add dissection of smb1 ioctl data by tying it into the dissectors for

ioctl data that already exists for smb2


svn path=/trunk/; revision=21713

epan/dissectors/packet-smb.c

@@ -380,7 +380,6 @@ static int hf_smb_setup_count = -1;
 static int hf_smb_nt_trans_subcmd = -1;
 static int hf_smb_nt_ioctl_isfsctl = -1;
 static int hf_smb_nt_ioctl_flags_root_handle = -1;
-static int hf_smb_nt_ioctl_data = -1;
 #ifdef SMB_UNUSED_HANDLES
 static int hf_smb_nt_security_information = -1;
 #endif
@@ -7240,7 +7239,6 @@ typedef struct _nt_trans_data {
 	int subcmd;
 	guint32 sd_len;
 	guint32 ea_len;
-	guint32 ioctl_function;
 } nt_trans_data;
 
 
@@ -7776,6 +7774,7 @@ dissect_nt_trans_data_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pro
 	int old_offset = offset;
 	guint16 bcp=bc; /* XXX fixme */
 	struct access_mask_info *ami=NULL;
+	tvbuff_t *ioctl_tvb;
 
 	si = (smb_info_t *)pinfo->private_data;
 
@@ -7807,7 +7806,10 @@ dissect_nt_trans_data_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pro
 		break;
 	case NT_TRANS_IOCTL:
 		/* ioctl data */
-		proto_tree_add_item(tree, hf_smb_nt_ioctl_data, tvb, offset, bc, TRUE);
+		ioctl_tvb=tvb_new_subset(tvb, offset, MIN((int)bc, tvb_length_remaining(tvb, offset)), bc);
+		dissect_smb2_ioctl_data(ioctl_tvb, pinfo, tree, top_tree, nti->ioctl_function, TRUE);
+
+
 		offset += bc;
 
 		break;
@@ -8017,12 +8019,18 @@ dissect_nt_trans_setup_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pr
 {
 	proto_item *item = NULL;
 	proto_tree *tree = NULL;
-	smb_info_t *si;
 	int old_offset = offset;
+	smb_info_t *si;
+	smb_nt_transact_info_t *nti;
+	smb_saved_info_t *sip;
+
 
 	si = (smb_info_t *)pinfo->private_data;
-
 	DISSECTOR_ASSERT(si);
+	sip = si->sip;
+	DISSECTOR_ASSERT(sip);
+	nti=sip->extra_info;
+
 
 	if(parent_tree){
 		tvb_ensure_bytes_exist(tvb, offset, len);
@@ -8039,7 +8047,7 @@ dissect_nt_trans_setup_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pr
 		guint16 fid;
 
 		/* function code */
-		offset = dissect_smb2_ioctl_function(tvb, pinfo, tree, offset, &ntd->ioctl_function);
+		offset = dissect_smb2_ioctl_function(tvb, pinfo, tree, offset, &nti->ioctl_function);
 
 		/* fid */
 		fid = tvb_get_letohs(tvb, offset);
@@ -8307,6 +8315,7 @@ dissect_nt_trans_data_response(tvbuff_t *tvb, packet_info *pinfo,
 	smb_info_t *si;
 	guint16 bcp;
 	struct access_mask_info *ami=NULL;
+	tvbuff_t *ioctl_tvb;
 
 	si = (smb_info_t *)pinfo->private_data;
 	DISSECTOR_ASSERT(si);
@@ -8337,7 +8346,9 @@ dissect_nt_trans_data_response(tvbuff_t *tvb, packet_info *pinfo,
 		break;
 	case NT_TRANS_IOCTL:
 		/* ioctl data */
-		proto_tree_add_item(tree, hf_smb_nt_ioctl_data, tvb, offset, len, TRUE);
+		ioctl_tvb=tvb_new_subset(tvb, offset, MIN((int)len, tvb_length_remaining(tvb, offset)), len);
+		dissect_smb2_ioctl_data(ioctl_tvb, pinfo, tree, top_tree, nti->ioctl_function, FALSE);
+
 		offset += len;
 
 		break;
@@ -17151,10 +17162,6 @@ proto_register_smb(void)
 		{ "Root Handle", "smb.nt.ioctl.flags.root_handle", FT_BOOLEAN, 8,
 		TFS(&tfs_nt_ioctl_flags_root_handle), NT_IOCTL_FLAGS_ROOT_HANDLE, "Apply to this share or root Dfs share", HFILL }},
 
-	{ &hf_smb_nt_ioctl_data,
-		{ "IOCTL Data", "smb.nt.ioctl.data", FT_BYTES, BASE_HEX,
-		NULL, 0, "Data for the IOCTL call", HFILL }},
-
 	{ &hf_smb_nt_notify_action,
 		{ "Action", "smb.nt.notify.action", FT_UINT32, BASE_DEC,
 		VALS(nt_notify_action_vals), 0, "Which action caused this notify response", HFILL }},

epan/dissectors/packet-smb.h

@@ -182,6 +182,7 @@ WS_VAR_IMPORT const value_string nt_cmd_vals[];
 typedef struct {
 	int subcmd;
 	int fid_type;
+	guint32 ioctl_function;
 } smb_nt_transact_info_t;
 
 /* the information we need to keep around for transaction2 commands */

epan/dissectors/packet-smb2.c

@@ -2592,7 +2592,7 @@ dissect_smb2_cancel_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *t
 
 
 static int
-dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, smb2_info_t *si)
+dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, proto_tree *top_tree)
 {
 	int tvblen;
 	int result;
@@ -2602,7 +2602,7 @@ dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_
 	dcerpc_tvb = tvb_new_subset(tvb, offset, MIN((int)datalen, tvb_length_remaining(tvb, offset)), datalen);
 
 	/* dissect the full PDU */
-	result = dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, si->top_tree);
+	result = dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, top_tree);
 
 
 	offset += datalen;
@@ -2648,7 +2648,7 @@ dissect_smb2_write_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 
 	/* data or dcerpc ?*/
 	if(length && si->tree && si->tree->share_type == SMB2_SHARE_TYPE_IPC){
-		offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si);
+		offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si->top_tree);
 		return offset;
 	}
 
@@ -2681,9 +2681,9 @@ dissect_smb2_write_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *t
 }
 
 static void
-dissect_smb2_IOCTL_DO_DCERPC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si, gboolean data_in _U_)
+dissect_smb2_IOCTL_DO_DCERPC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *top_tree, gboolean data_in _U_)
 {
-	dissect_file_data_dcerpc(tvb, pinfo, tree, offset, tvb_length_remaining(tvb, offset), si);
+	dissect_file_data_dcerpc(tvb, pinfo, tree, offset, tvb_length_remaining(tvb, offset), top_tree);
 
 	return;
 }
@@ -2851,18 +2851,12 @@ dissect_smb2_FSCTL_SET_OBJECT_ID_EXTENDED(tvbuff_t *tvb, packet_info *pinfo _U_,
 	return;
 }
 
-static void
-dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *s2i, gboolean data_in)
+void
+dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in)
 {
-	guint32 ioctl_function=0;
-
-	if(s2i){
-		ioctl_function=s2i->ioctl_function;
-	}
-
 	switch(ioctl_function){
 	case 0x0011c017:
-		dissect_smb2_IOCTL_DO_DCERPC(tvb, pinfo, tree, 0, s2i, data_in);
+		dissect_smb2_IOCTL_DO_DCERPC(tvb, pinfo, tree, 0, top_tree, data_in);
 		break;
 	case 0x00144064: /* FSCTL_GET_SHADOW_COPY_DATA */
 		dissect_smb2_FSCTL_GET_SHADOW_COPY_DATA(tvb, pinfo, tree, 0, data_in);
@@ -2893,13 +2887,13 @@ dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb
 static void
 dissect_smb2_ioctl_data_in(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
 {
-	dissect_smb2_ioctl_data(tvb, pinfo, tree, si, TRUE);
+	dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, TRUE);
 }
 
 static void
 dissect_smb2_ioctl_data_out(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
 {
-	dissect_smb2_ioctl_data(tvb, pinfo, tree, si, FALSE);
+	dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, FALSE);
 }
 
 static int
@@ -3087,7 +3081,7 @@ dissect_smb2_read_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 	 * STATUS_PENDING read and thus a named pipe (==dcerpc)
 	 */
 	if(length && ( (si->tree && si->tree->share_type == SMB2_SHARE_TYPE_IPC)||(si->flags & SMB2_FLAGS_PID_VALID))){
-		offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si);
+		offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si->top_tree);
 		return offset;
 	}
 

epan/dissectors/packet-smb2.h

@@ -101,5 +101,6 @@ typedef struct _smb2_info_t {
 
 int dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset);
 int dissect_smb2_ioctl_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint32 *ioctl_function);
+void dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in);
 
 #endif