Wireshark-dev: Re: [Wireshark-dev] A potential patch for epan/dissectors/packet-smb2.c
From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Tue, 26 Jun 2012 06:41:45 -0700
On Tue, Jun 26, 2012 at 6:07 AM, Alexis La Goutte
<alexis.lagoutte@xxxxxxxxx> wrote:
> Hi Richard,
>
> I also see this issue in Betty presentation.
> It is not better to use name of spec ? (without SMB2...)
> http://msdn.microsoft.com/en-us/library/cc246482%28v=prot.13%29.aspx (Page
> 29)

Unfortunately, we have a long standing tradition of not using exactly
what is in the spec. Perhaps I need to go through both of the
dissectors and harmonize the names with the specs.

However, what I would really like is to get hold of the captures she
used because I saw some other problems:

1. An unknown command. That is not good, and

2. An OID reported in the SPNEGO negTargInit etc rather than a name.

Can anyone point me at the location of the captures?

> Command (2 bytes): The command code of this packet. This field MUST contain
> one of the following valid commands:
> Name Value
> SMB2 NEGOTIATE         0x0000
> SMB2 SESSION_SETUP     0x0001
> SMB2 LOGOFF        0x0002
> SMB2 TREE_CONNECT    0x0003
> SMB2 TREE_DISCONNECT    0x0004
> SMB2 CREATE        0x0005
> SMB2 CLOSE        0x0006
> SMB2 FLUSH        0x0007
> SMB2 READ        0x0008
> SMB2 WRITE        0x0009
> SMB2 LOCK        0x000A
> SMB2 IOCTL        0x000B
> SMB2 CANCEL        0x000C
> SMB2 ECHO        0x000D
> SMB2 QUERY_DIRECTORY    0x000E
> SMB2 CHANGE_NOTIFY    0x000F
> SMB2 QUERY_INFO        0x0010
> SMB2 SET_INFO        0x0011
> SMB2 OPLOCK_BREAK    0x0012
>
> Regards,
>
>
> On Tue, Jun 26, 2012 at 6:56 AM, Richard Sharpe
> <realrichardsharpe@xxxxxxxxx> wrote:
>>
>> Hi folks,
>>
>> I noticed some inconsistencies in the command naming. The following
>> patch fixes those (so that they now match between SMB and SMB2):
>>
>> Index: epan/dissectors/packet-smb2.c
>> ===================================================================
>> --- epan/dissectors/packet-smb2.c       (revision 43186)
>> +++ epan/dissectors/packet-smb2.c       (working copy)
>> @@ -5531,11 +5531,11 @@
>>
>>  /* names here are just until we find better names for these functions */
>>  static const value_string smb2_cmd_vals[] = {
>> -  { 0x00, "NegotiateProtocol" },
>> -  { 0x01, "SessionSetup" },
>> -  { 0x02, "SessionLogoff" },
>> -  { 0x03, "TreeConnect" },
>> -  { 0x04, "TreeDisconnect" },
>> +  { 0x00, "Negotiate Protocol" },
>> +  { 0x01, "Session Setup" },
>> +  { 0x02, "Session Logoff" },
>> +  { 0x03, "Tree Connect" },
>> +  { 0x04, "Tree Disconnect" },
>>   { 0x05, "Create" },
>>   { 0x06, "Close" },
>>   { 0x07, "Flush" },
>>
>>
>> --
>> Regards,
>> Richard Sharpe
>> (何以解憂?唯有杜康。--曹操)
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)