track FIDs on a per transaction (request+response) basis and make sure the FID is printed

in both packets of a transaction.

this makes filters such as "smb.file==foo.txt" work much better since they now show both 
the read/write request and also the response packets.
this is similar to what we already do in nfs for filehandles




git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@21856 f5534014-38df-0310-8fa8-9805f1628bb7

2 files changed, 35 insertions, 2 deletions

diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c
index afc952fb1d..8860d80974 100644
--- a/epan/dissectors/packet-smb.c
+++ b/epan/dissectors/packet-smb.c
@@ -3312,6 +3312,7 @@ dissect_smb_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset,
     int len, guint16 fid, gboolean is_created, gboolean is_closed, gboolean is_generated)
 {
 	smb_info_t *si = pinfo->private_data;
+	smb_saved_info_t *sip = si->sip;
 	proto_item *it;
 	proto_tree *tr;
 	smb_fid_info_t *fid_info=NULL;
@@ -3347,6 +3348,18 @@ dissect_smb_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset,
 		return NULL;
 	}
 
+	/* Store the fid in the transaction structure and remember if
+	   it was in the request or in the reply we saw it 
+	 */
+	if(sip && (!is_generated) && (!pinfo->fd->flags.visited)) {
+		sip->fid=fid;
+		if(si->request){
+			sip->fid_seen_in_request=TRUE;
+		} else {
+			sip->fid_seen_in_request=FALSE;
+		}
+	}
+
 	if((!pinfo->fd->flags.visited) && is_closed){
 		fid_info->closed_in=pinfo->fd->num;
 	}
@@ -15020,6 +15033,7 @@ static int
 dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *smb_tree, guint8 cmd, gboolean first_pdu)
 {
 	smb_info_t *si;
+	smb_saved_info_t *sip;
 
 	si = pinfo->private_data;
 	DISSECTOR_ASSERT(si);
@@ -15051,6 +15065,18 @@ dissect_smb_command(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *s
 
 		cmd_tree = proto_item_add_subtree(cmd_item, ett_smb_command);
 
+		/* we track FIDs on a per transaction basis.
+		   if this was a request and the fid was seen in a reply
+		   we add a "generated" fid tree for this pdu and v.v.
+		 */
+		sip = si->sip;
+		if (sip && sip->fid) {
+			if( (si->request && (!sip->fid_seen_in_request))
+			  ||((!si->request) && sip->fid_seen_in_request) ){
+				dissect_smb_fid(tvb, pinfo, cmd_tree, offset, 0, sip->fid, FALSE, FALSE, TRUE);
+			}
+		}
+
 		dissector = (si->request)?
 			smb_dissector[cmd].request:smb_dissector[cmd].response;
 
@@ -15930,6 +15956,8 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 				sip->cmd = si->cmd;
 				sip->extra_info = NULL;
 				sip->extra_info_type = SMB_EI_NONE;
+				sip->fid=0;
+				sip->fid_seen_in_request=0;
 				g_hash_table_insert(si->ct->unmatched, GUINT_TO_POINTER(pid_mid), sip);
 				new_key = se_alloc(sizeof(smb_saved_info_key_t));
 				new_key->frame = sip->frame_req;
diff --git a/epan/dissectors/packet-smb.h b/epan/dissectors/packet-smb.h
index 02227d6598..2609ba569e 100644
--- a/epan/dissectors/packet-smb.h
+++ b/epan/dissectors/packet-smb.h
@@ -208,6 +208,7 @@ typedef enum {
 	SMB_EI_FILEDATA,	/* fid tracking */
 	SMB_EI_UID		/* smb_uid_t */
 } smb_extra_info_t;
+typedef struct _smb_fid_into_t smb_fid_info_t;
 typedef struct {
 	guint32 frame_req, frame_res;
 	nstime_t req_time;
@@ -215,6 +216,10 @@ typedef struct {
 	guint8 cmd;
 	void *extra_info;
 	smb_extra_info_t extra_info_type;
+	/* we save the fid in each transaction so that we can get fid filters
+	   to match both request and response */
+	gboolean fid_seen_in_request;
+	guint16 fid;
 } smb_saved_info_t;
 
 /*
@@ -301,12 +306,12 @@ typedef struct _smb_fid_saved_info_t {
 	guint32 share_access;
 	guint32 create_options;
 } smb_fid_saved_info_t;
-typedef struct _smb_fid_into_t {
+struct _smb_fid_into_t {
 	int opened_in;
 	int closed_in;
 	int type;
 	smb_fid_saved_info_t *fsi;
-} smb_fid_info_t;
+};
 
 /* used for tracking tid to sharename openedframe closedframe */
 typedef struct _smb_tid_into_t {