}
fn find_incomplete_tx(&mut self, hdr: &DCERPCHdrUdp) -> Option<&mut DCERPCTransaction> {
- for tx in &mut self.transactions {
- if tx.seqnum == hdr.seqnum && tx.activityuuid == hdr.activityuuid && ((hdr.pkt_type == DCERPC_TYPE_REQUEST && !tx.req_done) || (hdr.pkt_type == DCERPC_TYPE_RESPONSE && !tx.resp_done)) {
- SCLogDebug!("found tx id {}, last tx_id {}, {} {}", tx.id, self.tx_id, tx.seqnum, tx.activityuuid[0]);
- return Some(tx);
- }
- }
- None
+ return self.transactions.iter_mut().find(|tx| {
+ tx.seqnum == hdr.seqnum
+ && tx.activityuuid == hdr.activityuuid
+ && ((hdr.pkt_type == DCERPC_TYPE_REQUEST && !tx.req_done)
+ || (hdr.pkt_type == DCERPC_TYPE_RESPONSE && !tx.resp_done))
+ });
}
pub fn handle_fragment_data(&mut self, hdr: &DCERPCHdrUdp, input: &[u8]) -> bool {
}
pub fn get_tx(&mut self, tx_id: u64) -> Option<&DNSTransaction> {
- SCLogDebug!("get_tx: tx_id={}", tx_id);
- for tx in &mut self.transactions {
- if tx.id == tx_id + 1 {
- SCLogDebug!("Found DNS TX with ID {}", tx_id);
- return Some(tx);
- }
- }
- SCLogDebug!("Failed to find DNS TX with ID {}", tx_id);
- return None;
+ return self.transactions.iter().find(|&tx| tx.id == tx_id + 1);
}
/// Set an event. The event is set on the most recent transaction.
}
pub fn get_tx_by_id(&mut self, tx_id: u64) -> Option<&NFSTransaction> {
- SCLogDebug!("get_tx_by_id: tx_id={}", tx_id);
- for tx in &mut self.transactions {
- if tx.id == tx_id + 1 {
- SCLogDebug!("Found NFS TX with ID {}", tx_id);
- return Some(tx);
- }
- }
- SCLogDebug!("Failed to find NFS TX with ID {}", tx_id);
- return None;
+ return self.transactions.iter().find(|&tx| tx.id == tx_id + 1);
}
pub fn get_tx_by_xid(&mut self, tx_xid: u32) -> Option<&mut NFSTransaction> {
- SCLogDebug!("get_tx_by_xid: tx_xid={}", tx_xid);
- for tx in &mut self.transactions {
- if !tx.is_file_tx && tx.xid == tx_xid {
- SCLogDebug!("Found NFS TX with ID {} XID {:04X}", tx.id, tx.xid);
- return Some(tx);
- }
- }
- SCLogDebug!("Failed to find NFS TX with XID {:04X}", tx_xid);
- return None;
+ return self.transactions.iter_mut().find(|tx| !tx.is_file_tx && tx.xid == tx_xid);
}
/// Set an event. The event is set on the most recent transaction.
}
pub fn xidmap_handle2name(&mut self, xidmap: &mut NFSRequestXidMap) {
- match self.namemap.get(&xidmap.file_handle) {
- Some(n) => {
- SCLogDebug!("xidmap_handle2name: name {:?}", n);
- xidmap.file_name = n.to_vec();
- },
- _ => {
- SCLogDebug!("xidmap_handle2name: object {:?} not found",
- xidmap.file_handle);
- },
+ if let Some(n) = self.namemap.get(&xidmap.file_handle) {
+ SCLogDebug!("xidmap_handle2name: name {:?}", n);
+ xidmap.file_name = n.to_vec();
+ } else {
+ SCLogDebug!("xidmap_handle2name: object {:?} not found", xidmap.file_handle);
}
}
BerObjectContent::Sequence(ref seq) => {
for se in seq {
SCLogDebug!("SEQ {:?}", se);
- match se.content {
- BerObjectContent::OID(ref oid) => {
- SCLogDebug!("OID {:?}", oid);
- match oid.to_string().as_str() {
- "1.2.840.48018.1.2.2" => { SCLogDebug!("Microsoft Kerberos 5"); },
- "1.2.840.113554.1.2.2" => { SCLogDebug!("Kerberos 5"); have_kerberos = true; },
- "1.2.840.113554.1.2.2.1" => { SCLogDebug!("krb5-name"); },
- "1.2.840.113554.1.2.2.2" => { SCLogDebug!("krb5-principal"); },
- "1.2.840.113554.1.2.2.3" => { SCLogDebug!("krb5-user-to-user-mech"); },
- "1.3.6.1.4.1.311.2.2.10" => { SCLogDebug!("NTLMSSP"); have_ntlmssp = true; },
- "1.3.6.1.4.1.311.2.2.30" => { SCLogDebug!("NegoEx"); },
- _ => { SCLogDebug!("unexpected OID {:?}", oid); },
- }
- },
- _ => { SCLogDebug!("expected OID, got {:?}", se); },
+ if let BerObjectContent::OID(ref oid) = se.content {
+ SCLogDebug!("OID {:?}", oid);
+ match oid.to_string().as_str() {
+ "1.2.840.48018.1.2.2" => { SCLogDebug!("Microsoft Kerberos 5"); },
+ "1.2.840.113554.1.2.2" => { SCLogDebug!("Kerberos 5"); have_kerberos = true; },
+ "1.2.840.113554.1.2.2.1" => { SCLogDebug!("krb5-name"); },
+ "1.2.840.113554.1.2.2.2" => { SCLogDebug!("krb5-principal"); },
+ "1.2.840.113554.1.2.2.3" => { SCLogDebug!("krb5-user-to-user-mech"); },
+ "1.3.6.1.4.1.311.2.2.10" => { SCLogDebug!("NTLMSSP"); have_ntlmssp = true; },
+ "1.3.6.1.4.1.311.2.2.30" => { SCLogDebug!("NegoEx"); },
+ _ => { SCLogDebug!("unexpected OID {:?}", oid); },
+ }
+ } else {
+ SCLogDebug!("expected OID, got {:?}", se);
}
}
},
} else {
search_smb_record(slice)
};
- match r {
- Ok((_, data)) => {
- SCLogDebug!("smb found");
- match parse_smb_version(data) {
- Ok((_, ref smb)) => {
- SCLogDebug!("SMB {:?}", smb);
- if smb.version == 0xff_u8 { // SMB1
- SCLogDebug!("SMBv1 record");
- if let Ok((_, ref smb_record)) = parse_smb_record(data) {
- if smb_record.flags & 0x80 != 0 {
- SCLogDebug!("RESPONSE {:02x}", smb_record.flags);
- if direction == Direction::ToServer {
- unsafe { *rdir = Direction::ToClient as u8; }
- }
- } else {
- SCLogDebug!("REQUEST {:02x}", smb_record.flags);
- if direction == Direction::ToClient {
- unsafe { *rdir = Direction::ToServer as u8; }
- }
- }
- return 1;
+ if let Ok((_, data)) = r {
+ SCLogDebug!("smb found");
+ if let Ok((_, ref smb)) = parse_smb_version(data) {
+ SCLogDebug!("SMB {:?}", smb);
+ if smb.version == 0xff_u8 { // SMB1
+ SCLogDebug!("SMBv1 record");
+ if let Ok((_, ref smb_record)) = parse_smb_record(data) {
+ if smb_record.flags & 0x80 != 0 {
+ SCLogDebug!("RESPONSE {:02x}", smb_record.flags);
+ if direction == Direction::ToServer {
+ unsafe { *rdir = Direction::ToClient as u8; }
}
- } else if smb.version == 0xfe_u8 { // SMB2
- SCLogDebug!("SMB2 record");
- if let Ok((_, ref smb_record)) = parse_smb2_record_direction(data) {
- if direction == Direction::ToServer {
- SCLogDebug!("direction Direction::ToServer smb_record {:?}", smb_record);
- if !smb_record.request {
- unsafe { *rdir = Direction::ToClient as u8; }
- }
- } else {
- SCLogDebug!("direction Direction::ToClient smb_record {:?}", smb_record);
- if smb_record.request {
- unsafe { *rdir = Direction::ToServer as u8; }
- }
- }
+ } else {
+ SCLogDebug!("REQUEST {:02x}", smb_record.flags);
+ if direction == Direction::ToClient {
+ unsafe { *rdir = Direction::ToServer as u8; }
}
}
- else if smb.version == 0xfd_u8 { // SMB3 transform
- SCLogDebug!("SMB3 record");
- }
return 1;
- },
- _ => {
- SCLogDebug!("smb not found in {:?}", slice);
- },
+ }
+ } else if smb.version == 0xfe_u8 { // SMB2
+ SCLogDebug!("SMB2 record");
+ if let Ok((_, ref smb_record)) = parse_smb2_record_direction(data) {
+ if direction == Direction::ToServer {
+ SCLogDebug!("direction Direction::ToServer smb_record {:?}", smb_record);
+ if !smb_record.request {
+ unsafe { *rdir = Direction::ToClient as u8; }
+ }
+ } else {
+ SCLogDebug!("direction Direction::ToClient smb_record {:?}", smb_record);
+ if smb_record.request {
+ unsafe { *rdir = Direction::ToServer as u8; }
+ }
+ }
+ }
+ }
+ else if smb.version == 0xfd_u8 { // SMB3 transform
+ SCLogDebug!("SMB3 record");
}
- },
- _ => {
- SCLogDebug!("no dice");
- },
+ return 1;
+ } else {
+ SCLogDebug!("smb not found in {:?}", slice);
+ }
+ } else {
+ SCLogDebug!("no dice");
}
return 0;
}
SCLogDebug!("Create AndX {:?}", cr);
let guid_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_FILENAME);
- match state.ssn2vec_map.remove(&guid_key) {
- Some(mut p) => {
- p.retain(|&i|i != 0x00);
-
- let mut fid = cr.fid.to_vec();
- fid.extend_from_slice(&u32_as_bytes(r.ssn_id));
- SCLogDebug!("SMB1_COMMAND_NT_CREATE_ANDX fid {:?}", fid);
- SCLogDebug!("fid {:?} name {:?}", fid, p);
- state.guid2name_map.insert(fid, p);
- },
- _ => {
- SCLogDebug!("SMBv1 response: GUID NOT FOUND");
- },
+ if let Some(mut p) = state.ssn2vec_map.remove(&guid_key) {
+ p.retain(|&i|i != 0x00);
+
+ let mut fid = cr.fid.to_vec();
+ fid.extend_from_slice(&u32_as_bytes(r.ssn_id));
+ SCLogDebug!("SMB1_COMMAND_NT_CREATE_ANDX fid {:?}", fid);
+ SCLogDebug!("fid {:?} name {:?}", fid, p);
+ state.guid2name_map.insert(fid, p);
+ } else {
+ SCLogDebug!("SMBv1 response: GUID NOT FOUND");
}
let tx_hdr = SMBCommonHdr::from1(r, SMBHDR_TYPE_GENERICTX);
};
// otherwise try match with ssn id 0 (e.g. NTLMSSP_NEGOTIATE)
if !found {
- match state.get_sessionsetup_tx(
+ if let Some(tx) = state.get_sessionsetup_tx(
SMBCommonHdr::new(SMBHDR_TYPE_HEADER, 0, 0, r.multiplex_id as u64))
{
- Some(tx) => {
- smb1_session_setup_update_tx(tx, r, andx_offset);
- SCLogDebug!("smb1_session_setup_response: tx {:?}", tx);
- },
- None => {
- SCLogDebug!("smb1_session_setup_response: tx not found for {:?}", r);
- },
+ smb1_session_setup_update_tx(tx, r, andx_offset);
+ SCLogDebug!("smb1_session_setup_response: tx {:?}", tx);
+ } else {
+ SCLogDebug!("smb1_session_setup_response: tx not found for {:?}", r);
}
}
}
};
// otherwise try match with ssn id 0 (e.g. NTLMSSP_NEGOTIATE)
if !found {
- match state.get_sessionsetup_tx(
+ if let Some(tx) = state.get_sessionsetup_tx(
SMBCommonHdr::new(SMBHDR_TYPE_HEADER, 0, 0, r.message_id))
{
- Some(tx) => {
- smb2_session_setup_update_tx(tx, r);
- SCLogDebug!("smb2_session_setup_response: tx {:?}", tx);
- },
- None => {
- SCLogDebug!("smb2_session_setup_response: tx not found for {:?}", r);
- },
+ smb2_session_setup_update_tx(tx, r);
+ SCLogDebug!("smb2_session_setup_response: tx {:?}", tx);
+ } else {
+ SCLogDebug!("smb2_session_setup_response: tx not found for {:?}", r);
}
}
}
projects / thirdparty / suricata.git / commitdiff
