The NFS dissector (all versions) show access types that have not been requested
to be checked as "not allowed" in the call and reply. This is incorrect and
misleading. At present one must manually compare what was requested in order
to assess if access was actually denied for that type. When there are hundreds
or thousands of these ACCESS requests in a capture, it is not possible or
practical to manually check each one.
The submitted patch does the following:
* Passes the access mask in the call to the reply for comparison
* Adds filterable fields for each supported (v4) and access type
* Adds a pseudo field, nfs.access_denied
* Lists the access types to be checked in the summary and tree
* Separately lists the supported, denied, and allowed access types in the
summary and tree
The changes are applied to all NFS versions.
From me: a couple of small changes to make it compile without warnings.
svn path=/trunk/; revision=34141
Bugs fixed:
- Invalid time display for various time fields;
Millisecs for types 152, 153 are actually stored as 64 bit integers;
Microsecs, nanosecs are actually stored in "NTP format";
Times for fields 158, 159 are relative to "export time";
SystemInitTime displayed incorrectly;
...
- Options template not cached when only scope fields in template.
- Templates not processed on first pass thru capture file:
(In some cases data flows might not be handled until options template later displayed).
- V9: number of options template entries limited to about 8 instead of intended 42;
- Multiple options temlate flows in an Options Template flowset not handled;
- "NotSentOctets" dislayed as "NotSentPackets";
...
Cleanups:
- Options and data template processing code more or less rewritten;
- options template displayed with format similar to that used for data templates;
- Handling and display of PEN field (including use to indicate REVERSE) improved;
- Don't use same filter name for two similar fields which only differ in size;
- Handling & dislay of "variable length" fields improved;
- sminmec lookup (PEN) done only during template processing & cached for later use;
...
- Whitespace/Formatting
svn path=/trunk/; revision=34140
The popups should be working now exept for protocol help.
Help with testing and cleaning up apreciated.
GTK 2.6 requred, I'll look into that too later if no one beats me to it.
svn path=/trunk/; revision=34127
for avoiding doubled definition of a table needed also by a tcap subdissector
plugin a definition in libwirshark.def is needed:
isup_calling_partys_category_value
Me: Change extern to WS_VAR_IMPORT in header file
svn path=/trunk/; revision=34126
On Windows, rename inet_pton() to ws_inet_pton() so that builds on Vista or
later systems (that have inet_pton() natively) will still work on pre-Vista
systems.
svn path=/trunk/; revision=34122
Change to using new ENC_[BIG|LITTLE]_ENDIAN instead of FALSE and TRUE
in the proto_tree_add_item() calls for the identifier and sequence numbers.
svn path=/trunk/; revision=34119
Decode of SETCLIENTID calls in the Windows x86 version fail with "[Dissector
bug, protocol NFS: STATUS_ACCESS_VIOLATION: dissector accessed an invalid
memory address]". This error occurs in packet-nfs.c in
dissect_nfs_clientaddr4() where vars 'protocol' and 'universal_ip_address' get
stepped on following the call to scanf(). The b1-b10 vars are declared as
quint8. While "hh" modifier used in the scanf() is documented in Linux to
correspond to an a signed/unsigned char arg, I cannot find a similar
designation in Windows (MSDN). The Windows C compiler interprets %hhu as
corresponding to a int16 rather than int8.
svn path=/trunk/; revision=34115
Incorrect decoding of List of ARFCN in BCCH frequency list.
When the range 1024 is selected, it can happen that 2 bytes need to be read for
W1, and also for W2. In the current version, when W1 ends on a byte boundary,
W2 will get an incorrect value, since it will be truncated by 1 bit.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5214
svn path=/trunk/; revision=34113
http://seclists.org/bugtraq/2010/Sep/87 .
Unfortunately no one from the NCNIPC pen test team has contacted us or
provided a sample capture so the fix hasn't been verified.
svn path=/trunk/; revision=34111
Followup to 34081: move libwsutil _all_ the way forward so that our inet_pton
is always linked in before wsock32's. This means that our Windows-7 Win64
builds (on which there is a native inet_pton in wsock32) will still work on
pre-Vista Win64's.
svn path=/trunk/; revision=34093
Jeff Morriss