2005-11-11 03:50:53 +00:00
|
|
|
/* packet-smb2.h
|
|
|
|
* Defines for SMB2 packet dissection
|
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2005-11-11 03:50:53 +00:00
|
|
|
* Copyright 1998, 1999 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2005-11-11 03:50:53 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __PACKET_SMB2_H__
|
|
|
|
#define __PACKET_SMB2_H__
|
|
|
|
|
2013-03-09 08:44:14 +00:00
|
|
|
#include "packet-dcerpc.h"
|
|
|
|
#include "packet-smb.h"
|
|
|
|
|
2010-10-29 20:22:02 +00:00
|
|
|
/* SMB2 command codes. With MSVC and a
|
2006-05-21 04:49:01 +00:00
|
|
|
* libwireshark.dll, we need a special declaration.
|
2005-11-11 03:50:53 +00:00
|
|
|
*/
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC value_string_ext smb2_cmd_vals_ext;
|
2005-11-11 03:50:53 +00:00
|
|
|
|
2005-11-12 04:23:52 +00:00
|
|
|
/* Structure to keep track of information specific to a single
|
|
|
|
* SMB2 transaction. Here we store things we need to remember between
|
|
|
|
* a specific request and a specific response.
|
2010-10-29 20:22:02 +00:00
|
|
|
*
|
2005-11-12 04:23:52 +00:00
|
|
|
* There is no guarantee we will have this structure available for all
|
|
|
|
* SMB2 packets so a dissector must check this pointer for NULL
|
|
|
|
* before dereferencing it.
|
2005-11-12 07:45:01 +00:00
|
|
|
*
|
|
|
|
* private data is set to NULL when the structure is created. It is used
|
|
|
|
* for communications between the Request and the Response packets.
|
2005-11-12 04:23:52 +00:00
|
|
|
*/
|
2013-03-09 08:44:14 +00:00
|
|
|
|
|
|
|
/* extra info needed by export object smb */
|
|
|
|
typedef struct _smb2_eo_file_info_t {
|
|
|
|
guint32 attr_mask;
|
|
|
|
gint64 end_of_file;
|
|
|
|
} smb2_eo_file_info_t;
|
|
|
|
|
2007-05-15 20:13:30 +00:00
|
|
|
typedef enum {
|
|
|
|
SMB2_EI_NONE, /* Unassigned / NULL */
|
|
|
|
SMB2_EI_TREENAME, /* tid tracking char * */
|
|
|
|
SMB2_EI_FILENAME, /* fid tracking char * */
|
2007-05-22 13:17:24 +00:00
|
|
|
SMB2_EI_FINDPATTERN /* find tracking char * */
|
2007-05-15 20:13:30 +00:00
|
|
|
} smb2_extra_info_t;
|
2005-11-11 03:50:53 +00:00
|
|
|
typedef struct _smb2_saved_info_t {
|
2013-03-17 16:48:47 +00:00
|
|
|
guint8 smb2_class;
|
2005-11-11 03:50:53 +00:00
|
|
|
guint8 infolevel;
|
2013-08-01 16:03:55 +00:00
|
|
|
guint64 msg_id;
|
2005-11-11 03:50:53 +00:00
|
|
|
guint32 frame_req, frame_res;
|
|
|
|
nstime_t req_time;
|
2013-03-09 08:44:14 +00:00
|
|
|
e_ctx_hnd policy_hnd; /* for eo_smb tracking */
|
|
|
|
smb_eo_t *eo_info_t; /* for storing eo_smb infos */
|
|
|
|
guint64 file_offset; /* needed file_offset for eo_smb */
|
|
|
|
guint32 bytes_moved; /* needed for eo_smb */
|
2007-05-15 20:13:30 +00:00
|
|
|
void *extra_info;
|
|
|
|
smb2_extra_info_t extra_info_type;
|
2005-11-11 03:50:53 +00:00
|
|
|
} smb2_saved_info_t;
|
|
|
|
|
2005-11-12 07:45:01 +00:00
|
|
|
typedef struct _smb2_tid_info_t {
|
|
|
|
guint32 tid;
|
2005-12-24 10:10:04 +00:00
|
|
|
guint32 connect_frame;
|
|
|
|
guint16 share_type;
|
2005-11-12 07:45:01 +00:00
|
|
|
char *name;
|
|
|
|
} smb2_tid_info_t;
|
|
|
|
|
2008-02-14 02:36:43 +00:00
|
|
|
typedef struct _smb2_sesid_info_t {
|
|
|
|
guint64 sesid;
|
2005-12-07 13:14:09 +00:00
|
|
|
guint32 auth_frame;
|
|
|
|
char *acct_name;
|
|
|
|
char *domain_name;
|
|
|
|
char *host_name;
|
2012-08-16 17:03:07 +00:00
|
|
|
guint16 server_port;
|
|
|
|
guint8 client_decryption_key[16];
|
|
|
|
guint8 server_decryption_key[16];
|
2005-12-24 10:10:04 +00:00
|
|
|
GHashTable *tids;
|
2008-02-14 02:36:43 +00:00
|
|
|
} smb2_sesid_info_t;
|
2005-12-07 13:14:09 +00:00
|
|
|
|
2005-11-12 04:23:52 +00:00
|
|
|
/* Structure to keep track of conversations and the hash tables.
|
|
|
|
* There is one such structure for each conversation.
|
|
|
|
*/
|
|
|
|
typedef struct _smb2_conv_info_t {
|
2005-11-11 03:50:53 +00:00
|
|
|
/* these two tables are used to match requests with responses */
|
|
|
|
GHashTable *unmatched;
|
|
|
|
GHashTable *matched;
|
2008-02-14 02:36:43 +00:00
|
|
|
GHashTable *sesids;
|
2013-03-09 08:44:14 +00:00
|
|
|
/* table to store some infos for smb export object */
|
|
|
|
GHashTable *files;
|
2005-11-12 04:23:52 +00:00
|
|
|
} smb2_conv_info_t;
|
|
|
|
|
2013-03-09 08:44:14 +00:00
|
|
|
|
2005-11-12 04:23:52 +00:00
|
|
|
/* This structure contains information from the SMB2 header
|
|
|
|
* as well as pointers to the conversation and the transaction specific
|
|
|
|
* structures.
|
|
|
|
*/
|
2006-02-07 12:01:34 +00:00
|
|
|
#define SMB2_FLAGS_RESPONSE 0x00000001
|
2008-02-14 02:36:43 +00:00
|
|
|
#define SMB2_FLAGS_ASYNC_CMD 0x00000002
|
|
|
|
#define SMB2_FLAGS_CHAINED 0x00000004
|
2006-02-07 21:30:21 +00:00
|
|
|
#define SMB2_FLAGS_SIGNATURE 0x00000008
|
2008-02-14 02:36:43 +00:00
|
|
|
#define SMB2_FLAGS_DFS_OP 0x10000000
|
2012-08-16 17:03:07 +00:00
|
|
|
#define SMB2_FLAGS_REPLAY_OPERATION 0x20000000
|
2013-03-09 08:44:14 +00:00
|
|
|
|
|
|
|
/* SMB2 FLAG MASKS */
|
|
|
|
#define SMB2_FLAGS_ATTR_ENCRYPTED 0x00004000
|
|
|
|
#define SMB2_FLAGS_ATTR_INDEXED 0x00002000
|
|
|
|
#define SMB2_FLAGS_ATTR_OFFLINE 0x00001000
|
|
|
|
#define SMB2_FLAGS_ATTR_COMPRESSED 0x00000800
|
|
|
|
#define SMB2_FLAGS_ATTR_REPARSEPOINT 0x00000400
|
|
|
|
#define SMB2_FLAGS_ATTR_SPARSE 0x00000200
|
|
|
|
#define SMB2_FLAGS_ATTR_TEMPORARY 0x00000100
|
|
|
|
#define SMB2_FLAGS_ATTR_NORMAL 0x00000080
|
|
|
|
#define SMB2_FLAGS_ATTR_DEVICE 0x00000040
|
|
|
|
#define SMB2_FLAGS_ATTR_ARCHIVE 0x00000020
|
|
|
|
#define SMB2_FLAGS_ATTR_DIRECTORY 0x00000010
|
|
|
|
#define SMB2_FLAGS_ATTR_VOLUMEID 0x00000008
|
|
|
|
#define SMB2_FLAGS_ATTR_SYSTEM 0x00000004
|
|
|
|
#define SMB2_FLAGS_ATTR_HIDDEN 0x00000002
|
|
|
|
#define SMB2_FLAGS_ATTR_READONLY 0x00000001
|
|
|
|
|
|
|
|
/* SMB2 FILE TYPES ASIGNED TO EXPORT OBJECTS */
|
|
|
|
#define SMB2_FID_TYPE_UNKNOWN 0
|
|
|
|
#define SMB2_FID_TYPE_FILE 1
|
|
|
|
#define SMB2_FID_TYPE_DIR 2
|
|
|
|
#define SMB2_FID_TYPE_PIPE 3
|
|
|
|
#define SMB2_FID_TYPE_OTHER 4
|
|
|
|
|
|
|
|
/* SMB2 COMMAND CODES */
|
|
|
|
#define SMB2_COM_NEGOTIATE_PROTOCOL 0x00
|
|
|
|
#define SMB2_COM_SESSION_SETUP 0x01
|
|
|
|
#define SMB2_COM_SESSION_LOGOFF 0x02
|
|
|
|
#define SMB2_COM_TREE_CONNECT 0x03
|
|
|
|
#define SMB2_COM_TREE_DISCONNECT 0x04
|
|
|
|
#define SMB2_COM_CREATE 0x05
|
|
|
|
#define SMB2_COM_CLOSE 0x06
|
|
|
|
#define SMB2_COM_FLUSH 0x07
|
|
|
|
#define SMB2_COM_READ 0x08
|
|
|
|
#define SMB2_COM_WRITE 0x09
|
|
|
|
#define SMB2_COM_LOCK 0x0A
|
|
|
|
#define SMB2_COM_IOCTL 0x0B
|
|
|
|
#define SMB2_COM_CANCEL 0x0C
|
|
|
|
#define SMB2_COM_KEEPALIVE 0x0D
|
|
|
|
#define SMB2_COM_FIND 0x0E
|
|
|
|
#define SMB2_COM_NOTIFY 0x0F
|
|
|
|
#define SMB2_COM_GETINFO 0x10
|
|
|
|
#define SMB2_COM_SETINFO 0x11
|
|
|
|
#define SMB2_COM_BREAK 0x12
|
|
|
|
|
2005-11-12 04:23:52 +00:00
|
|
|
typedef struct _smb2_info_t {
|
|
|
|
guint16 opcode;
|
2005-12-01 09:42:39 +00:00
|
|
|
guint32 ioctl_function;
|
2005-11-12 04:23:52 +00:00
|
|
|
guint32 status;
|
2005-11-12 07:45:01 +00:00
|
|
|
guint32 tid;
|
2008-02-14 02:36:43 +00:00
|
|
|
guint64 sesid;
|
2013-08-01 16:03:55 +00:00
|
|
|
gint64 msg_id;
|
2006-02-07 12:01:34 +00:00
|
|
|
guint32 flags;
|
2013-03-09 08:44:14 +00:00
|
|
|
smb2_eo_file_info_t *eo_file_info; /* eo_smb extra info */
|
2005-11-12 04:23:52 +00:00
|
|
|
smb2_conv_info_t *conv;
|
|
|
|
smb2_saved_info_t *saved;
|
2005-11-12 08:48:02 +00:00
|
|
|
smb2_tid_info_t *tree;
|
2008-02-14 02:36:43 +00:00
|
|
|
smb2_sesid_info_t *session;
|
2013-08-01 16:03:55 +00:00
|
|
|
proto_tree *top_tree;
|
2005-11-11 03:50:53 +00:00
|
|
|
} smb2_info_t;
|
|
|
|
|
2012-05-22 05:48:55 +00:00
|
|
|
/* for transform content information */
|
|
|
|
|
|
|
|
typedef struct _smb2_transform_info_t {
|
|
|
|
guint8 nonce[16];
|
|
|
|
guint32 size;
|
|
|
|
guint16 alg;
|
2012-08-16 17:03:07 +00:00
|
|
|
guint64 sesid;
|
|
|
|
smb2_conv_info_t *conv;
|
|
|
|
smb2_sesid_info_t *session;
|
2012-05-22 05:48:55 +00:00
|
|
|
} smb2_transform_info_t;
|
|
|
|
|
2005-12-05 21:22:06 +00:00
|
|
|
|
|
|
|
int dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset);
|
2007-05-07 08:11:59 +00:00
|
|
|
int dissect_smb2_ioctl_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint32 *ioctl_function);
|
2007-05-07 09:07:29 +00:00
|
|
|
void dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in);
|
2005-12-05 21:22:06 +00:00
|
|
|
|
2005-11-11 03:50:53 +00:00
|
|
|
#endif
|