Hi,
Has anyone looked at the dissectors for SMB?
I did a few days ago, and checked a few packets with the CIFS draft.
There are, as I see it, several major problems with the SMB dissector.
1, old style
2, incomplete: no smb.file.name=="sdfsdf" or similar display filters
supported.
Almost no of the fields have search filter names.
No attempts are made to properly dissect the parameter block(s)
No attempts are made to properly dissect the data block(s)
3, broken, some the commands I looked at dissected the SMB packet
incorrectly.
So, what should be done? Perhaps we should just throw out the existing smb
dissectors and
start again from scratch. making it properly tvbuffified, and layered in the
process.
My suggestion is to reimplement the entire smb dissector from scratch.
rewriting packet-smb.c to only dissect the smb header from Protocol[] to and
including Mid.
On top of this, one can then add higher layer dissectors, one for each
command,
which dissects the patameters and data blocks for all the individual
commands.
I think that if packet-smb was reimplemented to only dissect the smb header,
but doing that properly
and killing all other smb code would not reduce functionality in ethereal.
With a new packet-smb.c one could then add higher layer dissectors, one by
one, for the parameter and
data block for the commands, like TRANS2_FIND_FIRST2 (which currently is
broken in such a way as it is
useless, same for the other TRANS2 commands.)
This will be a lot of work, but by splitting the work up in two layers we
can have several contributors working
simultaneously on the task.
First (a rather small) packet-smb.c which only dissects the smb header.
Then several (one for each command) packet-smb-xxx.c files which can be
implemented concurrently.
opinions?
