static int hf_smb2_ioctl_function_function = -1;
static int hf_smb2_fsctl_pipe_wait_timeout = -1;
static int hf_smb2_fsctl_pipe_wait_name = -1;
-static int hf_smb2_fsctl_offload_read_size = -1;
-static int hf_smb2_fsctl_offload_read_flags = -1;
-static int hf_smb2_fsctl_offload_read_token_ttl = -1;
-static int hf_smb2_fsctl_offload_reserved = -1;
-static int hf_smb2_fsctl_offload_read_file_offset = -1;
-static int hf_smb2_fsctl_offload_read_copy_length = -1;
-static int hf_smb2_fsctl_offload_read_transfer_length = -1;
-static int hf_smb2_fsctl_offload_token = -1;
+
+static int hf_smb2_fsctl_odx_token_type = -1;
+static int hf_smb2_fsctl_odx_token_idlen = -1;
+static int hf_smb2_fsctl_odx_token_idraw = -1;
+static int hf_smb2_fsctl_odx_token_ttl = -1;
+static int hf_smb2_fsctl_odx_size = -1;
+static int hf_smb2_fsctl_odx_flags = -1;
+static int hf_smb2_fsctl_odx_file_offset = -1;
+static int hf_smb2_fsctl_odx_copy_length = -1;
+static int hf_smb2_fsctl_odx_xfer_length = -1;
+static int hf_smb2_fsctl_odx_token_offset = -1;
+
+static int hf_smb2_fsctl_sparse_flag = -1;
+static int hf_smb2_fsctl_range_offset = -1;
+static int hf_smb2_fsctl_range_length = -1;
static int hf_smb2_ioctl_function_method = -1;
static int hf_smb2_ioctl_resiliency_timeout = -1;
static int hf_smb2_ioctl_resiliency_reserved = -1;
static int hf_smb2_posix_v1_posix_fileinfo = -1;
static int hf_smb2_posix_v1_posix_acls = -1;
static int hf_smb2_posix_v1_rich_acls = -1;
+static int hf_smb2_aapl_command_code = -1;
+static int hf_smb2_aapl_reserved = -1;
+static int hf_smb2_aapl_server_query_bitmask = -1;
+static int hf_smb2_aapl_server_query_bitmask_server_caps = -1;
+static int hf_smb2_aapl_server_query_bitmask_volume_caps = -1;
+static int hf_smb2_aapl_server_query_bitmask_model_info = -1;
+static int hf_smb2_aapl_server_query_caps = -1;
+static int hf_smb2_aapl_server_query_caps_supports_read_dir_attr = -1;
+static int hf_smb2_aapl_server_query_caps_supports_osx_copyfile = -1;
+static int hf_smb2_aapl_server_query_caps_unix_based = -1;
+static int hf_smb2_aapl_server_query_caps_supports_nfs_ace = -1;
+static int hf_smb2_aapl_server_query_volume_caps = -1;
+static int hf_smb2_aapl_server_query_volume_caps_support_resolve_id = -1;
+static int hf_smb2_aapl_server_query_volume_caps_case_sensitive = -1;
+static int hf_smb2_aapl_server_query_volume_caps_supports_full_sync = -1;
+static int hf_smb2_aapl_server_query_model_string = -1;
+static int hf_smb2_aapl_server_query_server_path = -1;
static int hf_smb2_error_byte_count = -1;
static int hf_smb2_error_data = -1;
static int hf_smb2_error_reserved = -1;
static int hf_smb2_pipe_reassembled_in = -1;
static int hf_smb2_pipe_reassembled_length = -1;
static int hf_smb2_pipe_reassembled_data = -1;
+static int hf_smb2_cchunk_resume_key = -1;
+static int hf_smb2_cchunk_count = -1;
+static int hf_smb2_cchunk_src_offset = -1;
+static int hf_smb2_cchunk_dst_offset = -1;
+static int hf_smb2_cchunk_xfer_len = -1;
+static int hf_smb2_cchunk_chunks_written = -1;
+static int hf_smb2_cchunk_bytes_written = -1;
+static int hf_smb2_cchunk_total_written = -1;
static gint ett_smb2 = -1;
static gint ett_smb2_olb = -1;
static gint ett_smb2_share_caps = -1;
static gint ett_smb2_ioctl_flags = -1;
static gint ett_smb2_ioctl_network_interface = -1;
+static gint ett_smb2_fsctl_range_data = -1;
static gint ett_windows_sockaddr = -1;
static gint ett_smb2_close_flags = -1;
static gint ett_smb2_notify_info = -1;
static gint ett_smb2_posix_v1_request = -1;
static gint ett_smb2_posix_v1_response = -1;
static gint ett_smb2_posix_v1_supported_features = -1;
+static gint ett_smb2_aapl_create_context_request = -1;
+static gint ett_smb2_aapl_server_query_bitmask = -1;
+static gint ett_smb2_aapl_server_query_caps = -1;
+static gint ett_smb2_aapl_create_context_response = -1;
+static gint ett_smb2_aapl_server_query_volume_caps = -1;
static gint ett_smb2_integrity_flags = -1;
static gint ett_smb2_find_flags = -1;
static gint ett_smb2_file_directory_info = -1;
static gint ett_qfr_entry = -1;
static gint ett_smb2_pipe_fragment = -1;
static gint ett_smb2_pipe_fragments = -1;
+static gint ett_smb2_cchunk_entry = -1;
+static gint ett_smb2_fsctl_odx_token = -1;
static expert_field ei_smb2_invalid_length = EI_INIT;
static expert_field ei_smb2_bad_response = EI_INIT;
static dissector_handle_t gssapi_handle = NULL;
static dissector_handle_t ntlmssp_handle = NULL;
static dissector_handle_t rsvd_handle = NULL;
-static dissector_handle_t data_handle = NULL;
static heur_dissector_list_t smb2_pipe_subdissector_list;
{0x000900A4, "FSCTL_SET_REPARSE_POINT"},
{0x000900A8, "FSCTL_GET_REPARSE_POINT"},
{0x000900C0, "FSCTL_CREATE_OR_GET_OBJECT_ID"}, /* dissector implemented */
+ {0x000900C4, "FSCTL_SET_SPARSE"}, /* dissector implemented */
{0x000900D4, "FSCTL_SET_ENCRYPTION"},
{0x000900DB, "FSCTL_ENCRYPTION_FSCTL_IO"},
{0x000900DF, "FSCTL_WRITE_RAW_ENCRYPTED"},
{0x000940B3, "FSCTL_ENUM_USN_DATA"},
{0x000940B7, "FSCTL_SECURITY_ID_CHECK"},
{0x000940BB, "FSCTL_READ_USN_JOURNAL"},
- {0x000940CF, "FSCTL_QUERY_ALLOCATED_RANGES"},
+ {0x000940CF, "FSCTL_QUERY_ALLOCATED_RANGES"}, /* dissector implemented */
{0x000940E7, "FSCTL_CREATE_USN_JOURNAL"},
{0x000940EB, "FSCTL_READ_FILE_USN_DATA"},
{0x000940EF, "FSCTL_WRITE_USN_CLOSE_RECORD"},
- {0x00094264, "FSCTL_OFFLOAD_READ"},
+ {0x00094264, "FSCTL_OFFLOAD_READ"}, /* dissector implemented */
{0x00098098, "FSCTL_SET_OBJECT_ID"}, /* dissector implemented */
{0x000980A0, "FSCTL_DELETE_OBJECT_ID"}, /* no data in/out */
{0x000980A4, "FSCTL_SET_REPARSE_POINT"},
{0x000980AC, "FSCTL_DELETE_REPARSE_POINT"},
{0x000980BC, "FSCTL_SET_OBJECT_ID_EXTENDED"}, /* dissector implemented */
- {0x000980C4, "FSCTL_SET_SPARSE"},
- {0x000980C8, "FSCTL_SET_ZERO_DATA"},
+ {0x000980C8, "FSCTL_SET_ZERO_DATA"}, /* dissector implemented */
{0x000980D0, "FSCTL_ENABLE_UPGRADE"},
{0x00098208, "FSCTL_FILE_LEVEL_TRIM"},
+ {0x00098268, "FSCTL_OFFLOAD_WRITE"}, /* dissector implemented */
{0x0009C040, "FSCTL_SET_COMPRESSION"}, /* dissector implemented */
{0x0009C280, "FSCTL_SET_INTEGRITY_INFORMATION"}, /* dissector implemented */
{0x00110018, "FSCTL_PIPE_WAIT"}, /* dissector implemented */
{0x001401FC, "FSCTL_QUERY_NETWORK_INTERFACE_INFO"}, /* dissector implemented */
{0x00140200, "FSCTL_VALIDATE_NEGOTIATE_INFO_224"}, /* dissector implemented */
{0x00140204, "FSCTL_VALIDATE_NEGOTIATE_INFO"}, /* dissector implemented */
- {0x00144064, "FSCTL_GET_SHADOW_COPY_DATA"}, /*=FSCTL_SRV_ENUMERATE_SNAPSHOTS*/ /* dissector implemented */
+ {0x00144064, "FSCTL_SRV_ENUMERATE_SNAPSHOTS"}, /* dissector implemented */
{0x001440F2, "FSCTL_SRV_COPYCHUNK"},
{0x001441bb, "FSCTL_SRV_READ_HASH"},
{0x001480F2, "FSCTL_SRV_COPYCHUNK_WRITE"},
} else {
sfi->name = wmem_strdup_printf(wmem_file_scope(), "[unknown]");
}
- sfi->open_frame = pinfo->num;
if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
fid_name = wmem_strdup_printf(wmem_file_scope(), "File: %s", (char *)si->saved->extra_info);
gboolean continue_dissection;
switch (si->status) {
- /* buffer code */
- case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
+ /* MS-SMB2 3.3.4.4 says STATUS_NOTIFY_ENUM_DIR is not treated as an error */
+ case 0x0000010c: /* STATUS_NOTIFY_ENUM_DIR */
+ case 0x00000000: /* buffer code */
+ offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
if (!continue_dissection) return offset;
}
if (!pinfo->can_desegment) {
result = dissector_try_heuristic(smb2_pipe_subdissector_list,
tvb, pinfo, top_tree,
- &hdtbl_entry, NULL);
+ &hdtbl_entry, data);
goto clean_up_and_exit;
}
*/
result = dissector_try_heuristic(smb2_pipe_subdissector_list,
tvb, pinfo, top_tree,
- &hdtbl_entry, NULL);
+ &hdtbl_entry, data);
/* no this didn't look like something we know */
if (!result) {
/* dissect the full PDU */
result = dissector_try_heuristic(smb2_pipe_subdissector_list,
tvb, pinfo, top_tree,
- &hdtbl_entry, NULL);
+ &hdtbl_entry, data);
}
goto clean_up_and_exit;
}
*/
result = dissector_try_heuristic(smb2_pipe_subdissector_list,
tvb, pinfo, top_tree,
- &hdtbl_entry, NULL);
+ &hdtbl_entry, data);
goto clean_up_and_exit;
}
if (!(fd_head->flags&FD_DEFRAGMENTED)) {
/* we don't have a fully reassembled frame */
result = dissector_try_heuristic(smb2_pipe_subdissector_list,
tvb, pinfo, top_tree,
- &hdtbl_entry, NULL);
+ &hdtbl_entry, data);
goto clean_up_and_exit;
}
/* dissect the full PDU */
result = dissector_try_heuristic(smb2_pipe_subdissector_list,
tvb, pinfo, top_tree,
- &hdtbl_entry, NULL);
+ &hdtbl_entry, data);
clean_up_and_exit:
/* clear out the variables */
pinfo->desegment_len = 0;
if (!result) {
- call_dissector(data_handle, tvb, pinfo, top_tree);
+ call_data_dissector(tvb, pinfo, top_tree);
}
pinfo->fragmented = save_fragmented;
return offset;
}
+/* The STORAGE_OFFLOAD_TOKEN is used for "Offload Data Transfer" (ODX) operations,
+ including FSCTL_OFFLOAD_READ, FSCTL_OFFLOAD_WRITE. Ref: MS-FSCC 2.3.79
+ Note: Unlike most of SMB2, the token fields are BIG-endian! */
+static int
+dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
+{
+ proto_tree *sub_tree;
+ proto_item *sub_item;
+ guint32 idlen = 0;
+ guint32 idtype = 0;
+
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, 512, ett_smb2_fsctl_odx_token, &sub_item, "Token");
+
+ proto_tree_add_item_ret_uint(sub_tree, hf_smb2_fsctl_odx_token_type, tvb, offset, 4, ENC_BIG_ENDIAN, &idtype);
+ offset += 4;
+
+ proto_item_append_text(sub_item, " (IdType 0x%x)", idtype);
+
+ /* reserved */
+ proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
+ offset += 2;
+
+ /* TokenIdLength */
+ proto_tree_add_item_ret_uint(sub_tree, hf_smb2_fsctl_odx_token_idlen, tvb, offset, 2, ENC_BIG_ENDIAN, &idlen);
+ offset += 2;
+
+ /* idlen is what the server says is the "meaningful" part of the token.
+ However, token ID is always 504 bytes */
+ proto_tree_add_bytes_format_value(sub_tree, hf_smb2_fsctl_odx_token_idraw, tvb,
+ offset, idlen, NULL, "Opaque Data");
+ offset += 504;
+
+ return (offset);
+}
+
+/* MS-FSCC 2.3.77, 2.3.78 */
static void
dissect_smb2_FSCTL_OFFLOAD_READ(tvbuff_t *tvb,
packet_info *pinfo _U_,
proto_tree *tree,
int offset,
- proto_tree *top_tree _U_,
gboolean in)
{
- proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
- proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
if (in) {
- proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_token_ttl, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_token_ttl, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
- proto_tree_add_item(tree, hf_smb2_fsctl_offload_reserved, tvb, offset, 4, ENC_NA);
+ proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
offset += 4;
- proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
offset += 8;
- proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_copy_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_copy_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
/* offset += 8; */
} else {
- proto_tree_add_item(tree, hf_smb2_fsctl_offload_read_transfer_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_xfer_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ (void) dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvb, pinfo, tree, offset);
+ }
+}
+
+/* MS-FSCC 2.3.80, 2.3.81 */
+static void
+dissect_smb2_FSCTL_OFFLOAD_WRITE(tvbuff_t *tvb,
+ packet_info *pinfo _U_,
+ proto_tree *tree,
+ int offset,
+ gboolean in)
+{
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ if (in) {
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
offset += 8;
- proto_tree_add_item(tree, hf_smb2_fsctl_offload_token, tvb, offset, 512, ENC_NA);
- /* offset += 512; */
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_copy_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_token_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvb, pinfo, tree, offset);
+
+ } else {
+ proto_tree_add_item(tree, hf_smb2_fsctl_odx_xfer_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ /* offset += 8; */
}
}
}
}
+static int
+dissect_smb2_FSCTL_SET_SPARSE(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
+{
+
+ /* There is no out data */
+ if (!data_in) {
+ return offset;
+ }
+
+ /* sparse flag (optional) */
+ if (tvb_reported_length_remaining(tvb, offset) >= 1) {
+ proto_tree_add_item(tree, hf_smb2_fsctl_sparse_flag, tvb, offset, 1, ENC_NA);
+ offset += 1;
+ }
+
+ return offset;
+}
+
+static int
+dissect_smb2_FSCTL_SET_ZERO_DATA(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
+{
+ proto_tree *sub_tree;
+ proto_item *sub_item;
+
+ /* There is no out data */
+ if (!data_in) {
+ return offset;
+ }
+
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");
+
+ proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ return offset;
+}
+
+static void
+dissect_smb2_FSCTL_QUERY_ALLOCATED_RANGES(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, int offset _U_, gboolean data_in)
+{
+ proto_tree *sub_tree;
+ proto_item *sub_item;
+
+ if (data_in) {
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");
+
+ proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+ } else {
+ /* Zero or more allocated ranges may be reported. */
+ while (tvb_reported_length_remaining(tvb, offset) >= 16) {
+
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");
+
+ proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+ }
+ }
+}
+
+
static void
dissect_smb2_FSCTL_QUERY_FILE_REGIONS(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, int offset _U_, gboolean data_in)
{
}
static void
-dissect_smb2_FSCTL_GET_SHADOW_COPY_DATA(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
+dissect_smb2_FSCTL_SRV_ENUMERATE_SNAPSHOTS(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
{
guint32 num_volumes;
return offset;
}
+static int
+dissect_smb2_cchunk_RESUME_KEY(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
+{
+
+ proto_tree_add_bytes_format_value(tree, hf_smb2_cchunk_resume_key, tvb,
+ offset, 24, NULL, "Opaque Data");
+ offset += 24;
+
+ return (offset);
+}
+
+static void
+dissect_smb2_FSCTL_SRV_REQUEST_RESUME_KEY(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
+{
+
+ /* There is no in data */
+ if (data_in) {
+ return;
+ }
+
+ offset = dissect_smb2_cchunk_RESUME_KEY(tvb, pinfo, tree, offset);
+
+ proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
+ offset += 4;
+}
+
+static void
+dissect_smb2_FSCTL_SRV_COPYCHUNK(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, gboolean data_in)
+{
+ proto_tree *sub_tree;
+ proto_item *sub_item;
+ guint32 chunk_count = 0;
+
+ /* Output is simpler - handle that first. */
+ if (!data_in) {
+ proto_tree_add_item(tree, hf_smb2_cchunk_chunks_written, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_cchunk_bytes_written, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
+ proto_tree_add_item(tree, hf_smb2_cchunk_total_written, tvb, offset+8, 4, ENC_LITTLE_ENDIAN);
+ return;
+ }
+
+ /* Input data, fixed part */
+ offset = dissect_smb2_cchunk_RESUME_KEY(tvb, pinfo, tree, offset);
+ proto_tree_add_item_ret_uint(tree, hf_smb2_cchunk_count, tvb, offset, 4, ENC_LITTLE_ENDIAN, &chunk_count);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
+ offset += 4;
+
+ /* Zero or more allocated ranges may be reported. */
+ while (chunk_count && tvb_reported_length_remaining(tvb, offset) >= 24) {
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, 24, ett_smb2_cchunk_entry, &sub_item, "Chunk");
+
+ proto_tree_add_item(sub_tree, hf_smb2_cchunk_src_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(sub_tree, hf_smb2_cchunk_dst_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ proto_tree_add_item(sub_tree, hf_smb2_cchunk_xfer_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
+ offset += 4;
+
+ chunk_count--;
+ }
+}
+
void
dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in, void *private_data _U_)
{
dissect_get_dfs_referral_data(tvb, pinfo, tree, 0, &dc, TRUE);
}
break;
+ case 0x000940CF: /* FSCTL_QUERY_ALLOCATED_RANGES */
+ dissect_smb2_FSCTL_QUERY_ALLOCATED_RANGES(tvb, pinfo, tree, 0, data_in);
+ break;
case 0x00094264: /* FSCTL_OFFLOAD_READ */
- dissect_smb2_FSCTL_OFFLOAD_READ(tvb, pinfo, tree, 0, top_tree, data_in);
+ dissect_smb2_FSCTL_OFFLOAD_READ(tvb, pinfo, tree, 0, data_in);
+ break;
+ case 0x00098268: /* FSCTL_OFFLOAD_WRITE */
+ dissect_smb2_FSCTL_OFFLOAD_WRITE(tvb, pinfo, tree, 0, data_in);
break;
case 0x0011c017: /* FSCTL_PIPE_TRANSCEIVE */
dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvb, pinfo, tree, 0, top_tree, data_in, private_data);
case 0x00110018: /* FSCTL_PIPE_WAIT */
dissect_smb2_FSCTL_PIPE_WAIT(tvb, pinfo, tree, 0, top_tree, data_in);
break;
+ case 0x00140078: /* FSCTL_SRV_REQUEST_RESUME_KEY */
+ dissect_smb2_FSCTL_SRV_REQUEST_RESUME_KEY(tvb, pinfo, tree, 0, data_in);
+ break;
case 0x001401D4: /* FSCTL_LMR_REQUEST_RESILIENCY */
dissect_smb2_FSCTL_LMR_REQUEST_RESILIENCY(tvb, pinfo, tree, 0, data_in);
break;
case 0x00140204: /* FSCTL_VALIDATE_NEGOTIATE_INFO */
dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO(tvb, pinfo, tree, 0, data_in);
break;
- case 0x00144064: /* FSCTL_GET_SHADOW_COPY_DATA */
- dissect_smb2_FSCTL_GET_SHADOW_COPY_DATA(tvb, pinfo, tree, 0, data_in);
+ case 0x00144064: /* FSCTL_SRV_ENUMERATE_SNAPSHOTS */
+ dissect_smb2_FSCTL_SRV_ENUMERATE_SNAPSHOTS(tvb, pinfo, tree, 0, data_in);
+ break;
+ case 0x001440F2: /* FSCTL_SRV_COPYCHUNK */
+ case 0x001480F2: /* FSCTL_SRV_COPYCHUNK_WRITE */
+ dissect_smb2_FSCTL_SRV_COPYCHUNK(tvb, pinfo, tree, 0, data_in);
break;
case 0x0009009C: /* FSCTL_GET_OBJECT_ID */
case 0x000900c0: /* FSCTL_CREATE_OR_GET_OBJECT_ID */
dissect_smb2_FSCTL_CREATE_OR_GET_OBJECT_ID(tvb, pinfo, tree, 0, data_in);
break;
+ case 0x000900c4: /* FSCTL_SET_SPARSE */
+ dissect_smb2_FSCTL_SET_SPARSE(tvb, pinfo, tree, 0, data_in);
+ break;
case 0x00098098: /* FSCTL_SET_OBJECT_ID */
dissect_smb2_FSCTL_SET_OBJECT_ID(tvb, pinfo, tree, 0, data_in);
break;
case 0x000980BC: /* FSCTL_SET_OBJECT_ID_EXTENDED */
dissect_smb2_FSCTL_SET_OBJECT_ID_EXTENDED(tvb, pinfo, tree, 0, data_in);
break;
+ case 0x000980C8: /* FSCTL_SET_ZERO_DATA */
+ dissect_smb2_FSCTL_SET_ZERO_DATA(tvb, pinfo, tree, 0, data_in);
+ break;
case 0x0009003C: /* FSCTL_GET_COMPRESSION */
dissect_smb2_FSCTL_GET_COMPRESSION(tvb, pinfo, tree, 0, data_in);
break;
}
+#define SMB2_AAPL_SERVER_QUERY 1
+#define SMB2_AAPL_RESOLVE_ID 2
+
+static const value_string aapl_command_code_vals[] = {
+ { SMB2_AAPL_SERVER_QUERY, "Server query"},
+ { SMB2_AAPL_RESOLVE_ID, "Resolve ID"},
+ { 0, NULL }
+};
+
+#define SMB2_AAPL_SERVER_CAPS 0x00000001
+#define SMB2_AAPL_VOLUME_CAPS 0x00000002
+#define SMB2_AAPL_MODEL_INFO 0x00000004
+
+static const int *aapl_server_query_bitmap_fields[] = {
+ &hf_smb2_aapl_server_query_bitmask_server_caps,
+ &hf_smb2_aapl_server_query_bitmask_volume_caps,
+ &hf_smb2_aapl_server_query_bitmask_model_info,
+ NULL
+};
+
+#define SMB2_AAPL_SUPPORTS_READ_DIR_ATTR 0x00000001
+#define SMB2_AAPL_SUPPORTS_OSX_COPYFILE 0x00000002
+#define SMB2_AAPL_UNIX_BASED 0x00000004
+#define SMB2_AAPL_SUPPORTS_NFS_ACE 0x00000008
+
+static const int *aapl_server_query_caps_fields[] = {
+ &hf_smb2_aapl_server_query_caps_supports_read_dir_attr,
+ &hf_smb2_aapl_server_query_caps_supports_osx_copyfile,
+ &hf_smb2_aapl_server_query_caps_unix_based,
+ &hf_smb2_aapl_server_query_caps_supports_nfs_ace,
+ NULL
+};
+
+static void
+dissect_smb2_AAPL_buffer_request(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, smb2_info_t *si _U_)
+{
+ int offset = 0;
+ proto_item *item;
+ proto_item *sub_tree;
+ guint32 command_code;
+
+ item = proto_tree_get_parent(tree);
+
+ proto_item_append_text(item, ": AAPL Create Context request");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_aapl_create_context_request, NULL, "AAPL Create Context request");
+
+ /* Command code */
+ proto_tree_add_item_ret_uint(sub_tree, hf_smb2_aapl_command_code,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN, &command_code);
+ offset += 4;
+
+ /* Reserved */
+ proto_tree_add_item(sub_tree, hf_smb2_aapl_reserved,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ switch (command_code) {
+
+ case SMB2_AAPL_SERVER_QUERY:
+ /* Request bitmap */
+ proto_tree_add_bitmask(sub_tree, tvb, offset,
+ hf_smb2_aapl_server_query_bitmask,
+ ett_smb2_aapl_server_query_bitmask,
+ aapl_server_query_bitmap_fields,
+ ENC_LITTLE_ENDIAN);
+ offset += 8;
+
+ /* Client capabilities */
+ proto_tree_add_bitmask(sub_tree, tvb, offset,
+ hf_smb2_aapl_server_query_caps,
+ ett_smb2_aapl_server_query_caps,
+ aapl_server_query_caps_fields,
+ ENC_LITTLE_ENDIAN);
+ break;
+
+ case SMB2_AAPL_RESOLVE_ID:
+ /* file ID */
+ proto_tree_add_item(sub_tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+ break;
+
+ default:
+ break;
+ }
+}
+
+#define SMB2_AAPL_SUPPORTS_RESOLVE_ID 0x00000001
+#define SMB2_AAPL_CASE_SENSITIVE 0x00000002
+#define SMB2_AAPL_SUPPORTS_FULL_SYNC 0x00000004
+
+static const int *aapl_server_query_volume_caps_fields[] = {
+ &hf_smb2_aapl_server_query_volume_caps_support_resolve_id,
+ &hf_smb2_aapl_server_query_volume_caps_case_sensitive,
+ &hf_smb2_aapl_server_query_volume_caps_supports_full_sync,
+ NULL
+};
+
+static void
+dissect_smb2_AAPL_buffer_response(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, smb2_info_t *si _U_)
+{
+ int offset = 0;
+ proto_item *item;
+ proto_item *sub_tree;
+ guint32 command_code;
+ guint64 server_query_bitmask;
+
+ item = proto_tree_get_parent(tree);
+
+ proto_item_append_text(item, ": AAPL Create Context response");
+ sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_aapl_create_context_response, NULL, "AAPL Create Context response");
+
+ /* Command code */
+ proto_tree_add_item_ret_uint(sub_tree, hf_smb2_aapl_command_code,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN, &command_code);
+ offset += 4;
+
+ /* Reserved */
+ proto_tree_add_item(sub_tree, hf_smb2_aapl_reserved,
+ tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ switch (command_code) {
+
+ case SMB2_AAPL_SERVER_QUERY:
+ /* Reply bitmap */
+ proto_tree_add_bitmask_ret_uint64(sub_tree, tvb, offset,
+ hf_smb2_aapl_server_query_bitmask,
+ ett_smb2_aapl_server_query_bitmask,
+ aapl_server_query_bitmap_fields,
+ ENC_LITTLE_ENDIAN,
+ &server_query_bitmask);
+ offset += 8;
+
+ if (server_query_bitmask & SMB2_AAPL_SERVER_CAPS) {
+ /* Server capabilities */
+ proto_tree_add_bitmask(sub_tree, tvb, offset,
+ hf_smb2_aapl_server_query_caps,
+ ett_smb2_aapl_server_query_caps,
+ aapl_server_query_caps_fields,
+ ENC_LITTLE_ENDIAN);
+ offset += 8;
+ }
+ if (server_query_bitmask & SMB2_AAPL_VOLUME_CAPS) {
+ /* Volume capabilities */
+ proto_tree_add_bitmask(sub_tree, tvb, offset,
+ hf_smb2_aapl_server_query_volume_caps,
+ ett_smb2_aapl_server_query_volume_caps,
+ aapl_server_query_volume_caps_fields,
+ ENC_LITTLE_ENDIAN);
+ offset += 8;
+ }
+ if (server_query_bitmask & SMB2_AAPL_MODEL_INFO) {
+ /* Padding */
+ offset += 4;
+
+ /* Model string */
+ proto_tree_add_item(sub_tree, hf_smb2_aapl_server_query_model_string,
+ tvb, offset, 4,
+ ENC_UTF_16|ENC_LITTLE_ENDIAN);
+ }
+ break;
+
+ case SMB2_AAPL_RESOLVE_ID:
+ /* NT status */
+ proto_tree_add_item(sub_tree, hf_smb2_nt_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+ offset += 4;
+
+ /* Server path */
+ proto_tree_add_item(sub_tree, hf_smb2_aapl_server_query_server_path,
+ tvb, offset, 4,
+ ENC_UTF_16|ENC_LITTLE_ENDIAN);
+ break;
+
+ default:
+ break;
+ }
+}
+
typedef void (*create_context_data_dissector_t)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si);
typedef struct create_context_data_dissectors {
{ "RqLs", "SMB2_CREATE_REQUEST_LEASE",
{ dissect_smb2_RqLs_buffer_request, dissect_smb2_RqLs_buffer_response } },
{ "744D142E-46FA-0890-4AF7-A7EF6AA6BC45", "SMB2_CREATE_APP_INSTANCE_ID",
- { dissect_smb2_APP_INSTANCE_buffer_request,
- dissect_smb2_APP_INSTANCE_buffer_response } },
+ { dissect_smb2_APP_INSTANCE_buffer_request, dissect_smb2_APP_INSTANCE_buffer_response } },
{ "6aa6bc45-a7ef-4af7-9008-fa462e144d74", "SMB2_CREATE_APP_INSTANCE_ID",
- { dissect_smb2_APP_INSTANCE_buffer_request,
- dissect_smb2_APP_INSTANCE_buffer_response } },
+ { dissect_smb2_APP_INSTANCE_buffer_request, dissect_smb2_APP_INSTANCE_buffer_response } },
{ "9ecfcb9c-c104-43e6-980e-158da1f6ec83", "SVHDX_OPEN_DEVICE_CONTEXT",
- { dissect_smb2_svhdx_open_device_context_request,
- dissect_smb2_svhdx_open_device_context_response} },
+ { dissect_smb2_svhdx_open_device_context_request, dissect_smb2_svhdx_open_device_context_response} },
{ "34263501-2921-4912-2586-447794114531", "SMB2_POSIX_V1_CAPS",
- { dissect_smb2_posix_v1_caps_request,
- dissect_smb2_posix_v1_caps_response } }
+ { dissect_smb2_posix_v1_caps_request, dissect_smb2_posix_v1_caps_response } },
+ { "AAPL", "SMB2_AAPL_CREATE_CONTEXT",
+ { dissect_smb2_AAPL_buffer_request, dissect_smb2_AAPL_buffer_response } },
};
static struct create_context_data_tag_dissectors*
memcpy(&A_1[1], sti->nonce, 15 - 4);
- plain_data = (guint8 *)tvb_memdup(NULL, tvb, offset, sti->size);
+ plain_data = (guint8 *)tvb_memdup(pinfo->pool, tvb, offset, sti->size);
/* Open the cipher. */
if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0)) {
- g_free(plain_data);
+ wmem_free(pinfo->pool, plain_data);
plain_data = NULL;
goto done_decryption;
}
/* Set the key and initial value. */
if (gcry_cipher_setkey(cipher_hd, decryption_key, 16)) {
gcry_cipher_close(cipher_hd);
- g_free(plain_data);
+ wmem_free(pinfo->pool, plain_data);
plain_data = NULL;
goto done_decryption;
}
if (gcry_cipher_setctr(cipher_hd, A_1, 16)) {
gcry_cipher_close(cipher_hd);
- g_free(plain_data);
+ wmem_free(pinfo->pool, plain_data);
plain_data = NULL;
goto done_decryption;
}
if (gcry_cipher_encrypt(cipher_hd, plain_data, sti->size, NULL, 0)) {
gcry_cipher_close(cipher_hd);
- g_free(plain_data);
+ wmem_free(pinfo->pool, plain_data);
plain_data = NULL;
goto done_decryption;
}
if (plain_data != NULL) {
*plain_tvb = tvb_new_child_real_data(*enc_tvb, plain_data, sti->size, sti->size);
- tvb_set_free_cb(*plain_tvb, g_free);
add_new_data_source(pinfo, *plain_tvb, "Decrypted SMB3");
}
{ "File Offset", "smb2.file_offset", FT_UINT64, BASE_DEC,
NULL, 0, NULL, HFILL }},
+ { &hf_smb2_fsctl_range_offset,
+ { "File Offset", "smb2.fsctl.range_offset", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_fsctl_range_length,
+ { "Length", "smb2.fsctl.range_length", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
{ &hf_smb2_qfr_length,
{ "Length", "smb2.qfr_length", FT_UINT64, BASE_DEC,
NULL, 0, NULL, HFILL }},
{ "Name", "smb2.fsctl.wait.name", FT_STRING, BASE_NONE,
NULL, 0, "Pipe name", HFILL }},
- { &hf_smb2_fsctl_offload_read_size,
- { "Size", "smb2.fsctl.offload.read", FT_UINT32, BASE_DEC,
- NULL, 0, "Size of data element", HFILL }},
+ { &hf_smb2_fsctl_odx_token_type,
+ { "TokenType", "smb2.fsctl.odx.token.type", FT_UINT32, BASE_HEX,
+ NULL, 0, "Token Type", HFILL }},
- { &hf_smb2_fsctl_offload_read_flags,
- { "Flags", "smb2.fsctl.offload.flags", FT_UINT32, BASE_HEX,
- NULL, 0, "Flags for this operation", HFILL }},
+ { &hf_smb2_fsctl_odx_token_idlen,
+ { "TokenIdLength", "smb2.fsctl.odx.token.idlen", FT_UINT16, BASE_DEC,
+ NULL, 0, "Token ID Length", HFILL }},
+
+ { &hf_smb2_fsctl_odx_token_idraw,
+ { "TokenId", "smb2.fsctl.odx.token.id", FT_BYTES, BASE_NONE,
+ NULL, 0, "Token ID (opaque)", HFILL }},
- { &hf_smb2_fsctl_offload_read_token_ttl,
- { "TokenTimeToLive", "smb2.fsctl.offload.token_ttl",
+ { &hf_smb2_fsctl_odx_token_ttl,
+ { "TokenTimeToLive", "smb2.fsctl.odx.token_ttl",
FT_UINT32, BASE_DEC, NULL, 0,
- "TTL for the generated token (in milliseconds)", HFILL }},
+ "TTL requested for the token (in milliseconds)", HFILL }},
- { &hf_smb2_fsctl_offload_reserved,
- { "Reserved", "smb2.fsctl.offload.reserved",
- FT_BYTES, BASE_NONE, NULL, 0,
- NULL, HFILL }},
+ { &hf_smb2_fsctl_odx_size,
+ { "Size", "smb2.fsctl.odx.size", FT_UINT32, BASE_DEC,
+ NULL, 0, "Size of this data element", HFILL }},
+
+ { &hf_smb2_fsctl_odx_flags,
+ { "Flags", "smb2.fsctl.odx.flags", FT_UINT32, BASE_HEX,
+ NULL, 0, "Flags for this operation", HFILL }},
- { &hf_smb2_fsctl_offload_read_file_offset,
- { "FileOffset", "smb2.fsctl.offload.file_offset",
+ { &hf_smb2_fsctl_odx_file_offset,
+ { "FileOffset", "smb2.fsctl.odx.file_offset",
FT_UINT64, BASE_DEC, NULL, 0,
"File offset", HFILL }},
- { &hf_smb2_fsctl_offload_read_copy_length,
- { "CopyLength", "smb2.fsctl.offload.copy_length",
+ { &hf_smb2_fsctl_odx_copy_length,
+ { "CopyLength", "smb2.fsctl.odx.copy_length",
FT_UINT64, BASE_DEC, NULL, 0,
"Copy length", HFILL }},
- { &hf_smb2_fsctl_offload_read_transfer_length,
- { "TransferLength", "smb2.fsctl.offload.transfer_length",
+ { &hf_smb2_fsctl_odx_xfer_length,
+ { "TransferLength", "smb2.fsctl.odx.xfer_length",
FT_UINT64, BASE_DEC, NULL, 0,
- "Transfer length", HFILL }},
+ "Length Transfered", HFILL }},
- { &hf_smb2_fsctl_offload_token,
- { "Token", "smb2.fsctl.offload.token",
- FT_BYTES, BASE_NONE, NULL, 0,
- NULL, HFILL }},
+ { &hf_smb2_fsctl_odx_token_offset,
+ { "TokenOffset", "smb2.fsctl.odx.token_offset",
+ FT_UINT64, BASE_DEC, NULL, 0,
+ "Token Offset (relative to start of token)", HFILL }},
+
+ { &hf_smb2_fsctl_sparse_flag,
+ { "SetSparse", "smb2.fsctl.set_sparse", FT_BOOLEAN, 8,
+ NULL, 0xFF, NULL, HFILL }},
{ &hf_smb2_ioctl_resiliency_timeout,
{ "Timeout", "smb2.ioctl.resiliency.timeout", FT_UINT32, BASE_DEC,
{ "Supported Features", "smb2.posix_supported_features", FT_UINT32, BASE_HEX,
NULL, 0, NULL, HFILL }},
+ { &hf_smb2_aapl_command_code,
+ { "Command code", "smb2.aapl.command_code", FT_UINT32, BASE_DEC,
+ VALS(aapl_command_code_vals), 0, NULL, HFILL }},
+
+ { &hf_smb2_aapl_reserved,
+ { "Reserved", "smb2.aapl.reserved", FT_UINT32, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_bitmask,
+ { "Query bitmask", "smb2.aapl.query_bitmask", FT_UINT64, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_bitmask_server_caps,
+ { "Server capabilities", "smb2.aapl.bitmask.server_caps", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_SERVER_CAPS, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_bitmask_volume_caps,
+ { "Volume capabilities", "smb2.aapl.bitmask.volume_caps", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_VOLUME_CAPS, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_bitmask_model_info,
+ { "Model information", "smb2.aapl.bitmask.model_info", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_MODEL_INFO, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_caps,
+ { "Client/Server capabilities", "smb2.aapl.caps", FT_UINT64, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_caps_supports_read_dir_attr,
+ { "Supports READDIRATTR", "smb2.aapl.caps.supports_read_dir_addr", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_SUPPORTS_READ_DIR_ATTR, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_caps_supports_osx_copyfile,
+ { "Supports OS X copyfile", "smb2.aapl.caps.supports_osx_copyfile", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_SUPPORTS_OSX_COPYFILE, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_caps_unix_based,
+ { "UNIX-based", "smb2.aapl.caps.unix_based", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_UNIX_BASED, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_caps_supports_nfs_ace,
+ { "Supports NFS ACE", "smb2.aapl.supports_nfs_ace", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_SUPPORTS_NFS_ACE, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_volume_caps,
+ { "Volume capabilities", "smb2.aapl.volume_caps", FT_UINT64, BASE_HEX,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_volume_caps_support_resolve_id,
+ { "Supports Resolve ID", "smb2.aapl.volume_caps.supports_resolve_id", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_SUPPORTS_RESOLVE_ID, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_volume_caps_case_sensitive,
+ { "Case sensitive", "smb2.aapl.volume_caps.case_sensitive", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_CASE_SENSITIVE, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_volume_caps_supports_full_sync,
+ { "Supports full sync", "smb2.aapl.volume_caps.supports_full_sync", FT_BOOLEAN, 64,
+ NULL, SMB2_AAPL_SUPPORTS_FULL_SYNC, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_model_string,
+ { "Model string", "smb2.aapl.model_string", FT_UINT_STRING, STR_UNICODE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_smb2_aapl_server_query_server_path,
+ { "Server path", "smb2.aapl.server_path", FT_UINT_STRING, STR_UNICODE,
+ NULL, 0, NULL, HFILL }},
+
{ &hf_smb2_transform_signature,
{ "Signature", "smb2.header.transform.signature", FT_BYTES, BASE_NONE,
NULL, 0, NULL, HFILL }},
{ &hf_smb2_pipe_reassembled_data,
{ "Reassembled SMB2 Named Pipe Data", "smb2.pipe.reassembled.data", FT_BYTES,
BASE_NONE, NULL, 0x0, "The reassembled payload", HFILL }},
+ { &hf_smb2_cchunk_resume_key,
+ { "ResumeKey", "smb2.fsctl.cchunk.resume_key", FT_BYTES,
+ BASE_NONE, NULL, 0x0, "Opaque data representing source of copy", HFILL }},
+ { &hf_smb2_cchunk_count,
+ { "Chunk Count", "smb2.fsctl.cchunk.count", FT_UINT32,
+ BASE_DEC, NULL, 0x0, NULL, HFILL }},
+ { &hf_smb2_cchunk_src_offset,
+ { "Source Offset", "smb2.fsctl.cchunk.src_offset", FT_UINT64,
+ BASE_DEC, NULL, 0x0, NULL, HFILL }},
+ { &hf_smb2_cchunk_dst_offset,
+ { "Target Offset", "smb2.fsctl.cchunk.dst_offset", FT_UINT64,
+ BASE_DEC, NULL, 0x0, NULL, HFILL }},
+ { &hf_smb2_cchunk_xfer_len,
+ { "Transfer Length", "smb2.fsctl.cchunk.xfer_len", FT_UINT32,
+ BASE_DEC, NULL, 0x0, NULL, HFILL }},
+ { &hf_smb2_cchunk_chunks_written,
+ { "Chunks Written", "smb2.fsctl.cchunk.chunks_written", FT_UINT32,
+ BASE_DEC, NULL, 0x0, NULL, HFILL }},
+ { &hf_smb2_cchunk_bytes_written,
+ { "Chunk Bytes Written", "smb2.fsctl.cchunk.bytes_written", FT_UINT32,
+ BASE_DEC, NULL, 0x0, NULL, HFILL }},
+ { &hf_smb2_cchunk_total_written,
+ { "Total Bytes Written", "smb2.fsctl.cchunk.total_written", FT_UINT32,
+ BASE_DEC, NULL, 0x0, NULL, HFILL }},
};
static gint *ett[] = {
&ett_smb2_share_caps,
&ett_smb2_ioctl_flags,
&ett_smb2_ioctl_network_interface,
+ &ett_smb2_fsctl_range_data,
&ett_windows_sockaddr,
&ett_smb2_close_flags,
&ett_smb2_notify_info,
&ett_smb2_posix_v1_request,
&ett_smb2_posix_v1_response,
&ett_smb2_posix_v1_supported_features,
+ &ett_smb2_aapl_create_context_request,
+ &ett_smb2_aapl_server_query_bitmask,
+ &ett_smb2_aapl_server_query_caps,
+ &ett_smb2_aapl_create_context_response,
+ &ett_smb2_aapl_server_query_volume_caps,
&ett_smb2_integrity_flags,
&ett_smb2_transform_enc_alg,
&ett_smb2_buffercode,
&ett_qfr_entry,
&ett_smb2_pipe_fragment,
&ett_smb2_pipe_fragments,
+ &ett_smb2_cchunk_entry,
+ &ett_smb2_fsctl_odx_token,
};
static ei_register_info ei[] = {
"Reassemble Named Pipes over SMB2",
"Whether the dissector should reassemble Named Pipes over SMB2 commands",
&smb2_pipe_reassembly);
- smb2_pipe_subdissector_list = register_heur_dissector_list("smb2_pipe_subdissectors");
+ smb2_pipe_subdissector_list = register_heur_dissector_list("smb2_pipe_subdissectors", proto_smb2);
register_init_routine(smb2_pipe_reassembly_init);
smb2_tap = register_tap("smb2");
void
proto_reg_handoff_smb2(void)
{
- gssapi_handle = find_dissector("gssapi");
- ntlmssp_handle = find_dissector("ntlmssp");
- rsvd_handle = find_dissector("rsvd");
- data_handle = find_dissector("data");
+ gssapi_handle = find_dissector_add_dependency("gssapi", proto_smb2);
+ ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_smb2);
+ rsvd_handle = find_dissector_add_dependency("rsvd", proto_smb2);
heur_dissector_add("netbios", dissect_smb2_heur, "SMB2 over Netbios", "smb2_netbios", proto_smb2, HEURISTIC_ENABLE);
heur_dissector_add("smb_direct", dissect_smb2_heur, "SMB2 over SMB Direct", "smb2_smb_direct", proto_smb2, HEURISTIC_ENABLE);
}