know what it is (a PDU for the third stage in a 3-way authentication
handshake, as is done with NTLMSSP authentication, for example) - get
rid of the question mark after "AUTH3".
svn path=/trunk/; revision=6746
pointers.
The first argument to "sscanf()" is a "const char *"; don't cast const
pointers to "char *" when passing them to "sscanf()".
Assign the result of "tvb_get_ptr()" to const pointers, not non-const
pointers.
Make the "pdata" argument to various DCE routines a const pointer.
svn path=/trunk/; revision=6688
only in bind, bind_ack, alter_context, alter_context_response, and auth3
PDUs; they're a verifier of some sort in other PDUs. The verifier
appears to start with an OID for the real authentication mechanism if
the authentication type is SPNEGO.
svn path=/trunk/; revision=6563
dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that
it is possible to use display filters on these items.
svn path=/trunk/; revision=6547
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
connectionless DCE RPC PDUs into common routines, and call those
routines when dissecting DCE RPC requests and responses.
Get rid of arguments to "dcerpc_try_handoff()" whose values are also in
the "dcerpc_info" structure pointed to by its "info" argument.
svn path=/trunk/; revision=5757
Show presentation context negotiation results and rejection reasons, PDU
rejection reasons, and rejection status codes symbolically. Show the
presentation context negotiation rejection reason only if there was a
rejection, and, if so, show it in the Info column as well as the
protocol tree.
Show more fields in the Info column.
Show the packet type in decimal in the protocol tree - it's shown as
decimal in the Info column and the values are shown as decimal in the
DCE RPC 1.1 spec.
Show the sequence number for connectionless PDUs as decimal in the
protcool tree - it's snown as decimal in the Info column, and the call
ID for connection-oriented PDUs is shown as decimal in the protocol
tree.
svn path=/trunk/; revision=5701
tables for connectionless PDUs than for connection-oriented PDUs; just
have one connectionless PDU reassembly hash table.
Get rid of unnecessary tests of "dcerpc_reassemble" - the code to handle
requests and responses was
if (!dcerpc_reassemble || packet not fragmented || frame is short)
don't reassemble;
else if (dcerpc_reassemble)
reassemble
but if we go into the "else" clause we know that all three conditions in
the "if" are false, including "!dcerpc_reassemble", so we know
"dcerpc_reassemble" is true.
Set "pinfo->fragmented" based on whether the PDU being dissected is an
unreassembled first fragment or not.
Put a "Fragment data" item into the protocol tree for all fragments.
Properly maintain the offset when dissecting the header of a
connectionless PDU, even if we aren't building a protocol tree.
"fd_head->datalen" is bogus for sequence-number-based reassembly; use
"fd_head->len" instead.
svn path=/trunk/; revision=5695
Don't try to add a fragment to a reassembly operation if we don't have
all of the stub data (because the frame is short, or because it's part
of a packet fragmented at a layer below RPC and not reassembled).
Put an entry into the protocol tree for the fragment data of the last
fragment.
svn path=/trunk/; revision=5688
whether a connection-oriented PDU is fragmented or not.
Clean up the handling of fragmented connection-oriented PDUs (the code
to handle fragmented PDUs can assume that it is not the case that both
PFC_FIRST_FRAG and PFC_LAST_FRAG are set, as that's an unfragmented
PDU). Put an entry into the protocol tree for the fragment data in
fragmented PDUs.
For fragmented connectionless PDUs, don't hand the payload of any
fragment other than the first fragment to the subdissector.
svn path=/trunk/; revision=5687
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
When the representation for a pointer type gets dissected, the dissector
is actually called twice. Once with conformant_run==1 and once ==0.
The idea is that when conformant_run is ==1, the ONLY bytes that will be
dissected and would be the array structure preceeding the actual data.
And the normal data and content will be dissected when conformant_run ==0.
This is to handle the case properly when conformant arrays are embedded inside
aggregated types, in which case there will be other data inserted between
these array control data, and the array content.
The check that is added will assert that no other data is actually eaten
for conformant_run==1 than just this data.
This will help debugging dcerpc dissectors.
svn path=/trunk/; revision=5412
frame number arguments, and elements in data structures, unsigned,
display them with "%u" rather than "%d", and use 0, rather than -1, as
"not known".
svn path=/trunk/; revision=5223
the sub-protocol containing the actual operation number (which isn't
necessarily the operation number in a connectionless reply's PDU;
sometimes the operation number in a connectionless reply appears to be
garbage, and it's not what we use to dissect the reply in any case), and
also giving the name of the operation, if we know it.
Show the authentication data in connectionless PDUs, if present, as an
item in the protocol tree.
svn path=/trunk/; revision=5002
connectionless calls to the fragment length.
Add value_string tables for authentication protocol and level values.
Show the authentication protocol in decimal in connectionless PDUs, just
as we do in connection-oriented PDUs.
Get the authentication level from connection-oriented request and reply
PDUs and, if it's DCE_C_AUTHN_LEVEL_PKT_PRIVACY, don't hand the stub
data to subdissectors, just show it as encrypted stub data.
svn path=/trunk/; revision=4998
