Also update tfshark to use that code.
Change-Id: Ic03fb8ff48c8bfc460298d180b436e53f0076cbe
Reviewed-on: https://code.wireshark.org/review/18588
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissect SMB2 getinfo request fix-sized parameters according
to [MS-SMB2] section 2.2.37.
This does not include extended attributes at the moment.
Change-Id: I5281edf0c21517cdf43ef00e89b5680b8174c383
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17444
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(actually, in [MS-SMB2] those are called "InfoType" and
"FileInfoClass", respectively)
Change-Id: Id583be4574cea5ce092c374a5624a4bd17d5d4c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17443
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This info appears in the request buffer of setinfo quota,
or in the response buffer of getinfo quota.
Change-Id: I5c8d96a05eddfa123547a7dd2577a01ac8cbd32d
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17442
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2f4878d7b730d626d75ac5ed57a00acc8ec34990
Reviewed-on: https://code.wireshark.org/review/16658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I872baa7bf44cc6c675366206e749c50001cee067
Reviewed-on: https://code.wireshark.org/review/16659
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
FSCTL_GET_REPARSE_POINT/FSCTL_SET_REPARSE_POINT
Change-Id: I3b6230aea2a0027d7b85d35d3aea6385cace569b
Reviewed-on: https://code.wireshark.org/review/16511
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Decode SMB2 ioctl FSCTL_OFFLOAD_WRITE,
and clean up FSCTL_OFFLOAD_READ to use a
common function to print the "token".
Bug: 12482
Change-Id: I397522416e3a8508f5a99b8ac055d1ae17218d21
Reviewed-on: https://code.wireshark.org/review/15663
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12481
Change-Id: I0439b10f99d296a46c93e2ced6094689737d9551
Reviewed-on: https://code.wireshark.org/review/15648
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The SMB2 ioctl FSCTL_SRV_ENUMERATE_SNAPSHOTS is currently
presented as FSCTL_GET_SHADOW_COPY_DATA (incorrect).
Bug: 11405
Change-Id: I7f025d1cf219c583666f4e6faedfc7adc3fbf14b
Reviewed-on: https://code.wireshark.org/review/15582
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SMB2 Notify needs to treat STATUS_NOTIFY_ENUM_DIR the same as success.
MS-SMB2 3.3.4.4 mentions this.
Bug: 12128
Change-Id: I3fea5f958449a469ccf66ea637db2d0db236c464
Reviewed-on: https://code.wireshark.org/review/15584
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0e845668a1b9dbec93ea920a8585ecfe60f001d1
Reviewed-on: https://code.wireshark.org/review/15044
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I69c949821395e3272cbb5bc7c7a142b5482f9d52
Reviewed-on: https://code.wireshark.org/review/14219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Bug: 11933
Change-Id: I7ac03166c4c69a2366da26c44a89aee60116ac7f
Reviewed-on: https://code.wireshark.org/review/13674
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sometimes it isn't actually an error response but a normal packet with a non-zero status code to indicate a warning or information. This should be handled as a normal case and not break the dissection
Change-Id: I7104608d67cbc7528994bd86812ea5241f1e4460
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-on: https://code.wireshark.org/review/12282
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie6f28fd749219ddadc53820f94866e91cca297cb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11596
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In response PDUs we may only get a smb2_fid_info_t
via si->saved->file instead of si->file.
Change-Id: I1e1ecdabec6267f4e4ee9246d020fe6e51a13c1d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11598
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
we can #include <wsutils/wsgcrypt.h> without doing the check ourselves
Change-Id: I248431bdb6cfa1bd85b794ec04ce1e4fcd3a7d2d
Reviewed-on: https://code.wireshark.org/review/11483
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0bbbe3f92cf88c3d3d051ad613e237411b828e43
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11360
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
At least MSVC2010 doesn't like individual initialization of structure members by name.
It did pass Patri-Dish.
Change-Id: I8770a465faf455e2733c7c8015b449871f2acfb0
Reviewed-on: https://code.wireshark.org/review/11406
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6bae88395f46de0bc4c790ca41914c75e6c98793
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11359
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This can we used as salt for dcerpc connections over smb2.
The key is that we identify an open by the combination
of session_id, tree_id, persistent file_id and volative file_id.
As some broken implementations make the file_ids only unique
per tree connect.
Change-Id: I85cab68503560840a98d2d8d6c21b447b4242e3c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11358
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found when looking at support for HyperV under Samba.
Change-Id: I78d7d0c68c7821c952316beb6fc34cd047d146aa
Reviewed-on: https://code.wireshark.org/review/9803
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
MS-SMB2 section '3.2.5.1.5 Handling Asynchronous Responses' states
"If SMB2_FLAGS_ASYNC_COMMAND is set in the Flags field of the SMB2
header and Status is not STATUS_PENDING, this is a final response
to a request which was processed by the server asynchronously"
This patch delays moving ssi information for a processed request
to the matched hashmap until the request is actually completed.
Without this patch the ssi information for the *final* matching
message id response will not be available (on first pass) so a
subdissector (e.g. MS-WSP) will not have the ssi information available
to it. After this patch the ssi infomation will remain in the 'unmatched'
hashmap until the 'final' response for the request is seen. While
processing the 'final' matching response the ssi will be moved to
the matched hashmap.
Change-Id: Id501179ecb4f967a34c82b07d34dcdcd92537dc3
Bug: 11402
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-on: https://code.wireshark.org/review/9805
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This changeset is a forward port of Gregors ms-wsp branch from his
repo http://repo.or.cz/w/wireshark-wip.git. Most of the messages of
the MS-WSP protocol are implemented here and as such consists of the
majority of the changes for the dissector.
In addition to the forward porting Gregors work I added some extra bits
1) cater for SMB2 Read Response and Write Request msgs that can also
contain MSWSP messages
2) update property specifications with info extracted from MS-WSP protocol
doc
3) store some basic data about previously seen messages that are needed
for dissecting CPMGetRows request
4) expand/update dissect_CPMSetBindings & parse_CTableColumn routines
5) parse and store CTableColumn & CPMSetBindingsIn structures in conversation
related data for use later.
6) fully dissect/parse SeekDesciption of CPMGetRowsOut
7) dissect CPMGetRows out message specifically the Rows & Columns
8) flesh out the boolean properties of uBooleanOptions field
9) flesh out various other dissectors:
CPMRatioFinished
CPMRestartPosition
CPMCompareBmkIn/CPMCompareBmkOut
CPMGetApproximatePosition
CPMGetSendNotifyOut
FindIndicesIn/Out
FetchValue
Bug: 11321
Change-Id: I68b5c2f3e63874c1dbb271feab89b2b8aa65ac39
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-on: https://code.wireshark.org/review/9440
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic7d713e8593cd0841089f2c26d2c24f2f008cb31
Reviewed-on: https://code.wireshark.org/review/9667
Reviewed-by: Michael Mann <mmann78@netscape.net>