Wireshark-dev: Re: [Wireshark-dev] A potential patch for epan/dissectors/packet-smb2.c
On Tue, Jun 26, 2012 at 6:07 AM, Alexis La Goutte
<alexis.lagoutte@xxxxxxxxx> wrote:
> Hi Richard,
>
> I also see this issue in Betty presentation.
> It is not better to use name of spec ? (without SMB2...)
> http://msdn.microsoft.com/en-us/library/cc246482%28v=prot.13%29.aspx (Page
> 29)
Unfortunately, we have a long standing tradition of not using exactly
what is in the spec. Perhaps I need to go through both of the
dissectors and harmonize the names with the specs.
However, what I would really like is to get hold of the captures she
used because I saw some other problems:
1. An unknown command. That is not good, and
2. An OID reported in the SPNEGO negTargInit etc rather than a name.
Can anyone point me at the location of the captures?
> Command (2 bytes): The command code of this packet. This field MUST contain
> one of the following valid commands:
> Name Value
> SMB2 NEGOTIATE 0x0000
> SMB2 SESSION_SETUP 0x0001
> SMB2 LOGOFF 0x0002
> SMB2 TREE_CONNECT 0x0003
> SMB2 TREE_DISCONNECT 0x0004
> SMB2 CREATE 0x0005
> SMB2 CLOSE 0x0006
> SMB2 FLUSH 0x0007
> SMB2 READ 0x0008
> SMB2 WRITE 0x0009
> SMB2 LOCK 0x000A
> SMB2 IOCTL 0x000B
> SMB2 CANCEL 0x000C
> SMB2 ECHO 0x000D
> SMB2 QUERY_DIRECTORY 0x000E
> SMB2 CHANGE_NOTIFY 0x000F
> SMB2 QUERY_INFO 0x0010
> SMB2 SET_INFO 0x0011
> SMB2 OPLOCK_BREAK 0x0012
>
> Regards,
>
>
> On Tue, Jun 26, 2012 at 6:56 AM, Richard Sharpe
> <realrichardsharpe@xxxxxxxxx> wrote:
>>
>> Hi folks,
>>
>> I noticed some inconsistencies in the command naming. The following
>> patch fixes those (so that they now match between SMB and SMB2):
>>
>> Index: epan/dissectors/packet-smb2.c
>> ===================================================================
>> --- epan/dissectors/packet-smb2.c (revision 43186)
>> +++ epan/dissectors/packet-smb2.c (working copy)
>> @@ -5531,11 +5531,11 @@
>>
>> /* names here are just until we find better names for these functions */
>> static const value_string smb2_cmd_vals[] = {
>> - { 0x00, "NegotiateProtocol" },
>> - { 0x01, "SessionSetup" },
>> - { 0x02, "SessionLogoff" },
>> - { 0x03, "TreeConnect" },
>> - { 0x04, "TreeDisconnect" },
>> + { 0x00, "Negotiate Protocol" },
>> + { 0x01, "Session Setup" },
>> + { 0x02, "Session Logoff" },
>> + { 0x03, "Tree Connect" },
>> + { 0x04, "Tree Disconnect" },
>> { 0x05, "Create" },
>> { 0x06, "Close" },
>> { 0x07, "Flush" },
>>
>>
>> --
>> Regards,
>> Richard Sharpe
>> (何以解憂?唯有杜康。--曹操)
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)