From 21f9f7ec4846e09506e06f5d3c093007332070e2 Mon Sep 17 00:00:00 2001
From: Richard Sharpe <sharpe@ns.aus.com>
Date: Mon, 9 Jun 2003 03:01:02 +0000
Subject: Dissect the 12-byte reserved field as a 2-byte PID high, 8-byte sig,
 and 2-byte reserved field.

svn path=/trunk/; revision=7812
---
 packet-smb.c | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

(limited to 'packet-smb.c')

diff --git a/packet-smb.c b/packet-smb.c
index b4af00291f..da7042cf28 100644
--- a/packet-smb.c
+++ b/packet-smb.c
@@ -3,7 +3,7 @@
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  * 2001  Rewrite by Ronnie Sahlberg and Guy Harris
  *
- * $Id: packet-smb.c,v 1.349 2003/06/09 00:02:13 guy Exp $
+ * $Id: packet-smb.c,v 1.350 2003/06/09 03:01:02 sharpe Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -100,6 +100,8 @@ static int hf_smb_pid = -1;
 static int hf_smb_tid = -1;
 static int hf_smb_uid = -1;
 static int hf_smb_mid = -1;
+static int hf_smb_pid_high = -1;
+static int hf_smb_sig = -1;
 static int hf_smb_response_to = -1;
 static int hf_smb_time = -1;
 static int hf_smb_response_in = -1;
@@ -16258,9 +16260,20 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 		/*
 		 * 12 reserved bytes.
 		 * XXX - high part of pid?
+                 * According to http://ubiqx.org/cifs/SMB.html#SMB.4.2.1
+                 * and http://ubiqx.org/cifs/SMB.html#SMB.5.5.1 these are
+                 * a two byte pid-high, and an 8-byte signature ...
 		 */
-		proto_tree_add_item(htree, hf_smb_reserved, tvb, offset, 12, TRUE);
-		offset += 12;
+
+                proto_tree_add_uint(htree, hf_smb_pid_high, tvb, offset, 2, si->tid);
+                offset +=2;
+
+		proto_tree_add_item(htree, hf_smb_sig, tvb, offset, 8, TRUE);                
+
+                offset +=8;
+
+		proto_tree_add_item(htree, hf_smb_reserved, tvb, offset, 2, TRUE);
+		offset += 2;
 	}
 
 	/* TID */
@@ -16385,7 +16398,9 @@ proto_register_smb(void)
 	{ &hf_smb_reserved,
 		{ "Reserved", "smb.reserved", FT_BYTES, BASE_HEX,
 		NULL, 0, "Reserved bytes, must be zero", HFILL }},
-
+        { &hf_smb_sig,
+                { "Signature", "smb.signature", FT_BYTES, BASE_HEX,
+                  NULL, 0, "Signature bytes", HFILL }},
 	{ &hf_smb_key,
 		{ "Key", "smb.key", FT_UINT32, BASE_HEX,
 		NULL, 0, "SMB-over-IPX Key", HFILL }},
@@ -16406,6 +16421,10 @@ proto_register_smb(void)
 		{ "Process ID", "smb.pid", FT_UINT16, BASE_DEC,
 		NULL, 0, "Process ID", HFILL }},
 
+	{ &hf_smb_pid_high,
+		{ "Process ID High", "smb.pid.high", FT_UINT16, BASE_DEC,
+		NULL, 0, "Process ID High Bytes", HFILL }},
+
 	{ &hf_smb_tid,
 		{ "Tree ID", "smb.tid", FT_UINT16, BASE_DEC,
 		NULL, 0, "Tree ID", HFILL }},
-- 
cgit v1.2.3