Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-commits: [Wireshark-commits] rev 19350: /trunk/ /trunk/epan/dissectors/: Makefile.common

Date: Thu, 28 Sep 2006 16:29:20 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=19350

User: sahlberg
Date: 2006/09/28 04:29 PM

Log:
 From stephen fisher:
 
 
 I have figured out one of the fields in the MAPI
 EcRRegisterPushNotification packet.  The field is a UDP port number that
 the client wants the Exchange server to send new mail notifications on.
 These notifications are on a port > 1023 and are always 8 bytes long.
 
 It looks like I would add the function name to the
 dcerpc_mapi_dissectors[] for the register push notification.  What would
 my new function need to do besides display the field?
 
 
 Thanks,
 
 Steve
 
 Here is a patch to add this functionality.  It displays the notification
 port and the notification payload (not sure what the payload itself
 means yet).  It also dynamically registers each notification port found
 with a new dissector (that I called newmail for lack of a better name -
 I'm open to suggestions) that displays the notification payload.  This
 is all undocumented by Microsoft in their usual fashion.
 
 I also changed the code to always display the mapi.opnum field;
 currently, the mapi.opnum is only displayed when the
 dcerpc_mapi_dissector is null.
 
 
 Steve

Directory: /trunk/epan/dissectors/
  Changes    Path                    Action
  +1 -0      Makefile.common         Modified
  +33 -2     packet-dcerpc-mapi.c    Modified
  +2 -4      packet-dcerpc.c         Modified
  +148 -0    packet-newmail.c        Added

Directory: /trunk/
  Changes    Path          Action
  +1 -0      AUTHORS       Modified