rust/smb: fix and optimize record search

author Victor Julien <victor@inliniac.net>

Sat, 9 Feb 2019 09:40:05 +0000 (10:40 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 12 Feb 2019 11:07:00 +0000 (12:07 +0100)
author Victor Julien <victor@inliniac.net>
Sat, 9 Feb 2019 09:40:05 +0000 (10:40 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 12 Feb 2019 11:07:00 +0000 (12:07 +0100)
diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs

index 1b05ff2b69efbfac12d0b3a58ba4ed932981edb0..6752aa3752f4ca83a9b0ea080525e9c429e10a3d 100644 (file)
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -1371,7 +1371,7 @@ impl SMBState {
              match search_smb_record(cur_i) {
                  Ok((_, pg)) => {
                      SCLogDebug!("smb record found");
-                    let smb2_offset = cur_i.len() - pg.data.len();
+                    let smb2_offset = cur_i.len() - pg.len();
                      if smb2_offset < 4 {
                          return 0;
                      }
@@ -1597,7 +1597,7 @@ impl SMBState {
              match search_smb_record(cur_i) {
                  Ok((_, pg)) => {
                      SCLogDebug!("smb record found");
-                    let smb2_offset = cur_i.len() - pg.data.len();
+                    let smb2_offset = cur_i.len() - pg.len();
                      if smb2_offset < 4 {
                          return 0;
                      }
diff --git a/rust/src/smb/smb2_records.rs b/rust/src/smb/smb2_records.rs

index d35a43028de7b186c47d20b8b617213349570bc7..910bc0a49f79bbd2f8ecb17a983167e626886375 100644 (file)
--- a/rust/src/smb/smb2_records.rs
+++ b/rust/src/smb/smb2_records.rs
@@ -15,7 +15,8 @@
   * 02110-1301, USA.
   */
  
-use nom::{rest, le_u8, le_u16, le_u32, le_u64, AsBytes, IResult};
+use nom;
+use nom::{rest, le_u8, le_u16, le_u32, le_u64, IResult};
  use smb::smb::*;
  
  #[derive(Debug,PartialEq)]
@@ -521,18 +522,15 @@ named!(pub parse_smb2_response_record<Smb2Record>,
             })
  ));
  
-#[derive(Debug,PartialEq)]
-pub struct SmbRecordPostGap<'a> {
-    pub data: &'a[u8],
+pub fn search_smb_record<'a>(i: &'a [u8]) -> nom::IResult<&'a [u8], &'a [u8]> {
+    let mut d = i;
+    while d.len() >= 4 {
+        if &d[1..4] == b"SMB" &&
+            (d[0] == 0xfe || d[0] == 0xff || d[0] == 0xfd)
+        {
+            return Ok((&d[4..], d));
+        }
+        d = &d[1..];
+    }
+    Err(nom::Err::Incomplete(nom::Needed::Size(4 as usize - d.len())))
  }
-
-named!(pub search_smb_record<SmbRecordPostGap>,
-    do_parse!(
-           alt!(take_until!([0xfe, 0x53, 0x4d, 0x42].as_bytes())|    // SMB2
-                take_until!([0xff, 0x53, 0x4d, 0x42].as_bytes())|    // SMB1
-                take_until!([0xfd, 0x53, 0x4d, 0x42].as_bytes()))    // SMB3 transform hdr
-        >> data : rest
-        >> ( SmbRecordPostGap {
-                data:data,
-           })
-));
author	Victor Julien <victor@inliniac.net>
	Sat, 9 Feb 2019 09:40:05 +0000 (10:40 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 12 Feb 2019 11:07:00 +0000 (12:07 +0100)
rust/src/smb/smb.rs		patch \| blob \| blame \| history
rust/src/smb/smb2_records.rs		patch \| blob \| blame \| history