2 * Routines for smb2 packet dissection
5 * For documentation of this protocol, see:
7 * https://wiki.wireshark.org/SMB2
8 * https://msdn.microsoft.com/en-us/library/cc246482.aspx
10 * If you edit this file, keep the wiki updated as well.
12 * Wireshark - Network traffic analyzer
13 * By Gerald Combs <gerald@wireshark.org>
14 * Copyright 1998 Gerald Combs
16 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License
18 * as published by the Free Software Foundation; either version 2
19 * of the License, or (at your option) any later version.
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 #include <epan/packet.h>
35 #include <epan/prefs.h>
36 #include <epan/expert.h>
38 #include <epan/srt_table.h>
39 #include <epan/aftypes.h>
40 #include <epan/to_str.h>
41 #include <epan/asn1.h>
42 #include <epan/reassemble.h>
44 #include "packet-smb2.h"
45 #include "packet-ntlmssp.h"
46 #include "packet-kerberos.h"
47 #include "packet-windows-common.h"
48 #include "packet-smb-common.h"
49 #include "packet-dcerpc-nt.h"
51 #include "read_keytab_file.h"
53 #include <wsutil/wsgcrypt.h>
55 #define NT_STATUS_PENDING 0x00000103
57 void proto_register_smb2(void);
58 void proto_reg_handoff_smb2(void);
60 static const char smb_header_label[] = "SMB2 Header";
61 static const char smb_transform_header_label[] = "SMB2 Transform Header";
63 static int proto_smb2 = -1;
64 static int hf_smb2_cmd = -1;
65 static int hf_smb2_nt_status = -1;
66 static int hf_smb2_response_to = -1;
67 static int hf_smb2_response_in = -1;
68 static int hf_smb2_time = -1;
69 static int hf_smb2_header_len = -1;
70 static int hf_smb2_msg_id = -1;
71 static int hf_smb2_pid = -1;
72 static int hf_smb2_tid = -1;
73 static int hf_smb2_aid = -1;
74 static int hf_smb2_sesid = -1;
75 static int hf_smb2_previous_sesid = -1;
76 static int hf_smb2_flags_response = -1;
77 static int hf_smb2_flags_async_cmd = -1;
78 static int hf_smb2_flags_dfs_op = -1;
79 static int hf_smb2_flags_chained = -1;
80 static int hf_smb2_flags_signature = -1;
81 static int hf_smb2_flags_replay_operation = -1;
82 static int hf_smb2_flags_priority_mask = -1;
83 static int hf_smb2_chain_offset = -1;
84 static int hf_smb2_security_blob = -1;
85 static int hf_smb2_ioctl_in_data = -1;
86 static int hf_smb2_ioctl_out_data = -1;
87 static int hf_smb2_unknown = -1;
88 static int hf_smb2_root_directory_mbz = -1;
89 static int hf_smb2_twrp_timestamp = -1;
90 static int hf_smb2_mxac_timestamp = -1;
91 static int hf_smb2_mxac_status = -1;
92 static int hf_smb2_qfid_fid = -1;
93 static int hf_smb2_create_timestamp = -1;
94 static int hf_smb2_oplock = -1;
95 static int hf_smb2_close_flags = -1;
96 static int hf_smb2_notify_flags = -1;
97 static int hf_smb2_last_access_timestamp = -1;
98 static int hf_smb2_last_write_timestamp = -1;
99 static int hf_smb2_last_change_timestamp = -1;
100 static int hf_smb2_current_time = -1;
101 static int hf_smb2_boot_time = -1;
102 static int hf_smb2_filename = -1;
103 static int hf_smb2_filename_len = -1;
104 static int hf_smb2_replace_if = -1;
105 static int hf_smb2_nlinks = -1;
106 static int hf_smb2_delete_pending = -1;
107 static int hf_smb2_is_directory = -1;
108 static int hf_smb2_file_id = -1;
109 static int hf_smb2_allocation_size = -1;
110 static int hf_smb2_end_of_file = -1;
111 static int hf_smb2_tree = -1;
112 static int hf_smb2_find_pattern = -1;
113 static int hf_smb2_find_info_level = -1;
114 static int hf_smb2_find_info_blob = -1;
115 static int hf_smb2_client_guid = -1;
116 static int hf_smb2_server_guid = -1;
117 static int hf_smb2_object_id = -1;
118 static int hf_smb2_birth_volume_id = -1;
119 static int hf_smb2_birth_object_id = -1;
120 static int hf_smb2_domain_id = -1;
121 static int hf_smb2_class = -1;
122 static int hf_smb2_infolevel = -1;
123 static int hf_smb2_infolevel_file_info = -1;
124 static int hf_smb2_infolevel_fs_info = -1;
125 static int hf_smb2_infolevel_sec_info = -1;
126 static int hf_smb2_infolevel_posix_info = -1;
127 static int hf_smb2_max_response_size = -1;
128 static int hf_smb2_max_ioctl_in_size = -1;
129 static int hf_smb2_max_ioctl_out_size = -1;
130 static int hf_smb2_flags = -1;
131 static int hf_smb2_required_buffer_size = -1;
132 static int hf_smb2_getinfo_size = -1;
133 static int hf_smb2_getinfo_offset = -1;
134 static int hf_smb2_getinfo_additional = -1;
135 static int hf_smb2_getinfo_flags = -1;
136 static int hf_smb2_setinfo_size = -1;
137 static int hf_smb2_setinfo_offset = -1;
138 static int hf_smb2_file_basic_info = -1;
139 static int hf_smb2_file_standard_info = -1;
140 static int hf_smb2_file_internal_info = -1;
141 static int hf_smb2_file_ea_info = -1;
142 static int hf_smb2_file_access_info = -1;
143 static int hf_smb2_file_rename_info = -1;
144 static int hf_smb2_file_disposition_info = -1;
145 static int hf_smb2_file_position_info = -1;
146 static int hf_smb2_file_full_ea_info = -1;
147 static int hf_smb2_file_mode_info = -1;
148 static int hf_smb2_file_alignment_info = -1;
149 static int hf_smb2_file_all_info = -1;
150 static int hf_smb2_file_allocation_info = -1;
151 static int hf_smb2_file_endoffile_info = -1;
152 static int hf_smb2_file_alternate_name_info = -1;
153 static int hf_smb2_file_stream_info = -1;
154 static int hf_smb2_file_pipe_info = -1;
155 static int hf_smb2_file_compression_info = -1;
156 static int hf_smb2_file_network_open_info = -1;
157 static int hf_smb2_file_attribute_tag_info = -1;
158 static int hf_smb2_fs_info_01 = -1;
159 static int hf_smb2_fs_info_03 = -1;
160 static int hf_smb2_fs_info_04 = -1;
161 static int hf_smb2_fs_info_05 = -1;
162 static int hf_smb2_fs_info_06 = -1;
163 static int hf_smb2_fs_info_07 = -1;
164 static int hf_smb2_fs_objectid_info = -1;
165 static int hf_smb2_sec_info_00 = -1;
166 static int hf_smb2_quota_info = -1;
167 static int hf_smb2_query_quota_info = -1;
168 static int hf_smb2_qq_single = -1;
169 static int hf_smb2_qq_restart = -1;
170 static int hf_smb2_qq_sidlist_len = -1;
171 static int hf_smb2_qq_start_sid_len = -1;
172 static int hf_smb2_qq_start_sid_offset = -1;
173 static int hf_smb2_fid = -1;
174 static int hf_smb2_write_length = -1;
175 static int hf_smb2_write_data = -1;
176 static int hf_smb2_write_flags = -1;
177 static int hf_smb2_write_flags_write_through = -1;
178 static int hf_smb2_write_count = -1;
179 static int hf_smb2_write_remaining = -1;
180 static int hf_smb2_read_length = -1;
181 static int hf_smb2_read_remaining = -1;
182 static int hf_smb2_file_offset = -1;
183 static int hf_smb2_qfr_length = -1;
184 static int hf_smb2_qfr_usage = -1;
185 static int hf_smb2_qfr_flags = -1;
186 static int hf_smb2_qfr_total_region_entry_count = -1;
187 static int hf_smb2_qfr_region_entry_count = -1;
188 static int hf_smb2_read_data = -1;
189 static int hf_smb2_disposition_delete_on_close = -1;
190 static int hf_smb2_create_disposition = -1;
191 static int hf_smb2_create_chain_offset = -1;
192 static int hf_smb2_create_chain_data = -1;
193 static int hf_smb2_data_offset = -1;
194 static int hf_smb2_extrainfo = -1;
195 static int hf_smb2_create_action = -1;
196 static int hf_smb2_create_rep_flags = -1;
197 static int hf_smb2_create_rep_flags_reparse_point = -1;
198 static int hf_smb2_next_offset = -1;
199 static int hf_smb2_negotiate_context_type = -1;
200 static int hf_smb2_negotiate_context_data_length = -1;
201 static int hf_smb2_negotiate_context_offset = -1;
202 static int hf_smb2_negotiate_context_count = -1;
203 static int hf_smb2_hash_alg_count = -1;
204 static int hf_smb2_hash_algorithm = -1;
205 static int hf_smb2_salt_length = -1;
206 static int hf_smb2_salt = -1;
207 static int hf_smb2_cipher_count = -1;
208 static int hf_smb2_cipher_id = -1;
209 static int hf_smb2_ea_size = -1;
210 static int hf_smb2_ea_flags = -1;
211 static int hf_smb2_ea_name_len = -1;
212 static int hf_smb2_ea_data_len = -1;
213 static int hf_smb2_ea_name = -1;
214 static int hf_smb2_ea_data = -1;
215 static int hf_smb2_buffer_code = -1;
216 static int hf_smb2_buffer_code_len = -1;
217 static int hf_smb2_buffer_code_flags_dyn = -1;
218 static int hf_smb2_olb_offset = -1;
219 static int hf_smb2_olb_length = -1;
220 static int hf_smb2_tag = -1;
221 static int hf_smb2_impersonation_level = -1;
222 static int hf_smb2_ioctl_function = -1;
223 static int hf_smb2_ioctl_function_device = -1;
224 static int hf_smb2_ioctl_function_access = -1;
225 static int hf_smb2_ioctl_function_function = -1;
226 static int hf_smb2_fsctl_pipe_wait_timeout = -1;
227 static int hf_smb2_fsctl_pipe_wait_name = -1;
229 static int hf_smb2_fsctl_odx_token_type = -1;
230 static int hf_smb2_fsctl_odx_token_idlen = -1;
231 static int hf_smb2_fsctl_odx_token_idraw = -1;
232 static int hf_smb2_fsctl_odx_token_ttl = -1;
233 static int hf_smb2_fsctl_odx_size = -1;
234 static int hf_smb2_fsctl_odx_flags = -1;
235 static int hf_smb2_fsctl_odx_file_offset = -1;
236 static int hf_smb2_fsctl_odx_copy_length = -1;
237 static int hf_smb2_fsctl_odx_xfer_length = -1;
238 static int hf_smb2_fsctl_odx_token_offset = -1;
240 static int hf_smb2_fsctl_sparse_flag = -1;
241 static int hf_smb2_fsctl_range_offset = -1;
242 static int hf_smb2_fsctl_range_length = -1;
243 static int hf_smb2_ioctl_function_method = -1;
244 static int hf_smb2_ioctl_resiliency_timeout = -1;
245 static int hf_smb2_ioctl_resiliency_reserved = -1;
246 static int hf_smb2_ioctl_shared_virtual_disk_support = -1;
247 static int hf_smb2_ioctl_shared_virtual_disk_handle_state = -1;
248 static int hf_smb2_ioctl_sqos_protocol_version = -1;
249 static int hf_smb2_ioctl_sqos_reserved = -1;
250 static int hf_smb2_ioctl_sqos_options = -1;
251 static int hf_smb2_ioctl_sqos_op_set_logical_flow_id = -1;
252 static int hf_smb2_ioctl_sqos_op_set_policy = -1;
253 static int hf_smb2_ioctl_sqos_op_probe_policy = -1;
254 static int hf_smb2_ioctl_sqos_op_get_status = -1;
255 static int hf_smb2_ioctl_sqos_op_update_counters = -1;
256 static int hf_smb2_ioctl_sqos_logical_flow_id = -1;
257 static int hf_smb2_ioctl_sqos_policy_id = -1;
258 static int hf_smb2_ioctl_sqos_initiator_id = -1;
259 static int hf_smb2_ioctl_sqos_limit = -1;
260 static int hf_smb2_ioctl_sqos_reservation = -1;
261 static int hf_smb2_ioctl_sqos_initiator_name = -1;
262 static int hf_smb2_ioctl_sqos_initiator_node_name = -1;
263 static int hf_smb2_ioctl_sqos_io_count_increment = -1;
264 static int hf_smb2_ioctl_sqos_normalized_io_count_increment = -1;
265 static int hf_smb2_ioctl_sqos_latency_increment = -1;
266 static int hf_smb2_ioctl_sqos_lower_latency_increment = -1;
267 static int hf_smb2_ioctl_sqos_bandwidth_limit = -1;
268 static int hf_smb2_ioctl_sqos_kilobyte_count_increment = -1;
269 static int hf_smb2_ioctl_sqos_time_to_live = -1;
270 static int hf_smb2_ioctl_sqos_status = -1;
271 static int hf_smb2_ioctl_sqos_maximum_io_rate = -1;
272 static int hf_smb2_ioctl_sqos_minimum_io_rate = -1;
273 static int hf_smb2_ioctl_sqos_base_io_size = -1;
274 static int hf_smb2_ioctl_sqos_reserved2 = -1;
275 static int hf_smb2_ioctl_sqos_maximum_bandwidth = -1;
276 static int hf_windows_sockaddr_family = -1;
277 static int hf_windows_sockaddr_port = -1;
278 static int hf_windows_sockaddr_in_addr = -1;
279 static int hf_windows_sockaddr_in6_flowinfo = -1;
280 static int hf_windows_sockaddr_in6_addr = -1;
281 static int hf_windows_sockaddr_in6_scope_id = -1;
282 static int hf_smb2_ioctl_network_interface_next_offset = -1;
283 static int hf_smb2_ioctl_network_interface_index = -1;
284 static int hf_smb2_ioctl_network_interface_rss_queue_count = -1;
285 static int hf_smb2_ioctl_network_interface_capabilities = -1;
286 static int hf_smb2_ioctl_network_interface_capability_rss = -1;
287 static int hf_smb2_ioctl_network_interface_capability_rdma = -1;
288 static int hf_smb2_ioctl_network_interface_link_speed = -1;
289 static int hf_smb2_ioctl_shadow_copy_num_volumes = -1;
290 static int hf_smb2_ioctl_shadow_copy_num_labels = -1;
291 static int hf_smb2_ioctl_shadow_copy_count = -1;
292 static int hf_smb2_ioctl_shadow_copy_label = -1;
293 static int hf_smb2_compression_format = -1;
294 static int hf_smb2_checksum_algorithm = -1;
295 static int hf_smb2_integrity_reserved = -1;
296 static int hf_smb2_integrity_flags = -1;
297 static int hf_smb2_integrity_flags_enforcement_off = -1;
298 static int hf_smb2_FILE_OBJECTID_BUFFER = -1;
299 static int hf_smb2_lease_key = -1;
300 static int hf_smb2_lease_state = -1;
301 static int hf_smb2_lease_state_read_caching = -1;
302 static int hf_smb2_lease_state_handle_caching = -1;
303 static int hf_smb2_lease_state_write_caching = -1;
304 static int hf_smb2_lease_flags = -1;
305 static int hf_smb2_lease_flags_break_ack_required = -1;
306 static int hf_smb2_lease_flags_parent_lease_key_set = -1;
307 static int hf_smb2_lease_flags_break_in_progress = -1;
308 static int hf_smb2_lease_duration = -1;
309 static int hf_smb2_parent_lease_key = -1;
310 static int hf_smb2_lease_epoch = -1;
311 static int hf_smb2_lease_reserved = -1;
312 static int hf_smb2_lease_break_reason = -1;
313 static int hf_smb2_lease_access_mask_hint = -1;
314 static int hf_smb2_lease_share_mask_hint = -1;
315 static int hf_smb2_acct_name = -1;
316 static int hf_smb2_domain_name = -1;
317 static int hf_smb2_host_name = -1;
318 static int hf_smb2_auth_frame = -1;
319 static int hf_smb2_tcon_frame = -1;
320 static int hf_smb2_share_type = -1;
321 static int hf_smb2_signature = -1;
322 static int hf_smb2_credit_charge = -1;
323 static int hf_smb2_credits_requested = -1;
324 static int hf_smb2_credits_granted = -1;
325 static int hf_smb2_channel_sequence = -1;
326 static int hf_smb2_dialect_count = -1;
327 static int hf_smb2_security_mode = -1;
328 static int hf_smb2_secmode_flags_sign_required = -1;
329 static int hf_smb2_secmode_flags_sign_enabled = -1;
330 static int hf_smb2_ses_req_flags = -1;
331 static int hf_smb2_ses_req_flags_session_binding = -1;
332 static int hf_smb2_capabilities = -1;
333 static int hf_smb2_cap_dfs = -1;
334 static int hf_smb2_cap_leasing = -1;
335 static int hf_smb2_cap_large_mtu = -1;
336 static int hf_smb2_cap_multi_channel = -1;
337 static int hf_smb2_cap_persistent_handles = -1;
338 static int hf_smb2_cap_directory_leasing = -1;
339 static int hf_smb2_cap_encryption = -1;
340 static int hf_smb2_dialect = -1;
341 static int hf_smb2_max_trans_size = -1;
342 static int hf_smb2_max_read_size = -1;
343 static int hf_smb2_max_write_size = -1;
344 static int hf_smb2_channel = -1;
345 static int hf_smb2_rdma_v1_offset = -1;
346 static int hf_smb2_rdma_v1_token = -1;
347 static int hf_smb2_rdma_v1_length = -1;
348 static int hf_smb2_session_flags = -1;
349 static int hf_smb2_ses_flags_guest = -1;
350 static int hf_smb2_ses_flags_null = -1;
351 static int hf_smb2_ses_flags_encrypt = -1;
352 static int hf_smb2_share_flags = -1;
353 static int hf_smb2_share_flags_dfs = -1;
354 static int hf_smb2_share_flags_dfs_root = -1;
355 static int hf_smb2_share_flags_restrict_exclusive_opens = -1;
356 static int hf_smb2_share_flags_force_shared_delete = -1;
357 static int hf_smb2_share_flags_allow_namespace_caching = -1;
358 static int hf_smb2_share_flags_access_based_dir_enum = -1;
359 static int hf_smb2_share_flags_force_levelii_oplock = -1;
360 static int hf_smb2_share_flags_enable_hash_v1 = -1;
361 static int hf_smb2_share_flags_enable_hash_v2 = -1;
362 static int hf_smb2_share_flags_encrypt_data = -1;
363 static int hf_smb2_share_caching = -1;
364 static int hf_smb2_share_caps = -1;
365 static int hf_smb2_share_caps_dfs = -1;
366 static int hf_smb2_share_caps_continuous_availability = -1;
367 static int hf_smb2_share_caps_scaleout = -1;
368 static int hf_smb2_share_caps_cluster = -1;
369 static int hf_smb2_create_flags = -1;
370 static int hf_smb2_lock_count = -1;
371 static int hf_smb2_min_count = -1;
372 static int hf_smb2_remaining_bytes = -1;
373 static int hf_smb2_channel_info_offset = -1;
374 static int hf_smb2_channel_info_length = -1;
375 static int hf_smb2_channel_info_blob = -1;
376 static int hf_smb2_ioctl_flags = -1;
377 static int hf_smb2_ioctl_is_fsctl = -1;
378 static int hf_smb2_close_pq_attrib = -1;
379 static int hf_smb2_notify_watch_tree = -1;
380 static int hf_smb2_output_buffer_len = -1;
381 static int hf_smb2_notify_out_data = -1;
382 static int hf_smb2_notify_info = -1;
383 static int hf_smb2_notify_next_offset = -1;
384 static int hf_smb2_notify_action = -1;
385 static int hf_smb2_find_flags = -1;
386 static int hf_smb2_find_flags_restart_scans = -1;
387 static int hf_smb2_find_flags_single_entry = -1;
388 static int hf_smb2_find_flags_index_specified = -1;
389 static int hf_smb2_find_flags_reopen = -1;
390 static int hf_smb2_file_index = -1;
391 static int hf_smb2_file_directory_info = -1;
392 static int hf_smb2_both_directory_info = -1;
393 static int hf_smb2_short_name_len = -1;
394 static int hf_smb2_short_name = -1;
395 static int hf_smb2_id_both_directory_info = -1;
396 static int hf_smb2_full_directory_info = -1;
397 static int hf_smb2_lock_info = -1;
398 static int hf_smb2_lock_length = -1;
399 static int hf_smb2_lock_flags = -1;
400 static int hf_smb2_lock_flags_shared = -1;
401 static int hf_smb2_lock_flags_exclusive = -1;
402 static int hf_smb2_lock_flags_unlock = -1;
403 static int hf_smb2_lock_flags_fail_immediately = -1;
404 static int hf_smb2_dhnq_buffer_reserved = -1;
405 static int hf_smb2_dh2x_buffer_timeout = -1;
406 static int hf_smb2_dh2x_buffer_flags = -1;
407 static int hf_smb2_dh2x_buffer_flags_persistent_handle = -1;
408 static int hf_smb2_dh2x_buffer_reserved = -1;
409 static int hf_smb2_dh2x_buffer_create_guid = -1;
410 static int hf_smb2_APP_INSTANCE_buffer_struct_size = -1;
411 static int hf_smb2_APP_INSTANCE_buffer_reserved = -1;
412 static int hf_smb2_APP_INSTANCE_buffer_app_guid = -1;
413 static int hf_smb2_svhdx_open_device_context_version = -1;
414 static int hf_smb2_svhdx_open_device_context_has_initiator_id = -1;
415 static int hf_smb2_svhdx_open_device_context_reserved = -1;
416 static int hf_smb2_svhdx_open_device_context_initiator_id = -1;
417 static int hf_smb2_svhdx_open_device_context_flags = -1;
418 static int hf_smb2_svhdx_open_device_context_originator_flags = -1;
419 static int hf_smb2_svhdx_open_device_context_open_request_id = -1;
420 static int hf_smb2_svhdx_open_device_context_initiator_host_name_len = -1;
421 static int hf_smb2_svhdx_open_device_context_initiator_host_name = -1;
422 static int hf_smb2_svhdx_open_device_context_virtual_disk_properties_initialized = -1;
423 static int hf_smb2_svhdx_open_device_context_server_service_version = -1;
424 static int hf_smb2_svhdx_open_device_context_virtual_sector_size = -1;
425 static int hf_smb2_svhdx_open_device_context_physical_sector_size = -1;
426 static int hf_smb2_svhdx_open_device_context_virtual_size = -1;
427 static int hf_smb2_posix_v1_version = -1;
428 static int hf_smb2_posix_v1_request = -1;
429 static int hf_smb2_posix_v1_supported_features = -1;
430 static int hf_smb2_posix_v1_posix_lock = -1;
431 static int hf_smb2_posix_v1_posix_file_semantics = -1;
432 static int hf_smb2_posix_v1_posix_utf8_paths = -1;
433 static int hf_smb2_posix_v1_case_sensitive = -1;
434 static int hf_smb2_posix_v1_posix_will_convert_nt_acls = -1;
435 static int hf_smb2_posix_v1_posix_fileinfo = -1;
436 static int hf_smb2_posix_v1_posix_acls = -1;
437 static int hf_smb2_posix_v1_rich_acls = -1;
438 static int hf_smb2_aapl_command_code = -1;
439 static int hf_smb2_aapl_reserved = -1;
440 static int hf_smb2_aapl_server_query_bitmask = -1;
441 static int hf_smb2_aapl_server_query_bitmask_server_caps = -1;
442 static int hf_smb2_aapl_server_query_bitmask_volume_caps = -1;
443 static int hf_smb2_aapl_server_query_bitmask_model_info = -1;
444 static int hf_smb2_aapl_server_query_caps = -1;
445 static int hf_smb2_aapl_server_query_caps_supports_read_dir_attr = -1;
446 static int hf_smb2_aapl_server_query_caps_supports_osx_copyfile = -1;
447 static int hf_smb2_aapl_server_query_caps_unix_based = -1;
448 static int hf_smb2_aapl_server_query_caps_supports_nfs_ace = -1;
449 static int hf_smb2_aapl_server_query_volume_caps = -1;
450 static int hf_smb2_aapl_server_query_volume_caps_support_resolve_id = -1;
451 static int hf_smb2_aapl_server_query_volume_caps_case_sensitive = -1;
452 static int hf_smb2_aapl_server_query_volume_caps_supports_full_sync = -1;
453 static int hf_smb2_aapl_server_query_model_string = -1;
454 static int hf_smb2_aapl_server_query_server_path = -1;
455 static int hf_smb2_error_context_count = -1;
456 static int hf_smb2_error_reserved = -1;
457 static int hf_smb2_error_byte_count = -1;
458 static int hf_smb2_error_data = -1;
459 static int hf_smb2_reserved = -1;
460 static int hf_smb2_reserved_random = -1;
461 static int hf_smb2_transform_signature = -1;
462 static int hf_smb2_transform_nonce = -1;
463 static int hf_smb2_transform_msg_size = -1;
464 static int hf_smb2_transform_reserved = -1;
465 static int hf_smb2_encryption_aes128_ccm = -1;
466 static int hf_smb2_transform_enc_alg = -1;
467 static int hf_smb2_transform_encrypted_data = -1;
468 static int hf_smb2_server_component_smb2 = -1;
469 static int hf_smb2_server_component_smb2_transform = -1;
470 static int hf_smb2_truncated = -1;
471 static int hf_smb2_pipe_fragments = -1;
472 static int hf_smb2_pipe_fragment = -1;
473 static int hf_smb2_pipe_fragment_overlap = -1;
474 static int hf_smb2_pipe_fragment_overlap_conflict = -1;
475 static int hf_smb2_pipe_fragment_multiple_tails = -1;
476 static int hf_smb2_pipe_fragment_too_long_fragment = -1;
477 static int hf_smb2_pipe_fragment_error = -1;
478 static int hf_smb2_pipe_fragment_count = -1;
479 static int hf_smb2_pipe_reassembled_in = -1;
480 static int hf_smb2_pipe_reassembled_length = -1;
481 static int hf_smb2_pipe_reassembled_data = -1;
482 static int hf_smb2_cchunk_resume_key = -1;
483 static int hf_smb2_cchunk_count = -1;
484 static int hf_smb2_cchunk_src_offset = -1;
485 static int hf_smb2_cchunk_dst_offset = -1;
486 static int hf_smb2_cchunk_xfer_len = -1;
487 static int hf_smb2_cchunk_chunks_written = -1;
488 static int hf_smb2_cchunk_bytes_written = -1;
489 static int hf_smb2_cchunk_total_written = -1;
490 static int hf_smb2_symlink_error_response = -1;
491 static int hf_smb2_symlink_length = -1;
492 static int hf_smb2_symlink_error_tag = -1;
493 static int hf_smb2_SYMBOLIC_LINK_REPARSE_DATA_BUFFER = -1;
494 static int hf_smb2_reparse_tag = -1;
495 static int hf_smb2_reparse_data_length = -1;
496 static int hf_smb2_unparsed_path_length = -1;
497 static int hf_smb2_symlink_substitute_name = -1;
498 static int hf_smb2_symlink_print_name = -1;
499 static int hf_smb2_symlink_flags = -1;
501 static gint ett_smb2 = -1;
502 static gint ett_smb2_olb = -1;
503 static gint ett_smb2_ea = -1;
504 static gint ett_smb2_header = -1;
505 static gint ett_smb2_encrypted = -1;
506 static gint ett_smb2_command = -1;
507 static gint ett_smb2_secblob = -1;
508 static gint ett_smb2_negotiate_context_element = -1;
509 static gint ett_smb2_file_basic_info = -1;
510 static gint ett_smb2_file_standard_info = -1;
511 static gint ett_smb2_file_internal_info = -1;
512 static gint ett_smb2_file_ea_info = -1;
513 static gint ett_smb2_file_access_info = -1;
514 static gint ett_smb2_file_position_info = -1;
515 static gint ett_smb2_file_mode_info = -1;
516 static gint ett_smb2_file_alignment_info = -1;
517 static gint ett_smb2_file_all_info = -1;
518 static gint ett_smb2_file_allocation_info = -1;
519 static gint ett_smb2_file_endoffile_info = -1;
520 static gint ett_smb2_file_alternate_name_info = -1;
521 static gint ett_smb2_file_stream_info = -1;
522 static gint ett_smb2_file_pipe_info = -1;
523 static gint ett_smb2_file_compression_info = -1;
524 static gint ett_smb2_file_network_open_info = -1;
525 static gint ett_smb2_file_attribute_tag_info = -1;
526 static gint ett_smb2_file_rename_info = -1;
527 static gint ett_smb2_file_disposition_info = -1;
528 static gint ett_smb2_file_full_ea_info = -1;
529 static gint ett_smb2_fs_info_01 = -1;
530 static gint ett_smb2_fs_info_03 = -1;
531 static gint ett_smb2_fs_info_04 = -1;
532 static gint ett_smb2_fs_info_05 = -1;
533 static gint ett_smb2_fs_info_06 = -1;
534 static gint ett_smb2_fs_info_07 = -1;
535 static gint ett_smb2_fs_objectid_info = -1;
536 static gint ett_smb2_sec_info_00 = -1;
537 static gint ett_smb2_quota_info = -1;
538 static gint ett_smb2_query_quota_info = -1;
539 static gint ett_smb2_tid_tree = -1;
540 static gint ett_smb2_sesid_tree = -1;
541 static gint ett_smb2_create_chain_element = -1;
542 static gint ett_smb2_MxAc_buffer = -1;
543 static gint ett_smb2_QFid_buffer = -1;
544 static gint ett_smb2_RqLs_buffer = -1;
545 static gint ett_smb2_ioctl_function = -1;
546 static gint ett_smb2_FILE_OBJECTID_BUFFER = -1;
547 static gint ett_smb2_flags = -1;
548 static gint ett_smb2_sec_mode = -1;
549 static gint ett_smb2_capabilities = -1;
550 static gint ett_smb2_ses_req_flags = -1;
551 static gint ett_smb2_ses_flags = -1;
552 static gint ett_smb2_lease_state = -1;
553 static gint ett_smb2_lease_flags = -1;
554 static gint ett_smb2_share_flags = -1;
555 static gint ett_smb2_create_rep_flags = -1;
556 static gint ett_smb2_share_caps = -1;
557 static gint ett_smb2_ioctl_flags = -1;
558 static gint ett_smb2_ioctl_network_interface = -1;
559 static gint ett_smb2_ioctl_sqos_opeations = -1;
560 static gint ett_smb2_fsctl_range_data = -1;
561 static gint ett_windows_sockaddr = -1;
562 static gint ett_smb2_close_flags = -1;
563 static gint ett_smb2_notify_info = -1;
564 static gint ett_smb2_notify_flags = -1;
565 static gint ett_smb2_write_flags = -1;
566 static gint ett_smb2_rdma_v1 = -1;
567 static gint ett_smb2_DH2Q_buffer = -1;
568 static gint ett_smb2_DH2C_buffer = -1;
569 static gint ett_smb2_dh2x_flags = -1;
570 static gint ett_smb2_APP_INSTANCE_buffer = -1;
571 static gint ett_smb2_svhdx_open_device_context = -1;
572 static gint ett_smb2_posix_v1_request = -1;
573 static gint ett_smb2_posix_v1_response = -1;
574 static gint ett_smb2_posix_v1_supported_features = -1;
575 static gint ett_smb2_aapl_create_context_request = -1;
576 static gint ett_smb2_aapl_server_query_bitmask = -1;
577 static gint ett_smb2_aapl_server_query_caps = -1;
578 static gint ett_smb2_aapl_create_context_response = -1;
579 static gint ett_smb2_aapl_server_query_volume_caps = -1;
580 static gint ett_smb2_integrity_flags = -1;
581 static gint ett_smb2_find_flags = -1;
582 static gint ett_smb2_file_directory_info = -1;
583 static gint ett_smb2_both_directory_info = -1;
584 static gint ett_smb2_id_both_directory_info = -1;
585 static gint ett_smb2_full_directory_info = -1;
586 static gint ett_smb2_file_name_info = -1;
587 static gint ett_smb2_lock_info = -1;
588 static gint ett_smb2_lock_flags = -1;
589 static gint ett_smb2_transform_enc_alg = -1;
590 static gint ett_smb2_buffercode = -1;
591 static gint ett_smb2_ioctl_network_interface_capabilities = -1;
592 static gint ett_qfr_entry = -1;
593 static gint ett_smb2_pipe_fragment = -1;
594 static gint ett_smb2_pipe_fragments = -1;
595 static gint ett_smb2_cchunk_entry = -1;
596 static gint ett_smb2_fsctl_odx_token = -1;
597 static gint ett_smb2_symlink_error_response = -1;
598 static gint ett_smb2_SYMBOLIC_LINK_REPARSE_DATA_BUFFER = -1;
599 static gint ett_smb2_error_data = -1;
601 static expert_field ei_smb2_invalid_length = EI_INIT;
602 static expert_field ei_smb2_bad_response = EI_INIT;
604 static int smb2_tap = -1;
605 static int smb2_eo_tap = -1;
607 static dissector_handle_t gssapi_handle = NULL;
608 static dissector_handle_t ntlmssp_handle = NULL;
609 static dissector_handle_t rsvd_handle = NULL;
611 static heur_dissector_list_t smb2_pipe_subdissector_list;
613 static const fragment_items smb2_pipe_frag_items = {
614 &ett_smb2_pipe_fragment,
615 &ett_smb2_pipe_fragments,
616 &hf_smb2_pipe_fragments,
617 &hf_smb2_pipe_fragment,
618 &hf_smb2_pipe_fragment_overlap,
619 &hf_smb2_pipe_fragment_overlap_conflict,
620 &hf_smb2_pipe_fragment_multiple_tails,
621 &hf_smb2_pipe_fragment_too_long_fragment,
622 &hf_smb2_pipe_fragment_error,
623 &hf_smb2_pipe_fragment_count,
624 &hf_smb2_pipe_reassembled_in,
625 &hf_smb2_pipe_reassembled_length,
626 &hf_smb2_pipe_reassembled_data,
630 #define SMB2_CLASS_FILE_INFO 0x01
631 #define SMB2_CLASS_FS_INFO 0x02
632 #define SMB2_CLASS_SEC_INFO 0x03
633 #define SMB2_CLASS_QUOTA_INFO 0x04
634 #define SMB2_CLASS_POSIX_INFO 0x80
635 static const value_string smb2_class_vals[] = {
636 { SMB2_CLASS_FILE_INFO, "FILE_INFO"},
637 { SMB2_CLASS_FS_INFO, "FS_INFO"},
638 { SMB2_CLASS_SEC_INFO, "SEC_INFO"},
639 { SMB2_CLASS_QUOTA_INFO, "QUOTA_INFO"},
640 { SMB2_CLASS_POSIX_INFO, "POSIX_INFO"},
644 #define SMB2_SHARE_TYPE_DISK 0x01
645 #define SMB2_SHARE_TYPE_PIPE 0x02
646 #define SMB2_SHARE_TYPE_PRINT 0x03
647 static const value_string smb2_share_type_vals[] = {
648 { SMB2_SHARE_TYPE_DISK, "Physical disk" },
649 { SMB2_SHARE_TYPE_PIPE, "Named pipe" },
650 { SMB2_SHARE_TYPE_PRINT, "Printer" },
655 #define SMB2_FILE_BASIC_INFO 0x04
656 #define SMB2_FILE_STANDARD_INFO 0x05
657 #define SMB2_FILE_INTERNAL_INFO 0x06
658 #define SMB2_FILE_EA_INFO 0x07
659 #define SMB2_FILE_ACCESS_INFO 0x08
660 #define SMB2_FILE_RENAME_INFO 0x0a
661 #define SMB2_FILE_DISPOSITION_INFO 0x0d
662 #define SMB2_FILE_POSITION_INFO 0x0e
663 #define SMB2_FILE_FULL_EA_INFO 0x0f
664 #define SMB2_FILE_MODE_INFO 0x10
665 #define SMB2_FILE_ALIGNMENT_INFO 0x11
666 #define SMB2_FILE_ALL_INFO 0x12
667 #define SMB2_FILE_ALLOCATION_INFO 0x13
668 #define SMB2_FILE_ENDOFFILE_INFO 0x14
669 #define SMB2_FILE_ALTERNATE_NAME_INFO 0x15
670 #define SMB2_FILE_STREAM_INFO 0x16
671 #define SMB2_FILE_PIPE_INFO 0x17
672 #define SMB2_FILE_COMPRESSION_INFO 0x1c
673 #define SMB2_FILE_NETWORK_OPEN_INFO 0x22
674 #define SMB2_FILE_ATTRIBUTE_TAG_INFO 0x23
676 static const value_string smb2_file_info_levels[] = {
677 {SMB2_FILE_BASIC_INFO, "SMB2_FILE_BASIC_INFO" },
678 {SMB2_FILE_STANDARD_INFO, "SMB2_FILE_STANDARD_INFO" },
679 {SMB2_FILE_INTERNAL_INFO, "SMB2_FILE_INTERNAL_INFO" },
680 {SMB2_FILE_EA_INFO, "SMB2_FILE_EA_INFO" },
681 {SMB2_FILE_ACCESS_INFO, "SMB2_FILE_ACCESS_INFO" },
682 {SMB2_FILE_RENAME_INFO, "SMB2_FILE_RENAME_INFO" },
683 {SMB2_FILE_DISPOSITION_INFO, "SMB2_FILE_DISPOSITION_INFO" },
684 {SMB2_FILE_POSITION_INFO, "SMB2_FILE_POSITION_INFO" },
685 {SMB2_FILE_FULL_EA_INFO, "SMB2_FILE_FULL_EA_INFO" },
686 {SMB2_FILE_MODE_INFO, "SMB2_FILE_MODE_INFO" },
687 {SMB2_FILE_ALIGNMENT_INFO, "SMB2_FILE_ALIGNMENT_INFO" },
688 {SMB2_FILE_ALL_INFO, "SMB2_FILE_ALL_INFO" },
689 {SMB2_FILE_ALLOCATION_INFO, "SMB2_FILE_ALLOCATION_INFO" },
690 {SMB2_FILE_ENDOFFILE_INFO, "SMB2_FILE_ENDOFFILE_INFO" },
691 {SMB2_FILE_ALTERNATE_NAME_INFO, "SMB2_FILE_ALTERNATE_NAME_INFO" },
692 {SMB2_FILE_STREAM_INFO, "SMB2_FILE_STREAM_INFO" },
693 {SMB2_FILE_PIPE_INFO, "SMB2_FILE_PIPE_INFO" },
694 {SMB2_FILE_COMPRESSION_INFO, "SMB2_FILE_COMPRESSION_INFO" },
695 {SMB2_FILE_NETWORK_OPEN_INFO, "SMB2_FILE_NETWORK_OPEN_INFO" },
696 {SMB2_FILE_ATTRIBUTE_TAG_INFO, "SMB2_FILE_ATTRIBUTE_TAG_INFO" },
699 static value_string_ext smb2_file_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_file_info_levels);
703 #define SMB2_FS_INFO_01 0x01
704 #define SMB2_FS_LABEL_INFO 0x02
705 #define SMB2_FS_INFO_03 0x03
706 #define SMB2_FS_INFO_04 0x04
707 #define SMB2_FS_INFO_05 0x05
708 #define SMB2_FS_INFO_06 0x06
709 #define SMB2_FS_INFO_07 0x07
710 #define SMB2_FS_OBJECTID_INFO 0x08
711 #define SMB2_FS_DRIVER_PATH_INFO 0x09
712 #define SMB2_FS_VOLUME_FLAGS_INFO 0x0a
713 #define SMB2_FS_SECTOR_SIZE_INFO 0x0b
715 static const value_string smb2_fs_info_levels[] = {
716 {SMB2_FS_INFO_01, "FileFsVolumeInformation" },
717 {SMB2_FS_LABEL_INFO, "FileFsLabelInformation" },
718 {SMB2_FS_INFO_03, "FileFsSizeInformation" },
719 {SMB2_FS_INFO_04, "FileFsDeviceInformation" },
720 {SMB2_FS_INFO_05, "FileFsAttributeInformation" },
721 {SMB2_FS_INFO_06, "FileFsControlInformation" },
722 {SMB2_FS_INFO_07, "FileFsFullSizeInformation" },
723 {SMB2_FS_OBJECTID_INFO, "FileFsObjectIdInformation" },
724 {SMB2_FS_DRIVER_PATH_INFO, "FileFsDriverPathInformation" },
725 {SMB2_FS_VOLUME_FLAGS_INFO, "FileFsVolumeFlagsInformation" },
726 {SMB2_FS_SECTOR_SIZE_INFO, "FileFsSectorSizeInformation" },
729 static value_string_ext smb2_fs_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_fs_info_levels);
731 #define SMB2_SEC_INFO_00 0x00
732 static const value_string smb2_sec_info_levels[] = {
733 {SMB2_SEC_INFO_00, "SMB2_SEC_INFO_00" },
736 static value_string_ext smb2_sec_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_sec_info_levels);
738 static const value_string smb2_posix_info_levels[] = {
739 { 0, "QueryFileUnixBasic" },
740 { 1, "QueryFileUnixLink" },
741 { 3, "QueryFileUnixHLink" },
742 { 5, "QueryFileUnixXAttr" },
743 { 0x0B, "QueryFileUnixInfo2" },
747 static value_string_ext smb2_posix_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_posix_info_levels);
749 #define SMB2_FIND_DIRECTORY_INFO 0x01
750 #define SMB2_FIND_FULL_DIRECTORY_INFO 0x02
751 #define SMB2_FIND_BOTH_DIRECTORY_INFO 0x03
752 #define SMB2_FIND_INDEX_SPECIFIED 0x04
753 #define SMB2_FIND_NAME_INFO 0x0C
754 #define SMB2_FIND_ID_BOTH_DIRECTORY_INFO 0x25
755 #define SMB2_FIND_ID_FULL_DIRECTORY_INFO 0x26
756 static const value_string smb2_find_info_levels[] = {
757 { SMB2_FIND_DIRECTORY_INFO, "SMB2_FIND_DIRECTORY_INFO" },
758 { SMB2_FIND_FULL_DIRECTORY_INFO, "SMB2_FIND_FULL_DIRECTORY_INFO" },
759 { SMB2_FIND_BOTH_DIRECTORY_INFO, "SMB2_FIND_BOTH_DIRECTORY_INFO" },
760 { SMB2_FIND_INDEX_SPECIFIED, "SMB2_FIND_INDEX_SPECIFIED" },
761 { SMB2_FIND_NAME_INFO, "SMB2_FIND_NAME_INFO" },
762 { SMB2_FIND_ID_BOTH_DIRECTORY_INFO, "SMB2_FIND_ID_BOTH_DIRECTORY_INFO" },
763 { SMB2_FIND_ID_FULL_DIRECTORY_INFO, "SMB2_FIND_ID_FULL_DIRECTORY_INFO" },
767 #define SMB2_PREAUTH_INTEGRITY_CAPABILITIES 0x0001
768 #define SMB2_ENCRYPTION_CAPABILITIES 0x0002
769 static const value_string smb2_negotiate_context_types[] = {
770 { SMB2_PREAUTH_INTEGRITY_CAPABILITIES, "SMB2_PREAUTH_INTEGRITY_CAPABILITIES" },
771 { SMB2_ENCRYPTION_CAPABILITIES, "SMB2_ENCRYPTION_CAPABILITIES" },
775 #define SMB2_HASH_ALGORITHM_SHA_512 0x0001
776 static const value_string smb2_hash_algorithm_types[] = {
777 { SMB2_HASH_ALGORITHM_SHA_512, "SHA-512" },
781 #define SMB2_CIPHER_AES_128_CCM 0x0001
782 #define SMB2_CIPHER_AES_128_GCM 0x0002
783 static const value_string smb2_cipher_types[] = {
784 { SMB2_CIPHER_AES_128_CCM, "AES-128-CCM" },
785 { SMB2_CIPHER_AES_128_GCM, "AES-128-GCM" },
789 #define SMB2_NUM_PROCEDURES 256
792 smb2stat_init(struct register_srt* srt _U_, GArray* srt_array, srt_gui_init_cb gui_callback, void* gui_data)
794 srt_stat_table *smb2_srt_table;
797 smb2_srt_table = init_srt_table("SMB2", NULL, srt_array, SMB2_NUM_PROCEDURES, "Commands", "smb2.cmd", gui_callback, gui_data, NULL);
798 for (i = 0; i < SMB2_NUM_PROCEDURES; i++)
800 init_srt_table_row(smb2_srt_table, i, val_to_str_ext_const(i, &smb2_cmd_vals_ext, "<unknown>"));
805 smb2stat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv)
808 srt_stat_table *smb2_srt_table;
809 srt_data_t *data = (srt_data_t *)pss;
810 const smb2_info_t *si=(const smb2_info_t *)prv;
812 /* we are only interested in response packets */
813 if(!(si->flags&SMB2_FLAGS_RESPONSE)){
816 /* if we haven't seen the request, just ignore it */
821 /* SMB2 SRT can be very inaccurate in the presence of retransmissions. Retransmitted responses
822 * not only add additional (bogus) transactions but also the latency associated with them.
823 * This can greatly inflate the maximum and average SRT stats especially in the case of
824 * retransmissions triggered by the expiry of the rexmit timer (RTOs). Only calculating SRT
825 * for the last received response accomplishes this goal without requiring the TCP pref
826 * "Do not call subdissectors for error packets" to be set. */
827 if ((si->saved->frame_req == 0) || (si->saved->frame_res != pinfo->num))
830 smb2_srt_table = g_array_index(data->srt_array, srt_stat_table*, i);
831 add_srt_table_data(smb2_srt_table, si->opcode, &si->saved->req_time, pinfo);
836 static const gint8 zeros[NTLMSSP_KEY_LEN] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
838 /* ExportObject preferences variable */
839 gboolean eosmb2_take_name_as_fid = FALSE ;
841 /* unmatched smb_saved_info structures.
842 For unmatched smb_saved_info structures we store the smb_saved_info
843 structure using the msg_id field.
846 smb2_saved_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
848 const smb2_saved_info_t *key1 = (const smb2_saved_info_t *)k1;
849 const smb2_saved_info_t *key2 = (const smb2_saved_info_t *)k2;
850 return key1->msg_id == key2->msg_id;
853 smb2_saved_info_hash_unmatched(gconstpointer k)
855 const smb2_saved_info_t *key = (const smb2_saved_info_t *)k;
858 hash = (guint32) (key->msg_id&0xffffffff);
862 /* matched smb_saved_info structures.
863 For matched smb_saved_info structures we store the smb_saved_info
864 structure using the msg_id field.
867 smb2_saved_info_equal_matched(gconstpointer k1, gconstpointer k2)
869 const smb2_saved_info_t *key1 = (const smb2_saved_info_t *)k1;
870 const smb2_saved_info_t *key2 = (const smb2_saved_info_t *)k2;
871 return key1->msg_id == key2->msg_id;
874 smb2_saved_info_hash_matched(gconstpointer k)
876 const smb2_saved_info_t *key = (const smb2_saved_info_t *)k;
879 hash = (guint32) (key->msg_id&0xffffffff);
883 /* For Tids of a specific conversation.
884 This keeps track of tid->sharename mappings and other information about the
887 We might need to refine this if it occurs that tids are reused on a single
888 conversation. we don't worry about that yet for simplicity
891 smb2_tid_info_equal(gconstpointer k1, gconstpointer k2)
893 const smb2_tid_info_t *key1 = (const smb2_tid_info_t *)k1;
894 const smb2_tid_info_t *key2 = (const smb2_tid_info_t *)k2;
895 return key1->tid == key2->tid;
898 smb2_tid_info_hash(gconstpointer k)
900 const smb2_tid_info_t *key = (const smb2_tid_info_t *)k;
907 /* For Uids of a specific conversation.
908 This keeps track of uid->acct_name mappings and other information about the
911 We might need to refine this if it occurs that uids are reused on a single
912 conversation. we don't worry about that yet for simplicity
915 smb2_sesid_info_equal(gconstpointer k1, gconstpointer k2)
917 const smb2_sesid_info_t *key1 = (const smb2_sesid_info_t *)k1;
918 const smb2_sesid_info_t *key2 = (const smb2_sesid_info_t *)k2;
919 return key1->sesid == key2->sesid;
922 smb2_sesid_info_hash(gconstpointer k)
924 const smb2_sesid_info_t *key = (const smb2_sesid_info_t *)k;
927 hash = (guint32)( ((key->sesid>>32)&0xffffffff)+((key->sesid)&0xffffffff) );
932 * For File IDs of a specific conversation.
933 * This keeps track of fid to name mapping and application level conversations
936 * This handles implementation bugs, where the fid_persitent is 0 or
937 * the fid_persitent/fid_volative is not unique per conversation.
940 smb2_fid_info_equal(gconstpointer k1, gconstpointer k2)
942 const smb2_fid_info_t *key1 = (const smb2_fid_info_t *)k1;
943 const smb2_fid_info_t *key2 = (const smb2_fid_info_t *)k2;
945 if (key1->fid_persistent != key2->fid_persistent) {
949 if (key1->fid_volatile != key2->fid_volatile) {
953 if (key1->sesid != key2->sesid) {
957 if (key1->tid != key2->tid) {
965 smb2_fid_info_hash(gconstpointer k)
967 const smb2_fid_info_t *key = (const smb2_fid_info_t *)k;
970 if (key->fid_persistent != 0) {
971 hash = (guint32)( ((key->fid_persistent>>32)&0xffffffff)+((key->fid_persistent)&0xffffffff) );
973 hash = (guint32)( ((key->fid_volatile>>32)&0xffffffff)+((key->fid_volatile)&0xffffffff) );
979 /* Callback for destroying the glib hash tables associated with a conversation
982 smb2_conv_destroy(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_,
985 smb2_conv_info_t *conv = (smb2_conv_info_t *)user_data;
987 g_hash_table_destroy(conv->matched);
988 g_hash_table_destroy(conv->unmatched);
989 g_hash_table_destroy(conv->fids);
990 g_hash_table_destroy(conv->sesids);
991 g_hash_table_destroy(conv->files);
993 /* This conversation is gone, return FALSE to indicate we don't
994 * want to be called again for this conversation. */
998 static void smb2_key_derivation(const guint8 *KI, guint32 KI_len,
999 const guint8 *Label, guint32 Label_len,
1000 const guint8 *Context, guint32 Context_len,
1003 gcry_md_hd_t hd = NULL;
1005 guint8 *digest = NULL;
1008 * a simplified version of
1009 * "NIST Special Publication 800-108" section 5.1
1010 * using hmac-sha256.
1012 gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
1013 gcry_md_setkey(hd, KI, KI_len);
1015 memset(buf, 0, sizeof(buf));
1017 gcry_md_write(hd, buf, sizeof(buf));
1018 gcry_md_write(hd, Label, Label_len);
1019 gcry_md_write(hd, buf, 1);
1020 gcry_md_write(hd, Context, Context_len);
1022 gcry_md_write(hd, buf, sizeof(buf));
1024 digest = gcry_md_read(hd, GCRY_MD_SHA256);
1026 memcpy(KO, digest, 16);
1031 /* for export-object-smb2 */
1032 static gchar *policy_hnd_to_file_id(const e_ctx_hnd *hnd) {
1034 file_id = wmem_strdup_printf(wmem_packet_scope(),
1035 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
1046 hnd->uuid.data4[7]);
1049 static guint smb2_eo_files_hash(gconstpointer k) {
1050 return g_str_hash(policy_hnd_to_file_id((const e_ctx_hnd *)k));
1052 static gint smb2_eo_files_equal(gconstpointer k1, gconstpointer k2) {
1054 const e_ctx_hnd *key1 = (const e_ctx_hnd *)k1;
1055 const e_ctx_hnd *key2 = (const e_ctx_hnd *)k2;
1057 are_equal = (key1->uuid.data1==key2->uuid.data1 &&
1058 key1->uuid.data2==key2->uuid.data2 &&
1059 key1->uuid.data3==key2->uuid.data3 &&
1060 key1->uuid.data4[0]==key2->uuid.data4[0] &&
1061 key1->uuid.data4[1]==key2->uuid.data4[1] &&
1062 key1->uuid.data4[2]==key2->uuid.data4[2] &&
1063 key1->uuid.data4[3]==key2->uuid.data4[3] &&
1064 key1->uuid.data4[4]==key2->uuid.data4[4] &&
1065 key1->uuid.data4[5]==key2->uuid.data4[5] &&
1066 key1->uuid.data4[6]==key2->uuid.data4[6] &&
1067 key1->uuid.data4[7]==key2->uuid.data4[7]);
1073 feed_eo_smb2(tvbuff_t * tvb,packet_info *pinfo,smb2_info_t * si, guint16 dataoffset,guint32 length, guint64 file_offset) {
1075 char *fid_name = NULL;
1076 guint32 open_frame = 0, close_frame = 0;
1077 tvbuff_t *data_tvb = NULL;
1081 gchar **aux_string_v;
1083 /* Create a new tvb to point to the payload data */
1084 data_tvb = tvb_new_subset_length(tvb, dataoffset, length);
1085 /* Create the eo_info to pass to the listener */
1086 eo_info = wmem_new(wmem_packet_scope(), smb_eo_t);
1087 /* Fill in eo_info */
1088 eo_info->smbversion=2;
1090 eo_info->cmd=si->opcode;
1091 /* We don't keep track of uid in SMB v2 */
1094 /* Try to get file id and filename */
1095 file_id=policy_hnd_to_file_id(&si->saved->policy_hnd);
1096 dcerpc_fetch_polhnd_data(&si->saved->policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->num);
1097 if (fid_name && g_strcmp0(fid_name,"File: ")!=0) {
1099 /* Remove "File: " from filename */
1100 if (g_str_has_prefix(auxstring, "File: ")) {
1101 aux_string_v = g_strsplit(auxstring, "File: ", -1);
1102 eo_info->filename = wmem_strdup_printf(wmem_packet_scope(), "\\%s",aux_string_v[g_strv_length(aux_string_v)-1]);
1103 g_strfreev(aux_string_v);
1105 if (g_str_has_prefix(auxstring, "\\")) {
1106 eo_info->filename = wmem_strdup(wmem_packet_scope(), auxstring);
1108 eo_info->filename = wmem_strdup_printf(wmem_packet_scope(), "\\%s",auxstring);
1112 auxstring=wmem_strdup_printf(wmem_packet_scope(), "File_Id_%s", file_id);
1113 eo_info->filename=auxstring;
1118 if (eosmb2_take_name_as_fid) {
1119 eo_info->fid = g_str_hash(eo_info->filename);
1121 eo_info->fid = g_str_hash(file_id);
1124 /* tid, hostname, tree_id */
1126 eo_info->tid=si->tree->tid;
1127 if (strlen(si->tree->name)>0 && strlen(si->tree->name)<=256) {
1128 eo_info->hostname = wmem_strdup(wmem_packet_scope(), si->tree->name);
1130 eo_info->hostname = wmem_strdup_printf(wmem_packet_scope(), "\\\\%s\\TREEID_%i",tree_ip_str(pinfo,si->opcode),si->tree->tid);
1134 eo_info->hostname = wmem_strdup_printf(wmem_packet_scope(), "\\\\%s\\TREEID_UNKNOWN",tree_ip_str(pinfo,si->opcode));
1138 eo_info->pkt_num = pinfo->num;
1141 if (si->eo_file_info->attr_mask & SMB2_FLAGS_ATTR_DIRECTORY) {
1142 eo_info->fid_type=SMB2_FID_TYPE_DIR;
1144 if (si->eo_file_info->attr_mask &
1145 (SMB2_FLAGS_ATTR_ARCHIVE | SMB2_FLAGS_ATTR_NORMAL |
1146 SMB2_FLAGS_ATTR_HIDDEN | SMB2_FLAGS_ATTR_READONLY |
1147 SMB2_FLAGS_ATTR_SYSTEM) ) {
1148 eo_info->fid_type=SMB2_FID_TYPE_FILE;
1150 eo_info->fid_type=SMB2_FID_TYPE_OTHER;
1155 eo_info->end_of_file=si->eo_file_info->end_of_file;
1157 /* data offset and chunk length */
1158 eo_info->smb_file_offset=file_offset;
1159 eo_info->smb_chunk_len=length;
1160 /* XXX is this right? */
1161 if (length<si->saved->bytes_moved) {
1162 si->saved->file_offset=si->saved->file_offset+length;
1163 si->saved->bytes_moved=si->saved->bytes_moved-length;
1167 eo_info->payload_len = length;
1168 eo_info->payload_data = tvb_get_ptr(data_tvb, 0, length);
1170 tap_queue_packet(smb2_eo_tap, pinfo, eo_info);
1174 static int dissect_smb2_file_full_ea_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, smb2_info_t *si);
1177 /* This is a helper to dissect the common string type
1183 * This function is called twice, first to decode the offset/length and
1184 * second time to dissect the actual string.
1185 * It is done this way since there is no guarantee that we have the full packet and we don't
1186 * want to abort dissection too early if the packet ends somewhere between the
1187 * length/offset and the actual buffer.
1190 enum offset_length_buffer_offset_size {
1191 OLB_O_UINT16_S_UINT16,
1192 OLB_O_UINT16_S_UINT32,
1193 OLB_O_UINT32_S_UINT32,
1194 OLB_S_UINT32_O_UINT32
1196 typedef struct _offset_length_buffer_t {
1201 enum offset_length_buffer_offset_size offset_size;
1203 } offset_length_buffer_t;
1205 dissect_smb2_olb_length_offset(tvbuff_t *tvb, int offset, offset_length_buffer_t *olb,
1206 enum offset_length_buffer_offset_size offset_size, int hfindex)
1208 olb->hfindex = hfindex;
1209 olb->offset_size = offset_size;
1210 switch (offset_size) {
1211 case OLB_O_UINT16_S_UINT16:
1212 olb->off = tvb_get_letohs(tvb, offset);
1213 olb->off_offset = offset;
1215 olb->len = tvb_get_letohs(tvb, offset);
1216 olb->len_offset = offset;
1219 case OLB_O_UINT16_S_UINT32:
1220 olb->off = tvb_get_letohs(tvb, offset);
1221 olb->off_offset = offset;
1223 olb->len = tvb_get_letohl(tvb, offset);
1224 olb->len_offset = offset;
1227 case OLB_O_UINT32_S_UINT32:
1228 olb->off = tvb_get_letohl(tvb, offset);
1229 olb->off_offset = offset;
1231 olb->len = tvb_get_letohl(tvb, offset);
1232 olb->len_offset = offset;
1235 case OLB_S_UINT32_O_UINT32:
1236 olb->len = tvb_get_letohl(tvb, offset);
1237 olb->len_offset = offset;
1239 olb->off = tvb_get_letohl(tvb, offset);
1240 olb->off_offset = offset;
1248 #define OLB_TYPE_UNICODE_STRING 0x01
1249 #define OLB_TYPE_ASCII_STRING 0x02
1251 dissect_smb2_olb_off_string(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, offset_length_buffer_t *olb, int base, int type)
1254 proto_item *item = NULL;
1255 proto_tree *tree = NULL;
1256 const char *name = NULL;
1265 bc = tvb_captured_length_remaining(tvb, offset);
1269 tvb_ensure_bytes_exist(tvb, off, len);
1271 || ((off+len)>(off+tvb_reported_length_remaining(tvb, off)))) {
1272 proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
1273 "Invalid offset/length. Malformed packet");
1275 col_append_str(pinfo->cinfo, COL_INFO, " [Malformed packet]");
1282 case OLB_TYPE_UNICODE_STRING:
1283 name = get_unicode_or_ascii_string(tvb, &off,
1284 TRUE, &len, TRUE, TRUE, &bc);
1289 item = proto_tree_add_string(parent_tree, olb->hfindex, tvb, offset, len, name);
1290 tree = proto_item_add_subtree(item, ett_smb2_olb);
1293 case OLB_TYPE_ASCII_STRING:
1294 name = get_unicode_or_ascii_string(tvb, &off,
1295 FALSE, &len, TRUE, TRUE, &bc);
1300 item = proto_tree_add_string(parent_tree, olb->hfindex, tvb, offset, len, name);
1301 tree = proto_item_add_subtree(item, ett_smb2_olb);
1306 switch (olb->offset_size) {
1307 case OLB_O_UINT16_S_UINT16:
1308 proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 2, ENC_LITTLE_ENDIAN);
1309 proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 2, ENC_LITTLE_ENDIAN);
1311 case OLB_O_UINT16_S_UINT32:
1312 proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 2, ENC_LITTLE_ENDIAN);
1313 proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
1315 case OLB_O_UINT32_S_UINT32:
1316 proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 4, ENC_LITTLE_ENDIAN);
1317 proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
1319 case OLB_S_UINT32_O_UINT32:
1320 proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
1321 proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 4, ENC_LITTLE_ENDIAN);
1329 dissect_smb2_olb_string(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, offset_length_buffer_t *olb, int type)
1331 return dissect_smb2_olb_off_string(pinfo, parent_tree, tvb, olb, 0, type);
1335 dissect_smb2_olb_buffer(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb,
1336 offset_length_buffer_t *olb, smb2_info_t *si,
1337 void (*dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si))
1340 proto_item *sub_item = NULL;
1341 proto_tree *sub_tree = NULL;
1342 tvbuff_t *sub_tvb = NULL;
1350 tvb_ensure_bytes_exist(tvb, off, len);
1352 || ((off+len)>(off+tvb_reported_length_remaining(tvb, off)))) {
1353 proto_tree_add_expert_format(parent_tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
1354 "Invalid offset/length. Malformed packet");
1356 col_append_str(pinfo->cinfo, COL_INFO, " [Malformed packet]");
1361 /* if we don't want/need a subtree */
1362 if (olb->hfindex == -1) {
1363 sub_item = parent_tree;
1364 sub_tree = parent_tree;
1367 sub_item = proto_tree_add_item(parent_tree, olb->hfindex, tvb, offset, len, ENC_NA);
1368 sub_tree = proto_item_add_subtree(sub_item, ett_smb2_olb);
1372 switch (olb->offset_size) {
1373 case OLB_O_UINT16_S_UINT16:
1374 proto_tree_add_item(sub_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 2, ENC_LITTLE_ENDIAN);
1375 proto_tree_add_item(sub_tree, hf_smb2_olb_length, tvb, olb->len_offset, 2, ENC_LITTLE_ENDIAN);
1377 case OLB_O_UINT16_S_UINT32:
1378 proto_tree_add_item(sub_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 2, ENC_LITTLE_ENDIAN);
1379 proto_tree_add_item(sub_tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
1381 case OLB_O_UINT32_S_UINT32:
1382 proto_tree_add_item(sub_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 4, ENC_LITTLE_ENDIAN);
1383 proto_tree_add_item(sub_tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
1385 case OLB_S_UINT32_O_UINT32:
1386 proto_tree_add_item(sub_tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
1387 proto_tree_add_item(sub_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 4, ENC_LITTLE_ENDIAN);
1391 if (off == 0 || len == 0) {
1392 proto_item_append_text(sub_item, ": NO DATA");
1400 sub_tvb = tvb_new_subset_length_caplen(tvb, off, MIN((int)len, tvb_captured_length_remaining(tvb, off)), len);
1402 dissector(sub_tvb, pinfo, sub_tree, si);
1406 dissect_smb2_olb_tvb_max_offset(int offset, offset_length_buffer_t *olb)
1408 if (olb->off == 0) {
1411 return MAX(offset, (int)(olb->off + olb->len));
1414 typedef struct _smb2_function {
1415 int (*request) (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si);
1416 int (*response)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si);
1419 static const true_false_string tfs_smb2_svhdx_has_initiator_id = {
1420 "Has an initiator id",
1421 "Does not have an initiator id"
1424 static const true_false_string tfs_flags_response = {
1425 "This is a RESPONSE",
1429 static const true_false_string tfs_flags_async_cmd = {
1430 "This is an ASYNC command",
1431 "This is a SYNC command"
1434 static const true_false_string tfs_flags_dfs_op = {
1435 "This is a DFS OPERATION",
1436 "This is a normal operation"
1439 static const true_false_string tfs_flags_chained = {
1440 "This pdu a CHAINED command",
1441 "This pdu is NOT a chained command"
1444 static const true_false_string tfs_flags_signature = {
1445 "This pdu is SIGNED",
1446 "This pdu is NOT signed"
1449 static const true_false_string tfs_flags_replay_operation = {
1450 "This is a REPLAY OPEARATION",
1451 "This is NOT a replay operation"
1454 static const true_false_string tfs_flags_priority_mask = {
1455 "This pdu contains a PRIORITY",
1456 "This pdu does NOT contain a PRIORITY1"
1459 static const true_false_string tfs_cap_dfs = {
1460 "This host supports DFS",
1461 "This host does NOT support DFS"
1464 static const true_false_string tfs_cap_leasing = {
1465 "This host supports LEASING",
1466 "This host does NOT support LEASING"
1469 static const true_false_string tfs_cap_large_mtu = {
1470 "This host supports LARGE_MTU",
1471 "This host does NOT support LARGE_MTU"
1474 static const true_false_string tfs_cap_multi_channel = {
1475 "This host supports MULTI CHANNEL",
1476 "This host does NOT support MULTI CHANNEL"
1479 static const true_false_string tfs_cap_persistent_handles = {
1480 "This host supports PERSISTENT HANDLES",
1481 "This host does NOT support PERSISTENT HANDLES"
1484 static const true_false_string tfs_cap_directory_leasing = {
1485 "This host supports DIRECTORY LEASING",
1486 "This host does NOT support DIRECTORY LEASING"
1489 static const true_false_string tfs_cap_encryption = {
1490 "This host supports ENCRYPTION",
1491 "This host does NOT support ENCRYPTION"
1494 static const true_false_string tfs_smb2_ioctl_network_interface_capability_rss = {
1495 "This interface supports RSS",
1496 "This interface does not support RSS"
1499 static const true_false_string tfs_smb2_ioctl_network_interface_capability_rdma = {
1500 "This interface supports RDMA",
1501 "This interface does not support RDMA"
1504 static const value_string file_region_usage_vals[] = {
1505 { 0x00000001, "FILE_REGION_USAGE_VALID_CACHED_DATA" },
1509 static const value_string originator_flags_vals[] = {
1510 { 1, "SVHDX_ORIGINATOR_PVHDPARSER" },
1511 { 4, "SVHDX_ORIGINATOR_VHDMP" },
1515 static const value_string posix_locks_vals[] = {
1516 { 1, "POSIX_V1_POSIX_LOCK" },
1520 static const value_string posix_utf8_paths_vals[] = {
1521 { 1, "POSIX_V1_UTF8_PATHS" },
1525 static const value_string posix_file_semantics_vals[] = {
1526 { 1, "POSIX_V1_POSIX_FILE_SEMANTICS" },
1530 static const value_string posix_case_sensitive_vals[] = {
1531 { 1, "POSIX_V1_CASE_SENSITIVE" },
1535 static const value_string posix_will_convert_ntacls_vals[] = {
1536 { 1, "POSIX_V1_WILL_CONVERT_NT_ACLS" },
1540 static const value_string posix_fileinfo_vals[] = {
1541 { 1, "POSIX_V1_POSIX_FILEINFO" },
1545 static const value_string posix_acls_vals[] = {
1546 { 1, "POSIX_V1_POSIX_ACLS" },
1550 static const value_string posix_rich_acls_vals[] = {
1551 { 1, "POSIX_V1_RICH_ACLS" },
1555 static const value_string compression_format_vals[] = {
1556 { 0, "COMPRESSION_FORMAT_NONE" },
1557 { 1, "COMPRESSION_FORMAT_DEFAULT" },
1558 { 2, "COMPRESSION_FORMAT_LZNT1" },
1562 static const value_string checksum_algorithm_vals[] = {
1563 { 0x0000, "CHECKSUM_TYPE_NONE" },
1564 { 0x0002, "CHECKSUM_TYPE_CRC64" },
1565 { 0xFFFF, "CHECKSUM_TYPE_UNCHANGED" },
1569 /* Note: All uncommented are "dissector not implemented" */
1570 static const value_string smb2_ioctl_vals[] = {
1571 {0x00060194, "FSCTL_DFS_GET_REFERRALS"}, /* dissector implemented */
1572 {0x000601B0, "FSCTL_DFS_GET_REFERRALS_EX"},
1573 {0x00090000, "FSCTL_REQUEST_OPLOCK_LEVEL_1"},
1574 {0x00090004, "FSCTL_REQUEST_OPLOCK_LEVEL_2"},
1575 {0x00090008, "FSCTL_REQUEST_BATCH_OPLOCK"},
1576 {0x0009000C, "FSCTL_OPLOCK_BREAK_ACKNOWLEDGE"},
1577 {0x00090010, "FSCTL_OPBATCH_ACK_CLOSE_PENDING"},
1578 {0x00090014, "FSCTL_OPLOCK_BREAK_NOTIFY"},
1579 {0x00090018, "FSCTL_LOCK_VOLUME"},
1580 {0x0009001C, "FSCTL_UNLOCK_VOLUME"},
1581 {0x00090020, "FSCTL_DISMOUNT_VOLUME"},
1582 {0x00090028, "FSCTL_IS_VOLUME_MOUNTED"},
1583 {0x0009002C, "FSCTL_IS_PATHNAME_VALID"},
1584 {0x00090030, "FSCTL_MARK_VOLUME_DIRTY"},
1585 {0x0009003B, "FSCTL_QUERY_RETRIEVAL_POINTERS"},
1586 {0x0009003C, "FSCTL_GET_COMPRESSION"}, /* dissector implemented */
1587 {0x0009004F, "FSCTL_MARK_AS_SYSTEM_HIVE"},
1588 {0x00090050, "FSCTL_OPLOCK_BREAK_ACK_NO_2"},
1589 {0x00090054, "FSCTL_INVALIDATE_VOLUMES"},
1590 {0x00090058, "FSCTL_QUERY_FAT_BPB"},
1591 {0x0009005C, "FSCTL_REQUEST_FILTER_OPLOCK"},
1592 {0x00090060, "FSCTL_FILESYSTEM_GET_STATISTICS"},
1593 {0x00090064, "FSCTL_GET_NTFS_VOLUME_DATA"},
1594 {0x00090068, "FSCTL_GET_NTFS_FILE_RECORD"},
1595 {0x0009006F, "FSCTL_GET_VOLUME_BITMAP"},
1596 {0x00090073, "FSCTL_GET_RETRIEVAL_POINTERS"},
1597 {0x00090074, "FSCTL_MOVE_FILE"},
1598 {0x00090078, "FSCTL_IS_VOLUME_DIRTY"},
1599 {0x0009007C, "FSCTL_GET_HFS_INFORMATION"},
1600 {0x00090083, "FSCTL_ALLOW_EXTENDED_DASD_IO"},
1601 {0x00090087, "FSCTL_READ_PROPERTY_DATA"},
1602 {0x0009008B, "FSCTL_WRITE_PROPERTY_DATA"},
1603 {0x0009008F, "FSCTL_FIND_FILES_BY_SID"},
1604 {0x00090097, "FSCTL_DUMP_PROPERTY_DATA"},
1605 {0x0009009C, "FSCTL_GET_OBJECT_ID"}, /* dissector implemented */
1606 {0x000900A4, "FSCTL_SET_REPARSE_POINT"}, /* dissector implemented */
1607 {0x000900A8, "FSCTL_GET_REPARSE_POINT"}, /* dissector implemented */
1608 {0x000900C0, "FSCTL_CREATE_OR_GET_OBJECT_ID"}, /* dissector implemented */
1609 {0x000900C4, "FSCTL_SET_SPARSE"}, /* dissector implemented */
1610 {0x000900D4, "FSCTL_SET_ENCRYPTION"},
1611 {0x000900DB, "FSCTL_ENCRYPTION_FSCTL_IO"},
1612 {0x000900DF, "FSCTL_WRITE_RAW_ENCRYPTED"},
1613 {0x000900E3, "FSCTL_READ_RAW_ENCRYPTED"},
1614 {0x000900F0, "FSCTL_EXTEND_VOLUME"},
1615 {0x00090244, "FSCTL_CSV_TUNNEL_REQUEST"},
1616 {0x0009027C, "FSCTL_GET_INTEGRITY_INFORMATION"},
1617 {0x00090284, "FSCTL_QUERY_FILE_REGIONS"}, /* dissector implemented */
1618 {0x000902c8, "FSCTL_CSV_SYNC_TUNNEL_REQUEST"},
1619 {0x00090300, "FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT"}, /* dissector implemented */
1620 {0x00090304, "FSCTL_SVHDX_SYNC_TUNNEL_REQUEST"}, /* dissector implemented */
1621 {0x00090308, "FSCTL_SVHDX_SET_INITIATOR_INFORMATION"},
1622 {0x0009030C, "FSCTL_SET_EXTERNAL_BACKING"},
1623 {0x00090310, "FSCTL_GET_EXTERNAL_BACKING"},
1624 {0x00090314, "FSCTL_DELETE_EXTERNAL_BACKING"},
1625 {0x00090318, "FSCTL_ENUM_EXTERNAL_BACKING"},
1626 {0x0009031F, "FSCTL_ENUM_OVERLAY"},
1627 {0x00090350, "FSCTL_STORAGE_QOS_CONTROL"}, /* dissector implemented */
1628 {0x00090364, "FSCTL_SVHDX_ASYNC_TUNNEL_REQUEST"}, /* dissector implemented */
1629 {0x000940B3, "FSCTL_ENUM_USN_DATA"},
1630 {0x000940B7, "FSCTL_SECURITY_ID_CHECK"},
1631 {0x000940BB, "FSCTL_READ_USN_JOURNAL"},
1632 {0x000940CF, "FSCTL_QUERY_ALLOCATED_RANGES"}, /* dissector implemented */
1633 {0x000940E7, "FSCTL_CREATE_USN_JOURNAL"},
1634 {0x000940EB, "FSCTL_READ_FILE_USN_DATA"},
1635 {0x000940EF, "FSCTL_WRITE_USN_CLOSE_RECORD"},
1636 {0x00094264, "FSCTL_OFFLOAD_READ"}, /* dissector implemented */
1637 {0x00098098, "FSCTL_SET_OBJECT_ID"}, /* dissector implemented */
1638 {0x000980A0, "FSCTL_DELETE_OBJECT_ID"}, /* no data in/out */
1639 {0x000980A4, "FSCTL_SET_REPARSE_POINT"},
1640 {0x000980AC, "FSCTL_DELETE_REPARSE_POINT"},
1641 {0x000980BC, "FSCTL_SET_OBJECT_ID_EXTENDED"}, /* dissector implemented */
1642 {0x000980C8, "FSCTL_SET_ZERO_DATA"}, /* dissector implemented */
1643 {0x000980D0, "FSCTL_ENABLE_UPGRADE"},
1644 {0x00098208, "FSCTL_FILE_LEVEL_TRIM"},
1645 {0x00098268, "FSCTL_OFFLOAD_WRITE"}, /* dissector implemented */
1646 {0x0009C040, "FSCTL_SET_COMPRESSION"}, /* dissector implemented */
1647 {0x0009C280, "FSCTL_SET_INTEGRITY_INFORMATION"}, /* dissector implemented */
1648 {0x00110018, "FSCTL_PIPE_WAIT"}, /* dissector implemented */
1649 {0x0011400C, "FSCTL_PIPE_PEEK"},
1650 {0x0011C017, "FSCTL_PIPE_TRANSCEIVE"}, /* dissector implemented */
1651 {0x00140078, "FSCTL_SRV_REQUEST_RESUME_KEY"},
1652 {0x001401D4, "FSCTL_LMR_REQUEST_RESILIENCY"}, /* dissector implemented */
1653 {0x001401FC, "FSCTL_QUERY_NETWORK_INTERFACE_INFO"}, /* dissector implemented */
1654 {0x00140200, "FSCTL_VALIDATE_NEGOTIATE_INFO_224"}, /* dissector implemented */
1655 {0x00140204, "FSCTL_VALIDATE_NEGOTIATE_INFO"}, /* dissector implemented */
1656 {0x00144064, "FSCTL_SRV_ENUMERATE_SNAPSHOTS"}, /* dissector implemented */
1657 {0x001440F2, "FSCTL_SRV_COPYCHUNK"},
1658 {0x001441bb, "FSCTL_SRV_READ_HASH"},
1659 {0x001480F2, "FSCTL_SRV_COPYCHUNK_WRITE"},
1662 static value_string_ext smb2_ioctl_vals_ext = VALUE_STRING_EXT_INIT(smb2_ioctl_vals);
1664 static const value_string smb2_ioctl_device_vals[] = {
1666 { 0x0002, "CD_ROM" },
1667 { 0x0003, "CD_ROM_FILE_SYSTEM" },
1668 { 0x0004, "CONTROLLER" },
1669 { 0x0005, "DATALINK" },
1672 { 0x0008, "DISK_FILE_SYSTEM" },
1673 { 0x0009, "FILE_SYSTEM" },
1674 { 0x000a, "INPORT_PORT" },
1675 { 0x000b, "KEYBOARD" },
1676 { 0x000c, "MAILSLOT" },
1677 { 0x000d, "MIDI_IN" },
1678 { 0x000e, "MIDI_OUT" },
1679 { 0x000f, "MOUSE" },
1680 { 0x0010, "MULTI_UNC_PROVIDER" },
1681 { 0x0011, "NAMED_PIPE" },
1682 { 0x0012, "NETWORK" },
1683 { 0x0013, "NETWORK_BROWSER" },
1684 { 0x0014, "NETWORK_FILE_SYSTEM" },
1686 { 0x0016, "PARALLEL_PORT" },
1687 { 0x0017, "PHYSICAL_NETCARD" },
1688 { 0x0018, "PRINTER" },
1689 { 0x0019, "SCANNER" },
1690 { 0x001a, "SERIAL_MOUSE_PORT" },
1691 { 0x001b, "SERIAL_PORT" },
1692 { 0x001c, "SCREEN" },
1693 { 0x001d, "SOUND" },
1694 { 0x001e, "STREAMS" },
1696 { 0x0020, "TAPE_FILE_SYSTEM" },
1697 { 0x0021, "TRANSPORT" },
1698 { 0x0022, "UNKNOWN" },
1699 { 0x0023, "VIDEO" },
1700 { 0x0024, "VIRTUAL_DISK" },
1701 { 0x0025, "WAVE_IN" },
1702 { 0x0026, "WAVE_OUT" },
1703 { 0x0027, "8042_PORT" },
1704 { 0x0028, "NETWORK_REDIRECTOR" },
1705 { 0x0029, "BATTERY" },
1706 { 0x002a, "BUS_EXTENDER" },
1707 { 0x002b, "MODEM" },
1709 { 0x002d, "MASS_STORAGE" },
1712 { 0x0030, "CHANGER" },
1713 { 0x0031, "SMARTCARD" },
1716 { 0x0034, "FULLSCREEN_VIDEO" },
1717 { 0x0035, "DFS_FILE_SYSTEM" },
1718 { 0x0036, "DFS_VOLUME" },
1719 { 0x0037, "SERENUM" },
1720 { 0x0038, "TERMSRV" },
1724 static value_string_ext smb2_ioctl_device_vals_ext = VALUE_STRING_EXT_INIT(smb2_ioctl_device_vals);
1726 static const value_string smb2_ioctl_access_vals[] = {
1727 { 0x00, "FILE_ANY_ACCESS" },
1728 { 0x01, "FILE_READ_ACCESS" },
1729 { 0x02, "FILE_WRITE_ACCESS" },
1730 { 0x03, "FILE_READ_WRITE_ACCESS" },
1734 static const value_string smb2_ioctl_method_vals[] = {
1735 { 0x00, "METHOD_BUFFERED" },
1736 { 0x01, "METHOD_IN_DIRECT" },
1737 { 0x02, "METHOD_OUT_DIRECT" },
1738 { 0x03, "METHOD_NEITHER" },
1742 static const value_string smb2_ioctl_shared_virtual_disk_vals[] = {
1743 { 0x01, "SharedVirtualDisksSupported" },
1744 { 0x07, "SharedVirtualDiskCDPSnapshotsSupported" },
1748 static const value_string smb2_ioctl_shared_virtual_disk_hstate_vals[] = {
1749 { 0x00, "HandleStateNone" },
1750 { 0x01, "HandleStateFileShared" },
1751 { 0x03, "HandleStateShared" },
1755 /* this is called from both smb and smb2. */
1757 dissect_smb2_ioctl_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint32 *ioctlfunc)
1759 proto_item *item = NULL;
1760 proto_tree *tree = NULL;
1761 guint32 ioctl_function;
1764 item = proto_tree_add_item(parent_tree, hf_smb2_ioctl_function, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1765 tree = proto_item_add_subtree(item, ett_smb2_ioctl_function);
1768 ioctl_function = tvb_get_letohl(tvb, offset);
1770 *ioctlfunc = ioctl_function;
1771 if (ioctl_function) {
1772 const gchar *unknown = "unknown";
1773 const gchar *ioctl_name = val_to_str_ext_const(ioctl_function,
1774 &smb2_ioctl_vals_ext,
1778 * val_to_str_const() doesn't work with a unknown == NULL
1780 if (ioctl_name == unknown) {
1784 if (ioctl_name != NULL) {
1786 pinfo->cinfo, COL_INFO, " %s", ioctl_name);
1790 proto_tree_add_item(tree, hf_smb2_ioctl_function_device, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1791 if (ioctl_name == NULL) {
1793 pinfo->cinfo, COL_INFO, " %s",
1794 val_to_str_ext((ioctl_function>>16)&0xffff, &smb2_ioctl_device_vals_ext,
1795 "Unknown (0x%08X)"));
1799 proto_tree_add_item(tree, hf_smb2_ioctl_function_access, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1802 proto_tree_add_item(tree, hf_smb2_ioctl_function_function, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1803 if (ioctl_name == NULL) {
1805 pinfo->cinfo, COL_INFO, " Function:0x%04x",
1806 (ioctl_function>>2)&0x0fff);
1810 proto_tree_add_item(tree, hf_smb2_ioctl_function_method, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1818 /* fake the dce/rpc support structures so we can piggy back on
1819 * dissect_nt_policy_hnd() since this will allow us
1820 * a cheap way to track where FIDs are opened, closed
1821 * and fid->filename mappings
1822 * if we want to do those things in the future.
1824 #define FID_MODE_OPEN 0
1825 #define FID_MODE_CLOSE 1
1826 #define FID_MODE_USE 2
1827 #define FID_MODE_DHNQ 3
1828 #define FID_MODE_DHNC 4
1830 dissect_smb2_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si, int mode)
1832 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
1833 static dcerpc_info di; /* fake dcerpc_info struct */
1834 static dcerpc_call_value call_data;
1835 e_ctx_hnd policy_hnd;
1836 e_ctx_hnd *policy_hnd_hashtablekey;
1837 proto_item *hnd_item = NULL;
1839 guint32 open_frame = 0, close_frame = 0;
1840 smb2_eo_file_info_t *eo_file_info;
1841 smb2_fid_info_t sfi_key;
1842 smb2_fid_info_t *sfi = NULL;
1844 sfi_key.fid_persistent = tvb_get_letoh64(tvb, offset);
1845 sfi_key.fid_volatile = tvb_get_letoh64(tvb, offset+8);
1846 sfi_key.sesid = si->sesid;
1847 sfi_key.tid = si->tid;
1848 sfi_key.name = NULL;
1850 di.conformant_run = 0;
1851 /* we need di->call_data->flags.NDR64 == 0 */
1852 di.call_data = &call_data;
1856 offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid, &policy_hnd, &hnd_item, TRUE, FALSE);
1857 if (!pinfo->fd->flags.visited) {
1858 sfi = wmem_new(wmem_file_scope(), smb2_fid_info_t);
1860 if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
1861 sfi->name = wmem_strdup(wmem_file_scope(), (char *)si->saved->extra_info);
1863 sfi->name = wmem_strdup_printf(wmem_file_scope(), "[unknown]");
1866 if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
1867 fid_name = wmem_strdup_printf(wmem_file_scope(), "File: %s", (char *)si->saved->extra_info);
1869 fid_name = wmem_strdup_printf(wmem_file_scope(), "File: ");
1871 dcerpc_store_polhnd_name(&policy_hnd, pinfo,
1874 g_hash_table_insert(si->conv->fids, sfi, sfi);
1877 /* If needed, create the file entry and save the policy hnd */
1879 si->saved->file = sfi;
1880 si->saved->policy_hnd = policy_hnd;
1884 eo_file_info = (smb2_eo_file_info_t *)g_hash_table_lookup(si->conv->files,&policy_hnd);
1885 if (!eo_file_info) {
1886 eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
1887 policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
1888 memcpy(policy_hnd_hashtablekey, &policy_hnd, sizeof(e_ctx_hnd));
1889 eo_file_info->end_of_file=0;
1890 g_hash_table_insert(si->conv->files,policy_hnd_hashtablekey,eo_file_info);
1892 si->eo_file_info=eo_file_info;
1896 case FID_MODE_CLOSE:
1897 offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid, &policy_hnd, &hnd_item, FALSE, TRUE);
1902 offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid, &policy_hnd, &hnd_item, FALSE, FALSE);
1906 si->file = (smb2_fid_info_t *)g_hash_table_lookup(si->conv->fids, &sfi_key);
1909 si->saved->file = si->file;
1911 if (si->file->name) {
1913 proto_item_append_text(hnd_item, " File: %s", si->file->name);
1915 col_append_fstr(pinfo->cinfo, COL_INFO, " File: %s", si->file->name);
1919 if (dcerpc_fetch_polhnd_data(&policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->num)) {
1920 /* look for the eo_file_info */
1921 if (!si->eo_file_info) {
1922 if (si->saved) { si->saved->policy_hnd = policy_hnd; }
1924 eo_file_info = (smb2_eo_file_info_t *)g_hash_table_lookup(si->conv->files,&policy_hnd);
1926 si->eo_file_info=eo_file_info;
1927 } else { /* XXX This should never happen */
1928 eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
1929 policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
1930 memcpy(policy_hnd_hashtablekey, &policy_hnd, sizeof(e_ctx_hnd));
1931 eo_file_info->end_of_file=0;
1932 g_hash_table_insert(si->conv->files,policy_hnd_hashtablekey,eo_file_info);
1943 /* this info level is unique to SMB2 and differst from the corresponding
1944 * SMB_FILE_ALL_INFO in SMB
1947 dissect_smb2_file_all_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
1949 proto_item *item = NULL;
1950 proto_tree *tree = NULL;
1952 const char *name = "";
1956 item = proto_tree_add_item(parent_tree, hf_smb2_file_all_info, tvb, offset, -1, ENC_NA);
1957 tree = proto_item_add_subtree(item, ett_smb2_file_all_info);
1961 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp);
1964 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp);
1967 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp);
1970 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp);
1972 /* File Attributes */
1973 offset = dissect_file_ext_attr(tvb, tree, offset);
1975 /* some unknown bytes */
1976 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 4, ENC_NA);
1979 /* allocation size */
1980 proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1984 proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1987 /* number of links */
1988 proto_tree_add_item(tree, hf_smb2_nlinks, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1991 /* delete pending */
1992 proto_tree_add_item(tree, hf_smb2_delete_pending, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1996 proto_tree_add_item(tree, hf_smb2_is_directory, tvb, offset, 1, ENC_LITTLE_ENDIAN);
2003 proto_tree_add_item(tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
2007 proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2011 offset = dissect_smb_access_mask(tvb, tree, offset);
2013 /* some unknown bytes */
2014 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 16, ENC_NA);
2017 /* file name length */
2018 length = tvb_get_letohs(tvb, offset);
2019 proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2024 bc = tvb_captured_length_remaining(tvb, offset);
2025 name = get_unicode_or_ascii_string(tvb, &offset,
2026 TRUE, &length, TRUE, TRUE, &bc);
2028 proto_tree_add_string(tree, hf_smb2_filename, tvb,
2029 offset, length, name);
2040 dissect_smb2_file_allocation_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2042 proto_item *item = NULL;
2043 proto_tree *tree = NULL;
2048 item = proto_tree_add_item(parent_tree, hf_smb2_file_allocation_info, tvb, offset, -1, ENC_NA);
2049 tree = proto_item_add_subtree(item, ett_smb2_file_allocation_info);
2052 bc = tvb_captured_length_remaining(tvb, offset);
2053 offset = dissect_qsfi_SMB_FILE_ALLOCATION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2059 dissect_smb2_file_endoffile_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2061 proto_item *item = NULL;
2062 proto_tree *tree = NULL;
2067 item = proto_tree_add_item(parent_tree, hf_smb2_file_endoffile_info, tvb, offset, -1, ENC_NA);
2068 tree = proto_item_add_subtree(item, ett_smb2_file_endoffile_info);
2071 bc = tvb_captured_length_remaining(tvb, offset);
2072 offset = dissect_qsfi_SMB_FILE_ENDOFFILE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2078 dissect_smb2_file_alternate_name_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2080 proto_item *item = NULL;
2081 proto_tree *tree = NULL;
2086 item = proto_tree_add_item(parent_tree, hf_smb2_file_alternate_name_info, tvb, offset, -1, ENC_NA);
2087 tree = proto_item_add_subtree(item, ett_smb2_file_alternate_name_info);
2090 bc = tvb_captured_length_remaining(tvb, offset);
2091 offset = dissect_qfi_SMB_FILE_NAME_INFO(tvb, pinfo, tree, offset, &bc, &trunc, /* XXX assumption hack */ TRUE);
2098 dissect_smb2_file_basic_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2100 proto_item *item = NULL;
2101 proto_tree *tree = NULL;
2104 item = proto_tree_add_item(parent_tree, hf_smb2_file_basic_info, tvb, offset, -1, ENC_NA);
2105 tree = proto_item_add_subtree(item, ett_smb2_file_basic_info);
2109 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp);
2112 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp);
2115 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp);
2118 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp);
2120 /* File Attributes */
2121 offset = dissect_file_ext_attr(tvb, tree, offset);
2123 /* some unknown bytes */
2124 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 4, ENC_NA);
2131 dissect_smb2_file_standard_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2133 proto_item *item = NULL;
2134 proto_tree *tree = NULL;
2139 item = proto_tree_add_item(parent_tree, hf_smb2_file_standard_info, tvb, offset, -1, ENC_NA);
2140 tree = proto_item_add_subtree(item, ett_smb2_file_standard_info);
2143 bc = tvb_captured_length_remaining(tvb, offset);
2144 offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2149 dissect_smb2_file_internal_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2151 proto_item *item = NULL;
2152 proto_tree *tree = NULL;
2157 item = proto_tree_add_item(parent_tree, hf_smb2_file_internal_info, tvb, offset, -1, ENC_NA);
2158 tree = proto_item_add_subtree(item, ett_smb2_file_internal_info);
2161 bc = tvb_captured_length_remaining(tvb, offset);
2162 offset = dissect_qfi_SMB_FILE_INTERNAL_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2167 dissect_smb2_file_mode_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2169 proto_item *item = NULL;
2170 proto_tree *tree = NULL;
2175 item = proto_tree_add_item(parent_tree, hf_smb2_file_mode_info, tvb, offset, -1, ENC_NA);
2176 tree = proto_item_add_subtree(item, ett_smb2_file_mode_info);
2179 bc = tvb_captured_length_remaining(tvb, offset);
2180 offset = dissect_qsfi_SMB_FILE_MODE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2185 dissect_smb2_file_alignment_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2187 proto_item *item = NULL;
2188 proto_tree *tree = NULL;
2193 item = proto_tree_add_item(parent_tree, hf_smb2_file_alignment_info, tvb, offset, -1, ENC_NA);
2194 tree = proto_item_add_subtree(item, ett_smb2_file_alignment_info);
2197 bc = tvb_captured_length_remaining(tvb, offset);
2198 offset = dissect_qfi_SMB_FILE_ALIGNMENT_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2203 dissect_smb2_file_position_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2205 proto_item *item = NULL;
2206 proto_tree *tree = NULL;
2211 item = proto_tree_add_item(parent_tree, hf_smb2_file_position_info, tvb, offset, -1, ENC_NA);
2212 tree = proto_item_add_subtree(item, ett_smb2_file_position_info);
2215 bc = tvb_captured_length_remaining(tvb, offset);
2216 offset = dissect_qsfi_SMB_FILE_POSITION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2222 dissect_smb2_file_access_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2224 proto_item *item = NULL;
2225 proto_tree *tree = NULL;
2228 item = proto_tree_add_item(parent_tree, hf_smb2_file_access_info, tvb, offset, -1, ENC_NA);
2229 tree = proto_item_add_subtree(item, ett_smb2_file_access_info);
2233 offset = dissect_smb_access_mask(tvb, tree, offset);
2239 dissect_smb2_file_ea_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2241 proto_item *item = NULL;
2242 proto_tree *tree = NULL;
2247 item = proto_tree_add_item(parent_tree, hf_smb2_file_ea_info, tvb, offset, -1, ENC_NA);
2248 tree = proto_item_add_subtree(item, ett_smb2_file_ea_info);
2251 bc = tvb_captured_length_remaining(tvb, offset);
2252 offset = dissect_qfi_SMB_FILE_EA_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2258 dissect_smb2_file_stream_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2260 proto_item *item = NULL;
2261 proto_tree *tree = NULL;
2266 item = proto_tree_add_item(parent_tree, hf_smb2_file_stream_info, tvb, offset, -1, ENC_NA);
2267 tree = proto_item_add_subtree(item, ett_smb2_file_stream_info);
2270 bc = tvb_captured_length_remaining(tvb, offset);
2271 offset = dissect_qfi_SMB_FILE_STREAM_INFO(tvb, pinfo, tree, offset, &bc, &trunc, TRUE);
2277 dissect_smb2_file_pipe_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2279 proto_item *item = NULL;
2280 proto_tree *tree = NULL;
2285 item = proto_tree_add_item(parent_tree, hf_smb2_file_pipe_info, tvb, offset, -1, ENC_NA);
2286 tree = proto_item_add_subtree(item, ett_smb2_file_pipe_info);
2289 bc = tvb_captured_length_remaining(tvb, offset);
2290 offset = dissect_sfi_SMB_FILE_PIPE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2296 dissect_smb2_file_compression_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2298 proto_item *item = NULL;
2299 proto_tree *tree = NULL;
2304 item = proto_tree_add_item(parent_tree, hf_smb2_file_compression_info, tvb, offset, -1, ENC_NA);
2305 tree = proto_item_add_subtree(item, ett_smb2_file_compression_info);
2308 bc = tvb_captured_length_remaining(tvb, offset);
2309 offset = dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2315 dissect_smb2_file_network_open_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2317 proto_item *item = NULL;
2318 proto_tree *tree = NULL;
2323 item = proto_tree_add_item(parent_tree, hf_smb2_file_network_open_info, tvb, offset, -1, ENC_NA);
2324 tree = proto_item_add_subtree(item, ett_smb2_file_network_open_info);
2328 bc = tvb_captured_length_remaining(tvb, offset);
2329 offset = dissect_qfi_SMB_FILE_NETWORK_OPEN_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2335 dissect_smb2_file_attribute_tag_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2337 proto_item *item = NULL;
2338 proto_tree *tree = NULL;
2343 item = proto_tree_add_item(parent_tree, hf_smb2_file_attribute_tag_info, tvb, offset, -1, ENC_NA);
2344 tree = proto_item_add_subtree(item, ett_smb2_file_attribute_tag_info);
2348 bc = tvb_captured_length_remaining(tvb, offset);
2349 offset = dissect_qfi_SMB_FILE_ATTRIBUTE_TAG_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
2354 static const true_false_string tfs_disposition_delete_on_close = {
2355 "DELETE this file when closed",
2356 "Normal access, do not delete on close"
2360 dissect_smb2_file_disposition_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2362 proto_item *item = NULL;
2363 proto_tree *tree = NULL;
2366 item = proto_tree_add_item(parent_tree, hf_smb2_file_disposition_info, tvb, offset, -1, ENC_NA);
2367 tree = proto_item_add_subtree(item, ett_smb2_file_disposition_info);
2370 /* file disposition */
2371 proto_tree_add_item(tree, hf_smb2_disposition_delete_on_close, tvb, offset, 1, ENC_LITTLE_ENDIAN);
2377 dissect_smb2_file_full_ea_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2379 proto_item *item = NULL;
2380 proto_tree *tree = NULL;
2381 guint32 next_offset;
2383 guint16 ea_data_len;
2386 item = proto_tree_add_item(parent_tree, hf_smb2_file_full_ea_info, tvb, offset, -1, ENC_NA);
2387 tree = proto_item_add_subtree(item, ett_smb2_file_full_ea_info);
2392 const char *name = "";
2393 const char *data = "";
2395 int start_offset = offset;
2396 proto_item *ea_item;
2397 proto_tree *ea_tree;
2399 ea_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_ea, &ea_item, "EA:");
2402 next_offset = tvb_get_letohl(tvb, offset);
2403 proto_tree_add_item(ea_tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2407 proto_tree_add_item(ea_tree, hf_smb2_ea_flags, tvb, offset, 1, ENC_LITTLE_ENDIAN);
2410 /* EA Name Length */
2411 ea_name_len = tvb_get_guint8(tvb, offset);
2412 proto_tree_add_item(ea_tree, hf_smb2_ea_name_len, tvb, offset, 1, ENC_LITTLE_ENDIAN);
2415 /* EA Data Length */
2416 ea_data_len = tvb_get_letohs(tvb, offset);
2417 proto_tree_add_item(ea_tree, hf_smb2_ea_data_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2421 length = ea_name_len;
2423 bc = tvb_captured_length_remaining(tvb, offset);
2424 name = get_unicode_or_ascii_string(tvb, &offset,
2425 FALSE, &length, TRUE, TRUE, &bc);
2427 proto_tree_add_string(ea_tree, hf_smb2_ea_name, tvb,
2428 offset, length + 1, name);
2432 /* The name is terminated with a NULL */
2433 offset += ea_name_len + 1;
2436 length = ea_data_len;
2438 bc = tvb_captured_length_remaining(tvb, offset);
2439 data = get_unicode_or_ascii_string(tvb, &offset,
2440 FALSE, &length, TRUE, TRUE, &bc);
2442 * We put the data here ...
2444 proto_tree_add_item(ea_tree, hf_smb2_ea_data, tvb,
2445 offset, length, ENC_NA);
2447 offset += ea_data_len;
2451 proto_item_append_text(ea_item, " %s := %s", name, data);
2453 proto_item_set_len(ea_item, offset-start_offset);
2460 offset = start_offset+next_offset;
2466 static const true_false_string tfs_replace_if_exists = {
2467 "Replace the target if it exists",
2468 "Fail if the target exists"
2472 dissect_smb2_file_rename_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2474 proto_item *item = NULL;
2475 proto_tree *tree = NULL;
2477 const char *name = "";
2482 item = proto_tree_add_item(parent_tree, hf_smb2_file_rename_info, tvb, offset, -1, ENC_NA);
2483 tree = proto_item_add_subtree(item, ett_smb2_file_rename_info);
2486 /* ReplaceIfExists */
2487 proto_tree_add_item(tree, hf_smb2_replace_if, tvb, offset, 1, ENC_NA);
2491 proto_tree_add_item(tree, hf_smb2_reserved_random, tvb, offset, 7, ENC_NA);
2494 /* Root Directory Handle, MBZ */
2495 proto_tree_add_item(tree, hf_smb2_root_directory_mbz, tvb, offset, 8, ENC_NA);
2498 /* file name length */
2499 length = tvb_get_letohs(tvb, offset);
2500 proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2505 bc = tvb_captured_length_remaining(tvb, offset);
2506 name = get_unicode_or_ascii_string(tvb, &offset,
2507 TRUE, &length, TRUE, TRUE, &bc);
2509 proto_tree_add_string(tree, hf_smb2_filename, tvb,
2510 offset, length, name);
2513 col_append_fstr(pinfo->cinfo, COL_INFO, " NewName:%s", name);
2521 dissect_smb2_sec_info_00(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2523 proto_item *item = NULL;
2524 proto_tree *tree = NULL;
2527 item = proto_tree_add_item(parent_tree, hf_smb2_sec_info_00, tvb, offset, -1, ENC_NA);
2528 tree = proto_item_add_subtree(item, ett_smb2_sec_info_00);
2531 /* security descriptor */
2532 offset = dissect_nt_sec_desc(tvb, offset, pinfo, tree, NULL, TRUE, tvb_captured_length_remaining(tvb, offset), NULL);
2538 dissect_smb2_quota_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2540 proto_item *item = NULL;
2541 proto_tree *tree = NULL;
2545 item = proto_tree_add_item(parent_tree, hf_smb2_quota_info, tvb, offset, -1, ENC_NA);
2546 tree = proto_item_add_subtree(item, ett_smb2_quota_info);
2549 bcp = tvb_captured_length_remaining(tvb, offset);
2550 offset = dissect_nt_user_quota(tvb, tree, offset, &bcp);
2556 dissect_smb2_fs_info_05(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2558 proto_item *item = NULL;
2559 proto_tree *tree = NULL;
2563 item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_05, tvb, offset, -1, ENC_NA);
2564 tree = proto_item_add_subtree(item, ett_smb2_fs_info_05);
2567 bc = tvb_captured_length_remaining(tvb, offset);
2568 offset = dissect_qfsi_FS_ATTRIBUTE_INFO(tvb, pinfo, tree, offset, &bc, TRUE);
2574 dissect_smb2_fs_info_06(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2576 proto_item *item = NULL;
2577 proto_tree *tree = NULL;
2581 item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_06, tvb, offset, -1, ENC_NA);
2582 tree = proto_item_add_subtree(item, ett_smb2_fs_info_06);
2585 bc = tvb_captured_length_remaining(tvb, offset);
2586 offset = dissect_nt_quota(tvb, tree, offset, &bc);
2592 dissect_smb2_FS_OBJECTID_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2594 proto_item *item = NULL;
2595 proto_tree *tree = NULL;
2598 item = proto_tree_add_item(parent_tree, hf_smb2_fs_objectid_info, tvb, offset, -1, ENC_NA);
2599 tree = proto_item_add_subtree(item, ett_smb2_fs_objectid_info);
2602 /* FILE_OBJECTID_BUFFER */
2603 offset = dissect_smb2_FILE_OBJECTID_BUFFER(tvb, pinfo, tree, offset);
2609 dissect_smb2_fs_info_07(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2611 proto_item *item = NULL;
2612 proto_tree *tree = NULL;
2616 item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_07, tvb, offset, -1, ENC_NA);
2617 tree = proto_item_add_subtree(item, ett_smb2_fs_info_07);
2620 bc = tvb_captured_length_remaining(tvb, offset);
2621 offset = dissect_qfsi_FS_FULL_SIZE_INFO(tvb, pinfo, tree, offset, &bc);
2627 dissect_smb2_fs_info_01(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2629 proto_item *item = NULL;
2630 proto_tree *tree = NULL;
2634 item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_01, tvb, offset, -1, ENC_NA);
2635 tree = proto_item_add_subtree(item, ett_smb2_fs_info_01);
2639 bc = tvb_captured_length_remaining(tvb, offset);
2640 offset = dissect_qfsi_FS_VOLUME_INFO(tvb, pinfo, tree, offset, &bc, TRUE);
2646 dissect_smb2_fs_info_03(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2648 proto_item *item = NULL;
2649 proto_tree *tree = NULL;
2653 item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_03, tvb, offset, -1, ENC_NA);
2654 tree = proto_item_add_subtree(item, ett_smb2_fs_info_03);
2658 bc = tvb_captured_length_remaining(tvb, offset);
2659 offset = dissect_qfsi_FS_SIZE_INFO(tvb, pinfo, tree, offset, &bc);
2665 dissect_smb2_fs_info_04(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2667 proto_item *item = NULL;
2668 proto_tree *tree = NULL;
2672 item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_04, tvb, offset, -1, ENC_NA);
2673 tree = proto_item_add_subtree(item, ett_smb2_fs_info_04);
2677 bc = tvb_captured_length_remaining(tvb, offset);
2678 offset = dissect_qfsi_FS_DEVICE_INFO(tvb, pinfo, tree, offset, &bc);
2683 static const value_string oplock_vals[] = {
2684 { 0x00, "No oplock" },
2685 { 0x01, "Level2 oplock" },
2686 { 0x08, "Exclusive oplock" },
2687 { 0x09, "Batch oplock" },
2693 dissect_smb2_oplock(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2695 proto_tree_add_item(parent_tree, hf_smb2_oplock, tvb, offset, 1, ENC_LITTLE_ENDIAN);
2702 dissect_smb2_buffercode(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint16 *length)
2706 guint16 buffer_code;
2708 /* dissect the first 2 bytes of the command PDU */
2709 buffer_code = tvb_get_letohs(tvb, offset);
2710 item = proto_tree_add_uint(parent_tree, hf_smb2_buffer_code, tvb, offset, 2, buffer_code);
2711 tree = proto_item_add_subtree(item, ett_smb2_buffercode);
2712 proto_tree_add_item(tree, hf_smb2_buffer_code_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2713 proto_tree_add_item(tree, hf_smb2_buffer_code_flags_dyn, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2717 *length = buffer_code; /*&0xfffe don't mask it here, mask it on caller side */
2723 #define NEGPROT_CAP_DFS 0x00000001
2724 #define NEGPROT_CAP_LEASING 0x00000002
2725 #define NEGPROT_CAP_LARGE_MTU 0x00000004
2726 #define NEGPROT_CAP_MULTI_CHANNEL 0x00000008
2727 #define NEGPROT_CAP_PERSISTENT_HANDLES 0x00000010
2728 #define NEGPROT_CAP_DIRECTORY_LEASING 0x00000020
2729 #define NEGPROT_CAP_ENCRYPTION 0x00000040
2731 dissect_smb2_capabilities(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2733 static const int * flags[] = {
2735 &hf_smb2_cap_leasing,
2736 &hf_smb2_cap_large_mtu,
2737 &hf_smb2_cap_multi_channel,
2738 &hf_smb2_cap_persistent_handles,
2739 &hf_smb2_cap_directory_leasing,
2740 &hf_smb2_cap_encryption,
2744 proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_capabilities, ett_smb2_capabilities, flags, ENC_LITTLE_ENDIAN);
2752 #define NEGPROT_SIGN_REQ 0x0002
2753 #define NEGPROT_SIGN_ENABLED 0x0001
2756 dissect_smb2_secmode(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2758 static const int * flags[] = {
2759 &hf_smb2_secmode_flags_sign_enabled,
2760 &hf_smb2_secmode_flags_sign_required,
2764 proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_security_mode, ett_smb2_sec_mode, flags, ENC_LITTLE_ENDIAN);
2770 #define SES_REQ_FLAGS_SESSION_BINDING 0x01
2773 dissect_smb2_ses_req_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2775 static const int * flags[] = {
2776 &hf_smb2_ses_req_flags_session_binding,
2780 proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_ses_req_flags, ett_smb2_ses_req_flags, flags, ENC_LITTLE_ENDIAN);
2786 #define SES_FLAGS_GUEST 0x0001
2787 #define SES_FLAGS_NULL 0x0002
2788 #define SES_FLAGS_ENCRYPT 0x0004
2791 dissect_smb2_ses_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2793 static const int * flags[] = {
2794 &hf_smb2_ses_flags_guest,
2795 &hf_smb2_ses_flags_null,
2796 &hf_smb2_ses_flags_encrypt,
2800 proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_session_flags, ett_smb2_ses_flags, flags, ENC_LITTLE_ENDIAN);
2806 #define SHARE_FLAGS_manual_caching 0x00000000
2807 #define SHARE_FLAGS_auto_caching 0x00000010
2808 #define SHARE_FLAGS_vdo_caching 0x00000020
2809 #define SHARE_FLAGS_no_caching 0x00000030
2811 static const value_string share_cache_vals[] = {
2812 { SHARE_FLAGS_manual_caching, "Manual caching" },
2813 { SHARE_FLAGS_auto_caching, "Auto caching" },
2814 { SHARE_FLAGS_vdo_caching, "VDO caching" },
2815 { SHARE_FLAGS_no_caching, "No caching" },
2819 #define SHARE_FLAGS_dfs 0x00000001
2820 #define SHARE_FLAGS_dfs_root 0x00000002
2821 #define SHARE_FLAGS_restrict_exclusive_opens 0x00000100
2822 #define SHARE_FLAGS_force_shared_delete 0x00000200
2823 #define SHARE_FLAGS_allow_namespace_caching 0x00000400
2824 #define SHARE_FLAGS_access_based_dir_enum 0x00000800
2825 #define SHARE_FLAGS_force_levelii_oplock 0x00001000
2826 #define SHARE_FLAGS_enable_hash_v1 0x00002000
2827 #define SHARE_FLAGS_enable_hash_v2 0x00004000
2828 #define SHARE_FLAGS_encryption_required 0x00008000
2831 dissect_smb2_share_flags(proto_tree *tree, tvbuff_t *tvb, int offset)
2833 static const int *sf_fields[] = {
2834 &hf_smb2_share_flags_dfs,
2835 &hf_smb2_share_flags_dfs_root,
2836 &hf_smb2_share_flags_restrict_exclusive_opens,
2837 &hf_smb2_share_flags_force_shared_delete,
2838 &hf_smb2_share_flags_allow_namespace_caching,
2839 &hf_smb2_share_flags_access_based_dir_enum,
2840 &hf_smb2_share_flags_force_levelii_oplock,
2841 &hf_smb2_share_flags_enable_hash_v1,
2842 &hf_smb2_share_flags_enable_hash_v2,
2843 &hf_smb2_share_flags_encrypt_data,
2849 item = proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_share_flags, ett_smb2_share_flags, sf_fields, ENC_LITTLE_ENDIAN);
2851 cp = tvb_get_letohl(tvb, offset);
2853 proto_tree_add_uint_format(item, hf_smb2_share_caching, tvb, offset, 4, cp, "Caching policy: %s (%08x)", val_to_str(cp, share_cache_vals, "Unknown:%u"), cp);
2861 #define SHARE_CAPS_DFS 0x00000008
2862 #define SHARE_CAPS_CONTINUOUS_AVAILABILITY 0x00000010
2863 #define SHARE_CAPS_SCALEOUT 0x00000020
2864 #define SHARE_CAPS_CLUSTER 0x00000040
2867 dissect_smb2_share_caps(proto_tree *tree, tvbuff_t *tvb, int offset)
2869 static const int *sc_fields[] = {
2870 &hf_smb2_share_caps_dfs,
2871 &hf_smb2_share_caps_continuous_availability,
2872 &hf_smb2_share_caps_scaleout,
2873 &hf_smb2_share_caps_cluster,
2877 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_share_caps, ett_smb2_share_caps, sc_fields, ENC_LITTLE_ENDIAN);
2885 dissect_smb2_secblob(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
2887 if ((tvb_captured_length(tvb)>=7)
2888 && (!tvb_memeql(tvb, 0, "NTLMSSP", 7))) {
2889 call_dissector(ntlmssp_handle, tvb, pinfo, tree);
2891 call_dissector(gssapi_handle, tvb, pinfo, tree);
2896 dissect_smb2_session_setup_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
2898 offset_length_buffer_t s_olb;
2899 const ntlmssp_header_t *ntlmssph;
2900 static int ntlmssp_tap_id = 0;
2903 if (!ntlmssp_tap_id) {
2904 GString *error_string;
2905 /* We don't specify any callbacks at all.
2906 * Instead we manually fetch the tapped data after the
2907 * security blob has been fully dissected and before
2908 * we exit from this dissector.
2910 error_string = register_tap_listener("ntlmssp", NULL, NULL,
2911 TL_IS_DISSECTOR_HELPER, NULL, NULL, NULL);
2912 if (!error_string) {
2913 ntlmssp_tap_id = find_tap_id("ntlmssp");
2915 g_string_free(error_string, TRUE);
2921 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
2922 /* some unknown bytes */
2925 offset = dissect_smb2_ses_req_flags(tree, tvb, offset);
2928 offset = dissect_smb2_secmode(tree, tvb, offset);
2931 offset = dissect_smb2_capabilities(tree, tvb, offset);
2934 proto_tree_add_item(tree, hf_smb2_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2937 /* security blob offset/length */
2938 offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_security_blob);
2940 /* previous session id */
2941 proto_tree_add_item(tree, hf_smb2_previous_sesid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
2945 /* the security blob itself */
2946 dissect_smb2_olb_buffer(pinfo, tree, tvb, &s_olb, si, dissect_smb2_secblob);
2948 offset = dissect_smb2_olb_tvb_max_offset(offset, &s_olb);
2950 /* If we have found a uid->acct_name mapping, store it */
2951 if (!pinfo->fd->flags.visited) {
2953 while ((ntlmssph = (const ntlmssp_header_t *)fetch_tapped_data(ntlmssp_tap_id, idx++)) != NULL) {
2954 if (ntlmssph && ntlmssph->type == NTLMSSP_AUTH) {
2955 smb2_sesid_info_t *sesid;
2956 sesid = wmem_new(wmem_file_scope(), smb2_sesid_info_t);
2957 sesid->sesid = si->sesid;
2958 sesid->acct_name = wmem_strdup(wmem_file_scope(), ntlmssph->acct_name);
2959 sesid->domain_name = wmem_strdup(wmem_file_scope(), ntlmssph->domain_name);
2960 sesid->host_name = wmem_strdup(wmem_file_scope(), ntlmssph->host_name);
2961 if (memcmp(ntlmssph->session_key, zeros, NTLMSSP_KEY_LEN) != 0) {
2962 smb2_key_derivation(ntlmssph->session_key,
2966 sesid->server_decryption_key);
2967 smb2_key_derivation(ntlmssph->session_key,
2971 sesid->client_decryption_key);
2973 memset(sesid->server_decryption_key, 0,
2974 sizeof(sesid->server_decryption_key));
2975 memset(sesid->client_decryption_key, 0,
2976 sizeof(sesid->client_decryption_key));
2978 sesid->server_port = pinfo->destport;
2979 sesid->auth_frame = pinfo->num;
2980 sesid->tids = g_hash_table_new(smb2_tid_info_hash, smb2_tid_info_equal);
2981 g_hash_table_insert(si->conv->sesids, sesid, sesid);
2990 dissect_smb2_STATUS_STOPPED_ON_SYMLINK(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
2995 offset_length_buffer_t s_olb, p_olb;
2997 item = proto_tree_add_item(parent_tree, hf_smb2_symlink_error_response, tvb, offset, -1, ENC_NA);
2998 tree = proto_item_add_subtree(item, ett_smb2_symlink_error_response);
3000 /* symlink length */
3001 proto_tree_add_item(tree, hf_smb2_symlink_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3004 /* symlink error tag */
3005 proto_tree_add_item(tree, hf_smb2_symlink_error_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3009 proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3012 proto_tree_add_item(tree, hf_smb2_reparse_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
3015 proto_tree_add_item(tree, hf_smb2_unparsed_path_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
3018 /* substitute name offset/length */
3019 offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_symlink_substitute_name);
3021 /* print name offset/length */
3022 offset = dissect_smb2_olb_length_offset(tvb, offset, &p_olb, OLB_O_UINT16_S_UINT16, hf_smb2_symlink_print_name);
3025 proto_tree_add_item(tree, hf_smb2_symlink_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3028 /* substitute name string */
3029 dissect_smb2_olb_off_string(pinfo, tree, tvb, &s_olb, offset, OLB_TYPE_UNICODE_STRING);
3031 /* print name string */
3032 dissect_smb2_olb_off_string(pinfo, tree, tvb, &p_olb, offset, OLB_TYPE_UNICODE_STRING);
3036 dissect_smb2_error_data(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int error_context_count, smb2_info_t *si _U_)
3043 item = proto_tree_add_item(parent_tree, hf_smb2_error_data, tvb, offset, -1, ENC_NA);
3044 tree = proto_item_add_subtree(item, ett_smb2_error_data);
3046 if (error_context_count == 0) {
3047 switch (si->status) {
3048 case 0x8000002D: /* STATUS_STOPPED_ON_SYMLINK */
3049 dissect_smb2_STATUS_STOPPED_ON_SYMLINK(tvb, pinfo, tree, offset, si);
3056 /* TODO SMB311 supports multiple error contexts */
3060 /* This needs more fixes for cases when the original header had also the constant value of 9.
3061 This should be fixed on caller side where it decides if it has to call this or not.
3064 dissect_smb2_error_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si,
3065 gboolean* continue_dissection)
3068 guint8 error_context_count;
3073 offset = dissect_smb2_buffercode(tree, tvb, offset, &length);
3075 /* FIX: error response uses this constant, if not then it is not an error response */
3078 if(continue_dissection)
3079 *continue_dissection = TRUE;
3081 if(continue_dissection)
3082 *continue_dissection = FALSE;
3084 /* ErrorContextCount (1 bytes) */
3085 error_context_count = tvb_get_guint8(tvb, offset);
3086 proto_tree_add_item(tree, hf_smb2_error_context_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
3089 /* Reserved (1 bytes) */
3090 proto_tree_add_item(tree, hf_smb2_error_reserved, tvb, offset, 1, ENC_LITTLE_ENDIAN);
3093 /* ByteCount (4 bytes): The number of bytes of data contained in ErrorData[]. */
3094 byte_count = tvb_get_letohl(tvb, offset);
3095 proto_tree_add_item(tree, hf_smb2_error_byte_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3098 /* If the ByteCount field is zero then the server MUST supply an ErrorData field
3099 that is one byte in length */
3100 if (byte_count == 0) byte_count = 1;
3102 /* ErrorData (variable): A variable-length data field that contains extended
3103 error information.*/
3104 sub_tvb = tvb_new_subset_length(tvb, offset, byte_count);
3105 offset += byte_count;
3107 dissect_smb2_error_data(sub_tvb, pinfo, tree, error_context_count, si);
3114 dissect_smb2_session_setup_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
3116 offset_length_buffer_t s_olb;
3118 /* session_setup is special and we don't use dissect_smb2_error_response() here! */
3121 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
3124 offset = dissect_smb2_ses_flags(tree, tvb, offset);
3126 /* security blob offset/length */
3127 offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_security_blob);
3129 /* the security blob itself */
3130 dissect_smb2_olb_buffer(pinfo, tree, tvb, &s_olb, si, dissect_smb2_secblob);
3132 offset = dissect_smb2_olb_tvb_max_offset(offset, &s_olb);
3134 /* If we have found a uid->acct_name mapping, store it */
3135 #ifdef HAVE_KERBEROS
3136 if (!pinfo->fd->flags.visited && si->status == 0) {
3140 read_keytab_file_from_preferences();
3143 for (ek=enc_key_list;ek;ek=ek->next) {
3144 if (ek->fd_num == (int)pinfo->num) {
3150 smb2_sesid_info_t *sesid;
3151 guint8 session_key[16] = { 0, };
3153 memcpy(session_key, ek->keyvalue, MIN(ek->keylength, 16));
3155 sesid = wmem_new(wmem_file_scope(), smb2_sesid_info_t);
3156 sesid->sesid = si->sesid;
3157 /* TODO: fill in the correct information */
3158 sesid->acct_name = NULL;
3159 sesid->domain_name = NULL;
3160 sesid->host_name = NULL;
3161 smb2_key_derivation(session_key, sizeof(session_key),
3164 sesid->server_decryption_key);
3165 smb2_key_derivation(session_key, sizeof(session_key),
3168 sesid->client_decryption_key);
3169 sesid->server_port = pinfo->srcport;
3170 sesid->auth_frame = pinfo->num;
3171 sesid->tids = g_hash_table_new(smb2_tid_info_hash, smb2_tid_info_equal);
3172 g_hash_table_insert(si->conv->sesids, sesid, sesid);
3181 dissect_smb2_tree_connect_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
3183 offset_length_buffer_t olb;
3187 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
3190 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
3193 /* tree offset/length */
3194 offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT16, hf_smb2_tree);
3197 buf = dissect_smb2_olb_string(pinfo, tree, tvb, &olb, OLB_TYPE_UNICODE_STRING);
3199 offset = dissect_smb2_olb_tvb_max_offset(offset, &olb);
3201 /* treelen +1 is overkill here if the string is unicode,
3202 * but who ever has more than a handful of TCON in a trace anyways
3204 if (!pinfo->fd->flags.visited && si->saved && buf && olb.len) {
3205 si->saved->extra_info_type = SMB2_EI_TREENAME;
3206 si->saved->extra_info = wmem_alloc(wmem_file_scope(), olb.len+1);
3207 g_snprintf((char *)si->saved->extra_info,olb.len+1,"%s",buf);
3210 col_append_fstr(pinfo->cinfo, COL_INFO, " Tree: %s", buf);
3215 dissect_smb2_tree_connect_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
3218 gboolean continue_dissection;
3220 switch (si->status) {
3222 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
3223 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
3224 if (!continue_dissection) return offset;
3228 share_type = tvb_get_guint8(tvb, offset);
3229 proto_tree_add_item(tree, hf_smb2_share_type, tvb, offset, 1, ENC_LITTLE_ENDIAN);
3232 /* byte is reserved and must be set to zero */
3233 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
3236 if (!pinfo->fd->flags.visited && si->saved && si->saved->extra_info_type == SMB2_EI_TREENAME && si->session) {
3237 smb2_tid_info_t *tid, tid_key;
3239 tid_key.tid = si->tid;
3240 tid = (smb2_tid_info_t *)g_hash_table_lookup(si->session->tids, &tid_key);
3242 g_hash_table_remove(si->session->tids, &tid_key);
3244 tid = wmem_new(wmem_file_scope(), smb2_tid_info_t);
3246 tid->name = (char *)si->saved->extra_info;
3247 tid->connect_frame = pinfo->num;
3248 tid->share_type = share_type;
3250 g_hash_table_insert(si->session->tids, tid, tid);
3252 si->saved->extra_info_type = SMB2_EI_NONE;
3253 si->saved->extra_info = NULL;
3257 offset = dissect_smb2_share_flags(tree, tvb, offset);
3259 /* share capabilities */
3260 offset = dissect_smb2_share_caps(tree, tvb, offset);
3262 /* this is some sort of access mask */
3263 offset = dissect_smb_access_mask(tvb, tree, offset);
3269 dissect_smb2_tree_disconnect_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
3272 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
3275 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
3282 dissect_smb2_tree_disconnect_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
3284 gboolean continue_dissection;
3286 switch (si->status) {
3288 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
3289 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
3290 if (!continue_dissection) return offset;
3294 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
3301 dissect_smb2_sessionlogoff_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
3304 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
3306 /* reserved bytes */
3313 dissect_smb2_sessionlogoff_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
3315 gboolean continue_dissection;
3317 switch (si->status) {
3319 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
3320 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
3321 if (!continue_dissection) return offset;
3324 /* reserved bytes */
3325 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
3332 dissect_smb2_keepalive_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
3335 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
3337 /* some unknown bytes */
3338 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
3345 dissect_smb2_keepalive_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
3347 gboolean continue_dissection;
3349 switch (si->status) {
3351 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
3352 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
3353 if (!continue_dissection) return offset;
3356 /* some unknown bytes */
3357 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
3364 dissect_smb2_notify_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
3366 proto_tree *flags_tree = NULL;
3367 proto_item *flags_item = NULL;
3370 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
3374 flags_item = proto_tree_add_item(tree, hf_smb2_notify_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
3375 flags_tree = proto_item_add_subtree(flags_item, ett_smb2_notify_flags);
3377 proto_tree_add_item(flags_tree, hf_smb2_notify_watch_tree, tvb, offset, 2, ENC_LITTLE_ENDIAN);
3380 /* output buffer length */
3381 proto_tree_add_item(tree, hf_smb2_output_buffer_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3385 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
3387 /* completion filter */
3388 offset = dissect_nt_notify_completion_filter(tvb, tree, offset);
3391 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
3397 static const value_string notify_action_vals[] = {
3398 {0x01, "FILE_ACTION_ADDED"},
3399 {0x02, "FILE_ACTION_REMOVED"},
3400 {0x03, "FILE_ACTION_MODIFIED"},
3401 {0x04, "FILE_ACTION_RENAMED_OLD_NAME"},
3402 {0x05, "FILE_ACTION_RENAMED_NEW_NAME"},
3403 {0x06, "FILE_ACTION_ADDED_STREAM"},
3404 {0x07, "FILE_ACTION_REMOVED_STREAM"},
3405 {0x08, "FILE_ACTION_MODIFIED_STREAM"},
3406 {0x09, "FILE_ACTION_REMOVED_BY_DELETE"},
3411 dissect_smb2_notify_data_out(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
3413 proto_tree *tree = NULL;
3414 proto_item *item = NULL;
3417 while (tvb_reported_length_remaining(tvb, offset) > 4) {
3418 guint32 start_offset = offset;
3419 guint32 next_offset;
3423 item = proto_tree_add_item(parent_tree, hf_smb2_notify_info, tvb, offset, -1, ENC_NA);
3424 tree = proto_item_add_subtree(item, ett_smb2_notify_info);
3428 proto_tree_add_item_ret_uint(tree, hf_smb2_notify_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &next_offset);
3431 proto_tree_add_item(tree, hf_smb2_notify_action, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3434 /* file name length */
3435 proto_tree_add_item_ret_uint(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN, &length);
3440 const guchar *name = "";
3443 bc = tvb_reported_length_remaining(tvb, offset);
3444 name = get_unicode_or_ascii_string(tvb, &offset,
3445 TRUE, &length, TRUE, TRUE, &bc);
3447 proto_tree_add_string(tree, hf_smb2_filename,
3448 tvb, offset, length,
3459 offset = start_offset+next_offset;
3464 dissect_smb2_notify_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si)
3466 offset_length_buffer_t olb;
3467 gboolean continue_dissection;
3469 switch (si->status) {
3470 /* MS-SMB2 3.3.4.4 says STATUS_NOTIFY_ENUM_DIR is not treated as an error */
3471 case 0x0000010c: /* STATUS_NOTIFY_ENUM_DIR */
3472 case 0x00000000: /* buffer code */
3473 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
3474 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
3475 if (!continue_dissection) return offset;
3478 /* out buffer offset/length */
3479 offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT32, hf_smb2_notify_out_data);
3482 dissect_smb2_olb_buffer(pinfo, tree, tvb, &olb, si, dissect_smb2_notify_data_out);
3483 offset = dissect_smb2_olb_tvb_max_offset(offset, &olb);
3488 #define SMB2_FIND_FLAG_RESTART_SCANS 0x01
3489 #define SMB2_FIND_FLAG_SINGLE_ENTRY 0x02
3490 #define SMB2_FIND_FLAG_INDEX_SPECIFIED 0x04
3491 #define SMB2_FIND_FLAG_REOPEN 0x10
3494 dissect_smb2_find_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
3496 offset_length_buffer_t olb;
3499 static const int *f_fields[] = {
3500 &hf_smb2_find_flags_restart_scans,
3501 &hf_smb2_find_flags_single_entry,
3502 &hf_smb2_find_flags_index_specified,
3503 &hf_smb2_find_flags_reopen,
3508 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
3510 il = tvb_get_guint8(tvb, offset);
3512 si->saved->infolevel = il;
3516 proto_tree_add_uint(tree, hf_smb2_find_info_level, tvb, offset, 1, il);
3520 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_find_flags, ett_smb2_find_flags, f_fields, ENC_LITTLE_ENDIAN);
3524 proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3528 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
3530 /* search pattern offset/length */
3531 offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT16, hf_smb2_find_pattern);
3533 /* output buffer length */
3534 proto_tree_add_item(tree, hf_smb2_output_buffer_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3537 /* search pattern */
3538 buf = dissect_smb2_olb_string(pinfo, tree, tvb, &olb, OLB_TYPE_UNICODE_STRING);
3540 offset = dissect_smb2_olb_tvb_max_offset(offset, &olb);
3542 if (!pinfo->fd->flags.visited && si->saved && olb.len) {
3543 si->saved->extra_info_type = SMB2_EI_FINDPATTERN;
3544 si->saved->extra_info = g_malloc(olb.len+1);
3545 g_snprintf((char *)si->saved->extra_info,olb.len+1,"%s",buf);
3548 col_append_fstr(pinfo->cinfo, COL_INFO, " %s Pattern: %s",
3549 val_to_str(il, smb2_find_info_levels, "(Level:0x%02x)"),
3555 static void dissect_smb2_file_directory_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
3558 proto_item *item = NULL;
3559 proto_tree *tree = NULL;
3560 const char *name = NULL;
3563 while (tvb_reported_length_remaining(tvb, offset) > 4) {
3564 int old_offset = offset;
3569 item = proto_tree_add_item(parent_tree, hf_smb2_file_directory_info, tvb, offset, -1, ENC_NA);
3570 tree = proto_item_add_subtree(item, ett_smb2_file_directory_info);
3574 next_offset = tvb_get_letohl(tvb, offset);
3575 proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3579 proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3583 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp);
3586 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp);
3589 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp);
3592 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp);
3595 proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3598 /* allocation size */
3599 proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3602 /* File Attributes */
3603 offset = dissect_file_ext_attr(tvb, tree, offset);
3605 /* file name length */
3606 file_name_len = tvb_get_letohl(tvb, offset);
3607 proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3611 if (file_name_len) {
3613 name = get_unicode_or_ascii_string(tvb, &offset,
3614 TRUE, &file_name_len, TRUE, TRUE, &bc);
3616 proto_tree_add_string(tree, hf_smb2_filename, tvb,
3617 offset, file_name_len, name);
3618 proto_item_append_text(item, ": %s", name);
3623 proto_item_set_len(item, offset-old_offset);
3625 if (next_offset == 0) {
3629 offset = old_offset+next_offset;
3630 if (offset < old_offset) {
3631 proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
3632 "Invalid offset/length. Malformed packet");
3638 static void dissect_smb2_full_directory_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
3641 proto_item *item = NULL;
3642 proto_tree *tree = NULL;
3643 const char *name = NULL;
3646 while (tvb_reported_length_remaining(tvb, offset) > 4) {
3647 int old_offset = offset;
3652 item = proto_tree_add_item(parent_tree, hf_smb2_full_directory_info, tvb, offset, -1, ENC_NA);
3653 tree = proto_item_add_subtree(item, ett_smb2_full_directory_info);
3657 next_offset = tvb_get_letohl(tvb, offset);
3658 proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3662 proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3666 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp);
3669 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp);
3672 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp);
3675 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp);
3678 proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3681 /* allocation size */
3682 proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3685 /* File Attributes */
3686 offset = dissect_file_ext_attr(tvb, tree, offset);
3688 /* file name length */
3689 file_name_len = tvb_get_letohl(tvb, offset);
3690 proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3694 proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3698 if (file_name_len) {
3700 name = get_unicode_or_ascii_string(tvb, &offset,
3701 TRUE, &file_name_len, TRUE, TRUE, &bc);
3703 proto_tree_add_string(tree, hf_smb2_filename, tvb,
3704 offset, file_name_len, name);
3705 proto_item_append_text(item, ": %s", name);
3710 proto_item_set_len(item, offset-old_offset);
3712 if (next_offset == 0) {
3716 offset = old_offset+next_offset;
3717 if (offset < old_offset) {
3718 proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
3719 "Invalid offset/length. Malformed packet");
3725 static void dissect_smb2_both_directory_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
3728 proto_item *item = NULL;
3729 proto_tree *tree = NULL;
3730 const char *name = NULL;
3733 while (tvb_reported_length_remaining(tvb, offset) > 4) {
3734 int old_offset = offset;
3740 item = proto_tree_add_item(parent_tree, hf_smb2_both_directory_info, tvb, offset, -1, ENC_NA);
3741 tree = proto_item_add_subtree(item, ett_smb2_both_directory_info);
3745 next_offset = tvb_get_letohl(tvb, offset);
3746 proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3750 proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3754 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp);
3757 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp);
3760 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp);
3763 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp);
3766 proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3769 /* allocation size */
3770 proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3773 /* File Attributes */
3774 offset = dissect_file_ext_attr(tvb, tree, offset);
3776 /* file name length */
3777 file_name_len = tvb_get_letohl(tvb, offset);
3778 proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3782 proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3785 /* short name length */
3786 short_name_len = tvb_get_guint8(tvb, offset);
3787 proto_tree_add_item(tree, hf_smb2_short_name_len, tvb, offset, 1, ENC_LITTLE_ENDIAN);
3791 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
3795 if (short_name_len) {
3796 bc = short_name_len;
3797 name = get_unicode_or_ascii_string(tvb, &offset,
3798 TRUE, &short_name_len, TRUE, TRUE, &bc);
3800 proto_tree_add_string(tree, hf_smb2_short_name, tvb,
3801 offset, short_name_len, name);
3807 if (file_name_len) {
3809 name = get_unicode_or_ascii_string(tvb, &offset,
3810 TRUE, &file_name_len, TRUE, TRUE, &bc);
3812 proto_tree_add_string(tree, hf_smb2_filename, tvb,
3813 offset, file_name_len, name);
3814 proto_item_append_text(item, ": %s", name);
3819 proto_item_set_len(item, offset-old_offset);
3821 if (next_offset == 0) {
3825 offset = old_offset+next_offset;
3826 if (offset < old_offset) {
3827 proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
3828 "Invalid offset/length. Malformed packet");
3834 static void dissect_smb2_file_name_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
3837 proto_item *item = NULL;
3838 proto_tree *tree = NULL;
3839 const char *name = NULL;
3842 while (tvb_reported_length_remaining(tvb, offset) > 4) {
3843 int old_offset = offset;
3848 item = proto_tree_add_item(parent_tree, hf_smb2_both_directory_info, tvb, offset, -1, ENC_NA);
3849 tree = proto_item_add_subtree(item, ett_smb2_both_directory_info);
3853 next_offset = tvb_get_letohl(tvb, offset);
3854 proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3858 proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3861 /* file name length */
3862 file_name_len = tvb_get_letohl(tvb, offset);
3863 proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3867 if (file_name_len) {
3869 name = get_unicode_or_ascii_string(tvb, &offset,
3870 TRUE, &file_name_len, TRUE, TRUE, &bc);
3872 proto_tree_add_string(tree, hf_smb2_filename, tvb,
3873 offset, file_name_len, name);
3874 proto_item_append_text(item, ": %s", name);
3879 proto_item_set_len(item, offset-old_offset);
3881 if (next_offset == 0) {
3885 offset = old_offset+next_offset;
3886 if (offset < old_offset) {
3887 proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
3888 "Invalid offset/length. Malformed packet");
3894 static void dissect_smb2_id_both_directory_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
3897 proto_item *item = NULL;
3898 proto_tree *tree = NULL;
3899 const char *name = NULL;
3902 while (tvb_reported_length_remaining(tvb, offset) > 4) {
3903 int old_offset = offset;
3909 item = proto_tree_add_item(parent_tree, hf_smb2_id_both_directory_info, tvb, offset, -1, ENC_NA);
3910 tree = proto_item_add_subtree(item, ett_smb2_id_both_directory_info);
3914 next_offset = tvb_get_letohl(tvb, offset);
3915 proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3919 proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3923 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp);
3926 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp);
3929 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp);
3932 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp);
3935 proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3938 /* allocation size */
3939 proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3942 /* File Attributes */
3943 offset = dissect_file_ext_attr(tvb, tree, offset);
3945 /* file name length */
3946 file_name_len = tvb_get_letohl(tvb, offset);
3947 proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3951 proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3954 /* short name length */
3955 short_name_len = tvb_get_guint8(tvb, offset);
3956 proto_tree_add_item(tree, hf_smb2_short_name_len, tvb, offset, 1, ENC_LITTLE_ENDIAN);
3960 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
3964 if (short_name_len) {
3965 bc = short_name_len;
3966 name = get_unicode_or_ascii_string(tvb, &offset,
3967 TRUE, &short_name_len, TRUE, TRUE, &bc);
3969 proto_tree_add_string(tree, hf_smb2_short_name, tvb,
3970 offset, short_name_len, name);
3976 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
3980 proto_tree_add_item(tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
3984 if (file_name_len) {
3986 name = get_unicode_or_ascii_string(tvb, &offset,
3987 TRUE, &file_name_len, TRUE, TRUE, &bc);
3989 proto_tree_add_string(tree, hf_smb2_filename, tvb,
3990 offset, file_name_len, name);
3991 proto_item_append_text(item, ": %s", name);
3996 proto_item_set_len(item, offset-old_offset);
3998 if (next_offset == 0) {
4002 offset = old_offset+next_offset;
4003 if (offset < old_offset) {
4004 proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
4005 "Invalid offset/length. Malformed packet");
4012 typedef struct _smb2_find_dissector_t {
4014 void (*dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si);
4015 } smb2_find_dissector_t;
4017 smb2_find_dissector_t smb2_find_dissectors[] = {
4018 {SMB2_FIND_DIRECTORY_INFO, dissect_smb2_file_directory_info},
4019 {SMB2_FIND_FULL_DIRECTORY_INFO, dissect_smb2_full_directory_info},
4020 {SMB2_FIND_BOTH_DIRECTORY_INFO, dissect_smb2_both_directory_info},
4021 {SMB2_FIND_NAME_INFO, dissect_smb2_file_name_info},
4022 {SMB2_FIND_ID_BOTH_DIRECTORY_INFO,dissect_smb2_id_both_directory_info},
4027 dissect_smb2_find_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
4029 smb2_find_dissector_t *dis = smb2_find_dissectors;
4031 while (dis->dissector) {
4032 if (si && si->saved) {
4033 if (dis->level == si->saved->infolevel) {
4034 dis->dissector(tvb, pinfo, tree, si);
4041 proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
4045 dissect_smb2_find_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
4047 offset_length_buffer_t olb;
4048 proto_item *item = NULL;
4049 gboolean continue_dissection;
4053 item = proto_tree_add_uint(tree, hf_smb2_find_info_level, tvb, offset, 0, si->saved->infolevel);
4054 PROTO_ITEM_SET_GENERATED(item);
4057 if (!pinfo->fd->flags.visited && si->saved && si->saved->extra_info_type == SMB2_EI_FINDPATTERN) {
4058 col_append_fstr(pinfo->cinfo, COL_INFO, " %s Pattern: %s",
4059 val_to_str(si->saved->infolevel, smb2_find_info_levels, "(Level:0x%02x)"),
4060 (const char *)si->saved->extra_info);
4062 g_free(si->saved->extra_info);
4063 si->saved->extra_info_type = SMB2_EI_NONE;
4064 si->saved->extra_info = NULL;
4067 switch (si->status) {
4069 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
4070 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
4071 if (!continue_dissection) return offset;
4074 /* findinfo offset */
4075 offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT32, hf_smb2_find_info_blob);
4078 dissect_smb2_olb_buffer(pinfo, tree, tvb, &olb, si, dissect_smb2_find_data);
4080 offset = dissect_smb2_olb_tvb_max_offset(offset, &olb);
4086 dissect_smb2_negotiate_context(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
4089 const gchar *type_str;
4090 guint32 i, data_length, salt_length, hash_count, cipher_count;
4091 proto_item *sub_item;
4092 proto_tree *sub_tree;
4094 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_negotiate_context_element, &sub_item, "Negotiate Context");
4097 type = tvb_get_letohl(tvb, offset);
4098 type_str = val_to_str(type, smb2_negotiate_context_types, "Unknown Type: (0x%0x)");
4099 proto_item_append_text(sub_item, ": %s ", type_str);
4100 proto_tree_add_item(sub_tree, hf_smb2_negotiate_context_type, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4104 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_negotiate_context_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN, &data_length);
4108 proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
4113 case SMB2_PREAUTH_INTEGRITY_CAPABILITIES:
4114 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_hash_alg_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &hash_count);
4116 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_salt_length, tvb, offset, 2, ENC_LITTLE_ENDIAN, &salt_length);
4119 for (i = 0; i < hash_count; i++)
4121 proto_tree_add_item(sub_tree, hf_smb2_hash_algorithm, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4127 proto_tree_add_item(sub_tree, hf_smb2_salt, tvb, offset, salt_length, ENC_NA);
4128 offset += salt_length;
4132 case SMB2_ENCRYPTION_CAPABILITIES:
4133 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_cipher_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &cipher_count);
4136 for (i = 0; i < cipher_count; i ++)
4138 proto_tree_add_item(sub_tree, hf_smb2_cipher_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4144 proto_tree_add_item(sub_tree, hf_smb2_unknown, tvb, offset, data_length, ENC_NA);
4145 offset += data_length;
4153 dissect_smb2_negotiate_protocol_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
4157 gboolean supports_smb_3_10 = FALSE;
4162 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
4165 dc = tvb_get_letohs(tvb, offset);
4166 proto_tree_add_item(tree, hf_smb2_dialect_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4169 /* security mode, skip second byte */
4170 offset = dissect_smb2_secmode(tree, tvb, offset);
4175 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
4179 offset = dissect_smb2_capabilities(tree, tvb, offset);
4182 proto_tree_add_item(tree, hf_smb2_client_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4185 /* negotiate context offset */
4186 nco = tvb_get_letohl(tvb, offset);
4187 proto_tree_add_item(tree, hf_smb2_negotiate_context_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4190 /* negotiate context count */
4191 ncc = tvb_get_letohs(tvb, offset);
4192 proto_tree_add_item(tree, hf_smb2_negotiate_context_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4196 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
4199 for (i = 0 ; i < dc; i++) {
4200 guint16 d = tvb_get_letohs(tvb, offset);
4201 proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4205 supports_smb_3_10 = TRUE;
4209 if (!supports_smb_3_10) {
4214 guint32 tmp = 0x40 + 36 + dc * 2;
4217 offset += nco - tmp;
4223 for (i = 0; i < ncc; i++) {
4224 offset = (offset + 7) & ~7;
4225 offset = dissect_smb2_negotiate_context(tvb, pinfo, tree, offset, si);
4232 dissect_smb2_negotiate_protocol_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
4234 offset_length_buffer_t s_olb;
4239 gboolean continue_dissection;
4241 switch (si->status) {
4243 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
4244 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
4245 if (!continue_dissection) return offset;
4248 /* security mode, skip second byte */
4249 offset = dissect_smb2_secmode(tree, tvb, offset);
4252 /* dialect picked */
4253 d = tvb_get_letohs(tvb, offset);
4254 proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4257 /* negotiate context count */
4258 ncc = tvb_get_letohs(tvb, offset);
4259 proto_tree_add_item(tree, hf_smb2_negotiate_context_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4263 proto_tree_add_item(tree, hf_smb2_server_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4267 offset = dissect_smb2_capabilities(tree, tvb, offset);
4269 /* max trans size */
4270 proto_tree_add_item(tree, hf_smb2_max_trans_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4274 proto_tree_add_item(tree, hf_smb2_max_read_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4277 /* max write size */
4278 proto_tree_add_item(tree, hf_smb2_max_write_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4282 dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_current_time);
4286 dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_boot_time);
4289 /* security blob offset/length */
4290 offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_security_blob);
4292 /* the security blob itself */
4293 dissect_smb2_olb_buffer(pinfo, tree, tvb, &s_olb, si, dissect_smb2_secblob);
4295 /* negotiate context offset */
4296 nco = tvb_get_letohl(tvb, offset);
4297 proto_tree_add_item(tree, hf_smb2_negotiate_context_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4300 offset = dissect_smb2_olb_tvb_max_offset(offset, &s_olb);
4307 guint32 tmp = 0x40 + 64 + s_olb.len;
4310 offset += nco - tmp;
4316 for (i = 0; i < ncc; i++) {
4317 offset = (offset + 7) & ~7;
4318 offset = dissect_smb2_negotiate_context(tvb, pinfo, tree, offset, si);
4325 dissect_smb2_getinfo_parameters(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si)
4327 /* Additional Info */
4328 switch (si->saved->smb2_class) {
4329 case SMB2_CLASS_SEC_INFO:
4330 dissect_security_information_mask(tvb, tree, offset);
4333 proto_tree_add_item(tree, hf_smb2_getinfo_additional, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4338 proto_tree_add_item(tree, hf_smb2_getinfo_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4346 dissect_smb2_getinfo_buffer_quota(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
4348 guint32 sidlist_len = 0;
4349 guint32 startsid_len = 0;
4350 guint32 startsid_offset = 0;
4352 proto_item *item = NULL;
4353 proto_tree *tree = NULL;
4356 item = proto_tree_add_item(parent_tree, hf_smb2_query_quota_info, tvb, offset, -1, ENC_NA);
4357 tree = proto_item_add_subtree(item, ett_smb2_query_quota_info);
4360 proto_tree_add_item(tree, hf_smb2_qq_single, tvb, offset, 1, ENC_LITTLE_ENDIAN);
4363 proto_tree_add_item(tree, hf_smb2_qq_restart, tvb, offset, 1, ENC_LITTLE_ENDIAN);
4367 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
4370 proto_tree_add_item_ret_uint(tree, hf_smb2_qq_sidlist_len, tvb, offset, 4, ENC_LITTLE_ENDIAN, &sidlist_len);
4373 proto_tree_add_item_ret_uint(tree, hf_smb2_qq_start_sid_len, tvb, offset, 4, ENC_LITTLE_ENDIAN, &startsid_len);
4376 proto_tree_add_item_ret_uint(tree, hf_smb2_qq_start_sid_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &startsid_offset);
4379 if (sidlist_len != 0) {
4380 offset = dissect_nt_get_user_quota(tvb, tree, offset, &sidlist_len);
4381 } else if (startsid_len != 0) {
4382 offset = dissect_nt_sid(tvb, offset + startsid_offset, tree, "Start SID", NULL, -1);
4389 dissect_smb2_getinfo_buffer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int size, smb2_info_t *si)
4391 switch (si->saved->smb2_class) {
4392 case SMB2_CLASS_QUOTA_INFO:
4393 dissect_smb2_getinfo_buffer_quota(tvb, pinfo, tree, offset, si);
4397 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, size, ENC_NA);
4406 dissect_smb2_class_infolevel(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree, smb2_info_t *si)
4411 value_string_ext *vsx;
4413 if (si->flags & SMB2_FLAGS_RESPONSE) {
4417 cl = si->saved->smb2_class;
4418 il = si->saved->infolevel;
4420 cl = tvb_get_guint8(tvb, offset);
4421 il = tvb_get_guint8(tvb, offset+1);
4423 si->saved->smb2_class = cl;
4424 si->saved->infolevel = il;
4430 case SMB2_CLASS_FILE_INFO:
4431 hfindex = hf_smb2_infolevel_file_info;
4432 vsx = &smb2_file_info_levels_ext;
4434 case SMB2_CLASS_FS_INFO:
4435 hfindex = hf_smb2_infolevel_fs_info;
4436 vsx = &smb2_fs_info_levels_ext;
4438 case SMB2_CLASS_SEC_INFO:
4439 hfindex = hf_smb2_infolevel_sec_info;
4440 vsx = &smb2_sec_info_levels_ext;
4442 case SMB2_CLASS_QUOTA_INFO:
4443 /* infolevel is not being used for quota */
4444 hfindex = hf_smb2_infolevel;
4447 case SMB2_CLASS_POSIX_INFO:
4448 hfindex = hf_smb2_infolevel_posix_info;
4449 vsx = &smb2_posix_info_levels_ext;
4452 hfindex = hf_smb2_infolevel;
4453 vsx = NULL; /* allowed arg to val_to_str_ext() */
4458 item = proto_tree_add_uint(tree, hf_smb2_class, tvb, offset, 1, cl);
4459 if (si->flags & SMB2_FLAGS_RESPONSE) {
4460 PROTO_ITEM_SET_GENERATED(item);
4463 item = proto_tree_add_uint(tree, hfindex, tvb, offset+1, 1, il);
4464 if (si->flags & SMB2_FLAGS_RESPONSE) {
4465 PROTO_ITEM_SET_GENERATED(item);
4469 if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
4470 /* Only update COL_INFO for requests. It clutters the
4471 * display a bit too much if we do it for replies
4474 col_append_fstr(pinfo->cinfo, COL_INFO, " %s/%s",
4475 val_to_str(cl, smb2_class_vals, "(Class:0x%02x)"),
4476 val_to_str_ext(il, vsx, "(Level:0x%02x)"));
4483 dissect_smb2_getinfo_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
4485 guint32 getinfo_size = 0;
4486 guint32 getinfo_offset = 0;
4489 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
4491 /* class and info level */
4492 offset = dissect_smb2_class_infolevel(pinfo, tvb, offset, tree, si);
4494 /* max response size */
4495 proto_tree_add_item(tree, hf_smb2_max_response_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4499 proto_tree_add_item_ret_uint(tree, hf_smb2_getinfo_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN, &getinfo_offset);
4503 proto_tree_add_item_ret_uint(tree, hf_smb2_getinfo_size, tvb, offset, 4, ENC_LITTLE_ENDIAN, &getinfo_size);
4508 dissect_smb2_getinfo_parameters(tvb, pinfo, tree, offset, si);
4510 /* some unknown bytes */
4511 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 8, ENC_NA);
4516 dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
4520 dissect_smb2_getinfo_buffer(tvb, pinfo, tree, getinfo_offset, getinfo_size, si);
4522 offset = getinfo_offset + getinfo_size;
4528 dissect_smb2_infolevel(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si, guint8 smb2_class, guint8 infolevel)
4530 int old_offset = offset;
4532 switch (smb2_class) {
4533 case SMB2_CLASS_FILE_INFO:
4534 switch (infolevel) {
4535 case SMB2_FILE_BASIC_INFO:
4536 offset = dissect_smb2_file_basic_info(tvb, pinfo, tree, offset, si);
4538 case SMB2_FILE_STANDARD_INFO:
4539 offset = dissect_smb2_file_standard_info(tvb, pinfo, tree, offset, si);
4541 case SMB2_FILE_INTERNAL_INFO:
4542 offset = dissect_smb2_file_internal_info(tvb, pinfo, tree, offset, si);
4544 case SMB2_FILE_EA_INFO:
4545 offset = dissect_smb2_file_ea_info(tvb, pinfo, tree, offset, si);
4547 case SMB2_FILE_ACCESS_INFO:
4548 offset = dissect_smb2_file_access_info(tvb, pinfo, tree, offset, si);
4550 case SMB2_FILE_RENAME_INFO:
4551 offset = dissect_smb2_file_rename_info(tvb, pinfo, tree, offset, si);
4553 case SMB2_FILE_DISPOSITION_INFO:
4554 offset = dissect_smb2_file_disposition_info(tvb, pinfo, tree, offset, si);
4556 case SMB2_FILE_POSITION_INFO:
4557 offset = dissect_smb2_file_position_info(tvb, pinfo, tree, offset, si);
4559 case SMB2_FILE_FULL_EA_INFO:
4560 offset = dissect_smb2_file_full_ea_info(tvb, pinfo, tree, offset, si);
4562 case SMB2_FILE_MODE_INFO:
4563 offset = dissect_smb2_file_mode_info(tvb, pinfo, tree, offset, si);
4565 case SMB2_FILE_ALIGNMENT_INFO:
4566 offset = dissect_smb2_file_alignment_info(tvb, pinfo, tree, offset, si);
4568 case SMB2_FILE_ALL_INFO:
4569 offset = dissect_smb2_file_all_info(tvb, pinfo, tree, offset, si);
4571 case SMB2_FILE_ALLOCATION_INFO:
4572 offset = dissect_smb2_file_allocation_info(tvb, pinfo, tree, offset, si);
4574 case SMB2_FILE_ENDOFFILE_INFO:
4575 dissect_smb2_file_endoffile_info(tvb, pinfo, tree, offset, si);
4577 case SMB2_FILE_ALTERNATE_NAME_INFO:
4578 offset = dissect_smb2_file_alternate_name_info(tvb, pinfo, tree, offset, si);
4580 case SMB2_FILE_STREAM_INFO:
4581 offset = dissect_smb2_file_stream_info(tvb, pinfo, tree, offset, si);
4583 case SMB2_FILE_PIPE_INFO:
4584 offset = dissect_smb2_file_pipe_info(tvb, pinfo, tree, offset, si);
4586 case SMB2_FILE_COMPRESSION_INFO:
4587 offset = dissect_smb2_file_compression_info(tvb, pinfo, tree, offset, si);
4589 case SMB2_FILE_NETWORK_OPEN_INFO:
4590 offset = dissect_smb2_file_network_open_info(tvb, pinfo, tree, offset, si);
4592 case SMB2_FILE_ATTRIBUTE_TAG_INFO:
4593 offset = dissect_smb2_file_attribute_tag_info(tvb, pinfo, tree, offset, si);
4596 /* we don't handle this infolevel yet */
4597 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
4598 offset += tvb_captured_length_remaining(tvb, offset);
4601 case SMB2_CLASS_FS_INFO:
4602 switch (infolevel) {
4603 case SMB2_FS_INFO_01:
4604 offset = dissect_smb2_fs_info_01(tvb, pinfo, tree, offset, si);
4606 case SMB2_FS_INFO_03:
4607 offset = dissect_smb2_fs_info_03(tvb, pinfo, tree, offset, si);
4609 case SMB2_FS_INFO_04:
4610 offset = dissect_smb2_fs_info_04(tvb, pinfo, tree, offset, si);
4612 case SMB2_FS_INFO_05:
4613 offset = dissect_smb2_fs_info_05(tvb, pinfo, tree, offset, si);
4615 case SMB2_FS_INFO_06:
4616 offset = dissect_smb2_fs_info_06(tvb, pinfo, tree, offset, si);
4618 case SMB2_FS_INFO_07:
4619 offset = dissect_smb2_fs_info_07(tvb, pinfo, tree, offset, si);
4621 case SMB2_FS_OBJECTID_INFO:
4622 offset = dissect_smb2_FS_OBJECTID_INFO(tvb, pinfo, tree, offset, si);
4625 /* we don't handle this infolevel yet */
4626 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
4627 offset += tvb_captured_length_remaining(tvb, offset);
4630 case SMB2_CLASS_SEC_INFO:
4631 switch (infolevel) {
4632 case SMB2_SEC_INFO_00:
4633 offset = dissect_smb2_sec_info_00(tvb, pinfo, tree, offset, si);
4636 /* we don't handle this infolevel yet */
4637 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
4638 offset += tvb_captured_length_remaining(tvb, offset);
4641 case SMB2_CLASS_QUOTA_INFO:
4642 offset = dissect_smb2_quota_info(tvb, pinfo, tree, offset, si);
4645 /* we don't handle this class yet */
4646 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
4647 offset += tvb_captured_length_remaining(tvb, offset);
4650 /* if we get BUFFER_OVERFLOW there will be truncated data */
4651 if (si->status == 0x80000005) {
4653 item = proto_tree_add_item(tree, hf_smb2_truncated, tvb, old_offset, 0, ENC_NA);
4654 PROTO_ITEM_SET_GENERATED(item);
4660 dissect_smb2_getinfo_response_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
4664 dissect_smb2_infolevel(tvb, pinfo, tree, 0, si, si->saved->smb2_class, si->saved->infolevel);
4666 /* some unknown bytes */
4667 proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
4674 dissect_smb2_getinfo_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
4676 offset_length_buffer_t olb;
4677 gboolean continue_dissection;
4679 /* class/infolevel */
4680 dissect_smb2_class_infolevel(pinfo, tvb, offset, tree, si);
4682 switch (si->status) {
4684 /* if we get BUFFER_OVERFLOW there will be truncated data */
4686 /* if we get BUFFER_TOO_SMALL there will not be any data there, only
4687 * a guin32 specifying how big the buffer needs to be
4690 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
4693 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
4694 offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT32, -1);
4695 proto_tree_add_item(tree, hf_smb2_required_buffer_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4699 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
4700 if (!continue_dissection) return offset;
4703 /* response buffer offset and size */
4704 offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT32, -1);
4707 dissect_smb2_olb_buffer(pinfo, tree, tvb, &olb, si, dissect_smb2_getinfo_response_data);
4713 dissect_smb2_close_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
4715 proto_tree *flags_tree = NULL;
4716 proto_item *flags_item = NULL;
4719 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
4723 flags_item = proto_tree_add_item(tree, hf_smb2_close_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4724 flags_tree = proto_item_add_subtree(flags_item, ett_smb2_close_flags);
4726 proto_tree_add_item(flags_tree, hf_smb2_close_pq_attrib, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4733 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_CLOSE);
4739 dissect_smb2_close_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
4741 proto_tree *flags_tree = NULL;
4742 proto_item *flags_item = NULL;
4743 gboolean continue_dissection;
4745 switch (si->status) {
4747 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
4748 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
4749 if (!continue_dissection) return offset;
4754 flags_item = proto_tree_add_item(tree, hf_smb2_close_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4755 flags_tree = proto_item_add_subtree(flags_item, ett_smb2_close_flags);
4757 proto_tree_add_item(flags_tree, hf_smb2_close_pq_attrib, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4761 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
4765 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp);
4768 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp);
4771 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp);
4774 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp);
4776 /* allocation size */
4777 proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
4781 proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
4784 /* File Attributes */
4785 offset = dissect_file_ext_attr(tvb, tree, offset);
4791 dissect_smb2_flush_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
4794 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
4796 /* some unknown bytes */
4797 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 6, ENC_NA);
4801 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
4807 dissect_smb2_flush_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
4809 gboolean continue_dissection;
4811 switch (si->status) {
4813 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
4814 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
4815 if (!continue_dissection) return offset;
4818 /* some unknown bytes */
4819 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
4827 dissect_smb2_lock_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
4832 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
4835 lock_count = tvb_get_letohs(tvb, offset);
4836 proto_tree_add_item(tree, hf_smb2_lock_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4840 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
4844 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
4846 while (lock_count--) {
4847 proto_item *lock_item = NULL;
4848 proto_tree *lock_tree = NULL;
4849 static const int *lf_fields[] = {
4850 &hf_smb2_lock_flags_shared,
4851 &hf_smb2_lock_flags_exclusive,
4852 &hf_smb2_lock_flags_unlock,
4853 &hf_smb2_lock_flags_fail_immediately,
4858 lock_item = proto_tree_add_item(tree, hf_smb2_lock_info, tvb, offset, 24, ENC_NA);
4859 lock_tree = proto_item_add_subtree(lock_item, ett_smb2_lock_info);
4863 proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
4867 proto_tree_add_item(lock_tree, hf_smb2_lock_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
4871 proto_tree_add_bitmask(lock_tree, tvb, offset, hf_smb2_lock_flags, ett_smb2_lock_flags, lf_fields, ENC_LITTLE_ENDIAN);
4875 proto_tree_add_item(lock_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
4883 dissect_smb2_lock_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
4885 gboolean continue_dissection;
4887 switch (si->status) {
4889 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
4890 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
4891 if (!continue_dissection) return offset;
4894 /* some unknown bytes */
4895 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
4901 dissect_smb2_cancel_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
4904 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
4906 /* some unknown bytes */
4907 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
4913 static const smb2_fid_info_t *
4914 smb2_pipe_get_fid_info(const smb2_info_t *si)
4916 smb2_fid_info_t *file = NULL;
4921 if (si->file != NULL) {
4923 } else if (si->saved != NULL) {
4924 file = si->saved->file;
4934 smb2_pipe_set_file_id(packet_info *pinfo, smb2_info_t *si)
4937 const smb2_fid_info_t *file = NULL;
4939 file = smb2_pipe_get_fid_info(si);
4944 persistent = GPOINTER_TO_UINT(file);
4946 dcerpc_set_transport_salt(persistent, pinfo);
4949 static gboolean smb2_pipe_reassembly = TRUE;
4950 static reassembly_table smb2_pipe_reassembly_table;
4953 dissect_file_data_smb2_pipe(tvbuff_t *raw_tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, proto_tree *top_tree, void *data)
4956 * Note: si is NULL for some callers from packet-smb.c
4958 const smb2_info_t *si = (const smb2_info_t *)data;
4960 gboolean save_fragmented;
4963 const smb2_fid_info_t *file = NULL;
4965 fragment_head *fd_head;
4968 proto_item *frag_tree_item;
4969 heur_dtbl_entry_t *hdtbl_entry;
4971 file = smb2_pipe_get_fid_info(si);
4972 id = (guint32)(GPOINTER_TO_UINT(file) & G_MAXUINT32);
4974 remaining = tvb_captured_length_remaining(raw_tvb, offset);
4976 tvb = tvb_new_subset_length_caplen(raw_tvb, offset,
4977 MIN((int)datalen, remaining),
4981 * Offer desegmentation service to Named Pipe subdissectors (e.g. DCERPC)
4982 * if we have all the data. Otherwise, reassembly is (probably) impossible.
4984 pinfo->can_desegment = 0;
4985 pinfo->desegment_offset = 0;
4986 pinfo->desegment_len = 0;
4987 reported_len = tvb_reported_length(tvb);
4988 if (smb2_pipe_reassembly && tvb_captured_length(tvb) >= reported_len) {
4989 pinfo->can_desegment = 2;
4992 save_fragmented = pinfo->fragmented;
4995 * if we are not offering desegmentation, just try the heuristics
4998 if (!pinfo->can_desegment) {
4999 result = dissector_try_heuristic(smb2_pipe_subdissector_list,
5000 tvb, pinfo, top_tree,
5001 &hdtbl_entry, data);
5002 goto clean_up_and_exit;
5005 /* below this line, we know we are doing reassembly */
5008 * this is a new packet, see if we are already reassembling this
5009 * pdu and if not, check if the dissector wants us
5012 if (!pinfo->fd->flags.visited) {
5014 * This is the first pass.
5016 * Check if we are already reassembling this PDU or not;
5017 * we check for an in-progress reassembly for this FID
5018 * in this direction, by searching for its reassembly
5021 fd_head = fragment_get(&smb2_pipe_reassembly_table,
5025 * No reassembly, so this is a new pdu. check if the
5026 * dissector wants us to reassemble it or if we
5027 * already got the full pdu in this tvb.
5031 * Try the heuristic dissectors and see if we
5032 * find someone that recognizes this payload.
5034 result = dissector_try_heuristic(smb2_pipe_subdissector_list,
5035 tvb, pinfo, top_tree,
5036 &hdtbl_entry, data);
5038 /* no this didn't look like something we know */
5040 goto clean_up_and_exit;
5043 /* did the subdissector want us to reassemble any
5046 if (pinfo->desegment_len) {
5047 fragment_add_check(&smb2_pipe_reassembly_table,
5048 tvb, 0, pinfo, id, NULL,
5049 0, reported_len, TRUE);
5050 fragment_set_tot_len(&smb2_pipe_reassembly_table,
5052 pinfo->desegment_len+reported_len);
5054 goto clean_up_and_exit;
5057 /* OK, we're already doing a reassembly for this FID.
5058 skip to last segment in the existing reassembly structure
5059 and add this fragment there
5061 XXX we might add code here to use any offset values
5062 we might pick up from the Read/Write calls instead of
5063 assuming we always get them in the correct order
5065 while (fd_head->next) {
5066 fd_head = fd_head->next;
5068 fd_head = fragment_add_check(&smb2_pipe_reassembly_table,
5069 tvb, 0, pinfo, id, NULL,
5070 fd_head->offset+fd_head->len,
5071 reported_len, TRUE);
5073 /* if we completed reassembly */
5075 new_tvb = tvb_new_chain(tvb, fd_head->tvb_data);
5076 add_new_data_source(pinfo, new_tvb,
5077 "Named Pipe over SMB2");
5078 pinfo->fragmented=FALSE;
5082 /* list what segments we have */
5083 show_fragment_tree(fd_head, &smb2_pipe_frag_items,
5084 tree, pinfo, tvb, &frag_tree_item);
5086 /* dissect the full PDU */
5087 result = dissector_try_heuristic(smb2_pipe_subdissector_list,
5088 tvb, pinfo, top_tree,
5089 &hdtbl_entry, data);
5091 goto clean_up_and_exit;
5095 * This is not the first pass; see if it's in the table of
5096 * reassembled packets.
5098 * XXX - we know that several of the arguments aren't going to
5099 * be used, so we pass bogus variables. Can we clean this
5100 * up so that we don't have to distinguish between the first
5101 * pass and subsequent passes?
5103 fd_head = fragment_add_check(&smb2_pipe_reassembly_table,
5104 tvb, 0, pinfo, id, NULL, 0, 0, TRUE);
5106 /* we didn't find it, try any of the heuristic dissectors
5109 result = dissector_try_heuristic(smb2_pipe_subdissector_list,
5110 tvb, pinfo, top_tree,
5111 &hdtbl_entry, data);
5112 goto clean_up_and_exit;
5114 if (!(fd_head->flags&FD_DEFRAGMENTED)) {
5115 /* we don't have a fully reassembled frame */
5116 result = dissector_try_heuristic(smb2_pipe_subdissector_list,
5117 tvb, pinfo, top_tree,
5118 &hdtbl_entry, data);
5119 goto clean_up_and_exit;
5122 /* it is reassembled but it was reassembled in a different frame */
5123 if (pinfo->num != fd_head->reassembled_in) {
5125 item = proto_tree_add_uint(top_tree, hf_smb2_pipe_reassembled_in,
5126 tvb, 0, 0, fd_head->reassembled_in);
5127 PROTO_ITEM_SET_GENERATED(item);
5128 goto clean_up_and_exit;
5131 /* display the reassembled pdu */
5132 new_tvb = tvb_new_chain(tvb, fd_head->tvb_data);
5133 add_new_data_source(pinfo, new_tvb,
5134 "Named Pipe over SMB2");
5135 pinfo->fragmented = FALSE;
5139 /* list what segments we have */
5140 show_fragment_tree(fd_head, &smb2_pipe_frag_items,
5141 top_tree, pinfo, tvb, &frag_tree_item);
5143 /* dissect the full PDU */
5144 result = dissector_try_heuristic(smb2_pipe_subdissector_list,
5145 tvb, pinfo, top_tree,
5146 &hdtbl_entry, data);
5149 /* clear out the variables */
5150 pinfo->can_desegment=0;
5151 pinfo->desegment_offset = 0;
5152 pinfo->desegment_len = 0;
5155 call_data_dissector(tvb, pinfo, top_tree);
5158 pinfo->fragmented = save_fragmented;
5164 #define SMB2_CHANNEL_NONE 0x00000000
5165 #define SMB2_CHANNEL_RDMA_V1 0x00000001
5166 #define SMB2_CHANNEL_RDMA_V1_INVALIDATE 0x00000002
5168 static const value_string smb2_channel_vals[] = {
5169 { SMB2_CHANNEL_NONE, "None" },
5170 { SMB2_CHANNEL_RDMA_V1, "RDMA V1" },
5171 { SMB2_CHANNEL_RDMA_V1_INVALIDATE, "RDMA V1_INVALIDATE" },
5176 dissect_smb2_rdma_v1_blob(tvbuff_t *tvb, packet_info *pinfo _U_,
5177 proto_tree *parent_tree, smb2_info_t *si _U_)
5183 proto_tree *sub_tree;
5184 proto_item *parent_item;
5186 parent_item = proto_tree_get_parent(parent_tree);
5188 len = tvb_reported_length(tvb);
5193 proto_item_append_text(parent_item, ": SMBDirect Buffer Descriptor V1: (%d elements)", num);
5196 for (i = 0; i < num; i++) {
5197 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, 8, ett_smb2_rdma_v1, NULL, "RDMA V1");
5199 proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5202 proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5205 proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5210 #define SMB2_WRITE_FLAG_WRITE_THROUGH 0x00000001
5213 dissect_smb2_write_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
5215 guint16 dataoffset = 0;
5216 guint32 data_tvb_len;
5217 offset_length_buffer_t c_olb;
5221 static const int *f_fields[] = {
5222 &hf_smb2_write_flags_write_through,
5227 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
5230 dataoffset=tvb_get_letohs(tvb,offset);
5231 proto_tree_add_item(tree, hf_smb2_data_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5235 length = tvb_get_letohl(tvb, offset);
5236 proto_tree_add_item(tree, hf_smb2_write_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5240 off = tvb_get_letoh64(tvb, offset);
5241 if (si->saved) si->saved->file_offset=off;
5242 proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5245 col_append_fstr(pinfo->cinfo, COL_INFO, " Len:%d Off:%" G_GINT64_MODIFIER "u", length, off);
5248 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
5251 channel = tvb_get_letohl(tvb, offset);
5252 proto_tree_add_item(tree, hf_smb2_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5255 /* remaining bytes */
5256 proto_tree_add_item(tree, hf_smb2_remaining_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5259 /* write channel info blob offset/length */
5260 offset = dissect_smb2_olb_length_offset(tvb, offset, &c_olb, OLB_O_UINT16_S_UINT16, hf_smb2_channel_info_blob);
5263 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_write_flags, ett_smb2_write_flags, f_fields, ENC_LITTLE_ENDIAN);
5266 /* the write channel info blob itself */
5268 case SMB2_CHANNEL_RDMA_V1:
5269 case SMB2_CHANNEL_RDMA_V1_INVALIDATE:
5270 dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, dissect_smb2_rdma_v1_blob);
5272 case SMB2_CHANNEL_NONE:
5274 dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, NULL);
5278 /* data or namedpipe ?*/
5280 int oldoffset = offset;
5281 smb2_pipe_set_file_id(pinfo, si);
5282 offset = dissect_file_data_smb2_pipe(tvb, pinfo, tree, offset, length, si->top_tree, si);
5283 if (offset != oldoffset) {
5284 /* managed to dissect pipe data */
5289 /* just ordinary data */
5290 proto_tree_add_item(tree, hf_smb2_write_data, tvb, offset, length, ENC_NA);
5292 data_tvb_len=(guint32)tvb_captured_length_remaining(tvb, offset);
5294 offset += MIN(length,(guint32)tvb_captured_length_remaining(tvb, offset));
5296 offset = dissect_smb2_olb_tvb_max_offset(offset, &c_olb);
5298 if (have_tap_listener(smb2_eo_tap) && (data_tvb_len == length)) {
5299 if (si->saved && si->eo_file_info) { /* without this data we don't know wich file this belongs to */
5300 feed_eo_smb2(tvb,pinfo,si,dataoffset,length,off);
5309 dissect_smb2_write_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
5311 gboolean continue_dissection;
5313 switch (si->status) {
5315 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
5316 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
5317 if (!continue_dissection) return offset;
5321 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
5325 proto_tree_add_item(tree, hf_smb2_write_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5328 /* remaining, must be set to 0 */
5329 proto_tree_add_item(tree, hf_smb2_write_remaining, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5332 /* write channel info offset */
5333 proto_tree_add_item(tree, hf_smb2_channel_info_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5336 /* write channel info length */
5337 proto_tree_add_item(tree, hf_smb2_channel_info_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5343 /* The STORAGE_OFFLOAD_TOKEN is used for "Offload Data Transfer" (ODX) operations,
5344 including FSCTL_OFFLOAD_READ, FSCTL_OFFLOAD_WRITE. Ref: MS-FSCC 2.3.79
5345 Note: Unlike most of SMB2, the token fields are BIG-endian! */
5347 dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
5349 proto_tree *sub_tree;
5350 proto_item *sub_item;
5354 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 512, ett_smb2_fsctl_odx_token, &sub_item, "Token");
5356 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_fsctl_odx_token_type, tvb, offset, 4, ENC_BIG_ENDIAN, &idtype);
5359 proto_item_append_text(sub_item, " (IdType 0x%x)", idtype);
5362 proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
5366 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_fsctl_odx_token_idlen, tvb, offset, 2, ENC_BIG_ENDIAN, &idlen);
5369 /* idlen is what the server says is the "meaningful" part of the token.
5370 However, token ID is always 504 bytes */
5371 proto_tree_add_bytes_format_value(sub_tree, hf_smb2_fsctl_odx_token_idraw, tvb,
5372 offset, idlen, NULL, "Opaque Data");
5378 /* MS-FSCC 2.3.77, 2.3.78 */
5380 dissect_smb2_FSCTL_OFFLOAD_READ(tvbuff_t *tvb,
5381 packet_info *pinfo _U_,
5386 proto_tree_add_item(tree, hf_smb2_fsctl_odx_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5389 proto_tree_add_item(tree, hf_smb2_fsctl_odx_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5393 proto_tree_add_item(tree, hf_smb2_fsctl_odx_token_ttl, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5396 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
5399 proto_tree_add_item(tree, hf_smb2_fsctl_odx_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5402 proto_tree_add_item(tree, hf_smb2_fsctl_odx_copy_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5405 proto_tree_add_item(tree, hf_smb2_fsctl_odx_xfer_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5408 (void) dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvb, pinfo, tree, offset);
5412 /* MS-FSCC 2.3.80, 2.3.81 */
5414 dissect_smb2_FSCTL_OFFLOAD_WRITE(tvbuff_t *tvb,
5415 packet_info *pinfo _U_,
5420 proto_tree_add_item(tree, hf_smb2_fsctl_odx_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5423 proto_tree_add_item(tree, hf_smb2_fsctl_odx_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5427 proto_tree_add_item(tree, hf_smb2_fsctl_odx_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5430 proto_tree_add_item(tree, hf_smb2_fsctl_odx_copy_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5433 proto_tree_add_item(tree, hf_smb2_fsctl_odx_token_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5436 dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvb, pinfo, tree, offset);
5439 proto_tree_add_item(tree, hf_smb2_fsctl_odx_xfer_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5445 dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *top_tree, gboolean data_in _U_, void *data)
5447 dissect_file_data_smb2_pipe(tvb, pinfo, tree, offset, tvb_captured_length_remaining(tvb, offset), top_tree, data);
5451 dissect_smb2_FSCTL_PIPE_WAIT(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, proto_tree *top_tree, gboolean data_in _U_)
5453 guint8 timeout_specified = tvb_get_guint8(tvb, offset + 12);
5454 guint32 name_len = tvb_get_letohs(tvb, offset + 8);
5456 int off = offset + 14;
5457 guint16 bc = tvb_captured_length_remaining(tvb, off);
5461 tvb_ensure_bytes_exist(tvb, off, name_len);
5463 name = get_unicode_or_ascii_string(tvb, &off, TRUE, &len, TRUE, TRUE, &bc);
5468 col_append_fstr(pinfo->cinfo, COL_INFO, " Pipe: %s", name);
5471 proto_tree_add_string(top_tree, hf_smb2_fsctl_pipe_wait_name, tvb, offset + 14, name_len, name);
5472 if (timeout_specified) {
5473 proto_tree_add_item(top_tree, hf_smb2_fsctl_pipe_wait_timeout, tvb, 0, 8, ENC_LITTLE_ENDIAN);
5479 dissect_smb2_FSCTL_SET_SPARSE(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
5482 /* There is no out data */
5487 /* sparse flag (optional) */
5488 if (tvb_reported_length_remaining(tvb, offset) >= 1) {
5489 proto_tree_add_item(tree, hf_smb2_fsctl_sparse_flag, tvb, offset, 1, ENC_NA);
5497 dissect_smb2_FSCTL_SET_ZERO_DATA(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
5499 proto_tree *sub_tree;
5500 proto_item *sub_item;
5502 /* There is no out data */
5507 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");
5509 proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5512 proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5519 dissect_smb2_FSCTL_QUERY_ALLOCATED_RANGES(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, int offset _U_, gboolean data_in)
5521 proto_tree *sub_tree;
5522 proto_item *sub_item;
5525 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");
5527 proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5530 proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5533 /* Zero or more allocated ranges may be reported. */
5534 while (tvb_reported_length_remaining(tvb, offset) >= 16) {
5536 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");
5538 proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5541 proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5549 dissect_smb2_FSCTL_QUERY_FILE_REGIONS(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, int offset _U_, gboolean data_in)
5553 proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5556 proto_tree_add_item(tree, hf_smb2_qfr_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5559 proto_tree_add_item(tree, hf_smb2_qfr_usage, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5562 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
5565 guint32 entry_count = 0;
5567 proto_tree_add_item(tree, hf_smb2_qfr_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5570 proto_tree_add_item(tree, hf_smb2_qfr_total_region_entry_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5573 proto_tree_add_item_ret_uint(tree, hf_smb2_qfr_region_entry_count, tvb, offset, 4, ENC_LITTLE_ENDIAN, &entry_count);
5576 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
5579 while (entry_count && tvb_reported_length_remaining(tvb, offset)) {
5580 proto_tree *sub_tree;
5581 proto_item *sub_item;
5583 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 24, ett_qfr_entry, &sub_item, "Entry");
5585 proto_tree_add_item(sub_tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5588 proto_tree_add_item(sub_tree, hf_smb2_qfr_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5591 proto_tree_add_item(sub_tree, hf_smb2_qfr_usage, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5594 proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
5603 dissect_smb2_FSCTL_LMR_REQUEST_RESILIENCY(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
5605 /* There is no out data */
5611 proto_tree_add_item(tree, hf_smb2_ioctl_resiliency_timeout, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5615 proto_tree_add_item(tree, hf_smb2_ioctl_resiliency_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5619 dissect_smb2_FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
5621 /* There is no in data */
5626 proto_tree_add_item(tree, hf_smb2_ioctl_shared_virtual_disk_support, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5629 proto_tree_add_item(tree, hf_smb2_ioctl_shared_virtual_disk_handle_state, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5632 #define STORAGE_QOS_CONTROL_FLAG_SET_LOGICAL_FLOW_ID 0x00000001
5633 #define STORAGE_QOS_CONTROL_FLAG_SET_POLICY 0x00000002
5634 #define STORAGE_QOS_CONTROL_FLAG_PROBE_POLICY 0x00000004
5635 #define STORAGE_QOS_CONTROL_FLAG_GET_STATUS 0x00000008
5636 #define STORAGE_QOS_CONTROL_FLAG_UPDATE_COUNTERS 0x00000010
5638 static const value_string smb2_ioctl_sqos_protocol_version_vals[] = {
5639 { 0x0100, "Storage QoS Protocol Version 1.0" },
5640 { 0x0101, "Storage QoS Protocol Version 1.1" },
5644 static const value_string smb2_ioctl_sqos_status_vals[] = {
5645 { 0x00, "StorageQoSStatusOk" },
5646 { 0x01, "StorageQoSStatusInsufficientThroughput" },
5647 { 0x02, "StorageQoSUnknownPolicyId" },
5648 { 0x04, "StorageQoSStatusConfigurationMismatch" },
5649 { 0x05, "StorageQoSStatusNotAvailable" },
5654 dissect_smb2_FSCTL_STORAGE_QOS_CONTROL(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, gboolean data_in)
5656 static const int * operations[] = {
5657 &hf_smb2_ioctl_sqos_op_set_logical_flow_id,
5658 &hf_smb2_ioctl_sqos_op_set_policy,
5659 &hf_smb2_ioctl_sqos_op_probe_policy,
5660 &hf_smb2_ioctl_sqos_op_get_status,
5661 &hf_smb2_ioctl_sqos_op_update_counters,
5667 /* Both request and reply have the same common header */
5669 proto_ver = tvb_get_letohs(tvb, offset);
5670 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_protocol_version, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5673 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5676 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_ioctl_sqos_options,
5677 ett_smb2_ioctl_sqos_opeations, operations, ENC_LITTLE_ENDIAN);
5680 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_logical_flow_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
5683 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_policy_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
5686 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_initiator_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
5690 offset_length_buffer_t host_olb, node_olb;
5692 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_limit, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5695 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_reservation, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5698 offset = dissect_smb2_olb_length_offset(tvb, offset, &host_olb, OLB_O_UINT16_S_UINT16, hf_smb2_ioctl_sqos_initiator_name);
5700 offset = dissect_smb2_olb_length_offset(tvb, offset, &node_olb, OLB_O_UINT16_S_UINT16, hf_smb2_ioctl_sqos_initiator_node_name);
5702 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_io_count_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5705 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_normalized_io_count_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5708 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_latency_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5711 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_lower_latency_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5714 if (proto_ver > 0x0100) {
5715 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_bandwidth_limit, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5718 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_kilobyte_count_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5722 dissect_smb2_olb_string(pinfo, tree, tvb, &host_olb, OLB_TYPE_UNICODE_STRING);
5724 dissect_smb2_olb_string(pinfo, tree, tvb, &node_olb, OLB_TYPE_UNICODE_STRING);
5726 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_time_to_live, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5729 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5732 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_maximum_io_rate, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5735 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_minimum_io_rate, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5738 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_base_io_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5741 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_reserved2, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5743 if (proto_ver > 0x0100) {
5745 proto_tree_add_item(tree, hf_smb2_ioctl_sqos_maximum_bandwidth, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5751 dissect_windows_sockaddr_in(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, int len)
5753 proto_item *sub_item;
5754 proto_tree *sub_tree;
5755 proto_item *parent_item;
5761 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
5762 parent_item = proto_tree_get_parent(parent_tree);
5765 proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5769 proto_tree_add_item(sub_tree, hf_windows_sockaddr_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5773 proto_tree_add_item(sub_tree, hf_windows_sockaddr_in_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5775 proto_item_append_text(sub_item, ", IPv4: %s", tvb_ip_to_str(tvb, offset));
5776 proto_item_append_text(parent_item, ", IPv4: %s", tvb_ip_to_str(tvb, offset));
5780 dissect_windows_sockaddr_in6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, int len)
5782 proto_item *sub_item;
5783 proto_tree *sub_tree;
5784 proto_item *parent_item;
5790 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
5791 parent_item = proto_tree_get_parent(parent_tree);
5794 proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5798 proto_tree_add_item(sub_tree, hf_windows_sockaddr_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5802 proto_tree_add_item(sub_tree, hf_windows_sockaddr_in6_flowinfo, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5806 proto_tree_add_item(sub_tree, hf_windows_sockaddr_in6_addr, tvb, offset, 16, ENC_NA);
5807 proto_item_append_text(sub_item, ", IPv6: %s", tvb_ip6_to_str(tvb, offset));
5808 proto_item_append_text(parent_item, ", IPv6: %s", tvb_ip6_to_str(tvb, offset));
5812 proto_tree_add_item(sub_tree, hf_windows_sockaddr_in6_scope_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5816 dissect_windows_sockaddr_storage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
5819 proto_item *sub_item;
5820 proto_tree *sub_tree;
5821 proto_item *parent_item;
5824 family = tvb_get_letohs(tvb, offset);
5826 case WINSOCK_AF_INET:
5827 dissect_windows_sockaddr_in(tvb, pinfo, parent_tree, offset, len);
5829 case WINSOCK_AF_INET6:
5830 dissect_windows_sockaddr_in6(tvb, pinfo, parent_tree, offset, len);
5834 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
5835 parent_item = proto_tree_get_parent(parent_tree);
5838 proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5839 proto_item_append_text(sub_item, ", Family: %d (0x%04x)", family, family);
5840 proto_item_append_text(parent_item, ", Family: %d (0x%04x)", family, family);
5847 #define NETWORK_INTERFACE_CAP_RSS 0x00000001
5848 #define NETWORK_INTERFACE_CAP_RDMA 0x00000002
5851 dissect_smb2_NETWORK_INTERFACE_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
5853 guint32 next_offset;
5856 proto_item *sub_item;
5857 proto_tree *sub_tree;
5859 guint32 capabilities;
5862 const char *unit = NULL;
5863 static const int * capability_flags[] = {
5864 &hf_smb2_ioctl_network_interface_capability_rdma,
5865 &hf_smb2_ioctl_network_interface_capability_rss,
5869 next_offset = tvb_get_letohl(tvb, offset);
5874 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_smb2_ioctl_network_interface, &sub_item, "Network Interface");
5875 item = proto_tree_get_parent(parent_tree);
5878 proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5881 /* interface index */
5882 proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5886 capabilities = tvb_get_letohl(tvb, offset);
5887 proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_ioctl_network_interface_capabilities, ett_smb2_ioctl_network_interface_capabilities, capability_flags, ENC_LITTLE_ENDIAN);
5889 if (capabilities != 0) {
5890 proto_item_append_text(item, "%s%s",
5891 (capabilities & NETWORK_INTERFACE_CAP_RDMA)?", RDMA":"",
5892 (capabilities & NETWORK_INTERFACE_CAP_RSS)?", RSS":"");
5893 proto_item_append_text(sub_item, "%s%s",
5894 (capabilities & NETWORK_INTERFACE_CAP_RDMA)?", RDMA":"",
5895 (capabilities & NETWORK_INTERFACE_CAP_RSS)?", RSS":"");
5899 /* rss queue count */
5900 proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_rss_queue_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5904 link_speed = tvb_get_letoh64(tvb, offset);
5905 item = proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_link_speed, tvb, offset, 8, ENC_LITTLE_ENDIAN);
5906 if (link_speed >= (1000*1000*1000)) {
5907 val = (gfloat)(link_speed / (1000*1000*1000));
5909 } else if (link_speed >= (1000*1000)) {
5910 val = (gfloat)(link_speed / (1000*1000));
5912 } else if (link_speed >= (1000)) {
5913 val = (gfloat)(link_speed / (1000));
5916 val = (gfloat)(link_speed);
5919 proto_item_append_text(item, ", %.1f %sBits/s", val, unit);
5920 proto_item_append_text(sub_item, ", %.1f %sBits/s", val, unit);
5924 /* socket address */
5925 dissect_windows_sockaddr_storage(tvb, pinfo, sub_tree, offset);
5929 next_tvb = tvb_new_subset_remaining(tvb, next_offset);
5931 /* next extra info */
5932 dissect_smb2_NETWORK_INTERFACE_INFO(next_tvb, pinfo, parent_tree);
5937 dissect_smb2_FSCTL_QUERY_NETWORK_INTERFACE_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset _U_, gboolean data_in)
5939 /* There is no in data */
5944 dissect_smb2_NETWORK_INTERFACE_INFO(tvb, pinfo, tree);
5948 dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO_224(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset _U_, gboolean data_in)
5951 * This is only used by Windows 8 beta
5955 offset = dissect_smb2_capabilities(tree, tvb, offset);
5958 proto_tree_add_item(tree, hf_smb2_client_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
5961 /* security mode, skip second byte */
5962 offset = dissect_smb2_secmode(tree, tvb, offset);
5966 proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5970 offset = dissect_smb2_capabilities(tree, tvb, offset);
5973 proto_tree_add_item(tree, hf_smb2_server_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
5976 /* security mode, skip second byte */
5977 offset = dissect_smb2_secmode(tree, tvb, offset);
5981 proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5987 dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset _U_, gboolean data_in)
5993 offset = dissect_smb2_capabilities(tree, tvb, offset);
5996 proto_tree_add_item(tree, hf_smb2_client_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
5999 /* security mode, skip second byte */
6000 offset = dissect_smb2_secmode(tree, tvb, offset);
6004 dc = tvb_get_letohs(tvb, offset);
6005 proto_tree_add_item(tree, hf_smb2_dialect_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6008 for ( ; dc>0; dc--) {
6009 proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6014 offset = dissect_smb2_capabilities(tree, tvb, offset);
6017 proto_tree_add_item(tree, hf_smb2_server_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6020 /* security mode, skip second byte */
6021 offset = dissect_smb2_secmode(tree, tvb, offset);
6025 proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6031 dissect_smb2_FSCTL_SRV_ENUMERATE_SNAPSHOTS(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6033 guint32 num_volumes;
6035 /* There is no in data */
6041 num_volumes = tvb_get_letohl(tvb, offset);
6042 proto_tree_add_item(tree, hf_smb2_ioctl_shadow_copy_num_volumes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6046 proto_tree_add_item(tree, hf_smb2_ioctl_shadow_copy_num_labels, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6050 proto_tree_add_item(tree, hf_smb2_ioctl_shadow_copy_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6053 while (num_volumes--) {
6057 int old_offset = offset;
6059 bc = tvb_captured_length_remaining(tvb, offset);
6060 name = get_unicode_or_ascii_string(tvb, &offset,
6061 TRUE, &len, TRUE, FALSE, &bc);
6062 proto_tree_add_string(tree, hf_smb2_ioctl_shadow_copy_label, tvb, old_offset, len, name);
6064 offset = old_offset+len;
6073 dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset)
6075 proto_item *item = NULL;
6076 proto_tree *tree = NULL;
6078 /* FILE_OBJECTID_BUFFER */
6080 item = proto_tree_add_item(parent_tree, hf_smb2_FILE_OBJECTID_BUFFER, tvb, offset, 64, ENC_NA);
6081 tree = proto_item_add_subtree(item, ett_smb2_FILE_OBJECTID_BUFFER);
6085 proto_tree_add_item(tree, hf_smb2_object_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6088 /* Birth Volume ID */
6089 proto_tree_add_item(tree, hf_smb2_birth_volume_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6092 /* Birth Object ID */
6093 proto_tree_add_item(tree, hf_smb2_birth_object_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6097 proto_tree_add_item(tree, hf_smb2_domain_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6104 dissect_smb2_FSCTL_CREATE_OR_GET_OBJECT_ID(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6107 /* There is no in data */
6112 /* FILE_OBJECTID_BUFFER */
6113 offset = dissect_smb2_FILE_OBJECTID_BUFFER(tvb, pinfo, tree, offset);
6119 dissect_smb2_FSCTL_GET_COMPRESSION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6122 /* There is no in data */
6127 /* compression format */
6128 proto_tree_add_item(tree, hf_smb2_compression_format, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6135 dissect_smb2_FSCTL_SET_COMPRESSION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6138 /* There is no out data */
6143 /* compression format */
6144 proto_tree_add_item(tree, hf_smb2_compression_format, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6151 dissect_smb2_FSCTL_SET_INTEGRITY_INFORMATION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6153 const int *integrity_flags[] = {
6154 &hf_smb2_integrity_flags_enforcement_off,
6158 /* There is no out data */
6163 proto_tree_add_item(tree, hf_smb2_checksum_algorithm, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6166 proto_tree_add_item(tree, hf_smb2_integrity_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6169 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_integrity_flags, ett_smb2_integrity_flags, integrity_flags, ENC_LITTLE_ENDIAN);
6176 dissect_smb2_FSCTL_SET_OBJECT_ID(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6179 /* There is no out data */
6184 /* FILE_OBJECTID_BUFFER */
6185 offset = dissect_smb2_FILE_OBJECTID_BUFFER(tvb, pinfo, tree, offset);
6191 dissect_smb2_FSCTL_SET_OBJECT_ID_EXTENDED(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6194 /* There is no out data */
6199 /* FILE_OBJECTID_BUFFER->ExtendedInfo */
6201 /* Birth Volume ID */
6202 proto_tree_add_item(tree, hf_smb2_birth_volume_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6205 /* Birth Object ID */
6206 proto_tree_add_item(tree, hf_smb2_birth_object_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6210 proto_tree_add_item(tree, hf_smb2_domain_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6217 dissect_smb2_cchunk_RESUME_KEY(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
6220 proto_tree_add_bytes_format_value(tree, hf_smb2_cchunk_resume_key, tvb,
6221 offset, 24, NULL, "Opaque Data");
6228 dissect_smb2_FSCTL_SRV_REQUEST_RESUME_KEY(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6231 /* There is no in data */
6236 offset = dissect_smb2_cchunk_RESUME_KEY(tvb, pinfo, tree, offset);
6238 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
6242 dissect_smb2_FSCTL_SRV_COPYCHUNK(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
6244 proto_tree *sub_tree;
6245 proto_item *sub_item;
6246 guint32 chunk_count = 0;
6248 /* Output is simpler - handle that first. */
6250 proto_tree_add_item(tree, hf_smb2_cchunk_chunks_written, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6251 proto_tree_add_item(tree, hf_smb2_cchunk_bytes_written, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
6252 proto_tree_add_item(tree, hf_smb2_cchunk_total_written, tvb, offset+8, 4, ENC_LITTLE_ENDIAN);
6256 /* Input data, fixed part */
6257 offset = dissect_smb2_cchunk_RESUME_KEY(tvb, pinfo, tree, offset);
6258 proto_tree_add_item_ret_uint(tree, hf_smb2_cchunk_count, tvb, offset, 4, ENC_LITTLE_ENDIAN, &chunk_count);
6261 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
6264 /* Zero or more allocated ranges may be reported. */
6265 while (chunk_count && tvb_reported_length_remaining(tvb, offset) >= 24) {
6266 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 24, ett_smb2_cchunk_entry, &sub_item, "Chunk");
6268 proto_tree_add_item(sub_tree, hf_smb2_cchunk_src_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
6271 proto_tree_add_item(sub_tree, hf_smb2_cchunk_dst_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
6274 proto_tree_add_item(sub_tree, hf_smb2_cchunk_xfer_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6277 proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
6285 dissect_smb2_FSCTL_REPARSE_POINT(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset)
6287 proto_item *item = NULL;
6288 proto_tree *tree = NULL;
6290 offset_length_buffer_t s_olb, p_olb;
6292 /* SYMBOLIC_LINK_REPARSE_DATA_BUFFER */
6294 item = proto_tree_add_item(parent_tree, hf_smb2_SYMBOLIC_LINK_REPARSE_DATA_BUFFER, tvb, offset, -1, ENC_NA);
6295 tree = proto_item_add_subtree(item, ett_smb2_SYMBOLIC_LINK_REPARSE_DATA_BUFFER);
6299 proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6302 proto_tree_add_item(tree, hf_smb2_reparse_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6306 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
6309 /* substitute name offset/length */
6310 offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_symlink_substitute_name);
6312 /* print name offset/length */
6313 offset = dissect_smb2_olb_length_offset(tvb, offset, &p_olb, OLB_O_UINT16_S_UINT16, hf_smb2_symlink_print_name);
6316 proto_tree_add_item(tree, hf_smb2_symlink_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6319 /* substitute name string */
6320 dissect_smb2_olb_off_string(pinfo, tree, tvb, &s_olb, offset, OLB_TYPE_UNICODE_STRING);
6322 /* print name string */
6323 dissect_smb2_olb_off_string(pinfo, tree, tvb, &p_olb, offset, OLB_TYPE_UNICODE_STRING);
6327 dissect_smb2_FSCTL_SET_REPARSE_POINT(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, gboolean data_in)
6333 dissect_smb2_FSCTL_REPARSE_POINT(tvb, pinfo, parent_tree, offset);
6337 dissect_smb2_FSCTL_GET_REPARSE_POINT(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, gboolean data_in)
6343 dissect_smb2_FSCTL_REPARSE_POINT(tvb, pinfo, parent_tree, offset);
6347 dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in, void *private_data _U_)
6351 dc = tvb_reported_length(tvb);
6353 switch (ioctl_function) {
6354 case 0x00060194: /* FSCTL_DFS_GET_REFERRALS */
6356 dissect_get_dfs_request_data(tvb, pinfo, tree, 0, &dc, TRUE);
6358 dissect_get_dfs_referral_data(tvb, pinfo, tree, 0, &dc, TRUE);
6361 case 0x000940CF: /* FSCTL_QUERY_ALLOCATED_RANGES */
6362 dissect_smb2_FSCTL_QUERY_ALLOCATED_RANGES(tvb, pinfo, tree, 0, data_in);
6364 case 0x00094264: /* FSCTL_OFFLOAD_READ */
6365 dissect_smb2_FSCTL_OFFLOAD_READ(tvb, pinfo, tree, 0, data_in);
6367 case 0x00098268: /* FSCTL_OFFLOAD_WRITE */
6368 dissect_smb2_FSCTL_OFFLOAD_WRITE(tvb, pinfo, tree, 0, data_in);
6370 case 0x0011c017: /* FSCTL_PIPE_TRANSCEIVE */
6371 dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvb, pinfo, tree, 0, top_tree, data_in, private_data);
6373 case 0x00110018: /* FSCTL_PIPE_WAIT */
6374 dissect_smb2_FSCTL_PIPE_WAIT(tvb, pinfo, tree, 0, top_tree, data_in);
6376 case 0x00140078: /* FSCTL_SRV_REQUEST_RESUME_KEY */
6377 dissect_smb2_FSCTL_SRV_REQUEST_RESUME_KEY(tvb, pinfo, tree, 0, data_in);
6379 case 0x001401D4: /* FSCTL_LMR_REQUEST_RESILIENCY */
6380 dissect_smb2_FSCTL_LMR_REQUEST_RESILIENCY(tvb, pinfo, tree, 0, data_in);
6382 case 0x001401FC: /* FSCTL_QUERY_NETWORK_INTERFACE_INFO */
6383 dissect_smb2_FSCTL_QUERY_NETWORK_INTERFACE_INFO(tvb, pinfo, tree, 0, data_in);
6385 case 0x00140200: /* FSCTL_VALIDATE_NEGOTIATE_INFO_224 */
6386 dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO_224(tvb, pinfo, tree, 0, data_in);
6388 case 0x00140204: /* FSCTL_VALIDATE_NEGOTIATE_INFO */
6389 dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO(tvb, pinfo, tree, 0, data_in);
6391 case 0x00144064: /* FSCTL_SRV_ENUMERATE_SNAPSHOTS */
6392 dissect_smb2_FSCTL_SRV_ENUMERATE_SNAPSHOTS(tvb, pinfo, tree, 0, data_in);
6394 case 0x001440F2: /* FSCTL_SRV_COPYCHUNK */
6395 case 0x001480F2: /* FSCTL_SRV_COPYCHUNK_WRITE */
6396 dissect_smb2_FSCTL_SRV_COPYCHUNK(tvb, pinfo, tree, 0, data_in);
6398 case 0x000900A4: /* FSCTL_SET_REPARSE_POINT */
6399 dissect_smb2_FSCTL_SET_REPARSE_POINT(tvb, pinfo, tree, 0, data_in);
6401 case 0x000900A8: /* FSCTL_GET_REPARSE_POINT */
6402 dissect_smb2_FSCTL_GET_REPARSE_POINT(tvb, pinfo, tree, 0, data_in);
6404 case 0x0009009C: /* FSCTL_GET_OBJECT_ID */
6405 case 0x000900c0: /* FSCTL_CREATE_OR_GET_OBJECT_ID */
6406 dissect_smb2_FSCTL_CREATE_OR_GET_OBJECT_ID(tvb, pinfo, tree, 0, data_in);
6408 case 0x000900c4: /* FSCTL_SET_SPARSE */
6409 dissect_smb2_FSCTL_SET_SPARSE(tvb, pinfo, tree, 0, data_in);
6411 case 0x00098098: /* FSCTL_SET_OBJECT_ID */
6412 dissect_smb2_FSCTL_SET_OBJECT_ID(tvb, pinfo, tree, 0, data_in);
6414 case 0x000980BC: /* FSCTL_SET_OBJECT_ID_EXTENDED */
6415 dissect_smb2_FSCTL_SET_OBJECT_ID_EXTENDED(tvb, pinfo, tree, 0, data_in);
6417 case 0x000980C8: /* FSCTL_SET_ZERO_DATA */
6418 dissect_smb2_FSCTL_SET_ZERO_DATA(tvb, pinfo, tree, 0, data_in);
6420 case 0x0009003C: /* FSCTL_GET_COMPRESSION */
6421 dissect_smb2_FSCTL_GET_COMPRESSION(tvb, pinfo, tree, 0, data_in);
6423 case 0x00090300: /* FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT */
6424 dissect_smb2_FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT(tvb, pinfo, tree, 0, data_in);
6426 case 0x00090304: /* FSCTL_SVHDX_SYNC_TUNNEL or response */
6427 case 0x00090364: /* FSCTL_SVHDX_ASYNC_TUNNEL or response */
6428 call_dissector_with_data(rsvd_handle, tvb, pinfo, top_tree, &data_in);
6430 case 0x00090350: /* FSCTL_STORAGE_QOS_CONTROL */
6431 dissect_smb2_FSCTL_STORAGE_QOS_CONTROL(tvb, pinfo, tree, 0, data_in);
6433 case 0x0009C040: /* FSCTL_SET_COMPRESSION */
6434 dissect_smb2_FSCTL_SET_COMPRESSION(tvb, pinfo, tree, 0, data_in);
6436 case 0x00090284: /* FSCTL_QUERY_FILE_REGIONS */
6437 dissect_smb2_FSCTL_QUERY_FILE_REGIONS(tvb, pinfo, tree, 0, data_in);
6439 case 0x0009C280: /* FSCTL_SET_INTEGRITY_INFORMATION request or response */
6440 dissect_smb2_FSCTL_SET_INTEGRITY_INFORMATION(tvb, pinfo, tree, 0, data_in);
6443 proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
6448 dissect_smb2_ioctl_data_in(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
6450 smb2_pipe_set_file_id(pinfo, si);
6451 dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, TRUE, si);
6455 dissect_smb2_ioctl_data_out(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
6457 smb2_pipe_set_file_id(pinfo, si);
6458 dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, FALSE, si);
6462 dissect_smb2_ioctl_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
6464 offset_length_buffer_t o_olb;
6465 offset_length_buffer_t i_olb;
6466 proto_tree *flags_tree = NULL;
6467 proto_item *flags_item = NULL;
6470 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
6473 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
6476 /* ioctl function */
6477 offset = dissect_smb2_ioctl_function(tvb, pinfo, tree, offset, &si->ioctl_function);
6480 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
6482 /* in buffer offset/length */
6483 offset = dissect_smb2_olb_length_offset(tvb, offset, &i_olb, OLB_O_UINT32_S_UINT32, hf_smb2_ioctl_in_data);
6485 /* max ioctl in size */
6486 proto_tree_add_item(tree, hf_smb2_max_ioctl_in_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6489 /* out buffer offset/length */
6490 offset = dissect_smb2_olb_length_offset(tvb, offset, &o_olb, OLB_O_UINT32_S_UINT32, hf_smb2_ioctl_out_data);
6492 /* max ioctl out size */
6493 proto_tree_add_item(tree, hf_smb2_max_ioctl_out_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6498 flags_item = proto_tree_add_item(tree, hf_smb2_ioctl_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6499 flags_tree = proto_item_add_subtree(flags_item, ett_smb2_ioctl_flags);
6501 proto_tree_add_item(flags_tree, hf_smb2_ioctl_is_fsctl, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6505 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
6508 /* try to decode these blobs in the order they were encoded
6509 * so that for "short" packets we will dissect as much as possible
6510 * before aborting with "short packet"
6512 if (i_olb.off>o_olb.off) {
6514 dissect_smb2_olb_buffer(pinfo, tree, tvb, &o_olb, si, dissect_smb2_ioctl_data_out);
6516 dissect_smb2_olb_buffer(pinfo, tree, tvb, &i_olb, si, dissect_smb2_ioctl_data_in);
6519 dissect_smb2_olb_buffer(pinfo, tree, tvb, &i_olb, si, dissect_smb2_ioctl_data_in);
6521 dissect_smb2_olb_buffer(pinfo, tree, tvb, &o_olb, si, dissect_smb2_ioctl_data_out);
6524 offset = dissect_smb2_olb_tvb_max_offset(offset, &o_olb);
6525 offset = dissect_smb2_olb_tvb_max_offset(offset, &i_olb);
6531 dissect_smb2_ioctl_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
6533 offset_length_buffer_t o_olb;
6534 offset_length_buffer_t i_olb;
6535 gboolean continue_dissection;
6537 switch (si->status) {
6539 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
6540 case 0x80000005: break;
6541 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
6542 if (!continue_dissection) return offset;
6545 /* some unknown bytes */
6546 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
6549 /* ioctl function */
6550 offset = dissect_smb2_ioctl_function(tvb, pinfo, tree, offset, &si->ioctl_function);
6553 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
6555 /* in buffer offset/length */
6556 offset = dissect_smb2_olb_length_offset(tvb, offset, &i_olb, OLB_O_UINT32_S_UINT32, hf_smb2_ioctl_in_data);
6558 /* out buffer offset/length */
6559 offset = dissect_smb2_olb_length_offset(tvb, offset, &o_olb, OLB_O_UINT32_S_UINT32, hf_smb2_ioctl_out_data);
6562 /* flags: reserved: must be zero */
6563 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
6567 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
6570 /* try to decode these blobs in the order they were encoded
6571 * so that for "short" packets we will dissect as much as possible
6572 * before aborting with "short packet"
6574 if (i_olb.off>o_olb.off) {
6576 dissect_smb2_olb_buffer(pinfo, tree, tvb, &o_olb, si, dissect_smb2_ioctl_data_out);
6578 dissect_smb2_olb_buffer(pinfo, tree, tvb, &i_olb, si, dissect_smb2_ioctl_data_in);
6581 dissect_smb2_olb_buffer(pinfo, tree, tvb, &i_olb, si, dissect_smb2_ioctl_data_in);
6583 dissect_smb2_olb_buffer(pinfo, tree, tvb, &o_olb, si, dissect_smb2_ioctl_data_out);
6586 offset = dissect_smb2_olb_tvb_max_offset(offset, &i_olb);
6587 offset = dissect_smb2_olb_tvb_max_offset(offset, &o_olb);
6594 dissect_smb2_read_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
6596 offset_length_buffer_t c_olb;
6602 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
6604 /* padding and reserved */
6605 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
6609 len = tvb_get_letohl(tvb, offset);
6610 proto_tree_add_item(tree, hf_smb2_read_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6614 off = tvb_get_letoh64(tvb, offset);
6615 proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
6618 col_append_fstr(pinfo->cinfo, COL_INFO, " Len:%d Off:%" G_GINT64_MODIFIER "u", len, off);
6621 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
6624 proto_tree_add_item(tree, hf_smb2_min_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6628 channel = tvb_get_letohl(tvb, offset);
6629 proto_tree_add_item(tree, hf_smb2_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6632 /* remaining bytes */
6633 proto_tree_add_item(tree, hf_smb2_remaining_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6636 /* read channel info blob offset/length */
6637 offset = dissect_smb2_olb_length_offset(tvb, offset, &c_olb, OLB_O_UINT16_S_UINT16, hf_smb2_channel_info_blob);
6639 /* the read channel info blob itself */
6641 case SMB2_CHANNEL_RDMA_V1:
6642 dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, dissect_smb2_rdma_v1_blob);
6644 case SMB2_CHANNEL_NONE:
6646 dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, NULL);
6650 offset = dissect_smb2_olb_tvb_max_offset(offset, &c_olb);
6652 /* Store len and offset */
6654 si->saved->file_offset=off;
6655 si->saved->bytes_moved=len;
6663 dissect_smb2_read_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
6665 guint16 dataoffset = 0;
6666 guint32 data_tvb_len;
6668 gboolean continue_dissection;
6670 switch (si->status) {
6672 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
6673 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
6674 if (!continue_dissection) return offset;
6678 dataoffset=tvb_get_letohl(tvb,offset);
6679 proto_tree_add_item(tree, hf_smb2_data_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
6682 /* length might even be 64bits if they are ambitious*/
6683 length = tvb_get_letohl(tvb, offset);
6684 proto_tree_add_item(tree, hf_smb2_read_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6688 proto_tree_add_item(tree, hf_smb2_read_remaining, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6692 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
6695 /* data or namedpipe ?*/
6697 int oldoffset = offset;
6698 smb2_pipe_set_file_id(pinfo, si);
6699 offset = dissect_file_data_smb2_pipe(tvb, pinfo, tree, offset, length, si->top_tree, si);
6700 if (offset != oldoffset) {
6701 /* managed to dissect pipe data */
6707 proto_tree_add_item(tree, hf_smb2_read_data, tvb, offset, length, ENC_NA);
6709 data_tvb_len=(guint32)tvb_captured_length_remaining(tvb, offset);
6711 offset += MIN(length,data_tvb_len);
6713 if (have_tap_listener(smb2_eo_tap) && (data_tvb_len == length)) {
6714 if (si->saved && si->eo_file_info) { /* without this data we don't know wich file this belongs to */
6715 feed_eo_smb2(tvb,pinfo,si,dataoffset,length,si->saved->file_offset);
6723 report_create_context_malformed_buffer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const char *buffer_desc)
6725 proto_tree_add_expert_format(tree, pinfo, &ei_smb2_bad_response, tvb, 0, -1,
6726 "%s SHOULD NOT be generated", buffer_desc);
6729 dissect_smb2_ExtA_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
6731 proto_item *item = NULL;
6733 item = proto_tree_get_parent(tree);
6734 proto_item_append_text(item, ": SMB2_FILE_FULL_EA_INFO");
6736 dissect_smb2_file_full_ea_info(tvb, pinfo, tree, 0, si);
6740 dissect_smb2_ExtA_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
6742 report_create_context_malformed_buffer(tvb, pinfo, tree, "ExtA Response");
6746 dissect_smb2_SecD_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
6748 proto_item *item = NULL;
6750 item = proto_tree_get_parent(tree);
6751 proto_item_append_text(item, ": SMB2_SEC_INFO_00");
6753 dissect_smb2_sec_info_00(tvb, pinfo, tree, 0, si);
6757 dissect_smb2_SecD_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
6759 report_create_context_malformed_buffer(tvb, pinfo, tree, "SecD Response");
6763 dissect_smb2_TWrp_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6765 proto_item *item = NULL;
6767 item = proto_tree_get_parent(tree);
6768 proto_item_append_text(item, ": Timestamp");
6770 dissect_nt_64bit_time(tvb, tree, 0, hf_smb2_twrp_timestamp);
6774 dissect_smb2_TWrp_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6776 report_create_context_malformed_buffer(tvb, pinfo, tree, "TWrp Response");
6780 dissect_smb2_QFid_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6782 proto_item *item = NULL;
6785 item = proto_tree_get_parent(tree);
6789 if (tvb_reported_length(tvb) == 0) {
6790 proto_item_append_text(item, ": NO DATA");
6792 proto_item_append_text(item, ": QFid request should have no data, malformed packet");
6798 dissect_smb2_QFid_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6802 proto_item *sub_tree;
6804 item = proto_tree_get_parent(tree);
6806 proto_item_append_text(item, ": QFid INFO");
6807 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_QFid_buffer, NULL, "QFid INFO");
6809 proto_tree_add_item(sub_tree, hf_smb2_qfid_fid, tvb, offset, 32, ENC_NA);
6813 dissect_smb2_AlSi_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6815 proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, 0, 8, ENC_LITTLE_ENDIAN);
6819 dissect_smb2_AlSi_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6821 report_create_context_malformed_buffer(tvb, pinfo, tree, "AlSi Response");
6825 dissect_smb2_DHnQ_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
6827 dissect_smb2_fid(tvb, pinfo, tree, 0, si, FID_MODE_DHNQ);
6831 dissect_smb2_DHnQ_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6833 proto_tree_add_item(tree, hf_smb2_dhnq_buffer_reserved, tvb, 0, 8, ENC_LITTLE_ENDIAN);
6837 dissect_smb2_DHnC_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
6839 dissect_smb2_fid(tvb, pinfo, tree, 0, si, FID_MODE_DHNC);
6843 dissect_smb2_DHnC_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
6845 report_create_context_malformed_buffer(tvb, pinfo, tree, "DHnC Response");
6849 * SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2
6855 * SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2
6859 * SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2
6864 * SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2
6867 #define SMB2_DH2X_FLAGS_PERSISTENT_HANDLE 0x00000002
6870 dissect_smb2_DH2Q_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6872 static const int *dh2x_flags_fields[] = {
6873 &hf_smb2_dh2x_buffer_flags_persistent_handle,
6878 proto_item *sub_tree;
6880 item = proto_tree_get_parent(tree);
6882 proto_item_append_text(item, ": DH2Q Request");
6883 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2Q_buffer, NULL, "DH2Q Request");
6886 proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_timeout, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6890 proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_dh2x_buffer_flags,
6891 ett_smb2_dh2x_flags, dh2x_flags_fields, ENC_LITTLE_ENDIAN);
6895 proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_reserved, tvb, offset, 8, ENC_LITTLE_ENDIAN);
6899 proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_create_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6903 dissect_smb2_DH2Q_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6907 proto_item *sub_tree;
6909 item = proto_tree_get_parent(tree);
6911 proto_item_append_text(item, ": DH2Q Response");
6912 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2Q_buffer, NULL, "DH2Q Response");
6915 proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_timeout, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6919 proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6923 dissect_smb2_DH2C_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
6927 proto_item *sub_tree;
6929 item = proto_tree_get_parent(tree);
6931 proto_item_append_text(item, ": DH2C Request");
6932 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2C_buffer, NULL, "DH2C Request");
6935 dissect_smb2_fid(tvb, pinfo, sub_tree, offset, si, FID_MODE_DHNC);
6939 proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_create_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
6943 proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
6947 dissect_smb2_DH2C_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
6949 report_create_context_malformed_buffer(tvb, pinfo, tree, "DH2C Response");
6953 dissect_smb2_MxAc_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6956 proto_item *item = NULL;
6959 item = proto_tree_get_parent(tree);
6962 if (tvb_reported_length(tvb) == 0) {
6964 proto_item_append_text(item, ": NO DATA");
6970 proto_item_append_text(item, ": Timestamp");
6973 dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_mxac_timestamp);
6977 dissect_smb2_MxAc_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
6981 proto_tree *sub_tree;
6983 item = proto_tree_get_parent(tree);
6985 if (tvb_reported_length(tvb) == 0) {
6986 proto_item_append_text(item, ": NO DATA");
6990 proto_item_append_text(item, ": MxAc INFO");
6991 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_MxAc_buffer, NULL, "MxAc INFO");
6993 proto_tree_add_item(sub_tree, hf_smb2_mxac_status, tvb, offset, 4, ENC_BIG_ENDIAN);
6996 dissect_smb_access_mask(tvb, sub_tree, offset);
7000 * SMB2_CREATE_REQUEST_LEASE 32
7004 * 8 - lease duration
7006 * SMB2_CREATE_REQUEST_LEASE_V2 52
7010 * 8 - lease duration
7011 * 16 - parent lease key
7015 #define SMB2_LEASE_STATE_READ_CACHING 0x00000001
7016 #define SMB2_LEASE_STATE_HANDLE_CACHING 0x00000002
7017 #define SMB2_LEASE_STATE_WRITE_CACHING 0x00000004
7019 #define SMB2_LEASE_FLAGS_BREAK_ACK_REQUIRED 0x00000001
7020 #define SMB2_LEASE_FLAGS_BREAK_IN_PROGRESS 0x00000002
7021 #define SMB2_LEASE_FLAGS_PARENT_LEASE_KEY_SET 0x00000004
7023 static const int *lease_state_fields[] = {
7024 &hf_smb2_lease_state_read_caching,
7025 &hf_smb2_lease_state_handle_caching,
7026 &hf_smb2_lease_state_write_caching,
7029 static const int *lease_flags_fields[] = {
7030 &hf_smb2_lease_flags_break_ack_required,
7031 &hf_smb2_lease_flags_break_in_progress,
7032 &hf_smb2_lease_flags_parent_lease_key_set,
7037 dissect_SMB2_CREATE_LEASE_VX(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
7041 proto_tree *sub_tree = NULL;
7042 proto_item *parent_item;
7044 parent_item = proto_tree_get_parent(parent_tree);
7046 len = tvb_reported_length(tvb);
7049 case 32: /* SMB2_CREATE_REQUEST/RESPONSE_LEASE */
7050 proto_item_append_text(parent_item, ": LEASE_V1");
7051 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_RqLs_buffer, NULL, "LEASE_V1");
7053 case 52: /* SMB2_CREATE_REQUEST/RESPONSE_LEASE_V2 */
7054 proto_item_append_text(parent_item, ": LEASE_V2");
7055 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_RqLs_buffer, NULL, "LEASE_V2");
7058 report_create_context_malformed_buffer(tvb, pinfo, parent_tree, "RqLs");
7062 proto_tree_add_item(sub_tree, hf_smb2_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
7065 proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_lease_state,
7066 ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
7069 proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_lease_flags,
7070 ett_smb2_lease_flags, lease_flags_fields, ENC_LITTLE_ENDIAN);
7073 proto_tree_add_item(sub_tree, hf_smb2_lease_duration, tvb, offset, 8, ENC_LITTLE_ENDIAN);
7080 proto_tree_add_item(sub_tree, hf_smb2_parent_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
7083 proto_tree_add_item(sub_tree, hf_smb2_lease_epoch, tvb, offset, 2, ENC_LITTLE_ENDIAN);
7086 proto_tree_add_item(sub_tree, hf_smb2_lease_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
7090 dissect_smb2_RqLs_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
7092 dissect_SMB2_CREATE_LEASE_VX(tvb, pinfo, tree, si);
7096 dissect_smb2_RqLs_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
7098 dissect_SMB2_CREATE_LEASE_VX(tvb, pinfo, tree, si);
7102 * SMB2_CREATE_APP_INSTANCE_ID
7103 * 2 - structure size - 20
7105 * 16 - application guid
7109 dissect_smb2_APP_INSTANCE_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
7113 proto_item *sub_tree;
7115 item = proto_tree_get_parent(tree);
7117 proto_item_append_text(item, ": CREATE APP INSTANCE ID");
7118 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_APP_INSTANCE_buffer, NULL, "APP INSTANCE ID");
7121 proto_tree_add_item(sub_tree, hf_smb2_APP_INSTANCE_buffer_struct_size,
7122 tvb, offset, 2, ENC_LITTLE_ENDIAN);
7126 proto_tree_add_item(sub_tree, hf_smb2_APP_INSTANCE_buffer_reserved,
7127 tvb, offset, 2, ENC_LITTLE_ENDIAN);
7131 proto_tree_add_item(sub_tree, hf_smb2_APP_INSTANCE_buffer_app_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
7135 dissect_smb2_APP_INSTANCE_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
7137 report_create_context_malformed_buffer(tvb, pinfo, tree, "APP INSTANCE Response");
7141 * Dissect the MS-RSVD stuff that turns up when HyperV uses SMB3.x
7144 dissect_smb2_svhdx_open_device_context(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
7149 proto_item *sub_tree;
7151 item = proto_tree_get_parent(tree);
7153 proto_item_append_text(item, ": SVHDX OPEN DEVICE CONTEXT");
7154 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_svhdx_open_device_context, NULL, "SVHDX OPEN DEVICE CONTEXT");
7157 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_svhdx_open_device_context_version,
7158 tvb, offset, 4, ENC_LITTLE_ENDIAN, &version);
7161 /* HasInitiatorId */
7162 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_has_initiator_id,
7163 tvb, offset, 1, ENC_LITTLE_ENDIAN);
7167 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_reserved,
7168 tvb, offset, 3, ENC_NA);
7172 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_id,
7173 tvb, offset, 16, ENC_LITTLE_ENDIAN);
7176 /* Flags TODO: Dissect these*/
7177 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_flags,
7178 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7181 /* OriginatorFlags */
7182 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_originator_flags,
7183 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7187 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_open_request_id,
7188 tvb, offset, 8, ENC_LITTLE_ENDIAN);
7191 /* InitiatorHostNameLength */
7192 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_host_name_len,
7193 tvb, offset, 2, ENC_LITTLE_ENDIAN);
7196 /* InitiatorHostName */
7197 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_host_name,
7198 tvb, offset, 126, ENC_ASCII | ENC_NA);
7202 /* VirtualDiskPropertiesInitialized */
7203 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_virtual_disk_properties_initialized,
7204 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7207 /* ServerServiceVersion */
7208 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_server_service_version,
7209 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7212 /* VirtualSectorSize */
7213 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_virtual_sector_size,
7214 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7217 /* PhysicalSectorSize */
7218 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_physical_sector_size,
7219 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7223 proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_virtual_size,
7224 tvb, offset, 8, ENC_LITTLE_ENDIAN);
7228 static const int *posix_flags_fields[] = {
7229 &hf_smb2_posix_v1_case_sensitive,
7230 &hf_smb2_posix_v1_posix_lock,
7231 &hf_smb2_posix_v1_posix_file_semantics,
7232 &hf_smb2_posix_v1_posix_utf8_paths,
7233 &hf_smb2_posix_v1_posix_will_convert_nt_acls,
7234 &hf_smb2_posix_v1_posix_fileinfo,
7235 &hf_smb2_posix_v1_posix_acls,
7236 &hf_smb2_posix_v1_rich_acls,
7241 dissect_smb2_posix_v1_caps_request(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
7245 proto_item *sub_tree;
7247 item = proto_tree_get_parent(tree);
7249 proto_item_append_text(item, ": POSIX V1 CAPS request");
7250 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_posix_v1_request, NULL, "POSIX_V1_REQUEST");
7253 proto_tree_add_item(sub_tree, hf_smb2_posix_v1_version,
7254 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7258 proto_tree_add_item(sub_tree, hf_smb2_posix_v1_request,
7259 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7263 dissect_smb2_posix_v1_caps_response(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
7267 proto_item *sub_tree;
7269 item = proto_tree_get_parent(tree);
7271 proto_item_append_text(item, ": POSIX V1 CAPS response");
7272 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_posix_v1_response, NULL, "POSIX_V1_RESPONSE");
7275 proto_tree_add_item(sub_tree, hf_smb2_posix_v1_version,
7276 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7279 /* Supported Features */
7280 proto_tree_add_bitmask(sub_tree, tvb, offset,
7281 hf_smb2_posix_v1_supported_features,
7282 ett_smb2_posix_v1_supported_features,
7283 posix_flags_fields, ENC_LITTLE_ENDIAN);
7287 #define SMB2_AAPL_SERVER_QUERY 1
7288 #define SMB2_AAPL_RESOLVE_ID 2
7290 static const value_string aapl_command_code_vals[] = {
7291 { SMB2_AAPL_SERVER_QUERY, "Server query"},
7292 { SMB2_AAPL_RESOLVE_ID, "Resolve ID"},
7296 #define SMB2_AAPL_SERVER_CAPS 0x00000001
7297 #define SMB2_AAPL_VOLUME_CAPS 0x00000002
7298 #define SMB2_AAPL_MODEL_INFO 0x00000004
7300 static const int *aapl_server_query_bitmap_fields[] = {
7301 &hf_smb2_aapl_server_query_bitmask_server_caps,
7302 &hf_smb2_aapl_server_query_bitmask_volume_caps,
7303 &hf_smb2_aapl_server_query_bitmask_model_info,
7307 #define SMB2_AAPL_SUPPORTS_READ_DIR_ATTR 0x00000001
7308 #define SMB2_AAPL_SUPPORTS_OSX_COPYFILE 0x00000002
7309 #define SMB2_AAPL_UNIX_BASED 0x00000004
7310 #define SMB2_AAPL_SUPPORTS_NFS_ACE 0x00000008
7312 static const int *aapl_server_query_caps_fields[] = {
7313 &hf_smb2_aapl_server_query_caps_supports_read_dir_attr,
7314 &hf_smb2_aapl_server_query_caps_supports_osx_copyfile,
7315 &hf_smb2_aapl_server_query_caps_unix_based,
7316 &hf_smb2_aapl_server_query_caps_supports_nfs_ace,
7321 dissect_smb2_AAPL_buffer_request(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, smb2_info_t *si _U_)
7325 proto_item *sub_tree;
7326 guint32 command_code;
7328 item = proto_tree_get_parent(tree);
7330 proto_item_append_text(item, ": AAPL Create Context request");
7331 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_aapl_create_context_request, NULL, "AAPL Create Context request");
7334 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_aapl_command_code,
7335 tvb, offset, 4, ENC_LITTLE_ENDIAN, &command_code);
7339 proto_tree_add_item(sub_tree, hf_smb2_aapl_reserved,
7340 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7343 switch (command_code) {
7345 case SMB2_AAPL_SERVER_QUERY:
7346 /* Request bitmap */
7347 proto_tree_add_bitmask(sub_tree, tvb, offset,
7348 hf_smb2_aapl_server_query_bitmask,
7349 ett_smb2_aapl_server_query_bitmask,
7350 aapl_server_query_bitmap_fields,
7354 /* Client capabilities */
7355 proto_tree_add_bitmask(sub_tree, tvb, offset,
7356 hf_smb2_aapl_server_query_caps,
7357 ett_smb2_aapl_server_query_caps,
7358 aapl_server_query_caps_fields,
7362 case SMB2_AAPL_RESOLVE_ID:
7364 proto_tree_add_item(sub_tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
7372 #define SMB2_AAPL_SUPPORTS_RESOLVE_ID 0x00000001
7373 #define SMB2_AAPL_CASE_SENSITIVE 0x00000002
7374 #define SMB2_AAPL_SUPPORTS_FULL_SYNC 0x00000004
7376 static const int *aapl_server_query_volume_caps_fields[] = {
7377 &hf_smb2_aapl_server_query_volume_caps_support_resolve_id,
7378 &hf_smb2_aapl_server_query_volume_caps_case_sensitive,
7379 &hf_smb2_aapl_server_query_volume_caps_supports_full_sync,
7384 dissect_smb2_AAPL_buffer_response(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, smb2_info_t *si _U_)
7388 proto_item *sub_tree;
7389 guint32 command_code;
7390 guint64 server_query_bitmask;
7392 item = proto_tree_get_parent(tree);
7394 proto_item_append_text(item, ": AAPL Create Context response");
7395 sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_aapl_create_context_response, NULL, "AAPL Create Context response");
7398 proto_tree_add_item_ret_uint(sub_tree, hf_smb2_aapl_command_code,
7399 tvb, offset, 4, ENC_LITTLE_ENDIAN, &command_code);
7403 proto_tree_add_item(sub_tree, hf_smb2_aapl_reserved,
7404 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7407 switch (command_code) {
7409 case SMB2_AAPL_SERVER_QUERY:
7411 proto_tree_add_bitmask_ret_uint64(sub_tree, tvb, offset,
7412 hf_smb2_aapl_server_query_bitmask,
7413 ett_smb2_aapl_server_query_bitmask,
7414 aapl_server_query_bitmap_fields,
7416 &server_query_bitmask);
7419 if (server_query_bitmask & SMB2_AAPL_SERVER_CAPS) {
7420 /* Server capabilities */
7421 proto_tree_add_bitmask(sub_tree, tvb, offset,
7422 hf_smb2_aapl_server_query_caps,
7423 ett_smb2_aapl_server_query_caps,
7424 aapl_server_query_caps_fields,
7428 if (server_query_bitmask & SMB2_AAPL_VOLUME_CAPS) {
7429 /* Volume capabilities */
7430 proto_tree_add_bitmask(sub_tree, tvb, offset,
7431 hf_smb2_aapl_server_query_volume_caps,
7432 ett_smb2_aapl_server_query_volume_caps,
7433 aapl_server_query_volume_caps_fields,
7437 if (server_query_bitmask & SMB2_AAPL_MODEL_INFO) {
7442 proto_tree_add_item(sub_tree, hf_smb2_aapl_server_query_model_string,
7444 ENC_UTF_16|ENC_LITTLE_ENDIAN);
7448 case SMB2_AAPL_RESOLVE_ID:
7450 proto_tree_add_item(sub_tree, hf_smb2_nt_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7454 proto_tree_add_item(sub_tree, hf_smb2_aapl_server_query_server_path,
7456 ENC_UTF_16|ENC_LITTLE_ENDIAN);
7464 typedef void (*create_context_data_dissector_t)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si);
7466 typedef struct create_context_data_dissectors {
7467 create_context_data_dissector_t request;
7468 create_context_data_dissector_t response;
7469 } create_context_data_dissectors_t;
7471 struct create_context_data_tag_dissectors {
7474 create_context_data_dissectors_t dissectors;
7477 struct create_context_data_tag_dissectors create_context_dissectors_array[] = {
7478 { "ExtA", "SMB2_CREATE_EA_BUFFER",
7479 { dissect_smb2_ExtA_buffer_request, dissect_smb2_ExtA_buffer_response } },
7480 { "SecD", "SMB2_CREATE_SD_BUFFER",
7481 { dissect_smb2_SecD_buffer_request, dissect_smb2_SecD_buffer_response } },
7482 { "AlSi", "SMB2_CREATE_ALLOCATION_SIZE",
7483 { dissect_smb2_AlSi_buffer_request, dissect_smb2_AlSi_buffer_response } },
7484 { "MxAc", "SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST",
7485 { dissect_smb2_MxAc_buffer_request, dissect_smb2_MxAc_buffer_response } },
7486 { "DHnQ", "SMB2_CREATE_DURABLE_HANDLE_REQUEST",
7487 { dissect_smb2_DHnQ_buffer_request, dissect_smb2_DHnQ_buffer_response } },
7488 { "DHnC", "SMB2_CREATE_DURABLE_HANDLE_RECONNECT",
7489 { dissect_smb2_DHnC_buffer_request, dissect_smb2_DHnC_buffer_response } },
7490 { "DH2Q", "SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2",
7491 { dissect_smb2_DH2Q_buffer_request, dissect_smb2_DH2Q_buffer_response } },
7492 { "DH2C", "SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2",
7493 { dissect_smb2_DH2C_buffer_request, dissect_smb2_DH2C_buffer_response } },
7494 { "TWrp", "SMB2_CREATE_TIMEWARP_TOKEN",
7495 { dissect_smb2_TWrp_buffer_request, dissect_smb2_TWrp_buffer_response } },
7496 { "QFid", "SMB2_CREATE_QUERY_ON_DISK_ID",
7497 { dissect_smb2_QFid_buffer_request, dissect_smb2_QFid_buffer_response } },
7498 { "RqLs", "SMB2_CREATE_REQUEST_LEASE",
7499 { dissect_smb2_RqLs_buffer_request, dissect_smb2_RqLs_buffer_response } },
7500 { "744D142E-46FA-0890-4AF7-A7EF6AA6BC45", "SMB2_CREATE_APP_INSTANCE_ID",
7501 { dissect_smb2_APP_INSTANCE_buffer_request, dissect_smb2_APP_INSTANCE_buffer_response } },
7502 { "6aa6bc45-a7ef-4af7-9008-fa462e144d74", "SMB2_CREATE_APP_INSTANCE_ID",
7503 { dissect_smb2_APP_INSTANCE_buffer_request, dissect_smb2_APP_INSTANCE_buffer_response } },
7504 { "9ecfcb9c-c104-43e6-980e-158da1f6ec83", "SVHDX_OPEN_DEVICE_CONTEXT",
7505 { dissect_smb2_svhdx_open_device_context, dissect_smb2_svhdx_open_device_context} },
7506 { "34263501-2921-4912-2586-447794114531", "SMB2_POSIX_V1_CAPS",
7507 { dissect_smb2_posix_v1_caps_request, dissect_smb2_posix_v1_caps_response } },
7508 { "AAPL", "SMB2_AAPL_CREATE_CONTEXT",
7509 { dissect_smb2_AAPL_buffer_request, dissect_smb2_AAPL_buffer_response } },
7512 static struct create_context_data_tag_dissectors*
7513 get_create_context_data_tag_dissectors(const char *tag)
7515 static struct create_context_data_tag_dissectors INVALID = {
7516 NULL, "<invalid>", { NULL, NULL }
7521 for (i = 0; i<array_length(create_context_dissectors_array); i++) {
7522 if (!strcmp(tag, create_context_dissectors_array[i].tag))
7523 return &create_context_dissectors_array[i];
7529 dissect_smb2_create_extra_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, smb2_info_t *si)
7531 offset_length_buffer_t tag_olb;
7532 offset_length_buffer_t data_olb;
7534 guint16 chain_offset;
7537 proto_item *sub_item;
7538 proto_tree *sub_tree;
7539 proto_item *parent_item = NULL;
7540 create_context_data_dissectors_t *dissectors = NULL;
7541 create_context_data_dissector_t dissector = NULL;
7542 struct create_context_data_tag_dissectors *tag_dissectors;
7544 chain_offset = tvb_get_letohl(tvb, offset);
7549 sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_smb2_create_chain_element, &sub_item, "Chain Element");
7550 parent_item = proto_tree_get_parent(parent_tree);
7553 proto_tree_add_item(sub_tree, hf_smb2_create_chain_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7556 /* tag offset/length */
7557 offset = dissect_smb2_olb_length_offset(tvb, offset, &tag_olb, OLB_O_UINT16_S_UINT32, hf_smb2_tag);
7559 /* data offset/length */
7560 dissect_smb2_olb_length_offset(tvb, offset, &data_olb, OLB_O_UINT16_S_UINT32, hf_smb2_create_chain_data);
7563 * These things are all either 4-char strings, like DH2C, or GUIDs,
7564 * however, at least one of them appears to be a GUID as a string and
7565 * one appears to be a binary guid. So, check if the the length is
7566 * 16, and if so, pull the GUID and convert it to a string. Otherwise
7567 * call dissect_smb2_olb_string.
7569 if (tag_olb.len == 16) {
7571 proto_item *tag_item;
7572 proto_tree *tag_tree;
7574 tvb_get_letohguid(tvb, tag_olb.off, &tag_guid);
7575 tag = guid_to_str(wmem_packet_scope(), &tag_guid);
7577 tag_item = proto_tree_add_string(sub_tree, tag_olb.hfindex, tvb, tag_olb.off, tag_olb.len, tag);
7578 tag_tree = proto_item_add_subtree(tag_item, ett_smb2_olb);
7579 proto_tree_add_item(tag_tree, hf_smb2_olb_offset, tvb, tag_olb.off_offset, 2, ENC_LITTLE_ENDIAN);
7580 proto_tree_add_item(tag_tree, hf_smb2_olb_length, tvb, tag_olb.len_offset, 2, ENC_LITTLE_ENDIAN);
7584 tag = dissect_smb2_olb_string(pinfo, sub_tree, tvb, &tag_olb, OLB_TYPE_ASCII_STRING);
7587 tag_dissectors = get_create_context_data_tag_dissectors(tag);
7589 proto_item_append_text(parent_item, " %s", tag_dissectors->val);
7590 proto_item_append_text(sub_item, ": %s \"%s\"", tag_dissectors->val, tag);
7593 dissectors = &tag_dissectors->dissectors;
7595 dissector = (si->flags & SMB2_FLAGS_RESPONSE) ? dissectors->response : dissectors->request;
7597 dissect_smb2_olb_buffer(pinfo, sub_tree, tvb, &data_olb, si, dissector);
7600 tvbuff_t *chain_tvb;
7601 chain_tvb = tvb_new_subset_remaining(tvb, chain_offset);
7603 /* next extra info */
7604 dissect_smb2_create_extra_info(chain_tvb, pinfo, parent_tree, si);
7609 dissect_smb2_create_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
7611 offset_length_buffer_t f_olb, e_olb;
7615 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
7617 /* security flags */
7621 offset = dissect_smb2_oplock(tree, tvb, offset);
7623 /* impersonation level */
7624 proto_tree_add_item(tree, hf_smb2_impersonation_level, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7628 proto_tree_add_item(tree, hf_smb2_create_flags, tvb, offset, 8, ENC_LITTLE_ENDIAN);
7632 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 8, ENC_NA);
7636 offset = dissect_smb_access_mask(tvb, tree, offset);
7638 /* File Attributes */
7639 offset = dissect_file_ext_attr(tvb, tree, offset);
7642 offset = dissect_nt_share_access(tvb, tree, offset);
7644 /* create disposition */
7645 proto_tree_add_item(tree, hf_smb2_create_disposition, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7648 /* create options */
7649 offset = dissect_nt_create_options(tvb, tree, offset);
7651 /* filename offset/length */
7652 offset = dissect_smb2_olb_length_offset(tvb, offset, &f_olb, OLB_O_UINT16_S_UINT16, hf_smb2_filename);
7654 /* extrainfo offset */
7655 offset = dissect_smb2_olb_length_offset(tvb, offset, &e_olb, OLB_O_UINT32_S_UINT32, hf_smb2_extrainfo);
7657 /* filename string */
7658 fname = dissect_smb2_olb_string(pinfo, tree, tvb, &f_olb, OLB_TYPE_UNICODE_STRING);
7659 col_append_fstr(pinfo->cinfo, COL_INFO, " File: %s", fname);
7661 /* save the name if it looks sane */
7662 if (!pinfo->fd->flags.visited) {
7663 if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
7664 g_free(si->saved->extra_info);
7665 si->saved->extra_info = NULL;
7666 si->saved->extra_info_type = SMB2_EI_NONE;
7668 if (si->saved && f_olb.len && f_olb.len<256) {
7669 si->saved->extra_info_type = SMB2_EI_FILENAME;
7670 si->saved->extra_info = (gchar *)g_malloc(f_olb.len+1);
7671 g_snprintf((gchar *)si->saved->extra_info, f_olb.len+1, "%s", fname);
7675 /* If extrainfo_offset is non-null then this points to another
7676 * buffer. The offset is relative to the start of the smb packet
7678 dissect_smb2_olb_buffer(pinfo, tree, tvb, &e_olb, si, dissect_smb2_create_extra_info);
7680 offset = dissect_smb2_olb_tvb_max_offset(offset, &f_olb);
7681 offset = dissect_smb2_olb_tvb_max_offset(offset, &e_olb);
7686 #define SMB2_CREATE_REP_FLAGS_REPARSE_POINT 0x01
7689 dissect_smb2_create_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
7691 guint64 end_of_file;
7693 offset_length_buffer_t e_olb;
7694 static const int *create_rep_flags_fields[] = {
7695 &hf_smb2_create_rep_flags_reparse_point,
7698 gboolean continue_dissection;
7700 switch (si->status) {
7702 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
7703 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
7704 if (!continue_dissection) return offset;
7708 offset = dissect_smb2_oplock(tree, tvb, offset);
7711 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_create_rep_flags,
7712 ett_smb2_create_rep_flags, create_rep_flags_fields, ENC_LITTLE_ENDIAN);
7716 proto_tree_add_item(tree, hf_smb2_create_action, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7720 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp);
7723 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp);
7726 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp);
7729 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp);
7731 /* allocation size */
7732 proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
7736 end_of_file = tvb_get_letoh64(tvb, offset);
7737 if (si->eo_file_info) {
7738 si->eo_file_info->end_of_file = tvb_get_letoh64(tvb, offset);
7740 proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
7743 /* File Attributes */
7744 attr_mask=tvb_get_letohl(tvb, offset);
7745 offset = dissect_file_ext_attr(tvb, tree, offset);
7748 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
7752 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_OPEN);
7754 /* We save this after dissect_smb2_fid just because it would be
7755 possible to have this response without having the mathing request.
7756 In that case the entry in the file info hash table has been created
7757 in dissect_smb2_fid */
7758 if (si->eo_file_info) {
7759 si->eo_file_info->end_of_file = end_of_file;
7760 si->eo_file_info->attr_mask = attr_mask;
7763 /* extrainfo offset */
7764 offset = dissect_smb2_olb_length_offset(tvb, offset, &e_olb, OLB_O_UINT32_S_UINT32, hf_smb2_extrainfo);
7766 /* If extrainfo_offset is non-null then this points to another
7767 * buffer. The offset is relative to the start of the smb packet
7769 dissect_smb2_olb_buffer(pinfo, tree, tvb, &e_olb, si, dissect_smb2_create_extra_info);
7771 offset = dissect_smb2_olb_tvb_max_offset(offset, &e_olb);
7773 /* free si->saved->extra_info we don't need it any more */
7774 if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
7775 g_free(si->saved->extra_info);
7776 si->saved->extra_info = NULL;
7777 si->saved->extra_info_type = SMB2_EI_NONE;
7785 dissect_smb2_setinfo_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
7787 guint32 setinfo_size;
7788 guint16 setinfo_offset;
7791 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
7793 /* class and info level */
7794 offset = dissect_smb2_class_infolevel(pinfo, tvb, offset, tree, si);
7797 setinfo_size = tvb_get_letohl(tvb, offset);
7798 proto_tree_add_item(tree, hf_smb2_setinfo_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7802 setinfo_offset = tvb_get_letohs(tvb, offset);
7803 proto_tree_add_item(tree, hf_smb2_setinfo_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
7806 /* some unknown bytes */
7807 proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 6, ENC_NA);
7811 dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
7815 dissect_smb2_infolevel(tvb, pinfo, tree, setinfo_offset, si, si->saved->smb2_class, si->saved->infolevel);
7816 offset = setinfo_offset + setinfo_size;
7822 dissect_smb2_setinfo_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
7824 gboolean continue_dissection;
7825 /* class/infolevel */
7826 dissect_smb2_class_infolevel(pinfo, tvb, offset, tree, si);
7828 switch (si->status) {
7830 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
7831 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
7832 if (!continue_dissection) return offset;
7839 dissect_smb2_break_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
7841 guint16 buffer_code;
7844 buffer_code = tvb_get_letohs(tvb, offset);
7845 offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
7847 if (buffer_code == 24) {
7851 offset = dissect_smb2_oplock(tree, tvb, offset);
7854 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
7858 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
7862 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
7867 if (buffer_code == 36) {
7868 /* Lease Break Acknowledgment */
7871 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
7875 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_flags,
7876 ett_smb2_lease_flags, lease_flags_fields, ENC_LITTLE_ENDIAN);
7880 proto_tree_add_item(tree, hf_smb2_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
7884 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_state,
7885 ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
7888 proto_tree_add_item(tree, hf_smb2_lease_duration, tvb, offset, 8, ENC_LITTLE_ENDIAN);
7898 dissect_smb2_break_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
7900 guint16 buffer_code;
7901 gboolean continue_dissection;
7904 buffer_code = tvb_get_letohs(tvb, offset);
7905 switch (si->status) {
7906 case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
7907 default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
7908 if (!continue_dissection) return offset;
7911 if (buffer_code == 24) {
7912 /* OPLOCK Break Notification */
7915 offset = dissect_smb2_oplock(tree, tvb, offset);
7918 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
7922 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
7926 offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
7928 /* in break requests from server to client here're 24 byte zero bytes
7929 * which are likely a bug in windows (they may use 2* 24 bytes instead of just
7935 if (buffer_code == 44) {
7938 /* Lease Break Notification */
7940 /* new lease epoch */
7941 proto_tree_add_item(tree, hf_smb2_lease_epoch, tvb, offset, 2, ENC_LITTLE_ENDIAN);
7945 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_flags,
7946 ett_smb2_lease_flags, lease_flags_fields, ENC_LITTLE_ENDIAN);
7950 proto_tree_add_item(tree, hf_smb2_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
7953 /* current lease state */
7954 item = proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_state,
7955 ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
7957 proto_item_prepend_text(item, "Current ");
7961 /* new lease state */
7962 item = proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_state,
7963 ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
7965 proto_item_prepend_text(item, "New ");
7969 /* break reason - reserved */
7970 proto_tree_add_item(tree, hf_smb2_lease_break_reason, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7973 /* access mask hint - reserved */
7974 proto_tree_add_item(tree, hf_smb2_lease_access_mask_hint, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7977 /* share mask hint - reserved */
7978 proto_tree_add_item(tree, hf_smb2_lease_share_mask_hint, tvb, offset, 4, ENC_LITTLE_ENDIAN);
7984 if (buffer_code == 36) {
7985 /* Lease Break Response */
7988 proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
7992 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_flags,
7993 ett_smb2_lease_flags, lease_flags_fields, ENC_LITTLE_ENDIAN);
7997 proto_tree_add_item(tree, hf_smb2_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
8001 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_state,
8002 ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
8005 proto_tree_add_item(tree, hf_smb2_lease_duration, tvb, offset, 8, ENC_LITTLE_ENDIAN);
8014 /* names here are just until we find better names for these functions */
8015 static const value_string smb2_cmd_vals[] = {
8016 { 0x00, "Negotiate Protocol" },
8017 { 0x01, "Session Setup" },
8018 { 0x02, "Session Logoff" },
8019 { 0x03, "Tree Connect" },
8020 { 0x04, "Tree Disconnect" },
8029 { 0x0D, "KeepAlive" },
8032 { 0x10, "GetInfo" },
8033 { 0x11, "SetInfo" },
8035 { 0x13, "unknown-0x13" },
8036 { 0x14, "unknown-0x14" },
8037 { 0x15, "unknown-0x15" },
8038 { 0x16, "unknown-0x16" },
8039 { 0x17, "unknown-0x17" },
8040 { 0x18, "unknown-0x18" },
8041 { 0x19, "unknown-0x19" },
8042 { 0x1A, "unknown-0x1A" },
8043 { 0x1B, "unknown-0x1B" },
8044 { 0x1C, "unknown-0x1C" },
8045 { 0x1D, "unknown-0x1D" },
8046 { 0x1E, "unknown-0x1E" },
8047 { 0x1F, "unknown-0x1F" },
8048 { 0x20, "unknown-0x20" },
8049 { 0x21, "unknown-0x21" },
8050 { 0x22, "unknown-0x22" },
8051 { 0x23, "unknown-0x23" },
8052 { 0x24, "unknown-0x24" },
8053 { 0x25, "unknown-0x25" },
8054 { 0x26, "unknown-0x26" },
8055 { 0x27, "unknown-0x27" },
8056 { 0x28, "unknown-0x28" },
8057 { 0x29, "unknown-0x29" },
8058 { 0x2A, "unknown-0x2A" },
8059 { 0x2B, "unknown-0x2B" },
8060 { 0x2C, "unknown-0x2C" },
8061 { 0x2D, "unknown-0x2D" },
8062 { 0x2E, "unknown-0x2E" },
8063 { 0x2F, "unknown-0x2F" },
8064 { 0x30, "unknown-0x30" },
8065 { 0x31, "unknown-0x31" },
8066 { 0x32, "unknown-0x32" },
8067 { 0x33, "unknown-0x33" },
8068 { 0x34, "unknown-0x34" },
8069 { 0x35, "unknown-0x35" },
8070 { 0x36, "unknown-0x36" },
8071 { 0x37, "unknown-0x37" },
8072 { 0x38, "unknown-0x38" },
8073 { 0x39, "unknown-0x39" },
8074 { 0x3A, "unknown-0x3A" },
8075 { 0x3B, "unknown-0x3B" },
8076 { 0x3C, "unknown-0x3C" },
8077 { 0x3D, "unknown-0x3D" },
8078 { 0x3E, "unknown-0x3E" },
8079 { 0x3F, "unknown-0x3F" },
8080 { 0x40, "unknown-0x40" },
8081 { 0x41, "unknown-0x41" },
8082 { 0x42, "unknown-0x42" },
8083 { 0x43, "unknown-0x43" },
8084 { 0x44, "unknown-0x44" },
8085 { 0x45, "unknown-0x45" },
8086 { 0x46, "unknown-0x46" },
8087 { 0x47, "unknown-0x47" },
8088 { 0x48, "unknown-0x48" },
8089 { 0x49, "unknown-0x49" },
8090 { 0x4A, "unknown-0x4A" },
8091 { 0x4B, "unknown-0x4B" },
8092 { 0x4C, "unknown-0x4C" },
8093 { 0x4D, "unknown-0x4D" },
8094 { 0x4E, "unknown-0x4E" },
8095 { 0x4F, "unknown-0x4F" },
8096 { 0x50, "unknown-0x50" },
8097 { 0x51, "unknown-0x51" },
8098 { 0x52, "unknown-0x52" },
8099 { 0x53, "unknown-0x53" },
8100 { 0x54, "unknown-0x54" },
8101 { 0x55, "unknown-0x55" },
8102 { 0x56, "unknown-0x56" },
8103 { 0x57, "unknown-0x57" },
8104 { 0x58, "unknown-0x58" },
8105 { 0x59, "unknown-0x59" },
8106 { 0x5A, "unknown-0x5A" },
8107 { 0x5B, "unknown-0x5B" },
8108 { 0x5C, "unknown-0x5C" },
8109 { 0x5D, "unknown-0x5D" },
8110 { 0x5E, "unknown-0x5E" },
8111 { 0x5F, "unknown-0x5F" },
8112 { 0x60, "unknown-0x60" },
8113 { 0x61, "unknown-0x61" },
8114 { 0x62, "unknown-0x62" },
8115 { 0x63, "unknown-0x63" },
8116 { 0x64, "unknown-0x64" },
8117 { 0x65, "unknown-0x65" },
8118 { 0x66, "unknown-0x66" },
8119 { 0x67, "unknown-0x67" },
8120 { 0x68, "unknown-0x68" },
8121 { 0x69, "unknown-0x69" },
8122 { 0x6A, "unknown-0x6A" },
8123 { 0x6B, "unknown-0x6B" },
8124 { 0x6C, "unknown-0x6C" },
8125 { 0x6D, "unknown-0x6D" },
8126 { 0x6E, "unknown-0x6E" },
8127 { 0x6F, "unknown-0x6F" },
8128 { 0x70, "unknown-0x70" },
8129 { 0x71, "unknown-0x71" },
8130 { 0x72, "unknown-0x72" },
8131 { 0x73, "unknown-0x73" },
8132 { 0x74, "unknown-0x74" },
8133 { 0x75, "unknown-0x75" },
8134 { 0x76, "unknown-0x76" },
8135 { 0x77, "unknown-0x77" },
8136 { 0x78, "unknown-0x78" },
8137 { 0x79, "unknown-0x79" },
8138 { 0x7A, "unknown-0x7A" },
8139 { 0x7B, "unknown-0x7B" },
8140 { 0x7C, "unknown-0x7C" },
8141 { 0x7D, "unknown-0x7D" },
8142 { 0x7E, "unknown-0x7E" },
8143 { 0x7F, "unknown-0x7F" },
8144 { 0x80, "unknown-0x80" },
8145 { 0x81, "unknown-0x81" },
8146 { 0x82, "unknown-0x82" },
8147 { 0x83, "unknown-0x83" },
8148 { 0x84, "unknown-0x84" },
8149 { 0x85, "unknown-0x85" },
8150 { 0x86, "unknown-0x86" },
8151 { 0x87, "unknown-0x87" },
8152 { 0x88, "unknown-0x88" },
8153 { 0x89, "unknown-0x89" },
8154 { 0x8A, "unknown-0x8A" },
8155 { 0x8B, "unknown-0x8B" },
8156 { 0x8C, "unknown-0x8C" },
8157 { 0x8D, "unknown-0x8D" },
8158 { 0x8E, "unknown-0x8E" },
8159 { 0x8F, "unknown-0x8F" },
8160 { 0x90, "unknown-0x90" },
8161 { 0x91, "unknown-0x91" },
8162 { 0x92, "unknown-0x92" },
8163 { 0x93, "unknown-0x93" },
8164 { 0x94, "unknown-0x94" },
8165 { 0x95, "unknown-0x95" },
8166 { 0x96, "unknown-0x96" },
8167 { 0x97, "unknown-0x97" },
8168 { 0x98, "unknown-0x98" },
8169 { 0x99, "unknown-0x99" },
8170 { 0x9A, "unknown-0x9A" },
8171 { 0x9B, "unknown-0x9B" },
8172 { 0x9C, "unknown-0x9C" },
8173 { 0x9D, "unknown-0x9D" },
8174 { 0x9E, "unknown-0x9E" },
8175 { 0x9F, "unknown-0x9F" },
8176 { 0xA0, "unknown-0xA0" },
8177 { 0xA1, "unknown-0xA1" },
8178 { 0xA2, "unknown-0xA2" },
8179 { 0xA3, "unknown-0xA3" },
8180 { 0xA4, "unknown-0xA4" },
8181 { 0xA5, "unknown-0xA5" },
8182 { 0xA6, "unknown-0xA6" },
8183 { 0xA7, "unknown-0xA7" },
8184 { 0xA8, "unknown-0xA8" },
8185 { 0xA9, "unknown-0xA9" },
8186 { 0xAA, "unknown-0xAA" },
8187 { 0xAB, "unknown-0xAB" },
8188 { 0xAC, "unknown-0xAC" },
8189 { 0xAD, "unknown-0xAD" },
8190 { 0xAE, "unknown-0xAE" },
8191 { 0xAF, "unknown-0xAF" },
8192 { 0xB0, "unknown-0xB0" },
8193 { 0xB1, "unknown-0xB1" },
8194 { 0xB2, "unknown-0xB2" },
8195 { 0xB3, "unknown-0xB3" },
8196 { 0xB4, "unknown-0xB4" },
8197 { 0xB5, "unknown-0xB5" },
8198 { 0xB6, "unknown-0xB6" },
8199 { 0xB7, "unknown-0xB7" },
8200 { 0xB8, "unknown-0xB8" },
8201 { 0xB9, "unknown-0xB9" },
8202 { 0xBA, "unknown-0xBA" },
8203 { 0xBB, "unknown-0xBB" },
8204 { 0xBC, "unknown-0xBC" },
8205 { 0xBD, "unknown-0xBD" },
8206 { 0xBE, "unknown-0xBE" },
8207 { 0xBF, "unknown-0xBF" },
8208 { 0xC0, "unknown-0xC0" },
8209 { 0xC1, "unknown-0xC1" },
8210 { 0xC2, "unknown-0xC2" },
8211 { 0xC3, "unknown-0xC3" },
8212 { 0xC4, "unknown-0xC4" },
8213 { 0xC5, "unknown-0xC5" },
8214 { 0xC6, "unknown-0xC6" },
8215 { 0xC7, "unknown-0xC7" },
8216 { 0xC8, "unknown-0xC8" },
8217 { 0xC9, "unknown-0xC9" },
8218 { 0xCA, "unknown-0xCA" },
8219 { 0xCB, "unknown-0xCB" },
8220 { 0xCC, "unknown-0xCC" },
8221 { 0xCD, "unknown-0xCD" },
8222 { 0xCE, "unknown-0xCE" },
8223 { 0xCF, "unknown-0xCF" },
8224 { 0xD0, "unknown-0xD0" },
8225 { 0xD1, "unknown-0xD1" },
8226 { 0xD2, "unknown-0xD2" },
8227 { 0xD3, "unknown-0xD3" },
8228 { 0xD4, "unknown-0xD4" },
8229 { 0xD5, "unknown-0xD5" },
8230 { 0xD6, "unknown-0xD6" },
8231 { 0xD7, "unknown-0xD7" },
8232 { 0xD8, "unknown-0xD8" },
8233 { 0xD9, "unknown-0xD9" },
8234 { 0xDA, "unknown-0xDA" },
8235 { 0xDB, "unknown-0xDB" },
8236 { 0xDC, "unknown-0xDC" },
8237 { 0xDD, "unknown-0xDD" },
8238 { 0xDE, "unknown-0xDE" },
8239 { 0xDF, "unknown-0xDF" },
8240 { 0xE0, "unknown-0xE0" },
8241 { 0xE1, "unknown-0xE1" },
8242 { 0xE2, "unknown-0xE2" },
8243 { 0xE3, "unknown-0xE3" },
8244 { 0xE4, "unknown-0xE4" },
8245 { 0xE5, "unknown-0xE5" },
8246 { 0xE6, "unknown-0xE6" },
8247 { 0xE7, "unknown-0xE7" },
8248 { 0xE8, "unknown-0xE8" },
8249 { 0xE9, "unknown-0xE9" },
8250 { 0xEA, "unknown-0xEA" },
8251 { 0xEB, "unknown-0xEB" },
8252 { 0xEC, "unknown-0xEC" },
8253 { 0xED, "unknown-0xED" },
8254 { 0xEE, "unknown-0xEE" },
8255 { 0xEF, "unknown-0xEF" },
8256 { 0xF0, "unknown-0xF0" },
8257 { 0xF1, "unknown-0xF1" },
8258 { 0xF2, "unknown-0xF2" },
8259 { 0xF3, "unknown-0xF3" },
8260 { 0xF4, "unknown-0xF4" },
8261 { 0xF5, "unknown-0xF5" },
8262 { 0xF6, "unknown-0xF6" },
8263 { 0xF7, "unknown-0xF7" },
8264 { 0xF8, "unknown-0xF8" },
8265 { 0xF9, "unknown-0xF9" },
8266 { 0xFA, "unknown-0xFA" },
8267 { 0xFB, "unknown-0xFB" },
8268 { 0xFC, "unknown-0xFC" },
8269 { 0xFD, "unknown-0xFD" },
8270 { 0xFE, "unknown-0xFE" },
8271 { 0xFF, "unknown-0xFF" },
8274 value_string_ext smb2_cmd_vals_ext = VALUE_STRING_EXT_INIT(smb2_cmd_vals);
8276 static const char *decode_smb2_name(guint16 cmd)
8278 if (cmd > 0xFF) return "unknown";
8279 return(smb2_cmd_vals[cmd & 0xFF].strptr);
8282 static smb2_function smb2_dissector[256] = {
8283 /* 0x00 NegotiateProtocol*/
8284 {dissect_smb2_negotiate_protocol_request,
8285 dissect_smb2_negotiate_protocol_response},
8286 /* 0x01 SessionSetup*/
8287 {dissect_smb2_session_setup_request,
8288 dissect_smb2_session_setup_response},
8289 /* 0x02 SessionLogoff*/
8290 {dissect_smb2_sessionlogoff_request,
8291 dissect_smb2_sessionlogoff_response},
8292 /* 0x03 TreeConnect*/
8293 {dissect_smb2_tree_connect_request,
8294 dissect_smb2_tree_connect_response},
8295 /* 0x04 TreeDisconnect*/
8296 {dissect_smb2_tree_disconnect_request,
8297 dissect_smb2_tree_disconnect_response},
8299 {dissect_smb2_create_request,
8300 dissect_smb2_create_response},
8302 {dissect_smb2_close_request,
8303 dissect_smb2_close_response},
8305 {dissect_smb2_flush_request,
8306 dissect_smb2_flush_response},
8308 {dissect_smb2_read_request,
8309 dissect_smb2_read_response},
8311 {dissect_smb2_write_request,
8312 dissect_smb2_write_response},
8314 {dissect_smb2_lock_request,
8315 dissect_smb2_lock_response},
8317 {dissect_smb2_ioctl_request,
8318 dissect_smb2_ioctl_response},
8320 {dissect_smb2_cancel_request,
8323 {dissect_smb2_keepalive_request,
8324 dissect_smb2_keepalive_response},
8326 {dissect_smb2_find_request,
8327 dissect_smb2_find_response},
8329 {dissect_smb2_notify_request,
8330 dissect_smb2_notify_response},
8332 {dissect_smb2_getinfo_request,
8333 dissect_smb2_getinfo_response},
8335 {dissect_smb2_setinfo_request,
8336 dissect_smb2_setinfo_response},
8338 {dissect_smb2_break_request,
8339 dissect_smb2_break_response},
8340 /* 0x13 */ {NULL, NULL},
8341 /* 0x14 */ {NULL, NULL},
8342 /* 0x15 */ {NULL, NULL},
8343 /* 0x16 */ {NULL, NULL},
8344 /* 0x17 */ {NULL, NULL},
8345 /* 0x18 */ {NULL, NULL},
8346 /* 0x19 */ {NULL, NULL},
8347 /* 0x1a */ {NULL, NULL},
8348 /* 0x1b */ {NULL, NULL},
8349 /* 0x1c */ {NULL, NULL},
8350 /* 0x1d */ {NULL, NULL},
8351 /* 0x1e */ {NULL, NULL},
8352 /* 0x1f */ {NULL, NULL},
8353 /* 0x20 */ {NULL, NULL},
8354 /* 0x21 */ {NULL, NULL},
8355 /* 0x22 */ {NULL, NULL},
8356 /* 0x23 */ {NULL, NULL},
8357 /* 0x24 */ {NULL, NULL},
8358 /* 0x25 */ {NULL, NULL},
8359 /* 0x26 */ {NULL, NULL},
8360 /* 0x27 */ {NULL, NULL},
8361 /* 0x28 */ {NULL, NULL},
8362 /* 0x29 */ {NULL, NULL},
8363 /* 0x2a */ {NULL, NULL},
8364 /* 0x2b */ {NULL, NULL},
8365 /* 0x2c */ {NULL, NULL},
8366 /* 0x2d */ {NULL, NULL},
8367 /* 0x2e */ {NULL, NULL},
8368 /* 0x2f */ {NULL, NULL},
8369 /* 0x30 */ {NULL, NULL},
8370 /* 0x31 */ {NULL, NULL},
8371 /* 0x32 */ {NULL, NULL},
8372 /* 0x33 */ {NULL, NULL},
8373 /* 0x34 */ {NULL, NULL},
8374 /* 0x35 */ {NULL, NULL},
8375 /* 0x36 */ {NULL, NULL},
8376 /* 0x37 */ {NULL, NULL},
8377 /* 0x38 */ {NULL, NULL},
8378 /* 0x39 */ {NULL, NULL},
8379 /* 0x3a */ {NULL, NULL},
8380 /* 0x3b */ {NULL, NULL},
8381 /* 0x3c */ {NULL, NULL},
8382 /* 0x3d */ {NULL, NULL},
8383 /* 0x3e */ {NULL, NULL},
8384 /* 0x3f */ {NULL, NULL},
8385 /* 0x40 */ {NULL, NULL},
8386 /* 0x41 */ {NULL, NULL},
8387 /* 0x42 */ {NULL, NULL},
8388 /* 0x43 */ {NULL, NULL},
8389 /* 0x44 */ {NULL, NULL},
8390 /* 0x45 */ {NULL, NULL},
8391 /* 0x46 */ {NULL, NULL},
8392 /* 0x47 */ {NULL, NULL},
8393 /* 0x48 */ {NULL, NULL},
8394 /* 0x49 */ {NULL, NULL},
8395 /* 0x4a */ {NULL, NULL},
8396 /* 0x4b */ {NULL, NULL},
8397 /* 0x4c */ {NULL, NULL},
8398 /* 0x4d */ {NULL, NULL},
8399 /* 0x4e */ {NULL, NULL},
8400 /* 0x4f */ {NULL, NULL},
8401 /* 0x50 */ {NULL, NULL},
8402 /* 0x51 */ {NULL, NULL},
8403 /* 0x52 */ {NULL, NULL},
8404 /* 0x53 */ {NULL, NULL},
8405 /* 0x54 */ {NULL, NULL},
8406 /* 0x55 */ {NULL, NULL},
8407 /* 0x56 */ {NULL, NULL},
8408 /* 0x57 */ {NULL, NULL},
8409 /* 0x58 */ {NULL, NULL},
8410 /* 0x59 */ {NULL, NULL},
8411 /* 0x5a */ {NULL, NULL},
8412 /* 0x5b */ {NULL, NULL},
8413 /* 0x5c */ {NULL, NULL},
8414 /* 0x5d */ {NULL, NULL},
8415 /* 0x5e */ {NULL, NULL},
8416 /* 0x5f */ {NULL, NULL},
8417 /* 0x60 */ {NULL, NULL},
8418 /* 0x61 */ {NULL, NULL},
8419 /* 0x62 */ {NULL, NULL},
8420 /* 0x63 */ {NULL, NULL},
8421 /* 0x64 */ {NULL, NULL},
8422 /* 0x65 */ {NULL, NULL},
8423 /* 0x66 */ {NULL, NULL},
8424 /* 0x67 */ {NULL, NULL},
8425 /* 0x68 */ {NULL, NULL},
8426 /* 0x69 */ {NULL, NULL},
8427 /* 0x6a */ {NULL, NULL},
8428 /* 0x6b */ {NULL, NULL},
8429 /* 0x6c */ {NULL, NULL},
8430 /* 0x6d */ {NULL, NULL},
8431 /* 0x6e */ {NULL, NULL},
8432 /* 0x6f */ {NULL, NULL},
8433 /* 0x70 */ {NULL, NULL},
8434 /* 0x71 */ {NULL, NULL},
8435 /* 0x72 */ {NULL, NULL},
8436 /* 0x73 */ {NULL, NULL},
8437 /* 0x74 */ {NULL, NULL},
8438 /* 0x75 */ {NULL, NULL},
8439 /* 0x76 */ {NULL, NULL},
8440 /* 0x77 */ {NULL, NULL},
8441 /* 0x78 */ {NULL, NULL},
8442 /* 0x79 */ {NULL, NULL},
8443 /* 0x7a */ {NULL, NULL},
8444 /* 0x7b */ {NULL, NULL},
8445 /* 0x7c */ {NULL, NULL},
8446 /* 0x7d */ {NULL, NULL},
8447 /* 0x7e */ {NULL, NULL},
8448 /* 0x7f */ {NULL, NULL},
8449 /* 0x80 */ {NULL, NULL},
8450 /* 0x81 */ {NULL, NULL},
8451 /* 0x82 */ {NULL, NULL},
8452 /* 0x83 */ {NULL, NULL},
8453 /* 0x84 */ {NULL, NULL},
8454 /* 0x85 */ {NULL, NULL},
8455 /* 0x86 */ {NULL, NULL},
8456 /* 0x87 */ {NULL, NULL},
8457 /* 0x88 */ {NULL, NULL},
8458 /* 0x89 */ {NULL, NULL},
8459 /* 0x8a */ {NULL, NULL},
8460 /* 0x8b */ {NULL, NULL},
8461 /* 0x8c */ {NULL, NULL},
8462 /* 0x8d */ {NULL, NULL},
8463 /* 0x8e */ {NULL, NULL},
8464 /* 0x8f */ {NULL, NULL},
8465 /* 0x90 */ {NULL, NULL},
8466 /* 0x91 */ {NULL, NULL},
8467 /* 0x92 */ {NULL, NULL},
8468 /* 0x93 */ {NULL, NULL},
8469 /* 0x94 */ {NULL, NULL},
8470 /* 0x95 */ {NULL, NULL},
8471 /* 0x96 */ {NULL, NULL},
8472 /* 0x97 */ {NULL, NULL},
8473 /* 0x98 */ {NULL, NULL},
8474 /* 0x99 */ {NULL, NULL},
8475 /* 0x9a */ {NULL, NULL},
8476 /* 0x9b */ {NULL, NULL},
8477 /* 0x9c */ {NULL, NULL},
8478 /* 0x9d */ {NULL, NULL},
8479 /* 0x9e */ {NULL, NULL},
8480 /* 0x9f */ {NULL, NULL},
8481 /* 0xa0 */ {NULL, NULL},
8482 /* 0xa1 */ {NULL, NULL},
8483 /* 0xa2 */ {NULL, NULL},
8484 /* 0xa3 */ {NULL, NULL},
8485 /* 0xa4 */ {NULL, NULL},
8486 /* 0xa5 */ {NULL, NULL},
8487 /* 0xa6 */ {NULL, NULL},
8488 /* 0xa7 */ {NULL, NULL},
8489 /* 0xa8 */ {NULL, NULL},
8490 /* 0xa9 */ {NULL, NULL},
8491 /* 0xaa */ {NULL, NULL},
8492 /* 0xab */ {NULL, NULL},
8493 /* 0xac */ {NULL, NULL},
8494 /* 0xad */ {NULL, NULL},
8495 /* 0xae */ {NULL, NULL},
8496 /* 0xaf */ {NULL, NULL},
8497 /* 0xb0 */ {NULL, NULL},
8498 /* 0xb1 */ {NULL, NULL},
8499 /* 0xb2 */ {NULL, NULL},
8500 /* 0xb3 */ {NULL, NULL},
8501 /* 0xb4 */ {NULL, NULL},
8502 /* 0xb5 */ {NULL, NULL},
8503 /* 0xb6 */ {NULL, NULL},
8504 /* 0xb7 */ {NULL, NULL},
8505 /* 0xb8 */ {NULL, NULL},
8506 /* 0xb9 */ {NULL, NULL},
8507 /* 0xba */ {NULL, NULL},
8508 /* 0xbb */ {NULL, NULL},
8509 /* 0xbc */ {NULL, NULL},
8510 /* 0xbd */ {NULL, NULL},
8511 /* 0xbe */ {NULL, NULL},
8512 /* 0xbf */ {NULL, NULL},
8513 /* 0xc0 */ {NULL, NULL},
8514 /* 0xc1 */ {NULL, NULL},
8515 /* 0xc2 */ {NULL, NULL},
8516 /* 0xc3 */ {NULL, NULL},
8517 /* 0xc4 */ {NULL, NULL},
8518 /* 0xc5 */ {NULL, NULL},
8519 /* 0xc6 */ {NULL, NULL},
8520 /* 0xc7 */ {NULL, NULL},
8521 /* 0xc8 */ {NULL, NULL},
8522 /* 0xc9 */ {NULL, NULL},
8523 /* 0xca */ {NULL, NULL},
8524 /* 0xcb */ {NULL, NULL},
8525 /* 0xcc */ {NULL, NULL},
8526 /* 0xcd */ {NULL, NULL},
8527 /* 0xce */ {NULL, NULL},
8528 /* 0xcf */ {NULL, NULL},
8529 /* 0xd0 */ {NULL, NULL},
8530 /* 0xd1 */ {NULL, NULL},
8531 /* 0xd2 */ {NULL, NULL},
8532 /* 0xd3 */ {NULL, NULL},
8533 /* 0xd4 */ {NULL, NULL},
8534 /* 0xd5 */ {NULL, NULL},
8535 /* 0xd6 */ {NULL, NULL},
8536 /* 0xd7 */ {NULL, NULL},
8537 /* 0xd8 */ {NULL, NULL},
8538 /* 0xd9 */ {NULL, NULL},
8539 /* 0xda */ {NULL, NULL},
8540 /* 0xdb */ {NULL, NULL},
8541 /* 0xdc */ {NULL, NULL},
8542 /* 0xdd */ {NULL, NULL},
8543 /* 0xde */ {NULL, NULL},
8544 /* 0xdf */ {NULL, NULL},
8545 /* 0xe0 */ {NULL, NULL},
8546 /* 0xe1 */ {NULL, NULL},
8547 /* 0xe2 */ {NULL, NULL},
8548 /* 0xe3 */ {NULL, NULL},
8549 /* 0xe4 */ {NULL, NULL},
8550 /* 0xe5 */ {NULL, NULL},
8551 /* 0xe6 */ {NULL, NULL},
8552 /* 0xe7 */ {NULL, NULL},
8553 /* 0xe8 */ {NULL, NULL},
8554 /* 0xe9 */ {NULL, NULL},
8555 /* 0xea */ {NULL, NULL},
8556 /* 0xeb */ {NULL, NULL},
8557 /* 0xec */ {NULL, NULL},
8558 /* 0xed */ {NULL, NULL},
8559 /* 0xee */ {NULL, NULL},
8560 /* 0xef */ {NULL, NULL},
8561 /* 0xf0 */ {NULL, NULL},
8562 /* 0xf1 */ {NULL, NULL},
8563 /* 0xf2 */ {NULL, NULL},
8564 /* 0xf3 */ {NULL, NULL},
8565 /* 0xf4 */ {NULL, NULL},
8566 /* 0xf5 */ {NULL, NULL},
8567 /* 0xf6 */ {NULL, NULL},
8568 /* 0xf7 */ {NULL, NULL},
8569 /* 0xf8 */ {NULL, NULL},
8570 /* 0xf9 */ {NULL, NULL},
8571 /* 0xfa */ {NULL, NULL},
8572 /* 0xfb */ {NULL, NULL},
8573 /* 0xfc */ {NULL, NULL},
8574 /* 0xfd */ {NULL, NULL},
8575 /* 0xfe */ {NULL, NULL},
8576 /* 0xff */ {NULL, NULL},
8580 #define ENC_ALG_aes128_ccm 0x0001
8583 dissect_smb2_transform_header(packet_info *pinfo, proto_tree *tree,
8584 tvbuff_t *tvb, int offset,
8585 smb2_transform_info_t *sti,
8586 tvbuff_t **enc_tvb, tvbuff_t **plain_tvb)
8588 proto_item *sesid_item = NULL;
8589 proto_tree *sesid_tree = NULL;
8590 smb2_sesid_info_t sesid_key;
8592 guint8 *plain_data = NULL;
8593 guint8 *decryption_key = NULL;
8596 static const int *sf_fields[] = {
8597 &hf_smb2_encryption_aes128_ccm,
8605 proto_tree_add_item(tree, hf_smb2_transform_signature, tvb, offset, 16, ENC_NA);
8609 proto_tree_add_item(tree, hf_smb2_transform_nonce, tvb, offset, 16, ENC_NA);
8610 tvb_memcpy(tvb, sti->nonce, offset, 16);
8614 proto_tree_add_item(tree, hf_smb2_transform_msg_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
8615 sti->size = tvb_get_letohl(tvb, offset);
8619 proto_tree_add_item(tree, hf_smb2_transform_reserved, tvb, offset, 2, ENC_NA);
8623 proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_transform_enc_alg, ett_smb2_transform_enc_alg, sf_fields, ENC_LITTLE_ENDIAN);
8624 sti->alg = tvb_get_letohs(tvb, offset);
8628 sesid_offset = offset;
8629 sti->sesid = tvb_get_letoh64(tvb, offset);
8630 sesid_item = proto_tree_add_item(tree, hf_smb2_sesid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
8631 sesid_tree = proto_item_add_subtree(sesid_item, ett_smb2_sesid_tree);
8634 /* now we need to first lookup the uid session */
8635 sesid_key.sesid = sti->sesid;
8636 sti->session = (smb2_sesid_info_t *)g_hash_table_lookup(sti->conv->sesids, &sesid_key);
8638 if (sti->session != NULL && sti->session->auth_frame != (guint32)-1) {
8639 item = proto_tree_add_string(sesid_tree, hf_smb2_acct_name, tvb, sesid_offset, 0, sti->session->acct_name);
8640 PROTO_ITEM_SET_GENERATED(item);
8641 proto_item_append_text(sesid_item, " Acct:%s", sti->session->acct_name);
8643 item = proto_tree_add_string(sesid_tree, hf_smb2_domain_name, tvb, sesid_offset, 0, sti->session->domain_name);
8644 PROTO_ITEM_SET_GENERATED(item);
8645 proto_item_append_text(sesid_item, " Domain:%s", sti->session->domain_name);
8647 item = proto_tree_add_string(sesid_tree, hf_smb2_host_name, tvb, sesid_offset, 0, sti->session->host_name);
8648 PROTO_ITEM_SET_GENERATED(item);
8649 proto_item_append_text(sesid_item, " Host:%s", sti->session->host_name);
8651 item = proto_tree_add_uint(sesid_tree, hf_smb2_auth_frame, tvb, sesid_offset, 0, sti->session->auth_frame);
8652 PROTO_ITEM_SET_GENERATED(item);
8655 if (sti->session != NULL && sti->alg == ENC_ALG_aes128_ccm) {
8656 if (pinfo->destport == sti->session->server_port) {
8657 decryption_key = sti->session->server_decryption_key;
8659 decryption_key = sti->session->client_decryption_key;
8662 if (memcmp(decryption_key, zeros, 16) == 0) {
8663 decryption_key = NULL;
8667 if (decryption_key != NULL) {
8668 gcry_cipher_hd_t cipher_hd = NULL;
8670 3, 0, 0, 0, 0, 0, 0, 0,
8671 0, 0, 0, 0, 0, 0, 0, 1
8674 memcpy(&A_1[1], sti->nonce, 15 - 4);
8676 plain_data = (guint8 *)tvb_memdup(pinfo->pool, tvb, offset, sti->size);
8678 /* Open the cipher. */
8679 if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0)) {
8680 wmem_free(pinfo->pool, plain_data);
8682 goto done_decryption;
8685 /* Set the key and initial value. */
8686 if (gcry_cipher_setkey(cipher_hd, decryption_key, 16)) {
8687 gcry_cipher_close(cipher_hd);
8688 wmem_free(pinfo->pool, plain_data);
8690 goto done_decryption;
8692 if (gcry_cipher_setctr(cipher_hd, A_1, 16)) {
8693 gcry_cipher_close(cipher_hd);
8694 wmem_free(pinfo->pool, plain_data);
8696 goto done_decryption;
8699 if (gcry_cipher_encrypt(cipher_hd, plain_data, sti->size, NULL, 0)) {
8700 gcry_cipher_close(cipher_hd);
8701 wmem_free(pinfo->pool, plain_data);
8703 goto done_decryption;
8706 /* Done with the cipher. */
8707 gcry_cipher_close(cipher_hd);
8710 *enc_tvb = tvb_new_subset_length(tvb, offset, sti->size);
8712 if (plain_data != NULL) {
8713 *plain_tvb = tvb_new_child_real_data(*enc_tvb, plain_data, sti->size, sti->size);
8714 add_new_data_source(pinfo, *plain_tvb, "Decrypted SMB3");
8717 offset += sti->size;
8722 dissect_smb2_command(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, smb2_info_t *si)
8724 int (*cmd_dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si);
8725 proto_item *cmd_item;
8726 proto_tree *cmd_tree;
8727 int old_offset = offset;
8729 cmd_tree = proto_tree_add_subtree_format(tree, tvb, offset, -1,
8730 ett_smb2_command, &cmd_item, "%s %s (0x%02x)",
8731 decode_smb2_name(si->opcode),
8732 (si->flags & SMB2_FLAGS_RESPONSE)?"Response":"Request",
8735 cmd_dissector = (si->flags & SMB2_FLAGS_RESPONSE)?
8736 smb2_dissector[si->opcode&0xff].response:
8737 smb2_dissector[si->opcode&0xff].request;
8738 if (cmd_dissector) {
8739 offset = (*cmd_dissector)(tvb, pinfo, cmd_tree, offset, si);
8741 proto_tree_add_item(cmd_tree, hf_smb2_unknown, tvb, offset, -1, ENC_NA);
8742 offset = tvb_captured_length(tvb);
8745 proto_item_set_len(cmd_item, offset-old_offset);
8751 dissect_smb2_tid_sesid(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset, smb2_info_t *si)
8753 proto_item *tid_item = NULL;
8754 proto_tree *tid_tree = NULL;
8755 smb2_tid_info_t tid_key;
8757 proto_item *sesid_item = NULL;
8758 proto_tree *sesid_tree = NULL;
8759 smb2_sesid_info_t sesid_key;
8764 if (si->flags&SMB2_FLAGS_ASYNC_CMD) {
8765 proto_tree_add_item(tree, hf_smb2_aid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
8769 proto_tree_add_item(tree, hf_smb2_pid, tvb, offset, 4, ENC_LITTLE_ENDIAN);
8773 tid_offset = offset;
8774 si->tid = tvb_get_letohl(tvb, offset);
8775 tid_item = proto_tree_add_item(tree, hf_smb2_tid, tvb, offset, 4, ENC_LITTLE_ENDIAN);
8776 tid_tree = proto_item_add_subtree(tid_item, ett_smb2_tid_tree);
8781 sesid_offset = offset;
8782 si->sesid = tvb_get_letoh64(tvb, offset);
8783 sesid_item = proto_tree_add_item(tree, hf_smb2_sesid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
8784 sesid_tree = proto_item_add_subtree(sesid_item, ett_smb2_sesid_tree);
8787 /* now we need to first lookup the uid session */
8788 sesid_key.sesid = si->sesid;
8789 si->session = (smb2_sesid_info_t *)g_hash_table_lookup(si->conv->sesids, &sesid_key);
8791 if (si->opcode != 0x03) return offset;
8793 /* if we come to a session that is unknown, and the operation is
8794 * a tree connect, we create a dummy sessison, so we can hang the
8797 si->session = wmem_new0(wmem_file_scope(), smb2_sesid_info_t);
8798 si->session->sesid = si->sesid;
8799 si->session->auth_frame = (guint32)-1;
8800 si->session->tids = g_hash_table_new(smb2_tid_info_hash, smb2_tid_info_equal);
8801 g_hash_table_insert(si->conv->sesids, si->session, si->session);
8806 if (si->session->auth_frame != (guint32)-1) {
8807 item = proto_tree_add_string(sesid_tree, hf_smb2_acct_name, tvb, sesid_offset, 0, si->session->acct_name);
8808 PROTO_ITEM_SET_GENERATED(item);
8809 proto_item_append_text(sesid_item, " Acct:%s", si->session->acct_name);
8811 item = proto_tree_add_string(sesid_tree, hf_smb2_domain_name, tvb, sesid_offset, 0, si->session->domain_name);
8812 PROTO_ITEM_SET_GENERATED(item);
8813 proto_item_append_text(sesid_item, " Domain:%s", si->session->domain_name);
8815 item = proto_tree_add_string(sesid_tree, hf_smb2_host_name, tvb, sesid_offset, 0, si->session->host_name);
8816 PROTO_ITEM_SET_GENERATED(item);
8817 proto_item_append_text(sesid_item, " Host:%s", si->session->host_name);
8819 item = proto_tree_add_uint(sesid_tree, hf_smb2_auth_frame, tvb, sesid_offset, 0, si->session->auth_frame);
8820 PROTO_ITEM_SET_GENERATED(item);
8823 if (!(si->flags&SMB2_FLAGS_ASYNC_CMD)) {
8824 /* see if we can find the name for this tid */
8825 tid_key.tid = si->tid;
8826 si->tree = (smb2_tid_info_t *)g_hash_table_lookup(si->session->tids, &tid_key);
8827 if (!si->tree) return offset;
8829 item = proto_tree_add_string(tid_tree, hf_smb2_tree, tvb, tid_offset, 4, si->tree->name);
8830 PROTO_ITEM_SET_GENERATED(item);
8831 proto_item_append_text(tid_item, " %s", si->tree->name);
8833 item = proto_tree_add_uint(tid_tree, hf_smb2_share_type, tvb, tid_offset, 0, si->tree->share_type);
8834 PROTO_ITEM_SET_GENERATED(item);
8836 item = proto_tree_add_uint(tid_tree, hf_smb2_tcon_frame, tvb, tid_offset, 0, si->tree->connect_frame);
8837 PROTO_ITEM_SET_GENERATED(item);
8844 dissect_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, gboolean first_in_chain)
8846 gboolean smb2_transform_header = FALSE;
8847 proto_item *msg_id_item;
8848 proto_item *item = NULL;
8849 proto_tree *tree = NULL;
8850 proto_item *header_item = NULL;
8851 proto_tree *header_tree = NULL;
8853 int chain_offset = 0;
8854 const char *label = smb_header_label;
8855 conversation_t *conversation;
8856 smb2_saved_info_t *ssi = NULL, ssi_key;
8858 smb2_transform_info_t *sti;
8860 guint32 open_frame,close_frame;
8861 smb2_eo_file_info_t *eo_file_info;
8862 e_ctx_hnd *policy_hnd_hashtablekey;
8864 sti = wmem_new(wmem_packet_scope(), smb2_transform_info_t);
8865 si = wmem_new0(wmem_packet_scope(), smb2_info_t);
8866 si->top_tree = parent_tree;
8868 if (tvb_get_guint8(tvb, 0) == 0xfd) {
8869 smb2_transform_header = TRUE;
8870 label = smb_transform_header_label;
8872 /* find which conversation we are part of and get the data for that
8875 conversation = find_or_create_conversation(pinfo);
8876 si->conv = (smb2_conv_info_t *)conversation_get_proto_data(conversation, proto_smb2);
8878 /* no smb2_into_t structure for this conversation yet,
8881 si->conv = wmem_new(wmem_file_scope(), smb2_conv_info_t);
8882 /* qqq this leaks memory for now since we never free
8884 si->conv->matched = g_hash_table_new(smb2_saved_info_hash_matched,
8885 smb2_saved_info_equal_matched);
8886 si->conv->unmatched = g_hash_table_new(smb2_saved_info_hash_unmatched,
8887 smb2_saved_info_equal_unmatched);
8888 si->conv->sesids = g_hash_table_new(smb2_sesid_info_hash,
8889 smb2_sesid_info_equal);
8890 si->conv->fids = g_hash_table_new(smb2_fid_info_hash,
8891 smb2_fid_info_equal);
8892 si->conv->files = g_hash_table_new(smb2_eo_files_hash,smb2_eo_files_equal);
8894 /* Bit of a hack to avoid leaking the hash tables - register a
8895 * callback to free them. Ideally wmem would implement a simple
8896 * hash table so we wouldn't have to do this. */
8897 wmem_register_callback(wmem_file_scope(), smb2_conv_destroy,
8900 conversation_add_proto_data(conversation, proto_smb2, si->conv);
8903 sti->conv = si->conv;
8905 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMB2");
8906 if (first_in_chain) {
8908 col_clear(pinfo->cinfo, COL_INFO);
8910 col_append_str(pinfo->cinfo, COL_INFO, ";");
8913 item = proto_tree_add_item(parent_tree, proto_smb2, tvb, offset, -1, ENC_NA);
8914 tree = proto_item_add_subtree(item, ett_smb2);
8916 header_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_header, &header_item, label);
8918 /* Decode the header */
8920 if (!smb2_transform_header) {
8922 proto_tree_add_item(header_tree, hf_smb2_server_component_smb2, tvb, offset, 4, ENC_NA);
8925 /* we need the flags before we know how to parse the credits field */
8926 si->flags = tvb_get_letohl(tvb, offset+12);
8929 proto_tree_add_item(header_tree, hf_smb2_header_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
8932 /* credit charge (previously "epoch" (unused) which has been deprecated as of "SMB 2.1") */
8933 proto_tree_add_item(header_tree, hf_smb2_credit_charge, tvb, offset, 2, ENC_LITTLE_ENDIAN);
8937 if (si->flags & SMB2_FLAGS_RESPONSE) {
8938 si->status = tvb_get_letohl(tvb, offset);
8939 proto_tree_add_item(header_tree, hf_smb2_nt_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
8943 proto_tree_add_item(header_tree, hf_smb2_channel_sequence, tvb, offset, 2, ENC_LITTLE_ENDIAN);
8945 proto_tree_add_item(header_tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
8950 si->opcode = tvb_get_letohs(tvb, offset);
8951 proto_tree_add_item(header_tree, hf_smb2_cmd, tvb, offset, 2, ENC_LITTLE_ENDIAN);
8955 if (si->flags & SMB2_FLAGS_RESPONSE) {
8956 proto_tree_add_item(header_tree, hf_smb2_credits_granted, tvb, offset, 2, ENC_LITTLE_ENDIAN);
8958 proto_tree_add_item(header_tree, hf_smb2_credits_requested, tvb, offset, 2, ENC_LITTLE_ENDIAN);
8964 static const int * flags[] = {
8965 &hf_smb2_flags_response,
8966 &hf_smb2_flags_async_cmd,
8967 &hf_smb2_flags_chained,
8968 &hf_smb2_flags_signature,
8969 &hf_smb2_flags_priority_mask,
8970 &hf_smb2_flags_dfs_op,
8971 &hf_smb2_flags_replay_operation,
8975 proto_tree_add_bitmask(header_tree, tvb, offset, hf_smb2_flags,
8976 ett_smb2_flags, flags, ENC_LITTLE_ENDIAN);
8982 chain_offset = tvb_get_letohl(tvb, offset);
8983 proto_tree_add_item(header_tree, hf_smb2_chain_offset, tvb, offset, 4, ENC_BIG_ENDIAN);
8987 si->msg_id = tvb_get_letoh64(tvb, offset);
8988 ssi_key.msg_id = si->msg_id;
8989 msg_id_item = proto_tree_add_item(header_tree, hf_smb2_msg_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
8990 if (msg_id_item && (si->msg_id == G_GUINT64_CONSTANT(0xFFFFFFFFFFFFFFFF))) {
8991 proto_item_append_text(msg_id_item, " (unsolicited response)");
8995 /* Tree ID and Session ID */
8996 offset = dissect_smb2_tid_sesid(pinfo, header_tree, tvb, offset, si);
8999 proto_tree_add_item(header_tree, hf_smb2_signature, tvb, offset, 16, ENC_NA);
9002 proto_item_set_len(header_item, offset);
9005 col_append_fstr(pinfo->cinfo, COL_INFO, "%s %s",
9006 decode_smb2_name(si->opcode),
9007 (si->flags & SMB2_FLAGS_RESPONSE)?"Response":"Request");
9010 pinfo->cinfo, COL_INFO, ", Error: %s",
9011 val_to_str_ext(si->status, &NT_errors_ext,
9012 "Unknown (0x%08X)"));
9016 if (!pinfo->fd->flags.visited) {
9017 /* see if we can find this msg_id in the unmatched table */
9018 ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->unmatched, &ssi_key);
9020 if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
9021 /* This is a request */
9023 /* this is a request and we already found
9024 * an older ssi so just delete the previous
9027 g_hash_table_remove(si->conv->unmatched, ssi);
9032 /* no we couldn't find it, so just add it then
9033 * if was a request we are decoding
9035 ssi = wmem_new0(wmem_file_scope(), smb2_saved_info_t);
9036 ssi->msg_id = ssi_key.msg_id;
9037 ssi->frame_req = pinfo->num;
9038 ssi->req_time = pinfo->abs_ts;
9039 ssi->extra_info_type = SMB2_EI_NONE;
9040 g_hash_table_insert(si->conv->unmatched, ssi, ssi);
9043 /* This is a response */
9044 if (!((si->flags & SMB2_FLAGS_ASYNC_CMD)
9045 && si->status == NT_STATUS_PENDING)
9047 /* just set the response frame and move it to the matched table */
9048 ssi->frame_res = pinfo->num;
9049 g_hash_table_remove(si->conv->unmatched, ssi);
9050 g_hash_table_insert(si->conv->matched, ssi, ssi);
9054 /* see if we can find this msg_id in the matched table */
9055 ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->matched, &ssi_key);
9056 /* if we couldn't find it in the matched table, it might still
9057 * be in the unmatched table
9060 ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->unmatched, &ssi_key);
9065 if (dcerpc_fetch_polhnd_data(&ssi->policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->num)) {
9066 /* If needed, create the file entry and save the policy hnd */
9067 if (!si->eo_file_info) {
9069 eo_file_info = (smb2_eo_file_info_t *)g_hash_table_lookup(si->conv->files,&ssi->policy_hnd);
9070 if (!eo_file_info) { /* XXX This should never happen */
9072 eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
9073 policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
9074 memcpy(policy_hnd_hashtablekey, &ssi->policy_hnd, sizeof(e_ctx_hnd));
9075 eo_file_info->end_of_file=0;
9076 g_hash_table_insert(si->conv->files,policy_hnd_hashtablekey,eo_file_info);
9078 si->eo_file_info=eo_file_info;
9083 if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
9084 if (ssi->frame_res) {
9085 proto_item *tmp_item;
9086 tmp_item = proto_tree_add_uint(header_tree, hf_smb2_response_in, tvb, 0, 0, ssi->frame_res);
9087 PROTO_ITEM_SET_GENERATED(tmp_item);
9090 if (ssi->frame_req) {
9091 proto_item *tmp_item;
9094 tmp_item = proto_tree_add_uint(header_tree, hf_smb2_response_to, tvb, 0, 0, ssi->frame_req);
9095 PROTO_ITEM_SET_GENERATED(tmp_item);
9097 nstime_delta(&deltat, &t, &ssi->req_time);
9098 tmp_item = proto_tree_add_time(header_tree, hf_smb2_time, tvb,
9100 PROTO_ITEM_SET_GENERATED(tmp_item);
9103 if (si->file != NULL) {
9104 ssi->file = si->file;
9106 si->file = ssi->file;
9109 /* if we don't have ssi yet we must fake it */
9113 tap_queue_packet(smb2_tap, pinfo, si);
9115 /* Decode the payload */
9116 offset = dissect_smb2_command(pinfo, tree, tvb, offset, si);
9118 proto_tree *enc_tree;
9119 tvbuff_t *enc_tvb = NULL;
9120 tvbuff_t *plain_tvb = NULL;
9122 /* SMB2_TRANSFORM marker */
9123 proto_tree_add_item(header_tree, hf_smb2_server_component_smb2_transform, tvb, offset, 4, ENC_NA);
9126 offset = dissect_smb2_transform_header(pinfo, header_tree, tvb, offset, sti,
9127 &enc_tvb, &plain_tvb);
9129 enc_tree = proto_tree_add_subtree(tree, enc_tvb, 0, sti->size, ett_smb2_encrypted, NULL, "Encrypted SMB3 data");
9130 if (plain_tvb != NULL) {
9131 col_append_str(pinfo->cinfo, COL_INFO, "Decrypted SMB3");
9132 dissect_smb2(plain_tvb, pinfo, enc_tree, FALSE);
9134 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted SMB3");
9135 proto_tree_add_item(enc_tree, hf_smb2_transform_encrypted_data,
9136 enc_tvb, 0, sti->size, ENC_NA);
9139 if (tvb_reported_length_remaining(tvb, offset) > 0) {
9140 chain_offset = offset;
9144 if (chain_offset > 0) {
9147 proto_item_set_len(item, chain_offset);
9149 next_tvb = tvb_new_subset_remaining(tvb, chain_offset);
9150 offset = dissect_smb2(next_tvb, pinfo, parent_tree, FALSE);
9157 dissect_smb2_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data _U_)
9160 /* must check that this really is a smb2 packet */
9161 if (tvb_captured_length(tvb) < 4)
9164 if (((tvb_get_guint8(tvb, 0) != 0xfe) && (tvb_get_guint8(tvb, 0) != 0xfd))
9165 || (tvb_get_guint8(tvb, 1) != 'S')
9166 || (tvb_get_guint8(tvb, 2) != 'M')
9167 || (tvb_get_guint8(tvb, 3) != 'B') ) {
9171 dissect_smb2(tvb, pinfo, parent_tree, TRUE);
9177 proto_register_smb2(void)
9179 module_t *smb2_module;
9180 static hf_register_info hf[] = {
9182 { "Command", "smb2.cmd", FT_UINT16, BASE_DEC | BASE_EXT_STRING,
9183 &smb2_cmd_vals_ext, 0, "SMB2 Command Opcode", HFILL }
9186 { &hf_smb2_response_to,
9187 { "Response to", "smb2.response_to", FT_FRAMENUM, BASE_NONE,
9188 NULL, 0, "This packet is a response to the packet in this frame", HFILL }
9191 { &hf_smb2_response_in,
9192 { "Response in", "smb2.response_in", FT_FRAMENUM, BASE_NONE,
9193 NULL, 0, "The response to this packet is in this packet", HFILL }
9197 { "Time from request", "smb2.time", FT_RELATIVE_TIME, BASE_NONE,
9198 NULL, 0, "Time between Request and Response for SMB2 cmds", HFILL }
9201 { &hf_smb2_header_len,
9202 { "Header Length", "smb2.header_len", FT_UINT16, BASE_DEC,
9203 NULL, 0, "SMB2 Size of Header", HFILL }
9206 { &hf_smb2_nt_status,
9207 { "NT Status", "smb2.nt_status", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
9208 &NT_errors_ext, 0, "NT Status code", HFILL }
9212 { "Message ID", "smb2.msg_id", FT_UINT64, BASE_DEC,
9213 NULL, 0, NULL, HFILL }
9217 { "Tree Id", "smb2.tid", FT_UINT32, BASE_HEX,
9218 NULL, 0, NULL, HFILL }
9222 { "Async Id", "smb2.aid", FT_UINT64, BASE_HEX,
9223 NULL, 0, NULL, HFILL }
9227 { "Session Id", "smb2.sesid", FT_UINT64, BASE_HEX,
9228 NULL, 0, NULL, HFILL }
9231 { &hf_smb2_previous_sesid,
9232 { "Previous Session Id", "smb2.previous_sesid", FT_UINT64, BASE_HEX,
9233 NULL, 0, NULL, HFILL }
9236 { &hf_smb2_chain_offset,
9237 { "Chain Offset", "smb2.chain_offset", FT_UINT32, BASE_HEX,
9238 NULL, 0, NULL, HFILL }
9241 { &hf_smb2_end_of_file,
9242 { "End Of File", "smb2.eof", FT_UINT64, BASE_DEC,
9243 NULL, 0, "SMB2 End Of File/File size", HFILL }
9247 { "Number of Links", "smb2.nlinks", FT_UINT32, BASE_DEC,
9248 NULL, 0, "Number of links to this object", HFILL }
9252 { "File Id", "smb2.file_id", FT_UINT64, BASE_HEX,
9253 NULL, 0, NULL, HFILL }
9256 { &hf_smb2_allocation_size,
9257 { "Allocation Size", "smb2.allocation_size", FT_UINT64, BASE_DEC,
9258 NULL, 0, NULL, HFILL }
9261 { &hf_smb2_max_response_size,
9262 { "Max Response Size", "smb2.max_response_size", FT_UINT32, BASE_DEC,
9263 NULL, 0, NULL, HFILL }
9266 { &hf_smb2_getinfo_size,
9267 { "Getinfo Size", "smb2.getinfo_size", FT_UINT32, BASE_DEC,
9268 NULL, 0, NULL, HFILL }
9271 { &hf_smb2_getinfo_offset,
9272 { "Getinfo Offset", "smb2.getinfo_offset", FT_UINT16, BASE_HEX,
9273 NULL, 0, NULL, HFILL }
9276 { &hf_smb2_getinfo_additional,
9277 { "Additional Info", "smb2.getinfo_additional", FT_UINT32, BASE_HEX,
9278 NULL, 0, NULL, HFILL }
9281 { &hf_smb2_getinfo_flags,
9282 { "Flags", "smb2.getinfo_flags", FT_UINT32, BASE_HEX,
9283 NULL, 0, NULL, HFILL }
9286 { &hf_smb2_setinfo_size,
9287 { "Setinfo Size", "smb2.setinfo_size", FT_UINT32, BASE_DEC,
9288 NULL, 0, NULL, HFILL }
9291 { &hf_smb2_setinfo_offset,
9292 { "Setinfo Offset", "smb2.setinfo_offset", FT_UINT16, BASE_HEX,
9293 NULL, 0, NULL, HFILL }
9296 { &hf_smb2_max_ioctl_out_size,
9297 { "Max Ioctl Out Size", "smb2.max_ioctl_out_size", FT_UINT32, BASE_DEC,
9298 NULL, 0, NULL, HFILL }
9301 { &hf_smb2_max_ioctl_in_size,
9302 { "Max Ioctl In Size", "smb2.max_ioctl_in_size", FT_UINT32, BASE_DEC,
9303 NULL, 0, NULL, HFILL }
9306 { &hf_smb2_required_buffer_size,
9307 { "Required Buffer Size", "smb2.required_size", FT_UINT32, BASE_DEC,
9308 NULL, 0, NULL, HFILL }
9312 { "Process Id", "smb2.pid", FT_UINT32, BASE_HEX,
9313 NULL, 0, NULL, HFILL }
9317 /* SMB2 header flags */
9319 { "Flags", "smb2.flags", FT_UINT32, BASE_HEX,
9320 NULL, 0, "SMB2 flags", HFILL }
9323 { &hf_smb2_flags_response,
9324 { "Response", "smb2.flags.response", FT_BOOLEAN, 32,
9325 TFS(&tfs_flags_response), SMB2_FLAGS_RESPONSE, "Whether this is an SMB2 Request or Response", HFILL }
9328 { &hf_smb2_flags_async_cmd,
9329 { "Async command", "smb2.flags.async", FT_BOOLEAN, 32,
9330 TFS(&tfs_flags_async_cmd), SMB2_FLAGS_ASYNC_CMD, NULL, HFILL }
9333 { &hf_smb2_flags_dfs_op,
9334 { "DFS operation", "smb2.flags.dfs", FT_BOOLEAN, 32,
9335 TFS(&tfs_flags_dfs_op), SMB2_FLAGS_DFS_OP, NULL, HFILL }
9338 { &hf_smb2_flags_chained,
9339 { "Chained", "smb2.flags.chained", FT_BOOLEAN, 32,
9340 TFS(&tfs_flags_chained), SMB2_FLAGS_CHAINED, "Whether the pdu continues a chain or not", HFILL }
9342 { &hf_smb2_flags_signature,
9343 { "Signing", "smb2.flags.signature", FT_BOOLEAN, 32,
9344 TFS(&tfs_flags_signature), SMB2_FLAGS_SIGNATURE, "Whether the pdu is signed or not", HFILL }
9347 { &hf_smb2_flags_replay_operation,
9348 { "Replay operation", "smb2.flags.replay", FT_BOOLEAN, 32,
9349 TFS(&tfs_flags_replay_operation), SMB2_FLAGS_REPLAY_OPERATION, "Whether this is a replay operation", HFILL }
9352 { &hf_smb2_flags_priority_mask,
9353 { "Priority", "smb2.flags.priority_mask", FT_BOOLEAN, 32,
9354 TFS(&tfs_flags_priority_mask), SMB2_FLAGS_PRIORITY_MASK, "Priority Mask", HFILL }
9358 { "Tree", "smb2.tree", FT_STRING, BASE_NONE,
9359 NULL, 0, "Name of the Tree/Share", HFILL }
9362 { &hf_smb2_filename,
9363 { "Filename", "smb2.filename", FT_STRING, BASE_NONE,
9364 NULL, 0, NULL, HFILL }
9367 { &hf_smb2_filename_len,
9368 { "Filename Length", "smb2.filename.len", FT_UINT32, BASE_DEC,
9369 NULL, 0, NULL, HFILL }
9372 { &hf_smb2_replace_if,
9373 { "Replace If", "smb2.rename.replace_if", FT_BOOLEAN, 8,
9374 TFS(&tfs_replace_if_exists), 0xFF, "Whether to replace if the target exists", HFILL }
9377 { &hf_smb2_data_offset,
9378 { "Data Offset", "smb2.data_offset", FT_UINT16, BASE_HEX,
9379 NULL, 0, "Offset to data", HFILL }
9382 { &hf_smb2_find_info_level,
9383 { "Info Level", "smb2.find.infolevel", FT_UINT32, BASE_DEC,
9384 VALS(smb2_find_info_levels), 0, "Find_Info Infolevel", HFILL }
9386 { &hf_smb2_find_flags,
9387 { "Find Flags", "smb2.find.flags", FT_UINT8, BASE_HEX,
9388 NULL, 0, NULL, HFILL }
9391 { &hf_smb2_find_pattern,
9392 { "Search Pattern", "smb2.find.pattern", FT_STRING, BASE_NONE,
9393 NULL, 0, "Find pattern", HFILL }
9396 { &hf_smb2_find_info_blob,
9397 { "Info", "smb2.find.info_blob", FT_BYTES, BASE_NONE,
9398 NULL, 0, "Find Info", HFILL }
9402 { "EA Size", "smb2.ea_size", FT_UINT32, BASE_DEC,
9403 NULL, 0, "Size of EA data", HFILL }
9407 { "Class", "smb2.class", FT_UINT8, BASE_HEX,
9408 VALS(smb2_class_vals), 0, "Info class", HFILL }
9411 { &hf_smb2_infolevel,
9412 { "InfoLevel", "smb2.infolevel", FT_UINT8, BASE_HEX,
9413 NULL, 0, NULL, HFILL }
9416 { &hf_smb2_infolevel_file_info,
9417 { "InfoLevel", "smb2.file_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
9418 &smb2_file_info_levels_ext, 0, "File_Info Infolevel", HFILL }
9421 { &hf_smb2_infolevel_fs_info,
9422 { "InfoLevel", "smb2.fs_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
9423 &smb2_fs_info_levels_ext, 0, "Fs_Info Infolevel", HFILL }
9426 { &hf_smb2_infolevel_sec_info,
9427 { "InfoLevel", "smb2.sec_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
9428 &smb2_sec_info_levels_ext, 0, "Sec_Info Infolevel", HFILL }
9431 { &hf_smb2_infolevel_posix_info,
9432 { "InfoLevel", "smb2.posix_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
9433 &smb2_posix_info_levels_ext, 0, "Posix_Info Infolevel", HFILL }
9436 { &hf_smb2_write_length,
9437 { "Write Length", "smb2.write_length", FT_UINT32, BASE_DEC,
9438 NULL, 0, "Amount of data to write", HFILL }
9441 { &hf_smb2_read_length,
9442 { "Read Length", "smb2.read_length", FT_UINT32, BASE_DEC,
9443 NULL, 0, "Amount of data to read", HFILL }
9446 { &hf_smb2_read_remaining,
9447 { "Read Remaining", "smb2.read_remaining", FT_UINT32, BASE_DEC,
9448 NULL, 0, NULL, HFILL }
9451 { &hf_smb2_create_flags,
9452 { "Create Flags", "smb2.create_flags", FT_UINT64, BASE_HEX,
9453 NULL, 0, NULL, HFILL }
9456 { &hf_smb2_file_offset,
9457 { "File Offset", "smb2.file_offset", FT_UINT64, BASE_DEC,
9458 NULL, 0, NULL, HFILL }
9461 { &hf_smb2_fsctl_range_offset,
9462 { "File Offset", "smb2.fsctl.range_offset", FT_UINT64, BASE_DEC,
9463 NULL, 0, NULL, HFILL }
9466 { &hf_smb2_fsctl_range_length,
9467 { "Length", "smb2.fsctl.range_length", FT_UINT64, BASE_DEC,
9468 NULL, 0, NULL, HFILL }
9471 { &hf_smb2_qfr_length,
9472 { "Length", "smb2.qfr_length", FT_UINT64, BASE_DEC,
9473 NULL, 0, NULL, HFILL }
9476 { &hf_smb2_qfr_usage,
9477 { "Desired Usage", "smb2.qfr_usage", FT_UINT32, BASE_HEX,
9478 VALS(file_region_usage_vals), 0, NULL, HFILL }
9481 { &hf_smb2_qfr_flags,
9482 { "Flags", "smb2.qfr_flags", FT_UINT32, BASE_HEX,
9483 NULL, 0, NULL, HFILL }
9486 { &hf_smb2_qfr_total_region_entry_count,
9487 { "Total Region Entry Count", "smb2.qfr_tot_region_entry_count", FT_UINT32, BASE_HEX,
9488 NULL, 0, NULL, HFILL }
9491 { &hf_smb2_qfr_region_entry_count,
9492 { "Region Entry Count", "smb2.qfr_region_entry_count", FT_UINT32, BASE_HEX,
9493 NULL, 0, NULL, HFILL }
9496 { &hf_smb2_security_blob,
9497 { "Security Blob", "smb2.security_blob", FT_BYTES, BASE_NONE,
9498 NULL, 0, NULL, HFILL }
9501 { &hf_smb2_ioctl_out_data,
9502 { "Out Data", "smb2.ioctl.out", FT_NONE, BASE_NONE,
9503 NULL, 0, "Ioctl Out", HFILL }
9506 { &hf_smb2_ioctl_in_data,
9507 { "In Data", "smb2.ioctl.in", FT_NONE, BASE_NONE,
9508 NULL, 0, "Ioctl In", HFILL }
9511 { &hf_smb2_server_guid,
9512 { "Server Guid", "smb2.server_guid", FT_GUID, BASE_NONE,
9513 NULL, 0, NULL, HFILL }
9516 { &hf_smb2_client_guid,
9517 { "Client Guid", "smb2.client_guid", FT_GUID, BASE_NONE,
9518 NULL, 0, NULL, HFILL }
9521 { &hf_smb2_object_id,
9522 { "ObjectId", "smb2.object_id", FT_GUID, BASE_NONE,
9523 NULL, 0, "ObjectID for this FID", HFILL }
9526 { &hf_smb2_birth_volume_id,
9527 { "BirthVolumeId", "smb2.birth_volume_id", FT_GUID, BASE_NONE,
9528 NULL, 0, "ObjectID for the volume where this FID was originally created", HFILL }
9531 { &hf_smb2_birth_object_id,
9532 { "BirthObjectId", "smb2.birth_object_id", FT_GUID, BASE_NONE,
9533 NULL, 0, "ObjectID for this FID when it was originally created", HFILL }
9536 { &hf_smb2_domain_id,
9537 { "DomainId", "smb2.domain_id", FT_GUID, BASE_NONE,
9538 NULL, 0, NULL, HFILL }
9541 { &hf_smb2_create_timestamp,
9542 { "Create", "smb2.create.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
9543 NULL, 0, "Time when this object was created", HFILL }
9547 { "File Id", "smb2.fid", FT_GUID, BASE_NONE,
9548 NULL, 0, "SMB2 File Id", HFILL }
9551 { &hf_smb2_write_data,
9552 { "Write Data", "smb2.write_data", FT_BYTES, BASE_NONE,
9553 NULL, 0, "SMB2 Data to be written", HFILL }
9556 { &hf_smb2_write_flags,
9557 { "Write Flags", "smb2.write.flags", FT_UINT32, BASE_HEX,
9558 NULL, 0, NULL, HFILL }
9561 { &hf_smb2_write_flags_write_through,
9562 { "Write through", "smb2.write.flags.write_through", FT_BOOLEAN, 32,
9563 NULL, SMB2_WRITE_FLAG_WRITE_THROUGH, NULL, HFILL }
9566 { &hf_smb2_write_count,
9567 { "Write Count", "smb2.write.count", FT_UINT32, BASE_DEC,
9568 NULL, 0, NULL, HFILL }
9571 { &hf_smb2_write_remaining,
9572 { "Write Remaining", "smb2.write.remaining", FT_UINT32, BASE_DEC,
9573 NULL, 0, NULL, HFILL }
9576 { &hf_smb2_read_data,
9577 { "Read Data", "smb2.read_data", FT_BYTES, BASE_NONE,
9578 NULL, 0, "SMB2 Data that is read", HFILL }
9581 { &hf_smb2_last_access_timestamp,
9582 { "Last Access", "smb2.last_access.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
9583 NULL, 0, "Time when this object was last accessed", HFILL }
9586 { &hf_smb2_last_write_timestamp,
9587 { "Last Write", "smb2.last_write.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
9588 NULL, 0, "Time when this object was last written to", HFILL }
9591 { &hf_smb2_last_change_timestamp,
9592 { "Last Change", "smb2.last_change.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
9593 NULL, 0, "Time when this object was last changed", HFILL }
9596 { &hf_smb2_file_all_info,
9597 { "SMB2_FILE_ALL_INFO", "smb2.file_all_info", FT_NONE, BASE_NONE,
9598 NULL, 0, NULL, HFILL }
9601 { &hf_smb2_file_allocation_info,
9602 { "SMB2_FILE_ALLOCATION_INFO", "smb2.file_allocation_info", FT_NONE, BASE_NONE,
9603 NULL, 0, NULL, HFILL }
9606 { &hf_smb2_file_endoffile_info,
9607 { "SMB2_FILE_ENDOFFILE_INFO", "smb2.file_endoffile_info", FT_NONE, BASE_NONE,
9608 NULL, 0, NULL, HFILL }
9611 { &hf_smb2_file_alternate_name_info,
9612 { "SMB2_FILE_ALTERNATE_NAME_INFO", "smb2.file_alternate_name_info", FT_NONE, BASE_NONE,
9613 NULL, 0, NULL, HFILL }
9616 { &hf_smb2_file_stream_info,
9617 { "SMB2_FILE_STREAM_INFO", "smb2.file_stream_info", FT_NONE, BASE_NONE,
9618 NULL, 0, NULL, HFILL }
9621 { &hf_smb2_file_pipe_info,
9622 { "SMB2_FILE_PIPE_INFO", "smb2.file_pipe_info", FT_NONE, BASE_NONE,
9623 NULL, 0, NULL, HFILL }
9626 { &hf_smb2_file_compression_info,
9627 { "SMB2_FILE_COMPRESSION_INFO", "smb2.file_compression_info", FT_NONE, BASE_NONE,
9628 NULL, 0, NULL, HFILL }
9631 { &hf_smb2_file_basic_info,
9632 { "SMB2_FILE_BASIC_INFO", "smb2.file_basic_info", FT_NONE, BASE_NONE,
9633 NULL, 0, NULL, HFILL }
9636 { &hf_smb2_file_standard_info,
9637 { "SMB2_FILE_STANDARD_INFO", "smb2.file_standard_info", FT_NONE, BASE_NONE,
9638 NULL, 0, NULL, HFILL }
9641 { &hf_smb2_file_internal_info,
9642 { "SMB2_FILE_INTERNAL_INFO", "smb2.file_internal_info", FT_NONE, BASE_NONE,
9643 NULL, 0, NULL, HFILL }
9646 { &hf_smb2_file_mode_info,
9647 { "SMB2_FILE_MODE_INFO", "smb2.file_mode_info", FT_NONE, BASE_NONE,
9648 NULL, 0, NULL, HFILL }
9651 { &hf_smb2_file_alignment_info,
9652 { "SMB2_FILE_ALIGNMENT_INFO", "smb2.file_alignment_info", FT_NONE, BASE_NONE,
9653 NULL, 0, NULL, HFILL }
9656 { &hf_smb2_file_position_info,
9657 { "SMB2_FILE_POSITION_INFO", "smb2.file_position_info", FT_NONE, BASE_NONE,
9658 NULL, 0, NULL, HFILL }
9661 { &hf_smb2_file_access_info,
9662 { "SMB2_FILE_ACCESS_INFO", "smb2.file_access_info", FT_NONE, BASE_NONE,
9663 NULL, 0, NULL, HFILL }
9666 { &hf_smb2_file_ea_info,
9667 { "SMB2_FILE_EA_INFO", "smb2.file_ea_info", FT_NONE, BASE_NONE,
9668 NULL, 0, NULL, HFILL }
9671 { &hf_smb2_file_network_open_info,
9672 { "SMB2_FILE_NETWORK_OPEN_INFO", "smb2.file_network_open_info", FT_NONE, BASE_NONE,
9673 NULL, 0, NULL, HFILL }
9676 { &hf_smb2_file_attribute_tag_info,
9677 { "SMB2_FILE_ATTRIBUTE_TAG_INFO", "smb2.file_attribute_tag_info", FT_NONE, BASE_NONE,
9678 NULL, 0, NULL, HFILL }
9681 { &hf_smb2_file_disposition_info,
9682 { "SMB2_FILE_DISPOSITION_INFO", "smb2.file_disposition_info", FT_NONE, BASE_NONE,
9683 NULL, 0, NULL, HFILL }
9686 { &hf_smb2_file_full_ea_info,
9687 { "SMB2_FILE_FULL_EA_INFO", "smb2.file_full_ea_info", FT_NONE, BASE_NONE,
9688 NULL, 0, NULL, HFILL }
9691 { &hf_smb2_file_rename_info,
9692 { "SMB2_FILE_RENAME_INFO", "smb2.file_rename_info", FT_NONE, BASE_NONE,
9693 NULL, 0, NULL, HFILL }
9696 { &hf_smb2_fs_info_01,
9697 { "SMB2_FS_INFO_01", "smb2.fs_info_01", FT_NONE, BASE_NONE,
9698 NULL, 0, NULL, HFILL }
9701 { &hf_smb2_fs_info_03,
9702 { "SMB2_FS_INFO_03", "smb2.fs_info_03", FT_NONE, BASE_NONE,
9703 NULL, 0, NULL, HFILL }
9706 { &hf_smb2_fs_info_04,
9707 { "SMB2_FS_INFO_04", "smb2.fs_info_04", FT_NONE, BASE_NONE,
9708 NULL, 0, NULL, HFILL }
9711 { &hf_smb2_fs_info_05,
9712 { "SMB2_FS_INFO_05", "smb2.fs_info_05", FT_NONE, BASE_NONE,
9713 NULL, 0, NULL, HFILL }
9716 { &hf_smb2_fs_info_06,
9717 { "SMB2_FS_INFO_06", "smb2.fs_info_06", FT_NONE, BASE_NONE,
9718 NULL, 0, NULL, HFILL }
9721 { &hf_smb2_fs_info_07,
9722 { "SMB2_FS_INFO_07", "smb2.fs_info_07", FT_NONE, BASE_NONE,
9723 NULL, 0, NULL, HFILL }
9726 { &hf_smb2_fs_objectid_info,
9727 { "SMB2_FS_OBJECTID_INFO", "smb2.fs_objectid_info", FT_NONE, BASE_NONE,
9728 NULL, 0, NULL, HFILL }
9731 { &hf_smb2_sec_info_00,
9732 { "SMB2_SEC_INFO_00", "smb2.sec_info_00", FT_NONE, BASE_NONE,
9733 NULL, 0, NULL, HFILL }
9736 { &hf_smb2_quota_info,
9737 { "SMB2_QUOTA_INFO", "smb2.quota_info", FT_NONE, BASE_NONE,
9738 NULL, 0, NULL, HFILL }
9741 { &hf_smb2_query_quota_info,
9742 { "SMB2_QUERY_QUOTA_INFO", "smb2.query_quota_info", FT_NONE, BASE_NONE,
9743 NULL, 0, NULL, HFILL }
9746 { &hf_smb2_qq_single,
9747 { "ReturnSingle", "smb2.query_quota_info.single", FT_BOOLEAN, 8,
9748 NULL, 0xff, NULL, HFILL }
9751 { &hf_smb2_qq_restart,
9752 { "RestartScan", "smb2.query_quota_info.restart", FT_BOOLEAN, 8,
9753 NULL, 0xff, NULL, HFILL }
9756 { &hf_smb2_qq_sidlist_len,
9757 { "SidListLength", "smb2.query_quota_info.sidlistlen", FT_UINT32, BASE_DEC,
9758 NULL, 0, NULL, HFILL }
9761 { &hf_smb2_qq_start_sid_len,
9762 { "StartSidLength", "smb2.query_quota_info.startsidlen", FT_UINT32, BASE_DEC,
9763 NULL, 0, NULL, HFILL }
9766 { &hf_smb2_qq_start_sid_offset,
9767 { "StartSidOffset", "smb2.query_quota_info.startsidoffset", FT_UINT32, BASE_DEC,
9768 NULL, 0, NULL, HFILL }
9771 { &hf_smb2_disposition_delete_on_close,
9772 { "Delete on close", "smb2.disposition.delete_on_close", FT_BOOLEAN, 8,
9773 TFS(&tfs_disposition_delete_on_close), 0x01, NULL, HFILL }
9777 { &hf_smb2_create_disposition,
9778 { "Disposition", "smb2.create.disposition", FT_UINT32, BASE_DEC,
9779 VALS(create_disposition_vals), 0, "Create disposition, what to do if the file does/does not exist", HFILL }
9782 { &hf_smb2_create_action,
9783 { "Create Action", "smb2.create.action", FT_UINT32, BASE_DEC,
9784 VALS(oa_open_vals), 0, NULL, HFILL }
9787 { &hf_smb2_create_rep_flags,
9788 { "Response Flags", "smb2.create.rep_flags", FT_UINT8, BASE_HEX,
9789 NULL, 0, NULL, HFILL }
9792 { &hf_smb2_create_rep_flags_reparse_point,
9793 { "ReparsePoint", "smb2.create.rep_flags.reparse_point", FT_BOOLEAN, 8,
9794 NULL, SMB2_CREATE_REP_FLAGS_REPARSE_POINT, NULL, HFILL }
9797 { &hf_smb2_extrainfo,
9798 { "ExtraInfo", "smb2.create.extrainfo", FT_NONE, BASE_NONE,
9799 NULL, 0, "Create ExtraInfo", HFILL }
9802 { &hf_smb2_create_chain_offset,
9803 { "Chain Offset", "smb2.create.chain_offset", FT_UINT32, BASE_HEX,
9804 NULL, 0, "Offset to next entry in chain or 0", HFILL }
9807 { &hf_smb2_create_chain_data,
9808 { "Data", "smb2.create.chain_data", FT_NONE, BASE_NONE,
9809 NULL, 0, "Chain Data", HFILL }
9812 { &hf_smb2_FILE_OBJECTID_BUFFER,
9813 { "FILE_OBJECTID_BUFFER", "smb2.FILE_OBJECTID_BUFFER", FT_NONE, BASE_NONE,
9814 NULL, 0, NULL, HFILL }
9817 { &hf_smb2_lease_key,
9818 { "Lease Key", "smb2.lease.lease_key", FT_GUID, BASE_NONE,
9819 NULL, 0, NULL, HFILL }
9822 { &hf_smb2_lease_state,
9823 { "Lease State", "smb2.lease.lease_state", FT_UINT32, BASE_HEX,
9824 NULL, 0, NULL, HFILL }
9827 { &hf_smb2_lease_state_read_caching,
9828 { "Read Caching", "smb2.lease.lease_state.read_caching", FT_BOOLEAN, 32,
9829 NULL, SMB2_LEASE_STATE_READ_CACHING, NULL, HFILL }
9832 { &hf_smb2_lease_state_handle_caching,
9833 { "Handle Caching", "smb2.lease.lease_state.handle_caching", FT_BOOLEAN, 32,
9834 NULL, SMB2_LEASE_STATE_HANDLE_CACHING, NULL, HFILL }
9837 { &hf_smb2_lease_state_write_caching,
9838 { "Write Caching", "smb2.lease.lease_state.write_caching", FT_BOOLEAN, 32,
9839 NULL, SMB2_LEASE_STATE_WRITE_CACHING, NULL, HFILL }
9842 { &hf_smb2_lease_flags,
9843 { "Lease Flags", "smb2.lease.lease_flags", FT_UINT32, BASE_HEX,
9844 NULL, 0, NULL, HFILL }
9847 { &hf_smb2_lease_flags_break_ack_required,
9848 { "Break Ack Required", "smb2.lease.lease_state.break_ack_required", FT_BOOLEAN, 32,
9849 NULL, SMB2_LEASE_FLAGS_BREAK_ACK_REQUIRED, NULL, HFILL }
9852 { &hf_smb2_lease_flags_break_in_progress,
9853 { "Break In Progress", "smb2.lease.lease_state.break_in_progress", FT_BOOLEAN, 32,
9854 NULL, SMB2_LEASE_FLAGS_BREAK_IN_PROGRESS, NULL, HFILL }
9857 { &hf_smb2_lease_flags_parent_lease_key_set,
9858 { "Parent Lease Key Set", "smb2.lease.lease_state.parent_lease_key_set", FT_BOOLEAN, 32,
9859 NULL, SMB2_LEASE_FLAGS_PARENT_LEASE_KEY_SET, NULL, HFILL }
9862 { &hf_smb2_lease_duration,
9863 { "Lease Duration", "smb2.lease.lease_duration", FT_UINT64, BASE_HEX,
9864 NULL, 0, NULL, HFILL }
9867 { &hf_smb2_parent_lease_key,
9868 { "Parent Lease Key", "smb2.lease.parent_lease_key", FT_GUID, BASE_NONE,
9869 NULL, 0, NULL, HFILL }
9872 { &hf_smb2_lease_epoch,
9873 { "Lease Epoch", "smb2.lease.lease_oplock", FT_UINT16, BASE_HEX,
9874 NULL, 0, NULL, HFILL }
9877 { &hf_smb2_lease_reserved,
9878 { "Lease Reserved", "smb2.lease.lease_reserved", FT_UINT16, BASE_HEX,
9879 NULL, 0, NULL, HFILL }
9882 { &hf_smb2_lease_break_reason,
9883 { "Lease Break Reason", "smb2.lease.lease_break_reason", FT_UINT32, BASE_HEX,
9884 NULL, 0, NULL, HFILL }
9887 { &hf_smb2_lease_access_mask_hint,
9888 { "Access Mask Hint", "smb2.lease.access_mask_hint", FT_UINT32, BASE_HEX,
9889 NULL, 0, NULL, HFILL }
9892 { &hf_smb2_lease_share_mask_hint,
9893 { "Share Mask Hint", "smb2.lease.share_mask_hint", FT_UINT32, BASE_HEX,
9894 NULL, 0, NULL, HFILL }
9897 { &hf_smb2_next_offset,
9898 { "Next Offset", "smb2.next_offset", FT_UINT32, BASE_DEC,
9899 NULL, 0, "Offset to next buffer or 0", HFILL }
9902 { &hf_smb2_negotiate_context_type,
9903 { "Type", "smb2.negotiate_context.type", FT_UINT16, BASE_HEX,
9904 VALS(smb2_negotiate_context_types), 0, NULL, HFILL }
9907 { &hf_smb2_negotiate_context_data_length,
9908 { "DataLength", "smb2.negotiate_context.data_length", FT_UINT16, BASE_DEC,
9909 NULL, 0, NULL, HFILL }
9912 { &hf_smb2_negotiate_context_offset,
9913 { "NegotiateContextOffset", "smb2.negotiate_context.offset", FT_UINT16, BASE_HEX,
9914 NULL, 0, NULL, HFILL }
9917 { &hf_smb2_negotiate_context_count,
9918 { "NegotiateContextCount", "smb2.negotiate_context.count", FT_UINT16, BASE_DEC,
9919 NULL, 0, NULL, HFILL }
9922 { &hf_smb2_hash_alg_count,
9923 { "HashAlgorithmCount", "smb2.negotiate_context.hash_alg_count", FT_UINT16, BASE_DEC,
9924 NULL, 0, NULL, HFILL }},
9926 { &hf_smb2_hash_algorithm,
9927 { "HashAlgorithm", "smb2.negotiate_context.hash_algorithm", FT_UINT16, BASE_HEX,
9928 VALS(smb2_hash_algorithm_types), 0, NULL, HFILL }},
9930 { &hf_smb2_salt_length,
9931 { "SaltLength", "smb2.negotiate_context.salt_length", FT_UINT16, BASE_DEC,
9932 NULL, 0, NULL, HFILL }},
9935 { "Salt", "smb2.negotiate_context.salt", FT_BYTES, BASE_NONE,
9936 NULL, 0, NULL, HFILL }},
9938 { &hf_smb2_cipher_count,
9939 { "CipherCount", "smb2.negotiate_context.cipher_count", FT_UINT16, BASE_DEC,
9940 NULL, 0, NULL, HFILL }},
9942 { &hf_smb2_cipher_id,
9943 { "CipherId", "smb2.negotiate_context.cipher_id", FT_UINT16, BASE_HEX,
9944 VALS(smb2_cipher_types), 0, NULL, HFILL }},
9946 { &hf_smb2_current_time,
9947 { "Current Time", "smb2.current_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
9948 NULL, 0, "Current Time at server", HFILL }
9951 { &hf_smb2_boot_time,
9952 { "Boot Time", "smb2.boot_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
9953 NULL, 0, "Boot Time at server", HFILL }
9956 { &hf_smb2_ea_flags,
9957 { "EA Flags", "smb2.ea.flags", FT_UINT8, BASE_HEX,
9958 NULL, 0, NULL, HFILL }
9961 { &hf_smb2_ea_name_len,
9962 { "EA Name Length", "smb2.ea.name_len", FT_UINT8, BASE_DEC,
9963 NULL, 0, NULL, HFILL }
9966 { &hf_smb2_ea_data_len,
9967 { "EA Data Length", "smb2.ea.data_len", FT_UINT16, BASE_DEC,
9968 NULL, 0, NULL, HFILL }
9971 { &hf_smb2_delete_pending,
9972 { "Delete Pending", "smb2.delete_pending", FT_UINT8, BASE_DEC,
9973 NULL, 0, NULL, HFILL }
9976 { &hf_smb2_is_directory,
9977 { "Is Directory", "smb2.is_directory", FT_UINT8, BASE_DEC,
9978 NULL, 0, "Is this a directory?", HFILL }
9982 { "Oplock", "smb2.create.oplock", FT_UINT8, BASE_HEX,
9983 VALS(oplock_vals), 0, "Oplock type", HFILL }
9986 { &hf_smb2_close_flags,
9987 { "Close Flags", "smb2.close.flags", FT_UINT16, BASE_HEX,
9988 NULL, 0, NULL, HFILL }
9991 { &hf_smb2_notify_flags,
9992 { "Notify Flags", "smb2.notify.flags", FT_UINT16, BASE_HEX,
9993 NULL, 0, NULL, HFILL }
9996 { &hf_smb2_buffer_code,
9997 { "StructureSize", "smb2.buffer_code", FT_UINT16, BASE_HEX,
9998 NULL, 0, NULL, HFILL }
10001 { &hf_smb2_buffer_code_len,
10002 { "Fixed Part Length", "smb2.buffer_code.length", FT_UINT16, BASE_DEC,
10003 NULL, 0xFFFE, "Length of fixed portion of PDU", HFILL }
10006 { &hf_smb2_olb_length,
10007 { "Length", "smb2.olb.length", FT_UINT32, BASE_DEC,
10008 NULL, 0, "Length of the buffer", HFILL }
10011 { &hf_smb2_olb_offset,
10012 { "Offset", "smb2.olb.offset", FT_UINT32, BASE_HEX,
10013 NULL, 0, "Offset to the buffer", HFILL }
10016 { &hf_smb2_buffer_code_flags_dyn,
10017 { "Dynamic Part", "smb2.buffer_code.dynamic", FT_BOOLEAN, 16,
10018 NULL, 0x0001, "Whether a dynamic length blob follows", HFILL }
10021 { &hf_smb2_ea_data,
10022 { "EA Data", "smb2.ea.data", FT_BYTES, BASE_NONE,
10023 NULL, 0, NULL, HFILL }
10026 { &hf_smb2_ea_name,
10027 { "EA Name", "smb2.ea.name", FT_STRING, BASE_NONE,
10028 NULL, 0, NULL, HFILL }
10031 { &hf_smb2_impersonation_level,
10032 { "Impersonation level", "smb2.impersonation.level", FT_UINT32, BASE_DEC,
10033 VALS(impersonation_level_vals), 0, NULL, HFILL }
10036 { &hf_smb2_ioctl_function,
10037 { "Function", "smb2.ioctl.function", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
10038 &smb2_ioctl_vals_ext, 0, "Ioctl function", HFILL }
10041 { &hf_smb2_ioctl_function_device,
10042 { "Device", "smb2.ioctl.function.device", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
10043 &smb2_ioctl_device_vals_ext, 0xffff0000, "Device for Ioctl", HFILL }
10046 { &hf_smb2_ioctl_function_access,
10047 { "Access", "smb2.ioctl.function.access", FT_UINT32, BASE_HEX,
10048 VALS(smb2_ioctl_access_vals), 0x0000c000, "Access for Ioctl", HFILL }
10051 { &hf_smb2_ioctl_function_function,
10052 { "Function", "smb2.ioctl.function.function", FT_UINT32, BASE_HEX,
10053 NULL, 0x00003ffc, "Function for Ioctl", HFILL }
10056 { &hf_smb2_ioctl_function_method,
10057 { "Method", "smb2.ioctl.function.method", FT_UINT32, BASE_HEX,
10058 VALS(smb2_ioctl_method_vals), 0x00000003, "Method for Ioctl", HFILL }
10061 { &hf_smb2_fsctl_pipe_wait_timeout,
10062 { "Timeout", "smb2.fsctl.wait.timeout", FT_INT64, BASE_DEC,
10063 NULL, 0, "Wait timeout", HFILL }
10066 { &hf_smb2_fsctl_pipe_wait_name,
10067 { "Name", "smb2.fsctl.wait.name", FT_STRING, BASE_NONE,
10068 NULL, 0, "Pipe name", HFILL }
10071 { &hf_smb2_fsctl_odx_token_type,
10072 { "TokenType", "smb2.fsctl.odx.token.type", FT_UINT32, BASE_HEX,
10073 NULL, 0, NULL, HFILL }
10076 { &hf_smb2_fsctl_odx_token_idlen,
10077 { "TokenIdLength", "smb2.fsctl.odx.token.idlen", FT_UINT16, BASE_DEC,
10078 NULL, 0, NULL, HFILL }
10081 { &hf_smb2_fsctl_odx_token_idraw,
10082 { "TokenId", "smb2.fsctl.odx.token.id", FT_BYTES, BASE_NONE,
10083 NULL, 0, "Token ID (opaque)", HFILL }
10086 { &hf_smb2_fsctl_odx_token_ttl,
10087 { "TokenTimeToLive", "smb2.fsctl.odx.token_ttl", FT_UINT32, BASE_DEC,
10088 NULL, 0, "TTL requested for the token (in milliseconds)", HFILL }
10091 { &hf_smb2_fsctl_odx_size,
10092 { "Size", "smb2.fsctl.odx.size", FT_UINT32, BASE_DEC,
10093 NULL, 0, "Size of this data element", HFILL }
10096 { &hf_smb2_fsctl_odx_flags,
10097 { "Flags", "smb2.fsctl.odx.flags", FT_UINT32, BASE_HEX,
10098 NULL, 0, "Flags for this operation", HFILL }
10101 { &hf_smb2_fsctl_odx_file_offset,
10102 { "FileOffset", "smb2.fsctl.odx.file_offset", FT_UINT64, BASE_DEC,
10103 NULL, 0, NULL, HFILL }
10106 { &hf_smb2_fsctl_odx_copy_length,
10107 { "CopyLength", "smb2.fsctl.odx.copy_length", FT_UINT64, BASE_DEC,
10108 NULL, 0, NULL, HFILL }
10111 { &hf_smb2_fsctl_odx_xfer_length,
10112 { "TransferLength", "smb2.fsctl.odx.xfer_length", FT_UINT64, BASE_DEC,
10113 NULL, 0, NULL, HFILL }
10116 { &hf_smb2_fsctl_odx_token_offset,
10117 { "TokenOffset", "smb2.fsctl.odx.token_offset", FT_UINT64, BASE_DEC,
10118 NULL, 0, "Token Offset (relative to start of token)", HFILL }
10121 { &hf_smb2_fsctl_sparse_flag,
10122 { "SetSparse", "smb2.fsctl.set_sparse", FT_BOOLEAN, 8,
10123 NULL, 0xFF, NULL, HFILL }
10126 { &hf_smb2_ioctl_resiliency_timeout,
10127 { "Timeout", "smb2.ioctl.resiliency.timeout", FT_UINT32, BASE_DEC,
10128 NULL, 0, "Resiliency timeout", HFILL }
10131 { &hf_smb2_ioctl_resiliency_reserved,
10132 { "Reserved", "smb2.ioctl.resiliency.reserved", FT_UINT32, BASE_DEC,
10133 NULL, 0, "Resiliency reserved", HFILL }
10136 { &hf_smb2_ioctl_shared_virtual_disk_support,
10137 { "SharedVirtualDiskSupport", "smb2.ioctl.shared_virtual_disk.support", FT_UINT32, BASE_HEX,
10138 VALS(smb2_ioctl_shared_virtual_disk_vals), 0, "Supported shared capabilities", HFILL }
10141 { &hf_smb2_ioctl_shared_virtual_disk_handle_state,
10142 { "SharedVirtualDiskHandleState", "smb2.ioctl.shared_virtual_disk.handle_state", FT_UINT32, BASE_HEX,
10143 VALS(smb2_ioctl_shared_virtual_disk_hstate_vals), 0, NULL, HFILL }
10146 { &hf_smb2_ioctl_sqos_protocol_version,
10147 { "ProtocolVersion", "smb2.ioctl.sqos.protocol_version", FT_UINT16, BASE_HEX,
10148 VALS(smb2_ioctl_sqos_protocol_version_vals), 0, NULL, HFILL }
10151 { &hf_smb2_ioctl_sqos_reserved,
10152 { "Reserved", "smb2.ioctl.sqos.reserved", FT_UINT16, BASE_DEC,
10153 NULL, 0, NULL, HFILL }
10156 { &hf_smb2_ioctl_sqos_options,
10157 { "Operations", "smb2.ioctl.sqos.operations", FT_UINT32, BASE_HEX,
10158 NULL, 0, "SQOS operations", HFILL }
10161 { &hf_smb2_ioctl_sqos_op_set_logical_flow_id,
10162 { "Set Logical Flow ID", "smb2.ioctl.sqos.operations.set_logical_flow_id", FT_BOOLEAN, 32,
10163 NULL, STORAGE_QOS_CONTROL_FLAG_SET_LOGICAL_FLOW_ID, "Whether Set Logical Flow ID operation is performed", HFILL }
10166 { &hf_smb2_ioctl_sqos_op_set_policy,
10167 { "Set Policy", "smb2.ioctl.sqos.operations.set_policy", FT_BOOLEAN, 32,
10168 NULL, STORAGE_QOS_CONTROL_FLAG_SET_POLICY, "Whether Set Policy operation is performed", HFILL }
10171 { &hf_smb2_ioctl_sqos_op_probe_policy,
10172 { "Probe Policy", "smb2.ioctl.sqos.operations.probe_policy", FT_BOOLEAN, 32,
10173 NULL, STORAGE_QOS_CONTROL_FLAG_PROBE_POLICY, "Whether Probe Policy operation is performed", HFILL }
10176 { &hf_smb2_ioctl_sqos_op_get_status,
10177 { "Get Status", "smb2.ioctl.sqos.operations.get_status", FT_BOOLEAN, 32,
10178 NULL, STORAGE_QOS_CONTROL_FLAG_GET_STATUS, "Whether Get Status operation is performed", HFILL }
10181 { &hf_smb2_ioctl_sqos_op_update_counters,
10182 { "Update Counters", "smb2.ioctl.sqos.operations.update_counters", FT_BOOLEAN, 32,
10183 NULL, STORAGE_QOS_CONTROL_FLAG_UPDATE_COUNTERS, "Whether Update Counters operation is performed", HFILL }
10186 { &hf_smb2_ioctl_sqos_logical_flow_id,
10187 { "LogicalFlowID", "smb2.ioctl.sqos.logical_flow_id", FT_GUID, BASE_NONE,
10188 NULL, 0, NULL, HFILL }
10191 { &hf_smb2_ioctl_sqos_policy_id,
10192 { "PolicyID", "smb2.ioctl.sqos.policy_id", FT_GUID, BASE_NONE,
10193 NULL, 0, NULL, HFILL }
10196 { &hf_smb2_ioctl_sqos_initiator_id,
10197 { "InitiatorID", "smb2.ioctl.sqos.initiator_id", FT_GUID, BASE_NONE,
10198 NULL, 0, NULL, HFILL }
10201 { &hf_smb2_ioctl_sqos_limit,
10202 { "Limit", "smb2.ioctl.sqos.limit", FT_UINT64, BASE_DEC,
10203 NULL, 0, "Desired maximum throughput for the logical flow, in normalized IOPS", HFILL }
10206 { &hf_smb2_ioctl_sqos_reservation,
10207 { "Reservation", "smb2.ioctl.sqos.reservation", FT_UINT64, BASE_DEC,
10208 NULL, 0, "Desired minimum throughput for the logical flow, in normalized 8KB IOPS", HFILL }
10211 { &hf_smb2_ioctl_sqos_initiator_name,
10212 { "InitiatorName", "smb2.ioctl.sqos.initiator_name", FT_STRING, BASE_NONE,
10213 NULL, 0x0, NULL, HFILL }
10216 { &hf_smb2_ioctl_sqos_initiator_node_name,
10217 { "InitiatorNodeName", "smb2.ioctl.sqos.initiator_node_name", FT_STRING, BASE_NONE,
10218 NULL, 0x0, NULL, HFILL }
10221 { &hf_smb2_ioctl_sqos_io_count_increment,
10222 { "IoCountIncrement", "smb2.ioctl.sqos.io_count_increment", FT_UINT64, BASE_DEC,
10223 NULL, 0, "The total number of I/O requests issued by the initiator on the logical flow", HFILL }
10226 { &hf_smb2_ioctl_sqos_normalized_io_count_increment,
10227 { "NormalizedIoCountIncrement", "smb2.ioctl.sqos.normalized_io_count_increment", FT_UINT64, BASE_DEC,
10228 NULL, 0, "The total number of normalized 8-KB I/O requests issued by the initiator on the logical flow", HFILL }
10231 { &hf_smb2_ioctl_sqos_latency_increment,
10232 { "LatencyIncrement", "smb2.ioctl.sqos.latency_increment", FT_UINT64, BASE_DEC,
10233 NULL, 0, "The total latency (including initiator's queues delays) measured by the initiator", HFILL }
10236 { &hf_smb2_ioctl_sqos_lower_latency_increment,
10237 { "LowerLatencyIncrement", "smb2.ioctl.sqos.lower_latency_increment", FT_UINT64, BASE_DEC,
10238 NULL, 0, "The total latency (excluding initiator's queues delays) measured by the initiator", HFILL }
10241 { &hf_smb2_ioctl_sqos_bandwidth_limit,
10242 { "BandwidthLimit", "smb2.ioctl.sqos.bandwidth_limit", FT_UINT64, BASE_DEC,
10243 NULL, 0, "Desired maximum bandwidth for the logical flow, in kilobytes per second", HFILL }
10246 { &hf_smb2_ioctl_sqos_kilobyte_count_increment,
10247 { "KilobyteCountIncrement", "smb2.ioctl.sqos.kilobyte_count_increment", FT_UINT64, BASE_DEC,
10248 NULL, 0, "The total data transfer length of all I/O requests, in kilobyte units, issued by the initiator on the logical flow", HFILL }
10251 { &hf_smb2_ioctl_sqos_time_to_live,
10252 { "TimeToLive", "smb2.ioctl.sqos.time_to_live", FT_UINT32, BASE_DEC,
10253 NULL, 0, "The expected period of validity of the Status, MaximumIoRate and MinimumIoRate fields, expressed in milliseconds", HFILL }
10256 { &hf_smb2_ioctl_sqos_status,
10257 { "Status", "smb2.ioctl.sqos.status", FT_UINT32, BASE_HEX,
10258 VALS(smb2_ioctl_sqos_status_vals), 0, "The current status of the logical flow", HFILL }
10261 { &hf_smb2_ioctl_sqos_maximum_io_rate,
10262 { "MaximumIoRate", "smb2.ioctl.sqos.maximum_io_rate", FT_UINT64, BASE_DEC,
10263 NULL, 0, "The maximum I/O initiation rate currently assigned to the logical flow, expressed in normalized input/output operations per second (normalized IOPS)", HFILL }
10266 { &hf_smb2_ioctl_sqos_minimum_io_rate,
10267 { "MinimumIoRate", "smb2.ioctl.sqos.minimum_io_rate", FT_UINT64, BASE_DEC,
10268 NULL, 0, "The minimum I/O completion rate currently assigned to the logical flow, expressed in normalized IOPS", HFILL }
10271 { &hf_smb2_ioctl_sqos_base_io_size,
10272 { "BaseIoSize", "smb2.ioctl.sqos.base_io_size", FT_UINT32, BASE_DEC,
10273 NULL, 0, "The base I/O size used to compute the normalized size of an I/O request for the logical flow", HFILL }
10276 { &hf_smb2_ioctl_sqos_reserved2,
10277 { "Reserved", "smb2.ioctl.sqos.reserved2", FT_UINT32, BASE_DEC,
10278 NULL, 0, NULL, HFILL }
10281 { &hf_smb2_ioctl_sqos_maximum_bandwidth,
10282 { "MaximumBandwidth", "smb2.ioctl.sqos.maximum_bandwidth", FT_UINT64, BASE_DEC,
10283 NULL, 0, "The maximum bandwidth currently assigned to the logical flow, expressed in kilobytes per second", HFILL }
10287 { &hf_windows_sockaddr_family,
10288 { "Socket Family", "smb2.windows.sockaddr.family", FT_UINT16, BASE_DEC,
10289 NULL, 0, "The socket address family (on windows)", HFILL }
10292 { &hf_windows_sockaddr_port,
10293 { "Socket Port", "smb2.windows.sockaddr.port", FT_UINT16, BASE_DEC,
10294 NULL, 0, "The socket address port", HFILL }
10297 { &hf_windows_sockaddr_in_addr,
10298 { "Socket IPv4", "smb2.windows.sockaddr.in.addr", FT_IPv4, BASE_NONE,
10299 NULL, 0, "The IPv4 address", HFILL }
10302 { &hf_windows_sockaddr_in6_flowinfo,
10303 { "IPv6 Flow Info", "smb2.windows.sockaddr.in6.flow_info", FT_UINT32, BASE_HEX,
10304 NULL, 0, "The socket IPv6 flow info", HFILL }
10307 { &hf_windows_sockaddr_in6_addr,
10308 { "Socket IPv6", "smb2.windows.sockaddr.in6.addr", FT_IPv6, BASE_NONE,
10309 NULL, 0, "The IPv6 address", HFILL }
10312 { &hf_windows_sockaddr_in6_scope_id,
10313 { "IPv6 Scope ID", "smb2.windows.sockaddr.in6.scope_id", FT_UINT32, BASE_DEC,
10314 NULL, 0, "The socket IPv6 scope id", HFILL }
10317 { &hf_smb2_ioctl_network_interface_next_offset,
10318 { "Next Offset", "smb2.ioctl.network_interfaces.next_offset", FT_UINT32, BASE_HEX,
10319 NULL, 0, "Offset to next entry in chain or 0", HFILL }
10322 { &hf_smb2_ioctl_network_interface_index,
10323 { "Interface Index", "smb2.ioctl.network_interfaces.index", FT_UINT32, BASE_DEC,
10324 NULL, 0, "The index of the interface", HFILL }
10327 { &hf_smb2_ioctl_network_interface_rss_queue_count,
10328 { "RSS Queue Count", "smb2.ioctl.network_interfaces.rss_queue_count", FT_UINT32, BASE_DEC,
10329 NULL, 0, "The RSS queue count", HFILL }
10332 { &hf_smb2_ioctl_network_interface_capabilities,
10333 { "Interface Cababilities", "smb2.ioctl.network_interfaces.capabilities", FT_UINT32, BASE_HEX,
10334 NULL, 0, "The RSS queue count", HFILL }
10337 { &hf_smb2_ioctl_network_interface_capability_rss,
10338 { "RSS", "smb2.ioctl.network_interfaces.capabilities.rss", FT_BOOLEAN, 32,
10339 TFS(&tfs_smb2_ioctl_network_interface_capability_rss), NETWORK_INTERFACE_CAP_RSS, "If the host supports RSS", HFILL }
10342 { &hf_smb2_ioctl_network_interface_capability_rdma,
10343 { "RDMA", "smb2.ioctl.network_interfaces.capabilities.rdma", FT_BOOLEAN, 32,
10344 TFS(&tfs_smb2_ioctl_network_interface_capability_rdma), NETWORK_INTERFACE_CAP_RDMA, "If the host supports RDMA", HFILL }
10347 { &hf_smb2_ioctl_network_interface_link_speed,
10348 { "Link Speed", "smb2.ioctl.network_interfaces.link_speed", FT_UINT64, BASE_DEC,
10349 NULL, 0, "The link speed of the interface", HFILL }
10352 { &hf_smb2_ioctl_shadow_copy_num_volumes,
10353 { "Num Volumes", "smb2.ioctl.shadow_copy.num_volumes", FT_UINT32, BASE_DEC,
10354 NULL, 0, "Number of shadow copy volumes", HFILL }
10357 { &hf_smb2_ioctl_shadow_copy_num_labels,
10358 { "Num Labels", "smb2.ioctl.shadow_copy.num_labels", FT_UINT32, BASE_DEC,
10359 NULL, 0, "Number of shadow copy labels", HFILL }
10362 { &hf_smb2_ioctl_shadow_copy_label,
10363 { "Label", "smb2.ioctl.shadow_copy.label", FT_STRING, BASE_NONE,
10364 NULL, 0, "Shadow copy label", HFILL }
10367 { &hf_smb2_compression_format,
10368 { "Compression Format", "smb2.compression_format", FT_UINT16, BASE_DEC,
10369 VALS(compression_format_vals), 0, NULL, HFILL }
10372 { &hf_smb2_checksum_algorithm,
10373 { "Checksum Algorithm", "smb2.checksum_algorithm", FT_UINT16, BASE_HEX,
10374 VALS(checksum_algorithm_vals), 0, NULL, HFILL }
10377 { &hf_smb2_integrity_reserved,
10378 { "Reserved", "smb2.integrity_reserved", FT_UINT16, BASE_DEC,
10379 NULL, 0, NULL, HFILL }
10382 { &hf_smb2_integrity_flags,
10383 { "Flags", "smb2.integrity_flags", FT_UINT32, BASE_HEX,
10384 NULL, 0, NULL, HFILL }
10387 { &hf_smb2_integrity_flags_enforcement_off,
10388 { "FSCTL_INTEGRITY_FLAG_CHECKSUM_ENFORCEMENT_OFF", "smb2.integrity_flags_enforcement", FT_BOOLEAN, 32,
10389 NULL, 0x1, "If checksum error enforcement is off", HFILL }
10392 { &hf_smb2_share_type,
10393 { "Share Type", "smb2.share_type", FT_UINT8, BASE_HEX,
10394 VALS(smb2_share_type_vals), 0, "Type of share", HFILL }
10397 { &hf_smb2_credit_charge,
10398 { "Credit Charge", "smb2.credit.charge", FT_UINT16, BASE_DEC,
10399 NULL, 0, NULL, HFILL }
10402 { &hf_smb2_credits_requested,
10403 { "Credits requested", "smb2.credits.requested", FT_UINT16, BASE_DEC,
10404 NULL, 0, NULL, HFILL }
10407 { &hf_smb2_credits_granted,
10408 { "Credits granted", "smb2.credits.granted", FT_UINT16, BASE_DEC,
10409 NULL, 0, NULL, HFILL }
10412 { &hf_smb2_channel_sequence,
10413 { "Channel Sequence", "smb2.channel_sequence", FT_UINT16, BASE_DEC,
10414 NULL, 0, NULL, HFILL }
10417 { &hf_smb2_dialect_count,
10418 { "Dialect count", "smb2.dialect_count", FT_UINT16, BASE_DEC,
10419 NULL, 0, NULL, HFILL }
10422 { &hf_smb2_dialect,
10423 { "Dialect", "smb2.dialect", FT_UINT16, BASE_HEX,
10424 NULL, 0, NULL, HFILL }
10427 { &hf_smb2_security_mode,
10428 { "Security mode", "smb2.sec_mode", FT_UINT8, BASE_HEX,
10429 NULL, 0, NULL, HFILL }
10432 { &hf_smb2_session_flags,
10433 { "Session Flags", "smb2.session_flags", FT_UINT16, BASE_HEX,
10434 NULL, 0, NULL, HFILL }
10437 { &hf_smb2_lock_count,
10438 { "Lock Count", "smb2.lock_count", FT_UINT16, BASE_DEC,
10439 NULL, 0, NULL, HFILL }
10442 { &hf_smb2_capabilities,
10443 { "Capabilities", "smb2.capabilities", FT_UINT32, BASE_HEX,
10444 NULL, 0, NULL, HFILL }
10447 { &hf_smb2_ioctl_shadow_copy_count,
10448 { "Count", "smb2.ioctl.shadow_copy.count", FT_UINT32, BASE_DEC,
10449 NULL, 0, "Number of bytes for shadow copy label strings", HFILL }
10452 { &hf_smb2_auth_frame,
10453 { "Authenticated in Frame", "smb2.auth_frame", FT_UINT32, BASE_DEC,
10454 NULL, 0, "Which frame this user was authenticated in", HFILL }
10457 { &hf_smb2_tcon_frame,
10458 { "Connected in Frame", "smb2.tcon_frame", FT_UINT32, BASE_DEC,
10459 NULL, 0, "Which frame this share was connected in", HFILL }
10463 { "Tag", "smb2.tag", FT_STRING, BASE_NONE,
10464 NULL, 0, "Tag of chain entry", HFILL }
10467 { &hf_smb2_acct_name,
10468 { "Account", "smb2.acct", FT_STRING, BASE_NONE,
10469 NULL, 0, "Account Name", HFILL }
10472 { &hf_smb2_domain_name,
10473 { "Domain", "smb2.domain", FT_STRING, BASE_NONE,
10474 NULL, 0, "Domain Name", HFILL }
10477 { &hf_smb2_host_name,
10478 { "Host", "smb2.host", FT_STRING, BASE_NONE,
10479 NULL, 0, "Host Name", HFILL }
10482 { &hf_smb2_signature,
10483 { "Signature", "smb2.signature", FT_BYTES, BASE_NONE,
10484 NULL, 0, NULL, HFILL }
10487 { &hf_smb2_unknown,
10488 { "Unknown", "smb2.unknown", FT_BYTES, BASE_NONE,
10489 NULL, 0, NULL, HFILL }
10492 { &hf_smb2_twrp_timestamp,
10493 { "Timestamp", "smb2.twrp_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
10494 NULL, 0, "TWrp timestamp", HFILL }
10497 { &hf_smb2_mxac_timestamp,
10498 { "Timestamp", "smb2.mxac_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
10499 NULL, 0, "MxAc timestamp", HFILL }
10502 { &hf_smb2_mxac_status,
10503 { "Query Status", "smb2.mxac_status", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
10504 &NT_errors_ext, 0, "NT Status code", HFILL }
10507 { &hf_smb2_qfid_fid,
10508 { "Opaque File ID", "smb2.qfid_fid", FT_BYTES, BASE_NONE,
10509 NULL, 0, NULL, HFILL }
10512 { &hf_smb2_ses_flags_guest,
10513 { "Guest", "smb2.ses_flags.guest", FT_BOOLEAN, 16,
10514 NULL, SES_FLAGS_GUEST, NULL, HFILL }
10517 { &hf_smb2_ses_flags_null,
10518 { "Null", "smb2.ses_flags.null", FT_BOOLEAN, 16,
10519 NULL, SES_FLAGS_NULL, NULL, HFILL }
10522 { &hf_smb2_ses_flags_encrypt,
10523 { "Encrypt", "smb2.ses_flags.encrypt", FT_BOOLEAN, 16,
10524 NULL, SES_FLAGS_ENCRYPT, NULL, HFILL }},
10526 { &hf_smb2_secmode_flags_sign_required,
10527 { "Signing required", "smb2.sec_mode.sign_required", FT_BOOLEAN, 8,
10528 NULL, NEGPROT_SIGN_REQ, "Is signing required", HFILL }
10531 { &hf_smb2_secmode_flags_sign_enabled,
10532 { "Signing enabled", "smb2.sec_mode.sign_enabled", FT_BOOLEAN, 8,
10533 NULL, NEGPROT_SIGN_ENABLED, "Is signing enabled", HFILL }
10536 { &hf_smb2_ses_req_flags,
10537 { "Flags", "smb2.ses_req_flags", FT_UINT8, BASE_DEC,
10538 NULL, 0, NULL, HFILL }
10541 { &hf_smb2_ses_req_flags_session_binding,
10542 { "Session Binding Request", "smb2.ses_req_flags.session_binding", FT_BOOLEAN, 8,
10543 NULL, SES_REQ_FLAGS_SESSION_BINDING, "The client wants to bind to an existing session", HFILL }
10546 { &hf_smb2_cap_dfs,
10547 { "DFS", "smb2.capabilities.dfs", FT_BOOLEAN, 32,
10548 TFS(&tfs_cap_dfs), NEGPROT_CAP_DFS, "If the host supports dfs", HFILL }
10551 { &hf_smb2_cap_leasing,
10552 { "LEASING", "smb2.capabilities.leasing", FT_BOOLEAN, 32,
10553 TFS(&tfs_cap_leasing), NEGPROT_CAP_LEASING, "If the host supports leasing", HFILL }
10556 { &hf_smb2_cap_large_mtu,
10557 { "LARGE MTU", "smb2.capabilities.large_mtu", FT_BOOLEAN, 32,
10558 TFS(&tfs_cap_large_mtu), NEGPROT_CAP_LARGE_MTU, "If the host supports LARGE MTU", HFILL }
10561 { &hf_smb2_cap_multi_channel,
10562 { "MULTI CHANNEL", "smb2.capabilities.multi_channel", FT_BOOLEAN, 32,
10563 TFS(&tfs_cap_multi_channel), NEGPROT_CAP_MULTI_CHANNEL, "If the host supports MULTI CHANNEL", HFILL }
10566 { &hf_smb2_cap_persistent_handles,
10567 { "PERSISTENT HANDLES", "smb2.capabilities.persistent_handles", FT_BOOLEAN, 32,
10568 TFS(&tfs_cap_persistent_handles), NEGPROT_CAP_PERSISTENT_HANDLES, "If the host supports PERSISTENT HANDLES", HFILL }
10571 { &hf_smb2_cap_directory_leasing,
10572 { "DIRECTORY LEASING", "smb2.capabilities.directory_leasing", FT_BOOLEAN, 32,
10573 TFS(&tfs_cap_directory_leasing), NEGPROT_CAP_DIRECTORY_LEASING, "If the host supports DIRECTORY LEASING", HFILL }
10576 { &hf_smb2_cap_encryption,
10577 { "ENCRYPTION", "smb2.capabilities.encryption", FT_BOOLEAN, 32,
10578 TFS(&tfs_cap_encryption), NEGPROT_CAP_ENCRYPTION, "If the host supports ENCRYPTION", HFILL }
10581 { &hf_smb2_max_trans_size,
10582 { "Max Transaction Size", "smb2.max_trans_size", FT_UINT32, BASE_DEC,
10583 NULL, 0, NULL, HFILL }
10586 { &hf_smb2_max_read_size,
10587 { "Max Read Size", "smb2.max_read_size", FT_UINT32, BASE_DEC,
10588 NULL, 0, NULL, HFILL }
10591 { &hf_smb2_max_write_size,
10592 { "Max Write Size", "smb2.max_write_size", FT_UINT32, BASE_DEC,
10593 NULL, 0, NULL, HFILL }
10596 { &hf_smb2_channel,
10597 { "Channel", "smb2.channel", FT_UINT32, BASE_HEX,
10598 VALS(smb2_channel_vals), 0, NULL, HFILL }
10601 { &hf_smb2_rdma_v1_offset,
10602 { "Offset", "smb2.buffer_descriptor.offset", FT_UINT64, BASE_DEC,
10603 NULL, 0, NULL, HFILL }
10606 { &hf_smb2_rdma_v1_token,
10607 { "Token", "smb2.buffer_descriptor.token", FT_UINT32, BASE_HEX,
10608 NULL, 0, NULL, HFILL }
10611 { &hf_smb2_rdma_v1_length,
10612 { "Length", "smb2.buffer_descriptor.length", FT_UINT32, BASE_DEC,
10613 NULL, 0, NULL, HFILL }
10616 { &hf_smb2_share_flags,
10617 { "Share flags", "smb2.share_flags", FT_UINT32, BASE_HEX,
10618 NULL, 0, NULL, HFILL }
10621 { &hf_smb2_share_flags_dfs,
10622 { "DFS", "smb2.share_flags.dfs", FT_BOOLEAN, 32,
10623 NULL, SHARE_FLAGS_dfs, "The specified share is present in a Distributed File System (DFS) tree structure", HFILL }
10626 { &hf_smb2_share_flags_dfs_root,
10627 { "DFS root", "smb2.share_flags.dfs_root", FT_BOOLEAN, 32,
10628 NULL, SHARE_FLAGS_dfs_root, "The specified share is present in a Distributed File System (DFS) tree structure", HFILL }
10631 { &hf_smb2_share_flags_restrict_exclusive_opens,
10632 { "Restrict exclusive opens", "smb2.share_flags.restrict_exclusive_opens", FT_BOOLEAN, 32,
10633 NULL, SHARE_FLAGS_restrict_exclusive_opens, "The specified share disallows exclusive file opens that deny reads to an open file", HFILL }
10636 { &hf_smb2_share_flags_force_shared_delete,
10637 { "Force shared delete", "smb2.share_flags.force_shared_delete", FT_BOOLEAN, 32,
10638 NULL, SHARE_FLAGS_force_shared_delete, "Shared files in the specified share can be forcibly deleted", HFILL }
10641 { &hf_smb2_share_flags_allow_namespace_caching,
10642 { "Allow namepsace caching", "smb2.share_flags.allow_namespace_caching", FT_BOOLEAN, 32,
10643 NULL, SHARE_FLAGS_allow_namespace_caching, "Clients are allowed to cache the namespace of the specified share", HFILL }
10646 { &hf_smb2_share_flags_access_based_dir_enum,
10647 { "Access based directory enum", "smb2.share_flags.access_based_dir_enum", FT_BOOLEAN, 32,
10648 NULL, SHARE_FLAGS_access_based_dir_enum, "The server will filter directory entries based on the access permissions of the client", HFILL }
10651 { &hf_smb2_share_flags_force_levelii_oplock,
10652 { "Force level II oplock", "smb2.share_flags.force_levelii_oplock", FT_BOOLEAN, 32,
10653 NULL, SHARE_FLAGS_force_levelii_oplock, "The server will not issue exclusive caching rights on this share", HFILL }
10656 { &hf_smb2_share_flags_enable_hash_v1,
10657 { "Enable hash V1", "smb2.share_flags.enable_hash_v1", FT_BOOLEAN, 32,
10658 NULL, SHARE_FLAGS_enable_hash_v1, "The share supports hash generation V1 for branch cache retrieval of data (see also section 2.2.31.2 of MS-SMB2)", HFILL }
10661 { &hf_smb2_share_flags_enable_hash_v2,
10662 { "Enable hash V2", "smb2.share_flags.enable_hash_v2", FT_BOOLEAN, 32,
10663 NULL, SHARE_FLAGS_enable_hash_v2, "The share supports hash generation V2 for branch cache retrieval of data (see also section 2.2.31.2 of MS-SMB2)", HFILL }
10666 { &hf_smb2_share_flags_encrypt_data,
10667 { "Encrypted data required", "smb2.share_flags.encrypt_data", FT_BOOLEAN, 32,
10668 NULL, SHARE_FLAGS_encryption_required, "The share require data encryption", HFILL }
10671 { &hf_smb2_share_caching,
10672 { "Caching policy", "smb2.share.caching", FT_UINT32, BASE_HEX,
10673 VALS(share_cache_vals), 0, NULL, HFILL }
10676 { &hf_smb2_share_caps,
10677 { "Share Capabilities", "smb2.share_caps", FT_UINT32, BASE_HEX,
10678 NULL, 0, NULL, HFILL }
10681 { &hf_smb2_share_caps_dfs,
10682 { "DFS", "smb2.share_caps.dfs", FT_BOOLEAN, 32,
10683 NULL, SHARE_CAPS_DFS, "The specified share is present in a DFS tree structure", HFILL }
10686 { &hf_smb2_share_caps_continuous_availability,
10687 { "CONTINUOUS AVAILABILITY", "smb2.share_caps.continuous_availability", FT_BOOLEAN, 32,
10688 NULL, SHARE_CAPS_CONTINUOUS_AVAILABILITY, "The specified share is continuously available", HFILL }
10691 { &hf_smb2_share_caps_scaleout,
10692 { "SCALEOUT", "smb2.share_caps.scaleout", FT_BOOLEAN, 32,
10693 NULL, SHARE_CAPS_SCALEOUT, "The specified share is a scaleout share", HFILL }
10696 { &hf_smb2_share_caps_cluster,
10697 { "CLUSTER", "smb2.share_caps.cluster", FT_BOOLEAN, 32,
10698 NULL, SHARE_CAPS_CLUSTER, "The specified share is a cluster share", HFILL }
10701 { &hf_smb2_ioctl_flags,
10702 { "Flags", "smb2.ioctl.flags", FT_UINT32, BASE_HEX,
10703 NULL, 0, NULL, HFILL }
10706 { &hf_smb2_min_count,
10707 { "Min Count", "smb2.min_count", FT_UINT32, BASE_DEC,
10708 NULL, 0, NULL, HFILL }
10711 { &hf_smb2_remaining_bytes,
10712 { "Remaining Bytes", "smb2.remaining_bytes", FT_UINT32, BASE_DEC,
10713 NULL, 0, NULL, HFILL }
10716 { &hf_smb2_channel_info_offset,
10717 { "Channel Info Offset", "smb2.channel_info_offset", FT_UINT16, BASE_DEC,
10718 NULL, 0, NULL, HFILL }
10721 { &hf_smb2_channel_info_length,
10722 { "Channel Info Length", "smb2.channel_info_length", FT_UINT16, BASE_DEC,
10723 NULL, 0, NULL, HFILL }
10726 { &hf_smb2_channel_info_blob,
10727 { "Channel Info Blob", "smb2.channel_info_blob", FT_NONE, BASE_NONE,
10728 NULL, 0, NULL, HFILL }
10731 { &hf_smb2_ioctl_is_fsctl,
10732 { "Is FSCTL", "smb2.ioctl.is_fsctl", FT_BOOLEAN, 32,
10733 NULL, 0x00000001, NULL, HFILL }
10736 { &hf_smb2_output_buffer_len,
10737 { "Output Buffer Length", "smb2.output_buffer_len", FT_UINT16, BASE_DEC,
10738 NULL, 0, NULL, HFILL }
10741 { &hf_smb2_close_pq_attrib,
10742 { "PostQuery Attrib", "smb2.close.pq_attrib", FT_BOOLEAN, 16,
10743 NULL, 0x0001, NULL, HFILL }
10746 { &hf_smb2_notify_watch_tree,
10747 { "Watch Tree", "smb2.notify.watch_tree", FT_BOOLEAN, 16,
10748 NULL, 0x0001, NULL, HFILL }
10751 { &hf_smb2_notify_out_data,
10752 { "Out Data", "smb2.notify.out", FT_NONE, BASE_NONE,
10753 NULL, 0, NULL, HFILL }
10756 { &hf_smb2_notify_info,
10757 { "Notify Info", "smb2.notify.info", FT_NONE, BASE_NONE,
10758 NULL, 0, NULL, HFILL }
10761 { &hf_smb2_notify_next_offset,
10762 { "Next Offset", "smb2.notify.next_offset", FT_UINT32, BASE_HEX,
10763 NULL, 0, "Offset to next entry in chain or 0", HFILL }
10766 { &hf_smb2_notify_action,
10767 { "Action", "smb2.notify.action", FT_UINT32, BASE_HEX,
10768 VALS(notify_action_vals), 0, "Notify Action", HFILL }
10772 { &hf_smb2_find_flags_restart_scans,
10773 { "Restart Scans", "smb2.find.restart_scans", FT_BOOLEAN, 8,
10774 NULL, SMB2_FIND_FLAG_RESTART_SCANS, NULL, HFILL }
10777 { &hf_smb2_find_flags_single_entry,
10778 { "Single Entry", "smb2.find.single_entry", FT_BOOLEAN, 8,
10779 NULL, SMB2_FIND_FLAG_SINGLE_ENTRY, NULL, HFILL }
10782 { &hf_smb2_find_flags_index_specified,
10783 { "Index Specified", "smb2.find.index_specified", FT_BOOLEAN, 8,
10784 NULL, SMB2_FIND_FLAG_INDEX_SPECIFIED, NULL, HFILL }
10787 { &hf_smb2_find_flags_reopen,
10788 { "Reopen", "smb2.find.reopen", FT_BOOLEAN, 8,
10789 NULL, SMB2_FIND_FLAG_REOPEN, NULL, HFILL }
10792 { &hf_smb2_file_index,
10793 { "File Index", "smb2.file_index", FT_UINT32, BASE_HEX,
10794 NULL, 0, NULL, HFILL }
10797 { &hf_smb2_file_directory_info,
10798 { "FileDirectoryInfo", "smb2.find.file_directory_info", FT_NONE, BASE_NONE,
10799 NULL, 0, NULL, HFILL }
10802 { &hf_smb2_full_directory_info,
10803 { "FullDirectoryInfo", "smb2.find.full_directory_info", FT_NONE, BASE_NONE,
10804 NULL, 0, NULL, HFILL }
10807 { &hf_smb2_both_directory_info,
10808 { "FileBothDirectoryInfo", "smb2.find.both_directory_info", FT_NONE, BASE_NONE,
10809 NULL, 0, NULL, HFILL }
10812 { &hf_smb2_id_both_directory_info,
10813 { "FileIdBothDirectoryInfo", "smb2.find.id_both_directory_info", FT_NONE, BASE_NONE,
10814 NULL, 0, NULL, HFILL }
10817 { &hf_smb2_short_name_len,
10818 { "Short Name Length", "smb2.short_name_len", FT_UINT8, BASE_DEC,
10819 NULL, 0, NULL, HFILL }
10822 { &hf_smb2_short_name,
10823 { "Short Name", "smb2.shortname", FT_STRING, BASE_NONE,
10824 NULL, 0, NULL, HFILL }
10827 { &hf_smb2_lock_info,
10828 { "Lock Info", "smb2.lock_info", FT_NONE, BASE_NONE,
10829 NULL, 0, NULL, HFILL }
10832 { &hf_smb2_lock_length,
10833 { "Length", "smb2.lock_length", FT_UINT64, BASE_DEC,
10834 NULL, 0, NULL, HFILL }
10837 { &hf_smb2_lock_flags,
10838 { "Flags", "smb2.lock_flags", FT_UINT32, BASE_HEX,
10839 NULL, 0, NULL, HFILL }
10842 { &hf_smb2_lock_flags_shared,
10843 { "Shared", "smb2.lock_flags.shared", FT_BOOLEAN, 32,
10844 NULL, 0x00000001, NULL, HFILL }
10847 { &hf_smb2_lock_flags_exclusive,
10848 { "Exclusive", "smb2.lock_flags.exclusive", FT_BOOLEAN, 32,
10849 NULL, 0x00000002, NULL, HFILL }
10852 { &hf_smb2_lock_flags_unlock,
10853 { "Unlock", "smb2.lock_flags.unlock", FT_BOOLEAN, 32,
10854 NULL, 0x00000004, NULL, HFILL }
10857 { &hf_smb2_lock_flags_fail_immediately,
10858 { "Fail Immediately", "smb2.lock_flags.fail_immediately", FT_BOOLEAN, 32,
10859 NULL, 0x00000010, NULL, HFILL }
10862 { &hf_smb2_error_context_count,
10863 { "Error Context Count", "smb2.error.context_count", FT_UINT8, BASE_DEC,
10864 NULL, 0, NULL, HFILL }
10867 { &hf_smb2_error_reserved,
10868 { "Reserved", "smb2.error.reserved", FT_UINT8, BASE_HEX,
10869 NULL, 0, NULL, HFILL }
10872 { &hf_smb2_error_byte_count,
10873 { "Byte Count", "smb2.error.byte_count", FT_UINT32, BASE_DEC,
10874 NULL, 0, NULL, HFILL }
10877 { &hf_smb2_error_data,
10878 { "Error Data", "smb2.error.data", FT_BYTES, BASE_NONE,
10879 NULL, 0, NULL, HFILL }
10882 { &hf_smb2_reserved,
10883 { "Reserved", "smb2.reserved", FT_BYTES, BASE_NONE,
10884 NULL, 0, NULL, HFILL }
10887 { &hf_smb2_reserved_random,
10888 { "Reserved (Random)", "smb2.reserved.random", FT_BYTES, BASE_NONE,
10889 NULL, 0, "Reserved bytes, random data", HFILL }
10892 { &hf_smb2_root_directory_mbz,
10893 { "Root Dir Handle (MBZ)", "smb2.root_directory", FT_BYTES, BASE_NONE,
10894 NULL, 0, NULL, HFILL }
10897 { &hf_smb2_dhnq_buffer_reserved,
10898 { "Reserved", "smb2.dhnq_buffer_reserved", FT_UINT64, BASE_HEX,
10899 NULL, 0, NULL, HFILL }
10902 { &hf_smb2_dh2x_buffer_timeout,
10903 { "Timeout", "smb2.dh2x.timeout", FT_UINT32, BASE_DEC,
10904 NULL, 0, NULL, HFILL }
10907 { &hf_smb2_dh2x_buffer_flags,
10908 { "Flags", "smb2.dh2x.flags", FT_UINT32, BASE_HEX,
10909 NULL, 0, NULL, HFILL }
10912 { &hf_smb2_dh2x_buffer_flags_persistent_handle,
10913 { "Persistent Handle", "smb2.dh2x.flags.persistent_handle", FT_BOOLEAN, 32,
10914 NULL, SMB2_DH2X_FLAGS_PERSISTENT_HANDLE, NULL, HFILL }
10917 { &hf_smb2_dh2x_buffer_reserved,
10918 { "Reserved", "smb2.dh2x.reserved", FT_UINT64, BASE_HEX,
10919 NULL, 0, NULL, HFILL }
10922 { &hf_smb2_dh2x_buffer_create_guid,
10923 { "Create Guid", "smb2.dh2x.create_guid", FT_GUID, BASE_NONE,
10924 NULL, 0, NULL, HFILL }
10927 { &hf_smb2_APP_INSTANCE_buffer_struct_size,
10928 { "Struct Size", "smb2.app_instance.struct_size", FT_UINT16, BASE_DEC,
10929 NULL, 0, NULL, HFILL }
10932 { &hf_smb2_APP_INSTANCE_buffer_reserved,
10933 { "Reserved", "smb2.app_instance.reserved", FT_UINT16, BASE_HEX,
10934 NULL, 0, NULL, HFILL }
10937 { &hf_smb2_APP_INSTANCE_buffer_app_guid,
10938 { "Application Guid", "smb2.app_instance.app_guid", FT_GUID, BASE_NONE,
10939 NULL, 0, NULL, HFILL }
10942 { &hf_smb2_svhdx_open_device_context_version,
10943 { "Version", "smb2.svhdx_open_device_context.version", FT_UINT32, BASE_DEC,
10944 NULL, 0, NULL, HFILL }
10947 { &hf_smb2_svhdx_open_device_context_has_initiator_id,
10948 { "HasInitiatorId", "smb2.svhdx_open_device_context.initiator_has_id", FT_BOOLEAN, 8,
10949 TFS(&tfs_smb2_svhdx_has_initiator_id), 0, "Whether the host has an intiator", HFILL }
10952 { &hf_smb2_svhdx_open_device_context_reserved,
10953 { "Reserved", "smb2.svhdx_open_device_context.reserved", FT_BYTES, BASE_NONE,
10954 NULL, 0, NULL, HFILL }
10957 { &hf_smb2_svhdx_open_device_context_initiator_id,
10958 { "InitiatorId", "smb2.svhdx_open_device_context.initiator_id", FT_GUID, BASE_NONE,
10959 NULL, 0, NULL, HFILL }
10962 { &hf_smb2_svhdx_open_device_context_flags,
10963 { "Flags", "smb2.svhdx_open_device_context.flags", FT_UINT32, BASE_HEX,
10964 NULL, 0, NULL, HFILL }
10967 { &hf_smb2_svhdx_open_device_context_originator_flags,
10968 { "OriginatorFlags", "smb2.svhdx_open_device_context.originator_flags", FT_UINT32, BASE_HEX,
10969 VALS(originator_flags_vals), 0, NULL, HFILL }
10972 { &hf_smb2_svhdx_open_device_context_open_request_id,
10973 { "OpenRequestId","smb2.svhxd_open_device_context.open_request_id", FT_UINT64, BASE_HEX,
10974 NULL, 0, NULL, HFILL }
10977 { &hf_smb2_svhdx_open_device_context_initiator_host_name_len,
10978 { "HostNameLength", "smb2.svhxd_open_device_context.initiator_host_name_len", FT_UINT16, BASE_DEC,
10979 NULL, 0, NULL, HFILL }
10982 { &hf_smb2_svhdx_open_device_context_initiator_host_name,
10983 { "HostName", "smb2.svhdx_open_device_context.host_name", FT_STRING, BASE_NONE,
10984 NULL, 0, NULL, HFILL }
10987 { &hf_smb2_svhdx_open_device_context_virtual_disk_properties_initialized,
10988 { "VirtualDiskPropertiesInitialized", "smb2.svhdx_open_device_context.virtual_disk_properties_initialized", FT_BOOLEAN, 32,
10989 NULL, 0, "Whether VirtualSectorSize, PhysicalSectorSize, and VirtualSize fields are filled", HFILL }
10992 { &hf_smb2_svhdx_open_device_context_server_service_version,
10993 { "ServerServiceVersion", "smb2.svhdx_open_device_context.server_service_version", FT_UINT32, BASE_DEC,
10994 NULL, 0, "The current version of the protocol running on the server", HFILL }
10997 { &hf_smb2_svhdx_open_device_context_virtual_sector_size,
10998 { "VirtualSectorSize", "smb2.svhdx_open_device_context.virtual_sector_size", FT_UINT32, BASE_DEC,
10999 NULL, 0, "The virtual sector size of the virtual disk", HFILL }
11002 { &hf_smb2_svhdx_open_device_context_physical_sector_size,
11003 { "PhysicalSectorSize", "smb2.svhdx_open_device_context.physical_sector_size", FT_UINT32, BASE_DEC,
11004 NULL, 0, "The physical sector size of the virtual disk", HFILL }
11007 { &hf_smb2_svhdx_open_device_context_virtual_size,
11008 { "VirtualSize", "smb2.svhdx_open_device_context.virtual_size", FT_UINT64, BASE_DEC,
11009 NULL, 0, "The current length of the virtual disk, in bytes", HFILL }
11012 { &hf_smb2_posix_v1_version,
11013 { "Version", "smb2.posix_v1_version", FT_UINT32, BASE_DEC,
11014 NULL, 0, NULL, HFILL }
11017 { &hf_smb2_posix_v1_request,
11018 { "Request", "smb2.posix_request", FT_UINT32, BASE_HEX,
11019 NULL, 0, NULL, HFILL }
11022 { &hf_smb2_posix_v1_case_sensitive,
11023 { "Posix Case Sensitive File Names", "smb2.posix_case_sensitive", FT_UINT32, BASE_HEX,
11024 VALS(posix_case_sensitive_vals), 0x01, NULL, HFILL }
11027 { &hf_smb2_posix_v1_posix_lock,
11028 { "Posix Byte-Range Locks", "smb2.posix_locks", FT_UINT32, BASE_HEX,
11029 VALS(posix_locks_vals), 0x02, NULL, HFILL }
11032 { &hf_smb2_posix_v1_posix_file_semantics,
11033 { "Posix File Semantics", "smb2.posix_file_semantics", FT_UINT32, BASE_HEX,
11034 VALS(posix_file_semantics_vals), 0x04, NULL, HFILL }
11037 { &hf_smb2_posix_v1_posix_utf8_paths,
11038 { "Posix UTF8 Paths", "smb2.posix_utf8_paths", FT_UINT32, BASE_HEX,
11039 VALS(posix_utf8_paths_vals), 0x08, NULL, HFILL }
11042 { &hf_smb2_posix_v1_posix_will_convert_nt_acls,
11043 { "Posix Will Convert NT ACLs", "smb2.will_convert_NTACLs", FT_UINT32, BASE_HEX,
11044 VALS(posix_will_convert_ntacls_vals), 0x10, NULL, HFILL }
11047 { &hf_smb2_posix_v1_posix_fileinfo,
11048 { "Posix Fileinfo", "smb2.posix_fileinfo", FT_UINT32, BASE_HEX,
11049 VALS(posix_fileinfo_vals), 0x20, NULL, HFILL }
11052 { &hf_smb2_posix_v1_posix_acls,
11053 { "Posix ACLs", "smb2.posix_acls", FT_UINT32, BASE_HEX,
11054 VALS(posix_acls_vals), 0x40, NULL, HFILL }
11057 { &hf_smb2_posix_v1_rich_acls,
11058 { "Rich ACLs", "smb2.rich_acls", FT_UINT32, BASE_HEX,
11059 VALS(posix_rich_acls_vals), 0x80, NULL, HFILL }
11062 { &hf_smb2_posix_v1_supported_features,
11063 { "Supported Features", "smb2.posix_supported_features", FT_UINT32, BASE_HEX,
11064 NULL, 0, NULL, HFILL }
11067 { &hf_smb2_aapl_command_code,
11068 { "Command code", "smb2.aapl.command_code", FT_UINT32, BASE_DEC,
11069 VALS(aapl_command_code_vals), 0, NULL, HFILL }
11072 { &hf_smb2_aapl_reserved,
11073 { "Reserved", "smb2.aapl.reserved", FT_UINT32, BASE_HEX,
11074 NULL, 0, NULL, HFILL }
11077 { &hf_smb2_aapl_server_query_bitmask,
11078 { "Query bitmask", "smb2.aapl.query_bitmask", FT_UINT64, BASE_HEX,
11079 NULL, 0, NULL, HFILL }
11082 { &hf_smb2_aapl_server_query_bitmask_server_caps,
11083 { "Server capabilities", "smb2.aapl.bitmask.server_caps", FT_BOOLEAN, 64,
11084 NULL, SMB2_AAPL_SERVER_CAPS, NULL, HFILL }
11087 { &hf_smb2_aapl_server_query_bitmask_volume_caps,
11088 { "Volume capabilities", "smb2.aapl.bitmask.volume_caps", FT_BOOLEAN, 64,
11089 NULL, SMB2_AAPL_VOLUME_CAPS, NULL, HFILL }
11092 { &hf_smb2_aapl_server_query_bitmask_model_info,
11093 { "Model information", "smb2.aapl.bitmask.model_info", FT_BOOLEAN, 64,
11094 NULL, SMB2_AAPL_MODEL_INFO, NULL, HFILL }
11097 { &hf_smb2_aapl_server_query_caps,
11098 { "Client/Server capabilities", "smb2.aapl.caps", FT_UINT64, BASE_HEX,
11099 NULL, 0, NULL, HFILL }
11102 { &hf_smb2_aapl_server_query_caps_supports_read_dir_attr,
11103 { "Supports READDIRATTR", "smb2.aapl.caps.supports_read_dir_addr", FT_BOOLEAN, 64,
11104 NULL, SMB2_AAPL_SUPPORTS_READ_DIR_ATTR, NULL, HFILL }
11107 { &hf_smb2_aapl_server_query_caps_supports_osx_copyfile,
11108 { "Supports OS X copyfile", "smb2.aapl.caps.supports_osx_copyfile", FT_BOOLEAN, 64,
11109 NULL, SMB2_AAPL_SUPPORTS_OSX_COPYFILE, NULL, HFILL }
11112 { &hf_smb2_aapl_server_query_caps_unix_based,
11113 { "UNIX-based", "smb2.aapl.caps.unix_based", FT_BOOLEAN, 64,
11114 NULL, SMB2_AAPL_UNIX_BASED, NULL, HFILL }
11117 { &hf_smb2_aapl_server_query_caps_supports_nfs_ace,
11118 { "Supports NFS ACE", "smb2.aapl.supports_nfs_ace", FT_BOOLEAN, 64,
11119 NULL, SMB2_AAPL_SUPPORTS_NFS_ACE, NULL, HFILL }
11122 { &hf_smb2_aapl_server_query_volume_caps,
11123 { "Volume capabilities", "smb2.aapl.volume_caps", FT_UINT64, BASE_HEX,
11124 NULL, 0, NULL, HFILL }
11127 { &hf_smb2_aapl_server_query_volume_caps_support_resolve_id,
11128 { "Supports Resolve ID", "smb2.aapl.volume_caps.supports_resolve_id", FT_BOOLEAN, 64,
11129 NULL, SMB2_AAPL_SUPPORTS_RESOLVE_ID, NULL, HFILL }
11132 { &hf_smb2_aapl_server_query_volume_caps_case_sensitive,
11133 { "Case sensitive", "smb2.aapl.volume_caps.case_sensitive", FT_BOOLEAN, 64,
11134 NULL, SMB2_AAPL_CASE_SENSITIVE, NULL, HFILL }
11137 { &hf_smb2_aapl_server_query_volume_caps_supports_full_sync,
11138 { "Supports full sync", "smb2.aapl.volume_caps.supports_full_sync", FT_BOOLEAN, 64,
11139 NULL, SMB2_AAPL_SUPPORTS_FULL_SYNC, NULL, HFILL }
11142 { &hf_smb2_aapl_server_query_model_string,
11143 { "Model string", "smb2.aapl.model_string", FT_UINT_STRING, STR_UNICODE,
11144 NULL, 0, NULL, HFILL }
11147 { &hf_smb2_aapl_server_query_server_path,
11148 { "Server path", "smb2.aapl.server_path", FT_UINT_STRING, STR_UNICODE,
11149 NULL, 0, NULL, HFILL }
11152 { &hf_smb2_transform_signature,
11153 { "Signature", "smb2.header.transform.signature", FT_BYTES, BASE_NONE,
11154 NULL, 0, NULL, HFILL }
11157 { &hf_smb2_transform_nonce,
11158 { "Nonce", "smb2.header.transform.nonce", FT_BYTES, BASE_NONE,
11159 NULL, 0, NULL, HFILL }
11162 { &hf_smb2_transform_msg_size,
11163 { "Message size", "smb2.header.transform.msg_size", FT_UINT32, BASE_DEC,
11164 NULL, 0, NULL, HFILL }
11167 { &hf_smb2_transform_reserved,
11168 { "Reserved", "smb2.header.transform.reserved", FT_BYTES, BASE_NONE,
11169 NULL, 0, NULL, HFILL }
11172 { &hf_smb2_transform_enc_alg,
11173 { "Encryption ALG", "smb2.header.transform.encryption_alg", FT_UINT16, BASE_HEX,
11174 NULL, 0, NULL, HFILL }
11177 { &hf_smb2_encryption_aes128_ccm,
11178 { "SMB2_ENCRYPTION_AES128_CCM", "smb2.header.transform.enc_aes128_ccm", FT_BOOLEAN, 16,
11179 NULL, ENC_ALG_aes128_ccm, NULL, HFILL }
11182 { &hf_smb2_transform_encrypted_data,
11183 { "Data", "smb2.header.transform.enc_data", FT_BYTES, BASE_NONE,
11184 NULL, 0, NULL, HFILL }
11187 { &hf_smb2_server_component_smb2,
11188 { "Server Component: SMB2", "smb2.server_component_smb2", FT_NONE, BASE_NONE,
11189 NULL, 0, NULL, HFILL }
11192 { &hf_smb2_server_component_smb2_transform,
11193 { "Server Component: SMB2_TRANSFORM", "smb2.server_component_smb2_transform", FT_NONE, BASE_NONE,
11194 NULL, 0, NULL, HFILL }
11197 { &hf_smb2_truncated,
11198 { "Truncated...", "smb2.truncated", FT_NONE, BASE_NONE,
11199 NULL, 0, NULL, HFILL }
11202 { &hf_smb2_pipe_fragment_overlap,
11203 { "Fragment overlap", "smb2.pipe.fragment.overlap", FT_BOOLEAN, BASE_NONE,
11204 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }
11207 { &hf_smb2_pipe_fragment_overlap_conflict,
11208 { "Conflicting data in fragment overlap", "smb2.pipe.fragment.overlap.conflict", FT_BOOLEAN, BASE_NONE,
11209 NULL, 0x0, NULL, HFILL }
11212 { &hf_smb2_pipe_fragment_multiple_tails,
11213 { "Multiple tail fragments found", "smb2.pipe.fragment.multipletails", FT_BOOLEAN, BASE_NONE,
11214 NULL, 0x0, "Several tails were found when defragmenting the packet", HFILL }
11217 { &hf_smb2_pipe_fragment_too_long_fragment,
11218 { "Fragment too long", "smb2.pipe.fragment.toolongfragment", FT_BOOLEAN, BASE_NONE,
11219 NULL, 0x0, "Fragment contained data past end of packet", HFILL }
11222 { &hf_smb2_pipe_fragment_error,
11223 { "Defragmentation error", "smb2.pipe.fragment.error", FT_FRAMENUM, BASE_NONE,
11224 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }
11227 { &hf_smb2_pipe_fragment_count,
11228 { "Fragment count", "smb2.pipe.fragment.count", FT_UINT32, BASE_DEC,
11229 NULL, 0x0, NULL, HFILL }
11232 { &hf_smb2_pipe_fragment,
11233 { "Fragment SMB2 Named Pipe", "smb2.pipe.fragment", FT_FRAMENUM, BASE_NONE,
11234 NULL, 0x0, NULL, HFILL }
11237 { &hf_smb2_pipe_fragments,
11238 { "Reassembled SMB2 Named Pipe fragments", "smb2.pipe.fragments", FT_NONE, BASE_NONE,
11239 NULL, 0x0, NULL, HFILL }
11242 { &hf_smb2_pipe_reassembled_in,
11243 { "This SMB2 Named Pipe payload is reassembled in frame", "smb2.pipe.reassembled_in", FT_FRAMENUM, BASE_NONE,
11244 NULL, 0x0, "The Named Pipe PDU is completely reassembled in this frame", HFILL }
11247 { &hf_smb2_pipe_reassembled_length,
11248 { "Reassembled SMB2 Named Pipe length", "smb2.pipe.reassembled.length", FT_UINT32, BASE_DEC,
11249 NULL, 0x0, "The total length of the reassembled payload", HFILL }
11252 { &hf_smb2_pipe_reassembled_data,
11253 { "Reassembled SMB2 Named Pipe Data", "smb2.pipe.reassembled.data", FT_BYTES, BASE_NONE,
11254 NULL, 0x0, "The reassembled payload", HFILL }
11257 { &hf_smb2_cchunk_resume_key,
11258 { "ResumeKey", "smb2.fsctl.cchunk.resume_key", FT_BYTES, BASE_NONE,
11259 NULL, 0x0, "Opaque data representing source of copy", HFILL }
11262 { &hf_smb2_cchunk_count,
11263 { "Chunk Count", "smb2.fsctl.cchunk.count", FT_UINT32, BASE_DEC,
11264 NULL, 0x0, NULL, HFILL }
11267 { &hf_smb2_cchunk_src_offset,
11268 { "Source Offset", "smb2.fsctl.cchunk.src_offset", FT_UINT64, BASE_DEC,
11269 NULL, 0x0, NULL, HFILL }
11272 { &hf_smb2_cchunk_dst_offset,
11273 { "Target Offset", "smb2.fsctl.cchunk.dst_offset", FT_UINT64, BASE_DEC,
11274 NULL, 0x0, NULL, HFILL }
11277 { &hf_smb2_cchunk_xfer_len,
11278 { "Transfer Length", "smb2.fsctl.cchunk.xfer_len", FT_UINT32, BASE_DEC,
11279 NULL, 0x0, NULL, HFILL }
11282 { &hf_smb2_cchunk_chunks_written,
11283 { "Chunks Written", "smb2.fsctl.cchunk.chunks_written", FT_UINT32, BASE_DEC,
11284 NULL, 0x0, NULL, HFILL }
11287 { &hf_smb2_cchunk_bytes_written,
11288 { "Chunk Bytes Written", "smb2.fsctl.cchunk.bytes_written", FT_UINT32, BASE_DEC,
11289 NULL, 0x0, NULL, HFILL }
11292 { &hf_smb2_cchunk_total_written,
11293 { "Total Bytes Written", "smb2.fsctl.cchunk.total_written", FT_UINT32, BASE_DEC,
11294 NULL, 0x0, NULL, HFILL }
11297 { &hf_smb2_symlink_error_response,
11298 { "Symbolic Link Error Response", "smb2.symlink_error_response", FT_NONE, BASE_NONE,
11299 NULL, 0, NULL, HFILL }
11302 { &hf_smb2_symlink_length,
11303 { "SymLink Length", "smb2.symlink.length", FT_UINT32,
11304 BASE_DEC, NULL, 0x0, NULL, HFILL }
11307 { &hf_smb2_symlink_error_tag,
11308 { "SymLink Error Tag", "smb2.symlink.error_tag", FT_UINT32,
11309 BASE_HEX, NULL, 0x0, NULL, HFILL }
11312 { &hf_smb2_SYMBOLIC_LINK_REPARSE_DATA_BUFFER,
11313 { "SYMBOLIC_LINK_REPARSE_DATA_BUFFER", "smb2.SYMBOLIC_LINK_REPARSE_DATA_BUFFER", FT_NONE, BASE_NONE,
11314 NULL, 0, NULL, HFILL }
11316 { &hf_smb2_reparse_tag,
11317 { "Reparse Tag", "smb2.symlink.reparse_tag", FT_UINT32, BASE_HEX,
11318 NULL, 0x0, NULL, HFILL }
11320 { &hf_smb2_reparse_data_length,
11321 { "Reparse Data Length", "smb2.symlink.reparse_data_length", FT_UINT16, BASE_DEC,
11322 NULL, 0x0, NULL, HFILL }
11324 { &hf_smb2_unparsed_path_length,
11325 { "Unparsed Path Length", "smb2.symlink.unparsed_path_length", FT_UINT16, BASE_DEC,
11326 NULL, 0x0, NULL, HFILL }
11328 { &hf_smb2_symlink_substitute_name,
11329 { "Substitute Name", "smb2.symlink.substitute_name", FT_STRING, BASE_NONE,
11330 NULL, 0x0, NULL, HFILL }
11332 { &hf_smb2_symlink_print_name,
11333 { "Print Name", "smb2.symlink.print_name", FT_STRING, BASE_NONE,
11334 NULL, 0x0, NULL, HFILL }
11336 { &hf_smb2_symlink_flags,
11337 { "Flags", "smb2.symlink.flags", FT_UINT32, BASE_DEC,
11338 NULL, 0x0, NULL, HFILL }
11342 static gint *ett[] = {
11347 &ett_smb2_encrypted,
11350 &ett_smb2_negotiate_context_element,
11351 &ett_smb2_file_basic_info,
11352 &ett_smb2_file_standard_info,
11353 &ett_smb2_file_internal_info,
11354 &ett_smb2_file_ea_info,
11355 &ett_smb2_file_access_info,
11356 &ett_smb2_file_rename_info,
11357 &ett_smb2_file_disposition_info,
11358 &ett_smb2_file_position_info,
11359 &ett_smb2_file_full_ea_info,
11360 &ett_smb2_file_mode_info,
11361 &ett_smb2_file_alignment_info,
11362 &ett_smb2_file_all_info,
11363 &ett_smb2_file_allocation_info,
11364 &ett_smb2_file_endoffile_info,
11365 &ett_smb2_file_alternate_name_info,
11366 &ett_smb2_file_stream_info,
11367 &ett_smb2_file_pipe_info,
11368 &ett_smb2_file_compression_info,
11369 &ett_smb2_file_network_open_info,
11370 &ett_smb2_file_attribute_tag_info,
11371 &ett_smb2_fs_info_01,
11372 &ett_smb2_fs_info_03,
11373 &ett_smb2_fs_info_04,
11374 &ett_smb2_fs_info_05,
11375 &ett_smb2_fs_info_06,
11376 &ett_smb2_fs_info_07,
11377 &ett_smb2_fs_objectid_info,
11378 &ett_smb2_sec_info_00,
11379 &ett_smb2_quota_info,
11380 &ett_smb2_query_quota_info,
11381 &ett_smb2_tid_tree,
11382 &ett_smb2_sesid_tree,
11383 &ett_smb2_create_chain_element,
11384 &ett_smb2_MxAc_buffer,
11385 &ett_smb2_QFid_buffer,
11386 &ett_smb2_RqLs_buffer,
11387 &ett_smb2_ioctl_function,
11388 &ett_smb2_FILE_OBJECTID_BUFFER,
11390 &ett_smb2_sec_mode,
11391 &ett_smb2_capabilities,
11392 &ett_smb2_ses_req_flags,
11393 &ett_smb2_ses_flags,
11394 &ett_smb2_create_rep_flags,
11395 &ett_smb2_lease_state,
11396 &ett_smb2_lease_flags,
11397 &ett_smb2_share_flags,
11398 &ett_smb2_share_caps,
11399 &ett_smb2_ioctl_flags,
11400 &ett_smb2_ioctl_network_interface,
11401 &ett_smb2_ioctl_sqos_opeations,
11402 &ett_smb2_fsctl_range_data,
11403 &ett_windows_sockaddr,
11404 &ett_smb2_close_flags,
11405 &ett_smb2_notify_info,
11406 &ett_smb2_notify_flags,
11408 &ett_smb2_write_flags,
11409 &ett_smb2_find_flags,
11410 &ett_smb2_file_directory_info,
11411 &ett_smb2_both_directory_info,
11412 &ett_smb2_id_both_directory_info,
11413 &ett_smb2_full_directory_info,
11414 &ett_smb2_file_name_info,
11415 &ett_smb2_lock_info,
11416 &ett_smb2_lock_flags,
11417 &ett_smb2_DH2Q_buffer,
11418 &ett_smb2_DH2C_buffer,
11419 &ett_smb2_dh2x_flags,
11420 &ett_smb2_APP_INSTANCE_buffer,
11421 &ett_smb2_svhdx_open_device_context,
11422 &ett_smb2_posix_v1_request,
11423 &ett_smb2_posix_v1_response,
11424 &ett_smb2_posix_v1_supported_features,
11425 &ett_smb2_aapl_create_context_request,
11426 &ett_smb2_aapl_server_query_bitmask,
11427 &ett_smb2_aapl_server_query_caps,
11428 &ett_smb2_aapl_create_context_response,
11429 &ett_smb2_aapl_server_query_volume_caps,
11430 &ett_smb2_integrity_flags,
11431 &ett_smb2_transform_enc_alg,
11432 &ett_smb2_buffercode,
11433 &ett_smb2_ioctl_network_interface_capabilities,
11435 &ett_smb2_pipe_fragment,
11436 &ett_smb2_pipe_fragments,
11437 &ett_smb2_cchunk_entry,
11438 &ett_smb2_fsctl_odx_token,
11439 &ett_smb2_symlink_error_response,
11440 &ett_smb2_SYMBOLIC_LINK_REPARSE_DATA_BUFFER,
11441 &ett_smb2_error_data,
11444 static ei_register_info ei[] = {
11445 { &ei_smb2_invalid_length, { "smb2.invalid_length", PI_MALFORMED, PI_ERROR, "Invalid length", EXPFILL }},
11446 { &ei_smb2_bad_response, { "smb2.bad_response", PI_MALFORMED, PI_ERROR, "Bad response", EXPFILL }},
11449 expert_module_t* expert_smb2;
11451 proto_smb2 = proto_register_protocol("SMB2 (Server Message Block Protocol version 2)",
11453 proto_register_subtree_array(ett, array_length(ett));
11454 proto_register_field_array(proto_smb2, hf, array_length(hf));
11455 expert_smb2 = expert_register_protocol(proto_smb2);
11456 expert_register_field_array(expert_smb2, ei, array_length(ei));
11458 smb2_module = prefs_register_protocol(proto_smb2, NULL);
11459 prefs_register_bool_preference(smb2_module, "eosmb2_take_name_as_fid",
11460 "Use the full file name as File ID when exporting an SMB2 object",
11461 "Whether the export object functionality will take the full path file name as file identifier",
11462 &eosmb2_take_name_as_fid);
11464 prefs_register_bool_preference(smb2_module, "pipe_reassembly",
11465 "Reassemble Named Pipes over SMB2",
11466 "Whether the dissector should reassemble Named Pipes over SMB2 commands",
11467 &smb2_pipe_reassembly);
11468 smb2_pipe_subdissector_list = register_heur_dissector_list("smb2_pipe_subdissectors", proto_smb2);
11470 * XXX - addresses_ports_reassembly_table_functions?
11471 * Probably correct for SMB-over-NBT and SMB-over-TCP,
11472 * as stuff from two different connections should
11473 * probably not be combined, but what about other
11474 * transports for SMB, e.g. NBF or Netware?
11476 reassembly_table_register(&smb2_pipe_reassembly_table,
11477 &addresses_reassembly_table_functions);
11479 smb2_tap = register_tap("smb2");
11480 smb2_eo_tap = register_tap("smb_eo"); /* SMB Export Object tap */
11482 register_srt_table(proto_smb2, NULL, 1, smb2stat_packet, smb2stat_init, NULL);
11486 proto_reg_handoff_smb2(void)
11488 gssapi_handle = find_dissector_add_dependency("gssapi", proto_smb2);
11489 ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_smb2);
11490 rsvd_handle = find_dissector_add_dependency("rsvd", proto_smb2);
11491 heur_dissector_add("netbios", dissect_smb2_heur, "SMB2 over Netbios", "smb2_netbios", proto_smb2, HEURISTIC_ENABLE);
11492 heur_dissector_add("smb_direct", dissect_smb2_heur, "SMB2 over SMB Direct", "smb2_smb_direct", proto_smb2, HEURISTIC_ENABLE);
11496 * Editor modelines - http://www.wireshark.org/tools/modelines.html
11499 * c-basic-offset: 8
11501 * indent-tabs-mode: t
11504 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
11505 * :indentSize=8:tabSize=8:noTabs=false: