diff options
| author | Guy Harris <guy@alum.mit.edu> | 2001-11-19 10:06:42 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2001-11-19 10:06:42 +0000 |
| commit | 853aa01c6e9f89d00c71734dc4f6f0d59b243dc5 (patch) | |
| tree | 8afc917d0cdbcc3b9397562fcc16bbee5dd9ec0a /packet-smb.c | |
| parent | 8c358fd83e99d639629718279e42a752a9a5edc2 (diff) | |
Pass, as the first tvbuff argument to "dissect_mailslot_smb()" and
"dissect_pipe_smb()", a tvbuff containing the setup words and the
pipe/mailslot pathname, as those are arguably the part of the packet
that contains the "mailslot protocol" and the "pipe protocol", as
opposed to the protocol running atop mailslots or pipes.
Pass a setup tvbuff to "dissect_pipe_smb()" for it to pass on to the
MSRPC-over-named-pipe dissector, and have the setup tvbuff passed to it
and "dissect_mailslot_smb()" contain *only* the setup words; don't
extract anything other than the setup words from it.
Declare "register_proto_smb_mailslot()" in "packet-smb-mailslot.h"
rather than "packet-smb.c", and declare "register_proto_smb_pipe()" in
"packet-smb-pipe.h" rather than "packet-smb.c".
Add a protocol for MSRPC-over-named-pipes.
Move the stuff to handle the FID in the setup words of
MSRPC-over-named-pipe transactions out of the SMB Transaction dissector
into the MSRPC dissector. Add a routine to "packet-smb.c", callable
from outside "packet-smb.c", to put an "smb.fid" field into the protocol
tree, and to add ", FID: XXXX" to the Info column, for use by the
MSRPC-over-named-pipe dissector; use it in the SMB dissector as well, in
all the places where we put a FID into the protocol tree.
Move the stuff to check whether the LANMAN protocol is enabled, and to
set "pinfo->current_proto" to "LANMAN" if it is, into the LANMAN
API-over-named-pipe dissector out of the named pipe protocol dissector.
If we didn't dissect a Transaction request or reply as a named pipe or
mailslot message, put any setup words, parameters, and data it has into
the protocol tree as separate items.
Don't put a "Response in" item into the protocol tree for an NT Cancel
request, as there are no responses to NT Cancel requests.
svn path=/trunk/; revision=4221
Diffstat (limited to 'packet-smb.c')
| -rw-r--r-- | packet-smb.c | 284 |
1 files changed, 151 insertions, 133 deletions
diff --git a/packet-smb.c b/packet-smb.c index c9b7946e02..7d142ff99e 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb.c,v 1.157 2001/11/18 22:12:46 guy Exp $ + * $Id: packet-smb.c,v 1.158 2001/11/19 10:06:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -2429,6 +2429,15 @@ dissect_open_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i return offset; } +void +add_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, + guint16 fid) +{ + proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + if (check_col(pinfo->fd, COL_INFO)) + col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); +} + static int dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree) { @@ -2440,12 +2449,9 @@ dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* File Attributes */ offset = dissect_file_attributes(tvb, pinfo, tree, offset); @@ -2471,11 +2477,13 @@ dissect_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, pro { guint8 wc; guint16 bc; + guint16 fid; WORD_COUNT; /* fid */ - proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE); + fid = tvb_get_letohs(tvb, offset); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; BYTE_COUNT; @@ -3031,12 +3039,9 @@ dissect_create_temporary_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - BYTE_COUNT; /* buffer format */ @@ -4397,12 +4402,9 @@ dissect_open_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* File Attributes */ offset = dissect_file_attributes(tvb, pinfo, tree, offset); @@ -6627,12 +6629,9 @@ dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, int offset, p /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* create action */ proto_tree_add_item(tree, hf_smb_create_action, tvb, offset, 4, TRUE); offset += 4; @@ -7266,12 +7265,9 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* create action */ /*XXX is this really the same as create disposition in the request? it looks so*/ proto_tree_add_item(tree, hf_smb_create_action, tvb, offset, 4, TRUE); @@ -8826,11 +8822,62 @@ dissect_transaction2_request_data(tvbuff_t *tvb, packet_info *pinfo, } +static void +dissect_trans_data(tvbuff_t *s_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, + packet_info *pinfo, proto_tree *tree) +{ + int i; + int offset; + guint length; + + /* + * Show the setup words. + */ + if (s_tvb != NULL) { + length = tvb_length(s_tvb); + for (i = 0, offset = 0; length >= 2; + i++, offset += 2, length -= 2) { + /* + * XXX - add a setup word filterable field? + */ + proto_tree_add_text(tree, s_tvb, offset, 2, + "Setup Word %d: 0x%04x", i, + tvb_get_letohs(s_tvb, offset)); + } + } + + /* + * Show the parameters, if any. + */ + if (p_tvb != NULL) { + length = tvb_length(p_tvb); + if (length != 0) { + proto_tree_add_text(tree, p_tvb, 0, length, + "Parameters: %s", + tvb_bytes_to_str(p_tvb, 0, length)); + } + } + + /* + * Show the data, if any. + */ + if (d_tvb != NULL) { + length = tvb_length(d_tvb); + if (length != 0) { + proto_tree_add_text(tree, d_tvb, 0, length, + "Data: %s", tvb_bytes_to_str(d_tvb, 0, length)); + } + } +} + static int dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree) { guint8 wc, sc=0; - int so=0; + int so=offset; + int sl=0; + int tpo=offset; + int tpc=0; guint16 od=0, tf, po=0, pc=0, dc=0, pd, dd=0; guint16 subcmd; guint32 to; @@ -8848,7 +8895,8 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, WORD_COUNT; if(wc==8){ - /*secondary client request*/ + /*secondary client request*/ + /* total param count, only a 16bit integer here*/ proto_tree_add_uint(tree, hf_smb_total_param_count, tvb, offset, 2, tvb_get_letohs(tvb, offset)); offset += 2; @@ -8892,8 +8940,14 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE); offset += 2; } + + /* There are no setup words. */ + so = offset; + sc = 0; + sl = 0; } else { - /* it is not a secondary request */ + /* it is not a secondary request */ + /* total param count , only a 16 bit integer here*/ proto_tree_add_uint(tree, hf_smb_total_param_count, tvb, offset, 2, tvb_get_letohs(tvb, offset)); offset += 2; @@ -8906,11 +8960,11 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_uint(tree, hf_smb_max_param_count, tvb, offset, 2, tvb_get_letohs(tvb, offset)); offset += 2; - /* max data count , only 16bit integer here*/ + /* max data count, only 16bit integer here*/ proto_tree_add_uint(tree, hf_smb_max_data_count, tvb, offset, 2, tvb_get_letohs(tvb, offset)); offset += 2; - /* max setup count , only 16bit integer here*/ + /* max setup count, only 16bit integer here*/ proto_tree_add_uint(tree, hf_smb_max_setup_count, tvb, offset, 1, tvb_get_guint8(tvb, offset)); offset += 1; @@ -8968,8 +9022,9 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE); offset += 1; - /* this is where the setup bytes start */ + /* this is where the setup bytes, if any start */ so = offset; + sl = sc*2; /* if there were any setup bytes, decode them */ if(sc){ @@ -9015,41 +9070,21 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, break; case 0x25: - /* MSRPC transactions have two setup count - words which we decode here. Setup word 1 - is always 0x26. The second setup word is - the fid which the transaction occurs on. */ - if (sc == 2) { - guint16 sw1, sw2; - - sw1 = tvb_get_letohs(tvb, offset); - sw2 = tvb_get_letohs(tvb, offset + 2); - - proto_tree_add_uint(tree, hf_smb_setupword1, tvb, offset, 2, sw1); - proto_tree_add_uint(tree, hf_smb_setupword2, tvb, offset + 2, 2, sw2); - - /* Make fid hidden so we can find it - in a filter. */ - - if (sw1 == 0x26) - proto_tree_add_uint_hidden(tree, hf_smb_fid, tvb, offset + 2, 2, sw2); - } - /* TRANSACTION setup words also processed - below */ + /* TRANSACTION setup words processed below */ break; } - offset += sc*2; + offset += sl; } - } BYTE_COUNT; if(wc!=8){ + /* primary request */ /* name is NULL if transaction2 */ - if(si->cmd!=0x32){ - /* Transaction Name */ + if(si->cmd == 0x25){ + /* Transaction Name */ an = get_unicode_or_ascii_string(tvb, &offset, pinfo, &an_len, FALSE, FALSE, &bc); if (an == NULL) @@ -9060,6 +9095,15 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } } + /* + * The pipe or mailslot arguments for Transaction start with + * the first setup word (or where the first setup word would + * be if there were any setup words), and run to the current + * offset (which could mean that there aren't any). + */ + tpo = so; + tpc = offset - tpo; + /* parameters */ if(po>offset){ /* We have some initial padding bytes. @@ -9123,27 +9167,31 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if(dd==0){ tvbuff_t *t_tvb, *p_tvb, *d_tvb, *s_tvb; - t_tvb = tvb_new_subset(tvb, po, -1, -1); + t_tvb = tvb_new_subset(tvb, tpo, tpc, tpc); if(pc>0){ if(pc>tvb_length_remaining(tvb, po)){ - p_tvb = tvb_new_subset(tvb, po, tvb_length_remaining(tvb, po), pc); + p_tvb = tvb_new_subset(tvb, po, tvb_length_remaining(tvb, po), pc); } else { - p_tvb = tvb_new_subset(tvb, po, pc, pc); + p_tvb = tvb_new_subset(tvb, po, pc, pc); } } else { p_tvb = NULL; } if(dc>0){ if(dc>tvb_length_remaining(tvb, od)){ - d_tvb = tvb_new_subset(tvb, od, tvb_length_remaining(tvb, od), dc); + d_tvb = tvb_new_subset(tvb, od, tvb_length_remaining(tvb, od), dc); } else { - d_tvb = tvb_new_subset(tvb, od, dc, dc); + d_tvb = tvb_new_subset(tvb, od, dc, dc); } } else { d_tvb = NULL; } - if(sc){ - s_tvb = tvb_new_subset(tvb, so, tvb_length_remaining(tvb, so), tvb_length_remaining(tvb, so)); + if(sl){ + if(sl>tvb_length_remaining(tvb, so)){ + s_tvb = tvb_new_subset(tvb, so, tvb_length_remaining(tvb, so), sl); + } else { + s_tvb = tvb_new_subset(tvb, so, sl, sl); + } } else { s_tvb = NULL; } @@ -9178,26 +9226,17 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if (!si->unidir) tri->subcmd=TRANSACTION_PIPE; dissected_trans = dissect_pipe_smb(t_tvb, - p_tvb, d_tvb, an+6, pinfo, top_tree); + s_tvb, p_tvb, d_tvb, an+6, pinfo, top_tree); } else if(strncmp("\\MAILSLOT\\", an, 10) == 0){ if (!si->unidir) tri->subcmd=TRANSACTION_MAILSLOT; dissected_trans = dissect_mailslot_smb(t_tvb, s_tvb, d_tvb, an+10, pinfo, top_tree); - } else { - /* - * We don't know that this is some protocol - * atop SMB Transactions, so just show it - * as data. - */ - proto_tree_add_text(tree, t_tvb, 0, - tvb_length(t_tvb), - "Data: %s", - tvb_bytes_to_str(t_tvb, 0, tvb_length(t_tvb))); - dissected_trans = TRUE; } - if (!dissected_trans) - dissect_data(t_tvb, 0, pinfo, top_tree); + if (!dissected_trans) { + dissect_trans_data(s_tvb, p_tvb, d_tvb, + pinfo, tree); + } } else { if(check_col(pinfo->fd, COL_INFO)){ col_append_str(pinfo->fd, COL_INFO, @@ -10293,12 +10332,9 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot case 0x00: /*TRANS2_OPEN2*/ /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* File Attributes */ offset = dissect_file_attributes(tvb, pinfo, tree, offset); @@ -10448,9 +10484,12 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot static int dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree) { - guint8 sc=0, wc; + guint8 sc, wc; guint16 od=0, tf, po=0, pc=0, pd, dc=0, dd=0; - int so=0; + int so=offset; + int sl=0; + int tpo=offset; + int tpc=0; guint32 to; smb_info_t *si; smb_transact2_info_t *t2i = NULL; @@ -10555,14 +10594,24 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree offset += 1; /* save setup offset */ - so=offset; + so = offset; /* if there were any setup bytes, decode them */ - if(sc){ + sl = sc*2; + if(sl){ /* XXXX dissect setup words */ - offset += sc*2; + offset += sl; } + /* + * The pipe or mailslot arguments for Transaction start with + * the first setup word (or where the first setup word would + * be if there were any setup words), and run to the current + * offset (which could mean that there aren't any). + */ + tpo = so; + tpc = offset - tpo; + BYTE_COUNT; /* parameters */ @@ -10626,27 +10675,32 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree tvbuff_t *t_tvb, *p_tvb, *d_tvb, *s_tvb; smb_transact_info_t *tri; - t_tvb = tvb_new_subset(tvb, po, -1, -1); + t_tvb = tvb_new_subset(tvb, tpo, tpc, tpc); if(pc>0){ if(pc>tvb_length_remaining(tvb, po)){ - p_tvb = tvb_new_subset(tvb, po, tvb_length_remaining(tvb, po), pc); + p_tvb = tvb_new_subset(tvb, po, tvb_length_remaining(tvb, po), pc); } else { - p_tvb = tvb_new_subset(tvb, po, pc, pc); + p_tvb = tvb_new_subset(tvb, po, pc, pc); } } else { p_tvb = NULL; } if(dc>0){ if(dc>tvb_length_remaining(tvb, od)){ - d_tvb = tvb_new_subset(tvb, od, tvb_length_remaining(tvb, od), dc); + d_tvb = tvb_new_subset(tvb, od, tvb_length_remaining(tvb, od), dc); } else { - d_tvb = tvb_new_subset(tvb, od, dc, dc); + d_tvb = tvb_new_subset(tvb, od, dc, dc); } } else { d_tvb = NULL; } - if(sc){ - s_tvb = tvb_new_subset(tvb, so, tvb_length_remaining(tvb, so), tvb_length_remaining(tvb, so)); + /* Convert setup count from words to bytes. */ + if(sl){ + if(sl>tvb_length_remaining(tvb, so)){ + s_tvb = tvb_new_subset(tvb, so, tvb_length_remaining(tvb, so), sl); + } else { + s_tvb = tvb_new_subset(tvb, so, sl, sl); + } } else { s_tvb = NULL; } @@ -10661,8 +10715,8 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree case TRANSACTION_PIPE: dissected_trans = dissect_pipe_smb( - t_tvb, p_tvb, d_tvb, NULL, pinfo, - top_tree); + t_tvb, s_tvb, p_tvb, d_tvb, NULL, + pinfo, top_tree); break; case TRANSACTION_MAILSLOT: @@ -10670,34 +10724,12 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree t_tvb, s_tvb, d_tvb, NULL, pinfo, top_tree); break; - - default: - /* - * We don't know that this is some - * protocol atop SMB Transactions, - * so just show it as data. - */ - proto_tree_add_text(tree, t_tvb, 0, - tvb_length(t_tvb), - "Data: %s", - tvb_bytes_to_str(t_tvb, 0, tvb_length(t_tvb))); - dissected_trans = TRUE; - break; } - } else { - /* - * We don't know that this is some protocol - * atop SMB Transactions, so just show it - * as data. - */ - proto_tree_add_text(tree, t_tvb, 0, - tvb_length(t_tvb), - "Data: %s", - tvb_bytes_to_str(t_tvb, 0, tvb_length(t_tvb))); - dissected_trans = TRUE; } - if (!dissected_trans) - dissect_data(t_tvb, 0, pinfo, top_tree); + if (!dissected_trans) { + dissect_trans_data(s_tvb, p_tvb, d_tvb, + pinfo, tree); + } } else { if(check_col(pinfo->fd, COL_INFO)){ col_append_str(pinfo->fd, COL_INFO, @@ -12755,7 +12787,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) * frame - if we know the frame number (i.e., it's not 0). */ if(si.request){ - if (sip->frame_res != 0) + if (si.cmd != 0xa4 && sip->frame_res != 0) proto_tree_add_uint(htree, hf_smb_response_in, tvb, 0, 0, sip->frame_res); } else { if (sip->frame_req != 0) @@ -12900,10 +12932,6 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) extern void register_proto_smb_browse( void); extern void register_proto_smb_logon( void); -extern void register_proto_smb_mailslot( void); -extern void register_proto_smb_pipe( void); -extern void register_proto_smb_mailslot( void); - void proto_register_smb(void) @@ -14595,16 +14623,6 @@ proto_register_smb(void) { &hf_smb_fs_attr_vic, { "Compressed", "smb.fs.attr.vic", FT_BOOLEAN, 32, TFS(&tfs_fs_attr_vic), 0x00008000, "Is this FS Compressed?", HFILL }}, - - { &hf_smb_setupword1, - { "Setup Word 1", "smb.transaction.setupword1", FT_UINT16, BASE_HEX, - NULL, 0, "First setup word in TRANSACTION command", HFILL }}, - - { &hf_smb_setupword2, - { "Setup Word 2", "smb.transaction.setupword2", FT_UINT16, BASE_HEX, - NULL, 0, "Second setup word in TRANSACTION command", HFILL }}, - - }; static gint *ett[] = { &ett_smb, |