session; treat all packet type values >= 1 and <= 18 as valid packet
types.
Do standard TCP desegmentation of Netlib buffers, and do reassembly of
TDS messages fragmented over multiple Netlib buffers, rather than doing
the "remember what was in the last TCP segment" stuff; I've seen nothing
to indicate that a TDS message would continue past the last byte of a
"last buffer in request or response" Netlib buffer, and the "remember
what was in the last TCP segment" stuff was complicated and buggy,
perhaps irreparably so ("buggy" as in "crashes").
Make the top-level protocol item for a TDS message be an item for
"proto_tds", and put both the Netlib header and TDS stuff under that
item - that's what Microsoft Network Monitor does.
Get rid of the unused Netlib heuristic subdissector list.
Don't make a new data source for NTLMSSP data in a TDS message - the
data is just a slice of the message, it's not transformed from ASCII hex
to binary, or reassembled, or anything such as that.
Tokens are tokens, not PDUs.
Make the heuristics a bit stronger, to reject packets that are clearly
not TDS packets. Once the heuristics match, make a non-heuristic
dissector the dissector for the conversation.
Quit dissecting the TCP segment (or reassembled data) if we have a
Netlib buffer with a length < 8, as it's not large enough to even have a
Netlib header.
svn path=/trunk/; revision=6737
by DCE RPC are usually little-endian; fix a bunch of
"proto_tree_add_item()" calls (most are for byte-array or string fields,
so the byte order doesn't make a difference, but one is a number).
Put an item into the protocol tree for the encrypted NT password block.
Mallocate the buffer for the Unicode version of the password, rather
than assuming it'll fit in 256 bytes.
"g_malloc()" never returns NULL - it either allocates memory or aborts -
so don't check for a mallocation failure.
Don't try to decrypt the NT password block if we don't have a password.
svn path=/trunk/; revision=6731
qualifiers as necessary to ensure that we don't have to.
"strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't
test their results as if they did.
Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes.
Update Michael Tuexen's e-mail address.
svn path=/trunk/; revision=6726
Support for mDNS/LLMNR "cache flush" bit
Label mDNS and DNS differently in the Protocol column
Clean up summary line for PTR records
svn path=/trunk/; revision=6709
frame and the previous frame in the capture - a frame that might not be
displayed, so you don't know what it was - rather than the previous
frame in the display, as is intended. Fix that.
svn path=/trunk/; revision=6708
Replace the large matrix of protocol togglebuttons with a GtkCList. The
CList displays three columns: the enabled/disabled state, the protocol's
abbreviated name and the protocol's full name. Protocols can be enabled
or disabled by double-clicking on them. The enable all, disable all, and
invert buttons were left intact.
I made a half-assed attempt at Gtk2 support by copying code from
plugins_dlg.c. It's incomplete, and probably won't compile.
Using check boxes in the first column instead of the word "Disabled" would
have been nice. GtkCLists don't let you embed anything besides text and
pixmaps unfortunately.
Update the man page accordingly.
We still need a way to save a list of disabled protocols.
svn path=/trunk/; revision=6707
There is not a third option Advanced... in addition to frames/tick and bytes/tick.
See ethereal man page for description and how one can use this to graph how NFS response time MAX/MIN/AVG changes over time.
svn path=/trunk/; revision=6703
current "this is an error packet" flag and set that flag, so the payload
is dissected as the payload of an error packet rather than as a "real"
packet.
svn path=/trunk/; revision=6701
"dissect_ndr_uint16s()"; "dissect_ndr_uint16s()" is always passed a null
pointer, "dissect_dcerpc_uint16s()" is only called by
"dissect_ndr_uint16s()", and the pointer returned through "pdata" is
*NOT* guaranteed to be aligned on a 16-bit boundary so we don't want to
tempt people to blithely dereference that pointer.
svn path=/trunk/; revision=6699
soon as we see a packet for that circuit (we don't do that in X.25, for
example), so there's no guarantee that the first circuit starts at the
first circuit of the capture.
svn path=/trunk/; revision=6695
call to "gssapi_init_oid()" supplies both dissectors for context-level
tokens and GSS_Wrap header information; the latter dissector should
return the number of bytes of header information, so that if the header
information and the message for the protocol that's using GSSAPI are
treated as a single blob of data (as is the case with LDAP, but not with
DCE RPC, for example), the dissector for the protocol using GSSAPI knows
where to start dissecting.
We associate a pointer to the entire data structure for the OID, not the
handle for context-level token dissector for the OID, with conversations
and frames.
Make the dissector for NTLMSSP verifiers be the handler for GSS_Wrap
stuff for NTLMSSP, and add support for GSS_Wrap stuff for Kerberos.
Support SASL GSS-SPNEGO wrapping of LDAP messages. (XXX - this should
really check for GSS-SPNEGO.)
svn path=/trunk/; revision=6692
Gerald Combs