Age | Commit message (Collapse) | Author | Files | Lines |
|
using NTLMSSP version 1.
Show stub data as such for all requests and replies where we can't
dissect the stub data as a request or reply for some DCERPC-based
protocol.
svn path=/trunk/; revision=6825
|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
until we know that we have the entire PDU - we might not have all of it,
as some of it might be in, for example, a later TCP segment.
svn path=/trunk/; revision=6785
|
|
Minor change to the connection oriented DCE/RPC function calls.
Now the offset is provided in the call, instead of having a
hard-coded value in each function. Also makes the calling
convention consistent with the datagram equivalents for the
functions.
Didn't do it for dissect_dcerpc_cn_auth() yet, as that is a
special case (and I am in the process of restructuring it to
make verifier decryption work properly).
svn path=/trunk/; revision=6778
|
|
know what it is (a PDU for the third stage in a 3-way authentication
handshake, as is done with NTLMSSP authentication, for example) - get
rid of the question mark after "AUTH3".
svn path=/trunk/; revision=6746
|
|
pointers.
The first argument to "sscanf()" is a "const char *"; don't cast const
pointers to "char *" when passing them to "sscanf()".
Assign the result of "tvb_get_ptr()" to const pointers, not non-const
pointers.
Make the "pdata" argument to various DCE routines a const pointer.
svn path=/trunk/; revision=6688
|
|
SMB" book.
svn path=/trunk/; revision=6598
|
|
only in bind, bind_ack, alter_context, alter_context_response, and auth3
PDUs; they're a verifier of some sort in other PDUs. The verifier
appears to start with an OID for the real authentication mechanism if
the authentication type is SPNEGO.
svn path=/trunk/; revision=6563
|
|
protocol tree item for it.
Fix a typo.
svn path=/trunk/; revision=6555
|
|
dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that
it is possible to use display filters on these items.
svn path=/trunk/; revision=6547
|
|
svn path=/trunk/; revision=6499
|
|
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
|
|
svn path=/trunk/; revision=6479
|
|
replies for DCERPC similar to what is already done for ONC-RPC.
svn path=/trunk/; revision=6465
|
|
svn path=/trunk/; revision=6339
|
|
connectionless PDUs.
svn path=/trunk/; revision=6240
|
|
svn path=/trunk/; revision=6230
|
|
dissectors.
svn path=/trunk/; revision=6170
|
|
svn path=/trunk/; revision=6138
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
the relevant parts of the SMB and DCERPC dissectors.
svn path=/trunk/; revision=6066
|
|
epan/packet.c
It was cut and pasted into seven other dissectors!
svn path=/trunk/; revision=6052
|
|
know it. This reduces clutter in the top pane considerably.
svn path=/trunk/; revision=5985
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
|
|
do anything else with a request or reply (e.g., because we haven't seen
the bind request).
svn path=/trunk/; revision=5904
|
|
svn path=/trunk/; revision=5858
|
|
it if we don't show it as NTLMSSP.
Use #defines for the authentication protocols.
svn path=/trunk/; revision=5853
|
|
svn path=/trunk/; revision=5850
|
|
dheitmueller@netilla.com.
svn path=/trunk/; revision=5848
|
|
connectionless DCE RPC PDUs into common routines, and call those
routines when dissecting DCE RPC requests and responses.
Get rid of arguments to "dcerpc_try_handoff()" whose values are also in
the "dcerpc_info" structure pointed to by its "info" argument.
svn path=/trunk/; revision=5757
|
|
for a value_string that corresponds to that dissectors opnums. Pass
in -1 if no such table is available.
svn path=/trunk/; revision=5749
|
|
body.
svn path=/trunk/; revision=5730
|
|
protocol.
svn path=/trunk/; revision=5704
|
|
Show presentation context negotiation results and rejection reasons, PDU
rejection reasons, and rejection status codes symbolically. Show the
presentation context negotiation rejection reason only if there was a
rejection, and, if so, show it in the Info column as well as the
protocol tree.
Show more fields in the Info column.
Show the packet type in decimal in the protocol tree - it's shown as
decimal in the Info column and the values are shown as decimal in the
DCE RPC 1.1 spec.
Show the sequence number for connectionless PDUs as decimal in the
protcool tree - it's snown as decimal in the Info column, and the call
ID for connection-oriented PDUs is shown as decimal in the protocol
tree.
svn path=/trunk/; revision=5701
|
|
tables for connectionless PDUs than for connection-oriented PDUs; just
have one connectionless PDU reassembly hash table.
Get rid of unnecessary tests of "dcerpc_reassemble" - the code to handle
requests and responses was
if (!dcerpc_reassemble || packet not fragmented || frame is short)
don't reassemble;
else if (dcerpc_reassemble)
reassemble
but if we go into the "else" clause we know that all three conditions in
the "if" are false, including "!dcerpc_reassemble", so we know
"dcerpc_reassemble" is true.
Set "pinfo->fragmented" based on whether the PDU being dissected is an
unreassembled first fragment or not.
Put a "Fragment data" item into the protocol tree for all fragments.
Properly maintain the offset when dissecting the header of a
connectionless PDU, even if we aren't building a protocol tree.
"fd_head->datalen" is bogus for sequence-number-based reassembly; use
"fd_head->len" instead.
svn path=/trunk/; revision=5695
|
|
the fragment length *plus the offset of the beginning of the fragment
data*, not just the fragment length.
svn path=/trunk/; revision=5694
|
|
Don't try to add a fragment to a reassembly operation if we don't have
all of the stub data (because the frame is short, or because it's part
of a packet fragmented at a layer below RPC and not reassembled).
Put an entry into the protocol tree for the fragment data of the last
fragment.
svn path=/trunk/; revision=5688
|
|
whether a connection-oriented PDU is fragmented or not.
Clean up the handling of fragmented connection-oriented PDUs (the code
to handle fragmented PDUs can assume that it is not the case that both
PFC_FIRST_FRAG and PFC_LAST_FRAG are set, as that's an unfragmented
PDU). Put an entry into the protocol tree for the fragment data in
fragmented PDUs.
For fragmented connectionless PDUs, don't hand the payload of any
fragment other than the first fragment to the subdissector.
svn path=/trunk/; revision=5687
|
|
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
|
|
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
|
|
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
|
|
subtree was a design mistake which caused ugliness in the unicode string str dissector and in other places.
Dissectors will temporarily have less pretty output for topleve ref pointers until their output is retuned.
svn path=/trunk/; revision=5573
|
|
only call the subdissector for the first fragment.
svn path=/trunk/; revision=5556
|
|
svn path=/trunk/; revision=5548
|
|
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
|
|
When the representation for a pointer type gets dissected, the dissector
is actually called twice. Once with conformant_run==1 and once ==0.
The idea is that when conformant_run is ==1, the ONLY bytes that will be
dissected and would be the array structure preceeding the actual data.
And the normal data and content will be dissected when conformant_run ==0.
This is to handle the case properly when conformant arrays are embedded inside
aggregated types, in which case there will be other data inserted between
these array control data, and the array content.
The check that is added will assert that no other data is actually eaten
for conformant_run==1 than just this data.
This will help debugging dcerpc dissectors.
svn path=/trunk/; revision=5412
|
|
mark other unused arguments as such.
svn path=/trunk/; revision=5366
|
|
discussion on dev list.
svn path=/trunk/; revision=5299
|
|
functions, from David Frascone.
svn path=/trunk/; revision=5288
|
|
frame number arguments, and elements in data structures, unsigned,
display them with "%u" rather than "%d", and use 0, rather than -1, as
"not known".
svn path=/trunk/; revision=5223
|