guy [Sun, 24 Mar 2002 12:25:40 +0000 (12:25 +0000)]
Fix "dissect_ndr_nt_UNICODE_STRING_str()" so that the "di->levels" value
is decremented after every level is appended to, so that it correctly
specifies the number of levels up the tree to which to append stuff.
Fix some arguments to various printing routines to specify the correct
level. This includes making "dissect_ndr_nt_UNICODE_STRING()" add 1 to
the level argument it's passed before passing it on to
"dissect_ndr_pointer()".
Add a "netlogon_dissect_UNICODE_STRING()" routine to put the fields of a
bunch of NDR_POINTER_REF UNICODE_STRING values into subtrees.
Fix the labels passed as arguments in a bunch of "dissect_ndr_pointer()"
calls.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5011
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 23 Mar 2002 22:03:41 +0000 (22:03 +0000)]
From Heikki Vatiainen: fix the test for IS-IS virtual links.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5010
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 23 Mar 2002 22:02:20 +0000 (22:02 +0000)]
CGMP-over-Ethernet II support, from Heikki Vatiainen.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5009
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 23 Mar 2002 21:24:38 +0000 (21:24 +0000)]
From Adam Sulmicki: state machine changes to update the state better,
and changes to the display items for LEAP challenges and responses.
Make the LEAP state per-conversation.
Get rid of some unneeded includes.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5008
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 23 Mar 2002 01:01:26 +0000 (01:01 +0000)]
Default to *not* using the UCD SNMP library, as the current versions
have buffer-overflow vulnerabilities that we can't avoid. You have to
ask for it explicitly if you want it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5007
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 23 Mar 2002 00:20:17 +0000 (00:20 +0000)]
Update from Diana Eichert to remove the comments with her login name.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5006
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 22 Mar 2002 23:42:27 +0000 (23:42 +0000)]
From Diana Eichert: add a "-q" flag to Tethereal to suppress packet
count display.
Update the Tethereal man page to reflect the new option.
Update both the Ethereal and Tethereal man pages to use the same style
to describe options, e.g.
-Z Cause Ethereal to draw the mark of Zorro on the display.
rather than
-Z Causes Ethereal to draw the mark of Zorro on the display.
(some were using the first and some were using the second).
Update the Ethereal man page to do the same for menu items.
Update both the Ethereal and Tethereal man pages to better describe the
"-N" flag (by noting that any form of name resolution *not* specified in
the flag is turned *off*).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5005
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 22 Mar 2002 11:41:59 +0000 (11:41 +0000)]
Attach to all frames containing LEAP messages an indication of the state
of the LEAP negotiation, so we can properly dissect the LEAP message
after the first pass through the packets.
For that to be computed correctly, EAP frames have to be dissected on
the first pass through the capture file, even if the protocol tree isn't
being generated; that means that RADIUS AVPs need to be dissected even
if the protocol tree isn't being generated.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5004
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 22 Mar 2002 10:03:36 +0000 (10:03 +0000)]
Add a cleanup function to close a potential memory leak.
Get rid of an assigned-to-but-not-used variable.
From Steven French: add names for some additional calls.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5003
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 22 Mar 2002 09:44:58 +0000 (09:44 +0000)]
For DCE RPC requests and replies, put an item into the protocol tree for
the sub-protocol containing the actual operation number (which isn't
necessarily the operation number in a connectionless reply's PDU;
sometimes the operation number in a connectionless reply appears to be
garbage, and it's not what we use to dissect the reply in any case), and
also giving the name of the operation, if we know it.
Show the authentication data in connectionless PDUs, if present, as an
item in the protocol tree.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5002
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 22 Mar 2002 02:38:54 +0000 (02:38 +0000)]
Additional vendor (Issani) for Radius, and Issani VSA support for
Radius, from Jim Sienicki.
Put Jakob Schlyter into the contributors list in the Ethereal man page.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5001
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 21 Mar 2002 11:18:44 +0000 (11:18 +0000)]
Improve the media payload type names some more, and add some new ones I
found in a Cisco document.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5000
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 21 Mar 2002 11:08:39 +0000 (11:08 +0000)]
Use somewhat nicer names for the media payload types.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4999
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 21 Mar 2002 09:35:52 +0000 (09:35 +0000)]
From Todd Sabin: set the tvbuff length of the stub data for
connectionless calls to the fragment length.
Add value_string tables for authentication protocol and level values.
Show the authentication protocol in decimal in connectionless PDUs, just
as we do in connection-oriented PDUs.
Get the authentication level from connection-oriented request and reply
PDUs and, if it's DCE_C_AUTHN_LEVEL_PKT_PRIVACY, don't hand the stub
data to subdissectors, just show it as encrypted stub data.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4998
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Thu, 21 Mar 2002 03:08:46 +0000 (03:08 +0000)]
From Jakob Schlyter, add the "MESSAGE" method.
Add the "QAUTH" and "DO" methods as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4997
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 20 Mar 2002 23:32:54 +0000 (23:32 +0000)]
Updates from Paul Erkkila.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4996
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 20 Mar 2002 21:28:14 +0000 (21:28 +0000)]
Update to draft 11, from Mark Burton.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4995
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 20 Mar 2002 21:01:21 +0000 (21:01 +0000)]
Updates from Paul E. Erkkila.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4994
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 20 Mar 2002 19:45:51 +0000 (19:45 +0000)]
Produce ethereal-setup-$VERSION.exe instead of ethereal-setup.exe.
From Andrew C. Feren <aferen@cetacean.com>
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4993
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 20 Mar 2002 09:09:07 +0000 (09:09 +0000)]
The length argument to "fake_unicode()" is in characters, not bytes.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4992
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 20 Mar 2002 07:55:51 +0000 (07:55 +0000)]
When dissecting an SID with more than 4 authorities, increment the
offset to go past the last authority (the RID).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4991
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 20 Mar 2002 07:39:18 +0000 (07:39 +0000)]
In "fake_unicode()", check to make sure we have all the data in the
string available in the tvbuff before we allocate the buffer; this means
that
1) we don't have to register a cleanup function to free the
buffer if we throw an exception trying to fetch some of the
data, because we won't even try to allocate the buffer if we
don't have all the data
and
2) we won't try to allocate a buffer with a bogus too-large
length, as if the length is too large, we'll throw an
exception in the check.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4990
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 20 Mar 2002 06:51:14 +0000 (06:51 +0000)]
Handle Read operations on IPC trees as DCE RPC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4989
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Tue, 19 Mar 2002 23:14:39 +0000 (23:14 +0000)]
Express the RID separately of more than 4 sub-authorities. It is always the
last sub-authority.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4988
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 22:12:03 +0000 (22:12 +0000)]
Treat WriteAndX operations on IPC trees as containing DCERPC call
information, just as is done for Write.
Squelch a compiler warning.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4987
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 22:09:23 +0000 (22:09 +0000)]
There is no guarantee that a buffer obtained using "tvb_get_ptr()" is
neatly aligned on a 2-byte or a 4-byte boundary, and there is no
guarantee that a misaligned pointer can be dereferenced without getting
a fault.
Furthermore, there is no guarantee that, even if you *can* dereference a
pointer to a 2-byte or 4-byte quantity in a packet, the resulting number
you get back is in the right byte order; the data in the packet might
have a different byte order from the machine on which you're running.
Therefore, we change "prs_uint8s()", "prs_uint16s()", and
"prs_uint32s()" to return the starting offset, in the tvbuff, of the
collection of 8-bit, 16-bit, or 32-bit integral values, rather than a
pointer to the raw packet data, and change their callers to fetch the
data using "tvb_get_guint8()", "tvb_get_letohs()", and
"tvb_get_letohl()" (the stuff in all the NT protocols is presumed to be
little-endian here). We also change "fake_unicode()" to take a tvbuff
and an offset, rather than a data pointer, as arguments, and to use
"tvb_get_letohs()" to fetch the Unicode characters (again, we assume
little-endian Unicode).
This requires "fake_unicode()" to establish a cleanup handler, so we
don't leak memory if it throws an exception.
We also make "fake_unicode()" use "g_malloc()" to allocate its buffer
(we weren't checking for allocation failures in any case; with
"g_malloc()", we'll abort on an allocation failure - if we can come up
with a cleverer way of handling them, fine), and the matching frees to
use "g_free()". (We also insert some missing frees....)
Fix some formats to print unsigned quantities with "%u", not "%d".
Don't append text to items in the tree for non-string values in
"dissect_ndr_nt_STRING_string()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4986
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 20:55:40 +0000 (20:55 +0000)]
From Adam Sulmicki: add support for NOTIFY and NAK EAP types, fix the
entry for the ID EAP type, and do some miscellaneous cleanups.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4985
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 12:02:03 +0000 (12:02 +0000)]
The data for EAP_TYPE_ID is just a string; display it with
"tvb_format_text()", as per Adam Sulmicki's suggestion.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4984
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 11:33:08 +0000 (11:33 +0000)]
From Adam Sulmicki: add all known EAP types.
Use "tvb_bytes_to_str()", not "tvb_format_text()", for binary data such
as challenges and responses.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4983
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 11:26:23 +0000 (11:26 +0000)]
Updates from Paul E. Erkkila.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4982
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 11:10:40 +0000 (11:10 +0000)]
Secondary addresses are NUL-terminated strings; treat them as such.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4981
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Tue, 19 Mar 2002 10:16:40 +0000 (10:16 +0000)]
Tiny quota updates
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4980
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 09:18:42 +0000 (09:18 +0000)]
Fix some comments.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4979
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 09:17:54 +0000 (09:17 +0000)]
Set the length for topology change BPDUs to 4, and leave the length of
unknown BPDU types alone.
Use the tvbuff's length in as the length of the top-level protocol tree
item.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4978
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 09:02:01 +0000 (09:02 +0000)]
Use "set_actual_length()" to set the reported length of the packet's
tvbuff, so we don't increase it past what was in the packet.
For packets with unknown BPDU types, put the value of the type into the
Info column.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4977
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 09:00:44 +0000 (09:00 +0000)]
Give all the items in the packet filterable fields, including the
bitfields in the flags field.
Put a summary of the flags in the protocol tree item for the flags
field.
Give the Protocol Identifier and BPDU Type fields value_string tables.
Don't bother with "proto_tree_add_uint_format()" for fields with
value_string tables - use the default format.
Put the "Version 1 Length" field into Rapid Spanning Tree packets.
Don't fetch items until you put them into the protocol tree.
Make the length of the top-level item be the correct length of the
packet, including the "Version 1 Length" field in RST packets. (XXX -
should it be really short for Topology Change Notification packets?)
For packets with unknown BPDU types, put the value of the type into the
Info column.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4976
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 08:47:11 +0000 (08:47 +0000)]
The protocol ID is an 8-bit field in the DEC spanning tree protocol.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4975
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 08:44:41 +0000 (08:44 +0000)]
Give all the items in the packet filterable fields, including the
bitfields in the flags field.
Put a summary of the flags in the protocol tree item for the flags
field.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4974
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 08:42:16 +0000 (08:42 +0000)]
Allow "proto_item_append_text()" to an item that doesn't have a
representation string - set the representation string to the default
representation. This lets you append to an item that's been added with
"proto_tree_add_XXX" calls that don't explicitly format the
representation string.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4973
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 19 Mar 2002 06:31:16 +0000 (06:31 +0000)]
Put in desegmentation support.
Use "proto_tree_add_item()" to add items to the protocol tree; don't
fetch to a variable if the variable isn't later used (except for the
"unknown" fields). Put fields into the protocol tree as soon as they're
fetched, so that if an exception is thrown when dissecting a packet, the
fields that didn't cause an exception get put into the protocol tree.
Fix some typos.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4972
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 18 Mar 2002 18:56:53 +0000 (18:56 +0000)]
LDP support for draft-martini-l2circuit-encap-mpls for
Ethernet-over-MPLS, from Aamer Akhter.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4971
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Mon, 18 Mar 2002 09:45:27 +0000 (09:45 +0000)]
Quota updates. GetUserQuota implemented and support for list of userquota structures
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4970
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Mon, 18 Mar 2002 08:34:18 +0000 (08:34 +0000)]
Add dissection of one more bit in Quota FS Flags bitmask
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4969
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 18 Mar 2002 07:56:06 +0000 (07:56 +0000)]
Don't show a secondary address if the secondary address length is 0.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4968
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 18 Mar 2002 00:45:11 +0000 (00:45 +0000)]
Skinny Client Control Protocol enhancements, from Paul E. Erkkila.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4967
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 18 Mar 2002 00:26:27 +0000 (00:26 +0000)]
Cisco LEAP support, from Adam Sulmicki.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4966
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 18 Mar 2002 00:20:18 +0000 (00:20 +0000)]
Add information about 64-bit integral field support.
Fix some items on the tvbuff accessors for integers.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4965
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Sun, 17 Mar 2002 12:16:11 +0000 (12:16 +0000)]
quota update partial NTGetUserQuota support
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4964
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Sun, 17 Mar 2002 11:59:36 +0000 (11:59 +0000)]
Partial dissection of NT Set User Quota data block
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4963
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Sun, 17 Mar 2002 11:24:16 +0000 (11:24 +0000)]
SMB Quota updates
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4962
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Sun, 17 Mar 2002 10:59:35 +0000 (10:59 +0000)]
Updates for NT QUOTA in packet-smb.c
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4961
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Sun, 17 Mar 2002 07:43:11 +0000 (07:43 +0000)]
Some minor bugfixes for netlogon
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4960
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 23:15:45 +0000 (23:15 +0000)]
From Aamer Akhter: LDP support for draft-martini-l2circuit-trans-mpls,
LDP status code updates, and small LDP cleanups.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4959
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 22:54:20 +0000 (22:54 +0000)]
Put an item into the protocol tree for the secondary address in a bind
ack PDU.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4958
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 22:39:45 +0000 (22:39 +0000)]
The service is just called "IPC"; the pipe is what's called "IPC$".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4957
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 22:35:51 +0000 (22:35 +0000)]
Whether the data returned from a read or sent in a write is DCERPC
traffic or not, that data doesn't include the padding; handle padding
if you're dissecting it as DCERPC traffic.
Don't treat the traffic as DCERPC traffic unless it's to the IPC$ share.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4956
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 22:02:55 +0000 (22:02 +0000)]
A double-click in a filter name in the list-of-filters dialog box should
activate the text widget into which the filter text is put only if
clicking "OK" in the list-of-filters dialog box does so. Make it so.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4955
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 22:01:27 +0000 (22:01 +0000)]
There is no guarantee that, when processing an SMB response, "si->sip"
is non-null, as there's no guarantee that the corresponding SMB request
is in the capture. Check whether it's null before using it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4954
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 20:22:14 +0000 (20:22 +0000)]
Update the developer documentation to reflect current reality (or a
subset thereof).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4953
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Sat, 16 Mar 2002 04:39:29 +0000 (04:39 +0000)]
A new type of DCERPC over SMB transport.
I have captures with w2k speaking DCERPC without using the normal
Transaction named pipes SMBs.
Instead DCERPC is just implemented ontop of ordinary read/write calls.
The smb dissector now examines TreeConnectAndX and stores the conversation/tid/type-of-share in a table for later access.
All SMB requests examine that hash table to find out if TID in the header refers
to a normal share or an IPC$ share.
Initial support in read/write SMB calls to detect if the operations are for an
IPC share and thus it assumes it must be DCERPC commands in the payload.
Desegmentation/Reassembly of these types of calls are not implemented yet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4952
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 02:25:48 +0000 (02:25 +0000)]
XDMCP support, from Pasi Eronen.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4951
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 16 Mar 2002 02:09:28 +0000 (02:09 +0000)]
Fix a couple of incorrect calls to "proto_tree_add_boolean()" to call
"proto_tree_add_item()" instead.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4950
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Fri, 15 Mar 2002 20:46:04 +0000 (20:46 +0000)]
Pretty up Policy Handles.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4949
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Fri, 15 Mar 2002 19:47:03 +0000 (19:47 +0000)]
Pretty up the SID dissector ...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4948
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Fri, 15 Mar 2002 08:59:53 +0000 (08:59 +0000)]
Moved the value_string for MS country codes from packet-dcerpc-nt.c to
packet-smb.c so that packet-smb-pipe.c can reference this struct as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4947
f5534014-38df-0310-8fa8-
9805f1628bb7
tpot [Fri, 15 Mar 2002 04:46:43 +0000 (04:46 +0000)]
Added error messages for invalid name and invalid form size.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4946
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 14 Mar 2002 21:24:40 +0000 (21:24 +0000)]
From Andrew Feren: put all of Cisco's OUIs into manuf.tmpl.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4945
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 14 Mar 2002 21:22:11 +0000 (21:22 +0000)]
From Andrew Feren: minor patch to correct what looks like a cut and
paste error in an error message. The wrong filename is being displayed
if manuf can't be opened for writing.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4944
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Thu, 14 Mar 2002 10:04:02 +0000 (10:04 +0000)]
Added a value_string for the countreis which have their MS contry code listed
at www.unicode.org and made samr and netlogon use it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4943
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Thu, 14 Mar 2002 09:19:17 +0000 (09:19 +0000)]
hf_netlogon_code did not have an hf_[] entry.
some cruft removed from LSA_SECURITY_DESCRIPTOR that is not used anymore since
we call the dissector in packet-smb.c
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4942
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 14 Mar 2002 05:46:59 +0000 (05:46 +0000)]
Fix a typo.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4941
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 14 Mar 2002 05:45:16 +0000 (05:45 +0000)]
Clean up the display of the top-level item for the NT ACE Flags, so that
there's a space after the colon, and so that there's no extra comma at the
end and only one space between the items.
Fix a typo.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4940
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 14 Mar 2002 05:41:59 +0000 (05:41 +0000)]
Boost the maximum amount of indentation put into text output.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4939
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Thu, 14 Mar 2002 04:32:35 +0000 (04:32 +0000)]
When defining the struct select_item, don't create an instance of that
struct, alsoc alled select_item, as it's not used.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4938
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Wed, 13 Mar 2002 11:19:16 +0000 (11:19 +0000)]
Make LSA_SECURITY_DESCRIPTOR dissector call dissect_nt_sec_desc()
instead of just displaying it as some hex string.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4937
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Wed, 13 Mar 2002 10:52:22 +0000 (10:52 +0000)]
Added mockups for LSA_SECRET and LSA_SECURITY_DESCRIPTOR inside
packet-dcerpc-netlocon.c so that SamDelta_reply packets will be dissected properly.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4936
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Wed, 13 Mar 2002 09:03:28 +0000 (09:03 +0000)]
Fixed bug in SAMDELTAS_request.
There is still a bug in the dissection of SAMDELTA_reply but this is due to
LSA_SECRET not being implemented yet which is embedded in one of the
netlogon structures.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4935
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Wed, 13 Mar 2002 07:38:34 +0000 (07:38 +0000)]
Update dissect_ndr_nt_STRING so it can also accept FT_BYTES and for that type
display the data as a hexadecimal string.
Update netlogon so that nt and lm challenge response bytes are displayed
in hexadecimal form and not pseudo-ascii
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4934
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 13 Mar 2002 02:52:21 +0000 (02:52 +0000)]
Give the "prevent/allow medium removal" command the right name (it's
"prevent/allow", not "prevent allow").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4933
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 12 Mar 2002 11:30:45 +0000 (11:30 +0000)]
From Dinesh Dutt: initial dissection of a variable-length CDB.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4932
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 12 Mar 2002 10:40:01 +0000 (10:40 +0000)]
Get rid of unnecessary includes.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4931
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 12 Mar 2002 10:37:04 +0000 (10:37 +0000)]
Get rid of the "--enable-snmp" option; instead, use "--with-ucdsnmp".
Make the directory option to "--with-ucdsnmp" optional. Handle
"--with-ucdsnmp" similar to the way "--with-pcap" is handled.
Get rid of unnecessary #defines in "packet-cops.c".
Get rid of no-longer-necessary include of "dlfcn.h" in "packet-snmp.c".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4930
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Tue, 12 Mar 2002 08:16:41 +0000 (08:16 +0000)]
Small fix for dissect_ndr_nt_UNICODE_STRING_str() in packet-dcerpc-nt.c
so that NETLOGON will not dump core (since netlogon has these structs as top
level reference pointers)
Addition of full netlogon dissection. Full in the sense as it assumes the idl
is correct and complete.
Many calls and fields are unknown so they get dissected with "unknown long,
contact ethereal-dev@... if you know what it is".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4929
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 11 Mar 2002 08:47:46 +0000 (08:47 +0000)]
From Adam Sulmicki: use "proto_tree_add_uint()" rather than
"proto_tree_add_boolean()" for the "hf_eapol_keydes_key_index_indexnum"
field, as it's an FT_UINT8, not an FT_BOOLEAN.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4928
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 11 Mar 2002 07:02:47 +0000 (07:02 +0000)]
In the message at the end that indicates how Ethereal was configured,
refer to "UCD SNMP" rather than just "SNMP".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4927
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 11 Mar 2002 02:12:41 +0000 (02:12 +0000)]
Update various README and INSTALL files to reflect the requirement for
UCD SNMP 4.2.2 or later if you want MIB-reading support.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4926
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 11 Mar 2002 01:51:37 +0000 (01:51 +0000)]
"format_var()" returns a "malloc()"ed string, not a "g_malloc()"ed
string; free it with "free()", not "g_free()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4925
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 11 Mar 2002 01:48:08 +0000 (01:48 +0000)]
If we're linking with the UCD SNMP library, make "format_oid()" append a
display of the symbolic form of the OID. Remove code that used to do
that outside of "format_oid()".
Export "format_oid()" from "packet-snmp.c" and use it in
"packet-cops.c".
Remove support for CMU SNMP and older versions of UCD SNMP from
"packet-cops.c", as it has been removed from the rest of Ethereal.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4924
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 11 Mar 2002 01:42:58 +0000 (01:42 +0000)]
Put "extern" in front of the function declaration.
Update Gerald's e-mail address.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4923
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 11 Mar 2002 01:40:28 +0000 (01:40 +0000)]
The "val_len" member of a "struct variable_list" should be set to the
length of the variable's value, in bytes, not the length of the BER
encoding of that variable's value. The latter setting means it won't be
correct for object IDs.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4922
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Mon, 11 Mar 2002 00:28:21 +0000 (00:28 +0000)]
Final patch in preparing for NETLOGON dissector.
Exported some functions from packet-dcerpc-samr.c and added two
more functions the netlogon dissector will need.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4921
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Mon, 11 Mar 2002 00:15:20 +0000 (00:15 +0000)]
Move the STRING dissector to packet-dcerpc-nt.c and add one more parameter
to make it more similar to the UNICODE_STRING dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4920
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Mon, 11 Mar 2002 00:00:15 +0000 (00:00 +0000)]
Rename samr_dissect_LOGON_HOURS() to dissect_ndr_nt_LOGON_HOURS() and
export it to other modules.
NETLOGON dissector (and others) will need this function.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4919
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Sun, 10 Mar 2002 23:24:48 +0000 (23:24 +0000)]
Moved dissect_ndr_nt_NTTIME() from packet-dcerpc-samr.c to packet-dcerpc-nt.c
since this function will be used by other NT services as well such as NETLOGON.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4918
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 10 Mar 2002 23:19:44 +0000 (23:19 +0000)]
Remove code to show the presence, and version number, of the CMU SNMP
library, as we no longer support linking with that library.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4917
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 10 Mar 2002 23:17:00 +0000 (23:17 +0000)]
Use "ds_set_int()", not "snmp_set_suffix_only()", to set the "print
suffixes only" setting.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4916
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Sun, 10 Mar 2002 23:13:04 +0000 (23:13 +0000)]
Absolute and Relative times were swapped. Also add comment that there seems
to be an unknown special time constant : 0x40000000
00000000 that we dont know
yet what it means.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4915
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 10 Mar 2002 22:18:12 +0000 (22:18 +0000)]
Use the "sprint_realloc_" routines in UCD SNMP 4.2.2 and later, rather
than the "sprint_" routines in UCD and CMU SNMP; the latter routines
have no bounds checking, and if you use them you cannot protect against
buffer overflows.
As we now require UCD SNMP 4.2.2 or later:
1) we no longer need code to support CMU SNMP;
2) we no longer need code to work around problems with UCD SNMP
4.1.1;
and, as we no longer use the "sprint_" routines, we no longer need code
to work around the changed API and ABI of those routines in some
nonstandard versions of the UCD SNMP library.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4914
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 10 Mar 2002 22:04:25 +0000 (22:04 +0000)]
Don't use "proto_tree_add_string_format()" when
"proto_tree_add_string()" will suffice.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4913
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 10 Mar 2002 21:30:11 +0000 (21:30 +0000)]
Use "dissect_ndr_nt_UNICODE_STRING_str()", not
"dissect_ndr_nt_UNICODE_STRING_string()", in
"samr_dissect_connect2_server()"; that eliminates an unnecessary extra
level of protocol tree.
That removes the last call to "dissect_ndr_nt_UNICODE_STRING_string()";
eliminate that routine.
In "dissect_ndr_nt_UNICODE_STRING()", initially create the subtree with
the name of the field as a string, so that if an exception is thrown
before the name is set, the subtree won't show up as blank when
displayed or printed. Also pass in the name to "dissect_ndr_pointer()",
so the same happens for subtrees below it. Append only the string data,
not its name, to items up the tree, as the name was put in when the item
was created. Also, when adding a colon before the string, put a space
after the colon, as is done elsewhere in Ethereal.
When appending additional strings, put the blank before the new string,
not after it.
In "dissect_ndr_nt_STRING()", put the subtree into the string with the
name of the field, rather than just "String". Pass in that name to
"dissect_ndr_pointer()", so subtrees below it get a name when they're
initially created.
Get rid of colons in the name string passed to "dissect_ndr_pointer()"
in some calls. Supply a non-null name string in more calls to
"dissect_ndr_pointer()", and fix some calls to pass in the name of the
field being handed to "dissect_ndr_pointer()".
There's no need to fetch the entire "header_field_info" structure for a
protocol field in order to get the field's name - just use
"proto_registrar_get_name()" to get the name.
Use a length of -1, not 0, when creating a subtree whose length will be
set when the dissection of the items under the subtree is complete; that
way, if an exception is thrown while dissecting the items - which means
the item goes past the end of the tvbuff - the item will refer to all
data to the end of the tvbuff, rather than referring to nothing.
Fix a typo in the name of the "hf_samr_unknown_string" field.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4912
f5534014-38df-0310-8fa8-
9805f1628bb7