Hi list, hi guys.
Attached is a patch for dcerpc.
It extends the existing feature where responses are matched to requests (and
fixes a bug in it)
so one can match requests->responses as well.
It also restructures the stored value structures slightly to make this work.
As an example of the usefulness it adds "Request In" "Response In" display
filters.
Note that it does not work (match things) for dg transports but is anyone
using that today?
Well it would be easy to fix for whoever needs it.
This functionality is needed later by the dcerpc_ndr_pointer() dissector.
Tim, with a generic request-response matching feature inside the dcerpc
layer perhaps I could ask you
to consider removing the request-response hashing from spoolss and use what
data you get from the dcerpc layer instead?
It reduces the code and complexity quite a lot for spoolss.
Also, for you, and others when they produce dissectors, i have supplied is a
pointer variable you can use to store data between requests and responses.
The request_in response_in displayfilters in spoolss could also then be
removed.
pinfo->private_data will now be a pointer to dcerpc_info structure when your
dissector(s) are called.
pinfo->private_data->call_value->private_data is set to NULL for the
request packet before the subdissector is called and
is retained between requests and responses.
If you need to maintain state between a request and its matching response,
just use the pinfo->private_data->call_value->private_data
(remember though to check it for NULL a response with no matching request
will have this pointer initialized to NULL)
Attachment:
dcerpc.patch
Description: Binary data