rdpudp.prefs.debug_ssl then
+ dprint2("packet=",pktinfo.number," picking channelSeq=", channelSeqId-1, " havePrevFragment=", prevFragment ~= nil and "ok" or "no")
+ end
+ if prevFragment ~= nil then
+ -- dprint2("prevLen=",prevFragment:len(), " subTvbLen=",subTvb:len())
+ local testBytes = prevFragment .. subTvb:bytes()
+ local testTvb = ByteArray.tvb(testBytes, "reassembled fragment")
+
+ sslRes, recordLen = checkSslRecord(testTvb)
+ if rdpudp.prefs.debug_ssl then
+ dprint2("packet=", pktinfo.number,
+ " reassembled len=", testTvb:reported_length_remaining(),
+ " sslRes=", sslResNames[sslRes],
+ " recordLen=", recordLen)
+ end
+ if sslRes == TLS_OK then
+ workTvb = testTvb
+ end
+ end
+ end
+
+ if workTvb ~= nil then
+ repeat
+ if rdpudp.prefs.debug_ssl then
+ dprint2("treating workTvbLen=", workTvb:reported_length_remaining(), " recordLen=",recordLen)
+ end
+ local sslFragment = workTvb:range(0, recordLen):tvb("SSL fragment")
+ sslDissector:call(sslFragment, pktinfo, dataTree)
+
+ workTvb = workTvb:range(recordLen):tvb()
+ sslRes, recordLen = checkSslRecord(workTvb)
+
+ if sslRes == TLS_SHORT or sslRes == TLS_NOT_COMPLETE then
+ if rdpudp.prefs.debug_ssl then
+ dprint2("packet=", pktinfo.number, " recording fragment len=", subTvb:len())
+ end
+
+ local frag = ByteArray.new()
+ frag:append(workTvb:bytes())
+ sslFragments[channelSeqId] = frag
+ end
+
+ until sslRes ~= TLS_OK or workTvb:reported_length_remaining() == 0
+ else
+ dataTree:add_le(pf_Data, payload)
+ end
+ end
+
+ info = string.sub(info, 0, -2) .. ")"
+ pktinfo.cols.info = info -- .. tostring(pktinfo.cols.info)
+ if rdpudp.prefs.track_udp2_peer_states then
+ local stateTrackItem = tree:add("UDP2 state tracking")
+ stateTrackItem:set_generated()
+ stateTrackItem:add(tostring(pktinfo.net_dst) == conversation.serverAddr and "Client -> Server" or "Server -> Client")
+ end
+
+
+ return pktlen
+end
+
+function rdpudp.dissector(in_tvbuf, pktinfo, root)
+ -- dprint2("rdpudp.dissector called")
+ pktinfo.cols.protocol:set("RDP-UDP")
+
+ local pktlen = in_tvbuf:reported_length_remaining()
+ local tree = root:add(rdpudp, in_tvbuf:range(0,pktlen))
+
+ local tableRecord = tableItem(pktinfo)
+ local doDissectV1 = true
+ if tableRecord.switchToUdp2 ~= nil and tableRecord.switchToUdp2 < pktinfo.number then
+ doDissectV1 = false
+ end
+
+ if doDissectV1 then
+ return dissectV1(in_tvbuf, pktinfo, tree)
+ end
+
+ return dissectV2(in_tvbuf, pktinfo, tree)
+end
+
+DissectorTable.get("udp.port"):add(3389, rdpudp)