Ethereal-dev: [Ethereal-dev] TDS dissector changes (packet-tds.c)
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Bill Meier" <wmeier@xxxxxxxxxxx>
Date: Wed, 17 Nov 2004 11:47:30 -0500
I've made a number of changes to the TDS dissector as described below.
Before I submit the patch:
1. I'd like to get any comments anyone may have as to certain choices I've
made with respect to the use of preferences and
the registration of MS SQL TCP ports (see below).
2. I'd like to ask if anyone can provide one or more TDS7 or TDS8
capture files (or point me to same).
I've tested my changes with some TDS4 and TDS5 captures
but I do not have access to TDS 7 or TDS 8 captures.
In theory, I've made no changes to the TDS7/8 dissection code
but testing is obviously appropriate.
Thanks
Bill Meier
Overview of changes
-------------------
1. Do first-level dissection of:
TDS4 ascii query, rpc and response packets;
TDS5 query packets.
2. Handle big-endian TDS5 (and TDS4 if such exists).
3. Add preferences to allow 'hints' as to the TDS version and
'big-endian/little-endian' in the capture being decoded.
4. Register MS_SQL default ports as TDS ports. This also
enables TDS as a choice in 'decode as'.
In addition: Add a preference to specify 'ranges'
of TCP ports to be recognized as TDS ports by the
TDS heuristics function.
Details
-------
1. Add Preferences:
a. To allow specification of a hint as to TDS protocol being decoded
(Unspecified/TDS4/TDS5/TDS7/TDS8); Default: 'unspecified'
The 'hint' is used only when needed to do a correct decode.
If the protocol is unspecified, the decode is as previous.
b. To allow specification of 'ranges' of TCP ports to be treated as
'TDS tcp ports'; i.e. if the source or destination port of a tcp
connection matches a specified range, then the connection should be
considered to be TDS.
c. To allow specification of a hint as to whether TDS being decoded is
'little-endian' or 'big-endian'. Default: 'little-endian'.
A hint is just that; E.G. if TDS7+ packets are encountered the decode
is always 'little-endian'/
2, Register tcp MS SQL default ports (1433, 2433) as TDS ports
('dissector_add'). This also enables TDS as a choice for 'decode as'.
3. 'netlib_check_login_pkt' changed to check 'TDS tcp port' range(s) as
entered in preferences;
4. Change 'dissect_tds_query_packet' to handle TDS4 ascii in addition to
TDS7/8 UCS-16.
5. Change 'dissect_tds_rpc' to:
a. handle TDS4 ascii RPC in addition to TDS7/8 UCS-16 RPC;
b. handle Microsoft 'encoded' rpc_name;
c. fix memory leak (not freeing memory obtained using
'tvb_fake_unicode');
6. Change 'dissect_tds_response' to:
a. handle tds4 tokens 'tds_col_name' and 'tds_col_info';
b. dissect tokens 'tds_doneinproc' and tds 'doneproc' similarly to
'tds_done'
c. reclaim memory allocated for 'tds_col' structures when finished
processing response
(Additional memory was being allocated each time a
tokenized tds5 response was processed)
7. New function 'dissect_tds_col_info_token' (similar to
'read_results_tds5') associated with handling TDS4 responses.
8. New functions 'dissect_tds_query5_packet', 'dissect_tds5_lang_token'
9. Rework TDS token size calculation; Some TDS tokens have a length field
of other than 2 bytes. (e.g.: the length field
for TDS_LANG_TOKEN is 4 bytes)
10. Update token definitions and usages;
a. Update based upon info from current version of FreeTDS 'tds.h'
as well as info from Sybase TDS5 document;
example: TDS_124_TOKEN renamed to TDS_PROCID_TOKEN
b. TDS_124_TOKEN [TDS_PROCID] was incorrectly not considered
a 'fixed-size' token in function 'tds_is_fixed_token'
- Prev by Date: Re: [Ethereal-dev] Trying to add new format file
- Next by Date: [Ethereal-dev] still wondering DDD
- Previous by thread: [Ethereal-dev] Re: The Thing (MATE) - has anyone made any changes yet?
- Next by thread: [Ethereal-dev] still wondering DDD
- Index(es):
