dissect some more infolevels
svn path=/trunk/; revision=16543
This commit is contained in:
parent
93e66072c1
commit
3f047721a3
|
@ -10436,8 +10436,8 @@ dissect_4_2_16_4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
|||
/* this dissects the SMB_QUERY_FILE_STANDARD_INFO
|
||||
as described in 4.2.16.5
|
||||
*/
|
||||
static int
|
||||
dissect_4_2_16_5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
||||
int
|
||||
dissect_qfi_SMB_FILE_STANDARD_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
||||
int offset, guint16 *bcp, gboolean *trunc)
|
||||
{
|
||||
/* allocation size */
|
||||
|
@ -10490,8 +10490,8 @@ dissect_qfi_SMB_FILE_EA_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *
|
|||
this is the same as SMB_QUERY_FILE_ALT_NAME_INFO
|
||||
as described in 4.2.16.9
|
||||
*/
|
||||
static int
|
||||
dissect_4_2_16_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||
int
|
||||
dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||
int offset, guint16 *bcp, gboolean *trunc)
|
||||
{
|
||||
smb_info_t *si = pinfo->private_data;
|
||||
|
@ -10520,7 +10520,7 @@ dissect_4_2_16_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
as described in 4.2.16.8
|
||||
*/
|
||||
static int
|
||||
dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||
dissect_qfi_SMB_FILE_ALL_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||
int offset, guint16 *bcp, gboolean *trunc)
|
||||
{
|
||||
|
||||
|
@ -10532,7 +10532,7 @@ dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
/* 4 pad bytes */
|
||||
offset+=4;
|
||||
|
||||
offset = dissect_4_2_16_5(tvb, pinfo, tree, offset, bcp, trunc);
|
||||
offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, bcp, trunc);
|
||||
if (*trunc) {
|
||||
return offset;
|
||||
}
|
||||
|
@ -10574,7 +10574,7 @@ dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
proto_tree_add_item(tree, hf_smb_t2_alignment, tvb, offset, 4, TRUE);
|
||||
COUNT_BYTES_SUBR(4);
|
||||
|
||||
offset = dissect_4_2_16_7(tvb, pinfo, tree, offset, bcp, trunc);
|
||||
offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, bcp, trunc);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
@ -10583,13 +10583,13 @@ dissect_4_2_16_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
BUT NOT as described in 4.2.16.8.
|
||||
All SMB_QUERY_FILE_ALL_INFO packets I captured were only correctly
|
||||
decoded using this function. As you can see, this is very different
|
||||
from function dissect_4_2_16_8() which implements the documented
|
||||
from function dissect_qfi_SMB_FILE_ALL_INFO() which implements the documented
|
||||
format.
|
||||
XXX I don't know which one we should use. Does someone have
|
||||
a valid decoding with dissect_4_2_16_8() ?
|
||||
a valid decoding with dissect_qfi_SMB_FILE_ALL_INFO() ?
|
||||
*/
|
||||
static int
|
||||
dissect_4_2_16_8_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||
dissect_qfi_SMB_FILE_ALL_INFO_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||
int offset, guint16 *bcp, gboolean *trunc)
|
||||
{
|
||||
|
||||
|
@ -10601,7 +10601,7 @@ dissect_4_2_16_8_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
/* 4 pad bytes */
|
||||
offset+=4;
|
||||
|
||||
offset = dissect_4_2_16_5(tvb, pinfo, tree, offset, bcp, trunc);
|
||||
offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, bcp, trunc);
|
||||
if (*trunc) {
|
||||
return offset;
|
||||
}
|
||||
|
@ -10614,7 +10614,7 @@ dissect_4_2_16_8_unsure(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
return offset;
|
||||
}
|
||||
|
||||
offset = dissect_4_2_16_7(tvb, pinfo, tree, offset, bcp, trunc);
|
||||
offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, bcp, trunc);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
@ -10703,8 +10703,8 @@ dissect_qfi_SMB_FILE_STREAM_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *
|
|||
/* this dissects the SMB_QUERY_FILE_COMPRESSION_INFO
|
||||
as described in 4.2.16.11
|
||||
*/
|
||||
static int
|
||||
dissect_4_2_16_11(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
||||
int
|
||||
dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
||||
int offset, guint16 *bcp, gboolean *trunc)
|
||||
{
|
||||
/* compressed file size */
|
||||
|
@ -11052,7 +11052,7 @@ dissect_qpi_loi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
|
|||
break;
|
||||
case 0x0102: /*Query File Standard Info*/
|
||||
case 1005: /* SMB_FILE_STANDARD_INFORMATION */
|
||||
offset = dissect_4_2_16_5(tvb, pinfo, tree, offset, bcp,
|
||||
offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, bcp,
|
||||
&trunc);
|
||||
break;
|
||||
case 0x0103: /*Query File EA Info*/
|
||||
|
@ -11062,23 +11062,23 @@ dissect_qpi_loi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
|
|||
break;
|
||||
case 0x0104: /*Query File Name Info*/
|
||||
case 1009: /* SMB_FILE_NAME_INFORMATION */
|
||||
offset = dissect_4_2_16_7(tvb, pinfo, tree, offset, bcp,
|
||||
offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, bcp,
|
||||
&trunc);
|
||||
break;
|
||||
case 0x0107: /*Query File All Info*/
|
||||
case 1018: /* SMB_FILE_ALL_INFORMATION */
|
||||
#if 1
|
||||
offset = dissect_4_2_16_8(tvb, pinfo, tree, offset, bcp,
|
||||
offset = dissect_qfi_SMB_FILE_ALL_INFO(tvb, pinfo, tree, offset, bcp,
|
||||
&trunc);
|
||||
#else
|
||||
/* see comments before function definition */
|
||||
offset = dissect_4_2_16_8_unsure(tvb, pinfo, tree, offset, bcp,
|
||||
offset = dissect_qfi_SMB_FILE_ALL_INFO_unsure(tvb, pinfo, tree, offset, bcp,
|
||||
&trunc);
|
||||
#endif
|
||||
break;
|
||||
case 0x0108: /*Query File Alt File Info*/
|
||||
case 1021: /* SMB_FILE_ALTERNATE_NAME_INFORMATION */
|
||||
offset = dissect_4_2_16_7(tvb, pinfo, tree, offset, bcp,
|
||||
offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, bcp,
|
||||
&trunc);
|
||||
break;
|
||||
case 1022: /* SMB_FILE_STREAM_INFORMATION */
|
||||
|
@ -11089,7 +11089,7 @@ dissect_qpi_loi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
|
|||
break;
|
||||
case 0x010b: /*Query File Compression Info*/
|
||||
case 1028: /* SMB_FILE_COMPRESSION_INFORMATION */
|
||||
offset = dissect_4_2_16_11(tvb, pinfo, tree, offset, bcp,
|
||||
offset = dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvb, pinfo, tree, offset, bcp,
|
||||
&trunc);
|
||||
break;
|
||||
case 1034: /* SMB_FILE_NETWORK_OPEN_INFO */
|
||||
|
|
|
@ -306,5 +306,8 @@ extern int dissect_qfsi_FS_OBJECTID_INFO(tvbuff_t * tvb, packet_info * pinfo, pr
|
|||
extern int dissect_qfsi_FS_FULL_SIZE_INFO(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, int offset, guint16 *bcp);
|
||||
extern int dissect_qfi_SMB_FILE_EA_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
|
||||
extern int dissect_qfi_SMB_FILE_STREAM_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint16 *bcp, gboolean *trunc, int unicode);
|
||||
extern int dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
|
||||
extern int dissect_qfi_SMB_FILE_STANDARD_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
|
||||
extern int dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 *bcp, gboolean *trunc);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/* packet-smb2.c
|
||||
* Routines for smb2 packet dissection
|
||||
* Ronnie Sahlberg 2005
|
||||
*
|
||||
* See http://wiki.ethereal.com/SMB2 for documentation of
|
||||
* this protocol.
|
||||
|
@ -84,8 +85,6 @@ static int hf_smb2_boot_time = -1;
|
|||
static int hf_smb2_filename_offset = -1;
|
||||
static int hf_smb2_filename_len = -1;
|
||||
static int hf_smb2_filename = -1;
|
||||
static int hf_smb2_short_filename_len = -1;
|
||||
static int hf_smb2_short_filename = -1;
|
||||
static int hf_smb2_allocation_size = -1;
|
||||
static int hf_smb2_end_of_file = -1;
|
||||
static int hf_smb2_tree_offset = -1;
|
||||
|
@ -111,6 +110,7 @@ static int hf_smb2_file_info_0f = -1;
|
|||
static int hf_smb2_file_info_12 = -1;
|
||||
static int hf_smb2_file_info_15 = -1;
|
||||
static int hf_smb2_file_info_16 = -1;
|
||||
static int hf_smb2_file_info_1c = -1;
|
||||
static int hf_smb2_file_info_22 = -1;
|
||||
static int hf_smb2_fs_info_01 = -1;
|
||||
static int hf_smb2_fs_info_03 = -1;
|
||||
|
@ -153,6 +153,7 @@ static gint ett_smb2_file_info_08 = -1;
|
|||
static gint ett_smb2_file_info_12 = -1;
|
||||
static gint ett_smb2_file_info_15 = -1;
|
||||
static gint ett_smb2_file_info_16 = -1;
|
||||
static gint ett_smb2_file_info_1c = -1;
|
||||
static gint ett_smb2_file_info_22 = -1;
|
||||
static gint ett_smb2_file_info_0a = -1;
|
||||
static gint ett_smb2_file_info_0d = -1;
|
||||
|
@ -192,6 +193,7 @@ static const value_string smb2_class_vals[] = {
|
|||
#define SMB2_FILE_INFO_12 0x12
|
||||
#define SMB2_FILE_INFO_15 0x15
|
||||
#define SMB2_FILE_INFO_16 0x16
|
||||
#define SMB2_FILE_INFO_1c 0x1c
|
||||
#define SMB2_FILE_INFO_22 0x22
|
||||
|
||||
#define SMB2_FS_INFO_01 0x01
|
||||
|
@ -401,35 +403,16 @@ dissect_smb2_file_info_15(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *par
|
|||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
int length;
|
||||
const char *name="";
|
||||
guint16 bc;
|
||||
gboolean trunc;
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_item(parent_tree, hf_smb2_file_info_15, tvb, offset, -1, TRUE);
|
||||
tree = proto_item_add_subtree(item, ett_smb2_file_info_15);
|
||||
}
|
||||
|
||||
/* short file name length */
|
||||
length=tvb_get_letohs(tvb, offset);
|
||||
proto_tree_add_item(tree, hf_smb2_short_filename_len, tvb, offset, 2, TRUE);
|
||||
offset += 2;
|
||||
|
||||
/* padding */
|
||||
offset += 2;
|
||||
|
||||
/* short file name */
|
||||
if(length){
|
||||
bc=tvb_length_remaining(tvb, offset);
|
||||
name = get_unicode_or_ascii_string(tvb, &offset,
|
||||
TRUE, &length, TRUE, TRUE, &bc);
|
||||
if(name){
|
||||
proto_tree_add_string(tree, hf_smb2_short_filename, tvb,
|
||||
offset, length, name);
|
||||
}
|
||||
|
||||
}
|
||||
offset += length;
|
||||
offset = dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
@ -473,23 +456,16 @@ dissect_smb2_file_info_05(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *par
|
|||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
guint16 bc;
|
||||
gboolean trunc;
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_item(parent_tree, hf_smb2_file_info_05, tvb, offset, -1, TRUE);
|
||||
tree = proto_item_add_subtree(item, ett_smb2_file_info_05);
|
||||
}
|
||||
|
||||
/* allocation size */
|
||||
proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, TRUE);
|
||||
offset += 8;
|
||||
|
||||
/* end of file */
|
||||
proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, TRUE);
|
||||
offset += 8;
|
||||
|
||||
/* some unknown bytes */
|
||||
proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 8, FALSE);
|
||||
offset += 8;
|
||||
bc=tvb_length_remaining(tvb, offset);
|
||||
offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
@ -549,6 +525,25 @@ dissect_smb2_file_info_16(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *par
|
|||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
dissect_smb2_file_info_1c(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
|
||||
{
|
||||
proto_item *item=NULL;
|
||||
proto_tree *tree=NULL;
|
||||
guint16 bc;
|
||||
gboolean trunc;
|
||||
|
||||
if(parent_tree){
|
||||
item = proto_tree_add_item(parent_tree, hf_smb2_file_info_1c, tvb, offset, -1, TRUE);
|
||||
tree = proto_item_add_subtree(item, ett_smb2_file_info_1c);
|
||||
}
|
||||
|
||||
bc=tvb_length_remaining(tvb, offset);
|
||||
offset = dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
dissect_smb2_file_info_22(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
|
||||
{
|
||||
|
@ -1430,6 +1425,9 @@ dissect_smb2_infolevel(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
|
|||
case SMB2_FILE_INFO_16:
|
||||
dissect_smb2_file_info_16(tvb, pinfo, tree, offset, si);
|
||||
break;
|
||||
case SMB2_FILE_INFO_1c:
|
||||
dissect_smb2_file_info_1c(tvb, pinfo, tree, offset, si);
|
||||
break;
|
||||
case SMB2_FILE_INFO_22:
|
||||
dissect_smb2_file_info_22(tvb, pinfo, tree, offset, si);
|
||||
break;
|
||||
|
@ -2930,19 +2928,13 @@ proto_register_smb2(void)
|
|||
{ "File Name Length", "smb2.filename_len", FT_UINT16, BASE_DEC,
|
||||
NULL, 0, "Length of the file name", HFILL }},
|
||||
|
||||
{ &hf_smb2_short_filename_len,
|
||||
{ "Short File Name Length", "smb2.short.filename_len", FT_UINT16, BASE_DEC,
|
||||
NULL, 0, "Length of the short file name", HFILL }},
|
||||
|
||||
{ &hf_smb2_tree,
|
||||
{ "Tree", "smb2.tree", FT_STRING, BASE_NONE,
|
||||
NULL, 0, "Name of the Tree/Share", HFILL }},
|
||||
{ &hf_smb2_filename,
|
||||
{ "Filename", "smb2.filename", FT_STRING, BASE_NONE,
|
||||
NULL, 0, "Name of the file", HFILL }},
|
||||
{ &hf_smb2_short_filename,
|
||||
{ "Short Filename", "smb2.short.filename", FT_STRING, BASE_NONE,
|
||||
NULL, 0, "Short Name of the file", HFILL }},
|
||||
|
||||
{ &hf_smb2_search_offset,
|
||||
{ "Search Pattern Offset", "smb2.search.pattern_offset", FT_UINT16, BASE_HEX,
|
||||
NULL, 0, "Offset of the search pattern", HFILL }},
|
||||
|
@ -3047,6 +3039,10 @@ proto_register_smb2(void)
|
|||
{ "SMB2_FILE_INFO_16", "smb2.smb2_file_info_16", FT_NONE, BASE_NONE,
|
||||
NULL, 0, "SMB2_FILE_INFO_16 structure", HFILL }},
|
||||
|
||||
{ &hf_smb2_file_info_1c,
|
||||
{ "SMB2_FILE_INFO_1c", "smb2.smb2_file_info_1c", FT_NONE, BASE_NONE,
|
||||
NULL, 0, "SMB2_FILE_INFO_1c structure", HFILL }},
|
||||
|
||||
{ &hf_smb2_file_info_04,
|
||||
{ "SMB2_FILE_INFO_04", "smb2.smb2_file_info_04", FT_NONE, BASE_NONE,
|
||||
NULL, 0, "SMB2_FILE_INFO_04 structure", HFILL }},
|
||||
|
@ -3221,6 +3217,7 @@ proto_register_smb2(void)
|
|||
&ett_smb2_file_info_12,
|
||||
&ett_smb2_file_info_15,
|
||||
&ett_smb2_file_info_16,
|
||||
&ett_smb2_file_info_1c,
|
||||
&ett_smb2_file_info_22,
|
||||
&ett_smb2_fs_info_01,
|
||||
&ett_smb2_fs_info_03,
|
||||
|
|
Loading…
Reference in New Issue