Format of the data is described by MS-SQOS document -
see https://msdn.microsoft.com/en-us/library/mt226249.aspx
Both v1.0 and v1.1 are handled.
Also few cosmetic fixes for
dissect_smb2_FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT
Bug: 13417
Change-Id: If7b793042257112d8f16f739d09aafe168443960
Reviewed-on: https://code.wireshark.org/review/20156
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Removed all guards for HAVE_LIBGCRYPT, change autotools and CMake to
error out if it is not available. Update release notes, developer
documentation and README with the new status. Clarify relation with
GnuTLS in macosx-setup.sh. Install Libgcrypt via brew script.
Motivation for this change is that many dissectors depend on Libgcrypt
and having it optional increases the maintenance burden (there have been
several compile issues in the past due to the optional status).
Furthermore, wsutil has crypto code that can be replaced by Libgcrypt.
Change-Id: Idf0021b8c4cd5db70b8766f7dcc2a8b3acbf042f
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20030
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Added META_OPERATION_START (Resize, ConvertToVHDSet)
Added META_OPERATION_QUERY_PROGRESS
Added QUERY_SAFE_SIZE
Minor fixes:
Using GUID data type for LinkageID, VirtualDiskId and InitiatorId, not binary blob
Fixed length for SVHDX_TUNNEL_OPERATION_HEADER
Cosmetic: unused var, code makeup
Ping-Bug: 11232
Change-Id: I4ea598367a1c12586501555f4a23d6249057484a
Reviewed-on: https://code.wireshark.org/review/19979
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
DataIn field should be three-state enum (not boolean)
See https://msdn.microsoft.com/en-us/library/dn393496.aspx
Fixed HandleStateShared value of QUERY_SHARED_VIRTUAL_DISK_SUPPORT reply
See https://msdn.microsoft.com/en-us/library/dn409282.aspx
Added VHDSET disk format (used by RSVD v2).
Change-Id: I7a9528e680dd4fede7e982d98316af5ef40cff3b
Reviewed-on: https://code.wireshark.org/review/19964
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Register all reassembly tables with a central unit, allowing the
central unit to have the callback that initializes and destroys
the reassembly tables, rather than have dissectors do it individually.
Change-Id: Ic92619c06fb5ba6f1c3012f613cae14982e101d4
Reviewed-on: https://code.wireshark.org/review/19834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixed FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT dissector
to show fields of response properly - see
https://msdn.microsoft.com/en-us/library/dn409282.aspx
Mapped few SMB2 IOCTL codes related to RSVD to names
(like FSCTL_STORAGE_QOS_CONTROL that is defined by MS-SQOS
as a helper for RSVD protocol)
Added RSVD-specific SMB2 status codes
(used in SMB2 transport when RSVD is in use or inited)
See https://msdn.microsoft.com/en-us/library/dn392518.aspx
Change-Id: I04d80df234505e8b32773ac95cf0b73f07cc5581
Reviewed-on: https://code.wireshark.org/review/19693
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Improved operation_code map to resolve RSVD v2 codes.
Changed GET_FILE_INFO -> GET_INITIAL_INFO for spec conformance.
See https://msdn.microsoft.com/en-us/library/dn392322.aspx
SMB2 IOCTL FSCTL_SVHDX_ASYNC_TUNNEL_REQUEST must be handled in the same way as FSCTL_SVHDX_SYNC_TUNNEL_REQUEST:
RSVD dissector must be used (new async flow used by RSVDv2).
See https://msdn.microsoft.com/en-us/library/dn366375.aspx
Ping-Bug: 11232
Change-Id: Ie51773fc2199a7674538101b87cec398354bd97a
Reviewed-on: https://code.wireshark.org/review/19657
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also adjust the smb2_info_t structure that handles the value.
Bug: 12915
Change-Id: Ia314b8dc840b9d26d2c1d185f06ef93f242a3a7b
Reviewed-on: https://code.wireshark.org/review/19019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also update tfshark to use that code.
Change-Id: Ic03fb8ff48c8bfc460298d180b436e53f0076cbe
Reviewed-on: https://code.wireshark.org/review/18588
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissect SMB2 getinfo request fix-sized parameters according
to [MS-SMB2] section 2.2.37.
This does not include extended attributes at the moment.
Change-Id: I5281edf0c21517cdf43ef00e89b5680b8174c383
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17444
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(actually, in [MS-SMB2] those are called "InfoType" and
"FileInfoClass", respectively)
Change-Id: Id583be4574cea5ce092c374a5624a4bd17d5d4c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17443
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This info appears in the request buffer of setinfo quota,
or in the response buffer of getinfo quota.
Change-Id: I5c8d96a05eddfa123547a7dd2577a01ac8cbd32d
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17442
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2f4878d7b730d626d75ac5ed57a00acc8ec34990
Reviewed-on: https://code.wireshark.org/review/16658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I872baa7bf44cc6c675366206e749c50001cee067
Reviewed-on: https://code.wireshark.org/review/16659
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
FSCTL_GET_REPARSE_POINT/FSCTL_SET_REPARSE_POINT
Change-Id: I3b6230aea2a0027d7b85d35d3aea6385cace569b
Reviewed-on: https://code.wireshark.org/review/16511
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Decode SMB2 ioctl FSCTL_OFFLOAD_WRITE,
and clean up FSCTL_OFFLOAD_READ to use a
common function to print the "token".
Bug: 12482
Change-Id: I397522416e3a8508f5a99b8ac055d1ae17218d21
Reviewed-on: https://code.wireshark.org/review/15663
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12481
Change-Id: I0439b10f99d296a46c93e2ced6094689737d9551
Reviewed-on: https://code.wireshark.org/review/15648
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The SMB2 ioctl FSCTL_SRV_ENUMERATE_SNAPSHOTS is currently
presented as FSCTL_GET_SHADOW_COPY_DATA (incorrect).
Bug: 11405
Change-Id: I7f025d1cf219c583666f4e6faedfc7adc3fbf14b
Reviewed-on: https://code.wireshark.org/review/15582
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SMB2 Notify needs to treat STATUS_NOTIFY_ENUM_DIR the same as success.
MS-SMB2 3.3.4.4 mentions this.
Bug: 12128
Change-Id: I3fea5f958449a469ccf66ea637db2d0db236c464
Reviewed-on: https://code.wireshark.org/review/15584
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0e845668a1b9dbec93ea920a8585ecfe60f001d1
Reviewed-on: https://code.wireshark.org/review/15044
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I69c949821395e3272cbb5bc7c7a142b5482f9d52
Reviewed-on: https://code.wireshark.org/review/14219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Bug: 11933
Change-Id: I7ac03166c4c69a2366da26c44a89aee60116ac7f
Reviewed-on: https://code.wireshark.org/review/13674
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sometimes it isn't actually an error response but a normal packet with a non-zero status code to indicate a warning or information. This should be handled as a normal case and not break the dissection
Change-Id: I7104608d67cbc7528994bd86812ea5241f1e4460
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-on: https://code.wireshark.org/review/12282
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie6f28fd749219ddadc53820f94866e91cca297cb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11596
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In response PDUs we may only get a smb2_fid_info_t
via si->saved->file instead of si->file.
Change-Id: I1e1ecdabec6267f4e4ee9246d020fe6e51a13c1d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11598
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Volodymyr Khomenko