Age | Commit message (Collapse) | Author | Files | Lines |
|
As all this information belongs together I'm moving it into a subtree.
Change-Id: I839a5a6294360976a78b4b43f219e30381b4f516
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17878
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This is hopefully just the first step in getting DCE/RPC dissection to use "standard" APIs instead of homegrown ones.
For starters, it allows Decode As functionality to be less hacky (although incomplete in Qt)
Change-Id: Ia0923a3d8d514ab7acce32e26ee7e08f6e24feca
Reviewed-on: https://code.wireshark.org/review/11468
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ibfb49738ea35d1d02220d69187a6083d5ebbae25
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11365
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I92711ee39850f6710eaebf5c678496e7cd9b5f59
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11364
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add RpcServiceResponseTimeDialog, which handles DCE-RPC and ONC-RPC
service response time statistics. Try to make it as lightweight as
possible, since we might want to pull this into the RPC dissectors
similar to the other SRT statistics.
Allow program names on the command line in place of numbers or UUIDs. Make
matches case-insensitive. E.g. the following are equivalent:
-z rpc,srt,100003,3
-z rpc,srt,nfs,3
-z rpc,srt,NFS,3
as are the following:
-z dcerpc,srt,f5cc5a18-4264-101a-8c59-08002b2f8426,56
-z dcerpc,srt,nspi,56
-z dcerpc,srt,NSPI,56
Change-Id: Ie451c64bf6fbc776f27d81e3bc248435c5cbc9e4
Reviewed-on: https://code.wireshark.org/review/9981
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Create "common" SRT tap data collection intended for all GUIs. Refactor/merge functionality of existing dissectors that have SRT support (AFP, DCERPC, Diameter, FC, GTP, LDAP, NCP, RPC, SCIS, SMB, and SMB2) for both TShark and GTK.
SMB and DCERPC "tap packet filtering" were different between TShark and GTK, so I went with GTK filter logic.
CAMEL "tap packet filtering" was different between TShark and GTK, so GTK filtering logic was pushed to the dissector and the TShark tap was left alone.
Change-Id: I7d6eaad0673fe628ef337f9165d7ed94f4a5e1cc
Reviewed-on: https://code.wireshark.org/review/8894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
packet-dcerpc-netlogon.c
Change-Id: I65eff9c8087424087a307f18b96a202f0364e371
Reviewed-on: https://code.wireshark.org/review/8714
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
- DCOM:
* Mark some DCOM functions as public do allow calls from plugins
* Add Support for Additional Variant Types Money, I8, UI8
* Fix an uint32 overflow when dissecting nwstringz0 where the length is 0
* Use WS_DLL_PUBLIC instead of WS_DLL_PUBLIC_DEF
Change-Id: I02861a09203c6b42326f5a7b7e652e0f7c26d369
Reviewed-on: https://code.wireshark.org/review/8222
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
That eliminates a redundant and confusing data type, and avoids issues
with one piece of code using e_uuid_t but wanting to use routines
expecting an e_guid_t.
Change-Id: I95e172d46d342ab40f6254300ecbd2a0530cde60
Reviewed-on: https://code.wireshark.org/review/7506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This will be able to hold also SMB2 file ids and maybe other stuff in future.
Change-Id: Ib55895a346b7dc6562291730693453728c99fe91
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/6708
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
For now, this just pacifies fuzz-testing. If real world examples have this, there needs to be a drastic overhaul to support fields that could be either 32 or 64-bit values.
Bug:9329
Change-Id: I3e28808ca0291868a5f84258b0ee1e2a922703c2
Reviewed-on: https://code.wireshark.org/review/4189
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
structure, rather than a fixed field. Get rid of that fixed field, as
it's no longer needed.
Use dissect_ndr_byte_array() rather than dissect_ndr_char_cvstring() in
a case where we have an opaque byte array.
Have dissect_ndr_cvstring() and dissect_ndr_vstring() - and, therefore,
routines that call them, such as dissect_ndr_cstring(),
dissect_ndr_char_cvstring(), dissect_ndr_char_vstring(), and
dissect_ndr_wchar_vstring() - require that the field being used by an
FT_STRING field. Manually fix a case where the PIDL generator makes
such a field FT_NONE rather than FT_STRING. Also handle EBCDIC, just in
case we happen to see a packet with EBCDIC strings.
Use tvb_get_string_enc(), rather than tvb_get_unicode_string() or
tvb_get_string(), in dissect_ndr_cvstring() and dissect_ndr_vstring().
svn path=/trunk/; revision=54134
|
|
proto data.
svn path=/trunk/; revision=53559
|
|
to be "used" by dissectors, just stored (for help in debugging?).
svn path=/trunk/; revision=53552
|
|
We presumably want "decode as" behavior to be consistent across UIs so
call load_decode_as_entries() from read_prefs().
svn path=/trunk/; revision=53498
|
|
the GUI. Bug 9450 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9450)
The basic idea behind this design is to have dissectors register with a "decode as list" with their name and dissector table. When "Decode As" dialog is launched, any "registered" dissector found in the packet will cause a tab to be created in the dialog. Any GUI (GTK+/Qt/tshark) can just hook into the "decode as list" to see what can be provided.
This patch includes the GUI portion of the functionality (including packet-dcerpc.[ch] because it had some GUI dependencies that are now removed).
Other notes:
1. Some "GUI text" (UTF8_LEFTWARDS_ARROW and similar) made their way into the dissector code. Not sure how necessary it is and if reformatting the strings to avoid the macros is desired (TCP/UDP use it, SCTP doesn't).
2. I converted the SCTP functionality to have 2 tabs (instead of radio button), currently both are labeled "Transport" which could be confusing to users. Naming suggestions welcome (as well as for naming of tabs from other dissectors).
3. BER and DCERPC have more opportunity to use Decode As now that they are selected based on dissector presense, not packet_info values.
4. Catapult DCT2000 populates pinfo->ipproto, yet under new design will not show up to do Decode As. Should a "decode as item" be created for it?
5. BER dissector doesn't have Clear/Show Current functionality working (never did)
6. Bluetooth (in old design) could have been used "capture wide" instead of single packet (creating tabs of values not present in current packet), which goes against what I believe to be in the intent of Decode As, but I'm willing to hear counter-arguments.
svn path=/trunk/; revision=53446
|
|
dcerpc_info* infomation be passed in as a function parameter. Bug 9387 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9387)
All "generated" source was manually modified (with the power of search/replace), but I believe the "source input" files have been adjusted (checked into revs 53098 and 53099) to reflect the necessary changes (with possible whitespace formatting differences).
The Microsoft compiler doesn't flag "unused function parameters", so I apologize in advance if I may have missed a few. The "dcerpc_info* di" parameter is used in almost every function.
svn path=/trunk/; revision=53100
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9307)
From Matthieu Patou
svn path=/trunk/; revision=52743
|
|
varying but pidl insists on having a different function. Bug 9306 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9306)
From Matthieu Patou.
svn path=/trunk/; revision=52742
|
|
dissected. Bug 9305 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9305).
From Matthieu Patou
svn path=/trunk/; revision=52741
|
|
svn path=/trunk/; revision=52591
|
|
Also remove old WS_VAR_IMPORT define and related Makefile magic
everywhere in the project.
svn path=/trunk/; revision=47992
|
|
svn path=/trunk/; revision=46208
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
representation. Use it rather than a raw 0x10.
Add a DREP_ENC_INTEGER() macro that takes a pointer to the data
representation and returns either ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN;
use it for the encoding argument to proto_tree_add_item(), rather than
just the AND of drep[0] and DREP_LITTLE_ENDIAN, as it's not a boolean
any more, and for string values we'll be supporting character encodings
as well and thus won't be able to trust that the 0x10 bit will mean
"little endian".
Use ENC_NA for some other encoding values, i.e. for FT_BYTES and the
like.
Fix a couple of places in the DCOM dissector where we were passing the
byte-order bit rather than the field value to
proto_tree_add_uint_format().
Clean up white space.
svn path=/trunk/; revision=38128
|
|
I've just finished to write a ncacn_http dissector for Wireshark which
provides the ability to dissect Outlook anywhere packets properly (as
specified by [MS-RPCH].pdf documentation.
svn path=/trunk/; revision=35259
|
|
unaligned unmarshalling of dissectors generated by PIDL.
This will allow us to use PIDL and additional IDLs from the samba
project since they use "noalign" for certain protocols.
This may also allow us to use PIDL to describe, and machinegenerate
dissectors for normal, non-DCERPC, protocols.
This patch for PIDL is still under review, but the PIDL patch is l;ikely
to be committed soonish.
svn path=/trunk/; revision=31583
|
|
svn path=/trunk/; revision=30272
|
|
function dissect_ndr_uint1632()
svn path=/trunk/; revision=30265
|
|
the new datatype uint3264.
create a fake guint3264 type as well
svn path=/trunk/; revision=30264
|
|
on whether nrd or ndr64 is used.
svn path=/trunk/; revision=30263
|
|
pointers as 8 byte entities when ndr64 is negotiated
svn path=/trunk/; revision=30253
|
|
is ndr64 or not, from the bind information to the data we store for each
individual pdu, since the trnasport syntax may change dynamically back
and forth between "normal" and "ndr64" on the same conversation.
svn path=/trunk/; revision=30226
|
|
Recent glib versions always include signal.h in gbacktrace.h
On Linux PPC signal.h defines PT_R4 which is also defined by samba and
compilation fails.
svn path=/trunk/; revision=28727
|
|
svn path=/trunk/; revision=26319
|
|
add dissection of the 16 byte header prior to the NDR data when NDR is
transported as a blob ontop of !dcerpc
like the LOGON_INFO in the PAC in kerberos
svn path=/trunk/; revision=24289
|
|
rename dcerpc_smb_fetch_pol to dcerpc_fetch_polhnd_data and also make
it take an additional parameter to return the "type" of the policy
handle, if such a type was stored.
extend the pol_value structure used to track policy handles to also
store a type to represent what created the policy handle
types could be USER/ALIAS/CONNECT/... etc handles returned from the
SAMR interface
add a new helper function dcerpc_store_polhnd_type()
track policy handles between request/responses for dcerpc
update the samr.cnf file to make the samr dissectors for
SetSecurity/QuerySecurity dissect the specific bits for the security
descriptor correctly based on whether the policy handle refers to a
CONNECT/DOMAIN/USER/ALIAS or GROUP
svn path=/trunk/; revision=22703
|
|
prettify strings
svn path=/trunk/; revision=21722
|
|
svn path=/trunk/; revision=20941
|
|
which applies (for now only) to integer types.
when this flag is specified as PARAM_VALUE the fields name and its value will be pushed onto the info column of the summary line
svn path=/trunk/; revision=20922
|
|
also change their values to use the top order bits of an uint32 instead of the least significant ones
svn path=/trunk/; revision=20919
|
|
these new helpers take a parameter that can be used to decorate the tree and summary line (when this parameter is acted upon/implemented in the code inside the helpers)
WINREG was regenerated using a patched version of PIDL. Mainline version of PIDL does not yet have this patch applied.
svn path=/trunk/; revision=20918
|
|
dissector functions (dcv->private_data) for things such as strings and sids is a mess and very difficult to handle without a lot of memory leakage.
the biggest problem in changing this is the dcv->private_data usage.
add a dcv->se_data which can keep data around from a request to a response and use this to change the LSA/OpenPolicy2 servername passing from request to response as a test pattern of moving all users of dcv->private data over to use dcv->se_data.
once all users are migrated over we can then change the dcv->private data pointer to be of ep scope and thus not need an explicit free (which is quite difficult and it is quite difficult in the old semantics to know WHEN we need to free this pointer)
this will eventually make the usage more clean and at the same time close down quite a few memory leaks.
eventually this will make dissect_ndr_nt_SID return a pointer to ep allocated memory that need not be explicitely freed.
svn path=/trunk/; revision=19226
|
|
most of the relevant code moved to guid_utils
lot of corresponding code cleanup in packet-dcerpc.c
still using GHashTable
still not using a manuf like file
svn path=/trunk/; revision=18939
|
|
svn path=/trunk/; revision=18613
|
|
char * (just like all the other dissect_dcerpc_...() functions).
This should fix some "differ in signedness" warnings (and maybe will raise new ones, which should be fixed at the calling places then)
svn path=/trunk/; revision=18605
|
|
definition in the Catapult DCT2000 code.
svn path=/trunk/; revision=18524
|
|
svn path=/trunk/; revision=18196
|