| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
up with the original request, without matching unrelated replies with
that request.
svn path=/trunk/; revision=12145
|
| |
|
|
|
|
| |
"packet-windows-common.[ch]".
svn path=/trunk/; revision=11592
|
| |
|
|
|
|
|
|
|
| |
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
always contain an SMB command code (SMB requests and responses both have
command codes, so there's no "unknown" out-of-band value); make it a
"guint8".
Make the argument to "decode_smb_name()" a "guint8" as an SMB command
code is passed to it ("guint8" and "unsigned char" are the same types on
all platforms we're likely to deal with, so it's a cosmetic change, not
a semantic one).
Put in an extra "GPOINTER_TO_UINT()" call before casting
"si->sip->extra_info" to "guint16", to squelch compiler warnings.
svn path=/trunk/; revision=9335
|
| |
|
|
|
|
|
|
| |
multiple NetBIOS-over-TCP session service messages in a TCP segment, and
they can contain the final portions of different DCERPC calls. Don't
assume a frame number is sufficient to identify DCE RPC calls.
svn path=/trunk/; revision=7777
|
| |
|
|
|
|
|
|
|
|
|
| |
the call to initialize it; move the call to initialize it to the
registration routine for the dissector that uses it, move the definition
of ""dcerpc_fragment_table" to packet-smb-pipe.c, make it static, and
remove the declaration of it from smb.h.
Add some casts to squelch compiler complaints.
svn path=/trunk/; revision=7449
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the actual reassembly to packet-smb-pipe.c instead of having it inside
the packet-smb.b/Write_andX and ReadAndX dissectors.
Change the dissector to only call dcerpc dissector from the packet where
reassembly was completed instead of always from the first fragment.
Add display fiulter field for the other fragments that display which frame the dcerpc pdu was reassembled in.
This is needed in order to be able to reassemble the type of dcerpc fragments
that are sent between nt4 dc's.
The DCERPC fragment reassembly in the dcerpc layer is still broken though, and
i think it has been broken for quite some time. That will be addressed shortly.
svn path=/trunk/; revision=7445
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.
For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().
Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.
svn path=/trunk/; revision=7362
|
| |
|
|
| |
svn path=/trunk/; revision=7192
|
| |
|
|
|
|
|
|
|
|
|
|
| |
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
|
| |
|
|
| |
svn path=/trunk/; revision=6151
|
| |
|
|
|
|
| |
being used properly.
svn path=/trunk/; revision=6149
|
| |
|
|
|
|
| |
More to do yet though ...
svn path=/trunk/; revision=6148
|
| |
|
|
|
|
|
| |
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
| |
|
|
| |
svn path=/trunk/; revision=6055
|
| |
|
|
| |
svn path=/trunk/; revision=5962
|
| |
|
|
|
|
| |
request and response.
svn path=/trunk/; revision=5895
|
| |
|
|
|
|
|
|
|
|
| |
Microsoft Networks SMB File Sharing Protocol Extensions Version
2.0, Document Version 3.3, November 7, 1988;
Microsoft Networks SMB File Sharing Protocol Extensions Version
3.0, Document Version 1.11, July 19, 1990.
svn path=/trunk/; revision=5566
|
| |
|
|
|
|
| |
error.
svn path=/trunk/; revision=5415
|
| |
|
|
|
|
|
|
| |
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
|
| |
|
|
| |
svn path=/trunk/; revision=5234
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have captures with w2k speaking DCERPC without using the normal
Transaction named pipes SMBs.
Instead DCERPC is just implemented ontop of ordinary read/write calls.
The smb dissector now examines TreeConnectAndX and stores the conversation/tid/type-of-share in a table for later access.
All SMB requests examine that hash table to find out if TID in the header refers
to a normal share or an IPC$ share.
Initial support in read/write SMB calls to detect if the operations are for an
IPC share and thus it assumes it must be DCERPC commands in the payload.
Desegmentation/Reassembly of these types of calls are not implemented yet.
svn path=/trunk/; revision=4952
|
| |
|
|
|
|
| |
packet-smb.c so that packet-smb-pipe.c can reference this struct as well.
svn path=/trunk/; revision=4947
|
| |
|
|
| |
svn path=/trunk/; revision=4946
|
| |
|
|
|
|
|
|
| |
remembers SMBs for request/response matching, and make sure the request
and the response have the same type (or that the response has a
different type but is a valid response to the request).
svn path=/trunk/; revision=4763
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CIFS draft spec speaks of both being used:
The multiplex ID (Mid) is used along with the Pid to allow
multiplexing the single client and server connection among the
client's multiple processes, threads, and requests per thread.
Clients may have many outstanding requests (up to the negotiated
number, MaxMpxCount) at one time. Servers MAY respond to
requests in any order, but a response message MUST always
contain the same Mid and Pid values as the corresponding request
message. The client MUST NOT have multiple outstanding requests
to a server with the same Mid and Pid.
and I have seen a capture where more than one PID is used on a given
connection and where the same MID is used with two different PIDs.
Get rid of the "mid" field in the "smb_info_t" structure - the MID is
not used outside "dissect_smb()".
svn path=/trunk/; revision=4495
|
| |
|
|
|
|
|
| |
DOS error codes to the table of them, and exporting that table to other
dissectors for protocols using DOS error codes.
svn path=/trunk/; revision=4470
|
| |
|
|
|
|
|
|
|
|
|
| |
add "dissect_ndr_ctx_hnd()" for dissecting context handles, and
use it in various DCERPC dissectors;
beef up the MS Security Account Manager dissector.
Also, export "NT_errors[]" for use by that dissector.
svn path=/trunk/; revision=4350
|
| |
|
|
| |
svn path=/trunk/; revision=4335
|
| |
|
|
|
|
| |
rename.
svn path=/trunk/; revision=4333
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"smb_saved_info_t" in the table of requests whose replies have been
found, don't look it up in the table of requests whose replies have not
been found - if the request in question has no reply in the capture,
that may find some later frame in the same conversation with the same
MID, and we don't need that information anyway - the only reason we
*need* that structure is to save information in it for use when
processing its reply, and we already did that the first time we
processed the request. (The information for the later frame may be bad,
e.g. having a null "extra_info" pointer, or having one that points to
information for another request.)
Arrange that we don't use the pointer to the "smb_saved_info_t" when
processing a request except to save information if the request hasn't
already been processed, as that pointer may not be valid if the request
has already been processed, as per the above.
svn path=/trunk/; revision=4292
|
| |
|
|
|
|
|
|
|
|
| |
#defines for SMB commands with ones that use the names from the SNIA
CIFS spec.
Use those #define values rather than hardcoded values in various places
that check for specific commands.
svn path=/trunk/; revision=4244
|
| |
|
|
|
|
|
|
|
|
|
| |
routines used for that.
Rename some named pipe functions as per the SNIA CIFS spec.
Label the "number of files moved" field of the reply to a Move SMB as
such, rather than as an unspecified "Count".
svn path=/trunk/; revision=4229
|
| |
|
|
|
|
| |
matching responses.
svn path=/trunk/; revision=4228
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"dissect_pipe_smb()", a tvbuff containing the setup words and the
pipe/mailslot pathname, as those are arguably the part of the packet
that contains the "mailslot protocol" and the "pipe protocol", as
opposed to the protocol running atop mailslots or pipes.
Pass a setup tvbuff to "dissect_pipe_smb()" for it to pass on to the
MSRPC-over-named-pipe dissector, and have the setup tvbuff passed to it
and "dissect_mailslot_smb()" contain *only* the setup words; don't
extract anything other than the setup words from it.
Declare "register_proto_smb_mailslot()" in "packet-smb-mailslot.h"
rather than "packet-smb.c", and declare "register_proto_smb_pipe()" in
"packet-smb-pipe.h" rather than "packet-smb.c".
Add a protocol for MSRPC-over-named-pipes.
Move the stuff to handle the FID in the setup words of
MSRPC-over-named-pipe transactions out of the SMB Transaction dissector
into the MSRPC dissector. Add a routine to "packet-smb.c", callable
from outside "packet-smb.c", to put an "smb.fid" field into the protocol
tree, and to add ", FID: XXXX" to the Info column, for use by the
MSRPC-over-named-pipe dissector; use it in the SMB dissector as well, in
all the places where we put a FID into the protocol tree.
Move the stuff to check whether the LANMAN protocol is enabled, and to
set "pinfo->current_proto" to "LANMAN" if it is, into the LANMAN
API-over-named-pipe dissector out of the named pipe protocol dissector.
If we didn't dissect a Transaction request or reply as a named pipe or
mailslot message, put any setup words, parameters, and data it has into
the protocol tree as separate items.
Don't put a "Response in" item into the protocol tree for an NT Cancel
request, as there are no responses to NT Cancel requests.
svn path=/trunk/; revision=4221
|
| |
|
|
|
|
| |
conversation matching.
svn path=/trunk/; revision=4220
|
| |
|
|
|
|
|
|
|
|
|
|
| |
structure, so that it can be updated by subdissectors; this way the
updates affect the structure immediately, and don't get lost if the
subdissector later throws an exception.
Use "tvb_reported_length()" to check for an interim mailslot reply;
"tvb_length()" could give the wrong answer if a short snapshot length
was given in the capture.
svn path=/trunk/; revision=4218
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"smb_saved_info_t". Put all the information needed to dissect NT
Transaction replies, Transaction2 replies, or Transaction replies into
separate data structures, allocated separately, and put a pointer to
that data structure in the "void *" in question.
Use the return value of "dissect_pipe_smb()" and
"dissect_mailslot_smb()" to control whether to display as data the stuff
those routines were asked to dissect.
If we've seen a request before, but its "smb_saved_info_t" isn't in the
"matched" hash table, look in the "unmatched" hash table - perhaps we
haven't seen the reply yet.
svn path=/trunk/; revision=4216
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Get rid of "Response to" stuff in the LANMAN dissector, as that's now
done in the SMB dissector.
Add a routine for dissecting unknown SMBs (gets the word and byte
counts, and just adds text entries for the word and byte parameters, if
any), and replace null pointers in the dissector table with pointers to
that routine. Get rid of the check for a null dissector pointer.
svn path=/trunk/; revision=4212
|
| |
|
|
|
|
|
|
|
| |
"Send buffer pointer" and "send buffer length" items appear not to be
sent over the wire.
Add support for Write And X.
svn path=/trunk/; revision=4204
|
| |
|
|
|
|
|
|
| |
from Ronnie Sahlberg.
Various other bug fixes, cleanups, and other improvements.
svn path=/trunk/; revision=4193
|
| |
|
|
| |
svn path=/trunk/; revision=4178
|
| |
|
|
|
|
| |
command names to match later SMB specs.
svn path=/trunk/; revision=4138
|
| |
|
|
| |
svn path=/trunk/; revision=3874
|
| |
|
|
|
|
|
| |
handle null pointer entries, and lets us make the dissection of those
APIs more table-driven.
svn path=/trunk/; revision=3873
|
| |
|
|
|
|
| |
continuations with the message to which they're a continuation.
svn path=/trunk/; revision=3834
|
| |
|
|
| |
svn path=/trunk/; revision=3832
|
| |
|
|
|
|
|
|
|
| |
places) dissector tvbuffified, from Ronnie Sahlberg and me.
Additional "are we past the end of the buffer" checks added, so that we
don't hand random junk to the transaction and transact2 dissectors.
svn path=/trunk/; revision=3824
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that rather than passing another copy of that flag to dissectors of
particular messages.
Pass that structure to the pipe subdissector by making "pi.private"
point to it, rather than by passing it as an explicit argument.
Change more of the
if (dirn == 1) {
...
}
if (dirn == 0) {
...
}
stuff to
if (dirn == 1) {
...
} else {
...
}
and then, as per the first paragraph, check the "request" flag in the
"smb_info" structure rather than checking a "dirn" flag.
Set "last_transact2_command" to -1 in the "smb_request_val" structures
for TRANSACTION requests, as it doesn't apply to those requests.
As "dissect_transact_params()" doesn't do any work if the "TransactName"
argument is null, don't bother calling it for a reply if we don't have an
"smb_request_val" for the corresponding request, as that means we can't
find out the value to pass as the "TransactName" argument.
svn path=/trunk/; revision=3822
|
