Ronnie Sahlberg
49499c1b96
the 4 bytes in MxAc are access maxk not file attributes
...
svn path=/trunk/; revision=16548
2005-11-19 03:19:56 +00:00
Ronnie Sahlberg
7e45fb1755
prettification
...
svn path=/trunk/; revision=16547
2005-11-19 03:15:39 +00:00
Ronnie Sahlberg
6de5370105
decode the extra blob at the end of Create calls
...
svn path=/trunk/; revision=16546
2005-11-19 02:24:22 +00:00
Ronnie Sahlberg
ad65921598
update to SMB2_FILE_ALL_INFO dissection
...
prettify dissection of some strings
svn path=/trunk/; revision=16545
2005-11-18 21:59:05 +00:00
Ronnie Sahlberg
3f047721a3
dissect some more infolevels
...
svn path=/trunk/; revision=16543
2005-11-18 07:31:18 +00:00
Ronnie Sahlberg
3afd94f519
add dissection of more infolevels for smb2
...
svn path=/trunk/; revision=16539
2005-11-17 22:30:19 +00:00
Ronnie Sahlberg
e5b6a6426b
add dissection of fs_[objectid|full_size]_info
...
svn path=/trunk/; revision=16538
2005-11-17 14:22:11 +00:00
Ronnie Sahlberg
6ac4fe9a25
add dissection of fs quota info
...
svn path=/trunk/; revision=16537
2005-11-17 14:00:07 +00:00
Ronnie Sahlberg
1b809cfcd7
add full dissection of fs_[volume|size|device|atrtibute]_info
...
svn path=/trunk/; revision=16536
2005-11-17 13:43:22 +00:00
Ronnie Sahlberg
675d0862b5
add dissection of the security descriptor mask
...
svn path=/trunk/; revision=16535
2005-11-17 12:30:36 +00:00
Ronnie Sahlberg
57c5bffa85
decode the create flags
...
svn path=/trunk/; revision=16529
2005-11-17 08:21:53 +00:00
Ronnie Sahlberg
b8cb0d07b8
add more updates from the wiki
...
svn path=/trunk/; revision=16528
2005-11-17 07:32:17 +00:00
Ronnie Sahlberg
5d24bf785a
start updating the dissector from wiki updates done
...
svn path=/trunk/; revision=16527
2005-11-17 07:04:41 +00:00
Ronnie Sahlberg
04f785f836
add dissection of buffercode
...
according to
wiki.etehreal.com/SMB2/BufferCode
svn path=/trunk/; revision=16512
2005-11-16 10:59:41 +00:00
Ronnie Sahlberg
5bc41c76b0
add decoding of extended attributes
...
svn path=/trunk/; revision=16506
2005-11-15 08:49:34 +00:00
Ronnie Sahlberg
ae6cc5a6f2
some more infol;evels decoded
...
svn path=/trunk/; revision=16503
2005-11-14 12:06:39 +00:00
Ronnie Sahlberg
5244ca9cdd
prettify read/write
...
svn path=/trunk/; revision=16497
2005-11-12 23:17:06 +00:00
Ronnie Sahlberg
6124eac224
prettify smb2
...
always put the filename in col_info if it is known
for getinfo/setinfo put the class/level in colinfo as well.
this makes it very easy to see in the packet summary which file a icommand applies to and what kind of info is requested
svn path=/trunk/; revision=16496
2005-11-12 23:05:29 +00:00
Ronnie Sahlberg
5940b03d12
if we get the error BUTTER_TOO_SMALL coming back in a getinfo reply the data will just be 4 bytes and will contain the required buffer size
...
svn path=/trunk/; revision=16493
2005-11-12 21:14:17 +00:00
Ronnie Sahlberg
0097584f2e
the timestamps of negprot are known
...
svn path=/trunk/; revision=16491
2005-11-12 11:42:06 +00:00
Ronnie Sahlberg
15f13b23a0
improve the dissection of Create and fill in most of the fields
...
svn path=/trunk/; revision=16490
2005-11-12 11:27:34 +00:00
Ronnie Sahlberg
8b68d91039
dissect more of Close request/response
...
svn path=/trunk/; revision=16487
2005-11-12 10:07:12 +00:00
Ronnie Sahlberg
728323e533
add initial decode of dcerpc over smb2
...
it does not yet multiplex between different files but it is better than nothing
svn path=/trunk/; revision=16484
2005-11-12 08:48:02 +00:00
Ronnie Sahlberg
bc6cb5d6ad
in order to handle dcerpc over smb2 later and to make the heuristics stronger for determining what might and what might not be a pipe
...
add TID tracking. for all TreeConnect requests/resposnes seen, store the name->tid mapping and other metadata.
as a freebee the disswection of the tid in the ehader is aware of this table so when a tid value is dissected in the header and we known the name for this tid then put it in an expansion below the tid.
svn path=/trunk/; revision=16483
2005-11-12 07:45:01 +00:00
Ronnie Sahlberg
9ca683a249
start separating things out into structures
...
we can regenerate from the header
we need to remember between request/response
we need on a per conersation bases
to reduce the amount of data we store in the per req/resp pair since there will be many of them and we want that struct as small as possible.
svn path=/trunk/; revision=16482
2005-11-12 04:23:52 +00:00
Jörg Mayer
66df615702
Propset svn:...
...
svn path=/trunk/; revision=16478
2005-11-12 00:25:27 +00:00
Ronnie Sahlberg
ebcdb60414
in smb2 the file handles are not normal context handles they are just a guid
...
make them a guid in smb2 dissector and make tim pottesr excellent conmtext handle tracking also able to do the same thing for GUIDs
( a context handle is just a 32 biut attribute field followed by a uuid anyway)
svn path=/trunk/; revision=16477
2005-11-11 22:12:10 +00:00
Ronnie Sahlberg
574717c28d
start decoding notify requests
...
svn path=/trunk/; revision=16475
2005-11-11 12:49:42 +00:00
Ronnie Sahlberg
756520be42
dissect READ packets
...
svn path=/trunk/; revision=16474
2005-11-11 11:35:10 +00:00
Ronnie Sahlberg
6250873db4
write offset is 32 bits so is write length
...
svn path=/trunk/; revision=16473
2005-11-11 11:14:14 +00:00
Ronnie Sahlberg
eae75ff28b
add allocation size
...
svn path=/trunk/; revision=16472
2005-11-11 11:03:00 +00:00
Ronnie Sahlberg
ec327c0a14
add decode of endoffile for file infolevel 0x12
...
svn path=/trunk/; revision=16471
2005-11-11 10:26:36 +00:00
Ronnie Sahlberg
b358df838c
class:3 level:0 is just a normal nt security descvriptor
...
svn path=/trunk/; revision=16470
2005-11-11 09:09:31 +00:00
Ronnie Sahlberg
e85060f171
opcode 0x0c is Cancel
...
svn path=/trunk/; revision=16469
2005-11-11 08:23:11 +00:00
Ronnie Sahlberg
1a6338e9d5
opcode 0x0f is Notify
...
svn path=/trunk/; revision=16468
2005-11-11 08:14:59 +00:00
Ronnie Sahlberg
deadd3c93f
SMB2_FILE_INFO_0a structure which is used with SetInfo to rename a file
...
svn path=/trunk/; revision=16467
2005-11-11 08:04:32 +00:00
Ronnie Sahlberg
8e2ab17da8
dont dereference null pointers
...
svn path=/trunk/; revision=16466
2005-11-11 07:49:13 +00:00
Ronnie Sahlberg
886e149907
the uid is 64 bits
...
svn path=/trunk/; revision=16465
2005-11-11 07:41:09 +00:00
Ronnie Sahlberg
078ef72ee4
break out some structures into packet-smb2.h so we can start tapping in later
...
we will do service-response-time statistics before other inferior products have even noticed a new protocol is in town.
svn path=/trunk/; revision=16463
2005-11-11 03:50:53 +00:00
Ronnie Sahlberg
46f0739541
start decoding SMB2_FILE_INFO_22
...
svn path=/trunk/; revision=16461
2005-11-10 22:46:10 +00:00
Ronnie Sahlberg
b78b018dbc
use the policy_handle framework for dcerpc to trach which frame a policy handle is opened in and which one it is closed in.
...
also attempt to store a name for it like File:foo
but this does not work yet.
svn path=/trunk/; revision=16458
2005-11-10 10:08:32 +00:00
Ronnie Sahlberg
4acbd6bcc9
add initial decode for SMB2_FS_INFO_01
...
svn path=/trunk/; revision=16451
2005-11-09 21:06:06 +00:00
Ronnie Sahlberg
d0a574078d
add decode of SMB2_FS_INFO_05
...
svn path=/trunk/; revision=16450
2005-11-09 20:57:56 +00:00
Ronnie Sahlberg
005fbb5304
add decoding of the create request
...
svn path=/trunk/; revision=16449
2005-11-09 20:37:49 +00:00
Ronnie Sahlberg
8ba0aaf3a9
some more of the never ending stream of smb2 updates
...
svn path=/trunk/; revision=16447
2005-11-09 13:19:57 +00:00
Ronnie Sahlberg
2c0b087fde
add decode of Write commands
...
svn path=/trunk/; revision=16446
2005-11-09 10:18:31 +00:00
Ronnie Sahlberg
d94d156a7a
add support for Close and the new guess that the FID is present in the Find request.
...
Ohoy sailor, we have spotted the concept of current working directory.
does this mean we also get rid of the silly 200-256 byte path length limitation?
svn path=/trunk/; revision=16445
2005-11-09 09:29:41 +00:00
Ronnie Sahlberg
a204fdaea7
dissect more of the SMB2/Close function
...
svn path=/trunk/; revision=16444
2005-11-09 09:14:11 +00:00
Ronnie Sahlberg
53ab6ed970
start dissecting SMB2_FILE_INFO_12
...
svn path=/trunk/; revision=16439
2005-11-08 21:16:36 +00:00
Ronnie Sahlberg
6f2482bc9f
dissect some of GetInfo requests and Replies
...
svn path=/trunk/; revision=16435
2005-11-08 09:20:04 +00:00
Ronnie Sahlberg
f8b4f34276
add a comment to keep the dissector in sync with the wiki
...
rename functions 0x10 and 0x11 to follow the names in the wiki
svn path=/trunk/; revision=16434
2005-11-08 08:53:55 +00:00
Ronnie Sahlberg
b46a5611ed
add a pointer to the wiki for documentation of this protocol
...
svn path=/trunk/; revision=16433
2005-11-08 08:41:42 +00:00
Ronnie Sahlberg
40b13e337f
add dissection of the known parts of negotiate protocol
...
svn path=/trunk/; revision=16432
2005-11-08 08:40:32 +00:00
Ronnie Sahlberg
66d99c3eed
begin dissecting the Find response packet
...
svn path=/trunk/; revision=16427
2005-11-07 21:19:59 +00:00
Ronnie Sahlberg
39ecd87667
dissect the treeconnect request packet
...
svn path=/trunk/; revision=16425
2005-11-07 21:00:09 +00:00
Ronnie Sahlberg
8012fd3cd9
add request response matching so we can start passing info levels around from request to response and start dissecting some of the commands
...
svn path=/trunk/; revision=16424
2005-11-07 20:32:27 +00:00
Ronnie Sahlberg
575907f024
put the error code in col info
...
svn path=/trunk/; revision=16414
2005-11-07 08:57:04 +00:00
Ronnie Sahlberg
0b01ed88cb
smb2 updates, most of the header is now decoded properly
...
svn path=/trunk/; revision=16413
2005-11-07 08:39:23 +00:00
Ronnie Sahlberg
4e954caec3
dissect some of the session setup and the security blob for smb2
...
svn path=/trunk/; revision=16402
2005-11-06 13:04:57 +00:00
Ronnie Sahlberg
3924f02631
dissect the smb2 request/response flag
...
svn path=/trunk/; revision=16401
2005-11-06 11:55:17 +00:00
Ronnie Sahlberg
f449406fee
dissect the smb2 tree id
...
svn path=/trunk/; revision=16400
2005-11-06 11:46:10 +00:00
Ronnie Sahlberg
c44a9aab72
some smb2 updates
...
svn path=/trunk/; revision=16399
2005-11-06 05:32:01 +00:00
Ronnie Sahlberg
dcfb3758cc
add an empty dissector for SMB2
...
svn path=/trunk/; revision=16398
2005-11-06 04:18:13 +00:00