but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
TRANS2_SET_FILE_INFORMATION parameters as reserved.
Change/add comments to reflect information from Microsoft Networks SMB
File Sharing Protocol Extensions Version 3.0, Document Version 1.11,
July 19, 1990.
svn path=/trunk/; revision=5568
Microsoft Networks SMB File Sharing Protocol Extensions Version
2.0, Document Version 3.3, November 7, 1988;
Microsoft Networks SMB File Sharing Protocol Extensions Version
3.0, Document Version 1.11, July 19, 1990.
svn path=/trunk/; revision=5566
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
"dissect_nt_sec_desc()".
Also, get rid of code to handle lengths of -1 in "dissect_nt_sec_desc()"
- we never pass it a length of -1, as security descriptors aren't sent
over the wire with NDR syntax.
svn path=/trunk/; revision=5317
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
then later construct the sub-authority string from that array; we can
just construct the string as we fetch the sub-authorities.
Given that we're doing that, use the cleanup handler to free the string,
so that we don't leak memory if we throw an exception when fetching the
RID, for example.
svn path=/trunk/; revision=5294
values.
Note that in a Negotiate Protocol response, the primary domain won't be
present if the negotiated dialect isn't "DOS LANMAN 2.1" or "LANMAN2.1".
At least for Info Standard replies for Transaction2 Find First2
requests, if the request had the "return resume keys" flag set, the
reply will have a resume key at the beginning of each entry. We assume
that to be the case for Info Query EA Size and Info QUery EAs From List;
it does *not* appear to be the case for Find File Directory Info, Find
File Full Directory Info, or Find File Both Directory Info (they don't
have it even if the flag is set, at least in the captures I've seen).
The length of the name string in Find First2 entries doesn't include the
terminating '\0'; count that as well.
svn path=/trunk/; revision=5259
inside a Netlogon security descriptor.
Correctly dissect NT security descriptors as they appear inside an LSA
security descriptor (at least as those appear inside a Netlogon security
descriptor) - they get sent over the wire, apparently, as an opaque blob
from the point of view of DCE RPC, at least from one capture I've seen,
they do *not* get sent over the wire in DCE RPC NDR syntax.
svn path=/trunk/; revision=5212
top-level item correspond to the reassembled data, and make the item for
each fragment/segment correspond to the part of that reassembled data
that came from that fragment/segment.
svn path=/trunk/; revision=5025
that a country code of 0 is for the "default", presumably meaning "don't
override the setting on the desktop machine" or something such as that.
svn path=/trunk/; revision=5015
traffic or not, that data doesn't include the padding; handle padding
if you're dissecting it as DCERPC traffic.
Don't treat the traffic as DCERPC traffic unless it's to the IPC$ share.
svn path=/trunk/; revision=4956
is non-null, as there's no guarantee that the corresponding SMB request
is in the capture. Check whether it's null before using it.
svn path=/trunk/; revision=4954
Guy Harris