standard ndr transfer syntax from the epm dissector to packet-dcerpc.c
Add a new transfer syntax : ndr64. This is a new syntax with different
scalar sizes and different alignment rules compared to normal ndr.
It is negotiated and used between w2k8 and samba4 boxens and one may
assume, future versions of windows as well.
We need to associate the transfer syntax with the bind information since
the transfer syntax will change the packet encoding rules for the
protocol.
For example, SAMR, as well as all other interfaces support both syntaxes
and are thus encoded differently, wiht different alignments depending on
which transfer was negotioated during the bind.
This will require additional changes to the dcerpc helpers and also to
pidl.
svn path=/trunk/; revision=30209
parent in order to push teh display of extra interesting fields in the
packet to higher up in the decode tree. This was useful for making sure
that things like DomainNames etc are clearly visible without having to
drill down 500 layers of NDR.
This code used to just blindly walk the indicated number of parents, and
then attach the string to that item.
This relied on the "unsafe" assumption that the topmost item would have
pointer point to itself, so this was "safe".
This is no longer safe since the root object in the tree now has NULL as
parent, and thus some of these dcerpc interfaces can now cause a SEGV
trying to dereference NULL->parent.
I added a macro to safely walk to the parent object, or remain at the
current object if parent is NULL.
This was a serious bug, where dcerpc traffic could cause a SEGV.
Please merge into all stable versions.
svn path=/trunk/; revision=30208
- Fix some #defines which just happened to sum up to the correct values but which used the wrong symbols;
- check_col() no longer req'd;
- use col_add_str() rather than col_add_fstr();
- check bytes are actually present before doing a heuristics check which fetches the bytes;
- use tvb_reported_length_remaining() instead of tvb_length_remaining() in one case;
- fix call to tvb_new_subset;
- (pedantic): return 0 or tvb_length(...) rather than FALSE or TRUE for this new-style dissector;
svn path=/trunk/; revision=30132
- Add another break
- Add a comment about suboption 9
- Add suboption 11 decoding while I'm at it
(Server Identifier Override Suboption)
svn path=/trunk/; revision=30131
- Use col_clear only once (in the right place);
- Use col_add_fstr instead of col_clear/col_append_fstr;
- check_col no longer req'd;
svn path=/trunk/; revision=30118
- remove unneeded includes;
- check_col no longer req'd;
- move proto_register/proto_reg_handoff to the end of the file;
- fix some typos;
svn path=/trunk/; revision=30116
- check_col no longer req'd;
- use tvb_strncaseeql instead of tvb_get_ptr & etc;
- Change if (guint > 0) to if (guint != 0).
svn path=/trunk/; revision=30114
Function dissect_epath() expects path_length in bytes, but the value from the
packet is in words, so there's lots of *2 and /2 in those parts of the code.
In this invocation dissect_epath( tvbIOI, pi, 0, preq_info->IOILen, TRUE );
preq_info->IOILen is in words.
In six places proto_tree_add_item is used with tvb NULL and size 0 to add an
FT_UINT8/16/32 item. I think it should be replaced with proto_tree_add_uint().
svn path=/trunk/; revision=30061
Bill Meier