Hi list
attached is a diff for last nights snapshot.
it provides a completely tvbuffified smb dissector which
includes
~50 smb commands, fairly complete implementation of SNIA and Leach
~full Trans2 dissection
~full NT transaction
~works properly with smb over ipx (as far as i could see)
packet-smb.c is based on a 4 week old snapshot but the
relevant parts of the changes have been backported to it
(namely the NT error codes, other changes were not relevant to
this implementation since it was a rewrite from scratch and all those
changes were already implemented)
The dissector does no longer use conversations but an internal hastable
in packet-smb.
The dissector can also determine if a smb command is broadcast or unicast
(whether a reply is expected) independently of the undelying transport
(netbios, ipx, tcp, etc)
by examining the smb header fields.
The dissector also reintroduces the value_string list matching command codes
with commands names to be exactly 256 items thus including also
the codes which does not match to a (known) command. This is for performance
since it allows a very efficient decode_smb_names() implementation. It
changes no functionality though.
The smb names have been changed to be more intuitive and to closer
match the naming used in Leach.
There will likely be many bugs in the dissector we need to fix over time.
Applying this patch will greatly enhance smb dissection in many areas
but will most likely intruduce bugs in other areas.
The dissector is fully tvbuffified and this made some changes/cleanups
nessecary to packet-smb-pipe and packet-smb-mailslot
Please test it and consider it for CVS (perhaps after next release?)
best regards
ronnie s
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Attachment:
smb.diff.gz
Description: application/gzip-compressed
