aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-smb2.h
AgeCommit message (Collapse)AuthorFilesLines
2016-12-02Make SMB2 MessageId field a FT_UINT64Michael Mann1-1/+1
Also adjust the smb2_info_t structure that handles the value. Bug: 12915 Change-Id: Ia314b8dc840b9d26d2c1d185f06ef93f242a3a7b Reviewed-on: https://code.wireshark.org/review/19019 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-26packet-smb2: fix data type of share_typeHiroshi Ioka1-1/+1
According to spec, https://msdn.microsoft.com/en-us/library/cc246499.aspx share_type uses 1 byte. But, current implementation allocates 2 bytes for it. Change-Id: Ibf55c49168a417c16bde57aad368a1265040afae Reviewed-on: https://code.wireshark.org/review/16695 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-03-02SMB2: fix Uninitialized variables (UNINIT) (CID 1354418)Alexis La Goutte1-1/+0
Change-Id: I69c949821395e3272cbb5bc7c7a142b5482f9d52 Reviewed-on: https://code.wireshark.org/review/14219 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
2015-10-29packet-smb2: display SMB2_FLAGS_PRIORITY_MASK in the headerStefan Metzmacher1-0/+9
Change-Id: I6bae88395f46de0bc4c790ca41914c75e6c98793 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/11359 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-10-29packet-smb2: maintain a smb2_fid_info per open fileStefan Metzmacher1-0/+12
This can we used as salt for dcerpc connections over smb2. The key is that we identify an open by the combination of session_id, tree_id, persistent file_id and volative file_id. As some broken implementations make the file_ids only unique per tree connect. Change-Id: I85cab68503560840a98d2d8d6c21b447b4242e3c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/11358 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-07-25MSWSP: Initial implementation of MS-WSP (windows search protocol) dissectorGregor Beck1-1/+1
This changeset is a forward port of Gregors ms-wsp branch from his repo http://repo.or.cz/w/wireshark-wip.git. Most of the messages of the MS-WSP protocol are implemented here and as such consists of the majority of the changes for the dissector. In addition to the forward porting Gregors work I added some extra bits 1) cater for SMB2 Read Response and Write Request msgs that can also contain MSWSP messages 2) update property specifications with info extracted from MS-WSP protocol doc 3) store some basic data about previously seen messages that are needed for dissecting CPMGetRows request 4) expand/update dissect_CPMSetBindings & parse_CTableColumn routines 5) parse and store CTableColumn & CPMSetBindingsIn structures in conversation related data for use later. 6) fully dissect/parse SeekDesciption of CPMGetRowsOut 7) dissect CPMGetRows out message specifically the Rows & Columns 8) flesh out the boolean properties of uBooleanOptions field 9) flesh out various other dissectors: CPMRatioFinished CPMRestartPosition CPMCompareBmkIn/CPMCompareBmkOut CPMGetApproximatePosition CPMGetSendNotifyOut FindIndicesIn/Out FetchValue Bug: 11321 Change-Id: I68b5c2f3e63874c1dbb271feab89b2b8aa65ac39 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-on: https://code.wireshark.org/review/9440 Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-04Remove all $Id$ from top of fileAlexis La Goutte1-2/+0
(Using sed : sed -i '/^ \* \$Id\$/,+1 d') Fix manually some typo (in export_object_dicom.c and crc16-plain.c) Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8 Reviewed-on: https://code.wireshark.org/review/497 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2013-08-01As pointed out in ↵Jeff Morriss1-3/+3
https://www.wireshark.org/lists/wireshark-dev/201307/msg00250.html : r51066 should have also updated the hf_ variable name, comments, and a couple of data structures. (I don't know this protocol so these changes are basically a half-educated global search-n-replace.) svn path=/trunk/; revision=51080
2013-03-17From beroset:Anders Broman1-1/+1
remove C++ incompatibilities https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416 svn path=/trunk/; revision=48355
2013-03-09From Jose Pico via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8377 ↵Alexis La Goutte1-0/+64
NEW FEATURE IMPLEMENTED: SMB2 SUPPORT FOR EXPORT->OBJECTS->SMB Added functionality: - SMB2 support for Export->Objects->SMB - support for SMB_COM_CREATE, SMB_COM_OPEN, SMB_COM_READ and SMB_COM_WRITE commands - Ability to choose between File Id and full file name as identifier for file re-building. Implemented as an option under Edit->Preferences->Protocols->SMB and Edit->Preferences->Protocols->SMB2. Other minor changes and fixes: - Full filename in file - Inclusion of IP of SMB server when treeid name (i.e. hostname) is not known - UTF-8 filenames encoding before passing them to Export Object Window - Re-written insert_chunk function of export_object_smb.c to make it easier to debug - Fixed of an error in insert_chunk function of export_object_smb.c (the verification of next free_chunk was always skipped after deleting one free_chunk). - Removed duplicated code by inserting the function feed_eo_smb in packet-smb.c and packet-smb2.c - Changed the label of Export->Objects->SMB menu into Export->Objects->SMB/SMB2 svn path=/trunk/; revision=48210
2013-03-01Export libwireshark symbols using WS_DLL_PUBLIC defineBalint Reczey1-1/+1
Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2012-08-16From Stefan Metzmacher: Updates for the SMB2/3Bill Meier1-1/+7
This patches add some missing things for SMB2/3 and support for decryption of SMB3 traffic https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7645 From me: Change an initializer from C99 to C89 style (since the Microsoft compiler doesn't support C99). svn path=/trunk/; revision=44542
2012-06-28Update Free Software Foundation address.Jakub Zawadzki1-1/+1
(COPYING will be updated in next commit) svn path=/trunk/; revision=43536
2012-05-22SMB2: Add dissection of the encrypted SMB2 headersRonnie Sahlberg1-0/+9
From Matthieu Patou <mat@matws.net> svn path=/trunk/; revision=42768
2010-10-29Use value_string_ext fcns to access certain value_string arrays.Bill Meier1-3/+3
svn path=/trunk/; revision=34692
2008-02-14fixup SMB2 header and decode async commands correctlyRonnie Sahlberg1-8/+9
svn path=/trunk/; revision=24321
2007-05-22Trivial warning fixes:Jörg Mayer1-1/+1
opcua: warning: function declaration isn't a prototype rest: comma at end of enumerator svn path=/trunk/; revision=21885
2007-05-15add dissection of the end_of_chain bit in the header flagsRonnie Sahlberg1-0/+1
svn path=/trunk/; revision=21794
2007-05-15from metzeRonnie Sahlberg1-1/+8
patch to find and enhancement of extra_info handling svn path=/trunk/; revision=21793
2007-05-07add dissection of smb1 ioctl data by tying it into the dissectors for Ronnie Sahlberg1-0/+1
ioctl data that already exists for smb2 svn path=/trunk/; revision=21713
2007-05-07change the smb2 ioctl function to take a pointer to a uint32 (ioctl Ronnie Sahlberg1-1/+1
function code) instead of a structure extend the nt trans structure to contain a ioctl function code for smb1 svn path=/trunk/; revision=21712
2007-05-07remove the ioctl function and table from the smb dissector and just use Ronnie Sahlberg1-0/+1
the one in smb2 instead since the smb2 one is more developed. svn path=/trunk/; revision=21711
2006-06-20Change ETH_VAR_IMPORT to WS_VAR_IMPORT. Try to fix a duplicate variableGerald Combs1-1/+1
definition in the Catapult DCT2000 code. svn path=/trunk/; revision=18524
2006-05-21change a whole bunch of ethereal into wiresharkRonnie Sahlberg1-3/+3
svn path=/trunk/; revision=18196
2006-04-05from metzeRonnie Sahlberg1-1/+1
dissect smb2 break responses used by a server to break an oplock these unsolicited responses are sent with a commandseqnum of -1 so mark these in the header as unsolicited as well svn path=/trunk/; revision=17820
2006-02-07smb2 signingRonnie Sahlberg1-0/+1
add dissection of the "Signature present" bit and the 16 byte signature field in the header svn path=/trunk/; revision=17206
2006-02-07handmerged patch from metze it conflicted with recent P bit patch i checked inRonnie Sahlberg1-2/+3
svn path=/trunk/; revision=17202
2006-02-07add dissection of the P (PID Valid) bit in the headerRonnie Sahlberg1-0/+1
If the P bit is NOT set, then flag the PID field as "(not valid)" Sicne the TID might be undefined/0 in the response to a "pending" read we cant use that solely to determine if a read was for a named/pipe (==dcerpc) Assume that only NamedPipe reads can be STATUS_PENDING and thus have the P bit set and assume it IS dcerpc if the P bit is set. svn path=/trunk/; revision=17197
2005-12-24from metzeRonnie Sahlberg1-11/+4
update to tid and uid tracking svn path=/trunk/; revision=16893
2005-12-07tap the ntlmssp protocol and extract the account/domain names when users ↵Ronnie Sahlberg1-0/+10
authenticate. If known put the account name, domain name, host name and which frame the suer authenticated in in an expansion below UID in the SMB2 header svn path=/trunk/; revision=16723
2005-12-05updates for FILE_OBJECTID_BUFFER and have smb call this (no more unknown ↵Ronnie Sahlberg1-0/+3
bytes in smb for objectid) svn path=/trunk/; revision=16682
2005-12-01move the ioctl function code to the si structure so we can switch on this ↵Ronnie Sahlberg1-0/+1
later in the ioctl_data dissector svn path=/trunk/; revision=16634
2005-11-12add initial decode of dcerpc over smb2Ronnie Sahlberg1-1/+11
it does not yet multiplex between different files but it is better than nothing svn path=/trunk/; revision=16484
2005-11-12in order to handle dcerpc over smb2 later and to make the heuristics ↵Ronnie Sahlberg1-1/+13
stronger for determining what might and what might not be a pipe add TID tracking. for all TreeConnect requests/resposnes seen, store the name->tid mapping and other metadata. as a freebee the disswection of the tid in the ehader is aware of this table so when a tid value is dissected in the header and we known the name for this tid then put it in an expansion below the tid. svn path=/trunk/; revision=16483
2005-11-12start separating things out into structuresRonnie Sahlberg1-3/+25
we can regenerate from the header we need to remember between request/response we need on a per conersation bases to reduce the amount of data we store in the per req/resp pair since there will be many of them and we want that struct as small as possible. svn path=/trunk/; revision=16482
2005-11-12Propset svn:...Jörg Mayer1-1/+1
svn path=/trunk/; revision=16478
2005-11-11break out some structures into packet-smb2.h so we can start tapping in laterRonnie Sahlberg1-0/+50
we will do service-response-time statistics before other inferior products have even noticed a new protocol is in town. svn path=/trunk/; revision=16463
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-29 14:47:06 +0000