Hi Tim,
----- Original Message -----
From: "Tim Potter" <tpot@xxxxxxxxx>
To: <ethereal-dev@xxxxxxxxxxxx>
Sent: Sunday, November 18, 2001 7:59 AM
Subject: [Ethereal-dev] [PATCH] fid tracking
> Hi everyone. Here is a small patch which starts to add fid tracking
> for msrpc calls. Also, display the returned fid in the info
> column of the ntcreate&x reply.
>
> I would like to be able to type "smb.fid == 0x4000" into the filter
> field and have all operations on that fid come up. At the moment,
> it pops up with the ntcreate&x response, the dcerpc bind and msrpc
> requests, and the read&x requests for large dcerpc packets. What I
> would like is the responses to be picked out as well by adding a
> hidden uint item for the fid from the request packet.
>
> Should I add this to the smb_info_t, or the smb_saved_info_t, or
> perhaps start breaking things out into a separate structure of its own
> like smb_ntcreate_info_t?
Please if possible try to keep smb_info as small as possible. It affects the
runtime requirement of ethereal and thethereal.
If possible, reuse an existing varialbe in that structure which is not
relevant for msrpc or create a union.
(does msrpc use the subcmd or info_level ? if not, perhaps one of these can
be reused)
Also, please keep an eye on the CVS traffic. There will probably be from
time to time some small changes to the
smb_info structures to remove redundant information and to lower the size
and memory impact of it.
Perhaps the smb_info handling should be changed as Guy suggested to just
contain frame_req/frame_res and
a void * to point to protocol specific data.
Apart from that, cool. Does this mean we will see some msrpc command
dissectors?
You might be interested in this:
Some MSRPC calls are fairly large? right? larger than a SMB packet, right?
I am looking right now into adding support to do defragmentation of
transaction calls
and will within a day or two create patches wich will add defragmentation of
SMB Transaction calls.
>
>
> Tim.
>
