*
* For documentation of this protocol, see:
*
- * http://wiki.wireshark.org/SMB2
- * http://msdn.microsoft.com/en-us/library/cc246482(PROT.10).aspx
+ * https://wiki.wireshark.org/SMB2
+ * https://msdn.microsoft.com/en-us/library/cc246482.aspx
*
* If you edit this file, keep the wiki updated as well.
*
- * $Id$
- *
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
#include "config.h"
+
#include <epan/packet.h>
-#include <epan/conversation.h>
+#include <epan/prefs.h>
+#include <epan/expert.h>
#include <epan/tap.h>
-#include <epan/emem.h>
+#include <epan/srt_table.h>
+#include <epan/aftypes.h>
+#include <epan/to_str.h>
+#include <epan/asn1.h>
#include "packet-smb2.h"
-#include "packet-dcerpc.h"
#include "packet-ntlmssp.h"
+#include "packet-kerberos.h"
#include "packet-windows-common.h"
#include "packet-smb-common.h"
-#include "packet-smb.h"
#include "packet-dcerpc-nt.h"
-#include <string.h>
-#include <glib.h>
-/* Use libgcrypt for cipher libraries. */
-#ifdef HAVE_LIBGCRYPT
-#include <gcrypt.h>
-#endif /* HAVE_LIBGCRYPT */
+#include <wsutil/wsgcrypt.h>
+
+#define NT_STATUS_PENDING 0x00000103
-static char smb_header_label[] = "SMB2 Header";
-static char smb_transform_header_label[] = "SMB2 Transform Header";
+void proto_register_smb2(void);
+void proto_reg_handoff_smb2(void);
+
+static const char smb_header_label[] = "SMB2 Header";
+static const char smb_transform_header_label[] = "SMB2 Transform Header";
static int proto_smb2 = -1;
static int hf_smb2_cmd = -1;
static int hf_smb2_response_in = -1;
static int hf_smb2_time = -1;
static int hf_smb2_header_len = -1;
-static int hf_smb2_seqnum = -1;
+static int hf_smb2_msg_id = -1;
static int hf_smb2_pid = -1;
static int hf_smb2_tid = -1;
static int hf_smb2_aid = -1;
static int hf_smb2_flags_chained = -1;
static int hf_smb2_flags_signature = -1;
static int hf_smb2_flags_replay_operation = -1;
+static int hf_smb2_flags_priority_mask = -1;
static int hf_smb2_chain_offset = -1;
static int hf_smb2_security_blob = -1;
static int hf_smb2_ioctl_in_data = -1;
static int hf_smb2_ioctl_out_data = -1;
static int hf_smb2_unknown = -1;
+static int hf_smb2_root_directory_mbz = -1;
static int hf_smb2_twrp_timestamp = -1;
static int hf_smb2_mxac_timestamp = -1;
static int hf_smb2_mxac_status = -1;
static int hf_smb2_boot_time = -1;
static int hf_smb2_filename = -1;
static int hf_smb2_filename_len = -1;
+static int hf_smb2_replace_if = -1;
static int hf_smb2_nlinks = -1;
static int hf_smb2_delete_pending = -1;
static int hf_smb2_is_directory = -1;
static int hf_smb2_infolevel_file_info = -1;
static int hf_smb2_infolevel_fs_info = -1;
static int hf_smb2_infolevel_sec_info = -1;
+static int hf_smb2_infolevel_posix_info = -1;
static int hf_smb2_max_response_size = -1;
static int hf_smb2_max_ioctl_in_size = -1;
static int hf_smb2_max_ioctl_out_size = -1;
+static int hf_smb2_flags = -1;
static int hf_smb2_required_buffer_size = -1;
static int hf_smb2_setinfo_size = -1;
static int hf_smb2_setinfo_offset = -1;
static int hf_smb2_file_rename_info = -1;
static int hf_smb2_file_disposition_info = -1;
static int hf_smb2_file_position_info = -1;
-static int hf_smb2_file_info_0f = -1;
+static int hf_smb2_file_full_ea_info = -1;
static int hf_smb2_file_mode_info = -1;
static int hf_smb2_file_alignment_info = -1;
static int hf_smb2_file_all_info = -1;
static int hf_smb2_read_length = -1;
static int hf_smb2_read_remaining = -1;
static int hf_smb2_file_offset = -1;
+static int hf_smb2_qfr_length = -1;
+static int hf_smb2_qfr_usage = -1;
+static int hf_smb2_qfr_flags = -1;
+static int hf_smb2_qfr_total_region_entry_count = -1;
+static int hf_smb2_qfr_region_entry_count = -1;
static int hf_smb2_read_data = -1;
static int hf_smb2_disposition_delete_on_close = -1;
static int hf_smb2_create_disposition = -1;
static int hf_smb2_create_rep_flags = -1;
static int hf_smb2_create_rep_flags_reparse_point = -1;
static int hf_smb2_next_offset = -1;
+static int hf_smb2_negotiate_context_type = -1;
+static int hf_smb2_negotiate_context_data_length = -1;
+static int hf_smb2_negotiate_context_offset = -1;
+static int hf_smb2_negotiate_context_count = -1;
static int hf_smb2_ea_size = -1;
static int hf_smb2_ea_flags = -1;
static int hf_smb2_ea_name_len = -1;
static int hf_smb2_ea_data_len = -1;
static int hf_smb2_ea_name = -1;
static int hf_smb2_ea_data = -1;
+static int hf_smb2_buffer_code = -1;
static int hf_smb2_buffer_code_len = -1;
static int hf_smb2_buffer_code_flags_dyn = -1;
static int hf_smb2_olb_offset = -1;
static int hf_smb2_ioctl_function_device = -1;
static int hf_smb2_ioctl_function_access = -1;
static int hf_smb2_ioctl_function_function = -1;
+static int hf_smb2_fsctl_pipe_wait_timeout = -1;
+static int hf_smb2_fsctl_pipe_wait_name = -1;
+static int hf_smb2_fsctl_offload_read_size = -1;
+static int hf_smb2_fsctl_offload_read_flags = -1;
+static int hf_smb2_fsctl_offload_read_token_ttl = -1;
+static int hf_smb2_fsctl_offload_reserved = -1;
+static int hf_smb2_fsctl_offload_read_file_offset = -1;
+static int hf_smb2_fsctl_offload_read_copy_length = -1;
+static int hf_smb2_fsctl_offload_read_transfer_length = -1;
+static int hf_smb2_fsctl_offload_token = -1;
static int hf_smb2_ioctl_function_method = -1;
static int hf_smb2_ioctl_resiliency_timeout = -1;
static int hf_smb2_ioctl_resiliency_reserved = -1;
static int hf_smb2_ioctl_shadow_copy_count = -1;
static int hf_smb2_ioctl_shadow_copy_label = -1;
static int hf_smb2_compression_format = -1;
+static int hf_smb2_checksum_algorithm = -1;
+static int hf_smb2_integrity_reserved = -1;
+static int hf_smb2_integrity_flags = -1;
+static int hf_smb2_integrity_flags_enforcement_off = -1;
static int hf_smb2_FILE_OBJECTID_BUFFER = -1;
static int hf_smb2_lease_key = -1;
static int hf_smb2_lease_state = -1;
static int hf_smb2_lease_duration = -1;
static int hf_smb2_parent_lease_key = -1;
static int hf_smb2_lease_epoch = -1;
+static int hf_smb2_lease_reserved = -1;
static int hf_smb2_lease_break_reason = -1;
static int hf_smb2_lease_access_mask_hint = -1;
static int hf_smb2_lease_share_mask_hint = -1;
static int hf_smb2_max_read_size = -1;
static int hf_smb2_max_write_size = -1;
static int hf_smb2_channel = -1;
+static int hf_smb2_rdma_v1_offset = -1;
+static int hf_smb2_rdma_v1_token = -1;
+static int hf_smb2_rdma_v1_length = -1;
static int hf_smb2_session_flags = -1;
static int hf_smb2_ses_flags_guest = -1;
static int hf_smb2_ses_flags_null = -1;
static int hf_smb2_remaining_bytes = -1;
static int hf_smb2_channel_info_offset = -1;
static int hf_smb2_channel_info_length = -1;
+static int hf_smb2_channel_info_blob = -1;
static int hf_smb2_ioctl_flags = -1;
static int hf_smb2_ioctl_is_fsctl = -1;
static int hf_smb2_close_pq_attrib = -1;
static int hf_smb2_notify_watch_tree = -1;
static int hf_smb2_output_buffer_len = -1;
static int hf_smb2_notify_out_data = -1;
+static int hf_smb2_notify_info = -1;
+static int hf_smb2_notify_next_offset = -1;
+static int hf_smb2_notify_action = -1;
static int hf_smb2_find_flags = -1;
static int hf_smb2_find_flags_restart_scans = -1;
static int hf_smb2_find_flags_single_entry = -1;
static int hf_smb2_APP_INSTANCE_buffer_struct_size = -1;
static int hf_smb2_APP_INSTANCE_buffer_reserved = -1;
static int hf_smb2_APP_INSTANCE_buffer_app_guid = -1;
+static int hf_smb2_svhdx_open_device_context_version = -1;
+static int hf_smb2_svhdx_open_device_context_has_initiator_id = -1;
+static int hf_smb2_svhdx_open_device_context_reserved = -1;
+static int hf_smb2_svhdx_open_device_context_initiator_id = -1;
+static int hf_smb2_svhdx_open_device_context_flags = -1;
+static int hf_smb2_svhdx_open_device_context_originator_flags = -1;
+static int hf_smb2_svhdx_open_device_context_open_request_id = -1;
+static int hf_smb2_svhdx_open_device_context_initiator_host_name_len = -1;
+static int hf_smb2_svhdx_open_device_context_initiator_host_name = -1;
+static int hf_smb2_posix_v1_version = -1;
+static int hf_smb2_posix_v1_request = -1;
+static int hf_smb2_posix_v1_supported_features = -1;
+static int hf_smb2_posix_v1_posix_lock = -1;
+static int hf_smb2_posix_v1_posix_file_semantics = -1;
+static int hf_smb2_posix_v1_posix_utf8_paths = -1;
+static int hf_smb2_posix_v1_case_sensitive = -1;
+static int hf_smb2_posix_v1_posix_will_convert_nt_acls = -1;
+static int hf_smb2_posix_v1_posix_fileinfo = -1;
+static int hf_smb2_posix_v1_posix_acls = -1;
+static int hf_smb2_posix_v1_rich_acls = -1;
static int hf_smb2_error_byte_count = -1;
static int hf_smb2_error_data = -1;
static int hf_smb2_error_reserved = -1;
static int hf_smb2_reserved = -1;
+static int hf_smb2_reserved_random = -1;
static int hf_smb2_transform_signature = -1;
static int hf_smb2_transform_nonce = -1;
static int hf_smb2_transform_msg_size = -1;
static int hf_smb2_transform_reserved = -1;
static int hf_smb2_encryption_aes128_ccm = -1;
static int hf_smb2_transform_enc_alg = -1;
-static int hf_smb2_transform_encyrpted_data = -1;
+static int hf_smb2_transform_encrypted_data = -1;
+static int hf_smb2_server_component_smb2 = -1;
+static int hf_smb2_server_component_smb2_transform = -1;
+static int hf_smb2_truncated = -1;
static gint ett_smb2 = -1;
static gint ett_smb2_olb = -1;
static gint ett_smb2_encrypted = -1;
static gint ett_smb2_command = -1;
static gint ett_smb2_secblob = -1;
+static gint ett_smb2_negotiate_context_element = -1;
static gint ett_smb2_file_basic_info = -1;
static gint ett_smb2_file_standard_info = -1;
static gint ett_smb2_file_internal_info = -1;
static gint ett_smb2_file_attribute_tag_info = -1;
static gint ett_smb2_file_rename_info = -1;
static gint ett_smb2_file_disposition_info = -1;
-static gint ett_smb2_file_info_0f = -1;
+static gint ett_smb2_file_full_ea_info = -1;
static gint ett_smb2_fs_info_01 = -1;
static gint ett_smb2_fs_info_03 = -1;
static gint ett_smb2_fs_info_04 = -1;
static gint ett_smb2_ioctl_network_interface = -1;
static gint ett_windows_sockaddr = -1;
static gint ett_smb2_close_flags = -1;
+static gint ett_smb2_notify_info = -1;
static gint ett_smb2_notify_flags = -1;
static gint ett_smb2_write_flags = -1;
+static gint ett_smb2_rdma_v1 = -1;
static gint ett_smb2_DH2Q_buffer = -1;
static gint ett_smb2_DH2C_buffer = -1;
static gint ett_smb2_dh2x_flags = -1;
static gint ett_smb2_APP_INSTANCE_buffer = -1;
+static gint ett_smb2_svhdx_open_device_context = -1;
+static gint ett_smb2_posix_v1_request = -1;
+static gint ett_smb2_posix_v1_response = -1;
+static gint ett_smb2_posix_v1_supported_features = -1;
+static gint ett_smb2_integrity_flags = -1;
static gint ett_smb2_find_flags = -1;
static gint ett_smb2_file_directory_info = -1;
static gint ett_smb2_both_directory_info = -1;
static gint ett_smb2_lock_info = -1;
static gint ett_smb2_lock_flags = -1;
static gint ett_smb2_transform_enc_alg = -1;
+static gint ett_smb2_buffercode = -1;
+static gint ett_smb2_ioctl_network_interface_capabilities = -1;
+static gint ett_qfr_entry = -1;
+
+static expert_field ei_smb2_invalid_length = EI_INIT;
+static expert_field ei_smb2_bad_response = EI_INIT;
static int smb2_tap = -1;
+static int smb2_eo_tap = -1;
static dissector_handle_t gssapi_handle = NULL;
static dissector_handle_t ntlmssp_handle = NULL;
+static dissector_handle_t rsvd_handle = NULL;
static heur_dissector_list_t smb2_heur_subdissector_list;
#define SMB2_CLASS_FILE_INFO 0x01
#define SMB2_CLASS_FS_INFO 0x02
#define SMB2_CLASS_SEC_INFO 0x03
+#define SMB2_CLASS_POSIX_INFO 0x80
static const value_string smb2_class_vals[] = {
{ SMB2_CLASS_FILE_INFO, "FILE_INFO"},
{ SMB2_CLASS_FS_INFO, "FS_INFO"},
{ SMB2_CLASS_SEC_INFO, "SEC_INFO"},
+ { SMB2_CLASS_POSIX_INFO, "POSIX_INFO"},
{ 0, NULL }
};
#define SMB2_FILE_RENAME_INFO 0x0a
#define SMB2_FILE_DISPOSITION_INFO 0x0d
#define SMB2_FILE_POSITION_INFO 0x0e
-#define SMB2_FILE_INFO_0f 0x0f
+#define SMB2_FILE_FULL_EA_INFO 0x0f
#define SMB2_FILE_MODE_INFO 0x10
#define SMB2_FILE_ALIGNMENT_INFO 0x11
#define SMB2_FILE_ALL_INFO 0x12
#define SMB2_FILE_COMPRESSION_INFO 0x1c
#define SMB2_FILE_NETWORK_OPEN_INFO 0x22
#define SMB2_FILE_ATTRIBUTE_TAG_INFO 0x23
+
static const value_string smb2_file_info_levels[] = {
{SMB2_FILE_BASIC_INFO, "SMB2_FILE_BASIC_INFO" },
{SMB2_FILE_STANDARD_INFO, "SMB2_FILE_STANDARD_INFO" },
{SMB2_FILE_RENAME_INFO, "SMB2_FILE_RENAME_INFO" },
{SMB2_FILE_DISPOSITION_INFO, "SMB2_FILE_DISPOSITION_INFO" },
{SMB2_FILE_POSITION_INFO, "SMB2_FILE_POSITION_INFO" },
- {SMB2_FILE_INFO_0f, "SMB2_FILE_INFO_0f" },
+ {SMB2_FILE_FULL_EA_INFO, "SMB2_FILE_FULL_EA_INFO" },
{SMB2_FILE_MODE_INFO, "SMB2_FILE_MODE_INFO" },
{SMB2_FILE_ALIGNMENT_INFO, "SMB2_FILE_ALIGNMENT_INFO" },
{SMB2_FILE_ALL_INFO, "SMB2_FILE_ALL_INFO" },
{SMB2_FILE_ATTRIBUTE_TAG_INFO, "SMB2_FILE_ATTRIBUTE_TAG_INFO" },
{ 0, NULL }
};
+static value_string_ext smb2_file_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_file_info_levels);
+
+#define SMB2_FS_INFO_01 0x01
+#define SMB2_FS_LABEL_INFO 0x02
+#define SMB2_FS_INFO_03 0x03
+#define SMB2_FS_INFO_04 0x04
+#define SMB2_FS_INFO_05 0x05
+#define SMB2_FS_INFO_06 0x06
+#define SMB2_FS_INFO_07 0x07
+#define SMB2_FS_OBJECTID_INFO 0x08
+#define SMB2_FS_DRIVER_PATH_INFO 0x09
+#define SMB2_FS_VOLUME_FLAGS_INFO 0x0a
+#define SMB2_FS_SECTOR_SIZE_INFO 0x0b
-#define SMB2_FS_INFO_01 0x01
-#define SMB2_FS_INFO_03 0x03
-#define SMB2_FS_INFO_04 0x04
-#define SMB2_FS_INFO_05 0x05
-#define SMB2_FS_INFO_06 0x06
-#define SMB2_FS_INFO_07 0x07
-#define SMB2_FS_OBJECTID_INFO 0x08
static const value_string smb2_fs_info_levels[] = {
- {SMB2_FS_INFO_01, "SMB2_FS_INFO_01" },
- {SMB2_FS_INFO_03, "SMB2_FS_INFO_03" },
- {SMB2_FS_INFO_04, "SMB2_FS_INFO_04" },
- {SMB2_FS_INFO_05, "SMB2_FS_INFO_05" },
- {SMB2_FS_INFO_06, "SMB2_FS_INFO_06" },
- {SMB2_FS_INFO_07, "SMB2_FS_INFO_07" },
- {SMB2_FS_OBJECTID_INFO, "SMB2_FS_OBJECTID_INFO" },
+ {SMB2_FS_INFO_01, "FileFsVolumeInformation" },
+ {SMB2_FS_LABEL_INFO, "FileFsLabelInformation" },
+ {SMB2_FS_INFO_03, "FileFsSizeInformation" },
+ {SMB2_FS_INFO_04, "FileFsDeviceInformation" },
+ {SMB2_FS_INFO_05, "FileFsAttributeInformation" },
+ {SMB2_FS_INFO_06, "FileFsControlInformation" },
+ {SMB2_FS_INFO_07, "FileFsFullSizeInformation" },
+ {SMB2_FS_OBJECTID_INFO, "FileFsObjectIdInformation" },
+ {SMB2_FS_DRIVER_PATH_INFO, "FileFsDriverPathInformation" },
+ {SMB2_FS_VOLUME_FLAGS_INFO, "FileFsVolumeFlagsInformation" },
+ {SMB2_FS_SECTOR_SIZE_INFO, "FileFsSectorSizeInformation" },
{ 0, NULL }
};
+static value_string_ext smb2_fs_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_fs_info_levels);
#define SMB2_SEC_INFO_00 0x00
static const value_string smb2_sec_info_levels[] = {
{SMB2_SEC_INFO_00, "SMB2_SEC_INFO_00" },
{ 0, NULL }
};
+static value_string_ext smb2_sec_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_sec_info_levels);
+
+static const value_string smb2_posix_info_levels[] = {
+ { 0, "QueryFileUnixBasic" },
+ { 1, "QueryFileUnixLink" },
+ { 3, "QueryFileUnixHLink" },
+ { 5, "QueryFileUnixXAttr" },
+ { 0x0B, "QueryFileUnixInfo2" },
+ { 0, NULL }
+};
+
+static value_string_ext smb2_posix_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_posix_info_levels);
#define SMB2_FIND_DIRECTORY_INFO 0x01
#define SMB2_FIND_FULL_DIRECTORY_INFO 0x02
{ 0, NULL }
};
+#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES 0x0001
+#define SMB2_ENCRYPTION_CAPABILITIES 0x0002
+static const value_string smb2_negotiate_context_types[] = {
+ { SMB2_PREAUTH_INTEGRITY_CAPABILITIES, "SMB2_PREAUTH_INTEGRITY_CAPABILITIES" },
+ { SMB2_ENCRYPTION_CAPABILITIES, "SMB2_ENCRYPTION_CAPABILITIES" },
+ { 0, NULL }
+};
+
+#define SMB2_NUM_PROCEDURES 256
+
+static void
+smb2stat_init(struct register_srt* srt _U_, GArray* srt_array, srt_gui_init_cb gui_callback, void* gui_data)
+{
+ srt_stat_table *smb2_srt_table;
+ guint32 i;
+
+ smb2_srt_table = init_srt_table("SMB2", NULL, srt_array, SMB2_NUM_PROCEDURES, "Commands", "smb2.cmd", gui_callback, gui_data, NULL);
+ for (i = 0; i < SMB2_NUM_PROCEDURES; i++)
+ {
+ init_srt_table_row(smb2_srt_table, i, val_to_str_ext_const(i, &smb2_cmd_vals_ext, "<unknown>"));
+ }
+}
+
+static int
+smb2stat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv)
+{
+ guint i = 0;
+ srt_stat_table *smb2_srt_table;
+ srt_data_t *data = (srt_data_t *)pss;
+ const smb2_info_t *si=(const smb2_info_t *)prv;
+
+ /* we are only interested in response packets */
+ if(!(si->flags&SMB2_FLAGS_RESPONSE)){
+ return 0;
+ }
+ /* if we haven't seen the request, just ignore it */
+ if(!si->saved){
+ return 0;
+ }
+
+ /* SMB2 SRT can be very inaccurate in the presence of retransmissions. Retransmitted responses
+ * not only add additional (bogus) transactions but also the latency associated with them.
+ * This can greatly inflate the maximum and average SRT stats especially in the case of
+ * retransmissions triggered by the expiry of the rexmit timer (RTOs). Only calculating SRT
+ * for the last received response accomplishes this goal without requiring the TCP pref
+ * "Do not call subdissectors for error packets" to be set. */
+ if ((si->saved->frame_req == 0) || (si->saved->frame_res != pinfo->fd->num))
+ return 0;
+
+ smb2_srt_table = g_array_index(data->srt_array, srt_stat_table*, i);
+ add_srt_table_data(smb2_srt_table, si->opcode, &si->saved->req_time, pinfo);
+ return 1;
+}
+
+
+static const gint8 zeros[NTLMSSP_KEY_LEN] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+
+/* ExportObject preferences variable */
+gboolean eosmb2_take_name_as_fid = FALSE ;
+
/* unmatched smb_saved_info structures.
For unmatched smb_saved_info structures we store the smb_saved_info
- structure using the SEQNUM field.
+ structure using the msg_id field.
*/
static gint
smb2_saved_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
{
const smb2_saved_info_t *key1 = (const smb2_saved_info_t *)k1;
const smb2_saved_info_t *key2 = (const smb2_saved_info_t *)k2;
- return key1->seqnum == key2->seqnum;
+ return key1->msg_id == key2->msg_id;
}
static guint
smb2_saved_info_hash_unmatched(gconstpointer k)
const smb2_saved_info_t *key = (const smb2_saved_info_t *)k;
guint32 hash;
- hash = (guint32) (key->seqnum&0xffffffff);
+ hash = (guint32) (key->msg_id&0xffffffff);
return hash;
}
/* matched smb_saved_info structures.
For matched smb_saved_info structures we store the smb_saved_info
- structure using the SEQNUM field.
+ structure using the msg_id field.
*/
static gint
smb2_saved_info_equal_matched(gconstpointer k1, gconstpointer k2)
{
const smb2_saved_info_t *key1 = (const smb2_saved_info_t *)k1;
const smb2_saved_info_t *key2 = (const smb2_saved_info_t *)k2;
- return key1->seqnum == key2->seqnum;
+ return key1->msg_id == key2->msg_id;
}
static guint
smb2_saved_info_hash_matched(gconstpointer k)
const smb2_saved_info_t *key = (const smb2_saved_info_t *)k;
guint32 hash;
- hash = (guint32) (key->seqnum&0xffffffff);
+ hash = (guint32) (key->msg_id&0xffffffff);
return hash;
}
tid.
qqq
We might need to refine this if it occurs that tids are reused on a single
- conversation. we dont worry about that yet for simplicity
+ conversation. we don't worry about that yet for simplicity
*/
static gint
smb2_tid_info_equal(gconstpointer k1, gconstpointer k2)
uid.
qqq
We might need to refine this if it occurs that uids are reused on a single
- conversation. we dont worry about that yet for simplicity
+ conversation. we don't worry about that yet for simplicity
*/
static gint
smb2_sesid_info_equal(gconstpointer k1, gconstpointer k2)
return hash;
}
+/*
+ * For File IDs of a specific conversation.
+ * This keeps track of fid to name mapping and application level conversations
+ * over named pipes.
+ *
+ * This handles implementation bugs, where the fid_persitent is 0 or
+ * the fid_persitent/fid_volative is not unique per conversation.
+ */
+static gint
+smb2_fid_info_equal(gconstpointer k1, gconstpointer k2)
+{
+ const smb2_fid_info_t *key1 = (const smb2_fid_info_t *)k1;
+ const smb2_fid_info_t *key2 = (const smb2_fid_info_t *)k2;
+
+ if (key1->fid_persistent != key2->fid_persistent) {
+ return 0;
+ };
+
+ if (key1->fid_volatile != key2->fid_volatile) {
+ return 0;
+ };
+
+ if (key1->sesid != key2->sesid) {
+ return 0;
+ };
+
+ if (key1->tid != key2->tid) {
+ return 0;
+ };
+
+ return 1;
+}
+
+static guint
+smb2_fid_info_hash(gconstpointer k)
+{
+ const smb2_fid_info_t *key = (const smb2_fid_info_t *)k;
+ guint32 hash;
+
+ if (key->fid_persistent != 0) {
+ hash = (guint32)( ((key->fid_persistent>>32)&0xffffffff)+((key->fid_persistent)&0xffffffff) );
+ } else {
+ hash = (guint32)( ((key->fid_volatile>>32)&0xffffffff)+((key->fid_volatile)&0xffffffff) );
+ }
+
+ return hash;
+}
+
+/* Callback for destroying the glib hash tables associated with a conversation
+ * struct. */
+static gboolean
+smb2_conv_destroy(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_,
+ void *user_data)
+{
+ smb2_conv_info_t *conv = (smb2_conv_info_t *)user_data;
+
+ g_hash_table_destroy(conv->matched);
+ g_hash_table_destroy(conv->unmatched);
+ g_hash_table_destroy(conv->fids);
+ g_hash_table_destroy(conv->sesids);
+ g_hash_table_destroy(conv->files);
+
+ /* This conversation is gone, return FALSE to indicate we don't
+ * want to be called again for this conversation. */
+ return FALSE;
+}
+
static void smb2_key_derivation(const guint8 *KI _U_, guint32 KI_len _U_,
const guint8 *Label _U_, guint32 Label_len _U_,
const guint8 *Context _U_, guint32 Context_len _U_,
#endif
}
-static int dissect_smb2_file_info_0f(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, smb2_info_t *si);
+/* for export-object-smb2 */
+static gchar *policy_hnd_to_file_id(const e_ctx_hnd *hnd) {
+gchar *file_id;
+ file_id = wmem_strdup_printf(wmem_packet_scope(),
+ "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+ hnd->uuid.data1,
+ hnd->uuid.data2,
+ hnd->uuid.data3,
+ hnd->uuid.data4[0],
+ hnd->uuid.data4[1],
+ hnd->uuid.data4[2],
+ hnd->uuid.data4[3],
+ hnd->uuid.data4[4],
+ hnd->uuid.data4[5],
+ hnd->uuid.data4[6],
+ hnd->uuid.data4[7]);
+ return file_id;
+}
+static guint smb2_eo_files_hash(gconstpointer k) {
+ return g_str_hash(policy_hnd_to_file_id((const e_ctx_hnd *)k));
+}
+static gint smb2_eo_files_equal(gconstpointer k1, gconstpointer k2) {
+int are_equal;
+ const e_ctx_hnd *key1 = (const e_ctx_hnd *)k1;
+ const e_ctx_hnd *key2 = (const e_ctx_hnd *)k2;
+
+ are_equal = (key1->uuid.data1==key2->uuid.data1 &&
+ key1->uuid.data2==key2->uuid.data2 &&
+ key1->uuid.data3==key2->uuid.data3 &&
+ key1->uuid.data4[0]==key2->uuid.data4[0] &&
+ key1->uuid.data4[1]==key2->uuid.data4[1] &&
+ key1->uuid.data4[2]==key2->uuid.data4[2] &&
+ key1->uuid.data4[3]==key2->uuid.data4[3] &&
+ key1->uuid.data4[4]==key2->uuid.data4[4] &&
+ key1->uuid.data4[5]==key2->uuid.data4[5] &&
+ key1->uuid.data4[6]==key2->uuid.data4[6] &&
+ key1->uuid.data4[7]==key2->uuid.data4[7]);
+
+ return are_equal;
+}
+
+static void
+feed_eo_smb2(tvbuff_t * tvb,packet_info *pinfo,smb2_info_t * si, guint16 dataoffset,guint32 length, guint64 file_offset) {
+
+ char *fid_name = NULL;
+ guint32 open_frame = 0, close_frame = 0;
+ tvbuff_t *data_tvb = NULL;
+ smb_eo_t *eo_info;
+ gchar *file_id;
+ gchar *auxstring;
+ gchar **aux_string_v;
+
+ /* Create a new tvb to point to the payload data */
+ data_tvb = tvb_new_subset_length(tvb, dataoffset, length);
+ /* Create the eo_info to pass to the listener */
+ eo_info = wmem_new(wmem_packet_scope(), smb_eo_t);
+ /* Fill in eo_info */
+ eo_info->smbversion=2;
+ /* cmd == opcode */
+ eo_info->cmd=si->opcode;
+ /* We don't keep track of uid in SMB v2 */
+ eo_info->uid=0;
+
+ /* Try to get file id and filename */
+ file_id=policy_hnd_to_file_id(&si->saved->policy_hnd);
+ dcerpc_fetch_polhnd_data(&si->saved->policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->fd->num);
+ if (fid_name && g_strcmp0(fid_name,"File: ")!=0) {
+ auxstring=fid_name;
+ /* Remove "File: " from filename */
+ if (g_str_has_prefix(auxstring, "File: ")) {
+ aux_string_v = g_strsplit(auxstring, "File: ", -1);
+ eo_info->filename = wmem_strdup_printf(wmem_packet_scope(), "\\%s",aux_string_v[g_strv_length(aux_string_v)-1]);
+ g_strfreev(aux_string_v);
+ } else {
+ if (g_str_has_prefix(auxstring, "\\")) {
+ eo_info->filename = wmem_strdup(wmem_packet_scope(), auxstring);
+ } else {
+ eo_info->filename = wmem_strdup_printf(wmem_packet_scope(), "\\%s",auxstring);
+ }
+ }
+ } else {
+ auxstring=wmem_strdup_printf(wmem_packet_scope(), "File_Id_%s", file_id);
+ eo_info->filename=auxstring;
+ }
+
+
+
+ if (eosmb2_take_name_as_fid) {
+ eo_info->fid = g_str_hash(eo_info->filename);
+ } else {
+ eo_info->fid = g_str_hash(file_id);
+ }
+
+ /* tid, hostname, tree_id */
+ if (si->tree) {
+ eo_info->tid=si->tree->tid;
+ if (strlen(si->tree->name)>0 && strlen(si->tree->name)<=256) {
+ eo_info->hostname = wmem_strdup(wmem_packet_scope(), si->tree->name);
+ } else {
+ eo_info->hostname = wmem_strdup_printf(wmem_packet_scope(), "\\\\%s\\TREEID_%i",tree_ip_str(pinfo,si->opcode),si->tree->tid);
+ }
+ } else {
+ eo_info->tid=0;
+ eo_info->hostname = wmem_strdup_printf(wmem_packet_scope(), "\\\\%s\\TREEID_UNKNOWN",tree_ip_str(pinfo,si->opcode));
+ }
+
+ /* packet number */
+ eo_info->pkt_num = pinfo->fd->num;
+
+ /* fid type */
+ if (si->eo_file_info->attr_mask & SMB2_FLAGS_ATTR_DIRECTORY) {
+ eo_info->fid_type=SMB2_FID_TYPE_DIR;
+ } else {
+ if (si->eo_file_info->attr_mask &
+ (SMB2_FLAGS_ATTR_ARCHIVE | SMB2_FLAGS_ATTR_NORMAL |
+ SMB2_FLAGS_ATTR_HIDDEN | SMB2_FLAGS_ATTR_READONLY |
+ SMB2_FLAGS_ATTR_SYSTEM) ) {
+ eo_info->fid_type=SMB2_FID_TYPE_FILE;
+ } else {
+ eo_info->fid_type=SMB2_FID_TYPE_OTHER;
+ }
+ }
+
+ /* end_of_file */
+ eo_info->end_of_file=si->eo_file_info->end_of_file;
+
+ /* data offset and chunk length */
+ eo_info->smb_file_offset=file_offset;
+ eo_info->smb_chunk_len=length;
+ /* XXX is this right? */
+ if (length<si->saved->bytes_moved) {
+ si->saved->file_offset=si->saved->file_offset+length;
+ si->saved->bytes_moved=si->saved->bytes_moved-length;
+ }
+
+ /* Payload */
+ eo_info->payload_len = length;
+ eo_info->payload_data = tvb_get_ptr(data_tvb, 0, length);
+
+ tap_queue_packet(smb2_eo_tap, pinfo, eo_info);
+
+}
+
+static int dissect_smb2_file_full_ea_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, smb2_info_t *si);
/* This is a helper to dissect the common string type
*
* This function is called twice, first to decode the offset/length and
* second time to dissect the actual string.
- * It is done this way since there is no guarantee that we have the full packet and we dont
+ * It is done this way since there is no guarantee that we have the full packet and we don't
* want to abort dissection too early if the packet ends somewhere between the
* length/offset and the actual buffer.
*
offset = olb->off;
len = olb->len;
off = olb->off;
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
/* sanity check */
tvb_ensure_bytes_exist(tvb, off, len);
if (((off+len)<off)
|| ((off+len)>(off+tvb_reported_length_remaining(tvb, off)))) {
- proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset),
+ proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
"Invalid offset/length. Malformed packet");
col_append_str(pinfo->cinfo, COL_INFO, " [Malformed packet]");
tvb_ensure_bytes_exist(tvb, off, len);
if (((off+len)<off)
|| ((off+len)>(off+tvb_reported_length_remaining(tvb, off)))) {
- proto_tree_add_text(parent_tree, tvb, offset, tvb_length_remaining(tvb, offset),
+ proto_tree_add_expert_format(parent_tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
"Invalid offset/length. Malformed packet");
col_append_str(pinfo->cinfo, COL_INFO, " [Malformed packet]");
return;
}
- /* if we dont want/need a subtree */
+ /* if we don't want/need a subtree */
if (olb->hfindex == -1) {
sub_item = parent_tree;
sub_tree = parent_tree;
return;
}
- sub_tvb = tvb_new_subset(tvb, off, MIN((int)len, tvb_length_remaining(tvb, off)), len);
+ sub_tvb = tvb_new_subset(tvb, off, MIN((int)len, tvb_captured_length_remaining(tvb, off)), len);
dissector(sub_tvb, pinfo, sub_tree, si);
}
int (*response)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si);
} smb2_function;
+static const true_false_string tfs_smb2_svhdx_has_initiator_id = {
+ "Has an initiator id",
+ "Does not have an initiator id"
+};
+
static const true_false_string tfs_flags_response = {
"This is a RESPONSE",
"This is a REQUEST"
"This is NOT a replay operation"
};
+static const true_false_string tfs_flags_priority_mask = {
+ "This pdu contains a PRIORITY",
+ "This pdu does NOT contain a PRIORITY1"
+};
+
static const true_false_string tfs_cap_dfs = {
"This host supports DFS",
"This host does NOT support DFS"
"This interface does not support RDMA"
};
+static const value_string file_region_usage_vals[] = {
+ { 0x00000001, "FILE_REGION_USAGE_VALID_CACHED_DATA" },
+ { 0, NULL }
+};
+
+static const value_string originator_flags_vals[] = {
+ { 1, "SVHDX_ORIGINATOR_PVHDPARSER" },
+ { 4, "SVHDX_ORIGINATOR_VHDMP" },
+ { 0, NULL }
+};
+
+static const value_string posix_locks_vals[] = {
+ { 1, "POSIX_V1_POSIX_LOCK" },
+ { 0, NULL }
+};
+
+static const value_string posix_utf8_paths_vals[] = {
+ { 1, "POSIX_V1_UTF8_PATHS" },
+ { 0, NULL }
+};
+
+static const value_string posix_file_semantics_vals[] = {
+ { 1, "POSIX_V1_POSIX_FILE_SEMANTICS" },
+ { 0, NULL }
+};
+
+static const value_string posix_case_sensitive_vals[] = {
+ { 1, "POSIX_V1_CASE_SENSITIVE" },
+ { 0, NULL }
+};
+
+static const value_string posix_will_convert_ntacls_vals[] = {
+ { 1, "POSIX_V1_WILL_CONVERT_NT_ACLS" },
+ { 0, NULL }
+};
+
+static const value_string posix_fileinfo_vals[] = {
+ { 1, "POSIX_V1_POSIX_FILEINFO" },
+ { 0, NULL }
+};
+
+static const value_string posix_acls_vals[] = {
+ { 1, "POSIX_V1_POSIX_ACLS" },
+ { 0, NULL }
+};
+
+static const value_string posix_rich_acls_vals[] = {
+ { 1, "POSIX_V1_RICH_ACLS" },
+ { 0, NULL }
+};
+
static const value_string compression_format_vals[] = {
- { 0, "COMPRESSION_FORMAT_NONE" },
- { 1, "COMPRESSION_FORMAT_DEFAULT" },
- { 2, "COMPRESSION_FORMAT_LZNT1" },
- { 0, NULL }
+ { 0, "COMPRESSION_FORMAT_NONE" },
+ { 1, "COMPRESSION_FORMAT_DEFAULT" },
+ { 2, "COMPRESSION_FORMAT_LZNT1" },
+ { 0, NULL }
};
+static const value_string checksum_algorithm_vals[] = {
+ { 0x0000, "CHECKSUM_TYPE_NONE" },
+ { 0x0002, "CHECKSUM_TYPE_CRC64" },
+ { 0xFFFF, "CHECKSUM_TYPE_UNCHANGED" },
+ { 0, NULL }
+};
+/* Note: All uncommented are "dissector not implemented" */
static const value_string smb2_ioctl_vals[] = {
- /* dissector implemented */
- {0x00060194, "FSCTL_DFS_GET_REFERRALS"},
- {0x0011C017, "FSCTL_PIPE_TRANSCEIVE"},
- {0x001401D4, "FSCTL_LMR_REQUEST_RESILIENCY"},
- {0x001401FC, "FSCTL_QUERY_NETWORK_INTERFACE_INFO"},
- {0x00140200, "FSCTL_VALIDATE_NEGOTIATE_INFO_224"},
- {0x00140204, "FSCTL_VALIDATE_NEGOTIATE_INFO"},
- {0x00144064, "FSCTL_GET_SHADOW_COPY_DATA"},
- {0x000900C0, "FSCTL_CREATE_OR_GET_OBJECT_ID"},
- {0x0009009C, "FSCTL_GET_OBJECT_ID"},
- {0x000980A0, "FSCTL_DELETE_OBJECT_ID"}, /* no data in/out */
- {0x00098098, "FSCTL_SET_OBJECT_ID"},
- {0x000980BC, "FSCTL_SET_OBJECT_ID_EXTENDED"},
- {0x0009003C, "FSCTL_GET_COMPRESSION"},
- {0x0009C040, "FSCTL_SET_COMPRESSION"},
-
- /* dissector not yet implemented */
- {0x001440F2, "FSCTL_SRV_COPYCHUNK"},
- {0x00140078, "FSCTL_SRV_REQUEST_RESUME_KEY"},
- {0x001441bb, "FSCTL_SRV_READ_HASH"},
- {0x001480F2, "FSCTL_SRV_COPYCHUNK_WRITE"},
- {0x00090000, "FSCTL_REQUEST_OPLOCK_LEVEL_1"},
- {0x00090004, "FSCTL_REQUEST_OPLOCK_LEVEL_2"},
- {0x00090008, "FSCTL_REQUEST_BATCH_OPLOCK"},
- {0x0009000C, "FSCTL_OPLOCK_BREAK_ACKNOWLEDGE"},
- {0x00090010, "FSCTL_OPBATCH_ACK_CLOSE_PENDING"},
- {0x00090014, "FSCTL_OPLOCK_BREAK_NOTIFY"},
- {0x00090018, "FSCTL_LOCK_VOLUME"},
- {0x0009001C, "FSCTL_UNLOCK_VOLUME"},
- {0x00090020, "FSCTL_DISMOUNT_VOLUME"},
- {0x00090028, "FSCTL_IS_VOLUME_MOUNTED"},
- {0x0009002C, "FSCTL_IS_PATHNAME_VALID"},
- {0x00090030, "FSCTL_MARK_VOLUME_DIRTY"},
- {0x0009003B, "FSCTL_QUERY_RETRIEVAL_POINTERS"},
- {0x0009004F, "FSCTL_MARK_AS_SYSTEM_HIVE"},
- {0x00090050, "FSCTL_OPLOCK_BREAK_ACK_NO_2"},
- {0x00090054, "FSCTL_INVALIDATE_VOLUMES"},
- {0x00090058, "FSCTL_QUERY_FAT_BPB"},
- {0x0009005C, "FSCTL_REQUEST_FILTER_OPLOCK"},
- {0x00090060, "FSCTL_FILESYSTEM_GET_STATISTICS"},
- {0x00090064, "FSCTL_GET_NTFS_VOLUME_DATA"},
- {0x00090068, "FSCTL_GET_NTFS_FILE_RECORD"},
- {0x0009006F, "FSCTL_GET_VOLUME_BITMAP"},
- {0x00090073, "FSCTL_GET_RETRIEVAL_POINTERS"},
- {0x00090074, "FSCTL_MOVE_FILE"},
- {0x00090078, "FSCTL_IS_VOLUME_DIRTY"},
- {0x0009007C, "FSCTL_GET_HFS_INFORMATION"},
- {0x00090083, "FSCTL_ALLOW_EXTENDED_DASD_IO"},
- {0x00090087, "FSCTL_READ_PROPERTY_DATA"},
- {0x0009008B, "FSCTL_WRITE_PROPERTY_DATA"},
- {0x0009008F, "FSCTL_FIND_FILES_BY_SID"},
- {0x00090097, "FSCTL_DUMP_PROPERTY_DATA"},
- {0x000980A4, "FSCTL_SET_REPARSE_POINT"},
- {0x000900A8, "FSCTL_GET_REPARSE_POINT"},
- {0x000980AC, "FSCTL_DELETE_REPARSE_POINT"},
- {0x000940B3, "FSCTL_ENUM_USN_DATA"},
- {0x000940B7, "FSCTL_SECURITY_ID_CHECK"},
- {0x000940BB, "FSCTL_READ_USN_JOURNAL"},
- {0x000980C4, "FSCTL_SET_SPARSE"},
- {0x000980C8, "FSCTL_SET_ZERO_DATA"},
- {0x000940CF, "FSCTL_QUERY_ALLOCATED_RANGES"},
- {0x000980D0, "FSCTL_ENABLE_UPGRADE"},
- {0x000900D4, "FSCTL_SET_ENCRYPTION"},
- {0x000900DB, "FSCTL_ENCRYPTION_FSCTL_IO"},
- {0x000900DF, "FSCTL_WRITE_RAW_ENCRYPTED"},
- {0x000900E3, "FSCTL_READ_RAW_ENCRYPTED"},
- {0x000940E7, "FSCTL_CREATE_USN_JOURNAL"},
- {0x000940EB, "FSCTL_READ_FILE_USN_DATA"},
- {0x000940EF, "FSCTL_WRITE_USN_CLOSE_RECORD"},
- {0x000900F0, "FSCTL_EXTEND_VOLUME"},
- { 0, NULL }
+ {0x00060194, "FSCTL_DFS_GET_REFERRALS"}, /* dissector implemented */
+ {0x00090000, "FSCTL_REQUEST_OPLOCK_LEVEL_1"},
+ {0x00090004, "FSCTL_REQUEST_OPLOCK_LEVEL_2"},
+ {0x00090008, "FSCTL_REQUEST_BATCH_OPLOCK"},
+ {0x0009000C, "FSCTL_OPLOCK_BREAK_ACKNOWLEDGE"},
+ {0x00090010, "FSCTL_OPBATCH_ACK_CLOSE_PENDING"},
+ {0x00090014, "FSCTL_OPLOCK_BREAK_NOTIFY"},
+ {0x00090018, "FSCTL_LOCK_VOLUME"},
+ {0x0009001C, "FSCTL_UNLOCK_VOLUME"},
+ {0x00090020, "FSCTL_DISMOUNT_VOLUME"},
+ {0x00090028, "FSCTL_IS_VOLUME_MOUNTED"},
+ {0x0009002C, "FSCTL_IS_PATHNAME_VALID"},
+ {0x00090030, "FSCTL_MARK_VOLUME_DIRTY"},
+ {0x0009003B, "FSCTL_QUERY_RETRIEVAL_POINTERS"},
+ {0x0009003C, "FSCTL_GET_COMPRESSION"}, /* dissector implemented */
+ {0x0009004F, "FSCTL_MARK_AS_SYSTEM_HIVE"},
+ {0x00090050, "FSCTL_OPLOCK_BREAK_ACK_NO_2"},
+ {0x00090054, "FSCTL_INVALIDATE_VOLUMES"},
+ {0x00090058, "FSCTL_QUERY_FAT_BPB"},
+ {0x0009005C, "FSCTL_REQUEST_FILTER_OPLOCK"},
+ {0x00090060, "FSCTL_FILESYSTEM_GET_STATISTICS"},
+ {0x00090064, "FSCTL_GET_NTFS_VOLUME_DATA"},
+ {0x00090068, "FSCTL_GET_NTFS_FILE_RECORD"},
+ {0x0009006F, "FSCTL_GET_VOLUME_BITMAP"},
+ {0x00090073, "FSCTL_GET_RETRIEVAL_POINTERS"},
+ {0x00090074, "FSCTL_MOVE_FILE"},
+ {0x00090078, "FSCTL_IS_VOLUME_DIRTY"},
+ {0x0009007C, "FSCTL_GET_HFS_INFORMATION"},
+ {0x00090083, "FSCTL_ALLOW_EXTENDED_DASD_IO"},
+ {0x00090087, "FSCTL_READ_PROPERTY_DATA"},
+ {0x0009008B, "FSCTL_WRITE_PROPERTY_DATA"},
+ {0x0009008F, "FSCTL_FIND_FILES_BY_SID"},
+ {0x00090097, "FSCTL_DUMP_PROPERTY_DATA"},
+ {0x0009009C, "FSCTL_GET_OBJECT_ID"}, /* dissector implemented */
+ {0x000900A8, "FSCTL_GET_REPARSE_POINT"},
+ {0x000900C0, "FSCTL_CREATE_OR_GET_OBJECT_ID"}, /* dissector implemented */
+ {0x000900D4, "FSCTL_SET_ENCRYPTION"},
+ {0x000900DB, "FSCTL_ENCRYPTION_FSCTL_IO"},
+ {0x000900DF, "FSCTL_WRITE_RAW_ENCRYPTED"},
+ {0x000900E3, "FSCTL_READ_RAW_ENCRYPTED"},
+ {0x000900F0, "FSCTL_EXTEND_VOLUME"},
+ {0x0009027C, "FSCTL_GET_INTEGRITY_INFORMATION"},
+ {0x00090284, "FSCTL_QUERY_FILE_REGIONS"},
+ {0x00090300, "FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT"}, /* dissector implemented */
+ {0x00090304, "FSCTL_SVHDX_SYNC_TUNNEL_REQUEST"}, /* dissector implemented */
+ {0x00090308, "FSCTL_SVHDX_SET_INITIATOR_INFORMATION"},
+ {0x0009030C, "FSCTL_SET_EXTERNAL_BACKING"},
+ {0x00090310, "FSCTL_GET_EXTERNAL_BACKING"},
+ {0x00090314, "FSCTL_DELETE_EXTERNAL_BACKING"},
+ {0x00090318, "FSCTL_ENUM_EXTERNAL_BACKING"},
+ {0x0009031F, "FSCTL_ENUM_OVERLAY"},
+ {0x000940B3, "FSCTL_ENUM_USN_DATA"},
+ {0x000940B7, "FSCTL_SECURITY_ID_CHECK"},
+ {0x000940BB, "FSCTL_READ_USN_JOURNAL"},
+ {0x000940CF, "FSCTL_QUERY_ALLOCATED_RANGES"},
+ {0x000940E7, "FSCTL_CREATE_USN_JOURNAL"},
+ {0x000940EB, "FSCTL_READ_FILE_USN_DATA"},
+ {0x000940EF, "FSCTL_WRITE_USN_CLOSE_RECORD"},
+ {0x00094264, "FSCTL_OFFLOAD_READ"},
+ {0x00098098, "FSCTL_SET_OBJECT_ID"}, /* dissector implemented */
+ {0x000980A0, "FSCTL_DELETE_OBJECT_ID"}, /* no data in/out */
+ {0x000980A4, "FSCTL_SET_REPARSE_POINT"},
+ {0x000980AC, "FSCTL_DELETE_REPARSE_POINT"},
+ {0x000980BC, "FSCTL_SET_OBJECT_ID_EXTENDED"}, /* dissector implemented */
+ {0x000980C4, "FSCTL_SET_SPARSE"},
+ {0x000980C8, "FSCTL_SET_ZERO_DATA"},
+ {0x000980D0, "FSCTL_ENABLE_UPGRADE"},
+ {0x0009C040, "FSCTL_SET_COMPRESSION"}, /* dissector implemented */
+ {0x0009C280, "FSCTL_SET_INTEGRITY_INFORMATION"}, /* dissector implemented */
+ {0x00110018, "FSCTL_PIPE_WAIT"}, /* dissector implemented */
+ {0x0011C017, "FSCTL_PIPE_TRANSCEIVE"}, /* dissector implemented */
+ {0x00140078, "FSCTL_SRV_REQUEST_RESUME_KEY"},
+ {0x001401D4, "FSCTL_LMR_REQUEST_RESILIENCY"}, /* dissector implemented */
+ {0x001401FC, "FSCTL_QUERY_NETWORK_INTERFACE_INFO"}, /* dissector implemented */
+ {0x00140200, "FSCTL_VALIDATE_NEGOTIATE_INFO_224"}, /* dissector implemented */
+ {0x00140204, "FSCTL_VALIDATE_NEGOTIATE_INFO"}, /* dissector implemented */
+ {0x00144064, "FSCTL_GET_SHADOW_COPY_DATA"}, /* dissector implemented */
+ {0x001440F2, "FSCTL_SRV_COPYCHUNK"},
+ {0x001441bb, "FSCTL_SRV_READ_HASH"},
+ {0x001480F2, "FSCTL_SRV_COPYCHUNK_WRITE"},
+ { 0, NULL }
};
-
+static value_string_ext smb2_ioctl_vals_ext = VALUE_STRING_EXT_INIT(smb2_ioctl_vals);
static const value_string smb2_ioctl_device_vals[] = {
- { 0x0001, "BEEP" },
- { 0x0002, "CD_ROM" },
- { 0x0003, "CD_ROM_FILE_SYSTEM" },
- { 0x0004, "CONTROLLER" },
- { 0x0005, "DATALINK" },
- { 0x0006, "DFS" },
- { 0x0007, "DISK" },
- { 0x0008, "DISK_FILE_SYSTEM" },
- { 0x0009, "FILE_SYSTEM" },
- { 0x000a, "INPORT_PORT" },
- { 0x000b, "KEYBOARD" },
- { 0x000c, "MAILSLOT" },
- { 0x000d, "MIDI_IN" },
- { 0x000e, "MIDI_OUT" },
- { 0x000f, "MOUSE" },
- { 0x0010, "MULTI_UNC_PROVIDER" },
- { 0x0011, "NAMED_PIPE" },
- { 0x0012, "NETWORK" },
- { 0x0013, "NETWORK_BROWSER" },
- { 0x0014, "NETWORK_FILE_SYSTEM" },
- { 0x0015, "NULL" },
- { 0x0016, "PARALLEL_PORT" },
- { 0x0017, "PHYSICAL_NETCARD" },
- { 0x0018, "PRINTER" },
- { 0x0019, "SCANNER" },
- { 0x001a, "SERIAL_MOUSE_PORT" },
- { 0x001b, "SERIAL_PORT" },
- { 0x001c, "SCREEN" },
- { 0x001d, "SOUND" },
- { 0x001e, "STREAMS" },
- { 0x001f, "TAPE" },
- { 0x0020, "TAPE_FILE_SYSTEM" },
- { 0x0021, "TRANSPORT" },
- { 0x0022, "UNKNOWN" },
- { 0x0023, "VIDEO" },
- { 0x0024, "VIRTUAL_DISK" },
- { 0x0025, "WAVE_IN" },
- { 0x0026, "WAVE_OUT" },
- { 0x0027, "8042_PORT" },
- { 0x0028, "NETWORK_REDIRECTOR" },
- { 0x0029, "BATTERY" },
- { 0x002a, "BUS_EXTENDER" },
- { 0x002b, "MODEM" },
- { 0x002c, "VDM" },
- { 0x002d, "MASS_STORAGE" },
- { 0x002e, "SMB" },
- { 0x002f, "KS" },
- { 0x0030, "CHANGER" },
- { 0x0031, "SMARTCARD" },
- { 0x0032, "ACPI" },
- { 0x0033, "DVD" },
- { 0x0034, "FULLSCREEN_VIDEO" },
- { 0x0035, "DFS_FILE_SYSTEM" },
- { 0x0036, "DFS_VOLUME" },
- { 0x0037, "SERENUM" },
- { 0x0038, "TERMSRV" },
- { 0x0039, "KSEC" },
- { 0, NULL }
+ { 0x0001, "BEEP" },
+ { 0x0002, "CD_ROM" },
+ { 0x0003, "CD_ROM_FILE_SYSTEM" },
+ { 0x0004, "CONTROLLER" },
+ { 0x0005, "DATALINK" },
+ { 0x0006, "DFS" },
+ { 0x0007, "DISK" },
+ { 0x0008, "DISK_FILE_SYSTEM" },
+ { 0x0009, "FILE_SYSTEM" },
+ { 0x000a, "INPORT_PORT" },
+ { 0x000b, "KEYBOARD" },
+ { 0x000c, "MAILSLOT" },
+ { 0x000d, "MIDI_IN" },
+ { 0x000e, "MIDI_OUT" },
+ { 0x000f, "MOUSE" },
+ { 0x0010, "MULTI_UNC_PROVIDER" },
+ { 0x0011, "NAMED_PIPE" },
+ { 0x0012, "NETWORK" },
+ { 0x0013, "NETWORK_BROWSER" },
+ { 0x0014, "NETWORK_FILE_SYSTEM" },
+ { 0x0015, "NULL" },
+ { 0x0016, "PARALLEL_PORT" },
+ { 0x0017, "PHYSICAL_NETCARD" },
+ { 0x0018, "PRINTER" },
+ { 0x0019, "SCANNER" },
+ { 0x001a, "SERIAL_MOUSE_PORT" },
+ { 0x001b, "SERIAL_PORT" },
+ { 0x001c, "SCREEN" },
+ { 0x001d, "SOUND" },
+ { 0x001e, "STREAMS" },
+ { 0x001f, "TAPE" },
+ { 0x0020, "TAPE_FILE_SYSTEM" },
+ { 0x0021, "TRANSPORT" },
+ { 0x0022, "UNKNOWN" },
+ { 0x0023, "VIDEO" },
+ { 0x0024, "VIRTUAL_DISK" },
+ { 0x0025, "WAVE_IN" },
+ { 0x0026, "WAVE_OUT" },
+ { 0x0027, "8042_PORT" },
+ { 0x0028, "NETWORK_REDIRECTOR" },
+ { 0x0029, "BATTERY" },
+ { 0x002a, "BUS_EXTENDER" },
+ { 0x002b, "MODEM" },
+ { 0x002c, "VDM" },
+ { 0x002d, "MASS_STORAGE" },
+ { 0x002e, "SMB" },
+ { 0x002f, "KS" },
+ { 0x0030, "CHANGER" },
+ { 0x0031, "SMARTCARD" },
+ { 0x0032, "ACPI" },
+ { 0x0033, "DVD" },
+ { 0x0034, "FULLSCREEN_VIDEO" },
+ { 0x0035, "DFS_FILE_SYSTEM" },
+ { 0x0036, "DFS_VOLUME" },
+ { 0x0037, "SERENUM" },
+ { 0x0038, "TERMSRV" },
+ { 0x0039, "KSEC" },
+ { 0, NULL }
};
+static value_string_ext smb2_ioctl_device_vals_ext = VALUE_STRING_EXT_INIT(smb2_ioctl_device_vals);
static const value_string smb2_ioctl_access_vals[] = {
- { 0x00, "FILE_ANY_ACCESS" },
- { 0x01, "FILE_READ_ACCESS" },
- { 0x02, "FILE_WRITE_ACCESS" },
- { 0x03, "FILE_READ_WRITE_ACCESS" },
- { 0, NULL }
+ { 0x00, "FILE_ANY_ACCESS" },
+ { 0x01, "FILE_READ_ACCESS" },
+ { 0x02, "FILE_WRITE_ACCESS" },
+ { 0x03, "FILE_READ_WRITE_ACCESS" },
+ { 0, NULL }
};
static const value_string smb2_ioctl_method_vals[] = {
- { 0x00, "METHOD_BUFFERED" },
- { 0x01, "METHOD_IN_DIRECT" },
- { 0x02, "METHOD_OUT_DIRECT" },
- { 0x03, "METHOD_NEITHER" },
- { 0, NULL }
+ { 0x00, "METHOD_BUFFERED" },
+ { 0x01, "METHOD_IN_DIRECT" },
+ { 0x02, "METHOD_OUT_DIRECT" },
+ { 0x03, "METHOD_NEITHER" },
+ { 0, NULL }
};
/* this is called from both smb and smb2. */
*ioctlfunc = ioctl_function;
if (ioctl_function) {
const gchar *unknown = "unknown";
- const gchar *ioctl_name = val_to_str_const(ioctl_function,
- smb2_ioctl_vals,
- unknown);
+ const gchar *ioctl_name = val_to_str_ext_const(ioctl_function,
+ &smb2_ioctl_vals_ext,
+ unknown);
/*
* val_to_str_const() doesn't work with a unknown == NULL
ioctl_name = NULL;
}
- if (check_col(pinfo->cinfo, COL_INFO) && ioctl_name != NULL) {
+ if (ioctl_name != NULL) {
col_append_fstr(
pinfo->cinfo, COL_INFO, " %s", ioctl_name);
}
/* device */
proto_tree_add_item(tree, hf_smb2_ioctl_function_device, tvb, offset, 4, ENC_LITTLE_ENDIAN);
- if (check_col(pinfo->cinfo, COL_INFO) && ioctl_name == NULL) {
+ if (ioctl_name == NULL) {
col_append_fstr(
pinfo->cinfo, COL_INFO, " %s",
- val_to_str((ioctl_function>>16)&0xffff, smb2_ioctl_device_vals,
+ val_to_str_ext((ioctl_function>>16)&0xffff, &smb2_ioctl_device_vals_ext,
"Unknown (0x%08X)"));
}
/* function */
proto_tree_add_item(tree, hf_smb2_ioctl_function_function, tvb, offset, 4, ENC_LITTLE_ENDIAN);
- if (check_col(pinfo->cinfo, COL_INFO) && ioctl_name == NULL) {
+ if (ioctl_name == NULL) {
col_append_fstr(
pinfo->cinfo, COL_INFO, " Function:0x%04x",
(ioctl_function>>2)&0x0fff);
guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
static dcerpc_info di; /* fake dcerpc_info struct */
static dcerpc_call_value call_data;
- void *old_private_data;
e_ctx_hnd policy_hnd;
+ e_ctx_hnd *policy_hnd_hashtablekey;
proto_item *hnd_item = NULL;
char *fid_name;
guint32 open_frame = 0, close_frame = 0;
+ smb2_eo_file_info_t *eo_file_info;
+ smb2_fid_info_t sfi_key;
+ smb2_fid_info_t *sfi = NULL;
+
+ sfi_key.fid_persistent = tvb_get_letoh64(tvb, offset);
+ sfi_key.fid_volatile = tvb_get_letoh64(tvb, offset+8);
+ sfi_key.sesid = si->sesid;
+ sfi_key.tid = si->tid;
+ sfi_key.name = NULL;
di.conformant_run = 0;
/* we need di->call_data->flags.NDR64 == 0 */
di.call_data = &call_data;
- old_private_data = pinfo->private_data;
- pinfo->private_data = &di;
switch (mode) {
case FID_MODE_OPEN:
- offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, drep, hf_smb2_fid, &policy_hnd, &hnd_item, TRUE, FALSE);
+ offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid, &policy_hnd, &hnd_item, TRUE, FALSE);
if (!pinfo->fd->flags.visited) {
+ sfi = wmem_new(wmem_file_scope(), smb2_fid_info_t);
+ *sfi = sfi_key;
if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
- fid_name = se_strdup_printf("File: %s", (char *)si->saved->extra_info);
+ sfi->name = wmem_strdup(wmem_file_scope(), (char *)si->saved->extra_info);
} else {
- fid_name = se_strdup_printf("File: ");
+ sfi->name = wmem_strdup_printf(wmem_file_scope(), "[unknown]");
+ }
+ sfi->open_frame = pinfo->fd->num;
+
+ if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
+ fid_name = wmem_strdup_printf(wmem_file_scope(), "File: %s", (char *)si->saved->extra_info);
+ } else {
+ fid_name = wmem_strdup_printf(wmem_file_scope(), "File: ");
}
dcerpc_store_polhnd_name(&policy_hnd, pinfo,
fid_name);
+
+ g_hash_table_insert(si->conv->fids, sfi, sfi);
+ si->file = sfi;
+
+ /* If needed, create the file entry and save the policy hnd */
+ if (si->saved) {
+ si->saved->file = sfi;
+ si->saved->policy_hnd = policy_hnd;
+ }
+
+ if (si->conv) {
+ eo_file_info = (smb2_eo_file_info_t *)g_hash_table_lookup(si->conv->files,&policy_hnd);
+ if (!eo_file_info) {
+ eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
+ policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
+ memcpy(policy_hnd_hashtablekey, &policy_hnd, sizeof(e_ctx_hnd));
+ eo_file_info->end_of_file=0;
+ g_hash_table_insert(si->conv->files,policy_hnd_hashtablekey,eo_file_info);
+ }
+ si->eo_file_info=eo_file_info;
+ }
}
break;
case FID_MODE_CLOSE:
- offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, drep, hf_smb2_fid, &policy_hnd, &hnd_item, FALSE, TRUE);
+ offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid, &policy_hnd, &hnd_item, FALSE, TRUE);
break;
case FID_MODE_USE:
case FID_MODE_DHNQ:
case FID_MODE_DHNC:
- offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, drep, hf_smb2_fid, &policy_hnd, &hnd_item, FALSE, FALSE);
+ offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid, &policy_hnd, &hnd_item, FALSE, FALSE);
break;
}
- pinfo->private_data = old_private_data;
-
-
- /* put the filename in col_info */
- if (dcerpc_fetch_polhnd_data(&policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->fd->num)) {
- if (fid_name) {
+ si->file = (smb2_fid_info_t *)g_hash_table_lookup(si->conv->fids, &sfi_key);
+ if (si->file) {
+ if (si->saved) {
+ si->saved->file = si->file;
+ }
+ if (si->file->name) {
if (hnd_item) {
- proto_item_append_text(hnd_item, " %s", fid_name);
+ proto_item_append_text(hnd_item, " File: %s", si->file->name);
}
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " %s", fid_name);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " File: %s", si->file->name);
+ }
+ }
+
+ if (dcerpc_fetch_polhnd_data(&policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->fd->num)) {
+ /* look for the eo_file_info */
+ if (!si->eo_file_info) {
+ if (si->saved) { si->saved->policy_hnd = policy_hnd; }
+ if (si->conv) {
+ eo_file_info = (smb2_eo_file_info_t *)g_hash_table_lookup(si->conv->files,&policy_hnd);
+ if (eo_file_info) {
+ si->eo_file_info=eo_file_info;
+ } else { /* XXX This should never happen */
+ eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
+ policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
+ memcpy(policy_hnd_hashtablekey, &policy_hnd, sizeof(e_ctx_hnd));
+ eo_file_info->end_of_file=0;
+ g_hash_table_insert(si->conv->files,policy_hnd_hashtablekey,eo_file_info);
+ }
}
+
}
}
/* file name length */
length = tvb_get_letohs(tvb, offset);
- proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- offset += 2;
-
- /* some unknown bytes */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
- offset += 2;
+ proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
/* file name */
if (length) {
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
name = get_unicode_or_ascii_string(tvb, &offset,
TRUE, &length, TRUE, TRUE, &bc);
if (name) {
}
offset += length;
-
return offset;
}
tree = proto_item_add_subtree(item, ett_smb2_file_allocation_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qsfi_SMB_FILE_ALLOCATION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_endoffile_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qsfi_SMB_FILE_ENDOFFILE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_alternate_name_info);
}
- bc = tvb_length_remaining(tvb, offset);
- offset = dissect_qfi_SMB_FILE_NAME_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
+ bc = tvb_captured_length_remaining(tvb, offset);
+ offset = dissect_qfi_SMB_FILE_NAME_INFO(tvb, pinfo, tree, offset, &bc, &trunc, /* XXX assumption hack */ TRUE);
return offset;
}
tree = proto_item_add_subtree(item, ett_smb2_file_standard_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_internal_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfi_SMB_FILE_INTERNAL_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_mode_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qsfi_SMB_FILE_MODE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_alignment_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfi_SMB_FILE_ALIGNMENT_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_position_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qsfi_SMB_FILE_POSITION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_ea_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfi_SMB_FILE_EA_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_stream_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfi_SMB_FILE_STREAM_INFO(tvb, pinfo, tree, offset, &bc, &trunc, TRUE);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_pipe_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_sfi_SMB_FILE_PIPE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_file_compression_info);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfi_SMB_FILE_NETWORK_OPEN_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfi_SMB_FILE_ATTRIBUTE_TAG_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
return offset;
}
static int
-dissect_smb2_file_info_0f(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
+dissect_smb2_file_full_ea_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
guint32 next_offset;
- guint8 ea_name_len, ea_data_len;
+ guint8 ea_name_len;
+ guint16 ea_data_len;
if (parent_tree) {
- item = proto_tree_add_item(parent_tree, hf_smb2_file_info_0f, tvb, offset, -1, ENC_NA);
- tree = proto_item_add_subtree(item, ett_smb2_file_info_0f);
+ item = proto_tree_add_item(parent_tree, hf_smb2_file_full_ea_info, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_smb2_file_full_ea_info);
}
while (1) {
const char *data = "";
guint16 bc;
int start_offset = offset;
- proto_item *ea_item = NULL;
- proto_tree *ea_tree = NULL;
+ proto_item *ea_item;
+ proto_tree *ea_tree;
- if (tree) {
- ea_item = proto_tree_add_text(tree, tvb, offset, -1, "EA:");
- ea_tree = proto_item_add_subtree(ea_item, ett_smb2_ea);
- }
+ ea_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_ea, &ea_item, "EA:");
/* next offset */
next_offset = tvb_get_letohl(tvb, offset);
offset += 1;
/* EA Data Length */
- ea_data_len = tvb_get_guint8(tvb, offset);
- proto_tree_add_item(ea_tree, hf_smb2_ea_data_len, tvb, offset, 1, ENC_LITTLE_ENDIAN);
- offset += 1;
-
- /* some unknown bytes */
- proto_tree_add_item(ea_tree, hf_smb2_unknown, tvb, offset, 1, ENC_NA);
- offset += 1;
+ ea_data_len = tvb_get_letohs(tvb, offset);
+ proto_tree_add_item(ea_tree, hf_smb2_ea_data_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
/* ea name */
length = ea_name_len;
if (length) {
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
name = get_unicode_or_ascii_string(tvb, &offset,
FALSE, &length, TRUE, TRUE, &bc);
if (name) {
proto_tree_add_string(ea_tree, hf_smb2_ea_name, tvb,
- offset, length, name);
+ offset, length + 1, name);
}
}
- offset += ea_name_len;
- /* separator byte */
- offset += 1;
+ /* The name is terminated with a NULL */
+ offset += ea_name_len + 1;
/* ea data */
length = ea_data_len;
if (length) {
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
data = get_unicode_or_ascii_string(tvb, &offset,
FALSE, &length, TRUE, TRUE, &bc);
- if (data) {
- proto_tree_add_string(ea_tree, hf_smb2_ea_data, tvb,
- offset, length, data);
- }
+ /*
+ * We put the data here ...
+ */
+ proto_tree_add_item(ea_tree, hf_smb2_ea_data, tvb,
+ offset, length, ENC_NA);
}
offset += ea_data_len;
if (!next_offset) {
break;
}
- if (next_offset>256) {
- break;
- }
offset = start_offset+next_offset;
}
return offset;
}
+static const true_false_string tfs_replace_if_exists = {
+ "Replace the target if it exists",
+ "Fail if the target exists"
+};
+
static int
dissect_smb2_file_rename_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
tree = proto_item_add_subtree(item, ett_smb2_file_rename_info);
}
- /* some unknown bytes */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 16, ENC_NA);
- offset += 16;
+ /* ReplaceIfExists */
+ proto_tree_add_item(tree, hf_smb2_replace_if, tvb, offset, 1, ENC_NA);
+ offset += 1;
+
+ /* reserved */
+ proto_tree_add_item(tree, hf_smb2_reserved_random, tvb, offset, 7, ENC_NA);
+ offset += 7;
+
+ /* Root Directory Handle, MBZ */
+ proto_tree_add_item(tree, hf_smb2_root_directory_mbz, tvb, offset, 8, ENC_NA);
+ offset += 8;
/* file name length */
length = tvb_get_letohs(tvb, offset);
- proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- offset += 2;
-
- /* some unknown bytes */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
- offset += 2;
+ proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
/* file name */
if (length) {
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
name = get_unicode_or_ascii_string(tvb, &offset,
TRUE, &length, TRUE, TRUE, &bc);
if (name) {
offset, length, name);
}
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " NewName:%s",
- name);
- }
+ col_append_fstr(pinfo->cinfo, COL_INFO, " NewName:%s", name);
}
offset += length;
- /* some unknown bytes */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 4, ENC_NA);
- offset += 4;
-
return offset;
}
}
/* security descriptor */
- offset = dissect_nt_sec_desc(tvb, offset, pinfo, tree, NULL, TRUE, tvb_length_remaining(tvb, offset), NULL);
+ offset = dissect_nt_sec_desc(tvb, offset, pinfo, tree, NULL, TRUE, tvb_captured_length_remaining(tvb, offset), NULL);
return offset;
}
tree = proto_item_add_subtree(item, ett_smb2_fs_info_05);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfsi_FS_ATTRIBUTE_INFO(tvb, pinfo, tree, offset, &bc, TRUE);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_fs_info_06);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_nt_quota(tvb, tree, offset, &bc);
return offset;
tree = proto_item_add_subtree(item, ett_smb2_fs_info_07);
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfsi_FS_FULL_SIZE_INFO(tvb, pinfo, tree, offset, &bc);
return offset;
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfsi_FS_VOLUME_INFO(tvb, pinfo, tree, offset, &bc, TRUE);
return offset;
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfsi_FS_SIZE_INFO(tvb, pinfo, tree, offset, &bc);
return offset;
}
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
offset = dissect_qfsi_FS_DEVICE_INFO(tvb, pinfo, tree, offset, &bc);
return offset;
}
static int
-dissect_smb2_buffercode(proto_tree *tree, tvbuff_t *tvb, int offset, guint16 *length)
+dissect_smb2_buffercode(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint16 *length)
{
+ proto_tree *tree;
+ proto_item *item;
guint16 buffer_code;
/* dissect the first 2 bytes of the command PDU */
buffer_code = tvb_get_letohs(tvb, offset);
- proto_tree_add_uint(tree, hf_smb2_buffer_code_len, tvb, offset, 2, buffer_code&0xfffe);
+ item = proto_tree_add_uint(parent_tree, hf_smb2_buffer_code, tvb, offset, 2, buffer_code);
+ tree = proto_item_add_subtree(item, ett_smb2_buffercode);
+ proto_tree_add_item(tree, hf_smb2_buffer_code_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
proto_tree_add_item(tree, hf_smb2_buffer_code_flags_dyn, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
static int
dissect_smb2_capabilities(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
- guint32 cap;
- proto_item *item = NULL;
- proto_tree *tree = NULL;
-
- cap = tvb_get_letohl(tvb, offset);
-
- item = proto_tree_add_item(parent_tree, hf_smb2_capabilities, tvb, offset, 4, ENC_LITTLE_ENDIAN);
- tree = proto_item_add_subtree(item, ett_smb2_capabilities);
-
-
- proto_tree_add_boolean(tree, hf_smb2_cap_dfs, tvb, offset, 4, cap);
- proto_tree_add_boolean(tree, hf_smb2_cap_leasing, tvb, offset, 4, cap);
- proto_tree_add_boolean(tree, hf_smb2_cap_large_mtu, tvb, offset, 4, cap);
- proto_tree_add_boolean(tree, hf_smb2_cap_multi_channel, tvb, offset, 4, cap);
- proto_tree_add_boolean(tree, hf_smb2_cap_persistent_handles, tvb, offset, 4, cap);
- proto_tree_add_boolean(tree, hf_smb2_cap_directory_leasing, tvb, offset, 4, cap);
- proto_tree_add_boolean(tree, hf_smb2_cap_encryption, tvb, offset, 4, cap);
+ static const int * flags[] = {
+ &hf_smb2_cap_dfs,
+ &hf_smb2_cap_leasing,
+ &hf_smb2_cap_large_mtu,
+ &hf_smb2_cap_multi_channel,
+ &hf_smb2_cap_persistent_handles,
+ &hf_smb2_cap_directory_leasing,
+ &hf_smb2_cap_encryption,
+ NULL
+ };
+ proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_capabilities, ett_smb2_capabilities, flags, ENC_LITTLE_ENDIAN);
offset += 4;
return offset;
static int
dissect_smb2_secmode(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
- guint8 sm;
- proto_item *item = NULL;
- proto_tree *tree = NULL;
-
- sm = tvb_get_guint8(tvb, offset);
-
- item = proto_tree_add_item(parent_tree, hf_smb2_security_mode, tvb, offset, 1, ENC_LITTLE_ENDIAN);
- tree = proto_item_add_subtree(item, ett_smb2_sec_mode);
-
-
- proto_tree_add_boolean(tree, hf_smb2_secmode_flags_sign_required, tvb, offset, 1, sm);
- proto_tree_add_boolean(tree, hf_smb2_secmode_flags_sign_enabled, tvb, offset, 1, sm);
-
+ static const int * flags[] = {
+ &hf_smb2_secmode_flags_sign_enabled,
+ &hf_smb2_secmode_flags_sign_required,
+ NULL
+ };
+ proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_security_mode, ett_smb2_sec_mode, flags, ENC_LITTLE_ENDIAN);
offset += 1;
return offset;
static int
dissect_smb2_ses_req_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
- guint8 sf;
- proto_item *item = NULL;
- proto_tree *tree = NULL;
-
- sf = tvb_get_guint8(tvb, offset);
-
- item = proto_tree_add_item(parent_tree, hf_smb2_ses_req_flags, tvb, offset, 1, ENC_LITTLE_ENDIAN);
- tree = proto_item_add_subtree(item, ett_smb2_ses_req_flags);
-
- proto_tree_add_boolean(tree, hf_smb2_ses_req_flags_session_binding, tvb, offset, 1, sf);
+ static const int * flags[] = {
+ &hf_smb2_ses_req_flags_session_binding,
+ NULL
+ };
+ proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_ses_req_flags, ett_smb2_ses_req_flags, flags, ENC_LITTLE_ENDIAN);
offset += 1;
return offset;
static int
dissect_smb2_ses_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
- guint16 sf;
- proto_item *item = NULL;
- proto_tree *tree = NULL;
-
- sf = tvb_get_letohs(tvb, offset);
-
- item = proto_tree_add_item(parent_tree, hf_smb2_session_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- tree = proto_item_add_subtree(item, ett_smb2_ses_flags);
-
-
- proto_tree_add_boolean(tree, hf_smb2_ses_flags_null, tvb, offset, 2, sf);
- proto_tree_add_boolean(tree, hf_smb2_ses_flags_guest, tvb, offset, 2, sf);
-
+ static const int * flags[] = {
+ &hf_smb2_ses_flags_guest,
+ &hf_smb2_ses_flags_null,
+ NULL
+ };
+ proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_session_flags, ett_smb2_ses_flags, flags, ENC_LITTLE_ENDIAN);
offset += 2;
return offset;
static void
dissect_smb2_secblob(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
{
- if ((tvb_length(tvb)>=7)
+ if ((tvb_captured_length(tvb)>=7)
&& (!tvb_memeql(tvb, 0, "NTLMSSP", 7))) {
call_dissector(ntlmssp_handle, tvb, pinfo, tree);
} else {
if (!ntlmssp_tap_id) {
GString *error_string;
- /* We dont specify any callbacks at all.
+ /* We don't specify any callbacks at all.
* Instead we manually fetch the tapped data after the
* security blob has been fully dissected and before
* we exit from this dissector.
/* If we have found a uid->acct_name mapping, store it */
if (!pinfo->fd->flags.visited) {
idx = 0;
- while ((ntlmssph = fetch_tapped_data(ntlmssp_tap_id, idx++)) != NULL) {
+ while ((ntlmssph = (const ntlmssp_header_t *)fetch_tapped_data(ntlmssp_tap_id, idx++)) != NULL) {
if (ntlmssph && ntlmssph->type == NTLMSSP_AUTH) {
- static const gint8 zeros[NTLMSSP_KEY_LEN];
smb2_sesid_info_t *sesid;
- sesid = se_alloc(sizeof(smb2_sesid_info_t));
+ sesid = wmem_new(wmem_file_scope(), smb2_sesid_info_t);
sesid->sesid = si->sesid;
- sesid->acct_name = se_strdup(ntlmssph->acct_name);
- sesid->domain_name = se_strdup(ntlmssph->domain_name);
- sesid->host_name = se_strdup(ntlmssph->host_name);
+ sesid->acct_name = wmem_strdup(wmem_file_scope(), ntlmssph->acct_name);
+ sesid->domain_name = wmem_strdup(wmem_file_scope(), ntlmssph->domain_name);
+ sesid->host_name = wmem_strdup(wmem_file_scope(), ntlmssph->host_name);
if (memcmp(ntlmssph->session_key, zeros, NTLMSSP_KEY_LEN) != 0) {
smb2_key_derivation(ntlmssph->session_key,
NTLMSSP_KEY_LEN,
offset = dissect_smb2_olb_tvb_max_offset(offset, &s_olb);
+ /* If we have found a uid->acct_name mapping, store it */
+#ifdef HAVE_KERBEROS
+ if (!pinfo->fd->flags.visited && si->status == 0) {
+ enc_key_t *ek;
+
+ if (krb_decrypt) {
+ read_keytab_file_from_preferences();
+ }
+
+ for (ek=enc_key_list;ek;ek=ek->next) {
+ if (ek->fd_num == (int)pinfo->fd->num) {
+ break;
+ }
+ }
+
+ if (ek != NULL) {
+ smb2_sesid_info_t *sesid;
+ guint8 session_key[16] = { 0, };
+
+ memcpy(session_key, ek->keyvalue, MIN(ek->keylength, 16));
+
+ sesid = wmem_new(wmem_file_scope(), smb2_sesid_info_t);
+ sesid->sesid = si->sesid;
+ /* TODO: fill in the correct information */
+ sesid->acct_name = NULL;
+ sesid->domain_name = NULL;
+ sesid->host_name = NULL;
+ smb2_key_derivation(session_key, sizeof(session_key),
+ "SMB2AESCCM", 11,
+ "ServerIn ", 10,
+ sesid->server_decryption_key);
+ smb2_key_derivation(session_key, sizeof(session_key),
+ "SMB2AESCCM", 11,
+ "ServerOut", 10,
+ sesid->client_decryption_key);
+ sesid->server_port = pinfo->srcport;
+ sesid->auth_frame = pinfo->fd->num;
+ sesid->tids = g_hash_table_new(smb2_tid_info_hash, smb2_tid_info_equal);
+ g_hash_table_insert(si->conv->sesids, sesid, sesid);
+ }
+ }
+#endif
+
return offset;
}
*/
if (!pinfo->fd->flags.visited && si->saved && buf && olb.len) {
si->saved->extra_info_type = SMB2_EI_TREENAME;
- si->saved->extra_info = se_alloc(olb.len+1);
+ si->saved->extra_info = wmem_alloc(wmem_file_scope(), olb.len+1);
g_snprintf((char *)si->saved->extra_info,olb.len+1,"%s",buf);
}
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " Tree: %s", buf);
- }
-
+ col_append_fstr(pinfo->cinfo, COL_INFO, " Tree: %s", buf);
return offset;
}
smb2_tid_info_t *tid, tid_key;
tid_key.tid = si->tid;
- tid = g_hash_table_lookup(si->session->tids, &tid_key);
+ tid = (smb2_tid_info_t *)g_hash_table_lookup(si->session->tids, &tid_key);
if (tid) {
g_hash_table_remove(si->session->tids, &tid_key);
}
- tid = se_alloc(sizeof(smb2_tid_info_t));
+ tid = wmem_new(wmem_file_scope(), smb2_tid_info_t);
tid->tid = si->tid;
tid->name = (char *)si->saved->extra_info;
tid->connect_frame = pinfo->fd->num;
return offset;
}
+static const value_string notify_action_vals[] = {
+ {0x01, "FILE_ACTION_ADDED"},
+ {0x02, "FILE_ACTION_REMOVED"},
+ {0x03, "FILE_ACTION_MODIFIED"},
+ {0x04, "FILE_ACTION_RENAMED_OLD_NAME"},
+ {0x05, "FILE_ACTION_RENAMED_NEW_NAME"},
+ {0x06, "FILE_ACTION_ADDED_STREAM"},
+ {0x07, "FILE_ACTION_REMOVED_STREAM"},
+ {0x08, "FILE_ACTION_MODIFIED_STREAM"},
+ {0x09, "FILE_ACTION_REMOVED_BY_DELETE"},
+ {0, NULL}
+};
+
static void
-dissect_smb2_notify_data_out(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
+dissect_smb2_notify_data_out(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
{
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_length(tvb), ENC_NA);
+ proto_tree *tree = NULL;
+ proto_item *item = NULL;
+ int offset = 0;
+
+ while (tvb_reported_length_remaining(tvb, offset) > 4) {
+ guint32 start_offset = offset;
+ guint32 next_offset;
+ guint32 length;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_smb2_notify_info, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_smb2_notify_info);
+ }
+
+ /* next offset */
+ proto_tree_add_item_ret_uint(tree, hf_smb2_notify_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &next_offset);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_notify_action, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ /* file name length */
+ proto_tree_add_item_ret_uint(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN, &length);
+ offset += 4;
+
+ /* file name */
+ if (length) {
+ const guchar *name = "";
+ guint16 bc;
+
+ bc = tvb_reported_length_remaining(tvb, offset);
+ name = get_unicode_or_ascii_string(tvb, &offset,
+ TRUE, &length, TRUE, TRUE, &bc);
+ if (name) {
+ proto_tree_add_string(tree, hf_smb2_filename,
+ tvb, offset, length,
+ name);
+ }
+
+ offset += length;
+ }
+
+ if (!next_offset) {
+ break;
+ }
+
+ offset = start_offset+next_offset;
+ }
}
static int
g_snprintf((char *)si->saved->extra_info,olb.len+1,"%s",buf);
}
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " %s Pattern: %s",
+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s Pattern: %s",
val_to_str(il, smb2_find_info_levels, "(Level:0x%02x)"),
buf);
- }
return offset;
}
const char *name = NULL;
guint16 bc;
- while (tvb_length_remaining(tvb, offset) > 4) {
+ while (tvb_reported_length_remaining(tvb, offset) > 4) {
int old_offset = offset;
int next_offset;
int file_name_len;
offset = old_offset+next_offset;
if (offset < old_offset) {
- proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset),
+ proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
"Invalid offset/length. Malformed packet");
return;
}
const char *name = NULL;
guint16 bc;
- while (tvb_length_remaining(tvb, offset) > 4) {
+ while (tvb_reported_length_remaining(tvb, offset) > 4) {
int old_offset = offset;
int next_offset;
int file_name_len;
offset = old_offset+next_offset;
if (offset < old_offset) {
- proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset),
+ proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
"Invalid offset/length. Malformed packet");
return;
}
const char *name = NULL;
guint16 bc;
- while (tvb_length_remaining(tvb, offset) > 4) {
+ while (tvb_reported_length_remaining(tvb, offset) > 4) {
int old_offset = offset;
int next_offset;
int file_name_len;
offset = old_offset+next_offset;
if (offset < old_offset) {
- proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset),
+ proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
"Invalid offset/length. Malformed packet");
return;
}
const char *name = NULL;
guint16 bc;
- while (tvb_length_remaining(tvb, offset) > 4) {
+ while (tvb_reported_length_remaining(tvb, offset) > 4) {
int old_offset = offset;
int next_offset;
int file_name_len;
offset = old_offset+next_offset;
if (offset < old_offset) {
- proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset),
+ proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
"Invalid offset/length. Malformed packet");
return;
}
const char *name = NULL;
guint16 bc;
- while (tvb_length_remaining(tvb, offset) > 4) {
+ while (tvb_reported_length_remaining(tvb, offset) > 4) {
int old_offset = offset;
int next_offset;
int file_name_len;
offset = old_offset+next_offset;
if (offset < old_offset) {
- proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset),
+ proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
"Invalid offset/length. Malformed packet");
return;
}
smb2_find_dissector_t *dis = smb2_find_dissectors;
while (dis->dissector) {
- if (si && si->saved && si->saved) {
- if (dis->level ==si->saved->infolevel) {
+ if (si && si->saved) {
+ if (dis->level == si->saved->infolevel) {
dis->dissector(tvb, pinfo, tree, si);
return;
}
dis++;
}
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_length(tvb), ENC_NA);
+ proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
}
static int
}
if (!pinfo->fd->flags.visited && si->saved && si->saved->extra_info_type == SMB2_EI_FINDPATTERN) {
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " %s Pattern: %s",
+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s Pattern: %s",
val_to_str(si->saved->infolevel, smb2_find_info_levels, "(Level:0x%02x)"),
(const char *)si->saved->extra_info);
- }
g_free(si->saved->extra_info);
si->saved->extra_info_type = SMB2_EI_NONE;
return offset;
}
+static int
+dissect_smb2_negotiate_context(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
+{
+ int start_offset = offset;
+ guint16 type;
+ const gchar *type_str;
+ guint16 data_length;
+ proto_item *sub_item;
+ proto_tree *sub_tree;
+ tvbuff_t *sub_tvb;
+
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_negotiate_context_element, &sub_item, "Negotiate Context");
+
+ /* type */
+ type = tvb_get_letohl(tvb, offset);
+ type_str = val_to_str(type, smb2_negotiate_context_types, "Unknown Type: (0x%0x)");
+ proto_item_append_text(sub_item, ": %s ", type_str);
+ proto_tree_add_item(sub_tree, hf_smb2_negotiate_context_type, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
+
+ /* data length */
+ data_length = tvb_get_letohl(tvb, offset);
+ proto_tree_add_item(sub_tree, hf_smb2_negotiate_context_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
+
+ /* reserved */
+ proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
+ offset += 4;
+
+ /* data */
+ sub_tvb = tvb_new_subset_length(tvb, offset, data_length);
+ offset += data_length;
+
+ proto_item_set_len(sub_item, offset - start_offset);
+
+ /*
+ * TODO: disssect the context data
+ */
+ proto_tree_add_item(sub_tree, hf_smb2_unknown, sub_tvb, 0, data_length, ENC_NA);
+
+ return offset;
+}
+
static int
dissect_smb2_negotiate_protocol_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
guint16 dc;
+ guint16 i;
+ gboolean supports_smb_3_10 = FALSE;
+ guint32 nco;
+ guint16 ncc;
/* buffer code */
offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
/* reserved */
+ proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
offset += 2;
/* capabilities */
proto_tree_add_item(tree, hf_smb2_client_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
offset += 16;
- /* client boot time */
- dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_boot_time);
- offset += 8;
+ /* negotiate context offset */
+ nco = tvb_get_letohl(tvb, offset);
+ proto_tree_add_item(tree, hf_smb2_negotiate_context_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ /* negotiate context count */
+ ncc = tvb_get_letohs(tvb, offset);
+ proto_tree_add_item(tree, hf_smb2_negotiate_context_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
- for ( ; dc>0; dc--) {
+ /* reserved */
+ proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
+ offset += 2;
+
+ for (i = 0 ; i < dc; i++) {
+ guint16 d = tvb_get_letohs(tvb, offset);
proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
+
+ if (d >= 0x310) {
+ supports_smb_3_10 = TRUE;
+ }
+ }
+
+ if (!supports_smb_3_10) {
+ ncc = 0;
+ }
+
+ if (nco != 0) {
+ guint32 tmp = 0x40 + 36 + dc * 2;
+
+ if (nco >= tmp) {
+ offset += nco - tmp;
+ } else {
+ ncc = 0;
+ }
+ }
+
+ for (i = 0; i < ncc; i++) {
+ offset = (offset + 7) & ~7;
+ offset = dissect_smb2_negotiate_context(tvb, pinfo, tree, offset, si);
}
return offset;
dissect_smb2_negotiate_protocol_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
offset_length_buffer_t s_olb;
+ guint16 d;
+ guint16 i;
+ guint32 nco;
+ guint16 ncc;
switch (si->status) {
case 0x00000000: break;
offset++;
/* dialect picked */
+ d = tvb_get_letohs(tvb, offset);
proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
- /* reserved */
+ /* negotiate context count */
+ ncc = tvb_get_letohs(tvb, offset);
+ proto_tree_add_item(tree, hf_smb2_negotiate_context_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
/* server GUID */
/* the security blob itself */
dissect_smb2_olb_buffer(pinfo, tree, tvb, &s_olb, si, dissect_smb2_secblob);
- /* reserved */
+ /* negotiate context offset */
+ nco = tvb_get_letohl(tvb, offset);
+ proto_tree_add_item(tree, hf_smb2_negotiate_context_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
offset = dissect_smb2_olb_tvb_max_offset(offset, &s_olb);
+ if (d < 0x310) {
+ ncc = 0;
+ }
+
+ if (nco != 0) {
+ guint32 tmp = 0x40 + 64 + s_olb.len;
+
+ if (nco >= tmp) {
+ offset += nco - tmp;
+ } else {
+ ncc = 0;
+ }
+ }
+
+ for (i = 0; i < ncc; i++) {
+ offset = (offset + 7) & ~7;
+ offset = dissect_smb2_negotiate_context(tvb, pinfo, tree, offset, si);
+ }
+
return offset;
}
static int
dissect_smb2_getinfo_parameters(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si)
{
- switch (si->saved->class) {
+ switch (si->saved->smb2_class) {
case SMB2_CLASS_FILE_INFO:
switch (si->saved->infolevel) {
default:
- /* we dont handle this infolevel yet */
+ /* we don't handle this infolevel yet */
proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 16, ENC_NA);
- offset += tvb_length_remaining(tvb, offset);
+ offset += tvb_captured_length_remaining(tvb, offset);
}
break;
case SMB2_CLASS_FS_INFO:
switch (si->saved->infolevel) {
default:
- /* we dont handle this infolevel yet */
+ /* we don't handle this infolevel yet */
proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 16, ENC_NA);
- offset += tvb_length_remaining(tvb, offset);
+ offset += tvb_captured_length_remaining(tvb, offset);
}
break;
case SMB2_CLASS_SEC_INFO:
dissect_security_information_mask(tvb, tree, offset+8);
break;
default:
- /* we dont handle this infolevel yet */
+ /* we don't handle this infolevel yet */
proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 16, ENC_NA);
- offset += tvb_length_remaining(tvb, offset);
+ offset += tvb_captured_length_remaining(tvb, offset);
}
break;
default:
- /* we dont handle this class yet */
+ /* we don't handle this class yet */
proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 16, ENC_NA);
- offset += tvb_length_remaining(tvb, offset);
+ offset += tvb_captured_length_remaining(tvb, offset);
}
return offset;
}
static int
dissect_smb2_class_infolevel(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree, smb2_info_t *si)
{
- char cl, il;
- proto_item *item;
- int hfindex;
- static const value_string dummy_value_string[] = {
- { 0, NULL }
- };
- const value_string *vs;
+ guint8 cl, il;
+ proto_item *item;
+ int hfindex;
+ value_string_ext *vsx;
if (si->flags & SMB2_FLAGS_RESPONSE) {
if (!si->saved) {
return offset;
}
- cl = si->saved->class;
+ cl = si->saved->smb2_class;
il = si->saved->infolevel;
} else {
cl = tvb_get_guint8(tvb, offset);
il = tvb_get_guint8(tvb, offset+1);
if (si->saved) {
- si->saved->class = cl;
+ si->saved->smb2_class = cl;
si->saved->infolevel = il;
}
}
switch (cl) {
case SMB2_CLASS_FILE_INFO:
hfindex = hf_smb2_infolevel_file_info;
- vs = smb2_file_info_levels;
+ vsx = &smb2_file_info_levels_ext;
break;
case SMB2_CLASS_FS_INFO:
hfindex = hf_smb2_infolevel_fs_info;
- vs = smb2_fs_info_levels;
+ vsx = &smb2_fs_info_levels_ext;
break;
case SMB2_CLASS_SEC_INFO:
hfindex = hf_smb2_infolevel_sec_info;
- vs = smb2_sec_info_levels;
+ vsx = &smb2_sec_info_levels_ext;
+ break;
+ case SMB2_CLASS_POSIX_INFO:
+ hfindex = hf_smb2_infolevel_posix_info;
+ vsx = &smb2_posix_info_levels_ext;
break;
default:
hfindex = hf_smb2_infolevel;
- vs = dummy_value_string;
+ vsx = NULL; /* allowed arg to val_to_str_ext() */
}
if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
/* Only update COL_INFO for requests. It clutters the
- * display ab bit too much if we do it for replies
+ * display a bit too much if we do it for replies
* as well.
*/
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " %s/%s",
+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s/%s",
val_to_str(cl, smb2_class_vals, "(Class:0x%02x)"),
- val_to_str(il, vs, "(Level:0x%02x)"));
- }
+ val_to_str_ext(il, vsx, "(Level:0x%02x)"));
}
return offset;
}
static int
-dissect_smb2_infolevel(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si, guint8 class, guint8 infolevel)
+dissect_smb2_infolevel(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si, guint8 smb2_class, guint8 infolevel)
{
int old_offset = offset;
- switch (class) {
+ switch (smb2_class) {
case SMB2_CLASS_FILE_INFO:
switch (infolevel) {
case SMB2_FILE_BASIC_INFO:
case SMB2_FILE_POSITION_INFO:
offset = dissect_smb2_file_position_info(tvb, pinfo, tree, offset, si);
break;
- case SMB2_FILE_INFO_0f:
- offset = dissect_smb2_file_info_0f(tvb, pinfo, tree, offset, si);
+ case SMB2_FILE_FULL_EA_INFO:
+ offset = dissect_smb2_file_full_ea_info(tvb, pinfo, tree, offset, si);
break;
case SMB2_FILE_MODE_INFO:
offset = dissect_smb2_file_mode_info(tvb, pinfo, tree, offset, si);
offset = dissect_smb2_file_attribute_tag_info(tvb, pinfo, tree, offset, si);
break;
default:
- /* we dont handle this infolevel yet */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
- offset += tvb_length_remaining(tvb, offset);
+ /* we don't handle this infolevel yet */
+ proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
+ offset += tvb_captured_length_remaining(tvb, offset);
}
break;
case SMB2_CLASS_FS_INFO:
offset = dissect_smb2_FS_OBJECTID_INFO(tvb, pinfo, tree, offset, si);
break;
default:
- /* we dont handle this infolevel yet */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
- offset += tvb_length_remaining(tvb, offset);
+ /* we don't handle this infolevel yet */
+ proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
+ offset += tvb_captured_length_remaining(tvb, offset);
}
break;
case SMB2_CLASS_SEC_INFO:
offset = dissect_smb2_sec_info_00(tvb, pinfo, tree, offset, si);
break;
default:
- /* we dont handle this infolevel yet */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
- offset += tvb_length_remaining(tvb, offset);
+ /* we don't handle this infolevel yet */
+ proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
+ offset += tvb_captured_length_remaining(tvb, offset);
}
break;
default:
- /* we dont handle this class yet */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
- offset += tvb_length_remaining(tvb, offset);
+ /* we don't handle this class yet */
+ proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
+ offset += tvb_captured_length_remaining(tvb, offset);
}
/* if we get BUFFER_OVERFLOW there will be truncated data */
if (si->status == 0x80000005) {
proto_item *item;
- item = proto_tree_add_text(tree, tvb, old_offset, 0, "Truncated...");
+ item = proto_tree_add_item(tree, hf_smb2_truncated, tvb, old_offset, 0, ENC_NA);
PROTO_ITEM_SET_GENERATED(item);
}
return offset;
{
/* data */
if (si->saved) {
- dissect_smb2_infolevel(tvb, pinfo, tree, 0, si, si->saved->class, si->saved->infolevel);
+ dissect_smb2_infolevel(tvb, pinfo, tree, 0, si, si->saved->smb2_class, si->saved->infolevel);
} else {
/* some unknown bytes */
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_length(tvb), ENC_NA);
+ proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
}
}
return offset;
}
+static void
+smb2_set_dcerpc_file_id(packet_info *pinfo, smb2_info_t *si)
+{
+ guint64 persistent;
+
+ if (si == NULL) {
+ return;
+ }
+ if (si->file == NULL) {
+ return;
+ }
+
+ persistent = GPOINTER_TO_UINT(si->file);
+
+ dcerpc_set_transport_salt(persistent, pinfo);
+}
static int
-dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, proto_tree *top_tree)
+dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, proto_tree *top_tree, void *data)
{
tvbuff_t *dcerpc_tvb;
- dcerpc_tvb = tvb_new_subset(tvb, offset, MIN((int)datalen, tvb_length_remaining(tvb, offset)), datalen);
+ heur_dtbl_entry_t *hdtbl_entry;
- /* dissect the full PDU */
- dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, top_tree, NULL);
+ dcerpc_tvb = tvb_new_subset(tvb, offset, MIN((int)datalen, tvb_captured_length_remaining(tvb, offset)), datalen);
+ /* dissect the full PDU */
+ if (dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, top_tree, &hdtbl_entry, data)) {
- offset += datalen;
+ offset += datalen;
+ }
return offset;
}
+#define SMB2_CHANNEL_NONE 0x00000000
+#define SMB2_CHANNEL_RDMA_V1 0x00000001
+#define SMB2_CHANNEL_RDMA_V1_INVALIDATE 0x00000002
+
+static const value_string smb2_channel_vals[] = {
+ { SMB2_CHANNEL_NONE, "None" },
+ { SMB2_CHANNEL_RDMA_V1, "RDMA V1" },
+ { SMB2_CHANNEL_RDMA_V1_INVALIDATE, "RDMA V1_INVALIDATE" },
+ { 0, NULL }
+};
+
+static void
+dissect_smb2_rdma_v1_blob(tvbuff_t *tvb, packet_info *pinfo _U_,
+ proto_tree *parent_tree, smb2_info_t *si _U_)
+{
+ int offset = 0;
+ int len;
+ int i;
+ int num;
+ proto_tree *sub_tree;
+ proto_item *parent_item;
+
+ parent_item = proto_tree_get_parent(parent_tree);
+
+ len = tvb_reported_length(tvb);
+
+ num = len / 16;
+
+ if (parent_item) {
+ proto_item_append_text(parent_item, ": SMBDirect Buffer Descriptor V1: (%d elements)", num);
+ }
+
+ for (i = 0; i < num; i++) {
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, 8, ett_smb2_rdma_v1, NULL, "RDMA V1");
+
+ proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+ }
+}
+
#define SMB2_WRITE_FLAG_WRITE_THROUGH 0x00000001
static int
dissect_smb2_write_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
+ guint16 dataoffset = 0;
+ guint32 data_tvb_len;
+ offset_length_buffer_t c_olb;
+ guint32 channel;
guint32 length;
guint64 off;
static const int *f_fields[] = {
offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
/* data offset */
+ dataoffset=tvb_get_letohs(tvb,offset);
proto_tree_add_item(tree, hf_smb2_data_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
/* offset */
off = tvb_get_letoh64(tvb, offset);
+ if (si->saved) si->saved->file_offset=off;
proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
offset += 8;
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " Len:%d Off:%" G_GINT64_MODIFIER "u", length, off);
- }
+ col_append_fstr(pinfo->cinfo, COL_INFO, " Len:%d Off:%" G_GINT64_MODIFIER "u", length, off);
/* fid */
offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
/* channel */
+ channel = tvb_get_letohl(tvb, offset);
proto_tree_add_item(tree, hf_smb2_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
proto_tree_add_item(tree, hf_smb2_remaining_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
- /* write channel info offset */
- proto_tree_add_item(tree, hf_smb2_channel_info_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- offset += 2;
-
- /* write channel info length */
- proto_tree_add_item(tree, hf_smb2_channel_info_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- offset += 2;
+ /* write channel info blob offset/length */
+ offset = dissect_smb2_olb_length_offset(tvb, offset, &c_olb, OLB_O_UINT16_S_UINT16, hf_smb2_channel_info_blob);
/* flags */
proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_write_flags, ett_smb2_write_flags, f_fields, ENC_LITTLE_ENDIAN);
offset += 4;
+ /* the write channel info blob itself */
+ switch (channel) {
+ case SMB2_CHANNEL_RDMA_V1:
+ case SMB2_CHANNEL_RDMA_V1_INVALIDATE:
+ dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, dissect_smb2_rdma_v1_blob);
+ break;
+ case SMB2_CHANNEL_NONE:
+ default:
+ dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, NULL);
+ break;
+ }
+
/* data or dcerpc ?*/
- if (length && si->tree && si->tree->share_type == SMB2_SHARE_TYPE_PIPE) {
- offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si->top_tree);
- return offset;
+ if (length) {
+ int oldoffset = offset;
+ smb2_set_dcerpc_file_id(pinfo, si);
+ offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si->top_tree, si);
+ if (offset != oldoffset) {
+ /* managed to dissect pipe data */
+ return offset;
+ }
}
/* just ordinary data */
proto_tree_add_item(tree, hf_smb2_write_data, tvb, offset, length, ENC_NA);
- offset += MIN(length,(guint32)tvb_length_remaining(tvb, offset));
+
+ data_tvb_len=(guint32)tvb_captured_length_remaining(tvb, offset);
+
+ offset += MIN(length,(guint32)tvb_captured_length_remaining(tvb, offset));
+
+ offset = dissect_smb2_olb_tvb_max_offset(offset, &c_olb);
+
+ if (have_tap_listener(smb2_eo_tap) && (data_tvb_len == length)) {
+ if (si->saved && si->eo_file_info) { /* without this data we don't know wich file this belongs to */
+ feed_eo_smb2(tvb,pinfo,si,dataoffset,length,off);
+ }
+ }
return offset;
}
}
static void
-dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *top_tree, gboolean data_in _U_)
+dissect_smb2_FSCTL_OFFLOAD_READ(tvbuff_t *tvb,
+ packet_info *pinfo _U_,
+ proto_tree *tree,
+ int offset,
+ proto_tree *top_tree _U_,
+ gboolean in)
+{
+ proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ if (in) {
+ proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_token_ttl, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_fsctl_offload_reserved, tvb, offset, 4, ENC_NA);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_copy_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ /* offset += 8; */
+ } else {
+ proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_transfer_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(tree, hf_smb2_fsctl_offload_token, tvb, offset, 512, ENC_NA);
+ /* offset += 512; */
+ }
+}
+
+static void
+dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *top_tree, gboolean data_in _U_, void *data)
+{
+ dissect_file_data_dcerpc(tvb, pinfo, tree, offset, tvb_captured_length_remaining(tvb, offset), top_tree, data);
+}
+
+static void
+dissect_smb2_FSCTL_PIPE_WAIT(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, proto_tree *top_tree, gboolean data_in _U_)
+{
+ guint8 timeout_specified = tvb_get_guint8(tvb, offset + 12);
+ guint32 name_len = tvb_get_letohs(tvb, offset + 8);
+ const gchar *name;
+ int off = offset + 14;
+ guint16 bc = tvb_captured_length_remaining(tvb, off);
+ int len = name_len;
+
+ /* sanity check */
+ tvb_ensure_bytes_exist(tvb, off, name_len);
+
+ name = get_unicode_or_ascii_string(tvb, &off, TRUE, &len, TRUE, TRUE, &bc);
+ if (name == NULL) {
+ name = "";
+ }
+
+ col_append_fstr(pinfo->cinfo, COL_INFO, " Pipe: %s", name);
+
+ if (top_tree) {
+ proto_tree_add_string(top_tree, hf_smb2_fsctl_pipe_wait_name, tvb, offset + 14, name_len, name);
+ if (timeout_specified) {
+ proto_tree_add_item(top_tree, hf_smb2_fsctl_pipe_wait_timeout, tvb, 0, 8, ENC_LITTLE_ENDIAN);
+ }
+ }
+}
+
+static void
+dissect_smb2_FSCTL_QUERY_FILE_REGIONS(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, int offset _U_, gboolean data_in)
{
- dissect_file_data_dcerpc(tvb, pinfo, tree, offset, tvb_length_remaining(tvb, offset), top_tree);
+
+ if (data_in) {
+ proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(tree, hf_smb2_qfr_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(tree, hf_smb2_qfr_usage, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
+ offset += 4;
+ } else {
+ guint32 entry_count = 0;
+
+ proto_tree_add_item(tree, hf_smb2_qfr_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_qfr_total_region_entry_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item_ret_uint(tree, hf_smb2_qfr_region_entry_count, tvb, offset, 4, ENC_LITTLE_ENDIAN, &entry_count);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
+ offset += 4;
+
+ while (entry_count && tvb_reported_length_remaining(tvb, offset)) {
+ proto_tree *sub_tree;
+ proto_item *sub_item;
+
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, 24, ett_qfr_entry, &sub_item, "Entry");
+
+ proto_tree_add_item(sub_tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(sub_tree, hf_smb2_qfr_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(sub_tree, hf_smb2_qfr_usage, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
+ offset += 4;
+
+ entry_count--;
+ }
+ }
}
static void
proto_tree_add_item(tree, hf_smb2_ioctl_resiliency_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
}
+static void
+dissect_smb2_FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, int offset _U_, gboolean data_in _U_)
+{
+ /* There is no out data */
+ if (!data_in) {
+ return;
+ }
+
+ /* There is nothing to do here ... */
+}
+
static void
dissect_windows_sockaddr_in(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, int len)
{
- proto_item *sub_item = NULL;
- proto_tree *sub_tree = NULL;
- proto_item *parent_item = NULL;
- guint32 addr;
+ proto_item *sub_item;
+ proto_tree *sub_tree;
+ proto_item *parent_item;
if (len == -1) {
len = 16;
}
- if (parent_tree) {
- sub_item = proto_tree_add_text(parent_tree, tvb, offset, len, "Socket Address");
- sub_tree = proto_item_add_subtree(sub_item, ett_windows_sockaddr);
- parent_item = proto_tree_get_parent(parent_tree);
- }
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
+ parent_item = proto_tree_get_parent(parent_tree);
/* family */
proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
/* IPv4 address */
- addr = tvb_get_ipv4(tvb, offset);
- proto_tree_add_ipv4(sub_tree, hf_windows_sockaddr_in_addr, tvb, offset, 4, addr);
- if (sub_item) {
- proto_item_append_text(sub_item, ", IPv4: %s", tvb_ip_to_str(tvb, offset));
- }
- if (parent_item) {
- proto_item_append_text(parent_item, ", IPv4: %s", tvb_ip_to_str(tvb, offset));
- }
+ proto_tree_add_item(sub_tree, hf_windows_sockaddr_in_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+
+ proto_item_append_text(sub_item, ", IPv4: %s", tvb_ip_to_str(tvb, offset));
+ proto_item_append_text(parent_item, ", IPv4: %s", tvb_ip_to_str(tvb, offset));
}
static void
dissect_windows_sockaddr_in6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, int len)
{
- struct e_in6_addr addr;
- proto_item *sub_item = NULL;
- proto_tree *sub_tree = NULL;
- proto_item *parent_item = NULL;
+ proto_item *sub_item;
+ proto_tree *sub_tree;
+ proto_item *parent_item;
if (len == -1) {
len = 16;
}
- if (parent_tree) {
- sub_item = proto_tree_add_text(parent_tree, tvb, offset, len, "Socket Address");
- sub_tree = proto_item_add_subtree(sub_item, ett_windows_sockaddr);
- parent_item = proto_tree_get_parent(parent_tree);
- }
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
+ parent_item = proto_tree_get_parent(parent_tree);
/* family */
proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 4;
/* IPv4 address */
- tvb_get_ipv6(tvb, offset, &addr);
- proto_tree_add_ipv6(sub_tree, hf_windows_sockaddr_in6_addr, tvb, offset, 16, (guint8 *)&addr);
- if (sub_item) {
- proto_item_append_text(sub_item, ", IPv6: %s", tvb_ip6_to_str(tvb, offset));
- }
- if (parent_item) {
- proto_item_append_text(parent_item, ", IPv6: %s", tvb_ip6_to_str(tvb, offset));
- }
+ proto_tree_add_item(sub_tree, hf_windows_sockaddr_in6_addr, tvb, offset, 16, ENC_NA);
+ proto_item_append_text(sub_item, ", IPv6: %s", tvb_ip6_to_str(tvb, offset));
+ proto_item_append_text(parent_item, ", IPv6: %s", tvb_ip6_to_str(tvb, offset));
offset += 16;
/* sin6_scope_id */
dissect_windows_sockaddr_storage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
{
int len = 128;
- proto_item *sub_item = NULL;
- proto_tree *sub_tree = NULL;
- proto_item *parent_item = NULL;
+ proto_item *sub_item;
+ proto_tree *sub_tree;
+ proto_item *parent_item;
guint16 family;
family = tvb_get_letohs(tvb, offset);
switch (family) {
- case 2: /* AF_INET */
+ case WINSOCK_AF_INET:
dissect_windows_sockaddr_in(tvb, pinfo, parent_tree, offset, len);
return;
- case 23: /* AF_INET6 */
+ case WINSOCK_AF_INET6:
dissect_windows_sockaddr_in6(tvb, pinfo, parent_tree, offset, len);
return;
}
- if (parent_tree) {
- sub_item = proto_tree_add_text(parent_tree, tvb, offset, len, "Socket Address");
- sub_tree = proto_item_add_subtree(sub_item, ett_windows_sockaddr);
- parent_item = proto_tree_get_parent(parent_tree);
- }
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
+ parent_item = proto_tree_get_parent(parent_tree);
/* ss_family */
proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- if (sub_item) {
- proto_item_append_text(sub_item, ", Family: %d (0x%04x)", family, family);
- }
- if (parent_item) {
- proto_item_append_text(sub_item, ", Family: %d (0x%04x)", family, family);
- }
+ proto_item_append_text(sub_item, ", Family: %d (0x%04x)", family, family);
+ proto_item_append_text(parent_item, ", Family: %d (0x%04x)", family, family);
/*offset += 2;*/
/* unknown */
}
#define NETWORK_INTERFACE_CAP_RSS 0x00000001
-#define NETWORK_INTERFACE_CAP_RMDA 0x00000002
+#define NETWORK_INTERFACE_CAP_RDMA 0x00000002
static void
dissect_smb2_NETWORK_INTERFACE_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
guint32 next_offset;
int offset = 0;
int len = -1;
- proto_item *sub_item = NULL;
- proto_tree *sub_tree = NULL;
- proto_item *item = NULL;
+ proto_item *sub_item;
+ proto_tree *sub_tree;
+ proto_item *item;
guint32 capabilities;
guint64 link_speed;
gfloat val = 0;
const char *unit = NULL;
+ static const int * capability_flags[] = {
+ &hf_smb2_ioctl_network_interface_capability_rdma,
+ &hf_smb2_ioctl_network_interface_capability_rss,
+ NULL
+ };
next_offset = tvb_get_letohl(tvb, offset);
if (next_offset) {
len = next_offset;
}
- if (parent_tree) {
- sub_item = proto_tree_add_text(parent_tree, tvb, offset, len, "Network Interface");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_ioctl_network_interface);
- }
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_smb2_ioctl_network_interface, &sub_item, "Network Interface");
+ item = proto_tree_get_parent(parent_tree);
/* next offset */
proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
/* capabilities */
capabilities = tvb_get_letohl(tvb, offset);
- proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_capabilities, tvb, offset, 4, ENC_LITTLE_ENDIAN);
- proto_tree_add_boolean(sub_tree, hf_smb2_ioctl_network_interface_capability_rss, tvb, offset, 4, capabilities);
- proto_tree_add_boolean(sub_tree, hf_smb2_ioctl_network_interface_capability_rdma, tvb, offset, 4, capabilities);
+ proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_ioctl_network_interface_capabilities, ett_smb2_ioctl_network_interface_capabilities, capability_flags, ENC_LITTLE_ENDIAN);
+
if (capabilities != 0) {
proto_item_append_text(item, "%s%s",
- (capabilities & NETWORK_INTERFACE_CAP_RSS)?", RSS":"",
- (capabilities & NETWORK_INTERFACE_CAP_RMDA)?", RDMA":"");
- if (sub_item) {
- proto_item_append_text(sub_item, "%s%s",
- (capabilities & NETWORK_INTERFACE_CAP_RSS)?", RSS":"",
- (capabilities & NETWORK_INTERFACE_CAP_RMDA)?", RDMA":"");
- }
+ (capabilities & NETWORK_INTERFACE_CAP_RDMA)?", RDMA":"",
+ (capabilities & NETWORK_INTERFACE_CAP_RSS)?", RSS":"");
+ proto_item_append_text(sub_item, "%s%s",
+ (capabilities & NETWORK_INTERFACE_CAP_RDMA)?", RDMA":"",
+ (capabilities & NETWORK_INTERFACE_CAP_RSS)?", RSS":"");
}
offset += 4;
unit = "";
}
proto_item_append_text(item, ", %.1f %sBits/s", val, unit);
- if (sub_item) {
- proto_item_append_text(sub_item, ", %.1f %sBits/s", val, unit);
- }
+ proto_item_append_text(sub_item, ", %.1f %sBits/s", val, unit);
offset += 8;
if (next_offset) {
tvbuff_t *next_tvb;
- next_tvb = tvb_new_subset(tvb, next_offset,
- tvb_length_remaining(tvb, next_offset),
- tvb_reported_length_remaining(tvb, next_offset));
+ next_tvb = tvb_new_subset_remaining(tvb, next_offset);
/* next extra info */
dissect_smb2_NETWORK_INTERFACE_INFO(next_tvb, pinfo, parent_tree);
int len = 0;
int old_offset = offset;
- bc = tvb_length_remaining(tvb, offset);
+ bc = tvb_captured_length_remaining(tvb, offset);
name = get_unicode_or_ascii_string(tvb, &offset,
TRUE, &len, TRUE, FALSE, &bc);
proto_tree_add_string(tree, hf_smb2_ioctl_shadow_copy_label, tvb, old_offset, len, name);
return offset;
}
+
static int
dissect_smb2_FSCTL_SET_COMPRESSION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
{
return offset;
}
+static int
+dissect_smb2_FSCTL_SET_INTEGRITY_INFORMATION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
+{
+ const int *integrity_flags[] = {
+ &hf_smb2_integrity_flags_enforcement_off,
+ NULL
+ };
+
+ /* There is no out data */
+ if (!data_in) {
+ return offset;
+ }
+
+ proto_tree_add_item(tree, hf_smb2_checksum_algorithm, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
+
+ proto_tree_add_item(tree, hf_smb2_integrity_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
+
+ proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_integrity_flags, ett_smb2_integrity_flags, integrity_flags, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ return offset;
+}
+
static int
dissect_smb2_FSCTL_SET_OBJECT_ID(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
{
}
void
-dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in)
+dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in, void *private_data _U_)
{
guint16 dc;
switch (ioctl_function) {
case 0x00060194: /* FSCTL_DFS_GET_REFERRALS */
if (data_in) {
- dissect_get_dfs_request_data(tvb, pinfo, tree, 0, &dc);
+ dissect_get_dfs_request_data(tvb, pinfo, tree, 0, &dc, TRUE);
} else {
- dissect_get_dfs_referral_data(tvb, pinfo, tree, 0, &dc);
+ dissect_get_dfs_referral_data(tvb, pinfo, tree, 0, &dc, TRUE);
}
break;
- case 0x0011c017:
- dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvb, pinfo, tree, 0, top_tree, data_in);
+ case 0x00094264: /* FSCTL_OFFLOAD_READ */
+ dissect_smb2_FSCTL_OFFLOAD_READ(tvb, pinfo, tree, 0, top_tree, data_in);
+ break;
+ case 0x0011c017: /* FSCTL_PIPE_TRANSCEIVE */
+ dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvb, pinfo, tree, 0, top_tree, data_in, private_data);
+ break;
+ case 0x00110018: /* FSCTL_PIPE_WAIT */
+ dissect_smb2_FSCTL_PIPE_WAIT(tvb, pinfo, tree, 0, top_tree, data_in);
break;
case 0x001401D4: /* FSCTL_LMR_REQUEST_RESILIENCY */
dissect_smb2_FSCTL_LMR_REQUEST_RESILIENCY(tvb, pinfo, tree, 0, data_in);
case 0x0009003C: /* FSCTL_GET_COMPRESSION */
dissect_smb2_FSCTL_GET_COMPRESSION(tvb, pinfo, tree, 0, data_in);
break;
+ case 0x00090300: /* FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT */
+ if (!data_in)
+ dissect_smb2_FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT(tvb, pinfo, tree, 0, dc);
+ break;
+ case 0x00090304: /* FSCTL_SVHDX_SYNC_TUNNEL or response */
+ call_dissector_with_data(rsvd_handle, tvb, pinfo, top_tree, &data_in);
+ break;
case 0x0009C040: /* FSCTL_SET_COMPRESSION */
dissect_smb2_FSCTL_SET_COMPRESSION(tvb, pinfo, tree, 0, data_in);
break;
+ case 0x00090284: /* FSCTL_QUERY_FILE_REGIONS */
+ dissect_smb2_FSCTL_QUERY_FILE_REGIONS(tvb, pinfo, tree, 0, data_in);
+ break;
+ case 0x0009C280: /* FSCTL_SET_INTEGRITY_INFORMATION request or response */
+ dissect_smb2_FSCTL_SET_INTEGRITY_INFORMATION(tvb, pinfo, tree, 0, data_in);
+ break;
default:
- proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_length(tvb), ENC_NA);
+ proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
}
}
static void
dissect_smb2_ioctl_data_in(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
- dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, TRUE);
+ smb2_set_dcerpc_file_id(pinfo, si);
+ dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, TRUE, si);
}
static void
dissect_smb2_ioctl_data_out(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
- dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, FALSE);
+ smb2_set_dcerpc_file_id(pinfo, si);
+ dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, FALSE, si);
}
static int
static int
dissect_smb2_read_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
+ offset_length_buffer_t c_olb;
+ guint32 channel;
guint32 len;
guint64 off;
proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
offset += 8;
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " Len:%d Off:%" G_GINT64_MODIFIER "u", len, off);
- }
+ col_append_fstr(pinfo->cinfo, COL_INFO, " Len:%d Off:%" G_GINT64_MODIFIER "u", len, off);
/* fid */
offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);
/* minimum count */
proto_tree_add_item(tree, hf_smb2_min_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
/* channel */
+ channel = tvb_get_letohl(tvb, offset);
proto_tree_add_item(tree, hf_smb2_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
proto_tree_add_item(tree, hf_smb2_remaining_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
- /* channel info offset */
- proto_tree_add_item(tree, hf_smb2_channel_info_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- offset += 2;
+ /* read channel info blob offset/length */
+ offset = dissect_smb2_olb_length_offset(tvb, offset, &c_olb, OLB_O_UINT16_S_UINT16, hf_smb2_channel_info_blob);
- /* channel info length */
- proto_tree_add_item(tree, hf_smb2_channel_info_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- offset += 2;
+ /* the read channel info blob itself */
+ switch (channel) {
+ case SMB2_CHANNEL_RDMA_V1:
+ dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, dissect_smb2_rdma_v1_blob);
+ break;
+ case SMB2_CHANNEL_NONE:
+ default:
+ dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, NULL);
+ break;
+ }
- /* there is a buffer here but it is never used (yet) */
+ offset = dissect_smb2_olb_tvb_max_offset(offset, &c_olb);
+
+ /* Store len and offset */
+ if (si->saved) {
+ si->saved->file_offset=off;
+ si->saved->bytes_moved=len;
+ }
return offset;
}
static int
dissect_smb2_read_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
+ guint16 dataoffset = 0;
+ guint32 data_tvb_len;
guint32 length;
-
switch (si->status) {
case 0x00000000: break;
default: return dissect_smb2_error_response(tvb, pinfo, tree, offset, si);
offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
/* data offset */
+ dataoffset=tvb_get_letohl(tvb,offset);
proto_tree_add_item(tree, hf_smb2_data_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
/* reserved */
offset += 4;
- /* data or dcerpc ?
- * If the pidvalid flag is set we assume it is a deferred
- * STATUS_PENDING read and thus a named pipe (==dcerpc)
- */
- if (length && ( (si->tree && si->tree->share_type == SMB2_SHARE_TYPE_PIPE)||(si->flags & SMB2_FLAGS_ASYNC_CMD))) {
- offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si->top_tree);
- return offset;
+ /* data or dcerpc ?*/
+ if (length) {
+ int oldoffset = offset;
+ smb2_set_dcerpc_file_id(pinfo, si);
+ offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si->top_tree, si);
+ if (offset != oldoffset) {
+ /* managed to dissect pipe data */
+ return offset;
+ }
}
/* data */
proto_tree_add_item(tree, hf_smb2_read_data, tvb, offset, length, ENC_NA);
- offset += MIN(length,(guint32)tvb_length_remaining(tvb, offset));
+
+ data_tvb_len=(guint32)tvb_captured_length_remaining(tvb, offset);
+
+ offset += MIN(length,data_tvb_len);
+
+ if (have_tap_listener(smb2_eo_tap) && (data_tvb_len == length)) {
+ if (si->saved && si->eo_file_info) { /* without this data we don't know wich file this belongs to */
+ feed_eo_smb2(tvb,pinfo,si,dataoffset,length,si->saved->file_offset);
+ }
+ }
return offset;
}
static void
-report_create_context_malformed_buffer(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, const char *buffer_desc)
+report_create_context_malformed_buffer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const char *buffer_desc)
{
- proto_tree_add_text(tree, tvb, 0, tvb_length_remaining(tvb, 0),
- "%s SHOULD NOT be generated. Malformed packet", buffer_desc);
+ proto_tree_add_expert_format(tree, pinfo, &ei_smb2_bad_response, tvb, 0, -1,
+ "%s SHOULD NOT be generated", buffer_desc);
}
static void
dissect_smb2_ExtA_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
proto_item *item = NULL;
if (tree) {
item = proto_tree_get_parent(tree);
- proto_item_append_text(item, ": SMB2_FILE_INFO_0f");
+ proto_item_append_text(item, ": SMB2_FILE_FULL_EA_INFO");
}
- dissect_smb2_file_info_0f(tvb, pinfo, tree, 0, si);
+ dissect_smb2_file_full_ea_info(tvb, pinfo, tree, 0, si);
}
static void
}
if (item) {
- if (tvb_length(tvb) == 0) {
+ if (tvb_reported_length(tvb) == 0) {
proto_item_append_text(item, ": NO DATA");
} else {
proto_item_append_text(item, ": QFid request should have no data, malformed packet");
dissect_smb2_QFid_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
int offset = 0;
- proto_item *item = NULL;
- proto_item *sub_item = NULL;
- proto_item *sub_tree = NULL;
+ proto_item *item;
+ proto_item *sub_tree;
- if (tree) {
- item = proto_tree_get_parent(tree);
- }
+ item = proto_tree_get_parent(tree);
- if (item) {
- proto_item_append_text(item, ": QFid INFO");
- sub_item = proto_tree_add_text(tree, tvb, offset, -1, "QFid INFO");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_QFid_buffer);
- }
+ proto_item_append_text(item, ": QFid INFO");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_QFid_buffer, NULL, "QFid INFO");
proto_tree_add_item(sub_tree, hf_smb2_qfid_fid, tvb, offset, 32, ENC_NA);
}
NULL
};
int offset = 0;
- proto_item *item = NULL;
- proto_item *sub_item = NULL;
- proto_item *sub_tree = NULL;
+ proto_item *item;
+ proto_item *sub_tree;
- if (tree) {
- item = proto_tree_get_parent(tree);
- }
+ item = proto_tree_get_parent(tree);
- if (item) {
- proto_item_append_text(item, ": DH2Q Request");
- sub_item = proto_tree_add_text(tree, tvb, offset, -1, "DH2Q Request");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_DH2Q_buffer);
- }
+ proto_item_append_text(item, ": DH2Q Request");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2Q_buffer, NULL, "DH2Q Request");
/* timeout */
proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_timeout, tvb, offset, 4, ENC_LITTLE_ENDIAN);
dissect_smb2_DH2Q_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
int offset = 0;
- proto_item *item = NULL;
- proto_item *sub_item = NULL;
- proto_item *sub_tree = NULL;
+ proto_item *item;
+ proto_item *sub_tree;
- if (tree) {
- item = proto_tree_get_parent(tree);
- }
+ item = proto_tree_get_parent(tree);
- if (item) {
- proto_item_append_text(item, ": DH2Q Response");
- sub_item = proto_tree_add_text(tree, tvb, offset, -1, "DH2Q Response");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_DH2Q_buffer);
- }
+ proto_item_append_text(item, ": DH2Q Response");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2Q_buffer, NULL, "DH2Q Response");
/* timeout */
proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_timeout, tvb, offset, 4, ENC_LITTLE_ENDIAN);
dissect_smb2_DH2C_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
int offset = 0;
- proto_item *item = NULL;
- proto_item *sub_item = NULL;
- proto_item *sub_tree = NULL;
+ proto_item *item;
+ proto_item *sub_tree;
- if (tree) {
- item = proto_tree_get_parent(tree);
- }
+ item = proto_tree_get_parent(tree);
- if (item) {
- proto_item_append_text(item, ": DH2C Request");
- sub_item = proto_tree_add_text(tree, tvb, offset, -1, "DH2C Request");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_DH2C_buffer);
- }
+ proto_item_append_text(item, ": DH2C Request");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2C_buffer, NULL, "DH2C Request");
/* file id */
dissect_smb2_fid(tvb, pinfo, sub_tree, offset, si, FID_MODE_DHNC);
item = proto_tree_get_parent(tree);
}
- if (tvb_length(tvb) == 0) {
+ if (tvb_reported_length(tvb) == 0) {
if (item) {
proto_item_append_text(item, ": NO DATA");
}
dissect_smb2_MxAc_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
int offset = 0;
- proto_item *item = NULL;
- proto_item *sub_item = NULL;
- proto_tree *sub_tree = NULL;
+ proto_item *item;
+ proto_tree *sub_tree;
- if (tree) {
- item = proto_tree_get_parent(tree);
- }
+ item = proto_tree_get_parent(tree);
- if (tvb_length(tvb) == 0) {
- if (item) {
- proto_item_append_text(item, ": NO DATA");
- }
+ if (tvb_reported_length(tvb) == 0) {
+ proto_item_append_text(item, ": NO DATA");
return;
}
- if (item) {
- proto_item_append_text(item, ": MxAc INFO");
- sub_item = proto_tree_add_text(tree, tvb, offset, -1, "MxAc INFO");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_MxAc_buffer);
- }
+ proto_item_append_text(item, ": MxAc INFO");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_MxAc_buffer, NULL, "MxAc INFO");
proto_tree_add_item(sub_tree, hf_smb2_mxac_status, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
* 4 - lease state
* 4 - lease flags
* 8 - lease duration
- * 16 - pareant lease key
- * 4 - epoch
+ * 16 - parent lease key
+ * 2 - epoch
+ * 2 - reserved
*/
#define SMB2_LEASE_STATE_READ_CACHING 0x00000001
#define SMB2_LEASE_STATE_HANDLE_CACHING 0x00000002
{
int offset = 0;
int len;
- proto_item *sub_item = NULL;
proto_tree *sub_tree = NULL;
- proto_item *parent_item = NULL;
+ proto_item *parent_item;
- if (parent_tree) {
- parent_item = proto_tree_get_parent(parent_tree);
- }
+ parent_item = proto_tree_get_parent(parent_tree);
- len = tvb_length(tvb);
+ len = tvb_reported_length(tvb);
switch (len) {
case 32: /* SMB2_CREATE_REQUEST/RESPONSE_LEASE */
- if (parent_item) {
- proto_item_append_text(parent_item, ": LEASE_V1");
- sub_item = proto_tree_add_text(parent_tree, tvb, offset, len, "LEASE_V1");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_RqLs_buffer);
- }
-
+ proto_item_append_text(parent_item, ": LEASE_V1");
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_RqLs_buffer, NULL, "LEASE_V1");
break;
case 52: /* SMB2_CREATE_REQUEST/RESPONSE_LEASE_V2 */
- if (parent_item) {
- proto_item_append_text(parent_item, ": LEASE_V2");
- sub_item = proto_tree_add_text(parent_tree, tvb, offset, len, "LEASE_V2");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_RqLs_buffer);
- }
-
+ proto_item_append_text(parent_item, ": LEASE_V2");
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_RqLs_buffer, NULL, "LEASE_V2");
break;
default:
report_create_context_malformed_buffer(tvb, pinfo, parent_tree, "RqLs");
proto_tree_add_item(sub_tree, hf_smb2_parent_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
offset += 16;
- proto_tree_add_item(sub_tree, hf_smb2_lease_epoch, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(sub_tree, hf_smb2_lease_epoch, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
+
+ proto_tree_add_item(sub_tree, hf_smb2_lease_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
}
static void
dissect_smb2_APP_INSTANCE_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
int offset = 0;
- proto_item *item = NULL;
- proto_item *sub_item = NULL;
- proto_item *sub_tree = NULL;
+ proto_item *item;
+ proto_item *sub_tree;
- if (tree) {
- item = proto_tree_get_parent(tree);
- }
+ item = proto_tree_get_parent(tree);
- if (item) {
- proto_item_append_text(item, ": APP INSTANCE ID");
- sub_item = proto_tree_add_text(tree, tvb, offset, -1, "APP INSTANCE ID");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_APP_INSTANCE_buffer);
- }
+ proto_item_append_text(item, ": CREATE APP INSTANCE ID");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_APP_INSTANCE_buffer, NULL, "APP INSTANCE ID");
/* struct size */
proto_tree_add_item(sub_tree, hf_smb2_APP_INSTANCE_buffer_struct_size,
report_create_context_malformed_buffer(tvb, pinfo, tree, "APP INSTANCE Response");
}
+/*
+ * Dissect the MS-RSVD stuff that turns up when HyperV uses SMB3.x
+ */
+static void
+dissect_smb2_svhdx_open_device_context_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
+{
+ int offset = 0;
+ proto_item *item;
+ proto_item *sub_tree;
+
+ item = proto_tree_get_parent(tree);
+
+ proto_item_append_text(item, ": SVHDX OPEN DEVICE CONTEXT");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_svhdx_open_device_context, NULL, "SVHDX OPEN DEVICE CONTEXT");
+
+ /* Version */
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_version,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ /* HasInitiatorId */
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_has_initiator_id,
+ tvb, offset, 1, ENC_LITTLE_ENDIAN);
+ offset += 1;
+
+ /* Reserved */
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_reserved,
+ tvb, offset, 3, ENC_NA);
+ offset += 3;
+
+ /* InitiatorId */
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_id,
+ tvb, offset, 16, ENC_NA);
+ offset += 16;
+
+ /* Flags TODO: Dissect these*/
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_flags,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ /* OriginatorFlags */
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_originator_flags,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ /* OpenRequestId */
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_open_request_id,
+ tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ /* InitiatorHostNameLength */
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_host_name_len,
+ tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
+
+ /* InitiatorHostName */
+ proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_host_name,
+ tvb, offset, 126, ENC_ASCII | ENC_NA);
+}
+
+static void
+dissect_smb2_svhdx_open_device_context_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
+{
+ report_create_context_malformed_buffer(tvb, pinfo, tree, "SHVXD OPEN DEVICE CONTEXT Response");
+}
+
+static const int *posix_flags_fields[] = {
+ &hf_smb2_posix_v1_case_sensitive,
+ &hf_smb2_posix_v1_posix_lock,
+ &hf_smb2_posix_v1_posix_file_semantics,
+ &hf_smb2_posix_v1_posix_utf8_paths,
+ &hf_smb2_posix_v1_posix_will_convert_nt_acls,
+ &hf_smb2_posix_v1_posix_fileinfo,
+ &hf_smb2_posix_v1_posix_acls,
+ &hf_smb2_posix_v1_rich_acls,
+ NULL
+};
+
+static void
+dissect_smb2_posix_v1_caps_request(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
+{
+ int offset = 0;
+ proto_item *item;
+ proto_item *sub_tree;
+
+ item = proto_tree_get_parent(tree);
+
+ proto_item_append_text(item, ": POSIX V1 CAPS request");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_posix_v1_request, NULL, "POSIX_V1_REQUEST");
+
+ /* Version */
+ proto_tree_add_item(sub_tree, hf_smb2_posix_v1_version,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ /* Request */
+ proto_tree_add_item(sub_tree, hf_smb2_posix_v1_request,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN);
+}
+
+static void
+dissect_smb2_posix_v1_caps_response(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
+{
+ int offset = 0;
+ proto_item *item;
+ proto_item *sub_tree;
+
+ item = proto_tree_get_parent(tree);
+
+ proto_item_append_text(item, ": POSIX V1 CAPS response");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_posix_v1_response, NULL, "POSIX_V1_RESPONSE");
+
+ /* Version */
+ proto_tree_add_item(sub_tree, hf_smb2_posix_v1_version,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ /* Supported Features */
+ proto_tree_add_bitmask(sub_tree, tvb, offset,
+ hf_smb2_posix_v1_supported_features,
+ ett_smb2_posix_v1_supported_features,
+ posix_flags_fields, ENC_LITTLE_ENDIAN);
+
+}
+
typedef void (*create_context_data_dissector_t)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si);
typedef struct create_context_data_dissectors {
{ dissect_smb2_RqLs_buffer_request, dissect_smb2_RqLs_buffer_response } },
{ "744D142E-46FA-0890-4AF7-A7EF6AA6BC45", "SMB2_CREATE_APP_INSTANCE_ID",
{ dissect_smb2_APP_INSTANCE_buffer_request,
- dissect_smb2_APP_INSTANCE_buffer_response } }
+ dissect_smb2_APP_INSTANCE_buffer_response } },
+ { "6aa6bc45-a7ef-4af7-9008-fa462e144d74", "SMB2_CREATE_APP_INSTANCE_ID",
+ { dissect_smb2_APP_INSTANCE_buffer_request,
+ dissect_smb2_APP_INSTANCE_buffer_response } },
+ { "9ecfcb9c-c104-43e6-980e-158da1f6ec83", "SVHDX_OPEN_DEVICE_CONTEXT",
+ { dissect_smb2_svhdx_open_device_context_request,
+ dissect_smb2_svhdx_open_device_context_response} },
+ { "34263501-2921-4912-2586-447794114531", "SMB2_POSIX_V1_CAPS",
+ { dissect_smb2_posix_v1_caps_request,
+ dissect_smb2_posix_v1_caps_response } }
};
static struct create_context_data_tag_dissectors*
};
size_t i;
+
for (i = 0; i<array_length(create_context_dissectors_array); i++) {
if (!strcmp(tag, create_context_dissectors_array[i].tag))
return &create_context_dissectors_array[i];
guint16 chain_offset;
int offset = 0;
int len = -1;
- proto_item *sub_item = NULL;
- proto_tree *sub_tree = NULL;
+ proto_item *sub_item;
+ proto_tree *sub_tree;
proto_item *parent_item = NULL;
create_context_data_dissectors_t *dissectors = NULL;
create_context_data_dissector_t dissector = NULL;
len = chain_offset;
}
- if (parent_tree) {
- sub_item = proto_tree_add_text(parent_tree, tvb, offset, len, "Chain Element");
- sub_tree = proto_item_add_subtree(sub_item, ett_smb2_create_chain_element);
- parent_item = proto_tree_get_parent(parent_tree);
- }
+ sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_smb2_create_chain_element, &sub_item, "Chain Element");
+ parent_item = proto_tree_get_parent(parent_tree);
/* chain offset */
proto_tree_add_item(sub_tree, hf_smb2_create_chain_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
/* data offset/length */
dissect_smb2_olb_length_offset(tvb, offset, &data_olb, OLB_O_UINT16_S_UINT32, hf_smb2_create_chain_data);
- /* tag string */
- tag = dissect_smb2_olb_string(pinfo, sub_tree, tvb, &tag_olb, OLB_TYPE_ASCII_STRING);
+ /*
+ * These things are all either 4-char strings, like DH2C, or GUIDs,
+ * however, at least one of them appears to be a GUID as a string and
+ * one appears to be a binary guid. So, check if the the length is
+ * 16, and if so, pull the GUID and convert it to a string. Otherwise
+ * call dissect_smb2_olb_string.
+ */
+ if (tag_olb.len == 16) {
+ e_guid_t tag_guid;
+ proto_item *tag_item;
+ proto_tree *tag_tree;
+
+ tvb_get_letohguid(tvb, tag_olb.off, &tag_guid);
+ tag = guid_to_str(wmem_packet_scope(), &tag_guid);
+
+ tag_item = proto_tree_add_string(sub_tree, tag_olb.hfindex, tvb, tag_olb.off, tag_olb.len, tag);
+ tag_tree = proto_item_add_subtree(tag_item, ett_smb2_olb);
+ proto_tree_add_item(tag_tree, hf_smb2_olb_offset, tvb, tag_olb.off_offset, 2, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tag_tree, hf_smb2_olb_length, tvb, tag_olb.len_offset, 2, ENC_LITTLE_ENDIAN);
+
+ } else {
+ /* tag string */
+ tag = dissect_smb2_olb_string(pinfo, sub_tree, tvb, &tag_olb, OLB_TYPE_ASCII_STRING);
+ }
tag_dissectors = get_create_context_data_tag_dissectors(tag);
- proto_item_append_text(parent_item, " %s", tag);
+ proto_item_append_text(parent_item, " %s", tag_dissectors->val);
proto_item_append_text(sub_item, ": %s \"%s\"", tag_dissectors->val, tag);
/* data */
if (chain_offset) {
tvbuff_t *chain_tvb;
- chain_tvb = tvb_new_subset(tvb, chain_offset, tvb_length_remaining(tvb, chain_offset), tvb_reported_length_remaining(tvb, chain_offset));
+ chain_tvb = tvb_new_subset_remaining(tvb, chain_offset);
/* next extra info */
dissect_smb2_create_extra_info(chain_tvb, pinfo, parent_tree, si);
/* filename string */
fname = dissect_smb2_olb_string(pinfo, tree, tvb, &f_olb, OLB_TYPE_UNICODE_STRING);
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, " File: %s", fname);
- }
+ col_append_fstr(pinfo->cinfo, COL_INFO, " File: %s", fname);
/* save the name if it looks sane */
if (!pinfo->fd->flags.visited) {
}
if (si->saved && f_olb.len && f_olb.len<256) {
si->saved->extra_info_type = SMB2_EI_FILENAME;
- si->saved->extra_info = g_malloc(f_olb.len+1);
- g_snprintf(si->saved->extra_info, f_olb.len+1, "%s", fname);
+ si->saved->extra_info = (gchar *)g_malloc(f_olb.len+1);
+ g_snprintf((gchar *)si->saved->extra_info, f_olb.len+1, "%s", fname);
}
}
static int
dissect_smb2_create_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
+ guint64 end_of_file;
+ guint32 attr_mask;
offset_length_buffer_t e_olb;
static const int *create_rep_flags_fields[] = {
&hf_smb2_create_rep_flags_reparse_point,
offset += 8;
/* end of file */
+ end_of_file = tvb_get_letoh64(tvb, offset);
+ if (si->eo_file_info) {
+ si->eo_file_info->end_of_file = tvb_get_letoh64(tvb, offset);
+ }
proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
offset += 8;
/* File Attributes */
+ attr_mask=tvb_get_letohl(tvb, offset);
offset = dissect_file_ext_attr(tvb, tree, offset);
/* reserved */
/* fid */
offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_OPEN);
+ /* We save this after dissect_smb2_fid just because it would be
+ possible to have this response without having the mathing request.
+ In that case the entry in the file info hash table has been created
+ in dissect_smb2_fid */
+ if (si->eo_file_info) {
+ si->eo_file_info->end_of_file = end_of_file;
+ si->eo_file_info->attr_mask = attr_mask;
+ }
+
/* extrainfo offset */
offset = dissect_smb2_olb_length_offset(tvb, offset, &e_olb, OLB_O_UINT32_S_UINT32, hf_smb2_extrainfo);
offset = dissect_smb2_olb_tvb_max_offset(offset, &e_olb);
- /* free si->saved->extra_info we dont need it any more */
+ /* free si->saved->extra_info we don't need it any more */
if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
g_free(si->saved->extra_info);
si->saved->extra_info = NULL;
/* data */
if (si->saved)
- dissect_smb2_infolevel(tvb, pinfo, tree, setinfo_offset, si, si->saved->class, si->saved->infolevel);
+ dissect_smb2_infolevel(tvb, pinfo, tree, setinfo_offset, si, si->saved->smb2_class, si->saved->infolevel);
offset = setinfo_offset + setinfo_size;
return offset;
/* Lease Break Notification */
- /* reserved */
- proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
- offset +=2;
+ /* new lease epoch */
+ proto_tree_add_item(tree, hf_smb2_lease_epoch, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ offset += 2;
/* lease flags */
proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_flags,
/* names here are just until we find better names for these functions */
static const value_string smb2_cmd_vals[] = {
- { 0x00, "Negotiate Protocol" },
- { 0x01, "Session Setup" },
- { 0x02, "Session Logoff" },
- { 0x03, "Tree Connect" },
- { 0x04, "Tree Disconnect" },
- { 0x05, "Create" },
- { 0x06, "Close" },
- { 0x07, "Flush" },
- { 0x08, "Read" },
- { 0x09, "Write" },
- { 0x0A, "Lock" },
- { 0x0B, "Ioctl" },
- { 0x0C, "Cancel" },
- { 0x0D, "KeepAlive" },
- { 0x0E, "Find" },
- { 0x0F, "Notify" },
- { 0x10, "GetInfo" },
- { 0x11, "SetInfo" },
- { 0x12, "Break" },
- { 0x13, "unknown-0x13" },
- { 0x14, "unknown-0x14" },
- { 0x15, "unknown-0x15" },
- { 0x16, "unknown-0x16" },
- { 0x17, "unknown-0x17" },
- { 0x18, "unknown-0x18" },
- { 0x19, "unknown-0x19" },
- { 0x1A, "unknown-0x1A" },
- { 0x1B, "unknown-0x1B" },
- { 0x1C, "unknown-0x1C" },
- { 0x1D, "unknown-0x1D" },
- { 0x1E, "unknown-0x1E" },
- { 0x1F, "unknown-0x1F" },
- { 0x20, "unknown-0x20" },
- { 0x21, "unknown-0x21" },
- { 0x22, "unknown-0x22" },
- { 0x23, "unknown-0x23" },
- { 0x24, "unknown-0x24" },
- { 0x25, "unknown-0x25" },
- { 0x26, "unknown-0x26" },
- { 0x27, "unknown-0x27" },
- { 0x28, "unknown-0x28" },
- { 0x29, "unknown-0x29" },
- { 0x2A, "unknown-0x2A" },
- { 0x2B, "unknown-0x2B" },
- { 0x2C, "unknown-0x2C" },
- { 0x2D, "unknown-0x2D" },
- { 0x2E, "unknown-0x2E" },
- { 0x2F, "unknown-0x2F" },
- { 0x30, "unknown-0x30" },
- { 0x31, "unknown-0x31" },
- { 0x32, "unknown-0x32" },
- { 0x33, "unknown-0x33" },
- { 0x34, "unknown-0x34" },
- { 0x35, "unknown-0x35" },
- { 0x36, "unknown-0x36" },
- { 0x37, "unknown-0x37" },
- { 0x38, "unknown-0x38" },
- { 0x39, "unknown-0x39" },
- { 0x3A, "unknown-0x3A" },
- { 0x3B, "unknown-0x3B" },
- { 0x3C, "unknown-0x3C" },
- { 0x3D, "unknown-0x3D" },
- { 0x3E, "unknown-0x3E" },
- { 0x3F, "unknown-0x3F" },
- { 0x40, "unknown-0x40" },
- { 0x41, "unknown-0x41" },
- { 0x42, "unknown-0x42" },
- { 0x43, "unknown-0x43" },
- { 0x44, "unknown-0x44" },
- { 0x45, "unknown-0x45" },
- { 0x46, "unknown-0x46" },
- { 0x47, "unknown-0x47" },
- { 0x48, "unknown-0x48" },
- { 0x49, "unknown-0x49" },
- { 0x4A, "unknown-0x4A" },
- { 0x4B, "unknown-0x4B" },
- { 0x4C, "unknown-0x4C" },
- { 0x4D, "unknown-0x4D" },
- { 0x4E, "unknown-0x4E" },
- { 0x4F, "unknown-0x4F" },
- { 0x50, "unknown-0x50" },
- { 0x51, "unknown-0x51" },
- { 0x52, "unknown-0x52" },
- { 0x53, "unknown-0x53" },
- { 0x54, "unknown-0x54" },
- { 0x55, "unknown-0x55" },
- { 0x56, "unknown-0x56" },
- { 0x57, "unknown-0x57" },
- { 0x58, "unknown-0x58" },
- { 0x59, "unknown-0x59" },
- { 0x5A, "unknown-0x5A" },
- { 0x5B, "unknown-0x5B" },
- { 0x5C, "unknown-0x5C" },
- { 0x5D, "unknown-0x5D" },
- { 0x5E, "unknown-0x5E" },
- { 0x5F, "unknown-0x5F" },
- { 0x60, "unknown-0x60" },
- { 0x61, "unknown-0x61" },
- { 0x62, "unknown-0x62" },
- { 0x63, "unknown-0x63" },
- { 0x64, "unknown-0x64" },
- { 0x65, "unknown-0x65" },
- { 0x66, "unknown-0x66" },
- { 0x67, "unknown-0x67" },
- { 0x68, "unknown-0x68" },
- { 0x69, "unknown-0x69" },
- { 0x6A, "unknown-0x6A" },
- { 0x6B, "unknown-0x6B" },
- { 0x6C, "unknown-0x6C" },
- { 0x6D, "unknown-0x6D" },
- { 0x6E, "unknown-0x6E" },
- { 0x6F, "unknown-0x6F" },
- { 0x70, "unknown-0x70" },
- { 0x71, "unknown-0x71" },
- { 0x72, "unknown-0x72" },
- { 0x73, "unknown-0x73" },
- { 0x74, "unknown-0x74" },
- { 0x75, "unknown-0x75" },
- { 0x76, "unknown-0x76" },
- { 0x77, "unknown-0x77" },
- { 0x78, "unknown-0x78" },
- { 0x79, "unknown-0x79" },
- { 0x7A, "unknown-0x7A" },
- { 0x7B, "unknown-0x7B" },
- { 0x7C, "unknown-0x7C" },
- { 0x7D, "unknown-0x7D" },
- { 0x7E, "unknown-0x7E" },
- { 0x7F, "unknown-0x7F" },
- { 0x80, "unknown-0x80" },
- { 0x81, "unknown-0x81" },
- { 0x82, "unknown-0x82" },
- { 0x83, "unknown-0x83" },
- { 0x84, "unknown-0x84" },
- { 0x85, "unknown-0x85" },
- { 0x86, "unknown-0x86" },
- { 0x87, "unknown-0x87" },
- { 0x88, "unknown-0x88" },
- { 0x89, "unknown-0x89" },
- { 0x8A, "unknown-0x8A" },
- { 0x8B, "unknown-0x8B" },
- { 0x8C, "unknown-0x8C" },
- { 0x8D, "unknown-0x8D" },
- { 0x8E, "unknown-0x8E" },
- { 0x8F, "unknown-0x8F" },
- { 0x90, "unknown-0x90" },
- { 0x91, "unknown-0x91" },
- { 0x92, "unknown-0x92" },
- { 0x93, "unknown-0x93" },
- { 0x94, "unknown-0x94" },
- { 0x95, "unknown-0x95" },
- { 0x96, "unknown-0x96" },
- { 0x97, "unknown-0x97" },
- { 0x98, "unknown-0x98" },
- { 0x99, "unknown-0x99" },
- { 0x9A, "unknown-0x9A" },
- { 0x9B, "unknown-0x9B" },
- { 0x9C, "unknown-0x9C" },
- { 0x9D, "unknown-0x9D" },
- { 0x9E, "unknown-0x9E" },
- { 0x9F, "unknown-0x9F" },
- { 0xA0, "unknown-0xA0" },
- { 0xA1, "unknown-0xA1" },
- { 0xA2, "unknown-0xA2" },
- { 0xA3, "unknown-0xA3" },
- { 0xA4, "unknown-0xA4" },
- { 0xA5, "unknown-0xA5" },
- { 0xA6, "unknown-0xA6" },
- { 0xA7, "unknown-0xA7" },
- { 0xA8, "unknown-0xA8" },
- { 0xA9, "unknown-0xA9" },
- { 0xAA, "unknown-0xAA" },
- { 0xAB, "unknown-0xAB" },
- { 0xAC, "unknown-0xAC" },
- { 0xAD, "unknown-0xAD" },
- { 0xAE, "unknown-0xAE" },
- { 0xAF, "unknown-0xAF" },
- { 0xB0, "unknown-0xB0" },
- { 0xB1, "unknown-0xB1" },
- { 0xB2, "unknown-0xB2" },
- { 0xB3, "unknown-0xB3" },
- { 0xB4, "unknown-0xB4" },
- { 0xB5, "unknown-0xB5" },
- { 0xB6, "unknown-0xB6" },
- { 0xB7, "unknown-0xB7" },
- { 0xB8, "unknown-0xB8" },
- { 0xB9, "unknown-0xB9" },
- { 0xBA, "unknown-0xBA" },
- { 0xBB, "unknown-0xBB" },
- { 0xBC, "unknown-0xBC" },
- { 0xBD, "unknown-0xBD" },
- { 0xBE, "unknown-0xBE" },
- { 0xBF, "unknown-0xBF" },
- { 0xC0, "unknown-0xC0" },
- { 0xC1, "unknown-0xC1" },
- { 0xC2, "unknown-0xC2" },
- { 0xC3, "unknown-0xC3" },
- { 0xC4, "unknown-0xC4" },
- { 0xC5, "unknown-0xC5" },
- { 0xC6, "unknown-0xC6" },
- { 0xC7, "unknown-0xC7" },
- { 0xC8, "unknown-0xC8" },
- { 0xC9, "unknown-0xC9" },
- { 0xCA, "unknown-0xCA" },
- { 0xCB, "unknown-0xCB" },
- { 0xCC, "unknown-0xCC" },
- { 0xCD, "unknown-0xCD" },
- { 0xCE, "unknown-0xCE" },
- { 0xCF, "unknown-0xCF" },
- { 0xD0, "unknown-0xD0" },
- { 0xD1, "unknown-0xD1" },
- { 0xD2, "unknown-0xD2" },
- { 0xD3, "unknown-0xD3" },
- { 0xD4, "unknown-0xD4" },
- { 0xD5, "unknown-0xD5" },
- { 0xD6, "unknown-0xD6" },
- { 0xD7, "unknown-0xD7" },
- { 0xD8, "unknown-0xD8" },
- { 0xD9, "unknown-0xD9" },
- { 0xDA, "unknown-0xDA" },
- { 0xDB, "unknown-0xDB" },
- { 0xDC, "unknown-0xDC" },
- { 0xDD, "unknown-0xDD" },
- { 0xDE, "unknown-0xDE" },
- { 0xDF, "unknown-0xDF" },
- { 0xE0, "unknown-0xE0" },
- { 0xE1, "unknown-0xE1" },
- { 0xE2, "unknown-0xE2" },
- { 0xE3, "unknown-0xE3" },
- { 0xE4, "unknown-0xE4" },
- { 0xE5, "unknown-0xE5" },
- { 0xE6, "unknown-0xE6" },
- { 0xE7, "unknown-0xE7" },
- { 0xE8, "unknown-0xE8" },
- { 0xE9, "unknown-0xE9" },
- { 0xEA, "unknown-0xEA" },
- { 0xEB, "unknown-0xEB" },
- { 0xEC, "unknown-0xEC" },
- { 0xED, "unknown-0xED" },
- { 0xEE, "unknown-0xEE" },
- { 0xEF, "unknown-0xEF" },
- { 0xF0, "unknown-0xF0" },
- { 0xF1, "unknown-0xF1" },
- { 0xF2, "unknown-0xF2" },
- { 0xF3, "unknown-0xF3" },
- { 0xF4, "unknown-0xF4" },
- { 0xF5, "unknown-0xF5" },
- { 0xF6, "unknown-0xF6" },
- { 0xF7, "unknown-0xF7" },
- { 0xF8, "unknown-0xF8" },
- { 0xF9, "unknown-0xF9" },
- { 0xFA, "unknown-0xFA" },
- { 0xFB, "unknown-0xFB" },
- { 0xFC, "unknown-0xFC" },
- { 0xFD, "unknown-0xFD" },
- { 0xFE, "unknown-0xFE" },
- { 0xFF, "unknown-0xFF" },
- { 0x00, NULL },
+ { 0x00, "Negotiate Protocol" },
+ { 0x01, "Session Setup" },
+ { 0x02, "Session Logoff" },
+ { 0x03, "Tree Connect" },
+ { 0x04, "Tree Disconnect" },
+ { 0x05, "Create" },
+ { 0x06, "Close" },
+ { 0x07, "Flush" },
+ { 0x08, "Read" },
+ { 0x09, "Write" },
+ { 0x0A, "Lock" },
+ { 0x0B, "Ioctl" },
+ { 0x0C, "Cancel" },
+ { 0x0D, "KeepAlive" },
+ { 0x0E, "Find" },
+ { 0x0F, "Notify" },
+ { 0x10, "GetInfo" },
+ { 0x11, "SetInfo" },
+ { 0x12, "Break" },
+ { 0x13, "unknown-0x13" },
+ { 0x14, "unknown-0x14" },
+ { 0x15, "unknown-0x15" },
+ { 0x16, "unknown-0x16" },
+ { 0x17, "unknown-0x17" },
+ { 0x18, "unknown-0x18" },
+ { 0x19, "unknown-0x19" },
+ { 0x1A, "unknown-0x1A" },
+ { 0x1B, "unknown-0x1B" },
+ { 0x1C, "unknown-0x1C" },
+ { 0x1D, "unknown-0x1D" },
+ { 0x1E, "unknown-0x1E" },
+ { 0x1F, "unknown-0x1F" },
+ { 0x20, "unknown-0x20" },
+ { 0x21, "unknown-0x21" },
+ { 0x22, "unknown-0x22" },
+ { 0x23, "unknown-0x23" },
+ { 0x24, "unknown-0x24" },
+ { 0x25, "unknown-0x25" },
+ { 0x26, "unknown-0x26" },
+ { 0x27, "unknown-0x27" },
+ { 0x28, "unknown-0x28" },
+ { 0x29, "unknown-0x29" },
+ { 0x2A, "unknown-0x2A" },
+ { 0x2B, "unknown-0x2B" },
+ { 0x2C, "unknown-0x2C" },
+ { 0x2D, "unknown-0x2D" },
+ { 0x2E, "unknown-0x2E" },
+ { 0x2F, "unknown-0x2F" },
+ { 0x30, "unknown-0x30" },
+ { 0x31, "unknown-0x31" },
+ { 0x32, "unknown-0x32" },
+ { 0x33, "unknown-0x33" },
+ { 0x34, "unknown-0x34" },
+ { 0x35, "unknown-0x35" },
+ { 0x36, "unknown-0x36" },
+ { 0x37, "unknown-0x37" },
+ { 0x38, "unknown-0x38" },
+ { 0x39, "unknown-0x39" },
+ { 0x3A, "unknown-0x3A" },
+ { 0x3B, "unknown-0x3B" },
+ { 0x3C, "unknown-0x3C" },
+ { 0x3D, "unknown-0x3D" },
+ { 0x3E, "unknown-0x3E" },
+ { 0x3F, "unknown-0x3F" },
+ { 0x40, "unknown-0x40" },
+ { 0x41, "unknown-0x41" },
+ { 0x42, "unknown-0x42" },
+ { 0x43, "unknown-0x43" },
+ { 0x44, "unknown-0x44" },
+ { 0x45, "unknown-0x45" },
+ { 0x46, "unknown-0x46" },
+ { 0x47, "unknown-0x47" },
+ { 0x48, "unknown-0x48" },
+ { 0x49, "unknown-0x49" },
+ { 0x4A, "unknown-0x4A" },
+ { 0x4B, "unknown-0x4B" },
+ { 0x4C, "unknown-0x4C" },
+ { 0x4D, "unknown-0x4D" },
+ { 0x4E, "unknown-0x4E" },
+ { 0x4F, "unknown-0x4F" },
+ { 0x50, "unknown-0x50" },
+ { 0x51, "unknown-0x51" },
+ { 0x52, "unknown-0x52" },
+ { 0x53, "unknown-0x53" },
+ { 0x54, "unknown-0x54" },
+ { 0x55, "unknown-0x55" },
+ { 0x56, "unknown-0x56" },
+ { 0x57, "unknown-0x57" },
+ { 0x58, "unknown-0x58" },
+ { 0x59, "unknown-0x59" },
+ { 0x5A, "unknown-0x5A" },
+ { 0x5B, "unknown-0x5B" },
+ { 0x5C, "unknown-0x5C" },
+ { 0x5D, "unknown-0x5D" },
+ { 0x5E, "unknown-0x5E" },
+ { 0x5F, "unknown-0x5F" },
+ { 0x60, "unknown-0x60" },
+ { 0x61, "unknown-0x61" },
+ { 0x62, "unknown-0x62" },
+ { 0x63, "unknown-0x63" },
+ { 0x64, "unknown-0x64" },
+ { 0x65, "unknown-0x65" },
+ { 0x66, "unknown-0x66" },
+ { 0x67, "unknown-0x67" },
+ { 0x68, "unknown-0x68" },
+ { 0x69, "unknown-0x69" },
+ { 0x6A, "unknown-0x6A" },
+ { 0x6B, "unknown-0x6B" },
+ { 0x6C, "unknown-0x6C" },
+ { 0x6D, "unknown-0x6D" },
+ { 0x6E, "unknown-0x6E" },
+ { 0x6F, "unknown-0x6F" },
+ { 0x70, "unknown-0x70" },
+ { 0x71, "unknown-0x71" },
+ { 0x72, "unknown-0x72" },
+ { 0x73, "unknown-0x73" },
+ { 0x74, "unknown-0x74" },
+ { 0x75, "unknown-0x75" },
+ { 0x76, "unknown-0x76" },
+ { 0x77, "unknown-0x77" },
+ { 0x78, "unknown-0x78" },
+ { 0x79, "unknown-0x79" },
+ { 0x7A, "unknown-0x7A" },
+ { 0x7B, "unknown-0x7B" },
+ { 0x7C, "unknown-0x7C" },
+ { 0x7D, "unknown-0x7D" },
+ { 0x7E, "unknown-0x7E" },
+ { 0x7F, "unknown-0x7F" },
+ { 0x80, "unknown-0x80" },
+ { 0x81, "unknown-0x81" },
+ { 0x82, "unknown-0x82" },
+ { 0x83, "unknown-0x83" },
+ { 0x84, "unknown-0x84" },
+ { 0x85, "unknown-0x85" },
+ { 0x86, "unknown-0x86" },
+ { 0x87, "unknown-0x87" },
+ { 0x88, "unknown-0x88" },
+ { 0x89, "unknown-0x89" },
+ { 0x8A, "unknown-0x8A" },
+ { 0x8B, "unknown-0x8B" },
+ { 0x8C, "unknown-0x8C" },
+ { 0x8D, "unknown-0x8D" },
+ { 0x8E, "unknown-0x8E" },
+ { 0x8F, "unknown-0x8F" },
+ { 0x90, "unknown-0x90" },
+ { 0x91, "unknown-0x91" },
+ { 0x92, "unknown-0x92" },
+ { 0x93, "unknown-0x93" },
+ { 0x94, "unknown-0x94" },
+ { 0x95, "unknown-0x95" },
+ { 0x96, "unknown-0x96" },
+ { 0x97, "unknown-0x97" },
+ { 0x98, "unknown-0x98" },
+ { 0x99, "unknown-0x99" },
+ { 0x9A, "unknown-0x9A" },
+ { 0x9B, "unknown-0x9B" },
+ { 0x9C, "unknown-0x9C" },
+ { 0x9D, "unknown-0x9D" },
+ { 0x9E, "unknown-0x9E" },
+ { 0x9F, "unknown-0x9F" },
+ { 0xA0, "unknown-0xA0" },
+ { 0xA1, "unknown-0xA1" },
+ { 0xA2, "unknown-0xA2" },
+ { 0xA3, "unknown-0xA3" },
+ { 0xA4, "unknown-0xA4" },
+ { 0xA5, "unknown-0xA5" },
+ { 0xA6, "unknown-0xA6" },
+ { 0xA7, "unknown-0xA7" },
+ { 0xA8, "unknown-0xA8" },
+ { 0xA9, "unknown-0xA9" },
+ { 0xAA, "unknown-0xAA" },
+ { 0xAB, "unknown-0xAB" },
+ { 0xAC, "unknown-0xAC" },
+ { 0xAD, "unknown-0xAD" },
+ { 0xAE, "unknown-0xAE" },
+ { 0xAF, "unknown-0xAF" },
+ { 0xB0, "unknown-0xB0" },
+ { 0xB1, "unknown-0xB1" },
+ { 0xB2, "unknown-0xB2" },
+ { 0xB3, "unknown-0xB3" },
+ { 0xB4, "unknown-0xB4" },
+ { 0xB5, "unknown-0xB5" },
+ { 0xB6, "unknown-0xB6" },
+ { 0xB7, "unknown-0xB7" },
+ { 0xB8, "unknown-0xB8" },
+ { 0xB9, "unknown-0xB9" },
+ { 0xBA, "unknown-0xBA" },
+ { 0xBB, "unknown-0xBB" },
+ { 0xBC, "unknown-0xBC" },
+ { 0xBD, "unknown-0xBD" },
+ { 0xBE, "unknown-0xBE" },
+ { 0xBF, "unknown-0xBF" },
+ { 0xC0, "unknown-0xC0" },
+ { 0xC1, "unknown-0xC1" },
+ { 0xC2, "unknown-0xC2" },
+ { 0xC3, "unknown-0xC3" },
+ { 0xC4, "unknown-0xC4" },
+ { 0xC5, "unknown-0xC5" },
+ { 0xC6, "unknown-0xC6" },
+ { 0xC7, "unknown-0xC7" },
+ { 0xC8, "unknown-0xC8" },
+ { 0xC9, "unknown-0xC9" },
+ { 0xCA, "unknown-0xCA" },
+ { 0xCB, "unknown-0xCB" },
+ { 0xCC, "unknown-0xCC" },
+ { 0xCD, "unknown-0xCD" },
+ { 0xCE, "unknown-0xCE" },
+ { 0xCF, "unknown-0xCF" },
+ { 0xD0, "unknown-0xD0" },
+ { 0xD1, "unknown-0xD1" },
+ { 0xD2, "unknown-0xD2" },
+ { 0xD3, "unknown-0xD3" },
+ { 0xD4, "unknown-0xD4" },
+ { 0xD5, "unknown-0xD5" },
+ { 0xD6, "unknown-0xD6" },
+ { 0xD7, "unknown-0xD7" },
+ { 0xD8, "unknown-0xD8" },
+ { 0xD9, "unknown-0xD9" },
+ { 0xDA, "unknown-0xDA" },
+ { 0xDB, "unknown-0xDB" },
+ { 0xDC, "unknown-0xDC" },
+ { 0xDD, "unknown-0xDD" },
+ { 0xDE, "unknown-0xDE" },
+ { 0xDF, "unknown-0xDF" },
+ { 0xE0, "unknown-0xE0" },
+ { 0xE1, "unknown-0xE1" },
+ { 0xE2, "unknown-0xE2" },
+ { 0xE3, "unknown-0xE3" },
+ { 0xE4, "unknown-0xE4" },
+ { 0xE5, "unknown-0xE5" },
+ { 0xE6, "unknown-0xE6" },
+ { 0xE7, "unknown-0xE7" },
+ { 0xE8, "unknown-0xE8" },
+ { 0xE9, "unknown-0xE9" },
+ { 0xEA, "unknown-0xEA" },
+ { 0xEB, "unknown-0xEB" },
+ { 0xEC, "unknown-0xEC" },
+ { 0xED, "unknown-0xED" },
+ { 0xEE, "unknown-0xEE" },
+ { 0xEF, "unknown-0xEF" },
+ { 0xF0, "unknown-0xF0" },
+ { 0xF1, "unknown-0xF1" },
+ { 0xF2, "unknown-0xF2" },
+ { 0xF3, "unknown-0xF3" },
+ { 0xF4, "unknown-0xF4" },
+ { 0xF5, "unknown-0xF5" },
+ { 0xF6, "unknown-0xF6" },
+ { 0xF7, "unknown-0xF7" },
+ { 0xF8, "unknown-0xF8" },
+ { 0xF9, "unknown-0xF9" },
+ { 0xFA, "unknown-0xFA" },
+ { 0xFB, "unknown-0xFB" },
+ { 0xFC, "unknown-0xFC" },
+ { 0xFD, "unknown-0xFD" },
+ { 0xFE, "unknown-0xFE" },
+ { 0xFF, "unknown-0xFF" },
+ { 0x00, NULL },
};
value_string_ext smb2_cmd_vals_ext = VALUE_STRING_EXT_INIT(smb2_cmd_vals);
static const char *decode_smb2_name(guint16 cmd)
{
- if (cmd > 0xFF) return "unknown";
- return(smb2_cmd_vals[cmd & 0xFF].strptr);
+ if (cmd > 0xFF) return "unknown";
+ return(smb2_cmd_vals[cmd & 0xFF].strptr);
}
static smb2_function smb2_dissector[256] = {
*plain_tvb = NULL;
/* signature */
- proto_tree_add_item(tree, hf_smb2_transform_signature, tvb, offset, 16, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_transform_signature, tvb, offset, 16, ENC_NA);
offset += 16;
/* nonce */
- proto_tree_add_item(tree, hf_smb2_transform_nonce, tvb, offset, 16, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_transform_nonce, tvb, offset, 16, ENC_NA);
tvb_memcpy(tvb, sti->nonce, offset, 16);
offset += 16;
offset += 4;
/* reserved */
- proto_tree_add_item(tree, hf_smb2_transform_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_transform_reserved, tvb, offset, 2, ENC_NA);
offset += 2;
/* enc algorithm */
sesid_offset = offset;
sti->sesid = tvb_get_letoh64(tvb, offset);
sesid_item = proto_tree_add_item(tree, hf_smb2_sesid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
- if (tree) {
- sesid_tree = proto_item_add_subtree(sesid_item, ett_smb2_sesid_tree);
- }
+ sesid_tree = proto_item_add_subtree(sesid_item, ett_smb2_sesid_tree);
offset += 8;
/* now we need to first lookup the uid session */
sesid_key.sesid = sti->sesid;
- sti->session = g_hash_table_lookup(sti->conv->sesids, &sesid_key);
+ sti->session = (smb2_sesid_info_t *)g_hash_table_lookup(sti->conv->sesids, &sesid_key);
if (sti->session != NULL && sti->session->auth_frame != (guint32)-1) {
item = proto_tree_add_string(sesid_tree, hf_smb2_acct_name, tvb, sesid_offset, 0, sti->session->acct_name);
#ifdef HAVE_LIBGCRYPT
if (sti->session != NULL && sti->alg == ENC_ALG_aes128_ccm) {
- static const guint8 zeros[16];
-
if (pinfo->destport == sti->session->server_port) {
decryption_key = sti->session->server_decryption_key;
} else {
memcpy(&A_1[1], sti->nonce, 15 - 4);
- plain_data = tvb_memdup(tvb, offset, sti->size);
+ plain_data = (guint8 *)tvb_memdup(NULL, tvb, offset, sti->size);
/* Open the cipher. */
if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0)) {
}
done_decryption:
#endif
- *enc_tvb = tvb_new_subset(tvb, offset, sti->size, sti->size);
+ *enc_tvb = tvb_new_subset_length(tvb, offset, sti->size);
if (plain_data != NULL) {
*plain_tvb = tvb_new_child_real_data(*enc_tvb, plain_data, sti->size, sti->size);
proto_tree *cmd_tree;
int old_offset = offset;
- cmd_item = proto_tree_add_text(tree, tvb, offset, -1,
- "%s %s (0x%02x)",
+ cmd_tree = proto_tree_add_subtree_format(tree, tvb, offset, -1,
+ ett_smb2_command, &cmd_item, "%s %s (0x%02x)",
decode_smb2_name(si->opcode),
(si->flags & SMB2_FLAGS_RESPONSE)?"Response":"Request",
si->opcode);
- cmd_tree = proto_item_add_subtree(cmd_item, ett_smb2_command);
-
cmd_dissector = (si->flags & SMB2_FLAGS_RESPONSE)?
smb2_dissector[si->opcode&0xff].response:
offset = (*cmd_dissector)(tvb, pinfo, cmd_tree, offset, si);
} else {
proto_tree_add_item(cmd_tree, hf_smb2_unknown, tvb, offset, -1, ENC_NA);
- offset = tvb_length(tvb);
+ offset = tvb_captured_length(tvb);
}
proto_item_set_len(cmd_item, offset-old_offset);
smb2_sesid_info_t sesid_key;
int sesid_offset;
proto_item *item;
- unsigned int pid;
if (si->flags&SMB2_FLAGS_ASYNC_CMD) {
offset += 8;
} else {
/* Process ID */
- pid = tvb_get_letohl(tvb, offset);
- proto_tree_add_uint_format(tree, hf_smb2_pid, tvb, offset, 4, pid, "Process Id: %08x",pid);
+ proto_tree_add_item(tree, hf_smb2_pid, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
/* Tree ID */
tid_offset = offset;
si->tid = tvb_get_letohl(tvb, offset);
tid_item = proto_tree_add_item(tree, hf_smb2_tid, tvb, offset, 4, ENC_LITTLE_ENDIAN);
- if (tree) {
- tid_tree = proto_item_add_subtree(tid_item, ett_smb2_tid_tree);
- }
+ tid_tree = proto_item_add_subtree(tid_item, ett_smb2_tid_tree);
offset += 4;
}
sesid_offset = offset;
si->sesid = tvb_get_letoh64(tvb, offset);
sesid_item = proto_tree_add_item(tree, hf_smb2_sesid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
- if (tree) {
- sesid_tree = proto_item_add_subtree(sesid_item, ett_smb2_sesid_tree);
- }
+ sesid_tree = proto_item_add_subtree(sesid_item, ett_smb2_sesid_tree);
offset += 8;
/* now we need to first lookup the uid session */
sesid_key.sesid = si->sesid;
- si->session = g_hash_table_lookup(si->conv->sesids, &sesid_key);
+ si->session = (smb2_sesid_info_t *)g_hash_table_lookup(si->conv->sesids, &sesid_key);
if (!si->session) {
if (si->opcode != 0x03) return offset;
* a tree connect, we create a dummy sessison, so we can hang the
* tree data on it
*/
- si->session = se_alloc(sizeof(smb2_sesid_info_t));
- si->session->sesid = si->sesid;
- si->session->acct_name = NULL;
- si->session->domain_name = NULL;
- si->session->host_name = NULL;
- si->session->auth_frame = (guint32)-1;
- si->session->tids = g_hash_table_new(smb2_tid_info_hash, smb2_tid_info_equal);
+ si->session = wmem_new0(wmem_file_scope(), smb2_sesid_info_t);
+ si->session->sesid = si->sesid;
+ si->session->auth_frame = (guint32)-1;
+ si->session->tids = g_hash_table_new(smb2_tid_info_hash, smb2_tid_info_equal);
g_hash_table_insert(si->conv->sesids, si->session, si->session);
return offset;
if (!(si->flags&SMB2_FLAGS_ASYNC_CMD)) {
/* see if we can find the name for this tid */
tid_key.tid = si->tid;
- si->tree = g_hash_table_lookup(si->session->tids, &tid_key);
+ si->tree = (smb2_tid_info_t *)g_hash_table_lookup(si->session->tids, &tid_key);
if (!si->tree) return offset;
item = proto_tree_add_string(tid_tree, hf_smb2_tree, tvb, tid_offset, 4, si->tree->name);
static int
dissect_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, gboolean first_in_chain)
{
- gboolean smb2_transform_header = FALSE;
- proto_item *seqnum_item;
- proto_item *item = NULL;
- proto_tree *tree = NULL;
- proto_item *header_item = NULL;
- proto_tree *header_tree = NULL;
- proto_item *flags_item = NULL;
- proto_tree *flags_tree = NULL;
- int offset = 0;
- int chain_offset = 0;
- char* label = smb_header_label;
+ gboolean smb2_transform_header = FALSE;
+ proto_item *msg_id_item;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ proto_item *header_item = NULL;
+ proto_tree *header_tree = NULL;
+ int offset = 0;
+ int chain_offset = 0;
+ const char *label = smb_header_label;
conversation_t *conversation;
smb2_saved_info_t *ssi = NULL, ssi_key;
smb2_info_t *si;
smb2_transform_info_t *sti;
+ char *fid_name;
+ guint32 open_frame,close_frame;
+ smb2_eo_file_info_t *eo_file_info;
+ e_ctx_hnd *policy_hnd_hashtablekey;
- sti = ep_alloc(sizeof(smb2_transform_info_t));
- si = ep_alloc(sizeof(smb2_info_t));
- si->conv = NULL;
- si->saved = NULL;
- si->tree = NULL;
+ sti = wmem_new(wmem_packet_scope(), smb2_transform_info_t);
+ si = wmem_new0(wmem_packet_scope(), smb2_info_t);
si->top_tree = parent_tree;
if (tvb_get_guint8(tvb, 0) == 0xfd) {
* conversation
*/
conversation = find_or_create_conversation(pinfo);
- si->conv = conversation_get_proto_data(conversation, proto_smb2);
+ si->conv = (smb2_conv_info_t *)conversation_get_proto_data(conversation, proto_smb2);
if (!si->conv) {
/* no smb2_into_t structure for this conversation yet,
* create it.
*/
- si->conv = se_alloc(sizeof(smb2_conv_info_t));
+ si->conv = wmem_new(wmem_file_scope(), smb2_conv_info_t);
/* qqq this leaks memory for now since we never free
the hashtables */
si->conv->matched = g_hash_table_new(smb2_saved_info_hash_matched,
smb2_saved_info_equal_unmatched);
si->conv->sesids = g_hash_table_new(smb2_sesid_info_hash,
smb2_sesid_info_equal);
+ si->conv->fids = g_hash_table_new(smb2_fid_info_hash,
+ smb2_fid_info_equal);
+ si->conv->files = g_hash_table_new(smb2_eo_files_hash,smb2_eo_files_equal);
+
+ /* Bit of a hack to avoid leaking the hash tables - register a
+ * callback to free them. Ideally wmem would implement a simple
+ * hash table so we wouldn't have to do this. */
+ wmem_register_callback(wmem_file_scope(), smb2_conv_destroy,
+ si->conv);
conversation_add_proto_data(conversation, proto_smb2, si->conv);
}
sti->conv = si->conv;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMB2");
- if (check_col(pinfo->cinfo, COL_INFO)) {
- if (first_in_chain) {
- /* first packet */
- col_clear(pinfo->cinfo, COL_INFO);
- } else {
- col_append_str(pinfo->cinfo, COL_INFO, ";");
- }
- }
-
- if (parent_tree) {
- item = proto_tree_add_item(parent_tree, proto_smb2, tvb, offset,
- -1, ENC_NA);
- tree = proto_item_add_subtree(item, ett_smb2);
+ if (first_in_chain) {
+ /* first packet */
+ col_clear(pinfo->cinfo, COL_INFO);
+ } else {
+ col_append_str(pinfo->cinfo, COL_INFO, ";");
}
+ item = proto_tree_add_item(parent_tree, proto_smb2, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_smb2);
- if (tree) {
- header_item = proto_tree_add_text(tree, tvb, offset, -1, "%s", label);
- header_tree = proto_item_add_subtree(header_item, ett_smb2_header);
- }
+ header_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_header, &header_item, label);
/* Decode the header */
if (!smb2_transform_header) {
/* SMB2 marker */
- proto_tree_add_text(header_tree, tvb, offset, 4, "Server Component: SMB2");
+ proto_tree_add_item(header_tree, hf_smb2_server_component_smb2, tvb, offset, 4, ENC_NA);
offset += 4;
/* we need the flags before we know how to parse the credits field */
si->status = 0;
proto_tree_add_item(header_tree, hf_smb2_channel_sequence, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
- proto_tree_add_item(header_tree, hf_smb2_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(header_tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
offset += 2;
}
/* flags */
if (header_tree) {
- flags_item = proto_tree_add_text(header_tree, tvb, offset, 4,
- "Flags: 0x%08x", si->flags);
- flags_tree = proto_item_add_subtree(flags_item, ett_smb2_flags);
+ static const int * flags[] = {
+ &hf_smb2_flags_response,
+ &hf_smb2_flags_async_cmd,
+ &hf_smb2_flags_chained,
+ &hf_smb2_flags_signature,
+ &hf_smb2_flags_priority_mask,
+ &hf_smb2_flags_dfs_op,
+ &hf_smb2_flags_replay_operation,
+ NULL
+ };
+
+ proto_tree_add_bitmask(header_tree, tvb, offset, hf_smb2_flags,
+ ett_smb2_flags, flags, ENC_LITTLE_ENDIAN);
}
- proto_tree_add_boolean(flags_tree, hf_smb2_flags_replay_operation, tvb, offset, 4, si->flags);
- proto_tree_add_boolean(flags_tree, hf_smb2_flags_dfs_op, tvb, offset, 4, si->flags);
- proto_tree_add_boolean(flags_tree, hf_smb2_flags_signature, tvb, offset, 4, si->flags);
- proto_tree_add_boolean(flags_tree, hf_smb2_flags_chained, tvb, offset, 4, si->flags);
- proto_tree_add_boolean(flags_tree, hf_smb2_flags_async_cmd, tvb, offset, 4, si->flags);
- proto_tree_add_boolean(flags_tree, hf_smb2_flags_response, tvb, offset, 4, si->flags);
offset += 4;
proto_tree_add_item(header_tree, hf_smb2_chain_offset, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
- /* command sequence number*/
- si->seqnum = tvb_get_letoh64(tvb, offset);
- ssi_key.seqnum = si->seqnum;
- seqnum_item = proto_tree_add_item(header_tree, hf_smb2_seqnum, tvb, offset, 8, ENC_LITTLE_ENDIAN);
- if (seqnum_item && (si->seqnum == -1)) {
- proto_item_append_text(seqnum_item, " (unsolicited response)");
+ /* Message ID */
+ si->msg_id = tvb_get_letoh64(tvb, offset);
+ ssi_key.msg_id = si->msg_id;
+ msg_id_item = proto_tree_add_item(header_tree, hf_smb2_msg_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ if (msg_id_item && (si->msg_id == -1)) {
+ proto_item_append_text(msg_id_item, " (unsolicited response)");
}
offset += 8;
proto_item_set_len(header_item, offset);
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_append_fstr(pinfo->cinfo, COL_INFO, "%s %s",
+ col_append_fstr(pinfo->cinfo, COL_INFO, "%s %s",
decode_smb2_name(si->opcode),
(si->flags & SMB2_FLAGS_RESPONSE)?"Response":"Request");
- if (si->status) {
- col_append_fstr(
+ if (si->status) {
+ col_append_fstr(
pinfo->cinfo, COL_INFO, ", Error: %s",
- val_to_str(si->status, NT_errors,
- "Unknown (0x%08X)"));
- }
+ val_to_str_ext(si->status, &NT_errors_ext,
+ "Unknown (0x%08X)"));
}
if (!pinfo->fd->flags.visited) {
- /* see if we can find this seqnum in the unmatched table */
- ssi = g_hash_table_lookup(si->conv->unmatched, &ssi_key);
+ /* see if we can find this msg_id in the unmatched table */
+ ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->unmatched, &ssi_key);
if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
/* This is a request */
}
if (!ssi) {
- /* no we couldnt find it, so just add it then
+ /* no we couldn't find it, so just add it then
* if was a request we are decoding
*/
- ssi = se_alloc(sizeof(smb2_saved_info_t));
- ssi->class = 0;
- ssi->infolevel = 0;
- ssi->seqnum = ssi_key.seqnum;
+ ssi = wmem_new0(wmem_file_scope(), smb2_saved_info_t);
+ ssi->msg_id = ssi_key.msg_id;
ssi->frame_req = pinfo->fd->num;
- ssi->frame_res = 0;
ssi->req_time = pinfo->fd->abs_ts;
- ssi->extra_info = NULL;
ssi->extra_info_type = SMB2_EI_NONE;
g_hash_table_insert(si->conv->unmatched, ssi, ssi);
}
} else {
/* This is a response */
- if (ssi) {
+ if (!((si->flags & SMB2_FLAGS_ASYNC_CMD)
+ && si->status == NT_STATUS_PENDING)
+ && ssi) {
/* just set the response frame and move it to the matched table */
ssi->frame_res = pinfo->fd->num;
g_hash_table_remove(si->conv->unmatched, ssi);
}
}
} else {
- /* see if we can find this seqnum in the matched table */
- ssi = g_hash_table_lookup(si->conv->matched, &ssi_key);
- /* if we couldnt find it in the matched table, it might still
+ /* see if we can find this msg_id in the matched table */
+ ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->matched, &ssi_key);
+ /* if we couldn't find it in the matched table, it might still
* be in the unmatched table
*/
if (!ssi) {
- ssi = g_hash_table_lookup(si->conv->unmatched, &ssi_key);
+ ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->unmatched, &ssi_key);
}
}
if (ssi) {
+ if (dcerpc_fetch_polhnd_data(&ssi->policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->fd->num)) {
+ /* If needed, create the file entry and save the policy hnd */
+ if (!si->eo_file_info) {
+ if (si->conv) {
+ eo_file_info = (smb2_eo_file_info_t *)g_hash_table_lookup(si->conv->files,&ssi->policy_hnd);
+ if (!eo_file_info) { /* XXX This should never happen */
+ /* assert(1==0); */
+ eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
+ policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
+ memcpy(policy_hnd_hashtablekey, &ssi->policy_hnd, sizeof(e_ctx_hnd));
+ eo_file_info->end_of_file=0;
+ g_hash_table_insert(si->conv->files,policy_hnd_hashtablekey,eo_file_info);
+ }
+ si->eo_file_info=eo_file_info;
+ }
+ }
+ }
+
if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
if (ssi->frame_res) {
proto_item *tmp_item;
}
}
}
- /* if we dont have ssi yet we must fake it */
+ /* if we don't have ssi yet we must fake it */
/*qqq*/
si->saved = ssi;
/* Decode the payload */
offset = dissect_smb2_command(pinfo, tree, tvb, offset, si);
} else {
- proto_item *enc_item;
proto_tree *enc_tree;
tvbuff_t *enc_tvb = NULL;
tvbuff_t *plain_tvb = NULL;
/* SMB2_TRANSFORM marker */
- proto_tree_add_text(header_tree, tvb, offset, 4, "Server Component: SMB2_TRANSFORM");
+ proto_tree_add_item(header_tree, hf_smb2_server_component_smb2_transform, tvb, offset, 4, ENC_NA);
offset += 4;
offset = dissect_smb2_transform_header(pinfo, header_tree, tvb, offset, sti,
&enc_tvb, &plain_tvb);
- enc_item = proto_tree_add_text(tree, enc_tvb, 0, sti->size, "Encrypted SMB3 data");
- enc_tree = proto_item_add_subtree(enc_item, ett_smb2_encrypted);
+ enc_tree = proto_tree_add_subtree(tree, enc_tvb, 0, sti->size, ett_smb2_encrypted, NULL, "Encrypted SMB3 data");
if (plain_tvb != NULL) {
- col_append_fstr(pinfo->cinfo, COL_INFO, "Decrypted SMB3");
+ col_append_str(pinfo->cinfo, COL_INFO, "Decrypted SMB3");
dissect_smb2(plain_tvb, pinfo, enc_tree, FALSE);
} else {
- col_append_fstr(pinfo->cinfo, COL_INFO, "Encrypted SMB3");
- proto_tree_add_item(enc_tree, hf_smb2_transform_encyrpted_data,
- enc_tvb, 0, sti->size, ENC_LITTLE_ENDIAN);
+ col_append_str(pinfo->cinfo, COL_INFO, "Encrypted SMB3");
+ proto_tree_add_item(enc_tree, hf_smb2_transform_encrypted_data,
+ enc_tvb, 0, sti->size, ENC_NA);
}
if (tvb_reported_length_remaining(tvb, offset) > 0) {
{
/* must check that this really is a smb2 packet */
- if (tvb_length(tvb) < 4)
+ if (tvb_captured_length(tvb) < 4)
return FALSE;
if (((tvb_get_guint8(tvb, 0) != 0xfe) && (tvb_get_guint8(tvb, 0) != 0xfd))
void
proto_register_smb2(void)
{
+ module_t *smb2_module;
static hf_register_info hf[] = {
- { &hf_smb2_cmd,
- { "Command", "smb2.cmd", FT_UINT16, BASE_DEC|BASE_EXT_STRING,
- &smb2_cmd_vals_ext, 0, "SMB2 Command Opcode", HFILL }},
- { &hf_smb2_response_to,
- { "Response to", "smb2.response_to", FT_FRAMENUM, BASE_NONE,
- NULL, 0, "This packet is a response to the packet in this frame", HFILL }},
- { &hf_smb2_response_in,
- { "Response in", "smb2.response_in", FT_FRAMENUM, BASE_NONE,
- NULL, 0, "The response to this packet is in this packet", HFILL }},
- { &hf_smb2_time,
- { "Time from request", "smb2.time", FT_RELATIVE_TIME, BASE_NONE,
- NULL, 0, "Time between Request and Response for SMB2 cmds", HFILL }},
- { &hf_smb2_header_len,
- { "Header Length", "smb2.header_len", FT_UINT16, BASE_DEC,
- NULL, 0, "SMB2 Size of Header", HFILL }},
- { &hf_smb2_nt_status,
- { "NT Status", "smb2.nt_status", FT_UINT32, BASE_HEX,
- VALS(NT_errors), 0, "NT Status code", HFILL }},
- { &hf_smb2_seqnum,
- { "Command Sequence Number", "smb2.seq_num", FT_INT64, BASE_DEC,
- NULL, 0, "SMB2 Command Sequence Number", HFILL }},
- { &hf_smb2_tid,
- { "Tree Id", "smb2.tid", FT_UINT32, BASE_HEX,
- NULL, 0, "SMB2 Tree Id", HFILL }},
- { &hf_smb2_aid,
- { "Async Id", "smb2.aid", FT_UINT64, BASE_HEX,
- NULL, 0, "SMB2 Async Id", HFILL }},
- { &hf_smb2_sesid,
- { "Session Id", "smb2.sesid", FT_UINT64, BASE_HEX,
- NULL, 0, "SMB2 Session Id", HFILL }},
- { &hf_smb2_previous_sesid,
- { "Previous Session Id", "smb2.previous_sesid", FT_UINT64, BASE_HEX,
- NULL, 0, "SMB2 Previous Session Id", HFILL }},
- { &hf_smb2_chain_offset,
- { "Chain Offset", "smb2.chain_offset", FT_UINT32, BASE_HEX,
- NULL, 0, "SMB2 Chain Offset", HFILL }},
- { &hf_smb2_end_of_file,
- { "End Of File", "smb2.eof", FT_UINT64, BASE_DEC,
- NULL, 0, "SMB2 End Of File/File size", HFILL }},
- { &hf_smb2_nlinks,
- { "Number of Links", "smb2.nlinks", FT_UINT32, BASE_DEC,
- NULL, 0, "Number of links to this object", HFILL }},
- { &hf_smb2_file_id,
- { "File Id", "smb2.file_id", FT_UINT64, BASE_HEX,
- NULL, 0, "SMB2 File Id", HFILL }},
- { &hf_smb2_allocation_size,
- { "Allocation Size", "smb2.allocation_size", FT_UINT64, BASE_DEC,
- NULL, 0, "SMB2 Allocation Size for this object", HFILL }},
- { &hf_smb2_max_response_size,
- { "Max Response Size", "smb2.max_response_size", FT_UINT32, BASE_DEC,
- NULL, 0, "SMB2 Maximum response size", HFILL }},
- { &hf_smb2_setinfo_size,
- { "Setinfo Size", "smb2.setinfo_size", FT_UINT32, BASE_DEC,
- NULL, 0, "SMB2 setinfo size", HFILL }},
- { &hf_smb2_setinfo_offset,
- { "Setinfo Offset", "smb2.setinfo_offset", FT_UINT16, BASE_HEX,
- NULL, 0, "SMB2 setinfo offset", HFILL }},
- { &hf_smb2_max_ioctl_out_size,
- { "Max Ioctl Out Size", "smb2.max_ioctl_out_size", FT_UINT32, BASE_DEC,
- NULL, 0, "SMB2 Maximum ioctl out size", HFILL }},
- { &hf_smb2_max_ioctl_in_size,
- { "Max Ioctl In Size", "smb2.max_ioctl_in_size", FT_UINT32, BASE_DEC,
- NULL, 0, "SMB2 Maximum ioctl out size", HFILL }},
- { &hf_smb2_required_buffer_size,
- { "Required Buffer Size", "smb2.required_size", FT_UINT32, BASE_DEC,
- NULL, 0, "SMB2 required buffer size", HFILL }},
- { &hf_smb2_pid,
- { "Process Id", "smb2.pid", FT_UINT32, BASE_HEX,
- NULL, 0, "SMB2 Process Id", HFILL }},
- { &hf_smb2_flags_response,
- { "Response", "smb2.flags.response", FT_BOOLEAN, 32,
- TFS(&tfs_flags_response), SMB2_FLAGS_RESPONSE, "Whether this is an SMB2 Request or Response", HFILL }},
- { &hf_smb2_flags_async_cmd,
- { "Async command", "smb2.flags.async", FT_BOOLEAN, 32,
- TFS(&tfs_flags_async_cmd), SMB2_FLAGS_ASYNC_CMD, NULL, HFILL }},
- { &hf_smb2_flags_dfs_op,
- { "DFS operation", "smb2.flags.dfs", FT_BOOLEAN, 32,
- TFS(&tfs_flags_dfs_op), SMB2_FLAGS_DFS_OP, NULL, HFILL }},
- { &hf_smb2_flags_chained,
- { "Chained", "smb2.flags.chained", FT_BOOLEAN, 32,
- TFS(&tfs_flags_chained), SMB2_FLAGS_CHAINED, "Whether the pdu continues a chain or not", HFILL }},
- { &hf_smb2_flags_signature,
- { "Signing", "smb2.flags.signature", FT_BOOLEAN, 32,
- TFS(&tfs_flags_signature), SMB2_FLAGS_SIGNATURE, "Whether the pdu is signed or not", HFILL }},
- { &hf_smb2_flags_replay_operation,
- { "Replay operation", "smb2.flags.replay", FT_BOOLEAN, 32,
- TFS(&tfs_flags_replay_operation), SMB2_FLAGS_REPLAY_OPERATION, "Whether this is a replay operation", HFILL }},
- { &hf_smb2_tree,
- { "Tree", "smb2.tree", FT_STRING, BASE_NONE,
- NULL, 0, "Name of the Tree/Share", HFILL }},
- { &hf_smb2_filename,
- { "Filename", "smb2.filename", FT_STRING, BASE_NONE,
- NULL, 0, "Name of the file", HFILL }},
- { &hf_smb2_filename_len,
- { "Filename Length", "smb2.filename.len", FT_UINT32, BASE_DEC,
- NULL, 0, "Length of the file name", HFILL }},
-
- { &hf_smb2_data_offset,
- { "Data Offset", "smb2.data_offset", FT_UINT16, BASE_HEX,
- NULL, 0, "Offset to data", HFILL }},
-
- { &hf_smb2_find_info_level,
- { "Info Level", "smb2.find.infolevel", FT_UINT32, BASE_DEC,
- VALS(smb2_find_info_levels), 0, "Find_Info Infolevel", HFILL }},
- { &hf_smb2_find_flags,
- { "Find Flags", "smb2.find.flags", FT_UINT8, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_find_pattern,
- { "Search Pattern", "smb2.find.pattern", FT_STRING, BASE_NONE,
- NULL, 0, "Find pattern", HFILL }},
-
- { &hf_smb2_find_info_blob,
- { "Info", "smb2.find.info_blob", FT_BYTES, BASE_NONE,
- NULL, 0, "Find Info", HFILL }},
-
- { &hf_smb2_ea_size,
- { "EA Size", "smb2.ea_size", FT_UINT32, BASE_DEC,
- NULL, 0, "Size of EA data", HFILL }},
-
- { &hf_smb2_class,
- { "Class", "smb2.class", FT_UINT8, BASE_HEX,
- VALS(smb2_class_vals), 0, "Info class", HFILL }},
-
- { &hf_smb2_infolevel,
- { "InfoLevel", "smb2.infolevel", FT_UINT8, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_infolevel_file_info,
- { "InfoLevel", "smb2.file_info.infolevel", FT_UINT8, BASE_HEX,
- VALS(smb2_file_info_levels), 0, "File_Info Infolevel", HFILL }},
-
- { &hf_smb2_infolevel_fs_info,
- { "InfoLevel", "smb2.fs_info.infolevel", FT_UINT8, BASE_HEX,
- VALS(smb2_fs_info_levels), 0, "Fs_Info Infolevel", HFILL }},
-
- { &hf_smb2_infolevel_sec_info,
- { "InfoLevel", "smb2.sec_info.infolevel", FT_UINT8, BASE_HEX,
- VALS(smb2_sec_info_levels), 0, "Sec_Info Infolevel", HFILL }},
-
- { &hf_smb2_write_length,
- { "Write Length", "smb2.write_length", FT_UINT32, BASE_DEC,
- NULL, 0, "Amount of data to write", HFILL }},
-
- { &hf_smb2_read_length,
- { "Read Length", "smb2.read_length", FT_UINT32, BASE_DEC,
- NULL, 0, "Amount of data to read", HFILL }},
-
- { &hf_smb2_read_remaining,
- { "Read Remaining", "smb2.read_remaining", FT_UINT32, BASE_DEC,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_create_flags,
- { "Create Flags", "smb2.create_flags", FT_UINT64, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_file_offset,
- { "File Offset", "smb2.file_offset", FT_UINT64, BASE_DEC,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_security_blob,
- { "Security Blob", "smb2.security_blob", FT_BYTES, BASE_NONE,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_ioctl_out_data,
- { "Out Data", "smb2.ioctl.out", FT_NONE, BASE_NONE,
- NULL, 0, "Ioctl Out", HFILL }},
-
- { &hf_smb2_ioctl_in_data,
- { "In Data", "smb2.ioctl.in", FT_NONE, BASE_NONE,
- NULL, 0, "Ioctl In", HFILL }},
-
- { &hf_smb2_server_guid,
- { "Server Guid", "smb2.server_guid", FT_GUID, BASE_NONE,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_client_guid,
- { "Client Guid", "smb2.client_guid", FT_GUID, BASE_NONE,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_object_id,
- { "ObjectId", "smb2.object_id", FT_GUID, BASE_NONE,
- NULL, 0, "ObjectID for this FID", HFILL }},
-
- { &hf_smb2_birth_volume_id,
- { "BirthVolumeId", "smb2.birth_volume_id", FT_GUID, BASE_NONE,
- NULL, 0, "ObjectID for the volume where this FID was originally created", HFILL }},
-
- { &hf_smb2_birth_object_id,
- { "BirthObjectId", "smb2.birth_object_id", FT_GUID, BASE_NONE,
- NULL, 0, "ObjectID for this FID when it was originally created", HFILL }},
-
- { &hf_smb2_domain_id,
- { "DomainId", "smb2.domain_id", FT_GUID, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_cmd,
+ { "Command", "smb2.cmd", FT_UINT16, BASE_DEC | BASE_EXT_STRING,
+ &smb2_cmd_vals_ext, 0, "SMB2 Command Opcode", HFILL }},
+ { &hf_smb2_response_to,
+ { "Response to", "smb2.response_to", FT_FRAMENUM, BASE_NONE,
+ NULL, 0, "This packet is a response to the packet in this frame", HFILL }},
+ { &hf_smb2_response_in,
+ { "Response in", "smb2.response_in", FT_FRAMENUM, BASE_NONE,
+ NULL, 0, "The response to this packet is in this packet", HFILL }},
+ { &hf_smb2_time,
+ { "Time from request", "smb2.time", FT_RELATIVE_TIME, BASE_NONE,
+ NULL, 0, "Time between Request and Response for SMB2 cmds", HFILL }},
+ { &hf_smb2_header_len,
+ { "Header Length", "smb2.header_len", FT_UINT16, BASE_DEC,
+ NULL, 0, "SMB2 Size of Header", HFILL }},
+ { &hf_smb2_nt_status,
+ { "NT Status", "smb2.nt_status", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
+ &NT_errors_ext, 0, "NT Status code", HFILL }},
+ { &hf_smb2_msg_id,
+ { "Message ID", "smb2.msg_id", FT_INT64, BASE_DEC,
+ NULL, 0, "SMB2 Messsage ID", HFILL }},
+ { &hf_smb2_tid,
+ { "Tree Id", "smb2.tid", FT_UINT32, BASE_HEX,
+ NULL, 0, "SMB2 Tree Id", HFILL }},
+ { &hf_smb2_aid,
+ { "Async Id", "smb2.aid", FT_UINT64, BASE_HEX,
+ NULL, 0, "SMB2 Async Id", HFILL }},
+ { &hf_smb2_sesid,
+ { "Session Id", "smb2.sesid", FT_UINT64, BASE_HEX,
+ NULL, 0, "SMB2 Session Id", HFILL }},
+ { &hf_smb2_previous_sesid,
+ { "Previous Session Id", "smb2.previous_sesid", FT_UINT64, BASE_HEX,
+ NULL, 0, "SMB2 Previous Session Id", HFILL }},
+ { &hf_smb2_chain_offset,
+ { "Chain Offset", "smb2.chain_offset", FT_UINT32, BASE_HEX,
+ NULL, 0, "SMB2 Chain Offset", HFILL }},
+ { &hf_smb2_end_of_file,
+ { "End Of File", "smb2.eof", FT_UINT64, BASE_DEC,
+ NULL, 0, "SMB2 End Of File/File size", HFILL }},
+ { &hf_smb2_nlinks,
+ { "Number of Links", "smb2.nlinks", FT_UINT32, BASE_DEC,
+ NULL, 0, "Number of links to this object", HFILL }},
+ { &hf_smb2_file_id,
+ { "File Id", "smb2.file_id", FT_UINT64, BASE_HEX,
+ NULL, 0, "SMB2 File Id", HFILL }},
+ { &hf_smb2_allocation_size,
+ { "Allocation Size", "smb2.allocation_size", FT_UINT64, BASE_DEC,
+ NULL, 0, "SMB2 Allocation Size for this object", HFILL }},
+ { &hf_smb2_max_response_size,
+ { "Max Response Size", "smb2.max_response_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "SMB2 Maximum response size", HFILL }},
+ { &hf_smb2_setinfo_size,
+ { "Setinfo Size", "smb2.setinfo_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "SMB2 setinfo size", HFILL }},
+ { &hf_smb2_setinfo_offset,
+ { "Setinfo Offset", "smb2.setinfo_offset", FT_UINT16, BASE_HEX,
+ NULL, 0, "SMB2 setinfo offset", HFILL }},
+ { &hf_smb2_max_ioctl_out_size,
+ { "Max Ioctl Out Size", "smb2.max_ioctl_out_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "SMB2 Maximum ioctl out size", HFILL }},
+ { &hf_smb2_max_ioctl_in_size,
+ { "Max Ioctl In Size", "smb2.max_ioctl_in_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "SMB2 Maximum ioctl out size", HFILL }},
+ { &hf_smb2_required_buffer_size,
+ { "Required Buffer Size", "smb2.required_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "SMB2 required buffer size", HFILL }},
+ { &hf_smb2_pid,
+ { "Process Id", "smb2.pid", FT_UINT32, BASE_HEX,
+ NULL, 0, "SMB2 Process Id", HFILL }},
+
+ /* SMB2 header flags */
+ { &hf_smb2_flags,
+ { "Flags", "smb2.flags", FT_UINT32, BASE_HEX,
+ NULL, 0, "SMB2 flags", HFILL }},
+ { &hf_smb2_flags_response,
+ { "Response", "smb2.flags.response", FT_BOOLEAN, 32,
+ TFS(&tfs_flags_response), SMB2_FLAGS_RESPONSE, "Whether this is an SMB2 Request or Response", HFILL }},
+ { &hf_smb2_flags_async_cmd,
+ { "Async command", "smb2.flags.async", FT_BOOLEAN, 32,
+ TFS(&tfs_flags_async_cmd), SMB2_FLAGS_ASYNC_CMD, NULL, HFILL }},
+ { &hf_smb2_flags_dfs_op,
+ { "DFS operation", "smb2.flags.dfs", FT_BOOLEAN, 32,
+ TFS(&tfs_flags_dfs_op), SMB2_FLAGS_DFS_OP, NULL, HFILL }},
+ { &hf_smb2_flags_chained,
+ { "Chained", "smb2.flags.chained", FT_BOOLEAN, 32,
+ TFS(&tfs_flags_chained), SMB2_FLAGS_CHAINED, "Whether the pdu continues a chain or not", HFILL }},
+ { &hf_smb2_flags_signature,
+ { "Signing", "smb2.flags.signature", FT_BOOLEAN, 32,
+ TFS(&tfs_flags_signature), SMB2_FLAGS_SIGNATURE, "Whether the pdu is signed or not", HFILL }},
+ { &hf_smb2_flags_replay_operation,
+ { "Replay operation", "smb2.flags.replay", FT_BOOLEAN, 32,
+ TFS(&tfs_flags_replay_operation), SMB2_FLAGS_REPLAY_OPERATION, "Whether this is a replay operation", HFILL }},
+ { &hf_smb2_flags_priority_mask,
+ { "Priority", "smb2.flags.priority_mask", FT_BOOLEAN, 32,
+ TFS(&tfs_flags_priority_mask), SMB2_FLAGS_PRIORITY_MASK, "Priority Mask", HFILL }},
+
+ { &hf_smb2_tree,
+ { "Tree", "smb2.tree", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of the Tree/Share", HFILL }},
+
+ { &hf_smb2_filename,
+ { "Filename", "smb2.filename", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of the file", HFILL }},
+
+ { &hf_smb2_filename_len,
+ { "Filename Length", "smb2.filename.len", FT_UINT32, BASE_DEC,
+ NULL, 0, "Length of the file name", HFILL }},
+
+ { &hf_smb2_replace_if,
+ { "Replace If", "smb2.rename.replace_if", FT_BOOLEAN, 8,
+ TFS(&tfs_replace_if_exists), 0xFF, "Whether to replace if the target exists", HFILL }},
+
+ { &hf_smb2_data_offset,
+ { "Data Offset", "smb2.data_offset", FT_UINT16, BASE_HEX,
+ NULL, 0, "Offset to data", HFILL }},
+
+ { &hf_smb2_find_info_level,
+ { "Info Level", "smb2.find.infolevel", FT_UINT32, BASE_DEC,
+ VALS(smb2_find_info_levels), 0, "Find_Info Infolevel", HFILL }},
+ { &hf_smb2_find_flags,
+ { "Find Flags", "smb2.find.flags", FT_UINT8, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_find_pattern,
+ { "Search Pattern", "smb2.find.pattern", FT_STRING, BASE_NONE,
+ NULL, 0, "Find pattern", HFILL }},
+
+ { &hf_smb2_find_info_blob,
+ { "Info", "smb2.find.info_blob", FT_BYTES, BASE_NONE,
+ NULL, 0, "Find Info", HFILL }},
+
+ { &hf_smb2_ea_size,
+ { "EA Size", "smb2.ea_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "Size of EA data", HFILL }},
+
+ { &hf_smb2_class,
+ { "Class", "smb2.class", FT_UINT8, BASE_HEX,
+ VALS(smb2_class_vals), 0, "Info class", HFILL }},
+
+ { &hf_smb2_infolevel,
+ { "InfoLevel", "smb2.infolevel", FT_UINT8, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_infolevel_file_info,
+ { "InfoLevel", "smb2.file_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
+ &smb2_file_info_levels_ext, 0, "File_Info Infolevel", HFILL }},
+
+ { &hf_smb2_infolevel_fs_info,
+ { "InfoLevel", "smb2.fs_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
+ &smb2_fs_info_levels_ext, 0, "Fs_Info Infolevel", HFILL }},
+
+ { &hf_smb2_infolevel_sec_info,
+ { "InfoLevel", "smb2.sec_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
+ &smb2_sec_info_levels_ext, 0, "Sec_Info Infolevel", HFILL }},
+
+ { &hf_smb2_infolevel_posix_info,
+ { "InfoLevel", "smb2.posix_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
+ &smb2_posix_info_levels_ext, 0, "Posix_Info Infolevel", HFILL }},
+
+ { &hf_smb2_write_length,
+ { "Write Length", "smb2.write_length", FT_UINT32, BASE_DEC,
+ NULL, 0, "Amount of data to write", HFILL }},
+
+ { &hf_smb2_read_length,
+ { "Read Length", "smb2.read_length", FT_UINT32, BASE_DEC,
+ NULL, 0, "Amount of data to read", HFILL }},
+
+ { &hf_smb2_read_remaining,
+ { "Read Remaining", "smb2.read_remaining", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_create_flags,
+ { "Create Flags", "smb2.create_flags", FT_UINT64, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_file_offset,
+ { "File Offset", "smb2.file_offset", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_qfr_length,
+ { "Length", "smb2.qfr_length", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_qfr_usage,
+ { "Desired Usage", "smb2.qfr_usage", FT_UINT32, BASE_HEX,
+ VALS(file_region_usage_vals), 0, NULL, HFILL }},
+
+ { &hf_smb2_qfr_flags,
+ { "Flags", "smb2.qfr_flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_qfr_total_region_entry_count,
+ { "Total Region Entry Count", "smb2.qfr_tot_region_entry_count", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_qfr_region_entry_count,
+ { "Region Entry Count", "smb2.qfr_region_entry_count", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_security_blob,
+ { "Security Blob", "smb2.security_blob", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_ioctl_out_data,
+ { "Out Data", "smb2.ioctl.out", FT_NONE, BASE_NONE,
+ NULL, 0, "Ioctl Out", HFILL }},
+
+ { &hf_smb2_ioctl_in_data,
+ { "In Data", "smb2.ioctl.in", FT_NONE, BASE_NONE,
+ NULL, 0, "Ioctl In", HFILL }},
+
+ { &hf_smb2_server_guid,
+ { "Server Guid", "smb2.server_guid", FT_GUID, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_client_guid,
+ { "Client Guid", "smb2.client_guid", FT_GUID, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_object_id,
+ { "ObjectId", "smb2.object_id", FT_GUID, BASE_NONE,
+ NULL, 0, "ObjectID for this FID", HFILL }},
+
+ { &hf_smb2_birth_volume_id,
+ { "BirthVolumeId", "smb2.birth_volume_id", FT_GUID, BASE_NONE,
+ NULL, 0, "ObjectID for the volume where this FID was originally created", HFILL }},
+
+ { &hf_smb2_birth_object_id,
+ { "BirthObjectId", "smb2.birth_object_id", FT_GUID, BASE_NONE,
+ NULL, 0, "ObjectID for this FID when it was originally created", HFILL }},
+
+ { &hf_smb2_domain_id,
+ { "DomainId", "smb2.domain_id", FT_GUID, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_create_timestamp,
+ { "Create", "smb2.create.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, "Time when this object was created", HFILL }},
+
+ { &hf_smb2_fid,
+ { "File Id", "smb2.fid", FT_GUID, BASE_NONE,
+ NULL, 0, "SMB2 File Id", HFILL }},
+
+ { &hf_smb2_write_data,
+ { "Write Data", "smb2.write_data", FT_BYTES, BASE_NONE,
+ NULL, 0, "SMB2 Data to be written", HFILL }},
- { &hf_smb2_create_timestamp,
- { "Create", "smb2.create.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
- NULL, 0, "Time when this object was created", HFILL }},
+ { &hf_smb2_write_flags,
+ { "Write Flags", "smb2.write.flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_fid,
- { "File Id", "smb2.fid", FT_GUID, BASE_NONE,
- NULL, 0, "SMB2 File Id", HFILL }},
+ { &hf_smb2_write_flags_write_through,
+ { "Write through", "smb2.write.flags.write_through", FT_BOOLEAN, 32,
+ NULL, SMB2_WRITE_FLAG_WRITE_THROUGH, NULL, HFILL }},
- { &hf_smb2_write_data,
- { "Write Data", "smb2.write_data", FT_BYTES, BASE_NONE,
- NULL, 0, "SMB2 Data to be written", HFILL }},
+ { &hf_smb2_write_count,
+ { "Write Count", "smb2.write.count", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_write_flags,
- { "Write Flags", "smb2.write.flags", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_write_remaining,
+ { "Write Remaining", "smb2.write.remaining", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_write_flags_write_through,
- { "Write through", "smb2.write.flags.write_through", FT_BOOLEAN, 32,
- NULL, SMB2_WRITE_FLAG_WRITE_THROUGH, NULL, HFILL }},
+ { &hf_smb2_read_data,
+ { "Read Data", "smb2.read_data", FT_BYTES, BASE_NONE,
+ NULL, 0, "SMB2 Data that is read", HFILL }},
- { &hf_smb2_write_count,
- { "Write Count", "smb2.write.count", FT_UINT32, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_last_access_timestamp,
+ { "Last Access", "smb2.last_access.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, "Time when this object was last accessed", HFILL }},
- { &hf_smb2_write_remaining,
- { "Write Remaining", "smb2.write.remaining", FT_UINT32, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_last_write_timestamp,
+ { "Last Write", "smb2.last_write.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, "Time when this object was last written to", HFILL }},
- { &hf_smb2_read_data,
- { "Read Data", "smb2.read_data", FT_BYTES, BASE_NONE,
- NULL, 0, "SMB2 Data that is read", HFILL }},
+ { &hf_smb2_last_change_timestamp,
+ { "Last Change", "smb2.last_change.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, "Time when this object was last changed", HFILL }},
- { &hf_smb2_last_access_timestamp,
- { "Last Access", "smb2.last_access.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
- NULL, 0, "Time when this object was last accessed", HFILL }},
+ { &hf_smb2_file_all_info,
+ { "SMB2_FILE_ALL_INFO", "smb2.file_all_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_ALL_INFO structure", HFILL }},
- { &hf_smb2_last_write_timestamp,
- { "Last Write", "smb2.last_write.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
- NULL, 0, "Time when this object was last written to", HFILL }},
+ { &hf_smb2_file_allocation_info,
+ { "SMB2_FILE_ALLOCATION_INFO", "smb2.file_allocation_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_ALLOCATION_INFO structure", HFILL }},
- { &hf_smb2_last_change_timestamp,
- { "Last Change", "smb2.last_change.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
- NULL, 0, "Time when this object was last changed", HFILL }},
+ { &hf_smb2_file_endoffile_info,
+ { "SMB2_FILE_ENDOFFILE_INFO", "smb2.file_endoffile_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_ENDOFFILE_INFO structure", HFILL }},
- { &hf_smb2_file_all_info,
- { "SMB2_FILE_ALL_INFO", "smb2.file_all_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_ALL_INFO structure", HFILL }},
+ { &hf_smb2_file_alternate_name_info,
+ { "SMB2_FILE_ALTERNATE_NAME_INFO", "smb2.file_alternate_name_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_ALTERNATE_NAME_INFO structure", HFILL }},
- { &hf_smb2_file_allocation_info,
- { "SMB2_FILE_ALLOCATION_INFO", "smb2.file_allocation_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_ALLOCATION_INFO structure", HFILL }},
+ { &hf_smb2_file_stream_info,
+ { "SMB2_FILE_STREAM_INFO", "smb2.file_stream_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_STREAM_INFO structure", HFILL }},
- { &hf_smb2_file_endoffile_info,
- { "SMB2_FILE_ENDOFFILE_INFO", "smb2.file_endoffile_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_ENDOFFILE_INFO structure", HFILL }},
+ { &hf_smb2_file_pipe_info,
+ { "SMB2_FILE_PIPE_INFO", "smb2.file_pipe_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_PIPE_INFO structure", HFILL }},
- { &hf_smb2_file_alternate_name_info,
- { "SMB2_FILE_ALTERNATE_NAME_INFO", "smb2.file_alternate_name_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_ALTERNATE_NAME_INFO structure", HFILL }},
+ { &hf_smb2_file_compression_info,
+ { "SMB2_FILE_COMPRESSION_INFO", "smb2.file_compression_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_COMPRESSION_INFO structure", HFILL }},
- { &hf_smb2_file_stream_info,
- { "SMB2_FILE_STREAM_INFO", "smb2.file_stream_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_STREAM_INFO structure", HFILL }},
+ { &hf_smb2_file_basic_info,
+ { "SMB2_FILE_BASIC_INFO", "smb2.file_basic_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_BASIC_INFO structure", HFILL }},
- { &hf_smb2_file_pipe_info,
- { "SMB2_FILE_PIPE_INFO", "smb2.file_pipe_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_PIPE_INFO structure", HFILL }},
+ { &hf_smb2_file_standard_info,
+ { "SMB2_FILE_STANDARD_INFO", "smb2.file_standard_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_STANDARD_INFO structure", HFILL }},
- { &hf_smb2_file_compression_info,
- { "SMB2_FILE_COMPRESSION_INFO", "smb2.file_compression_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_COMPRESSION_INFO structure", HFILL }},
+ { &hf_smb2_file_internal_info,
+ { "SMB2_FILE_INTERNAL_INFO", "smb2.file_internal_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_INTERNAL_INFO structure", HFILL }},
- { &hf_smb2_file_basic_info,
- { "SMB2_FILE_BASIC_INFO", "smb2.file_basic_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_BASIC_INFO structure", HFILL }},
+ { &hf_smb2_file_mode_info,
+ { "SMB2_FILE_MODE_INFO", "smb2.file_mode_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_MODE_INFO structure", HFILL }},
- { &hf_smb2_file_standard_info,
- { "SMB2_FILE_STANDARD_INFO", "smb2.file_standard_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_STANDARD_INFO structure", HFILL }},
+ { &hf_smb2_file_alignment_info,
+ { "SMB2_FILE_ALIGNMENT_INFO", "smb2.file_alignment_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_ALIGNMENT_INFO structure", HFILL }},
- { &hf_smb2_file_internal_info,
- { "SMB2_FILE_INTERNAL_INFO", "smb2.file_internal_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_INTERNAL_INFO structure", HFILL }},
+ { &hf_smb2_file_position_info,
+ { "SMB2_FILE_POSITION_INFO", "smb2.file_position_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_POSITION_INFO structure", HFILL }},
- { &hf_smb2_file_mode_info,
- { "SMB2_FILE_MODE_INFO", "smb2.file_mode_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_MODE_INFO structure", HFILL }},
+ { &hf_smb2_file_access_info,
+ { "SMB2_FILE_ACCESS_INFO", "smb2.file_access_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_ACCESS_INFO structure", HFILL }},
- { &hf_smb2_file_alignment_info,
- { "SMB2_FILE_ALIGNMENT_INFO", "smb2.file_alignment_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_ALIGNMENT_INFO structure", HFILL }},
+ { &hf_smb2_file_ea_info,
+ { "SMB2_FILE_EA_INFO", "smb2.file_ea_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_EA_INFO structure", HFILL }},
- { &hf_smb2_file_position_info,
- { "SMB2_FILE_POSITION_INFO", "smb2.file_position_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_POSITION_INFO structure", HFILL }},
+ { &hf_smb2_file_network_open_info,
+ { "SMB2_FILE_NETWORK_OPEN_INFO", "smb2.file_network_open_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_NETWORK_OPEN_INFO structure", HFILL }},
- { &hf_smb2_file_access_info,
- { "SMB2_FILE_ACCESS_INFO", "smb2.file_access_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_ACCESS_INFO structure", HFILL }},
+ { &hf_smb2_file_attribute_tag_info,
+ { "SMB2_FILE_ATTRIBUTE_TAG_INFO", "smb2.file_attribute_tag_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_ATTRIBUTE_TAG_INFO structure", HFILL }},
- { &hf_smb2_file_ea_info,
- { "SMB2_FILE_EA_INFO", "smb2.file_ea_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_EA_INFO structure", HFILL }},
+ { &hf_smb2_file_disposition_info,
+ { "SMB2_FILE_DISPOSITION_INFO", "smb2.file_disposition_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_DISPOSITION_INFO structure", HFILL }},
- { &hf_smb2_file_network_open_info,
- { "SMB2_FILE_NETWORK_OPEN_INFO", "smb2.file_network_open_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_NETWORK_OPEN_INFO structure", HFILL }},
+ { &hf_smb2_file_full_ea_info,
+ { "SMB2_FILE_FULL_EA_INFO", "smb2.file_full_ea_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_FULL_EA_INFO structure", HFILL }},
- { &hf_smb2_file_attribute_tag_info,
- { "SMB2_FILE_ATTRIBUTE_TAG_INFO", "smb2.file_attribute_tag_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_ATTRIBUTE_TAG_INFO structure", HFILL }},
+ { &hf_smb2_file_rename_info,
+ { "SMB2_FILE_RENAME_INFO", "smb2.file_rename_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FILE_RENAME_INFO structure", HFILL }},
- { &hf_smb2_file_disposition_info,
- { "SMB2_FILE_DISPOSITION_INFO", "smb2.file_disposition_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_DISPOSITION_INFO structure", HFILL }},
+ { &hf_smb2_fs_info_01,
+ { "SMB2_FS_INFO_01", "smb2.fs_info_01", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FS_INFO_01 structure", HFILL }},
- { &hf_smb2_file_info_0f,
- { "SMB2_FILE_INFO_0f", "smb2.file_info_0f", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_INFO_0f structure", HFILL }},
+ { &hf_smb2_fs_info_03,
+ { "SMB2_FS_INFO_03", "smb2.fs_info_03", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FS_INFO_03 structure", HFILL }},
- { &hf_smb2_file_rename_info,
- { "SMB2_FILE_RENAME_INFO", "smb2.file_rename_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FILE_RENAME_INFO structure", HFILL }},
+ { &hf_smb2_fs_info_04,
+ { "SMB2_FS_INFO_04", "smb2.fs_info_04", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FS_INFO_04 structure", HFILL }},
- { &hf_smb2_fs_info_01,
- { "SMB2_FS_INFO_01", "smb2.fs_info_01", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FS_INFO_01 structure", HFILL }},
+ { &hf_smb2_fs_info_05,
+ { "SMB2_FS_INFO_05", "smb2.fs_info_05", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FS_INFO_05 structure", HFILL }},
- { &hf_smb2_fs_info_03,
- { "SMB2_FS_INFO_03", "smb2.fs_info_03", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FS_INFO_03 structure", HFILL }},
+ { &hf_smb2_fs_info_06,
+ { "SMB2_FS_INFO_06", "smb2.fs_info_06", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FS_INFO_06 structure", HFILL }},
- { &hf_smb2_fs_info_04,
- { "SMB2_FS_INFO_04", "smb2.fs_info_04", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FS_INFO_04 structure", HFILL }},
+ { &hf_smb2_fs_info_07,
+ { "SMB2_FS_INFO_07", "smb2.fs_info_07", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FS_INFO_07 structure", HFILL }},
- { &hf_smb2_fs_info_05,
- { "SMB2_FS_INFO_05", "smb2.fs_info_05", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FS_INFO_05 structure", HFILL }},
+ { &hf_smb2_fs_objectid_info,
+ { "SMB2_FS_OBJECTID_INFO", "smb2.fs_objectid_info", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_FS_OBJECTID_INFO structure", HFILL }},
- { &hf_smb2_fs_info_06,
- { "SMB2_FS_INFO_06", "smb2.fs_info_06", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FS_INFO_06 structure", HFILL }},
+ { &hf_smb2_sec_info_00,
+ { "SMB2_SEC_INFO_00", "smb2.sec_info_00", FT_NONE, BASE_NONE,
+ NULL, 0, "SMB2_SEC_INFO_00 structure", HFILL }},
- { &hf_smb2_fs_info_07,
- { "SMB2_FS_INFO_07", "smb2.fs_info_07", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FS_INFO_07 structure", HFILL }},
+ { &hf_smb2_disposition_delete_on_close,
+ { "Delete on close", "smb2.disposition.delete_on_close", FT_BOOLEAN, 8,
+ TFS(&tfs_disposition_delete_on_close), 0x01, NULL, HFILL }},
- { &hf_smb2_fs_objectid_info,
- { "SMB2_FS_OBJECTID_INFO", "smb2.fs_objectid_info", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_FS_OBJECTID_INFO structure", HFILL }},
- { &hf_smb2_sec_info_00,
- { "SMB2_SEC_INFO_00", "smb2.sec_info_00", FT_NONE, BASE_NONE,
- NULL, 0, "SMB2_SEC_INFO_00 structure", HFILL }},
+ { &hf_smb2_create_disposition,
+ { "Disposition", "smb2.create.disposition", FT_UINT32, BASE_DEC,
+ VALS(create_disposition_vals), 0, "Create disposition, what to do if the file does/does not exist", HFILL }},
- { &hf_smb2_disposition_delete_on_close,
- { "Delete on close", "smb2.disposition.delete_on_close", FT_BOOLEAN, 8,
- TFS(&tfs_disposition_delete_on_close), 0x01, NULL, HFILL }},
+ { &hf_smb2_create_action,
+ { "Create Action", "smb2.create.action", FT_UINT32, BASE_DEC,
+ VALS(oa_open_vals), 0, NULL, HFILL }},
+ { &hf_smb2_create_rep_flags,
+ { "Response Flags", "smb2.create.rep_flags", FT_UINT8, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_create_disposition,
- { "Disposition", "smb2.create.disposition", FT_UINT32, BASE_DEC,
- VALS(create_disposition_vals), 0, "Create disposition, what to do if the file does/does not exist", HFILL }},
+ { &hf_smb2_create_rep_flags_reparse_point,
+ { "ReparsePoint", "smb2.create.rep_flags.reparse_point", FT_BOOLEAN, 8,
+ NULL, SMB2_CREATE_REP_FLAGS_REPARSE_POINT, NULL, HFILL }},
- { &hf_smb2_create_action,
- { "Create Action", "smb2.create.action", FT_UINT32, BASE_DEC,
- VALS(oa_open_vals), 0, NULL, HFILL }},
+ { &hf_smb2_extrainfo,
+ { "ExtraInfo", "smb2.create.extrainfo", FT_NONE, BASE_NONE,
+ NULL, 0, "Create ExtraInfo", HFILL }},
- { &hf_smb2_create_rep_flags,
- { "Response Flags", "smb2.create.rep_flags", FT_UINT8, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_create_chain_offset,
+ { "Chain Offset", "smb2.create.chain_offset", FT_UINT32, BASE_HEX,
+ NULL, 0, "Offset to next entry in chain or 0", HFILL }},
- { &hf_smb2_create_rep_flags_reparse_point,
- { "ReparsePoint", "smb2.create.rep_flags.reparse_point", FT_BOOLEAN, 8,
- NULL, SMB2_CREATE_REP_FLAGS_REPARSE_POINT, NULL, HFILL }},
+ { &hf_smb2_create_chain_data,
+ { "Data", "smb2.create.chain_data", FT_NONE, BASE_NONE,
+ NULL, 0, "Chain Data", HFILL }},
- { &hf_smb2_extrainfo,
- { "ExtraInfo", "smb2.create.extrainfo", FT_NONE, BASE_NONE,
- NULL, 0, "Create ExtraInfo", HFILL }},
+ { &hf_smb2_FILE_OBJECTID_BUFFER,
+ { "FILE_OBJECTID_BUFFER", "smb2.FILE_OBJECTID_BUFFER", FT_NONE, BASE_NONE,
+ NULL, 0, "A FILE_OBJECTID_BUFFER structure", HFILL }},
- { &hf_smb2_create_chain_offset,
- { "Chain Offset", "smb2.create.chain_offset", FT_UINT32, BASE_HEX,
- NULL, 0, "Offset to next entry in chain or 0", HFILL }},
+ { &hf_smb2_lease_key,
+ { "Lease Key", "smb2.lease.lease_key", FT_GUID, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_create_chain_data,
- { "Data", "smb2.create.chain_data", FT_NONE, BASE_NONE,
- NULL, 0, "Chain Data", HFILL }},
+ { &hf_smb2_lease_state,
+ { "Lease State", "smb2.lease.lease_state", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_FILE_OBJECTID_BUFFER,
- { "FILE_OBJECTID_BUFFER", "smb2.FILE_OBJECTID_BUFFER", FT_NONE, BASE_NONE,
- NULL, 0, "A FILE_OBJECTID_BUFFER structure", HFILL }},
+ { &hf_smb2_lease_state_read_caching,
+ { "Read Caching", "smb2.lease.lease_state.read_caching", FT_BOOLEAN, 32,
+ NULL, SMB2_LEASE_STATE_READ_CACHING, NULL, HFILL }},
- { &hf_smb2_lease_key,
- { "Lease Key", "smb2.lease.lease_key", FT_GUID, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lease_state_handle_caching,
+ { "Handle Caching", "smb2.lease.lease_state.handle_caching", FT_BOOLEAN, 32,
+ NULL, SMB2_LEASE_STATE_HANDLE_CACHING, NULL, HFILL }},
- { &hf_smb2_lease_state,
- { "Lease State", "smb2.lease.lease_state", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lease_state_write_caching,
+ { "Write Caching", "smb2.lease.lease_state.write_caching", FT_BOOLEAN, 32,
+ NULL, SMB2_LEASE_STATE_WRITE_CACHING, NULL, HFILL }},
- { &hf_smb2_lease_state_read_caching,
- { "Read Caching", "smb2.lease.lease_state.read_caching", FT_BOOLEAN, 32,
- NULL, SMB2_LEASE_STATE_READ_CACHING, NULL, HFILL }},
+ { &hf_smb2_lease_flags,
+ { "Lease Flags", "smb2.lease.lease_flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_lease_state_handle_caching,
- { "Handle Caching", "smb2.lease.lease_state.handle_caching", FT_BOOLEAN, 32,
- NULL, SMB2_LEASE_STATE_HANDLE_CACHING, NULL, HFILL }},
+ { &hf_smb2_lease_flags_break_ack_required,
+ { "Break Ack Required", "smb2.lease.lease_state.break_ack_required", FT_BOOLEAN, 32,
+ NULL, SMB2_LEASE_FLAGS_BREAK_ACK_REQUIRED, NULL, HFILL }},
- { &hf_smb2_lease_state_write_caching,
- { "Write Caching", "smb2.lease.lease_state.write_caching", FT_BOOLEAN, 32,
- NULL, SMB2_LEASE_STATE_WRITE_CACHING, NULL, HFILL }},
+ { &hf_smb2_lease_flags_break_in_progress,
+ { "Break In Progress", "smb2.lease.lease_state.break_in_progress", FT_BOOLEAN, 32,
+ NULL, SMB2_LEASE_FLAGS_BREAK_IN_PROGRESS, NULL, HFILL }},
- { &hf_smb2_lease_flags,
- { "Lease Flags", "smb2.lease.lease_flags", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lease_flags_parent_lease_key_set,
+ { "Parent Lease Key Set", "smb2.lease.lease_state.parent_lease_key_set", FT_BOOLEAN, 32,
+ NULL, SMB2_LEASE_FLAGS_PARENT_LEASE_KEY_SET, NULL, HFILL }},
- { &hf_smb2_lease_flags_break_ack_required,
- { "Break Ack Required", "smb2.lease.lease_state.break_ack_required", FT_BOOLEAN, 32,
- NULL, SMB2_LEASE_FLAGS_BREAK_ACK_REQUIRED, NULL, HFILL }},
+ { &hf_smb2_lease_duration,
+ { "Lease Duration", "smb2.lease.lease_duration", FT_UINT64, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_lease_flags_break_in_progress,
- { "Break In Progress", "smb2.lease.lease_state.break_in_progress", FT_BOOLEAN, 32,
- NULL, SMB2_LEASE_FLAGS_BREAK_IN_PROGRESS, NULL, HFILL }},
+ { &hf_smb2_parent_lease_key,
+ { "Parent Lease Key", "smb2.lease.parent_lease_key", FT_GUID, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_lease_flags_parent_lease_key_set,
- { "Parent Lease Key Set", "smb2.lease.lease_state.parent_lease_key_set", FT_BOOLEAN, 32,
- NULL, SMB2_LEASE_FLAGS_PARENT_LEASE_KEY_SET, NULL, HFILL }},
+ { &hf_smb2_lease_epoch,
+ { "Lease Epoch", "smb2.lease.lease_oplock", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_lease_duration,
- { "Lease Duration", "smb2.lease.lease_duration", FT_UINT64, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lease_reserved,
+ { "Lease Reserved", "smb2.lease.lease_reserved", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_parent_lease_key,
- { "Parent Lease Key", "smb2.lease.parent_lease_key", FT_GUID, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lease_break_reason,
+ { "Lease Break Reason", "smb2.lease.lease_break_reason", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_lease_epoch,
- { "Lease Epoch", "smb2.lease.lease_oplock", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lease_access_mask_hint,
+ { "Access Mask Hint", "smb2.lease.access_mask_hint", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_lease_break_reason,
- { "Lease Break Reason", "smb2.lease.lease_break_reason", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lease_share_mask_hint,
+ { "Share Mask Hint", "smb2.lease.share_mask_hint", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_lease_access_mask_hint,
- { "Access Mask Hint", "smb2.lease.access_mask_hint", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_next_offset,
+ { "Next Offset", "smb2.next_offset", FT_UINT32, BASE_DEC,
+ NULL, 0, "Offset to next buffer or 0", HFILL }},
- { &hf_smb2_lease_share_mask_hint,
- { "Share Mask Hint", "smb2.lease.share_mask_hint", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_negotiate_context_type,
+ { "Type", "smb2.negotiate_context.type", FT_UINT16, BASE_HEX,
+ VALS(smb2_negotiate_context_types), 0, "NegotiateContext Type", HFILL }},
- { &hf_smb2_next_offset,
- { "Next Offset", "smb2.next_offset", FT_UINT32, BASE_DEC,
- NULL, 0, "Offset to next buffer or 0", HFILL }},
+ { &hf_smb2_negotiate_context_data_length,
+ { "DataLength", "smb2.negotiate_context.data_length", FT_UINT16, BASE_DEC,
+ NULL, 0, "NegotiateContext DataLength", HFILL }},
- { &hf_smb2_current_time,
- { "Current Time", "smb2.current_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
- NULL, 0, "Current Time at server", HFILL }},
+ { &hf_smb2_negotiate_context_offset,
+ { "NegotiateContextOffset", "smb2.negotiate_context.offset", FT_UINT16, BASE_HEX,
+ NULL, 0, "NegotiateContext Offset", HFILL }},
- { &hf_smb2_boot_time,
- { "Boot Time", "smb2.boot_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
- NULL, 0, "Boot Time at server", HFILL }},
+ { &hf_smb2_negotiate_context_count,
+ { "NegotiateContextCount", "smb2.negotiate_context.count", FT_UINT16, BASE_DEC,
+ NULL, 0, "NegotiateContext Count", HFILL }},
- { &hf_smb2_ea_flags,
- { "EA Flags", "smb2.ea.flags", FT_UINT8, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_current_time,
+ { "Current Time", "smb2.current_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, "Current Time at server", HFILL }},
- { &hf_smb2_ea_name_len,
- { "EA Name Length", "smb2.ea.name_len", FT_UINT8, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_boot_time,
+ { "Boot Time", "smb2.boot_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, "Boot Time at server", HFILL }},
- { &hf_smb2_ea_data_len,
- { "EA Data Length", "smb2.ea.data_len", FT_UINT8, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_ea_flags,
+ { "EA Flags", "smb2.ea.flags", FT_UINT8, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_delete_pending,
- { "Delete Pending", "smb2.delete_pending", FT_UINT8, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_ea_name_len,
+ { "EA Name Length", "smb2.ea.name_len", FT_UINT8, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_is_directory,
- { "Is Directory", "smb2.is_directory", FT_UINT8, BASE_DEC,
- NULL, 0, "Is this a directory?", HFILL }},
+ { &hf_smb2_ea_data_len,
+ { "EA Data Length", "smb2.ea.data_len", FT_UINT8, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_oplock,
- { "Oplock", "smb2.create.oplock", FT_UINT8, BASE_HEX,
- VALS(oplock_vals), 0, "Oplock type", HFILL }},
+ { &hf_smb2_delete_pending,
+ { "Delete Pending", "smb2.delete_pending", FT_UINT8, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_close_flags,
- { "Close Flags", "smb2.close.flags", FT_UINT16, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_is_directory,
+ { "Is Directory", "smb2.is_directory", FT_UINT8, BASE_DEC,
+ NULL, 0, "Is this a directory?", HFILL }},
- { &hf_smb2_notify_flags,
- { "Notify Flags", "smb2.notify.flags", FT_UINT16, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_oplock,
+ { "Oplock", "smb2.create.oplock", FT_UINT8, BASE_HEX,
+ VALS(oplock_vals), 0, "Oplock type", HFILL }},
+
+ { &hf_smb2_close_flags,
+ { "Close Flags", "smb2.close.flags", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_notify_flags,
+ { "Notify Flags", "smb2.notify.flags", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_buffer_code,
+ { "StructureSize", "smb2.buffer_code", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_buffer_code_len,
+ { "Fixed Part Length", "smb2.buffer_code.length", FT_UINT16, BASE_DEC,
+ NULL, 0xFFFE, "Length of fixed portion of PDU", HFILL }},
+
+ { &hf_smb2_olb_length,
+ { "Length", "smb2.olb.length", FT_UINT32, BASE_DEC,
+ NULL, 0, "Length of the buffer", HFILL }},
+
+ { &hf_smb2_olb_offset,
+ { "Offset", "smb2.olb.offset", FT_UINT32, BASE_HEX,
+ NULL, 0, "Offset to the buffer", HFILL }},
+
+ { &hf_smb2_buffer_code_flags_dyn,
+ { "Dynamic Part", "smb2.buffer_code.dynamic", FT_BOOLEAN, 16,
+ NULL, 0x0001, "Whether a dynamic length blob follows", HFILL }},
+
+ { &hf_smb2_ea_data,
+ { "EA Data", "smb2.ea.data", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_ea_name,
+ { "EA Name", "smb2.ea.name", FT_STRING, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_impersonation_level,
+ { "Impersonation", "smb2.impersonation.level", FT_UINT32, BASE_DEC,
+ VALS(impersonation_level_vals), 0, "Impersonation level", HFILL }},
+
+ { &hf_smb2_ioctl_function,
+ { "Function", "smb2.ioctl.function", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
+ &smb2_ioctl_vals_ext, 0, "Ioctl function", HFILL }},
+
+ { &hf_smb2_ioctl_function_device,
+ { "Device", "smb2.ioctl.function.device", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
+ &smb2_ioctl_device_vals_ext, 0xffff0000, "Device for Ioctl", HFILL }},
+
+ { &hf_smb2_ioctl_function_access,
+ { "Access", "smb2.ioctl.function.access", FT_UINT32, BASE_HEX,
+ VALS(smb2_ioctl_access_vals), 0x0000c000, "Access for Ioctl", HFILL }},
+
+ { &hf_smb2_ioctl_function_function,
+ { "Function", "smb2.ioctl.function.function", FT_UINT32, BASE_HEX,
+ NULL, 0x00003ffc, "Function for Ioctl", HFILL }},
+
+ { &hf_smb2_ioctl_function_method,
+ { "Method", "smb2.ioctl.function.method", FT_UINT32, BASE_HEX,
+ VALS(smb2_ioctl_method_vals), 0x00000003, "Method for Ioctl", HFILL }},
+
+ { &hf_smb2_fsctl_pipe_wait_timeout,
+ { "Timeout", "smb2.fsctl.wait.timeout", FT_INT64, BASE_DEC,
+ NULL, 0, "Wait timeout", HFILL }},
+
+ { &hf_smb2_fsctl_pipe_wait_name,
+ { "Name", "smb2.fsctl.wait.name", FT_STRING, BASE_NONE,
+ NULL, 0, "Pipe name", HFILL }},
+
+ { &hf_smb2_fsctl_offload_read_size,
+ { "Size", "smb2.fsctl.offload.read", FT_UINT32, BASE_DEC,
+ NULL, 0, "Size of data element", HFILL }},
+
+ { &hf_smb2_fsctl_offload_read_flags,
+ { "Flags", "smb2.fsctl.offload.flags", FT_UINT32, BASE_HEX,
+ NULL, 0, "Flags for this operation", HFILL }},
+
+ { &hf_smb2_fsctl_offload_read_token_ttl,
+ { "TokenTimeToLive", "smb2.fsctl.offload.token_ttl",
+ FT_UINT32, BASE_DEC, NULL, 0,
+ "TTL for the generated token (in milliseconds)", HFILL }},
+
+ { &hf_smb2_fsctl_offload_reserved,
+ { "Reserved", "smb2.fsctl.offload.reserved",
+ FT_BYTES, BASE_NONE, NULL, 0,
+ NULL, HFILL }},
+
+ { &hf_smb2_fsctl_offload_read_file_offset,
+ { "FileOffset", "smb2.fsctl.offload.file_offset",
+ FT_UINT64, BASE_DEC, NULL, 0,
+ "File offset", HFILL }},
+
+ { &hf_smb2_fsctl_offload_read_copy_length,
+ { "CopyLength", "smb2.fsctl.offload.copy_length",
+ FT_UINT64, BASE_DEC, NULL, 0,
+ "Copy length", HFILL }},
+
+ { &hf_smb2_fsctl_offload_read_transfer_length,
+ { "TransferLength", "smb2.fsctl.offload.transfer_length",
+ FT_UINT64, BASE_DEC, NULL, 0,
+ "Transfer length", HFILL }},
+
+ { &hf_smb2_fsctl_offload_token,
+ { "Token", "smb2.fsctl.offload.token",
+ FT_BYTES, BASE_NONE, NULL, 0,
+ NULL, HFILL }},
+
+ { &hf_smb2_ioctl_resiliency_timeout,
+ { "Timeout", "smb2.ioctl.resiliency.timeout", FT_UINT32, BASE_DEC,
+ NULL, 0, "Resiliency timeout", HFILL }},
+
+ { &hf_smb2_ioctl_resiliency_reserved,
+ { "Reserved", "smb2.ioctl.resiliency.reserved", FT_UINT32, BASE_DEC,
+ NULL, 0, "Resiliency reserved", HFILL }},
+
+ { &hf_windows_sockaddr_family,
+ { "Socket Family", "smb2.windows.sockaddr.family", FT_UINT16, BASE_DEC,
+ NULL, 0, "The socket address family (on windows)", HFILL }},
+
+ { &hf_windows_sockaddr_port,
+ { "Socket Port", "smb2.windows.sockaddr.port", FT_UINT16, BASE_DEC,
+ NULL, 0, "The socket address port", HFILL }},
+
+ { &hf_windows_sockaddr_in_addr,
+ { "Socket IPv4", "smb2.windows.sockaddr.in.addr", FT_IPv4, BASE_NONE,
+ NULL, 0, "The IPv4 address", HFILL }},
+
+ { &hf_windows_sockaddr_in6_flowinfo,
+ { "IPv6 Flow Info", "smb2.windows.sockaddr.in6.flow_info", FT_UINT32, BASE_HEX,
+ NULL, 0, "The socket IPv6 flow info", HFILL }},
+
+ { &hf_windows_sockaddr_in6_addr,
+ { "Socket IPv6", "smb2.windows.sockaddr.in6.addr", FT_IPv6, BASE_NONE,
+ NULL, 0, "The IPv6 address", HFILL }},
+
+ { &hf_windows_sockaddr_in6_scope_id,
+ { "IPv6 Scope ID", "smb2.windows.sockaddr.in6.scope_id", FT_UINT32, BASE_DEC,
+ NULL, 0, "The socket IPv6 scope id", HFILL }},
+
+ { &hf_smb2_ioctl_network_interface_next_offset,
+ { "Next Offset", "smb2.ioctl.network_interfaces.next_offset", FT_UINT32, BASE_HEX,
+ NULL, 0, "Offset to next entry in chain or 0", HFILL }},
+
+ { &hf_smb2_ioctl_network_interface_index,
+ { "Interface Index", "smb2.ioctl.network_interfaces.index", FT_UINT32, BASE_DEC,
+ NULL, 0, "The index of the interface", HFILL }},
+
+ { &hf_smb2_ioctl_network_interface_rss_queue_count,
+ { "RSS Queue Count", "smb2.ioctl.network_interfaces.rss_queue_count", FT_UINT32, BASE_DEC,
+ NULL, 0, "The RSS queue count", HFILL }},
+
+ { &hf_smb2_ioctl_network_interface_capabilities,
+ { "Interface Cababilities", "smb2.ioctl.network_interfaces.capabilities", FT_UINT32, BASE_HEX,
+ NULL, 0, "The RSS queue count", HFILL }},
+
+ { &hf_smb2_ioctl_network_interface_capability_rss,
+ { "RSS", "smb2.ioctl.network_interfaces.capabilities.rss", FT_BOOLEAN, 32,
+ TFS(&tfs_smb2_ioctl_network_interface_capability_rss),
+ NETWORK_INTERFACE_CAP_RSS, "If the host supports RSS", HFILL }},
+
+ { &hf_smb2_ioctl_network_interface_capability_rdma,
+ { "RDMA", "smb2.ioctl.network_interfaces.capabilities.rdma", FT_BOOLEAN, 32,
+ TFS(&tfs_smb2_ioctl_network_interface_capability_rdma),
+ NETWORK_INTERFACE_CAP_RDMA, "If the host supports RDMA", HFILL }},
+
+ { &hf_smb2_ioctl_network_interface_link_speed,
+ { "Link Speed", "smb2.ioctl.network_interfaces.link_speed", FT_UINT64, BASE_DEC,
+ NULL, 0, "The link speed of the interface", HFILL }},
+
+ { &hf_smb2_ioctl_shadow_copy_num_volumes,
+ { "Num Volumes", "smb2.ioctl.shadow_copy.num_volumes", FT_UINT32, BASE_DEC,
+ NULL, 0, "Number of shadow copy volumes", HFILL }},
+
+ { &hf_smb2_ioctl_shadow_copy_num_labels,
+ { "Num Labels", "smb2.ioctl.shadow_copy.num_labels", FT_UINT32, BASE_DEC,
+ NULL, 0, "Number of shadow copy labels", HFILL }},
+
+ { &hf_smb2_ioctl_shadow_copy_label,
+ { "Label", "smb2.ioctl.shadow_copy.label", FT_STRING, BASE_NONE,
+ NULL, 0, "Shadow copy label", HFILL }},
+
+ { &hf_smb2_compression_format,
+ { "Compression Format", "smb2.compression_format", FT_UINT16, BASE_DEC,
+ VALS(compression_format_vals), 0, "Compression to use", HFILL }},
+
+ { &hf_smb2_checksum_algorithm,
+ { "Checksum Algorithm", "smb2.checksum_algorithm", FT_UINT16, BASE_HEX,
+ VALS(checksum_algorithm_vals), 0, "Checksum algorithm to use", HFILL}},
+
+ { &hf_smb2_integrity_reserved,
+ { "Reserved", "smb2.integrity_reserved", FT_UINT16, BASE_DEC,
+ NULL, 0, "Reserved Field", HFILL}},
+
+ { &hf_smb2_integrity_flags,
+ { "Flags", "smb2.integrity_flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_buffer_code_len,
- { "Length", "smb2.buffer_code.length", FT_UINT16, BASE_DEC,
- NULL, 0, "Length of fixed portion of PDU", HFILL }},
+ { &hf_smb2_integrity_flags_enforcement_off,
+ { "FSCTL_INTEGRITY_FLAG_CHECKSUM_ENFORCEMENT_OFF", "smb2.integrity_flags_enforcement", FT_BOOLEAN, 32,
+ NULL, 0x1, "If checksum error enforcement is off", HFILL }},
- { &hf_smb2_olb_length,
- { "Length", "smb2.olb.length", FT_UINT32, BASE_DEC,
- NULL, 0, "Length of the buffer", HFILL }},
+ { &hf_smb2_share_type,
+ { "Share Type", "smb2.share_type", FT_UINT8, BASE_HEX,
+ VALS(smb2_share_type_vals), 0, "Type of share", HFILL }},
- { &hf_smb2_olb_offset,
- { "Offset", "smb2.olb.offset", FT_UINT32, BASE_HEX,
- NULL, 0, "Offset to the buffer", HFILL }},
+ { &hf_smb2_credit_charge,
+ { "Credit Charge", "smb2.credit.charge", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_buffer_code_flags_dyn,
- { "Dynamic Part", "smb2.buffer_code.dynamic", FT_BOOLEAN, 16,
- NULL, 0x0001, "Whether a dynamic length blob follows", HFILL }},
+ { &hf_smb2_credits_requested,
+ { "Credits requested", "smb2.credits.requested", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_ea_data,
- { "EA Data", "smb2.ea.data", FT_STRING, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_credits_granted,
+ { "Credits granted", "smb2.credits.granted", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_ea_name,
- { "EA Name", "smb2.ea.name", FT_STRING, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_channel_sequence,
+ { "Channel Sequence", "smb2.channel_sequence", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_dialect_count,
+ { "Dialect count", "smb2.dialect_count", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_dialect,
+ { "Dialect", "smb2.dialect", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_security_mode,
+ { "Security mode", "smb2.sec_mode", FT_UINT8, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_session_flags,
+ { "Session Flags", "smb2.session_flags", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_lock_count,
+ { "Lock Count", "smb2.lock_count", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_capabilities,
+ { "Capabilities", "smb2.capabilities", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_ioctl_shadow_copy_count,
+ { "Count", "smb2.ioctl.shadow_copy.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Number of bytes for shadow copy label strings", HFILL }},
+
+ { &hf_smb2_auth_frame,
+ { "Authenticated in Frame", "smb2.auth_frame", FT_UINT32, BASE_DEC,
+ NULL, 0, "Which frame this user was authenticated in", HFILL }},
+
+ { &hf_smb2_tcon_frame,
+ { "Connected in Frame", "smb2.tcon_frame", FT_UINT32, BASE_DEC,
+ NULL, 0, "Which frame this share was connected in", HFILL }},
+
+ { &hf_smb2_tag,
+ { "Tag", "smb2.tag", FT_STRING, BASE_NONE,
+ NULL, 0, "Tag of chain entry", HFILL }},
+
+ { &hf_smb2_acct_name,
+ { "Account", "smb2.acct", FT_STRING, BASE_NONE,
+ NULL, 0, "Account Name", HFILL }},
+
+ { &hf_smb2_domain_name,
+ { "Domain", "smb2.domain", FT_STRING, BASE_NONE,
+ NULL, 0, "Domain Name", HFILL }},
+
+ { &hf_smb2_host_name,
+ { "Host", "smb2.host", FT_STRING, BASE_NONE,
+ NULL, 0, "Host Name", HFILL }},
+
+ { &hf_smb2_signature,
+ { "Signature", "smb2.signature", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_unknown,
+ { "unknown", "smb2.unknown", FT_BYTES, BASE_NONE,
+ NULL, 0, "Unknown bytes", HFILL }},
+
+ { &hf_smb2_twrp_timestamp,
+ { "Timestamp", "smb2.twrp_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, "TWrp timestamp", HFILL }},
+
+ { &hf_smb2_mxac_timestamp,
+ { "Timestamp", "smb2.mxac_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, "MxAc timestamp", HFILL }},
+
+ { &hf_smb2_mxac_status,
+ { "Query Status", "smb2.mxac_status", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
+ &NT_errors_ext, 0, "NT Status code", HFILL }},
+
+ { &hf_smb2_qfid_fid,
+ { "Opaque File ID", "smb2.qfid_fid", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_ses_flags_guest,
+ { "Guest", "smb2.ses_flags.guest", FT_BOOLEAN, 16,
+ NULL, SES_FLAGS_GUEST, NULL, HFILL }},
+
+ { &hf_smb2_ses_flags_null,
+ { "Null", "smb2.ses_flags.null", FT_BOOLEAN, 16,
+ NULL, SES_FLAGS_NULL, NULL, HFILL }},
+
+ { &hf_smb2_secmode_flags_sign_required,
+ { "Signing required", "smb2.sec_mode.sign_required", FT_BOOLEAN, 8,
+ NULL, NEGPROT_SIGN_REQ, "Is signing required", HFILL }},
+
+ { &hf_smb2_secmode_flags_sign_enabled,
+ { "Signing enabled", "smb2.sec_mode.sign_enabled", FT_BOOLEAN, 8,
+ NULL, NEGPROT_SIGN_ENABLED, "Is signing enabled", HFILL }},
+
+ { &hf_smb2_ses_req_flags,
+ { "Flags", "smb2.ses_req_flags", FT_UINT8, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_ses_req_flags_session_binding,
+ { "Session Binding Request", "smb2.ses_req_flags.session_binding", FT_BOOLEAN, 8,
+ NULL, SES_REQ_FLAGS_SESSION_BINDING,
+ "The client wants to bind to an existing session", HFILL }},
+
+ { &hf_smb2_cap_dfs,
+ { "DFS", "smb2.capabilities.dfs", FT_BOOLEAN, 32,
+ TFS(&tfs_cap_dfs), NEGPROT_CAP_DFS, "If the host supports dfs", HFILL }},
+
+ { &hf_smb2_cap_leasing,
+ { "LEASING", "smb2.capabilities.leasing", FT_BOOLEAN, 32,
+ TFS(&tfs_cap_leasing), NEGPROT_CAP_LEASING,
+ "If the host supports leasing", HFILL }},
+
+ { &hf_smb2_cap_large_mtu,
+ { "LARGE MTU", "smb2.capabilities.large_mtu", FT_BOOLEAN, 32,
+ TFS(&tfs_cap_large_mtu), NEGPROT_CAP_LARGE_MTU,
+ "If the host supports LARGE MTU", HFILL }},
+
+ { &hf_smb2_cap_multi_channel,
+ { "MULTI CHANNEL", "smb2.capabilities.multi_channel", FT_BOOLEAN, 32,
+ TFS(&tfs_cap_multi_channel), NEGPROT_CAP_MULTI_CHANNEL,
+ "If the host supports MULTI CHANNEL", HFILL }},
+
+ { &hf_smb2_cap_persistent_handles,
+ { "PERSISTENT HANDLES", "smb2.capabilities.persistent_handles", FT_BOOLEAN, 32,
+ TFS(&tfs_cap_persistent_handles), NEGPROT_CAP_PERSISTENT_HANDLES,
+ "If the host supports PERSISTENT HANDLES", HFILL }},
+
+ { &hf_smb2_cap_directory_leasing,
+ { "DIRECTORY LEASING", "smb2.capabilities.directory_leasing", FT_BOOLEAN, 32,
+ TFS(&tfs_cap_directory_leasing), NEGPROT_CAP_DIRECTORY_LEASING,
+ "If the host supports DIRECTORY LEASING", HFILL }},
+
+ { &hf_smb2_cap_encryption,
+ { "ENCRYPTION", "smb2.capabilities.encryption", FT_BOOLEAN, 32,
+ TFS(&tfs_cap_encryption), NEGPROT_CAP_ENCRYPTION,
+ "If the host supports ENCRYPTION", HFILL }},
+
+ { &hf_smb2_max_trans_size,
+ { "Max Transaction Size", "smb2.max_trans_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "Maximum size of a transaction", HFILL }},
+
+ { &hf_smb2_max_read_size,
+ { "Max Read Size", "smb2.max_read_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "Maximum size of a read", HFILL }},
+
+ { &hf_smb2_max_write_size,
+ { "Max Write Size", "smb2.max_write_size", FT_UINT32, BASE_DEC,
+ NULL, 0, "Maximum size of a write", HFILL }},
+
+ { &hf_smb2_channel,
+ { "Channel", "smb2.channel", FT_UINT32, BASE_HEX,
+ VALS(smb2_channel_vals), 0, NULL, HFILL }},
+
+ { &hf_smb2_rdma_v1_offset,
+ { "Offset", "smb2.buffer_descriptor.offset", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_rdma_v1_token,
+ { "Token", "smb2.buffer_descriptor.token", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_rdma_v1_length,
+ { "Length", "smb2.buffer_descriptor.length", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_share_flags,
+ { "Share flags", "smb2.share_flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_share_flags_dfs,
+ { "DFS", "smb2.share_flags.dfs", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_dfs, "The specified share is present in a Distributed File System (DFS) tree structure", HFILL }},
+
+ { &hf_smb2_share_flags_dfs_root,
+ { "DFS root", "smb2.share_flags.dfs_root", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_dfs_root, "The specified share is present in a Distributed File System (DFS) tree structure", HFILL }},
+
+ { &hf_smb2_share_flags_restrict_exclusive_opens,
+ { "Restrict exclusive opens", "smb2.share_flags.restrict_exclusive_opens", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_restrict_exclusive_opens, "The specified share disallows exclusive file opens that deny reads to an open file", HFILL }},
+
+ { &hf_smb2_share_flags_force_shared_delete,
+ { "Force shared delete", "smb2.share_flags.force_shared_delete", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_force_shared_delete, "Shared files in the specified share can be forcibly deleted", HFILL }},
+
+ { &hf_smb2_share_flags_allow_namespace_caching,
+ { "Allow namepsace caching", "smb2.share_flags.allow_namespace_caching", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_allow_namespace_caching, "Clients are allowed to cache the namespace of the specified share", HFILL }},
+
+ { &hf_smb2_share_flags_access_based_dir_enum,
+ { "Access based directory enum", "smb2.share_flags.access_based_dir_enum", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_access_based_dir_enum, "The server will filter directory entries based on the access permissions of the client", HFILL }},
+
+ { &hf_smb2_share_flags_force_levelii_oplock,
+ { "Force level II oplock", "smb2.share_flags.force_levelii_oplock", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_force_levelii_oplock, "The server will not issue exclusive caching rights on this share", HFILL }},
+
+ { &hf_smb2_share_flags_enable_hash_v1,
+ { "Enable hash V1", "smb2.share_flags.enable_hash_v1", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_enable_hash_v1, "The share supports hash generation V1 for branch cache retrieval of data (see also section 2.2.31.2 of MS-SMB2)", HFILL }},
+
+ { &hf_smb2_share_flags_enable_hash_v2,
+ { "Enable hash V2", "smb2.share_flags.enable_hash_v2", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_enable_hash_v2, "The share supports hash generation V2 for branch cache retrieval of data (see also section 2.2.31.2 of MS-SMB2)", HFILL }},
+
+ { &hf_smb2_share_flags_encrypt_data,
+ { "Encrypted data required", "smb2.share_flags.encrypt_data", FT_BOOLEAN, 32,
+ NULL, SHARE_FLAGS_encryption_required, "The share require data encryption", HFILL }},
+
+ { &hf_smb2_share_caching,
+ { "Caching policy", "smb2.share.caching", FT_UINT32, BASE_HEX,
+ VALS(share_cache_vals), 0, NULL, HFILL }},
+
+ { &hf_smb2_share_caps,
+ { "Share Capabilities", "smb2.share_caps", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_impersonation_level,
- { "Impersonation", "smb2.impersonation.level", FT_UINT32, BASE_DEC,
- VALS(impersonation_level_vals), 0, "Impersonation level", HFILL }},
+ { &hf_smb2_share_caps_dfs,
+ { "DFS", "smb2.share_caps.dfs", FT_BOOLEAN, 32,
+ NULL, SHARE_CAPS_DFS, "The specified share is present in a DFS tree structure", HFILL }},
- { &hf_smb2_ioctl_function,
- { "Function", "smb2.ioctl.function", FT_UINT32, BASE_HEX,
- VALS(smb2_ioctl_vals), 0, "Ioctl function", HFILL }},
+ { &hf_smb2_share_caps_continuous_availability,
+ { "CONTINUOUS AVAILABILITY", "smb2.share_caps.continuous_availability", FT_BOOLEAN, 32,
+ NULL, SHARE_CAPS_CONTINUOUS_AVAILABILITY,
+ "The specified share is continuously available", HFILL }},
- { &hf_smb2_ioctl_function_device,
- { "Device", "smb2.ioctl.function.device", FT_UINT32, BASE_HEX,
- VALS(smb2_ioctl_device_vals), 0xffff0000, "Device for Ioctl", HFILL }},
+ { &hf_smb2_share_caps_scaleout,
+ { "SCALEOUT", "smb2.share_caps.scaleout", FT_BOOLEAN, 32,
+ NULL, SHARE_CAPS_SCALEOUT,
+ "The specified share is a scaleout share", HFILL }},
- { &hf_smb2_ioctl_function_access,
- { "Access", "smb2.ioctl.function.access", FT_UINT32, BASE_HEX,
- VALS(smb2_ioctl_access_vals), 0x0000c000, "Access for Ioctl", HFILL }},
+ { &hf_smb2_share_caps_cluster,
+ { "CLUSTER", "smb2.share_caps.cluster", FT_BOOLEAN, 32,
+ NULL, SHARE_CAPS_CLUSTER,
+ "The specified share is a cluster share", HFILL }},
- { &hf_smb2_ioctl_function_function,
- { "Function", "smb2.ioctl.function.function", FT_UINT32, BASE_HEX,
- NULL, 0x00003ffc, "Function for Ioctl", HFILL }},
+ { &hf_smb2_ioctl_flags,
+ { "Flags", "smb2.ioctl.flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_ioctl_function_method,
- { "Method", "smb2.ioctl.function.method", FT_UINT32, BASE_HEX,
- VALS(smb2_ioctl_method_vals), 0x00000003, "Method for Ioctl", HFILL }},
+ { &hf_smb2_min_count,
+ { "Min Count", "smb2.min_count", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_ioctl_resiliency_timeout,
- { "Timeout", "smb2.ioctl.resiliency.timeout", FT_UINT32, BASE_DEC,
- NULL, 0, "Resiliency timeout", HFILL }},
+ { &hf_smb2_remaining_bytes,
+ { "Remaining Bytes", "smb2.remaining_bytes", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
- { &hf_smb2_ioctl_resiliency_reserved,
- { "Reserved", "smb2.ioctl.resiliency.reserved", FT_UINT32, BASE_DEC,
- NULL, 0, "Resiliency reserved", HFILL }},
+ { &hf_smb2_channel_info_offset,
+ { "Channel Info Offset", "smb2.channel_info_offset", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_windows_sockaddr_family,
- { "Socket Family", "smb2.windows.sockaddr.family", FT_UINT16, BASE_DEC,
- NULL, 0, "The socket address family (on windows)", HFILL }},
+ { &hf_smb2_channel_info_length,
+ { "Channel Info Length", "smb2.channel_info_length", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_windows_sockaddr_port,
- { "Socket Port", "smb2.windows.sockaddr.port", FT_UINT16, BASE_DEC,
- NULL, 0, "The socket address port", HFILL }},
+ { &hf_smb2_channel_info_blob,
+ { "Channel Info Blob", "smb2.channel_info_blob", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_windows_sockaddr_in_addr,
- { "Socket IPv4", "smb2.windows.sockaddr.in.addr", FT_IPv4, BASE_NONE,
- NULL, 0, "The IPv4 address", HFILL }},
+ { &hf_smb2_ioctl_is_fsctl,
+ { "Is FSCTL", "smb2.ioctl.is_fsctl", FT_BOOLEAN, 32,
+ NULL, 0x00000001, NULL, HFILL }},
- { &hf_windows_sockaddr_in6_flowinfo,
- { "IPv6 Flow Info", "smb2.windows.sockaddr.in6.flow_info", FT_UINT32, BASE_HEX,
- NULL, 0, "The socket IPv6 flow info", HFILL }},
+ { &hf_smb2_output_buffer_len,
+ { "Output Buffer Length", "smb2.output_buffer_len", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_windows_sockaddr_in6_addr,
- { "Socket IPv6", "smb2.windows.sockaddr.in6.addr", FT_IPv6, BASE_NONE,
- NULL, 0, "The IPv6 address", HFILL }},
+ { &hf_smb2_close_pq_attrib,
+ { "PostQuery Attrib", "smb2.close.pq_attrib", FT_BOOLEAN, 16,
+ NULL, 0x0001, NULL, HFILL }},
- { &hf_windows_sockaddr_in6_scope_id,
- { "IPv6 Scope ID", "smb2.windows.sockaddr.in6.scope_id", FT_UINT32, BASE_DEC,
- NULL, 0, "The socket IPv6 scope id", HFILL }},
+ { &hf_smb2_notify_watch_tree,
+ { "Watch Tree", "smb2.notify.watch_tree", FT_BOOLEAN, 16,
+ NULL, 0x0001, NULL, HFILL }},
- { &hf_smb2_ioctl_network_interface_next_offset,
- { "Next Offset", "smb2.ioctl.network_interfaces.next_offset", FT_UINT32, BASE_HEX,
- NULL, 0, "Offset to next entry in chain or 0", HFILL }},
+ { &hf_smb2_notify_out_data,
+ { "Out Data", "smb2.notify.out", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_ioctl_network_interface_index,
- { "Interface Index", "smb2.ioctl.network_interfaces.index", FT_UINT32, BASE_DEC,
- NULL, 0, "The index of the interface", HFILL }},
+ { &hf_smb2_notify_info,
+ { "Notify Info", "smb2.notify.info", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_ioctl_network_interface_rss_queue_count,
- { "RSS Queue Count", "smb2.ioctl.network_interfaces.rss_queue_count", FT_UINT32, BASE_DEC,
- NULL, 0, "The RSS queue count", HFILL }},
+ { &hf_smb2_notify_next_offset,
+ { "Next Offset", "smb2.notify.next_offset", FT_UINT32, BASE_HEX,
+ NULL, 0, "Offset to next entry in chain or 0", HFILL }},
- { &hf_smb2_ioctl_network_interface_capabilities,
- { "Interface Cababilities", "smb2.ioctl.network_interfaces.capabilities", FT_UINT32, BASE_HEX,
- NULL, 0, "The RSS queue count", HFILL }},
+ { &hf_smb2_notify_action,
+ { "Action", "smb2.notify.action", FT_UINT32, BASE_HEX,
+ VALS(notify_action_vals), 0, "Notify Action", HFILL }},
- { &hf_smb2_ioctl_network_interface_capability_rss,
- { "RSS", "smb2.ioctl.network_interfaces.capabilities.rss", FT_BOOLEAN, 32,
- TFS(&tfs_smb2_ioctl_network_interface_capability_rss),
- NETWORK_INTERFACE_CAP_RSS, "If the host supports RSS", HFILL }},
-
- { &hf_smb2_ioctl_network_interface_capability_rdma,
- { "RMDA", "smb2.ioctl.network_interfaces.capabilities.rdma", FT_BOOLEAN, 32,
- TFS(&tfs_smb2_ioctl_network_interface_capability_rdma),
- NETWORK_INTERFACE_CAP_RMDA, "If the host supports RDMA", HFILL }},
- { &hf_smb2_ioctl_network_interface_link_speed,
- { "Link Speed", "smb2.ioctl.network_interfaces.link_speed", FT_UINT64, BASE_DEC,
- NULL, 0, "The link speed of the interface", HFILL }},
+ { &hf_smb2_find_flags_restart_scans,
+ { "Restart Scans", "smb2.find.restart_scans", FT_BOOLEAN, 8,
+ NULL, SMB2_FIND_FLAG_RESTART_SCANS, NULL, HFILL }},
- { &hf_smb2_ioctl_shadow_copy_num_volumes,
- { "Num Volumes", "smb2.ioctl.shadow_copy.num_volumes", FT_UINT32, BASE_DEC,
- NULL, 0, "Number of shadow copy volumes", HFILL }},
+ { &hf_smb2_find_flags_single_entry,
+ { "Single Entry", "smb2.find.single_entry", FT_BOOLEAN, 8,
+ NULL, SMB2_FIND_FLAG_SINGLE_ENTRY, NULL, HFILL }},
- { &hf_smb2_ioctl_shadow_copy_num_labels,
- { "Num Labels", "smb2.ioctl.shadow_copy.num_labels", FT_UINT32, BASE_DEC,
- NULL, 0, "Number of shadow copy labels", HFILL }},
+ { &hf_smb2_find_flags_index_specified,
+ { "Index Specified", "smb2.find.index_specified", FT_BOOLEAN, 8,
+ NULL, SMB2_FIND_FLAG_INDEX_SPECIFIED, NULL, HFILL }},
- { &hf_smb2_ioctl_shadow_copy_label,
- { "Label", "smb2.ioctl.shadow_copy.label", FT_STRING, BASE_NONE,
- NULL, 0, "Shadow copy label", HFILL }},
+ { &hf_smb2_find_flags_reopen,
+ { "Reopen", "smb2.find.reopen", FT_BOOLEAN, 8,
+ NULL, SMB2_FIND_FLAG_REOPEN, NULL, HFILL }},
- { &hf_smb2_compression_format,
- { "Compression Format", "smb2.compression_format", FT_UINT16, BASE_DEC,
- VALS(compression_format_vals), 0, "Compression to use", HFILL }},
+ { &hf_smb2_file_index,
+ { "File Index", "smb2.file_index", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_share_type,
- { "Share Type", "smb2.share_type", FT_UINT8, BASE_HEX,
- VALS(smb2_share_type_vals), 0, "Type of share", HFILL }},
+ { &hf_smb2_file_directory_info,
+ { "FileDirectoryInfo", "smb2.find.file_directory_info", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_credit_charge,
- { "Credit Charge", "smb2.credit.charge", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_full_directory_info,
+ { "FullDirectoryInfo", "smb2.find.full_directory_info", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_credits_requested,
- { "Credits requested", "smb2.credits.requested", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_both_directory_info,
+ { "FileBothDirectoryInfo", "smb2.find.both_directory_info", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_credits_granted,
- { "Credits granted", "smb2.credits.granted", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_id_both_directory_info,
+ { "FileIdBothDirectoryInfo", "smb2.find.id_both_directory_info", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_channel_sequence,
- { "Channel Sequence", "smb2.channel_sequence", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_dialect_count,
- { "Dialect count", "smb2.dialect_count", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_dialect,
- { "Dialect", "smb2.dialect", FT_UINT16, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_security_mode,
- { "Security mode", "smb2.sec_mode", FT_UINT8, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_session_flags,
- { "Session Flags", "smb2.session_flags", FT_UINT16, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_lock_count,
- { "Lock Count", "smb2.lock_count", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_capabilities,
- { "Capabilities", "smb2.capabilities", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_ioctl_shadow_copy_count,
- { "Count", "smb2.ioctl.shadow_copy.count", FT_UINT32, BASE_DEC,
- NULL, 0, "Number of bytes for shadow copy label strings", HFILL }},
-
- { &hf_smb2_auth_frame,
- { "Authenticated in Frame", "smb2.auth_frame", FT_UINT32, BASE_DEC,
- NULL, 0, "Which frame this user was authenticated in", HFILL }},
-
- { &hf_smb2_tcon_frame,
- { "Connected in Frame", "smb2.tcon_frame", FT_UINT32, BASE_DEC,
- NULL, 0, "Which frame this share was connected in", HFILL }},
-
- { &hf_smb2_tag,
- { "Tag", "smb2.tag", FT_STRING, BASE_NONE,
- NULL, 0, "Tag of chain entry", HFILL }},
-
- { &hf_smb2_acct_name,
- { "Account", "smb2.acct", FT_STRING, BASE_NONE,
- NULL, 0, "Account Name", HFILL }},
-
- { &hf_smb2_domain_name,
- { "Domain", "smb2.domain", FT_STRING, BASE_NONE,
- NULL, 0, "Domain Name", HFILL }},
-
- { &hf_smb2_host_name,
- { "Host", "smb2.host", FT_STRING, BASE_NONE,
- NULL, 0, "Host Name", HFILL }},
-
- { &hf_smb2_signature,
- { "Signature", "smb2.signature", FT_BYTES, BASE_NONE,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_unknown,
- { "unknown", "smb2.unknown", FT_BYTES, BASE_NONE,
- NULL, 0, "Unknown bytes", HFILL }},
-
- { &hf_smb2_twrp_timestamp,
- { "Timestamp", "smb2.twrp_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
- NULL, 0, "TWrp timestamp", HFILL }},
-
- { &hf_smb2_mxac_timestamp,
- { "Timestamp", "smb2.mxac_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
- NULL, 0, "MxAc timestamp", HFILL }},
-
- { &hf_smb2_mxac_status,
- { "Query Status", "smb2.mxac_status", FT_UINT32, BASE_HEX,
- VALS(NT_errors), 0, "NT Status code", HFILL }},
-
- { &hf_smb2_qfid_fid,
- { "Opaque File ID", "smb2.qfid_fid", FT_BYTES, BASE_NONE,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_ses_flags_guest,
- { "Guest", "smb2.ses_flags.guest", FT_BOOLEAN, 16,
- NULL, SES_FLAGS_GUEST, NULL, HFILL }},
-
- { &hf_smb2_ses_flags_null,
- { "Null", "smb2.ses_flags.null", FT_BOOLEAN, 16,
- NULL, SES_FLAGS_NULL, NULL, HFILL }},
-
- { &hf_smb2_secmode_flags_sign_required,
- { "Signing required", "smb2.sec_mode.sign_required", FT_BOOLEAN, 8,
- NULL, NEGPROT_SIGN_REQ, "Is signing required", HFILL }},
-
- { &hf_smb2_secmode_flags_sign_enabled,
- { "Signing enabled", "smb2.sec_mode.sign_enabled", FT_BOOLEAN, 8,
- NULL, NEGPROT_SIGN_ENABLED, "Is signing enabled", HFILL }},
-
- { &hf_smb2_ses_req_flags,
- { "Flags", "smb2.ses_req_flags", FT_UINT8, BASE_DEC,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_ses_req_flags_session_binding,
- { "Session Binding Request", "smb2.ses_req_flags.session_binding", FT_BOOLEAN, 8,
- NULL, SES_REQ_FLAGS_SESSION_BINDING,
- "The client wants to bind to an existing session", HFILL }},
-
- { &hf_smb2_cap_dfs,
- { "DFS", "smb2.capabilities.dfs", FT_BOOLEAN, 32,
- TFS(&tfs_cap_dfs), NEGPROT_CAP_DFS, "If the host supports dfs", HFILL }},
-
- { &hf_smb2_cap_leasing,
- { "LEASING", "smb2.capabilities.leasing", FT_BOOLEAN, 32,
- TFS(&tfs_cap_leasing), NEGPROT_CAP_LEASING,
- "If the host supports leasing", HFILL }},
-
- { &hf_smb2_cap_large_mtu,
- { "LARGE MTU", "smb2.capabilities.large_mtu", FT_BOOLEAN, 32,
- TFS(&tfs_cap_large_mtu), NEGPROT_CAP_LARGE_MTU,
- "If the host supports LARGE MTU", HFILL }},
-
- { &hf_smb2_cap_multi_channel,
- { "MULTI CHANNEL", "smb2.capabilities.multi_channel", FT_BOOLEAN, 32,
- TFS(&tfs_cap_multi_channel), NEGPROT_CAP_MULTI_CHANNEL,
- "If the host supports MULTI CHANNEL", HFILL }},
-
- { &hf_smb2_cap_persistent_handles,
- { "PERSISTENT HANDLES", "smb2.capabilities.persistent_handles", FT_BOOLEAN, 32,
- TFS(&tfs_cap_persistent_handles), NEGPROT_CAP_PERSISTENT_HANDLES,
- "If the host supports PERSISTENT HANDLES", HFILL }},
-
- { &hf_smb2_cap_directory_leasing,
- { "DIRECTORY LEASING", "smb2.capabilities.directory_leasing", FT_BOOLEAN, 32,
- TFS(&tfs_cap_directory_leasing), NEGPROT_CAP_DIRECTORY_LEASING,
- "If the host supports DIRECTORY LEASING", HFILL }},
-
- { &hf_smb2_cap_encryption,
- { "ENCRYPTION", "smb2.capabilities.encryption", FT_BOOLEAN, 32,
- TFS(&tfs_cap_encryption), NEGPROT_CAP_ENCRYPTION,
- "If the host supports ENCRYPTION", HFILL }},
-
- { &hf_smb2_max_trans_size,
- { "Max Transaction Size", "smb2.max_trans_size", FT_UINT32, BASE_DEC,
- NULL, 0, "Maximum size of a transaction", HFILL }},
-
- { &hf_smb2_max_read_size,
- { "Max Read Size", "smb2.max_read_size", FT_UINT32, BASE_DEC,
- NULL, 0, "Maximum size of a read", HFILL }},
-
- { &hf_smb2_max_write_size,
- { "Max Write Size", "smb2.max_write_size", FT_UINT32, BASE_DEC,
- NULL, 0, "Maximum size of a write", HFILL }},
-
- { &hf_smb2_channel,
- { "Channel", "smb2.channel", FT_UINT32, BASE_DEC,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_share_flags,
- { "Share flags", "smb2.share_flags", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_share_flags_dfs,
- { "DFS", "smb2.share_flags.dfs", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_dfs, "The specified share is present in a Distributed File System (DFS) tree structure", HFILL }},
-
- { &hf_smb2_share_flags_dfs_root,
- { "DFS root", "smb2.share_flags.dfs_root", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_dfs_root, "The specified share is present in a Distributed File System (DFS) tree structure", HFILL }},
-
- { &hf_smb2_share_flags_restrict_exclusive_opens,
- { "Restrict exclusive opens", "smb2.share_flags.restrict_exclusive_opens", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_restrict_exclusive_opens, "The specified share disallows exclusive file opens that deny reads to an open file", HFILL }},
-
- { &hf_smb2_share_flags_force_shared_delete,
- { "Force shared delete", "smb2.share_flags.force_shared_delete", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_force_shared_delete, "Shared files in the specified share can be forcibly deleted", HFILL }},
-
- { &hf_smb2_share_flags_allow_namespace_caching,
- { "Allow namepsace caching", "smb2.share_flags.allow_namespace_caching", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_allow_namespace_caching, "Clients are allowed to cache the namespace of the specified share", HFILL }},
-
- { &hf_smb2_share_flags_access_based_dir_enum,
- { "Access based directory enum", "smb2.share_flags.access_based_dir_enum", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_access_based_dir_enum, "The server will filter directory entries based on the access permissions of the client", HFILL }},
-
- { &hf_smb2_share_flags_force_levelii_oplock,
- { "Force level II oplock", "smb2.share_flags.force_levelii_oplock", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_force_levelii_oplock, "The server will not issue exclusive caching rights on this share", HFILL }},
-
- { &hf_smb2_share_flags_enable_hash_v1,
- { "Enable hash V1", "smb2.share_flags.enable_hash_v1", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_enable_hash_v1, "The share supports hash generation V1 for branch cache retrieval of data (see also section 2.2.31.2 of MS-SMB2)", HFILL }},
-
- { &hf_smb2_share_flags_enable_hash_v2,
- { "Enable hash V2", "smb2.share_flags.enable_hash_v2", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_enable_hash_v2, "The share supports hash generation V2 for branch cache retrieval of data (see also section 2.2.31.2 of MS-SMB2)", HFILL }},
-
- { &hf_smb2_share_flags_encrypt_data,
- { "Encrypted data required", "smb2.share_flags.encrypt_data", FT_BOOLEAN, 32,
- NULL, SHARE_FLAGS_encryption_required, "The share require data encryption", HFILL }},
-
- { &hf_smb2_share_caching,
- { "Caching policy", "smb2.share.caching", FT_UINT32, BASE_HEX,
- VALS(share_cache_vals), 0, NULL, HFILL }},
-
- { &hf_smb2_share_caps,
- { "Share Capabilities", "smb2.share_caps", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_share_caps_dfs,
- { "DFS", "smb2.share_caps.dfs", FT_BOOLEAN, 32,
- NULL, SHARE_CAPS_DFS, "The specified share is present in a DFS tree structure", HFILL }},
-
- { &hf_smb2_share_caps_continuous_availability,
- { "CONTINUOUS AVAILABILITY", "smb2.share_caps.continuous_availability", FT_BOOLEAN, 32,
- NULL, SHARE_CAPS_CONTINUOUS_AVAILABILITY,
- "The specified share is continuously available", HFILL }},
-
- { &hf_smb2_share_caps_scaleout,
- { "SCALEOUT", "smb2.share_caps.scaleout", FT_BOOLEAN, 32,
- NULL, SHARE_CAPS_SCALEOUT,
- "The specified share is a scaleout share", HFILL }},
-
- { &hf_smb2_share_caps_cluster,
- { "CLUSTER", "smb2.share_caps.cluster", FT_BOOLEAN, 32,
- NULL, SHARE_CAPS_CLUSTER,
- "The specified share is a cluster share", HFILL }},
-
- { &hf_smb2_ioctl_flags,
- { "Flags", "smb2.ioctl.flags", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
-
- { &hf_smb2_min_count,
- { "Min Count", "smb2.min_count", FT_UINT32, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_short_name_len,
+ { "Short Name Length", "smb2.short_name_len", FT_UINT8, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_remaining_bytes,
- { "Remaining Bytes", "smb2.remaining_bytes", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
+ { &hf_smb2_short_name,
+ { "Short Name", "smb2.shortname", FT_STRING, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_channel_info_offset,
- { "Channel Info Offset", "smb2.channel_info_offset", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lock_info,
+ { "Lock Info", "smb2.lock_info", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_channel_info_length,
- { "Channel Info Length", "smb2.channel_info_length", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lock_length,
+ { "Length", "smb2.lock_length", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_ioctl_is_fsctl,
- { "Is FSCTL", "smb2.ioctl.is_fsctl", FT_BOOLEAN, 32,
- NULL, 0x00000001, NULL, HFILL }},
+ { &hf_smb2_lock_flags,
+ { "Flags", "smb2.lock_flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_output_buffer_len,
- { "Output Buffer Length", "smb2.output_buffer_len", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lock_flags_shared,
+ { "Shared", "smb2.lock_flags.shared", FT_BOOLEAN, 32,
+ NULL, 0x00000001, NULL, HFILL }},
- { &hf_smb2_close_pq_attrib,
- { "PostQuery Attrib", "smb2.close.pq_attrib", FT_BOOLEAN, 16,
- NULL, 0x0001, NULL, HFILL }},
+ { &hf_smb2_lock_flags_exclusive,
+ { "Exclusive", "smb2.lock_flags.exclusive", FT_BOOLEAN, 32,
+ NULL, 0x00000002, NULL, HFILL }},
- { &hf_smb2_notify_watch_tree,
- { "Watch Tree", "smb2.notify.watch_tree", FT_BOOLEAN, 16,
- NULL, 0x0001, NULL, HFILL }},
+ { &hf_smb2_lock_flags_unlock,
+ { "Unlock", "smb2.lock_flags.unlock", FT_BOOLEAN, 32,
+ NULL, 0x00000004, NULL, HFILL }},
- { &hf_smb2_notify_out_data,
- { "Out Data", "smb2.notify.out", FT_NONE, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_lock_flags_fail_immediately,
+ { "Fail Immediately", "smb2.lock_flags.fail_immediately", FT_BOOLEAN, 32,
+ NULL, 0x00000010, NULL, HFILL }},
- { &hf_smb2_find_flags_restart_scans,
- { "Restart Scans", "smb2.find.restart_scans", FT_BOOLEAN, 8,
- NULL, SMB2_FIND_FLAG_RESTART_SCANS, NULL, HFILL }},
+ { &hf_smb2_error_reserved,
+ { "Reserved", "smb2.error.reserved", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_find_flags_single_entry,
- { "Single Entry", "smb2.find.single_entry", FT_BOOLEAN, 8,
- NULL, SMB2_FIND_FLAG_SINGLE_ENTRY, NULL, HFILL }},
+ { &hf_smb2_error_byte_count,
+ { "Byte Count", "smb2.error.byte_count", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_find_flags_index_specified,
- { "Index Specified", "smb2.find.index_specified", FT_BOOLEAN, 8,
- NULL, SMB2_FIND_FLAG_INDEX_SPECIFIED, NULL, HFILL }},
+ { &hf_smb2_error_data,
+ { "Error Data", "smb2.error.data", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_find_flags_reopen,
- { "Reopen", "smb2.find.reopen", FT_BOOLEAN, 8,
- NULL, SMB2_FIND_FLAG_REOPEN, NULL, HFILL }},
+ { &hf_smb2_reserved,
+ { "Reserved", "smb2.reserved", FT_BYTES, BASE_NONE,
+ NULL, 0, "Reserved bytes", HFILL }},
- { &hf_smb2_file_index,
- { "File Index", "smb2.file_index", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_reserved_random,
+ { "Reserved (Random)", "smb2.reserved.random", FT_BYTES, BASE_NONE,
+ NULL, 0, "Reserved bytes, random data", HFILL }},
- { &hf_smb2_file_directory_info,
- { "FileDirectoryInfo", "smb2.find.file_directory_info", FT_NONE, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_root_directory_mbz,
+ { "Root Dir Handle (MBZ)", "smb2.root_directory", FT_BYTES, BASE_NONE,
+ NULL, 0, "Root Directory Handle, mbz", HFILL }},
- { &hf_smb2_full_directory_info,
- { "FullDirectoryInfo", "smb2.find.full_directory_info", FT_NONE, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_dhnq_buffer_reserved,
+ { "Reserved", "smb2.dhnq_buffer_reserved", FT_UINT64, BASE_HEX,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_both_directory_info,
- { "FileBothDirectoryInfo", "smb2.find.both_directory_info", FT_NONE, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_dh2x_buffer_timeout,
+ { "Timeout", "smb2.dh2x.timeout", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_id_both_directory_info,
- { "FileIdBothDirectoryInfo", "smb2.find.id_both_directory_info", FT_NONE, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_dh2x_buffer_flags,
+ { "Flags", "smb2.dh2x.flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_short_name_len,
- { "Short Name Length", "smb2.short_name_len", FT_UINT8, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_dh2x_buffer_flags_persistent_handle,
+ { "Persistent Handle", "smb2.dh2x.flags.persistent_handle", FT_BOOLEAN, 32,
+ NULL, SMB2_DH2X_FLAGS_PERSISTENT_HANDLE, NULL, HFILL}},
- { &hf_smb2_short_name,
- { "Short Name", "smb2.shortname", FT_STRING, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_dh2x_buffer_reserved,
+ { "Reserved", "smb2.dh2x.reserved", FT_UINT64, BASE_HEX,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_lock_info,
- { "Lock Info", "smb2.lock_info", FT_NONE, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_dh2x_buffer_create_guid,
+ { "Create Guid", "smb2.dh2x.create_guid", FT_GUID, BASE_NONE,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_lock_length,
- { "Length", "smb2.lock_length", FT_UINT64, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_APP_INSTANCE_buffer_struct_size,
+ { "Struct Size", "smb2.app_instance.struct_size", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_lock_flags,
- { "Flags", "smb2.lock_flags", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_APP_INSTANCE_buffer_reserved,
+ { "Reserved", "smb2.app_instance.reserved", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_lock_flags_shared,
- { "Shared", "smb2.lock_flags.shared", FT_BOOLEAN, 32,
- NULL, 0x00000001, NULL, HFILL }},
+ { &hf_smb2_APP_INSTANCE_buffer_app_guid,
+ { "Application Guid", "smb2.app_instance.app_guid", FT_GUID, BASE_NONE,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_lock_flags_exclusive,
- { "Exclusive", "smb2.lock_flags.exclusive", FT_BOOLEAN, 32,
- NULL, 0x00000002, NULL, HFILL }},
+ { &hf_smb2_svhdx_open_device_context_version,
+ { "Version", "smb2.svhdx_open_device_context.version", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL}},
- { &hf_smb2_lock_flags_unlock,
- { "Unlock", "smb2.lock_flags.unlock", FT_BOOLEAN, 32,
- NULL, 0x00000004, NULL, HFILL }},
+ { &hf_smb2_svhdx_open_device_context_has_initiator_id,
+ { "HasInitiatorId", "smb2.svhdx_open_device_context.initiator_has_id", FT_BOOLEAN, 8,
+ TFS(&tfs_smb2_svhdx_has_initiator_id), 0, "Whether the host has an intiator", HFILL}},
- { &hf_smb2_lock_flags_fail_immediately,
- { "Fail Immediately", "smb2.lock_flags.fail_immediately", FT_BOOLEAN, 32,
- NULL, 0x00000010, NULL, HFILL }},
+ { &hf_smb2_svhdx_open_device_context_reserved,
+ { "Reserved", "smb2.svhdx_open_device_context.reserved", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_error_reserved,
- { "Reserved", "smb2.error.reserved", FT_UINT16, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_svhdx_open_device_context_initiator_id,
+ { "InitiatorId", "smb2.svhdx_open_device_context.initiator_id", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_error_byte_count,
- { "Byte Count", "smb2.error.byte_count", FT_UINT32, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_svhdx_open_device_context_flags,
+ { "Flags", "smb2.svhdx_open_device_context.flags", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_error_data,
- { "Error Data", "smb2.error.data", FT_BYTES, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_svhdx_open_device_context_originator_flags,
+ { "OriginatorFlags", "smb2.svhdx_open_device_context.originator_flags", FT_UINT32, BASE_HEX,
+ VALS(originator_flags_vals), 0, "Originator Flags", HFILL }},
- { &hf_smb2_reserved,
- { "Reserved", "smb2.reserved", FT_BYTES, BASE_NONE,
- NULL, 0, "Reserved bytes", HFILL }},
+ { &hf_smb2_svhdx_open_device_context_open_request_id,
+ { "OpenRequestId","smb2.svhxd_open_device_context.open_request_id", FT_UINT64, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_dhnq_buffer_reserved,
- { "Reserved", "smb2.dhnq_buffer_reserved", FT_UINT64, BASE_HEX,
- NULL, 0, NULL, HFILL}},
+ { &hf_smb2_svhdx_open_device_context_initiator_host_name_len,
+ { "HostNameLength", "smb2.svhxd_open_device_context.initiator_host_name_len", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_dh2x_buffer_timeout,
- { "Timeout", "smb2.dh2x.timeout", FT_UINT32, BASE_DEC,
- NULL, 0, NULL, HFILL}},
+ { &hf_smb2_svhdx_open_device_context_initiator_host_name,
+ { "HostName", "smb2.svhdx_open_device_context.host_name", FT_STRING, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_dh2x_buffer_flags,
- { "Flags", "smb2.dh2x.flags", FT_UINT32, BASE_HEX,
- NULL, 0, NULL, HFILL}},
+ { &hf_smb2_posix_v1_version,
+ { "Version", "smb2.posix_v1_version", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_dh2x_buffer_flags_persistent_handle,
- { "Persistent Handle", "smb2.dh2x.flags.persistent_handle", FT_BOOLEAN, 32,
- NULL, SMB2_DH2X_FLAGS_PERSISTENT_HANDLE, NULL, HFILL}},
+ { &hf_smb2_posix_v1_request,
+ { "Request", "smb2.posix_request", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_dh2x_buffer_reserved,
- { "Reserved", "smb2.dh2x.reserved", FT_UINT64, BASE_HEX,
- NULL, 0, NULL, HFILL}},
+ { &hf_smb2_posix_v1_case_sensitive,
+ { "Posix Case Sensitive File Names", "smb2.posix_case_sensitive", FT_UINT32, BASE_HEX,
+ VALS(posix_case_sensitive_vals), 0x01, NULL, HFILL }},
- { &hf_smb2_dh2x_buffer_create_guid,
- { "Create Guid", "smb2.dh2x.create_guid", FT_GUID, BASE_NONE,
- NULL, 0, NULL, HFILL}},
+ { &hf_smb2_posix_v1_posix_lock,
+ { "Posix Byte-Range Locks", "smb2.posix_locks", FT_UINT32, BASE_HEX,
+ VALS(posix_locks_vals), 0x02, NULL, HFILL }},
- { &hf_smb2_APP_INSTANCE_buffer_struct_size,
- { "Struct Size", "smb2.app_instance.struct_size", FT_UINT16, BASE_DEC,
- NULL, 0, NULL, HFILL}},
+ { &hf_smb2_posix_v1_posix_file_semantics,
+ { "Posix File Semantics", "smb2.posix_file_semantics", FT_UINT32, BASE_HEX,
+ VALS(posix_file_semantics_vals), 0x04, NULL, HFILL }},
- { &hf_smb2_APP_INSTANCE_buffer_reserved,
- { "Reserved", "smb2.app_instance.reserved", FT_UINT16, BASE_HEX,
- NULL, 0, NULL, HFILL}},
+ { &hf_smb2_posix_v1_posix_utf8_paths,
+ { "Posix UTF8 Paths", "smb2.posix_utf8_paths", FT_UINT32, BASE_HEX,
+ VALS(posix_utf8_paths_vals), 0x08, NULL, HFILL }},
- { &hf_smb2_APP_INSTANCE_buffer_app_guid,
- { "Application Guid", "smb2.app_instance.app_guid", FT_GUID, BASE_NONE,
- NULL, 0, NULL, HFILL}},
+ { &hf_smb2_posix_v1_posix_will_convert_nt_acls,
+ { "Posix Will Convert NT ACLs", "smb2.will_convert_NTACLs", FT_UINT32, BASE_HEX,
+ VALS(posix_will_convert_ntacls_vals), 0x10, NULL, HFILL }},
- { &hf_smb2_transform_signature,
- { "Signature", "smb2.header.transform.signature", FT_BYTES, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_posix_v1_posix_fileinfo,
+ { "Posix Fileinfo", "smb2.posix_fileinfo", FT_UINT32, BASE_HEX,
+ VALS(posix_fileinfo_vals), 0x20, NULL, HFILL }},
- { &hf_smb2_transform_nonce,
- { "Nonce", "smb2.header.transform.nonce", FT_BYTES, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_posix_v1_posix_acls,
+ { "Posix ACLs", "smb2.posix_acls", FT_UINT32, BASE_HEX,
+ VALS(posix_acls_vals), 0x40, NULL, HFILL }},
- { &hf_smb2_transform_msg_size,
- { "Message size", "smb2.header.transform.msg_size", FT_UINT32, BASE_DEC,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_posix_v1_rich_acls,
+ { "Rich ACLs", "smb2.rich_acls", FT_UINT32, BASE_HEX,
+ VALS(posix_rich_acls_vals), 0x80, NULL, HFILL }},
- { &hf_smb2_transform_reserved,
- { "Reserved", "smb2.header.transform.reserved", FT_BYTES, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_posix_v1_supported_features,
+ { "Supported Features", "smb2.posix_supported_features", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_transform_enc_alg,
- { "Encryption ALG", "smb2.header.transform.encryption_alg", FT_UINT16, BASE_HEX,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_transform_signature,
+ { "Signature", "smb2.header.transform.signature", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_encryption_aes128_ccm,
- { "SMB2_ENCRYPTION_AES128_CCM", "smb2.header.transform.enc_aes128_ccm", FT_BOOLEAN, 16,
- NULL, ENC_ALG_aes128_ccm, NULL, HFILL }},
+ { &hf_smb2_transform_nonce,
+ { "Nonce", "smb2.header.transform.nonce", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
- { &hf_smb2_transform_encyrpted_data,
- { "Data", "smb2.header.transform.enc_data", FT_BYTES, BASE_NONE,
- NULL, 0, NULL, HFILL }},
+ { &hf_smb2_transform_msg_size,
+ { "Message size", "smb2.header.transform.msg_size", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_smb2_transform_reserved,
+ { "Reserved", "smb2.header.transform.reserved", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_transform_enc_alg,
+ { "Encryption ALG", "smb2.header.transform.encryption_alg", FT_UINT16, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_encryption_aes128_ccm,
+ { "SMB2_ENCRYPTION_AES128_CCM", "smb2.header.transform.enc_aes128_ccm", FT_BOOLEAN, 16,
+ NULL, ENC_ALG_aes128_ccm, NULL, HFILL }},
+
+ { &hf_smb2_transform_encrypted_data,
+ { "Data", "smb2.header.transform.enc_data", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_server_component_smb2,
+ { "Server Component: SMB2", "smb2.server_component_smb2", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_server_component_smb2_transform,
+ { "Server Component: SMB2_TRANSFORM", "smb2.server_component_smb2_transform", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_truncated,
+ { "Truncated...", "smb2.truncated", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
};
static gint *ett[] = {
&ett_smb2_encrypted,
&ett_smb2_command,
&ett_smb2_secblob,
+ &ett_smb2_negotiate_context_element,
&ett_smb2_file_basic_info,
&ett_smb2_file_standard_info,
&ett_smb2_file_internal_info,
&ett_smb2_file_rename_info,
&ett_smb2_file_disposition_info,
&ett_smb2_file_position_info,
- &ett_smb2_file_info_0f,
+ &ett_smb2_file_full_ea_info,
&ett_smb2_file_mode_info,
&ett_smb2_file_alignment_info,
&ett_smb2_file_all_info,
&ett_smb2_ioctl_network_interface,
&ett_windows_sockaddr,
&ett_smb2_close_flags,
+ &ett_smb2_notify_info,
&ett_smb2_notify_flags,
+ &ett_smb2_rdma_v1,
&ett_smb2_write_flags,
&ett_smb2_find_flags,
&ett_smb2_file_directory_info,
&ett_smb2_DH2C_buffer,
&ett_smb2_dh2x_flags,
&ett_smb2_APP_INSTANCE_buffer,
+ &ett_smb2_svhdx_open_device_context,
+ &ett_smb2_posix_v1_request,
+ &ett_smb2_posix_v1_response,
+ &ett_smb2_posix_v1_supported_features,
+ &ett_smb2_integrity_flags,
&ett_smb2_transform_enc_alg,
+ &ett_smb2_buffercode,
+ &ett_smb2_ioctl_network_interface_capabilities,
+ &ett_qfr_entry,
+ };
+
+ static ei_register_info ei[] = {
+ { &ei_smb2_invalid_length, { "smb2.invalid_length", PI_MALFORMED, PI_ERROR, "Invalid length", EXPFILL }},
+ { &ei_smb2_bad_response, { "smb2.bad_response", PI_MALFORMED, PI_ERROR, "Bad response", EXPFILL }},
};
+ expert_module_t* expert_smb2;
+
proto_smb2 = proto_register_protocol("SMB2 (Server Message Block Protocol version 2)",
- "SMB2", "smb2");
+ "SMB2", "smb2");
proto_register_subtree_array(ett, array_length(ett));
proto_register_field_array(proto_smb2, hf, array_length(hf));
+ expert_smb2 = expert_register_protocol(proto_smb2);
+ expert_register_field_array(expert_smb2, ei, array_length(ei));
+
+ smb2_module = prefs_register_protocol(proto_smb2, NULL);
+ prefs_register_bool_preference(smb2_module, "eosmb2_take_name_as_fid",
+ "Use the full file name as File ID when exporting an SMB2 object",
+ "Whether the export object functionality will take the full path file name as file identifier",
+ &eosmb2_take_name_as_fid);
- register_heur_dissector_list("smb2_heur_subdissectors", &smb2_heur_subdissector_list);
+ smb2_heur_subdissector_list = register_heur_dissector_list("smb2_heur_subdissectors");
smb2_tap = register_tap("smb2");
+ smb2_eo_tap = register_tap("smb_eo"); /* SMB Export Object tap */
+
+ register_srt_table(proto_smb2, NULL, 1, smb2stat_packet, smb2stat_init, NULL);
}
void
{
gssapi_handle = find_dissector("gssapi");
ntlmssp_handle = find_dissector("ntlmssp");
- heur_dissector_add("netbios", dissect_smb2_heur, proto_smb2);
+ rsvd_handle = find_dissector("rsvd");
+ heur_dissector_add("netbios", dissect_smb2_heur, "SMB2 over Netbios", "smb2_netbios", proto_smb2, HEURISTIC_ENABLE);
+ heur_dissector_add("smb_direct", dissect_smb2_heur, "SMB2 over SMB Direct", "smb2_smb_direct", proto_smb2, HEURISTIC_ENABLE);
}
+
+/*
+ * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */
git.samba.org / metze / wireshark / wip.git / blobdiff