Hi,
In the mean time let me remind everyone it is not allowed to simply drop
preferences from your code. Once it's in there it's in the preference
files and warnings like this appear if you do take it out.
The mechanism to solve this is by replacing your preference registration
by:
prefs_register_obsolete_preference(module_t *module, const char *name);
Thanx,
Jaap
ronnie sahlberg wrote:
i temporarily disabled sidsnooping for now.
sidsnooping was an idea i had a long time ago but i never finished properly.
it would be nice if it were enhanced in the future to actually look at
most of the dcerpc commands where sids are mapped and used it.
it would also be nice with a small gui where one can see which sids
are known and mapped.
it would take a lot of time to fix it correctly so it becomes useful.
maybe i will do it soon.... i hope
On 7/9/07, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:
I'm seeing this error when starting wireshark (despite tshark below in
the error output).
Ronnie - will you be adding samr.hnd back again as a field, or should
this filter expression (in packet-smb-sidsnooping.c) be changed now?
tshark: Couldn't register
proto_reg_handoff_smb_sidsnooping()/samr_query_dispinfo tap: Filter
"samr and samr.opnum==40 and ( samr.hnd or samr.rid or samr.acct_name
or samr.level )" is invalid - "samr.hnd" is neither a field nor a
protocol name.
