Age | Commit message (Collapse) | Author | Files | Lines |
|
Modified a patch originally contained in the SuSE distro
to do the conversions via glib macros.
svn path=/trunk/; revision=7330
|
|
when doing reassembly.
In some additional places, use "tvb_bytes_exist()" to check whether we
have enough data to do reassembly, rather than checking to see if the
frame is short (it might be short but we might still have enough data to
do reassembly).
In DCE RPC, use the fragment length from the header as the number of
bytes of fragment data.
There's no need to check "pinfo->fragmented" before doing reassembly in
the DCERPC-over-SMB-pipes code - either we have all the data or we
don't.
In SNA and WTP reassembly, add a check to make sure we have all the data
to be reassembled.
svn path=/trunk/; revision=7282
|
|
give it a byte-order argument, and move it to "epan/tvbuff.c".
Use it to handle UCS-2 strings in version 1 of the Service Location
Protocol. In SRVLOC V1, use registered fields that are already there
for SRVLOC V2, and add some as needed. Fix some field names.
svn path=/trunk/; revision=7186
|
|
gunk stuck in there to make NTLMSSP happy (perhaps the encrypted body
length has to be a multiple of 16 bytes or something such as that for
the encryption to work).
No packet in any capture I have appears to be misdissected if you get
rid of the mod 4 stuff, so I'm removing it.
svn path=/trunk/; revision=7181
|
|
string, use the "fake Unicode" value for it.
svn path=/trunk/; revision=7119
|
|
svn path=/trunk/; revision=7114
|
|
the number of guint16's to convert from unicode.
Allow dissect_ndr_cvstring to return a malloced copy of the string.
svn path=/trunk/; revision=7108
|
|
svn path=/trunk/; revision=7097
|
|
"dissect_ndr_char_cvstring()" and "dissect_ndr_wchar_cvstring()", to
indicate that they're for conformant varying strings.
Rename "dissect_ndr_character_array()" to "dissect_ndr_cvstring()", to
indicate that it's for conformant varying strings.
svn path=/trunk/; revision=7096
|
|
"dissect_ndr_char_string" and "dissect_ndr_wchar_string", to make it
clearer what it does.
svn path=/trunk/; revision=7095
|
|
so that even if the stub data is bad, we still dissect and show the
verifier.
svn path=/trunk/; revision=7092
|
|
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
svn path=/trunk/; revision=7091
|
|
svn path=/trunk/; revision=7074
|
|
function and a void * callback args. The callback is executed after
the dissection of the ndr pointer buffer which may be called,
depending on the number of pointers in the structure, after the return
of the dissect_ndr_pointer() call.
The callback function is of type:
void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree,
proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset,
void *callback_args);
where the proto tree and item are the tree and item created by
dissect_ndr_pointer() and the tvb plus offsets are the buffer pointed
to by the pointer.
svn path=/trunk/; revision=7015
|
|
svn path=/trunk/; revision=6999
|
|
of the DCERPC dissector instead of creating a dummy protocol to hang
the ett and hf values off.
Make the open and close frame values in NT policy handles FT_FRAMENUM's
so the "Go to Corresponding Frame" menu item can be used on them.
svn path=/trunk/; revision=6995
|
|
data, as the error could be due to the decryption being bad, and we
should still dissect the authentication data.
svn path=/trunk/; revision=6924
|
|
we also call the proper DCERPC subdissector.
With this change ethereal will call the SAMR dissector and dissect the
decrypted SAMR packets in devins capture.
svn path=/trunk/; revision=6855
|
|
svn path=/trunk/; revision=6826
|
|
using NTLMSSP version 1.
Show stub data as such for all requests and replies where we can't
dissect the stub data as a request or reply for some DCERPC-based
protocol.
svn path=/trunk/; revision=6825
|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
until we know that we have the entire PDU - we might not have all of it,
as some of it might be in, for example, a later TCP segment.
svn path=/trunk/; revision=6785
|
|
Minor change to the connection oriented DCE/RPC function calls.
Now the offset is provided in the call, instead of having a
hard-coded value in each function. Also makes the calling
convention consistent with the datagram equivalents for the
functions.
Didn't do it for dissect_dcerpc_cn_auth() yet, as that is a
special case (and I am in the process of restructuring it to
make verifier decryption work properly).
svn path=/trunk/; revision=6778
|
|
know what it is (a PDU for the third stage in a 3-way authentication
handshake, as is done with NTLMSSP authentication, for example) - get
rid of the question mark after "AUTH3".
svn path=/trunk/; revision=6746
|
|
pointers.
The first argument to "sscanf()" is a "const char *"; don't cast const
pointers to "char *" when passing them to "sscanf()".
Assign the result of "tvb_get_ptr()" to const pointers, not non-const
pointers.
Make the "pdata" argument to various DCE routines a const pointer.
svn path=/trunk/; revision=6688
|
|
SMB" book.
svn path=/trunk/; revision=6598
|
|
only in bind, bind_ack, alter_context, alter_context_response, and auth3
PDUs; they're a verifier of some sort in other PDUs. The verifier
appears to start with an OID for the real authentication mechanism if
the authentication type is SPNEGO.
svn path=/trunk/; revision=6563
|
|
protocol tree item for it.
Fix a typo.
svn path=/trunk/; revision=6555
|
|
dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that
it is possible to use display filters on these items.
svn path=/trunk/; revision=6547
|
|
svn path=/trunk/; revision=6499
|
|
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
|
|
svn path=/trunk/; revision=6479
|
|
replies for DCERPC similar to what is already done for ONC-RPC.
svn path=/trunk/; revision=6465
|
|
svn path=/trunk/; revision=6339
|
|
connectionless PDUs.
svn path=/trunk/; revision=6240
|
|
svn path=/trunk/; revision=6230
|
|
dissectors.
svn path=/trunk/; revision=6170
|
|
svn path=/trunk/; revision=6138
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
the relevant parts of the SMB and DCERPC dissectors.
svn path=/trunk/; revision=6066
|
|
epan/packet.c
It was cut and pasted into seven other dissectors!
svn path=/trunk/; revision=6052
|
|
know it. This reduces clutter in the top pane considerably.
svn path=/trunk/; revision=5985
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
|
|
do anything else with a request or reply (e.g., because we haven't seen
the bind request).
svn path=/trunk/; revision=5904
|
|
svn path=/trunk/; revision=5858
|
|
it if we don't show it as NTLMSSP.
Use #defines for the authentication protocols.
svn path=/trunk/; revision=5853
|
|
svn path=/trunk/; revision=5850
|
|
dheitmueller@netilla.com.
svn path=/trunk/; revision=5848
|
|
connectionless DCE RPC PDUs into common routines, and call those
routines when dissecting DCE RPC requests and responses.
Get rid of arguments to "dcerpc_try_handoff()" whose values are also in
the "dcerpc_info" structure pointed to by its "info" argument.
svn path=/trunk/; revision=5757
|
|
for a value_string that corresponds to that dissectors opnums. Pass
in -1 if no such table is available.
svn path=/trunk/; revision=5749
|