Zeek_SMB.smb2_com_set_info.bif.zeek¶

GLOBAL¶

Namespace: GLOBAL

Summary¶

Events¶

`smb2_file_allocation`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the allocation subtype
`smb2_file_delete`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the delete subtype.
`smb2_file_endoffile`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the end_of_file subtype
`smb2_file_fscontrol`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the fs_control subtype
`smb2_file_fsobjectid`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the fs_object_id subtype
`smb2_file_fullea`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the full_EA subtype
`smb2_file_link`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the link subtype
`smb2_file_mode`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the mode subtype
`smb2_file_pipe`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the pipe subtype
`smb2_file_position`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the position subtype
`smb2_file_rename`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the rename subtype.
`smb2_file_sattr`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the file subtype
`smb2_file_shortname`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the short_name subtype
`smb2_file_validdatalength`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the valid_data_length subtype

Detailed Interface¶

Events¶

smb2_file_allocation¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, alloc_size: int)

Generated for SMB/CIFS version 2 requests of type set_info of the allocation subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Alloc_size: desired allocation size.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_delete¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, delete_pending: bool)

Generated for SMB/CIFS version 2 requests of type set_info of the delete subtype.

For more information, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Delete_pending: A boolean value to indicate that a file should be deleted when it’s closed if set to T.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_endoffile¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, end_of_file: int)

Generated for SMB/CIFS version 2 requests of type set_info of the end_of_file subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
End_of_file: the absolute new end of file position as a byte offset from the start of the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_fscontrol¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, fs_control: SMB2::Fscontrol)

Generated for SMB/CIFS version 2 requests of type set_info of the fs_control subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Fs_control: contains fs_control info (see MS-FCC 2.5.2)

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_fsobjectid¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, object_id: SMB2::GUID, extended_info: string)

Generated for SMB/CIFS version 2 requests of type set_info of the fs_object_id subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Object_id: contains a 16-bytes GUID that identifies the file system volume (see MS-FCC 2.5.6)
Extended_info: contains extended information on the file system volume

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link

smb2_file_fullea¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, file_eas: SMB2::FileEAs)

Generated for SMB/CIFS version 2 requests of type set_info of the full_EA subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
FileEAs: a vector of extended file attributes as defined in MS-FSCC:2.4.15

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_link¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, root_directory: count, file_name: string)

Generated for SMB/CIFS version 2 requests of type set_info of the link subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Root_directory: contains the file handle for the directory where the link is to be created
File_name: contains the name to be assigned to the newly created link

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_mode¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, mode: count)

Generated for SMB/CIFS version 2 requests of type set_info of the mode subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Mode: specifies how the file will subsequently be accessed.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_pipe¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, read_mode: count, completion_mode: count)

Generated for SMB/CIFS version 2 requests of type set_info of the pipe subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Read_mode: specifies if data must be read as a stream of bytes or messages
Completion_mode: specifies if blocking mode must be enabled or not

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_position¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, current_byte_offset: int)

Generated for SMB/CIFS version 2 requests of type set_info of the position subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Current_byte_offset: specifies the offset, in bytes, of the file pointer from the beginning of the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_rename¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, dst_filename: string)

Generated for SMB/CIFS version 2 requests of type set_info of the rename subtype.

For more information, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: A GUID to identify the file.
Dst_filename: The filename to rename the file into.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_sattr¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, times: SMB::MACTimes, attrs: SMB2::FileAttrs)

Generated for SMB/CIFS version 2 requests of type set_info of the file subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Times: Timestamps associated with the file in question.
Attrs: File attributes.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_shortname¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, file_name: string)

Generated for SMB/CIFS version 2 requests of type set_info of the short_name subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
File_name: specifies the name of the file to be changed

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_validdatalength¶

Type: event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, valid_data_length: int)

Generated for SMB/CIFS version 2 requests of type set_info of the valid_data_length subtype

For more infomation, see MS-SMB2:2.2.39

C: The connection.
Hdr: The parsed header of the SMB version 2 message.
File_id: The SMB2 GUID for the file.
Valid_data_length: specifies the new valid data length for the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid