* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
* 2001 Rewrite by Ronnie Sahlberg and Guy Harris
*
- * $Id: packet-smb.c,v 1.268 2002/06/04 07:03:45 guy Exp $
+ * $Id: packet-smb.c,v 1.283 2002/08/25 22:57:26 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
-
#include <time.h>
#include <string.h>
#include <glib.h>
#include "prefs.h"
#include "reassemble.h"
+#include "packet-smb-common.h"
#include "packet-smb-mailslot.h"
#include "packet-smb-pipe.h"
static int hf_smb_uid = -1;
static int hf_smb_mid = -1;
static int hf_smb_response_to = -1;
+static int hf_smb_time = -1;
static int hf_smb_response_in = -1;
static int hf_smb_continuation_to = -1;
static int hf_smb_nt_status = -1;
static int hf_smb_encryption_key_length = -1;
static int hf_smb_encryption_key = -1;
static int hf_smb_primary_domain = -1;
+static int hf_smb_server = -1;
static int hf_smb_max_raw_buf_size = -1;
static int hf_smb_server_guid = -1;
static int hf_smb_security_blob_len = -1;
static int hf_smb_access_caching = -1;
static int hf_smb_access_writetru = -1;
static int hf_smb_create_time = -1;
+static int hf_smb_modify_time = -1;
+static int hf_smb_backup_time = -1;
+static int hf_smb_mac_alloc_block_count = -1;
+static int hf_smb_mac_alloc_block_size = -1;
+static int hf_smb_mac_free_block_count = -1;
+static int hf_smb_mac_fndrinfo = -1;
+static int hf_smb_mac_root_file_count = -1;
+static int hf_smb_mac_root_dir_count = -1;
+static int hf_smb_mac_file_count = -1;
+static int hf_smb_mac_dir_count = -1;
+static int hf_smb_mac_support_flags = -1;
+static int hf_smb_mac_sup_access_ctrl = -1;
+static int hf_smb_mac_sup_getset_comments = -1;
+static int hf_smb_mac_sup_desktopdb_calls = -1;
+static int hf_smb_mac_sup_unique_ids = -1;
+static int hf_smb_mac_sup_streams = -1;
static int hf_smb_create_dos_date = -1;
static int hf_smb_create_dos_time = -1;
static int hf_smb_last_write_time = -1;
static int hf_smb_user_quota_offset = -1;
static int hf_smb_nt_rename_level = -1;
static int hf_smb_cluster_count = -1;
+static int hf_smb_segments = -1;
+static int hf_smb_segment = -1;
+static int hf_smb_segment_overlap = -1;
+static int hf_smb_segment_overlap_conflict = -1;
+static int hf_smb_segment_multiple_tails = -1;
+static int hf_smb_segment_too_long_fragment = -1;
+static int hf_smb_segment_error = -1;
static gint ett_smb = -1;
static gint ett_smb_hdr = -1;
static gint ett_smb_transaction_flags = -1;
static gint ett_smb_transaction_params = -1;
static gint ett_smb_find_first2_flags = -1;
+static gint ett_smb_mac_support_flags = -1;
#if 0
static gint ett_smb_ioflag = -1;
#endif
static gint ett_smb_device_characteristics = -1;
static gint ett_smb_fs_attributes = -1;
static gint ett_smb_segments = -1;
+static gint ett_smb_segment = -1;
static gint ett_smb_sec_desc = -1;
static gint ett_smb_sid = -1;
static gint ett_smb_acl = -1;
static gint ett_smb_ace_flags = -1;
static gint ett_smb_sec_desc_type = -1;
static gint ett_smb_quotaflags = -1;
+static gint ett_smb_gssapi = -1;
+
+static dissector_handle_t gssapi_handle = NULL;
+
+fragment_items smb_frag_items = {
+ &ett_smb_segment,
+ &ett_smb_segments,
+
+ &hf_smb_segments,
+ &hf_smb_segment,
+ &hf_smb_segment_overlap,
+ &hf_smb_segment_overlap_conflict,
+ &hf_smb_segment_multiple_tails,
+ &hf_smb_segment_too_long_fragment,
+ &hf_smb_segment_error,
+
+ "segments"
+};
proto_tree *top_tree=NULL; /* ugly */
static char *decode_smb_name(unsigned char);
-static int dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *smb_tree, guint8 cmd);
-static const gchar *get_unicode_or_ascii_string(tvbuff_t *tvb,
- int *offsetp, packet_info *pinfo, int *len, gboolean nopad,
- gboolean exactlen, guint16 *bcp);
+static int dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *smb_tree, guint8 cmd, gboolean first_pdu);
/*
* Macros for use in the main dissector routines for an SMB.
static fragment_data *
-smb_trans_defragment(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb,
+smb_trans_defragment(proto_tree *tree _U_, packet_info *pinfo, tvbuff_t *tvb,
int offset, int count, int pos, int totlen)
{
fragment_data *fd_head=NULL;
}
static int
-dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
guint8 wc;
guint16 dialect;
const char *dn;
* such as that?
*/
dn = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &dn_len, FALSE, FALSE, &bc);
+ si->unicode, &dn_len, FALSE, FALSE, &bc);
if (dn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain, tvb,
case 17:
if(!(caps&SERVER_CAP_EXTENDED_SECURITY)){
- smb_info_t *si;
-
/* challenge/response encryption key */
/* XXX - is this aligned on an even boundary? */
if(ekl){
/* domain */
/* this string is special, unicode is flagged in caps */
- /* This string is NOT padded to be 16bit aligned. (seen in actual capture) */
- si = pinfo->private_data;
+ /* This string is NOT padded to be 16bit aligned.
+ (seen in actual capture)
+ XXX - I've seen a capture where it appears to be
+ so aligned, but I've also seen captures where
+ it is. The captures where it appeared to be
+ aligned may have been from buggy servers. */
si->unicode = (caps&SERVER_CAP_UNICODE);
dn = get_unicode_or_ascii_string(tvb,
- &offset, pinfo, &dn_len, TRUE, FALSE,
+ &offset, si->unicode, &dn_len, TRUE, FALSE,
&bc);
if (dn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain,
tvb, offset, dn_len, dn);
COUNT_BYTES(dn_len);
+
+ /* server name, seen in w2k pro capture */
+ dn = get_unicode_or_ascii_string(tvb,
+ &offset, si->unicode, &dn_len, TRUE, FALSE,
+ &bc);
+ if (dn == NULL)
+ goto endofcommand;
+ proto_tree_add_string(tree, hf_smb_server,
+ tvb, offset, dn_len, dn);
+ COUNT_BYTES(dn_len);
+
} else {
+ proto_item *blob_item;
+
/* guid */
/* XXX - show it in the standard Microsoft format
for GUIDs? */
tvb, offset, 16, TRUE);
COUNT_BYTES(16);
+ blob_item = proto_tree_add_item(
+ tree, hf_smb_security_blob,
+ tvb, offset, bc, TRUE);
+
/* security blob */
- /* XXX - is this ASN.1-encoded? Is it a Kerberos
- data structure, at least in NT 5.0-and-later
- server replies? */
if(bc){
- proto_tree_add_item(tree, hf_smb_security_blob,
- tvb, offset, bc, TRUE);
+ tvbuff_t *gssapi_tvb;
+ proto_tree *gssapi_tree;
+
+ gssapi_tree = proto_item_add_subtree(
+ blob_item, ett_smb_gssapi);
+
+ gssapi_tvb = tvb_new_subset(
+ tvb, offset, bc, bc);
+
+ call_dissector(
+ gssapi_handle, gssapi_tvb, pinfo,
+ gssapi_tree);
+
COUNT_BYTES(bc);
}
}
static int
dissect_old_dir_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int dn_len;
const char *dn;
guint8 wc;
COUNT_BYTES(1);
/* dir name */
- dn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &dn_len,
+ dn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &dn_len,
FALSE, FALSE, &bc);
if (dn == NULL)
goto endofcommand;
}
static int
-dissect_tree_connect_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_tree_connect_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int an_len, pwlen;
const char *an;
guint8 wc;
/* Path */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_path, tvb,
/* Service */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_service, tvb,
static int
dissect_move_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
guint16 tid;
guint16 bc;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
static int
dissect_copy_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
guint16 tid;
guint16 bc;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_move_copy_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_move_copy_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_open_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_open_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_create_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_create_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* File Name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_delete_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_delete_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_rename_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_rename_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* old file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_nt_rename_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_nt_rename_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* old file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
static int
-dissect_query_information_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_query_information_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
guint16 bc;
guint8 wc;
const char *fn;
COUNT_BYTES(1);
/* File Name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_set_information_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_set_information_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_create_temporary_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_create_temporary_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* directory name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
static int
-dissect_create_temporary_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_create_temporary_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
{
proto_item *item = NULL;
proto_tree *tree = NULL;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
char fname[11+1];
/* file name */
fn_len = 11;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
TRUE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
/* ensure that it's null-terminated */
{
proto_item *item = NULL;
proto_tree *tree = NULL;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
char fname[13+1];
/* file name */
fn_len = 13;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
TRUE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
/* ensure that it's null-terminated */
static int
-dissect_search_find_request(tvbuff_t *tvb, packet_info *pinfo _U_,
+dissect_search_find_request(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, int offset, proto_tree *smb_tree _U_,
gboolean has_find_id)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint16 rkl;
COUNT_BYTES(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
TRUE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
}
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
{
guint8 wc, cmd=0xff;
guint16 andxoffset=0, bc;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
BYTE_COUNT;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
guint8 wc, cmd=0xff;
guint16 bc;
guint16 andxoffset=0;
+ smb_info_t *si = pinfo->private_data;
int an_len;
const char *an;
int dn_len;
BYTE_COUNT;
if (wc==12) {
+ proto_item *blob_item;
+
/* security blob */
- /* XXX - is this ASN.1-encoded? Is it a Kerberos
- data structure, at least in NT 5.0-and-later
- server replies? */
+
+ blob_item = proto_tree_add_item(tree, hf_smb_security_blob,
+ tvb, offset, sbloblen, TRUE);
+
if(sbloblen){
- CHECK_BYTE_COUNT(sbloblen);
- proto_tree_add_item(tree, hf_smb_security_blob,
- tvb, offset, sbloblen, TRUE);
+ tvbuff_t *gssapi_tvb;
+ proto_tree *gssapi_tree;
+
+ CHECK_BYTE_COUNT(sbloblen);
+
+ gssapi_tree = proto_item_add_subtree(
+ blob_item, ett_smb_gssapi);
+
+ gssapi_tvb = tvb_new_subset(
+ tvb, offset, sbloblen, sbloblen);
+
+ call_dissector(
+ gssapi_handle, gssapi_tvb, pinfo, gssapi_tree);
+
COUNT_BYTES(sbloblen);
}
/* OS */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_os, tvb,
* because the bug didn't appear to get fixed until NT 5.0....
*/
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_lanman, tvb,
* ASCII and the account name is empty. Another bug?
*/
dn = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &dn_len, FALSE, FALSE, &bc);
+ si->unicode, &dn_len, FALSE, FALSE, &bc);
if (dn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain, tvb,
/* Account Name */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_account, tvb, offset, an_len,
* ASCII and the account name is empty. Another bug?
*/
dn = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &dn_len, FALSE, FALSE, &bc);
+ si->unicode, &dn_len, FALSE, FALSE, &bc);
if (dn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain, tvb,
/* OS */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_os, tvb,
* because the bug didn't appear to get fixed until NT 5.0....
*/
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_lanman, tvb,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
guint8 wc, cmd=0xff;
guint16 andxoffset=0, bc;
guint16 sbloblen=0;
+ smb_info_t *si = pinfo->private_data;
int an_len;
const char *an;
BYTE_COUNT;
if(wc==4) {
+ proto_item *blob_item;
+
/* security blob */
- /* XXX - is this ASN.1-encoded? Is it a Kerberos
- data structure, at least in NT 5.0-and-later
- server replies? */
+
+ blob_item = proto_tree_add_item(tree, hf_smb_security_blob,
+ tvb, offset, sbloblen, TRUE);
+
if(sbloblen){
- CHECK_BYTE_COUNT(sbloblen);
- proto_tree_add_item(tree, hf_smb_security_blob,
- tvb, offset, sbloblen, TRUE);
- COUNT_BYTES(sbloblen);
+ tvbuff_t *gssapi_tvb;
+ proto_tree *gssapi_tree;
+
+ CHECK_BYTE_COUNT(sbloblen);
+
+ gssapi_tree = proto_item_add_subtree(
+ blob_item, ett_smb_gssapi);
+
+ gssapi_tvb = tvb_new_subset(
+ tvb, offset, sbloblen, sbloblen);
+
+ call_dissector(
+ gssapi_handle, gssapi_tvb, pinfo, gssapi_tree);
+
+ COUNT_BYTES(sbloblen);
}
}
/* OS */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_os, tvb,
/* LANMAN */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_lanman, tvb,
if(wc==3) {
/* Primary domain */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_primary_domain, tvb,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
guint8 wc, cmd=0xff;
guint16 bc;
guint16 andxoffset=0, pwlen=0;
+ smb_info_t *si = pinfo->private_data;
int an_len;
const char *an;
/* Path */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_path, tvb,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
guint16 bc;
int an_len;
const char *an;
+ smb_info_t *si = pinfo->private_data;
WORD_COUNT;
/* Now when we know the service type, store it so that we know it for later commands down
this tree */
if(!pinfo->fd->flags.visited){
- smb_info_t *si = (smb_info_t *)pinfo->private_data;
/* Remove any previous entry for this TID */
if(g_hash_table_lookup(si->ct->tid_service, (void *)si->tid)){
g_hash_table_remove(si->ct->tid_service, (void *)si->tid);
/* Native FS */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, /*TRUE*/FALSE, FALSE, &bc);
+ si->unicode, &an_len, /*TRUE*/FALSE, FALSE,
+ &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_fs, tvb,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
};
static const true_false_string tfs_nt_share_access_read = {
"Object can be shared for READ",
- "Object can NOT be shared for delete"
+ "Object can NOT be shared for read"
};
static const value_string oplock_level_vals[] = {
bc -= 1;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, TRUE, TRUE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, TRUE, TRUE, &bc);
if (fn != NULL) {
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
static int
-dissect_nt_trans_data_response(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len, nt_trans_data *ntd)
+dissect_nt_trans_data_response(tvbuff_t *tvb, packet_info *pinfo,
+ int offset, proto_tree *parent_tree, int len,
+ nt_trans_data *ntd _U_)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
}
static int
-dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len, nt_trans_data *ntd, guint16 bc)
+dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo,
+ int offset, proto_tree *parent_tree,
+ int len, nt_trans_data *ntd _U_, guint16 bc)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
if(len<0)break;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, TRUE, TRUE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, TRUE, TRUE, &bc);
if (fn == NULL)
break;
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
}
static int
-dissect_nt_trans_setup_response(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *parent_tree, int len, nt_trans_data *ntd)
+dissect_nt_trans_setup_response(tvbuff_t *tvb, packet_info *pinfo,
+ int offset, proto_tree *parent_tree,
+ int len, nt_trans_data *ntd _U_)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
must create pd_tvb from it
*/
if(r_fd){
- proto_tree *tr;
- proto_item *it;
- fragment_data *fd;
-
pd_tvb = tvb_new_real_data(r_fd->data, r_fd->datalen,
r_fd->datalen);
tvb_set_child_real_data_tvbuff(tvb, pd_tvb);
add_new_data_source(pinfo, pd_tvb, "Reassembled SMB");
- pinfo->fragmented = FALSE;
-
- it = proto_tree_add_text(tree, pd_tvb, 0, -1, "Fragments");
- tr = proto_item_add_subtree(it, ett_smb_segments);
- for(fd=r_fd->next;fd;fd=fd->next){
- proto_tree_add_text(tr, pd_tvb, fd->offset, fd->len,
- "Frame:%u Data:%u-%u",
- fd->frame, fd->offset,
- fd->offset+fd->len-1);
- }
+
+ show_fragment_tree(r_fd, &smb_frag_items, tree, pinfo, pd_tvb);
}
};
static int
-dissect_open_print_file_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
+dissect_open_print_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree _U_)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
guint8 wc;
COUNT_BYTES(1);
/* print identifier */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, TRUE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, TRUE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_print_identifier, tvb, offset, fn_len,
{
proto_item *item = NULL;
proto_tree *tree = NULL;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
/* file name */
fn_len = 16;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, TRUE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, TRUE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_print_spool_file_name, tvb, offset, 16,
fn);
guint8 wc, cmd=0xff;
guint16 andxoffset=0;
guint16 bc;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
BYTE_COUNT;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
if (fn == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
END_OF_SMB
/* call AndXCommand (if there are any) */
- dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd);
+ dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
return offset;
}
{ 0x0103, "Query FS Size Info"},
{ 0x0104, "Query FS Device Info"},
{ 0x0105, "Query FS Attribute Info"},
+ { 0x0301, "Mac Query FS INFO"},
{ 1001, "Query FS Label Info"},
{ 1002, "Query FS Volume Info"},
{ 1003, "Query FS Size Info"},
COUNT_BYTES_TRANS(10);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_TRANS(4);
/* search pattern */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_search_pattern, tvb, offset, fn_len,
fn);
bc -= 2;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_TRANS(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_TRANS(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_TRANS(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_TRANS(4);
/* dir name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len,
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len,
FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_dir_name, tvb, offset, fn_len,
COUNT_BYTES_TRANS(2);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
break;
case 0x11: /*TRANS2_REPORT_DFS_INCONSISTENCY*/
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, &bc);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, &bc);
CHECK_STRING_TRANS(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
dissect_dfs_inconsistency_data(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, int offset, guint16 *bcp)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
*bcp -= 2;
/* node name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(tree, hf_smb_dfs_referral_node, tvb, offset, fn_len,
fn);
dissect_get_dfs_referral_data(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, int offset, guint16 *bcp)
{
+ smb_info_t *si = pinfo->private_data;
guint16 numref;
guint16 refsize;
guint16 pathoffset;
case 1:
/* node name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(rt, hf_smb_dfs_referral_node, tvb, offset, fn_len,
fn);
*bcp > offsetoffset) {
save_bc = *bcp;
*bcp -= offsetoffset;
- fn = get_unicode_or_ascii_string(tvb, &stroffset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &stroffset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(rt, hf_smb_dfs_referral_path, tvb, stroffset, fn_len,
fn);
*bcp > offsetoffset) {
save_bc = *bcp;
*bcp -= offsetoffset;
- fn = get_unicode_or_ascii_string(tvb, &stroffset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &stroffset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(rt, hf_smb_dfs_referral_alt_path, tvb, stroffset, fn_len,
fn);
*bcp > offsetoffset) {
save_bc = *bcp;
*bcp -= offsetoffset;
- fn = get_unicode_or_ascii_string(tvb, &stroffset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &stroffset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(rt, hf_smb_dfs_referral_node, tvb, stroffset, fn_len,
fn);
dissect_4_2_14_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
dissect_4_2_14_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
COUNT_BYTES_SUBR(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
dissect_4_2_14_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
int offset, guint16 *bcp, gboolean *trunc)
{
-
+
offset = dissect_4_2_14_4(tvb, pinfo, tree, offset, bcp, trunc);
- if (trunc)
+ if (*trunc) {
return offset;
+ }
offset = dissect_4_2_14_5(tvb, pinfo, tree, offset, bcp, trunc);
- if (trunc)
+ if (*trunc) {
return offset;
+ }
/* index number */
CHECK_BYTE_COUNT_SUBR(8);
COUNT_BYTES_SUBR(8);
offset = dissect_4_2_14_6(tvb, pinfo, tree, offset, bcp, trunc);
- if (trunc)
+ if (*trunc)
return offset;
/* access flags */
proto_tree *tree;
int old_offset;
guint32 neo;
+ smb_info_t *si = pinfo->private_data;
int fn_len;
const char *fn;
int padcnt;
COUNT_BYTES_SUBR(8);
/* stream name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_t2_stream_name, tvb, offset, fn_len,
fn);
if(si->cmd == SMB_COM_TRANSACTION){
/* Transaction Name */
an = get_unicode_or_ascii_string(tvb, &offset,
- pinfo, &an_len, FALSE, FALSE, &bc);
+ si->unicode, &an_len, FALSE, FALSE, &bc);
if (an == NULL)
goto endofcommand;
proto_tree_add_string(tree, hf_smb_trans_name, tvb,
fn_len++; /* include terminating '\0' */
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_SUBR(1);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_SUBR(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_SUBR(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_SUBR(1);
/* short file name */
- sfn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &sfn_len, FALSE, TRUE, bcp);
+ sfn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &sfn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(sfn);
proto_tree_add_string(tree, hf_smb_short_file_name, tvb, offset, 24,
sfn);
COUNT_BYTES_SUBR(24);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_SUBR(4);
/* file name */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_SUBR(fn);
proto_tree_add_string(tree, hf_smb_file_name, tvb, offset, fn_len,
fn);
}
static int
-dissect_4_3_4_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
- int offset, guint16 *bcp, gboolean *trunc)
+dissect_4_3_4_8(tvbuff_t *tvb _U_, packet_info *pinfo _U_,
+ proto_tree *parent_tree _U_, int offset, guint16 *bcp,
+ gboolean *trunc)
{
/*XXX im lazy. i havnt implemented this */
offset += *bcp;
}
/*dissect the data block for TRANS2_QUERY_FS_INFORMATION*/
+
+static const true_false_string tfs_smb_mac_access_ctrl = {
+ "Macintosh Access Control Supported",
+ "Macintosh Access Control Not Supported"
+};
+
+static const true_false_string tfs_smb_mac_getset_comments = {
+ "Macintosh Get & Set Comments Supported",
+ "Macintosh Get & Set Comments Not Supported"
+};
+
+static const true_false_string tfs_smb_mac_desktopdb_calls = {
+ "Macintosh Get & Set Desktop Database Info Supported",
+ "Macintosh Get & Set Desktop Database Info Supported"
+};
+
+static const true_false_string tfs_smb_mac_unique_ids = {
+ "Macintosh Unique IDs Supported",
+ "Macintosh Unique IDs Not Supported"
+};
+
+static const true_false_string tfs_smb_mac_streams = {
+ "Macintosh and Streams Extensions Not Supported",
+ "Macintosh and Streams Extensions Supported"
+};
+
static int
dissect_qfsi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
int offset, guint16 *bcp)
smb_info_t *si;
int fn_len, vll, fnl;
const char *fn;
+ guint support = 0;
+ proto_item *item = NULL;
+ proto_tree *ti = NULL;
if(!*bcp){
return offset;
COUNT_BYTES_TRANS_SUBR(1);
/* label */
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, FALSE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, FALSE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(tree, hf_smb_volume_label, tvb, offset, fn_len,
fn);
/* label */
fn_len = vll;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(tree, hf_smb_volume_label, tvb, offset, fn_len,
fn);
/* label */
fn_len = vll;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(tree, hf_smb_volume_label, tvb, offset, fn_len,
fn);
/* label */
fn_len = fnl;
- fn = get_unicode_or_ascii_string(tvb, &offset, pinfo, &fn_len, FALSE, TRUE, bcp);
+ fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp);
CHECK_STRING_TRANS_SUBR(fn);
proto_tree_add_string(tree, hf_smb_fs_name, tvb, offset, fn_len,
fn);
COUNT_BYTES_TRANS_SUBR(fn_len);
break;
+ case 0x301: /* MAC_QUERY_FS_INFO */
+ /* Create time */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time);
+ *bcp -= 8;
+ /* Modify Time */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_modify_time);
+ *bcp -= 8;
+ /* Backup Time */
+ CHECK_BYTE_COUNT_TRANS_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_backup_time);
+ *bcp -= 8;
+ /* Allocation blocks */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_alloc_block_count, tvb,
+ offset,
+ 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Allocation Block Size */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_alloc_block_size, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Free Block Count */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_free_block_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Finder Info ... */
+ CHECK_BYTE_COUNT_TRANS_SUBR(32);
+ proto_tree_add_bytes_format(tree, hf_smb_mac_fndrinfo, tvb,
+ offset, 32,
+ tvb_get_ptr(tvb, offset,32),
+ "Finder Info: %s",
+ tvb_format_text(tvb, offset, 32));
+ COUNT_BYTES_TRANS_SUBR(32);
+ /* Number Files */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_root_file_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Number of Root Directories */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_root_dir_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Number of files */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_file_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Dir Count */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_mac_dir_count, tvb,
+ offset, 4, TRUE);
+ COUNT_BYTES_TRANS_SUBR(4);
+ /* Mac Support Flags */
+ CHECK_BYTE_COUNT_TRANS_SUBR(4);
+ support = tvb_get_ntohl(tvb, offset);
+ item = proto_tree_add_text(tree, tvb, offset, 4,
+ "Mac Support Flags: 0x%08x", support);
+ ti = proto_item_add_subtree(item, ett_smb_mac_support_flags);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_access_ctrl,
+ tvb, offset, 4, support);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_getset_comments,
+ tvb, offset, 4, support);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_desktopdb_calls,
+ tvb, offset, 4, support);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_unique_ids,
+ tvb, offset, 4, support);
+ proto_tree_add_boolean(ti, hf_smb_mac_sup_streams,
+ tvb, offset, 4, support);
+ COUNT_BYTES_TRANS_SUBR(4);
+ break;
case 1006: /* QUERY_FS_QUOTA_INFO */
offset = dissect_nt_quota(tvb, tree, offset, bcp);
break;
create pd_tvb from it
*/
if(r_fd){
- proto_tree *tr;
- proto_item *it;
- fragment_data *fd;
-
pd_tvb = tvb_new_real_data(r_fd->data, r_fd->datalen,
r_fd->datalen);
tvb_set_child_real_data_tvbuff(tvb, pd_tvb);
add_new_data_source(pinfo, pd_tvb, "Reassembled SMB");
- pinfo->fragmented = FALSE;
-
- it = proto_tree_add_text(tree, pd_tvb, 0, -1, "Fragments");
- tr = proto_item_add_subtree(it, ett_smb_segments);
- for(fd=r_fd->next;fd;fd=fd->next){
- proto_tree_add_text(tr, pd_tvb, fd->offset, fd->len,
- "Frame:%u Data:%u-%u",
- fd->frame, fd->offset,
- fd->offset+fd->len-1);
- }
+ show_fragment_tree(r_fd, &smb_frag_items, tree, pinfo, pd_tvb);
}
};
static int
-dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *smb_tree, guint8 cmd)
+dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *smb_tree, guint8 cmd, gboolean first_pdu)
{
int old_offset = offset;
smb_info_t *si;
int (*dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree);
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s",
- decode_smb_name(cmd),
- (si->request)? "Request" : "Response");
+ if(first_pdu){
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ "%s %s",
+ decode_smb_name(cmd),
+ (si->request)? "Request" : "Response");
+ } else {
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ "; %s",
+ decode_smb_name(cmd));
+ }
+
}
cmd_item = proto_tree_add_text(smb_tree, tvb, offset, -1,
G_ALLOC_ONLY);
}
-/* Max string length for displaying Unicode strings. */
-#define MAX_UNICODE_STR_LEN 256
-
-
-/* Turn a little-endian Unicode '\0'-terminated string into a string we
- can display.
- XXX - for now, we just handle the ISO 8859-1 characters.
- If exactlen==TRUE then us_lenp contains the exact len of the string in
- bytes. It might not be null terminated !
- bc specifies the number of bytes in the byte parameters; Windows 2000,
- at least, appears, in some cases, to put only 1 byte of 0 at the end
- of a Unicode string if the byte count
-*/
-static gchar *
-unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen,
- guint16 bc)
-{
- static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
- static gchar *cur;
- gchar *p;
- guint16 uchar;
- int len;
- int us_len;
- int overflow = 0;
-
- if (cur == &str[0][0]) {
- cur = &str[1][0];
- } else if (cur == &str[1][0]) {
- cur = &str[2][0];
- } else {
- cur = &str[0][0];
- }
- p = cur;
- len = MAX_UNICODE_STR_LEN;
- us_len = 0;
- for (;;) {
- if (bc == 0)
- break;
- if (bc == 1) {
- /* XXX - explain this */
- if (!exactlen)
- us_len += 1; /* this is a one-byte null terminator */
- break;
- }
- uchar = tvb_get_letohs(tvb, offset);
- if (uchar == 0) {
- us_len += 2; /* this is a two-byte null terminator */
- break;
- }
- if (len > 0) {
- if ((uchar & 0xFF00) == 0)
- *p++ = uchar; /* ISO 8859-1 */
- else
- *p++ = '?'; /* not 8859-1 */
- len--;
- } else
- overflow = 1;
- offset += 2;
- bc -= 2;
- us_len += 2;
- if(exactlen){
- if(us_len>= *us_lenp){
- break;
- }
- }
- }
- if (overflow) {
- /* Note that we're not showing the full string. */
- *p++ = '.';
- *p++ = '.';
- *p++ = '.';
- }
- *p = '\0';
- *us_lenp = us_len;
- return cur;
-}
-
-
-/* nopad == TRUE : Do not add any padding before this string
- * exactlen == TRUE : len contains the exact len of the string in bytes.
- * bc: pointer to variable with amount of data left in the byte parameters
- * region
- */
-static const gchar *
-get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp,
- packet_info *pinfo, int *len, gboolean nopad, gboolean exactlen,
- guint16 *bcp)
-{
- static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
- static gchar *cur;
- const gchar *string;
- int string_len;
- smb_info_t *si;
- unsigned int copylen;
-
- if (*bcp == 0) {
- /* Not enough data in buffer */
- return NULL;
- }
- si = pinfo->private_data;
- if (si->unicode) {
- if ((!nopad) && (*offsetp % 2)) {
- /*
- * XXX - this should be an offset relative to the beginning of the SMB,
- * not an offset relative to the beginning of the frame; if the stuff
- * before the SMB has an odd number of bytes, an offset relative to
- * the beginning of the frame will give the wrong answer.
- */
- (*offsetp)++; /* Looks like a pad byte there sometimes */
- (*bcp)--;
- if (*bcp == 0) {
- /* Not enough data in buffer */
- return NULL;
- }
- }
- if(exactlen){
- string_len = *len;
- }
- string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp);
- } else {
- if(exactlen){
- /*
- * The string we return must be null-terminated.
- */
- if (cur == &str[0][0]) {
- cur = &str[1][0];
- } else if (cur == &str[1][0]) {
- cur = &str[2][0];
- } else {
- cur = &str[0][0];
- }
- copylen = *len;
- if (copylen > MAX_UNICODE_STR_LEN)
- copylen = MAX_UNICODE_STR_LEN;
- tvb_memcpy(tvb, (guint8 *)cur, *offsetp, copylen);
- cur[copylen] = '\0';
- if (copylen > MAX_UNICODE_STR_LEN)
- strcat(cur, "...");
- string_len = *len;
- string = cur;
- } else {
- string_len = tvb_strsize(tvb, *offsetp);
- string = tvb_get_ptr(tvb, *offsetp, string_len);
- }
- }
- *len = string_len;
- return string;
-}
-
-
-
static const value_string errcls_types[] = {
{ SMB_SUCCESS, "Success"},
{ SMB_ERRDOS, "DOS Error"},
{SMBE_invalidformsize, "Invalid form size"},
{SMBE_invalidsecuritydescriptor, "Invalid security descriptor"},
{SMBE_invalidowner, "Invalid owner"},
+ {SMBE_nomoreitems, "No more items"},
{0, NULL}
};
smb_saved_info_t *sip = NULL;
smb_saved_info_key_t key;
smb_saved_info_key_t *new_key;
- guint32 nt_status = 0;
- guint8 errclass = 0;
- guint16 errcode = 0;
+ guint32 nt_status = 0;
+ guint8 errclass = 0;
+ guint16 errcode = 0;
guint32 pid_mid;
conversation_t *conversation;
+ nstime_t ns;
top_tree=parent_tree;
conversation*/
conversation = find_conversation(&pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
- if(conversation){
- si.ct=conversation_get_proto_data(conversation, proto_smb);
- } else {
- /* OK this is a new conversation, we must create it
- and attach appropriate data (matched and unmatched
- table for this conversation)
- */
+ if(!conversation){
+ /* OK this is a new conversation so lets create it */
conversation = conversation_new(&pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
+ }
+ /* see if we already have the smb data for this conversation */
+ si.ct=conversation_get_proto_data(conversation, proto_smb);
+ if(!si.ct){
+ /* No, not yet. create it and attach it to the conversation */
si.ct = g_mem_chunk_alloc(conv_tables_chunk);
conv_tables = g_slist_prepend(conv_tables, si.ct);
si.ct->matched= g_hash_table_new(smb_saved_info_hash_matched,
sip = g_mem_chunk_alloc(smb_saved_info_chunk);
sip->frame_req = pinfo->fd->num;
sip->frame_res = 0;
+ sip->req_time.secs=pinfo->fd->abs_secs;
+ sip->req_time.nsecs=pinfo->fd->abs_usecs*1000;
sip->flags = 0;
if(g_hash_table_lookup(si.ct->tid_service, (void *)si.tid)
== (void *)TID_IPC) {
if (sip->frame_res != 0)
proto_tree_add_uint(htree, hf_smb_response_in, tvb, 0, 0, sip->frame_res);
} else {
- if (sip->frame_req != 0)
+ if (sip->frame_req != 0) {
proto_tree_add_uint(htree, hf_smb_response_to, tvb, 0, 0, sip->frame_req);
+ ns.secs = pinfo->fd->abs_secs - sip->req_time.secs;
+ ns.nsecs = pinfo->fd->abs_usecs*1000 - sip->req_time.nsecs;
+ if(ns.nsecs<0){
+ ns.nsecs+=1000000000;
+ ns.secs--;
+ }
+ proto_tree_add_time(htree, hf_smb_time, tvb,
+ 0, 0, &ns);
+ }
}
}
offset += 2;
pinfo->private_data = &si;
- dissect_smb_command(tvb, pinfo, offset, tree, si.cmd);
+ dissect_smb_command(tvb, pinfo, offset, tree, si.cmd, TRUE);
/* Append error info from this packet to info string. */
if (!si.request && check_col(pinfo->cinfo, COL_INFO)) {
{ "Response to", "smb.response_to", FT_UINT32, BASE_DEC,
NULL, 0, "This packet is a response to the packet in this frame", HFILL }},
+ { &hf_smb_time,
+ { "Time from request", "smb.time", FT_RELATIVE_TIME, BASE_NONE,
+ NULL, 0, "Time between Request and Response for SMB cmds", HFILL }},
+
{ &hf_smb_response_in,
{ "Response in", "smb.response_in", FT_UINT32, BASE_DEC,
NULL, 0, "The response to this packet is in this packet", HFILL }},
{ "Primary Domain", "smb.primary_domain", FT_STRING, BASE_NONE,
NULL, 0, "The server's primary domain", HFILL }},
+ { &hf_smb_server,
+ { "Server", "smb.server", FT_STRING, BASE_NONE,
+ NULL, 0, "The name of the DC/server", HFILL }},
+
{ &hf_smb_max_raw_buf_size,
{ "Max Raw Buffer", "smb.max_raw", FT_UINT32, BASE_DEC,
NULL, 0, "Maximum raw buffer size", HFILL }},
{ "Created", "smb.create.time", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0, "Creation Time", HFILL }},
+ { &hf_smb_modify_time,
+ { "Modified", "smb.modify.time", FT_ABSOLUTE_TIME, BASE_NONE,
+ NULL, 0, "Modification Time", HFILL }},
+
+ { &hf_smb_backup_time,
+ { "Backed-up", "smb.backup.time", FT_ABSOLUTE_TIME, BASE_NONE,
+ NULL, 0, "Backup time", HFILL}},
+
+ { &hf_smb_mac_alloc_block_count,
+ { "Allocation Block Count", "smb.alloc.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Allocation Block Count", HFILL}},
+
+ { &hf_smb_mac_alloc_block_size,
+ { "Allocation Block Count", "smb.alloc.size", FT_UINT32, BASE_DEC,
+ NULL, 0, "Allocation Block Size", HFILL}},
+
+ { &hf_smb_mac_free_block_count,
+ { "Free Block Count", "smb.free_block.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Free Block Count", HFILL}},
+
+ { &hf_smb_mac_root_file_count,
+ { "Root File Count", "smb.root.file.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Root File Count", HFILL}},
+
+ { &hf_smb_mac_root_dir_count,
+ { "Root Directory Count", "smb.root.dir.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Root Directory Count", HFILL}},
+
+ { &hf_smb_mac_file_count,
+ { "Root File Count", "smb.file.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "File Count", HFILL}},
+
+ { &hf_smb_mac_dir_count,
+ { "Root Directory Count", "smb.dir.count", FT_UINT32, BASE_DEC,
+ NULL, 0, "Directory Count", HFILL}},
+
+ { &hf_smb_mac_support_flags,
+ { "Mac Support Flags", "smb.mac.support.flags", FT_UINT32, BASE_DEC,
+ NULL, 0, "Mac Support Flags", HFILL}},
+
+ { &hf_smb_mac_sup_access_ctrl,
+ { "Mac Access Control", "smb.mac.access_control", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_access_ctrl), 0x0010, "Are Mac Access Control Supported", HFILL }},
+
+ { &hf_smb_mac_sup_getset_comments,
+ { "Get Set Comments", "smb.mac.get_set_comments", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_getset_comments), 0x0020, "Are Mac Get Set Comments supported?", HFILL }},
+
+ { &hf_smb_mac_sup_desktopdb_calls,
+ { "Desktop DB Calls", "smb.mac.desktop_db_calls", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_desktopdb_calls), 0x0040, "Are Macintosh Desktop DB Calls Supported?", HFILL }},
+
+ { &hf_smb_mac_sup_unique_ids,
+ { "Macintosh Unique IDs", "smb.mac.uids", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_unique_ids), 0x0080, "Are Unique IDs supported", HFILL }},
+
+ { &hf_smb_mac_sup_streams,
+ { "Mac Streams", "smb.mac.streams_support", FT_BOOLEAN, 32,
+ TFS(&tfs_smb_mac_streams), 0x0100, "Are Mac Extensions and streams supported?", HFILL }},
+
{ &hf_smb_create_dos_date,
{ "Create Date", "smb.create.smb.date", FT_UINT16, BASE_HEX,
NULL, 0, "Create Date, SMB_DATE format", HFILL }},
{ "File Data", "smb.file_data", FT_BYTES, BASE_HEX,
NULL, 0, "Data read/written to the file", HFILL }},
+ { &hf_smb_mac_fndrinfo,
+ { "Finder Info", "smb.mac.finderinfo", FT_BYTES, BASE_HEX,
+ NULL, 0, "Finder Info", HFILL}},
+
{ &hf_smb_total_data_len,
{ "Total Data Length", "smb.total_data_len", FT_UINT16, BASE_DEC,
NULL, 0, "Total length of data", HFILL }},
NULL, 0, "Latest referral version number understood", HFILL }},
{ &hf_smb_qfsi_information_level,
- { "Level of Interest", "smb.qfi_loi", FT_UINT16, BASE_DEC,
+ { "Level of Interest", "smb.qfi_loi", FT_UINT16, BASE_HEX,
VALS(qfsi_vals), 0, "Level of interest for QUERY_FS_INFORMATION2 command", HFILL }},
{ &hf_smb_nt_rename_level,
{ "Enabled", "smb.quota.flags.enabled", FT_BOOLEAN, 8,
TFS(&tfs_quota_flags_enabled), 0x01, "Is quotas enabled of this FS?", HFILL }},
+ { &hf_smb_segment_overlap,
+ { "Fragment overlap", "smb.segment.overlap", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "Fragment overlaps with other fragments", HFILL }},
+
+ { &hf_smb_segment_overlap_conflict,
+ { "Conflicting data in fragment overlap", "smb.segment.overlap.conflict", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "Overlapping fragments contained conflicting data", HFILL }},
+
+ { &hf_smb_segment_multiple_tails,
+ { "Multiple tail fragments found", "smb.segment.multipletails", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "Several tails were found when defragmenting the packet", HFILL }},
+
+ { &hf_smb_segment_too_long_fragment,
+ { "Fragment too long", "smb.segment.toolongfragment", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ "Fragment contained data past end of packet", HFILL }},
+
+ { &hf_smb_segment_error,
+ { "Defragmentation error", "smb.segment.error", FT_NONE, BASE_NONE, NULL, 0x0,
+ "Defragmentation error due to illegal fragments", HFILL }},
+
+ { &hf_smb_segment,
+ { "SMB Segment", "smb.segment", FT_NONE, BASE_NONE, NULL, 0x0,
+ "SMB Segment", HFILL }},
+
+ { &hf_smb_segments,
+ { "SMB Segments", "smb.segment.segments", FT_NONE, BASE_NONE, NULL, 0x0,
+ "SMB Segments", HFILL }},
};
static gint *ett[] = {
&ett_smb,
&ett_smb_device_characteristics,
&ett_smb_fs_attributes,
&ett_smb_segments,
+ &ett_smb_segment,
&ett_smb_sec_desc,
&ett_smb_sid,
&ett_smb_acl,
&ett_smb_ace_flags,
&ett_smb_sec_desc_type,
&ett_smb_quotaflags,
+ &ett_smb_gssapi,
+ &ett_smb_mac_support_flags,
};
module_t *smb_module;
proto_reg_handoff_smb(void)
{
heur_dissector_add("netbios", dissect_smb, proto_smb);
+ gssapi_handle = find_dissector("gssapi");
}