Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
Part of "display filters with redundancies of PROTABBREV in them."
The ones left outs should be fixed differently I think.
Rename som ndps hf variables while at it.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2794
svn path=/trunk/; revision=37406
names beginning with dissect_qspi_, and give some of them names with the
info level structure in them rather than the SNIA CIFS specification
section number.
Have separate routines for SMB_INFO_STANDARD and SMB_INFO_QUERY_EA_SIZE;
SMB_INFO_STANDARD is specified differently in the SNIA CIFS
specification and the MS-CIFS specification, and some captures have the
SNIA CIFS version, with the EA length and some have the MS-CIFS version
without it. The dissector for SMB_INFO_STANDARD will dissect it if it's
there and not say "this structure is truncated" if it's not there.
Rename dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO() to
dissect_qfi_SMB_FILE_NAME_INFO(), as it also dissects
SMB_QUERY_FILE_NAME_INFO.
Merge the dissectors for SMB_FILE_ALLOCATION_INFO and
SMB_SET_FILE_ALLOCATION_INFO, and for SMB_FILE_END_OF_FILE_INFO and
SMB_SET_FILE_END_OF_FILE_INFO, as the structures are the same.
Dissect some presumed "passthrough info levels" the same way the
corresponding official SMB infos are dissected.
Expand some comments for info level dissectors to give the MS-CIFS
section number and to give some other details.
If an info level is truncated, put in an expert info error.
If we don't know about a given info level, just dissect the body as
"Information level unknown", rather than having it dissected as an
"unknown information" trailer.
svn path=/trunk/; revision=37297
Add a new tap flag to indicate that a tap listener is just a "dissector helper",
that is, a tap which is used by a dissector to help it do its dissection but
does not, itself, require dissection.
Use this new flag in the dissectors which register taps.
Remove the (now-unused) have_tap_listeners() function.
svn path=/trunk/; revision=37069
Here's a patch updating the decoding of write request/responses, decodes the 16
unknown bytes in write requests, decodes the 8 unknown bytes in write responses
and renames length to count as per the SMB2 spec.
svn path=/trunk/; revision=34760
search attributes, as a 16-bit quantity, with only the bits specified by
section 2.2.1.2.4 of [MS-CIFS]. Use dissect_file_ext_attr() in all
cases where we're dissecting SMB_EXT_FILE_ATTR, as specified by section
2.2.1.2.3 of [MS-CIFS].
svn path=/trunk/; revision=33753
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
Bill Meier