for the time being since i have never seen this salt being used elsewhere,
assume everything is the MS style salt:
guint32 nt_status
guint32 unknown
guint32 unknown
if the MS KDC does nopt allow a client to grab a ticket (due to policy client can only log in at certain hours or such)
KDC will repsond with a failuer with edata like above and nt-status == STATUS_LOGON_HOURS
svn path=/trunk/; revision=17722
- to_str.c: add support of "AT_NONE" address type in address_to_str_buf (avoid the assert failed later on
when messages have address type of AT_NONE - which can be the case for an MTP2 capture with FISU messages)
- packet-isup.c: changed source and destination addresses from (net_src and net_dst) to (src and dst) so
that addresses taken into account in the statistics are the SS7 point codes
svn path=/trunk/; revision=17720
> I have improved the heuristics and the display tree building code in
> dissect_jxta_udp() and dissect_jxta_stream() to avoid this problem.
svn path=/trunk/; revision=17709
find attached the patch that reflects this interpretation of
> this field accordingly. It also fixes a few minor bugs associated with
> the handling of 'UNIX Secs' field and two field types
> (LAST_SWITCHED(21) and FIRST_SWITCHED(22)) in case of NetFlow V9.
svn path=/trunk/; revision=17698
Some cosmetic changes:
- when working out the application id description to show in the info
column, also consider vendor application identifiers
- make sure application ids and command codes are always shown as
decimal numbers
- a little whitespace tidyup
svn path=/trunk/; revision=17684
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681
of 16 bytes. Use "sizeof" for the size of e_guid_t's, and use structure
assignment to copy GUID values.
Make functions such as append_h225ras_call() and new_h225ras_call() take
pointers to e_guid_t's as arguments.
Define GUID_LEN in epan/guid-utils.h and use it as the length of a GUID
in a packet. (Note that "sizeof e_guid_t" is not guaranteed to be 16,
although it is guaranteed to be the size of an e_guid_t.)
When constructing a display filter that matches a GUID, use
guid_to_str() to construct the string for the GUID.
svn path=/trunk/; revision=17676
displayed by name in debuggers and so that switch statements can check
whether all types are handled.
Add a check for an unknown handle type, to squelch compiler warnings
(and to catch missing handle type code at run-time, if new handle types
are added).
svn path=/trunk/; revision=17671
BACnet schedules. Could someone please take care of this?
1) fDate - correctly handle wild card year
2) fTime - rename local variables cut-and-pasted from fDate
3) fCalendarEntry - do single-pass decoding rather than while loop since the structure cannot be repeated.
4) fDailySchedule - correctly handle enclosing context tags.
5) fWeeklySchedule - correctly handle enclosing context tags
6) fAcknowledgeAlarmRequest - fix function name spelling and tags 3 and 5 are timeStamp, not time.
7) fSpecialEvent - handle context tags correctly.
8) fReadRangeRequest - Add cases from 2004 spec
Dave Richards
svn path=/trunk/; revision=17667
- dissection of SIP headers containing credentials and challenges.
from me:
- add filter fields for some missing related parameters from RFC 3261
- improve calculation of parameter length.
This implements enhancement request (bug id 812)
svn path=/trunk/; revision=17660
Modification to (proto.h) is made to add an additional expert group type of PI_REQUEST_CODE to allow Request tag information to be passed to the expert tap. This is for such reasons where a dissector would like to echo specific information about certain types of requests. For example: NCP connection request is really a request not a REPLY_CODE. Same is true for the TCP SYN request.
Changes to packet-ncp.c
1. Server broadcast message flag. Now indicates if the message is a pending message or an oplock clear notification.
2. Cleanup of packet signature detection process. Previous method had some flaws so I redesigned it. Appears to be solid now.
3. Echo NCP Server Session information to expert tap.
Note on item #3: NCP Connection+Task = NCP Session, a Single connection can have many tasks. The server sees each connection/task as a unique session. For this reason the NCP session information is now echoed to the expert composite statistics so that you can easily identify the different NCP processes and sessions. It is important to NCP analysis to understand that each session is most likely a different program on the requesting host sharing the same NCP connection.
Changes to packet-ncp2222.inc
1. Comment out the echo of NCP connection info to expert tap. Replaced by NCP sessions.
2. Add displayEID in request decode (resolves Coverity defect for dead code in NCP dissector)
Changes to ncp2222.py
1. Fix for endian display of bindery object type in NCP 0x1720.
2. Fix for size of bindery object type to 2 bytes instead of 4 to match other bindery NCP's.
svn path=/trunk/; revision=17636