Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
packet-smb2.h
1/* packet-smb2.h
2 * Defines for SMB2 packet dissection
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998, 1999 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11#ifndef __PACKET_SMB2_H__
12#define __PACKET_SMB2_H__
13
14#include "packet-dcerpc.h"
15#include "packet-smb.h"
16#include "packet-ntlmssp.h"
17
18/* SMB2 command codes. With MSVC and a
19 * libwireshark.dll, we need a special declaration.
20 */
21WS_DLL_PUBLIC value_string_ext smb2_cmd_vals_ext;
22
23/* Structure to keep track of information specific to a single
24 * SMB2 transaction. Here we store things we need to remember between
25 * a specific request and a specific response.
26 *
27 * There is no guarantee we will have this structure available for all
28 * SMB2 packets so a dissector must check this pointer for NULL
29 * before dereferencing it.
30 *
31 * private data is set to NULL when the structure is created. It is used
32 * for communications between the Request and the Response packets.
33 */
34
35/* extra info needed by export object smb */
36typedef struct _smb2_eo_file_info_t {
37 uint32_t attr_mask;
38 int64_t end_of_file;
40
41typedef struct _smb2_fid_info_t {
42 uint64_t fid_persistent;
43 uint64_t fid_volatile;
44 uint64_t sesid; /* *host* byte order - not necessarily little-endian! */
45 uint32_t tid;
46 /* only used for key lookup in equal func, must be zero when inserting */
47 uint32_t frame_key;
48 /* first and last frame nums this FID is valid */
49 uint32_t frame_beg;
50 uint32_t frame_end;
51 /* file name used to open this FID */
52 char *name;
54
55typedef enum {
56 SMB2_EI_NONE, /* Unassigned / NULL */
57 SMB2_EI_TREENAME, /* tid tracking char * */
58 SMB2_EI_FILENAME, /* fid tracking char * */
59 SMB2_EI_FINDPATTERN /* find tracking char * */
60} smb2_extra_info_t;
61typedef struct _smb2_saved_info_t {
62 uint8_t smb2_class;
63 uint8_t infolevel;
64 uint64_t msg_id;
65 uint32_t frame_req, frame_res;
66 nstime_t req_time;
67 uint8_t *preauth_hash_req, *preauth_hash_res;
68 smb2_fid_info_t *file;
69 e_ctx_hnd policy_hnd; /* for eo_smb tracking */
70 smb_eo_t *eo_info_t; /* for storing eo_smb infos */
71 uint64_t file_offset; /* needed file_offset for eo_smb */
72 uint32_t bytes_moved; /* needed for eo_smb */
73 void *extra_info;
74 smb2_extra_info_t extra_info_type;
76
77typedef struct _smb2_tid_info_t {
78 uint32_t tid;
79 uint32_t connect_frame;
80 uint32_t disconnect_frame;
81 uint8_t share_type;
82 char *name;
84
85#define SMB2_PREAUTH_HASH_SIZE 64
86#define AES_KEY_SIZE 16
87
88typedef struct _smb2_sesid_info_t {
89 uint64_t sesid; /* *host* byte order - not necessarily little-endian! */
90 uint32_t auth_frame;
91 char *acct_name;
92 char *domain_name;
93 char *host_name;
94 uint16_t server_port;
95 uint32_t session_key_frame;
96 unsigned session_key_len;
97 uint8_t session_key[NTLMSSP_KEY_LEN*2];
98 uint8_t signing_key[NTLMSSP_KEY_LEN];
99 uint8_t client_decryption_key16[AES_KEY_SIZE];
100 uint8_t server_decryption_key16[AES_KEY_SIZE];
101 uint8_t client_decryption_key32[AES_KEY_SIZE*2];
102 uint8_t server_decryption_key32[AES_KEY_SIZE*2];
103
104 wmem_map_t *tids;
105 wmem_map_t *fids;
106 /* table to store some infos for smb export object */
107 wmem_map_t *files;
108
109 uint8_t preauth_hash[SMB2_PREAUTH_HASH_SIZE];
111
112/* Structure to keep track of conversations and the hash tables.
113 * There is one such structure for each conversation.
114 */
115typedef struct _smb2_conv_info_t {
116 /* these two tables are used to match requests with responses */
117 GHashTable *unmatched;
118 GHashTable *matched;
119 uint16_t dialect;
120 uint16_t sign_alg;
121 uint16_t enc_alg;
122
123 /* preauth hash before session setup */
124 uint8_t *preauth_hash_current;
125 uint8_t preauth_hash_con[SMB2_PREAUTH_HASH_SIZE];
126 uint8_t preauth_hash_ses[SMB2_PREAUTH_HASH_SIZE];
128
129
130/* This structure contains information from the SMB2 header
131 * as well as pointers to the conversation and the transaction specific
132 * structures.
133 */
134#define SMB2_FLAGS_RESPONSE 0x00000001
135#define SMB2_FLAGS_ASYNC_CMD 0x00000002
136#define SMB2_FLAGS_CHAINED 0x00000004
137#define SMB2_FLAGS_SIGNATURE 0x00000008
138#define SMB2_FLAGS_PRIORITY_MASK 0x00000070
139#define SMB2_FLAGS_DFS_OP 0x10000000
140#define SMB2_FLAGS_REPLAY_OPERATION 0x20000000
141
142#define SMB2_FLAGS_PRIORITY1 0x00000010
143#define SMB2_FLAGS_PRIORITY2 0x00000020
144#define SMB2_FLAGS_PRIORITY3 0x00000030
145#define SMB2_FLAGS_PRIORITY4 0x00000040
146#define SMB2_FLAGS_PRIORITY5 0x00000050
147#define SMB2_FLAGS_PRIORITY6 0x00000060
148#define SMB2_FLAGS_PRIORITY7 0x00000070
149
150/* SMB2 FLAG MASKS */
151#define SMB2_FLAGS_ATTR_ENCRYPTED 0x00004000
152#define SMB2_FLAGS_ATTR_INDEXED 0x00002000
153#define SMB2_FLAGS_ATTR_OFFLINE 0x00001000
154#define SMB2_FLAGS_ATTR_COMPRESSED 0x00000800
155#define SMB2_FLAGS_ATTR_REPARSEPOINT 0x00000400
156#define SMB2_FLAGS_ATTR_SPARSE 0x00000200
157#define SMB2_FLAGS_ATTR_TEMPORARY 0x00000100
158#define SMB2_FLAGS_ATTR_NORMAL 0x00000080
159#define SMB2_FLAGS_ATTR_DEVICE 0x00000040
160#define SMB2_FLAGS_ATTR_ARCHIVE 0x00000020
161#define SMB2_FLAGS_ATTR_DIRECTORY 0x00000010
162#define SMB2_FLAGS_ATTR_VOLUMEID 0x00000008
163#define SMB2_FLAGS_ATTR_SYSTEM 0x00000004
164#define SMB2_FLAGS_ATTR_HIDDEN 0x00000002
165#define SMB2_FLAGS_ATTR_READONLY 0x00000001
166
167/* SMB2 FILE TYPES ASSIGNED TO EXPORT OBJECTS */
168#define SMB2_FID_TYPE_UNKNOWN 0
169#define SMB2_FID_TYPE_FILE 1
170#define SMB2_FID_TYPE_DIR 2
171#define SMB2_FID_TYPE_PIPE 3
172#define SMB2_FID_TYPE_OTHER 4
173
174/* SMB2 COMMAND CODES */
175#define SMB2_COM_NEGOTIATE_PROTOCOL 0x00
176#define SMB2_COM_SESSION_SETUP 0x01
177#define SMB2_COM_SESSION_LOGOFF 0x02
178#define SMB2_COM_TREE_CONNECT 0x03
179#define SMB2_COM_TREE_DISCONNECT 0x04
180#define SMB2_COM_CREATE 0x05
181#define SMB2_COM_CLOSE 0x06
182#define SMB2_COM_FLUSH 0x07
183#define SMB2_COM_READ 0x08
184#define SMB2_COM_WRITE 0x09
185#define SMB2_COM_LOCK 0x0A
186#define SMB2_COM_IOCTL 0x0B
187#define SMB2_COM_CANCEL 0x0C
188#define SMB2_COM_KEEPALIVE 0x0D
189#define SMB2_COM_FIND 0x0E
190#define SMB2_COM_NOTIFY 0x0F
191#define SMB2_COM_GETINFO 0x10
192#define SMB2_COM_SETINFO 0x11
193#define SMB2_COM_BREAK 0x12
194
195typedef struct _smb2_info_t {
196 uint16_t opcode;
197 uint32_t ioctl_function;
198 uint32_t status;
199 uint32_t tid;
200 uint64_t sesid; /* *host* byte order - not necessarily little-endian! */
201 uint64_t msg_id;
202 uint32_t flags;
203 smb2_eo_file_info_t *eo_file_info; /* eo_smb extra info */
204 smb2_conv_info_t *conv;
205 smb2_saved_info_t *saved;
206 smb2_tid_info_t *tree;
207 smb2_sesid_info_t *session;
208 smb2_fid_info_t *file;
209 proto_tree *top_tree;
211
212/* for transform content information */
213
215 uint8_t nonce[16];
216 uint32_t size;
217 uint16_t flags;
218 uint64_t sesid; /* *host* byte order - not necessarily little-endian! */
219 smb2_conv_info_t *conv;
220 smb2_sesid_info_t *session;
222
224 unsigned orig_size;
225 unsigned alg;
226 unsigned comp_offset;
227 smb2_conv_info_t *conv;
228 smb2_sesid_info_t *session;
230
231
232int dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset);
233int dissect_smb2_ioctl_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, uint32_t *ioctl_function);
234void dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, uint32_t ioctl_function, bool data_in, void *private_data);
235
236#endif
237
238/*
239 * Editor modelines - https://www.wireshark.org/tools/modelines.html
240 *
241 * Local variables:
242 * c-basic-offset: 8
243 * tab-width: 8
244 * indent-tabs-mode: t
245 * End:
246 *
247 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
248 * :indentSize=8:tabSize=8:noTabs=false:
249 */
Definition packet-dcerpc.h:54
Definition packet_info.h:43
Definition proto.h:901
Definition packet-smb2.h:223
Definition packet-smb2.h:115
Definition packet-smb2.h:36
Definition packet-smb2.h:41
Definition packet-smb2.h:195
Definition packet-smb2.h:61
Definition packet-smb2.h:88
Definition packet-smb2.h:77
Definition packet-smb2.h:214
Definition packet-smb.h:112
Definition value_string.h:169
Definition wmem_map.c:44
Definition nstime.h:26
Definition tvbuff-int.h:35