/* packet-smb-browse.c * Routines for SMB Browser packet dissection * Copyright 1999, Richard Sharpe * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * Copied from packet-pop.c * * SPDX-License-Identifier: GPL-2.0-or-later */ #include "config.h" #include #include #include "packet-smb-browse.h" #include "packet-dcerpc.h" void proto_register_smb_browse(void); static int proto_smb_browse; static int hf_command; static int hf_update_count; static int hf_periodicity; static int hf_server_name; static int hf_mb_server_name; static int hf_mb_reset_command; static int hf_mb_reset_demote; static int hf_mb_reset_flush; static int hf_mb_reset_stop; static int hf_os_major; static int hf_os_minor; static int hf_server_type; static int hf_server_type_workstation; static int hf_server_type_server; static int hf_server_type_sql; static int hf_server_type_domain; static int hf_server_type_backup; static int hf_server_type_time; static int hf_server_type_apple; static int hf_server_type_novell; static int hf_server_type_member; static int hf_server_type_print; static int hf_server_type_dialin; static int hf_server_type_xenix; static int hf_server_type_ntw; static int hf_server_type_wfw; static int hf_server_type_nts; static int hf_server_type_potentialb; static int hf_server_type_backupb; static int hf_server_type_masterb; static int hf_server_type_domainmasterb; static int hf_server_type_osf; static int hf_server_type_vms; static int hf_server_type_w95; static int hf_server_type_dfs; static int hf_server_type_local; static int hf_server_type_domainenum; static int hf_election_version; static int hf_proto_major; static int hf_proto_minor; static int hf_sig_const; static int hf_server_comment; static int hf_unused_flags; static int hf_response_computer_name; static int hf_election_criteria; static int hf_election_desire; static int hf_election_desire_flags_backup; static int hf_election_desire_flags_standby; static int hf_election_desire_flags_master; static int hf_election_desire_flags_domain_master; static int hf_election_desire_flags_wins; static int hf_election_desire_flags_nt; /* static int hf_election_revision; */ static int hf_election_os; static int hf_election_os_wfw; static int hf_election_os_ntw; static int hf_election_os_nts; static int hf_server_uptime; static int hf_backup_count; static int hf_backup_token; static int hf_backup_server; static int hf_browser_to_promote; static int hf_windows_version; static int hf_mysterious_field; static int ett_browse; static int ett_browse_flags; static int ett_browse_election_criteria; static int ett_browse_election_os; static int ett_browse_election_desire; static int ett_browse_reset_cmd_flags; #define SERVER_WORKSTATION 0 #define SERVER_SERVER 1 #define SERVER_SQL_SERVER 2 #define SERVER_DOMAIN_CONTROLLER 3 #define SERVER_BACKUP_CONTROLLER 4 #define SERVER_TIME_SOURCE 5 #define SERVER_APPLE_SERVER 6 #define SERVER_NOVELL_SERVER 7 #define SERVER_DOMAIN_MEMBER_SERVER 8 #define SERVER_PRINT_QUEUE_SERVER 9 #define SERVER_DIALIN_SERVER 10 #define SERVER_XENIX_SERVER 11 #define SERVER_NT_WORKSTATION 12 #define SERVER_WINDOWS_FOR_WORKGROUPS 13 #define SERVER_NT_SERVER 15 #define SERVER_POTENTIAL_BROWSER 16 #define SERVER_BACKUP_BROWSER 17 #define SERVER_MASTER_BROWSER 18 #define SERVER_DOMAIN_MASTER_BROWSER 19 #define SERVER_OSF 20 #define SERVER_VMS 21 #define SERVER_WINDOWS_95 22 #define SERVER_DFS_SERVER 23 #define SERVER_LOCAL_LIST_ONLY 30 #define SERVER_DOMAIN_ENUM 31 static const value_string server_types[] = { {SERVER_WORKSTATION, "Workstation"}, {SERVER_SERVER, "Server"}, {SERVER_SQL_SERVER, "SQL Server"}, {SERVER_DOMAIN_CONTROLLER, "Domain Controller"}, {SERVER_BACKUP_CONTROLLER, "Backup Controller"}, {SERVER_TIME_SOURCE, "Time Source"}, {SERVER_APPLE_SERVER, "Apple Server"}, {SERVER_NOVELL_SERVER, "Novell Server"}, {SERVER_DOMAIN_MEMBER_SERVER, "Domain Member Server"}, {SERVER_PRINT_QUEUE_SERVER, "Print Queue Server"}, {SERVER_DIALIN_SERVER, "Dialin Server"}, {SERVER_XENIX_SERVER, "Xenix Server"}, {SERVER_NT_WORKSTATION, "NT Workstation"}, {SERVER_WINDOWS_FOR_WORKGROUPS, "Windows for Workgroups"}, {SERVER_NT_SERVER, "NT Server"}, {SERVER_POTENTIAL_BROWSER, "Potential Browser"}, {SERVER_BACKUP_BROWSER, "Backup Browser"}, {SERVER_MASTER_BROWSER, "Master Browser"}, {SERVER_DOMAIN_MASTER_BROWSER, "Domain Master Browser"}, {SERVER_OSF, "OSF"}, {SERVER_VMS, "VMS"}, {SERVER_WINDOWS_95, "Windows 95 or above"}, {SERVER_DFS_SERVER, "DFS server"}, {SERVER_LOCAL_LIST_ONLY, "Local List Only"}, {SERVER_DOMAIN_ENUM, "Domain Enum"}, {0, NULL} }; #define SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version) \ if(os_major_ver == 6 && os_minor_ver == 1) \ windows_version = "Windows 7 or Windows Server 2008 R2"; \ \ else if(os_major_ver == 6 && os_minor_ver == 0) \ windows_version = "Windows Vista or Windows Server 2008"; \ \ else if(os_major_ver == 5 && os_minor_ver == 2) \ windows_version = "Windows Server 2003 R2 or Windows Server 2003"; \ \ else if(os_major_ver == 5 && os_minor_ver == 1) \ windows_version = "Windows XP"; \ \ else if(os_major_ver == 5 && os_minor_ver == 0) \ windows_version = "Windows 2000"; \ \ else \ windows_version = ""; static const value_string resetbrowserstate_command_names[] = { { 0x01, "Stop being a master browser and become a backup browser"}, { 0x02, "Discard browse lists, stop being a master browser, and try again"}, { 0x04, "Stop being a master browser for ever"}, { 0, NULL} }; static true_false_string tfs_demote_to_backup = { "Demote an LMB to a Backup Browser", "Do not demote an LMB to a Backup Browser" }; static true_false_string tfs_flush_browse_list = { "Flush the Browse List", "Do not Flush the Browse List" }; static true_false_string tfs_stop_being_lmb = { "Stop Being a Local Master Browser", "Do not Stop Being a Local Master Browser" }; static const true_false_string tfs_workstation = { "This is a Workstation", "This is NOT a Workstation" }; static const true_false_string tfs_server = { "This is a Server", "This is NOT a Server" }; static const true_false_string tfs_sql = { "This is an SQL server", "This is NOT an SQL server" }; static const true_false_string tfs_domain = { "This is a Domain Controller", "This is NOT a Domain Controller" }; static const true_false_string tfs_backup = { "This is a Backup Controller", "This is NOT a Backup Controller" }; static const true_false_string tfs_time = { "This is a Time Source", "This is NOT a Time Source" }; static const true_false_string tfs_apple = { "This is an Apple host", "This is NOT an Apple host" }; static const true_false_string tfs_novell = { "This is a Novell server", "This is NOT a Novell server" }; static const true_false_string tfs_member = { "This is a Domain Member server", "This is NOT a Domain Member server" }; static const true_false_string tfs_print = { "This is a Print Queue server", "This is NOT a Print Queue server" }; static const true_false_string tfs_dialin = { "This is a Dialin server", "This is NOT a Dialin server" }; static const true_false_string tfs_xenix = { "This is a Xenix server", "This is NOT a Xenix server" }; static const true_false_string tfs_ntw = { "This is an NT Workstation", "This is NOT an NT Workstation" }; static const true_false_string tfs_wfw = { "This is a WfW host", "This is NOT a WfW host" }; static const true_false_string tfs_nts = { "This is an NT Server", "This is NOT an NT Server" }; static const true_false_string tfs_potentialb = { "This is a Potential Browser", "This is NOT a Potential Browser" }; static const true_false_string tfs_backupb = { "This is a Backup Browser", "This is NOT a Backup Browser" }; static const true_false_string tfs_masterb = { "This is a Master Browser", "This is NOT a Master Browser" }; static const true_false_string tfs_domainmasterb = { "This is a Domain Master Browser", "This is NOT a Domain Master Browser" }; static const true_false_string tfs_osf = { "This is an OSF host", "This is NOT an OSF host" }; static const true_false_string tfs_vms = { "This is a VMS host", "This is NOT a VMS host" }; static const true_false_string tfs_w95 = { "This is a Windows 95 or above host", "This is NOT a Windows 95 or above host" }; static const true_false_string tfs_dfs = { "This is a DFS server", "THis is NOT a DFS server" }; static const true_false_string tfs_local = { "This is a local list only request", "This is NOT a local list only request" }; static const true_false_string tfs_domainenum = { "This is a Domain Enum request", "This is NOT a Domain Enum request" }; #define DESIRE_BACKUP 0 #define DESIRE_STANDBY 1 #define DESIRE_MASTER 2 #define DESIRE_DOMAIN_MASTER 3 #define DESIRE_WINS 5 #define DESIRE_NT 7 static const true_false_string tfs_desire_backup = { "Backup Browse Server", "NOT Backup Browse Server" }; static const true_false_string tfs_desire_standby = { "Standby Browse Server", "NOT Standby Browse Server" }; static const true_false_string tfs_desire_master = { "Master Browser", "NOT Master Browser" }; static const true_false_string tfs_desire_domain_master = { "Domain Master Browse Server", "NOT Domain Master Browse Server" }; static const true_false_string tfs_desire_wins = { "WINS Client", "NOT WINS Client" }; static const true_false_string tfs_desire_nt = { "Windows NT Advanced Server", "NOT Windows NT Advanced Server" }; #define BROWSE_HOST_ANNOUNCE 1 #define BROWSE_REQUEST_ANNOUNCE 2 #define BROWSE_ELECTION_REQUEST 8 #define BROWSE_BACKUP_LIST_REQUEST 9 #define BROWSE_BACKUP_LIST_RESPONSE 10 #define BROWSE_BECOME_BACKUP 11 #define BROWSE_DOMAIN_ANNOUNCEMENT 12 #define BROWSE_MASTER_ANNOUNCEMENT 13 #define BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT 14 #define BROWSE_LOCAL_MASTER_ANNOUNCEMENT 15 static const value_string commands[] = { {BROWSE_HOST_ANNOUNCE, "Host Announcement"}, {BROWSE_REQUEST_ANNOUNCE, "Request Announcement"}, {BROWSE_ELECTION_REQUEST, "Browser Election Request"}, {BROWSE_BACKUP_LIST_REQUEST, "Get Backup List Request"}, {BROWSE_BACKUP_LIST_RESPONSE, "Get Backup List Response"}, {BROWSE_BECOME_BACKUP, "Become Backup Browser"}, {BROWSE_DOMAIN_ANNOUNCEMENT, "Domain/Workgroup Announcement"}, {BROWSE_MASTER_ANNOUNCEMENT, "Master Announcement"}, {BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT, "Reset Browser State Announcement"}, {BROWSE_LOCAL_MASTER_ANNOUNCEMENT, "Local Master Announcement"}, {0, NULL} }; #define OS_WFW 0 #define OS_NTW 4 #define OS_NTS 5 static const true_false_string tfs_os_wfw = { "Windows for Workgroups", "Not Windows for Workgroups" }; static const true_false_string tfs_os_ntw = { "Windows NT Workstation", "Not Windows NT Workstation" }; static const true_false_string tfs_os_nts = { "Windows NT Server", "Not Windows NT Server" }; static void dissect_election_criterion_os(tvbuff_t *tvb, proto_tree *parent_tree, int offset) { static int * const flags[] = { &hf_election_os_wfw, &hf_election_os_ntw, &hf_election_os_nts, NULL }; proto_tree_add_bitmask(parent_tree, tvb, offset, hf_election_os, ett_browse_election_os, flags, ENC_NA); } static void dissect_election_criterion_desire(tvbuff_t *tvb, proto_tree *parent_tree, int offset) { static int * const flags[] = { &hf_election_desire_flags_backup, &hf_election_desire_flags_standby, &hf_election_desire_flags_master, &hf_election_desire_flags_domain_master, &hf_election_desire_flags_wins, &hf_election_desire_flags_nt, NULL }; proto_tree_add_bitmask(parent_tree, tvb, offset, hf_election_desire, ett_browse_election_desire, flags, ENC_NA); } static void dissect_election_criterion(tvbuff_t *tvb, proto_tree *parent_tree, int offset) { proto_tree *tree = NULL; proto_item *item = NULL; uint32_t criterion; criterion = tvb_get_letohl(tvb, offset); if (parent_tree) { item = proto_tree_add_uint(parent_tree, hf_election_criteria, tvb, offset, 4, criterion); tree = proto_item_add_subtree(item, ett_browse_election_criteria); } /* election desire */ dissect_election_criterion_desire(tvb, tree, offset); offset += 1; /* browser protocol major version */ proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* browser protocol minor version */ proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* election os */ dissect_election_criterion_os(tvb, tree, offset); } /* * XXX - this causes non-browser packets to have browser fields. */ int dissect_smb_server_type_flags(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, uint8_t *drep, bool infoflag) { uint32_t flags; int i; static int * const type_flags[] = { &hf_server_type_workstation, &hf_server_type_server, &hf_server_type_sql, &hf_server_type_domain, &hf_server_type_backup, &hf_server_type_time, &hf_server_type_apple, &hf_server_type_novell, &hf_server_type_member, &hf_server_type_print, &hf_server_type_dialin, &hf_server_type_xenix, &hf_server_type_ntw, &hf_server_type_wfw, &hf_server_type_nts, &hf_server_type_potentialb, &hf_server_type_backupb, &hf_server_type_masterb, &hf_server_type_domainmasterb, &hf_server_type_osf, &hf_server_type_vms, &hf_server_type_w95, &hf_server_type_dfs, &hf_server_type_local, &hf_server_type_domainenum, NULL }; if (drep != NULL) { /* * Called from a DCE RPC protocol dissector, for a * protocol where a 32-bit NDR integer contains * an server type mask; extract the server type mask * with an NDR call (but don't put it into the * protocol tree, as we can't get a pointer to the * item it puts in, and thus can't put a tree below * it with the values of the individual bits). */ offset = dissect_ndr_uint32( tvb, offset, pinfo, NULL, NULL, drep, hf_server_type, &flags); } else { /* * Called from SMB browser or RAP, where the server type * mask is just a 4-byte little-endian quantity with no * special NDR alignment requirement; extract it with * "tvb_get_letohl()". */ flags = tvb_get_letohl(tvb, offset); offset += 4; } if (infoflag) { /* Append the type(s) of the system to the COL_INFO line ... */ for (i = 0; i < 32; i++) { if (flags & (1U<cinfo, COL_INFO, ", %s", val_to_str(i, server_types, "Unknown server type:%d")); } } } proto_tree_add_bitmask_value(parent_tree, tvb, offset-4, hf_server_type, ett_browse_flags, type_flags, flags); return offset; } #define HOST_NAME_LEN 16 static int dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_) { int offset = 0; uint8_t cmd; proto_tree *tree = NULL; proto_item *item = NULL; uint32_t periodicity; uint8_t *host_name; int namelen; uint8_t server_count; uint8_t os_major_ver, os_minor_ver; const char *windows_version; int i; uint32_t uptime; col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER"); col_clear(pinfo->cinfo, COL_INFO); cmd = tvb_get_uint8(tvb, offset); /* Put in something, and replace it later */ col_add_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x")); item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, ENC_NA); tree = proto_item_add_subtree(item, ett_browse); /* command */ proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd); offset += 1; switch (cmd) { case BROWSE_DOMAIN_ANNOUNCEMENT: case BROWSE_LOCAL_MASTER_ANNOUNCEMENT: case BROWSE_HOST_ANNOUNCE: { /* update count */ proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* periodicity (in milliseconds) */ periodicity = tvb_get_letohl(tvb, offset); proto_tree_add_uint_format_value(tree, hf_periodicity, tvb, offset, 4, periodicity, "%s", signed_time_msecs_to_str(pinfo->pool, periodicity)); offset += 4; /* server name */ host_name = tvb_get_stringzpad(pinfo->pool, tvb, offset, HOST_NAME_LEN, ENC_CP437|ENC_NA); col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name); proto_tree_add_string_format(tree, hf_server_name, tvb, offset, HOST_NAME_LEN, host_name, (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)? "Domain/Workgroup: %s": "Host Name: %s", host_name); offset += HOST_NAME_LEN; /* Windows version (See "OSVERSIONINFO Structure" on MSDN) */ os_major_ver = tvb_get_uint8(tvb, offset); os_minor_ver = tvb_get_uint8(tvb, offset+1); SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version); proto_tree_add_string(tree, hf_windows_version, tvb, offset, 2, windows_version); /* OS major version */ proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* OS minor version */ proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* server type flags */ offset = dissect_smb_server_type_flags( tvb, offset, pinfo, tree, NULL, true); if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT && tvb_get_letohs (tvb, offset + 2) != 0xAA55) { /* * Network Monitor claims this is a "Comment * Pointer". I don't believe it. * * It's not a browser protocol major/minor * version number, and signature constant, * however. */ proto_tree_add_item(tree, hf_mysterious_field, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; } else { /* browser protocol major version */ proto_tree_add_item(tree, hf_proto_major, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* browser protocol minor version */ proto_tree_add_item(tree, hf_proto_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* signature constant */ proto_tree_add_item(tree, hf_sig_const, tvb, offset, 2, ENC_LITTLE_ENDIAN); offset += 2; } /* master browser server name or server comment */ namelen = tvb_strsize(tvb, offset); proto_tree_add_item(tree, (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)? hf_mb_server_name : hf_server_comment, tvb, offset, namelen, ENC_ASCII|ENC_NA); break; } case BROWSE_REQUEST_ANNOUNCE: { uint8_t *computer_name; /* unused/unknown flags */ proto_tree_add_item(tree, hf_unused_flags, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* name of computer to which to send reply */ computer_name = tvb_get_stringz_enc(pinfo->pool, tvb, offset, &namelen, ENC_ASCII); proto_tree_add_string(tree, hf_response_computer_name, tvb, offset, namelen, computer_name); col_append_fstr(pinfo->cinfo, COL_INFO, " %s", computer_name); break; } case BROWSE_ELECTION_REQUEST: /* election version */ proto_tree_add_item(tree, hf_election_version, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* criterion */ dissect_election_criterion(tvb, tree, offset); offset += 4; /* server uptime */ uptime = tvb_get_letohl(tvb, offset); proto_tree_add_uint_format_value(tree, hf_server_uptime, tvb, offset, 4, uptime, "%s", signed_time_msecs_to_str(pinfo->pool, uptime)); offset += 4; /* next 4 bytes must be zero */ offset += 4; /* server name */ namelen = tvb_strsize(tvb, offset); proto_tree_add_item(tree, hf_server_name, tvb, offset, namelen, ENC_ASCII); break; case BROWSE_BACKUP_LIST_REQUEST: /* backup list requested count */ proto_tree_add_item(tree, hf_backup_count, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* backup requested token */ proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN); break; case BROWSE_BACKUP_LIST_RESPONSE: /* backup list requested count */ server_count = tvb_get_uint8(tvb, offset); proto_tree_add_uint(tree, hf_backup_count, tvb, offset, 1, server_count); offset += 1; /* backup requested token */ proto_tree_add_item(tree, hf_backup_token, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; /* backup server names */ for (i = 0; i < server_count; i++) { namelen = tvb_strsize(tvb, offset); proto_tree_add_item(tree, hf_backup_server, tvb, offset, namelen, ENC_ASCII); offset += namelen; } break; case BROWSE_MASTER_ANNOUNCEMENT: /* master browser server name */ namelen = tvb_strsize(tvb, offset); proto_tree_add_item(tree, hf_mb_server_name, tvb, offset, namelen, ENC_ASCII); break; case BROWSE_RESETBROWSERSTATE_ANNOUNCEMENT: { static int * const flags[] = { &hf_mb_reset_demote, &hf_mb_reset_flush, &hf_mb_reset_stop, NULL }; proto_tree_add_bitmask(tree, tvb, offset, hf_mb_reset_command, ett_browse_reset_cmd_flags, flags, ENC_NA); break; } case BROWSE_BECOME_BACKUP: /* name of browser to promote */ namelen = tvb_strsize(tvb, offset); proto_tree_add_item(tree, hf_browser_to_promote, tvb, offset, namelen, ENC_ASCII); break; } return tvb_captured_length(tvb); } /* * It appears that browser announcements sent to \MAILSLOT\LANMAN aren't * the same as browser announcements sent to \MAILSLOT\BROWSE. * Was that an older version of the protocol? * * The document at * * http://www.samba.org/samba/ftp/specs/brow_rev.txt * * gives both formats of host announcement packets, saying that * "[The first] format seems wrong", that one being what appears to * show up in \MAILSLOT\LANMAN packets, and that "[The second one] * may be better", that one being what appears to show up in * \MAILSLOT\BROWSE packets. * * XXX - what other browser packets go out to that mailslot? */ static int dissect_mailslot_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_) { int offset = 0; uint8_t cmd; proto_tree *tree; proto_item *item; uint32_t periodicity; const uint8_t *host_name; uint8_t os_major_ver, os_minor_ver; const char *windows_version; unsigned namelen; col_set_str(pinfo->cinfo, COL_PROTOCOL, "BROWSER"); col_clear(pinfo->cinfo, COL_INFO); cmd = tvb_get_uint8(tvb, offset); /* Put in something, and replace it later */ col_add_str(pinfo->cinfo, COL_INFO, val_to_str(cmd, commands, "Unknown command:0x%02x")); item = proto_tree_add_item(parent_tree, proto_smb_browse, tvb, offset, -1, ENC_NA); tree = proto_item_add_subtree(item, ett_browse); /* command */ proto_tree_add_uint(tree, hf_command, tvb, offset, 1, cmd); offset += 1; switch (cmd) { case BROWSE_DOMAIN_ANNOUNCEMENT: case BROWSE_LOCAL_MASTER_ANNOUNCEMENT: case BROWSE_HOST_ANNOUNCE: /* update count */ proto_tree_add_item(tree, hf_update_count, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* server type flags */ offset = dissect_smb_server_type_flags( tvb, offset, pinfo, tree, NULL, true); /* OS version string (See "OSVERSIONINFO Structure" on MSDN) */ os_major_ver = tvb_get_uint8(tvb, offset); os_minor_ver = tvb_get_uint8(tvb, offset+1); SET_WINDOWS_VERSION_STRING(os_major_ver, os_minor_ver, windows_version); proto_tree_add_string(tree, hf_windows_version, tvb, offset, 2, windows_version); /* OS major version */ proto_tree_add_item(tree, hf_os_major, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* OS minor version */ proto_tree_add_item(tree, hf_os_minor, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; /* periodicity (in seconds; convert to milliseconds) */ periodicity = tvb_get_letohs(tvb, offset)*1000; proto_tree_add_uint_format_value(tree, hf_periodicity, tvb, offset, 2, periodicity, "%s", signed_time_msecs_to_str(pinfo->pool, periodicity)); offset += 2; /* server name */ host_name = tvb_get_stringz_enc(pinfo->pool, tvb, offset, &namelen, ENC_CP437|ENC_NA); col_append_fstr(pinfo->cinfo, COL_INFO, " %s", host_name); proto_tree_add_item(tree, hf_server_name, tvb, offset, namelen, ENC_ASCII); offset += namelen; /* master browser server name or server comment */ namelen = tvb_strsize(tvb, offset); proto_tree_add_item(tree, (cmd==BROWSE_DOMAIN_ANNOUNCEMENT)? hf_mb_server_name : hf_server_comment, tvb, offset, namelen, ENC_CP437|ENC_NA); break; } return tvb_captured_length(tvb); } void proto_register_smb_browse(void) { static hf_register_info hf[] = { { &hf_command, { "Command", "browser.command", FT_UINT8, BASE_HEX, VALS(commands), 0, "Browse command opcode", HFILL }}, { &hf_update_count, { "Update Count", "browser.update_count", FT_UINT8, BASE_DEC, NULL, 0, "Browse Update Count", HFILL }}, { &hf_periodicity, { "Update Periodicity", "browser.period", FT_UINT32, BASE_DEC, NULL, 0, "Update Periodicity in ms", HFILL }}, { &hf_server_name, { "Server Name", "browser.server", FT_STRING, BASE_NONE, NULL, 0, "BROWSE Server Name", HFILL }}, { &hf_mb_server_name, { "Master Browser Server Name", "browser.mb_server", FT_STRING, BASE_NONE, NULL, 0, "BROWSE Master Browser Server Name", HFILL }}, { &hf_mb_reset_command, { "ResetBrowserState Command", "browser.reset_cmd", FT_UINT8, BASE_HEX, VALS(resetbrowserstate_command_names), 0, NULL, HFILL }}, { &hf_mb_reset_demote, { "Demote LMB", "browser.reset_cmd.demote", FT_BOOLEAN, 8, TFS(&tfs_demote_to_backup), 0x01, NULL, HFILL}}, { &hf_mb_reset_flush, { "Flush Browse List", "browser.reset_cmd.flush", FT_BOOLEAN, 8, TFS(&tfs_flush_browse_list), 0x02, NULL, HFILL}}, { &hf_mb_reset_stop, { "Stop Being LMB", "browser.reset_cmd.stop_lmb", FT_BOOLEAN, 8, TFS(&tfs_stop_being_lmb), 0x04, NULL, HFILL}}, { &hf_os_major, { "OS Major Version", "browser.os_major", FT_UINT8, BASE_DEC, NULL, 0, "Operating System Major Version", HFILL }}, { &hf_os_minor, { "OS Minor Version", "browser.os_minor", FT_UINT8, BASE_DEC, NULL, 0, "Operating System Minor Version", HFILL }}, { &hf_server_type, { "Server Type", "browser.server_type", FT_UINT32, BASE_HEX, NULL, 0, "Server Type Flags", HFILL }}, { &hf_server_type_workstation, { "Workstation", "browser.server_type.workstation", FT_BOOLEAN, 32, TFS(&tfs_workstation), 1U<