This won't be needed for NETLOGON_FLAG_AES.
Change-Id: I668bca15ed13e5a2767fa3e39c5cad0d510a8f5d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35592
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See [MS-NRPC] 3.1.4.2 Netlogon Negotiable Options, it's
flag W: Supports Advanced Encryption Standard (AES) encryption (128 bit in
8-bit CFB mode) and SHA2 hashing ...
Change-Id: I4b677e1ca1c3b3b9bc47ccc412380cc18659fd5d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35589
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use copy_address_swallow() instead of copy_address().
When inserting the key in the hash map, copy it in wmem file scope.
Bug: 14407
Change-Id: Ida524d314c943f480dd0e1bf44fd0ded01aafaeb
Reviewed-on: https://code.wireshark.org/review/25731
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Follow-up of https://code.wireshark.org/review/20095
Rewritten functions:
- crypt_des_ecb
crypt_des_ecb verified against previous crypt_des_ecb implementation with
4294967295 random keys and input buffers from /dev/random as I cannot find a
suitable pcap which uses DES
Change-Id: I21ec2572451e0ded4299ffadd8dd687817bc6318
Reviewed-on: https://code.wireshark.org/review/20429
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Many of the register_init_routine/register_cleanup_routine functions
are for initializing and cleaning up a GHashtable.
wmem_map_new_autoreset can do that automatically, so convert many
of the simple cases.
Change-Id: I93e1f435845fd5a5e5286487e9f0092fae052f3e
Reviewed-on: https://code.wireshark.org/review/19912
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also update tfshark to use that code.
Change-Id: Ic03fb8ff48c8bfc460298d180b436e53f0076cbe
Reviewed-on: https://code.wireshark.org/review/18588
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I0e845668a1b9dbec93ea920a8585ecfe60f001d1
Reviewed-on: https://code.wireshark.org/review/15044
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add tables for heuristic dissectors, and add dissectors for the stuff
Microsoft puts there for RDP; they're violating the COTP spec, but I
guess they're stuck because they're using TP0, which doesn't support
user data.
While we're at it, add variants of proto_tree_add_bitmask() and
proto_tree_add_bitmask_flags() that return the bitmask, for use by
callers.
A side-effect of the change is that the proto_tree_add_bitmask routines
no longer treat the encoding as a Boolean, so we have to pass
ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN, not just some non-zero or zero
value. Do so.
Rename ositp_decode_CC() to ositp_decode_CR_CC(), to note that it
decodes both CR and CC PDUs.
Bug: 2626
Change-Id: If5fa2a6dfecd9eb99c1cb8104f2ebceccf1e57c2
Reviewed-on: https://code.wireshark.org/review/13648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We actually have to *use* the return value of the method, which the macro did
for us.
Change-Id: I240ca7e526a18054fe39c6c4ded902998dc2fef0
Reviewed-on: https://code.wireshark.org/review/12389
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Replace remaining calls to SET_ADDRESS, CMP_ADDRESS, ADDRESSES_EQUAL,
COPY_ADDRESS, and COPY_ADDRESS_SHALLOW with their lower-case
equivalents.
Replace all ADD_ADDRESS_TO_HASH calls with add_address_to_hash.
Change-Id: I4cff857d7a84085abe0bccd52d2605d2a468bf6f
Reviewed-on: https://code.wireshark.org/review/11229
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch moves g_hash_table_destroy calls from the init routine to
the cleanup routine. Besides that, the conditional check for the hash
table has been removed, assuming that init is always paired with a
cleanup call.
If reassembly_table_init is found, a reassembly_table_destroy call is
prepended to the cleanup function as well.
Comments have been removed from the init function as well as these did
not seem to have additional value ("destroy hash table" is clear from
the context).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4d11f07180d9c115eb14bd860e9a47d82d3d1dcd
Manually edited files (for assignment auditing): dvbci, ositp, sccp,
tcp.
Other files that needed special attention due to the use of
register_postseq_cleanup_routine:
- ipx: keep call, do not add another cleanup routine.
- ncp: remove empty mncp_postseq_cleanup. mncp_hash_lookup is used
even if a frame is visited before (see dissect_ncp_common), hence
the hash table cannot be destroyed here. Do it in cleanup instead.
- ndps: add cleanup routine to kill reassembly table, but do not
destroy the hash table as it is already done in ndps_postseq_cleanup.
Change-Id: I95a72b3df2978b2c13fefff6bd6821442193d0ed
Reviewed-on: https://code.wireshark.org/review/9223
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 1 of a few
Change-Id: I413f23dfa92da5488ca8a7f62ca0738b25004635
Reviewed-on: https://code.wireshark.org/review/8117
Reviewed-by: Michael Mann <mmann78@netscape.net>
That eliminates a redundant and confusing data type, and avoids issues
with one piece of code using e_uuid_t but wanting to use routines
expecting an e_guid_t.
Change-Id: I95e172d46d342ab40f6254300ecbd2a0530cde60
Reviewed-on: https://code.wireshark.org/review/7506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I79c613cbdd8dc939dd4c29ebc477fb6eefd5bfc4
Reviewed-on: https://code.wireshark.org/review/6371
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I84755d059ef70ca98b0e7626b6425360daf0529d
Reviewed-on: https://code.wireshark.org/review/4199
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
All caught by cppcheck. The two (semi)-interesting bugs are:
- in asn1/atn-cpdlc/packet-atn-cpdlc-template.c where the break statement should
have been inside the brace, causing potential control-flow weirdness with
exceptions
- in epan/dissectors/packet-ieee80211.c where the bounds check for tag_len did
not match the expert info given
Change-Id: Ie173fb8d917aabb9b4571435d671d6f16e1c7569
Reviewed-on: https://code.wireshark.org/review/1793
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
used in the Netlogon dissector, so don't make them static.
Now that we've added HEADER START/HEADER END to Pidl, use it to declare
those routines in packet-dcerpc-lsa.h. Don't declare them in
packet-dcerpc-netlogon.c, as they're now declared in the header.
svn path=/trunk/; revision=54723
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
structure, rather than a fixed field. Get rid of that fixed field, as
it's no longer needed.
Use dissect_ndr_byte_array() rather than dissect_ndr_char_cvstring() in
a case where we have an opaque byte array.
Have dissect_ndr_cvstring() and dissect_ndr_vstring() - and, therefore,
routines that call them, such as dissect_ndr_cstring(),
dissect_ndr_char_cvstring(), dissect_ndr_char_vstring(), and
dissect_ndr_wchar_vstring() - require that the field being used by an
FT_STRING field. Manually fix a case where the PIDL generator makes
such a field FT_NONE rather than FT_STRING. Also handle EBCDIC, just in
case we happen to see a packet with EBCDIC strings.
Use tvb_get_string_enc(), rather than tvb_get_unicode_string() or
tvb_get_string(), in dissect_ndr_cvstring() and dissect_ndr_vstring().
svn path=/trunk/; revision=54134
(sort associated value_string arrays as needed);
- Use new VALUE_STRING_LIST mechanism/macros to
create enums and value_string arrays for:
WERR_errors, DOS_errors, SRV_errors, and HRD_errors;
- Declare certain global value_string arrays as static (local)
and use global extended value_strings to reference same;
(e.g., ms_coiuntry_codes value_string_array)
- Rename SMBE_... defs used in several different value_string arrays
to prevent potential name collisions:
( e.g., for SRV_errors: SMBE_... ==> SMBE_SRV_...)
Done for value_string arrays: DOS_errors, SRV_errors, HRD_errors;
- WERR_errors value_string array:
Note that WERR associated defs no longer exist in the latest samba doserr.h.
(The WERR_errors defs were originally generated from the samba doserr.h).
For now: WERR_errors kept as is.
- ToDo: Fix PIDL-generated dcerpc dissectors to use NT_errors_ext
and WERR_errors_ext extended value_strings.
- Add editor modelines to a few files.
- Make whitespace changes.
svn path=/trunk/; revision=53614
Note: I hope the following is not indicative of something wrong with the code.
(I've just marked di as _U_).
packet-dcerpc-netlogon.c: In function 'dissect_secchan_nl_auth_message':
packet-dcerpc-netlogon.c:7582:75: error: unused parameter 'di' [-Werror=unused-parameter]
proto_tree *tree, dcerpc_info *di, guint8 *drep)
svn path=/trunk/; revision=53104
All "generated" source was manually modified (with the power of search/replace), but I believe the "source input" files have been adjusted (checked into revs 53098 and 53099) to reflect the necessary changes (with possible whitespace formatting differences).
The Microsoft compiler doesn't flag "unused function parameters", so I apologize in advance if I may have missed a few. The "dcerpc_info* di" parameter is used in almost every function.
svn path=/trunk/; revision=53100
explicit, and frees up the "generic" names (like tvb_memdup) for new signatures
that take the appropriate wmem pool.
Majority of the conversion done with sed.
svn path=/trunk/; revision=52164
Stefan Metzmacher