Apply rev 25869 to most of the rest of the TCP-desegmenting dissectors.
(The SSL dissector was already updated in one of two spots with bug 4535/rev
32456.)
A couple of the patches had to be manually applied.
From me: Fix the comments to match the change (including in the TCP and SSL
dissectors.)
svn path=/trunk/; revision=36332
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
I'd like to share my enhancements to the TDS dissector with everyone.
The list of improvements follows:
- nearly complete dissection of RPC calls,
- detection and dissection of the ALL_HEADERS rule,
- corrected some existing proto_tree fields to support filters,
- other minor fixes where the interpretation of data conflicted with the
official documentation from MS.
I tested the new code on a variety of different TDS captures with many diverse
RPC calls. The code compiles and works on 32-bit Linux, I didn't check those
changes on other platforms though.
From me:
- terminate all value_strings
- change ++*offset to *offset += 1 (I think that's more readable)
- replace all the dissector assertions which could be caused by malformed
packets with expert infos
- Don't throw ReportedBoundsError when the packets have unexpected data in
them, just report an expert info and continue on
svn path=/trunk/; revision=35007
This is necessary in case a subdissector had changed it but was unable to
restore it (due to the exception).
Remove check_col().
svn path=/trunk/; revision=34436
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
When offset parameter is 0 replace tvb_bytes_exist() with the faster tvb_length().
On the other hand
if (tvb_bytes_exist(tvb, 0, 20)
is more readable than
if (tvb_length(tvb) >= 20
so only do it in heuristic function
svn path=/trunk/; revision=23412
Fix bug 833 (remove 'dead' code flagged by Coverity);
Update defines based upon current version of FreeTDS tds.h; Reformat defines for readability;
svn path=/trunk/; revision=18103
1) Added a setup_frame parameter to conversation_t
2) Used the conversation_t next to maintain a list of conversations with the
same src/dest tuple but different setup_frame number.
3) Changed the signature of find_conversation() and conversation_new() to pass
in the frame number.
4) Adjusted packet-sdp to select RTP conversation if both m=audio and m=image
are present, and T.38 conversation if only m=image is present. I expect that
RTP/T.38 dissecting to be better, but I don't have a way to generate T.38
packets.
svn path=/trunk/; revision=13243
1. Add Preferences:
a. To allow specification of a hint as to TDS protocol being decoded
(Unspecified/TDS4/TDS5/TDS7/TDS8); Default: 'unspecified'
The 'hint' is used only when needed to do a correct decode.
If the protocol is unspecified, the decode is as previous.
b. To allow specification of 'ranges' of TCP ports to be treated as
'TDS tcp ports'; i.e. if the source or destination port of a tcp
connection matches a specified range, then the connection should be
considered to be TDS.
c. To allow specification of a hint as to whether TDS being decoded is
'little-endian' or 'big-endian'. Default: 'little-endian'.
A hint is just that; E.G. if TDS7+ packets are encountered the decode
is always 'little-endian'.
2, Register tcp MS SQL default ports (1433, 2433) as TDS ports
('dissector_add'). This also enables TDS as a choice for 'decode as'.
3. 'netlib_check_login_pkt' changed to check 'TDS tcp port' range(s) as
entered in preferences;
4. Change 'dissect_tds_query_packet' to handle TDS4 ascii in addition to
TDS7/8 UCS-16.
5. Change 'dissect_tds_rpc' to:
a. handle TDS4 ascii RPC in addition to TDS7/8 UCS-16 RPC;
b. handle Microsoft 'encoded' rpc_name;
c. fix memory leak (not freeing memory obtained using
'tvb_fake_unicode');
6. Change 'dissect_tds_response' to:
a. handle tds4 tokens 'tds_col_name' and 'tds_col_info';
b. dissect tokens 'tds_doneinproc' and tds 'doneproc' similarly to
'tds_done'
c. reclaim memory allocated for 'tds_col' structures when finished
processing response
(Additional memory was being allocated each time a
tokenized tds5 response was processed)
7. New function 'dissect_tds_col_info_token' (similar to
'read_results_tds5') associated with handling TDS4 responses.
8. New functions 'dissect_tds_query5_packet', 'dissect_tds5_lang_token'
9. Rework TDS token size calculation; Some TDS tokens have a length field
of other than 2 bytes. (e.g.: the length field
for TDS_LANG_TOKEN is 4 bytes)
10. Update token definitions and usages;
a. Update based upon info from current version of FreeTDS 'tds.h'
as well as info from Sybase TDS5 document;
example: TDS_124_TOKEN renamed to TDS_PROCID_TOKEN
b. TDS_124_TOKEN [TDS_PROCID] was incorrectly not considered
a 'fixed-size' token in function 'tds_is_fixed_token'
svn path=/trunk/; revision=12566
I (hopefully) didn't changed any protocol fields or preference file names, but only the GUI labels appearing in the protocol display and the protocol preferences.
Also added a note to the protocol preferences (where appropriate), that you have to enable "Allow subdissectors to reassemble TCP streams" at the corresponding protocol settings for TCP reassembling to take effect.
If you encounter any mistakes I've made here, please let me know...
svn path=/trunk/; revision=11784
(or, as that documentation calls it, the language name) is the database
name; mark it as such.
It also says there's some other stuff, such as a client MAC address,
after the database offset/length (and that the NTLMSSP message doesn't
come right after the database offset/length, there's an offset/length
for the NTLMSSP message). Put in a comment about that.
svn path=/trunk/; revision=11713
1. define new TDS packet type (17) - NTLM authentication packet. Call
the ntlmssp dissector to dissect it when needed.
2. define new TDS packet type (18) - donno what it is exactly, but it's
there. Will dissect it someday.
3. heuristic in netlib_check_login_pkt should also check port 2433.
4. unify the dissection of msg and err token. They have the same
structure.
5. improve the dissection of the above mentioned token.
svn path=/trunk/; revision=11616
Jeff Morriss