so that IF kerberos succeeds in decrypting a blob it can print a nice
"[Decrypted using: keytab principal foo/bar@REALM]"
or
"[Decrypted using: key learnt from frame xx]"
This makes it much easier to keep track of what keys decrypt what blob
and is very useful for illustrating the sequence of keys that are exchanged and used in kerberos during the AS/TGS/AP exchanges.
svn path=/trunk/; revision=11853
ethereal used to (bug) print in the summary line
"[Continuation to #%d]" where %d was the current frame number.
Fix this bug and let %d print the frame number of the first frame for this multiframe PDU.
(Strange that no one has complained about this one)
svn path=/trunk/; revision=11852
make ethereal attempt to automatically detect wether header digest is used or not for iscsi sessions.
This makes ethereal decode the packets properly EVEN for perfectly normal sessions where
the discovery session is performed with no digest but the normal login session negotiates digest.
the detected headerdigest setting is tcp session wide and thus it
it does not work for such initiators (if such exist) that resuse the same socketpair between the discovery and normal login sessions.
svn path=/trunk/; revision=11850
later this soon to be implemented structure (and not the conversation) will
hold the information we need to track wether
digests etc are in use or not.
this also allows some minor indentation cleanups as well.
svn path=/trunk/; revision=11848
try to access the conversation structures unless the
proper preferences are enabled (so that the structs exists iun the first place)
svn path=/trunk/; revision=11845
If window scaling is NOT offered in the SYN+ACK then window scaling will
not be used at all, so clear it if we saw it offered previously in the SYN packet.
If the window is scaled in a packet, make ethereal display that by appendign the
string " (scaled)" to the end of the tcp.window line in the
decode pane.
svn path=/trunk/; revision=11837
1. Fix Fax Number NDS attribute. This was causing malformed
packet message due to improper decoding.
2. Do not try to decode packet beyond connection status when
return value is non-zero (error condition).
svn path=/trunk/; revision=11836
This tag was part of an early kerberos draft but had dissapeared
when 1510 was published.
this early draft exist in implementations in the wild.
add 4 extra checksum types as well from that draft.
svn path=/trunk/; revision=11834
most if not all platforms; the "bitwise and" operator in display filters
is Boolean and evaluates to "true" if the result is non-zero and "false"
otherwise, so explicitly do the comparison with 0 to make sure we don't
just throw away the upper 32 bits.
Do the same for the 32-bit bitwise AND as well, although it's not
strictly necessary.
svn path=/trunk/; revision=11828
rather than "col_buf", so that we correctly handle a column set with
"col_set_str()" (where we set "col_data" to point to the string, and
leave "col_buf" alone).
svn path=/trunk/; revision=11818
references to a packet - just re-"decrypt" it (not a lot of work, given
the sophisticated encryption MAPI uses). We don't save decrypted data
for non-trivial encryptions, so there's not much of a reason to save it
here - and the code to save it was at least sometimes not finding it
again, causing crashes.
Set the length and reported length of the decrypted data tvbuff
appropriately.
svn path=/trunk/; revision=11812
From Luis Ontanon: add some fields for filtering r packet-isup which adds A,B and C numbers to the
fields (that is called,calling and redirecting number). Changed the patch to not use hidden fields and some code clean up
svn path=/trunk/; revision=11811
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
I (hopefully) didn't changed any protocol fields or preference file names, but only the GUI labels appearing in the protocol display and the protocol preferences.
Also added a note to the protocol preferences (where appropriate), that you have to enable "Allow subdissectors to reassemble TCP streams" at the corresponding protocol settings for TCP reassembling to take effect.
If you encounter any mistakes I've made here, please let me know...
svn path=/trunk/; revision=11784
fields (that is called,calling and redirecting number). Changed the patch to not use hidden fields and some code clean up.
svn path=/trunk/; revision=11780
the NTLMv2 blob, so don't bother dissecting it for now - perhaps we
should see how much of the NTLMv2 response remains, and, if there is
any, put it into the tree as extra data.
svn path=/trunk/; revision=11765
encapsulated options, just give up on the option in which they're
encapsulated.
Note that for the Relay Message option, we should perhaps dissect the
option data as a DHCP message, not just a sequence of options.
svn path=/trunk/; revision=11756
produces some floating-point noise in the nanoseconds field; we've
required 64-bit integer support for a while, so use that.
svn path=/trunk/; revision=11754
- test for NULL conversation data to avoid a potential crash when
looking up stream setup info (as RTP dissector does);
- adds a heuristic function (like RTP, this is a preference
initially set to off).
svn path=/trunk/; revision=11748
byte - and a length of 1 is used to put the message digest into the
protocol tree, which agrees with that. Therefore, "tvb_get_guint8()"
should be used to fetch it.
svn path=/trunk/; revision=11746
(or, as that documentation calls it, the language name) is the database
name; mark it as such.
It also says there's some other stuff, such as a client MAC address,
after the database offset/length (and that the NTLMSSP message doesn't
come right after the database offset/length, there's an offset/length
for the NTLMSSP message). Put in a comment about that.
svn path=/trunk/; revision=11713
protocol "dhcpfo", to match the filter names of its fields; that - or
changing the long name or abbreviation of the protocol - fixes the core
dump (which was in a check for a name being legal).
svn path=/trunk/; revision=11631
ISC DHCP Server 3.0 failover protocol dissection
Note: I tried to make the port configurable via prefs
but failed to do so: It always cashed on startup so it
is commented out for now.
svn path=/trunk/; revision=11630
1. define new TDS packet type (17) - NTLM authentication packet. Call
the ntlmssp dissector to dissect it when needed.
2. define new TDS packet type (18) - donno what it is exactly, but it's
there. Will dissect it someday.
3. heuristic in netlib_check_login_pkt should also check port 2433.
4. unify the dissection of msg and err token. They have the same
structure.
5. improve the dissection of the above mentioned token.
svn path=/trunk/; revision=11616
include of <resolv.h> in any system header file gets the system
<resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]).
svn path=/trunk/; revision=11615
NTLMSSP-related than SMB-related, and documents about NTLMSSP talk about
it, so it's a little more convenient to keep all that stuff together -
and export it through a packet-ntlmssp.h header.
svn path=/trunk/; revision=11585
"Negotiate 56", meaning that 56-bit encryption is supported - and that
"Negotiate 128" means that 128-bit encryption is supported, so note that
in the blurb for that flag.
It also says that the values for "Request Init Response", "Request Accept
Response", and 'Request Non-NT Session Key" are a factor of 16 away from
what our #defines say they are, and that 0x000[124]0000 are "Target Type
{Domain,Server,Share}". Note that in a comment.
svn path=/trunk/; revision=11582
Many people have recently reported many problems with the nmake build
process. It seems that these problems come from using
epan/makefile.nmake to compile the DISSECTOR_SUPPORT_SOURCES which are
located in /trunk.
Nmake from MSVC6 puts the object code of the DISSECTOR_SUPPORT_SOURCES
in /epan although Nmake expects the object code in /trunk when it
checkes dependencies. Thus DISSECTOR_SUPPORT_OBJECTS are built every
time even when they are already there.
Nmake Version 1.5 (MSVC 2003 Toolkit) puts the object code of the
DISSECTOR_SUPPORT_SOURCES in /trunk instead.
This makes it impossible to use epan/makefile.nmake for compiling the
DISSECTOR_SUPPORT_SOURCES and to make it work for both versions of nmake.
We have to use /trunk/makefile.nmake for compiling the
DISSECTOR_SUPPORT_SOURCES to solve these issues.
It should also be possible to build ethereal without libethereal.dll again.
Once we have moved all DISSECTOR_SUPPORT_SOURCES into a subdirectory of
epan we can get rid of this patchwork in the nmake makefiles.
svn path=/trunk/; revision=11562
There is still a problem with MSVC builds as 3 objects get built twice (once
at the top level, and once in epan: xmlstub.obj, print.obj and ps.obj).
This fix allows to compile again with MSVC if debug symbols are NOT enabled
while building Ethereal. Do this by editing config.nmake and replacing
"LOCAL_LDFLAGS=/DEBUG" with "LOCAL_LDFLAGS=". In other words: Ethereal CANNOT
be built right now with debug symbols in the object code, for MSVC builds.
svn path=/trunk/; revision=11557
check whether "match_strval()" returned a null pointer before
using its return value;
mark the end-of-burst packet.
Clean up white space.
svn path=/trunk/; revision=11551
clean up the message printed when building libethereal.dll;
have "make distclean" clean out the "dissectors" subdirectory.
Clean up indentation.
svn path=/trunk/; revision=11540
31A and 31B in the 2000 and later 802.3 specs. (Dissecting them is left
as an exercise for the student.)
Clean up whitespace a bit.
svn path=/trunk/; revision=11536
the distribution, as was the case in the past.
Arrange that RCS IDs be expanded, and that the EOL style be native, for
epan/dissectors/Makefile.{am,common,nmake}.
svn path=/trunk/; revision=11532
before running it (printing echo commands puts extra gunk into the
output), and remove some additional generated files when doing "make
distclean".
svn path=/trunk/; revision=11517
x509af is now virtually complete (the attribute userPassword still needs
an attribute dissector but after that, x509af is complete)
svn path=/trunk/; revision=11510
explicitly pass NULL as the tree argument to
"dissect_ndr_uint32()" - "tree", which was passed before, was
definitely null at that point, and the intent is that it not put
anything into the protocol tree;
use the correct offset when putting items into the protocol tree
(the offset has been advanced just past the end of the field at
the time the items are being put into the protocol tree).
svn path=/trunk/; revision=11506
use this and create a new tvbsubset so that
1, reading too much data is flagged as MALFORMED PACKET indicating a bug in the dissector (or a packet that IS malformed)
2, this also implicitely passes the length of the data through the ber.oid dissector handle in case we want to pick it up later.
svn path=/trunk/; revision=11490
(see how good it is to put markers for emacs macros in the files, it was pretty quick, wasnt it? i even tested the resulting code.)
svn path=/trunk/; revision=11481
Also implement the attribute organizationName which is of this type.
(Add magic comments so emacs-macros will be happy.)
svn path=/trunk/; revision=11479
in promiscuous mode, packets captured promiscuously show up as 802.11
packets encapsulated in Ethernet, with an Ethernet type of 0x2452.
svn path=/trunk/; revision=11451
to the ethereal build.
The dissections are semi-useful but incomplete.
The big problem still remaining is the x509if Name object not being
dissected properly thus causing the dissection to get out of sync/fail
halfway through the certificate structure.
work in progress but already semi-useful.
svn path=/trunk/; revision=11440
"epan/packet_info.h" and put it in "epan/address.h".
Use the AT_ values from "epan/address.h" for address types in the
interface lists rather than having our own FAM_ enums.
svn path=/trunk/; revision=11427
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
on success, so we clear it before calling them.
Assign the value of "strtol()" to a "long" and assign the value of
"strtoul()" to an "unsigned long", as those are the return types for
those functions - "gint32" and "guint32" might not be large enough for
the return value on an LP64 platform.
Check for errno being EINVAL, as that can happen if the number isn't
valid.
Before assigning the value returned by "strtol()" or "strtoul()" to the
final destination, check whether it's in the right range for that
destination.
svn path=/trunk/; revision=11382
- conversation.[ch] - To support not setting port2 on matching a
conversation. This is used by protocols such as iSNS in which the client
registers a TCP/UDP port with the server for notifications and the server
sends notifications to this port from different source ports.
- packet-isns.c - Added support for handling zero-length TLVs and ESI & SCN
frames (when registering an SCN/ESI port, a conversation dissector is
setup).
svn path=/trunk/; revision=11320
strength for AVS headers.
Also add them for the Prism and Radiotap headers, and for the
pseudo-header from non-native captures.
svn path=/trunk/; revision=11316
"SLAB_ITEM_TYPE_DEFINE()" macro to define a union of the type of object
for the slab and a pointer to an object of that union type, and use that
type for items on the slab allocator free lists; that *should* avoid
having the compiler think two pointers to an item being added to or
removed from the free list don't point to the same object just because
they have different types.
svn path=/trunk/; revision=11306
object being allocated, rather than the name of the free list, as an
argument (with the name of the free list constructed from the name of
the type), and add macros to define and declare the free list, also
taking the type of the object being allocated.
svn path=/trunk/; revision=11305
It does not decompress the compressed message it only displays the
uploaded bytecode for the UDVM ( Universal Decompressor Virtual Machine )
svn path=/trunk/; revision=11261
- moved doxygen.cfg to doxygen.cfg.in and let configure to the substitution
on unix. Adapted the namke files accordingly.
- Don't add doxygen as a dependency for libethereal and libui: As doxygen is
an unconditional target, this would cause the applications to be rebuild
every time make was called, even when nothing changed in the meantime.
This means that by now we need to do "make doxygen" manually in case we
want updated documentation.
svn path=/trunk/; revision=11238
use to format 64-bit integers.
Fix the RSVP dissector to use that rather than hardcoding "%ll" in.
Remove the "only if G_HAVE_GINT64 is defined" bit from the discussion of
64-bit integers - we're too dependent on having them to support
compilers that don't have a 64-bit integral data type. Do, however,
note that neither "long" nor "long long" are acceptable, and also note
that you shouldn't assume "%ll" does the trick for printing them.
svn path=/trunk/; revision=11182
the parse finishes (forcing us to feed the parser an end-of-input even
after an error) is that we don't create a new parser object when we
start a new parse and don't destroy it when the parse finishes.
svn path=/trunk/; revision=11156
Add a #define to enable parser tracing.
Clean up parser state when finished parsing, even if we stopped
parsing due to a syntax error, so that there's nothing left
around to screw up the next parse.
svn path=/trunk/; revision=11152
Use gint32 instead of guint32 for node data.
Fix up some other signed-vs-unsigned issues in the display filter
parser and lexical analyzer.
svn path=/trunk/; revision=11085
Fix assertion failure when absolute value of negative slice
offset > field length.
Remove code for handling negative slice lengths.
svn path=/trunk/; revision=11084
Check slice lengths as well as offsets. Disallow negative/zero
lengths.
Range on RHS of display filter expression wasn't being checked in
every case.
svn path=/trunk/; revision=11083
Use gint32 instead of guint32 and strtol() instead of strtoul()
for signed integers.
Pathological slice specifications could cause Flex default rule
to be invoked, echoing characters to stdout.
Example: frame[0foo]==1
svn path=/trunk/; revision=11082
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
Error if protocol specified on RHS of display filter comparison.
If user specified "fc", they probably intended a byte value rather than
the fibre channel protocol; fix makes mistake clear.
Fix assertion failure with range on LHS of display filter comparison
and field on RHS.
svn path=/trunk/; revision=10829
octal, as the maximum of 3 octal digits can be more than 0377, but not
necessary for hex, as the maximum of 2 hex digits can't be more than
0xff).
svn path=/trunk/; revision=10827