| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
update to reassembly of dg style dcerpc
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11227 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Other protocol, not only SMB will populate pinfo->private_data
thus checking for existence of non-NULL pinfo->private_data is not sufficient
to determine we have SMB data and this is what it is.
Refactor the adding of salt/FID from lower layer protocols and generalize it.
Create a new dissector_handle specific for SMB so that we know that IFF we came in through that handle, then whatever pinfo->private_data is what we expect it to be.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11129 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11120 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
add a hashed activity_id to the sequence number. This will prevent
missdissected fragments.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11111 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
comment.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11029 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11027 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10902 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
as this info can be derived from the presence of the FT_FRAMENUM field
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10901 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
a doubleclick will follow the link
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10896 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
a doubleclick will follow the link
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10893 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10815 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
so the packet type can be better detected
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10812 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10811 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the client sends its first PDU to the server, and when the endpoint
mapper sends back an error PDU on behalf of the server, because they
don't know the server's boot time - it's unlikely that the server was
booted precisely at January 1, 1970, 00:00:00 GMT).
Clean up some white space.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10784 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
to give the user better information about the fragmenting going on,
some other minor changes
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10681 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
update to dcerpc time_t dissector to print the string "No time specified" when the seconds field is 0xffffffff
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10678 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
we can manually call functions to dissect NDR encoded structures without going through the DCERPC interface.
There are NDR encoded blobs that are not encapsulated inside DCERPC
such as in kerberos and those dissectors need this.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10321 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10291 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
The UNKUUID col_info update was only working as
dcerpc_try_handoff() would fail to find the subdissector, and
thus did not clobber it with col_add_str(). It is now in the
right place to determine a UUID that was either not found, or is
disabled. The boolean dcerpc.unknown_if_id is now only set on
cases where the handoff fails. This has been tested, and the
boolean now works as it should, and is not set for ALL packets
as it was in the old location.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10163 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
DCERPC is talking about a response, not a reply
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10096 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the interface UUID in a datagram call is unknown.
Clean up white space a bit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10084 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9735 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
known dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9208 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the Info column.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9081 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9054 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.
Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).
Change some direct dissector calls to go through handles.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8979 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8958 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8947 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Catch another case where we need to check for a null decrypted_tvb.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8894 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Sometimes if we cant decrypt a DCERPC packet decrypted_tvb is NULL.
do not pass a NULL pointer to show_stub_data() since this will dump
core.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8890 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8761 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
exception dissecting stuff past the DCE RPC header, we still drive on
and dissect the next PDU, if any.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8760 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
0.
In "dcerpc_try_handoff()", remove the authentication padding from the
stub data handed to the subdissector - that's not really stub data for
the subdissector, and it should throw an exception if the request or
response would go into the authentication padding. Don't even try to
dissect the remaining stub data if the authentication padding value
consumes all the stub data or would consume even more than that.
Show any "Long frame" data before the authentication padding, and show
the authentication padding as the stuff at the very end of the stub
data, after the "Long frame" data.
Catch all exceptions when dissecting authentication information, so that
even if it's bad or we don't have all of it, we still dissect the stub
data.
Try dissecting authentication trailer information even if we don't have
all of it in the tvbuff - we want an exception to be thrown if we don't.
Don't try to dissect it if it eats into the stub data, however.
Don't bother catching exceptions in "dissect_auth_verf()" - we now
always catch exceptions in above it in the DCE RPC dissector call tree.
Use CATCH_ALL and "show_exception()" when calling the sub-dissector for
a connection-oriented PDU; that means we won't have to worry about
adding new exception types unless they're types that we should rethrow.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8759 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the number of context items before showing the first one.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8753 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
stub data even if there's a problem dissecting the verifier.
Show stub data as "Encrypted stub data" if it's encrypted, "Decrypted
stub data" if it was encrypted but we decrypted it, and "Stub data" if
it wasn't encrypted.
Don't attempt to decrypt data unless it was encrypted (i.e., the
authentication level is "Packet privacy".
Get rid of "decrypted_data" member of "packet_info" structure - we don't
need it any more.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8743 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
argument - don't dereference it if it's null.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8685 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Filter, Find and Colorize selected procedures
in the same way as SMB and ONC-RPC already does.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8667 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
from being Ordo(n^2) into being Ordo(n)
Makes it slightly faster when n (the number of pointers) is >10.000
The mother of all dcerpc packets (containing one array of >10.000 pointers)
was a bit slow.
It is still slow but at least completes in out lifetime.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8647 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
handling encrypted request/response PDUs. Instead of having
dissection function pointers which perform both decryption and
dissection, the function pointers now only decrypt the DCERPC fragment
payload. Dissection is handled by the dcerpc_try_handoff() function
(with DCERPC fragment reassembly if necessary).
Details:
- Move the dcerpc_auth_info struct into dcerpc.h as it is now used in
the function prototype for the decryption function handlers.
- decode_encrypted_data() was refactored to take a boolean request
parameter instead of passing the DCERPC PDU packet type.
- A tvbuff_t * data field was added to dcerpc_auth to hold the
verifier. This is passed as an argument to the decryption function
handlers.
- Dissection of verifiers in request and response PDUs was moved to
before the payload.
- The dissect_dcerpc_cn_stub() function was refactored to perform
the decryption process and hand decrypted data to the reassembly
code instead of performing the decryption after reassembly.
- Removed references to decrypted_info_t as it's not necessary
anymore.
Code was tested using encrypted and unencrypted fragmented PDUs.
Before this commit ethereal could not dissect unencrypted (!)
fragmented PDUs correctly.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8546 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
in dcerpc_auth_info since auth_level is an unsigned type. Zero is
not a valid authentication level anyway (s13.1.2.1, p611 CAE spec).
Remove two inscrutable debugging comments that don't seem to mean anything.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8545 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
bind request into some subtrees to make things look a bit nicer.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8497 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
The tap listener will try to parse this pointer at a much later stage where the stack frame where this object lived will have dissapeared and possible got overwritten.
best that can happen is that service response times for dcerpc interfaces is screwed up
more probable is that we get a coredump
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8455 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
somewhat. Now the dynamic initialisation of the value_string is contained
in the value_string_from_subdissectors() function instead of being
distributed amongst the dcerpc dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8123 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
data when decrypting it, as, at least for NTLMSSP encryption, the stub
*and* the authentication padding are encrypted as a single lump.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8058 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissected like those on Binds; the same is true for their corresponding
acks.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8043 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8027 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
to the dissector that handles the particular authentication flavour. This
gets rid of a couple of ugly switch statements and allows other authentication
modules to be written easily.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8026 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
list rather than duplicating this information in the dissector. Some
of the opnum strings were starting to get out of date as developers
forgot to update the information in both places.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7936 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
problem).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7901 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
fuzz-generated packet that made it all the way to proto_registrar_get_name()
without hf_index being initialized.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7899 f5534014-38df-0310-8fa8-9805f1628bb7
|
