diff options
| author | sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> | 2005-11-09 09:29:41 +0000 |
|---|---|---|
| committer | sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> | 2005-11-09 09:29:41 +0000 |
| commit | 7a8c5898a4d44dbcf7e2a837373c53789231b822 (patch) | |
| tree | 64603750582ef6948c4e149f8f462f8213fef912 /epan | |
| parent | cf0c349b5eb41bbb141a8f625588eda31f45d5c9 (diff) | |
add support for Close and the new guess that the FID is present in the Find request.
Ohoy sailor, we have spotted the concept of current working directory.
does this mean we also get rid of the silly 200-256 byte path length limitation?
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16445 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-smb2.c | 57 |
1 files changed, 52 insertions, 5 deletions
diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c index b57d53aacd..f186e5a542 100644 --- a/epan/dissectors/packet-smb2.c +++ b/epan/dissectors/packet-smb2.c @@ -328,12 +328,15 @@ dissect_smb2_find_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i guint16 bc; /* some unknown bytes */ - proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 16, TRUE); - offset += 16; + proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 4, TRUE); + offset += 4; + + /* fid */ + offset = dissect_smb2_fid(tvb, pinfo, tree, offset, ssi); /* some unknown bytes */ - proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 10, TRUE); - offset += 10; + proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, TRUE); + offset += 2; /* search name length */ search_len=tvb_get_letohs(tvb, offset); @@ -560,6 +563,48 @@ dissect_smb2_close_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *t } + +static int +dissect_smb2_create_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_saved_info_t *ssi) +{ +/*qqq*/ + return offset; +} + +static int +dissect_smb2_create_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_saved_info_t *ssi) +{ + /* some unknown bytes */ + proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 8, TRUE); + offset += 8; + + /* create time */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp); + + /* last access */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp); + + /* last write */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp); + + /* last change */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp); + + /* some unknown bytes */ + proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 20, TRUE); + offset += 20; + + /* fid */ + offset = dissect_smb2_fid(tvb, pinfo, tree, offset, ssi); + + /* some unknown bytes */ + proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 40, TRUE); + offset += 40; + + return offset; +} + + /* names here are just until we find better names for these functions */ const value_string smb2_cmd_vals[] = { { 0x00, "NegotiateProtocol" }, @@ -837,7 +882,9 @@ static smb2_function smb2_dissector[256] = { {dissect_smb2_tree_connect_request, NULL}, /* 0x04 */ {NULL, NULL}, - /* 0x05 */ {NULL, NULL}, + /* 0x05 Create*/ + {dissect_smb2_create_request, + dissect_smb2_create_response}, /* 0x06 Close*/ {dissect_smb2_close_request, dissect_smb2_close_response}, |