The Kerberos dissector does not parse IPv6 addresses in AS-REQ messages.
Attached is a patch that adds IPv6 dissection support, and adds a new filter,
kerberos.addr_ipv6, which is analagous to the existing kerberos.addr_ip.
svn path=/trunk/; revision=26241
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
add dissection of the 16 byte header prior to the NDR data when NDR is
transported as a blob ontop of !dcerpc
like the LOGON_INFO in the PAC in kerberos
svn path=/trunk/; revision=24289
dissect_ber_boolean() to return a value and update asn2wrs to generate the new signature.
Regenerate all BER dissectors.
svn path=/trunk/; revision=24015
On windows if ENDTRY is not evaluated after a exception is being thrown wireshark will crash in dissect_packet() while attempting to pop the last frame of the exception stack.
svn path=/trunk/; revision=21014
this resolves some issues where the decode is ok but the hexpane shows corrupted memory where the decrypted blob should be.
svn path=/trunk/; revision=20824
* <epan/crypt/crypt-md5.h> must come after <glib.h> because of
'guint8' etc.
* Include <wiretap/file_util.h> because of eth_fopen().
svn path=/trunk/; revision=20456
there are many reasons why some protocols actually need to be able to access the pinfo structure while determining the pdu size
svn path=/trunk/; revision=19751
use call_dissector_only() which is new-style aware and not call_dissector() which is not.
this fixes a recent bug found on the heimdal list.
svn path=/trunk/; revision=19129
a new bit 0x00020000 is usde in the TGS-REQ packets and this results in a return of a PAC containing an unknown type 11 field.
the blob in the pac is 200 bytes and NDR encoded. its structure is obvious since it contains 2 conformant and varying arrays and three unique pointers.
enable decoding of this new KDCOptions bit and call it "constrained delegation"
svn path=/trunk/; revision=18857
Two more Kerberos error codes where it has been witnessed that the payload contains a PA-DATA structure with the magic salt containing an nt status code
svn path=/trunk/; revision=18088
issued by ms kdc contains a PA_DATA structure with a salt that contains an
nt_status code explaining why the client was not allowed to get a (tgt) ticket
svn path=/trunk/; revision=17796
for the time being since i have never seen this salt being used elsewhere,
assume everything is the MS style salt:
guint32 nt_status
guint32 unknown
guint32 unknown
if the MS KDC does nopt allow a client to grab a ticket (due to policy client can only log in at certain hours or such)
KDC will repsond with a failuer with edata like above and nt-status == STATUS_LOGON_HOURS
svn path=/trunk/; revision=17722
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681
mp_addr_to_str was unnecessary 'complex' - simplified it
packet-dns.c: Fix incorrect use of g_snprintf return value
packet-dcm.c: Fix incorrect use of g_snprintf return value
Someone who understands the protocol should look at the
"vr, tr might be used uninitialized..." warning.
packet-x11.c: Fix incorrect use of g_snprintf return value
packet-kerberos.c: Fix incorrect use of g_snprintf return value
Someone should take a look at the
"longjump might clobber ..." messages
packet-diameter.c: Fix incorrect use of g_snprintf return value
Get rid of unsigned < 0 check
packet-pgm.c: Fix incorrect use of g_snprintf return value
packet-nbns.c: Fix incorrect use of g_snprintf return value
packet-winsrepl.c: Collateral damage to packet-nbns.c fix
packet-netbios.c: Collateral damage to packet-nbns.c fix
packet-netbios.h: Collateral damage to packet-nbns.c fix
packet-kerberos.c: Collateral damage to packet-nbns.c fix
packet-nbipx.c: Collateral damage to packet-nbns.c fix
svn path=/trunk/; revision=17065