Wireshark · Ethereal-dev: [Ethereal-dev] NETLOGON update + bugfixes

Ethereal-dev: [Ethereal-dev] NETLOGON update + bugfixes

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>

Date: Mon, 18 Feb 2002 00:35:42 +1100

Hi attached is a patch to update netlogon

It fixes a few a bug in dissect_ndr_pointer() where it incorrectly checked
toplevel unique pointers
for duplicates.

It changes the unicode_string dissector to specify a UNIQUE pointer to teh
ucarray holding the wchar string,
though teh SAMR idl file specifies it as a PTR pointer.
In the captures I have looked at (several SAMR and one small NETLOGON
capture) it did
not cause any harm.
I needed this change (correct or not) in order to dissect Tim's small
NETLOGON capture since the client he captured from
specifies 0x00000001 for all UNIQUE pointers. This differs from other
implementations but is not incorrect.

It moves a few functions to packet-dcerpc-nt since these are also used by
NETLOGON.

In the network_logon_identity_info dissector I added dissection to eat 8
extra bytes at the end.
These 8 bytes are not present in the idl file i used.
Either the idl file is wrong or the implementation Tim got the capture from
is wrong, or my reading of the NDR spec is wrong.
There is a comment in the code where these bytes are added.

I would be a very very happy camper if someone could generate and send some
NETLOGON captures captured from
NT or W2K clients/servers.
With a set of proper captures with lots of calls I can get this one in the
same semi-good shape that SAMR currently is in.


The dissector attempts to dissect all of NETLOGON, except one structure/call
which needs to call one as of  yet not implemented
structure dissector in LSA.
Dissection will probably fail with [malformed packet] for any
calls/structures containing this element.

There still remains a lot of cleaning up/prettifying to do. Especially empty
strings look really bad right now.


If you apply this patch to CVS, you must be aware that frrom inclusive
Wednesday til Sunday I will not have any internet access and
can not fix any of the many bugs I am certain still exists in teh code.
Unfortunately, there is very limited internet access in the outback.
So, whatever bugs that are not reported to me before Tuesday are not likely
to be fixed until early next week.
You have been warned.

best regards
    ronnie sahlberg

Attachment: netlogon.diff
Description: Binary data

Prev by Date: Re: [Ethereal-dev] [patch] spoolss updates
Next by Date: Re: [Ethereal-dev] gcc warnings about unused variables
Previous by thread: [Ethereal-dev] Novell_NCP_branch in CVS
Next by thread: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$