Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 6450] New: updates to the DCE/RPC dissector

Wireshark-bugs: [Wireshark-bugs] [Bug 6450] New: updates to the DCE/RPC dissector

Date: Mon, 10 Oct 2011 17:54:44 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6450

           Summary: updates to the DCE/RPC dissector
           Product: Wireshark
           Version: 1.7.x (Experimental)
          Platform: Other
        OS/Version: Windows 7
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: doj@xxxxxxxxx


Created an attachment (id=7206)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7206)
updates to the DCE/RPC dissector

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
this patch contains several updates to the DCE/RPC dissector:

- changed the variable name "ndr64_uuid" to "uuid_ndr64" to make it similar the
the other UUID variable names. Minor changes to the UUID names.

- changes the UUID name for the 32bit NDR to describe that. In the DCE/RPC
standard this UUID is described as "Version 1.1 network data representation
protocol", but this is an unnecessarily long name and it's the only 32bit
version defined for DCE/RPC anyway. The new name "32bit NDR" is similar to the
changed name for the 64bit NDR.

- added an UUID for "bind time feature negotiation" found with Microsoft PDUs.

- added an UUID for "asynchonous MAPI". Of course this UUID/name should be
added to the MAPI dissector, but the MAPI dissector is generated C code from
Samba/OpenChange pidl sources. Eventually those might get updated. An
alternative would be to create a new file to specifically register UUIDs used
in the DCE/RPC context.

- when the g_hash_table_insert() function is used, I've removed the code to
lookup and remove the key, as g_hash_table_insert() is doing that internally
(or more precise, it is overwriting the old value).

- in the dissector function for Bind and BindAck, I now print all context items
into COL_INFO and not just the first one.

- added a new value for Bind results, used by Microsoft products. (The
"Negotiate ACK" is used with the "bind time feature negotiation" UUID)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 6450] updates to the DCE/RPC dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 6450] updates to the DCE/RPC dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 6450] updates to the DCE/RPC dissector
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 5356] Character echo pauses in Capture Filter field in Capture Options
Next by Date: [Wireshark-bugs] [Bug 6450] updates to the DCE/RPC dissector
Previous by thread: [Wireshark-bugs] [Bug 6449] RTPS2 dissector doesn't handle 0 in the octestToNextHeader field
Next by thread: [Wireshark-bugs] [Bug 6450] updates to the DCE/RPC dissector
Index(es):
- Date
- Thread