so that NETLOGON will not dump core (since netlogon has these structs as top
level reference pointers)
Addition of full netlogon dissection. Full in the sense as it assumes the idl
is correct and complete.
Many calls and fields are unknown so they get dissected with "unknown long,
contact ethereal-dev@... if you know what it is".
svn path=/trunk/; revision=4929
display of the symbolic form of the OID. Remove code that used to do
that outside of "format_oid()".
Export "format_oid()" from "packet-snmp.c" and use it in
"packet-cops.c".
Remove support for CMU SNMP and older versions of UCD SNMP from
"packet-cops.c", as it has been removed from the rest of Ethereal.
svn path=/trunk/; revision=4924
length of the variable's value, in bytes, not the length of the BER
encoding of that variable's value. The latter setting means it won't be
correct for object IDs.
svn path=/trunk/; revision=4922
than the "sprint_" routines in UCD and CMU SNMP; the latter routines
have no bounds checking, and if you use them you cannot protect against
buffer overflows.
As we now require UCD SNMP 4.2.2 or later:
1) we no longer need code to support CMU SNMP;
2) we no longer need code to work around problems with UCD SNMP
4.1.1;
and, as we no longer use the "sprint_" routines, we no longer need code
to work around the changed API and ABI of those routines in some
nonstandard versions of the UCD SNMP library.
svn path=/trunk/; revision=4914
"dissect_ndr_nt_UNICODE_STRING_string()", in
"samr_dissect_connect2_server()"; that eliminates an unnecessary extra
level of protocol tree.
That removes the last call to "dissect_ndr_nt_UNICODE_STRING_string()";
eliminate that routine.
In "dissect_ndr_nt_UNICODE_STRING()", initially create the subtree with
the name of the field as a string, so that if an exception is thrown
before the name is set, the subtree won't show up as blank when
displayed or printed. Also pass in the name to "dissect_ndr_pointer()",
so the same happens for subtrees below it. Append only the string data,
not its name, to items up the tree, as the name was put in when the item
was created. Also, when adding a colon before the string, put a space
after the colon, as is done elsewhere in Ethereal.
When appending additional strings, put the blank before the new string,
not after it.
In "dissect_ndr_nt_STRING()", put the subtree into the string with the
name of the field, rather than just "String". Pass in that name to
"dissect_ndr_pointer()", so subtrees below it get a name when they're
initially created.
Get rid of colons in the name string passed to "dissect_ndr_pointer()"
in some calls. Supply a non-null name string in more calls to
"dissect_ndr_pointer()", and fix some calls to pass in the name of the
field being handed to "dissect_ndr_pointer()".
There's no need to fetch the entire "header_field_info" structure for a
protocol field in order to get the field's name - just use
"proto_registrar_get_name()" to get the name.
Use a length of -1, not 0, when creating a subtree whose length will be
set when the dissection of the items under the subtree is complete; that
way, if an exception is thrown while dissecting the items - which means
the item goes past the end of the tvbuff - the item will refer to all
data to the end of the tvbuff, rather than referring to nothing.
Fix a typo in the name of the "hf_samr_unknown_string" field.
svn path=/trunk/; revision=4912
contain the interesting "XXX is at YYY" data; put that into the Info
column. Thanks to Andreas Sikkema for catching this.
svn path=/trunk/; revision=4906
as BPF filters return either 0 if they fail or the snapshot length if
they succeed, and a snapshot length of 0 means success is
indistinguishable from failure and the filter expression would reject
all packets.
Now that a snapshot length of 0, inside Ethereal, means "snapshot length
unknown", we have to, when opening a libpcap file for output, make the
snapshot length some non-zero value. We make it WTAP_MAX_PACKET_SIZE,
in case some program uses the snapshot length as a buffer size. (That
doesn't help if there are packets with more than 65535 bytes of data; if
there are, we'd need to raise WTAP_MAX_PACKET_SIZE just to make those
files readable in Ethereal in any case.)
svn path=/trunk/; revision=4905
calls that passed TRUE or FALSE, rather than an integer value, as the
last argument.
A SOCKS command is one byte, so make the "socks.command" field an
FT_UINT8.
svn path=/trunk/; revision=4904
subtree under it, so that if an exception is thrown while we're
dissecting the items in the subtree, it runs to the end of the tvbuff
(as, if an exception is thrown, it means the item should cover the stuff
in the tvbuff *and* stuff beyond it).
svn path=/trunk/; revision=4903
Ethereal doesn't dissect SNMP if not linked with an SNMP library (and
*did* confuse at least one person into thinking that). Say "without
SNMP MIB support", instead, as you only lose the ability to read SNMP
MIBs and interpret OIDs and variable bindings according to those MIBs.
svn path=/trunk/; revision=4894
end of the tvbuff is reached before the maximum_length passed by the
caller is reached and before a terminating NUL is found. In this case,
tvb_get_nstringz() returns a -1, but if the string is not artificially
terminated with a NUL by tvb_get_nstringz(), the
caller has no idea where the string should end because 1) the
return value "-1" gives the impression that the string ends
at the end of the buffer but 2) the string does
not end at the end of the buffer, but somewhere in the middle, due
to the packet being shorter than expected.
tvb_get_nstringz() and tvb_get_nstringz0() were both modified.
The FT_STRINGZ case in proto_tree_add_item() is made simpler.
During regression testing, when investigating a regression that I later
corrected, I discovered that strings added through proto_tree_add_item
(FT_STRING, FT_STRINGZ, and FT_UINT_STRING) leaked memory due to double
allocation of the string. The proto_tree_add_string*() functions do
not leak memory, since they only copy the string once. The memory
leak was fixed by adding another argument to the static function
proto_tree_set_string() to let the string ftype code know to g_strdup()
the string or not.
svn path=/trunk/; revision=4891
bitmap and make the function not static.
This bitmap is present in other RPC protocols for NT services as well
besides SAMR.
svn path=/trunk/; revision=4889
"asn1_string_value_decode()", don't pass "g_malloc()" an argument of 0,
as "g_malloc()" will return NULL in that case, and the callers of
"asn1_string_value_decode()" aren't necessarily prepared for a null
argument.
svn path=/trunk/; revision=4876