fragmented.
"PFC_NOT_FRAGMENTED()" is checked early in "dissect_dcerpc_cn_stub()";
there's no need to check it again in either of the code paths after
that, as we know it's true in the first code path and false in the second.
svn path=/trunk/; revision=7460
reassembly. (Perhaps we *shouldn't* see reassembly in progress in both
directions, if the protocol is purely request/response, but that doesn't
mean you won't see it in a capture, due to bugs or dropped packets
or....)
svn path=/trunk/; revision=7457
read/write data that might, or might not, be DCE RPC information on a
pipe, and use that routine rather than duplicating similar code in
multiple places.
svn path=/trunk/; revision=7455
To test whether a single bit is set, just do "if (mode&bit)", not
"if ((mode&bit)==bit)".
In the places where read and write data is processed, have both a
comment indicating that it's file data and that you can transport DCERPC
over SMB just with reads and writes, to indicate why we may call the
DCERPC-over-a-pipe dissector.
svn path=/trunk/; revision=7450
the call to initialize it; move the call to initialize it to the
registration routine for the dissector that uses it, move the definition
of ""dcerpc_fragment_table" to packet-smb-pipe.c, make it static, and
remove the declaration of it from smb.h.
Add some casts to squelch compiler complaints.
svn path=/trunk/; revision=7449
Don't print Cavebear skipped - it makes the output unusable.
manuf.tmpl:
Remove entries that overwrite identical or similar results from IEEE
manuf:
Rebuild to reflect the changes in manuf.tmpl and add some new IEEE
entries.
svn path=/trunk/; revision=7447
Move the actual reassembly to packet-smb-pipe.c instead of having it inside
the packet-smb.b/Write_andX and ReadAndX dissectors.
Change the dissector to only call dcerpc dissector from the packet where
reassembly was completed instead of always from the first fragment.
Add display fiulter field for the other fragments that display which frame the dcerpc pdu was reassembled in.
This is needed in order to be able to reassemble the type of dcerpc fragments
that are sent between nt4 dc's.
The DCERPC fragment reassembly in the dcerpc layer is still broken though, and
i think it has been broken for quite some time. That will be addressed shortly.
svn path=/trunk/; revision=7445
"End-of-Connection Acknolwedgment") have none of the connection control
bits set; describe them as "Data, No Ack Required" rather than
"Unknown".
svn path=/trunk/; revision=7443
two packets have the same sequence number; use the sequence number in
the hash key.
The sequence number is not incremented for system packets, and system
packets probably don't get ACKed and thus presumably don't get
retransmitted, so don't do retransmission checks for system packets.
svn path=/trunk/; revision=7442
a retransmitted SPX frame, just put the number of the original frame in
as an item not referring to any data (offset and length of 0), and, if
there is any remaining data, put it into the tree as a separate item.
svn path=/trunk/; revision=7440
PDU, just append the message type acronym to the column, so you can see
the message types for all the messages in the frame.
svn path=/trunk/; revision=7439
Make the dissector decode the first two bytes of the security descriptor as
one byte for the revision and the second byte as nothing/should be zero.
svn path=/trunk/; revision=7436
header be filterable fields.
Don't hand retransmitted SPX frames to subdissectors - just show the
payload as a retransmission of the original frame.
Instead of handing a retransmission indicator to SPX subdissectors, hand
them a structure containing the datastream type (under the assumption
that it's data for the protocol running atop SPX, and that the dissector
for that protocol might use it) and the state of the end-of-message bit
(under the assumption that it's data for the protocol running atop SPX).
svn path=/trunk/; revision=7433
frames that are retransmissions a data structure containing the frame
number of the original frame, and pass that to subdissectors (or, if not
present, pass NULL).
That means we can free the hash values when we're done with the first
pass through the packets.
svn path=/trunk/; revision=7432
WriteAndX request should have a full complement of word parameters, but,
just in cast it doesn't....
(Should we somehow arrange to throw an exception if there aren't enough
word or byte parameters in SMBs, i.e. impose a minimum in some cases?)
svn path=/trunk/; revision=7430
If both mode bits MessageStart and WriteRaw are set, then the first two bytes of the byte-field is the total length of the data written to the pipe.
svn path=/trunk/; revision=7428
This field gets set to the frame number when this pdu was first completely reassembled.
This is useful since it will allow us to do reassembly properly in say packet-ip.c
instead of printing the full pdu for every fragment and thus making NFSoverUDP rpc-rtt statistics less than useful.
A dissector using fragment_add() can tehn choose to only dissect the reassembled PDU only for the frame where it was first reassembled.
svn path=/trunk/; revision=7427
calling "tcp_dissect_pdus()", so that if we don't have the final segment
of a multi-segment packet, we don't change the columns or put in an
empty protocol tree item for NDPS.
Rename "ndps.desegment_ndps" to "ndps.desegment_tcp" - the "ndps." is
sufficient to indicate that it's for desegmenting NDPS, but we now have
a flag for desegmenting NDPS-over-SPX, so we should indicate that the
other flag is for desegmenting NDPS-over-TCP.
svn path=/trunk/; revision=7425
Sometimes printed a \n too much
manuf.tmpl:
Remove most manual Mappings to Cisco because that's what gets used
anyway (all except Racal and Newpoint)
manuf:
Update to represent changes in make-manuf, manuf.tmpl and IEEE
svn path=/trunk/; revision=7422
structure it frees has no pointers to anything), so eliminate it.
The XID argument to "dissect_ndps_request()" isn't used, so eliminate
it.
svn path=/trunk/; revision=7420
For replies, correctly put the frame number of the corresponding request
into the protocol tree; don't put it in as if it were the XID. That
means we don't need to pass the XID as an argument to
"dissect_ndps_reply()".
svn path=/trunk/; revision=7419
transmission (and shared by all retransmissions), and passed to SPX
subdissectors, to "packet-ipx.h", and use the same structure in the SPX
dissector and the NDPS dissector.
Set up conversations and those structures without checking whether we've
seen the packet before or not; just check whether we find the
conversation before creating a new one, and check whether we find a
structure for the packet before creating a new one. Pass it to the
subdissector regardless of whether we've seen the packet before or not,
and check it in the NDPS dissector regardless of whether we've seen it
before or not.
Don't store a "retransmission" flag in the structure - the initial
transmission and the retransmissions all share a single data structure,
but they don't all have the same value for the "retransmission" flag,
and you can tell whether a packet is a retransmission or not by
comparing its frame number with the frame number from the structure; if
they're different, it's a retransmission.
svn path=/trunk/; revision=7418
Guy Harris