diff options
| -rw-r--r-- | packet-smb-mailslot.c | 25 | ||||
| -rw-r--r-- | packet-smb-mailslot.h | 4 | ||||
| -rw-r--r-- | packet-smb-pipe.c | 108 | ||||
| -rw-r--r-- | packet-smb-pipe.h | 11 | ||||
| -rw-r--r-- | packet-smb.c | 284 | ||||
| -rw-r--r-- | smb.h | 9 |
6 files changed, 277 insertions, 164 deletions
diff --git a/packet-smb-mailslot.c b/packet-smb-mailslot.c index 4d5004198f..83558d0f1f 100644 --- a/packet-smb-mailslot.c +++ b/packet-smb-mailslot.c @@ -2,7 +2,7 @@ * Routines for SMB mailslot packet dissection * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com> * - * $Id: packet-smb-mailslot.c,v 1.22 2001/11/18 02:51:19 guy Exp $ + * $Id: packet-smb-mailslot.c,v 1.23 2001/11/19 10:06:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -68,9 +68,9 @@ static const value_string class_vals[] = { */ gboolean -dissect_mailslot_smb(tvbuff_t *total_tvb, tvbuff_t *setup_tvb, - tvbuff_t *tvb, const char *mailslot, - packet_info *pinfo, proto_tree *parent_tree) +dissect_mailslot_smb(tvbuff_t *mshdr_tvb, tvbuff_t *setup_tvb, + tvbuff_t *tvb, const char *mailslot, packet_info *pinfo, + proto_tree *parent_tree) { smb_info_t *smb_info; smb_transact_info_t *tri; @@ -130,10 +130,12 @@ dissect_mailslot_smb(tvbuff_t *total_tvb, tvbuff_t *setup_tvb, } if (parent_tree) { - item = proto_tree_add_item(parent_tree, proto_smb_msp, total_tvb, - 0, tvb_length(total_tvb), FALSE); + item = proto_tree_add_item(parent_tree, proto_smb_msp, mshdr_tvb, + 0, tvb_length(mshdr_tvb), FALSE); tree = proto_item_add_subtree(item, ett_smb_msp); + /* These are in the setup words; use "setup_tvb". */ + /* opcode */ proto_tree_add_uint(tree, hf_opcode, setup_tvb, offset, 2, opcode); @@ -148,15 +150,16 @@ dissect_mailslot_smb(tvbuff_t *total_tvb, tvbuff_t *setup_tvb, proto_tree_add_item(tree, hf_class, setup_tvb, offset, 2, TRUE); offset += 2; + /* These are in the rest of the data; use "mshdr_tvb", which + starts at the same place "setup_tvb" does. */ + /* size */ - proto_tree_add_item(tree, hf_size, setup_tvb, offset, 2, TRUE); + proto_tree_add_item(tree, hf_size, mshdr_tvb, offset, 2, TRUE); offset += 2; /* mailslot name */ - len = tvb_strsize(setup_tvb, offset); - proto_tree_add_item(tree, hf_name, setup_tvb, offset, len, - TRUE); - offset += len; + len = tvb_strsize(mshdr_tvb, offset); + proto_tree_add_item(tree, hf_name, mshdr_tvb, offset, len, TRUE); } dissected = FALSE; diff --git a/packet-smb-mailslot.h b/packet-smb-mailslot.h index ca92e2c220..1216c4b758 100644 --- a/packet-smb-mailslot.h +++ b/packet-smb-mailslot.h @@ -2,7 +2,7 @@ * Declaration of routines for SMB mailslot packet dissection * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com> * - * $Id: packet-smb-mailslot.h,v 1.4 2001/11/15 10:41:51 guy Exp $ + * $Id: packet-smb-mailslot.h,v 1.5 2001/11/19 10:06:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -26,6 +26,8 @@ #ifndef _PACKET_SMB_MAILSLOT_H_ #define _PACKET_SMB_MAILSLOT_H_ +extern void register_proto_smb_mailslot(void); + gboolean dissect_mailslot_smb(tvbuff_t *total_tvb, tvbuff_t *setup_tvb, tvbuff_t *tvb, const char *mailslot, diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c index 9c78c81855..076543f669 100644 --- a/packet-smb-pipe.c +++ b/packet-smb-pipe.c @@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and * Guy Harris 2001 * - * $Id: packet-smb-pipe.c,v 1.44 2001/11/18 22:44:07 guy Exp $ + * $Id: packet-smb-pipe.c,v 1.45 2001/11/19 10:06:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -141,6 +141,9 @@ static gint ett_lanman_share = -1; static gint ett_lanman_servers = -1; static gint ett_lanman_server = -1; +static int proto_smb_msrpc = -1; +static gint ett_smbrpc = -1; + /* * See * @@ -1967,6 +1970,10 @@ dissect_pipe_lanman(tvbuff_t *t_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, proto_item *entry_item; proto_tree *entry_tree; + if (!proto_is_protocol_enabled(proto_smb_lanman)) + return FALSE; + pinfo->current_proto = "LANMAN"; + if (check_col(pinfo->fd, COL_PROTOCOL)) { col_set_str(pinfo->fd, COL_PROTOCOL, "LANMAN"); } @@ -2176,24 +2183,99 @@ dissect_pipe_lanman(tvbuff_t *t_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, static heur_dissector_list_t msrpc_heur_subdissector_list; static gboolean -dissect_pipe_msrpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +dissect_pipe_msrpc(tvbuff_t *t_tvb, tvbuff_t *s_tvb, tvbuff_t *d_tvb, + packet_info *pinfo, proto_tree *parent_tree) { + guint16 fid; + proto_item *item = NULL; + proto_tree *tree = NULL; dcerpc_private_info dcerpc_priv; smb_info_t *smb_priv = (smb_info_t *)pinfo->private_data; gboolean result; + if (!proto_is_protocol_enabled(proto_smb_msrpc)) + return FALSE; + + /* + * Do we have any setup words at all? + */ + if (s_tvb == NULL) { + /* + * No. This has to be a response. + */ + if (smb_priv->request) { + /* + * It's not - assume this isn't DCERPC-over-SMB. + */ + return FALSE; + } + } else { + /* + * Yes. Do we have at least two of them? + */ + if (!tvb_bytes_exist(s_tvb, 0, 4)) { + /* + * No - assume this isn't DCERPC-over-SMB. + */ + return FALSE; + } + + /* + * Is the first one 0x26? + */ + if (tvb_get_letohs(s_tvb, 0) != 0x26) { + /* + * No - assume this isn't DCERPC-over-SMB. + */ + return FALSE; + } + } + + /* + * Create an tree for DCERPC-over-SMB. + */ + if (parent_tree) { + item = proto_tree_add_item(parent_tree, proto_smb_msrpc, + t_tvb, 0, tvb_length(t_tvb), FALSE); + tree = proto_item_add_subtree(item, ett_smbrpc); + } + + /* + * Set the columns. + */ + if (check_col(pinfo->fd, COL_PROTOCOL)) { + col_set_str(pinfo->fd, COL_PROTOCOL, "SMBRPC"); + } + if (check_col(pinfo->fd, COL_INFO)) { + col_set_str(pinfo->fd, COL_INFO, + smb_priv->request ? "Request" : "Response"); + } + + if (s_tvb == NULL) { + /* + * No setup words, so we don't know the FID. + */ + fid = 0; /* XXX */ + } else { + /* + * Treat the second setup word as the FID. + */ + fid = tvb_get_letohs(s_tvb, 2); + add_fid(s_tvb, pinfo, tree, 2, fid); + } + dcerpc_priv.transport_type = DCERPC_TRANSPORT_SMB; - dcerpc_priv.data.smb.fid = smb_priv->fid; + dcerpc_priv.data.smb.fid = fid; pinfo->private_data = &dcerpc_priv; - result = dissector_try_heuristic(msrpc_heur_subdissector_list, tvb, + result = dissector_try_heuristic(msrpc_heur_subdissector_list, d_tvb, pinfo, parent_tree); pinfo->private_data = smb_priv; if (!result) - dissect_data(tvb, 0, pinfo, parent_tree); + dissect_data(d_tvb, 0, pinfo, parent_tree); return TRUE; } @@ -2204,22 +2286,19 @@ dissect_pipe_msrpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) /* decode the SMB pipe protocol for requests pipe is the name of the pipe, e.g. LANMAN - smb_info->trans_subcmd is set to the symbolic constatn matching the mailslot name + smb_info->trans_subcmd is set to the symbolic constant matching the mailslot name for responses pipe is NULL smb_info->trans_subcmd gives us which pipe this response is for */ gboolean -dissect_pipe_smb(tvbuff_t *t_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, - const char *pipe, packet_info *pinfo, proto_tree *tree) +dissect_pipe_smb(tvbuff_t *t_tvb, tvbuff_t *s_tvb, tvbuff_t *p_tvb, + tvbuff_t *d_tvb, const char *pipe, packet_info *pinfo, + proto_tree *tree) { smb_info_t *smb_info; smb_transact_info_t *tri; - if (!proto_is_protocol_enabled(proto_smb_lanman)) - return FALSE; - pinfo->current_proto = "LANMAN"; - smb_info = pinfo->private_data; if (smb_info->sip != NULL) tri = smb_info->sip->extra_info; @@ -2246,7 +2325,7 @@ dissect_pipe_smb(tvbuff_t *t_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, return dissect_pipe_lanman(t_tvb, p_tvb, d_tvb, pinfo, tree); break; case PIPE_MSRPC: - return dissect_pipe_msrpc(d_tvb, pinfo, tree); + return dissect_pipe_msrpc(t_tvb, s_tvb, d_tvb, pinfo, tree); break; } @@ -2574,6 +2653,7 @@ register_proto_smb_pipe(void) &ett_lanman_server, &ett_lanman_shares, &ett_lanman_share, + &ett_smbrpc, }; proto_smb_lanman = proto_register_protocol( @@ -2581,5 +2661,7 @@ register_proto_smb_pipe(void) proto_register_field_array(proto_smb_lanman, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); + proto_smb_msrpc = proto_register_protocol( + "MSRPC-over-SMB", "SMBRPC", "smbrpc"); register_heur_dissector_list("msrpc", &msrpc_heur_subdissector_list); } diff --git a/packet-smb-pipe.h b/packet-smb-pipe.h index a1c476fb57..f0101b92cc 100644 --- a/packet-smb-pipe.h +++ b/packet-smb-pipe.h @@ -2,7 +2,7 @@ * Declarations of routines for SMB named pipe packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb-pipe.h,v 1.6 2001/11/15 10:41:52 guy Exp $ + * $Id: packet-smb-pipe.h,v 1.7 2001/11/19 10:06:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -26,8 +26,11 @@ #ifndef _PACKET_SMB_PIPE_H_ #define _PACKET_SMB_PIPE_H_ -gboolean -dissect_pipe_smb(tvbuff_t *t_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, - const char *pipe, packet_info *pinfo, proto_tree *tree); +extern void register_proto_smb_pipe(void); + +extern gboolean +dissect_pipe_smb(tvbuff_t *t_tvb, tvbuff_t *s_tvb, tvbuff_t *p_tvb, + tvbuff_t *d_tvb, const char *pipe, packet_info *pinfo, + proto_tree *tree); #endif diff --git a/packet-smb.c b/packet-smb.c index c9b7946e02..7d142ff99e 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb.c,v 1.157 2001/11/18 22:12:46 guy Exp $ + * $Id: packet-smb.c,v 1.158 2001/11/19 10:06:41 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -2429,6 +2429,15 @@ dissect_open_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i return offset; } +void +add_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, + guint16 fid) +{ + proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + if (check_col(pinfo->fd, COL_INFO)) + col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); +} + static int dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree) { @@ -2440,12 +2449,9 @@ dissect_open_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* File Attributes */ offset = dissect_file_attributes(tvb, pinfo, tree, offset); @@ -2471,11 +2477,13 @@ dissect_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, pro { guint8 wc; guint16 bc; + guint16 fid; WORD_COUNT; /* fid */ - proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE); + fid = tvb_get_letohs(tvb, offset); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; BYTE_COUNT; @@ -3031,12 +3039,9 @@ dissect_create_temporary_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - BYTE_COUNT; /* buffer format */ @@ -4397,12 +4402,9 @@ dissect_open_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* File Attributes */ offset = dissect_file_attributes(tvb, pinfo, tree, offset); @@ -6627,12 +6629,9 @@ dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, int offset, p /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* create action */ proto_tree_add_item(tree, hf_smb_create_action, tvb, offset, 4, TRUE); offset += 4; @@ -7266,12 +7265,9 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* create action */ /*XXX is this really the same as create disposition in the request? it looks so*/ proto_tree_add_item(tree, hf_smb_create_action, tvb, offset, 4, TRUE); @@ -8826,11 +8822,62 @@ dissect_transaction2_request_data(tvbuff_t *tvb, packet_info *pinfo, } +static void +dissect_trans_data(tvbuff_t *s_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, + packet_info *pinfo, proto_tree *tree) +{ + int i; + int offset; + guint length; + + /* + * Show the setup words. + */ + if (s_tvb != NULL) { + length = tvb_length(s_tvb); + for (i = 0, offset = 0; length >= 2; + i++, offset += 2, length -= 2) { + /* + * XXX - add a setup word filterable field? + */ + proto_tree_add_text(tree, s_tvb, offset, 2, + "Setup Word %d: 0x%04x", i, + tvb_get_letohs(s_tvb, offset)); + } + } + + /* + * Show the parameters, if any. + */ + if (p_tvb != NULL) { + length = tvb_length(p_tvb); + if (length != 0) { + proto_tree_add_text(tree, p_tvb, 0, length, + "Parameters: %s", + tvb_bytes_to_str(p_tvb, 0, length)); + } + } + + /* + * Show the data, if any. + */ + if (d_tvb != NULL) { + length = tvb_length(d_tvb); + if (length != 0) { + proto_tree_add_text(tree, d_tvb, 0, length, + "Data: %s", tvb_bytes_to_str(d_tvb, 0, length)); + } + } +} + static int dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree) { guint8 wc, sc=0; - int so=0; + int so=offset; + int sl=0; + int tpo=offset; + int tpc=0; guint16 od=0, tf, po=0, pc=0, dc=0, pd, dd=0; guint16 subcmd; guint32 to; @@ -8848,7 +8895,8 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, WORD_COUNT; if(wc==8){ - /*secondary client request*/ + /*secondary client request*/ + /* total param count, only a 16bit integer here*/ proto_tree_add_uint(tree, hf_smb_total_param_count, tvb, offset, 2, tvb_get_letohs(tvb, offset)); offset += 2; @@ -8892,8 +8940,14 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_item(tree, hf_smb_fid, tvb, offset, 2, TRUE); offset += 2; } + + /* There are no setup words. */ + so = offset; + sc = 0; + sl = 0; } else { - /* it is not a secondary request */ + /* it is not a secondary request */ + /* total param count , only a 16 bit integer here*/ proto_tree_add_uint(tree, hf_smb_total_param_count, tvb, offset, 2, tvb_get_letohs(tvb, offset)); offset += 2; @@ -8906,11 +8960,11 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_uint(tree, hf_smb_max_param_count, tvb, offset, 2, tvb_get_letohs(tvb, offset)); offset += 2; - /* max data count , only 16bit integer here*/ + /* max data count, only 16bit integer here*/ proto_tree_add_uint(tree, hf_smb_max_data_count, tvb, offset, 2, tvb_get_letohs(tvb, offset)); offset += 2; - /* max setup count , only 16bit integer here*/ + /* max setup count, only 16bit integer here*/ proto_tree_add_uint(tree, hf_smb_max_setup_count, tvb, offset, 1, tvb_get_guint8(tvb, offset)); offset += 1; @@ -8968,8 +9022,9 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree_add_item(tree, hf_smb_reserved, tvb, offset, 1, TRUE); offset += 1; - /* this is where the setup bytes start */ + /* this is where the setup bytes, if any start */ so = offset; + sl = sc*2; /* if there were any setup bytes, decode them */ if(sc){ @@ -9015,41 +9070,21 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, break; case 0x25: - /* MSRPC transactions have two setup count - words which we decode here. Setup word 1 - is always 0x26. The second setup word is - the fid which the transaction occurs on. */ - if (sc == 2) { - guint16 sw1, sw2; - - sw1 = tvb_get_letohs(tvb, offset); - sw2 = tvb_get_letohs(tvb, offset + 2); - - proto_tree_add_uint(tree, hf_smb_setupword1, tvb, offset, 2, sw1); - proto_tree_add_uint(tree, hf_smb_setupword2, tvb, offset + 2, 2, sw2); - - /* Make fid hidden so we can find it - in a filter. */ - - if (sw1 == 0x26) - proto_tree_add_uint_hidden(tree, hf_smb_fid, tvb, offset + 2, 2, sw2); - } - /* TRANSACTION setup words also processed - below */ + /* TRANSACTION setup words processed below */ break; } - offset += sc*2; + offset += sl; } - } BYTE_COUNT; if(wc!=8){ + /* primary request */ /* name is NULL if transaction2 */ - if(si->cmd!=0x32){ - /* Transaction Name */ + if(si->cmd == 0x25){ + /* Transaction Name */ an = get_unicode_or_ascii_string(tvb, &offset, pinfo, &an_len, FALSE, FALSE, &bc); if (an == NULL) @@ -9060,6 +9095,15 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, } } + /* + * The pipe or mailslot arguments for Transaction start with + * the first setup word (or where the first setup word would + * be if there were any setup words), and run to the current + * offset (which could mean that there aren't any). + */ + tpo = so; + tpc = offset - tpo; + /* parameters */ if(po>offset){ /* We have some initial padding bytes. @@ -9123,27 +9167,31 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if(dd==0){ tvbuff_t *t_tvb, *p_tvb, *d_tvb, *s_tvb; - t_tvb = tvb_new_subset(tvb, po, -1, -1); + t_tvb = tvb_new_subset(tvb, tpo, tpc, tpc); if(pc>0){ if(pc>tvb_length_remaining(tvb, po)){ - p_tvb = tvb_new_subset(tvb, po, tvb_length_remaining(tvb, po), pc); + p_tvb = tvb_new_subset(tvb, po, tvb_length_remaining(tvb, po), pc); } else { - p_tvb = tvb_new_subset(tvb, po, pc, pc); + p_tvb = tvb_new_subset(tvb, po, pc, pc); } } else { p_tvb = NULL; } if(dc>0){ if(dc>tvb_length_remaining(tvb, od)){ - d_tvb = tvb_new_subset(tvb, od, tvb_length_remaining(tvb, od), dc); + d_tvb = tvb_new_subset(tvb, od, tvb_length_remaining(tvb, od), dc); } else { - d_tvb = tvb_new_subset(tvb, od, dc, dc); + d_tvb = tvb_new_subset(tvb, od, dc, dc); } } else { d_tvb = NULL; } - if(sc){ - s_tvb = tvb_new_subset(tvb, so, tvb_length_remaining(tvb, so), tvb_length_remaining(tvb, so)); + if(sl){ + if(sl>tvb_length_remaining(tvb, so)){ + s_tvb = tvb_new_subset(tvb, so, tvb_length_remaining(tvb, so), sl); + } else { + s_tvb = tvb_new_subset(tvb, so, sl, sl); + } } else { s_tvb = NULL; } @@ -9178,26 +9226,17 @@ dissect_transaction_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if (!si->unidir) tri->subcmd=TRANSACTION_PIPE; dissected_trans = dissect_pipe_smb(t_tvb, - p_tvb, d_tvb, an+6, pinfo, top_tree); + s_tvb, p_tvb, d_tvb, an+6, pinfo, top_tree); } else if(strncmp("\\MAILSLOT\\", an, 10) == 0){ if (!si->unidir) tri->subcmd=TRANSACTION_MAILSLOT; dissected_trans = dissect_mailslot_smb(t_tvb, s_tvb, d_tvb, an+10, pinfo, top_tree); - } else { - /* - * We don't know that this is some protocol - * atop SMB Transactions, so just show it - * as data. - */ - proto_tree_add_text(tree, t_tvb, 0, - tvb_length(t_tvb), - "Data: %s", - tvb_bytes_to_str(t_tvb, 0, tvb_length(t_tvb))); - dissected_trans = TRUE; } - if (!dissected_trans) - dissect_data(t_tvb, 0, pinfo, top_tree); + if (!dissected_trans) { + dissect_trans_data(s_tvb, p_tvb, d_tvb, + pinfo, tree); + } } else { if(check_col(pinfo->fd, COL_INFO)){ col_append_str(pinfo->fd, COL_INFO, @@ -10293,12 +10332,9 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot case 0x00: /*TRANS2_OPEN2*/ /* fid */ fid = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_fid, tvb, offset, 2, fid); + add_fid(tvb, pinfo, tree, offset, fid); offset += 2; - if (check_col(pinfo->fd, COL_INFO)) - col_append_fstr(pinfo->fd, COL_INFO, ", FID: 0x%04x", fid); - /* File Attributes */ offset = dissect_file_attributes(tvb, pinfo, tree, offset); @@ -10448,9 +10484,12 @@ dissect_transaction2_response_parameters(tvbuff_t *tvb, packet_info *pinfo, prot static int dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree) { - guint8 sc=0, wc; + guint8 sc, wc; guint16 od=0, tf, po=0, pc=0, pd, dc=0, dd=0; - int so=0; + int so=offset; + int sl=0; + int tpo=offset; + int tpc=0; guint32 to; smb_info_t *si; smb_transact2_info_t *t2i = NULL; @@ -10555,14 +10594,24 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree offset += 1; /* save setup offset */ - so=offset; + so = offset; /* if there were any setup bytes, decode them */ - if(sc){ + sl = sc*2; + if(sl){ /* XXXX dissect setup words */ - offset += sc*2; + offset += sl; } + /* + * The pipe or mailslot arguments for Transaction start with + * the first setup word (or where the first setup word would + * be if there were any setup words), and run to the current + * offset (which could mean that there aren't any). + */ + tpo = so; + tpc = offset - tpo; + BYTE_COUNT; /* parameters */ @@ -10626,27 +10675,32 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree tvbuff_t *t_tvb, *p_tvb, *d_tvb, *s_tvb; smb_transact_info_t *tri; - t_tvb = tvb_new_subset(tvb, po, -1, -1); + t_tvb = tvb_new_subset(tvb, tpo, tpc, tpc); if(pc>0){ if(pc>tvb_length_remaining(tvb, po)){ - p_tvb = tvb_new_subset(tvb, po, tvb_length_remaining(tvb, po), pc); + p_tvb = tvb_new_subset(tvb, po, tvb_length_remaining(tvb, po), pc); } else { - p_tvb = tvb_new_subset(tvb, po, pc, pc); + p_tvb = tvb_new_subset(tvb, po, pc, pc); } } else { p_tvb = NULL; } if(dc>0){ if(dc>tvb_length_remaining(tvb, od)){ - d_tvb = tvb_new_subset(tvb, od, tvb_length_remaining(tvb, od), dc); + d_tvb = tvb_new_subset(tvb, od, tvb_length_remaining(tvb, od), dc); } else { - d_tvb = tvb_new_subset(tvb, od, dc, dc); + d_tvb = tvb_new_subset(tvb, od, dc, dc); } } else { d_tvb = NULL; } - if(sc){ - s_tvb = tvb_new_subset(tvb, so, tvb_length_remaining(tvb, so), tvb_length_remaining(tvb, so)); + /* Convert setup count from words to bytes. */ + if(sl){ + if(sl>tvb_length_remaining(tvb, so)){ + s_tvb = tvb_new_subset(tvb, so, tvb_length_remaining(tvb, so), sl); + } else { + s_tvb = tvb_new_subset(tvb, so, sl, sl); + } } else { s_tvb = NULL; } @@ -10661,8 +10715,8 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree case TRANSACTION_PIPE: dissected_trans = dissect_pipe_smb( - t_tvb, p_tvb, d_tvb, NULL, pinfo, - top_tree); + t_tvb, s_tvb, p_tvb, d_tvb, NULL, + pinfo, top_tree); break; case TRANSACTION_MAILSLOT: @@ -10670,34 +10724,12 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree t_tvb, s_tvb, d_tvb, NULL, pinfo, top_tree); break; - - default: - /* - * We don't know that this is some - * protocol atop SMB Transactions, - * so just show it as data. - */ - proto_tree_add_text(tree, t_tvb, 0, - tvb_length(t_tvb), - "Data: %s", - tvb_bytes_to_str(t_tvb, 0, tvb_length(t_tvb))); - dissected_trans = TRUE; - break; } - } else { - /* - * We don't know that this is some protocol - * atop SMB Transactions, so just show it - * as data. - */ - proto_tree_add_text(tree, t_tvb, 0, - tvb_length(t_tvb), - "Data: %s", - tvb_bytes_to_str(t_tvb, 0, tvb_length(t_tvb))); - dissected_trans = TRUE; } - if (!dissected_trans) - dissect_data(t_tvb, 0, pinfo, top_tree); + if (!dissected_trans) { + dissect_trans_data(s_tvb, p_tvb, d_tvb, + pinfo, tree); + } } else { if(check_col(pinfo->fd, COL_INFO)){ col_append_str(pinfo->fd, COL_INFO, @@ -12755,7 +12787,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) * frame - if we know the frame number (i.e., it's not 0). */ if(si.request){ - if (sip->frame_res != 0) + if (si.cmd != 0xa4 && sip->frame_res != 0) proto_tree_add_uint(htree, hf_smb_response_in, tvb, 0, 0, sip->frame_res); } else { if (sip->frame_req != 0) @@ -12900,10 +12932,6 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) extern void register_proto_smb_browse( void); extern void register_proto_smb_logon( void); -extern void register_proto_smb_mailslot( void); -extern void register_proto_smb_pipe( void); -extern void register_proto_smb_mailslot( void); - void proto_register_smb(void) @@ -14595,16 +14623,6 @@ proto_register_smb(void) { &hf_smb_fs_attr_vic, { "Compressed", "smb.fs.attr.vic", FT_BOOLEAN, 32, TFS(&tfs_fs_attr_vic), 0x00008000, "Is this FS Compressed?", HFILL }}, - - { &hf_smb_setupword1, - { "Setup Word 1", "smb.transaction.setupword1", FT_UINT16, BASE_HEX, - NULL, 0, "First setup word in TRANSACTION command", HFILL }}, - - { &hf_smb_setupword2, - { "Setup Word 2", "smb.transaction.setupword2", FT_UINT16, BASE_HEX, - NULL, 0, "Second setup word in TRANSACTION command", HFILL }}, - - }; static gint *ett[] = { &ett_smb, @@ -2,7 +2,7 @@ * Defines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: smb.h,v 1.22 2001/11/18 22:44:08 guy Exp $ + * $Id: smb.h,v 1.23 2001/11/19 10:06:42 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -665,8 +665,13 @@ typedef struct smb_info { gboolean request; /* Is this a request? */ gboolean unidir; int info_count; - guint16 fid; smb_saved_info_t *sip; /* smb_saved_info_t, if any, for this */ } smb_info_t; +/* + * Add a FID to the protocol tree and the Info column. + */ +extern void add_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, + int offset, guint16 fid); + #endif |