SMB2: Add @timestamp to the info column if we see a timewarp ECP.

When viewing the summary pane it is useful to know if the request is
for a previous version of a file. This is signalled by the existence of
TWRP Extra Create Parameter. If we see one, add the time string to
the info column.

Change-Id: I3564c2c38a1dd3aa13484bcb329577088025ca70
Reviewed-on: https://code.wireshark.org/review/35058
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

1 files changed, 18 insertions, 0 deletions

diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c
index db26d37535..411e471cd0 100644
--- a/epan/dissectors/packet-smb2.c
+++ b/epan/dissectors/packet-smb2.c
@@ -7598,6 +7598,23 @@ dissect_smb2_SecD_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree
 }
 
 static void
+add_timestamp_to_info_col(tvbuff_t *tvb, packet_info *pinfo, int offset)
+{
+	guint32 filetime_high, filetime_low;
+	nstime_t ts;
+
+	filetime_low = tvb_get_letohl(tvb, offset);
+	filetime_high = tvb_get_letohl(tvb, offset + 4);
+
+	ts.secs = filetime_low;
+	ts.nsecs = filetime_high;
+
+	col_append_fstr(pinfo->cinfo, COL_INFO, "@%s",
+            abs_time_to_str(wmem_packet_scope(), &ts, ABSOLUTE_TIME_UTC,
+		            FALSE));
+}
+
+static void
 dissect_smb2_TWrp_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
 {
 	proto_item *item = NULL;
@@ -7605,6 +7622,7 @@ dissect_smb2_TWrp_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tr
 		item = proto_tree_get_parent(tree);
 		proto_item_append_text(item, ": Timestamp");
 	}
+	add_timestamp_to_info_col(tvb, pinfo, 0);
 	dissect_nt_64bit_time(tvb, tree, 0, hf_smb2_twrp_timestamp);
 }