Wireshark · Ethereal-dev: Re: [Ethereal-dev] Updates for packet-dcerpc-tkn4int.c

Ethereal-dev: Re: [Ethereal-dev] Updates for packet-dcerpc-tkn4int.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jaime Fournier <jafour1@xxxxxxxxx>

Date: Sun, 13 Apr 2003 08:41:17 -0700 (PDT)

Will do.

--- Ronnie Sahlberg <ronnie_sahlberg@xxxxxxxxxxxxxx>
wrote:
> I looked at it again and have some comments
> 
> First, FT_UINT64 can not be used directly in teh
> dissector
> since the IDL files even if they use 64bit integer
> types, always
> describe tehm as a struct (afsHyper) consisting of
> two individual 32 bit
> scalars.
> 
> Why did DCE define proper 64bit scalars for the wire
> representation if they
> dont plan
> to use them?
> 
> Anyway,  the dissector didnt work properly since it
> did not take into
> account that the
> parameters start with a unidimensional and varying
> array.
> 
> I changed the dissector "slightly" and have attached
> it.
> 
> 
> See how closely the dissectors match the IDL file.
> The transformation from IDL to ethgereal dissector
> is rather trivial and i
> bet a simple shellscript could be hacked up in a day
> or two to compile the
> idl into ethereal dissectors.
> 
> 
> One thing one might consider enhancing the dissector
> with is to enhance the
> afsHyper handling.
> Since this is a {guint32 high; guint32 low} struct
> and not a proper 64bit
> scalar, one can not use
> FT_UINT directly.
> It would probably be possible to do somethinbg
> simple as
>    guint32 type[2];
> ...
>    dissect_ndr_uint32(... &type[0] ... )
>    dissect_ndr_uint32(... &type[1]... )
> ...
>    col_append_str(COL_INFO, " Type: %s",
> n64toa(type));
> ...
> to convert it to 64 bit values for display.
> 
> 
> please study the attached version of the dissector.
> 
> 
> ----- Original Message -----
> From: "Jaime Fournier" <
> Sent: Thursday, April 10, 2003 12:40 PM
> Subject: [Ethereal-dev] Updates for
> packet-dcerpc-tkn4int.c
> 
> 
> > Please review, and submit this patch.
> > This is the first of many updates I need to
> submit,
> > once I have cleaned them up, and removed external
> > macros. Included is a trace of tkn4int packets.
> >
> > Thanks!
> >
> > =====
> > Jaime Fournier
> 
> 

> ATTACHMENT part 2 application/octet-stream
name=packet-dcerpc-tkn4int.c



=====
Jaime Fournier

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com

References:
- Re: [Ethereal-dev] Updates for packet-dcerpc-tkn4int.c
  - From: Ronnie Sahlberg

Prev by Date: Re: [Ethereal-dev] Updates for packet-dcerpc-tkn4int.c
Next by Date: Re: [Ethereal-dev] Re: [Ethereal-cvs] cvs commit: ethereal packet-smb.c smb.h
Previous by thread: Re: [Ethereal-dev] Updates for packet-dcerpc-tkn4int.c
Next by thread: [Ethereal-dev] Patch to packet-isup, decode User service info.
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$