aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-dcerpc.c
AgeCommit message (Collapse)AuthorFilesLines
2011-12-27Fix a comment. Correct a few typos.cmaynard1-14/+14
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@40303 f5534014-38df-0310-8fa8-9805f1628bb7
2011-11-09Fix a number of proto_tree_add_item() encoding args.wmeier1-1/+1
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39774 f5534014-38df-0310-8fa8-9805f1628bb7
2011-10-21For proto_tree_add_item(..., proto_xxx, ...)use ENC_NA as the encoding arg.wmeier1-2/+2
Also: remove trailing whitespace for a number of files. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39503 f5534014-38df-0310-8fa8-9805f1628bb7
2011-10-18From Dirk Jagdmann via ↵morriss1-52/+31
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6450 : Several updates to the DCE/RPC dissector: - changed the variable name "ndr64_uuid" to "uuid_ndr64" to make it similar the the other UUID variable names. Minor changes to the UUID names. - changes the UUID name for the 32bit NDR to describe that. In the DCE/RPC standard this UUID is described as "Version 1.1 network data representation protocol", but this is an unnecessarily long name and it's the only 32bit version defined for DCE/RPC anyway. The new name "32bit NDR" is similar to the changed name for the 64bit NDR. - added an UUID for "bind time feature negotiation" found with Microsoft PDUs. - added an UUID for "asynchonous MAPI". Of course this UUID/name should be added to the MAPI dissector, but the MAPI dissector is generated C code from Samba/OpenChange pidl sources. Eventually those might get updated. An alternative would be to create a new file to specifically register UUIDs used in the DCE/RPC context. - when the g_hash_table_insert() function is used, I've removed the code to lookup and remove the key, as g_hash_table_insert() is doing that internally (or more precise, it is overwriting the old value). - in the dissector function for Bind and BindAck, I now print all context items into COL_INFO and not just the first one. - added a new value for Bind results, used by Microsoft products. (The "Negotiate ACK" is used with the "bind time feature negotiation" UUID) git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39455 f5534014-38df-0310-8fa8-9805f1628bb7
2011-10-15Convert proto_tree_add_item() 'encoding' arg for field types FT_STRING, ↵wmeier1-1/+1
FT_STRINGZ, FT_UINT_STRING as follows: 1. If there's no character encoding (ENC_ASCII, ...) specified then use ENC_ASCII. 2. For all but FT_UINT_STRING, always use ENC_NA (replacing any existing True/1/FALSE/0 /ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN). git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39426 f5534014-38df-0310-8fa8-9805f1628bb7
2011-10-06Convert 'encoding' parameter of certain proto_tree_add_item() calls in ↵wmeier1-1/+1
non-autogenerated epan/dissectors: Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as the encoding parameter for proto_tree_add_item() calls which directly reference an item in hf[] which has a type of: FT_UINT8 FT_UINT16 FT_UINT24 FT_UINT32 FT_UINT64 FT_INT8 FT_INT16 FT_INT24 FT_INT32 FT_INT64 FT_FLOAT FT_DOUBLE git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39288 f5534014-38df-0310-8fa8-9805f1628bb7
2011-10-04Use ENC_NA as encoding for proto_tree_add_item() calls which directly ↵wmeier1-3/+3
reference an hf item (in hf[] with types: FT_NONE FT_BYTES FT_IPV6 FT_IPXNET FT_OID Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39260 f5534014-38df-0310-8fa8-9805f1628bb7
2011-08-11From Dirk Jagdmann: Protect the RTS info column.gerald1-2/+3
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38487 f5534014-38df-0310-8fa8-9805f1628bb7
2011-07-19Add a DREP_LITTLE_ENDIAN for the DCE RPC endianness bit in the dataguy1-22/+38
representation. Use it rather than a raw 0x10. Add a DREP_ENC_INTEGER() macro that takes a pointer to the data representation and returns either ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN; use it for the encoding argument to proto_tree_add_item(), rather than just the AND of drep[0] and DREP_LITTLE_ENDIAN, as it's not a boolean any more, and for string values we'll be supporting character encodings as well and thus won't be able to trust that the 0x10 bit will mean "little endian". Use ENC_NA for some other encoding values, i.e. for FT_BYTES and the like. Fix a couple of places in the DCOM dissector where we were passing the byte-order bit rather than the field value to proto_tree_add_uint_format(). Clean up white space. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38128 f5534014-38df-0310-8fa8-9805f1628bb7
2011-05-23Delete unused header field entries found by running checkhf.pl.cmaynard1-3/+0
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37353 f5534014-38df-0310-8fa8-9805f1628bb7
2011-05-23From Micheal Mann via bug 2794: Fix some display filter field names.cmaynard1-16/+16
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37351 f5534014-38df-0310-8fa8-9805f1628bb7
2011-04-16From Dirk:etxrab1-161/+82
The attachted patch cleans up the output of DCE/RPC fragment information in the dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5772 From me get rid of check_col() git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@36665 f5534014-38df-0310-8fa8-9805f1628bb7
2011-02-18Fix more Visual C++ analysis errors.gerald1-0/+1
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35995 f5534014-38df-0310-8fa8-9805f1628bb7
2011-01-30Introduce "Fragment count" filter element for all protocols doing reassembly.stig1-0/+6
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35705 f5534014-38df-0310-8fa8-9805f1628bb7
2011-01-19Fix warning found by clang...sfisher1-1/+1
packet-dcerpc.c:4056:19: error: comparison of integers of different signs: 'guint32' (aka 'unsigned int') and 'int' [-Wsign-compare] for (i = 0; i < (int) commands_nb; ++i) { ~ ^ ~~~~~~~~~~~~~~~~~ ... by removing the "(int)" cast git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35587 f5534014-38df-0310-8fa8-9805f1628bb7
2011-01-03Remove the other use of tvb_fake_unicode() from the DCE/RPC dissector andsfisher1-6/+2
replace it with tvb_get_unicode_string(). git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35348 f5534014-38df-0310-8fa8-9805f1628bb7
2011-01-03Switch one of the places in the DCERPC dissector from usingsfisher1-6/+2
tvb_fake_unicode() to tvb_get_unicode_string(). git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35346 f5534014-38df-0310-8fa8-9805f1628bb7
2010-12-23From Julien Kerihuel:jake1-1/+478
I've just finished to write a ncacn_http dissector for Wireshark which provides the ability to dissect Outlook anywhere packets properly (as specified by [MS-RPCH].pdf documentation. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35259 f5534014-38df-0310-8fa8-9805f1628bb7
2010-12-08Change "DCE RPC" to "Distributed Computing Environment / Remote Proceduresfisher1-1/+1
Call (DCE/RPC)" for the DCERPC dissector's PROTONAME. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35152 f5534014-38df-0310-8fa8-9805f1628bb7
2010-12-06Fix various typos and spelling errors.wmeier1-1/+1
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35126 f5534014-38df-0310-8fa8-9805f1628bb7
2010-05-13As suggested in ↵morriss1-16/+6
http://www.wireshark.org/lists/wireshark-dev/200809/msg00075.html (as referenced in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2907 ) and https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3411 : Write a new convenience routine for finding a conversation and, if it is not found, create it. The frame number and addresses are taken from pinfo (as is the common case). Use this function in a bunch of dissectors. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32790 f5534014-38df-0310-8fa8-9805f1628bb7
2010-05-11Use consistent indentation; Whitesapce & formatting cleanup.wmeier1-2032/+2032
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32755 f5534014-38df-0310-8fa8-9805f1628bb7
2010-04-03 From Yaniv Kaul: constify parameterswmeier1-1/+1
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422 From me: Fix a number of instances where the function prototype or the function definition wasn't changed so there was a mismatch thus causing Windows (but not gcc) compilation errors. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32365 f5534014-38df-0310-8fa8-9805f1628bb7
2010-04-02Revert SVN #32360 until Windows compilation errors corrected.wmeier1-1/+1
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32361 f5534014-38df-0310-8fa8-9805f1628bb7
2010-04-02From Yaniv Kaul: constify parameterswmeier1-1/+1
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422 git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32360 f5534014-38df-0310-8fa8-9805f1628bb7
2010-02-06Renamed some reassembled data texts.stig1-1/+1
Removed some check_col(). git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31809 f5534014-38df-0310-8fa8-9805f1628bb7
2010-02-03Changed "reassembled_length" -> "reassembled.length".stig1-1/+1
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31776 f5534014-38df-0310-8fa8-9805f1628bb7
2010-02-02Introduce "Reassembled length" filter element for all protocols doingstig1-1/+6
reassembly. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31767 f5534014-38df-0310-8fa8-9805f1628bb7
2010-01-20From Julien Kerihuel, add support forsahlberg1-2/+5
unaligned unmarshalling of dissectors generated by PIDL. This will allow us to use PIDL and additional IDLs from the samba project since they use "noalign" for certain protocols. This may also allow us to use PIDL to describe, and machinegenerate dissectors for normal, non-DCERPC, protocols. This patch for PIDL is still under review, but the PIDL patch is l;ikely to be committed soonish. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31583 f5534014-38df-0310-8fa8-9805f1628bb7
2010-01-13From Didier Gautheron:etxrab1-5/+2
check_col.diff Remove redundant calls to check_col() if it guards only one columns function with one parameter after the column type. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4394 git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31519 f5534014-38df-0310-8fa8-9805f1628bb7
2009-12-19For fields of type FT_ABSOLUTE_TIME, have the "display" value be one ofguy1-1/+1
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL == (int)BASE_NONE, so there's no source or binary compatiblity issue, although we might want to eliminate BASE_NONE at some point and have the BASE_ values used with integral types start at 0, so that you can't specify BASE_NONE for an integral field. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31319 f5534014-38df-0310-8fa8-9805f1628bb7
2009-11-01From Markus Koetter:jake1-2/+2
Wireshark fails dissecting dce rpc bind acks, if the bind request had more than 1 ctx. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30790 f5534014-38df-0310-8fa8-9805f1628bb7
2009-10-20From Matthieu Patousahlberg1-0/+6
schannel decryption git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30631 f5534014-38df-0310-8fa8-9805f1628bb7
2009-10-05Initialize some values to avoid uninitialized warnings.stig1-3/+3
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30334 f5534014-38df-0310-8fa8-9805f1628bb7
2009-10-04Atemt to fix compilation of packet-dcerpc.c for Windows.etxrab1-21/+35
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30296 f5534014-38df-0310-8fa8-9805f1628bb7
2009-10-04more samr updates for ndr64sahlberg1-2/+7
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30273 f5534014-38df-0310-8fa8-9805f1628bb7
2009-10-03rename dissect_ndr_4or8 to dissect_ndr_uint3264 to match hte name of sahlberg1-19/+19
the new datatype uint3264. create a fake guint3264 type as well git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30264 f5534014-38df-0310-8fa8-9805f1628bb7
2009-10-03initial support to handle conformance data for NDR64.sahlberg1-36/+80
Conformance data items are 4 bytes in NDR but 8 bytes in NDR64 git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30256 f5534014-38df-0310-8fa8-9805f1628bb7
2009-10-03teach the dce/rpc pointer dissector about ndr64 and make it dissect sahlberg1-32/+52
pointers as 8 byte entities when ndr64 is negotiated git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30253 f5534014-38df-0310-8fa8-9805f1628bb7
2009-10-01we need to copy the information about the transport syntax, i.e. i fit sahlberg1-1/+10
is ndr64 or not, from the bind information to the data we store for each individual pdu, since the trnasport syntax may change dynamically back and forth between "normal" and "ndr64" on the same conversation. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30226 f5534014-38df-0310-8fa8-9805f1628bb7
2009-09-30Move the definition of the uuid, and registration of its name, for the sahlberg1-26/+56
standard ndr transfer syntax from the epm dissector to packet-dcerpc.c Add a new transfer syntax : ndr64. This is a new syntax with different scalar sizes and different alignment rules compared to normal ndr. It is negotiated and used between w2k8 and samba4 boxens and one may assume, future versions of windows as well. We need to associate the transfer syntax with the bind information since the transfer syntax will change the packet encoding rules for the protocol. For example, SAMR, as well as all other interfaces support both syntaxes and are thus encoded differently, wiht different alignments depending on which transfer was negotioated during the bind. This will require additional changes to the dcerpc helpers and also to pidl. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30209 f5534014-38df-0310-8fa8-9805f1628bb7
2009-09-24Don't guard col_append_str with check_colkrj1-18/+6
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30125 f5534014-38df-0310-8fa8-9805f1628bb7
2009-09-08Custom columnfication:krj1-41/+0
* Deprecate COL_DCE_CTX ("Context ID). Use dcerpc.cn_ctx_id git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29797 f5534014-38df-0310-8fa8-9805f1628bb7
2009-08-28Fix code which could access uninitialized variables and display incorrect ↵wmeier1-12/+14
text in COL_INFO. (Found by clang scan-build). git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29601 f5534014-38df-0310-8fa8-9805f1628bb7
2009-08-16Switch a bunch of dissectors over to using tvb_new_subset_remaining()krj1-1/+1
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29446 f5534014-38df-0310-8fa8-9805f1628bb7
2009-08-09Don't guard col_set_str (COL_PROTOCOL) with col_checkkrj1-4/+2
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29340 f5534014-38df-0310-8fa8-9805f1628bb7
2009-07-07Changed flags_set_truth -> tfs_set_notsetstig1-24/+24
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@28989 f5534014-38df-0310-8fa8-9805f1628bb7
2009-06-18From Kovarththanan Rajaratnam via bug 3548:stig1-102/+102
(1) Trailing/leading spaces are removed from 'name's/'blurb's (2) Duplicate 'blurb's are replaced with NULL (3) Empty ("") 'blurb's are replaced with NULL (4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME, FT_PROTOCOL, FT_STRING and FT_STRINGZ field types (5) Only allow non-zero value for 'display' if 'bitmask' is non-zero git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@28770 f5534014-38df-0310-8fa8-9805f1628bb7
2009-05-13Apply some of the patches from:etxrab1-10/+5
http://wiki.wireshark.org/Development/Optimization git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@28356 f5534014-38df-0310-8fa8-9805f1628bb7
2009-03-13From Jakub Zawadzki (bug 3331):stig1-3/+1
g_free() is NULL safe, so we don't need check against it. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@27718 f5534014-38df-0310-8fa8-9805f1628bb7
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-28 01:23:38 +0000