base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

smb2_file_allocation: event

Generated for SMB/CIFS version 2 requests of type set_info of the allocation subtype

smb2_file_delete: event

Generated for SMB/CIFS version 2 requests of type set_info of the delete subtype.

smb2_file_endoffile: event

Generated for SMB/CIFS version 2 requests of type set_info of the end_of_file subtype

smb2_file_fscontrol: event

Generated for SMB/CIFS version 2 requests of type set_info of the fs_control subtype

smb2_file_fsobjectid: event

Generated for SMB/CIFS version 2 requests of type set_info of the fs_object_id subtype

smb2_file_fullea: event

Generated for SMB/CIFS version 2 requests of type set_info of the full_EA subtype

smb2_file_link: event

Generated for SMB/CIFS version 2 requests of type set_info of the link subtype

smb2_file_mode: event

Generated for SMB/CIFS version 2 requests of type set_info of the mode subtype

smb2_file_pipe: event

Generated for SMB/CIFS version 2 requests of type set_info of the pipe subtype

smb2_file_position: event

Generated for SMB/CIFS version 2 requests of type set_info of the position subtype

smb2_file_rename: event

Generated for SMB/CIFS version 2 requests of type set_info of the rename subtype.

smb2_file_sattr: event

Generated for SMB/CIFS version 2 requests of type set_info of the file subtype

smb2_file_shortname: event

Generated for SMB/CIFS version 2 requests of type set_info of the short_name subtype

smb2_file_validdatalength: event

Generated for SMB/CIFS version 2 requests of type set_info of the valid_data_length subtype

Detailed Interface

Events

smb2_file_allocation
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, alloc_size: int)

Generated for SMB/CIFS version 2 requests of type set_info of the allocation subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • alloc_size – desired allocation size.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_delete
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, delete_pending: bool)

Generated for SMB/CIFS version 2 requests of type set_info of the delete subtype.

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • delete_pending – A boolean value to indicate that a file should be deleted when it’s closed if set to T.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_endoffile
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, end_of_file: int)

Generated for SMB/CIFS version 2 requests of type set_info of the end_of_file subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • end_of_file – the absolute new end of file position as a byte offset from the start of the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_fscontrol
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, fs_control: SMB2::Fscontrol)

Generated for SMB/CIFS version 2 requests of type set_info of the fs_control subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • fs_control – contains fs_control info (see MS-FCC 2.5.2)

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_fsobjectid
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, object_id: SMB2::GUID, extended_info: string)

Generated for SMB/CIFS version 2 requests of type set_info of the fs_object_id subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • object_id – contains a 16-bytes GUID that identifies the file system volume (see MS-FCC 2.5.6)

  • extended_info – contains extended information on the file system volume

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link

smb2_file_fullea
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, file_eas: SMB2::FileEAs)

Generated for SMB/CIFS version 2 requests of type set_info of the full_EA subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • FileEAs – a vector of extended file attributes as defined in MS-FSCC:2.4.15

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, root_directory: count, file_name: string)

Generated for SMB/CIFS version 2 requests of type set_info of the link subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • root_directory – contains the file handle for the directory where the link is to be created

  • file_name – contains the name to be assigned to the newly created link

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_mode
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, mode: count)

Generated for SMB/CIFS version 2 requests of type set_info of the mode subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • mode – specifies how the file will subsequently be accessed.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_pipe
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, read_mode: count, completion_mode: count)

Generated for SMB/CIFS version 2 requests of type set_info of the pipe subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • read_mode – specifies if data must be read as a stream of bytes or messages

  • completion_mode – specifies if blocking mode must be enabled or not

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_position
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, current_byte_offset: int)

Generated for SMB/CIFS version 2 requests of type set_info of the position subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • current_byte_offset – specifies the offset, in bytes, of the file pointer from the beginning of the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_rename
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, dst_filename: string)

Generated for SMB/CIFS version 2 requests of type set_info of the rename subtype.

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – A GUID to identify the file.

  • dst_filename – The filename to rename the file into.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_sattr
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, times: SMB::MACTimes, attrs: SMB2::FileAttrs)

Generated for SMB/CIFS version 2 requests of type set_info of the file subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • times – Timestamps associated with the file in question.

  • attrs – File attributes.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_shortname
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, file_name: string)

Generated for SMB/CIFS version 2 requests of type set_info of the short_name subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • file_name – specifies the name of the file to be changed

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_validdatalength
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, valid_data_length: int)

Generated for SMB/CIFS version 2 requests of type set_info of the valid_data_length subtype

For more information, see MS-SMB2:2.2.39

Parameters

  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_id – The SMB2 GUID for the file.

  • valid_data_length – specifies the new valid data length for the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid