X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/39a7d38ee8332a8e70dff64676cc488443a5b76f..refs/pull/1034/head:/print-smb.c diff --git a/print-smb.c b/print-smb.c index 6c84f733..bcd7363d 100644 --- a/print-smb.c +++ b/print-smb.c @@ -9,10 +9,10 @@ /* \summary: SMB/CIFS printer */ #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif -#include +#include "netdissect-stdinc.h" #include @@ -20,7 +20,6 @@ #include "extract.h" #include "smb.h" -static const char tstr[] = "[|SMB]"; static int request = 0; static int unicodestr = 0; @@ -102,8 +101,8 @@ trans2_findfirst(netdissect_options *ndo, smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); if (dcnt) { - ND_PRINT((ndo, "data:\n")); - smb_print_data(ndo, data, dcnt); + ND_PRINT("data:\n"); + smb_data_print(ndo, data, dcnt); } } @@ -115,8 +114,7 @@ trans2_qfsinfo(netdissect_options *ndo, const char *fmt=""; if (request) { - ND_TCHECK_2(param); - level = EXTRACT_LE_U_2(param); + level = GET_LE_U_2(param); fmt = "InfoLevel=[u]\n"; smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); } else { @@ -137,12 +135,9 @@ trans2_qfsinfo(netdissect_options *ndo, smb_fdata(ndo, data, fmt, data + dcnt, unicodestr); } if (dcnt) { - ND_PRINT((ndo, "data:\n")); - smb_print_data(ndo, data, dcnt); + ND_PRINT("data:\n"); + smb_data_print(ndo, data, dcnt); } - return; -trunc: - ND_PRINT((ndo, "%s", tstr)); } static const struct smbfnsint trans2_fns[] = { @@ -184,28 +179,28 @@ print_trans2(netdissect_options *ndo, ND_TCHECK_1(words); if (request) { ND_TCHECK_2(w + (14 * 2)); - pcnt = EXTRACT_LE_U_2(w + 9 * 2); - param = buf + EXTRACT_LE_U_2(w + 10 * 2); - dcnt = EXTRACT_LE_U_2(w + 11 * 2); - data = buf + EXTRACT_LE_U_2(w + 12 * 2); - fn = smbfindint(EXTRACT_LE_U_2(w + 14 * 2), trans2_fns); + pcnt = GET_LE_U_2(w + 9 * 2); + param = buf + GET_LE_U_2(w + 10 * 2); + dcnt = GET_LE_U_2(w + 11 * 2); + data = buf + GET_LE_U_2(w + 12 * 2); + fn = smbfindint(GET_LE_U_2(w + 14 * 2), trans2_fns); } else { - if (EXTRACT_U_1(words) == 0) { - ND_PRINT((ndo, "%s\n", fn->name)); - ND_PRINT((ndo, "Trans2Interim\n")); + if (GET_U_1(words) == 0) { + ND_PRINT("%s\n", fn->name); + ND_PRINT("Trans2Interim\n"); return; } ND_TCHECK_2(w + (7 * 2)); - pcnt = EXTRACT_LE_U_2(w + 3 * 2); - param = buf + EXTRACT_LE_U_2(w + 4 * 2); - dcnt = EXTRACT_LE_U_2(w + 6 * 2); - data = buf + EXTRACT_LE_U_2(w + 7 * 2); + pcnt = GET_LE_U_2(w + 3 * 2); + param = buf + GET_LE_U_2(w + 4 * 2); + dcnt = GET_LE_U_2(w + 6 * 2); + data = buf + GET_LE_U_2(w + 7 * 2); } - ND_PRINT((ndo, "%s param_length=%u data_length=%u\n", fn->name, pcnt, dcnt)); + ND_PRINT("%s param_length=%u data_length=%u\n", fn->name, pcnt, dcnt); if (request) { - if (EXTRACT_U_1(words) == 8) { + if (GET_U_1(words) == 8) { smb_fdata(ndo, words + 1, "Trans2Secondary\nTotParam=[u]\nTotData=[u]\nParamCnt=[u]\nParamOff=[u]\nParamDisp=[u]\nDataCnt=[u]\nDataOff=[u]\nDataDisp=[u]\nHandle=[u]\n", maxbuf, unicodestr); @@ -225,9 +220,8 @@ print_trans2(netdissect_options *ndo, f2 = fn->descript.rep_f2; } - ND_TCHECK_2(dat); - bcc = EXTRACT_LE_U_2(dat); - ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); + bcc = GET_LE_U_2(dat); + ND_PRINT("smb_bcc=%u\n", bcc); if (fn->descript.fn) (*fn->descript.fn)(ndo, param, data, pcnt, dcnt); else { @@ -236,7 +230,7 @@ print_trans2(netdissect_options *ndo, } return; trunc: - ND_PRINT((ndo, "%s", tstr)); + nd_print_trunc(ndo); } static void @@ -246,8 +240,7 @@ print_browse(netdissect_options *ndo, const u_char *maxbuf = data + datalen; u_int command; - ND_TCHECK_1(data); - command = EXTRACT_U_1(data); + command = GET_U_1(data); smb_fdata(ndo, param, "BROWSE PACKET\n|Param ", param+paramlen, unicodestr); @@ -315,9 +308,6 @@ print_browse(netdissect_options *ndo, data = smb_fdata(ndo, data, "Unknown Browser Frame ", maxbuf, unicodestr); break; } - return; -trunc: - ND_PRINT((ndo, "%s", tstr)); } @@ -345,54 +335,59 @@ print_trans(netdissect_options *ndo, if (request) { ND_TCHECK_2(w + (12 * 2)); - paramlen = EXTRACT_LE_U_2(w + 9 * 2); - param = buf + EXTRACT_LE_U_2(w + 10 * 2); - datalen = EXTRACT_LE_U_2(w + 11 * 2); - data = buf + EXTRACT_LE_U_2(w + 12 * 2); - f1 = "TotParamCnt=[u] \nTotDataCnt=[u] \nMaxParmCnt=[u] \nMaxDataCnt=[u]\nMaxSCnt=[u] \nTransFlags=[w] \nRes1=[w] \nRes2=[w] \nRes3=[w]\nParamCnt=[u] \nParamOff=[u] \nDataCnt=[u] \nDataOff=[u] \nSUCnt=[u]\n"; + paramlen = GET_LE_U_2(w + 9 * 2); + param = buf + GET_LE_U_2(w + 10 * 2); + datalen = GET_LE_U_2(w + 11 * 2); + data = buf + GET_LE_U_2(w + 12 * 2); + f1 = "TotParamCnt=[u]\nTotDataCnt=[u]\nMaxParmCnt=[u]\nMaxDataCnt=[u]\nMaxSCnt=[u]\nTransFlags=[w]\nRes1=[w]\nRes2=[w]\nRes3=[w]\nParamCnt=[u]\nParamOff=[u]\nDataCnt=[u]\nDataOff=[u]\nSUCnt=[u]\n"; f2 = "|Name=[S]\n"; f3 = "|Param "; f4 = "|Data "; } else { ND_TCHECK_2(w + (7 * 2)); - paramlen = EXTRACT_LE_U_2(w + 3 * 2); - param = buf + EXTRACT_LE_U_2(w + 4 * 2); - datalen = EXTRACT_LE_U_2(w + 6 * 2); - data = buf + EXTRACT_LE_U_2(w + 7 * 2); - f1 = "TotParamCnt=[u] \nTotDataCnt=[u] \nRes1=[u]\nParamCnt=[u] \nParamOff=[u] \nRes2=[u] \nDataCnt=[u] \nDataOff=[u] \nRes3=[u]\nLsetup=[u]\n"; + paramlen = GET_LE_U_2(w + 3 * 2); + param = buf + GET_LE_U_2(w + 4 * 2); + datalen = GET_LE_U_2(w + 6 * 2); + data = buf + GET_LE_U_2(w + 7 * 2); + f1 = "TotParamCnt=[u]\nTotDataCnt=[u]\nRes1=[u]\nParamCnt=[u]\nParamOff=[u]\nRes2=[u]\nDataCnt=[u]\nDataOff=[u]\nRes3=[u]\nLsetup=[u]\n"; f2 = "|Unknown "; f3 = "|Param "; f4 = "|Data "; } smb_fdata(ndo, words + 1, f1, - min(words + 1 + 2 * EXTRACT_U_1(words), maxbuf), + ND_MIN(words + 1 + 2 * GET_U_1(words), maxbuf), unicodestr); - ND_TCHECK_2(data1); - bcc = EXTRACT_LE_U_2(data1); - ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); + bcc = GET_LE_U_2(data1); + ND_PRINT("smb_bcc=%u\n", bcc); if (bcc > 0) { smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr); - if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) { +#define MAILSLOT_BROWSE_STR "\\MAILSLOT\\BROWSE" + ND_TCHECK_LEN(data1 + 2, strlen(MAILSLOT_BROWSE_STR) + 1); + if (strcmp((const char *)(data1 + 2), MAILSLOT_BROWSE_STR) == 0) { print_browse(ndo, param, paramlen, data, datalen); return; } +#undef MAILSLOT_BROWSE_STR - if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) { +#define PIPE_LANMAN_STR "\\PIPE\\LANMAN" + ND_TCHECK_LEN(data1 + 2, strlen(PIPE_LANMAN_STR) + 1); + if (strcmp((const char *)(data1 + 2), PIPE_LANMAN_STR) == 0) { print_ipc(ndo, param, paramlen, data, datalen); return; } +#undef PIPE_LANMAN_STR if (paramlen) - smb_fdata(ndo, param, f3, min(param + paramlen, maxbuf), unicodestr); + smb_fdata(ndo, param, f3, ND_MIN(param + paramlen, maxbuf), unicodestr); if (datalen) - smb_fdata(ndo, data, f4, min(data + datalen, maxbuf), unicodestr); + smb_fdata(ndo, data, f4, ND_MIN(data + datalen, maxbuf), unicodestr); } return; trunc: - ND_PRINT((ndo, "%s", tstr)); + nd_print_trunc(ndo); } @@ -403,8 +398,7 @@ print_negprot(netdissect_options *ndo, u_int wct, bcc; const char *f1 = NULL, *f2 = NULL; - ND_TCHECK_1(words); - wct = EXTRACT_U_1(words); + wct = GET_U_1(words); if (request) f2 = "*|Dialect=[Y]\n"; else { @@ -417,25 +411,21 @@ print_negprot(netdissect_options *ndo, } if (f1) - smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf), + smb_fdata(ndo, words + 1, f1, ND_MIN(words + 1 + wct * 2, maxbuf), unicodestr); else - smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); + smb_data_print(ndo, words + 1, ND_MIN(wct * 2, ND_BYTES_BETWEEN(maxbuf, words + 1))); - ND_TCHECK_2(data); - bcc = EXTRACT_LE_U_2(data); - ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); + bcc = GET_LE_U_2(data); + ND_PRINT("smb_bcc=%u\n", bcc); if (bcc > 0) { if (f2) - smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data), + smb_fdata(ndo, data + 2, f2, ND_MIN(data + 2 + GET_LE_U_2(data), maxbuf), unicodestr); else - smb_print_data(ndo, data + 2, - min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2))); + smb_data_print(ndo, data + 2, + ND_MIN(GET_LE_U_2(data), ND_BYTES_BETWEEN(maxbuf, data + 2))); } - return; -trunc: - ND_PRINT((ndo, "%s", tstr)); } static void @@ -445,8 +435,7 @@ print_sesssetup(netdissect_options *ndo, u_int wct, bcc; const char *f1 = NULL, *f2 = NULL; - ND_TCHECK_1(words); - wct = EXTRACT_U_1(words); + wct = GET_U_1(words); if (request) { if (wct == 10) f1 = "Com2=[w]\nOff2=[u]\nBufSize=[u]\nMpxMax=[u]\nVcNum=[u]\nSessionKey=[W]\nPassLen=[u]\nCryptLen=[u]\nCryptOff=[u]\nPass&Name=\n"; @@ -462,25 +451,21 @@ print_sesssetup(netdissect_options *ndo, } if (f1) - smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf), + smb_fdata(ndo, words + 1, f1, ND_MIN(words + 1 + wct * 2, maxbuf), unicodestr); else - smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); + smb_data_print(ndo, words + 1, ND_MIN(wct * 2, ND_BYTES_BETWEEN(maxbuf, words + 1))); - ND_TCHECK_2(data); - bcc = EXTRACT_LE_U_2(data); - ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); + bcc = GET_LE_U_2(data); + ND_PRINT("smb_bcc=%u\n", bcc); if (bcc > 0) { if (f2) - smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data), + smb_fdata(ndo, data + 2, f2, ND_MIN(data + 2 + GET_LE_U_2(data), maxbuf), unicodestr); else - smb_print_data(ndo, data + 2, - min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2))); + smb_data_print(ndo, data + 2, + ND_MIN(GET_LE_U_2(data), ND_BYTES_BETWEEN(maxbuf, data + 2))); } - return; -trunc: - ND_PRINT((ndo, "%s", tstr)); } static void @@ -491,12 +476,10 @@ print_lockingandx(netdissect_options *ndo, const u_char *maxwords; const char *f1 = NULL, *f2 = NULL; - ND_TCHECK_1(words); - wct = EXTRACT_U_1(words); + wct = GET_U_1(words); if (request) { f1 = "Com2=[w]\nOff2=[u]\nHandle=[u]\nLockType=[w]\nTimeOut=[D]\nUnlockCount=[u]\nLockCount=[u]\n"; - ND_TCHECK_1(words + 7); - if (EXTRACT_U_1(words + 7) & 0x10) + if (GET_U_1(words + 7) & 0x10) f2 = "*Process=[u]\n[P2]Offset=[M]\nLength=[M]\n"; else f2 = "*Process=[u]\nOffset=[D]\nLength=[U]\n"; @@ -504,24 +487,20 @@ print_lockingandx(netdissect_options *ndo, f1 = "Com2=[w]\nOff2=[u]\n"; } - maxwords = min(words + 1 + wct * 2, maxbuf); + maxwords = ND_MIN(words + 1 + wct * 2, maxbuf); if (wct) smb_fdata(ndo, words + 1, f1, maxwords, unicodestr); - ND_TCHECK_2(data); - bcc = EXTRACT_LE_U_2(data); - ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); + bcc = GET_LE_U_2(data); + ND_PRINT("smb_bcc=%u\n", bcc); if (bcc > 0) { if (f2) - smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data), + smb_fdata(ndo, data + 2, f2, ND_MIN(data + 2 + GET_LE_U_2(data), maxbuf), unicodestr); else - smb_print_data(ndo, data + 2, - min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2))); + smb_data_print(ndo, data + 2, + ND_MIN(GET_LE_U_2(data), ND_BYTES_BETWEEN(maxbuf, data + 2))); } - return; -trunc: - ND_PRINT((ndo, "%s", tstr)); } @@ -810,24 +789,25 @@ print_smb(netdissect_options *ndo, "[P4]SMB Command = [B]\nError class = [BP1]\nError code = [u]\nFlags1 = [B]\nFlags2 = [B][P13]\nTree ID = [u]\nProc ID = [u]\nUID = [u]\nMID = [u]\nWord Count = [b]\n"; u_int smboffset; - ND_TCHECK_1(buf + 9); - request = (EXTRACT_U_1(buf + 9) & 0x80) ? 0 : 1; + ndo->ndo_protocol = "smb"; + + request = (GET_U_1(buf + 9) & 0x80) ? 0 : 1; startbuf = buf; - command = EXTRACT_U_1(buf + 4); + command = GET_U_1(buf + 4); fn = smbfind(command, smb_fns); if (ndo->ndo_vflag > 1) - ND_PRINT((ndo, "\n")); + ND_PRINT("\n"); - ND_PRINT((ndo, "SMB PACKET: %s (%s)\n", fn->name, request ? "REQUEST" : "REPLY")); + ND_PRINT("SMB PACKET: %s (%s)", fn->name, request ? "REQUEST" : "REPLY"); if (ndo->ndo_vflag < 2) return; - ND_TCHECK_2(buf + 10); - flags2 = EXTRACT_LE_U_2(buf + 10); + ND_PRINT("\n"); + flags2 = GET_LE_U_2(buf + 10); unicodestr = flags2 & 0x8000; nterrcodes = flags2 & 0x4000; @@ -835,13 +815,13 @@ print_smb(netdissect_options *ndo, smb_fdata(ndo, buf, fmt_smbheader, buf + 33, unicodestr); if (nterrcodes) { - nterror = EXTRACT_LE_U_4(buf + 5); + nterror = GET_LE_U_4(buf + 5); if (nterror) - ND_PRINT((ndo, "NTError = %s\n", nt_errstr(nterror))); + ND_PRINT("NTError = %s\n", nt_errstr(nterror)); } else { - if (EXTRACT_U_1(buf + 5)) - ND_PRINT((ndo, "SMBError = %s\n", smb_errstr(EXTRACT_U_1(buf + 5), - EXTRACT_LE_U_2(buf + 7)))); + if (GET_U_1(buf + 5)) + ND_PRINT("SMBError = %s\n", smb_errstr(GET_U_1(buf + 5), + GET_LE_U_2(buf + 7))); } smboffset = 32; @@ -853,10 +833,9 @@ print_smb(netdissect_options *ndo, u_int newsmboffset; words = buf + smboffset; - ND_TCHECK_1(words); - wct = EXTRACT_U_1(words); + wct = GET_U_1(words); data = words + 1 + wct * 2; - maxwords = min(data, maxbuf); + maxwords = ND_MIN(data, maxbuf); if (request) { f1 = fn->descript.req_f1; @@ -866,6 +845,7 @@ print_smb(netdissect_options *ndo, f2 = fn->descript.rep_f2; } + smb_reset(); if (fn->descript.fn) (*fn->descript.fn)(ndo, words, data, buf, maxbuf); else { @@ -877,23 +857,21 @@ print_smb(netdissect_options *ndo, u_int v; for (i = 0; words + 1 + 2 * i < maxwords; i++) { - ND_TCHECK_2(words + 1 + 2 * i); - v = EXTRACT_LE_U_2(words + 1 + 2 * i); - ND_PRINT((ndo, "smb_vwv[%u]=%u (0x%X)\n", i, v, v)); + v = GET_LE_U_2(words + 1 + 2 * i); + ND_PRINT("smb_vwv[%u]=%u (0x%X)\n", i, v, v); } } } - ND_TCHECK_2(data); - bcc = EXTRACT_LE_U_2(data); - ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); + bcc = GET_LE_U_2(data); + ND_PRINT("smb_bcc=%u\n", bcc); if (f2) { if (bcc > 0) smb_fdata(ndo, data + 2, f2, data + 2 + bcc, unicodestr); } else { if (bcc > 0) { - ND_PRINT((ndo, "smb_buf[]=\n")); - smb_print_data(ndo, data + 2, min(bcc, PTR_DIFF(maxbuf, data + 2))); + ND_PRINT("smb_buf[]=\n"); + smb_data_print(ndo, data + 2, ND_MIN(bcc, ND_BYTES_BETWEEN(maxbuf, data + 2))); } } } @@ -902,28 +880,21 @@ print_smb(netdissect_options *ndo, break; if (wct == 0) break; - ND_TCHECK_1(words + 1); - command = EXTRACT_U_1(words + 1); + command = GET_U_1(words + 1); if (command == 0xFF) break; - ND_TCHECK_2(words + 3); - newsmboffset = EXTRACT_LE_U_2(words + 3); + newsmboffset = GET_LE_U_2(words + 3); fn = smbfind(command, smb_fns); - ND_PRINT((ndo, "\nSMB PACKET: %s (%s) (CHAINED)\n", - fn->name, request ? "REQUEST" : "REPLY")); + ND_PRINT("\nSMB PACKET: %s (%s) (CHAINED)\n", + fn->name, request ? "REQUEST" : "REPLY"); if (newsmboffset <= smboffset) { - ND_PRINT((ndo, "Bad andX offset: %u <= %u\n", newsmboffset, smboffset)); + ND_PRINT("Bad andX offset: %u <= %u\n", newsmboffset, smboffset); break; } smboffset = newsmboffset; } - - ND_PRINT((ndo, "\n")); - return; -trunc: - ND_PRINT((ndo, "%s", tstr)); } @@ -939,36 +910,35 @@ nbt_tcp_print(netdissect_options *ndo, u_int nbt_len; const u_char *maxbuf; + ndo->ndo_protocol = "nbt_tcp"; if (length < 4) goto trunc; if (ndo->ndo_snapend < data) goto trunc; - caplen = ndo->ndo_snapend - data; + caplen = ND_BYTES_AVAILABLE_AFTER(data); if (caplen < 4) goto trunc; maxbuf = data + caplen; - ND_TCHECK_1(data); - type = EXTRACT_U_1(data); - ND_TCHECK_2(data + 2); - nbt_len = EXTRACT_BE_U_2(data + 2); + type = GET_U_1(data); + nbt_len = GET_BE_U_2(data + 2); length -= 4; caplen -= 4; startbuf = data; if (ndo->ndo_vflag < 2) { - ND_PRINT((ndo, " NBT Session Packet: ")); + ND_PRINT(" NBT Session Packet: "); switch (type) { case 0x00: - ND_PRINT((ndo, "Session Message")); + ND_PRINT("Session Message"); break; case 0x81: - ND_PRINT((ndo, "Session Request")); + ND_PRINT("Session Request"); break; case 0x82: - ND_PRINT((ndo, "Session Granted")); + ND_PRINT("Session Granted"); break; case 0x83: @@ -981,31 +951,31 @@ nbt_tcp_print(netdissect_options *ndo, goto trunc; if (caplen < 4) goto trunc; - ecode = EXTRACT_U_1(data + 4); + ecode = GET_U_1(data + 4); - ND_PRINT((ndo, "Session Reject, ")); + ND_PRINT("Session Reject, "); switch (ecode) { case 0x80: - ND_PRINT((ndo, "Not listening on called name")); + ND_PRINT("Not listening on called name"); break; case 0x81: - ND_PRINT((ndo, "Not listening for calling name")); + ND_PRINT("Not listening for calling name"); break; case 0x82: - ND_PRINT((ndo, "Called name not present")); + ND_PRINT("Called name not present"); break; case 0x83: - ND_PRINT((ndo, "Called name present, but insufficient resources")); + ND_PRINT("Called name present, but insufficient resources"); break; default: - ND_PRINT((ndo, "Unspecified error 0x%X", ecode)); + ND_PRINT("Unspecified error 0x%X", ecode); break; } } break; case 0x85: - ND_PRINT((ndo, "Session Keepalive")); + ND_PRINT("Session Keepalive"); break; default: @@ -1013,7 +983,7 @@ nbt_tcp_print(netdissect_options *ndo, break; } } else { - ND_PRINT((ndo, "\n>>> NBT Session Packet\n")); + ND_PRINT("\n>>> NBT Session Packet\n"); switch (type) { case 0x00: data = smb_fdata(ndo, data, "[P1]NBT Session Message\nFlags=[B]\nLength=[ru]\n", @@ -1023,14 +993,14 @@ nbt_tcp_print(netdissect_options *ndo, if (nbt_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) { if (nbt_len > caplen) { if (nbt_len > length) - ND_PRINT((ndo, "WARNING: Packet is continued in later TCP segments\n")); + ND_PRINT("WARNING: Packet is continued in later TCP segments\n"); else - ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length by %u\n", - nbt_len - caplen)); + ND_PRINT("WARNING: Short packet. Try increasing the snap length by %u\n", + nbt_len - caplen); } print_smb(ndo, data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf); } else - ND_PRINT((ndo, "Session packet:(raw data or continuation?)\n")); + ND_PRINT("Session packet:(raw data or continuation?)\n"); break; case 0x81: @@ -1054,22 +1024,22 @@ nbt_tcp_print(netdissect_options *ndo, if (data == NULL) break; if (nbt_len >= 1 && caplen >= 1) { - ecode = EXTRACT_U_1(origdata + 4); + ecode = GET_U_1(origdata + 4); switch (ecode) { case 0x80: - ND_PRINT((ndo, "Not listening on called name\n")); + ND_PRINT("Not listening on called name\n"); break; case 0x81: - ND_PRINT((ndo, "Not listening for calling name\n")); + ND_PRINT("Not listening for calling name\n"); break; case 0x82: - ND_PRINT((ndo, "Called name not present\n")); + ND_PRINT("Called name not present\n"); break; case 0x83: - ND_PRINT((ndo, "Called name present, but insufficient resources\n")); + ND_PRINT("Called name present, but insufficient resources\n"); break; default: - ND_PRINT((ndo, "Unspecified error 0x%X\n", ecode)); + ND_PRINT("Unspecified error 0x%X\n", ecode); break; } } @@ -1084,11 +1054,10 @@ nbt_tcp_print(netdissect_options *ndo, data = smb_fdata(ndo, data, "NBT - Unknown packet type\nType=[B]\n", maxbuf, 0); break; } - ND_PRINT((ndo, "\n")); } return; trunc: - ND_PRINT((ndo, "%s", tstr)); + nd_print_trunc(ndo); } static const struct tok opcode_str[] = { @@ -1115,49 +1084,49 @@ nbt_udp137_print(netdissect_options *ndo, const u_char *p; u_int total, i; - ND_TCHECK_2(data + 10); - name_trn_id = EXTRACT_BE_U_2(data); - response = (EXTRACT_U_1(data + 2) >> 7); - opcode = (EXTRACT_U_1(data + 2) >> 3) & 0xF; - nm_flags = ((EXTRACT_U_1(data + 2) & 0x7) << 4) + (EXTRACT_U_1(data + 3) >> 4); - rcode = EXTRACT_U_1(data + 3) & 0xF; - qdcount = EXTRACT_BE_U_2(data + 4); - ancount = EXTRACT_BE_U_2(data + 6); - nscount = EXTRACT_BE_U_2(data + 8); - arcount = EXTRACT_BE_U_2(data + 10); + ndo->ndo_protocol = "nbt_udp137"; + name_trn_id = GET_BE_U_2(data); + response = (GET_U_1(data + 2) >> 7); + opcode = (GET_U_1(data + 2) >> 3) & 0xF; + nm_flags = ((GET_U_1(data + 2) & 0x7) << 4) + (GET_U_1(data + 3) >> 4); + rcode = GET_U_1(data + 3) & 0xF; + qdcount = GET_BE_U_2(data + 4); + ancount = GET_BE_U_2(data + 6); + nscount = GET_BE_U_2(data + 8); + arcount = GET_BE_U_2(data + 10); startbuf = data; if (maxbuf <= data) return; if (ndo->ndo_vflag > 1) - ND_PRINT((ndo, "\n>>> ")); + ND_PRINT("\n>>> "); - ND_PRINT((ndo, "NBT UDP PACKET(137): %s", tok2str(opcode_str, "OPUNKNOWN", opcode))); + ND_PRINT("NBT UDP PACKET(137): %s", tok2str(opcode_str, "OPUNKNOWN", opcode)); if (response) { - ND_PRINT((ndo, "; %s", rcode ? "NEGATIVE" : "POSITIVE")); + ND_PRINT("; %s", rcode ? "NEGATIVE" : "POSITIVE"); } - ND_PRINT((ndo, "; %s; %s", response ? "RESPONSE" : "REQUEST", - (nm_flags & 1) ? "BROADCAST" : "UNICAST")); + ND_PRINT("; %s; %s", response ? "RESPONSE" : "REQUEST", + (nm_flags & 1) ? "BROADCAST" : "UNICAST"); if (ndo->ndo_vflag < 2) return; - ND_PRINT((ndo, "\nTrnID=0x%X\nOpCode=%u\nNmFlags=0x%X\nRcode=%u\nQueryCount=%u\nAnswerCount=%u\nAuthorityCount=%u\nAddressRecCount=%u\n", + ND_PRINT("\nTrnID=0x%X\nOpCode=%u\nNmFlags=0x%X\nRcode=%u\nQueryCount=%u\nAnswerCount=%u\nAuthorityCount=%u\nAddressRecCount=%u\n", name_trn_id, opcode, nm_flags, rcode, qdcount, ancount, nscount, - arcount)); + arcount); p = data + 12; total = ancount + nscount + arcount; if (qdcount > 100 || total > 100) { - ND_PRINT((ndo, "Corrupt packet??\n")); + ND_PRINT("Corrupt packet??\n"); return; } if (qdcount) { - ND_PRINT((ndo, "QuestionRecords:\n")); + ND_PRINT("QuestionRecords:\n"); for (i = 0; i < qdcount; i++) { p = smb_fdata(ndo, p, "|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#", @@ -1168,7 +1137,7 @@ nbt_udp137_print(netdissect_options *ndo, } if (total) { - ND_PRINT((ndo, "\nResourceRecords:\n")); + ND_PRINT("\nResourceRecords:\n"); for (i = 0; i < total; i++) { u_int rdlen; u_int restype; @@ -1176,14 +1145,12 @@ nbt_udp137_print(netdissect_options *ndo, p = smb_fdata(ndo, p, "Name=[n1]\n#", maxbuf, 0); if (p == NULL) goto out; - ND_TCHECK_2(p); - restype = EXTRACT_BE_U_2(p); + restype = GET_BE_U_2(p); p = smb_fdata(ndo, p, "ResType=[rw]\nResClass=[rw]\nTTL=[rU]\n", p + 8, 0); if (p == NULL) goto out; - ND_TCHECK_2(p); - rdlen = EXTRACT_BE_U_2(p); - ND_PRINT((ndo, "ResourceLength=%u\nResourceData=\n", rdlen)); + rdlen = GET_BE_U_2(p); + ND_PRINT("ResourceLength=%u\nResourceData=\n", rdlen); p += 2; if (rdlen == 6) { p = smb_fdata(ndo, p, "AddrType=[rw]\nAddress=[b.b.b.b]\n", p + rdlen, 0); @@ -1193,41 +1160,41 @@ nbt_udp137_print(netdissect_options *ndo, if (restype == 0x21) { u_int numnames; - ND_TCHECK_1(p); - numnames = EXTRACT_U_1(p); + numnames = GET_U_1(p); p = smb_fdata(ndo, p, "NumNames=[B]\n", p + 1, 0); if (p == NULL) goto out; - while (numnames--) { + while (numnames) { p = smb_fdata(ndo, p, "Name=[n2]\t#", maxbuf, 0); if (p == NULL) goto out; ND_TCHECK_1(p); if (p >= maxbuf) goto out; - if (EXTRACT_U_1(p) & 0x80) - ND_PRINT((ndo, " ")); - switch (EXTRACT_U_1(p) & 0x60) { - case 0x00: ND_PRINT((ndo, "B ")); break; - case 0x20: ND_PRINT((ndo, "P ")); break; - case 0x40: ND_PRINT((ndo, "M ")); break; - case 0x60: ND_PRINT((ndo, "_ ")); break; + if (GET_U_1(p) & 0x80) + ND_PRINT(" "); + switch (GET_U_1(p) & 0x60) { + case 0x00: ND_PRINT("B "); break; + case 0x20: ND_PRINT("P "); break; + case 0x40: ND_PRINT("M "); break; + case 0x60: ND_PRINT("_ "); break; } - if (EXTRACT_U_1(p) & 0x10) - ND_PRINT((ndo, " ")); - if (EXTRACT_U_1(p) & 0x08) - ND_PRINT((ndo, " ")); - if (EXTRACT_U_1(p) & 0x04) - ND_PRINT((ndo, " ")); - if (EXTRACT_U_1(p) & 0x02) - ND_PRINT((ndo, " ")); - ND_PRINT((ndo, "\n")); + if (GET_U_1(p) & 0x10) + ND_PRINT(" "); + if (GET_U_1(p) & 0x08) + ND_PRINT(" "); + if (GET_U_1(p) & 0x04) + ND_PRINT(" "); + if (GET_U_1(p) & 0x02) + ND_PRINT(" "); + ND_PRINT("\n"); p += 2; + numnames--; } } else { if (p >= maxbuf) goto out; - smb_print_data(ndo, p, min(rdlen, length - (p - data))); + smb_data_print(ndo, p, ND_MIN(rdlen, length - ND_BYTES_BETWEEN(p, data))); p += rdlen; } } @@ -1238,10 +1205,9 @@ nbt_udp137_print(netdissect_options *ndo, smb_fdata(ndo, p, "AdditionalData:\n", maxbuf, 0); out: - ND_PRINT((ndo, "\n")); return; trunc: - ND_PRINT((ndo, "%s", tstr)); + nd_print_trunc(ndo); } /* @@ -1255,15 +1221,16 @@ smb_tcp_print(netdissect_options *ndo, u_int smb_len; const u_char *maxbuf; + ndo->ndo_protocol = "smb_tcp"; if (length < 4) goto trunc; if (ndo->ndo_snapend < data) goto trunc; - caplen = ndo->ndo_snapend - data; + caplen = ND_BYTES_AVAILABLE_AFTER(data); if (caplen < 4) goto trunc; maxbuf = data + caplen; - smb_len = EXTRACT_BE_U_3(data + 1); + smb_len = GET_BE_U_3(data + 1); length -= 4; caplen -= 4; @@ -1273,18 +1240,18 @@ smb_tcp_print(netdissect_options *ndo, if (smb_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) { if (smb_len > caplen) { if (smb_len > length) - ND_PRINT((ndo, " WARNING: Packet is continued in later TCP segments\n")); + ND_PRINT(" WARNING: Packet is continued in later TCP segments\n"); else - ND_PRINT((ndo, " WARNING: Short packet. Try increasing the snap length by %u\n", - smb_len - caplen)); + ND_PRINT(" WARNING: Short packet. Try increasing the snap length by %u\n", + smb_len - caplen); } else - ND_PRINT((ndo, " ")); + ND_PRINT(" "); print_smb(ndo, data, maxbuf > data + smb_len ? data + smb_len : maxbuf); } else - ND_PRINT((ndo, " SMB-over-TCP packet:(raw data or continuation?)\n")); + ND_PRINT(" SMB-over-TCP packet:(raw data or continuation?)\n"); return; trunc: - ND_PRINT((ndo, "%s", tstr)); + nd_print_trunc(ndo); } /* @@ -1296,6 +1263,7 @@ nbt_udp138_print(netdissect_options *ndo, { const u_char *maxbuf = data + length; + ndo->ndo_protocol = "nbt_udp138"; if (maxbuf > ndo->ndo_snapend) maxbuf = ndo->ndo_snapend; if (maxbuf <= data) @@ -1303,7 +1271,7 @@ nbt_udp138_print(netdissect_options *ndo, startbuf = data; if (ndo->ndo_vflag < 2) { - ND_PRINT((ndo, "NBT UDP PACKET(138)")); + ND_PRINT("NBT UDP PACKET(138)"); return; } @@ -1320,7 +1288,7 @@ nbt_udp138_print(netdissect_options *ndo, print_smb(ndo, data, maxbuf); } out: - ND_PRINT((ndo, "\n")); + return; } @@ -1392,11 +1360,11 @@ netbeui_print(netdissect_options *ndo, const u_char *data2; int is_truncated = 0; + ndo->ndo_protocol = "netbeui"; if (maxbuf > ndo->ndo_snapend) maxbuf = ndo->ndo_snapend; - ND_TCHECK_1(data + 4); - len = EXTRACT_LE_U_2(data); - command = EXTRACT_U_1(data + 4); + len = GET_LE_U_2(data); + command = GET_U_1(data + 4); data2 = data + len; if (data2 >= maxbuf) { data2 = maxbuf; @@ -1406,10 +1374,10 @@ netbeui_print(netdissect_options *ndo, startbuf = data; if (ndo->ndo_vflag < 2) { - ND_PRINT((ndo, "NBF Packet: ")); + ND_PRINT("NBF Packet: "); data = smb_fdata(ndo, data, "[P5]#", maxbuf, 0); } else { - ND_PRINT((ndo, "\n>>> NBF Packet\nType=0x%X ", control)); + ND_PRINT("\n>>> NBF Packet\nType=0x%X ", control); data = smb_fdata(ndo, data, "Length=[u] Signature=[w] Command=[B]\n#", maxbuf, 0); } if (data == NULL) @@ -1422,15 +1390,15 @@ netbeui_print(netdissect_options *ndo, data = smb_fdata(ndo, data, "Unknown NBF Command\n", data2, 0); } else { if (ndo->ndo_vflag < 2) { - ND_PRINT((ndo, "%s", nbf_strings[command].name)); + ND_PRINT("%s", nbf_strings[command].name); if (nbf_strings[command].nonverbose != NULL) data = smb_fdata(ndo, data, nbf_strings[command].nonverbose, data2, 0); } else { - ND_PRINT((ndo, "%s:\n", nbf_strings[command].name)); + ND_PRINT("%s:\n", nbf_strings[command].name); if (nbf_strings[command].verbose != NULL) data = smb_fdata(ndo, data, nbf_strings[command].verbose, data2, 0); else - ND_PRINT((ndo, "\n")); + ND_PRINT("\n"); } } @@ -1462,7 +1430,7 @@ netbeui_print(netdissect_options *ndo, if ((data2 + i + 3) >= maxbuf) break; if (memcmp(data2 + i, "\377SMB", 4) == 0) { - ND_PRINT((ndo, "found SMB packet at %u\n", i)); + ND_PRINT("found SMB packet at %u\n", i); print_smb(ndo, data2 + i, maxbuf); break; } @@ -1470,10 +1438,7 @@ netbeui_print(netdissect_options *ndo, } out: - ND_PRINT((ndo, "\n")); return; -trunc: - ND_PRINT((ndo, "%s", tstr)); } @@ -1491,6 +1456,7 @@ ipx_netbios_print(netdissect_options *ndo, u_int i; const u_char *maxbuf; + ndo->ndo_protocol = "ipx_netbios"; maxbuf = data + length; /* Don't go past the end of the captured data in the packet. */ if (maxbuf > ndo->ndo_snapend) @@ -1502,7 +1468,6 @@ ipx_netbios_print(netdissect_options *ndo, if (memcmp(data + i, "\377SMB", 4) == 0) { smb_fdata(ndo, data, "\n>>> IPX transport ", data + i, 0); print_smb(ndo, data + i, maxbuf); - ND_PRINT((ndo, "\n")); break; } }