diff options
author | Guy Harris <guy@alum.mit.edu> | 2001-09-29 01:44:09 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2001-09-29 01:44:09 +0000 |
commit | a6c48da6a31da00c6e32830db47550e0e5bb39e4 (patch) | |
tree | 887f597aa6c76371ca09a26afb27a7b62060371c /packet-smb.c | |
parent | 0102e0c783324875d19d6290c63121edc827f0a5 (diff) |
Use tvbuff routines to extract data from the SMB header.
svn path=/trunk/; revision=3974
Diffstat (limited to 'packet-smb.c')
-rw-r--r-- | packet-smb.c | 122 |
1 files changed, 57 insertions, 65 deletions
diff --git a/packet-smb.c b/packet-smb.c index b186bbc63d..057d94c08a 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb.c,v 1.119 2001/09/29 01:19:00 guy Exp $ + * $Id: packet-smb.c,v 1.120 2001/09/29 01:44:09 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -12453,27 +12453,21 @@ static const value_string NT_errors[] = { static gboolean dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - const u_char *pd; - int offset; + int offset = 0; + struct smb_info si; + static const char smb_signature[4] = { 0xFF, 'S', 'M', 'B' }; proto_tree *smb_tree = tree, *smb_hdr_tree = NULL, *flags_tree, *flags2_tree; proto_item *ti, *tf, *th; guint8 cmd, errcls, errcode1, flags; guint16 flags2, errcode, tid, pid, uid, mid; guint32 status; + const u_char *pd; int SMB_offset; - struct smb_info si; - static const char smb_signature[4] = { 0xFF, 'S', 'M', 'B' }; - - /* - * Get old-style information from the tvbuff we've been handed. - */ - tvb_compat(tvb, &pd, &offset); - SMB_offset = offset; /* OK, is this an SMB message? */ - if (!BYTES_ARE_IN_FRAME(SMB_offset, 4)) + if (!tvb_bytes_exist(tvb, 0, 4)) return FALSE; - if (memcmp(&pd[SMB_offset], smb_signature, 4) != 0) { + if (memcmp(tvb_get_ptr(tvb, 0, 4), smb_signature, 4) != 0) { /* No. */ return FALSE; } @@ -12482,11 +12476,12 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) si.unicode = FALSE; si.ddisp = 0; - cmd = pd[offset + SMB_hdr_com_offset]; - if (check_col(pinfo->fd, COL_PROTOCOL)) col_set_str(pinfo->fd, COL_PROTOCOL, "SMB"); + if (check_col(pinfo->fd, COL_INFO)) + col_clear(pinfo->fd, COL_INFO); + cmd = tvb_get_guint8(tvb, SMB_hdr_com_offset); if (check_col(pinfo->fd, COL_INFO)) { col_add_fstr(pinfo->fd, COL_INFO, "%s", decode_smb_name(cmd)); @@ -12495,7 +12490,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (tree) { - ti = proto_tree_add_item(tree, proto_smb, NullTVB, offset, END_OF_FRAME, FALSE); + ti = proto_tree_add_item(tree, proto_smb, tvb, offset, tvb_length(tvb), FALSE); smb_tree = proto_item_add_subtree(ti, ett_smb); th = proto_tree_add_text(smb_tree, NullTVB, offset, 32, "SMB Header"); @@ -12506,8 +12501,8 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * component ... SMB is only one used */ - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 1, "Message Type: 0xFF"); - proto_tree_add_text(smb_hdr_tree, NullTVB, offset+1, 3, "Server Component: SMB"); + proto_tree_add_text(smb_hdr_tree, tvb, offset, 1, "Message Type: 0xFF"); + proto_tree_add_text(smb_hdr_tree, tvb, offset+1, 3, "Server Component: SMB"); } @@ -12515,7 +12510,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (tree) { - proto_tree_add_uint(smb_hdr_tree, hf_smb_cmd, NullTVB, offset, 1, cmd); + proto_tree_add_uint(smb_hdr_tree, hf_smb_cmd, tvb, offset, 1, cmd); } @@ -12524,17 +12519,14 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Get flags2; we need it to know whether the error code is an NT error code or a DOS error code. */ - if (!BYTES_ARE_IN_FRAME(SMB_offset + 10, 2)) - return TRUE; - - flags2 = GSHORT(pd, SMB_offset + 10); + flags2 = tvb_get_letohs(tvb, 10); /* Handle error code */ if (flags2 & 0x4000) { /* handle NT 32 bit error code */ - status = GWORD(pd, offset); + status = tvb_get_letohl(tvb, offset); if (tree) { @@ -12542,7 +12534,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * XXX - break the value down into severity code, * customer code, facility, and error? */ - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 4, + proto_tree_add_text(smb_hdr_tree, tvb, offset, 4, "Status: %s (0x%08X)", val_to_str(status, NT_errors, "Unknown"), status); @@ -12557,33 +12549,33 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Next, look at the error class, SMB_RETCLASS */ - errcls = pd[offset]; + errcls = tvb_get_guint8(tvb, offset); if (tree) { - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 1, "Error Class: %s", - val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)")); + proto_tree_add_text(smb_hdr_tree, tvb, offset, 1, "Error Class: %s", + val_to_str(errcls, errcls_types, "Unknown Error Class (%x)")); } offset += 1; /* Error code, SMB_HEINFO ... */ - errcode1 = pd[offset]; + errcode1 = tvb_get_guint8(tvb, offset); if (tree) { - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 1, "Reserved: %i", errcode1); + proto_tree_add_text(smb_hdr_tree, tvb, offset, 1, "Reserved: %i", errcode1); } offset += 1; - errcode = GSHORT(pd, offset); + errcode = tvb_get_letohs(tvb, offset); if (tree) { - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 2, "Error Code: %s", + proto_tree_add_text(smb_hdr_tree, tvb, offset, 2, "Error Code: %s", decode_smb_error(errcls, errcode)); } @@ -12593,7 +12585,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */ - flags = pd[offset]; + flags = tvb_get_guint8(tvb, offset); si.request = !(flags&SMB_FLAGS_DIRN); if (check_col(pinfo->fd, COL_INFO)) { @@ -12604,35 +12596,35 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (tree) { - tf = proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 1, "Flags: 0x%02x", flags); + tf = proto_tree_add_text(smb_hdr_tree, tvb, offset, 1, "Flags: 0x%02x", flags); flags_tree = proto_item_add_subtree(tf, ett_smb_flags); - proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s", + proto_tree_add_text(flags_tree, tvb, offset, 1, "%s", decode_boolean_bitfield(flags, 0x01, 8, "Lock&Read, Write&Unlock supported", "Lock&Read, Write&Unlock not supported")); - proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s", + proto_tree_add_text(flags_tree, tvb, offset, 1, "%s", decode_boolean_bitfield(flags, 0x02, 8, "Receive buffer posted", "Receive buffer not posted")); - proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s", + proto_tree_add_text(flags_tree, tvb, offset, 1, "%s", decode_boolean_bitfield(flags, 0x08, 8, "Path names caseless", "Path names case sensitive")); - proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s", + proto_tree_add_text(flags_tree, tvb, offset, 1, "%s", decode_boolean_bitfield(flags, 0x10, 8, "Pathnames canonicalized", "Pathnames not canonicalized")); - proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s", + proto_tree_add_text(flags_tree, tvb, offset, 1, "%s", decode_boolean_bitfield(flags, 0x20, 8, "OpLocks requested/granted", "OpLocks not requested/granted")); - proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s", + proto_tree_add_text(flags_tree, tvb, offset, 1, "%s", decode_boolean_bitfield(flags, 0x40, 8, "Notify all", "Notify open only")); - proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s", + proto_tree_add_text(flags_tree, tvb, offset, 1, "%s", decode_boolean_bitfield(flags, SMB_FLAGS_DIRN, 8, "Response to client/redirector", "Request to server")); @@ -12644,38 +12636,38 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (tree) { - tf = proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 2, "Flags2: 0x%04x", flags2); + tf = proto_tree_add_text(smb_hdr_tree, tvb, offset, 2, "Flags2: 0x%04x", flags2); flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2); - proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s", + proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s", decode_boolean_bitfield(flags2, 0x0001, 16, "Long file names supported", "Long file names not supported")); - proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s", + proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s", decode_boolean_bitfield(flags2, 0x0002, 16, "Extended attributes supported", "Extended attributes not supported")); - proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s", + proto_tree_add_text(flags2_tree, tvb, offset, 1, "%s", decode_boolean_bitfield(flags2, 0x0004, 16, "Security signatures supported", "Security signatures not supported")); - proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s", + proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s", decode_boolean_bitfield(flags2, 0x0800, 16, "Extended security negotiation supported", "Extended security negotiation not supported")); - proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s", + proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s", decode_boolean_bitfield(flags2, 0x1000, 16, "Resolve pathnames with DFS", "Don't resolve pathnames with DFS")); - proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s", + proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s", decode_boolean_bitfield(flags2, 0x2000, 16, "Permit reads if execute-only", "Don't permit reads if execute-only")); - proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s", + proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s", decode_boolean_bitfield(flags2, 0x4000, 16, "Error codes are NT error codes", "Error codes are DOS error codes")); - proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s", + proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s", decode_boolean_bitfield(flags2, 0x8000, 16, "Strings are Unicode", "Strings are ASCII")); @@ -12716,7 +12708,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * IPX_SOCKET_NWLINK_SMB_SERVER or IPX_SOCKET_NWLINK_SMB_REDIR * or, if it also uses 0x0554, IPX_SOCKET_NWLINK_SMB_MESSENGER). */ - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 12, "Reserved: 6 WORDS"); + proto_tree_add_text(smb_hdr_tree, tvb, offset, 12, "Reserved: 6 WORDS"); } @@ -12724,15 +12716,12 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Now the TID, tree ID */ - if (!BYTES_ARE_IN_FRAME(offset, 2)) - return TRUE; - - tid = GSHORT(pd, offset); + tid = tvb_get_letohs(tvb, offset); si.tid = tid; if (tree) { - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid); + proto_tree_add_text(smb_hdr_tree, tvb, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid); } @@ -12740,15 +12729,12 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Now the PID, Process ID */ - if (!BYTES_ARE_IN_FRAME(offset, 2)) - return TRUE; - - pid = GSHORT(pd, offset); + pid = tvb_get_letohs(tvb, offset); si.pid = pid; if (tree) { - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 2, "Process ID (PID): %i (%04x)", pid, pid); + proto_tree_add_text(smb_hdr_tree, tvb, offset, 2, "Process ID (PID): %i (%04x)", pid, pid); } @@ -12756,12 +12742,12 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Now the UID, User ID */ - uid = GSHORT(pd, offset); + uid = tvb_get_letohs(tvb, offset); si.uid = uid; if (tree) { - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 2, "User ID (UID): %i (%04x)", uid, uid); + proto_tree_add_text(smb_hdr_tree, tvb, offset, 2, "User ID (UID): %i (%04x)", uid, uid); } @@ -12769,17 +12755,23 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Now the MID, Multiplex ID */ - mid = GSHORT(pd, offset); + mid = tvb_get_letohs(tvb, offset); si.mid = mid; if (tree) { - proto_tree_add_text(smb_hdr_tree, NullTVB, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid); + proto_tree_add_text(smb_hdr_tree, tvb, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid); } offset += 2; + /* + * Get old-style information from the tvbuff we've been handed. + */ + tvb_compat(tvb, &pd, &SMB_offset); + offset += SMB_offset; + /* Now vector through the table to dissect them */ (dissect[cmd])(pd, offset, pinfo->fd, tree, smb_tree, si, |