Age | Commit message (Collapse) | Author | Files | Lines |
|
Other protocol, not only SMB will populate pinfo->private_data
thus checking for existence of non-NULL pinfo->private_data is not sufficient
to determine we have SMB data and this is what it is.
Refactor the adding of salt/FID from lower layer protocols and generalize it.
Create a new dissector_handle specific for SMB so that we know that IFF we came in through that handle, then whatever pinfo->private_data is what we expect it to be.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11129 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10834 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
so the packet type can be better detected
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10812 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
we can manually call functions to dissect NDR encoded structures without going through the DCERPC interface.
There are NDR encoded blobs that are not encapsulated inside DCERPC
such as in kerberos and those dissectors need this.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10321 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9735 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"context_handle_attributes" in the DCE RPC 1.1 "nbase.idl". Rename our
structure member accordingly.
Note in a comment that we should perhaps display a context_handle as the
attributes and UUID.
Use "proto_tree_add_item()", not "proto_tree_add_bytes()", to put the
context handle raw data into the protocol tree.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9052 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.
Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).
Change some direct dissector calls to go through handles.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8979 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Filter, Find and Colorize selected procedures
in the same way as SMB and ONC-RPC already does.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8667 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
handling encrypted request/response PDUs. Instead of having
dissection function pointers which perform both decryption and
dissection, the function pointers now only decrypt the DCERPC fragment
payload. Dissection is handled by the dcerpc_try_handoff() function
(with DCERPC fragment reassembly if necessary).
Details:
- Move the dcerpc_auth_info struct into dcerpc.h as it is now used in
the function prototype for the decryption function handlers.
- decode_encrypted_data() was refactored to take a boolean request
parameter instead of passing the DCERPC PDU packet type.
- A tvbuff_t * data field was added to dcerpc_auth to hold the
verifier. This is passed as an argument to the decryption function
handlers.
- Dissection of verifiers in request and response PDUs was moved to
before the payload.
- The dissect_dcerpc_cn_stub() function was refactored to perform
the decryption process and hand decrypted data to the reassembly
code instead of performing the decryption after reassembly.
- Removed references to decrypted_info_t as it's not necessary
anymore.
Code was tested using encrypted and unencrypted fragmented PDUs.
Before this commit ethereal could not dissect unencrypted (!)
fragmented PDUs correctly.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8546 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
somewhat. Now the dynamic initialisation of the value_string is contained
in the value_string_from_subdissectors() function instead of being
distributed amongst the dcerpc dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8123 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
to the dissector that handles the particular authentication flavour. This
gets rid of a couple of ugly switch statements and allows other authentication
modules to be written easily.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8026 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
list rather than duplicating this information in the dissector. Some
of the opnum strings were starting to get out of date as developers
forgot to update the information in both places.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7936 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
give it a byte-order argument, and move it to "epan/tvbuff.c".
Use it to handle UCS-2 strings in version 1 of the Service Location
Protocol. In SRVLOC V1, use registered fields that are already there
for SRVLOC V2, and add some as needed. Fix some field names.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7186 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7109 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissect_ndr_char_cvstring()" and "dissect_ndr_wchar_cvstring()", to
indicate that they're for conformant varying strings.
Rename "dissect_ndr_character_array()" to "dissect_ndr_cvstring()", to
indicate that it's for conformant varying strings.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7096 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissect_ndr_char_string" and "dissect_ndr_wchar_string", to make it
clearer what it does.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7095 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7091 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
function and a void * callback args. The callback is executed after
the dissection of the ndr pointer buffer which may be called,
depending on the number of pointers in the structure, after the return
of the dissect_ndr_pointer() call.
The callback function is of type:
void (dcerpc_callback_fnct_t)(packet_info *pinfo, proto_tree *tree,
proto_item *item, tvbuff_t *tvb, int start_offset, int end_offset,
void *callback_args);
where the proto tree and item are the tree and item created by
dissect_ndr_pointer() and the tvb plus offsets are the buffer pointed
to by the pointer.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7015 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that
it is possible to use display filters on these items.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6547 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6499 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6479 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
replies for DCERPC similar to what is already done for ONC-RPC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6465 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6339 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6170 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
for a value_string that corresponds to that dissectors opnums. Pass
in -1 if no such table is available.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5749 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Show presentation context negotiation results and rejection reasons, PDU
rejection reasons, and rejection status codes symbolically. Show the
presentation context negotiation rejection reason only if there was a
rejection, and, if so, show it in the Info column as well as the
protocol tree.
Show more fields in the Info column.
Show the packet type in decimal in the protocol tree - it's shown as
decimal in the Info column and the values are shown as decimal in the
DCE RPC 1.1 spec.
Show the sequence number for connectionless PDUs as decimal in the
protcool tree - it's snown as decimal in the Info column, and the call
ID for connection-oriented PDUs is shown as decimal in the protocol
tree.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5701 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5532 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
level of private data turns out to be needed to pass something other than
an int to dcerpc_dissect_fnct_t functions passed to dissect_ndr_pointer.
A nicer way of doing this would be to convert the levels parameter to a
void *state type of variable but this turns out to be a lot more work as
opposed to a one line change here. (-:
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5434 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
When the representation for a pointer type gets dissected, the dissector
is actually called twice. Once with conformant_run==1 and once ==0.
The idea is that when conformant_run is ==1, the ONLY bytes that will be
dissected and would be the array structure preceeding the actual data.
And the normal data and content will be dissected when conformant_run ==0.
This is to handle the case properly when conformant arrays are embedded inside
aggregated types, in which case there will be other data inserted between
these array control data, and the array content.
The check that is added will assert that no other data is actually eaten
for conformant_run==1 than just this data.
This will help debugging dcerpc dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5412 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
frame number arguments, and elements in data structures, unsigned,
display them with "%u" rather than "%d", and use 0, rather than -1, as
"not known".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5223 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
SAMR updates;
a bugfix in dissect_ndr_pointer() (should not check referent id
for aliases for unique pointers);
enhancement to dissect_ndr_pointer() to make it possible to
hand a generic int value to the dissector for the pointer object
in a similar way as hf_index values are passed through the
pointer layer.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4721 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
fix to LookupRids to match what the IDL file says;
fix to "dissect_ndr_uint64()" to specify the right length to
"proto_tree_add_item()";
give the protocol tree items for array header counts and offsets
the correct offsets in the packet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4719 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4618 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
NDR pointer handling in DCE RPC
SAMR updates
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4608 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
a request.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4600 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4586 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
DOS error codes to the table of them, and exporting that table to other
dissectors for protocols using DOS error codes.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4470 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
add "dissect_ndr_ctx_hnd()" for dissecting context handles, and
use it in various DCERPC dissectors;
beef up the MS Security Account Manager dissector.
Also, export "NT_errors[]" for use by that dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4350 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
o Modifies the dcerpc handoff to subdissectors slightly. It
also needs to pass the data representation to the
subdissector. Also, if no subdissector is found, it puts a
"Stub data" entry in the tree.
o Adds optional TCP desegmentation to the dcerpc layer. Note
that dcerpc has it's own ability to fragment PDUs. This isn't
for dealing with that, but with the case of a single PDU being
broken over more than one TCP segment.
o Adds a little bit of dissection to packet-dcerpc-epm.c.
Mainly just proof of concept for the dcerpc handoff stuff.
(Writing this is how I realized the need for the drep.)
o Adds packet-dcerpc-ndr.c, which will contain NDR dissection
routines for use by subdissectors.
Also, support added for multiple PDUs per segment for DCERPC-over-TCP
(and, potentially, other byte-stream transports).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4285 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
conversation matching.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4220 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
themselves with the DCE RPC dissector, and support for some of the
protocols atop DCE RPC that are part of DCE RPC, from Todd Sabin.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3681 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3338 f5534014-38df-0310-8fa8-9805f1628bb7
|