Zeek_SMB.smb2_com_set_info.bif.zeek¶

GLOBAL¶

Namespace:	GLOBAL

Summary¶

Events¶

`smb2_file_allocation`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the allocation subtype
`smb2_file_delete`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the delete subtype.
`smb2_file_endoffile`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the end_of_file subtype
`smb2_file_fscontrol`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the fs_control subtype
`smb2_file_fsobjectid`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the fs_object_id subtype
`smb2_file_fullea`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the full_EA subtype
`smb2_file_link`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the link subtype
`smb2_file_mode`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the mode subtype
`smb2_file_pipe`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the pipe subtype
`smb2_file_position`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the position subtype
`smb2_file_rename`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the rename subtype.
`smb2_file_sattr`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the file subtype
`smb2_file_shortname`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the short_name subtype
`smb2_file_validdatalength`: `event`	Generated for SMB/CIFS version 2 requests of type set_info of the valid_data_length subtype

Detailed Interface¶

Events¶

smb2_file_allocation¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, alloc_size: `int`)

Generated for SMB/CIFS version 2 requests of type set_info of the allocation subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
Alloc_size:	desired allocation size.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_delete¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, delete_pending: `bool`)

Generated for SMB/CIFS version 2 requests of type set_info of the delete subtype.

For more information, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
Delete_pending:	A boolean value to indicate that a file should be deleted when it’s closed if set to T.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_endoffile¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, end_of_file: `int`)

Generated for SMB/CIFS version 2 requests of type set_info of the end_of_file subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
End_of_file:	the absolute new end of file position as a byte offset from the start of the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_fscontrol¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, fs_control: `SMB2::Fscontrol`)

Generated for SMB/CIFS version 2 requests of type set_info of the fs_control subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
Fs_control:	contains fs_control info (see MS-FCC 2.5.2)

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_fsobjectid¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, object_id: `SMB2::GUID`, extended_info: `string`)

Generated for SMB/CIFS version 2 requests of type set_info of the fs_object_id subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
Object_id:	contains a 16-bytes GUID that identifies the file system volume (see MS-FCC 2.5.6)
Extended_info:	contains extended information on the file system volume

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link

smb2_file_fullea¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, file_eas: `SMB2::FileEAs`)

Generated for SMB/CIFS version 2 requests of type set_info of the full_EA subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
FileEAs:	a vector of extended file attributes as defined in MS-FSCC:2.4.15

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_link¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, root_directory: `count`, file_name: `string`)

Generated for SMB/CIFS version 2 requests of type set_info of the link subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
Root_directory:	contains the file handle for the directory where the link is to be created
File_name:	contains the name to be assigned to the newly created link

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_mode¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, mode: `count`)

Generated for SMB/CIFS version 2 requests of type set_info of the mode subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
Mode:	specifies how the file will subsequently be accessed.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_pipe¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, read_mode: `count`, completion_mode: `count`)

Generated for SMB/CIFS version 2 requests of type set_info of the pipe subtype

For more infomation, see MS-SMB2:2.2.39

Completion_mode:
C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
Read_mode:	specifies if data must be read as a stream of bytes or messages
	specifies if blocking mode must be enabled or not

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_position¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, current_byte_offset: `int`)

Generated for SMB/CIFS version 2 requests of type set_info of the position subtype

For more infomation, see MS-SMB2:2.2.39

Current_byte_offset:
C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
	specifies the offset, in bytes, of the file pointer from the beginning of the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_rename¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, dst_filename: `string`)

Generated for SMB/CIFS version 2 requests of type set_info of the rename subtype.

For more information, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	A GUID to identify the file.
Dst_filename:	The filename to rename the file into.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_sattr¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, times: `SMB::MACTimes`, attrs: `SMB2::FileAttrs`)

Generated for SMB/CIFS version 2 requests of type set_info of the file subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
Times:	Timestamps associated with the file in question.
Attrs:	File attributes.

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_shortname¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, file_name: `string`)

Generated for SMB/CIFS version 2 requests of type set_info of the short_name subtype

For more infomation, see MS-SMB2:2.2.39

C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
File_name:	specifies the name of the file to be changed

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid

smb2_file_validdatalength¶

Type:	`event` (c: `connection`, hdr: `SMB2::Header`, file_id: `SMB2::GUID`, valid_data_length: `int`)

Generated for SMB/CIFS version 2 requests of type set_info of the valid_data_length subtype

For more infomation, see MS-SMB2:2.2.39

Valid_data_length:
C:	The connection.
Hdr:	The parsed header of the SMB version 2 message.
File_id:	The SMB2 GUID for the file.
	specifies the new valid data length for the file

See also: smb2_message, smb2_file_delete, smb2_file_sattr, smb2_file_allocation, smb2_file_endoffile, smb2_file_mode, smb2_file_pipe, smb2_file_position, smb2_file_shortname, smb2_file_validdatalength, smb2_file_fullea, smb2_file_link, smb2_file_fsobjectid