| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
2's (including EA sizes, requested by os2 clients).
svn path=/trunk/; revision=7547
|
|
null) to the "fragment_items" structure, and don't pass that value into
"process_reassembled_data()", just have it use the value in the
"fragment_items" structure passed to it.
Make "process_reassembled_data()" capable of handling reassembly done by
"fragment_add_seq_check()", and use it in the ATP and 802.11 dissectors;
give them "reassembled_in" fields. Make "process_reassembled_data()"
handle only the case of a completed reassembly (fd_head != NULL) so that
we can use it in those dissectors without gunking the code up too much.
svn path=/trunk/; revision=7513
|
|
svn path=/trunk/; revision=7493
|
|
data packets, and register the SMB dissector with it.
Dissect the Control field of SPP packets.
svn path=/trunk/; revision=7480
|
|
available for free download.
svn path=/trunk/; revision=7476
|
|
svn path=/trunk/; revision=7474
|
|
read/write data that might, or might not, be DCE RPC information on a
pipe, and use that routine rather than duplicating similar code in
multiple places.
svn path=/trunk/; revision=7455
|
|
svn path=/trunk/; revision=7454
|
|
the MEssageStart and the Raw bits are set.
svn path=/trunk/; revision=7452
|
|
To test whether a single bit is set, just do "if (mode&bit)", not
"if ((mode&bit)==bit)".
In the places where read and write data is processed, have both a
comment indicating that it's file data and that you can transport DCERPC
over SMB just with reads and writes, to indicate why we may call the
DCERPC-over-a-pipe dissector.
svn path=/trunk/; revision=7450
|
|
the call to initialize it; move the call to initialize it to the
registration routine for the dissector that uses it, move the definition
of ""dcerpc_fragment_table" to packet-smb-pipe.c, make it static, and
remove the declaration of it from smb.h.
Add some casts to squelch compiler complaints.
svn path=/trunk/; revision=7449
|
|
Move the actual reassembly to packet-smb-pipe.c instead of having it inside
the packet-smb.b/Write_andX and ReadAndX dissectors.
Change the dissector to only call dcerpc dissector from the packet where
reassembly was completed instead of always from the first fragment.
Add display fiulter field for the other fragments that display which frame the dcerpc pdu was reassembled in.
This is needed in order to be able to reassemble the type of dcerpc fragments
that are sent between nt4 dc's.
The DCERPC fragment reassembly in the dcerpc layer is still broken though, and
i think it has been broken for quite some time. That will be addressed shortly.
svn path=/trunk/; revision=7445
|
|
Make the dissector decode the first two bytes of the security descriptor as
one byte for the revision and the second byte as nothing/should be zero.
svn path=/trunk/; revision=7436
|
|
WriteAndX request should have a full complement of word parameters, but,
just in cast it doesn't....
(Should we somehow arrange to throw an exception if there aren't enough
word or byte parameters in SMBs, i.e. impose a minimum in some cases?)
svn path=/trunk/; revision=7430
|
|
If both mode bits MessageStart and WriteRaw are set, then the first two bytes of the byte-field is the total length of the data written to the pipe.
svn path=/trunk/; revision=7428
|
|
NetMon 2.x does.
svn path=/trunk/; revision=7403
|
|
svn path=/trunk/; revision=7402
|
|
proto item says "foo specific rights" instead of just "specific
rights".
svn path=/trunk/; revision=7401
|
|
This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.
For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().
Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.
svn path=/trunk/; revision=7362
|
|
display filters.
svn path=/trunk/; revision=7355
|
|
since we will need hf_smb_sid for the SID string later
svn path=/trunk/; revision=7354
|
|
svn path=/trunk/; revision=7352
|
|
svn path=/trunk/; revision=7278
|
|
svn path=/trunk/; revision=7192
|
|
we're at it, avoid going past the end of a packet. Put the ACE type's
hex value into that line if it's an unknown type.
svn path=/trunk/; revision=7144
|
|
svn path=/trunk/; revision=7122
|
|
svn path=/trunk/; revision=7112
|
|
guaranteed to be aligned on a 4-byte boundary, so, if we're not
dissecting an ACE from a DCE RPC request or reply, don't use
"dissect_ndr_uint32()" to extract the access mask. (Is it guaranteed to
be so aligned even if the ACE is part of a DCE RPC message? Or are ACLs
just opaque blobs from the point of view of DCE RPC?)
Use "%u", not "%d", to print unsigned quantities.
svn path=/trunk/; revision=7106
|
|
Give dissect_nt_sec_desc() and dissect_nt_access_mask() a specific rights
function parameter for dissecting specific access rights.
Fix callers in packet-smb.c to use the new interface.
svn path=/trunk/; revision=7086
|
|
Fix all callers to use the new function form.
svn path=/trunk/; revision=7054
|
|
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
|
|
svn path=/trunk/; revision=6823
|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
svn path=/trunk/; revision=6806
|
|
If we do not see the TreeConnect call when a TID is connected, we did not
know it was a IPC share.
If we do not know what kind of share it is we assume it being a normal one
and thus read/write data to that share is normal file i/o.
Update the dissector so that IF it sees a Transaction SMB carrying PIPE (dcerpc)
then we assume that all other read/write to that TID is also DCERPC.
I.e. we assume the entire TID is IPC.
svn path=/trunk/; revision=6747
|
|
rid of the annoying STATUS_BUFFER_OVERFLOW messages when dissecting
large DCERPC responses as a buffer overflow is only a informational
message not an error.
svn path=/trunk/; revision=6632
|
|
they're raw NTLMSSP or GSS-API.
svn path=/trunk/; revision=6584
|
|
svn path=/trunk/; revision=6562
|
|
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
|
|
svn path=/trunk/; revision=6307
|
|
svn path=/trunk/; revision=6306
|
|
for RAW NTLMSSP, but the client actually sends SPNEGO encapsulated NTLMSSP.
svn path=/trunk/; revision=6173
|
|
that we do not account for properly, like Octet Strings.
svn path=/trunk/; revision=6152
|
|
svn path=/trunk/; revision=6151
|
|
being used properly.
svn path=/trunk/; revision=6149
|
|
More to do yet though ...
svn path=/trunk/; revision=6148
|
|
Windows that cause compiler warnings.
svn path=/trunk/; revision=6129
|
|
comments about what we need to do to get SPNEGO properly implemented.
More work to do.
svn path=/trunk/; revision=6121
|
|
svn path=/trunk/; revision=6119
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
