packets.
Make a "dissect_netbios_payload()" routine, called from the
NetBIOS-over-802.2 (NBF), NetBIOS-over-IPX, and NetBIOS-over-TCP
dissectors. Take Todd Sabin's changes to add a heuristic dissector list
to the NBSS dissector, and apply them to "dissect_netbios_payload()"
instead. Make the SMB dissector heuristic, returning FALSE if it
doesn't see 0xFF S M B at the beginning of the packet, and have
"dissect_netbios_payload()" first try the heuristic dissector list, then
try the SMB dissector if no other heuristic dissector claims the packet,
then just dissect the payload as data.
From Todd Sabin: have the DCE/RPC dissector register as a heuristic
dissector for NetBIOS.
svn path=/trunk/; revision=3969
"WordCount > 0".
Always put the byte count field into the protocol tree, regardless of
whether WordCount is 0 - it's not one of the word parameters counted by
WordCount, so it's present even if WordCount is 0.
Fix a "val_to_str()" call.
svn path=/trunk/; revision=3966
value being non-zero, not on whether the error code is zero. Don't
bother passing the error code to dissectors for particular SMBs, as they
don't need to use it.
In "get_unicode_or_ascii_string()", when aligning to an even boundary,
align to an even boundary in the SMB message, not in the packet as a
whole - there's no guarantee that there are an even number of bytes in
the frame before the SMB message.
In the Info column, mark the packet as a request or response based on
the request/response bit in the Flags field, not on the matched port -
for NBIPX, the source and destination ports (IPX sockets) may be the
same, so you may not be able to determine whether it's a request or a
response based on that.
svn path=/trunk/; revision=3965
WinPcap's installer (it dates back to May, meaning it may be a beta of
2.2 or may even be 2.1), so don't suggest that people go there.
svn path=/trunk/; revision=3964
don't need to check whether zlib has them. We *do*, however, have to
check for "gzseek()", as we don't have our own version of that.
svn path=/trunk/; revision=3963
hand the (possibly-partial) IP datagram to the IP dissector, as we do
for IPv6 datagrams inside ICMPv6 and CLNP datagrams inside CLNP ER PDUs.
When dissecting IPv6 datagrams inside ICMPv6 and CLNP datagrams inside
CLNP ER PDUs, catch the ReportedLengthError exception and ignore it, as
they don't guarantee that all of the original PDU is present.
svn path=/trunk/; revision=3960
version is, as that's subject to change - just speak of the "latest
non-beta version".
Mention the mirrors for WinPcap and WinDump.
svn path=/trunk/; revision=3956
when wpcap.dll couldn't be loaded more detailed, in the hopes that it'll
reduce the chances that somebody will see that message and not know what
to do. Also, mention the Wiretapped.net mirror of the WinPcap site, as
the WinPcap site is all-too-often down due to networking glitches.
svn path=/trunk/; revision=3955
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.
It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does
n += snprintf (buf + n, BUF_LENGTH - n, ...);
may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.
The "capabilitiesStart" variable in "add_capabilities()" in the WSP
dissector is an offset into the PDU data; there's no guarantee that said
offet is < 256, and, even if there were, there's no point in making it
an 8-bit variable.
Add some additional buffer overflow checks to the WSP dissector.
svn path=/trunk/; revision=3953
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.
It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does
n += snprintf (buf + n, BUF_LENGTH - n, ...);
may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.
svn path=/trunk/; revision=3952
8-bit value), and the raw data of an SSID parameter is the
interpretation, so the buffer into which we put the interpretation must
be at least 256 bytes long; it's an array of size SHORT_STR, so boost
SHORT_STR to 256.
svn path=/trunk/; revision=3951
versions of these commands in file_wrappers.c. This allows us to
compile successfully even on platforms where X has an older zlib built
in.
Removed this restriction from acinclude.m4
svn path=/trunk/; revision=3948
If "get_hex_uint()" supplies a "next_offset" equal to the offset fed
into it, it found no hex digits; don't put the value into the tree if
that's the case.
If "get_unquoted_string()" or "get_quoted_string()" returns NULL, the
string separator/terminator wasn't found; don't put the value into the
tree if that's the case.
svn path=/trunk/; revision=3947
1. simplified and shorter names
2. fixed problem with filtering (consequence of 1st point)
3. added more charging tickets
svn path=/trunk/; revision=3946
Make the default for NBSS and ONC RPC-over-TCP desegmentation "on",
rather than "off"; the default for desegmentation in general is "off",
so this won't change the default behavior, but it lets you turn
desegmentation on by flipping only one switch (and turn it off for
particular protocols if you desire).
svn path=/trunk/; revision=3943
Rename the "cap_len" argument to "dissect_dns_common()" to "msg_len", as
it's just the length of the DNS message being dissected.
svn path=/trunk/; revision=3941
shell. (This also arranges that the source to "idl2eth" - which is now
"idl2eth.sh" - not be deleted by "make clean").
Add "doc/idl2eth.pod" to the list of files in a source tarball.
svn path=/trunk/; revision=3940
on it and check whether it returned EISDIR, not whether it returns 0 -
EISDIR means it's a directory, 0 means it isn't.
svn path=/trunk/; revision=3939
real problem, if "byte_span" were 0 - that would only happen if
"bitoffset" and "bitlength" were both 0, and "bitlength" should never be
0).
svn path=/trunk/; revision=3929
dissectors to use it, from Ronnie Sahlberg, with additional changes to
handle the case where a frame contains messages that don't run past the
end followed by one that does and where a reassembled chunk has, at the
end, a message that runs past the end of that chunk (because the
reassembly was for an earlier message).
svn path=/trunk/; revision=3923
"dissect_rpc_common()" check, every time it's about to return FALSE,
whether it's being used as a heuristic dissector and, if not, call
"dissect_rpc_continuation()" - we can just have the non-heuristic
dissector call it and, if it returned FALSE, call
"dissect_rpc_continuation()".
svn path=/trunk/; revision=3922
Guy Harris