2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.43 1999/11/18 07:32:46 sharpe Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@unicom.net>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
46 #include "conversation.h"
48 #include "alignment.h"
50 static int proto_smb = -1;
52 static gint ett_smb = -1;
53 static gint ett_smb_fileattributes = -1;
54 static gint ett_smb_capabilities = -1;
55 static gint ett_smb_aflags = -1;
56 static gint ett_smb_dialects = -1;
57 static gint ett_smb_mode = -1;
58 static gint ett_smb_rawmode = -1;
59 static gint ett_smb_flags = -1;
60 static gint ett_smb_flags2 = -1;
61 static gint ett_smb_desiredaccess = -1;
62 static gint ett_smb_search = -1;
63 static gint ett_smb_file = -1;
64 static gint ett_smb_openfunction = -1;
65 static gint ett_smb_filetype = -1;
66 static gint ett_smb_action = -1;
67 static gint ett_smb_writemode = -1;
68 static gint ett_smb_lock_type = -1;
70 static int proto_browse = -1;
72 static gint ett_browse = -1;
73 static gint ett_browse_flags = -1;
74 static gint ett_browse_election_criteria = -1;
75 static gint ett_browse_election_os = -1;
76 static gint ett_browse_election_desire = -1;
79 * Struct passed to each SMB decode routine of info it may need
83 int tid, uid, mid, pid; /* Any more? */
86 char *decode_smb_name(unsigned char);
88 int smb_packet_init_count = 200;
90 struct smb_request_key {
95 struct smb_request_val {
96 guint16 last_transact2_command;
97 gchar *last_transact_command;
101 GHashTable *smb_request_hash = NULL;
102 GMemChunk *smb_request_keys = NULL;
103 GMemChunk *smb_request_vals = NULL;
107 smb_equal(gconstpointer v, gconstpointer w)
109 struct smb_request_key *v1 = (struct smb_request_key *)v;
110 struct smb_request_key *v2 = (struct smb_request_key *)w;
112 #if defined(DEBUG_SMB_HASH)
113 printf("Comparing %08X:%u\n and %08X:%u\n",
114 v1 -> conversation, v1 -> mid,
115 v2 -> conversation, v2 -> mid);
118 if (v1 -> conversation == v2 -> conversation &&
119 v1 -> mid == v2 -> mid) {
129 smb_hash (gconstpointer v)
131 struct smb_request_key *key = (struct smb_request_key *)v;
134 val = key -> conversation + key -> mid;
136 #if defined(DEBUG_SMB_HASH)
137 printf("SMB Hash calculated as %u\n", val);
145 * Free up any state information we've saved, and re-initialize the
146 * tables of state information.
149 smb_init_protocol(void)
151 #if defined(DEBUG_SMB_HASH)
152 printf("Initializing SMB hashtable area\n");
155 if (smb_request_hash)
156 g_hash_table_destroy(smb_request_hash);
157 if (smb_request_keys)
158 g_mem_chunk_destroy(smb_request_keys);
159 if (smb_request_vals)
160 g_mem_chunk_destroy(smb_request_vals);
162 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
163 smb_request_keys = g_mem_chunk_new("smb_request_keys",
164 sizeof(struct smb_request_key),
165 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
166 smb_request_vals = g_mem_chunk_new("smb_request_vals",
167 sizeof(struct smb_request_val),
168 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
171 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
173 char *SMB_names[256] = {
174 "SMBcreatedirectory",
175 "SMBdeletedirectory",
223 "SMBcloseandtreedisc",
225 "SMBtrans2secondary",
227 "SMBfindnotifyclose",
335 "SMBnttransactsecondary",
433 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
438 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data (%u bytes)",
446 * Dissect a UNIX like date ...
452 dissect_smbu_date(guint16 date, guint16 time)
455 static char datebuf[4+2+2+2+1];
456 time_t ltime = (date << 16) + time;
458 gtime = gmtime(<ime);
459 sprintf(datebuf, "%04d-%02d-%02d",
460 1900 + (gtime -> tm_year), gtime -> tm_mon, gtime -> tm_mday);
470 dissect_smbu_time(guint16 date, guint16 time)
473 static char timebuf[2+2+2+2+1];
475 sprintf(timebuf, "%02d:%02d:%02d",
476 gtime -> tm_hour, gtime -> tm_min, gtime -> tm_sec);
483 * Dissect a DOS-format date.
486 dissect_dos_date(guint16 date)
488 static char datebuf[4+2+2+1];
490 sprintf(datebuf, "%04d-%02d-%02d",
491 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
496 * Dissect a DOS-format time.
499 dissect_dos_time(guint16 time)
501 static char timebuf[2+2+2+1];
503 sprintf(timebuf, "%02d:%02d:%02d",
504 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
508 /* Max string length for displaying Unicode strings. */
509 #define MAX_UNICODE_STR_LEN 256
511 /* Turn a little-endian Unicode '\0'-terminated string into a string we
513 XXX - for now, we just handle the ISO 8859-1 characters. */
515 unicode_to_str(const guint8 *us, int *us_lenp) {
516 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
523 if (cur == &str[0][0]) {
525 } else if (cur == &str[1][0]) {
531 len = MAX_UNICODE_STR_LEN;
533 while (*us != 0 || *(us + 1) != 0) {
543 /* Note that we're not showing the full string. */
554 * Each dissect routine is passed an offset to wct and works from there
558 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
565 if (dirn == 1) { /* Request(s) dissect code */
567 /* Build display for: Word Count (WCT) */
569 WordCount = GBYTE(pd, offset);
573 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
577 offset += 1; /* Skip Word Count (WCT) */
579 /* Build display for: FID */
581 FID = GSHORT(pd, offset);
585 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
589 offset += 2; /* Skip FID */
591 /* Build display for: Byte Count */
593 ByteCount = GSHORT(pd, offset);
597 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
601 offset += 2; /* Skip Byte Count */
605 if (dirn == 0) { /* Response(s) dissect code */
607 /* Build display for: Word Count (WCT) */
609 WordCount = GBYTE(pd, offset);
613 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
617 offset += 1; /* Skip Word Count (WCT) */
619 /* Build display for: Byte Count (BCC) */
621 ByteCount = GSHORT(pd, offset);
625 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
629 offset += 2; /* Skip Byte Count (BCC) */
636 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
644 guint16 BlocksPerUnit;
647 if (dirn == 1) { /* Request(s) dissect code */
649 /* Build display for: Word Count (WCT) */
651 WordCount = GBYTE(pd, offset);
655 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
659 offset += 1; /* Skip Word Count (WCT) */
661 /* Build display for: Byte Count (BCC) */
663 ByteCount = GSHORT(pd, offset);
667 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
671 offset += 2; /* Skip Byte Count (BCC) */
675 if (dirn == 0) { /* Response(s) dissect code */
677 /* Build display for: Word Count (WCT) */
679 WordCount = GBYTE(pd, offset);
683 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
687 offset += 1; /* Skip Word Count (WCT) */
691 /* Build display for: Total Units */
693 TotalUnits = GSHORT(pd, offset);
697 proto_tree_add_text(tree, offset, 2, "Total Units: %u", TotalUnits);
701 offset += 2; /* Skip Total Units */
703 /* Build display for: Blocks Per Unit */
705 BlocksPerUnit = GSHORT(pd, offset);
709 proto_tree_add_text(tree, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
713 offset += 2; /* Skip Blocks Per Unit */
715 /* Build display for: Block Size */
717 BlockSize = GSHORT(pd, offset);
721 proto_tree_add_text(tree, offset, 2, "Block Size: %u", BlockSize);
725 offset += 2; /* Skip Block Size */
727 /* Build display for: Free Units */
729 FreeUnits = GSHORT(pd, offset);
733 proto_tree_add_text(tree, offset, 2, "Free Units: %u", FreeUnits);
737 offset += 2; /* Skip Free Units */
739 /* Build display for: Reserved */
741 Reserved = GSHORT(pd, offset);
745 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
749 offset += 2; /* Skip Reserved */
753 /* Build display for: Byte Count (BCC) */
755 ByteCount = GSHORT(pd, offset);
759 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
763 offset += 2; /* Skip Byte Count (BCC) */
770 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
773 proto_tree *Attributes_tree;
783 guint16 LastWriteTime;
784 guint16 LastWriteDate;
786 const char *FileName;
788 if (dirn == 1) { /* Request(s) dissect code */
790 /* Build display for: Word Count (WCT) */
792 WordCount = GBYTE(pd, offset);
796 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
800 offset += 1; /* Skip Word Count (WCT) */
804 /* Build display for: Attributes */
806 Attributes = GSHORT(pd, offset);
810 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
811 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
812 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
813 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
814 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
815 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
816 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
817 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
818 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
819 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
820 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
821 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
822 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
823 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
827 offset += 2; /* Skip Attributes */
829 /* Build display for: Last Write Time */
831 LastWriteTime = GSHORT(pd, offset);
835 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
839 offset += 2; /* Skip Last Write Time */
841 /* Build display for: Last Write Date */
843 LastWriteDate = GSHORT(pd, offset);
847 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
851 offset += 2; /* Skip Last Write Date */
853 /* Build display for: Reserved 1 */
855 Reserved1 = GSHORT(pd, offset);
859 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
863 offset += 2; /* Skip Reserved 1 */
865 /* Build display for: Reserved 2 */
867 Reserved2 = GSHORT(pd, offset);
871 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
875 offset += 2; /* Skip Reserved 2 */
877 /* Build display for: Reserved 3 */
879 Reserved3 = GSHORT(pd, offset);
883 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
887 offset += 2; /* Skip Reserved 3 */
889 /* Build display for: Reserved 4 */
891 Reserved4 = GSHORT(pd, offset);
895 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
899 offset += 2; /* Skip Reserved 4 */
901 /* Build display for: Reserved 5 */
903 Reserved5 = GSHORT(pd, offset);
907 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
911 offset += 2; /* Skip Reserved 5 */
915 /* Build display for: Byte Count (BCC) */
917 ByteCount = GSHORT(pd, offset);
921 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
925 offset += 2; /* Skip Byte Count (BCC) */
927 /* Build display for: Buffer Format */
929 BufferFormat = GBYTE(pd, offset);
933 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
937 offset += 1; /* Skip Buffer Format */
939 /* Build display for: File Name */
941 FileName = pd + offset;
945 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
949 offset += strlen(FileName) + 1; /* Skip File Name */
953 if (dirn == 0) { /* Response(s) dissect code */
955 /* Build display for: Word Count (WCT) */
957 WordCount = GBYTE(pd, offset);
961 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
965 offset += 1; /* Skip Word Count (WCT) */
967 /* Build display for: Byte Count (BCC) */
969 ByteCount = GBYTE(pd, offset);
973 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
977 offset += 1; /* Skip Byte Count (BCC) */
984 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
996 if (dirn == 1) { /* Request(s) dissect code */
998 /* Build display for: Word Count (WCT) */
1000 WordCount = GBYTE(pd, offset);
1004 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1008 offset += 1; /* Skip Word Count (WCT) */
1010 /* Build display for: FID */
1012 FID = GSHORT(pd, offset);
1016 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1020 offset += 2; /* Skip FID */
1022 /* Build display for: Count */
1024 Count = GSHORT(pd, offset);
1028 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1032 offset += 2; /* Skip Count */
1034 /* Build display for: Offset */
1036 Offset = GWORD(pd, offset);
1040 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1044 offset += 4; /* Skip Offset */
1046 /* Build display for: Remaining */
1048 Remaining = GSHORT(pd, offset);
1052 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
1056 offset += 2; /* Skip Remaining */
1058 /* Build display for: Byte Count (BCC) */
1060 ByteCount = GSHORT(pd, offset);
1064 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1068 offset += 2; /* Skip Byte Count (BCC) */
1070 /* Build display for: Buffer Format */
1072 BufferFormat = GBYTE(pd, offset);
1076 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1080 offset += 1; /* Skip Buffer Format */
1082 /* Build display for: Data Length */
1084 DataLength = GSHORT(pd, offset);
1088 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1092 offset += 2; /* Skip Data Length */
1096 if (dirn == 0) { /* Response(s) dissect code */
1098 /* Build display for: Word Count (WCT) */
1100 WordCount = GBYTE(pd, offset);
1104 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1108 offset += 1; /* Skip Word Count (WCT) */
1110 /* Build display for: Count */
1112 Count = GSHORT(pd, offset);
1116 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1120 offset += 2; /* Skip Count */
1122 /* Build display for: Byte Count (BCC) */
1124 ByteCount = GSHORT(pd, offset);
1128 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1132 offset += 2; /* Skip Byte Count (BCC) */
1139 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1153 guint16 DataCompactionMode;
1157 if (dirn == 1) { /* Request(s) dissect code */
1159 /* Build display for: Word Count (WCT) */
1161 WordCount = GBYTE(pd, offset);
1165 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1169 offset += 1; /* Skip Word Count (WCT) */
1171 /* Build display for: FID */
1173 FID = GSHORT(pd, offset);
1177 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1181 offset += 2; /* Skip FID */
1183 /* Build display for: Offset */
1185 Offset = GWORD(pd, offset);
1189 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1193 offset += 4; /* Skip Offset */
1195 /* Build display for: Max Count */
1197 MaxCount = GSHORT(pd, offset);
1201 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
1205 offset += 2; /* Skip Max Count */
1207 /* Build display for: Min Count */
1209 MinCount = GSHORT(pd, offset);
1213 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
1217 offset += 2; /* Skip Min Count */
1219 /* Build display for: Reserved 1 */
1221 Reserved1 = GWORD(pd, offset);
1225 proto_tree_add_text(tree, offset, 4, "Reserved 1: %u", Reserved1);
1229 offset += 4; /* Skip Reserved 1 */
1231 /* Build display for: Reserved 2 */
1233 Reserved2 = GSHORT(pd, offset);
1237 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
1241 offset += 2; /* Skip Reserved 2 */
1243 /* Build display for: Byte Count (BCC) */
1245 ByteCount = GSHORT(pd, offset);
1249 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1253 offset += 2; /* Skip Byte Count (BCC) */
1257 if (dirn == 0) { /* Response(s) dissect code */
1259 /* Build display for: Word Count */
1261 WordCount = GBYTE(pd, offset);
1265 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
1269 offset += 1; /* Skip Word Count */
1271 if (WordCount > 0) {
1273 /* Build display for: Offset */
1275 Offset = GWORD(pd, offset);
1279 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1283 offset += 4; /* Skip Offset */
1285 /* Build display for: Count */
1287 Count = GSHORT(pd, offset);
1291 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1295 offset += 2; /* Skip Count */
1297 /* Build display for: Reserved */
1299 Reserved = GSHORT(pd, offset);
1303 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1307 offset += 2; /* Skip Reserved */
1309 /* Build display for: Data Compaction Mode */
1311 DataCompactionMode = GSHORT(pd, offset);
1315 proto_tree_add_text(tree, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1319 offset += 2; /* Skip Data Compaction Mode */
1321 /* Build display for: Reserved */
1323 Reserved = GSHORT(pd, offset);
1327 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1331 offset += 2; /* Skip Reserved */
1333 /* Build display for: Data Length */
1335 DataLength = GSHORT(pd, offset);
1339 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1343 offset += 2; /* Skip Data Length */
1345 /* Build display for: Data Offset */
1347 DataOffset = GSHORT(pd, offset);
1351 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
1355 offset += 2; /* Skip Data Offset */
1359 /* Build display for: Byte Count (BCC) */
1361 ByteCount = GSHORT(pd, offset);
1365 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1369 offset += 2; /* Skip Byte Count (BCC) */
1371 /* Build display for: Pad */
1373 Pad = GBYTE(pd, offset);
1377 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
1381 offset += 1; /* Skip Pad */
1388 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1392 guint8 BufferFormat;
1394 const char *FileName;
1396 if (dirn == 1) { /* Request(s) dissect code */
1398 /* Build display for: Word Count (WCT) */
1400 WordCount = GBYTE(pd, offset);
1404 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1408 offset += 1; /* Skip Word Count (WCT) */
1410 /* Build display for: Byte Count (BCC) */
1412 ByteCount = GSHORT(pd, offset);
1416 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1420 offset += 2; /* Skip Byte Count (BCC) */
1422 /* Build display for: Buffer Format */
1424 BufferFormat = GBYTE(pd, offset);
1428 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1432 offset += 1; /* Skip Buffer Format */
1434 /* Build display for: File Name */
1436 FileName = pd + offset;
1440 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1444 offset += strlen(FileName) + 1; /* Skip File Name */
1448 if (dirn == 0) { /* Response(s) dissect code */
1450 /* Build display for: Word Count (WCT) */
1452 WordCount = GBYTE(pd, offset);
1456 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1460 offset += 1; /* Skip Word Count (WCT) */
1462 /* Build display for: Byte Count (BCC) */
1464 ByteCount = GSHORT(pd, offset);
1468 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1472 offset += 2; /* Skip Byte Count (BCC) */
1479 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1482 proto_tree *Attributes_tree;
1485 guint32 FileDataSize;
1486 guint32 FileAllocationSize;
1487 guint16 LastWriteTime;
1488 guint16 LastWriteDate;
1489 guint16 LastAccessTime;
1490 guint16 LastAccessDate;
1492 guint16 CreationTime;
1493 guint16 CreationDate;
1497 if (dirn == 1) { /* Request(s) dissect code */
1499 /* Build display for: Word Count (WCT) */
1501 WordCount = GBYTE(pd, offset);
1505 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1509 offset += 1; /* Skip Word Count (WCT) */
1511 /* Build display for: FID */
1513 FID = GSHORT(pd, offset);
1517 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1521 offset += 2; /* Skip FID */
1523 /* Build display for: Byte Count */
1525 ByteCount = GSHORT(pd, offset);
1529 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1533 offset += 2; /* Skip Byte Count */
1537 if (dirn == 0) { /* Response(s) dissect code */
1539 /* Build display for: Word Count (WCT) */
1541 WordCount = GBYTE(pd, offset);
1545 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1549 offset += 1; /* Skip Word Count (WCT) */
1551 if (WordCount > 0) {
1553 /* Build display for: Creation Date */
1555 CreationDate = GSHORT(pd, offset);
1559 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
1563 offset += 2; /* Skip Creation Date */
1565 /* Build display for: Creation Time */
1567 CreationTime = GSHORT(pd, offset);
1571 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
1575 offset += 2; /* Skip Creation Time */
1577 /* Build display for: Last Access Date */
1579 LastAccessDate = GSHORT(pd, offset);
1583 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
1587 offset += 2; /* Skip Last Access Date */
1589 /* Build display for: Last Access Time */
1591 LastAccessTime = GSHORT(pd, offset);
1595 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
1599 offset += 2; /* Skip Last Access Time */
1601 /* Build display for: Last Write Date */
1603 LastWriteDate = GSHORT(pd, offset);
1607 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
1611 offset += 2; /* Skip Last Write Date */
1613 /* Build display for: Last Write Time */
1615 LastWriteTime = GSHORT(pd, offset);
1619 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
1623 offset += 2; /* Skip Last Write Time */
1625 /* Build display for: File Data Size */
1627 FileDataSize = GWORD(pd, offset);
1631 proto_tree_add_text(tree, offset, 4, "File Data Size: %u", FileDataSize);
1635 offset += 4; /* Skip File Data Size */
1637 /* Build display for: File Allocation Size */
1639 FileAllocationSize = GWORD(pd, offset);
1643 proto_tree_add_text(tree, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1647 offset += 4; /* Skip File Allocation Size */
1649 /* Build display for: Attributes */
1651 Attributes = GSHORT(pd, offset);
1655 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
1656 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1657 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1658 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1659 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1660 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1661 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1662 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1663 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1664 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1665 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1666 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1667 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1668 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1672 offset += 2; /* Skip Attributes */
1676 /* Build display for: Byte Count */
1678 ByteCount = GSHORT(pd, offset);
1682 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1686 offset += 2; /* Skip Byte Count */
1693 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1697 guint8 BufferFormat3;
1698 guint8 BufferFormat2;
1699 guint8 BufferFormat1;
1701 guint16 MaxBufferSize;
1703 const char *SharePath;
1704 const char *Service;
1705 const char *Password;
1707 if (dirn == 1) { /* Request(s) dissect code */
1709 /* Build display for: Word Count (WCT) */
1711 WordCount = GBYTE(pd, offset);
1715 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1719 offset += 1; /* Skip Word Count (WCT) */
1721 /* Build display for: Byte Count (BCC) */
1723 ByteCount = GSHORT(pd, offset);
1727 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1731 offset += 2; /* Skip Byte Count (BCC) */
1733 /* Build display for: BufferFormat1 */
1735 BufferFormat1 = GBYTE(pd, offset);
1739 proto_tree_add_text(tree, offset, 1, "BufferFormat1: %u", BufferFormat1);
1743 offset += 1; /* Skip BufferFormat1 */
1745 /* Build display for: Share Path */
1747 SharePath = pd + offset;
1751 proto_tree_add_text(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
1755 offset += strlen(SharePath) + 1; /* Skip Share Path */
1757 /* Build display for: BufferFormat2 */
1759 BufferFormat2 = GBYTE(pd, offset);
1763 proto_tree_add_text(tree, offset, 1, "BufferFormat2: %u", BufferFormat2);
1767 offset += 1; /* Skip BufferFormat2 */
1769 /* Build display for: Password */
1771 Password = pd + offset;
1775 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
1779 offset += strlen(Password) + 1; /* Skip Password */
1781 /* Build display for: BufferFormat3 */
1783 BufferFormat3 = GBYTE(pd, offset);
1787 proto_tree_add_text(tree, offset, 1, "BufferFormat3: %u", BufferFormat3);
1791 offset += 1; /* Skip BufferFormat3 */
1793 /* Build display for: Service */
1795 Service = pd + offset;
1799 proto_tree_add_text(tree, offset, strlen(Service) + 1, "Service: %s", Service);
1803 offset += strlen(Service) + 1; /* Skip Service */
1807 if (dirn == 0) { /* Response(s) dissect code */
1809 /* Build display for: Word Count (WCT) */
1811 WordCount = GBYTE(pd, offset);
1815 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1819 if (errcode != 0) return;
1821 offset += 1; /* Skip Word Count (WCT) */
1823 /* Build display for: Max Buffer Size */
1825 MaxBufferSize = GSHORT(pd, offset);
1829 proto_tree_add_text(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
1833 offset += 2; /* Skip Max Buffer Size */
1835 /* Build display for: TID */
1837 TID = GSHORT(pd, offset);
1841 proto_tree_add_text(tree, offset, 2, "TID: %u", TID);
1845 offset += 2; /* Skip TID */
1847 /* Build display for: Byte Count (BCC) */
1849 ByteCount = GSHORT(pd, offset);
1853 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1857 offset += 2; /* Skip Byte Count (BCC) */
1863 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
1865 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1868 proto_tree *Capabilities_tree;
1871 guint8 AndXReserved;
1872 guint8 AndXCommand = 0xFF;
1875 guint32 Capabilities;
1877 guint16 UNICODEAccountPasswordLength;
1878 guint16 PasswordLen;
1879 guint16 MaxMpxCount;
1880 guint16 MaxBufferSize;
1882 guint16 AndXOffset = 0;
1884 guint16 ANSIAccountPasswordLength;
1885 const char *UNICODEPassword;
1886 const char *Password;
1887 const char *PrimaryDomain;
1888 const char *NativeOS;
1889 const char *NativeLanManType;
1890 const char *NativeLanMan;
1891 const char *AccountName;
1892 const char *ANSIPassword;
1894 if (dirn == 1) { /* Request(s) dissect code */
1896 WordCount = GBYTE(pd, offset);
1898 switch (WordCount) {
1902 /* Build display for: Word Count (WCT) */
1904 WordCount = GBYTE(pd, offset);
1908 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1912 offset += 1; /* Skip Word Count (WCT) */
1914 /* Build display for: AndXCommand */
1916 AndXCommand = GBYTE(pd, offset);
1920 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
1921 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
1925 offset += 1; /* Skip AndXCommand */
1927 /* Build display for: AndXReserved */
1929 AndXReserved = GBYTE(pd, offset);
1933 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1937 offset += 1; /* Skip AndXReserved */
1939 /* Build display for: AndXOffset */
1941 AndXOffset = GSHORT(pd, offset);
1945 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1949 offset += 2; /* Skip AndXOffset */
1951 /* Build display for: MaxBufferSize */
1953 MaxBufferSize = GSHORT(pd, offset);
1957 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
1961 offset += 2; /* Skip MaxBufferSize */
1963 /* Build display for: MaxMpxCount */
1965 MaxMpxCount = GSHORT(pd, offset);
1969 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
1973 offset += 2; /* Skip MaxMpxCount */
1975 /* Build display for: VcNumber */
1977 VcNumber = GSHORT(pd, offset);
1981 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
1985 offset += 2; /* Skip VcNumber */
1987 /* Build display for: SessionKey */
1989 SessionKey = GWORD(pd, offset);
1993 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
1997 offset += 4; /* Skip SessionKey */
1999 /* Build display for: PasswordLen */
2001 PasswordLen = GSHORT(pd, offset);
2005 proto_tree_add_text(tree, offset, 2, "PasswordLen: %u", PasswordLen);
2009 offset += 2; /* Skip PasswordLen */
2011 /* Build display for: Reserved */
2013 Reserved = GWORD(pd, offset);
2017 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2021 offset += 4; /* Skip Reserved */
2023 /* Build display for: Byte Count (BCC) */
2025 ByteCount = GSHORT(pd, offset);
2029 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2033 offset += 2; /* Skip Byte Count (BCC) */
2035 if (ByteCount > 0) {
2037 /* Build displat for: Password */
2039 Password = pd + offset;
2043 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
2047 offset += PasswordLen;
2049 /* Build display for: AccountName */
2051 AccountName = pd + offset;
2055 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2059 offset += strlen(AccountName) + 1; /* Skip AccountName */
2061 /* Build display for: PrimaryDomain */
2063 PrimaryDomain = pd + offset;
2067 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2071 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2073 /* Build display for: NativeOS */
2075 NativeOS = pd + offset;
2079 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2083 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2085 /* Build display for: NativeLanMan */
2087 NativeLanMan = pd + offset;
2091 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2095 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2103 /* Build display for: Word Count (WCT) */
2105 WordCount = GBYTE(pd, offset);
2109 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2113 offset += 1; /* Skip Word Count (WCT) */
2115 /* Build display for: AndXCommand */
2117 AndXCommand = GBYTE(pd, offset);
2121 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2122 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2126 offset += 1; /* Skip AndXCommand */
2128 /* Build display for: AndXReserved */
2130 AndXReserved = GBYTE(pd, offset);
2134 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2138 offset += 1; /* Skip AndXReserved */
2140 /* Build display for: AndXOffset */
2142 AndXOffset = GSHORT(pd, offset);
2146 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2150 offset += 2; /* Skip AndXOffset */
2152 /* Build display for: MaxBufferSize */
2154 MaxBufferSize = GSHORT(pd, offset);
2158 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2162 offset += 2; /* Skip MaxBufferSize */
2164 /* Build display for: MaxMpxCount */
2166 MaxMpxCount = GSHORT(pd, offset);
2170 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2174 offset += 2; /* Skip MaxMpxCount */
2176 /* Build display for: VcNumber */
2178 VcNumber = GSHORT(pd, offset);
2182 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
2186 offset += 2; /* Skip VcNumber */
2188 /* Build display for: SessionKey */
2190 SessionKey = GWORD(pd, offset);
2194 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
2198 offset += 4; /* Skip SessionKey */
2200 /* Build display for: ANSI Account Password Length */
2202 ANSIAccountPasswordLength = GSHORT(pd, offset);
2206 proto_tree_add_text(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2210 offset += 2; /* Skip ANSI Account Password Length */
2212 /* Build display for: UNICODE Account Password Length */
2214 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2218 proto_tree_add_text(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2222 offset += 2; /* Skip UNICODE Account Password Length */
2224 /* Build display for: Reserved */
2226 Reserved = GWORD(pd, offset);
2230 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2234 offset += 4; /* Skip Reserved */
2236 /* Build display for: Capabilities */
2238 Capabilities = GWORD(pd, offset);
2242 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", Capabilities);
2243 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2244 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2245 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2246 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2247 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2248 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2249 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2250 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2251 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2252 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2253 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2254 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2255 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2256 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2257 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2258 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2259 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2260 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2261 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2262 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2263 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2264 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2265 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2266 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2267 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2268 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2269 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2270 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2271 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2275 offset += 4; /* Skip Capabilities */
2277 /* Build display for: Byte Count */
2279 ByteCount = GSHORT(pd, offset);
2283 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
2287 offset += 2; /* Skip Byte Count */
2289 if (ByteCount > 0) {
2291 /* Build display for: ANSI Password */
2293 ANSIPassword = pd + offset;
2297 proto_tree_add_text(tree, offset, strlen(ANSIPassword) + 1, "ANSI Password: %s", ANSIPassword);
2301 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2302 if (ANSIAccountPasswordLength == 0) offset++; /* Add 1 */
2304 /* Build display for: UNICODE Password */
2306 UNICODEPassword = pd + offset;
2308 if (UNICODEAccountPasswordLength > 0) {
2312 proto_tree_add_text(tree, offset, strlen(UNICODEPassword) + 1, "UNICODE Password: %s", UNICODEPassword);
2316 offset += strlen(UNICODEPassword) + 1; /* Skip UNICODE Password */
2320 /* Build display for: Account Name */
2322 AccountName = pd + offset;
2326 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2330 offset += strlen(AccountName) + 1; /* Skip Account Name */
2332 /* Build display for: Primary Domain */
2334 PrimaryDomain = pd + offset;
2338 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2342 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2344 /* Build display for: Native OS */
2346 NativeOS = pd + offset;
2350 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2354 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2356 /* Build display for: Native LanMan Type */
2358 NativeLanManType = pd + offset;
2362 proto_tree_add_text(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2366 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2375 if (AndXCommand != 0xFF) {
2377 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2383 if (dirn == 0) { /* Response(s) dissect code */
2385 /* Build display for: Word Count (WCT) */
2387 WordCount = GBYTE(pd, offset);
2391 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2395 offset += 1; /* Skip Word Count (WCT) */
2397 if (WordCount > 0) {
2399 /* Build display for: AndXCommand */
2401 AndXCommand = GBYTE(pd, offset);
2405 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2406 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2410 offset += 1; /* Skip AndXCommand */
2412 /* Build display for: AndXReserved */
2414 AndXReserved = GBYTE(pd, offset);
2418 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2422 offset += 1; /* Skip AndXReserved */
2424 /* Build display for: AndXOffset */
2426 AndXOffset = GSHORT(pd, offset);
2430 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2435 offset += 2; /* Skip AndXOffset */
2437 /* Build display for: Action */
2439 Action = GSHORT(pd, offset);
2443 proto_tree_add_text(tree, offset, 2, "Action: %u", Action);
2447 offset += 2; /* Skip Action */
2451 /* Build display for: Byte Count (BCC) */
2453 ByteCount = GSHORT(pd, offset);
2457 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2461 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2463 offset += 2; /* Skip Byte Count (BCC) */
2465 if (ByteCount > 0) {
2467 /* Build display for: NativeOS */
2469 NativeOS = pd + offset;
2473 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2477 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2479 /* Build display for: NativeLanMan */
2481 NativeLanMan = pd + offset;
2485 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2489 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2491 /* Build display for: PrimaryDomain */
2493 PrimaryDomain = pd + offset;
2497 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2501 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2505 if (AndXCommand != 0xFF) {
2507 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2516 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2519 guint8 wct, andxcmd = 0xFF;
2520 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2522 proto_tree *flags_tree;
2527 /* Now figure out what format we are talking about, 2, 3, or 4 response
2531 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2532 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2536 proto_tree_add_text(tree, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2538 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2548 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", wct);
2556 andxcmd = pd[offset];
2560 proto_tree_add_text(tree, offset, 1, "Next Command: %s",
2561 (andxcmd == 0xFF) ? "No further commands":
2562 decode_smb_name(andxcmd));
2564 proto_tree_add_text(tree, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2570 andxoffs = GSHORT(pd, offset);
2574 proto_tree_add_text(tree, offset, 2, "Offset to next command: %u", andxoffs);
2586 bcc = GSHORT(pd, offset);
2590 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2598 flags = GSHORT(pd, offset);
2602 ti = proto_tree_add_text(tree, offset, 2, "Additional Flags: 0x%02x", flags);
2603 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2604 proto_tree_add_text(flags_tree, offset, 2, "%s",
2605 decode_boolean_bitfield(flags, 0x01, 16,
2607 "Don't disconnect TID"));
2613 passwdlen = GSHORT(pd, offset);
2617 proto_tree_add_text(tree, offset, 2, "Password Length: %u", passwdlen);
2623 bcc = GSHORT(pd, offset);
2627 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2637 proto_tree_add_text(tree, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2641 offset += passwdlen;
2647 proto_tree_add_text(tree, offset, strlen(str) + 1, "Path: %s", str);
2651 offset += strlen(str) + 1;
2657 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2665 bcc = GSHORT(pd, offset);
2669 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2679 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service Type: %s",
2684 offset += strlen(str) + 1;
2690 optionsup = GSHORT(pd, offset);
2692 if (tree) { /* Should break out the bits */
2694 proto_tree_add_text(tree, offset, 2, "Optional Support: 0x%04x",
2701 bcc = GSHORT(pd, offset);
2705 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2715 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2719 offset += strlen(str) + 1;
2725 proto_tree_add_text(tree, offset, strlen(str) + 1, "Native File System: %s", str);
2729 offset += strlen(str) + 1;
2739 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2741 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
2746 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2748 guint8 wct, enckeylen;
2749 guint16 bcc, mode, rawmode, dialect;
2751 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2757 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2759 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2760 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2763 proto_tree_add_text(tree, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2765 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2773 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %d", wct);
2777 if (dirn == 0 && errcode != 0) return; /* No more info ... */
2781 /* Now decode the various formats ... */
2785 case 0: /* A request */
2787 bcc = GSHORT(pd, offset);
2791 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2799 ti = proto_tree_add_text(tree, offset, END_OF_FRAME, "Dialects");
2800 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
2804 while (IS_DATA_IN_FRAME(offset)) {
2809 proto_tree_add_text(dialects, offset, 1, "Dialect Marker: %d", pd[offset]);
2819 proto_tree_add_text(dialects, offset, strlen(str)+1, "Dialect: %s", str);
2823 offset += strlen(str) + 1;
2828 case 1: /* PC NETWORK PROGRAM 1.0 */
2830 dialect = GSHORT(pd, offset);
2832 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2834 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2836 proto_tree_add_text(tree, offset, 2, "Supplied dialects not recognized");
2841 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2849 bcc = GSHORT(pd, offset);
2853 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2859 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2863 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2867 /* Much of this is similar to response 17 below */
2871 mode = GSHORT(pd, offset);
2875 ti = proto_tree_add_text(tree, offset, 2, "Security Mode: 0x%04x", mode);
2876 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
2877 proto_tree_add_text(mode_tree, offset, 2, "%s",
2878 decode_boolean_bitfield(mode, 0x0001, 16,
2880 "Security = Share"));
2881 proto_tree_add_text(mode_tree, offset, 2, "%s",
2882 decode_boolean_bitfield(mode, 0x0002, 16,
2883 "Passwords = Encrypted",
2884 "Passwords = Plaintext"));
2892 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2900 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2908 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2914 rawmode = GSHORT(pd, offset);
2918 ti = proto_tree_add_text(tree, offset, 2, "Raw Mode: 0x%04x", rawmode);
2919 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
2920 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2921 decode_boolean_bitfield(rawmode, 0x01, 16,
2922 "Read Raw supported",
2923 "Read Raw not supported"));
2924 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2925 decode_boolean_bitfield(rawmode, 0x02, 16,
2926 "Write Raw supported",
2927 "Write Raw not supported"));
2935 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
2941 /* Now the server time, two short parameters ... */
2945 proto_tree_add_text(tree, offset, 2, "Server Time: %s",
2946 dissect_dos_time(GSHORT(pd, offset)));
2947 proto_tree_add_text(tree, offset + 2, 2, "Server Date: %s",
2948 dissect_dos_date(GSHORT(pd, offset + 2)));
2954 /* Server Time Zone, SHORT */
2958 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
2959 (signed)GSSHORT(pd, offset));
2965 /* Challenge Length */
2967 enckeylen = GSHORT(pd, offset);
2971 proto_tree_add_text(tree, offset, 2, "Challenge Length: %u", enckeylen);
2979 proto_tree_add_text(tree, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
2985 bcc = GSHORT(pd, offset);
2989 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2995 if (enckeylen) { /* only if non-zero key len */
3001 proto_tree_add_text(tree, offset, enckeylen, "Challenge: %s",
3002 bytes_to_str(str, enckeylen));
3005 offset += enckeylen;
3009 /* Primary Domain ... */
3015 proto_tree_add_text(tree, offset, strlen(str)+1, "Primary Domain: %s", str);
3021 case 17: /* Greater than LANMAN2.1 */
3025 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3031 mode = GBYTE(pd, offset);
3035 ti = proto_tree_add_text(tree, offset, 1, "Security Mode: 0x%02x", mode);
3036 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3037 proto_tree_add_text(mode_tree, offset, 1, "%s",
3038 decode_boolean_bitfield(mode, 0x01, 8,
3040 "Security = Share"));
3041 proto_tree_add_text(mode_tree, offset, 1, "%s",
3042 decode_boolean_bitfield(mode, 0x02, 8,
3043 "Passwords = Encrypted",
3044 "Passwords = Plaintext"));
3045 proto_tree_add_text(mode_tree, offset, 1, "%s",
3046 decode_boolean_bitfield(mode, 0x04, 8,
3047 "Security signatures enabled",
3048 "Security signatures not enabled"));
3049 proto_tree_add_text(mode_tree, offset, 1, "%s",
3050 decode_boolean_bitfield(mode, 0x08, 8,
3051 "Security signatures required",
3052 "Security signatures not required"));
3060 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3068 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3076 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3084 proto_tree_add_text(tree, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3092 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
3098 caps = GWORD(pd, offset);
3102 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", caps);
3103 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3104 proto_tree_add_text(caps_tree, offset, 4, "%s",
3105 decode_boolean_bitfield(caps, 0x0001, 32,
3106 "Raw Mode supported",
3107 "Raw Mode not supported"));
3108 proto_tree_add_text(caps_tree, offset, 4, "%s",
3109 decode_boolean_bitfield(caps, 0x0002, 32,
3110 "MPX Mode supported",
3111 "MPX Mode not supported"));
3112 proto_tree_add_text(caps_tree, offset, 4, "%s",
3113 decode_boolean_bitfield(caps, 0x0004, 32,
3114 "Unicode supported",
3115 "Unicode not supported"));
3116 proto_tree_add_text(caps_tree, offset, 4, "%s",
3117 decode_boolean_bitfield(caps, 0x0008, 32,
3118 "Large files supported",
3119 "Large files not supported"));
3120 proto_tree_add_text(caps_tree, offset, 4, "%s",
3121 decode_boolean_bitfield(caps, 0x0010, 32,
3122 "NT LM 0.12 SMBs supported",
3123 "NT LM 0.12 SMBs not supported"));
3124 proto_tree_add_text(caps_tree, offset, 4, "%s",
3125 decode_boolean_bitfield(caps, 0x0020, 32,
3126 "RPC remote APIs supported",
3127 "RPC remote APIs not supported"));
3128 proto_tree_add_text(caps_tree, offset, 4, "%s",
3129 decode_boolean_bitfield(caps, 0x0040, 32,
3130 "NT status codes supported",
3131 "NT status codes not supported"));
3132 proto_tree_add_text(caps_tree, offset, 4, "%s",
3133 decode_boolean_bitfield(caps, 0x0080, 32,
3134 "Level 2 OpLocks supported",
3135 "Level 2 OpLocks not supported"));
3136 proto_tree_add_text(caps_tree, offset, 4, "%s",
3137 decode_boolean_bitfield(caps, 0x0100, 32,
3138 "Lock&Read supported",
3139 "Lock&Read not supported"));
3140 proto_tree_add_text(caps_tree, offset, 4, "%s",
3141 decode_boolean_bitfield(caps, 0x0200, 32,
3142 "NT Find supported",
3143 "NT Find not supported"));
3144 proto_tree_add_text(caps_tree, offset, 4, "%s",
3145 decode_boolean_bitfield(caps, 0x1000, 32,
3147 "DFS not supported"));
3148 proto_tree_add_text(caps_tree, offset, 4, "%s",
3149 decode_boolean_bitfield(caps, 0x4000, 32,
3150 "Large READX supported",
3151 "Large READX not supported"));
3152 proto_tree_add_text(caps_tree, offset, 4, "%s",
3153 decode_boolean_bitfield(caps, 0x8000, 32,
3154 "Large WRITEX supported",
3155 "Large WRITEX not supported"));
3156 proto_tree_add_text(caps_tree, offset, 4, "%s",
3157 decode_boolean_bitfield(caps, 0x80000000, 32,
3158 "Extended security exchanges supported",
3159 "Extended security exchanges not supported"));
3164 /* Server time, 2 WORDS */
3168 proto_tree_add_text(tree, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3169 proto_tree_add_text(tree, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3175 /* Server Time Zone, SHORT */
3179 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
3180 (signed)GSSHORT(pd, offset));
3186 /* Encryption key len */
3188 enckeylen = pd[offset];
3192 proto_tree_add_text(tree, offset, 1, "Encryption key len: %u", enckeylen);
3198 bcc = GSHORT(pd, offset);
3202 proto_tree_add_text(tree, offset, 2, "Byte count (BCC): %u", bcc);
3208 if (enckeylen) { /* only if non-zero key len */
3210 /* Encryption challenge key */
3216 proto_tree_add_text(tree, offset, enckeylen, "Challenge encryption key: %s",
3217 bytes_to_str(str, enckeylen));
3221 offset += enckeylen;
3225 /* The domain, a null terminated string; Unicode if "caps" has
3226 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3227 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3233 if (caps & 0x0004) {
3234 ustr = unicode_to_str(str, &ustr_len);
3235 proto_tree_add_text(tree, offset, ustr_len+2, "OEM domain name: %s", ustr);
3237 proto_tree_add_text(tree, offset, strlen(str)+1, "OEM domain name: %s", str);
3244 default: /* Baddd */
3247 proto_tree_add_text(tree, offset, 1, "Bad format, should never get here");
3255 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3259 guint8 BufferFormat;
3261 const char *DirectoryName;
3263 if (dirn == 1) { /* Request(s) dissect code */
3265 /* Build display for: Word Count (WCT) */
3267 WordCount = GBYTE(pd, offset);
3271 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3275 offset += 1; /* Skip Word Count (WCT) */
3277 /* Build display for: Byte Count (BCC) */
3279 ByteCount = GSHORT(pd, offset);
3283 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3287 offset += 2; /* Skip Byte Count (BCC) */
3289 /* Build display for: Buffer Format */
3291 BufferFormat = GBYTE(pd, offset);
3295 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3299 offset += 1; /* Skip Buffer Format */
3301 /* Build display for: Directory Name */
3303 DirectoryName = pd + offset;
3307 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3311 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3315 if (dirn == 0) { /* Response(s) dissect code */
3317 /* Build display for: Word Count (WCT) */
3319 WordCount = GBYTE(pd, offset);
3323 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3327 offset += 1; /* Skip Word Count (WCT) */
3329 /* Build display for: Byte Count (BCC) */
3331 ByteCount = GSHORT(pd, offset);
3335 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3339 offset += 2; /* Skip Byte Count (BCC) */
3346 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3350 guint8 BufferFormat;
3352 const char *DirectoryName;
3354 if (dirn == 1) { /* Request(s) dissect code */
3356 /* Build display for: Word Count (WCT) */
3358 WordCount = GBYTE(pd, offset);
3362 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3366 offset += 1; /* Skip Word Count (WCT) */
3368 /* Build display for: Byte Count (BCC) */
3370 ByteCount = GSHORT(pd, offset);
3374 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3378 offset += 2; /* Skip Byte Count (BCC) */
3380 /* Build display for: Buffer Format */
3382 BufferFormat = GBYTE(pd, offset);
3386 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3390 offset += 1; /* Skip Buffer Format */
3392 /* Build display for: Directory Name */
3394 DirectoryName = pd + offset;
3398 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3402 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3406 if (dirn == 0) { /* Response(s) dissect code */
3408 /* Build display for: Word Count (WCT) */
3410 WordCount = GBYTE(pd, offset);
3414 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3418 offset += 1; /* Skip Word Count (WCT) */
3420 /* Build display for: Byte Count (BCC) */
3422 ByteCount = GSHORT(pd, offset);
3426 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3430 offset += 2; /* Skip Byte Count (BCC) */
3437 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3441 guint8 BufferFormat;
3443 const char *DirectoryName;
3445 if (dirn == 1) { /* Request(s) dissect code */
3447 /* Build display for: Word Count (WCT) */
3449 WordCount = GBYTE(pd, offset);
3453 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3457 offset += 1; /* Skip Word Count (WCT) */
3459 /* Build display for: Byte Count (BCC) */
3461 ByteCount = GSHORT(pd, offset);
3465 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3469 offset += 2; /* Skip Byte Count (BCC) */
3471 /* Build display for: Buffer Format */
3473 BufferFormat = GBYTE(pd, offset);
3477 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3481 offset += 1; /* Skip Buffer Format */
3483 /* Build display for: Directory Name */
3485 DirectoryName = pd + offset;
3489 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3493 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3497 if (dirn == 0) { /* Response(s) dissect code */
3499 /* Build display for: Word Count (WCT) */
3501 WordCount = GBYTE(pd, offset);
3505 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3509 offset += 1; /* Skip Word Count (WCT) */
3511 /* Build display for: Byte Count (BCC) */
3513 ByteCount = GSHORT(pd, offset);
3517 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3521 offset += 2; /* Skip Byte Count (BCC) */
3528 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3531 static const value_string OpenFunction_0x10[] = {
3532 { 0, "Fail if file does not exist"},
3533 { 16, "Create file if it does not exist"},
3536 static const value_string OpenFunction_0x03[] = {
3537 { 0, "Fail if file exists"},
3538 { 1, "Open file if it exists"},
3539 { 2, "Truncate File if it exists"},
3542 static const value_string FileType_0xFFFF[] = {
3543 { 0, "Disk file or directory"},
3544 { 1, "Named pipe in byte mode"},
3545 { 2, "Named pipe in message mode"},
3546 { 3, "Spooled printer"},
3549 static const value_string DesiredAccess_0x70[] = {
3550 { 00, "Compatibility mode"},
3551 { 16, "Deny read/write/execute (exclusive)"},
3552 { 32, "Deny write"},
3553 { 48, "Deny read/execute"},
3557 static const value_string DesiredAccess_0x700[] = {
3558 { 0, "Locality of reference unknown"},
3559 { 256, "Mainly sequential access"},
3560 { 512, "Mainly random access"},
3561 { 768, "Random access with some locality"},
3564 static const value_string DesiredAccess_0x4000[] = {
3565 { 0, "Write through mode disabled"},
3566 { 16384, "Write through mode enabled"},
3569 static const value_string DesiredAccess_0x1000[] = {
3570 { 0, "Normal file (caching permitted)"},
3571 { 4096, "Do not cache this file"},
3574 static const value_string DesiredAccess_0x07[] = {
3575 { 0, "Open for reading"},
3576 { 1, "Open for writing"},
3577 { 2, "Open for reading and writing"},
3578 { 3, "Open for execute"},
3581 static const value_string Action_0x8000[] = {
3582 { 0, "File opened by another user (or mode not supported by server)"},
3583 { 32768, "File is opened only by this user at present"},
3586 static const value_string Action_0x0003[] = {
3587 { 0, "No action taken?"},
3588 { 1, "The file existed and was opened"},
3589 { 2, "The file did not exist but was created"},
3590 { 3, "The file existed and was truncated"},
3593 proto_tree *Search_tree;
3594 proto_tree *OpenFunction_tree;
3595 proto_tree *Flags_tree;
3596 proto_tree *File_tree;
3597 proto_tree *FileType_tree;
3598 proto_tree *FileAttributes_tree;
3599 proto_tree *DesiredAccess_tree;
3600 proto_tree *Action_tree;
3603 guint8 AndXReserved;
3604 guint8 AndXCommand = 0xFF;
3609 guint32 AllocatedSize;
3612 guint16 OpenFunction;
3613 guint16 LastWriteTime;
3614 guint16 LastWriteDate;
3615 guint16 GrantedAccess;
3618 guint16 FileAttributes;
3621 guint16 DeviceState;
3622 guint16 DesiredAccess;
3623 guint16 CreationTime;
3624 guint16 CreationDate;
3626 guint16 AndXOffset = 0;
3628 const char *FileName;
3630 if (dirn == 1) { /* Request(s) dissect code */
3632 /* Build display for: Word Count (WCT) */
3634 WordCount = GBYTE(pd, offset);
3638 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3642 offset += 1; /* Skip Word Count (WCT) */
3644 /* Build display for: AndXCommand */
3646 AndXCommand = GBYTE(pd, offset);
3650 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3651 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3655 offset += 1; /* Skip AndXCommand */
3657 /* Build display for: AndXReserved */
3659 AndXReserved = GBYTE(pd, offset);
3663 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3667 offset += 1; /* Skip AndXReserved */
3669 /* Build display for: AndXOffset */
3671 AndXOffset = GSHORT(pd, offset);
3675 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3679 offset += 2; /* Skip AndXOffset */
3681 /* Build display for: Flags */
3683 Flags = GSHORT(pd, offset);
3687 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
3688 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3689 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3690 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3691 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3692 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3693 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3694 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3698 offset += 2; /* Skip Flags */
3700 /* Build display for: Desired Access */
3702 DesiredAccess = GSHORT(pd, offset);
3706 ti = proto_tree_add_text(tree, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3707 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3708 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3709 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3710 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3711 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3712 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3713 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3714 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3715 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3716 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3717 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3721 offset += 2; /* Skip Desired Access */
3723 /* Build display for: Search */
3725 Search = GSHORT(pd, offset);
3729 ti = proto_tree_add_text(tree, offset, 2, "Search: 0x%02x", Search);
3730 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
3731 proto_tree_add_text(Search_tree, offset, 2, "%s",
3732 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
3733 proto_tree_add_text(Search_tree, offset, 2, "%s",
3734 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
3735 proto_tree_add_text(Search_tree, offset, 2, "%s",
3736 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
3737 proto_tree_add_text(Search_tree, offset, 2, "%s",
3738 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
3739 proto_tree_add_text(Search_tree, offset, 2, "%s",
3740 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
3741 proto_tree_add_text(Search_tree, offset, 2, "%s",
3742 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
3746 offset += 2; /* Skip Search */
3748 /* Build display for: File */
3750 File = GSHORT(pd, offset);
3754 ti = proto_tree_add_text(tree, offset, 2, "File: 0x%02x", File);
3755 File_tree = proto_item_add_subtree(ti, ett_smb_file);
3756 proto_tree_add_text(File_tree, offset, 2, "%s",
3757 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
3758 proto_tree_add_text(File_tree, offset, 2, "%s",
3759 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
3760 proto_tree_add_text(File_tree, offset, 2, "%s",
3761 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
3762 proto_tree_add_text(File_tree, offset, 2, "%s",
3763 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
3764 proto_tree_add_text(File_tree, offset, 2, "%s",
3765 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
3766 proto_tree_add_text(File_tree, offset, 2, "%s",
3767 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
3771 offset += 2; /* Skip File */
3773 /* Build display for: Creation Time */
3775 CreationTime = GSHORT(pd, offset);
3782 offset += 2; /* Skip Creation Time */
3784 /* Build display for: Creation Date */
3786 CreationDate = GSHORT(pd, offset);
3790 proto_tree_add_text(tree, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
3791 proto_tree_add_text(tree, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
3795 offset += 2; /* Skip Creation Date */
3797 /* Build display for: Open Function */
3799 OpenFunction = GSHORT(pd, offset);
3803 ti = proto_tree_add_text(tree, offset, 2, "Open Function: 0x%02x", OpenFunction);
3804 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
3805 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3806 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
3807 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3808 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
3812 offset += 2; /* Skip Open Function */
3814 /* Build display for: Allocated Size */
3816 AllocatedSize = GWORD(pd, offset);
3820 proto_tree_add_text(tree, offset, 4, "Allocated Size: %u", AllocatedSize);
3824 offset += 4; /* Skip Allocated Size */
3826 /* Build display for: Reserved1 */
3828 Reserved1 = GWORD(pd, offset);
3832 proto_tree_add_text(tree, offset, 4, "Reserved1: %u", Reserved1);
3836 offset += 4; /* Skip Reserved1 */
3838 /* Build display for: Reserved2 */
3840 Reserved2 = GWORD(pd, offset);
3844 proto_tree_add_text(tree, offset, 4, "Reserved2: %u", Reserved2);
3848 offset += 4; /* Skip Reserved2 */
3850 /* Build display for: Byte Count */
3852 ByteCount = GSHORT(pd, offset);
3856 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
3860 offset += 2; /* Skip Byte Count */
3862 /* Build display for: File Name */
3864 FileName = pd + offset;
3868 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
3872 offset += strlen(FileName) + 1; /* Skip File Name */
3875 if (AndXCommand != 0xFF) {
3877 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
3883 if (dirn == 0) { /* Response(s) dissect code */
3885 /* Build display for: Word Count (WCT) */
3887 WordCount = GBYTE(pd, offset);
3891 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3895 offset += 1; /* Skip Word Count (WCT) */
3897 if (WordCount > 0) {
3899 /* Build display for: AndXCommand */
3901 AndXCommand = GBYTE(pd, offset);
3905 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3906 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3910 offset += 1; /* Skip AndXCommand */
3912 /* Build display for: AndXReserved */
3914 AndXReserved = GBYTE(pd, offset);
3918 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3922 offset += 1; /* Skip AndXReserved */
3924 /* Build display for: AndXOffset */
3926 AndXOffset = GSHORT(pd, offset);
3930 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3934 offset += 2; /* Skip AndXOffset */
3936 /* Build display for: FID */
3938 FID = GSHORT(pd, offset);
3942 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
3946 offset += 2; /* Skip FID */
3948 /* Build display for: FileAttributes */
3950 FileAttributes = GSHORT(pd, offset);
3954 ti = proto_tree_add_text(tree, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
3955 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
3956 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3957 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
3958 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3959 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
3960 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3961 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
3962 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3963 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
3964 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3965 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
3966 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3967 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
3971 offset += 2; /* Skip FileAttributes */
3973 /* Build display for: Last Write Time */
3975 LastWriteTime = GSHORT(pd, offset);
3981 offset += 2; /* Skip Last Write Time */
3983 /* Build display for: Last Write Date */
3985 LastWriteDate = GSHORT(pd, offset);
3989 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
3990 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
3995 offset += 2; /* Skip Last Write Date */
3997 /* Build display for: Data Size */
3999 DataSize = GWORD(pd, offset);
4003 proto_tree_add_text(tree, offset, 4, "Data Size: %u", DataSize);
4007 offset += 4; /* Skip Data Size */
4009 /* Build display for: Granted Access */
4011 GrantedAccess = GSHORT(pd, offset);
4015 proto_tree_add_text(tree, offset, 2, "Granted Access: %u", GrantedAccess);
4019 offset += 2; /* Skip Granted Access */
4021 /* Build display for: File Type */
4023 FileType = GSHORT(pd, offset);
4027 ti = proto_tree_add_text(tree, offset, 2, "File Type: 0x%02x", FileType);
4028 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4029 proto_tree_add_text(FileType_tree, offset, 2, "%s",
4030 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4034 offset += 2; /* Skip File Type */
4036 /* Build display for: Device State */
4038 DeviceState = GSHORT(pd, offset);
4042 proto_tree_add_text(tree, offset, 2, "Device State: %u", DeviceState);
4046 offset += 2; /* Skip Device State */
4048 /* Build display for: Action */
4050 Action = GSHORT(pd, offset);
4054 ti = proto_tree_add_text(tree, offset, 2, "Action: 0x%02x", Action);
4055 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4056 proto_tree_add_text(Action_tree, offset, 2, "%s",
4057 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4058 proto_tree_add_text(Action_tree, offset, 2, "%s",
4059 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4063 offset += 2; /* Skip Action */
4065 /* Build display for: Server FID */
4067 ServerFID = GWORD(pd, offset);
4071 proto_tree_add_text(tree, offset, 4, "Server FID: %u", ServerFID);
4075 offset += 4; /* Skip Server FID */
4077 /* Build display for: Reserved */
4079 Reserved = GSHORT(pd, offset);
4083 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
4087 offset += 2; /* Skip Reserved */
4091 /* Build display for: Byte Count */
4093 ByteCount = GSHORT(pd, offset);
4097 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4101 offset += 2; /* Skip Byte Count */
4104 if (AndXCommand != 0xFF) {
4106 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4115 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4118 proto_tree *WriteMode_tree;
4134 if (dirn == 1) { /* Request(s) dissect code */
4136 WordCount = GBYTE(pd, offset);
4138 switch (WordCount) {
4142 /* Build display for: Word Count (WCT) */
4144 WordCount = GBYTE(pd, offset);
4148 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4152 offset += 1; /* Skip Word Count (WCT) */
4154 /* Build display for: FID */
4156 FID = GSHORT(pd, offset);
4160 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4164 offset += 2; /* Skip FID */
4166 /* Build display for: Count */
4168 Count = GSHORT(pd, offset);
4172 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4176 offset += 2; /* Skip Count */
4178 /* Build display for: Reserved 1 */
4180 Reserved1 = GSHORT(pd, offset);
4184 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4188 offset += 2; /* Skip Reserved 1 */
4190 /* Build display for: Offset */
4192 Offset = GWORD(pd, offset);
4196 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
4200 offset += 4; /* Skip Offset */
4202 /* Build display for: Timeout */
4204 Timeout = GWORD(pd, offset);
4208 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4212 offset += 4; /* Skip Timeout */
4214 /* Build display for: WriteMode */
4216 WriteMode = GSHORT(pd, offset);
4220 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4221 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4222 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4223 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4224 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4225 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4229 offset += 2; /* Skip WriteMode */
4231 /* Build display for: Reserved 2 */
4233 Reserved2 = GWORD(pd, offset);
4237 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4241 offset += 4; /* Skip Reserved 2 */
4243 /* Build display for: Data Length */
4245 DataLength = GSHORT(pd, offset);
4249 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4253 offset += 2; /* Skip Data Length */
4255 /* Build display for: Data Offset */
4257 DataOffset = GSHORT(pd, offset);
4261 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4265 offset += 2; /* Skip Data Offset */
4267 /* Build display for: Byte Count (BCC) */
4269 ByteCount = GSHORT(pd, offset);
4273 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4277 offset += 2; /* Skip Byte Count (BCC) */
4279 /* Build display for: Pad */
4281 Pad = GBYTE(pd, offset);
4285 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4289 offset += 1; /* Skip Pad */
4295 /* Build display for: Word Count (WCT) */
4297 WordCount = GBYTE(pd, offset);
4301 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4305 offset += 1; /* Skip Word Count (WCT) */
4307 /* Build display for: FID */
4309 FID = GSHORT(pd, offset);
4313 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4317 offset += 2; /* Skip FID */
4319 /* Build display for: Count */
4321 Count = GSHORT(pd, offset);
4325 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4329 offset += 2; /* Skip Count */
4331 /* Build display for: Reserved 1 */
4333 Reserved1 = GSHORT(pd, offset);
4337 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4341 offset += 2; /* Skip Reserved 1 */
4343 /* Build display for: Timeout */
4345 Timeout = GWORD(pd, offset);
4349 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4353 offset += 4; /* Skip Timeout */
4355 /* Build display for: WriteMode */
4357 WriteMode = GSHORT(pd, offset);
4361 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4362 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4363 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4364 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4365 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4366 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4370 offset += 2; /* Skip WriteMode */
4372 /* Build display for: Reserved 2 */
4374 Reserved2 = GWORD(pd, offset);
4378 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4382 offset += 4; /* Skip Reserved 2 */
4384 /* Build display for: Data Length */
4386 DataLength = GSHORT(pd, offset);
4390 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4394 offset += 2; /* Skip Data Length */
4396 /* Build display for: Data Offset */
4398 DataOffset = GSHORT(pd, offset);
4402 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4406 offset += 2; /* Skip Data Offset */
4408 /* Build display for: Byte Count (BCC) */
4410 ByteCount = GSHORT(pd, offset);
4414 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4418 offset += 2; /* Skip Byte Count (BCC) */
4420 /* Build display for: Pad */
4422 Pad = GBYTE(pd, offset);
4426 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4430 offset += 1; /* Skip Pad */
4438 if (dirn == 0) { /* Response(s) dissect code */
4440 /* Build display for: Word Count (WCT) */
4442 WordCount = GBYTE(pd, offset);
4446 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4450 offset += 1; /* Skip Word Count (WCT) */
4452 if (WordCount > 0) {
4454 /* Build display for: Remaining */
4456 Remaining = GSHORT(pd, offset);
4460 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
4464 offset += 2; /* Skip Remaining */
4468 /* Build display for: Byte Count */
4470 ByteCount = GSHORT(pd, offset);
4474 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4478 offset += 2; /* Skip Byte Count */
4485 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4491 if (dirn == 1) { /* Request(s) dissect code */
4493 /* Build display for: Word Count (WCT) */
4495 WordCount = GBYTE(pd, offset);
4499 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4503 offset += 1; /* Skip Word Count (WCT) */
4505 /* Build display for: Byte Count (BCC) */
4507 ByteCount = GSHORT(pd, offset);
4511 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4515 offset += 2; /* Skip Byte Count (BCC) */
4519 if (dirn == 0) { /* Response(s) dissect code */
4521 /* Build display for: Word Count (WCT) */
4523 WordCount = GBYTE(pd, offset);
4527 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4531 offset += 1; /* Skip Word Count (WCT) */
4533 /* Build display for: Byte Count (BCC) */
4535 ByteCount = GSHORT(pd, offset);
4539 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4543 offset += 2; /* Skip Byte Count (BCC) */
4550 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4553 static const value_string Flags_0x03[] = {
4554 { 0, "Target must be a file"},
4555 { 1, "Target must be a directory"},
4558 { 4, "Verify all writes"},
4561 proto_tree *Flags_tree;
4564 guint8 ErrorFileFormat;
4566 guint16 OpenFunction;
4570 const char *ErrorFileName;
4572 if (dirn == 1) { /* Request(s) dissect code */
4574 /* Build display for: Word Count (WCT) */
4576 WordCount = GBYTE(pd, offset);
4580 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4584 offset += 1; /* Skip Word Count (WCT) */
4586 /* Build display for: TID2 */
4588 TID2 = GSHORT(pd, offset);
4592 proto_tree_add_text(tree, offset, 2, "TID2: %u", TID2);
4596 offset += 2; /* Skip TID2 */
4598 /* Build display for: Open Function */
4600 OpenFunction = GSHORT(pd, offset);
4604 proto_tree_add_text(tree, offset, 2, "Open Function: %u", OpenFunction);
4608 offset += 2; /* Skip Open Function */
4610 /* Build display for: Flags */
4612 Flags = GSHORT(pd, offset);
4616 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
4617 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4618 proto_tree_add_text(Flags_tree, offset, 2, "%s",
4619 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4623 offset += 2; /* Skip Flags */
4627 if (dirn == 0) { /* Response(s) dissect code */
4629 /* Build display for: Word Count (WCT) */
4631 WordCount = GBYTE(pd, offset);
4635 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4639 offset += 1; /* Skip Word Count (WCT) */
4641 if (WordCount > 0) {
4643 /* Build display for: Count */
4645 Count = GSHORT(pd, offset);
4649 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4653 offset += 2; /* Skip Count */
4657 /* Build display for: Byte Count */
4659 ByteCount = GSHORT(pd, offset);
4663 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4667 offset += 2; /* Skip Byte Count */
4669 /* Build display for: Error File Format */
4671 ErrorFileFormat = GBYTE(pd, offset);
4675 proto_tree_add_text(tree, offset, 1, "Error File Format: %u", ErrorFileFormat);
4679 offset += 1; /* Skip Error File Format */
4681 /* Build display for: Error File Name */
4683 ErrorFileName = pd + offset;
4687 proto_tree_add_text(tree, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4691 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4698 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4702 guint8 BufferFormat2;
4703 guint8 BufferFormat1;
4704 guint16 SearchAttributes;
4706 const char *OldFileName;
4707 const char *NewFileName;
4709 if (dirn == 1) { /* Request(s) dissect code */
4711 /* Build display for: Word Count (WCT) */
4713 WordCount = GBYTE(pd, offset);
4717 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4721 offset += 1; /* Skip Word Count (WCT) */
4723 /* Build display for: Search Attributes */
4725 SearchAttributes = GSHORT(pd, offset);
4729 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
4733 offset += 2; /* Skip Search Attributes */
4735 /* Build display for: Byte Count */
4737 ByteCount = GSHORT(pd, offset);
4741 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4745 offset += 2; /* Skip Byte Count */
4747 /* Build display for: Buffer Format 1 */
4749 BufferFormat1 = GBYTE(pd, offset);
4753 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
4757 offset += 1; /* Skip Buffer Format 1 */
4759 /* Build display for: Old File Name */
4761 OldFileName = pd + offset;
4765 proto_tree_add_text(tree, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
4769 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
4771 /* Build display for: Buffer Format 2 */
4773 BufferFormat2 = GBYTE(pd, offset);
4777 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
4781 offset += 1; /* Skip Buffer Format 2 */
4783 /* Build display for: New File Name */
4785 NewFileName = pd + offset;
4789 proto_tree_add_text(tree, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
4793 offset += strlen(NewFileName) + 1; /* Skip New File Name */
4797 if (dirn == 0) { /* Response(s) dissect code */
4799 /* Build display for: Word Count (WCT) */
4801 WordCount = GBYTE(pd, offset);
4805 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4809 offset += 1; /* Skip Word Count (WCT) */
4811 /* Build display for: Byte Count (BCC) */
4813 ByteCount = GSHORT(pd, offset);
4817 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4821 offset += 2; /* Skip Byte Count (BCC) */
4828 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4831 static const value_string Mode_0x03[] = {
4832 { 0, "Text mode (DOS expands TABs)"},
4833 { 1, "Graphics mode"},
4836 proto_tree *Mode_tree;
4839 guint8 BufferFormat;
4840 guint16 SetupLength;
4844 const char *IdentifierString;
4846 if (dirn == 1) { /* Request(s) dissect code */
4848 /* Build display for: Word Count (WCT) */
4850 WordCount = GBYTE(pd, offset);
4854 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4858 offset += 1; /* Skip Word Count (WCT) */
4860 /* Build display for: Setup Length */
4862 SetupLength = GSHORT(pd, offset);
4866 proto_tree_add_text(tree, offset, 2, "Setup Length: %u", SetupLength);
4870 offset += 2; /* Skip Setup Length */
4872 /* Build display for: Mode */
4874 Mode = GSHORT(pd, offset);
4878 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
4879 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
4880 proto_tree_add_text(Mode_tree, offset, 2, "%s",
4881 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
4885 offset += 2; /* Skip Mode */
4887 /* Build display for: Byte Count (BCC) */
4889 ByteCount = GSHORT(pd, offset);
4893 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4897 offset += 2; /* Skip Byte Count (BCC) */
4899 /* Build display for: Buffer Format */
4901 BufferFormat = GBYTE(pd, offset);
4905 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
4909 offset += 1; /* Skip Buffer Format */
4911 /* Build display for: Identifier String */
4913 IdentifierString = pd + offset;
4917 proto_tree_add_text(tree, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
4921 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
4925 if (dirn == 0) { /* Response(s) dissect code */
4927 /* Build display for: Word Count (WCT) */
4929 WordCount = GBYTE(pd, offset);
4933 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4937 offset += 1; /* Skip Word Count (WCT) */
4939 /* Build display for: FID */
4941 FID = GSHORT(pd, offset);
4945 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4949 offset += 2; /* Skip FID */
4951 /* Build display for: Byte Count (BCC) */
4953 ByteCount = GSHORT(pd, offset);
4957 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4961 offset += 2; /* Skip Byte Count (BCC) */
4968 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4975 if (dirn == 1) { /* Request(s) dissect code */
4977 /* Build display for: Word Count (WCT) */
4979 WordCount = GBYTE(pd, offset);
4983 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4987 offset += 1; /* Skip Word Count (WCT) */
4989 /* Build display for: FID */
4991 FID = GSHORT(pd, offset);
4995 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4999 offset += 2; /* Skip FID */
5001 /* Build display for: Byte Count (BCC) */
5003 ByteCount = GSHORT(pd, offset);
5007 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5011 offset += 2; /* Skip Byte Count (BCC) */
5015 if (dirn == 0) { /* Response(s) dissect code */
5017 /* Build display for: Word Count */
5019 WordCount = GBYTE(pd, offset);
5023 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5027 offset += 1; /* Skip Word Count */
5029 /* Build display for: Byte Count (BCC) */
5031 ByteCount = GSHORT(pd, offset);
5035 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5039 offset += 2; /* Skip Byte Count (BCC) */
5046 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5059 if (dirn == 1) { /* Request(s) dissect code */
5061 WordCount = GBYTE(pd, offset);
5063 switch (WordCount) {
5067 /* Build display for: Word Count (WCT) */
5069 WordCount = GBYTE(pd, offset);
5073 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5077 offset += 1; /* Skip Word Count (WCT) */
5079 /* Build display for: FID */
5081 FID = GSHORT(pd, offset);
5085 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5089 offset += 2; /* Skip FID */
5091 /* Build display for: Offset */
5093 Offset = GWORD(pd, offset);
5097 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5101 offset += 4; /* Skip Offset */
5103 /* Build display for: Max Count */
5105 MaxCount = GSHORT(pd, offset);
5109 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5113 offset += 2; /* Skip Max Count */
5115 /* Build display for: Min Count */
5117 MinCount = GSHORT(pd, offset);
5121 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5125 offset += 2; /* Skip Min Count */
5127 /* Build display for: Timeout */
5129 Timeout = GWORD(pd, offset);
5133 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5137 offset += 4; /* Skip Timeout */
5139 /* Build display for: Reserved */
5141 Reserved = GSHORT(pd, offset);
5145 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5149 offset += 2; /* Skip Reserved */
5151 /* Build display for: Byte Count (BCC) */
5153 ByteCount = GSHORT(pd, offset);
5157 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5161 offset += 2; /* Skip Byte Count (BCC) */
5167 /* Build display for: Word Count (WCT) */
5169 WordCount = GBYTE(pd, offset);
5173 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5177 offset += 1; /* Skip Word Count (WCT) */
5179 /* Build display for: FID */
5181 FID = GSHORT(pd, offset);
5185 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5189 offset += 2; /* Skip FID */
5191 /* Build display for: Offset */
5193 Offset = GWORD(pd, offset);
5197 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5201 offset += 4; /* Skip Offset */
5203 /* Build display for: Max Count */
5205 MaxCount = GSHORT(pd, offset);
5209 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5213 offset += 2; /* Skip Max Count */
5215 /* Build display for: Min Count */
5217 MinCount = GSHORT(pd, offset);
5221 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5225 offset += 2; /* Skip Min Count */
5227 /* Build display for: Timeout */
5229 Timeout = GWORD(pd, offset);
5233 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5237 offset += 4; /* Skip Timeout */
5239 /* Build display for: Reserved */
5241 Reserved = GSHORT(pd, offset);
5245 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5249 offset += 2; /* Skip Reserved */
5251 /* Build display for: Offset High */
5253 OffsetHigh = GWORD(pd, offset);
5257 proto_tree_add_text(tree, offset, 4, "Offset High: %u", OffsetHigh);
5261 offset += 4; /* Skip Offset High */
5263 /* Build display for: Byte Count (BCC) */
5265 ByteCount = GSHORT(pd, offset);
5269 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5273 offset += 2; /* Skip Byte Count (BCC) */
5281 if (dirn == 0) { /* Response(s) dissect code */
5288 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5292 guint8 AndXReserved;
5293 guint8 AndXCommand = 0xFF;
5295 guint16 AndXOffset = 0;
5297 if (dirn == 1) { /* Request(s) dissect code */
5299 /* Build display for: Word Count (WCT) */
5301 WordCount = GBYTE(pd, offset);
5305 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5309 offset += 1; /* Skip Word Count (WCT) */
5311 /* Build display for: AndXCommand */
5313 AndXCommand = GBYTE(pd, offset);
5317 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5321 offset += 1; /* Skip AndXCommand */
5323 /* Build display for: AndXReserved */
5325 AndXReserved = GBYTE(pd, offset);
5329 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5333 offset += 1; /* Skip AndXReserved */
5335 /* Build display for: AndXOffset */
5337 AndXOffset = GSHORT(pd, offset);
5341 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5345 offset += 2; /* Skip AndXOffset */
5347 /* Build display for: Byte Count (BCC) */
5349 ByteCount = GSHORT(pd, offset);
5353 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5357 offset += 2; /* Skip Byte Count (BCC) */
5360 if (AndXCommand != 0xFF) {
5362 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5368 if (dirn == 0) { /* Response(s) dissect code */
5370 /* Build display for: Word Count (WCT) */
5372 WordCount = GBYTE(pd, offset);
5376 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5380 offset += 1; /* Skip Word Count (WCT) */
5382 /* Build display for: AndXCommand */
5384 AndXCommand = GBYTE(pd, offset);
5388 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5392 offset += 1; /* Skip AndXCommand */
5394 /* Build display for: AndXReserved */
5396 AndXReserved = GBYTE(pd, offset);
5400 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5404 offset += 1; /* Skip AndXReserved */
5406 /* Build display for: AndXOffset */
5408 AndXOffset = GSHORT(pd, offset);
5412 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5416 offset += 2; /* Skip AndXOffset */
5418 /* Build display for: Byte Count (BCC) */
5420 ByteCount = GSHORT(pd, offset);
5424 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5428 offset += 2; /* Skip Byte Count (BCC) */
5431 if (AndXCommand != 0xFF) {
5433 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5442 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5445 static const value_string Mode_0x03[] = {
5446 { 0, "Seek from start of file"},
5447 { 1, "Seek from current position"},
5448 { 2, "Seek from end of file"},
5451 proto_tree *Mode_tree;
5459 if (dirn == 1) { /* Request(s) dissect code */
5461 /* Build display for: Word Count (WCT) */
5463 WordCount = GBYTE(pd, offset);
5467 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5471 offset += 1; /* Skip Word Count (WCT) */
5473 /* Build display for: FID */
5475 FID = GSHORT(pd, offset);
5479 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5483 offset += 2; /* Skip FID */
5485 /* Build display for: Mode */
5487 Mode = GSHORT(pd, offset);
5491 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
5492 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5493 proto_tree_add_text(Mode_tree, offset, 2, "%s",
5494 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5498 offset += 2; /* Skip Mode */
5500 /* Build display for: Offset */
5502 Offset = GWORD(pd, offset);
5506 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5510 offset += 4; /* Skip Offset */
5512 /* Build display for: Byte Count (BCC) */
5514 ByteCount = GSHORT(pd, offset);
5518 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5522 offset += 2; /* Skip Byte Count (BCC) */
5526 if (dirn == 0) { /* Response(s) dissect code */
5528 /* Build display for: Word Count (WCT) */
5530 WordCount = GBYTE(pd, offset);
5534 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5538 offset += 1; /* Skip Word Count (WCT) */
5540 /* Build display for: Offset */
5542 Offset = GWORD(pd, offset);
5546 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5550 offset += 4; /* Skip Offset */
5552 /* Build display for: Byte Count (BCC) */
5554 ByteCount = GSHORT(pd, offset);
5558 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5562 offset += 2; /* Skip Byte Count (BCC) */
5569 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5573 guint8 BufferFormat;
5581 if (dirn == 1) { /* Request(s) dissect code */
5583 /* Build display for: Word Count (WCT) */
5585 WordCount = GBYTE(pd, offset);
5589 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5593 offset += 1; /* Skip Word Count (WCT) */
5595 /* Build display for: FID */
5597 FID = GSHORT(pd, offset);
5601 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5605 offset += 2; /* Skip FID */
5607 /* Build display for: Count */
5609 Count = GSHORT(pd, offset);
5613 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5617 offset += 2; /* Skip Count */
5619 /* Build display for: Offset */
5621 Offset = GWORD(pd, offset);
5625 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5629 offset += 4; /* Skip Offset */
5631 /* Build display for: Remaining */
5633 Remaining = GSHORT(pd, offset);
5637 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
5641 offset += 2; /* Skip Remaining */
5643 /* Build display for: Byte Count (BCC) */
5645 ByteCount = GSHORT(pd, offset);
5649 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5653 offset += 2; /* Skip Byte Count (BCC) */
5655 /* Build display for: Buffer Format */
5657 BufferFormat = GBYTE(pd, offset);
5661 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
5665 offset += 1; /* Skip Buffer Format */
5667 /* Build display for: Data Length */
5669 DataLength = GSHORT(pd, offset);
5673 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
5677 offset += 2; /* Skip Data Length */
5681 if (dirn == 0) { /* Response(s) dissect code */
5683 /* Build display for: Word Count (WCT) */
5685 WordCount = GBYTE(pd, offset);
5689 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5693 offset += 1; /* Skip Word Count (WCT) */
5695 /* Build display for: Count */
5697 Count = GSHORT(pd, offset);
5701 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5705 offset += 2; /* Skip Count */
5707 /* Build display for: Byte Count (BCC) */
5709 ByteCount = GSHORT(pd, offset);
5713 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5717 offset += 2; /* Skip Byte Count (BCC) */
5724 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5728 guint16 LastWriteTime;
5729 guint16 LastWriteDate;
5730 guint16 LastAccessTime;
5731 guint16 LastAccessDate;
5733 guint16 CreationTime;
5734 guint16 CreationDate;
5737 if (dirn == 1) { /* Request(s) dissect code */
5739 /* Build display for: Word Count */
5741 WordCount = GBYTE(pd, offset);
5745 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5749 offset += 1; /* Skip Word Count */
5751 /* Build display for: FID */
5753 FID = GSHORT(pd, offset);
5757 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5761 offset += 2; /* Skip FID */
5763 /* Build display for: Creation Date */
5765 CreationDate = GSHORT(pd, offset);
5769 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
5773 offset += 2; /* Skip Creation Date */
5775 /* Build display for: Creation Time */
5777 CreationTime = GSHORT(pd, offset);
5781 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
5785 offset += 2; /* Skip Creation Time */
5787 /* Build display for: Last Access Date */
5789 LastAccessDate = GSHORT(pd, offset);
5793 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
5797 offset += 2; /* Skip Last Access Date */
5799 /* Build display for: Last Access Time */
5801 LastAccessTime = GSHORT(pd, offset);
5805 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
5809 offset += 2; /* Skip Last Access Time */
5811 /* Build display for: Last Write Date */
5813 LastWriteDate = GSHORT(pd, offset);
5817 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
5821 offset += 2; /* Skip Last Write Date */
5823 /* Build display for: Last Write Time */
5825 LastWriteTime = GSHORT(pd, offset);
5829 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
5833 offset += 2; /* Skip Last Write Time */
5835 /* Build display for: Byte Count (BCC) */
5837 ByteCount = GSHORT(pd, offset);
5841 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5845 offset += 2; /* Skip Byte Count (BCC) */
5849 if (dirn == 0) { /* Response(s) dissect code */
5851 /* Build display for: Word Count (WCC) */
5853 WordCount = GBYTE(pd, offset);
5857 proto_tree_add_text(tree, offset, 1, "Word Count (WCC): %u", WordCount);
5861 offset += 1; /* Skip Word Count (WCC) */
5863 /* Build display for: Byte Count (BCC) */
5865 ByteCount = GSHORT(pd, offset);
5869 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5873 offset += 2; /* Skip Byte Count (BCC) */
5880 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5889 if (dirn == 1) { /* Request(s) dissect code */
5891 /* Build display for: Word Count (WCT) */
5893 WordCount = GBYTE(pd, offset);
5897 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5901 offset += 1; /* Skip Word Count (WCT) */
5903 /* Build display for: FID */
5905 FID = GSHORT(pd, offset);
5909 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5913 offset += 2; /* Skip FID */
5915 /* Build display for: Count */
5917 Count = GWORD(pd, offset);
5921 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
5925 offset += 4; /* Skip Count */
5927 /* Build display for: Offset */
5929 Offset = GWORD(pd, offset);
5933 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5937 offset += 4; /* Skip Offset */
5939 /* Build display for: Byte Count (BCC) */
5941 ByteCount = GSHORT(pd, offset);
5945 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5949 offset += 2; /* Skip Byte Count (BCC) */
5953 if (dirn == 0) { /* Response(s) dissect code */
5955 /* Build display for: Word Count (WCT) */
5957 WordCount = GBYTE(pd, offset);
5961 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5965 offset += 1; /* Skip Word Count (WCT) */
5967 /* Build display for: Byte Count (BCC) */
5969 ByteCount = GSHORT(pd, offset);
5973 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5977 offset += 2; /* Skip Byte Count (BCC) */
5984 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5988 guint8 BufferFormat;
5990 guint16 RestartIndex;
5996 if (dirn == 1) { /* Request(s) dissect code */
5998 /* Build display for: Word Count */
6000 WordCount = GBYTE(pd, offset);
6004 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
6008 offset += 1; /* Skip Word Count */
6010 /* Build display for: Max Count */
6012 MaxCount = GSHORT(pd, offset);
6016 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6020 offset += 2; /* Skip Max Count */
6022 /* Build display for: Start Index */
6024 StartIndex = GSHORT(pd, offset);
6028 proto_tree_add_text(tree, offset, 2, "Start Index: %u", StartIndex);
6032 offset += 2; /* Skip Start Index */
6034 /* Build display for: Byte Count (BCC) */
6036 ByteCount = GSHORT(pd, offset);
6040 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6044 offset += 2; /* Skip Byte Count (BCC) */
6048 if (dirn == 0) { /* Response(s) dissect code */
6050 /* Build display for: Word Count (WCT) */
6052 WordCount = GBYTE(pd, offset);
6056 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6060 offset += 1; /* Skip Word Count (WCT) */
6062 if (WordCount > 0) {
6064 /* Build display for: Count */
6066 Count = GSHORT(pd, offset);
6070 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6074 offset += 2; /* Skip Count */
6076 /* Build display for: Restart Index */
6078 RestartIndex = GSHORT(pd, offset);
6082 proto_tree_add_text(tree, offset, 2, "Restart Index: %u", RestartIndex);
6086 offset += 2; /* Skip Restart Index */
6088 /* Build display for: Byte Count (BCC) */
6092 ByteCount = GSHORT(pd, offset);
6096 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6100 offset += 2; /* Skip Byte Count (BCC) */
6102 /* Build display for: Buffer Format */
6104 BufferFormat = GBYTE(pd, offset);
6108 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6112 offset += 1; /* Skip Buffer Format */
6114 /* Build display for: Data Length */
6116 DataLength = GSHORT(pd, offset);
6120 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6124 offset += 2; /* Skip Data Length */
6131 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6134 proto_tree *LockType_tree;
6139 guint8 AndXReserved;
6140 guint8 AndXCommand = 0xFF;
6142 guint16 NumberofLocks;
6143 guint16 NumberOfUnlocks;
6147 guint16 AndXOffset = 0;
6149 if (dirn == 1) { /* Request(s) dissect code */
6151 /* Build display for: Word Count (WCT) */
6153 WordCount = GBYTE(pd, offset);
6157 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6161 offset += 1; /* Skip Word Count (WCT) */
6163 /* Build display for: AndXCommand */
6165 AndXCommand = GBYTE(pd, offset);
6169 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
6173 offset += 1; /* Skip AndXCommand */
6175 /* Build display for: AndXReserved */
6177 AndXReserved = GBYTE(pd, offset);
6181 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6185 offset += 1; /* Skip AndXReserved */
6187 /* Build display for: AndXOffset */
6189 AndXOffset = GSHORT(pd, offset);
6193 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
6197 offset += 2; /* Skip AndXOffset */
6199 /* Build display for: FID */
6201 FID = GSHORT(pd, offset);
6205 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6209 offset += 2; /* Skip FID */
6211 /* Build display for: Lock Type */
6213 LockType = GBYTE(pd, offset);
6217 ti = proto_tree_add_text(tree, offset, 1, "Lock Type: 0x%01x", LockType);
6218 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6219 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6220 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6221 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6222 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6223 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6224 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6225 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6226 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6227 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6228 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6232 offset += 1; /* Skip Lock Type */
6234 /* Build display for: OplockLevel */
6236 OplockLevel = GBYTE(pd, offset);
6240 proto_tree_add_text(tree, offset, 1, "OplockLevel: %u", OplockLevel);
6244 offset += 1; /* Skip OplockLevel */
6246 /* Build display for: Timeout */
6248 Timeout = GWORD(pd, offset);
6252 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
6256 offset += 4; /* Skip Timeout */
6258 /* Build display for: Number Of Unlocks */
6260 NumberOfUnlocks = GSHORT(pd, offset);
6264 proto_tree_add_text(tree, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6268 offset += 2; /* Skip Number Of Unlocks */
6270 /* Build display for: Number of Locks */
6272 NumberofLocks = GSHORT(pd, offset);
6276 proto_tree_add_text(tree, offset, 2, "Number of Locks: %u", NumberofLocks);
6280 offset += 2; /* Skip Number of Locks */
6282 /* Build display for: Byte Count (BCC) */
6284 ByteCount = GSHORT(pd, offset);
6288 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6292 offset += 2; /* Skip Byte Count (BCC) */
6295 if (AndXCommand != 0xFF) {
6297 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6303 if (dirn == 0) { /* Response(s) dissect code */
6305 /* Build display for: Word Count (WCT) */
6307 WordCount = GBYTE(pd, offset);
6311 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6315 offset += 1; /* Skip Word Count (WCT) */
6317 if (WordCount > 0) {
6319 /* Build display for: AndXCommand */
6321 AndXCommand = GBYTE(pd, offset);
6325 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
6326 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6330 offset += 1; /* Skip AndXCommand */
6332 /* Build display for: AndXReserved */
6334 AndXReserved = GBYTE(pd, offset);
6338 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6342 offset += 1; /* Skip AndXReserved */
6344 /* Build display for: AndXoffset */
6346 AndXoffset = GSHORT(pd, offset);
6350 proto_tree_add_text(tree, offset, 2, "AndXoffset: %u", AndXoffset);
6354 offset += 2; /* Skip AndXoffset */
6358 /* Build display for: Byte Count */
6360 ByteCount = GSHORT(pd, offset);
6364 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
6368 offset += 2; /* Skip Byte Count */
6371 if (AndXCommand != 0xFF) {
6373 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6382 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6391 if (dirn == 1) { /* Request(s) dissect code */
6393 /* Build display for: Word Count (WCT) */
6395 WordCount = GBYTE(pd, offset);
6399 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6403 offset += 1; /* Skip Word Count (WCT) */
6405 /* Build display for: FID */
6407 FID = GSHORT(pd, offset);
6411 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6415 offset += 2; /* Skip FID */
6417 /* Build display for: Count */
6419 Count = GWORD(pd, offset);
6423 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
6427 offset += 4; /* Skip Count */
6429 /* Build display for: Offset */
6431 Offset = GWORD(pd, offset);
6435 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
6439 offset += 4; /* Skip Offset */
6441 /* Build display for: Byte Count (BCC) */
6443 ByteCount = GSHORT(pd, offset);
6447 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6451 offset += 2; /* Skip Byte Count (BCC) */
6455 if (dirn == 0) { /* Response(s) dissect code */
6457 /* Build display for: Word Count (WCT) */
6459 WordCount = GBYTE(pd, offset);
6463 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6467 offset += 1; /* Skip Word Count (WCT) */
6469 /* Build display for: Byte Count (BCC) */
6471 ByteCount = GSHORT(pd, offset);
6475 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6479 offset += 2; /* Skip Byte Count (BCC) */
6486 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6489 proto_tree *Attributes_tree;
6492 guint8 BufferFormat;
6494 guint16 CreationTime;
6497 const char *FileName;
6499 if (dirn == 1) { /* Request(s) dissect code */
6501 /* Build display for: Word Count (WCT) */
6503 WordCount = GBYTE(pd, offset);
6507 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6511 offset += 1; /* Skip Word Count (WCT) */
6513 /* Build display for: Attributes */
6515 Attributes = GSHORT(pd, offset);
6519 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
6520 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
6521 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6522 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
6523 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6524 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
6525 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6526 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
6527 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6528 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
6529 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6530 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
6531 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6532 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
6536 offset += 2; /* Skip Attributes */
6538 /* Build display for: Creation Time */
6540 CreationTime = GSHORT(pd, offset);
6544 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6548 offset += 2; /* Skip Creation Time */
6550 /* Build display for: Byte Count (BCC) */
6552 ByteCount = GSHORT(pd, offset);
6556 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6560 offset += 2; /* Skip Byte Count (BCC) */
6562 /* Build display for: Buffer Format */
6564 BufferFormat = GBYTE(pd, offset);
6568 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6572 offset += 1; /* Skip Buffer Format */
6574 /* Build display for: File Name */
6576 FileName = pd + offset;
6580 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6584 offset += strlen(FileName) + 1; /* Skip File Name */
6588 if (dirn == 0) { /* Response(s) dissect code */
6590 /* Build display for: Word Count (WCT) */
6592 WordCount = GBYTE(pd, offset);
6596 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6600 offset += 1; /* Skip Word Count (WCT) */
6602 if (WordCount > 0) {
6604 /* Build display for: FID */
6606 FID = GSHORT(pd, offset);
6610 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6614 offset += 2; /* Skip FID */
6618 /* Build display for: Byte Count (BCC) */
6620 ByteCount = GSHORT(pd, offset);
6624 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6628 offset += 2; /* Skip Byte Count (BCC) */
6635 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6639 guint8 BufferFormat2;
6640 guint8 BufferFormat1;
6641 guint8 BufferFormat;
6642 guint16 SearchAttributes;
6643 guint16 ResumeKeyLength;
6648 const char *FileName;
6650 if (dirn == 1) { /* Request(s) dissect code */
6652 /* Build display for: Word Count (WCT) */
6654 WordCount = GBYTE(pd, offset);
6658 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6662 offset += 1; /* Skip Word Count (WCT) */
6664 /* Build display for: Max Count */
6666 MaxCount = GSHORT(pd, offset);
6670 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6674 offset += 2; /* Skip Max Count */
6676 /* Build display for: Search Attributes */
6678 SearchAttributes = GSHORT(pd, offset);
6682 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
6686 offset += 2; /* Skip Search Attributes */
6688 /* Build display for: Byte Count (BCC) */
6690 ByteCount = GSHORT(pd, offset);
6694 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6698 offset += 2; /* Skip Byte Count (BCC) */
6700 /* Build display for: Buffer Format 1 */
6702 BufferFormat1 = GBYTE(pd, offset);
6706 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
6710 offset += 1; /* Skip Buffer Format 1 */
6712 /* Build display for: File Name */
6714 FileName = pd + offset;
6718 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6722 offset += strlen(FileName) + 1; /* Skip File Name */
6724 /* Build display for: Buffer Format 2 */
6726 BufferFormat2 = GBYTE(pd, offset);
6730 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
6734 offset += 1; /* Skip Buffer Format 2 */
6736 /* Build display for: Resume Key Length */
6738 ResumeKeyLength = GSHORT(pd, offset);
6742 proto_tree_add_text(tree, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
6746 offset += 2; /* Skip Resume Key Length */
6750 if (dirn == 0) { /* Response(s) dissect code */
6752 /* Build display for: Word Count (WCT) */
6754 WordCount = GBYTE(pd, offset);
6758 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6762 offset += 1; /* Skip Word Count (WCT) */
6764 if (WordCount > 0) {
6766 /* Build display for: Count */
6768 Count = GSHORT(pd, offset);
6772 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6776 offset += 2; /* Skip Count */
6780 /* Build display for: Byte Count (BCC) */
6782 ByteCount = GSHORT(pd, offset);
6786 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6790 offset += 2; /* Skip Byte Count (BCC) */
6792 /* Build display for: Buffer Format */
6794 BufferFormat = GBYTE(pd, offset);
6798 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6802 offset += 1; /* Skip Buffer Format */
6804 /* Build display for: Data Length */
6806 DataLength = GSHORT(pd, offset);
6810 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6814 offset += 2; /* Skip Data Length */
6821 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6825 guint8 BufferFormat;
6828 guint16 CreationTime;
6829 guint16 CreationDate;
6831 const char *FileName;
6832 const char *DirectoryName;
6834 if (dirn == 1) { /* Request(s) dissect code */
6836 /* Build display for: Word Count (WCT) */
6838 WordCount = GBYTE(pd, offset);
6842 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6846 offset += 1; /* Skip Word Count (WCT) */
6848 /* Build display for: Reserved */
6850 Reserved = GSHORT(pd, offset);
6854 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
6858 offset += 2; /* Skip Reserved */
6860 /* Build display for: Creation Time */
6862 CreationTime = GSHORT(pd, offset);
6866 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6870 offset += 2; /* Skip Creation Time */
6872 /* Build display for: Creation Date */
6874 CreationDate = GSHORT(pd, offset);
6878 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
6882 offset += 2; /* Skip Creation Date */
6884 /* Build display for: Byte Count (BCC) */
6886 ByteCount = GSHORT(pd, offset);
6890 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6894 offset += 2; /* Skip Byte Count (BCC) */
6896 /* Build display for: Buffer Format */
6898 BufferFormat = GBYTE(pd, offset);
6902 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6906 offset += 1; /* Skip Buffer Format */
6908 /* Build display for: Directory Name */
6910 DirectoryName = pd + offset;
6914 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
6918 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
6922 if (dirn == 0) { /* Response(s) dissect code */
6924 /* Build display for: Word Count (WCT) */
6926 WordCount = GBYTE(pd, offset);
6930 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6934 offset += 1; /* Skip Word Count (WCT) */
6936 if (WordCount > 0) {
6938 /* Build display for: FID */
6940 FID = GSHORT(pd, offset);
6944 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6948 offset += 2; /* Skip FID */
6952 /* Build display for: Byte Count (BCC) */
6954 ByteCount = GSHORT(pd, offset);
6958 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6962 offset += 2; /* Skip Byte Count (BCC) */
6964 /* Build display for: Buffer Format */
6966 BufferFormat = GBYTE(pd, offset);
6970 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6974 offset += 1; /* Skip Buffer Format */
6976 /* Build display for: File Name */
6978 FileName = pd + offset;
6982 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6986 offset += strlen(FileName) + 1; /* Skip File Name */
6993 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6997 guint16 LastWriteTime;
6998 guint16 LastWriteDate;
7002 if (dirn == 1) { /* Request(s) dissect code */
7004 /* Build display for: Word Count (WCT) */
7006 WordCount = GBYTE(pd, offset);
7010 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7014 offset += 1; /* Skip Word Count (WCT) */
7016 /* Build display for: FID */
7018 FID = GSHORT(pd, offset);
7022 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7026 offset += 2; /* Skip FID */
7028 /* Build display for: Last Write Time */
7030 LastWriteTime = GSHORT(pd, offset);
7034 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
7038 offset += 2; /* Skip Last Write Time */
7040 /* Build display for: Last Write Date */
7042 LastWriteDate = GSHORT(pd, offset);
7046 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
7050 offset += 2; /* Skip Last Write Date */
7052 /* Build display for: Byte Count (BCC) */
7054 ByteCount = GSHORT(pd, offset);
7058 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7062 offset += 2; /* Skip Byte Count (BCC) */
7066 if (dirn == 0) { /* Response(s) dissect code */
7068 /* Build display for: Word Count (WCT) */
7070 WordCount = GBYTE(pd, offset);
7074 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7078 offset += 1; /* Skip Word Count (WCT) */
7080 /* Build display for: Byte Count (BCC) */
7082 ByteCount = GSHORT(pd, offset);
7086 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7090 offset += 2; /* Skip Byte Count (BCC) */
7097 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7101 guint8 BufferFormat;
7106 if (dirn == 1) { /* Request(s) dissect code */
7108 /* Build display for: Word Count (WCT) */
7110 WordCount = GBYTE(pd, offset);
7114 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7118 offset += 1; /* Skip Word Count (WCT) */
7120 /* Build display for: FID */
7122 FID = GSHORT(pd, offset);
7126 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7130 offset += 2; /* Skip FID */
7132 /* Build display for: Byte Count (BCC) */
7134 ByteCount = GSHORT(pd, offset);
7138 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7142 offset += 2; /* Skip Byte Count (BCC) */
7144 /* Build display for: Buffer Format */
7146 BufferFormat = GBYTE(pd, offset);
7150 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7154 offset += 1; /* Skip Buffer Format */
7156 /* Build display for: Data Length */
7158 DataLength = GSHORT(pd, offset);
7162 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7166 offset += 2; /* Skip Data Length */
7170 if (dirn == 0) { /* Response(s) dissect code */
7172 /* Build display for: Word Count (WCT) */
7174 WordCount = GBYTE(pd, offset);
7178 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7182 offset += 1; /* Skip Word Count (WCT) */
7184 /* Build display for: Byte Count (BCC) */
7186 ByteCount = GSHORT(pd, offset);
7190 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7194 offset += 2; /* Skip Byte Count (BCC) */
7201 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7205 guint8 BufferFormat;
7217 if (dirn == 1) { /* Request(s) dissect code */
7219 /* Build display for: Word Count (WCT) */
7221 WordCount = GBYTE(pd, offset);
7225 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7229 offset += 1; /* Skip Word Count (WCT) */
7231 /* Build display for: FID */
7233 FID = GSHORT(pd, offset);
7237 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7241 offset += 2; /* Skip FID */
7243 /* Build display for: Count */
7245 Count = GSHORT(pd, offset);
7249 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7253 offset += 2; /* Skip Count */
7255 /* Build display for: Offset */
7257 Offset = GWORD(pd, offset);
7261 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7265 offset += 4; /* Skip Offset */
7267 /* Build display for: Remaining */
7269 Remaining = GSHORT(pd, offset);
7273 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7277 offset += 2; /* Skip Remaining */
7279 /* Build display for: Byte Count (BCC) */
7281 ByteCount = GSHORT(pd, offset);
7285 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7289 offset += 2; /* Skip Byte Count (BCC) */
7293 if (dirn == 0) { /* Response(s) dissect code */
7295 /* Build display for: Word Count (WCT) */
7297 WordCount = GBYTE(pd, offset);
7301 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7305 offset += 1; /* Skip Word Count (WCT) */
7307 if (WordCount > 0) {
7309 /* Build display for: Count */
7311 Count = GSHORT(pd, offset);
7315 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7319 offset += 2; /* Skip Count */
7321 /* Build display for: Reserved 1 */
7323 Reserved1 = GSHORT(pd, offset);
7327 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7331 offset += 2; /* Skip Reserved 1 */
7333 /* Build display for: Reserved 2 */
7335 Reserved2 = GSHORT(pd, offset);
7339 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7343 offset += 2; /* Skip Reserved 2 */
7345 /* Build display for: Reserved 3 */
7347 Reserved3 = GSHORT(pd, offset);
7351 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7355 offset += 2; /* Skip Reserved 3 */
7357 /* Build display for: Reserved 4 */
7359 Reserved4 = GSHORT(pd, offset);
7363 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7367 offset += 2; /* Skip Reserved 4 */
7369 /* Build display for: Byte Count (BCC) */
7371 ByteCount = GSHORT(pd, offset);
7375 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7381 offset += 2; /* Skip Byte Count (BCC) */
7383 /* Build display for: Buffer Format */
7385 BufferFormat = GBYTE(pd, offset);
7389 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7393 offset += 1; /* Skip Buffer Format */
7395 /* Build display for: Data Length */
7397 DataLength = GSHORT(pd, offset);
7401 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7405 offset += 2; /* Skip Data Length */
7412 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7418 if (dirn == 1) { /* Request(s) dissect code */
7420 /* Build display for: Word Count (WCT) */
7422 WordCount = GBYTE(pd, offset);
7426 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7430 offset += 1; /* Skip Word Count (WCT) */
7432 /* Build display for: Byte Count (BCC) */
7434 ByteCount = GSHORT(pd, offset);
7438 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7442 offset += 2; /* Skip Byte Count (BCC) */
7446 if (dirn == 0) { /* Response(s) dissect code */
7448 /* Build display for: Word Count (WCT) */
7450 WordCount = GBYTE(pd, offset);
7454 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7458 offset += 1; /* Skip Word Count (WCT) */
7460 /* Build display for: Byte Count (BCC) */
7462 ByteCount = GSHORT(pd, offset);
7466 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7470 offset += 2; /* Skip Byte Count (BCC) */
7477 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7480 proto_tree *Attributes_tree;
7483 guint8 BufferFormat;
7490 guint16 LastWriteTime;
7491 guint16 LastWriteDate;
7494 const char *FileName;
7496 if (dirn == 1) { /* Request(s) dissect code */
7498 /* Build display for: Word Count (WCT) */
7500 WordCount = GBYTE(pd, offset);
7504 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7508 offset += 1; /* Skip Word Count (WCT) */
7510 /* Build display for: Byte Count (BCC) */
7512 ByteCount = GSHORT(pd, offset);
7516 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7520 offset += 2; /* Skip Byte Count (BCC) */
7522 /* Build display for: Buffer Format */
7524 BufferFormat = GBYTE(pd, offset);
7528 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7532 offset += 1; /* Skip Buffer Format */
7534 /* Build display for: File Name */
7536 FileName = pd + offset;
7540 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7544 offset += strlen(FileName) + 1; /* Skip File Name */
7548 if (dirn == 0) { /* Response(s) dissect code */
7550 /* Build display for: Word Count (WCT) */
7552 WordCount = GBYTE(pd, offset);
7556 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7560 offset += 1; /* Skip Word Count (WCT) */
7562 if (WordCount > 0) {
7564 /* Build display for: Attributes */
7566 Attributes = GSHORT(pd, offset);
7570 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
7571 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7572 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7573 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7574 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7575 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7576 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7577 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7578 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7579 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7580 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7581 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7582 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7583 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7587 offset += 2; /* Skip Attributes */
7589 /* Build display for: Last Write Time */
7591 LastWriteTime = GSHORT(pd, offset);
7597 offset += 2; /* Skip Last Write Time */
7599 /* Build display for: Last Write Date */
7601 LastWriteDate = GSHORT(pd, offset);
7605 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
7607 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
7611 offset += 2; /* Skip Last Write Date */
7613 /* Build display for: File Size */
7615 FileSize = GWORD(pd, offset);
7619 proto_tree_add_text(tree, offset, 4, "File Size: %u", FileSize);
7623 offset += 4; /* Skip File Size */
7625 /* Build display for: Reserved 1 */
7627 Reserved1 = GSHORT(pd, offset);
7631 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7635 offset += 2; /* Skip Reserved 1 */
7637 /* Build display for: Reserved 2 */
7639 Reserved2 = GSHORT(pd, offset);
7643 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7647 offset += 2; /* Skip Reserved 2 */
7649 /* Build display for: Reserved 3 */
7651 Reserved3 = GSHORT(pd, offset);
7655 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7659 offset += 2; /* Skip Reserved 3 */
7661 /* Build display for: Reserved 4 */
7663 Reserved4 = GSHORT(pd, offset);
7667 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7671 offset += 2; /* Skip Reserved 4 */
7673 /* Build display for: Reserved 5 */
7675 Reserved5 = GSHORT(pd, offset);
7679 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
7683 offset += 2; /* Skip Reserved 5 */
7687 /* Build display for: Byte Count (BCC) */
7689 ByteCount = GSHORT(pd, offset);
7693 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7697 offset += 2; /* Skip Byte Count (BCC) */
7704 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7718 guint16 BufferFormat;
7720 if (dirn == 1) { /* Request(s) dissect code */
7722 /* Build display for: Word Count (WCT) */
7724 WordCount = GBYTE(pd, offset);
7728 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7732 offset += 1; /* Skip Word Count (WCT) */
7734 /* Build display for: FID */
7736 FID = GSHORT(pd, offset);
7740 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7744 offset += 2; /* Skip FID */
7746 /* Build display for: Count */
7748 Count = GSHORT(pd, offset);
7752 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7756 offset += 2; /* Skip Count */
7758 /* Build display for: Offset */
7760 Offset = GWORD(pd, offset);
7764 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7768 offset += 4; /* Skip Offset */
7770 /* Build display for: Remaining */
7772 Remaining = GSHORT(pd, offset);
7776 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7780 offset += 2; /* Skip Remaining */
7782 /* Build display for: Byte Count (BCC) */
7784 ByteCount = GSHORT(pd, offset);
7788 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7792 offset += 2; /* Skip Byte Count (BCC) */
7796 if (dirn == 0) { /* Response(s) dissect code */
7798 /* Build display for: Word Count (WCT) */
7800 WordCount = GBYTE(pd, offset);
7804 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7808 offset += 1; /* Skip Word Count (WCT) */
7810 if (WordCount > 0) {
7812 /* Build display for: Count */
7814 Count = GSHORT(pd, offset);
7818 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7822 offset += 2; /* Skip Count */
7824 /* Build display for: Reserved 1 */
7826 Reserved1 = GSHORT(pd, offset);
7830 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7834 offset += 2; /* Skip Reserved 1 */
7836 /* Build display for: Reserved 2 */
7838 Reserved2 = GSHORT(pd, offset);
7842 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7846 offset += 2; /* Skip Reserved 2 */
7848 /* Build display for: Reserved 3 */
7850 Reserved3 = GSHORT(pd, offset);
7854 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7858 offset += 2; /* Skip Reserved 3 */
7860 /* Build display for: Reserved 4 */
7862 Reserved4 = GSHORT(pd, offset);
7866 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7870 offset += 2; /* Skip Reserved 4 */
7874 /* Build display for: Byte Count (BCC) */
7876 ByteCount = GSHORT(pd, offset);
7880 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7884 offset += 2; /* Skip Byte Count (BCC) */
7886 /* Build display for: Buffer Format */
7888 BufferFormat = GSHORT(pd, offset);
7892 proto_tree_add_text(tree, offset, 2, "Buffer Format: %u", BufferFormat);
7896 offset += 2; /* Skip Buffer Format */
7898 /* Build display for: Data Length */
7900 DataLength = GSHORT(pd, offset);
7904 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7908 offset += 2; /* Skip Data Length */
7915 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7918 proto_tree *WriteMode_tree;
7923 guint32 ResponseMask;
7924 guint32 RequestMask;
7933 if (dirn == 1) { /* Request(s) dissect code */
7935 /* Build display for: Word Count (WCT) */
7937 WordCount = GBYTE(pd, offset);
7941 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7945 offset += 1; /* Skip Word Count (WCT) */
7947 /* Build display for: FID */
7949 FID = GSHORT(pd, offset);
7953 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7957 offset += 2; /* Skip FID */
7959 /* Build display for: Count */
7961 Count = GSHORT(pd, offset);
7965 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7969 offset += 2; /* Skip Count */
7971 /* Build display for: Reserved 1 */
7973 Reserved1 = GSHORT(pd, offset);
7977 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7981 offset += 2; /* Skip Reserved 1 */
7983 /* Build display for: Timeout */
7985 Timeout = GWORD(pd, offset);
7989 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
7993 offset += 4; /* Skip Timeout */
7995 /* Build display for: WriteMode */
7997 WriteMode = GSHORT(pd, offset);
8001 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
8002 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
8003 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8004 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
8005 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8006 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8007 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8008 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8012 offset += 2; /* Skip WriteMode */
8014 /* Build display for: Request Mask */
8016 RequestMask = GWORD(pd, offset);
8020 proto_tree_add_text(tree, offset, 4, "Request Mask: %u", RequestMask);
8024 offset += 4; /* Skip Request Mask */
8026 /* Build display for: Data Length */
8028 DataLength = GSHORT(pd, offset);
8032 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
8036 offset += 2; /* Skip Data Length */
8038 /* Build display for: Data Offset */
8040 DataOffset = GSHORT(pd, offset);
8044 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8048 offset += 2; /* Skip Data Offset */
8050 /* Build display for: Byte Count (BCC) */
8052 ByteCount = GSHORT(pd, offset);
8056 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8060 offset += 2; /* Skip Byte Count (BCC) */
8062 /* Build display for: Pad */
8064 Pad = GBYTE(pd, offset);
8068 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
8072 offset += 1; /* Skip Pad */
8076 if (dirn == 0) { /* Response(s) dissect code */
8078 /* Build display for: Word Count (WCT) */
8080 WordCount = GBYTE(pd, offset);
8084 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8088 offset += 1; /* Skip Word Count (WCT) */
8090 if (WordCount > 0) {
8092 /* Build display for: Response Mask */
8094 ResponseMask = GWORD(pd, offset);
8098 proto_tree_add_text(tree, offset, 4, "Response Mask: %u", ResponseMask);
8102 offset += 4; /* Skip Response Mask */
8104 /* Build display for: Byte Count (BCC) */
8106 ByteCount = GSHORT(pd, offset);
8110 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8116 offset += 2; /* Skip Byte Count (BCC) */
8123 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8130 if (dirn == 1) { /* Request(s) dissect code */
8132 /* Build display for: Word Count (WTC) */
8134 WordCount = GBYTE(pd, offset);
8138 proto_tree_add_text(tree, offset, 1, "Word Count (WTC): %u", WordCount);
8142 offset += 1; /* Skip Word Count (WTC) */
8144 /* Build display for: FID */
8146 FID = GSHORT(pd, offset);
8150 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
8154 offset += 2; /* Skip FID */
8156 /* Build display for: Byte Count (BCC) */
8158 ByteCount = GSHORT(pd, offset);
8162 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8166 offset += 2; /* Skip Byte Count (BCC) */
8170 if (dirn == 0) { /* Response(s) dissect code */
8172 /* Build display for: Word Count (WCT) */
8174 WordCount = GBYTE(pd, offset);
8178 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8182 offset += 1; /* Skip Word Count (WCT) */
8184 /* Build display for: Byte Count (BCC) */
8186 ByteCount = GBYTE(pd, offset);
8190 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
8194 offset += 1; /* Skip Byte Count (BCC) */
8200 char *trans2_cmd_names[] = {
8202 "TRANS2_FIND_FIRST2",
8203 "TRANS2_FIND_NEXT2",
8204 "TRANS2_QUERY_FS_INFORMATION",
8205 "TRANS2_QUERY_PATH_INFORMATION",
8206 "TRANS2_SET_PATH_INFORMATION",
8207 "TRANS2_QUERY_FILE_INFORMATION",
8208 "TRANS2_SET_FILE_INFORMATION",
8211 "TRANS2_FIND_NOTIFY_FIRST",
8212 "TRANS2_FIND_NOTIFY_NEXT",
8213 "TRANS2_CREATE_DIRECTORY",
8214 "TRANS2_SESSION_SETUP",
8215 "TRANS2_GET_DFS_REFERRAL",
8217 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8219 char *decode_trans2_name(int code)
8222 if (code > 17 || code < 0) {
8224 return("no such command");
8228 return trans2_cmd_names[code];
8232 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int);
8235 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8238 proto_tree *Flags_tree;
8246 guint8 MaxSetupCount;
8249 guint16 TotalParameterCount;
8250 guint16 TotalDataCount;
8253 guint16 ParameterOffset;
8254 guint16 ParameterDisplacement;
8255 guint16 ParameterCount;
8256 guint16 MaxParameterCount;
8257 guint16 MaxDataCount;
8260 guint16 DataDisplacement;
8263 conversation_t *conversation;
8264 struct smb_request_key request_key, *new_request_key;
8265 struct smb_request_val *request_val;
8268 * Find out what conversation this packet is part of.
8269 * XXX - this should really be done by the transport-layer protocol,
8270 * although for connectionless transports, we may not want to do that
8271 * unless we know some higher-level protocol will want it - or we
8272 * may want to do it, so you can say e.g. "show only the packets in
8273 * this UDP 'connection'".
8275 * Note that we don't have to worry about the direction this packet
8276 * was going - the conversation code handles that for us, treating
8277 * packets from A:X to B:Y as being part of the same conversation as
8278 * packets from B:Y to A:X.
8280 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8281 pi.srcport, pi.destport);
8282 if (conversation == NULL) {
8283 /* It's not part of any conversation - create a new one. */
8284 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8285 pi.srcport, pi.destport, NULL);
8289 * Check for and insert entry in request hash table if does not exist
8291 request_key.conversation = conversation->index;
8292 request_key.mid = si.mid;
8294 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8296 if (!request_val) { /* Create one */
8298 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8299 new_request_key -> conversation = conversation->index;
8300 new_request_key -> mid = si.mid;
8302 request_val = g_mem_chunk_alloc(smb_request_vals);
8303 request_val -> mid = si.mid;
8304 request_val -> last_transact2_command = 0xFFFF;
8306 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8309 else { /* Update the transact request */
8311 request_val -> mid = si.mid;
8316 if (dirn == 1) { /* Request(s) dissect code */
8318 /* Build display for: Word Count (WCT) */
8320 WordCount = GBYTE(pd, offset);
8324 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8328 offset += 1; /* Skip Word Count (WCT) */
8330 /* Build display for: Total Parameter Count */
8332 TotalParameterCount = GSHORT(pd, offset);
8336 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8340 offset += 2; /* Skip Total Parameter Count */
8342 /* Build display for: Total Data Count */
8344 TotalDataCount = GSHORT(pd, offset);
8348 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8352 offset += 2; /* Skip Total Data Count */
8354 /* Build display for: Max Parameter Count */
8356 MaxParameterCount = GSHORT(pd, offset);
8360 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8364 offset += 2; /* Skip Max Parameter Count */
8366 /* Build display for: Max Data Count */
8368 MaxDataCount = GSHORT(pd, offset);
8372 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8376 offset += 2; /* Skip Max Data Count */
8378 /* Build display for: Max Setup Count */
8380 MaxSetupCount = GBYTE(pd, offset);
8384 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8388 offset += 1; /* Skip Max Setup Count */
8390 /* Build display for: Reserved1 */
8392 Reserved1 = GBYTE(pd, offset);
8396 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
8400 offset += 1; /* Skip Reserved1 */
8402 /* Build display for: Flags */
8404 Flags = GSHORT(pd, offset);
8408 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
8409 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
8410 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8411 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8412 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8413 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8417 offset += 2; /* Skip Flags */
8419 /* Build display for: Timeout */
8421 Timeout = GWORD(pd, offset);
8425 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8429 offset += 4; /* Skip Timeout */
8431 /* Build display for: Reserved2 */
8433 Reserved2 = GSHORT(pd, offset);
8437 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8441 offset += 2; /* Skip Reserved2 */
8443 /* Build display for: Parameter Count */
8445 ParameterCount = GSHORT(pd, offset);
8449 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8453 offset += 2; /* Skip Parameter Count */
8455 /* Build display for: Parameter Offset */
8457 ParameterOffset = GSHORT(pd, offset);
8461 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8465 offset += 2; /* Skip Parameter Offset */
8467 /* Build display for: Data Count */
8469 DataCount = GSHORT(pd, offset);
8473 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8477 offset += 2; /* Skip Data Count */
8479 /* Build display for: Data Offset */
8481 DataOffset = GSHORT(pd, offset);
8485 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8489 offset += 2; /* Skip Data Offset */
8491 /* Build display for: Setup Count */
8493 SetupCount = GBYTE(pd, offset);
8497 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8501 offset += 1; /* Skip Setup Count */
8503 /* Build display for: Reserved3 */
8505 Reserved3 = GBYTE(pd, offset);
8509 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8513 offset += 1; /* Skip Reserved3 */
8515 /* Build display for: Setup */
8517 if (SetupCount > 0) {
8521 Setup = GSHORT(pd, offset);
8523 request_val -> last_transact2_command = Setup; /* Save for later */
8525 if (check_col(fd, COL_INFO)) {
8527 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
8531 for (i = 1; i <= SetupCount; i++) {
8534 Setup1 = GSHORT(pd, offset);
8538 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup1);
8542 offset += 2; /* Skip Setup */
8548 /* Build display for: Byte Count (BCC) */
8550 ByteCount = GSHORT(pd, offset);
8554 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8558 offset += 2; /* Skip Byte Count (BCC) */
8560 /* Build display for: Transact Name */
8564 proto_tree_add_text(tree, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
8570 /* Build display for: Pad1 */
8572 Pad1 = GBYTE(pd, offset);
8576 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8580 offset += 1; /* Skip Pad1 */
8584 if (ParameterCount > 0) {
8586 /* Build display for: Parameters */
8590 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8594 offset += ParameterCount; /* Skip Parameters */
8600 /* Build display for: Pad2 */
8602 Pad2 = GBYTE(pd, offset);
8606 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8610 offset += 1; /* Skip Pad2 */
8614 if (DataCount > 0) {
8616 /* Build display for: Data */
8618 Data = GBYTE(pd, offset);
8622 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
8626 offset += DataCount; /* Skip Data */
8631 if (dirn == 0) { /* Response(s) dissect code */
8633 /* Pick up the last transact2 command and put it in the right places */
8635 if (check_col(fd, COL_INFO)) {
8637 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
8641 /* Build display for: Word Count (WCT) */
8643 WordCount = GBYTE(pd, offset);
8647 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8651 offset += 1; /* Skip Word Count (WCT) */
8653 /* Build display for: Total Parameter Count */
8655 TotalParameterCount = GSHORT(pd, offset);
8659 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8663 offset += 2; /* Skip Total Parameter Count */
8665 /* Build display for: Total Data Count */
8667 TotalDataCount = GSHORT(pd, offset);
8671 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8675 offset += 2; /* Skip Total Data Count */
8677 /* Build display for: Reserved2 */
8679 Reserved2 = GSHORT(pd, offset);
8683 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8687 offset += 2; /* Skip Reserved2 */
8689 /* Build display for: Parameter Count */
8691 ParameterCount = GSHORT(pd, offset);
8695 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8699 offset += 2; /* Skip Parameter Count */
8701 /* Build display for: Parameter Offset */
8703 ParameterOffset = GSHORT(pd, offset);
8707 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8711 offset += 2; /* Skip Parameter Offset */
8713 /* Build display for: Parameter Displacement */
8715 ParameterDisplacement = GSHORT(pd, offset);
8719 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
8723 offset += 2; /* Skip Parameter Displacement */
8725 /* Build display for: Data Count */
8727 DataCount = GSHORT(pd, offset);
8731 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8735 offset += 2; /* Skip Data Count */
8737 /* Build display for: Data Offset */
8739 DataOffset = GSHORT(pd, offset);
8743 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8747 offset += 2; /* Skip Data Offset */
8749 /* Build display for: Data Displacement */
8751 DataDisplacement = GSHORT(pd, offset);
8755 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
8759 offset += 2; /* Skip Data Displacement */
8761 /* Build display for: Setup Count */
8763 SetupCount = GBYTE(pd, offset);
8767 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8771 offset += 1; /* Skip Setup Count */
8773 /* Build display for: Reserved3 */
8775 Reserved3 = GBYTE(pd, offset);
8779 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8783 offset += 1; /* Skip Reserved3 */
8785 /* Build display for: Setup */
8787 Setup = GSHORT(pd, offset);
8791 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
8795 offset += 2; /* Skip Setup */
8797 /* Build display for: Byte Count (BCC) */
8799 ByteCount = GSHORT(pd, offset);
8803 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8807 offset += 2; /* Skip Byte Count (BCC) */
8809 /* Build display for: Pad1 */
8811 Pad1 = GBYTE(pd, offset);
8815 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8819 offset += 1; /* Skip Pad1 */
8821 /* Build display for: Parameter */
8823 if (ParameterCount > 0) {
8827 proto_tree_add_text(tree, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8831 offset += ParameterCount; /* Skip Parameter */
8835 /* Build display for: Pad2 */
8837 Pad2 = GBYTE(pd, offset);
8841 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8845 offset += 1; /* Skip Pad2 */
8847 /* Build display for: Data */
8849 if (DataCount > 0) {
8853 proto_tree_add_text(tree, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
8857 offset += DataCount; /* Skip Data */
8866 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8869 proto_tree *Flags_tree;
8878 guint8 MaxSetupCount;
8881 guint16 TotalParameterCount;
8882 guint16 TotalDataCount;
8885 guint16 ParameterOffset;
8886 guint16 ParameterDisplacement;
8887 guint16 ParameterCount;
8888 guint16 MaxParameterCount;
8889 guint16 MaxDataCount;
8892 guint16 DataDisplacement;
8895 const char *TransactName;
8896 char *TransactNameCopy;
8898 char *trans_cmd, *loc_of_slash;
8900 conversation_t *conversation;
8901 struct smb_request_key request_key, *new_request_key;
8902 struct smb_request_val *request_val;
8905 * Find out what conversation this packet is part of
8908 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8909 pi.srcport, pi.destport);
8911 if (conversation == NULL) { /* Create a new conversation */
8913 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8914 pi.srcport, pi.destport, NULL);
8919 * Check for and insert entry in request hash table if does not exist
8921 request_key.conversation = conversation->index;
8922 request_key.mid = si.mid;
8924 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8926 if (!request_val) { /* Create one */
8928 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8929 new_request_key -> conversation = conversation -> index;
8930 new_request_key -> mid = si.mid;
8932 request_val = g_mem_chunk_alloc(smb_request_vals);
8933 request_val -> mid = si.mid;
8934 request_val -> last_transact_command = NULL;
8936 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8940 if (dirn == 1) { /* Request(s) dissect code */
8942 /* Build display for: Word Count (WCT) */
8944 WordCount = GBYTE(pd, offset);
8948 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8952 offset += 1; /* Skip Word Count (WCT) */
8954 /* Build display for: Total Parameter Count */
8956 TotalParameterCount = GSHORT(pd, offset);
8960 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8964 offset += 2; /* Skip Total Parameter Count */
8966 /* Build display for: Total Data Count */
8968 TotalDataCount = GSHORT(pd, offset);
8972 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8976 offset += 2; /* Skip Total Data Count */
8978 /* Build display for: Max Parameter Count */
8980 MaxParameterCount = GSHORT(pd, offset);
8984 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8988 offset += 2; /* Skip Max Parameter Count */
8990 /* Build display for: Max Data Count */
8992 MaxDataCount = GSHORT(pd, offset);
8996 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
9000 offset += 2; /* Skip Max Data Count */
9002 /* Build display for: Max Setup Count */
9004 MaxSetupCount = GBYTE(pd, offset);
9008 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9012 offset += 1; /* Skip Max Setup Count */
9014 /* Build display for: Reserved1 */
9016 Reserved1 = GBYTE(pd, offset);
9020 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
9024 offset += 1; /* Skip Reserved1 */
9026 /* Build display for: Flags */
9028 Flags = GSHORT(pd, offset);
9032 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
9033 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9034 proto_tree_add_text(Flags_tree, offset, 2, "%s",
9035 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9036 proto_tree_add_text(Flags_tree, offset, 2, "%s",
9037 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9041 offset += 2; /* Skip Flags */
9043 /* Build display for: Timeout */
9045 Timeout = GWORD(pd, offset);
9049 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
9053 offset += 4; /* Skip Timeout */
9055 /* Build display for: Reserved2 */
9057 Reserved2 = GSHORT(pd, offset);
9061 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9065 offset += 2; /* Skip Reserved2 */
9067 /* Build display for: Parameter Count */
9069 ParameterCount = GSHORT(pd, offset);
9073 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9077 offset += 2; /* Skip Parameter Count */
9079 /* Build display for: Parameter Offset */
9081 ParameterOffset = GSHORT(pd, offset);
9085 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9089 offset += 2; /* Skip Parameter Offset */
9091 /* Build display for: Data Count */
9093 DataCount = GSHORT(pd, offset);
9097 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9101 offset += 2; /* Skip Data Count */
9103 /* Build display for: Data Offset */
9105 DataOffset = GSHORT(pd, offset);
9109 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9113 offset += 2; /* Skip Data Offset */
9115 /* Build display for: Setup Count */
9117 SetupCount = GBYTE(pd, offset);
9121 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9125 offset += 1; /* Skip Setup Count */
9127 /* Build display for: Reserved3 */
9129 Reserved3 = GBYTE(pd, offset);
9133 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9137 offset += 1; /* Skip Reserved3 */
9139 /* Build display for: Setup */
9141 if (SetupCount > 0) {
9145 Setup = GSHORT(pd, offset);
9147 for (i = 1; i <= SetupCount; i++) {
9149 Setup = GSHORT(pd, offset);
9153 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup);
9157 offset += 2; /* Skip Setup */
9163 /* Build display for: Byte Count (BCC) */
9165 ByteCount = GSHORT(pd, offset);
9169 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9173 offset += 2; /* Skip Byte Count (BCC) */
9175 /* Build display for: Transact Name */
9177 TransactName = pd + offset;
9179 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9181 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9183 if (request_val -> last_transact_command)
9184 strcpy(request_val -> last_transact_command, TransactName);
9186 if (check_col(fd, COL_INFO)) {
9188 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9194 proto_tree_add_text(tree, offset, strlen(TransactName) + 1, "Transact Name: %s", TransactName);
9198 offset += strlen(TransactName) + 1; /* Skip Transact Name */
9202 /* Build display for: Pad1 */
9204 Pad1 = GBYTE(pd, offset);
9208 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9212 offset += 1; /* Skip Pad1 */
9216 /* Let's see if we can decode this */
9218 TransactNameCopy = g_malloc(strlen(TransactName) + 1);
9220 /* Bad, check for error? */
9222 strcpy(TransactNameCopy, TransactName);
9223 trans_type = TransactNameCopy + 1; /* Skip the slash */
9224 loc_of_slash = strchr(trans_type, '\\');
9226 index = loc_of_slash - trans_type; /* Make it a real index */
9227 trans_cmd = trans_type + index + 1;
9228 trans_type[index] = '\0';
9233 if (!strcmp(trans_type, "MAILSLOT") &&
9234 !dissect_mailslot_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount)) {
9236 if (ParameterCount > 0) {
9238 /* Build display for: Parameters */
9242 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9246 offset += ParameterCount; /* Skip Parameters */
9252 /* Build display for: Pad2 */
9254 Pad2 = GBYTE(pd, offset);
9258 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
9262 offset += 1; /* Skip Pad2 */
9266 if (DataCount > 0) {
9268 /* Build display for: Data */
9270 Data = GBYTE(pd, offset);
9274 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9278 offset += DataCount; /* Skip Data */
9284 if (dirn == 0) { /* Response(s) dissect code */
9286 if (check_col(fd, COL_INFO)) {
9288 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9292 /* Build display for: Word Count (WCT) */
9294 WordCount = GBYTE(pd, offset);
9298 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
9302 offset += 1; /* Skip Word Count (WCT) */
9304 /* Build display for: Total Parameter Count */
9306 TotalParameterCount = GSHORT(pd, offset);
9310 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9314 offset += 2; /* Skip Total Parameter Count */
9316 /* Build display for: Total Data Count */
9318 TotalDataCount = GSHORT(pd, offset);
9322 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
9326 offset += 2; /* Skip Total Data Count */
9328 /* Build display for: Reserved2 */
9330 Reserved2 = GSHORT(pd, offset);
9334 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9338 offset += 2; /* Skip Reserved2 */
9340 /* Build display for: Parameter Count */
9342 ParameterCount = GSHORT(pd, offset);
9346 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9350 offset += 2; /* Skip Parameter Count */
9352 /* Build display for: Parameter Offset */
9354 ParameterOffset = GSHORT(pd, offset);
9358 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9362 offset += 2; /* Skip Parameter Offset */
9364 /* Build display for: Parameter Displacement */
9366 ParameterDisplacement = GSHORT(pd, offset);
9370 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9374 offset += 2; /* Skip Parameter Displacement */
9376 /* Build display for: Data Count */
9378 DataCount = GSHORT(pd, offset);
9382 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9386 offset += 2; /* Skip Data Count */
9388 /* Build display for: Data Offset */
9390 DataOffset = GSHORT(pd, offset);
9394 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9398 offset += 2; /* Skip Data Offset */
9400 /* Build display for: Data Displacement */
9402 DataDisplacement = GSHORT(pd, offset);
9406 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
9410 offset += 2; /* Skip Data Displacement */
9412 /* Build display for: Setup Count */
9414 SetupCount = GBYTE(pd, offset);
9418 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9422 offset += 1; /* Skip Setup Count */
9424 /* Build display for: Reserved3 */
9426 Reserved3 = GBYTE(pd, offset);
9430 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9434 offset += 1; /* Skip Reserved3 */
9436 /* Build display for: Setup */
9438 if (SetupCount > 0) {
9440 /* Hmmm, should code for all setup words ... */
9442 Setup = GSHORT(pd, offset);
9446 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
9450 offset += 2; /* Skip Setup */
9454 /* Build display for: Byte Count (BCC) */
9456 ByteCount = GSHORT(pd, offset);
9460 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9464 offset += 2; /* Skip Byte Count (BCC) */
9466 /* Build display for: Pad1 */
9468 Pad1 = GBYTE(pd, offset);
9472 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9476 offset += 1; /* Skip Pad1 */
9478 /* Build display for: Parameter */
9480 Parameter = GBYTE(pd, offset);
9484 proto_tree_add_text(tree, offset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9488 offset += 1; /* Skip Parameter */
9490 /* Build display for: Pad2 */
9492 Pad2 = GBYTE(pd, offset);
9496 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
9500 offset += 1; /* Skip Pad2 */
9502 /* Build display for: Data */
9504 if (DataCount > 0) {
9508 proto_tree_add_text(tree, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9512 offset += DataCount; /* Skip Data */
9521 * The routines for mailslot and pipe dissecting should be migrated to another
9525 char *browse_commands[] =
9526 { "Error, No such command!", /* Value 0 */
9527 "Host Announcement", /* Value 1 */
9528 "Request Announcement", /* Value 2 */
9529 "Error, No such command!", /* Value 3 */
9530 "Error, No such command!", /* Value 4 */
9531 "Error, No such command!", /* Value 5 */
9532 "Error, No such command!", /* Value 6 */
9533 "Error, No such command!", /* Value 7 */
9534 "Browser Election Request", /* Value 8 */
9535 "Get Backup List Request", /* Value 9 */
9536 "Get Backup List Response", /* Value 10 */
9537 "Become Backup Browser", /* Value 11 */
9538 "Domain/Workgroup Announcement", /* Value 12 */
9539 "Master Announcement", /* Value 13 */
9540 "Error! No such command", /* Value 14 */
9541 "Local Master Announcement" /* Value 15 */
9544 #define HOST_ANNOUNCE 1
9545 #define REQUEST_ANNOUNCE 2
9546 #define BROWSER_ELECTION 8
9547 #define GETBACKUPLISTREQ 9
9548 #define GETBACKUPLISTRESP 10
9549 #define BECOMEBACKUPBROWSER 11
9550 #define DOMAINANNOUNCEMENT 12
9551 #define MASTERANNOUNCEMENT 13
9552 #define LOCALMASTERANNOUNC 15
9554 char *svr_types[32] = {
9558 "Domain Controller",
9559 "Backup Controller",
9563 "Domain Member Server",
9564 "Print Queue Server",
9568 "Windows for Workgroups",
9569 "Unknown Server - FIXME",
9571 "Potential Browser",
9574 "Domain Master Browser",
9577 "Windows 95 or above",
9590 dissect_mailslot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount)
9594 guint8 VersionMajor;
9595 guint8 VersionMinor;
9596 guint32 Periodicity;
9598 guint16 SigConstant;
9600 guint8 BackupServerCount;
9603 guint8 ElectionVersion;
9604 guint32 ElectionCriteria;
9606 guint8 ElectionDesire;
9607 guint16 ElectionRevision;
9608 guint32 ServerUpTime;
9609 const char *ServerName;
9610 const char *ServerComment;
9611 proto_tree *browse_tree = NULL, *flags_tree = NULL,
9612 *OSflags = NULL, *DesireFlags = NULL;
9613 proto_item *ti, *ec;
9614 guint32 loc_offset = DataOffset, count = 0;
9617 if (strcmp(command, "BROWSE") == 0) { /* Decode a browse */
9619 if (check_col(fd, COL_PROTOCOL))
9620 col_add_str(fd, COL_PROTOCOL, "BROWSER");
9622 if (check_col(fd, COL_INFO)) /* Put in something, and replace it later */
9623 col_add_str(fd, COL_INFO, "Browse Announcement");
9626 * Now, decode the browse request
9629 OpCode = GBYTE(pd, loc_offset);
9631 if (check_col(fd, COL_INFO))
9632 col_add_fstr(fd, COL_INFO, (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command:%u" : browse_commands[OpCode], OpCode);
9634 if (tree) { /* Add the browse tree */
9636 ti = proto_tree_add_item(parent, proto_browse, DataOffset, DataCount, NULL);
9637 browse_tree = proto_item_add_subtree(ti, ett_browse);
9639 proto_tree_add_text(browse_tree, loc_offset, 1, "OpCode: %s", (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command" : browse_commands[OpCode]);
9643 loc_offset += 1; /* Skip the OpCode */
9647 case DOMAINANNOUNCEMENT:
9648 case LOCALMASTERANNOUNC:
9651 UpdateCount = GBYTE(pd, loc_offset);
9655 proto_tree_add_text(browse_tree, loc_offset, 1, "Update Count: %u", UpdateCount);
9659 loc_offset += 1; /* Skip the Update Count */
9661 Periodicity = GWORD(pd, loc_offset + 2);
9665 proto_tree_add_text(browse_tree, loc_offset, 4, "Update Periodicity: %u mSec", Periodicity >> 16);
9671 ServerName = pd + loc_offset;
9675 proto_tree_add_text(browse_tree, loc_offset, 16, (OpCode == DOMAINANNOUNCEMENT) ? "Domain/WorkGroup: %s": "Host Name: %s", ServerName);
9681 VersionMajor = GBYTE(pd, loc_offset);
9685 proto_tree_add_text(browse_tree, loc_offset, 1, "Major Version: %u", VersionMajor);
9691 VersionMinor = GBYTE(pd, loc_offset);
9695 proto_tree_add_text(browse_tree, loc_offset, 1, "Minor Version: %u", VersionMinor);
9701 ServerType = GWORD(pd, loc_offset);
9703 if (check_col(fd, COL_INFO)) {
9705 /* Append the type(s) of the system to the COL_INFO line ... */
9707 for (i = 1; i <= 32; i++) {
9709 if (ServerType & (1 << (i - 1)) && (strcmp("Unused", svr_types[i]) != 0))
9710 col_append_fstr(fd, COL_INFO, ", %s", svr_types[i - 1]);
9718 ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Server Type: 0x%04x", ServerType);
9719 flags_tree = proto_item_add_subtree(ti, ett_browse_flags);
9720 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9721 decode_boolean_bitfield(ServerType, 0x0001, 32, "Workstation", "Not Workstation"));
9722 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9723 decode_boolean_bitfield(ServerType, 0x0002, 32, "Server", "Not Server"));
9724 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9725 decode_boolean_bitfield(ServerType, 0x0004, 32, "SQL Server", "Not SQL Server"));
9726 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9727 decode_boolean_bitfield(ServerType, 0x0008, 32, "Domain Controller", "Not Domain Controller"));
9728 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9729 decode_boolean_bitfield(ServerType, 0x0010, 32, "Backup Controller", "Not Backup Controller"));
9730 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9731 decode_boolean_bitfield(ServerType, 0x0020, 32, "Time Source", "Not Time Source"));
9732 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9733 decode_boolean_bitfield(ServerType, 0x0040, 32, "Apple Server", "Not Apple Server"));
9734 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9735 decode_boolean_bitfield(ServerType, 0x0080, 32, "Novell Server", "Not Novell Server"));
9736 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9737 decode_boolean_bitfield(ServerType, 0x0100, 32, "Domain Member Server", "Not Domain Member Server"));
9738 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9739 decode_boolean_bitfield(ServerType, 0x0200, 32, "Print Queue Server", "Not Print Queue Server"));
9740 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9741 decode_boolean_bitfield(ServerType, 0x0400, 32, "Dialin Server", "Not Dialin Server"));
9742 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9743 decode_boolean_bitfield(ServerType, 0x0800, 32, "Xenix Server", "Not Xenix Server"));
9744 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9745 decode_boolean_bitfield(ServerType, 0x1000, 32, "NT Workstation", "Not NT Workstation"));
9746 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9747 decode_boolean_bitfield(ServerType, 0x2000, 32, "Windows for Workgroups", "Not Windows for Workgroups"));
9748 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9749 decode_boolean_bitfield(ServerType, 0x8000, 32, "NT Server", "Not NT Server"));
9750 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9751 decode_boolean_bitfield(ServerType, 0x10000, 32, "Potential Browser", "Not Potential Browser"));
9752 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9753 decode_boolean_bitfield(ServerType, 0x20000, 32, "Backup Browser", "Not Backup Browser"));
9754 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9755 decode_boolean_bitfield(ServerType, 0x40000, 32, "Master Browser", "Not Master Browser"));
9756 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9757 decode_boolean_bitfield(ServerType, 0x80000, 32, "Domain Master Browser", "Not Domain Master Browser"));
9758 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9759 decode_boolean_bitfield(ServerType, 0x100000, 32, "OSF", "Not OSF"));
9760 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9761 decode_boolean_bitfield(ServerType, 0x200000, 32, "VMS", "Not VMS"));
9762 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9763 decode_boolean_bitfield(ServerType, 0x400000, 32, "Windows 95 or above", "Not Windows 95 or above"));
9764 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9765 decode_boolean_bitfield(ServerType, 0x40000000, 32, "Local List Only", "Not Local List Only"));
9766 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9767 decode_boolean_bitfield(ServerType, 0x80000000, 32, "Domain Enum", "Not Domain Enum"));
9771 ElectionVersion = GSHORT(pd, loc_offset);
9775 proto_tree_add_text(browse_tree, loc_offset, 2, "Election Version: %u", ElectionVersion);
9781 SigConstant = GSHORT(pd, loc_offset);
9785 proto_tree_add_text(browse_tree, loc_offset, 2, "Signature: %u (0x%04X)", SigConstant, SigConstant);
9791 ServerComment = pd + loc_offset;
9795 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerComment) + 1, "Host Comment: %s", ServerComment);
9801 case REQUEST_ANNOUNCE:
9803 Flags = GBYTE(pd, loc_offset);
9807 proto_tree_add_text(browse_tree, loc_offset, 1, "Unused Flags: %u", Flags);
9813 ServerName = pd + loc_offset;
9817 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Send List To: %s", ServerName);
9823 case BROWSER_ELECTION:
9825 ElectionVersion = GBYTE(pd, loc_offset);
9829 proto_tree_add_text(browse_tree, loc_offset, 1, "Election Version = %u", ElectionVersion);
9835 ElectionCriteria = GWORD(pd, loc_offset);
9836 ElectionOS = GBYTE(pd, loc_offset + 3);
9837 ElectionRevision = GSHORT(pd, loc_offset + 1);
9838 ElectionDesire = GBYTE(pd, loc_offset);
9842 ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Election Criteria = %u (0x%08X)", ElectionCriteria, ElectionCriteria);
9844 ec = proto_item_add_subtree(ti, ett_browse_election_criteria);
9846 ti = proto_tree_add_text(ec, loc_offset + 3, 1, "Election OS Summary: %u (0x%02X)", ElectionOS, ElectionOS);
9848 OSflags = proto_item_add_subtree(ti, ett_browse_election_os);
9850 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
9851 decode_boolean_bitfield(ElectionOS, 0x01, 8, "Windows for Workgroups", "Not Windows for Workgroups"));
9853 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
9854 decode_boolean_bitfield(ElectionOS, 0x02, 8, "Unknown", "Not used"));
9856 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
9857 decode_boolean_bitfield(ElectionOS, 0x04, 8, "Unknown", "Not used"));
9859 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
9860 decode_boolean_bitfield(ElectionOS, 0x08, 8, "Unknown", "Not used"));
9862 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
9863 decode_boolean_bitfield(ElectionOS, 0x10, 8, "Windows NT Workstation", "Not Windows NT Workstation"));
9865 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
9866 decode_boolean_bitfield(ElectionOS, 0x20, 8, "Windows NT Server", "Not Windows NT Server"));
9868 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
9869 decode_boolean_bitfield(ElectionOS, 0x40, 8, "Unknown", "Not used"));
9871 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
9872 decode_boolean_bitfield(ElectionOS, 0x80, 8, "Unknown", "Not used"));
9874 proto_tree_add_text(ec, loc_offset + 1, 2, "Election Revision: %u (0x%04X)", ElectionRevision, ElectionRevision);
9876 ti = proto_tree_add_text(ec, loc_offset, 1, "Election Desire Summary: %u (0x%02X)", ElectionDesire, ElectionDesire);
9878 DesireFlags = proto_item_add_subtree(ti, ett_browse_election_desire);
9880 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
9881 decode_boolean_bitfield(ElectionDesire, 0x01, 8, "Backup Browse Server", "Not Backup Browse Server"));
9883 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
9884 decode_boolean_bitfield(ElectionDesire, 0x02, 8, "Standby Browse Server", "Not Standby Browse Server"));
9886 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
9887 decode_boolean_bitfield(ElectionDesire, 0x04, 8, "Master Browser", "Not Master Browser"));
9889 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
9890 decode_boolean_bitfield(ElectionDesire, 0x08, 8, "Domain Master Browse Server", "Not Domain Master Browse Server"));
9892 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
9893 decode_boolean_bitfield(ElectionDesire, 0x10, 8, "Unknown", "Not used"));
9895 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
9896 decode_boolean_bitfield(ElectionDesire, 0x20, 8, "WINS Client", "Not WINS Client"));
9898 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
9899 decode_boolean_bitfield(ElectionDesire, 0x40, 8, "Unknown", "Not used"));
9901 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
9902 decode_boolean_bitfield(ElectionDesire, 0x80, 8, "Windows NT Advanced Server", "Not Windows NT Advanced Server"));
9908 ServerUpTime = GWORD(pd, loc_offset);
9912 proto_tree_add_text(browse_tree, loc_offset, 4, "Server Up Time: %u Sec", ServerUpTime);
9918 MBZ = GWORD(pd, loc_offset);
9922 ServerName = pd + loc_offset;
9926 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Election Server Name: %s", ServerName);
9932 case GETBACKUPLISTREQ:
9934 BackupServerCount = GBYTE(pd, loc_offset);
9938 proto_tree_add_text(browse_tree, loc_offset, 1, "Backup List Requested Count: %u", BackupServerCount);
9944 Token = GWORD(pd, loc_offset);
9948 proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Request Token: %u", Token);
9954 case GETBACKUPLISTRESP:
9956 BackupServerCount = GBYTE(pd, loc_offset);
9960 proto_tree_add_text(browse_tree, loc_offset, 1, "Backup Server Count: %u", BackupServerCount);
9966 Token = GWORD(pd, loc_offset);
9970 proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Response Token: %u", Token);
9976 ServerName = pd + loc_offset;
9978 for (count = 1; count <= BackupServerCount; count++) {
9982 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Backup Server: %s", ServerName);
9986 loc_offset += strlen(ServerName) + 1;
9988 ServerName = pd + loc_offset;
9994 case BECOMEBACKUPBROWSER:
9996 ServerName = pd + loc_offset;
10000 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Browser to Promote: %s", ServerName);
10006 case MASTERANNOUNCEMENT:
10008 ServerName = pd + loc_offset;
10012 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Server Name: %s", ServerName);
10022 return 1; /* Success */
10029 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
10031 dissect_unknown_smb, /* unknown SMB 0x00 */
10032 dissect_unknown_smb, /* unknown SMB 0x01 */
10033 dissect_unknown_smb, /* SMBopen open a file */
10034 dissect_create_file_smb, /* SMBcreate create a file */
10035 dissect_close_smb, /* SMBclose close a file */
10036 dissect_flush_file_smb, /* SMBflush flush a file */
10037 dissect_delete_file_smb, /* SMBunlink delete a file */
10038 dissect_rename_file_smb, /* SMBmv rename a file */
10039 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
10040 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
10041 dissect_read_file_smb, /* SMBread read from a file */
10042 dissect_write_file_smb, /* SMBwrite write to a file */
10043 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
10044 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
10045 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
10046 dissect_unknown_smb, /* SMBmknew make a new file */
10047 dissect_checkdir_smb, /* SMBchkpth check a directory path */
10048 dissect_process_exit_smb, /* SMBexit process exit */
10049 dissect_unknown_smb, /* SMBlseek seek */
10050 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
10051 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
10052 dissect_unknown_smb, /* unknown SMB 0x15 */
10053 dissect_unknown_smb, /* unknown SMB 0x16 */
10054 dissect_unknown_smb, /* unknown SMB 0x17 */
10055 dissect_unknown_smb, /* unknown SMB 0x18 */
10056 dissect_unknown_smb, /* unknown SMB 0x19 */
10057 dissect_read_raw_smb, /* SMBreadBraw read block raw */
10058 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
10059 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
10060 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
10061 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
10062 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
10063 dissect_unknown_smb, /* SMBwriteC write complete response */
10064 dissect_unknown_smb, /* unknown SMB 0x21 */
10065 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
10066 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
10067 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
10068 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
10069 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
10070 dissect_unknown_smb, /* SMBioctl IOCTL */
10071 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
10072 dissect_unknown_smb, /* SMBcopy copy */
10073 dissect_move_smb, /* SMBmove move */
10074 dissect_unknown_smb, /* SMBecho echo */
10075 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
10076 dissect_open_andx_smb, /* SMBopenX open and X */
10077 dissect_unknown_smb, /* SMBreadX read and X */
10078 dissect_unknown_smb, /* SMBwriteX write and X */
10079 dissect_unknown_smb, /* unknown SMB 0x30 */
10080 dissect_unknown_smb, /* unknown SMB 0x31 */
10081 dissect_transact2_smb, /* unknown SMB 0x32 */
10082 dissect_unknown_smb, /* unknown SMB 0x33 */
10083 dissect_find_close2_smb, /* unknown SMB 0x34 */
10084 dissect_unknown_smb, /* unknown SMB 0x35 */
10085 dissect_unknown_smb, /* unknown SMB 0x36 */
10086 dissect_unknown_smb, /* unknown SMB 0x37 */
10087 dissect_unknown_smb, /* unknown SMB 0x38 */
10088 dissect_unknown_smb, /* unknown SMB 0x39 */
10089 dissect_unknown_smb, /* unknown SMB 0x3a */
10090 dissect_unknown_smb, /* unknown SMB 0x3b */
10091 dissect_unknown_smb, /* unknown SMB 0x3c */
10092 dissect_unknown_smb, /* unknown SMB 0x3d */
10093 dissect_unknown_smb, /* unknown SMB 0x3e */
10094 dissect_unknown_smb, /* unknown SMB 0x3f */
10095 dissect_unknown_smb, /* unknown SMB 0x40 */
10096 dissect_unknown_smb, /* unknown SMB 0x41 */
10097 dissect_unknown_smb, /* unknown SMB 0x42 */
10098 dissect_unknown_smb, /* unknown SMB 0x43 */
10099 dissect_unknown_smb, /* unknown SMB 0x44 */
10100 dissect_unknown_smb, /* unknown SMB 0x45 */
10101 dissect_unknown_smb, /* unknown SMB 0x46 */
10102 dissect_unknown_smb, /* unknown SMB 0x47 */
10103 dissect_unknown_smb, /* unknown SMB 0x48 */
10104 dissect_unknown_smb, /* unknown SMB 0x49 */
10105 dissect_unknown_smb, /* unknown SMB 0x4a */
10106 dissect_unknown_smb, /* unknown SMB 0x4b */
10107 dissect_unknown_smb, /* unknown SMB 0x4c */
10108 dissect_unknown_smb, /* unknown SMB 0x4d */
10109 dissect_unknown_smb, /* unknown SMB 0x4e */
10110 dissect_unknown_smb, /* unknown SMB 0x4f */
10111 dissect_unknown_smb, /* unknown SMB 0x50 */
10112 dissect_unknown_smb, /* unknown SMB 0x51 */
10113 dissect_unknown_smb, /* unknown SMB 0x52 */
10114 dissect_unknown_smb, /* unknown SMB 0x53 */
10115 dissect_unknown_smb, /* unknown SMB 0x54 */
10116 dissect_unknown_smb, /* unknown SMB 0x55 */
10117 dissect_unknown_smb, /* unknown SMB 0x56 */
10118 dissect_unknown_smb, /* unknown SMB 0x57 */
10119 dissect_unknown_smb, /* unknown SMB 0x58 */
10120 dissect_unknown_smb, /* unknown SMB 0x59 */
10121 dissect_unknown_smb, /* unknown SMB 0x5a */
10122 dissect_unknown_smb, /* unknown SMB 0x5b */
10123 dissect_unknown_smb, /* unknown SMB 0x5c */
10124 dissect_unknown_smb, /* unknown SMB 0x5d */
10125 dissect_unknown_smb, /* unknown SMB 0x5e */
10126 dissect_unknown_smb, /* unknown SMB 0x5f */
10127 dissect_unknown_smb, /* unknown SMB 0x60 */
10128 dissect_unknown_smb, /* unknown SMB 0x61 */
10129 dissect_unknown_smb, /* unknown SMB 0x62 */
10130 dissect_unknown_smb, /* unknown SMB 0x63 */
10131 dissect_unknown_smb, /* unknown SMB 0x64 */
10132 dissect_unknown_smb, /* unknown SMB 0x65 */
10133 dissect_unknown_smb, /* unknown SMB 0x66 */
10134 dissect_unknown_smb, /* unknown SMB 0x67 */
10135 dissect_unknown_smb, /* unknown SMB 0x68 */
10136 dissect_unknown_smb, /* unknown SMB 0x69 */
10137 dissect_unknown_smb, /* unknown SMB 0x6a */
10138 dissect_unknown_smb, /* unknown SMB 0x6b */
10139 dissect_unknown_smb, /* unknown SMB 0x6c */
10140 dissect_unknown_smb, /* unknown SMB 0x6d */
10141 dissect_unknown_smb, /* unknown SMB 0x6e */
10142 dissect_unknown_smb, /* unknown SMB 0x6f */
10143 dissect_treecon_smb, /* SMBtcon tree connect */
10144 dissect_tdis_smb, /* SMBtdis tree disconnect */
10145 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
10146 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
10147 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
10148 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
10149 dissect_unknown_smb, /* unknown SMB 0x76 */
10150 dissect_unknown_smb, /* unknown SMB 0x77 */
10151 dissect_unknown_smb, /* unknown SMB 0x78 */
10152 dissect_unknown_smb, /* unknown SMB 0x79 */
10153 dissect_unknown_smb, /* unknown SMB 0x7a */
10154 dissect_unknown_smb, /* unknown SMB 0x7b */
10155 dissect_unknown_smb, /* unknown SMB 0x7c */
10156 dissect_unknown_smb, /* unknown SMB 0x7d */
10157 dissect_unknown_smb, /* unknown SMB 0x7e */
10158 dissect_unknown_smb, /* unknown SMB 0x7f */
10159 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
10160 dissect_search_dir_smb, /* SMBsearch search a directory */
10161 dissect_unknown_smb, /* SMBffirst find first */
10162 dissect_unknown_smb, /* SMBfunique find unique */
10163 dissect_unknown_smb, /* SMBfclose find close */
10164 dissect_unknown_smb, /* unknown SMB 0x85 */
10165 dissect_unknown_smb, /* unknown SMB 0x86 */
10166 dissect_unknown_smb, /* unknown SMB 0x87 */
10167 dissect_unknown_smb, /* unknown SMB 0x88 */
10168 dissect_unknown_smb, /* unknown SMB 0x89 */
10169 dissect_unknown_smb, /* unknown SMB 0x8a */
10170 dissect_unknown_smb, /* unknown SMB 0x8b */
10171 dissect_unknown_smb, /* unknown SMB 0x8c */
10172 dissect_unknown_smb, /* unknown SMB 0x8d */
10173 dissect_unknown_smb, /* unknown SMB 0x8e */
10174 dissect_unknown_smb, /* unknown SMB 0x8f */
10175 dissect_unknown_smb, /* unknown SMB 0x90 */
10176 dissect_unknown_smb, /* unknown SMB 0x91 */
10177 dissect_unknown_smb, /* unknown SMB 0x92 */
10178 dissect_unknown_smb, /* unknown SMB 0x93 */
10179 dissect_unknown_smb, /* unknown SMB 0x94 */
10180 dissect_unknown_smb, /* unknown SMB 0x95 */
10181 dissect_unknown_smb, /* unknown SMB 0x96 */
10182 dissect_unknown_smb, /* unknown SMB 0x97 */
10183 dissect_unknown_smb, /* unknown SMB 0x98 */
10184 dissect_unknown_smb, /* unknown SMB 0x99 */
10185 dissect_unknown_smb, /* unknown SMB 0x9a */
10186 dissect_unknown_smb, /* unknown SMB 0x9b */
10187 dissect_unknown_smb, /* unknown SMB 0x9c */
10188 dissect_unknown_smb, /* unknown SMB 0x9d */
10189 dissect_unknown_smb, /* unknown SMB 0x9e */
10190 dissect_unknown_smb, /* unknown SMB 0x9f */
10191 dissect_unknown_smb, /* unknown SMB 0xa0 */
10192 dissect_unknown_smb, /* unknown SMB 0xa1 */
10193 dissect_unknown_smb, /* unknown SMB 0xa2 */
10194 dissect_unknown_smb, /* unknown SMB 0xa3 */
10195 dissect_unknown_smb, /* unknown SMB 0xa4 */
10196 dissect_unknown_smb, /* unknown SMB 0xa5 */
10197 dissect_unknown_smb, /* unknown SMB 0xa6 */
10198 dissect_unknown_smb, /* unknown SMB 0xa7 */
10199 dissect_unknown_smb, /* unknown SMB 0xa8 */
10200 dissect_unknown_smb, /* unknown SMB 0xa9 */
10201 dissect_unknown_smb, /* unknown SMB 0xaa */
10202 dissect_unknown_smb, /* unknown SMB 0xab */
10203 dissect_unknown_smb, /* unknown SMB 0xac */
10204 dissect_unknown_smb, /* unknown SMB 0xad */
10205 dissect_unknown_smb, /* unknown SMB 0xae */
10206 dissect_unknown_smb, /* unknown SMB 0xaf */
10207 dissect_unknown_smb, /* unknown SMB 0xb0 */
10208 dissect_unknown_smb, /* unknown SMB 0xb1 */
10209 dissect_unknown_smb, /* unknown SMB 0xb2 */
10210 dissect_unknown_smb, /* unknown SMB 0xb3 */
10211 dissect_unknown_smb, /* unknown SMB 0xb4 */
10212 dissect_unknown_smb, /* unknown SMB 0xb5 */
10213 dissect_unknown_smb, /* unknown SMB 0xb6 */
10214 dissect_unknown_smb, /* unknown SMB 0xb7 */
10215 dissect_unknown_smb, /* unknown SMB 0xb8 */
10216 dissect_unknown_smb, /* unknown SMB 0xb9 */
10217 dissect_unknown_smb, /* unknown SMB 0xba */
10218 dissect_unknown_smb, /* unknown SMB 0xbb */
10219 dissect_unknown_smb, /* unknown SMB 0xbc */
10220 dissect_unknown_smb, /* unknown SMB 0xbd */
10221 dissect_unknown_smb, /* unknown SMB 0xbe */
10222 dissect_unknown_smb, /* unknown SMB 0xbf */
10223 dissect_unknown_smb, /* SMBsplopen open a print spool file */
10224 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
10225 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
10226 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
10227 dissect_unknown_smb, /* unknown SMB 0xc4 */
10228 dissect_unknown_smb, /* unknown SMB 0xc5 */
10229 dissect_unknown_smb, /* unknown SMB 0xc6 */
10230 dissect_unknown_smb, /* unknown SMB 0xc7 */
10231 dissect_unknown_smb, /* unknown SMB 0xc8 */
10232 dissect_unknown_smb, /* unknown SMB 0xc9 */
10233 dissect_unknown_smb, /* unknown SMB 0xca */
10234 dissect_unknown_smb, /* unknown SMB 0xcb */
10235 dissect_unknown_smb, /* unknown SMB 0xcc */
10236 dissect_unknown_smb, /* unknown SMB 0xcd */
10237 dissect_unknown_smb, /* unknown SMB 0xce */
10238 dissect_unknown_smb, /* unknown SMB 0xcf */
10239 dissect_unknown_smb, /* SMBsends send a single block message */
10240 dissect_unknown_smb, /* SMBsendb send a broadcast message */
10241 dissect_unknown_smb, /* SMBfwdname forward user name */
10242 dissect_unknown_smb, /* SMBcancelf cancel forward */
10243 dissect_unknown_smb, /* SMBgetmac get a machine name */
10244 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
10245 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
10246 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
10247 dissect_unknown_smb, /* unknown SMB 0xd8 */
10248 dissect_unknown_smb, /* unknown SMB 0xd9 */
10249 dissect_unknown_smb, /* unknown SMB 0xda */
10250 dissect_unknown_smb, /* unknown SMB 0xdb */
10251 dissect_unknown_smb, /* unknown SMB 0xdc */
10252 dissect_unknown_smb, /* unknown SMB 0xdd */
10253 dissect_unknown_smb, /* unknown SMB 0xde */
10254 dissect_unknown_smb, /* unknown SMB 0xdf */
10255 dissect_unknown_smb, /* unknown SMB 0xe0 */
10256 dissect_unknown_smb, /* unknown SMB 0xe1 */
10257 dissect_unknown_smb, /* unknown SMB 0xe2 */
10258 dissect_unknown_smb, /* unknown SMB 0xe3 */
10259 dissect_unknown_smb, /* unknown SMB 0xe4 */
10260 dissect_unknown_smb, /* unknown SMB 0xe5 */
10261 dissect_unknown_smb, /* unknown SMB 0xe6 */
10262 dissect_unknown_smb, /* unknown SMB 0xe7 */
10263 dissect_unknown_smb, /* unknown SMB 0xe8 */
10264 dissect_unknown_smb, /* unknown SMB 0xe9 */
10265 dissect_unknown_smb, /* unknown SMB 0xea */
10266 dissect_unknown_smb, /* unknown SMB 0xeb */
10267 dissect_unknown_smb, /* unknown SMB 0xec */
10268 dissect_unknown_smb, /* unknown SMB 0xed */
10269 dissect_unknown_smb, /* unknown SMB 0xee */
10270 dissect_unknown_smb, /* unknown SMB 0xef */
10271 dissect_unknown_smb, /* unknown SMB 0xf0 */
10272 dissect_unknown_smb, /* unknown SMB 0xf1 */
10273 dissect_unknown_smb, /* unknown SMB 0xf2 */
10274 dissect_unknown_smb, /* unknown SMB 0xf3 */
10275 dissect_unknown_smb, /* unknown SMB 0xf4 */
10276 dissect_unknown_smb, /* unknown SMB 0xf5 */
10277 dissect_unknown_smb, /* unknown SMB 0xf6 */
10278 dissect_unknown_smb, /* unknown SMB 0xf7 */
10279 dissect_unknown_smb, /* unknown SMB 0xf8 */
10280 dissect_unknown_smb, /* unknown SMB 0xf9 */
10281 dissect_unknown_smb, /* unknown SMB 0xfa */
10282 dissect_unknown_smb, /* unknown SMB 0xfb */
10283 dissect_unknown_smb, /* unknown SMB 0xfc */
10284 dissect_unknown_smb, /* unknown SMB 0xfd */
10285 dissect_unknown_smb, /* SMBinvalid invalid command */
10286 dissect_unknown_smb /* unknown SMB 0xff */
10290 static const value_string errcls_types[] = {
10291 { SMB_SUCCESS, "Success"},
10292 { SMB_ERRDOS, "DOS Error"},
10293 { SMB_ERRSRV, "Server Error"},
10294 { SMB_ERRHRD, "Hardware Error"},
10295 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
10299 char *decode_smb_name(unsigned char cmd)
10302 return(SMB_names[cmd]);
10306 static const value_string DOS_errors[] = {
10307 {SMBE_badfunc, "Invalid function (or system call)"},
10308 {SMBE_badfile, "File not found (pathname error)"},
10309 {SMBE_badpath, "Directory not found"},
10310 {SMBE_nofids, "Too many open files"},
10311 {SMBE_noaccess, "Access denied"},
10312 {SMBE_badfid, "Invalid fid"},
10313 {SMBE_nomem, "Out of memory"},
10314 {SMBE_badmem, "Invalid memory block address"},
10315 {SMBE_badenv, "Invalid environment"},
10316 {SMBE_badaccess, "Invalid open mode"},
10317 {SMBE_baddata, "Invalid data (only from ioctl call)"},
10318 {SMBE_res, "Reserved error code?"},
10319 {SMBE_baddrive, "Invalid drive"},
10320 {SMBE_remcd, "Attempt to delete current directory"},
10321 {SMBE_diffdevice, "Rename/move across different filesystems"},
10322 {SMBE_nofiles, "no more files found in file search"},
10323 {SMBE_badshare, "Share mode on file conflict with open mode"},
10324 {SMBE_lock, "Lock request conflicts with existing lock"},
10325 {SMBE_unsup, "Request unsupported, returned by Win 95"},
10326 {SMBE_filexists, "File in operation already exists"},
10327 {SMBE_cannotopen, "Cannot open the file specified"},
10328 {SMBE_unknownlevel, "Unknown level??"},
10329 {SMBE_badpipe, "Named pipe invalid"},
10330 {SMBE_pipebusy, "All instances of pipe are busy"},
10331 {SMBE_pipeclosing, "Named pipe close in progress"},
10332 {SMBE_notconnected, "No process on other end of named pipe"},
10333 {SMBE_moredata, "More data to be returned"},
10334 {SMBE_baddirectory, "Invalid directory name in a path."},
10335 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
10336 {SMBE_eas_nsup, "Extended attributes not supported"},
10337 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
10338 {SMBE_unknownipc, "Unknown IPC Operation"},
10339 {SMBE_noipc, "Don't support ipc"},
10343 /* Error codes for the ERRSRV class */
10345 static const value_string SRV_errors[] = {
10346 {SMBE_error, "Non specific error code"},
10347 {SMBE_badpw, "Bad password"},
10348 {SMBE_badtype, "Reserved"},
10349 {SMBE_access, "No permissions to perform the requested operation"},
10350 {SMBE_invnid, "TID invalid"},
10351 {SMBE_invnetname, "Invalid network name. Service not found"},
10352 {SMBE_invdevice, "Invalid device"},
10353 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
10354 {SMBE_qfull, "Print queue full"},
10355 {SMBE_qtoobig, "Queued item too big"},
10356 {SMBE_qeof, "EOF on print queue dump"},
10357 {SMBE_invpfid, "Invalid print file in smb_fid"},
10358 {SMBE_smbcmd, "Unrecognised command"},
10359 {SMBE_srverror, "SMB server internal error"},
10360 {SMBE_filespecs, "Fid and pathname invalid combination"},
10361 {SMBE_badlink, "Bad link in request ???"},
10362 {SMBE_badpermits, "Access specified for a file is not valid"},
10363 {SMBE_badpid, "Bad process id in request"},
10364 {SMBE_setattrmode, "Attribute mode invalid"},
10365 {SMBE_paused, "Message server paused"},
10366 {SMBE_msgoff, "Not receiving messages"},
10367 {SMBE_noroom, "No room for message"},
10368 {SMBE_rmuns, "Too many remote usernames"},
10369 {SMBE_timeout, "Operation timed out"},
10370 {SMBE_noresource, "No resources currently available for request."},
10371 {SMBE_toomanyuids, "Too many userids"},
10372 {SMBE_baduid, "Bad userid"},
10373 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
10374 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
10375 {SMBE_contMPX, "Resume MPX mode"},
10376 {SMBE_badPW, "Bad Password???"},
10377 {SMBE_nosupport, "Operation not supported???"},
10381 /* Error codes for the ERRHRD class */
10383 static const value_string HRD_errors[] = {
10384 {SMBE_nowrite, "read only media"},
10385 {SMBE_badunit, "Unknown device"},
10386 {SMBE_notready, "Drive not ready"},
10387 {SMBE_badcmd, "Unknown command"},
10388 {SMBE_data, "Data (CRC) error"},
10389 {SMBE_badreq, "Bad request structure length"},
10390 {SMBE_seek, "Seek error???"},
10391 {SMBE_badmedia, "Bad media???"},
10392 {SMBE_badsector, "Bad sector???"},
10393 {SMBE_nopaper, "No paper in printer???"},
10394 {SMBE_write, "Write error???"},
10395 {SMBE_read, "Read error???"},
10396 {SMBE_general, "General error???"},
10397 {SMBE_badshare, "A open conflicts with an existing open"},
10398 {SMBE_lock, "Lock/unlock error"},
10399 {SMBE_wrongdisk, "Wrong disk???"},
10400 {SMBE_FCBunavail, "FCB unavailable???"},
10401 {SMBE_sharebufexc, "Share buffer excluded???"},
10402 {SMBE_diskfull, "Disk full???"},
10406 char *decode_smb_error(guint8 errcls, guint8 errcode)
10413 return("No Error"); /* No error ??? */
10418 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
10423 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
10428 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
10433 return("Unknown error class!");
10439 #define SMB_FLAGS_DIRN 0x80
10442 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
10444 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
10445 proto_item *ti, *tf;
10446 guint8 cmd, errcls, errcode1, flags;
10447 guint16 flags2, errcode, tid, pid, uid, mid;
10448 int SMB_offset = offset;
10449 struct smb_info si;
10451 cmd = pd[offset + SMB_hdr_com_offset];
10453 if (check_col(fd, COL_PROTOCOL))
10454 col_add_str(fd, COL_PROTOCOL, "SMB");
10456 /* Hmmm, poor coding here ... Also, should check the type */
10458 if (check_col(fd, COL_INFO)) {
10460 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
10466 ti = proto_tree_add_item(tree, proto_smb, offset, END_OF_FRAME, NULL);
10467 smb_tree = proto_item_add_subtree(ti, ett_smb);
10469 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
10470 * component ... SMB is only one used
10473 proto_tree_add_text(smb_tree, offset, 1, "Message Type: 0xFF");
10474 proto_tree_add_text(smb_tree, offset+1, 3, "Server Component: SMB");
10478 offset += 4; /* Skip the marker */
10482 proto_tree_add_text(smb_tree, offset, 1, "Command: %s", decode_smb_name(cmd));
10488 /* Next, look at the error class, SMB_RETCLASS */
10490 errcls = pd[offset];
10494 proto_tree_add_text(smb_tree, offset, 1, "Error Class: %s",
10495 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
10500 /* Error code, SMB_HEINFO ... */
10502 errcode1 = pd[offset];
10506 proto_tree_add_text(smb_tree, offset, 1, "Reserved: %i", errcode1);
10512 errcode = GSHORT(pd, offset);
10516 proto_tree_add_text(smb_tree, offset, 2, "Error Code: %s",
10517 decode_smb_error(errcls, errcode));
10523 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
10525 flags = pd[offset];
10529 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags: 0x%02x", flags);
10531 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
10532 proto_tree_add_text(flags_tree, offset, 1, "%s",
10533 decode_boolean_bitfield(flags, 0x01, 8,
10534 "Lock&Read, Write&Unlock supported",
10535 "Lock&Read, Write&Unlock not supported"));
10536 proto_tree_add_text(flags_tree, offset, 1, "%s",
10537 decode_boolean_bitfield(flags, 0x02, 8,
10538 "Receive buffer posted",
10539 "Receive buffer not posted"));
10540 proto_tree_add_text(flags_tree, offset, 1, "%s",
10541 decode_boolean_bitfield(flags, 0x08, 8,
10542 "Path names caseless",
10543 "Path names case sensitive"));
10544 proto_tree_add_text(flags_tree, offset, 1, "%s",
10545 decode_boolean_bitfield(flags, 0x10, 8,
10546 "Pathnames canonicalized",
10547 "Pathnames not canonicalized"));
10548 proto_tree_add_text(flags_tree, offset, 1, "%s",
10549 decode_boolean_bitfield(flags, 0x20, 8,
10550 "OpLocks requested/granted",
10551 "OpLocks not requested/granted"));
10552 proto_tree_add_text(flags_tree, offset, 1, "%s",
10553 decode_boolean_bitfield(flags, 0x40, 8,
10555 "Notify open only"));
10557 proto_tree_add_text(flags_tree, offset, 1, "%s",
10558 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
10559 8, "Response to client/redirector", "Request to server"));
10565 flags2 = GSHORT(pd, offset);
10569 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags2: 0x%04x", flags2);
10571 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
10572 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10573 decode_boolean_bitfield(flags2, 0x0001, 16,
10574 "Long file names supported",
10575 "Long file names not supported"));
10576 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10577 decode_boolean_bitfield(flags2, 0x0002, 16,
10578 "Extended attributes supported",
10579 "Extended attributes not supported"));
10580 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10581 decode_boolean_bitfield(flags2, 0x0004, 16,
10582 "Security signatures supported",
10583 "Security signatures not supported"));
10584 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10585 decode_boolean_bitfield(flags2, 0x0800, 16,
10586 "Extended security negotiation supported",
10587 "Extended security negotiation not supported"));
10588 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10589 decode_boolean_bitfield(flags2, 0x1000, 16,
10590 "Resolve pathnames with DFS",
10591 "Don't resolve pathnames with DFS"));
10592 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10593 decode_boolean_bitfield(flags2, 0x2000, 16,
10594 "Permit reads if execute-only",
10595 "Don't permit reads if execute-only"));
10596 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10597 decode_boolean_bitfield(flags2, 0x4000, 16,
10598 "Error codes are NT error codes",
10599 "Error codes are DOS error codes"));
10600 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10601 decode_boolean_bitfield(flags2, 0x8000, 16,
10602 "Strings are Unicode",
10603 "Strings are ASCII"));
10611 proto_tree_add_text(smb_tree, offset, 12, "Reserved: 6 WORDS");
10617 /* Now the TID, tree ID */
10619 tid = GSHORT(pd, offset);
10624 proto_tree_add_text(smb_tree, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
10630 /* Now the PID, Process ID */
10632 pid = GSHORT(pd, offset);
10637 proto_tree_add_text(smb_tree, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
10643 /* Now the UID, User ID */
10645 uid = GSHORT(pd, offset);
10650 proto_tree_add_text(smb_tree, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
10656 /* Now the MID, Multiplex ID */
10658 mid = GSHORT(pd, offset);
10663 proto_tree_add_text(smb_tree, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10669 /* Now vector through the table to dissect them */
10671 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
10672 ((flags & 0x80) == 0));
10678 proto_register_smb(void)
10680 /* static hf_register_info hf[] = {
10682 { "Name", "smb.abbreviation", TYPE, VALS_POINTER }},
10684 static gint *ett[] = {
10686 &ett_smb_fileattributes,
10687 &ett_smb_capabilities,
10694 &ett_smb_desiredaccess,
10697 &ett_smb_openfunction,
10700 &ett_smb_writemode,
10701 &ett_smb_lock_type,
10704 &ett_browse_election_criteria,
10705 &ett_browse_election_os,
10706 &ett_browse_election_desire
10709 proto_smb = proto_register_protocol("Server Message Block Protocol", "smb");
10710 proto_browse = proto_register_protocol("Microsoft Windows Browser Protocol", "browser");
10711 /* proto_register_field_array(proto_smb, hf, array_length(hf));*/
10712 proto_register_subtree_array(ett, array_length(ett));
10713 register_init_routine(&smb_init_protocol);
git.samba.org / obnox / wireshark / wip.git / blob