a SASL encapsulated ldap blob can contain more than one LDAP message so
the rest_is_pad parameter is bogus and thus removed.
make dissect_ldap_pdu handle when we have more than one LDAP message
inside one sasl blob
svn path=/trunk/; revision=22181
1) Handle empty (zero length) saslCredentials
2) Handle "GSSAPI" auth_mech when identified from the bind
3) Annotate column info to show SASL service applied to LDAP operation
svn path=/trunk/; revision=20830
I created two patches:
1.) move the handling of the compressed strings in CLDAP 'netlogon' replies into a generic place.
2.) implement dissection of SMB_NETLOGON cmd's 0x17 and 0x19
svn path=/trunk/; revision=19970
*) Remove maximum LDAP PDU size check - they can get large with either large attributes (e.g. CRLs, SPIFs) or with lots of results (see http://www.wireshark.org/lists/wireshark-users/200610/msg00197.html). The max size preference is also removed.
*) Support for dissecting LDAP controls including server side sorting and paged results. A new BER function is introduced to see if there is a dissector for a given OID.
*) Remove reference to removed BER preference in the LDAP reassembly preference.
*) Mark a LDAPURL as a URL
svn path=/trunk/; revision=19792
there are many reasons why some protocols actually need to be able to access the pinfo structure while determining the pdu size
svn path=/trunk/; revision=19751
pretty horrible hack to store an ntlmssp blob inside an ldap string
the info column is not entirely pretty but the payload is at least decoded
svn path=/trunk/; revision=19490
This patch makes the the maximum valid LDAP PDU size a preference. The default value for this new preference is 65535 for backwards compatibility.
svn path=/trunk/; revision=19288
use tcp_dissect_pdus() which works insterad of trying to do the pdu tracking and signalling for reassembly manually.
This makes ldap pdu tracking and reassembly work properly for cases when hosts are streaming lpad over tcp and there is little or none alignlemt of pdus to the start of a segment
svn path=/trunk/; revision=18965
also change the name of one of the strings we keep around since it is more generic than just used for attributeassertions
svn path=/trunk/; revision=18841
special case some common special attributes such as DomainSid and DomainGuid
and dissect them as SIDs and GUIDs
examples of these special attributes can be seen in Xiaoguang Liu's email to wireshark dev
svn path=/trunk/; revision=18719
ldap and ldap+sasl
remove a recent ber length validation in packet-ber.c that cant work and breaks reassembly and also makes all ber pacvket sspanning multiple segments show up as malformed packets.
svn path=/trunk/; revision=18465
make the display of the filters more similar to how the ldap c api represents
filters and how they are commonly represented in documentation and other texts.
svn path=/trunk/; revision=18449
Check for printable ASCII - 0x7F is >= 0x20, but it's not printable, and
0x80 through 0xFF aren't ASCII.
Note that we should perhaps be using RFC 2252-style schemas to figure
out which attribute and assertion values are text and which are binary.
svn path=/trunk/; revision=18447
Most of the time AssertionValue will contain an ascii string so make it always display as a string to make the display "correct" most of the time insterad of being "wrong" most of the time.
There are situations when AssertionValue contains binary data though and in those cases the display will be "wrong" (but not more wrong than the old dissector anyway)
What someone really should do (someone interested in ldap that is) to make it more correct would be to implement a dissector for AssertionValue in the template file and having the dissector check if any of the bytes of the octet string has a value <32 and if so display it in hex as 0x.....
It all bytes have values >=32 then it shoudlk display it as a string "...
instead.
Someone interested in ldap may spend time on this refinement.
svn path=/trunk/; revision=18089
packet-ntp.c: Rather confused and incorrect use of g_snprintf return value
packet-pim.c: whitespace change
packet-icmpv6.c: g_snprintf takes trailing \0 into account, fix off by 1 error
packet-clnp.c: Fix incorrect use of g_snprintf return value
packet-isakmp.c: g_snprintf takes trailing \0 into account
packet-tr.c: Fix incorrect use of g_snprintf return value
packet-radius.c: Fix incorrect use of g_snprintf return value
packet-radius.h: constify a string variable
packet-ldap.c: The return value isn't needed, so don't use it incorrectly
packet-tcp.c: Fix incorrect use of g_snprintf return value
packet-windows-common.c: Remove unneeded DISSECTOR_ASSERT
packet-smb-sidsnooping.c: g_snprintf takes trailing \0 into account
packet-pvfs2.c: g_snprintf takes trailing \0 into account
packet-ptp.c: Remove #include snprintf
packet-ppp.c: Fix incorrect use of g_snprintf return value
packet-ospf.c: Fix incorrect use of g_snprintf return value
packet-mip6.c: snprintf -> g_snprintf
packet-bootp.c: Remove a commented out bad use of g_snprintf
packet-ber.c: snprintf -> g_snprintf, g_snprintf takes trailing \0 into account
2do:
52 packet-ieee80211.c: 2DO
2 packet-nfs.c: 2DO - too many side effects
33 packet-bgp.c: 2DO
18 packet-dns.c: 2DO
14 packet-dcm.c: 2DO
13 packet-x11.c: 2DO
11 packet-kerberos.c: 2DO
10 packet-diameter.c: 2DO
9 packet-snmp.c: 2DO
9 packet-pgm.c: 2DO
7 packet-nbns.c: 2DO
6 packet-fcswils.c: 2DO
5 packet-wccp.c: 2DO
5 packet-cops.c: 2DO
4 packet-wtp.c: 2DO
svn path=/trunk/; revision=17038
up front and realloc once ...
This will probably be the last changes I make on this dissector, as I want to
concentrate on using asn2eth for LDAP, as time permits.
svn path=/trunk/; revision=16619
the extensibleMatch.
Make sure the filter string is always null-terminated, as we use
"strlen()" to skip to the end of it.
On the (illegal, but not impossible) chance that we have more than one
matching rule ID, attributeDescription, or matchValue, free any we
already have before fetching a new one.
svn path=/trunk/; revision=16609
The ftbp.patch file includes:
a) A fix to acse.cnf which works around an asn2eth bug (it is the AE-qualifier EXPORT I want, but asn2eth doesn't generate the appropriate extern for the values). Also a small cosmetic change for EXTERNAL decodings.
b) New EXPORTs for the FTAM dissector for use in FTBP.
c) A fix to asn2eth to solve the problem if you EXPORT types that include a '-' character in the name (e.g. "AE-qualifier" from acse.cnf, "Date-and-Time-Attribute" from ftam.cnf). The problem is that asn2eth generates the "xxxx-exp.cnf" file using the 'C' name (which has replaced '-' with '_') rather than the original 'ASN' name. The fix just undoes the replacement as I couldn't see the original name being preserved anywhere. There still remains a problem if the type has a '.' in the name - but generally I don't think they do.
* Better ROS handling and registration
* Simplified RTSE registration
* X411 column information, extension naming and use of new RTSE/ROS registration
* X420 notification extensions, warnings removal and export of ExtensionsField (missed from recent FTBP patch).
* Better highlighting of S4406 protocol.
svn path=/trunk/; revision=16296
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
I'll attach a patch which fixes the decoding of authenticated
LDAP bind replies. The SASL credentials are always "context
specific" in terms of ASN.1.
I've tested the fix with DIGEST-MD5 authentication.
(Without the patch, ethereal complains about a wrong type
because it expects an ASN.a octet string.)
(You might also consider a stricter check of the ASN.1 header
type for the GSSAPI and GSS-SPNEGO cases, but I can't test this.)
svn path=/trunk/; revision=15428
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
DissectorError. In packet-kerberos.c, restore pinfo->private_data if
we throw an exception, which keeps the SMB dissector from throwing
a DissectorError. Initialize variables in other places to squelch
valgrind warnings.
svn path=/trunk/; revision=15235
add a "match_strval_idx()" routine that does the same thing, and have
"match_strval()" call it.
Make those routines, and "val_to_str()", return a "const" pointer.
Update dissectors as necessary to squelch compiler warnings produced by
that.
Use "val_to_str()" rather than using "match_strval()" and then, if the
result is null, substituting a specific string. Clean up some other
"match_strval()"/"val_to_str()" usages.
Add a null pointer check in the NDPS dissector's "attribute_value()"
routine, as it's not clear that "global_attribute_name" won't be null at
that point.
Make some global variables in the AFS4INT dissector local.
Make some routines not used outside the module they're in static.
Make some tables "static const".
Clean up white space.
Fix Gerald's address in some files.
svn path=/trunk/; revision=14786
in a simple approach, I've replaced all g_assert() and g_assert_not_reached() calls by their exception throwing counterparts DISSECTOR_ASSERT() and DISSECTOR_ASSERT_NOT_REACHED()
this will replace application crash by showing a dissector bug, which is the desired behaviour
there were some g_assert calls in the protocol registering functions, which might not be acting as expected now, but to be able to simply search for g_assert in the future I've replaced that calls too
one g_assert remained, the one when someone throws an unknown exception "into" packet_frame.c, but IMHO this one should remain.
svn path=/trunk/; revision=14608
callers, so that they can tell "no decrypted tvbuff because I couldn't
decrypt it" from "no decrypted tvbuff because it's not encrypted in the
first place". Set that based on the Kerberos seal algorithm field in
the SPNEGO Kerberos 5 wrap dissector code.
Use that to determine whether the GSS-API encapsulated data in LDAP is
encrypted or not., rather than using a heuristic.
Set the length of the SASL blob tvbuff based on the SASL length and the
length of the tvbuff from which it's consstructed, rather than setting
it to the SASL length.
svn path=/trunk/; revision=13780
(cifs: dc's talking to eachother and when longhorn comes out: anyone wanting to talk dce to a dc!)
((this is an incredibly advanced feature well worthy of mentioning in NEWS))
svn path=/trunk/; revision=13690
and Kerberos decryption is enabled in preferences
and if we have the keytab file available
then attempt to decrypt Secure LDAP
svn path=/trunk/; revision=13660
1) Added a setup_frame parameter to conversation_t
2) Used the conversation_t next to maintain a list of conversations with the
same src/dest tuple but different setup_frame number.
3) Changed the signature of find_conversation() and conversation_new() to pass
in the frame number.
4) Adjusted packet-sdp to select RTP conversation if both m=audio and m=image
are present, and T.38 conversation if only m=image is present. I expect that
RTP/T.38 dissecting to be better, but I don't have a way to generate T.38
packets.
svn path=/trunk/; revision=13243
pointers.
Now that "col_set_str()" takes a "const char *" as the second argument,
we don't have to cast away the constness of strings passed to it.
svn path=/trunk/; revision=12892
dissect packets containing that filter type.
Note that if a dissector for a particular operation fails, we should
stop dissecting rather than trying to dissect the controls.
svn path=/trunk/; revision=12786
it will not solve the problem in the c06- testmenageri capture that
contains unknown types of ldap commands but it will at least
stop the ldap controls dissector from dumping core.
someone interested in ldap might want to look at those "unknown ldap packets"
in the trace.
svn path=/trunk/; revision=12773
I (hopefully) didn't changed any protocol fields or preference file names, but only the GUI labels appearing in the protocol display and the protocol preferences.
Also added a note to the protocol preferences (where appropriate), that you have to enable "Allow subdissectors to reassemble TCP streams" at the corresponding protocol settings for TCP reassembling to take effect.
If you encounter any mistakes I've made here, please let me know...
svn path=/trunk/; revision=11784
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
Jörg Mayer