Ethereal-dev: Re: [Ethereal-dev] ntlmssp decoding

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
Date: Sun, 7 Jul 2002 10:16:02 +1000
Hi
looks very good.

One thing.
Where you use :   if (ntlmssp_tree) {   in
dissect_dcerpc_ntlmssp_negotiate_flags()
currently this if statement encapsulates everything, including the
proto_tree_add_boolean() calls.
Change this so the if statement only encaspulates the tf= and
negotiate_flags_tree=  statements
and leave the proto_tree_add_boolean()s outside the if statement.

If you dont do this, display filters searching for specific flag values will
not work.

(The if statement is only a microoptimization to get rid of one
proto_tree_add_xxx() and one
proto_item_add_subtree() for the cases when we dont need a tree since we
only decode the packet
in order to match it with a display filter)

For the same reason, getting displayfilters to work, you should get rid of
the other if(ntlmssp_tree) ifstatements
and get it to do the proto_tree_add_item() for workstation/domain
unconditionally.





----- Original Message -----
From: "Devin Heitmueller"
Sent: Sunday, July 07, 2002 9:27 AM
Subject: Re: [Ethereal-dev] ntlmssp decoding


> Ok, here is where I am now.
>
> Made all the changes that were recommended, I think.  I have not yet
> broken it into a separate dissector.  That is next on my list.  In the
> meantime, please review the revised patch.
>
> * Changed all comments to /* */ notation
> * Reversed order of boolean dissection
> * Broke flags field dissection into it's own function
> * NTLMSSP code now only runs if auth_type is 10, and the DCE/RPC request
> type is BIND or BIND act.  This is because the auth_type is set for all
> subsequent packets in the stream regardless of the presence of the
> NTLMSSP payload.  If anyone know of something better to key off of, let
> me know.
> * Added checks for proto_tree before calling proto_tree_add_xxx
> * Properly decode strings
> * Additional dissection of workstation name, domain name
> * Separated NTLMSSP into it's own subtree
> * Lots of cleanup
>
> Still a work in progress, but getting closer....
>
> Thanks to everyone who has offered feedback,
>
> Devin
>
> --
> Devin Heitmueller
> Senior Software Engineer
> Netilla Networks Inc
>