diff options
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-smb.c | 29 | ||||
-rw-r--r-- | epan/dissectors/packet-smb.h | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-smb2.c | 28 | ||||
-rw-r--r-- | epan/dissectors/packet-smb2.h | 1 |
4 files changed, 31 insertions, 28 deletions
diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index d3103e401d..a1ba7978e8 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -380,7 +380,6 @@ static int hf_smb_setup_count = -1; static int hf_smb_nt_trans_subcmd = -1; static int hf_smb_nt_ioctl_isfsctl = -1; static int hf_smb_nt_ioctl_flags_root_handle = -1; -static int hf_smb_nt_ioctl_data = -1; #ifdef SMB_UNUSED_HANDLES static int hf_smb_nt_security_information = -1; #endif @@ -7240,7 +7239,6 @@ typedef struct _nt_trans_data { int subcmd; guint32 sd_len; guint32 ea_len; - guint32 ioctl_function; } nt_trans_data; @@ -7776,6 +7774,7 @@ dissect_nt_trans_data_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pro int old_offset = offset; guint16 bcp=bc; /* XXX fixme */ struct access_mask_info *ami=NULL; + tvbuff_t *ioctl_tvb; si = (smb_info_t *)pinfo->private_data; @@ -7807,7 +7806,10 @@ dissect_nt_trans_data_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pro break; case NT_TRANS_IOCTL: /* ioctl data */ - proto_tree_add_item(tree, hf_smb_nt_ioctl_data, tvb, offset, bc, TRUE); + ioctl_tvb=tvb_new_subset(tvb, offset, MIN((int)bc, tvb_length_remaining(tvb, offset)), bc); + dissect_smb2_ioctl_data(ioctl_tvb, pinfo, tree, top_tree, nti->ioctl_function, TRUE); + + offset += bc; break; @@ -8017,12 +8019,18 @@ dissect_nt_trans_setup_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pr { proto_item *item = NULL; proto_tree *tree = NULL; - smb_info_t *si; int old_offset = offset; + smb_info_t *si; + smb_nt_transact_info_t *nti; + smb_saved_info_t *sip; - si = (smb_info_t *)pinfo->private_data; + si = (smb_info_t *)pinfo->private_data; DISSECTOR_ASSERT(si); + sip = si->sip; + DISSECTOR_ASSERT(sip); + nti=sip->extra_info; + if(parent_tree){ tvb_ensure_bytes_exist(tvb, offset, len); @@ -8039,7 +8047,7 @@ dissect_nt_trans_setup_request(tvbuff_t *tvb, packet_info *pinfo, int offset, pr guint16 fid; /* function code */ - offset = dissect_smb2_ioctl_function(tvb, pinfo, tree, offset, &ntd->ioctl_function); + offset = dissect_smb2_ioctl_function(tvb, pinfo, tree, offset, &nti->ioctl_function); /* fid */ fid = tvb_get_letohs(tvb, offset); @@ -8307,6 +8315,7 @@ dissect_nt_trans_data_response(tvbuff_t *tvb, packet_info *pinfo, smb_info_t *si; guint16 bcp; struct access_mask_info *ami=NULL; + tvbuff_t *ioctl_tvb; si = (smb_info_t *)pinfo->private_data; DISSECTOR_ASSERT(si); @@ -8337,7 +8346,9 @@ dissect_nt_trans_data_response(tvbuff_t *tvb, packet_info *pinfo, break; case NT_TRANS_IOCTL: /* ioctl data */ - proto_tree_add_item(tree, hf_smb_nt_ioctl_data, tvb, offset, len, TRUE); + ioctl_tvb=tvb_new_subset(tvb, offset, MIN((int)len, tvb_length_remaining(tvb, offset)), len); + dissect_smb2_ioctl_data(ioctl_tvb, pinfo, tree, top_tree, nti->ioctl_function, FALSE); + offset += len; break; @@ -17151,10 +17162,6 @@ proto_register_smb(void) { "Root Handle", "smb.nt.ioctl.flags.root_handle", FT_BOOLEAN, 8, TFS(&tfs_nt_ioctl_flags_root_handle), NT_IOCTL_FLAGS_ROOT_HANDLE, "Apply to this share or root Dfs share", HFILL }}, - { &hf_smb_nt_ioctl_data, - { "IOCTL Data", "smb.nt.ioctl.data", FT_BYTES, BASE_HEX, - NULL, 0, "Data for the IOCTL call", HFILL }}, - { &hf_smb_nt_notify_action, { "Action", "smb.nt.notify.action", FT_UINT32, BASE_DEC, VALS(nt_notify_action_vals), 0, "Which action caused this notify response", HFILL }}, diff --git a/epan/dissectors/packet-smb.h b/epan/dissectors/packet-smb.h index 56b24b1e82..4aaf92fad7 100644 --- a/epan/dissectors/packet-smb.h +++ b/epan/dissectors/packet-smb.h @@ -182,6 +182,7 @@ WS_VAR_IMPORT const value_string nt_cmd_vals[]; typedef struct { int subcmd; int fid_type; + guint32 ioctl_function; } smb_nt_transact_info_t; /* the information we need to keep around for transaction2 commands */ diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c index 2f766d1507..be07d7469c 100644 --- a/epan/dissectors/packet-smb2.c +++ b/epan/dissectors/packet-smb2.c @@ -2592,7 +2592,7 @@ dissect_smb2_cancel_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *t static int -dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, smb2_info_t *si) +dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, guint32 datalen, proto_tree *top_tree) { int tvblen; int result; @@ -2602,7 +2602,7 @@ dissect_file_data_dcerpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_ dcerpc_tvb = tvb_new_subset(tvb, offset, MIN((int)datalen, tvb_length_remaining(tvb, offset)), datalen); /* dissect the full PDU */ - result = dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, si->top_tree); + result = dissector_try_heuristic(smb2_heur_subdissector_list, dcerpc_tvb, pinfo, top_tree); offset += datalen; @@ -2648,7 +2648,7 @@ dissect_smb2_write_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* data or dcerpc ?*/ if(length && si->tree && si->tree->share_type == SMB2_SHARE_TYPE_IPC){ - offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si); + offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si->top_tree); return offset; } @@ -2681,9 +2681,9 @@ dissect_smb2_write_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *t } static void -dissect_smb2_IOCTL_DO_DCERPC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si, gboolean data_in _U_) +dissect_smb2_IOCTL_DO_DCERPC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *top_tree, gboolean data_in _U_) { - dissect_file_data_dcerpc(tvb, pinfo, tree, offset, tvb_length_remaining(tvb, offset), si); + dissect_file_data_dcerpc(tvb, pinfo, tree, offset, tvb_length_remaining(tvb, offset), top_tree); return; } @@ -2851,18 +2851,12 @@ dissect_smb2_FSCTL_SET_OBJECT_ID_EXTENDED(tvbuff_t *tvb, packet_info *pinfo _U_, return; } -static void -dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *s2i, gboolean data_in) +void +dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in) { - guint32 ioctl_function=0; - - if(s2i){ - ioctl_function=s2i->ioctl_function; - } - switch(ioctl_function){ case 0x0011c017: - dissect_smb2_IOCTL_DO_DCERPC(tvb, pinfo, tree, 0, s2i, data_in); + dissect_smb2_IOCTL_DO_DCERPC(tvb, pinfo, tree, 0, top_tree, data_in); break; case 0x00144064: /* FSCTL_GET_SHADOW_COPY_DATA */ dissect_smb2_FSCTL_GET_SHADOW_COPY_DATA(tvb, pinfo, tree, 0, data_in); @@ -2893,13 +2887,13 @@ dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb static void dissect_smb2_ioctl_data_in(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si) { - dissect_smb2_ioctl_data(tvb, pinfo, tree, si, TRUE); + dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, TRUE); } static void dissect_smb2_ioctl_data_out(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si) { - dissect_smb2_ioctl_data(tvb, pinfo, tree, si, FALSE); + dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, FALSE); } static int @@ -3087,7 +3081,7 @@ dissect_smb2_read_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, * STATUS_PENDING read and thus a named pipe (==dcerpc) */ if(length && ( (si->tree && si->tree->share_type == SMB2_SHARE_TYPE_IPC)||(si->flags & SMB2_FLAGS_PID_VALID))){ - offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si); + offset = dissect_file_data_dcerpc(tvb, pinfo, tree, offset, length, si->top_tree); return offset; } diff --git a/epan/dissectors/packet-smb2.h b/epan/dissectors/packet-smb2.h index 233a17db13..86398d0b80 100644 --- a/epan/dissectors/packet-smb2.h +++ b/epan/dissectors/packet-smb2.h @@ -101,5 +101,6 @@ typedef struct _smb2_info_t { int dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset); int dissect_smb2_ioctl_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint32 *ioctl_function); +void dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in); #endif |