aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-dcerpc.c
AgeCommit message (Collapse)AuthorFilesLines
2006-11-26From Stefan Metzmacher:Jaap Keuter1-6/+13
I have a little additional patch, that makes it easier to see what which bytes are not caught by the sub_dissector. And it makes it easy to select and export the full payload to a file. svn path=/trunk/; revision=19987
2006-11-24From Stefan Metzmacher:Jaap Keuter1-12/+19
This patch fixes some problems with encrypted DCERPC traffic svn path=/trunk/; revision=19971
2006-11-21fix for bug 1226:Ronnie Sahlberg1-1/+4
reported by Benjamin Meyer WireShark marks DCE RPC FACKs as "malformed" if they do not have a body. According to DCE RPC Spec. 1.1 FACKs "may contain" a body PTU. I am unable to build WireShark (lack of time to install all neccessary stuff) but I looked at the SourceCode. I think, at least this has to be fixed: file: epan/dissectors/packet-dcerpc.c function: static gboolean dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) *snip* case PDU_FACK dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr); break; *snap* I guess, it should look like "case PDU_NOCALL:" directly above. svn path=/trunk/; revision=19952
2006-10-20Catch an infinite loop. Fixes bug 1172.Gerald Combs1-12/+15
svn path=/trunk/; revision=19640
2006-09-28From stephen fisher:Ronnie Sahlberg1-4/+2
I have figured out one of the fields in the MAPI EcRRegisterPushNotification packet. The field is a UDP port number that the client wants the Exchange server to send new mail notifications on. These notifications are on a port > 1023 and are always 8 bytes long. It looks like I would add the function name to the dcerpc_mapi_dissectors[] for the register push notification. What would my new function need to do besides display the field? Thanks, Steve Here is a patch to add this functionality. It displays the notification port and the notification payload (not sure what the payload itself means yet). It also dynamically registers each notification port found with a new dissector (that I called newmail for lack of a better name - I'm open to suggestions) that displays the notification payload. This is all undocumented by Microsoft in their usual fashion. I also changed the code to always display the mapi.opnum field; currently, the mapi.opnum is only displayed when the dcerpc_mapi_dissector is null. Steve svn path=/trunk/; revision=19350
2006-09-24print the connectionless interface name if such is knownUlf Lamping1-3/+11
svn path=/trunk/; revision=19309
2006-09-23replace a rotating buffer in smb with ep allocated memoryRonnie Sahlberg1-4/+4
dont try dcerpc reassembly of fragments if we dont have the entire pdu only call the heuristical dissectors once from smb/pipe as per guy(?)s comments about idempotence. when doing reassembly, the dcerpc dissector is indeed not idempotent any more. svn path=/trunk/; revision=19304
2006-09-13the way we pass dcerpc strings from deep down in helpers to high level ↵Ronnie Sahlberg1-0/+4
dissector functions (dcv->private_data) for things such as strings and sids is a mess and very difficult to handle without a lot of memory leakage. the biggest problem in changing this is the dcv->private_data usage. add a dcv->se_data which can keep data around from a request to a response and use this to change the LSA/OpenPolicy2 servername passing from request to response as a test pattern of moving all users of dcv->private data over to use dcv->se_data. once all users are migrated over we can then change the dcv->private data pointer to be of ep scope and thus not need an explicit free (which is quite difficult and it is quite difficult in the old semantics to know WHEN we need to free this pointer) this will eventually make the usage more clean and at the same time close down quite a few memory leaks. eventually this will make dissect_ndr_nt_SID return a pointer to ep allocated memory that need not be explicitely freed. svn path=/trunk/; revision=19226
2006-09-07tweak some expert infos so they better work with the composite dialog (e.g. ↵Ulf Lamping1-6/+6
remove some minor details) svn path=/trunk/; revision=19176
2006-09-02Add brackets to squelch a compiler warning.Guy Harris1-22/+23
Fix indentation. svn path=/trunk/; revision=19114
2006-08-28minor format string changeUlf Lamping1-2/+2
svn path=/trunk/; revision=19065
2006-08-18guids are not olnly used in dcerpc interfaces and they often occur in many ↵Ronnie Sahlberg1-3/+0
other protocols such as ldap and smb/smb2 move the initialization of the guid mapping table from the dcerpc dissector to a more neutral place svn path=/trunk/; revision=18947
2006-08-17some further work on the GUID/UUID resolvingsUlf Lamping1-255/+32
most of the relevant code moved to guid_utils lot of corresponding code cleanup in packet-dcerpc.c still using GHashTable still not using a manuf like file svn path=/trunk/; revision=18939
2006-08-17add missing _WIN32 encapsulation so braces match and compilation under ↵Ronnie Sahlberg1-0/+2
non-win32 works svn path=/trunk/; revision=18936
2006-08-16various UUID/GUID based changes.Ulf Lamping1-65/+92
I think I've changed all corresponding appearances from FT_STRING to FT_GUID, so assert the FT_ type as it should only be a FT_GUID now. Add a generic implementation in guid_utils.h to have a way to store data about GUID to name resolving (something like value_string for e.g. int). It might be better to have a single registry for all GUID's of all dissectors and implement the GUID name resolving into the proto_tree_add... functions. svn path=/trunk/; revision=18935
2006-07-22add some more "informational" (generated) fields to the dcerpc treeUlf Lamping1-12/+62
these fields can help with the everyday work of the DCE/RPC (and upper) protocol dissections svn path=/trunk/; revision=18784
2006-07-08don't use only upper case letters for ResolveWin32UUID parameter and ↵Ulf Lamping1-19/+19
variable names svn path=/trunk/; revision=18688
2006-07-08if the request/response subdissector couldn't be called because of missing ↵Ulf Lamping1-2/+14
bind information, add a generated field telling the user and add an expert info entry This often happens when the capture misses the binding procedure at the beginning of a conversation "capture start too late". svn path=/trunk/; revision=18687
2006-07-06add another CBA DCOM HRESULTUlf Lamping1-0/+1
svn path=/trunk/; revision=18675
2006-07-01lower the expert info level from NOTE to CHAT for the multiple PDU message, ↵Ulf Lamping1-1/+1
as this is a common behaviour svn path=/trunk/; revision=18634
2006-06-29keep the (optional) Object UUID in the call valueUlf Lamping1-1/+5
svn path=/trunk/; revision=18613
2006-06-29the drep parameter of dissect_dcerpc_uuid_t() should be guint8 * instead of ↵Ulf Lamping1-1/+1
char * (just like all the other dissect_dcerpc_...() functions). This should fix some "differ in signedness" warnings (and maybe will raise new ones, which should be fixed at the calling places then) svn path=/trunk/; revision=18605
2006-06-26add a new column DCE/RPC context IDUlf Lamping1-0/+42
svn path=/trunk/; revision=18578
2006-06-23fix the reading of UUID's from the Win32 registry, it was broken as we ↵Ulf Lamping1-3/+4
switched to UNICODE compilation I thought there was a bugzilla entry about this, but couldn't find it svn path=/trunk/; revision=18561
2006-06-15add a missing status codeUlf Lamping1-0/+1
svn path=/trunk/; revision=18470
2006-06-12add some more DCOM related HRESULTSUlf Lamping1-0/+4
svn path=/trunk/; revision=18437
2006-05-21change a whole bunch of ethereal into wiresharkRonnie Sahlberg1-5/+5
svn path=/trunk/; revision=18196
2006-05-05add two missing DCOM Dispatch error codesUlf Lamping1-0/+2
svn path=/trunk/; revision=18097
2006-03-17fix for coverity bug 41Ronnie Sahlberg1-3/+12
if decryption failed there was a possibility to dereference a null pointer svn path=/trunk/; revision=17657
2006-03-09Remove MIN and MAX defines, which GLib provides.Gerald Combs1-4/+0
svn path=/trunk/; revision=17551
2006-03-08Fix a couple of compilation warnings.Gerald Combs1-2/+6
svn path=/trunk/; revision=17538
2006-03-08Use Unicode for all native Win32 calls. Unicode Windows applicationsGerald Combs1-2/+2
use UTF-16 internally and GTK+ 2.x uses UTF-8, which means we have to do a lots of conversions. Add utf_8to16() and utf_16to8 convenience functions to strutil.c. svn path=/trunk/; revision=17534
2006-02-16Use the new "proto_tree_add_*_format_value" routines.Guy Harris1-1/+1
svn path=/trunk/; revision=17316
2006-01-19add "RPC_E_TIMEOUT" to the reject status codesUlf Lamping1-0/+1
svn path=/trunk/; revision=17053
2005-11-12add initial decode of dcerpc over smb2Ronnie Sahlberg1-0/+8
it does not yet multiplex between different files but it is better than nothing svn path=/trunk/; revision=16484
2005-10-17In packet-dcerpc-nt.c, make sure we call init_pol_hash() each time we loadGerald Combs1-136/+136
a capture file. This should fix bug #536. Make sure we initialize our hash tables in packet-dcerpc-nt.c and several other files. Fix up whitespace while we're at it. svn path=/trunk/; revision=16255
2005-09-28fix #480: Change defaults for all reassembling settings to ONUlf Lamping1-1/+1
I've changed all settings I could find to TRUE. It might be reasonable to change some protocol settings back to FALSE, if reassembling fails very often. svn path=/trunk/; revision=16048
2005-09-25If "dissect_dcerpc_cn()" throws an exception when called byGuy Harris1-0/+5
"dissect_dcerpc_cn_bs_body()", it's because it recognized the packet as a DCE RPC packet, but it ran out of data dissecting it as such; increment the count of DCE RPC PDUs, so "dissect_dcerpc_cn_bs_body()" returns TRUE, and its caller doesn't think nothing was dissected. Fuzzed with some DCE RPC captures. svn path=/trunk/; revision=16000
2005-09-23remove some compiler warningsRonnie Sahlberg1-4/+4
svn path=/trunk/; revision=15974
2005-09-22add two more bind reject reasons from the specsUlf Lamping1-0/+4
svn path=/trunk/; revision=15962
2005-09-20fix: packet-dcerpc.c(4019) : warning C4018: '<' : signed/unsigned mismatchUlf Lamping1-1/+1
svn path=/trunk/; revision=15892
2005-09-16split call id's with a #, if more than one DCE/RPC call is in a data PDUUlf Lamping1-1/+7
svn path=/trunk/; revision=15841
2005-09-14add E_OUTOFMEMORYUlf Lamping1-0/+1
svn path=/trunk/; revision=15803
2005-09-14Allow dissection of dcerpc of short frames instead of aborting as soon as ↵Ronnie Sahlberg1-68/+74
it is detected the pdu is "short" svn path=/trunk/; revision=15796
2005-09-12add number of defragmented bytes to the expert info outputUlf Lamping1-2/+3
svn path=/trunk/; revision=15771
2005-09-12fix fault defragmentation the same way as in the request/response pathUlf Lamping1-18/+7
Unfortunately, I don't have a capture file to test this... svn path=/trunk/; revision=15763
2005-09-12fix reassembling problem I've introduced yesterday, by using ↵Ulf Lamping1-61/+17
fragment_add_seq_next() function instead of fragment_add() in addition, I had to implement fragment_get_reassembled() in addition to fragment_get(), which works with reassembled_table svn path=/trunk/; revision=15762
2005-09-11rename fragment_add_dcerpc -> fragment_add_dcerpc_dg to avoid confusion a bit,Ulf Lamping1-1/+1
as connection oriented (cn) and connectionless (dg) DCE/RPC uses different ways to handle defragmentation and this function is only used for dg svn path=/trunk/; revision=15757
2005-09-11some things fixed, leftover from code cleanup (thanks to the buggy MSVC ↵Ulf Lamping1-1/+1
dependencies) svn path=/trunk/; revision=15755
2005-09-11I'm adding the "Expert Info" prototype now, as it seems to be in a state ↵Ulf Lamping1-4/+66
where others might have a look and probably already find it useful :-). Anyway, we can easily disable it at one or two places in the code if it get's in our way of a new release. Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation. While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors. svn path=/trunk/; revision=15754
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 23:17:39 +0000