Pull request #4320: dce_rpc: correct the session counters post the upgrade to smb...

author Unnikrishnan M (umunnikr) <umunnikr@cisco.com>

Fri, 21 Jun 2024 06:07:29 +0000 (06:07 +0000)

committer Bhargava Jandhyala (bjandhya) <bjandhya@cisco.com>

Fri, 21 Jun 2024 06:07:29 +0000 (06:07 +0000)
author Unnikrishnan M (umunnikr) <umunnikr@cisco.com>
Fri, 21 Jun 2024 06:07:29 +0000 (06:07 +0000)
committer Bhargava Jandhyala (bjandhya) <bjandhya@cisco.com>
Fri, 21 Jun 2024 06:07:29 +0000 (06:07 +0000)
diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc

index 963de3ba9a896416d737cd7e8d9f61819e10cc40..7ad61611a148ff9bf8de2c394b22314d745bed08 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.cc
+++ b/src/service_inspectors/dce_rpc/smb_message.cc
@@ -1627,7 +1627,7 @@ void DCE2_Smb1Process(DCE2_SmbSsnData* ssd)
                      Dce2SmbFlowData* fd = (Dce2SmbFlowData*)p->flow->get_flow_data(
                          Dce2SmbFlowData::inspector_id);
                      p->flow->free_flow_data(fd);
-                    DCE2_Smb2SsnData* dce2_smb2_sess = dce2_create_new_smb2_session(p, config);
+                    DCE2_Smb2SsnData* dce2_smb2_sess = dce2_create_new_smb2_session(p, config, true);
                      DCE2_Smb2Process(dce2_smb2_sess);
                      if (!dce2_detected)
                          DCE2_Detect(&dce2_smb2_sess->sd);
@@ -2568,7 +2568,7 @@ static inline DCE2_Smb2SsnData* set_new_dce2_smb2_session(Packet* p)
      return((DCE2_Smb2SsnData*)fd->dce2_smb_session_data);
  }
  
-DCE2_Smb2SsnData* dce2_create_new_smb2_session(Packet* p, dce2SmbProtoConf* config)
+DCE2_Smb2SsnData* dce2_create_new_smb2_session(Packet* p, dce2SmbProtoConf* config, bool upgrade)
  {
      DCE2_Smb2SsnData* dce2_smb2_sess = set_new_dce2_smb2_session(p);
      if ( dce2_smb2_sess )
@@ -2578,7 +2578,10 @@ DCE2_Smb2SsnData* dce2_create_new_smb2_session(Packet* p, dce2SmbProtoConf* conf
  
          DCE2_ResetRopts(&dce2_smb2_sess->sd, p);
  
-        dce2_smb_stats.smb_sessions++;
+        if (upgrade)
+            dce2_smb_stats.total_smb1_sessions--;
+        else
+            dce2_smb_stats.smb_sessions++;
          dce2_smb_stats.total_smb2_sessions++;
  
          dce2_smb2_sess->sd.trans = DCE2_TRANS_TYPE__SMB;
diff --git a/src/service_inspectors/dce_rpc/smb_message.h b/src/service_inspectors/dce_rpc/smb_message.h

index 58e7f18b1abc6f0ce4625fe541871a35291e73bc..1058dfa1f5285c19270484e9b2b7786a3f9f1f8a 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.h
+++ b/src/service_inspectors/dce_rpc/smb_message.h
@@ -2193,7 +2193,7 @@ inline uint16_t SmbWriteAndCloseRespCount(const SmbWriteAndCloseResp* resp)
  void DCE2_SmbInitGlobals();
  void DCE2_Smb1Process(struct DCE2_SmbSsnData*);
  struct DCE2_SmbSsnData* dce2_create_new_smb_session(snort::Packet*, struct dce2SmbProtoConf*);
-struct DCE2_Smb2SsnData* dce2_create_new_smb2_session(snort::Packet*, struct dce2SmbProtoConf*);
+struct DCE2_Smb2SsnData* dce2_create_new_smb2_session(snort::Packet*, struct dce2SmbProtoConf*, bool upgrade = false);
  void DCE2_SmbDataFree(DCE2_SmbSsnData*);
  void set_smb_reassembled_data(uint8_t* nb_ptr, uint16_t co_len);
author	Unnikrishnan M (umunnikr) <umunnikr@cisco.com>
	Fri, 21 Jun 2024 06:07:29 +0000 (06:07 +0000)
committer	Bhargava Jandhyala (bjandhya) <bjandhya@cisco.com>
	Fri, 21 Jun 2024 06:07:29 +0000 (06:07 +0000)
src/service_inspectors/dce_rpc/smb_message.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/smb_message.h		patch \| blob \| blame \| history