least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually;
also, make lines as long as possible, as long as they fit in 80 columns).
svn path=/trunk/; revision=7815
and the finding of tokens in the header - only once.
Don't assume there's either zero or one spaces after the colon in a
Name:Value header, and don't put a tvb_format_text()-formatted version
of the value into the protocol tree.
svn path=/trunk/; revision=7811
reflect the 1.0 version of the CIFS spec. Similarly update function
names containing section numbers.
Change the strings for query file levels 0x0200 and 0x0201 to say
"Query" rather than "Set" (we now have separate tables for "query" and
"set" information levels, as some of them differ), and get rid of the
string for 0x0202, as that's documented in the CIFS spec only as a "set"
level.
svn path=/trunk/; revision=7810
according to the SNIA CIFS 1.0 spec and some captures I've seen, are not
the same as for the corresponding TRANS2_GET_{PATH,FILE}_INFORMATION.
Handle the SET information levels as per the CIFS spec.
svn path=/trunk/; revision=7806
"__attribute__((unused))" to come after the unused argument; it gives a
syntax error if it appears before the argument.
svn path=/trunk/; revision=7805
Add a preference to control whether to register for ethertype 0
or not.
Change the short name of the protocol from "mdshdr" to "MDS
Header".
Tweak it to work at protocol registration time, by registering or
un-registering the protocol at startup time or when the preferences are
changed, rather than to just abandon the dissection if the preference is
turned off.
svn path=/trunk/; revision=7802
Unix Privilege defined as bit 14 for directories seems to be an
error in AFP3.0.pdf.
AFP3.1.pdf and AFP3.0 traffic capture use bit 15 for files and
directories.
svn path=/trunk/; revision=7801
characters don't show up. (We really need to handle strings better in
Ethereal, so that we can handle various character encodings in the
packets; GTK+ 2.x uses UTF-8 internally, so we could at least map
everything to that when displaying, and I think GTK+ 1.x for Win32 does
so as well, and but we need to clean up the GTK+ 1.x-for-X11 stuff to
handle the various font encodings.)
Get rid of "strtbl_lookup()" in favor of the appropriate direct calls.
svn path=/trunk/; revision=7800
"tvb_strsize()" to get the string length, and then use "tvb_get_ptr()"
to get a pointer to the guaranteed-to-be-null-terminated string in the
tvbuff (if the null character is missing, "tvb_strsize()" throws an
exception).
svn path=/trunk/; revision=7795
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
Fix a spelling error.
Don't use lengths with ASCIIZ strings, as "proto_tree_add_item()" will,
with a specified length, attempt to fetch the specified number of bytes
for an FT_STRINGZ string, throwing an exception of there aren't that
many bytes present.
svn path=/trunk/; revision=7786
value, just copy the specified number of bytes and stick a '\0' at the
end, don't use "tvb_get_nstringz0()" - yes, you end up copying more
bytes, but you don't have to bother looking for a '\0' that might not
even be present (if the string is null-padded rather than
null-terminated).
Also, set the length of the item to the specified length, rather than to
the length up to the terminating '\0' - if the string is null-padded,
the field should include all the padding bytes.
svn path=/trunk/; revision=7785
length (rather than being given -1), the length is, in most cases, the
maximum length of a null-*padded* string, rather than the actual length
of a null-*terminated* string. Treat it as such - allocate a buffer one
larger than the length (to leave room for a terminating '\0'), and pass
the size of that buffer to "tvb_get_nstringz0()". (Otherwise, in those
cases, the last character of the string is chopped off.)
Allow "proto_tree_add_string()" to add FT_STRINGZ items to the protocol
tree, as well as FT_STRING items.
In "alloc_field_info()", if we're passed a length of -1 and the field is
an FT_STRINGZ, don't make the length be the length remaining in the
tvbuff; that way, you *can* use a length of -1 in
"proto_tree_add_item()" for an FT_STRINGZ item, and have it get the
actual length by looking for the terminating '\0'.
(We might want to distinguish between null-terminated and null-padded
strings, e.g. with an FT_STRINGZPAD type. Null-terminated strings
rarely, if ever, have a specified length; the length is found by
scanning for the terminating '\0'. Null-padded strings presumably
always have a specified length, which is the length to which the string
is padded.)
svn path=/trunk/; revision=7784
so we don't mis-dissect non-RMCP traffic going to or from the RMCP port.
Use the dissector table set up for RMCP classes - use
"dissector_try_port()" rather than explicitly checking class values, and
have the sub-dissectors register in the dissector table rather than
registering their dissectors.
svn path=/trunk/; revision=7782
a TCP segment, and probably don't want to hand the segment to a TCP tap,
if the TCP segment is included in an error packet.
svn path=/trunk/; revision=7780
payload if there isn't any. (We do so for real UDP datagrams so that we
throw an exception; the exception doesn't cause anything to be displayed
if we're dissecting something inside an error packet.)
svn path=/trunk/; revision=7779
subtree item.
Have "ndps_string()" take a buffer pointer and length as arguments, and
fill in the supplied buffer if the buffer pointer is non-null. Have it
do bounds checking in any case. Use that to set the text of a server
info item, and also remove a level from the tree for server info.
Show various item counts and structure sizes in the protocol tree.
(This also, in some cases, fixes the offset for subsequent items, as not
only was the item count not put into the protocol tree, the offset
wasn't advanced past the item count.)
Instead of putting an item into the tree with "proto_tree_add_item()",
advancing the offset past it, and fetching the item's value with a
backed-off offset, just fetch the value first and put it into the tree
with the appropriate "proto_tree_add_XXX" call. Use switch statements
if the value is being compared against more than one constant.
Don't use a length of 0 in subtree items; use a length of -1, and then
set the length when the subtree is complete, so that if you click on the
subtree item it highlights all the bytes in the subtree.
Fix some "proto_tree_add_uint()" calls that were supposed to be
"proto_tree_add_item()" calls.
In a "Create job" operation, the alignment after the "Doc Content" item
had an extra 2 bytes added if it was non-zero; that seems a bit odd (if
no alignment is required, the stuff after that item is aligned on a
4-byte boundary, but if alignment is required, the stuff after that
items is aligned 2 bytes *off of* a 4-byte boundary), and caused at
least one capture to be misdissected.
Fix some cases where a counted list was inside a counted list, and the
inner count wasn't being fetched *or* used for the inner list.
Display counts in decimal, not hex.
Remove the question mark from the name of a Boolean preference; other
Boolean preferences don't have them, and it looks odd with a colon after
it - that's what the GUI code puts there. If Boolean preferences should
have a question mark, it should be put there by the GUI code, instead of
a colon.
svn path=/trunk/; revision=7778
multiple NetBIOS-over-TCP session service messages in a TCP segment, and
they can contain the final portions of different DCERPC calls. Don't
assume a frame number is sufficient to identify DCE RPC calls.
svn path=/trunk/; revision=7777
Gerald Combs