epan/dissectors/packet-smb2.h

   1 /* packet-smb2.h
   2  * Defines for SMB2 packet dissection
   3  *
   4  * $Id$
   5  *
   6  * Wireshark - Network traffic analyzer
   7  * By Gerald Combs <gerald@wireshark.org>
   8  * Copyright 1998, 1999 Gerald Combs
   9  *
  10  * This program is free software; you can redistribute it and/or
  11  * modify it under the terms of the GNU General Public License
  12  * as published by the Free Software Foundation; either version 2
  13  * of the License, or (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  23  */
  24
  25 #ifndef __PACKET_SMB2_H__
  26 #define __PACKET_SMB2_H__
  27
  28 #include "packet-dcerpc.h"
  29 #include "packet-smb.h"
  30
  31 /* SMB2 command codes. With MSVC and a
  32  * libwireshark.dll, we need a special declaration.
  33  */
  34 WS_DLL_PUBLIC value_string_ext smb2_cmd_vals_ext;
  35
  36 /* Structure to keep track of information specific to a single
  37  * SMB2 transaction. Here we store things we need to remember between
  38  * a specific request and a specific response.
  39  *
  40  * There is no guarantee we will have this structure available for all
  41  * SMB2 packets so a dissector must check this pointer for NULL
  42  * before dereferencing it.
  43  *
  44  * private data is set to NULL when the structure is created.  It is used
  45  * for communications between the Request and the Response packets.
  46  */
  47
  48 /* extra info needed by export object smb */
  49 typedef struct _smb2_eo_file_info_t {
  50         guint32 attr_mask;
  51         gint64  end_of_file;
  52 } smb2_eo_file_info_t;
  53
  54 typedef enum {
  55         SMB2_EI_NONE,           /* Unassigned / NULL */
  56         SMB2_EI_TREENAME,       /* tid tracking  char * */
  57         SMB2_EI_FILENAME,       /* fid tracking  char * */
  58         SMB2_EI_FINDPATTERN     /* find tracking  char * */
  59 } smb2_extra_info_t;
  60 typedef struct _smb2_saved_info_t {
  61         guint8 smb2_class;
  62         guint8 infolevel;
  63         guint64 msg_id;
  64         guint32 frame_req, frame_res;
  65         nstime_t req_time;
  66         e_ctx_hnd policy_hnd;           /* for eo_smb tracking */
  67         smb_eo_t        *eo_info_t;     /* for storing eo_smb infos */
  68         guint64         file_offset;    /* needed file_offset for eo_smb */
  69         guint32         bytes_moved;    /* needed for eo_smb */
  70         void *extra_info;
  71         smb2_extra_info_t extra_info_type;
  72 } smb2_saved_info_t;
  73
  74 typedef struct _smb2_tid_info_t {
  75         guint32 tid;
  76         guint32 connect_frame;
  77         guint16 share_type;
  78         char *name;
  79 } smb2_tid_info_t;
  80
  81 typedef struct _smb2_sesid_info_t {
  82         guint64 sesid;
  83         guint32 auth_frame;
  84         char *acct_name;
  85         char *domain_name;
  86         char *host_name;
  87         guint16 server_port;
  88         guint8 client_decryption_key[16];
  89         guint8 server_decryption_key[16];
  90         GHashTable *tids;
  91 } smb2_sesid_info_t;
  92
  93 /* Structure to keep track of conversations and the hash tables.
  94  * There is one such structure for each conversation.
  95  */
  96 typedef struct _smb2_conv_info_t {
  97         /* these two tables are used to match requests with responses */
  98         GHashTable *unmatched;
  99         GHashTable *matched;
 100         GHashTable *sesids;
 101         /* table to store some infos for smb export object */
 102         GHashTable *files;
 103 } smb2_conv_info_t;
 104
 105
 106 /* This structure contains information from the SMB2 header
 107  * as well as pointers to the conversation and the transaction specific
 108  * structures.
 109  */
 110 #define SMB2_FLAGS_RESPONSE     0x00000001
 111 #define SMB2_FLAGS_ASYNC_CMD    0x00000002
 112 #define SMB2_FLAGS_CHAINED      0x00000004
 113 #define SMB2_FLAGS_SIGNATURE    0x00000008
 114 #define SMB2_FLAGS_DFS_OP       0x10000000
 115 #define SMB2_FLAGS_REPLAY_OPERATION     0x20000000
 116
 117 /* SMB2 FLAG MASKS */
 118 #define SMB2_FLAGS_ATTR_ENCRYPTED       0x00004000
 119 #define SMB2_FLAGS_ATTR_INDEXED         0x00002000
 120 #define SMB2_FLAGS_ATTR_OFFLINE         0x00001000
 121 #define SMB2_FLAGS_ATTR_COMPRESSED      0x00000800
 122 #define SMB2_FLAGS_ATTR_REPARSEPOINT    0x00000400
 123 #define SMB2_FLAGS_ATTR_SPARSE          0x00000200
 124 #define SMB2_FLAGS_ATTR_TEMPORARY       0x00000100
 125 #define SMB2_FLAGS_ATTR_NORMAL          0x00000080
 126 #define SMB2_FLAGS_ATTR_DEVICE          0x00000040
 127 #define SMB2_FLAGS_ATTR_ARCHIVE         0x00000020
 128 #define SMB2_FLAGS_ATTR_DIRECTORY       0x00000010
 129 #define SMB2_FLAGS_ATTR_VOLUMEID        0x00000008
 130 #define SMB2_FLAGS_ATTR_SYSTEM          0x00000004
 131 #define SMB2_FLAGS_ATTR_HIDDEN          0x00000002
 132 #define SMB2_FLAGS_ATTR_READONLY        0x00000001
 133
 134 /* SMB2 FILE TYPES ASIGNED TO EXPORT OBJECTS */
 135 #define SMB2_FID_TYPE_UNKNOWN                   0
 136 #define SMB2_FID_TYPE_FILE                      1
 137 #define SMB2_FID_TYPE_DIR                       2
 138 #define SMB2_FID_TYPE_PIPE                      3
 139 #define SMB2_FID_TYPE_OTHER                     4
 140
 141 /* SMB2 COMMAND CODES */
 142 #define SMB2_COM_NEGOTIATE_PROTOCOL     0x00
 143 #define SMB2_COM_SESSION_SETUP          0x01
 144 #define SMB2_COM_SESSION_LOGOFF         0x02
 145 #define SMB2_COM_TREE_CONNECT           0x03
 146 #define SMB2_COM_TREE_DISCONNECT        0x04
 147 #define SMB2_COM_CREATE                 0x05
 148 #define SMB2_COM_CLOSE                  0x06
 149 #define SMB2_COM_FLUSH                  0x07
 150 #define SMB2_COM_READ                   0x08
 151 #define SMB2_COM_WRITE                  0x09
 152 #define SMB2_COM_LOCK                   0x0A
 153 #define SMB2_COM_IOCTL                  0x0B
 154 #define SMB2_COM_CANCEL                 0x0C
 155 #define SMB2_COM_KEEPALIVE              0x0D
 156 #define SMB2_COM_FIND                   0x0E
 157 #define SMB2_COM_NOTIFY                 0x0F
 158 #define SMB2_COM_GETINFO                0x10
 159 #define SMB2_COM_SETINFO                0x11
 160 #define SMB2_COM_BREAK                  0x12
 161
 162 typedef struct _smb2_info_t {
 163         guint16 opcode;
 164         guint32 ioctl_function;
 165         guint32 status;
 166         guint32 tid;
 167         guint64 sesid;
 168         gint64  msg_id;
 169         guint32 flags;
 170         smb2_eo_file_info_t     *eo_file_info; /* eo_smb extra info */
 171         smb2_conv_info_t        *conv;
 172         smb2_saved_info_t       *saved;
 173         smb2_tid_info_t         *tree;
 174         smb2_sesid_info_t       *session;
 175         proto_tree *top_tree;
 176 } smb2_info_t;
 177
 178 /* for transform content information */
 179
 180 typedef struct _smb2_transform_info_t {
 181         guint8  nonce[16];
 182         guint32 size;
 183         guint16 alg;
 184         guint64 sesid;
 185         smb2_conv_info_t *conv;
 186         smb2_sesid_info_t *session;
 187 } smb2_transform_info_t;
 188
 189
 190 int dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset);
 191 int dissect_smb2_ioctl_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, guint32 *ioctl_function);
 192 void dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, guint32 ioctl_function, gboolean data_in);
 193
 194 #endif