From Tim Potter:
authorguy <guy@f5534014-38df-0310-8fa8-9805f1628bb7>
Sun, 18 Nov 2001 22:12:46 +0000 (22:12 +0000)
committerguy <guy@f5534014-38df-0310-8fa8-9805f1628bb7>
Sun, 18 Nov 2001 22:12:46 +0000 (22:12 +0000)
display the returned FID in the Info column for NT Create And X
replies;

display the setup words, and treat the second word as a FID in
Transaction requests presumed to contain DCE RPC-over-SMB.

Add the FID to the Info column for other open/create replies while we're
at it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4219 f5534014-38df-0310-8fa8-9805f1628bb7

AUTHORS
packet-smb.c

diff --git a/AUTHORS b/AUTHORS
index fb2a6ec2ef9fdf8bb8210144e50072f0ae95c0dd..f83141fe73ec75a1dcf2ada0f8529e288435a760 100644 (file)
--- a/AUTHORS
+++ b/AUTHORS
@@ -893,6 +893,9 @@ Tim Potter <tpot[AT]samba.org> {
        Support for DCE RPC atop SMB
        Support for several Microsoft DCE RPC services used with SMB
        Added code to call request and reply subdissectors in DCE RPC
+       Display the FID in the Info column of NT Create and X replies
+       Display the setup words in some SMB Transaction messages and
+           extract the FID from them
 }
 
 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
index fa3aa1f94f2b80d179491133f70af1d97347b282..c9b7946e0289f2354ca1c936a77108869e614bb1 100644 (file)
@@ -2,7 +2,7 @@
  * Routines for smb packet dissection
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  *
- * $Id: packet-smb.c,v 1.156 2001/11/18 02:51:19 guy Exp $
+ * $Id: packet-smb.c,v 1.157 2001/11/18 22:12:46 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -506,6 +506,8 @@ static int hf_smb_fs_attr_fc = -1;
 static int hf_smb_fs_attr_vq = -1;
 static int hf_smb_fs_attr_dim = -1;
 static int hf_smb_fs_attr_vic = -1;
+static int hf_smb_setupword1 = -1;
+static int hf_smb_setupword2 = -1;
 
 static gint ett_smb = -1;
 static gint ett_smb_hdr = -1;
@@ -2432,13 +2434,18 @@ dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 {
        guint8 wc;
        guint16 bc;
+       guint16 fid;
 
        WORD_COUNT;
 
        /* fid */
-       proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+       fid = tvb_get_letohs(tvb, offset);
+       proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid);
        offset += 2;
 
+       if (check_col(pinfo->fd, COL_INFO))
+               col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid);
+
        /* File Attributes */
        offset = dissect_file_attributes(tvb, pinfo, tree, offset);
 
@@ -3018,13 +3025,18 @@ dissect_create_temporary_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree
        const char *fn;
        guint8 wc;
        guint16 bc;
+       guint16 fid;
 
        WORD_COUNT;
 
        /* fid */
-       proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+       fid = tvb_get_letohs(tvb, offset);
+       proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid);
        offset += 2;
 
+       if (check_col(pinfo->fd, COL_INFO))
+               col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid);
+
        BYTE_COUNT;
 
        /* buffer format */
@@ -4361,6 +4373,7 @@ dissect_open_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 {
        guint8  wc, cmd=0xff;
        guint16 andxoffset=0, bc;
+       guint16 fid;
 
        WORD_COUNT;
 
@@ -4383,9 +4396,13 @@ dissect_open_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
        offset += 2;
 
        /* fid */
-       proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+       fid = tvb_get_letohs(tvb, offset);
+       proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid);
        offset += 2;
 
+       if (check_col(pinfo->fd, COL_INFO))
+               col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid);
+
        /* File Attributes */
        offset = dissect_file_attributes(tvb, pinfo, tree, offset);
 
@@ -6570,6 +6587,7 @@ dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, int offset, p
        const char *fn;
        smb_info_t *si;
        smb_nt_transact_info_t *nti;
+       guint16 fid;
 
        si = (smb_info_t *)pinfo->private_data;
        if (si->sip != NULL)
@@ -6608,9 +6626,13 @@ dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, int offset, p
                offset += 1;
                
                /* fid */
-               proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+               fid = tvb_get_letohs(tvb, offset);
+               proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid);
                offset += 2;
 
+               if (check_col(pinfo->fd, COL_INFO))
+                       col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid);
+
                /* create action */
                proto_tree_add_item(tree, hf_smb_create_action, tvb, offset, 4, TRUE);
                offset += 4;
@@ -7216,6 +7238,7 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
        guint8  wc, cmd=0xff;
        guint16 andxoffset=0;
        guint16 bc;
+       guint16 fid;
 
        WORD_COUNT;
 
@@ -7242,9 +7265,13 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
        offset += 1;
 
        /* fid */
-       proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+       fid = tvb_get_letohs(tvb, offset);
+       proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid);
        offset += 2;
 
+       if (check_col(pinfo->fd, COL_INFO))
+               col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid);
+
        /* create action */
        /*XXX is this really the same as create disposition in the request? it looks so*/
        proto_tree_add_item(tree, hf_smb_create_action, tvb, offset, 4, TRUE);
@@ -8988,7 +9015,27 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
                                break;
 
                        case 0x25:
-                               /* TRANSACTION setup words processed below */
+                               /* MSRPC transactions have two setup count 
+                                  words which we decode here.  Setup word 1 
+                                  is always 0x26.  The second setup word is 
+                                  the fid which the transaction occurs on. */
+                               if (sc == 2) {
+                                       guint16 sw1, sw2;
+
+                                       sw1 = tvb_get_letohs(tvb, offset);
+                                       sw2 = tvb_get_letohs(tvb, offset + 2);
+                                       
+                                       proto_tree_add_uint(tree, hf_smb_setupword1, tvb, offset, 2, sw1);
+                                       proto_tree_add_uint(tree, hf_smb_setupword2, tvb, offset + 2, 2, sw2);
+
+                                       /* Make fid hidden so we can find it
+                                          in a filter. */
+
+                                       if (sw1 == 0x26)
+                                               proto_tree_add_uint_hidden(tree, hf_smb_fid, tvb, offset + 2, 2, sw2);
+                               }
+                               /* TRANSACTION setup words also processed
+                                  below */
                                break;
                        }
 
@@ -10214,6 +10261,7 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot
        proto_tree *tree = NULL;
        smb_info_t *si;
        smb_transact2_info_t *t2i;
+       guint16 fid;
        int fn_len, lno;
        const char *fn;
        int old_offset = offset;
@@ -10244,9 +10292,13 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot
        switch(t2i->subcmd){
        case 0x00:      /*TRANS2_OPEN2*/
                /* fid */
-               proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE);
+               fid = tvb_get_letohs(tvb, offset);
+               proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid);
                offset += 2;
 
+               if (check_col(pinfo->fd, COL_INFO))
+                       col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid);
+
                /* File Attributes */
                offset = dissect_file_attributes(tvb, pinfo, tree, offset);
 
@@ -14544,6 +14596,14 @@ proto_register_smb(void)
                { "Compressed", "smb.fs.attr.vic", FT_BOOLEAN, 32,
                TFS(&tfs_fs_attr_vic), 0x00008000, "Is this FS Compressed?", HFILL }},
 
+       { &hf_smb_setupword1,
+               { "Setup Word 1", "smb.transaction.setupword1", FT_UINT16, BASE_HEX,
+               NULL, 0, "First setup word in TRANSACTION command", HFILL }},
+
+       { &hf_smb_setupword2,
+               { "Setup Word 2", "smb.transaction.setupword2", FT_UINT16, BASE_HEX,
+               NULL, 0, "Second setup word in TRANSACTION command", HFILL }},
+
 
        };
        static gint *ett[] = {