* 02110-1301, USA.
*/
+pub mod smb_records;
pub mod smb1_records;
pub mod smb2_records;
pub mod nbss_records;
pipe.fid.to_vec());
}
- let (sername, is_dcerpc) = get_service_for_nameslice(&rd.txname.name);
+ let (sername, is_dcerpc) = get_service_for_nameslice(&rd.txname.tx_name);
SCLogDebug!("service: {} dcerpc {}", sername, is_dcerpc);
if is_dcerpc {
// store tx name so the response also knows this is dcerpc
let txn_hdr = SMBCommonHdr::from1(r, SMBHDR_TYPE_TXNAME);
- state.ssn2vec_map.insert(txn_hdr, rd.txname.name.to_vec());
+ state.ssn2vec_map.insert(txn_hdr, rd.txname.tx_name);
// trans request will tell us the max size of the response
// if there is more response data, it will first give a
use log::*;
use nom::{rest, le_u8, le_u16, le_u32, le_u64, IResult};
use smb::smb::*;
+use smb::smb_records::*;
#[derive(Debug,PartialEq)]
pub struct Smb1WriteRequestRecord<'a> {
pub struct SmbRecordTransRequest<'a> {
pub params: SmbRecordTransRequestParams,
pub pipe: Option<SmbPipeProtocolRecord<'a>>,
- pub txname: SmbRecordTransRequestTxname<'a>,
+ pub txname: SmbRecordTransRequestTxname<>,
pub data: SmbRecordTransRequestData<'a>,
}
);
#[derive(Debug,PartialEq)]
-pub struct SmbRecordTransRequestTxname<'a> {
- pub name: &'a[u8],
+pub struct SmbRecordTransRequestTxname<> {
+ pub tx_name: Vec<u8>,
}
-pub fn parse_smb_trans_request_tx_name_ascii(i: &[u8])
+fn parse_smb_trans_request_tx_name_ascii(i: &[u8])
-> IResult<&[u8], SmbRecordTransRequestTxname>
{
do_parse!(i,
- name: take_until_and_consume!("\0")
+ name: smb_get_ascii_string
>> (SmbRecordTransRequestTxname {
- name: name,
+ tx_name: name,
})
)
}
-pub fn parse_smb_trans_request_tx_name_unicode(i: &[u8], offset: usize)
+fn parse_smb_trans_request_tx_name_unicode(i: &[u8], offset: usize)
-> IResult<&[u8], SmbRecordTransRequestTxname>
{
do_parse!(i,
cond!(offset % 2 == 1, take!(1))
- >> name: take_until_and_consume!("\0\0\0")
+ >> name: smb_get_unicode_string
>> (SmbRecordTransRequestTxname {
- name: name,
+ tx_name: name,
})
)
}
* 02110-1301, USA.
*/
-use nom::{IResult, ErrorKind};
+use nom::{IResult};
use log::*;
+use smb::smb_records::*;
use smb::smb1_records::*;
use smb::smb::*;
use smb::events::*;
pub native_lm: Vec<u8>,
}
-/// parse a UTF16 string that is null terminated. Normally by 2 null
-/// bytes, but at the end of the data it can also be a single null.
-/// Skip every second byte.
-pub fn smb_get_unicode_string(blob: &[u8]) -> IResult<&[u8], Vec<u8>>
-{
- SCLogDebug!("get_unicode_string: blob {} {:?}", blob.len(), blob);
- let mut name : Vec<u8> = Vec::new();
- let mut c = blob;
- while c.len() >= 1 {
- if c.len() == 1 && c[0] == 0 {
- let rem = &c[1..];
- SCLogDebug!("get_unicode_string: name {:?}", name);
- return IResult::Done(rem, name)
- } else if c.len() == 1 {
- break;
- } else if c[0] == 0 && c[1] == 0 {
- let rem = &c[2..];
- SCLogDebug!("get_unicode_string: name {:?}", name);
- return IResult::Done(rem, name)
- }
- name.push(c[0]);
- c = &c[2..];
- //SCLogNotice!("get_unicode_string: c {:?}", c);
- }
- IResult::Error(error_code!(ErrorKind::Custom(130)))
-}
-
-/// parse an ASCII string that is null terminated
-named!(pub smb_get_ascii_string<Vec<u8>>,
- do_parse!(
- s: take_until_and_consume!("\x00")
- >> ( s.to_vec() )
-));
-
pub fn smb1_session_setup_request_host_info(r: &SmbRecord, blob: &[u8]) -> SessionSetupRequest
{
if blob.len() > 1 && r.has_unicode_support() {
--- /dev/null
+/* Copyright (C) 2018 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+use nom::{IResult, ErrorKind};
+use log::*;
+
+/// parse a UTF16 string that is null terminated. Normally by 2 null
+/// bytes, but at the end of the data it can also be a single null.
+/// Skip every second byte.
+pub fn smb_get_unicode_string(blob: &[u8]) -> IResult<&[u8], Vec<u8>>
+{
+ SCLogDebug!("get_unicode_string: blob {} {:?}", blob.len(), blob);
+ let mut name : Vec<u8> = Vec::new();
+ let mut c = blob;
+ while c.len() >= 1 {
+ if c.len() == 1 && c[0] == 0 {
+ let rem = &c[1..];
+ SCLogDebug!("get_unicode_string: name {:?}", name);
+ return IResult::Done(rem, name)
+ } else if c.len() == 1 {
+ break;
+ } else if c[0] == 0 && c[1] == 0 {
+ let rem = &c[2..];
+ SCLogDebug!("get_unicode_string: name {:?}", name);
+ return IResult::Done(rem, name)
+ }
+ name.push(c[0]);
+ c = &c[2..];
+ }
+ IResult::Error(error_code!(ErrorKind::Custom(130)))
+}
+
+/// parse an ASCII string that is null terminated
+named!(pub smb_get_ascii_string<Vec<u8>>,
+ do_parse!(
+ s: take_until_and_consume!("\x00")
+ >> ( s.to_vec() )
+));
+
projects / thirdparty / suricata.git / commitdiff
