smb: probing parser for start and midstream

The probing parser is more strict at the start of the stream

diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs
index 8e313064245715868e5f038d402847ffe9bcbc7d..77db7c221aa87946350282c648d4523fa191e02e 100644 (file)
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -1978,8 +1978,10 @@ pub extern "C" fn rs_smb_probe_tcp(flags: u8,
     -> i8
 {
     let slice = build_slice!(input, len as usize);
-    if rs_smb_probe_tcp_midstream(flags, slice, rdir) == 1 {
-        return 1;
+    if flags & STREAM_MIDSTREAM == STREAM_MIDSTREAM {
+        if rs_smb_probe_tcp_midstream(flags, slice, rdir) == 1 {
+            return 1;
+        }
     }
     match parse_nbss_record_partial(slice) {
         Ok((_, ref hdr)) => {