dissect smb2 break responses used by a server to break an oplock
these unsolicited responses are sent with a commandseqnum of -1 so mark these in the header as unsolicited as well
svn path=/trunk/; revision=17820
If the P bit is NOT set, then flag the PID field as "(not valid)"
Sicne the TID might be undefined/0 in the response to a "pending" read
we cant use that solely to determine if a read was for a named/pipe (==dcerpc)
Assume that only NamedPipe reads can be STATUS_PENDING and thus have the P bit set and assume it IS dcerpc if the P bit is set.
svn path=/trunk/; revision=17197
If known put the account name, domain name, host name and which frame the suer authenticated in in an expansion below UID in the SMB2 header
svn path=/trunk/; revision=16723
add TID tracking. for all TreeConnect requests/resposnes seen, store the name->tid mapping and other metadata.
as a freebee the disswection of the tid in the ehader is aware of this table so when a tid value is dissected in the header and we known the name for this tid then put it in an expansion below the tid.
svn path=/trunk/; revision=16483
we can regenerate from the header
we need to remember between request/response
we need on a per conersation bases
to reduce the amount of data we store in the per req/resp pair since there will be many of them and we want that struct as small as possible.
svn path=/trunk/; revision=16482
we will do service-response-time statistics before other inferior products have even noticed a new protocol is in town.
svn path=/trunk/; revision=16463
Ronnie Sahlberg