Show presentation context negotiation results and rejection reasons, PDU
rejection reasons, and rejection status codes symbolically. Show the
presentation context negotiation rejection reason only if there was a
rejection, and, if so, show it in the Info column as well as the
protocol tree.
Show more fields in the Info column.
Show the packet type in decimal in the protocol tree - it's shown as
decimal in the Info column and the values are shown as decimal in the
DCE RPC 1.1 spec.
Show the sequence number for connectionless PDUs as decimal in the
protcool tree - it's snown as decimal in the Info column, and the call
ID for connection-oriented PDUs is shown as decimal in the protocol
tree.
svn path=/trunk/; revision=5701
Use "memset()" rather than "bzero()", as "memset()" is the official ANSI
C routine (and you get an error when compiling with MSVC++ if you use
"bzero()").
svn path=/trunk/; revision=5699
mangling of the 802.11 dissector, and optional processing of an FCS at
the end of the frame.
When dissecting the frame-type-dependent part of the header, dissect all
management frames (including ones with an invalid subtype) the same, and
dissect all data frames (including ones with an invalid subtype) the
same.
svn path=/trunk/; revision=5696
tables for connectionless PDUs than for connection-oriented PDUs; just
have one connectionless PDU reassembly hash table.
Get rid of unnecessary tests of "dcerpc_reassemble" - the code to handle
requests and responses was
if (!dcerpc_reassemble || packet not fragmented || frame is short)
don't reassemble;
else if (dcerpc_reassemble)
reassemble
but if we go into the "else" clause we know that all three conditions in
the "if" are false, including "!dcerpc_reassemble", so we know
"dcerpc_reassemble" is true.
Set "pinfo->fragmented" based on whether the PDU being dissected is an
unreassembled first fragment or not.
Put a "Fragment data" item into the protocol tree for all fragments.
Properly maintain the offset when dissecting the header of a
connectionless PDU, even if we aren't building a protocol tree.
"fd_head->datalen" is bogus for sequence-number-based reassembly; use
"fd_head->len" instead.
svn path=/trunk/; revision=5695
Added true_false_string for printer attributes.
Display notify type and notify field name in subtree item when
dissecting notify options or notify data.
svn path=/trunk/; revision=5690
Don't try to add a fragment to a reassembly operation if we don't have
all of the stub data (because the frame is short, or because it's part
of a packet fragmented at a layer below RPC and not reassembled).
Put an entry into the protocol tree for the fragment data of the last
fragment.
svn path=/trunk/; revision=5688
whether a connection-oriented PDU is fragmented or not.
Clean up the handling of fragmented connection-oriented PDUs (the code
to handle fragmented PDUs can assume that it is not the case that both
PFC_FIRST_FRAG and PFC_LAST_FRAG are set, as that's an unfragmented
PDU). Put an entry into the protocol tree for the fragment data in
fragmented PDUs.
For fragmented connectionless PDUs, don't hand the payload of any
fragment other than the first fragment to the subdissector.
svn path=/trunk/; revision=5687
allocate a buffer big enough to hold the ASCIIfied version of that
string, and then ASCIIfy the Unicode string into that buffer, rather
than ASCIIfying into a fixed-length buffer.
svn path=/trunk/; revision=5676
decimal, not hex; use decimal in the value_string tables for them, and
display them in decimal, not hex.
Clean up the names of the certificate types.
Add a routine to add text identifiers, use that routine rather than
doing similar things in several places in the code, and don't have that
routine extract the string contents into a buffer and add it with
"proto_tree_add_string()" - we can just use "proto_tree_add_item()",
which is simpler *and* removes worries about buffer overflows.
Use #defines rather than raw numerical values for identifier types in
switch-statement case clauses.
Fix a typo ("Unknow" -> "Unknown").
FT_NONE and FT_STRING fields can't have a base, so make them BASE_NONE.
svn path=/trunk/; revision=5675
If we had unreassebled DCERPC PDUs but had
decryption of MAPI enabled we would try to read too much data from the
tvbuff and ethereal would later dump core.
svn path=/trunk/; revision=5673
types and Wiretap encapsulations after the entries to map between
platform-independent libpcap link-layer types and those Wiretap
encapsulations, so that, when writing a libpcap-format file, we choose
the platform-independent link-layer types.
svn path=/trunk/; revision=5668
"tvb_get_nstringz0()" no larger than the space in "str" (not counting
the space for the trailing '\0').
Make "str" big enough to hold a maximum-length serial number string (the
length is 1 byte, hence the maximum length is 256 bytes plus 1 byte of
terminating '\0').
svn path=/trunk/; revision=5665
requests - the data part of the AFS authentication request
(hf_afs_kauth_data) is displayed as a string whilst declared as a binary
array in "packet-afs-register-info.h".
svn path=/trunk/; revision=5661
In libpcap.c, move wtap_pcap_encap_to_wtap_encap before libpcap_open
so that if HAVE_PCAP_H is not true, the file will still compile.
svn path=/trunk/; revision=5660
the source to an "ipxdump" utility from the Linux ncpfs package.
The NetworkAddress field in a 23/26 GetInternetAddress reply appears
to be big-endian; we assume it's big-endian in all messages.
The NetworkSocket field in that reply also appears to be big-endian;
it was already set up to be big-endian in other messages.
Put in comments noting other things seen in captures.
svn path=/trunk/; revision=5658
in TCP, UDP, and SCTP, try the lower port number first, and then the
higher port number; this means that, for packets where a dissector is
registered for *both* port numbers:
1) we pick the same dissector for traffic going in both directions;
2) we prefer the port number that's more likely to be the right
one (as that prefers well-known ports to reserved ports);
although there is, of course, no guarantee that any such strategy will
always pick the right port number.
Ignore port numbers of 0, as some dissectors use a port number of 0 to
disable the port, and as RFC 768 says that the source port in UDP
datagrams is optional and is 0 if not used.
svn path=/trunk/; revision=5656
