Wireshark · Smb2-protocol: [Smb2-protocol] Re: a first look at SMB2

Smb2-protocol: [Smb2-protocol] Re: a first look at SMB2

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Fri, 25 Nov 2005 23:58:27 +0000

Nice.


I have updated the wiki and ethereal according to your info. I hope i
got it right.

There are some info in the wiki for both Cancel and Notify and how
they interact.

Byte 2 for Lock,   maybe that has to be 1 when you lock a file and 0
when you unlock a file?
Or maybe it is a count of how many lock structures are present?
Old SMB very often used to pass multiple lock/unlocks for different
byteranges in teh same command pdu.





On 11/25/05, tridge@xxxxxxxxx <tridge@xxxxxxxxx> wrote:
> We made some more progress this evening. Thanks to metze and volker
> for helping with very useful suggestions.
>
> We now know what the remaining 5 opcodes are, so the full opcode list
> is:
>
> #define SMB2_OP_NEGPROT   0x00
> #define SMB2_OP_SESSSETUP 0x01
> #define SMB2_OP_LOGOFF    0x02
> #define SMB2_OP_TCON      0x03
> #define SMB2_OP_TDIS      0x04
> #define SMB2_OP_CREATE    0x05
> #define SMB2_OP_CLOSE     0x06
> #define SMB2_OP_FLUSH     0x07
> #define SMB2_OP_READ      0x08
> #define SMB2_OP_WRITE     0x09
> #define SMB2_OP_LOCK      0x0a
> #define SMB2_OP_TRANS     0x0b
> #define SMB2_OP_CANCEL    0x0c
> #define SMB2_OP_KEEPALIVE 0x0d
> #define SMB2_OP_FIND      0x0e
> #define SMB2_OP_NOTIFY    0x0f
> #define SMB2_OP_GETINFO   0x10
> #define SMB2_OP_SETINFO   0x11
> #define SMB2_OP_BREAK     0x12
>
> We've also implemented all of the above in libcli/smb2/ except for
> cancel, notify, break and lock.
>
> Ronnie, here are the structures so you can add the new opcodes to
> ethereal.
>
> flush: takes 0x18 body bytes. contains 2 bytes padding, 4 bytes
> unknown, and a handle. Returns 4 bytes, seems to be all padding.
>
> keepalive, tdis and logoff: take 4 bytes, all padding (ie. 2 byte
> buffer code, 2 byte padding). Return 4 bytes, all padding.
>
> lock: takes 0x30 bytes. byte 2 needs to be 1. takes a file handle at
> offset 0x08. All the rest not decoded yet.
>
> _______________________________________________
> Smb2-protocol mailing list
> Smb2-protocol@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/smb2-protocol
>

References:
- [Smb2-protocol] a first look at SMB2
  - From: tridge
- Re: [Smb2-protocol] a first look at SMB2
  - From: Stefan (metze) Metzmacher
- Re: [Smb2-protocol] a first look at SMB2
  - From: Stefan (metze) Metzmacher
- [Smb2-protocol] Re: a first look at SMB2
  - From: ronnie sahlberg
- [Smb2-protocol] Re: a first look at SMB2
  - From: ronnie sahlberg
- Re: [Smb2-protocol] Re: a first look at SMB2
  - From: Stefan (metze) Metzmacher
- [Smb2-protocol] Re: a first look at SMB2
  - From: ronnie sahlberg
- Re: [Smb2-protocol] Re: a first look at SMB2
  - From: tridge

Prev by Date: [Smb2-protocol] Re: smb2 update
Next by Date: [Smb2-protocol] Notify
Previous by thread: Re: [Smb2-protocol] Re: a first look at SMB2
Next by thread: [Smb2-protocol] Re: a first look at SMB2
Index(es):
- Date
- Thread