Wireshark-bugs: [Wireshark-bugs] [Bug 3542] New: get_dfs_referral referral entry is not dissecte
Date: Wed, 17 Jun 2009 09:58:29 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3542

           Summary: get_dfs_referral referral entry is not dissected
                    corectly
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: yamisoe@xxxxxxxxx



yami <yamisoe@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3121|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=3121)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3121)
be confirm to the official protocol spec

Build Information:
Version 1.3.0 (SVN Rev 28767)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS 2.4.2, with
Gcrypt 1.4.1, without Kerberos, without GeoIP, without PortAudio, without
AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.28-11-generic, with libpcap version 1.0.0, GnuTLS 2.4.2,
Gcrypt 1.4.1.

Built using gcc 4.3.3.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The current get_dfs_referral response code is based on old protocol specs,
which are unofficial, erroneous. 

I modify packet-smb.c to be confirm to protocol's official spec [1]. Some
changes are:

  1. handle referral entry version 2, 3, 4 separately. The current code does
not distinguish v3 from v2, however they are not same.
  2. change server type, referral flags etc.
  3. refactor some code, such as string dissecting.

For example, in the attached capture file:
  1. packet 29, 31, current code can not dissect it correctly.
  2. packet 1361, v3 has not 'proximity' field, and 'ttl' consumes 4 bytes. But
current code dissects this incorrectly.


[1]
http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-DFSC%5D.pdf


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.