From 3afd94f51996f42e0cfdd1effaf3a7ecd0998402 Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg Date: Thu, 17 Nov 2005 22:30:19 +0000 Subject: [PATCH] add dissection of more infolevels for smb2 svn path=/trunk/; revision=16539 --- epan/dissectors/packet-smb.c | 26 +++++++-------- epan/dissectors/packet-smb.h | 2 ++ epan/dissectors/packet-smb2.c | 60 +++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 14 deletions(-) diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index b883bd2e9e..97bd76b684 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -10472,8 +10472,8 @@ dissect_4_2_16_5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, /* this dissects the SMB_QUERY_FILE_EA_INFO as described in 4.2.16.6 */ -static int -dissect_4_2_16_6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, +int +dissect_qfi_SMB_FILE_EA_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc) { /* ea length */ @@ -10545,7 +10545,7 @@ dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_item(tree, hf_smb_index_number, tvb, offset, 8, TRUE); COUNT_BYTES_SUBR(8); - offset = dissect_4_2_16_6(tvb, pinfo, tree, offset, bcp, trunc); + offset = dissect_qfi_SMB_FILE_EA_INFO(tvb, pinfo, tree, offset, bcp, trunc); if (*trunc) return offset; @@ -10609,7 +10609,7 @@ dissect_4_2_16_8_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* 2 pad bytes */ offset+=2; - offset = dissect_4_2_16_6(tvb, pinfo, tree, offset, bcp, trunc); + offset = dissect_qfi_SMB_FILE_EA_INFO(tvb, pinfo, tree, offset, bcp, trunc); if (*trunc) { return offset; } @@ -10622,20 +10622,18 @@ dissect_4_2_16_8_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* this dissects the SMB_QUERY_FILE_STREAM_INFO as described in 4.2.16.10 */ -static int -dissect_4_2_16_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, - int offset, guint16 *bcp, gboolean *trunc) +int +dissect_qfi_SMB_FILE_STREAM_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, + int offset, guint16 *bcp, gboolean *trunc, int unicode) { proto_item *item; proto_tree *tree; int old_offset; guint32 neo; - smb_info_t *si = pinfo->private_data; int fn_len; const char *fn; int padcnt; - DISSECTOR_ASSERT(si); for (;;) { old_offset = offset; @@ -10672,7 +10670,7 @@ dissect_4_2_16_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, COUNT_BYTES_SUBR(8); /* stream name */ - fn = get_unicode_or_ascii_string(tvb, &offset, si->unicode, &fn_len, FALSE, TRUE, bcp); + fn = get_unicode_or_ascii_string(tvb, &offset, unicode, &fn_len, FALSE, TRUE, bcp); CHECK_STRING_SUBR(fn); proto_tree_add_string(tree, hf_smb_t2_stream_name, tvb, offset, fn_len, fn); @@ -11059,7 +11057,7 @@ dissect_qpi_loi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, break; case 0x0103: /*Query File EA Info*/ case 1007: /* SMB_FILE_EA_INFORMATION */ - offset = dissect_4_2_16_6(tvb, pinfo, tree, offset, bcp, + offset = dissect_qfi_SMB_FILE_EA_INFO(tvb, pinfo, tree, offset, bcp, &trunc); break; case 0x0104: /*Query File Name Info*/ @@ -11084,10 +11082,10 @@ dissect_qpi_loi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, &trunc); break; case 1022: /* SMB_FILE_STREAM_INFORMATION */ - ((smb_info_t *)(pinfo->private_data))->unicode = TRUE; + si->unicode = TRUE; case 0x0109: /*Query File Stream Info*/ - offset = dissect_4_2_16_10(tvb, pinfo, tree, offset, bcp, - &trunc); + offset = dissect_qfi_SMB_FILE_STREAM_INFO(tvb, pinfo, tree, offset, bcp, + &trunc, si->unicode); break; case 0x010b: /*Query File Compression Info*/ case 1028: /* SMB_FILE_COMPRESSION_INFORMATION */ diff --git a/epan/dissectors/packet-smb.h b/epan/dissectors/packet-smb.h index 6d2ddaa950..c901d8e36b 100644 --- a/epan/dissectors/packet-smb.h +++ b/epan/dissectors/packet-smb.h @@ -304,5 +304,7 @@ extern int dissect_qfsi_FS_ATTRIBUTE_INFO(tvbuff_t * tvb, packet_info * pinfo, p extern int dissect_nt_quota(tvbuff_t *tvb, proto_tree *tree, int offset, guint16 *bcp); extern int dissect_qfsi_FS_OBJECTID_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp); extern int dissect_qfsi_FS_FULL_SIZE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp); +extern int dissect_qfi_SMB_FILE_EA_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc); +extern int dissect_qfi_SMB_FILE_STREAM_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint16 *bcp, gboolean *trunc, int unicode); #endif diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c index 7c3321eb2e..8a0c513185 100644 --- a/epan/dissectors/packet-smb2.c +++ b/epan/dissectors/packet-smb2.c @@ -103,12 +103,14 @@ static int hf_smb2_required_buffer_size = -1; static int hf_smb2_response_size = -1; static int hf_smb2_file_info_04 = -1; static int hf_smb2_file_info_05 = -1; +static int hf_smb2_file_info_07 = -1; static int hf_smb2_file_info_08 = -1; static int hf_smb2_file_info_0a = -1; static int hf_smb2_file_info_0d = -1; static int hf_smb2_file_info_0f = -1; static int hf_smb2_file_info_12 = -1; static int hf_smb2_file_info_15 = -1; +static int hf_smb2_file_info_16 = -1; static int hf_smb2_file_info_22 = -1; static int hf_smb2_fs_info_01 = -1; static int hf_smb2_fs_info_03 = -1; @@ -146,9 +148,11 @@ static gint ett_smb2_command = -1; static gint ett_smb2_secblob = -1; static gint ett_smb2_file_info_04 = -1; static gint ett_smb2_file_info_05 = -1; +static gint ett_smb2_file_info_07 = -1; static gint ett_smb2_file_info_08 = -1; static gint ett_smb2_file_info_12 = -1; static gint ett_smb2_file_info_15 = -1; +static gint ett_smb2_file_info_16 = -1; static gint ett_smb2_file_info_22 = -1; static gint ett_smb2_file_info_0a = -1; static gint ett_smb2_file_info_0d = -1; @@ -180,12 +184,14 @@ static const value_string smb2_class_vals[] = { #define SMB2_FILE_INFO_04 0x04 #define SMB2_FILE_INFO_05 0x05 +#define SMB2_FILE_INFO_07 0x07 #define SMB2_FILE_INFO_08 0x08 #define SMB2_FILE_INFO_0a 0x0a #define SMB2_FILE_INFO_0d 0x0d #define SMB2_FILE_INFO_0f 0x0f #define SMB2_FILE_INFO_12 0x12 #define SMB2_FILE_INFO_15 0x15 +#define SMB2_FILE_INFO_16 0x16 #define SMB2_FILE_INFO_22 0x22 #define SMB2_FS_INFO_01 0x01 @@ -505,6 +511,44 @@ dissect_smb2_file_info_08(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *par return offset; } +static int +dissect_smb2_file_info_07(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_) +{ + proto_item *item=NULL; + proto_tree *tree=NULL; + guint16 bc; + gboolean trunc; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_smb2_file_info_07, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_smb2_file_info_07); + } + + bc=tvb_length_remaining(tvb, offset); + offset = dissect_qfi_SMB_FILE_EA_INFO(tvb, pinfo, tree, offset, &bc, &trunc); + + return offset; +} + +static int +dissect_smb2_file_info_16(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_) +{ + proto_item *item=NULL; + proto_tree *tree=NULL; + guint16 bc; + gboolean trunc; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_smb2_file_info_16, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_smb2_file_info_16); + } + + bc=tvb_length_remaining(tvb, offset); + offset = dissect_qfi_SMB_FILE_STREAM_INFO(tvb, pinfo, tree, offset, &bc, &trunc, TRUE); + + return offset; +} + static int dissect_smb2_file_info_22(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_) { @@ -1362,6 +1406,9 @@ dissect_smb2_infolevel(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, case SMB2_FILE_INFO_05: dissect_smb2_file_info_05(tvb, pinfo, tree, offset, si); break; + case SMB2_FILE_INFO_07: + dissect_smb2_file_info_07(tvb, pinfo, tree, offset, si); + break; case SMB2_FILE_INFO_08: dissect_smb2_file_info_08(tvb, pinfo, tree, offset, si); break; @@ -1380,6 +1427,9 @@ dissect_smb2_infolevel(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, case SMB2_FILE_INFO_15: dissect_smb2_file_info_15(tvb, pinfo, tree, offset, si); break; + case SMB2_FILE_INFO_16: + dissect_smb2_file_info_16(tvb, pinfo, tree, offset, si); + break; case SMB2_FILE_INFO_22: dissect_smb2_file_info_22(tvb, pinfo, tree, offset, si); break; @@ -2993,6 +3043,10 @@ proto_register_smb2(void) { "SMB2_FILE_INFO_15", "smb2.smb2_file_info_15", FT_NONE, BASE_NONE, NULL, 0, "SMB2_FILE_INFO_15 structure", HFILL }}, + { &hf_smb2_file_info_16, + { "SMB2_FILE_INFO_16", "smb2.smb2_file_info_16", FT_NONE, BASE_NONE, + NULL, 0, "SMB2_FILE_INFO_16 structure", HFILL }}, + { &hf_smb2_file_info_04, { "SMB2_FILE_INFO_04", "smb2.smb2_file_info_04", FT_NONE, BASE_NONE, NULL, 0, "SMB2_FILE_INFO_04 structure", HFILL }}, @@ -3005,6 +3059,10 @@ proto_register_smb2(void) { "SMB2_FILE_INFO_08", "smb2.smb2_file_info_08", FT_NONE, BASE_NONE, NULL, 0, "SMB2_FILE_INFO_08 structure", HFILL }}, + { &hf_smb2_file_info_07, + { "SMB2_FILE_INFO_07", "smb2.smb2_file_info_07", FT_NONE, BASE_NONE, + NULL, 0, "SMB2_FILE_INFO_07 structure", HFILL }}, + { &hf_smb2_file_info_22, { "SMB2_FILE_INFO_22", "smb2.smb2_file_info_22", FT_NONE, BASE_NONE, NULL, 0, "SMB2_FILE_INFO_22 structure", HFILL }}, @@ -3155,12 +3213,14 @@ proto_register_smb2(void) &ett_smb2_secblob, &ett_smb2_file_info_04, &ett_smb2_file_info_05, + &ett_smb2_file_info_07, &ett_smb2_file_info_08, &ett_smb2_file_info_0a, &ett_smb2_file_info_0d, &ett_smb2_file_info_0f, &ett_smb2_file_info_12, &ett_smb2_file_info_15, + &ett_smb2_file_info_16, &ett_smb2_file_info_22, &ett_smb2_fs_info_01, &ett_smb2_fs_info_03,