there's a space after the colon, and so that there's no extra comma at the
end and only one space between the items.
Fix a typo.
svn path=/trunk/; revision=4940
There is still a bug in the dissection of SAMDELTA_reply but this is due to
LSA_SECRET not being implemented yet which is embedded in one of the
netlogon structures.
svn path=/trunk/; revision=4935
display the data as a hexadecimal string.
Update netlogon so that nt and lm challenge response bytes are displayed
in hexadecimal form and not pseudo-ascii
svn path=/trunk/; revision=4934
Make the directory option to "--with-ucdsnmp" optional. Handle
"--with-ucdsnmp" similar to the way "--with-pcap" is handled.
Get rid of unnecessary #defines in "packet-cops.c".
Get rid of no-longer-necessary include of "dlfcn.h" in "packet-snmp.c".
svn path=/trunk/; revision=4930
so that NETLOGON will not dump core (since netlogon has these structs as top
level reference pointers)
Addition of full netlogon dissection. Full in the sense as it assumes the idl
is correct and complete.
Many calls and fields are unknown so they get dissected with "unknown long,
contact ethereal-dev@... if you know what it is".
svn path=/trunk/; revision=4929
display of the symbolic form of the OID. Remove code that used to do
that outside of "format_oid()".
Export "format_oid()" from "packet-snmp.c" and use it in
"packet-cops.c".
Remove support for CMU SNMP and older versions of UCD SNMP from
"packet-cops.c", as it has been removed from the rest of Ethereal.
svn path=/trunk/; revision=4924
length of the variable's value, in bytes, not the length of the BER
encoding of that variable's value. The latter setting means it won't be
correct for object IDs.
svn path=/trunk/; revision=4922
than the "sprint_" routines in UCD and CMU SNMP; the latter routines
have no bounds checking, and if you use them you cannot protect against
buffer overflows.
As we now require UCD SNMP 4.2.2 or later:
1) we no longer need code to support CMU SNMP;
2) we no longer need code to work around problems with UCD SNMP
4.1.1;
and, as we no longer use the "sprint_" routines, we no longer need code
to work around the changed API and ABI of those routines in some
nonstandard versions of the UCD SNMP library.
svn path=/trunk/; revision=4914
"dissect_ndr_nt_UNICODE_STRING_string()", in
"samr_dissect_connect2_server()"; that eliminates an unnecessary extra
level of protocol tree.
That removes the last call to "dissect_ndr_nt_UNICODE_STRING_string()";
eliminate that routine.
In "dissect_ndr_nt_UNICODE_STRING()", initially create the subtree with
the name of the field as a string, so that if an exception is thrown
before the name is set, the subtree won't show up as blank when
displayed or printed. Also pass in the name to "dissect_ndr_pointer()",
so the same happens for subtrees below it. Append only the string data,
not its name, to items up the tree, as the name was put in when the item
was created. Also, when adding a colon before the string, put a space
after the colon, as is done elsewhere in Ethereal.
When appending additional strings, put the blank before the new string,
not after it.
In "dissect_ndr_nt_STRING()", put the subtree into the string with the
name of the field, rather than just "String". Pass in that name to
"dissect_ndr_pointer()", so subtrees below it get a name when they're
initially created.
Get rid of colons in the name string passed to "dissect_ndr_pointer()"
in some calls. Supply a non-null name string in more calls to
"dissect_ndr_pointer()", and fix some calls to pass in the name of the
field being handed to "dissect_ndr_pointer()".
There's no need to fetch the entire "header_field_info" structure for a
protocol field in order to get the field's name - just use
"proto_registrar_get_name()" to get the name.
Use a length of -1, not 0, when creating a subtree whose length will be
set when the dissection of the items under the subtree is complete; that
way, if an exception is thrown while dissecting the items - which means
the item goes past the end of the tvbuff - the item will refer to all
data to the end of the tvbuff, rather than referring to nothing.
Fix a typo in the name of the "hf_samr_unknown_string" field.
svn path=/trunk/; revision=4912
contain the interesting "XXX is at YYY" data; put that into the Info
column. Thanks to Andreas Sikkema for catching this.
svn path=/trunk/; revision=4906
as BPF filters return either 0 if they fail or the snapshot length if
they succeed, and a snapshot length of 0 means success is
indistinguishable from failure and the filter expression would reject
all packets.
Now that a snapshot length of 0, inside Ethereal, means "snapshot length
unknown", we have to, when opening a libpcap file for output, make the
snapshot length some non-zero value. We make it WTAP_MAX_PACKET_SIZE,
in case some program uses the snapshot length as a buffer size. (That
doesn't help if there are packets with more than 65535 bytes of data; if
there are, we'd need to raise WTAP_MAX_PACKET_SIZE just to make those
files readable in Ethereal in any case.)
svn path=/trunk/; revision=4905
calls that passed TRUE or FALSE, rather than an integer value, as the
last argument.
A SOCKS command is one byte, so make the "socks.command" field an
FT_UINT8.
svn path=/trunk/; revision=4904
subtree under it, so that if an exception is thrown while we're
dissecting the items in the subtree, it runs to the end of the tvbuff
(as, if an exception is thrown, it means the item should cover the stuff
in the tvbuff *and* stuff beyond it).
svn path=/trunk/; revision=4903
Ronnie Sahlberg