Ethereal-dev: [Ethereal-dev] Re: Ethereal-dev Digest, Vol 5, Issue 86

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ulf Lamping" <ulf.lamping@xxxxxx>
Date: Tue, 23 Sep 2003 18:46:01 +0200
ethereal-dev@xxxxxxxxxxxx schrieb am 23.09.03 15:34:07:
> 
> Send Ethereal-dev mailing list submissions to
> 	ethereal-dev@xxxxxxxxxxxx
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://www.ethereal.com/mailman/listinfo/ethereal-dev
> or, via email, send a message with subject or body 'help' to
> 	ethereal-dev-request@xxxxxxxxxxxx
> 
> You can reach the person managing the list at
> 	ethereal-dev-owner@xxxxxxxxxxxx
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Ethereal-dev digest..."
> 
> 
> Today's Topics:
> 
>    1. Plugin API -H225,H245 functions (Tomas Kukosa)
>    2. Re: Conversations list - IPX filter not set correctly.
>       (Ronnie Sahlberg)
>    3. Re: Partial patch to packet-dcerpc-remact.c - call	for
>       assistance (Todd Sabin)
>    4. 'ethereal' build target fails? (Todd Sabin)
>    5. Patch to packet-dcerpc-oxid.c (Yaniv Kaul)
>    6. First cut at H.450 dissector (Graeme Reid)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 23 Sep 2003 14:47:30 +0200
> From: Tomas Kukosa <tomas.kukosa@xxxxxxxxxxx>
> Subject: [Ethereal-dev] Plugin API -H225,H245 functions
> To: "Ethereal-dev@xxxxxxxxxxxx" <Ethereal-dev@xxxxxxxxxxxx>
> Message-ID: <3F7040E2.D8475FA6@xxxxxxxxxxx>
> Content-Type: text/plain; charset=iso-8859-2
> 
> Hi,
>   I add two functions (dissect_h225_TransportAddress(),
> dissect_h245_NonStandardParameter()) into the plugin API some weeks ago.
> But it seems that it was not good idea. I would like to remove them from
> the plugin API.
>   Does anybody need them in the plugin API?
> 
> Regards,
>   Tom
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Tue, 23 Sep 2003 23:26:59 +1000
> From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
> Subject: Re: [Ethereal-dev] Conversations list - IPX filter not set
> 	correctly.
> To: "Guy Harris" <guy@xxxxxxxxxxxx>,	"Greg Morris"
> 	<gmorris@xxxxxxxxxx>
> Cc: ethereal-dev@xxxxxxxxxxxx
> Message-ID: <004501c381d6$5de8fb00$6501010a@C5043436>
> Content-Type: text/plain;	charset="iso-8859-1"
> 
> From: "Guy Harris"
> >On Sep 18, 2003, at 10:55 AM, Greg Morris wrote:
> >> The filter is created as
> >>
> >> ipx.node==043432.000000000001.
> >>
> >> This is invalid s/b
> >>
> >> ipx.net==043432 AND ipx.node==00:00:00:00:00:01
> >
> >Unfortunately, that breaks the current assumption in the conversations
> >list code that the filter for a given address is of the form "{field}
> >== {value}", i.e. that for all protocols there's a single field
> >corresponding to the address.
> >
> >I see a couple of ways of fixing this:
> >
> >1) make that assumption true, by adding a possibly-hidden field -
> >which would either have to be an FT_BYTES field or a new FT_IPXADDR (or
> >FT_IPX) type;
> >
> >2) have per-address-type routines (or a single routine that takes an
> >"address" structure as an argument) that return a filter of the
> >appropriate type, and have the conversations list code call it.
> 
> I would go for 1,  but I would make it FT_STRING
> Add three new hf-fields  which are of type FT_STRING  :  ipx.src_addr
> ipx.dst_addr   ipx.addr
> and just use these instead from the conversation thing.
> 
> These three fields should be hidden and not show up in the tree pane  since
> they dont provide any new information that isnt there
> already and would basically just be redundant.
> However,  they would be used in filters created from the Conversation List
> (and the new Endpoint List) dialogues
> so users which filter on these ipx things alot would learn that they do
> exist by looking at what happens when you create filters
> from the Conversation List dialogue.
> 
> (is there anyone still filtering out conversations manually instead of using
> CL to create the filters for them?.
> It is quite useful.
> For TCP, it even shows you the ports that are used.)
> 
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Mon, 22 Sep 2003 23:20:46 -0400
> From: Todd Sabin <tsabin@xxxxxxxxxxxxx>
> Subject: Re: [Ethereal-dev] Partial patch to packet-dcerpc-remact.c -
> 	call	for assistance
> To: Yaniv Kaul <ykaul@xxxxxxxxxxxx>
> Cc: ethereal-dev <ethereal-dev@xxxxxxxxxxxx>
> Message-ID: <m3zngw2nsh.fsf@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii
> 
> Yaniv Kaul <ykaul@xxxxxxxxxxxx> writes:
> 
> > <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> > <html>
> > <head>
> 
> Please don't send html email.  (That may be why no one else has
> replied to you, yet.)
> 
> > With all the noise around DCOM over
> > DCE-RPC, no one bothered to dissect it properly.
> > I've began adding proper dissection to it.
> > However, due to lack of time, lack of GOOD (read: not exploits) traffic
> > captures, and lack of normal documentation of this protocol, I'm unable
> > to complete the dissector properly.
> > I'll be happy if someone can pick it up and finish it or help me a bit.
> > Once this is done, it'll be trivial to do SystemActivator over DCE-RPC.
> 
> Actually, Ulf Lamping did quite a lot of work on DCOM (including the
> REMACT interface) over a year ago, but it has yet to make in into
> ethereal.  That's most likely my fault, as I asked him to break his
> work up into several patches, and then had no time to look at them.
> (Sorry, Ulf!)
> 
> > Attached please find my uncomplete patch. (Do NOT check in). Pay
> > attention to the FIXME notes in it.
> 
> Haven't looked at it, yet, but I'll try to go over that and Ulf's
> older stuff in the near future.  Of course, I may find that I don't
> have the time again, in which case I'd suggest that Guy (or someone)
> just apply Ulf's stuff as it stands (though the patch is probably
> stale by now).
> 
> -- 
> Todd Sabin                                          <tsabin@xxxxxxxxxxxxx>
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Mon, 22 Sep 2003 23:25:40 -0400
> From: Todd Sabin <tsabin@xxxxxxxxxxxxx>
> Subject: [Ethereal-dev] 'ethereal' build target fails?
> To: ethereal-dev@xxxxxxxxxxxx
> Message-ID: <m3u1742nkb.fsf@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii
> 
> 
> I just did the following:
> 
> (check out cvs head into a new directory)
> $ ./autogen.sh
> $ ./configure
> $ make -k ethereal
> 
> The build failed in a couple ways.  x11-declarations.h was missing,
> and a bunch of plugin stuff wasn't there.  Excerpts:
> [...]
> gcc -DHAVE_CONFIG_H -I. -I. -I.  -I. -I./wiretap -I/usr/include/rpm -DINET6 -O2 -march=i386 -mcpu=i686 -g -Dlinux -I/usr/include/rpm -I. -I/usr/include/net-snmp  -DINET6 -D_U_="__attribute__((unused))" -Wall -W -g -O2 -I/usr/local/include -I/usr/include/gtk-1.2 -I/usr/include/glib-1.2 -I/usr/lib/glib/include -I/usr/X11R6/include -I/usr/include/rpm -DINET6 -O2 -march=i386 -mcpu=i686 -g -Dlinux -I/usr/include/rpm -I. -I/usr/include/net-snmp -c `test -f 'packet-x11.c' || echo './'`packet-x11.c
> packet-x11.c:74:30: x11-declarations.h: No such file or directory
> packet-x11.c: In function `colorFlags':
> packet-x11.c:798: `hf_x11_coloritem_flags' undeclared (first use in this function)
> packet-x11.c:798: (Each undeclared identifier is reported only once
> packet-x11.c:798: for each function it appears in.)
> packet-x11.c:802: `hf_x11_coloritem_flags_do_red' undeclared (first use in this function)
> packet-x11.c:805: `hf_x11_coloritem_flags_do_green' undeclared (first use in this function)
> [lots more errors like this]
> [...]
> gcc -DHAVE_CONFIG_H -I. -I. -I.  -I. -I./wiretap -I/usr/include/rpm -DINET6 -O2 -march=i386 -mcpu=i686 -g -Dlinux -I/usr/include/rpm -I. -I/usr/include/net-snmp  -DINET6 -D_U_="__attribute__((unused))" -Wall -W -g -O2 -I/usr/local/include -I/usr/include/gtk-1.2 -I/usr/include/glib-1.2 -I/usr/lib/glib/include -I/usr/X11R6/include -I/usr/include/rpm -DINET6 -O2 -march=i386 -mcpu=i686 -g -Dlinux -I/usr/include/rpm -I. -I/usr/include/net-snmp -c `test -f 'summary.c' || echo './'`summary.c
> make: *** No rule to make target `wiretap/libwiretap.a', needed by `ethereal'.
> make: *** No rule to make target `gtk/libui.a', needed by `ethereal'.
> make: *** No rule to make target `epan/libethereal.a', needed by `ethereal'.
> make: *** No rule to make target `epan/ftypes/libftypes.a', needed by `ethereal'.
> make: *** No rule to make target `epan/dfilter/libdfilter.a', needed by `ethereal'.
> make: *** No rule to make target `plugins/artnet/artnet.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/docsis/docsis.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/giop/cosnaming.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/giop/coseventcomm.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/gryphon/gryphon.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/lwres/lwres.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/megaco/megaco.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/mgcp/mgcp.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/pcli/pcli.la', needed by `ethereal'.
> make: *** No rule to make target `plugins/rtnet/rtnet.la', needed by `ethereal'.
> make: Target `ethereal' not remade because of errors.
> 
> 
> Shouldn't "make ethereal" work?  "make all" worked fine.
> 
> I'm on RH9.
> 
> -- 
> Todd Sabin                                          <tsabin@xxxxxxxxxxxxx>
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Tue, 23 Sep 2003 13:45:11 +0200
> From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>
> Subject: [Ethereal-dev] Patch to packet-dcerpc-oxid.c
> To: ethereal-dev <ethereal-dev@xxxxxxxxxxxx>
> Message-ID: <3F703247.2090806@xxxxxxxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
> 
> This patch adds the almost full dissection of OXID operation #5.
> 
> 1. I don't know what operation it is, exactly (hence '#5'...).
> 2. I've got two 8 bytes arrays which I'm not sure of their functionality.
> 
> Otherwise, the packet is fully dissected.
> 
> In addition, I've added packet-dcerpc-dcom.h which contains all DCOM related structures. I believe it is useful to have it in a 
> seperate h file, as I intend to try and dissect other DCOM packets, contains same structures.
> 
> Diff is against 0.9.14.
> 
> Comments are welcome, any help to finish this will be appreciated.
> Y.
> -------------- next part --------------
> --- packet-dcerpc-oxid.c	Sat Jun 28 19:07:59 2003
> +++ ../ethereal/packet-dcerpc-oxid.c	Tue Sep 23 13:05:23 2003
> @@ -32,21 +32,205 @@
>  #include <glib.h>
>  #include <epan/packet.h>
>  #include "packet-dcerpc.h"
> +#include "packet-dcerpc-dcom.h"
> +#include "packet-smb-common.h"
>  
>  static int proto_oxid = -1;
>  
>  static int hf_opnum = -1;
> +static int hf_COMVERSION_MjrVer = -1;
> +static int hf_COMVERSION_MnrVer = -1;
> +static int hf_wNumEntries = -1;
> +static int hf_wSecurityOffset = -1;
> +static int hf_wTowerId = -1;
> +static int hf_aNetworkAddr = -1;
> +static int hf_wAuthnSvc = -1;
> +static int hf_wAuthzSvc = -1;
> +static int hf_aPrinceName = -1;
> +static int hf_Unknown1 = -1;
> +static int hf_Unknown2 = -1;
>  
>  static gint ett_oxid = -1;
>  
>  static e_uuid_t uuid_oxid = { 0x99fcfec4, 0x5260, 0x101b, { 0xbb, 0xcb, 0x00, 0xaa, 0x00, 0x21, 0x34, 0x7a } };
>  static guint16  ver_oxid = 0;
>  
> +static const char *
> +authz_val2str(unsigned short authz) {
> +	switch (authz) {
> +		case 0:
> +			return "RPC_C_AUTHZ_NONE";
> +			break;
> +		case 1:
> +			return "RPC_C_AUTHZ_NAME";
> +			break;
> +		case 2:
> +			return "RPC_C_AUTHZ_DCE";
> +			break;
> +		case 0xffff: 
> +			return "Default";
> +			break;
> +		default: 
> +			return "Unknown";
> +			break;
> +	}
> +}
> +
> +static const char *
> +authn_val2str(unsigned short authn) {
> +	switch (authn) {
> +		case 0:
> +			return "RPC_C_AUTHN_NONE";
> +			break;
> +		case 1:
> +			return "RPC_C_AUTHN_DCE_PRIVATE";
> +			break;
> +		case 2: 
> +			return "RPC_C_AUTHN_DCE_PUBLIC";
> +			break;
> +		case 4: 
> +			return "RPC_C_AUTHN_DEC_PUBLIC";
> +			break;
> +		case 9: 
> +			return "RPC_C_AUTHN_GSS_NEGOTIATE";
> +			break;
> +		case 10:
> +			return "RPC_C_AUTH_WINNT";
> +			break;
> +		case 14:
> +			return "RPC_C_AUTHN_GSS_SCHANNEL";
> +			break;
> +		case 16: 
> +			return "RPC_C_AUTHN_GSS_KERBEROS";
> +			break;
> +		case 17: 
> +			return "RPC_C_AUTHN_MSN";
> +			break;
> +		case 18:
> +			return "RPC_C_AUTHN_DPA";
> +			break;
> +		case 100:
> +			return "RPC_C_AUTHN_MQ";
> +			break;
> +		case 0xffff:
> +			return "RPC_C_AUTHN_DEFAULT";
> +			break;
> +		default:
> +			return "Unknown";
> +			break;
> +	}
> +}
> +
> +static const char *
> +towerid_val2str(unsigned short tower) {
> +	switch (tower) {
> +		case 0x4:
> +			return "NCACN_DNET_NSP";
> +			break;
> +		case 0x7: 
> +			return "NCACN_IP_TCP";
> +			break;
> +		case 0x8:
> +			return "NCADG_IP_UDP";
> +			break;
> +		case 0xC:
> +			return "NCACN_SPX";
> +			break;
> +
> +		case 0xD:
> +			return "NCACN_NB_IPX";
> +			break;
> +		case 0xE:
> +			return "NCADG_IPX";
> +			break;
> +		case 0x12: 
> +			return "NCACN_NB_NB";
> +			break;
> +		case 0x1F:
> +			return "NCACN_HTTP";
> +			break;
> +		default:
> +			return "Unknown";
> +			break;
> +	}
> +}
> +
> +static int
> +oxid5_dissect_rply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *drep) {
> +	COMVERSION comver;
> +	DUALSTRINGARRAY stringarray;
> +	STRINGBINDING stringbind;
> +	SECURITYBINDING securitybind;
> + 	proto_item *bind_hdr, *entries_hdr, *sec_hdr;
> +	proto_tree *bind_tree, *entries_tree, *sec_tree;	
> +	char *aNetworkAddr = NULL;
> +	char *aPrinceName = NULL;
> +	unsigned short string_len = 0;
> +	unsigned short security_len = 0;
> +	unsigned char unknown1[8];
> +	unsigned char unknown2[8];
> +
> +	dissect_dcerpc_uint16(tvb, offset, pinfo, tree, drep, hf_COMVERSION_MjrVer, &comver.MajorVersion);
> +	offset += sizeof(comver.MajorVersion);
> +
> +	dissect_dcerpc_uint16(tvb, offset, pinfo, tree, drep, hf_COMVERSION_MnrVer, &comver.MinorVersion);
> +	offset += sizeof(comver.MinorVersion);
> +
> +	dissect_dcerpc_uint64(tvb , offset, pinfo, tree, drep, hf_Unknown1, unknown1);
> +
> +	offset += sizeof(unknown1); /*FIXME - understand what those 8 bytes mean! don't skip'em!*/
> +	string_len = dcerpc_tvb_get_ntohs(tvb, offset, drep) * 2;
> +	bind_hdr = proto_tree_add_text(tree, tvb, offset, (int)string_len, "DUALSTRINGARRAY structure");
> +	bind_tree = proto_item_add_subtree(bind_hdr, 0);
> +
> +	dissect_dcerpc_uint16(tvb, offset, pinfo, bind_tree, drep, hf_wNumEntries, &stringarray.wNumEntries);
> +	offset += sizeof(stringarray.wNumEntries);
> +
> +	security_len = dcerpc_tvb_get_ntohs(tvb, offset, drep) * 2;
> +	dissect_dcerpc_uint16(tvb, offset, pinfo, bind_tree, drep, hf_wSecurityOffset, &stringarray.wSecurityOffset);
> +        offset += sizeof(stringarray.wSecurityOffset);
> +
> +	entries_hdr = proto_tree_add_text(bind_tree, tvb, offset, (int)security_len, "STRING BINDING");
> +	entries_tree = proto_item_add_subtree(entries_hdr, 0);
> +
> +	while(tvb_get_ntohs(tvb, offset) != 0) { // check that this is not terminating zero
> +		
> +		stringbind.wTowerId = dcerpc_tvb_get_ntohs(tvb, offset, drep);
> +		proto_tree_add_text(entries_tree, tvb, offset, sizeof(stringbind.wTowerId), "Network Protocol ('TowerID'): %s (0x%x)",towerid_val2str(stringbind.wTowerId), stringbind.wTowerId);
> +
> +		offset += sizeof(stringbind.wTowerId);
> +
> +		offset = display_unicode_string(tvb, entries_tree, offset, hf_aNetworkAddr, &aNetworkAddr);	
> +	}	
> +	offset += 2; // hop over the extra terminating zero
> +	
> +	sec_hdr = proto_tree_add_text(bind_tree, tvb, offset, 0, "SECURITY BINDING");
> +        sec_tree = proto_item_add_subtree(sec_hdr, 0);
> +
> +	while(tvb_get_ntohs(tvb, offset) != 0) {
> +		securitybind.wAuthnSvc = dcerpc_tvb_get_ntohs(tvb, offset, drep);
> +                proto_tree_add_text(sec_tree, tvb, offset, sizeof(securitybind.wAuthnSvc), "Authentication Service: %s (0x%x)",authn_val2str(securitybind.wAuthnSvc),securitybind.wAuthnSvc);
> +		offset += sizeof(securitybind.wAuthnSvc);
> +
> +		securitybind.wAuthzSvc = dcerpc_tvb_get_ntohs(tvb, offset, drep);
> +		proto_tree_add_text(sec_tree, tvb, offset, sizeof(securitybind.wAuthzSvc), "Authorization Service: %s (0x%x)",authz_val2str(securitybind.wAuthzSvc),securitybind.wAuthzSvc);
> +		offset += sizeof(securitybind.wAuthzSvc);
> +
> +		offset = display_unicode_string(tvb, sec_tree, offset, hf_aPrinceName, &aPrinceName);
> +	}
> +	offset += 2; // hop over the extra terminating zero
> +	
> +	dissect_dcerpc_uint64(tvb, offset, pinfo, tree, drep, hf_Unknown2, unknown2);
> +	offset += sizeof(unknown2);
> +        return offset;
> +}
> +
>  static dcerpc_sub_dissector oxid_dissectors[] = {
>      { 0, "ResolveOxid", NULL, NULL },
>      { 1, "SimplePing", NULL, NULL },
>      { 2, "ComplexPing", NULL, NULL },
>      { 3, "ServerAlive", NULL, NULL },
> +    { 5, "Oxid Operation #5", NULL, oxid5_dissect_rply },
>      { 0, NULL, NULL, NULL },
>  };
>  
> @@ -57,8 +241,29 @@
>  		{ &hf_opnum,
>  		  { "Operation", "oxid.opnum", FT_UINT16, BASE_DEC,
>  		    NULL, 0x0, "", HFILL }},
> +                { &hf_COMVERSION_MjrVer,
> +                  { "COM Major Version", "oxid5.com_mjr_ver", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
> +                { &hf_COMVERSION_MnrVer,
> +                  { "COM Minor Version", "oxid5.com_mnr_ver", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
> +		{ &hf_wNumEntries,
> +		  { "Total Entries length (in 16 bytes blocks)", "oxid5.NumEntries", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
> +		{ &hf_wSecurityOffset,
> +		  { "Offset of Security Binding (in 16 bytes blocks)", "oxid5.SecurityOffset", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
> +		{ &hf_wTowerId,
> +		  { "Network Protocol ('TowerID')", "oxid5.wTowerId", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
> +		{ &hf_aNetworkAddr,
> +		  { "Network Address ('aNetworkAddr')", "oxid5.aNetworkAddr", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
> +		                { &hf_wAuthnSvc,
> +                  { "Authentication Service", "oxid5.AuthnSvc", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
> +                { &hf_wAuthzSvc,
> +                  { "Autherization Service", "oxid5.AuthzSvc", FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
> +		{ &hf_aPrinceName,
> +                  { "aPrinceName", "oxid5.aPrinceName", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
> +		{ &hf_Unknown1,
> +		  { "unknown 8 bytes 1", "oxid5.unknown1", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
> +		{ &hf_Unknown2,
> +                  { "unknown 8 bytes 2", "oxid5.unknown2", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
>  	};
> -
>  	static gint *ett[] = {
>  		&ett_oxid
>  	};
> -------------- next part --------------
> typedef struct tagCOMVERSION
>     {
>         guint16 MajorVersion;
>         guint16 MinorVersion;
>     } COMVERSION;
> 
> typedef struct tagORPC_EXTENT
>     {
>         e_uuid_t id;
>         guint32 size;
> /*        guint8 data[];  */
>     } ORPC_EXTENT;
> 
> typedef struct tagORPC_EXTENT_ARRAY
>     {
>         guint32 size;
>         guint32 reserved;
>         ORPC_EXTENT **extent;
>     } ORPC_EXTENT_ARRAY;
> 
> typedef struct tagORPCTHIS {
>     COMVERSION version;
>     guint32 flags;
>     guint32 reserved1;
>     e_uuid_t  cid;
>     ORPC_EXTENT_ARRAY *extensions;
>  } ORPCTHIS;
> 
> typedef struct tagMInterfacePointer {
>     guint32 ulCntData;
> /*  guint8 abData[];  */
>  } MInterfacePointer,  *PMInterfacePointer;
> 
> typedef struct tagORPCTHAT {
>     guint32 flags;
>     ORPC_EXTENT_ARRAY *extensions;
>  } ORPCTHAT;
> 
> typedef struct tagSTRINGBINDING {
>     unsigned short wTowerId;     // Cannot be zero.
>     unsigned short aNetworkAddr; // Zero terminated.
>  } STRINGBINDING;
> 
> typedef struct tagSECURITYBINDING {
>     unsigned short wAuthnSvc;  // Cannot be zero.
>     unsigned short wAuthzSvc;  // Must not be zero.
>     unsigned short aPrincName; // Zero terminated.
>  }  SECURITYBINDING;
> 
> typedef struct tagDUALSTRINGARRAY {
>     unsigned short wNumEntries;     // Number of entries in array.
>     unsigned short wSecurityOffset; // Offset of security info.
> /*  [size_is(wNumEntries)] unsigned short aStringArray[]; */
>     } DUALSTRINGARRAY;
> 
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Tue, 23 Sep 2003 19:58:31 +0800
> From: "Graeme Reid" <graeme.reid@xxxxxxxxxxxxxxxxxx>
> Subject: [Ethereal-dev] First cut at H.450 dissector
> To: <ethereal-dev@xxxxxxxxxxxx>
> Message-ID:
> 	<D11BDF81F6E9B54B95EDC469EA820A37433CF5@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
> 
> Skipped content of type multipart/alternative-------------- next part --------------
> A non-text attachment was scrubbed...
> Name: packet-h450.c
> Type: application/octet-stream
> Size: 44401 bytes
> Desc: packet-h450.c
> Url : /pipermail/attachments/20030923/e8336dc6/packet-h450.obj
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: Makefile.nmake.diff
> Type: application/octet-stream
> Size: 303 bytes
> Desc: Makefile.nmake.diff
> Url : /pipermail/attachments/20030923/e8336dc6/Makefile.nmake.obj
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: packet-h225.h.diff
> Type: application/octet-stream
> Size: 585 bytes
> Desc: packet-h225.h.diff
> Url : /pipermail/attachments/20030923/e8336dc6/packet-h225.h.obj
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: packet-h225.c.diff
> Type: application/octet-stream
> Size: 3674 bytes
> Desc: packet-h225.c.diff
> Url : /pipermail/attachments/20030923/e8336dc6/packet-h225.c.obj
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: packet-per.c.diff
> Type: application/octet-stream
> Size: 1005 bytes
> Desc: packet-per.c.diff
> Url : /pipermail/attachments/20030923/e8336dc6/packet-per.c.obj
> 
> ------------------------------
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
> 
> 
> End of Ethereal-dev Digest, Vol 5, Issue 86
> *******************************************


______________________________________________________________________________
Zwei Mal Platz 1 mit dem jeweils besten Testergebnis! WEB.DE FreeMail
und WEB.DE Club bei Stiftung Warentest! http://f.web.de/?mc=021183