Added functionality:
- SMB2 support for Export->Objects->SMB
- support for SMB_COM_CREATE, SMB_COM_OPEN, SMB_COM_READ and SMB_COM_WRITE commands
- Ability to choose between File Id and full file name as identifier for file re-building. Implemented as an option under Edit->Preferences->Protocols->SMB and Edit->Preferences->Protocols->SMB2.
Other minor changes and fixes:
- Full filename in file
- Inclusion of IP of SMB server when treeid name (i.e. hostname) is not known
- UTF-8 filenames encoding before passing them to Export Object Window
- Re-written insert_chunk function of export_object_smb.c to make it easier to debug
- Fixed of an error in insert_chunk function of export_object_smb.c (the verification of next free_chunk was always skipped after deleting one free_chunk).
- Removed duplicated code by inserting the function feed_eo_smb in packet-smb.c and packet-smb2.c
- Changed the label of Export->Objects->SMB menu into Export->Objects->SMB/SMB2
svn path=/trunk/; revision=48210
names beginning with dissect_qspi_, and give some of them names with the
info level structure in them rather than the SNIA CIFS specification
section number.
Have separate routines for SMB_INFO_STANDARD and SMB_INFO_QUERY_EA_SIZE;
SMB_INFO_STANDARD is specified differently in the SNIA CIFS
specification and the MS-CIFS specification, and some captures have the
SNIA CIFS version, with the EA length and some have the MS-CIFS version
without it. The dissector for SMB_INFO_STANDARD will dissect it if it's
there and not say "this structure is truncated" if it's not there.
Rename dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO() to
dissect_qfi_SMB_FILE_NAME_INFO(), as it also dissects
SMB_QUERY_FILE_NAME_INFO.
Merge the dissectors for SMB_FILE_ALLOCATION_INFO and
SMB_SET_FILE_ALLOCATION_INFO, and for SMB_FILE_END_OF_FILE_INFO and
SMB_SET_FILE_END_OF_FILE_INFO, as the structures are the same.
Dissect some presumed "passthrough info levels" the same way the
corresponding official SMB infos are dissected.
Expand some comments for info level dissectors to give the MS-CIFS
section number and to give some other details.
If an info level is truncated, put in an expert info error.
If we don't know about a given info level, just dissect the body as
"Information level unknown", rather than having it dissected as an
"unknown information" trailer.
svn path=/trunk/; revision=37297
search attributes, as a 16-bit quantity, with only the bits specified by
section 2.2.1.2.4 of [MS-CIFS]. Use dissect_file_ext_attr() in all
cases where we're dissecting SMB_EXT_FILE_ATTR, as specified by section
2.2.1.2.3 of [MS-CIFS].
svn path=/trunk/; revision=33753
g_try_malloc() or g_try_realloc(), check whether they fit in a gsize
and:
if not, just pretend the allocation failed;
if so, cast them to gsize to squelch compiler warnings.
svn path=/trunk/; revision=33239
This functionality keeps track of all SMB objects contained in a capture,
and is able to export to a file a full or partial captured file that has
been transfered through the SMB protocol. In a partial capture, the holes
produced by the non-captured information are filled out with zeros.
It includes the needed modifications of the SMB dissector in the way it keeps
track of the opened SMB files and also to feed the eo_smb tap listener.
svn path=/trunk/; revision=33227
packet-smb.c(5479) : error C2220: warning treated as error - no object file generated
packet-smb.c(5479) : warning C4244: '=' : conversion from 'unsigned short ' to 'unsigned char ', possible loss of data
packet-smb.c(5480) : warning C4244: '=' : conversion from 'unsigned short ' to 'unsigned char ', possible loss of data
svn path=/trunk/; revision=22134
in both packets of a transaction.
this makes filters such as "smb.file==foo.txt" work much better since they now show both
the read/write request and also the response packets.
this is similar to what we already do in nfs for filehandles
svn path=/trunk/; revision=21856
put the filename, if known, on the fid expansion line
also place a "generated" fid in failed ntcreateandx so it is easier to
quickly see which file the ntcreateandx failed for
svn path=/trunk/; revision=21739
stuff to the UID tree unless it's UID stuff.
Also, as we appear to allow for null domain and account information in
dissect_smb_uid(), check for null information before trying to add it to
the top-level item.
svn path=/trunk/; revision=21597
when files are opened using NTCreateAndX and if we recognize the type set the type field to either FILE, DIR or PIPE
This is useful to know when dissecting things like security descriptors since it tells us how to dissect the specific bits of the access mask.
Only do this for NTCreateAndX for now. It is trivial to add similar tracking to some of the older obsolete calls used to open fids but no clients ever use those old calls any more.
svn path=/trunk/; revision=18922
reuse the recent structure for fid->filename mappings since the problemspace is virtually the same
(go to tired of trying to find the sharename in 10mpacket traces with 1000s of shares)
svn path=/trunk/; revision=18516
add an expansion to the fid that display which frame itr was opened in and when it was closed.
someone may want to add tracking of actual filenames here as well. i am not sure i need that feature myself so ...
svn path=/trunk/; revision=18512
Michael Mann