Hi list.
I just checked in a small update to SMB by mistake.
I think it works but do not have enought captures to verify it as much as i
would want to.
The change to SMB is in handling of the sip structure for request packets
where we have not seen any
reply. Before, ethereal would not dissect these packets properly since it
would only try to read the sip
structure from the matched table and we didnt insert the sip into the
matched table until we had seen
the actual reply.
I changed SMB request/response matching so that we insert the sip into the
matched table as soon as we
see the request instead of when we see the reply.
I do not know the impact this might have or if any subdissectors assumes
that a valid sip structure is proof
we have the reply as well.
If anyone sees anything weird in the SMB request/response matching, please
let me know immediately so I
can back out the change.
best regards
ronnie sahlberg