search attributes, as a 16-bit quantity, with only the bits specified by
section 2.2.1.2.4 of [MS-CIFS]. Use dissect_file_ext_attr() in all
cases where we're dissecting SMB_EXT_FILE_ATTR, as specified by section
2.2.1.2.3 of [MS-CIFS].
svn path=/trunk/; revision=33753
g_try_malloc() or g_try_realloc(), check whether they fit in a gsize
and:
if not, just pretend the allocation failed;
if so, cast them to gsize to squelch compiler warnings.
svn path=/trunk/; revision=33239
This functionality keeps track of all SMB objects contained in a capture,
and is able to export to a file a full or partial captured file that has
been transfered through the SMB protocol. In a partial capture, the holes
produced by the non-captured information are filled out with zeros.
It includes the needed modifications of the SMB dissector in the way it keeps
track of the opened SMB files and also to feed the eo_smb tap listener.
svn path=/trunk/; revision=33227
packet-smb.c(5479) : error C2220: warning treated as error - no object file generated
packet-smb.c(5479) : warning C4244: '=' : conversion from 'unsigned short ' to 'unsigned char ', possible loss of data
packet-smb.c(5480) : warning C4244: '=' : conversion from 'unsigned short ' to 'unsigned char ', possible loss of data
svn path=/trunk/; revision=22134
in both packets of a transaction.
this makes filters such as "smb.file==foo.txt" work much better since they now show both
the read/write request and also the response packets.
this is similar to what we already do in nfs for filehandles
svn path=/trunk/; revision=21856
put the filename, if known, on the fid expansion line
also place a "generated" fid in failed ntcreateandx so it is easier to
quickly see which file the ntcreateandx failed for
svn path=/trunk/; revision=21739
stuff to the UID tree unless it's UID stuff.
Also, as we appear to allow for null domain and account information in
dissect_smb_uid(), check for null information before trying to add it to
the top-level item.
svn path=/trunk/; revision=21597
when files are opened using NTCreateAndX and if we recognize the type set the type field to either FILE, DIR or PIPE
This is useful to know when dissecting things like security descriptors since it tells us how to dissect the specific bits of the access mask.
Only do this for NTCreateAndX for now. It is trivial to add similar tracking to some of the older obsolete calls used to open fids but no clients ever use those old calls any more.
svn path=/trunk/; revision=18922
reuse the recent structure for fid->filename mappings since the problemspace is virtually the same
(go to tired of trying to find the sharename in 10mpacket traces with 1000s of shares)
svn path=/trunk/; revision=18516
add an expansion to the fid that display which frame itr was opened in and when it was closed.
someone may want to add tracking of actual filenames here as well. i am not sure i need that feature myself so ...
svn path=/trunk/; revision=18512