Age | Commit message (Collapse) | Author | Files | Lines |
|
sure we're not referencing a fid when we think we're referencing an
smb_nt_transact_info_t pointer. (A fuzzed capture I have triggers
this behavior).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@14107 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
up with the original request, without matching unrelated replies with
that request.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@12145 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"packet-windows-common.[ch]".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11592 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11400 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10834 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
always contain an SMB command code (SMB requests and responses both have
command codes, so there's no "unknown" out-of-band value); make it a
"guint8".
Make the argument to "decode_smb_name()" a "guint8" as an SMB command
code is passed to it ("guint8" and "unsigned char" are the same types on
all platforms we're likely to deal with, so it's a cosmetic change, not
a semantic one).
Put in an extra "GPOINTER_TO_UINT()" call before casting
"si->sip->extra_info" to "guint16", to squelch compiler warnings.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9335 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
multiple NetBIOS-over-TCP session service messages in a TCP segment, and
they can contain the final portions of different DCERPC calls. Don't
assume a frame number is sufficient to identify DCE RPC calls.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7777 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the call to initialize it; move the call to initialize it to the
registration routine for the dissector that uses it, move the definition
of ""dcerpc_fragment_table" to packet-smb-pipe.c, make it static, and
remove the declaration of it from smb.h.
Add some casts to squelch compiler complaints.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7449 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Move the actual reassembly to packet-smb-pipe.c instead of having it inside
the packet-smb.b/Write_andX and ReadAndX dissectors.
Change the dissector to only call dcerpc dissector from the packet where
reassembly was completed instead of always from the first fragment.
Add display fiulter field for the other fragments that display which frame the dcerpc pdu was reassembled in.
This is needed in order to be able to reassemble the type of dcerpc fragments
that are sent between nt4 dc's.
The DCERPC fragment reassembly in the dcerpc layer is still broken though, and
i think it has been broken for quite some time. That will be addressed shortly.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7445 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.
For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().
Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7362 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7192 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6966 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6151 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
being used properly.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6149 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
More to do yet though ...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6148 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6055 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5962 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
request and response.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5895 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Microsoft Networks SMB File Sharing Protocol Extensions Version
2.0, Document Version 3.3, November 7, 1988;
Microsoft Networks SMB File Sharing Protocol Extensions Version
3.0, Document Version 1.11, July 19, 1990.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5566 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
error.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5415 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5313 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5234 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
I have captures with w2k speaking DCERPC without using the normal
Transaction named pipes SMBs.
Instead DCERPC is just implemented ontop of ordinary read/write calls.
The smb dissector now examines TreeConnectAndX and stores the conversation/tid/type-of-share in a table for later access.
All SMB requests examine that hash table to find out if TID in the header refers
to a normal share or an IPC$ share.
Initial support in read/write SMB calls to detect if the operations are for an
IPC share and thus it assumes it must be DCERPC commands in the payload.
Desegmentation/Reassembly of these types of calls are not implemented yet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4952 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
packet-smb.c so that packet-smb-pipe.c can reference this struct as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4947 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4946 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
remembers SMBs for request/response matching, and make sure the request
and the response have the same type (or that the response has a
different type but is a valid response to the request).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4763 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
CIFS draft spec speaks of both being used:
The multiplex ID (Mid) is used along with the Pid to allow
multiplexing the single client and server connection among the
client's multiple processes, threads, and requests per thread.
Clients may have many outstanding requests (up to the negotiated
number, MaxMpxCount) at one time. Servers MAY respond to
requests in any order, but a response message MUST always
contain the same Mid and Pid values as the corresponding request
message. The client MUST NOT have multiple outstanding requests
to a server with the same Mid and Pid.
and I have seen a capture where more than one PID is used on a given
connection and where the same MID is used with two different PIDs.
Get rid of the "mid" field in the "smb_info_t" structure - the MID is
not used outside "dissect_smb()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4495 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
DOS error codes to the table of them, and exporting that table to other
dissectors for protocols using DOS error codes.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4470 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
add "dissect_ndr_ctx_hnd()" for dissecting context handles, and
use it in various DCERPC dissectors;
beef up the MS Security Account Manager dissector.
Also, export "NT_errors[]" for use by that dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4350 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4335 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
rename.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4333 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"smb_saved_info_t" in the table of requests whose replies have been
found, don't look it up in the table of requests whose replies have not
been found - if the request in question has no reply in the capture,
that may find some later frame in the same conversation with the same
MID, and we don't need that information anyway - the only reason we
*need* that structure is to save information in it for use when
processing its reply, and we already did that the first time we
processed the request. (The information for the later frame may be bad,
e.g. having a null "extra_info" pointer, or having one that points to
information for another request.)
Arrange that we don't use the pointer to the "smb_saved_info_t" when
processing a request except to save information if the request hasn't
already been processed, as that pointer may not be valid if the request
has already been processed, as per the above.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4292 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
#defines for SMB commands with ones that use the names from the SNIA
CIFS spec.
Use those #define values rather than hardcoded values in various places
that check for specific commands.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4244 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
routines used for that.
Rename some named pipe functions as per the SNIA CIFS spec.
Label the "number of files moved" field of the reply to a Move SMB as
such, rather than as an unspecified "Count".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4229 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
matching responses.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4228 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissect_pipe_smb()", a tvbuff containing the setup words and the
pipe/mailslot pathname, as those are arguably the part of the packet
that contains the "mailslot protocol" and the "pipe protocol", as
opposed to the protocol running atop mailslots or pipes.
Pass a setup tvbuff to "dissect_pipe_smb()" for it to pass on to the
MSRPC-over-named-pipe dissector, and have the setup tvbuff passed to it
and "dissect_mailslot_smb()" contain *only* the setup words; don't
extract anything other than the setup words from it.
Declare "register_proto_smb_mailslot()" in "packet-smb-mailslot.h"
rather than "packet-smb.c", and declare "register_proto_smb_pipe()" in
"packet-smb-pipe.h" rather than "packet-smb.c".
Add a protocol for MSRPC-over-named-pipes.
Move the stuff to handle the FID in the setup words of
MSRPC-over-named-pipe transactions out of the SMB Transaction dissector
into the MSRPC dissector. Add a routine to "packet-smb.c", callable
from outside "packet-smb.c", to put an "smb.fid" field into the protocol
tree, and to add ", FID: XXXX" to the Info column, for use by the
MSRPC-over-named-pipe dissector; use it in the SMB dissector as well, in
all the places where we put a FID into the protocol tree.
Move the stuff to check whether the LANMAN protocol is enabled, and to
set "pinfo->current_proto" to "LANMAN" if it is, into the LANMAN
API-over-named-pipe dissector out of the named pipe protocol dissector.
If we didn't dissect a Transaction request or reply as a named pipe or
mailslot message, put any setup words, parameters, and data it has into
the protocol tree as separate items.
Don't put a "Response in" item into the protocol tree for an NT Cancel
request, as there are no responses to NT Cancel requests.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4221 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
conversation matching.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4220 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
structure, so that it can be updated by subdissectors; this way the
updates affect the structure immediately, and don't get lost if the
subdissector later throws an exception.
Use "tvb_reported_length()" to check for an interim mailslot reply;
"tvb_length()" could give the wrong answer if a short snapshot length
was given in the capture.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4218 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"smb_saved_info_t". Put all the information needed to dissect NT
Transaction replies, Transaction2 replies, or Transaction replies into
separate data structures, allocated separately, and put a pointer to
that data structure in the "void *" in question.
Use the return value of "dissect_pipe_smb()" and
"dissect_mailslot_smb()" to control whether to display as data the stuff
those routines were asked to dissect.
If we've seen a request before, but its "smb_saved_info_t" isn't in the
"matched" hash table, look in the "unmatched" hash table - perhaps we
haven't seen the reply yet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4216 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Get rid of "Response to" stuff in the LANMAN dissector, as that's now
done in the SMB dissector.
Add a routine for dissecting unknown SMBs (gets the word and byte
counts, and just adds text entries for the word and byte parameters, if
any), and replace null pointers in the dissector table with pointers to
that routine. Get rid of the check for a null dissector pointer.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4212 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"Send buffer pointer" and "send buffer length" items appear not to be
sent over the wire.
Add support for Write And X.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4204 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
from Ronnie Sahlberg.
Various other bug fixes, cleanups, and other improvements.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4193 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4178 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
command names to match later SMB specs.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4138 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3874 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
handle null pointer entries, and lets us make the dissection of those
APIs more table-driven.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3873 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
continuations with the message to which they're a continuation.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3834 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3832 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
places) dissector tvbuffified, from Ronnie Sahlberg and me.
Additional "are we past the end of the buffer" checks added, so that we
don't hand random junk to the transaction and transact2 dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3824 f5534014-38df-0310-8fa8-9805f1628bb7
|