windows in SYN and SYN+ACK packets are not scaled so dont apply window scaling to them when displaying them in the tree
svn path=/trunk/; revision=19186
add required code to the http (and others) code in req_resp_hdrs.c to signal to tcp
when it wants a session to be reassembled to the FIN.
This is currently done for all HTTP packets where we have a Content-type in the header but no content-length.
svn path=/trunk/; revision=19185
as requested here is a patch in order to take into account Encryption
and Authentication keys for ESP in hexa.
You only have to write your key with 0x first. In this case if the key
is not in 8-bit unit, it will be considered as starting with a "0" (4 bits). Excepted this case, the key should be completely written, even if it
starts with "0x00".
svn path=/trunk/; revision=19181
- Display options in info column
- Only remember blksize from OACK packets
- Add some rfc numbers
- Move tftp_dissect_options in front of dissect_tftp
(I forgot to fix the forward decl once too often ;)
- Warning fixes
- Add expert error in case of tftp-error pdu
svn path=/trunk/; revision=19162
Actually, this was a feature request:
Store the value of the blksize option in the conversation data
and use that information to compare whether we have reached the
last packet.
Includes the cleanup ideas from Ronnie.
svn path=/trunk/; revision=19155
there were instances where the function dissect_nt_sid() would not fill in the return pointer for the sid string
causing callers that rely on that this string will ALWAYS be assigned try to access and g_free() an uninitialized pointer.
dissect_nt_sid() should be changed to use and return ep allocated memory instead of gmalloced memory
svn path=/trunk/; revision=19154
verify that stat_info->request_uri is non null before doing string manipulations on it
so that we dont try to dereference a null pointer further down the code
svn path=/trunk/; revision=19153
A patch to bring the VNC dissector almost to completion.
I have not had a chance to finish the server message type "frame buffer
update," which are the pixel values for screen rectangle updates.
Everything else is there - tracking the keys the user is pushing,
ringing a bell on the client, mouse button pushes/pointer movements,
etc.
svn path=/trunk/; revision=19145
This patch will add the following functionality to the H.248
dissector:
1. Dissection of properties from Annex C.11 SDP equivalents.
2. Dissection of EventNames and SignalNames from Annex E Basic
Packages.
3. Dissection of event and signal parameters from Annex E.9 Analog
Line Supervision Package.
4. Dissection of statistics from Annex E.11 Network Package and
Annex E.12 RTP Package.
svn path=/trunk/; revision=19136
First, the length of the header of a sub-frame may be miscalculated if
if the PID field is not present, but was present in a previous
sub-frame. The calculation of the header length will use the value from
the previous sub-frame.
Second, correct the typo "ength" to "length".
Third, the length of the current sub-frame was not passed as the
reported length to a sub-dissector. When the sub-dissector calls
tvb_reported_length(), the function returns the length of the complete
frame and not the length of the sub-frame to be dissected.
svn path=/trunk/; revision=19132
use call_dissector_only() which is new-style aware and not call_dissector() which is not.
this fixes a recent bug found on the heimdal list.
svn path=/trunk/; revision=19129
New protocol: epl v1
Hi,
in addition to the recently submitted dissector for the EPL v2 protocol,
this is the dissector for the first version of the EPL protocol.
Best Regards,
David
svn path=/trunk/; revision=19125
from 1 to 8 bytes, and not only handle 0-byte session IDs as special,
have it handle session IDs > 8 bytes as special as well.
svn path=/trunk/; revision=19115
we can add code to check that it looks sane (for better heuristics) when
we start adding GSS-KRB reassembly.
we need this for some transports such as SMB/SessionSetup that will transport GSS-KRB blobs inside multiple PDUs (multiple different SMB/SessionSetups) so we can reassemble the blobs before decoding them.
this probably only happens for SMB/SessionSetup but the design of that command is so "nice" that you can not tell whether the blob is fragmented or not or how big it is supposed to be by looking at the SMB layer itself, one needs to know the BER length field for the BER APPLICATION tag. :-(
to make things worse, the only way match multiple such fragments together one will need not just the fragments from the SessionSetup requests but also the UID that is returned in the response to the initial request.
perverse design.
lets assume that there will almost never be multiple sessionsetups on the same tcp session in real traces so to make things easier just ignore the UID for now when reassembling. (well reassembly is not added yet but will be)
svn path=/trunk/; revision=19112
we will need a conversation in more places once we start adding reassembly of gss-krb blobs that span multiple pdus (smb/sessionsetup)
svn path=/trunk/; revision=19110
patch to implement the decoding of the GPRS reference. The specific oid for the CAP-GPRS-ReferenceNumber is attached to a decoding function in the camel module.
svn path=/trunk/; revision=19108
File NCP2222.py:
1. Added NCP service type 0xffff = All types
2. Added evaluation of task states. (following bits are defined. 0=normal, 1 = TTS explicit transaction in progress, 2= TTS implicit transaction in progress, 4 = Shared file ste lock in progress)
3. Reversed the Volume Request Flags, this was backwards (s/b 0=do not return name with volume number, 1=Return name with volume number)
4. Fixed endianess of Creator ID in NetWare Information Struct.
5. File information structure incorrectly defined Current Block Being Decompressed.
6. Logical Lock Status structure incorrectly identified Task Number as a byte. It should be two bytes "word".
7. Fixed endianess of Modifier ID in NetWare Information Struct.
8. Fixed Name Space Information structure (was defined as Name Space, changed to Creator Name Space Number).
9. Fixed Semaphore Structure (Task Number was incorrectly defined as a byte, should be two bytes "word").
10. Added Task structure (Task Number, Task State)
11. Fixed Volume structure (incorrectly defined Volume Name)
12. Added VolumeWithName structure (This struct contains both volume number and volume name)
13. Added error 0x8901 - "No purgable files available"
14. Added error 0x8977 - "Buffer too small"
15. Added error 0x899c - "No more trustees found"
16. Added error 0x89d9 - "Queue station is not a server"
17. Added NCP connection status values (0=Ok, 1=Bad service connection, 10=File server is down, 40=Broadcast Message Pending)
18. Fixed error definitions for NCP 22/50.
19. Fixed reply packet for NCP 22/52 to properly display volume information depending on reply struct, Volume or volume with name.
20. Fixed error definitions for NCP 22/52
21. Fixed NCP 23/26 reply packet to properly return internet address and display correctly.
22. Fixed NCP 23/27 Reply packet structure to properly repeat connection numbers array.
23. Fixed error definitions for NCP 23/33
24. Fixed NCP 23/114 Request (improperly defined Charge Information as a long value, s/b word)
25. Fixed NCP 23/120 Reply (Improperly defined Job Number as a long value, s/b word)
26. Fixed error definitions for NCP 23/123
27. Fixed error definitions for NCP 23/124
28. Fixed error definitions for NCP 23/131
29. Fixed error definitions for NCP 23/132
30. Fixed error definitions for NCP 23/135
31. Fixed error definitions for NCP 23/137
32. Fixed error definitions for NCP 23/138
33. Fixed NCP 23/205 Reply (User Login Allowed incorrectly defined as long value, s/b byte value)
34. Fixed NCP 23/234 Reply (Reply structure incorrectly defined based on old NCP documentation. Corrected per new docs)
35. Fixed endianess of NCP 23/237 Reply on value Number of Locks.
36. Fixed endianess of NCP 23/238 Reply on value Number of Locks.
37. Fixed error definitions for NCP 30
38. Fixed error definitions for NCP 36/6
39. Fixed error definitions for NCP 86/2
40. Fixed error definitions for NCP 86/3
41. Fixed error definitions for NCP 86/4
42. Fixed error definitions for NCP 86/5
43. Fixed error definitions for NCP 87/1
44. Fixed error definitions for NCP 87/4
45. Fixed error definitions for NCP 87/5
46. Fixed error definitions for NCP 87/10
47. Fixed error definitions for NCP 87/11
48. Fixed error definitions for NCP 87/12
49. Fixed error definitions for NCP 87/17
50. Fixed error definitions for NCP 87/18
51. Fixed NCP 87/20 Reply to properly decode multiple entries returned. This used to only dissect the first entry.
52. Fixed error definitions for NCP 87/30
53. Fixed NCP 87/33 Reply to properly utilize the request flags to dissect the reply packet NetWare Info Struct
54. Fixed error definitions for NCP 87/33
55. Fixed error definitions for NCP 88/22
56. Fixed error definitions for NCP 89/1
57. Fixed error definitions for NCP 89/10
58. Fixed NCP 89/11 Request packet structure
59. Fixed error definitions for NCP 89/11
60. Fixed NCP 89/20 Reply to properly decode multiple entries returned. This used to only dissect the first entry.
61. Fixed error definitions for NCP 104/5
62. Added undefined NCP 112
63. Fixed NCP 123/11 Reply to properly dissect FileName, Name, and copyright.
64. Fixed NCP 123/17 Reply to properly display NCP Network Address values.
65. Fixed NCP 123/24 Reply to properly display Driver Board Name, Driver Short Name, and Dirver Logical Name.
66. Fixed error definitions for NCP 123/33
67. Fixed NCP 123/60 to properly display Set Command Name and Set Command Value.
68. Fixed error definitions for NCP 123/70
69. Fixed NCP 123/71 Reply to utilize new File Information Struct
70. Fixed error definitions for NCP 123/71
71. Fixed error definitions for NCP 123/72
72. Added NCP 123/249
73. Added NCP 123/251
74. Added NCP 123/252
75. Added NCP 123/253
76. Added NCP 123/254
77. Added NCP 123/255
78. Fixed error definitions for NCP 131/1
79. Fixed error definitions for NCP 131/2
File packet-ncp2222.inc
1. Added new NCP preference setting to tell Wireshark to decode the NetWare information structure as new or old style.
2. Set default NCP preference settings of echo connection and echo file to FALSE.
3. Added NDS verb 2 Request Flags (0=retain old object, 1=delete old object)
4. Fixed problem where NDS fragmentation could not be reassembled on reload. (fragment array needed to be re-initialized on reload)
5. Fixed NCP service types 1111, 5555, bbbb, and 1111/LIP to reflect real type number. (Was defined as 0xf1, 0xf2, 0xf3, etc... Now defined as 0x1, 0x5, 0xb, etc)
6. Fixed function build_expert_data to parse subtree memory structures to acquire NCP request value records
7. Fix NDS attribute type Boolean to byte value and properly aligned.
8. Fixed attribute zendmSearchOrder to display properly regardless of number or order of value entries.
9. Added check of length of packet prior to attempting to defragment
10. Added for Request packets logic to abort if NCP type isn't found.
11. Added logic to store packet length and then manually decode NCP function 123 based on length.
12. Added logic to manually dissect NCP 87/20 and 89/20 reply packets.
13. NDS resolve name replies with remote entry as the specifier should not store the EID returned (0x00000000)
14. Added logic to trap and echo to expert tap when connection status flags indicate an error.
15. Added manual dissect of NCP 23/26 replies
16. Added logic to Capture the EID returned form NCP 22/51 "Get vol info".
17. Fixed NDS verb 0x2a
18. Fixed NDS verb 0x2b
File packet-ncp.c
1. Fix offset for packet signature. (This used to automatically set the offset to account for packet signature if it could not determine the correct NCP type. But for some failed fragment packets, retransmissions, etc, this would be wrongly identified. So first we check to see if we can read a valid type at the offset before we just automatically assume that packet signature is being used)
2. Register the new NCP preference for old/new NetWareInfoStruct.
File packet-ncp-int.h
1. Add extern declaration for ncp_newstyle setting.
2. Add length, req_mask, and req_mast_ext to ncp_req_hash_value structure
File packet-ncp-sss.c
1. Fix SecretStore request verb Write App Secrets, Client Put Data, to evaluate packet length.
svn path=/trunk/; revision=19073
