2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.51 1999/12/07 06:36:12 sharpe Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@unicom.net>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
51 static int proto_smb = -1;
53 static gint ett_smb = -1;
54 static gint ett_smb_fileattributes = -1;
55 static gint ett_smb_capabilities = -1;
56 static gint ett_smb_aflags = -1;
57 static gint ett_smb_dialects = -1;
58 static gint ett_smb_mode = -1;
59 static gint ett_smb_rawmode = -1;
60 static gint ett_smb_flags = -1;
61 static gint ett_smb_flags2 = -1;
62 static gint ett_smb_desiredaccess = -1;
63 static gint ett_smb_search = -1;
64 static gint ett_smb_file = -1;
65 static gint ett_smb_openfunction = -1;
66 static gint ett_smb_filetype = -1;
67 static gint ett_smb_action = -1;
68 static gint ett_smb_writemode = -1;
69 static gint ett_smb_lock_type = -1;
71 static int proto_browse = -1;
73 static gint ett_browse = -1;
74 static gint ett_browse_flags = -1;
75 static gint ett_browse_election_criteria = -1;
76 static gint ett_browse_election_os = -1;
77 static gint ett_browse_election_desire = -1;
79 static int proto_lanman = -1;
81 static gint ett_lanman = -1;
82 static gint ett_lanman_servers = -1;
83 static gint ett_lanman_server = -1;
84 static gint ett_lanman_shares = -1;
85 static gint ett_lanman_share = -1;
88 * Struct passed to each SMB decode routine of info it may need
91 char *decode_smb_name(unsigned char);
93 int smb_packet_init_count = 200;
95 struct smb_request_key {
100 struct smb_request_val {
101 guint16 last_transact2_command;
102 gchar *last_transact_command;
104 guint16 last_lanman_cmd;
105 gchar *last_param_descrip; /* Keep these descriptors around */
106 gchar *last_data_descrip;
107 guint16 last_level; /* Last level in request */
111 int tid, uid, mid, pid; /* Any more? */
112 conversation_t *conversation;
113 struct smb_request_val *request_val;
117 GHashTable *smb_request_hash = NULL;
118 GMemChunk *smb_request_keys = NULL;
119 GMemChunk *smb_request_vals = NULL;
123 smb_equal(gconstpointer v, gconstpointer w)
125 struct smb_request_key *v1 = (struct smb_request_key *)v;
126 struct smb_request_key *v2 = (struct smb_request_key *)w;
128 #if defined(DEBUG_SMB_HASH)
129 printf("Comparing %08X:%u\n and %08X:%u\n",
130 v1 -> conversation, v1 -> mid,
131 v2 -> conversation, v2 -> mid);
134 if (v1 -> conversation == v2 -> conversation &&
135 v1 -> mid == v2 -> mid) {
145 smb_hash (gconstpointer v)
147 struct smb_request_key *key = (struct smb_request_key *)v;
150 val = key -> conversation + key -> mid;
152 #if defined(DEBUG_SMB_HASH)
153 printf("SMB Hash calculated as %u\n", val);
161 * Free up any state information we've saved, and re-initialize the
162 * tables of state information.
165 smb_init_protocol(void)
167 #if defined(DEBUG_SMB_HASH)
168 printf("Initializing SMB hashtable area\n");
171 if (smb_request_hash)
172 g_hash_table_destroy(smb_request_hash);
173 if (smb_request_keys)
174 g_mem_chunk_destroy(smb_request_keys);
175 if (smb_request_vals)
176 g_mem_chunk_destroy(smb_request_vals);
178 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
179 smb_request_keys = g_mem_chunk_new("smb_request_keys",
180 sizeof(struct smb_request_key),
181 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
182 smb_request_vals = g_mem_chunk_new("smb_request_vals",
183 sizeof(struct smb_request_val),
184 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
187 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
189 char *SMB_names[256] = {
190 "SMBcreatedirectory",
191 "SMBdeletedirectory",
239 "SMBcloseandtreedisc",
241 "SMBtrans2secondary",
243 "SMBfindnotifyclose",
351 "SMBnttransactsecondary",
449 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
454 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data (%u bytes)",
462 * Dissect a UNIX like date ...
468 dissect_smbu_date(guint16 date, guint16 time)
471 static char datebuf[4+2+2+2+1];
472 time_t ltime = (date << 16) + time;
474 gtime = gmtime(<ime);
475 sprintf(datebuf, "%04d-%02d-%02d",
476 1900 + (gtime -> tm_year), gtime -> tm_mon, gtime -> tm_mday);
486 dissect_smbu_time(guint16 date, guint16 time)
489 static char timebuf[2+2+2+2+1];
491 sprintf(timebuf, "%02d:%02d:%02d",
492 gtime -> tm_hour, gtime -> tm_min, gtime -> tm_sec);
499 * Dissect a DOS-format date.
502 dissect_dos_date(guint16 date)
504 static char datebuf[4+2+2+1];
506 sprintf(datebuf, "%04d-%02d-%02d",
507 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
512 * Dissect a DOS-format time.
515 dissect_dos_time(guint16 time)
517 static char timebuf[2+2+2+1];
519 sprintf(timebuf, "%02d:%02d:%02d",
520 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
524 /* Max string length for displaying Unicode strings. */
525 #define MAX_UNICODE_STR_LEN 256
527 /* Turn a little-endian Unicode '\0'-terminated string into a string we
529 XXX - for now, we just handle the ISO 8859-1 characters. */
531 unicode_to_str(const guint8 *us, int *us_lenp) {
532 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
539 if (cur == &str[0][0]) {
541 } else if (cur == &str[1][0]) {
547 len = MAX_UNICODE_STR_LEN;
549 while (*us != 0 || *(us + 1) != 0) {
559 /* Note that we're not showing the full string. */
570 * Each dissect routine is passed an offset to wct and works from there
574 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
581 if (dirn == 1) { /* Request(s) dissect code */
583 /* Build display for: Word Count (WCT) */
585 WordCount = GBYTE(pd, offset);
589 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
593 offset += 1; /* Skip Word Count (WCT) */
595 /* Build display for: FID */
597 FID = GSHORT(pd, offset);
601 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
605 offset += 2; /* Skip FID */
607 /* Build display for: Byte Count */
609 ByteCount = GSHORT(pd, offset);
613 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
617 offset += 2; /* Skip Byte Count */
621 if (dirn == 0) { /* Response(s) dissect code */
623 /* Build display for: Word Count (WCT) */
625 WordCount = GBYTE(pd, offset);
629 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
633 offset += 1; /* Skip Word Count (WCT) */
635 /* Build display for: Byte Count (BCC) */
637 ByteCount = GSHORT(pd, offset);
641 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
645 offset += 2; /* Skip Byte Count (BCC) */
652 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
660 guint16 BlocksPerUnit;
663 if (dirn == 1) { /* Request(s) dissect code */
665 /* Build display for: Word Count (WCT) */
667 WordCount = GBYTE(pd, offset);
671 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
675 offset += 1; /* Skip Word Count (WCT) */
677 /* Build display for: Byte Count (BCC) */
679 ByteCount = GSHORT(pd, offset);
683 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
687 offset += 2; /* Skip Byte Count (BCC) */
691 if (dirn == 0) { /* Response(s) dissect code */
693 /* Build display for: Word Count (WCT) */
695 WordCount = GBYTE(pd, offset);
699 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
703 offset += 1; /* Skip Word Count (WCT) */
707 /* Build display for: Total Units */
709 TotalUnits = GSHORT(pd, offset);
713 proto_tree_add_text(tree, offset, 2, "Total Units: %u", TotalUnits);
717 offset += 2; /* Skip Total Units */
719 /* Build display for: Blocks Per Unit */
721 BlocksPerUnit = GSHORT(pd, offset);
725 proto_tree_add_text(tree, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
729 offset += 2; /* Skip Blocks Per Unit */
731 /* Build display for: Block Size */
733 BlockSize = GSHORT(pd, offset);
737 proto_tree_add_text(tree, offset, 2, "Block Size: %u", BlockSize);
741 offset += 2; /* Skip Block Size */
743 /* Build display for: Free Units */
745 FreeUnits = GSHORT(pd, offset);
749 proto_tree_add_text(tree, offset, 2, "Free Units: %u", FreeUnits);
753 offset += 2; /* Skip Free Units */
755 /* Build display for: Reserved */
757 Reserved = GSHORT(pd, offset);
761 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
765 offset += 2; /* Skip Reserved */
769 /* Build display for: Byte Count (BCC) */
771 ByteCount = GSHORT(pd, offset);
775 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
779 offset += 2; /* Skip Byte Count (BCC) */
786 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
789 proto_tree *Attributes_tree;
799 guint16 LastWriteTime;
800 guint16 LastWriteDate;
802 const char *FileName;
804 if (dirn == 1) { /* Request(s) dissect code */
806 /* Build display for: Word Count (WCT) */
808 WordCount = GBYTE(pd, offset);
812 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
816 offset += 1; /* Skip Word Count (WCT) */
820 /* Build display for: Attributes */
822 Attributes = GSHORT(pd, offset);
826 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
827 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
828 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
829 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
830 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
831 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
832 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
833 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
834 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
835 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
836 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
837 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
838 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
839 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
843 offset += 2; /* Skip Attributes */
845 /* Build display for: Last Write Time */
847 LastWriteTime = GSHORT(pd, offset);
851 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
855 offset += 2; /* Skip Last Write Time */
857 /* Build display for: Last Write Date */
859 LastWriteDate = GSHORT(pd, offset);
863 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
867 offset += 2; /* Skip Last Write Date */
869 /* Build display for: Reserved 1 */
871 Reserved1 = GSHORT(pd, offset);
875 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
879 offset += 2; /* Skip Reserved 1 */
881 /* Build display for: Reserved 2 */
883 Reserved2 = GSHORT(pd, offset);
887 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
891 offset += 2; /* Skip Reserved 2 */
893 /* Build display for: Reserved 3 */
895 Reserved3 = GSHORT(pd, offset);
899 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
903 offset += 2; /* Skip Reserved 3 */
905 /* Build display for: Reserved 4 */
907 Reserved4 = GSHORT(pd, offset);
911 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
915 offset += 2; /* Skip Reserved 4 */
917 /* Build display for: Reserved 5 */
919 Reserved5 = GSHORT(pd, offset);
923 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
927 offset += 2; /* Skip Reserved 5 */
931 /* Build display for: Byte Count (BCC) */
933 ByteCount = GSHORT(pd, offset);
937 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
941 offset += 2; /* Skip Byte Count (BCC) */
943 /* Build display for: Buffer Format */
945 BufferFormat = GBYTE(pd, offset);
949 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
953 offset += 1; /* Skip Buffer Format */
955 /* Build display for: File Name */
957 FileName = pd + offset;
961 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
965 offset += strlen(FileName) + 1; /* Skip File Name */
969 if (dirn == 0) { /* Response(s) dissect code */
971 /* Build display for: Word Count (WCT) */
973 WordCount = GBYTE(pd, offset);
977 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
981 offset += 1; /* Skip Word Count (WCT) */
983 /* Build display for: Byte Count (BCC) */
985 ByteCount = GBYTE(pd, offset);
989 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
993 offset += 1; /* Skip Byte Count (BCC) */
1000 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1004 guint8 BufferFormat;
1012 if (dirn == 1) { /* Request(s) dissect code */
1014 /* Build display for: Word Count (WCT) */
1016 WordCount = GBYTE(pd, offset);
1020 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1024 offset += 1; /* Skip Word Count (WCT) */
1026 /* Build display for: FID */
1028 FID = GSHORT(pd, offset);
1032 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1036 offset += 2; /* Skip FID */
1038 /* Build display for: Count */
1040 Count = GSHORT(pd, offset);
1044 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1048 offset += 2; /* Skip Count */
1050 /* Build display for: Offset */
1052 Offset = GWORD(pd, offset);
1056 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1060 offset += 4; /* Skip Offset */
1062 /* Build display for: Remaining */
1064 Remaining = GSHORT(pd, offset);
1068 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
1072 offset += 2; /* Skip Remaining */
1074 /* Build display for: Byte Count (BCC) */
1076 ByteCount = GSHORT(pd, offset);
1080 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1084 offset += 2; /* Skip Byte Count (BCC) */
1086 /* Build display for: Buffer Format */
1088 BufferFormat = GBYTE(pd, offset);
1092 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1096 offset += 1; /* Skip Buffer Format */
1098 /* Build display for: Data Length */
1100 DataLength = GSHORT(pd, offset);
1104 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1108 offset += 2; /* Skip Data Length */
1112 if (dirn == 0) { /* Response(s) dissect code */
1114 /* Build display for: Word Count (WCT) */
1116 WordCount = GBYTE(pd, offset);
1120 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1124 offset += 1; /* Skip Word Count (WCT) */
1126 /* Build display for: Count */
1128 Count = GSHORT(pd, offset);
1132 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1136 offset += 2; /* Skip Count */
1138 /* Build display for: Byte Count (BCC) */
1140 ByteCount = GSHORT(pd, offset);
1144 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1148 offset += 2; /* Skip Byte Count (BCC) */
1155 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1169 guint16 DataCompactionMode;
1173 if (dirn == 1) { /* Request(s) dissect code */
1175 /* Build display for: Word Count (WCT) */
1177 WordCount = GBYTE(pd, offset);
1181 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1185 offset += 1; /* Skip Word Count (WCT) */
1187 /* Build display for: FID */
1189 FID = GSHORT(pd, offset);
1193 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1197 offset += 2; /* Skip FID */
1199 /* Build display for: Offset */
1201 Offset = GWORD(pd, offset);
1205 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1209 offset += 4; /* Skip Offset */
1211 /* Build display for: Max Count */
1213 MaxCount = GSHORT(pd, offset);
1217 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
1221 offset += 2; /* Skip Max Count */
1223 /* Build display for: Min Count */
1225 MinCount = GSHORT(pd, offset);
1229 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
1233 offset += 2; /* Skip Min Count */
1235 /* Build display for: Reserved 1 */
1237 Reserved1 = GWORD(pd, offset);
1241 proto_tree_add_text(tree, offset, 4, "Reserved 1: %u", Reserved1);
1245 offset += 4; /* Skip Reserved 1 */
1247 /* Build display for: Reserved 2 */
1249 Reserved2 = GSHORT(pd, offset);
1253 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
1257 offset += 2; /* Skip Reserved 2 */
1259 /* Build display for: Byte Count (BCC) */
1261 ByteCount = GSHORT(pd, offset);
1265 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1269 offset += 2; /* Skip Byte Count (BCC) */
1273 if (dirn == 0) { /* Response(s) dissect code */
1275 /* Build display for: Word Count */
1277 WordCount = GBYTE(pd, offset);
1281 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
1285 offset += 1; /* Skip Word Count */
1287 if (WordCount > 0) {
1289 /* Build display for: Offset */
1291 Offset = GWORD(pd, offset);
1295 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1299 offset += 4; /* Skip Offset */
1301 /* Build display for: Count */
1303 Count = GSHORT(pd, offset);
1307 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1311 offset += 2; /* Skip Count */
1313 /* Build display for: Reserved */
1315 Reserved = GSHORT(pd, offset);
1319 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1323 offset += 2; /* Skip Reserved */
1325 /* Build display for: Data Compaction Mode */
1327 DataCompactionMode = GSHORT(pd, offset);
1331 proto_tree_add_text(tree, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1335 offset += 2; /* Skip Data Compaction Mode */
1337 /* Build display for: Reserved */
1339 Reserved = GSHORT(pd, offset);
1343 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1347 offset += 2; /* Skip Reserved */
1349 /* Build display for: Data Length */
1351 DataLength = GSHORT(pd, offset);
1355 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1359 offset += 2; /* Skip Data Length */
1361 /* Build display for: Data Offset */
1363 DataOffset = GSHORT(pd, offset);
1367 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
1371 offset += 2; /* Skip Data Offset */
1375 /* Build display for: Byte Count (BCC) */
1377 ByteCount = GSHORT(pd, offset);
1381 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1385 offset += 2; /* Skip Byte Count (BCC) */
1387 /* Build display for: Pad */
1389 Pad = GBYTE(pd, offset);
1393 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
1397 offset += 1; /* Skip Pad */
1404 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1408 guint8 BufferFormat;
1410 const char *FileName;
1412 if (dirn == 1) { /* Request(s) dissect code */
1414 /* Build display for: Word Count (WCT) */
1416 WordCount = GBYTE(pd, offset);
1420 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1424 offset += 1; /* Skip Word Count (WCT) */
1426 /* Build display for: Byte Count (BCC) */
1428 ByteCount = GSHORT(pd, offset);
1432 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1436 offset += 2; /* Skip Byte Count (BCC) */
1438 /* Build display for: Buffer Format */
1440 BufferFormat = GBYTE(pd, offset);
1444 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1448 offset += 1; /* Skip Buffer Format */
1450 /* Build display for: File Name */
1452 FileName = pd + offset;
1456 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1460 offset += strlen(FileName) + 1; /* Skip File Name */
1464 if (dirn == 0) { /* Response(s) dissect code */
1466 /* Build display for: Word Count (WCT) */
1468 WordCount = GBYTE(pd, offset);
1472 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1476 offset += 1; /* Skip Word Count (WCT) */
1478 /* Build display for: Byte Count (BCC) */
1480 ByteCount = GSHORT(pd, offset);
1484 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1488 offset += 2; /* Skip Byte Count (BCC) */
1495 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1498 proto_tree *Attributes_tree;
1501 guint32 FileDataSize;
1502 guint32 FileAllocationSize;
1503 guint16 LastWriteTime;
1504 guint16 LastWriteDate;
1505 guint16 LastAccessTime;
1506 guint16 LastAccessDate;
1508 guint16 CreationTime;
1509 guint16 CreationDate;
1513 if (dirn == 1) { /* Request(s) dissect code */
1515 /* Build display for: Word Count (WCT) */
1517 WordCount = GBYTE(pd, offset);
1521 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1525 offset += 1; /* Skip Word Count (WCT) */
1527 /* Build display for: FID */
1529 FID = GSHORT(pd, offset);
1533 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1537 offset += 2; /* Skip FID */
1539 /* Build display for: Byte Count */
1541 ByteCount = GSHORT(pd, offset);
1545 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1549 offset += 2; /* Skip Byte Count */
1553 if (dirn == 0) { /* Response(s) dissect code */
1555 /* Build display for: Word Count (WCT) */
1557 WordCount = GBYTE(pd, offset);
1561 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1565 offset += 1; /* Skip Word Count (WCT) */
1567 if (WordCount > 0) {
1569 /* Build display for: Creation Date */
1571 CreationDate = GSHORT(pd, offset);
1575 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
1579 offset += 2; /* Skip Creation Date */
1581 /* Build display for: Creation Time */
1583 CreationTime = GSHORT(pd, offset);
1587 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
1591 offset += 2; /* Skip Creation Time */
1593 /* Build display for: Last Access Date */
1595 LastAccessDate = GSHORT(pd, offset);
1599 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
1603 offset += 2; /* Skip Last Access Date */
1605 /* Build display for: Last Access Time */
1607 LastAccessTime = GSHORT(pd, offset);
1611 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
1615 offset += 2; /* Skip Last Access Time */
1617 /* Build display for: Last Write Date */
1619 LastWriteDate = GSHORT(pd, offset);
1623 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
1627 offset += 2; /* Skip Last Write Date */
1629 /* Build display for: Last Write Time */
1631 LastWriteTime = GSHORT(pd, offset);
1635 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
1639 offset += 2; /* Skip Last Write Time */
1641 /* Build display for: File Data Size */
1643 FileDataSize = GWORD(pd, offset);
1647 proto_tree_add_text(tree, offset, 4, "File Data Size: %u", FileDataSize);
1651 offset += 4; /* Skip File Data Size */
1653 /* Build display for: File Allocation Size */
1655 FileAllocationSize = GWORD(pd, offset);
1659 proto_tree_add_text(tree, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1663 offset += 4; /* Skip File Allocation Size */
1665 /* Build display for: Attributes */
1667 Attributes = GSHORT(pd, offset);
1671 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
1672 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1673 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1674 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1675 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1676 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1677 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1678 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1679 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1680 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1681 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1682 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1683 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1684 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1688 offset += 2; /* Skip Attributes */
1692 /* Build display for: Byte Count */
1694 ByteCount = GSHORT(pd, offset);
1698 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1702 offset += 2; /* Skip Byte Count */
1709 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1713 guint8 BufferFormat3;
1714 guint8 BufferFormat2;
1715 guint8 BufferFormat1;
1717 guint16 MaxBufferSize;
1719 const char *SharePath;
1720 const char *Service;
1721 const char *Password;
1723 if (dirn == 1) { /* Request(s) dissect code */
1725 /* Build display for: Word Count (WCT) */
1727 WordCount = GBYTE(pd, offset);
1731 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1735 offset += 1; /* Skip Word Count (WCT) */
1737 /* Build display for: Byte Count (BCC) */
1739 ByteCount = GSHORT(pd, offset);
1743 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1747 offset += 2; /* Skip Byte Count (BCC) */
1749 /* Build display for: BufferFormat1 */
1751 BufferFormat1 = GBYTE(pd, offset);
1755 proto_tree_add_text(tree, offset, 1, "BufferFormat1: %u", BufferFormat1);
1759 offset += 1; /* Skip BufferFormat1 */
1761 /* Build display for: Share Path */
1763 SharePath = pd + offset;
1767 proto_tree_add_text(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
1771 offset += strlen(SharePath) + 1; /* Skip Share Path */
1773 /* Build display for: BufferFormat2 */
1775 BufferFormat2 = GBYTE(pd, offset);
1779 proto_tree_add_text(tree, offset, 1, "BufferFormat2: %u", BufferFormat2);
1783 offset += 1; /* Skip BufferFormat2 */
1785 /* Build display for: Password */
1787 Password = pd + offset;
1791 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
1795 offset += strlen(Password) + 1; /* Skip Password */
1797 /* Build display for: BufferFormat3 */
1799 BufferFormat3 = GBYTE(pd, offset);
1803 proto_tree_add_text(tree, offset, 1, "BufferFormat3: %u", BufferFormat3);
1807 offset += 1; /* Skip BufferFormat3 */
1809 /* Build display for: Service */
1811 Service = pd + offset;
1815 proto_tree_add_text(tree, offset, strlen(Service) + 1, "Service: %s", Service);
1819 offset += strlen(Service) + 1; /* Skip Service */
1823 if (dirn == 0) { /* Response(s) dissect code */
1825 /* Build display for: Word Count (WCT) */
1827 WordCount = GBYTE(pd, offset);
1831 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1835 if (errcode != 0) return;
1837 offset += 1; /* Skip Word Count (WCT) */
1839 /* Build display for: Max Buffer Size */
1841 MaxBufferSize = GSHORT(pd, offset);
1845 proto_tree_add_text(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
1849 offset += 2; /* Skip Max Buffer Size */
1851 /* Build display for: TID */
1853 TID = GSHORT(pd, offset);
1857 proto_tree_add_text(tree, offset, 2, "TID: %u", TID);
1861 offset += 2; /* Skip TID */
1863 /* Build display for: Byte Count (BCC) */
1865 ByteCount = GSHORT(pd, offset);
1869 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1873 offset += 2; /* Skip Byte Count (BCC) */
1879 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
1881 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1884 proto_tree *Capabilities_tree;
1887 guint8 AndXReserved;
1888 guint8 AndXCommand = 0xFF;
1891 guint32 Capabilities;
1893 guint16 UNICODEAccountPasswordLength;
1894 guint16 PasswordLen;
1895 guint16 MaxMpxCount;
1896 guint16 MaxBufferSize;
1898 guint16 AndXOffset = 0;
1900 guint16 ANSIAccountPasswordLength;
1901 const char *UNICODEPassword;
1902 const char *Password;
1903 const char *PrimaryDomain;
1904 const char *NativeOS;
1905 const char *NativeLanManType;
1906 const char *NativeLanMan;
1907 const char *AccountName;
1908 const char *ANSIPassword;
1910 if (dirn == 1) { /* Request(s) dissect code */
1912 WordCount = GBYTE(pd, offset);
1914 switch (WordCount) {
1918 /* Build display for: Word Count (WCT) */
1920 WordCount = GBYTE(pd, offset);
1924 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1928 offset += 1; /* Skip Word Count (WCT) */
1930 /* Build display for: AndXCommand */
1932 AndXCommand = GBYTE(pd, offset);
1936 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
1937 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
1941 offset += 1; /* Skip AndXCommand */
1943 /* Build display for: AndXReserved */
1945 AndXReserved = GBYTE(pd, offset);
1949 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1953 offset += 1; /* Skip AndXReserved */
1955 /* Build display for: AndXOffset */
1957 AndXOffset = GSHORT(pd, offset);
1961 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1965 offset += 2; /* Skip AndXOffset */
1967 /* Build display for: MaxBufferSize */
1969 MaxBufferSize = GSHORT(pd, offset);
1973 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
1977 offset += 2; /* Skip MaxBufferSize */
1979 /* Build display for: MaxMpxCount */
1981 MaxMpxCount = GSHORT(pd, offset);
1985 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
1989 offset += 2; /* Skip MaxMpxCount */
1991 /* Build display for: VcNumber */
1993 VcNumber = GSHORT(pd, offset);
1997 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
2001 offset += 2; /* Skip VcNumber */
2003 /* Build display for: SessionKey */
2005 SessionKey = GWORD(pd, offset);
2009 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
2013 offset += 4; /* Skip SessionKey */
2015 /* Build display for: PasswordLen */
2017 PasswordLen = GSHORT(pd, offset);
2021 proto_tree_add_text(tree, offset, 2, "PasswordLen: %u", PasswordLen);
2025 offset += 2; /* Skip PasswordLen */
2027 /* Build display for: Reserved */
2029 Reserved = GWORD(pd, offset);
2033 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2037 offset += 4; /* Skip Reserved */
2039 /* Build display for: Byte Count (BCC) */
2041 ByteCount = GSHORT(pd, offset);
2045 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2049 offset += 2; /* Skip Byte Count (BCC) */
2051 if (ByteCount > 0) {
2053 /* Build displat for: Password */
2055 Password = pd + offset;
2059 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
2063 offset += PasswordLen;
2065 /* Build display for: AccountName */
2067 AccountName = pd + offset;
2071 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2075 offset += strlen(AccountName) + 1; /* Skip AccountName */
2077 /* Build display for: PrimaryDomain */
2079 PrimaryDomain = pd + offset;
2083 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2087 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2089 /* Build display for: NativeOS */
2091 NativeOS = pd + offset;
2095 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2099 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2101 /* Build display for: NativeLanMan */
2103 NativeLanMan = pd + offset;
2107 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2111 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2119 /* Build display for: Word Count (WCT) */
2121 WordCount = GBYTE(pd, offset);
2125 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2129 offset += 1; /* Skip Word Count (WCT) */
2131 /* Build display for: AndXCommand */
2133 AndXCommand = GBYTE(pd, offset);
2137 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2138 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2142 offset += 1; /* Skip AndXCommand */
2144 /* Build display for: AndXReserved */
2146 AndXReserved = GBYTE(pd, offset);
2150 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2154 offset += 1; /* Skip AndXReserved */
2156 /* Build display for: AndXOffset */
2158 AndXOffset = GSHORT(pd, offset);
2162 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2166 offset += 2; /* Skip AndXOffset */
2168 /* Build display for: MaxBufferSize */
2170 MaxBufferSize = GSHORT(pd, offset);
2174 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2178 offset += 2; /* Skip MaxBufferSize */
2180 /* Build display for: MaxMpxCount */
2182 MaxMpxCount = GSHORT(pd, offset);
2186 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2190 offset += 2; /* Skip MaxMpxCount */
2192 /* Build display for: VcNumber */
2194 VcNumber = GSHORT(pd, offset);
2198 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
2202 offset += 2; /* Skip VcNumber */
2204 /* Build display for: SessionKey */
2206 SessionKey = GWORD(pd, offset);
2210 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
2214 offset += 4; /* Skip SessionKey */
2216 /* Build display for: ANSI Account Password Length */
2218 ANSIAccountPasswordLength = GSHORT(pd, offset);
2222 proto_tree_add_text(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2226 offset += 2; /* Skip ANSI Account Password Length */
2228 /* Build display for: UNICODE Account Password Length */
2230 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2234 proto_tree_add_text(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2238 offset += 2; /* Skip UNICODE Account Password Length */
2240 /* Build display for: Reserved */
2242 Reserved = GWORD(pd, offset);
2246 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2250 offset += 4; /* Skip Reserved */
2252 /* Build display for: Capabilities */
2254 Capabilities = GWORD(pd, offset);
2258 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", Capabilities);
2259 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2260 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2261 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2262 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2263 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2264 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2265 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2266 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2267 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2268 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2269 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2270 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2271 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2272 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2273 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2274 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2275 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2276 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2277 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2278 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2279 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2280 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2281 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2282 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2283 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2284 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2285 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2286 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2287 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2291 offset += 4; /* Skip Capabilities */
2293 /* Build display for: Byte Count */
2295 ByteCount = GSHORT(pd, offset);
2299 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
2303 offset += 2; /* Skip Byte Count */
2305 if (ByteCount > 0) {
2307 /* Build display for: ANSI Password */
2309 ANSIPassword = pd + offset;
2313 proto_tree_add_text(tree, offset, ANSIAccountPasswordLength, "ANSI Password: %s", format_text(ANSIPassword, ANSIAccountPasswordLength));
2317 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2318 if (ANSIAccountPasswordLength == 0) offset++; /* Add 1 */
2320 /* Build display for: UNICODE Password */
2322 UNICODEPassword = pd + offset;
2324 if (UNICODEAccountPasswordLength > 0) {
2328 proto_tree_add_text(tree, offset, UNICODEAccountPasswordLength, "UNICODE Password: %s", format_text(UNICODEPassword, UNICODEAccountPasswordLength));
2332 offset += UNICODEAccountPasswordLength; /* Skip UNICODE Password */
2336 /* Build display for: Account Name */
2338 AccountName = pd + offset;
2342 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2346 offset += strlen(AccountName) + 1; /* Skip Account Name */
2348 /* Build display for: Primary Domain */
2350 PrimaryDomain = pd + offset;
2354 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2358 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2360 /* Build display for: Native OS */
2362 NativeOS = pd + offset;
2366 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2370 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2372 /* Build display for: Native LanMan Type */
2374 NativeLanManType = pd + offset;
2378 proto_tree_add_text(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2382 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2391 if (AndXCommand != 0xFF) {
2393 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2399 if (dirn == 0) { /* Response(s) dissect code */
2401 /* Build display for: Word Count (WCT) */
2403 WordCount = GBYTE(pd, offset);
2407 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2411 offset += 1; /* Skip Word Count (WCT) */
2413 if (WordCount > 0) {
2415 /* Build display for: AndXCommand */
2417 AndXCommand = GBYTE(pd, offset);
2421 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2422 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2426 offset += 1; /* Skip AndXCommand */
2428 /* Build display for: AndXReserved */
2430 AndXReserved = GBYTE(pd, offset);
2434 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2438 offset += 1; /* Skip AndXReserved */
2440 /* Build display for: AndXOffset */
2442 AndXOffset = GSHORT(pd, offset);
2446 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2451 offset += 2; /* Skip AndXOffset */
2453 /* Build display for: Action */
2455 Action = GSHORT(pd, offset);
2459 proto_tree_add_text(tree, offset, 2, "Action: %u", Action);
2463 offset += 2; /* Skip Action */
2467 /* Build display for: Byte Count (BCC) */
2469 ByteCount = GSHORT(pd, offset);
2473 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2477 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2479 offset += 2; /* Skip Byte Count (BCC) */
2481 if (ByteCount > 0) {
2483 /* Build display for: NativeOS */
2485 NativeOS = pd + offset;
2489 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2493 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2495 /* Build display for: NativeLanMan */
2497 NativeLanMan = pd + offset;
2501 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2505 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2507 /* Build display for: PrimaryDomain */
2509 PrimaryDomain = pd + offset;
2513 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2517 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2521 if (AndXCommand != 0xFF) {
2523 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2532 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2535 guint8 wct, andxcmd = 0xFF;
2536 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2538 proto_tree *flags_tree;
2543 /* Now figure out what format we are talking about, 2, 3, or 4 response
2547 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2548 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2552 proto_tree_add_text(tree, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2554 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2564 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", wct);
2572 andxcmd = pd[offset];
2576 proto_tree_add_text(tree, offset, 1, "Next Command: %s",
2577 (andxcmd == 0xFF) ? "No further commands":
2578 decode_smb_name(andxcmd));
2580 proto_tree_add_text(tree, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2586 andxoffs = GSHORT(pd, offset);
2590 proto_tree_add_text(tree, offset, 2, "Offset to next command: %u", andxoffs);
2602 bcc = GSHORT(pd, offset);
2606 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2614 flags = GSHORT(pd, offset);
2618 ti = proto_tree_add_text(tree, offset, 2, "Additional Flags: 0x%02x", flags);
2619 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2620 proto_tree_add_text(flags_tree, offset, 2, "%s",
2621 decode_boolean_bitfield(flags, 0x01, 16,
2623 "Don't disconnect TID"));
2629 passwdlen = GSHORT(pd, offset);
2633 proto_tree_add_text(tree, offset, 2, "Password Length: %u", passwdlen);
2639 bcc = GSHORT(pd, offset);
2643 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2653 proto_tree_add_text(tree, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2657 offset += passwdlen;
2663 proto_tree_add_text(tree, offset, strlen(str) + 1, "Path: %s", str);
2667 offset += strlen(str) + 1;
2673 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2681 bcc = GSHORT(pd, offset);
2685 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2695 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service Type: %s",
2700 offset += strlen(str) + 1;
2706 optionsup = GSHORT(pd, offset);
2708 if (tree) { /* Should break out the bits */
2710 proto_tree_add_text(tree, offset, 2, "Optional Support: 0x%04x",
2717 bcc = GSHORT(pd, offset);
2721 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2731 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2735 offset += strlen(str) + 1;
2741 proto_tree_add_text(tree, offset, strlen(str) + 1, "Native File System: %s", str);
2745 offset += strlen(str) + 1;
2755 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2757 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
2762 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2764 guint8 wct, enckeylen;
2765 guint16 bcc, mode, rawmode, dialect;
2767 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2773 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2775 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2776 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2779 proto_tree_add_text(tree, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2781 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2789 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %d", wct);
2793 if (dirn == 0 && errcode != 0) return; /* No more info ... */
2797 /* Now decode the various formats ... */
2801 case 0: /* A request */
2803 bcc = GSHORT(pd, offset);
2807 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2815 ti = proto_tree_add_text(tree, offset, END_OF_FRAME, "Dialects");
2816 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
2820 while (IS_DATA_IN_FRAME(offset)) {
2825 proto_tree_add_text(dialects, offset, 1, "Dialect Marker: %d", pd[offset]);
2835 proto_tree_add_text(dialects, offset, strlen(str)+1, "Dialect: %s", str);
2839 offset += strlen(str) + 1;
2844 case 1: /* PC NETWORK PROGRAM 1.0 */
2846 dialect = GSHORT(pd, offset);
2848 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2850 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2852 proto_tree_add_text(tree, offset, 2, "Supplied dialects not recognized");
2857 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2865 bcc = GSHORT(pd, offset);
2869 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2875 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2879 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2883 /* Much of this is similar to response 17 below */
2887 mode = GSHORT(pd, offset);
2891 ti = proto_tree_add_text(tree, offset, 2, "Security Mode: 0x%04x", mode);
2892 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
2893 proto_tree_add_text(mode_tree, offset, 2, "%s",
2894 decode_boolean_bitfield(mode, 0x0001, 16,
2896 "Security = Share"));
2897 proto_tree_add_text(mode_tree, offset, 2, "%s",
2898 decode_boolean_bitfield(mode, 0x0002, 16,
2899 "Passwords = Encrypted",
2900 "Passwords = Plaintext"));
2908 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2916 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2924 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2930 rawmode = GSHORT(pd, offset);
2934 ti = proto_tree_add_text(tree, offset, 2, "Raw Mode: 0x%04x", rawmode);
2935 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
2936 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2937 decode_boolean_bitfield(rawmode, 0x01, 16,
2938 "Read Raw supported",
2939 "Read Raw not supported"));
2940 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2941 decode_boolean_bitfield(rawmode, 0x02, 16,
2942 "Write Raw supported",
2943 "Write Raw not supported"));
2951 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
2957 /* Now the server time, two short parameters ... */
2961 proto_tree_add_text(tree, offset, 2, "Server Time: %s",
2962 dissect_dos_time(GSHORT(pd, offset)));
2963 proto_tree_add_text(tree, offset + 2, 2, "Server Date: %s",
2964 dissect_dos_date(GSHORT(pd, offset + 2)));
2970 /* Server Time Zone, SHORT */
2974 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
2975 (signed)GSSHORT(pd, offset));
2981 /* Challenge Length */
2983 enckeylen = GSHORT(pd, offset);
2987 proto_tree_add_text(tree, offset, 2, "Challenge Length: %u", enckeylen);
2995 proto_tree_add_text(tree, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
3001 bcc = GSHORT(pd, offset);
3005 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
3011 if (enckeylen) { /* only if non-zero key len */
3017 proto_tree_add_text(tree, offset, enckeylen, "Challenge: %s",
3018 bytes_to_str(str, enckeylen));
3021 offset += enckeylen;
3025 /* Primary Domain ... */
3031 proto_tree_add_text(tree, offset, strlen(str)+1, "Primary Domain: %s", str);
3037 case 17: /* Greater than LANMAN2.1 */
3041 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3047 mode = GBYTE(pd, offset);
3051 ti = proto_tree_add_text(tree, offset, 1, "Security Mode: 0x%02x", mode);
3052 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3053 proto_tree_add_text(mode_tree, offset, 1, "%s",
3054 decode_boolean_bitfield(mode, 0x01, 8,
3056 "Security = Share"));
3057 proto_tree_add_text(mode_tree, offset, 1, "%s",
3058 decode_boolean_bitfield(mode, 0x02, 8,
3059 "Passwords = Encrypted",
3060 "Passwords = Plaintext"));
3061 proto_tree_add_text(mode_tree, offset, 1, "%s",
3062 decode_boolean_bitfield(mode, 0x04, 8,
3063 "Security signatures enabled",
3064 "Security signatures not enabled"));
3065 proto_tree_add_text(mode_tree, offset, 1, "%s",
3066 decode_boolean_bitfield(mode, 0x08, 8,
3067 "Security signatures required",
3068 "Security signatures not required"));
3076 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3084 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3092 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3100 proto_tree_add_text(tree, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3108 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
3114 caps = GWORD(pd, offset);
3118 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", caps);
3119 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3120 proto_tree_add_text(caps_tree, offset, 4, "%s",
3121 decode_boolean_bitfield(caps, 0x0001, 32,
3122 "Raw Mode supported",
3123 "Raw Mode not supported"));
3124 proto_tree_add_text(caps_tree, offset, 4, "%s",
3125 decode_boolean_bitfield(caps, 0x0002, 32,
3126 "MPX Mode supported",
3127 "MPX Mode not supported"));
3128 proto_tree_add_text(caps_tree, offset, 4, "%s",
3129 decode_boolean_bitfield(caps, 0x0004, 32,
3130 "Unicode supported",
3131 "Unicode not supported"));
3132 proto_tree_add_text(caps_tree, offset, 4, "%s",
3133 decode_boolean_bitfield(caps, 0x0008, 32,
3134 "Large files supported",
3135 "Large files not supported"));
3136 proto_tree_add_text(caps_tree, offset, 4, "%s",
3137 decode_boolean_bitfield(caps, 0x0010, 32,
3138 "NT LM 0.12 SMBs supported",
3139 "NT LM 0.12 SMBs not supported"));
3140 proto_tree_add_text(caps_tree, offset, 4, "%s",
3141 decode_boolean_bitfield(caps, 0x0020, 32,
3142 "RPC remote APIs supported",
3143 "RPC remote APIs not supported"));
3144 proto_tree_add_text(caps_tree, offset, 4, "%s",
3145 decode_boolean_bitfield(caps, 0x0040, 32,
3146 "NT status codes supported",
3147 "NT status codes not supported"));
3148 proto_tree_add_text(caps_tree, offset, 4, "%s",
3149 decode_boolean_bitfield(caps, 0x0080, 32,
3150 "Level 2 OpLocks supported",
3151 "Level 2 OpLocks not supported"));
3152 proto_tree_add_text(caps_tree, offset, 4, "%s",
3153 decode_boolean_bitfield(caps, 0x0100, 32,
3154 "Lock&Read supported",
3155 "Lock&Read not supported"));
3156 proto_tree_add_text(caps_tree, offset, 4, "%s",
3157 decode_boolean_bitfield(caps, 0x0200, 32,
3158 "NT Find supported",
3159 "NT Find not supported"));
3160 proto_tree_add_text(caps_tree, offset, 4, "%s",
3161 decode_boolean_bitfield(caps, 0x1000, 32,
3163 "DFS not supported"));
3164 proto_tree_add_text(caps_tree, offset, 4, "%s",
3165 decode_boolean_bitfield(caps, 0x4000, 32,
3166 "Large READX supported",
3167 "Large READX not supported"));
3168 proto_tree_add_text(caps_tree, offset, 4, "%s",
3169 decode_boolean_bitfield(caps, 0x8000, 32,
3170 "Large WRITEX supported",
3171 "Large WRITEX not supported"));
3172 proto_tree_add_text(caps_tree, offset, 4, "%s",
3173 decode_boolean_bitfield(caps, 0x80000000, 32,
3174 "Extended security exchanges supported",
3175 "Extended security exchanges not supported"));
3180 /* Server time, 2 WORDS */
3184 proto_tree_add_text(tree, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3185 proto_tree_add_text(tree, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3191 /* Server Time Zone, SHORT */
3195 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
3196 (signed)GSSHORT(pd, offset));
3202 /* Encryption key len */
3204 enckeylen = pd[offset];
3208 proto_tree_add_text(tree, offset, 1, "Encryption key len: %u", enckeylen);
3214 bcc = GSHORT(pd, offset);
3218 proto_tree_add_text(tree, offset, 2, "Byte count (BCC): %u", bcc);
3224 if (enckeylen) { /* only if non-zero key len */
3226 /* Encryption challenge key */
3232 proto_tree_add_text(tree, offset, enckeylen, "Challenge encryption key: %s",
3233 bytes_to_str(str, enckeylen));
3237 offset += enckeylen;
3241 /* The domain, a null terminated string; Unicode if "caps" has
3242 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3243 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3249 if (caps & 0x0004) {
3250 ustr = unicode_to_str(str, &ustr_len);
3251 proto_tree_add_text(tree, offset, ustr_len+2, "OEM domain name: %s", ustr);
3253 proto_tree_add_text(tree, offset, strlen(str)+1, "OEM domain name: %s", str);
3260 default: /* Baddd */
3263 proto_tree_add_text(tree, offset, 1, "Bad format, should never get here");
3271 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3275 guint8 BufferFormat;
3277 const char *DirectoryName;
3279 if (dirn == 1) { /* Request(s) dissect code */
3281 /* Build display for: Word Count (WCT) */
3283 WordCount = GBYTE(pd, offset);
3287 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3291 offset += 1; /* Skip Word Count (WCT) */
3293 /* Build display for: Byte Count (BCC) */
3295 ByteCount = GSHORT(pd, offset);
3299 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3303 offset += 2; /* Skip Byte Count (BCC) */
3305 /* Build display for: Buffer Format */
3307 BufferFormat = GBYTE(pd, offset);
3311 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3315 offset += 1; /* Skip Buffer Format */
3317 /* Build display for: Directory Name */
3319 DirectoryName = pd + offset;
3323 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3327 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3331 if (dirn == 0) { /* Response(s) dissect code */
3333 /* Build display for: Word Count (WCT) */
3335 WordCount = GBYTE(pd, offset);
3339 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3343 offset += 1; /* Skip Word Count (WCT) */
3345 /* Build display for: Byte Count (BCC) */
3347 ByteCount = GSHORT(pd, offset);
3351 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3355 offset += 2; /* Skip Byte Count (BCC) */
3362 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3366 guint8 BufferFormat;
3368 const char *DirectoryName;
3370 if (dirn == 1) { /* Request(s) dissect code */
3372 /* Build display for: Word Count (WCT) */
3374 WordCount = GBYTE(pd, offset);
3378 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3382 offset += 1; /* Skip Word Count (WCT) */
3384 /* Build display for: Byte Count (BCC) */
3386 ByteCount = GSHORT(pd, offset);
3390 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3394 offset += 2; /* Skip Byte Count (BCC) */
3396 /* Build display for: Buffer Format */
3398 BufferFormat = GBYTE(pd, offset);
3402 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3406 offset += 1; /* Skip Buffer Format */
3408 /* Build display for: Directory Name */
3410 DirectoryName = pd + offset;
3414 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3418 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3422 if (dirn == 0) { /* Response(s) dissect code */
3424 /* Build display for: Word Count (WCT) */
3426 WordCount = GBYTE(pd, offset);
3430 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3434 offset += 1; /* Skip Word Count (WCT) */
3436 /* Build display for: Byte Count (BCC) */
3438 ByteCount = GSHORT(pd, offset);
3442 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3446 offset += 2; /* Skip Byte Count (BCC) */
3453 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3457 guint8 BufferFormat;
3459 const char *DirectoryName;
3461 if (dirn == 1) { /* Request(s) dissect code */
3463 /* Build display for: Word Count (WCT) */
3465 WordCount = GBYTE(pd, offset);
3469 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3473 offset += 1; /* Skip Word Count (WCT) */
3475 /* Build display for: Byte Count (BCC) */
3477 ByteCount = GSHORT(pd, offset);
3481 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3485 offset += 2; /* Skip Byte Count (BCC) */
3487 /* Build display for: Buffer Format */
3489 BufferFormat = GBYTE(pd, offset);
3493 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3497 offset += 1; /* Skip Buffer Format */
3499 /* Build display for: Directory Name */
3501 DirectoryName = pd + offset;
3505 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3509 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3513 if (dirn == 0) { /* Response(s) dissect code */
3515 /* Build display for: Word Count (WCT) */
3517 WordCount = GBYTE(pd, offset);
3521 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3525 offset += 1; /* Skip Word Count (WCT) */
3527 /* Build display for: Byte Count (BCC) */
3529 ByteCount = GSHORT(pd, offset);
3533 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3537 offset += 2; /* Skip Byte Count (BCC) */
3544 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3547 static const value_string OpenFunction_0x10[] = {
3548 { 0, "Fail if file does not exist"},
3549 { 16, "Create file if it does not exist"},
3552 static const value_string OpenFunction_0x03[] = {
3553 { 0, "Fail if file exists"},
3554 { 1, "Open file if it exists"},
3555 { 2, "Truncate File if it exists"},
3558 static const value_string FileType_0xFFFF[] = {
3559 { 0, "Disk file or directory"},
3560 { 1, "Named pipe in byte mode"},
3561 { 2, "Named pipe in message mode"},
3562 { 3, "Spooled printer"},
3565 static const value_string DesiredAccess_0x70[] = {
3566 { 00, "Compatibility mode"},
3567 { 16, "Deny read/write/execute (exclusive)"},
3568 { 32, "Deny write"},
3569 { 48, "Deny read/execute"},
3573 static const value_string DesiredAccess_0x700[] = {
3574 { 0, "Locality of reference unknown"},
3575 { 256, "Mainly sequential access"},
3576 { 512, "Mainly random access"},
3577 { 768, "Random access with some locality"},
3580 static const value_string DesiredAccess_0x4000[] = {
3581 { 0, "Write through mode disabled"},
3582 { 16384, "Write through mode enabled"},
3585 static const value_string DesiredAccess_0x1000[] = {
3586 { 0, "Normal file (caching permitted)"},
3587 { 4096, "Do not cache this file"},
3590 static const value_string DesiredAccess_0x07[] = {
3591 { 0, "Open for reading"},
3592 { 1, "Open for writing"},
3593 { 2, "Open for reading and writing"},
3594 { 3, "Open for execute"},
3597 static const value_string Action_0x8000[] = {
3598 { 0, "File opened by another user (or mode not supported by server)"},
3599 { 32768, "File is opened only by this user at present"},
3602 static const value_string Action_0x0003[] = {
3603 { 0, "No action taken?"},
3604 { 1, "The file existed and was opened"},
3605 { 2, "The file did not exist but was created"},
3606 { 3, "The file existed and was truncated"},
3609 proto_tree *Search_tree;
3610 proto_tree *OpenFunction_tree;
3611 proto_tree *Flags_tree;
3612 proto_tree *File_tree;
3613 proto_tree *FileType_tree;
3614 proto_tree *FileAttributes_tree;
3615 proto_tree *DesiredAccess_tree;
3616 proto_tree *Action_tree;
3619 guint8 AndXReserved;
3620 guint8 AndXCommand = 0xFF;
3625 guint32 AllocatedSize;
3628 guint16 OpenFunction;
3629 guint16 LastWriteTime;
3630 guint16 LastWriteDate;
3631 guint16 GrantedAccess;
3634 guint16 FileAttributes;
3637 guint16 DeviceState;
3638 guint16 DesiredAccess;
3639 guint16 CreationTime;
3640 guint16 CreationDate;
3642 guint16 AndXOffset = 0;
3644 const char *FileName;
3646 if (dirn == 1) { /* Request(s) dissect code */
3648 /* Build display for: Word Count (WCT) */
3650 WordCount = GBYTE(pd, offset);
3654 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3658 offset += 1; /* Skip Word Count (WCT) */
3660 /* Build display for: AndXCommand */
3662 AndXCommand = GBYTE(pd, offset);
3666 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3667 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3671 offset += 1; /* Skip AndXCommand */
3673 /* Build display for: AndXReserved */
3675 AndXReserved = GBYTE(pd, offset);
3679 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3683 offset += 1; /* Skip AndXReserved */
3685 /* Build display for: AndXOffset */
3687 AndXOffset = GSHORT(pd, offset);
3691 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3695 offset += 2; /* Skip AndXOffset */
3697 /* Build display for: Flags */
3699 Flags = GSHORT(pd, offset);
3703 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
3704 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3705 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3706 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3707 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3708 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3709 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3710 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3714 offset += 2; /* Skip Flags */
3716 /* Build display for: Desired Access */
3718 DesiredAccess = GSHORT(pd, offset);
3722 ti = proto_tree_add_text(tree, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3723 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3724 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3725 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3726 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3727 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3728 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3729 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3730 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3731 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3732 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3733 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3737 offset += 2; /* Skip Desired Access */
3739 /* Build display for: Search */
3741 Search = GSHORT(pd, offset);
3745 ti = proto_tree_add_text(tree, offset, 2, "Search: 0x%02x", Search);
3746 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
3747 proto_tree_add_text(Search_tree, offset, 2, "%s",
3748 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
3749 proto_tree_add_text(Search_tree, offset, 2, "%s",
3750 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
3751 proto_tree_add_text(Search_tree, offset, 2, "%s",
3752 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
3753 proto_tree_add_text(Search_tree, offset, 2, "%s",
3754 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
3755 proto_tree_add_text(Search_tree, offset, 2, "%s",
3756 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
3757 proto_tree_add_text(Search_tree, offset, 2, "%s",
3758 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
3762 offset += 2; /* Skip Search */
3764 /* Build display for: File */
3766 File = GSHORT(pd, offset);
3770 ti = proto_tree_add_text(tree, offset, 2, "File: 0x%02x", File);
3771 File_tree = proto_item_add_subtree(ti, ett_smb_file);
3772 proto_tree_add_text(File_tree, offset, 2, "%s",
3773 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
3774 proto_tree_add_text(File_tree, offset, 2, "%s",
3775 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
3776 proto_tree_add_text(File_tree, offset, 2, "%s",
3777 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
3778 proto_tree_add_text(File_tree, offset, 2, "%s",
3779 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
3780 proto_tree_add_text(File_tree, offset, 2, "%s",
3781 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
3782 proto_tree_add_text(File_tree, offset, 2, "%s",
3783 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
3787 offset += 2; /* Skip File */
3789 /* Build display for: Creation Time */
3791 CreationTime = GSHORT(pd, offset);
3798 offset += 2; /* Skip Creation Time */
3800 /* Build display for: Creation Date */
3802 CreationDate = GSHORT(pd, offset);
3806 proto_tree_add_text(tree, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
3807 proto_tree_add_text(tree, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
3811 offset += 2; /* Skip Creation Date */
3813 /* Build display for: Open Function */
3815 OpenFunction = GSHORT(pd, offset);
3819 ti = proto_tree_add_text(tree, offset, 2, "Open Function: 0x%02x", OpenFunction);
3820 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
3821 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3822 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
3823 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3824 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
3828 offset += 2; /* Skip Open Function */
3830 /* Build display for: Allocated Size */
3832 AllocatedSize = GWORD(pd, offset);
3836 proto_tree_add_text(tree, offset, 4, "Allocated Size: %u", AllocatedSize);
3840 offset += 4; /* Skip Allocated Size */
3842 /* Build display for: Reserved1 */
3844 Reserved1 = GWORD(pd, offset);
3848 proto_tree_add_text(tree, offset, 4, "Reserved1: %u", Reserved1);
3852 offset += 4; /* Skip Reserved1 */
3854 /* Build display for: Reserved2 */
3856 Reserved2 = GWORD(pd, offset);
3860 proto_tree_add_text(tree, offset, 4, "Reserved2: %u", Reserved2);
3864 offset += 4; /* Skip Reserved2 */
3866 /* Build display for: Byte Count */
3868 ByteCount = GSHORT(pd, offset);
3872 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
3876 offset += 2; /* Skip Byte Count */
3878 /* Build display for: File Name */
3880 FileName = pd + offset;
3884 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
3888 offset += strlen(FileName) + 1; /* Skip File Name */
3891 if (AndXCommand != 0xFF) {
3893 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
3899 if (dirn == 0) { /* Response(s) dissect code */
3901 /* Build display for: Word Count (WCT) */
3903 WordCount = GBYTE(pd, offset);
3907 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3911 offset += 1; /* Skip Word Count (WCT) */
3913 if (WordCount > 0) {
3915 /* Build display for: AndXCommand */
3917 AndXCommand = GBYTE(pd, offset);
3921 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3922 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3926 offset += 1; /* Skip AndXCommand */
3928 /* Build display for: AndXReserved */
3930 AndXReserved = GBYTE(pd, offset);
3934 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3938 offset += 1; /* Skip AndXReserved */
3940 /* Build display for: AndXOffset */
3942 AndXOffset = GSHORT(pd, offset);
3946 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3950 offset += 2; /* Skip AndXOffset */
3952 /* Build display for: FID */
3954 FID = GSHORT(pd, offset);
3958 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
3962 offset += 2; /* Skip FID */
3964 /* Build display for: FileAttributes */
3966 FileAttributes = GSHORT(pd, offset);
3970 ti = proto_tree_add_text(tree, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
3971 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
3972 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3973 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
3974 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3975 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
3976 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3977 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
3978 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3979 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
3980 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3981 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
3982 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3983 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
3987 offset += 2; /* Skip FileAttributes */
3989 /* Build display for: Last Write Time */
3991 LastWriteTime = GSHORT(pd, offset);
3997 offset += 2; /* Skip Last Write Time */
3999 /* Build display for: Last Write Date */
4001 LastWriteDate = GSHORT(pd, offset);
4005 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
4006 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
4011 offset += 2; /* Skip Last Write Date */
4013 /* Build display for: Data Size */
4015 DataSize = GWORD(pd, offset);
4019 proto_tree_add_text(tree, offset, 4, "Data Size: %u", DataSize);
4023 offset += 4; /* Skip Data Size */
4025 /* Build display for: Granted Access */
4027 GrantedAccess = GSHORT(pd, offset);
4031 proto_tree_add_text(tree, offset, 2, "Granted Access: %u", GrantedAccess);
4035 offset += 2; /* Skip Granted Access */
4037 /* Build display for: File Type */
4039 FileType = GSHORT(pd, offset);
4043 ti = proto_tree_add_text(tree, offset, 2, "File Type: 0x%02x", FileType);
4044 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4045 proto_tree_add_text(FileType_tree, offset, 2, "%s",
4046 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4050 offset += 2; /* Skip File Type */
4052 /* Build display for: Device State */
4054 DeviceState = GSHORT(pd, offset);
4058 proto_tree_add_text(tree, offset, 2, "Device State: %u", DeviceState);
4062 offset += 2; /* Skip Device State */
4064 /* Build display for: Action */
4066 Action = GSHORT(pd, offset);
4070 ti = proto_tree_add_text(tree, offset, 2, "Action: 0x%02x", Action);
4071 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4072 proto_tree_add_text(Action_tree, offset, 2, "%s",
4073 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4074 proto_tree_add_text(Action_tree, offset, 2, "%s",
4075 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4079 offset += 2; /* Skip Action */
4081 /* Build display for: Server FID */
4083 ServerFID = GWORD(pd, offset);
4087 proto_tree_add_text(tree, offset, 4, "Server FID: %u", ServerFID);
4091 offset += 4; /* Skip Server FID */
4093 /* Build display for: Reserved */
4095 Reserved = GSHORT(pd, offset);
4099 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
4103 offset += 2; /* Skip Reserved */
4107 /* Build display for: Byte Count */
4109 ByteCount = GSHORT(pd, offset);
4113 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4117 offset += 2; /* Skip Byte Count */
4120 if (AndXCommand != 0xFF) {
4122 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4131 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4134 proto_tree *WriteMode_tree;
4150 if (dirn == 1) { /* Request(s) dissect code */
4152 WordCount = GBYTE(pd, offset);
4154 switch (WordCount) {
4158 /* Build display for: Word Count (WCT) */
4160 WordCount = GBYTE(pd, offset);
4164 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4168 offset += 1; /* Skip Word Count (WCT) */
4170 /* Build display for: FID */
4172 FID = GSHORT(pd, offset);
4176 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4180 offset += 2; /* Skip FID */
4182 /* Build display for: Count */
4184 Count = GSHORT(pd, offset);
4188 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4192 offset += 2; /* Skip Count */
4194 /* Build display for: Reserved 1 */
4196 Reserved1 = GSHORT(pd, offset);
4200 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4204 offset += 2; /* Skip Reserved 1 */
4206 /* Build display for: Offset */
4208 Offset = GWORD(pd, offset);
4212 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
4216 offset += 4; /* Skip Offset */
4218 /* Build display for: Timeout */
4220 Timeout = GWORD(pd, offset);
4224 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4228 offset += 4; /* Skip Timeout */
4230 /* Build display for: WriteMode */
4232 WriteMode = GSHORT(pd, offset);
4236 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4237 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4238 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4239 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4240 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4241 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4245 offset += 2; /* Skip WriteMode */
4247 /* Build display for: Reserved 2 */
4249 Reserved2 = GWORD(pd, offset);
4253 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4257 offset += 4; /* Skip Reserved 2 */
4259 /* Build display for: Data Length */
4261 DataLength = GSHORT(pd, offset);
4265 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4269 offset += 2; /* Skip Data Length */
4271 /* Build display for: Data Offset */
4273 DataOffset = GSHORT(pd, offset);
4277 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4281 offset += 2; /* Skip Data Offset */
4283 /* Build display for: Byte Count (BCC) */
4285 ByteCount = GSHORT(pd, offset);
4289 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4293 offset += 2; /* Skip Byte Count (BCC) */
4295 /* Build display for: Pad */
4297 Pad = GBYTE(pd, offset);
4301 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4305 offset += 1; /* Skip Pad */
4311 /* Build display for: Word Count (WCT) */
4313 WordCount = GBYTE(pd, offset);
4317 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4321 offset += 1; /* Skip Word Count (WCT) */
4323 /* Build display for: FID */
4325 FID = GSHORT(pd, offset);
4329 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4333 offset += 2; /* Skip FID */
4335 /* Build display for: Count */
4337 Count = GSHORT(pd, offset);
4341 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4345 offset += 2; /* Skip Count */
4347 /* Build display for: Reserved 1 */
4349 Reserved1 = GSHORT(pd, offset);
4353 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4357 offset += 2; /* Skip Reserved 1 */
4359 /* Build display for: Timeout */
4361 Timeout = GWORD(pd, offset);
4365 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4369 offset += 4; /* Skip Timeout */
4371 /* Build display for: WriteMode */
4373 WriteMode = GSHORT(pd, offset);
4377 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4378 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4379 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4380 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4381 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4382 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4386 offset += 2; /* Skip WriteMode */
4388 /* Build display for: Reserved 2 */
4390 Reserved2 = GWORD(pd, offset);
4394 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4398 offset += 4; /* Skip Reserved 2 */
4400 /* Build display for: Data Length */
4402 DataLength = GSHORT(pd, offset);
4406 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4410 offset += 2; /* Skip Data Length */
4412 /* Build display for: Data Offset */
4414 DataOffset = GSHORT(pd, offset);
4418 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4422 offset += 2; /* Skip Data Offset */
4424 /* Build display for: Byte Count (BCC) */
4426 ByteCount = GSHORT(pd, offset);
4430 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4434 offset += 2; /* Skip Byte Count (BCC) */
4436 /* Build display for: Pad */
4438 Pad = GBYTE(pd, offset);
4442 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4446 offset += 1; /* Skip Pad */
4454 if (dirn == 0) { /* Response(s) dissect code */
4456 /* Build display for: Word Count (WCT) */
4458 WordCount = GBYTE(pd, offset);
4462 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4466 offset += 1; /* Skip Word Count (WCT) */
4468 if (WordCount > 0) {
4470 /* Build display for: Remaining */
4472 Remaining = GSHORT(pd, offset);
4476 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
4480 offset += 2; /* Skip Remaining */
4484 /* Build display for: Byte Count */
4486 ByteCount = GSHORT(pd, offset);
4490 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4494 offset += 2; /* Skip Byte Count */
4501 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4507 if (dirn == 1) { /* Request(s) dissect code */
4509 /* Build display for: Word Count (WCT) */
4511 WordCount = GBYTE(pd, offset);
4515 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4519 offset += 1; /* Skip Word Count (WCT) */
4521 /* Build display for: Byte Count (BCC) */
4523 ByteCount = GSHORT(pd, offset);
4527 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4531 offset += 2; /* Skip Byte Count (BCC) */
4535 if (dirn == 0) { /* Response(s) dissect code */
4537 /* Build display for: Word Count (WCT) */
4539 WordCount = GBYTE(pd, offset);
4543 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4547 offset += 1; /* Skip Word Count (WCT) */
4549 /* Build display for: Byte Count (BCC) */
4551 ByteCount = GSHORT(pd, offset);
4555 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4559 offset += 2; /* Skip Byte Count (BCC) */
4566 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4569 static const value_string Flags_0x03[] = {
4570 { 0, "Target must be a file"},
4571 { 1, "Target must be a directory"},
4574 { 4, "Verify all writes"},
4577 proto_tree *Flags_tree;
4580 guint8 ErrorFileFormat;
4582 guint16 OpenFunction;
4586 const char *ErrorFileName;
4588 if (dirn == 1) { /* Request(s) dissect code */
4590 /* Build display for: Word Count (WCT) */
4592 WordCount = GBYTE(pd, offset);
4596 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4600 offset += 1; /* Skip Word Count (WCT) */
4602 /* Build display for: TID2 */
4604 TID2 = GSHORT(pd, offset);
4608 proto_tree_add_text(tree, offset, 2, "TID2: %u", TID2);
4612 offset += 2; /* Skip TID2 */
4614 /* Build display for: Open Function */
4616 OpenFunction = GSHORT(pd, offset);
4620 proto_tree_add_text(tree, offset, 2, "Open Function: %u", OpenFunction);
4624 offset += 2; /* Skip Open Function */
4626 /* Build display for: Flags */
4628 Flags = GSHORT(pd, offset);
4632 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
4633 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4634 proto_tree_add_text(Flags_tree, offset, 2, "%s",
4635 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4639 offset += 2; /* Skip Flags */
4643 if (dirn == 0) { /* Response(s) dissect code */
4645 /* Build display for: Word Count (WCT) */
4647 WordCount = GBYTE(pd, offset);
4651 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4655 offset += 1; /* Skip Word Count (WCT) */
4657 if (WordCount > 0) {
4659 /* Build display for: Count */
4661 Count = GSHORT(pd, offset);
4665 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4669 offset += 2; /* Skip Count */
4673 /* Build display for: Byte Count */
4675 ByteCount = GSHORT(pd, offset);
4679 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4683 offset += 2; /* Skip Byte Count */
4685 /* Build display for: Error File Format */
4687 ErrorFileFormat = GBYTE(pd, offset);
4691 proto_tree_add_text(tree, offset, 1, "Error File Format: %u", ErrorFileFormat);
4695 offset += 1; /* Skip Error File Format */
4697 /* Build display for: Error File Name */
4699 ErrorFileName = pd + offset;
4703 proto_tree_add_text(tree, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4707 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4714 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4718 guint8 BufferFormat2;
4719 guint8 BufferFormat1;
4720 guint16 SearchAttributes;
4722 const char *OldFileName;
4723 const char *NewFileName;
4725 if (dirn == 1) { /* Request(s) dissect code */
4727 /* Build display for: Word Count (WCT) */
4729 WordCount = GBYTE(pd, offset);
4733 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4737 offset += 1; /* Skip Word Count (WCT) */
4739 /* Build display for: Search Attributes */
4741 SearchAttributes = GSHORT(pd, offset);
4745 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
4749 offset += 2; /* Skip Search Attributes */
4751 /* Build display for: Byte Count */
4753 ByteCount = GSHORT(pd, offset);
4757 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4761 offset += 2; /* Skip Byte Count */
4763 /* Build display for: Buffer Format 1 */
4765 BufferFormat1 = GBYTE(pd, offset);
4769 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
4773 offset += 1; /* Skip Buffer Format 1 */
4775 /* Build display for: Old File Name */
4777 OldFileName = pd + offset;
4781 proto_tree_add_text(tree, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
4785 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
4787 /* Build display for: Buffer Format 2 */
4789 BufferFormat2 = GBYTE(pd, offset);
4793 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
4797 offset += 1; /* Skip Buffer Format 2 */
4799 /* Build display for: New File Name */
4801 NewFileName = pd + offset;
4805 proto_tree_add_text(tree, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
4809 offset += strlen(NewFileName) + 1; /* Skip New File Name */
4813 if (dirn == 0) { /* Response(s) dissect code */
4815 /* Build display for: Word Count (WCT) */
4817 WordCount = GBYTE(pd, offset);
4821 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4825 offset += 1; /* Skip Word Count (WCT) */
4827 /* Build display for: Byte Count (BCC) */
4829 ByteCount = GSHORT(pd, offset);
4833 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4837 offset += 2; /* Skip Byte Count (BCC) */
4844 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4847 static const value_string Mode_0x03[] = {
4848 { 0, "Text mode (DOS expands TABs)"},
4849 { 1, "Graphics mode"},
4852 proto_tree *Mode_tree;
4855 guint8 BufferFormat;
4856 guint16 SetupLength;
4860 const char *IdentifierString;
4862 if (dirn == 1) { /* Request(s) dissect code */
4864 /* Build display for: Word Count (WCT) */
4866 WordCount = GBYTE(pd, offset);
4870 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4874 offset += 1; /* Skip Word Count (WCT) */
4876 /* Build display for: Setup Length */
4878 SetupLength = GSHORT(pd, offset);
4882 proto_tree_add_text(tree, offset, 2, "Setup Length: %u", SetupLength);
4886 offset += 2; /* Skip Setup Length */
4888 /* Build display for: Mode */
4890 Mode = GSHORT(pd, offset);
4894 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
4895 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
4896 proto_tree_add_text(Mode_tree, offset, 2, "%s",
4897 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
4901 offset += 2; /* Skip Mode */
4903 /* Build display for: Byte Count (BCC) */
4905 ByteCount = GSHORT(pd, offset);
4909 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4913 offset += 2; /* Skip Byte Count (BCC) */
4915 /* Build display for: Buffer Format */
4917 BufferFormat = GBYTE(pd, offset);
4921 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
4925 offset += 1; /* Skip Buffer Format */
4927 /* Build display for: Identifier String */
4929 IdentifierString = pd + offset;
4933 proto_tree_add_text(tree, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
4937 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
4941 if (dirn == 0) { /* Response(s) dissect code */
4943 /* Build display for: Word Count (WCT) */
4945 WordCount = GBYTE(pd, offset);
4949 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4953 offset += 1; /* Skip Word Count (WCT) */
4955 /* Build display for: FID */
4957 FID = GSHORT(pd, offset);
4961 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4965 offset += 2; /* Skip FID */
4967 /* Build display for: Byte Count (BCC) */
4969 ByteCount = GSHORT(pd, offset);
4973 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4977 offset += 2; /* Skip Byte Count (BCC) */
4984 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4991 if (dirn == 1) { /* Request(s) dissect code */
4993 /* Build display for: Word Count (WCT) */
4995 WordCount = GBYTE(pd, offset);
4999 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5003 offset += 1; /* Skip Word Count (WCT) */
5005 /* Build display for: FID */
5007 FID = GSHORT(pd, offset);
5011 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5015 offset += 2; /* Skip FID */
5017 /* Build display for: Byte Count (BCC) */
5019 ByteCount = GSHORT(pd, offset);
5023 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5027 offset += 2; /* Skip Byte Count (BCC) */
5031 if (dirn == 0) { /* Response(s) dissect code */
5033 /* Build display for: Word Count */
5035 WordCount = GBYTE(pd, offset);
5039 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5043 offset += 1; /* Skip Word Count */
5045 /* Build display for: Byte Count (BCC) */
5047 ByteCount = GSHORT(pd, offset);
5051 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5055 offset += 2; /* Skip Byte Count (BCC) */
5062 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5075 if (dirn == 1) { /* Request(s) dissect code */
5077 WordCount = GBYTE(pd, offset);
5079 switch (WordCount) {
5083 /* Build display for: Word Count (WCT) */
5085 WordCount = GBYTE(pd, offset);
5089 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5093 offset += 1; /* Skip Word Count (WCT) */
5095 /* Build display for: FID */
5097 FID = GSHORT(pd, offset);
5101 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5105 offset += 2; /* Skip FID */
5107 /* Build display for: Offset */
5109 Offset = GWORD(pd, offset);
5113 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5117 offset += 4; /* Skip Offset */
5119 /* Build display for: Max Count */
5121 MaxCount = GSHORT(pd, offset);
5125 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5129 offset += 2; /* Skip Max Count */
5131 /* Build display for: Min Count */
5133 MinCount = GSHORT(pd, offset);
5137 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5141 offset += 2; /* Skip Min Count */
5143 /* Build display for: Timeout */
5145 Timeout = GWORD(pd, offset);
5149 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5153 offset += 4; /* Skip Timeout */
5155 /* Build display for: Reserved */
5157 Reserved = GSHORT(pd, offset);
5161 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5165 offset += 2; /* Skip Reserved */
5167 /* Build display for: Byte Count (BCC) */
5169 ByteCount = GSHORT(pd, offset);
5173 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5177 offset += 2; /* Skip Byte Count (BCC) */
5183 /* Build display for: Word Count (WCT) */
5185 WordCount = GBYTE(pd, offset);
5189 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5193 offset += 1; /* Skip Word Count (WCT) */
5195 /* Build display for: FID */
5197 FID = GSHORT(pd, offset);
5201 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5205 offset += 2; /* Skip FID */
5207 /* Build display for: Offset */
5209 Offset = GWORD(pd, offset);
5213 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5217 offset += 4; /* Skip Offset */
5219 /* Build display for: Max Count */
5221 MaxCount = GSHORT(pd, offset);
5225 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5229 offset += 2; /* Skip Max Count */
5231 /* Build display for: Min Count */
5233 MinCount = GSHORT(pd, offset);
5237 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5241 offset += 2; /* Skip Min Count */
5243 /* Build display for: Timeout */
5245 Timeout = GWORD(pd, offset);
5249 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5253 offset += 4; /* Skip Timeout */
5255 /* Build display for: Reserved */
5257 Reserved = GSHORT(pd, offset);
5261 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5265 offset += 2; /* Skip Reserved */
5267 /* Build display for: Offset High */
5269 OffsetHigh = GWORD(pd, offset);
5273 proto_tree_add_text(tree, offset, 4, "Offset High: %u", OffsetHigh);
5277 offset += 4; /* Skip Offset High */
5279 /* Build display for: Byte Count (BCC) */
5281 ByteCount = GSHORT(pd, offset);
5285 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5289 offset += 2; /* Skip Byte Count (BCC) */
5297 if (dirn == 0) { /* Response(s) dissect code */
5304 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5308 guint8 AndXReserved;
5309 guint8 AndXCommand = 0xFF;
5311 guint16 AndXOffset = 0;
5313 if (dirn == 1) { /* Request(s) dissect code */
5315 /* Build display for: Word Count (WCT) */
5317 WordCount = GBYTE(pd, offset);
5321 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5325 offset += 1; /* Skip Word Count (WCT) */
5327 /* Build display for: AndXCommand */
5329 AndXCommand = GBYTE(pd, offset);
5333 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5337 offset += 1; /* Skip AndXCommand */
5339 /* Build display for: AndXReserved */
5341 AndXReserved = GBYTE(pd, offset);
5345 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5349 offset += 1; /* Skip AndXReserved */
5351 /* Build display for: AndXOffset */
5353 AndXOffset = GSHORT(pd, offset);
5357 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5361 offset += 2; /* Skip AndXOffset */
5363 /* Build display for: Byte Count (BCC) */
5365 ByteCount = GSHORT(pd, offset);
5369 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5373 offset += 2; /* Skip Byte Count (BCC) */
5376 if (AndXCommand != 0xFF) {
5378 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5384 if (dirn == 0) { /* Response(s) dissect code */
5386 /* Build display for: Word Count (WCT) */
5388 WordCount = GBYTE(pd, offset);
5392 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5396 offset += 1; /* Skip Word Count (WCT) */
5398 /* Build display for: AndXCommand */
5400 AndXCommand = GBYTE(pd, offset);
5404 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5408 offset += 1; /* Skip AndXCommand */
5410 /* Build display for: AndXReserved */
5412 AndXReserved = GBYTE(pd, offset);
5416 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5420 offset += 1; /* Skip AndXReserved */
5422 /* Build display for: AndXOffset */
5424 AndXOffset = GSHORT(pd, offset);
5428 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5432 offset += 2; /* Skip AndXOffset */
5434 /* Build display for: Byte Count (BCC) */
5436 ByteCount = GSHORT(pd, offset);
5440 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5444 offset += 2; /* Skip Byte Count (BCC) */
5447 if (AndXCommand != 0xFF) {
5449 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5458 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5461 static const value_string Mode_0x03[] = {
5462 { 0, "Seek from start of file"},
5463 { 1, "Seek from current position"},
5464 { 2, "Seek from end of file"},
5467 proto_tree *Mode_tree;
5475 if (dirn == 1) { /* Request(s) dissect code */
5477 /* Build display for: Word Count (WCT) */
5479 WordCount = GBYTE(pd, offset);
5483 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5487 offset += 1; /* Skip Word Count (WCT) */
5489 /* Build display for: FID */
5491 FID = GSHORT(pd, offset);
5495 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5499 offset += 2; /* Skip FID */
5501 /* Build display for: Mode */
5503 Mode = GSHORT(pd, offset);
5507 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
5508 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5509 proto_tree_add_text(Mode_tree, offset, 2, "%s",
5510 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5514 offset += 2; /* Skip Mode */
5516 /* Build display for: Offset */
5518 Offset = GWORD(pd, offset);
5522 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5526 offset += 4; /* Skip Offset */
5528 /* Build display for: Byte Count (BCC) */
5530 ByteCount = GSHORT(pd, offset);
5534 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5538 offset += 2; /* Skip Byte Count (BCC) */
5542 if (dirn == 0) { /* Response(s) dissect code */
5544 /* Build display for: Word Count (WCT) */
5546 WordCount = GBYTE(pd, offset);
5550 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5554 offset += 1; /* Skip Word Count (WCT) */
5556 /* Build display for: Offset */
5558 Offset = GWORD(pd, offset);
5562 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5566 offset += 4; /* Skip Offset */
5568 /* Build display for: Byte Count (BCC) */
5570 ByteCount = GSHORT(pd, offset);
5574 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5578 offset += 2; /* Skip Byte Count (BCC) */
5585 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5589 guint8 BufferFormat;
5597 if (dirn == 1) { /* Request(s) dissect code */
5599 /* Build display for: Word Count (WCT) */
5601 WordCount = GBYTE(pd, offset);
5605 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5609 offset += 1; /* Skip Word Count (WCT) */
5611 /* Build display for: FID */
5613 FID = GSHORT(pd, offset);
5617 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5621 offset += 2; /* Skip FID */
5623 /* Build display for: Count */
5625 Count = GSHORT(pd, offset);
5629 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5633 offset += 2; /* Skip Count */
5635 /* Build display for: Offset */
5637 Offset = GWORD(pd, offset);
5641 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5645 offset += 4; /* Skip Offset */
5647 /* Build display for: Remaining */
5649 Remaining = GSHORT(pd, offset);
5653 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
5657 offset += 2; /* Skip Remaining */
5659 /* Build display for: Byte Count (BCC) */
5661 ByteCount = GSHORT(pd, offset);
5665 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5669 offset += 2; /* Skip Byte Count (BCC) */
5671 /* Build display for: Buffer Format */
5673 BufferFormat = GBYTE(pd, offset);
5677 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
5681 offset += 1; /* Skip Buffer Format */
5683 /* Build display for: Data Length */
5685 DataLength = GSHORT(pd, offset);
5689 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
5693 offset += 2; /* Skip Data Length */
5697 if (dirn == 0) { /* Response(s) dissect code */
5699 /* Build display for: Word Count (WCT) */
5701 WordCount = GBYTE(pd, offset);
5705 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5709 offset += 1; /* Skip Word Count (WCT) */
5711 /* Build display for: Count */
5713 Count = GSHORT(pd, offset);
5717 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5721 offset += 2; /* Skip Count */
5723 /* Build display for: Byte Count (BCC) */
5725 ByteCount = GSHORT(pd, offset);
5729 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5733 offset += 2; /* Skip Byte Count (BCC) */
5740 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5744 guint16 LastWriteTime;
5745 guint16 LastWriteDate;
5746 guint16 LastAccessTime;
5747 guint16 LastAccessDate;
5749 guint16 CreationTime;
5750 guint16 CreationDate;
5753 if (dirn == 1) { /* Request(s) dissect code */
5755 /* Build display for: Word Count */
5757 WordCount = GBYTE(pd, offset);
5761 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5765 offset += 1; /* Skip Word Count */
5767 /* Build display for: FID */
5769 FID = GSHORT(pd, offset);
5773 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5777 offset += 2; /* Skip FID */
5779 /* Build display for: Creation Date */
5781 CreationDate = GSHORT(pd, offset);
5785 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
5789 offset += 2; /* Skip Creation Date */
5791 /* Build display for: Creation Time */
5793 CreationTime = GSHORT(pd, offset);
5797 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
5801 offset += 2; /* Skip Creation Time */
5803 /* Build display for: Last Access Date */
5805 LastAccessDate = GSHORT(pd, offset);
5809 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
5813 offset += 2; /* Skip Last Access Date */
5815 /* Build display for: Last Access Time */
5817 LastAccessTime = GSHORT(pd, offset);
5821 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
5825 offset += 2; /* Skip Last Access Time */
5827 /* Build display for: Last Write Date */
5829 LastWriteDate = GSHORT(pd, offset);
5833 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
5837 offset += 2; /* Skip Last Write Date */
5839 /* Build display for: Last Write Time */
5841 LastWriteTime = GSHORT(pd, offset);
5845 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
5849 offset += 2; /* Skip Last Write Time */
5851 /* Build display for: Byte Count (BCC) */
5853 ByteCount = GSHORT(pd, offset);
5857 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5861 offset += 2; /* Skip Byte Count (BCC) */
5865 if (dirn == 0) { /* Response(s) dissect code */
5867 /* Build display for: Word Count (WCC) */
5869 WordCount = GBYTE(pd, offset);
5873 proto_tree_add_text(tree, offset, 1, "Word Count (WCC): %u", WordCount);
5877 offset += 1; /* Skip Word Count (WCC) */
5879 /* Build display for: Byte Count (BCC) */
5881 ByteCount = GSHORT(pd, offset);
5885 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5889 offset += 2; /* Skip Byte Count (BCC) */
5896 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5905 if (dirn == 1) { /* Request(s) dissect code */
5907 /* Build display for: Word Count (WCT) */
5909 WordCount = GBYTE(pd, offset);
5913 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5917 offset += 1; /* Skip Word Count (WCT) */
5919 /* Build display for: FID */
5921 FID = GSHORT(pd, offset);
5925 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5929 offset += 2; /* Skip FID */
5931 /* Build display for: Count */
5933 Count = GWORD(pd, offset);
5937 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
5941 offset += 4; /* Skip Count */
5943 /* Build display for: Offset */
5945 Offset = GWORD(pd, offset);
5949 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5953 offset += 4; /* Skip Offset */
5955 /* Build display for: Byte Count (BCC) */
5957 ByteCount = GSHORT(pd, offset);
5961 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5965 offset += 2; /* Skip Byte Count (BCC) */
5969 if (dirn == 0) { /* Response(s) dissect code */
5971 /* Build display for: Word Count (WCT) */
5973 WordCount = GBYTE(pd, offset);
5977 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5981 offset += 1; /* Skip Word Count (WCT) */
5983 /* Build display for: Byte Count (BCC) */
5985 ByteCount = GSHORT(pd, offset);
5989 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5993 offset += 2; /* Skip Byte Count (BCC) */
6000 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6004 guint8 BufferFormat;
6006 guint16 RestartIndex;
6012 if (dirn == 1) { /* Request(s) dissect code */
6014 /* Build display for: Word Count */
6016 WordCount = GBYTE(pd, offset);
6020 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
6024 offset += 1; /* Skip Word Count */
6026 /* Build display for: Max Count */
6028 MaxCount = GSHORT(pd, offset);
6032 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6036 offset += 2; /* Skip Max Count */
6038 /* Build display for: Start Index */
6040 StartIndex = GSHORT(pd, offset);
6044 proto_tree_add_text(tree, offset, 2, "Start Index: %u", StartIndex);
6048 offset += 2; /* Skip Start Index */
6050 /* Build display for: Byte Count (BCC) */
6052 ByteCount = GSHORT(pd, offset);
6056 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6060 offset += 2; /* Skip Byte Count (BCC) */
6064 if (dirn == 0) { /* Response(s) dissect code */
6066 /* Build display for: Word Count (WCT) */
6068 WordCount = GBYTE(pd, offset);
6072 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6076 offset += 1; /* Skip Word Count (WCT) */
6078 if (WordCount > 0) {
6080 /* Build display for: Count */
6082 Count = GSHORT(pd, offset);
6086 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6090 offset += 2; /* Skip Count */
6092 /* Build display for: Restart Index */
6094 RestartIndex = GSHORT(pd, offset);
6098 proto_tree_add_text(tree, offset, 2, "Restart Index: %u", RestartIndex);
6102 offset += 2; /* Skip Restart Index */
6104 /* Build display for: Byte Count (BCC) */
6108 ByteCount = GSHORT(pd, offset);
6112 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6116 offset += 2; /* Skip Byte Count (BCC) */
6118 /* Build display for: Buffer Format */
6120 BufferFormat = GBYTE(pd, offset);
6124 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6128 offset += 1; /* Skip Buffer Format */
6130 /* Build display for: Data Length */
6132 DataLength = GSHORT(pd, offset);
6136 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6140 offset += 2; /* Skip Data Length */
6147 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6150 proto_tree *LockType_tree;
6155 guint8 AndXReserved;
6156 guint8 AndXCommand = 0xFF;
6158 guint16 NumberofLocks;
6159 guint16 NumberOfUnlocks;
6163 guint16 AndXOffset = 0;
6165 if (dirn == 1) { /* Request(s) dissect code */
6167 /* Build display for: Word Count (WCT) */
6169 WordCount = GBYTE(pd, offset);
6173 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6177 offset += 1; /* Skip Word Count (WCT) */
6179 /* Build display for: AndXCommand */
6181 AndXCommand = GBYTE(pd, offset);
6185 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
6189 offset += 1; /* Skip AndXCommand */
6191 /* Build display for: AndXReserved */
6193 AndXReserved = GBYTE(pd, offset);
6197 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6201 offset += 1; /* Skip AndXReserved */
6203 /* Build display for: AndXOffset */
6205 AndXOffset = GSHORT(pd, offset);
6209 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
6213 offset += 2; /* Skip AndXOffset */
6215 /* Build display for: FID */
6217 FID = GSHORT(pd, offset);
6221 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6225 offset += 2; /* Skip FID */
6227 /* Build display for: Lock Type */
6229 LockType = GBYTE(pd, offset);
6233 ti = proto_tree_add_text(tree, offset, 1, "Lock Type: 0x%01x", LockType);
6234 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6235 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6236 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6237 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6238 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6239 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6240 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6241 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6242 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6243 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6244 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6248 offset += 1; /* Skip Lock Type */
6250 /* Build display for: OplockLevel */
6252 OplockLevel = GBYTE(pd, offset);
6256 proto_tree_add_text(tree, offset, 1, "OplockLevel: %u", OplockLevel);
6260 offset += 1; /* Skip OplockLevel */
6262 /* Build display for: Timeout */
6264 Timeout = GWORD(pd, offset);
6268 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
6272 offset += 4; /* Skip Timeout */
6274 /* Build display for: Number Of Unlocks */
6276 NumberOfUnlocks = GSHORT(pd, offset);
6280 proto_tree_add_text(tree, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6284 offset += 2; /* Skip Number Of Unlocks */
6286 /* Build display for: Number of Locks */
6288 NumberofLocks = GSHORT(pd, offset);
6292 proto_tree_add_text(tree, offset, 2, "Number of Locks: %u", NumberofLocks);
6296 offset += 2; /* Skip Number of Locks */
6298 /* Build display for: Byte Count (BCC) */
6300 ByteCount = GSHORT(pd, offset);
6304 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6308 offset += 2; /* Skip Byte Count (BCC) */
6311 if (AndXCommand != 0xFF) {
6313 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6319 if (dirn == 0) { /* Response(s) dissect code */
6321 /* Build display for: Word Count (WCT) */
6323 WordCount = GBYTE(pd, offset);
6327 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6331 offset += 1; /* Skip Word Count (WCT) */
6333 if (WordCount > 0) {
6335 /* Build display for: AndXCommand */
6337 AndXCommand = GBYTE(pd, offset);
6341 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
6342 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6346 offset += 1; /* Skip AndXCommand */
6348 /* Build display for: AndXReserved */
6350 AndXReserved = GBYTE(pd, offset);
6354 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6358 offset += 1; /* Skip AndXReserved */
6360 /* Build display for: AndXoffset */
6362 AndXoffset = GSHORT(pd, offset);
6366 proto_tree_add_text(tree, offset, 2, "AndXoffset: %u", AndXoffset);
6370 offset += 2; /* Skip AndXoffset */
6374 /* Build display for: Byte Count */
6376 ByteCount = GSHORT(pd, offset);
6380 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
6384 offset += 2; /* Skip Byte Count */
6387 if (AndXCommand != 0xFF) {
6389 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6398 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6407 if (dirn == 1) { /* Request(s) dissect code */
6409 /* Build display for: Word Count (WCT) */
6411 WordCount = GBYTE(pd, offset);
6415 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6419 offset += 1; /* Skip Word Count (WCT) */
6421 /* Build display for: FID */
6423 FID = GSHORT(pd, offset);
6427 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6431 offset += 2; /* Skip FID */
6433 /* Build display for: Count */
6435 Count = GWORD(pd, offset);
6439 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
6443 offset += 4; /* Skip Count */
6445 /* Build display for: Offset */
6447 Offset = GWORD(pd, offset);
6451 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
6455 offset += 4; /* Skip Offset */
6457 /* Build display for: Byte Count (BCC) */
6459 ByteCount = GSHORT(pd, offset);
6463 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6467 offset += 2; /* Skip Byte Count (BCC) */
6471 if (dirn == 0) { /* Response(s) dissect code */
6473 /* Build display for: Word Count (WCT) */
6475 WordCount = GBYTE(pd, offset);
6479 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6483 offset += 1; /* Skip Word Count (WCT) */
6485 /* Build display for: Byte Count (BCC) */
6487 ByteCount = GSHORT(pd, offset);
6491 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6495 offset += 2; /* Skip Byte Count (BCC) */
6502 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6505 proto_tree *Attributes_tree;
6508 guint8 BufferFormat;
6510 guint16 CreationTime;
6513 const char *FileName;
6515 if (dirn == 1) { /* Request(s) dissect code */
6517 /* Build display for: Word Count (WCT) */
6519 WordCount = GBYTE(pd, offset);
6523 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6527 offset += 1; /* Skip Word Count (WCT) */
6529 /* Build display for: Attributes */
6531 Attributes = GSHORT(pd, offset);
6535 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
6536 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
6537 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6538 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
6539 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6540 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
6541 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6542 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
6543 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6544 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
6545 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6546 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
6547 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6548 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
6552 offset += 2; /* Skip Attributes */
6554 /* Build display for: Creation Time */
6556 CreationTime = GSHORT(pd, offset);
6560 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6564 offset += 2; /* Skip Creation Time */
6566 /* Build display for: Byte Count (BCC) */
6568 ByteCount = GSHORT(pd, offset);
6572 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6576 offset += 2; /* Skip Byte Count (BCC) */
6578 /* Build display for: Buffer Format */
6580 BufferFormat = GBYTE(pd, offset);
6584 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6588 offset += 1; /* Skip Buffer Format */
6590 /* Build display for: File Name */
6592 FileName = pd + offset;
6596 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6600 offset += strlen(FileName) + 1; /* Skip File Name */
6604 if (dirn == 0) { /* Response(s) dissect code */
6606 /* Build display for: Word Count (WCT) */
6608 WordCount = GBYTE(pd, offset);
6612 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6616 offset += 1; /* Skip Word Count (WCT) */
6618 if (WordCount > 0) {
6620 /* Build display for: FID */
6622 FID = GSHORT(pd, offset);
6626 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6630 offset += 2; /* Skip FID */
6634 /* Build display for: Byte Count (BCC) */
6636 ByteCount = GSHORT(pd, offset);
6640 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6644 offset += 2; /* Skip Byte Count (BCC) */
6651 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6655 guint8 BufferFormat2;
6656 guint8 BufferFormat1;
6657 guint8 BufferFormat;
6658 guint16 SearchAttributes;
6659 guint16 ResumeKeyLength;
6664 const char *FileName;
6666 if (dirn == 1) { /* Request(s) dissect code */
6668 /* Build display for: Word Count (WCT) */
6670 WordCount = GBYTE(pd, offset);
6674 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6678 offset += 1; /* Skip Word Count (WCT) */
6680 /* Build display for: Max Count */
6682 MaxCount = GSHORT(pd, offset);
6686 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6690 offset += 2; /* Skip Max Count */
6692 /* Build display for: Search Attributes */
6694 SearchAttributes = GSHORT(pd, offset);
6698 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
6702 offset += 2; /* Skip Search Attributes */
6704 /* Build display for: Byte Count (BCC) */
6706 ByteCount = GSHORT(pd, offset);
6710 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6714 offset += 2; /* Skip Byte Count (BCC) */
6716 /* Build display for: Buffer Format 1 */
6718 BufferFormat1 = GBYTE(pd, offset);
6722 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
6726 offset += 1; /* Skip Buffer Format 1 */
6728 /* Build display for: File Name */
6730 FileName = pd + offset;
6734 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6738 offset += strlen(FileName) + 1; /* Skip File Name */
6740 /* Build display for: Buffer Format 2 */
6742 BufferFormat2 = GBYTE(pd, offset);
6746 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
6750 offset += 1; /* Skip Buffer Format 2 */
6752 /* Build display for: Resume Key Length */
6754 ResumeKeyLength = GSHORT(pd, offset);
6758 proto_tree_add_text(tree, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
6762 offset += 2; /* Skip Resume Key Length */
6766 if (dirn == 0) { /* Response(s) dissect code */
6768 /* Build display for: Word Count (WCT) */
6770 WordCount = GBYTE(pd, offset);
6774 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6778 offset += 1; /* Skip Word Count (WCT) */
6780 if (WordCount > 0) {
6782 /* Build display for: Count */
6784 Count = GSHORT(pd, offset);
6788 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6792 offset += 2; /* Skip Count */
6796 /* Build display for: Byte Count (BCC) */
6798 ByteCount = GSHORT(pd, offset);
6802 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6806 offset += 2; /* Skip Byte Count (BCC) */
6808 /* Build display for: Buffer Format */
6810 BufferFormat = GBYTE(pd, offset);
6814 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6818 offset += 1; /* Skip Buffer Format */
6820 /* Build display for: Data Length */
6822 DataLength = GSHORT(pd, offset);
6826 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6830 offset += 2; /* Skip Data Length */
6837 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6841 guint8 BufferFormat;
6844 guint16 CreationTime;
6845 guint16 CreationDate;
6847 const char *FileName;
6848 const char *DirectoryName;
6850 if (dirn == 1) { /* Request(s) dissect code */
6852 /* Build display for: Word Count (WCT) */
6854 WordCount = GBYTE(pd, offset);
6858 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6862 offset += 1; /* Skip Word Count (WCT) */
6864 /* Build display for: Reserved */
6866 Reserved = GSHORT(pd, offset);
6870 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
6874 offset += 2; /* Skip Reserved */
6876 /* Build display for: Creation Time */
6878 CreationTime = GSHORT(pd, offset);
6882 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6886 offset += 2; /* Skip Creation Time */
6888 /* Build display for: Creation Date */
6890 CreationDate = GSHORT(pd, offset);
6894 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
6898 offset += 2; /* Skip Creation Date */
6900 /* Build display for: Byte Count (BCC) */
6902 ByteCount = GSHORT(pd, offset);
6906 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6910 offset += 2; /* Skip Byte Count (BCC) */
6912 /* Build display for: Buffer Format */
6914 BufferFormat = GBYTE(pd, offset);
6918 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6922 offset += 1; /* Skip Buffer Format */
6924 /* Build display for: Directory Name */
6926 DirectoryName = pd + offset;
6930 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
6934 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
6938 if (dirn == 0) { /* Response(s) dissect code */
6940 /* Build display for: Word Count (WCT) */
6942 WordCount = GBYTE(pd, offset);
6946 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6950 offset += 1; /* Skip Word Count (WCT) */
6952 if (WordCount > 0) {
6954 /* Build display for: FID */
6956 FID = GSHORT(pd, offset);
6960 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6964 offset += 2; /* Skip FID */
6968 /* Build display for: Byte Count (BCC) */
6970 ByteCount = GSHORT(pd, offset);
6974 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6978 offset += 2; /* Skip Byte Count (BCC) */
6980 /* Build display for: Buffer Format */
6982 BufferFormat = GBYTE(pd, offset);
6986 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6990 offset += 1; /* Skip Buffer Format */
6992 /* Build display for: File Name */
6994 FileName = pd + offset;
6998 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7002 offset += strlen(FileName) + 1; /* Skip File Name */
7009 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7013 guint16 LastWriteTime;
7014 guint16 LastWriteDate;
7018 if (dirn == 1) { /* Request(s) dissect code */
7020 /* Build display for: Word Count (WCT) */
7022 WordCount = GBYTE(pd, offset);
7026 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7030 offset += 1; /* Skip Word Count (WCT) */
7032 /* Build display for: FID */
7034 FID = GSHORT(pd, offset);
7038 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7042 offset += 2; /* Skip FID */
7044 /* Build display for: Last Write Time */
7046 LastWriteTime = GSHORT(pd, offset);
7050 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
7054 offset += 2; /* Skip Last Write Time */
7056 /* Build display for: Last Write Date */
7058 LastWriteDate = GSHORT(pd, offset);
7062 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
7066 offset += 2; /* Skip Last Write Date */
7068 /* Build display for: Byte Count (BCC) */
7070 ByteCount = GSHORT(pd, offset);
7074 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7078 offset += 2; /* Skip Byte Count (BCC) */
7082 if (dirn == 0) { /* Response(s) dissect code */
7084 /* Build display for: Word Count (WCT) */
7086 WordCount = GBYTE(pd, offset);
7090 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7094 offset += 1; /* Skip Word Count (WCT) */
7096 /* Build display for: Byte Count (BCC) */
7098 ByteCount = GSHORT(pd, offset);
7102 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7106 offset += 2; /* Skip Byte Count (BCC) */
7113 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7117 guint8 BufferFormat;
7122 if (dirn == 1) { /* Request(s) dissect code */
7124 /* Build display for: Word Count (WCT) */
7126 WordCount = GBYTE(pd, offset);
7130 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7134 offset += 1; /* Skip Word Count (WCT) */
7136 /* Build display for: FID */
7138 FID = GSHORT(pd, offset);
7142 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7146 offset += 2; /* Skip FID */
7148 /* Build display for: Byte Count (BCC) */
7150 ByteCount = GSHORT(pd, offset);
7154 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7158 offset += 2; /* Skip Byte Count (BCC) */
7160 /* Build display for: Buffer Format */
7162 BufferFormat = GBYTE(pd, offset);
7166 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7170 offset += 1; /* Skip Buffer Format */
7172 /* Build display for: Data Length */
7174 DataLength = GSHORT(pd, offset);
7178 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7182 offset += 2; /* Skip Data Length */
7186 if (dirn == 0) { /* Response(s) dissect code */
7188 /* Build display for: Word Count (WCT) */
7190 WordCount = GBYTE(pd, offset);
7194 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7198 offset += 1; /* Skip Word Count (WCT) */
7200 /* Build display for: Byte Count (BCC) */
7202 ByteCount = GSHORT(pd, offset);
7206 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7210 offset += 2; /* Skip Byte Count (BCC) */
7217 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7221 guint8 BufferFormat;
7233 if (dirn == 1) { /* Request(s) dissect code */
7235 /* Build display for: Word Count (WCT) */
7237 WordCount = GBYTE(pd, offset);
7241 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7245 offset += 1; /* Skip Word Count (WCT) */
7247 /* Build display for: FID */
7249 FID = GSHORT(pd, offset);
7253 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7257 offset += 2; /* Skip FID */
7259 /* Build display for: Count */
7261 Count = GSHORT(pd, offset);
7265 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7269 offset += 2; /* Skip Count */
7271 /* Build display for: Offset */
7273 Offset = GWORD(pd, offset);
7277 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7281 offset += 4; /* Skip Offset */
7283 /* Build display for: Remaining */
7285 Remaining = GSHORT(pd, offset);
7289 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7293 offset += 2; /* Skip Remaining */
7295 /* Build display for: Byte Count (BCC) */
7297 ByteCount = GSHORT(pd, offset);
7301 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7305 offset += 2; /* Skip Byte Count (BCC) */
7309 if (dirn == 0) { /* Response(s) dissect code */
7311 /* Build display for: Word Count (WCT) */
7313 WordCount = GBYTE(pd, offset);
7317 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7321 offset += 1; /* Skip Word Count (WCT) */
7323 if (WordCount > 0) {
7325 /* Build display for: Count */
7327 Count = GSHORT(pd, offset);
7331 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7335 offset += 2; /* Skip Count */
7337 /* Build display for: Reserved 1 */
7339 Reserved1 = GSHORT(pd, offset);
7343 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7347 offset += 2; /* Skip Reserved 1 */
7349 /* Build display for: Reserved 2 */
7351 Reserved2 = GSHORT(pd, offset);
7355 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7359 offset += 2; /* Skip Reserved 2 */
7361 /* Build display for: Reserved 3 */
7363 Reserved3 = GSHORT(pd, offset);
7367 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7371 offset += 2; /* Skip Reserved 3 */
7373 /* Build display for: Reserved 4 */
7375 Reserved4 = GSHORT(pd, offset);
7379 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7383 offset += 2; /* Skip Reserved 4 */
7385 /* Build display for: Byte Count (BCC) */
7387 ByteCount = GSHORT(pd, offset);
7391 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7397 offset += 2; /* Skip Byte Count (BCC) */
7399 /* Build display for: Buffer Format */
7401 BufferFormat = GBYTE(pd, offset);
7405 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7409 offset += 1; /* Skip Buffer Format */
7411 /* Build display for: Data Length */
7413 DataLength = GSHORT(pd, offset);
7417 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7421 offset += 2; /* Skip Data Length */
7428 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7434 if (dirn == 1) { /* Request(s) dissect code */
7436 /* Build display for: Word Count (WCT) */
7438 WordCount = GBYTE(pd, offset);
7442 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7446 offset += 1; /* Skip Word Count (WCT) */
7448 /* Build display for: Byte Count (BCC) */
7450 ByteCount = GSHORT(pd, offset);
7454 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7458 offset += 2; /* Skip Byte Count (BCC) */
7462 if (dirn == 0) { /* Response(s) dissect code */
7464 /* Build display for: Word Count (WCT) */
7466 WordCount = GBYTE(pd, offset);
7470 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7474 offset += 1; /* Skip Word Count (WCT) */
7476 /* Build display for: Byte Count (BCC) */
7478 ByteCount = GSHORT(pd, offset);
7482 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7486 offset += 2; /* Skip Byte Count (BCC) */
7493 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7496 proto_tree *Attributes_tree;
7499 guint8 BufferFormat;
7506 guint16 LastWriteTime;
7507 guint16 LastWriteDate;
7510 const char *FileName;
7512 if (dirn == 1) { /* Request(s) dissect code */
7514 /* Build display for: Word Count (WCT) */
7516 WordCount = GBYTE(pd, offset);
7520 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7524 offset += 1; /* Skip Word Count (WCT) */
7526 /* Build display for: Byte Count (BCC) */
7528 ByteCount = GSHORT(pd, offset);
7532 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7536 offset += 2; /* Skip Byte Count (BCC) */
7538 /* Build display for: Buffer Format */
7540 BufferFormat = GBYTE(pd, offset);
7544 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7548 offset += 1; /* Skip Buffer Format */
7550 /* Build display for: File Name */
7552 FileName = pd + offset;
7556 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7560 offset += strlen(FileName) + 1; /* Skip File Name */
7564 if (dirn == 0) { /* Response(s) dissect code */
7566 /* Build display for: Word Count (WCT) */
7568 WordCount = GBYTE(pd, offset);
7572 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7576 offset += 1; /* Skip Word Count (WCT) */
7578 if (WordCount > 0) {
7580 /* Build display for: Attributes */
7582 Attributes = GSHORT(pd, offset);
7586 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
7587 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7588 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7589 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7590 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7591 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7592 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7593 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7594 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7595 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7596 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7597 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7598 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7599 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7603 offset += 2; /* Skip Attributes */
7605 /* Build display for: Last Write Time */
7607 LastWriteTime = GSHORT(pd, offset);
7613 offset += 2; /* Skip Last Write Time */
7615 /* Build display for: Last Write Date */
7617 LastWriteDate = GSHORT(pd, offset);
7621 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
7623 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
7627 offset += 2; /* Skip Last Write Date */
7629 /* Build display for: File Size */
7631 FileSize = GWORD(pd, offset);
7635 proto_tree_add_text(tree, offset, 4, "File Size: %u", FileSize);
7639 offset += 4; /* Skip File Size */
7641 /* Build display for: Reserved 1 */
7643 Reserved1 = GSHORT(pd, offset);
7647 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7651 offset += 2; /* Skip Reserved 1 */
7653 /* Build display for: Reserved 2 */
7655 Reserved2 = GSHORT(pd, offset);
7659 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7663 offset += 2; /* Skip Reserved 2 */
7665 /* Build display for: Reserved 3 */
7667 Reserved3 = GSHORT(pd, offset);
7671 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7675 offset += 2; /* Skip Reserved 3 */
7677 /* Build display for: Reserved 4 */
7679 Reserved4 = GSHORT(pd, offset);
7683 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7687 offset += 2; /* Skip Reserved 4 */
7689 /* Build display for: Reserved 5 */
7691 Reserved5 = GSHORT(pd, offset);
7695 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
7699 offset += 2; /* Skip Reserved 5 */
7703 /* Build display for: Byte Count (BCC) */
7705 ByteCount = GSHORT(pd, offset);
7709 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7713 offset += 2; /* Skip Byte Count (BCC) */
7720 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7734 guint16 BufferFormat;
7736 if (dirn == 1) { /* Request(s) dissect code */
7738 /* Build display for: Word Count (WCT) */
7740 WordCount = GBYTE(pd, offset);
7744 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7748 offset += 1; /* Skip Word Count (WCT) */
7750 /* Build display for: FID */
7752 FID = GSHORT(pd, offset);
7756 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7760 offset += 2; /* Skip FID */
7762 /* Build display for: Count */
7764 Count = GSHORT(pd, offset);
7768 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7772 offset += 2; /* Skip Count */
7774 /* Build display for: Offset */
7776 Offset = GWORD(pd, offset);
7780 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7784 offset += 4; /* Skip Offset */
7786 /* Build display for: Remaining */
7788 Remaining = GSHORT(pd, offset);
7792 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7796 offset += 2; /* Skip Remaining */
7798 /* Build display for: Byte Count (BCC) */
7800 ByteCount = GSHORT(pd, offset);
7804 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7808 offset += 2; /* Skip Byte Count (BCC) */
7812 if (dirn == 0) { /* Response(s) dissect code */
7814 /* Build display for: Word Count (WCT) */
7816 WordCount = GBYTE(pd, offset);
7820 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7824 offset += 1; /* Skip Word Count (WCT) */
7826 if (WordCount > 0) {
7828 /* Build display for: Count */
7830 Count = GSHORT(pd, offset);
7834 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7838 offset += 2; /* Skip Count */
7840 /* Build display for: Reserved 1 */
7842 Reserved1 = GSHORT(pd, offset);
7846 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7850 offset += 2; /* Skip Reserved 1 */
7852 /* Build display for: Reserved 2 */
7854 Reserved2 = GSHORT(pd, offset);
7858 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7862 offset += 2; /* Skip Reserved 2 */
7864 /* Build display for: Reserved 3 */
7866 Reserved3 = GSHORT(pd, offset);
7870 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7874 offset += 2; /* Skip Reserved 3 */
7876 /* Build display for: Reserved 4 */
7878 Reserved4 = GSHORT(pd, offset);
7882 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7886 offset += 2; /* Skip Reserved 4 */
7890 /* Build display for: Byte Count (BCC) */
7892 ByteCount = GSHORT(pd, offset);
7896 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7900 offset += 2; /* Skip Byte Count (BCC) */
7902 /* Build display for: Buffer Format */
7904 BufferFormat = GSHORT(pd, offset);
7908 proto_tree_add_text(tree, offset, 2, "Buffer Format: %u", BufferFormat);
7912 offset += 2; /* Skip Buffer Format */
7914 /* Build display for: Data Length */
7916 DataLength = GSHORT(pd, offset);
7920 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7924 offset += 2; /* Skip Data Length */
7931 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7934 proto_tree *WriteMode_tree;
7939 guint32 ResponseMask;
7940 guint32 RequestMask;
7949 if (dirn == 1) { /* Request(s) dissect code */
7951 /* Build display for: Word Count (WCT) */
7953 WordCount = GBYTE(pd, offset);
7957 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7961 offset += 1; /* Skip Word Count (WCT) */
7963 /* Build display for: FID */
7965 FID = GSHORT(pd, offset);
7969 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7973 offset += 2; /* Skip FID */
7975 /* Build display for: Count */
7977 Count = GSHORT(pd, offset);
7981 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7985 offset += 2; /* Skip Count */
7987 /* Build display for: Reserved 1 */
7989 Reserved1 = GSHORT(pd, offset);
7993 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7997 offset += 2; /* Skip Reserved 1 */
7999 /* Build display for: Timeout */
8001 Timeout = GWORD(pd, offset);
8005 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8009 offset += 4; /* Skip Timeout */
8011 /* Build display for: WriteMode */
8013 WriteMode = GSHORT(pd, offset);
8017 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
8018 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
8019 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8020 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
8021 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8022 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8023 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8024 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8028 offset += 2; /* Skip WriteMode */
8030 /* Build display for: Request Mask */
8032 RequestMask = GWORD(pd, offset);
8036 proto_tree_add_text(tree, offset, 4, "Request Mask: %u", RequestMask);
8040 offset += 4; /* Skip Request Mask */
8042 /* Build display for: Data Length */
8044 DataLength = GSHORT(pd, offset);
8048 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
8052 offset += 2; /* Skip Data Length */
8054 /* Build display for: Data Offset */
8056 DataOffset = GSHORT(pd, offset);
8060 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8064 offset += 2; /* Skip Data Offset */
8066 /* Build display for: Byte Count (BCC) */
8068 ByteCount = GSHORT(pd, offset);
8072 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8076 offset += 2; /* Skip Byte Count (BCC) */
8078 /* Build display for: Pad */
8080 Pad = GBYTE(pd, offset);
8084 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
8088 offset += 1; /* Skip Pad */
8092 if (dirn == 0) { /* Response(s) dissect code */
8094 /* Build display for: Word Count (WCT) */
8096 WordCount = GBYTE(pd, offset);
8100 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8104 offset += 1; /* Skip Word Count (WCT) */
8106 if (WordCount > 0) {
8108 /* Build display for: Response Mask */
8110 ResponseMask = GWORD(pd, offset);
8114 proto_tree_add_text(tree, offset, 4, "Response Mask: %u", ResponseMask);
8118 offset += 4; /* Skip Response Mask */
8120 /* Build display for: Byte Count (BCC) */
8122 ByteCount = GSHORT(pd, offset);
8126 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8132 offset += 2; /* Skip Byte Count (BCC) */
8139 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8146 if (dirn == 1) { /* Request(s) dissect code */
8148 /* Build display for: Word Count (WTC) */
8150 WordCount = GBYTE(pd, offset);
8154 proto_tree_add_text(tree, offset, 1, "Word Count (WTC): %u", WordCount);
8158 offset += 1; /* Skip Word Count (WTC) */
8160 /* Build display for: FID */
8162 FID = GSHORT(pd, offset);
8166 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
8170 offset += 2; /* Skip FID */
8172 /* Build display for: Byte Count (BCC) */
8174 ByteCount = GSHORT(pd, offset);
8178 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8182 offset += 2; /* Skip Byte Count (BCC) */
8186 if (dirn == 0) { /* Response(s) dissect code */
8188 /* Build display for: Word Count (WCT) */
8190 WordCount = GBYTE(pd, offset);
8194 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8198 offset += 1; /* Skip Word Count (WCT) */
8200 /* Build display for: Byte Count (BCC) */
8202 ByteCount = GBYTE(pd, offset);
8206 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
8210 offset += 1; /* Skip Byte Count (BCC) */
8216 char *trans2_cmd_names[] = {
8218 "TRANS2_FIND_FIRST2",
8219 "TRANS2_FIND_NEXT2",
8220 "TRANS2_QUERY_FS_INFORMATION",
8221 "TRANS2_QUERY_PATH_INFORMATION",
8222 "TRANS2_SET_PATH_INFORMATION",
8223 "TRANS2_QUERY_FILE_INFORMATION",
8224 "TRANS2_SET_FILE_INFORMATION",
8227 "TRANS2_FIND_NOTIFY_FIRST",
8228 "TRANS2_FIND_NOTIFY_NEXT",
8229 "TRANS2_CREATE_DIRECTORY",
8230 "TRANS2_SESSION_SETUP",
8231 "TRANS2_GET_DFS_REFERRAL",
8233 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8235 char *decode_trans2_name(int code)
8238 if (code > 17 || code < 0) {
8240 return("no such command");
8244 return trans2_cmd_names[code];
8248 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int);
8250 guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
8253 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8256 proto_tree *Flags_tree;
8264 guint8 MaxSetupCount;
8267 guint16 TotalParameterCount;
8268 guint16 TotalDataCount;
8271 guint16 ParameterOffset;
8272 guint16 ParameterDisplacement;
8273 guint16 ParameterCount;
8274 guint16 MaxParameterCount;
8275 guint16 MaxDataCount;
8278 guint16 DataDisplacement;
8281 conversation_t *conversation;
8282 struct smb_request_key request_key, *new_request_key;
8283 struct smb_request_val *request_val;
8286 * Find out what conversation this packet is part of.
8287 * XXX - this should really be done by the transport-layer protocol,
8288 * although for connectionless transports, we may not want to do that
8289 * unless we know some higher-level protocol will want it - or we
8290 * may want to do it, so you can say e.g. "show only the packets in
8291 * this UDP 'connection'".
8293 * Note that we don't have to worry about the direction this packet
8294 * was going - the conversation code handles that for us, treating
8295 * packets from A:X to B:Y as being part of the same conversation as
8296 * packets from B:Y to A:X.
8298 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8299 pi.srcport, pi.destport);
8300 if (conversation == NULL) {
8301 /* It's not part of any conversation - create a new one. */
8302 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8303 pi.srcport, pi.destport, NULL);
8306 si.conversation = conversation; /* Save this for later */
8309 * Check for and insert entry in request hash table if does not exist
8311 request_key.conversation = conversation->index;
8312 request_key.mid = si.mid;
8314 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8316 if (!request_val) { /* Create one */
8318 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8319 new_request_key -> conversation = conversation->index;
8320 new_request_key -> mid = si.mid;
8322 request_val = g_mem_chunk_alloc(smb_request_vals);
8323 request_val -> mid = si.mid;
8324 request_val -> last_transact2_command = 0xFFFF;
8326 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8329 else { /* Update the transact request */
8331 request_val -> mid = si.mid;
8335 si.request_val = request_val; /* Save this for later */
8338 if (dirn == 1) { /* Request(s) dissect code */
8340 /* Build display for: Word Count (WCT) */
8342 WordCount = GBYTE(pd, offset);
8346 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8350 offset += 1; /* Skip Word Count (WCT) */
8352 /* Build display for: Total Parameter Count */
8354 TotalParameterCount = GSHORT(pd, offset);
8358 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8362 offset += 2; /* Skip Total Parameter Count */
8364 /* Build display for: Total Data Count */
8366 TotalDataCount = GSHORT(pd, offset);
8370 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8374 offset += 2; /* Skip Total Data Count */
8376 /* Build display for: Max Parameter Count */
8378 MaxParameterCount = GSHORT(pd, offset);
8382 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8386 offset += 2; /* Skip Max Parameter Count */
8388 /* Build display for: Max Data Count */
8390 MaxDataCount = GSHORT(pd, offset);
8394 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8398 offset += 2; /* Skip Max Data Count */
8400 /* Build display for: Max Setup Count */
8402 MaxSetupCount = GBYTE(pd, offset);
8406 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8410 offset += 1; /* Skip Max Setup Count */
8412 /* Build display for: Reserved1 */
8414 Reserved1 = GBYTE(pd, offset);
8418 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
8422 offset += 1; /* Skip Reserved1 */
8424 /* Build display for: Flags */
8426 Flags = GSHORT(pd, offset);
8430 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
8431 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
8432 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8433 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8434 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8435 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8439 offset += 2; /* Skip Flags */
8441 /* Build display for: Timeout */
8443 Timeout = GWORD(pd, offset);
8447 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8451 offset += 4; /* Skip Timeout */
8453 /* Build display for: Reserved2 */
8455 Reserved2 = GSHORT(pd, offset);
8459 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8463 offset += 2; /* Skip Reserved2 */
8465 /* Build display for: Parameter Count */
8467 ParameterCount = GSHORT(pd, offset);
8471 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8475 offset += 2; /* Skip Parameter Count */
8477 /* Build display for: Parameter Offset */
8479 ParameterOffset = GSHORT(pd, offset);
8483 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8487 offset += 2; /* Skip Parameter Offset */
8489 /* Build display for: Data Count */
8491 DataCount = GSHORT(pd, offset);
8495 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8499 offset += 2; /* Skip Data Count */
8501 /* Build display for: Data Offset */
8503 DataOffset = GSHORT(pd, offset);
8507 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8511 offset += 2; /* Skip Data Offset */
8513 /* Build display for: Setup Count */
8515 SetupCount = GBYTE(pd, offset);
8519 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8523 offset += 1; /* Skip Setup Count */
8525 /* Build display for: Reserved3 */
8527 Reserved3 = GBYTE(pd, offset);
8531 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8535 offset += 1; /* Skip Reserved3 */
8537 /* Build display for: Setup */
8539 if (SetupCount > 0) {
8543 Setup = GSHORT(pd, offset);
8545 request_val -> last_transact2_command = Setup; /* Save for later */
8547 if (check_col(fd, COL_INFO)) {
8549 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
8553 for (i = 1; i <= SetupCount; i++) {
8556 Setup1 = GSHORT(pd, offset);
8560 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup1);
8564 offset += 2; /* Skip Setup */
8570 /* Build display for: Byte Count (BCC) */
8572 ByteCount = GSHORT(pd, offset);
8576 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8580 offset += 2; /* Skip Byte Count (BCC) */
8582 /* Build display for: Transact Name */
8586 proto_tree_add_text(tree, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
8592 /* Build display for: Pad1 */
8594 Pad1 = GBYTE(pd, offset);
8598 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8602 offset += 1; /* Skip Pad1 */
8606 if (ParameterCount > 0) {
8608 /* Build display for: Parameters */
8612 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8616 offset += ParameterCount; /* Skip Parameters */
8622 /* Build display for: Pad2 */
8624 Pad2 = GBYTE(pd, offset);
8628 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8632 offset += 1; /* Skip Pad2 */
8636 if (DataCount > 0) {
8638 /* Build display for: Data */
8640 Data = GBYTE(pd, offset);
8644 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
8648 offset += DataCount; /* Skip Data */
8653 if (dirn == 0) { /* Response(s) dissect code */
8655 /* Pick up the last transact2 command and put it in the right places */
8657 if (check_col(fd, COL_INFO)) {
8659 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
8663 /* Build display for: Word Count (WCT) */
8665 WordCount = GBYTE(pd, offset);
8669 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8673 offset += 1; /* Skip Word Count (WCT) */
8675 /* Build display for: Total Parameter Count */
8677 TotalParameterCount = GSHORT(pd, offset);
8681 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8685 offset += 2; /* Skip Total Parameter Count */
8687 /* Build display for: Total Data Count */
8689 TotalDataCount = GSHORT(pd, offset);
8693 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8697 offset += 2; /* Skip Total Data Count */
8699 /* Build display for: Reserved2 */
8701 Reserved2 = GSHORT(pd, offset);
8705 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8709 offset += 2; /* Skip Reserved2 */
8711 /* Build display for: Parameter Count */
8713 ParameterCount = GSHORT(pd, offset);
8717 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8721 offset += 2; /* Skip Parameter Count */
8723 /* Build display for: Parameter Offset */
8725 ParameterOffset = GSHORT(pd, offset);
8729 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8733 offset += 2; /* Skip Parameter Offset */
8735 /* Build display for: Parameter Displacement */
8737 ParameterDisplacement = GSHORT(pd, offset);
8741 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
8745 offset += 2; /* Skip Parameter Displacement */
8747 /* Build display for: Data Count */
8749 DataCount = GSHORT(pd, offset);
8753 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8757 offset += 2; /* Skip Data Count */
8759 /* Build display for: Data Offset */
8761 DataOffset = GSHORT(pd, offset);
8765 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8769 offset += 2; /* Skip Data Offset */
8771 /* Build display for: Data Displacement */
8773 DataDisplacement = GSHORT(pd, offset);
8777 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
8781 offset += 2; /* Skip Data Displacement */
8783 /* Build display for: Setup Count */
8785 SetupCount = GBYTE(pd, offset);
8789 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8793 offset += 1; /* Skip Setup Count */
8795 /* Build display for: Reserved3 */
8797 Reserved3 = GBYTE(pd, offset);
8801 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8805 offset += 1; /* Skip Reserved3 */
8807 /* Build display for: Setup */
8809 Setup = GSHORT(pd, offset);
8813 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
8817 offset += 2; /* Skip Setup */
8819 /* Build display for: Byte Count (BCC) */
8821 ByteCount = GSHORT(pd, offset);
8825 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8829 offset += 2; /* Skip Byte Count (BCC) */
8831 /* Build display for: Pad1 */
8833 Pad1 = GBYTE(pd, offset);
8837 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8841 offset += 1; /* Skip Pad1 */
8843 /* Build display for: Parameter */
8845 if (ParameterCount > 0) {
8849 proto_tree_add_text(tree, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8853 offset += ParameterCount; /* Skip Parameter */
8857 /* Build display for: Pad2 */
8859 Pad2 = GBYTE(pd, offset);
8863 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8867 offset += 1; /* Skip Pad2 */
8869 /* Build display for: Data */
8871 if (DataCount > 0) {
8875 proto_tree_add_text(tree, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
8879 offset += DataCount; /* Skip Data */
8887 char *p_desc = NULL, *d_desc = NULL, *data = NULL, *params = NULL;
8888 int p_count, d_count, p_offset, d_offset, d_current = 0, p_current = 0;
8889 int pd_p_current = 0, pd_d_current = 0, in_params = 0, need_data = 0;
8891 /* Initialize the various data structure */
8893 dissect_transact_engine_init(const u_char *pd, const char *param_desc, const char *data_desc, int ParameterOffset, int ParameterCount, int DataOffset, int DataCount)
8896 d_count = DataCount;
8897 p_count = ParameterCount;
8902 pd_d_current = DataOffset;
8903 pd_p_current = ParameterOffset;
8904 in_params = need_data = 0;
8906 if (p_desc) g_free(p_desc);
8907 p_desc = g_malloc(strlen(param_desc) + 1);
8908 strcpy(p_desc, param_desc);
8910 if (d_desc) g_free(d_desc);
8911 d_desc= g_malloc(strlen(data_desc) + 1);
8912 strcpy(d_desc, data_desc);
8914 if (params) g_free(params);
8915 params = g_malloc(p_count);
8916 memcpy(params, pd + ParameterOffset, ParameterCount);
8918 if (data) g_free(data);
8919 data = g_malloc(d_count);
8920 memcpy(data, pd + DataOffset, DataCount);
8924 int get_byte_count(const u_char *pd)
8929 while (pd[pd_p_current] && isdigit(pd[pd_p_current]))
8930 count += (int)pd[pd_p_current++] - (int)'0';
8935 /* Dissect the next item, if Name is null, call it by its data type */
8936 /* We pull out the next item in the appropriate place and display it */
8937 /* We display the parameters first, then the data, then any auxilliary data */
8939 int dissect_transact_next(u_char *pd, char *Name, int dirn, proto_tree *tree)
8941 /* guint8 BParam; */
8944 const char /**Bytes,*/ *AsciiZ;
8948 if (dirn == 1) { /* Request stuff */
8949 switch (in_params) {
8951 case 0: /* We are in the params area ... */
8953 switch (params[p_offset++]) {
8957 break; /* Do nothing about the above, because it is not there */
8959 case 'W': /* Word Parameter */
8961 /* Insert a word param */
8963 WParam = GSHORT(pd, pd_p_current);
8965 proto_tree_add_text(tree, pd_p_current, 2, "Word Param: %u", WParam);
8971 case 'D': /* Double Word parameter */
8973 LParam = GWORD(pd, pd_p_current);
8975 proto_tree_add_text(tree, pd_p_current, 4, "DWord Param: %u", LParam);
8981 case 'b': /* A byte or series of bytes */
8983 bc = get_byte_count(pd + pd_p_current); /* This is not clean */
8985 /*Bytes = g_malloc(bc + 1); / * Is this needed ? */
8987 proto_tree_add_text(tree, pd_p_current, bc, "B%u: %s", format_text(pd + pd_p_current, (bc) ? bc : 1));
8989 pd_p_current += (bc) ? bc : 1;
8993 case 'O': /* A null pointer */
8995 proto_tree_add_text(tree, pd_p_current, 0, "Null Pointer");
8999 case 'z': /* An AsciiZ string */
9001 AsciiZ = pd + pd_p_current;
9003 proto_tree_add_text(tree, pd_p_current, strlen(AsciiZ) + 1, "AsciiZ: %s", AsciiZ);
9005 pd_p_current += strlen(AsciiZ) + 1;
9009 case 'F': /* One or more pad bytes */
9011 bc = get_byte_count(pd);
9013 proto_tree_add_text(tree, pd_p_current, bc, "Pad%u: %s", format_text(pd + pd_p_current, bc));
9019 case 'L': /* Receive buffer len: Short */
9021 WParam = GSHORT(pd, pd_p_current);
9023 proto_tree_add_text(tree, pd_p_current, 2, "Word: %u", WParam);
9029 case 's': /* Send buf ... */
9033 LParam = GWORD(pd, pd_p_current);
9035 proto_tree_add_text(tree, pd_p_current, 4, "Buffer Ptr: %u", LParam);
9043 WParam = GSHORT(pd, pd_p_current);
9045 proto_tree_add_text(tree, pd_p_current, 2, "Buffer Len: %u", WParam);
9059 case 1: /* We are in the data area ... */
9072 dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, const char *TransactName)
9074 char *TransactNameCopy;
9075 char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
9080 TransactNameCopy = g_malloc(strlen(TransactName) + 1);
9082 /* Should check for error here ... */
9084 strcpy(TransactNameCopy, TransactName);
9085 if (TransactNameCopy[0] == '\\') {
9086 trans_type = TransactNameCopy + 1; /* Skip the slash */
9087 loc_of_slash = strchr(trans_type, '\\');
9091 index = loc_of_slash - trans_type; /* Make it a real index */
9092 trans_cmd = trans_type + index + 1;
9093 trans_type[index] = '\0';
9098 if ((trans_cmd == NULL) ||
9099 (((strcmp(trans_type, "MAILSLOT") != 0) ||
9100 !dissect_mailslot_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount)) &&
9101 ((strcmp(trans_type, "PIPE") != 0) ||
9102 !dissect_pipe_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, DataOffset, DataCount, ParameterOffset, ParameterCount)))) {
9104 if (ParameterCount > 0) {
9106 /* Build display for: Parameters */
9110 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9114 offset = SMB_offset + ParameterOffset + ParameterCount; /* Skip Parameters */
9120 /* Build display for: Pad2 */
9122 Pad2 = GBYTE(pd, offset);
9126 proto_tree_add_text(tree, offset, 1, "Pad2: %u: %u", Pad2, offset);
9130 offset += 1; /* Skip Pad2 */
9134 if (DataCount > 0) {
9136 /* Build display for: Data */
9138 Data = pd + SMB_offset + DataOffset;
9142 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9146 offset += DataCount; /* Skip Data */
9154 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
9157 proto_tree *Flags_tree;
9164 guint8 MaxSetupCount;
9166 guint16 TotalParameterCount;
9167 guint16 TotalDataCount;
9170 guint16 ParameterOffset;
9171 guint16 ParameterDisplacement;
9172 guint16 ParameterCount;
9173 guint16 MaxParameterCount;
9174 guint16 MaxDataCount;
9177 guint16 DataDisplacement;
9181 const char *TransactName;
9182 conversation_t *conversation;
9183 struct smb_request_key request_key, *new_request_key;
9184 struct smb_request_val *request_val;
9187 * Find out what conversation this packet is part of
9190 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
9191 pi.srcport, pi.destport);
9193 if (conversation == NULL) { /* Create a new conversation */
9195 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
9196 pi.srcport, pi.destport, NULL);
9200 si.conversation = conversation; /* Save this */
9203 * Check for and insert entry in request hash table if does not exist
9205 request_key.conversation = conversation->index;
9206 request_key.mid = si.mid;
9208 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
9210 if (!request_val) { /* Create one */
9212 new_request_key = g_mem_chunk_alloc(smb_request_keys);
9213 new_request_key -> conversation = conversation -> index;
9214 new_request_key -> mid = si.mid;
9216 request_val = g_mem_chunk_alloc(smb_request_vals);
9217 request_val -> mid = si.mid;
9218 request_val -> last_transact_command = NULL;
9219 request_val -> last_param_descrip = NULL;
9220 request_val -> last_data_descrip = NULL;
9222 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
9226 si.request_val = request_val; /* Save this for later */
9228 if (dirn == 1) { /* Request(s) dissect code */
9230 /* Build display for: Word Count (WCT) */
9232 WordCount = GBYTE(pd, offset);
9236 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
9240 offset += 1; /* Skip Word Count (WCT) */
9242 /* Build display for: Total Parameter Count */
9244 TotalParameterCount = GSHORT(pd, offset);
9248 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9252 offset += 2; /* Skip Total Parameter Count */
9254 /* Build display for: Total Data Count */
9256 TotalDataCount = GSHORT(pd, offset);
9260 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
9264 offset += 2; /* Skip Total Data Count */
9266 /* Build display for: Max Parameter Count */
9268 MaxParameterCount = GSHORT(pd, offset);
9272 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
9276 offset += 2; /* Skip Max Parameter Count */
9278 /* Build display for: Max Data Count */
9280 MaxDataCount = GSHORT(pd, offset);
9284 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
9288 offset += 2; /* Skip Max Data Count */
9290 /* Build display for: Max Setup Count */
9292 MaxSetupCount = GBYTE(pd, offset);
9296 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9300 offset += 1; /* Skip Max Setup Count */
9302 /* Build display for: Reserved1 */
9304 Reserved1 = GBYTE(pd, offset);
9308 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
9312 offset += 1; /* Skip Reserved1 */
9314 /* Build display for: Flags */
9316 Flags = GSHORT(pd, offset);
9320 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
9321 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9322 proto_tree_add_text(Flags_tree, offset, 2, "%s",
9323 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9324 proto_tree_add_text(Flags_tree, offset, 2, "%s",
9325 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9329 offset += 2; /* Skip Flags */
9331 /* Build display for: Timeout */
9333 Timeout = GWORD(pd, offset);
9337 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
9341 offset += 4; /* Skip Timeout */
9343 /* Build display for: Reserved2 */
9345 Reserved2 = GSHORT(pd, offset);
9349 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9353 offset += 2; /* Skip Reserved2 */
9355 /* Build display for: Parameter Count */
9357 ParameterCount = GSHORT(pd, offset);
9361 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9365 offset += 2; /* Skip Parameter Count */
9367 /* Build display for: Parameter Offset */
9369 ParameterOffset = GSHORT(pd, offset);
9373 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9377 offset += 2; /* Skip Parameter Offset */
9379 /* Build display for: Data Count */
9381 DataCount = GSHORT(pd, offset);
9385 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9389 offset += 2; /* Skip Data Count */
9391 /* Build display for: Data Offset */
9393 DataOffset = GSHORT(pd, offset);
9397 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9401 offset += 2; /* Skip Data Offset */
9403 /* Build display for: Setup Count */
9405 SetupCount = GBYTE(pd, offset);
9409 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9413 offset += 1; /* Skip Setup Count */
9415 /* Build display for: Reserved3 */
9417 Reserved3 = GBYTE(pd, offset);
9421 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9425 offset += 1; /* Skip Reserved3 */
9427 /* Build display for: Setup */
9429 if (SetupCount > 0) {
9433 Setup = GSHORT(pd, offset);
9435 for (i = 1; i <= SetupCount; i++) {
9437 Setup = GSHORT(pd, offset);
9441 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup);
9445 offset += 2; /* Skip Setup */
9451 /* Build display for: Byte Count (BCC) */
9453 ByteCount = GSHORT(pd, offset);
9457 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9461 offset += 2; /* Skip Byte Count (BCC) */
9463 /* Build display for: Transact Name */
9465 /* Watch out for Unicode names */
9469 if (offset % 2) offset++; /* Looks like a pad byte there sometimes */
9471 TransactName = unicode_to_str(pd + offset, &TNlen);
9476 TransactName = pd + offset;
9477 TNlen = strlen(TransactName) + 1;
9480 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9482 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9484 if (request_val -> last_transact_command)
9485 strcpy(request_val -> last_transact_command, TransactName);
9487 if (check_col(fd, COL_INFO)) {
9489 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9495 proto_tree_add_text(tree, offset, TNlen, "Transact Name: %s", TransactName);
9499 offset += TNlen; /* Skip Transact Name */
9500 if (si.unicode) offset += 2; /* There are two more extraneous bytes there*/
9504 /* Build display for: Pad1 */
9506 Pad1 = GBYTE(pd, offset);
9510 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9514 offset += 1; /* Skip Pad1 */
9518 /* Let's see if we can decode this */
9520 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, TransactName);
9524 if (dirn == 0) { /* Response(s) dissect code */
9526 if (check_col(fd, COL_INFO)) {
9528 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9532 /* Build display for: Word Count (WCT) */
9534 WordCount = GBYTE(pd, offset);
9538 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
9542 offset += 1; /* Skip Word Count (WCT) */
9544 /* Build display for: Total Parameter Count */
9546 TotalParameterCount = GSHORT(pd, offset);
9550 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9554 offset += 2; /* Skip Total Parameter Count */
9556 /* Build display for: Total Data Count */
9558 TotalDataCount = GSHORT(pd, offset);
9562 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
9566 offset += 2; /* Skip Total Data Count */
9568 /* Build display for: Reserved2 */
9570 Reserved2 = GSHORT(pd, offset);
9574 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9578 offset += 2; /* Skip Reserved2 */
9580 /* Build display for: Parameter Count */
9582 ParameterCount = GSHORT(pd, offset);
9586 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9590 offset += 2; /* Skip Parameter Count */
9592 /* Build display for: Parameter Offset */
9594 ParameterOffset = GSHORT(pd, offset);
9598 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9602 offset += 2; /* Skip Parameter Offset */
9604 /* Build display for: Parameter Displacement */
9606 ParameterDisplacement = GSHORT(pd, offset);
9610 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9614 offset += 2; /* Skip Parameter Displacement */
9616 /* Build display for: Data Count */
9618 DataCount = GSHORT(pd, offset);
9622 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9626 offset += 2; /* Skip Data Count */
9628 /* Build display for: Data Offset */
9630 DataOffset = GSHORT(pd, offset);
9634 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9638 offset += 2; /* Skip Data Offset */
9640 /* Build display for: Data Displacement */
9642 DataDisplacement = GSHORT(pd, offset);
9646 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
9650 offset += 2; /* Skip Data Displacement */
9652 /* Build display for: Setup Count */
9654 SetupCount = GBYTE(pd, offset);
9658 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9662 offset += 1; /* Skip Setup Count */
9664 /* Build display for: Reserved3 */
9666 Reserved3 = GBYTE(pd, offset);
9670 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9674 offset += 1; /* Skip Reserved3 */
9676 /* Build display for: Setup */
9678 if (SetupCount > 0) {
9680 /* Hmmm, should code for all setup words ... */
9682 Setup = GSHORT(pd, offset);
9686 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
9690 offset += 2; /* Skip Setup */
9694 /* Build display for: Byte Count (BCC) */
9696 ByteCount = GSHORT(pd, offset);
9700 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9704 offset += 2; /* Skip Byte Count (BCC) */
9706 /* Build display for: Pad1 */
9710 Pad1 = GBYTE(pd, offset);
9714 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9718 offset += 1; /* Skip Pad1 */
9722 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, si.request_val -> last_transact_command);
9729 * The routines for mailslot and pipe dissecting should be migrated to another
9733 #define NETSHAREENUM 0x00 /* 00 */
9734 #define NETSERVERENUM2 0x68 /* 104 */
9736 void dissect_server_flags(proto_tree *tree, int offset, int length, int flags)
9738 proto_tree_add_text(tree, offset, length, "%s",
9739 decode_boolean_bitfield(flags, 0x0001, length*8, "Workstation", "Not Workstation"));
9740 proto_tree_add_text(tree, offset, length, "%s",
9741 decode_boolean_bitfield(flags, 0x0002, length*8, "Server", "Not Server"));
9742 proto_tree_add_text(tree, offset, length, "%s",
9743 decode_boolean_bitfield(flags, 0x0004, length*8, "SQL Server", "Not SQL Server"));
9744 proto_tree_add_text(tree, offset, length, "%s",
9745 decode_boolean_bitfield(flags, 0x0008, length*8, "Domain Controller", "Not Domain Controller"));
9746 proto_tree_add_text(tree, offset, length, "%s",
9747 decode_boolean_bitfield(flags, 0x0010, length*8, "Backup Controller", "Not Backup Controller"));
9748 proto_tree_add_text(tree, offset, 4, "%s",
9749 decode_boolean_bitfield(flags, 0x0020, length*8, "Time Source", "Not Time Source"));
9750 proto_tree_add_text(tree, offset, length, "%s",
9751 decode_boolean_bitfield(flags, 0x0040, length*8, "Apple Server", "Not Apple Server"));
9752 proto_tree_add_text(tree, offset, length, "%s",
9753 decode_boolean_bitfield(flags, 0x0080, length*8, "Novell Server", "Not Novell Server"));
9754 proto_tree_add_text(tree, offset, length, "%s",
9755 decode_boolean_bitfield(flags, 0x0100, length*8, "Domain Member Server", "Not Domain Member Server"));
9756 proto_tree_add_text(tree, offset, length, "%s",
9757 decode_boolean_bitfield(flags, 0x0200, length*8, "Print Queue Server", "Not Print Queue Server"));
9758 proto_tree_add_text(tree, offset, length, "%s",
9759 decode_boolean_bitfield(flags, 0x0400, length*8, "Dialin Server", "Not Dialin Server"));
9760 proto_tree_add_text(tree, offset, length, "%s",
9761 decode_boolean_bitfield(flags, 0x0800, length*8, "Xenix Server", "Not Xenix Server"));
9762 proto_tree_add_text(tree, offset, length, "%s",
9763 decode_boolean_bitfield(flags, 0x1000, length*8, "NT Workstation", "Not NT Workstation"));
9764 proto_tree_add_text(tree, offset, length, "%s",
9765 decode_boolean_bitfield(flags, 0x2000, length*8, "Windows for Workgroups", "Not Windows for Workgroups"));
9766 proto_tree_add_text(tree, offset, length, "%s",
9767 decode_boolean_bitfield(flags, 0x8000, length*8, "NT Server", "Not NT Server"));
9768 proto_tree_add_text(tree, offset, length, "%s",
9769 decode_boolean_bitfield(flags, 0x10000, length*8, "Potential Browser", "Not Potential Browser"));
9770 proto_tree_add_text(tree, offset, length, "%s",
9771 decode_boolean_bitfield(flags, 0x20000, length*8, "Backup Browser", "Not Backup Browser"));
9772 proto_tree_add_text(tree, offset, length, "%s",
9773 decode_boolean_bitfield(flags, 0x40000, length*8, "Master Browser", "Not Master Browser"));
9774 proto_tree_add_text(tree, offset, length, "%s",
9775 decode_boolean_bitfield(flags, 0x80000, length*8, "Domain Master Browser", "Not Domain Master Browser"));
9776 proto_tree_add_text(tree, offset, length, "%s",
9777 decode_boolean_bitfield(flags, 0x100000, length*8, "OSF", "Not OSF"));
9778 proto_tree_add_text(tree, offset, length, "%s",
9779 decode_boolean_bitfield(flags, 0x200000, length*8, "VMS", "Not VMS"));
9780 proto_tree_add_text(tree, offset, length, "%s",
9781 decode_boolean_bitfield(flags, 0x400000, length*8, "Windows 95 or above", "Not Windows 95 or above"));
9782 proto_tree_add_text(tree, offset, length, "%s",
9783 decode_boolean_bitfield(flags, 0x40000000, length*8, "Local List Only", "Not Local List Only"));
9784 proto_tree_add_text(tree, offset, length, "%s",
9785 decode_boolean_bitfield(flags, 0x80000000, length*8, "Domain Enum", "Not Domain Enum"));
9790 dissect_pipe_lanman(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount)
9792 guint32 loc_offset = SMB_offset + ParameterOffset;
9793 guint16 FunctionCode;
9797 const char *ParameterDescriptor;
9798 const char *ReturnDescriptor;
9799 proto_tree *lanman_tree = NULL, *flags_tree = NULL;
9802 if (check_col(fd, COL_PROTOCOL))
9803 col_add_fstr(fd, COL_PROTOCOL, "LANMAN");
9805 if (dirn == 1) { /* The request side */
9807 FunctionCode = GSHORT(pd, loc_offset);
9809 si.request_val -> last_lanman_cmd = FunctionCode;
9811 switch (FunctionCode) {
9815 if (check_col(fd, COL_INFO)) {
9817 col_add_fstr(fd, COL_INFO, "NetShareEnum Request");
9823 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, ParameterCount, NULL);
9824 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
9826 proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetShareEnum");
9832 ParameterDescriptor = pd + loc_offset;
9834 if (si.request_val -> last_param_descrip) g_free(si.request_val -> last_param_descrip);
9835 si.request_val -> last_param_descrip = g_malloc(strlen(ParameterDescriptor) + 1);
9836 if (si.request_val -> last_param_descrip)
9837 strcpy(si.request_val -> last_param_descrip, ParameterDescriptor);
9841 proto_tree_add_text(lanman_tree, loc_offset, strlen(ParameterDescriptor) + 1, "Parameter Descriptor: %s", ParameterDescriptor);
9845 loc_offset += strlen(ParameterDescriptor) + 1;
9847 ReturnDescriptor = pd + loc_offset;
9849 if (si.request_val -> last_data_descrip) g_free(si.request_val -> last_data_descrip);
9850 si.request_val -> last_data_descrip = g_malloc(strlen(ReturnDescriptor) + 1);
9851 if (si.request_val -> last_data_descrip)
9852 strcpy(si.request_val -> last_data_descrip, ReturnDescriptor);
9856 proto_tree_add_text(lanman_tree, loc_offset, strlen(ReturnDescriptor) + 1, "Return Descriptor: %s", ReturnDescriptor);
9860 loc_offset += strlen(ReturnDescriptor) + 1;
9862 Level = GSHORT(pd, loc_offset);
9866 proto_tree_add_text(lanman_tree, loc_offset, 2, "Detail Level: %u", Level);
9872 RecvBufLen = GSHORT(pd, loc_offset);
9876 proto_tree_add_text(lanman_tree, loc_offset, 2, "Receive Buffer Length: %u", RecvBufLen);
9884 case NETSERVERENUM2: /* Process a NetServerEnum2 */
9886 if (check_col(fd, COL_INFO)) {
9888 col_add_fstr(fd, COL_INFO, "NetServerEnum2 %s", dirn ? "Request" : "Response");
9894 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, ParameterCount, NULL);
9895 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
9897 proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetServerEnum2");
9903 ParameterDescriptor = pd + loc_offset;
9905 /* Now, save these for later */
9907 if (si.request_val -> last_param_descrip) g_free(si.request_val -> last_param_descrip);
9908 si.request_val -> last_param_descrip = g_malloc(strlen(ParameterDescriptor) + 1);
9909 if (si.request_val -> last_param_descrip)
9910 strcpy(si.request_val -> last_param_descrip, ParameterDescriptor);
9914 proto_tree_add_text(lanman_tree, loc_offset, strlen(ParameterDescriptor) + 1, "Parameter Descriptor: %s", ParameterDescriptor);
9918 loc_offset += strlen(ParameterDescriptor) + 1;
9920 ReturnDescriptor = pd + loc_offset;
9922 if (si.request_val -> last_data_descrip) g_free(si.request_val -> last_data_descrip);
9924 si.request_val -> last_data_descrip = g_malloc(strlen(ReturnDescriptor) + 1);
9925 if (si.request_val -> last_data_descrip)
9926 strcpy(si.request_val -> last_data_descrip, ReturnDescriptor);
9930 proto_tree_add_text(lanman_tree, loc_offset, strlen(ReturnDescriptor) + 1, "Return Descriptor: %s", ReturnDescriptor);
9934 loc_offset += strlen(ReturnDescriptor) + 1;
9936 Level = GSHORT(pd, loc_offset);
9937 si.request_val -> last_level = Level;
9941 proto_tree_add_text(lanman_tree, loc_offset, 2, "Info Detail Level: %u", Level);
9947 RecvBufLen = GSHORT(pd, loc_offset);
9951 proto_tree_add_text(lanman_tree, loc_offset, 2, "Receive Buffer Length: %u", RecvBufLen);
9957 Flags = GWORD(pd, loc_offset);
9961 ti = proto_tree_add_text(lanman_tree, loc_offset, 4, "Server Types Required: 0x%08X", Flags);
9962 flags_tree = proto_item_add_subtree(ti, ett_browse_flags);
9963 dissect_server_flags(flags_tree, loc_offset, 4, Flags);
9972 default: /* Just try to handle what is there ... */
9974 dissect_transact_engine_init(pd, ParameterDescriptor, ReturnDescriptor, ParameterOffset, ParameterCount, DataOffset, DataCount);
9981 else { /* Dirn == 0, response */
9986 guint32 loc_offset = 0;
9988 proto_tree *server_tree = NULL, *flags_tree = NULL, *share_tree = NULL;
9990 FunctionCode = si.request_val -> last_lanman_cmd;
9992 switch (FunctionCode) {
9996 if (check_col(fd, COL_INFO)) {
9998 col_add_fstr(fd, COL_INFO, "NetShareEnum Response");
10004 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, END_OF_FRAME, NULL);
10005 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10007 proto_tree_add_text(lanman_tree, loc_offset, 0, "Function Code: NetShareEnum");
10011 loc_offset = SMB_offset + ParameterOffset;
10013 Status = GSHORT(pd, loc_offset);
10017 proto_tree_add_text(lanman_tree, loc_offset, 2, "Status: %u", Status);
10023 Convert = GSHORT(pd, loc_offset);
10027 proto_tree_add_text(lanman_tree, loc_offset, 2, "Convert: %u", Convert);
10033 EntCount = GSHORT(pd, loc_offset);
10037 proto_tree_add_text(lanman_tree, loc_offset, 2, "Entry Count: %u", EntCount);
10043 AvailCount = GSHORT(pd, loc_offset);
10047 proto_tree_add_text(lanman_tree, loc_offset, 2, "Available Entries: %u", AvailCount);
10055 ti = proto_tree_add_text(lanman_tree, loc_offset, AvailCount * 20, "Available Shares", NULL);
10057 share_tree = proto_item_add_subtree(ti, ett_lanman_shares);
10061 for (i = 1; i <= EntCount; i++) {
10062 const gchar *Share = pd + loc_offset;
10064 const gchar *Comment;
10065 proto_tree *share = NULL;
10066 proto_item *ti = NULL;
10070 ti = proto_tree_add_text(share_tree, loc_offset, 20, "Share %s", Share);
10071 share = proto_item_add_subtree(ti, ett_lanman_share);
10078 proto_tree_add_text(share, loc_offset, 13, "Share Name: %s", Share);
10084 while (loc_offset % 4)
10085 loc_offset += 1; /* Align to a word boundary ... */
10087 Flags = GSHORT(pd, loc_offset);
10091 proto_tree_add_text(share, loc_offset, 2, "Share Type: %u", Flags);
10097 Comment = pd + SMB_offset + DataOffset + (GWORD(pd, loc_offset) & 0xFFFF) - Convert;
10101 proto_tree_add_text(share, loc_offset, 4, "Share Comment: %s", Comment);
10111 case NETSERVERENUM2:
10113 if (check_col(fd, COL_INFO)) {
10115 col_add_fstr(fd, COL_INFO, "NetServerEnum2 %s", dirn ? "Request" : "Response");
10121 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, END_OF_FRAME, NULL);
10122 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10124 proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetServerEnum2");
10128 loc_offset = SMB_offset + ParameterOffset;
10129 Status = GSHORT(pd, loc_offset);
10133 proto_tree_add_text(lanman_tree, loc_offset, 2, "Status: %u", Status);
10139 Convert = GSHORT(pd, loc_offset);
10143 proto_tree_add_text(lanman_tree, loc_offset, 2, "Convert: %u", Convert);
10149 EntCount = GSHORT(pd, loc_offset);
10153 proto_tree_add_text(lanman_tree, loc_offset, 2, "Entry Count: %u", EntCount);
10159 AvailCount = GSHORT(pd, loc_offset);
10163 proto_tree_add_text(lanman_tree, loc_offset, 2, "Available Entries: %u", AvailCount);
10169 if (! BYTES_ARE_IN_FRAME(loc_offset, 26 * EntCount) ) {
10175 ti = proto_tree_add_text(lanman_tree, loc_offset, 26 * EntCount, "Servers");
10178 printf("Null value returned from proto_tree_add_text\n");
10183 server_tree = proto_item_add_subtree(ti, ett_lanman_servers);
10187 for (i = 1; i <= EntCount; i++) {
10188 const gchar *Server = pd + loc_offset;
10191 guint32 ServerFlags;
10192 const gchar *Comment;
10193 proto_tree *server = NULL;
10198 ti = proto_tree_add_text(server_tree, loc_offset,
10199 (si.request_val -> last_level) ? 26 : 16,
10200 "Server %s", Server);
10201 server = proto_item_add_subtree(ti, ett_lanman_server);
10208 proto_tree_add_text(server, loc_offset, 16, "Server Name: %s", Server);
10214 if (si.request_val -> last_level) { /* Print out the rest of the info */
10216 ServerMajor = GBYTE(pd, loc_offset);
10220 proto_tree_add_text(server, loc_offset, 1, "Major Version: %u", ServerMajor);
10226 ServerMinor = GBYTE(pd, loc_offset);
10230 proto_tree_add_text(server, loc_offset, 1, "Minor Version: %u", ServerMinor);
10236 ServerFlags = GWORD(pd, loc_offset);
10240 ti = proto_tree_add_text(server, loc_offset, 4, "Server Type: 0x%08X", ServerFlags);
10241 flags_tree = proto_item_add_subtree(ti, ett_browse_flags);
10242 dissect_server_flags(flags_tree, loc_offset, 4, ServerFlags);
10248 Comment = pd + SMB_offset + DataOffset + (GWORD(pd, loc_offset) & 0xFFFF) - Convert;
10252 proto_tree_add_text(server, loc_offset, 4, "Server Comment: %s", Comment);
10274 dissect_pipe_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount)
10277 if (strcmp(command, "LANMAN") == 0) { /* Try to decode a LANMAN */
10279 return dissect_pipe_lanman(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, command, DataOffset, DataCount, ParameterOffset, ParameterCount);
10287 char *browse_commands[] =
10288 { "Error, No such command!", /* Value 0 */
10289 "Host Announcement", /* Value 1 */
10290 "Request Announcement", /* Value 2 */
10291 "Error, No such command!", /* Value 3 */
10292 "Error, No such command!", /* Value 4 */
10293 "Error, No such command!", /* Value 5 */
10294 "Error, No such command!", /* Value 6 */
10295 "Error, No such command!", /* Value 7 */
10296 "Browser Election Request", /* Value 8 */
10297 "Get Backup List Request", /* Value 9 */
10298 "Get Backup List Response", /* Value 10 */
10299 "Become Backup Browser", /* Value 11 */
10300 "Domain/Workgroup Announcement", /* Value 12 */
10301 "Master Announcement", /* Value 13 */
10302 "Error! No such command", /* Value 14 */
10303 "Local Master Announcement" /* Value 15 */
10306 #define HOST_ANNOUNCE 1
10307 #define REQUEST_ANNOUNCE 2
10308 #define BROWSER_ELECTION 8
10309 #define GETBACKUPLISTREQ 9
10310 #define GETBACKUPLISTRESP 10
10311 #define BECOMEBACKUPBROWSER 11
10312 #define DOMAINANNOUNCEMENT 12
10313 #define MASTERANNOUNCEMENT 13
10314 #define LOCALMASTERANNOUNC 15
10316 char *svr_types[32] = {
10320 "Domain Controller",
10321 "Backup Controller",
10325 "Domain Member Server",
10326 "Print Queue Server",
10330 "Windows for Workgroups",
10331 "Unknown Server - FIXME",
10333 "Potential Browser",
10336 "Domain Master Browser",
10339 "Windows 95 or above",
10352 dissect_mailslot_browse(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount)
10355 guint8 UpdateCount;
10356 guint8 VersionMajor;
10357 guint8 VersionMinor;
10358 guint32 Periodicity;
10359 guint32 ServerType;
10360 guint16 SigConstant;
10362 guint8 BackupServerCount;
10365 guint8 ElectionVersion;
10366 guint32 ElectionCriteria;
10368 guint8 ElectionDesire;
10369 guint16 ElectionRevision;
10370 guint32 ServerUpTime;
10371 const char *ServerName;
10372 const char *ServerComment;
10373 proto_tree *browse_tree = NULL, *flags_tree = NULL,
10374 *OSflags = NULL, *DesireFlags = NULL;
10375 proto_item *ti, *ec;
10376 guint32 loc_offset = DataOffset, count = 0;
10379 if (check_col(fd, COL_PROTOCOL))
10380 col_add_str(fd, COL_PROTOCOL, "BROWSER");
10382 if (check_col(fd, COL_INFO)) /* Put in something, and replace it later */
10383 col_add_str(fd, COL_INFO, "Browse Announcement");
10386 * Now, decode the browse request
10389 OpCode = GBYTE(pd, loc_offset);
10391 if (check_col(fd, COL_INFO))
10392 col_add_fstr(fd, COL_INFO, (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command:%u" : browse_commands[OpCode], OpCode);
10394 if (tree) { /* Add the browse tree */
10396 ti = proto_tree_add_item(parent, proto_browse, DataOffset, DataCount, NULL);
10397 browse_tree = proto_item_add_subtree(ti, ett_browse);
10399 proto_tree_add_text(browse_tree, loc_offset, 1, "OpCode: %s", (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command" : browse_commands[OpCode]);
10403 loc_offset += 1; /* Skip the OpCode */
10407 case DOMAINANNOUNCEMENT:
10408 case LOCALMASTERANNOUNC:
10409 case HOST_ANNOUNCE:
10411 UpdateCount = GBYTE(pd, loc_offset);
10415 proto_tree_add_text(browse_tree, loc_offset, 1, "Update Count: %u", UpdateCount);
10419 loc_offset += 1; /* Skip the Update Count */
10421 Periodicity = GWORD(pd, loc_offset);
10425 proto_tree_add_text(browse_tree, loc_offset, 4, "Update Periodicity: %u Sec", Periodicity/1000 );
10431 ServerName = pd + loc_offset;
10433 if (check_col(fd, COL_INFO)) {
10435 col_append_fstr(fd, COL_INFO, " %s", ServerName);
10441 proto_tree_add_text(browse_tree, loc_offset, 16, (OpCode == DOMAINANNOUNCEMENT) ? "Domain/WorkGroup: %s": "Host Name: %s", ServerName);
10447 VersionMajor = GBYTE(pd, loc_offset);
10451 proto_tree_add_text(browse_tree, loc_offset, 1, "Major Version: %u", VersionMajor);
10457 VersionMinor = GBYTE(pd, loc_offset);
10461 proto_tree_add_text(browse_tree, loc_offset, 1, "Minor Version: %u", VersionMinor);
10467 ServerType = GWORD(pd, loc_offset);
10469 if (check_col(fd, COL_INFO)) {
10471 /* Append the type(s) of the system to the COL_INFO line ... */
10473 for (i = 1; i <= 32; i++) {
10475 if (ServerType & (1 << (i - 1)) && (strcmp("Unused", svr_types[i]) != 0))
10476 col_append_fstr(fd, COL_INFO, ", %s", svr_types[i - 1]);
10484 ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Server Type: 0x%04x", ServerType);
10485 flags_tree = proto_item_add_subtree(ti, ett_browse_flags);
10486 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10487 decode_boolean_bitfield(ServerType, 0x0001, 32, "Workstation", "Not Workstation"));
10488 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10489 decode_boolean_bitfield(ServerType, 0x0002, 32, "Server", "Not Server"));
10490 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10491 decode_boolean_bitfield(ServerType, 0x0004, 32, "SQL Server", "Not SQL Server"));
10492 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10493 decode_boolean_bitfield(ServerType, 0x0008, 32, "Domain Controller", "Not Domain Controller"));
10494 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10495 decode_boolean_bitfield(ServerType, 0x0010, 32, "Backup Controller", "Not Backup Controller"));
10496 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10497 decode_boolean_bitfield(ServerType, 0x0020, 32, "Time Source", "Not Time Source"));
10498 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10499 decode_boolean_bitfield(ServerType, 0x0040, 32, "Apple Server", "Not Apple Server"));
10500 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10501 decode_boolean_bitfield(ServerType, 0x0080, 32, "Novell Server", "Not Novell Server"));
10502 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10503 decode_boolean_bitfield(ServerType, 0x0100, 32, "Domain Member Server", "Not Domain Member Server"));
10504 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10505 decode_boolean_bitfield(ServerType, 0x0200, 32, "Print Queue Server", "Not Print Queue Server"));
10506 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10507 decode_boolean_bitfield(ServerType, 0x0400, 32, "Dialin Server", "Not Dialin Server"));
10508 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10509 decode_boolean_bitfield(ServerType, 0x0800, 32, "Xenix Server", "Not Xenix Server"));
10510 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10511 decode_boolean_bitfield(ServerType, 0x1000, 32, "NT Workstation", "Not NT Workstation"));
10512 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10513 decode_boolean_bitfield(ServerType, 0x2000, 32, "Windows for Workgroups", "Not Windows for Workgroups"));
10514 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10515 decode_boolean_bitfield(ServerType, 0x8000, 32, "NT Server", "Not NT Server"));
10516 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10517 decode_boolean_bitfield(ServerType, 0x10000, 32, "Potential Browser", "Not Potential Browser"));
10518 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10519 decode_boolean_bitfield(ServerType, 0x20000, 32, "Backup Browser", "Not Backup Browser"));
10520 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10521 decode_boolean_bitfield(ServerType, 0x40000, 32, "Master Browser", "Not Master Browser"));
10522 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10523 decode_boolean_bitfield(ServerType, 0x80000, 32, "Domain Master Browser", "Not Domain Master Browser"));
10524 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10525 decode_boolean_bitfield(ServerType, 0x100000, 32, "OSF", "Not OSF"));
10526 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10527 decode_boolean_bitfield(ServerType, 0x200000, 32, "VMS", "Not VMS"));
10528 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10529 decode_boolean_bitfield(ServerType, 0x400000, 32, "Windows 95 or above", "Not Windows 95 or above"));
10530 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10531 decode_boolean_bitfield(ServerType, 0x40000000, 32, "Local List Only", "Not Local List Only"));
10532 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10533 decode_boolean_bitfield(ServerType, 0x80000000, 32, "Domain Enum", "Not Domain Enum"));
10537 ElectionVersion = GSHORT(pd, loc_offset);
10541 proto_tree_add_text(browse_tree, loc_offset, 2, "Election Version: %u", ElectionVersion);
10547 SigConstant = GSHORT(pd, loc_offset);
10551 proto_tree_add_text(browse_tree, loc_offset, 2, "Signature: %u (0x%04X)", SigConstant, SigConstant);
10557 ServerComment = pd + loc_offset;
10561 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerComment) + 1, "Host Comment: %s", ServerComment);
10567 case REQUEST_ANNOUNCE:
10569 Flags = GBYTE(pd, loc_offset);
10573 proto_tree_add_text(browse_tree, loc_offset, 1, "Unused Flags: %u", Flags);
10579 ServerName = pd + loc_offset;
10583 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Send List To: %s", ServerName);
10589 case BROWSER_ELECTION:
10591 ElectionVersion = GBYTE(pd, loc_offset);
10595 proto_tree_add_text(browse_tree, loc_offset, 1, "Election Version = %u", ElectionVersion);
10601 ElectionCriteria = GWORD(pd, loc_offset);
10602 ElectionOS = GBYTE(pd, loc_offset + 3);
10603 ElectionRevision = GSHORT(pd, loc_offset + 1);
10604 ElectionDesire = GBYTE(pd, loc_offset);
10608 ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Election Criteria = %u (0x%08X)", ElectionCriteria, ElectionCriteria);
10610 ec = proto_item_add_subtree(ti, ett_browse_election_criteria);
10612 ti = proto_tree_add_text(ec, loc_offset + 3, 1, "Election OS Summary: %u (0x%02X)", ElectionOS, ElectionOS);
10614 OSflags = proto_item_add_subtree(ti, ett_browse_election_os);
10616 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
10617 decode_boolean_bitfield(ElectionOS, 0x01, 8, "Windows for Workgroups", "Not Windows for Workgroups"));
10619 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
10620 decode_boolean_bitfield(ElectionOS, 0x02, 8, "Unknown", "Not used"));
10622 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
10623 decode_boolean_bitfield(ElectionOS, 0x04, 8, "Unknown", "Not used"));
10625 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
10626 decode_boolean_bitfield(ElectionOS, 0x08, 8, "Unknown", "Not used"));
10628 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
10629 decode_boolean_bitfield(ElectionOS, 0x10, 8, "Windows NT Workstation", "Not Windows NT Workstation"));
10631 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
10632 decode_boolean_bitfield(ElectionOS, 0x20, 8, "Windows NT Server", "Not Windows NT Server"));
10634 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
10635 decode_boolean_bitfield(ElectionOS, 0x40, 8, "Unknown", "Not used"));
10637 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
10638 decode_boolean_bitfield(ElectionOS, 0x80, 8, "Unknown", "Not used"));
10640 proto_tree_add_text(ec, loc_offset + 1, 2, "Election Revision: %u (0x%04X)", ElectionRevision, ElectionRevision);
10642 ti = proto_tree_add_text(ec, loc_offset, 1, "Election Desire Summary: %u (0x%02X)", ElectionDesire, ElectionDesire);
10644 DesireFlags = proto_item_add_subtree(ti, ett_browse_election_desire);
10646 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
10647 decode_boolean_bitfield(ElectionDesire, 0x01, 8, "Backup Browse Server", "Not Backup Browse Server"));
10649 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
10650 decode_boolean_bitfield(ElectionDesire, 0x02, 8, "Standby Browse Server", "Not Standby Browse Server"));
10652 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
10653 decode_boolean_bitfield(ElectionDesire, 0x04, 8, "Master Browser", "Not Master Browser"));
10655 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
10656 decode_boolean_bitfield(ElectionDesire, 0x08, 8, "Domain Master Browse Server", "Not Domain Master Browse Server"));
10658 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
10659 decode_boolean_bitfield(ElectionDesire, 0x10, 8, "Unknown", "Not used"));
10661 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
10662 decode_boolean_bitfield(ElectionDesire, 0x20, 8, "WINS Client", "Not WINS Client"));
10664 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
10665 decode_boolean_bitfield(ElectionDesire, 0x40, 8, "Unknown", "Not used"));
10667 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
10668 decode_boolean_bitfield(ElectionDesire, 0x80, 8, "Windows NT Advanced Server", "Not Windows NT Advanced Server"));
10674 ServerUpTime = GWORD(pd, loc_offset);
10678 proto_tree_add_text(browse_tree, loc_offset, 4, "Server Up Time: %u Sec", ServerUpTime/1000);
10684 MBZ = GWORD(pd, loc_offset);
10688 ServerName = pd + loc_offset;
10692 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Election Server Name: %s", ServerName);
10698 case GETBACKUPLISTREQ:
10700 BackupServerCount = GBYTE(pd, loc_offset);
10704 proto_tree_add_text(browse_tree, loc_offset, 1, "Backup List Requested Count: %u", BackupServerCount);
10710 Token = GWORD(pd, loc_offset);
10714 proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Request Token: %u", Token);
10720 case GETBACKUPLISTRESP:
10722 BackupServerCount = GBYTE(pd, loc_offset);
10726 proto_tree_add_text(browse_tree, loc_offset, 1, "Backup Server Count: %u", BackupServerCount);
10732 Token = GWORD(pd, loc_offset);
10736 proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Response Token: %u", Token);
10742 ServerName = pd + loc_offset;
10744 for (count = 1; count <= BackupServerCount; count++) {
10748 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Backup Server: %s", ServerName);
10752 loc_offset += strlen(ServerName) + 1;
10754 ServerName = pd + loc_offset;
10760 case BECOMEBACKUPBROWSER:
10762 ServerName = pd + loc_offset;
10766 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Browser to Promote: %s", ServerName);
10772 case MASTERANNOUNCEMENT:
10774 ServerName = pd + loc_offset;
10778 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Server Name: %s", ServerName);
10788 return 1; /* Success */
10793 dissect_mailslot_net(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount)
10801 dissect_mailslot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount)
10804 if (strcmp(command, "BROWSE") == 0) { /* Decode a browse */
10806 return dissect_mailslot_browse(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, command, DataOffset, DataCount);
10813 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
10815 dissect_unknown_smb, /* unknown SMB 0x00 */
10816 dissect_unknown_smb, /* unknown SMB 0x01 */
10817 dissect_unknown_smb, /* SMBopen open a file */
10818 dissect_create_file_smb, /* SMBcreate create a file */
10819 dissect_close_smb, /* SMBclose close a file */
10820 dissect_flush_file_smb, /* SMBflush flush a file */
10821 dissect_delete_file_smb, /* SMBunlink delete a file */
10822 dissect_rename_file_smb, /* SMBmv rename a file */
10823 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
10824 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
10825 dissect_read_file_smb, /* SMBread read from a file */
10826 dissect_write_file_smb, /* SMBwrite write to a file */
10827 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
10828 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
10829 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
10830 dissect_unknown_smb, /* SMBmknew make a new file */
10831 dissect_checkdir_smb, /* SMBchkpth check a directory path */
10832 dissect_process_exit_smb, /* SMBexit process exit */
10833 dissect_unknown_smb, /* SMBlseek seek */
10834 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
10835 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
10836 dissect_unknown_smb, /* unknown SMB 0x15 */
10837 dissect_unknown_smb, /* unknown SMB 0x16 */
10838 dissect_unknown_smb, /* unknown SMB 0x17 */
10839 dissect_unknown_smb, /* unknown SMB 0x18 */
10840 dissect_unknown_smb, /* unknown SMB 0x19 */
10841 dissect_read_raw_smb, /* SMBreadBraw read block raw */
10842 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
10843 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
10844 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
10845 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
10846 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
10847 dissect_unknown_smb, /* SMBwriteC write complete response */
10848 dissect_unknown_smb, /* unknown SMB 0x21 */
10849 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
10850 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
10851 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
10852 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
10853 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
10854 dissect_unknown_smb, /* SMBioctl IOCTL */
10855 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
10856 dissect_unknown_smb, /* SMBcopy copy */
10857 dissect_move_smb, /* SMBmove move */
10858 dissect_unknown_smb, /* SMBecho echo */
10859 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
10860 dissect_open_andx_smb, /* SMBopenX open and X */
10861 dissect_unknown_smb, /* SMBreadX read and X */
10862 dissect_unknown_smb, /* SMBwriteX write and X */
10863 dissect_unknown_smb, /* unknown SMB 0x30 */
10864 dissect_unknown_smb, /* unknown SMB 0x31 */
10865 dissect_transact2_smb, /* unknown SMB 0x32 */
10866 dissect_unknown_smb, /* unknown SMB 0x33 */
10867 dissect_find_close2_smb, /* unknown SMB 0x34 */
10868 dissect_unknown_smb, /* unknown SMB 0x35 */
10869 dissect_unknown_smb, /* unknown SMB 0x36 */
10870 dissect_unknown_smb, /* unknown SMB 0x37 */
10871 dissect_unknown_smb, /* unknown SMB 0x38 */
10872 dissect_unknown_smb, /* unknown SMB 0x39 */
10873 dissect_unknown_smb, /* unknown SMB 0x3a */
10874 dissect_unknown_smb, /* unknown SMB 0x3b */
10875 dissect_unknown_smb, /* unknown SMB 0x3c */
10876 dissect_unknown_smb, /* unknown SMB 0x3d */
10877 dissect_unknown_smb, /* unknown SMB 0x3e */
10878 dissect_unknown_smb, /* unknown SMB 0x3f */
10879 dissect_unknown_smb, /* unknown SMB 0x40 */
10880 dissect_unknown_smb, /* unknown SMB 0x41 */
10881 dissect_unknown_smb, /* unknown SMB 0x42 */
10882 dissect_unknown_smb, /* unknown SMB 0x43 */
10883 dissect_unknown_smb, /* unknown SMB 0x44 */
10884 dissect_unknown_smb, /* unknown SMB 0x45 */
10885 dissect_unknown_smb, /* unknown SMB 0x46 */
10886 dissect_unknown_smb, /* unknown SMB 0x47 */
10887 dissect_unknown_smb, /* unknown SMB 0x48 */
10888 dissect_unknown_smb, /* unknown SMB 0x49 */
10889 dissect_unknown_smb, /* unknown SMB 0x4a */
10890 dissect_unknown_smb, /* unknown SMB 0x4b */
10891 dissect_unknown_smb, /* unknown SMB 0x4c */
10892 dissect_unknown_smb, /* unknown SMB 0x4d */
10893 dissect_unknown_smb, /* unknown SMB 0x4e */
10894 dissect_unknown_smb, /* unknown SMB 0x4f */
10895 dissect_unknown_smb, /* unknown SMB 0x50 */
10896 dissect_unknown_smb, /* unknown SMB 0x51 */
10897 dissect_unknown_smb, /* unknown SMB 0x52 */
10898 dissect_unknown_smb, /* unknown SMB 0x53 */
10899 dissect_unknown_smb, /* unknown SMB 0x54 */
10900 dissect_unknown_smb, /* unknown SMB 0x55 */
10901 dissect_unknown_smb, /* unknown SMB 0x56 */
10902 dissect_unknown_smb, /* unknown SMB 0x57 */
10903 dissect_unknown_smb, /* unknown SMB 0x58 */
10904 dissect_unknown_smb, /* unknown SMB 0x59 */
10905 dissect_unknown_smb, /* unknown SMB 0x5a */
10906 dissect_unknown_smb, /* unknown SMB 0x5b */
10907 dissect_unknown_smb, /* unknown SMB 0x5c */
10908 dissect_unknown_smb, /* unknown SMB 0x5d */
10909 dissect_unknown_smb, /* unknown SMB 0x5e */
10910 dissect_unknown_smb, /* unknown SMB 0x5f */
10911 dissect_unknown_smb, /* unknown SMB 0x60 */
10912 dissect_unknown_smb, /* unknown SMB 0x61 */
10913 dissect_unknown_smb, /* unknown SMB 0x62 */
10914 dissect_unknown_smb, /* unknown SMB 0x63 */
10915 dissect_unknown_smb, /* unknown SMB 0x64 */
10916 dissect_unknown_smb, /* unknown SMB 0x65 */
10917 dissect_unknown_smb, /* unknown SMB 0x66 */
10918 dissect_unknown_smb, /* unknown SMB 0x67 */
10919 dissect_unknown_smb, /* unknown SMB 0x68 */
10920 dissect_unknown_smb, /* unknown SMB 0x69 */
10921 dissect_unknown_smb, /* unknown SMB 0x6a */
10922 dissect_unknown_smb, /* unknown SMB 0x6b */
10923 dissect_unknown_smb, /* unknown SMB 0x6c */
10924 dissect_unknown_smb, /* unknown SMB 0x6d */
10925 dissect_unknown_smb, /* unknown SMB 0x6e */
10926 dissect_unknown_smb, /* unknown SMB 0x6f */
10927 dissect_treecon_smb, /* SMBtcon tree connect */
10928 dissect_tdis_smb, /* SMBtdis tree disconnect */
10929 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
10930 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
10931 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
10932 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
10933 dissect_unknown_smb, /* unknown SMB 0x76 */
10934 dissect_unknown_smb, /* unknown SMB 0x77 */
10935 dissect_unknown_smb, /* unknown SMB 0x78 */
10936 dissect_unknown_smb, /* unknown SMB 0x79 */
10937 dissect_unknown_smb, /* unknown SMB 0x7a */
10938 dissect_unknown_smb, /* unknown SMB 0x7b */
10939 dissect_unknown_smb, /* unknown SMB 0x7c */
10940 dissect_unknown_smb, /* unknown SMB 0x7d */
10941 dissect_unknown_smb, /* unknown SMB 0x7e */
10942 dissect_unknown_smb, /* unknown SMB 0x7f */
10943 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
10944 dissect_search_dir_smb, /* SMBsearch search a directory */
10945 dissect_unknown_smb, /* SMBffirst find first */
10946 dissect_unknown_smb, /* SMBfunique find unique */
10947 dissect_unknown_smb, /* SMBfclose find close */
10948 dissect_unknown_smb, /* unknown SMB 0x85 */
10949 dissect_unknown_smb, /* unknown SMB 0x86 */
10950 dissect_unknown_smb, /* unknown SMB 0x87 */
10951 dissect_unknown_smb, /* unknown SMB 0x88 */
10952 dissect_unknown_smb, /* unknown SMB 0x89 */
10953 dissect_unknown_smb, /* unknown SMB 0x8a */
10954 dissect_unknown_smb, /* unknown SMB 0x8b */
10955 dissect_unknown_smb, /* unknown SMB 0x8c */
10956 dissect_unknown_smb, /* unknown SMB 0x8d */
10957 dissect_unknown_smb, /* unknown SMB 0x8e */
10958 dissect_unknown_smb, /* unknown SMB 0x8f */
10959 dissect_unknown_smb, /* unknown SMB 0x90 */
10960 dissect_unknown_smb, /* unknown SMB 0x91 */
10961 dissect_unknown_smb, /* unknown SMB 0x92 */
10962 dissect_unknown_smb, /* unknown SMB 0x93 */
10963 dissect_unknown_smb, /* unknown SMB 0x94 */
10964 dissect_unknown_smb, /* unknown SMB 0x95 */
10965 dissect_unknown_smb, /* unknown SMB 0x96 */
10966 dissect_unknown_smb, /* unknown SMB 0x97 */
10967 dissect_unknown_smb, /* unknown SMB 0x98 */
10968 dissect_unknown_smb, /* unknown SMB 0x99 */
10969 dissect_unknown_smb, /* unknown SMB 0x9a */
10970 dissect_unknown_smb, /* unknown SMB 0x9b */
10971 dissect_unknown_smb, /* unknown SMB 0x9c */
10972 dissect_unknown_smb, /* unknown SMB 0x9d */
10973 dissect_unknown_smb, /* unknown SMB 0x9e */
10974 dissect_unknown_smb, /* unknown SMB 0x9f */
10975 dissect_unknown_smb, /* unknown SMB 0xa0 */
10976 dissect_unknown_smb, /* unknown SMB 0xa1 */
10977 dissect_unknown_smb, /* unknown SMB 0xa2 */
10978 dissect_unknown_smb, /* unknown SMB 0xa3 */
10979 dissect_unknown_smb, /* unknown SMB 0xa4 */
10980 dissect_unknown_smb, /* unknown SMB 0xa5 */
10981 dissect_unknown_smb, /* unknown SMB 0xa6 */
10982 dissect_unknown_smb, /* unknown SMB 0xa7 */
10983 dissect_unknown_smb, /* unknown SMB 0xa8 */
10984 dissect_unknown_smb, /* unknown SMB 0xa9 */
10985 dissect_unknown_smb, /* unknown SMB 0xaa */
10986 dissect_unknown_smb, /* unknown SMB 0xab */
10987 dissect_unknown_smb, /* unknown SMB 0xac */
10988 dissect_unknown_smb, /* unknown SMB 0xad */
10989 dissect_unknown_smb, /* unknown SMB 0xae */
10990 dissect_unknown_smb, /* unknown SMB 0xaf */
10991 dissect_unknown_smb, /* unknown SMB 0xb0 */
10992 dissect_unknown_smb, /* unknown SMB 0xb1 */
10993 dissect_unknown_smb, /* unknown SMB 0xb2 */
10994 dissect_unknown_smb, /* unknown SMB 0xb3 */
10995 dissect_unknown_smb, /* unknown SMB 0xb4 */
10996 dissect_unknown_smb, /* unknown SMB 0xb5 */
10997 dissect_unknown_smb, /* unknown SMB 0xb6 */
10998 dissect_unknown_smb, /* unknown SMB 0xb7 */
10999 dissect_unknown_smb, /* unknown SMB 0xb8 */
11000 dissect_unknown_smb, /* unknown SMB 0xb9 */
11001 dissect_unknown_smb, /* unknown SMB 0xba */
11002 dissect_unknown_smb, /* unknown SMB 0xbb */
11003 dissect_unknown_smb, /* unknown SMB 0xbc */
11004 dissect_unknown_smb, /* unknown SMB 0xbd */
11005 dissect_unknown_smb, /* unknown SMB 0xbe */
11006 dissect_unknown_smb, /* unknown SMB 0xbf */
11007 dissect_unknown_smb, /* SMBsplopen open a print spool file */
11008 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
11009 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
11010 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
11011 dissect_unknown_smb, /* unknown SMB 0xc4 */
11012 dissect_unknown_smb, /* unknown SMB 0xc5 */
11013 dissect_unknown_smb, /* unknown SMB 0xc6 */
11014 dissect_unknown_smb, /* unknown SMB 0xc7 */
11015 dissect_unknown_smb, /* unknown SMB 0xc8 */
11016 dissect_unknown_smb, /* unknown SMB 0xc9 */
11017 dissect_unknown_smb, /* unknown SMB 0xca */
11018 dissect_unknown_smb, /* unknown SMB 0xcb */
11019 dissect_unknown_smb, /* unknown SMB 0xcc */
11020 dissect_unknown_smb, /* unknown SMB 0xcd */
11021 dissect_unknown_smb, /* unknown SMB 0xce */
11022 dissect_unknown_smb, /* unknown SMB 0xcf */
11023 dissect_unknown_smb, /* SMBsends send a single block message */
11024 dissect_unknown_smb, /* SMBsendb send a broadcast message */
11025 dissect_unknown_smb, /* SMBfwdname forward user name */
11026 dissect_unknown_smb, /* SMBcancelf cancel forward */
11027 dissect_unknown_smb, /* SMBgetmac get a machine name */
11028 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
11029 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
11030 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
11031 dissect_unknown_smb, /* unknown SMB 0xd8 */
11032 dissect_unknown_smb, /* unknown SMB 0xd9 */
11033 dissect_unknown_smb, /* unknown SMB 0xda */
11034 dissect_unknown_smb, /* unknown SMB 0xdb */
11035 dissect_unknown_smb, /* unknown SMB 0xdc */
11036 dissect_unknown_smb, /* unknown SMB 0xdd */
11037 dissect_unknown_smb, /* unknown SMB 0xde */
11038 dissect_unknown_smb, /* unknown SMB 0xdf */
11039 dissect_unknown_smb, /* unknown SMB 0xe0 */
11040 dissect_unknown_smb, /* unknown SMB 0xe1 */
11041 dissect_unknown_smb, /* unknown SMB 0xe2 */
11042 dissect_unknown_smb, /* unknown SMB 0xe3 */
11043 dissect_unknown_smb, /* unknown SMB 0xe4 */
11044 dissect_unknown_smb, /* unknown SMB 0xe5 */
11045 dissect_unknown_smb, /* unknown SMB 0xe6 */
11046 dissect_unknown_smb, /* unknown SMB 0xe7 */
11047 dissect_unknown_smb, /* unknown SMB 0xe8 */
11048 dissect_unknown_smb, /* unknown SMB 0xe9 */
11049 dissect_unknown_smb, /* unknown SMB 0xea */
11050 dissect_unknown_smb, /* unknown SMB 0xeb */
11051 dissect_unknown_smb, /* unknown SMB 0xec */
11052 dissect_unknown_smb, /* unknown SMB 0xed */
11053 dissect_unknown_smb, /* unknown SMB 0xee */
11054 dissect_unknown_smb, /* unknown SMB 0xef */
11055 dissect_unknown_smb, /* unknown SMB 0xf0 */
11056 dissect_unknown_smb, /* unknown SMB 0xf1 */
11057 dissect_unknown_smb, /* unknown SMB 0xf2 */
11058 dissect_unknown_smb, /* unknown SMB 0xf3 */
11059 dissect_unknown_smb, /* unknown SMB 0xf4 */
11060 dissect_unknown_smb, /* unknown SMB 0xf5 */
11061 dissect_unknown_smb, /* unknown SMB 0xf6 */
11062 dissect_unknown_smb, /* unknown SMB 0xf7 */
11063 dissect_unknown_smb, /* unknown SMB 0xf8 */
11064 dissect_unknown_smb, /* unknown SMB 0xf9 */
11065 dissect_unknown_smb, /* unknown SMB 0xfa */
11066 dissect_unknown_smb, /* unknown SMB 0xfb */
11067 dissect_unknown_smb, /* unknown SMB 0xfc */
11068 dissect_unknown_smb, /* unknown SMB 0xfd */
11069 dissect_unknown_smb, /* SMBinvalid invalid command */
11070 dissect_unknown_smb /* unknown SMB 0xff */
11074 static const value_string errcls_types[] = {
11075 { SMB_SUCCESS, "Success"},
11076 { SMB_ERRDOS, "DOS Error"},
11077 { SMB_ERRSRV, "Server Error"},
11078 { SMB_ERRHRD, "Hardware Error"},
11079 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
11083 char *decode_smb_name(unsigned char cmd)
11086 return(SMB_names[cmd]);
11090 static const value_string DOS_errors[] = {
11091 {SMBE_badfunc, "Invalid function (or system call)"},
11092 {SMBE_badfile, "File not found (pathname error)"},
11093 {SMBE_badpath, "Directory not found"},
11094 {SMBE_nofids, "Too many open files"},
11095 {SMBE_noaccess, "Access denied"},
11096 {SMBE_badfid, "Invalid fid"},
11097 {SMBE_nomem, "Out of memory"},
11098 {SMBE_badmem, "Invalid memory block address"},
11099 {SMBE_badenv, "Invalid environment"},
11100 {SMBE_badaccess, "Invalid open mode"},
11101 {SMBE_baddata, "Invalid data (only from ioctl call)"},
11102 {SMBE_res, "Reserved error code?"},
11103 {SMBE_baddrive, "Invalid drive"},
11104 {SMBE_remcd, "Attempt to delete current directory"},
11105 {SMBE_diffdevice, "Rename/move across different filesystems"},
11106 {SMBE_nofiles, "no more files found in file search"},
11107 {SMBE_badshare, "Share mode on file conflict with open mode"},
11108 {SMBE_lock, "Lock request conflicts with existing lock"},
11109 {SMBE_unsup, "Request unsupported, returned by Win 95"},
11110 {SMBE_filexists, "File in operation already exists"},
11111 {SMBE_cannotopen, "Cannot open the file specified"},
11112 {SMBE_unknownlevel, "Unknown level??"},
11113 {SMBE_badpipe, "Named pipe invalid"},
11114 {SMBE_pipebusy, "All instances of pipe are busy"},
11115 {SMBE_pipeclosing, "Named pipe close in progress"},
11116 {SMBE_notconnected, "No process on other end of named pipe"},
11117 {SMBE_moredata, "More data to be returned"},
11118 {SMBE_baddirectory, "Invalid directory name in a path."},
11119 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
11120 {SMBE_eas_nsup, "Extended attributes not supported"},
11121 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
11122 {SMBE_unknownipc, "Unknown IPC Operation"},
11123 {SMBE_noipc, "Don't support ipc"},
11127 /* Error codes for the ERRSRV class */
11129 static const value_string SRV_errors[] = {
11130 {SMBE_error, "Non specific error code"},
11131 {SMBE_badpw, "Bad password"},
11132 {SMBE_badtype, "Reserved"},
11133 {SMBE_access, "No permissions to perform the requested operation"},
11134 {SMBE_invnid, "TID invalid"},
11135 {SMBE_invnetname, "Invalid network name. Service not found"},
11136 {SMBE_invdevice, "Invalid device"},
11137 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
11138 {SMBE_qfull, "Print queue full"},
11139 {SMBE_qtoobig, "Queued item too big"},
11140 {SMBE_qeof, "EOF on print queue dump"},
11141 {SMBE_invpfid, "Invalid print file in smb_fid"},
11142 {SMBE_smbcmd, "Unrecognised command"},
11143 {SMBE_srverror, "SMB server internal error"},
11144 {SMBE_filespecs, "Fid and pathname invalid combination"},
11145 {SMBE_badlink, "Bad link in request ???"},
11146 {SMBE_badpermits, "Access specified for a file is not valid"},
11147 {SMBE_badpid, "Bad process id in request"},
11148 {SMBE_setattrmode, "Attribute mode invalid"},
11149 {SMBE_paused, "Message server paused"},
11150 {SMBE_msgoff, "Not receiving messages"},
11151 {SMBE_noroom, "No room for message"},
11152 {SMBE_rmuns, "Too many remote usernames"},
11153 {SMBE_timeout, "Operation timed out"},
11154 {SMBE_noresource, "No resources currently available for request."},
11155 {SMBE_toomanyuids, "Too many userids"},
11156 {SMBE_baduid, "Bad userid"},
11157 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
11158 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
11159 {SMBE_contMPX, "Resume MPX mode"},
11160 {SMBE_badPW, "Bad Password???"},
11161 {SMBE_nosupport, "Operation not supported???"},
11165 /* Error codes for the ERRHRD class */
11167 static const value_string HRD_errors[] = {
11168 {SMBE_nowrite, "read only media"},
11169 {SMBE_badunit, "Unknown device"},
11170 {SMBE_notready, "Drive not ready"},
11171 {SMBE_badcmd, "Unknown command"},
11172 {SMBE_data, "Data (CRC) error"},
11173 {SMBE_badreq, "Bad request structure length"},
11174 {SMBE_seek, "Seek error???"},
11175 {SMBE_badmedia, "Bad media???"},
11176 {SMBE_badsector, "Bad sector???"},
11177 {SMBE_nopaper, "No paper in printer???"},
11178 {SMBE_write, "Write error???"},
11179 {SMBE_read, "Read error???"},
11180 {SMBE_general, "General error???"},
11181 {SMBE_badshare, "A open conflicts with an existing open"},
11182 {SMBE_lock, "Lock/unlock error"},
11183 {SMBE_wrongdisk, "Wrong disk???"},
11184 {SMBE_FCBunavail, "FCB unavailable???"},
11185 {SMBE_sharebufexc, "Share buffer excluded???"},
11186 {SMBE_diskfull, "Disk full???"},
11190 char *decode_smb_error(guint8 errcls, guint8 errcode)
11197 return("No Error"); /* No error ??? */
11202 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
11207 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
11212 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
11217 return("Unknown error class!");
11223 #define SMB_FLAGS_DIRN 0x80
11226 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
11228 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
11229 proto_item *ti, *tf;
11230 guint8 cmd, errcls, errcode1, flags;
11231 guint16 flags2, errcode, tid, pid, uid, mid;
11232 int SMB_offset = offset;
11233 struct smb_info si;
11237 cmd = pd[offset + SMB_hdr_com_offset];
11239 if (check_col(fd, COL_PROTOCOL))
11240 col_add_str(fd, COL_PROTOCOL, "SMB");
11242 /* Hmmm, poor coding here ... Also, should check the type */
11244 if (check_col(fd, COL_INFO)) {
11246 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
11252 ti = proto_tree_add_item(tree, proto_smb, offset, END_OF_FRAME, NULL);
11253 smb_tree = proto_item_add_subtree(ti, ett_smb);
11255 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
11256 * component ... SMB is only one used
11259 proto_tree_add_text(smb_tree, offset, 1, "Message Type: 0xFF");
11260 proto_tree_add_text(smb_tree, offset+1, 3, "Server Component: SMB");
11264 offset += 4; /* Skip the marker */
11268 proto_tree_add_text(smb_tree, offset, 1, "Command: %s", decode_smb_name(cmd));
11274 /* Next, look at the error class, SMB_RETCLASS */
11276 errcls = pd[offset];
11280 proto_tree_add_text(smb_tree, offset, 1, "Error Class: %s",
11281 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
11286 /* Error code, SMB_HEINFO ... */
11288 errcode1 = pd[offset];
11292 proto_tree_add_text(smb_tree, offset, 1, "Reserved: %i", errcode1);
11298 errcode = GSHORT(pd, offset);
11302 proto_tree_add_text(smb_tree, offset, 2, "Error Code: %s",
11303 decode_smb_error(errcls, errcode));
11309 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
11311 flags = pd[offset];
11315 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags: 0x%02x", flags);
11317 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
11318 proto_tree_add_text(flags_tree, offset, 1, "%s",
11319 decode_boolean_bitfield(flags, 0x01, 8,
11320 "Lock&Read, Write&Unlock supported",
11321 "Lock&Read, Write&Unlock not supported"));
11322 proto_tree_add_text(flags_tree, offset, 1, "%s",
11323 decode_boolean_bitfield(flags, 0x02, 8,
11324 "Receive buffer posted",
11325 "Receive buffer not posted"));
11326 proto_tree_add_text(flags_tree, offset, 1, "%s",
11327 decode_boolean_bitfield(flags, 0x08, 8,
11328 "Path names caseless",
11329 "Path names case sensitive"));
11330 proto_tree_add_text(flags_tree, offset, 1, "%s",
11331 decode_boolean_bitfield(flags, 0x10, 8,
11332 "Pathnames canonicalized",
11333 "Pathnames not canonicalized"));
11334 proto_tree_add_text(flags_tree, offset, 1, "%s",
11335 decode_boolean_bitfield(flags, 0x20, 8,
11336 "OpLocks requested/granted",
11337 "OpLocks not requested/granted"));
11338 proto_tree_add_text(flags_tree, offset, 1, "%s",
11339 decode_boolean_bitfield(flags, 0x40, 8,
11341 "Notify open only"));
11343 proto_tree_add_text(flags_tree, offset, 1, "%s",
11344 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
11345 8, "Response to client/redirector", "Request to server"));
11351 flags2 = GSHORT(pd, offset);
11355 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags2: 0x%04x", flags2);
11357 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
11358 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11359 decode_boolean_bitfield(flags2, 0x0001, 16,
11360 "Long file names supported",
11361 "Long file names not supported"));
11362 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11363 decode_boolean_bitfield(flags2, 0x0002, 16,
11364 "Extended attributes supported",
11365 "Extended attributes not supported"));
11366 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11367 decode_boolean_bitfield(flags2, 0x0004, 16,
11368 "Security signatures supported",
11369 "Security signatures not supported"));
11370 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11371 decode_boolean_bitfield(flags2, 0x0800, 16,
11372 "Extended security negotiation supported",
11373 "Extended security negotiation not supported"));
11374 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11375 decode_boolean_bitfield(flags2, 0x1000, 16,
11376 "Resolve pathnames with DFS",
11377 "Don't resolve pathnames with DFS"));
11378 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11379 decode_boolean_bitfield(flags2, 0x2000, 16,
11380 "Permit reads if execute-only",
11381 "Don't permit reads if execute-only"));
11382 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11383 decode_boolean_bitfield(flags2, 0x4000, 16,
11384 "Error codes are NT error codes",
11385 "Error codes are DOS error codes"));
11386 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11387 decode_boolean_bitfield(flags2, 0x8000, 16,
11388 "Strings are Unicode",
11389 "Strings are ASCII"));
11393 if (flags2 & 0x8000) si.unicode = 1; /* Mark them as Unicode */
11399 proto_tree_add_text(smb_tree, offset, 12, "Reserved: 6 WORDS");
11405 /* Now the TID, tree ID */
11407 tid = GSHORT(pd, offset);
11412 proto_tree_add_text(smb_tree, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
11418 /* Now the PID, Process ID */
11420 pid = GSHORT(pd, offset);
11425 proto_tree_add_text(smb_tree, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
11431 /* Now the UID, User ID */
11433 uid = GSHORT(pd, offset);
11438 proto_tree_add_text(smb_tree, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
11444 /* Now the MID, Multiplex ID */
11446 mid = GSHORT(pd, offset);
11451 proto_tree_add_text(smb_tree, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
11457 /* Now vector through the table to dissect them */
11459 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
11460 ((flags & 0x80) == 0));
11466 proto_register_smb(void)
11468 /* static hf_register_info hf[] = {
11470 { "Name", "smb.abbreviation", TYPE, VALS_POINTER }},
11472 static gint *ett[] = {
11474 &ett_smb_fileattributes,
11475 &ett_smb_capabilities,
11482 &ett_smb_desiredaccess,
11485 &ett_smb_openfunction,
11488 &ett_smb_writemode,
11489 &ett_smb_lock_type,
11492 &ett_browse_election_criteria,
11493 &ett_browse_election_os,
11494 &ett_browse_election_desire,
11496 &ett_lanman_servers,
11497 &ett_lanman_server,
11498 &ett_lanman_shares,
11502 proto_smb = proto_register_protocol("Server Message Block Protocol", "smb");
11503 proto_browse = proto_register_protocol("Microsoft Windows Browser Protocol", "browser");
11504 proto_lanman = proto_register_protocol("Microsoft Windows LanMan Protocol", "lanman");
11505 /* proto_register_field_array(proto_smb, hf, array_length(hf));*/
11506 proto_register_subtree_array(ett, array_length(ett));
11507 register_init_routine(&smb_init_protocol);
git.samba.org / obnox / wireshark / wip.git / blob