smb: probing parser improvement

diff --git a/rust/src/smb/nbss_records.rs b/rust/src/smb/nbss_records.rs
index cd7d96f19cfbb788ca5a14944a71862e98f868e6..c07b02a05628d7b5a77d260ef57d1594fe49588e 100644 (file)
--- a/rust/src/smb/nbss_records.rs
+++ b/rust/src/smb/nbss_records.rs
@@ -32,7 +32,7 @@ pub struct NbssRecord<'a> {
 }
 
 impl<'a> NbssRecord<'a> {
-    pub fn is_smb(&self) -> bool {
+    pub fn is_valid(&self) -> bool {
         let valid = match self.message_type {
             NBSS_MSGTYPE_SESSION_MESSAGE |
             NBSS_MSGTYPE_SESSION_REQUEST |
@@ -42,6 +42,10 @@ impl<'a> NbssRecord<'a> {
             NBSS_MSGTYPE_KEEP_ALIVE => true,
             _ => false,
         };
+        valid
+    }
+    pub fn is_smb(&self) -> bool {
+        let valid = self.is_valid();
         let smb = if self.data.len() >= 4 &&
             self.data[1] == 'S' as u8 && self.data[2] == 'M' as u8 && self.data[3] == 'B' as u8 &&
             (self.data[0] == b'\xFE' || self.data[0] == b'\xFF' || self.data[0] == b'\xFD')

diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs
index 874ff64c14369b2eecab30260d2a23bb577eb36b..84d0e1b3038555be48fa6c4d60c4d68b50475094 100644 (file)
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -1857,22 +1857,36 @@ pub extern "C" fn rs_smb_parse_response_tcp_gap(
     return -1;
 }
 
+// probing parser
+// return 1 if found, 0 is not found
 #[no_mangle]
 pub extern "C" fn rs_smb_probe_tcp(input: *const libc::uint8_t, len: libc::uint32_t)
                                -> libc::int8_t
 {
-    let slice: &[u8] = unsafe {
-        std::slice::from_raw_parts(input as *mut u8, len as usize)
-    };
+    let slice = build_slice!(input, len as usize);
+    match search_smb_record(slice) {
+        IResult::Done(_, _) => {
+            SCLogDebug!("smb found");
+            return 1;
+        },
+        _ => {
+            SCLogDebug!("smb not found in {:?}", slice);
+        },
+    }
     match parse_nbss_record_partial(slice) {
         IResult::Done(_, ref hdr) => {
             if hdr.is_smb() {
+                SCLogDebug!("smb found");
+                return 1;
+            } else if hdr.is_valid() {
+                SCLogDebug!("nbss found, assume smb");
                 return 1;
             }
         },
         _ => { },
     }
-    return 1
+    SCLogDebug!("no smb");
+    return -1
 }
 
 #[no_mangle]

diff --git a/src/app-layer-smb-tcp-rust.c b/src/app-layer-smb-tcp-rust.c
index a12307c1bf9829fb87be4075f0e8201df47d5d53..8ec3fa279d2f323506b8036194bc28c9d678421a 100644 (file)
--- a/src/app-layer-smb-tcp-rust.c
+++ b/src/app-layer-smb-tcp-rust.c
@@ -86,12 +86,16 @@ static uint16_t RustSMBTCPProbe(Flow *f,
         return ALPROTO_UNKNOWN;
     }
 
-    // Validate and return ALPROTO_FAILED if needed.
-    if (!rs_smb_probe_tcp(input, len)) {
-        return ALPROTO_FAILED;
+    const int r = rs_smb_probe_tcp(input, len);
+    switch (r) {
+        case 1:
+            return ALPROTO_SMB;
+        case 0:
+            return ALPROTO_UNKNOWN;
+        case -1:
+        default:
+            return ALPROTO_FAILED;
     }
-
-    return ALPROTO_SMB;
 }
 
 static int RustSMBGetAlstateProgress(void *tx, uint8_t direction)