updates to smb
A patch for packet-smb.c is attached:
- it improves timeout decoding
- it defines common NT transaction IOCTL functions
- it corrects decoding of resume key in search queries
- it defines a new function dissect_4_2_16_8_unsure() to replace
dissect_4_2_16_8(). I'm unsure if it is correct. As said in
comments, it works for me, but I find strange that nobody noticed
dissect_4_2_16_8() was wrong. So, it is between "#if 0".
Someone else should confirm dissect_4_2_16_8_unsure() works
before activating it.
svn path=/trunk/; revision=16494
"dissect_nt_sec_desc()". Add a Boolean argument to
"dissect_nt_sec_desc()" to indicate whether a length was passed to it
(so we don't treat -1 as a special value; we want to stop treating -1 as
a special length value, and, in fact, want to stop treating *any*
negative length values specially, so that we don't have to worry about
passing arbitrary 32-bit values from packets as lengths), and have
"dissect_nt_sec_desc()" initially create the protocol tree item for the
security descriptor with a length of "go to the end of the tvbuff", and
set the length once we're done dissecting it - and, if the length was
specified, check at *that* point, *after* we've dissected the security
descriptor, whether we have the entire security descriptor in the
tvbuff.
That means that we don't have to worry about overflows after
"dissect_nt_sec_desc()" returns - if the length was so large that we
would have gotten an overflow, we'd have thrown an exception in the
"tvb_ensure_bytes_exist()" call at the end of "dissect_nt_sec_desc()".
Do sanity checks on offsets within the security descriptor, so we know
the item referred to by the offset is after the fixed-length portion of
the descriptor.
svn path=/trunk/; revision=16113
I've changed all settings I could find to TRUE. It might be reasonable to change some protocol settings back to FALSE, if reassembling fails very often.
svn path=/trunk/; revision=16048
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
fragment size. The limit is conservatively set at 65536 bytes. It may
have to be increased. Fixes bug 421.
Add an entry to the release notes.
svn path=/trunk/; revision=15789
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
there are only 5 gmemchunks left but they have different litetime for their allocations than the 100+ ones that have been removed.
The remaining 5 should be converted some other way.
svn path=/trunk/; revision=15328
DissectorError. In packet-kerberos.c, restore pinfo->private_data if
we throw an exception, which keeps the SMB dissector from throwing
a DissectorError. Initialize variables in other places to squelch
valgrind warnings.
svn path=/trunk/; revision=15235
add a "match_strval_idx()" routine that does the same thing, and have
"match_strval()" call it.
Make those routines, and "val_to_str()", return a "const" pointer.
Update dissectors as necessary to squelch compiler warnings produced by
that.
Use "val_to_str()" rather than using "match_strval()" and then, if the
result is null, substituting a specific string. Clean up some other
"match_strval()"/"val_to_str()" usages.
Add a null pointer check in the NDPS dissector's "attribute_value()"
routine, as it's not clear that "global_attribute_name" won't be null at
that point.
Make some global variables in the AFS4INT dissector local.
Make some routines not used outside the module they're in static.
Make some tables "static const".
Clean up white space.
Fix Gerald's address in some files.
svn path=/trunk/; revision=14786
163. I'm not sure if this fix is entirely correct, but it doesn't appear to
have affected any SMB captures here adversely.
svn path=/trunk/; revision=14365
sure we're not referencing a fid when we think we're referencing an
smb_nt_transact_info_t pointer. (A fuzzed capture I have triggers
this behavior).
svn path=/trunk/; revision=14107
neccessary -- someone more knowledgeable about the SMB dissector may want
to check this. Throw a ReportedBoundsError instead of exiting.
svn path=/trunk/; revision=14077
1) Added a setup_frame parameter to conversation_t
2) Used the conversation_t next to maintain a list of conversations with the
same src/dest tuple but different setup_frame number.
3) Changed the signature of find_conversation() and conversation_new() to pass
in the frame number.
4) Adjusted packet-sdp to select RTP conversation if both m=audio and m=image
are present, and T.38 conversation if only m=image is present. I expect that
RTP/T.38 dissecting to be better, but I don't have a way to generate T.38
packets.
svn path=/trunk/; revision=13243
we do in several places into a subroutine. We need to do it also with the
4-byte time stamps that are dissected all over the place.
I had thought that that last unknown in the returned structure might be
a count of the number of clients that have the file open, but a simple test
suggests that that is not the case.
svn path=/trunk/; revision=12812
This has the effect that if you have a capture file with a hole in it, sa say when snoop or similar stops capturing packets for a while while writing the data to disk you often end up with a packet just after the hole that is a response packet and which ethereal mistakenly matches with a request/response from before the hole.
now, when the first response is seen to a request remove the entry from the unmatched table so that no other response can match the same request.
svn path=/trunk/; revision=12770
so they show up near the top of the list of fields in the dialog box for
adding a field to a filter - those are probably quite likely to be used
in filter expressions where you don't happen to remember the name of the
field, and those should show up at the top so you don't have to scroll
through the entire list of fields to find them. (I suspect most other
fields either will rarely be filtered on at all, or would be filtered
only mainly with the "Match" or "Prepare" filter items, where you don't
need to know the name or even the text of the field.)
svn path=/trunk/; revision=12489
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
NTLMSSP-related than SMB-related, and documents about NTLMSSP talk about
it, so it's a little more convenient to keep all that stuff together -
and export it through a packet-ntlmssp.h header.
svn path=/trunk/; revision=11585
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
Ronnie Sahlberg