diff options
| author | Uri Simchoni <urisimchoni@gmail.com> | 2016-09-01 23:52:33 +0300 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2016-09-02 06:05:09 +0000 |
| commit | 416bd9a108cef32c870d1731efb82cfffa0760b8 (patch) | |
| tree | 68026fac526091460a112c374f506a29030a29f2 | |
| parent | 1ba3426f1840bd44765118671648414ff2c50c88 (diff) | |
smb: parse user quota change time
In SMB user quota records, parse unknown 8-byte field
as quota record's last change time
(source - [MS-FSCC] 2.4.33)
Change-Id: I1f2839934fc0ab8e3d38105e02ef91a547256a70
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-smb.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index e64fec5ee9..561df79dd7 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -684,6 +684,7 @@ static int hf_smb_quota_flags_log_warning = -1; static int hf_smb_soft_quota_limit = -1; static int hf_smb_hard_quota_limit = -1; static int hf_smb_user_quota_used = -1; +static int hf_smb_user_quota_change_time = -1; static int hf_smb_length_of_sid = -1; static int hf_smb_user_quota_offset = -1; static int hf_smb_nt_rename_level = -1; @@ -8276,11 +8277,10 @@ dissect_nt_user_quota(tvbuff_t *tvb, proto_tree *tree, int offset, guint16 *bcp) proto_tree_add_item(tree, hf_smb_length_of_sid, tvb, offset, 4, ENC_LITTLE_ENDIAN); COUNT_BYTES_TRANS_SUBR(4); - /* 16 unknown bytes */ + /* change time */ CHECK_BYTE_COUNT_TRANS_SUBR(8); - proto_tree_add_item(tree, hf_smb_unknown, tvb, - offset, 8, ENC_NA); - COUNT_BYTES_TRANS_SUBR(8); + offset = dissect_nt_64bit_time(tvb, tree, offset, + hf_smb_user_quota_change_time); /* number of bytes for used quota */ CHECK_BYTE_COUNT_TRANS_SUBR(8); @@ -19959,6 +19959,10 @@ proto_register_smb(void) { "Read Only Volume", "smb.fs_attr.rov", FT_BOOLEAN, 32, TFS(&tfs_fs_attr_rov), 0x00080000, "Is this FS on a read only volume?", HFILL }}, + { &hf_smb_user_quota_change_time, + { "Change Time", "smb.quota.user.change_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, + NULL, 0x0, "The last time the quota was changed", HFILL }}, + { &hf_smb_length_of_sid, { "Length of SID", "smb.length_of_sid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |