Age | Commit message (Collapse) | Author | Files | Lines |
|
Add the basic parsing for the redirected authentication channel also called
remote credential guard.
|
|
The packet reassembly was not always done correctly and was sometime making wireshark
to segfault. The patch reworks packet reassembly, making it a little simpler. It also
tracks first and last packet of reassembly, so if needed we could add links to these frame
in the future.
Also the progress information used to also be erronous in some intermediate packets, the
patch fixes that.
|
|
Remove init of proto, header field, expert info and subtree variables.
This will reduces the binary size by approximate 1266320 bytes due to
using .bss to zero-initialize the fields.
The conversion is done using the tools/convert-proto-init.py script.
|
|
Some checks were missing when decoding zgfx compressed packets.
|
|
Use the XXX_ret_uint variants of the functions to simplify the code parsing the
softsync packets.
|
|
packet.h includes wireshark.h, which includes stdbool.h. There's no need
to include stdbool.h in individual dissectors.
|
|
|
|
|
|
|
|
|
|
In the RDP dynamic channel, even inside a connection, channel ids aren't unique,
so an id can be reused for different channels. That most notably happens when
the server opens a channels and the client answers that it's not available. Then
the next connection attempt on another channel will reuse the channel id.
This patch fixes that by indexing dynamic channels with a multimap.
|
|
This patch adds basic parsing for audio out and clipboard redirection, only the
kind of message is parsed, not the complete body, but that already gives some
useful informations.
|
|
This patch adds a dissector for the RAIL channel as defined in MS-RDPERP. This new
dissector is wired in the RDP dissector so that we interpret traffic for this
channel.
|
|
Both dynamic and egfx channel had problems during the second pass.
For the dynamic the problem is that the reassembled packet usually contains multiple PDUs,
so the first pass works correctly, but given that there's multiple PDUs we can't attach
a single data to pinfo for the second pass. To fix that we compute a hash for the PDU and attach
the correct contextual info associated with this hash, that info will be used during the
second pass.
The patch fixes the same kind of bug in the egfx channel and zgfx uncompressed bits (the zgfx
compression is stateful so we need to save the uncompress buffer for the second pass).
In the dynamic channel, in capabilities packets some fields are present only after version 1
of the protocol.
Added some new EGFX version capabilities (also is listed the bogus 10.6 version that was
exposed in the previous specs).
The display of versions in EGFX capability message has been reworked to correctly show
a tree.
|
|
Most RDP connections starts with TPKT and then switch to TLS, so enforcing TPKT
for the whole conversation makes the decoding fail.
|
|
Do not require a useless ENC_NA parameter for string encodings.
FT_STRING and FT_STRINGZ types don't have any ndianness.
Follow-up to 6ec429622c9258eefd388caf21ce92ab5b9f54b4.
|
|
Fixes #17688
|
|
This patch adds basic dissection for the egfx channel. It also fixes fragmentation
in the dynamic channel, and also introduces some of the decompressors involved in RDP
traffic.
|
|
This patch adds the display of the corresponding channel name.
|
|
As dynamic channel data can be transported on top of TCP or UDP, we need to keep track
of the link between UDP and TCP connections so that the associated data can be shared
between the two transports.
|
|
|
|
This patch adds decoding of RDP multi-transport according to MS-RDPEMT, transported
on top of RDP UDP.
|
|
This patch adds a dissector to analyze the RDP UDP protocol according
to MS-RDPEUDP and MS-RDPEUDP2.
|
|
|
|
This big patch addresses the following items:
* implement the "message" virtual channel so that multi-transport and bandwidth
PDUs are dissected;
* prepare the identification of static channels to be able to dissect them later;
* fix the compression field in channelPDUHeader.channelFlags;
* implement the drdynvc channel dissector, so now we decode the traffic on this
channel and we're able to track data on dynamic channels and transition to UDP
transport
|