Logo Search packages:      
Sourcecode: ethereal version File versions

packet-smb-pipe.c

/*
XXX  Fixme : shouldnt show [malformed frame] for long packets
*/

/* packet-smb-pipe.c
 * Routines for SMB named pipe packet dissection
 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
 * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
 * Guy Harris 2001
 *
 * $Id: packet-smb-pipe.c 13515 2005-02-25 10:30:21Z sahlberg $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
 * Copyright 1998 Gerald Combs
 *
 * Copied from packet-pop.c
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <stdio.h>

#include <time.h>
#include <string.h>
#include <glib.h>
#include <ctype.h>
#include <epan/packet.h>
#include "smb.h"
#include "packet-smb-pipe.h"
#include "packet-smb-browse.h"
#include "packet-smb-common.h"
#include "packet-windows-common.h"
#include "packet-dcerpc.h"
#include <epan/reassemble.h>

static int proto_smb_pipe = -1;
static int hf_pipe_function = -1;
static int hf_pipe_priority = -1;
static int hf_pipe_peek_available = -1;
static int hf_pipe_peek_remaining = -1;
static int hf_pipe_peek_status = -1;
static int hf_pipe_getinfo_info_level = -1;
static int hf_pipe_getinfo_output_buffer_size = -1;
static int hf_pipe_getinfo_input_buffer_size = -1;
static int hf_pipe_getinfo_maximum_instances = -1;
static int hf_pipe_getinfo_current_instances = -1;
static int hf_pipe_getinfo_pipe_name_length = -1;
static int hf_pipe_getinfo_pipe_name = -1;
static int hf_pipe_write_raw_bytes_written = -1;
static int hf_pipe_fragments = -1;
static int hf_pipe_fragment = -1;
static int hf_pipe_fragment_overlap = -1;
static int hf_pipe_fragment_overlap_conflict = -1;
static int hf_pipe_fragment_multiple_tails = -1;
static int hf_pipe_fragment_too_long_fragment = -1;
static int hf_pipe_fragment_error = -1;
static int hf_pipe_reassembled_in = -1;

static gint ett_smb_pipe = -1;
static gint ett_smb_pipe_fragment = -1;
static gint ett_smb_pipe_fragments = -1;

static const fragment_items smb_pipe_frag_items = {
      &ett_smb_pipe_fragment,
      &ett_smb_pipe_fragments,
      &hf_pipe_fragments,
      &hf_pipe_fragment,
      &hf_pipe_fragment_overlap,
      &hf_pipe_fragment_overlap_conflict,
      &hf_pipe_fragment_multiple_tails,
      &hf_pipe_fragment_too_long_fragment,
      &hf_pipe_fragment_error,
      NULL,
      "fragments"
};

static int proto_smb_lanman = -1;
static int hf_function_code = -1;
static int hf_param_desc = -1;
static int hf_return_desc = -1;
static int hf_aux_data_desc = -1;
static int hf_detail_level = -1;
static int hf_recv_buf_len = -1;
static int hf_send_buf_len = -1;
static int hf_continuation_from = -1;
static int hf_status = -1;
static int hf_convert = -1;
static int hf_ecount = -1;
static int hf_acount = -1;
static int hf_share_name = -1;
static int hf_share_type = -1;
static int hf_share_comment = -1;
static int hf_share_permissions = -1;
static int hf_share_max_uses = -1;
static int hf_share_current_uses = -1;
static int hf_share_path = -1;
static int hf_share_password = -1;
static int hf_server_name = -1;
static int hf_server_major = -1;
static int hf_server_minor = -1;
static int hf_server_comment = -1;
static int hf_abytes = -1;
static int hf_current_time = -1;
static int hf_msecs = -1;
static int hf_hour = -1;
static int hf_minute = -1;
static int hf_second = -1;
static int hf_hundredths = -1;
static int hf_tzoffset = -1;
static int hf_timeinterval = -1;
static int hf_day = -1;
static int hf_month = -1;
static int hf_year = -1;
static int hf_weekday = -1;
static int hf_enumeration_domain = -1;
static int hf_last_entry = -1;
static int hf_computer_name = -1;
static int hf_user_name = -1;
static int hf_group_name = -1;
static int hf_workstation_domain = -1;
static int hf_workstation_major = -1;
static int hf_workstation_minor = -1;
static int hf_logon_domain = -1;
static int hf_other_domains = -1;
static int hf_password = -1;
static int hf_workstation_name = -1;
static int hf_ustruct_size = -1;
static int hf_logon_code = -1;
static int hf_privilege_level = -1;
static int hf_operator_privileges = -1;
static int hf_num_logons = -1;
static int hf_bad_pw_count = -1;
static int hf_last_logon = -1;
static int hf_last_logoff = -1;
static int hf_logoff_time = -1;
static int hf_kickoff_time = -1;
static int hf_password_age = -1;
static int hf_password_can_change = -1;
static int hf_password_must_change = -1;
static int hf_script_path = -1;
static int hf_logoff_code = -1;
static int hf_duration = -1;
static int hf_comment = -1;
static int hf_user_comment = -1;
static int hf_full_name = -1;
static int hf_homedir = -1;
static int hf_parameters = -1;
static int hf_logon_server = -1;
static int hf_country_code = -1;
static int hf_workstations = -1;
static int hf_max_storage = -1;
static int hf_units_per_week = -1;
static int hf_logon_hours = -1;
static int hf_code_page = -1;
static int hf_new_password = -1;
static int hf_old_password = -1;
static int hf_reserved = -1;

static gint ett_lanman = -1;
static gint ett_lanman_unknown_entries = -1;
static gint ett_lanman_unknown_entry = -1;
static gint ett_lanman_shares = -1;
static gint ett_lanman_share = -1;
static gint ett_lanman_groups = -1;
static gint ett_lanman_servers = -1;
static gint ett_lanman_server = -1;

static dissector_handle_t data_handle;

/*
 * See
 *
 *    ftp://ftp.microsoft.com/developr/drg/CIFS/cifsrap2.txt
 *
 * among other documents.
 */

static const value_string status_vals[] = {
      {0,   "Success"},
      {5,   "User has insufficient privilege"},
      {65,  "Network access is denied"},
      {86,  "The specified password is invalid"},
      {SMBE_moredata, "Additional data is available"},
      {2114,      "Service is not running on the remote computer"},
      {2123,      "Supplied buffer is too small"},
      {2141,      "Server is not configured for transactions (IPC$ not shared)"},
      {2212,  "An error occurred while loading or running the logon script"},
      {2214,  "The logon was not validated by any server"},
      {2217,  "The logon server is running an older software version"},
      {2221,  "The user name was not found"},
      {2226,  "Operation not permitted on Backup Domain Controller"},
      {2240,  "The user is not allowed to logon from this computer"},
      {2241,  "The user is not allowed to logon at this time"},
      {2242,  "The user password has expired"},
      {2243,  "The password cannot be changed"},
      {2246,  "The password is too short"},
      {0,     NULL}
};

static const value_string privilege_vals[] = {
      {0, "Guest"},
      {1, "User"},
      {2, "Administrator"},
      {0, NULL}
};

static const value_string op_privilege_vals[] = {
      {0, "Print operator"},
      {1, "Communications operator"},
      {2, "Server operator"},
      {3, "Accounts operator"},
      {0, NULL}
};

static const value_string weekday_vals[] = {
      {0, "Sunday"},
      {1, "Monday"},
      {2, "Tuesday"},
      {3, "Wednesday"},
      {4, "Thursday"},
      {5, "Friday"},
      {6, "Saturday"},
      {0, NULL}
};

static int
add_word_param(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
{
      guint16 WParam;

      if (hf_index != -1)
            proto_tree_add_item(tree, hf_index, tvb, offset, 2, TRUE);
      else {
            WParam = tvb_get_letohs(tvb, offset);
            proto_tree_add_text(tree, tvb, offset, 2,
                "Word Param: %u (0x%04X)", WParam, WParam);
      }
      offset += 2;
      return offset;
}

static int
add_dword_param(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
{
      guint32 LParam;

      if (hf_index != -1)
            proto_tree_add_item(tree, hf_index, tvb, offset, 4, TRUE);
      else {
            LParam = tvb_get_letohl(tvb, offset);
            proto_tree_add_text(tree, tvb, offset, 4,
                "Doubleword Param: %u (0x%08X)", LParam, LParam);
      }
      offset += 4;
      return offset;
}

static int
add_byte_param(tvbuff_t *tvb, int offset, int count, packet_info *pinfo _U_,
    proto_tree *tree, int convert _U_, int hf_index)
{
      guint8 BParam;

      if (hf_index != -1)
            proto_tree_add_item(tree, hf_index, tvb, offset, count, TRUE);
      else {
            if (count == 1) {
                  BParam = tvb_get_guint8(tvb, offset);
                  proto_tree_add_text(tree, tvb, offset, count,
                      "Byte Param: %u (0x%02X)",
                      BParam, BParam);
            } else {
                  proto_tree_add_text(tree, tvb, offset, count,
                      "Byte Param: %s",
                      tvb_bytes_to_str(tvb, offset, count));
            }
      }
      offset += count;
      return offset;
}

static int
add_pad_param(tvbuff_t *tvb _U_, int offset, int count, packet_info *pinfo _U_,
    proto_tree *tree _U_, int convert _U_, int hf_index _U_)
{
      /*
       * This is for parameters that have descriptor entries but that
       * are, in practice, just padding.
       */
      offset += count;
      return offset;
}

static void
add_null_pointer_param(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
{
      if (hf_index != -1) {
            proto_tree_add_text(tree, tvb, offset, 0,
              "%s (Null pointer)",
              proto_registrar_get_name(hf_index));
      } else {
            proto_tree_add_text(tree, tvb, offset, 0,
                "String Param (Null pointer)");
      }
}

static int
add_string_param(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
{
      guint string_len;

      string_len = tvb_strsize(tvb, offset);
      if (hf_index != -1) {
            proto_tree_add_item(tree, hf_index, tvb, offset, string_len,
                TRUE);
      } else {
            proto_tree_add_text(tree, tvb, offset, string_len,
                "String Param: %s",
                tvb_format_text(tvb, offset, string_len));
      }
      offset += string_len;
      return offset;
}

static const char *
get_stringz_pointer_value(tvbuff_t *tvb, int offset, int convert, int *cptrp,
    int *lenp)
{
      int cptr;
      gint string_len;

      /* pointer to string */
      cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
      *cptrp = cptr;

      /* string */
      if (tvb_offset_exists(tvb, cptr) &&
          (string_len = tvb_strnlen(tvb, cptr, -1)) != -1) {
            string_len++;     /* include the terminating '\0' */
            *lenp = string_len;
            return tvb_format_text(tvb, cptr, string_len - 1);
      } else
            return NULL;
}

static int
add_stringz_pointer_param(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert, int hf_index)
{
      int cptr;
      const char *string;
      gint string_len;

      string = get_stringz_pointer_value(tvb, offset, convert, &cptr,
          &string_len);
      offset += 4;

      /* string */
      if (string != NULL) {
            if (hf_index != -1) {
                  proto_tree_add_item(tree, hf_index, tvb, cptr,
                      string_len, TRUE);
            } else {
                  proto_tree_add_text(tree, tvb, cptr, string_len,
                      "String Param: %s", string);
            }
      } else {
            if (hf_index != -1) {
                  proto_tree_add_text(tree, tvb, 0, 0,
                      "%s: <String goes past end of frame>",
                      proto_registrar_get_name(hf_index));
            } else {
                  proto_tree_add_text(tree, tvb, 0, 0,
                      "String Param: <String goes past end of frame>");
            }
      }

      return offset;
}

static int
add_bytes_pointer_param(tvbuff_t *tvb, int offset, int count,
    packet_info *pinfo _U_, proto_tree *tree, int convert, int hf_index)
{
      int cptr;

      /* pointer to byte array */
      cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
      offset += 4;

      /* bytes */
      if (tvb_bytes_exist(tvb, cptr, count)) {
            if (hf_index != -1) {
                  proto_tree_add_item(tree, hf_index, tvb, cptr,
                      count, TRUE);
            } else {
                  proto_tree_add_text(tree, tvb, cptr, count,
                      "Byte Param: %s",
                      tvb_bytes_to_str(tvb, cptr, count));
            }
      } else {
            if (hf_index != -1) {
                  proto_tree_add_text(tree, tvb, 0, 0,
                      "%s: <Bytes go past end of frame>",
                      proto_registrar_get_name(hf_index));
            } else {
                  proto_tree_add_text(tree, tvb, 0, 0,
                      "Byte Param: <Bytes goes past end of frame>");
            }
      }

      return offset;
}

static int
add_detail_level(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo,
    proto_tree *tree, int convert _U_, int hf_index)
{
      struct smb_info *smb_info = pinfo->private_data;
      smb_transact_info_t *trp = smb_info->sip->extra_info;
      guint16 level;

      level = tvb_get_letohs(tvb, offset);
      if (!pinfo->fd->flags.visited)
            trp->info_level = level;      /* remember this for the response */
      proto_tree_add_uint(tree, hf_index, tvb, offset, 2, level);
      offset += 2;
      return offset;
}

static int
add_max_uses(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo _U_,
    proto_tree *tree, int convert _U_, int hf_index)
{
      guint16 WParam;

      WParam = tvb_get_letohs(tvb, offset);
      if (WParam == 0xffff) { /* -1 */
            proto_tree_add_uint_format(tree, hf_index, tvb,
                offset, 2, WParam,
                "%s: No limit",
                proto_registrar_get_name(hf_index));
      } else {
            proto_tree_add_uint(tree, hf_index, tvb,
                      offset, 2, WParam);
      }
      offset += 2;
      return offset;
}

static int
add_server_type(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo, proto_tree *tree, int convert _U_, int hf_index _U_)
{
      offset = dissect_smb_server_type_flags(
            tvb, offset, pinfo, tree, NULL, FALSE);
      return offset;
}

static int
add_server_type_info(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo, proto_tree *tree, int convert _U_, int hf_index _U_)
{
      offset = dissect_smb_server_type_flags(
            tvb, offset, pinfo, tree, NULL, TRUE);
      return offset;
}

static int
add_reltime(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo _U_,
    proto_tree *tree, int convert _U_, int hf_index)
{
      nstime_t nstime;

      nstime.secs = tvb_get_letohl(tvb, offset);
      nstime.nsecs = 0;
      proto_tree_add_time_format(tree, hf_index, tvb, offset, 4,
          &nstime, "%s: %s", proto_registrar_get_name(hf_index),
          time_secs_to_str(nstime.secs));
      offset += 4;
      return offset;
}

/*
 * Sigh.  These are for handling Microsoft's annoying almost-UNIX-time-but-
 * it's-local-time-not-UTC time.
 */
static int
add_abstime_common(tvbuff_t *tvb, int offset, proto_tree *tree, int hf_index,
    const char *absent_name)
{
      nstime_t nstime;
      struct tm *tmp;

      nstime.secs = tvb_get_letohl(tvb, offset);
      nstime.nsecs = 0;
      /*
       * Sigh.  Sometimes it appears that -1 means "unknown", and
       * sometimes it appears that 0 means "unknown", for the last
       * logoff date/time.
       */
      if (nstime.secs == -1 || nstime.secs == 0) {
            proto_tree_add_time_format(tree, hf_index, tvb, offset, 4,
                &nstime, "%s: %s", proto_registrar_get_name(hf_index),
                absent_name);
      } else {
            /*
             * Run it through "gmtime()" to break it down, and then
             * run it through "mktime()" to put it back together
             * as UTC.
             */
            tmp = gmtime(&nstime.secs);
            tmp->tm_isdst = -1;     /* we don't know if it's DST or not */
            nstime.secs = mktime(tmp);
            proto_tree_add_time(tree, hf_index, tvb, offset, 4,
                &nstime);
      }
      offset += 4;
      return offset;
}

static int
add_abstime_absent_never(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
{
      return add_abstime_common(tvb, offset, tree, hf_index, "Never");
}

static int
add_abstime_absent_unknown(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
{
      return add_abstime_common(tvb, offset, tree, hf_index, "Unknown");
}

static int
add_nlogons(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo _U_,
    proto_tree *tree, int convert _U_, int hf_index)
{
      guint16 nlogons;

      nlogons = tvb_get_letohs(tvb, offset);
      if (nlogons == 0xffff)  /* -1 */
            proto_tree_add_uint_format(tree, hf_index, tvb, offset, 2,
                nlogons, "%s: Unknown",
                proto_registrar_get_name(hf_index));
      else
            proto_tree_add_uint(tree, hf_index, tvb, offset, 2,
                nlogons);
      offset += 2;
      return offset;
}

static int
add_max_storage(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
{
      guint32 max_storage;

      max_storage = tvb_get_letohl(tvb, offset);
      if (max_storage == 0xffffffff)
            proto_tree_add_uint_format(tree, hf_index, tvb, offset, 4,
                max_storage, "%s: No limit",
                proto_registrar_get_name(hf_index));
      else
            proto_tree_add_uint(tree, hf_index, tvb, offset, 4,
                max_storage);
      offset += 4;
      return offset;
}

static int
add_logon_hours(tvbuff_t *tvb, int offset, int count, packet_info *pinfo _U_,
    proto_tree *tree, int convert, int hf_index)
{
      int cptr;

      /* pointer to byte array */
      cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
      offset += 4;

      /* bytes */
      if (tvb_bytes_exist(tvb, cptr, count)) {
            if (count == 21) {
                  /*
                   * The logon hours should be exactly 21 bytes long.
                   *
                   * XXX - should actually carve up the bits;
                   * we need the units per week to do that, though.
                   */
                  proto_tree_add_item(tree, hf_index, tvb, cptr, count,
                      TRUE);
            } else {
                  proto_tree_add_bytes_format(tree, hf_index, tvb,
                      cptr, count, tvb_get_ptr(tvb, cptr, count),
                      "%s: %s (wrong length, should be 21, is %d",
                      proto_registrar_get_name(hf_index),
                      tvb_bytes_to_str(tvb, cptr, count), count);
            }
      } else {
            proto_tree_add_text(tree, tvb, 0, 0,
                "%s: <Bytes go past end of frame>",
                proto_registrar_get_name(hf_index));
      }

      return offset;
}

static int
add_tzoffset(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo _U_,
    proto_tree *tree, int convert _U_, int hf_index)
{
      gint16 tzoffset;

      tzoffset = tvb_get_letohs(tvb, offset);
      if (tzoffset < 0) {
            proto_tree_add_int_format(tree, hf_tzoffset, tvb, offset, 2,
                tzoffset, "%s: %s east of UTC",
                proto_registrar_get_name(hf_index),
                time_secs_to_str(-tzoffset*60));
      } else if (tzoffset > 0) {
            proto_tree_add_int_format(tree, hf_tzoffset, tvb, offset, 2,
                tzoffset, "%s: %s west of UTC",
                proto_registrar_get_name(hf_index),
                time_secs_to_str(tzoffset*60));
      } else {
            proto_tree_add_int_format(tree, hf_tzoffset, tvb, offset, 2,
                tzoffset, "%s: at UTC",
                proto_registrar_get_name(hf_index));
      }
      offset += 2;
      return offset;
}

static int
add_timeinterval(tvbuff_t *tvb, int offset, int count _U_,
    packet_info *pinfo _U_, proto_tree *tree, int convert _U_, int hf_index)
{
      guint16 timeinterval;

      timeinterval = tvb_get_letohs(tvb, offset);
      proto_tree_add_uint_format(tree, hf_timeinterval, tvb, offset, 2,
         timeinterval, "%s: %f seconds", proto_registrar_get_name(hf_index),
         timeinterval*.0001);
      offset += 2;
      return offset;
}

static int
add_logon_args(tvbuff_t *tvb, int offset, int count, packet_info *pinfo _U_,
    proto_tree *tree, int convert _U_, int hf_index _U_)
{
      if (count != 54) {
            proto_tree_add_text(tree, tvb, offset, count,
               "Bogus NetWkstaUserLogon parameters: length is %d, should be 54",
               count);
            offset += count;
            return offset;
      }

      /* user name */
      proto_tree_add_item(tree, hf_user_name, tvb, offset, 21, TRUE);
      offset += 21;

      /* pad1 */
      offset += 1;

      /* password */
      proto_tree_add_item(tree, hf_password, tvb, offset, 15, TRUE);
      offset += 15;

      /* pad2 */
      offset += 1;

      /* workstation name */
      proto_tree_add_item(tree, hf_workstation_name, tvb, offset, 16, TRUE);
      offset += 16;
      return offset;
}

/*
 * The following data structure describes the Remote API requests we
 * understand.
 *
 * Simply fill in the number and parameter information.
 * Try to keep them in order.
 *
 * We will extend this data structure as we try to decode more.
 */

/*
 * This is a pointer to a function to process an item.
 */
typedef int (*item_func)(tvbuff_t *, int, int, packet_info *, proto_tree *,
                       int, int);

/*
 * Type of an item; determines what parameter strings are valid for
 * the item.
 */
typedef enum {
      PARAM_NONE, /* for the end-of-list stopper */
      PARAM_WORD, /* 'W' or 'h' - 16-bit word */
      PARAM_DWORD,      /* 'D' or 'i' - 32-bit word */
      PARAM_BYTES,      /* 'B' or 'b' or 'g' or 'O' - one or more bytes */
      PARAM_STRINGZ     /* 'z' or 'O' - null-terminated string */
} param_type_t;

/*
 * This structure describes an item; "hf_index" points to the index
 * for the field corresponding to that item, "func" points to the
 * function to use to add that item to the tree, and "type" is the
 * type that the item is supposed to have.
 */
typedef struct {
      int         *hf_index;
      item_func   func;
      param_type_t      type;
} item_t;

/*
 * This structure describes a list of items; each list of items
 * has a corresponding detail level.
 */
typedef struct {
      int         level;
      const item_t      *item_list;
} item_list_t;

struct lanman_desc {
      int         lanman_num;
      const item_t      *req;
      proto_item  *(*req_data_item)(tvbuff_t *, packet_info *,
                                proto_tree *, int);
      gint        *ett_req_data;
      const item_t      *req_data;
      const item_t      *req_aux_data;
      const item_t      *resp;
      const gchar *resp_data_entry_list_label;
      gint        *ett_data_entry_list;
      proto_item  *(*resp_data_element_item)(tvbuff_t *, proto_tree *,
                                       int);
      gint        *ett_resp_data_element_item;
      const item_list_t *resp_data_list;
      const item_t      *resp_aux_data;
};

static int no_hf = -1;  /* for padding crap */

static const item_t lm_params_req_netshareenum[] = {
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { &hf_recv_buf_len, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_params_resp_netshareenum[] = {
      { &hf_acount, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

/*
 * Create a subtree for a share.
 */
static proto_item *
netshareenum_share_entry(tvbuff_t *tvb, proto_tree *tree, int offset)
{
      if (tree) {
            return proto_tree_add_text(tree, tvb, offset, -1,
                "Share %.13s", tvb_get_ptr(tvb, offset, 13));
      } else
            return NULL;
}

static const item_t lm_null[] = {
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_null_list[] = {
      { -1, lm_null }
};

static const item_t lm_data_resp_netshareenum_1[] = {
      { &hf_share_name, add_byte_param, PARAM_BYTES },
      { &no_hf, add_pad_param, PARAM_BYTES },
      { &hf_share_type, add_word_param, PARAM_WORD },
      { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_resp_netshareenum[] = {
      { 1, lm_data_resp_netshareenum_1 },
      { -1, lm_null }
};

static const item_t lm_params_req_netsharegetinfo[] = {
      { &hf_share_name, add_string_param, PARAM_STRINGZ },
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_params_resp_netsharegetinfo[] = {
      { &hf_abytes, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_resp_netsharegetinfo_0[] = {
      { &hf_share_name, add_byte_param, PARAM_BYTES },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_resp_netsharegetinfo_1[] = {
      { &hf_share_name, add_byte_param, PARAM_BYTES },
      { &no_hf, add_pad_param, PARAM_BYTES },
      { &hf_share_type, add_word_param, PARAM_WORD },
      { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_resp_netsharegetinfo_2[] = {
      { &hf_share_name, add_byte_param, PARAM_BYTES },
      { &no_hf, add_pad_param, PARAM_BYTES },
      { &hf_share_type, add_word_param, PARAM_WORD },
      { &hf_share_comment, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_share_permissions, add_word_param, PARAM_WORD }, /* XXX - do as bit fields */
      { &hf_share_max_uses, add_max_uses, PARAM_WORD },
      { &hf_share_current_uses, add_word_param, PARAM_WORD },
      { &hf_share_path, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_share_password, add_byte_param, PARAM_BYTES },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_resp_netsharegetinfo[] = {
      { 0, lm_data_resp_netsharegetinfo_0 },
      { 1, lm_data_resp_netsharegetinfo_1 },
      { 2, lm_data_resp_netsharegetinfo_2 },
      { -1, lm_null }
};

static const item_t lm_params_req_netservergetinfo[] = {
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_params_resp_netservergetinfo[] = {
      { &hf_abytes, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_serverinfo_0[] = {
      { &hf_server_name, add_byte_param, PARAM_BYTES },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_serverinfo_1[] = {
      { &hf_server_name, add_byte_param, PARAM_BYTES },
      { &hf_server_major, add_byte_param, PARAM_BYTES },
      { &hf_server_minor, add_byte_param, PARAM_BYTES },
      { &no_hf, add_server_type, PARAM_DWORD },
      { &hf_server_comment, add_stringz_pointer_param, PARAM_STRINGZ },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_serverinfo[] = {
      { 0, lm_data_serverinfo_0 },
      { 1, lm_data_serverinfo_1 },
      { -1, lm_null }
};

static const item_t lm_params_req_netusergetinfo[] = {
      { &hf_user_name, add_string_param, PARAM_STRINGZ },
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_params_resp_netusergetinfo[] = {
      { &hf_abytes, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_resp_netusergetinfo_11[] = {
      { &hf_user_name, add_byte_param, PARAM_BYTES },
      { &no_hf, add_pad_param, PARAM_BYTES },
      { &hf_comment, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_user_comment, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_full_name, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_privilege_level, add_word_param, PARAM_WORD },
      { &hf_operator_privileges, add_dword_param, PARAM_DWORD },
      { &hf_password_age, add_reltime, PARAM_DWORD },
      { &hf_homedir, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_parameters, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_last_logon, add_abstime_absent_unknown, PARAM_DWORD },
      { &hf_last_logoff, add_abstime_absent_unknown, PARAM_DWORD },
      { &hf_bad_pw_count, add_word_param, PARAM_WORD },
      { &hf_num_logons, add_nlogons, PARAM_WORD },
      { &hf_logon_server, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_country_code, add_word_param, PARAM_WORD },
      { &hf_workstations, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_max_storage, add_max_storage, PARAM_DWORD },
      { &hf_units_per_week, add_word_param, PARAM_WORD },
      { &hf_logon_hours, add_logon_hours, PARAM_BYTES },
      { &hf_code_page, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_resp_netusergetinfo[] = {
      { 11, lm_data_resp_netusergetinfo_11 },
      { -1, lm_null }
};

static const item_t lm_params_req_netusergetgroups[] = {
      { &hf_user_name, add_string_param, PARAM_STRINGZ },
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_params_resp_netusergetgroups[] = {
      { &hf_abytes, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_resp_netusergetgroups_0[] = {
      { &hf_group_name, add_byte_param, PARAM_BYTES },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_resp_netusergetgroups[] = {
      { 0, lm_data_resp_netusergetgroups_0 },
      { -1, lm_null }
};

/*
 * Has no detail level; make it the default.
 */
static const item_t lm_data_resp_netremotetod_nolevel[] = {
      { &hf_current_time, add_abstime_absent_unknown, PARAM_DWORD },
      { &hf_msecs, add_dword_param, PARAM_DWORD },
      { &hf_hour, add_byte_param, PARAM_BYTES },
      { &hf_minute, add_byte_param, PARAM_BYTES },
      { &hf_second, add_byte_param, PARAM_BYTES },
      { &hf_hundredths, add_byte_param, PARAM_BYTES },
      { &hf_tzoffset, add_tzoffset, PARAM_WORD },
      { &hf_timeinterval, add_timeinterval, PARAM_WORD },
      { &hf_day, add_byte_param, PARAM_BYTES },
      { &hf_month, add_byte_param, PARAM_BYTES },
      { &hf_year, add_word_param, PARAM_WORD },
      { &hf_weekday, add_byte_param, PARAM_BYTES },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_resp_netremotetod[] = {
      { -1, lm_data_resp_netremotetod_nolevel },
};

static const item_t lm_params_req_netserverenum2[] = {
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { &no_hf, add_server_type_info, PARAM_DWORD },
      { &hf_enumeration_domain, add_string_param, PARAM_STRINGZ },
      { NULL, NULL, PARAM_NONE }
};

/*
 * Create a subtree for a server.
 */
static proto_item *
netserverenum2_server_entry(tvbuff_t *tvb, proto_tree *tree, int offset)
{
      if (tree) {
            return proto_tree_add_text(tree, tvb, offset, -1,
                      "Server %.16s", tvb_get_ptr(tvb, offset, 16));
      } else
            return NULL;
}

static const item_t lm_params_resp_netserverenum2[] = {
      { &hf_acount, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};


static const item_t lm_params_req_netserverenum3[] = {
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { &no_hf, add_server_type_info, PARAM_DWORD },
      { &hf_enumeration_domain, add_string_param, PARAM_STRINGZ },
      { &hf_last_entry, add_string_param, PARAM_STRINGZ },
      { NULL, NULL, PARAM_NONE }
};


static const item_t lm_params_req_netwkstagetinfo[] = {
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_params_resp_netwkstagetinfo[] = {
      { &hf_abytes, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_resp_netwkstagetinfo_10[] = {
      { &hf_computer_name, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_user_name, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_workstation_domain, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_workstation_major, add_byte_param, PARAM_BYTES },
      { &hf_workstation_minor, add_byte_param, PARAM_BYTES },
      { &hf_logon_domain, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_other_domains, add_stringz_pointer_param, PARAM_STRINGZ },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_resp_netwkstagetinfo[] = {
      { 10, lm_data_resp_netwkstagetinfo_10 },
      { -1, lm_null }
};

static const item_t lm_params_req_netwkstauserlogon[] = {
      { &no_hf, add_stringz_pointer_param, PARAM_STRINGZ },
      { &no_hf, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_detail_level, add_detail_level, PARAM_WORD },
      { &no_hf, add_logon_args, PARAM_BYTES },
      { &hf_ustruct_size, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_params_resp_netwkstauserlogon[] = {
      { &hf_abytes, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_resp_netwkstauserlogon_1[] = {
      { &hf_logon_code, add_word_param, PARAM_WORD },
      { &hf_user_name, add_byte_param, PARAM_BYTES },
      { &no_hf, add_pad_param, PARAM_BYTES },
      { &hf_privilege_level, add_word_param, PARAM_WORD },
      { &hf_operator_privileges, add_dword_param, PARAM_DWORD },
      { &hf_num_logons, add_nlogons, PARAM_WORD },
      { &hf_bad_pw_count, add_word_param, PARAM_WORD },
      { &hf_last_logon, add_abstime_absent_unknown, PARAM_DWORD },
      { &hf_last_logoff, add_abstime_absent_unknown, PARAM_DWORD },
      { &hf_logoff_time, add_abstime_absent_never, PARAM_DWORD },
      { &hf_kickoff_time, add_abstime_absent_never, PARAM_DWORD },
      { &hf_password_age, add_reltime, PARAM_DWORD },
      { &hf_password_can_change, add_abstime_absent_never, PARAM_DWORD },
      { &hf_password_must_change, add_abstime_absent_never, PARAM_DWORD },
      { &hf_server_name, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_logon_domain, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_script_path, add_stringz_pointer_param, PARAM_STRINGZ },
      { &hf_reserved, add_dword_param, PARAM_DWORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_resp_netwkstauserlogon[] = {
      { 1, lm_data_resp_netwkstauserlogon_1 },
      { -1, lm_null }
};

static const item_t lm_params_req_netwkstauserlogoff[] = {
      { &hf_user_name, add_byte_param, PARAM_BYTES },
      { &no_hf, add_pad_param, PARAM_BYTES },
      { &hf_workstation_name, add_byte_param, PARAM_BYTES },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_params_resp_netwkstauserlogoff[] = {
      { &hf_abytes, add_word_param, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_resp_netwkstauserlogoff_1[] = {
      { &hf_logoff_code, add_word_param, PARAM_WORD },
      { &hf_duration, add_reltime, PARAM_DWORD },
      { &hf_num_logons, add_nlogons, PARAM_WORD },
      { NULL, NULL, PARAM_NONE }
};

static const item_list_t lm_data_resp_netwkstauserlogoff[] = {
      { 1, lm_data_resp_netwkstauserlogoff_1 },
      { -1, lm_null }
};

static const item_t lm_params_req_samoemchangepassword[] = {
      { &hf_user_name, add_string_param, PARAM_STRINGZ },
      { NULL, NULL, PARAM_NONE }
};

static const item_t lm_data_req_samoemchangepassword[] = {
      { &hf_new_password, add_byte_param, PARAM_BYTES },
      { &hf_old_password, add_byte_param, PARAM_BYTES },
      { NULL, NULL, PARAM_NONE }
};

#define API_NetShareEnum            0
#define API_NetShareGetInfo         1
#define API_NetShareSetInfo         2
#define API_NetShareAdd             3
#define API_NetShareDel             4
#define API_NetShareCheck           5
#define API_NetSessionEnum          6
#define API_NetSessionGetInfo       7
#define API_NetSessionDel           8
#define API_WconnectionEnum         9
#define API_NetFileEnum             10
#define API_NetFileGetInfo          11
#define API_NetFileClose            12
#define API_NetServerGetInfo        13
#define API_NetServerSetInfo        14
#define API_NetServerDiskEnum       15
#define API_NetServerAdminCommand   16
#define API_NetAuditOpen            17
#define API_NetAuditClear           18
#define API_NetErrorLogOpen         19
#define API_NetErrorLogClear        20
#define API_NetCharDevEnum          21
#define API_NetCharDevGetInfo       22
#define API_NetCharDevControl       23
#define API_NetCharDevQEnum         24
#define API_NetCharDevQGetInfo            25
#define API_NetCharDevQSetInfo            26
#define API_NetCharDevQPurge        27
#define API_NetCharDevQPurgeSelf    28
#define API_NetMessageNameEnum            29
#define API_NetMessageNameGetInfo   30
#define API_NetMessageNameAdd       31
#define API_NetMessageNameDel       32
#define API_NetMessageNameFwd       33
#define API_NetMessageNameUnFwd           34
#define API_NetMessageBufferSend    35
#define API_NetMessageFileSend            36
#define API_NetMessageLogFileSet    37
#define API_NetMessageLogFileGet    38
#define API_NetServiceEnum          39
#define API_NetServiceInstall       40
#define API_NetServiceControl       41
#define API_NetAccessEnum           42
#define API_NetAccessGetInfo        43
#define API_NetAccessSetInfo        44
#define API_NetAccessAdd            45
#define API_NetAccessDel            46
#define API_NetGroupEnum            47
#define API_NetGroupAdd             48
#define API_NetGroupDel             49
#define API_NetGroupAddUser         50
#define API_NetGroupDelUser         51
#define API_NetGroupGetUsers        52
#define API_NetUserEnum             53
#define API_NetUserAdd              54
#define API_NetUserDel              55
#define API_NetUserGetInfo          56
#define API_NetUserSetInfo          57
#define API_NetUserPasswordSet            58
#define API_NetUserGetGroups        59
/*This line and number replaced a Dead Entry for 60 */
/*This line and number replaced a Dead Entry for 61 */
#define API_NetWkstaSetUID          62
#define API_NetWkstaGetInfo         63
#define API_NetWkstaSetInfo         64
#define API_NetUseEnum              65
#define API_NetUseAdd               66
#define API_NetUseDel               67
#define API_NetUseGetInfo           68
#define API_WPrintQEnum             69
#define API_WPrintQGetInfo          70
#define API_WPrintQSetInfo          71
#define API_WPrintQAdd              72
#define API_WPrintQDel              73
#define API_WPrintQPause            74
#define API_WPrintQContinue         75
#define API_WPrintJobEnum           76
#define API_WPrintJobGetInfo        77
#define API_WPrintJobSetInfo_OLD    78
/* This line and number replaced a Dead Entry for 79 */
/* This line and number replaced a Dead Entry for 80 */
#define API_WPrintJobDel            81
#define API_WPrintJobPause          82
#define API_WPrintJobContinue       83
#define API_WPrintDestEnum          84
#define API_WPrintDestGetInfo       85
#define API_WPrintDestControl       86
#define API_NetProfileSave          87
#define API_NetProfileLoad          88
#define API_NetStatisticsGet        89
#define API_NetStatisticsClear            90
#define API_NetRemoteTOD            91
#define API_WNetBiosEnum            92
#define API_WNetBiosGetInfo         93
#define API_NetServerEnum           94
#define API_I_NetServerEnum         95
#define API_NetServiceGetInfo       96
/* This line and number replaced a Dead Entry for 97 */
/* This line and number replaced a Dead Entry for 98 */
/* This line and number replaced a Dead Entry for 99 */
/* This line and number replaced a Dead Entry for 100 */
/* This line and number replaced a Dead Entry for 101 */
/* This line and number replaced a Dead Entry for 102 */
#define API_WPrintQPurge            103
#define API_NetServerEnum2          104
#define API_NetAccessGetUserPerms   105
#define API_NetGroupGetInfo         106
#define API_NetGroupSetInfo         107
#define API_NetGroupSetUsers        108
#define API_NetUserSetGroups        109
#define API_NetUserModalsGet        110
#define API_NetUserModalsSet        111
#define API_NetFileEnum2            112
#define API_NetUserAdd2             113
#define API_NetUserSetInfo2         114
#define API_NetUserPasswordSet2           115
#define API_I_NetServerEnum2        116
#define API_NetConfigGet2           117
#define API_NetConfigGetAll2        118
#define API_NetGetDCName            119
#define API_NetHandleGetInfo        120
#define API_NetHandleSetInfo        121
#define API_NetStatisticsGet2       122
#define API_WBuildGetInfo           123
#define API_NetFileGetInfo2         124
#define API_NetFileClose2           125
#define API_NetServerReqChallenge   126
#define API_NetServerAuthenticate   127
#define API_NetServerPasswordSet    128
#define API_WNetAccountDeltas       129
#define API_WNetAccountSync         130
#define API_NetUserEnum2            131
#define API_NetWkstaUserLogon       132
#define API_NetWkstaUserLogoff            133
#define API_NetLogonEnum            134
#define API_NetErrorLogRead         135
#define API_I_NetPathType           136
#define API_I_NetPathCanonicalize   137
#define API_I_NetPathCompare        138
#define API_I_NetNameValidate       139
#define API_I_NetNameCanonicalize   140
#define API_I_NetNameCompare        141
#define API_NetAuditRead            142
#define API_WPrintDestAdd           143
#define API_WPrintDestSetInfo       144
#define API_WPrintDestDel           145
#define API_NetUserValidate2        146
#define API_WPrintJobSetInfo        147
#define API_TI_NetServerDiskEnum    148
#define API_TI_NetServerDiskGetInfo 149
#define API_TI_FTVerifyMirror       150
#define API_TI_FTAbortVerify        151
#define API_TI_FTGetInfo            152
#define API_TI_FTSetInfo            153
#define API_TI_FTLockDisk           154
#define API_TI_FTFixError           155
#define API_TI_FTAbortFix           156
#define API_TI_FTDiagnoseError            157
#define API_TI_FTGetDriveStats            158
/* This line and number replaced a Dead Entry for 159 */
#define API_TI_FTErrorGetInfo       160
/* This line and number replaced a Dead Entry for 161 */
/* This line and number replaced a Dead Entry for 162 */
#define API_NetAccessCheck          163
#define API_NetAlertRaise           164
#define API_NetAlertStart           165
#define API_NetAlertStop            166
#define API_NetAuditWrite           167
#define API_NetIRemoteAPI           168
#define API_NetServiceStatus        169
#define API_I_NetServerRegister           170
#define API_I_NetServerDeregister   171
#define API_I_NetSessionEntryMake   172
#define API_I_NetSessionEntryClear  173
#define API_I_NetSessionEntryGetInfo      174
#define API_I_NetSessionEntrySetInfo      175
#define API_I_NetConnectionEntryMake      176
#define API_I_NetConnectionEntryClear     177
#define API_I_NetConnectionEntrySetInfo   178
#define API_I_NetConnectionEntryGetInfo   179
#define API_I_NetFileEntryMake            180
#define API_I_NetFileEntryClear           181
#define API_I_NetFileEntrySetInfo   182
#define API_I_NetFileEntryGetInfo   183
#define API_AltSrvMessageBufferSend 184
#define API_AltSrvMessageFileSend   185
#define API_wI_NetRplWkstaEnum            186
#define API_wI_NetRplWkstaGetInfo   187
#define API_wI_NetRplWkstaSetInfo   188
#define API_wI_NetRplWkstaAdd       189
#define API_wI_NetRplWkstaDel       190
#define API_wI_NetRplProfileEnum    191
#define API_wI_NetRplProfileGetInfo 192
#define API_wI_NetRplProfileSetInfo 193
#define API_wI_NetRplProfileAdd           194
#define API_wI_NetRplProfileDel           195
#define API_wI_NetRplProfileClone   196
#define API_wI_NetRplBaseProfileEnum      197
/* This line and number replaced a Dead Entry for 198 */
/* This line and number replaced a Dead Entry for 199 */
/* This line and number replaced a Dead Entry for 200 */
#define API_WIServerSetInfo         201
/* This line and number replaced a Dead Entry for 202 */
/* This line and number replaced a Dead Entry for 203 */
/* This line and number replaced a Dead Entry for 204 */
#define API_WPrintDriverEnum        205
#define API_WPrintQProcessorEnum    206
#define API_WPrintPortEnum          207
#define API_WNetWriteUpdateLog            208
#define API_WNetAccountUpdate       209
#define API_WNetAccountConfirmUpdate      210
#define API_NetConfigSet            211
#define API_WAccountsReplicate            212
/* 213 is used by WfW */
#define API_SamOEMChgPasswordUser2_P      214
#define API_NetServerEnum3          215
/* XXX - what about 216 through 249? */
#define API_WPrintDriverGetInfo           250
#define API_WPrintDriverSetInfo           251
#define API_NetAliasAdd             252
#define API_NetAliasDel             253
#define API_NetAliasGetInfo         254
#define API_NetAliasSetInfo         255
#define API_NetAliasEnum            256
#define API_NetUserGetLogonAsn            257
#define API_NetUserSetLogonAsn            258
#define API_NetUserGetAppSel        259
#define API_NetUserSetAppSel        260
#define API_NetAppAdd               261
#define API_NetAppDel               262
#define API_NetAppGetInfo           263
#define API_NetAppSetInfo           264
#define API_NetAppEnum              265
#define API_NetUserDCDBInit         266
#define API_NetDASDAdd              267
#define API_NetDASDDel              268
#define API_NetDASDGetInfo          269
#define API_NetDASDSetInfo          270
#define API_NetDASDEnum             271
#define API_NetDASDCheck            272
#define API_NetDASDCtl              273
#define API_NetUserRemoteLogonCheck 274
#define API_NetUserPasswordSet3           275
#define API_NetCreateRIPLMachine    276
#define API_NetDeleteRIPLMachine    277
#define API_NetGetRIPLMachineInfo   278
#define API_NetSetRIPLMachineInfo   279
#define API_NetEnumRIPLMachine            280
#define API_I_ShareAdd              281
#define API_I_AliasEnum             282
#define API_NetAccessApply          283
#define API_WPrt16Query             284
#define API_WPrt16Set               285
#define API_NetUserDel100           286
#define API_NetUserRemoteLogonCheck2      287
#define API_WRemoteTODSet           294
#define API_WPrintJobMoveAll        295
#define API_W16AppParmAdd           296
#define API_W16AppParmDel           297
#define API_W16AppParmGet           298
#define API_W16AppParmSet           299
#define API_W16RIPLMachineCreate    300
#define API_W16RIPLMachineGetInfo   301
#define API_W16RIPLMachineSetInfo   302
#define API_W16RIPLMachineEnum            303
#define API_W16RIPLMachineListParmEnum    304
#define API_W16RIPLMachClassGetInfo 305
#define API_W16RIPLMachClassEnum    306
#define API_W16RIPLMachClassCreate  307
#define API_W16RIPLMachClassSetInfo 308
#define API_W16RIPLMachClassDelete  309
#define API_W16RIPLMachClassLPEnum  310
#define API_W16RIPLMachineDelete    311
#define API_W16WSLevelGetInfo       312
#define API_NetServerNameAdd        313
#define API_NetServerNameDel        314
#define API_NetServerNameEnum       315
#define API_I_WDASDEnum             316
#define API_I_WDASDEnumTerminate    317
#define API_I_WDASDSetInfo2         318

static const struct lanman_desc lmd[] = {
      { API_NetShareEnum,
        lm_params_req_netshareenum,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netshareenum,
        "Available Shares",
        &ett_lanman_shares,
        netshareenum_share_entry,
        &ett_lanman_share,
        lm_data_resp_netshareenum,
        lm_null },

      { API_NetShareGetInfo,
        lm_params_req_netsharegetinfo,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netsharegetinfo,
        NULL,
        NULL,
        NULL,
        NULL,
        lm_data_resp_netsharegetinfo,
        lm_null },

      { API_NetServerGetInfo,
        lm_params_req_netservergetinfo,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netservergetinfo,
        NULL,
        NULL,
        NULL,
        NULL,
        lm_data_serverinfo,
        lm_null },

      { API_NetUserGetInfo,
        lm_params_req_netusergetinfo,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netusergetinfo,
        NULL,
        NULL,
        NULL,
        NULL,
        lm_data_resp_netusergetinfo,
        lm_null },

      { API_NetUserGetGroups,
        lm_params_req_netusergetgroups,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netusergetgroups,
        "Groups",
        &ett_lanman_groups,
        NULL,
        NULL,
        lm_data_resp_netusergetgroups,
        lm_null },

      { API_NetRemoteTOD,
        lm_null,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_null,
        NULL,
        NULL,
        NULL,
        NULL,
        lm_data_resp_netremotetod,
        lm_null },

      { API_NetServerEnum2,
        lm_params_req_netserverenum2,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netserverenum2,
        "Servers",
        &ett_lanman_servers,
        netserverenum2_server_entry,
        &ett_lanman_server,
        lm_data_serverinfo,
        lm_null },

      { API_NetWkstaGetInfo,
        lm_params_req_netwkstagetinfo,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netwkstagetinfo,
        NULL,
        NULL,
        NULL,
        NULL,
        lm_data_resp_netwkstagetinfo,
        lm_null },

      { API_NetWkstaUserLogon,
        lm_params_req_netwkstauserlogon,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netwkstauserlogon,
        NULL,
        NULL,
        NULL,
        NULL,
        lm_data_resp_netwkstauserlogon,
        lm_null },

      { API_NetWkstaUserLogoff,
        lm_params_req_netwkstauserlogoff,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netwkstauserlogoff,
        NULL,
        NULL,
        NULL,
        NULL,
        lm_data_resp_netwkstauserlogoff,
        lm_null },

      { API_SamOEMChgPasswordUser2_P,
        lm_params_req_samoemchangepassword,
        NULL,
        NULL,
        lm_data_req_samoemchangepassword,
        lm_null,
        lm_null,
        NULL,
        NULL,
        NULL,
        NULL,
        lm_null_list,
        lm_null },

      { API_NetServerEnum3,
        lm_params_req_netserverenum3,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_params_resp_netserverenum2,
        "Servers",
        &ett_lanman_servers,
        netserverenum2_server_entry,
        &ett_lanman_server,
        lm_data_serverinfo,
        lm_null },

      { -1,
        lm_null,
        NULL,
        NULL,
        lm_null,
        lm_null,
        lm_null,
        NULL,
        NULL,
        NULL,
        &ett_lanman_unknown_entry,
        lm_null_list,
        lm_null }
};

static const struct lanman_desc *
find_lanman(int lanman_num)
{
      int i;

      for (i = 0; lmd[i].lanman_num != -1; i++) {
            if (lmd[i].lanman_num == lanman_num)
                  break;
      }
      return &lmd[i];
}

static const guchar *
get_count(const guchar *desc, int *countp)
{
      int count = 0;
      guchar c;

      if (!isdigit(*desc)) {
            *countp = 1;      /* no count was supplied */
            return desc;
      }

      while ((c = *desc) != '\0' && isdigit(c)) {
            count = (count * 10) + c - '0';
            desc++;
      }

      *countp = count;  /* XXX - what if it's 0? */
      return desc;
}

static int
dissect_request_parameters(tvbuff_t *tvb, int offset, packet_info *pinfo,
    proto_tree *tree, const guchar *desc, const item_t *items,
    gboolean *has_data_p)
{
      guint c;
      guint16 WParam;
      guint32 LParam;
      guint string_len;
      int count;

      *has_data_p = FALSE;
      while ((c = *desc++) != '\0') {
            switch (c) {

            case 'W':
                  /*
                   * A 16-bit word value in the request.
                   */
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_word_param(tvb, offset, 0, pinfo,
                            tree, 0, -1);
                  } else if (items->type != PARAM_WORD) {
                        /*
                         * Descriptor character is 'W', but this
                         * isn't a word parameter.
                         */
                        WParam = tvb_get_letohs(tvb, offset);
                        proto_tree_add_text(tree, tvb, offset, 2,
                            "%s: Value is %u (0x%04X), type is wrong (W)",
                            (*items->hf_index == -1) ?
                              "Word Param" :
                              proto_registrar_get_name(*items->hf_index),
                            WParam, WParam);
                        offset += 2;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, 0, pinfo,
                            tree, 0, *items->hf_index);
                        items++;
                  }
                  break;

            case 'D':
                  /*
                   * A 32-bit doubleword value in the request.
                   */
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_dword_param(tvb, offset, 0, pinfo,
                            tree, 0, -1);
                  } else if (items->type != PARAM_DWORD) {
                        /*
                         * Descriptor character is 'D', but this
                         * isn't a doubleword parameter.
                         */
                        LParam = tvb_get_letohl(tvb, offset);
                        proto_tree_add_text(tree, tvb, offset, 2,
                            "%s: Value is %u (0x%08X), type is wrong (D)",
                            (*items->hf_index == -1) ?
                              "Doubleword Param" :
                              proto_registrar_get_name(*items->hf_index),
                            LParam, LParam);
                        offset += 4;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, 0, pinfo,
                            tree, 0, *items->hf_index);
                        items++;
                  }
                  break;

            case 'b':
                  /*
                   * A byte or multi-byte value in the request.
                   */
                  desc = get_count(desc, &count);
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_byte_param(tvb, offset, count,
                            pinfo, tree, 0, -1);
                  } else if (items->type != PARAM_BYTES) {
                        /*
                         * Descriptor character is 'b', but this
                         * isn't a byte/bytes parameter.
                         */
                        proto_tree_add_text(tree, tvb, offset, count,
                            "%s: Value is %s, type is wrong (b)",
                            (*items->hf_index == -1) ?
                              "Byte Param" :
                              proto_registrar_get_name(*items->hf_index),
                            tvb_bytes_to_str(tvb, offset, count));
                        offset += count;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, count,
                            pinfo, tree, 0, *items->hf_index);
                        items++;
                  }
                  break;

            case 'O':
                  /*
                   * A null pointer.
                   */
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        add_null_pointer_param(tvb, offset, 0,
                            pinfo, tree, 0, -1);
                  } else {
                        /*
                         * If "*items->hf_index" is -1, this is
                         * a reserved must-be-null field; don't
                         * clutter the protocol tree by putting
                         * it in.
                         */
                        if (*items->hf_index != -1) {
                              add_null_pointer_param(tvb,
                                  offset, 0, pinfo, tree, 0,
                                  *items->hf_index);
                        }
                        items++;
                  }
                  break;

            case 'z':
                  /*
                   * A null-terminated ASCII string.
                   */
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_string_param(tvb, offset, 0,
                            pinfo, tree, 0, -1);
                  } else if (items->type != PARAM_STRINGZ) {
                        /*
                         * Descriptor character is 'z', but this
                         * isn't a string parameter.
                         */
                        string_len = tvb_strsize(tvb, offset);
                        proto_tree_add_text(tree, tvb, offset, string_len,
                            "%s: Value is %s, type is wrong (z)",
                            (*items->hf_index == -1) ?
                              "String Param" :
                              proto_registrar_get_name(*items->hf_index),
                            tvb_format_text(tvb, offset, string_len));
                        offset += string_len;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, 0,
                            pinfo, tree, 0, *items->hf_index);
                        items++;
                  }
                  break;

            case 'F':
                  /*
                   * One or more pad bytes.
                   */
                  desc = get_count(desc, &count);
                  proto_tree_add_text(tree, tvb, offset, count,
                      "%s", "Padding");
                  offset += count;
                  break;

            case 'L':
                  /*
                   * 16-bit receive buffer length.
                   */
                  proto_tree_add_item(tree, hf_recv_buf_len, tvb,
                      offset, 2, TRUE);
                  offset += 2;
                  break;

            case 's':
                  /*
                   * 32-bit send buffer offset.
                   * This appears not to be sent over the wire.
                   */
                  *has_data_p = TRUE;
                  break;

            case 'T':
                  /*
                   * 16-bit send buffer length.
                   */
                  proto_tree_add_item(tree, hf_send_buf_len, tvb,
                      offset, 2, TRUE);
                  offset += 2;
                  break;

            default:
                  break;
            }
      }
      return offset;
}

static int
dissect_response_parameters(tvbuff_t *tvb, int offset, packet_info *pinfo,
    proto_tree *tree, const guchar *desc, const item_t *items,
    gboolean *has_data_p, gboolean *has_ent_count_p, guint16 *ent_count_p)
{
      guint c;
      guint16 WParam;
      guint32 LParam;
      int count;

      *has_data_p = FALSE;
      *has_ent_count_p = FALSE;
      while ((c = *desc++) != '\0') {
            switch (c) {

            case 'r':
                  /*
                   * 32-bit receive buffer offset.
                   */
                  *has_data_p = TRUE;
                  break;

            case 'g':
                  /*
                   * A byte or series of bytes is returned.
                   */
                  desc = get_count(desc, &count);
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_byte_param(tvb, offset, count,
                            pinfo, tree, 0, -1);
                  } else if (items->type != PARAM_BYTES) {
                        /*
                         * Descriptor character is 'b', but this
                         * isn't a byte/bytes parameter.
                         */
                        proto_tree_add_text(tree, tvb, offset, count,
                            "%s: Value is %s, type is wrong (g)",
                            (*items->hf_index == -1) ?
                              "Byte Param" :
                              proto_registrar_get_name(*items->hf_index),
                            tvb_bytes_to_str(tvb, offset, count));
                        offset += count;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, count,
                            pinfo, tree, 0, *items->hf_index);
                        items++;
                  }
                  break;

            case 'h':
                  /*
                   * A 16-bit word is received.
                   */
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_word_param(tvb, offset, 0, pinfo,
                            tree, 0, -1);
                  } else if (items->type != PARAM_WORD) {
                        /*
                         * Descriptor character is 'h', but this
                         * isn't a word parameter.
                         */
                        WParam = tvb_get_letohs(tvb, offset);
                        proto_tree_add_text(tree, tvb, offset, 2,
                            "%s: Value is %u (0x%04X), type is wrong (W)",
                            (*items->hf_index == -1) ?
                              "Word Param" :
                              proto_registrar_get_name(*items->hf_index),
                            WParam, WParam);
                        offset += 2;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, 0, pinfo,
                            tree, 0, *items->hf_index);
                        items++;
                  }
                  break;

            case 'i':
                  /*
                   * A 32-bit doubleword is received.
                   */
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_dword_param(tvb, offset, 0, pinfo,
                            tree, 0, -1);
                  } else if (items->type != PARAM_DWORD) {
                        /*
                         * Descriptor character is 'i', but this
                         * isn't a doubleword parameter.
                         */
                        LParam = tvb_get_letohl(tvb, offset);
                        proto_tree_add_text(tree, tvb, offset, 2,
                            "%s: Value is %u (0x%08X), type is wrong (i)",
                            (*items->hf_index == -1) ?
                              "Doubleword Param" :
                              proto_registrar_get_name(*items->hf_index),
                            LParam, LParam);
                        offset += 4;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, 0, pinfo,
                            tree, 0, *items->hf_index);
                        items++;
                  }
                  break;

            case 'e':
                  /*
                   * A 16-bit entry count is returned.
                   */
                  WParam = tvb_get_letohs(tvb, offset);
                  proto_tree_add_uint(tree, hf_ecount, tvb, offset, 2,
                      WParam);
                  offset += 2;
                  *has_ent_count_p = TRUE;
                  *ent_count_p = WParam;  /* Save this for later retrieval */
                  break;

            default:
                  break;
            }
      }
      return offset;
}

static int
dissect_transact_data(tvbuff_t *tvb, int offset, int convert,
    packet_info *pinfo, proto_tree *tree, const guchar *desc,
    const item_t *items, guint16 *aux_count_p)
{
      guint c;
      guint16 WParam;
      guint32 LParam;
      int count;
      int cptr;
      const char *string;
      gint string_len;

      if (aux_count_p != NULL)
            *aux_count_p = 0;

      while ((c = *desc++) != '\0') {
            switch (c) {

            case 'W':
                  /*
                   * A 16-bit word value.
                   * XXX - handle the count?
                   */
                  desc = get_count(desc, &count);
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_word_param(tvb, offset, 0, pinfo,
                            tree, convert, -1);
                  } else if (items->type != PARAM_WORD) {
                        /*
                         * Descriptor character is 'W', but this
                         * isn't a word parameter.
                         */
                        WParam = tvb_get_letohs(tvb, offset);
                        proto_tree_add_text(tree, tvb, offset, 2,
                            "%s: Value is %u (0x%04X), type is wrong (W)",
                            (*items->hf_index == -1) ?
                              "Word Param" :
                              proto_registrar_get_name(*items->hf_index),
                            WParam, WParam);
                        offset += 2;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, 0, pinfo,
                            tree, convert, *items->hf_index);
                        items++;
                  }
                  break;

            case 'D':
                  /*
                   * A 32-bit doubleword value.
                   * XXX - handle the count?
                   */
                  desc = get_count(desc, &count);
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_dword_param(tvb, offset, 0, pinfo,
                            tree, convert, -1);
                  } else if (items->type != PARAM_DWORD) {
                        /*
                         * Descriptor character is 'D', but this
                         * isn't a doubleword parameter.
                         */
                        LParam = tvb_get_letohl(tvb, offset);
                        proto_tree_add_text(tree, tvb, offset, 2,
                            "%s: Value is %u (0x%08X), type is wrong (D)",
                            (*items->hf_index == -1) ?
                              "Doubleword Param" :
                              proto_registrar_get_name(*items->hf_index),
                            LParam, LParam);
                        offset += 4;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, 0, pinfo,
                            tree, convert, *items->hf_index);
                        items++;
                  }
                  break;

            case 'B':
                  /*
                   * A byte or multi-byte value.
                   */
                  desc = get_count(desc, &count);
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_byte_param(tvb, offset, count,
                            pinfo, tree, convert, -1);
                  } else if (items->type != PARAM_BYTES) {
                        /*
                         * Descriptor character is 'B', but this
                         * isn't a byte/bytes parameter.
                         */
                        proto_tree_add_text(tree, tvb, offset, count,
                            "%s: Value is %s, type is wrong (B)",
                            (*items->hf_index == -1) ?
                              "Byte Param" :
                              proto_registrar_get_name(*items->hf_index),
                            tvb_bytes_to_str(tvb, offset, count));
                        offset += count;
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, count,
                            pinfo, tree, convert, *items->hf_index);
                        items++;
                  }
                  break;

            case 'O':
                  /*
                   * A null pointer.
                   */
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        add_null_pointer_param(tvb, offset, 0,
                            pinfo, tree, convert, -1);
                  } else {
                        /*
                         * If "*items->hf_index" is -1, this is
                         * a reserved must-be-null field; don't
                         * clutter the protocol tree by putting
                         * it in.
                         */
                        if (*items->hf_index != -1) {
                              add_null_pointer_param(tvb,
                                  offset, 0, pinfo, tree, convert,
                                  *items->hf_index);
                        }
                        items++;
                  }
                  break;

            case 'z':
                  /*
                   * A pointer to a null-terminated ASCII string.
                   */
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_stringz_pointer_param(tvb, offset,
                            0, pinfo, tree, convert, -1);
                  } else if (items->type != PARAM_STRINGZ) {
                        /*
                         * Descriptor character is 'z', but this
                         * isn't a string parameter.
                         */
                        string = get_stringz_pointer_value(tvb, offset,
                            convert, &cptr, &string_len);
                        offset += 4;
                        proto_tree_add_text(tree, tvb, cptr, string_len,
                            "%s: Value is %s, type is wrong (z)",
                            (*items->hf_index == -1) ?
                              "String Param" :
                              proto_registrar_get_name(*items->hf_index),
                            string);
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, 0,
                            pinfo, tree, convert, *items->hf_index);
                        items++;
                  }
                  break;

            case 'b':
                  /*
                   * A pointer to a byte or multi-byte value.
                   */
                  desc = get_count(desc, &count);
                  if (items->func == NULL) {
                        /*
                         * We've run out of items in the table;
                         * fall back on the default.
                         */
                        offset = add_bytes_pointer_param(tvb, offset,
                            count, pinfo, tree, convert, -1);
                  } else if (items->type != PARAM_BYTES) {
                        /*
                         * Descriptor character is 'b', but this
                         * isn't a byte/bytes parameter.
                         */
                        cptr = (tvb_get_letohl(tvb, offset)&0xffff)-convert;
                        offset += 4;
                        proto_tree_add_text(tree, tvb, offset, count,
                            "%s: Value is %s, type is wrong (b)",
                            (*items->hf_index == -1) ?
                              "Byte Param" :
                              proto_registrar_get_name(*items->hf_index),
                            tvb_bytes_to_str(tvb, cptr, count));
                        items++;
                  } else {
                        offset = (*items->func)(tvb, offset, count,
                            pinfo, tree, convert, *items->hf_index);
                        items++;
                  }
                  break;

            case 'N':
                  /*
                   * 16-bit auxiliary data structure count.
                   * XXX - hf_acount?
                   */
                  WParam = tvb_get_letohs(tvb, offset);
                  proto_tree_add_text(tree, tvb, offset, 2,
                      "%s: %u (0x%04X)",
                      "Auxiliary data structure count",
                      WParam, WParam);
                  offset += 2;
                  if (aux_count_p != NULL)
                        *aux_count_p = WParam;  /* Save this for later retrieval */
                  break;

            default:
                  break;
            }
      }
      return offset;
}

static const value_string commands[] = {
      {API_NetShareEnum,                  "NetShareEnum"},
      {API_NetShareGetInfo,               "NetShareGetInfo"},
      {API_NetShareSetInfo,               "NetShareSetInfo"},
      {API_NetShareAdd,             "NetShareAdd"},
      {API_NetShareDel,             "NetShareDel"},
      {API_NetShareCheck,                 "NetShareCheck"},
      {API_NetSessionEnum,                "NetSessionEnum"},
      {API_NetSessionGetInfo,             "NetSessionGetInfo"},
      {API_NetSessionDel,                 "NetSessionDel"},
      {API_WconnectionEnum,               "NetConnectionEnum"},
      {API_NetFileEnum,             "NetFileEnum"},
      {API_NetFileGetInfo,                "NetFileGetInfo"},
      {API_NetFileClose,                  "NetFileClose"},
      {API_NetServerGetInfo,              "NetServerGetInfo"},
      {API_NetServerSetInfo,              "NetServerSetInfo"},
      {API_NetServerDiskEnum,             "NetServerDiskEnum"},
      {API_NetServerAdminCommand,         "NetServerAdminCommand"},
      {API_NetAuditOpen,                  "NetAuditOpen"},
      {API_NetAuditClear,                 "NetAuditClear"},
      {API_NetErrorLogOpen,               "NetErrorLogOpen"},
      {API_NetErrorLogClear,              "NetErrorLogClear"},
      {API_NetCharDevEnum,                "NetCharDevEnum"},
      {API_NetCharDevGetInfo,             "NetCharDevGetInfo"},
      {API_NetCharDevControl,             "NetCharDevControl"},
      {API_NetCharDevQEnum,               "NetCharDevQEnum"},
      {API_NetCharDevQGetInfo,            "NetCharDevQGetInfo"},
      {API_NetCharDevQSetInfo,            "NetCharDevQSetInfo"},
      {API_NetCharDevQPurge,              "NetCharDevQPurge"},
      {API_NetCharDevQPurgeSelf,          "NetCharDevQPurgeSelf"},
      {API_NetMessageNameEnum,            "NetMessageNameEnum"},
      {API_NetMessageNameGetInfo,         "NetMessageNameGetInfo"},
      {API_NetMessageNameAdd,             "NetMessageNameAdd"},
      {API_NetMessageNameDel,             "NetMessageNameDel"},
      {API_NetMessageNameFwd,             "NetMessageNameFwd"},
      {API_NetMessageNameUnFwd,           "NetMessageNameUnFwd"},
      {API_NetMessageBufferSend,          "NetMessageBufferSend"},
      {API_NetMessageFileSend,            "NetMessageFileSend"},
      {API_NetMessageLogFileSet,          "NetMessageLogFileSet"},
      {API_NetMessageLogFileGet,          "NetMessageLogFileGet"},
      {API_NetServiceEnum,                "NetServiceEnum"},
      {API_NetServiceInstall,             "NetServiceInstall"},
      {API_NetServiceControl,             "NetServiceControl"},
      {API_NetAccessEnum,                 "NetAccessEnum"},
      {API_NetAccessGetInfo,              "NetAccessGetInfo"},
      {API_NetAccessSetInfo,              "NetAccessSetInfo"},
      {API_NetAccessAdd,                  "NetAccessAdd"},
      {API_NetAccessDel,                  "NetAccessDel"},
      {API_NetGroupEnum,                  "NetGroupEnum"},
      {API_NetGroupAdd,             "NetGroupAdd"},
      {API_NetGroupDel,             "NetGroupDel"},
      {API_NetGroupAddUser,               "NetGroupAddUser"},
      {API_NetGroupDelUser,               "NetGroupDelUser"},
      {API_NetGroupGetUsers,              "NetGroupGetUsers"},
      {API_NetUserEnum,             "NetUserEnum"},
      {API_NetUserAdd,              "NetUserAdd"},
      {API_NetUserDel,              "NetUserDel"},
      {API_NetUserGetInfo,                "NetUserGetInfo"},
      {API_NetUserSetInfo,                "NetUserSetInfo"},
      {API_NetUserPasswordSet,            "NetUserPasswordSet"},
      {API_NetUserGetGroups,              "NetUserGetGroups"},
      {API_NetWkstaSetUID,                "NetWkstaSetUID"},
      {API_NetWkstaGetInfo,               "NetWkstaGetInfo"},
      {API_NetWkstaSetInfo,               "NetWkstaSetInfo"},
      {API_NetUseEnum,              "NetUseEnum"},
      {API_NetUseAdd,                     "NetUseAdd"},
      {API_NetUseDel,                     "NetUseDel"},
      {API_NetUseGetInfo,                 "NetUseGetInfo"},
      {API_WPrintQEnum,             "WPrintQEnum"},
      {API_WPrintQGetInfo,                "WPrintQGetInfo"},
      {API_WPrintQSetInfo,                "WPrintQSetInfo"},
      {API_WPrintQAdd,              "WPrintQAdd"},
      {API_WPrintQDel,              "WPrintQDel"},
      {API_WPrintQPause,                  "WPrintQPause"},
      {API_WPrintQContinue,               "WPrintQContinue"},
      {API_WPrintJobEnum,                 "WPrintJobEnum"},
      {API_WPrintJobGetInfo,              "WPrintJobGetInfo"},
      {API_WPrintJobSetInfo_OLD,          "WPrintJobSetInfo_OLD"},
      {API_WPrintJobDel,                  "WPrintJobDel"},
      {API_WPrintJobPause,                "WPrintJobPause"},
      {API_WPrintJobContinue,             "WPrintJobContinue"},
      {API_WPrintDestEnum,                "WPrintDestEnum"},
      {API_WPrintDestGetInfo,             "WPrintDestGetInfo"},
      {API_WPrintDestControl,             "WPrintDestControl"},
      {API_NetProfileSave,                "NetProfileSave"},
      {API_NetProfileLoad,                "NetProfileLoad"},
      {API_NetStatisticsGet,              "NetStatisticsGet"},
      {API_NetStatisticsClear,            "NetStatisticsClear"},
      {API_NetRemoteTOD,                  "NetRemoteTOD"},
      {API_WNetBiosEnum,                  "WNetBiosEnum"},
      {API_WNetBiosGetInfo,               "WNetBiosGetInfo"},
      {API_NetServerEnum,                 "NetServerEnum"},
      {API_I_NetServerEnum,               "I_NetServerEnum"},
      {API_NetServiceGetInfo,             "NetServiceGetInfo"},
      {API_WPrintQPurge,                  "WPrintQPurge"},
      {API_NetServerEnum2,                "NetServerEnum2"},
      {API_NetAccessGetUserPerms,         "NetAccessGetUserPerms"},
      {API_NetGroupGetInfo,               "NetGroupGetInfo"},
      {API_NetGroupSetInfo,               "NetGroupSetInfo"},
      {API_NetGroupSetUsers,              "NetGroupSetUsers"},
      {API_NetUserSetGroups,              "NetUserSetGroups"},
      {API_NetUserModalsGet,              "NetUserModalsGet"},
      {API_NetUserModalsSet,              "NetUserModalsSet"},
      {API_NetFileEnum2,                  "NetFileEnum2"},
      {API_NetUserAdd2,             "NetUserAdd2"},
      {API_NetUserSetInfo2,               "NetUserSetInfo2"},
      {API_NetUserPasswordSet2,           "SetUserPassword"},
      {API_I_NetServerEnum2,              "I_NetServerEnum2"},
      {API_NetConfigGet2,                 "NetConfigGet2"},
      {API_NetConfigGetAll2,              "NetConfigGetAll2"},
      {API_NetGetDCName,                  "NetGetDCName"},
      {API_NetHandleGetInfo,              "NetHandleGetInfo"},
      {API_NetHandleSetInfo,              "NetHandleSetInfo"},
      {API_NetStatisticsGet2,             "NetStatisticsGet2"},
      {API_WBuildGetInfo,                 "WBuildGetInfo"},
      {API_NetFileGetInfo2,               "NetFileGetInfo2"},
      {API_NetFileClose2,                 "NetFileClose2"},
      {API_NetServerReqChallenge,         "NetServerReqChallenge"},
      {API_NetServerAuthenticate,         "NetServerAuthenticate"},
      {API_NetServerPasswordSet,          "NetServerPasswordSet"},
      {API_WNetAccountDeltas,             "WNetAccountDeltas"},
      {API_WNetAccountSync,               "WNetAccountSync"},
      {API_NetUserEnum2,                  "NetUserEnum2"},
      {API_NetWkstaUserLogon,             "NetWkstaUserLogon"},
      {API_NetWkstaUserLogoff,            "NetWkstaUserLogoff"},
      {API_NetLogonEnum,                  "NetLogonEnum"},
      {API_NetErrorLogRead,               "NetErrorLogRead"},
      {API_I_NetPathType,                 "I_NetPathType"},
      {API_I_NetPathCanonicalize,         "I_NetPathCanonicalize"},
      {API_I_NetPathCompare,              "I_NetPathCompare"},
      {API_I_NetNameValidate,             "I_NetNameValidate"},
      {API_I_NetNameCanonicalize,         "I_NetNameCanonicalize"},
      {API_I_NetNameCompare,              "I_NetNameCompare"},
      {API_NetAuditRead,                  "NetAuditRead"},
      {API_WPrintDestAdd,                 "WPrintDestAdd"},
      {API_WPrintDestSetInfo,             "WPrintDestSetInfo"},
      {API_WPrintDestDel,                 "WPrintDestDel"},
      {API_NetUserValidate2,              "NetUserValidate2"},
      {API_WPrintJobSetInfo,              "WPrintJobSetInfo"},
      {API_TI_NetServerDiskEnum,          "TI_NetServerDiskEnum"},
      {API_TI_NetServerDiskGetInfo,       "TI_NetServerDiskGetInfo"},
      {API_TI_FTVerifyMirror,             "TI_FTVerifyMirror"},
      {API_TI_FTAbortVerify,              "TI_FTAbortVerify"},
      {API_TI_FTGetInfo,                  "TI_FTGetInfo"},
      {API_TI_FTSetInfo,                  "TI_FTSetInfo"},
      {API_TI_FTLockDisk,                 "TI_FTLockDisk"},
      {API_TI_FTFixError,                 "TI_FTFixError"},
      {API_TI_FTAbortFix,                 "TI_FTAbortFix"},
      {API_TI_FTDiagnoseError,            "TI_FTDiagnoseError"},
      {API_TI_FTGetDriveStats,            "TI_FTGetDriveStats"},
      {API_TI_FTErrorGetInfo,             "TI_FTErrorGetInfo"},
      {API_NetAccessCheck,                "NetAccessCheck"},
      {API_NetAlertRaise,                 "NetAlertRaise"},
      {API_NetAlertStart,                 "NetAlertStart"},
      {API_NetAlertStop,                  "NetAlertStop"},
      {API_NetAuditWrite,                 "NetAuditWrite"},
      {API_NetIRemoteAPI,                 "NetIRemoteAPI"},
      {API_NetServiceStatus,              "NetServiceStatus"},
      {API_I_NetServerRegister,           "I_NetServerRegister"},
      {API_I_NetServerDeregister,         "I_NetServerDeregister"},
      {API_I_NetSessionEntryMake,         "I_NetSessionEntryMake"},
      {API_I_NetSessionEntryClear,        "I_NetSessionEntryClear"},
      {API_I_NetSessionEntryGetInfo,            "I_NetSessionEntryGetInfo"},
      {API_I_NetSessionEntrySetInfo,            "I_NetSessionEntrySetInfo"},
      {API_I_NetConnectionEntryMake,            "I_NetConnectionEntryMake"},
      {API_I_NetConnectionEntryClear,           "I_NetConnectionEntryClear"},
      {API_I_NetConnectionEntrySetInfo,   "I_NetConnectionEntrySetInfo"},
      {API_I_NetConnectionEntryGetInfo,   "I_NetConnectionEntryGetInfo"},
      {API_I_NetFileEntryMake,            "I_NetFileEntryMake"},
      {API_I_NetFileEntryClear,           "I_NetFileEntryClear"},
      {API_I_NetFileEntrySetInfo,         "I_NetFileEntrySetInfo"},
      {API_I_NetFileEntryGetInfo,         "I_NetFileEntryGetInfo"},
      {API_AltSrvMessageBufferSend,       "AltSrvMessageBufferSend"},
      {API_AltSrvMessageFileSend,         "AltSrvMessageFileSend"},
      {API_wI_NetRplWkstaEnum,            "wI_NetRplWkstaEnum"},
      {API_wI_NetRplWkstaGetInfo,         "wI_NetRplWkstaGetInfo"},
      {API_wI_NetRplWkstaSetInfo,         "wI_NetRplWkstaSetInfo"},
      {API_wI_NetRplWkstaAdd,             "wI_NetRplWkstaAdd"},
      {API_wI_NetRplWkstaDel,             "wI_NetRplWkstaDel"},
      {API_wI_NetRplProfileEnum,          "wI_NetRplProfileEnum"},
      {API_wI_NetRplProfileGetInfo,       "wI_NetRplProfileGetInfo"},
      {API_wI_NetRplProfileSetInfo,       "wI_NetRplProfileSetInfo"},
      {API_wI_NetRplProfileAdd,           "wI_NetRplProfileAdd"},
      {API_wI_NetRplProfileDel,           "wI_NetRplProfileDel"},
      {API_wI_NetRplProfileClone,         "wI_NetRplProfileClone"},
      {API_wI_NetRplBaseProfileEnum,            "wI_NetRplBaseProfileEnum"},
      {API_WIServerSetInfo,               "WIServerSetInfo"},
      {API_WPrintDriverEnum,              "WPrintDriverEnum"},
      {API_WPrintQProcessorEnum,          "WPrintQProcessorEnum"},
      {API_WPrintPortEnum,                "WPrintPortEnum"},
      {API_WNetWriteUpdateLog,            "WNetWriteUpdateLog"},
      {API_WNetAccountUpdate,             "WNetAccountUpdate"},
      {API_WNetAccountConfirmUpdate,            "WNetAccountConfirmUpdate"},
      {API_NetConfigSet,                  "NetConfigSet"},
      {API_WAccountsReplicate,            "WAccountsReplicate"},
      {API_SamOEMChgPasswordUser2_P,            "SamOEMChangePassword"},
      {API_NetServerEnum3,                "NetServerEnum3"},
      {API_WPrintDriverGetInfo,           "WPrintDriverGetInfo"},
      {API_WPrintDriverSetInfo,           "WPrintDriverSetInfo"},
      {API_NetAliasAdd,             "NetAliasAdd"},
      {API_NetAliasDel,             "NetAliasDel"},
      {API_NetAliasGetInfo,               "NetAliasGetInfo"},
      {API_NetAliasSetInfo,               "NetAliasSetInfo"},
      {API_NetAliasEnum,                  "NetAliasEnum"},
      {API_NetUserGetLogonAsn,            "NetUserGetLogonAsn"},
      {API_NetUserSetLogonAsn,            "NetUserSetLogonAsn"},
      {API_NetUserGetAppSel,              "NetUserGetAppSel"},
      {API_NetUserSetAppSel,              "NetUserSetAppSel"},
      {API_NetAppAdd,                     "NetAppAdd"},
      {API_NetAppDel,                     "NetAppDel"},
      {API_NetAppGetInfo,                 "NetAppGetInfo"},
      {API_NetAppSetInfo,                 "NetAppSetInfo"},
      {API_NetAppEnum,              "NetAppEnum"},
      {API_NetUserDCDBInit,               "NetUserDCDBInit"},
      {API_NetDASDAdd,              "NetDASDAdd"},
      {API_NetDASDDel,              "NetDASDDel"},
      {API_NetDASDGetInfo,                "NetDASDGetInfo"},
      {API_NetDASDSetInfo,                "NetDASDSetInfo"},
      {API_NetDASDEnum,             "NetDASDEnum"},
      {API_NetDASDCheck,                  "NetDASDCheck"},
      {API_NetDASDCtl,              "NetDASDCtl"},
      {API_NetUserRemoteLogonCheck,       "NetUserRemoteLogonCheck"},
      {API_NetUserPasswordSet3,           "NetUserPasswordSet3"},
      {API_NetCreateRIPLMachine,          "NetCreateRIPLMachine"},
      {API_NetDeleteRIPLMachine,          "NetDeleteRIPLMachine"},
      {API_NetGetRIPLMachineInfo,         "NetGetRIPLMachineInfo"},
      {API_NetSetRIPLMachineInfo,         "NetSetRIPLMachineInfo"},
      {API_NetEnumRIPLMachine,            "NetEnumRIPLMachine"},
      {API_I_ShareAdd,              "I_ShareAdd"},
      {API_I_AliasEnum,             "I_AliasEnum"},
      {API_NetAccessApply,                "NetAccessApply"},
      {API_WPrt16Query,             "WPrt16Query"},
      {API_WPrt16Set,                     "WPrt16Set"},
      {API_NetUserDel100,                 "NetUserDel100"},
      {API_NetUserRemoteLogonCheck2,            "NetUserRemoteLogonCheck2"},
      {API_WRemoteTODSet,                 "WRemoteTODSet"},
      {API_WPrintJobMoveAll,              "WPrintJobMoveAll"},
      {API_W16AppParmAdd,                 "W16AppParmAdd"},
      {API_W16AppParmDel,                 "W16AppParmDel"},
      {API_W16AppParmGet,                 "W16AppParmGet"},
      {API_W16AppParmSet,                 "W16AppParmSet"},
      {API_W16RIPLMachineCreate,          "W16RIPLMachineCreate"},
      {API_W16RIPLMachineGetInfo,         "W16RIPLMachineGetInfo"},
      {API_W16RIPLMachineSetInfo,         "W16RIPLMachineSetInfo"},
      {API_W16RIPLMachineEnum,            "W16RIPLMachineEnum"},
      {API_W16RIPLMachineListParmEnum,    "W16RIPLMachineListParmEnum"},
      {API_W16RIPLMachClassGetInfo,       "W16RIPLMachClassGetInfo"},
      {API_W16RIPLMachClassEnum,          "W16RIPLMachClassEnum"},
      {API_W16RIPLMachClassCreate,        "W16RIPLMachClassCreate"},
      {API_W16RIPLMachClassSetInfo,       "W16RIPLMachClassSetInfo"},
      {API_W16RIPLMachClassDelete,        "W16RIPLMachClassDelete"},
      {API_W16RIPLMachClassLPEnum,        "W16RIPLMachClassLPEnum"},
      {API_W16RIPLMachineDelete,          "W16RIPLMachineDelete"},
      {API_W16WSLevelGetInfo,             "W16WSLevelGetInfo"},
      {API_NetServerNameAdd,              "NetServerNameAdd"},
      {API_NetServerNameDel,              "NetServerNameDel"},
      {API_NetServerNameEnum,             "NetServerNameEnum"},
      {API_I_WDASDEnum,             "I_WDASDEnum"},
      {API_I_WDASDEnumTerminate,          "I_WDASDEnumTerminate"},
      {API_I_WDASDSetInfo2,               "I_WDASDSetInfo2"},
      {0,                           NULL}
};

static void
dissect_response_data(tvbuff_t *tvb, packet_info *pinfo, int convert,
    proto_tree *tree, struct smb_info *smb_info,
    const struct lanman_desc *lanman, gboolean has_ent_count,
    guint16 ent_count)
{
      smb_transact_info_t *trp = smb_info->sip->extra_info;
      const item_list_t *resp_data_list;
      int offset, start_offset;
      const char *label;
      gint ett;
      const item_t *resp_data;
      proto_item *data_item;
      proto_tree *data_tree;
      proto_item *entry_item;
      proto_tree *entry_tree;
      guint i, j;
      guint16 aux_count;

      /*
       * Find the item table for the matching request's detail level.
       */
      for (resp_data_list = lanman->resp_data_list;
          resp_data_list->level != -1; resp_data_list++) {
            if (resp_data_list->level == trp->info_level)
                  break;
      }
      resp_data = resp_data_list->item_list;

      offset = 0;
      if (has_ent_count) {
            /*
             * The data is a list of entries; create a protocol tree item
             * for it.
             */
            if (tree) {
                  label = lanman->resp_data_entry_list_label;
                  if (label == NULL)
                        label = "Entries";
                  if (lanman->ett_data_entry_list != NULL)
                        ett = *lanman->ett_data_entry_list;
                  else
                        ett = ett_lanman_unknown_entries;
                  data_item = proto_tree_add_text(tree, tvb, offset, -1,
                      label);
                  data_tree = proto_item_add_subtree(data_item, ett);
            } else {
                  data_item = NULL;
                  data_tree = NULL;
            }
      } else {
            /*
             * Just leave it at the top level.
             */
            data_item = NULL;
            data_tree = tree;
      }

      if (trp->data_descrip == NULL) {
            /*
             * This could happen if we only dissected
             * part of the request to which this is a
             * reply, e.g. if the request was split
             * across TCP segments and we weren't doing
             * TCP desegmentation, or if we had a snapshot
             * length that was too short.
             *
             * We can't dissect the data; just show it as raw data or,
             * if we've already created a top-level item, note that
             * no descriptor is available.
             */
            if (has_ent_count) {
                  if (data_item != NULL) {
                        proto_item_append_text(data_item,
                            " (No descriptor available)");
                  }
            } else {
                  proto_tree_add_text(data_tree, tvb, offset, -1,
                      "Data (no descriptor available)");
            }
            offset += tvb_length_remaining(tvb, offset);
      } else {
            /*
             * If we have an entry count, show all the entries,
             * with each one having a protocol tree item.
             *
             * Otherwise, we just show one returned item, with
             * no protocol tree item.
             */
            if (!has_ent_count)
                  ent_count = 1;
            for (i = 0; i < ent_count; i++) {
                  start_offset = offset;
                  if (has_ent_count &&
                      lanman->resp_data_element_item != NULL) {
                        /*
                         * Create a protocol tree item for the
                         * entry.
                         */
                        entry_item =
                            (*lanman->resp_data_element_item)
                              (tvb, data_tree, offset);
                        entry_tree = proto_item_add_subtree(
                            entry_item,
                            *lanman->ett_resp_data_element_item);
                  } else {
                        /*
                         * Just leave it at the current
                         * level.
                         */
                        entry_item = NULL;
                        entry_tree = data_tree;
                  }

                  offset = dissect_transact_data(tvb, offset,
                      convert, pinfo, entry_tree,
                      trp->data_descrip, resp_data, &aux_count);

                  /* auxiliary data */
                  if (trp->aux_data_descrip != NULL) {
                        for (j = 0; j < aux_count; j++) {
                              offset = dissect_transact_data(
                                  tvb, offset, convert,
                                  pinfo, entry_tree,
                                  trp->data_descrip,
                                  lanman->resp_aux_data, NULL);
                        }
                  }

                  if (entry_item != NULL) {
                        /*
                         * Set the length of the protocol tree
                         * item for the entry.
                         */
                        proto_item_set_len(entry_item,
                            offset - start_offset);
                  }
            }
      }

      if (data_item != NULL) {
            /*
             * Set the length of the protocol tree item
             * for the data.
             */
            proto_item_set_len(data_item, offset);
      }
}

static gboolean
dissect_pipe_lanman(tvbuff_t *pd_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb,
                packet_info *pinfo, proto_tree *parent_tree)
{
      smb_info_t *smb_info = pinfo->private_data;
      smb_transact_info_t *trp = smb_info->sip->extra_info;
      int offset = 0, start_offset;
      guint16 cmd;
      guint16 status;
      int convert;
      const struct lanman_desc *lanman;
      proto_item *item = NULL;
      proto_tree *tree = NULL;
      guint descriptor_len;
      const gchar *param_descrip, *data_descrip, *aux_data_descrip = NULL;
      gboolean has_data;
      gboolean has_ent_count;
      guint16 ent_count, aux_count;
      guint i;
      proto_item *data_item;
      proto_tree *data_tree;

      if (!proto_is_protocol_enabled(find_protocol_by_id(proto_smb_lanman)))
            return FALSE;
      if (smb_info->request && p_tvb == NULL) {
            /*
             * Requests must have parameters.
             */
            return FALSE;
      }
      pinfo->current_proto = "LANMAN";

      if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
            col_set_str(pinfo->cinfo, COL_PROTOCOL, "LANMAN");
      }

      if (parent_tree) {
            item = proto_tree_add_item(parent_tree, proto_smb_lanman,
                  pd_tvb, 0, -1, FALSE);
            tree = proto_item_add_subtree(item, ett_lanman);
      }

      if (smb_info->request) { /* this is a request */
            /* function code */
            cmd = tvb_get_letohs(p_tvb, offset);
            if (check_col(pinfo->cinfo, COL_INFO)) {
                  col_add_fstr(pinfo->cinfo, COL_INFO, "%s Request", val_to_str(cmd, commands, "Unknown Command (%u)"));
            }
            proto_tree_add_uint(tree, hf_function_code, p_tvb, offset, 2,
                cmd);
            offset += 2;

            /*
             * If we haven't already done so, save the function code in
             * the structure we were handed, so that it's available to
             * the code parsing the reply, and initialize the detail
             * level to -1, meaning "unknown".
             */
            if (!pinfo->fd->flags.visited) {
                  trp->lanman_cmd = cmd;
                  trp->info_level = -1;
                  trp->param_descrip=NULL;
                  trp->data_descrip=NULL;
                  trp->aux_data_descrip=NULL;
            }

            /* parameter descriptor */
            descriptor_len = tvb_strsize(p_tvb, offset);
            proto_tree_add_item(tree, hf_param_desc, p_tvb, offset,
                descriptor_len, TRUE);
            param_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
            if (!pinfo->fd->flags.visited) {
                  /*
                   * Save the parameter descriptor for future use.
                   */
                  g_assert(trp->param_descrip == NULL);
                  trp->param_descrip = g_strdup(param_descrip);
            }
            offset += descriptor_len;

            /* return descriptor */
            descriptor_len = tvb_strsize(p_tvb, offset);
            proto_tree_add_item(tree, hf_return_desc, p_tvb, offset,
                descriptor_len, TRUE);
            data_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
            if (!pinfo->fd->flags.visited) {
                  /*
                   * Save the return descriptor for future use.
                   */
                  g_assert(trp->data_descrip == NULL);
                  trp->data_descrip = g_strdup(data_descrip);
            }
            offset += descriptor_len;

            lanman = find_lanman(cmd);

            /* request parameters */
            start_offset = offset;
            offset = dissect_request_parameters(p_tvb, offset, pinfo, tree,
                param_descrip, lanman->req, &has_data);

            /* auxiliary data descriptor */
            if (tvb_reported_length_remaining(p_tvb, offset) > 0){
                  /*
                   * There are more parameters left, so the next
                   * item is the auxiliary data descriptor.
                   */
                  descriptor_len = tvb_strsize(p_tvb, offset);
                  proto_tree_add_item(tree, hf_aux_data_desc, p_tvb, offset,
                      descriptor_len, TRUE);
                  aux_data_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
                  if (!pinfo->fd->flags.visited) {
                        /*
                         * Save the auxiliary data descriptor for
                         * future use.
                         */
                        g_assert(trp->aux_data_descrip == NULL);
                        trp->aux_data_descrip =
                            g_strdup(aux_data_descrip);
                  }
                  offset += descriptor_len;
            }

            /* reset offset, we now start dissecting the data area */
            offset = 0;
            if (has_data && d_tvb && tvb_reported_length(d_tvb) != 0) {
                  /*
                   * There's a send buffer item in the descriptor
                   * string, and the data count in the transaction
                   * is non-zero, so there's data to dissect.
                   */

                  if (lanman->req_data_item != NULL) {
                        /*
                         * Create a protocol tree item for the data.
                         */
                        data_item = (*lanman->req_data_item)(d_tvb,
                            pinfo, tree, offset);
                        data_tree = proto_item_add_subtree(data_item,
                            *lanman->ett_req_data);
                  } else {
                        /*
                         * Just leave it at the top level.
                         */
                        data_item = NULL;
                        data_tree = tree;
                  }

                  /* data */
                  offset = dissect_transact_data(d_tvb, offset, -1,
                      pinfo, data_tree, data_descrip, lanman->req_data,
                      &aux_count);  /* XXX - what about strings? */

                  /* auxiliary data */
                  if (aux_data_descrip != NULL) {
                        for (i = 0; i < aux_count; i++) {
                              offset = dissect_transact_data(d_tvb,
                                  offset, -1, pinfo, data_tree,
                                  aux_data_descrip,
                                  lanman->req_aux_data, NULL);
                        }
                  }

                  if (data_item != NULL) {
                        /*
                         * Set the length of the protocol tree item
                         * for the data.
                         */
                        proto_item_set_len(data_item, offset);
                  }
            }
      } else {
            /*
             * This is a response.
             * Have we seen the request to which it's a response?
             */
            if (trp == NULL)
                  return FALSE;     /* no - can't dissect it */

            /* ok we have seen this one before */

            /* if it looks like an interim response, update COL_INFO and return */
            if( ( (p_tvb==NULL) || (tvb_reported_length(p_tvb)==0) )
            &&  ( (d_tvb==NULL) || (tvb_reported_length(d_tvb)==0) ) ){
                  /* command */
                  if (check_col(pinfo->cinfo, COL_INFO)) {
                        col_add_fstr(pinfo->cinfo, COL_INFO, "%s Interim Response",
                                   val_to_str(trp->lanman_cmd, commands, "Unknown Command (%u)"));
                  }
                  proto_tree_add_uint(tree, hf_function_code, p_tvb, 0, 0, trp->lanman_cmd);
                  return TRUE;
            }

            /* command */
            if (check_col(pinfo->cinfo, COL_INFO)) {
                  col_add_fstr(pinfo->cinfo, COL_INFO, "%s Response",
                             val_to_str(trp->lanman_cmd, commands, "Unknown Command (%u)"));
            }
            proto_tree_add_uint(tree, hf_function_code, p_tvb, 0, 0,
                trp->lanman_cmd);

            lanman = find_lanman(trp->lanman_cmd);

            /* response parameters */

            /* status */
            status = tvb_get_letohs(p_tvb, offset);
            proto_tree_add_uint(tree, hf_status, p_tvb, offset, 2, status);
            offset += 2;

            /* convert */
            convert = tvb_get_letohs(p_tvb, offset);
            proto_tree_add_uint(tree, hf_convert, p_tvb, offset, 2, convert);
            offset += 2;

            if (trp->param_descrip == NULL) {
                  /*
                   * This could happen if we only dissected
                   * part of the request to which this is a
                   * reply, e.g. if the request was split
                   * across TCP segments and we weren't doing
                   * TCP desegmentation, or if we had a snapshot
                   * length that was too short.
                   *
                   * We can't dissect the parameters; just show them
                   * as raw data.
                   */
                  proto_tree_add_text(tree, p_tvb, offset, -1,
                      "Parameters (no descriptor available)");

                  /*
                   * We don't know whether we have a receive buffer,
                   * as we don't have the descriptor; just show what
                   * bytes purport to be data.
                   */
                  if (d_tvb && tvb_reported_length(d_tvb) > 0) {
                        proto_tree_add_text(tree, d_tvb, 0, -1,
                            "Data (no descriptor available)");
                  }
            } else {
                  /* rest of the parameters */
                  offset = dissect_response_parameters(p_tvb, offset,
                      pinfo, tree, trp->param_descrip, lanman->resp,
                      &has_data, &has_ent_count, &ent_count);

                  /* reset offset, we now start dissecting the data area */
                  offset = 0;
                  /* data */
                  if (d_tvb && tvb_reported_length(d_tvb) > 0) {
                        /*
                         * Well, there are bytes that purport to
                         * be data, at least.
                         */
                        if (has_data) {
                              /*
                               * There's a receive buffer item
                               * in the descriptor string, so
                               * dissect it as response data.
                               */
                              dissect_response_data(d_tvb, pinfo,
                                  convert, tree, smb_info, lanman,
                                  has_ent_count, ent_count);
                        } else {
                              /*
                               * There's no receive buffer item,
                               * but we do have data, so just
                               * show what bytes are data.
                               */
                              proto_tree_add_text(tree, d_tvb, 0, -1,
                                  "Data (no receive buffer)");
                        }
                  }
            }
      }

      return TRUE;
}

void
proto_register_pipe_lanman(void)
{
      static hf_register_info hf[] = {
            { &hf_function_code,
                  { "Function Code", "lanman.function_code", FT_UINT16, BASE_DEC,
                  VALS(commands), 0, "LANMAN Function Code/Command", HFILL }},

            { &hf_param_desc,
                  { "Parameter Descriptor", "lanman.param_desc", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Parameter Descriptor", HFILL }},

            { &hf_return_desc,
                  { "Return Descriptor", "lanman.ret_desc", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Return Descriptor", HFILL }},

            { &hf_aux_data_desc,
                  { "Auxiliary Data Descriptor", "lanman.aux_data_desc", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Auxiliary Data Descriptor", HFILL }},

            { &hf_detail_level,
                  { "Detail Level", "lanman.level", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Detail Level", HFILL }},

            { &hf_recv_buf_len,
                  { "Receive Buffer Length", "lanman.recv_buf_len", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Receive Buffer Length", HFILL }},

            { &hf_send_buf_len,
                  { "Send Buffer Length", "lanman.send_buf_len", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Send Buffer Length", HFILL }},

            { &hf_continuation_from,
                  { "Continuation from message in frame", "lanman.continuation_from", FT_UINT32, BASE_DEC,
                  NULL, 0, "This is a LANMAN continuation from the message in the frame in question", HFILL }},

            { &hf_status,
                  { "Status", "lanman.status", FT_UINT16, BASE_DEC,
                  VALS(status_vals), 0, "LANMAN Return status", HFILL }},

            { &hf_convert,
                  { "Convert", "lanman.convert", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Convert", HFILL }},

            { &hf_ecount,
                  { "Entry Count", "lanman.entry_count", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Number of Entries", HFILL }},

            { &hf_acount,
                  { "Available Entries", "lanman.available_count", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Number of Available Entries", HFILL }},

            { &hf_share_name,
                  { "Share Name", "lanman.share.name", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Name of Share", HFILL }},

            { &hf_share_type,
                  { "Share Type", "lanman.share.type", FT_UINT16, BASE_DEC,
                  VALS(share_type_vals), 0, "LANMAN Type of Share", HFILL }},

            { &hf_share_comment,
                  { "Share Comment", "lanman.share.comment", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Share Comment", HFILL }},

            { &hf_share_permissions,
                  { "Share Permissions", "lanman.share.permissions", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Permissions on share", HFILL }},

            { &hf_share_max_uses,
                  { "Share Max Uses", "lanman.share.max_uses", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Max connections allowed to share", HFILL }},

            { &hf_share_current_uses,
                  { "Share Current Uses", "lanman.share.current_uses", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Current connections to share", HFILL }},

            { &hf_share_path,
                  { "Share Path", "lanman.share.path", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Share Path", HFILL }},

            { &hf_share_password,
                  { "Share Password", "lanman.share.password", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Share Password", HFILL }},

            { &hf_server_name,
                  { "Server Name", "lanman.server.name", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Name of Server", HFILL }},

            { &hf_server_major,
                  { "Major Version", "lanman.server.major", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Server Major Version", HFILL }},

            { &hf_server_minor,
                  { "Minor Version", "lanman.server.minor", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Server Minor Version", HFILL }},

            { &hf_server_comment,
                  { "Server Comment", "lanman.server.comment", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Server Comment", HFILL }},

            { &hf_abytes,
                  { "Available Bytes", "lanman.available_bytes", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Number of Available Bytes", HFILL }},

            { &hf_current_time,
                  { "Current Date/Time", "lanman.current_time", FT_ABSOLUTE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Current date and time, in seconds since 00:00:00, January 1, 1970", HFILL }},

            { &hf_msecs,
                  { "Milliseconds", "lanman.msecs", FT_UINT32, BASE_DEC,
                  NULL, 0, "LANMAN Milliseconds since arbitrary time in the past (typically boot time)", HFILL }},

            { &hf_hour,
                  { "Hour", "lanman.hour", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Current hour", HFILL }},

            { &hf_minute,
                  { "Minute", "lanman.minute", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Current minute", HFILL }},

            { &hf_second,
                  { "Second", "lanman.second", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Current second", HFILL }},

            { &hf_hundredths,
                  { "Hundredths of a second", "lanman.hundredths", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Current hundredths of a second", HFILL }},

            { &hf_tzoffset,
                  { "Time Zone Offset", "lanman.tzoffset", FT_INT16, BASE_DEC,
                  NULL, 0, "LANMAN Offset of time zone from GMT, in minutes", HFILL }},

            { &hf_timeinterval,
                  { "Time Interval", "lanman.timeinterval", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN .0001 second units per clock tick", HFILL }},

            { &hf_day,
                  { "Day", "lanman.day", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Current day", HFILL }},

            { &hf_month,
                  { "Month", "lanman.month", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Current month", HFILL }},

            { &hf_year,
                  { "Year", "lanman.year", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Current year", HFILL }},

            { &hf_weekday,
                  { "Weekday", "lanman.weekday", FT_UINT8, BASE_DEC,
                  VALS(weekday_vals), 0, "LANMAN Current day of the week", HFILL }},

            { &hf_enumeration_domain,
                  { "Enumeration Domain", "lanman.enumeration_domain", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Domain in which to enumerate servers", HFILL }},

            { &hf_last_entry,
                  { "Last Entry", "lanman.last_entry", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN last reported entry of the enumerated servers", HFILL }},

            { &hf_computer_name,
                  { "Computer Name", "lanman.computer_name", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Computer Name", HFILL }},

            { &hf_user_name,
                  { "User Name", "lanman.user_name", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN User Name", HFILL }},

            { &hf_group_name,
                  { "Group Name", "lanman.group_name", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Group Name", HFILL }},

            { &hf_workstation_domain,
                  { "Workstation Domain", "lanman.workstation_domain", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Workstation Domain", HFILL }},

            { &hf_workstation_major,
                  { "Workstation Major Version", "lanman.workstation_major", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Workstation Major Version", HFILL }},

            { &hf_workstation_minor,
                  { "Workstation Minor Version", "lanman.workstation_minor", FT_UINT8, BASE_DEC,
                  NULL, 0, "LANMAN Workstation Minor Version", HFILL }},

            { &hf_logon_domain,
                  { "Logon Domain", "lanman.logon_domain", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Logon Domain", HFILL }},

            { &hf_other_domains,
                  { "Other Domains", "lanman.other_domains", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Other Domains", HFILL }},

            { &hf_password,
                  { "Password", "lanman.password", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Password", HFILL }},

            { &hf_workstation_name,
                  { "Workstation Name", "lanman.workstation_name", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Workstation Name", HFILL }},

            { &hf_ustruct_size,
                  { "Length of UStruct", "lanman.ustruct_size", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN UStruct Length", HFILL }},

            { &hf_logon_code,
                  { "Logon Code", "lanman.logon_code", FT_UINT16, BASE_DEC,
                  VALS(status_vals), 0, "LANMAN Logon Code", HFILL }},

            { &hf_privilege_level,
                  { "Privilege Level", "lanman.privilege_level", FT_UINT16, BASE_DEC,
                  VALS(privilege_vals), 0, "LANMAN Privilege Level", HFILL }},

            { &hf_operator_privileges,
                  { "Operator Privileges", "lanman.operator_privileges", FT_UINT32, BASE_DEC,
                  VALS(op_privilege_vals), 0, "LANMAN Operator Privileges", HFILL }},

            { &hf_num_logons,
                  { "Number of Logons", "lanman.num_logons", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Number of Logons", HFILL }},

            { &hf_bad_pw_count,
                  { "Bad Password Count", "lanman.bad_pw_count", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Number of incorrect passwords entered since last successful login", HFILL }},

            { &hf_last_logon,
                  { "Last Logon Date/Time", "lanman.last_logon", FT_ABSOLUTE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Date and time of last logon", HFILL }},

            { &hf_last_logoff,
                  { "Last Logoff Date/Time", "lanman.last_logoff", FT_ABSOLUTE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Date and time of last logoff", HFILL }},

            { &hf_logoff_time,
                  { "Logoff Date/Time", "lanman.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Date and time when user should log off", HFILL }},

            { &hf_kickoff_time,
                  { "Kickoff Date/Time", "lanman.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Date and time when user will be logged off", HFILL }},

            { &hf_password_age,
                  { "Password Age", "lanman.password_age", FT_RELATIVE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Time since user last changed his/her password", HFILL }},

            { &hf_password_can_change,
                  { "Password Can Change", "lanman.password_can_change", FT_ABSOLUTE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Date and time when user can change their password", HFILL }},

            { &hf_password_must_change,
                  { "Password Must Change", "lanman.password_must_change", FT_ABSOLUTE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Date and time when user must change their password", HFILL }},

            { &hf_script_path,
                  { "Script Path", "lanman.script_path", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Pathname of user's logon script", HFILL }},

            { &hf_logoff_code,
                  { "Logoff Code", "lanman.logoff_code", FT_UINT16, BASE_DEC,
                  VALS(status_vals), 0, "LANMAN Logoff Code", HFILL }},

            { &hf_duration,
                  { "Duration of Session", "lanman.duration", FT_RELATIVE_TIME, BASE_NONE,
                  NULL, 0, "LANMAN Number of seconds the user was logged on", HFILL }},

            { &hf_comment,
                  { "Comment", "lanman.comment", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Comment", HFILL }},

            { &hf_user_comment,
                  { "User Comment", "lanman.user_comment", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN User Comment", HFILL }},

            { &hf_full_name,
                  { "Full Name", "lanman.full_name", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Full Name", HFILL }},

            { &hf_homedir,
                  { "Home Directory", "lanman.homedir", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Home Directory", HFILL }},

            { &hf_parameters,
                  { "Parameters", "lanman.parameters", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Parameters", HFILL }},

            { &hf_logon_server,
                  { "Logon Server", "lanman.logon_server", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Logon Server", HFILL }},

            /* XXX - we should have a value_string table for this */
            { &hf_country_code,
                  { "Country Code", "lanman.country_code", FT_UINT16, BASE_DEC,
                  VALS(ms_country_codes), 0, "LANMAN Country Code", HFILL }},

            { &hf_workstations,
                  { "Workstations", "lanman.workstations", FT_STRING, BASE_NONE,
                  NULL, 0, "LANMAN Workstations", HFILL }},

            { &hf_max_storage,
                  { "Max Storage", "lanman.max_storage", FT_UINT32, BASE_DEC,
                  NULL, 0, "LANMAN Max Storage", HFILL }},

            { &hf_units_per_week,
                  { "Units Per Week", "lanman.units_per_week", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Units Per Week", HFILL }},

            { &hf_logon_hours,
                  { "Logon Hours", "lanman.logon_hours", FT_BYTES, BASE_NONE,
                  NULL, 0, "LANMAN Logon Hours", HFILL }},

            /* XXX - we should have a value_string table for this */
            { &hf_code_page,
                  { "Code Page", "lanman.code_page", FT_UINT16, BASE_DEC,
                  NULL, 0, "LANMAN Code Page", HFILL }},

            { &hf_new_password,
                  { "New Password", "lanman.new_password", FT_BYTES, BASE_HEX,
                  NULL, 0, "LANMAN New Password (encrypted)", HFILL }},

            { &hf_old_password,
                  { "Old Password", "lanman.old_password", FT_BYTES, BASE_HEX,
                  NULL, 0, "LANMAN Old Password (encrypted)", HFILL }},

            { &hf_reserved,
                  { "Reserved", "lanman.reserved", FT_UINT32, BASE_HEX,
                  NULL, 0, "LANMAN Reserved", HFILL }},

      };
      static gint *ett[] = {
            &ett_lanman,
            &ett_lanman_unknown_entries,
            &ett_lanman_unknown_entry,
            &ett_lanman_servers,
            &ett_lanman_server,
            &ett_lanman_groups,
            &ett_lanman_shares,
            &ett_lanman_share,
      };

      proto_smb_lanman = proto_register_protocol(
            "Microsoft Windows Lanman Remote API Protocol", "LANMAN", "lanman");
      proto_register_field_array(proto_smb_lanman, hf, array_length(hf));
      proto_register_subtree_array(ett, array_length(ett));
}

static heur_dissector_list_t smb_transact_heur_subdissector_list;

static GHashTable *dcerpc_fragment_table = NULL;
static GHashTable *dcerpc_reassembled_table = NULL;

static void
smb_dcerpc_reassembly_init(void)
{
      fragment_table_init(&dcerpc_fragment_table);
      reassembled_table_init(&dcerpc_reassembled_table);
}

gboolean
dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree,
    proto_tree *tree, guint32 fid)
{
      smb_info_t *smb_priv = (smb_info_t *)pinfo->private_data;
      gboolean result=0;
      gboolean save_fragmented;
      guint reported_len;
      guint32 hash_key;
      fragment_data *fd_head;
      tvbuff_t *new_tvb;

      pinfo->dcetransportsalt = fid;

      /*
       * Offer desegmentation service to DCERPC if we have all the
       * data.  Otherwise, reassembly is (probably) impossible.
       */
      pinfo->can_desegment=0;
      pinfo->desegment_offset = 0;
      pinfo->desegment_len = 0;
      reported_len = tvb_reported_length(d_tvb);
      if(smb_dcerpc_reassembly && tvb_bytes_exist(d_tvb, 0, reported_len)){
            pinfo->can_desegment=2;
      }

      save_fragmented = pinfo->fragmented;


      /* if we are not offering desegmentation, just try the heuristics
         and bail out
      */
      if(!pinfo->can_desegment){
            result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
            goto clean_up_and_exit;
      }


      /* below this line, we know we are doing reassembly */
      
      /*
       * We have to keep track of reassemblies by FID, because
       * we could have more than one pipe operation in a frame
       * with NetBIOS-over-TCP.
       *
       * We also have to keep track of them by direction, as
       * we might have reassemblies in progress in both directions.
       *
       * We do that by combining the FID and the direction and
       * using that as the reassembly ID.
       *
       * The direction is indicated by the SMB request/reply flag - data
       * from client to server is carried in requests, data from server
       * to client is carried in replies.
       *
       * We know that the FID is only 16 bits long, so we put the
       * direction in bit 17.
       */
      hash_key = fid;
      if (smb_priv->request)
            hash_key |= 0x10000;

      /* this is a new packet, see if we are already reassembling this
         pdu and if not, check if the dissector wants us
         to reassemble it
      */
      if(!pinfo->fd->flags.visited){
            /*
             * This is the first pass.
             *
             * Check if we are already reassembling this PDU or not;
             * we check for an in-progress reassembly for this FID
             * in this direction, by searching for its reassembly
             * structure.
             */
            fd_head=fragment_get(pinfo, fid, dcerpc_fragment_table);
            if(!fd_head){
                  /* No reassembly, so this is a new pdu. check if the
                     dissector wants us to reassemble it or if we
                     already got the full pdu in this tvb.
                  */

                  /*
                   * First, just check if it looks like dcerpc or not.
                   *
                   * XXX - this assumes that the dissector is idempotent,
                   * as it's doing a "trial" dissection building no
                   * tree; that's not necessarily the case.
                   */
                  result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, NULL);
                  
                  /* no this didnt look like something we know */
                  if(!result){
                        goto clean_up_and_exit;
                  }

                  /* did the subdissector want us to reassemble any
                     more data ?
                  */
                  if(pinfo->desegment_len){
                        fragment_add_check(d_tvb, 0, pinfo, fid,
                              dcerpc_fragment_table,
                              dcerpc_reassembled_table,
                              0, reported_len, TRUE);
                        fragment_set_tot_len(pinfo, fid,
                              dcerpc_fragment_table,
                              pinfo->desegment_len+reported_len);
                        goto clean_up_and_exit;
                  }

                  /* guess we have the full pdu in this tvb then,
                     just dissect it and continue.
                  */
                  result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
                  goto clean_up_and_exit;
            }

            /* OK, we're already doing a reassembly for this FID.
               skip to last segment in the existing reassembly structure
               and add this fragment there

               XXX we might add code here to use any offset values
               we might pick up from the Read/Write calls instead of
               assuming we always get them in the correct order
            */
            while(fd_head->next){
                  fd_head=fd_head->next;
            }
            fd_head=fragment_add_check(d_tvb, 0, pinfo, fid,
                  dcerpc_fragment_table, dcerpc_reassembled_table,
                  fd_head->offset+fd_head->len,
                  reported_len, TRUE);

            /* if we completed reassembly */
            if(fd_head){
                  new_tvb = tvb_new_real_data(fd_head->data,
                          fd_head->datalen, fd_head->datalen);
                  tvb_set_child_real_data_tvbuff(d_tvb, new_tvb);
                  add_new_data_source(pinfo, new_tvb,
                          "DCERPC over SMB");
                  pinfo->fragmented=FALSE;

                  d_tvb=new_tvb;

                  /* list what segments we have */
                  show_fragment_tree(fd_head, &smb_pipe_frag_items,
                      tree, pinfo, d_tvb);

                  /* dissect the full PDU */
                  result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
            }
            goto clean_up_and_exit;
      }

      /*
       * This is not the first pass; see if it's in the table of
       * reassembled packets.
       *
       * XXX - we know that several of the arguments aren't going to
       * be used, so we pass bogus variables.  Can we clean this
       * up so that we don't have to distinguish between the first
       * pass and subsequent passes?
       */
      fd_head=fragment_add_check(d_tvb, 0, pinfo, fid, dcerpc_fragment_table,
          dcerpc_reassembled_table, 0, 0, TRUE);
      if(!fd_head){
            /* we didnt find it, try any of the heuristic dissectors
               and bail out 
            */
            result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
            goto clean_up_and_exit;
      }
      if(!fd_head->flags&FD_DEFRAGMENTED){
            /* we dont have a fully reassembled frame */
            result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
            goto clean_up_and_exit;
      }

      /* it is reassembled but it was reassembled in a different frame */
      if(pinfo->fd->num!=fd_head->reassembled_in){
            proto_tree_add_uint(parent_tree, hf_pipe_reassembled_in, d_tvb, 0, 0, fd_head->reassembled_in);
            goto clean_up_and_exit;
      }


      /* display the reassembled pdu */
      new_tvb = tvb_new_real_data(fd_head->data,
              fd_head->datalen, fd_head->datalen);
      tvb_set_child_real_data_tvbuff(d_tvb, new_tvb);
      add_new_data_source(pinfo, new_tvb,
              "DCERPC over SMB");
      pinfo->fragmented=FALSE;

      d_tvb=new_tvb;

      /* list what segments we have */
      show_fragment_tree(fd_head, &smb_pipe_frag_items,
                tree, pinfo, d_tvb);

      /* dissect the full PDU */
      result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
      


clean_up_and_exit:
      /* clear out the variables */
      pinfo->private_data = smb_priv;
      pinfo->can_desegment=0;
      pinfo->desegment_offset = 0;
      pinfo->desegment_len = 0;

      if (!result)
            call_dissector(data_handle, d_tvb, pinfo, parent_tree);

      pinfo->fragmented = save_fragmented;
      return TRUE;
}

void
proto_register_pipe_dcerpc(void)
{
      register_heur_dissector_list("smb_transact", &smb_transact_heur_subdissector_list);
      register_init_routine(smb_dcerpc_reassembly_init);
}

#define CALL_NAMED_PIPE       0x54
#define WAIT_NAMED_PIPE       0x53
#define PEEK_NAMED_PIPE       0x23
#define Q_NM_P_HAND_STATE     0x21
#define SET_NM_P_HAND_STATE   0x01
#define Q_NM_PIPE_INFO        0x22
#define TRANSACT_NM_PIPE      0x26
#define RAW_READ_NM_PIPE      0x11
#define RAW_WRITE_NM_PIPE     0x31

static const value_string functions[] = {
      {CALL_NAMED_PIPE, "CallNamedPipe"},
      {WAIT_NAMED_PIPE, "WaitNamedPipe"},
      {PEEK_NAMED_PIPE, "PeekNamedPipe"},
      {Q_NM_P_HAND_STATE,     "QNmPHandState"},
      {SET_NM_P_HAND_STATE,   "SetNmPHandState"},
      {Q_NM_PIPE_INFO,  "QNmPipeInfo"},
      {TRANSACT_NM_PIPE,      "TransactNmPipe"},
      {RAW_READ_NM_PIPE,      "RawReadNmPipe"},
      {RAW_WRITE_NM_PIPE,     "RawWriteNmPipe"},
      {0,               NULL}
};

static const value_string pipe_status[] = {
      {1,   "Disconnected by server"},
      {2,   "Listening"},
      {3,   "Connection to server is OK"},
      {4,   "Server end of pipe is closed"},
      {0,   NULL}
};

#define PIPE_LANMAN     1
#define PIPE_DCERPC     2

/* decode the SMB pipe protocol
   for requests
    pipe is the name of the pipe, e.g. LANMAN
    smb_info->trans_subcmd is set to the symbolic constant matching the mailslot name
  for responses
    pipe is NULL
    smb_info->trans_subcmd gives us which pipe this response is for
*/
gboolean
dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
             tvbuff_t *p_tvb, tvbuff_t *d_tvb, const char *pipe,
             packet_info *pinfo, proto_tree *tree)
{
      smb_info_t *smb_info;
      smb_transact_info_t *tri;
      guint sp_len;
      proto_item *pipe_item = NULL;
      proto_tree *pipe_tree = NULL;
      int offset;
      int trans_subcmd;
      int function;
      int fid = -1;
      guint16 info_level;

      if (!proto_is_protocol_enabled(find_protocol_by_id(proto_smb_pipe)))
            return FALSE;
      pinfo->current_proto = "SMB Pipe";

      smb_info = pinfo->private_data;

      /*
       * Set the columns.
       */
      if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
            col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMB Pipe");
      }
      if (check_col(pinfo->cinfo, COL_INFO)) {
            col_set_str(pinfo->cinfo, COL_INFO,
                smb_info->request ? "Request" : "Response");
      }

      if (smb_info->sip != NULL)
            tri = smb_info->sip->extra_info;
      else
            tri = NULL;

      /*
       * Set up a subtree for the pipe protocol.  (It might not contain
       * anything.)
       */
      if (sp_tvb != NULL)
            sp_len = tvb_length(sp_tvb);
      else
            sp_len = 0;
      if (tree) {
            pipe_item = proto_tree_add_item(tree, proto_smb_pipe,
                sp_tvb, 0, sp_len, FALSE);
            pipe_tree = proto_item_add_subtree(pipe_item, ett_smb_pipe);
      }
      offset = 0;

      /*
       * Do we have any setup words at all?
       */
      if (s_tvb != NULL && tvb_length(s_tvb) != 0) {
            /*
             * Yes.  The first of them is the function.
             */
            function = tvb_get_letohs(s_tvb, offset);
            proto_tree_add_uint(pipe_tree, hf_pipe_function, s_tvb,
                offset, 2, function);
            offset += 2;
            if (check_col(pinfo->cinfo, COL_INFO)) {
                  col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s",
                      val_to_str(function, functions, "Unknown function (0x%04x)"),
                      smb_info->request ? "Request" : "Response");
            }
            if (tri != NULL)
                  tri->function = function;

            /*
             * The second of them depends on the function.
             */
            switch (function) {

            case CALL_NAMED_PIPE:
            case WAIT_NAMED_PIPE:
                  /*
                   * It's a priority.
                   */
                  proto_tree_add_item(pipe_tree, hf_pipe_priority, s_tvb,
                      offset, 2, TRUE);
                  break;

            case PEEK_NAMED_PIPE:
            case Q_NM_P_HAND_STATE:
            case SET_NM_P_HAND_STATE:
            case Q_NM_PIPE_INFO:
            case TRANSACT_NM_PIPE:
            case RAW_READ_NM_PIPE:
            case RAW_WRITE_NM_PIPE:
                  /*
                   * It's a FID.
                   */
                  fid = tvb_get_letohs(s_tvb, 2);
                  add_fid(s_tvb, pinfo, pipe_tree, offset, 2, (guint16) fid);
                  if (tri != NULL)
                        tri->fid = fid;
                  break;

            default:
                  /*
                   * It's something unknown.
                   * XXX - put it into the tree?
                   */
                  break;
            }
            offset += 2;
      } else {
            /*
             * This is either a response or a pipe transaction with
             * no setup information.
             *
             * In the former case, we can get that information from
             * the matching request, if we saw it.
             *
             * In the latter case, there is no function or FID.
             */
            if (tri != NULL && tri->function != -1) {
                  function = tri->function;
                  proto_tree_add_uint(pipe_tree, hf_pipe_function, NULL,
                      0, 0, function);
                  if (check_col(pinfo->cinfo, COL_INFO)) {
                        col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s",
                            val_to_str(function, functions, "Unknown function (0x%04x)"),
                            smb_info->request ? "Request" : "Response");
                  }
                  fid = tri->fid;
                  if (fid != -1)
                        add_fid(NULL, pinfo, pipe_tree, 0, 0, (guint16) fid);
            } else {
                  function = -1;
                  fid = -1;
            }
      }

      /*
       * XXX - put the byte count and the pipe name into the tree as well;
       * that requires us to fetch a possibly-Unicode string.
       */

      if(smb_info->request){
            if(strncmp(pipe,"LANMAN",6) == 0){
                  trans_subcmd=PIPE_LANMAN;
            } else {
                  /* assume it is DCERPC */
                  trans_subcmd=PIPE_DCERPC;
            }

            if (!pinfo->fd->flags.visited)
                  tri->trans_subcmd = trans_subcmd;
      } else
            trans_subcmd = tri->trans_subcmd;

      if (tri == NULL) {
            /*
             * We don't know what type of pipe transaction this
             * was, so indicate that we didn't dissect it.
             */
            return FALSE;
      }

      switch (function) {

      case CALL_NAMED_PIPE:
      case TRANSACT_NM_PIPE:
            switch(trans_subcmd){

            case PIPE_LANMAN:
                  return dissect_pipe_lanman(pd_tvb, p_tvb, d_tvb, pinfo,
                      tree);
                  break;

            case PIPE_DCERPC:
                  /*
                   * Only dissect this if we know the FID.
                   */
                  if (fid != -1) {
                        if (d_tvb == NULL)
                              return FALSE;
                            return dissect_pipe_dcerpc(d_tvb, pinfo, tree,
                                pipe_tree, fid);
                    }
                  break;
            }
            break;

      case -1:
            /*
             * We don't know the function; we dissect only LANMAN
             * pipe messages, not RPC pipe messages, in that case.
             */
            switch(trans_subcmd){
            case PIPE_LANMAN:
                  return dissect_pipe_lanman(pd_tvb, p_tvb, d_tvb, pinfo,
                      tree);
                  break;
            }
            break;

      case WAIT_NAMED_PIPE:
            break;

      case PEEK_NAMED_PIPE:
            /*
             * Request contains no parameters or data.
             */
            if (!smb_info->request) {
                  if (p_tvb == NULL)
                        return FALSE;
                  offset = 0;
                  proto_tree_add_item(pipe_tree, hf_pipe_peek_available,
                      p_tvb, offset, 2, TRUE);
                  offset += 2;
                  proto_tree_add_item(pipe_tree, hf_pipe_peek_remaining,
                      p_tvb, offset, 2, TRUE);
                  offset += 2;
                  proto_tree_add_item(pipe_tree, hf_pipe_peek_status,
                      p_tvb, offset, 2, TRUE);
                  offset += 2;
            }
            break;

      case Q_NM_P_HAND_STATE:
            /*
             * Request contains no parameters or data.
             */
            if (!smb_info->request) {
                  if (p_tvb == NULL)
                        return FALSE;
                  offset = dissect_ipc_state(p_tvb, pipe_tree, 0, FALSE);
            }
            break;

      case SET_NM_P_HAND_STATE:
            /*
             * Response contains no parameters or data.
             */
            if (smb_info->request) {
                  if (p_tvb == NULL)
                        return FALSE;
                  offset = dissect_ipc_state(p_tvb, pipe_tree, 0, TRUE);
            }
            break;

      case Q_NM_PIPE_INFO:
            offset = 0;
            if (smb_info->request) {
                  if (p_tvb == NULL)
                        return FALSE;

                  /*
                   * Request contains an information level.
                   */
                  info_level = tvb_get_letohs(p_tvb, offset);
                  proto_tree_add_uint(pipe_tree, hf_pipe_getinfo_info_level,
                      p_tvb, offset, 2, info_level);
                  offset += 2;
                  if (!pinfo->fd->flags.visited)
                        tri->info_level = info_level;
            } else {
                  guint8 pipe_namelen;

                  if (d_tvb == NULL)
                        return FALSE;

                  switch (tri->info_level) {

                  case 1:
                        proto_tree_add_item(pipe_tree,
                            hf_pipe_getinfo_output_buffer_size,
                            d_tvb, offset, 2, TRUE);
                        offset += 2;
                        proto_tree_add_item(pipe_tree,
                            hf_pipe_getinfo_input_buffer_size,
                            d_tvb, offset, 2, TRUE);
                        offset += 2;
                        proto_tree_add_item(pipe_tree,
                            hf_pipe_getinfo_maximum_instances,
                            d_tvb, offset, 1, TRUE);
                        offset += 1;
                        proto_tree_add_item(pipe_tree,
                            hf_pipe_getinfo_current_instances,
                            d_tvb, offset, 1, TRUE);
                        offset += 1;
                        pipe_namelen = tvb_get_guint8(d_tvb, offset);
                        proto_tree_add_uint(pipe_tree,
                            hf_pipe_getinfo_pipe_name_length,
                            d_tvb, offset, 1, pipe_namelen);
                        offset += 1;
                        /* XXX - can this be Unicode? */
                        proto_tree_add_item(pipe_tree,
                            hf_pipe_getinfo_pipe_name,
                            d_tvb, offset, pipe_namelen, TRUE);
                        break;
                  }
            }
            break;

      case RAW_READ_NM_PIPE:
            /*
             * Request contains no parameters or data.
             */
            if (!smb_info->request) {
                  if (d_tvb == NULL)
                        return FALSE;

                  offset = dissect_file_data(d_tvb, pipe_tree, 0,
                      (guint16) tvb_reported_length(d_tvb),
                      (guint16) tvb_reported_length(d_tvb));
            }
            break;

      case RAW_WRITE_NM_PIPE:
            offset = 0;
            if (smb_info->request) {
                  if (d_tvb == NULL)
                        return FALSE;

                  offset = dissect_file_data(d_tvb, pipe_tree,
                      offset, (guint16) tvb_reported_length(d_tvb),
                      (guint16) tvb_reported_length(d_tvb));
            } else {
                  if (p_tvb == NULL)
                        return FALSE;
                  proto_tree_add_item(pipe_tree,
                      hf_pipe_write_raw_bytes_written,
                      p_tvb, offset, 2, TRUE);
                  offset += 2;
            }
            break;
      }
      return TRUE;
}

void
proto_register_smb_pipe(void)
{
      static hf_register_info hf[] = {
            { &hf_pipe_function,
                  { "Function", "pipe.function", FT_UINT16, BASE_HEX,
                  VALS(functions), 0, "SMB Pipe Function Code", HFILL }},
            { &hf_pipe_priority,
                  { "Priority", "pipe.priority", FT_UINT16, BASE_DEC,
                  NULL, 0, "SMB Pipe Priority", HFILL }},
            { &hf_pipe_peek_available,
                  { "Available Bytes", "pipe.peek.available_bytes", FT_UINT16, BASE_DEC,
                  NULL, 0, "Total number of bytes available to be read from the pipe", HFILL }},
            { &hf_pipe_peek_remaining,
                  { "Bytes Remaining", "pipe.peek.remaining_bytes", FT_UINT16, BASE_DEC,
                  NULL, 0, "Total number of bytes remaining in the message at the head of the pipe", HFILL }},
            { &hf_pipe_peek_status,
                  { "Pipe Status", "pipe.peek.status", FT_UINT16, BASE_DEC,
                  VALS(pipe_status), 0, "Pipe status", HFILL }},
            { &hf_pipe_getinfo_info_level,
                  { "Information Level", "pipe.getinfo.info_level", FT_UINT16, BASE_DEC,
                  NULL, 0, "Information level of information to return", HFILL }},
            { &hf_pipe_getinfo_output_buffer_size,
                  { "Output Buffer Size", "pipe.getinfo.output_buffer_size", FT_UINT16, BASE_DEC,
                  NULL, 0, "Actual size of buffer for outgoing (server) I/O", HFILL }},
            { &hf_pipe_getinfo_input_buffer_size,
                  { "Input Buffer Size", "pipe.getinfo.input_buffer_size", FT_UINT16, BASE_DEC,
                  NULL, 0, "Actual size of buffer for incoming (client) I/O", HFILL }},
            { &hf_pipe_getinfo_maximum_instances,
                  { "Maximum Instances", "pipe.getinfo.maximum_instances", FT_UINT8, BASE_DEC,
                  NULL, 0, "Maximum allowed number of instances", HFILL }},
            { &hf_pipe_getinfo_current_instances,
                  { "Current Instances", "pipe.getinfo.current_instances", FT_UINT8, BASE_DEC,
                  NULL, 0, "Current number of instances", HFILL }},
            { &hf_pipe_getinfo_pipe_name_length,
                  { "Pipe Name Length", "pipe.getinfo.pipe_name_length", FT_UINT8, BASE_DEC,
                  NULL, 0, "Length of pipe name", HFILL }},
            { &hf_pipe_getinfo_pipe_name,
                  { "Pipe Name", "pipe.getinfo.pipe_name", FT_STRING, BASE_NONE,
                  NULL, 0, "Name of pipe", HFILL }},
            { &hf_pipe_write_raw_bytes_written,
                  { "Bytes Written", "pipe.write_raw.bytes_written", FT_UINT16, BASE_DEC,
                  NULL, 0, "Number of bytes written to the pipe", HFILL }},
            { &hf_pipe_fragment_overlap,
                  { "Fragment overlap",   "pipe.fragment.overlap", FT_BOOLEAN, BASE_NONE,
                  NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
            { &hf_pipe_fragment_overlap_conflict,
                  { "Conflicting data in fragment overlap", "pipe.fragment.overlap.conflict", FT_BOOLEAN,
                  BASE_NONE, NULL, 0x0, "Overlapping fragments contained conflicting data", HFILL }},
            { &hf_pipe_fragment_multiple_tails,
                  { "Multiple tail fragments found",  "pipe.fragment.multipletails", FT_BOOLEAN,
                  BASE_NONE, NULL, 0x0, "Several tails were found when defragmenting the packet", HFILL }},
            { &hf_pipe_fragment_too_long_fragment,
                  { "Fragment too long",  "pipe.fragment.toolongfragment", FT_BOOLEAN,
                  BASE_NONE, NULL, 0x0, "Fragment contained data past end of packet", HFILL }},
            { &hf_pipe_fragment_error,
                  { "Defragmentation error", "pipe.fragment.error", FT_FRAMENUM,
                  BASE_NONE, NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
            { &hf_pipe_fragment,
                  { "Fragment", "pipe.fragment", FT_FRAMENUM,
                  BASE_NONE, NULL, 0x0, "Pipe Fragment", HFILL }},
            { &hf_pipe_fragments,
                  { "Fragments", "pipe.fragments", FT_NONE,
                  BASE_NONE, NULL, 0x0, "Pipe Fragments", HFILL }},
            { &hf_pipe_reassembled_in,
                  { "This PDU is reassembled in", "pipe.reassembled_in", FT_FRAMENUM,
                  BASE_NONE, NULL, 0x0, "The DCE/RPC PDU is completely reassembled in this frame", HFILL }},
      };
      static gint *ett[] = {
            &ett_smb_pipe,
            &ett_smb_pipe_fragment,
            &ett_smb_pipe_fragments,
      };

      proto_smb_pipe = proto_register_protocol(
            "SMB Pipe Protocol", "SMB Pipe", "pipe");

      proto_register_field_array(proto_smb_pipe, hf, array_length(hf));
      proto_register_subtree_array(ett, array_length(ett));
}

void
proto_reg_handoff_smb_pipe(void)
{
      data_handle = find_dissector("data");
}

Generated by  Doxygen 1.6.0   Back to index