Ethereal-dev: [Ethereal-dev] Misc packet-smb.c patches
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Tim Potter <tpot@xxxxxxxxx>
Date: Thu, 14 Feb 2002 03:05:02 +1100
Hi everyone. Here's a bunch of small updates for the smb dissector.
- For selected read and write SMBs, display the byte count and offset
in the info column. This makes browsing file read/writes easier to
understand.
- In dissect_nt_sids() sometimes the version number is 3 but the rest
of the sid format remains the same. This is purely by observation -
I have no documentation to confirm this.
- Display the fid number in the info column for trans2_find_first2 and
trans2_open2.
- Use a GString instead of a fixed buffer in dissect_nt_sids().
Tim.
--- ethereal-cvs/packet-smb.c Fri Feb 1 18:22:51 2002
+++ ethereal/packet-smb.c Thu Feb 14 02:50:07 2002
@@ -3097,6 +3097,7 @@
static int
dissect_write_file_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
{
+ guint32 ofs=0;
guint16 cnt=0, bc, fid;
guint8 wc;
@@ -3113,9 +3114,15 @@
offset += 2;
/* offset */
+ ofs = tvb_get_letohl(tvb, offset);
proto_tree_add_item(tree, hf_smb_offset, tvb, offset, 4, TRUE);
offset += 4;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %d byte%s at offset %d", cnt,
+ (cnt == 1) ? "" : "s", ofs);
+
/* remaining */
proto_tree_add_item(tree, hf_smb_remaining, tvb, offset, 2, TRUE);
offset += 2;
@@ -3132,6 +3139,11 @@
proto_tree_add_item(tree, hf_smb_data_len, tvb, offset, 2, TRUE);
COUNT_BYTES(2);
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %d byte%s at offset %d", cnt,
+ (cnt == 1) ? "" : "s", ofs);
+
if (bc != 0) {
/* file data */
offset = dissect_file_data(tvb, pinfo, tree, offset, bc, bc);
@@ -3147,14 +3159,19 @@
dissect_write_file_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
{
guint8 wc;
- guint16 bc;
+ guint16 bc, cnt;
WORD_COUNT;
/* write count */
+ cnt = tvb_get_letohs(tvb, offset);
proto_tree_add_item(tree, hf_smb_count, tvb, offset, 2, TRUE);
offset += 2;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %d byte%s", cnt, (cnt == 1) ? "" : "s");
+
BYTE_COUNT;
END_OF_SMB
@@ -4663,7 +4680,8 @@
dissect_read_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *smb_tree)
{
guint8 wc, cmd=0xff;
- guint16 andxoffset=0, bc;
+ guint16 andxoffset=0, bc, maxcnt = 0;
+ guint32 ofs = 0;
smb_info_t *si;
unsigned int fid;
@@ -4698,13 +4716,20 @@
}
/* offset */
+ ofs = tvb_get_letohl(tvb, offset);
proto_tree_add_item(tree, hf_smb_offset, tvb, offset, 4, TRUE);
offset += 4;
/* max count */
+ maxcnt = tvb_get_letohs(tvb, offset);
proto_tree_add_item(tree, hf_smb_max_count, tvb, offset, 2, TRUE);
offset += 2;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %d byte%s at offset %d", maxcnt,
+ (maxcnt == 1) ? "" : "s", ofs);
+
/* min count */
proto_tree_add_item(tree, hf_smb_min_count, tvb, offset, 2, TRUE);
offset += 2;
@@ -4783,6 +4808,11 @@
proto_tree_add_uint(tree, hf_smb_data_len, tvb, offset, 2, datalen);
offset += 2;
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_append_fstr(pinfo->cinfo, COL_INFO,
+ ", %d byte%s", datalen,
+ (datalen == 1) ? "" : "s");
+
/* data offset */
dataoffset=tvb_get_letohs(tvb, offset);
proto_tree_add_uint(tree, hf_smb_data_offset, tvb, offset, 2, dataoffset);
@@ -4913,6 +4943,8 @@
proto_tree_add_uint(tree, hf_smb_data_offset, tvb, offset, 2, dataoffset);
offset += 2;
+ /* FIXME: add byte/offset to COL_INFO */
+
if(wc==14){
/* high offset */
proto_tree_add_item(tree, hf_smb_high_offset, tvb, offset, 4, TRUE);
@@ -6404,7 +6436,7 @@
guint8 revision;
guint8 num_auth;
int i;
- char str[256], *strp;
+ GString *gstr;
if(parent_tree){
item = proto_tree_add_text(parent_tree, tvb, offset, -1,
@@ -6427,8 +6459,11 @@
/* XXX perhaps we should have these thing searchable?
a new FT_xxx thingie? SMB is quite common!*/
/* identifier authorities */
- strp=str;
- strcpy(strp, "S-1-");
+ gstr = g_string_new(NULL);
+
+ CLEANUP_PUSH(g_string_free, gstr);
+
+ g_string_sprintf(gstr, "S-1");
proto_tree_add_text(tree, tvb, offset, 6, "Authorities");
@@ -6436,7 +6471,7 @@
guint8 auth = tvb_get_guint8(tvb, offset);
if (auth > 0)
- sprintf(strp,"%s%d-",strp, auth);
+ g_string_sprintfa(gstr,"-%u", auth);
offset++;
}
@@ -6448,13 +6483,13 @@
samba header files. considering that all non-x86 NT ports
are dead we can (?) assume that non le byte encodings
will be "uncommon"?*/
- sprintf(strp,"%s%d-",strp,tvb_get_letohl(tvb, offset));
+ g_string_sprintfa(gstr, "-%u",tvb_get_letohl(tvb, offset));
offset+=4;
}
- /* strip trailing '-'*/
- str[strlen(str)-1]=0;
- proto_item_append_text(item, ": %s", str);
+ proto_item_append_text(item, ": %s", gstr->str);
+
+ CLEANUP_CALL_AND_POP;
}
proto_item_set_len(item, offset-old_offset);
@@ -6610,6 +6645,7 @@
switch(revision){
case 2: /* only version we will ever see of this structure?*/
+ case 3:
/* size */
proto_tree_add_item(tree, hf_smb_acl_size, tvb, offset, 2, TRUE);
offset += 2;
@@ -11138,7 +11174,9 @@
return;
}
switch(t2i->subcmd){
- case 0x00: /*TRANS2_OPEN2*/
+ case 0x00: { /*TRANS2_OPEN2*/
+ guint16 fid;
+
/* fid */
fid = tvb_get_letohs(tvb, offset);
add_fid(tvb, pinfo, tree, offset, 2, fid);
@@ -11182,6 +11220,7 @@
offset += 4;
break;
+ }
case 0x01: /*TRANS2_FIND_FIRST2*/
/* Find First2 information level */
proto_tree_add_uint(tree, hf_smb_ff2_information_level, tvb, 0, 0, si->info_level);
- Follow-Ups:
- Re: [Ethereal-dev] Misc packet-smb.c patches
- From: Guy Harris
- Re: [Ethereal-dev] Misc packet-smb.c patches
- Prev by Date: [Ethereal-dev] BGP fix
- Next by Date: [Ethereal-dev] TR : BGP fix
- Previous by thread: Re: [Ethereal-dev] BGP fix
- Next by thread: Re: [Ethereal-dev] Misc packet-smb.c patches
- Index(es):
