Hi List, Hi Tim
Attached is a semilarge patch which improves SAMR.
Note that the SAMR parts are still almost completely untested, but
my tree started to diverge too much.
Please send SAMR captures and patches to me.
Please apply so I can resync with the cvs tree...
The patch changes the way NDR pointers are handled slightly, now one can
also
supply a hf_index field with the pointer so handcrafted structure dissectors
can pick it up
from pinfo->private_data->hf_index .
See the unicode_string dissector on an example of this.
It adds support for 64bit integers, but I am unsure if the ifstatement
controlling when
to byteswap the data is correct or not. It may well need to be negated. We
will see when someone complains.
The patch also makes each pointer (to structure) be evaluated twice,
once with conformant_run==1 and once with conformant_run==0.
This is to make the dissection of non-fixed arrays work properly.
Currently only unidimensional conformant and unidimensional conformant and
varying arrays are implemented.
This is however completely transparent to the dissector in say samr and only
visible in packet-dcerpc.c
However, it means that subdissectors can only call dissect_ndr_xxx
functions, or other handcrafted functions which are aware
of when to dissect scalars and when not to.
See dissect_ndr_ucarray()m dissect_ndr_ucvarray() and
dissect_deferred_pointers() for examples on how this interaction
works.
This makes the implementation of both pointers and arrays for structures and
such VERY VERY easy to code in the
actual subdissectors such as samr.c
The rest of the patch is (mostly untested) code to implement approx 75% of
the SAMR.IDL file in packet-dcerpc-samr.c
I expect there to be some bugs in the code, but not too many.
However, before implementing the remaining 25% (which mainly are 4 calls
which takes USER_INFO as a parameter) I
would like some capture files.
The USER_INFO struct contains some constructs I am not sure I know how they
are encoded in NDR.
Tim, please look at packet-dcerpc-samr.c and pick one random subdissector,
then look at what the request/response
disswectors looks like.
All nasty pointer and array-headers handling is now hidden in dcerpc.c and
samr.c (or any other nt serrvice for that matter)
need not bother a bit with it.
The mapping between the idl-file and the ethereal dissector is close to what
a 15min hacked sed/awk script would be capable
of producing. No intellligence, no understanding of rules, no complexity,
all the magic happens in packet-dcerpc.c .
There are some cruft in the beginning of the file, disregard from this,
these are functions which should be made generic and would
be used by all NT service dissectors.
best regards
ronnie sahlberg
Attachment:
dcerpc.patch
Description: Binary data