names beginning with dissect_qspi_, and give some of them names with the
info level structure in them rather than the SNIA CIFS specification
section number.
Have separate routines for SMB_INFO_STANDARD and SMB_INFO_QUERY_EA_SIZE;
SMB_INFO_STANDARD is specified differently in the SNIA CIFS
specification and the MS-CIFS specification, and some captures have the
SNIA CIFS version, with the EA length and some have the MS-CIFS version
without it. The dissector for SMB_INFO_STANDARD will dissect it if it's
there and not say "this structure is truncated" if it's not there.
Rename dissect_qfi_SMB_FILE_ALTERNATE_NAME_INFO() to
dissect_qfi_SMB_FILE_NAME_INFO(), as it also dissects
SMB_QUERY_FILE_NAME_INFO.
Merge the dissectors for SMB_FILE_ALLOCATION_INFO and
SMB_SET_FILE_ALLOCATION_INFO, and for SMB_FILE_END_OF_FILE_INFO and
SMB_SET_FILE_END_OF_FILE_INFO, as the structures are the same.
Dissect some presumed "passthrough info levels" the same way the
corresponding official SMB infos are dissected.
Expand some comments for info level dissectors to give the MS-CIFS
section number and to give some other details.
If an info level is truncated, put in an expert info error.
If we don't know about a given info level, just dissect the body as
"Information level unknown", rather than having it dissected as an
"unknown information" trailer.
svn path=/trunk/; revision=37297
include packet-smb.h in packet-smb.c so that we check the declarations
against the definitions.
In query ops, info level 2 is Query EA Size, not Query EAs From List.
In set ops, info level 2 is Set EAs, not Query EA Size.
Expand the constants for the Trans2 subcodes to 16 bits.
The tvb argument to dissect_find_file_unix_info2() is used.
svn path=/trunk/; revision=37286
Get rid of null-pointer tests for t2i in the "not null" branch of an
earlier test whether it's null, as those tests are redundant.
Use a switch statement to check the subcommand for Trans2.
If t2i->info_level is -1, it means we don't know the info level, for
whatever reason (e.g., the request was cut short by the snapshot length
before the info level). Report it as such.
svn path=/trunk/; revision=37183
and Set File.
Add Query and Set File Unix Info2; use common code to dissect the Unix
Info2 structure. Use common code for Unix Basic, while we're at it.
svn path=/trunk/; revision=37138
Add a new tap flag to indicate that a tap listener is just a "dissector helper",
that is, a tap which is used by a dissector to help it do its dissection but
does not, itself, require dissection.
Use this new flag in the dissectors which register taps.
Remove the (now-unused) have_tap_listeners() function.
svn path=/trunk/; revision=37069
Don't use "link destination" for file names in SMB_FIND_FILE_UNIX.
Link to the page for Microsoft's public protocol specifications and to
the Samba Wiki page for the UNIX extensions.
Fix a typo in a variable name.
svn path=/trunk/; revision=37023
Don't assign to a proto_item * if the value won't be used: Coverity 1040 & 1041.
Remove some unneede #includes;
Do some minor indentation & whitespace cleanup.
svn path=/trunk/; revision=36630
so that if the start_ptr is NULL the bytes are extracted from the given TVB
using the given offset and length.
Replace a bunch of:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, tvb_get_ptr(tvb, offset, length), [...])
with:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, NULL, [...])
svn path=/trunk/; revision=35896
proto_tree_add_*(): just use proto_tree_add_item().
Replace some tvb_get_ptr()s with tvb_get_ephemeral_string() or
tvb_get_const_stringz().
Use tvb_memeql() & tvb_memcmp().
svn path=/trunk/; revision=35558
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
The rest of the code assumes that sip can be NULL, so don't assert when it's
not.
Also make fid_cmp() static since it's only used in this module.
svn path=/trunk/; revision=34663
search attributes, as a 16-bit quantity, with only the bits specified by
section 2.2.1.2.4 of [MS-CIFS]. Use dissect_file_ext_attr() in all
cases where we're dissecting SMB_EXT_FILE_ATTR, as specified by section
2.2.1.2.3 of [MS-CIFS].
svn path=/trunk/; revision=33753
Dissect the SMB Tree_Connect_Andx Request and Response properly with
extension request and response which are documented in [MS-SMB] — v20100711
svn path=/trunk/; revision=33726
This functionality keeps track of all SMB objects contained in a capture,
and is able to export to a file a full or partial captured file that has
been transfered through the SMB protocol. In a partial capture, the holes
produced by the non-captured information are filled out with zeros.
It includes the needed modifications of the SMB dissector in the way it keeps
track of the opened SMB files and also to feed the eo_smb tap listener.
svn path=/trunk/; revision=33227
Don't crash on a malformed SMB packet. According to svn blame, this code
has been here since rev 21713 though maybe something else changed to make the
crash apparent.
svn path=/trunk/; revision=32650
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
If the "Level Of Interest" referenced in the smb.trans2.FIND_FIRST/FIND_NEXT
requests is 262, wireshark is unable to decode properly (neither the request
nor the response).
svn path=/trunk/; revision=30923