on the location of the UCB_ETX, is greater than the length of the tvbuff
- that can never happen, as the UCB_ETX is, as it was found, definitely
inside the tvbuff.
svn path=/trunk/; revision=4010
devices (which are now Cisco wireless devices, as Cisco bought Aironet).
This overrides the out-of-date assignment of 00:40:96 to Telesystems SLW
in the cavebear.com file (Telesystems SLW were bought by Telxon, who
then apparently spun off their RF division, plus Telesystems, as
Aironet).
svn path=/trunk/; revision=4006
- A bug related to "WSP header pages" is fixed, that
resulted into "malformed WSP frame" alerts
- "Concatenated PDUs" (Multiple PDUs within one UDP
packet) are now supported (used e.g. by Nokia 8310)
- The URL of WSP GET/POST requests is display in the
info column, same like HTTP GET requests
svn path=/trunk/; revision=4004
Add support for redirect and refuse packets (however, I don't have
examples of content for these.)
Change some variable names to match the routines they are in.
Make sure to insert boolean for each packet type.
svn path=/trunk/; revision=4002
Fixes a typo in the offset used for the floating point byte
(offset should be offset+1), changes cn_drep* to just drep*
(since it's the same for connection oriented and connectionless
packets), and adds the corresponding code to the connectionless
side of things.
svn path=/trunk/; revision=3998
compilers may not interpret them as the ISO 8859/1 characters they're
intended to be, and the GUI toolkit or other software through which the
text passes might not interpret them as such, either.
svn path=/trunk/; revision=3992
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
Get rid of the "unknown-0xXX" entries in the "value_string" table for
SMB command codes - they make it much more painful to select one of them
in the filter-editing dialog box.
svn path=/trunk/; revision=3985
variable that holds it an "int" rather than a "guint16".
Further strengthen the heuristics the NBSS dissector uses to distinguish
NBSS messages from continuations of NBSS messages.
If an frame contains an NBSS continuation, put the protocol tree item
for the continuation data under an NBSS protocol tree item.
Have the TCP dissector supply information to subdissectors via a "struct
tcpinfo" pointed to by "pinfo->private"; move the urgent pointer value
from a global variable into that structure, and add a Boolean flag that
indicates whether the data it's handing to a subdissector is reassembled
data or not.
Make the NBSS dissector check for continuations only in non-reassembled
data.
Fix the computation, in the TCP dissector, of the offset into the tvbuff
handed to the subdissector of the first byte of stuff that needs further
reassembly, and fix the computation of the sequence number corresponding
to that byte.
svn path=/trunk/; revision=3984
DCE RPC protocol tree for the stub data.
Use the counts of context items and transfer syntax items when
dissecting a bind or alter context PDU.
In bind and alter context PDUs, create the conversation, attach the
context ID and interface to it, and put the interface information into
the Info column as soon as the first context item is dissected, so that
if we get an exception after that, we've still processed the context ID
and interface information.
Use the count of results when dissecting a bind ack PDU.
In bind ack PDUs, dissect the transfer syntax and syntax version fields,
and put the opnum and context ID information into the Info column as
soon as it's dissected.
When dissecting a connection-oriented request or response, don't make
the tvbuff the full fragment length if we don't have that much data in
the frame being dissected. (We should do TCP reassembly there,
eventually.)
In connection-oriented response PDUs, put the opnum and context ID
information into the Info column as soon as it's dissected.
svn path=/trunk/; revision=3982
mirroring procedure, due to the Politecnico di Torino site's IIS not
being configured to allow the relevant "virtual directories" to be
listed, thus keeping Wiretapped.net from figuring out what files were
there and whether they've changed), so put back the references to it.
svn path=/trunk/; revision=3976
mirroring procedure, due to the Politecnico di Torino site's IIS not
being configured to allow the relevant "virtual directories" to be
listed, thus keeping Wiretapped.net from figuring out what files were
there and whether they've changed), so put back the references to it.
svn path=/trunk/; revision=3975
tvbuffified heuristic-dissector interface, but have it immediately turn
its arguments into an old-style buffer pointer and offset.
Register the SMB dissector as a heuristic NetBIOS dissector, and have
"dissect_netbios_payload()" just try the heuristics, as it no longer has
to call the SMB dissector explicitly.
svn path=/trunk/; revision=3973
only the NetBIOS payload, and have the NBSS dissector construct tvbuffs
of that sort (i.e., stop at the end of the NBSS session message, not at
the end of the data handed to the NBSS dissector).
svn path=/trunk/; revision=3972
packets.
Make a "dissect_netbios_payload()" routine, called from the
NetBIOS-over-802.2 (NBF), NetBIOS-over-IPX, and NetBIOS-over-TCP
dissectors. Take Todd Sabin's changes to add a heuristic dissector list
to the NBSS dissector, and apply them to "dissect_netbios_payload()"
instead. Make the SMB dissector heuristic, returning FALSE if it
doesn't see 0xFF S M B at the beginning of the packet, and have
"dissect_netbios_payload()" first try the heuristic dissector list, then
try the SMB dissector if no other heuristic dissector claims the packet,
then just dissect the payload as data.
From Todd Sabin: have the DCE/RPC dissector register as a heuristic
dissector for NetBIOS.
svn path=/trunk/; revision=3969
"WordCount > 0".
Always put the byte count field into the protocol tree, regardless of
whether WordCount is 0 - it's not one of the word parameters counted by
WordCount, so it's present even if WordCount is 0.
Fix a "val_to_str()" call.
svn path=/trunk/; revision=3966
value being non-zero, not on whether the error code is zero. Don't
bother passing the error code to dissectors for particular SMBs, as they
don't need to use it.
In "get_unicode_or_ascii_string()", when aligning to an even boundary,
align to an even boundary in the SMB message, not in the packet as a
whole - there's no guarantee that there are an even number of bytes in
the frame before the SMB message.
In the Info column, mark the packet as a request or response based on
the request/response bit in the Flags field, not on the matched port -
for NBIPX, the source and destination ports (IPX sockets) may be the
same, so you may not be able to determine whether it's a request or a
response based on that.
svn path=/trunk/; revision=3965
WinPcap's installer (it dates back to May, meaning it may be a beta of
2.2 or may even be 2.1), so don't suggest that people go there.
svn path=/trunk/; revision=3964
don't need to check whether zlib has them. We *do*, however, have to
check for "gzseek()", as we don't have our own version of that.
svn path=/trunk/; revision=3963
Guy Harris