diff options
author | Michael Mann <mmann78@netscape.net> | 2014-11-23 23:06:34 -0500 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2014-11-25 02:51:03 +0000 |
commit | e899c3e262594813fa765e44ad143d7f14d6d415 (patch) | |
tree | d29b23b24d3fd27c3ff72dfbfb6bbffa420de66a /epan/dissectors/packet-windows-common.c | |
parent | 4f8a6ec8669fe0b9b2ac642ab99cc853498e4721 (diff) |
Eliminate proto_tree_add_text from some dissectors.
Change-Id: Iadd80aab291e5de714891a9f3c79edeca19e9b93
Reviewed-on: https://code.wireshark.org/review/5458
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-windows-common.c')
-rw-r--r-- | epan/dissectors/packet-windows-common.c | 262 |
1 files changed, 126 insertions, 136 deletions
diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c index afbd698da1..4241f96f0e 100644 --- a/epan/dissectors/packet-windows-common.c +++ b/epan/dissectors/packet-windows-common.c @@ -26,6 +26,7 @@ #include <string.h> #include <epan/packet.h> +#include <epan/expert.h> #include <epan/exceptions.h> #include <epan/wmem/wmem.h> #include "packet-dcerpc.h" @@ -81,6 +82,16 @@ static int hf_nt_security_information_dacl = -1; static int hf_nt_security_information_group = -1; static int hf_nt_security_information_owner = -1; +/* Generated from convert_proto_tree_add_text.pl */ +static int hf_nt_security_information = -1; +static int hf_nt_sec_desc_type = -1; +static int hf_nt_offset_to_dacl = -1; +static int hf_nt_offset_to_owner_sid = -1; +static int hf_nt_ace_flags_object = -1; +static int hf_nt_offset_to_group_sid = -1; +static int hf_nt_ace_flags = -1; +static int hf_nt_offset_to_sacl = -1; + static gint ett_nt_sec_desc = -1; static gint ett_nt_sec_desc_type = -1; static gint ett_nt_sid = -1; @@ -91,6 +102,14 @@ static gint ett_nt_ace_object = -1; static gint ett_nt_ace_object_flags = -1; static gint ett_nt_security_information = -1; +static expert_field ei_nt_owner_sid_beyond_reassembled_data = EI_INIT; +static expert_field ei_nt_ace_extends_beyond_reassembled_data = EI_INIT; +static expert_field ei_nt_ace_extends_beyond_capture = EI_INIT; +static expert_field ei_nt_group_sid_beyond_reassembled_data = EI_INIT; +static expert_field ei_nt_group_sid_beyond_captured_data = EI_INIT; +static expert_field ei_nt_owner_sid_beyond_captured_data = EI_INIT; + + /* WERR error codes */ VALUE_STRING_ARRAY2_GLOBAL_DEF(WERR_errors); /* XXX: Remove GLOBAL_DEF once all PIDL generated dissectors @@ -1188,25 +1207,27 @@ dissect_nt_64bit_time_ex(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_dat filetime_low = tvb_get_letohl(tvb, offset); filetime_high = tvb_get_letohl(tvb, offset + 4); if (filetime_low == 0 && filetime_high == 0) { - item = proto_tree_add_text(tree, tvb, offset, 8, - "%s: No time specified (0)", - proto_registrar_get_name(hf_date)); + ts.secs = 0; + ts.nsecs = 0; + item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "No time specified (0)"); } else if(filetime_low==0 && filetime_high==0x80000000){ - item = proto_tree_add_text(tree, tvb, offset, 8, - "%s: Infinity (relative time)", - proto_registrar_get_name(hf_date)); + ts.secs = filetime_low; + ts.nsecs = filetime_high; + item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "Infinity (relative time)"); } else if(filetime_low==0xffffffff && filetime_high==0x7fffffff){ - item = proto_tree_add_text(tree, tvb, offset, 8, - "%s: Infinity (absolute time)", - proto_registrar_get_name(hf_date)); + ts.secs = filetime_low; + ts.nsecs = filetime_high; + item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "Infinity (absolute time)"); } else { if (nt_time_to_nstime(filetime_high, filetime_low, &ts, onesec_resolution)) { proto_tree_add_time(tree, hf_date, tvb, offset, 8, &ts); } else { - item = proto_tree_add_text(tree, tvb, offset, 8, - "%s: Time can't be converted", - proto_registrar_get_name(hf_date)); + item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "Time can't be converted"); } } if (createdItem != NULL) @@ -1740,13 +1761,10 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, /* Generic access rights */ - item = proto_tree_add_text(subtree, tvb, offset - 4, 4, - "Generic rights: 0x%08x", + generic_tree = proto_tree_add_subtree_format(subtree, tvb, offset - 4, 4, + ett_nt_access_mask_generic, NULL, "Generic rights: 0x%08x", access & GENERIC_RIGHTS_MASK); - generic_tree = proto_item_add_subtree( - item, ett_nt_access_mask_generic); - proto_tree_add_boolean( generic_tree, hf_access_generic_read, tvb, offset - 4, 4, access); @@ -1777,13 +1795,10 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, /* Standard access rights */ - item = proto_tree_add_text(subtree, tvb, offset - 4, 4, - "Standard rights: 0x%08x", + standard_tree = proto_tree_add_subtree_format(subtree, tvb, offset - 4, 4, + ett_nt_access_mask_standard, NULL, "Standard rights: 0x%08x", access & STANDARD_RIGHTS_MASK); - standard_tree = proto_item_add_subtree( - item, ett_nt_access_mask_standard); - proto_tree_add_boolean( standard_tree, hf_access_standard_synchronise, tvb, offset - 4, 4, access); @@ -1809,18 +1824,15 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, boring fashion. */ if (ami && ami->specific_rights_name) - item = proto_tree_add_text(subtree, tvb, offset - 4, 4, - "%s specific rights: 0x%08x", + specific_tree = proto_tree_add_subtree_format(subtree, tvb, offset - 4, 4, + ett_nt_access_mask_specific, &item, "%s specific rights: 0x%08x", ami->specific_rights_name, access & SPECIFIC_RIGHTS_MASK); else - item = proto_tree_add_text(subtree, tvb, offset - 4, 4, - "Specific rights: 0x%08x", + specific_tree = proto_tree_add_subtree_format(subtree, tvb, offset - 4, 4, + ett_nt_access_mask_specific, &item, "Specific rights: 0x%08x", access & SPECIFIC_RIGHTS_MASK); - specific_tree = proto_item_add_subtree( - item, ett_nt_access_mask_specific); - if (ami && ami->specific_rights_fn) { guint32 mapped_access = access; proto_tree *specific_mapped; @@ -2022,26 +2034,24 @@ dissect_nt_ace_object(tvbuff_t *tvb, int offset, proto_tree *parent_tree) proto_item *item; proto_tree *tree; proto_item *flags_item; - proto_tree *flags_tree; guint32 flags; int old_offset=offset; const char *sep = " "; + static const int * ace_flags[] = { + &hf_nt_ace_flags_object_type_present, + &hf_nt_ace_flags_inherited_object_type_present, + NULL + }; tree = proto_tree_add_subtree(parent_tree, tvb, offset, 0, ett_nt_ace_object, &item, "ACE Object"); /* flags */ flags=tvb_get_letohl(tvb, offset); - flags_item = proto_tree_add_text(tree, tvb, offset, 4, - "ACE Object Flags (0x%08x)", flags); - flags_tree = proto_item_add_subtree(flags_item, ett_nt_ace_object_flags); + flags_item = proto_tree_add_bitmask(tree, tvb, offset, hf_nt_ace_flags_object, + ett_nt_ace_object_flags, ace_flags, ENC_LITTLE_ENDIAN); - proto_tree_add_boolean(flags_tree, hf_nt_ace_flags_object_type_present, - tvb, offset, 4, flags); APPEND_ACE_TEXT(flags&0x00000001, flags_item, "%sObject Type Present"); - - proto_tree_add_boolean(flags_tree, hf_nt_ace_flags_inherited_object_type_present, - tvb, offset, 4, flags); APPEND_ACE_TEXT(flags&0x00000002, flags_item, "%sInherited Object Type Present"); offset+=4; @@ -2067,48 +2077,33 @@ dissect_nt_v2_ace_flags(tvbuff_t *tvb, int offset, proto_tree *parent_tree, guint8 *data) { proto_item *item = NULL; - proto_tree *tree = NULL; guint8 mask; const char *sep = " "; + static const int * ace_flags[] = { + &hf_nt_ace_flags_failed_access, + &hf_nt_ace_flags_successful_access, + &hf_nt_ace_flags_inherited_ace, + &hf_nt_ace_flags_inherit_only, + &hf_nt_ace_flags_non_propagate_inherit, + &hf_nt_ace_flags_container_inherit, + &hf_nt_ace_flags_object_inherit, + NULL + }; mask = tvb_get_guint8(tvb, offset); if (data) *data = mask; + item = proto_tree_add_bitmask(parent_tree, tvb, offset, hf_nt_ace_flags, + ett_nt_ace_flags, ace_flags, ENC_NA); - if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, 1, - "NT ACE Flags: 0x%02x", mask); - tree = proto_item_add_subtree(item, ett_nt_ace_flags); - } - - proto_tree_add_boolean(tree, hf_nt_ace_flags_failed_access, - tvb, offset, 1, mask); APPEND_ACE_TEXT(mask&0x80, item, "%sFailed Access"); - - proto_tree_add_boolean(tree, hf_nt_ace_flags_successful_access, - tvb, offset, 1, mask); APPEND_ACE_TEXT(mask&0x40, item, "%sSuccessful Access"); - - proto_tree_add_boolean(tree, hf_nt_ace_flags_inherited_ace, - tvb, offset, 1, mask); APPEND_ACE_TEXT(mask&0x10, item, "%sInherited ACE"); - - proto_tree_add_boolean(tree, hf_nt_ace_flags_inherit_only, - tvb, offset, 1, mask); APPEND_ACE_TEXT(mask&0x08, item, "%sInherit Only"); - - proto_tree_add_boolean(tree, hf_nt_ace_flags_non_propagate_inherit, - tvb, offset, 1, mask); APPEND_ACE_TEXT(mask&0x04, item, "%sNo Propagate Inherit"); - - proto_tree_add_boolean(tree, hf_nt_ace_flags_container_inherit, - tvb, offset, 1, mask); APPEND_ACE_TEXT(mask&0x02, item, "%sContainer Inherit"); - - proto_tree_add_boolean(tree, hf_nt_ace_flags_object_inherit, - tvb, offset, 1, mask); APPEND_ACE_TEXT(mask&0x01, item, "%sObject Inherit"); @@ -2291,12 +2286,12 @@ dissect_nt_acl(tvbuff_t *tvb, int offset_a, packet_info *pinfo, } CATCH(BoundsError) { - proto_tree_add_text(tree, tvb, offset_v, 0, "ACE Extends beyond end of captured data"); + proto_tree_add_expert(tree, pinfo, &ei_nt_ace_extends_beyond_capture, tvb, offset_v, 0); missing_data = TRUE; } CATCH(ReportedBoundsError) { - proto_tree_add_text(tree, tvb, offset_v, 0, "ACE Extends beyond end of reassembled data"); + proto_tree_add_expert(tree, pinfo, &ei_nt_ace_extends_beyond_reassembled_data, tvb, offset_v, 0); missing_data = TRUE; } @@ -2377,50 +2372,28 @@ static const true_false_string tfs_sec_desc_type_self_relative = { static int dissect_nt_sec_desc_type(tvbuff_t *tvb, int offset, proto_tree *parent_tree) { - proto_item *item = NULL; - proto_tree *tree = NULL; - guint16 mask; - - mask = tvb_get_letohs(tvb, offset); - if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, 2, - "Type: 0x%04x", mask); - tree = proto_item_add_subtree(item, ett_nt_sec_desc_type); - } - - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_self_relative, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_rm_control_valid, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_protected, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_protected, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_auto_inherited, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_auto_inherited, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_auto_inherit_req, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_auto_inherit_req, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_server_security, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_trusted, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_defaulted, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_present, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_defaulted, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_present, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_nt_sec_desc_type_group_defaulted, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree, hf_nt_sec_desc_type_owner_defaulted, - tvb, offset, 2, mask); + static const int * flags[] = { + &hf_nt_sec_desc_type_self_relative, + &hf_nt_sec_desc_type_rm_control_valid, + &hf_nt_sec_desc_type_sacl_protected, + &hf_nt_sec_desc_type_dacl_protected, + &hf_nt_sec_desc_type_sacl_auto_inherited, + &hf_nt_sec_desc_type_dacl_auto_inherited, + &hf_nt_sec_desc_type_sacl_auto_inherit_req, + &hf_nt_sec_desc_type_dacl_auto_inherit_req, + &hf_nt_sec_desc_type_server_security, + &hf_nt_sec_desc_type_dacl_trusted, + &hf_nt_sec_desc_type_sacl_defaulted, + &hf_nt_sec_desc_type_sacl_present, + &hf_nt_sec_desc_type_dacl_defaulted, + &hf_nt_sec_desc_type_dacl_present, + &hf_nt_sec_desc_type_group_defaulted, + &hf_nt_sec_desc_type_owner_defaulted, + NULL + }; + proto_tree_add_bitmask(parent_tree, tvb, offset, hf_nt_sec_desc_type, + ett_nt_sec_desc_type, flags, ENC_LITTLE_ENDIAN); offset += 2; return offset; @@ -2430,33 +2403,28 @@ int dissect_nt_security_information(tvbuff_t *tvb, int offset, proto_tree *parent_tree) { proto_item *item = NULL; - proto_tree *tree = NULL; guint32 mask; + static const int * flags[] = { + &hf_nt_security_information_sacl, + &hf_nt_security_information_dacl, + &hf_nt_security_information_group, + &hf_nt_security_information_owner, + NULL + }; mask = tvb_get_letohl(tvb, offset); - if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, 4, - "SEC INFO: 0x%08x", mask); - tree = proto_item_add_subtree(item, ett_nt_security_information); - } + item = proto_tree_add_bitmask(parent_tree, tvb, offset, hf_nt_security_information, + ett_nt_security_information, flags, ENC_LITTLE_ENDIAN); - proto_tree_add_boolean(tree,hf_nt_security_information_sacl, - tvb, offset, 4, mask); if (mask & 0x00000008) { proto_item_append_text(item, " SACL"); } - proto_tree_add_boolean(tree,hf_nt_security_information_dacl, - tvb, offset, 4, mask); if (mask & 0x00000004) { proto_item_append_text(item, " DACL"); } - proto_tree_add_boolean(tree,hf_nt_security_information_group, - tvb, offset, 4, mask); if (mask & 0x00000002) { proto_item_append_text(item, " GROUP"); } - proto_tree_add_boolean(tree,hf_nt_security_information_owner, - tvb, offset, 4, mask); if (mask & 0x00000001) { proto_item_append_text(item, " OWNER"); } @@ -2502,40 +2470,40 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset_a, packet_info *pinfo, owner_sid_offset = tvb_get_letohl(tvb, offset_v); if(owner_sid_offset != 0 && owner_sid_offset < 20){ /* Bogus value - points into fixed portion of descriptor */ - proto_tree_add_text(tree, tvb, offset_v, 4, "Offset to owner SID: %u (bogus, must be >= 20)", owner_sid_offset); + proto_tree_add_uint_format_value(tree, hf_nt_offset_to_owner_sid, tvb, offset_v, 4, owner_sid_offset, "%u (bogus, must be >= 20)", owner_sid_offset); owner_sid_offset = 0; } else - proto_tree_add_text(tree, tvb, offset_v, 4, "Offset to owner SID: %u", owner_sid_offset); + proto_tree_add_item(tree, hf_nt_offset_to_owner_sid, tvb, offset_v, 4, ENC_LITTLE_ENDIAN); offset_v += 4; /* offset to group sid */ group_sid_offset = tvb_get_letohl(tvb, offset_v); if(group_sid_offset != 0 && group_sid_offset < 20){ /* Bogus value - points into fixed portion of descriptor */ - proto_tree_add_text(tree, tvb, offset_v, 4, "Offset to group SID: %u (bogus, must be >= 20)", group_sid_offset); + proto_tree_add_uint_format_value(tree, hf_nt_offset_to_group_sid, tvb, offset_v, 4, group_sid_offset, "%u (bogus, must be >= 20)", group_sid_offset); group_sid_offset = 0; } else - proto_tree_add_text(tree, tvb, offset_v, 4, "Offset to group SID: %u", group_sid_offset); + proto_tree_add_item(tree, hf_nt_offset_to_group_sid, tvb, offset_v, 4, ENC_LITTLE_ENDIAN); offset_v += 4; /* offset to sacl */ sacl_offset = tvb_get_letohl(tvb, offset_v); if(sacl_offset != 0 && sacl_offset < 20){ /* Bogus value - points into fixed portion of descriptor */ - proto_tree_add_text(tree, tvb, offset_v, 4, "Offset to SACL: %u (bogus, must be >= 20)", sacl_offset); + proto_tree_add_uint_format_value(tree, hf_nt_offset_to_sacl, tvb, offset_v, 4, sacl_offset, "%u (bogus, must be >= 20)", sacl_offset); sacl_offset = 0; } else - proto_tree_add_text(tree, tvb, offset_v, 4, "Offset to SACL: %u", sacl_offset); + proto_tree_add_item(tree, hf_nt_offset_to_sacl, tvb, offset_v, 4, ENC_LITTLE_ENDIAN); offset_v += 4; /* offset to dacl */ dacl_offset = tvb_get_letohl(tvb, offset_v); if(dacl_offset != 0 && dacl_offset < 20){ /* Bogus value - points into fixed portion of descriptor */ - proto_tree_add_text(tree, tvb, offset_v, 4, "Offset to DACL: %u (bogus, must be >= 20)", dacl_offset); + proto_tree_add_uint_format_value(tree, hf_nt_offset_to_dacl, tvb, offset_v, 4, dacl_offset, "%u (bogus, must be >= 20)", dacl_offset); dacl_offset = 0; } else - proto_tree_add_text(tree, tvb, offset_v, 4, "Offset to DACL: %u", dacl_offset); + proto_tree_add_item(tree, hf_nt_offset_to_dacl, tvb, offset_v, 4, ENC_LITTLE_ENDIAN); offset_v += 4; end_offset = offset_v; @@ -2556,11 +2524,11 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset_a, packet_info *pinfo, } CATCH(BoundsError) { - proto_tree_add_text(tree, tvb, item_offset, 0, "Owner SID beyond end of captured data"); + proto_tree_add_expert(tree, pinfo, &ei_nt_owner_sid_beyond_captured_data, tvb, item_offset, 0); } CATCH(ReportedBoundsError) { - proto_tree_add_text(tree, tvb, item_offset, 0, "Owner SID beyond end of reassembled data"); + proto_tree_add_expert(tree, pinfo, &ei_nt_owner_sid_beyond_reassembled_data, tvb, item_offset, 0); } ENDTRY; @@ -2582,11 +2550,11 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset_a, packet_info *pinfo, } CATCH(BoundsError) { - proto_tree_add_text(tree, tvb, item_offset, 0, "Group SID beyond end of captured data"); + proto_tree_add_expert(tree, pinfo, &ei_nt_group_sid_beyond_captured_data, tvb, item_offset, 0); } CATCH(ReportedBoundsError) { - proto_tree_add_text(tree, tvb, item_offset, 0, "Group SID beyond end of reassembled data"); + proto_tree_add_expert(tree, pinfo, &ei_nt_group_sid_beyond_reassembled_data, tvb, item_offset, 0); } ENDTRY; @@ -2988,6 +2956,15 @@ proto_do_register_windows_common(int proto_smb) { "Owner", "nt.sec_info.owner", FT_BOOLEAN, 32, TFS(&flags_sec_info_owner), 0x00000001, NULL, HFILL }}, + /* Generated from convert_proto_tree_add_text.pl */ + { &hf_nt_ace_flags_object, { "ACE Object Flags", "nt.ace.object.flags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }}, + { &hf_nt_ace_flags, { "NT ACE Flags", "nt.ace.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, + { &hf_nt_sec_desc_type, { "Type", "nt.sec_desc.type", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }}, + { &hf_nt_security_information, { "SEC INFO", "nt.sec_info", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }}, + { &hf_nt_offset_to_owner_sid, { "Offset to owner SID", "nt.offset_to_owner_sid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + { &hf_nt_offset_to_group_sid, { "Offset to group SID", "nt.offset_to_group_sid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + { &hf_nt_offset_to_sacl, { "Offset to SACL", "nt.offset_to_sacl", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, + { &hf_nt_offset_to_dacl, { "Offset to DACL", "nt.offset_to_dacl", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, }; static gint *ett[] = { @@ -3006,8 +2983,21 @@ proto_do_register_windows_common(int proto_smb) &ett_nt_security_information, }; + static ei_register_info ei[] = { + { &ei_nt_ace_extends_beyond_capture, { "nt.ace_extends_beyond_capture", PI_MALFORMED, PI_ERROR, "ACE Extends beyond end of captured data", EXPFILL }}, + { &ei_nt_ace_extends_beyond_reassembled_data, { "nt.ace_extends_beyond_reassembled_data", PI_MALFORMED, PI_ERROR, "ACE Extends beyond end of reassembled data", EXPFILL }}, + { &ei_nt_owner_sid_beyond_captured_data, { "nt.owner_sid.beyond_captured_data", PI_MALFORMED, PI_ERROR, "Owner SID beyond end of captured data", EXPFILL }}, + { &ei_nt_owner_sid_beyond_reassembled_data, { "nt.owner_sid.beyond_reassembled_data", PI_MALFORMED, PI_ERROR, "Owner SID beyond end of reassembled data", EXPFILL }}, + { &ei_nt_group_sid_beyond_captured_data, { "nt.group_sid.beyond_captured_data", PI_MALFORMED, PI_ERROR, "Group SID beyond end of captured data", EXPFILL }}, + { &ei_nt_group_sid_beyond_reassembled_data, { "nt.group_sid.beyond_reassembled_data", PI_MALFORMED, PI_ERROR, "Group SID beyond end of reassembled data", EXPFILL }}, + }; + + expert_module_t* expert_nt; + proto_register_subtree_array(ett, array_length(ett)); proto_register_field_array(proto_smb, hf, array_length(hf)); + expert_nt = expert_register_protocol(proto_smb); + expert_register_field_array(expert_nt, ei, array_length(ei)); } /* |