diff options
author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2003-01-22 00:40:36 +0000 |
---|---|---|
committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2003-01-22 00:40:36 +0000 |
commit | 48d3d8eb269941e1c8a19ac22fbeb6e251d304fd (patch) | |
tree | b5836fd3930ce7c2b2217af375638dda3dc33a89 | |
parent | 4c50ff909d156ecc024cff1e1c519f7e169faefc (diff) |
SMB RTT statistics for tethereal and ethereal.
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
-rw-r--r-- | Makefile.am | 5 | ||||
-rw-r--r-- | Makefile.nmake | 5 | ||||
-rw-r--r-- | doc/ethereal.pod.template | 36 | ||||
-rw-r--r-- | doc/tethereal.pod.template | 21 | ||||
-rw-r--r-- | gtk/Makefile.am | 6 | ||||
-rw-r--r-- | gtk/Makefile.nmake | 5 | ||||
-rw-r--r-- | gtk/menu.c | 7 | ||||
-rw-r--r-- | packet-smb.c | 168 | ||||
-rw-r--r-- | smb.h | 17 |
9 files changed, 174 insertions, 96 deletions
diff --git a/Makefile.am b/Makefile.am index b1336306f2..47404e3965 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for Ethereal # -# $Id: Makefile.am,v 1.542 2003/01/22 00:08:08 jmayer Exp $ +# $Id: Makefile.am,v 1.543 2003/01/22 00:40:30 sahlberg Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs <gerald@ethereal.com> @@ -817,7 +817,8 @@ TETHEREAL_TAP_SRC = \ tap-protocolinfo.c \ tap-protohierstat.c \ tap-rpcstat.c \ - tap-rpcprogs.c + tap-rpcprogs.c \ + tap-smbstat.c tethereal_SOURCES = \ $(DISSECTOR_SRC) \ diff --git a/Makefile.nmake b/Makefile.nmake index f8dc2d8397..91ce4e728f 100644 --- a/Makefile.nmake +++ b/Makefile.nmake @@ -1,7 +1,7 @@ ## Makefile for building ethereal.exe with Microsoft C and nmake ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake # -# $Id: Makefile.nmake,v 1.271 2003/01/19 21:29:08 guy Exp $ +# $Id: Makefile.nmake,v 1.272 2003/01/22 00:40:30 sahlberg Exp $ include config.nmake include <win32.mak> @@ -350,7 +350,8 @@ TETHEREAL_TAP_SRC = \ tap-protocolinfo.c \ tap-protohierstat.c \ tap-rpcstat.c \ - tap-rpcprogs.c + tap-rpcprogs.c \ + tap-smbstat.c TETHEREAL_TAP_OBJECTS = $(TETHEREAL_TAP_SRC:.c=.obj) diff --git a/doc/ethereal.pod.template b/doc/ethereal.pod.template index f9dd5edc08..128f1342ce 100644 --- a/doc/ethereal.pod.template +++ b/doc/ethereal.pod.template @@ -323,6 +323,28 @@ Collect call/reply RTT data for all known ONC-RPC programs/versions. Data collected is number of calls for each protocol/version, MinRTT, MaxRTT and AvgRTT. +B<-z> smb,rtt[,I<filter>] + +Collect call/reply RTT data for SMB. Data collected +is number of calls for each SMB command, MinRTT, MaxRTT and AvgRTT. +Example: use B<-z smb,rtt>. + +The data will be presented as separate tables for all normal SMB commands, +all Transaction2 commands and all NT Transaction commands. +Only those commands that are seen in the capture will have its stats +displayed. +Only the first command in a xAndX command chain will be used in the +calculation. So for common SessionSetupAndX + TreeConnectAndX chains, +only the SessionSetupAndX call will be used in the statistics. +This is a flaw that might be fixed in the future. + +This option can be used multiple times on the command line. + +If the optional filterstring is provided, the stats will only be calculated +on those calls that match that filter. +Example: use B<-z "smb,rtt,ip.addr==1.2.3.4"> to only collect stats for +SMB packets echanged by the host at IP address 1.2.3.4 . + =back =head1 INTERFACE @@ -685,6 +707,20 @@ Display how the average packetsize from host a.b.c.d changes over time. Set first graph to filter:ip.addr==a.b.c.d&&frame.pkt_len Calc:AVG frame.pkt_len +=item Tools:Statistics:SMB:RTT + +Collect call/reply RTT data for SMB. Data collected +is number of calls for each SMB command, MinRTT, MaxRTT and AvgRTT. + +The data will be presented as separate tables for all normal SMB commands, +all Transaction2 commands and all NT Transaction commands. +Only those commands that are seen in the capture will have its stats +displayed. +Only the first command in a xAndX command chain will be used in the +calculation. So for common SessionSetupAndX + TreeConnectAndX chains, +only the SessionSetupAndX call will be used in the statistics. +This is a flaw that might be fixed in the future. + =head2 WINDOWS diff --git a/doc/tethereal.pod.template b/doc/tethereal.pod.template index b78a0a7763..eda93748ec 100644 --- a/doc/tethereal.pod.template +++ b/doc/tethereal.pod.template @@ -405,6 +405,27 @@ Data collected is number of calls for each protocol/version, MinRTT, MaxRTT and AvgRTT. This option can only be used once on the command line. +B<-z> smb,rtt[,I<filter>] + +Collect call/reply RTT data for SMB. Data collected +is number of calls for each SMB command, MinRTT, MaxRTT and AvgRTT. +Example: use B<-z smb,rtt>. +The data will be presented as separate tables for all normal SMB commands, +all Transaction2 commands and all NT Transaction commands. +Only those commands that are seen in the capture will have its stats +displayed. +Only the first command in a xAndX command chain will be used in the +calculation. So for common SessionSetupAndX + TreeConnectAndX chains, +only the SessionSetupAndX call will be used in the statistics. +This is a flaw that might be fixed in the future. + +This option can be used multiple times on the command line. + +If the optional filterstring is provided, the stats will only be calculated +on those calls that match that filter. +Example: use B<-z "smb,rtt,ip.addr==1.2.3.4"> to only collect stats for +SMB packets echanged by the host at IP address 1.2.3.4 . + =back diff --git a/gtk/Makefile.am b/gtk/Makefile.am index 7b51c44cde..82f2116536 100644 --- a/gtk/Makefile.am +++ b/gtk/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for the GTK interface routines for Ethereal # -# $Id: Makefile.am,v 1.52 2003/01/08 02:00:51 guy Exp $ +# $Id: Makefile.am,v 1.53 2003/01/22 00:40:36 sahlberg Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs <gerald@ethereal.com> @@ -35,7 +35,9 @@ ETHEREAL_TAP_SRC = \ rpc_stat.c \ rpc_stat.h \ rpc_progs.c \ - rpc_progs.h + rpc_progs.h \ + smb_stat.c \ + smb_stat.h ethereal-tap-register.c: $(ETHEREAL_TAP_SRC) $(top_srcdir)/make-tapreg-dotc @echo Making ethereal-tap-register.c diff --git a/gtk/Makefile.nmake b/gtk/Makefile.nmake index 0bb714241c..8c2402e4ca 100644 --- a/gtk/Makefile.nmake +++ b/gtk/Makefile.nmake @@ -1,7 +1,7 @@ ## Makefile for building ethereal.exe with Microsoft C and nmake ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake # -# $Id: Makefile.nmake,v 1.38 2003/01/08 01:59:41 guy Exp $ +# $Id: Makefile.nmake,v 1.39 2003/01/22 00:40:36 sahlberg Exp $ include ..\config.nmake @@ -25,7 +25,8 @@ ETHEREAL_TAP_SRC = \ dcerpc_stat.c \ io_stat.c \ rpc_stat.c \ - rpc_progs.c + rpc_progs.c \ + smb_stat.c ETHEREAL_TAP_OBJECTS = $(ETHEREAL_TAP_SRC:.c=.obj) diff --git a/gtk/menu.c b/gtk/menu.c index 42edf0ad4f..d7df085c2f 100644 --- a/gtk/menu.c +++ b/gtk/menu.c @@ -1,7 +1,7 @@ /* menu.c * Menu routines * - * $Id: menu.c,v 1.82 2003/01/08 23:33:38 oabad Exp $ + * $Id: menu.c,v 1.83 2003/01/22 00:40:36 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -61,6 +61,7 @@ #include "rpc_stat.h" #include "rpc_progs.h" #include "dcerpc_stat.h" +#include "smb_stat.h" #include "compat_macros.h" #include "gtkglobals.h" @@ -248,6 +249,10 @@ static GtkItemFactoryEntry menu_items[] = NULL), ITEM_FACTORY_ENTRY("/Tools/Statistics/IO/IO-Stat", NULL, gtk_iostat_cb, 0, NULL, NULL), + ITEM_FACTORY_ENTRY("/Tools/Statistics/SMB", NULL, NULL, 0, "<Branch>", + NULL), + ITEM_FACTORY_ENTRY("/Tools/Statistics/SMB/RTT", NULL, gtk_smbstat_cb, + 0, NULL, NULL), ITEM_FACTORY_ENTRY("/_Help", NULL, NULL, 0, "<LastBranch>", NULL), ITEM_FACTORY_STOCK_ENTRY("/Help/_Help", NULL, help_cb, 0, GTK_STOCK_HELP), ITEM_FACTORY_ENTRY("/Help/<separator>", NULL, NULL, 0, "<Separator>", NULL), diff --git a/packet-smb.c b/packet-smb.c index 918e53a4f3..08333c28b8 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -3,7 +3,7 @@ * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * 2001 Rewrite by Ronnie Sahlberg and Guy Harris * - * $Id: packet-smb.c,v 1.302 2002/12/31 04:24:18 sharpe Exp $ + * $Id: packet-smb.c,v 1.303 2003/01/22 00:40:30 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -43,6 +43,7 @@ #include <epan/strutil.h> #include "prefs.h" #include "reassemble.h" +#include "tap.h" #include "packet-smb-common.h" #include "packet-smb-mailslot.h" @@ -663,6 +664,9 @@ static gint ett_smb_sec_desc_type = -1; static gint ett_smb_quotaflags = -1; static gint ett_smb_secblob = -1; + +static int smb_tap = -1; + static dissector_handle_t gssapi_handle = NULL; static dissector_handle_t ntlmssp_handle = NULL; @@ -912,27 +916,9 @@ smb_saved_info_hash_matched(gconstpointer k) return key->frame + key->pid_mid; } -/* - * The information we need to save about an NT Transaction request in order - * to dissect the reply. - */ -typedef struct { - int subcmd; -} smb_nt_transact_info_t; - static GMemChunk *smb_nt_transact_info_chunk = NULL; static int smb_nt_transact_info_init_count = 200; -/* - * The information we need to save about a Transaction2 request in order - * to dissect the reply. - */ -typedef struct { - int subcmd; - int info_level; - gboolean resume_keys; /* if "return resume" keys set in T2 FIND_FIRST request */ -} smb_transact2_info_t; - static GMemChunk *smb_transact2_info_chunk = NULL; static int smb_transact2_info_init_count = 200; @@ -6311,7 +6297,7 @@ dissect_tree_connect_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree #define NT_TRANS_QSD 6 #define NT_TRANS_GET_USER_QUOTA 7 #define NT_TRANS_SET_USER_QUOTA 8 -static const value_string nt_cmd_vals[] = { +const value_string nt_cmd_vals[] = { {NT_TRANS_CREATE, "NT CREATE"}, {NT_TRANS_IOCTL, "NT IOCTL"}, {NT_TRANS_SSD, "NT SET SECURITY DESC"}, @@ -9136,7 +9122,7 @@ dissect_nt_cancel_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tre XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX */ -static const value_string trans2_cmd_vals[] = { +const value_string trans2_cmd_vals[] = { { 0x00, "OPEN2" }, { 0x01, "FIND_FIRST2" }, { 0x02, "FIND_NEXT2" }, @@ -13625,7 +13611,7 @@ dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *s * 1, contain all entries 0x00 to 0xff * 2, all entries must be in order. */ -static const value_string smb_cmd_vals[] = { +const value_string smb_cmd_vals[] = { { 0x00, "Create Directory" }, { 0x01, "Delete Directory" }, { 0x02, "Open" }, @@ -15266,7 +15252,9 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) proto_tree *tree = NULL, *htree = NULL; guint8 flags; guint16 flags2; - smb_info_t si; + static smb_info_t si_arr[20]; + static int si_counter=0; + smb_info_t *si; smb_saved_info_t *sip = NULL; smb_saved_info_key_t key; smb_saved_info_key_t *new_key; @@ -15277,6 +15265,12 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) conversation_t *conversation; nstime_t ns; + si_counter++; + if(si_counter==20){ + si_counter=0; + } + si=&si_arr[si_counter]; + top_tree=parent_tree; /* must check that this really is a smb packet */ @@ -15299,22 +15293,22 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) /* start off using the local variable, we will allocate a new one if we need to*/ - si.cmd = tvb_get_guint8(tvb, offset+4); + si->cmd = tvb_get_guint8(tvb, offset+4); flags = tvb_get_guint8(tvb, offset+9); - si.request = !(flags&SMB_FLAGS_DIRN); + si->request = !(flags&SMB_FLAGS_DIRN); flags2 = tvb_get_letohs(tvb, offset+10); if(flags2 & 0x8000){ - si.unicode = TRUE; /* Mark them as Unicode */ + si->unicode = TRUE; /* Mark them as Unicode */ } else { - si.unicode = FALSE; + si->unicode = FALSE; } - si.tid = tvb_get_letohs(tvb, offset+24); - si.pid = tvb_get_letohs(tvb, offset+26); - si.uid = tvb_get_letohs(tvb, offset+28); - si.mid = tvb_get_letohs(tvb, offset+30); - pid_mid = (si.pid << 16) | si.mid; - si.info_level = -1; - si.info_count = -1; + si->tid = tvb_get_letohs(tvb, offset+24); + si->pid = tvb_get_letohs(tvb, offset+26); + si->uid = tvb_get_letohs(tvb, offset+28); + si->mid = tvb_get_letohs(tvb, offset+30); + pid_mid = (si->pid << 16) | si->mid; + si->info_level = -1; + si->info_count = -1; if (parent_tree) { item = proto_tree_add_item(parent_tree, proto_smb, tvb, offset, @@ -15340,37 +15334,37 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) pinfo->ptype, pinfo->srcport, pinfo->destport, 0); } /* see if we already have the smb data for this conversation */ - si.ct=conversation_get_proto_data(conversation, proto_smb); - if(!si.ct){ + si->ct=conversation_get_proto_data(conversation, proto_smb); + if(!si->ct){ /* No, not yet. create it and attach it to the conversation */ - si.ct = g_mem_chunk_alloc(conv_tables_chunk); - conv_tables = g_slist_prepend(conv_tables, si.ct); - si.ct->matched= g_hash_table_new(smb_saved_info_hash_matched, + si->ct = g_mem_chunk_alloc(conv_tables_chunk); + conv_tables = g_slist_prepend(conv_tables, si->ct); + si->ct->matched= g_hash_table_new(smb_saved_info_hash_matched, smb_saved_info_equal_matched); - si.ct->unmatched= g_hash_table_new(smb_saved_info_hash_unmatched, + si->ct->unmatched= g_hash_table_new(smb_saved_info_hash_unmatched, smb_saved_info_equal_unmatched); - si.ct->dcerpc_fid_to_frame=g_hash_table_new( + si->ct->dcerpc_fid_to_frame=g_hash_table_new( smb_saved_info_hash_unmatched, smb_saved_info_equal_unmatched); - si.ct->tid_service=g_hash_table_new( + si->ct->tid_service=g_hash_table_new( smb_saved_info_hash_unmatched, smb_saved_info_equal_unmatched); - conversation_add_proto_data(conversation, proto_smb, si.ct); + conversation_add_proto_data(conversation, proto_smb, si->ct); } - if( (si.request) - && (si.mid==0) - && (si.uid==0) - && (si.pid==0) - && (si.tid==0) ){ + if( (si->request) + && (si->mid==0) + && (si->uid==0) + && (si->pid==0) + && (si->tid==0) ){ /* this is a broadcast SMB packet, there will not be a reply. We dont need to do anything */ - si.unidir = TRUE; - } else if( (si.cmd==SMB_COM_NT_CANCEL) /* NT Cancel */ - ||(si.cmd==SMB_COM_TRANSACTION_SECONDARY) /* Transaction Secondary */ - ||(si.cmd==SMB_COM_TRANSACTION2_SECONDARY) /* Transaction2 Secondary */ - ||(si.cmd==SMB_COM_NT_TRANSACT_SECONDARY)){ /* NT Transaction Secondary */ + si->unidir = TRUE; + } else if( (si->cmd==SMB_COM_NT_CANCEL) /* NT Cancel */ + ||(si->cmd==SMB_COM_TRANSACTION_SECONDARY) /* Transaction Secondary */ + ||(si->cmd==SMB_COM_TRANSACTION2_SECONDARY) /* Transaction2 Secondary */ + ||(si->cmd==SMB_COM_NT_TRANSACT_SECONDARY)){ /* NT Transaction Secondary */ /* Ok, we got a special request type. This request is either an NT Cancel or a continuation relative to a real request in an earlier packet. In either case, we don't expect any @@ -15389,7 +15383,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) in it. */ - si.unidir = TRUE; /*we dont expect an answer to this one*/ + si->unidir = TRUE; /*we dont expect an answer to this one*/ if(!pinfo->fd->flags.visited){ /* try to find which original call we match and if we @@ -15403,12 +15397,12 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) last seen MID matching ours is the right one. This can fail but is better than nothing */ - sip=g_hash_table_lookup(si.ct->unmatched, (void *)pid_mid); + sip=g_hash_table_lookup(si->ct->unmatched, (void *)pid_mid); if(sip!=NULL){ new_key = g_mem_chunk_alloc(smb_saved_info_key_chunk); new_key->frame = pinfo->fd->num; new_key->pid_mid = pid_mid; - g_hash_table_insert(si.ct->matched, new_key, + g_hash_table_insert(si->ct->matched, new_key, sip); } } else { @@ -15417,7 +15411,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) */ key.frame = pinfo->fd->num; key.pid_mid = pid_mid; - sip=g_hash_table_lookup(si.ct->matched, &key); + sip=g_hash_table_lookup(si->ct->matched, &key); if(sip==NULL){ /* We didn't find it. @@ -15430,7 +15424,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) if(sip && sip->frame_req){ - switch(si.cmd){ + switch(si->cmd){ case SMB_COM_NT_CANCEL: proto_tree_add_uint(htree, hf_smb_cancel_to, tvb, 0, 0, sip->frame_req); @@ -15443,7 +15437,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) break; } } else { - switch(si.cmd){ + switch(si->cmd){ case SMB_COM_NT_CANCEL: proto_tree_add_text(htree, tvb, 0, 0, "Cancellation to: <unknown frame>"); @@ -15457,13 +15451,13 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) } } } else { /* normal bidirectional request or response */ - si.unidir = FALSE; + si->unidir = FALSE; if(!pinfo->fd->flags.visited){ /* first see if we find an unmatched smb "equal" to the current one */ - sip=g_hash_table_lookup(si.ct->unmatched, (void *)pid_mid); + sip=g_hash_table_lookup(si->ct->unmatched, (void *)pid_mid); if(sip!=NULL){ gboolean cmd_match=FALSE; @@ -15473,26 +15467,26 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) * that's another valid type of reply * to that command. */ - if(si.cmd==sip->cmd){ + if(si->cmd==sip->cmd){ cmd_match=TRUE; } - else if(si.cmd==SMB_COM_NT_CANCEL){ + else if(si->cmd==SMB_COM_NT_CANCEL){ cmd_match=TRUE; } - else if((si.cmd==SMB_COM_TRANSACTION_SECONDARY) + else if((si->cmd==SMB_COM_TRANSACTION_SECONDARY) && (sip->cmd==SMB_COM_TRANSACTION)){ cmd_match=TRUE; } - else if((si.cmd==SMB_COM_TRANSACTION2_SECONDARY) + else if((si->cmd==SMB_COM_TRANSACTION2_SECONDARY) && (sip->cmd==SMB_COM_TRANSACTION2)){ cmd_match=TRUE; } - else if((si.cmd==SMB_COM_NT_TRANSACT_SECONDARY) + else if((si->cmd==SMB_COM_NT_TRANSACT_SECONDARY) && (sip->cmd==SMB_COM_NT_TRANSACT)){ cmd_match=TRUE; } - if( (si.request) || (!cmd_match) ) { + if( (si->request) || (!cmd_match) ) { /* If we are processing an SMB request but there was already another "identical" smb resuest we had not matched yet. This must mean that either we have a retransmission or that the @@ -15507,7 +15501,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) SMBs of different cmds but with identical MID and PID values and if ethereal lost the first reply and the second request. */ - g_hash_table_remove(si.ct->unmatched, (void *)pid_mid); + g_hash_table_remove(si->ct->unmatched, (void *)pid_mid); sip=NULL; /* XXX should free it as well */ } else { /* we have found a response to some request we have seen earlier. @@ -15520,7 +15514,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) new_key = g_mem_chunk_alloc(smb_saved_info_key_chunk); new_key->frame = sip->frame_res; new_key->pid_mid = pid_mid; - g_hash_table_insert(si.ct->matched, new_key, sip); + g_hash_table_insert(si->ct->matched, new_key, sip); } else { /* we have already seen another response to this one, but register it anyway so we see which request it matches @@ -15528,28 +15522,28 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) new_key = g_mem_chunk_alloc(smb_saved_info_key_chunk); new_key->frame = pinfo->fd->num; new_key->pid_mid = pid_mid; - g_hash_table_insert(si.ct->matched, new_key, sip); + g_hash_table_insert(si->ct->matched, new_key, sip); } } } - if(si.request){ + if(si->request){ sip = g_mem_chunk_alloc(smb_saved_info_chunk); sip->frame_req = pinfo->fd->num; sip->frame_res = 0; sip->req_time.secs=pinfo->fd->abs_secs; sip->req_time.nsecs=pinfo->fd->abs_usecs*1000; sip->flags = 0; - if(g_hash_table_lookup(si.ct->tid_service, (void *)si.tid) + if(g_hash_table_lookup(si->ct->tid_service, (void *)si->tid) == (void *)TID_IPC) { sip->flags |= SMB_SIF_TID_IS_IPC; } - sip->cmd = si.cmd; + sip->cmd = si->cmd; sip->extra_info = NULL; - g_hash_table_insert(si.ct->unmatched, (void *)pid_mid, sip); + g_hash_table_insert(si->ct->unmatched, (void *)pid_mid, sip); new_key = g_mem_chunk_alloc(smb_saved_info_key_chunk); new_key->frame = sip->frame_req; new_key->pid_mid = pid_mid; - g_hash_table_insert(si.ct->matched, new_key, sip); + g_hash_table_insert(si->ct->matched, new_key, sip); } } else { /* we have seen this packet before; check the @@ -15562,14 +15556,14 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) */ key.frame = pinfo->fd->num; key.pid_mid = pid_mid; - sip=g_hash_table_lookup(si.ct->matched, &key); + sip=g_hash_table_lookup(si->ct->matched, &key); } } /* * Pass the "sip" on to subdissectors through "si". */ - si.sip = sip; + si->sip = sip; if (sip != NULL) { /* @@ -15577,7 +15571,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) * this is a response or the frame with the response to this * frame - if we know the frame number (i.e., it's not 0). */ - if(si.request){ + if(si->request){ if (sip->frame_res != 0) proto_tree_add_uint(htree, hf_smb_response_in, tvb, 0, 0, sip->frame_res); } else { @@ -15596,7 +15590,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) } /* smb command */ - proto_tree_add_uint_format(htree, hf_smb_cmd, tvb, offset, 1, si.cmd, "SMB Command: %s (0x%02x)", decode_smb_name(si.cmd), si.cmd); + proto_tree_add_uint_format(htree, hf_smb_cmd, tvb, offset, 1, si->cmd, "SMB Command: %s (0x%02x)", decode_smb_name(si->cmd), si->cmd); offset += 1; if(flags2 & 0x4000){ @@ -15671,26 +15665,26 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) offset += 12; /* TID */ - proto_tree_add_uint(htree, hf_smb_tid, tvb, offset, 2, si.tid); + proto_tree_add_uint(htree, hf_smb_tid, tvb, offset, 2, si->tid); offset += 2; /* PID */ - proto_tree_add_uint(htree, hf_smb_pid, tvb, offset, 2, si.pid); + proto_tree_add_uint(htree, hf_smb_pid, tvb, offset, 2, si->pid); offset += 2; /* UID */ - proto_tree_add_uint(htree, hf_smb_uid, tvb, offset, 2, si.uid); + proto_tree_add_uint(htree, hf_smb_uid, tvb, offset, 2, si->uid); offset += 2; /* MID */ - proto_tree_add_uint(htree, hf_smb_mid, tvb, offset, 2, si.mid); + proto_tree_add_uint(htree, hf_smb_mid, tvb, offset, 2, si->mid); offset += 2; - pinfo->private_data = &si; - dissect_smb_command(tvb, pinfo, offset, tree, si.cmd, TRUE); + pinfo->private_data = si; + dissect_smb_command(tvb, pinfo, offset, tree, si->cmd, TRUE); /* Append error info from this packet to info string. */ - if (!si.request && check_col(pinfo->cinfo, COL_INFO)) { + if (!si->request && check_col(pinfo->cinfo, COL_INFO)) { if (flags2 & 0x4000) { /* * The status is an NT status code; was there @@ -15721,6 +15715,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) } } + tap_queue_packet(smb_tap, pinfo, si); return TRUE; } @@ -17832,6 +17827,7 @@ proto_register_smb(void) &smb_dcerpc_reassembly); register_init_routine(smb_trans_reassembly_init); register_init_routine(smb_dcerpc_reassembly_init); + smb_tap = register_tap("smb"); } void @@ -2,7 +2,7 @@ * Defines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: smb.h,v 1.47 2002/08/31 05:31:42 sharpe Exp $ + * $Id: smb.h,v 1.48 2003/01/22 00:40:31 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -27,6 +27,9 @@ #define _SMB_H /* SMB command codes, from the SNIA CIFS spec. */ +extern const value_string smb_cmd_vals[]; +extern const value_string trans2_cmd_vals[]; +extern const value_string nt_cmd_vals[]; #define SMB_COM_CREATE_DIRECTORY 0x00 #define SMB_COM_DELETE_DIRECTORY 0x01 @@ -223,6 +226,18 @@ #define SMBE_sharebufexc 36 /* A sharing buffer has been exceeded */ #define SMBE_diskfull 39 +/* the information we need to keep around for NT transatcion commands */ +typedef struct { + int subcmd; +} smb_nt_transact_info_t; + +/* the information we need to keep around for transaction2 commands */ +typedef struct { + int subcmd; + int info_level; + gboolean resume_keys; /* if "return resume" keys set in T2 FIND_FIRST request */ +} smb_transact2_info_t; + /* * The information we need to save about a request in order to show the * frame number of the request in the dissection of the reply. |