a capture file. This should fix bug #536.
Make sure we initialize our hash tables in packet-dcerpc-nt.c and several
other files. Fix up whitespace while we're at it.
svn path=/trunk/; revision=16255
I've changed all settings I could find to TRUE. It might be reasonable to change some protocol settings back to FALSE, if reassembling fails very often.
svn path=/trunk/; revision=16048
"dissect_dcerpc_cn_bs_body()", it's because it recognized the packet as
a DCE RPC packet, but it ran out of data dissecting it as such;
increment the count of DCE RPC PDUs, so "dissect_dcerpc_cn_bs_body()"
returns TRUE, and its caller doesn't think nothing was dissected.
Fuzzed with some DCE RPC captures.
svn path=/trunk/; revision=16000
in addition, I had to implement fragment_get_reassembled() in addition to fragment_get(), which works with reassembled_table
svn path=/trunk/; revision=15762
as connection oriented (cn) and connectionless (dg) DCE/RPC uses different ways to handle defragmentation and this function is only used for dg
svn path=/trunk/; revision=15757
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
reassemble.c:
I had to change the way the reassemble code works if the dissector is telling that more fragments *will* follow. In this case the reassemble code shouldn't try to reassemble already at that time ...
I've also changed the way if a fragment was already seen or not, as it's not enough to check for the frame number, in the scenario described above.
Unfortunately both changes *might* broke other protocols from reassemble properly. I've checked with excessive TCP desegmentation and it's still working without any changes :-)
packet-dcerpc.c:
use a tvb subset to limit the "end of bytes" processed in a single fragment dissect run, as each fragment has it's own DCE/RPC header (and isn't part of the stub data of the previous packet).
svn path=/trunk/; revision=15744
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
there are only 5 gmemchunks left but they have different litetime for their allocations than the 100+ ones that have been removed.
The remaining 5 should be converted some other way.
svn path=/trunk/; revision=15328
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
Unfortunately, this is *very* safe now as it will mark a lot of DCE/RPC packets as malformed, thus the reassembling code won't work with most packets :-(
I've replaced this with the correct check and used THROW(ReportedBoundsError) instead which is hopefully the right error in this case.
BTW: could someone please add a description of the ReportedBoundsError vs. BoundsError to the code as I still don't get it.
In addition: Use a toplevel tree item to display the DCE/RPC defragmentation just as it's done in the TCP desegmentation code.
svn path=/trunk/; revision=15188
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
make dissect_dcerpc_uuid_t() accept eitehr FT_STRING (old style) and FT_GUID (new style) hf fields. once all dissectors are modified to use FT_GUID we can remove the FT_STRING support here.
regenerate the DRSUAPI interface with the new FT_GUID support.
svn path=/trunk/; revision=14912
This is extremely useful, to keep track of the corresponding request/response packets of a DCE/RPC call (which can be quite a lot packets if fragmentation is used).
svn path=/trunk/; revision=14826
in a simple approach, I've replaced all g_assert() and g_assert_not_reached() calls by their exception throwing counterparts DISSECTOR_ASSERT() and DISSECTOR_ASSERT_NOT_REACHED()
this will replace application crash by showing a dissector bug, which is the desired behaviour
there were some g_assert calls in the protocol registering functions, which might not be acting as expected now, but to be able to simply search for g_assert in the future I've replaced that calls too
one g_assert remained, the one when someone throws an unknown exception "into" packet_frame.c, but IMHO this one should remain.
svn path=/trunk/; revision=14608
set "n*DCERPC" in the proto column if more than one RPC call in a TCP PDU, overwriting the interface name, as there's probably more than one interface involved
add some more RPC info to the toplevel RPC proto_item
add a comment, if some bytes are not dissected but might be in the next TCP PDU
svn path=/trunk/; revision=14490
cerlare it as a parameter that is a struct/union and not a ref pointer to one.
this is ok since toplevel ref pointers are invisible in the wire encoding anyway.
unfortunatelky ethereal dce runtime needed to see that pointer to keep track of whisch one was a toplevel and which one wasnt.
implement a new api to call pointers which explicitely specifies whether the pointer is toplevel or embedded.
eventually all dce dissectors will use this new interface and the generic dissect_ndr_pointer() can be retired.
svn path=/trunk/; revision=13755
(cifs: dc's talking to eachother and when longhorn comes out: anyone wanting to talk dce to a dc!)
((this is an incredibly advanced feature well worthy of mentioning in NEWS))
svn path=/trunk/; revision=13690
1) Added a setup_frame parameter to conversation_t
2) Used the conversation_t next to maintain a list of conversations with the
same src/dest tuple but different setup_frame number.
3) Changed the signature of find_conversation() and conversation_new() to pass
in the frame number.
4) Adjusted packet-sdp to select RTP conversation if both m=audio and m=image
are present, and T.38 conversation if only m=image is present. I expect that
RTP/T.38 dissecting to be better, but I don't have a way to generate T.38
packets.
svn path=/trunk/; revision=13243