/src/wireshark/epan/dissectors/packet-smb2.c

Source (jump to first uncovered line)
/* packet-smb2.c
 * Routines for smb2 packet dissection
 * Ronnie Sahlberg 2005
 *
 * For documentation of this protocol, see:
 *
 * https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/
 * https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/
 * https://gitlab.com/wireshark/wireshark/-/wikis/SMB2
 *
 * If you edit this file, keep the wiki updated as well.
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 1998 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#define WS_LOG_DOMAIN "packet-smb2"
#include "config.h"
#include <wireshark.h>

#include <epan/packet.h>
#include <epan/exceptions.h>
#include <epan/prefs.h>
#include <epan/expert.h>
#include <epan/tap.h>
#include <epan/srt_table.h>
#include <epan/aftypes.h>
#include <epan/to_str.h>
#include <epan/strutil.h>
#include <epan/asn1.h>
#include <epan/reassemble.h>
#include <epan/uat.h>
#include <epan/tfs.h>
#include <wsutil/array.h>

#include "packet-smb2.h"
#include "packet-ntlmssp.h"
#include "packet-kerberos.h"
#include "packet-windows-common.h"
#include "packet-dcerpc-nt.h"

#include "read_keytab_file.h"

#include <wsutil/wsgcrypt.h>
#include <wsutil/ws_roundup.h>
#include <wsutil/crc32.h>


#ifdef _WIN32
#include <windows.h>
#else
/* Defined in winnt.h */
#define OWNER_SECURITY_INFORMATION 0x00000001
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
#define LABEL_SECURITY_INFORMATION 0x00000010
#define ATTRIBUTE_SECURITY_INFORMATION 0x00000020
#define SCOPE_SECURITY_INFORMATION 0x00000040
#define BACKUP_SECURITY_INFORMATION 0x00010000
#endif

#define NT_STATUS_PENDING   0x00000103
#define NT_STATUS_BUFFER_TOO_SMALL  0xC0000023
#define NT_STATUS_STOPPED_ON_SYMLINK  0x8000002D
#define NT_STATUS_BAD_NETWORK_NAME  0xC00000CC

void proto_register_smb2(void);
void proto_reg_handoff_smb2(void);

#define SMB2_NORM_HEADER 0xFE
#define SMB2_ENCR_HEADER 0xFD
#define SMB2_COMP_HEADER 0xFC

static wmem_map_t *smb2_sessions;

static const char smb_header_label[] = "SMB2 Header";
static const char smb_transform_header_label[] = "SMB2 Transform Header";
static const char smb_comp_transform_header_label[] = "SMB2 Compression Transform Header";
static const char smb_bad_header_label[] = "Bad SMB2 Header";

static int proto_smb2;
static int hf_smb2_cmd;
static int hf_smb2_nt_status;
static int hf_smb2_response_to;
static int hf_smb2_response_in;
static int hf_smb2_time_req;
static int hf_smb2_time_resp;
static int hf_smb2_preauth_hash;
static int hf_smb2_header_len;
static int hf_smb2_msg_id;
static int hf_smb2_header_reserved;
static int hf_smb2_tid;
static int hf_smb2_aid;
static int hf_smb2_sesid;
static int hf_smb2_previous_sesid;
static int hf_smb2_flags_response;
static int hf_smb2_flags_async_cmd;
static int hf_smb2_flags_dfs_op;
static int hf_smb2_flags_chained;
static int hf_smb2_flags_signature;
static int hf_smb2_flags_replay_operation;
static int hf_smb2_flags_priority_mask;
static int hf_smb2_chain_offset;
static int hf_smb2_security_blob;
static int hf_smb2_ioctl_in_data;
static int hf_smb2_ioctl_out_data;
static int hf_smb2_unknown;
static int hf_smb2_root_directory_mbz;
static int hf_smb2_twrp_timestamp;
static int hf_smb2_mxac_timestamp;
static int hf_smb2_mxac_status;
static int hf_smb2_qfid_fid;
static int hf_smb2_create_timestamp;
static int hf_smb2_oplock;
static int hf_smb2_close_flags;
static int hf_smb2_notify_flags;
static int hf_smb2_last_access_timestamp;
static int hf_smb2_last_write_timestamp;
static int hf_smb2_last_change_timestamp;
static int hf_smb2_current_time;
static int hf_smb2_boot_time;
static int hf_smb2_filename;
static int hf_smb2_filename_len;
static int hf_frame_handle_opened;
static int hf_frame_handle_closed;
static int hf_smb2_replace_if;
static int hf_smb2_nlinks;
static int hf_smb2_delete_pending;
static int hf_smb2_is_directory;
static int hf_smb2_file_id;
static int hf_smb2_allocation_size;
static int hf_smb2_end_of_file;
static int hf_smb2_tree;
static int hf_smb2_find_pattern;
static int hf_smb2_find_info_level;
static int hf_smb2_find_info_blob;
static int hf_smb2_client_guid;
static int hf_smb2_server_guid;
static int hf_smb2_object_id;
static int hf_smb2_birth_volume_id;
static int hf_smb2_birth_object_id;
static int hf_smb2_domain_id;
static int hf_smb2_class;
static int hf_smb2_infolevel;
static int hf_smb2_infolevel_file_info;
static int hf_smb2_infolevel_fs_info;
static int hf_smb2_infolevel_sec_info;
static int hf_smb2_max_response_size;
static int hf_smb2_max_ioctl_in_size;
static int hf_smb2_max_ioctl_out_size;
static int hf_smb2_flags;
static int hf_smb2_required_buffer_size;
static int hf_smb2_getinfo_input_size;
static int hf_smb2_getinfo_input_offset;
static int hf_smb2_getsetinfo_additional;
static int hf_smb2_getsetinfo_additionals;
static int hf_smb2_getsetinfo_additional_owner;
static int hf_smb2_getsetinfo_additional_group;
static int hf_smb2_getsetinfo_additional_dacl;
static int hf_smb2_getsetinfo_additional_sacl;
static int hf_smb2_getsetinfo_additional_label;
static int hf_smb2_getsetinfo_additional_attribute;
static int hf_smb2_getsetinfo_additional_scope;
static int hf_smb2_getsetinfo_additional_backup;
static int hf_smb2_getinfo_flags;
static int hf_smb2_setinfo_size;
static int hf_smb2_setinfo_offset;
static int hf_smb2_setinfo_reserved;
static int hf_smb2_file_basic_info;
static int hf_smb2_file_standard_info;
static int hf_smb2_file_internal_info;
static int hf_smb2_file_ea_info;
static int hf_smb2_file_access_info;
static int hf_smb2_file_rename_info;
static int hf_smb2_file_link_info;
static int hf_smb2_file_disposition_info;
static int hf_smb2_file_position_info;
static int hf_smb2_file_full_ea_info;
static int hf_smb2_file_mode_info;
static int hf_smb2_file_alignment_info;
static int hf_smb2_file_all_info;
static int hf_smb2_file_allocation_info;
static int hf_smb2_file_endoffile_info;
static int hf_smb2_file_alternate_name_info;
static int hf_smb2_file_stream_info;
static int hf_smb2_file_pipe_info;
static int hf_smb2_file_pipe_local_info;
static int hf_smb2_file_pipe_remote_info;
static int hf_smb2_file_compression_info;
static int hf_smb2_file_network_open_info;
static int hf_smb2_file_attribute_tag_info;
static int hf_smb2_file_normalized_name_info;
static int hf_smb2_fs_info_01;
static int hf_smb2_fs_info_03;
static int hf_smb2_fs_info_04;
static int hf_smb2_fs_info_05;
static int hf_smb2_fs_info_06;
static int hf_smb2_fs_info_07;
static int hf_smb2_fs_objectid_info;
static int hf_smb2_fs_posix_info;
static int hf_smb2_fs_posix_optimal_transfer_size;
static int hf_smb2_fs_posix_block_size;
static int hf_smb2_fs_posix_total_blocks;
static int hf_smb2_fs_posix_blocks_available;
static int hf_smb2_fs_posix_user_blocks_available;
static int hf_smb2_fs_posix_total_file_nodes;
static int hf_smb2_fs_posix_free_file_nodes;
static int hf_smb2_fs_posix_fs_identifier;
static int hf_smb2_sec_info_00;
static int hf_smb2_quota_info;
static int hf_smb2_query_quota_info;
static int hf_smb2_qq_single;
static int hf_smb2_qq_restart;
static int hf_smb2_qq_sidlist_len;
static int hf_smb2_qq_start_sid_len;
static int hf_smb2_qq_start_sid_offset;
static int hf_smb2_fid;
static int hf_smb2_write_length;
static int hf_smb2_write_data;
static int hf_smb2_write_flags;
static int hf_smb2_write_flags_write_through;
static int hf_smb2_write_flags_write_unbuffered;
static int hf_smb2_write_count;
static int hf_smb2_write_remaining;
static int hf_smb2_read_blob;
static int hf_smb2_read_length;
static int hf_smb2_read_remaining;
static int hf_smb2_read_padding;
static int hf_smb2_read_flags;
static int hf_smb2_read_flags_unbuffered;
static int hf_smb2_read_flags_compressed;
static int hf_smb2_file_offset;
static int hf_smb2_qfr_length;
static int hf_smb2_qfr_usage;
static int hf_smb2_qfr_flags;
static int hf_smb2_qfr_total_region_entry_count;
static int hf_smb2_qfr_region_entry_count;
static int hf_smb2_read_data;
static int hf_smb2_disposition_delete_on_close;
static int hf_smb2_create_disposition;
static int hf_smb2_create_chain_offset;
static int hf_smb2_create_chain_data;
static int hf_smb2_data_offset;
static int hf_smb2_extrainfo;
static int hf_smb2_create_action;
static int hf_smb2_create_rep_flags;
static int hf_smb2_create_rep_flags_reparse_point;
static int hf_smb2_next_offset;
static int hf_smb2_negotiate_context_type;
static int hf_smb2_negotiate_context_data_length;
static int hf_smb2_negotiate_context_offset;
static int hf_smb2_negotiate_context_reserved;
static int hf_smb2_negotiate_context_reserved2;
static int hf_smb2_negotiate_context_count;
static int hf_smb2_hash_alg_count;
static int hf_smb2_hash_algorithm;
static int hf_smb2_salt_length;
static int hf_smb2_salt;
static int hf_smb2_cipher_count;
static int hf_smb2_cipher_id;
static int hf_smb2_signing_alg_count;
static int hf_smb2_signing_alg_id;
static int hf_smb2_comp_alg_count;
static int hf_smb2_comp_alg_id;
static int hf_smb2_comp_alg_flags;
static int hf_smb2_comp_alg_flags_chained;
static int hf_smb2_comp_alg_flags_reserved;
static int hf_smb2_netname_neg_id;
static int hf_smb2_transport_ctx_flags;
static int hf_smb2_rdma_transform_count;
static int hf_smb2_rdma_transform_reserved1;
static int hf_smb2_rdma_transform_reserved2;
static int hf_smb2_rdma_transform_id;
static int hf_smb2_posix_reserved;
static int hf_smb2_dev;
static int hf_smb2_inode;
static int hf_smb2_ea_size;
static int hf_smb2_ea_flags;
static int hf_smb2_ea_name_len;
static int hf_smb2_ea_data_len;
static int hf_smb2_ea_name;
static int hf_smb2_ea_data;
static int hf_smb2_position_information;
static int hf_smb2_mode_information;
static int hf_smb2_mode_file_write_through;
static int hf_smb2_mode_file_sequential_only;
static int hf_smb2_mode_file_no_intermediate_buffering;
static int hf_smb2_mode_file_synchronous_io_alert;
static int hf_smb2_mode_file_synchronous_io_nonalert;
static int hf_smb2_mode_file_delete_on_close;
static int hf_smb2_alignment_information;
static int hf_smb2_buffer_code;
static int hf_smb2_buffer_code_len;
static int hf_smb2_buffer_code_flags_dyn;
static int hf_smb2_olb_offset;
static int hf_smb2_olb_length;
static int hf_smb2_tag;
static int hf_smb2_impersonation_level;
static int hf_smb2_ioctl_function;
static int hf_smb2_ioctl_function_device;
static int hf_smb2_ioctl_function_access;
static int hf_smb2_ioctl_function_function;
static int hf_smb2_fsctl_pipe_wait_timeout;
static int hf_smb2_fsctl_pipe_wait_name;

static int hf_smb2_fsctl_odx_token_type;
static int hf_smb2_fsctl_odx_token_idlen;
static int hf_smb2_fsctl_odx_token_idraw;
static int hf_smb2_fsctl_odx_token_ttl;
static int hf_smb2_fsctl_odx_size;
static int hf_smb2_fsctl_odx_flags;
static int hf_smb2_fsctl_odx_file_offset;
static int hf_smb2_fsctl_odx_copy_length;
static int hf_smb2_fsctl_odx_xfer_length;
static int hf_smb2_fsctl_odx_token_offset;

static int hf_smb2_fsctl_infoex_enable_integrity;
static int hf_smb2_fsctl_infoex_keep_integrity_state;
static int hf_smb2_fsctl_infoex_reserved;
static int hf_smb2_fsctl_infoex_reserved2;
static int hf_smb2_fsctl_infoex_flags;
static int hf_smb2_fsctl_infoex_version;

static int hf_smb2_fsctl_sparse_flag;
static int hf_smb2_fsctl_range_offset;
static int hf_smb2_fsctl_range_length;
static int hf_smb2_ioctl_function_method;
static int hf_smb2_ioctl_resiliency_timeout;
static int hf_smb2_ioctl_resiliency_reserved;
static int hf_smb2_ioctl_shared_virtual_disk_support;
static int hf_smb2_ioctl_shared_virtual_disk_handle_state;
static int hf_smb2_ioctl_sqos_protocol_version;
static int hf_smb2_ioctl_sqos_reserved;
static int hf_smb2_ioctl_sqos_options;
static int hf_smb2_ioctl_sqos_op_set_logical_flow_id;
static int hf_smb2_ioctl_sqos_op_set_policy;
static int hf_smb2_ioctl_sqos_op_probe_policy;
static int hf_smb2_ioctl_sqos_op_get_status;
static int hf_smb2_ioctl_sqos_op_update_counters;
static int hf_smb2_ioctl_sqos_logical_flow_id;
static int hf_smb2_ioctl_sqos_policy_id;
static int hf_smb2_ioctl_sqos_initiator_id;
static int hf_smb2_ioctl_sqos_limit;
static int hf_smb2_ioctl_sqos_reservation;
static int hf_smb2_ioctl_sqos_initiator_name;
static int hf_smb2_ioctl_sqos_initiator_node_name;
static int hf_smb2_ioctl_sqos_io_count_increment;
static int hf_smb2_ioctl_sqos_normalized_io_count_increment;
static int hf_smb2_ioctl_sqos_latency_increment;
static int hf_smb2_ioctl_sqos_lower_latency_increment;
static int hf_smb2_ioctl_sqos_bandwidth_limit;
static int hf_smb2_ioctl_sqos_kilobyte_count_increment;
static int hf_smb2_ioctl_sqos_time_to_live;
static int hf_smb2_ioctl_sqos_status;
static int hf_smb2_ioctl_sqos_maximum_io_rate;
static int hf_smb2_ioctl_sqos_minimum_io_rate;
static int hf_smb2_ioctl_sqos_base_io_size;
static int hf_smb2_ioctl_sqos_reserved2;
static int hf_smb2_ioctl_sqos_maximum_bandwidth;
static int hf_windows_sockaddr_family;
static int hf_windows_sockaddr_port;
static int hf_windows_sockaddr_in_addr;
static int hf_windows_sockaddr_in6_flowinfo;
static int hf_windows_sockaddr_in6_addr;
static int hf_windows_sockaddr_in6_scope_id;
static int hf_smb2_ioctl_network_interface_next_offset;
static int hf_smb2_ioctl_network_interface_index;
static int hf_smb2_ioctl_network_interface_reserved;
static int hf_smb2_ioctl_network_interface_capabilities;
static int hf_smb2_ioctl_network_interface_capability_rss;
static int hf_smb2_ioctl_network_interface_capability_rdma;
static int hf_smb2_ioctl_network_interface_link_speed;
static int hf_smb2_ioctl_enumerate_snapshots_num_snapshots;
static int hf_smb2_ioctl_enumerate_snapshots_num_snapshots_returned;
static int hf_smb2_ioctl_enumerate_snapshots_snapshot_array_size;
static int hf_smb2_ioctl_enumerate_snapshots_snapshot;
static int hf_smb2_ioctl_get_ntfs_volume_data_volume_serial;
static int hf_smb2_ioctl_get_ntfs_volume_data_num_sectors;
static int hf_smb2_ioctl_get_ntfs_volume_data_total_clusters;
static int hf_smb2_ioctl_get_ntfs_volume_data_free_clusters;
static int hf_smb2_ioctl_get_ntfs_volume_data_total_reserved;
static int hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_sector;
static int hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_cluster;
static int hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_file_record_segment;
static int hf_smb2_ioctl_get_ntfs_volume_data_clusters_per_file_record_segment;
static int hf_smb2_ioctl_get_ntfs_volume_data_mft_valid_data_length;
static int hf_smb2_ioctl_get_ntfs_volume_data_mft_start_lcn;
static int hf_smb2_ioctl_get_ntfs_volume_data_mft2_start_lcn;
static int hf_smb2_ioctl_get_ntfs_volume_data_mft_zone_start;
static int hf_smb2_ioctl_get_ntfs_volume_data_mft_zone_end;
static int hf_smb2_compression_format;
static int hf_smb2_checksum_algorithm;
static int hf_smb2_integrity_reserved;
static int hf_smb2_integrity_flags;
static int hf_smb2_integrity_flags_enforcement_off;
static int hf_smb2_integrity_crc_chunk_size;
static int hf_smb2_integrity_cluster_size;
static int hf_smb2_FILE_OBJECTID_BUFFER;
static int hf_smb2_lease_key;
static int hf_smb2_lease_state;
static int hf_smb2_lease_state_read_caching;
static int hf_smb2_lease_state_handle_caching;
static int hf_smb2_lease_state_write_caching;
static int hf_smb2_lease_flags;
static int hf_smb2_lease_flags_break_ack_required;
static int hf_smb2_lease_flags_parent_lease_key_set;
static int hf_smb2_lease_flags_break_in_progress;
static int hf_smb2_lease_duration;
static int hf_smb2_parent_lease_key;
static int hf_smb2_lease_epoch;
static int hf_smb2_lease_reserved;
static int hf_smb2_lease_break_reason;
static int hf_smb2_lease_access_mask_hint;
static int hf_smb2_lease_share_mask_hint;
static int hf_smb2_acct_name;
static int hf_smb2_domain_name;
static int hf_smb2_host_name;
static int hf_smb2_auth_frame;
static int hf_smb2_tcon_frame;
static int hf_smb2_tdcon_frame;
static int hf_smb2_share_type;
static int hf_smb2_signature;
static int hf_smb2_credit_charge;
static int hf_smb2_credits_requested;
static int hf_smb2_credits_granted;
static int hf_smb2_channel_sequence;
static int hf_smb2_dialect_count;
static int hf_smb2_security_mode;
static int hf_smb2_secmode_flags_sign_required;
static int hf_smb2_secmode_flags_sign_enabled;
static int hf_smb2_ses_req_flags;
static int hf_smb2_ses_req_flags_session_binding;
static int hf_smb2_capabilities;
static int hf_smb2_cap_dfs;
static int hf_smb2_cap_leasing;
static int hf_smb2_cap_large_mtu;
static int hf_smb2_cap_multi_channel;
static int hf_smb2_cap_persistent_handles;
static int hf_smb2_cap_directory_leasing;
static int hf_smb2_cap_encryption;
static int hf_smb2_cap_notifications;
static int hf_smb2_dialect;
static int hf_smb2_max_trans_size;
static int hf_smb2_max_read_size;
static int hf_smb2_max_write_size;
static int hf_smb2_channel;
static int hf_smb2_rdma_v1_offset;
static int hf_smb2_rdma_v1_token;
static int hf_smb2_rdma_v1_length;
static int hf_smb2_session_flags;
static int hf_smb2_ses_flags_guest;
static int hf_smb2_ses_flags_null;
static int hf_smb2_ses_flags_encrypt;
static int hf_smb2_share_flags;
static int hf_smb2_share_flags_dfs;
static int hf_smb2_share_flags_dfs_root;
static int hf_smb2_share_flags_restrict_exclusive_opens;
static int hf_smb2_share_flags_force_shared_delete;
static int hf_smb2_share_flags_allow_namespace_caching;
static int hf_smb2_share_flags_access_based_dir_enum;
static int hf_smb2_share_flags_force_levelii_oplock;
static int hf_smb2_share_flags_enable_hash_v1;
static int hf_smb2_share_flags_enable_hash_v2;
static int hf_smb2_share_flags_encrypt_data;
static int hf_smb2_share_flags_identity_remoting;
static int hf_smb2_share_flags_compress_data;
static int hf_smb2_share_flags_isolated_transport;
static int hf_smb2_share_caching;
static int hf_smb2_share_caps;
static int hf_smb2_share_caps_dfs;
static int hf_smb2_share_caps_continuous_availability;
static int hf_smb2_share_caps_scaleout;
static int hf_smb2_share_caps_cluster;
static int hf_smb2_share_caps_asymmetric;
static int hf_smb2_share_caps_redirect_to_owner;
static int hf_smb2_create_flags;
static int hf_smb2_lock_count;
static int hf_smb2_lock_sequence_number;
static int hf_smb2_lock_sequence_index;
static int hf_smb2_min_count;
static int hf_smb2_remaining_bytes;
static int hf_smb2_channel_info_offset;
static int hf_smb2_channel_info_length;
static int hf_smb2_channel_info_blob;
static int hf_smb2_ioctl_flags;
static int hf_smb2_ioctl_is_fsctl;
static int hf_smb2_close_pq_attrib;
static int hf_smb2_notify_watch_tree;
static int hf_smb2_output_buffer_len;
static int hf_smb2_notify_out_data;
static int hf_smb2_notify_info;
static int hf_smb2_notify_next_offset;
static int hf_smb2_notify_action;
static int hf_smb2_find_flags;
static int hf_smb2_find_flags_restart_scans;
static int hf_smb2_find_flags_single_entry;
static int hf_smb2_find_flags_index_specified;
static int hf_smb2_find_flags_reopen;
static int hf_smb2_file_index;
static int hf_smb2_file_directory_info;
static int hf_smb2_both_directory_info;
static int hf_smb2_posix_info;
static int hf_smb2_short_name_len;
static int hf_smb2_short_name;
static int hf_smb2_id_both_directory_info;
static int hf_smb2_full_directory_info;
static int hf_smb2_lock_info;
static int hf_smb2_lock_length;
static int hf_smb2_lock_flags;
static int hf_smb2_lock_flags_shared;
static int hf_smb2_lock_flags_exclusive;
static int hf_smb2_lock_flags_unlock;
static int hf_smb2_lock_flags_fail_immediately;
static int hf_smb2_dhnq_buffer_reserved;
static int hf_smb2_dh2x_buffer_timeout;
static int hf_smb2_dh2x_buffer_flags;
static int hf_smb2_dh2x_buffer_flags_persistent_handle;
static int hf_smb2_dh2x_buffer_reserved;
static int hf_smb2_dh2x_buffer_create_guid;
static int hf_smb2_APP_INSTANCE_buffer_struct_size;
static int hf_smb2_APP_INSTANCE_buffer_reserved;
static int hf_smb2_APP_INSTANCE_buffer_app_guid;
static int hf_smb2_svhdx_open_device_context_version;
static int hf_smb2_svhdx_open_device_context_has_initiator_id;
static int hf_smb2_svhdx_open_device_context_reserved;
static int hf_smb2_svhdx_open_device_context_initiator_id;
static int hf_smb2_svhdx_open_device_context_flags;
static int hf_smb2_svhdx_open_device_context_originator_flags;
static int hf_smb2_svhdx_open_device_context_open_request_id;
static int hf_smb2_svhdx_open_device_context_initiator_host_name_len;
static int hf_smb2_svhdx_open_device_context_initiator_host_name;
static int hf_smb2_svhdx_open_device_context_virtual_disk_properties_initialized;
static int hf_smb2_svhdx_open_device_context_server_service_version;
static int hf_smb2_svhdx_open_device_context_virtual_sector_size;
static int hf_smb2_svhdx_open_device_context_physical_sector_size;
static int hf_smb2_svhdx_open_device_context_virtual_size;
static int hf_smb2_app_instance_version_struct_size;
static int hf_smb2_app_instance_version_reserved;
static int hf_smb2_app_instance_version_padding;
static int hf_smb2_app_instance_version_high;
static int hf_smb2_app_instance_version_low;
static int hf_smb2_posix_perms;
static int hf_smb2_aapl_command_code;
static int hf_smb2_aapl_reserved;
static int hf_smb2_aapl_server_query_bitmask;
static int hf_smb2_aapl_server_query_bitmask_server_caps;
static int hf_smb2_aapl_server_query_bitmask_volume_caps;
static int hf_smb2_aapl_server_query_bitmask_model_info;
static int hf_smb2_aapl_server_query_caps;
static int hf_smb2_aapl_server_query_caps_supports_read_dir_attr;
static int hf_smb2_aapl_server_query_caps_supports_osx_copyfile;
static int hf_smb2_aapl_server_query_caps_unix_based;
static int hf_smb2_aapl_server_query_caps_supports_nfs_ace;
static int hf_smb2_aapl_server_query_volume_caps;
static int hf_smb2_aapl_server_query_volume_caps_support_resolve_id;
static int hf_smb2_aapl_server_query_volume_caps_case_sensitive;
static int hf_smb2_aapl_server_query_volume_caps_supports_full_sync;
static int hf_smb2_aapl_server_query_model_string;
static int hf_smb2_aapl_server_query_server_path;
static int hf_smb2_error_context_count;
static int hf_smb2_error_reserved;
static int hf_smb2_error_byte_count;
static int hf_smb2_error_data;
static int hf_smb2_error_context;
static int hf_smb2_error_context_length;
static int hf_smb2_error_context_id;
static int hf_smb2_error_min_buf_length;
static int hf_smb2_error_redir_context;
static int hf_smb2_error_redir_struct_size;
static int hf_smb2_error_redir_notif_type;
static int hf_smb2_error_redir_flags;
static int hf_smb2_error_redir_target_type;
static int hf_smb2_error_redir_ip_count;
static int hf_smb2_error_redir_ip_list;
static int hf_smb2_error_redir_res_name;
static int hf_smb2_reserved;
static int hf_smb2_reserved_random;
static int hf_smb2_transform_signature;
static int hf_smb2_transform_nonce;
static int hf_smb2_transform_msg_size;
static int hf_smb2_transform_reserved;
static int hf_smb2_transform_flags;
static int hf_smb2_transform_flags_encrypted;
static int hf_smb2_transform_encrypted_data;
static int hf_smb2_protocol_id;
static int hf_smb2_comp_transform_orig_size;
static int hf_smb2_comp_transform_comp_alg;
static int hf_smb2_comp_transform_flags;
static int hf_smb2_comp_transform_offset;
static int hf_smb2_comp_transform_length;
static int hf_smb2_comp_transform_data;
static int hf_smb2_comp_transform_orig_payload_size;
static int hf_smb2_comp_pattern_v1_pattern;
static int hf_smb2_comp_pattern_v1_reserved1;
static int hf_smb2_comp_pattern_v1_reserved2;
static int hf_smb2_comp_pattern_v1_repetitions;
static int hf_smb2_truncated;
static int hf_smb2_pipe_fragments;
static int hf_smb2_pipe_fragment;
static int hf_smb2_pipe_fragment_overlap;
static int hf_smb2_pipe_fragment_overlap_conflict;
static int hf_smb2_pipe_fragment_multiple_tails;
static int hf_smb2_pipe_fragment_too_long_fragment;
static int hf_smb2_pipe_fragment_error;
static int hf_smb2_pipe_fragment_count;
static int hf_smb2_pipe_reassembled_in;
static int hf_smb2_pipe_reassembled_length;
static int hf_smb2_pipe_reassembled_data;
static int hf_smb2_cchunk_resume_key;
static int hf_smb2_cchunk_count;
static int hf_smb2_cchunk_src_offset;
static int hf_smb2_cchunk_dst_offset;
static int hf_smb2_cchunk_xfer_len;
static int hf_smb2_cchunk_chunks_written;
static int hf_smb2_cchunk_bytes_written;
static int hf_smb2_cchunk_total_written;

static int hf_smb2_dupext_src_offset;
static int hf_smb2_dupext_dst_offset;
static int hf_smb2_dupext_byte_count;

static int hf_smb2_reparse_data_buffer;
static int hf_smb2_reparse_tag;
static int hf_smb2_reparse_guid;
static int hf_smb2_reparse_data_length;
static int hf_smb2_nfs_type;
static int hf_smb2_nfs_symlink_target;
static int hf_smb2_nfs_chr_major;
static int hf_smb2_nfs_chr_minor;
static int hf_smb2_nfs_blk_major;
static int hf_smb2_nfs_blk_minor;
static int hf_smb2_symlink_error_response;
static int hf_smb2_symlink_length;
static int hf_smb2_symlink_error_tag;
static int hf_smb2_unparsed_path_length;
static int hf_smb2_symlink_substitute_name;
static int hf_smb2_symlink_print_name;
static int hf_smb2_symlink_flags;
static int hf_smb2_bad_signature;
static int hf_smb2_good_signature;
static int hf_smb2_fscc_file_attr;
static int hf_smb2_fscc_file_attr_archive;
static int hf_smb2_fscc_file_attr_compressed;
static int hf_smb2_fscc_file_attr_directory;
static int hf_smb2_fscc_file_attr_encrypted;
static int hf_smb2_fscc_file_attr_hidden;
static int hf_smb2_fscc_file_attr_normal;
static int hf_smb2_fscc_file_attr_not_content_indexed;
static int hf_smb2_fscc_file_attr_offline;
static int hf_smb2_fscc_file_attr_read_only;
static int hf_smb2_fscc_file_attr_reparse_point;
static int hf_smb2_fscc_file_attr_sparse_file;
static int hf_smb2_fscc_file_attr_system;
static int hf_smb2_fscc_file_attr_temporary;
static int hf_smb2_fscc_file_attr_integrity_stream;
static int hf_smb2_fscc_file_attr_no_scrub_data;
static int hf_smb2_fscc_file_attr_recall_on_open;
static int hf_smb2_fscc_file_attr_pinned;
static int hf_smb2_fscc_file_attr_unpinned;
static int hf_smb2_fscc_file_attr_recall_on_data_access;
static int hf_smb2_tree_connect_flags;
static int hf_smb2_tc_cluster_reconnect;
static int hf_smb2_tc_redirect_to_owner;
static int hf_smb2_tc_extension_present;
static int hf_smb2_tc_reserved;
static int hf_smb2_notification_type;
static int hf_smb2_query_info_flags;
static int hf_smb2_query_info_flag_restart_scan;
static int hf_smb2_query_info_flag_return_single_entry;
static int hf_smb2_query_info_flag_index_specified;
static int hf_smb2_fscc_refs_snapshot_mgmt_operation;
static int hf_smb2_fscc_refs_snapshot_mgmt_namelen;
static int hf_smb2_fscc_refs_snapshot_mgmt_input_buffer_len;
static int hf_smb2_fscc_refs_snapshot_mgmt_reserved;
static int hf_smb2_fscc_refs_snapshot_mgmt_name;
static int hf_smb2_fscc_refs_snapshot_query_delta_buffer_startvcn;
static int hf_smb2_fscc_refs_snapshot_query_delta_buffer_flags;
static int hf_smb2_fscc_refs_snapshot_query_delta_buffer_reserved;
static int hf_smb2_flush_reserved2;
static int hf_smb2_file_id_hash;
static int hf_smb2_num_matched;
static int hf_smb2_blobs;
static int hf_smb2_dfs_max_referral_level;
static int hf_smb2_dfs_request_flags;
static int hf_smb2_dfs_request_data_len;
static int hf_smb2_dfs_request_data;
static int hf_smb2_dfs_request_data_file;
static int hf_smb2_dfs_filename_len;
static int hf_smb2_dfs_request_data_site;
static int hf_smb2_dfs_sitename_len;
static int hf_smb2_dfs_sitename;

static int ett_smb2;
static int ett_smb2_olb;
static int ett_smb2_ea;
static int ett_smb2_header;
static int ett_smb2_encrypted;
static int ett_smb2_compressed;
static int ett_smb2_decompressed;
static int ett_smb2_command;
static int ett_smb2_secblob;
static int ett_smb2_negotiate_context_element;
static int ett_smb2_file_basic_info;
static int ett_smb2_file_standard_info;
static int ett_smb2_file_internal_info;
static int ett_smb2_file_ea_info;
static int ett_smb2_file_access_info;
static int ett_smb2_file_position_info;
static int ett_smb2_file_mode_info;
static int ett_smb2_file_alignment_info;
static int ett_smb2_file_all_info;
static int ett_smb2_file_allocation_info;
static int ett_smb2_file_endoffile_info;
static int ett_smb2_file_alternate_name_info;
static int ett_smb2_file_stream_info;
static int ett_smb2_file_pipe_info;
static int ett_smb2_file_pipe_local_info;
static int ett_smb2_file_pipe_remote_info;
static int ett_smb2_file_compression_info;
static int ett_smb2_file_network_open_info;
static int ett_smb2_file_attribute_tag_info;
static int ett_smb2_file_rename_info;
static int ett_smb2_file_link_info;
static int ett_smb2_file_disposition_info;
static int ett_smb2_file_full_ea_info;
static int ett_smb2_file_normalized_name_info;
static int ett_smb2_fs_info_01;
static int ett_smb2_fs_info_03;
static int ett_smb2_fs_info_04;
static int ett_smb2_fs_info_05;
static int ett_smb2_fs_info_06;
static int ett_smb2_fs_info_07;
static int ett_smb2_fs_objectid_info;
static int ett_smb2_fs_posix_info;
static int ett_smb2_sec_info_00;
static int ett_smb2_additional_information_sec_mask;
static int ett_smb2_quota_info;
static int ett_smb2_query_quota_info;
static int ett_smb2_tid_tree;
static int ett_smb2_sesid_tree;
static int ett_smb2_create_chain_element;
static int ett_smb2_MxAc_buffer;
static int ett_smb2_QFid_buffer;
static int ett_smb2_RqLs_buffer;
static int ett_smb2_ioctl_function;
static int ett_smb2_FILE_OBJECTID_BUFFER;
static int ett_smb2_flags;
static int ett_smb2_sec_mode;
static int ett_smb2_capabilities;
static int ett_smb2_ses_req_flags;
static int ett_smb2_ses_flags;
static int ett_smb2_lease_state;
static int ett_smb2_lease_flags;
static int ett_smb2_share_flags;
static int ett_smb2_create_rep_flags;
static int ett_smb2_share_caps;
static int ett_smb2_comp_alg_flags;
static int ett_smb2_ioctl_flags;
static int ett_smb2_ioctl_network_interface;
static int ett_smb2_ioctl_sqos_opeations;
static int ett_smb2_fsctl_range_data;
static int ett_windows_sockaddr;
static int ett_smb2_close_flags;
static int ett_smb2_notify_info;
static int ett_smb2_notify_flags;
static int ett_smb2_write_flags;
static int ett_smb2_rdma_v1;
static int ett_smb2_DH2Q_buffer;
static int ett_smb2_DH2C_buffer;
static int ett_smb2_dh2x_flags;
static int ett_smb2_APP_INSTANCE_buffer;
static int ett_smb2_svhdx_open_device_context;
static int ett_smb2_app_instance_version_buffer;
static int ett_smb2_app_instance_version_buffer_version;
static int ett_smb2_aapl_create_context_request;
static int ett_smb2_aapl_server_query_bitmask;
static int ett_smb2_aapl_server_query_caps;
static int ett_smb2_aapl_create_context_response;
static int ett_smb2_aapl_server_query_volume_caps;
static int ett_smb2_integrity_flags;
static int ett_smb2_find_flags;
static int ett_smb2_file_directory_info;
static int ett_smb2_both_directory_info;
static int ett_smb2_id_both_directory_info;
static int ett_smb2_full_directory_info;
static int ett_smb2_posix_info;
static int ett_smb2_file_name_info;
static int ett_smb2_lock_info;
static int ett_smb2_lock_flags;
static int ett_smb2_buffercode;
static int ett_smb2_ioctl_network_interface_capabilities;
static int ett_smb2_tree_connect_flags;
static int ett_qfr_entry;
static int ett_smb2_pipe_fragment;
static int ett_smb2_pipe_fragments;
static int ett_smb2_cchunk_entry;
static int ett_smb2_fsctl_odx_token;
static int ett_smb2_symlink_error_response;
static int ett_smb2_reparse_data_buffer;
static int ett_smb2_error_data;
static int ett_smb2_error_context;
static int ett_smb2_error_redir_context;
static int ett_smb2_error_redir_ip_list;
static int ett_smb2_read_flags;
static int ett_smb2_signature;
static int ett_smb2_transform_flags;
static int ett_smb2_fscc_file_attributes;
static int ett_smb2_comp_payload;
static int ett_smb2_comp_pattern_v1;
static int ett_smb2_query_info_flags;
static int ett_smb2_server_notification;
static int ett_smb2_fscc_refs_snapshot_query_delta_buffer;
static int ett_smb2_fid_str;
static int ett_smb2_fsctl_dfs_get_referrals_ex_request_data;
static int ett_smb2_fsctl_dfs_get_referrals_ex_filename;
static int ett_smb2_fsctl_dfs_get_referrals_ex_sitename;

static expert_field ei_smb2_invalid_length;
static expert_field ei_smb2_bad_response;
static expert_field ei_smb2_bad_negprot_negotiate_context_count;
static expert_field ei_smb2_bad_negprot_negotiate_context_offset;
static expert_field ei_smb2_bad_negprot_reserved;
static expert_field ei_smb2_bad_negprot_reserved2;
static expert_field ei_smb2_invalid_getinfo_offset;
static expert_field ei_smb2_invalid_getinfo_size;
static expert_field ei_smb2_empty_getinfo_buffer;
static expert_field ei_smb2_invalid_signature;

static int smb2_tap;
static int smb2_eo_tap;

static dissector_handle_t gssapi_handle;
static dissector_handle_t ntlmssp_handle;
static dissector_handle_t rsvd_handle;

static heur_dissector_list_t smb2_pipe_subdissector_list;

static const fragment_items smb2_pipe_frag_items = {
  &ett_smb2_pipe_fragment,
  &ett_smb2_pipe_fragments,
  &hf_smb2_pipe_fragments,
  &hf_smb2_pipe_fragment,
  &hf_smb2_pipe_fragment_overlap,
  &hf_smb2_pipe_fragment_overlap_conflict,
  &hf_smb2_pipe_fragment_multiple_tails,
  &hf_smb2_pipe_fragment_too_long_fragment,
  &hf_smb2_pipe_fragment_error,
  &hf_smb2_pipe_fragment_count,
  &hf_smb2_pipe_reassembled_in,
  &hf_smb2_pipe_reassembled_length,
  &hf_smb2_pipe_reassembled_data,
  "Fragments"
};

#define FILE_BYTE_ALIGNMENT 0x00
#define FILE_WORD_ALIGNMENT 0x01
#define FILE_LONG_ALIGNMENT 0x03
#define FILE_QUAD_ALIGNMENT 0x07
#define FILE_OCTA_ALIGNMENT 0x0f
#define FILE_32_BYTE_ALIGNMENT 0x1f
#define FILE_64_BYTE_ALIGNMENT 0x3f
#define FILE_128_BYTE_ALIGNMENT 0x7f
#define FILE_256_BYTE_ALIGNMENT 0xff
#define FILE_512_BYTE_ALIGNMENT 0x1ff
static const value_string smb2_alignment_vals[] = {
  { FILE_BYTE_ALIGNMENT,     "FILE_BYTE_ALIGNMENT" },
  { FILE_WORD_ALIGNMENT,     "FILE_WORD_ALIGNMENT" },
  { FILE_LONG_ALIGNMENT,     "FILE_LONG_ALIGNMENT" },
  { FILE_OCTA_ALIGNMENT,     "FILE_OCTA_ALIGNMENT" },
  { FILE_32_BYTE_ALIGNMENT,  "FILE_32_BYTE_ALIGNMENT" },
  { FILE_64_BYTE_ALIGNMENT,  "FILE_64_BYTE_ALIGNMENT" },
  { FILE_128_BYTE_ALIGNMENT, "FILE_128_BYTE_ALIGNMENT" },
  { FILE_256_BYTE_ALIGNMENT, "FILE_256_BYTE_ALIGNMENT" },
  { FILE_512_BYTE_ALIGNMENT, "FILE_512_BYTE_ALIGNMENT" },
  { 0, NULL }
};


#define SMB2_CLASS_FILE_INFO  0x01
#define SMB2_CLASS_FS_INFO  0x02
#define SMB2_CLASS_SEC_INFO 0x03
#define SMB2_CLASS_QUOTA_INFO 0x04
static const value_string smb2_class_vals[] = {
  { SMB2_CLASS_FILE_INFO, "FILE_INFO"},
  { SMB2_CLASS_FS_INFO, "FS_INFO"},
  { SMB2_CLASS_SEC_INFO,  "SEC_INFO"},
  { SMB2_CLASS_QUOTA_INFO, "QUOTA_INFO"},
  { 0, NULL }
};

#define SMB2_SHARE_TYPE_DISK  0x01
#define SMB2_SHARE_TYPE_PIPE  0x02
#define SMB2_SHARE_TYPE_PRINT 0x03
static const value_string smb2_share_type_vals[] = {
  { SMB2_SHARE_TYPE_DISK,   "Physical disk" },
  { SMB2_SHARE_TYPE_PIPE,   "Named pipe" },
  { SMB2_SHARE_TYPE_PRINT,  "Printer" },
  { 0, NULL }
};


#define SMB2_FILE_BASIC_INFO          0x04
#define SMB2_FILE_STANDARD_INFO       0x05
#define SMB2_FILE_INTERNAL_INFO       0x06
#define SMB2_FILE_EA_INFO             0x07
#define SMB2_FILE_ACCESS_INFO         0x08
#define SMB2_FILE_RENAME_INFO         0x0a
#define SMB2_FILE_LINK_INFO           0x0b
#define SMB2_FILE_DISPOSITION_INFO    0x0d
#define SMB2_FILE_POSITION_INFO       0x0e
#define SMB2_FILE_FULL_EA_INFO        0x0f
#define SMB2_FILE_MODE_INFO           0x10
#define SMB2_FILE_ALIGNMENT_INFO      0x11
#define SMB2_FILE_ALL_INFO            0x12
#define SMB2_FILE_ALLOCATION_INFO     0x13
#define SMB2_FILE_ENDOFFILE_INFO      0x14
#define SMB2_FILE_ALTERNATE_NAME_INFO 0x15
#define SMB2_FILE_STREAM_INFO       0x16
#define SMB2_FILE_PIPE_INFO       0x17
#define SMB2_FILE_PIPE_LOCAL_INFO     0x18
#define SMB2_FILE_PIPE_REMOTE_INFO    0x19
#define SMB2_FILE_COMPRESSION_INFO    0x1c
#define SMB2_FILE_NETWORK_OPEN_INFO   0x22
#define SMB2_FILE_ATTRIBUTE_TAG_INFO  0x23
#define SMB2_FILE_NORMALIZED_NAME_INFO 0x30
#define SMB2_FILE_POSIX_INFO          0x64
#define SMB2_FILE_ID_INFO       0x3b
#define SMB2_FILE_BOTH_DIRECTORY_INFO 0x03
#define SMB2_FILE_DIRECTORY_INFO      0x01
#define SMB2_FILE_FULL_DIRECTORY_INFO 0x02
#define SMB2_FILE_FULL_HARD_LINK_INFO 0x2e
#define SMB2_FILE_ID_BOTH_DIRECTORY_INFO 0x25
#define SMB2_FILE_ID_EXTD_DIRECTORY_INFO 0x3c
#define SMB2_FILE_ID_FULL_DIRECTORY_INFO 0x26
#define SMB2_FILE_ID_GLOBAL_TX_DIRECTORY_INFO 0x32
#define SMB2_FILE_LINK_INFO       0x0b
#define SMB2_FILE_MAIL_SLOT_SET_INFO  0x1b
#define SMB2_FILE_MOVE_CLUSTER_INFO 0x1f
#define SMB2_FILE_NAME_INFO   0x09
#define SMB2_FILE_NAMES_INFO    0x0c
#define SMB2_FILE_OBJECTID_INFO   0x1d
#define SMB2_FILE_QUOTA_INFO    0x20
#define SMB2_FILE_REPARSE_POINT_INFO  0x21
#define SMB2_FILE_SFIO_RESERVE_INFO 0x2c
#define SMB2_FILE_SFIO_VOLUME_INFO  0x2d
#define SMB2_FILE_SHORT_NAME_INFO 0x28
#define SMB2_FILE_STANDARD_LINK_INFO  0x36
#define SMB2_FILE_TRACKING_INFO   0x24
#define SMB2_VALID_DATA_LENGTH_INFO 0x27

static const value_string smb2_file_info_levels[] = {
  {SMB2_FILE_DIRECTORY_INFO,  "SMB2_FILE_DIRECTORY_INFO"},
  {SMB2_FILE_FULL_DIRECTORY_INFO, "SMB2_FILE_FULL_DIRECTORY_INFO"},
  {SMB2_FILE_BOTH_DIRECTORY_INFO, "SMB2_FILE_BOTH_DIRECTORY_INFO"},
  {SMB2_FILE_BASIC_INFO,    "SMB2_FILE_BASIC_INFO" },
  {SMB2_FILE_STANDARD_INFO, "SMB2_FILE_STANDARD_INFO" },
  {SMB2_FILE_INTERNAL_INFO, "SMB2_FILE_INTERNAL_INFO" },
  {SMB2_FILE_EA_INFO,   "SMB2_FILE_EA_INFO" },
  {SMB2_FILE_ACCESS_INFO,   "SMB2_FILE_ACCESS_INFO" },
  {SMB2_FILE_NAME_INFO,   "SMB2_FILE_NAME_INFO"},
  {SMB2_FILE_RENAME_INFO,   "SMB2_FILE_RENAME_INFO" },
  {SMB2_FILE_LINK_INFO,   "SMB2_FILE_LINK_INFO" },
  {SMB2_FILE_NAMES_INFO,    "SMB2_FILE_NAMES_INFO"},
  {SMB2_FILE_DISPOSITION_INFO,  "SMB2_FILE_DISPOSITION_INFO" },
  {SMB2_FILE_POSITION_INFO, "SMB2_FILE_POSITION_INFO" },
  {SMB2_FILE_FULL_EA_INFO,  "SMB2_FILE_FULL_EA_INFO" },
  {SMB2_FILE_MODE_INFO,   "SMB2_FILE_MODE_INFO" },
  {SMB2_FILE_ALIGNMENT_INFO,  "SMB2_FILE_ALIGNMENT_INFO" },
  {SMB2_FILE_ALL_INFO,    "SMB2_FILE_ALL_INFO" },
  {SMB2_FILE_ALLOCATION_INFO, "SMB2_FILE_ALLOCATION_INFO" },
  {SMB2_FILE_ENDOFFILE_INFO,  "SMB2_FILE_ENDOFFILE_INFO" },
  {SMB2_FILE_ALTERNATE_NAME_INFO, "SMB2_FILE_ALTERNATE_NAME_INFO" },
  {SMB2_FILE_STREAM_INFO,   "SMB2_FILE_STREAM_INFO" },
  {SMB2_FILE_PIPE_INFO,   "SMB2_FILE_PIPE_INFO" },
  {SMB2_FILE_PIPE_LOCAL_INFO, "SMB2_FILE_PIPE_LOCAL_INFO"},
  {SMB2_FILE_PIPE_REMOTE_INFO,  "SMB2_FILE_PIPE_REMOTE_INFO"},
  {SMB2_FILE_MAIL_SLOT_SET_INFO,  "SMB2_FILE_MAIL_SLOT_SET_INFO"},
  {SMB2_FILE_COMPRESSION_INFO,  "SMB2_FILE_COMPRESSION_INFO" },
  {SMB2_FILE_OBJECTID_INFO, "SMB2_FILE_OBJECTID_INFO"},
  {SMB2_FILE_MOVE_CLUSTER_INFO, "SMB2_FILE_MOVE_CLUSTER_INFO"},
  {SMB2_FILE_QUOTA_INFO,    "SMB2_FILE_QUOTA_INFO"},
  {SMB2_FILE_REPARSE_POINT_INFO,  "SMB2_FILE_REPARSE_POINT_INFO"},
  {SMB2_FILE_NETWORK_OPEN_INFO, "SMB2_FILE_NETWORK_OPEN_INFO" },
  {SMB2_FILE_ATTRIBUTE_TAG_INFO,  "SMB2_FILE_ATTRIBUTE_TAG_INFO" },
  {SMB2_FILE_TRACKING_INFO, "SMB2_FILE_TRACKING_INFO"},
  {SMB2_FILE_ID_BOTH_DIRECTORY_INFO,"SMB2_FILE_ID_BOTH_DIRECTORY_INFO" },
  {SMB2_FILE_ID_FULL_DIRECTORY_INFO, "SMB2_FILE_ID_FULL_DIRECTORY_INFO"},
  {SMB2_VALID_DATA_LENGTH_INFO, "SMB2_VALID_DATA_LENGTH_INFO"},
  {SMB2_FILE_SHORT_NAME_INFO, "SMB2_FILE_SHORT_NAME_INFO"},
  {SMB2_FILE_SFIO_RESERVE_INFO, "SMB2_FILE_SFIO_RESERVE_INFO"},
  {SMB2_FILE_SFIO_VOLUME_INFO,  "SMB2_FILE_SFIO_VOLUME_INFO"},
  {SMB2_FILE_FULL_HARD_LINK_INFO, "SMB2_FILE_FULL_HARD_LINK_INFO"},
  {SMB2_FILE_NORMALIZED_NAME_INFO,"SMB2_FILE_NORMALIZED_NAME_INFO" },
  {SMB2_FILE_ID_GLOBAL_TX_DIRECTORY_INFO, "SMB2_FILE_ID_GLOBAL_TX_DIRECTORY_INFO"},
  {SMB2_FILE_STANDARD_LINK_INFO,  "SMB2_FILE_STANDARD_LINK_INFO"},
  {SMB2_FILE_ID_INFO,   "SMB2_FILE_ID_INFO"},
  {SMB2_FILE_ID_EXTD_DIRECTORY_INFO,"SMB2_FILE_ID_EXTD_DIRECTORY_INFO"},
  {SMB2_FILE_POSIX_INFO,    "SMB2_FILE_POSIX_INFO" },
  { 0, NULL }
};
static value_string_ext smb2_file_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_file_info_levels);



#define SMB2_FS_INFO_01     0x01
#define SMB2_FS_LABEL_INFO    0x02
#define SMB2_FS_INFO_03     0x03
#define SMB2_FS_INFO_04     0x04
#define SMB2_FS_INFO_05     0x05
#define SMB2_FS_INFO_06     0x06
#define SMB2_FS_INFO_07     0x07
#define SMB2_FS_OBJECTID_INFO   0x08
#define SMB2_FS_DRIVER_PATH_INFO  0x09
#define SMB2_FS_VOLUME_FLAGS_INFO 0x0a
#define SMB2_FS_SECTOR_SIZE_INFO  0x0b
#define SMB2_FS_POSIX_INFO    0x64

static const value_string smb2_fs_info_levels[] = {
  {SMB2_FS_INFO_01,   "FileFsVolumeInformation" },
  {SMB2_FS_LABEL_INFO,    "FileFsLabelInformation" },
  {SMB2_FS_INFO_03,   "FileFsSizeInformation" },
  {SMB2_FS_INFO_04,   "FileFsDeviceInformation" },
  {SMB2_FS_INFO_05,   "FileFsAttributeInformation" },
  {SMB2_FS_INFO_06,   "FileFsControlInformation" },
  {SMB2_FS_INFO_07,   "FileFsFullSizeInformation" },
  {SMB2_FS_OBJECTID_INFO,   "FileFsObjectIdInformation" },
  {SMB2_FS_DRIVER_PATH_INFO,  "FileFsDriverPathInformation" },
  {SMB2_FS_VOLUME_FLAGS_INFO, "FileFsVolumeFlagsInformation" },
  {SMB2_FS_SECTOR_SIZE_INFO,  "FileFsSectorSizeInformation" },
  {SMB2_FS_POSIX_INFO,    "FileFsPosixInformation" },
  { 0, NULL }
};
static value_string_ext smb2_fs_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_fs_info_levels);

#define SMB2_SEC_INFO_00  0x00
static const value_string smb2_sec_info_levels[] = {
  {SMB2_SEC_INFO_00,  "SMB2_SEC_INFO_00" },
  { 0, NULL }
};
static value_string_ext smb2_sec_info_levels_ext = VALUE_STRING_EXT_INIT(smb2_sec_info_levels);

#define SMB2_FIND_DIRECTORY_INFO         0x01
#define SMB2_FIND_FULL_DIRECTORY_INFO    0x02
#define SMB2_FIND_BOTH_DIRECTORY_INFO    0x03
#define SMB2_FIND_INDEX_SPECIFIED        0x04
#define SMB2_FIND_NAME_INFO              0x0C
#define SMB2_FIND_ID_BOTH_DIRECTORY_INFO 0x25
#define SMB2_FIND_ID_FULL_DIRECTORY_INFO 0x26
#define SMB2_FIND_POSIX_INFO             0x64
static const value_string smb2_find_info_levels[] = {
  { SMB2_FIND_DIRECTORY_INFO,   "SMB2_FIND_DIRECTORY_INFO" },
  { SMB2_FIND_FULL_DIRECTORY_INFO,  "SMB2_FIND_FULL_DIRECTORY_INFO" },
  { SMB2_FIND_BOTH_DIRECTORY_INFO,  "SMB2_FIND_BOTH_DIRECTORY_INFO" },
  { SMB2_FIND_INDEX_SPECIFIED,    "SMB2_FIND_INDEX_SPECIFIED" },
  { SMB2_FIND_NAME_INFO,      "SMB2_FIND_NAME_INFO" },
  { SMB2_FIND_ID_BOTH_DIRECTORY_INFO, "SMB2_FIND_ID_BOTH_DIRECTORY_INFO" },
  { SMB2_FIND_ID_FULL_DIRECTORY_INFO, "SMB2_FIND_ID_FULL_DIRECTORY_INFO" },
  { SMB2_FIND_POSIX_INFO,     "SMB2_FIND_POSIX_INFO" },
  { 0, NULL }
};

#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES 0x0001
#define SMB2_ENCRYPTION_CAPABILITIES        0x0002
#define SMB2_COMPRESSION_CAPABILITIES       0x0003
#define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID   0x0005
#define SMB2_TRANSPORT_CAPABILITIES         0x0006
#define SMB2_RDMA_TRANSFORM_CAPABILITIES    0x0007
#define SMB2_SIGNING_CAPABILITIES           0x0008
#define SMB2_POSIX_EXTENSIONS_CAPABILITIES  0x0100
static const value_string smb2_negotiate_context_types[] = {
  { SMB2_PREAUTH_INTEGRITY_CAPABILITIES,  "SMB2_PREAUTH_INTEGRITY_CAPABILITIES" },
  { SMB2_ENCRYPTION_CAPABILITIES, "SMB2_ENCRYPTION_CAPABILITIES" },
  { SMB2_COMPRESSION_CAPABILITIES, "SMB2_COMPRESSION_CAPABILITIES" },
  { SMB2_NETNAME_NEGOTIATE_CONTEXT_ID, "SMB2_NETNAME_NEGOTIATE_CONTEXT_ID" },
  { SMB2_TRANSPORT_CAPABILITIES, "SMB2_TRANSPORT_CAPABILITIES" },
  { SMB2_RDMA_TRANSFORM_CAPABILITIES, "SMB2_RDMA_TRANSFORM_CAPABILITIES" },
  { SMB2_SIGNING_CAPABILITIES, "SMB2_SIGNING_CAPABILITIES" },
  { SMB2_POSIX_EXTENSIONS_CAPABILITIES, "SMB2_POSIX_EXTENSIONS_CAPABILITIES" },
  { 0, NULL }
};

#define SMB2_HASH_ALGORITHM_SHA_512    0x0001
static const value_string smb2_hash_algorithm_types[] = {
  { SMB2_HASH_ALGORITHM_SHA_512, "SHA-512" },
  { 0, NULL }
};

#define SMB2_SIGNING_ALG_HMAC_SHA256 0x0000
#define SMB2_SIGNING_ALG_AES_CMAC    0x0001
#define SMB2_SIGNING_ALG_AES_GMAC    0x0002
static const value_string smb2_signing_alg_types[] = {
  { SMB2_SIGNING_ALG_HMAC_SHA256, "HMAC-SHA256" },
  { SMB2_SIGNING_ALG_AES_CMAC,    "AES-CMAC" },
  { SMB2_SIGNING_ALG_AES_GMAC,    "AES-GMAC" },
  { 0, NULL },
};

#define SMB2_CIPHER_AES_128_CCM        0x0001
#define SMB2_CIPHER_AES_128_GCM        0x0002
#define SMB2_CIPHER_AES_256_CCM        0x0003
#define SMB2_CIPHER_AES_256_GCM        0x0004
static const value_string smb2_cipher_types[] = {
  { SMB2_CIPHER_AES_128_CCM, "AES-128-CCM" },
  { SMB2_CIPHER_AES_128_GCM, "AES-128-GCM" },
  { SMB2_CIPHER_AES_256_CCM, "AES-256-CCM" },
  { SMB2_CIPHER_AES_256_GCM, "AES-256-GCM" },
  { 0, NULL }
};

#define SMB2_TRANSFORM_FLAGS_ENCRYPTED        0x0001
static int * const smb2_transform_flags[] = {
  &hf_smb2_transform_flags_encrypted,
  NULL,
};

#define SMB2_COMP_ALG_FLAGS_CHAINED  0x00000001

#define SMB2_COMP_ALG_NONE        0x0000
#define SMB2_COMP_ALG_LZNT1       0x0001
#define SMB2_COMP_ALG_LZ77        0x0002
#define SMB2_COMP_ALG_LZ77HUFF    0x0003
#define SMB2_COMP_ALG_PATTERN_V1  0x0004
static const value_string smb2_comp_alg_types[] = {
  { SMB2_COMP_ALG_NONE, "None" },
  { SMB2_COMP_ALG_LZNT1, "LZNT1" },
  { SMB2_COMP_ALG_LZ77, "LZ77" },
  { SMB2_COMP_ALG_LZ77HUFF, "LZ77+Huffman" },
  { SMB2_COMP_ALG_PATTERN_V1, "Pattern_V1" },
  { 0, NULL }
};

#define SMB2_COMP_FLAG_NONE    0x0000
#define SMB2_COMP_FLAG_CHAINED 0x0001
static const value_string smb2_comp_transform_flags_vals[] = {
  { SMB2_COMP_FLAG_NONE, "None" },
  { SMB2_COMP_FLAG_CHAINED, "Chained" },
  { 0, NULL }
};

#define SMB2_RDMA_TRANSFORM_NONE       0x0000
#define SMB2_RDMA_TRANSFORM_ENCRYPTION 0x0001
#define SMB2_RDMA_TRANSFORM_SIGNING    0x0002
static const value_string smb2_rdma_transform_types[] = {
  { SMB2_RDMA_TRANSFORM_NONE, "None" },
  { SMB2_RDMA_TRANSFORM_ENCRYPTION, "Encryption" },
  { SMB2_RDMA_TRANSFORM_SIGNING, "Signing" },
  { 0, NULL }
};

#define OPLOCK_BREAK_OPLOCK_STRUCTURE_SIZE 24               /* [MS-SMB2] 2.2.23.1, 2.2.24.1 and 2.2.25.1 */
#define OPLOCK_BREAK_LEASE_NOTIFICATION_STRUCTURE_SIZE 44   /* [MS-SMB2] 2.2.23.2 Lease Break Notification */
#define OPLOCK_BREAK_LEASE_ACKNOWLEDGMENT_STRUCTURE_SIZE 36 /* [MS-SMB2] 2.2.24.2 Lease Break Acknowledgment */
#define OPLOCK_BREAK_LEASE_RESPONSE_STRUCTURE_SIZE 36       /* [MS-SMB2] 2.2.25.2 Lease Break Response */

static const val64_string unique_unsolicited_response[] = {
  { 0xffffffffffffffff, "unsolicited response" },
  { 0, NULL }
};

#define SMB2_ERROR_ID_DEFAULT 0x00000000
#define SMB2_ERROR_ID_SHARE_REDIRECT 0x72645253
static const value_string smb2_error_id_vals[] = {
  { SMB2_ERROR_ID_DEFAULT, "ERROR_ID_DEFAULT" },
  { SMB2_ERROR_ID_SHARE_REDIRECT, "ERROR_ID_SHARE_REDIRECT" },
  { 0, NULL }
};

#define SMB2_ACCEPT_TRANSPORT_LEVEL_SECURITY 0x00000001
static const value_string smb2_transport_ctx_flags_vals[] = {
  { SMB2_ACCEPT_TRANSPORT_LEVEL_SECURITY, "SMB2_ACCEPT_TRANSPORT_LEVEL_SECURITY" },
  { 0, NULL }
};

#define REPARSE_TAG_RESERVED_ZERO      0x00000000 /* Reserved reparse tag value. */
#define REPARSE_TAG_RESERVED_ONE       0x00000001 /* Reserved reparse tag value. */
#define REPARSE_TAG_MOUNT_POINT        0xA0000003 /* Used for mount point */
#define REPARSE_TAG_HSM                0xC0000004 /* Obsolete. Used by legacy Hierarchical Storage Manager Product. */
#define REPARSE_TAG_DRIVER_EXTENDER    0x80000005 /* Home server drive extender. */
#define REPARSE_TAG_HSM2               0x80000006 /* Obsolete. Used by legacy Hierarchical Storage Manager Product. */
#define REPARSE_TAG_SIS                0x80000007 /* Used by single-instance storage (SIS) filter driver. */
#define REPARSE_TAG_DFS                0x8000000A /* Used by the DFS filter. */
#define REPARSE_TAG_FILTER_MANAGER     0x8000000B /* Used by filter manager test harness */
#define REPARSE_TAG_SYMLINK            0xA000000C /* Used for symbolic link support. */
#define REPARSE_TAG_DFSR               0x80000012 /* Used by the DFS filter. */
#define REPARSE_TAG_NFS                0x80000014 /* Used by the Network File System (NFS) component. */
#define REPARSE_TAG_LX_SYMLINK         0xA000001D /* WSL symbolic link */
#define REPARSE_TAG_AF_UNIX            0x80000023 /* WSL unix socket */
#define REPARSE_TAG_LX_FIFO            0x80000024 /* WSL fifo pipe */
#define REPARSE_TAG_LX_CHR             0x80000025 /* WSL char device */
#define REPARSE_TAG_LX_BLK             0x80000026 /* WSL block device */
static const value_string reparse_tag_vals[] = {
  { REPARSE_TAG_RESERVED_ZERO,   "REPARSE_TAG_RESERVED_ZERO"},
  { REPARSE_TAG_RESERVED_ONE,    "REPARSE_TAG_RESERVED_ONE"},
  { REPARSE_TAG_MOUNT_POINT,     "REPARSE_TAG_MOUNT_POINT"},
  { REPARSE_TAG_HSM,             "REPARSE_TAG_HSM"},
  { REPARSE_TAG_DRIVER_EXTENDER, "REPARSE_TAG_DRIVER_EXTENDER"},
  { REPARSE_TAG_HSM2,            "REPARSE_TAG_HSM2"},
  { REPARSE_TAG_SIS,             "REPARSE_TAG_SIS"},
  { REPARSE_TAG_DFS,             "REPARSE_TAG_DFS"},
  { REPARSE_TAG_FILTER_MANAGER,  "REPARSE_TAG_FILTER_MANAGER"},
  { REPARSE_TAG_SYMLINK,         "REPARSE_TAG_SYMLINK"},
  { REPARSE_TAG_DFSR,            "REPARSE_TAG_DFSR"},
  { REPARSE_TAG_NFS,             "REPARSE_TAG_NFS"},
  { REPARSE_TAG_LX_SYMLINK,      "REPARSE_TAG_LX_SYMLINK"},
  { REPARSE_TAG_AF_UNIX,         "REPARSE_TAG_AF_UNIX"},
  { REPARSE_TAG_LX_FIFO,         "REPARSE_TAG_LX_FIFO"},
  { REPARSE_TAG_LX_CHR,          "REPARSE_TAG_LX_CHR"},
  { REPARSE_TAG_LX_BLK,          "REPARSE_TAG_LX_BLK"},
  { 0, NULL }
};

#define NFS_SPECFILE_LNK 0x00000000014B4E4C
#define NFS_SPECFILE_CHR 0x0000000000524843
#define NFS_SPECFILE_BLK 0x00000000004B4C42
#define NFS_SPECFILE_FIFO 0x000000004F464946
#define NFS_SPECFILE_SOCK 0x000000004B434F53
static const val64_string nfs_type_vals[] = {
  { NFS_SPECFILE_LNK,  "Symbolic Link" },
  { NFS_SPECFILE_CHR,  "Character Device" },
  { NFS_SPECFILE_BLK,  "Block Device" },
  { NFS_SPECFILE_FIFO, "FIFO" },
  { NFS_SPECFILE_SOCK, "UNIX Socket" },
  { 0, NULL }
};

#define SMB2_NUM_PROCEDURES     256
#define MAX_UNCOMPRESSED_SIZE (1<<24) /* 16MB */

#define SMB2_DIALECT_202  0x0202
#define SMB2_DIALECT_210  0x0210
#define SMB2_DIALECT_2FF  0x02FF
#define SMB2_DIALECT_222  0x0222
#define SMB2_DIALECT_224  0x0224
#define SMB2_DIALECT_300  0x0300
#define SMB2_DIALECT_302  0x0302
#define SMB2_DIALECT_310  0x0310
#define SMB2_DIALECT_311  0x0311

static const value_string smb2_dialect_vals[] = {
  { SMB2_DIALECT_202, "SMB 2.0.2" },
  { SMB2_DIALECT_210, "SMB 2.1" },
  { SMB2_DIALECT_2FF, "SMB2 wildcard" },
  { SMB2_DIALECT_222, "SMB 2.2.2 (deprecated; should be 3.0)" },
  { SMB2_DIALECT_224, "SMB 2.2.4 (deprecated; should be 3.0)" },
  { SMB2_DIALECT_300, "SMB 3.0" },
  { SMB2_DIALECT_302, "SMB 3.0.2" },
  { SMB2_DIALECT_310, "SMB 3.1.0 (deprecated; should be 3.1.1)" },
  { SMB2_DIALECT_311, "SMB 3.1.1" },
  { 0, NULL }
};

static const value_string smb2_fsctl_infoex_integrity_modes[] = {
  { 0x00, "CHECKSUM_TYPE_NONE" },
  { 0x01, "CHECKSUM_TYPE_CRC32_OR_CRC64" },
  { 0, NULL }
};

static const value_string smb2_fsctl_infoex_integrity_state[] = {
  { 0x00, "Change state" },
  { 0x01, "No state change" },
  { 0, NULL }
};

#define SMB2_SL_RESTART_SCAN    0x00000001
#define SMB2_SL_RETURN_SINGLE_ENTRY 0x00000002
#define SL_INDEX_SPECIFIED      0x00000004

#define NOTIFY_SESSION_CLOSED   0x0
static const value_string server_notification_types[] = {
  { NOTIFY_SESSION_CLOSED, "SmbNotifySessionClosed" },
  { 0, NULL }
};

#define REFS_STREAM_SNAPSHOT_OPERATION_INVALID        0x00000000
#define REFS_STREAM_SNAPSHOT_OPERATION_CREATE       0x00000001
#define REFS_STREAM_SNAPSHOT_OPERATION_LIST         0x00000002
#define REFS_STREAM_SNAPSHOT_OPERATION_QUERY_DELTAS     0x00000003
#define REFS_STREAM_SNAPSHOT_OPERATION_REVERT       0x00000004
#define REFS_STREAM_SNAPSHOT_OPERATION_SET_SHADOW_BTREE   0x00000005
#define REFS_STREAM_SNAPSHOT_OPERATION_CLEAR_SHADOW_BTREE   0x00000006

static const value_string refs_stream_snapshot_operation_types[] = {
  { REFS_STREAM_SNAPSHOT_OPERATION_INVALID, "Invalid" },
  { REFS_STREAM_SNAPSHOT_OPERATION_CREATE, "Create" },
  { REFS_STREAM_SNAPSHOT_OPERATION_LIST, "List" },
  { REFS_STREAM_SNAPSHOT_OPERATION_QUERY_DELTAS, "Query Deltas" },
  { REFS_STREAM_SNAPSHOT_OPERATION_REVERT, "Revert" },
  { REFS_STREAM_SNAPSHOT_OPERATION_SET_SHADOW_BTREE, "Set Shadow Btree" },
  { REFS_STREAM_SNAPSHOT_OPERATION_CLEAR_SHADOW_BTREE, "Clear Shadow Btree" },
  { 0, NULL }
};

#define FILE_FULL_EA_INFORMATION_FLAG_NONE    0x00000000
#define FILE_FULL_EA_INFORMATION_FLAG_NEED_EA   0x00000001

static const value_string file_full_ea_information_flags[] = {
  { FILE_FULL_EA_INFORMATION_FLAG_NONE, "None" },
  { FILE_FULL_EA_INFORMATION_FLAG_NEED_EA, "Need EA" },
  { 0, NULL }
};

static int dissect_windows_sockaddr_storage(tvbuff_t *, packet_info *, proto_tree *, int, int);
static void dissect_smb2_error_data(tvbuff_t *, packet_info *, proto_tree *, int, int, smb2_info_t *);
static unsigned smb2_eo_files_hash(const void *k);
static int smb2_eo_files_equal(const void *k1, const void *k2);

static void update_preauth_hash(void *buf, packet_info *pinfo, tvbuff_t *tvb)
{
  gcry_error_t err;
  gcry_md_hd_t md;
  void *pkt;

  err = gcry_md_open(&md, GCRY_MD_SHA512, 0);
  if (err)
    return;

  /* we dup in case of non-contiguous packet */
  pkt = tvb_memdup(pinfo->pool, tvb, 0, tvb_captured_length(tvb));
  gcry_md_write(md, buf, SMB2_PREAUTH_HASH_SIZE);
  gcry_md_write(md, pkt, tvb_captured_length(tvb));
  gcry_md_final(md);
  memcpy(buf, gcry_md_read(md, 0), SMB2_PREAUTH_HASH_SIZE);
  gcry_md_close(md);
}

static void
smb2stat_init(struct register_srt* srt _U_, GArray* srt_array)
{
  srt_stat_table *smb2_srt_table;
  uint32_t i;

  smb2_srt_table = init_srt_table("SMB2", NULL, srt_array, SMB2_NUM_PROCEDURES, "Commands", "smb2.cmd", NULL);
  for (i = 0; i < SMB2_NUM_PROCEDURES; i++)
  {
    init_srt_table_row(smb2_srt_table, i, val_to_str_ext_const(i, &smb2_cmd_vals_ext, "<unknown>"));
  }
}

static tap_packet_status
smb2stat_packet(void *pss, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv, tap_flags_t flags _U_)
{
  unsigned i = 0;
  srt_stat_table *smb2_srt_table;
  srt_data_t *data = (srt_data_t *)pss;
  const smb2_info_t *si=(const smb2_info_t *)prv;

  /* we are only interested in response packets */
  if(!(si->flags&SMB2_FLAGS_RESPONSE)){
    return TAP_PACKET_DONT_REDRAW;
  }
  /* We should not include cancel and oplock break requests either */
  if (si->opcode == SMB2_COM_CANCEL || si->opcode == SMB2_COM_BREAK) {
    return TAP_PACKET_DONT_REDRAW;
  }

  /* if we haven't seen the request, just ignore it */
  if(!si->saved){
    return TAP_PACKET_DONT_REDRAW;
  }

  /* SMB2 SRT can be very inaccurate in the presence of retransmissions. Retransmitted responses
   * not only add additional (bogus) transactions but also the latency associated with them.
   * This can greatly inflate the maximum and average SRT stats especially in the case of
   * retransmissions triggered by the expiry of the rexmit timer (RTOs). Only calculating SRT
   * for the last received response accomplishes this goal without requiring the TCP pref
   * "Do not call subdissectors for error packets" to be set. */
  if (si->saved->frame_res != pinfo->num)
    return TAP_PACKET_DONT_REDRAW;

  smb2_srt_table = g_array_index(data->srt_array, srt_stat_table*, i);
  add_srt_table_data(smb2_srt_table, si->opcode, &si->saved->req_time, pinfo);
  return TAP_PACKET_REDRAW;
}

/* Structure for SessionID <=> SessionKey mapping for decryption. */
typedef struct _smb2_seskey_field_t {
  /* session id */
  unsigned char *id;    /* *little-endian* - not necessarily host-endian! */
  unsigned id_len;
  /* session key */
  unsigned char *seskey;
  unsigned seskey_len;
  /* server to client key */
  unsigned char *s2ckey;
  unsigned s2ckey_len;
  /* client to server key */
  unsigned char *c2skey;
  unsigned c2skey_len;
} smb2_seskey_field_t;

static smb2_seskey_field_t *seskey_list;
static unsigned num_seskey_list;

static const int8_t zeros[NTLMSSP_KEY_LEN] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};

/* Callbacks for SessionID <=> SessionKey mapping. */
UAT_BUFFER_CB_DEF(seskey_list, id, smb2_seskey_field_t, id, id_len)
UAT_BUFFER_CB_DEF(seskey_list, seskey, smb2_seskey_field_t, seskey, seskey_len)
UAT_BUFFER_CB_DEF(seskey_list, s2ckey, smb2_seskey_field_t, s2ckey, s2ckey_len)
UAT_BUFFER_CB_DEF(seskey_list, c2skey, smb2_seskey_field_t, c2skey, c2skey_len)

#define SMB_SESSION_ID_SIZE 8

static bool seskey_list_update_cb(void *r, char **err)
{
  smb2_seskey_field_t *rec = (smb2_seskey_field_t *)r;
  bool has_seskey = rec->seskey_len != 0;
  bool has_s2ckey = rec->s2ckey_len != 0;
  bool has_c2skey = rec->c2skey_len != 0;

  *err = NULL;

  if (rec->id_len != SMB_SESSION_ID_SIZE) {
    *err = g_strdup("Session ID must be " G_STRINGIFY(SMB_SESSION_ID_SIZE) " bytes long and in hexadecimal");
    return false;
  }

  if (!has_seskey && !(has_c2skey || has_s2ckey)) {
    *err = g_strdup("Decryption requires either the Session Key or at least one of the client-server AES keys");
    return false;
  }


  if (rec->seskey_len > NTLMSSP_KEY_LEN) {
    *err = g_strdup("Session Key must be a hexadecimal string representing at most " G_STRINGIFY(NTLMSSP_KEY_LEN) " bytes");
    return false;
  }

  if (has_s2ckey && ((rec->s2ckey_len != AES_KEY_SIZE) && (rec->s2ckey_len != AES_KEY_SIZE*2))) {
    *err = g_strdup("Server-to-Client key must be a hexadecimal string representing "
        G_STRINGIFY(AES_KEY_SIZE) " or " G_STRINGIFY(AES_KEY_SIZE*2));
    return false;
  }

  if (has_c2skey && ((rec->c2skey_len != AES_KEY_SIZE) && (rec->c2skey_len != AES_KEY_SIZE*2))) {
    *err = g_strdup("Client-to-Server key must be a hexadecimal string representing "
        G_STRINGIFY(AES_KEY_SIZE) " or " G_STRINGIFY(AES_KEY_SIZE*2));
    return false;
  }

  return true;
}

static void* seskey_list_copy_cb(void *n, const void *o, size_t siz _U_)
{
  smb2_seskey_field_t *new_rec = (smb2_seskey_field_t *)n;
  const smb2_seskey_field_t *old_rec = (const smb2_seskey_field_t *)o;

  new_rec->id_len = old_rec->id_len;
  new_rec->id = old_rec->id ? (unsigned char *)g_memdup2(old_rec->id, old_rec->id_len) : NULL;
  new_rec->seskey_len = old_rec->seskey_len;
  new_rec->seskey = old_rec->seskey ? (unsigned char *)g_memdup2(old_rec->seskey, old_rec->seskey_len) : NULL;
  new_rec->s2ckey_len = old_rec->s2ckey_len;
  new_rec->s2ckey = old_rec->s2ckey ? (unsigned char *)g_memdup2(old_rec->s2ckey, old_rec->s2ckey_len) : NULL;
  new_rec->c2skey_len = old_rec->c2skey_len;
  new_rec->c2skey = old_rec->c2skey ? (unsigned char *)g_memdup2(old_rec->c2skey, old_rec->c2skey_len) : NULL;

  return new_rec;
}

static void seskey_list_free_cb(void *r)
{
  smb2_seskey_field_t *rec = (smb2_seskey_field_t *)r;

  g_free(rec->id);
  g_free(rec->seskey);
  g_free(rec->s2ckey);
  g_free(rec->c2skey);
}

static bool seskey_find_sid_key(uint64_t sesid, uint8_t *out_seskey,
            unsigned *out_seskey_len,
            uint8_t *out_s2ckey16,
            uint8_t *out_c2skey16,
            uint8_t *out_s2ckey32,
            uint8_t *out_c2skey32)
{
  unsigned i;
  uint64_t sesid_le;

  /*
   * The session IDs in the UAT are octet arrays, in little-endian
   * byte order (as it appears on the wire); they have been
   * checked to make sure they're 8 bytes (SMB_SESSION_ID_SIZE)
   * long.  They're *probably* aligned on an appropriate boundary,
   * but let's not assume that - let's just use memcmp().
   *
   * The session ID passed to us, however, is in *host* byte order.
   * This is *NOT* necessarily little-endian; it's big-endian on,
   * for example, System/390 and z/Architecture ("s390" and "s390x"
   * in Linuxland), SPARC, and most PowerPC systems.  We must,
   * therefore, put it into little-endian byte order before
   * comparing it with the IDs in the UAT values.
   */
  sesid_le = GUINT64_TO_LE(sesid);

  for (i = 0; i < num_seskey_list; i++) {
    const smb2_seskey_field_t *p = &seskey_list[i];
    if (memcmp(&sesid_le, p->id, SMB_SESSION_ID_SIZE) == 0) {
      *out_seskey_len = 0;
      memset(out_seskey, 0, NTLMSSP_KEY_LEN*2);
      memset(out_s2ckey16, 0, AES_KEY_SIZE);
      memset(out_c2skey16, 0, AES_KEY_SIZE);
      memset(out_s2ckey32, 0, AES_KEY_SIZE*2);
      memset(out_c2skey32, 0, AES_KEY_SIZE*2);

      if (p->seskey_len > 0 && p->seskey_len <= NTLMSSP_KEY_LEN*2) {
        memcpy(out_seskey, p->seskey, p->seskey_len);
        *out_seskey_len = p->seskey_len;
      }
      if (p->s2ckey_len == AES_KEY_SIZE)
        memcpy(out_s2ckey16, p->s2ckey, p->s2ckey_len);
      if (p->s2ckey_len == AES_KEY_SIZE*2)
        memcpy(out_s2ckey32, p->s2ckey, p->s2ckey_len);
      if (p->c2skey_len == AES_KEY_SIZE)
        memcpy(out_c2skey16, p->c2skey, p->c2skey_len);
      if (p->c2skey_len == AES_KEY_SIZE*2)
        memcpy(out_c2skey32, p->c2skey, p->c2skey_len);

      return true;
    }
  }

  return false;
}

/* ExportObject preferences variable */
bool eosmb2_take_name_as_fid = false ;

/* unmatched smb_saved_info structures.
   For unmatched smb_saved_info structures we store the smb_saved_info
   structure using the msg_id field.
*/
static int
smb2_saved_info_equal_unmatched(const void *k1, const void *k2)
{
  const smb2_saved_info_t *key1 = (const smb2_saved_info_t *)k1;
  const smb2_saved_info_t *key2 = (const smb2_saved_info_t *)k2;
  return key1->msg_id == key2->msg_id;
}
static unsigned
smb2_saved_info_hash_unmatched(const void *k)
{
  const smb2_saved_info_t *key = (const smb2_saved_info_t *)k;
  uint32_t hash;

  hash = (uint32_t) (key->msg_id&0xffffffff);
  return hash;
}

/* matched smb_saved_info structures.
   For matched smb_saved_info structures we store the smb_saved_info
   structure using the msg_id field.
*/
static int
smb2_saved_info_equal_matched(const void *k1, const void *k2)
{
  const smb2_saved_info_t *key1 = (const smb2_saved_info_t *)k1;
  const smb2_saved_info_t *key2 = (const smb2_saved_info_t *)k2;
  return key1->msg_id == key2->msg_id;
}
static unsigned
smb2_saved_info_hash_matched(const void *k)
{
  const smb2_saved_info_t *key = (const smb2_saved_info_t *)k;
  uint32_t hash;

  hash = (uint32_t) (key->msg_id&0xffffffff);
  return hash;
}

/* For Tids of a specific conversation.
   This keeps track of tid->sharename mappings and other information about the
   tid.
   qqq
   We might need to refine this if it occurs that tids are reused on a single
   conversation.   we don't worry about that yet for simplicity
*/
static int
smb2_tid_info_equal(const void *k1, const void *k2)
{
  const smb2_tid_info_t *key1 = (const smb2_tid_info_t *)k1;
  const smb2_tid_info_t *key2 = (const smb2_tid_info_t *)k2;
  return key1->tid == key2->tid;
}
static unsigned
smb2_tid_info_hash(const void *k)
{
  const smb2_tid_info_t *key = (const smb2_tid_info_t *)k;
  uint32_t hash;

  hash = key->tid;
  return hash;
}

/* For Uids of a specific conversation.
   This keeps track of uid->acct_name mappings and other information about the
   uid.
   qqq
   We might need to refine this if it occurs that uids are reused on a single
   conversation.   we don't worry about that yet for simplicity
*/
static int
smb2_sesid_info_equal(const void *k1, const void *k2)
{
  const smb2_sesid_info_t *key1 = (const smb2_sesid_info_t *)k1;
  const smb2_sesid_info_t *key2 = (const smb2_sesid_info_t *)k2;
  return key1->sesid == key2->sesid;
}
static unsigned
smb2_sesid_info_hash(const void *k)
{
  const smb2_sesid_info_t *key = (const smb2_sesid_info_t *)k;
  uint32_t hash;

  hash = (uint32_t)( ((key->sesid>>32)&0xffffffff)+((key->sesid)&0xffffffff) );
  return hash;
}

/*
 * For File IDs of a specific conversation.
 * This keeps track of fid to name mapping and application level conversations
 * over named pipes.
 *
 * This handles implementation bugs, where the fid_persitent is 0 or
 * the fid_persitent/fid_volative is not unique per conversation.
 */
static int
smb2_fid_info_equal(const void *k1, const void *k2)
{
  const smb2_fid_info_t *key = (const smb2_fid_info_t *)k1;
  const smb2_fid_info_t *val = (const smb2_fid_info_t *)k2;

  if (!key->frame_key) {
    key = (const smb2_fid_info_t *)k2;
    val = (const smb2_fid_info_t *)k1;
  }

  if (key->fid_persistent != val->fid_persistent) {
    return 0;
  }

  if (key->fid_volatile != val->fid_volatile) {
    return 0;
  }

  if (key->sesid != val->sesid) {
    return 0;
  }

  if (key->tid != val->tid) {
    return 0;
  }

  if (!(val->frame_beg <= key->frame_key && key->frame_key <= val->frame_end)) {
    return 0;
  }

  return 1;
}

static unsigned
smb2_fid_info_hash(const void *k)
{
  const smb2_fid_info_t *key = (const smb2_fid_info_t *)k;
  uint32_t hash;

  if (key->fid_persistent != 0) {
    hash = (uint32_t)( ((key->fid_persistent>>32)&0xffffffff)+((key->fid_persistent)&0xffffffff) );
  } else {
    hash = (uint32_t)( ((key->fid_volatile>>32)&0xffffffff)+((key->fid_volatile)&0xffffffff) );
  }

  return hash;
}

/* Callback for destroying the glib hash tables associated with a conversation
 * struct. */
static bool
smb2_conv_destroy(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_,
            void *user_data)
{
  smb2_conv_info_t *conv = (smb2_conv_info_t *)user_data;

  g_hash_table_destroy(conv->matched);
  g_hash_table_destroy(conv->unmatched);

  /* This conversation is gone, return false to indicate we don't
   * want to be called again for this conversation. */
  return false;
}

static smb2_sesid_info_t *
smb2_get_session(smb2_conv_info_t *conv _U_, uint64_t id, packet_info *pinfo, smb2_info_t *si)
{
  smb2_sesid_info_t key = {.sesid = id};
  smb2_sesid_info_t *ses = (smb2_sesid_info_t *)wmem_map_lookup(smb2_sessions, &key);

  if (!ses) {
    ses = wmem_new0(wmem_file_scope(), smb2_sesid_info_t);
    ses->sesid = id;
    ses->auth_frame = (uint32_t)-1;
    ses->tids = wmem_map_new(wmem_file_scope(), smb2_tid_info_hash, smb2_tid_info_equal);
    ses->fids = wmem_map_new(wmem_file_scope(), smb2_fid_info_hash, smb2_fid_info_equal);
    ses->files = wmem_map_new(wmem_file_scope(), smb2_eo_files_hash, smb2_eo_files_equal);

    ses->session_key_frame = UINT32_MAX;
    seskey_find_sid_key(id,
            ses->session_key,
            &ses->session_key_len,
            ses->client_decryption_key16,
            ses->server_decryption_key16,
            ses->client_decryption_key32,
            ses->server_decryption_key32);
    if (pinfo && si) {
      if (ses->session_key_len != 0) {
        ses->session_key_frame = pinfo->num;
      }
      if (si->flags & SMB2_FLAGS_RESPONSE) {
        ses->server_port = pinfo->srcport;
      } else {
        ses->server_port = pinfo->destport;
      }
    }
    wmem_map_insert(smb2_sessions, ses, ses);
  }

  return ses;
}

static void
smb2_add_session_info(proto_tree *ses_tree, proto_item *ses_item, tvbuff_t *tvb, int start, smb2_sesid_info_t *ses)
{
  proto_item  *new_item;
  if (!ses)
    return;

  if (ses->acct_name) {
    new_item = proto_tree_add_string(ses_tree, hf_smb2_acct_name, tvb, start, 0, ses->acct_name);
    proto_item_set_generated(new_item);
    proto_item_append_text(ses_item, " Acct:%s", ses->acct_name);
  }

  if (ses->domain_name) {
    new_item = proto_tree_add_string(ses_tree, hf_smb2_domain_name, tvb, start, 0, ses->domain_name);
    proto_item_set_generated(new_item);
    proto_item_append_text(ses_item, " Domain:%s", ses->domain_name);
  }

  if (ses->host_name) {
    new_item = proto_tree_add_string(ses_tree, hf_smb2_host_name, tvb, start, 0, ses->host_name);
    proto_item_set_generated(new_item);
    proto_item_append_text(ses_item, " Host:%s", ses->host_name);
  }

  if (ses->auth_frame != (uint32_t)-1) {
    new_item = proto_tree_add_uint(ses_tree, hf_smb2_auth_frame, tvb, start, 0, ses->auth_frame);
    proto_item_set_generated(new_item);
  }
}

static void smb2_key_derivation(const uint8_t *KI, uint32_t KI_len,
       const uint8_t *Label, uint32_t Label_len,
       const uint8_t *Context, uint32_t Context_len,
       uint8_t *KO, uint32_t KO_len)
{
  gcry_md_hd_t  hd     = NULL;
  uint8_t       buf[4];
  uint8_t      *digest = NULL;
  uint32_t      L;

  /*
   * a simplified version of
   * "NIST Special Publication 800-108" section 5.1
   * using hmac-sha256.
   */
   /* XXX This routine should indicate a success/failure indication, so that the failure of gcry_md_open()
    * can be reported to the caller.
    */
  if (gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC) != 0)
            return;
  gcry_md_setkey(hd, KI, KI_len);

  memset(buf, 0, sizeof(buf));
  buf[3] = 1;
  gcry_md_write(hd, buf, sizeof(buf));
  gcry_md_write(hd, Label, Label_len);
  gcry_md_write(hd, buf, 1);
  gcry_md_write(hd, Context, Context_len);
  L = KO_len * 8;
  memset(buf, 0, sizeof(buf));
  buf[3] = ((L) >> (0)) & 0xff;
  buf[2] = ((L) >> (8)) & 0xff;
  gcry_md_write(hd, buf, sizeof(buf));

  digest = gcry_md_read(hd, GCRY_MD_SHA256);

  memcpy(KO, digest, KO_len);

  gcry_md_close(hd);
}

/* for export-object-smb2 */
static char *policy_hnd_to_file_id(wmem_allocator_t *pool, const e_ctx_hnd *hnd) {
  return guid_to_str(pool, &hnd->uuid);
}
static unsigned smb2_eo_files_hash(const void *k) {
  char* file_id = policy_hnd_to_file_id(NULL, (const e_ctx_hnd*)k);
  unsigned hash = g_str_hash(file_id);
  wmem_free(NULL, file_id);
  return hash;
}
static int smb2_eo_files_equal(const void *k1, const void *k2) {
int are_equal;
  const e_ctx_hnd *key1 = (const e_ctx_hnd *)k1;
  const e_ctx_hnd *key2 = (const e_ctx_hnd *)k2;

  are_equal = (key1->uuid.data1==key2->uuid.data1 &&
    key1->uuid.data2==key2->uuid.data2 &&
    key1->uuid.data3==key2->uuid.data3 &&
    key1->uuid.data4[0]==key2->uuid.data4[0] &&
    key1->uuid.data4[1]==key2->uuid.data4[1] &&
    key1->uuid.data4[2]==key2->uuid.data4[2] &&
    key1->uuid.data4[3]==key2->uuid.data4[3] &&
    key1->uuid.data4[4]==key2->uuid.data4[4] &&
    key1->uuid.data4[5]==key2->uuid.data4[5] &&
    key1->uuid.data4[6]==key2->uuid.data4[6] &&
    key1->uuid.data4[7]==key2->uuid.data4[7]);

  return are_equal;
}

static void
feed_eo_smb2(tvbuff_t * tvb,packet_info *pinfo,smb2_info_t * si, uint16_t dataoffset,uint32_t length, uint64_t file_offset) {

  char       *fid_name = NULL;
  uint32_t    open_frame = 0, close_frame = 0;
  tvbuff_t        *data_tvb = NULL;
  smb_eo_t        *eo_info;
  char            *file_id;
  char    *auxstring;
  char    **aux_string_v;

  DISSECTOR_ASSERT(si->saved != NULL);

  /* Create a new tvb to point to the payload data */
  data_tvb = tvb_new_subset_length(tvb, dataoffset, length);
  /* Create the eo_info to pass to the listener */
  eo_info = wmem_new(pinfo->pool, smb_eo_t);
  /* Fill in eo_info */
  eo_info->smbversion=2;
  /* cmd == opcode */
  eo_info->cmd=si->opcode;
  /* We don't keep track of uid in SMB v2 */
  eo_info->uid=0;

  /* Try to get file id and filename */
  file_id=policy_hnd_to_file_id(pinfo->pool, &si->saved->policy_hnd);
  dcerpc_fetch_polhnd_data(&si->saved->policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->num);
  if (fid_name && g_strcmp0(fid_name,"File: ")!=0) {
    auxstring=fid_name;
    /* Remove "File: " from filename */
    if (g_str_has_prefix(auxstring, "File: ")) {
      aux_string_v = g_strsplit(auxstring, "File: ", -1);
      eo_info->filename = wmem_strdup_printf(pinfo->pool, "\\%s",aux_string_v[g_strv_length(aux_string_v)-1]);
      g_strfreev(aux_string_v);
    } else {
      if (g_str_has_prefix(auxstring, "\\")) {
        eo_info->filename = wmem_strdup(pinfo->pool, auxstring);
      } else {
        eo_info->filename = wmem_strdup_printf(pinfo->pool, "\\%s",auxstring);
      }
    }
  } else {
    auxstring=wmem_strdup_printf(pinfo->pool, "File_Id_%s", file_id);
    eo_info->filename=auxstring;
  }

  if (eosmb2_take_name_as_fid) {
    eo_info->fid = g_str_hash(eo_info->filename);
  } else {
    eo_info->fid = g_str_hash(file_id);
  }

  /* tid, hostname, tree_id */
  if (si->tree) {
    eo_info->tid=si->tree->tid;
    if (strlen(si->tree->name)>0 && strlen(si->tree->name)<=256) {
      eo_info->hostname = wmem_strdup(pinfo->pool, si->tree->name);
    } else {
      eo_info->hostname = wmem_strdup_printf(pinfo->pool, "\\\\%s\\TREEID_%i",tree_ip_str(pinfo,si->opcode),si->tree->tid);
    }
  } else {
    eo_info->tid=0;
    eo_info->hostname = wmem_strdup_printf(pinfo->pool, "\\\\%s\\TREEID_UNKNOWN",tree_ip_str(pinfo,si->opcode));
  }

  /* packet number */
  eo_info->pkt_num = pinfo->num;

  /* fid type */
  if (si->eo_file_info->attr_mask & SMB2_FLAGS_ATTR_DIRECTORY) {
    eo_info->fid_type=SMB2_FID_TYPE_DIR;
  } else {
    if (si->eo_file_info->attr_mask &
      (SMB2_FLAGS_ATTR_ARCHIVE | SMB2_FLAGS_ATTR_NORMAL |
       SMB2_FLAGS_ATTR_HIDDEN | SMB2_FLAGS_ATTR_READONLY |
       SMB2_FLAGS_ATTR_SYSTEM) ) {
      eo_info->fid_type=SMB2_FID_TYPE_FILE;
    } else {
      eo_info->fid_type=SMB2_FID_TYPE_OTHER;
    }
  }

  /* end_of_file */
  eo_info->end_of_file=si->eo_file_info->end_of_file;

  /* data offset and chunk length */
  eo_info->smb_file_offset=file_offset;
  eo_info->smb_chunk_len=length;
  /* XXX is this right? */
  if (length<si->saved->bytes_moved) {
    si->saved->file_offset=si->saved->file_offset+length;
    si->saved->bytes_moved=si->saved->bytes_moved-length;
  }

  /* Payload */
  eo_info->payload_len = length;
  eo_info->payload_data = tvb_get_ptr(data_tvb, 0, length);

  tap_queue_packet(smb2_eo_tap, pinfo, eo_info);

}

static int dissect_smb2_file_full_ea_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, smb2_info_t *si);


/* This is a helper to dissect the common string type
 * uint16 offset
 * uint16 length
 * ...
 * char *string
 *
 * This function is called twice, first to decode the offset/length and
 * second time to dissect the actual string.
 * It is done this way since there is no guarantee that we have the full packet and we don't
 * want to abort dissection too early if the packet ends somewhere between the
 * length/offset and the actual buffer.
 *
 */
enum offset_length_buffer_offset_size {
  OLB_O_UINT16_S_UINT16,
  OLB_O_UINT16_S_UINT32,
  OLB_O_UINT8_P_UINT8_S_UINT32,
  OLB_O_UINT32_S_UINT32,
  OLB_S_UINT32_O_UINT32
};
typedef struct _offset_length_buffer_t {
  uint32_t off;
  uint32_t len;
  int off_offset;
  int len_offset;
  enum offset_length_buffer_offset_size offset_size;
  int hfindex;
} offset_length_buffer_t;
static int
dissect_smb2_olb_length_offset(tvbuff_t *tvb, int offset, offset_length_buffer_t *olb,
             enum offset_length_buffer_offset_size offset_size, int hfindex)
{
  olb->hfindex = hfindex;
  olb->offset_size = offset_size;
  switch (offset_size) {
  case OLB_O_UINT16_S_UINT16:
    olb->off = tvb_get_letohs(tvb, offset);
    olb->off_offset = offset;
    offset += 2;
    olb->len = tvb_get_letohs(tvb, offset);
    olb->len_offset = offset;
    offset += 2;
    break;
  case OLB_O_UINT16_S_UINT32:
    olb->off = tvb_get_letohs(tvb, offset);
    olb->off_offset = offset;
    offset += 2;
    olb->len = tvb_get_letohl(tvb, offset);
    olb->len_offset = offset;
    offset += 4;
    break;
  case OLB_O_UINT8_P_UINT8_S_UINT32:
    olb->off = tvb_get_uint8(tvb, offset);
    olb->off_offset = offset;
    offset += 1;
    /* 1 byte reserved */
    offset += 1;
    olb->len = tvb_get_letohl(tvb, offset);
    olb->len_offset = offset;
    offset += 4;
    break;
  case OLB_O_UINT32_S_UINT32:
    olb->off = tvb_get_letohl(tvb, offset);
    olb->off_offset = offset;
    offset += 4;
    olb->len = tvb_get_letohl(tvb, offset);
    olb->len_offset = offset;
    offset += 4;
    break;
  case OLB_S_UINT32_O_UINT32:
    olb->len = tvb_get_letohl(tvb, offset);
    olb->len_offset = offset;
    offset += 4;
    olb->off = tvb_get_letohl(tvb, offset);
    olb->off_offset = offset;
    offset += 4;
    break;
  }

  return offset;
}

#define OLB_TYPE_UNICODE_STRING   0x01
#define OLB_TYPE_ASCII_STRING   0x02
static const uint8_t *
dissect_smb2_olb_off_string(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, offset_length_buffer_t *olb, int base, int type)
{
  int           len, off;
  proto_item   *item = NULL;
  proto_tree   *tree = NULL;
  const uint8_t *name = NULL;

  olb->off += base;

  len = olb->len;
  off = olb->off;


  /* sanity check */
  tvb_ensure_bytes_exist(tvb, off, len);
  if (((off+len)<off)
  || ((off+len)>(off+tvb_reported_length_remaining(tvb, off)))) {
    proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, off, -1,
            "Invalid offset/length. Malformed packet");

    col_append_str(pinfo->cinfo, COL_INFO, " [Malformed packet]");

    return NULL;
  }


  switch (type) {
  case OLB_TYPE_UNICODE_STRING:
    item = proto_tree_add_item_ret_string(parent_tree,
        olb->hfindex, tvb, off, len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
        pinfo->pool, &name);
    tree = proto_item_add_subtree(item, ett_smb2_olb);
    break;
  case OLB_TYPE_ASCII_STRING:
    item = proto_tree_add_item_ret_string(parent_tree,
        olb->hfindex, tvb, off, len, ENC_ASCII|ENC_NA,
        pinfo->pool, &name);
    tree = proto_item_add_subtree(item, ett_smb2_olb);
    break;
  }

  switch (olb->offset_size) {
  case OLB_O_UINT16_S_UINT16:
    proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 2, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 2, ENC_LITTLE_ENDIAN);
    break;
  case OLB_O_UINT16_S_UINT32:
    proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 2, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
    break;
  case OLB_O_UINT8_P_UINT8_S_UINT32:
    proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 1, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, olb->off_offset+1, 1, ENC_NA);
    proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
    break;
  case OLB_O_UINT32_S_UINT32:
    proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 4, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
    break;
  case OLB_S_UINT32_O_UINT32:
    proto_tree_add_item(tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(tree, hf_smb2_olb_offset, tvb, olb->off_offset, 4, ENC_LITTLE_ENDIAN);
    break;
  }

  return name;
}

static const uint8_t *
dissect_smb2_olb_string(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, offset_length_buffer_t *olb, int type)
{
  return dissect_smb2_olb_off_string(pinfo, parent_tree, tvb, olb, 0, type);
}

static void
dissect_smb2_olb_buffer(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb,
      offset_length_buffer_t *olb, smb2_info_t *si,
      void (*dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si))
{
  int         len, off;
  proto_item *sub_item = NULL;
  proto_tree *sub_tree = NULL;
  tvbuff_t   *sub_tvb  = NULL;
  int         offset;

  offset = olb->off;
  len    = olb->len;
  off    = olb->off;

  /* sanity check */
  tvb_ensure_bytes_exist(tvb, off, len);
  if (((off+len)<off)
      || ((off+len)>(off+tvb_reported_length_remaining(tvb, off)))) {
    proto_tree_add_expert_format(parent_tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
            "Invalid offset/length. Malformed packet");

    col_append_str(pinfo->cinfo, COL_INFO, " [Malformed packet]");

    return;
  }

  switch (olb->offset_size) {
  case OLB_O_UINT16_S_UINT16:
    proto_tree_add_item(parent_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 2, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(parent_tree, hf_smb2_olb_length, tvb, olb->len_offset, 2, ENC_LITTLE_ENDIAN);
    break;
  case OLB_O_UINT16_S_UINT32:
    proto_tree_add_item(parent_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 2, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(parent_tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
    break;
  case OLB_O_UINT8_P_UINT8_S_UINT32:
    proto_tree_add_item(parent_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 1, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(parent_tree, hf_smb2_reserved, tvb, olb->off_offset+1, 1, ENC_NA);
    proto_tree_add_item(parent_tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
    break;
  case OLB_O_UINT32_S_UINT32:
    proto_tree_add_item(parent_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 4, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(parent_tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
    break;
  case OLB_S_UINT32_O_UINT32:
    proto_tree_add_item(parent_tree, hf_smb2_olb_length, tvb, olb->len_offset, 4, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(parent_tree, hf_smb2_olb_offset, tvb, olb->off_offset, 4, ENC_LITTLE_ENDIAN);
    break;
  }

  /* if we don't want/need a subtree */
  if (olb->hfindex == -1) {
    sub_item = parent_tree;
    sub_tree = parent_tree;
  } else {
    if (parent_tree) {
      sub_item = proto_tree_add_item(parent_tree, olb->hfindex, tvb, offset, len, ENC_NA);
      sub_tree = proto_item_add_subtree(sub_item, ett_smb2_olb);
    }
  }

  if (off == 0 || len == 0) {
    proto_item_append_text(sub_item, ": NO DATA");
    return;
  }

  if (!dissector) {
    return;
  }

  sub_tvb = tvb_new_subset_length_caplen(tvb, off, MIN((int)len, tvb_captured_length_remaining(tvb, off)), len);

  dissector(sub_tvb, pinfo, sub_tree, si);
}

static int
dissect_smb2_olb_tvb_max_offset(int offset, offset_length_buffer_t *olb)
{

  return MAX(offset, (int)(olb->off + olb->len));
}

typedef struct _smb2_function {
  int (*request) (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si);
  int (*response)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si);
} smb2_function;

static const true_false_string tfs_smb2_svhdx_has_initiator_id = {
  "Has an initiator id",
  "Does not have an initiator id"
};

static const true_false_string tfs_flags_response = {
  "This is a RESPONSE",
  "This is a REQUEST"
};

static const true_false_string tfs_flags_async_cmd = {
  "This is an ASYNC command",
  "This is a SYNC command"
};

static const true_false_string tfs_flags_dfs_op = {
  "This is a DFS OPERATION",
  "This is a normal operation"
};

static const true_false_string tfs_flags_chained = {
  "This pdu is a CHAINED command",
  "This pdu is NOT a chained command"
};

static const true_false_string tfs_flags_signature = {
  "This pdu is SIGNED",
  "This pdu is NOT signed"
};

static const true_false_string tfs_flags_replay_operation = {
  "This is a REPLAY OPERATION",
  "This is NOT a replay operation"
};

static const true_false_string tfs_flags_priority_mask = {
  "This pdu contains a PRIORITY",
  "This pdu does NOT contain a PRIORITY"
};

static const true_false_string tfs_cap_dfs = {
  "This host supports DFS",
  "This host does NOT support DFS"
};

static const true_false_string tfs_cap_leasing = {
  "This host supports LEASING",
  "This host does NOT support LEASING"
};

static const true_false_string tfs_cap_large_mtu = {
  "This host supports LARGE_MTU",
  "This host does NOT support LARGE_MTU"
};

static const true_false_string tfs_cap_multi_channel = {
  "This host supports MULTI CHANNEL",
  "This host does NOT support MULTI CHANNEL"
};

static const true_false_string tfs_cap_persistent_handles = {
  "This host supports PERSISTENT HANDLES",
  "This host does NOT support PERSISTENT HANDLES"
};

static const true_false_string tfs_cap_directory_leasing = {
  "This host supports DIRECTORY LEASING",
  "This host does NOT support DIRECTORY LEASING"
};

static const true_false_string tfs_cap_encryption = {
  "This host supports ENCRYPTION",
  "This host does NOT support ENCRYPTION"
};

static const true_false_string tfs_cap_notifications = {
  "This host supports receiving NOTIFICATIONS",
  "This host does NOT support receiving NOTIFICATIONS"
};

static const true_false_string tfs_smb2_ioctl_network_interface_capability_rss = {
  "This interface supports RSS",
  "This interface does not support RSS"
};

static const true_false_string tfs_smb2_ioctl_network_interface_capability_rdma = {
  "This interface supports RDMA",
  "This interface does not support RDMA"
};

static const value_string file_region_usage_vals[] = {
  { 0x00000001, "FILE_REGION_USAGE_VALID_CACHED_DATA" },
  { 0, NULL }
};

static const value_string originator_flags_vals[] = {
  { 1, "SVHDX_ORIGINATOR_PVHDPARSER" },
  { 4, "SVHDX_ORIGINATOR_VHDMP" },
  { 0, NULL }
};

static const value_string compression_format_vals[] = {
  { 0, "COMPRESSION_FORMAT_NONE" },
  { 1, "COMPRESSION_FORMAT_DEFAULT" },
  { 2, "COMPRESSION_FORMAT_LZNT1" },
  { 0, NULL }
};

static const value_string checksum_algorithm_vals[] = {
  { 0x0000, "CHECKSUM_TYPE_NONE" },
  { 0x0001, "CHECKSUM_TYPE_CRC32" },
  { 0x0002, "CHECKSUM_TYPE_CRC64" },
  { 0xFFFF, "CHECKSUM_TYPE_UNCHANGED" },
  { 0, NULL }
};

/* Note: All uncommented are "dissector not implemented" */
static const value_string smb2_ioctl_vals[] = {
  {0x00060194, "FSCTL_DFS_GET_REFERRALS"},          /* dissector implemented */
  {0x000601B0, "FSCTL_DFS_GET_REFERRALS_EX"},
  {0x00090000, "FSCTL_REQUEST_OPLOCK_LEVEL_1"},
  {0x00090004, "FSCTL_REQUEST_OPLOCK_LEVEL_2"},
  {0x00090008, "FSCTL_REQUEST_BATCH_OPLOCK"},
  {0x0009000C, "FSCTL_OPLOCK_BREAK_ACKNOWLEDGE"},
  {0x00090010, "FSCTL_OPBATCH_ACK_CLOSE_PENDING"},
  {0x00090014, "FSCTL_OPLOCK_BREAK_NOTIFY"},
  {0x00090018, "FSCTL_LOCK_VOLUME"},
  {0x0009001C, "FSCTL_UNLOCK_VOLUME"},
  {0x00090020, "FSCTL_DISMOUNT_VOLUME"},
  {0x00090028, "FSCTL_IS_VOLUME_MOUNTED"},
  {0x0009002C, "FSCTL_IS_PATHNAME_VALID"},
  {0x00090030, "FSCTL_MARK_VOLUME_DIRTY"},
  {0x0009003B, "FSCTL_QUERY_RETRIEVAL_POINTERS"},
  {0x0009003C, "FSCTL_GET_COMPRESSION"},            /* dissector implemented */
  {0x0009004F, "FSCTL_MARK_AS_SYSTEM_HIVE"},
  {0x00090050, "FSCTL_OPLOCK_BREAK_ACK_NO_2"},
  {0x00090054, "FSCTL_INVALIDATE_VOLUMES"},
  {0x00090058, "FSCTL_QUERY_FAT_BPB"},
  {0x0009005C, "FSCTL_REQUEST_FILTER_OPLOCK"},
  {0x00090060, "FSCTL_FILESYSTEM_GET_STATISTICS"},
  {0x00090064, "FSCTL_GET_NTFS_VOLUME_DATA"},
  {0x00090068, "FSCTL_GET_NTFS_FILE_RECORD"},
  {0x0009006F, "FSCTL_GET_VOLUME_BITMAP"},
  {0x00090073, "FSCTL_GET_RETRIEVAL_POINTERS"},
  {0x00090074, "FSCTL_MOVE_FILE"},
  {0x00090078, "FSCTL_IS_VOLUME_DIRTY"},
  {0x0009007C, "FSCTL_GET_HFS_INFORMATION"},
  {0x00090083, "FSCTL_ALLOW_EXTENDED_DASD_IO"},
  {0x00090087, "FSCTL_READ_PROPERTY_DATA"},
  {0x0009008B, "FSCTL_WRITE_PROPERTY_DATA"},
  {0x0009008F, "FSCTL_FIND_FILES_BY_SID"},
  {0x00090097, "FSCTL_DUMP_PROPERTY_DATA"},
  {0x0009009C, "FSCTL_GET_OBJECT_ID"},            /* dissector implemented */
  {0x000900A4, "FSCTL_SET_REPARSE_POINT"},          /* dissector implemented */
  {0x000900A8, "FSCTL_GET_REPARSE_POINT"},          /* dissector implemented */
  {0x000900C0, "FSCTL_CREATE_OR_GET_OBJECT_ID"},          /* dissector implemented */
  {0x000900C4, "FSCTL_SET_SPARSE"},           /* dissector implemented */
  {0x000900D4, "FSCTL_SET_ENCRYPTION"},
  {0x000900DB, "FSCTL_ENCRYPTION_FSCTL_IO"},
  {0x000900DF, "FSCTL_WRITE_RAW_ENCRYPTED"},
  {0x000900E3, "FSCTL_READ_RAW_ENCRYPTED"},
  {0x000900F0, "FSCTL_EXTEND_VOLUME"},
  {0x00090244, "FSCTL_CSV_TUNNEL_REQUEST"},
  {0x0009027C, "FSCTL_GET_INTEGRITY_INFORMATION"},              /* dissector implemented */
  {0x00090284, "FSCTL_QUERY_FILE_REGIONS"},                     /* dissector implemented */
  {0x000902c8, "FSCTL_CSV_SYNC_TUNNEL_REQUEST"},
  {0x00090300, "FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT"},      /* dissector implemented */
  {0x00090304, "FSCTL_SVHDX_SYNC_TUNNEL_REQUEST"},              /* dissector implemented */
  {0x00090308, "FSCTL_SVHDX_SET_INITIATOR_INFORMATION"},
  {0x0009030C, "FSCTL_SET_EXTERNAL_BACKING"},
  {0x00090310, "FSCTL_GET_EXTERNAL_BACKING"},
  {0x00090314, "FSCTL_DELETE_EXTERNAL_BACKING"},
  {0x00090318, "FSCTL_ENUM_EXTERNAL_BACKING"},
  {0x0009031F, "FSCTL_ENUM_OVERLAY"},
  {0x00090350, "FSCTL_STORAGE_QOS_CONTROL"},                    /* dissector implemented */
  {0x00090364, "FSCTL_SVHDX_ASYNC_TUNNEL_REQUEST"},             /* dissector implemented */
  {0x00090380, "FSCTL_SET_INTEGRITY_INFORMATION_EX"},         /* dissector implemented */
  {0x00090440, "FSCTL_REFS_STREAM_SNAPSHOT_MANAGEMENT"},    /* dissector implemented */
  {0x000940B3, "FSCTL_ENUM_USN_DATA"},
  {0x000940B7, "FSCTL_SECURITY_ID_CHECK"},
  {0x000940BB, "FSCTL_READ_USN_JOURNAL"},
  {0x000940CF, "FSCTL_QUERY_ALLOCATED_RANGES"},         /* dissector implemented */
  {0x000940E7, "FSCTL_CREATE_USN_JOURNAL"},
  {0x000940EB, "FSCTL_READ_FILE_USN_DATA"},
  {0x000940EF, "FSCTL_WRITE_USN_CLOSE_RECORD"},
  {0x00094264, "FSCTL_OFFLOAD_READ"},           /* dissector implemented */
  {0x00098098, "FSCTL_SET_OBJECT_ID"},            /* dissector implemented */
  {0x000980A0, "FSCTL_DELETE_OBJECT_ID"}, /* no data in/out */
  {0x000980A4, "FSCTL_SET_REPARSE_POINT"},
  {0x000980AC, "FSCTL_DELETE_REPARSE_POINT"},
  {0x000980BC, "FSCTL_SET_OBJECT_ID_EXTENDED"},         /* dissector implemented */
  {0x000980C8, "FSCTL_SET_ZERO_DATA"},            /* dissector implemented */
  {0x000980D0, "FSCTL_ENABLE_UPGRADE"},
  {0x00098208, "FSCTL_FILE_LEVEL_TRIM"},
  {0x00098268, "FSCTL_OFFLOAD_WRITE"},            /* dissector implemented */
  {0x00098344, "FSCTL_DUPLICATE_EXTENTS_TO_FILE"},        /* dissector implemented */
  {0x0009C040, "FSCTL_SET_COMPRESSION"},            /* dissector implemented */
  {0x0009C280, "FSCTL_SET_INTEGRITY_INFORMATION"},        /* dissector implemented */
  {0x00110018, "FSCTL_PIPE_WAIT"},            /* dissector implemented */
  {0x0011400C, "FSCTL_PIPE_PEEK"},
  {0x0011C017, "FSCTL_PIPE_TRANSCEIVE"},            /* dissector implemented */
  {0x00140078, "FSCTL_SRV_REQUEST_RESUME_KEY"},
  {0x001401D4, "FSCTL_LMR_REQUEST_RESILIENCY"},         /* dissector implemented */
  {0x001401FC, "FSCTL_QUERY_NETWORK_INTERFACE_INFO"},       /* dissector implemented */
  {0x00140200, "FSCTL_VALIDATE_NEGOTIATE_INFO_224"},        /* dissector implemented */
  {0x00140204, "FSCTL_VALIDATE_NEGOTIATE_INFO"},          /* dissector implemented */
  {0x00144064, "FSCTL_SRV_ENUMERATE_SNAPSHOTS"},          /* dissector implemented */
  {0x001440F2, "FSCTL_SRV_COPYCHUNK"},
  {0x001441bb, "FSCTL_SRV_READ_HASH"},
  {0x001480F2, "FSCTL_SRV_COPYCHUNK_WRITE"},
  { 0, NULL }
};
static value_string_ext smb2_ioctl_vals_ext = VALUE_STRING_EXT_INIT(smb2_ioctl_vals);

static const value_string smb2_ioctl_device_vals[] = {
  { 0x0001, "BEEP" },
  { 0x0002, "CD_ROM" },
  { 0x0003, "CD_ROM_FILE_SYSTEM" },
  { 0x0004, "CONTROLLER" },
  { 0x0005, "DATALINK" },
  { 0x0006, "DFS" },
  { 0x0007, "DISK" },
  { 0x0008, "DISK_FILE_SYSTEM" },
  { 0x0009, "FILE_SYSTEM" },
  { 0x000a, "INPORT_PORT" },
  { 0x000b, "KEYBOARD" },
  { 0x000c, "MAILSLOT" },
  { 0x000d, "MIDI_IN" },
  { 0x000e, "MIDI_OUT" },
  { 0x000f, "MOUSE" },
  { 0x0010, "MULTI_UNC_PROVIDER" },
  { 0x0011, "NAMED_PIPE" },
  { 0x0012, "NETWORK" },
  { 0x0013, "NETWORK_BROWSER" },
  { 0x0014, "NETWORK_FILE_SYSTEM" },
  { 0x0015, "NULL" },
  { 0x0016, "PARALLEL_PORT" },
  { 0x0017, "PHYSICAL_NETCARD" },
  { 0x0018, "PRINTER" },
  { 0x0019, "SCANNER" },
  { 0x001a, "SERIAL_MOUSE_PORT" },
  { 0x001b, "SERIAL_PORT" },
  { 0x001c, "SCREEN" },
  { 0x001d, "SOUND" },
  { 0x001e, "STREAMS" },
  { 0x001f, "TAPE" },
  { 0x0020, "TAPE_FILE_SYSTEM" },
  { 0x0021, "TRANSPORT" },
  { 0x0022, "UNKNOWN" },
  { 0x0023, "VIDEO" },
  { 0x0024, "VIRTUAL_DISK" },
  { 0x0025, "WAVE_IN" },
  { 0x0026, "WAVE_OUT" },
  { 0x0027, "8042_PORT" },
  { 0x0028, "NETWORK_REDIRECTOR" },
  { 0x0029, "BATTERY" },
  { 0x002a, "BUS_EXTENDER" },
  { 0x002b, "MODEM" },
  { 0x002c, "VDM" },
  { 0x002d, "MASS_STORAGE" },
  { 0x002e, "SMB" },
  { 0x002f, "KS" },
  { 0x0030, "CHANGER" },
  { 0x0031, "SMARTCARD" },
  { 0x0032, "ACPI" },
  { 0x0033, "DVD" },
  { 0x0034, "FULLSCREEN_VIDEO" },
  { 0x0035, "DFS_FILE_SYSTEM" },
  { 0x0036, "DFS_VOLUME" },
  { 0x0037, "SERENUM" },
  { 0x0038, "TERMSRV" },
  { 0x0039, "KSEC" },
  { 0, NULL }
};
static value_string_ext smb2_ioctl_device_vals_ext = VALUE_STRING_EXT_INIT(smb2_ioctl_device_vals);

static const value_string smb2_ioctl_access_vals[] = {
  { 0x00, "FILE_ANY_ACCESS" },
  { 0x01, "FILE_READ_ACCESS" },
  { 0x02, "FILE_WRITE_ACCESS" },
  { 0x03, "FILE_READ_WRITE_ACCESS" },
  { 0, NULL }
};

static const value_string smb2_ioctl_method_vals[] = {
  { 0x00, "METHOD_BUFFERED" },
  { 0x01, "METHOD_IN_DIRECT" },
  { 0x02, "METHOD_OUT_DIRECT" },
  { 0x03, "METHOD_NEITHER" },
  { 0, NULL }
};

static const value_string smb2_ioctl_shared_virtual_disk_vals[] = {
  { 0x01, "SharedVirtualDisksSupported" },
  { 0x07, "SharedVirtualDiskCDPSnapshotsSupported" },
  { 0, NULL }
};

static const value_string smb2_ioctl_shared_virtual_disk_hstate_vals[] = {
  { 0x00, "HandleStateNone" },
  { 0x01, "HandleStateFileShared" },
  { 0x03, "HandleStateShared" },
  { 0, NULL }
};

/* this is called from both smb and smb2. */
int
dissect_smb2_ioctl_function(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, uint32_t *ioctlfunc)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint32_t    ioctl_function;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_ioctl_function, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    tree = proto_item_add_subtree(item, ett_smb2_ioctl_function);
  }

  ioctl_function = tvb_get_letohl(tvb, offset);
  if (ioctlfunc)
    *ioctlfunc = ioctl_function;
  if (ioctl_function) {
    const char *unknown = "unknown";
    const char *ioctl_name = val_to_str_ext_const(ioctl_function,
                     &smb2_ioctl_vals_ext,
                     unknown);

    /*
     * val_to_str_const() doesn't work with a unknown == NULL
     */
    if (ioctl_name == unknown) {
      ioctl_name = NULL;
    }

    if (ioctl_name != NULL) {
      col_append_fstr(
        pinfo->cinfo, COL_INFO, " %s", ioctl_name);
    }

    /* device */
    proto_tree_add_item(tree, hf_smb2_ioctl_function_device, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    if (ioctl_name == NULL) {
      col_append_fstr(
        pinfo->cinfo, COL_INFO, " %s",
        val_to_str_ext((ioctl_function>>16)&0xffff, &smb2_ioctl_device_vals_ext,
        "Unknown (0x%08X)"));
    }

    /* access */
    proto_tree_add_item(tree, hf_smb2_ioctl_function_access, tvb, offset, 4, ENC_LITTLE_ENDIAN);

    /* function */
    proto_tree_add_item(tree, hf_smb2_ioctl_function_function, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    if (ioctl_name == NULL) {
      col_append_fstr(
        pinfo->cinfo, COL_INFO, " Function:0x%04x",
        (ioctl_function>>2)&0x0fff);
    }

    /* method */
    proto_tree_add_item(tree, hf_smb2_ioctl_function_method, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  }

  offset += 4;

  return offset;
}

/* fake the dce/rpc support structures so we can piggy back on
 * dissect_nt_policy_hnd()   since this will allow us
 * a cheap way to track where FIDs are opened, closed
 * and fid->filename mappings
 * if we want to do those things in the future.
 */
#define FID_MODE_OPEN   0
#define FID_MODE_CLOSE    1
#define FID_MODE_USE    2
#define FID_MODE_DHNQ   3
#define FID_MODE_DHNC   4
static int
dissect_smb2_fid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si, int mode)
{
  uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
  static dcerpc_info        di; /* fake dcerpc_info struct */
  static dcerpc_call_value  call_data;
  e_ctx_hnd   policy_hnd = {0, DCERPC_UUID_NULL};
  e_ctx_hnd   *policy_hnd_hashtablekey;
  proto_item *hnd_item   = NULL;
  char       *fid_name;
  uint32_t    open_frame = 0, close_frame = 0;
  smb2_eo_file_info_t *eo_file_info;
  smb2_fid_info_t sfi_key;
  smb2_fid_info_t *sfi = NULL;
  uint8_t buf[8];
  uint64_t pol_uuid;

  memset(&sfi_key, 0, sizeof(sfi_key));
  sfi_key.fid_persistent = tvb_get_letoh64(tvb, offset);
  sfi_key.fid_volatile = tvb_get_letoh64(tvb, offset+8);
  sfi_key.sesid = si->sesid;
  sfi_key.tid = si->tid;
  sfi_key.frame_key = pinfo->num;
  sfi_key.name = NULL;

  di.conformant_run = 0;
  /* we need di->call_data->flags.NDR64 == 0 */
  di.call_data = &call_data;

  switch (mode) {
  case FID_MODE_OPEN:
    /* This mode is only for create requests */
    if (si->saved) {
      offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid,
          &policy_hnd, &hnd_item, PIDL_POLHND_OPEN);
      si->saved->hnd_item = hnd_item;
    }
    if (!pinfo->fd->visited) {
      sfi = wmem_new(wmem_file_scope(), smb2_fid_info_t);
      *sfi = sfi_key;
      sfi->frame_key = 0;
      sfi->frame_beg = pinfo->fd->num;
      sfi->frame_end = UINT32_MAX;

      if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
        sfi->name = wmem_strdup(wmem_file_scope(), (char *)si->saved->extra_info);
      } else {
        sfi->name = wmem_strdup_printf(wmem_file_scope(), "[unknown]");
      }

      if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
        fid_name = wmem_strdup_printf(wmem_file_scope(), "File: %s",
            (char *)si->saved->extra_info);
      } else {
        fid_name = wmem_strdup_printf(wmem_file_scope(), "File: ");
      }
      dcerpc_store_polhnd_name(&policy_hnd, pinfo, fid_name);

      wmem_map_insert(si->session->fids, sfi, sfi);
      si->file = sfi;

      /* If needed, create the file entry and save the policy hnd */
      if (si->saved) {
        si->saved->file = sfi;
        si->saved->policy_hnd = policy_hnd;
      }

      if (si->conv) {
        eo_file_info = (smb2_eo_file_info_t *)wmem_map_lookup(si->session->files,&policy_hnd);
        if (!eo_file_info) {
          eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
          policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
          memcpy(policy_hnd_hashtablekey, &policy_hnd, sizeof(e_ctx_hnd));
          eo_file_info->end_of_file=0;
          wmem_map_insert(si->session->files,policy_hnd_hashtablekey,eo_file_info);
        }
        si->eo_file_info=eo_file_info;
      }
    }

    break;
  case FID_MODE_CLOSE:
    /* This mode is only for close requests */

    if (!pinfo->fd->visited) {
      smb2_fid_info_t *fid = (smb2_fid_info_t *)wmem_map_lookup(si->session->fids, &sfi_key);

      if (fid)
        fid->frame_end = pinfo->fd->num;
      if (si->saved)
        si->saved->frame_end = pinfo->fd->num;
    }

    offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid, &policy_hnd,
        &hnd_item, PIDL_POLHND_CLOSE);

    if (si->saved)
      si->saved->hnd_item = hnd_item;
    break;
  case FID_MODE_USE:
  case FID_MODE_DHNQ:
  case FID_MODE_DHNC:
    offset = dissect_nt_guid_hnd(tvb, offset, pinfo, tree, &di, drep, hf_smb2_fid,
        &policy_hnd, &hnd_item, PIDL_POLHND_USE);
    if (si->saved)
      si->saved->hnd_item = hnd_item;
    break;
  }

  si->file = (smb2_fid_info_t *)wmem_map_lookup(si->session->fids, &sfi_key);
  if (si->file) {
    if (si->saved) {
      si->saved->file = si->file;
    }
    if (si->file->name) {
      if (hnd_item) {
        proto_item_append_text(hnd_item, ", File: %s", si->file->name);
      }
    }
  }

  if (dcerpc_fetch_polhnd_data(&policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->num)) {
    /* look for the eo_file_info */
    if (!si->eo_file_info) {
      if (si->saved) { si->saved->policy_hnd = policy_hnd; }
      if (si->conv) {
        eo_file_info = (smb2_eo_file_info_t *)wmem_map_lookup(si->session->files,&policy_hnd);
        if (eo_file_info) {
          si->eo_file_info=eo_file_info;
        } else { /* XXX This should never happen */
          eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
          policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
          memcpy(policy_hnd_hashtablekey, &policy_hnd, sizeof(e_ctx_hnd));
          eo_file_info->end_of_file=0;
          wmem_map_insert(si->session->files,policy_hnd_hashtablekey,eo_file_info);
        }
      }
    }
  }
  /* Calculate GUID (FID) hash
  * This provides hash that can be filtered on to provide all of the SMB2 requests and responses
  * associated with a given FID. Note that filtering instead on the FID, only returns the CREATE
  * response, and SMB2 requests but not their responses.
  */
  if (si->saved
  && policy_hnd.uuid.data1 > 0
  && policy_hnd.uuid.data1 < 0xffffffff) {
    pol_uuid = policy_hnd.uuid.data1 + policy_hnd.uuid.data2 + policy_hnd.uuid.data3;
    for(int i = 0; i < 8; i++) {
      buf[i] = (pol_uuid >> (56 - i * 8)) & 0xFF;
    }
    si->saved->fid_hash = crc32_ccitt(buf, 8);
  }
  return offset;
}

#define SMB2_FSCC_FILE_ATTRIBUTE_READ_ONLY      0x00000001
#define SMB2_FSCC_FILE_ATTRIBUTE_HIDDEN       0x00000002
#define SMB2_FSCC_FILE_ATTRIBUTE_SYSTEM       0x00000004
#define SMB2_FSCC_FILE_ATTRIBUTE_DIRECTORY      0x00000010
#define SMB2_FSCC_FILE_ATTRIBUTE_ARCHIVE      0x00000020
#define SMB2_FSCC_FILE_ATTRIBUTE_NORMAL       0x00000080
#define SMB2_FSCC_FILE_ATTRIBUTE_TEMPORARY      0x00000100
#define SMB2_FSCC_FILE_ATTRIBUTE_SPARSE_FILE      0x00000200
#define SMB2_FSCC_FILE_ATTRIBUTE_REPARSE_POINT      0x00000400
#define SMB2_FSCC_FILE_ATTRIBUTE_COMPRESSED     0x00000800
#define SMB2_FSCC_FILE_ATTRIBUTE_OFFLINE      0x00001000
#define SMB2_FSCC_FILE_ATTRIBUTE_NOT_CONTENT_INDEXED    0x00002000
#define SMB2_FSCC_FILE_ATTRIBUTE_ENCRYPTED      0x00004000
#define SMB2_FSCC_FILE_ATTRIBUTE_INTEGRITY_STREAM   0x00008000
#define SMB2_FSCC_FILE_ATTRIBUTE_NO_SCRUB_DATA      0x00020000
#define SMB2_FSCC_FILE_ATTRIBUTE_RECALL_ON_OPEN     0x00040000
#define SMB2_FSCC_FILE_ATTRIBUTE_PINNED       0x00080000
#define SMB2_FSCC_FILE_ATTRIBUTE_UNPINNED     0x00100000
#define SMB2_FSCC_FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS    0x00400000


static const true_false_string tfs_fscc_file_attribute_reparse = {
  "Has an associated REPARSE POINT",
  "Does NOT have an associated reparse point"
};
static const true_false_string tfs_fscc_file_attribute_compressed = {
  "COMPRESSED",
  "Uncompressed"
};
static const true_false_string tfs_fscc_file_attribute_offline = {
  "OFFLINE",
  "Online"
};
static const true_false_string tfs_fscc_file_attribute_not_content_indexed = {
  "Is not indexed by the content indexing service",
  "Is indexed by the content indexing service"
};
static const true_false_string tfs_fscc_file_attribute_integrity_stream = {
  "Has Integrity Support",
  "Does NOT have Integrity Support"
};
static const true_false_string tfs_fscc_file_attribute_no_scrub_data = {
  "Is excluded from the data integrity scan",
  "Is not excluded from the data integrity scan"
};
static const true_false_string tfs_fscc_file_attribute_recall_on_open = {
  "When OPENED, remote file should be fetched from remote storage",
  "When OPENED, remote file should NOT be fetched from remote storage"
};
static const true_false_string tfs_fscc_file_attribute_pinned = {
  "File/dir should be kept locally even when unused",
  "File/dir should NOT be kept locally when unused"
};
static const true_false_string tfs_fscc_file_attribute_unpinned = {
  "File/dir should NOT be fully kept locally except when accessed",
  "File/dir should be fully kept locally when accessed"
};
static const true_false_string tfs_fscc_file_attribute_recall_on_data_access = {
  "When accessed remote content of file/dir should be fetched",
  "When accessed remote content of file/dir should NOT be fetched"
};

/*
 * File Attributes, section 2.6 in the [MS-FSCC] spec
 */
static int
dissect_fscc_file_attr(tvbuff_t* tvb, proto_tree* parent_tree, int offset, uint32_t* attr)
{
  uint32_t mask = tvb_get_letohl(tvb, offset);
  static int* const mask_fields[] = {
    &hf_smb2_fscc_file_attr_read_only,
    &hf_smb2_fscc_file_attr_hidden,
    &hf_smb2_fscc_file_attr_system,
    &hf_smb2_fscc_file_attr_directory,
    &hf_smb2_fscc_file_attr_archive,
    &hf_smb2_fscc_file_attr_normal,
    &hf_smb2_fscc_file_attr_temporary,
    &hf_smb2_fscc_file_attr_sparse_file,
    &hf_smb2_fscc_file_attr_reparse_point,
    &hf_smb2_fscc_file_attr_compressed,
    &hf_smb2_fscc_file_attr_offline,
    &hf_smb2_fscc_file_attr_not_content_indexed,
    &hf_smb2_fscc_file_attr_encrypted,
    &hf_smb2_fscc_file_attr_integrity_stream,
    &hf_smb2_fscc_file_attr_no_scrub_data,
    &hf_smb2_fscc_file_attr_recall_on_open,
    &hf_smb2_fscc_file_attr_pinned,
    &hf_smb2_fscc_file_attr_unpinned,
    &hf_smb2_fscc_file_attr_recall_on_data_access,
    NULL
  };

  proto_tree_add_bitmask_value_with_flags(parent_tree, tvb, offset, hf_smb2_fscc_file_attr, ett_smb2_fscc_file_attributes, mask_fields, mask, BMT_NO_APPEND);

  offset += 4;

  if (attr)
    *attr = mask;

  return offset;
}

/* this info level is unique to SMB2 and differst from the corresponding
 * SMB_FILE_ALL_INFO in SMB
 */
static int
dissect_smb2_file_all_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  int         length;
  static int * const mode_fields[] = {
    &hf_smb2_mode_file_write_through,
    &hf_smb2_mode_file_sequential_only,
    &hf_smb2_mode_file_no_intermediate_buffering,
    &hf_smb2_mode_file_synchronous_io_alert,
    &hf_smb2_mode_file_synchronous_io_nonalert,
    &hf_smb2_mode_file_delete_on_close,
    NULL,
  };

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_all_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_all_info);
  }

  /* create time */
  dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last access */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last write */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last change */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* File Attributes */
  offset = dissect_fscc_file_attr(tvb, tree, offset, NULL);

  /* some unknown bytes */
  proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 4, ENC_NA);
  offset += 4;

  /* allocation size */
  proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* end of file */
  proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* number of links */
  proto_tree_add_item(tree, hf_smb2_nlinks, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* delete pending */
  proto_tree_add_item(tree, hf_smb2_delete_pending, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* is directory */
  proto_tree_add_item(tree, hf_smb2_is_directory, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* padding */
  offset += 2;

  /* file id */
  proto_tree_add_item(tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* ea size */
  proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* access mask */
  offset = dissect_smb_access_mask(tvb, tree, offset);

  /* Position Information */
  proto_tree_add_item(tree, hf_smb2_position_information, tvb, offset, 8, ENC_BIG_ENDIAN);
  offset += 8;

  /* Mode Information */
  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_mode_information, ett_smb2_file_mode_info, mode_fields, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* Alignment Information */
  proto_tree_add_item(tree, hf_smb2_alignment_information, tvb, offset, 4, ENC_BIG_ENDIAN);
  offset +=4;

  /* file name length */
  length = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* file name */
  if (length) {
    proto_tree_add_item(tree, hf_smb2_filename,
        tvb, offset, length, ENC_UTF_16|ENC_LITTLE_ENDIAN);
    offset += length;
  }

  return offset;
}


static int
dissect_smb2_file_allocation_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_allocation_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_allocation_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qsfi_SMB_FILE_ALLOCATION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static int
dissect_smb2_file_endoffile_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_endoffile_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_endoffile_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qsfi_SMB_FILE_ENDOFFILE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static int
dissect_smb2_file_alternate_name_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_alternate_name_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_alternate_name_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_NAME_INFO(tvb, pinfo, tree, offset, &bc, &trunc, /* XXX assumption hack */ true);

  return offset;
}

static int
dissect_smb2_file_normalized_name_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_normalized_name_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_normalized_name_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_NAME_INFO(tvb, pinfo, tree, offset, &bc, &trunc, /* XXX assumption hack */ true);

  return offset;
}

static int
dissect_smb2_file_basic_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_basic_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_basic_info);
  }

  /* create time */
  dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last access */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last write */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last change */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* File Attributes */
  offset = dissect_fscc_file_attr(tvb, tree, offset, NULL);

  /* some unknown bytes */
  proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 4, ENC_NA);
  offset += 4;

  return offset;
}

static int
dissect_smb2_file_standard_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_standard_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_standard_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_STANDARD_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}
static int
dissect_smb2_file_internal_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_internal_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_internal_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_INTERNAL_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}
static int
dissect_smb2_file_mode_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_mode_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_mode_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qsfi_SMB_FILE_MODE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}
static int
dissect_smb2_file_alignment_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_alignment_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_alignment_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_ALIGNMENT_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}
static int
dissect_smb2_file_position_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_position_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_position_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qsfi_SMB_FILE_POSITION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static int
dissect_smb2_file_access_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_access_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_access_info);
  }

  /* access mask */
  offset = dissect_smb_access_mask(tvb, tree, offset);

  return offset;
}

static int
dissect_smb2_file_ea_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_ea_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_ea_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_EA_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static int
dissect_smb2_file_stream_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_stream_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_stream_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_STREAM_INFO(tvb, pinfo, tree, offset, &bc, &trunc, true);

  return offset;
}

static int
dissect_smb2_file_pipe_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_pipe_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_pipe_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_sfi_SMB_FILE_PIPE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static int
dissect_smb2_file_pipe_local_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_pipe_local_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_pipe_local_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_PIPE_LOCAL_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static int
dissect_smb2_file_pipe_remote_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_pipe_remote_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_pipe_remote_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_PIPE_REMOTE_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}


static int
dissect_smb2_file_compression_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_compression_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_compression_info);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_COMPRESSION_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static int
dissect_smb2_file_network_open_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_network_open_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_network_open_info);
  }


  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_NETWORK_OPEN_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static int
dissect_smb2_file_attribute_tag_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;
  bool        trunc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_attribute_tag_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_attribute_tag_info);
  }


  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfi_SMB_FILE_ATTRIBUTE_TAG_INFO(tvb, pinfo, tree, offset, &bc, &trunc);

  return offset;
}

static const true_false_string tfs_disposition_delete_on_close = {
  "DELETE this file when closed",
  "Normal access, do not delete on close"
};

static int
dissect_smb2_file_disposition_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_disposition_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_disposition_info);
  }

  /* file disposition */
  proto_tree_add_item(tree, hf_smb2_disposition_delete_on_close, tvb, offset, 1, ENC_LITTLE_ENDIAN);

  return offset;
}

static int
dissect_smb2_file_full_ea_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint32_t    next_offset;
  uint8_t     ea_name_len;
  uint16_t    ea_data_len;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_full_ea_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_full_ea_info);
  }

  while (1) {
    char *name = NULL;
    char *data = NULL;
    int start_offset = offset;
    proto_item *ea_item;
    proto_tree *ea_tree;

    ea_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_ea, &ea_item, "EA:");

    /* next offset */
    next_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(ea_tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* EA flags */
    proto_tree_add_item(ea_tree, hf_smb2_ea_flags, tvb, offset, 1, ENC_LITTLE_ENDIAN);
    offset += 1;

    /* EA Name Length */
    ea_name_len = tvb_get_uint8(tvb, offset);
    proto_tree_add_item(ea_tree, hf_smb2_ea_name_len, tvb, offset, 1, ENC_LITTLE_ENDIAN);
    offset += 1;

    /* EA Data Length */
    ea_data_len = tvb_get_letohs(tvb, offset);
    proto_tree_add_item(ea_tree, hf_smb2_ea_data_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;

    /* ea name */
    if (ea_name_len) {
      proto_tree_add_item_ret_display_string(ea_tree, hf_smb2_ea_name,
        tvb, offset, ea_name_len, ENC_ASCII|ENC_NA,
        pinfo->pool, &name);
    }

    /* The name is terminated with a NULL */
    offset += ea_name_len + 1;

    /* ea data */
    if (ea_data_len) {
      proto_tree_add_item_ret_display_string(ea_tree, hf_smb2_ea_data,
        tvb, offset, ea_data_len, ENC_NA,
        pinfo->pool, &data);
    }
    offset += ea_data_len;


    if (ea_item) {
      proto_item_append_text(ea_item, " %s := %s",
          name ? name : "",
          data ? data : "");
    }
    proto_item_set_len(ea_item, offset-start_offset);


    if (!next_offset) {
      break;
    }

    offset = start_offset+next_offset;
  }

  return offset;
}

static const true_false_string tfs_replace_if_exists = {
  "Replace the target if it exists",
  "Fail if the target exists"
};

static int
dissect_smb2_file_rename_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  int         length;


  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_rename_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_rename_info);
  }

  /* ReplaceIfExists */
  proto_tree_add_item(tree, hf_smb2_replace_if, tvb, offset, 1, ENC_NA);
  offset += 1;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved_random, tvb, offset, 7, ENC_NA);
  offset += 7;

  /* Root Directory Handle, MBZ */
  proto_tree_add_item(tree, hf_smb2_root_directory_mbz, tvb, offset, 8, ENC_NA);
  offset += 8;

  /* file name length */
  length = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* file name */
  if (length) {
    char *display_string;

    proto_tree_add_item_ret_display_string(tree, hf_smb2_filename,
        tvb, offset, length, ENC_UTF_16|ENC_LITTLE_ENDIAN,
        pinfo->pool, &display_string);
    col_append_fstr(pinfo->cinfo, COL_INFO, " NewName:%s",
        display_string);
    offset += length;
  }

  return offset;
}

static int
dissect_smb2_file_link_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  int         length;
  char       *display_string = NULL;


  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_file_link_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_file_link_info);
  }

  /* ReplaceIfExists */
  proto_tree_add_item(tree, hf_smb2_replace_if, tvb, offset, 1, ENC_NA);
  offset += 1;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved_random, tvb, offset, 7, ENC_NA);
  offset += 7;

  /* Root Directory Handle, MBZ */
  proto_tree_add_item(tree, hf_smb2_root_directory_mbz, tvb, offset, 8, ENC_NA);
  offset += 8;

  /* file name length */
  length = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* file name */
  if (length < 1) {
    return offset;
  }

  proto_tree_add_item_ret_display_string(tree, hf_smb2_filename,
                 tvb, offset, length, ENC_UTF_16|ENC_LITTLE_ENDIAN,
                 pinfo->pool, &display_string);
  col_append_fstr(pinfo->cinfo, COL_INFO, " NewLink:%s",
      display_string);
  offset += length;

  return offset;
}

static int
dissect_smb2_sec_info_00(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_sec_info_00, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_sec_info_00);
  }

  /* security descriptor */
  offset = dissect_nt_sec_desc(tvb, offset, pinfo, tree, NULL, true, tvb_captured_length_remaining(tvb, offset), NULL);

  return offset;
}

static int
dissect_smb2_quota_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t bcp;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_quota_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_quota_info);
  }

  bcp = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_nt_user_quota(tvb, pinfo, tree, offset, &bcp);

  return offset;
}

static int
dissect_smb2_fs_info_05(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_05, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_fs_info_05);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfsi_FS_ATTRIBUTE_INFO(tvb, pinfo, tree, offset, &bc);

  return offset;
}

static int
dissect_smb2_fs_info_06(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_06, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_fs_info_06);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_nt_quota(tvb, tree, offset, &bc);

  return offset;
}

static int
dissect_smb2_FS_OBJECTID_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_fs_objectid_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_fs_objectid_info);
  }

  /* FILE_OBJECTID_BUFFER */
  offset = dissect_smb2_FILE_OBJECTID_BUFFER(tvb, pinfo, tree, offset);

  return offset;
}

static int
dissect_smb2_fs_info_07(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_07, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_fs_info_07);
  }

  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfsi_FS_FULL_SIZE_INFO(tvb, pinfo, tree, offset, &bc);

  return offset;
}

static int
dissect_smb2_fs_info_01(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_01, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_fs_info_01);
  }


  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfsi_FS_VOLUME_INFO(tvb, pinfo, tree, offset, &bc, true);

  return offset;
}

static int
dissect_smb2_fs_info_03(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_03, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_fs_info_03);
  }


  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfsi_FS_SIZE_INFO(tvb, pinfo, tree, offset, &bc);

  return offset;
}

static int
dissect_smb2_fs_info_04(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  uint16_t    bc;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_fs_info_04, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_fs_info_04);
  }


  bc = tvb_captured_length_remaining(tvb, offset);
  offset = dissect_qfsi_FS_DEVICE_INFO(tvb, pinfo, tree, offset, &bc);

  return offset;
}

static int
dissect_smb2_fs_posix_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_fs_posix_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_fs_posix_info);
  }

  proto_tree_add_item(tree, hf_smb2_fs_posix_optimal_transfer_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_fs_posix_block_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_fs_posix_total_blocks, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_fs_posix_blocks_available, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_fs_posix_user_blocks_available, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_fs_posix_total_file_nodes, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_fs_posix_free_file_nodes, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_fs_posix_fs_identifier, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  return offset;
}

static const value_string oplock_vals[] = {
  { 0x00, "No oplock" },
  { 0x01, "Level2 oplock" },
  { 0x08, "Exclusive oplock" },
  { 0x09, "Batch oplock" },
  { 0xff, "Lease" },
  { 0, NULL }
};

static int
dissect_smb2_oplock(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
  proto_tree_add_item(parent_tree, hf_smb2_oplock, tvb, offset, 1, ENC_LITTLE_ENDIAN);

  offset += 1;
  return offset;
}

static int
dissect_smb2_buffercode(proto_tree *parent_tree, tvbuff_t *tvb, int offset, uint16_t *length)
{
  proto_tree *tree;
  proto_item *item = NULL;
  uint16_t buffer_code;

  /* dissect the first 2 bytes of the command PDU */
  buffer_code = tvb_get_letohs(tvb, offset);
  item = proto_tree_add_uint(parent_tree, hf_smb2_buffer_code, tvb, offset, 2, buffer_code);
  tree = proto_item_add_subtree(item, ett_smb2_buffercode);
  proto_tree_add_item(tree, hf_smb2_buffer_code_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  proto_tree_add_item(tree, hf_smb2_buffer_code_flags_dyn, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  if (length) {
    *length = buffer_code; /*&0xfffe don't mask it here, mask it on caller side */
  }

  return offset;
}

#define NEGPROT_CAP_DFS   0x00000001
#define NEGPROT_CAP_LEASING 0x00000002
#define NEGPROT_CAP_LARGE_MTU 0x00000004
#define NEGPROT_CAP_MULTI_CHANNEL 0x00000008
#define NEGPROT_CAP_PERSISTENT_HANDLES  0x00000010
#define NEGPROT_CAP_DIRECTORY_LEASING 0x00000020
#define NEGPROT_CAP_ENCRYPTION    0x00000040
#define NEGPROT_CAP_NOTIFICATIONS   0x00000080
static int
dissect_smb2_capabilities(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
  static int * const flags[] = {
    &hf_smb2_cap_dfs,
    &hf_smb2_cap_leasing,
    &hf_smb2_cap_large_mtu,
    &hf_smb2_cap_multi_channel,
    &hf_smb2_cap_persistent_handles,
    &hf_smb2_cap_directory_leasing,
    &hf_smb2_cap_encryption,
    &hf_smb2_cap_notifications,
    NULL
  };

  proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_capabilities, ett_smb2_capabilities, flags, ENC_LITTLE_ENDIAN);
  offset += 4;

  return offset;
}



#define NEGPROT_SIGN_REQ  0x02
#define NEGPROT_SIGN_ENABLED  0x01

static int
dissect_smb2_secmode(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
  static int * const flags[] = {
    &hf_smb2_secmode_flags_sign_enabled,
    &hf_smb2_secmode_flags_sign_required,
    NULL
  };

  proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_security_mode, ett_smb2_sec_mode, flags, ENC_LITTLE_ENDIAN);
  offset += 1;

  return offset;
}

#define SES_REQ_FLAGS_SESSION_BINDING   0x01

static int
dissect_smb2_ses_req_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
  static int * const flags[] = {
    &hf_smb2_ses_req_flags_session_binding,
    NULL
  };

  proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_ses_req_flags, ett_smb2_ses_req_flags, flags, ENC_LITTLE_ENDIAN);
  offset += 1;

  return offset;
}

#define SES_FLAGS_GUEST   0x0001
#define SES_FLAGS_NULL    0x0002
#define SES_FLAGS_ENCRYPT 0x0004

static int
dissect_smb2_ses_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
  static int * const flags[] = {
    &hf_smb2_ses_flags_guest,
    &hf_smb2_ses_flags_null,
    &hf_smb2_ses_flags_encrypt,
    NULL
  };

  proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_session_flags, ett_smb2_ses_flags, flags, ENC_LITTLE_ENDIAN);
  offset += 2;

  return offset;
}

#define SHARE_FLAGS_manual_caching    0x00000000
#define SHARE_FLAGS_auto_caching    0x00000010
#define SHARE_FLAGS_vdo_caching     0x00000020
#define SHARE_FLAGS_no_caching      0x00000030

static const value_string share_cache_vals[] = {
  { SHARE_FLAGS_manual_caching, "Manual caching" },
  { SHARE_FLAGS_auto_caching, "Auto caching" },
  { SHARE_FLAGS_vdo_caching,  "VDO caching" },
  { SHARE_FLAGS_no_caching, "No caching" },
  { 0, NULL }
};

#define SHARE_FLAGS_dfs       0x00000001
#define SHARE_FLAGS_dfs_root      0x00000002
#define SHARE_FLAGS_restrict_exclusive_opens  0x00000100
#define SHARE_FLAGS_force_shared_delete   0x00000200
#define SHARE_FLAGS_allow_namespace_caching 0x00000400
#define SHARE_FLAGS_access_based_dir_enum 0x00000800
#define SHARE_FLAGS_force_levelii_oplock  0x00001000
#define SHARE_FLAGS_enable_hash_v1    0x00002000
#define SHARE_FLAGS_enable_hash_v2    0x00004000
#define SHARE_FLAGS_encryption_required   0x00008000
#define SHARE_FLAGS_identity_remoting   0x00040000
#define SHARE_FLAGS_compress_data   0x00100000
#define SHARE_FLAGS_isolated_transport    0x00200000

static int
dissect_smb2_share_flags(proto_tree *tree, tvbuff_t *tvb, int offset)
{
  static int * const sf_fields[] = {
    &hf_smb2_share_flags_dfs,
    &hf_smb2_share_flags_dfs_root,
    &hf_smb2_share_flags_restrict_exclusive_opens,
    &hf_smb2_share_flags_force_shared_delete,
    &hf_smb2_share_flags_allow_namespace_caching,
    &hf_smb2_share_flags_access_based_dir_enum,
    &hf_smb2_share_flags_force_levelii_oplock,
    &hf_smb2_share_flags_enable_hash_v1,
    &hf_smb2_share_flags_enable_hash_v2,
    &hf_smb2_share_flags_encrypt_data,
    &hf_smb2_share_flags_identity_remoting,
    &hf_smb2_share_flags_compress_data,
    &hf_smb2_share_flags_isolated_transport,
    NULL
  };
  proto_item *item = NULL;
  uint32_t cp;

  item = proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_share_flags, ett_smb2_share_flags, sf_fields, ENC_LITTLE_ENDIAN);

  cp = tvb_get_letohl(tvb, offset);
  cp &= 0x00000030;
  proto_tree_add_uint_format(item, hf_smb2_share_caching, tvb, offset, 4, cp, "Caching policy: %s (%08x)", val_to_str(cp, share_cache_vals, "Unknown:%u"), cp);


  offset += 4;

  return offset;
}

#define SHARE_CAPS_DFS        0x00000008
#define SHARE_CAPS_CONTINUOUS_AVAILABILITY  0x00000010
#define SHARE_CAPS_SCALEOUT     0x00000020
#define SHARE_CAPS_CLUSTER      0x00000040
#define SHARE_CAPS_ASYMMETRIC     0x00000080
#define SHARE_CAPS_REDIRECT_TO_OWNER    0x00000100

static int
dissect_smb2_share_caps(proto_tree *tree, tvbuff_t *tvb, int offset)
{
  static int * const sc_fields[] = {
    &hf_smb2_share_caps_dfs,
    &hf_smb2_share_caps_continuous_availability,
    &hf_smb2_share_caps_scaleout,
    &hf_smb2_share_caps_cluster,
    &hf_smb2_share_caps_asymmetric,
    &hf_smb2_share_caps_redirect_to_owner,
    NULL
  };

  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_share_caps, ett_smb2_share_caps, sc_fields, ENC_LITTLE_ENDIAN);

  offset += 4;

  return offset;
}

static void
dissect_smb2_secblob(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
{
  if ((tvb_captured_length(tvb)>=7)
  &&  (!tvb_memeql(tvb, 0, (const uint8_t*)"NTLMSSP", 7))) {
    call_dissector(ntlmssp_handle, tvb, pinfo, tree);
  } else {
    call_dissector(gssapi_handle, tvb, pinfo, tree);
  }
}

/*
 * Derive client and server decryption keys from the secret session key
 * and set them in the session object.
 */
static void smb2_generate_decryption_keys(smb2_conv_info_t *conv, smb2_sesid_info_t *ses)
{
  bool has_seskey = memcmp(ses->session_key, zeros, NTLMSSP_KEY_LEN) != 0;
  bool has_signkey = memcmp(ses->signing_key, zeros, NTLMSSP_KEY_LEN) != 0;
  bool has_client_key = memcmp(ses->client_decryption_key16, zeros, AES_KEY_SIZE) != 0;
  bool has_server_key = memcmp(ses->server_decryption_key16, zeros, AES_KEY_SIZE) != 0;

  /* if all decryption keys are provided, nothing to do */
  if (has_client_key && has_server_key && has_signkey)
    return;

  /* otherwise, generate them from session key, if it's there */
  if (!has_seskey || ses->session_key_len == 0)
    return;

  /* generate decryption keys */
  if (conv->dialect <= SMB2_DIALECT_210) {
    if (!has_signkey)
      memcpy(ses->signing_key, ses->session_key,
             NTLMSSP_KEY_LEN);
  } else if (conv->dialect < SMB2_DIALECT_311) {
    if (!has_server_key)
      smb2_key_derivation(ses->session_key,
              NTLMSSP_KEY_LEN,
              "SMB2AESCCM", 11,
              "ServerIn ", 10,
              ses->server_decryption_key16, 16);
    if (!has_client_key)
      smb2_key_derivation(ses->session_key,
              NTLMSSP_KEY_LEN,
              "SMB2AESCCM", 11,
              "ServerOut", 10,
              ses->client_decryption_key16, 16);
    if (!has_signkey)
      smb2_key_derivation(ses->session_key,
              NTLMSSP_KEY_LEN,
              "SMB2AESCMAC", 12,
              "SmbSign", 8,
              ses->signing_key, 16);
  } else if (conv->dialect >= SMB2_DIALECT_311) {
    if (!has_server_key) {
      smb2_key_derivation(ses->session_key,
              NTLMSSP_KEY_LEN,
              "SMBC2SCipherKey", 16,
              ses->preauth_hash, SMB2_PREAUTH_HASH_SIZE,
              ses->server_decryption_key16, 16);
      smb2_key_derivation(ses->session_key,
              ses->session_key_len,
              "SMBC2SCipherKey", 16,
              ses->preauth_hash, SMB2_PREAUTH_HASH_SIZE,
              ses->server_decryption_key32, 32);
    }
    if (!has_client_key) {
      smb2_key_derivation(ses->session_key,
              NTLMSSP_KEY_LEN,
              "SMBS2CCipherKey", 16,
              ses->preauth_hash, SMB2_PREAUTH_HASH_SIZE,
              ses->client_decryption_key16, 16);
      smb2_key_derivation(ses->session_key,
              ses->session_key_len,
              "SMBS2CCipherKey", 16,
              ses->preauth_hash, SMB2_PREAUTH_HASH_SIZE,
              ses->client_decryption_key32, 32);
    }
    if (!has_signkey)
      smb2_key_derivation(ses->session_key,
              NTLMSSP_KEY_LEN,
              "SMBSigningKey", 14,
              ses->preauth_hash, SMB2_PREAUTH_HASH_SIZE,
              ses->signing_key, 16);
  }

  ws_log_buffer(ses->signing_key, NTLMSSP_KEY_LEN, "Generated Sign key");
  ws_log_buffer(ses->client_decryption_key16, AES_KEY_SIZE, "Generated S2C key16");
  ws_log_buffer(ses->client_decryption_key32, AES_KEY_SIZE*2, "Generated S2C key32");
  ws_log_buffer(ses->server_decryption_key16, AES_KEY_SIZE, "Generated C2S key16");
  ws_log_buffer(ses->server_decryption_key32, AES_KEY_SIZE*2, "Generated C2S key32");
}

static int
dissect_smb2_session_setup_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t  s_olb;
  const ntlmssp_header_t *ntlmssph;
  static int ntlmssp_tap_id = 0;
  smb2_saved_info_t *ssi = si->saved;
  proto_item *hash_item;
  int        idx;

  if (!ntlmssp_tap_id) {
    GString *error_string;
    /* We don't specify any callbacks at all.
     * Instead we manually fetch the tapped data after the
     * security blob has been fully dissected and before
     * we exit from this dissector.
     */
    error_string = register_tap_listener("ntlmssp", NULL, NULL,
        TL_IS_DISSECTOR_HELPER, NULL, NULL, NULL, NULL);
    if (!error_string) {
      ntlmssp_tap_id = find_tap_id("ntlmssp");
    } else {
      g_string_free(error_string, true);
    }
  }

  if (!pinfo->fd->visited && ssi) {
    /* compute preauth hash on first pass */

    /* start from last preauth hash of the connection if 1st request */
    if (si->sesid == 0)
      memcpy(si->conv->preauth_hash_ses, si->conv->preauth_hash_con, SMB2_PREAUTH_HASH_SIZE);

    ssi->preauth_hash_req = (uint8_t*)wmem_alloc0(wmem_file_scope(), SMB2_PREAUTH_HASH_SIZE);
    update_preauth_hash(si->conv->preauth_hash_current, pinfo, tvb);
    memcpy(ssi->preauth_hash_req, si->conv->preauth_hash_current, SMB2_PREAUTH_HASH_SIZE);
  }

  if (ssi && ssi->preauth_hash_req) {
    hash_item = proto_tree_add_bytes_with_length(tree, hf_smb2_preauth_hash, tvb,
                   0, tvb_captured_length(tvb),
                   ssi->preauth_hash_req, SMB2_PREAUTH_HASH_SIZE);
    proto_item_set_generated(hash_item);
  }

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
  /* some unknown bytes */

  /* flags */
  offset = dissect_smb2_ses_req_flags(tree, tvb, offset);

  /* security mode */
  offset = dissect_smb2_secmode(tree, tvb, offset);

  /* capabilities */
  offset = dissect_smb2_capabilities(tree, tvb, offset);

  /* channel */
  proto_tree_add_item(tree, hf_smb2_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* security blob offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_security_blob);

  /* previous session id */
  proto_tree_add_item(tree, hf_smb2_previous_sesid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;


  /* the security blob itself */
  dissect_smb2_olb_buffer(pinfo, tree, tvb, &s_olb, si, dissect_smb2_secblob);

  offset = dissect_smb2_olb_tvb_max_offset(offset, &s_olb);

  /* If we have found a uid->acct_name mapping, store it */
  if (!pinfo->fd->visited) {
    idx = 0;
    while ((ntlmssph = (const ntlmssp_header_t *)fetch_tapped_data(ntlmssp_tap_id, idx++)) != NULL) {
      if (ntlmssph->type == NTLMSSP_AUTH) {
        si->session = smb2_get_session(si->conv, si->sesid, pinfo, si);
        si->session->acct_name = wmem_strdup(wmem_file_scope(), ntlmssph->acct_name);
        si->session->domain_name = wmem_strdup(wmem_file_scope(), ntlmssph->domain_name);
        si->session->host_name = wmem_strdup(wmem_file_scope(), ntlmssph->host_name);
        /* don't overwrite session key from preferences */
        if (memcmp(si->session->session_key, zeros, NTLMSSP_KEY_LEN) == 0) {
          memcpy(si->session->session_key, ntlmssph->session_key, NTLMSSP_KEY_LEN);
          si->session->session_key_len = NTLMSSP_KEY_LEN;
          si->session->session_key_frame = pinfo->num;
        }
        si->session->auth_frame = pinfo->num;
      }
    }
  }

  return offset;
}

static void
dissect_smb2_share_redirect_error(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_tree *tree;
  proto_item *item = NULL;
  proto_tree *ips_tree;
  proto_item *ips_item;

  offset_length_buffer_t res_olb;
  uint32_t i, ip_count;

  item = proto_tree_add_item(parent_tree, hf_smb2_error_redir_context, tvb, offset, 0, ENC_NA);
  tree = proto_item_add_subtree(item, ett_smb2_error_redir_context);

  /* structure size */
  proto_tree_add_item(tree, hf_smb2_error_redir_struct_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* notification type */
  proto_tree_add_item(tree, hf_smb2_error_redir_notif_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* resource name offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &res_olb, OLB_O_UINT32_S_UINT32, hf_smb2_error_redir_res_name);

  /* flags */
  proto_tree_add_item(tree, hf_smb2_error_redir_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* target type */
  proto_tree_add_item(tree, hf_smb2_error_redir_target_type, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* ip addr count */
  proto_tree_add_item_ret_uint(tree, hf_smb2_error_redir_ip_count, tvb, offset, 4, ENC_LITTLE_ENDIAN, &ip_count);
  offset += 4;

  /* ip addr list */
  ips_item = proto_tree_add_item(tree, hf_smb2_error_redir_ip_list, tvb, offset, 0, ENC_NA);
  ips_tree = proto_item_add_subtree(ips_item, ett_smb2_error_redir_ip_list);
  for (i = 0; i < ip_count; i++)
    offset += dissect_windows_sockaddr_storage(tvb, pinfo, ips_tree, offset, -1);

  /* resource name */
  dissect_smb2_olb_off_string(pinfo, tree, tvb, &res_olb, offset, OLB_TYPE_UNICODE_STRING);
}

static void
dissect_smb2_STATUS_STOPPED_ON_SYMLINK(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_tree *tree;
  proto_item *item = NULL;

  offset_length_buffer_t  s_olb, p_olb;

  item = proto_tree_add_item(parent_tree, hf_smb2_symlink_error_response, tvb, offset, -1, ENC_NA);
  tree = proto_item_add_subtree(item, ett_smb2_symlink_error_response);

  /* symlink length */
  proto_tree_add_item(tree, hf_smb2_symlink_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* symlink error tag */
  proto_tree_add_item(tree, hf_smb2_symlink_error_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* reparse tag */
  proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_reparse_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_item(tree, hf_smb2_unparsed_path_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* substitute name  offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_symlink_substitute_name);

  /* print name offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &p_olb, OLB_O_UINT16_S_UINT16, hf_smb2_symlink_print_name);

  /* flags */
  proto_tree_add_item(tree, hf_smb2_symlink_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* substitute name string */
  dissect_smb2_olb_off_string(pinfo, tree, tvb, &s_olb, offset, OLB_TYPE_UNICODE_STRING);

  /* print name string */
  dissect_smb2_olb_off_string(pinfo, tree, tvb, &p_olb, offset, OLB_TYPE_UNICODE_STRING);
}

static int
// NOLINTNEXTLINE(misc-no-recursion)
dissect_smb2_error_context(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  proto_tree *tree;
  proto_item *item = NULL;
  tvbuff_t *sub_tvb;
  uint32_t length;
  uint32_t id;

  item = proto_tree_add_item(parent_tree, hf_smb2_error_context, tvb, offset, -1, ENC_NA);
  tree = proto_item_add_subtree(item, ett_smb2_error_context);

  proto_tree_add_item_ret_uint(tree, hf_smb2_error_context_length, tvb, offset, 4, ENC_LITTLE_ENDIAN, &length);
  offset += 4;

  proto_tree_add_item_ret_uint(tree, hf_smb2_error_context_id, tvb, offset, 4, ENC_LITTLE_ENDIAN, &id);
  offset += 4;

  sub_tvb = tvb_new_subset_length(tvb, offset, length);
  dissect_smb2_error_data(sub_tvb, pinfo, tree, 0, id, si);
  offset += length;

  return offset;
}

/*
 * Assumes it is being called with a sub-tvb (dissects at offsets 0)
 */
static void
// NOLINTNEXTLINE(misc-no-recursion)
dissect_smb2_error_data(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree,
      int error_context_count, int error_id,
      smb2_info_t *si _U_)
{
  proto_tree *tree;
  proto_item *item = NULL;

  int offset = 0;
  int i;

  item = proto_tree_add_item(parent_tree, hf_smb2_error_data, tvb, offset, -1, ENC_NA);
  tree = proto_item_add_subtree(item, ett_smb2_error_data);

  if (error_context_count == 0) {
    if (tvb_captured_length_remaining(tvb, offset) <= 1)
      return;
    switch (si->status) {
    case NT_STATUS_STOPPED_ON_SYMLINK:
      dissect_smb2_STATUS_STOPPED_ON_SYMLINK(tvb, pinfo, tree, offset, si);
      break;
    case NT_STATUS_BUFFER_TOO_SMALL:
      proto_tree_add_item(tree, hf_smb2_error_min_buf_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
      break;
    case NT_STATUS_BAD_NETWORK_NAME:
      if (error_id == SMB2_ERROR_ID_SHARE_REDIRECT)
        dissect_smb2_share_redirect_error(tvb, pinfo, tree, offset, si);
    default:
      break;
    }
  } else {
    increment_dissection_depth(pinfo);
    for (i = 0; i < error_context_count; i++) {
      offset += dissect_smb2_error_context(tvb, pinfo, tree, offset, si);
    }
    decrement_dissection_depth(pinfo);
  }
}

/*
 * SMB2 Error responses are a bit convoluted. Error data can be a list
 * of error contexts which themselves can hold an error data field.
 * See [MS-SMB2] 2.2.2.1.
 *
 * ERROR_RESP := ERROR_DATA
 *
 * ERROR_DATA := ( ERROR_CONTEXT + )
 *             | ERROR_STATUS_STOPPED_ON_SYMLINK
 *             | ERROR_ID_SHARE_REDIRECT
 *             | ERROR_BUFFER_TOO_SMALL
 *
 * ERROR_CONTEXT := ... + ERROR_DATA
 *                | ERROR_ID_SHARE_REDIRECT
 *
 * This needs more fixes for cases when the original header had also the constant value of 9.
 * This should be fixed on caller side where it decides if it has to call this or not.
 *
 */
static int
dissect_smb2_error_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si,
              bool* continue_dissection)
{
  int byte_count;
  uint8_t error_context_count;
  uint16_t length;
  tvbuff_t *sub_tvb;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, &length);

  /* FIX: error response uses this constant, if not then it is not an error response */
  if(length != 9)
  {
    if(continue_dissection)
      *continue_dissection = true;
  } else {
    if(continue_dissection)
      *continue_dissection = false;

    /* ErrorContextCount (1 bytes) */
    error_context_count = tvb_get_uint8(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_error_context_count, tvb, offset, 1, ENC_LITTLE_ENDIAN);
    offset += 1;

    /* Reserved (1 bytes) */
    proto_tree_add_item(tree, hf_smb2_error_reserved, tvb, offset, 1, ENC_LITTLE_ENDIAN);
    offset += 1;

    /* ByteCount (4 bytes): The number of bytes of data contained in ErrorData[]. */
    byte_count = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_error_byte_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* If the ByteCount field is zero then the server MUST supply an ErrorData field
       that is one byte in length */
    if (byte_count == 0) byte_count = 1;

    /* ErrorData (variable): A variable-length data field that contains extended
       error information.*/
    sub_tvb = tvb_new_subset_length(tvb, offset, byte_count);
    offset += byte_count;

    dissect_smb2_error_data(sub_tvb, pinfo, tree, error_context_count, 0, si);
  }

  return offset;
}

static int
dissect_smb2_session_setup_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t s_olb;
  proto_item *hash_item;
  smb2_saved_info_t *ssi = si->saved;

  si->session = smb2_get_session(si->conv, si->sesid, pinfo, si);
  if (si->status == 0) {
    si->session->auth_frame = pinfo->num;
  }

  /* compute preauth hash on first pass */
  if (!pinfo->fd->visited && ssi) {
    ssi->preauth_hash_res = (uint8_t*)wmem_alloc0(wmem_file_scope(), SMB2_PREAUTH_HASH_SIZE);
    /*
     * Preauth hash can only be used if the session is
     * established i.e. last session setup response has a
     * success status. As per the specification, the last
     * response is NOT hashed.
     */
    if (si->status != 0) {
      /*
       * Not successful means either more req/rsp
       * processing is required or we reached an
       * error, so update hash.
       */
      update_preauth_hash(si->conv->preauth_hash_current, pinfo, tvb);
    } else {
      /*
       * Session is established, remember the last preauth hash
       */
      memcpy(si->session->preauth_hash, si->conv->preauth_hash_current, SMB2_PREAUTH_HASH_SIZE);
    }

    /* In all cases, stash the preauth hash */
    memcpy(ssi->preauth_hash_res, si->conv->preauth_hash_current, SMB2_PREAUTH_HASH_SIZE);
  }

  if (ssi && ssi->preauth_hash_res) {
    hash_item = proto_tree_add_bytes_with_length(tree, hf_smb2_preauth_hash, tvb,
                   0, tvb_captured_length(tvb),
                   ssi->preauth_hash_res, SMB2_PREAUTH_HASH_SIZE);
    proto_item_set_generated(hash_item);
  }

  /* session_setup is special and we don't use dissect_smb2_error_response() here! */

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* session flags */
  offset = dissect_smb2_ses_flags(tree, tvb, offset);

  /* security blob offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_security_blob);

  /* the security blob itself */
  dissect_smb2_olb_buffer(pinfo, tree, tvb, &s_olb, si, dissect_smb2_secblob);

  offset = dissect_smb2_olb_tvb_max_offset(offset, &s_olb);

  /* If we have found a uid->acct_name mapping, store it */
#ifdef HAVE_KERBEROS
  if (!pinfo->fd->visited &&
      ((si->session->session_key_frame == UINT32_MAX) ||
       (si->session->session_key_frame < pinfo->num)))
  {
    enc_key_t *ek;

    if (krb_decrypt) {
      read_keytab_file_from_preferences();
    }

    for (ek=enc_key_list;ek;ek=ek->next) {
      if (!ek->is_ap_rep_key) {
        continue;
      }
      if (ek->fd_num == (int)pinfo->num) {
        break;
      }
    }

    if (ek != NULL) {
      /*
       * If we remembered information from the PAC content
       * from GSSAPI AP exchange we use it, otherwise we
       * can only give a hint about the used session key.
       */
      if (ek->pac_names.account_name) {
        si->session->acct_name = wmem_strdup(wmem_file_scope(),
                     ek->pac_names.account_name);
        si->session->domain_name = wmem_strdup(wmem_file_scope(),
                       ek->pac_names.account_domain);
        if (ek->pac_names.device_sid) {
          si->session->host_name = wmem_strdup_printf(wmem_file_scope(),
                        "DEVICE[%s]",
                        ek->pac_names.device_sid);
        } else {
          si->session->host_name = NULL;
        }
      } else {
        si->session->acct_name = wmem_strdup_printf(wmem_file_scope(),
                      "KERBEROS[%s]",
                      ek->key_origin);
        si->session->domain_name = wmem_strdup_printf(wmem_file_scope(),
                        "KERBEROS[%s]",
                        ek->id_str);
        si->session->host_name = NULL;
      }
      /* don't overwrite session key from preferences */
      if (memcmp(si->session->session_key, zeros, NTLMSSP_KEY_LEN) == 0) {
        si->session->session_key_len = MIN(NTLMSSP_KEY_LEN*2, ek->keylength);
        memcpy(si->session->session_key,
               ek->keyvalue,
               si->session->session_key_len);
        si->session->session_key_frame = pinfo->num;
      }
    }
  }
#endif

  if (si->status == 0) {
    /*
     * Session is established, we can generate the keys
     */
    smb2_generate_decryption_keys(si->conv, si->session);
  }

  return offset;
}

static int
dissect_smb2_tree_connect_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  offset_length_buffer_t olb;
  const uint8_t *buf;
  uint16_t      flags;
  proto_item *item = NULL;
  static int * const connect_flags[] = {
    &hf_smb2_tc_cluster_reconnect,
    &hf_smb2_tc_redirect_to_owner,
    &hf_smb2_tc_extension_present,
    &hf_smb2_tc_reserved,
    NULL
  };

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* flags */
  item = proto_tree_get_parent(tree);
  flags = tvb_get_letohs(tvb, offset);
  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_tree_connect_flags, ett_smb2_tree_connect_flags, connect_flags, ENC_LITTLE_ENDIAN);

  if (flags != 0) {
    proto_item_append_text(item, "%s%s%s",
             (flags & 0x0001)?", CLUSTER_RECONNECT":"",
             (flags & 0x0002)?", REDIRECT_TO_OWNER":"",
             (flags & 0x0004)?", EXTENSION_PRESENT":"");
  }
  offset += 2;

  /* tree  offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT16, hf_smb2_tree);

  /* tree string */
  buf = dissect_smb2_olb_string(pinfo, tree, tvb, &olb, OLB_TYPE_UNICODE_STRING);

  offset = dissect_smb2_olb_tvb_max_offset(offset, &olb);

  if (!pinfo->fd->visited && si->saved && buf && olb.len) {
    si->saved->extra_info_type = SMB2_EI_TREENAME;
    si->saved->extra_info = wmem_strdup(wmem_file_scope(), buf);
  }

  if (buf) {
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Tree: '%s'",
        format_text(pinfo->pool, buf, strlen(buf)));
  }

  return offset;
}
static int
dissect_smb2_tree_connect_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  uint8_t share_type;
  bool continue_dissection;

  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* share type */
  share_type = tvb_get_uint8(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_share_type, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* byte is reserved and must be set to zero */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
  offset += 1;

  if (!pinfo->fd->visited && si->saved && si->saved->extra_info_type == SMB2_EI_TREENAME && si->session) {
    smb2_tid_info_t *tid, tid_key;

    tid_key.tid = si->tid;
    tid = (smb2_tid_info_t *)wmem_map_lookup(si->session->tids, &tid_key);
    if (tid) {
      wmem_map_remove(si->session->tids, &tid_key);
    }
    tid = wmem_new(wmem_file_scope(), smb2_tid_info_t);
    tid->tid = si->tid;
    tid->name = (char *)si->saved->extra_info;
    tid->connect_frame = pinfo->num;
    tid->disconnect_frame = 0;
    tid->share_type = share_type;

    wmem_map_insert(si->session->tids, tid, tid);

    si->saved->extra_info_type = SMB2_EI_NONE;
    si->saved->extra_info = NULL;
  }

  if (si->tree)
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Tree: '%s'", si->tree->name);

  /* share flags */
  offset = dissect_smb2_share_flags(tree, tvb, offset);

  /* share capabilities */
  offset = dissect_smb2_share_caps(tree, tvb, offset);

  /* this is some sort of access mask */
  offset = dissect_smb_access_mask(tvb, tree, offset);

  return offset;
}

static int
dissect_smb2_tree_disconnect_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  if (si->tree)
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Tree: '%s'", si->tree->name);

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  return offset;
}

static int
dissect_smb2_tree_disconnect_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  bool continue_dissection;

  switch (si->status) {
  /* buffer code */
  case 0x00000000:
    offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
    break;

  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  if (si->tree) {
    si->tree->disconnect_frame = pinfo->fd->num;
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Tree: '%s'", si->tree->name);
  }

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  return offset;
}

static int
dissect_smb2_sessionlogoff_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* reserved bytes */
  offset += 2;

  return offset;
}

static int
dissect_smb2_sessionlogoff_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  bool continue_dissection;

  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* reserved bytes */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  return offset;
}

static int
dissect_smb2_keepalive_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* some unknown bytes */
  proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
  offset += 2;

  return offset;
}

static int
dissect_smb2_keepalive_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  bool continue_dissection;

  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* some unknown bytes */
  proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
  offset += 2;

  return offset;
}

static int
dissect_smb2_notify_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  e_guid_t tag_guid;
  proto_tree *flags_tree = NULL;
  proto_item *flags_item = NULL;
  proto_item *item = NULL;
  proto_tree *fid_tree;
  proto_tree *which_tree;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* notify flags */
  if (tree) {
    flags_item = proto_tree_add_item(tree, hf_smb2_notify_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    flags_tree = proto_item_add_subtree(flags_item, ett_smb2_notify_flags);
  }
  proto_tree_add_item(flags_tree, hf_smb2_notify_watch_tree, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* output buffer length */
  proto_tree_add_item(tree, hf_smb2_output_buffer_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* Save the FID for use in the reply */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved)
    si->saved->uuid_fid = tag_guid;

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  } else {
    which_tree = tree;
  }

  /* Filename */
  if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
  }

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  /* completion filter */
  offset = dissect_nt_notify_completion_filter(tvb, tree, offset);

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  return offset;
}

static const value_string notify_action_vals[] = {
  {0x01, "FILE_ACTION_ADDED"},
  {0x02, "FILE_ACTION_REMOVED"},
  {0x03, "FILE_ACTION_MODIFIED"},
  {0x04, "FILE_ACTION_RENAMED_OLD_NAME"},
  {0x05, "FILE_ACTION_RENAMED_NEW_NAME"},
  {0x06, "FILE_ACTION_ADDED_STREAM"},
  {0x07, "FILE_ACTION_REMOVED_STREAM"},
  {0x08, "FILE_ACTION_MODIFIED_STREAM"},
  {0x09, "FILE_ACTION_REMOVED_BY_DELETE"},
  {0, NULL}
};

static void
dissect_smb2_notify_data_out(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  proto_tree *tree = NULL;
  proto_item *item = NULL;
  int offset = 0;

  while (tvb_reported_length_remaining(tvb, offset) > 4) {
    uint32_t start_offset = offset;
    uint32_t next_offset;
    uint32_t length;

    if (parent_tree) {
      item = proto_tree_add_item(parent_tree, hf_smb2_notify_info, tvb, offset, -1, ENC_NA);
      tree = proto_item_add_subtree(item, ett_smb2_notify_info);
    }

    /* next offset */
    proto_tree_add_item_ret_uint(tree, hf_smb2_notify_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &next_offset);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_notify_action, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file name length */
    proto_tree_add_item_ret_uint(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN, &length);
    offset += 4;

    /* file name */
    if (length) {
      proto_tree_add_item(tree, hf_smb2_filename,
          tvb, offset, length, ENC_UTF_16|ENC_LITTLE_ENDIAN);
    }

    if (!next_offset) {
      break;
    }

    offset = start_offset+next_offset;
  }
}

static int
dissect_smb2_notify_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t olb;
  bool continue_dissection;
  proto_item *item = NULL;
  proto_tree *tag_tree = NULL;
  proto_item *tag_item = NULL;
  proto_tree *which_tree = NULL;

  switch (si->status) {
  /* MS-SMB2 3.3.4.4 says STATUS_NOTIFY_ENUM_DIR is not treated as an error */
  case 0x0000010c: /* STATUS_NOTIFY_ENUM_DIR */
  case 0x00000000: /* buffer code */
   offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = tag_tree;
    } else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
          si->saved->frame_end);
        proto_item_set_generated(item);
      }
    }
  }


  /* out buffer offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT32, hf_smb2_notify_out_data);

  /* out buffer */
  dissect_smb2_olb_buffer(pinfo, tree, tvb, &olb, si, dissect_smb2_notify_data_out);
  offset = dissect_smb2_olb_tvb_max_offset(offset, &olb);

  return offset;
}

#define SMB2_FIND_FLAG_RESTART_SCANS    0x01
#define SMB2_FIND_FLAG_SINGLE_ENTRY   0x02
#define SMB2_FIND_FLAG_INDEX_SPECIFIED    0x04
#define SMB2_FIND_FLAG_REOPEN     0x10

static int
dissect_smb2_find_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t olb;
  const uint8_t *buf;
  uint8_t     il;
  static int * const f_fields[] = {
    &hf_smb2_find_flags_restart_scans,
    &hf_smb2_find_flags_single_entry,
    &hf_smb2_find_flags_index_specified,
    &hf_smb2_find_flags_reopen,
    NULL
  };
  e_guid_t tag_guid;
  proto_tree *fid_tree;
  proto_item *item = NULL;
  proto_tree *which_tree = tree;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  il = tvb_get_uint8(tvb, offset);
  if (si->saved) {
    si->saved->infolevel = il;
  }

  /* infolevel */
  proto_tree_add_uint(tree, hf_smb2_find_info_level, tvb, offset, 1, il);
  offset += 1;

  /* find flags */
  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_find_flags, ett_smb2_find_flags, f_fields, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* file index */
  proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* Save the FID for use in responses and the create request */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved) {
    si->saved->uuid_fid = tag_guid;
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  }

  if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
        }

  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
      si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  /* search pattern  offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT16, hf_smb2_find_pattern);

  /* output buffer length */
  proto_tree_add_item(tree, hf_smb2_output_buffer_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* search pattern */
  buf = dissect_smb2_olb_string(pinfo, tree, tvb, &olb, OLB_TYPE_UNICODE_STRING);

  offset = dissect_smb2_olb_tvb_max_offset(offset, &olb);

  if (!pinfo->fd->visited && si->saved && olb.len) {
    si->saved->extra_info_type = SMB2_EI_FINDPATTERN;
    si->saved->extra_info = wmem_strdup(wmem_file_scope(), buf);
  }

  col_append_fstr(pinfo->cinfo, COL_INFO, ", %s, Pattern: %s",
      val_to_str(il, smb2_find_info_levels, "(Level:0x%02x)"),
      buf);

  return offset;
}

static void dissect_smb2_file_directory_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int         offset = 0;
  proto_item *item   = NULL;
  proto_tree *tree   = NULL;

  while (tvb_reported_length_remaining(tvb, offset) > 4) {
    int old_offset = offset;
    int next_offset;
    int file_name_len;

    if (parent_tree) {
      item = proto_tree_add_item(parent_tree, hf_smb2_file_directory_info, tvb, offset, -1, ENC_NA);
      tree = proto_item_add_subtree(item, ett_smb2_file_directory_info);
    }

    /* next offset */
    next_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file index */
    proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* create time */
    dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last access */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last write */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last change */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* end of file */
    proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* allocation size */
    proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* File Attributes */
    offset = dissect_fscc_file_attr(tvb, tree, offset, NULL);

    /* file name length */
    file_name_len = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file name */
    if (file_name_len) {
      char *display_string;

      proto_tree_add_item_ret_display_string(tree, hf_smb2_filename,
          tvb, offset, file_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
          pinfo->pool, &display_string);
      proto_item_append_text(item, ": %s", display_string);
      offset += file_name_len;
    }

    proto_item_set_len(item, offset-old_offset);

    if (si->saved)
      si->saved->num_matched++;

    if (next_offset == 0) {
      return;
    }

    offset = old_offset+next_offset;
    if (offset < old_offset) {
      proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
            "Invalid offset/length. Malformed packet");
      return;
    }
  }
}

static void dissect_smb2_full_directory_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int         offset = 0;
  proto_item *item   = NULL;
  proto_tree *tree   = NULL;

  while (tvb_reported_length_remaining(tvb, offset) > 4) {
    int old_offset = offset;
    int next_offset;
    int file_name_len;
    uint32_t attr;

    if (parent_tree) {
      item = proto_tree_add_item(parent_tree, hf_smb2_full_directory_info, tvb, offset, -1, ENC_NA);
      tree = proto_item_add_subtree(item, ett_smb2_full_directory_info);
    }

    /* next offset */
    next_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file index */
    proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* create time */
    dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last access */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last write */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last change */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* end of file */
    proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* allocation size */
    proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* File Attributes */
    offset = dissect_fscc_file_attr(tvb, tree, offset, &attr);

    /* file name length */
    file_name_len = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* ea size or reparse tag */
    if (attr & SMB2_FSCC_FILE_ATTRIBUTE_REPARSE_POINT)
      proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    else
      proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file name */
    if (file_name_len) {
      char *display_string;

      proto_tree_add_item_ret_display_string(tree, hf_smb2_filename,
          tvb, offset, file_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
          pinfo->pool, &display_string);
      proto_item_append_text(item, ": %s", display_string);
      offset += file_name_len;
    }

    proto_item_set_len(item, offset-old_offset);

    if (si->saved)
      si->saved->num_matched++;

    if (next_offset == 0) {
      return;
    }

    offset = old_offset+next_offset;
    if (offset < old_offset) {
      proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
            "Invalid offset/length. Malformed packet");
      return;
    }
  }
}

static void dissect_smb2_both_directory_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int         offset = 0;
  proto_item *item   = NULL;
  proto_tree *tree   = NULL;

  while (tvb_reported_length_remaining(tvb, offset) > 4) {
    int old_offset = offset;
    int next_offset;
    int file_name_len;
    int short_name_len;
    uint32_t attr;

    if (parent_tree) {
      item = proto_tree_add_item(parent_tree, hf_smb2_both_directory_info, tvb, offset, -1, ENC_NA);
      tree = proto_item_add_subtree(item, ett_smb2_both_directory_info);
    }

    /* next offset */
    next_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file index */
    proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* create time */
    dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last access */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last write */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last change */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* end of file */
    proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* allocation size */
    proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* File Attributes */
    offset = dissect_fscc_file_attr(tvb, tree, offset, &attr);

    /* file name length */
    file_name_len = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* ea size or reparse tag */
    if (attr & SMB2_FSCC_FILE_ATTRIBUTE_REPARSE_POINT)
      proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    else
      proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* short name length */
    short_name_len = tvb_get_uint8(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_short_name_len, tvb, offset, 1, ENC_LITTLE_ENDIAN);
    offset += 1;

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
    offset += 1;

    /* short name */
    if (short_name_len) {
      proto_tree_add_item(tree, hf_smb2_short_name,
          tvb, offset, short_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
    }
    offset += 24;

    /* file name */
    if (file_name_len) {
      char *display_string;

      proto_tree_add_item_ret_display_string(tree, hf_smb2_filename,
          tvb, offset, file_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
          pinfo->pool, &display_string);
      proto_item_append_text(item, ": %s", display_string);
      offset += file_name_len;
    }

    proto_item_set_len(item, offset-old_offset);

    if (si->saved)
      si->saved->num_matched++;

    if (next_offset == 0) {
      return;
    }

    offset = old_offset+next_offset;
    if (offset < old_offset) {
      proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
            "Invalid offset/length. Malformed packet");
      return;
    }
  }
}

static void dissect_smb2_file_name_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int         offset = 0;
  proto_item *item   = NULL;
  proto_tree *tree   = NULL;

  while (tvb_reported_length_remaining(tvb, offset) > 4) {
    int old_offset = offset;
    int next_offset;
    int file_name_len;

    if (parent_tree) {
      item = proto_tree_add_item(parent_tree, hf_smb2_both_directory_info, tvb, offset, -1, ENC_NA);
      tree = proto_item_add_subtree(item, ett_smb2_both_directory_info);
    }

    /* next offset */
    next_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file index */
    proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file name length */
    file_name_len = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file name */
    if (file_name_len) {
      char *display_string;

      proto_tree_add_item_ret_display_string(tree, hf_smb2_filename,
          tvb, offset, file_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
          pinfo->pool, &display_string);
      proto_item_append_text(item, ": %s", display_string);
      offset += file_name_len;
    }

    if (si->saved)
      si->saved->num_matched++;

    proto_item_set_len(item, offset-old_offset);

    if (next_offset == 0) {
      return;
    }

    offset = old_offset+next_offset;
    if (offset < old_offset) {
      proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
            "Invalid offset/length. Malformed packet");
      return;
    }
  }
}

static void dissect_smb2_id_both_directory_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int         offset = 0;
  proto_item *item   = NULL;
  proto_tree *tree   = NULL;

  while (tvb_reported_length_remaining(tvb, offset) > 4) {
    int old_offset = offset;
    int next_offset;
    int file_name_len;
    int short_name_len;
    uint32_t attr;

    if (parent_tree) {
      item = proto_tree_add_item(parent_tree, hf_smb2_id_both_directory_info, tvb, offset, -1, ENC_NA);
      tree = proto_item_add_subtree(item, ett_smb2_id_both_directory_info);
    }

    /* next offset */
    next_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file index */
    proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* create time */
    dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last access */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last write */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last change */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* end of file */
    proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* allocation size */
    proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* File Attributes */
    offset = dissect_fscc_file_attr(tvb, tree, offset, &attr);

    /* file name length */
    file_name_len = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* ea size or reparse tag */
    if (attr & SMB2_FSCC_FILE_ATTRIBUTE_REPARSE_POINT)
      proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    else
      proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* short name length */
    short_name_len = tvb_get_uint8(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_short_name_len, tvb, offset, 1, ENC_LITTLE_ENDIAN);
    offset += 1;

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
    offset += 1;

    /* short name */
    if (short_name_len) {
      proto_tree_add_item(tree, hf_smb2_short_name,
          tvb, offset, short_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
    }
    offset += 24;

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
    offset += 2;

    /* file id */
    proto_tree_add_item(tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* file name */
    if (file_name_len) {
      char *display_string;

      proto_tree_add_item_ret_display_string(tree, hf_smb2_filename,
          tvb, offset, file_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
          pinfo->pool, &display_string);
      proto_item_append_text(item, ": %s", display_string);
      offset += file_name_len;
    }

    proto_item_set_len(item, offset-old_offset);

    if (si->saved)
      si->saved->num_matched++;

    if (next_offset == 0) {
      return;
    }

    offset = old_offset+next_offset;
    if (offset < old_offset) {
      proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
            "Invalid offset/length. Malformed packet");
      return;
    }
  }
}


static void dissect_smb2_id_full_directory_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int         offset = 0;
  proto_item *item   = NULL;
  proto_tree *tree   = NULL;

  while (tvb_reported_length_remaining(tvb, offset) > 4) {
    int old_offset = offset;
    int next_offset;
    int file_name_len;
    uint32_t attr;

    if (parent_tree) {
      item = proto_tree_add_item(parent_tree, hf_smb2_id_both_directory_info, tvb, offset, -1, ENC_NA);
      tree = proto_item_add_subtree(item, ett_smb2_id_both_directory_info);
    }

    /* next offset */
    next_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* file index */
    proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* create time */
    dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last access */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last write */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* last change */
    dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* end of file */
    proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* allocation size */
    proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* File Attributes */
    offset = dissect_fscc_file_attr(tvb, tree, offset, &attr);

    /* file name length */
    file_name_len = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* ea size or reparse tag */
    if (attr & SMB2_FSCC_FILE_ATTRIBUTE_REPARSE_POINT)
      proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    else
      proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
    offset += 4;

    /* file id */
    proto_tree_add_item(tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* file name */
    if (file_name_len) {
      char *display_string;

      proto_tree_add_item_ret_display_string(tree, hf_smb2_filename,
          tvb, offset, file_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
          pinfo->pool, &display_string);
      proto_item_append_text(item, ": %s", display_string);
      offset += file_name_len;
    }

    proto_item_set_len(item, offset-old_offset);

    if (si->saved)
      si->saved->num_matched++;

    if (next_offset == 0) {
      return;
    }

    offset = old_offset+next_offset;
    if (offset < old_offset) {
      proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
            "Invalid offset/length. Malformed packet");
      return;
    }
  }
}

static int dissect_smb2_posix_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  /* create time */
  dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last access */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last write */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last change */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* end of file */
  proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* allocation size */
  proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* File Attributes */
  offset = dissect_fscc_file_attr(tvb, tree, offset, NULL);

  /* file index */
  proto_tree_add_item(tree, hf_smb2_inode, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* dev id */
  proto_tree_add_item(tree, hf_smb2_dev, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* zero */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  /* Hardlinks */
  proto_tree_add_item(tree, hf_smb2_nlinks, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* Reparse tag */
  proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* POSIX mode bits */
  proto_tree_add_item(tree, hf_smb2_posix_perms, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* Owner and Group SID */
  offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Owner SID", NULL, -1);
  offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Group SID", NULL, -1);

  if (si->saved)
    si->saved->num_matched++;

  return offset;
}

static void dissect_smb2_posix_directory_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int offset = 0;
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  while (tvb_reported_length_remaining(tvb, offset) > 4) {
    int old_offset = offset;
    int next_offset;
    int file_name_len;

    if (parent_tree) {
      item = proto_tree_add_item(parent_tree, hf_smb2_posix_info, tvb, offset, -1, ENC_NA);
      tree = proto_item_add_subtree(item, ett_smb2_posix_info);
    }

    /* next offset */
    next_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;
    offset += 4;

    offset = dissect_smb2_posix_info(tvb, pinfo, tree, offset, si);

    /* file name length */
    proto_tree_add_item_ret_uint(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN, &file_name_len);
    offset += 4;

    /* file name */
    if (file_name_len) {
      proto_tree_add_item(tree, hf_smb2_filename, tvb, offset, file_name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
      offset += file_name_len;
    }

    proto_item_set_len(item, offset-old_offset);

    if (next_offset == 0) {
      return;
    }

    offset = old_offset+next_offset;
    if (offset < old_offset) {
      proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1,
            "Invalid offset/length. Malformed packet");
      return;
    }
  }
}


typedef struct _smb2_find_dissector_t {
  uint32_t  level;
  void (*dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si);
} smb2_find_dissector_t;

static smb2_find_dissector_t smb2_find_dissectors[] = {
  {SMB2_FIND_DIRECTORY_INFO,  dissect_smb2_file_directory_info},
  {SMB2_FIND_FULL_DIRECTORY_INFO, dissect_smb2_full_directory_info},
  {SMB2_FIND_BOTH_DIRECTORY_INFO, dissect_smb2_both_directory_info},
  {SMB2_FIND_NAME_INFO,   dissect_smb2_file_name_info},
  {SMB2_FIND_ID_BOTH_DIRECTORY_INFO,dissect_smb2_id_both_directory_info},
  {SMB2_FIND_ID_FULL_DIRECTORY_INFO,dissect_smb2_id_full_directory_info},
  {SMB2_FIND_POSIX_INFO,    dissect_smb2_posix_directory_info},
  {0, NULL}
};

static void
dissect_smb2_find_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  smb2_find_dissector_t *dis = smb2_find_dissectors;

  if (si->saved)
    si->saved->num_matched = 0;

  while (dis->dissector) {
    if (si->saved) {
      if (dis->level == si->saved->infolevel) {
        dis->dissector(tvb, pinfo, tree, si);
        return;
      }
    }
    dis++;
  }


  proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
}

static int
dissect_smb2_find_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  offset_length_buffer_t olb;
  proto_item *item = NULL;
  bool continue_dissection;
  proto_tree *fid_tree = NULL;
  proto_item *tag_item = NULL;
  proto_tree *which_tree = NULL;

  if (si->saved) {
    /* infolevel */
    item = proto_tree_add_uint(tree, hf_smb2_find_info_level, tvb, offset, 0, si->saved->infolevel);
    proto_item_set_generated(item);
  }

  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      fid_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = fid_tree;
    }
    else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);           proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }

    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved
      && si->saved->frame_end > 0
      && si->saved->frame_end < UINT32_MAX
         /* Required if the create response is missing from the capture. */
      && si->saved->frame_end != pinfo->fd->num) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
            si->saved->frame_end);
        proto_item_set_generated(item);
      }
    }
  }

  if (si->saved && si->saved->extra_info_type == SMB2_EI_FINDPATTERN) {
    col_append_fstr(pinfo->cinfo, COL_INFO, ", %s, Pattern: %s",
        val_to_str(si->saved->infolevel, smb2_find_info_levels, "(Level:0x%02x)"),
        (const char *)si->saved->extra_info);
  }

  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* findinfo offset */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT32, hf_smb2_find_info_blob);

  /* the buffer */
  dissect_smb2_olb_buffer(pinfo, tree, tvb, &olb, si, dissect_smb2_find_data);

  offset = dissect_smb2_olb_tvb_max_offset(offset, &olb);

  if (si->saved) {
    item = proto_tree_add_uint_format(tree, hf_smb2_num_matched, tvb, 0, 0,
      si->saved->num_matched, "Matched: %u names", si->saved->num_matched);
    proto_item_set_generated(item);

    col_append_fstr(
      pinfo->cinfo, COL_INFO, ", %u matches", si->saved->num_matched);
  }

  return offset;
}

static int
dissect_smb2_negotiate_context(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  uint16_t type;
  const char *type_str;
  uint32_t i, data_length, salt_length, hash_count, cipher_count, comp_count, transform_count;
  uint32_t signing_count;
  proto_item *sub_item;
  proto_tree *sub_tree;
  static int * const comp_alg_flags_fields[] = {
    &hf_smb2_comp_alg_flags_chained,
    &hf_smb2_comp_alg_flags_reserved,
    NULL
  };

  sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_negotiate_context_element, &sub_item, "Negotiate Context");

  /* type */
  type = tvb_get_letohl(tvb, offset);
  type_str = val_to_str(type, smb2_negotiate_context_types, "Unknown Type: (0x%0x)");
  proto_item_append_text(sub_item, ": %s ", type_str);
  proto_tree_add_item(sub_tree, hf_smb2_negotiate_context_type, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* data length */
  proto_tree_add_item_ret_uint(sub_tree, hf_smb2_negotiate_context_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN, &data_length);
  proto_item_set_len(sub_item, data_length + 8);
  offset += 2;

  /* reserved */
  proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  switch (type)
  {
    case SMB2_PREAUTH_INTEGRITY_CAPABILITIES:
      proto_tree_add_item_ret_uint(sub_tree, hf_smb2_hash_alg_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &hash_count);
      offset += 2;
      proto_tree_add_item_ret_uint(sub_tree, hf_smb2_salt_length, tvb, offset, 2, ENC_LITTLE_ENDIAN, &salt_length);
      offset += 2;

      for (i = 0; i < hash_count; i++)
      {
        proto_tree_add_item(sub_tree, hf_smb2_hash_algorithm, tvb, offset, 2, ENC_LITTLE_ENDIAN);
        offset += 2;
      }

      if (salt_length)
      {
        proto_tree_add_item(sub_tree, hf_smb2_salt, tvb, offset, salt_length, ENC_NA);
        offset += salt_length;
      }
      break;

    case SMB2_ENCRYPTION_CAPABILITIES:
      proto_tree_add_item_ret_uint(sub_tree, hf_smb2_cipher_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &cipher_count);
      offset += 2;

      for (i = 0; i < cipher_count; i ++)
      {
        /* in SMB3.1.1 the first cipher returned by the server session encryption algorithm */
        if (i == 0 && si && si->conv && (si->flags & SMB2_FLAGS_RESPONSE)) {
          uint16_t first_cipher = tvb_get_letohs(tvb, offset);
          si->conv->enc_alg = first_cipher;
        }
        proto_tree_add_item(sub_tree, hf_smb2_cipher_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
        offset += 2;
      }
      break;

    case SMB2_COMPRESSION_CAPABILITIES:
      proto_tree_add_item_ret_uint(sub_tree, hf_smb2_comp_alg_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &comp_count);
      offset += 2;

      /* padding */
      offset += 2;

      /* flags */
      proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_comp_alg_flags, ett_smb2_comp_alg_flags, comp_alg_flags_fields, ENC_LITTLE_ENDIAN);
      offset += 4;

      for (i = 0; i < comp_count; i ++) {
        proto_tree_add_item(sub_tree, hf_smb2_comp_alg_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
        offset += 2;
      }
      break;

    case SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
      proto_tree_add_item(sub_tree, hf_smb2_netname_neg_id, tvb, offset,
              data_length, ENC_UTF_16|ENC_LITTLE_ENDIAN);
      offset += data_length;
      break;

    case SMB2_TRANSPORT_CAPABILITIES:
      proto_tree_add_item(sub_tree, hf_smb2_transport_ctx_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
      offset += 4;
      break;

    case SMB2_RDMA_TRANSFORM_CAPABILITIES:
      proto_tree_add_item_ret_uint(sub_tree, hf_smb2_rdma_transform_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &transform_count);
      offset += 2;

      proto_tree_add_item(sub_tree, hf_smb2_rdma_transform_reserved1, tvb, offset, 2, ENC_LITTLE_ENDIAN);
      offset += 2;
      proto_tree_add_item(sub_tree, hf_smb2_rdma_transform_reserved2, tvb, offset, 4, ENC_LITTLE_ENDIAN);
      offset += 4;

      for (i = 0; i < transform_count; i++) {
        proto_tree_add_item(sub_tree, hf_smb2_rdma_transform_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
        offset += 2;
      }
      break;

    case SMB2_SIGNING_CAPABILITIES:
      proto_tree_add_item_ret_uint(sub_tree, hf_smb2_signing_alg_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &signing_count);
      offset += 2;

      for (i = 0; i < signing_count; i++) {
        /* in SMB3.1.1 the first cipher returned by the server session encryption algorithm */
        if (i == 0 && si && si->conv && (si->flags & SMB2_FLAGS_RESPONSE)) {
          uint16_t first_sign_alg = tvb_get_letohs(tvb, offset);
          si->conv->sign_alg = first_sign_alg;
        }
        proto_tree_add_item(sub_tree, hf_smb2_signing_alg_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
        offset += 2;
      }
      break;

    case SMB2_POSIX_EXTENSIONS_CAPABILITIES:
      proto_tree_add_item(sub_tree, hf_smb2_posix_reserved, tvb, offset, data_length, ENC_NA);
      offset += data_length;
      break;

    default:
      proto_tree_add_item(sub_tree, hf_smb2_unknown, tvb, offset, data_length, ENC_NA);
      offset += data_length;
      break;
  }

  return offset;
}

static int
dissect_smb2_negotiate_protocol_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint16_t dc;
  proto_item *nco_item, *ncc_item;
  bool supports_smb_3_10 = false;
  uint32_t nco;
  uint32_t ncc;
  proto_item *hash_item = NULL;
  smb2_saved_info_t *ssi = si->saved;

  /* compute preauth hash on first pass */
  if (!pinfo->fd->visited && ssi) {
    ssi->preauth_hash_req = (uint8_t*)wmem_alloc0(wmem_file_scope(), SMB2_PREAUTH_HASH_SIZE);
    memset(si->conv->preauth_hash_ses, 0, SMB2_PREAUTH_HASH_SIZE);
    memset(si->conv->preauth_hash_con, 0, SMB2_PREAUTH_HASH_SIZE);
    si->conv->preauth_hash_current = si->conv->preauth_hash_con;
    update_preauth_hash(si->conv->preauth_hash_current, pinfo, tvb);
    memcpy(ssi->preauth_hash_req, si->conv->preauth_hash_current, SMB2_PREAUTH_HASH_SIZE);
  }

  if (ssi && ssi->preauth_hash_req) {
    hash_item = proto_tree_add_bytes_with_length(tree,
                   hf_smb2_preauth_hash, tvb,
                   0, tvb_captured_length(tvb),
                   ssi->preauth_hash_req, SMB2_PREAUTH_HASH_SIZE);
    proto_item_set_generated(hash_item);
  }

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* dialect count */
  dc = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_dialect_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* security mode, skip second byte */
  offset = dissect_smb2_secmode(tree, tvb, offset);
  offset++;


  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* capabilities */
  offset = dissect_smb2_capabilities(tree, tvb, offset);

  /* client guid */
  proto_tree_add_item(tree, hf_smb2_client_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* negotiate context offset */
  nco_item = proto_tree_add_item_ret_uint(tree, hf_smb2_negotiate_context_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &nco);
  offset += 4;

  /* negotiate context count */
  ncc_item = proto_tree_add_item_ret_uint(tree, hf_smb2_negotiate_context_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &ncc);
  offset += 2;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  for (unsigned i = 0 ; i < dc; i++) {
    uint16_t d = tvb_get_letohs(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;

    if (d >= SMB2_DIALECT_310) {
      supports_smb_3_10 = true;
    }
  }

  if (!supports_smb_3_10) {
    /*
     * XXX - if 3.10 or later isn't supported, those fields
     * should be dissected as an 8-byte ClientStartTime field...
     * ...which should always be set to zero by the
     * client and ignored by the server.  Doing that would
     * require that we look ahead and scan the dialect list
     * but what if that's either cut off by a snapshot
     * length or missing due to the packet being malformed
     * or not reassembled or...?
     *
     * [MS-SMB2] says 3.11, but 3.10 is deprecated, and
     * it appears to work the same way in this regard
     * as 3.11.
     */
    if (ncc != 0) {
      expert_add_info(pinfo, ncc_item, &ei_smb2_bad_negprot_negotiate_context_count);
      ncc = 0;
    }
    if (nco != 0) {
      expert_add_info(pinfo, nco_item, &ei_smb2_bad_negprot_negotiate_context_offset);
      nco = 0;
    }
  }

  if (nco != 0) {
    uint32_t tmp = 0x40 + 36 + dc * 2;

    if (nco >= tmp) {
      offset += nco - tmp;
    } else {
      ncc = 0;
    }
  }

  for (unsigned i = 0; i < ncc; i++) {
    offset = WS_ROUNDUP_8(offset);
    offset = dissect_smb2_negotiate_context(tvb, pinfo, tree, offset, si);
  }

  return offset;
}

static int
dissect_smb2_negotiate_protocol_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t s_olb;
  uint32_t nco;
  uint32_t ncc;
  bool continue_dissection;
  proto_item *hash_item = NULL;
  smb2_saved_info_t *ssi = si->saved;

  /* compute preauth hash on first pass */
  if (!pinfo->fd->visited && ssi) {
    ssi->preauth_hash_res = (uint8_t*)wmem_alloc0(wmem_file_scope(), SMB2_PREAUTH_HASH_SIZE);
    update_preauth_hash(si->conv->preauth_hash_current, pinfo, tvb);
    memcpy(ssi->preauth_hash_res, si->conv->preauth_hash_current, SMB2_PREAUTH_HASH_SIZE);

    /*
     * All new sessions on this conversation must reuse
     * the preauth hash value at the time of the negprot
     * response, so we stash it and switch buffers
     */
    memcpy(si->conv->preauth_hash_ses, si->conv->preauth_hash_current, SMB2_PREAUTH_HASH_SIZE);
    si->conv->preauth_hash_current = si->conv->preauth_hash_ses;
  }

  if (ssi && ssi->preauth_hash_res) {
    hash_item = proto_tree_add_bytes_with_length(tree,
                   hf_smb2_preauth_hash, tvb,
                   0, tvb_captured_length(tvb),
                   ssi->preauth_hash_res, SMB2_PREAUTH_HASH_SIZE);
    proto_item_set_generated(hash_item);
  }

  switch (si->status) {
  /* buffer code */
  case 0x00000000:
    offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
    break;

  default:
    offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection)
      return offset;
  }

  /* security mode, skip second byte */
  offset = dissect_smb2_secmode(tree, tvb, offset);
  offset++;

  /* dialect picked */
  si->conv->dialect = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* negotiate context count/reserved */
  /*
   * If 3.10 or later isn't the chosen dialect, this field
   * should be dissected as a reserved field
   * ...which should always be set to zero by the
   * client and ignored by the server.
   *
   * [MS-SMB2] says 3.11, but 3.10 is deprecated, and
   * it appears to work the same way in this regard
   * as 3.11.
   */
  if (si->conv->dialect >= SMB2_DIALECT_310) {
    proto_tree_add_item_ret_uint(tree, hf_smb2_negotiate_context_count, tvb, offset, 2, ENC_LITTLE_ENDIAN, &ncc);
  } else {
    proto_item *reserved_item;

    reserved_item = proto_tree_add_item_ret_uint(tree, hf_smb2_negotiate_context_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN, &ncc);
    if (ncc != 0) {
      expert_add_info(pinfo, reserved_item, &ei_smb2_bad_negprot_reserved);
      ncc = 0;
    }
  }
  offset += 2;

  /* server GUID */
  proto_tree_add_item(tree, hf_smb2_server_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* capabilities */
  offset = dissect_smb2_capabilities(tree, tvb, offset);

  /* max trans size */
  proto_tree_add_item(tree, hf_smb2_max_trans_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* max read size */
  proto_tree_add_item(tree, hf_smb2_max_read_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* max write size */
  proto_tree_add_item(tree, hf_smb2_max_write_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* current time */
  dissect_nttime(tvb, tree, offset, hf_smb2_current_time, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* boot time */
  dissect_nttime(tvb, tree, offset, hf_smb2_boot_time, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* security blob offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_security_blob);

  /* the security blob itself */
  dissect_smb2_olb_buffer(pinfo, tree, tvb, &s_olb, si, dissect_smb2_secblob);

  /* negotiate context offset/reserved2 */
  /*
   * If 3.10 or later isn't the chosen dialect, this field
   * should be dissected as a reserved field
   * ...which should always be set to zero by the
   * client and ignored by the server.
   *
   * [MS-SMB2] says 3.11, but 3.10 is deprecated, and
   * it appears to work the same way in this regard
   * as 3.11.
   */
  if (si->conv->dialect >= SMB2_DIALECT_310) {
    proto_tree_add_item_ret_uint(tree, hf_smb2_negotiate_context_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &nco);
  } else {
    proto_item *reserved2_item;

    reserved2_item = proto_tree_add_item_ret_uint(tree, hf_smb2_negotiate_context_reserved2, tvb, offset, 4, ENC_LITTLE_ENDIAN, &nco);
    if (nco != 0) {
      expert_add_info(pinfo, reserved2_item, &ei_smb2_bad_negprot_reserved2);
      nco = 0;
    }
  }
  offset += 4;

  offset = dissect_smb2_olb_tvb_max_offset(offset, &s_olb);

  if (si->conv->dialect == SMB2_DIALECT_300 || si->conv->dialect == SMB2_DIALECT_302) {
    /* If we know we are decrypting SMB3.0, it must be CCM */
    si->conv->enc_alg = SMB2_CIPHER_AES_128_CCM;
  }

  if (si->conv->dialect >= SMB2_DIALECT_300) {
    /* If we know we are decrypting SMB3.0, it's CMAC by default */
    si->conv->sign_alg = SMB2_SIGNING_ALG_AES_CMAC;
  } else {
    si->conv->sign_alg = SMB2_SIGNING_ALG_HMAC_SHA256;
  }

  if (si->conv->dialect < SMB2_DIALECT_310) {
    ncc = 0;
  }

  if (nco != 0) {
    uint32_t tmp = 0x40 + 64 + s_olb.len;

    if (nco >= tmp) {
      offset += nco - tmp;
    } else {
      ncc = 0;
    }
  }

  for (unsigned i = 0; i < ncc; i++) {
    offset = WS_ROUNDUP_8(offset);
    offset = dissect_smb2_negotiate_context(tvb, pinfo, tree, offset, si);
  }

  return offset;
}

static const true_false_string tfs_additional_owner = {
  "Requesting OWNER security information",
  "NOT requesting owner security information",
};

static const true_false_string tfs_additional_group = {
  "Requesting GROUP security information",
  "NOT requesting group security information",
};

static const true_false_string tfs_additional_dacl = {
  "Requesting DACL security information",
  "NOT requesting DACL security information",
};

static const true_false_string tfs_additional_sacl = {
  "Requesting SACL security information",
  "NOT requesting SACL security information",
};

static const true_false_string tfs_additional_label = {
  "Requesting integrity label security information",
  "NOT requesting integrity label security information",
};

static const true_false_string tfs_additional_attribute = {
  "Requesting resource attribute security information",
  "NOT requesting resource attribute security information",
};

static const true_false_string tfs_additional_scope = {
  "Requesting central access policy security information",
  "NOT requesting central access policy security information",
};

static const true_false_string tfs_additional_backup = {
  "Requesting backup operation security information",
  "NOT requesting backup operation security information",
};

static int
dissect_additional_information_sec_mask(tvbuff_t *tvb, proto_tree *parent_tree, int offset)
{
  /*  Note that in SMB1 protocol some security flags were not defined yet - see dissect_security_information_mask()
    So for SMB2 we have to use own dissector */
  static int * const flags[] = {
    &hf_smb2_getsetinfo_additional_owner,
    &hf_smb2_getsetinfo_additional_group,
    &hf_smb2_getsetinfo_additional_dacl,
    &hf_smb2_getsetinfo_additional_sacl,
    &hf_smb2_getsetinfo_additional_label,
    &hf_smb2_getsetinfo_additional_attribute,
    &hf_smb2_getsetinfo_additional_scope,
    &hf_smb2_getsetinfo_additional_backup,
    NULL
  };

  proto_tree_add_bitmask(parent_tree, tvb, offset, hf_smb2_getsetinfo_additionals,
    ett_smb2_additional_information_sec_mask, flags, ENC_LITTLE_ENDIAN);
  offset += 4;

  return offset;
}

static int
dissect_smb2_getinfo_parameters(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si)
{
  static int* const flag_entries[] = {
    &hf_smb2_query_info_flag_restart_scan,
    &hf_smb2_query_info_flag_return_single_entry,
    &hf_smb2_query_info_flag_index_specified,
    NULL
  };

  DISSECTOR_ASSERT(si->saved != NULL);

  /* Additional Info */
  switch (si->saved->smb2_class) {
  case SMB2_CLASS_SEC_INFO:
    dissect_additional_information_sec_mask(tvb, tree, offset);
    break;
  default:
    proto_tree_add_item(tree, hf_smb2_getsetinfo_additional, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  }
  offset += 4;

  /* Flags */
  if (si->saved->infolevel == SMB2_FILE_FULL_EA_INFO) {
    proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_query_info_flags, ett_smb2_query_info_flags, flag_entries, ENC_LITTLE_ENDIAN);
  } else {
    proto_tree_add_item(tree, hf_smb2_getinfo_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  }
  offset += 4;

  return offset;
}


static int
dissect_smb2_getinfo_buffer_quota(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_)
{
  uint32_t sidlist_len = 0;
  uint32_t startsid_len = 0;
  uint32_t startsid_offset = 0;

  proto_item *item = NULL;
  proto_tree *tree = NULL;

  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_query_quota_info, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_query_quota_info);
  }

  proto_tree_add_item(tree, hf_smb2_qq_single, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  proto_tree_add_item(tree, hf_smb2_qq_restart, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  proto_tree_add_item_ret_uint(tree, hf_smb2_qq_sidlist_len, tvb, offset, 4, ENC_LITTLE_ENDIAN, &sidlist_len);
  offset += 4;

  proto_tree_add_item_ret_uint(tree, hf_smb2_qq_start_sid_len, tvb, offset, 4, ENC_LITTLE_ENDIAN, &startsid_len);
  offset += 4;

  proto_tree_add_item_ret_uint(tree, hf_smb2_qq_start_sid_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &startsid_offset);
  offset += 4;

  if (sidlist_len != 0) {
    offset = dissect_nt_get_user_quota(tvb, pinfo, tree, offset, &sidlist_len);
  } else if (startsid_len != 0) {
    offset = dissect_nt_sid(tvb, pinfo, offset + startsid_offset, tree, "Start SID", NULL, -1);
  }

  return offset;
}

static int
dissect_smb2_class_infolevel(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree, smb2_info_t *si)
{
  uint8_t     cl, il;
  proto_item   *item;
  int     hfindex;
  value_string_ext *vsx;

  if (si->flags & SMB2_FLAGS_RESPONSE) {
    if (!si->saved) {
      return offset;
    }
    cl = si->saved->smb2_class;
    il = si->saved->infolevel;
  } else {
    cl = tvb_get_uint8(tvb, offset);
    il = tvb_get_uint8(tvb, offset+1);
    if (si->saved) {
      si->saved->smb2_class = cl;
      si->saved->infolevel = il;
    }
  }


  switch (cl) {
  case SMB2_CLASS_FILE_INFO:
    hfindex = hf_smb2_infolevel_file_info;
    vsx = &smb2_file_info_levels_ext;
    break;
  case SMB2_CLASS_FS_INFO:
    hfindex = hf_smb2_infolevel_fs_info;
    vsx = &smb2_fs_info_levels_ext;
    break;
  case SMB2_CLASS_SEC_INFO:
    hfindex = hf_smb2_infolevel_sec_info;
    vsx = &smb2_sec_info_levels_ext;
    break;
  case SMB2_CLASS_QUOTA_INFO:
    /* infolevel is not being used for quota */
    hfindex = hf_smb2_infolevel;
    vsx = NULL;
    break;
  default:
    hfindex = hf_smb2_infolevel;
    vsx = NULL;  /* allowed arg to val_to_str_ext() */
  }


  /* class */
  item = proto_tree_add_uint(tree, hf_smb2_class, tvb, offset, 1, cl);
  if (si->flags & SMB2_FLAGS_RESPONSE) {
    proto_item_set_generated(item);
  }
  /* infolevel */
  item = proto_tree_add_uint(tree, hfindex, tvb, offset+1, 1, il);
  if (si->flags & SMB2_FLAGS_RESPONSE) {
    proto_item_set_generated(item);
  }
  offset += 2;

  if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
    /* Only update COL_INFO for requests. It clutters the
     * display a bit too much if we do it for replies
     * as well.
     */
    col_append_fstr(pinfo->cinfo, COL_INFO, " %s/%s",
        val_to_str(cl, smb2_class_vals, "(Class:0x%02x)"),
        val_to_str_ext(il, vsx, "(Level:0x%02x)"));
  }

  return offset;
}

static int
dissect_smb2_getinfo_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint32_t getinfo_size = 0;
  uint32_t getinfo_offset = 0;
  proto_item *offset_item;
  proto_item *item = NULL;
  proto_tree *fid_tree = NULL;
  proto_tree *which_tree = NULL;
  e_guid_t   tag_guid;


  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* class and info level */
  offset = dissect_smb2_class_infolevel(pinfo, tvb, offset, tree, si);

  /* max response size */
  proto_tree_add_item(tree, hf_smb2_max_response_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* offset */
  offset_item = proto_tree_add_item_ret_uint(tree, hf_smb2_getinfo_input_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN, &getinfo_offset);
  offset += 2;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* size */
  proto_tree_add_item_ret_uint(tree, hf_smb2_getinfo_input_size, tvb, offset, 4, ENC_LITTLE_ENDIAN, &getinfo_size);
  offset += 4;

  /* parameters */
  if (si->saved) {
    offset = dissect_smb2_getinfo_parameters(tvb, pinfo, tree, offset, si);
  } else {
    /* some unknown bytes */
    proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 8, ENC_NA);
    offset += 8;
  }

  /* Save the GUID for use in the reply */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved) {
    si->saved->uuid_fid = tag_guid;
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  } else {
    which_tree = tree;
  }

  /* Filename */
  if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);

  }

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  /* buffer */
  if (si->saved) {
    if (getinfo_size != 0) {
      /*
       * 2.2.37 says "For quota requests, this MUST be
       * the length of the contained SMB2_QUERY_QUOTA_INFO
       * embedded in the request. For FileFullEaInformation
       * requests, this MUST be set to the length of the
       * user supplied EA list specified in [MS-FSCC]
       * section 2.4.15.1. For other information queries,
       * this field SHOULD be set to 0 and the server MUST
       * ignore it on receipt.
       *
       * This seems to imply that, for requests other
       * than those to types, we should either completely
       * ignore a non-zero getinfo_size or should, at
       * most, add a warning-level expert info at the
       * protocol level saying that it should be zero,
       * but not try and interpret it or check its
       * validity.
       */
      if (si->saved->smb2_class == SMB2_CLASS_QUOTA_INFO ||
          (si->saved->smb2_class == SMB2_CLASS_FILE_INFO &&
           si->saved->infolevel == SMB2_FILE_FULL_EA_INFO)) {
        /*
         * According to 2.2.37 SMB2 QUERY_INFO
         * Request in the current MS-SMB2 spec,
         * these are the only info requests that
         * have an input buffer.
         */

        /*
         * Make sure that the input buffer is after
         * the fixed-length part of the message.
         */
        if (getinfo_offset < (unsigned)offset) {
          expert_add_info(pinfo, offset_item, &ei_smb2_invalid_getinfo_offset);
          return offset;
        }

        /*
         * Make sure the input buffer is within the
         * message, i.e. that it's within the tvbuff.
         *
         * We check for offset+length overflowing and
         * for offset+length being beyond the reported
         * length of the tvbuff.
         */
        if (getinfo_offset + getinfo_size < getinfo_offset ||
            getinfo_offset + getinfo_size > tvb_reported_length(tvb)) {
          expert_add_info(pinfo, offset_item, &ei_smb2_invalid_getinfo_size);
          return offset;
        }

        if (si->saved->smb2_class == SMB2_CLASS_QUOTA_INFO) {
          dissect_smb2_getinfo_buffer_quota(tvb, pinfo, tree, getinfo_offset, si);
        } else {
          /*
           * XXX - handle user supplied EA info.
           */
          proto_tree_add_item(tree, hf_smb2_unknown, tvb, getinfo_offset, getinfo_size, ENC_NA);
        }
        offset = getinfo_offset + getinfo_size;
      }
    } else {
      /*
       * The buffer size is 0, meaning it's not present.
       *
       * 2.2.37 says "For FileFullEaInformation requests,
       * the input buffer MUST contain the user supplied
       * EA list with zero or more FILE_GET_EA_INFORMATION
       * structures, specified in [MS-FSCC] section
       * 2.4.15.1.", so it seems that, for a "get full
       * EA information" request, the size can be zero -
       * there's no other obvious way for the list to
       * have zero structures.
       *
       * 2.2.37 also says "For quota requests, the input
       * buffer MUST contain an SMB2_QUERY_QUOTA_INFO,
       * as specified in section 2.2.37.1."; that seems
       * to imply that the input buffer must not be empty
       * in that case.
       */
      if (si->saved->smb2_class == SMB2_CLASS_QUOTA_INFO)
        expert_add_info(pinfo, offset_item, &ei_smb2_empty_getinfo_buffer);
    }
  }

  return offset;
}

static int
dissect_smb2_infolevel(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si, uint8_t smb2_class, uint8_t infolevel)
{
  int old_offset = offset;

  switch (smb2_class) {
  case SMB2_CLASS_FILE_INFO:
    switch (infolevel) {
    case SMB2_FILE_BASIC_INFO:
      offset = dissect_smb2_file_basic_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_STANDARD_INFO:
      offset = dissect_smb2_file_standard_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_INTERNAL_INFO:
      offset = dissect_smb2_file_internal_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_EA_INFO:
      offset = dissect_smb2_file_ea_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_ACCESS_INFO:
      offset = dissect_smb2_file_access_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_RENAME_INFO:
      offset = dissect_smb2_file_rename_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_LINK_INFO:
      offset = dissect_smb2_file_link_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_DISPOSITION_INFO:
      offset = dissect_smb2_file_disposition_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_POSITION_INFO:
      offset = dissect_smb2_file_position_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_FULL_EA_INFO:
      offset = dissect_smb2_file_full_ea_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_MODE_INFO:
      offset = dissect_smb2_file_mode_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_ALIGNMENT_INFO:
      offset = dissect_smb2_file_alignment_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_ALL_INFO:
      offset = dissect_smb2_file_all_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_ALLOCATION_INFO:
      offset = dissect_smb2_file_allocation_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_ENDOFFILE_INFO:
      dissect_smb2_file_endoffile_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_ALTERNATE_NAME_INFO:
      offset = dissect_smb2_file_alternate_name_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_STREAM_INFO:
      offset = dissect_smb2_file_stream_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_PIPE_INFO:
      offset = dissect_smb2_file_pipe_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_PIPE_LOCAL_INFO:
      offset = dissect_smb2_file_pipe_local_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_PIPE_REMOTE_INFO:
      offset = dissect_smb2_file_pipe_remote_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_COMPRESSION_INFO:
      offset = dissect_smb2_file_compression_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_NETWORK_OPEN_INFO:
      offset = dissect_smb2_file_network_open_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_ATTRIBUTE_TAG_INFO:
      offset = dissect_smb2_file_attribute_tag_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_NORMALIZED_NAME_INFO:
      offset = dissect_smb2_file_normalized_name_info(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FILE_POSIX_INFO:
      offset = dissect_smb2_posix_info(tvb, pinfo, tree, offset, si);
      break;
    default:
      /* we don't handle this infolevel yet */
      proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
      offset += tvb_captured_length_remaining(tvb, offset);
    }
    break;
  case SMB2_CLASS_FS_INFO:
    switch (infolevel) {
    case SMB2_FS_INFO_01:
      offset = dissect_smb2_fs_info_01(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FS_INFO_03:
      offset = dissect_smb2_fs_info_03(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FS_INFO_04:
      offset = dissect_smb2_fs_info_04(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FS_INFO_05:
      offset = dissect_smb2_fs_info_05(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FS_INFO_06:
      offset = dissect_smb2_fs_info_06(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FS_INFO_07:
      offset = dissect_smb2_fs_info_07(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FS_OBJECTID_INFO:
      offset = dissect_smb2_FS_OBJECTID_INFO(tvb, pinfo, tree, offset, si);
      break;
    case SMB2_FS_POSIX_INFO:
      offset = dissect_smb2_fs_posix_info(tvb, pinfo, tree, offset, si);
      break;
    default:
      /* we don't handle this infolevel yet */
      proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
      offset += tvb_captured_length_remaining(tvb, offset);
    }
    break;
  case SMB2_CLASS_SEC_INFO:
    switch (infolevel) {
    case SMB2_SEC_INFO_00:
      offset = dissect_smb2_sec_info_00(tvb, pinfo, tree, offset, si);
      break;
    default:
      /* we don't handle this infolevel yet */
      proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
      offset += tvb_captured_length_remaining(tvb, offset);
    }
    break;
  case SMB2_CLASS_QUOTA_INFO:
    offset = dissect_smb2_quota_info(tvb, pinfo, tree, offset, si);
    break;
  default:
    /* we don't handle this class yet */
    proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
    offset += tvb_captured_length_remaining(tvb, offset);
  }

  /* if we get BUFFER_OVERFLOW there will be truncated data */
  if (si->status == 0x80000005) {
    proto_item *item = NULL;
    item = proto_tree_add_item(tree, hf_smb2_truncated, tvb, old_offset, 0, ENC_NA);
    proto_item_set_generated(item);
  }
  return offset;
}

static void
dissect_smb2_getinfo_response_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  /* data */
  if (si->saved) {
    dissect_smb2_infolevel(tvb, pinfo, tree, 0, si, si->saved->smb2_class, si->saved->infolevel);
  } else {
    /* some unknown bytes */
    proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
  }

}


static int
dissect_smb2_getinfo_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t olb;
  bool continue_dissection;
  proto_item *item = NULL;
  proto_item *tag_item = NULL;
  proto_tree *tag_tree = NULL;
  proto_tree *which_tree = NULL;

  /* class/infolevel */
  dissect_smb2_class_infolevel(pinfo, tvb, offset, tree, si);

  switch (si->status) {
  case 0x00000000:
  /* if we get BUFFER_OVERFLOW there will be truncated data */
  case 0x80000005:
  /* if we get BUFFER_TOO_SMALL there will not be any data there, only
   * a guin32 specifying how big the buffer needs to be
   */
    /* buffer code */
    offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
    break;
  case 0xc0000023:
    offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);
    offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT32, -1);
    proto_tree_add_item(tree, hf_smb2_required_buffer_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    return offset;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

   /* response buffer offset  and size */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &olb, OLB_O_UINT16_S_UINT32, -1);

  /* response data*/
  dissect_smb2_olb_buffer(pinfo, tree, tvb, &olb, si, dissect_smb2_getinfo_response_data);

  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = tag_tree;
    } else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
          si->saved->frame_end);
        proto_item_set_generated(item);
      }
    }
  }

  return offset;
}

static int
dissect_smb2_close_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  proto_tree *flags_tree = NULL;
  proto_item *flags_item = NULL;
  proto_item *item = NULL;
  proto_tree *fid_tree = NULL;
  proto_tree *which_tree = NULL;
  e_guid_t   tag_guid;


  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* close flags */
  if (tree) {
    flags_item = proto_tree_add_item(tree, hf_smb2_close_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    flags_tree = proto_item_add_subtree(flags_item, ett_smb2_close_flags);
  }

  proto_tree_add_item(flags_tree, hf_smb2_close_pq_attrib, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* padding */
  offset += 4;

  /* Save the GUID for use in the reply */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved) {
    si->saved->uuid_fid = tag_guid;
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_CLOSE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  } else {
    which_tree = tree;
  }

  if (si->file && si->file->delete_on_close) {
    if (si->file->is_dir)
      col_append_str(pinfo->cinfo, COL_INFO, ", (delete dir)");
    else
      col_append_str(pinfo->cinfo, COL_INFO, ", (delete file)");
  }

  /* Filename */
  if (si->file && si->file->name) {
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
  }

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }


  return offset;
}

static int
dissect_smb2_close_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si)
{
  proto_tree *flags_tree = NULL;
  proto_item *flags_item = NULL;
  proto_tree *tag_tree = NULL;
  proto_item *tag_item = NULL;
  proto_item *item = NULL;
  proto_tree *which_tree = NULL;
  bool continue_dissection;

  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* close flags */
  if (tree) {
    flags_item = proto_tree_add_item(tree, hf_smb2_close_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    flags_tree = proto_item_add_subtree(flags_item, ett_smb2_close_flags);
  }
  proto_tree_add_item(flags_tree, hf_smb2_close_pq_attrib, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  /* create time */
  dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last access */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last write */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last change */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* allocation size */
  proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* end of file */
  proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* File Attributes */
  offset = dissect_fscc_file_attr(tvb, tree, offset, NULL);

  if (si->file && si->file->delete_on_close) {
    if (si->file->is_dir)
      col_append_str(pinfo->cinfo, COL_INFO, ", (dir was deleted)");
    else
      col_append_str(pinfo->cinfo, COL_INFO, ", (file was deleted)");
  }

  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = tag_tree;
    } else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
          si->saved->frame_end);
        proto_item_set_generated(item);
      }
    }
  }

  return offset;
}

static int
dissect_smb2_flush_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  proto_item *item = NULL;
  proto_tree *fid_tree;
  proto_tree *which_tree;
  e_guid_t   tag_guid;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* reserved1 */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* reserved2 */
  proto_tree_add_item(tree, hf_smb2_flush_reserved2, tvb, offset, 4, ENC_NA);
  offset += 4;

   /* Save the FID for use in responses and the create request */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved) {
    si->saved->uuid_fid = tag_guid;
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  } else {
    which_tree = tree;
  }

  /* Filename */
  if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
  }

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  return offset;
}

static int
dissect_smb2_flush_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  bool continue_dissection;
  proto_tree *tag_tree = NULL;
  proto_item *tag_item = NULL;
  proto_item *item = NULL;
  proto_tree *which_tree = NULL;

  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* reserved bytes */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = tag_tree;
    } else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
          si->saved->frame_end);
        proto_item_set_generated(item);
      }
    }
  }

  return offset;



}


static int
dissect_smb2_lock_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint16_t lock_count;
  proto_item *item = NULL;
  proto_tree *fid_tree = NULL;
  proto_tree *which_tree = NULL;
  e_guid_t   tag_guid;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* lock count */
  lock_count = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_lock_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* Lock Sequence Number/Index */
  proto_tree_add_item(tree, hf_smb2_lock_sequence_number, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  proto_tree_add_item(tree, hf_smb2_lock_sequence_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(tree, hf_smb2_file_id_hash, tvb, 0, 0,
      si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  /* Save the FID for use in responses and the create request */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved) {
    si->saved->uuid_fid = tag_guid;
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  } else {
    which_tree = tree;
  }

  /* Filename */
  if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
  }

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
}


  while (lock_count--) {
    proto_item *lock_item = NULL;
    proto_tree *lock_tree = NULL;
    static int * const lf_fields[] = {
      &hf_smb2_lock_flags_shared,
      &hf_smb2_lock_flags_exclusive,
      &hf_smb2_lock_flags_unlock,
      &hf_smb2_lock_flags_fail_immediately,
      NULL
    };

    if (tree) {
      lock_item = proto_tree_add_item(tree, hf_smb2_lock_info, tvb, offset, 24, ENC_NA);
      lock_tree = proto_item_add_subtree(lock_item, ett_smb2_lock_info);
    }

    /* offset */
    proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* count */
    proto_tree_add_item(lock_tree, hf_smb2_lock_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    /* flags */
    proto_tree_add_bitmask(lock_tree, tvb, offset, hf_smb2_lock_flags, ett_smb2_lock_flags, lf_fields, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* reserved */
    proto_tree_add_item(lock_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
    offset += 4;
  }

  return offset;
}

static int
dissect_smb2_lock_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  bool continue_dissection;
  proto_tree *tag_tree = NULL;
  proto_item *tag_item = NULL;
  proto_tree *which_tree = NULL;
  proto_item *item = NULL;

  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = tag_tree;
    } else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
          si->saved->frame_end);
        proto_item_set_generated(item);
      }
    }
  }



  return offset;
}
static int
dissect_smb2_cancel_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* some unknown bytes */
  proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA);
  offset += 2;

  return offset;
}

static const smb2_fid_info_t *
smb2_pipe_get_fid_info(const smb2_info_t *si)
{
  smb2_fid_info_t *file = NULL;

  if (si == NULL) {
    return NULL;
  }
  if (si->file != NULL) {
    file = si->file;
  } else if (si->saved != NULL) {
    file = si->saved->file;
  }
  if (file == NULL) {
    return NULL;
  }

  return file;
}

static void
smb2_pipe_set_file_id(packet_info *pinfo, smb2_info_t *si)
{
  uint64_t persistent;
  const smb2_fid_info_t *file = NULL;

  file = smb2_pipe_get_fid_info(si);
  if (file == NULL) {
    return;
  }

  persistent = GPOINTER_TO_UINT(file);

  dcerpc_set_transport_salt(persistent, pinfo);
}

static bool smb2_pipe_reassembly = true;
static bool smb2_verify_signatures;
static reassembly_table smb2_pipe_reassembly_table;

static int
dissect_file_data_smb2_pipe(tvbuff_t *raw_tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, uint32_t datalen, proto_tree *top_tree, void *data)
{
  /*
   * Note: si is NULL for some callers from packet-smb.c
   */
  const smb2_info_t *si = (const smb2_info_t *)data;
  bool result=false;
  bool save_fragmented;
  int remaining;
  unsigned reported_len;
  const smb2_fid_info_t *file = NULL;
  uint32_t id;
  fragment_head *fd_head;
  fragment_item *fd_i;
  tvbuff_t *tvb;
  tvbuff_t *new_tvb;
  proto_item *frag_tree_item;
  heur_dtbl_entry_t *hdtbl_entry;

  file = smb2_pipe_get_fid_info(si);
  id = (uint32_t)(GPOINTER_TO_UINT(file) & UINT32_MAX);

  remaining = tvb_captured_length_remaining(raw_tvb, offset);

  tvb = tvb_new_subset_length_caplen(raw_tvb, offset,
           MIN((int)datalen, remaining),
           datalen);

  /*
   * Offer desegmentation service to Named Pipe subdissectors (e.g. DCERPC)
   * if we have all the data.  Otherwise, reassembly is (probably) impossible.
   */
  pinfo->can_desegment = 0;
  pinfo->desegment_offset = 0;
  pinfo->desegment_len = 0;
  reported_len = tvb_reported_length(tvb);
  if (smb2_pipe_reassembly && tvb_captured_length(tvb) >= reported_len) {
    pinfo->can_desegment = 2;
  }

  save_fragmented = pinfo->fragmented;

  /*
   * if we are not offering desegmentation, just try the heuristics
   *and bail out
   */
  if (!pinfo->can_desegment) {
    result = dissector_try_heuristic(smb2_pipe_subdissector_list,
             tvb, pinfo, top_tree,
             &hdtbl_entry, data);
    goto clean_up_and_exit;
  }

  /* below this line, we know we are doing reassembly */

  /*
   * this is a new packet, see if we are already reassembling this
   * pdu and if not, check if the dissector wants us
   * to reassemble it
   */
  if (!pinfo->fd->visited) {
    /*
     * This is the first pass.
     *
     * Check if we are already reassembling this PDU or not;
     * we check for an in-progress reassembly for this FID
     * in this direction, by searching for its reassembly
     * structure.
     */
    fd_head = fragment_get(&smb2_pipe_reassembly_table,
               pinfo, id, NULL);
    if (!fd_head) {
      /*
       * No reassembly, so this is a new pdu. check if the
       * dissector wants us to reassemble it or if we
       * already got the full pdu in this tvb.
       */

      /*
       * Try the heuristic dissectors and see if we
       * find someone that recognizes this payload.
       */
      result = dissector_try_heuristic(smb2_pipe_subdissector_list,
               tvb, pinfo, top_tree,
               &hdtbl_entry, data);

      /* no this didn't look like something we know */
      if (!result) {
        goto clean_up_and_exit;
      }

      /* did the subdissector want us to reassemble any
         more data ?
      */
      if (pinfo->desegment_len) {
        fragment_add_check(&smb2_pipe_reassembly_table,
          tvb, 0, pinfo, id, NULL,
          0, reported_len, true);
        fragment_set_tot_len(&smb2_pipe_reassembly_table,
          pinfo, id, NULL,
          pinfo->desegment_len+reported_len);
      }
      goto clean_up_and_exit;
    }

    /* OK, we're already doing a reassembly for this FID.
       skip to last segment in the existing reassembly structure
       and add this fragment there

       XXX we might add code here to use any offset values
       we might pick up from the Read/Write calls instead of
       assuming we always get them in the correct order
    */
    for (fd_i = fd_head->next; fd_i->next; fd_i = fd_i->next) {}
    fd_head = fragment_add_check(&smb2_pipe_reassembly_table,
      tvb, 0, pinfo, id, NULL,
      fd_i->offset+fd_i->len,
      reported_len, true);

    /* if we completed reassembly */
    if (fd_head) {
      new_tvb = tvb_new_chain(tvb, fd_head->tvb_data);
      add_new_data_source(pinfo, new_tvb,
          "Named Pipe over SMB2");
      pinfo->fragmented=false;

      tvb = new_tvb;

      /* list what segments we have */
      show_fragment_tree(fd_head, &smb2_pipe_frag_items,
             tree, pinfo, tvb, &frag_tree_item);

      /* dissect the full PDU */
      result = dissector_try_heuristic(smb2_pipe_subdissector_list,
               tvb, pinfo, top_tree,
               &hdtbl_entry, data);
    }
    goto clean_up_and_exit;
  }

  /*
   * This is not the first pass; see if it's in the table of
   * reassembled packets.
   *
   * XXX - we know that several of the arguments aren't going to
   * be used, so we pass bogus variables.  Can we clean this
   * up so that we don't have to distinguish between the first
   * pass and subsequent passes?
   */
  fd_head = fragment_add_check(&smb2_pipe_reassembly_table,
             tvb, 0, pinfo, id, NULL, 0, 0, true);
  if (!fd_head) {
    /* we didn't find it, try any of the heuristic dissectors
       and bail out
    */
    result = dissector_try_heuristic(smb2_pipe_subdissector_list,
             tvb, pinfo, top_tree,
             &hdtbl_entry, data);
    goto clean_up_and_exit;
  }
  if (!(fd_head->flags&FD_DEFRAGMENTED)) {
    /* we don't have a fully reassembled frame */
    result = dissector_try_heuristic(smb2_pipe_subdissector_list,
             tvb, pinfo, top_tree,
             &hdtbl_entry, data);
    goto clean_up_and_exit;
  }

  /* it is reassembled but it was reassembled in a different frame */
  if (pinfo->num != fd_head->reassembled_in) {
    proto_item *item = NULL;
    item = proto_tree_add_uint(top_tree, hf_smb2_pipe_reassembled_in,
             tvb, 0, 0, fd_head->reassembled_in);
    proto_item_set_generated(item);
    goto clean_up_and_exit;
  }

  /* display the reassembled pdu */
  new_tvb = tvb_new_chain(tvb, fd_head->tvb_data);
  add_new_data_source(pinfo, new_tvb,
      "Named Pipe over SMB2");
  pinfo->fragmented = false;

  tvb = new_tvb;

  /* list what segments we have */
  show_fragment_tree(fd_head, &smb2_pipe_frag_items,
         top_tree, pinfo, tvb, &frag_tree_item);

  /* dissect the full PDU */
  result = dissector_try_heuristic(smb2_pipe_subdissector_list,
           tvb, pinfo, top_tree,
           &hdtbl_entry, data);

clean_up_and_exit:
  /* clear out the variables */
  pinfo->can_desegment=0;
  pinfo->desegment_offset = 0;
  pinfo->desegment_len = 0;

  if (!result) {
    call_data_dissector(tvb, pinfo, top_tree);
  }

  pinfo->fragmented = save_fragmented;

  offset += datalen;
  return offset;
}

#define SMB2_CHANNEL_NONE   0x00000000
#define SMB2_CHANNEL_RDMA_V1    0x00000001
#define SMB2_CHANNEL_RDMA_V1_INVALIDATE 0x00000002
#define SMB2_CHANNEL_RDMA_TRANSFORM 0x00000003

static const value_string smb2_channel_vals[] = {
  { SMB2_CHANNEL_NONE,  "None" },
  { SMB2_CHANNEL_RDMA_V1, "RDMA V1" },
  { SMB2_CHANNEL_RDMA_V1_INVALIDATE,  "RDMA V1_INVALIDATE" },
  { SMB2_CHANNEL_RDMA_TRANSFORM,  "RDMA TRANSFORM" },
  { 0, NULL }
};

static void
dissect_smb2_rdma_v1_blob(tvbuff_t *tvb, packet_info *pinfo _U_,
        proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int         offset      = 0;
  int         len;
  int         i;
  int         num;
  proto_tree *sub_tree;
  proto_item *parent_item;

  parent_item = proto_tree_get_parent(parent_tree);

  len = tvb_reported_length(tvb);

  num = len / 16;

  if (parent_item) {
    proto_item_append_text(parent_item, ": SMBDirect Buffer Descriptor V1: (%d elements)", num);
  }

  for (i = 0; i < num; i++) {
    sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, 8, ett_smb2_rdma_v1, NULL, "RDMA V1");

    proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_token, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(sub_tree, hf_smb2_rdma_v1_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;
  }
}

#define SMB2_WRITE_FLAG_WRITE_THROUGH   0x00000001
#define SMB2_WRITE_FLAG_WRITE_UNBUFFERED  0x00000002

static const true_false_string tfs_write_through = {
  "Client is asking for WRITE_THROUGH",
  "Client is NOT asking for WRITE_THROUGH"
};

static const true_false_string tfs_write_unbuffered = {
  "Client is asking for UNBUFFERED write",
  "Client is NOT asking for UNBUFFERED write"
};

static int
dissect_smb2_write_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint16_t dataoffset = 0;
  uint32_t data_tvb_len;
  offset_length_buffer_t c_olb;
  uint32_t channel;
  uint32_t length;
  uint64_t off;
  static int * const f_fields[] = {
    &hf_smb2_write_flags_write_through,
    &hf_smb2_write_flags_write_unbuffered,
    NULL
  };
  proto_item *item = NULL;
  proto_tree *fid_tree;
  proto_tree *which_tree;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* data offset */
  dataoffset=tvb_get_letohs(tvb,offset);
  proto_tree_add_item(tree, hf_smb2_data_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* length */
  length = tvb_get_letohl(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_write_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* offset */
  off = tvb_get_letoh64(tvb, offset);
  if (si->saved) si->saved->file_offset=off;
  proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  col_append_fstr(pinfo->cinfo, COL_INFO, " Len:%d Off:%" PRIu64, length, off);

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  } else {
    which_tree = tree;
  }

  /* Filename */
  if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
  }

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  /* channel */
  channel = tvb_get_letohl(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* remaining bytes */
  proto_tree_add_item(tree, hf_smb2_remaining_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* write channel info blob offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &c_olb, OLB_O_UINT16_S_UINT16, hf_smb2_channel_info_blob);

  /* flags */
  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_write_flags, ett_smb2_write_flags, f_fields, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* the write channel info blob itself */
  switch (channel) {
  case SMB2_CHANNEL_RDMA_V1:
  case SMB2_CHANNEL_RDMA_V1_INVALIDATE:
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, dissect_smb2_rdma_v1_blob);
    break;
  case SMB2_CHANNEL_NONE:
  default:
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, NULL);
    break;
  }

  data_tvb_len=(uint32_t)tvb_captured_length_remaining(tvb, offset);

  /* data or namedpipe ?*/
  if (length) {
    int oldoffset = offset;
    smb2_pipe_set_file_id(pinfo, si);
    offset = dissect_file_data_smb2_pipe(tvb, pinfo, tree, offset, length, si->top_tree, si);
    if (offset != oldoffset) {
      /* managed to dissect pipe data */
      goto out;
    }
  }

  /* just ordinary data */
  proto_tree_add_item(tree, hf_smb2_write_data, tvb, offset, length, ENC_NA);

  offset += MIN(length,(uint32_t)tvb_captured_length_remaining(tvb, offset));

  offset = dissect_smb2_olb_tvb_max_offset(offset, &c_olb);

out:
  if (have_tap_listener(smb2_eo_tap) && (data_tvb_len == length)) {
    if (si->saved && si->eo_file_info) { /* without this data we don't know which file this belongs to */
      feed_eo_smb2(tvb,pinfo,si,dataoffset,length,off);
    }
  }

  return offset;
}


static int
dissect_smb2_write_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, smb2_info_t *si _U_)
{
  bool continue_dissection;
  proto_tree *tag_tree = NULL;
  proto_item *tag_item = NULL;
  proto_item *item = NULL;
  proto_tree *which_tree = NULL;


  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* count */
  proto_tree_add_item(tree, hf_smb2_write_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* remaining, must be set to 0 */
  proto_tree_add_item(tree, hf_smb2_write_remaining, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* write channel info offset */
  proto_tree_add_item(tree, hf_smb2_channel_info_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* write channel info length */
  proto_tree_add_item(tree, hf_smb2_channel_info_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = tag_tree;
    } else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
          si->saved->frame_end);
        proto_item_set_generated(item);
      }
    }
  }

  return offset;
}

/* The STORAGE_OFFLOAD_TOKEN is used for "Offload Data Transfer" (ODX) operations,
   including FSCTL_OFFLOAD_READ, FSCTL_OFFLOAD_WRITE.  Ref: MS-FSCC 2.3.79
   Note: Unlike most of SMB2, the token fields are BIG-endian! */
static int
dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
{
  proto_tree *sub_tree;
  proto_item *sub_item;
  uint32_t idlen = 0;
  uint32_t idtype = 0;

  sub_tree = proto_tree_add_subtree(tree, tvb, offset, 512, ett_smb2_fsctl_odx_token, &sub_item, "Token");

  proto_tree_add_item_ret_uint(sub_tree, hf_smb2_fsctl_odx_token_type, tvb, offset, 4, ENC_BIG_ENDIAN, &idtype);
  offset += 4;

  proto_item_append_text(sub_item, " (IdType 0x%x)", idtype);

  /* reserved */
  proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* TokenIdLength */
  proto_tree_add_item_ret_uint(sub_tree, hf_smb2_fsctl_odx_token_idlen, tvb, offset, 2, ENC_BIG_ENDIAN, &idlen);
  offset += 2;

  /* idlen is what the server says is the "meaningful" part of the token.
    However, token ID is always 504 bytes */
  proto_tree_add_bytes_format_value(sub_tree, hf_smb2_fsctl_odx_token_idraw, tvb,
            offset, idlen, NULL, "Opaque Data");
  offset += 504;

  return (offset);
}

/* MS-FSCC 2.3.77, 2.3.78 */
static void
dissect_smb2_FSCTL_OFFLOAD_READ(tvbuff_t *tvb,
        packet_info *pinfo _U_,
        proto_tree *tree,
        int offset,
        bool in)
{
  proto_tree_add_item(tree, hf_smb2_fsctl_odx_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_fsctl_odx_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  if (in) {
    proto_tree_add_item(tree, hf_smb2_fsctl_odx_token_ttl, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_fsctl_odx_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_fsctl_odx_copy_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    /* offset += 8; */
  } else {
    proto_tree_add_item(tree, hf_smb2_fsctl_odx_xfer_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    (void) dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvb, pinfo, tree, offset);
  }
}

/* MS-FSCC 2.3.80, 2.3.81 */
static void
dissect_smb2_FSCTL_OFFLOAD_WRITE(tvbuff_t *tvb,
        packet_info *pinfo _U_,
        proto_tree *tree,
        int offset,
        bool in)
{
  proto_tree_add_item(tree, hf_smb2_fsctl_odx_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_fsctl_odx_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  if (in) {
    proto_tree_add_item(tree, hf_smb2_fsctl_odx_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_fsctl_odx_copy_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_fsctl_odx_token_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    dissect_smb2_STORAGE_OFFLOAD_TOKEN(tvb, pinfo, tree, offset);

  } else {
    proto_tree_add_item(tree, hf_smb2_fsctl_odx_xfer_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    /* offset += 8; */
  }
}

static void
dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, proto_tree *top_tree, bool data_in _U_, void *data)
{
  dissect_file_data_smb2_pipe(tvb, pinfo, tree, offset, tvb_captured_length_remaining(tvb, offset), top_tree, data);
}

static void
dissect_smb2_FSCTL_PIPE_WAIT(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, int offset, proto_tree *top_tree, bool data_in _U_)
{
  int timeout_offset;
  uint32_t name_len;
  uint8_t timeout_specified;
  char *display_string;

  /* Timeout */
  timeout_offset = offset;
  offset += 8;

  /* Name length */
  /* XXX - put the name length into the tree */
  name_len = tvb_get_letohl(tvb, offset);
  offset += 4;

  /* Timeout specified */
  timeout_specified = tvb_get_uint8(tvb, offset);
  if (timeout_specified) {
    proto_tree_add_item(top_tree, hf_smb2_fsctl_pipe_wait_timeout,
        tvb, timeout_offset, 8, ENC_LITTLE_ENDIAN);
  }
  offset += 1;

  /* Padding */
  offset += 1;

  /* Name */
  proto_tree_add_item_ret_display_string(top_tree, hf_smb2_fsctl_pipe_wait_name,
      tvb, offset, name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN,
      pinfo->pool, &display_string);

  col_append_fstr(pinfo->cinfo, COL_INFO, " Pipe: %s", display_string);
}

static int
dissect_smb2_FSCTL_SET_SPARSE(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{

  /* There is no out data */
  if (!data_in) {
    return offset;
  }

  /* sparse flag (optional) */
  if (tvb_reported_length_remaining(tvb, offset) >= 1) {
    proto_tree_add_item(tree, hf_smb2_fsctl_sparse_flag, tvb, offset, 1, ENC_NA);
    offset += 1;
  }

  return offset;
}

static int
dissect_smb2_FSCTL_SET_ZERO_DATA(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{
  proto_tree *sub_tree;
  proto_item *sub_item;

  /* There is no out data */
  if (!data_in) {
    return offset;
  }

  sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");

  proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  return offset;
}

static void
dissect_smb2_FSCTL_QUERY_ALLOCATED_RANGES(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, int offset _U_, bool data_in)
{
  proto_tree *sub_tree;
  proto_item *sub_item;

  if (data_in) {
    sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");

    proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;
  } else {
    /* Zero or more allocated ranges may be reported. */
    while (tvb_reported_length_remaining(tvb, offset) >= 16) {

      sub_tree = proto_tree_add_subtree(tree, tvb, offset, 16, ett_smb2_fsctl_range_data, &sub_item, "Range");

      proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
      offset += 8;

      proto_tree_add_item(sub_tree, hf_smb2_fsctl_range_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
      offset += 8;
    }
  }
}


static void
dissect_smb2_FSCTL_QUERY_FILE_REGIONS(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, int offset _U_, bool data_in)
{

  if (data_in) {
    proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_qfr_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_qfr_usage, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
    offset += 4;
  } else {
    uint32_t entry_count = 0;

    proto_tree_add_item(tree, hf_smb2_qfr_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_qfr_total_region_entry_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item_ret_uint(tree, hf_smb2_qfr_region_entry_count, tvb, offset, 4, ENC_LITTLE_ENDIAN, &entry_count);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
    offset += 4;

    while (entry_count && tvb_reported_length_remaining(tvb, offset)) {
      proto_tree *sub_tree;
      proto_item *sub_item;

      sub_tree = proto_tree_add_subtree(tree, tvb, offset, 24, ett_qfr_entry, &sub_item, "Entry");

      proto_tree_add_item(sub_tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
      offset += 8;

      proto_tree_add_item(sub_tree, hf_smb2_qfr_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
      offset += 8;

      proto_tree_add_item(sub_tree, hf_smb2_qfr_usage, tvb, offset, 4, ENC_LITTLE_ENDIAN);
      offset += 4;

      proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
      offset += 4;

      entry_count--;
    }
  }
}

static void
dissect_smb2_FSCTL_LMR_REQUEST_RESILIENCY(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{
  /* There is no out data */
  if (!data_in) {
    return;
  }

  /* timeout */
  proto_tree_add_item(tree, hf_smb2_ioctl_resiliency_timeout, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_ioctl_resiliency_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{
  /* There is no in data */
  if (data_in) {
    return;
  }

  proto_tree_add_item(tree, hf_smb2_ioctl_shared_virtual_disk_support, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_ioctl_shared_virtual_disk_handle_state, tvb, offset, 4, ENC_LITTLE_ENDIAN);
}

#define STORAGE_QOS_CONTROL_FLAG_SET_LOGICAL_FLOW_ID 0x00000001
#define STORAGE_QOS_CONTROL_FLAG_SET_POLICY 0x00000002
#define STORAGE_QOS_CONTROL_FLAG_PROBE_POLICY 0x00000004
#define STORAGE_QOS_CONTROL_FLAG_GET_STATUS 0x00000008
#define STORAGE_QOS_CONTROL_FLAG_UPDATE_COUNTERS 0x00000010

static const value_string smb2_ioctl_sqos_protocol_version_vals[] = {
  { 0x0100, "Storage QoS Protocol Version 1.0" },
  { 0x0101, "Storage QoS Protocol Version 1.1" },
  { 0, NULL }
};

static const value_string smb2_ioctl_sqos_status_vals[] = {
  { 0x00, "StorageQoSStatusOk" },
  { 0x01, "StorageQoSStatusInsufficientThroughput" },
  { 0x02, "StorageQoSUnknownPolicyId" },
  { 0x04, "StorageQoSStatusConfigurationMismatch" },
  { 0x05, "StorageQoSStatusNotAvailable" },
  { 0, NULL }
};

static void
dissect_smb2_FSCTL_STORAGE_QOS_CONTROL(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, bool data_in)
{
  static int * const operations[] = {
    &hf_smb2_ioctl_sqos_op_set_logical_flow_id,
    &hf_smb2_ioctl_sqos_op_set_policy,
    &hf_smb2_ioctl_sqos_op_probe_policy,
    &hf_smb2_ioctl_sqos_op_get_status,
    &hf_smb2_ioctl_sqos_op_update_counters,
    NULL
  };

  int proto_ver;

  /* Both request and reply have the same common header */

  proto_ver = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_ioctl_sqos_protocol_version, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_item(tree, hf_smb2_ioctl_sqos_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_ioctl_sqos_options,
              ett_smb2_ioctl_sqos_opeations, operations, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_ioctl_sqos_logical_flow_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  proto_tree_add_item(tree, hf_smb2_ioctl_sqos_policy_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  proto_tree_add_item(tree, hf_smb2_ioctl_sqos_initiator_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  if (data_in) {
    offset_length_buffer_t host_olb, node_olb;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_limit, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_reservation, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    offset = dissect_smb2_olb_length_offset(tvb, offset, &host_olb, OLB_O_UINT16_S_UINT16, hf_smb2_ioctl_sqos_initiator_name);

    offset = dissect_smb2_olb_length_offset(tvb, offset, &node_olb, OLB_O_UINT16_S_UINT16, hf_smb2_ioctl_sqos_initiator_node_name);

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_io_count_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_normalized_io_count_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_latency_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_lower_latency_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    if (proto_ver > 0x0100) {
      proto_tree_add_item(tree, hf_smb2_ioctl_sqos_bandwidth_limit, tvb, offset, 8, ENC_LITTLE_ENDIAN);
      offset += 8;

      proto_tree_add_item(tree, hf_smb2_ioctl_sqos_kilobyte_count_increment, tvb, offset, 8, ENC_LITTLE_ENDIAN);
      /*offset += 8;*/
    }

    dissect_smb2_olb_string(pinfo, tree, tvb, &host_olb, OLB_TYPE_UNICODE_STRING);

    dissect_smb2_olb_string(pinfo, tree, tvb, &node_olb, OLB_TYPE_UNICODE_STRING);
  } else {
    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_time_to_live, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_maximum_io_rate, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_minimum_io_rate, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_base_io_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_ioctl_sqos_reserved2, tvb, offset, 4, ENC_LITTLE_ENDIAN);

    if (proto_ver > 0x0100) {
      offset += 4;
      proto_tree_add_item(tree, hf_smb2_ioctl_sqos_maximum_bandwidth, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    }
  }
}

static int
dissect_windows_sockaddr_in(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, int len)
{
  proto_item *sub_item;
  proto_tree *sub_tree;
  proto_item *parent_item;

  if (len == -1) {
    len = 8;
  }

  sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
  parent_item = proto_tree_get_parent(parent_tree);

  /* family */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* port */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* IPv4 address */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_in_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
  proto_item_append_text(sub_item, ", IPv4: %s", tvb_ip_to_str(pinfo->pool, tvb, offset));
  proto_item_append_text(parent_item, ", IPv4: %s", tvb_ip_to_str(pinfo->pool, tvb, offset));
  offset += 4;
  return offset;
}

static int
dissect_windows_sockaddr_in6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, int len)
{
  proto_item        *sub_item;
  proto_tree        *sub_tree;
  proto_item        *parent_item;

  if (len == -1) {
    len = 26;
  }

  sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
  parent_item = proto_tree_get_parent(parent_tree);

  /* family */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* port */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* sin6_flowinfo */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_in6_flowinfo, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* IPv6 address */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_in6_addr, tvb, offset, 16, ENC_NA);
  proto_item_append_text(sub_item, ", IPv6: %s", tvb_ip6_to_str(pinfo->pool, tvb, offset));
  proto_item_append_text(parent_item, ", IPv6: %s", tvb_ip6_to_str(pinfo->pool, tvb, offset));
  offset += 16;

  /* sin6_scope_id */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_in6_scope_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  return offset;
}

static int
dissect_windows_sockaddr_storage(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset, int len)
{
  proto_item *sub_item;
  proto_tree *sub_tree;
  proto_item *parent_item;
  uint16_t    family;

  family = tvb_get_letohs(tvb, offset);
  switch (family) {
  case WINSOCK_AF_INET:
    return dissect_windows_sockaddr_in(tvb, pinfo, parent_tree, offset, len);
  case WINSOCK_AF_INET6:
    return dissect_windows_sockaddr_in6(tvb, pinfo, parent_tree, offset, len);
  }

  sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_windows_sockaddr, &sub_item, "Socket Address");
  parent_item = proto_tree_get_parent(parent_tree);

  /* ss_family */
  proto_tree_add_item(sub_tree, hf_windows_sockaddr_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  proto_item_append_text(sub_item, ", Family: %d (0x%04x)", family, family);
  proto_item_append_text(parent_item, ", Family: %d (0x%04x)", family, family);
  return offset + len;
}

#define NETWORK_INTERFACE_CAP_RSS 0x00000001
#define NETWORK_INTERFACE_CAP_RDMA 0x00000002

static void
// NOLINTNEXTLINE(misc-no-recursion)
dissect_smb2_NETWORK_INTERFACE_INFO(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
  uint32_t    next_offset;
  int         offset   = 0;
  int         len      = -1;
  proto_item *sub_item;
  proto_tree *sub_tree;
  proto_item *item = NULL;
  uint32_t    capabilities;
  uint64_t    link_speed;
  float       val      = 0;
  const char *unit     = NULL;
  static int * const capability_flags[] = {
    &hf_smb2_ioctl_network_interface_capability_rdma,
    &hf_smb2_ioctl_network_interface_capability_rss,
    NULL
  };

  next_offset = tvb_get_letohl(tvb, offset);
  if (next_offset) {
    len = next_offset;
  }

  sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_smb2_ioctl_network_interface, &sub_item, "Network Interface");
  item = proto_tree_get_parent(parent_tree);

  /* next offset */
  proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* interface index */
  proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_index, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* capabilities */
  capabilities = tvb_get_letohl(tvb, offset);
  proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_ioctl_network_interface_capabilities, ett_smb2_ioctl_network_interface_capabilities, capability_flags, ENC_LITTLE_ENDIAN);

  if (capabilities != 0) {
    proto_item_append_text(item, "%s%s",
               (capabilities & NETWORK_INTERFACE_CAP_RDMA)?", RDMA":"",
               (capabilities & NETWORK_INTERFACE_CAP_RSS)?", RSS":"");
    proto_item_append_text(sub_item, "%s%s",
               (capabilities & NETWORK_INTERFACE_CAP_RDMA)?", RDMA":"",
               (capabilities & NETWORK_INTERFACE_CAP_RSS)?", RSS":"");
  }
  offset += 4;

  /* reserved (was rss queue count for release 38 and 39) */
  proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* link speed */
  link_speed = tvb_get_letoh64(tvb, offset);
  item = proto_tree_add_item(sub_tree, hf_smb2_ioctl_network_interface_link_speed, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  if (link_speed >= (1000*1000*1000)) {
    val = (float)(link_speed / (1000*1000*1000));
    unit = "G";
  } else if (link_speed >= (1000*1000)) {
    val = (float)(link_speed / (1000*1000));
    unit = "M";
  } else if (link_speed >= (1000)) {
    val = (float)(link_speed / (1000));
    unit = "K";
  } else {
    val = (float)(link_speed);
    unit = "";
  }
  proto_item_append_text(item, ", %.1f %sBits/s", val, unit);
  proto_item_append_text(sub_item, ", %.1f %sBits/s", val, unit);

  offset += 8;

  /* socket address */
  dissect_windows_sockaddr_storage(tvb, pinfo, sub_tree, offset, -1);

  if (next_offset) {
    tvbuff_t *next_tvb;
    next_tvb = tvb_new_subset_remaining(tvb, next_offset);

    /* next extra info */
    increment_dissection_depth(pinfo);
    dissect_smb2_NETWORK_INTERFACE_INFO(next_tvb, pinfo, parent_tree);
    decrement_dissection_depth(pinfo);
  }
}

static void
dissect_smb2_FSCTL_QUERY_NETWORK_INTERFACE_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset _U_, bool data_in)
{
  /* There is no in data */
  if (data_in) {
    return;
  }

  dissect_smb2_NETWORK_INTERFACE_INFO(tvb, pinfo, tree);
}

static void
dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO_224(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset _U_, bool data_in)
{
  /*
   * This is only used by Windows 8 beta
   */
  if (data_in) {
    /* capabilities */
    offset = dissect_smb2_capabilities(tree, tvb, offset);

    /* client guid */
    proto_tree_add_item(tree, hf_smb2_client_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
    offset += 16;

    /* security mode, skip second byte */
    offset = dissect_smb2_secmode(tree, tvb, offset);
    offset++;

    /* dialect */
    proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;
  } else {
    /* capabilities */
    offset = dissect_smb2_capabilities(tree, tvb, offset);

    /* server guid */
    proto_tree_add_item(tree, hf_smb2_server_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
    offset += 16;

    /* security mode, skip second byte */
    offset = dissect_smb2_secmode(tree, tvb, offset);
    offset++;

    /* dialect */
    proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;
  }
}

static void
dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset _U_, bool data_in)
{
  if (data_in) {
    uint16_t dc;

    /* capabilities */
    offset = dissect_smb2_capabilities(tree, tvb, offset);

    /* client guid */
    proto_tree_add_item(tree, hf_smb2_client_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
    offset += 16;

    /* security mode, skip second byte */
    offset = dissect_smb2_secmode(tree, tvb, offset);
    offset++;

    /* dialect count */
    dc = tvb_get_letohs(tvb, offset);
    proto_tree_add_item(tree, hf_smb2_dialect_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;

    for ( ; dc>0; dc--) {
      proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
      offset += 2;
    }
  } else {
    /* capabilities */
    offset = dissect_smb2_capabilities(tree, tvb, offset);

    /* server guid */
    proto_tree_add_item(tree, hf_smb2_server_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
    offset += 16;

    /* security mode, skip second byte */
    offset = dissect_smb2_secmode(tree, tvb, offset);
    offset++;

    /* dialect */
    proto_tree_add_item(tree, hf_smb2_dialect, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;
  }
}

static void
dissect_smb2_FSCTL_SRV_ENUMERATE_SNAPSHOTS(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{
  uint32_t num_snapshots;

  /* There is no in data */
  if (data_in) {
    return;
  }

  /* NumberOfSnapShots */
  proto_tree_add_item(tree, hf_smb2_ioctl_enumerate_snapshots_num_snapshots, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* NumberOfSnapshotsReturned */
  proto_tree_add_item_ret_uint(tree, hf_smb2_ioctl_enumerate_snapshots_num_snapshots_returned, tvb, offset, 4, ENC_LITTLE_ENDIAN, &num_snapshots);
  offset += 4;

  /* SnapShotArraySize */
  proto_tree_add_item(tree, hf_smb2_ioctl_enumerate_snapshots_snapshot_array_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  while (num_snapshots--) {
    int len;
    int old_offset = offset;

    proto_tree_add_item_ret_length(tree, hf_smb2_ioctl_enumerate_snapshots_snapshot,
      tvb, offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &len);

    offset = old_offset+len;
  }
}

int
dissect_smb2_FILE_OBJECTID_BUFFER(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  /* FILE_OBJECTID_BUFFER */
  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_FILE_OBJECTID_BUFFER, tvb, offset, 64, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_FILE_OBJECTID_BUFFER);
  }

  /* Object ID */
  proto_tree_add_item(tree, hf_smb2_object_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* Birth Volume ID */
  proto_tree_add_item(tree, hf_smb2_birth_volume_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* Birth Object ID */
  proto_tree_add_item(tree, hf_smb2_birth_object_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* Domain ID */
  proto_tree_add_item(tree, hf_smb2_domain_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  return offset;
}

static int
dissect_smb2_FSCTL_CREATE_OR_GET_OBJECT_ID(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{

  /* There is no in data */
  if (data_in) {
    return offset;
  }

  /* FILE_OBJECTID_BUFFER */
  offset = dissect_smb2_FILE_OBJECTID_BUFFER(tvb, pinfo, tree, offset);

  return offset;
}

static int
dissect_smb2_FSCTL_GET_COMPRESSION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{

  /* There is no in data */
  if (data_in) {
    return offset;
  }

  /* compression format */
  proto_tree_add_item(tree, hf_smb2_compression_format, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  return offset;
}

static int
dissect_smb2_FSCTL_SET_COMPRESSION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{

  /* There is no out data */
  if (!data_in) {
    return offset;
  }

  /* compression format */
  proto_tree_add_item(tree, hf_smb2_compression_format, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  return offset;
}

static int
dissect_smb2_FSCTL_GET_INTEGRITY_INFORMATION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in _U_)
{
  static int * const integrity_flags[] = {
    &hf_smb2_integrity_flags_enforcement_off,
    NULL
  };

  proto_tree_add_item(tree, hf_smb2_checksum_algorithm, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_item(tree, hf_smb2_integrity_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_integrity_flags, ett_smb2_integrity_flags, integrity_flags, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_integrity_crc_chunk_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_integrity_cluster_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  return offset;
}

static int
dissect_smb2_FSCTL_SET_INTEGRITY_INFORMATION(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{
  static int * const integrity_flags[] = {
    &hf_smb2_integrity_flags_enforcement_off,
    NULL
  };

  /* There is no out data */
  if (!data_in) {
    return offset;
  }

  proto_tree_add_item(tree, hf_smb2_checksum_algorithm, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_item(tree, hf_smb2_integrity_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_integrity_flags, ett_smb2_integrity_flags, integrity_flags, ENC_LITTLE_ENDIAN);
  offset += 4;

  return offset;
}

static int
dissect_smb2_FSCTL_SET_INTEGRITY_INFORMATION_EX(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{
  static int * const integrity_flags[] = {
    &hf_smb2_integrity_flags_enforcement_off,
    NULL
  };

  if (!data_in) {
    return offset;
  }

  proto_tree_add_item(tree, hf_smb2_fsctl_infoex_enable_integrity, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  proto_tree_add_item(tree, hf_smb2_fsctl_infoex_keep_integrity_state, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  proto_tree_add_item(tree, hf_smb2_fsctl_infoex_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_fsctl_infoex_flags, ett_smb2_integrity_flags, integrity_flags, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_fsctl_infoex_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  proto_tree_add_item(tree, hf_smb2_fsctl_infoex_reserved2, tvb, offset, 7, ENC_LITTLE_ENDIAN);
  offset += 7;

  return offset;
}

static int
dissect_smb2_FSCTL_REFS_STREAM_SNAPSHOT_MANAGEMENT_Query_Delta(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
{
  proto_tree *sub_tree;

  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_fscc_refs_snapshot_query_delta_buffer, NULL, "Query Delta Buffer");

  proto_tree_add_item(sub_tree, hf_smb2_fscc_refs_snapshot_query_delta_buffer_startvcn, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(sub_tree, hf_smb2_fscc_refs_snapshot_query_delta_buffer_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(sub_tree, hf_smb2_fscc_refs_snapshot_query_delta_buffer_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  return offset;
}

static int
dissect_smb2_FSCTL_REFS_STREAM_SNAPSHOT_MANAGEMENT(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, bool data_in)
{
  uint32_t operation;
  uint32_t name_len;
  uint32_t input_buffer_len;

  /* There is no in data */
  if (!data_in) {
    return offset;
  }

  proto_tree_add_item_ret_uint(tree, hf_smb2_fscc_refs_snapshot_mgmt_operation, tvb, offset, 4, ENC_LITTLE_ENDIAN, &operation);
  offset += 4;

  proto_tree_add_item_ret_uint(tree, hf_smb2_fscc_refs_snapshot_mgmt_namelen, tvb, offset, 2, ENC_LITTLE_ENDIAN, &name_len);
  offset += 2;

  proto_tree_add_item_ret_uint(tree, hf_smb2_fscc_refs_snapshot_mgmt_input_buffer_len, tvb, offset, 2, ENC_LITTLE_ENDIAN, &input_buffer_len);
  offset += 2;

  proto_tree_add_item(tree, hf_smb2_fscc_refs_snapshot_mgmt_reserved, tvb, offset, 16, ENC_NA);
  offset += 16;

  if (name_len) {
    proto_tree_add_item(tree, hf_smb2_fscc_refs_snapshot_mgmt_name, tvb, offset, name_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
    offset += name_len;
  }

  if (operation == REFS_STREAM_SNAPSHOT_OPERATION_QUERY_DELTAS) {
    offset += dissect_smb2_FSCTL_REFS_STREAM_SNAPSHOT_MANAGEMENT_Query_Delta(tvb, pinfo, tree, offset);
  }

  return offset;
}

static int
dissect_smb2_FSCTL_SET_OBJECT_ID(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{

  /* There is no out data */
  if (!data_in) {
    return offset;
  }

  /* FILE_OBJECTID_BUFFER */
  offset = dissect_smb2_FILE_OBJECTID_BUFFER(tvb, pinfo, tree, offset);

  return offset;
}

static int
dissect_smb2_FSCTL_SET_OBJECT_ID_EXTENDED(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{

  /* There is no out data */
  if (!data_in) {
    return offset;
  }

  /* FILE_OBJECTID_BUFFER->ExtendedInfo */

  /* Birth Volume ID */
  proto_tree_add_item(tree, hf_smb2_birth_volume_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* Birth Object ID */
  proto_tree_add_item(tree, hf_smb2_birth_object_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* Domain ID */
  proto_tree_add_item(tree, hf_smb2_domain_id, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  return offset;
}

static int
dissect_smb2_cchunk_RESUME_KEY(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset)
{

  proto_tree_add_bytes_format_value(tree, hf_smb2_cchunk_resume_key, tvb,
            offset, 24, NULL, "Opaque Data");
  offset += 24;

  return (offset);
}

static void
dissect_smb2_FSCTL_SRV_REQUEST_RESUME_KEY(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{

  /* There is no in data */
  if (data_in) {
    return;
  }

  offset = dissect_smb2_cchunk_RESUME_KEY(tvb, pinfo, tree, offset);

  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
}

static void
dissect_smb2_FSCTL_SRV_COPYCHUNK(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{
  proto_tree *sub_tree;
  proto_item *sub_item;
  uint32_t chunk_count = 0;

  /* Output is simpler - handle that first. */
  if (!data_in) {
    proto_tree_add_item(tree, hf_smb2_cchunk_chunks_written, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(tree, hf_smb2_cchunk_bytes_written, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(tree, hf_smb2_cchunk_total_written, tvb, offset+8, 4, ENC_LITTLE_ENDIAN);
    return;
  }

  /* Input data, fixed part */
  offset = dissect_smb2_cchunk_RESUME_KEY(tvb, pinfo, tree, offset);
  proto_tree_add_item_ret_uint(tree, hf_smb2_cchunk_count, tvb, offset, 4, ENC_LITTLE_ENDIAN, &chunk_count);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  /* Zero or more allocated ranges may be reported. */
  while (chunk_count && tvb_reported_length_remaining(tvb, offset) >= 24) {
    sub_tree = proto_tree_add_subtree(tree, tvb, offset, 24, ett_smb2_cchunk_entry, &sub_item, "Chunk");

    proto_tree_add_item(sub_tree, hf_smb2_cchunk_src_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(sub_tree, hf_smb2_cchunk_dst_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    proto_tree_add_item(sub_tree, hf_smb2_cchunk_xfer_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
    offset += 4;

    chunk_count--;
  }
}

static void
dissect_smb2_reparse_nfs(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, uint32_t length)
{
  uint64_t type;
  int symlink_length;

  type = tvb_get_letoh64(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_nfs_type, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  switch (type) {
  case NFS_SPECFILE_LNK:
    /*
     * According to [MS-FSCC] 2.1.2.6 "length" contains
     * the 8-byte type plus the symlink target in Unicode
     * non-NULL terminated.
     */
    if (length < 8) {
      THROW(ReportedBoundsError);
    }
    symlink_length = length - 8;
    proto_tree_add_item(tree, hf_smb2_nfs_symlink_target, tvb, offset,
              symlink_length, ENC_UTF_16|ENC_LITTLE_ENDIAN);
    break;
  case NFS_SPECFILE_CHR:
    proto_tree_add_item(tree, hf_smb2_nfs_chr_major, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;
    proto_tree_add_item(tree, hf_smb2_nfs_chr_minor, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    break;
  case NFS_SPECFILE_BLK:
    proto_tree_add_item(tree, hf_smb2_nfs_blk_major, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;
    proto_tree_add_item(tree, hf_smb2_nfs_blk_minor, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    break;
  case NFS_SPECFILE_FIFO:
  case NFS_SPECFILE_SOCK:
    /* no data */
    break;
  }
}

static void
dissect_smb2_FSCTL_REPARSE_POINT(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset)
{
  proto_item *item = NULL;
  proto_tree *tree = NULL;

  uint32_t tag;
  uint32_t length;
  offset_length_buffer_t  s_olb, p_olb;

  /* REPARSE_DATA_BUFFER */
  if (parent_tree) {
    item = proto_tree_add_item(parent_tree, hf_smb2_reparse_data_buffer, tvb, offset, -1, ENC_NA);
    tree = proto_item_add_subtree(item, ett_smb2_reparse_data_buffer);
  }

  /* reparse tag */
  tag = tvb_get_letohl(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* reparse data length */
  length = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_reparse_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  if (!(tag & 0x80000000)) {
    /* if high bit is not set, this buffer has a GUID field */
    /* reparse guid */
    proto_tree_add_item(tree, hf_smb2_reparse_guid, tvb, offset, 16, ENC_NA);
    offset += 16;
  }

  switch (tag) {
  case REPARSE_TAG_SYMLINK:
    /* substitute name  offset/length */
    offset = dissect_smb2_olb_length_offset(tvb, offset, &s_olb, OLB_O_UINT16_S_UINT16, hf_smb2_symlink_substitute_name);

    /* print name offset/length */
    offset = dissect_smb2_olb_length_offset(tvb, offset, &p_olb, OLB_O_UINT16_S_UINT16, hf_smb2_symlink_print_name);

    /* flags */
    proto_tree_add_item(tree, hf_smb2_symlink_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* substitute name string */
    dissect_smb2_olb_off_string(pinfo, tree, tvb, &s_olb, offset, OLB_TYPE_UNICODE_STRING);

    /* print name string */
    dissect_smb2_olb_off_string(pinfo, tree, tvb, &p_olb, offset, OLB_TYPE_UNICODE_STRING);
    break;
  case REPARSE_TAG_NFS:
    dissect_smb2_reparse_nfs(tvb, pinfo, tree, offset, length);
    break;
  default:
    proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, length, ENC_NA);
  }
}

static void
dissect_smb2_FSCTL_SET_REPARSE_POINT(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, bool data_in)
{
  if (!data_in) {
    return;
  }

  dissect_smb2_FSCTL_REPARSE_POINT(tvb, pinfo, parent_tree, offset);
}

static void
dissect_smb2_FSCTL_GET_REPARSE_POINT(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, bool data_in)
{
  if (data_in) {
    return;
  }

  dissect_smb2_FSCTL_REPARSE_POINT(tvb, pinfo, parent_tree, offset);
}

static void
dissect_smb2_FSCTL_GET_NTFS_VOLUME_DATA(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, bool data_in)
{
  /* There is no in data */
  if (data_in) {
    return;
  }

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_volume_serial, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_num_sectors, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_total_clusters, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_free_clusters, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_total_reserved, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_sector, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_cluster, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_file_record_segment, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_clusters_per_file_record_segment, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_mft_valid_data_length, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_mft_start_lcn, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_mft2_start_lcn, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_mft_zone_start, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_ioctl_get_ntfs_volume_data_mft_zone_end, tvb, offset, 8, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_FSCTL_DUPLICATE_EXTENTS_TO_FILE(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, gboolean data_in, void *data)
{
  /*
   * Note: si is NULL for some callers from packet-smb.c
   */
  smb2_info_t *si = (smb2_info_t *)data;

  /* Output is simpler - handle that first. */
  if (!data_in) {
    return;
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  proto_tree_add_item(tree, hf_smb2_dupext_src_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_dupext_dst_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  proto_tree_add_item(tree, hf_smb2_dupext_byte_count, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  /*offset += 8;*/
}

/* [MS-SMB2] - v20240129 2.2.31 and [MS-DFSC] - v20180912 2.2.3 */
static void
dissect_smb2_FSCTL_DFS_GET_REFERRALS_EX(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset _U_, gboolean data_in)
{
  int16_t bc;
  int32_t name_len;
  int32_t data_len;
  bool is_sitename = FALSE;
  bool has_site_name = FALSE;
  const char *name;
  proto_item *item = NULL;
  proto_tree *tree = NULL;
  proto_item *fitem = NULL;
  proto_tree *ftree = NULL;

  if (!parent_tree || !data_in)
    return;

  /* Max referral level */
  proto_tree_add_item(parent_tree, hf_smb2_dfs_max_referral_level, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* Request flags */
  item = proto_tree_add_item(parent_tree, hf_smb2_dfs_request_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  if (tvb_get_letohs(tvb, offset)==0x00000001) {
    has_site_name = TRUE;
    proto_item_append_text(item, " (Site name specified)");
  } else {
    proto_item_append_text(item, " (Site name not specified)");
  }
  offset += 2;

  /* Length of the RequestData buffer */
  data_len = tvb_get_letohl(tvb, offset);
  proto_tree_add_item(parent_tree, hf_smb2_dfs_request_data_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  item = proto_tree_add_item(parent_tree, hf_smb2_dfs_request_data, tvb, offset, data_len, ENC_NA);
  tree = proto_item_add_subtree(item, ett_smb2_fsctl_dfs_get_referrals_ex_request_data);
  bc = data_len;

  /* RequestData buffer */
  /* Read the filenames and if has_sitename, the site name */
  while (data_len > 0) {

    name_len = tvb_get_letohs(tvb, offset);
    offset += 2;

    if(has_site_name
    && data_len == name_len + 2)
      is_sitename = TRUE;

    if (name_len) {
      name = smb_get_unicode_or_ascii_string(pinfo->pool, tvb, &offset, TRUE, &name_len, TRUE, TRUE, &bc);
      if (name) {
        if (!is_sitename) {
          fitem = proto_tree_add_string(tree, hf_smb2_dfs_request_data_file, tvb, offset, name_len, name);
          ftree = proto_item_add_subtree(fitem, ett_smb2_fsctl_dfs_get_referrals_ex_filename);
          proto_tree_add_item(ftree, hf_smb2_dfs_filename_len, tvb, offset-2, 2, ENC_LITTLE_ENDIAN);
          proto_tree_add_string(ftree, hf_smb2_filename, tvb, offset, name_len, name);
        } else {
          fitem = proto_tree_add_string(tree, hf_smb2_dfs_request_data_site, tvb, offset, name_len, name);
          ftree = proto_item_add_subtree(fitem, ett_smb2_fsctl_dfs_get_referrals_ex_sitename);
          proto_tree_add_item(ftree, hf_smb2_dfs_sitename_len, tvb, offset-2, 2, ENC_LITTLE_ENDIAN);
          proto_tree_add_string(ftree, hf_smb2_dfs_sitename, tvb, offset, name_len, name);
        }
        data_len -= (name_len + 2);
        offset += name_len;
      } else {
        return;
      }
    } else {
      return;
    }
  }
}

void
dissect_smb2_ioctl_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *top_tree, uint32_t ioctl_function, bool data_in, void *private_data _U_)
{
  uint16_t dc;

  dc = tvb_reported_length(tvb);

  switch (ioctl_function) {
  case 0x00060194: /* FSCTL_DFS_GET_REFERRALS */
    if (data_in) {
      dissect_smb_get_dfs_request_data(tvb, pinfo, tree, 0, &dc, true);
    } else {
      dissect_smb_get_dfs_referral_data(tvb, pinfo, tree, 0, &dc, true);
    }
    break;
  case 0x000601B0: /* FSCTL_DFS_GET_REFERRALS_EX */
    dissect_smb2_FSCTL_DFS_GET_REFERRALS_EX(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x000940CF: /* FSCTL_QUERY_ALLOCATED_RANGES */
    dissect_smb2_FSCTL_QUERY_ALLOCATED_RANGES(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00094264: /* FSCTL_OFFLOAD_READ */
    dissect_smb2_FSCTL_OFFLOAD_READ(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00098268: /* FSCTL_OFFLOAD_WRITE */
    dissect_smb2_FSCTL_OFFLOAD_WRITE(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x0011c017: /* FSCTL_PIPE_TRANSCEIVE */
    dissect_smb2_FSCTL_PIPE_TRANSCEIVE(tvb, pinfo, tree, 0, top_tree, data_in, private_data);
    break;
  case 0x00110018: /* FSCTL_PIPE_WAIT */
    dissect_smb2_FSCTL_PIPE_WAIT(tvb, pinfo, tree, 0, top_tree, data_in);
    break;
  case 0x00140078: /* FSCTL_SRV_REQUEST_RESUME_KEY */
    dissect_smb2_FSCTL_SRV_REQUEST_RESUME_KEY(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x001401D4: /* FSCTL_LMR_REQUEST_RESILIENCY */
    dissect_smb2_FSCTL_LMR_REQUEST_RESILIENCY(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x001401FC: /* FSCTL_QUERY_NETWORK_INTERFACE_INFO */
    dissect_smb2_FSCTL_QUERY_NETWORK_INTERFACE_INFO(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00140200: /* FSCTL_VALIDATE_NEGOTIATE_INFO_224 */
    dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO_224(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00140204: /* FSCTL_VALIDATE_NEGOTIATE_INFO */
    dissect_smb2_FSCTL_VALIDATE_NEGOTIATE_INFO(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00144064: /* FSCTL_SRV_ENUMERATE_SNAPSHOTS */
    dissect_smb2_FSCTL_SRV_ENUMERATE_SNAPSHOTS(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x001440F2: /* FSCTL_SRV_COPYCHUNK */
  case 0x001480F2: /* FSCTL_SRV_COPYCHUNK_WRITE */
    dissect_smb2_FSCTL_SRV_COPYCHUNK(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x000900A4: /* FSCTL_SET_REPARSE_POINT */
    dissect_smb2_FSCTL_SET_REPARSE_POINT(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x000900A8: /* FSCTL_GET_REPARSE_POINT */
    dissect_smb2_FSCTL_GET_REPARSE_POINT(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x0009009C: /* FSCTL_GET_OBJECT_ID */
  case 0x000900c0: /* FSCTL_CREATE_OR_GET_OBJECT_ID */
    dissect_smb2_FSCTL_CREATE_OR_GET_OBJECT_ID(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x000900c4: /* FSCTL_SET_SPARSE */
    dissect_smb2_FSCTL_SET_SPARSE(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00098098: /* FSCTL_SET_OBJECT_ID */
    dissect_smb2_FSCTL_SET_OBJECT_ID(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x000980BC: /* FSCTL_SET_OBJECT_ID_EXTENDED */
    dissect_smb2_FSCTL_SET_OBJECT_ID_EXTENDED(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x000980C8: /* FSCTL_SET_ZERO_DATA */
    dissect_smb2_FSCTL_SET_ZERO_DATA(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x0009003C: /* FSCTL_GET_COMPRESSION */
    dissect_smb2_FSCTL_GET_COMPRESSION(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00090300: /* FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT */
    dissect_smb2_FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00090304: /* FSCTL_SVHDX_SYNC_TUNNEL or response */
  case 0x00090364: /* FSCTL_SVHDX_ASYNC_TUNNEL or response */
    call_dissector_with_data(rsvd_handle, tvb, pinfo, top_tree, &data_in);
    break;
  case 0x00090350: /* FSCTL_STORAGE_QOS_CONTROL */
    dissect_smb2_FSCTL_STORAGE_QOS_CONTROL(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x0009C040: /* FSCTL_SET_COMPRESSION */
    dissect_smb2_FSCTL_SET_COMPRESSION(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00090284: /* FSCTL_QUERY_FILE_REGIONS */
    dissect_smb2_FSCTL_QUERY_FILE_REGIONS(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x0009027c: /* FSCTL_GET_INTEGRITY_INFORMATION request or response */
    dissect_smb2_FSCTL_GET_INTEGRITY_INFORMATION(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x0009C280: /* FSCTL_SET_INTEGRITY_INFORMATION request or response */
    dissect_smb2_FSCTL_SET_INTEGRITY_INFORMATION(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00090064: /* FSCTL_GET_NTFS_VOLUME_DATA */
    dissect_smb2_FSCTL_GET_NTFS_VOLUME_DATA(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00090380:
    dissect_smb2_FSCTL_SET_INTEGRITY_INFORMATION_EX(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00090440:
    dissect_smb2_FSCTL_REFS_STREAM_SNAPSHOT_MANAGEMENT(tvb, pinfo, tree, 0, data_in);
    break;
  case 0x00098344: /* FSCTL_DUPLICATE_EXTENTS_TO_FILE */
    dissect_smb2_FSCTL_DUPLICATE_EXTENTS_TO_FILE(tvb, pinfo, tree, 0, data_in, private_data);
    break;
  default:
    proto_tree_add_item(tree, hf_smb2_unknown, tvb, 0, tvb_captured_length(tvb), ENC_NA);
  }
}

static void
dissect_smb2_ioctl_data_in(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  smb2_pipe_set_file_id(pinfo, si);
  dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, true, si);
}

static void
dissect_smb2_ioctl_data_out(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  smb2_pipe_set_file_id(pinfo, si);
  dissect_smb2_ioctl_data(tvb, pinfo, tree, si->top_tree, si->ioctl_function, false, si);
}

static int
dissect_smb2_ioctl_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t o_olb;
  offset_length_buffer_t i_olb;
  proto_tree *flags_tree = NULL;
  proto_item *flags_item = NULL;
  proto_item *item = NULL;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* ioctl function */
  offset = dissect_smb2_ioctl_function(tvb, pinfo, tree, offset, &si->ioctl_function);

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(tree, hf_smb2_file_id_hash, tvb, 0, 0,
      si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  /* in buffer offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &i_olb, OLB_O_UINT32_S_UINT32, hf_smb2_ioctl_in_data);

  /* max ioctl in size */
  proto_tree_add_item(tree, hf_smb2_max_ioctl_in_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* out buffer offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &o_olb, OLB_O_UINT32_S_UINT32, hf_smb2_ioctl_out_data);

  /* max ioctl out size */
  proto_tree_add_item(tree, hf_smb2_max_ioctl_out_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* flags */
  if (tree) {
    flags_item = proto_tree_add_item(tree, hf_smb2_ioctl_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    flags_tree = proto_item_add_subtree(flags_item, ett_smb2_ioctl_flags);
  }
  proto_tree_add_item(flags_tree, hf_smb2_ioctl_is_fsctl, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  /* try to decode these blobs in the order they were encoded
   * so that for "short" packets we will dissect as much as possible
   * before aborting with "short packet"
   */
  if (i_olb.off>o_olb.off) {
    /* out buffer */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &o_olb, si, dissect_smb2_ioctl_data_out);
    /* in buffer */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &i_olb, si, dissect_smb2_ioctl_data_in);
  } else {
    /* in buffer */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &i_olb, si, dissect_smb2_ioctl_data_in);
    /* out buffer */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &o_olb, si, dissect_smb2_ioctl_data_out);
  }

  offset = dissect_smb2_olb_tvb_max_offset(offset, &o_olb);
  offset = dissect_smb2_olb_tvb_max_offset(offset, &i_olb);

  return offset;
}

static int
dissect_smb2_ioctl_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t o_olb;
  offset_length_buffer_t i_olb;
  bool continue_dissection;
  proto_item *item = NULL;

  switch (si->status) {
  /* buffer code */
  /* if we get BUFFER_OVERFLOW there will be truncated data */
  case 0x80000005:
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* ioctl function */
  offset = dissect_smb2_ioctl_function(tvb, pinfo, tree, offset, &si->ioctl_function);

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(tree, hf_smb2_file_id_hash, tvb, 0, 0,
      si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  /* in buffer offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &i_olb, OLB_O_UINT32_S_UINT32, hf_smb2_ioctl_in_data);

  /* out buffer offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &o_olb, OLB_O_UINT32_S_UINT32, hf_smb2_ioctl_out_data);


  /* flags: reserved: must be zero */
  proto_tree_add_item(tree, hf_smb2_flags, tvb, offset, 4, ENC_BIG_ENDIAN);
  offset += 4;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  /* try to decode these blobs in the order they were encoded
   * so that for "short" packets we will dissect as much as possible
   * before aborting with "short packet"
   */
  if (i_olb.off>o_olb.off) {
    /* out buffer */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &o_olb, si, dissect_smb2_ioctl_data_out);
    /* in buffer */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &i_olb, si, dissect_smb2_ioctl_data_in);
  } else {
    /* in buffer */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &i_olb, si, dissect_smb2_ioctl_data_in);
    /* out buffer */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &o_olb, si, dissect_smb2_ioctl_data_out);
  }

  offset = dissect_smb2_olb_tvb_max_offset(offset, &i_olb);
  offset = dissect_smb2_olb_tvb_max_offset(offset, &o_olb);

  return offset;
}


#define SMB2_READFLAG_READ_UNBUFFERED 0x01
#define SMB2_READFLAG_READ_COMPRESSED 0x02

static const true_false_string tfs_read_unbuffered = {
  "Client is asking for UNBUFFERED read",
  "Client is NOT asking for UNBUFFERED read"
};

static const true_false_string tfs_read_compressed = {
  "Client is asking for COMPRESSED data",
  "Client is NOT asking for COMPRESSED data"
};

static int
dissect_smb2_read_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t c_olb;
  uint32_t channel;
  uint32_t len;
  uint64_t off;
  static int * const flags[] = {
       &hf_smb2_read_flags_unbuffered,
       &hf_smb2_read_flags_compressed,
       NULL
  };
  proto_item *item = NULL;
  proto_tree *fid_tree = NULL;
  proto_tree *which_tree = NULL;
  e_guid_t   tag_guid;


  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* padding */
  proto_tree_add_item(tree, hf_smb2_read_padding, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* flags */
  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_read_flags,
             ett_smb2_read_flags, flags, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* length */
  len = tvb_get_letohl(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_read_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* offset */
  off = tvb_get_letoh64(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_file_offset, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  col_append_fstr(pinfo->cinfo, COL_INFO, " Len:%d Off:%" PRIu64, len, off);

  /* Save the FID for use in the reply */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved) {
    si->saved->uuid_fid = tag_guid;
  }

  /* fid */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  } else {
    which_tree = tree;
  }

  /* Filename */
  if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
  }

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  /* minimum count */
  proto_tree_add_item(tree, hf_smb2_min_count, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* channel */
  channel = tvb_get_letohl(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* remaining bytes */
  proto_tree_add_item(tree, hf_smb2_remaining_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* read channel info blob offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &c_olb, OLB_O_UINT16_S_UINT16, hf_smb2_channel_info_blob);

  /* the read channel info blob itself */
  switch (channel) {
  case SMB2_CHANNEL_RDMA_V1:
  case SMB2_CHANNEL_RDMA_V1_INVALIDATE:
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, dissect_smb2_rdma_v1_blob);
    break;
  case SMB2_CHANNEL_NONE:
  default:
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &c_olb, si, NULL);
    break;
  }

  offset = dissect_smb2_olb_tvb_max_offset(offset, &c_olb);

  /* Store len and offset */
  if (si->saved) {
    si->saved->file_offset=off;
    si->saved->bytes_moved=len;
  }

  return offset;
}

static void
dissect_smb2_read_blob(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  int offset = 0;
  int length = tvb_captured_length_remaining(tvb, offset);

  smb2_pipe_set_file_id(pinfo, si);

  offset = dissect_file_data_smb2_pipe(tvb, pinfo, tree, offset, length, si->top_tree, si);
  if (offset != 0) {
    /* managed to dissect pipe data */
    return;
  }

  /* data */
  proto_tree_add_item(tree, hf_smb2_read_data, tvb, offset, length, ENC_NA);
}

static int
dissect_smb2_read_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t olb;
  uint32_t data_tvb_len;
  bool continue_dissection;
  proto_item *item = NULL;
  proto_item *tag_item = NULL;
  proto_tree *tag_tree = NULL;
  proto_tree *which_tree = NULL;

  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* data offset 8 bit, 8 bit reserved, length 32bit */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &olb,
            OLB_O_UINT8_P_UINT8_S_UINT32,
            hf_smb2_read_blob);

  /* remaining */
  proto_tree_add_item(tree, hf_smb2_read_remaining, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* Create a filename subtree and populate it. */
  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = tag_tree;
    } else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
          si->saved->frame_end);
        proto_item_set_generated(item);
      }
    }
  }

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  data_tvb_len=(uint32_t)tvb_captured_length_remaining(tvb, offset);

  dissect_smb2_olb_buffer(pinfo, tree, tvb, &olb, si, dissect_smb2_read_blob);

  offset += MIN(olb.len, data_tvb_len);

  if (have_tap_listener(smb2_eo_tap) && (data_tvb_len == olb.len)) {
    if (si->saved && si->eo_file_info) { /* without this data we don't know which file this belongs to */
      feed_eo_smb2(tvb,pinfo,si,olb.off,olb.len,si->saved->file_offset);
    }
  }

  return offset;
}

static void
report_create_context_malformed_buffer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const char *buffer_desc)
{
  proto_tree_add_expert_format(tree, pinfo, &ei_smb2_bad_response, tvb, 0, -1,
          "%s SHOULD NOT be generated", buffer_desc);
}
static void
dissect_smb2_ExtA_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  proto_item *item = NULL;
  if (tree) {
    item = proto_tree_get_parent(tree);
    proto_item_append_text(item, ": SMB2_FILE_FULL_EA_INFO");
  }
  dissect_smb2_file_full_ea_info(tvb, pinfo, tree, 0, si);
}

static void
dissect_smb2_ExtA_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
{
  report_create_context_malformed_buffer(tvb, pinfo, tree, "ExtA Response");
}

static void
dissect_smb2_SecD_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  proto_item *item = NULL;
  if (tree) {
    item = proto_tree_get_parent(tree);
    proto_item_append_text(item, ": SMB2_SEC_INFO_00");
  }
  dissect_smb2_sec_info_00(tvb, pinfo, tree, 0, si);
}

static void
dissect_smb2_SecD_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
{
  report_create_context_malformed_buffer(tvb, pinfo, tree, "SecD Response");
}

/*
 * Add the timestamp to the info column and to the name of the file if
 * we have not visited this packet before.
 */
static void
add_timestamp_to_info_col(tvbuff_t *tvb, packet_info *pinfo, smb2_info_t *si,
        int offset)
{
  uint32_t filetime_high, filetime_low;
  uint64_t ft;
  nstime_t ts;

  filetime_low = tvb_get_letohl(tvb, offset);
  filetime_high = tvb_get_letohl(tvb, offset + 4);

  ft = ((uint64_t)filetime_high << 32) | filetime_low;
  if (!filetime_to_nstime(&ts, ft)) {
    return;
  }

  col_append_fstr(pinfo->cinfo, COL_INFO, "@%s",
            abs_time_to_str(pinfo->pool, &ts, ABSOLUTE_TIME_UTC,
                false));

  /* Append the timestamp */
  if (!pinfo->fd->visited) {
    if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
      char *saved_name = (char *)si->saved->extra_info;

      si->saved->extra_info = wmem_strdup_printf(wmem_file_scope(),
        "%s@%s", (char *)saved_name,
        abs_time_to_str(pinfo->pool, &ts,
          ABSOLUTE_TIME_UTC, false));
      wmem_free(wmem_file_scope(), saved_name);
    }
  }
}

static void
dissect_smb2_TWrp_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  proto_item *item = NULL;
  if (tree) {
    item = proto_tree_get_parent(tree);
    proto_item_append_text(item, ": Timestamp");
  }
  add_timestamp_to_info_col(tvb, pinfo, si, 0);
  dissect_nttime(tvb, tree, 0, hf_smb2_twrp_timestamp, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_TWrp_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  report_create_context_malformed_buffer(tvb, pinfo, tree, "TWrp Response");
}

static void
dissect_smb2_QFid_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  proto_item *item = NULL;

  if (tree) {
    item = proto_tree_get_parent(tree);
  }

  if (item) {
    if (tvb_reported_length(tvb) == 0) {
      proto_item_append_text(item, ": NO DATA");
    } else {
      proto_item_append_text(item, ": QFid request should have no data, malformed packet");
    }
  }
}

static void
dissect_smb2_QFid_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  int         offset   = 0;
  proto_item *item = NULL;
  proto_item *sub_tree;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": QFid INFO");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_QFid_buffer, NULL, "QFid INFO");

  proto_tree_add_item(sub_tree, hf_smb2_qfid_fid, tvb, offset, 32, ENC_NA);
}

static void
dissect_smb2_AlSi_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, 0, 8, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_AlSi_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  report_create_context_malformed_buffer(tvb, pinfo, tree, "AlSi Response");
}

static void
dissect_smb2_DHnQ_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  dissect_smb2_fid(tvb, pinfo, tree, 0, si, FID_MODE_DHNQ);
}

static void
dissect_smb2_DHnQ_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  proto_tree_add_item(tree, hf_smb2_dhnq_buffer_reserved, tvb, 0, 8, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_DHnC_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  dissect_smb2_fid(tvb, pinfo, tree, 0, si, FID_MODE_DHNC);
}

static void
dissect_smb2_DHnC_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
{
  report_create_context_malformed_buffer(tvb, pinfo, tree, "DHnC Response");
}

/*
 * SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2
 *  4 - timeout
 *  4 - flags
 *  8 - reserved
 * 16 - create guid
 *
 * SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2
 *  4 - timeout
 *  4 - flags
 *
 * SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2
 * 16 - file id
 * 16 - create guid
 *  4 - flags
 *
 * SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2
 * - nothing -
 */
#define SMB2_DH2X_FLAGS_PERSISTENT_HANDLE 0x00000002

static void
dissect_smb2_DH2Q_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  static int * const dh2x_flags_fields[] = {
    &hf_smb2_dh2x_buffer_flags_persistent_handle,
    NULL
  };
  int         offset   = 0;
  proto_item *item = NULL;
  proto_item *sub_tree;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": DH2Q Request");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2Q_buffer, NULL, "DH2Q Request");

  /* timeout */
  proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_timeout, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* flags */
  proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_dh2x_buffer_flags,
        ett_smb2_dh2x_flags, dh2x_flags_fields, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* reserved */
  proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_reserved, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* create guid */
  proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_create_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_DH2Q_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  int         offset   = 0;
  proto_item *item = NULL;
  proto_item *sub_tree;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": DH2Q Response");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2Q_buffer, NULL, "DH2Q Response");

  /* timeout */
  proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_timeout, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* flags */
  proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_DH2C_buffer_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si)
{
  int         offset   = 0;
  proto_item *item = NULL;
  proto_item *sub_tree;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": DH2C Request");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_DH2C_buffer, NULL, "DH2C Request");

  /* file id */
  dissect_smb2_fid(tvb, pinfo, sub_tree, offset, si, FID_MODE_DHNC);
  offset += 16;

  /* create guid */
  proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_create_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* flags */
  proto_tree_add_item(sub_tree, hf_smb2_dh2x_buffer_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_DH2C_buffer_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si _U_)
{
  report_create_context_malformed_buffer(tvb, pinfo, tree, "DH2C Response");
}

static void
dissect_smb2_MxAc_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  int     offset = 0;
  proto_item *item   = NULL;

  if (tree) {
    item = proto_tree_get_parent(tree);
  }

  if (tvb_reported_length(tvb) == 0) {
    if (item) {
      proto_item_append_text(item, ": NO DATA");
    }
    return;
  }

  if (item) {
    proto_item_append_text(item, ": Timestamp");
  }

  dissect_nttime(tvb, tree, offset, hf_smb2_mxac_timestamp, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_MxAc_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  int         offset   = 0;
  proto_item *item = NULL;
  proto_tree *sub_tree;

  item = proto_tree_get_parent(tree);

  if (tvb_reported_length(tvb) == 0) {
    proto_item_append_text(item, ": NO DATA");
    return;
  }

  proto_item_append_text(item, ": MxAc INFO");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_MxAc_buffer, NULL, "MxAc INFO");

  proto_tree_add_item(sub_tree, hf_smb2_mxac_status, tvb, offset, 4, ENC_BIG_ENDIAN);
  offset += 4;

  dissect_smb_access_mask(tvb, sub_tree, offset);
}

/*
 * SMB2_CREATE_REQUEST_LEASE 32
 * 16 - lease key
 *  4 - lease state
 *  4 - lease flags
 *  8 - lease duration
 *
 * SMB2_CREATE_REQUEST_LEASE_V2 52
 * 16 - lease key
 *  4 - lease state
 *  4 - lease flags
 *  8 - lease duration
 * 16 - parent lease key
 *  2 - epoch
 *  2 - reserved
 */
#define SMB2_LEASE_STATE_READ_CACHING   0x00000001
#define SMB2_LEASE_STATE_HANDLE_CACHING 0x00000002
#define SMB2_LEASE_STATE_WRITE_CACHING  0x00000004

#define SMB2_LEASE_FLAGS_BREAK_ACK_REQUIRED    0x00000001
#define SMB2_LEASE_FLAGS_BREAK_IN_PROGRESS     0x00000002
#define SMB2_LEASE_FLAGS_PARENT_LEASE_KEY_SET  0x00000004

static int * const lease_state_fields[] = {
  &hf_smb2_lease_state_read_caching,
  &hf_smb2_lease_state_handle_caching,
  &hf_smb2_lease_state_write_caching,
  NULL
};
static int * const lease_flags_fields[] = {
  &hf_smb2_lease_flags_break_ack_required,
  &hf_smb2_lease_flags_break_in_progress,
  &hf_smb2_lease_flags_parent_lease_key_set,
  NULL
};

static void
dissect_SMB2_CREATE_LEASE_VX(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_)
{
  int         offset      = 0;
  int         len;
  proto_tree *sub_tree    = NULL;
  proto_item *parent_item;

  parent_item = proto_tree_get_parent(parent_tree);

  len = tvb_reported_length(tvb);

  switch (len) {
  case 32: /* SMB2_CREATE_REQUEST/RESPONSE_LEASE */
    proto_item_append_text(parent_item, ": LEASE_V1");
    sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_RqLs_buffer, NULL, "LEASE_V1");
    break;
  case 52: /* SMB2_CREATE_REQUEST/RESPONSE_LEASE_V2 */
    proto_item_append_text(parent_item, ": LEASE_V2");
    sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_RqLs_buffer, NULL, "LEASE_V2");
    break;
  default:
    report_create_context_malformed_buffer(tvb, pinfo, parent_tree, "RqLs");
    break;
  }

  proto_tree_add_item(sub_tree, hf_smb2_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_lease_state,
             ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_bitmask(sub_tree, tvb, offset, hf_smb2_lease_flags,
             ett_smb2_lease_flags, lease_flags_fields, ENC_LITTLE_ENDIAN);
  offset += 4;

  proto_tree_add_item(sub_tree, hf_smb2_lease_duration, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  if (len < 52) {
    return;
  }

  proto_tree_add_item(sub_tree, hf_smb2_parent_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  proto_tree_add_item(sub_tree, hf_smb2_lease_epoch, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_item(sub_tree, hf_smb2_lease_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_RqLs_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  dissect_SMB2_CREATE_LEASE_VX(tvb, pinfo, tree, si);
}

static void
dissect_smb2_RqLs_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  dissect_SMB2_CREATE_LEASE_VX(tvb, pinfo, tree, si);
}

/*
 * SMB2_CREATE_APP_INSTANCE_ID
 *  2 - structure size - 20
 *  2 - reserved
 * 16 - application guid
 */

static void
dissect_smb2_APP_INSTANCE_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  int         offset   = 0;
  proto_item *item = NULL;
  proto_item *sub_tree;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": CREATE APP INSTANCE ID");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_APP_INSTANCE_buffer, NULL, "APP INSTANCE ID");

  /* struct size */
  proto_tree_add_item(sub_tree, hf_smb2_APP_INSTANCE_buffer_struct_size,
          tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* reserved */
  proto_tree_add_item(sub_tree, hf_smb2_APP_INSTANCE_buffer_reserved,
          tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* create guid */
  proto_tree_add_item(sub_tree, hf_smb2_APP_INSTANCE_buffer_app_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_APP_INSTANCE_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  report_create_context_malformed_buffer(tvb, pinfo, tree, "APP INSTANCE Response");
}

/*
 * Dissect the MS-RSVD stuff that turns up when HyperV uses SMB3.x
 */
static void
dissect_smb2_svhdx_open_device_context(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  int offset = 0;
  uint32_t version;
  proto_item *item = NULL;
  proto_item *sub_tree;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": SVHDX OPEN DEVICE CONTEXT");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_svhdx_open_device_context, NULL, "SVHDX OPEN DEVICE CONTEXT");

  /* Version */
  proto_tree_add_item_ret_uint(sub_tree, hf_smb2_svhdx_open_device_context_version,
          tvb, offset, 4, ENC_LITTLE_ENDIAN, &version);
  offset += 4;

  /* HasInitiatorId */
  proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_has_initiator_id,
          tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* Reserved */
  proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_reserved,
          tvb, offset, 3, ENC_NA);
  offset += 3;

  /* InitiatorId */
  proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_id,
          tvb, offset, 16, ENC_LITTLE_ENDIAN);
  offset += 16;

  /* Flags TODO: Dissect these*/
  proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_flags,
          tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* OriginatorFlags */
  proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_originator_flags,
          tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* OpenRequestId */
  proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_open_request_id,
          tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* InitiatorHostNameLength */
  proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_host_name_len,
          tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* InitiatorHostName */
  proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_initiator_host_name,
          tvb, offset, 126, ENC_ASCII);
  offset += 126;

  if (version == 2) {
    /* VirtualDiskPropertiesInitialized */
    proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_virtual_disk_properties_initialized,
          tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* ServerServiceVersion */
    proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_server_service_version,
          tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* VirtualSectorSize */
    proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_virtual_sector_size,
          tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* PhysicalSectorSize */
    proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_physical_sector_size,
          tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* VirtualSize */
    proto_tree_add_item(sub_tree, hf_smb2_svhdx_open_device_context_virtual_size,
          tvb, offset, 8, ENC_LITTLE_ENDIAN);
  }
}

/*
 * SMB2_CREATE_APP_INSTANCE_VERSION
 *  2 - structure size - 24
 *  2 - reserved
 *  4 - padding
 *  8 - AppInstanceVersionHigh
 *  8 - AppInstanceVersionHigh
 */

static void
dissect_smb2_app_instance_version_buffer_request(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  int         offset   = 0;
  proto_item *item = NULL;
  proto_item *sub_tree;
  proto_item *version_sub_tree;
  uint64_t  version_high;
  uint64_t  version_low;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": CREATE APP INSTANCE VERSION");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_app_instance_version_buffer, NULL, "APP INSTANCE VERSION");

  /* struct size */
  proto_tree_add_item(sub_tree, hf_smb2_app_instance_version_struct_size,
          tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* reserved */
  proto_tree_add_item(sub_tree, hf_smb2_app_instance_version_reserved,
          tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* padding */
  proto_tree_add_item(sub_tree, hf_smb2_app_instance_version_padding,
          tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  version_sub_tree = proto_tree_add_subtree(sub_tree, tvb, offset, -1, ett_smb2_app_instance_version_buffer_version, NULL, "version");

  /* version high */
  proto_tree_add_item_ret_uint64(version_sub_tree, hf_smb2_app_instance_version_high,
          tvb, offset, 8, ENC_LITTLE_ENDIAN, &version_high);
  offset += 8;

  /* version low */
  proto_tree_add_item_ret_uint64(version_sub_tree, hf_smb2_app_instance_version_low,
          tvb, offset, 8, ENC_LITTLE_ENDIAN, &version_low);

  proto_item_append_text(version_sub_tree, " : %" PRIu64 ".%" PRIu64, version_high, version_low);
  proto_item_append_text(sub_tree, ", version: %" PRIu64 ".%" PRIu64, version_high, version_low);
}

static void
dissect_smb2_app_instance_version_buffer_response(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, smb2_info_t *si _U_)
{
  report_create_context_malformed_buffer(tvb, pinfo, tree, "APP INSTANCE Version Response");
}

static void
dissect_smb2_posix_buffer_request(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, smb2_info_t *si _U_)
{
  int offset = 0;
  proto_item *item = NULL;

  item = proto_tree_get_parent(tree);
  proto_item_append_text(item, ": POSIX Create Context request");

  /* POSIX mode bits */
  proto_tree_add_item(tree, hf_smb2_posix_perms, tvb, offset, 4, ENC_LITTLE_ENDIAN);
}

static void
dissect_smb2_posix_buffer_response(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, smb2_info_t *si _U_)
{
  int offset = 0;
  proto_item *item = NULL;

  item = proto_tree_get_parent(tree);
  proto_item_append_text(item, ": POSIX Create Context response");

  /* Hardlinks */
  proto_tree_add_item(tree, hf_smb2_nlinks, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* Reparse tag */
  proto_tree_add_item(tree, hf_smb2_reparse_tag, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* POSIX mode bits */
  proto_tree_add_item(tree, hf_smb2_posix_perms, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* Owner and Group SID */
  offset = dissect_nt_sid(tvb, pinfo, offset, tree, "Owner SID", NULL, -1);
  dissect_nt_sid(tvb, pinfo, offset, tree, "Group SID", NULL, -1);
}

#define SMB2_AAPL_SERVER_QUERY  1
#define SMB2_AAPL_RESOLVE_ID  2

static const value_string aapl_command_code_vals[] = {
  { SMB2_AAPL_SERVER_QUERY, "Server query"},
  { SMB2_AAPL_RESOLVE_ID,   "Resolve ID"},
  { 0, NULL }
};

#define SMB2_AAPL_SERVER_CAPS   0x00000001
#define SMB2_AAPL_VOLUME_CAPS   0x00000002
#define SMB2_AAPL_MODEL_INFO    0x00000004

static int * const aapl_server_query_bitmap_fields[] = {
  &hf_smb2_aapl_server_query_bitmask_server_caps,
  &hf_smb2_aapl_server_query_bitmask_volume_caps,
  &hf_smb2_aapl_server_query_bitmask_model_info,
  NULL
};

#define SMB2_AAPL_SUPPORTS_READ_DIR_ATTR  0x00000001
#define SMB2_AAPL_SUPPORTS_OSX_COPYFILE   0x00000002
#define SMB2_AAPL_UNIX_BASED      0x00000004
#define SMB2_AAPL_SUPPORTS_NFS_ACE    0x00000008

static int * const aapl_server_query_caps_fields[] = {
  &hf_smb2_aapl_server_query_caps_supports_read_dir_attr,
  &hf_smb2_aapl_server_query_caps_supports_osx_copyfile,
  &hf_smb2_aapl_server_query_caps_unix_based,
  &hf_smb2_aapl_server_query_caps_supports_nfs_ace,
  NULL
};

static void
dissect_smb2_AAPL_buffer_request(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, smb2_info_t *si _U_)
{
  int         offset   = 0;
  proto_item *item = NULL;
  proto_item *sub_tree;
  uint32_t    command_code;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": AAPL Create Context request");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_aapl_create_context_request, NULL, "AAPL Create Context request");

  /* Command code */
  proto_tree_add_item_ret_uint(sub_tree, hf_smb2_aapl_command_code,
      tvb, offset, 4, ENC_LITTLE_ENDIAN, &command_code);
  offset += 4;

  /* Reserved */
  proto_tree_add_item(sub_tree, hf_smb2_aapl_reserved,
      tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  switch (command_code) {

  case SMB2_AAPL_SERVER_QUERY:
    /* Request bitmap */
    proto_tree_add_bitmask(sub_tree, tvb, offset,
               hf_smb2_aapl_server_query_bitmask,
               ett_smb2_aapl_server_query_bitmask,
               aapl_server_query_bitmap_fields,
               ENC_LITTLE_ENDIAN);
    offset += 8;

    /* Client capabilities */
    proto_tree_add_bitmask(sub_tree, tvb, offset,
               hf_smb2_aapl_server_query_caps,
               ett_smb2_aapl_server_query_caps,
               aapl_server_query_caps_fields,
               ENC_LITTLE_ENDIAN);
    break;

  case SMB2_AAPL_RESOLVE_ID:
    /* file ID */
    proto_tree_add_item(sub_tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    break;

  default:
    break;
  }
}

#define SMB2_AAPL_SUPPORTS_RESOLVE_ID 0x00000001
#define SMB2_AAPL_CASE_SENSITIVE    0x00000002
#define SMB2_AAPL_SUPPORTS_FULL_SYNC  0x00000004

static int * const aapl_server_query_volume_caps_fields[] = {
  &hf_smb2_aapl_server_query_volume_caps_support_resolve_id,
  &hf_smb2_aapl_server_query_volume_caps_case_sensitive,
  &hf_smb2_aapl_server_query_volume_caps_supports_full_sync,
  NULL
};

static void
dissect_smb2_AAPL_buffer_response(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, smb2_info_t *si _U_)
{
  int         offset   = 0;
  proto_item *item = NULL;
  proto_item *sub_tree;
  uint32_t    command_code;
  uint64_t    server_query_bitmask;

  item = proto_tree_get_parent(tree);

  proto_item_append_text(item, ": AAPL Create Context response");
  sub_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_aapl_create_context_response, NULL, "AAPL Create Context response");

  /* Command code */
  proto_tree_add_item_ret_uint(sub_tree, hf_smb2_aapl_command_code,
      tvb, offset, 4, ENC_LITTLE_ENDIAN, &command_code);
  offset += 4;

  /* Reserved */
  proto_tree_add_item(sub_tree, hf_smb2_aapl_reserved,
      tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  switch (command_code) {

  case SMB2_AAPL_SERVER_QUERY:
    /* Reply bitmap */
    proto_tree_add_bitmask_ret_uint64(sub_tree, tvb, offset,
              hf_smb2_aapl_server_query_bitmask,
              ett_smb2_aapl_server_query_bitmask,
              aapl_server_query_bitmap_fields,
              ENC_LITTLE_ENDIAN,
              &server_query_bitmask);
    offset += 8;

    if (server_query_bitmask & SMB2_AAPL_SERVER_CAPS) {
      /* Server capabilities */
      proto_tree_add_bitmask(sub_tree, tvb, offset,
                 hf_smb2_aapl_server_query_caps,
                 ett_smb2_aapl_server_query_caps,
                 aapl_server_query_caps_fields,
                 ENC_LITTLE_ENDIAN);
      offset += 8;
    }
    if (server_query_bitmask & SMB2_AAPL_VOLUME_CAPS) {
      /* Volume capabilities */
      proto_tree_add_bitmask(sub_tree, tvb, offset,
                 hf_smb2_aapl_server_query_volume_caps,
                 ett_smb2_aapl_server_query_volume_caps,
                 aapl_server_query_volume_caps_fields,
                 ENC_LITTLE_ENDIAN);
      offset += 8;
    }
    if (server_query_bitmask & SMB2_AAPL_MODEL_INFO) {
      /* Padding */
      offset += 4;

      /* Model string */
      proto_tree_add_item(sub_tree, hf_smb2_aapl_server_query_model_string,
              tvb, offset, 4,
              ENC_UTF_16|ENC_LITTLE_ENDIAN);
    }
    break;

  case SMB2_AAPL_RESOLVE_ID:
    /* NT status */
    proto_tree_add_item(sub_tree, hf_smb2_nt_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* Server path */
    proto_tree_add_item(sub_tree, hf_smb2_aapl_server_query_server_path,
            tvb, offset, 4,
            ENC_UTF_16|ENC_LITTLE_ENDIAN);
    break;

  default:
    break;
  }
}

typedef void (*create_context_data_dissector_t)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si);

typedef struct create_context_data_dissectors {
  create_context_data_dissector_t request;
  create_context_data_dissector_t response;
} create_context_data_dissectors_t;

struct create_context_data_tag_dissectors {
  const char *tag;
  const char *val;
  create_context_data_dissectors_t dissectors;
};

static struct create_context_data_tag_dissectors create_context_dissectors_array[] = {
  { "ExtA", "SMB2_CREATE_EA_BUFFER",
    { dissect_smb2_ExtA_buffer_request, dissect_smb2_ExtA_buffer_response } },
  { "SecD", "SMB2_CREATE_SD_BUFFER",
    { dissect_smb2_SecD_buffer_request, dissect_smb2_SecD_buffer_response } },
  { "AlSi", "SMB2_CREATE_ALLOCATION_SIZE",
    { dissect_smb2_AlSi_buffer_request, dissect_smb2_AlSi_buffer_response } },
  { "MxAc", "SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST",
    { dissect_smb2_MxAc_buffer_request, dissect_smb2_MxAc_buffer_response } },
  { "DHnQ", "SMB2_CREATE_DURABLE_HANDLE_REQUEST",
    { dissect_smb2_DHnQ_buffer_request, dissect_smb2_DHnQ_buffer_response } },
  { "DHnC", "SMB2_CREATE_DURABLE_HANDLE_RECONNECT",
    { dissect_smb2_DHnC_buffer_request, dissect_smb2_DHnC_buffer_response } },
  { "DH2Q", "SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2",
    { dissect_smb2_DH2Q_buffer_request, dissect_smb2_DH2Q_buffer_response } },
  { "DH2C", "SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2",
    { dissect_smb2_DH2C_buffer_request, dissect_smb2_DH2C_buffer_response } },
  { "TWrp", "SMB2_CREATE_TIMEWARP_TOKEN",
    { dissect_smb2_TWrp_buffer_request, dissect_smb2_TWrp_buffer_response } },
  { "QFid", "SMB2_CREATE_QUERY_ON_DISK_ID",
    { dissect_smb2_QFid_buffer_request, dissect_smb2_QFid_buffer_response } },
  { "RqLs", "SMB2_CREATE_REQUEST_LEASE",
    { dissect_smb2_RqLs_buffer_request, dissect_smb2_RqLs_buffer_response } },
  { "744D142E-46FA-0890-4AF7-A7EF6AA6BC45", "SMB2_CREATE_APP_INSTANCE_ID",
    { dissect_smb2_APP_INSTANCE_buffer_request, dissect_smb2_APP_INSTANCE_buffer_response } },
  { "6aa6bc45-a7ef-4af7-9008-fa462e144d74", "SMB2_CREATE_APP_INSTANCE_ID",
    { dissect_smb2_APP_INSTANCE_buffer_request, dissect_smb2_APP_INSTANCE_buffer_response } },
  { "9ecfcb9c-c104-43e6-980e-158da1f6ec83", "SVHDX_OPEN_DEVICE_CONTEXT",
    { dissect_smb2_svhdx_open_device_context, dissect_smb2_svhdx_open_device_context} },
  { "b7d082b9-563b-4f07-a07b-524a8116a010", "SMB2_CREATE_APP_INSTANCE_VERSION",
     { dissect_smb2_app_instance_version_buffer_request, dissect_smb2_app_instance_version_buffer_response } },
  { "5025ad93-b49c-e711-b423-83de968bcd7c", "SMB2_POSIX_CREATE_CONTEXT",
    { dissect_smb2_posix_buffer_request, dissect_smb2_posix_buffer_response } },
  { "AAPL", "SMB2_AAPL_CREATE_CONTEXT",
    { dissect_smb2_AAPL_buffer_request, dissect_smb2_AAPL_buffer_response } },
};

static struct create_context_data_tag_dissectors*
get_create_context_data_tag_dissectors(const char *tag)
{
  static struct create_context_data_tag_dissectors INVALID = {
    NULL, "<invalid>", { NULL, NULL }
  };

  size_t i;

  for (i = 0; i<array_length(create_context_dissectors_array); i++) {
    if (!strcmp(tag, create_context_dissectors_array[i].tag))
      return &create_context_dissectors_array[i];
  }
  return &INVALID;
}

static void
// NOLINTNEXTLINE(misc-no-recursion)
dissect_smb2_create_extra_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, smb2_info_t *si)
{
  offset_length_buffer_t  tag_olb;
  offset_length_buffer_t  data_olb;
  const uint8_t *tag;
  uint16_t    chain_offset;
  int         offset      = 0;
  int         len         = -1;
  proto_item *sub_item;
  proto_tree *sub_tree;
  proto_item *parent_item = NULL;
  create_context_data_dissectors_t *dissectors = NULL;
  create_context_data_dissector_t   dissector  = NULL;
  struct create_context_data_tag_dissectors *tag_dissectors;

  chain_offset = tvb_get_letohl(tvb, offset);
  if (chain_offset) {
    len = chain_offset;
  }

  sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, len, ett_smb2_create_chain_element, &sub_item, "Chain Element");
  parent_item = proto_tree_get_parent(parent_tree);

  /* chain offset */
  proto_tree_add_item(sub_tree, hf_smb2_create_chain_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* tag  offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &tag_olb, OLB_O_UINT16_S_UINT32, hf_smb2_tag);

  /* data  offset/length */
  dissect_smb2_olb_length_offset(tvb, offset, &data_olb, OLB_O_UINT16_S_UINT32, hf_smb2_create_chain_data);

  /*
   * These things are all either 4-char strings, like DH2C, or GUIDs,
   * however, at least one of them appears to be a GUID as a string and
   * one appears to be a binary guid. So, check if the length is
   * 16, and if so, pull the GUID and convert it to a string. Otherwise
   * call dissect_smb2_olb_string.
   */
  if (tag_olb.len == 16) {
    e_guid_t tag_guid;
    proto_item *tag_item;
    proto_tree *tag_tree;

    tvb_get_letohguid(tvb, tag_olb.off, &tag_guid);
    tag = guid_to_str(pinfo->pool, &tag_guid);

    tag_item = proto_tree_add_string(sub_tree, tag_olb.hfindex, tvb, tag_olb.off, tag_olb.len, tag);
    tag_tree = proto_item_add_subtree(tag_item, ett_smb2_olb);
    proto_tree_add_item(tag_tree, hf_smb2_olb_offset, tvb, tag_olb.off_offset, 2, ENC_LITTLE_ENDIAN);
    proto_tree_add_item(tag_tree, hf_smb2_olb_length, tvb, tag_olb.len_offset, 2, ENC_LITTLE_ENDIAN);

  } else {
    /* tag string */
    tag = dissect_smb2_olb_string(pinfo, sub_tree, tvb, &tag_olb, OLB_TYPE_ASCII_STRING);
  }

  tag_dissectors = get_create_context_data_tag_dissectors(tag);

  proto_item_append_text(parent_item, " %s", tag_dissectors->val);
  proto_item_append_text(sub_item, ": %s \"%s\"", tag_dissectors->val, tag);

  /* data */
  dissectors = &tag_dissectors->dissectors;
  if (dissectors)
    dissector = (si->flags & SMB2_FLAGS_RESPONSE) ? dissectors->response : dissectors->request;

  dissect_smb2_olb_buffer(pinfo, sub_tree, tvb, &data_olb, si, dissector);

  if (chain_offset) {
    tvbuff_t *chain_tvb;
    chain_tvb = tvb_new_subset_remaining(tvb, chain_offset);

    /* next extra info */
    increment_dissection_depth(pinfo);
    dissect_smb2_create_extra_info(chain_tvb, pinfo, parent_tree, si);
    decrement_dissection_depth(pinfo);
  }
}

static int
dissect_smb2_create_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  offset_length_buffer_t   f_olb, e_olb;
  const uint8_t   *fname;
  proto_item    *item;
  proto_tree    *tag_tree = NULL;
  proto_item    *tag_item = NULL;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* security flags */
  offset++;

  /* oplock */
  offset = dissect_smb2_oplock(tree, tvb, offset);

  /* impersonation level */
  proto_tree_add_item(tree, hf_smb2_impersonation_level, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* create flags */
  proto_tree_add_item(tree, hf_smb2_create_flags, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 8, ENC_NA);
  offset += 8;

  /* access mask */
  offset = dissect_smb_access_mask(tvb, tree, offset);

  /* File Attributes */
  if (si->file) {
    if (tvb_get_letohl(tvb, offset) & 0x10)
      si->file->is_dir = TRUE;
    else
      si->file->is_dir = FALSE;
  }
  offset = dissect_fscc_file_attr(tvb, tree, offset, NULL);

  /* share access */
  offset = dissect_nt_share_access(tvb, tree, offset);

  /* create disposition */
  proto_tree_add_item(tree, hf_smb2_create_disposition, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* create options */
  offset = dissect_nt_create_options(tvb, tree, offset);

  if (tvb_get_letohl(tvb, offset-4) & 0x1000) {
    col_append_str(pinfo->cinfo, COL_INFO, ", (delete on close)");
    if (si->file)
      si->file->delete_on_close = TRUE;
  }

  if (si->file)
    si->file->frame_beg = pinfo->fd->num;
  if (si->saved)
    si->saved->frame_beg = pinfo->fd->num;

  if (pinfo->fd->visited) {
    if (si->saved && si->saved->uuid_fid.data1 > 0) {
      tag_item = proto_tree_add_guid(tree, hf_smb2_fid, tvb, 0, 0,
        (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(tag_item);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
    } else {
      tag_tree = tree;
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(tag_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    item = proto_tree_add_uint(tag_tree, hf_frame_handle_opened, tvb, 0, 0, pinfo->fd->num);
    proto_item_set_generated(item);

    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(tag_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(tag_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->saved->frame_end);
      proto_item_set_generated(item);
    }
  }

  /* Blobs offset/length */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &f_olb, OLB_O_UINT16_S_UINT16, hf_smb2_filename);

  /* extrainfo offset */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &e_olb, OLB_O_UINT32_S_UINT32, hf_smb2_extrainfo);

  /* filename string */
  fname = dissect_smb2_olb_string(pinfo, tag_tree, tvb, &f_olb, OLB_TYPE_UNICODE_STRING);
  if (strcmp(fname, "") == 0)
    fname = wmem_strdup(wmem_file_scope(),"<share>");

  col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s",
    format_text(pinfo->pool, fname, strlen(fname)));

  /* save the name if it looks sane */
  if (!pinfo->fd->visited) {
    if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
      wmem_free(wmem_file_scope(), si->saved->extra_info);
      si->saved->extra_info = NULL;
      si->saved->extra_info_type = SMB2_EI_NONE;
    }
    if (si->saved && f_olb.len < 1024) {
      si->saved->extra_info_type = SMB2_EI_FILENAME;
      si->saved->extra_info = wmem_strdup(wmem_file_scope(), fname);
    }
  }

  /* If extrainfo_offset is non-null then this points to another
   * buffer. The offset is relative to the start of the smb packet
   */
  dissect_smb2_olb_buffer(pinfo, tree, tvb, &e_olb, si, dissect_smb2_create_extra_info);

  offset = dissect_smb2_olb_tvb_max_offset(offset, &f_olb);
  offset = dissect_smb2_olb_tvb_max_offset(offset, &e_olb);

  return offset;
}

#define SMB2_CREATE_REP_FLAGS_REPARSE_POINT 0x01

static int
dissect_smb2_create_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint64_t end_of_file;
  uint32_t attr_mask;
  offset_length_buffer_t e_olb;
  e_guid_t tag_guid;
  static int * const create_rep_flags_fields[] = {
    &hf_smb2_create_rep_flags_reparse_point,
    NULL
  };
  bool continue_dissection;
  proto_item *item = NULL;
  proto_tree *tag_tree = NULL;
  proto_tree *which_tree = tree;


  switch (si->status) {
  /* buffer code */
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  /* oplock */
  offset = dissect_smb2_oplock(tree, tvb, offset);

  /* reserved */
  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_create_rep_flags,
             ett_smb2_create_rep_flags, create_rep_flags_fields, ENC_LITTLE_ENDIAN);
  offset += 1;

  /* create action */
  proto_tree_add_item(tree, hf_smb2_create_action, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* create time */
  dissect_nttime(tvb, tree, offset, hf_smb2_create_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last access */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_access_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last write */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_write_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* last change */
  dissect_nttime(tvb, tree, offset, hf_smb2_last_change_timestamp, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* allocation size */
  proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* end of file */
  end_of_file = tvb_get_letoh64(tvb, offset);
  if (si->eo_file_info) {
    si->eo_file_info->end_of_file = tvb_get_letoh64(tvb, offset);
  }
  proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  offset += 8;

  /* File Attributes */
  offset = dissect_fscc_file_attr(tvb, tree, offset, &attr_mask);

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  /* Save the GUID for use in the *request* */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved)
    si->saved->uuid_fid = tag_guid;

  if (si->file && si->file->delete_on_close)
    col_append_str(pinfo->cinfo, COL_INFO, ", (delete on close)");

  /* Display the GUID subtree */
  offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_OPEN);

  if (si->saved && si->saved->hnd_item && si->file && si->file->name) {
    tag_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(tag_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
    which_tree = tag_tree;

  } else if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
    col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
  }

  if (si->saved) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
      si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
  }

  if (si->saved) {
    si->saved->frame_beg = pinfo->fd->num;
  }
  if (si->file)
    si->file->frame_beg  = pinfo->fd->num;

  /* We save this after dissect_smb2_fid just because it would be
  possible to have this response without having the matching request.
  In that case the entry in the file info hash table has been created
  in dissect_smb2_fid */
  if (si->eo_file_info) {
    si->eo_file_info->end_of_file = end_of_file;
    si->eo_file_info->attr_mask = attr_mask;
  }

  /* extrainfo offset */
  offset = dissect_smb2_olb_length_offset(tvb, offset, &e_olb, OLB_O_UINT32_S_UINT32, hf_smb2_extrainfo);

  /* If extrainfo_offset is non-null then this points to another
   * buffer. The offset is relative to the start of the smb packet
   */
  if (e_olb.off < 0xffff && e_olb.len < 0xfffff) {  /* Sanity check: if the create_request is missing,
    the offset and length are enormous (bogus). */
    dissect_smb2_olb_buffer(pinfo, tree, tvb, &e_olb, si, dissect_smb2_create_extra_info);

    offset = dissect_smb2_olb_tvb_max_offset(offset, &e_olb);
  }
  /* free si->saved->extra_info   we don't need it any more */
  if (si->saved && si->saved->extra_info_type == SMB2_EI_FILENAME) {
    wmem_free(wmem_file_scope(), si->saved->extra_info);
    si->saved->extra_info = NULL;
    si->saved->extra_info_type = SMB2_EI_NONE;
  }

  return offset;
}


static int
dissect_smb2_setinfo_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint32_t setinfo_size;
  uint16_t setinfo_offset;
  proto_item *item = NULL;
  proto_tree *fid_tree;
  proto_tree *which_tree;
  e_guid_t   tag_guid;

  /* buffer code */
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* class and info level */
  offset = dissect_smb2_class_infolevel(pinfo, tvb, offset, tree, si);

  /* size */
  setinfo_size = tvb_get_letohl(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_setinfo_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  offset += 4;

  /* offset */
  setinfo_offset = tvb_get_letohs(tvb, offset);
  proto_tree_add_item(tree, hf_smb2_setinfo_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_setinfo_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  if (si->saved && si->saved->smb2_class == SMB2_CLASS_SEC_INFO) {
    /* AdditionalInformation (4 bytes): Provides additional information to the server.
      If security information is being set, this value MUST contain a 4-byte bit field
      of flags indicating what security attributes MUST be applied.  */
    offset = dissect_additional_information_sec_mask(tvb, tree, offset);
  } else {
    /* For all other set requests, this field MUST be 0. */
    proto_tree_add_item(tree, hf_smb2_getsetinfo_additional, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;
  }

  /* Save the FID for use in responses and the create request */
  tvb_get_letohguid(tvb, offset, &tag_guid);
  if (si->saved) {
    si->saved->uuid_fid = tag_guid;
  }

  /* fid */
  dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

  if (si->saved && si->saved->hnd_item) {
    fid_tree = proto_item_add_subtree(si->saved->hnd_item, ett_smb2_fid_str);
    which_tree = fid_tree;
  } else {
    which_tree = tree;
  }

  /* Filename */
  if (si->file && si->file->name) {
    if (strcmp(si->file->name, "") == 0)
      si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
    item = proto_tree_add_string(which_tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
    proto_item_set_generated(item);
  }

  /* fid hash */
  if (si->saved && si->saved->fid_hash) {
    item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
    proto_item_set_generated(item);
}

  /* data */
  if (si->saved)
    dissect_smb2_infolevel(tvb, pinfo, tree, setinfo_offset, si, si->saved->smb2_class, si->saved->infolevel);
  offset = setinfo_offset + setinfo_size;

  return offset;
}

static int
dissect_smb2_setinfo_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  bool continue_dissection;
  proto_item *item = NULL;
  proto_tree *tag_tree = NULL;
  proto_item *tag_item = NULL;
  proto_tree *which_tree = NULL;

  /* class/infolevel */
  dissect_smb2_class_infolevel(pinfo, tvb, offset, tree, si);

  if (pinfo->fd->visited) {
    if (si->file && si->file->name) {
      if (strcmp(si->file->name, "") == 0)
        si->file->name = wmem_strdup(wmem_file_scope(),"<share>");
      tag_item = proto_tree_add_string(tree, hf_smb2_filename, tvb, 0, 0, si->file->name);
      tag_tree = proto_item_add_subtree(tag_item, ett_smb2_fid_str);
      col_append_fstr(pinfo->cinfo, COL_INFO, ", File: %s", si->file->name);
      which_tree = tag_tree;
    } else {
      which_tree = tree;
    }
    if (si->saved) {
      item = proto_tree_add_guid(which_tree, hf_smb2_fid, tvb, 0, 0, (e_guid_t *)&si->saved->uuid_fid);
      proto_item_set_generated(item);
    }
    if (si->saved && si->saved->fid_hash) {
      item = proto_tree_add_uint_format(which_tree, hf_smb2_file_id_hash, tvb, 0, 0,
        si->saved->fid_hash, "File Id Hash: 0x%04x", si->saved->fid_hash);
      proto_item_set_generated(item);
    }
    if (si->file && si->file->frame_beg > 0 && si->file->frame_beg < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
        si->file->frame_beg);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_beg > 0 && si->saved->frame_beg < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_opened, tvb, 0, 0,
          si->saved->frame_beg);
        proto_item_set_generated(item);
      }
    }
    if (si->file && si->file->frame_end > 0 && si->file->frame_end < UINT32_MAX) {
      item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
        si->file->frame_end);
      proto_item_set_generated(item);
    } else {
      if (si->saved && si->saved->frame_end > 0 && si->saved->frame_end < UINT32_MAX) {
        item = proto_tree_add_uint(which_tree, hf_frame_handle_closed, tvb, 0, 0,
          si->saved->frame_end);
        proto_item_set_generated(item);

      }
    }
  }


  /* buffer code */
  switch (si->status) {
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  return offset;
}

static int
dissect_smb2_break_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint16_t buffer_code;

  /* buffer code */
  buffer_code = tvb_get_letohs(tvb, offset);
  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  if (buffer_code == OPLOCK_BREAK_OPLOCK_STRUCTURE_SIZE) {
    /* OPLOCK Break */

    /* oplock */
    offset = dissect_smb2_oplock(tree, tvb, offset);

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
    offset += 1;

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
    offset += 4;

    /* fid */
    offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

    return offset;
  }

  if (buffer_code == OPLOCK_BREAK_LEASE_ACKNOWLEDGMENT_STRUCTURE_SIZE) {
    /* Lease Break Acknowledgment */

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
    offset +=2;

    /* lease flags */
    proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_flags,
               ett_smb2_lease_flags, lease_flags_fields, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* lease key */
    proto_tree_add_item(tree, hf_smb2_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
    offset += 16;

    /* lease state */
    proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_state,
               ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_lease_duration, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    return offset;
  }

  return offset;
}

static int
dissect_smb2_break_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint16_t buffer_code;
  bool continue_dissection;

  /* buffer code */
  buffer_code = tvb_get_letohs(tvb, offset);
  switch (si->status) {
  case 0x00000000: offset = dissect_smb2_buffercode(tree, tvb, offset, NULL); break;
  default: offset = dissect_smb2_error_response(tvb, pinfo, tree, offset, si, &continue_dissection);
    if (!continue_dissection) return offset;
  }

  if (buffer_code == OPLOCK_BREAK_OPLOCK_STRUCTURE_SIZE) {
    /* OPLOCK Break Notification */

    /* oplock */
    offset = dissect_smb2_oplock(tree, tvb, offset);

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 1, ENC_NA);
    offset += 1;

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
    offset += 4;

    /* fid */
    offset = dissect_smb2_fid(tvb, pinfo, tree, offset, si, FID_MODE_USE);

    /* in break requests from server to client here're 24 byte zero bytes
     * which are likely a bug in windows (they may use 2* 24 bytes instead of just
     * 1 *24 bytes
     */
    return offset;
  }

  if (buffer_code == OPLOCK_BREAK_LEASE_NOTIFICATION_STRUCTURE_SIZE) {
    proto_item *item = NULL;

    /* Lease Break Notification */

    /* new lease epoch */
    proto_tree_add_item(tree, hf_smb2_lease_epoch, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;

    /* lease flags */
    proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_flags,
               ett_smb2_lease_flags, lease_flags_fields, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* lease key */
    proto_tree_add_item(tree, hf_smb2_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
    offset += 16;

    /* current lease state */
    item = proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_state,
                ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
    if (item) {
      proto_item_prepend_text(item, "Current ");
    }
    offset += 4;

    /* new lease state */
    item = proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_state,
                ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
    if (item) {
      proto_item_prepend_text(item, "New ");
    }
    offset += 4;

    /* break reason - reserved */
    proto_tree_add_item(tree, hf_smb2_lease_break_reason, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* access mask hint - reserved */
    proto_tree_add_item(tree, hf_smb2_lease_access_mask_hint, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* share mask hint - reserved */
    proto_tree_add_item(tree, hf_smb2_lease_share_mask_hint, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    return offset;
  }

  if (buffer_code == OPLOCK_BREAK_LEASE_RESPONSE_STRUCTURE_SIZE) {
    /* Lease Break Response */

    /* reserved */
    proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
    offset +=2;

    /* lease flags */
    proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_flags,
               ett_smb2_lease_flags, lease_flags_fields, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* lease key */
    proto_tree_add_item(tree, hf_smb2_lease_key, tvb, offset, 16, ENC_LITTLE_ENDIAN);
    offset += 16;

    /* lease state */
    proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_lease_state,
               ett_smb2_lease_state, lease_state_fields, ENC_LITTLE_ENDIAN);
    offset += 4;

    proto_tree_add_item(tree, hf_smb2_lease_duration, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;

    return offset;
  }

  return offset;
}

static int
dissect_smb2_notify_session_closed(tvbuff_t *tvb, proto_tree *parent_tree, packet_info *pinfo _U_, int offset, smb2_info_t *si _U_)
{
  proto_tree *sub_tree;

  sub_tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_smb2_server_notification, NULL, "Notification");

  /* reserved */
  proto_tree_add_item(sub_tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA);
  offset += 4;

  return offset;
}

static int
dissect_smb2_server_to_client_notification(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si)
{
  uint32_t notification_type;

  offset = dissect_smb2_buffercode(tree, tvb, offset, NULL);

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* notification type */
  proto_tree_add_item_ret_uint(tree, hf_smb2_notification_type, tvb, offset, 4, ENC_BIG_ENDIAN, &notification_type);
  offset += 4;

  switch(notification_type) {
    case NOTIFY_SESSION_CLOSED:
    default:
      offset = dissect_smb2_notify_session_closed(tvb, tree, pinfo, offset, si);
      break;
  }

  return offset;
}

/* names here are just until we find better names for these functions */
/* decode_smb2_name can be used to access this safely */
static const value_string smb2_cmd_vals[] = {
  { 0x00, "Negotiate Protocol" },
  { 0x01, "Session Setup" },
  { 0x02, "Session Logoff" },
  { 0x03, "Tree Connect" },
  { 0x04, "Tree Disconnect" },
  { 0x05, "Create" },
  { 0x06, "Close" },
  { 0x07, "Flush" },
  { 0x08, "Read" },
  { 0x09, "Write" },
  { 0x0A, "Lock" },
  { 0x0B, "Ioctl" },
  { 0x0C, "Cancel" },
  { 0x0D, "KeepAlive" },
  { 0x0E, "Find" },
  { 0x0F, "Notify" },
  { 0x10, "GetInfo" },
  { 0x11, "SetInfo" },
  { 0x12, "Break" },
  { 0x13, "Server notification" },
  { 0x14, "unknown-0x14" },
  { 0x15, "unknown-0x15" },
  { 0x16, "unknown-0x16" },
  { 0x17, "unknown-0x17" },
  { 0x18, "unknown-0x18" },
  { 0x19, "unknown-0x19" },
  { 0x1A, "unknown-0x1A" },
  { 0x1B, "unknown-0x1B" },
  { 0x1C, "unknown-0x1C" },
  { 0x1D, "unknown-0x1D" },
  { 0x1E, "unknown-0x1E" },
  { 0x1F, "unknown-0x1F" },
  { 0x20, "unknown-0x20" },
  { 0x21, "unknown-0x21" },
  { 0x22, "unknown-0x22" },
  { 0x23, "unknown-0x23" },
  { 0x24, "unknown-0x24" },
  { 0x25, "unknown-0x25" },
  { 0x26, "unknown-0x26" },
  { 0x27, "unknown-0x27" },
  { 0x28, "unknown-0x28" },
  { 0x29, "unknown-0x29" },
  { 0x2A, "unknown-0x2A" },
  { 0x2B, "unknown-0x2B" },
  { 0x2C, "unknown-0x2C" },
  { 0x2D, "unknown-0x2D" },
  { 0x2E, "unknown-0x2E" },
  { 0x2F, "unknown-0x2F" },
  { 0x30, "unknown-0x30" },
  { 0x31, "unknown-0x31" },
  { 0x32, "unknown-0x32" },
  { 0x33, "unknown-0x33" },
  { 0x34, "unknown-0x34" },
  { 0x35, "unknown-0x35" },
  { 0x36, "unknown-0x36" },
  { 0x37, "unknown-0x37" },
  { 0x38, "unknown-0x38" },
  { 0x39, "unknown-0x39" },
  { 0x3A, "unknown-0x3A" },
  { 0x3B, "unknown-0x3B" },
  { 0x3C, "unknown-0x3C" },
  { 0x3D, "unknown-0x3D" },
  { 0x3E, "unknown-0x3E" },
  { 0x3F, "unknown-0x3F" },
  { 0x40, "unknown-0x40" },
  { 0x41, "unknown-0x41" },
  { 0x42, "unknown-0x42" },
  { 0x43, "unknown-0x43" },
  { 0x44, "unknown-0x44" },
  { 0x45, "unknown-0x45" },
  { 0x46, "unknown-0x46" },
  { 0x47, "unknown-0x47" },
  { 0x48, "unknown-0x48" },
  { 0x49, "unknown-0x49" },
  { 0x4A, "unknown-0x4A" },
  { 0x4B, "unknown-0x4B" },
  { 0x4C, "unknown-0x4C" },
  { 0x4D, "unknown-0x4D" },
  { 0x4E, "unknown-0x4E" },
  { 0x4F, "unknown-0x4F" },
  { 0x50, "unknown-0x50" },
  { 0x51, "unknown-0x51" },
  { 0x52, "unknown-0x52" },
  { 0x53, "unknown-0x53" },
  { 0x54, "unknown-0x54" },
  { 0x55, "unknown-0x55" },
  { 0x56, "unknown-0x56" },
  { 0x57, "unknown-0x57" },
  { 0x58, "unknown-0x58" },
  { 0x59, "unknown-0x59" },
  { 0x5A, "unknown-0x5A" },
  { 0x5B, "unknown-0x5B" },
  { 0x5C, "unknown-0x5C" },
  { 0x5D, "unknown-0x5D" },
  { 0x5E, "unknown-0x5E" },
  { 0x5F, "unknown-0x5F" },
  { 0x60, "unknown-0x60" },
  { 0x61, "unknown-0x61" },
  { 0x62, "unknown-0x62" },
  { 0x63, "unknown-0x63" },
  { 0x64, "unknown-0x64" },
  { 0x65, "unknown-0x65" },
  { 0x66, "unknown-0x66" },
  { 0x67, "unknown-0x67" },
  { 0x68, "unknown-0x68" },
  { 0x69, "unknown-0x69" },
  { 0x6A, "unknown-0x6A" },
  { 0x6B, "unknown-0x6B" },
  { 0x6C, "unknown-0x6C" },
  { 0x6D, "unknown-0x6D" },
  { 0x6E, "unknown-0x6E" },
  { 0x6F, "unknown-0x6F" },
  { 0x70, "unknown-0x70" },
  { 0x71, "unknown-0x71" },
  { 0x72, "unknown-0x72" },
  { 0x73, "unknown-0x73" },
  { 0x74, "unknown-0x74" },
  { 0x75, "unknown-0x75" },
  { 0x76, "unknown-0x76" },
  { 0x77, "unknown-0x77" },
  { 0x78, "unknown-0x78" },
  { 0x79, "unknown-0x79" },
  { 0x7A, "unknown-0x7A" },
  { 0x7B, "unknown-0x7B" },
  { 0x7C, "unknown-0x7C" },
  { 0x7D, "unknown-0x7D" },
  { 0x7E, "unknown-0x7E" },
  { 0x7F, "unknown-0x7F" },
  { 0x80, "unknown-0x80" },
  { 0x81, "unknown-0x81" },
  { 0x82, "unknown-0x82" },
  { 0x83, "unknown-0x83" },
  { 0x84, "unknown-0x84" },
  { 0x85, "unknown-0x85" },
  { 0x86, "unknown-0x86" },
  { 0x87, "unknown-0x87" },
  { 0x88, "unknown-0x88" },
  { 0x89, "unknown-0x89" },
  { 0x8A, "unknown-0x8A" },
  { 0x8B, "unknown-0x8B" },
  { 0x8C, "unknown-0x8C" },
  { 0x8D, "unknown-0x8D" },
  { 0x8E, "unknown-0x8E" },
  { 0x8F, "unknown-0x8F" },
  { 0x90, "unknown-0x90" },
  { 0x91, "unknown-0x91" },
  { 0x92, "unknown-0x92" },
  { 0x93, "unknown-0x93" },
  { 0x94, "unknown-0x94" },
  { 0x95, "unknown-0x95" },
  { 0x96, "unknown-0x96" },
  { 0x97, "unknown-0x97" },
  { 0x98, "unknown-0x98" },
  { 0x99, "unknown-0x99" },
  { 0x9A, "unknown-0x9A" },
  { 0x9B, "unknown-0x9B" },
  { 0x9C, "unknown-0x9C" },
  { 0x9D, "unknown-0x9D" },
  { 0x9E, "unknown-0x9E" },
  { 0x9F, "unknown-0x9F" },
  { 0xA0, "unknown-0xA0" },
  { 0xA1, "unknown-0xA1" },
  { 0xA2, "unknown-0xA2" },
  { 0xA3, "unknown-0xA3" },
  { 0xA4, "unknown-0xA4" },
  { 0xA5, "unknown-0xA5" },
  { 0xA6, "unknown-0xA6" },
  { 0xA7, "unknown-0xA7" },
  { 0xA8, "unknown-0xA8" },
  { 0xA9, "unknown-0xA9" },
  { 0xAA, "unknown-0xAA" },
  { 0xAB, "unknown-0xAB" },
  { 0xAC, "unknown-0xAC" },
  { 0xAD, "unknown-0xAD" },
  { 0xAE, "unknown-0xAE" },
  { 0xAF, "unknown-0xAF" },
  { 0xB0, "unknown-0xB0" },
  { 0xB1, "unknown-0xB1" },
  { 0xB2, "unknown-0xB2" },
  { 0xB3, "unknown-0xB3" },
  { 0xB4, "unknown-0xB4" },
  { 0xB5, "unknown-0xB5" },
  { 0xB6, "unknown-0xB6" },
  { 0xB7, "unknown-0xB7" },
  { 0xB8, "unknown-0xB8" },
  { 0xB9, "unknown-0xB9" },
  { 0xBA, "unknown-0xBA" },
  { 0xBB, "unknown-0xBB" },
  { 0xBC, "unknown-0xBC" },
  { 0xBD, "unknown-0xBD" },
  { 0xBE, "unknown-0xBE" },
  { 0xBF, "unknown-0xBF" },
  { 0xC0, "unknown-0xC0" },
  { 0xC1, "unknown-0xC1" },
  { 0xC2, "unknown-0xC2" },
  { 0xC3, "unknown-0xC3" },
  { 0xC4, "unknown-0xC4" },
  { 0xC5, "unknown-0xC5" },
  { 0xC6, "unknown-0xC6" },
  { 0xC7, "unknown-0xC7" },
  { 0xC8, "unknown-0xC8" },
  { 0xC9, "unknown-0xC9" },
  { 0xCA, "unknown-0xCA" },
  { 0xCB, "unknown-0xCB" },
  { 0xCC, "unknown-0xCC" },
  { 0xCD, "unknown-0xCD" },
  { 0xCE, "unknown-0xCE" },
  { 0xCF, "unknown-0xCF" },
  { 0xD0, "unknown-0xD0" },
  { 0xD1, "unknown-0xD1" },
  { 0xD2, "unknown-0xD2" },
  { 0xD3, "unknown-0xD3" },
  { 0xD4, "unknown-0xD4" },
  { 0xD5, "unknown-0xD5" },
  { 0xD6, "unknown-0xD6" },
  { 0xD7, "unknown-0xD7" },
  { 0xD8, "unknown-0xD8" },
  { 0xD9, "unknown-0xD9" },
  { 0xDA, "unknown-0xDA" },
  { 0xDB, "unknown-0xDB" },
  { 0xDC, "unknown-0xDC" },
  { 0xDD, "unknown-0xDD" },
  { 0xDE, "unknown-0xDE" },
  { 0xDF, "unknown-0xDF" },
  { 0xE0, "unknown-0xE0" },
  { 0xE1, "unknown-0xE1" },
  { 0xE2, "unknown-0xE2" },
  { 0xE3, "unknown-0xE3" },
  { 0xE4, "unknown-0xE4" },
  { 0xE5, "unknown-0xE5" },
  { 0xE6, "unknown-0xE6" },
  { 0xE7, "unknown-0xE7" },
  { 0xE8, "unknown-0xE8" },
  { 0xE9, "unknown-0xE9" },
  { 0xEA, "unknown-0xEA" },
  { 0xEB, "unknown-0xEB" },
  { 0xEC, "unknown-0xEC" },
  { 0xED, "unknown-0xED" },
  { 0xEE, "unknown-0xEE" },
  { 0xEF, "unknown-0xEF" },
  { 0xF0, "unknown-0xF0" },
  { 0xF1, "unknown-0xF1" },
  { 0xF2, "unknown-0xF2" },
  { 0xF3, "unknown-0xF3" },
  { 0xF4, "unknown-0xF4" },
  { 0xF5, "unknown-0xF5" },
  { 0xF6, "unknown-0xF6" },
  { 0xF7, "unknown-0xF7" },
  { 0xF8, "unknown-0xF8" },
  { 0xF9, "unknown-0xF9" },
  { 0xFA, "unknown-0xFA" },
  { 0xFB, "unknown-0xFB" },
  { 0xFC, "unknown-0xFC" },
  { 0xFD, "unknown-0xFD" },
  { 0xFE, "unknown-0xFE" },
  { 0xFF, "unknown-0xFF" },
  { 0x00, NULL },
};
value_string_ext smb2_cmd_vals_ext = VALUE_STRING_EXT_INIT(smb2_cmd_vals);

static const char *decode_smb2_name(uint16_t cmd)
{
  if (cmd > 0xFF) return "unknown";
  return smb2_cmd_vals[cmd & 0xFF].strptr;
}

static const smb2_function smb2_dissector[256] = {
  /* 0x00 NegotiateProtocol*/
  {dissect_smb2_negotiate_protocol_request,
   dissect_smb2_negotiate_protocol_response},
  /* 0x01 SessionSetup*/
  {dissect_smb2_session_setup_request,
   dissect_smb2_session_setup_response},
  /* 0x02 SessionLogoff*/
  {dissect_smb2_sessionlogoff_request,
   dissect_smb2_sessionlogoff_response},
  /* 0x03 TreeConnect*/
  {dissect_smb2_tree_connect_request,
   dissect_smb2_tree_connect_response},
  /* 0x04 TreeDisconnect*/
  {dissect_smb2_tree_disconnect_request,
   dissect_smb2_tree_disconnect_response},
  /* 0x05 Create*/
  {dissect_smb2_create_request,
   dissect_smb2_create_response},
  /* 0x06 Close*/
  {dissect_smb2_close_request,
   dissect_smb2_close_response},
  /* 0x07 Flush*/
  {dissect_smb2_flush_request,
   dissect_smb2_flush_response},
  /* 0x08 Read*/
  {dissect_smb2_read_request,
   dissect_smb2_read_response},
  /* 0x09 Write*/
  {dissect_smb2_write_request,
   dissect_smb2_write_response},
  /* 0x0a Lock */
  {dissect_smb2_lock_request,
   dissect_smb2_lock_response},
  /* 0x0b Ioctl*/
  {dissect_smb2_ioctl_request,
   dissect_smb2_ioctl_response},
  /* 0x0c Cancel*/
  {dissect_smb2_cancel_request,
   NULL},
  /* 0x0d KeepAlive*/
  {dissect_smb2_keepalive_request,
   dissect_smb2_keepalive_response},
  /* 0x0e Find*/
  {dissect_smb2_find_request,
   dissect_smb2_find_response},
  /* 0x0f Notify*/
  {dissect_smb2_notify_request,
   dissect_smb2_notify_response},
  /* 0x10 GetInfo*/
  {dissect_smb2_getinfo_request,
   dissect_smb2_getinfo_response},
  /* 0x11 SetInfo*/
  {dissect_smb2_setinfo_request,
   dissect_smb2_setinfo_response},
  /* 0x12 Break */
    {dissect_smb2_break_request,
   dissect_smb2_break_response},
  /* 0x13 Server to client notification */
  {NULL,
  dissect_smb2_server_to_client_notification},
  /* 0x14 */  {NULL, NULL},
  /* 0x15 */  {NULL, NULL},
  /* 0x16 */  {NULL, NULL},
  /* 0x17 */  {NULL, NULL},
  /* 0x18 */  {NULL, NULL},
  /* 0x19 */  {NULL, NULL},
  /* 0x1a */  {NULL, NULL},
  /* 0x1b */  {NULL, NULL},
  /* 0x1c */  {NULL, NULL},
  /* 0x1d */  {NULL, NULL},
  /* 0x1e */  {NULL, NULL},
  /* 0x1f */  {NULL, NULL},
  /* 0x20 */  {NULL, NULL},
  /* 0x21 */  {NULL, NULL},
  /* 0x22 */  {NULL, NULL},
  /* 0x23 */  {NULL, NULL},
  /* 0x24 */  {NULL, NULL},
  /* 0x25 */  {NULL, NULL},
  /* 0x26 */  {NULL, NULL},
  /* 0x27 */  {NULL, NULL},
  /* 0x28 */  {NULL, NULL},
  /* 0x29 */  {NULL, NULL},
  /* 0x2a */  {NULL, NULL},
  /* 0x2b */  {NULL, NULL},
  /* 0x2c */  {NULL, NULL},
  /* 0x2d */  {NULL, NULL},
  /* 0x2e */  {NULL, NULL},
  /* 0x2f */  {NULL, NULL},
  /* 0x30 */  {NULL, NULL},
  /* 0x31 */  {NULL, NULL},
  /* 0x32 */  {NULL, NULL},
  /* 0x33 */  {NULL, NULL},
  /* 0x34 */  {NULL, NULL},
  /* 0x35 */  {NULL, NULL},
  /* 0x36 */  {NULL, NULL},
  /* 0x37 */  {NULL, NULL},
  /* 0x38 */  {NULL, NULL},
  /* 0x39 */  {NULL, NULL},
  /* 0x3a */  {NULL, NULL},
  /* 0x3b */  {NULL, NULL},
  /* 0x3c */  {NULL, NULL},
  /* 0x3d */  {NULL, NULL},
  /* 0x3e */  {NULL, NULL},
  /* 0x3f */  {NULL, NULL},
  /* 0x40 */  {NULL, NULL},
  /* 0x41 */  {NULL, NULL},
  /* 0x42 */  {NULL, NULL},
  /* 0x43 */  {NULL, NULL},
  /* 0x44 */  {NULL, NULL},
  /* 0x45 */  {NULL, NULL},
  /* 0x46 */  {NULL, NULL},
  /* 0x47 */  {NULL, NULL},
  /* 0x48 */  {NULL, NULL},
  /* 0x49 */  {NULL, NULL},
  /* 0x4a */  {NULL, NULL},
  /* 0x4b */  {NULL, NULL},
  /* 0x4c */  {NULL, NULL},
  /* 0x4d */  {NULL, NULL},
  /* 0x4e */  {NULL, NULL},
  /* 0x4f */  {NULL, NULL},
  /* 0x50 */  {NULL, NULL},
  /* 0x51 */  {NULL, NULL},
  /* 0x52 */  {NULL, NULL},
  /* 0x53 */  {NULL, NULL},
  /* 0x54 */  {NULL, NULL},
  /* 0x55 */  {NULL, NULL},
  /* 0x56 */  {NULL, NULL},
  /* 0x57 */  {NULL, NULL},
  /* 0x58 */  {NULL, NULL},
  /* 0x59 */  {NULL, NULL},
  /* 0x5a */  {NULL, NULL},
  /* 0x5b */  {NULL, NULL},
  /* 0x5c */  {NULL, NULL},
  /* 0x5d */  {NULL, NULL},
  /* 0x5e */  {NULL, NULL},
  /* 0x5f */  {NULL, NULL},
  /* 0x60 */  {NULL, NULL},
  /* 0x61 */  {NULL, NULL},
  /* 0x62 */  {NULL, NULL},
  /* 0x63 */  {NULL, NULL},
  /* 0x64 */  {NULL, NULL},
  /* 0x65 */  {NULL, NULL},
  /* 0x66 */  {NULL, NULL},
  /* 0x67 */  {NULL, NULL},
  /* 0x68 */  {NULL, NULL},
  /* 0x69 */  {NULL, NULL},
  /* 0x6a */  {NULL, NULL},
  /* 0x6b */  {NULL, NULL},
  /* 0x6c */  {NULL, NULL},
  /* 0x6d */  {NULL, NULL},
  /* 0x6e */  {NULL, NULL},
  /* 0x6f */  {NULL, NULL},
  /* 0x70 */  {NULL, NULL},
  /* 0x71 */  {NULL, NULL},
  /* 0x72 */  {NULL, NULL},
  /* 0x73 */  {NULL, NULL},
  /* 0x74 */  {NULL, NULL},
  /* 0x75 */  {NULL, NULL},
  /* 0x76 */  {NULL, NULL},
  /* 0x77 */  {NULL, NULL},
  /* 0x78 */  {NULL, NULL},
  /* 0x79 */  {NULL, NULL},
  /* 0x7a */  {NULL, NULL},
  /* 0x7b */  {NULL, NULL},
  /* 0x7c */  {NULL, NULL},
  /* 0x7d */  {NULL, NULL},
  /* 0x7e */  {NULL, NULL},
  /* 0x7f */  {NULL, NULL},
  /* 0x80 */  {NULL, NULL},
  /* 0x81 */  {NULL, NULL},
  /* 0x82 */  {NULL, NULL},
  /* 0x83 */  {NULL, NULL},
  /* 0x84 */  {NULL, NULL},
  /* 0x85 */  {NULL, NULL},
  /* 0x86 */  {NULL, NULL},
  /* 0x87 */  {NULL, NULL},
  /* 0x88 */  {NULL, NULL},
  /* 0x89 */  {NULL, NULL},
  /* 0x8a */  {NULL, NULL},
  /* 0x8b */  {NULL, NULL},
  /* 0x8c */  {NULL, NULL},
  /* 0x8d */  {NULL, NULL},
  /* 0x8e */  {NULL, NULL},
  /* 0x8f */  {NULL, NULL},
  /* 0x90 */  {NULL, NULL},
  /* 0x91 */  {NULL, NULL},
  /* 0x92 */  {NULL, NULL},
  /* 0x93 */  {NULL, NULL},
  /* 0x94 */  {NULL, NULL},
  /* 0x95 */  {NULL, NULL},
  /* 0x96 */  {NULL, NULL},
  /* 0x97 */  {NULL, NULL},
  /* 0x98 */  {NULL, NULL},
  /* 0x99 */  {NULL, NULL},
  /* 0x9a */  {NULL, NULL},
  /* 0x9b */  {NULL, NULL},
  /* 0x9c */  {NULL, NULL},
  /* 0x9d */  {NULL, NULL},
  /* 0x9e */  {NULL, NULL},
  /* 0x9f */  {NULL, NULL},
  /* 0xa0 */  {NULL, NULL},
  /* 0xa1 */  {NULL, NULL},
  /* 0xa2 */  {NULL, NULL},
  /* 0xa3 */  {NULL, NULL},
  /* 0xa4 */  {NULL, NULL},
  /* 0xa5 */  {NULL, NULL},
  /* 0xa6 */  {NULL, NULL},
  /* 0xa7 */  {NULL, NULL},
  /* 0xa8 */  {NULL, NULL},
  /* 0xa9 */  {NULL, NULL},
  /* 0xaa */  {NULL, NULL},
  /* 0xab */  {NULL, NULL},
  /* 0xac */  {NULL, NULL},
  /* 0xad */  {NULL, NULL},
  /* 0xae */  {NULL, NULL},
  /* 0xaf */  {NULL, NULL},
  /* 0xb0 */  {NULL, NULL},
  /* 0xb1 */  {NULL, NULL},
  /* 0xb2 */  {NULL, NULL},
  /* 0xb3 */  {NULL, NULL},
  /* 0xb4 */  {NULL, NULL},
  /* 0xb5 */  {NULL, NULL},
  /* 0xb6 */  {NULL, NULL},
  /* 0xb7 */  {NULL, NULL},
  /* 0xb8 */  {NULL, NULL},
  /* 0xb9 */  {NULL, NULL},
  /* 0xba */  {NULL, NULL},
  /* 0xbb */  {NULL, NULL},
  /* 0xbc */  {NULL, NULL},
  /* 0xbd */  {NULL, NULL},
  /* 0xbe */  {NULL, NULL},
  /* 0xbf */  {NULL, NULL},
  /* 0xc0 */  {NULL, NULL},
  /* 0xc1 */  {NULL, NULL},
  /* 0xc2 */  {NULL, NULL},
  /* 0xc3 */  {NULL, NULL},
  /* 0xc4 */  {NULL, NULL},
  /* 0xc5 */  {NULL, NULL},
  /* 0xc6 */  {NULL, NULL},
  /* 0xc7 */  {NULL, NULL},
  /* 0xc8 */  {NULL, NULL},
  /* 0xc9 */  {NULL, NULL},
  /* 0xca */  {NULL, NULL},
  /* 0xcb */  {NULL, NULL},
  /* 0xcc */  {NULL, NULL},
  /* 0xcd */  {NULL, NULL},
  /* 0xce */  {NULL, NULL},
  /* 0xcf */  {NULL, NULL},
  /* 0xd0 */  {NULL, NULL},
  /* 0xd1 */  {NULL, NULL},
  /* 0xd2 */  {NULL, NULL},
  /* 0xd3 */  {NULL, NULL},
  /* 0xd4 */  {NULL, NULL},
  /* 0xd5 */  {NULL, NULL},
  /* 0xd6 */  {NULL, NULL},
  /* 0xd7 */  {NULL, NULL},
  /* 0xd8 */  {NULL, NULL},
  /* 0xd9 */  {NULL, NULL},
  /* 0xda */  {NULL, NULL},
  /* 0xdb */  {NULL, NULL},
  /* 0xdc */  {NULL, NULL},
  /* 0xdd */  {NULL, NULL},
  /* 0xde */  {NULL, NULL},
  /* 0xdf */  {NULL, NULL},
  /* 0xe0 */  {NULL, NULL},
  /* 0xe1 */  {NULL, NULL},
  /* 0xe2 */  {NULL, NULL},
  /* 0xe3 */  {NULL, NULL},
  /* 0xe4 */  {NULL, NULL},
  /* 0xe5 */  {NULL, NULL},
  /* 0xe6 */  {NULL, NULL},
  /* 0xe7 */  {NULL, NULL},
  /* 0xe8 */  {NULL, NULL},
  /* 0xe9 */  {NULL, NULL},
  /* 0xea */  {NULL, NULL},
  /* 0xeb */  {NULL, NULL},
  /* 0xec */  {NULL, NULL},
  /* 0xed */  {NULL, NULL},
  /* 0xee */  {NULL, NULL},
  /* 0xef */  {NULL, NULL},
  /* 0xf0 */  {NULL, NULL},
  /* 0xf1 */  {NULL, NULL},
  /* 0xf2 */  {NULL, NULL},
  /* 0xf3 */  {NULL, NULL},
  /* 0xf4 */  {NULL, NULL},
  /* 0xf5 */  {NULL, NULL},
  /* 0xf6 */  {NULL, NULL},
  /* 0xf7 */  {NULL, NULL},
  /* 0xf8 */  {NULL, NULL},
  /* 0xf9 */  {NULL, NULL},
  /* 0xfa */  {NULL, NULL},
  /* 0xfb */  {NULL, NULL},
  /* 0xfc */  {NULL, NULL},
  /* 0xfd */  {NULL, NULL},
  /* 0xfe */  {NULL, NULL},
  /* 0xff */  {NULL, NULL},
};


#define SMB3_AES128CCM_NONCE  11
#define SMB3_AES128GCM_NONCE  12

static bool is_decrypted_header_ok(const uint8_t *p, size_t size)
{
  if (size < 4)
    return false;

  if ((p[0] == SMB2_COMP_HEADER || p[0] == SMB2_NORM_HEADER)
      && (p[1] == 'S' || p[2] == 'M' || p[3] == 'B')) {
    return true;
  }

  ws_debug("decrypt: bad SMB header");
  return false;
}

static bool
do_decrypt(uint8_t *data,
     size_t data_size,
     const uint8_t *key,
     const uint8_t *aad,
     int aad_size,
     const uint8_t *nonce,
     int alg)
{
  gcry_error_t err;
  gcry_cipher_hd_t cipher_hd = NULL;
  int algo;
  size_t keylen;
  int mode;
  int iv_size;
  uint64_t lengths[3];

  switch (alg) {
  case SMB2_CIPHER_AES_128_CCM:
    algo = GCRY_CIPHER_AES128;
    keylen = AES_KEY_SIZE;
    mode = GCRY_CIPHER_MODE_CCM;
    iv_size = SMB3_AES128CCM_NONCE;
    break;
  case SMB2_CIPHER_AES_128_GCM:
    algo = GCRY_CIPHER_AES128;
    keylen = AES_KEY_SIZE;
    mode = GCRY_CIPHER_MODE_GCM;
    iv_size = SMB3_AES128GCM_NONCE;
    break;
  case SMB2_CIPHER_AES_256_CCM:
    algo = GCRY_CIPHER_AES256;
    keylen = AES_KEY_SIZE*2;
    mode = GCRY_CIPHER_MODE_CCM;
    iv_size = SMB3_AES128CCM_NONCE;
    break;
  case SMB2_CIPHER_AES_256_GCM:
    algo = GCRY_CIPHER_AES256;
    keylen = AES_KEY_SIZE*2;
    mode = GCRY_CIPHER_MODE_GCM;
    iv_size = SMB3_AES128GCM_NONCE;
    break;
  default:
    return false;
  }

  /* Open the cipher */
  err = gcry_cipher_open(&cipher_hd, algo, mode, 0);
  if (err != GPG_ERR_NO_ERROR) {
    ws_debug("GCRY: open %s/%s", gcry_strsource(err), gcry_strerror(err));
    return false;
  }

  /* Set the key */
  err = gcry_cipher_setkey(cipher_hd, key, keylen);
  if (err != GPG_ERR_NO_ERROR) {
    ws_debug("GCRY: setkey %s/%s", gcry_strsource(err), gcry_strerror(err));
    gcry_cipher_close(cipher_hd);
    return false;
  }

  /* Set the initial value */
  err = gcry_cipher_setiv(cipher_hd, nonce, iv_size);
  if (err != GPG_ERR_NO_ERROR) {
    ws_debug("GCRY: setiv %s/%s", gcry_strsource(err), gcry_strerror(err));
    gcry_cipher_close(cipher_hd);
    return false;
  }

  lengths[0] = data_size; /* encrypted length */
  lengths[1] = aad_size; /* AAD length */
  lengths[2] = 16; /* tag length (signature size) */

  if (mode == GCRY_CIPHER_MODE_CCM) {
    err = gcry_cipher_ctl(cipher_hd, GCRYCTL_SET_CCM_LENGTHS, lengths, sizeof(lengths));
    if (err != GPG_ERR_NO_ERROR) {
      ws_debug("GCRY: ctl %s/%s", gcry_strsource(err), gcry_strerror(err));
      gcry_cipher_close(cipher_hd);
      return false;
    }
  }

  err = gcry_cipher_authenticate(cipher_hd, aad, aad_size);
  if (err != GPG_ERR_NO_ERROR) {
    ws_debug("GCRY: auth %s/%s", gcry_strsource(err), gcry_strerror(err));
    gcry_cipher_close(cipher_hd);
    return false;
  }

  err = gcry_cipher_decrypt(cipher_hd, data, data_size, NULL, 0);
  if (err != GPG_ERR_NO_ERROR) {
    ws_debug("GCRY: decrypt %s/%s", gcry_strsource(err), gcry_strerror(err));
    gcry_cipher_close(cipher_hd);
    return false;
  }

  /* Done with the cipher */
  gcry_cipher_close(cipher_hd);
  return is_decrypted_header_ok(data, data_size);
}

static uint8_t*
decrypt_smb_payload(packet_info *pinfo,
        tvbuff_t *tvb, int offset,
        int offset_aad,
        smb2_transform_info_t *sti)
{
  const uint8_t *aad = NULL;
  uint8_t *data = NULL;
  uint8_t *key16 = NULL;
  uint8_t *keys16[2];
  uint8_t *key32 = NULL;
  uint8_t *keys32[2];
  bool ok;
  int aad_size;
  int alg;

  /* AAD is the rest of transform header after the ProtocolID and Signature */
  aad_size = 32;

  if ((unsigned)tvb_captured_length_remaining(tvb, offset) < sti->size)
    return NULL;

  if (tvb_captured_length_remaining(tvb, offset_aad) < aad_size)
    return NULL;

  if (pinfo->destport == sti->session->server_port) {
    keys16[0] = sti->session->server_decryption_key16;
    keys16[1] = sti->session->client_decryption_key16;
    keys32[0] = sti->session->server_decryption_key32;
    keys32[1] = sti->session->client_decryption_key32;
  } else {
    keys16[1] = sti->session->server_decryption_key16;
    keys16[0] = sti->session->client_decryption_key16;
    keys32[1] = sti->session->server_decryption_key32;
    keys32[0] = sti->session->client_decryption_key32;
  }

  aad = tvb_get_ptr(tvb, offset_aad, aad_size);
  data = (uint8_t *)tvb_memdup(pinfo->pool, tvb, offset, sti->size);

  /*
   * In SMB3.0 the transform header had a Algorithm field to
   * know which type of encryption was used but only CCM was
   * supported.
   *
   * SMB3.1.1 turned that field into a generic "Encrypted" flag
   * which cannot be used to determine the encryption
   * type. Instead the type is decided in the NegProt response,
   * within the Encryption Capability context which should only
   * have one element. That element is si->saved in the conversation
   * struct (si->conv) and checked here.
   *
   * If the trace didn't contain NegProt packets, we have to
   * guess the encryption type by trying them all.
   *
   * Similarly, if we don't have unencrypted packets telling us
   * which host is the server and which host is the client, we
   * have to guess by trying both keys.
   */

  ws_debug("dialect 0x%x alg 0x%x conv alg 0x%x", sti->conv->dialect, sti->flags, sti->conv->enc_alg);

  for (unsigned i = 0; i < G_N_ELEMENTS(keys16); i++) {
    bool try_ccm16, try_gcm16;
    bool try_ccm32, try_gcm32;
    try_ccm16 = try_gcm16 = false;
    try_ccm32 = try_gcm32 = false;
    ok = false;

    key16 = keys16[i];
    key32 = keys32[i];

    switch (sti->conv->enc_alg) {
    case SMB2_CIPHER_AES_128_CCM:
      try_ccm16 = true;
      break;
    case SMB2_CIPHER_AES_128_GCM:
      try_gcm16 = true;
      break;
    case SMB2_CIPHER_AES_256_CCM:
      try_ccm32 = true;
      break;
    case SMB2_CIPHER_AES_256_GCM:
      try_gcm32 = true;
      break;
    default:
      /* we don't know, try all */
      try_gcm16 = true;
      try_ccm16 = true;
      try_gcm32 = true;
      try_ccm32 = true;
    }

    if (try_gcm16) {
      uint8_t *key = key16;
      ws_debug("trying AES-128-GCM decryption");
      alg = SMB2_CIPHER_AES_128_GCM;
      tvb_memcpy(tvb, data, offset, sti->size);
      ok = do_decrypt(data, sti->size, key, aad, aad_size, sti->nonce, alg);
      if (ok)
        break;
      ws_debug("bad decrypted buffer with AES-128-GCM");
    }
    if (try_ccm16) {
      uint8_t *key = key16;
      ws_debug("trying AES-128-CCM decryption");
      alg = SMB2_CIPHER_AES_128_CCM;
      ok = do_decrypt(data, sti->size, key, aad, aad_size, sti->nonce, alg);
      if (ok)
        break;
      ws_debug("bad decrypted buffer with AES-128-CCM");
    }
    if (try_gcm32) {
      uint8_t *key = key32;
      ws_debug("trying AES-256-GCM decryption");
      alg = SMB2_CIPHER_AES_256_GCM;
      tvb_memcpy(tvb, data, offset, sti->size);
      ok = do_decrypt(data, sti->size, key, aad, aad_size, sti->nonce, alg);
      if (ok)
        break;
      ws_debug("bad decrypted buffer with AES-256-GCM");
    }
    if (try_ccm32) {
      uint8_t *key = key32;
      ws_debug("trying AES-256-CCM decryption");
      alg = SMB2_CIPHER_AES_256_CCM;
      ok = do_decrypt(data, sti->size, key, aad, aad_size, sti->nonce, alg);
      if (ok)
        break;
      ws_debug("bad decrypted buffer with AES-256-CCM");
    }
    ws_debug("trying to decrypt with swapped client/server keys");
    tvb_memcpy(tvb, data, offset, sti->size);
  }

  if (!ok)
    return NULL;

  /* Remember what worked */
  sti->conv->enc_alg = alg;
  if (key16 == sti->session->server_decryption_key16)
    sti->session->server_port = pinfo->destport;
  else
    sti->session->server_port = pinfo->srcport;
  return data;
}

/*
  Append tvb[offset:offset+length] to out
*/
static void
append_uncompress_data(wmem_array_t *out, tvbuff_t *tvb, int offset, unsigned length)
{
  const uint8_t *ptr = tvb_get_ptr(tvb, offset, length);
  if (ptr)
    wmem_array_append(out, tvb_get_ptr(tvb, offset, length), length);
}

static int
dissect_smb2_compression_pattern_v1(proto_tree *tree,
            tvbuff_t *tvb, int offset, int length,
            wmem_array_t *out)
{
  proto_item *pat_item;
  proto_tree *pat_tree;
  unsigned pattern, times;

  pat_tree = proto_tree_add_subtree_format(tree, tvb, offset, length,
             ett_smb2_comp_pattern_v1, &pat_item,
             "Pattern");

  proto_tree_add_item_ret_uint(pat_tree, hf_smb2_comp_pattern_v1_pattern, tvb, offset, 1, ENC_LITTLE_ENDIAN, &pattern);
  offset += 1;

  proto_tree_add_item(pat_tree, hf_smb2_comp_pattern_v1_reserved1, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  offset += 1;

  proto_tree_add_item(pat_tree, hf_smb2_comp_pattern_v1_reserved2, tvb, offset, 2, ENC_LITTLE_ENDIAN);
  offset += 2;

  proto_tree_add_item_ret_uint(pat_tree, hf_smb2_comp_pattern_v1_repetitions, tvb, offset, 4, ENC_LITTLE_ENDIAN, &times);
  offset += 4;

  proto_item_append_text(pat_item, " 0x%02x repeated %u times", pattern, times);

  if (out && times < MAX_UNCOMPRESSED_SIZE) {
    uint8_t v = (uint8_t)pattern;

    for (unsigned i = 0; i < times; i++)
      wmem_array_append(out, &v, 1);
  }

  return offset;
}

static int
dissect_smb2_chained_comp_payload(packet_info *pinfo, proto_tree *tree,
          tvbuff_t *tvb, int offset,
          wmem_array_t *out,
          bool *ok)
{
  proto_tree *subtree;
  proto_item *subitem;
  unsigned alg, length, flags, orig_size = 0;
  tvbuff_t *uncomp_tvb = NULL;
  bool lz_based = false;

  *ok = true;

  subtree = proto_tree_add_subtree_format(tree, tvb, offset, 0, ett_smb2_comp_payload, &subitem, "COMPRESSION_PAYLOAD_HEADER");
  proto_tree_add_item_ret_uint(subtree, hf_smb2_comp_transform_comp_alg, tvb, offset, 2, ENC_LITTLE_ENDIAN, &alg);
  offset += 2;

  proto_tree_add_item_ret_uint(subtree, hf_smb2_comp_transform_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN, &flags);
  offset += 2;

  proto_tree_add_item_ret_uint(subtree, hf_smb2_comp_transform_length, tvb, offset, 4, ENC_LITTLE_ENDIAN, &length);
  offset += 4;

  proto_item_set_len(subitem, length);

  lz_based = (SMB2_COMP_ALG_LZNT1 <= alg && alg <= SMB2_COMP_ALG_LZ77HUFF);
  if (lz_based) {
    proto_tree_add_item_ret_uint(subtree, hf_smb2_comp_transform_orig_payload_size,
               tvb, offset, 4, ENC_LITTLE_ENDIAN, &orig_size);
    offset += 4;
    length -= 4;
  }

  if (length > MAX_UNCOMPRESSED_SIZE) {
    /* decompression error */
    col_append_str(pinfo->cinfo, COL_INFO, "Comp. SMB3 (invalid)");
    *ok = false;
    goto out;
  }

  switch (alg) {
  case SMB2_COMP_ALG_NONE:
    append_uncompress_data(out, tvb, offset, length);
    break;
  case SMB2_COMP_ALG_LZ77:
    uncomp_tvb = tvb_uncompress_lz77(tvb, offset, length);
    break;
  case SMB2_COMP_ALG_LZ77HUFF:
    uncomp_tvb = tvb_uncompress_lz77huff(tvb, offset, length);
    break;
  case SMB2_COMP_ALG_LZNT1:
    uncomp_tvb = tvb_uncompress_lznt1(tvb, offset, length);
    break;
  case SMB2_COMP_ALG_PATTERN_V1:
    dissect_smb2_compression_pattern_v1(subtree, tvb, offset, length, out);
    break;
  default:
    col_append_str(pinfo->cinfo, COL_INFO, "Comp. SMB3 (unknown)");
    uncomp_tvb = NULL;
    break;
  }

  if (lz_based) {
    if (!uncomp_tvb || tvb_reported_length(uncomp_tvb) != orig_size) {
      /* decompression error */
      col_append_str(pinfo->cinfo, COL_INFO, "Comp. SMB3 (invalid)");
      *ok = false;
      goto out;
    }
    append_uncompress_data(out, uncomp_tvb, 0, tvb_reported_length(uncomp_tvb));
  }

 out:
  if (uncomp_tvb)
    tvb_free(uncomp_tvb);
  proto_tree_add_item(subtree, hf_smb2_comp_transform_data, tvb, offset, length, ENC_NA);
  offset += length;

  return offset;
}

static int
dissect_smb2_comp_transform_header(packet_info *pinfo, proto_tree *tree,
           tvbuff_t *tvb, int offset,
           smb2_comp_transform_info_t *scti,
           tvbuff_t **comp_tvb,
           tvbuff_t **plain_tvb)
{
  int in_size;
  tvbuff_t *uncomp_tvb = NULL;
  unsigned flags;
  wmem_array_t *uncomp_data;

  *comp_tvb = NULL;
  *plain_tvb = NULL;

  /*
    "old" compressed method:

    [COMPRESS_TRANSFORM_HEADER with Flags=0]
      [OPTIONAL UNCOMPRESSED DATA]
      [COMPRESSED DATA]

    new "chained" compressed method:

    [fist 8 bytes of COMPRESS_TRANSFORM_HEADER with Flags=CHAINED]
      [ sequence of
               [ COMPRESSION_PAYLOAD_HEADER ]
               [ COMPRESSED PAYLOAD ]
      ]
   */

  /* SMB2_COMPRESSION_TRANSFORM marker */
  proto_tree_add_item(tree, hf_smb2_protocol_id, tvb, offset, 4, ENC_BIG_ENDIAN);
  offset += 4;

  proto_tree_add_item_ret_uint(tree, hf_smb2_comp_transform_orig_size, tvb, offset, 4, ENC_LITTLE_ENDIAN, &scti->orig_size);
  offset += 4;

  uncomp_data = wmem_array_sized_new(pinfo->pool, 1, 1024);

  flags = tvb_get_letohs(tvb, offset+2);
  if (flags & SMB2_COMP_FLAG_CHAINED) {
    bool all_ok = true;

    *comp_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length_remaining(tvb, offset));
    do {
      bool ok = false;

      offset = dissect_smb2_chained_comp_payload(pinfo, tree, tvb, offset, uncomp_data, &ok);
      if (!ok)
        all_ok = false;
    } while (tvb_reported_length_remaining(tvb, offset) > 8);
    if (all_ok)
      goto decompression_ok;
    else
      goto out;

  }

  proto_tree_add_item_ret_uint(tree, hf_smb2_comp_transform_comp_alg, tvb, offset, 2, ENC_LITTLE_ENDIAN, &scti->alg);
  offset += 2;

  proto_tree_add_item_ret_uint(tree, hf_smb2_comp_transform_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN, &flags);
  offset += 2;

  proto_tree_add_item_ret_uint(tree, hf_smb2_comp_transform_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN, &scti->comp_offset);
  offset += 4;

  *comp_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length_remaining(tvb, offset));

  if (scti->orig_size > MAX_UNCOMPRESSED_SIZE || scti->comp_offset > MAX_UNCOMPRESSED_SIZE) {
    col_append_str(pinfo->cinfo, COL_INFO, "Comp. SMB3 (too big)");
    goto out;
  }

  /*
   *  final uncompressed size is the partial normal packet + uncompressed segment
         *  final_size = scti->orig_size + scti->comp_offset
   */

  append_uncompress_data(uncomp_data, tvb, offset, scti->comp_offset);
  in_size = tvb_reported_length_remaining(tvb, offset + scti->comp_offset);

  /* decompress compressed segment */
  switch (scti->alg) {
  case SMB2_COMP_ALG_LZ77:
    uncomp_tvb = tvb_uncompress_lz77(tvb, offset + scti->comp_offset, in_size);
    break;
  case SMB2_COMP_ALG_LZ77HUFF:
    uncomp_tvb = tvb_uncompress_lz77huff(tvb, offset + scti->comp_offset, in_size);
    break;
  case SMB2_COMP_ALG_LZNT1:
    uncomp_tvb = tvb_uncompress_lznt1(tvb, offset + scti->comp_offset, in_size);
    break;
  default:
    col_append_str(pinfo->cinfo, COL_INFO, "Comp. SMB3 (unknown)");
    uncomp_tvb = NULL;
    goto out;
  }

  if (!uncomp_tvb || tvb_reported_length(uncomp_tvb) != scti->orig_size) {
    /* decompression error */
    col_append_str(pinfo->cinfo, COL_INFO, "Comp. SMB3 (invalid)");
    goto out;
  }

  /* write decompressed segment at the end of partial packet */
  append_uncompress_data(uncomp_data, uncomp_tvb, 0, scti->orig_size);

 decompression_ok:
  col_append_str(pinfo->cinfo, COL_INFO, "Decomp. SMB3");
  *plain_tvb = tvb_new_child_real_data(tvb,
               (uint8_t *)wmem_array_get_raw(uncomp_data),
               wmem_array_get_count(uncomp_data),
               wmem_array_get_count(uncomp_data));
  add_new_data_source(pinfo, *plain_tvb, "Decomp. SMB3");

 out:
  if (uncomp_tvb)
    tvb_free(uncomp_tvb);
  return offset;
}

static int
dissect_smb2_transform_header(packet_info *pinfo, proto_tree *tree,
            tvbuff_t *tvb, int offset,
            smb2_transform_info_t *sti,
            tvbuff_t **enc_tvb, tvbuff_t **plain_tvb)
{
  proto_item        *sesid_item     = NULL;
  proto_tree        *sesid_tree     = NULL;
  int                sesid_offset;
  uint8_t           *plain_data     = NULL;
  int                offset_aad;

  *enc_tvb = NULL;
  *plain_tvb = NULL;

  /* signature */
  proto_tree_add_item(tree, hf_smb2_transform_signature, tvb, offset, 16, ENC_NA);
  offset += 16;

  offset_aad = offset;

  /* nonce */
  proto_tree_add_item(tree, hf_smb2_transform_nonce, tvb, offset, 16, ENC_NA);
  tvb_memcpy(tvb, sti->nonce, offset, 16);
  offset += 16;

  /* size */
  proto_tree_add_item(tree, hf_smb2_transform_msg_size, tvb, offset, 4, ENC_LITTLE_ENDIAN);
  sti->size = tvb_get_letohl(tvb, offset);
  offset += 4;

  /* reserved */
  proto_tree_add_item(tree, hf_smb2_transform_reserved, tvb, offset, 2, ENC_NA);
  offset += 2;

  /* flags */
  proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_transform_flags,
             ett_smb2_transform_flags,
             smb2_transform_flags, ENC_LITTLE_ENDIAN);
  sti->flags = tvb_get_letohs(tvb, offset);
  offset += 2;

  /* session ID */
  sesid_offset = offset;
  sti->sesid = tvb_get_letoh64(tvb, offset);
  sesid_item = proto_tree_add_item(tree, hf_smb2_sesid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  sesid_tree = proto_item_add_subtree(sesid_item, ett_smb2_sesid_tree);
  offset += 8;

  /* now we need to first lookup the uid session */
  sti->session = smb2_get_session(sti->conv, sti->sesid, NULL, NULL);
  smb2_add_session_info(sesid_tree, sesid_item, tvb, sesid_offset, sti->session);

  if (sti->flags & SMB2_TRANSFORM_FLAGS_ENCRYPTED) {
    plain_data = decrypt_smb_payload(pinfo, tvb, offset, offset_aad, sti);
  }
  *enc_tvb = tvb_new_subset_length(tvb, offset, sti->size);

  if (plain_data != NULL) {
    *plain_tvb = tvb_new_child_real_data(*enc_tvb, plain_data, sti->size, sti->size);
    add_new_data_source(pinfo, *plain_tvb, "Decrypted SMB3");
  }

  offset += sti->size;
  return offset;
}

static const char *
get_special_packet_title(uint16_t cmd, uint32_t flags, uint64_t msg_id, tvbuff_t *tvb, int offset)
{
  /*  for some types of packets we don't have request/response packets but something else
   *  to show more correct names while displaying them we use this logic to override standard naming convention
   */

  uint16_t buffer_code;
  /* detect oplock/lease break packets */
  if (cmd != SMB2_COM_BREAK) {
    return NULL;
  }

  buffer_code = tvb_get_letohs(tvb, offset);
  if (flags & SMB2_FLAGS_RESPONSE) {
    switch (buffer_code) {
    case OPLOCK_BREAK_OPLOCK_STRUCTURE_SIZE:
      /* note - Notification and Response packets for Oplock Break are equivalent,
       * we can distinguish them only via msg_id value */
      if (msg_id == 0xFFFFFFFFFFFFFFFF) /* see [MS-SMB2] 3.3.4.6 Object Store Indicates an Oplock Break */
        return "Oplock Break Notification";
      else
        return "Oplock Break Response";
    case OPLOCK_BREAK_LEASE_NOTIFICATION_STRUCTURE_SIZE:
      return "Lease Break Notification";
    case OPLOCK_BREAK_LEASE_RESPONSE_STRUCTURE_SIZE:
      return "Lease Break Response";
    }
  } else {
    switch (buffer_code) {
    case OPLOCK_BREAK_OPLOCK_STRUCTURE_SIZE:
      return "Oplock Break Acknowledgment";
    case OPLOCK_BREAK_LEASE_ACKNOWLEDGMENT_STRUCTURE_SIZE:
      return "Lease Break Acknowledgment";
    }
  }
  /* return back to standard notation if we can't detect packet type of break packet */
  return NULL;
}

static int
dissect_smb2_command(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, smb2_info_t *si)
{
  int (*cmd_dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, smb2_info_t *si);
  proto_item *cmd_item;
  proto_tree *cmd_tree;
  int         old_offset = offset;
  const char *packet_title = get_special_packet_title(si->opcode, si->flags, si->msg_id, tvb, offset);

  if (packet_title) {
    cmd_tree = proto_tree_add_subtree_format(tree, tvb, offset, -1,
        ett_smb2_command, &cmd_item, "%s (0x%02x)",
        packet_title,
        si->opcode);
  } else {
    cmd_tree = proto_tree_add_subtree_format(tree, tvb, offset, -1,
        ett_smb2_command, &cmd_item, "%s %s (0x%02x)",
        decode_smb2_name(si->opcode),
        (si->flags & SMB2_FLAGS_RESPONSE)?"Response":"Request",
        si->opcode);
  }

  cmd_dissector = (si->flags & SMB2_FLAGS_RESPONSE)?
    smb2_dissector[si->opcode&0xff].response:
    smb2_dissector[si->opcode&0xff].request;
  if (cmd_dissector) {
    offset = (*cmd_dissector)(tvb, pinfo, cmd_tree, offset, si);
  } else {
    proto_tree_add_item(cmd_tree, hf_smb2_unknown, tvb, offset, -1, ENC_NA);
    offset = tvb_captured_length(tvb);
  }

  proto_item_set_len(cmd_item, offset-old_offset);

  return offset;
}

static int
dissect_smb2_tid_sesid(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset, smb2_info_t *si)
{
  proto_item        *tid_item   = NULL;
  proto_tree        *tid_tree   = NULL;
  smb2_tid_info_t    tid_key;
  int                tid_offset = 0;
  proto_item        *sesid_item = NULL;
  proto_tree        *sesid_tree = NULL;
  smb2_sesid_info_t  sesid_key;
  int                sesid_offset;
  proto_item        *item;


  if (si->flags&SMB2_FLAGS_ASYNC_CMD) {
    proto_tree_add_item(tree, hf_smb2_aid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    offset += 8;
  } else {
    /* Reserved */
    proto_tree_add_item(tree, hf_smb2_header_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* Tree ID */
    tid_offset = offset;
    si->tid = tvb_get_letohl(tvb, offset);
    tid_item = proto_tree_add_item(tree, hf_smb2_tid, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    tid_tree = proto_item_add_subtree(tid_item, ett_smb2_tid_tree);
    offset += 4;
  }

  /* Session ID */
  sesid_offset = offset;
  si->sesid = tvb_get_letoh64(tvb, offset);
  sesid_item = proto_tree_add_item(tree, hf_smb2_sesid, tvb, offset, 8, ENC_LITTLE_ENDIAN);
  sesid_tree = proto_item_add_subtree(sesid_item, ett_smb2_sesid_tree);
  offset += 8;

  /* now we need to first lookup the uid session */
  sesid_key.sesid = si->sesid;
  si->session = (smb2_sesid_info_t *)wmem_map_lookup(smb2_sessions, &sesid_key);
  if (!si->session) {
    si->session = smb2_get_session(si->conv, si->sesid, pinfo, si);
    return offset;
  }

  smb2_add_session_info(sesid_tree, sesid_item, tvb, sesid_offset, si->session);

  if (!(si->flags&SMB2_FLAGS_ASYNC_CMD)) {
    /* see if we can find the name for this tid */
    tid_key.tid = si->tid;
    si->tree = (smb2_tid_info_t *)wmem_map_lookup(si->session->tids, &tid_key);
    if (!si->tree) return offset;

    item = proto_tree_add_string(tid_tree, hf_smb2_tree, tvb, tid_offset, 4, si->tree->name);
    proto_item_set_generated(item);
    proto_item_append_text(tid_item, "  %s", si->tree->name);

    item = proto_tree_add_uint(tid_tree, hf_smb2_share_type, tvb, tid_offset, 0, si->tree->share_type);
    proto_item_set_generated(item);

    item = proto_tree_add_uint(tid_tree, hf_smb2_tcon_frame, tvb, tid_offset, 0, si->tree->connect_frame);
    proto_item_set_generated(item);

    item = proto_tree_add_uint(tid_tree, hf_smb2_tdcon_frame, tvb, tid_offset, 0, si->tree->disconnect_frame);
    proto_item_set_generated(item);

  }

  return offset;
}

static void
dissect_smb2_signature(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree, smb2_info_t *si)
{
  proto_item   *item = NULL;
  proto_tree   *stree = NULL;
  gcry_error_t err;
  gcry_mac_hd_t md;
  uint8_t mac[NTLMSSP_KEY_LEN] = { 0, };
  size_t len = NTLMSSP_KEY_LEN;
  int i, remaining;
  bool use_mac = false;

  item = proto_tree_add_item(tree, hf_smb2_signature, tvb, offset, 16, ENC_NA);

  if (!si || !si->session ||!si->conv)
    return;

  if (!smb2_verify_signatures || !(si->flags & SMB2_FLAGS_SIGNATURE))
    return;

  if (memcmp(si->session->signing_key, zeros, NTLMSSP_KEY_LEN) == 0) {
    return;
  }

  if (tvb_reported_length(tvb) > tvb_captured_length(tvb))
    return;

  remaining = tvb_reported_length_remaining(tvb, offset + NTLMSSP_KEY_LEN);

  if (si->conv->sign_alg == SMB2_SIGNING_ALG_HMAC_SHA256) {
    err = gcry_mac_open(&md, GCRY_MAC_HMAC_SHA256, 0, NULL);
    if (err)
      return;
    use_mac = true;
  } else if (si->conv->sign_alg == SMB2_SIGNING_ALG_AES_CMAC) {
    err = gcry_mac_open(&md, GCRY_MAC_CMAC_AES, 0, NULL);
    if (err)
      return;
    use_mac = true;
  }

  if (use_mac) {
    gcry_mac_setkey(md, si->session->signing_key, len);
    gcry_mac_write(md, tvb_get_ptr(tvb, 0, 48), 48);
    gcry_mac_write(md, zeros, NTLMSSP_KEY_LEN);
    gcry_mac_write(md, tvb_get_ptr(tvb, offset + NTLMSSP_KEY_LEN, remaining), remaining);
    gcry_mac_read(md, &mac[0], &len);
    gcry_mac_close(md);
  }

  stree = proto_item_add_subtree(item, ett_smb2_signature);

  if (memcmp(&mac[0], tvb_get_ptr(tvb, offset, NTLMSSP_KEY_LEN), NTLMSSP_KEY_LEN) == 0) {
    proto_tree_add_item(stree, hf_smb2_good_signature, tvb, offset, 16, ENC_NA);
    return; /* signature matched */
  }

  item = proto_tree_add_item(stree, hf_smb2_bad_signature, tvb, offset, 16, ENC_NA);
  proto_item_append_text(item, " ");
  for (i = 0; i < NTLMSSP_KEY_LEN; i++)
    proto_item_append_text(item, "%02x", mac[i]);
  proto_item_set_generated(item);
  expert_add_info(pinfo, item, &ei_smb2_invalid_signature);

  return;
}

static int
// NOLINTNEXTLINE(misc-no-recursion)
dissect_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, bool first_in_chain)
{
  int msg_type;
  proto_item *item      = NULL;
  proto_tree *tree      = NULL;
  proto_item *header_item     = NULL;
  proto_tree *header_tree     = NULL;
  int         offset      = 0;
  int         chain_offset    = 0;
  const char *label     = smb_header_label;
  conversation_t    *conversation;
  smb2_saved_info_t *ssi          = NULL, ssi_key;
  smb2_info_t       *si;
  smb2_transform_info_t *sti;
  smb2_comp_transform_info_t *scti;
  char        *fid_name;
  uint32_t         open_frame,close_frame;
  smb2_eo_file_info_t *eo_file_info;
  e_ctx_hnd     *policy_hnd_hashtablekey;
  const char      *packet_title;

  sti = wmem_new(pinfo->pool, smb2_transform_info_t);
  scti = wmem_new(pinfo->pool, smb2_comp_transform_info_t);
  si  = wmem_new0(pinfo->pool, smb2_info_t);
  // XXX Should we create a dummy si->saved here? Or even make
  // smb2_info_t.saved an smb2_saved_info_t instead of an
  // smb2_saved_info_t* ? It would remove the need for a bunch of
  // NULL checks later on.
  si->top_tree = parent_tree;

  msg_type = tvb_get_uint8(tvb, 0);

  switch (msg_type) {
  case SMB2_COMP_HEADER:
    label = smb_comp_transform_header_label;
    break;
  case SMB2_ENCR_HEADER:
    label = smb_transform_header_label;
    break;
  case SMB2_NORM_HEADER:
    label = smb_header_label;
    break;
  default:
    label = smb_bad_header_label;
    break;
  }

  increment_dissection_depth(pinfo);

  /* find which conversation we are part of and get the data for that
   * conversation
   */
  conversation = find_or_create_conversation(pinfo);
  si->conv = (smb2_conv_info_t *)conversation_get_proto_data(conversation, proto_smb2);
  if (!si->conv) {
    /* no smb2_into_t structure for this conversation yet,
     * create it.
     */
    si->conv = wmem_new0(wmem_file_scope(), smb2_conv_info_t);
    /* qqq this leaks memory for now since we never free
       the hashtables */
    si->conv->matched = g_hash_table_new(smb2_saved_info_hash_matched,
      smb2_saved_info_equal_matched);
    si->conv->unmatched = g_hash_table_new(smb2_saved_info_hash_unmatched,
      smb2_saved_info_equal_unmatched);
    si->conv->preauth_hash_current = si->conv->preauth_hash_con;

    /* Bit of a hack to avoid leaking the hash tables - register a
     * callback to free them. Ideally wmem would implement a simple
     * hash table so we wouldn't have to do this. */
    wmem_register_callback(wmem_file_scope(), smb2_conv_destroy,
        si->conv);

    conversation_add_proto_data(conversation, proto_smb2, si->conv);
  }

  sti->conv = si->conv;
  scti->conv = si->conv;

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMB2");
  if (first_in_chain) {
    /* first packet */
    col_clear(pinfo->cinfo, COL_INFO);
  } else {
    col_append_str(pinfo->cinfo, COL_INFO, "; ");
  }

  item = proto_tree_add_item(parent_tree, proto_smb2, tvb, offset, -1, ENC_NA);
  tree = proto_item_add_subtree(item, ett_smb2);

  header_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_smb2_header, &header_item, label);

  /* Decode the header */

  if (msg_type == SMB2_NORM_HEADER) {
    /* SMB2 marker */
    proto_tree_add_item(header_tree, hf_smb2_protocol_id, tvb, offset, 4, ENC_BIG_ENDIAN);
    offset += 4;

    /* we need the flags before we know how to parse the credits field */
    si->flags = tvb_get_letohl(tvb, offset+12);

    /* header length */
    proto_tree_add_item(header_tree, hf_smb2_header_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;

    /* credit charge (previously "epoch" (unused) which has been deprecated as of "SMB 2.1") */
    proto_tree_add_item(header_tree, hf_smb2_credit_charge, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    offset += 2;

    /* Status Code */
    if (si->flags & SMB2_FLAGS_RESPONSE) {
      si->status = tvb_get_letohl(tvb, offset);
      proto_tree_add_item(header_tree, hf_smb2_nt_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
      if (si->status) {
        proto_item_append_text(item, ", %s",
          val_to_str_ext(si->status, &NT_errors_ext, "Unknown (0x%08X)"));
      }
      offset += 4;
    } else {
      si->status = 0;
      proto_tree_add_item(header_tree, hf_smb2_channel_sequence, tvb, offset, 2, ENC_LITTLE_ENDIAN);
      offset += 2;
      proto_tree_add_item(header_tree, hf_smb2_reserved, tvb, offset, 2, ENC_NA);
      offset += 2;
    }

    /* opcode */
    si->opcode = tvb_get_letohs(tvb, offset);
    proto_tree_add_item(header_tree, hf_smb2_cmd, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    proto_item_append_text(item, ", %s %s",
      decode_smb2_name(si->opcode),
      si->flags & SMB2_FLAGS_RESPONSE ? "Response" : "Request");
    offset += 2;

    /* credits */
    if (si->flags & SMB2_FLAGS_RESPONSE) {
      proto_tree_add_item(header_tree, hf_smb2_credits_granted, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    } else {
      proto_tree_add_item(header_tree, hf_smb2_credits_requested, tvb, offset, 2, ENC_LITTLE_ENDIAN);
    }
    offset += 2;

    /* flags */
    if (header_tree) {
      static int * const  flags[] = {
        &hf_smb2_flags_response,
        &hf_smb2_flags_async_cmd,
        &hf_smb2_flags_chained,
        &hf_smb2_flags_signature,
        &hf_smb2_flags_priority_mask,
        &hf_smb2_flags_dfs_op,
        &hf_smb2_flags_replay_operation,
        NULL
      };

      proto_tree_add_bitmask(header_tree, tvb, offset, hf_smb2_flags,
                  ett_smb2_flags, flags, ENC_LITTLE_ENDIAN);
    }

    offset += 4;

    /* Next Command */
    chain_offset = tvb_get_letohl(tvb, offset);
    proto_tree_add_item(header_tree, hf_smb2_chain_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
    offset += 4;

    /* Message ID */
    si->msg_id = tvb_get_letoh64(tvb, offset);
    ssi_key.msg_id = si->msg_id;
    proto_tree_add_item(header_tree, hf_smb2_msg_id, tvb, offset, 8, ENC_LITTLE_ENDIAN);
    proto_item_append_text(item,  ", MessageId %" PRIu64, (uint64_t)si->msg_id);
    offset += 8;

    /* Tree ID and Session ID */
    offset = dissect_smb2_tid_sesid(pinfo, header_tree, tvb, offset, si);

    /* Signature */
    dissect_smb2_signature(pinfo, tvb, offset, header_tree, si);
    offset += 16;
    proto_item_set_len(header_item, offset);

    /* Check if this is a special packet type and it has non-regular title */
    packet_title = get_special_packet_title(si->opcode, si->flags, si->msg_id, tvb, offset);
    if (packet_title) {
      col_append_str(pinfo->cinfo, COL_INFO, packet_title);
    } else {
      /* Regular packets have standard title */
      col_append_fstr(pinfo->cinfo, COL_INFO, "%s %s",
          decode_smb2_name(si->opcode),
          (si->flags & SMB2_FLAGS_RESPONSE)?"Response":"Request");
    }
    if (si->status) {
      col_append_fstr(
          pinfo->cinfo, COL_INFO, ", Error: %s",
          val_to_str_ext(si->status, &NT_errors_ext,
                   "Unknown (0x%08X)"));
    }


    if (!pinfo->fd->visited) {
      /* see if we can find this msg_id in the unmatched table */
      ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->unmatched, &ssi_key);

      if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
        /* This is a request */
        if (ssi) {
          /* this is a request and we already found
          * an older ssi so just delete the previous
          * one
          */
          g_hash_table_remove(si->conv->unmatched, ssi);
          ssi = NULL;
        }

        if (!ssi) {
          /* no we couldn't find it, so just add it then
          * if was a request we are decoding
          */
          ssi                  = wmem_new0(wmem_file_scope(), smb2_saved_info_t);
          ssi->msg_id          = ssi_key.msg_id;
          ssi->frame_req       = pinfo->num;
          ssi->frame_res       = UINT32_MAX;
          ssi->req_time        = pinfo->abs_ts;
          ssi->extra_info_type = SMB2_EI_NONE;
          g_hash_table_insert(si->conv->unmatched, ssi, ssi);
        }
      } else {
        /* This is a response */
        if (!((si->flags & SMB2_FLAGS_ASYNC_CMD)
          && si->status == NT_STATUS_PENDING)
          && ssi) {
          /* just  set the response frame and move it to the matched table */
          ssi->frame_res = pinfo->num;
          ssi->resp_time = pinfo->abs_ts;
          g_hash_table_remove(si->conv->unmatched, ssi);
          g_hash_table_insert(si->conv->matched, ssi, ssi);
        }
      }
    } else {
      /* see if we can find this msg_id in the matched table */
      ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->matched, &ssi_key);
      /* if we couldn't find it in the matched table, it might still
      * be in the unmatched table
      */
      if (!ssi) {
        ssi = (smb2_saved_info_t *)g_hash_table_lookup(si->conv->unmatched, &ssi_key);
      }
    }

    if (ssi) {
      if (dcerpc_fetch_polhnd_data(&ssi->policy_hnd, &fid_name, NULL, &open_frame, &close_frame, pinfo->num)) {
        /* If needed, create the file entry and save the policy hnd */
        if (!si->eo_file_info) {
          if (si->conv) {
            eo_file_info = (smb2_eo_file_info_t *)wmem_map_lookup(si->session->files,&ssi->policy_hnd);
            if (!eo_file_info) { /* XXX This should never happen */
              /* assert(1==0); */
              eo_file_info = wmem_new(wmem_file_scope(), smb2_eo_file_info_t);
              policy_hnd_hashtablekey = wmem_new(wmem_file_scope(), e_ctx_hnd);
              memcpy(policy_hnd_hashtablekey, &ssi->policy_hnd, sizeof(e_ctx_hnd));
              eo_file_info->end_of_file=0;
              wmem_map_insert(si->session->files,policy_hnd_hashtablekey,eo_file_info);
            }
            si->eo_file_info=eo_file_info;
          }
        }

      }

      if (!(si->flags & SMB2_FLAGS_RESPONSE)) {
        if (ssi->frame_res != UINT32_MAX) {
          proto_item *tmp_item;
          nstime_t    deltat;

          tmp_item = proto_tree_add_uint(header_tree, hf_smb2_response_in, tvb, 0, 0,
            ssi->frame_res);
          proto_item_set_generated(tmp_item);

          nstime_delta(&deltat, &ssi->resp_time, &pinfo->abs_ts);
          tmp_item = proto_tree_add_time(header_tree, hf_smb2_time_req, tvb,
                       0, 0, &deltat);
          proto_item_set_generated(tmp_item);
        }
      } else {
        if (ssi->frame_req != UINT32_MAX) {
          proto_item *tmp_item;
          nstime_t    t, deltat;

          tmp_item = proto_tree_add_uint(header_tree, hf_smb2_response_to, tvb, 0, 0,
            ssi->frame_req);
          proto_item_set_generated(tmp_item);
          t = pinfo->abs_ts;
          nstime_delta(&deltat, &t, &ssi->req_time);
          tmp_item = proto_tree_add_time(header_tree, hf_smb2_time_resp, tvb,
          0, 0, &deltat);
          proto_item_set_generated(tmp_item);
        }
      }
      if (si->file != NULL) {
        ssi->file = si->file;
      } else {
        si->file = ssi->file;
      }
    }
    /* if we don't have ssi yet we must fake it */
    /*qqq*/
    si->saved = ssi;

    tap_queue_packet(smb2_tap, pinfo, si);

    /* Decode the payload */
    offset = dissect_smb2_command(pinfo, tree, tvb, offset, si);
  } else if (msg_type == SMB2_ENCR_HEADER) {
    proto_tree *enc_tree;
    tvbuff_t   *enc_tvb   = NULL;
    tvbuff_t   *plain_tvb = NULL;

    /* SMB2_TRANSFORM marker */
    proto_tree_add_item(header_tree, hf_smb2_protocol_id, tvb, offset, 4, ENC_BIG_ENDIAN);
    offset += 4;

    offset = dissect_smb2_transform_header(pinfo, header_tree, tvb, offset, sti,
                   &enc_tvb, &plain_tvb);

    enc_tree = proto_tree_add_subtree(tree, enc_tvb, 0, sti->size, ett_smb2_encrypted, NULL, "Encrypted SMB3 data");
    if (plain_tvb != NULL) {
      col_append_str(pinfo->cinfo, COL_INFO, "Decrypted SMB3");
      dissect_smb2(plain_tvb, pinfo, enc_tree, false);
    } else {
      col_append_str(pinfo->cinfo, COL_INFO, "Encrypted SMB3");
      proto_tree_add_item(enc_tree, hf_smb2_transform_encrypted_data,
              enc_tvb, 0, sti->size, ENC_NA);
    }

    if (tvb_reported_length_remaining(tvb, offset) > 0) {
      chain_offset = offset;
    }
  } else if (msg_type == SMB2_COMP_HEADER) {
    proto_tree *comp_tree;
    proto_item *decomp_item;
    tvbuff_t   *plain_tvb = NULL;
    tvbuff_t   *comp_tvb = NULL;

    offset = dissect_smb2_comp_transform_header(pinfo, header_tree, tvb, offset,
                  scti, &comp_tvb, &plain_tvb);

    comp_tree = proto_tree_add_subtree(header_tree, tvb, offset,
               tvb_reported_length_remaining(tvb, offset),
               ett_smb2_compressed, NULL,
               "Compressed SMB3 data");
    proto_tree_add_item(comp_tree, hf_smb2_comp_transform_data,
            tvb, offset,
            tvb_reported_length_remaining(tvb, offset),
            ENC_NA);

    if (plain_tvb) {
      proto_tree *decomp_tree;

      decomp_tree = proto_tree_add_subtree(header_tree, plain_tvb, 0,
                   tvb_reported_length_remaining(plain_tvb, 0),
                   ett_smb2_decompressed, &decomp_item,
                   "Decompressed SMB3 data");
      proto_item_set_generated(decomp_item);
      dissect_smb2(plain_tvb, pinfo, decomp_tree, false);
    }

    offset += tvb_reported_length_remaining(tvb, offset);
  } else {
    col_append_str(pinfo->cinfo, COL_INFO, "Invalid header");

    /* bad packet after decompressing/decrypting */
    offset += tvb_reported_length_remaining(tvb, offset);
  }

  if (chain_offset > 0) {
    tvbuff_t *next_tvb;

    proto_item_set_len(item, chain_offset);

    next_tvb = tvb_new_subset_remaining(tvb, chain_offset);
    offset   = dissect_smb2(next_tvb, pinfo, parent_tree, false);
  }

  decrement_dissection_depth(pinfo);
  return offset;
}

static bool
dissect_smb2_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data _U_)
{
  uint8_t b;

  /* must check that this really is a smb2 packet */
  if (tvb_captured_length(tvb) < 4)
    return false;

  b = tvb_get_uint8(tvb, 0);
  if (((b != SMB2_COMP_HEADER) && (b != SMB2_ENCR_HEADER) && (b != SMB2_NORM_HEADER))
      || (tvb_get_uint8(tvb, 1) != 'S')
      || (tvb_get_uint8(tvb, 2) != 'M')
      || (tvb_get_uint8(tvb, 3) != 'B') ) {
    return false;
  }

  dissect_smb2(tvb, pinfo, parent_tree, true);

  return true;
}

void
proto_register_smb2(void)
{
  module_t *smb2_module;
  static hf_register_info hf[] = {
    { &hf_smb2_cmd,
      { "Command", "smb2.cmd", FT_UINT16, BASE_DEC | BASE_EXT_STRING,
      &smb2_cmd_vals_ext, 0, "SMB2 Command Opcode", HFILL }
    },

    { &hf_smb2_response_to,
      { "Response to", "smb2.response_to", FT_FRAMENUM, BASE_NONE,
      FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0, "This packet is a response to the packet in this frame", HFILL }
    },

    { &hf_smb2_response_in,
      { "Response in", "smb2.response_in", FT_FRAMENUM, BASE_NONE,
      FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0, "The response to this packet is in this packet", HFILL }
    },

    { &hf_smb2_time_req,
      { "Time to response", "smb2.time", FT_RELATIVE_TIME, BASE_NONE,
      NULL, 0, "Time between Request and Response for SMB2 cmds", HFILL }
    },

    { &hf_smb2_time_resp,
      { "Time from request", "smb2.time", FT_RELATIVE_TIME, BASE_NONE,
      NULL, 0, "Time between Request and Response for SMB2 cmds", HFILL }
    },

    { &hf_smb2_preauth_hash,
      { "Preauth Hash", "smb2.preauth_hash", FT_BYTES, BASE_NONE,
      NULL, 0, "SMB3.1.1 pre-authentication SHA512 hash after hashing the packet", HFILL }
    },

    { &hf_smb2_header_len,
      { "Header Length", "smb2.header_len", FT_UINT16, BASE_DEC,
      NULL, 0, "SMB2 Size of Header", HFILL }
    },

    { &hf_smb2_nt_status,
      { "NT Status", "smb2.nt_status", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
      &NT_errors_ext, 0, "NT Status code", HFILL }
    },

    { &hf_smb2_msg_id,
      { "Message ID", "smb2.msg_id", FT_UINT64, BASE_DEC|BASE_VAL64_STRING|BASE_SPECIAL_VALS,
      VALS64(unique_unsolicited_response), 0, NULL, HFILL }
    },

    { &hf_smb2_tid,
      { "Tree Id", "smb2.tid", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_aid,
      { "Async Id", "smb2.aid", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_sesid,
      { "Session Id", "smb2.sesid", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_previous_sesid,
      { "Previous Session Id", "smb2.previous_sesid", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_chain_offset,
      { "Chain Offset", "smb2.chain_offset", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_end_of_file,
      { "End Of File", "smb2.eof", FT_UINT64, BASE_DEC,
      NULL, 0, "SMB2 End Of File/File size", HFILL }
    },

    { &hf_smb2_nlinks,
      { "Number of Links", "smb2.nlinks", FT_UINT32, BASE_DEC,
      NULL, 0, "Number of links to this object", HFILL }
    },

    { &hf_smb2_file_id,
      { "File Id", "smb2.file_id", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_allocation_size,
      { "Allocation Size", "smb2.allocation_size", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_max_response_size,
      { "Max Response Size", "smb2.max_response_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_getinfo_input_size,
      { "Getinfo Input Size", "smb2.getinfo_input_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_getinfo_input_offset,
      { "Getinfo Input Offset", "smb2.getinfo_input_offset", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_getsetinfo_additional,
      { "Additional Info", "smb2.getsetinfo_additional", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_getsetinfo_additionals,
      { "Additional Info", "smb2.getsetinfo_additionals", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_getsetinfo_additional_owner,
      { "Owner", "smb2.getsetinfo_additional_secinfo.owner", FT_BOOLEAN, 32,
      TFS(&tfs_additional_owner), OWNER_SECURITY_INFORMATION, "Is owner security information being queried?", HFILL }},

    { &hf_smb2_getsetinfo_additional_group,
      { "Group", "smb2.getsetinfo_additional_secinfo.group", FT_BOOLEAN, 32,
      TFS(&tfs_additional_group), GROUP_SECURITY_INFORMATION, "Is group security information being queried?", HFILL }},

    { &hf_smb2_getsetinfo_additional_dacl,
      { "DACL", "smb2.getsetinfo_additional_secinfo.dacl", FT_BOOLEAN, 32,
      TFS(&tfs_additional_dacl), DACL_SECURITY_INFORMATION, "Is DACL security information being queried?", HFILL }},

    { &hf_smb2_getsetinfo_additional_sacl,
      { "SACL", "smb2.getsetinfo_additional_secinfo.sacl", FT_BOOLEAN, 32,
      TFS(&tfs_additional_sacl), SACL_SECURITY_INFORMATION, "Is SACL security information being queried?", HFILL }},

    { &hf_smb2_getsetinfo_additional_label,
      { "Integrity label", "smb2.getsetinfo_additional_secinfo.label", FT_BOOLEAN, 32,
      TFS(&tfs_additional_label), LABEL_SECURITY_INFORMATION, "Is integrity label security information being queried?", HFILL }},

    { &hf_smb2_getsetinfo_additional_attribute,
      { "Resource attribute", "smb2.getsetinfo_additional_secinfo.attribute", FT_BOOLEAN, 32,
      TFS(&tfs_additional_attribute), ATTRIBUTE_SECURITY_INFORMATION, "Is resource attribute security information being queried?", HFILL }},

    { &hf_smb2_getsetinfo_additional_scope,
      { "Central access policy", "smb2.getsetinfo_additional_secinfo.scope", FT_BOOLEAN, 32,
      TFS(&tfs_additional_scope), SCOPE_SECURITY_INFORMATION, "Is central access policy security information being queried?", HFILL }},

    { &hf_smb2_getsetinfo_additional_backup,
      { "Backup operation", "smb2.getsetinfo_additional_secinfo.backup", FT_BOOLEAN, 32,
      TFS(&tfs_additional_backup), BACKUP_SECURITY_INFORMATION, "Is backup operation security information being queried?", HFILL }},

    { &hf_smb2_getinfo_flags,
      { "Flags", "smb2.getinfo_flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_setinfo_size,
      { "Setinfo Size", "smb2.setinfo_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_setinfo_offset,
      { "Setinfo Offset", "smb2.setinfo_offset", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_setinfo_reserved,
      { "Reserved", "smb2.setinfo_reserved", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_max_ioctl_out_size,
      { "Max Ioctl Out Size", "smb2.max_ioctl_out_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_max_ioctl_in_size,
      { "Max Ioctl In Size", "smb2.max_ioctl_in_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_required_buffer_size,
      { "Required Buffer Size", "smb2.required_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_header_reserved,
      { "Reserved", "smb2.header_reserved", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },


    /* SMB2 header flags  */
    { &hf_smb2_flags,
      { "Flags", "smb2.flags", FT_UINT32, BASE_HEX,
      NULL, 0, "SMB2 flags", HFILL }
    },

    { &hf_smb2_flags_response,
      { "Response", "smb2.flags.response", FT_BOOLEAN, 32,
      TFS(&tfs_flags_response), SMB2_FLAGS_RESPONSE, "Whether this is an SMB2 Request or Response", HFILL }
    },

    { &hf_smb2_flags_async_cmd,
      { "Async command", "smb2.flags.async", FT_BOOLEAN, 32,
      TFS(&tfs_flags_async_cmd), SMB2_FLAGS_ASYNC_CMD, NULL, HFILL }
    },

    { &hf_smb2_flags_dfs_op,
      { "DFS operation", "smb2.flags.dfs", FT_BOOLEAN, 32,
      TFS(&tfs_flags_dfs_op), SMB2_FLAGS_DFS_OP, NULL, HFILL }
    },

    { &hf_smb2_flags_chained,
      { "Chained", "smb2.flags.chained", FT_BOOLEAN, 32,
      TFS(&tfs_flags_chained), SMB2_FLAGS_CHAINED, "Whether the pdu continues a chain or not", HFILL }
    },
    { &hf_smb2_flags_signature,
      { "Signing", "smb2.flags.signature", FT_BOOLEAN, 32,
      TFS(&tfs_flags_signature), SMB2_FLAGS_SIGNATURE, "Whether the pdu is signed or not", HFILL }
    },

    { &hf_smb2_flags_replay_operation,
      { "Replay operation", "smb2.flags.replay", FT_BOOLEAN, 32,
      TFS(&tfs_flags_replay_operation), SMB2_FLAGS_REPLAY_OPERATION, "Whether this is a replay operation", HFILL }
    },

    { &hf_smb2_flags_priority_mask,
      { "Priority", "smb2.flags.priority_mask", FT_BOOLEAN, 32,
      TFS(&tfs_flags_priority_mask), SMB2_FLAGS_PRIORITY_MASK, "Priority Mask", HFILL }
    },

    { &hf_smb2_tree,
      { "Tree", "smb2.tree", FT_STRING, BASE_NONE,
      NULL, 0, "Name of the Tree/Share", HFILL }
    },

    { &hf_smb2_blobs,
      { "Blobs", "smb2.blobs", FT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_filename,
      { "Filename", "smb2.filename", FT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_filename_len,
      { "Filename Length", "smb2.filename.len", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_frame_handle_opened,
      { "Frame handle opened", "smb2.frame_handle_opened", FT_FRAMENUM, BASE_NONE,
      FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0, "File opened in", HFILL }
    },

    { &hf_frame_handle_closed,
      { "Frame handle closed", "smb2.frame_handle_closed", FT_FRAMENUM, BASE_NONE,
      FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0, "File closed in", HFILL }
    },

    { &hf_smb2_file_id_hash,
      { "FileId Hash", "smb2.fid_hash", FT_UINT32, BASE_HEX,
      NULL, 0, "Used to find all instances of a File ID", HFILL }
    },

    { &hf_smb2_num_matched,
      { "Matched pattern", "smb2.num_matched", FT_UINT16, BASE_DEC,
      NULL, 0, "Number of files matching the find pattern", HFILL }
    },

    { &hf_smb2_replace_if,
      { "Replace If", "smb2.rename.replace_if", FT_BOOLEAN, 8,
      TFS(&tfs_replace_if_exists), 0xFF, "Whether to replace if the target exists", HFILL }
    },

    { &hf_smb2_data_offset,
      { "Data Offset", "smb2.data_offset", FT_UINT16, BASE_HEX,
      NULL, 0, "Offset to data", HFILL }
    },

    { &hf_smb2_find_info_level,
      { "Info Level", "smb2.find.infolevel", FT_UINT32, BASE_DEC,
      VALS(smb2_find_info_levels), 0, "Find_Info Infolevel", HFILL }
    },

    { &hf_smb2_find_flags,
      { "Find Flags", "smb2.find.flags", FT_UINT8, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_find_pattern,
      { "Search Pattern", "smb2.find.pattern", FT_STRING, BASE_NONE,
      NULL, 0, "Find pattern", HFILL }
    },

    { &hf_smb2_find_info_blob,
      { "Info", "smb2.find.info_blob", FT_BYTES, BASE_NONE,
      NULL, 0, "Find Info", HFILL }
    },

    { &hf_smb2_ea_size,
      { "EA Size", "smb2.ea_size", FT_UINT32, BASE_DEC,
      NULL, 0, "Size of EA data", HFILL }
    },

    { &hf_smb2_position_information,
      { "Position Information", "smb2.position_info", FT_UINT64, BASE_DEC,
      NULL, 0, "Current file position", HFILL }
    },

    { &hf_smb2_mode_information,
      { "Mode Information", "smb2.mode_info", FT_UINT32, BASE_HEX,
      NULL, 0, "File mode information", HFILL }
    },

    { &hf_smb2_mode_file_write_through,
      { "FILE_WRITE_THROUGH", "smb2.mode.file_write_through", FT_UINT32, BASE_HEX,
      NULL, 0x02, NULL, HFILL }
    },

    { &hf_smb2_mode_file_sequential_only,
      { "FILE_SEQUENTIAL_ONLY", "smb2.mode.file_sequential_only", FT_UINT32, BASE_HEX,
      NULL, 0x04, NULL, HFILL }
    },

    { &hf_smb2_mode_file_no_intermediate_buffering,
      { "FILE_NO_INTERMEDIATE_BUFFERING", "smb2.mode.file_no_intermediate_buffering", FT_UINT32, BASE_HEX,
      NULL, 0x08, NULL, HFILL }
    },

    { &hf_smb2_mode_file_synchronous_io_alert,
      { "FILE_SYNCHRONOUS_IO_ALERT", "smb2.mode.file_synchronous_io_alert", FT_UINT32, BASE_HEX,
      NULL, 0x10, NULL, HFILL }
    },

    { &hf_smb2_mode_file_synchronous_io_nonalert,
      { "FILE_SYNCHRONOUS_IO_NONALERT", "smb2.mode.file_synchronous_io_nonalert", FT_UINT32, BASE_HEX,
      NULL, 0x20, NULL, HFILL }
    },

    { &hf_smb2_mode_file_delete_on_close,
      { "FILE_DELETE_ON_CLOSE", "smb2.mode.file_delete_on_close", FT_UINT32, BASE_HEX,
      NULL, 0x1000, NULL, HFILL }
    },

    { &hf_smb2_alignment_information,
      { "Alignment Information", "smb2.alignment_info", FT_UINT32, BASE_HEX,
      VALS(smb2_alignment_vals), 0, "File alignment", HFILL}
    },

    { &hf_smb2_class,
      { "Class", "smb2.class", FT_UINT8, BASE_HEX,
      VALS(smb2_class_vals), 0, "Info class", HFILL }
    },

    { &hf_smb2_infolevel,
      { "InfoLevel", "smb2.infolevel", FT_UINT8, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_infolevel_file_info,
      { "InfoLevel", "smb2.file_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
      &smb2_file_info_levels_ext, 0, "File_Info Infolevel", HFILL }
    },

    { &hf_smb2_infolevel_fs_info,
      { "InfoLevel", "smb2.fs_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
      &smb2_fs_info_levels_ext, 0, "Fs_Info Infolevel", HFILL }
    },

    { &hf_smb2_infolevel_sec_info,
      { "InfoLevel", "smb2.sec_info.infolevel", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
      &smb2_sec_info_levels_ext, 0, "Sec_Info Infolevel", HFILL }
    },

    { &hf_smb2_write_length,
      { "Write Length", "smb2.write_length", FT_UINT32, BASE_DEC,
      NULL, 0, "Amount of data to write", HFILL }
    },

    { &hf_smb2_read_blob,
      { "Info", "smb2.read.blob", FT_BYTES, BASE_NONE,
      NULL, 0, "Read Blob", HFILL }
    },

    { &hf_smb2_read_length,
      { "Read Length", "smb2.read_length", FT_UINT32, BASE_DEC,
      NULL, 0, "Amount of data to read", HFILL }
    },

    { &hf_smb2_read_remaining,
      { "Read Remaining", "smb2.read_remaining", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_read_padding,
      { "Padding", "smb2.read_padding", FT_UINT8, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_read_flags,
      { "Flags", "smb2.read_flags", FT_UINT8, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_read_flags_unbuffered,
      { "Unbuffered", "smb2.read_flags.unbuffered", FT_BOOLEAN, 8,
      TFS(&tfs_read_unbuffered), SMB2_READFLAG_READ_UNBUFFERED, "If client requests unbuffered read", HFILL }
    },

    { &hf_smb2_read_flags_compressed,
      { "Compressed", "smb2.read_flags.compressed", FT_BOOLEAN, 8,
      TFS(&tfs_read_compressed), SMB2_READFLAG_READ_COMPRESSED, "If client requests compressed response", HFILL }
    },

    { &hf_smb2_create_flags,
      { "Create Flags", "smb2.create_flags", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_offset,
      { "File Offset", "smb2.file_offset", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fsctl_range_offset,
      { "File Offset", "smb2.fsctl.range_offset", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fsctl_range_length,
      { "Length", "smb2.fsctl.range_length", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_qfr_length,
      { "Length", "smb2.qfr_length", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_qfr_usage,
      { "Desired Usage", "smb2.qfr_usage", FT_UINT32, BASE_HEX,
      VALS(file_region_usage_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_qfr_flags,
      { "Flags", "smb2.qfr_flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_qfr_total_region_entry_count,
      { "Total Region Entry Count", "smb2.qfr_tot_region_entry_count", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_qfr_region_entry_count,
      { "Region Entry Count", "smb2.qfr_region_entry_count", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_security_blob,
      { "Security Blob", "smb2.security_blob", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_out_data,
      { "Out Data", "smb2.ioctl.out", FT_NONE, BASE_NONE,
      NULL, 0, "Ioctl Out", HFILL }
    },

    { &hf_smb2_ioctl_in_data,
      { "In Data", "smb2.ioctl.in", FT_NONE, BASE_NONE,
      NULL, 0, "Ioctl In", HFILL }
    },

    { &hf_smb2_server_guid,
      { "Server Guid", "smb2.server_guid", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_client_guid,
      { "Client Guid", "smb2.client_guid", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_object_id,
      { "ObjectId", "smb2.object_id", FT_GUID, BASE_NONE,
      NULL, 0, "ObjectID for this FID", HFILL }
    },

    { &hf_smb2_birth_volume_id,
      { "BirthVolumeId", "smb2.birth_volume_id", FT_GUID, BASE_NONE,
      NULL, 0, "ObjectID for the volume where this FID was originally created", HFILL }
    },

    { &hf_smb2_birth_object_id,
      { "BirthObjectId", "smb2.birth_object_id", FT_GUID, BASE_NONE,
      NULL, 0, "ObjectID for this FID when it was originally created", HFILL }
    },

    { &hf_smb2_domain_id,
      { "DomainId", "smb2.domain_id", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_create_timestamp,
      { "Create", "smb2.create.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
      NULL, 0, "Time when this object was created", HFILL }
    },

    { &hf_smb2_fid,
      { "File Id", "smb2.fid", FT_GUID, BASE_NONE,
      NULL, 0, "SMB2 File Id", HFILL }
    },

    { &hf_smb2_write_data,
      { "Write Data", "smb2.write_data", FT_BYTES, BASE_NONE,
      NULL, 0, "SMB2 Data to be written", HFILL }
    },

    { &hf_smb2_write_flags,
      { "Write Flags", "smb2.write.flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_write_flags_write_through,
      { "Write through", "smb2.write.flags.write_through", FT_BOOLEAN, 32,
      TFS(&tfs_write_through), SMB2_WRITE_FLAG_WRITE_THROUGH, "If the client requests WRITE_THROUGH", HFILL }
    },

    { &hf_smb2_write_flags_write_unbuffered,
      { "Unbuffered", "smb2.write.flags.unbuffered", FT_BOOLEAN, 32,
      TFS(&tfs_write_unbuffered), SMB2_WRITE_FLAG_WRITE_UNBUFFERED, "If client requests UNBUFFERED read", HFILL }
    },

    { &hf_smb2_write_count,
      { "Write Count", "smb2.write.count", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_write_remaining,
      { "Write Remaining", "smb2.write.remaining", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_read_data,
      { "Read Data", "smb2.read_data", FT_BYTES, BASE_NONE,
      NULL, 0, "SMB2 Data that is read", HFILL }
    },

    { &hf_smb2_last_access_timestamp,
      { "Last Access", "smb2.last_access.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
      NULL, 0, "Time when this object was last accessed", HFILL }
    },

    { &hf_smb2_last_write_timestamp,
      { "Last Write", "smb2.last_write.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
      NULL, 0, "Time when this object was last written to", HFILL }
    },

    { &hf_smb2_last_change_timestamp,
      { "Last Change", "smb2.last_change.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
      NULL, 0, "Time when this object was last changed", HFILL }
    },

    { &hf_smb2_file_all_info,
      { "SMB2_FILE_ALL_INFO", "smb2.file_all_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_allocation_info,
      { "SMB2_FILE_ALLOCATION_INFO", "smb2.file_allocation_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_endoffile_info,
      { "SMB2_FILE_ENDOFFILE_INFO", "smb2.file_endoffile_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_good_signature,
      { "Good signature", "smb2.good_signature", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_bad_signature,
      { "Bad signature. Should be", "smb2.bad_signature", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_alternate_name_info,
      { "SMB2_FILE_ALTERNATE_NAME_INFO", "smb2.file_alternate_name_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_normalized_name_info,
      { "SMB2_FILE_NORMALIZED_NAME_INFO", "smb2.file_normalized_name_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_stream_info,
      { "SMB2_FILE_STREAM_INFO", "smb2.file_stream_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_pipe_info,
      { "SMB2_FILE_PIPE_INFO", "smb2.file_pipe_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_pipe_local_info,
      { "SMB2_FILE_LOCAL_PIPE_INFO", "smb2.file_local_pipe_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },
    { &hf_smb2_file_pipe_remote_info,
      { "SMB2_FILE_REMOTE_PIPE_INFO", "smb2.file_remote_pipe_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },
    { &hf_smb2_file_compression_info,
      { "SMB2_FILE_COMPRESSION_INFO", "smb2.file_compression_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_basic_info,
      { "SMB2_FILE_BASIC_INFO", "smb2.file_basic_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_standard_info,
      { "SMB2_FILE_STANDARD_INFO", "smb2.file_standard_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_internal_info,
      { "SMB2_FILE_INTERNAL_INFO", "smb2.file_internal_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_mode_info,
      { "SMB2_FILE_MODE_INFO", "smb2.file_mode_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_alignment_info,
      { "SMB2_FILE_ALIGNMENT_INFO", "smb2.file_alignment_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_position_info,
      { "SMB2_FILE_POSITION_INFO", "smb2.file_position_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_access_info,
      { "SMB2_FILE_ACCESS_INFO", "smb2.file_access_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_ea_info,
      { "SMB2_FILE_EA_INFO", "smb2.file_ea_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_network_open_info,
      { "SMB2_FILE_NETWORK_OPEN_INFO", "smb2.file_network_open_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_attribute_tag_info,
      { "SMB2_FILE_ATTRIBUTE_TAG_INFO", "smb2.file_attribute_tag_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_disposition_info,
      { "SMB2_FILE_DISPOSITION_INFO", "smb2.file_disposition_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_full_ea_info,
      { "SMB2_FILE_FULL_EA_INFO", "smb2.file_full_ea_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_rename_info,
      { "SMB2_FILE_RENAME_INFO", "smb2.file_rename_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_link_info,
      { "SMB2_FILE_LINK_INFO", "smb2.file_link_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_info_01,
      { "FileFsVolumeInformation", "smb2.fs_volume_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_info_03,
      { "FileFsSizeInformation", "smb2.fs_size_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_info_04,
      { "FileFsDeviceInformation", "smb2.fs_device_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_info_05,
      { "FileFsAttributeInformation", "smb2.fs_attribute_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_info_06,
      { "FileFsControlInformation", "smb2.fs_control_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_info_07,
      { "FileFsFullSizeInformation", "smb2.fs_full_size_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_objectid_info,
      { "FileFsObjectIdInformation", "smb2.fs_objectid_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_info,
      { "FileFsPOSIXInformation", "smb2.fs_posix_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_optimal_transfer_size,
      { "Optimal Transfer Size", "smb2.fs_posix_optimal_transfer_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_block_size,
      { "Block Size", "smb2.fs_posix_block_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_total_blocks,
      { "Total Blocks", "smb2.fs_posix_total_blocks", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_blocks_available,
      { "Blocks Available", "smb2.fs_posix_blocks_available", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_user_blocks_available,
      { "User Blocks Available", "smb2.fs_posix_user_blocks_available", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_total_file_nodes,
      { "Total File Nodes", "smb2.fs_posix_total_file_nodes", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_free_file_nodes,
      { "Free File Nodes", "smb2.fs_posix_free_file_nodes", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fs_posix_fs_identifier,
      { "Fs-Identifier", "smb2.fs_posix_fs_identifier", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_sec_info_00,
      { "SMB2_SEC_INFO_00", "smb2.sec_info_00", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_quota_info,
      { "SMB2_QUOTA_INFO", "smb2.quota_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_query_quota_info,
      { "SMB2_QUERY_QUOTA_INFO", "smb2.query_quota_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_qq_single,
      { "ReturnSingle", "smb2.query_quota_info.single", FT_BOOLEAN, 8,
      NULL, 0xff, NULL, HFILL }
    },

    { &hf_smb2_qq_restart,
      { "RestartScan", "smb2.query_quota_info.restart", FT_BOOLEAN, 8,
      NULL, 0xff, NULL, HFILL }
    },

    { &hf_smb2_qq_sidlist_len,
      { "SidListLength", "smb2.query_quota_info.sidlistlen", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_qq_start_sid_len,
      { "StartSidLength", "smb2.query_quota_info.startsidlen", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_qq_start_sid_offset,
      { "StartSidOffset", "smb2.query_quota_info.startsidoffset", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_disposition_delete_on_close,
      { "Delete on close", "smb2.disposition.delete_on_close", FT_BOOLEAN, 8,
      TFS(&tfs_disposition_delete_on_close), 0x01, NULL, HFILL }
    },


    { &hf_smb2_create_disposition,
      { "Disposition", "smb2.create.disposition", FT_UINT32, BASE_DEC,
      VALS(create_disposition_vals), 0, "Create disposition, what to do if the file does/does not exist", HFILL }
    },

    { &hf_smb2_create_action,
      { "Create Action", "smb2.create.action", FT_UINT32, BASE_DEC,
      VALS(oa_open_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_create_rep_flags,
      { "Response Flags", "smb2.create.rep_flags", FT_UINT8, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_create_rep_flags_reparse_point,
      { "ReparsePoint", "smb2.create.rep_flags.reparse_point", FT_BOOLEAN, 8,
      NULL, SMB2_CREATE_REP_FLAGS_REPARSE_POINT, NULL, HFILL }
    },

    { &hf_smb2_extrainfo,
      { "ExtraInfo", "smb2.create.extrainfo", FT_NONE, BASE_NONE,
      NULL, 0, "Create ExtraInfo", HFILL }
    },

    { &hf_smb2_create_chain_offset,
      { "Chain Offset", "smb2.create.chain_offset", FT_UINT32, BASE_HEX,
      NULL, 0, "Offset to next entry in chain or 0", HFILL }
    },

    { &hf_smb2_create_chain_data,
      { "Data", "smb2.create.chain_data", FT_NONE, BASE_NONE,
      NULL, 0, "Chain Data", HFILL }
    },

    { &hf_smb2_FILE_OBJECTID_BUFFER,
      { "FILE_OBJECTID_BUFFER", "smb2.FILE_OBJECTID_BUFFER", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_key,
      { "Lease Key", "smb2.lease.lease_key", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_state,
      { "Lease State", "smb2.lease.lease_state", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_state_read_caching,
      { "Read Caching", "smb2.lease.lease_state.read_caching", FT_BOOLEAN, 32,
      NULL, SMB2_LEASE_STATE_READ_CACHING, NULL, HFILL }
    },

    { &hf_smb2_lease_state_handle_caching,
      { "Handle Caching", "smb2.lease.lease_state.handle_caching", FT_BOOLEAN, 32,
      NULL, SMB2_LEASE_STATE_HANDLE_CACHING, NULL, HFILL }
    },

    { &hf_smb2_lease_state_write_caching,
      { "Write Caching", "smb2.lease.lease_state.write_caching", FT_BOOLEAN, 32,
      NULL, SMB2_LEASE_STATE_WRITE_CACHING, NULL, HFILL }
    },

    { &hf_smb2_lease_flags,
      { "Lease Flags", "smb2.lease.lease_flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_flags_break_ack_required,
      { "Break Ack Required", "smb2.lease.lease_state.break_ack_required", FT_BOOLEAN, 32,
      NULL, SMB2_LEASE_FLAGS_BREAK_ACK_REQUIRED, NULL, HFILL }
    },

    { &hf_smb2_lease_flags_break_in_progress,
      { "Break In Progress", "smb2.lease.lease_state.break_in_progress", FT_BOOLEAN, 32,
      NULL, SMB2_LEASE_FLAGS_BREAK_IN_PROGRESS, NULL, HFILL }
    },

    { &hf_smb2_lease_flags_parent_lease_key_set,
      { "Parent Lease Key Set", "smb2.lease.lease_state.parent_lease_key_set", FT_BOOLEAN, 32,
      NULL, SMB2_LEASE_FLAGS_PARENT_LEASE_KEY_SET, NULL, HFILL }
    },

    { &hf_smb2_lease_duration,
      { "Lease Duration", "smb2.lease.lease_duration", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_parent_lease_key,
      { "Parent Lease Key", "smb2.lease.parent_lease_key", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_epoch,
      { "Lease Epoch", "smb2.lease.lease_oplock", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_reserved,
      { "Lease Reserved", "smb2.lease.lease_reserved", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_break_reason,
      { "Lease Break Reason", "smb2.lease.lease_break_reason", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_access_mask_hint,
      { "Access Mask Hint", "smb2.lease.access_mask_hint", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lease_share_mask_hint,
      { "Share Mask Hint", "smb2.lease.share_mask_hint", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_next_offset,
      { "Next Offset", "smb2.next_offset", FT_UINT32, BASE_DEC,
      NULL, 0, "Offset to next buffer or 0", HFILL }
    },

    { &hf_smb2_negotiate_context_type,
      { "Type", "smb2.negotiate_context.type", FT_UINT16, BASE_HEX,
      VALS(smb2_negotiate_context_types), 0, NULL, HFILL }
    },

    { &hf_smb2_negotiate_context_data_length,
      { "DataLength", "smb2.negotiate_context.data_length", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_negotiate_context_offset,
      { "NegotiateContextOffset", "smb2.negotiate_context.offset", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_negotiate_context_reserved2,
      { "Reserved2", "smb2.negotiate_context.reserved2", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_negotiate_context_count,
      { "NegotiateContextCount", "smb2.negotiate_context.count", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_negotiate_context_reserved,
      { "Reserved", "smb2.negotiate_context.reserved", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_hash_alg_count,
      { "HashAlgorithmCount", "smb2.negotiate_context.hash_alg_count", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    { &hf_smb2_hash_algorithm,
      { "HashAlgorithm", "smb2.negotiate_context.hash_algorithm", FT_UINT16, BASE_HEX,
      VALS(smb2_hash_algorithm_types), 0, NULL, HFILL }},

    { &hf_smb2_salt_length,
      { "SaltLength", "smb2.negotiate_context.salt_length", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    { &hf_smb2_salt,
      { "Salt", "smb2.negotiate_context.salt", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }},

    { &hf_smb2_signing_alg_count,
      { "SigningAlgorithmCount", "smb2.negotiate_context.signing_alg_count", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    { &hf_smb2_signing_alg_id,
      { "SigningAlgorithmId", "smb2.negotiate_context.signing_id", FT_UINT16, BASE_HEX,
      VALS(smb2_signing_alg_types), 0, NULL, HFILL }},

    { &hf_smb2_cipher_count,
      { "CipherCount", "smb2.negotiate_context.cipher_count", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    { &hf_smb2_cipher_id,
      { "CipherId", "smb2.negotiate_context.cipher_id", FT_UINT16, BASE_HEX,
      VALS(smb2_cipher_types), 0, NULL, HFILL }},

    { &hf_smb2_posix_reserved,
      { "POSIX Reserved", "smb2.negotiate_context.posix_reserved", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_dev,
      { "Device", "smb2.dev", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_inode,
      { "Inode", "smb2.inode", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_alg_count,
      { "CompressionAlgorithmCount", "smb2.negotiate_context.comp_alg_count", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    { &hf_smb2_comp_alg_id,
      { "CompressionAlgorithmId", "smb2.negotiate_context.comp_alg_id", FT_UINT16, BASE_HEX,
      VALS(smb2_comp_alg_types), 0, NULL, HFILL }},

    { &hf_smb2_comp_alg_flags,
      { "Flags", "smb2.negotiate_context.comp_alg_flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_alg_flags_chained,
      { "Chained", "smb2.negotiate_context.comp_alg_flags.chained", FT_BOOLEAN, 32,
      NULL, SMB2_COMP_ALG_FLAGS_CHAINED, "Chained compression is supported on this connection", HFILL }
    },

    { &hf_smb2_comp_alg_flags_reserved,
      { "Reserved", "smb2.negotiate_context.comp_alg_flags.reserved", FT_UINT32, BASE_HEX,
      NULL, 0xFFFFFFFE, "Must be zero", HFILL }
    },

    { &hf_smb2_netname_neg_id,
      { "Netname", "smb2.negotiate_context.netname", FT_STRING,
      BASE_NONE, NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_transport_ctx_flags,
      { "Flags", "smb2.negotiate_context.transport_flags", FT_UINT32, BASE_HEX,
        VALS(smb2_transport_ctx_flags_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_rdma_transform_count,
      { "TransformCount", "smb2.negotiate_context.rdma_transform_count", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_rdma_transform_reserved1,
      { "Reserved1", "smb2.negotiate_context.rdma_transform_reserved1", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_rdma_transform_reserved2,
      { "Reserved2", "smb2.negotiate_context.rdma_transform_reserved2", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_rdma_transform_id,
      { "RDMATransformId", "smb2.negotiate_context.rdma_transform_id", FT_UINT16, BASE_HEX,
      VALS(smb2_rdma_transform_types), 0, NULL, HFILL }
    },

    { &hf_smb2_current_time,
      { "Current Time", "smb2.current_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
      NULL, 0, "Current Time at server", HFILL }
    },

    { &hf_smb2_boot_time,
      { "Boot Time", "smb2.boot_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
      NULL, 0, "Boot Time at server", HFILL }
    },

    { &hf_smb2_ea_flags,
      { "EA Flags", "smb2.ea.flags", FT_UINT8, BASE_HEX,
      VALS(file_full_ea_information_flags), 0, NULL, HFILL }
    },

    { &hf_smb2_ea_name_len,
      { "EA Name Length", "smb2.ea.name_len", FT_UINT8, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ea_data_len,
      { "EA Data Length", "smb2.ea.data_len", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_delete_pending,
      { "Delete Pending", "smb2.delete_pending", FT_UINT8, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_is_directory,
      { "Is Directory", "smb2.is_directory", FT_UINT8, BASE_DEC,
      NULL, 0, "Is this a directory?", HFILL }
    },

    { &hf_smb2_oplock,
      { "Oplock", "smb2.create.oplock", FT_UINT8, BASE_HEX,
      VALS(oplock_vals), 0, "Oplock type", HFILL }
    },

    { &hf_smb2_close_flags,
      { "Close Flags", "smb2.close.flags", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_notify_flags,
      { "Notify Flags", "smb2.notify.flags", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_buffer_code,
      { "StructureSize", "smb2.buffer_code", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_buffer_code_len,
      { "Fixed Part Length", "smb2.buffer_code.length", FT_UINT16, BASE_DEC,
      NULL, 0xFFFE, "Length of fixed portion of PDU", HFILL }
    },

    { &hf_smb2_olb_length,
      { "Blob Length", "smb2.olb.length", FT_UINT32, BASE_DEC,
      NULL, 0, "Length of the buffer", HFILL }
    },

    { &hf_smb2_olb_offset,
      { "Blob Offset", "smb2.olb.offset", FT_UINT32, BASE_HEX,
      NULL, 0, "Offset to the buffer", HFILL }
    },

    { &hf_smb2_buffer_code_flags_dyn,
      { "Dynamic Part", "smb2.buffer_code.dynamic", FT_BOOLEAN, 16,
      NULL, 0x0001, "Whether a dynamic length blob follows", HFILL }
    },

    { &hf_smb2_ea_data,
      { "EA Data", "smb2.ea.data", FT_BYTES, BASE_NONE|BASE_SHOW_ASCII_PRINTABLE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ea_name,
      { "EA Name", "smb2.ea.name", FT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_impersonation_level,
      { "Impersonation level", "smb2.impersonation.level", FT_UINT32, BASE_DEC,
      VALS(impersonation_level_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_function,
      { "Function", "smb2.ioctl.function", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
      &smb2_ioctl_vals_ext, 0, "Ioctl function", HFILL }
    },

    { &hf_smb2_ioctl_function_device,
      { "Device", "smb2.ioctl.function.device", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
      &smb2_ioctl_device_vals_ext, 0xffff0000, "Device for Ioctl", HFILL }
    },

    { &hf_smb2_ioctl_function_access,
      { "Access", "smb2.ioctl.function.access", FT_UINT32, BASE_HEX,
      VALS(smb2_ioctl_access_vals), 0x0000c000, "Access for Ioctl", HFILL }
    },

    { &hf_smb2_ioctl_function_function,
      { "Function", "smb2.ioctl.function.function", FT_UINT32, BASE_HEX,
      NULL, 0x00003ffc, "Function for Ioctl", HFILL }
    },

    { &hf_smb2_ioctl_function_method,
      { "Method", "smb2.ioctl.function.method", FT_UINT32, BASE_HEX,
      VALS(smb2_ioctl_method_vals), 0x00000003, "Method for Ioctl", HFILL }
    },

    { &hf_smb2_fsctl_pipe_wait_timeout,
      { "Timeout", "smb2.fsctl.wait.timeout", FT_INT64, BASE_DEC,
      NULL, 0, "Wait timeout", HFILL }
    },

    { &hf_smb2_fsctl_pipe_wait_name,
      { "Name", "smb2.fsctl.wait.name", FT_STRING, BASE_NONE,
      NULL, 0, "Pipe name", HFILL }
    },

    { &hf_smb2_fsctl_odx_token_type,
      { "TokenType", "smb2.fsctl.odx.token.type", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fsctl_odx_token_idlen,
      { "TokenIdLength", "smb2.fsctl.odx.token.idlen", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fsctl_odx_token_idraw,
      { "TokenId", "smb2.fsctl.odx.token.id", FT_BYTES, BASE_NONE,
      NULL, 0, "Token ID (opaque)", HFILL }
    },

    { &hf_smb2_fsctl_odx_token_ttl,
      { "TokenTimeToLive", "smb2.fsctl.odx.token_ttl", FT_UINT32, BASE_DEC,
      NULL, 0, "TTL requested for the token (in milliseconds)", HFILL }
    },

    { &hf_smb2_fsctl_odx_size,
      { "Size", "smb2.fsctl.odx.size", FT_UINT32, BASE_DEC,
      NULL, 0, "Size of this data element", HFILL }
    },

    { &hf_smb2_fsctl_odx_flags,
      { "Flags", "smb2.fsctl.odx.flags", FT_UINT32, BASE_HEX,
      NULL, 0, "Flags for this operation", HFILL }
    },

    { &hf_smb2_fsctl_odx_file_offset,
      { "FileOffset", "smb2.fsctl.odx.file_offset", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fsctl_odx_copy_length,
      { "CopyLength", "smb2.fsctl.odx.copy_length", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fsctl_odx_xfer_length,
      { "TransferLength", "smb2.fsctl.odx.xfer_length", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_fsctl_odx_token_offset,
      { "TokenOffset", "smb2.fsctl.odx.token_offset", FT_UINT64, BASE_DEC,
      NULL, 0, "Token Offset (relative to start of token)", HFILL }
    },

    { &hf_smb2_fsctl_sparse_flag,
      { "SetSparse", "smb2.fsctl.set_sparse", FT_BOOLEAN, 8,
      NULL, 0xFF, NULL, HFILL }
    },

    { &hf_smb2_ioctl_resiliency_timeout,
      { "Timeout", "smb2.ioctl.resiliency.timeout", FT_UINT32, BASE_DEC,
      NULL, 0, "Resiliency timeout", HFILL }
    },

    { &hf_smb2_ioctl_resiliency_reserved,
      { "Reserved", "smb2.ioctl.resiliency.reserved", FT_UINT32, BASE_DEC,
      NULL, 0, "Resiliency reserved", HFILL }
    },

    { &hf_smb2_ioctl_shared_virtual_disk_support,
      { "SharedVirtualDiskSupport", "smb2.ioctl.shared_virtual_disk.support", FT_UINT32, BASE_HEX,
      VALS(smb2_ioctl_shared_virtual_disk_vals), 0, "Supported shared capabilities", HFILL }
    },

    { &hf_smb2_ioctl_shared_virtual_disk_handle_state,
      { "SharedVirtualDiskHandleState", "smb2.ioctl.shared_virtual_disk.handle_state", FT_UINT32, BASE_HEX,
      VALS(smb2_ioctl_shared_virtual_disk_hstate_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_protocol_version,
      { "ProtocolVersion", "smb2.ioctl.sqos.protocol_version", FT_UINT16, BASE_HEX,
      VALS(smb2_ioctl_sqos_protocol_version_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_reserved,
      { "Reserved", "smb2.ioctl.sqos.reserved", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_options,
      { "Operations", "smb2.ioctl.sqos.operations", FT_UINT32, BASE_HEX,
      NULL, 0, "SQOS operations", HFILL }
    },

    { &hf_smb2_ioctl_sqos_op_set_logical_flow_id,
      { "Set Logical Flow ID", "smb2.ioctl.sqos.operations.set_logical_flow_id", FT_BOOLEAN, 32,
      NULL, STORAGE_QOS_CONTROL_FLAG_SET_LOGICAL_FLOW_ID, "Whether Set Logical Flow ID operation is performed", HFILL }
    },

    { &hf_smb2_ioctl_sqos_op_set_policy,
      { "Set Policy", "smb2.ioctl.sqos.operations.set_policy", FT_BOOLEAN, 32,
      NULL, STORAGE_QOS_CONTROL_FLAG_SET_POLICY, "Whether Set Policy operation is performed", HFILL }
    },

    { &hf_smb2_ioctl_sqos_op_probe_policy,
      { "Probe Policy", "smb2.ioctl.sqos.operations.probe_policy", FT_BOOLEAN, 32,
      NULL, STORAGE_QOS_CONTROL_FLAG_PROBE_POLICY, "Whether Probe Policy operation is performed", HFILL }
    },

    { &hf_smb2_ioctl_sqos_op_get_status,
      { "Get Status", "smb2.ioctl.sqos.operations.get_status", FT_BOOLEAN, 32,
      NULL, STORAGE_QOS_CONTROL_FLAG_GET_STATUS, "Whether Get Status operation is performed", HFILL }
    },

    { &hf_smb2_ioctl_sqos_op_update_counters,
      { "Update Counters", "smb2.ioctl.sqos.operations.update_counters", FT_BOOLEAN, 32,
      NULL, STORAGE_QOS_CONTROL_FLAG_UPDATE_COUNTERS, "Whether Update Counters operation is performed", HFILL }
    },

    { &hf_smb2_ioctl_sqos_logical_flow_id,
      { "LogicalFlowID", "smb2.ioctl.sqos.logical_flow_id", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_policy_id,
      { "PolicyID", "smb2.ioctl.sqos.policy_id", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_initiator_id,
      { "InitiatorID", "smb2.ioctl.sqos.initiator_id", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_limit,
      { "Limit", "smb2.ioctl.sqos.limit", FT_UINT64, BASE_DEC,
      NULL, 0, "Desired maximum throughput for the logical flow, in normalized IOPS", HFILL }
    },

    { &hf_smb2_ioctl_sqos_reservation,
      { "Reservation", "smb2.ioctl.sqos.reservation", FT_UINT64, BASE_DEC,
      NULL, 0, "Desired minimum throughput for the logical flow, in normalized 8KB IOPS", HFILL }
    },

    { &hf_smb2_ioctl_sqos_initiator_name,
      { "InitiatorName", "smb2.ioctl.sqos.initiator_name", FT_STRING, BASE_NONE,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_initiator_node_name,
      { "InitiatorNodeName", "smb2.ioctl.sqos.initiator_node_name", FT_STRING, BASE_NONE,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_io_count_increment,
      { "IoCountIncrement", "smb2.ioctl.sqos.io_count_increment", FT_UINT64, BASE_DEC,
      NULL, 0, "The total number of I/O requests issued by the initiator on the logical flow", HFILL }
    },

    { &hf_smb2_ioctl_sqos_normalized_io_count_increment,
      { "NormalizedIoCountIncrement", "smb2.ioctl.sqos.normalized_io_count_increment", FT_UINT64, BASE_DEC,
      NULL, 0, "The total number of normalized 8-KB I/O requests issued by the initiator on the logical flow", HFILL }
    },

    { &hf_smb2_ioctl_sqos_latency_increment,
      { "LatencyIncrement", "smb2.ioctl.sqos.latency_increment", FT_UINT64, BASE_DEC,
      NULL, 0, "The total latency (including initiator's queues delays) measured by the initiator", HFILL }
    },

    { &hf_smb2_ioctl_sqos_lower_latency_increment,
      { "LowerLatencyIncrement", "smb2.ioctl.sqos.lower_latency_increment", FT_UINT64, BASE_DEC,
      NULL, 0, "The total latency (excluding initiator's queues delays) measured by the initiator", HFILL }
    },

    { &hf_smb2_ioctl_sqos_bandwidth_limit,
      { "BandwidthLimit", "smb2.ioctl.sqos.bandwidth_limit", FT_UINT64, BASE_DEC,
      NULL, 0, "Desired maximum bandwidth for the logical flow, in kilobytes per second", HFILL }
    },

    { &hf_smb2_ioctl_sqos_kilobyte_count_increment,
      { "KilobyteCountIncrement", "smb2.ioctl.sqos.kilobyte_count_increment", FT_UINT64, BASE_DEC,
      NULL, 0, "The total data transfer length of all I/O requests, in kilobyte units, issued by the initiator on the logical flow", HFILL }
    },

    { &hf_smb2_ioctl_sqos_time_to_live,
      { "TimeToLive", "smb2.ioctl.sqos.time_to_live", FT_UINT32, BASE_DEC,
      NULL, 0, "The expected period of validity of the Status, MaximumIoRate and MinimumIoRate fields, expressed in milliseconds", HFILL }
    },

    { &hf_smb2_ioctl_sqos_status,
      { "Status", "smb2.ioctl.sqos.status", FT_UINT32, BASE_HEX,
      VALS(smb2_ioctl_sqos_status_vals), 0, "The current status of the logical flow", HFILL }
    },

    { &hf_smb2_ioctl_sqos_maximum_io_rate,
      { "MaximumIoRate", "smb2.ioctl.sqos.maximum_io_rate", FT_UINT64, BASE_DEC,
      NULL, 0, "The maximum I/O initiation rate currently assigned to the logical flow, expressed in normalized input/output operations per second (normalized IOPS)", HFILL }
    },

    { &hf_smb2_ioctl_sqos_minimum_io_rate,
      { "MinimumIoRate", "smb2.ioctl.sqos.minimum_io_rate", FT_UINT64, BASE_DEC,
      NULL, 0, "The minimum I/O completion rate currently assigned to the logical flow, expressed in normalized IOPS", HFILL }
    },

    { &hf_smb2_ioctl_sqos_base_io_size,
      { "BaseIoSize", "smb2.ioctl.sqos.base_io_size", FT_UINT32, BASE_DEC,
      NULL, 0, "The base I/O size used to compute the normalized size of an I/O request for the logical flow", HFILL }
    },

    { &hf_smb2_ioctl_sqos_reserved2,
      { "Reserved", "smb2.ioctl.sqos.reserved2", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_sqos_maximum_bandwidth,
      { "MaximumBandwidth", "smb2.ioctl.sqos.maximum_bandwidth", FT_UINT64, BASE_DEC,
      NULL, 0, "The maximum bandwidth currently assigned to the logical flow, expressed in kilobytes per second", HFILL }
    },


    { &hf_windows_sockaddr_family,
      { "Socket Family", "smb2.windows.sockaddr.family", FT_UINT16, BASE_DEC,
      NULL, 0, "The socket address family (on windows)", HFILL }
    },

    { &hf_windows_sockaddr_port,
      { "Socket Port", "smb2.windows.sockaddr.port", FT_UINT16, BASE_DEC,
      NULL, 0, "The socket address port", HFILL }
    },

    { &hf_windows_sockaddr_in_addr,
      { "Socket IPv4", "smb2.windows.sockaddr.in.addr", FT_IPv4, BASE_NONE,
      NULL, 0, "The IPv4 address", HFILL }
    },

    { &hf_windows_sockaddr_in6_flowinfo,
      { "IPv6 Flow Info", "smb2.windows.sockaddr.in6.flow_info", FT_UINT32, BASE_HEX,
      NULL, 0, "The socket IPv6 flow info", HFILL }
    },

    { &hf_windows_sockaddr_in6_addr,
      { "Socket IPv6", "smb2.windows.sockaddr.in6.addr", FT_IPv6, BASE_NONE,
      NULL, 0, "The IPv6 address", HFILL }
    },

    { &hf_windows_sockaddr_in6_scope_id,
      { "IPv6 Scope ID", "smb2.windows.sockaddr.in6.scope_id", FT_UINT32, BASE_DEC,
      NULL, 0, "The socket IPv6 scope id", HFILL }
    },

    { &hf_smb2_ioctl_network_interface_next_offset,
      { "Next Offset", "smb2.ioctl.network_interfaces.next_offset", FT_UINT32, BASE_HEX,
      NULL, 0, "Offset to next entry in chain or 0", HFILL }
    },

    { &hf_smb2_ioctl_network_interface_index,
      { "Interface Index", "smb2.ioctl.network_interfaces.index", FT_UINT32, BASE_DEC,
      NULL, 0, "The index of the interface", HFILL }
    },

    { &hf_smb2_ioctl_network_interface_reserved,
      { "Reserved", "smb2.ioctl.network_interfaces.reserved", FT_UINT32, BASE_DEC,
      NULL, 0, "Was RSS Queue Count", HFILL }
    },

    { &hf_smb2_ioctl_network_interface_capabilities,
      { "Interface Cababilities", "smb2.ioctl.network_interfaces.capabilities", FT_UINT32, BASE_HEX,
      NULL, 0, "The capabilities of the network interface", HFILL }
    },

    { &hf_smb2_ioctl_network_interface_capability_rss,
      { "RSS", "smb2.ioctl.network_interfaces.capabilities.rss", FT_BOOLEAN, 32,
      TFS(&tfs_smb2_ioctl_network_interface_capability_rss), NETWORK_INTERFACE_CAP_RSS, "If the host supports RSS", HFILL }
    },

    { &hf_smb2_ioctl_network_interface_capability_rdma,
      { "RDMA", "smb2.ioctl.network_interfaces.capabilities.rdma", FT_BOOLEAN, 32,
      TFS(&tfs_smb2_ioctl_network_interface_capability_rdma), NETWORK_INTERFACE_CAP_RDMA, "If the host supports RDMA", HFILL }
    },

    { &hf_smb2_ioctl_network_interface_link_speed,
      { "Link Speed", "smb2.ioctl.network_interfaces.link_speed", FT_UINT64, BASE_DEC,
      NULL, 0, "The link speed of the interface", HFILL }
    },

    { &hf_smb2_ioctl_enumerate_snapshots_num_snapshots,
      { "Number of snapshots", "smb2.ioctl.enumerate_snapshots.num_snapshots", FT_UINT32, BASE_DEC,
      NULL, 0, "Number of previous versions associated with the volume", HFILL }
    },

    { &hf_smb2_ioctl_enumerate_snapshots_num_snapshots_returned,
      { "Number of snapshots returned", "smb2.ioctl.enumerate_snapshots.num_snapshots_returned", FT_UINT32, BASE_DEC,
      NULL, 0, "Number of previous version time stamps returned", HFILL }
    },

    { &hf_smb2_ioctl_enumerate_snapshots_snapshot_array_size,
      { "Array size", "smb2.ioctl.enumerate_snapshots.array_size", FT_UINT32, BASE_DEC,
      NULL, 0, "Number of bytes for snapshot time stamp strings", HFILL }
    },

    { &hf_smb2_ioctl_enumerate_snapshots_snapshot,
      { "Snapshot", "smb2.ioctl.enumerate_snapshots.snapshot", FT_STRINGZ, BASE_NONE,
      NULL, 0, "Time stamp of previous version", HFILL }
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_volume_serial, {
      "VolumeSerialNumber",
      "smb2.ioctl.get_ntfs_volume_data.volume_serial_number",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Volume Serial Number", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_num_sectors, {
      "NumberSectors",
      "smb2.ioctl.get_ntfs_volume_data.num_sectors",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Number Sectors", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_total_clusters, {
      "TotalClusters",
      "smb2.ioctl.get_ntfs_volume_data.total_clusters",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Total Clusters", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_free_clusters, {
      "FreeClusters",
      "smb2.ioctl.get_ntfs_volume_data.free_clusters",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Free Clusters", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_total_reserved, {
      "TotalReserved",
      "smb2.ioctl.get_ntfs_volume_data.total_reserved",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Total Reserved", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_sector, {
      "BytesPerSector",
      "smb2.ioctl.get_ntfs_volume_data.bytes_per_sector",
      FT_UINT32, BASE_DEC,
      NULL, 0, "Bytes Per Sector", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_cluster, {
      "BytesPerCluster",
      "smb2.ioctl.get_ntfs_volume_data.bytes_per_cluster",
      FT_UINT32, BASE_DEC,
      NULL, 0, "Bytes Per Cluster", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_bytes_per_file_record_segment, {
      "BytesPerFileRecordSegment",
      "smb2.ioctl.get_ntfs_volume_data.bytes_per_file_record_segment",
      FT_UINT32, BASE_DEC,
      NULL, 0, "Bytes Per File Record Segment", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_clusters_per_file_record_segment, {
      "ClustersPerFileRecordSegment",
      "smb2.ioctl.get_ntfs_volume_data.clusters_per_file_record_segment",
      FT_UINT32, BASE_DEC,
      NULL, 0, "Clusters Per File Record Segment", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_mft_valid_data_length, {
      "MftValidDataLength",
      "smb2.ioctl.get_ntfs_volume_data.mft_valid_data_length",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Mft Valid Data Length", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_mft_start_lcn, {
      "MftStartLcn",
      "smb2.ioctl.get_ntfs_volume_data.mft_start_lcn",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Mft Start Lcn", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_mft2_start_lcn, {
      "Mft2StartLcn",
      "smb2.ioctl.get_ntfs_volume_data.mft2_start_lcn",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Mft2 Start Lcn", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_mft_zone_start, {
      "MftZoneStart",
      "smb2.ioctl.get_ntfs_volume_data.mft_zone_start",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Mft Zone Start", HFILL },
    },

    { &hf_smb2_ioctl_get_ntfs_volume_data_mft_zone_end, {
      "MftZoneEnd",
      "smb2.ioctl.get_ntfs_volume_data.mft_zone_end",
      FT_UINT64, BASE_DEC,
      NULL, 0, "Mft Zone End", HFILL },
    },

    { &hf_smb2_tree_connect_flags,
      { "Flags", "smb2.tc.flags", FT_UINT16, BASE_HEX,
      NULL, 0, "Tree Connect flags", HFILL }
    },

    { &hf_smb2_tc_cluster_reconnect,
      { "Cluster Reconnect", "smb2.tc.cluster_reconnect", FT_BOOLEAN, 16,
      TFS(&tfs_set_notset), 0x0001, "If this is a Cluster Reconnect", HFILL }
    },

    { &hf_smb2_tc_redirect_to_owner,
      { "Redirect To Owner", "smb2.tc.redirect_to_owner", FT_BOOLEAN, 16,
      TFS(&tfs_set_notset), 0x0002, "Set if the client can handle Share Redirects", HFILL }
    },

    { &hf_smb2_tc_extension_present,
      { "Extension Present", "smb2.tc.extension_present", FT_BOOLEAN, 16,
      TFS(&tfs_set_notset), 0x0004, "Set if an extension structure is present", HFILL }
    },

    { &hf_smb2_tc_reserved,
      { "Reserved", "smb2.tc.reserved", FT_UINT16, BASE_HEX,
      NULL, 0xFFF8, "Must be zero", HFILL }
    },

    { &hf_smb2_compression_format,
      { "Compression Format", "smb2.compression_format", FT_UINT16, BASE_DEC,
      VALS(compression_format_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_checksum_algorithm,
      { "Checksum Algorithm", "smb2.checksum_algorithm", FT_UINT16, BASE_HEX,
      VALS(checksum_algorithm_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_integrity_reserved,
      { "Reserved", "smb2.integrity_reserved", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_integrity_flags,
      { "Flags", "smb2.integrity_flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_integrity_flags_enforcement_off,
      { "FSCTL_INTEGRITY_FLAG_CHECKSUM_ENFORCEMENT_OFF", "smb2.integrity_flags_enforcement", FT_BOOLEAN, 32,
      NULL, 0x1, "If checksum error enforcement is off", HFILL }
    },

    { &hf_smb2_integrity_crc_chunk_size,
      { "Checksum Chunk Size", "smb2.integrity_crc_chunk_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_integrity_cluster_size,
      { "Cluster Size", "smb2.cluster_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_share_type,
      { "Share Type", "smb2.share_type", FT_UINT8, BASE_HEX,
      VALS(smb2_share_type_vals), 0, "Type of share", HFILL }
    },

    { &hf_smb2_credit_charge,
      { "Credit Charge", "smb2.credit.charge", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_credits_requested,
      { "Credits requested", "smb2.credits.requested", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_credits_granted,
      { "Credits granted", "smb2.credits.granted", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_channel_sequence,
      { "Channel Sequence", "smb2.channel_sequence", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_dialect_count,
      { "Dialect count", "smb2.dialect_count", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_dialect,
      { "Dialect", "smb2.dialect", FT_UINT16, BASE_HEX,
      VALS(smb2_dialect_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_security_mode,
      { "Security mode", "smb2.sec_mode", FT_UINT8, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_session_flags,
      { "Session Flags", "smb2.session_flags", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lock_count,
      { "Lock Count", "smb2.lock_count", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lock_sequence_number,
      { "Lock Sequence Number", "smb2.lock_sequence_number", FT_UINT32, BASE_DEC,
      NULL, 0x0000000F, NULL, HFILL }
    },

    { &hf_smb2_lock_sequence_index,
      { "Lock Sequence Index", "smb2.lock_sequence_index", FT_UINT32, BASE_DEC,
      NULL, 0xFFFFFFF0, NULL, HFILL }
    },

    { &hf_smb2_capabilities,
      { "Capabilities", "smb2.capabilities", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_auth_frame,
      { "Authenticated in Frame", "smb2.auth_frame", FT_FRAMENUM, BASE_NONE,
      NULL, 0, "Which frame this user was authenticated in", HFILL }
    },

    { &hf_smb2_tcon_frame,
      { "Connected in Frame", "smb2.tcon_frame", FT_FRAMENUM, BASE_NONE,
      NULL, 0, "Which frame this share was connected in", HFILL }
    },

    { &hf_smb2_tdcon_frame,
      { "Disconnected in Frame", "smb2.tdcon_frame", FT_FRAMENUM, BASE_NONE,
      NULL, 0, "Which frame this share was disconnected in", HFILL }
    },

    { &hf_smb2_tag,
      { "Tag", "smb2.tag", FT_STRING, BASE_NONE,
      NULL, 0, "Tag of chain entry", HFILL }
    },

    { &hf_smb2_acct_name,
      { "Account", "smb2.acct", FT_STRING, BASE_NONE,
      NULL, 0, "Account Name", HFILL }
    },

    { &hf_smb2_domain_name,
      { "Domain", "smb2.domain", FT_STRING, BASE_NONE,
      NULL, 0, "Domain Name", HFILL }
    },

    { &hf_smb2_host_name,
      { "Host", "smb2.host", FT_STRING, BASE_NONE,
      NULL, 0, "Host Name", HFILL }
    },

    { &hf_smb2_signature,
      { "Signature", "smb2.signature", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_unknown,
      { "Unknown", "smb2.unknown", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_twrp_timestamp,
      { "Timestamp", "smb2.twrp_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
      NULL, 0, "TWrp timestamp", HFILL }
    },

    { &hf_smb2_mxac_timestamp,
      { "Timestamp", "smb2.mxac_timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
      NULL, 0, "MxAc timestamp", HFILL }
    },

    { &hf_smb2_mxac_status,
      { "Query Status", "smb2.mxac_status", FT_UINT32, BASE_HEX | BASE_EXT_STRING,
      &NT_errors_ext, 0, "NT Status code", HFILL }
    },

    { &hf_smb2_qfid_fid,
      { "Opaque File ID", "smb2.qfid_fid", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ses_flags_guest,
      { "Guest", "smb2.ses_flags.guest", FT_BOOLEAN, 16,
      NULL, SES_FLAGS_GUEST, NULL, HFILL }
    },

    { &hf_smb2_ses_flags_null,
      { "Null", "smb2.ses_flags.null", FT_BOOLEAN, 16,
      NULL, SES_FLAGS_NULL, NULL, HFILL }
    },

    { &hf_smb2_ses_flags_encrypt,
      { "Encrypt", "smb2.ses_flags.encrypt", FT_BOOLEAN, 16,
      NULL, SES_FLAGS_ENCRYPT, NULL, HFILL }},

    { &hf_smb2_secmode_flags_sign_required,
      { "Signing required", "smb2.sec_mode.sign_required", FT_BOOLEAN, 8,
      NULL, NEGPROT_SIGN_REQ, "Is signing required", HFILL }
    },

    { &hf_smb2_secmode_flags_sign_enabled,
      { "Signing enabled", "smb2.sec_mode.sign_enabled", FT_BOOLEAN, 8,
      NULL, NEGPROT_SIGN_ENABLED, "Is signing enabled", HFILL }
    },

    { &hf_smb2_ses_req_flags,
      { "Flags", "smb2.ses_req_flags", FT_UINT8, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ses_req_flags_session_binding,
      { "Session Binding Request", "smb2.ses_req_flags.session_binding", FT_BOOLEAN, 8,
      NULL, SES_REQ_FLAGS_SESSION_BINDING, "The client wants to bind to an existing session", HFILL }
    },

    { &hf_smb2_cap_dfs,
      { "DFS", "smb2.capabilities.dfs", FT_BOOLEAN, 32,
      TFS(&tfs_cap_dfs), NEGPROT_CAP_DFS, "If the host supports dfs", HFILL }
    },

    { &hf_smb2_cap_leasing,
      { "LEASING", "smb2.capabilities.leasing", FT_BOOLEAN, 32,
      TFS(&tfs_cap_leasing), NEGPROT_CAP_LEASING, "If the host supports leasing", HFILL }
    },

    { &hf_smb2_cap_large_mtu,
      { "LARGE MTU", "smb2.capabilities.large_mtu", FT_BOOLEAN, 32,
      TFS(&tfs_cap_large_mtu), NEGPROT_CAP_LARGE_MTU, "If the host supports LARGE MTU", HFILL }
    },

    { &hf_smb2_cap_multi_channel,
      { "MULTI CHANNEL", "smb2.capabilities.multi_channel", FT_BOOLEAN, 32,
      TFS(&tfs_cap_multi_channel), NEGPROT_CAP_MULTI_CHANNEL, "If the host supports MULTI CHANNEL", HFILL }
    },

    { &hf_smb2_cap_persistent_handles,
      { "PERSISTENT HANDLES", "smb2.capabilities.persistent_handles", FT_BOOLEAN, 32,
      TFS(&tfs_cap_persistent_handles), NEGPROT_CAP_PERSISTENT_HANDLES, "If the host supports PERSISTENT HANDLES", HFILL }
    },

    { &hf_smb2_cap_directory_leasing,
      { "DIRECTORY LEASING", "smb2.capabilities.directory_leasing", FT_BOOLEAN, 32,
      TFS(&tfs_cap_directory_leasing), NEGPROT_CAP_DIRECTORY_LEASING, "If the host supports DIRECTORY LEASING", HFILL }
    },

    { &hf_smb2_cap_encryption,
      { "ENCRYPTION", "smb2.capabilities.encryption", FT_BOOLEAN, 32,
      TFS(&tfs_cap_encryption), NEGPROT_CAP_ENCRYPTION, "If the host supports ENCRYPTION", HFILL }
    },

    { &hf_smb2_cap_notifications,
      { "NOTIFICATIONS", "smb2.capabilities.notifications", FT_BOOLEAN, 32,
      TFS(&tfs_cap_notifications), NEGPROT_CAP_NOTIFICATIONS, "If the host supports receiving notifications from server", HFILL }
    },

    { &hf_smb2_max_trans_size,
      { "Max Transaction Size", "smb2.max_trans_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_max_read_size,
      { "Max Read Size", "smb2.max_read_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_max_write_size,
      { "Max Write Size", "smb2.max_write_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_channel,
      { "Channel", "smb2.channel", FT_UINT32, BASE_HEX,
      VALS(smb2_channel_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_rdma_v1_offset,
      { "Offset", "smb2.buffer_descriptor.offset", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_rdma_v1_token,
      { "Token", "smb2.buffer_descriptor.token", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_rdma_v1_length,
      { "Length", "smb2.buffer_descriptor.length", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_share_flags,
      { "Share flags", "smb2.share_flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_share_flags_dfs,
      { "DFS", "smb2.share_flags.dfs", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_dfs, "The specified share is present in a Distributed File System (DFS) tree structure", HFILL }
    },

    { &hf_smb2_share_flags_dfs_root,
      { "DFS root", "smb2.share_flags.dfs_root", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_dfs_root, "The specified share is present in a Distributed File System (DFS) tree structure", HFILL }
    },

    { &hf_smb2_share_flags_restrict_exclusive_opens,
      { "Restrict exclusive opens", "smb2.share_flags.restrict_exclusive_opens", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_restrict_exclusive_opens, "The specified share disallows exclusive file opens that deny reads to an open file", HFILL }
    },

    { &hf_smb2_share_flags_force_shared_delete,
      { "Force shared delete", "smb2.share_flags.force_shared_delete", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_force_shared_delete, "Shared files in the specified share can be forcibly deleted", HFILL }
    },

    { &hf_smb2_share_flags_allow_namespace_caching,
      { "Allow namespace caching", "smb2.share_flags.allow_namespace_caching", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_allow_namespace_caching, "Clients are allowed to cache the namespace of the specified share", HFILL }
    },

    { &hf_smb2_share_flags_access_based_dir_enum,
      { "Access based directory enum", "smb2.share_flags.access_based_dir_enum", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_access_based_dir_enum, "The server will filter directory entries based on the access permissions of the client", HFILL }
    },

    { &hf_smb2_share_flags_force_levelii_oplock,
      { "Force level II oplock", "smb2.share_flags.force_levelii_oplock", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_force_levelii_oplock, "The server will not issue exclusive caching rights on this share", HFILL }
    },

    { &hf_smb2_share_flags_enable_hash_v1,
      { "Enable hash V1", "smb2.share_flags.enable_hash_v1", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_enable_hash_v1, "The share supports hash generation V1 for branch cache retrieval of data (see also section 2.2.31.2 of MS-SMB2)", HFILL }
    },

    { &hf_smb2_share_flags_enable_hash_v2,
      { "Enable hash V2", "smb2.share_flags.enable_hash_v2", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_enable_hash_v2, "The share supports hash generation V2 for branch cache retrieval of data (see also section 2.2.31.2 of MS-SMB2)", HFILL }
    },

    { &hf_smb2_share_flags_encrypt_data,
      { "Encrypted data required", "smb2.share_flags.encrypt_data", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_encryption_required, "The share require data encryption", HFILL }
    },

    { &hf_smb2_share_flags_identity_remoting,
      { "Identity Remoting", "smb2.share_flags.identity_remoting", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_identity_remoting, "The specified share supports Identity Remoting", HFILL }
    },

    { &hf_smb2_share_flags_compress_data,
      { "Compressed IO", "smb2.share_flags.compress_data", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_compress_data, "The share supports compression of read/write messages", HFILL }
    },

    { &hf_smb2_share_flags_isolated_transport,
      { "Isolated Transport", "smb2.share_flags.isolated_transport", FT_BOOLEAN, 32,
      NULL, SHARE_FLAGS_isolated_transport, "The server indicates that administrator set share property telling client that it is preferable to isolate communication to that share on a separate set of connections.", HFILL }
    },

    { &hf_smb2_share_caching,
      { "Caching policy", "smb2.share.caching", FT_UINT32, BASE_HEX,
      VALS(share_cache_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_share_caps,
      { "Share Capabilities", "smb2.share_caps", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_share_caps_dfs,
      { "DFS", "smb2.share_caps.dfs", FT_BOOLEAN, 32,
      NULL, SHARE_CAPS_DFS, "The specified share is present in a DFS tree structure", HFILL }
    },

    { &hf_smb2_share_caps_continuous_availability,
      { "CONTINUOUS AVAILABILITY", "smb2.share_caps.continuous_availability", FT_BOOLEAN, 32,
      NULL, SHARE_CAPS_CONTINUOUS_AVAILABILITY, "The specified share is continuously available", HFILL }
    },

    { &hf_smb2_share_caps_scaleout,
      { "SCALEOUT", "smb2.share_caps.scaleout", FT_BOOLEAN, 32,
      NULL, SHARE_CAPS_SCALEOUT, "The specified share is a scaleout share", HFILL }
    },

    { &hf_smb2_share_caps_cluster,
      { "CLUSTER", "smb2.share_caps.cluster", FT_BOOLEAN, 32,
      NULL, SHARE_CAPS_CLUSTER, "The specified share is a cluster share", HFILL }
    },

    { &hf_smb2_share_caps_asymmetric,
      { "ASYMMETRIC", "smb2.share_caps.asymmetric", FT_BOOLEAN, 32,
      NULL, SHARE_CAPS_ASYMMETRIC, "The specified share allows dynamic changes in ownership of the share", HFILL }
    },

    { &hf_smb2_share_caps_redirect_to_owner,
      { "REDIRECT_TO_OWNER", "smb2.share_caps.redirect_to_owner", FT_BOOLEAN, 32,
      NULL, SHARE_CAPS_REDIRECT_TO_OWNER, "The specified share supports synchronous share level redirection", HFILL }
    },

    { &hf_smb2_ioctl_flags,
      { "Flags", "smb2.ioctl.flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_min_count,
      { "Min Count", "smb2.min_count", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_remaining_bytes,
      { "Remaining Bytes", "smb2.remaining_bytes", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_channel_info_offset,
      { "Channel Info Offset", "smb2.channel_info_offset", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_channel_info_length,
      { "Channel Info Length", "smb2.channel_info_length", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_channel_info_blob,
      { "Channel Info Blob", "smb2.channel_info_blob", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_ioctl_is_fsctl,
      { "Is FSCTL", "smb2.ioctl.is_fsctl", FT_BOOLEAN, 32,
      NULL, 0x00000001, NULL, HFILL }
    },

    { &hf_smb2_output_buffer_len,
      { "Output Buffer Length", "smb2.output_buffer_len", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_close_pq_attrib,
      { "PostQuery Attrib", "smb2.close.pq_attrib", FT_BOOLEAN, 16,
      NULL, 0x0001, NULL, HFILL }
    },

    { &hf_smb2_notify_watch_tree,
      { "Watch Tree", "smb2.notify.watch_tree", FT_BOOLEAN, 16,
      NULL, 0x0001, NULL, HFILL }
    },

    { &hf_smb2_notify_out_data,
      { "Out Data", "smb2.notify.out", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_notify_info,
      { "Notify Info", "smb2.notify.info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_notify_next_offset,
      { "Next Offset", "smb2.notify.next_offset", FT_UINT32, BASE_HEX,
      NULL, 0, "Offset to next entry in chain or 0", HFILL }
    },

    { &hf_smb2_notify_action,
      { "Action", "smb2.notify.action", FT_UINT32, BASE_HEX,
      VALS(notify_action_vals), 0, "Notify Action", HFILL }
    },


    { &hf_smb2_find_flags_restart_scans,
      { "Restart Scans", "smb2.find.restart_scans", FT_BOOLEAN, 8,
      NULL, SMB2_FIND_FLAG_RESTART_SCANS, NULL, HFILL }
    },

    { &hf_smb2_find_flags_single_entry,
      { "Single Entry", "smb2.find.single_entry", FT_BOOLEAN, 8,
      NULL, SMB2_FIND_FLAG_SINGLE_ENTRY, NULL, HFILL }
    },

    { &hf_smb2_find_flags_index_specified,
      { "Index Specified", "smb2.find.index_specified", FT_BOOLEAN, 8,
      NULL, SMB2_FIND_FLAG_INDEX_SPECIFIED, NULL, HFILL }
    },

    { &hf_smb2_find_flags_reopen,
      { "Reopen", "smb2.find.reopen", FT_BOOLEAN, 8,
      NULL, SMB2_FIND_FLAG_REOPEN, NULL, HFILL }
    },

    { &hf_smb2_file_index,
      { "File Index", "smb2.file_index", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_file_directory_info,
      { "FileDirectoryInfo", "smb2.find.file_directory_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_full_directory_info,
      { "FullDirectoryInfo", "smb2.find.full_directory_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_both_directory_info,
      { "FileBothDirectoryInfo", "smb2.find.both_directory_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_id_both_directory_info,
      { "FileIdBothDirectoryInfo", "smb2.find.id_both_directory_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_posix_info,
      { "FilePosixInfo", "smb2.find.posix_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_short_name_len,
      { "Short Name Length", "smb2.short_name_len", FT_UINT8, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_short_name,
      { "Short Name", "smb2.shortname", FT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lock_info,
      { "Lock Info", "smb2.lock_info", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lock_length,
      { "Length", "smb2.lock_length", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lock_flags,
      { "Flags", "smb2.lock_flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_lock_flags_shared,
      { "Shared", "smb2.lock_flags.shared", FT_BOOLEAN, 32,
      NULL, 0x00000001, NULL, HFILL }
    },

    { &hf_smb2_lock_flags_exclusive,
      { "Exclusive", "smb2.lock_flags.exclusive", FT_BOOLEAN, 32,
      NULL, 0x00000002, NULL, HFILL }
    },

    { &hf_smb2_lock_flags_unlock,
      { "Unlock", "smb2.lock_flags.unlock", FT_BOOLEAN, 32,
      NULL, 0x00000004, NULL, HFILL }
    },

    { &hf_smb2_lock_flags_fail_immediately,
      { "Fail Immediately", "smb2.lock_flags.fail_immediately", FT_BOOLEAN, 32,
      NULL, 0x00000010, NULL, HFILL }
    },

    { &hf_smb2_error_context_count,
      { "Error Context Count", "smb2.error.context_count", FT_UINT8, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_reserved,
      { "Reserved", "smb2.error.reserved", FT_UINT8, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_byte_count,
      { "Byte Count", "smb2.error.byte_count", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_data,
      { "Error Data", "smb2.error.data", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_context,
      { "Error Context", "smb2.error.context", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_context_id,
      { "Type", "smb2.error.context.id", FT_UINT32, BASE_HEX,
      VALS(smb2_error_id_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_error_context_length,
      { "Type", "smb2.error.context.length", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_min_buf_length,
      { "Minimum required buffer length", "smb2.error.min_buf_length", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_redir_context,
      { "Share Redirect", "smb2.error.share_redirect", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_redir_struct_size,
      { "Struct Size", "smb2.error.share_redirect.struct_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_redir_notif_type,
      { "Notification Type", "smb2.error.share_redirect.notif_type", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_redir_flags,
      { "Flags", "smb2.error.share_redirect.flags", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_redir_target_type,
      { "Target Type", "smb2.error.share_redirect.target_type", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_redir_ip_count,
      { "IP Addr Count", "smb2.error.share_redirect.ip_count", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_redir_ip_list,
      { "IP Addr List", "smb2.error.share_redirect.ip_list", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_error_redir_res_name,
      { "Resource Name", "smb2.error.share_redirect.res_name", FT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_reserved,
      { "Reserved", "smb2.reserved", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_reserved_random,
      { "Reserved (Random)", "smb2.reserved.random", FT_BYTES, BASE_NONE,
      NULL, 0, "Reserved bytes, random data", HFILL }
    },

    { &hf_smb2_root_directory_mbz,
      { "Root Dir Handle (MBZ)", "smb2.root_directory", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_dhnq_buffer_reserved,
      { "Reserved", "smb2.dhnq_buffer_reserved", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_dh2x_buffer_timeout,
      { "Timeout", "smb2.dh2x.timeout", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_dh2x_buffer_flags,
      { "Flags", "smb2.dh2x.flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_dh2x_buffer_flags_persistent_handle,
      { "Persistent Handle", "smb2.dh2x.flags.persistent_handle", FT_BOOLEAN, 32,
      NULL, SMB2_DH2X_FLAGS_PERSISTENT_HANDLE, NULL, HFILL }
    },

    { &hf_smb2_dh2x_buffer_reserved,
      { "Reserved", "smb2.dh2x.reserved", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_dh2x_buffer_create_guid,
      { "Create Guid", "smb2.dh2x.create_guid", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_APP_INSTANCE_buffer_struct_size,
      { "Struct Size", "smb2.app_instance.struct_size", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_APP_INSTANCE_buffer_reserved,
      { "Reserved", "smb2.app_instance.reserved", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_APP_INSTANCE_buffer_app_guid,
      { "Application Guid", "smb2.app_instance.app_guid", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_version,
      { "Version", "smb2.svhdx_open_device_context.version", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_has_initiator_id,
      { "HasInitiatorId", "smb2.svhdx_open_device_context.initiator_has_id", FT_BOOLEAN, BASE_NONE,
      TFS(&tfs_smb2_svhdx_has_initiator_id), 0, "Whether the host has an initiator", HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_reserved,
      { "Reserved", "smb2.svhdx_open_device_context.reserved", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_initiator_id,
      { "InitiatorId", "smb2.svhdx_open_device_context.initiator_id", FT_GUID, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_flags,
      { "Flags", "smb2.svhdx_open_device_context.flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_originator_flags,
      { "OriginatorFlags", "smb2.svhdx_open_device_context.originator_flags", FT_UINT32, BASE_HEX,
      VALS(originator_flags_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_open_request_id,
      { "OpenRequestId","smb2.svhxd_open_device_context.open_request_id", FT_UINT64, BASE_HEX,
       NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_initiator_host_name_len,
      { "HostNameLength", "smb2.svhxd_open_device_context.initiator_host_name_len", FT_UINT16, BASE_DEC,
       NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_initiator_host_name,
      { "HostName", "smb2.svhdx_open_device_context.host_name", FT_STRING, BASE_NONE,
       NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_virtual_disk_properties_initialized,
      { "VirtualDiskPropertiesInitialized", "smb2.svhdx_open_device_context.virtual_disk_properties_initialized", FT_BOOLEAN, BASE_NONE,
      NULL, 0, "Whether VirtualSectorSize, PhysicalSectorSize, and VirtualSize fields are filled", HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_server_service_version,
      { "ServerServiceVersion", "smb2.svhdx_open_device_context.server_service_version", FT_UINT32, BASE_DEC,
      NULL, 0, "The current version of the protocol running on the server", HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_virtual_sector_size,
      { "VirtualSectorSize", "smb2.svhdx_open_device_context.virtual_sector_size", FT_UINT32, BASE_DEC,
      NULL, 0, "The virtual sector size of the virtual disk", HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_physical_sector_size,
      { "PhysicalSectorSize", "smb2.svhdx_open_device_context.physical_sector_size", FT_UINT32, BASE_DEC,
      NULL, 0, "The physical sector size of the virtual disk", HFILL }
    },

    { &hf_smb2_svhdx_open_device_context_virtual_size,
      { "VirtualSize", "smb2.svhdx_open_device_context.virtual_size", FT_UINT64, BASE_DEC,
      NULL, 0, "The current length of the virtual disk, in bytes", HFILL }
    },

    { &hf_smb2_app_instance_version_struct_size,
      { "Struct Size", "smb2.app_instance_version.struct_size", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_app_instance_version_reserved,
      { "Reserved", "smb2.app_instance_version.reserved", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_app_instance_version_padding,
      { "Padding", "smb2.app_instance_version.padding", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_app_instance_version_high,
      { "AppInstanceVersionHigh", "smb2.app_instance_version.version.high", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_app_instance_version_low,
      { "AppInstanceVersionLow", "smb2.app_instance_version.version.low", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_posix_perms,
      { "POSIX perms", "smb2.posix_perms", FT_UINT32, BASE_OCT,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_aapl_command_code,
      { "Command code", "smb2.aapl.command_code", FT_UINT32, BASE_DEC,
      VALS(aapl_command_code_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_aapl_reserved,
      { "Reserved", "smb2.aapl.reserved", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_bitmask,
      { "Query bitmask", "smb2.aapl.query_bitmask", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_bitmask_server_caps,
      { "Server capabilities", "smb2.aapl.bitmask.server_caps", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_SERVER_CAPS, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_bitmask_volume_caps,
      { "Volume capabilities", "smb2.aapl.bitmask.volume_caps", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_VOLUME_CAPS, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_bitmask_model_info,
      { "Model information", "smb2.aapl.bitmask.model_info", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_MODEL_INFO, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_caps,
      { "Client/Server capabilities", "smb2.aapl.caps", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_caps_supports_read_dir_attr,
      { "Supports READDIRATTR", "smb2.aapl.caps.supports_read_dir_addr", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_SUPPORTS_READ_DIR_ATTR, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_caps_supports_osx_copyfile,
      { "Supports macOS copyfile", "smb2.aapl.caps.supports_osx_copyfile", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_SUPPORTS_OSX_COPYFILE, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_caps_unix_based,
      { "UNIX-based", "smb2.aapl.caps.unix_based", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_UNIX_BASED, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_caps_supports_nfs_ace,
      { "Supports NFS ACE", "smb2.aapl.supports_nfs_ace", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_SUPPORTS_NFS_ACE, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_volume_caps,
      { "Volume capabilities", "smb2.aapl.volume_caps", FT_UINT64, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_volume_caps_support_resolve_id,
      { "Supports Resolve ID", "smb2.aapl.volume_caps.supports_resolve_id", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_SUPPORTS_RESOLVE_ID, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_volume_caps_case_sensitive,
      { "Case sensitive", "smb2.aapl.volume_caps.case_sensitive", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_CASE_SENSITIVE, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_volume_caps_supports_full_sync,
      { "Supports full sync", "smb2.aapl.volume_caps.supports_full_sync", FT_BOOLEAN, 64,
      NULL, SMB2_AAPL_SUPPORTS_FULL_SYNC, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_model_string,
      { "Model string", "smb2.aapl.model_string", FT_UINT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_aapl_server_query_server_path,
      { "Server path", "smb2.aapl.server_path", FT_UINT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_transform_signature,
      { "Signature", "smb2.header.transform.signature", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_transform_nonce,
      { "Nonce", "smb2.header.transform.nonce", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_transform_msg_size,
      { "Message size", "smb2.header.transform.msg_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_transform_reserved,
      { "Reserved", "smb2.header.transform.reserved", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    /* SMB2 header flags  */
    { &hf_smb2_transform_flags,
      { "Flags", "smb2.header.transform.flags", FT_UINT16, BASE_HEX,
      NULL, 0, "SMB2 transform flags", HFILL }
    },

    { &hf_smb2_transform_flags_encrypted,
      { "Encrypted", "smb2.header.transform.flags.encrypted", FT_BOOLEAN, 16,
      NULL, SMB2_TRANSFORM_FLAGS_ENCRYPTED,
      "Whether the payload is encrypted", HFILL }
    },

    { &hf_smb2_transform_encrypted_data,
      { "Data", "smb2.header.transform.enc_data", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_transform_orig_size,
      { "OriginalSize", "smb2.header.comp_transform.original_size", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_transform_comp_alg,
      { "CompressionAlgorithm", "smb2.header.comp_transform.comp_alg", FT_UINT16, BASE_HEX,
      VALS(smb2_comp_alg_types), 0, NULL, HFILL }
    },

    { &hf_smb2_comp_transform_flags,
      { "Flags", "smb2.header.comp_transform.flags", FT_UINT16, BASE_HEX,
        VALS(smb2_comp_transform_flags_vals), 0, NULL, HFILL }
    },

    { &hf_smb2_comp_transform_offset,
      { "Offset", "smb2.header.comp_transform.offset", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_transform_length,
      { "Length", "smb2.header.comp_transform.length", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_transform_data,
      { "CompressedData", "smb2.header.comp_transform.data", FT_BYTES, BASE_NONE,
        NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_transform_orig_payload_size,
      { "OriginalPayloadSize", "smb2.header.comp_transform.orig_payload_size", FT_UINT32, BASE_DEC,
        NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_pattern_v1_pattern,
      { "Pattern", "smb2.pattern_v1.pattern", FT_UINT8, BASE_HEX,
        NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_pattern_v1_reserved1,
      { "Reserved1", "smb2.pattern_v1.reserved1", FT_UINT8, BASE_HEX,
        NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_pattern_v1_reserved2,
      { "Reserved2", "smb2.pattern_v1.reserved2", FT_UINT16, BASE_HEX,
        NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_comp_pattern_v1_repetitions,
      { "Repetitions", "smb2.pattern_v1.repetitions", FT_UINT32, BASE_DEC,
        NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_protocol_id,
      { "ProtocolId", "smb2.protocol_id", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_truncated,
      { "Truncated...", "smb2.truncated", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },

    { &hf_smb2_pipe_fragment_overlap,
      { "Fragment overlap", "smb2.pipe.fragment.overlap", FT_BOOLEAN, BASE_NONE,
      NULL, 0x0, "Fragment overlaps with other fragments", HFILL }
    },

    { &hf_smb2_pipe_fragment_overlap_conflict,
      { "Conflicting data in fragment overlap", "smb2.pipe.fragment.overlap.conflict", FT_BOOLEAN, BASE_NONE,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_pipe_fragment_multiple_tails,
      { "Multiple tail fragments found", "smb2.pipe.fragment.multipletails", FT_BOOLEAN, BASE_NONE,
      NULL, 0x0, "Several tails were found when defragmenting the packet", HFILL }
    },

    { &hf_smb2_pipe_fragment_too_long_fragment,
      { "Fragment too long", "smb2.pipe.fragment.toolongfragment", FT_BOOLEAN, BASE_NONE,
      NULL, 0x0, "Fragment contained data past end of packet", HFILL }
    },

    { &hf_smb2_pipe_fragment_error,
      { "Defragmentation error", "smb2.pipe.fragment.error", FT_FRAMENUM, BASE_NONE,
      NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }
    },

    { &hf_smb2_pipe_fragment_count,
      { "Fragment count", "smb2.pipe.fragment.count", FT_UINT32, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_pipe_fragment,
      { "Fragment SMB2 Named Pipe", "smb2.pipe.fragment", FT_FRAMENUM, BASE_NONE,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_pipe_fragments,
      { "Reassembled SMB2 Named Pipe fragments", "smb2.pipe.fragments", FT_NONE, BASE_NONE,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_pipe_reassembled_in,
      { "This SMB2 Named Pipe payload is reassembled in frame", "smb2.pipe.reassembled_in", FT_FRAMENUM, BASE_NONE,
      NULL, 0x0, "The Named Pipe PDU is completely reassembled in this frame", HFILL }
    },

    { &hf_smb2_pipe_reassembled_length,
      { "Reassembled SMB2 Named Pipe length", "smb2.pipe.reassembled.length", FT_UINT32, BASE_DEC,
      NULL, 0x0, "The total length of the reassembled payload", HFILL }
    },

    { &hf_smb2_pipe_reassembled_data,
      { "Reassembled SMB2 Named Pipe Data", "smb2.pipe.reassembled.data", FT_BYTES, BASE_NONE,
      NULL, 0x0, "The reassembled payload", HFILL }
    },

    { &hf_smb2_cchunk_resume_key,
      { "ResumeKey", "smb2.fsctl.cchunk.resume_key", FT_BYTES, BASE_NONE,
      NULL, 0x0, "Opaque data representing source of copy", HFILL }
    },

    { &hf_smb2_cchunk_count,
      { "Chunk Count", "smb2.fsctl.cchunk.count", FT_UINT32, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_cchunk_src_offset,
      { "Source Offset", "smb2.fsctl.cchunk.src_offset", FT_UINT64, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_cchunk_dst_offset,
      { "Target Offset", "smb2.fsctl.cchunk.dst_offset", FT_UINT64, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_cchunk_xfer_len,
      { "Transfer Length", "smb2.fsctl.cchunk.xfer_len", FT_UINT32, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_cchunk_chunks_written,
      { "Chunks Written", "smb2.fsctl.cchunk.chunks_written", FT_UINT32, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_cchunk_bytes_written,
      { "Chunk Bytes Written", "smb2.fsctl.cchunk.bytes_written", FT_UINT32, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_cchunk_total_written,
      { "Total Bytes Written", "smb2.fsctl.cchunk.total_written", FT_UINT32, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_dupext_src_offset,
      { "Source File Offset", "smb2.fsctl.dupext.src_offset", FT_UINT64, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_dupext_dst_offset,
      { "Target File Offset", "smb2.fsctl.dupext.dst_offset", FT_UINT64, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_dupext_byte_count,
      { "Byte Count", "smb2.fsctl.dupext.byte_count", FT_UINT64, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },

    { &hf_smb2_reparse_tag,
      { "Reparse Tag", "smb2.reparse_tag", FT_UINT32, BASE_HEX,
      VALS(reparse_tag_vals), 0x0, NULL, HFILL }
    },
    { &hf_smb2_reparse_guid,
      { "Reparse GUID", "smb2.reparse_guid", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },
    { &hf_smb2_reparse_data_length,
      { "Reparse Data Length", "smb2.reparse_data_length", FT_UINT16, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_reparse_data_buffer,
      { "Reparse Data Buffer", "smb2.reparse_data_buffer", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },
    { &hf_smb2_nfs_type,
      { "NFS file type", "smb2.nfs.type", FT_UINT64, BASE_HEX|BASE_VAL64_STRING,
      VALS64(nfs_type_vals), 0x0, NULL, HFILL }
    },
    { &hf_smb2_nfs_symlink_target,
      { "Symlink Target", "smb2.nfs.symlink.target", FT_STRING,
      BASE_NONE, NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_nfs_chr_major,
      { "Major", "smb2.nfs.char.major", FT_UINT32,
      BASE_HEX, NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_nfs_chr_minor,
      { "Minor", "smb2.nfs.char.minor", FT_UINT32,
      BASE_HEX, NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_nfs_blk_major,
      { "Major", "smb2.nfs.block.major", FT_UINT32,
      BASE_HEX, NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_nfs_blk_minor,
      { "Minor", "smb2.nfs.block.minor", FT_UINT32,
      BASE_HEX, NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_symlink_error_response,
      { "Symbolic Link Error Response", "smb2.symlink_error_response", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }
    },
    { &hf_smb2_symlink_length,
      { "SymLink Length", "smb2.symlink.length", FT_UINT32,
      BASE_DEC, NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_symlink_error_tag,
      { "SymLink Error Tag", "smb2.symlink.error_tag", FT_UINT32,
      BASE_HEX, NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_unparsed_path_length,
      { "Unparsed Path Length", "smb2.symlink.unparsed_path_length", FT_UINT16, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_symlink_substitute_name,
      { "Substitute Name", "smb2.symlink.substitute_name", FT_STRING, BASE_NONE,
      NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_symlink_print_name,
      { "Print Name", "smb2.symlink.print_name", FT_STRING, BASE_NONE,
      NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_symlink_flags,
      { "Flags", "smb2.symlink.flags", FT_UINT32, BASE_DEC,
      NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_fscc_file_attr,
      { "File Attributes", "smb2.file_attribute", FT_UINT32, BASE_HEX,
      NULL, 0x0, NULL, HFILL }
    },
    { &hf_smb2_fscc_file_attr_read_only,
      { "Read Only", "smb2.file_attribute.read_only", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_READ_ONLY, "READ ONLY file attribute", HFILL } },

    { &hf_smb2_fscc_file_attr_hidden,
      { "Hidden", "smb2.file_attribute.hidden", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_HIDDEN, "HIDDEN file attribute", HFILL } },

    { &hf_smb2_fscc_file_attr_system,
      { "System", "smb2.file_attribute.system", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_SYSTEM, "SYSTEM file attribute", HFILL } },

    { &hf_smb2_fscc_file_attr_directory,
      { "Directory", "smb2.file_attribute.directory", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_DIRECTORY, "DIRECTORY file attribute", HFILL } },

    { &hf_smb2_fscc_file_attr_archive,
      { "Requires archived", "smb2.file_attribute.archive", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_ARCHIVE, "ARCHIVE file attribute", HFILL } },

    { &hf_smb2_fscc_file_attr_normal,
      { "Normal", "smb2.file_attribute.normal", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_NORMAL, "Is this a normal file?", HFILL } },

    { &hf_smb2_fscc_file_attr_temporary,
      { "Temporary", "smb2.file_attribute.temporary", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_TEMPORARY, "Is this a temporary file?", HFILL } },

    { &hf_smb2_fscc_file_attr_sparse_file,
      { "Sparse", "smb2.file_attribute.sparse", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_SPARSE_FILE, "Is this a sparse file?", HFILL } },

    { &hf_smb2_fscc_file_attr_reparse_point,
      { "Reparse Point", "smb2.file_attribute.reparse", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_reparse), SMB2_FSCC_FILE_ATTRIBUTE_REPARSE_POINT, "Does this file have an associated reparse point?", HFILL } },

    { &hf_smb2_fscc_file_attr_compressed,
      { "Compressed", "smb2.file_attribute.compressed", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_compressed), SMB2_FSCC_FILE_ATTRIBUTE_COMPRESSED, "Is this file compressed?", HFILL } },

    { &hf_smb2_fscc_file_attr_offline,
      { "Offline", "smb2.file_attribute.offline", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_offline), SMB2_FSCC_FILE_ATTRIBUTE_OFFLINE, "Is this file offline?", HFILL } },

    { &hf_smb2_fscc_file_attr_not_content_indexed,
      { "Not Content Indexed", "smb2.file_attribute.not_content_indexed", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_not_content_indexed), SMB2_FSCC_FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, "May this file be indexed by the content indexing service", HFILL } },

    { &hf_smb2_fscc_file_attr_encrypted,
      { "Encrypted", "smb2.file_attribute.encrypted", FT_BOOLEAN, 32,
      TFS(&tfs_yes_no), SMB2_FSCC_FILE_ATTRIBUTE_ENCRYPTED, "Is this file encrypted?", HFILL } },

    { &hf_smb2_fscc_file_attr_integrity_stream,
      { "Integrity Stream", "smb2.file_attribute.integrity_stream", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_integrity_stream), SMB2_FSCC_FILE_ATTRIBUTE_INTEGRITY_STREAM, "Is this file configured with integrity support?", HFILL } },

    { &hf_smb2_fscc_file_attr_no_scrub_data,
      { "No Scrub Data", "smb2.file_attribute.no_scrub_data", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_no_scrub_data), SMB2_FSCC_FILE_ATTRIBUTE_NO_SCRUB_DATA, "Is this file configured to be excluded from the data integrity scan?", HFILL } },

    { &hf_smb2_fscc_file_attr_recall_on_open,
      { "Recall on open", "smb2.file_attribute.recall_on_open", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_recall_on_open), SMB2_FSCC_FILE_ATTRIBUTE_RECALL_ON_OPEN, "When OPENED does some/all of the file/dir need to be fetched from remote storage?", HFILL } },

    { &hf_smb2_fscc_file_attr_pinned,
      { "Pinned", "smb2.file_attribute.pinned", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_pinned), SMB2_FSCC_FILE_ATTRIBUTE_PINNED, "Should the file/dir be kept fully present locally even when not being used?", HFILL } },

    { &hf_smb2_fscc_file_attr_unpinned,
      { "Unpinned", "smb2.file_attribute.unpinned", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_unpinned), SMB2_FSCC_FILE_ATTRIBUTE_UNPINNED, "Should file/dir NOT be fully kept locally except when ACCESSED?", HFILL } },

    { &hf_smb2_fscc_file_attr_recall_on_data_access,
      { "Recall on data access", "smb2.file_attribute.recall_on_data_access", FT_BOOLEAN, 32,
      TFS(&tfs_fscc_file_attribute_recall_on_data_access), SMB2_FSCC_FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS, "Should the remote content be fetched when ACCESSED?", HFILL } },

    { &hf_smb2_fsctl_infoex_enable_integrity,
      {"Enable Integrity", "smb2.fsctl.infoex.enable_integrity", FT_UINT8, BASE_HEX,
      VALS(smb2_fsctl_infoex_integrity_modes), 0, NULL, HFILL } },

    { &hf_smb2_fsctl_infoex_keep_integrity_state,
      {"Integrity State", "smb2.fsctl.infoex.keep_integrity_state", FT_UINT8, BASE_HEX,
      VALS(smb2_fsctl_infoex_integrity_state), 0, NULL, HFILL } },

    { &hf_smb2_fsctl_infoex_reserved,
      {"Reserved", "smb2.fsctl.infoex.reserved", FT_UINT16, BASE_HEX,
      NULL, 0, NULL, HFILL } },

    { &hf_smb2_fsctl_infoex_flags,
      { "Flags", "smb2.fsctl.infoex.flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL } },

    { &hf_smb2_fsctl_infoex_version,
      { "Version", "smb2.fsctl.infoex.version", FT_UINT8, BASE_DEC,
      NULL, 0, NULL, HFILL } },

    { &hf_smb2_fsctl_infoex_reserved2,
      { "Reserved", "smb2.fsctl.infoex.reserved2", FT_UINT56, BASE_HEX,
      NULL, 0, NULL, HFILL } },

    { &hf_smb2_query_info_flags,
      {"Flags", "smb2.query_info.flags", FT_UINT32, BASE_HEX,
      NULL, 0, NULL, HFILL }},

    { &hf_smb2_query_info_flag_restart_scan,
      {"SL Restart Scan", "smb2.query_info.flags.restart_scan", FT_BOOLEAN, 32,
      NULL, SMB2_SL_RESTART_SCAN, "Restart the scan for EAs from the beginning", HFILL } },

    { &hf_smb2_query_info_flag_return_single_entry,
      {"SL Return Single Entry", "smb2.query_info.flags.return_single_entry", FT_BOOLEAN, 32,
      NULL, SMB2_SL_RETURN_SINGLE_ENTRY, "Return a single EA entry in the response buffer.", HFILL } },

    { &hf_smb2_query_info_flag_index_specified,
      {"SL Index Specified", "smb2.query_info.flags.index_specified", FT_BOOLEAN, 32,
      NULL, SL_INDEX_SPECIFIED, "The caller has specified an EA index.", HFILL } },

    { &hf_smb2_notification_type,
      { "Notification Type", "smb2.notification.type", FT_UINT32, BASE_HEX,
      VALS(server_notification_types), 0, NULL, HFILL } },

    {
      &hf_smb2_fscc_refs_snapshot_mgmt_operation,
      { "Operation", "smb2.refs.snapshot.mgmt.op", FT_UINT32, BASE_HEX,
      VALS(refs_stream_snapshot_operation_types), 0, NULL, HFILL }},

    {
      &hf_smb2_fscc_refs_snapshot_mgmt_namelen,
      { "Name Length", "smb2.refs.snapshot.mgmt.namelen", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    {
      &hf_smb2_fscc_refs_snapshot_mgmt_input_buffer_len,
      { "Input Buffer Length", "smb2.refs.snapshot.mgmt.input_buffer_len", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    {
      &hf_smb2_fscc_refs_snapshot_mgmt_reserved,
      { "Reserved", "smb2.refs.snapshot.mgmt.reserved", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }},

    {
      &hf_smb2_fscc_refs_snapshot_mgmt_name,
      { "Name", "smb2.refs.snapshot.mgmt.name", FT_STRING, BASE_NONE,
      NULL, 0x0, NULL, HFILL }},

    {
      &hf_smb2_fscc_refs_snapshot_query_delta_buffer_startvcn,
      { "Starting VCN", "smb2.refs.snapshot.query.delta_buffer.startvcn", FT_UINT64, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    {
      &hf_smb2_fscc_refs_snapshot_query_delta_buffer_flags,
      { "Flags", "smb2.refs.snapshot.query.delta_buffer.flags", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    {
      &hf_smb2_fscc_refs_snapshot_query_delta_buffer_reserved,
      { "Reserved", "smb2.refs.snapshot.query.delta_buffer.reserved", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }},

    { &hf_smb2_flush_reserved2,
      { "Reserved2", "smb2.flush.reserved2", FT_BYTES, BASE_NONE,
      NULL, 0, NULL, HFILL }},

    /* FSCTL_DFS_GET_REFERRALS_EX fields */
    { &hf_smb2_dfs_max_referral_level,
      { "Max referral level", "smb2.fsctl.max_referral_level", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},
    { &hf_smb2_dfs_request_flags,
      { "Request flags", "smb2.fsctl.request_flags", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},
    { &hf_smb2_dfs_request_data_len,
      { "Request data length", "smb2.fsctl.request_data_len", FT_UINT32, BASE_DEC,
      NULL, 0, NULL, HFILL }},
    { &hf_smb2_dfs_request_data,
      { "Request Data", "smb2.fsctl.request_data", FT_NONE, BASE_NONE,
      NULL, 0, NULL, HFILL }},
    { &hf_smb2_dfs_request_data_file,
      { "File", "smb2.fsctl.request_data_file", FT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }},
    { &hf_smb2_dfs_filename_len,
      { "Length", "smb2.fsctl.filename_len", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},
    { &hf_smb2_dfs_request_data_site,
      { "Site", "smb2.fsctl.request_data_site", FT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }},
    { &hf_smb2_dfs_sitename_len,
      { "Length", "smb2.fsctl.sitename_len", FT_UINT16, BASE_DEC,
      NULL, 0, NULL, HFILL }},
    { &hf_smb2_dfs_sitename,
      { "Sitename", "smb2.sitename", FT_STRING, BASE_NONE,
      NULL, 0, NULL, HFILL }},
    };

  static int *ett[] = {
    &ett_smb2,
    &ett_smb2_ea,
    &ett_smb2_olb,
    &ett_smb2_header,
    &ett_smb2_encrypted,
    &ett_smb2_compressed,
    &ett_smb2_decompressed,
    &ett_smb2_command,
    &ett_smb2_secblob,
    &ett_smb2_negotiate_context_element,
    &ett_smb2_file_basic_info,
    &ett_smb2_file_standard_info,
    &ett_smb2_file_internal_info,
    &ett_smb2_file_ea_info,
    &ett_smb2_file_access_info,
    &ett_smb2_file_rename_info,
    &ett_smb2_file_link_info,
    &ett_smb2_file_disposition_info,
    &ett_smb2_file_position_info,
    &ett_smb2_file_full_ea_info,
    &ett_smb2_file_mode_info,
    &ett_smb2_file_alignment_info,
    &ett_smb2_file_all_info,
    &ett_smb2_file_allocation_info,
    &ett_smb2_file_endoffile_info,
    &ett_smb2_file_alternate_name_info,
    &ett_smb2_file_stream_info,
    &ett_smb2_file_pipe_info,
    &ett_smb2_file_pipe_local_info,
    &ett_smb2_file_pipe_remote_info,
    &ett_smb2_file_compression_info,
    &ett_smb2_file_network_open_info,
    &ett_smb2_file_attribute_tag_info,
    &ett_smb2_file_normalized_name_info,
    &ett_smb2_fs_info_01,
    &ett_smb2_fs_info_03,
    &ett_smb2_fs_info_04,
    &ett_smb2_fs_info_05,
    &ett_smb2_fs_info_06,
    &ett_smb2_fs_info_07,
    &ett_smb2_fs_objectid_info,
    &ett_smb2_fs_posix_info,
    &ett_smb2_sec_info_00,
    &ett_smb2_additional_information_sec_mask,
    &ett_smb2_quota_info,
    &ett_smb2_query_quota_info,
    &ett_smb2_tid_tree,
    &ett_smb2_sesid_tree,
    &ett_smb2_create_chain_element,
    &ett_smb2_MxAc_buffer,
    &ett_smb2_QFid_buffer,
    &ett_smb2_RqLs_buffer,
    &ett_smb2_ioctl_function,
    &ett_smb2_FILE_OBJECTID_BUFFER,
    &ett_smb2_flags,
    &ett_smb2_sec_mode,
    &ett_smb2_capabilities,
    &ett_smb2_ses_req_flags,
    &ett_smb2_ses_flags,
    &ett_smb2_create_rep_flags,
    &ett_smb2_lease_state,
    &ett_smb2_lease_flags,
    &ett_smb2_share_flags,
    &ett_smb2_share_caps,
    &ett_smb2_comp_alg_flags,
    &ett_smb2_ioctl_flags,
    &ett_smb2_ioctl_network_interface,
    &ett_smb2_ioctl_sqos_opeations,
    &ett_smb2_fsctl_range_data,
    &ett_windows_sockaddr,
    &ett_smb2_close_flags,
    &ett_smb2_notify_info,
    &ett_smb2_notify_flags,
    &ett_smb2_rdma_v1,
    &ett_smb2_write_flags,
    &ett_smb2_find_flags,
    &ett_smb2_file_directory_info,
    &ett_smb2_both_directory_info,
    &ett_smb2_id_both_directory_info,
    &ett_smb2_full_directory_info,
    &ett_smb2_posix_info,
    &ett_smb2_file_name_info,
    &ett_smb2_lock_info,
    &ett_smb2_lock_flags,
    &ett_smb2_DH2Q_buffer,
    &ett_smb2_DH2C_buffer,
    &ett_smb2_dh2x_flags,
    &ett_smb2_APP_INSTANCE_buffer,
    &ett_smb2_svhdx_open_device_context,
    &ett_smb2_app_instance_version_buffer,
    &ett_smb2_app_instance_version_buffer_version,
    &ett_smb2_aapl_create_context_request,
    &ett_smb2_aapl_server_query_bitmask,
    &ett_smb2_aapl_server_query_caps,
    &ett_smb2_aapl_create_context_response,
    &ett_smb2_aapl_server_query_volume_caps,
    &ett_smb2_integrity_flags,
    &ett_smb2_buffercode,
    &ett_smb2_ioctl_network_interface_capabilities,
    &ett_smb2_tree_connect_flags,
    &ett_qfr_entry,
    &ett_smb2_pipe_fragment,
    &ett_smb2_pipe_fragments,
    &ett_smb2_cchunk_entry,
    &ett_smb2_fsctl_odx_token,
    &ett_smb2_symlink_error_response,
    &ett_smb2_reparse_data_buffer,
    &ett_smb2_error_data,
    &ett_smb2_error_context,
    &ett_smb2_error_redir_context,
    &ett_smb2_error_redir_ip_list,
    &ett_smb2_read_flags,
    &ett_smb2_signature,
    &ett_smb2_transform_flags,
    &ett_smb2_fscc_file_attributes,
    &ett_smb2_comp_pattern_v1,
    &ett_smb2_comp_payload,
    &ett_smb2_query_info_flags,
    &ett_smb2_server_notification,
    &ett_smb2_fscc_refs_snapshot_query_delta_buffer,
    &ett_smb2_fid_str,
    &ett_smb2_fsctl_dfs_get_referrals_ex_request_data,
    &ett_smb2_fsctl_dfs_get_referrals_ex_filename,
    &ett_smb2_fsctl_dfs_get_referrals_ex_sitename,
  };

  static ei_register_info ei[] = {
    { &ei_smb2_invalid_length, { "smb2.invalid_length", PI_MALFORMED, PI_ERROR, "Invalid length", EXPFILL }},
    { &ei_smb2_bad_response, { "smb2.bad_response", PI_MALFORMED, PI_ERROR, "Bad response", EXPFILL }},
    { &ei_smb2_bad_negprot_negotiate_context_count, { "smb2.bad_negprot_negotiate_context_count", PI_MALFORMED, PI_ERROR, "Negotiate Protocol request NegotiateContextCount is nonzero without SMB 3.11 support", EXPFILL }},
    { &ei_smb2_bad_negprot_negotiate_context_offset, { "smb2.bad_negprot_negotiate_context_offset", PI_MALFORMED, PI_ERROR, "Negotiate Protocol request NegotiateContextOffset is nonzero without SMB 3.11 support", EXPFILL }},
    { &ei_smb2_bad_negprot_reserved, { "smb2.bad_negprot_reserved", PI_MALFORMED, PI_ERROR, "Negotiate Protocol response Reserved is nonzero", EXPFILL }},
    { &ei_smb2_bad_negprot_reserved2, { "smb2.bad_negprot_reserved2", PI_MALFORMED, PI_ERROR, "Negotiate Protocol response Reserved2 is nonzero", EXPFILL }},
    { &ei_smb2_invalid_getinfo_offset, { "smb2.invalid_getinfo_offset", PI_MALFORMED, PI_ERROR, "Input buffer offset isn't past the fixed data in the message", EXPFILL }},
    { &ei_smb2_invalid_getinfo_size, { "smb2.invalid_getinfo_size", PI_MALFORMED, PI_ERROR, "Input buffer length goes past the end of the message", EXPFILL }},
    { &ei_smb2_empty_getinfo_buffer, { "smb2.empty_getinfo_buffer", PI_PROTOCOL, PI_WARN, "Input buffer length is empty for a quota request", EXPFILL }},
    { &ei_smb2_invalid_signature, { "smb2.invalid_signature", PI_MALFORMED, PI_ERROR, "Invalid Signature", EXPFILL }},
  };

  expert_module_t* expert_smb2;

  /* SessionID <=> SessionKey mappings for decryption */
  uat_t *seskey_uat;

  static uat_field_t seskey_uat_fields[] = {
    UAT_FLD_BUFFER(seskey_list, id, "Session ID", "The session ID buffer, coded as hex string, as it appears on the wire (LE)."),
    UAT_FLD_BUFFER(seskey_list, seskey, "Session Key", "The secret session key buffer, coded as 16-byte hex string."),
    UAT_FLD_BUFFER(seskey_list, s2ckey, "Server-to-Client", "The AES-128 key used by the client to decrypt server messages, coded as 16-byte hex string."),
    UAT_FLD_BUFFER(seskey_list, c2skey, "Client-to-Server", "The AES-128 key used by the server to decrypt client messages, coded as 16-byte hex string."),
    UAT_END_FIELDS
  };

  proto_smb2 = proto_register_protocol("SMB2 (Server Message Block Protocol version 2)",
               "SMB2", "smb2");
  proto_register_subtree_array(ett, array_length(ett));
  proto_register_field_array(proto_smb2, hf, array_length(hf));
  expert_smb2 = expert_register_protocol(proto_smb2);
  expert_register_field_array(expert_smb2, ei, array_length(ei));

  smb2_module = prefs_register_protocol(proto_smb2, NULL);
  prefs_register_bool_preference(smb2_module, "eosmb2_take_name_as_fid",
               "Use the full file name as File ID when exporting an SMB2 object",
               "Whether the export object functionality will take the full path file name as file identifier",
               &eosmb2_take_name_as_fid);

  prefs_register_bool_preference(smb2_module, "pipe_reassembly",
    "Reassemble Named Pipes over SMB2",
    "Whether the dissector should reassemble Named Pipes over SMB2 commands",
    &smb2_pipe_reassembly);

  prefs_register_bool_preference(smb2_module, "verify_signatures",
    "Verify SMB2 Signatures",
    "Whether the dissector should try to verify SMB2 signatures",
    &smb2_verify_signatures);

  seskey_uat = uat_new("Secret session key to use for decryption",
           sizeof(smb2_seskey_field_t),
           "smb2_seskey_list",
           true,
           &seskey_list,
           &num_seskey_list,
           (UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS),
           NULL,
           seskey_list_copy_cb,
           seskey_list_update_cb,
           seskey_list_free_cb,
           NULL,
           NULL,
           seskey_uat_fields);

  prefs_register_uat_preference(smb2_module,
              "seskey_list",
              "Secret session keys for decryption",
              "A table of Session ID to Session keys mappings used to decrypt traffic.",
              seskey_uat);

  smb2_pipe_subdissector_list = register_heur_dissector_list_with_description("smb2_pipe_subdissectors", "SMB2 Pipe data", proto_smb2);
  /*
   * XXX - addresses_ports_reassembly_table_functions?
   * Probably correct for SMB-over-NBT and SMB-over-TCP,
   * as stuff from two different connections should
   * probably not be combined, but what about other
   * transports for SMB, e.g. NBF or Netware?
   */
  reassembly_table_register(&smb2_pipe_reassembly_table,
      &addresses_reassembly_table_functions);

  smb2_tap = register_tap("smb2");
  smb2_eo_tap = register_tap("smb_eo"); /* SMB Export Object tap */

  register_srt_table(proto_smb2, NULL, 1, smb2stat_packet, smb2stat_init, NULL);
  smb2_sessions = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), smb2_sesid_info_hash, smb2_sesid_info_equal);
}

void
proto_reg_handoff_smb2(void)
{
  gssapi_handle  = find_dissector_add_dependency("gssapi", proto_smb2);
  ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_smb2);
  rsvd_handle    = find_dissector_add_dependency("rsvd", proto_smb2);
  heur_dissector_add("netbios", dissect_smb2_heur, "SMB2 over Netbios", "smb2_netbios", proto_smb2, HEURISTIC_ENABLE);
  heur_dissector_add("smb_direct", dissect_smb2_heur, "SMB2 over SMB Direct", "smb2_smb_direct", proto_smb2, HEURISTIC_ENABLE);
}

/*
 * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 *
 * Local variables:
 * c-basic-offset: 8
 * tab-width: 8
 * indent-tabs-mode: t
 * End:
 *
 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 * :indentSize=8:tabSize=8:noTabs=false:
 */

Coverage Report

Created: 2025-08-04 07:15