If the "Level Of Interest" referenced in the smb.trans2.FIND_FIRST/FIND_NEXT
requests is 262, wireshark is unable to decode properly (neither the request
nor the response).
svn path=/trunk/; revision=30923
(See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3542)
The current get_dfs_referral response code is based on old protocol specs,
which are unofficial, erroneous.
I modify packet-smb.c to be confirm to protocol's official spec. Some
changes are:
1. handle referral entry version 2, 3, 4 separately. The current code does
not distinguish v3 from v2, however they are not same.
2. change server type, referral flags etc.
3. refactor some code, such as string dissecting.
Also: From me: a small change to handle possible overflow
when subtracting from a guint16.
svn path=/trunk/; revision=29986
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
clamped at TIME_T_MIN and TIME_T_MAX, but newer versions of GCC
"helpfully" warn that the usual checks for overflow or underflow "can't
fail").
svn path=/trunk/; revision=25391
When offset parameter is 0 replace tvb_bytes_exist() with the faster tvb_length().
On the other hand
if (tvb_bytes_exist(tvb, 0, 20)
is more readable than
if (tvb_length(tvb) >= 20
so only do it in heuristic function
svn path=/trunk/; revision=23412
- if offset is 0, tvb_length is the same as tvb_length_remaining, just faster.
Replace
- col_append_fstr() with faster col_append_str()
- col_add_str() with col_set_str()
when it's safe
svn path=/trunk/; revision=23252
attributes specified at open time, have them take a length value, and
pass 4 if the values are extracted from the current packet and 0 if they
come from values saved when the FID was opened (as they're generated
values not found in the packet) - that fixes bug 1638.
svn path=/trunk/; revision=22053
