Context Navigation

print-smb.c @ 9521c08

55-freebsd-126-freebsd-12

Last change on this file since 9521c08 was 1043048, checked in by Sebastian Huber <sebastian.huber@…>, on 10/10/17 at 10:55:06

tcpdump: Update to FreeBSD head 2017-04-04

Update tcpdump from Git mirror commit
99a648a912e81e29d9c4c159cbbe263462f2d719 to
642b174daddbd0efd9bb5f242c43f4ab4db6869f.

Property mode set to 100644

File size: 43.1 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2	#ifdef __rtems__
3	#include <machine/rtems-bsd-program.h>
4	#include "rtems-bsd-tcpdump-namespace.h"
5	#endif /* __rtems__ */
6	/*
7	* Copyright (C) Andrew Tridgell 1995-1999
8	*
9	* This software may be distributed either under the terms of the
10	* BSD-style license that accompanies tcpdump or the GNU GPL version 2
11	* or later
12	*/
13
14	/* \summary: SMB/CIFS printer */
15
16	#ifdef HAVE_CONFIG_H
17	#include "config.h"
18	#endif
19
20	#include <netdissect-stdinc.h>
21
22	#include <string.h>
23
24	#include "netdissect.h"
25	#include "extract.h"
26	#include "smb.h"
27
28	static const char tstr[] = "[\|SMB]";
29
30	static int request = 0;
31	static int unicodestr = 0;
32
33	const u_char *startbuf = NULL;
34
35	struct smbdescript {
36	const char *req_f1;
37	const char *req_f2;
38	const char *rep_f1;
39	const char *rep_f2;
40	void (fn)(netdissect_options , const u_char , const u_char , const u_char , const u_char );
41	};
42
43	struct smbdescriptint {
44	const char *req_f1;
45	const char *req_f2;
46	const char *rep_f1;
47	const char *rep_f2;
48	void (fn)(netdissect_options , const u_char , const u_char , int, int);
49	};
50
51	struct smbfns
52	{
53	int id;
54	const char *name;
55	int flags;
56	struct smbdescript descript;
57	};
58
59	struct smbfnsint
60	{
61	int id;
62	const char *name;
63	int flags;
64	struct smbdescriptint descript;
65	};
66
67	#define DEFDESCRIPT { NULL, NULL, NULL, NULL, NULL }
68
69	#define FLG_CHAIN (1 << 0)
70
71	static const struct smbfns *
72	smbfind(int id, const struct smbfns *list)
73	{
74	int sindex;
75
76	for (sindex = 0; list[sindex].name; sindex++)
77	if (list[sindex].id == id)
78	return(&list[sindex]);
79
80	return(&list[0]);
81	}
82
83	static const struct smbfnsint *
84	smbfindint(int id, const struct smbfnsint *list)
85	{
86	int sindex;
87
88	for (sindex = 0; list[sindex].name; sindex++)
89	if (list[sindex].id == id)
90	return(&list[sindex]);
91
92	return(&list[0]);
93	}
94
95	static void
96	trans2_findfirst(netdissect_options *ndo,
97	const u_char param, const u_char data, int pcnt, int dcnt)
98	{
99	const char *fmt;
100
101	if (request)
102	fmt = "Attribute=[A]\nSearchCount=[d]\nFlags=[w]\nLevel=[dP4]\nFile=[S]\n";
103	else
104	fmt = "Handle=[w]\nCount=[d]\nEOS=[w]\nEoffset=[d]\nLastNameOfs=[w]\n";
105
106	smb_fdata(ndo, param, fmt, param + pcnt, unicodestr);
107	if (dcnt) {
108	ND_PRINT((ndo, "data:\n"));
109	smb_print_data(ndo, data, dcnt);
110	}
111	}
112
113	static void
114	trans2_qfsinfo(netdissect_options *ndo,
115	const u_char param, const u_char data, int pcnt, int dcnt)
116	{
117	static int level = 0;
118	const char *fmt="";
119
120	if (request) {
121	ND_TCHECK2(*param, 2);
122	level = EXTRACT_LE_16BITS(param);
123	fmt = "InfoLevel=[d]\n";
124	smb_fdata(ndo, param, fmt, param + pcnt, unicodestr);
125	} else {
126	switch (level) {
127	case 1:
128	fmt = "idFileSystem=[W]\nSectorUnit=[D]\nUnit=[D]\nAvail=[D]\nSectorSize=[d]\n";
129	break;
130	case 2:
131	fmt = "CreationTime=[T2]VolNameLength=[lb]\nVolumeLabel=[c]\n";
132	break;
133	case 0x105:
134	fmt = "Capabilities=[W]\nMaxFileLen=[D]\nVolNameLen=[lD]\nVolume=[C]\n";
135	break;
136	default:
137	fmt = "UnknownLevel\n";
138	break;
139	}
140	smb_fdata(ndo, data, fmt, data + dcnt, unicodestr);
141	}
142	if (dcnt) {
143	ND_PRINT((ndo, "data:\n"));
144	smb_print_data(ndo, data, dcnt);
145	}
146	return;
147	trunc:
148	ND_PRINT((ndo, "%s", tstr));
149	}
150
151	static const struct smbfnsint trans2_fns[] = {
152	{ 0, "TRANSACT2_OPEN", 0,
153	{ "Flags2=[w]\nMode=[w]\nSearchAttrib=[A]\nAttrib=[A]\nTime=[T2]\nOFun=[w]\nSize=[D]\nRes=([w, w, w, w, w])\nPath=[S]",
154	NULL,
155	"Handle=[d]\nAttrib=[A]\nTime=[T2]\nSize=[D]\nAccess=[w]\nType=[w]\nState=[w]\nAction=[w]\nInode=[W]\nOffErr=[d]\n\|EALength=[d]\n",
156	NULL, NULL }},
157	{ 1, "TRANSACT2_FINDFIRST", 0,
158	{ NULL, NULL, NULL, NULL, trans2_findfirst }},
159	{ 2, "TRANSACT2_FINDNEXT", 0, DEFDESCRIPT },
160	{ 3, "TRANSACT2_QFSINFO", 0,
161	{ NULL, NULL, NULL, NULL, trans2_qfsinfo }},
162	{ 4, "TRANSACT2_SETFSINFO", 0, DEFDESCRIPT },
163	{ 5, "TRANSACT2_QPATHINFO", 0, DEFDESCRIPT },
164	{ 6, "TRANSACT2_SETPATHINFO", 0, DEFDESCRIPT },
165	{ 7, "TRANSACT2_QFILEINFO", 0, DEFDESCRIPT },
166	{ 8, "TRANSACT2_SETFILEINFO", 0, DEFDESCRIPT },
167	{ 9, "TRANSACT2_FSCTL", 0, DEFDESCRIPT },
168	{ 10, "TRANSACT2_IOCTL", 0, DEFDESCRIPT },
169	{ 11, "TRANSACT2_FINDNOTIFYFIRST", 0, DEFDESCRIPT },
170	{ 12, "TRANSACT2_FINDNOTIFYNEXT", 0, DEFDESCRIPT },
171	{ 13, "TRANSACT2_MKDIR", 0, DEFDESCRIPT },
172	{ -1, NULL, 0, DEFDESCRIPT }
173	};
174
175
176	static void
177	print_trans2(netdissect_options *ndo,
178	const u_char words, const u_char dat, const u_char buf, const u_char maxbuf)
179	{
180	u_int bcc;
181	static const struct smbfnsint *fn = &trans2_fns[0];
182	const u_char data, param;
183	const u_char *w = words + 1;
184	const char f1 = NULL, f2 = NULL;
185	int pcnt, dcnt;
186
187	ND_TCHECK(words[0]);
188	if (request) {
189	ND_TCHECK2(w[14 * 2], 2);
190	pcnt = EXTRACT_LE_16BITS(w + 9 * 2);
191	param = buf + EXTRACT_LE_16BITS(w + 10 * 2);
192	dcnt = EXTRACT_LE_16BITS(w + 11 * 2);
193	data = buf + EXTRACT_LE_16BITS(w + 12 * 2);
194	fn = smbfindint(EXTRACT_LE_16BITS(w + 14 * 2), trans2_fns);
195	} else {
196	if (words[0] == 0) {
197	ND_PRINT((ndo, "%s\n", fn->name));
198	ND_PRINT((ndo, "Trans2Interim\n"));
199	return;
200	}
201	ND_TCHECK2(w[7 * 2], 2);
202	pcnt = EXTRACT_LE_16BITS(w + 3 * 2);
203	param = buf + EXTRACT_LE_16BITS(w + 4 * 2);
204	dcnt = EXTRACT_LE_16BITS(w + 6 * 2);
205	data = buf + EXTRACT_LE_16BITS(w + 7 * 2);
206	}
207
208	ND_PRINT((ndo, "%s param_length=%d data_length=%d\n", fn->name, pcnt, dcnt));
209
210	if (request) {
211	if (words[0] == 8) {
212	smb_fdata(ndo, words + 1,
213	"Trans2Secondary\nTotParam=[d]\nTotData=[d]\nParamCnt=[d]\nParamOff=[d]\nParamDisp=[d]\nDataCnt=[d]\nDataOff=[d]\nDataDisp=[d]\nHandle=[d]\n",
214	maxbuf, unicodestr);
215	return;
216	} else {
217	smb_fdata(ndo, words + 1,
218	"TotParam=[d]\nTotData=[d]\nMaxParam=[d]\nMaxData=[d]\nMaxSetup=[b][P1]\nFlags=[w]\nTimeOut=[D]\nRes1=[w]\nParamCnt=[d]\nParamOff=[d]\nDataCnt=[d]\nDataOff=[d]\nSetupCnt=[b][P1]\n",
219	words + 1 + 14 * 2, unicodestr);
220	}
221	f1 = fn->descript.req_f1;
222	f2 = fn->descript.req_f2;
223	} else {
224	smb_fdata(ndo, words + 1,
225	"TotParam=[d]\nTotData=[d]\nRes1=[w]\nParamCnt=[d]\nParamOff=[d]\nParamDisp[d]\nDataCnt=[d]\nDataOff=[d]\nDataDisp=[d]\nSetupCnt=[b][P1]\n",
226	words + 1 + 10 * 2, unicodestr);
227	f1 = fn->descript.rep_f1;
228	f2 = fn->descript.rep_f2;
229	}
230
231	ND_TCHECK2(*dat, 2);
232	bcc = EXTRACT_LE_16BITS(dat);
233	ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
234	if (fn->descript.fn)
235	(*fn->descript.fn)(ndo, param, data, pcnt, dcnt);
236	else {
237	smb_fdata(ndo, param, f1 ? f1 : "Parameters=\n", param + pcnt, unicodestr);
238	smb_fdata(ndo, data, f2 ? f2 : "Data=\n", data + dcnt, unicodestr);
239	}
240	return;
241	trunc:
242	ND_PRINT((ndo, "%s", tstr));
243	}
244
245	static void
246	print_browse(netdissect_options *ndo,
247	const u_char param, int paramlen, const u_char data, int datalen)
248	{
249	const u_char *maxbuf = data + datalen;
250	int command;
251
252	ND_TCHECK(data[0]);
253	command = data[0];
254
255	smb_fdata(ndo, param, "BROWSE PACKET\n\|Param ", param+paramlen, unicodestr);
256
257	switch (command) {
258	case 0xF:
259	data = smb_fdata(ndo, data,
260	"BROWSE PACKET:\nType=[B] (LocalMasterAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nElectionVersion=[w]\nBrowserConstant=[w]\n",
261	maxbuf, unicodestr);
262	break;
263
264	case 0x1:
265	data = smb_fdata(ndo, data,
266	"BROWSE PACKET:\nType=[B] (HostAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nElectionVersion=[w]\nBrowserConstant=[w]\n",
267	maxbuf, unicodestr);
268	break;
269
270	case 0x2:
271	data = smb_fdata(ndo, data,
272	"BROWSE PACKET:\nType=[B] (AnnouncementRequest)\nFlags=[B]\nReplySystemName=[S]\n",
273	maxbuf, unicodestr);
274	break;
275
276	case 0xc:
277	data = smb_fdata(ndo, data,
278	"BROWSE PACKET:\nType=[B] (WorkgroupAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nCommentPointer=[W]\nServerName=[S]\n",
279	maxbuf, unicodestr);
280	break;
281
282	case 0x8:
283	data = smb_fdata(ndo, data,
284	"BROWSE PACKET:\nType=[B] (ElectionFrame)\nElectionVersion=[B]\nOSSummary=[W]\nUptime=[(W, W)]\nServerName=[S]\n",
285	maxbuf, unicodestr);
286	break;
287
288	case 0xb:
289	data = smb_fdata(ndo, data,
290	"BROWSE PACKET:\nType=[B] (BecomeBackupBrowser)\nName=[S]\n",
291	maxbuf, unicodestr);
292	break;
293
294	case 0x9:
295	data = smb_fdata(ndo, data,
296	"BROWSE PACKET:\nType=[B] (GetBackupList)\nListCount?=[B]\nToken=[W]\n",
297	maxbuf, unicodestr);
298	break;
299
300	case 0xa:
301	data = smb_fdata(ndo, data,
302	"BROWSE PACKET:\nType=[B] (BackupListResponse)\nServerCount?=[B]\nToken=[W]\n*Name=[S]\n",
303	maxbuf, unicodestr);
304	break;
305
306	case 0xd:
307	data = smb_fdata(ndo, data,
308	"BROWSE PACKET:\nType=[B] (MasterAnnouncement)\nMasterName=[S]\n",
309	maxbuf, unicodestr);
310	break;
311
312	case 0xe:
313	data = smb_fdata(ndo, data,
314	"BROWSE PACKET:\nType=[B] (ResetBrowser)\nOptions=[B]\n", maxbuf, unicodestr);
315	break;
316
317	default:
318	data = smb_fdata(ndo, data, "Unknown Browser Frame ", maxbuf, unicodestr);
319	break;
320	}
321	return;
322	trunc:
323	ND_PRINT((ndo, "%s", tstr));
324	}
325
326
327	static void
328	print_ipc(netdissect_options *ndo,
329	const u_char param, int paramlen, const u_char data, int datalen)
330	{
331	if (paramlen)
332	smb_fdata(ndo, param, "Command=[w]\nStr1=[S]\nStr2=[S]\n", param + paramlen,
333	unicodestr);
334	if (datalen)
335	smb_fdata(ndo, data, "IPC ", data + datalen, unicodestr);
336	}
337
338
339	static void
340	print_trans(netdissect_options *ndo,
341	const u_char words, const u_char data1, const u_char buf, const u_char maxbuf)
342	{
343	u_int bcc;
344	const char f1, f2, f3, f4;
345	const u_char data, param;
346	const u_char *w = words + 1;
347	int datalen, paramlen;
348
349	if (request) {
350	ND_TCHECK2(w[12 * 2], 2);
351	paramlen = EXTRACT_LE_16BITS(w + 9 * 2);
352	param = buf + EXTRACT_LE_16BITS(w + 10 * 2);
353	datalen = EXTRACT_LE_16BITS(w + 11 * 2);
354	data = buf + EXTRACT_LE_16BITS(w + 12 * 2);
355	f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nMaxParmCnt=[d] \nMaxDataCnt=[d]\nMaxSCnt=[d] \nTransFlags=[w] \nRes1=[w] \nRes2=[w] \nRes3=[w]\nParamCnt=[d] \nParamOff=[d] \nDataCnt=[d] \nDataOff=[d] \nSUCnt=[d]\n";
356	f2 = "\|Name=[S]\n";
357	f3 = "\|Param ";
358	f4 = "\|Data ";
359	} else {
360	ND_TCHECK2(w[7 * 2], 2);
361	paramlen = EXTRACT_LE_16BITS(w + 3 * 2);
362	param = buf + EXTRACT_LE_16BITS(w + 4 * 2);
363	datalen = EXTRACT_LE_16BITS(w + 6 * 2);
364	data = buf + EXTRACT_LE_16BITS(w + 7 * 2);
365	f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nRes1=[d]\nParamCnt=[d] \nParamOff=[d] \nRes2=[d] \nDataCnt=[d] \nDataOff=[d] \nRes3=[d]\nLsetup=[d]\n";
366	f2 = "\|Unknown ";
367	f3 = "\|Param ";
368	f4 = "\|Data ";
369	}
370
371	smb_fdata(ndo, words + 1, f1, min(words + 1 + 2 * words[0], maxbuf),
372	unicodestr);
373
374	ND_TCHECK2(*data1, 2);
375	bcc = EXTRACT_LE_16BITS(data1);
376	ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
377	if (bcc > 0) {
378	smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr);
379
380	if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) {
381	print_browse(ndo, param, paramlen, data, datalen);
382	return;
383	}
384
385	if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) {
386	print_ipc(ndo, param, paramlen, data, datalen);
387	return;
388	}
389
390	if (paramlen)
391	smb_fdata(ndo, param, f3, min(param + paramlen, maxbuf), unicodestr);
392	if (datalen)
393	smb_fdata(ndo, data, f4, min(data + datalen, maxbuf), unicodestr);
394	}
395	return;
396	trunc:
397	ND_PRINT((ndo, "%s", tstr));
398	}
399
400
401	static void
402	print_negprot(netdissect_options *ndo,
403	const u_char words, const u_char data, const u_char buf _U_, const u_char maxbuf)
404	{
405	u_int wct, bcc;
406	const char f1 = NULL, f2 = NULL;
407
408	ND_TCHECK(words[0]);
409	wct = words[0];
410	if (request)
411	f2 = "*\|Dialect=[Y]\n";
412	else {
413	if (wct == 1)
414	f1 = "Core Protocol\nDialectIndex=[d]";
415	else if (wct == 17)
416	f1 = "NT1 Protocol\nDialectIndex=[d]\nSecMode=[B]\nMaxMux=[d]\nNumVcs=[d]\nMaxBuffer=[D]\nRawSize=[D]\nSessionKey=[W]\nCapabilities=[W]\nServerTime=[T3]TimeZone=[d]\nCryptKey=";
417	else if (wct == 13)
418	f1 = "Coreplus/Lanman1/Lanman2 Protocol\nDialectIndex=[d]\nSecMode=[w]\nMaxXMit=[d]\nMaxMux=[d]\nMaxVcs=[d]\nBlkMode=[w]\nSessionKey=[W]\nServerTime=[T1]TimeZone=[d]\nRes=[W]\nCryptKey=";
419	}
420
421	if (f1)
422	smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf),
423	unicodestr);
424	else
425	smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1)));
426
427	ND_TCHECK2(*data, 2);
428	bcc = EXTRACT_LE_16BITS(data);
429	ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
430	if (bcc > 0) {
431	if (f2)
432	smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data),
433	maxbuf), unicodestr);
434	else
435	smb_print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2)));
436	}
437	return;
438	trunc:
439	ND_PRINT((ndo, "%s", tstr));
440	}
441
442	static void
443	print_sesssetup(netdissect_options *ndo,
444	const u_char words, const u_char data, const u_char buf _U_, const u_char maxbuf)
445	{
446	u_int wct, bcc;
447	const char f1 = NULL, f2 = NULL;
448
449	ND_TCHECK(words[0]);
450	wct = words[0];
451	if (request) {
452	if (wct == 10)
453	f1 = "Com2=[w]\nOff2=[d]\nBufSize=[d]\nMpxMax=[d]\nVcNum=[d]\nSessionKey=[W]\nPassLen=[d]\nCryptLen=[d]\nCryptOff=[d]\nPass&Name=\n";
454	else
455	f1 = "Com2=[B]\nRes1=[B]\nOff2=[d]\nMaxBuffer=[d]\nMaxMpx=[d]\nVcNumber=[d]\nSessionKey=[W]\nCaseInsensitivePasswordLength=[d]\nCaseSensitivePasswordLength=[d]\nRes=[W]\nCapabilities=[W]\nPass1&Pass2&Account&Domain&OS&LanMan=\n";
456	} else {
457	if (wct == 3) {
458	f1 = "Com2=[w]\nOff2=[d]\nAction=[w]\n";
459	} else if (wct == 13) {
460	f1 = "Com2=[B]\nRes=[B]\nOff2=[d]\nAction=[w]\n";
461	f2 = "NativeOS=[S]\nNativeLanMan=[S]\nPrimaryDomain=[S]\n";
462	}
463	}
464
465	if (f1)
466	smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf),
467	unicodestr);
468	else
469	smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1)));
470
471	ND_TCHECK2(*data, 2);
472	bcc = EXTRACT_LE_16BITS(data);
473	ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
474	if (bcc > 0) {
475	if (f2)
476	smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data),
477	maxbuf), unicodestr);
478	else
479	smb_print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2)));
480	}
481	return;
482	trunc:
483	ND_PRINT((ndo, "%s", tstr));
484	}
485
486	static void
487	print_lockingandx(netdissect_options *ndo,
488	const u_char words, const u_char data, const u_char buf _U_, const u_char maxbuf)
489	{
490	u_int wct, bcc;
491	const u_char *maxwords;
492	const char f1 = NULL, f2 = NULL;
493
494	ND_TCHECK(words[0]);
495	wct = words[0];
496	if (request) {
497	f1 = "Com2=[w]\nOff2=[d]\nHandle=[d]\nLockType=[w]\nTimeOut=[D]\nUnlockCount=[d]\nLockCount=[d]\n";
498	ND_TCHECK(words[7]);
499	if (words[7] & 0x10)
500	f2 = "*Process=[d]\n[P2]Offset=[M]\nLength=[M]\n";
501	else
502	f2 = "*Process=[d]\nOffset=[D]\nLength=[D]\n";
503	} else {
504	f1 = "Com2=[w]\nOff2=[d]\n";
505	}
506
507	maxwords = min(words + 1 + wct * 2, maxbuf);
508	if (wct)
509	smb_fdata(ndo, words + 1, f1, maxwords, unicodestr);
510
511	ND_TCHECK2(*data, 2);
512	bcc = EXTRACT_LE_16BITS(data);
513	ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
514	if (bcc > 0) {
515	if (f2)
516	smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data),
517	maxbuf), unicodestr);
518	else
519	smb_print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2)));
520	}
521	return;
522	trunc:
523	ND_PRINT((ndo, "%s", tstr));
524	}
525
526
527	static const struct smbfns smb_fns[] = {
528	{ -1, "SMBunknown", 0, DEFDESCRIPT },
529
530	{ SMBtcon, "SMBtcon", 0,
531	{ NULL, "Path=[Z]\nPassword=[Z]\nDevice=[Z]\n",
532	"MaxXmit=[d]\nTreeId=[d]\n", NULL,
533	NULL } },
534
535	{ SMBtdis, "SMBtdis", 0, DEFDESCRIPT },
536	{ SMBexit, "SMBexit", 0, DEFDESCRIPT },
537	{ SMBioctl, "SMBioctl", 0, DEFDESCRIPT },
538
539	{ SMBecho, "SMBecho", 0,
540	{ "ReverbCount=[d]\n", NULL,
541	"SequenceNum=[d]\n", NULL,
542	NULL } },
543
544	{ SMBulogoffX, "SMBulogoffX", FLG_CHAIN, DEFDESCRIPT },
545
546	{ SMBgetatr, "SMBgetatr", 0,
547	{ NULL, "Path=[Z]\n",
548	"Attribute=[A]\nTime=[T2]Size=[D]\nRes=([w,w,w,w,w])\n", NULL,
549	NULL } },
550
551	{ SMBsetatr, "SMBsetatr", 0,
552	{ "Attribute=[A]\nTime=[T2]Res=([w,w,w,w,w])\n", "Path=[Z]\n",
553	NULL, NULL, NULL } },
554
555	{ SMBchkpth, "SMBchkpth", 0,
556	{ NULL, "Path=[Z]\n", NULL, NULL, NULL } },
557
558	{ SMBsearch, "SMBsearch", 0,
559	{ "Count=[d]\nAttrib=[A]\n",
560	"Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n\|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\n",
561	"Count=[d]\n",
562	"BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n",
563	NULL } },
564
565	{ SMBopen, "SMBopen", 0,
566	{ "Mode=[w]\nAttribute=[A]\n", "Path=[Z]\n",
567	"Handle=[d]\nOAttrib=[A]\nTime=[T2]Size=[D]\nAccess=[w]\n",
568	NULL, NULL } },
569
570	{ SMBcreate, "SMBcreate", 0,
571	{ "Attrib=[A]\nTime=[T2]", "Path=[Z]\n", "Handle=[d]\n", NULL, NULL } },
572
573	{ SMBmknew, "SMBmknew", 0,
574	{ "Attrib=[A]\nTime=[T2]", "Path=[Z]\n", "Handle=[d]\n", NULL, NULL } },
575
576	{ SMBunlink, "SMBunlink", 0,
577	{ "Attrib=[A]\n", "Path=[Z]\n", NULL, NULL, NULL } },
578
579	{ SMBread, "SMBread", 0,
580	{ "Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n", NULL,
581	"Count=[d]\nRes=([w,w,w,w])\n", NULL, NULL } },
582
583	{ SMBwrite, "SMBwrite", 0,
584	{ "Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n", NULL,
585	"Count=[d]\n", NULL, NULL } },
586
587	{ SMBclose, "SMBclose", 0,
588	{ "Handle=[d]\nTime=[T2]", NULL, NULL, NULL, NULL } },
589
590	{ SMBmkdir, "SMBmkdir", 0,
591	{ NULL, "Path=[Z]\n", NULL, NULL, NULL } },
592
593	{ SMBrmdir, "SMBrmdir", 0,
594	{ NULL, "Path=[Z]\n", NULL, NULL, NULL } },
595
596	{ SMBdskattr, "SMBdskattr", 0,
597	{ NULL, NULL,
598	"TotalUnits=[d]\nBlocksPerUnit=[d]\nBlockSize=[d]\nFreeUnits=[d]\nMedia=[w]\n",
599	NULL, NULL } },
600
601	{ SMBmv, "SMBmv", 0,
602	{ "Attrib=[A]\n", "OldPath=[Z]\nNewPath=[Z]\n", NULL, NULL, NULL } },
603
604	/*
605	* this is a Pathworks specific call, allowing the
606	* changing of the root path
607	*/
608	{ pSETDIR, "SMBsetdir", 0, { NULL, "Path=[Z]\n", NULL, NULL, NULL } },
609
610	{ SMBlseek, "SMBlseek", 0,
611	{ "Handle=[d]\nMode=[w]\nOffset=[D]\n", "Offset=[D]\n", NULL, NULL, NULL } },
612
613	{ SMBflush, "SMBflush", 0, { "Handle=[d]\n", NULL, NULL, NULL, NULL } },
614
615	{ SMBsplopen, "SMBsplopen", 0,
616	{ "SetupLen=[d]\nMode=[w]\n", "Ident=[Z]\n", "Handle=[d]\n",
617	NULL, NULL } },
618
619	{ SMBsplclose, "SMBsplclose", 0,
620	{ "Handle=[d]\n", NULL, NULL, NULL, NULL } },
621
622	{ SMBsplretq, "SMBsplretq", 0,
623	{ "MaxCount=[d]\nStartIndex=[d]\n", NULL,
624	"Count=[d]\nIndex=[d]\n",
625	"*Time=[T2]Status=[B]\nJobID=[d]\nSize=[D]\nRes=[B]Name=[s16]\n",
626	NULL } },
627
628	{ SMBsplwr, "SMBsplwr", 0,
629	{ "Handle=[d]\n", NULL, NULL, NULL, NULL } },
630
631	{ SMBlock, "SMBlock", 0,
632	{ "Handle=[d]\nCount=[D]\nOffset=[D]\n", NULL, NULL, NULL, NULL } },
633
634	{ SMBunlock, "SMBunlock", 0,
635	{ "Handle=[d]\nCount=[D]\nOffset=[D]\n", NULL, NULL, NULL, NULL } },
636
637	/* CORE+ PROTOCOL FOLLOWS */
638
639	{ SMBreadbraw, "SMBreadbraw", 0,
640	{ "Handle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nRes=[d]\n",
641	NULL, NULL, NULL, NULL } },
642
643	{ SMBwritebraw, "SMBwritebraw", 0,
644	{ "Handle=[d]\nTotalCount=[d]\nRes=[w]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nRes2=[W]\n\|DataSize=[d]\nDataOff=[d]\n",
645	NULL, "WriteRawAck", NULL, NULL } },
646
647	{ SMBwritec, "SMBwritec", 0,
648	{ NULL, NULL, "Count=[d]\n", NULL, NULL } },
649
650	{ SMBwriteclose, "SMBwriteclose", 0,
651	{ "Handle=[d]\nCount=[d]\nOffset=[D]\nTime=[T2]Res=([w,w,w,w,w,w])",
652	NULL, "Count=[d]\n", NULL, NULL } },
653
654	{ SMBlockread, "SMBlockread", 0,
655	{ "Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n", NULL,
656	"Count=[d]\nRes=([w,w,w,w])\n", NULL, NULL } },
657
658	{ SMBwriteunlock, "SMBwriteunlock", 0,
659	{ "Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n", NULL,
660	"Count=[d]\n", NULL, NULL } },
661
662	{ SMBreadBmpx, "SMBreadBmpx", 0,
663	{ "Handle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nRes=[w]\n",
664	NULL,
665	"Offset=[D]\nTotCount=[d]\nRemaining=[d]\nRes=([w,w])\nDataSize=[d]\nDataOff=[d]\n",
666	NULL, NULL } },
667
668	{ SMBwriteBmpx, "SMBwriteBmpx", 0,
669	{ "Handle=[d]\nTotCount=[d]\nRes=[w]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nRes2=[W]\nDataSize=[d]\nDataOff=[d]\n", NULL,
670	"Remaining=[d]\n", NULL, NULL } },
671
672	{ SMBwriteBs, "SMBwriteBs", 0,
673	{ "Handle=[d]\nTotCount=[d]\nOffset=[D]\nRes=[W]\nDataSize=[d]\nDataOff=[d]\n",
674	NULL, "Count=[d]\n", NULL, NULL } },
675
676	{ SMBsetattrE, "SMBsetattrE", 0,
677	{ "Handle=[d]\nCreationTime=[T2]AccessTime=[T2]ModifyTime=[T2]", NULL,
678	NULL, NULL, NULL } },
679
680	{ SMBgetattrE, "SMBgetattrE", 0,
681	{ "Handle=[d]\n", NULL,
682	"CreationTime=[T2]AccessTime=[T2]ModifyTime=[T2]Size=[D]\nAllocSize=[D]\nAttribute=[A]\n",
683	NULL, NULL } },
684
685	{ SMBtranss, "SMBtranss", 0, DEFDESCRIPT },
686	{ SMBioctls, "SMBioctls", 0, DEFDESCRIPT },
687
688	{ SMBcopy, "SMBcopy", 0,
689	{ "TreeID2=[d]\nOFun=[w]\nFlags=[w]\n", "Path=[S]\nNewPath=[S]\n",
690	"CopyCount=[d]\n", "\|ErrStr=[S]\n", NULL } },
691
692	{ SMBmove, "SMBmove", 0,
693	{ "TreeID2=[d]\nOFun=[w]\nFlags=[w]\n", "Path=[S]\nNewPath=[S]\n",
694	"MoveCount=[d]\n", "\|ErrStr=[S]\n", NULL } },
695
696	{ SMBopenX, "SMBopenX", FLG_CHAIN,
697	{ "Com2=[w]\nOff2=[d]\nFlags=[w]\nMode=[w]\nSearchAttrib=[A]\nAttrib=[A]\nTime=[T2]OFun=[w]\nSize=[D]\nTimeOut=[D]\nRes=[W]\n",
698	"Path=[S]\n",
699	"Com2=[w]\nOff2=[d]\nHandle=[d]\nAttrib=[A]\nTime=[T2]Size=[D]\nAccess=[w]\nType=[w]\nState=[w]\nAction=[w]\nFileID=[W]\nRes=[w]\n",
700	NULL, NULL } },
701
702	{ SMBreadX, "SMBreadX", FLG_CHAIN,
703	{ "Com2=[w]\nOff2=[d]\nHandle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nCountLeft=[d]\n",
704	NULL,
705	"Com2=[w]\nOff2=[d]\nRemaining=[d]\nRes=[W]\nDataSize=[d]\nDataOff=[d]\nRes=([w,w,w,w])\n",
706	NULL, NULL } },
707
708	{ SMBwriteX, "SMBwriteX", FLG_CHAIN,
709	{ "Com2=[w]\nOff2=[d]\nHandle=[d]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nCountLeft=[d]\nRes=[w]\nDataSize=[d]\nDataOff=[d]\n",
710	NULL,
711	"Com2=[w]\nOff2=[d]\nCount=[d]\nRemaining=[d]\nRes=[W]\n",
712	NULL, NULL } },
713
714	{ SMBffirst, "SMBffirst", 0,
715	{ "Count=[d]\nAttrib=[A]\n",
716	"Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n\|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n",
717	"Count=[d]\n",
718	"BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n",
719	NULL } },
720
721	{ SMBfunique, "SMBfunique", 0,
722	{ "Count=[d]\nAttrib=[A]\n",
723	"Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n\|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n",
724	"Count=[d]\n",
725	"BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n",
726	NULL } },
727
728	{ SMBfclose, "SMBfclose", 0,
729	{ "Count=[d]\nAttrib=[A]\n",
730	"Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n\|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n",
731	"Count=[d]\n",
732	"BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n",
733	NULL } },
734
735	{ SMBfindnclose, "SMBfindnclose", 0,
736	{ "Handle=[d]\n", NULL, NULL, NULL, NULL } },
737
738	{ SMBfindclose, "SMBfindclose", 0,
739	{ "Handle=[d]\n", NULL, NULL, NULL, NULL } },
740
741	{ SMBsends, "SMBsends", 0,
742	{ NULL, "Source=[Z]\nDest=[Z]\n", NULL, NULL, NULL } },
743
744	{ SMBsendstrt, "SMBsendstrt", 0,
745	{ NULL, "Source=[Z]\nDest=[Z]\n", "GroupID=[d]\n", NULL, NULL } },
746
747	{ SMBsendend, "SMBsendend", 0,
748	{ "GroupID=[d]\n", NULL, NULL, NULL, NULL } },
749
750	{ SMBsendtxt, "SMBsendtxt", 0,
751	{ "GroupID=[d]\n", NULL, NULL, NULL, NULL } },
752
753	{ SMBsendb, "SMBsendb", 0,
754	{ NULL, "Source=[Z]\nDest=[Z]\n", NULL, NULL, NULL } },
755
756	{ SMBfwdname, "SMBfwdname", 0, DEFDESCRIPT },
757	{ SMBcancelf, "SMBcancelf", 0, DEFDESCRIPT },
758	{ SMBgetmac, "SMBgetmac", 0, DEFDESCRIPT },
759
760	{ SMBnegprot, "SMBnegprot", 0,
761	{ NULL, NULL, NULL, NULL, print_negprot } },
762
763	{ SMBsesssetupX, "SMBsesssetupX", FLG_CHAIN,
764	{ NULL, NULL, NULL, NULL, print_sesssetup } },
765
766	{ SMBtconX, "SMBtconX", FLG_CHAIN,
767	{ "Com2=[w]\nOff2=[d]\nFlags=[w]\nPassLen=[d]\nPasswd&Path&Device=\n",
768	NULL, "Com2=[w]\nOff2=[d]\n", "ServiceType=[R]\n", NULL } },
769
770	{ SMBlockingX, "SMBlockingX", FLG_CHAIN,
771	{ NULL, NULL, NULL, NULL, print_lockingandx } },
772
773	{ SMBtrans2, "SMBtrans2", 0, { NULL, NULL, NULL, NULL, print_trans2 } },
774
775	{ SMBtranss2, "SMBtranss2", 0, DEFDESCRIPT },
776	{ SMBctemp, "SMBctemp", 0, DEFDESCRIPT },
777	{ SMBreadBs, "SMBreadBs", 0, DEFDESCRIPT },
778	{ SMBtrans, "SMBtrans", 0, { NULL, NULL, NULL, NULL, print_trans } },
779
780	{ SMBnttrans, "SMBnttrans", 0, DEFDESCRIPT },
781	{ SMBnttranss, "SMBnttranss", 0, DEFDESCRIPT },
782
783	{ SMBntcreateX, "SMBntcreateX", FLG_CHAIN,
784	{ "Com2=[w]\nOff2=[d]\nRes=[b]\nNameLen=[ld]\nFlags=[W]\nRootDirectoryFid=[D]\nAccessMask=[W]\nAllocationSize=[L]\nExtFileAttributes=[W]\nShareAccess=[W]\nCreateDisposition=[W]\nCreateOptions=[W]\nImpersonationLevel=[W]\nSecurityFlags=[b]\n",
785	"Path=[C]\n",
786	"Com2=[w]\nOff2=[d]\nOplockLevel=[b]\nFid=[d]\nCreateAction=[W]\nCreateTime=[T3]LastAccessTime=[T3]LastWriteTime=[T3]ChangeTime=[T3]ExtFileAttributes=[W]\nAllocationSize=[L]\nEndOfFile=[L]\nFileType=[w]\nDeviceState=[w]\nDirectory=[b]\n",
787	NULL, NULL } },
788
789	{ SMBntcancel, "SMBntcancel", 0, DEFDESCRIPT },
790
791	{ -1, NULL, 0, DEFDESCRIPT }
792	};
793
794
795	/*
796	* print a SMB message
797	*/
798	static void
799	print_smb(netdissect_options *ndo,
800	const u_char buf, const u_char maxbuf)
801	{
802	uint16_t flags2;
803	int nterrcodes;
804	int command;
805	uint32_t nterror;
806	const u_char words, maxwords, *data;
807	const struct smbfns *fn;
808	const char *fmt_smbheader =
809	"[P4]SMB Command = [B]\nError class = [BP1]\nError code = [d]\nFlags1 = [B]\nFlags2 = [B][P13]\nTree ID = [d]\nProc ID = [d]\nUID = [d]\nMID = [d]\nWord Count = [b]\n";
810	int smboffset;
811
812	ND_TCHECK(buf[9]);
813	request = (buf[9] & 0x80) ? 0 : 1;
814	startbuf = buf;
815
816	command = buf[4];
817
818	fn = smbfind(command, smb_fns);
819
820	if (ndo->ndo_vflag > 1)
821	ND_PRINT((ndo, "\n"));
822
823	ND_PRINT((ndo, "SMB PACKET: %s (%s)\n", fn->name, request ? "REQUEST" : "REPLY"));
824
825	if (ndo->ndo_vflag < 2)
826	return;
827
828	ND_TCHECK_16BITS(&buf[10]);
829	flags2 = EXTRACT_LE_16BITS(&buf[10]);
830	unicodestr = flags2 & 0x8000;
831	nterrcodes = flags2 & 0x4000;
832
833	/* print out the header */
834	smb_fdata(ndo, buf, fmt_smbheader, buf + 33, unicodestr);
835
836	if (nterrcodes) {
837	nterror = EXTRACT_LE_32BITS(&buf[5]);
838	if (nterror)
839	ND_PRINT((ndo, "NTError = %s\n", nt_errstr(nterror)));
840	} else {
841	if (buf[5])
842	ND_PRINT((ndo, "SMBError = %s\n", smb_errstr(buf[5], EXTRACT_LE_16BITS(&buf[7]))));
843	}
844
845	smboffset = 32;
846
847	for (;;) {
848	const char f1, f2;
849	int wct;
850	u_int bcc;
851	int newsmboffset;
852
853	words = buf + smboffset;
854	ND_TCHECK(words[0]);
855	wct = words[0];
856	data = words + 1 + wct * 2;
857	maxwords = min(data, maxbuf);
858
859	if (request) {
860	f1 = fn->descript.req_f1;
861	f2 = fn->descript.req_f2;
862	} else {
863	f1 = fn->descript.rep_f1;
864	f2 = fn->descript.rep_f2;
865	}
866
867	if (fn->descript.fn)
868	(*fn->descript.fn)(ndo, words, data, buf, maxbuf);
869	else {
870	if (wct) {
871	if (f1)
872	smb_fdata(ndo, words + 1, f1, words + 1 + wct * 2, unicodestr);
873	else {
874	int i;
875	int v;
876
877	for (i = 0; &words[1 + 2 * i] < maxwords; i++) {
878	ND_TCHECK2(words[1 + 2 * i], 2);
879	v = EXTRACT_LE_16BITS(words + 1 + 2 * i);
880	ND_PRINT((ndo, "smb_vwv[%d]=%d (0x%X)\n", i, v, v));
881	}
882	}
883	}
884
885	ND_TCHECK2(*data, 2);
886	bcc = EXTRACT_LE_16BITS(data);
887	ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
888	if (f2) {
889	if (bcc > 0)
890	smb_fdata(ndo, data + 2, f2, data + 2 + bcc, unicodestr);
891	} else {
892	if (bcc > 0) {
893	ND_PRINT((ndo, "smb_buf[]=\n"));
894	smb_print_data(ndo, data + 2, min(bcc, PTR_DIFF(maxbuf, data + 2)));
895	}
896	}
897	}
898
899	if ((fn->flags & FLG_CHAIN) == 0)
900	break;
901	if (wct == 0)
902	break;
903	ND_TCHECK(words[1]);
904	command = words[1];
905	if (command == 0xFF)
906	break;
907	ND_TCHECK2(words[3], 2);
908	newsmboffset = EXTRACT_LE_16BITS(words + 3);
909
910	fn = smbfind(command, smb_fns);
911
912	ND_PRINT((ndo, "\nSMB PACKET: %s (%s) (CHAINED)\n",
913	fn->name, request ? "REQUEST" : "REPLY"));
914	if (newsmboffset <= smboffset) {
915	ND_PRINT((ndo, "Bad andX offset: %u <= %u\n", newsmboffset, smboffset));
916	break;
917	}
918	smboffset = newsmboffset;
919	}
920
921	ND_PRINT((ndo, "\n"));
922	return;
923	trunc:
924	ND_PRINT((ndo, "%s", tstr));
925	}
926
927
928	/*
929	* print a NBT packet received across tcp on port 139
930	*/
931	void
932	nbt_tcp_print(netdissect_options *ndo,
933	const u_char *data, int length)
934	{
935	int caplen;
936	int type;
937	u_int nbt_len;
938	const u_char *maxbuf;
939
940	if (length < 4)
941	goto trunc;
942	if (ndo->ndo_snapend < data)
943	goto trunc;
944	caplen = ndo->ndo_snapend - data;
945	if (caplen < 4)
946	goto trunc;
947	maxbuf = data + caplen;
948	type = data[0];
949	nbt_len = EXTRACT_16BITS(data + 2);
950	length -= 4;
951	caplen -= 4;
952
953	startbuf = data;
954
955	if (ndo->ndo_vflag < 2) {
956	ND_PRINT((ndo, " NBT Session Packet: "));
957	switch (type) {
958	case 0x00:
959	ND_PRINT((ndo, "Session Message"));
960	break;
961
962	case 0x81:
963	ND_PRINT((ndo, "Session Request"));
964	break;
965
966	case 0x82:
967	ND_PRINT((ndo, "Session Granted"));
968	break;
969
970	case 0x83:
971	{
972	int ecode;
973
974	if (nbt_len < 4)
975	goto trunc;
976	if (length < 4)
977	goto trunc;
978	if (caplen < 4)
979	goto trunc;
980	ecode = data[4];
981
982	ND_PRINT((ndo, "Session Reject, "));
983	switch (ecode) {
984	case 0x80:
985	ND_PRINT((ndo, "Not listening on called name"));
986	break;
987	case 0x81:
988	ND_PRINT((ndo, "Not listening for calling name"));
989	break;
990	case 0x82:
991	ND_PRINT((ndo, "Called name not present"));
992	break;
993	case 0x83:
994	ND_PRINT((ndo, "Called name present, but insufficient resources"));
995	break;
996	default:
997	ND_PRINT((ndo, "Unspecified error 0x%X", ecode));
998	break;
999	}
1000	}
1001	break;
1002
1003	case 0x85:
1004	ND_PRINT((ndo, "Session Keepalive"));
1005	break;
1006
1007	default:
1008	data = smb_fdata(ndo, data, "Unknown packet type [rB]", maxbuf, 0);
1009	break;
1010	}
1011	} else {
1012	ND_PRINT((ndo, "\n>>> NBT Session Packet\n"));
1013	switch (type) {
1014	case 0x00:
1015	data = smb_fdata(ndo, data, "[P1]NBT Session Message\nFlags=[B]\nLength=[rd]\n",
1016	data + 4, 0);
1017	if (data == NULL)
1018	break;
1019	if (nbt_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) {
1020	if ((int)nbt_len > caplen) {
1021	if ((int)nbt_len > length)
1022	ND_PRINT((ndo, "WARNING: Packet is continued in later TCP segments\n"));
1023	else
1024	ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length by %d\n",
1025	nbt_len - caplen));
1026	}
1027	print_smb(ndo, data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf);
1028	} else
1029	ND_PRINT((ndo, "Session packet:(raw data or continuation?)\n"));
1030	break;
1031
1032	case 0x81:
1033	data = smb_fdata(ndo, data,
1034	"[P1]NBT Session Request\nFlags=[B]\nLength=[rd]\nDestination=[n1]\nSource=[n1]\n",
1035	maxbuf, 0);
1036	break;
1037
1038	case 0x82:
1039	data = smb_fdata(ndo, data, "[P1]NBT Session Granted\nFlags=[B]\nLength=[rd]\n", maxbuf, 0);
1040	break;
1041
1042	case 0x83:
1043	{
1044	const u_char *origdata;
1045	int ecode;
1046
1047	origdata = data;
1048	data = smb_fdata(ndo, data, "[P1]NBT SessionReject\nFlags=[B]\nLength=[rd]\nReason=[B]\n",
1049	maxbuf, 0);
1050	if (data == NULL)
1051	break;
1052	if (nbt_len >= 1 && caplen >= 1) {
1053	ecode = origdata[4];
1054	switch (ecode) {
1055	case 0x80:
1056	ND_PRINT((ndo, "Not listening on called name\n"));
1057	break;
1058	case 0x81:
1059	ND_PRINT((ndo, "Not listening for calling name\n"));
1060	break;
1061	case 0x82:
1062	ND_PRINT((ndo, "Called name not present\n"));
1063	break;
1064	case 0x83:
1065	ND_PRINT((ndo, "Called name present, but insufficient resources\n"));
1066	break;
1067	default:
1068	ND_PRINT((ndo, "Unspecified error 0x%X\n", ecode));
1069	break;
1070	}
1071	}
1072	}
1073	break;
1074
1075	case 0x85:
1076	data = smb_fdata(ndo, data, "[P1]NBT Session Keepalive\nFlags=[B]\nLength=[rd]\n", maxbuf, 0);
1077	break;
1078
1079	default:
1080	data = smb_fdata(ndo, data, "NBT - Unknown packet type\nType=[B]\n", maxbuf, 0);
1081	break;
1082	}
1083	ND_PRINT((ndo, "\n"));
1084	}
1085	return;
1086	trunc:
1087	ND_PRINT((ndo, "%s", tstr));
1088	}
1089
1090	static const struct tok opcode_str[] = {
1091	{ 0, "QUERY" },
1092	{ 5, "REGISTRATION" },
1093	{ 6, "RELEASE" },
1094	{ 7, "WACK" },
1095	{ 8, "REFRESH(8)" },
1096	{ 9, "REFRESH" },
1097	{ 15, "MULTIHOMED REGISTRATION" },
1098	{ 0, NULL }
1099	};
1100
1101	/*
1102	* print a NBT packet received across udp on port 137
1103	*/
1104	void
1105	nbt_udp137_print(netdissect_options *ndo,
1106	const u_char *data, int length)
1107	{
1108	const u_char *maxbuf = data + length;
1109	int name_trn_id, response, opcode, nm_flags, rcode;
1110	int qdcount, ancount, nscount, arcount;
1111	const u_char *p;
1112	int total, i;
1113
1114	ND_TCHECK2(data[10], 2);
1115	name_trn_id = EXTRACT_16BITS(data);
1116	response = (data[2] >> 7);
1117	opcode = (data[2] >> 3) & 0xF;
1118	nm_flags = ((data[2] & 0x7) << 4) + (data[3] >> 4);
1119	rcode = data[3] & 0xF;
1120	qdcount = EXTRACT_16BITS(data + 4);
1121	ancount = EXTRACT_16BITS(data + 6);
1122	nscount = EXTRACT_16BITS(data + 8);
1123	arcount = EXTRACT_16BITS(data + 10);
1124	startbuf = data;
1125
1126	if (maxbuf <= data)
1127	return;
1128
1129	if (ndo->ndo_vflag > 1)
1130	ND_PRINT((ndo, "\n>>> "));
1131
1132	ND_PRINT((ndo, "NBT UDP PACKET(137): %s", tok2str(opcode_str, "OPUNKNOWN", opcode)));
1133	if (response) {
1134	ND_PRINT((ndo, "; %s", rcode ? "NEGATIVE" : "POSITIVE"));
1135	}
1136	ND_PRINT((ndo, "; %s; %s", response ? "RESPONSE" : "REQUEST",
1137	(nm_flags & 1) ? "BROADCAST" : "UNICAST"));
1138
1139	if (ndo->ndo_vflag < 2)
1140	return;
1141
1142	ND_PRINT((ndo, "\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n",
1143	name_trn_id, opcode, nm_flags, rcode, qdcount, ancount, nscount,
1144	arcount));
1145
1146	p = data + 12;
1147
1148	total = ancount + nscount + arcount;
1149
1150	if (qdcount > 100 \|\| total > 100) {
1151	ND_PRINT((ndo, "Corrupt packet??\n"));
1152	return;
1153	}
1154
1155	if (qdcount) {
1156	ND_PRINT((ndo, "QuestionRecords:\n"));
1157	for (i = 0; i < qdcount; i++) {
1158	p = smb_fdata(ndo, p,
1159	"\|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#",
1160	maxbuf, 0);
1161	if (p == NULL)
1162	goto out;
1163	}
1164	}
1165
1166	if (total) {
1167	ND_PRINT((ndo, "\nResourceRecords:\n"));
1168	for (i = 0; i < total; i++) {
1169	int rdlen;
1170	int restype;
1171
1172	p = smb_fdata(ndo, p, "Name=[n1]\n#", maxbuf, 0);
1173	if (p == NULL)
1174	goto out;
1175	ND_TCHECK_16BITS(p);
1176	restype = EXTRACT_16BITS(p);
1177	p = smb_fdata(ndo, p, "ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n", p + 8, 0);
1178	if (p == NULL)
1179	goto out;
1180	ND_TCHECK_16BITS(p);
1181	rdlen = EXTRACT_16BITS(p);
1182	ND_PRINT((ndo, "ResourceLength=%d\nResourceData=\n", rdlen));
1183	p += 2;
1184	if (rdlen == 6) {
1185	p = smb_fdata(ndo, p, "AddrType=[rw]\nAddress=[b.b.b.b]\n", p + rdlen, 0);
1186	if (p == NULL)
1187	goto out;
1188	} else {
1189	if (restype == 0x21) {
1190	int numnames;
1191
1192	ND_TCHECK(*p);
1193	numnames = p[0];
1194	p = smb_fdata(ndo, p, "NumNames=[B]\n", p + 1, 0);
1195	if (p == NULL)
1196	goto out;
1197	while (numnames--) {
1198	p = smb_fdata(ndo, p, "Name=[n2]\t#", maxbuf, 0);
1199	if (p == NULL)
1200	goto out;
1201	ND_TCHECK(*p);
1202	if (p[0] & 0x80)
1203	ND_PRINT((ndo, "<GROUP> "));
1204	switch (p[0] & 0x60) {
1205	case 0x00: ND_PRINT((ndo, "B ")); break;
1206	case 0x20: ND_PRINT((ndo, "P ")); break;
1207	case 0x40: ND_PRINT((ndo, "M ")); break;
1208	case 0x60: ND_PRINT((ndo, "_ ")); break;
1209	}
1210	if (p[0] & 0x10)
1211	ND_PRINT((ndo, "<DEREGISTERING> "));
1212	if (p[0] & 0x08)
1213	ND_PRINT((ndo, "<CONFLICT> "));
1214	if (p[0] & 0x04)
1215	ND_PRINT((ndo, "<ACTIVE> "));
1216	if (p[0] & 0x02)
1217	ND_PRINT((ndo, "<PERMANENT> "));
1218	ND_PRINT((ndo, "\n"));
1219	p += 2;
1220	}
1221	} else {
1222	smb_print_data(ndo, p, min(rdlen, length - (p - data)));
1223	p += rdlen;
1224	}
1225	}
1226	}
1227	}
1228
1229	if (p < maxbuf)
1230	smb_fdata(ndo, p, "AdditionalData:\n", maxbuf, 0);
1231
1232	out:
1233	ND_PRINT((ndo, "\n"));
1234	return;
1235	trunc:
1236	ND_PRINT((ndo, "%s", tstr));
1237	}
1238
1239	/*
1240	* Print an SMB-over-TCP packet received across tcp on port 445
1241	*/
1242	void
1243	smb_tcp_print(netdissect_options *ndo,
1244	const u_char * data, int length)
1245	{
1246	int caplen;
1247	u_int smb_len;
1248	const u_char *maxbuf;
1249
1250	if (length < 4)
1251	goto trunc;
1252	if (ndo->ndo_snapend < data)
1253	goto trunc;
1254	caplen = ndo->ndo_snapend - data;
1255	if (caplen < 4)
1256	goto trunc;
1257	maxbuf = data + caplen;
1258	smb_len = EXTRACT_24BITS(data + 1);
1259	length -= 4;
1260	caplen -= 4;
1261
1262	startbuf = data;
1263	data += 4;
1264
1265	if (smb_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) {
1266	if ((int)smb_len > caplen) {
1267	if ((int)smb_len > length)
1268	ND_PRINT((ndo, " WARNING: Packet is continued in later TCP segments\n"));
1269	else
1270	ND_PRINT((ndo, " WARNING: Short packet. Try increasing the snap length by %d\n",
1271	smb_len - caplen));
1272	} else
1273	ND_PRINT((ndo, " "));
1274	print_smb(ndo, data, maxbuf > data + smb_len ? data + smb_len : maxbuf);
1275	} else
1276	ND_PRINT((ndo, " SMB-over-TCP packet:(raw data or continuation?)\n"));
1277	return;
1278	trunc:
1279	ND_PRINT((ndo, "%s", tstr));
1280	}
1281
1282	/*
1283	* print a NBT packet received across udp on port 138
1284	*/
1285	void
1286	nbt_udp138_print(netdissect_options *ndo,
1287	const u_char *data, int length)
1288	{
1289	const u_char *maxbuf = data + length;
1290
1291	if (maxbuf > ndo->ndo_snapend)
1292	maxbuf = ndo->ndo_snapend;
1293	if (maxbuf <= data)
1294	return;
1295	startbuf = data;
1296
1297	if (ndo->ndo_vflag < 2) {
1298	ND_PRINT((ndo, "NBT UDP PACKET(138)"));
1299	return;
1300	}
1301
1302	data = smb_fdata(ndo, data,
1303	"\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#",
1304	maxbuf, 0);
1305
1306	if (data != NULL) {
1307	/* If there isn't enough data for "\377SMB", don't check for it. */
1308	if (&data[3] >= maxbuf)
1309	goto out;
1310
1311	if (memcmp(data, "\377SMB",4) == 0)
1312	print_smb(ndo, data, maxbuf);
1313	}
1314	out:
1315	ND_PRINT((ndo, "\n"));
1316	}
1317
1318
1319	/*
1320	print netbeui frames
1321	*/
1322	static struct nbf_strings {
1323	const char *name;
1324	const char *nonverbose;
1325	const char *verbose;
1326	} nbf_strings[0x20] = {
1327	{ "Add Group Name Query", ", [P23]Name to add=[n2]#",
1328	"[P5]ResponseCorrelator=[w]\n[P16]Name to add=[n2]\n" },
1329	{ "Add Name Query", ", [P23]Name to add=[n2]#",
1330	"[P5]ResponseCorrelator=[w]\n[P16]Name to add=[n2]\n" },
1331	{ "Name In Conflict", NULL, NULL },
1332	{ "Status Query", NULL, NULL },
1333	{ NULL, NULL, NULL }, /* not used */
1334	{ NULL, NULL, NULL }, /* not used */
1335	{ NULL, NULL, NULL }, /* not used */
1336	{ "Terminate Trace", NULL, NULL },
1337	{ "Datagram", NULL,
1338	"[P7]Destination=[n2]\nSource=[n2]\n" },
1339	{ "Broadcast Datagram", NULL,
1340	"[P7]Destination=[n2]\nSource=[n2]\n" },
1341	{ "Name Query", ", [P7]Name=[n2]#",
1342	"[P1]SessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nName=[n2]\nName of sender=[n2]\n" },
1343	{ NULL, NULL, NULL }, /* not used */
1344	{ NULL, NULL, NULL }, /* not used */
1345	{ "Add Name Response", ", [P1]GroupName=[w] [P4]Destination=[n2] Source=[n2]#",
1346	"AddNameInProcess=[B]\nGroupName=[w]\nTransmitCorrelator=[w][P2]\nDestination=[n2]\nSource=[n2]\n" },
1347	{ "Name Recognized", NULL,
1348	"[P1]Data2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nDestination=[n2]\nSource=[n2]\n" },
1349	{ "Status Response", NULL, NULL },
1350	{ NULL, NULL, NULL }, /* not used */
1351	{ NULL, NULL, NULL }, /* not used */
1352	{ NULL, NULL, NULL }, /* not used */
1353	{ "Terminate Trace", NULL, NULL },
1354	{ "Data Ack", NULL,
1355	"[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1356	{ "Data First/Middle", NULL,
1357	"Flags=[{RECEIVE_CONTINUE\|NO_ACK\|\|PIGGYBACK_ACK_INCLUDED\|}]\nResyncIndicator=[w][P2]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1358	{ "Data Only/Last", NULL,
1359	"Flags=[{\|NO_ACK\|PIGGYBACK_ACK_ALLOWED\|PIGGYBACK_ACK_INCLUDED\|}]\nResyncIndicator=[w][P2]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1360	{ "Session Confirm", NULL,
1361	"Data1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1362	{ "Session End", NULL,
1363	"[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1364	{ "Session Initialize", NULL,
1365	"Data1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1366	{ "No Receive", NULL,
1367	"Flags=[{\|SEND_NO_ACK}]\nDataBytesAccepted=[b][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1368	{ "Receive Outstanding", NULL,
1369	"[P1]DataBytesAccepted=[b][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1370	{ "Receive Continue", NULL,
1371	"[P2]TransmitCorrelator=[w]\n[P2]RemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" },
1372	{ NULL, NULL, NULL }, /* not used */
1373	{ NULL, NULL, NULL }, /* not used */
1374	{ "Session Alive", NULL, NULL }
1375	};
1376
1377	void
1378	netbeui_print(netdissect_options *ndo,
1379	u_short control, const u_char *data, int length)
1380	{
1381	const u_char *maxbuf = data + length;
1382	int len;
1383	int command;
1384	const u_char *data2;
1385	int is_truncated = 0;
1386
1387	if (maxbuf > ndo->ndo_snapend)
1388	maxbuf = ndo->ndo_snapend;
1389	ND_TCHECK(data[4]);
1390	len = EXTRACT_LE_16BITS(data);
1391	command = data[4];
1392	data2 = data + len;
1393	if (data2 >= maxbuf) {
1394	data2 = maxbuf;
1395	is_truncated = 1;
1396	}
1397
1398	startbuf = data;
1399
1400	if (ndo->ndo_vflag < 2) {
1401	ND_PRINT((ndo, "NBF Packet: "));
1402	data = smb_fdata(ndo, data, "[P5]#", maxbuf, 0);
1403	} else {
1404	ND_PRINT((ndo, "\n>>> NBF Packet\nType=0x%X ", control));
1405	data = smb_fdata(ndo, data, "Length=[d] Signature=[w] Command=[B]\n#", maxbuf, 0);
1406	}
1407	if (data == NULL)
1408	goto out;
1409
1410	if (command > 0x1f \|\| nbf_strings[command].name == NULL) {
1411	if (ndo->ndo_vflag < 2)
1412	data = smb_fdata(ndo, data, "Unknown NBF Command#", data2, 0);
1413	else
1414	data = smb_fdata(ndo, data, "Unknown NBF Command\n", data2, 0);
1415	} else {
1416	if (ndo->ndo_vflag < 2) {
1417	ND_PRINT((ndo, "%s", nbf_strings[command].name));
1418	if (nbf_strings[command].nonverbose != NULL)
1419	data = smb_fdata(ndo, data, nbf_strings[command].nonverbose, data2, 0);
1420	} else {
1421	ND_PRINT((ndo, "%s:\n", nbf_strings[command].name));
1422	if (nbf_strings[command].verbose != NULL)
1423	data = smb_fdata(ndo, data, nbf_strings[command].verbose, data2, 0);
1424	else
1425	ND_PRINT((ndo, "\n"));
1426	}
1427	}
1428
1429	if (ndo->ndo_vflag < 2)
1430	return;
1431
1432	if (data == NULL)
1433	goto out;
1434
1435	if (is_truncated) {
1436	/* data2 was past the end of the buffer */
1437	goto out;
1438	}
1439
1440	/* If this isn't a command that would contain an SMB message, quit. */
1441	if (command != 0x08 && command != 0x09 && command != 0x15 &&
1442	command != 0x16)
1443	goto out;
1444
1445	/* If there isn't enough data for "\377SMB", don't look for it. */
1446	if (&data2[3] >= maxbuf)
1447	goto out;
1448
1449	if (memcmp(data2, "\377SMB",4) == 0)
1450	print_smb(ndo, data2, maxbuf);
1451	else {
1452	int i;
1453	for (i = 0; i < 128; i++) {
1454	if (&data2[i + 3] >= maxbuf)
1455	break;
1456	if (memcmp(&data2[i], "\377SMB", 4) == 0) {
1457	ND_PRINT((ndo, "found SMB packet at %d\n", i));
1458	print_smb(ndo, &data2[i], maxbuf);
1459	break;
1460	}
1461	}
1462	}
1463
1464	out:
1465	ND_PRINT((ndo, "\n"));
1466	return;
1467	trunc:
1468	ND_PRINT((ndo, "%s", tstr));
1469	}
1470
1471
1472	/*
1473	* print IPX-Netbios frames
1474	*/
1475	void
1476	ipx_netbios_print(netdissect_options *ndo,
1477	const u_char *data, u_int length)
1478	{
1479	/*
1480	* this is a hack till I work out how to parse the rest of the
1481	* NetBIOS-over-IPX stuff
1482	*/
1483	int i;
1484	const u_char *maxbuf;
1485
1486	maxbuf = data + length;
1487	/* Don't go past the end of the captured data in the packet. */
1488	if (maxbuf > ndo->ndo_snapend)
1489	maxbuf = ndo->ndo_snapend;
1490	startbuf = data;
1491	for (i = 0; i < 128; i++) {
1492	if (&data[i + 4] > maxbuf)
1493	break;
1494	if (memcmp(&data[i], "\377SMB", 4) == 0) {
1495	smb_fdata(ndo, data, "\n>>> IPX transport ", &data[i], 0);
1496	print_smb(ndo, &data[i], maxbuf);
1497	ND_PRINT((ndo, "\n"));
1498	break;
1499	}
1500	}
1501	if (i == 128)
1502	smb_fdata(ndo, data, "\n>>> Unknown IPX ", maxbuf, 0);
1503	}
1504	#ifdef __rtems__
1505	#include "rtems-bsd-tcpdump-print-smb-data.h"
1506	#endif /* __rtems__ */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/freebsd/contrib/tcpdump/print-smb.c @ 9521c08

Download in other formats: