Dissect the rest of the named pipe protocol. Export from "packet-smb.c"

routines used for that. Rename some named pipe functions as per the SNIA CIFS spec. Label the "number of files moved" field of the reply to a Move SMB as such, rather than as an unspecified "Count". svn path=/trunk/; revision=4229
author: Guy Harris <guy@alum.mit.edu> 2001-11-20 07:47:42 +0000
committer: Guy Harris <guy@alum.mit.edu> 2001-11-20 07:47:42 +0000
commit: f7496cc67414b6e63571210fd82dc4fd9fd7cef4 (patch)
tree: b48298bf69c26818cad94b1fb2f30d2ed57057d5
parent: 7cd2bc5659d76ce8975105b2924a6c2ca06cc9ad (diff)
3 files changed, 197 insertions, 42 deletions
diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c
index d098299b6d..33a57b9981 100644
--- a/packet-smb-pipe.c
+++ b/packet-smb-pipe.c
@@ -8,7 +8,7 @@ XXX  Fixme : shouldnt show [malformed frame] for long packets
  * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
  * Guy Harris 2001
  *
- * $Id: packet-smb-pipe.c,v 1.49 2001/11/20 06:24:19 guy Exp $
+ * $Id: packet-smb-pipe.c,v 1.50 2001/11/20 07:47:41 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -59,6 +59,17 @@ XXX  Fixme : shouldnt show [malformed frame] for long packets
 static int proto_smb_pipe = -1;
 static int hf_pipe_function = -1;
 static int hf_pipe_priority = -1;
+static int hf_pipe_peek_available = -1;
+static int hf_pipe_peek_remaining = -1;
+static int hf_pipe_peek_status = -1;
+static int hf_pipe_getinfo_info_level = -1;
+static int hf_pipe_getinfo_output_buffer_size = -1;
+static int hf_pipe_getinfo_input_buffer_size = -1;
+static int hf_pipe_getinfo_maximum_instances = -1;
+static int hf_pipe_getinfo_current_instances = -1;
+static int hf_pipe_getinfo_pipe_name_length = -1;
+static int hf_pipe_getinfo_pipe_name = -1;
+static int hf_pipe_write_raw_bytes_written = -1;
 
 static gint ett_smb_pipe = -1;
 
@@ -2544,9 +2555,9 @@ proto_register_pipe_msrpc(void)
 	register_heur_dissector_list("msrpc", &msrpc_heur_subdissector_list);
 }
 
-#define CALL_NM_PIPE		0x54
-#define WAIT_NM_PIPE		0x53
-#define PEEK_NM_PIPE		0x23
+#define CALL_NAMED_PIPE		0x54
+#define WAIT_NAMED_PIPE		0x53
+#define PEEK_NAMED_PIPE		0x23
 #define Q_NM_P_HAND_STATE	0x21
 #define SET_NM_P_HAND_STATE	0x01
 #define Q_NM_PIPE_INFO		0x22
@@ -2555,9 +2566,9 @@ proto_register_pipe_msrpc(void)
 #define RAW_WRITE_NM_PIPE	0x31
 
 static const value_string functions[] = {
-	{CALL_NM_PIPE,		"CallNmPipe"},
-	{WAIT_NM_PIPE,		"WaitNmPipe"},
-	{PEEK_NM_PIPE,		"PeekNmPipe"},
+	{CALL_NAMED_PIPE,	"CallNamedPipe"},
+	{WAIT_NAMED_PIPE,	"WaitNamedPipe"},
+	{PEEK_NAMED_PIPE,	"PeekNamedPipe"},
 	{Q_NM_P_HAND_STATE,	"QNmPHandState"},
 	{SET_NM_P_HAND_STATE,	"SetNmPHandState"},
 	{Q_NM_PIPE_INFO,	"QNmPipeInfo"},
@@ -2567,8 +2578,17 @@ static const value_string functions[] = {
 	{0,			NULL}
 };
 
+static const value_string pipe_status[] = {
+	{1,	"Disconnected by server"},
+	{2,	"Listening"},
+	{3,	"Connection to server is OK"},
+	{4,	"Server end of pipe is closed"},
+	{0,	NULL}
+};
+
 #define PIPE_LANMAN     1
 #define PIPE_MSRPC      2
+
 /* decode the SMB pipe protocol
    for requests
     pipe is the name of the pipe, e.g. LANMAN
@@ -2590,6 +2610,7 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
 	int function;
 	int fid = -1;
 	int len;
+	guint16 info_level;
 
 	if (!proto_is_protocol_enabled(proto_smb_pipe))
 		return FALSE;
@@ -2650,8 +2671,8 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
 		 */
 		switch (function) {
 
-		case CALL_NM_PIPE:
-		case WAIT_NM_PIPE:
+		case CALL_NAMED_PIPE:
+		case WAIT_NAMED_PIPE:
 			/*
 			 * It's a priority.
 			 */
@@ -2659,7 +2680,7 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
 			    offset, 2, TRUE);
 			break;
 
-		case PEEK_NM_PIPE:
+		case PEEK_NAMED_PIPE:
 		case Q_NM_P_HAND_STATE:
 		case SET_NM_P_HAND_STATE:
 		case Q_NM_PIPE_INFO:
@@ -2735,7 +2756,7 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
 
 	switch (function) {
 
-	case CALL_NM_PIPE:
+	case CALL_NAMED_PIPE:
 	case TRANSACT_NM_PIPE:
 		switch(tri->trans_subcmd){
 
@@ -2769,36 +2790,117 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
 		}
 		break;
 
-	/*
-	 * XXX - add support for these.
-	 * XXX - need to remember the request type, so that we know how
-	 * to dissect a response.
-	 */
-	case WAIT_NM_PIPE:
+	case WAIT_NAMED_PIPE:
 		break;
 
-	case PEEK_NM_PIPE:
+	case PEEK_NAMED_PIPE:
+		/*
+		 * Request contains no parameters or data.
+		 */
+		if (!smb_info->request) {
+			offset = 0;
+			proto_tree_add_item(pipe_tree, hf_pipe_peek_available,
+			    p_tvb, offset, 2, TRUE);
+			offset += 2;
+			proto_tree_add_item(pipe_tree, hf_pipe_peek_remaining,
+			    p_tvb, offset, 2, TRUE);
+			offset += 2;
+			proto_tree_add_item(pipe_tree, hf_pipe_peek_status,
+			    p_tvb, offset, 2, TRUE);
+			offset += 2;
+		}
 		break;
 
 	case Q_NM_P_HAND_STATE:
+		/*
+		 * Request contains no parameters or data.
+		 */
+		if (!smb_info->request) {
+			offset = dissect_ipc_state(p_tvb, pinfo, pipe_tree, 0,
+			    FALSE);
+		}
 		break;
 
 	case SET_NM_P_HAND_STATE:
+		/*
+		 * Response contains no parameters or data.
+		 */
+		if (smb_info->request) {
+			offset = dissect_ipc_state(p_tvb, pinfo, pipe_tree, 0,
+			    TRUE);
+		}
 		break;
 
 	case Q_NM_PIPE_INFO:
+		offset = 0;
+		if (smb_info->request) {
+			/*
+			 * Request contains an information level.
+			 */
+			info_level = tvb_get_letohs(p_tvb, offset);
+			proto_tree_add_uint(pipe_tree, hf_pipe_getinfo_info_level,
+			    p_tvb, offset, 2, info_level);
+			offset += 2;
+			tri->info_level = info_level;
+		} else {
+			guint8 pipe_namelen;
+
+			switch (tri->info_level) {
+
+			case 1:
+				proto_tree_add_item(pipe_tree,
+				    hf_pipe_getinfo_output_buffer_size,
+				    d_tvb, offset, 2, TRUE);
+				offset += 2;
+				proto_tree_add_item(pipe_tree,
+				    hf_pipe_getinfo_input_buffer_size,
+				    d_tvb, offset, 2, TRUE);
+				offset += 2;
+				proto_tree_add_item(pipe_tree,
+				    hf_pipe_getinfo_maximum_instances,
+				    d_tvb, offset, 1, TRUE);
+				offset += 1;
+				proto_tree_add_item(pipe_tree,
+				    hf_pipe_getinfo_current_instances,
+				    d_tvb, offset, 1, TRUE);
+				offset += 1;
+				pipe_namelen = tvb_get_guint8(d_tvb, offset);
+				proto_tree_add_uint(pipe_tree,
+				    hf_pipe_getinfo_pipe_name_length,
+				    d_tvb, offset, 1, pipe_namelen);
+				offset += 1;
+				/* XXX - can this be Unicode? */
+				proto_tree_add_item(pipe_tree,
+				    hf_pipe_getinfo_pipe_name,
+				    d_tvb, offset, pipe_namelen, TRUE);
+				break;
+			}
+		}
 		break;
 
 	case RAW_READ_NM_PIPE:
 		/*
-		 * XXX - just dump the raw data?
+		 * Request contains no parameters or data.
 		 */
+		if (!smb_info->request) {
+			offset = dissect_file_data(d_tvb, pinfo, pipe_tree, 0,
+			    tvb_reported_length(d_tvb),
+			    tvb_reported_length(d_tvb));
+		}
 		break;
 
 	case RAW_WRITE_NM_PIPE:
-		/*
-		 * XXX - just dump the raw data?
-		 */
+		offset = 0;
+		if (smb_info->request) {
+			offset = dissect_file_data(d_tvb, pinfo, pipe_tree,
+			    offset, tvb_reported_length(d_tvb),
+			    tvb_reported_length(d_tvb));
+		} else {
+			proto_tree_add_item(pipe_tree,
+			    hf_pipe_write_raw_bytes_written,
+			    p_tvb, offset, 2, TRUE);
+			offset += 2;
+		}
 		break;
 	}
 	return TRUE;
@@ -2814,6 +2916,39 @@ proto_register_smb_pipe(void)
 		{ &hf_pipe_priority,
 			{ "Priority", "pipe.priority", FT_UINT16, BASE_DEC,
 			NULL, 0, "SMB Pipe Priority", HFILL }},
+		{ &hf_pipe_peek_available,
+			{ "Available Bytes", "pipe.peek.available_bytes", FT_UINT16, BASE_DEC,
+			NULL, 0, "Total number of bytes available to be read from the pipe", HFILL }},
+		{ &hf_pipe_peek_remaining,
+			{ "Bytes Remaining", "pipe.peek.remaining_bytes", FT_UINT16, BASE_DEC,
+			NULL, 0, "Total number of bytes remaining in the message at the head of the pipe", HFILL }},
+		{ &hf_pipe_peek_status,
+			{ "Pipe Status", "pipe.peek.status", FT_UINT16, BASE_DEC,
+			VALS(pipe_status), 0, "Pipe status", HFILL }},
+		{ &hf_pipe_getinfo_info_level,
+			{ "Information Level", "pipe.getinfo.info_level", FT_UINT16, BASE_DEC,
+			NULL, 0, "Information level of information to return", HFILL }},
+		{ &hf_pipe_getinfo_output_buffer_size,
+			{ "Output Buffer Size", "pipe.getinfo.output_buffer_size", FT_UINT16, BASE_DEC,
+			NULL, 0, "Actual size of buffer for outgoing (server) I/O", HFILL }},
+		{ &hf_pipe_getinfo_input_buffer_size,
+			{ "Input Buffer Size", "pipe.getinfo.input_buffer_size", FT_UINT16, BASE_DEC,
+			NULL, 0, "Actual size of buffer for incoming (client) I/O", HFILL }},
+		{ &hf_pipe_getinfo_maximum_instances,
+			{ "Maximum Instances", "pipe.getinfo.maximum_instances", FT_UINT8, BASE_DEC,
+			NULL, 0, "Maximum allowed number of instances", HFILL }},
+		{ &hf_pipe_getinfo_current_instances,
+			{ "Current Instances", "pipe.getinfo.current_instances", FT_UINT8, BASE_DEC,
+			NULL, 0, "Current number of instances", HFILL }},
+		{ &hf_pipe_getinfo_pipe_name_length,
+			{ "Pipe Name Length", "pipe.getinfo.pipe_name_length", FT_UINT8, BASE_DEC,
+			NULL, 0, "Length of pipe name", HFILL }},
+		{ &hf_pipe_getinfo_pipe_name,
+			{ "Pipe Name", "pipe.getinfo.pipe_name", FT_STRING, BASE_NONE,
+			NULL, 0, "Name of pipe", HFILL }},
+		{ &hf_pipe_write_raw_bytes_written,
+			{ "Bytes Written", "pipe.write_raw.bytes_written", FT_UINT16, BASE_DEC,
+			NULL, 0, "Number of bytes written to the pipe", HFILL }},
 	};
 	static gint *ett[] = {
 		&ett_smb_pipe,
diff --git a/packet-smb.c b/packet-smb.c
index 16dfd765e3..d405cd755f 100644
--- a/packet-smb.c
+++ b/packet-smb.c
@@ -2,7 +2,7 @@
  * Routines for smb packet dissection
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  *
- * $Id: packet-smb.c,v 1.161 2001/11/20 06:24:19 guy Exp $
+ * $Id: packet-smb.c,v 1.162 2001/11/20 07:47:41 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -183,6 +183,7 @@ static int hf_smb_service = -1;
 static int hf_smb_move_flags_file = -1;
 static int hf_smb_move_flags_dir = -1;
 static int hf_smb_move_flags_verify = -1;
+static int hf_smb_move_files_moved = -1;
 static int hf_smb_count = -1;
 static int hf_smb_file_name = -1;
 static int hf_smb_open_function_open = -1;
@@ -2363,8 +2364,8 @@ dissect_move_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o
 
 	WORD_COUNT;
 
-	/* read count */
-	proto_tree_add_item(tree, hf_smb_count, tvb, offset, 2, TRUE);
+	/* # of files moved */
+	proto_tree_add_item(tree, hf_smb_move_files_moved, tvb, offset, 2, TRUE);
 	offset += 2;
 
 	BYTE_COUNT;
@@ -2791,7 +2792,7 @@ dissect_read_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i
 	return offset;
 }
 
-static int
+int
 dissect_file_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, guint16 bc, guint16 datalen)
 {
 	int tvblen;
@@ -3240,15 +3241,13 @@ dissect_write_and_close_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
 static int
 dissect_write_and_close_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
 {
-	guint16 cnt;
 	guint8 wc;
 	guint16 bc;
 
 	WORD_COUNT;
 
 	/* write count */
-	cnt = tvb_get_letohs(tvb, offset);
-	proto_tree_add_uint(tree, hf_smb_count, tvb, offset, 2, cnt);
+	proto_tree_add_item(tree, hf_smb_count, tvb, offset, 2, TRUE);
 	offset += 2;
 
 	BYTE_COUNT;
@@ -4342,8 +4341,9 @@ static const value_string ipc_state_read_mode_vals[] = {
 	{0,	NULL}
 };
 
-static int
-dissect_ipc_state(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
+int
+dissect_ipc_state(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
+    int offset, gboolean setstate)
 {
 	guint16 mask;
 	proto_item *item = NULL;
@@ -4359,14 +4359,18 @@ dissect_ipc_state(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, in
 
 	proto_tree_add_boolean(tree, hf_smb_ipc_state_nonblocking,
 		tvb, offset, 2, mask);
-	proto_tree_add_uint(tree, hf_smb_ipc_state_endpoint,
-		tvb, offset, 2, mask);
-	proto_tree_add_uint(tree, hf_smb_ipc_state_pipe_type,
-		tvb, offset, 2, mask);
+	if (!setstate) {
+		proto_tree_add_uint(tree, hf_smb_ipc_state_endpoint,
+			tvb, offset, 2, mask);
+		proto_tree_add_uint(tree, hf_smb_ipc_state_pipe_type,
+			tvb, offset, 2, mask);
+	}
 	proto_tree_add_uint(tree, hf_smb_ipc_state_read_mode,
 		tvb, offset, 2, mask);
-	proto_tree_add_uint(tree, hf_smb_ipc_state_icount,
-		tvb, offset, 2, mask);
+	if (!setstate) {
+		proto_tree_add_uint(tree, hf_smb_ipc_state_icount,
+			tvb, offset, 2, mask);
+	}
 
 	offset += 2;
 
@@ -4423,7 +4427,7 @@ dissect_open_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 	offset += 2;
 
 	/* IPC State */
-	offset = dissect_ipc_state(tvb, pinfo, tree, offset);
+	offset = dissect_ipc_state(tvb, pinfo, tree, offset, FALSE);
 
 	/* open_action */
 	offset = dissect_open_action(tvb, pinfo, tree, offset);
@@ -6672,7 +6676,7 @@ dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, int offset, p
 		offset += 2;
 
 		/* device state */
-		offset = dissect_ipc_state(tvb, pinfo, tree, offset);
+		offset = dissect_ipc_state(tvb, pinfo, tree, offset, FALSE);
 
 		/* is directory */
 		proto_tree_add_item(tree, hf_smb_is_directory, tvb, offset, 1, TRUE);
@@ -7305,7 +7309,7 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t
 	offset += 2;
 
 	/* IPC State */
-	offset = dissect_ipc_state(tvb, pinfo, tree, offset);
+	offset = dissect_ipc_state(tvb, pinfo, tree, offset, FALSE);
 
 	/* is directory */
 	proto_tree_add_item(tree, hf_smb_is_directory, tvb, offset, 1, TRUE);
@@ -10378,7 +10382,7 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot
 		offset += 2;
 
 		/* IPC State */
-		offset = dissect_ipc_state(tvb, pinfo, tree, offset);
+		offset = dissect_ipc_state(tvb, pinfo, tree, offset, FALSE);
 
 		/* open_action */
 		offset = dissect_open_action(tvb, pinfo, tree, offset);
@@ -13325,6 +13329,10 @@ proto_register_smb(void)
 		{ "Verify writes", "smb.move.flags.verify", FT_BOOLEAN, 16,
 		TFS(&tfs_mf_verify), 0x0010, "Verify all writes?", HFILL }},
 
+	{ &hf_smb_move_files_moved,
+		{ "Files Moved", "smb.move.files_moved", FT_UINT16, BASE_DEC,
+		NULL, 0, "Number of files moved", HFILL }},
+
 	{ &hf_smb_count,
 		{ "Count", "smb.count", FT_UINT32, BASE_DEC,
 		NULL, 0, "Count number of items/bytes", HFILL }},
diff --git a/smb.h b/smb.h
index fb204d9b35..7841f2e372 100644
--- a/smb.h
+++ b/smb.h
@@ -2,7 +2,7 @@
  * Defines for smb packet dissection
  * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
  *
- * $Id: smb.h,v 1.24 2001/11/20 06:24:20 guy Exp $
+ * $Id: smb.h,v 1.25 2001/11/20 07:47:42 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -671,9 +671,21 @@ typedef struct smb_info {
 } smb_info_t;
 
 /*
+ * Show file data for a read or write.
+ */
+extern int dissect_file_data(tvbuff_t *tvb, packet_info *pinfo,
+    proto_tree *tree, int offset, guint16 bc, guint16 datalen);
+
+/*
  * Add a FID to the protocol tree and the Info column.
  */
 extern void add_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
     int offset, int len, guint16 fid);
 
+/*
+ * Dissect named pipe state information.
+ */
+extern int dissect_ipc_state(tvbuff_t *tvb, packet_info *pinfo,
+    proto_tree *parent_tree, int offset, gboolean setstate);
+
 #endif
author	Guy Harris <guy@alum.mit.edu>	2001-11-20 07:47:42 +0000
committer	Guy Harris <guy@alum.mit.edu>	2001-11-20 07:47:42 +0000
commit	f7496cc67414b6e63571210fd82dc4fd9fd7cef4 (patch)
tree	b48298bf69c26818cad94b1fb2f30d2ed57057d5
parent	7cd2bc5659d76ce8975105b2924a6c2ca06cc9ad (diff)