Ethereal-dev: Re: [ethereal-dev] SMB Netlogin, etc

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Sun, 13 Feb 2000 02:10:13 +1000
I won't be able to look at this for a while, but I think it sounds great
that the SMB decode has been broken into multiple files ... I have been
wanting to do that for a while.

I would be happy to have these changes added to CVS and then will look at
the changes in a couple of weeks ...

At 09:15 AM 2/11/00 -0600, you wrote:
>
>Attached is a gzipped tar-ball of the packet-smb* files that
>I have modified to add the SMB Mailslot protocol and the 
>SMB Netlogin protocol.  I would check these into the CVS 
>system but I have changed so much and Richard has been
>the primary developer for the SMB stuff, that I don't feel
>comfortable doing that.  
>
>I broke the smb.c file into multiple files because I felt it
>was growing too large and Rickard had comments to that effect.
>I think the SMB decode has grown big enough to require it's
>own sub-directory.  Comments ?
>
>Guy/Richard,  please review the code and do what you have to do.
>
>I have decided to call the registration routines from the
>proto_register_smb routine.  I don't know if this is the best
>method.  I just decided to do it because it was easy and I didn't
>have to change register.c.  You can move them to register.c if
>you think that is best.
>
>I have made some assumptions about the mailslot names in the 
>routine dissect_mailslot_smb.  I assume that any mailslot that
>begins with NET and that the two names MSSP and TEMP\\NETLOGON
>are logon actions.  This seems to work for the traffic on our 
>network.  If this assumption falls apart the dissect_smb_logon_request
>routine needs to save the names of the response pipes and the 
>dissect_mailslot_smb routines needs to check for these.  I don't
>have all the details worked out but it should be to hard to do.
>
>Please review the routine display_flags in packet-smb-common.c,
>It is designed to help decoding a flags field.  I think this is
>something that all of the dissectors could use.  Currently it is
>designed to handle flag fields that are 1, 2, or 4 bytes wide, but it
>could be expanded to handle fields of any bit width.
>
>Jeff Foster
>jfoste@xxxxxxxxxxxx
>
>
>
>Attachment Converted: "c:\eudora\attach\new-smb.tar.gz"
>

Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course