ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [Ethereal-dev] Re packet-smb.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Pia Sahlberg" <piabar@xxxxxxxxxxx>
Date: Tue, 09 Oct 2001 23:26:50 +0000
Hi list
As you might have noticed if you have tested it, the tvbuffified smb dissector I posted yesterday is far from production quality. 

Some of the main faults of the dissector are:
~ time/date,  time and date decoding of the various formats used
 by smb is completely hosed.
 It displays the right number of bytes (I think) but the decoding
 is broken.
 Should not be too difficult to fix.
~ 64 bit integers. Ethereal needs something like FT_UINT64 to properly
 display 64 bit integers used by several smb commands as Trans2 and
 NT Trans. As of now all 64bit integers are displayed via a sub in
 packet-smb.c which really only reads and displays the low 32 bits
 of the data.
~ 64bit time format. Probably quite a lot of work.
 Some smb commands use a 64bit integer field to represent the date/time
 which currently is just displayed as <can not decode yet> in a
 sub in packet-smb.c.
 Perhaps we need something like FT_ABSOLUTE_TIME_64 or something.
~ Can not handle well when WordCount==0 or ByteCount==0 for error
 conditions.
 A lot of work but simple to do.


I belive the dissector is far from production quality right now but
if placed in CVS after the next release it can be tested and worked on
until it is useable.
If not, we can just back it out before the next-next release and go back to the old one. 
Or can a separate CVS branch be set up for this dissector so it can
be worked on and improved by all interested developers until it is good
enough for the main branch?
The dissector is BIG and was a bitch to write and it will be a bitch
to test and improve until it is useable which will take a lot of time
and effort. But I do think it can be used if it is just properly
tested and fixed.

(and then we can get reassembly of Trans and NT Trans commands :-))

Comments? Guy?
On a different note, Guy, the entry in Authors for me starts to look silly in my opinion. Could you change it to just one entry saying something like "Misc enhancement and fixes" or similar? 
Thanks.

have fun
 ronnie sahlberg


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube