Deleted Added
sdiff udiff text old ( 56893 ) new ( 75115 )
full compact
print-smb.c (56893) print-smb.c (75115)
1/*
2 Copyright (C) Andrew Tridgell 1995-1999
3
4 This software may be distributed either under the terms of the
5 BSD-style license that accompanies tcpdump or the GNU GPL version 2
6 or later */
7
8#ifdef HAVE_CONFIG_H
9#include "config.h"
10#endif
11
12#ifndef lint
13static const char rcsid[] =
1/*
2 Copyright (C) Andrew Tridgell 1995-1999
3
4 This software may be distributed either under the terms of the
5 BSD-style license that accompanies tcpdump or the GNU GPL version 2
6 or later */
7
8#ifdef HAVE_CONFIG_H
9#include "config.h"
10#endif
11
12#ifndef lint
13static const char rcsid[] =
14 "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.3.2.1 2000/01/11 06:58:27 fenner Exp $";
14 "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.7 2000/12/05 06:42:47 guy Exp $";
15#endif
16
17#include <stdio.h>
18#include <string.h>
19#include <sys/types.h>
20
21#include "interface.h"
22#include "smb.h"

--- 691 unchanged lines hidden (view full) ---

714
715 printf("\n>>> NBT Packet\n");
716
717 switch (flags) {
718 case 1:
719 printf("flags=0x%x\n", flags);
720 case 0:
721 data = fdata(data,"NBT Session Packet\nFlags=[rw]\nLength=[rd]\n",data+4);
15#endif
16
17#include <stdio.h>
18#include <string.h>
19#include <sys/types.h>
20
21#include "interface.h"
22#include "smb.h"

--- 691 unchanged lines hidden (view full) ---

714
715 printf("\n>>> NBT Packet\n");
716
717 switch (flags) {
718 case 1:
719 printf("flags=0x%x\n", flags);
720 case 0:
721 data = fdata(data,"NBT Session Packet\nFlags=[rw]\nLength=[rd]\n",data+4);
722 if (data == NULL)
723 break;
722 if (memcmp(data,"\377SMB",4)==0) {
723 if (nbt_len>PTR_DIFF(maxbuf,data))
724 printf("WARNING: Short packet. Try increasing the snap length (%ld)\n",
725 PTR_DIFF(maxbuf,data));
726 print_smb(data,maxbuf>data+nbt_len?data+nbt_len:maxbuf);
727 } else {
728 printf("Session packet:(raw data?)\n");
729 }

--- 54 unchanged lines hidden (view full) ---

784 int response = (CVAL(data,2)>>7);
785 int opcode = (CVAL(data,2) >> 3) & 0xF;
786 int nm_flags = ((CVAL(data,2) & 0x7) << 4) + (CVAL(data,3)>>4);
787 int rcode = CVAL(data,3) & 0xF;
788 int qdcount = RSVAL(data,4);
789 int ancount = RSVAL(data,6);
790 int nscount = RSVAL(data,8);
791 int arcount = RSVAL(data,10);
724 if (memcmp(data,"\377SMB",4)==0) {
725 if (nbt_len>PTR_DIFF(maxbuf,data))
726 printf("WARNING: Short packet. Try increasing the snap length (%ld)\n",
727 PTR_DIFF(maxbuf,data));
728 print_smb(data,maxbuf>data+nbt_len?data+nbt_len:maxbuf);
729 } else {
730 printf("Session packet:(raw data?)\n");
731 }

--- 54 unchanged lines hidden (view full) ---

786 int response = (CVAL(data,2)>>7);
787 int opcode = (CVAL(data,2) >> 3) & 0xF;
788 int nm_flags = ((CVAL(data,2) & 0x7) << 4) + (CVAL(data,3)>>4);
789 int rcode = CVAL(data,3) & 0xF;
790 int qdcount = RSVAL(data,4);
791 int ancount = RSVAL(data,6);
792 int nscount = RSVAL(data,8);
793 int arcount = RSVAL(data,10);
792 char des[1024];
793 char *opcodestr="OPUNKNOWN";
794 char *opcodestr;
794 const char *p;
795
796 startbuf = data;
797
798 if (maxbuf <= data) return;
799
795 const char *p;
796
797 startbuf = data;
798
799 if (maxbuf <= data) return;
800
800 strcpy(des,"\n>>> NBT UDP PACKET(137): ");
801 printf("\n>>> NBT UDP PACKET(137): ");
801
802 switch (opcode) {
803 case 0: opcodestr = "QUERY"; break;
804 case 5: opcodestr = "REGISTRATION"; break;
805 case 6: opcodestr = "RELEASE"; break;
806 case 7: opcodestr = "WACK"; break;
807 case 8: opcodestr = "REFRESH(8)"; break;
808 case 9: opcodestr = "REFRESH"; break;
802
803 switch (opcode) {
804 case 0: opcodestr = "QUERY"; break;
805 case 5: opcodestr = "REGISTRATION"; break;
806 case 6: opcodestr = "RELEASE"; break;
807 case 7: opcodestr = "WACK"; break;
808 case 8: opcodestr = "REFRESH(8)"; break;
809 case 9: opcodestr = "REFRESH"; break;
810 default: opcodestr = "OPUNKNOWN"; break;
809 }
811 }
810 strcat(des,opcodestr);
812 printf("%s", opcodestr);
811 if (response) {
812 if (rcode)
813 if (response) {
814 if (rcode)
813 strcat(des,"; NEGATIVE");
815 printf("; NEGATIVE");
814 else
816 else
815 strcat(des,"; POSITIVE");
817 printf("; POSITIVE");
816 }
817
818 if (response)
818 }
819
820 if (response)
819 strcat(des,"; RESPONSE");
821 printf("; RESPONSE");
820 else
822 else
821 strcat(des,"; REQUEST");
823 printf("; REQUEST");
822
823 if (nm_flags&1)
824
825 if (nm_flags&1)
824 strcat(des,"; BROADCAST");
826 printf("; BROADCAST");
825 else
827 else
826 strcat(des,"; UNICAST");
828 printf("; UNICAST");
827
829
828 printf("%s", des);
829
830 if (vflag == 0) return;
831
832 printf("\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n",
833 name_trn_id,opcode,nm_flags,rcode,qdcount,ancount,nscount,arcount);
834
835 p = data + 12;
836
837 {

--- 4 unchanged lines hidden (view full) ---

842 printf("Corrupt packet??\n");
843 return;
844 }
845
846 if (qdcount) {
847 printf("QuestionRecords:\n");
848 for (i=0;i<qdcount;i++)
849 p = fdata(p,"|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#",maxbuf);
830 if (vflag == 0) return;
831
832 printf("\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n",
833 name_trn_id,opcode,nm_flags,rcode,qdcount,ancount,nscount,arcount);
834
835 p = data + 12;
836
837 {

--- 4 unchanged lines hidden (view full) ---

842 printf("Corrupt packet??\n");
843 return;
844 }
845
846 if (qdcount) {
847 printf("QuestionRecords:\n");
848 for (i=0;i<qdcount;i++)
849 p = fdata(p,"|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#",maxbuf);
850 if (p == NULL)
851 goto out;
850 }
851
852 if (total) {
853 printf("\nResourceRecords:\n");
854 for (i=0;i<total;i++) {
855 int rdlen;
856 int restype;
857 p = fdata(p,"Name=[n1]\n#",maxbuf);
852 }
853
854 if (total) {
855 printf("\nResourceRecords:\n");
856 for (i=0;i<total;i++) {
857 int rdlen;
858 int restype;
859 p = fdata(p,"Name=[n1]\n#",maxbuf);
860 if (p == NULL)
861 goto out;
858 restype = RSVAL(p,0);
859 p = fdata(p,"ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n",p+8);
862 restype = RSVAL(p,0);
863 p = fdata(p,"ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n",p+8);
864 if (p == NULL)
865 goto out;
860 rdlen = RSVAL(p,0);
861 printf("ResourceLength=%d\nResourceData=\n",rdlen);
862 p += 2;
863 if (rdlen == 6) {
864 p = fdata(p,"AddrType=[rw]\nAddress=[b.b.b.b]\n",p+rdlen);
866 rdlen = RSVAL(p,0);
867 printf("ResourceLength=%d\nResourceData=\n",rdlen);
868 p += 2;
869 if (rdlen == 6) {
870 p = fdata(p,"AddrType=[rw]\nAddress=[b.b.b.b]\n",p+rdlen);
871 if (p == NULL)
872 goto out;
865 } else {
866 if (restype == 0x21) {
867 int numnames = CVAL(p,0);
868 p = fdata(p,"NumNames=[B]\n",p+1);
873 } else {
874 if (restype == 0x21) {
875 int numnames = CVAL(p,0);
876 p = fdata(p,"NumNames=[B]\n",p+1);
877 if (p == NULL)
878 goto out;
869 while (numnames--) {
879 while (numnames--) {
870 char flags[128]="";
871 p = fdata(p,"Name=[n2]\t#",maxbuf);
880 p = fdata(p,"Name=[n2]\t#",maxbuf);
872 if (p[0] & 0x80) strcat(flags,"<GROUP> ");
873 if ((p[0] & 0x60) == 0x00) strcat(flags,"B ");
874 if ((p[0] & 0x60) == 0x20) strcat(flags,"P ");
875 if ((p[0] & 0x60) == 0x40) strcat(flags,"M ");
876 if ((p[0] & 0x60) == 0x60) strcat(flags,"_ ");
877 if (p[0] & 0x10) strcat(flags,"<DEREGISTERING> ");
878 if (p[0] & 0x08) strcat(flags,"<CONFLICT> ");
879 if (p[0] & 0x04) strcat(flags,"<ACTIVE> ");
880 if (p[0] & 0x02) strcat(flags,"<PERMANENT> ");
881 printf("%s\n",flags);
881 if (p[0] & 0x80) printf("<GROUP> ");
882 switch (p[0] & 0x60) {
883 case 0x00: printf("B "); break;
884 case 0x20: printf("P "); break;
885 case 0x40: printf("M "); break;
886 case 0x60: printf("_ "); break;
887 }
888 if (p[0] & 0x10) printf("<DEREGISTERING> ");
889 if (p[0] & 0x08) printf("<CONFLICT> ");
890 if (p[0] & 0x04) printf("<ACTIVE> ");
891 if (p[0] & 0x02) printf("<PERMANENT> ");
892 printf("\n");
882 p += 2;
883 }
884 } else {
885 print_data(p,rdlen);
886 p += rdlen;
887 }
888 }
889 }
890 }
891 }
892
893 if ((uchar*)p < maxbuf) {
894 fdata(p,"AdditionalData:\n",maxbuf);
895 }
896
893 p += 2;
894 }
895 } else {
896 print_data(p,rdlen);
897 p += rdlen;
898 }
899 }
900 }
901 }
902 }
903
904 if ((uchar*)p < maxbuf) {
905 fdata(p,"AdditionalData:\n",maxbuf);
906 }
907
908out:
897 printf("\n");
898 fflush(stdout);
899}
900
901
902
903/*
904 print a NBT packet received across udp on port 138
905*/
906void nbt_udp138_print(const uchar *data, int length)
907{
908 const uchar *maxbuf = data + length;
909 startbuf = data;
910 if (maxbuf <= data) return;
911
912 data = fdata(data,"\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#",maxbuf);
913
909 printf("\n");
910 fflush(stdout);
911}
912
913
914
915/*
916 print a NBT packet received across udp on port 138
917*/
918void nbt_udp138_print(const uchar *data, int length)
919{
920 const uchar *maxbuf = data + length;
921 startbuf = data;
922 if (maxbuf <= data) return;
923
924 data = fdata(data,"\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#",maxbuf);
925
914 print_smb(data,maxbuf);
926 if (data != NULL)
927 print_smb(data,maxbuf);
915
916 printf("\n");
917 fflush(stdout);
918}
919
920
921
922/*
923 print netbeui frames
924*/
928
929 printf("\n");
930 fflush(stdout);
931}
932
933
934
935/*
936 print netbeui frames
937*/
925void netbeui_print(const uchar *data, const uchar *maxbuf)
938void netbeui_print(u_short control, const uchar *data, const uchar *maxbuf)
926{
939{
927 int len = SVAL(data,1);
928 int command = CVAL(data,5);
929 const uchar *data2 = data + 1 + len;
940 int len = SVAL(data,0);
941 int command = CVAL(data,4);
942 const uchar *data2 = data + len;
943 int is_truncated = 0;
930
944
945 if (data2 >= maxbuf) {
946 data2 = maxbuf;
947 is_truncated = 1;
948 }
949
931 startbuf = data;
932
950 startbuf = data;
951
933 data = fdata(data,"\n>>> NetBeui Packet\nType=[B] Length=[d] Signature=[w] Command=[B]\n#",maxbuf);
952 printf("\n>>> NetBeui Packet\nType=0x%X ", control);
953 data = fdata(data,"Length=[d] Signature=[w] Command=[B]\n#",maxbuf);
954 if (data == NULL)
955 goto out;
934
935 switch (command) {
936 case 0xA:
937 data = fdata(data,"NameQuery:[P1]\nSessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nDestination=[n2]\nSource=[n2]\n",data2);
938 break;
939
940 case 0x8:
941 data = fdata(data,"NetbiosDataGram:[P7]\nDestination=[n2]\nSource=[n2]\n",data2);

--- 18 unchanged lines hidden (view full) ---

960 case 0x14:
961 data = fdata(data,"NetbiosDataAck:\n[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2);
962 break;
963
964 case 0x18:
965 data = fdata(data,"SessionEnd:\n[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2);
966 break;
967
956
957 switch (command) {
958 case 0xA:
959 data = fdata(data,"NameQuery:[P1]\nSessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nDestination=[n2]\nSource=[n2]\n",data2);
960 break;
961
962 case 0x8:
963 data = fdata(data,"NetbiosDataGram:[P7]\nDestination=[n2]\nSource=[n2]\n",data2);

--- 18 unchanged lines hidden (view full) ---

982 case 0x14:
983 data = fdata(data,"NetbiosDataAck:\n[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2);
984 break;
985
986 case 0x18:
987 data = fdata(data,"SessionEnd:\n[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2);
988 break;
989
990 case 0x1f:
991 data = fdata(data,"SessionAlive\n",data2);
992 break;
993
968 default:
969 data = fdata(data,"Unknown Netbios Command ",data2);
970 break;
971 }
994 default:
995 data = fdata(data,"Unknown Netbios Command ",data2);
996 break;
997 }
998 if (data == NULL)
999 goto out;
972
1000
1001 if (is_truncated) {
1002 /* data2 was past the end of the buffer */
1003 goto out;
1004 }
1005
973 if (memcmp(data2,"\377SMB",4)==0) {
974 print_smb(data2,maxbuf);
975 } else {
976 int i;
977 for (i=0;i<128;i++) {
1006 if (memcmp(data2,"\377SMB",4)==0) {
1007 print_smb(data2,maxbuf);
1008 } else {
1009 int i;
1010 for (i=0;i<128;i++) {
1011 if (&data2[i] >= maxbuf)
1012 break;
978 if (memcmp(&data2[i],"\377SMB",4)==0) {
979 printf("found SMB packet at %d\n", i);
980 print_smb(&data2[i],maxbuf);
981 break;
982 }
983 }
984 }
985
1013 if (memcmp(&data2[i],"\377SMB",4)==0) {
1014 printf("found SMB packet at %d\n", i);
1015 print_smb(&data2[i],maxbuf);
1016 break;
1017 }
1018 }
1019 }
1020
1021out:
986 printf("\n");
987}
988
989
990/*
991 print IPX-Netbios frames
992*/
993void ipx_netbios_print(const uchar *data, const uchar *maxbuf)
994{
995 /* this is a hack till I work out how to parse the rest of the IPX stuff */
996 int i;
997 startbuf = data;
998 for (i=0;i<128;i++)
999 if (memcmp(&data[i],"\377SMB",4)==0) {
1000 fdata(data,"\n>>> IPX transport ",&data[i]);
1022 printf("\n");
1023}
1024
1025
1026/*
1027 print IPX-Netbios frames
1028*/
1029void ipx_netbios_print(const uchar *data, const uchar *maxbuf)
1030{
1031 /* this is a hack till I work out how to parse the rest of the IPX stuff */
1032 int i;
1033 startbuf = data;
1034 for (i=0;i<128;i++)
1035 if (memcmp(&data[i],"\377SMB",4)==0) {
1036 fdata(data,"\n>>> IPX transport ",&data[i]);
1001 print_smb(&data[i],maxbuf);
1037 if (data != NULL)
1038 print_smb(&data[i],maxbuf);
1002 printf("\n");
1003 fflush(stdout);
1004 break;
1005 }
1006 if (i==128)
1007 fdata(data,"\n>>> Unknown IPX ",maxbuf);
1008}
1039 printf("\n");
1040 fflush(stdout);
1041 break;
1042 }
1043 if (i==128)
1044 fdata(data,"\n>>> Unknown IPX ",maxbuf);
1045}