| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
There was a core dump because of a coding oversight. Should be fixed
now Gilbert.
Should now handle names of form \<somepipe>
Will screw up if there is no leading slash, but in a non-fatal way, I
think.
svn path=/trunk/; revision=1041
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
much more complete decoding of browse messages.
They are now shown in the parent tree as well.
I still have problems with:
1. Times
2. Election criteral
I also haven't been able to see a BecomeBackup request, nor a
GetBackupListResp with more than one browser ... Should run a Windows NT
server or another Samba on my network.
I am also not sure of there are any more message types. Damn! Old, and
wrong MS documents!
svn path=/trunk/; revision=1025
|
| |
|
|
|
|
|
|
|
|
|
|
| |
MS Windows Browser messages. Can decode host announcements now.
Still need to decode more. Also need to break the new code out.
I also have the Browse tree at the wrong location. Can I get at the
parent of the tree somewhere, or do I have to pass it in as a variable?
svn path=/trunk/; revision=1024
|
| |
|
|
|
|
| |
exposed by Win2000 interacting with a Samba server ...
svn path=/trunk/; revision=1010
|
| |
|
|
| |
svn path=/trunk/; revision=937
|
| |
|
|
| |
svn path=/trunk/; revision=929
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace "add_to_conversation()" with:
"conversation_new()", which creates a new conversation, given
source and destination addresses and ports, and returns a
pointer to the structure for the conversation;
"find_conversation()", which tries to find a conversation for
given source and destination addresses and ports, and returns a
pointer to the structure for the conversation if found, and a
null pointer if not found.
Add a private data pointer field to the conversation structure, and have
"conversation_new()" take an argument that specifies what to set that
pointer to; that lets clients of the conversation code hang arbitrary
data off the conversation (e.g., a hash table of protocol requests and
replies, in case the protocol is a request/reply protocol wherein the
reply doesn't say what type of request it's a reply to, and you need
that information to dissect the reply).
svn path=/trunk/; revision=920
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
|
| |
|
|
|
|
|
|
|
|
|
| |
Is this file generated code ?
If not, please :
- get rid of compilation warnings
- put the # of preprocessor macros at the first column
svn path=/trunk/; revision=863
|
| |
|
|
|
|
|
|
|
|
| |
Added decoder for transact SMBs.
Changed things a lot for state keeping.
Next thing is to decode transacts and transact2s more.
svn path=/trunk/; revision=860
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also added first pass of state keeping. I am using glib's hash
functions.
Modelled after packet-ncp.c.
We will need to standardize the <proto>_init_protocol functions called in
file.c at some stage ...
I will have a couple of more goes at the state keeping before I am finished.
At the moment, the infrastructure is there but I do nothing with it.
svn path=/trunk/; revision=798
|
| |
|
|
|
|
|
|
| |
as an argument. ("time_t" could be 64 bits - I think it is 64 bits on
some platforms, e.g. Alpha Linux - and it's typically signed rather
than unsigned.)
svn path=/trunk/; revision=760
|
| |
|
|
|
|
|
|
|
|
| |
1. Fix some silly errors.
2. Dont decode beyond Word Count if errcode > 0
3. Decode a bunch mode SMBs
Next is to keep state so we can do a better job ...
svn path=/trunk/; revision=758
|
| |
|
|
|
|
|
|
|
|
|
| |
specified number of bytes of captured data in the frame at the specified
offset, and a "IS_DATA_IN_FRAME()" macro, to test whether there are any
bytes of captured data in the frame at the specified offset, and convert
some bounds checks to use them.
Add a dissector for the Internet Printing Protocol.
svn path=/trunk/; revision=685
|
| |
|
|
|
|
|
| |
use END_OF_FRAME), so that they don't look at stuff in an IP datagram
past the end of the IP datagram (i.e., frame padding).
svn path=/trunk/; revision=584
|
| |
|
|
| |
svn path=/trunk/; revision=565
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bunch of source files.
Replace the "payload" field of a "packet_info" structure with "len" and
"captured_len" fields, which contain the total packet length and total
captured packet length (including all headers) at the current protocol
layer (i.e., if a given layer has a length field, and that length field
says its shorter than the length we got from the capture, reduce the
"pi.len" and "pi.captured_len" values appropriately). Those fields can
be used in the future if we add checks to make sure a field we're
extracting from a packet doesn't go past the end of the packet, or past
the captured part of the packet.
Get rid of the additional payload argument to some dissection functions;
use "pi.captured_len - offset" instead.
Have the END_OF_FRAME macro use "pi.captured_len" rather than
"fd->cap_len", so that "dissect the rest of the frame" becomes "dissect
the rest of the packet", and doesn't dissect end-of-frame padding such
as padding added to make an Ethernet frame 60 or more octets long. (We
might want to rename it END_OF_PACKET; if we ever want to label the
end-of-frame padding for the benefit of people curious what that extra
gunk is, we could have a separate END_OF_FRAME macro that uses
"fd->cap_len".)
svn path=/trunk/; revision=506
|
| |
|
|
|
|
|
| |
allowing users to filter on the existence of these protocols. I also
added packet-clip.c to the Nmake makefile.
svn path=/trunk/; revision=402
|
| |
|
|
|
|
|
| |
Initialized AndXCommand to 0 in packet-smb.c just to get rid of compiler
warning about 'possibly used uninitialized'.
svn path=/trunk/; revision=382
|
| |
|
|
|
|
|
|
|
|
|
|
| |
but does not link. Perhaps someone who understands the MS tools can help
out. I made it link a few months ago, but with different version of glib/gtk+.
I can't remember how I made it link.
Most of the compatibility issues were resolved with adding
#ifdef HAVE_UNISTD_H the the source code. Please be sure to add this to all
future code.
svn path=/trunk/; revision=359
|
| |
|
|
|
|
|
|
|
|
| |
and some difficult things.
I should not have blown away any of Gilbert's stuff this time around ...
Hope not anyway ...
svn path=/trunk/; revision=357
|
| |
|
|
|
|
|
| |
Gilbert's new protocol-tree code (and to a bunch of other changes); put
all the missing changes back in.
svn path=/trunk/; revision=354
|
| |
|
|
|
|
|
|
| |
problems with single bit fields when declared as an enumerated field.
It shows an unknown ... Damn ... Can't see what the problem is.
svn path=/trunk/; revision=353
|
| |
|
|
|
|
|
| |
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
|
| |
|
|
| |
svn path=/trunk/; revision=335
|
| |
|
|
|
|
|
|
| |
Hope it is all OK.
This is getting interesting.
svn path=/trunk/; revision=334
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"fd->cap_len - offset", i.e. END_OF_FRAME, is unsigned, so
while (END_OF_FRAME > 0) {
doesn't keep you out of the loop if "offset" is already beyond
"fd->cap_len", so you can try processing stuff past the end of the
captured data in the packet.
svn path=/trunk/; revision=298
|
| |
|
|
|
|
|
|
|
| |
in.
Would like to remove it from packet-tftp.c as well to remove our
dependence on that file as well.
svn path=/trunk/; revision=285
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
can be used by dissectors other than ARP to display byte arrays as
strings of hex digits.
Add a routine to extract a null-terminated Unicode string and turn it
into an ISO 8859-1 string for display. (Ultimately, we should determine
what character sets the X server or printer or whatever can handle, and
turn it into the appropriate character set.)
Display the challenge in "core-to-LANMAN-2.1" Negotiate Protocol
responses as a string of hex digits - but only if the length is
non-zero. (It's a counted array, not a null-terminated string.)
Display some additional security mode bits in an NT LM 0.12 Negotiate
Protocol response.
Display some additional bits in the "capabilities" field of the
Negotiate Protocol response.
Display the challenge in an NT LM 0.12 Negotiate Protocol response as a
string of hex digits (it's a counted array, not a null-terminated
string).
Display the domain name as Unicode in an NT LM 0.12 Negotiate Protocol
response if the capabilities field has the "supports Unicode" bit set
(no, not the "Unicode" bit in the "flags2" field - NT doesn't set that
in the response, even though it sends the domain name over in Unicode!).
Display some additional bits in the "flags2" field of an SMB.
svn path=/trunk/; revision=275
|
| |
|
|
|
|
| |
"draft-leach-cifs-v1-spec-01.txt" CIFS Internet draft.
svn path=/trunk/; revision=274
|
| |
|
|
|
|
| |
date/time formats used in SMB...).
svn path=/trunk/; revision=273
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix the "proto_tree_add_item()" used when the server didn't support any
of the dialects the client offered not to print the dialect index.
In the "Core to LANMAN 2.1" "negotiate protocol" decode, show the time
zone as minutes from UTC, just as is done for the "post-LANMAN 2.1"
decode.
svn path=/trunk/; revision=272
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
fixes, as I had to manually apply his fixes. It is a long story,
but my development environment is, umm, interesting.
Thanks to Guy for spotting the problems in my Core Proto to LanMan 2.0
decode probs.
I did not spot them and I do not have any such traces to check
against.
svn path=/trunk/; revision=271
|
| |
|
|
|
|
|
|
|
| |
2.1" "negotiate protocol" responses.
Display unsigned fields in "negotiate protocol" as unsigned, rather than
signed, values.
svn path=/trunk/; revision=268
|
| |
|
|
|
|
|
|
|
| |
Squelch another "variable may be used without being initialized"
complaint (also due to insufficiently sophisticated dataflow analysis by
EGCS 1.1), and a number of "unused variable" complaints, as well as
"assigning a 'const XXX *' to an 'XXX *'" complaints.
svn path=/trunk/; revision=266
|
| |
|
|
|
|
|
|
| |
but not the responses, and do not handle the ANDX part yet,
but I have a Linux course to develop, so that is enough for
now.
svn path=/trunk/; revision=261
|
| |
|
|
| |
svn path=/trunk/; revision=260
|
|
|
svn path=/trunk/; revision=259
|
