of the DCERPC dissector instead of creating a dummy protocol to hang
the ett and hf values off.
Make the open and close frame values in NT policy handles FT_FRAMENUM's
so the "Go to Corresponding Frame" menu item can be used on them.
svn path=/trunk/; revision=6995
we also call the proper DCERPC subdissector.
With this change ethereal will call the SAMR dissector and dissect the
decrypted SAMR packets in devins capture.
svn path=/trunk/; revision=6855
using NTLMSSP version 1.
Show stub data as such for all requests and replies where we can't
dissect the stub data as a request or reply for some DCERPC-based
protocol.
svn path=/trunk/; revision=6825
until we know that we have the entire PDU - we might not have all of it,
as some of it might be in, for example, a later TCP segment.
svn path=/trunk/; revision=6785
Minor change to the connection oriented DCE/RPC function calls.
Now the offset is provided in the call, instead of having a
hard-coded value in each function. Also makes the calling
convention consistent with the datagram equivalents for the
functions.
Didn't do it for dissect_dcerpc_cn_auth() yet, as that is a
special case (and I am in the process of restructuring it to
make verifier decryption work properly).
svn path=/trunk/; revision=6778
know what it is (a PDU for the third stage in a 3-way authentication
handshake, as is done with NTLMSSP authentication, for example) - get
rid of the question mark after "AUTH3".
svn path=/trunk/; revision=6746
pointers.
The first argument to "sscanf()" is a "const char *"; don't cast const
pointers to "char *" when passing them to "sscanf()".
Assign the result of "tvb_get_ptr()" to const pointers, not non-const
pointers.
Make the "pdata" argument to various DCE routines a const pointer.
svn path=/trunk/; revision=6688
only in bind, bind_ack, alter_context, alter_context_response, and auth3
PDUs; they're a verifier of some sort in other PDUs. The verifier
appears to start with an OID for the real authentication mechanism if
the authentication type is SPNEGO.
svn path=/trunk/; revision=6563
dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that
it is possible to use display filters on these items.
svn path=/trunk/; revision=6547
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
connectionless DCE RPC PDUs into common routines, and call those
routines when dissecting DCE RPC requests and responses.
Get rid of arguments to "dcerpc_try_handoff()" whose values are also in
the "dcerpc_info" structure pointed to by its "info" argument.
svn path=/trunk/; revision=5757
Show presentation context negotiation results and rejection reasons, PDU
rejection reasons, and rejection status codes symbolically. Show the
presentation context negotiation rejection reason only if there was a
rejection, and, if so, show it in the Info column as well as the
protocol tree.
Show more fields in the Info column.
Show the packet type in decimal in the protocol tree - it's shown as
decimal in the Info column and the values are shown as decimal in the
DCE RPC 1.1 spec.
Show the sequence number for connectionless PDUs as decimal in the
protcool tree - it's snown as decimal in the Info column, and the call
ID for connection-oriented PDUs is shown as decimal in the protocol
tree.
svn path=/trunk/; revision=5701
tables for connectionless PDUs than for connection-oriented PDUs; just
have one connectionless PDU reassembly hash table.
Get rid of unnecessary tests of "dcerpc_reassemble" - the code to handle
requests and responses was
if (!dcerpc_reassemble || packet not fragmented || frame is short)
don't reassemble;
else if (dcerpc_reassemble)
reassemble
but if we go into the "else" clause we know that all three conditions in
the "if" are false, including "!dcerpc_reassemble", so we know
"dcerpc_reassemble" is true.
Set "pinfo->fragmented" based on whether the PDU being dissected is an
unreassembled first fragment or not.
Put a "Fragment data" item into the protocol tree for all fragments.
Properly maintain the offset when dissecting the header of a
connectionless PDU, even if we aren't building a protocol tree.
"fd_head->datalen" is bogus for sequence-number-based reassembly; use
"fd_head->len" instead.
svn path=/trunk/; revision=5695
Don't try to add a fragment to a reassembly operation if we don't have
all of the stub data (because the frame is short, or because it's part
of a packet fragmented at a layer below RPC and not reassembled).
Put an entry into the protocol tree for the fragment data of the last
fragment.
svn path=/trunk/; revision=5688
whether a connection-oriented PDU is fragmented or not.
Clean up the handling of fragmented connection-oriented PDUs (the code
to handle fragmented PDUs can assume that it is not the case that both
PFC_FIRST_FRAG and PFC_LAST_FRAG are set, as that's an unfragmented
PDU). Put an entry into the protocol tree for the fragment data in
fragmented PDUs.
For fragmented connectionless PDUs, don't hand the payload of any
fragment other than the first fragment to the subdissector.
svn path=/trunk/; revision=5687
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532