]> git.ipfire.org Git - people/ms/suricata.git/commit - rust/src/smb/smb.rs
projects / people / ms / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9dd7c38) | patch
smb2/dcerpc: probe if response data is dcerpc
authorVictor Julien <victor@inliniac.net>
Wed, 3 Oct 2018 17:55:46 +0000 (19:55 +0200)
committerVictor Julien <victor@inliniac.net>
Sun, 7 Oct 2018 08:08:51 +0000 (10:08 +0200)
commitac4e8885976422498806af97fb14592465428b68
tree52235512db67869092664bfbd887a2048ffad4e8tree | snapshot
parent9dd7c381132be80341bb8f55ae23408b094eb792commit | diff
smb2/dcerpc: probe if response data is dcerpc

If we missed the tree connect we can't know for sure if we're
reading from a (DCERPC) PIPE or not. In this case probe the data
to see if it looks like DCERPC.

If the detection succeeds, use a special 'suricata::dcerpc' service
in the TX.

Simplify handling of DCERPC records that cross records

Update logging for the response only TXs.
rust/src/smb/dcerpc.rs diff | blob | blame | history
rust/src/smb/log.rs diff | blob | blame | history
rust/src/smb/smb.rs diff | blob | blame | history
rust/src/smb/smb1.rs diff | blob | blame | history
rust/src/smb/smb2.rs diff | blob | blame | history
Michael's tree of suricata