dont try dcerpc reassembly of fragments if we dont have the entire pdu
only call the heuristical dissectors once from smb/pipe as per guy(?)s comments about idempotence.
when doing reassembly, the dcerpc dissector is indeed not idempotent any more.
svn path=/trunk/; revision=19304
The smb dissector displays lock requests in the "Locking AndX Request" as a vector of locks. It opens a tree branch
"Locks" and appends the locks to this branch. Instead of adding "Lock" objects to this branch it added "Unlock"
objects. Everything else is fine.
svn path=/trunk/; revision=19271
when files are opened using NTCreateAndX and if we recognize the type set the type field to either FILE, DIR or PIPE
This is useful to know when dissecting things like security descriptors since it tells us how to dissect the specific bits of the access mask.
Only do this for NTCreateAndX for now. It is trivial to add similar tracking to some of the older obsolete calls used to open fids but no clients ever use those old calls any more.
svn path=/trunk/; revision=18922
reuse the recent structure for fid->filename mappings since the problemspace is virtually the same
(go to tired of trying to find the sharename in 10mpacket traces with 1000s of shares)
svn path=/trunk/; revision=18516
This needs to be done for all other Create/Open calls as well but would notmally just be 6 lines tyo add.
I rarely see older methods to open files so others using older clients are encoraged to use these 6 lines to the other places where needed.
svn path=/trunk/; revision=18515
add an expansion to the fid that display which frame itr was opened in and when it was closed.
someone may want to add tracking of actual filenames here as well. i am not sure i need that feature myself so ...
svn path=/trunk/; revision=18512
The code was incorrectly bounds checking AndXOffset. AndXOffset is only
relevant when AndXCommand is not 0xFF. This patch corrects erroneous
"Malformed packet" exceptions.
svn path=/trunk/; revision=18015
updates to smb
A patch for packet-smb.c is attached:
- it improves timeout decoding
- it defines common NT transaction IOCTL functions
- it corrects decoding of resume key in search queries
- it defines a new function dissect_4_2_16_8_unsure() to replace
dissect_4_2_16_8(). I'm unsure if it is correct. As said in
comments, it works for me, but I find strange that nobody noticed
dissect_4_2_16_8() was wrong. So, it is between "#if 0".
Someone else should confirm dissect_4_2_16_8_unsure() works
before activating it.
svn path=/trunk/; revision=16494
"dissect_nt_sec_desc()". Add a Boolean argument to
"dissect_nt_sec_desc()" to indicate whether a length was passed to it
(so we don't treat -1 as a special value; we want to stop treating -1 as
a special length value, and, in fact, want to stop treating *any*
negative length values specially, so that we don't have to worry about
passing arbitrary 32-bit values from packets as lengths), and have
"dissect_nt_sec_desc()" initially create the protocol tree item for the
security descriptor with a length of "go to the end of the tvbuff", and
set the length once we're done dissecting it - and, if the length was
specified, check at *that* point, *after* we've dissected the security
descriptor, whether we have the entire security descriptor in the
tvbuff.
That means that we don't have to worry about overflows after
"dissect_nt_sec_desc()" returns - if the length was so large that we
would have gotten an overflow, we'd have thrown an exception in the
"tvb_ensure_bytes_exist()" call at the end of "dissect_nt_sec_desc()".
Do sanity checks on offsets within the security descriptor, so we know
the item referred to by the offset is after the fixed-length portion of
the descriptor.
svn path=/trunk/; revision=16113
I've changed all settings I could find to TRUE. It might be reasonable to change some protocol settings back to FALSE, if reassembling fails very often.
svn path=/trunk/; revision=16048
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
fragment size. The limit is conservatively set at 65536 bytes. It may
have to be increased. Fixes bug 421.
Add an entry to the release notes.
svn path=/trunk/; revision=15789
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
Ronnie Sahlberg