Wireshark · Ethereal-dev: [Ethereal-dev] Re: FT_GUID - use it in DCE RPC dissectors, etc.?

Ethereal-dev: [Ethereal-dev] Re: FT_GUID - use it in DCE RPC dissectors, etc.?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Wed, 13 Jul 2005 04:10:10 -0400

On 7/4/05, Guy Harris <gharris@xxxxxxxxx> wrote:
> kukosa@xxxxxxxxxxxx wrote:
> > User: kukosa
> > Date: 2005/07/04 08:04 AM
> > 
> > Log:
> >  new field type FT_GUID
> 
> Should this be used in, for example, DCE RPC dissectors?

Yes, I think so.

I have changed the dcerpc idl2eth compiler to generate FT_GUID hf fields.

I have changed dissect_dcerpc_uuid_t() to accept either FT_STRING or
FT_GUID (untill all dissectors are converted)

I regenerated and tested with a DRSUAPI capture containing a lot of GUIDs.

Note that the FT_GUID support is still buggy and only works correctly
for big endian representation.
The GUID actually starts with one 32bit integer followed by 2 16 bit
integers which are represented in either LE or BE format depending on
circumstances.
guid_to_str() thus needs to be passed one more parameter to indicate
byte order  which we pass to proto_tree_add_item() anyway.

References:
- [Ethereal-dev] FT_GUID - use it in DCE RPC dissectors, etc.?
  - From: Guy Harris

Prev by Date: Re: Patch in reassemble.c (was Re: [Ethereal-dev] Crash in ethereal 0.10.8, somewhat reproducible)
Next by Date: [Ethereal-dev] asn1.dll : fatal error LNK1120
Previous by thread: [Ethereal-dev] FT_GUID - use it in DCE RPC dissectors, etc.?
Next by thread: [Ethereal-dev] patch: negative relative time fixes
Index(es):
- Date
- Thread