X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/ed85e20e4d6a27d5405f37366dd34b64c10a9211..de0c7fc746c37eb83e15a6890d30dc6f608e9d76:/print-smb.c diff --git a/print-smb.c b/print-smb.c index 6bffa7cb..3640b876 100644 --- a/print-smb.c +++ b/print-smb.c @@ -6,16 +6,17 @@ * or later */ -#define NETDISSECT_REWORKED +/* \summary: SMB/CIFS printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include #include -#include "interface.h" +#include "netdissect.h" #include "extract.h" #include "smb.h" @@ -100,7 +101,7 @@ trans2_findfirst(netdissect_options *ndo, smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); if (dcnt) { ND_PRINT((ndo, "data:\n")); - print_data(ndo, data, dcnt); + smb_print_data(ndo, data, dcnt); } } @@ -112,8 +113,8 @@ trans2_qfsinfo(netdissect_options *ndo, const char *fmt=""; if (request) { - ND_TCHECK2(*param, 2); - level = EXTRACT_LE_16BITS(param); + ND_TCHECK_2(param); + level = EXTRACT_LE_U_2(param); fmt = "InfoLevel=[d]\n"; smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); } else { @@ -135,7 +136,7 @@ trans2_qfsinfo(netdissect_options *ndo, } if (dcnt) { ND_PRINT((ndo, "data:\n")); - print_data(ndo, data, dcnt); + smb_print_data(ndo, data, dcnt); } return; trunc: @@ -180,23 +181,23 @@ print_trans2(netdissect_options *ndo, ND_TCHECK(words[0]); if (request) { - ND_TCHECK2(w[14 * 2], 2); - pcnt = EXTRACT_LE_16BITS(w + 9 * 2); - param = buf + EXTRACT_LE_16BITS(w + 10 * 2); - dcnt = EXTRACT_LE_16BITS(w + 11 * 2); - data = buf + EXTRACT_LE_16BITS(w + 12 * 2); - fn = smbfindint(EXTRACT_LE_16BITS(w + 14 * 2), trans2_fns); + ND_TCHECK_2(w + (14 * 2)); + pcnt = EXTRACT_LE_U_2(w + 9 * 2); + param = buf + EXTRACT_LE_U_2(w + 10 * 2); + dcnt = EXTRACT_LE_U_2(w + 11 * 2); + data = buf + EXTRACT_LE_U_2(w + 12 * 2); + fn = smbfindint(EXTRACT_LE_U_2(w + 14 * 2), trans2_fns); } else { if (words[0] == 0) { ND_PRINT((ndo, "%s\n", fn->name)); ND_PRINT((ndo, "Trans2Interim\n")); return; } - ND_TCHECK2(w[7 * 2], 2); - pcnt = EXTRACT_LE_16BITS(w + 3 * 2); - param = buf + EXTRACT_LE_16BITS(w + 4 * 2); - dcnt = EXTRACT_LE_16BITS(w + 6 * 2); - data = buf + EXTRACT_LE_16BITS(w + 7 * 2); + ND_TCHECK_2(w + (7 * 2)); + pcnt = EXTRACT_LE_U_2(w + 3 * 2); + param = buf + EXTRACT_LE_U_2(w + 4 * 2); + dcnt = EXTRACT_LE_U_2(w + 6 * 2); + data = buf + EXTRACT_LE_U_2(w + 7 * 2); } ND_PRINT((ndo, "%s param_length=%d data_length=%d\n", fn->name, pcnt, dcnt)); @@ -222,8 +223,8 @@ print_trans2(netdissect_options *ndo, f2 = fn->descript.rep_f2; } - ND_TCHECK2(*dat, 2); - bcc = EXTRACT_LE_16BITS(dat); + ND_TCHECK_2(dat); + bcc = EXTRACT_LE_U_2(dat); ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (fn->descript.fn) (*fn->descript.fn)(ndo, param, data, pcnt, dcnt); @@ -341,21 +342,21 @@ print_trans(netdissect_options *ndo, int datalen, paramlen; if (request) { - ND_TCHECK2(w[12 * 2], 2); - paramlen = EXTRACT_LE_16BITS(w + 9 * 2); - param = buf + EXTRACT_LE_16BITS(w + 10 * 2); - datalen = EXTRACT_LE_16BITS(w + 11 * 2); - data = buf + EXTRACT_LE_16BITS(w + 12 * 2); + ND_TCHECK_2(w + (12 * 2)); + paramlen = EXTRACT_LE_U_2(w + 9 * 2); + param = buf + EXTRACT_LE_U_2(w + 10 * 2); + datalen = EXTRACT_LE_U_2(w + 11 * 2); + data = buf + EXTRACT_LE_U_2(w + 12 * 2); f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nMaxParmCnt=[d] \nMaxDataCnt=[d]\nMaxSCnt=[d] \nTransFlags=[w] \nRes1=[w] \nRes2=[w] \nRes3=[w]\nParamCnt=[d] \nParamOff=[d] \nDataCnt=[d] \nDataOff=[d] \nSUCnt=[d]\n"; f2 = "|Name=[S]\n"; f3 = "|Param "; f4 = "|Data "; } else { - ND_TCHECK2(w[7 * 2], 2); - paramlen = EXTRACT_LE_16BITS(w + 3 * 2); - param = buf + EXTRACT_LE_16BITS(w + 4 * 2); - datalen = EXTRACT_LE_16BITS(w + 6 * 2); - data = buf + EXTRACT_LE_16BITS(w + 7 * 2); + ND_TCHECK_2(w + (7 * 2)); + paramlen = EXTRACT_LE_U_2(w + 3 * 2); + param = buf + EXTRACT_LE_U_2(w + 4 * 2); + datalen = EXTRACT_LE_U_2(w + 6 * 2); + data = buf + EXTRACT_LE_U_2(w + 7 * 2); f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nRes1=[d]\nParamCnt=[d] \nParamOff=[d] \nRes2=[d] \nDataCnt=[d] \nDataOff=[d] \nRes3=[d]\nLsetup=[d]\n"; f2 = "|Unknown "; f3 = "|Param "; @@ -365,8 +366,8 @@ print_trans(netdissect_options *ndo, smb_fdata(ndo, words + 1, f1, min(words + 1 + 2 * words[0], maxbuf), unicodestr); - ND_TCHECK2(*data1, 2); - bcc = EXTRACT_LE_16BITS(data1); + ND_TCHECK_2(data1); + bcc = EXTRACT_LE_U_2(data1); ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr); @@ -416,17 +417,18 @@ print_negprot(netdissect_options *ndo, smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf), unicodestr); else - print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); + smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); - ND_TCHECK2(*data, 2); - bcc = EXTRACT_LE_16BITS(data); + ND_TCHECK_2(data); + bcc = EXTRACT_LE_U_2(data); ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { if (f2) - smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), - maxbuf), unicodestr); + smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data), + maxbuf), unicodestr); else - print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); + smb_print_data(ndo, data + 2, + min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2))); } return; trunc: @@ -460,17 +462,18 @@ print_sesssetup(netdissect_options *ndo, smb_fdata(ndo, words + 1, f1, min(words + 1 + wct * 2, maxbuf), unicodestr); else - print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); + smb_print_data(ndo, words + 1, min(wct * 2, PTR_DIFF(maxbuf, words + 1))); - ND_TCHECK2(*data, 2); - bcc = EXTRACT_LE_16BITS(data); + ND_TCHECK_2(data); + bcc = EXTRACT_LE_U_2(data); ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { if (f2) - smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), - maxbuf), unicodestr); + smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data), + maxbuf), unicodestr); else - print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); + smb_print_data(ndo, data + 2, + min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2))); } return; trunc: @@ -502,15 +505,16 @@ print_lockingandx(netdissect_options *ndo, if (wct) smb_fdata(ndo, words + 1, f1, maxwords, unicodestr); - ND_TCHECK2(*data, 2); - bcc = EXTRACT_LE_16BITS(data); + ND_TCHECK_2(data); + bcc = EXTRACT_LE_U_2(data); ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { if (f2) - smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_16BITS(data), - maxbuf), unicodestr); + smb_fdata(ndo, data + 2, f2, min(data + 2 + EXTRACT_LE_U_2(data), + maxbuf), unicodestr); else - print_data(ndo, data + 2, min(EXTRACT_LE_16BITS(data), PTR_DIFF(maxbuf, data + 2))); + smb_print_data(ndo, data + 2, + min(EXTRACT_LE_U_2(data), PTR_DIFF(maxbuf, data + 2))); } return; trunc: @@ -805,9 +809,6 @@ print_smb(netdissect_options *ndo, ND_TCHECK(buf[9]); request = (buf[9] & 0x80) ? 0 : 1; - flags2 = EXTRACT_LE_16BITS(&buf[10]); - unicodestr = flags2 & 0x8000; - nterrcodes = flags2 & 0x4000; startbuf = buf; command = buf[4]; @@ -822,16 +823,22 @@ print_smb(netdissect_options *ndo, if (ndo->ndo_vflag < 2) return; + ND_TCHECK_2(buf + 10); + flags2 = EXTRACT_LE_U_2(buf + 10); + unicodestr = flags2 & 0x8000; + nterrcodes = flags2 & 0x4000; + /* print out the header */ smb_fdata(ndo, buf, fmt_smbheader, buf + 33, unicodestr); if (nterrcodes) { - nterror = EXTRACT_LE_32BITS(&buf[5]); + nterror = EXTRACT_LE_U_4(buf + 5); if (nterror) ND_PRINT((ndo, "NTError = %s\n", nt_errstr(nterror))); } else { if (buf[5]) - ND_PRINT((ndo, "SMBError = %s\n", smb_errstr(buf[5], EXTRACT_LE_16BITS(&buf[7])))); + ND_PRINT((ndo, "SMBError = %s\n", smb_errstr(EXTRACT_U_1(buf + 5), + EXTRACT_LE_U_2(buf + 7)))); } smboffset = 32; @@ -867,15 +874,15 @@ print_smb(netdissect_options *ndo, int v; for (i = 0; &words[1 + 2 * i] < maxwords; i++) { - ND_TCHECK2(words[1 + 2 * i], 2); - v = EXTRACT_LE_16BITS(words + 1 + 2 * i); + ND_TCHECK_2(words + (1 + 2 * i)); + v = EXTRACT_LE_U_2(words + 1 + 2 * i); ND_PRINT((ndo, "smb_vwv[%d]=%d (0x%X)\n", i, v, v)); } } } - ND_TCHECK2(*data, 2); - bcc = EXTRACT_LE_16BITS(data); + ND_TCHECK_2(data); + bcc = EXTRACT_LE_U_2(data); ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (f2) { if (bcc > 0) @@ -883,7 +890,7 @@ print_smb(netdissect_options *ndo, } else { if (bcc > 0) { ND_PRINT((ndo, "smb_buf[]=\n")); - print_data(ndo, data + 2, min(bcc, PTR_DIFF(maxbuf, data + 2))); + smb_print_data(ndo, data + 2, min(bcc, PTR_DIFF(maxbuf, data + 2))); } } } @@ -896,8 +903,8 @@ print_smb(netdissect_options *ndo, command = words[1]; if (command == 0xFF) break; - ND_TCHECK2(words[3], 2); - newsmboffset = EXTRACT_LE_16BITS(words + 3); + ND_TCHECK_2(words + 3); + newsmboffset = EXTRACT_LE_U_2(words + 3); fn = smbfind(command, smb_fns); @@ -938,7 +945,7 @@ nbt_tcp_print(netdissect_options *ndo, goto trunc; maxbuf = data + caplen; type = data[0]; - nbt_len = EXTRACT_16BITS(data + 2); + nbt_len = EXTRACT_BE_U_2(data + 2); length -= 4; caplen -= 4; @@ -1103,16 +1110,16 @@ nbt_udp137_print(netdissect_options *ndo, const u_char *p; int total, i; - ND_TCHECK2(data[10], 2); - name_trn_id = EXTRACT_16BITS(data); + ND_TCHECK_2(data + 10); + name_trn_id = EXTRACT_BE_U_2(data); response = (data[2] >> 7); opcode = (data[2] >> 3) & 0xF; nm_flags = ((data[2] & 0x7) << 4) + (data[3] >> 4); rcode = data[3] & 0xF; - qdcount = EXTRACT_16BITS(data + 4); - ancount = EXTRACT_16BITS(data + 6); - nscount = EXTRACT_16BITS(data + 8); - arcount = EXTRACT_16BITS(data + 10); + qdcount = EXTRACT_BE_U_2(data + 4); + ancount = EXTRACT_BE_U_2(data + 6); + nscount = EXTRACT_BE_U_2(data + 8); + arcount = EXTRACT_BE_U_2(data + 10); startbuf = data; if (maxbuf <= data) @@ -1164,11 +1171,13 @@ nbt_udp137_print(netdissect_options *ndo, p = smb_fdata(ndo, p, "Name=[n1]\n#", maxbuf, 0); if (p == NULL) goto out; - restype = EXTRACT_16BITS(p); + ND_TCHECK_2(p); + restype = EXTRACT_BE_U_2(p); p = smb_fdata(ndo, p, "ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n", p + 8, 0); if (p == NULL) goto out; - rdlen = EXTRACT_16BITS(p); + ND_TCHECK_2(p); + rdlen = EXTRACT_BE_U_2(p); ND_PRINT((ndo, "ResourceLength=%d\nResourceData=\n", rdlen)); p += 2; if (rdlen == 6) { @@ -1209,7 +1218,7 @@ nbt_udp137_print(netdissect_options *ndo, p += 2; } } else { - print_data(ndo, p, min(rdlen, length - (p - data))); + smb_print_data(ndo, p, min(rdlen, length - (p - data))); p += rdlen; } } @@ -1245,7 +1254,7 @@ smb_tcp_print(netdissect_options *ndo, if (caplen < 4) goto trunc; maxbuf = data + caplen; - smb_len = EXTRACT_24BITS(data + 1); + smb_len = EXTRACT_BE_U_3(data + 1); length -= 4; caplen -= 4; @@ -1255,14 +1264,15 @@ smb_tcp_print(netdissect_options *ndo, if (smb_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) { if ((int)smb_len > caplen) { if ((int)smb_len > length) - ND_PRINT((ndo, "WARNING: Packet is continued in later TCP segments\n")); + ND_PRINT((ndo, " WARNING: Packet is continued in later TCP segments\n")); else - ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length by %d\n", + ND_PRINT((ndo, " WARNING: Short packet. Try increasing the snap length by %d\n", smb_len - caplen)); - } + } else + ND_PRINT((ndo, " ")); print_smb(ndo, data, maxbuf > data + smb_len ? data + smb_len : maxbuf); } else - ND_PRINT((ndo, "SMB-over-TCP packet:(raw data or continuation?)\n")); + ND_PRINT((ndo, " SMB-over-TCP packet:(raw data or continuation?)\n")); return; trunc: ND_PRINT((ndo, "%s", tstr)); @@ -1308,7 +1318,7 @@ out: /* print netbeui frames */ -struct nbf_strings { +static struct nbf_strings { const char *name; const char *nonverbose; const char *verbose; @@ -1376,7 +1386,7 @@ netbeui_print(netdissect_options *ndo, if (maxbuf > ndo->ndo_snapend) maxbuf = ndo->ndo_snapend; ND_TCHECK(data[4]); - len = EXTRACT_LE_16BITS(data); + len = EXTRACT_LE_U_2(data); command = data[4]; data2 = data + len; if (data2 >= maxbuf) {