osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
16,186 Commits 26 Branches 0 Tags 795 MiB
Commit Graph

51 Commits

Author SHA1 Message Date
Ronnie Sahlberg 5d24bf785a start updating the dissector from wiki updates done 
svn path=/trunk/; revision=16527
 2005-11-17 07:04:41 +00:00
Ronnie Sahlberg 04f785f836 add dissection of buffercode 
according to
wiki.etehreal.com/SMB2/BufferCode



svn path=/trunk/; revision=16512
 2005-11-16 10:59:41 +00:00
Ronnie Sahlberg 5bc41c76b0 add decoding of extended attributes 
svn path=/trunk/; revision=16506
 2005-11-15 08:49:34 +00:00
Ronnie Sahlberg ae6cc5a6f2 some more infol;evels decoded 
svn path=/trunk/; revision=16503
 2005-11-14 12:06:39 +00:00
Ronnie Sahlberg 5244ca9cdd prettify read/write 
svn path=/trunk/; revision=16497
 2005-11-12 23:17:06 +00:00
Ronnie Sahlberg 6124eac224 prettify smb2 
always put the filename in col_info if it is known

for getinfo/setinfo  put the class/level in colinfo as well.


this makes it very easy to see in the packet summary which file a icommand applies to and what kind of info is requested



svn path=/trunk/; revision=16496
 2005-11-12 23:05:29 +00:00
Ronnie Sahlberg 5940b03d12 if we get the error BUTTER_TOO_SMALL coming back in a getinfo reply the data will just be 4 bytes and will contain the required buffer size 
svn path=/trunk/; revision=16493
 2005-11-12 21:14:17 +00:00
Ronnie Sahlberg 0097584f2e the timestamps of negprot are known 
svn path=/trunk/; revision=16491
 2005-11-12 11:42:06 +00:00
Ronnie Sahlberg 15f13b23a0 improve the dissection of Create and fill in most of the fields 
svn path=/trunk/; revision=16490
 2005-11-12 11:27:34 +00:00
Ronnie Sahlberg 8b68d91039 dissect more of Close request/response 
svn path=/trunk/; revision=16487
 2005-11-12 10:07:12 +00:00
Ronnie Sahlberg 728323e533 add initial decode of dcerpc over smb2 
it does not yet multiplex between different files   but it is better than nothing


svn path=/trunk/; revision=16484
 2005-11-12 08:48:02 +00:00
Ronnie Sahlberg bc6cb5d6ad in order to handle dcerpc over smb2 later and to make the heuristics stronger for determining what might and what might not be a pipe 
add   TID tracking.   for all TreeConnect requests/resposnes seen,   store the name->tid mapping and other metadata.


as a freebee    the disswection of the tid in the ehader is aware of this table so when a tid value is dissected in the header and we known the name for this tid   then put it in an expansion below the tid.




svn path=/trunk/; revision=16483
 2005-11-12 07:45:01 +00:00
Ronnie Sahlberg 9ca683a249 start separating things out into structures 
we can regenerate from the header
we need to remember between request/response
we need on a per conersation bases

to reduce the amount of data we store in the per req/resp  pair  since there will be many of them and we want that struct as small as possible.




svn path=/trunk/; revision=16482
 2005-11-12 04:23:52 +00:00
Jörg Mayer 66df615702 Propset svn:... 
svn path=/trunk/; revision=16478
 2005-11-12 00:25:27 +00:00
Ronnie Sahlberg ebcdb60414 in smb2 the file handles are not normal context handles they are just a guid 
make them a guid in smb2 dissector and make tim pottesr excellent conmtext handle tracking also able to do the same thing for GUIDs


( a context handle is just a 32 biut attribute field followed by a uuid anyway)




svn path=/trunk/; revision=16477
 2005-11-11 22:12:10 +00:00
Ronnie Sahlberg 574717c28d start decoding notify requests 
svn path=/trunk/; revision=16475
 2005-11-11 12:49:42 +00:00
Ronnie Sahlberg 756520be42 dissect READ packets 
svn path=/trunk/; revision=16474
 2005-11-11 11:35:10 +00:00
Ronnie Sahlberg 6250873db4 write offset is 32 bits so is write length 
svn path=/trunk/; revision=16473
 2005-11-11 11:14:14 +00:00
Ronnie Sahlberg eae75ff28b add allocation size 
svn path=/trunk/; revision=16472
 2005-11-11 11:03:00 +00:00
Ronnie Sahlberg ec327c0a14 add decode of endoffile for file infolevel 0x12 
svn path=/trunk/; revision=16471
 2005-11-11 10:26:36 +00:00
Ronnie Sahlberg b358df838c class:3 level:0 is just a normal nt security descvriptor 
svn path=/trunk/; revision=16470
 2005-11-11 09:09:31 +00:00
Ronnie Sahlberg e85060f171 opcode 0x0c is Cancel 
svn path=/trunk/; revision=16469
 2005-11-11 08:23:11 +00:00
Ronnie Sahlberg 1a6338e9d5 opcode 0x0f is Notify 
svn path=/trunk/; revision=16468
 2005-11-11 08:14:59 +00:00
Ronnie Sahlberg deadd3c93f SMB2_FILE_INFO_0a structure which is used with SetInfo to rename a file 
svn path=/trunk/; revision=16467
 2005-11-11 08:04:32 +00:00
Ronnie Sahlberg 8e2ab17da8 dont dereference null pointers 
svn path=/trunk/; revision=16466
 2005-11-11 07:49:13 +00:00
Ronnie Sahlberg 886e149907 the uid is 64 bits 
svn path=/trunk/; revision=16465
 2005-11-11 07:41:09 +00:00
Ronnie Sahlberg 078ef72ee4 break out some structures into packet-smb2.h so we can start tapping in later 
we will do service-response-time   statistics before other inferior products have even noticed a new protocol is in town.




svn path=/trunk/; revision=16463
 2005-11-11 03:50:53 +00:00
Ronnie Sahlberg 46f0739541 start decoding SMB2_FILE_INFO_22 
svn path=/trunk/; revision=16461
 2005-11-10 22:46:10 +00:00
Ronnie Sahlberg b78b018dbc use the policy_handle framework for dcerpc to trach which frame a policy handle is opened in and which one it is closed in. 
also attempt to store a name for it   like File:foo


but this does not work yet.




svn path=/trunk/; revision=16458
 2005-11-10 10:08:32 +00:00
Ronnie Sahlberg 4acbd6bcc9 add initial decode for SMB2_FS_INFO_01 
svn path=/trunk/; revision=16451
 2005-11-09 21:06:06 +00:00
Ronnie Sahlberg d0a574078d add decode of SMB2_FS_INFO_05 
svn path=/trunk/; revision=16450
 2005-11-09 20:57:56 +00:00
Ronnie Sahlberg 005fbb5304 add decoding of the create request 
svn path=/trunk/; revision=16449
 2005-11-09 20:37:49 +00:00
Ronnie Sahlberg 8ba0aaf3a9 some more of the never ending stream of smb2 updates 
svn path=/trunk/; revision=16447
 2005-11-09 13:19:57 +00:00
Ronnie Sahlberg 2c0b087fde add decode of Write commands 
svn path=/trunk/; revision=16446
 2005-11-09 10:18:31 +00:00
Ronnie Sahlberg d94d156a7a add support for Close and the new guess that the FID is present in the Find request. 
Ohoy sailor,    we have spotted the concept of current working directory.

does this mean we also get rid of the silly 200-256 byte path length limitation?




svn path=/trunk/; revision=16445
 2005-11-09 09:29:41 +00:00
Ronnie Sahlberg a204fdaea7 dissect more of the SMB2/Close function 
svn path=/trunk/; revision=16444
 2005-11-09 09:14:11 +00:00
Ronnie Sahlberg 53ab6ed970 start dissecting SMB2_FILE_INFO_12 
svn path=/trunk/; revision=16439
 2005-11-08 21:16:36 +00:00
Ronnie Sahlberg 6f2482bc9f dissect some of GetInfo requests and Replies 
svn path=/trunk/; revision=16435
 2005-11-08 09:20:04 +00:00
Ronnie Sahlberg f8b4f34276 add a comment to keep the dissector in sync with the wiki 
rename functions 0x10 and 0x11 to follow the names in the wiki



svn path=/trunk/; revision=16434
 2005-11-08 08:53:55 +00:00
Ronnie Sahlberg b46a5611ed add a pointer to the wiki for documentation of this protocol 
svn path=/trunk/; revision=16433
 2005-11-08 08:41:42 +00:00
Ronnie Sahlberg 40b13e337f add dissection of the known parts of negotiate protocol 
svn path=/trunk/; revision=16432
 2005-11-08 08:40:32 +00:00
Ronnie Sahlberg 66d99c3eed begin dissecting the Find response packet 
svn path=/trunk/; revision=16427
 2005-11-07 21:19:59 +00:00
Ronnie Sahlberg 39ecd87667 dissect the treeconnect request packet 
svn path=/trunk/; revision=16425
 2005-11-07 21:00:09 +00:00
Ronnie Sahlberg 8012fd3cd9 add request response matching so we can start passing info levels around from request to response and start dissecting some of the commands 
svn path=/trunk/; revision=16424
 2005-11-07 20:32:27 +00:00
Ronnie Sahlberg 575907f024 put the error code in col info 
svn path=/trunk/; revision=16414
 2005-11-07 08:57:04 +00:00
Ronnie Sahlberg 0b01ed88cb smb2 updates, most of the header is now decoded properly 
svn path=/trunk/; revision=16413
 2005-11-07 08:39:23 +00:00
Ronnie Sahlberg 4e954caec3 dissect some of the session setup and the security blob for smb2 
svn path=/trunk/; revision=16402
 2005-11-06 13:04:57 +00:00
Ronnie Sahlberg 3924f02631 dissect the smb2 request/response flag 
svn path=/trunk/; revision=16401
 2005-11-06 11:55:17 +00:00
Ronnie Sahlberg f449406fee dissect the smb2 tree id 
svn path=/trunk/; revision=16400
 2005-11-06 11:46:10 +00:00
Ronnie Sahlberg c44a9aab72 some smb2 updates 
svn path=/trunk/; revision=16399
 2005-11-06 05:32:01 +00:00