Add support for NTTIME_hyper and NTTIME_1sec
It's hyper with 8 bytes alignment it can have 1/100000 sec resolution or 1sec resolution Bug: 10541 Change-Id: Iecc4c6d1bd1695a4c02db72e1617134254810cd9 Reviewed-on: https://code.wireshark.org/review/4606 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
b3490c20ce
commit
29afac24a5
|
@ -470,6 +470,22 @@ dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset,
|
|||
return offset;
|
||||
}
|
||||
|
||||
int
|
||||
dissect_ndr_nt_NTTIME_hyper (tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo _U_, proto_tree *tree,
|
||||
dcerpc_info *di, guint8 *drep _U_, int hf_index, gboolean onesec_resolution)
|
||||
{
|
||||
if(di->conformant_run){
|
||||
/*just a run to handle conformant arrays, nothing to dissect */
|
||||
return offset;
|
||||
}
|
||||
|
||||
ALIGN_TO_8_BYTES;
|
||||
|
||||
offset = dissect_nt_64bit_time_opt(tvb, tree, offset, hf_index, onesec_resolution);
|
||||
return offset;
|
||||
}
|
||||
|
||||
/* Define this symbol to display warnings about request/response and
|
||||
policy handle hash table collisions. This happens when a packet with
|
||||
the same conversation, smb fid and dcerpc call id occurs. I think this
|
||||
|
|
|
@ -153,6 +153,10 @@ dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset,
|
|||
packet_info *pinfo, proto_tree *tree,
|
||||
dcerpc_info *di, guint8 *drep, int hf_index);
|
||||
int
|
||||
dissect_ndr_nt_NTTIME_hyper (tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *tree,
|
||||
dcerpc_info *di, guint8 *drep, int hf_index, gboolean onesec_resolution);
|
||||
int
|
||||
dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *parent_tree,
|
||||
dcerpc_info *di, guint8 *drep);
|
||||
|
|
|
@ -1129,7 +1129,7 @@ value_string_ext ms_country_codes_ext = VALUE_STRING_EXT_INIT(ms_country_codes);
|
|||
* Copyright (C) Andrew Tridgell 1992-1998
|
||||
*/
|
||||
static gboolean
|
||||
nt_time_to_nstime(guint32 filetime_high, guint32 filetime_low, nstime_t *tv)
|
||||
nt_time_to_nstime(guint32 filetime_high, guint32 filetime_low, nstime_t *tv, gboolean onesec_resolution)
|
||||
{
|
||||
guint64 d;
|
||||
gint64 secs;
|
||||
|
@ -1144,6 +1144,10 @@ nt_time_to_nstime(guint32 filetime_high, guint32 filetime_low, nstime_t *tv)
|
|||
|
||||
d = ((guint64)filetime_high << 32) | filetime_low;
|
||||
|
||||
if (onesec_resolution) {
|
||||
d *= 10000000;
|
||||
}
|
||||
|
||||
/* Split into seconds and nanoseconds. */
|
||||
secs = d / 10000000;
|
||||
nsecs = (int)((d % 10000000)*100);
|
||||
|
@ -1164,13 +1168,13 @@ nt_time_to_nstime(guint32 filetime_high, guint32 filetime_low, nstime_t *tv)
|
|||
}
|
||||
|
||||
int
|
||||
dissect_nt_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date)
|
||||
dissect_nt_64bit_time_opt(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, gboolean onesec_resolution _U_)
|
||||
{
|
||||
return dissect_nt_64bit_time_ex(tvb, tree, offset, hf_date, NULL);
|
||||
return dissect_nt_64bit_time_ex(tvb, tree, offset, hf_date, NULL, FALSE);
|
||||
}
|
||||
|
||||
int
|
||||
dissect_nt_64bit_time_ex(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, proto_item **createdItem)
|
||||
dissect_nt_64bit_time_ex(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, proto_item **createdItem, gboolean onesec_resolution)
|
||||
{
|
||||
guint32 filetime_high, filetime_low;
|
||||
nstime_t ts;
|
||||
|
@ -1196,8 +1200,8 @@ dissect_nt_64bit_time_ex(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_dat
|
|||
"%s: Infinity (absolute time)",
|
||||
proto_registrar_get_name(hf_date));
|
||||
} else {
|
||||
if (nt_time_to_nstime(filetime_high, filetime_low, &ts)) {
|
||||
item = proto_tree_add_time(tree, hf_date, tvb,
|
||||
if (nt_time_to_nstime(filetime_high, filetime_low, &ts, onesec_resolution)) {
|
||||
proto_tree_add_time(tree, hf_date, tvb,
|
||||
offset, 8, &ts);
|
||||
} else {
|
||||
item = proto_tree_add_text(tree, tvb, offset, 8,
|
||||
|
@ -1215,6 +1219,11 @@ dissect_nt_64bit_time_ex(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_dat
|
|||
return offset;
|
||||
}
|
||||
|
||||
int
|
||||
dissect_nt_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date)
|
||||
{
|
||||
return dissect_nt_64bit_time_opt(tvb, tree, offset, hf_date, FALSE);
|
||||
}
|
||||
|
||||
/* Well-known SIDs defined in http://support.microsoft.com/kb/243330 */
|
||||
|
||||
|
|
|
@ -242,9 +242,10 @@ extern value_string_ext ms_country_codes_ext;
|
|||
|
||||
WS_DLL_PUBLIC
|
||||
int dissect_nt_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date);
|
||||
|
||||
WS_DLL_PUBLIC
|
||||
int dissect_nt_64bit_time_ex(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, proto_item **createdItem);
|
||||
int dissect_nt_64bit_time_opt(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, gboolean onesec_resolution);
|
||||
WS_DLL_PUBLIC
|
||||
int dissect_nt_64bit_time_ex(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, proto_item **createdItem, gboolean onesec_resolution);
|
||||
|
||||
/*
|
||||
* SIDs and RIDs
|
||||
|
|
|
@ -664,7 +664,7 @@ proto_item* parseDouble(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIn
|
|||
proto_item* parseDateTime(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex)
|
||||
{
|
||||
proto_item *item = NULL;
|
||||
*pOffset = dissect_nt_64bit_time_ex(tvb, tree, *pOffset, hfIndex, &item);
|
||||
*pOffset = dissect_nt_64bit_time_ex(tvb, tree, *pOffset, hfIndex, &item, FALSE);
|
||||
return item;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue