Age | Commit message (Collapse) | Author | Files | Lines |
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@40303 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39774 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Also: remove trailing whitespace for a number of files.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39503 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6450 :
Several updates to the DCE/RPC dissector:
- changed the variable name "ndr64_uuid" to "uuid_ndr64" to make it similar the
the other UUID variable names. Minor changes to the UUID names.
- changes the UUID name for the 32bit NDR to describe that. In the DCE/RPC
standard this UUID is described as "Version 1.1 network data representation
protocol", but this is an unnecessarily long name and it's the only 32bit
version defined for DCE/RPC anyway. The new name "32bit NDR" is similar to the
changed name for the 64bit NDR.
- added an UUID for "bind time feature negotiation" found with Microsoft PDUs.
- added an UUID for "asynchonous MAPI". Of course this UUID/name should be
added to the MAPI dissector, but the MAPI dissector is generated C code from
Samba/OpenChange pidl sources. Eventually those might get updated. An
alternative would be to create a new file to specifically register UUIDs used
in the DCE/RPC context.
- when the g_hash_table_insert() function is used, I've removed the code to
lookup and remove the key, as g_hash_table_insert() is doing that internally
(or more precise, it is overwriting the old value).
- in the dissector function for Bind and BindAck, I now print all context items
into COL_INFO and not just the first one.
- added a new value for Bind results, used by Microsoft products. (The
"Negotiate ACK" is used with the "bind time feature negotiation" UUID)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39455 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
FT_STRINGZ, FT_UINT_STRING as follows:
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39426 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
non-autogenerated epan/dissectors:
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39288 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
reference an hf item (in hf[] with types:
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@39260 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38487 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
representation. Use it rather than a raw 0x10.
Add a DREP_ENC_INTEGER() macro that takes a pointer to the data
representation and returns either ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN;
use it for the encoding argument to proto_tree_add_item(), rather than
just the AND of drep[0] and DREP_LITTLE_ENDIAN, as it's not a boolean
any more, and for string values we'll be supporting character encodings
as well and thus won't be able to trust that the 0x10 bit will mean
"little endian".
Use ENC_NA for some other encoding values, i.e. for FT_BYTES and the
like.
Fix a couple of places in the DCOM dissector where we were passing the
byte-order bit rather than the field value to
proto_tree_add_uint_format().
Clean up white space.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38128 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37353 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37351 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
The attachted patch cleans up the output of DCE/RPC fragment information in the
dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5772
From me get rid of check_col()
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@36665 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35995 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35705 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
packet-dcerpc.c:4056:19: error: comparison of integers of different signs:
'guint32' (aka 'unsigned int') and 'int' [-Wsign-compare]
for (i = 0; i < (int) commands_nb; ++i) {
~ ^ ~~~~~~~~~~~~~~~~~
... by removing the "(int)" cast
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35587 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
replace it with tvb_get_unicode_string().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35348 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
tvb_fake_unicode() to tvb_get_unicode_string().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35346 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
I've just finished to write a ncacn_http dissector for Wireshark which
provides the ability to dissect Outlook anywhere packets properly (as
specified by [MS-RPCH].pdf documentation.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35259 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Call (DCE/RPC)" for the DCERPC dissector's PROTONAME.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35152 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35126 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
http://www.wireshark.org/lists/wireshark-dev/200809/msg00075.html
(as referenced in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2907 ) and
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3411 :
Write a new convenience routine for finding a conversation and, if it is not
found, create it. The frame number and addresses are taken from pinfo (as is
the common case).
Use this function in a bunch of dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32790 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32755 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32365 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32361 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32360 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Removed some check_col().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31809 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31776 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
reassembly.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31767 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
unaligned unmarshalling of dissectors generated by PIDL.
This will allow us to use PIDL and additional IDLs from the samba
project since they use "noalign" for certain protocols.
This may also allow us to use PIDL to describe, and machinegenerate
dissectors for normal, non-DCERPC, protocols.
This patch for PIDL is still under review, but the PIDL patch is l;ikely
to be committed soonish.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31583 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
check_col.diff
Remove redundant calls to check_col() if it guards only one columns function with one parameter after the column type.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4394
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31519 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@31319 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Wireshark fails dissecting dce rpc bind acks, if the bind request had more than 1 ctx.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30790 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
schannel decryption
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30631 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30334 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30296 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30273 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the new datatype uint3264.
create a fake guint3264 type as well
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30264 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Conformance data items are 4 bytes in NDR but 8 bytes in NDR64
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30256 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
pointers as 8 byte entities when ndr64 is negotiated
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30253 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
is ndr64 or not, from the bind information to the data we store for each
individual pdu, since the trnasport syntax may change dynamically back
and forth between "normal" and "ndr64" on the same conversation.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30226 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
standard ndr transfer syntax from the epm dissector to packet-dcerpc.c
Add a new transfer syntax : ndr64. This is a new syntax with different
scalar sizes and different alignment rules compared to normal ndr.
It is negotiated and used between w2k8 and samba4 boxens and one may
assume, future versions of windows as well.
We need to associate the transfer syntax with the bind information since
the transfer syntax will change the packet encoding rules for the
protocol.
For example, SAMR, as well as all other interfaces support both syntaxes
and are thus encoded differently, wiht different alignments depending on
which transfer was negotioated during the bind.
This will require additional changes to the dcerpc helpers and also to
pidl.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30209 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30125 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
* Deprecate COL_DCE_CTX ("Context ID). Use dcerpc.cn_ctx_id
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29797 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
text in COL_INFO.
(Found by clang scan-build).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29601 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29446 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@29340 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@28989 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@28770 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
http://wiki.wireshark.org/Development/Optimization
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@28356 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
g_free() is NULL safe, so we don't need check against it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@27718 f5534014-38df-0310-8fa8-9805f1628bb7
|