aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Get rid of the "len" and "captured_len" members of the "packet_info"Guy Harris2001-11-2011-119/+34
| | | | | | structure; they're no longer used. svn path=/trunk/; revision=4236
* Make the capture routines take an additional argument giving the amountGuy Harris2001-11-2037-189/+199
| | | | | | | | | | | of packet data captured. Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the packet" argument. Add some length checks to capture routines. svn path=/trunk/; revision=4235
* "END_OF_FRAME" and "IS_DATA_IN_FRAME()" are no longer used; get rid ofGuy Harris2001-11-201-13/+5
| | | | | | them. svn path=/trunk/; revision=4234
* Have a routine to add all the hex dump tabs to the hex dump notebook,Guy Harris2001-11-204-35/+36
| | | | | | | and call it both from "select_packet()" and "create_new_window()", rather than having two similar loops in both places. svn path=/trunk/; revision=4233
* If bytes in a hex dump view are selected, the field in the correspondingGuy Harris2001-11-203-11/+28
| | | | | | | text view should be selected, rather than always selecting a field in the main text view. svn path=/trunk/; revision=4232
* Allow the tvbuff pointer to various "proto_tree_add" routines to be nullGuy Harris2001-11-205-18/+40
| | | | | | | | | | | | | if (and only if) the length of the item being added is 0 (so that it has no data backing it). This means the data stream name pointer for the item in question is null; make sure we handle that. Use that for some "uses the value from the matching request" fields in the SMB Pipe protocol. svn path=/trunk/; revision=4231
* From Ronnie Sahlberg: handle transaction continuations the way we handleGuy Harris2001-11-201-27/+69
| | | | | | NT Cancel, as transaction continuations don't get a response, either. svn path=/trunk/; revision=4230
* Dissect the rest of the named pipe protocol. Export from "packet-smb.c"Guy Harris2001-11-203-42/+197
| | | | | | | | | | | routines used for that. Rename some named pipe functions as per the SNIA CIFS spec. Label the "number of files moved" field of the reply to a Move SMB as such, rather than as an unspecified "Count". svn path=/trunk/; revision=4229
* Save the function code and FID for pipe requests, and use it for theGuy Harris2001-11-203-25/+77
| | | | | | matching responses. svn path=/trunk/; revision=4228
* From Frank Singleton:Guy Harris2001-11-191-3/+4
| | | | | | | | | - accept struct and union lists passed in via ethereal_be.py - these lists are unused until I add the templates for struct and union helper functions. So code generation is unchanged for the moment. svn path=/trunk/; revision=4227
* From Frank Singleton:Guy Harris2001-11-191-18/+164
| | | | | | | | | - find all union/struct references and store in lists. This includes embedded unions and structs. - pass the struct and union lists onto ethereal_gen.py - print all found nodes at DEBUG svn path=/trunk/; revision=4226
* When reading the preferences file, if the "module.preference" stringGilbert Ramirez2001-11-191-18/+35
| | | | | | | | | | references an unknown module, check the "preference" part to see if another "." is found; iterate until a known module is found, or until nor more "."'s are found. Needed for the new "x.25.non_q_bit_is_sna" preference. svn path=/trunk/; revision=4225
* If we know the pipe function code, put the function into the InfoGuy Harris2001-11-191-1/+6
| | | | | | column. svn path=/trunk/; revision=4224
* Dissect the setup words in pipe transactions that have them; thatGuy Harris2001-11-193-192/+339
| | | | | | | | | | | | | | | obviates the need to have a protocol tree item for "MSRPC-over-SMB", as the setup words for it are just standard TransactNmPipe setup words (0x26 is the TransactNmPipe function code, and the next setup word is the FID for the pipe in question.) Pass to the pipe dissector tvbuffs for setup-words-plus-pipe (which is the data for the pipe protocol) and parameters-plus-data (which is the data for the protocol running atop the pipe protocol); use the former for the top-level protocol tree item for the pipe protocol, and the latter for the top-level protocol tree item for the LANMAN protocol. svn path=/trunk/; revision=4223
* Make the register routines for the mailslot, pipe, browser, andGuy Harris2001-11-197-34/+12
| | | | | | | | mailslot-based logon protocols just be regular register routines, detected by the script that generates the "register.c" file, rather than special stuff known to the SMB dissector. svn path=/trunk/; revision=4222
* Pass, as the first tvbuff argument to "dissect_mailslot_smb()" andGuy Harris2001-11-196-164/+277
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "dissect_pipe_smb()", a tvbuff containing the setup words and the pipe/mailslot pathname, as those are arguably the part of the packet that contains the "mailslot protocol" and the "pipe protocol", as opposed to the protocol running atop mailslots or pipes. Pass a setup tvbuff to "dissect_pipe_smb()" for it to pass on to the MSRPC-over-named-pipe dissector, and have the setup tvbuff passed to it and "dissect_mailslot_smb()" contain *only* the setup words; don't extract anything other than the setup words from it. Declare "register_proto_smb_mailslot()" in "packet-smb-mailslot.h" rather than "packet-smb.c", and declare "register_proto_smb_pipe()" in "packet-smb-pipe.h" rather than "packet-smb.c". Add a protocol for MSRPC-over-named-pipes. Move the stuff to handle the FID in the setup words of MSRPC-over-named-pipe transactions out of the SMB Transaction dissector into the MSRPC dissector. Add a routine to "packet-smb.c", callable from outside "packet-smb.c", to put an "smb.fid" field into the protocol tree, and to add ", FID: XXXX" to the Info column, for use by the MSRPC-over-named-pipe dissector; use it in the SMB dissector as well, in all the places where we put a FID into the protocol tree. Move the stuff to check whether the LANMAN protocol is enabled, and to set "pinfo->current_proto" to "LANMAN" if it is, into the LANMAN API-over-named-pipe dissector out of the named pipe protocol dissector. If we didn't dissect a Transaction request or reply as a named pipe or mailslot message, put any setup words, parameters, and data it has into the protocol tree as separate items. Don't put a "Response in" item into the protocol tree for an NT Cancel request, as there are no responses to NT Cancel requests. svn path=/trunk/; revision=4221
* From Tim Potter: use the FID, for DCE RPC-over-SMB, as part of theGuy Harris2001-11-185-6/+60
| | | | | | conversation matching. svn path=/trunk/; revision=4220
* From Tim Potter:Guy Harris2001-11-182-8/+71
| | | | | | | | | | | | | display the returned FID in the Info column for NT Create And X replies; display the setup words, and treat the second word as a FID in Transaction requests presumed to contain DCE RPC-over-SMB. Add the FID to the Info column for other open/create replies while we're at it. svn path=/trunk/; revision=4219
* Pass in the "smb_info" structure a pointer to the "smb_saved_info_t"Guy Harris2001-11-184-123/+203
| | | | | | | | | | | | structure, so that it can be updated by subdissectors; this way the updates affect the structure immediately, and don't get lost if the subdissector later throws an exception. Use "tvb_reported_length()" to check for an interim mailslot reply; "tvb_length()" could give the wrong answer if a short snapshot length was given in the capture. svn path=/trunk/; revision=4218
* Added hooks to allow the registration of heuristic subdissectors ofEd Warnicke2001-11-181-1/+19
| | | | | | http. svn path=/trunk/; revision=4217
* Have only the request and response frame numbers, and a "void *", in anGuy Harris2001-11-184-239/+391
| | | | | | | | | | | | | | | | | "smb_saved_info_t". Put all the information needed to dissect NT Transaction replies, Transaction2 replies, or Transaction replies into separate data structures, allocated separately, and put a pointer to that data structure in the "void *" in question. Use the return value of "dissect_pipe_smb()" and "dissect_mailslot_smb()" to control whether to display as data the stuff those routines were asked to dissect. If we've seen a request before, but its "smb_saved_info_t" isn't in the "matched" hash table, look in the "unmatched" hash table - perhaps we haven't seen the reply yet. svn path=/trunk/; revision=4216
* Add some bits in the Write AndX write mode as per "Microsoft NetworksGuy Harris2001-11-161-3/+29
| | | | | | | | | SMB FILE SHARING PROTOCOL EXTENSIONS, SMB File Sharing Protocol Extensions Version 2.0, Document Version 3.3". Fix the test for the "connectionless mode" to test the correct bit. svn path=/trunk/; revision=4215
* Never put an entry into the hash table for an NT Cancel request, even ifGuy Harris2001-11-161-7/+10
| | | | | | we didn't find the request it's cancelling. svn path=/trunk/; revision=4214
* Don't save a full "smb_info" structure in the hash tables for requestsGuy Harris2001-11-161-94/+133
| | | | | | | | | | | | | | | and replies, just save a structure holding that information that can't be derived from the contents of one of the SMBs. Don't save anything at all for NT Cancel requests - they have the same TID/PID/MID/UID as the SMB being cancelled, and you want the information for that request used when dissecting the NT Cancel (so it gets the number of the frame containing the request being cancelled) and when dissecting the reply to the request being cancelled. Get rid of an unused routine. svn path=/trunk/; revision=4213
* Cleanup of request/response matching, from Ronnie Sahlberg.Guy Harris2001-11-163-907/+454
| | | | | | | | | | | | Get rid of "Response to" stuff in the LANMAN dissector, as that's now done in the SMB dissector. Add a routine for dissecting unknown SMBs (gets the word and byte counts, and just adds text entries for the word and byte parameters, if any), and replace null pointers in the dissector table with pointers to that routine. Get rid of the check for a null dissector pointer. svn path=/trunk/; revision=4212
* Responses to queries for stream information can return more than oneGuy Harris2001-11-161-24/+69
| | | | | | | | | piece of information in the reply, as a file can have more than one stream; show all of them. Don't use the "File Name" field for stream names. svn path=/trunk/; revision=4211
* Use "hf_smb_t2_stream_size", not "hf_smb_t2_stream_name_length", whenGuy Harris2001-11-161-2/+2
| | | | | | adding the stream size. svn path=/trunk/; revision=4210
* Add "packet-qllc.c".Guy Harris2001-11-151-1/+2
| | | | svn path=/trunk/; revision=4209
* Update Gerald's e-mail address.Guy Harris2001-11-151-3/+2
| | | | svn path=/trunk/; revision=4208
* Add support for SNA-over-X.25. Add QLLC dissector. I still need toGilbert Ramirez2001-11-154-32/+263
| | | | | | | | work on dissecting the Information frame of QLLC packets. Thanks to mario.ferreira@hsbc.com.br for lots of information on SNA over X.25. svn path=/trunk/; revision=4207
* Add some packet-*.h files to noinst_HEADERS.Gilbert Ramirez2001-11-151-1/+10
| | | | svn path=/trunk/; revision=4206
* Get rid of NullTVB, the "compat_top_tvb" member of the "packet_info"Guy Harris2001-11-1511-35/+13
| | | | | | | | structure, the check for a null tvbuff pointer in "alloc_field_info()", and the "tvb_create_from_top()" macro; they're no longer needed, as there's no non-tvbuffified dissector code remaining. svn path=/trunk/; revision=4205
* Tvbuffification of Transaction requests, from Ronnie Sahlberg.Guy Harris2001-11-156-1501/+438
| | | | | | | | | "Send buffer pointer" and "send buffer length" items appear not to be sent over the wire. Add support for Write And X. svn path=/trunk/; revision=4204
* Make the RADIUS dissector handle bogus AVPs (AVPs with a length lessGuy Harris2001-11-141-5/+12
| | | | | | than the size of the AVP header) a bit better. svn path=/trunk/; revision=4203
* Back the previous hack out - the padding is often zero, but it's notGuy Harris2001-11-141-68/+3
| | | | | | | | *always* zero, so it won't always work, and it's somewhat gross. The right answer is "don't use Digital/Tru64 UNIX's tcpdump, use tcpdump.org's". svn path=/trunk/; revision=4202
* Throw in a hack to try to detect FDDI captures from Digital UNIX'sGuy Harris2001-11-141-3/+68
| | | | | | | tcpdump and, if we think we've found one, strip off the 3 padding bytes they put in front of the frame. svn path=/trunk/; revision=4201
* Update two values for XAUTH (XAUTH-NEXT-PIN, XAUTH-ANSWER), inGilbert Ramirez2001-11-141-1/+3
| | | | | | | accordance with http://www.vpnc.org/draft-beaulieu-ike-xauth. From Yaniv Kaul <ykaul@checkpoint.com> svn path=/trunk/; revision=4200
* Hopefully the last time I have to change my e-mail address.Gilbert Ramirez2001-11-1389-175/+170
| | | | svn path=/trunk/; revision=4199
* Squelch an MSVC++ complaint.Guy Harris2001-11-131-1/+2
| | | | svn path=/trunk/; revision=4198
* The hash table merely associates data structures with conversations,Guy Harris2001-11-131-65/+9
| | | | | | | but you can do that directly, so eliminate the hash table and just attach the data structures to the conversation directly. svn path=/trunk/; revision=4197
* Include the sync I/O alert and nonalert bits.Guy Harris2001-11-121-1/+23
| | | | | | Put in comments about some of the other bits. svn path=/trunk/; revision=4196
* From Tim Potter: added code to call request and reply subdissectors in DCEGuy Harris2001-11-122-6/+14
| | | | | | RPC. svn path=/trunk/; revision=4195
* Support for DCE RPC atop SMB, and support for several Microsoft DCE RPCGuy Harris2001-11-1222-5/+1294
| | | | | | services used with SMB, from Tim Potter. svn path=/trunk/; revision=4194
* Transaction2 tvbuffified, and support added for many Transaction2 SMBs,Guy Harris2001-11-122-1302/+4279
| | | | | | | | from Ronnie Sahlberg. Various other bug fixes, cleanups, and other improvements. svn path=/trunk/; revision=4193
* Dissect the NT create option bits. (Well, some of them, anyway.)Guy Harris2001-11-111-35/+149
| | | | svn path=/trunk/; revision=4192
* Change from Tim Potter to show the error status in the Info column forGuy Harris2001-11-101-21/+171
| | | | | | | | SMBs that got errors. Add some additional access mask bits, and the URL of another spec. svn path=/trunk/; revision=4191
* Microsoft calls it "Dfs", not "DFS", perhaps to avoid confusion with theGuy Harris2001-11-091-6/+6
| | | | | | OSF's DCE DFS (which is completely unrelated to Dfs). svn path=/trunk/; revision=4190
* NT Create and X support, from Ronnie Sahlberg.Guy Harris2001-11-091-7/+280
| | | | | | | | | | | "#if 0" out an unused routine, pending determination of whether there's any place that would use it. Fix some typos. Display the NT create options in hex, as they appear to be a bitmask. svn path=/trunk/; revision=4189
* Remove "text2pcap-scanner.obj" and "tools\lemon\lemon.obj" when a "nmakeGuy Harris2001-11-092-4/+4
| | | | | | clean" is done. svn path=/trunk/; revision=4188
* Fix a couple of comments.Guy Harris2001-11-091-4/+4
| | | | svn path=/trunk/; revision=4187
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-25 00:52:37 +0000