Age | Commit message (Collapse) | Author | Files | Lines |
|
svn path=/trunk/; revision=18097
|
|
if decryption failed there was a possibility to dereference a null pointer
svn path=/trunk/; revision=17657
|
|
svn path=/trunk/; revision=17551
|
|
svn path=/trunk/; revision=17538
|
|
use UTF-16 internally and GTK+ 2.x uses UTF-8, which means we have to
do a lots of conversions.
Add utf_8to16() and utf_16to8 convenience functions to strutil.c.
svn path=/trunk/; revision=17534
|
|
svn path=/trunk/; revision=17316
|
|
svn path=/trunk/; revision=17053
|
|
it does not yet multiplex between different files but it is better than nothing
svn path=/trunk/; revision=16484
|
|
a capture file. This should fix bug #536.
Make sure we initialize our hash tables in packet-dcerpc-nt.c and several
other files. Fix up whitespace while we're at it.
svn path=/trunk/; revision=16255
|
|
I've changed all settings I could find to TRUE. It might be reasonable to change some protocol settings back to FALSE, if reassembling fails very often.
svn path=/trunk/; revision=16048
|
|
"dissect_dcerpc_cn_bs_body()", it's because it recognized the packet as
a DCE RPC packet, but it ran out of data dissecting it as such;
increment the count of DCE RPC PDUs, so "dissect_dcerpc_cn_bs_body()"
returns TRUE, and its caller doesn't think nothing was dissected.
Fuzzed with some DCE RPC captures.
svn path=/trunk/; revision=16000
|
|
svn path=/trunk/; revision=15974
|
|
svn path=/trunk/; revision=15962
|
|
svn path=/trunk/; revision=15892
|
|
svn path=/trunk/; revision=15841
|
|
svn path=/trunk/; revision=15803
|
|
it is detected the pdu is "short"
svn path=/trunk/; revision=15796
|
|
svn path=/trunk/; revision=15771
|
|
Unfortunately, I don't have a capture file to test this...
svn path=/trunk/; revision=15763
|
|
fragment_add_seq_next() function instead of fragment_add()
in addition, I had to implement fragment_get_reassembled() in addition to fragment_get(), which works with reassembled_table
svn path=/trunk/; revision=15762
|
|
as connection oriented (cn) and connectionless (dg) DCE/RPC uses different ways to handle defragmentation and this function is only used for dg
svn path=/trunk/; revision=15757
|
|
dependencies)
svn path=/trunk/; revision=15755
|
|
where others might have a look and probably already find it useful :-). Anyway, we can easily disable it at one or two places in the code if it get's in our way of a new release.
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
|
|
in the same TCP desegmented data blob
reassemble.c:
I had to change the way the reassemble code works if the dissector is telling that more fragments *will* follow. In this case the reassemble code shouldn't try to reassemble already at that time ...
I've also changed the way if a fragment was already seen or not, as it's not enough to check for the frame number, in the scenario described above.
Unfortunately both changes *might* broke other protocols from reassemble properly. I've checked with excessive TCP desegmentation and it's still working without any changes :-)
packet-dcerpc.c:
use a tvb subset to limit the "end of bytes" processed in a single fragment dissect run, as each fragment has it's own DCE/RPC header (and isn't part of the stub data of the previous packet).
svn path=/trunk/; revision=15744
|
|
Updates to prettify the Bind ACK context handles
svn path=/trunk/; revision=15722
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
svn path=/trunk/; revision=15398
|
|
there are only 5 gmemchunks left but they have different litetime for their allocations than the 100+ ones that have been removed.
The remaining 5 should be converted some other way.
svn path=/trunk/; revision=15328
|
|
throw a dissector error. Fixes bug 348.
svn path=/trunk/; revision=15314
|
|
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
|
|
oriented packets, some weeks ago I've added some tvb_ensure_bytes_exist() calls to test the case that the alloc_hint value is bogus (found in private fuzz testing).
Unfortunately, this is *very* safe now as it will mark a lot of DCE/RPC packets as malformed, thus the reassembling code won't work with most packets :-(
I've replaced this with the correct check and used THROW(ReportedBoundsError) instead which is hopefully the right error in this case.
BTW: could someone please add a description of the ReportedBoundsError vs. BoundsError to the code as I still don't get it.
In addition: Use a toplevel tree item to display the DCE/RPC defragmentation just as it's done in the TCP desegmentation code.
svn path=/trunk/; revision=15188
|
|
svn path=/trunk/; revision=15079
|
|
svn path=/trunk/; revision=15067
|
|
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
|
|
make dissect_dcerpc_uuid_t() accept eitehr FT_STRING (old style) and FT_GUID (new style) hf fields. once all dissectors are modified to use FT_GUID we can remove the FT_STRING support here.
regenerate the DRSUAPI interface with the new FT_GUID support.
svn path=/trunk/; revision=14912
|
|
svn path=/trunk/; revision=14827
|
|
oriented packets or the sequence number for connectionless (datagram) packets.
This is extremely useful, to keep track of the corresponding request/response packets of a DCE/RPC call (which can be quite a lot packets if fragmentation is used).
svn path=/trunk/; revision=14826
|
|
svn path=/trunk/; revision=14815
|
|
in a simple approach, I've replaced all g_assert() and g_assert_not_reached() calls by their exception throwing counterparts DISSECTOR_ASSERT() and DISSECTOR_ASSERT_NOT_REACHED()
this will replace application crash by showing a dissector bug, which is the desired behaviour
there were some g_assert calls in the protocol registering functions, which might not be acting as expected now, but to be able to simply search for g_assert in the future I've replaced that calls too
one g_assert remained, the one when someone throws an unknown exception "into" packet_frame.c, but IMHO this one should remain.
svn path=/trunk/; revision=14608
|
|
and the defragmented DCE/RPC content, to better understand what's going on if defragmentation is done.
svn path=/trunk/; revision=14531
|
|
content, to better understand what's going on while desegmenting.
We'll have to add similar mechanisms for other protocols as well...
svn path=/trunk/; revision=14527
|
|
at two places, otherwise we get an access violation
svn path=/trunk/; revision=14525
|
|
set "n*DCERPC" in the proto column if more than one RPC call in a TCP PDU, overwriting the interface name, as there's probably more than one interface involved
add some more RPC info to the toplevel RPC proto_item
add a comment, if some bytes are not dissected but might be in the next TCP PDU
svn path=/trunk/; revision=14490
|
|
prettify dcerpc
svn path=/trunk/; revision=14369
|
|
make the heuristics for detecting connection-less dce/rpc a bit sharper to reduce the number of false positives
svn path=/trunk/; revision=14190
|
|
svn path=/trunk/; revision=14171
|
|
exceptions.
svn path=/trunk/; revision=14170
|
|
cerlare it as a parameter that is a struct/union and not a ref pointer to one.
this is ok since toplevel ref pointers are invisible in the wire encoding anyway.
unfortunatelky ethereal dce runtime needed to see that pointer to keep track of whisch one was a toplevel and which one wasnt.
implement a new api to call pointers which explicitely specifies whether the pointer is toplevel or embedded.
eventually all dce dissectors will use this new interface and the generic dissect_ndr_pointer() can be retired.
svn path=/trunk/; revision=13755
|
|
svn path=/trunk/; revision=13736
|
|
(cifs: dc's talking to eachother and when longhorn comes out: anyone wanting to talk dce to a dc!)
((this is an incredibly advanced feature well worthy of mentioning in NEWS))
svn path=/trunk/; revision=13690
|