On windows if ENDTRY is not evaluated after a exception is being thrown wireshark will crash in dissect_packet() while attempting to pop the last frame of the exception stack.
svn path=/trunk/; revision=21014
this resolves some issues where the decode is ok but the hexpane shows corrupted memory where the decrypted blob should be.
svn path=/trunk/; revision=20824
* <epan/crypt/crypt-md5.h> must come after <glib.h> because of
'guint8' etc.
* Include <wiretap/file_util.h> because of eth_fopen().
svn path=/trunk/; revision=20456
there are many reasons why some protocols actually need to be able to access the pinfo structure while determining the pdu size
svn path=/trunk/; revision=19751
use call_dissector_only() which is new-style aware and not call_dissector() which is not.
this fixes a recent bug found on the heimdal list.
svn path=/trunk/; revision=19129
a new bit 0x00020000 is usde in the TGS-REQ packets and this results in a return of a PAC containing an unknown type 11 field.
the blob in the pac is 200 bytes and NDR encoded. its structure is obvious since it contains 2 conformant and varying arrays and three unique pointers.
enable decoding of this new KDCOptions bit and call it "constrained delegation"
svn path=/trunk/; revision=18857
Two more Kerberos error codes where it has been witnessed that the payload contains a PA-DATA structure with the magic salt containing an nt status code
svn path=/trunk/; revision=18088
issued by ms kdc contains a PA_DATA structure with a salt that contains an
nt_status code explaining why the client was not allowed to get a (tgt) ticket
svn path=/trunk/; revision=17796
for the time being since i have never seen this salt being used elsewhere,
assume everything is the MS style salt:
guint32 nt_status
guint32 unknown
guint32 unknown
if the MS KDC does nopt allow a client to grab a ticket (due to policy client can only log in at certain hours or such)
KDC will repsond with a failuer with edata like above and nt-status == STATUS_LOGON_HOURS
svn path=/trunk/; revision=17722
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681
mp_addr_to_str was unnecessary 'complex' - simplified it
packet-dns.c: Fix incorrect use of g_snprintf return value
packet-dcm.c: Fix incorrect use of g_snprintf return value
Someone who understands the protocol should look at the
"vr, tr might be used uninitialized..." warning.
packet-x11.c: Fix incorrect use of g_snprintf return value
packet-kerberos.c: Fix incorrect use of g_snprintf return value
Someone should take a look at the
"longjump might clobber ..." messages
packet-diameter.c: Fix incorrect use of g_snprintf return value
Get rid of unsigned < 0 check
packet-pgm.c: Fix incorrect use of g_snprintf return value
packet-nbns.c: Fix incorrect use of g_snprintf return value
packet-winsrepl.c: Collateral damage to packet-nbns.c fix
packet-netbios.c: Collateral damage to packet-nbns.c fix
packet-netbios.h: Collateral damage to packet-nbns.c fix
packet-kerberos.c: Collateral damage to packet-nbns.c fix
packet-nbipx.c: Collateral damage to packet-nbns.c fix
svn path=/trunk/; revision=17065
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
structure. Handle that.
Don't muck with the columns, or put a top-level Kerberos protocol item
into the protocol tree, until we decide that we really have a Kerberos
packet.
Do, however, clear the Info column if we're dissecting the Kerberos
protocol.
svn path=/trunk/; revision=15589
since a KDC MIGTH send the reply back from a different port.
Then comes X.L's capture (ethereal-dev) 816fc4.cap from 16Aug2005 where
the client is reusing the same source port to talk to DNS after finishing
doing the port 88 KDC stuff.
==>
Make kerberos/udp able to test the packet for sanity and reject packets that
do not look like kerberos (even if there was a conversation that said it was kerberos)
and thus let other dissectors have a go at it.
in doubt, try 816fc4.cap before and after this patch :-)
svn path=/trunk/; revision=15405
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
DissectorError. In packet-kerberos.c, restore pinfo->private_data if
we throw an exception, which keeps the SMB dissector from throwing
a DissectorError. Initialize variables in other places to squelch
valgrind warnings.
svn path=/trunk/; revision=15235
that they are not longer than the reported length of the tvb.
this triggers some bugs since in packet-ber we are a bit too lax in setting reported_length of the tvb_new_subset() tvb.
this cause short kerberos packets to not be decoded at all and the same for other short asn based packets as well.
fix some of these instances.
svn path=/trunk/; revision=15127
pointers either "void *" or "guint8 *", to reduce the level of compiler
warnings (the data in question is largely binary in those cases).
svn path=/trunk/; revision=14886
current signature ("class" is a "gint8 *", not a "guint8 *", and "tag"
is a "gint32 *", not a "guint32 *"). Re-generate the dissectors from
the ASN.1 and the .cnf files in the cases where the arguments were fixed
in a .cnf file.
Give some dissectors the right svn:keywords and svn:eol-style settings.
svn path=/trunk/; revision=14885
index of the branch taken or -1 to make prettifications easier to implement.
change the signature of dissect_ber_choice and rename it to dissect_ber_CHOICE to catch all
occurences of the use of this function
update asn2eth to use the new name/signature
update all occurences of this function to the new name and new signature.
svn path=/trunk/; revision=14758
IF the length seems bogus, like longer than the reported tvb_length
we add a helpful text item to the tree and generate a [malformed packet]
change all callers of get_ber_length to the new signature.
svn path=/trunk/; revision=14145
It should not dump core as far as all my tests are concerned and Menu_Statistics/ProtocolHierStats work
It needs more testing and there might still be cases where it will crash that will need to be fixed but I feel it will be worth it since it will decrease the time to filter very large capture files dramatically.
Real significant performance boost for very large captures.
(If we cant fix all the problems we can just revert this patch)
svn path=/trunk/; revision=14051
(cifs: dc's talking to eachother and when longhorn comes out: anyone wanting to talk dce to a dc!)
((this is an incredibly advanced feature well worthy of mentioning in NEWS))
svn path=/trunk/; revision=13690
Replace the use of the undefined type krb5_keyusage (at least with heimdal)
in decrypt_krb5_data with the old int. The change wasn't complete anyway
as the .h file wasn't changed and the third implemenitation of
decrypt_krb5_data was left out also.
Disclaimer: I only made sure it compiles again, I don't know whether the
change has any side effects.
svn path=/trunk/; revision=13645
decrypt and behold the new password in plaintext in all its glory
(given you have the keytab with the old one of course)
svn path=/trunk/; revision=13586
1) Added a setup_frame parameter to conversation_t
2) Used the conversation_t next to maintain a list of conversations with the
same src/dest tuple but different setup_frame number.
3) Changed the signature of find_conversation() and conversation_new() to pass
in the frame number.
4) Adjusted packet-sdp to select RTP conversation if both m=audio and m=image
are present, and T.38 conversation if only m=image is present. I expect that
RTP/T.38 dissecting to be better, but I don't have a way to generate T.38
packets.
svn path=/trunk/; revision=13243
regenerated all dissectors
fixed the choice/sequence struct to use unsigned entities for class and tag
(to reduce some compiler warning and because it should be signed quantities)
svn path=/trunk/; revision=12740
create some missing makefiles for autogenerated dissectors
finish the transition to the new ber integer dissetor helper signature
and regenerate all ber dissectors
svn path=/trunk/; revision=12724
key list. In the Nettle code, clear the key list and re-read the key
file when the key file preference changes.
Remove a redundant define in config.h.win32.
svn path=/trunk/; revision=12471
if HAVE_KERBEROS and HAVE_MIT_KERBEROS are both defined in config.h
Now we need someone to hack up the required automake magic to detect MIT Kerberos and massage the makefiles accordingly.
svn path=/trunk/; revision=12296
so that IF kerberos succeeds in decrypting a blob it can print a nice
"[Decrypted using: keytab principal foo/bar@REALM]"
or
"[Decrypted using: key learnt from frame xx]"
This makes it much easier to keep track of what keys decrypt what blob
and is very useful for illustrating the sequence of keys that are exchanged and used in kerberos during the AS/TGS/AP exchanges.
svn path=/trunk/; revision=11853
This tag was part of an early kerberos draft but had dissapeared
when 1510 was published.
this early draft exist in implementations in the wild.
add 4 extra checksum types as well from that draft.
svn path=/trunk/; revision=11834
I (hopefully) didn't changed any protocol fields or preference file names, but only the GUI labels appearing in the protocol display and the protocol preferences.
Also added a note to the protocol preferences (where appropriate), that you have to enable "Allow subdissectors to reassemble TCP streams" at the corresponding protocol settings for TCP reassembling to take effect.
If you encounter any mistakes I've made here, please let me know...
svn path=/trunk/; revision=11784
to the ethereal build.
The dissections are semi-useful but incomplete.
The big problem still remaining is the x509if Name object not being
dissected properly thus causing the dissection to get out of sync/fail
halfway through the certificate structure.
work in progress but already semi-useful.
svn path=/trunk/; revision=11440
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410