diff options
| -rw-r--r-- | packet-smb-pipe.c | 73 | ||||
| -rw-r--r-- | packet-smb.c | 23 | ||||
| -rw-r--r-- | smb.h | 6 |
3 files changed, 77 insertions, 25 deletions
diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c index 7cb29f4569..d098299b6d 100644 --- a/packet-smb-pipe.c +++ b/packet-smb-pipe.c @@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and * Guy Harris 2001 * - * $Id: packet-smb-pipe.c,v 1.48 2001/11/19 12:34:51 guy Exp $ + * $Id: packet-smb-pipe.c,v 1.49 2001/11/20 06:24:19 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -2588,7 +2588,7 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, proto_tree *pipe_tree = NULL; int offset; int function; - guint16 fid = 0; + int fid = -1; int len; if (!proto_is_protocol_enabled(proto_smb_pipe)) @@ -2608,10 +2608,16 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, smb_info->request ? "Request" : "Response"); } + if (smb_info->sip != NULL) + tri = smb_info->sip->extra_info; + else + tri = NULL; + /* * Set up a subtree for the pipe data, if there is any. */ - if (s_tvb != NULL || tvb_length(sp_tvb) != 0) { + if (s_tvb != NULL || tvb_length(sp_tvb) != 0 || + (tri != NULL && tri->function != -1)) { if (tree) { pipe_item = proto_tree_add_item(tree, proto_smb_pipe, sp_tvb, 0, tvb_length(sp_tvb), FALSE); @@ -2636,6 +2642,8 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, val_to_str(function, functions, "Unknown function (0x%04x)"), smb_info->request ? "Request" : "Response"); } + if (tri != NULL) + tri->function = function; /* * The second of them depends on the function. @@ -2648,7 +2656,7 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, * It's a priority. */ proto_tree_add_item(pipe_tree, hf_pipe_priority, s_tvb, - 2, 2, TRUE); + offset, 2, TRUE); break; case PEEK_NM_PIPE: @@ -2662,7 +2670,16 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, * It's a FID. */ fid = tvb_get_letohs(s_tvb, 2); - add_fid(s_tvb, pinfo, pipe_tree, 2, fid); + add_fid(s_tvb, pinfo, pipe_tree, offset, 2, fid); + if (tri != NULL) + tri->fid = fid; + break; + + default: + /* + * It's something unknown. + * XXX - put it into the tree? + */ break; } offset += 2; @@ -2676,8 +2693,22 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, * In the latter case, we could get that information from * the matching request, if we saw it. (XXX - do that.) */ - function = -1; - fid = 0; + if (tri != NULL && tri->function != -1) { + function = tri->function; + proto_tree_add_uint(pipe_tree, hf_pipe_function, sp_tvb, + 0, 0, function); + if (check_col(pinfo->fd, COL_INFO)) { + col_add_fstr(pinfo->fd, COL_INFO, "%s %s", + val_to_str(function, functions, "Unknown function (0x%04x)"), + smb_info->request ? "Request" : "Response"); + } + fid = tri->fid; + if (fid != -1) + add_fid(sp_tvb, pinfo, pipe_tree, 0, 0, fid); + } else { + function = -1; + fid = -1; + } } /* @@ -2685,10 +2716,6 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, * that requires us to fetch a possibly-Unicode string. */ - if (smb_info->sip != NULL) - tri = smb_info->sip->extra_info; - else - tri = NULL; if(smb_info->request){ if(strncmp(pipe,"LANMAN",6) == 0){ tri->trans_subcmd=PIPE_LANMAN; @@ -2708,16 +2735,36 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, switch (function) { - case -1: case CALL_NM_PIPE: case TRANSACT_NM_PIPE: switch(tri->trans_subcmd){ + case PIPE_LANMAN: return dissect_pipe_lanman(pd_tvb, p_tvb, d_tvb, pinfo, tree); break; + case PIPE_MSRPC: - return dissect_pipe_msrpc(d_tvb, pinfo, tree, fid); + /* + * Only dissect this if we know the FID. + */ + if (fid != -1) { + return dissect_pipe_msrpc(d_tvb, pinfo, tree, + fid); + } + break; + } + break; + + case -1: + /* + * We don't know the function; we dissect only LANMAN + * pipe messages, not RPC pipe messages, in that case. + */ + switch(tri->trans_subcmd){ + case PIPE_LANMAN: + return dissect_pipe_lanman(pd_tvb, p_tvb, d_tvb, pinfo, + tree); break; } break; diff --git a/packet-smb.c b/packet-smb.c index af163ba06b..16dfd765e3 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb.c,v 1.160 2001/11/19 11:41:51 guy Exp $ + * $Id: packet-smb.c,v 1.161 2001/11/20 06:24:19 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -2431,9 +2431,9 @@ dissect_open_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i void add_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, - guint16 fid) + int len, guint16 fid) { - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, len, fid); if (check_col(pinfo->fd, COL_INFO)) col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); } @@ -2449,7 +2449,7 @@ dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* fid */ fid = tvb_get_letohs(tvb, offset); - add_fid(tvb, pinfo, tree, offset, fid); + add_fid(tvb, pinfo, tree, offset, 2, fid); offset += 2; /* File Attributes */ @@ -2483,7 +2483,7 @@ dissect_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, pro /* fid */ fid = tvb_get_letohs(tvb, offset); - add_fid(tvb, pinfo, tree, offset, fid); + add_fid(tvb, pinfo, tree, offset, 2, fid); offset += 2; BYTE_COUNT; @@ -3039,7 +3039,7 @@ dissect_create_temporary_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree /* fid */ fid = tvb_get_letohs(tvb, offset); - add_fid(tvb, pinfo, tree, offset, fid); + add_fid(tvb, pinfo, tree, offset, 2, fid); offset += 2; BYTE_COUNT; @@ -4402,7 +4402,7 @@ dissect_open_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* fid */ fid = tvb_get_letohs(tvb, offset); - add_fid(tvb, pinfo, tree, offset, fid); + add_fid(tvb, pinfo, tree, offset, 2, fid); offset += 2; /* File Attributes */ @@ -6629,7 +6629,7 @@ dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, int offset, p /* fid */ fid = tvb_get_letohs(tvb, offset); - add_fid(tvb, pinfo, tree, offset, fid); + add_fid(tvb, pinfo, tree, offset, 2, fid); offset += 2; /* create action */ @@ -7265,7 +7265,7 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t /* fid */ fid = tvb_get_letohs(tvb, offset); - add_fid(tvb, pinfo, tree, offset, fid); + add_fid(tvb, pinfo, tree, offset, 2, fid); offset += 2; /* create action */ @@ -9204,6 +9204,9 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, */ tri = g_mem_chunk_alloc(smb_transact_info_chunk); tri->subcmd = -1; + tri->trans_subcmd = -1; + tri->function = -1; + tri->fid = -1; tri->lanman_cmd = 0; tri->param_descrip = NULL; tri->data_descrip = NULL; @@ -10352,7 +10355,7 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot case 0x00: /*TRANS2_OPEN2*/ /* fid */ fid = tvb_get_letohs(tvb, offset); - add_fid(tvb, pinfo, tree, offset, fid); + add_fid(tvb, pinfo, tree, offset, 2, fid); offset += 2; /* File Attributes */ @@ -2,7 +2,7 @@ * Defines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: smb.h,v 1.23 2001/11/19 10:06:42 guy Exp $ + * $Id: smb.h,v 1.24 2001/11/20 06:24:20 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -646,6 +646,8 @@ typedef struct { typedef struct { int subcmd; int trans_subcmd; + int function; + int fid; guint16 lanman_cmd; guchar *param_descrip; /* Keep these descriptors around */ guchar *data_descrip; @@ -672,6 +674,6 @@ typedef struct smb_info { * Add a FID to the protocol tree and the Info column. */ extern void add_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - int offset, guint16 fid); + int offset, int len, guint16 fid); #endif |