diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index 97bd76b684..9e023b14ab 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -10436,8 +10436,8 @@ dissect_4_2_16_4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, /* this dissects the SMB_QUERY_FILE_STANDARD_INFO as described in 4.2.16.5 */ -static int -dissect_4_2_16_5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, +int +dissect_qfi_SMB_FILE_STANDARD_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc) { /* allocation size */ @@ -10490,8 +10490,8 @@ dissect_qfi_SMB_FILE_EA_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree * this is the same as SMB_QUERY_FILE_ALT_NAME_INFO as described in 4.2.16.9 */ -static int -dissect_4_2_16_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, +int +dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc) { smb_info_t *si = pinfo->private_data; @@ -10520,7 +10520,7 @@ dissect_4_2_16_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, as described in 4.2.16.8 */ static int -dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, +dissect_qfi_SMB_FILE_ALL_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc) { @@ -10532,7 +10532,7 @@ dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* 4 pad bytes */ offset+=4; - offset = dissect_4_2_16_5(tvb, pinfo, tree, offset, bcp, trunc); + offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, bcp, trunc); if (*trunc) { return offset; } @@ -10574,7 +10574,7 @@ dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_item(tree, hf_smb_t2_alignment, tvb, offset, 4, TRUE); COUNT_BYTES_SUBR(4); - offset = dissect_4_2_16_7(tvb, pinfo, tree, offset, bcp, trunc); + offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, bcp, trunc); return offset; } @@ -10583,13 +10583,13 @@ dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, BUT NOT as described in 4.2.16.8. All SMB_QUERY_FILE_ALL_INFO packets I captured were only correctly decoded using this function. As you can see, this is very different - from function dissect_4_2_16_8() which implements the documented + from function dissect_qfi_SMB_FILE_ALL_INFO() which implements the documented format. XXX I don't know which one we should use. Does someone have - a valid decoding with dissect_4_2_16_8() ? + a valid decoding with dissect_qfi_SMB_FILE_ALL_INFO() ? */ static int -dissect_4_2_16_8_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, +dissect_qfi_SMB_FILE_ALL_INFO_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc) { @@ -10601,7 +10601,7 @@ dissect_4_2_16_8_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* 4 pad bytes */ offset+=4; - offset = dissect_4_2_16_5(tvb, pinfo, tree, offset, bcp, trunc); + offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, bcp, trunc); if (*trunc) { return offset; } @@ -10614,7 +10614,7 @@ dissect_4_2_16_8_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, return offset; } - offset = dissect_4_2_16_7(tvb, pinfo, tree, offset, bcp, trunc); + offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, bcp, trunc); return offset; } @@ -10703,8 +10703,8 @@ dissect_qfi_SMB_FILE_STREAM_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree * /* this dissects the SMB_QUERY_FILE_COMPRESSION_INFO as described in 4.2.16.11 */ -static int -dissect_4_2_16_11(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, +int +dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc) { /* compressed file size */ @@ -11052,7 +11052,7 @@ dissect_qpi_loi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, break; case 0x0102: /*Query File Standard Info*/ case 1005: /* SMB_FILE_STANDARD_INFORMATION */ - offset = dissect_4_2_16_5(tvb, pinfo, tree, offset, bcp, + offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, bcp, &trunc); break; case 0x0103: /*Query File EA Info*/ @@ -11062,23 +11062,23 @@ dissect_qpi_loi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, break; case 0x0104: /*Query File Name Info*/ case 1009: /* SMB_FILE_NAME_INFORMATION */ - offset = dissect_4_2_16_7(tvb, pinfo, tree, offset, bcp, + offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, bcp, &trunc); break; case 0x0107: /*Query File All Info*/ case 1018: /* SMB_FILE_ALL_INFORMATION */ #if 1 - offset = dissect_4_2_16_8(tvb, pinfo, tree, offset, bcp, + offset = dissect_qfi_SMB_FILE_ALL_INFO(tvb, pinfo, tree, offset, bcp, &trunc); #else /* see comments before function definition */ - offset = dissect_4_2_16_8_unsure(tvb, pinfo, tree, offset, bcp, + offset = dissect_qfi_SMB_FILE_ALL_INFO_unsure(tvb, pinfo, tree, offset, bcp, &trunc); #endif break; case 0x0108: /*Query File Alt File Info*/ case 1021: /* SMB_FILE_ALTERNATE_NAME_INFORMATION */ - offset = dissect_4_2_16_7(tvb, pinfo, tree, offset, bcp, + offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, bcp, &trunc); break; case 1022: /* SMB_FILE_STREAM_INFORMATION */ @@ -11089,7 +11089,7 @@ dissect_qpi_loi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, break; case 0x010b: /*Query File Compression Info*/ case 1028: /* SMB_FILE_COMPRESSION_INFORMATION */ - offset = dissect_4_2_16_11(tvb, pinfo, tree, offset, bcp, + offset = dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvb, pinfo, tree, offset, bcp, &trunc); break; case 1034: /* SMB_FILE_NETWORK_OPEN_INFO */ diff --git a/epan/dissectors/packet-smb.h b/epan/dissectors/packet-smb.h index c901d8e36b..b9357f0810 100644 --- a/epan/dissectors/packet-smb.h +++ b/epan/dissectors/packet-smb.h @@ -306,5 +306,8 @@ extern int dissect_qfsi_FS_OBJECTID_INFO(tvbuff_t * tvb, packet_info * pinfo, pr extern int dissect_qfsi_FS_FULL_SIZE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp); extern int dissect_qfi_SMB_FILE_EA_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc); extern int dissect_qfi_SMB_FILE_STREAM_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint16 *bcp, gboolean *trunc, int unicode); +extern int dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc); +extern int dissect_qfi_SMB_FILE_STANDARD_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc); +extern int dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc); #endif diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c index 8a0c513185..3cdd03019c 100644 --- a/epan/dissectors/packet-smb2.c +++ b/epan/dissectors/packet-smb2.c @@ -1,5 +1,6 @@ /* packet-smb2.c * Routines for smb2 packet dissection + * Ronnie Sahlberg 2005 * * See http://wiki.ethereal.com/SMB2 for documentation of * this protocol. @@ -84,8 +85,6 @@ static int hf_smb2_boot_time = -1; static int hf_smb2_filename_offset = -1; static int hf_smb2_filename_len = -1; static int hf_smb2_filename = -1; -static int hf_smb2_short_filename_len = -1; -static int hf_smb2_short_filename = -1; static int hf_smb2_allocation_size = -1; static int hf_smb2_end_of_file = -1; static int hf_smb2_tree_offset = -1; @@ -111,6 +110,7 @@ static int hf_smb2_file_info_0f = -1; static int hf_smb2_file_info_12 = -1; static int hf_smb2_file_info_15 = -1; static int hf_smb2_file_info_16 = -1; +static int hf_smb2_file_info_1c = -1; static int hf_smb2_file_info_22 = -1; static int hf_smb2_fs_info_01 = -1; static int hf_smb2_fs_info_03 = -1; @@ -153,6 +153,7 @@ static gint ett_smb2_file_info_08 = -1; static gint ett_smb2_file_info_12 = -1; static gint ett_smb2_file_info_15 = -1; static gint ett_smb2_file_info_16 = -1; +static gint ett_smb2_file_info_1c = -1; static gint ett_smb2_file_info_22 = -1; static gint ett_smb2_file_info_0a = -1; static gint ett_smb2_file_info_0d = -1; @@ -192,6 +193,7 @@ static const value_string smb2_class_vals[] = { #define SMB2_FILE_INFO_12 0x12 #define SMB2_FILE_INFO_15 0x15 #define SMB2_FILE_INFO_16 0x16 +#define SMB2_FILE_INFO_1c 0x1c #define SMB2_FILE_INFO_22 0x22 #define SMB2_FS_INFO_01 0x01 @@ -401,35 +403,16 @@ dissect_smb2_file_info_15(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *par { proto_item *item=NULL; proto_tree *tree=NULL; - int length; - const char *name=""; guint16 bc; + gboolean trunc; if(parent_tree){ item = proto_tree_add_item(parent_tree, hf_smb2_file_info_15, tvb, offset, -1, TRUE); tree = proto_item_add_subtree(item, ett_smb2_file_info_15); } - /* short file name length */ - length=tvb_get_letohs(tvb, offset); - proto_tree_add_item(tree, hf_smb2_short_filename_len, tvb, offset, 2, TRUE); - offset += 2; - - /* padding */ - offset += 2; - - /* short file name */ - if(length){ - bc=tvb_length_remaining(tvb, offset); - name = get_unicode_or_ascii_string(tvb, &offset, - TRUE, &length, TRUE, TRUE, &bc); - if(name){ - proto_tree_add_string(tree, hf_smb2_short_filename, tvb, - offset, length, name); - } - - } - offset += length; + bc=tvb_length_remaining(tvb, offset); + offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, &bc, &trunc); return offset; } @@ -473,23 +456,16 @@ dissect_smb2_file_info_05(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *par { proto_item *item=NULL; proto_tree *tree=NULL; + guint16 bc; + gboolean trunc; if(parent_tree){ item = proto_tree_add_item(parent_tree, hf_smb2_file_info_05, tvb, offset, -1, TRUE); tree = proto_item_add_subtree(item, ett_smb2_file_info_05); } - /* allocation size */ - proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, TRUE); - offset += 8; - - /* end of file */ - proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, TRUE); - offset += 8; - - /* some unknown bytes */ - proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 8, FALSE); - offset += 8; + bc=tvb_length_remaining(tvb, offset); + offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, &bc, &trunc); return offset; } @@ -549,6 +525,25 @@ dissect_smb2_file_info_16(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *par return offset; } +static int +dissect_smb2_file_info_1c(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_) +{ + proto_item *item=NULL; + proto_tree *tree=NULL; + guint16 bc; + gboolean trunc; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_smb2_file_info_1c, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_smb2_file_info_1c); + } + + bc=tvb_length_remaining(tvb, offset); + offset = dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvb, pinfo, tree, offset, &bc, &trunc); + + return offset; +} + static int dissect_smb2_file_info_22(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_) { @@ -1430,6 +1425,9 @@ dissect_smb2_infolevel(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, case SMB2_FILE_INFO_16: dissect_smb2_file_info_16(tvb, pinfo, tree, offset, si); break; + case SMB2_FILE_INFO_1c: + dissect_smb2_file_info_1c(tvb, pinfo, tree, offset, si); + break; case SMB2_FILE_INFO_22: dissect_smb2_file_info_22(tvb, pinfo, tree, offset, si); break; @@ -2930,19 +2928,13 @@ proto_register_smb2(void) { "File Name Length", "smb2.filename_len", FT_UINT16, BASE_DEC, NULL, 0, "Length of the file name", HFILL }}, - { &hf_smb2_short_filename_len, - { "Short File Name Length", "smb2.short.filename_len", FT_UINT16, BASE_DEC, - NULL, 0, "Length of the short file name", HFILL }}, - { &hf_smb2_tree, { "Tree", "smb2.tree", FT_STRING, BASE_NONE, NULL, 0, "Name of the Tree/Share", HFILL }}, { &hf_smb2_filename, { "Filename", "smb2.filename", FT_STRING, BASE_NONE, NULL, 0, "Name of the file", HFILL }}, - { &hf_smb2_short_filename, - { "Short Filename", "smb2.short.filename", FT_STRING, BASE_NONE, - NULL, 0, "Short Name of the file", HFILL }}, + { &hf_smb2_search_offset, { "Search Pattern Offset", "smb2.search.pattern_offset", FT_UINT16, BASE_HEX, NULL, 0, "Offset of the search pattern", HFILL }}, @@ -3047,6 +3039,10 @@ proto_register_smb2(void) { "SMB2_FILE_INFO_16", "smb2.smb2_file_info_16", FT_NONE, BASE_NONE, NULL, 0, "SMB2_FILE_INFO_16 structure", HFILL }}, + { &hf_smb2_file_info_1c, + { "SMB2_FILE_INFO_1c", "smb2.smb2_file_info_1c", FT_NONE, BASE_NONE, + NULL, 0, "SMB2_FILE_INFO_1c structure", HFILL }}, + { &hf_smb2_file_info_04, { "SMB2_FILE_INFO_04", "smb2.smb2_file_info_04", FT_NONE, BASE_NONE, NULL, 0, "SMB2_FILE_INFO_04 structure", HFILL }}, @@ -3221,6 +3217,7 @@ proto_register_smb2(void) &ett_smb2_file_info_12, &ett_smb2_file_info_15, &ett_smb2_file_info_16, + &ett_smb2_file_info_1c, &ett_smb2_file_info_22, &ett_smb2_fs_info_01, &ett_smb2_fs_info_03,