Smb2-protocol: Re: [Smb2-protocol] Re: Two more smb2 header flags

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Stefan (metze) Metzmacher" <metze@xxxxxxxxx>
Date: Tue, 07 Feb 2006 11:48:43 +0100
Stefan (metze) Metzmacher schrieb:
> Hi Ronnie,
> 
> can you apply this patch?

better use this one...

=== epan/dissectors/packet-smb2.c
==================================================================
--- epan/dissectors/packet-smb2.c	(revision 1496)
+++ epan/dissectors/packet-smb2.c	(local)
@@ -63,6 +63,7 @@
 static int hf_smb2_tid = -1;
 static int hf_smb2_uid = -1;
 static int hf_smb2_flags_response = -1;
+static int hf_smb2_flags_valid_pid = -1;
 static int hf_smb2_response_buffer_offset = -1;
 static int hf_smb2_security_blob_offset = -1;
 static int hf_smb2_security_blob_len = -1;
@@ -188,6 +189,7 @@
 static gint ett_smb2_ea = -1;
 static gint ett_smb2_header = -1;
 static gint ett_smb2_command = -1;
+static gint ett_smb2_flags = -1;
 static gint ett_smb2_secblob = -1;
 static gint ett_smb2_file_basic_info = -1;
 static gint ett_smb2_file_standard_info = -1;
@@ -654,13 +656,16 @@
        int (*response)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si);
 } smb2_function;
 
-#define SMB2_FLAGS_RESPONSE	0x01
-
 static const true_false_string tfs_flags_response = {
 	"This is a RESPONSE",
 	"This is a REQUEST"
 };
 
+static const true_false_string tfs_flags_valid_pid = {
+	"PID field is invalid",
+	"PID field is valid",
+};
+
 static const value_string compression_format_vals[] = {
   { 0, "COMPRESSION_FORMAT_NONE" },
   { 1, "COMPRESSION_FORMAT_DEFAULT" },
@@ -2133,7 +2138,7 @@
 	};
 	value_string *vs;
 
-	if(si->response){
+	if(si->flags & SMB2_FLAGS_RESPONSE){
 		if(!si->saved){
 			return offset;
 		}
@@ -2170,17 +2175,17 @@
 
 	/* class */
 	item=proto_tree_add_uint(tree, hf_smb2_class, tvb, offset, 1, cl);
-	if(si->response){
+	if(si->flags & SMB2_FLAGS_RESPONSE){
 		PROTO_ITEM_SET_GENERATED(item);
 	}
 	/* infolevel */
 	item=proto_tree_add_uint(tree, hfindex, tvb, offset+1, 1, il);
-	if(si->response){
+	if(si->flags & SMB2_FLAGS_RESPONSE){
 		PROTO_ITEM_SET_GENERATED(item);
 	}
 	offset += 2;
 
-	if(!si->response){
+	if(!si->flags & SMB2_FLAGS_RESPONSE){
 		/* Only update COL_INFO for requests. It clutters the
 		 * display ab bit too much if we do it for replies
 		 * as well.
@@ -3608,9 +3613,10 @@
   { 0xFF, "unknown-0xFF" },
   { 0x00, NULL },
 };
-static const char *decode_smb2_name(guint8 cmd)
+static const char *decode_smb2_name(guint16 cmd)
 {
-  return(smb2_cmd_vals[cmd].strptr);
+  if (cmd > 0xFF) return "unknown";
+  return(smb2_cmd_vals[cmd & 0xFF].strptr);
 }
 
 static smb2_function smb2_dissector[256] = {
@@ -3919,12 +3925,12 @@
 	cmd_item = proto_tree_add_text(tree, tvb, offset, -1,
 			"%s %s (0x%02x)",
 			decode_smb2_name(si->opcode),
-			si->response?"Response":"Request",
+			(si->flags & SMB2_FLAGS_RESPONSE)?"Response":"Request",
 			si->opcode);
 	cmd_tree = proto_item_add_subtree(cmd_item, ett_smb2_command);
 
 
-	cmd_dissector=si->response?
+	cmd_dissector=(si->flags & SMB2_FLAGS_RESPONSE)?
 		smb2_dissector[si->opcode&0xff].response:
 		smb2_dissector[si->opcode&0xff].request;
 	if(cmd_dissector){
@@ -4032,6 +4038,8 @@
 	proto_tree *tree=NULL;
 	proto_item *header_item=NULL;
 	proto_tree *header_tree=NULL;
+	proto_item *flags_item=NULL;
+	proto_tree *flags_tree=NULL;
 	int offset=0;
 	int old_offset;
 	guint16 header_len;
@@ -4113,7 +4121,7 @@
 
 
 	/* opcode */
-	si->opcode=tvb_get_guint8(tvb, offset);
+	si->opcode=tvb_get_letohs(tvb, offset);
 	proto_tree_add_item(header_tree, hf_smb2_cmd, tvb, offset, 2, TRUE);
 	offset += 2;
 
@@ -4122,13 +4130,20 @@
 	offset += 2;
 
 	/* flags */
-	si->response=tvb_get_guint8(tvb, offset)&SMB2_FLAGS_RESPONSE;
-	proto_tree_add_item(header_tree, hf_smb2_flags_response, tvb, offset, 1, FALSE);
-	offset += 1;
+	si->flags=tvb_get_letohl(tvb, offset);
+	if(header_tree){
+		flags_item = proto_tree_add_text(header_tree, tvb, offset, 4,
+			"Flags: 0x%08x", si->flags);
+		flags_tree = proto_item_add_subtree(flags_item, ett_smb2_flags);
+	}
+	proto_tree_add_boolean(flags_tree, hf_smb2_flags_valid_pid, tvb, offset, 4, si->flags);
+	proto_tree_add_boolean(flags_tree, hf_smb2_flags_response, tvb, offset, 4, si->flags);
 
+	offset += 4;
+
 	/* some unknown bytes */
-	proto_tree_add_item(header_tree, hf_smb2_unknown, tvb, offset, 7, FALSE);
-	offset += 7;
+	proto_tree_add_item(header_tree, hf_smb2_unknown, tvb, offset, 4, FALSE);
+	offset += 4;
 
 	/* command sequence number*/
 	si->seqnum=tvb_get_letoh64(tvb, offset);
@@ -4158,7 +4173,7 @@
 	if (check_col(pinfo->cinfo, COL_INFO)){
 		col_append_fstr(pinfo->cinfo, COL_INFO, "%s %s",
 			decode_smb2_name(si->opcode),
-			si->response?"Response":"Request");
+			(si->flags & SMB2_FLAGS_RESPONSE)?"Response":"Request");
 		if(si->status){
 			col_append_fstr(
 				pinfo->cinfo, COL_INFO, ", Error: %s",
@@ -4172,7 +4187,7 @@
 		/* see if we can find this seqnum in the unmatched table */
 		ssi=g_hash_table_lookup(si->conv->unmatched, &ssi_key);
 
-		if(!si->response){
+		if(!(si->flags & SMB2_FLAGS_RESPONSE)){
 			/* This is a request */
 			if(ssi){
 				/* this is a request and we already found 
@@ -4218,7 +4233,7 @@
 	}
 
 	if(ssi){
-		if(!si->response){
+		if(!(si->flags & SMB2_FLAGS_RESPONSE)){
 			if(ssi->frame_res){
 				proto_item *tmp_item;
 				tmp_item=proto_tree_add_uint(header_tree, hf_smb2_response_in, tvb, 0, 0, ssi->frame_res);
@@ -4332,8 +4347,11 @@
 		{ "Process Id", "smb2.pid", FT_UINT32, BASE_HEX,
 		NULL, 0, "SMB2 Process Id", HFILL }},
 	{ &hf_smb2_flags_response,
-		{ "Response", "smb2.flags.response", FT_BOOLEAN, 8,
+		{ "Response", "smb2.flags.response", FT_BOOLEAN, 32,
 		TFS(&tfs_flags_response), SMB2_FLAGS_RESPONSE, "Whether this is an SMB2 Request or Response", HFILL }},
+	{ &hf_smb2_flags_valid_pid,
+		{ "Response", "smb2.flags.valid_pid", FT_BOOLEAN, 32,
+		TFS(&tfs_flags_valid_pid), SMB2_FLAGS_VALID_PID, "Whether the PID field of the SMB2 Header is valid", HFILL }},
 	{ &hf_smb2_tree,
 		{ "Tree", "smb2.tree", FT_STRING, BASE_NONE,
 		NULL, 0, "Name of the Tree/Share", HFILL }},
@@ -4776,6 +4794,7 @@
 		&ett_smb2_olb,
 		&ett_smb2_header,
 		&ett_smb2_command,
+		&ett_smb2_flags,
 		&ett_smb2_secblob,
 		&ett_smb2_file_basic_info,
 		&ett_smb2_file_standard_info,
=== epan/dissectors/packet-smb2.h
==================================================================
--- epan/dissectors/packet-smb2.h	(revision 1496)
+++ epan/dissectors/packet-smb2.h	(local)
@@ -87,7 +87,7 @@
 	guint32 tid;
 	guint64 uid;
 	guint64 seqnum;
-	gboolean response; /* is this a response ? */
+	guint32 flags;
 	smb2_conv_info_t	*conv;
 	smb2_saved_info_t	*saved;
 	smb2_tid_info_t		*tree;
@@ -95,6 +95,8 @@
 	proto_tree *top_tree;	
 } smb2_info_t;
 
+#define SMB2_FLAGS_RESPONSE	0x00000001
+#define SMB2_FLAGS_VALID_PID	0x00000002
 
 int dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset);
 
=== gtk/smb2_stat.c
==================================================================
--- gtk/smb2_stat.c	(revision 1496)
+++ gtk/smb2_stat.c	(local)
@@ -88,7 +88,7 @@
 	const smb2_info_t *si=psi;
 
 	/* we are only interested in reply packets */
-	if(!si->response){
+	if(!(si->flags & SMB2_FLAGS_RESPONSE)){
 		return 0;
 	}
 	/* if we havnt seen the request, just ignore it */

Attachment: signature.asc
Description: OpenPGP digital signature