Hi,
Attached patch fixes a small typo in packet-smb-pipe.c
(s_tvb where it should be sp_tvb)
The patch also adds reassembly of fragmented SMB Transaction and
Transaction2 responses.
I have tested it on a \PIPE\LANMAN command which response was fragmented
into multiple
SMB packets.
It does not add reassembly to SMB Transaction[2] requests since I have no
captures with
Transaction[2] Secondary SMB commands in it.
I could add the functionality to the requests as well but would prefer if
someone could test it.
It does not add reassembly to NT Transaction commands for the same reason.
It only reassembles the data field of a transaction SMB.
It only displays the reassembled data field for the Transaction command
holding the first fragment.
(since subdissectors also needs setup tvb and parameter tvb and these are
unknown in others than
the first packet. This could be added if requested)
The problem right now with the patch is that when we first see the packet
holding the first fragment, we do not
have a fully reassembled packet so we need to rescan the command list (by
applying an empty "" display filter)
before we see the proper COL_INFO stuff and before displayfilters works on
parts of the reassembled PDU not residing inside the
first fragment.
To use the feature one must enable it in preferences/smb
To use the feature one also need to enable TCP and NBSS reassembly.
This elevates the run time memory requirements of ethereal.
Attachment:
smb_patch.txt.gz
Description: GNU Zip compressed data
