| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
McKinney.
svn path=/trunk/; revision=4256
|
|
Add a few small functions to reassemble.c to cope with protocols
where the total length of defragmented PDUs are specified in the
first fragment (all previous uses of reassembly has been for
PDUs where the last fragment is signalled by a flag in the
header for the last fragment).
Add a few small functions to reassemble.c to abort-and-delete
defragmentation of PDUs and also detect IF a PDU is currently
being defragmented. (Useful for PDUs where the "unique"
identifier is rather ununique, or may be reused often enough so
it can be a problem for Ethereal.)
Change where NT Cancel presents its Cancelation-to output, and
makes the three trans secondary requests also output similar
information.
svn path=/trunk/; revision=4255
|
|
svn path=/trunk/; revision=4254
|
|
as the pathname of a capture file to be read. If more than one such
option is specified, print a usage message.
Fix the documentation of the "-r" option to Ethereal and Tethereal.
svn path=/trunk/; revision=4253
|
|
svn path=/trunk/; revision=4252
|
|
svn path=/trunk/; revision=4251
|
|
merely mean that we mistakenly treated stuff from the text-dump part of
the file we're reading as if it were hex byte data (e.g., if the first
non-white-space part of the text dump was a 2-digit hex number). If the
offset we read is less than the expected next offset, assume that's the
problem, and throw away enough extra bytes to make the offset we read
the expected next offset.
"getopt()" will never, for any option that the "getopt()" string says
takes an argument, leave "optarg" null; if no argument was specified,
it'll return an error, so there's no need to check for a null "optarg".
svn path=/trunk/; revision=4250
|
|
of digits followed by a blank or tab, so that we recognize the newline
as an end-of-line.
svn path=/trunk/; revision=4249
|
|
svn path=/trunk/; revision=4248
|
|
pointers used for plugins on win32.
svn path=/trunk/; revision=4247
|
|
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
|
|
structure, we may have to worry about it in more places than the places
that *used* to set "pi.len" and "pi.captured_len", so there's no point
in just saving and restoring it there. We'll remove those
saves/restores, and worry about saves and restores when we find a
problem.
svn path=/trunk/; revision=4245
|
|
#defines for SMB commands with ones that use the names from the SNIA
CIFS spec.
Use those #define values rather than hardcoded values in various places
that check for specific commands.
svn path=/trunk/; revision=4244
|
|
Ronnie Sahlberg.
svn path=/trunk/; revision=4243
|
|
per Todd Sabin's suggestion.
svn path=/trunk/; revision=4242
|
|
svn path=/trunk/; revision=4241
|
|
svn path=/trunk/; revision=4240
|
|
svn path=/trunk/; revision=4239
|
|
svn path=/trunk/; revision=4238
|
|
to it returns data that's no longer used).
svn path=/trunk/; revision=4237
|
|
structure; they're no longer used.
svn path=/trunk/; revision=4236
|
|
of packet data captured.
Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the
packet" argument.
Add some length checks to capture routines.
svn path=/trunk/; revision=4235
|
|
them.
svn path=/trunk/; revision=4234
|
|
and call it both from "select_packet()" and "create_new_window()",
rather than having two similar loops in both places.
svn path=/trunk/; revision=4233
|
|
text view should be selected, rather than always selecting a field in
the main text view.
svn path=/trunk/; revision=4232
|
|
if (and only if) the length of the item being added is 0 (so that it has
no data backing it).
This means the data stream name pointer for the item in question is
null; make sure we handle that.
Use that for some "uses the value from the matching request" fields in
the SMB Pipe protocol.
svn path=/trunk/; revision=4231
|
|
NT Cancel, as transaction continuations don't get a response, either.
svn path=/trunk/; revision=4230
|
|
routines used for that.
Rename some named pipe functions as per the SNIA CIFS spec.
Label the "number of files moved" field of the reply to a Move SMB as
such, rather than as an unspecified "Count".
svn path=/trunk/; revision=4229
|
|
matching responses.
svn path=/trunk/; revision=4228
|
|
- accept struct and union lists passed in via ethereal_be.py
- these lists are unused until I add the templates for struct
and union helper functions. So code generation is unchanged
for the moment.
svn path=/trunk/; revision=4227
|
|
- find all union/struct references and store in lists.
This includes embedded unions and structs.
- pass the struct and union lists onto ethereal_gen.py
- print all found nodes at DEBUG
svn path=/trunk/; revision=4226
|
|
references an unknown module, check the "preference" part to see if
another "." is found; iterate until a known module is found, or until
nor more "."'s are found.
Needed for the new "x.25.non_q_bit_is_sna" preference.
svn path=/trunk/; revision=4225
|
|
column.
svn path=/trunk/; revision=4224
|
|
obviates the need to have a protocol tree item for "MSRPC-over-SMB", as
the setup words for it are just standard TransactNmPipe setup words
(0x26 is the TransactNmPipe function code, and the next setup word is
the FID for the pipe in question.)
Pass to the pipe dissector tvbuffs for setup-words-plus-pipe (which is
the data for the pipe protocol) and parameters-plus-data (which is the
data for the protocol running atop the pipe protocol); use the former
for the top-level protocol tree item for the pipe protocol, and the
latter for the top-level protocol tree item for the LANMAN protocol.
svn path=/trunk/; revision=4223
|
|
mailslot-based logon protocols just be regular register routines,
detected by the script that generates the "register.c" file, rather than
special stuff known to the SMB dissector.
svn path=/trunk/; revision=4222
|
|
"dissect_pipe_smb()", a tvbuff containing the setup words and the
pipe/mailslot pathname, as those are arguably the part of the packet
that contains the "mailslot protocol" and the "pipe protocol", as
opposed to the protocol running atop mailslots or pipes.
Pass a setup tvbuff to "dissect_pipe_smb()" for it to pass on to the
MSRPC-over-named-pipe dissector, and have the setup tvbuff passed to it
and "dissect_mailslot_smb()" contain *only* the setup words; don't
extract anything other than the setup words from it.
Declare "register_proto_smb_mailslot()" in "packet-smb-mailslot.h"
rather than "packet-smb.c", and declare "register_proto_smb_pipe()" in
"packet-smb-pipe.h" rather than "packet-smb.c".
Add a protocol for MSRPC-over-named-pipes.
Move the stuff to handle the FID in the setup words of
MSRPC-over-named-pipe transactions out of the SMB Transaction dissector
into the MSRPC dissector. Add a routine to "packet-smb.c", callable
from outside "packet-smb.c", to put an "smb.fid" field into the protocol
tree, and to add ", FID: XXXX" to the Info column, for use by the
MSRPC-over-named-pipe dissector; use it in the SMB dissector as well, in
all the places where we put a FID into the protocol tree.
Move the stuff to check whether the LANMAN protocol is enabled, and to
set "pinfo->current_proto" to "LANMAN" if it is, into the LANMAN
API-over-named-pipe dissector out of the named pipe protocol dissector.
If we didn't dissect a Transaction request or reply as a named pipe or
mailslot message, put any setup words, parameters, and data it has into
the protocol tree as separate items.
Don't put a "Response in" item into the protocol tree for an NT Cancel
request, as there are no responses to NT Cancel requests.
svn path=/trunk/; revision=4221
|
|
conversation matching.
svn path=/trunk/; revision=4220
|
|
display the returned FID in the Info column for NT Create And X
replies;
display the setup words, and treat the second word as a FID in
Transaction requests presumed to contain DCE RPC-over-SMB.
Add the FID to the Info column for other open/create replies while we're
at it.
svn path=/trunk/; revision=4219
|
|
structure, so that it can be updated by subdissectors; this way the
updates affect the structure immediately, and don't get lost if the
subdissector later throws an exception.
Use "tvb_reported_length()" to check for an interim mailslot reply;
"tvb_length()" could give the wrong answer if a short snapshot length
was given in the capture.
svn path=/trunk/; revision=4218
|
|
http.
svn path=/trunk/; revision=4217
|
|
"smb_saved_info_t". Put all the information needed to dissect NT
Transaction replies, Transaction2 replies, or Transaction replies into
separate data structures, allocated separately, and put a pointer to
that data structure in the "void *" in question.
Use the return value of "dissect_pipe_smb()" and
"dissect_mailslot_smb()" to control whether to display as data the stuff
those routines were asked to dissect.
If we've seen a request before, but its "smb_saved_info_t" isn't in the
"matched" hash table, look in the "unmatched" hash table - perhaps we
haven't seen the reply yet.
svn path=/trunk/; revision=4216
|
|
SMB FILE SHARING PROTOCOL EXTENSIONS, SMB File Sharing Protocol
Extensions Version 2.0, Document Version 3.3".
Fix the test for the "connectionless mode" to test the correct bit.
svn path=/trunk/; revision=4215
|
|
we didn't find the request it's cancelling.
svn path=/trunk/; revision=4214
|
|
and replies, just save a structure holding that information that can't
be derived from the contents of one of the SMBs.
Don't save anything at all for NT Cancel requests - they have the same
TID/PID/MID/UID as the SMB being cancelled, and you want the information
for that request used when dissecting the NT Cancel (so it gets the
number of the frame containing the request being cancelled) and when
dissecting the reply to the request being cancelled.
Get rid of an unused routine.
svn path=/trunk/; revision=4213
|
|
Get rid of "Response to" stuff in the LANMAN dissector, as that's now
done in the SMB dissector.
Add a routine for dissecting unknown SMBs (gets the word and byte
counts, and just adds text entries for the word and byte parameters, if
any), and replace null pointers in the dissector table with pointers to
that routine. Get rid of the check for a null dissector pointer.
svn path=/trunk/; revision=4212
|
|
piece of information in the reply, as a file can have more than one
stream; show all of them.
Don't use the "File Name" field for stream names.
svn path=/trunk/; revision=4211
|
|
adding the stream size.
svn path=/trunk/; revision=4210
|
|
svn path=/trunk/; revision=4209
|
|
svn path=/trunk/; revision=4208
|
|
work on dissecting the Information frame of QLLC packets.
Thanks to mario.ferreira@hsbc.com.br for lots of information on SNA
over X.25.
svn path=/trunk/; revision=4207
|
