xref: /openbsd-src/usr.sbin/tcpdump/print-smb.c (revision ad24990c00f281263e02b73d1ff26df350457577) 
1*ad24990cSderaadt /*	$OpenBSD: print-smb.c,v 1.5 2017/05/30 20:10:45 deraadt Exp $	*/
232d56144Smickey 
332d56144Smickey /*
432d56144Smickey    Copyright (C) Andrew Tridgell 1995-1999
532d56144Smickey 
632d56144Smickey    This software may be distributed either under the terms of the
732d56144Smickey    BSD-style license that accompanies tcpdump or the GNU GPL version 2
832d56144Smickey    or later */
932d56144Smickey 
1032d56144Smickey #ifdef HAVE_CONFIG_H
1132d56144Smickey #include "config.h"
1232d56144Smickey #endif
1332d56144Smickey 
1432d56144Smickey #include <stdio.h>
1532d56144Smickey #include <string.h>
1632d56144Smickey #include <sys/types.h>
1732d56144Smickey 
1832d56144Smickey #include "interface.h"
1932d56144Smickey #include "smb.h"
2032d56144Smickey 
2132d56144Smickey static int request=0;
2232d56144Smickey 
2332d56144Smickey const uchar *startbuf=NULL;
2432d56144Smickey 
2532d56144Smickey struct smbdescript
2632d56144Smickey {
2732d56144Smickey   char *req_f1;
2832d56144Smickey   char *req_f2;
2932d56144Smickey   char *rep_f1;
3032d56144Smickey   char *rep_f2;
3132d56144Smickey   void (*fn)(); /* sometimes (u_char *, u_char *, u_char *, u_char *)
3232d56144Smickey 		and sometimes (u_char *, u_char *, int, int) */
3332d56144Smickey };
3432d56144Smickey 
3532d56144Smickey struct smbfns
3632d56144Smickey {
3732d56144Smickey   int id;
3832d56144Smickey   char *name;
3932d56144Smickey   int flags;
4032d56144Smickey   struct smbdescript descript;
4132d56144Smickey };
4232d56144Smickey 
4332d56144Smickey #define DEFDESCRIPT  {NULL,NULL,NULL,NULL,NULL}
4432d56144Smickey 
4532d56144Smickey #define FLG_CHAIN (1<<0)
4632d56144Smickey 
smbfind(int id,struct smbfns * list)4732d56144Smickey static struct smbfns *smbfind(int id,struct smbfns *list)
4832d56144Smickey {
4932d56144Smickey   int sindex;
5032d56144Smickey 
5132d56144Smickey   for (sindex=0;list[sindex].name;sindex++)
5232d56144Smickey     if (list[sindex].id == id) return(&list[sindex]);
5332d56144Smickey 
5432d56144Smickey   return(&list[0]);
5532d56144Smickey }
5632d56144Smickey 
trans2_findfirst(uchar * param,uchar * data,int pcnt,int dcnt)5732d56144Smickey static void trans2_findfirst(uchar *param,uchar *data,int pcnt,int dcnt)
5832d56144Smickey {
5932d56144Smickey   char *fmt;
6032d56144Smickey 
6132d56144Smickey   if (request) {
629dd8098fSmickey     fmt = "attr [A] searchcnt [d] flags [w] level [dP5] file [S] ";
6332d56144Smickey   } else {
649dd8098fSmickey     fmt = "handle [w] cnt [d] eos [w] eoffset [d] lastnameofs [w] ";
6532d56144Smickey   }
6632d56144Smickey 
6732d56144Smickey   fdata(param,fmt,param+pcnt);
6832d56144Smickey }
6932d56144Smickey 
trans2_qfsinfo(uchar * param,uchar * data,int pcnt,int dcnt)7032d56144Smickey static void trans2_qfsinfo(uchar *param,uchar *data,int pcnt,int dcnt)
7132d56144Smickey {
7232d56144Smickey   static int level=0;
7332d56144Smickey   char *fmt="";
7432d56144Smickey 
7532d56144Smickey   if (request) {
7632d56144Smickey     level = SVAL(param,0);
779dd8098fSmickey     fmt = "info level [d] ";
7832d56144Smickey     fdata(param,fmt,param+pcnt);
7932d56144Smickey   } else {
8032d56144Smickey     switch (level) {
8132d56144Smickey     case 1:
829dd8098fSmickey       fmt = "fsid [W] sectorunit [D] unit [D] avail [D] sectorsize [d] ";
8332d56144Smickey       break;
8432d56144Smickey     case 2:
859dd8098fSmickey       fmt = "creat [T2] volnamelen [B] volume [s12] ";
8632d56144Smickey       break;
8732d56144Smickey     case 0x105:
889dd8098fSmickey       fmt = "capabilities [W] maxfilelen [D] volnamelen [D] volume [S] ";
8932d56144Smickey       break;
9032d56144Smickey     default:
919dd8098fSmickey       fmt = "unknown level ";
9232d56144Smickey     }
9332d56144Smickey     fdata(data,fmt,data+dcnt);
9432d56144Smickey   }
9532d56144Smickey }
9632d56144Smickey 
9732d56144Smickey struct smbfns trans2_fns[] = {
9832d56144Smickey {0,"TRANSACT2_OPEN",0,
999dd8098fSmickey    {"flags2 [w] mode [w] searchattr [A] attr [A] time [T2] ofun [w] size [D] res [w,w,w,w,w] path [S]",NULL,
1009dd8098fSmickey     "handle [d] attr [A] time [T2] size [D] access [w] type [w] state [w] action [w] inode [W] offerr [d] |ealen [d] ",NULL,NULL}},
10132d56144Smickey 
10232d56144Smickey {1,"TRANSACT2_FINDFIRST",0,
10332d56144Smickey    {NULL,NULL,NULL,NULL,trans2_findfirst}},
10432d56144Smickey 
10532d56144Smickey {2,"TRANSACT2_FINDNEXT",0,DEFDESCRIPT},
10632d56144Smickey 
10732d56144Smickey {3,"TRANSACT2_QFSINFO",0,
10832d56144Smickey    {NULL,NULL,NULL,NULL,trans2_qfsinfo}},
10932d56144Smickey 
11032d56144Smickey {4,"TRANSACT2_SETFSINFO",0,DEFDESCRIPT},
11132d56144Smickey {5,"TRANSACT2_QPATHINFO",0,DEFDESCRIPT},
11232d56144Smickey {6,"TRANSACT2_SETPATHINFO",0,DEFDESCRIPT},
11332d56144Smickey {7,"TRANSACT2_QFILEINFO",0,DEFDESCRIPT},
11432d56144Smickey {8,"TRANSACT2_SETFILEINFO",0,DEFDESCRIPT},
11532d56144Smickey {9,"TRANSACT2_FSCTL",0,DEFDESCRIPT},
11632d56144Smickey {10,"TRANSACT2_IOCTL",0,DEFDESCRIPT},
11732d56144Smickey {11,"TRANSACT2_FINDNOTIFYFIRST",0,DEFDESCRIPT},
11832d56144Smickey {12,"TRANSACT2_FINDNOTIFYNEXT",0,DEFDESCRIPT},
11932d56144Smickey {13,"TRANSACT2_MKDIR",0,DEFDESCRIPT},
12032d56144Smickey {-1,NULL,0,DEFDESCRIPT}};
12132d56144Smickey 
12232d56144Smickey 
print_trans2(uchar * words,uchar * dat,uchar * buf,uchar * maxbuf)12332d56144Smickey static void print_trans2(uchar *words,uchar *dat,uchar *buf,uchar *maxbuf)
12432d56144Smickey {
12532d56144Smickey   static struct smbfns *fn = &trans2_fns[0];
12632d56144Smickey   uchar *data,*param;
12732d56144Smickey   uchar *f1=NULL,*f2=NULL;
12832d56144Smickey   int pcnt,dcnt;
12932d56144Smickey 
13032d56144Smickey   if (request) {
13132d56144Smickey     fn = smbfind(SVAL(words+1,14*2),trans2_fns);
13232d56144Smickey     data = buf+SVAL(words+1,12*2);
13332d56144Smickey     param = buf+SVAL(words+1,10*2);
13432d56144Smickey     pcnt = SVAL(words+1,9*2);
13532d56144Smickey     dcnt = SVAL(words+1,11*2);
13632d56144Smickey   } else {
13732d56144Smickey     data = buf+SVAL(words+1,7*2);
13832d56144Smickey     param = buf+SVAL(words+1,4*2);
13932d56144Smickey     pcnt = SVAL(words+1,3*2);
14032d56144Smickey     dcnt = SVAL(words+1,6*2);
14132d56144Smickey   }
14232d56144Smickey 
1439dd8098fSmickey   printf("%s paramlen %d datalen %d ",
14432d56144Smickey 	 fn->name,pcnt,dcnt);
14532d56144Smickey 
14632d56144Smickey   if (request) {
14732d56144Smickey     if (CVAL(words,0) == 8) {
1489dd8098fSmickey       fdata(words+1,"trans2secondary totparam [d] totdata [d] paramcnt [d] paramoff [d] paramdisp [d] datacnt [d] dataoff [d] datadisp [d] handle [d] ",maxbuf);
14932d56144Smickey       return;
15032d56144Smickey     } else {
1519dd8098fSmickey       fdata(words+1,"totparam [d] totdata [d] maxparam [d] maxdata [d] maxsetup [d] flags [w] timeout [D] res1 [w] paramcnt [d] paramoff [d] datacnt=[d] dataoff [d] setupcnt [d] ",words+1+14*2);
1529dd8098fSmickey       fdata(data+1,"transname [S] %",maxbuf);
15332d56144Smickey     }
15432d56144Smickey     f1 = fn->descript.req_f1;
15532d56144Smickey     f2 = fn->descript.req_f2;
15632d56144Smickey   } else {
15732d56144Smickey     if (CVAL(words,0) == 0) {
1589dd8098fSmickey       printf("trans2interim ");
15932d56144Smickey       return;
16032d56144Smickey     } else {
1619dd8098fSmickey       fdata(words+1,"totparam [d] totdata [d] res1 [w] paramcnt [d] paramoff [d] paramdisp [d] datacnt [d] dataoff [d] datadisp [d] setupcnt [d] ",words+1+10*2);
16232d56144Smickey     }
16332d56144Smickey     f1 = fn->descript.rep_f1;
16432d56144Smickey     f2 = fn->descript.rep_f2;
16532d56144Smickey   }
16632d56144Smickey 
16732d56144Smickey   if (fn->descript.fn) {
16832d56144Smickey     fn->descript.fn(param,data,pcnt,dcnt);
16932d56144Smickey   } else {
1709dd8098fSmickey     fdata(param,f1?f1:(uchar*)"params ",param+pcnt);
1719dd8098fSmickey     fdata(data,f2?f2:(uchar*)"data ",data+dcnt);
17232d56144Smickey   }
17332d56144Smickey }
17432d56144Smickey 
17532d56144Smickey 
print_browse(uchar * param,int paramlen,const uchar * data,int datalen)17632d56144Smickey static void print_browse(uchar *param,int paramlen,const uchar *data,int datalen)
17732d56144Smickey {
17832d56144Smickey   const uchar *maxbuf = data + datalen;
17932d56144Smickey   int command = CVAL(data,0);
18032d56144Smickey 
1819dd8098fSmickey   fdata(param,"browse |param ",param+paramlen);
18232d56144Smickey 
18332d56144Smickey   switch (command) {
18432d56144Smickey   case 0xF:
1859dd8098fSmickey     data = fdata(data,"browse [B] (LocalMasterAnnouncement) updatecnt [w] res1 [B] announceintv [d] name [n2] version [B].[B] servertype [W] electionversion [w] browserconst [w] ",maxbuf);
18632d56144Smickey     break;
18732d56144Smickey 
18832d56144Smickey   case 0x1:
1899dd8098fSmickey     data = fdata(data,"browse [B] (HostAnnouncement) updatecnt [w] res1 [B] announceintv [d] name [n2] version [B].[B] servertype [W] electionversion [w] browserconst [w] ",maxbuf);
19032d56144Smickey     break;
19132d56144Smickey 
19232d56144Smickey   case 0x2:
1939dd8098fSmickey     data = fdata(data,"browse [B] (AnnouncementRequest) flags [B] replysysname [S] ",maxbuf);
19432d56144Smickey     break;
19532d56144Smickey 
19632d56144Smickey   case 0xc:
1979dd8098fSmickey     data = fdata(data,"browse [B] (WorkgroupAnnouncement) updatecnt [w] res1 [B] announceintv [d] name [n2] version [B].[B] servertype [W] commentptr [W] servername [S] ",maxbuf);
19832d56144Smickey     break;
19932d56144Smickey 
20032d56144Smickey   case 0x8:
2019dd8098fSmickey     data = fdata(data,"browse [B] (ElectionFrame) electionversion [B] ossummary [W] uptime [(W,W)] servername [S] ",maxbuf);
20232d56144Smickey     break;
20332d56144Smickey 
20432d56144Smickey   case 0xb:
2059dd8098fSmickey     data = fdata(data,"browse [B] (BecomeBackupBrowser) name [S] ",maxbuf);
20632d56144Smickey     break;
20732d56144Smickey 
20832d56144Smickey   case 0x9:
2099dd8098fSmickey     data = fdata(data,"browse [B] (GetBackupList) listcnt? [B] token? [B] ",maxbuf);
21032d56144Smickey     break;
21132d56144Smickey 
21232d56144Smickey   case 0xa:
2139dd8098fSmickey     data = fdata(data,"browse [B] (BackupListResponse) servercnt? [B] token? [B] *name [S] ",maxbuf);
21432d56144Smickey     break;
21532d56144Smickey 
21632d56144Smickey   case 0xd:
2179dd8098fSmickey     data = fdata(data,"browse [B] (MasterAnnouncement) master-name [S] ",maxbuf);
21832d56144Smickey     break;
21932d56144Smickey 
22032d56144Smickey   case 0xe:
2219dd8098fSmickey     data = fdata(data,"browse [B] (ResetBrowser) options [B] ",maxbuf);
22232d56144Smickey     break;
22332d56144Smickey 
22432d56144Smickey   default:
2259dd8098fSmickey     data = fdata(data,"browse unknown-frame",maxbuf);
22632d56144Smickey     break;
22732d56144Smickey   }
22832d56144Smickey }
22932d56144Smickey 
23032d56144Smickey 
print_ipc(uchar * param,int paramlen,uchar * data,int datalen)23132d56144Smickey static void print_ipc(uchar *param,int paramlen,uchar *data,int datalen)
23232d56144Smickey {
23332d56144Smickey   if (paramlen)
2349dd8098fSmickey     fdata(param,"cmd [w] str1 [S] str2 [S] ",param+paramlen);
23532d56144Smickey   if (datalen)
23632d56144Smickey     fdata(data,"IPC ",data+datalen);
23732d56144Smickey }
23832d56144Smickey 
23932d56144Smickey 
print_trans(uchar * words,uchar * data1,uchar * buf,uchar * maxbuf)24032d56144Smickey static void print_trans(uchar *words,uchar *data1,uchar *buf,uchar *maxbuf)
24132d56144Smickey {
24232d56144Smickey   uchar *f1,*f2,*f3,*f4;
24332d56144Smickey   uchar *data,*param;
24432d56144Smickey   int datalen,paramlen;
24532d56144Smickey 
24632d56144Smickey   if (request) {
24732d56144Smickey     paramlen = SVAL(words+1,9*2);
24832d56144Smickey     param = buf + SVAL(words+1,10*2);
24932d56144Smickey     datalen = SVAL(words+1,11*2);
25032d56144Smickey     data = buf + SVAL(words+1,12*2);
2519dd8098fSmickey     f1 = " totparamcnt [d] totdatacnt [d] maxparmcnt [d] maxdatacnt [d] maxscnt [d] transflags [w] res [w] [w] [w] paramcnt [d] paramoff [d] datacnt [d] dataoff [d] sucnt [d] ";
2529dd8098fSmickey     f2 = "|[S] ";
2539dd8098fSmickey     f3 = "|param ";
2549dd8098fSmickey     f4 = "|data ";
25532d56144Smickey   } else {
25632d56144Smickey     paramlen = SVAL(words+1,3*2);
25732d56144Smickey     param = buf + SVAL(words+1,4*2);
25832d56144Smickey     datalen = SVAL(words+1,6*2);
25932d56144Smickey     data = buf + SVAL(words+1,7*2);
2609dd8098fSmickey     f1 = "totparamcnt [d] totdatacnt [d] res1 [d] paramcnt [d] paramoff [d] res2 [d] datacnt [d] dataoff [d] res3 [d] Lsetup [d] ";
2619dd8098fSmickey     f2 = "|unk ";
2629dd8098fSmickey     f3 = "|param ";
2639dd8098fSmickey     f4 = "|data ";
26432d56144Smickey   }
26532d56144Smickey 
266*ad24990cSderaadt   fdata(words+1,f1,MINIMUM(words+1+2*CVAL(words,0),maxbuf));
26732d56144Smickey   fdata(data1+2,f2,maxbuf - (paramlen + datalen));
26832d56144Smickey 
26932d56144Smickey   if (!strcmp(data1+2,"\\MAILSLOT\\BROWSE")) {
27032d56144Smickey     print_browse(param,paramlen,data,datalen);
27132d56144Smickey     return;
27232d56144Smickey   }
27332d56144Smickey 
27432d56144Smickey   if (!strcmp(data1+2,"\\PIPE\\LANMAN")) {
27532d56144Smickey     print_ipc(param,paramlen,data,datalen);
27632d56144Smickey     return;
27732d56144Smickey   }
27832d56144Smickey 
279*ad24990cSderaadt   if (paramlen) fdata(param,f3,MINIMUM(param+paramlen,maxbuf));
280*ad24990cSderaadt   if (datalen) fdata(data,f4,MINIMUM(data+datalen,maxbuf));
28132d56144Smickey }
28232d56144Smickey 
28332d56144Smickey 
28432d56144Smickey 
print_negprot(uchar * words,uchar * data,uchar * buf,uchar * maxbuf)28532d56144Smickey static void print_negprot(uchar *words,uchar *data,uchar *buf,uchar *maxbuf)
28632d56144Smickey {
28732d56144Smickey   uchar *f1=NULL,*f2=NULL;
28832d56144Smickey 
28932d56144Smickey   if (request) {
2909dd8098fSmickey     f2 = "*|dialect [Z] ";
29132d56144Smickey   } else {
29232d56144Smickey     if (CVAL(words,0) == 1) {
2939dd8098fSmickey       f1 = "core-proto dialect index [d]";
29432d56144Smickey     } else if (CVAL(words,0) == 17) {
2959dd8098fSmickey       f1 =  "NT1-proto dialect index [d] secmode [B] maxmux [d] numvcs [d] maxbuf [D] rawsize [D] sesskey [W] capabilities [W] servertime [T3] tz [d] cryptkey ";
29632d56144Smickey     } else if (CVAL(words,0) == 13) {
2979dd8098fSmickey       f1 = "coreplus/lanman1/lanman2-proto dialect index [d] secmode [w] maxxmit [d] maxmux [d] maxvcs [d] blkmode [w] sesskey [W] servertime [T1] tz [d] res [W] cryptkey ";
29832d56144Smickey     }
29932d56144Smickey   }
30032d56144Smickey 
30132d56144Smickey   if (f1)
302*ad24990cSderaadt     fdata(words+1,f1,MINIMUM(words + 1 + CVAL(words,0)*2,maxbuf));
30332d56144Smickey 
30432d56144Smickey   if (f2)
305*ad24990cSderaadt     fdata(data+2,f2,MINIMUM(data + 2 + SVAL(data,0),maxbuf));
30632d56144Smickey }
30732d56144Smickey 
print_sesssetup(uchar * words,uchar * data,uchar * buf,uchar * maxbuf)30832d56144Smickey static void print_sesssetup(uchar *words,uchar *data,uchar *buf,uchar *maxbuf)
30932d56144Smickey {
31032d56144Smickey   int wcnt = CVAL(words,0);
31132d56144Smickey   uchar *f1=NULL,*f2=NULL;
31232d56144Smickey 
31332d56144Smickey   if (request) {
31432d56144Smickey     if (wcnt==10) {
3159dd8098fSmickey       f1 = "com2 [w] off2 [d] bufsize [d] maxmpx [d] vcnum [d] sesskey [W] passlen [d] cryptlen [d] cryptoff [d] pass&name  ";
31632d56144Smickey     } else {
3179dd8098fSmickey       f1 = "com2 [B] res1 [B] off2 [d] maxbuf [d] maxmpx [d] vcnum [d] sesskey [W] case-insensitive-passlen [d] case-sensitive-passlen [d] res [W] capabilities [W] pass1&pass2&account&domain&os&lanman  ";
31832d56144Smickey     }
31932d56144Smickey   } else {
32032d56144Smickey     if (CVAL(words,0) == 3) {
3219dd8098fSmickey       f1 = "com2 [w] off2 [d] action [w] ";
32232d56144Smickey     } else if (CVAL(words,0) == 13) {
3239dd8098fSmickey       f1 = "com2 [B] res [B] off2 [d] action [w] ";
3249dd8098fSmickey       f2 = "native-os [S] nativelanman [S] primarydomain [S] ";
32532d56144Smickey     }
32632d56144Smickey   }
32732d56144Smickey 
32832d56144Smickey   if (f1)
329*ad24990cSderaadt     fdata(words+1,f1,MINIMUM(words + 1 + CVAL(words,0)*2,maxbuf));
33032d56144Smickey 
33132d56144Smickey   if (f2)
332*ad24990cSderaadt     fdata(data+2,f2,MINIMUM(data + 2 + SVAL(data,0),maxbuf));
33332d56144Smickey }
33432d56144Smickey 
33532d56144Smickey 
33632d56144Smickey static struct smbfns smb_fns[] =
33732d56144Smickey {
33832d56144Smickey {-1,"SMBunknown",0,DEFDESCRIPT},
33932d56144Smickey 
34032d56144Smickey {SMBtcon,"SMBtcon",0,
3419dd8098fSmickey    {NULL,"path [Z] pass [Z] dev [Z] ", "xmitmax [d] treeid [d] ",NULL, NULL}},
34232d56144Smickey 
34332d56144Smickey 
34432d56144Smickey {SMBtdis,"SMBtdis",0,DEFDESCRIPT},
34532d56144Smickey {SMBexit,"SMBexit",0,DEFDESCRIPT},
34632d56144Smickey {SMBioctl,"SMBioctl",0,DEFDESCRIPT},
34732d56144Smickey 
34832d56144Smickey {SMBecho,"SMBecho",0,
3499dd8098fSmickey    {"reverbcount [d] ",NULL, "seqnum [d] ",NULL, NULL}},
35032d56144Smickey 
35132d56144Smickey {SMBulogoffX, "SMBulogoffX",FLG_CHAIN,DEFDESCRIPT},
35232d56144Smickey 
3539dd8098fSmickey {SMBgetatr,"SMBgetatr",0, {NULL,"path [Z] ",
3549dd8098fSmickey     "attr [A] time [T2] size [D] res ([w,w,w,w,w]) ",NULL, NULL}},
35532d56144Smickey 
35632d56144Smickey {SMBsetatr,"SMBsetatr",0,
3579dd8098fSmickey    {"attr [A] time [T2] res ([w,w,w,w,w]) ","path [Z] ", NULL,NULL,NULL}},
35832d56144Smickey 
3599dd8098fSmickey {SMBchkpth,"SMBchkpth",0, {NULL,"path [Z] ",NULL,NULL,NULL}},
36032d56144Smickey 
36132d56144Smickey {SMBsearch,"SMBsearch",0,
3629dd8098fSmickey {"cnt [d] attr [A] ","path [Z] blktype [B] blklen [d] |res1 [B] mask [s11] srv1 [B] dirindex [d] srv2 [w] res2 [W] ",
3639dd8098fSmickey "cnt [d] ","blktype [B] blklen [d] * res1 [B] mask [s11] srv1 [B] dirindex [d] srv2 [w] res2 [W] attr [a] time [T1] size [D] name [s13] ",NULL}},
36432d56144Smickey 
3659dd8098fSmickey {SMBopen,"SMBopen",0, {"mode [w] attr [A] ","path [Z] ", "handle [d] oattr [A] time [T2] size [D] access [w] ",NULL, NULL}},
36632d56144Smickey 
3679dd8098fSmickey {SMBcreate,"SMBcreate",0, {"attr [A] time [T2]","path [Z] ", "handle [d]",NULL, NULL}},
36832d56144Smickey 
3699dd8098fSmickey {SMBmknew,"SMBmknew",0, {"attr [A] time [T2]","path [Z] ", "handle [d] ",NULL, NULL}},
37032d56144Smickey 
3719dd8098fSmickey {SMBunlink,"SMBunlink",0, {"attr [A] ","path [Z] ",NULL,NULL,NULL}},
37232d56144Smickey 
3739dd8098fSmickey {SMBread,"SMBread",0, {"handle [d] bytecnt [d] offset [D] cntleft [d] ",NULL, "cnt [d] res ([w,w,w,w]) ",NULL,NULL}},
37432d56144Smickey 
3759dd8098fSmickey {SMBwrite,"SMBwrite",0, {"handle [d] bytecnt [d] offset [D] cntleft [d] ",NULL, "cnt [d] ",NULL,NULL}},
37632d56144Smickey 
3779dd8098fSmickey {SMBclose,"SMBclose",0, {"handle [d] time [T2]",NULL,NULL,NULL,NULL}},
37832d56144Smickey 
3799dd8098fSmickey {SMBmkdir,"SMBmkdir",0, {NULL,"path [Z] ",NULL,NULL,NULL}},
38032d56144Smickey 
3819dd8098fSmickey {SMBrmdir,"SMBrmdir",0, {NULL,"path [Z] ",NULL,NULL,NULL}},
38232d56144Smickey 
3839dd8098fSmickey {SMBdskattr,"SMBdskattr",0, {NULL,NULL, "totalunits [d] blks/unit [d] blksize [d] freeunits [d] media [w] ", NULL,NULL}},
38432d56144Smickey 
3859dd8098fSmickey {SMBmv,"SMBmv",0, {"attr [A] ","oldpath [Z] newpath [Z] ",NULL,NULL,NULL}},
38632d56144Smickey 
38732d56144Smickey /* this is a Pathworks specific call, allowing the
38832d56144Smickey    changing of the root path */
3899dd8098fSmickey {pSETDIR,"SMBsetdir",0, {NULL,"path [Z] ",NULL,NULL,NULL}},
39032d56144Smickey 
3919dd8098fSmickey {SMBlseek,"SMBlseek",0, {"handle [d] mode [w] offset [D] ","offset [D] ",NULL,NULL}},
39232d56144Smickey 
3939dd8098fSmickey {SMBflush,"SMBflush",0, {"handle [d] ",NULL,NULL,NULL,NULL}},
39432d56144Smickey 
3959dd8098fSmickey {SMBsplopen,"SMBsplopen",0, {"setuplen [d] mode [w] ","ident [Z] ","handle [d] ",NULL,NULL}},
39632d56144Smickey 
3979dd8098fSmickey {SMBsplclose,"SMBsplclose",0, {"handle [d] ",NULL,NULL,NULL,NULL}},
39832d56144Smickey 
3999dd8098fSmickey {SMBsplretq,"SMBsplretq",0, {"maxcnt [d] startindex [d] ",NULL, "cnt [d] index [d] ", "*time [T2] status [B] jobid [d] size [D] res [B] name [s16] ", NULL}},
40032d56144Smickey 
4019dd8098fSmickey {SMBsplwr,"SMBsplwr",0, {"handle [d] ",NULL,NULL,NULL,NULL}},
40232d56144Smickey 
4039dd8098fSmickey {SMBlock,"SMBlock",0, {"handle [d] count [D] offset [D] ",NULL,NULL,NULL,NULL}},
40432d56144Smickey 
4059dd8098fSmickey {SMBunlock,"SMBunlock",0, {"handle [d] count [D] offset [D] ",NULL,NULL,NULL,NULL}},
40632d56144Smickey 
40732d56144Smickey /* CORE+ PROTOCOL FOLLOWS */
40832d56144Smickey 
4099dd8098fSmickey {SMBreadbraw,"SMBreadbraw",0, {"handle [d] offset [D] maxcnt [d] mincnt [d] timeout [D] res [d] ", NULL,NULL,NULL,NULL}},
41032d56144Smickey 
4119dd8098fSmickey {SMBwritebraw,"SMBwritebraw",0, {"handle [d] totalcnt [d] res [w] offset [D] timeout [D] wmode [w] res2 [W] |datasize [d] dataoff [d] ", NULL,"write-raw-ack",NULL,NULL}},
41232d56144Smickey 
4139dd8098fSmickey {SMBwritec,"SMBwritec",0, {NULL,NULL,"count [d] ",NULL,NULL}},
41432d56144Smickey 
4159dd8098fSmickey {SMBwriteclose,"SMBwriteclose",0, {"handle [d] count [d] offset [D] time [T2] res ([w,w,w,w,w,w])",NULL, "count [d] ",NULL,NULL}},
41632d56144Smickey 
4179dd8098fSmickey {SMBlockread,"SMBlockread",0, {"handle [d] bytecnt [d] offset [D] cntleft [d] ",NULL, "count [d] res ([w,w,w,w]) ",NULL,NULL}},
41832d56144Smickey 
4199dd8098fSmickey {SMBwriteunlock,"SMBwriteunlock",0, {"handle [d] bytecnt [d] offset [D] cntleft [d] ",NULL, "count [d] ",NULL,NULL}},
42032d56144Smickey 
4219dd8098fSmickey {SMBreadBmpx,"SMBreadBmpx",0, {"handle [d] offset [D] maxcnt [d] mincnt [d] timeout [D] res [w] ", NULL, "offset [D] totcnt [d] remain [d] res ([w,w]) datasize [d] dataoff [d] ", NULL,NULL}},
42232d56144Smickey 
4239dd8098fSmickey {SMBwriteBmpx,"SMBwriteBmpx",0, {"handle [d] totcnt [d] res [w] offset [D] timeout [D] wmode [w] res2 [W] datasize [d] dataoff [d] ",NULL, "remain [d] ",NULL,NULL}},
42432d56144Smickey 
4259dd8098fSmickey {SMBwriteBs,"SMBwriteBs",0, {"handle [d] totcnt [d] offset [D] res [W] datasize [d] dataoff [d] ",NULL, "count [d] ",NULL,NULL}},
42632d56144Smickey 
4279dd8098fSmickey {SMBsetattrE,"SMBsetattrE",0, {"handle [d] ctime [T2] atime [T2] mtime [T2]",NULL, NULL,NULL,NULL}},
42832d56144Smickey 
4299dd8098fSmickey {SMBgetattrE,"SMBgetattrE",0, {"handle [d] ",NULL, "ctime [T2] atime [T2] mtime [T2] size [D] allocsize [D] attr [A] ",NULL,NULL}},
43032d56144Smickey 
43132d56144Smickey {SMBtranss,"SMBtranss",0,DEFDESCRIPT},
43232d56144Smickey {SMBioctls,"SMBioctls",0,DEFDESCRIPT},
43332d56144Smickey 
4349dd8098fSmickey {SMBcopy,"SMBcopy",0, {"treeid2 [d] ofun [w] flags [w] ","path [S] newpath [S] ", "copycnt [d] ","|errstr [S] ",NULL}},
43532d56144Smickey 
4369dd8098fSmickey {SMBmove,"SMBmove",0, {"treeid2 [d] ofun [w] flags [w] ","path [S] newpath [S] ", "movecnt [d] ","|errstr [S] ",NULL}},
43732d56144Smickey 
4389dd8098fSmickey {SMBopenX,"SMBopenX",FLG_CHAIN, {"com2 [w] off2 [d] flags [w] mode [w] searchattr [A] attr [A] time [T2] ofun [w] size [D] timeout [D] res [W] ","path [S] ", "com2 [w] off2 [d] handle [d] attr [A] time [T2] size [D] access [w] type [w] state [w] action [w] fileid [W] res [w] ",NULL,NULL}},
43932d56144Smickey 
4409dd8098fSmickey {SMBreadX,"SMBreadX",FLG_CHAIN, {"com2 [w] off2 [d] handle [d] offset [D] maxcnt [d] mincnt [d] timeout [D] cntleft [d] ",NULL, "com2 [w] off2 [d] remain [d] res [W] datasize [d] dataoff [d] res ([w,w,w,w]) ",NULL,NULL}},
44132d56144Smickey 
4429dd8098fSmickey {SMBwriteX,"SMBwriteX",FLG_CHAIN, {"com2 [w] off2 [d] handle [d] offset [D] timeout [D] wmode [w] cntleft [d] res [w] datasize [d] dataoff [d] ",NULL, "com2 [w] off2 [d] count [d] remain [d] res [W] ",NULL,NULL}},
44332d56144Smickey 
4449dd8098fSmickey {SMBlockingX,"SMBlockingX",FLG_CHAIN, {"com2 [w] off2 [d] handle [d] locktype [w] timeout [D] unlockcnt [d] lockcnt [d] ", "*process [d] offset [D] len [D] ", "com2 [w] off2 [d] "}},
44532d56144Smickey 
4469dd8098fSmickey {SMBffirst,"SMBffirst",0, {"count [d] attr [A] ","path [Z] blktype [B] blklen [d] |res1 [B] mask [s11] srv2 [B] dirindex [d] srv2 [w] ", "count [d] ","blktype [B] blklen [d] * res1 [B] mask [s11] srv1 [B] dirindex [d] srv2 [w] res2 [W] attr [a] time [T1] size [D] name [s13] ",NULL}},
44732d56144Smickey 
4489dd8098fSmickey {SMBfunique,"SMBfunique",0, {"count [d] attr [A] ","path [Z] blktype [B] blklen [d] |res1 [B] mask [s11] srv1 [B] dirindex [d] srv2 [w] ", "count [d] ","blktype [B] blklen [d] * res1 [B] mask [s11] srv1 [B] dirindex [d] srv2 [w] res2 [W] attr [a] time [T1] size [D] name [s13] ",NULL}},
44932d56144Smickey 
4509dd8098fSmickey {SMBfclose,"SMBfclose",0, {"count [d] attr [A] ","path [Z] blktype [B] blklen [d] |res1 [B] mask [s11] srv1 [B] dirindex [d] srv2 [w] ", "count [d] ","blktype [B] blklen [d] * res1 [B] mask [s11] srv1 [B] dirindex [d] srv2 [w] res2 [W] attr [a] time [T1] size [D] name [s13] ",NULL}},
45132d56144Smickey 
4529dd8098fSmickey {SMBfindnclose, "SMBfindnclose", 0, {"handle [d] ",NULL,NULL,NULL,NULL}},
45332d56144Smickey 
4549dd8098fSmickey {SMBfindclose, "SMBfindclose", 0, {"handle [d] ",NULL,NULL,NULL,NULL}},
45532d56144Smickey 
4569dd8098fSmickey {SMBsends,"SMBsends",0, {NULL,"src [Z] dst [Z] ",NULL,NULL,NULL}},
45732d56144Smickey 
4589dd8098fSmickey {SMBsendstrt,"SMBsendstrt",0, {NULL,"src [Z] dst [Z] ","groupid [d] ",NULL,NULL}},
45932d56144Smickey 
4609dd8098fSmickey {SMBsendend,"SMBsendend",0, {"groupid [d] ",NULL,NULL,NULL,NULL}},
46132d56144Smickey 
4629dd8098fSmickey {SMBsendtxt,"SMBsendtxt",0, {"groupid [d] ",NULL,NULL,NULL,NULL}},
46332d56144Smickey 
4649dd8098fSmickey {SMBsendb,"SMBsendb",0, {NULL,"src [Z] dst [Z] ",NULL,NULL,NULL}},
46532d56144Smickey 
46632d56144Smickey {SMBfwdname,"SMBfwdname",0,DEFDESCRIPT},
46732d56144Smickey {SMBcancelf,"SMBcancelf",0,DEFDESCRIPT},
46832d56144Smickey {SMBgetmac,"SMBgetmac",0,DEFDESCRIPT},
46932d56144Smickey 
4709dd8098fSmickey {SMBnegprot,"SMBnegprot",0, {NULL,NULL,NULL,NULL,print_negprot}},
47132d56144Smickey 
4729dd8098fSmickey {SMBsesssetupX,"SMBsesssetupX",FLG_CHAIN,{NULL,NULL,NULL,NULL,print_sesssetup}},
47332d56144Smickey 
4749dd8098fSmickey {SMBtconX,"SMBtconX",FLG_CHAIN, {"com2 [w] off2 [d] flags [w] passlen [d] passwd&path&dev  ",NULL, "com2 [w] off2 [d] ","servicetype [S] ",NULL}},
47532d56144Smickey 
47632d56144Smickey {SMBtrans2, "SMBtrans2",0,{NULL,NULL,NULL,NULL,print_trans2}},
47732d56144Smickey 
47832d56144Smickey {SMBtranss2, "SMBtranss2", 0,DEFDESCRIPT},
47932d56144Smickey {SMBctemp,"SMBctemp",0,DEFDESCRIPT},
48032d56144Smickey {SMBreadBs,"SMBreadBs",0,DEFDESCRIPT},
48132d56144Smickey {SMBtrans,"SMBtrans",0,{NULL,NULL,NULL,NULL,print_trans}},
48232d56144Smickey 
48332d56144Smickey {SMBnttrans,"SMBnttrans", 0, DEFDESCRIPT},
48432d56144Smickey {SMBnttranss,"SMBnttranss", 0, DEFDESCRIPT},
48532d56144Smickey 
4869dd8098fSmickey {SMBntcreateX,"SMBntcreateX", FLG_CHAIN, {"com2 [w] off2 [d] res [b] namelen [d] flags [W] rootdirfid [D] accessmask [W] allocsize [L] extfileattr [W] shareaccess [W] createdisposition [W] createopts [W] impersonallevel [W] securityflags [b] ","path [S] ", "com2 [w] off2 [d] oplocklvl [b] fid [d] createaction [W] createtime [T3] lastaccesstime [T3] lastwritetime [T3] ctime [T3]extfileattr [W] allocsize [L] eof [L] filetype [w] devstate [w] dir [b] ", NULL}},
48732d56144Smickey 
48832d56144Smickey {SMBntcancel,"SMBntcancel", 0, DEFDESCRIPT},
48932d56144Smickey 
49032d56144Smickey {-1,NULL,0,DEFDESCRIPT}};
49132d56144Smickey 
49232d56144Smickey 
49332d56144Smickey /*******************************************************************
49432d56144Smickey print a SMB message
49532d56144Smickey ********************************************************************/
print_smb(const uchar * buf,const uchar * maxbuf)49632d56144Smickey static void print_smb(const uchar *buf, const uchar *maxbuf)
49732d56144Smickey {
49832d56144Smickey   int command;
49932d56144Smickey   const uchar *words, *data;
50032d56144Smickey   struct smbfns *fn;
50132d56144Smickey   char *fmt_smbheader =
5029dd8098fSmickey "[P4] cmd [B] error [BP1]/[d] flags [B] [B][P13] treeid [d] procid [d] uid [d] mid [d] wordcnt [b] ";
50332d56144Smickey 
50432d56144Smickey   request = (CVAL(buf,9)&0x80)?0:1;
50532d56144Smickey 
50632d56144Smickey   command = CVAL(buf,4);
50732d56144Smickey 
50832d56144Smickey   fn = smbfind(command,smb_fns);
50932d56144Smickey 
5109dd8098fSmickey   printf("%s-%s",fn->name,request?"request":"reply");
51132d56144Smickey 
51232d56144Smickey   if (vflag == 0) return;
51332d56144Smickey 
51432d56144Smickey   /* print out the header */
51532d56144Smickey   fdata(buf,fmt_smbheader,buf+33);
51632d56144Smickey 
51732d56144Smickey   if (CVAL(buf,5)) {
51832d56144Smickey     int class = CVAL(buf,5);
51932d56144Smickey     int num = SVAL(buf,7);
5209dd8098fSmickey     printf("SMBError %s ",smb_errstr(class,num));
52132d56144Smickey   }
52232d56144Smickey 
52332d56144Smickey   words = buf+32;
52432d56144Smickey   data = words + 1 + CVAL(words,0)*2;
52532d56144Smickey 
52632d56144Smickey 
52732d56144Smickey   while (words && data)
52832d56144Smickey     {
52932d56144Smickey       char *f1,*f2;
53032d56144Smickey       int wct = CVAL(words,0);
53132d56144Smickey 
53232d56144Smickey       if (request) {
53332d56144Smickey 	f1 = fn->descript.req_f1;
53432d56144Smickey 	f2 = fn->descript.req_f2;
53532d56144Smickey       } else {
53632d56144Smickey 	f1 = fn->descript.rep_f1;
53732d56144Smickey 	f2 = fn->descript.rep_f2;
53832d56144Smickey       }
53932d56144Smickey 
54032d56144Smickey       if (fn->descript.fn) {
54132d56144Smickey 	fn->descript.fn(words,data,buf,maxbuf);
54232d56144Smickey       } else {
54332d56144Smickey 	if (f1) {
5449dd8098fSmickey 	  printf("smbvwv[]=");
54532d56144Smickey 	  fdata(words+1,f1,words + 1 + wct*2);
54632d56144Smickey 	} else if (wct) {
54732d56144Smickey 	  int i;
54832d56144Smickey 	  int v;
5499dd8098fSmickey 	  printf("smbvwv[]=");
55032d56144Smickey 	  for (i=0;i<wct;i++) {
55132d56144Smickey 	    v = SVAL(words+1,2*i);
5529dd8098fSmickey 	    printf("smb_vwv[%d]=%d (0x%X) ",i,v,v);
55332d56144Smickey 	  }
55432d56144Smickey 	}
55532d56144Smickey 
55632d56144Smickey 	if (f2) {
5579dd8098fSmickey 	  printf("smbbuf[]=");
55832d56144Smickey 	  fdata(data+2,f2,maxbuf);
55932d56144Smickey 	} else {
56032d56144Smickey 	  int bcc = SVAL(data,0);
5619dd8098fSmickey 	  printf("smb_bcc=%d",bcc);
56232d56144Smickey 	}
56332d56144Smickey       }
56432d56144Smickey 
56532d56144Smickey       if ((fn->flags & FLG_CHAIN) && CVAL(words,0) && SVAL(words,1)!=0xFF) {
56632d56144Smickey 	command = SVAL(words,1);
56732d56144Smickey 	words = buf + SVAL(words,3);
56832d56144Smickey 	data = words + 1 + CVAL(words,0)*2;
56932d56144Smickey 
57032d56144Smickey 	fn = smbfind(command,smb_fns);
57132d56144Smickey 
5729dd8098fSmickey 	printf("chained-%s-%s ",fn->name,request?"request":"reply");
57332d56144Smickey       } else {
57432d56144Smickey 	words = data = NULL;
57532d56144Smickey       }
57632d56144Smickey     }
57732d56144Smickey }
57832d56144Smickey 
57932d56144Smickey 
58032d56144Smickey /*
58132d56144Smickey    print a NBT packet received across tcp on port 139
58232d56144Smickey */
nbt_tcp_print(const uchar * data,int length)58332d56144Smickey void nbt_tcp_print(const uchar *data,int length)
58432d56144Smickey {
58532d56144Smickey   const uchar *maxbuf = data + length;
58632d56144Smickey   int flags = CVAL(data,0);
58732d56144Smickey   int nbt_len = RSVAL(data,2);
58832d56144Smickey 
58932d56144Smickey   startbuf = data;
59032d56144Smickey   if (maxbuf <= data) return;
59132d56144Smickey 
5929dd8098fSmickey   printf(": nbt ");
59332d56144Smickey 
59432d56144Smickey   switch (flags) {
59532d56144Smickey   case 1:
5969dd8098fSmickey     printf("flags 0x%x ", flags);
59732d56144Smickey   case 0:
5989dd8098fSmickey     data = fdata(data,"session flags [rw] len [rd] ",data+4);
59932d56144Smickey     if (data == NULL)
60032d56144Smickey       break;
60132d56144Smickey     if (memcmp(data,"\377SMB",4)==0) {
60232d56144Smickey       if (nbt_len>PTR_DIFF(maxbuf,data))
6039dd8098fSmickey 	printf("[|nbt]");
60432d56144Smickey       print_smb(data,maxbuf>data+nbt_len?data+nbt_len:maxbuf);
60532d56144Smickey     } else {
6069dd8098fSmickey 	    printf("session packet :(raw data?) ");
60732d56144Smickey     }
60832d56144Smickey     break;
60932d56144Smickey 
61032d56144Smickey   case 0x81:
6119dd8098fSmickey     data = fdata(data,"session-request flags [rW] dst [n1] src [n1] ",maxbuf);
61232d56144Smickey     break;
61332d56144Smickey 
61432d56144Smickey   case 0x82:
6159dd8098fSmickey     data = fdata(data,"sessionr-granted flags [rW] ",maxbuf);
61632d56144Smickey     break;
61732d56144Smickey 
61832d56144Smickey   case 0x83:
61932d56144Smickey     {
62032d56144Smickey       int ecode = CVAL(data,4);
6219dd8098fSmickey       data = fdata(data,"session-reject flags [rW] reason [B] ",maxbuf);
62232d56144Smickey       switch (ecode) {
62332d56144Smickey       case 0x80:
6249dd8098fSmickey 	printf("(Not listening on called name) ");
62532d56144Smickey 	break;
62632d56144Smickey       case 0x81:
6279dd8098fSmickey 	printf("(Not listening for calling name) ");
62832d56144Smickey 	break;
62932d56144Smickey       case 0x82:
6309dd8098fSmickey 	printf("(Called name not present) ");
63132d56144Smickey 	break;
63232d56144Smickey       case 0x83:
6339dd8098fSmickey 	printf("(Insufficient resources) ");
63432d56144Smickey 	break;
63532d56144Smickey       default:
6369dd8098fSmickey 	printf("(Unspecified error 0x%X) ",ecode);
63732d56144Smickey 	break;
63832d56144Smickey       }
63932d56144Smickey     }
64032d56144Smickey     break;
64132d56144Smickey 
64232d56144Smickey   case 0x85:
6439dd8098fSmickey     data = fdata(data,"keepalive flags [rW] ",maxbuf);
64432d56144Smickey     break;
64532d56144Smickey 
64632d56144Smickey   default:
6479dd8098fSmickey     printf("flags=0x%x ", flags);
6489dd8098fSmickey     data = fdata(data,"unknown packet type [rW] ",maxbuf);
64932d56144Smickey   }
65032d56144Smickey   fflush(stdout);
65132d56144Smickey }
65232d56144Smickey 
65332d56144Smickey 
65432d56144Smickey /*
65532d56144Smickey    print a NBT packet received across udp on port 137
65632d56144Smickey */
nbt_udp137_print(const uchar * data,int length)65732d56144Smickey void nbt_udp137_print(const uchar *data, int length)
65832d56144Smickey {
65932d56144Smickey   const uchar *maxbuf = data + length;
66032d56144Smickey   int name_trn_id = RSVAL(data,0);
66132d56144Smickey   int response = (CVAL(data,2)>>7);
66232d56144Smickey   int opcode = (CVAL(data,2) >> 3) & 0xF;
66332d56144Smickey   int nm_flags = ((CVAL(data,2) & 0x7) << 4) + (CVAL(data,3)>>4);
66432d56144Smickey   int rcode = CVAL(data,3) & 0xF;
66532d56144Smickey   int qdcount = RSVAL(data,4);
66632d56144Smickey   int ancount = RSVAL(data,6);
66732d56144Smickey   int nscount = RSVAL(data,8);
66832d56144Smickey   int arcount = RSVAL(data,10);
66932d56144Smickey   char *opcodestr;
67032d56144Smickey   const char *p;
67132d56144Smickey 
67232d56144Smickey   startbuf = data;
67332d56144Smickey 
67432d56144Smickey   if (maxbuf <= data) return;
67532d56144Smickey 
67632d56144Smickey   switch (opcode) {
6779dd8098fSmickey   case 0: opcodestr = "query"; break;
6789dd8098fSmickey   case 5: opcodestr = "registration"; break;
6799dd8098fSmickey   case 6: opcodestr = "release"; break;
6809dd8098fSmickey   case 7: opcodestr = "wack"; break;
6819dd8098fSmickey   case 8: opcodestr = "refresh(8)"; break;
6829dd8098fSmickey   case 9: opcodestr = "refresh"; break;
6839dd8098fSmickey   default: opcodestr = "unknown"; break;
68432d56144Smickey   }
6859dd8098fSmickey   printf("nbt-%s", opcodestr);
68632d56144Smickey   if (response) {
68732d56144Smickey     if (rcode)
6889dd8098fSmickey       printf("-negative");
68932d56144Smickey     else
6909dd8098fSmickey       printf("-positive");
6919dd8098fSmickey     printf("-resp");
6929dd8098fSmickey   } else
6939dd8098fSmickey     printf("-req");
69432d56144Smickey 
69532d56144Smickey   if (nm_flags&1)
6969dd8098fSmickey     printf("-bcast");
69732d56144Smickey 
69832d56144Smickey   if (vflag == 0) return;
69932d56144Smickey 
7009dd8098fSmickey   printf(" transid 0x%X opcode %d nmflags 0x%X rcode %d querycnt %d answercnt %d authoritycnt %d addrreccnt %d ", name_trn_id,opcode,nm_flags,rcode,qdcount,ancount,nscount,arcount);
70132d56144Smickey 
70232d56144Smickey   p = data + 12;
70332d56144Smickey 
70432d56144Smickey   {
70532d56144Smickey     int total = ancount+nscount+arcount;
70632d56144Smickey     int i;
70732d56144Smickey 
70832d56144Smickey     if (qdcount>100 || total>100) {
7099dd8098fSmickey       printf("(corrupt packet?) ");
71032d56144Smickey       return;
71132d56144Smickey     }
71232d56144Smickey 
71332d56144Smickey     if (qdcount) {
7149dd8098fSmickey       printf("question: ");
71532d56144Smickey       for (i=0;i<qdcount;i++)
7169dd8098fSmickey 	p = fdata(p,"|name [n1] type [rw] class [rw] #",maxbuf);
71732d56144Smickey 	if (p == NULL)
7189dd8098fSmickey 	  return;
71932d56144Smickey     }
72032d56144Smickey 
72132d56144Smickey     if (total) {
7229dd8098fSmickey       printf("rr: ");
72332d56144Smickey       for (i=0;i<total;i++) {
72432d56144Smickey 	int rdlen;
72532d56144Smickey 	int restype;
7269dd8098fSmickey 	p = fdata(p,"name [n1] #",maxbuf);
72732d56144Smickey 	if (p == NULL)
7289dd8098fSmickey 	  return;
72932d56144Smickey 	restype = RSVAL(p,0);
7309dd8098fSmickey 	p = fdata(p,"type [rw] class [rw] ttl [rD] ",p+8);
73132d56144Smickey 	if (p == NULL)
7329dd8098fSmickey 	  return;
73332d56144Smickey 	rdlen = RSVAL(p,0);
7349dd8098fSmickey 	printf("len %d data ",rdlen);
73532d56144Smickey 	p += 2;
73632d56144Smickey 	if (rdlen == 6) {
7379dd8098fSmickey 	  p = fdata(p,"addrtype [rw] addr [b.b.b.b] ",p+rdlen);
73832d56144Smickey 	  if (p == NULL)
7399dd8098fSmickey 	    return;
74032d56144Smickey 	} else {
74132d56144Smickey 	  if (restype == 0x21) {
74232d56144Smickey 	    int numnames = CVAL(p,0);
7439dd8098fSmickey 	    p = fdata(p,"numnames [B] ",p+1);
74432d56144Smickey 	    if (p == NULL)
7459dd8098fSmickey 	      return;
74632d56144Smickey 	    while (numnames--) {
7479dd8098fSmickey 	      p = fdata(p,"name [n2] #",maxbuf);
74832d56144Smickey 	      if (p[0] & 0x80) printf("<GROUP> ");
74932d56144Smickey 	      switch (p[0] & 0x60) {
75032d56144Smickey 	      case 0x00: printf("B "); break;
75132d56144Smickey 	      case 0x20: printf("P "); break;
75232d56144Smickey 	      case 0x40: printf("M "); break;
75332d56144Smickey 	      case 0x60: printf("_ "); break;
75432d56144Smickey 	      }
75532d56144Smickey 	      if (p[0] & 0x10) printf("<DEREGISTERING> ");
75632d56144Smickey 	      if (p[0] & 0x08) printf("<CONFLICT> ");
75732d56144Smickey 	      if (p[0] & 0x04) printf("<ACTIVE> ");
75832d56144Smickey 	      if (p[0] & 0x02) printf("<PERMANENT> ");
75932d56144Smickey 	      p += 2;
76032d56144Smickey 	    }
7619dd8098fSmickey 	  } else
76232d56144Smickey 	    p += rdlen;
76332d56144Smickey 	}
76432d56144Smickey       }
76532d56144Smickey     }
76632d56144Smickey   }
76732d56144Smickey 
76832d56144Smickey   if ((uchar*)p < maxbuf) {
7699dd8098fSmickey     fdata(p,"extra: ",maxbuf);
77032d56144Smickey   }
77132d56144Smickey 
77232d56144Smickey   fflush(stdout);
77332d56144Smickey }
77432d56144Smickey 
77532d56144Smickey 
77632d56144Smickey 
77732d56144Smickey /*
77832d56144Smickey    print a NBT packet received across udp on port 138
77932d56144Smickey */
nbt_udp138_print(const uchar * data,int length)78032d56144Smickey void nbt_udp138_print(const uchar *data, int length)
78132d56144Smickey {
78232d56144Smickey   const uchar *maxbuf = data + length;
78332d56144Smickey   startbuf = data;
78432d56144Smickey   if (maxbuf <= data) return;
78532d56144Smickey 
7869dd8098fSmickey   /* EMF - figure out how to skip fields inside maxbuf easily, IP and PORT here are bloody redundant */
7879dd8098fSmickey   data = fdata(data,"nbt res [rw] id [rw] ip [b.b.b.b] port [rd] len [rd] res2 [rw] srcname [n1] dstname [n1] #",maxbuf);
78832d56144Smickey 
78932d56144Smickey   if (data != NULL)
79032d56144Smickey     print_smb(data,maxbuf);
79132d56144Smickey 
79232d56144Smickey   fflush(stdout);
79332d56144Smickey }
79432d56144Smickey 
79532d56144Smickey 
79632d56144Smickey 
79732d56144Smickey /*
79832d56144Smickey    print netbeui frames
79932d56144Smickey */
netbeui_print(u_short control,const uchar * data,const uchar * maxbuf)80032d56144Smickey void netbeui_print(u_short control, const uchar *data, const uchar *maxbuf)
80132d56144Smickey {
80232d56144Smickey   int len = SVAL(data,0);
80332d56144Smickey   int command = CVAL(data,4);
80432d56144Smickey   const uchar *data2 = data + len;
80532d56144Smickey   int is_truncated = 0;
80632d56144Smickey 
80732d56144Smickey   if (data2 >= maxbuf) {
80832d56144Smickey     data2 = maxbuf;
80932d56144Smickey     is_truncated = 1;
81032d56144Smickey   }
81132d56144Smickey 
81232d56144Smickey   startbuf = data;
81332d56144Smickey 
8149dd8098fSmickey   printf("NetBeui type 0x%X ", control);
8159dd8098fSmickey   data = fdata(data,"len [d] signature [w] cmd [B] #",maxbuf);
81632d56144Smickey   if (data == NULL)
8179dd8098fSmickey     return;
81832d56144Smickey 
81932d56144Smickey   switch (command) {
82032d56144Smickey   case 0xA:
8219dd8098fSmickey     data = fdata(data,"namequery [P1] sessnum [B] nametype [B][P2] respcorrelator [w] dst [n2] src [n2] ",data2);
82232d56144Smickey     break;
82332d56144Smickey 
82432d56144Smickey   case 0x8:
8259dd8098fSmickey     data = fdata(data,"netbios dgram [P7] dst [n2] src [n2] ",data2);
82632d56144Smickey     break;
82732d56144Smickey 
82832d56144Smickey   case 0xE:
8299dd8098fSmickey     data = fdata(data,"namerecognize [P1] data2 [w] xmitcorrelator [w] respcorrelator [w] dst [n2] src [n2] ",data2);
83032d56144Smickey     break;
83132d56144Smickey 
83232d56144Smickey   case 0x19:
8339dd8098fSmickey     data = fdata(data,"sessinit data1 [B] data2 [w] xmitcorrelator [w] respcorrelator [w] remsessnum [B] lclsessnum [B] ",data2);
83432d56144Smickey     break;
83532d56144Smickey 
83632d56144Smickey   case 0x17:
8379dd8098fSmickey     data = fdata(data,"sessconf data1 [B] data2 [w] xmitcorrelator [w] respcorrelator [w] remsessnum [B] lclsessnum [B] ",data2);
83832d56144Smickey     break;
83932d56144Smickey 
84032d56144Smickey   case 0x16:
8419dd8098fSmickey     data = fdata(data,"netbios data only last flags [{|NO_ACK|PIGGYBACK_ACK_ALLOWED|PIGGYBACK_ACK_INCLUDED|}] resyncindicator [w][P2] respcorrelator [w] remsessnum [B] lclsessnum [B] ",data2);
84232d56144Smickey     break;
84332d56144Smickey 
84432d56144Smickey   case 0x14:
8459dd8098fSmickey     data = fdata(data,"netbios data ack [P3] xmitcorrelator [w][P2] remsessnum [B] lclsessnum [B] ",data2);
84632d56144Smickey     break;
84732d56144Smickey 
84832d56144Smickey   case 0x18:
8499dd8098fSmickey     data = fdata(data,"end session [P1] data2 [w][P4] remsessnum [B] lclsessnum [B] ",data2);
85032d56144Smickey     break;
85132d56144Smickey 
85232d56144Smickey   case 0x1f:
8539dd8098fSmickey     data = fdata(data,"session alive ",data2);
85432d56144Smickey     break;
85532d56144Smickey 
85632d56144Smickey   default:
8579dd8098fSmickey     data = fdata(data,"unknown netbios command ",data2);
85832d56144Smickey     break;
85932d56144Smickey   }
86032d56144Smickey   if (data == NULL)
8619dd8098fSmickey     return;
86232d56144Smickey 
86332d56144Smickey   if (is_truncated) {
86432d56144Smickey     /* data2 was past the end of the buffer */
8659dd8098fSmickey     return;
86632d56144Smickey   }
86732d56144Smickey 
86832d56144Smickey   if (memcmp(data2,"\377SMB",4)==0) {
86932d56144Smickey     print_smb(data2,maxbuf);
87032d56144Smickey   } else {
87132d56144Smickey     int i;
87232d56144Smickey     for (i=0;i<128;i++) {
87332d56144Smickey       if (&data2[i] >= maxbuf)
87432d56144Smickey         break;
87532d56144Smickey       if (memcmp(&data2[i],"\377SMB",4)==0) {
8769dd8098fSmickey 	printf("smb @ %d", i);
87732d56144Smickey 	print_smb(&data2[i],maxbuf);
87832d56144Smickey 	break;
87932d56144Smickey       }
88032d56144Smickey     }
88132d56144Smickey   }
88232d56144Smickey }
88332d56144Smickey 
88432d56144Smickey 
88532d56144Smickey /*
88632d56144Smickey    print IPX-Netbios frames
88732d56144Smickey */
ipx_netbios_print(const uchar * data,const uchar * maxbuf)88832d56144Smickey void ipx_netbios_print(const uchar *data, const uchar *maxbuf)
88932d56144Smickey {
89032d56144Smickey   /* this is a hack till I work out how to parse the rest of the IPX stuff */
89132d56144Smickey   int i;
89232d56144Smickey   startbuf = data;
89332d56144Smickey   for (i=0;i<128;i++)
89432d56144Smickey     if (memcmp(&data[i],"\377SMB",4)==0) {
8959dd8098fSmickey       fdata(data,"IPX ",&data[i]);
89632d56144Smickey       print_smb(&data[i],maxbuf);
89732d56144Smickey       fflush(stdout);
89832d56144Smickey       break;
89932d56144Smickey     }
90032d56144Smickey   if (i==128)
9019dd8098fSmickey     fdata(data,"unknown IPX ",maxbuf);
90232d56144Smickey }
903