Finally got back around to this:
Thanks,
Ian
Ian Schorr wrote:
Guy Harris wrote:
On Jan 19, 2004, at 5:48 PM, Ian Schorr wrote:
Attached is a diff against latest CVS packet-smb.c, adding a new
infolevel for Query_Path_Info & Query_File_Info.
What generates requests for that infolevel?
I noticed it just after a WinXP SP1 client mapped the home directory
specified in his profile, though I'm not sure if it was part of the
mapping process (the user's home directory is in a subfolder of a
share instead of the root, and it was that directory that was being
probed) or some later mechanism during user logon. Samba handles this
infolevel, as well.
+ /* file size */
+ CHECK_BYTE_COUNT_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_file_size64, tvb, offset, 8,
TRUE);
+ offset += 8;
+ *bcp -= 8;
Should that just use hf_smb_end_of_file? (Or, alternatively, should
hf_smb_end_of_file be replaced by hf_smb_file_size64?)
Probably should use hf_smb_end_of_file, though the filter description
should really be changed from "Offset to the first free byte in the
file" to "Offset to end of file" or "Length of file"
Ian
--- packet-smb.c.bak 2004-01-22 21:44:42.000000000 -0500
+++ packet-smb.c 2004-01-22 21:49:44.000000000 -0500
@@ -11416,6 +11416,59 @@
return offset;
}
+static int
+dissect_network_open_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree,
+ int offset, guint16 *bcp, gboolean *trunc)
+{
+ /* create time */
+ CHECK_BYTE_COUNT_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time);
+ *bcp -= 8;
+
+ /* access time */
+ CHECK_BYTE_COUNT_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time);
+ *bcp -= 8;
+
+ /* last write time */
+ CHECK_BYTE_COUNT_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
+ hf_smb_last_write_time);
+ *bcp -= 8;
+
+ /* last change time */
+ CHECK_BYTE_COUNT_SUBR(8);
+ offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time);
+ *bcp -= 8;
+
+ /* allocation size */
+ CHECK_BYTE_COUNT_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_alloc_size64, tvb, offset, 8, TRUE);
+ offset += 8;
+ *bcp -= 8;
+
+ /* file size */
+ CHECK_BYTE_COUNT_SUBR(8);
+ proto_tree_add_item(tree, hf_smb_end_of_file, tvb, offset, 8, TRUE);
+ offset += 8;
+ *bcp -= 8;
+
+ /* File Attributes */
+ CHECK_BYTE_COUNT_SUBR(4);
+ offset = dissect_file_attributes(tvb, tree, offset, 4);
+ *bcp -= 4;
+
+ /* unknown 4 bytes */
+ CHECK_BYTE_COUNT_SUBR(4);
+ proto_tree_add_item(tree, hf_smb_unknown, tvb,
+ offset, 4, TRUE);
+ offset += 4;
+ *bcp -= 4;
+
+ *trunc = FALSE;
+ return offset;
+}
+
/*dissect the data block for TRANS2_QUERY_PATH_INFORMATION and
TRANS2_QUERY_FILE_INFORMATION*/
static int
@@ -11498,6 +11551,10 @@
case 0x0202: /* Query File Unix HardLink*/
/* XXX add this from the SNIA doc */
break;
+ case 1034: /* SMB_FILE_NETWORK_OPEN_INFORMATION */
+ offset = dissect_network_open_info(tvb, pinfo, tree, offset, bcp,
+ &trunc);
+ break;
}
return offset;
@@ -11574,6 +11631,10 @@
case 1040:
/* XXX: TODO, extra levels discovered by tridge */
break;
+ case 1034: /* SMB_FILE_NETWORK_OPEN_INFORMATION */
+ offset = dissect_network_open_info(tvb, pinfo, tree, offset, bcp,
+ &trunc);
+ break;
}
return offset;
@@ -18280,7 +18341,7 @@
{ &hf_smb_end_of_file,
{ "End Of File", "smb.end_of_file", FT_UINT64, BASE_DEC,
- NULL, 0, "Offset to the first free byte in the file", HFILL }},
+ NULL, 0, "File Length", HFILL }},
{ &hf_smb_device_type,
{ "Device Type", "smb.device.type", FT_UINT32, BASE_HEX,
