1 | #include <machine/rtems-bsd-user-space.h> |
---|
2 | #ifdef __rtems__ |
---|
3 | #include <machine/rtems-bsd-program.h> |
---|
4 | #include "rtems-bsd-tcpdump-namespace.h" |
---|
5 | #endif /* __rtems__ */ |
---|
6 | /* |
---|
7 | * Copyright (C) Andrew Tridgell 1995-1999 |
---|
8 | * |
---|
9 | * This software may be distributed either under the terms of the |
---|
10 | * BSD-style license that accompanies tcpdump or the GNU GPL version 2 |
---|
11 | * or later |
---|
12 | */ |
---|
13 | |
---|
14 | /* \summary: SMB/CIFS printer */ |
---|
15 | |
---|
16 | #ifdef HAVE_CONFIG_H |
---|
17 | #include "config.h" |
---|
18 | #endif |
---|
19 | |
---|
20 | #include <netdissect-stdinc.h> |
---|
21 | |
---|
22 | #include <string.h> |
---|
23 | |
---|
24 | #include "netdissect.h" |
---|
25 | #include "extract.h" |
---|
26 | #include "smb.h" |
---|
27 | |
---|
28 | static const char tstr[] = "[|SMB]"; |
---|
29 | |
---|
30 | static int request = 0; |
---|
31 | static int unicodestr = 0; |
---|
32 | |
---|
33 | const u_char *startbuf = NULL; |
---|
34 | |
---|
35 | struct smbdescript { |
---|
36 | const char *req_f1; |
---|
37 | const char *req_f2; |
---|
38 | const char *rep_f1; |
---|
39 | const char *rep_f2; |
---|
40 | void (*fn)(netdissect_options *, const u_char *, const u_char *, const u_char *, const u_char *); |
---|
41 | }; |
---|
42 | |
---|
43 | struct smbdescriptint { |
---|
44 | const char *req_f1; |
---|
45 | const char *req_f2; |
---|
46 | const char *rep_f1; |
---|
47 | const char *rep_f2; |
---|
48 | void (*fn)(netdissect_options *, const u_char *, const u_char *, int, int); |
---|
49 | }; |
---|
50 | |
---|
51 | struct smbfns |
---|
52 | { |
---|
53 | int id; |
---|
54 | const char *name; |
---|
55 | int flags; |
---|
56 | struct smbdescript descript; |
---|
57 | }; |
---|
58 | |
---|
59 | struct smbfnsint |
---|
60 | { |
---|
61 | int id; |
---|
62 | const char *name; |
---|
63 | int flags; |
---|
64 | struct smbdescriptint descript; |
---|
65 | }; |
---|
66 | |
---|
67 | #define DEFDESCRIPT { NULL, NULL, NULL, NULL, NULL } |
---|
68 | |
---|
69 | #define FLG_CHAIN (1 << 0) |
---|
70 | |
---|
71 | static const struct smbfns * |
---|
72 | smbfind(int id, const struct smbfns *list) |
---|
73 | { |
---|
74 | int sindex; |
---|
75 | |
---|
76 | for (sindex = 0; list[sindex].name; sindex++) |
---|
77 | if (list[sindex].id == id) |
---|
78 | return(&list[sindex]); |
---|
79 | |
---|
80 | return(&list[0]); |
---|
81 | } |
---|
82 | |
---|
83 | static const struct smbfnsint * |
---|
84 | smbfindint(int id, const struct smbfnsint *list) |
---|
85 | { |
---|
86 | int sindex; |
---|
87 | |
---|
88 | for (sindex = 0; list[sindex].name; sindex++) |
---|
89 | if (list[sindex].id == id) |
---|
90 | return(&list[sindex]); |
---|
91 | |
---|
92 | return(&list[0]); |
---|
93 | } |
---|
94 | |
---|
95 | static void |
---|
96 | trans2_findfirst(netdissect_options *ndo, |
---|
97 | const u_char *param, const u_char *data, int pcnt, int dcnt) |
---|
98 | { |
---|
99 | const char *fmt; |
---|
100 | |
---|
101 | if (request) |
---|
102 | fmt = "Attribute=[A]\nSearchCount=[d]\nFlags=[w]\nLevel=[dP4]\nFile=[S]\n"; |
---|
103 | else |
---|
104 | fmt = "Handle=[w]\nCount=[d]\nEOS=[w]\nEoffset=[d]\nLastNameOfs=[w]\n"; |
---|
105 | |
---|
106 | smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); |
---|
107 | if (dcnt) { |
---|
108 | ND_PRINT((ndo, "data:\n")); |
---|
109 | smb_print_data(ndo, data, dcnt); |
---|
110 | } |
---|
111 | } |
---|
112 | |
---|
113 | static void |
---|
114 | trans2_qfsinfo(netdissect_options *ndo, |
---|
115 | const u_char *param, const u_char *data, int pcnt, int dcnt) |
---|
116 | { |
---|
117 | static int level = 0; |
---|
118 | const char *fmt=""; |
---|
119 | |
---|
120 | if (request) { |
---|
121 | ND_TCHECK2(*param, 2); |
---|
122 | level = EXTRACT_LE_16BITS(param); |
---|
123 | fmt = "InfoLevel=[d]\n"; |
---|
124 | smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); |
---|
125 | } else { |
---|
126 | switch (level) { |
---|
127 | case 1: |
---|
128 | fmt = "idFileSystem=[W]\nSectorUnit=[D]\nUnit=[D]\nAvail=[D]\nSectorSize=[d]\n"; |
---|
129 | break; |
---|
130 | case 2: |
---|
131 | fmt = "CreationTime=[T2]VolNameLength=[lb]\nVolumeLabel=[c]\n"; |
---|
132 | break; |
---|
133 | case 0x105: |
---|
134 | fmt = "Capabilities=[W]\nMaxFileLen=[D]\nVolNameLen=[lD]\nVolume=[C]\n"; |
---|
135 | break; |
---|
136 | default: |
---|
137 | fmt = "UnknownLevel\n"; |
---|
138 | break; |
---|
139 | } |
---|
140 | smb_fdata(ndo, data, fmt, data + dcnt, unicodestr); |
---|
141 | } |
---|
142 | if (dcnt) { |
---|
143 | ND_PRINT((ndo, "data:\n")); |
---|
144 | smb_print_data(ndo, data, dcnt); |
---|
145 | } |
---|
146 | return; |
---|
147 | trunc: |
---|
148 | ND_PRINT((ndo, "%s", tstr)); |
---|
149 | } |
---|
150 | |
---|
151 | static const struct smbfnsint trans2_fns[] = { |
---|
152 | { 0, "TRANSACT2_OPEN", 0, |
---|
153 | { "Flags2=[w]\nMode=[w]\nSearchAttrib=[A]\nAttrib=[A]\nTime=[T2]\nOFun=[w]\nSize=[D]\nRes=([w, w, w, w, w])\nPath=[S]", |
---|
154 | NULL, |
---|
155 | "Handle=[d]\nAttrib=[A]\nTime=[T2]\nSize=[D]\nAccess=[w]\nType=[w]\nState=[w]\nAction=[w]\nInode=[W]\nOffErr=[d]\n|EALength=[d]\n", |
---|
156 | NULL, NULL }}, |
---|
157 | { 1, "TRANSACT2_FINDFIRST", 0, |
---|
158 | { NULL, NULL, NULL, NULL, trans2_findfirst }}, |
---|
159 | { 2, "TRANSACT2_FINDNEXT", 0, DEFDESCRIPT }, |
---|
160 | { 3, "TRANSACT2_QFSINFO", 0, |
---|
161 | { NULL, NULL, NULL, NULL, trans2_qfsinfo }}, |
---|
162 | { 4, "TRANSACT2_SETFSINFO", 0, DEFDESCRIPT }, |
---|
163 | { 5, "TRANSACT2_QPATHINFO", 0, DEFDESCRIPT }, |
---|
164 | { 6, "TRANSACT2_SETPATHINFO", 0, DEFDESCRIPT }, |
---|
165 | { 7, "TRANSACT2_QFILEINFO", 0, DEFDESCRIPT }, |
---|
166 | { 8, "TRANSACT2_SETFILEINFO", 0, DEFDESCRIPT }, |
---|
167 | { 9, "TRANSACT2_FSCTL", 0, DEFDESCRIPT }, |
---|
168 | { 10, "TRANSACT2_IOCTL", 0, DEFDESCRIPT }, |
---|
169 | { 11, "TRANSACT2_FINDNOTIFYFIRST", 0, DEFDESCRIPT }, |
---|
170 | { 12, "TRANSACT2_FINDNOTIFYNEXT", 0, DEFDESCRIPT }, |
---|
171 | { 13, "TRANSACT2_MKDIR", 0, DEFDESCRIPT }, |
---|
172 | { -1, NULL, 0, DEFDESCRIPT } |
---|
173 | }; |
---|
174 | |
---|
175 | |
---|
176 | static void |
---|
177 | print_trans2(netdissect_options *ndo, |
---|
178 | const u_char *words, const u_char *dat, const u_char *buf, const u_char *maxbuf) |
---|
179 | { |
---|
180 | u_int bcc; |
---|
181 | static const struct smbfnsint *fn = &trans2_fns[0]; |
---|
182 | const u_char *data, *param; |
---|
183 | const u_char *w = words + 1; |
---|
184 | const char *f1 = NULL, *f2 = NULL; |
---|
185 | int pcnt, dcnt; |
---|
186 | |
---|
187 | ND_TCHECK(words[0]); |
---|
188 | if (request) { |
---|
189 | ND_TCHECK2(w[14 * 2], 2); |
---|
190 | pcnt = EXTRACT_LE_16BITS(w + 9 * 2); |
---|
191 | param = buf + EXTRACT_LE_16BITS(w + 10 * 2); |
---|
192 | dcnt = EXTRACT_LE_16BITS(w + 11 * 2); |
---|
193 | data = buf + EXTRACT_LE_16BITS(w + 12 * 2); |
---|
194 | fn = smbfindint(EXTRACT_LE_16BITS(w + 14 * 2), trans2_fns); |
---|
195 | } else { |
---|
196 | if (words[0] == 0) { |
---|
197 | ND_PRINT((ndo, "%s\n", fn->name)); |
---|
198 | ND_PRINT((ndo, "Trans2Interim\n")); |
---|
199 | return; |
---|
200 | } |
---|
201 | ND_TCHECK2(w[7 * 2], 2); |
---|
202 | pcnt = EXTRACT_LE_16BITS(w + 3 * 2); |
---|
203 | param = buf + EXTRACT_LE_16BITS(w + 4 * 2); |
---|
204 | dcnt = EXTRACT_LE_16BITS(w + 6 * 2); |
---|
205 | data = buf + EXTRACT_LE_16BITS(w + 7 * 2); |
---|
206 | } |
---|
207 | |
---|
208 | ND_PRINT((ndo, "%s param_length=%d data_length=%d\n", fn->name, pcnt, dcnt)); |
---|
209 | |
---|
210 | if (request) { |
---|
211 | if (words[0] == 8) { |
---|
212 | smb_fdata(ndo, words + 1, |
---|
213 | "Trans2Secondary\nTotParam=[d]\nTotData=[d]\nParamCnt=[d]\nParamOff=[d]\nParamDisp=[d]\nDataCnt=[d]\nDataOff=[d]\nDataDisp=[d]\nHandle=[d]\n", |
---|
214 | maxbuf, unicodestr); |
---|
215 | return; |
---|
216 | } else { |
---|
217 | smb_fdata(ndo, words + 1, |
---|
218 | "TotParam=[d]\nTotData=[d]\nMaxParam=[d]\nMaxData=[d]\nMaxSetup=[b][P1]\nFlags=[w]\nTimeOut=[D]\nRes1=[w]\nParamCnt=[d]\nParamOff=[d]\nDataCnt=[d]\nDataOff=[d]\nSetupCnt=[b][P1]\n", |
---|
219 | words + 1 + 14 * 2, unicodestr); |
---|
220 | } |
---|
221 | f1 = fn->descript.req_f1; |
---|
222 | f2 = fn->descript.req_f2; |
---|
223 | } else { |
---|
224 | smb_fdata(ndo, words + 1, |
---|
225 | "TotParam=[d]\nTotData=[d]\nRes1=[w]\nParamCnt=[d]\nParamOff=[d]\nParamDisp[d]\nDataCnt=[d]\nDataOff=[d]\nDataDisp=[d]\nSetupCnt=[b][P1]\n", |
---|
226 | words + 1 + 10 * 2, unicodestr); |
---|
227 | f1 = fn->descript.rep_f1; |
---|
228 | f2 = fn->descript.rep_f2; |
---|
229 | } |
---|
230 | |
---|
231 | ND_TCHECK2(*dat, 2); |
---|
232 | bcc = EXTRACT_LE_16BITS(dat); |
---|
233 | ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); |
---|
234 | if (fn->descript.fn) |
---|
235 | (*fn->descript.fn)(ndo, param, data, pcnt, dcnt); |
---|
236 | else { |
---|
237 | smb_fdata(ndo, param, f1 ? f1 : "Parameters=\n", param + pcnt, unicodestr); |
---|
238 | smb_fdata(ndo, data, f2 ? f2 : "Data=\n", data + dcnt, unicodestr); |
---|
239 | } |
---|
240 | return; |
---|
241 | trunc: |
---|
242 | ND_PRINT((ndo, "%s", tstr)); |
---|
243 | } |
---|
244 | |
---|
245 | static void |
---|
246 | print_browse(netdissect_options *ndo, |
---|
247 | const u_char *param, int paramlen, const u_char *data, int datalen) |
---|
248 | { |
---|
249 | const u_char *maxbuf = data + datalen; |
---|
250 | int command; |
---|
251 | |
---|
252 | ND_TCHECK(data[0]); |
---|
253 | command = data[0]; |
---|
254 | |
---|
255 | smb_fdata(ndo, param, "BROWSE PACKET\n|Param ", param+paramlen, unicodestr); |
---|
256 | |
---|
257 | switch (command) { |
---|
258 | case 0xF: |
---|
259 | data = smb_fdata(ndo, data, |
---|
260 | "BROWSE PACKET:\nType=[B] (LocalMasterAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nElectionVersion=[w]\nBrowserConstant=[w]\n", |
---|
261 | maxbuf, unicodestr); |
---|
262 | break; |
---|
263 | |
---|
264 | case 0x1: |
---|
265 | data = smb_fdata(ndo, data, |
---|
266 | "BROWSE PACKET:\nType=[B] (HostAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nElectionVersion=[w]\nBrowserConstant=[w]\n", |
---|
267 | maxbuf, unicodestr); |
---|
268 | break; |
---|
269 | |
---|
270 | case 0x2: |
---|
271 | data = smb_fdata(ndo, data, |
---|
272 | "BROWSE PACKET:\nType=[B] (AnnouncementRequest)\nFlags=[B]\nReplySystemName=[S]\n", |
---|
273 | maxbuf, unicodestr); |
---|
274 | break; |
---|
275 | |
---|
276 | case 0xc: |
---|
277 | data = smb_fdata(ndo, data, |
---|
278 | "BROWSE PACKET:\nType=[B] (WorkgroupAnnouncement)\nUpdateCount=[w]\nRes1=[B]\nAnnounceInterval=[d]\nName=[n2]\nMajorVersion=[B]\nMinorVersion=[B]\nServerType=[W]\nCommentPointer=[W]\nServerName=[S]\n", |
---|
279 | maxbuf, unicodestr); |
---|
280 | break; |
---|
281 | |
---|
282 | case 0x8: |
---|
283 | data = smb_fdata(ndo, data, |
---|
284 | "BROWSE PACKET:\nType=[B] (ElectionFrame)\nElectionVersion=[B]\nOSSummary=[W]\nUptime=[(W, W)]\nServerName=[S]\n", |
---|
285 | maxbuf, unicodestr); |
---|
286 | break; |
---|
287 | |
---|
288 | case 0xb: |
---|
289 | data = smb_fdata(ndo, data, |
---|
290 | "BROWSE PACKET:\nType=[B] (BecomeBackupBrowser)\nName=[S]\n", |
---|
291 | maxbuf, unicodestr); |
---|
292 | break; |
---|
293 | |
---|
294 | case 0x9: |
---|
295 | data = smb_fdata(ndo, data, |
---|
296 | "BROWSE PACKET:\nType=[B] (GetBackupList)\nListCount?=[B]\nToken=[W]\n", |
---|
297 | maxbuf, unicodestr); |
---|
298 | break; |
---|
299 | |
---|
300 | case 0xa: |
---|
301 | data = smb_fdata(ndo, data, |
---|
302 | "BROWSE PACKET:\nType=[B] (BackupListResponse)\nServerCount?=[B]\nToken=[W]\n*Name=[S]\n", |
---|
303 | maxbuf, unicodestr); |
---|
304 | break; |
---|
305 | |
---|
306 | case 0xd: |
---|
307 | data = smb_fdata(ndo, data, |
---|
308 | "BROWSE PACKET:\nType=[B] (MasterAnnouncement)\nMasterName=[S]\n", |
---|
309 | maxbuf, unicodestr); |
---|
310 | break; |
---|
311 | |
---|
312 | case 0xe: |
---|
313 | data = smb_fdata(ndo, data, |
---|
314 | "BROWSE PACKET:\nType=[B] (ResetBrowser)\nOptions=[B]\n", maxbuf, unicodestr); |
---|
315 | break; |
---|
316 | |
---|
317 | default: |
---|
318 | data = smb_fdata(ndo, data, "Unknown Browser Frame ", maxbuf, unicodestr); |
---|
319 | break; |
---|
320 | } |
---|
321 | return; |
---|
322 | trunc: |
---|
323 | ND_PRINT((ndo, "%s", tstr)); |
---|
324 | } |
---|
325 | |
---|
326 | |
---|
327 | static void |
---|
328 | print_ipc(netdissect_options *ndo, |
---|
329 | const u_char *param, int paramlen, const u_char *data, int datalen) |
---|
330 | { |
---|
331 | if (paramlen) |
---|
332 | smb_fdata(ndo, param, "Command=[w]\nStr1=[S]\nStr2=[S]\n", param + paramlen, |
---|
333 | unicodestr); |
---|
334 | if (datalen) |
---|
335 | smb_fdata(ndo, data, "IPC ", data + datalen, unicodestr); |
---|
336 | } |
---|
337 | |
---|
338 | |
---|
339 | static void |
---|
340 | print_trans(netdissect_options *ndo, |
---|
341 | const u_char *words, const u_char *data1, const u_char *buf, const u_char *maxbuf) |
---|
342 | { |
---|
343 | u_int bcc; |
---|
344 | const char *f1, *f2, *f3, *f4; |
---|
345 | const u_char *data, *param; |
---|
346 | const u_char *w = words + 1; |
---|
347 | int datalen, paramlen; |
---|
348 | |
---|
349 | if (request) { |
---|
350 | ND_TCHECK2(w[12 * 2], 2); |
---|
351 | paramlen = EXTRACT_LE_16BITS(w + 9 * 2); |
---|
352 | param = buf + EXTRACT_LE_16BITS(w + 10 * 2); |
---|
353 | datalen = EXTRACT_LE_16BITS(w + 11 * 2); |
---|
354 | data = buf + EXTRACT_LE_16BITS(w + 12 * 2); |
---|
355 | f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nMaxParmCnt=[d] \nMaxDataCnt=[d]\nMaxSCnt=[d] \nTransFlags=[w] \nRes1=[w] \nRes2=[w] \nRes3=[w]\nParamCnt=[d] \nParamOff=[d] \nDataCnt=[d] \nDataOff=[d] \nSUCnt=[d]\n"; |
---|
356 | f2 = "|Name=[S]\n"; |
---|
357 | f3 = "|Param "; |
---|
358 | f4 = "|Data "; |
---|
359 | } else { |
---|
360 | ND_TCHECK2(w[7 * 2], 2); |
---|
361 | paramlen = EXTRACT_LE_16BITS(w + 3 * 2); |
---|
362 | param = buf + EXTRACT_LE_16BITS(w + 4 * 2); |
---|
363 | datalen = EXTRACT_LE_16BITS(w + 6 * 2); |
---|
364 | data = buf + EXTRACT_LE_16BITS(w + 7 * 2); |
---|
365 | f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nRes1=[d]\nParamCnt=[d] \nParamOff=[d] \nRes2=[d] \nDataCnt=[d] \nDataOff=[d] \nRes3=[d]\nLsetup=[d]\n"; |
---|
366 | f2 = "|Unknown "; |
---|
367 | f3 = "|Param "; |
---|
368 | f4 = "|Data "; |
---|
369 | } |
---|
370 | |
---|
371 | smb_fdata(ndo, words + 1, f1, min(words + 1 + 2 * words[0], maxbuf), |
---|
372 | unicodestr); |
---|
373 | |
---|
374 | ND_TCHECK2(*data1, 2); |
---|
375 | bcc = EXTRACT_LE_16BITS(data1); |
---|
376 | ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); |
---|
377 | if (bcc > 0) { |
---|
378 | smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr); |
---|
379 | |
---|
380 | if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) { |
---|
381 | print_browse(ndo, param, paramlen, data, datalen); |
---|
382 | return; |
---|
383 | } |
---|
384 | |
---|
385 | if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) { |
---|
386 | print_ipc(ndo, param, paramlen, data, datalen); |
---|
387 | return; |
---|
388 | } |
---|
389 | |
---|
390 | if (paramlen) |
---|
391 | smb_fdata(ndo, param, f3, min(param + paramlen, maxbuf), unicodestr); |
---|
392 | if (datalen) |
---|
393 | smb_fdata(ndo, data, f4, min(data + datalen, maxbuf), unicodestr); |
---|
394 | } |
---|
395 | return; |
---|
396 | trunc: |
---|
397 | ND_PRINT((ndo, "%s", tstr)); |
---|
398 | } |
---|
399 | |
---|
400 | |
---|
401 | static void |
---|
402 | print_negprot(netdissect_options *ndo, |
---|
403 | const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) |
---|
404 | { |
---|
405 | u_int wct, bcc; |
---|
406 | const char *f1 = NULL, *f2 = NULL; |
---|
407 | |
---|
408 | ND_TCHECK(words[0]); |
---|
409 | wct = words[0]; |
---|
410 | if (request) |
---|
411 | f2 = "*|Dialect=[Y]\n"; |
---|
412 | else { |
---|
413 | if (wct == 1) |
---|
414 | f1 = "Core Protocol\nDialectIndex=[d]"; |
---|
415 | else if (wct == 17) |
---|
416 | f1 = "NT1 Protocol\nDialectIndex=[d]\nSecMode=[B]\nMaxMux=[d]\nNumVcs=[d]\nMaxBuffer=[D]\nRawSize=[D]\nSessionKey=[W]\nCapabilities=[W]\nServerTime=[T3]TimeZone=[d]\nCryptKey="; |
---|
417 | else if (wct == 13) |
---|
418 | f1 = "Coreplus/Lanman1/Lanman2 Protocol\nDialectIndex=[d]\nSecMode=[w]\nMaxXMit=[d]\nMaxMux=[d]\nMaxVcs=[d]\nBlkMode=[w]\nSessionKey=[W]\nServerTime=[T1]TimeZone=[d]\nRes=[W]\nCryptKey="; |
---|
419 | } |
---|
420 | |
---|
421 | if (f1) |
---|
422 | smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf), |
---|
423 | unicodestr); |
---|
424 | else |
---|
425 | smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); |
---|
426 | |
---|
427 | ND_TCHECK2(*data, 2); |
---|
428 | bcc = EXTRACT_LE_16BITS(data); |
---|
429 | ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); |
---|
430 | if (bcc > 0) { |
---|
431 | if (f2) |
---|
432 | smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), |
---|
433 | maxbuf), unicodestr); |
---|
434 | else |
---|
435 | smb_print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); |
---|
436 | } |
---|
437 | return; |
---|
438 | trunc: |
---|
439 | ND_PRINT((ndo, "%s", tstr)); |
---|
440 | } |
---|
441 | |
---|
442 | static void |
---|
443 | print_sesssetup(netdissect_options *ndo, |
---|
444 | const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) |
---|
445 | { |
---|
446 | u_int wct, bcc; |
---|
447 | const char *f1 = NULL, *f2 = NULL; |
---|
448 | |
---|
449 | ND_TCHECK(words[0]); |
---|
450 | wct = words[0]; |
---|
451 | if (request) { |
---|
452 | if (wct == 10) |
---|
453 | f1 = "Com2=[w]\nOff2=[d]\nBufSize=[d]\nMpxMax=[d]\nVcNum=[d]\nSessionKey=[W]\nPassLen=[d]\nCryptLen=[d]\nCryptOff=[d]\nPass&Name=\n"; |
---|
454 | else |
---|
455 | f1 = "Com2=[B]\nRes1=[B]\nOff2=[d]\nMaxBuffer=[d]\nMaxMpx=[d]\nVcNumber=[d]\nSessionKey=[W]\nCaseInsensitivePasswordLength=[d]\nCaseSensitivePasswordLength=[d]\nRes=[W]\nCapabilities=[W]\nPass1&Pass2&Account&Domain&OS&LanMan=\n"; |
---|
456 | } else { |
---|
457 | if (wct == 3) { |
---|
458 | f1 = "Com2=[w]\nOff2=[d]\nAction=[w]\n"; |
---|
459 | } else if (wct == 13) { |
---|
460 | f1 = "Com2=[B]\nRes=[B]\nOff2=[d]\nAction=[w]\n"; |
---|
461 | f2 = "NativeOS=[S]\nNativeLanMan=[S]\nPrimaryDomain=[S]\n"; |
---|
462 | } |
---|
463 | } |
---|
464 | |
---|
465 | if (f1) |
---|
466 | smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf), |
---|
467 | unicodestr); |
---|
468 | else |
---|
469 | smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); |
---|
470 | |
---|
471 | ND_TCHECK2(*data, 2); |
---|
472 | bcc = EXTRACT_LE_16BITS(data); |
---|
473 | ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); |
---|
474 | if (bcc > 0) { |
---|
475 | if (f2) |
---|
476 | smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), |
---|
477 | maxbuf), unicodestr); |
---|
478 | else |
---|
479 | smb_print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); |
---|
480 | } |
---|
481 | return; |
---|
482 | trunc: |
---|
483 | ND_PRINT((ndo, "%s", tstr)); |
---|
484 | } |
---|
485 | |
---|
486 | static void |
---|
487 | print_lockingandx(netdissect_options *ndo, |
---|
488 | const u_char *words, const u_char *data, const u_char *buf _U_, const u_char *maxbuf) |
---|
489 | { |
---|
490 | u_int wct, bcc; |
---|
491 | const u_char *maxwords; |
---|
492 | const char *f1 = NULL, *f2 = NULL; |
---|
493 | |
---|
494 | ND_TCHECK(words[0]); |
---|
495 | wct = words[0]; |
---|
496 | if (request) { |
---|
497 | f1 = "Com2=[w]\nOff2=[d]\nHandle=[d]\nLockType=[w]\nTimeOut=[D]\nUnlockCount=[d]\nLockCount=[d]\n"; |
---|
498 | ND_TCHECK(words[7]); |
---|
499 | if (words[7] & 0x10) |
---|
500 | f2 = "*Process=[d]\n[P2]Offset=[M]\nLength=[M]\n"; |
---|
501 | else |
---|
502 | f2 = "*Process=[d]\nOffset=[D]\nLength=[D]\n"; |
---|
503 | } else { |
---|
504 | f1 = "Com2=[w]\nOff2=[d]\n"; |
---|
505 | } |
---|
506 | |
---|
507 | maxwords = min(words + 1 + wct * 2, maxbuf); |
---|
508 | if (wct) |
---|
509 | smb_fdata(ndo, words + 1, f1, maxwords, unicodestr); |
---|
510 | |
---|
511 | ND_TCHECK2(*data, 2); |
---|
512 | bcc = EXTRACT_LE_16BITS(data); |
---|
513 | ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); |
---|
514 | if (bcc > 0) { |
---|
515 | if (f2) |
---|
516 | smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), |
---|
517 | maxbuf), unicodestr); |
---|
518 | else |
---|
519 | smb_print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); |
---|
520 | } |
---|
521 | return; |
---|
522 | trunc: |
---|
523 | ND_PRINT((ndo, "%s", tstr)); |
---|
524 | } |
---|
525 | |
---|
526 | |
---|
527 | static const struct smbfns smb_fns[] = { |
---|
528 | { -1, "SMBunknown", 0, DEFDESCRIPT }, |
---|
529 | |
---|
530 | { SMBtcon, "SMBtcon", 0, |
---|
531 | { NULL, "Path=[Z]\nPassword=[Z]\nDevice=[Z]\n", |
---|
532 | "MaxXmit=[d]\nTreeId=[d]\n", NULL, |
---|
533 | NULL } }, |
---|
534 | |
---|
535 | { SMBtdis, "SMBtdis", 0, DEFDESCRIPT }, |
---|
536 | { SMBexit, "SMBexit", 0, DEFDESCRIPT }, |
---|
537 | { SMBioctl, "SMBioctl", 0, DEFDESCRIPT }, |
---|
538 | |
---|
539 | { SMBecho, "SMBecho", 0, |
---|
540 | { "ReverbCount=[d]\n", NULL, |
---|
541 | "SequenceNum=[d]\n", NULL, |
---|
542 | NULL } }, |
---|
543 | |
---|
544 | { SMBulogoffX, "SMBulogoffX", FLG_CHAIN, DEFDESCRIPT }, |
---|
545 | |
---|
546 | { SMBgetatr, "SMBgetatr", 0, |
---|
547 | { NULL, "Path=[Z]\n", |
---|
548 | "Attribute=[A]\nTime=[T2]Size=[D]\nRes=([w,w,w,w,w])\n", NULL, |
---|
549 | NULL } }, |
---|
550 | |
---|
551 | { SMBsetatr, "SMBsetatr", 0, |
---|
552 | { "Attribute=[A]\nTime=[T2]Res=([w,w,w,w,w])\n", "Path=[Z]\n", |
---|
553 | NULL, NULL, NULL } }, |
---|
554 | |
---|
555 | { SMBchkpth, "SMBchkpth", 0, |
---|
556 | { NULL, "Path=[Z]\n", NULL, NULL, NULL } }, |
---|
557 | |
---|
558 | { SMBsearch, "SMBsearch", 0, |
---|
559 | { "Count=[d]\nAttrib=[A]\n", |
---|
560 | "Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\n", |
---|
561 | "Count=[d]\n", |
---|
562 | "BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n", |
---|
563 | NULL } }, |
---|
564 | |
---|
565 | { SMBopen, "SMBopen", 0, |
---|
566 | { "Mode=[w]\nAttribute=[A]\n", "Path=[Z]\n", |
---|
567 | "Handle=[d]\nOAttrib=[A]\nTime=[T2]Size=[D]\nAccess=[w]\n", |
---|
568 | NULL, NULL } }, |
---|
569 | |
---|
570 | { SMBcreate, "SMBcreate", 0, |
---|
571 | { "Attrib=[A]\nTime=[T2]", "Path=[Z]\n", "Handle=[d]\n", NULL, NULL } }, |
---|
572 | |
---|
573 | { SMBmknew, "SMBmknew", 0, |
---|
574 | { "Attrib=[A]\nTime=[T2]", "Path=[Z]\n", "Handle=[d]\n", NULL, NULL } }, |
---|
575 | |
---|
576 | { SMBunlink, "SMBunlink", 0, |
---|
577 | { "Attrib=[A]\n", "Path=[Z]\n", NULL, NULL, NULL } }, |
---|
578 | |
---|
579 | { SMBread, "SMBread", 0, |
---|
580 | { "Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n", NULL, |
---|
581 | "Count=[d]\nRes=([w,w,w,w])\n", NULL, NULL } }, |
---|
582 | |
---|
583 | { SMBwrite, "SMBwrite", 0, |
---|
584 | { "Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n", NULL, |
---|
585 | "Count=[d]\n", NULL, NULL } }, |
---|
586 | |
---|
587 | { SMBclose, "SMBclose", 0, |
---|
588 | { "Handle=[d]\nTime=[T2]", NULL, NULL, NULL, NULL } }, |
---|
589 | |
---|
590 | { SMBmkdir, "SMBmkdir", 0, |
---|
591 | { NULL, "Path=[Z]\n", NULL, NULL, NULL } }, |
---|
592 | |
---|
593 | { SMBrmdir, "SMBrmdir", 0, |
---|
594 | { NULL, "Path=[Z]\n", NULL, NULL, NULL } }, |
---|
595 | |
---|
596 | { SMBdskattr, "SMBdskattr", 0, |
---|
597 | { NULL, NULL, |
---|
598 | "TotalUnits=[d]\nBlocksPerUnit=[d]\nBlockSize=[d]\nFreeUnits=[d]\nMedia=[w]\n", |
---|
599 | NULL, NULL } }, |
---|
600 | |
---|
601 | { SMBmv, "SMBmv", 0, |
---|
602 | { "Attrib=[A]\n", "OldPath=[Z]\nNewPath=[Z]\n", NULL, NULL, NULL } }, |
---|
603 | |
---|
604 | /* |
---|
605 | * this is a Pathworks specific call, allowing the |
---|
606 | * changing of the root path |
---|
607 | */ |
---|
608 | { pSETDIR, "SMBsetdir", 0, { NULL, "Path=[Z]\n", NULL, NULL, NULL } }, |
---|
609 | |
---|
610 | { SMBlseek, "SMBlseek", 0, |
---|
611 | { "Handle=[d]\nMode=[w]\nOffset=[D]\n", "Offset=[D]\n", NULL, NULL, NULL } }, |
---|
612 | |
---|
613 | { SMBflush, "SMBflush", 0, { "Handle=[d]\n", NULL, NULL, NULL, NULL } }, |
---|
614 | |
---|
615 | { SMBsplopen, "SMBsplopen", 0, |
---|
616 | { "SetupLen=[d]\nMode=[w]\n", "Ident=[Z]\n", "Handle=[d]\n", |
---|
617 | NULL, NULL } }, |
---|
618 | |
---|
619 | { SMBsplclose, "SMBsplclose", 0, |
---|
620 | { "Handle=[d]\n", NULL, NULL, NULL, NULL } }, |
---|
621 | |
---|
622 | { SMBsplretq, "SMBsplretq", 0, |
---|
623 | { "MaxCount=[d]\nStartIndex=[d]\n", NULL, |
---|
624 | "Count=[d]\nIndex=[d]\n", |
---|
625 | "*Time=[T2]Status=[B]\nJobID=[d]\nSize=[D]\nRes=[B]Name=[s16]\n", |
---|
626 | NULL } }, |
---|
627 | |
---|
628 | { SMBsplwr, "SMBsplwr", 0, |
---|
629 | { "Handle=[d]\n", NULL, NULL, NULL, NULL } }, |
---|
630 | |
---|
631 | { SMBlock, "SMBlock", 0, |
---|
632 | { "Handle=[d]\nCount=[D]\nOffset=[D]\n", NULL, NULL, NULL, NULL } }, |
---|
633 | |
---|
634 | { SMBunlock, "SMBunlock", 0, |
---|
635 | { "Handle=[d]\nCount=[D]\nOffset=[D]\n", NULL, NULL, NULL, NULL } }, |
---|
636 | |
---|
637 | /* CORE+ PROTOCOL FOLLOWS */ |
---|
638 | |
---|
639 | { SMBreadbraw, "SMBreadbraw", 0, |
---|
640 | { "Handle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nRes=[d]\n", |
---|
641 | NULL, NULL, NULL, NULL } }, |
---|
642 | |
---|
643 | { SMBwritebraw, "SMBwritebraw", 0, |
---|
644 | { "Handle=[d]\nTotalCount=[d]\nRes=[w]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nRes2=[W]\n|DataSize=[d]\nDataOff=[d]\n", |
---|
645 | NULL, "WriteRawAck", NULL, NULL } }, |
---|
646 | |
---|
647 | { SMBwritec, "SMBwritec", 0, |
---|
648 | { NULL, NULL, "Count=[d]\n", NULL, NULL } }, |
---|
649 | |
---|
650 | { SMBwriteclose, "SMBwriteclose", 0, |
---|
651 | { "Handle=[d]\nCount=[d]\nOffset=[D]\nTime=[T2]Res=([w,w,w,w,w,w])", |
---|
652 | NULL, "Count=[d]\n", NULL, NULL } }, |
---|
653 | |
---|
654 | { SMBlockread, "SMBlockread", 0, |
---|
655 | { "Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n", NULL, |
---|
656 | "Count=[d]\nRes=([w,w,w,w])\n", NULL, NULL } }, |
---|
657 | |
---|
658 | { SMBwriteunlock, "SMBwriteunlock", 0, |
---|
659 | { "Handle=[d]\nByteCount=[d]\nOffset=[D]\nCountLeft=[d]\n", NULL, |
---|
660 | "Count=[d]\n", NULL, NULL } }, |
---|
661 | |
---|
662 | { SMBreadBmpx, "SMBreadBmpx", 0, |
---|
663 | { "Handle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nRes=[w]\n", |
---|
664 | NULL, |
---|
665 | "Offset=[D]\nTotCount=[d]\nRemaining=[d]\nRes=([w,w])\nDataSize=[d]\nDataOff=[d]\n", |
---|
666 | NULL, NULL } }, |
---|
667 | |
---|
668 | { SMBwriteBmpx, "SMBwriteBmpx", 0, |
---|
669 | { "Handle=[d]\nTotCount=[d]\nRes=[w]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nRes2=[W]\nDataSize=[d]\nDataOff=[d]\n", NULL, |
---|
670 | "Remaining=[d]\n", NULL, NULL } }, |
---|
671 | |
---|
672 | { SMBwriteBs, "SMBwriteBs", 0, |
---|
673 | { "Handle=[d]\nTotCount=[d]\nOffset=[D]\nRes=[W]\nDataSize=[d]\nDataOff=[d]\n", |
---|
674 | NULL, "Count=[d]\n", NULL, NULL } }, |
---|
675 | |
---|
676 | { SMBsetattrE, "SMBsetattrE", 0, |
---|
677 | { "Handle=[d]\nCreationTime=[T2]AccessTime=[T2]ModifyTime=[T2]", NULL, |
---|
678 | NULL, NULL, NULL } }, |
---|
679 | |
---|
680 | { SMBgetattrE, "SMBgetattrE", 0, |
---|
681 | { "Handle=[d]\n", NULL, |
---|
682 | "CreationTime=[T2]AccessTime=[T2]ModifyTime=[T2]Size=[D]\nAllocSize=[D]\nAttribute=[A]\n", |
---|
683 | NULL, NULL } }, |
---|
684 | |
---|
685 | { SMBtranss, "SMBtranss", 0, DEFDESCRIPT }, |
---|
686 | { SMBioctls, "SMBioctls", 0, DEFDESCRIPT }, |
---|
687 | |
---|
688 | { SMBcopy, "SMBcopy", 0, |
---|
689 | { "TreeID2=[d]\nOFun=[w]\nFlags=[w]\n", "Path=[S]\nNewPath=[S]\n", |
---|
690 | "CopyCount=[d]\n", "|ErrStr=[S]\n", NULL } }, |
---|
691 | |
---|
692 | { SMBmove, "SMBmove", 0, |
---|
693 | { "TreeID2=[d]\nOFun=[w]\nFlags=[w]\n", "Path=[S]\nNewPath=[S]\n", |
---|
694 | "MoveCount=[d]\n", "|ErrStr=[S]\n", NULL } }, |
---|
695 | |
---|
696 | { SMBopenX, "SMBopenX", FLG_CHAIN, |
---|
697 | { "Com2=[w]\nOff2=[d]\nFlags=[w]\nMode=[w]\nSearchAttrib=[A]\nAttrib=[A]\nTime=[T2]OFun=[w]\nSize=[D]\nTimeOut=[D]\nRes=[W]\n", |
---|
698 | "Path=[S]\n", |
---|
699 | "Com2=[w]\nOff2=[d]\nHandle=[d]\nAttrib=[A]\nTime=[T2]Size=[D]\nAccess=[w]\nType=[w]\nState=[w]\nAction=[w]\nFileID=[W]\nRes=[w]\n", |
---|
700 | NULL, NULL } }, |
---|
701 | |
---|
702 | { SMBreadX, "SMBreadX", FLG_CHAIN, |
---|
703 | { "Com2=[w]\nOff2=[d]\nHandle=[d]\nOffset=[D]\nMaxCount=[d]\nMinCount=[d]\nTimeOut=[D]\nCountLeft=[d]\n", |
---|
704 | NULL, |
---|
705 | "Com2=[w]\nOff2=[d]\nRemaining=[d]\nRes=[W]\nDataSize=[d]\nDataOff=[d]\nRes=([w,w,w,w])\n", |
---|
706 | NULL, NULL } }, |
---|
707 | |
---|
708 | { SMBwriteX, "SMBwriteX", FLG_CHAIN, |
---|
709 | { "Com2=[w]\nOff2=[d]\nHandle=[d]\nOffset=[D]\nTimeOut=[D]\nWMode=[w]\nCountLeft=[d]\nRes=[w]\nDataSize=[d]\nDataOff=[d]\n", |
---|
710 | NULL, |
---|
711 | "Com2=[w]\nOff2=[d]\nCount=[d]\nRemaining=[d]\nRes=[W]\n", |
---|
712 | NULL, NULL } }, |
---|
713 | |
---|
714 | { SMBffirst, "SMBffirst", 0, |
---|
715 | { "Count=[d]\nAttrib=[A]\n", |
---|
716 | "Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n", |
---|
717 | "Count=[d]\n", |
---|
718 | "BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n", |
---|
719 | NULL } }, |
---|
720 | |
---|
721 | { SMBfunique, "SMBfunique", 0, |
---|
722 | { "Count=[d]\nAttrib=[A]\n", |
---|
723 | "Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n", |
---|
724 | "Count=[d]\n", |
---|
725 | "BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n", |
---|
726 | NULL } }, |
---|
727 | |
---|
728 | { SMBfclose, "SMBfclose", 0, |
---|
729 | { "Count=[d]\nAttrib=[A]\n", |
---|
730 | "Path=[Z]\nBlkType=[B]\nBlkLen=[d]\n|Res1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\n", |
---|
731 | "Count=[d]\n", |
---|
732 | "BlkType=[B]\nBlkLen=[d]\n*\nRes1=[B]\nMask=[s11]\nSrv1=[B]\nDirIndex=[d]\nSrv2=[w]\nRes2=[W]\nAttrib=[a]\nTime=[T1]Size=[D]\nName=[s13]\n", |
---|
733 | NULL } }, |
---|
734 | |
---|
735 | { SMBfindnclose, "SMBfindnclose", 0, |
---|
736 | { "Handle=[d]\n", NULL, NULL, NULL, NULL } }, |
---|
737 | |
---|
738 | { SMBfindclose, "SMBfindclose", 0, |
---|
739 | { "Handle=[d]\n", NULL, NULL, NULL, NULL } }, |
---|
740 | |
---|
741 | { SMBsends, "SMBsends", 0, |
---|
742 | { NULL, "Source=[Z]\nDest=[Z]\n", NULL, NULL, NULL } }, |
---|
743 | |
---|
744 | { SMBsendstrt, "SMBsendstrt", 0, |
---|
745 | { NULL, "Source=[Z]\nDest=[Z]\n", "GroupID=[d]\n", NULL, NULL } }, |
---|
746 | |
---|
747 | { SMBsendend, "SMBsendend", 0, |
---|
748 | { "GroupID=[d]\n", NULL, NULL, NULL, NULL } }, |
---|
749 | |
---|
750 | { SMBsendtxt, "SMBsendtxt", 0, |
---|
751 | { "GroupID=[d]\n", NULL, NULL, NULL, NULL } }, |
---|
752 | |
---|
753 | { SMBsendb, "SMBsendb", 0, |
---|
754 | { NULL, "Source=[Z]\nDest=[Z]\n", NULL, NULL, NULL } }, |
---|
755 | |
---|
756 | { SMBfwdname, "SMBfwdname", 0, DEFDESCRIPT }, |
---|
757 | { SMBcancelf, "SMBcancelf", 0, DEFDESCRIPT }, |
---|
758 | { SMBgetmac, "SMBgetmac", 0, DEFDESCRIPT }, |
---|
759 | |
---|
760 | { SMBnegprot, "SMBnegprot", 0, |
---|
761 | { NULL, NULL, NULL, NULL, print_negprot } }, |
---|
762 | |
---|
763 | { SMBsesssetupX, "SMBsesssetupX", FLG_CHAIN, |
---|
764 | { NULL, NULL, NULL, NULL, print_sesssetup } }, |
---|
765 | |
---|
766 | { SMBtconX, "SMBtconX", FLG_CHAIN, |
---|
767 | { "Com2=[w]\nOff2=[d]\nFlags=[w]\nPassLen=[d]\nPasswd&Path&Device=\n", |
---|
768 | NULL, "Com2=[w]\nOff2=[d]\n", "ServiceType=[R]\n", NULL } }, |
---|
769 | |
---|
770 | { SMBlockingX, "SMBlockingX", FLG_CHAIN, |
---|
771 | { NULL, NULL, NULL, NULL, print_lockingandx } }, |
---|
772 | |
---|
773 | { SMBtrans2, "SMBtrans2", 0, { NULL, NULL, NULL, NULL, print_trans2 } }, |
---|
774 | |
---|
775 | { SMBtranss2, "SMBtranss2", 0, DEFDESCRIPT }, |
---|
776 | { SMBctemp, "SMBctemp", 0, DEFDESCRIPT }, |
---|
777 | { SMBreadBs, "SMBreadBs", 0, DEFDESCRIPT }, |
---|
778 | { SMBtrans, "SMBtrans", 0, { NULL, NULL, NULL, NULL, print_trans } }, |
---|
779 | |
---|
780 | { SMBnttrans, "SMBnttrans", 0, DEFDESCRIPT }, |
---|
781 | { SMBnttranss, "SMBnttranss", 0, DEFDESCRIPT }, |
---|
782 | |
---|
783 | { SMBntcreateX, "SMBntcreateX", FLG_CHAIN, |
---|
784 | { "Com2=[w]\nOff2=[d]\nRes=[b]\nNameLen=[ld]\nFlags=[W]\nRootDirectoryFid=[D]\nAccessMask=[W]\nAllocationSize=[L]\nExtFileAttributes=[W]\nShareAccess=[W]\nCreateDisposition=[W]\nCreateOptions=[W]\nImpersonationLevel=[W]\nSecurityFlags=[b]\n", |
---|
785 | "Path=[C]\n", |
---|
786 | "Com2=[w]\nOff2=[d]\nOplockLevel=[b]\nFid=[d]\nCreateAction=[W]\nCreateTime=[T3]LastAccessTime=[T3]LastWriteTime=[T3]ChangeTime=[T3]ExtFileAttributes=[W]\nAllocationSize=[L]\nEndOfFile=[L]\nFileType=[w]\nDeviceState=[w]\nDirectory=[b]\n", |
---|
787 | NULL, NULL } }, |
---|
788 | |
---|
789 | { SMBntcancel, "SMBntcancel", 0, DEFDESCRIPT }, |
---|
790 | |
---|
791 | { -1, NULL, 0, DEFDESCRIPT } |
---|
792 | }; |
---|
793 | |
---|
794 | |
---|
795 | /* |
---|
796 | * print a SMB message |
---|
797 | */ |
---|
798 | static void |
---|
799 | print_smb(netdissect_options *ndo, |
---|
800 | const u_char *buf, const u_char *maxbuf) |
---|
801 | { |
---|
802 | uint16_t flags2; |
---|
803 | int nterrcodes; |
---|
804 | int command; |
---|
805 | uint32_t nterror; |
---|
806 | const u_char *words, *maxwords, *data; |
---|
807 | const struct smbfns *fn; |
---|
808 | const char *fmt_smbheader = |
---|
809 | "[P4]SMB Command = [B]\nError class = [BP1]\nError code = [d]\nFlags1 = [B]\nFlags2 = [B][P13]\nTree ID = [d]\nProc ID = [d]\nUID = [d]\nMID = [d]\nWord Count = [b]\n"; |
---|
810 | int smboffset; |
---|
811 | |
---|
812 | ND_TCHECK(buf[9]); |
---|
813 | request = (buf[9] & 0x80) ? 0 : 1; |
---|
814 | startbuf = buf; |
---|
815 | |
---|
816 | command = buf[4]; |
---|
817 | |
---|
818 | fn = smbfind(command, smb_fns); |
---|
819 | |
---|
820 | if (ndo->ndo_vflag > 1) |
---|
821 | ND_PRINT((ndo, "\n")); |
---|
822 | |
---|
823 | ND_PRINT((ndo, "SMB PACKET: %s (%s)\n", fn->name, request ? "REQUEST" : "REPLY")); |
---|
824 | |
---|
825 | if (ndo->ndo_vflag < 2) |
---|
826 | return; |
---|
827 | |
---|
828 | ND_TCHECK_16BITS(&buf[10]); |
---|
829 | flags2 = EXTRACT_LE_16BITS(&buf[10]); |
---|
830 | unicodestr = flags2 & 0x8000; |
---|
831 | nterrcodes = flags2 & 0x4000; |
---|
832 | |
---|
833 | /* print out the header */ |
---|
834 | smb_fdata(ndo, buf, fmt_smbheader, buf + 33, unicodestr); |
---|
835 | |
---|
836 | if (nterrcodes) { |
---|
837 | nterror = EXTRACT_LE_32BITS(&buf[5]); |
---|
838 | if (nterror) |
---|
839 | ND_PRINT((ndo, "NTError = %s\n", nt_errstr(nterror))); |
---|
840 | } else { |
---|
841 | if (buf[5]) |
---|
842 | ND_PRINT((ndo, "SMBError = %s\n", smb_errstr(buf[5], EXTRACT_LE_16BITS(&buf[7])))); |
---|
843 | } |
---|
844 | |
---|
845 | smboffset = 32; |
---|
846 | |
---|
847 | for (;;) { |
---|
848 | const char *f1, *f2; |
---|
849 | int wct; |
---|
850 | u_int bcc; |
---|
851 | int newsmboffset; |
---|
852 | |
---|
853 | words = buf + smboffset; |
---|
854 | ND_TCHECK(words[0]); |
---|
855 | wct = words[0]; |
---|
856 | data = words + 1 + wct * 2; |
---|
857 | maxwords = min(data, maxbuf); |
---|
858 | |
---|
859 | if (request) { |
---|
860 | f1 = fn->descript.req_f1; |
---|
861 | f2 = fn->descript.req_f2; |
---|
862 | } else { |
---|
863 | f1 = fn->descript.rep_f1; |
---|
864 | f2 = fn->descript.rep_f2; |
---|
865 | } |
---|
866 | |
---|
867 | if (fn->descript.fn) |
---|
868 | (*fn->descript.fn)(ndo, words, data, buf, maxbuf); |
---|
869 | else { |
---|
870 | if (wct) { |
---|
871 | if (f1) |
---|
872 | smb_fdata(ndo, words + 1, f1, words + 1 + wct * 2, unicodestr); |
---|
873 | else { |
---|
874 | int i; |
---|
875 | int v; |
---|
876 | |
---|
877 | for (i = 0; &words[1 + 2 * i] < maxwords; i++) { |
---|
878 | ND_TCHECK2(words[1 + 2 * i], 2); |
---|
879 | v = EXTRACT_LE_16BITS(words + 1 + 2 * i); |
---|
880 | ND_PRINT((ndo, "smb_vwv[%d]=%d (0x%X)\n", i, v, v)); |
---|
881 | } |
---|
882 | } |
---|
883 | } |
---|
884 | |
---|
885 | ND_TCHECK2(*data, 2); |
---|
886 | bcc = EXTRACT_LE_16BITS(data); |
---|
887 | ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); |
---|
888 | if (f2) { |
---|
889 | if (bcc > 0) |
---|
890 | smb_fdata(ndo, data + 2, f2, data + 2 + bcc, unicodestr); |
---|
891 | } else { |
---|
892 | if (bcc > 0) { |
---|
893 | ND_PRINT((ndo, "smb_buf[]=\n")); |
---|
894 | smb_print_data(ndo, data + 2, min(bcc, PTR_DIFF(maxbuf, data + 2))); |
---|
895 | } |
---|
896 | } |
---|
897 | } |
---|
898 | |
---|
899 | if ((fn->flags & FLG_CHAIN) == 0) |
---|
900 | break; |
---|
901 | if (wct == 0) |
---|
902 | break; |
---|
903 | ND_TCHECK(words[1]); |
---|
904 | command = words[1]; |
---|
905 | if (command == 0xFF) |
---|
906 | break; |
---|
907 | ND_TCHECK2(words[3], 2); |
---|
908 | newsmboffset = EXTRACT_LE_16BITS(words + 3); |
---|
909 | |
---|
910 | fn = smbfind(command, smb_fns); |
---|
911 | |
---|
912 | ND_PRINT((ndo, "\nSMB PACKET: %s (%s) (CHAINED)\n", |
---|
913 | fn->name, request ? "REQUEST" : "REPLY")); |
---|
914 | if (newsmboffset <= smboffset) { |
---|
915 | ND_PRINT((ndo, "Bad andX offset: %u <= %u\n", newsmboffset, smboffset)); |
---|
916 | break; |
---|
917 | } |
---|
918 | smboffset = newsmboffset; |
---|
919 | } |
---|
920 | |
---|
921 | ND_PRINT((ndo, "\n")); |
---|
922 | return; |
---|
923 | trunc: |
---|
924 | ND_PRINT((ndo, "%s", tstr)); |
---|
925 | } |
---|
926 | |
---|
927 | |
---|
928 | /* |
---|
929 | * print a NBT packet received across tcp on port 139 |
---|
930 | */ |
---|
931 | void |
---|
932 | nbt_tcp_print(netdissect_options *ndo, |
---|
933 | const u_char *data, int length) |
---|
934 | { |
---|
935 | int caplen; |
---|
936 | int type; |
---|
937 | u_int nbt_len; |
---|
938 | const u_char *maxbuf; |
---|
939 | |
---|
940 | if (length < 4) |
---|
941 | goto trunc; |
---|
942 | if (ndo->ndo_snapend < data) |
---|
943 | goto trunc; |
---|
944 | caplen = ndo->ndo_snapend - data; |
---|
945 | if (caplen < 4) |
---|
946 | goto trunc; |
---|
947 | maxbuf = data + caplen; |
---|
948 | type = data[0]; |
---|
949 | nbt_len = EXTRACT_16BITS(data + 2); |
---|
950 | length -= 4; |
---|
951 | caplen -= 4; |
---|
952 | |
---|
953 | startbuf = data; |
---|
954 | |
---|
955 | if (ndo->ndo_vflag < 2) { |
---|
956 | ND_PRINT((ndo, " NBT Session Packet: ")); |
---|
957 | switch (type) { |
---|
958 | case 0x00: |
---|
959 | ND_PRINT((ndo, "Session Message")); |
---|
960 | break; |
---|
961 | |
---|
962 | case 0x81: |
---|
963 | ND_PRINT((ndo, "Session Request")); |
---|
964 | break; |
---|
965 | |
---|
966 | case 0x82: |
---|
967 | ND_PRINT((ndo, "Session Granted")); |
---|
968 | break; |
---|
969 | |
---|
970 | case 0x83: |
---|
971 | { |
---|
972 | int ecode; |
---|
973 | |
---|
974 | if (nbt_len < 4) |
---|
975 | goto trunc; |
---|
976 | if (length < 4) |
---|
977 | goto trunc; |
---|
978 | if (caplen < 4) |
---|
979 | goto trunc; |
---|
980 | ecode = data[4]; |
---|
981 | |
---|
982 | ND_PRINT((ndo, "Session Reject, ")); |
---|
983 | switch (ecode) { |
---|
984 | case 0x80: |
---|
985 | ND_PRINT((ndo, "Not listening on called name")); |
---|
986 | break; |
---|
987 | case 0x81: |
---|
988 | ND_PRINT((ndo, "Not listening for calling name")); |
---|
989 | break; |
---|
990 | case 0x82: |
---|
991 | ND_PRINT((ndo, "Called name not present")); |
---|
992 | break; |
---|
993 | case 0x83: |
---|
994 | ND_PRINT((ndo, "Called name present, but insufficient resources")); |
---|
995 | break; |
---|
996 | default: |
---|
997 | ND_PRINT((ndo, "Unspecified error 0x%X", ecode)); |
---|
998 | break; |
---|
999 | } |
---|
1000 | } |
---|
1001 | break; |
---|
1002 | |
---|
1003 | case 0x85: |
---|
1004 | ND_PRINT((ndo, "Session Keepalive")); |
---|
1005 | break; |
---|
1006 | |
---|
1007 | default: |
---|
1008 | data = smb_fdata(ndo, data, "Unknown packet type [rB]", maxbuf, 0); |
---|
1009 | break; |
---|
1010 | } |
---|
1011 | } else { |
---|
1012 | ND_PRINT((ndo, "\n>>> NBT Session Packet\n")); |
---|
1013 | switch (type) { |
---|
1014 | case 0x00: |
---|
1015 | data = smb_fdata(ndo, data, "[P1]NBT Session Message\nFlags=[B]\nLength=[rd]\n", |
---|
1016 | data + 4, 0); |
---|
1017 | if (data == NULL) |
---|
1018 | break; |
---|
1019 | if (nbt_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) { |
---|
1020 | if ((int)nbt_len > caplen) { |
---|
1021 | if ((int)nbt_len > length) |
---|
1022 | ND_PRINT((ndo, "WARNING: Packet is continued in later TCP segments\n")); |
---|
1023 | else |
---|
1024 | ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length by %d\n", |
---|
1025 | nbt_len - caplen)); |
---|
1026 | } |
---|
1027 | print_smb(ndo, data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf); |
---|
1028 | } else |
---|
1029 | ND_PRINT((ndo, "Session packet:(raw data or continuation?)\n")); |
---|
1030 | break; |
---|
1031 | |
---|
1032 | case 0x81: |
---|
1033 | data = smb_fdata(ndo, data, |
---|
1034 | "[P1]NBT Session Request\nFlags=[B]\nLength=[rd]\nDestination=[n1]\nSource=[n1]\n", |
---|
1035 | maxbuf, 0); |
---|
1036 | break; |
---|
1037 | |
---|
1038 | case 0x82: |
---|
1039 | data = smb_fdata(ndo, data, "[P1]NBT Session Granted\nFlags=[B]\nLength=[rd]\n", maxbuf, 0); |
---|
1040 | break; |
---|
1041 | |
---|
1042 | case 0x83: |
---|
1043 | { |
---|
1044 | const u_char *origdata; |
---|
1045 | int ecode; |
---|
1046 | |
---|
1047 | origdata = data; |
---|
1048 | data = smb_fdata(ndo, data, "[P1]NBT SessionReject\nFlags=[B]\nLength=[rd]\nReason=[B]\n", |
---|
1049 | maxbuf, 0); |
---|
1050 | if (data == NULL) |
---|
1051 | break; |
---|
1052 | if (nbt_len >= 1 && caplen >= 1) { |
---|
1053 | ecode = origdata[4]; |
---|
1054 | switch (ecode) { |
---|
1055 | case 0x80: |
---|
1056 | ND_PRINT((ndo, "Not listening on called name\n")); |
---|
1057 | break; |
---|
1058 | case 0x81: |
---|
1059 | ND_PRINT((ndo, "Not listening for calling name\n")); |
---|
1060 | break; |
---|
1061 | case 0x82: |
---|
1062 | ND_PRINT((ndo, "Called name not present\n")); |
---|
1063 | break; |
---|
1064 | case 0x83: |
---|
1065 | ND_PRINT((ndo, "Called name present, but insufficient resources\n")); |
---|
1066 | break; |
---|
1067 | default: |
---|
1068 | ND_PRINT((ndo, "Unspecified error 0x%X\n", ecode)); |
---|
1069 | break; |
---|
1070 | } |
---|
1071 | } |
---|
1072 | } |
---|
1073 | break; |
---|
1074 | |
---|
1075 | case 0x85: |
---|
1076 | data = smb_fdata(ndo, data, "[P1]NBT Session Keepalive\nFlags=[B]\nLength=[rd]\n", maxbuf, 0); |
---|
1077 | break; |
---|
1078 | |
---|
1079 | default: |
---|
1080 | data = smb_fdata(ndo, data, "NBT - Unknown packet type\nType=[B]\n", maxbuf, 0); |
---|
1081 | break; |
---|
1082 | } |
---|
1083 | ND_PRINT((ndo, "\n")); |
---|
1084 | } |
---|
1085 | return; |
---|
1086 | trunc: |
---|
1087 | ND_PRINT((ndo, "%s", tstr)); |
---|
1088 | } |
---|
1089 | |
---|
1090 | static const struct tok opcode_str[] = { |
---|
1091 | { 0, "QUERY" }, |
---|
1092 | { 5, "REGISTRATION" }, |
---|
1093 | { 6, "RELEASE" }, |
---|
1094 | { 7, "WACK" }, |
---|
1095 | { 8, "REFRESH(8)" }, |
---|
1096 | { 9, "REFRESH" }, |
---|
1097 | { 15, "MULTIHOMED REGISTRATION" }, |
---|
1098 | { 0, NULL } |
---|
1099 | }; |
---|
1100 | |
---|
1101 | /* |
---|
1102 | * print a NBT packet received across udp on port 137 |
---|
1103 | */ |
---|
1104 | void |
---|
1105 | nbt_udp137_print(netdissect_options *ndo, |
---|
1106 | const u_char *data, int length) |
---|
1107 | { |
---|
1108 | const u_char *maxbuf = data + length; |
---|
1109 | int name_trn_id, response, opcode, nm_flags, rcode; |
---|
1110 | int qdcount, ancount, nscount, arcount; |
---|
1111 | const u_char *p; |
---|
1112 | int total, i; |
---|
1113 | |
---|
1114 | ND_TCHECK2(data[10], 2); |
---|
1115 | name_trn_id = EXTRACT_16BITS(data); |
---|
1116 | response = (data[2] >> 7); |
---|
1117 | opcode = (data[2] >> 3) & 0xF; |
---|
1118 | nm_flags = ((data[2] & 0x7) << 4) + (data[3] >> 4); |
---|
1119 | rcode = data[3] & 0xF; |
---|
1120 | qdcount = EXTRACT_16BITS(data + 4); |
---|
1121 | ancount = EXTRACT_16BITS(data + 6); |
---|
1122 | nscount = EXTRACT_16BITS(data + 8); |
---|
1123 | arcount = EXTRACT_16BITS(data + 10); |
---|
1124 | startbuf = data; |
---|
1125 | |
---|
1126 | if (maxbuf <= data) |
---|
1127 | return; |
---|
1128 | |
---|
1129 | if (ndo->ndo_vflag > 1) |
---|
1130 | ND_PRINT((ndo, "\n>>> ")); |
---|
1131 | |
---|
1132 | ND_PRINT((ndo, "NBT UDP PACKET(137): %s", tok2str(opcode_str, "OPUNKNOWN", opcode))); |
---|
1133 | if (response) { |
---|
1134 | ND_PRINT((ndo, "; %s", rcode ? "NEGATIVE" : "POSITIVE")); |
---|
1135 | } |
---|
1136 | ND_PRINT((ndo, "; %s; %s", response ? "RESPONSE" : "REQUEST", |
---|
1137 | (nm_flags & 1) ? "BROADCAST" : "UNICAST")); |
---|
1138 | |
---|
1139 | if (ndo->ndo_vflag < 2) |
---|
1140 | return; |
---|
1141 | |
---|
1142 | ND_PRINT((ndo, "\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n", |
---|
1143 | name_trn_id, opcode, nm_flags, rcode, qdcount, ancount, nscount, |
---|
1144 | arcount)); |
---|
1145 | |
---|
1146 | p = data + 12; |
---|
1147 | |
---|
1148 | total = ancount + nscount + arcount; |
---|
1149 | |
---|
1150 | if (qdcount > 100 || total > 100) { |
---|
1151 | ND_PRINT((ndo, "Corrupt packet??\n")); |
---|
1152 | return; |
---|
1153 | } |
---|
1154 | |
---|
1155 | if (qdcount) { |
---|
1156 | ND_PRINT((ndo, "QuestionRecords:\n")); |
---|
1157 | for (i = 0; i < qdcount; i++) { |
---|
1158 | p = smb_fdata(ndo, p, |
---|
1159 | "|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#", |
---|
1160 | maxbuf, 0); |
---|
1161 | if (p == NULL) |
---|
1162 | goto out; |
---|
1163 | } |
---|
1164 | } |
---|
1165 | |
---|
1166 | if (total) { |
---|
1167 | ND_PRINT((ndo, "\nResourceRecords:\n")); |
---|
1168 | for (i = 0; i < total; i++) { |
---|
1169 | int rdlen; |
---|
1170 | int restype; |
---|
1171 | |
---|
1172 | p = smb_fdata(ndo, p, "Name=[n1]\n#", maxbuf, 0); |
---|
1173 | if (p == NULL) |
---|
1174 | goto out; |
---|
1175 | ND_TCHECK_16BITS(p); |
---|
1176 | restype = EXTRACT_16BITS(p); |
---|
1177 | p = smb_fdata(ndo, p, "ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n", p + 8, 0); |
---|
1178 | if (p == NULL) |
---|
1179 | goto out; |
---|
1180 | ND_TCHECK_16BITS(p); |
---|
1181 | rdlen = EXTRACT_16BITS(p); |
---|
1182 | ND_PRINT((ndo, "ResourceLength=%d\nResourceData=\n", rdlen)); |
---|
1183 | p += 2; |
---|
1184 | if (rdlen == 6) { |
---|
1185 | p = smb_fdata(ndo, p, "AddrType=[rw]\nAddress=[b.b.b.b]\n", p + rdlen, 0); |
---|
1186 | if (p == NULL) |
---|
1187 | goto out; |
---|
1188 | } else { |
---|
1189 | if (restype == 0x21) { |
---|
1190 | int numnames; |
---|
1191 | |
---|
1192 | ND_TCHECK(*p); |
---|
1193 | numnames = p[0]; |
---|
1194 | p = smb_fdata(ndo, p, "NumNames=[B]\n", p + 1, 0); |
---|
1195 | if (p == NULL) |
---|
1196 | goto out; |
---|
1197 | while (numnames--) { |
---|
1198 | p = smb_fdata(ndo, p, "Name=[n2]\t#", maxbuf, 0); |
---|
1199 | if (p == NULL) |
---|
1200 | goto out; |
---|
1201 | ND_TCHECK(*p); |
---|
1202 | if (p[0] & 0x80) |
---|
1203 | ND_PRINT((ndo, "<GROUP> ")); |
---|
1204 | switch (p[0] & 0x60) { |
---|
1205 | case 0x00: ND_PRINT((ndo, "B ")); break; |
---|
1206 | case 0x20: ND_PRINT((ndo, "P ")); break; |
---|
1207 | case 0x40: ND_PRINT((ndo, "M ")); break; |
---|
1208 | case 0x60: ND_PRINT((ndo, "_ ")); break; |
---|
1209 | } |
---|
1210 | if (p[0] & 0x10) |
---|
1211 | ND_PRINT((ndo, "<DEREGISTERING> ")); |
---|
1212 | if (p[0] & 0x08) |
---|
1213 | ND_PRINT((ndo, "<CONFLICT> ")); |
---|
1214 | if (p[0] & 0x04) |
---|
1215 | ND_PRINT((ndo, "<ACTIVE> ")); |
---|
1216 | if (p[0] & 0x02) |
---|
1217 | ND_PRINT((ndo, "<PERMANENT> ")); |
---|
1218 | ND_PRINT((ndo, "\n")); |
---|
1219 | p += 2; |
---|
1220 | } |
---|
1221 | } else { |
---|
1222 | smb_print_data(ndo, p, min(rdlen, length - (p - data))); |
---|
1223 | p += rdlen; |
---|
1224 | } |
---|
1225 | } |
---|
1226 | } |
---|
1227 | } |
---|
1228 | |
---|
1229 | if (p < maxbuf) |
---|
1230 | smb_fdata(ndo, p, "AdditionalData:\n", maxbuf, 0); |
---|
1231 | |
---|
1232 | out: |
---|
1233 | ND_PRINT((ndo, "\n")); |
---|
1234 | return; |
---|
1235 | trunc: |
---|
1236 | ND_PRINT((ndo, "%s", tstr)); |
---|
1237 | } |
---|
1238 | |
---|
1239 | /* |
---|
1240 | * Print an SMB-over-TCP packet received across tcp on port 445 |
---|
1241 | */ |
---|
1242 | void |
---|
1243 | smb_tcp_print(netdissect_options *ndo, |
---|
1244 | const u_char * data, int length) |
---|
1245 | { |
---|
1246 | int caplen; |
---|
1247 | u_int smb_len; |
---|
1248 | const u_char *maxbuf; |
---|
1249 | |
---|
1250 | if (length < 4) |
---|
1251 | goto trunc; |
---|
1252 | if (ndo->ndo_snapend < data) |
---|
1253 | goto trunc; |
---|
1254 | caplen = ndo->ndo_snapend - data; |
---|
1255 | if (caplen < 4) |
---|
1256 | goto trunc; |
---|
1257 | maxbuf = data + caplen; |
---|
1258 | smb_len = EXTRACT_24BITS(data + 1); |
---|
1259 | length -= 4; |
---|
1260 | caplen -= 4; |
---|
1261 | |
---|
1262 | startbuf = data; |
---|
1263 | data += 4; |
---|
1264 | |
---|
1265 | if (smb_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) { |
---|
1266 | if ((int)smb_len > caplen) { |
---|
1267 | if ((int)smb_len > length) |
---|
1268 | ND_PRINT((ndo, " WARNING: Packet is continued in later TCP segments\n")); |
---|
1269 | else |
---|
1270 | ND_PRINT((ndo, " WARNING: Short packet. Try increasing the snap length by %d\n", |
---|
1271 | smb_len - caplen)); |
---|
1272 | } else |
---|
1273 | ND_PRINT((ndo, " ")); |
---|
1274 | print_smb(ndo, data, maxbuf > data + smb_len ? data + smb_len : maxbuf); |
---|
1275 | } else |
---|
1276 | ND_PRINT((ndo, " SMB-over-TCP packet:(raw data or continuation?)\n")); |
---|
1277 | return; |
---|
1278 | trunc: |
---|
1279 | ND_PRINT((ndo, "%s", tstr)); |
---|
1280 | } |
---|
1281 | |
---|
1282 | /* |
---|
1283 | * print a NBT packet received across udp on port 138 |
---|
1284 | */ |
---|
1285 | void |
---|
1286 | nbt_udp138_print(netdissect_options *ndo, |
---|
1287 | const u_char *data, int length) |
---|
1288 | { |
---|
1289 | const u_char *maxbuf = data + length; |
---|
1290 | |
---|
1291 | if (maxbuf > ndo->ndo_snapend) |
---|
1292 | maxbuf = ndo->ndo_snapend; |
---|
1293 | if (maxbuf <= data) |
---|
1294 | return; |
---|
1295 | startbuf = data; |
---|
1296 | |
---|
1297 | if (ndo->ndo_vflag < 2) { |
---|
1298 | ND_PRINT((ndo, "NBT UDP PACKET(138)")); |
---|
1299 | return; |
---|
1300 | } |
---|
1301 | |
---|
1302 | data = smb_fdata(ndo, data, |
---|
1303 | "\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#", |
---|
1304 | maxbuf, 0); |
---|
1305 | |
---|
1306 | if (data != NULL) { |
---|
1307 | /* If there isn't enough data for "\377SMB", don't check for it. */ |
---|
1308 | if (&data[3] >= maxbuf) |
---|
1309 | goto out; |
---|
1310 | |
---|
1311 | if (memcmp(data, "\377SMB",4) == 0) |
---|
1312 | print_smb(ndo, data, maxbuf); |
---|
1313 | } |
---|
1314 | out: |
---|
1315 | ND_PRINT((ndo, "\n")); |
---|
1316 | } |
---|
1317 | |
---|
1318 | |
---|
1319 | /* |
---|
1320 | print netbeui frames |
---|
1321 | */ |
---|
1322 | static struct nbf_strings { |
---|
1323 | const char *name; |
---|
1324 | const char *nonverbose; |
---|
1325 | const char *verbose; |
---|
1326 | } nbf_strings[0x20] = { |
---|
1327 | { "Add Group Name Query", ", [P23]Name to add=[n2]#", |
---|
1328 | "[P5]ResponseCorrelator=[w]\n[P16]Name to add=[n2]\n" }, |
---|
1329 | { "Add Name Query", ", [P23]Name to add=[n2]#", |
---|
1330 | "[P5]ResponseCorrelator=[w]\n[P16]Name to add=[n2]\n" }, |
---|
1331 | { "Name In Conflict", NULL, NULL }, |
---|
1332 | { "Status Query", NULL, NULL }, |
---|
1333 | { NULL, NULL, NULL }, /* not used */ |
---|
1334 | { NULL, NULL, NULL }, /* not used */ |
---|
1335 | { NULL, NULL, NULL }, /* not used */ |
---|
1336 | { "Terminate Trace", NULL, NULL }, |
---|
1337 | { "Datagram", NULL, |
---|
1338 | "[P7]Destination=[n2]\nSource=[n2]\n" }, |
---|
1339 | { "Broadcast Datagram", NULL, |
---|
1340 | "[P7]Destination=[n2]\nSource=[n2]\n" }, |
---|
1341 | { "Name Query", ", [P7]Name=[n2]#", |
---|
1342 | "[P1]SessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nName=[n2]\nName of sender=[n2]\n" }, |
---|
1343 | { NULL, NULL, NULL }, /* not used */ |
---|
1344 | { NULL, NULL, NULL }, /* not used */ |
---|
1345 | { "Add Name Response", ", [P1]GroupName=[w] [P4]Destination=[n2] Source=[n2]#", |
---|
1346 | "AddNameInProcess=[B]\nGroupName=[w]\nTransmitCorrelator=[w][P2]\nDestination=[n2]\nSource=[n2]\n" }, |
---|
1347 | { "Name Recognized", NULL, |
---|
1348 | "[P1]Data2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nDestination=[n2]\nSource=[n2]\n" }, |
---|
1349 | { "Status Response", NULL, NULL }, |
---|
1350 | { NULL, NULL, NULL }, /* not used */ |
---|
1351 | { NULL, NULL, NULL }, /* not used */ |
---|
1352 | { NULL, NULL, NULL }, /* not used */ |
---|
1353 | { "Terminate Trace", NULL, NULL }, |
---|
1354 | { "Data Ack", NULL, |
---|
1355 | "[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1356 | { "Data First/Middle", NULL, |
---|
1357 | "Flags=[{RECEIVE_CONTINUE|NO_ACK||PIGGYBACK_ACK_INCLUDED|}]\nResyncIndicator=[w][P2]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1358 | { "Data Only/Last", NULL, |
---|
1359 | "Flags=[{|NO_ACK|PIGGYBACK_ACK_ALLOWED|PIGGYBACK_ACK_INCLUDED|}]\nResyncIndicator=[w][P2]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1360 | { "Session Confirm", NULL, |
---|
1361 | "Data1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1362 | { "Session End", NULL, |
---|
1363 | "[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1364 | { "Session Initialize", NULL, |
---|
1365 | "Data1=[B]\nData2=[w]\nTransmitCorrelator=[w]\nResponseCorelator=[w]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1366 | { "No Receive", NULL, |
---|
1367 | "Flags=[{|SEND_NO_ACK}]\nDataBytesAccepted=[b][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1368 | { "Receive Outstanding", NULL, |
---|
1369 | "[P1]DataBytesAccepted=[b][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1370 | { "Receive Continue", NULL, |
---|
1371 | "[P2]TransmitCorrelator=[w]\n[P2]RemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n" }, |
---|
1372 | { NULL, NULL, NULL }, /* not used */ |
---|
1373 | { NULL, NULL, NULL }, /* not used */ |
---|
1374 | { "Session Alive", NULL, NULL } |
---|
1375 | }; |
---|
1376 | |
---|
1377 | void |
---|
1378 | netbeui_print(netdissect_options *ndo, |
---|
1379 | u_short control, const u_char *data, int length) |
---|
1380 | { |
---|
1381 | const u_char *maxbuf = data + length; |
---|
1382 | int len; |
---|
1383 | int command; |
---|
1384 | const u_char *data2; |
---|
1385 | int is_truncated = 0; |
---|
1386 | |
---|
1387 | if (maxbuf > ndo->ndo_snapend) |
---|
1388 | maxbuf = ndo->ndo_snapend; |
---|
1389 | ND_TCHECK(data[4]); |
---|
1390 | len = EXTRACT_LE_16BITS(data); |
---|
1391 | command = data[4]; |
---|
1392 | data2 = data + len; |
---|
1393 | if (data2 >= maxbuf) { |
---|
1394 | data2 = maxbuf; |
---|
1395 | is_truncated = 1; |
---|
1396 | } |
---|
1397 | |
---|
1398 | startbuf = data; |
---|
1399 | |
---|
1400 | if (ndo->ndo_vflag < 2) { |
---|
1401 | ND_PRINT((ndo, "NBF Packet: ")); |
---|
1402 | data = smb_fdata(ndo, data, "[P5]#", maxbuf, 0); |
---|
1403 | } else { |
---|
1404 | ND_PRINT((ndo, "\n>>> NBF Packet\nType=0x%X ", control)); |
---|
1405 | data = smb_fdata(ndo, data, "Length=[d] Signature=[w] Command=[B]\n#", maxbuf, 0); |
---|
1406 | } |
---|
1407 | if (data == NULL) |
---|
1408 | goto out; |
---|
1409 | |
---|
1410 | if (command > 0x1f || nbf_strings[command].name == NULL) { |
---|
1411 | if (ndo->ndo_vflag < 2) |
---|
1412 | data = smb_fdata(ndo, data, "Unknown NBF Command#", data2, 0); |
---|
1413 | else |
---|
1414 | data = smb_fdata(ndo, data, "Unknown NBF Command\n", data2, 0); |
---|
1415 | } else { |
---|
1416 | if (ndo->ndo_vflag < 2) { |
---|
1417 | ND_PRINT((ndo, "%s", nbf_strings[command].name)); |
---|
1418 | if (nbf_strings[command].nonverbose != NULL) |
---|
1419 | data = smb_fdata(ndo, data, nbf_strings[command].nonverbose, data2, 0); |
---|
1420 | } else { |
---|
1421 | ND_PRINT((ndo, "%s:\n", nbf_strings[command].name)); |
---|
1422 | if (nbf_strings[command].verbose != NULL) |
---|
1423 | data = smb_fdata(ndo, data, nbf_strings[command].verbose, data2, 0); |
---|
1424 | else |
---|
1425 | ND_PRINT((ndo, "\n")); |
---|
1426 | } |
---|
1427 | } |
---|
1428 | |
---|
1429 | if (ndo->ndo_vflag < 2) |
---|
1430 | return; |
---|
1431 | |
---|
1432 | if (data == NULL) |
---|
1433 | goto out; |
---|
1434 | |
---|
1435 | if (is_truncated) { |
---|
1436 | /* data2 was past the end of the buffer */ |
---|
1437 | goto out; |
---|
1438 | } |
---|
1439 | |
---|
1440 | /* If this isn't a command that would contain an SMB message, quit. */ |
---|
1441 | if (command != 0x08 && command != 0x09 && command != 0x15 && |
---|
1442 | command != 0x16) |
---|
1443 | goto out; |
---|
1444 | |
---|
1445 | /* If there isn't enough data for "\377SMB", don't look for it. */ |
---|
1446 | if (&data2[3] >= maxbuf) |
---|
1447 | goto out; |
---|
1448 | |
---|
1449 | if (memcmp(data2, "\377SMB",4) == 0) |
---|
1450 | print_smb(ndo, data2, maxbuf); |
---|
1451 | else { |
---|
1452 | int i; |
---|
1453 | for (i = 0; i < 128; i++) { |
---|
1454 | if (&data2[i + 3] >= maxbuf) |
---|
1455 | break; |
---|
1456 | if (memcmp(&data2[i], "\377SMB", 4) == 0) { |
---|
1457 | ND_PRINT((ndo, "found SMB packet at %d\n", i)); |
---|
1458 | print_smb(ndo, &data2[i], maxbuf); |
---|
1459 | break; |
---|
1460 | } |
---|
1461 | } |
---|
1462 | } |
---|
1463 | |
---|
1464 | out: |
---|
1465 | ND_PRINT((ndo, "\n")); |
---|
1466 | return; |
---|
1467 | trunc: |
---|
1468 | ND_PRINT((ndo, "%s", tstr)); |
---|
1469 | } |
---|
1470 | |
---|
1471 | |
---|
1472 | /* |
---|
1473 | * print IPX-Netbios frames |
---|
1474 | */ |
---|
1475 | void |
---|
1476 | ipx_netbios_print(netdissect_options *ndo, |
---|
1477 | const u_char *data, u_int length) |
---|
1478 | { |
---|
1479 | /* |
---|
1480 | * this is a hack till I work out how to parse the rest of the |
---|
1481 | * NetBIOS-over-IPX stuff |
---|
1482 | */ |
---|
1483 | int i; |
---|
1484 | const u_char *maxbuf; |
---|
1485 | |
---|
1486 | maxbuf = data + length; |
---|
1487 | /* Don't go past the end of the captured data in the packet. */ |
---|
1488 | if (maxbuf > ndo->ndo_snapend) |
---|
1489 | maxbuf = ndo->ndo_snapend; |
---|
1490 | startbuf = data; |
---|
1491 | for (i = 0; i < 128; i++) { |
---|
1492 | if (&data[i + 4] > maxbuf) |
---|
1493 | break; |
---|
1494 | if (memcmp(&data[i], "\377SMB", 4) == 0) { |
---|
1495 | smb_fdata(ndo, data, "\n>>> IPX transport ", &data[i], 0); |
---|
1496 | print_smb(ndo, &data[i], maxbuf); |
---|
1497 | ND_PRINT((ndo, "\n")); |
---|
1498 | break; |
---|
1499 | } |
---|
1500 | } |
---|
1501 | if (i == 128) |
---|
1502 | smb_fdata(ndo, data, "\n>>> Unknown IPX ", maxbuf, 0); |
---|
1503 | } |
---|
1504 | #ifdef __rtems__ |
---|
1505 | #include "rtems-bsd-tcpdump-print-smb-data.h" |
---|
1506 | #endif /* __rtems__ */ |
---|