the sub-protocol containing the actual operation number (which isn't
necessarily the operation number in a connectionless reply's PDU;
sometimes the operation number in a connectionless reply appears to be
garbage, and it's not what we use to dissect the reply in any case), and
also giving the name of the operation, if we know it.
Show the authentication data in connectionless PDUs, if present, as an
item in the protocol tree.
svn path=/trunk/; revision=5002
connectionless calls to the fragment length.
Add value_string tables for authentication protocol and level values.
Show the authentication protocol in decimal in connectionless PDUs, just
as we do in connection-oriented PDUs.
Get the authentication level from connection-oriented request and reply
PDUs and, if it's DCE_C_AUTHN_LEVEL_PKT_PRIVACY, don't hand the stub
data to subdissectors, just show it as encrypted stub data.
svn path=/trunk/; revision=4998
string available in the tvbuff before we allocate the buffer; this means
that
1) we don't have to register a cleanup function to free the
buffer if we throw an exception trying to fetch some of the
data, because we won't even try to allocate the buffer if we
don't have all the data
and
2) we won't try to allocate a buffer with a bogus too-large
length, as if the length is too large, we'll throw an
exception in the check.
svn path=/trunk/; revision=4990
neatly aligned on a 2-byte or a 4-byte boundary, and there is no
guarantee that a misaligned pointer can be dereferenced without getting
a fault.
Furthermore, there is no guarantee that, even if you *can* dereference a
pointer to a 2-byte or 4-byte quantity in a packet, the resulting number
you get back is in the right byte order; the data in the packet might
have a different byte order from the machine on which you're running.
Therefore, we change "prs_uint8s()", "prs_uint16s()", and
"prs_uint32s()" to return the starting offset, in the tvbuff, of the
collection of 8-bit, 16-bit, or 32-bit integral values, rather than a
pointer to the raw packet data, and change their callers to fetch the
data using "tvb_get_guint8()", "tvb_get_letohs()", and
"tvb_get_letohl()" (the stuff in all the NT protocols is presumed to be
little-endian here). We also change "fake_unicode()" to take a tvbuff
and an offset, rather than a data pointer, as arguments, and to use
"tvb_get_letohs()" to fetch the Unicode characters (again, we assume
little-endian Unicode).
This requires "fake_unicode()" to establish a cleanup handler, so we
don't leak memory if it throws an exception.
We also make "fake_unicode()" use "g_malloc()" to allocate its buffer
(we weren't checking for allocation failures in any case; with
"g_malloc()", we'll abort on an allocation failure - if we can come up
with a cleverer way of handling them, fine), and the matching frees to
use "g_free()". (We also insert some missing frees....)
Fix some formats to print unsigned quantities with "%u", not "%d".
Don't append text to items in the tree for non-string values in
"dissect_ndr_nt_STRING_string()".
svn path=/trunk/; revision=4986
tvbuff, so we don't increase it past what was in the packet.
For packets with unknown BPDU types, put the value of the type into the
Info column.
svn path=/trunk/; revision=4977
bitfields in the flags field.
Put a summary of the flags in the protocol tree item for the flags
field.
Give the Protocol Identifier and BPDU Type fields value_string tables.
Don't bother with "proto_tree_add_uint_format()" for fields with
value_string tables - use the default format.
Put the "Version 1 Length" field into Rapid Spanning Tree packets.
Don't fetch items until you put them into the protocol tree.
Make the length of the top-level item be the correct length of the
packet, including the "Version 1 Length" field in RST packets. (XXX -
should it be really short for Topology Change Notification packets?)
For packets with unknown BPDU types, put the value of the type into the
Info column.
svn path=/trunk/; revision=4976
representation string - set the representation string to the default
representation. This lets you append to an item that's been added with
"proto_tree_add_XXX" calls that don't explicitly format the
representation string.
svn path=/trunk/; revision=4973
Use "proto_tree_add_item()" to add items to the protocol tree; don't
fetch to a variable if the variable isn't later used (except for the
"unknown" fields). Put fields into the protocol tree as soon as they're
fetched, so that if an exception is thrown when dissecting a packet, the
fields that didn't cause an exception get put into the protocol tree.
Fix some typos.
svn path=/trunk/; revision=4972
traffic or not, that data doesn't include the padding; handle padding
if you're dissecting it as DCERPC traffic.
Don't treat the traffic as DCERPC traffic unless it's to the IPC$ share.
svn path=/trunk/; revision=4956
activate the text widget into which the filter text is put only if
clicking "OK" in the list-of-filters dialog box does so. Make it so.
svn path=/trunk/; revision=4955
is non-null, as there's no guarantee that the corresponding SMB request
is in the capture. Check whether it's null before using it.
svn path=/trunk/; revision=4954
Guy Harris