access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
structure, we may have to worry about it in more places than the places
that *used* to set "pi.len" and "pi.captured_len", so there's no point
in just saving and restoring it there. We'll remove those
saves/restores, and worry about saves and restores when we find a
problem.
svn path=/trunk/; revision=4245
#defines for SMB commands with ones that use the names from the SNIA
CIFS spec.
Use those #define values rather than hardcoded values in various places
that check for specific commands.
svn path=/trunk/; revision=4244
of packet data captured.
Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the
packet" argument.
Add some length checks to capture routines.
svn path=/trunk/; revision=4235
and call it both from "select_packet()" and "create_new_window()",
rather than having two similar loops in both places.
svn path=/trunk/; revision=4233
if (and only if) the length of the item being added is 0 (so that it has
no data backing it).
This means the data stream name pointer for the item in question is
null; make sure we handle that.
Use that for some "uses the value from the matching request" fields in
the SMB Pipe protocol.
svn path=/trunk/; revision=4231
routines used for that.
Rename some named pipe functions as per the SNIA CIFS spec.
Label the "number of files moved" field of the reply to a Move SMB as
such, rather than as an unspecified "Count".
svn path=/trunk/; revision=4229
- accept struct and union lists passed in via ethereal_be.py
- these lists are unused until I add the templates for struct
and union helper functions. So code generation is unchanged
for the moment.
svn path=/trunk/; revision=4227
- find all union/struct references and store in lists.
This includes embedded unions and structs.
- pass the struct and union lists onto ethereal_gen.py
- print all found nodes at DEBUG
svn path=/trunk/; revision=4226
references an unknown module, check the "preference" part to see if
another "." is found; iterate until a known module is found, or until
nor more "."'s are found.
Needed for the new "x.25.non_q_bit_is_sna" preference.
svn path=/trunk/; revision=4225
obviates the need to have a protocol tree item for "MSRPC-over-SMB", as
the setup words for it are just standard TransactNmPipe setup words
(0x26 is the TransactNmPipe function code, and the next setup word is
the FID for the pipe in question.)
Pass to the pipe dissector tvbuffs for setup-words-plus-pipe (which is
the data for the pipe protocol) and parameters-plus-data (which is the
data for the protocol running atop the pipe protocol); use the former
for the top-level protocol tree item for the pipe protocol, and the
latter for the top-level protocol tree item for the LANMAN protocol.
svn path=/trunk/; revision=4223
mailslot-based logon protocols just be regular register routines,
detected by the script that generates the "register.c" file, rather than
special stuff known to the SMB dissector.
svn path=/trunk/; revision=4222
"dissect_pipe_smb()", a tvbuff containing the setup words and the
pipe/mailslot pathname, as those are arguably the part of the packet
that contains the "mailslot protocol" and the "pipe protocol", as
opposed to the protocol running atop mailslots or pipes.
Pass a setup tvbuff to "dissect_pipe_smb()" for it to pass on to the
MSRPC-over-named-pipe dissector, and have the setup tvbuff passed to it
and "dissect_mailslot_smb()" contain *only* the setup words; don't
extract anything other than the setup words from it.
Declare "register_proto_smb_mailslot()" in "packet-smb-mailslot.h"
rather than "packet-smb.c", and declare "register_proto_smb_pipe()" in
"packet-smb-pipe.h" rather than "packet-smb.c".
Add a protocol for MSRPC-over-named-pipes.
Move the stuff to handle the FID in the setup words of
MSRPC-over-named-pipe transactions out of the SMB Transaction dissector
into the MSRPC dissector. Add a routine to "packet-smb.c", callable
from outside "packet-smb.c", to put an "smb.fid" field into the protocol
tree, and to add ", FID: XXXX" to the Info column, for use by the
MSRPC-over-named-pipe dissector; use it in the SMB dissector as well, in
all the places where we put a FID into the protocol tree.
Move the stuff to check whether the LANMAN protocol is enabled, and to
set "pinfo->current_proto" to "LANMAN" if it is, into the LANMAN
API-over-named-pipe dissector out of the named pipe protocol dissector.
If we didn't dissect a Transaction request or reply as a named pipe or
mailslot message, put any setup words, parameters, and data it has into
the protocol tree as separate items.
Don't put a "Response in" item into the protocol tree for an NT Cancel
request, as there are no responses to NT Cancel requests.
svn path=/trunk/; revision=4221
display the returned FID in the Info column for NT Create And X
replies;
display the setup words, and treat the second word as a FID in
Transaction requests presumed to contain DCE RPC-over-SMB.
Add the FID to the Info column for other open/create replies while we're
at it.
svn path=/trunk/; revision=4219
structure, so that it can be updated by subdissectors; this way the
updates affect the structure immediately, and don't get lost if the
subdissector later throws an exception.
Use "tvb_reported_length()" to check for an interim mailslot reply;
"tvb_length()" could give the wrong answer if a short snapshot length
was given in the capture.
svn path=/trunk/; revision=4218
"smb_saved_info_t". Put all the information needed to dissect NT
Transaction replies, Transaction2 replies, or Transaction replies into
separate data structures, allocated separately, and put a pointer to
that data structure in the "void *" in question.
Use the return value of "dissect_pipe_smb()" and
"dissect_mailslot_smb()" to control whether to display as data the stuff
those routines were asked to dissect.
If we've seen a request before, but its "smb_saved_info_t" isn't in the
"matched" hash table, look in the "unmatched" hash table - perhaps we
haven't seen the reply yet.
svn path=/trunk/; revision=4216
SMB FILE SHARING PROTOCOL EXTENSIONS, SMB File Sharing Protocol
Extensions Version 2.0, Document Version 3.3".
Fix the test for the "connectionless mode" to test the correct bit.
svn path=/trunk/; revision=4215
and replies, just save a structure holding that information that can't
be derived from the contents of one of the SMBs.
Don't save anything at all for NT Cancel requests - they have the same
TID/PID/MID/UID as the SMB being cancelled, and you want the information
for that request used when dissecting the NT Cancel (so it gets the
number of the frame containing the request being cancelled) and when
dissecting the reply to the request being cancelled.
Get rid of an unused routine.
svn path=/trunk/; revision=4213
Get rid of "Response to" stuff in the LANMAN dissector, as that's now
done in the SMB dissector.
Add a routine for dissecting unknown SMBs (gets the word and byte
counts, and just adds text entries for the word and byte parameters, if
any), and replace null pointers in the dissector table with pointers to
that routine. Get rid of the check for a null dissector pointer.
svn path=/trunk/; revision=4212
piece of information in the reply, as a file can have more than one
stream; show all of them.
Don't use the "File Name" field for stream names.
svn path=/trunk/; revision=4211
work on dissecting the Information frame of QLLC packets.
Thanks to mario.ferreira@hsbc.com.br for lots of information on SNA
over X.25.
svn path=/trunk/; revision=4207
structure, the check for a null tvbuff pointer in "alloc_field_info()",
and the "tvb_create_from_top()" macro; they're no longer needed, as
there's no non-tvbuffified dissector code remaining.
svn path=/trunk/; revision=4205
*always* zero, so it won't always work, and it's somewhat gross. The
right answer is "don't use Digital/Tru64 UNIX's tcpdump, use
tcpdump.org's".
svn path=/trunk/; revision=4202
Gilbert Ramirez