Age | Commit message (Collapse) | Author | Files | Lines |
|
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
|
the reported length of the blob, not the amount of data available from
the blob.
Use "tvb_strneql()" when checking for strings, so that we don't throw an
exception if there's less data in the tvbuff than there are bytes in the
string, we just say "not equal".
svn path=/trunk/; revision=11031
|
|
a pdu.
even for short frames, try to pass on as mush as possible to gssapi.
svn path=/trunk/; revision=10545
|
|
means we don't have to expand the ACE to see what the permission mask is.
There are a couple of other places where this could be used, but I have not
done anything about them.
svn path=/trunk/; revision=10515
|
|
fields over the wire in ASCII in SessionSetupandX messages even though
the "Unicode strings" flag is set.
svn path=/trunk/; revision=10413
|
|
inside Write commands and make sure the proper things are stored in the hash so
we remember what is and what is not a IPC$ share ontop of which all file i/o is to dcerpc interfaces.
svn path=/trunk/; revision=10268
|
|
Combine the dissection for 0x0101 and 1004 in Set File Info.
svn path=/trunk/; revision=10234
|
|
svn path=/trunk/; revision=9735
|
|
svn path=/trunk/; revision=9625
|
|
svn path=/trunk/; revision=9528
|
|
show that the short name can be in ASCII if flags 2 says ASCII.
svn path=/trunk/; revision=9519
|
|
svn path=/trunk/; revision=9494
|
|
svn path=/trunk/; revision=9459
|
|
always contain an SMB command code (SMB requests and responses both have
command codes, so there's no "unknown" out-of-band value); make it a
"guint8".
Make the argument to "decode_smb_name()" a "guint8" as an SMB command
code is passed to it ("guint8" and "unsigned char" are the same types on
all platforms we're likely to deal with, so it's a cosmetic change, not
a semantic one).
Put in an extra "GPOINTER_TO_UINT()" call before casting
"si->sip->extra_info" to "guint16", to squelch compiler warnings.
svn path=/trunk/; revision=9335
|
|
svn path=/trunk/; revision=9332
|
|
There might be a 4 (not 2) byte datalen high field.
If there is no such field (due to an early dialect being used) these bytes are often 0xff.
If these four bytes are all 0xff dont display them in the tree.
svn path=/trunk/; revision=9149
|
|
tvbuff, show what's left as extra byte parameters - don't act as if
there aren't any extra byte parameters.
svn path=/trunk/; revision=8946
|
|
If the ByteCount field in the SMB PDU spanned beyond the end of the
packet because the packet was short or because the BC field was corrupted and contained
garbade data then the tree item for the command (the subtree just after the SMBHeader subtree) would describe data continuing beyond the end of the
packet.
If we selected one such tree in the dissect pane and used Prepare/Match Selected this would cause the filter build thing to try to access data beyod the end
of the packet and ethereal would dump core.
Change the END_OF_SMB macro so that it shrinks bc so that bc never describes
data beyond the end of the packet.
svn path=/trunk/; revision=8926
|
|
packet-dcerpc-smb.c that is often returned from the winreg abortshutdown
operation.
svn path=/trunk/; revision=8767
|
|
svn path=/trunk/; revision=8764
|
|
against 0xffffffff, it has to be extracted into a 32-bit variable.
svn path=/trunk/; revision=8575
|
|
svn path=/trunk/; revision=8567
|
|
when reading what could potentially be the maxcount high field
assume that IF it is 0xFFFFFFFF that it is not maxcount high at all but
instead just some padding/reserved bytes.
If this field is 0xFFFFFFFF just ignore it.
svn path=/trunk/; revision=8559
|
|
svn path=/trunk/; revision=8302
|
|
"Data Length".
Fix some low-16-bits-of fields to have "_low", rather than "_high", at
the ends of their names.
svn path=/trunk/; revision=8204
|
|
in the SNIA CIFS spec, although it's probably a 16-bit MaxCountHigh and
a 16-bit reserved field (it's a 32-bit timeout field in an earlier SMB
spec).
Call the MaxCount and MaxCountHigh fields in a READ_ANDX "Max Count Low"
and "Max Count High", rather than "Data Length Low" and "Data Length
High".
svn path=/trunk/; revision=8198
|
|
We treated this as just a normal 64bit integer in LittleEndian format.
However, this is actually 2 32 bit integers, each in LittleEndian format
but the two 32 bit fields are stored in BigEndian format relative to each other.
Since we dont do 64 bit aritmetic I had to convert the field to FT_STRING as well
so sorry, no creative len>xxx filters anymore. but at least we present
the data in the correct way in the tree pane.
We didnt see this one earlier since most locking_andx requests are probably for offset : 0 and length: -
Funnily enough it seems that certain popular commercial products have the same bug as ethereal had up until 5 minutes ago.
svn path=/trunk/; revision=8196
|
|
instead of as being represented as RESERVED.
This updates the ReadAndX and WriteAndX calls and replies.
This should really try to keep track of the negotiation of the conversation to make sure we only do it for those sessions where LARGE file io has been negotiated. Currently it does it for all Read/Write AndX calls.
It is probably safe to do so since for those clients where this is not supported these bytes are RESERVED and MBZ anyway.
svn path=/trunk/; revision=8191
|
|
Change the AndX command fields to only place a filterable field in the tree when smb.cmd is NOT 0xff
If smb.cmd is 0xFF just place a text entry in the field instead.
This makes it more intuitive for users that try to use filters such as
smb.cmd!=0xXY since the filter will no longer behave "unexpectedly" and fail to filter out any of the AndX commands.
Yes, they should really use !smb.cmd==0xXY instead but one cant explain this to every single user.
I dont think anyone would ever want to filter for smb.cmd==0xFF anyway
svn path=/trunk/; revision=8178
|
|
svn path=/trunk/; revision=8170
|
|
we go through the data, so we can't compare it with the current offset
minus the starting offset - we should just test, and use, its value
directly, as, at the end, it reflects the amount of data left.
svn path=/trunk/; revision=8167
|
|
find response and we end up displaying malformed frame even though all data
has been dissected.
svn path=/trunk/; revision=8166
|
|
The strings are now in COL_INFO and the section numbers were cluttering it
up.
svn path=/trunk/; revision=8164
|
|
transaction -> trans, information -> info.
Put value_string data in COL_INFO for trans2 query{path,file}info.
svn path=/trunk/; revision=8163
|
|
transpositions of subcommand numbers, and the query object id case was not
implemented. I'm not sure about the query fs label info as it doesn't seem
to exist as a server procedure except in Samba.
svn path=/trunk/; revision=8162
|
|
svn path=/trunk/; revision=8128
|
|
Appendix D.
svn path=/trunk/; revision=8012
|
|
some extra info levels discovered by tridge.
Put subcommand information in COL_INFO for trans2 query fs/path/file
info.
svn path=/trunk/; revision=8011
|
|
so it is pretty common for MID values to be reused even in
moderately sized captures.
The test to compare that the command type between the request
and reply is not sufficient for when most of the commands between the client
and the server are the same (e.g. streaming Read/Write)
Change the matching so that ONLY the first "response" we see for a certain
open MID will be matched to the original request.
I.e. Prevent
Read Request
Read Reply
[missing from capture] Read Request
Read Reply
From incorrectly matching the second reply (if it has a reused MID) with the
first request.
This makes the response time statistics a bit more reliable as well.
svn path=/trunk/; revision=7888
|
|
tvb_get_string() - takes a tvbuff, an offset, and a length as
arguments, allocates a buffer big enough to hold a string with
the specified number of bytes plus an added null terminator
(i.e., length+1), copies the specified number of bytes from the
tvbuff, at the specified offset, to that buffer and puts in a
null terminator, and returns a pointer to that buffer (or throws
an exception before allocating the buffer if that many bytes
aren't available in the tvbuff);
tvb_get_stringz() - takes a tvbuff, an offset, and a pointer to
a "gint" as arguments, gets the size of the null-terminated
string starting at the specified offset in the tvbuff (throwing
an exception if the null terminator isn't found), allocates a
buffer big enough to hold that string, copies the string to that
buffer, and returns a pointer to that buffer and stores the
length of the string (including the terminating null) in the
variable pointed to by the "gint" pointer.
Replace many pieces of code allocating a buffer and copying a string
with calls to "tvb_get_string()" (for one thing, "tvb_get_string()"
doesn't require you to remember that the argument to
"tvb_get_nstringz0()" is the size of the buffer into which you're
copying the string, which might be the length of the string to be copied
*plus 1*).
Don't use fixed-length buffers for null-terminated strings (even if the
code that generates those packets has a #define to limit the length of
the string). Use "tvb_get_stringz()", instead.
In some cases where a value is fetched but is only used to pass an
argument to a "proto_tree_add_XXX" routine, use "proto_tree_add_item()"
instead.
svn path=/trunk/; revision=7859
|
|
PID" even for SMB-over-IPX.
svn path=/trunk/; revision=7823
|
|
svn path=/trunk/; revision=7819
|
|
2-byte reserved field.
svn path=/trunk/; revision=7812
|
|
reflect the 1.0 version of the CIFS spec. Similarly update function
names containing section numbers.
Change the strings for query file levels 0x0200 and 0x0201 to say
"Query" rather than "Set" (we now have separate tables for "query" and
"set" information levels, as some of them differ), and get rid of the
string for 0x0202, as that's documented in the CIFS spec only as a "set"
level.
svn path=/trunk/; revision=7810
|
|
according to the SNIA CIFS 1.0 spec and some captures I've seen, are not
the same as for the corresponding TRANS2_GET_{PATH,FILE}_INFORMATION.
Handle the SET information levels as per the CIFS spec.
svn path=/trunk/; revision=7806
|
|
list length before my previous commit.
svn path=/trunk/; revision=7797
|
|
info level 4.
svn path=/trunk/; revision=7796
|
|
multiple NetBIOS-over-TCP session service messages in a TCP segment, and
they can contain the final portions of different DCERPC calls. Don't
assume a frame number is sufficient to identify DCE RPC calls.
svn path=/trunk/; revision=7777
|
|
allocated with "g_malloc()" and related GLib routines.
svn path=/trunk/; revision=7758
|