indicate that it's to be used for SMB transactions; a different table,
using different dissectors, would be needed for, say, reads and writes
over a named pipe, as those are byte streams and SMB transactions are
packets, so the dissectors for the first one need to worry about
multiple PDUs per segment and desegmentation, while the dissectors for
the second one don't - and, in fact, can't do desegmentation stuff.
svn path=/trunk/; revision=4286
o Modifies the dcerpc handoff to subdissectors slightly. It
also needs to pass the data representation to the
subdissector. Also, if no subdissector is found, it puts a
"Stub data" entry in the tree.
o Adds optional TCP desegmentation to the dcerpc layer. Note
that dcerpc has it's own ability to fragment PDUs. This isn't
for dealing with that, but with the case of a single PDU being
broken over more than one TCP segment.
o Adds a little bit of dissection to packet-dcerpc-epm.c.
Mainly just proof of concept for the dcerpc handoff stuff.
(Writing this is how I realized the need for the drep.)
o Adds packet-dcerpc-ndr.c, which will contain NDR dissection
routines for use by subdissectors.
Also, support added for multiple PDUs per segment for DCERPC-over-TCP
(and, potentially, other byte-stream transports).
svn path=/trunk/; revision=4285
than a pointer to a dissector function, as an argument.
This means that the conversation dissector is called through
"call_dissector()", so the dissector itself doesn't have to worry about
checking whether the protocol is enabled or setting
"pinfo->current_proto", so get rid of the code that does that in
conversation dissectors. Also, make the conversation dissectors static.
Get rid of some direct calls to dissectors; replace them with calls
through handles, and, again, get rid of code to check whether a protocol
is enabled and set "pinfo->current_proto" where that code isn't needed.
Make those dissectors static if they aren't already static.
Add a routine "create_dissector_handle()" to create a dissector handle
without registering it by name, if the dissector isn't used outside the
module in which it's defined.
svn path=/trunk/; revision=4281
don't have the frame number of the request, which we use as the ID of
the transaction being reassembled. (If we're reassembling a reply,
should we not use the frame number of the reply instead? We used to
have a hash table to keep track of that, so we might just be able to
bring it back....)
svn path=/trunk/; revision=4274
from being required by anyone other than packet-data.c.
It can now be accessed with call_dissector() with the name "data".
dissect_data is now also of dissect_t.
svn path=/trunk/; revision=4271
Add a few small functions to reassemble.c to cope with protocols
where the total length of defragmented PDUs are specified in the
first fragment (all previous uses of reassembly has been for
PDUs where the last fragment is signalled by a flag in the
header for the last fragment).
Add a few small functions to reassemble.c to abort-and-delete
defragmentation of PDUs and also detect IF a PDU is currently
being defragmented. (Useful for PDUs where the "unique"
identifier is rather ununique, or may be reused often enough so
it can be a problem for Ethereal.)
Change where NT Cancel presents its Cancelation-to output, and
makes the three trans secondary requests also output similar
information.
svn path=/trunk/; revision=4255
as the pathname of a capture file to be read. If more than one such
option is specified, print a usage message.
Fix the documentation of the "-r" option to Ethereal and Tethereal.
svn path=/trunk/; revision=4253
merely mean that we mistakenly treated stuff from the text-dump part of
the file we're reading as if it were hex byte data (e.g., if the first
non-white-space part of the text dump was a 2-digit hex number). If the
offset we read is less than the expected next offset, assume that's the
problem, and throw away enough extra bytes to make the offset we read
the expected next offset.
"getopt()" will never, for any option that the "getopt()" string says
takes an argument, leave "optarg" null; if no argument was specified,
it'll return an error, so there's no need to check for a null "optarg".
svn path=/trunk/; revision=4250
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
structure, we may have to worry about it in more places than the places
that *used* to set "pi.len" and "pi.captured_len", so there's no point
in just saving and restoring it there. We'll remove those
saves/restores, and worry about saves and restores when we find a
problem.
svn path=/trunk/; revision=4245
#defines for SMB commands with ones that use the names from the SNIA
CIFS spec.
Use those #define values rather than hardcoded values in various places
that check for specific commands.
svn path=/trunk/; revision=4244
Guy Harris