track FIDs on a per transaction (request+response) basis and make sure the FID is...

author Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>

Mon, 21 May 2007 03:44:49 +0000 (03:44 -0000)

committer Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>

Mon, 21 May 2007 03:44:49 +0000 (03:44 -0000)
author Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>
Mon, 21 May 2007 03:44:49 +0000 (03:44 -0000)
committer Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>
Mon, 21 May 2007 03:44:49 +0000 (03:44 -0000)
diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c

index afc952fb1df9111178eafd4972785df10e84cbb7..8860d80974ba0f129217c6b7e36a055f292adc9f 100644 (file)
--- a/epan/dissectors/packet-smb.c
+++ b/epan/dissectors/packet-smb.c
@@ -3312,6 +3312,7 @@ dissect_smb_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset,
      int len, guint16 fid, gboolean is_created, gboolean is_closed, gboolean is_generated)
  {
         smb_info_t *si = pinfo->private_data;
+       smb_saved_info_t *sip = si->sip;
         proto_item *it;
         proto_tree *tr;
         smb_fid_info_t *fid_info=NULL;
@@ -3347,6 +3348,18 @@ dissect_smb_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset,
                 return NULL;
         }
  
+       /* Store the fid in the transaction structure and remember if
+          it was in the request or in the reply we saw it 
+        */
+       if(sip && (!is_generated) && (!pinfo->fd->flags.visited)) {
+               sip->fid=fid;
+               if(si->request){
+                       sip->fid_seen_in_request=TRUE;
+               } else {
+                       sip->fid_seen_in_request=FALSE;
+               }
+       }
+
         if((!pinfo->fd->flags.visited) && is_closed){
                 fid_info->closed_in=pinfo->fd->num;
         }
@@ -15020,6 +15033,7 @@ static int
  dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *smb_tree, guint8 cmd, gboolean first_pdu)
  {
         smb_info_t *si;
+       smb_saved_info_t *sip;
  
         si = pinfo->private_data;
         DISSECTOR_ASSERT(si);
@@ -15051,6 +15065,18 @@ dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *s
  
                 cmd_tree = proto_item_add_subtree(cmd_item, ett_smb_command);
  
+               /* we track FIDs on a per transaction basis.
+                  if this was a request and the fid was seen in a reply
+                  we add a "generated" fid tree for this pdu and v.v.
+                */
+               sip = si->sip;
+               if (sip && sip->fid) {
+                       if( (si->request && (!sip->fid_seen_in_request))
+                         ||((!si->request) && sip->fid_seen_in_request) ){
+                               dissect_smb_fid(tvb, pinfo, cmd_tree, offset, 0, sip->fid, FALSE, FALSE, TRUE);
+                       }
+               }
+
                 dissector = (si->request)?
                         smb_dissector[cmd].request:smb_dissector[cmd].response;
  
@@ -15930,6 +15956,8 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
                                 sip->cmd = si->cmd;
                                 sip->extra_info = NULL;
                                 sip->extra_info_type = SMB_EI_NONE;
+                               sip->fid=0;
+                               sip->fid_seen_in_request=0;
                                 g_hash_table_insert(si->ct->unmatched, GUINT_TO_POINTER(pid_mid), sip);
                                 new_key = se_alloc(sizeof(smb_saved_info_key_t));
                                 new_key->frame = sip->frame_req;
diff --git a/epan/dissectors/packet-smb.h b/epan/dissectors/packet-smb.h

index 02227d6598f3360d080014861da0f32bca7543d1..2609ba569ef7d282ce750b729b988fb22541a742 100644 (file)
--- a/epan/dissectors/packet-smb.h
+++ b/epan/dissectors/packet-smb.h
@@ -208,6 +208,7 @@ typedef enum {
         SMB_EI_FILEDATA,        /* fid tracking */
         SMB_EI_UID              /* smb_uid_t */
  } smb_extra_info_t;
+typedef struct _smb_fid_into_t smb_fid_info_t;
  typedef struct {
         guint32 frame_req, frame_res;
         nstime_t req_time;
@@ -215,6 +216,10 @@ typedef struct {
         guint8 cmd;
         void *extra_info;
         smb_extra_info_t extra_info_type;
+       /* we save the fid in each transaction so that we can get fid filters
+          to match both request and response */
+       gboolean fid_seen_in_request;
+       guint16 fid;
  } smb_saved_info_t;
  
  /*
@@ -301,12 +306,12 @@ typedef struct _smb_fid_saved_info_t {
         guint32 share_access;
         guint32 create_options;
  } smb_fid_saved_info_t;
-typedef struct _smb_fid_into_t {
+struct _smb_fid_into_t {
         int opened_in;
         int closed_in;
         int type;
         smb_fid_saved_info_t *fsi;
-} smb_fid_info_t;
+};
  
  /* used for tracking tid to sharename openedframe closedframe */
  typedef struct _smb_tid_into_t {
author	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>
	Mon, 21 May 2007 03:44:49 +0000 (03:44 -0000)
committer	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>
	Mon, 21 May 2007 03:44:49 +0000 (03:44 -0000)
epan/dissectors/packet-smb.c		patch \| blob \| history
epan/dissectors/packet-smb.h		patch \| blob \| history