aboutsummaryrefslogtreecommitdiffstats
path: root/packet-smb.c
diff options
context:
space:
mode:
Diffstat (limited to 'packet-smb.c')
-rw-r--r--packet-smb.c1054
1 files changed, 1051 insertions, 3 deletions
diff --git a/packet-smb.c b/packet-smb.c
index ed71a1c6b6..15130a4c84 100644
--- a/packet-smb.c
+++ b/packet-smb.c
@@ -2,7 +2,7 @@
* Routines for smb packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
- * $Id: packet-smb.c,v 1.12 1999/06/01 20:39:20 guy Exp $
+ * $Id: packet-smb.c,v 1.13 1999/06/28 10:57:57 sharpe Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@unicom.net>
@@ -399,6 +399,781 @@ unicode_to_str(const guint8 *us, int *us_lenp) {
*/
void
+dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
+
+{
+ guint8 WordCount;
+ guint8 BufferFormat3;
+ guint8 BufferFormat2;
+ guint8 BufferFormat1;
+ guint16 TID;
+ guint16 MaxBufferSize;
+ guint16 ByteCount;
+ const char *SharePath;
+ const char *Service;
+ const char *Password;
+
+ if (dirn == 1) { /* Request(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ /* Build display for: BufferFormat1 */
+
+ BufferFormat1 = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "BufferFormat1: %u", BufferFormat1);
+
+ }
+
+ offset += 1; /* Skip BufferFormat1 */
+
+ /* Build display for: Share Path */
+
+ SharePath = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
+
+ }
+
+ offset += strlen(SharePath) + 1; /* Skip Share Path */
+
+ /* Build display for: BufferFormat2 */
+
+ BufferFormat2 = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "BufferFormat2: %u", BufferFormat2);
+
+ }
+
+ offset += 1; /* Skip BufferFormat2 */
+
+ /* Build display for: Password */
+
+ Password = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(Password) + 1, "Password: %s", Password);
+
+ }
+
+ offset += strlen(Password) + 1; /* Skip Password */
+
+ /* Build display for: BufferFormat3 */
+
+ BufferFormat3 = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "BufferFormat3: %u", BufferFormat3);
+
+ }
+
+ offset += 1; /* Skip BufferFormat3 */
+
+ /* Build display for: Service */
+
+ Service = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(Service) + 1, "Service: %s", Service);
+
+ }
+
+ offset += strlen(Service) + 1; /* Skip Service */
+
+ }
+
+ if (dirn == 0) { /* Response(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: Max Buffer Size */
+
+ MaxBufferSize = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
+
+ }
+
+ offset += 2; /* Skip Max Buffer Size */
+
+ /* Build display for: TID */
+
+ TID = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "TID: %u", TID);
+
+ }
+
+ offset += 2; /* Skip TID */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ }
+
+}
+
+/* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
+void
+dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
+
+{
+ proto_tree *Capabilities_tree;
+ proto_item *ti;
+ guint8 WordCount;
+ guint8 AndXReserved;
+ guint8 AndXCommand;
+ guint32 SessionKey;
+ guint32 Reserved;
+ guint32 Capabilities;
+ guint16 VcNumber;
+ guint16 UNICODEAccountPasswordLength;
+ guint16 PasswordLen;
+ guint16 MaxMpxCount;
+ guint16 MaxBufferSize;
+ guint16 ByteCount;
+ guint16 AndXOffset;
+ guint16 Action;
+ guint16 ANSIAccountPasswordLength;
+ const char *UNICODEPassword;
+ const char *PrimaryDomain;
+ const char *NativeOS;
+ const char *NativeLanManType;
+ const char *NativeLanMan;
+ const char *AccountName;
+ const char *ANSIPassword;
+
+ if (dirn == 1) { /* Request(s) dissect code */
+
+ WordCount = GBYTE(pd, offset);
+
+ switch (WordCount) {
+
+ case 10:
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: AndXCommand */
+
+ AndXCommand = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand);
+
+ }
+
+ offset += 1; /* Skip AndXCommand */
+
+ /* Build display for: AndXReserved */
+
+ AndXReserved = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved);
+
+ }
+
+ offset += 1; /* Skip AndXReserved */
+
+ /* Build display for: AndXOffset */
+
+ AndXOffset = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset);
+
+ }
+
+ offset += 2; /* Skip AndXOffset */
+
+ /* Build display for: MaxBufferSize */
+
+ MaxBufferSize = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
+
+ }
+
+ offset += 2; /* Skip MaxBufferSize */
+
+ /* Build display for: MaxMpxCount */
+
+ MaxMpxCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
+
+ }
+
+ offset += 2; /* Skip MaxMpxCount */
+
+ /* Build display for: VcNumber */
+
+ VcNumber = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "VcNumber: %u", VcNumber);
+
+ }
+
+ offset += 2; /* Skip VcNumber */
+
+ /* Build display for: SessionKey */
+
+ SessionKey = GWORD(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 4, "SessionKey: %u", SessionKey);
+
+ }
+
+ offset += 4; /* Skip SessionKey */
+
+ /* Build display for: PasswordLen */
+
+ PasswordLen = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "PasswordLen: %u", PasswordLen);
+
+ }
+
+ offset += 2; /* Skip PasswordLen */
+
+ /* Build display for: Reserved */
+
+ Reserved = GWORD(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 4, "Reserved: %u", Reserved);
+
+ }
+
+ offset += 4; /* Skip Reserved */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ /* Build display for: AccountName */
+
+ AccountName = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
+
+ }
+
+ offset += strlen(AccountName) + 1; /* Skip AccountName */
+
+ /* Build display for: PrimaryDomain */
+
+ PrimaryDomain = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
+
+ }
+
+ offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
+
+ /* Build display for: NativeOS */
+
+ NativeOS = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
+
+ }
+
+ offset += strlen(NativeOS) + 1; /* Skip NativeOS */
+
+ break;
+
+ case 13:
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: AndXCommand */
+
+ AndXCommand = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand);
+
+ }
+
+ offset += 1; /* Skip AndXCommand */
+
+ /* Build display for: AndXReserved */
+
+ AndXReserved = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved);
+
+ }
+
+ offset += 1; /* Skip AndXReserved */
+
+ /* Build display for: AndXOffset */
+
+ AndXOffset = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset);
+
+ }
+
+ offset += 2; /* Skip AndXOffset */
+
+ /* Build display for: MaxBufferSize */
+
+ MaxBufferSize = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
+
+ }
+
+ offset += 2; /* Skip MaxBufferSize */
+
+ /* Build display for: MaxMpxCount */
+
+ MaxMpxCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
+
+ }
+
+ offset += 2; /* Skip MaxMpxCount */
+
+ /* Build display for: VcNumber */
+
+ VcNumber = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "VcNumber: %u", VcNumber);
+
+ }
+
+ offset += 2; /* Skip VcNumber */
+
+ /* Build display for: SessionKey */
+
+ SessionKey = GWORD(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 4, "SessionKey: %u", SessionKey);
+
+ }
+
+ offset += 4; /* Skip SessionKey */
+
+ /* Build display for: ANSI Account Password Length */
+
+ ANSIAccountPasswordLength = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
+
+ }
+
+ offset += 2; /* Skip ANSI Account Password Length */
+
+ /* Build display for: UNICODE Account Password Length */
+
+ UNICODEAccountPasswordLength = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
+
+ }
+
+ offset += 2; /* Skip UNICODE Account Password Length */
+
+ /* Build display for: Reserved */
+
+ Reserved = GWORD(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 4, "Reserved: %u", Reserved);
+
+ }
+
+ offset += 4; /* Skip Reserved */
+
+ /* Build display for: Capabilities */
+
+ Capabilities = GWORD(pd, offset);
+
+ if (tree) {
+
+ ti = proto_tree_add_item(tree, offset, 4, "Capabilities: 0x%04x", Capabilities);
+ Capabilities_tree = proto_tree_new();
+ proto_item_add_subtree(ti, Capabilities_tree, ETT_SMB_CAPABILITIES);
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
+ proto_tree_add_item(Capabilities_tree, offset, 4, "%s",
+ decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
+
+}
+
+ offset += 4; /* Skip Capabilities */
+
+ /* Build display for: Byte Count */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count: %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count */
+
+ /* Build display for: ANSI Password */
+
+ ANSIPassword = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(ANSIPassword) + 1, "ANSI Password: %s", ANSIPassword);
+
+ }
+
+ offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
+
+ /* Build display for: UNICODE Password */
+
+ UNICODEPassword = pd + offset;
+
+ if (UNICODEAccountPasswordLength > 0) {
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(UNICODEPassword) + 1, "UNICODE Password: %s", UNICODEPassword);
+
+ }
+
+ offset += strlen(UNICODEPassword) + 1; /* Skip UNICODE Password */
+
+ }
+
+ /* Build display for: Account Name */
+
+ AccountName = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
+
+ }
+
+ offset += strlen(AccountName) + 1; /* Skip Account Name */
+
+ /* Build display for: Primary Domain */
+
+ PrimaryDomain = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
+
+ }
+
+ offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
+
+ /* Build display for: Native OS */
+
+ NativeOS = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
+
+ }
+
+ offset += strlen(NativeOS) + 1; /* Skip Native OS */
+
+ /* Build display for: Native LanMan Type */
+
+ NativeLanManType = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
+
+ }
+
+ offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
+
+ break;
+
+ }
+
+
+ if (AndXCommand != 0xFF) {
+
+ (dissect[AndXCommand])(pd, offset, fd, tree, max_data, dirn);
+
+ }
+
+ }
+
+ if (dirn == 0) { /* Response(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: AndXCommand */
+
+ AndXCommand = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand);
+
+ }
+
+ offset += 1; /* Skip AndXCommand */
+
+ /* Build display for: AndXReserved */
+
+ AndXReserved = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved);
+
+ }
+
+ offset += 1; /* Skip AndXReserved */
+
+ /* Build display for: AndXOffset */
+
+ AndXOffset = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset);
+
+ }
+
+ offset += 2; /* Skip AndXOffset */
+
+ /* Build display for: Action */
+
+ Action = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Action: %u", Action);
+
+ }
+
+ offset += 2; /* Skip Action */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ /* Build display for: NativeOS */
+
+ NativeOS = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
+
+ }
+
+ offset += strlen(NativeOS) + 1; /* Skip NativeOS */
+
+ /* Build display for: NativeLanMan */
+
+ NativeLanMan = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
+
+ }
+
+ offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
+
+ /* Build display for: PrimaryDomain */
+
+ PrimaryDomain = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
+
+ }
+
+ offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
+
+
+ if (AndXCommand != 0xFF) {
+
+ (dissect[AndXCommand])(pd, offset, fd, tree, max_data, dirn);
+
+ }
+
+ }
+
+}
+
+void
dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
{
@@ -1126,6 +1901,279 @@ dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tr
}
+void
+dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
+
+{
+ guint8 WordCount;
+ guint8 BufferFormat;
+ guint16 ByteCount;
+ const char *DirectoryName;
+
+ if (dirn == 1) { /* Request(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ /* Build display for: Buffer Format */
+
+ BufferFormat = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat);
+
+ }
+
+ offset += 1; /* Skip Buffer Format */
+
+ /* Build display for: Directory Name */
+
+ DirectoryName = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
+
+ }
+
+ offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
+
+ }
+
+ if (dirn == 0) { /* Response(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ }
+
+}
+
+void
+dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
+
+{
+ guint8 WordCount;
+ guint8 BufferFormat;
+ guint16 ByteCount;
+ const char *DirectoryName;
+
+ if (dirn == 1) { /* Request(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ /* Build display for: Buffer Format */
+
+ BufferFormat = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat);
+
+ }
+
+ offset += 1; /* Skip Buffer Format */
+
+ /* Build display for: Directory Name */
+
+ DirectoryName = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
+
+ }
+
+ offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
+
+ }
+
+ if (dirn == 0) { /* Response(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ }
+
+}
+
+void
+dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn)
+
+{
+ guint8 WordCount;
+ guint8 BufferFormat;
+ guint16 ByteCount;
+ const char *DirectoryName;
+
+ if (dirn == 1) { /* Request(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ /* Build display for: Buffer Format */
+
+ BufferFormat = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat);
+
+ }
+
+ offset += 1; /* Skip Buffer Format */
+
+ /* Build display for: Directory Name */
+
+ DirectoryName = pd + offset;
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
+
+ }
+
+ offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
+
+ }
+
+ if (dirn == 0) { /* Response(s) dissect code */
+
+ /* Build display for: Word Count (WCT) */
+
+ WordCount = GBYTE(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount);
+
+ }
+
+ offset += 1; /* Skip Word Count (WCT) */
+
+ /* Build display for: Byte Count (BCC) */
+
+ ByteCount = GSHORT(pd, offset);
+
+ if (tree) {
+
+ proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
+
+ }
+
+ offset += 2; /* Skip Byte Count (BCC) */
+
+ }
+
+}
+
void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, int, int) = {
dissect_unknown_smb, /* unknown SMB 0x00 */
@@ -1240,10 +2288,10 @@ void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, int, int)
dissect_unknown_smb, /* unknown SMB 0x6d */
dissect_unknown_smb, /* unknown SMB 0x6e */
dissect_unknown_smb, /* unknown SMB 0x6f */
- dissect_unknown_smb, /* SMBtcon tree connect */
+ dissect_treecon_smb, /* SMBtcon tree connect */
dissect_unknown_smb, /* SMBtdis tree disconnect */
dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
- dissect_unknown_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
+ dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
dissect_unknown_smb, /* unknown SMB 0x74 */
dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
dissect_unknown_smb, /* unknown SMB 0x76 */