Wireshark-dev: [Wireshark-dev] contribution: OpenChange dissector for NSPI protocol
From: Julien Kerihuel <[email protected]>
Date: Wed, 1 Nov 2006 21:40:59 +0200

I'm running the OpenChange project which intends to provide an Open Source 
implementation of Microsoft Exchange Server 2000/2003 under Unix platforms. 
(http://www.openchange.org) OpenChange runs as a Samba4 plugin and uses pidl 
with our exchange IDL file.

Since a couple of days, we've released the whole tree and I've finished today 
a NSPI dissector which works fine with wireshark current svn version.

This dissector implements full IDL support for the following NSPI functions:

* NspiBind
* NspiUnbind
* NspiQueryRows
* NspiGetMatches
* NspiDNToEph
* NspiGetProps
* NspiGetHierarchyInfo

The dissector also supports most of the MAPI tags and includes almost all 
possible MAPI error codes.

Nevertheless, the dissector has some limitations. Some functions such as 
NspiUpdateStat, mainly used by Microsoft Exchange Server version prior to 
2000, are not implemented and we only included into the IDL the 
SRestriction_CTR cases we found during our analyze process (scenarios 
available on http://kb.openchange.org)

Regarding the MAPI error codes, I've noticed MAPI_E_LOGON_FAILED was defined 
in packet-windows-common.c. Wouldn't it be valuable to merge our list into a 
common one?

The dissector is available at the following address:

svn co svn://kb.openchange.org/openchange/tools/dissector

Best Regards,


Julien Kerihuel
[email protected]
OpenChange Project Manager

GnuPG Key: http://jkerihuel.openchange.org/keys/kerihuel_gpg_public.asc

Attachment: pgp4kIsHSyf4V.pgp
Description: PGP signature