/* \summary: SMB/CIFS printer */
#ifdef HAVE_CONFIG_H
-#include "config.h"
+#include <config.h>
#endif
-#include <netdissect-stdinc.h>
+#include "netdissect-stdinc.h"
#include <string.h>
#include "extract.h"
#include "smb.h"
-static const char tstr[] = "[|SMB]";
static int request = 0;
static int unicodestr = 0;
smb_fdata(ndo, param, fmt, param + pcnt, unicodestr);
if (dcnt) {
- ND_PRINT((ndo, "data:\n"));
- smb_print_data(ndo, data, dcnt);
+ ND_PRINT("data:\n");
+ smb_data_print(ndo, data, dcnt);
}
}
const char *fmt="";
if (request) {
- ND_TCHECK_2(param);
- level = EXTRACT_LE_U_2(param);
+ level = GET_LE_U_2(param);
fmt = "InfoLevel=[u]\n";
smb_fdata(ndo, param, fmt, param + pcnt, unicodestr);
} else {
smb_fdata(ndo, data, fmt, data + dcnt, unicodestr);
}
if (dcnt) {
- ND_PRINT((ndo, "data:\n"));
- smb_print_data(ndo, data, dcnt);
+ ND_PRINT("data:\n");
+ smb_data_print(ndo, data, dcnt);
}
- return;
-trunc:
- ND_PRINT((ndo, "%s", tstr));
}
static const struct smbfnsint trans2_fns[] = {
ND_TCHECK_1(words);
if (request) {
ND_TCHECK_2(w + (14 * 2));
- pcnt = EXTRACT_LE_U_2(w + 9 * 2);
- param = buf + EXTRACT_LE_U_2(w + 10 * 2);
- dcnt = EXTRACT_LE_U_2(w + 11 * 2);
- data = buf + EXTRACT_LE_U_2(w + 12 * 2);
- fn = smbfindint(EXTRACT_LE_U_2(w + 14 * 2), trans2_fns);
+ pcnt = GET_LE_U_2(w + 9 * 2);
+ param = buf + GET_LE_U_2(w + 10 * 2);
+ dcnt = GET_LE_U_2(w + 11 * 2);
+ data = buf + GET_LE_U_2(w + 12 * 2);
+ fn = smbfindint(GET_LE_U_2(w + 14 * 2), trans2_fns);
} else {
- if (EXTRACT_U_1(words) == 0) {
- ND_PRINT((ndo, "%s\n", fn->name));
- ND_PRINT((ndo, "Trans2Interim\n"));
+ if (GET_U_1(words) == 0) {
+ ND_PRINT("%s\n", fn->name);
+ ND_PRINT("Trans2Interim\n");
return;
}
ND_TCHECK_2(w + (7 * 2));
- pcnt = EXTRACT_LE_U_2(w + 3 * 2);
- param = buf + EXTRACT_LE_U_2(w + 4 * 2);
- dcnt = EXTRACT_LE_U_2(w + 6 * 2);
- data = buf + EXTRACT_LE_U_2(w + 7 * 2);
+ pcnt = GET_LE_U_2(w + 3 * 2);
+ param = buf + GET_LE_U_2(w + 4 * 2);
+ dcnt = GET_LE_U_2(w + 6 * 2);
+ data = buf + GET_LE_U_2(w + 7 * 2);
}
- ND_PRINT((ndo, "%s param_length=%u data_length=%u\n", fn->name, pcnt, dcnt));
+ ND_PRINT("%s param_length=%u data_length=%u\n", fn->name, pcnt, dcnt);
if (request) {
- if (EXTRACT_U_1(words) == 8) {
+ if (GET_U_1(words) == 8) {
smb_fdata(ndo, words + 1,
"Trans2Secondary\nTotParam=[u]\nTotData=[u]\nParamCnt=[u]\nParamOff=[u]\nParamDisp=[u]\nDataCnt=[u]\nDataOff=[u]\nDataDisp=[u]\nHandle=[u]\n",
maxbuf, unicodestr);
f2 = fn->descript.rep_f2;
}
- ND_TCHECK_2(dat);
- bcc = EXTRACT_LE_U_2(dat);
- ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
+ bcc = GET_LE_U_2(dat);
+ ND_PRINT("smb_bcc=%u\n", bcc);
if (fn->descript.fn)
(*fn->descript.fn)(ndo, param, data, pcnt, dcnt);
else {
}
return;
trunc:
- ND_PRINT((ndo, "%s", tstr));
+ nd_print_trunc(ndo);
}
static void
const u_char *maxbuf = data + datalen;
u_int command;
- ND_TCHECK_1(data);
- command = EXTRACT_U_1(data);
+ command = GET_U_1(data);
smb_fdata(ndo, param, "BROWSE PACKET\n|Param ", param+paramlen, unicodestr);
data = smb_fdata(ndo, data, "Unknown Browser Frame ", maxbuf, unicodestr);
break;
}
- return;
-trunc:
- ND_PRINT((ndo, "%s", tstr));
}
if (request) {
ND_TCHECK_2(w + (12 * 2));
- paramlen = EXTRACT_LE_U_2(w + 9 * 2);
- param = buf + EXTRACT_LE_U_2(w + 10 * 2);
- datalen = EXTRACT_LE_U_2(w + 11 * 2);
- data = buf + EXTRACT_LE_U_2(w + 12 * 2);
- f1 = "TotParamCnt=[u] \nTotDataCnt=[u] \nMaxParmCnt=[u] \nMaxDataCnt=[u]\nMaxSCnt=[u] \nTransFlags=[w] \nRes1=[w] \nRes2=[w] \nRes3=[w]\nParamCnt=[u] \nParamOff=[u] \nDataCnt=[u] \nDataOff=[u] \nSUCnt=[u]\n";
+ paramlen = GET_LE_U_2(w + 9 * 2);
+ param = buf + GET_LE_U_2(w + 10 * 2);
+ datalen = GET_LE_U_2(w + 11 * 2);
+ data = buf + GET_LE_U_2(w + 12 * 2);
+ f1 = "TotParamCnt=[u]\nTotDataCnt=[u]\nMaxParmCnt=[u]\nMaxDataCnt=[u]\nMaxSCnt=[u]\nTransFlags=[w]\nRes1=[w]\nRes2=[w]\nRes3=[w]\nParamCnt=[u]\nParamOff=[u]\nDataCnt=[u]\nDataOff=[u]\nSUCnt=[u]\n";
f2 = "|Name=[S]\n";
f3 = "|Param ";
f4 = "|Data ";
} else {
ND_TCHECK_2(w + (7 * 2));
- paramlen = EXTRACT_LE_U_2(w + 3 * 2);
- param = buf + EXTRACT_LE_U_2(w + 4 * 2);
- datalen = EXTRACT_LE_U_2(w + 6 * 2);
- data = buf + EXTRACT_LE_U_2(w + 7 * 2);
- f1 = "TotParamCnt=[u] \nTotDataCnt=[u] \nRes1=[u]\nParamCnt=[u] \nParamOff=[u] \nRes2=[u] \nDataCnt=[u] \nDataOff=[u] \nRes3=[u]\nLsetup=[u]\n";
+ paramlen = GET_LE_U_2(w + 3 * 2);
+ param = buf + GET_LE_U_2(w + 4 * 2);
+ datalen = GET_LE_U_2(w + 6 * 2);
+ data = buf + GET_LE_U_2(w + 7 * 2);
+ f1 = "TotParamCnt=[u]\nTotDataCnt=[u]\nRes1=[u]\nParamCnt=[u]\nParamOff=[u]\nRes2=[u]\nDataCnt=[u]\nDataOff=[u]\nRes3=[u]\nLsetup=[u]\n";
f2 = "|Unknown ";
f3 = "|Param ";
f4 = "|Data ";
}
smb_fdata(ndo, words + 1, f1,
- min(words + 1 + 2 * EXTRACT_U_1(words), maxbuf),
+ ND_MIN(words + 1 + 2 * GET_U_1(words), maxbuf),
unicodestr);
- ND_TCHECK_2(data1);
- bcc = EXTRACT_LE_U_2(data1);
- ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
+ bcc = GET_LE_U_2(data1);
+ ND_PRINT("smb_bcc=%u\n", bcc);
if (bcc > 0) {
smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr);
- if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) {
+#define MAILSLOT_BROWSE_STR "\\MAILSLOT\\BROWSE"
+ ND_TCHECK_LEN(data1 + 2, strlen(MAILSLOT_BROWSE_STR) + 1);
+ if (strcmp((const char *)(data1 + 2), MAILSLOT_BROWSE_STR) == 0) {
print_browse(ndo, param, paramlen, data, datalen);
return;
}
+#undef MAILSLOT_BROWSE_STR
- if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) {
+#define PIPE_LANMAN_STR "\\PIPE\\LANMAN"
+ ND_TCHECK_LEN(data1 + 2, strlen(PIPE_LANMAN_STR) + 1);
+ if (strcmp((const char *)(data1 + 2), PIPE_LANMAN_STR) == 0) {
print_ipc(ndo, param, paramlen, data, datalen);
return;
}
+#undef PIPE_LANMAN_STR
if (paramlen)
- smb_fdata(ndo, param, f3, min(param + paramlen, maxbuf), unicodestr);
+ smb_fdata(ndo, param, f3, ND_MIN(param + paramlen, maxbuf), unicodestr);
if (datalen)
- smb_fdata(ndo, data, f4, min(data + datalen, maxbuf), unicodestr);
+ smb_fdata(ndo, data, f4, ND_MIN(data + datalen, maxbuf), unicodestr);
}
return;
trunc:
- ND_PRINT((ndo, "%s", tstr));
+ nd_print_trunc(ndo);
}
u_int wct, bcc;
const char *f1 = NULL, *f2 = NULL;
- ND_TCHECK_1(words);
- wct = EXTRACT_U_1(words);
+ wct = GET_U_1(words);
if (request)
f2 = "*|Dialect=[Y]\n";
else {
}
if (f1)
- smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf),
+ smb_fdata(ndo, words + 1, f1, ND_MIN(words + 1 + wct * 2, maxbuf),
unicodestr);
else
- smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1)));
+ smb_data_print(ndo, words + 1, ND_MIN(wct * 2, ND_BYTES_BETWEEN(maxbuf, words + 1)));
- ND_TCHECK_2(data);
- bcc = EXTRACT_LE_U_2(data);
- ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
+ bcc = GET_LE_U_2(data);
+ ND_PRINT("smb_bcc=%u\n", bcc);
if (bcc > 0) {
if (f2)
- smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data),
+ smb_fdata(ndo, data + 2, f2, ND_MIN(data + 2 + GET_LE_U_2(data),
maxbuf), unicodestr);
else
- smb_print_data(ndo, data + 2,
- min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2)));
+ smb_data_print(ndo, data + 2,
+ ND_MIN(GET_LE_U_2(data), ND_BYTES_BETWEEN(maxbuf, data + 2)));
}
- return;
-trunc:
- ND_PRINT((ndo, "%s", tstr));
}
static void
u_int wct, bcc;
const char *f1 = NULL, *f2 = NULL;
- ND_TCHECK_1(words);
- wct = EXTRACT_U_1(words);
+ wct = GET_U_1(words);
if (request) {
if (wct == 10)
f1 = "Com2=[w]\nOff2=[u]\nBufSize=[u]\nMpxMax=[u]\nVcNum=[u]\nSessionKey=[W]\nPassLen=[u]\nCryptLen=[u]\nCryptOff=[u]\nPass&Name=\n";
}
if (f1)
- smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf),
+ smb_fdata(ndo, words + 1, f1, ND_MIN(words + 1 + wct * 2, maxbuf),
unicodestr);
else
- smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1)));
+ smb_data_print(ndo, words + 1, ND_MIN(wct * 2, ND_BYTES_BETWEEN(maxbuf, words + 1)));
- ND_TCHECK_2(data);
- bcc = EXTRACT_LE_U_2(data);
- ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
+ bcc = GET_LE_U_2(data);
+ ND_PRINT("smb_bcc=%u\n", bcc);
if (bcc > 0) {
if (f2)
- smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data),
+ smb_fdata(ndo, data + 2, f2, ND_MIN(data + 2 + GET_LE_U_2(data),
maxbuf), unicodestr);
else
- smb_print_data(ndo, data + 2,
- min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2)));
+ smb_data_print(ndo, data + 2,
+ ND_MIN(GET_LE_U_2(data), ND_BYTES_BETWEEN(maxbuf, data + 2)));
}
- return;
-trunc:
- ND_PRINT((ndo, "%s", tstr));
}
static void
const u_char *maxwords;
const char *f1 = NULL, *f2 = NULL;
- ND_TCHECK_1(words);
- wct = EXTRACT_U_1(words);
+ wct = GET_U_1(words);
if (request) {
f1 = "Com2=[w]\nOff2=[u]\nHandle=[u]\nLockType=[w]\nTimeOut=[D]\nUnlockCount=[u]\nLockCount=[u]\n";
- ND_TCHECK_1(words + 7);
- if (EXTRACT_U_1(words + 7) & 0x10)
+ if (GET_U_1(words + 7) & 0x10)
f2 = "*Process=[u]\n[P2]Offset=[M]\nLength=[M]\n";
else
f2 = "*Process=[u]\nOffset=[D]\nLength=[U]\n";
f1 = "Com2=[w]\nOff2=[u]\n";
}
- maxwords = min(words + 1 + wct * 2, maxbuf);
+ maxwords = ND_MIN(words + 1 + wct * 2, maxbuf);
if (wct)
smb_fdata(ndo, words + 1, f1, maxwords, unicodestr);
- ND_TCHECK_2(data);
- bcc = EXTRACT_LE_U_2(data);
- ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
+ bcc = GET_LE_U_2(data);
+ ND_PRINT("smb_bcc=%u\n", bcc);
if (bcc > 0) {
if (f2)
- smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data),
+ smb_fdata(ndo, data + 2, f2, ND_MIN(data + 2 + GET_LE_U_2(data),
maxbuf), unicodestr);
else
- smb_print_data(ndo, data + 2,
- min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2)));
+ smb_data_print(ndo, data + 2,
+ ND_MIN(GET_LE_U_2(data), ND_BYTES_BETWEEN(maxbuf, data + 2)));
}
- return;
-trunc:
- ND_PRINT((ndo, "%s", tstr));
}
"[P4]SMB Command = [B]\nError class = [BP1]\nError code = [u]\nFlags1 = [B]\nFlags2 = [B][P13]\nTree ID = [u]\nProc ID = [u]\nUID = [u]\nMID = [u]\nWord Count = [b]\n";
u_int smboffset;
- ND_TCHECK_1(buf + 9);
- request = (EXTRACT_U_1(buf + 9) & 0x80) ? 0 : 1;
+ ndo->ndo_protocol = "smb";
+
+ request = (GET_U_1(buf + 9) & 0x80) ? 0 : 1;
startbuf = buf;
- command = EXTRACT_U_1(buf + 4);
+ command = GET_U_1(buf + 4);
fn = smbfind(command, smb_fns);
if (ndo->ndo_vflag > 1)
- ND_PRINT((ndo, "\n"));
+ ND_PRINT("\n");
- ND_PRINT((ndo, "SMB PACKET: %s (%s)\n", fn->name, request ? "REQUEST" : "REPLY"));
+ ND_PRINT("SMB PACKET: %s (%s)", fn->name, request ? "REQUEST" : "REPLY");
if (ndo->ndo_vflag < 2)
return;
- ND_TCHECK_2(buf + 10);
- flags2 = EXTRACT_LE_U_2(buf + 10);
+ ND_PRINT("\n");
+ flags2 = GET_LE_U_2(buf + 10);
unicodestr = flags2 & 0x8000;
nterrcodes = flags2 & 0x4000;
smb_fdata(ndo, buf, fmt_smbheader, buf + 33, unicodestr);
if (nterrcodes) {
- nterror = EXTRACT_LE_U_4(buf + 5);
+ nterror = GET_LE_U_4(buf + 5);
if (nterror)
- ND_PRINT((ndo, "NTError = %s\n", nt_errstr(nterror)));
+ ND_PRINT("NTError = %s\n", nt_errstr(nterror));
} else {
- if (EXTRACT_U_1(buf + 5))
- ND_PRINT((ndo, "SMBError = %s\n", smb_errstr(EXTRACT_U_1(buf + 5),
- EXTRACT_LE_U_2(buf + 7))));
+ if (GET_U_1(buf + 5))
+ ND_PRINT("SMBError = %s\n", smb_errstr(GET_U_1(buf + 5),
+ GET_LE_U_2(buf + 7)));
}
smboffset = 32;
u_int newsmboffset;
words = buf + smboffset;
- ND_TCHECK_1(words);
- wct = EXTRACT_U_1(words);
+ wct = GET_U_1(words);
data = words + 1 + wct * 2;
- maxwords = min(data, maxbuf);
+ maxwords = ND_MIN(data, maxbuf);
if (request) {
f1 = fn->descript.req_f1;
f2 = fn->descript.rep_f2;
}
+ smb_reset();
if (fn->descript.fn)
(*fn->descript.fn)(ndo, words, data, buf, maxbuf);
else {
u_int v;
for (i = 0; words + 1 + 2 * i < maxwords; i++) {
- ND_TCHECK_2(words + 1 + 2 * i);
- v = EXTRACT_LE_U_2(words + 1 + 2 * i);
- ND_PRINT((ndo, "smb_vwv[%u]=%u (0x%X)\n", i, v, v));
+ v = GET_LE_U_2(words + 1 + 2 * i);
+ ND_PRINT("smb_vwv[%u]=%u (0x%X)\n", i, v, v);
}
}
}
- ND_TCHECK_2(data);
- bcc = EXTRACT_LE_U_2(data);
- ND_PRINT((ndo, "smb_bcc=%u\n", bcc));
+ bcc = GET_LE_U_2(data);
+ ND_PRINT("smb_bcc=%u\n", bcc);
if (f2) {
if (bcc > 0)
smb_fdata(ndo, data + 2, f2, data + 2 + bcc, unicodestr);
} else {
if (bcc > 0) {
- ND_PRINT((ndo, "smb_buf[]=\n"));
- smb_print_data(ndo, data + 2, min(bcc, PTR_DIFF(maxbuf, data + 2)));
+ ND_PRINT("smb_buf[]=\n");
+ smb_data_print(ndo, data + 2, ND_MIN(bcc, ND_BYTES_BETWEEN(maxbuf, data + 2)));
}
}
}
break;
if (wct == 0)
break;
- ND_TCHECK_1(words + 1);
- command = EXTRACT_U_1(words + 1);
+ command = GET_U_1(words + 1);
if (command == 0xFF)
break;
- ND_TCHECK_2(words + 3);
- newsmboffset = EXTRACT_LE_U_2(words + 3);
+ newsmboffset = GET_LE_U_2(words + 3);
fn = smbfind(command, smb_fns);
- ND_PRINT((ndo, "\nSMB PACKET: %s (%s) (CHAINED)\n",
- fn->name, request ? "REQUEST" : "REPLY"));
+ ND_PRINT("\nSMB PACKET: %s (%s) (CHAINED)\n",
+ fn->name, request ? "REQUEST" : "REPLY");
if (newsmboffset <= smboffset) {
- ND_PRINT((ndo, "Bad andX offset: %u <= %u\n", newsmboffset, smboffset));
+ ND_PRINT("Bad andX offset: %u <= %u\n", newsmboffset, smboffset);
break;
}
smboffset = newsmboffset;
}
-
- ND_PRINT((ndo, "\n"));
- return;
-trunc:
- ND_PRINT((ndo, "%s", tstr));
}
u_int nbt_len;
const u_char *maxbuf;
+ ndo->ndo_protocol = "nbt_tcp";
if (length < 4)
goto trunc;
if (ndo->ndo_snapend < data)
goto trunc;
- caplen = ndo->ndo_snapend - data;
+ caplen = ND_BYTES_AVAILABLE_AFTER(data);
if (caplen < 4)
goto trunc;
maxbuf = data + caplen;
- ND_TCHECK_1(data);
- type = EXTRACT_U_1(data);
- ND_TCHECK_2(data + 2);
- nbt_len = EXTRACT_BE_U_2(data + 2);
+ type = GET_U_1(data);
+ nbt_len = GET_BE_U_2(data + 2);
length -= 4;
caplen -= 4;
startbuf = data;
if (ndo->ndo_vflag < 2) {
- ND_PRINT((ndo, " NBT Session Packet: "));
+ ND_PRINT(" NBT Session Packet: ");
switch (type) {
case 0x00:
- ND_PRINT((ndo, "Session Message"));
+ ND_PRINT("Session Message");
break;
case 0x81:
- ND_PRINT((ndo, "Session Request"));
+ ND_PRINT("Session Request");
break;
case 0x82:
- ND_PRINT((ndo, "Session Granted"));
+ ND_PRINT("Session Granted");
break;
case 0x83:
goto trunc;
if (caplen < 4)
goto trunc;
- ecode = EXTRACT_U_1(data + 4);
+ ecode = GET_U_1(data + 4);
- ND_PRINT((ndo, "Session Reject, "));
+ ND_PRINT("Session Reject, ");
switch (ecode) {
case 0x80:
- ND_PRINT((ndo, "Not listening on called name"));
+ ND_PRINT("Not listening on called name");
break;
case 0x81:
- ND_PRINT((ndo, "Not listening for calling name"));
+ ND_PRINT("Not listening for calling name");
break;
case 0x82:
- ND_PRINT((ndo, "Called name not present"));
+ ND_PRINT("Called name not present");
break;
case 0x83:
- ND_PRINT((ndo, "Called name present, but insufficient resources"));
+ ND_PRINT("Called name present, but insufficient resources");
break;
default:
- ND_PRINT((ndo, "Unspecified error 0x%X", ecode));
+ ND_PRINT("Unspecified error 0x%X", ecode);
break;
}
}
break;
case 0x85:
- ND_PRINT((ndo, "Session Keepalive"));
+ ND_PRINT("Session Keepalive");
break;
default:
break;
}
} else {
- ND_PRINT((ndo, "\n>>> NBT Session Packet\n"));
+ ND_PRINT("\n>>> NBT Session Packet\n");
switch (type) {
case 0x00:
data = smb_fdata(ndo, data, "[P1]NBT Session Message\nFlags=[B]\nLength=[ru]\n",
if (nbt_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) {
if (nbt_len > caplen) {
if (nbt_len > length)
- ND_PRINT((ndo, "WARNING: Packet is continued in later TCP segments\n"));
+ ND_PRINT("WARNING: Packet is continued in later TCP segments\n");
else
- ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length by %u\n",
- nbt_len - caplen));
+ ND_PRINT("WARNING: Short packet. Try increasing the snap length by %u\n",
+ nbt_len - caplen);
}
print_smb(ndo, data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf);
} else
- ND_PRINT((ndo, "Session packet:(raw data or continuation?)\n"));
+ ND_PRINT("Session packet:(raw data or continuation?)\n");
break;
case 0x81:
if (data == NULL)
break;
if (nbt_len >= 1 && caplen >= 1) {
- ecode = EXTRACT_U_1(origdata + 4);
+ ecode = GET_U_1(origdata + 4);
switch (ecode) {
case 0x80:
- ND_PRINT((ndo, "Not listening on called name\n"));
+ ND_PRINT("Not listening on called name\n");
break;
case 0x81:
- ND_PRINT((ndo, "Not listening for calling name\n"));
+ ND_PRINT("Not listening for calling name\n");
break;
case 0x82:
- ND_PRINT((ndo, "Called name not present\n"));
+ ND_PRINT("Called name not present\n");
break;
case 0x83:
- ND_PRINT((ndo, "Called name present, but insufficient resources\n"));
+ ND_PRINT("Called name present, but insufficient resources\n");
break;
default:
- ND_PRINT((ndo, "Unspecified error 0x%X\n", ecode));
+ ND_PRINT("Unspecified error 0x%X\n", ecode);
break;
}
}
data = smb_fdata(ndo, data, "NBT - Unknown packet type\nType=[B]\n", maxbuf, 0);
break;
}
- ND_PRINT((ndo, "\n"));
}
return;
trunc:
- ND_PRINT((ndo, "%s", tstr));
+ nd_print_trunc(ndo);
}
static const struct tok opcode_str[] = {
const u_char *p;
u_int total, i;
- ND_TCHECK_2(data + 10);
- name_trn_id = EXTRACT_BE_U_2(data);
- response = (EXTRACT_U_1(data + 2) >> 7);
- opcode = (EXTRACT_U_1(data + 2) >> 3) & 0xF;
- nm_flags = ((EXTRACT_U_1(data + 2) & 0x7) << 4) + (EXTRACT_U_1(data + 3) >> 4);
- rcode = EXTRACT_U_1(data + 3) & 0xF;
- qdcount = EXTRACT_BE_U_2(data + 4);
- ancount = EXTRACT_BE_U_2(data + 6);
- nscount = EXTRACT_BE_U_2(data + 8);
- arcount = EXTRACT_BE_U_2(data + 10);
+ ndo->ndo_protocol = "nbt_udp137";
+ name_trn_id = GET_BE_U_2(data);
+ response = (GET_U_1(data + 2) >> 7);
+ opcode = (GET_U_1(data + 2) >> 3) & 0xF;
+ nm_flags = ((GET_U_1(data + 2) & 0x7) << 4) + (GET_U_1(data + 3) >> 4);
+ rcode = GET_U_1(data + 3) & 0xF;
+ qdcount = GET_BE_U_2(data + 4);
+ ancount = GET_BE_U_2(data + 6);
+ nscount = GET_BE_U_2(data + 8);
+ arcount = GET_BE_U_2(data + 10);
startbuf = data;
if (maxbuf <= data)
return;
if (ndo->ndo_vflag > 1)
- ND_PRINT((ndo, "\n>>> "));
+ ND_PRINT("\n>>> ");
- ND_PRINT((ndo, "NBT UDP PACKET(137): %s", tok2str(opcode_str, "OPUNKNOWN", opcode)));
+ ND_PRINT("NBT UDP PACKET(137): %s", tok2str(opcode_str, "OPUNKNOWN", opcode));
if (response) {
- ND_PRINT((ndo, "; %s", rcode ? "NEGATIVE" : "POSITIVE"));
+ ND_PRINT("; %s", rcode ? "NEGATIVE" : "POSITIVE");
}
- ND_PRINT((ndo, "; %s; %s", response ? "RESPONSE" : "REQUEST",
- (nm_flags & 1) ? "BROADCAST" : "UNICAST"));
+ ND_PRINT("; %s; %s", response ? "RESPONSE" : "REQUEST",
+ (nm_flags & 1) ? "BROADCAST" : "UNICAST");
if (ndo->ndo_vflag < 2)
return;
- ND_PRINT((ndo, "\nTrnID=0x%X\nOpCode=%u\nNmFlags=0x%X\nRcode=%u\nQueryCount=%u\nAnswerCount=%u\nAuthorityCount=%u\nAddressRecCount=%u\n",
+ ND_PRINT("\nTrnID=0x%X\nOpCode=%u\nNmFlags=0x%X\nRcode=%u\nQueryCount=%u\nAnswerCount=%u\nAuthorityCount=%u\nAddressRecCount=%u\n",
name_trn_id, opcode, nm_flags, rcode, qdcount, ancount, nscount,
- arcount));
+ arcount);
p = data + 12;
total = ancount + nscount + arcount;
if (qdcount > 100 || total > 100) {
- ND_PRINT((ndo, "Corrupt packet??\n"));
+ ND_PRINT("Corrupt packet??\n");
return;
}
if (qdcount) {
- ND_PRINT((ndo, "QuestionRecords:\n"));
+ ND_PRINT("QuestionRecords:\n");
for (i = 0; i < qdcount; i++) {
p = smb_fdata(ndo, p,
"|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#",
}
if (total) {
- ND_PRINT((ndo, "\nResourceRecords:\n"));
+ ND_PRINT("\nResourceRecords:\n");
for (i = 0; i < total; i++) {
u_int rdlen;
u_int restype;
p = smb_fdata(ndo, p, "Name=[n1]\n#", maxbuf, 0);
if (p == NULL)
goto out;
- ND_TCHECK_2(p);
- restype = EXTRACT_BE_U_2(p);
+ restype = GET_BE_U_2(p);
p = smb_fdata(ndo, p, "ResType=[rw]\nResClass=[rw]\nTTL=[rU]\n", p + 8, 0);
if (p == NULL)
goto out;
- ND_TCHECK_2(p);
- rdlen = EXTRACT_BE_U_2(p);
- ND_PRINT((ndo, "ResourceLength=%u\nResourceData=\n", rdlen));
+ rdlen = GET_BE_U_2(p);
+ ND_PRINT("ResourceLength=%u\nResourceData=\n", rdlen);
p += 2;
if (rdlen == 6) {
p = smb_fdata(ndo, p, "AddrType=[rw]\nAddress=[b.b.b.b]\n", p + rdlen, 0);
if (restype == 0x21) {
u_int numnames;
- ND_TCHECK_1(p);
- numnames = EXTRACT_U_1(p);
+ numnames = GET_U_1(p);
p = smb_fdata(ndo, p, "NumNames=[B]\n", p + 1, 0);
if (p == NULL)
goto out;
- while (numnames--) {
+ while (numnames) {
p = smb_fdata(ndo, p, "Name=[n2]\t#", maxbuf, 0);
if (p == NULL)
goto out;
ND_TCHECK_1(p);
if (p >= maxbuf)
goto out;
- if (EXTRACT_U_1(p) & 0x80)
- ND_PRINT((ndo, "<GROUP> "));
- switch (EXTRACT_U_1(p) & 0x60) {
- case 0x00: ND_PRINT((ndo, "B ")); break;
- case 0x20: ND_PRINT((ndo, "P ")); break;
- case 0x40: ND_PRINT((ndo, "M ")); break;
- case 0x60: ND_PRINT((ndo, "_ ")); break;
+ if (GET_U_1(p) & 0x80)
+ ND_PRINT("<GROUP> ");
+ switch (GET_U_1(p) & 0x60) {
+ case 0x00: ND_PRINT("B "); break;
+ case 0x20: ND_PRINT("P "); break;
+ case 0x40: ND_PRINT("M "); break;
+ case 0x60: ND_PRINT("_ "); break;
}
- if (EXTRACT_U_1(p) & 0x10)
- ND_PRINT((ndo, "<DEREGISTERING> "));
- if (EXTRACT_U_1(p) & 0x08)
- ND_PRINT((ndo, "<CONFLICT> "));
- if (EXTRACT_U_1(p) & 0x04)
- ND_PRINT((ndo, "<ACTIVE> "));
- if (EXTRACT_U_1(p) & 0x02)
- ND_PRINT((ndo, "<PERMANENT> "));
- ND_PRINT((ndo, "\n"));
+ if (GET_U_1(p) & 0x10)
+ ND_PRINT("<DEREGISTERING> ");
+ if (GET_U_1(p) & 0x08)
+ ND_PRINT("<CONFLICT> ");
+ if (GET_U_1(p) & 0x04)
+ ND_PRINT("<ACTIVE> ");
+ if (GET_U_1(p) & 0x02)
+ ND_PRINT("<PERMANENT> ");
+ ND_PRINT("\n");
p += 2;
+ numnames--;
}
} else {
if (p >= maxbuf)
goto out;
- smb_print_data(ndo, p, min(rdlen, length - (p - data)));
+ smb_data_print(ndo, p, ND_MIN(rdlen, length - ND_BYTES_BETWEEN(p, data)));
p += rdlen;
}
}
smb_fdata(ndo, p, "AdditionalData:\n", maxbuf, 0);
out:
- ND_PRINT((ndo, "\n"));
return;
trunc:
- ND_PRINT((ndo, "%s", tstr));
+ nd_print_trunc(ndo);
}
/*
u_int smb_len;
const u_char *maxbuf;
+ ndo->ndo_protocol = "smb_tcp";
if (length < 4)
goto trunc;
if (ndo->ndo_snapend < data)
goto trunc;
- caplen = ndo->ndo_snapend - data;
+ caplen = ND_BYTES_AVAILABLE_AFTER(data);
if (caplen < 4)
goto trunc;
maxbuf = data + caplen;
- smb_len = EXTRACT_BE_U_3(data + 1);
+ smb_len = GET_BE_U_3(data + 1);
length -= 4;
caplen -= 4;
if (smb_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) {
if (smb_len > caplen) {
if (smb_len > length)
- ND_PRINT((ndo, " WARNING: Packet is continued in later TCP segments\n"));
+ ND_PRINT(" WARNING: Packet is continued in later TCP segments\n");
else
- ND_PRINT((ndo, " WARNING: Short packet. Try increasing the snap length by %u\n",
- smb_len - caplen));
+ ND_PRINT(" WARNING: Short packet. Try increasing the snap length by %u\n",
+ smb_len - caplen);
} else
- ND_PRINT((ndo, " "));
+ ND_PRINT(" ");
print_smb(ndo, data, maxbuf > data + smb_len ? data + smb_len : maxbuf);
} else
- ND_PRINT((ndo, " SMB-over-TCP packet:(raw data or continuation?)\n"));
+ ND_PRINT(" SMB-over-TCP packet:(raw data or continuation?)\n");
return;
trunc:
- ND_PRINT((ndo, "%s", tstr));
+ nd_print_trunc(ndo);
}
/*
{
const u_char *maxbuf = data + length;
+ ndo->ndo_protocol = "nbt_udp138";
if (maxbuf > ndo->ndo_snapend)
maxbuf = ndo->ndo_snapend;
if (maxbuf <= data)
startbuf = data;
if (ndo->ndo_vflag < 2) {
- ND_PRINT((ndo, "NBT UDP PACKET(138)"));
+ ND_PRINT("NBT UDP PACKET(138)");
return;
}
print_smb(ndo, data, maxbuf);
}
out:
- ND_PRINT((ndo, "\n"));
+ return;
}
const u_char *data2;
int is_truncated = 0;
+ ndo->ndo_protocol = "netbeui";
if (maxbuf > ndo->ndo_snapend)
maxbuf = ndo->ndo_snapend;
- ND_TCHECK_1(data + 4);
- len = EXTRACT_LE_U_2(data);
- command = EXTRACT_U_1(data + 4);
+ len = GET_LE_U_2(data);
+ command = GET_U_1(data + 4);
data2 = data + len;
if (data2 >= maxbuf) {
data2 = maxbuf;
startbuf = data;
if (ndo->ndo_vflag < 2) {
- ND_PRINT((ndo, "NBF Packet: "));
+ ND_PRINT("NBF Packet: ");
data = smb_fdata(ndo, data, "[P5]#", maxbuf, 0);
} else {
- ND_PRINT((ndo, "\n>>> NBF Packet\nType=0x%X ", control));
+ ND_PRINT("\n>>> NBF Packet\nType=0x%X ", control);
data = smb_fdata(ndo, data, "Length=[u] Signature=[w] Command=[B]\n#", maxbuf, 0);
}
if (data == NULL)
data = smb_fdata(ndo, data, "Unknown NBF Command\n", data2, 0);
} else {
if (ndo->ndo_vflag < 2) {
- ND_PRINT((ndo, "%s", nbf_strings[command].name));
+ ND_PRINT("%s", nbf_strings[command].name);
if (nbf_strings[command].nonverbose != NULL)
data = smb_fdata(ndo, data, nbf_strings[command].nonverbose, data2, 0);
} else {
- ND_PRINT((ndo, "%s:\n", nbf_strings[command].name));
+ ND_PRINT("%s:\n", nbf_strings[command].name);
if (nbf_strings[command].verbose != NULL)
data = smb_fdata(ndo, data, nbf_strings[command].verbose, data2, 0);
else
- ND_PRINT((ndo, "\n"));
+ ND_PRINT("\n");
}
}
if ((data2 + i + 3) >= maxbuf)
break;
if (memcmp(data2 + i, "\377SMB", 4) == 0) {
- ND_PRINT((ndo, "found SMB packet at %u\n", i));
+ ND_PRINT("found SMB packet at %u\n", i);
print_smb(ndo, data2 + i, maxbuf);
break;
}
}
out:
- ND_PRINT((ndo, "\n"));
return;
-trunc:
- ND_PRINT((ndo, "%s", tstr));
}
u_int i;
const u_char *maxbuf;
+ ndo->ndo_protocol = "ipx_netbios";
maxbuf = data + length;
/* Don't go past the end of the captured data in the packet. */
if (maxbuf > ndo->ndo_snapend)
if (memcmp(data + i, "\377SMB", 4) == 0) {
smb_fdata(ndo, data, "\n>>> IPX transport ", data + i, 0);
print_smb(ndo, data + i, maxbuf);
- ND_PRINT((ndo, "\n"));
break;
}
}
projects / tcpdump / blobdiff