}
named!(pub parse_smb_trans_request_record_pipe<SmbPipeProtocolRecord>,
- dbg_dmp!(do_parse!(
+ do_parse!(
fun: le_u16
>> fid: take!(2)
>> (SmbPipeProtocolRecord {
function: fun,
fid: fid,
})
- ))
+ )
);
}
named!(pub parse_smb_trans_request_record_params<(SmbRecordTransRequestParams, Option<SmbPipeProtocolRecord>)>,
- dbg_dmp!(do_parse!(
+ do_parse!(
wct: le_u8
>> total_param_cnt: le_u16
>> total_data_count: le_u16
>> data_offset: le_u16
>> setup_cnt: le_u8
>> take!(1) // reserved
- >> pipe: cond!(wct == 16 && setup_cnt == 2, parse_smb_trans_request_record_pipe) // reserved
+ >> pipe: cond!(wct == 16 && setup_cnt == 2, parse_smb_trans_request_record_pipe)
>> bcc: le_u16
>> (( SmbRecordTransRequestParams {
max_data_cnt:max_data_cnt,
data_offset:data_offset,
bcc:bcc,
},
- pipe))))
+ pipe)))
);
#[derive(Debug,PartialEq)]
{
let (rem, (params, pipe)) = match parse_smb_trans_request_record_params(i) {
IResult::Done(rem, (rd, p)) => (rem, (rd, p)),
- IResult::Incomplete(ii) => {
- return IResult::Incomplete(ii);
- }
- IResult::Error(e) => {
- return IResult::Error(e);
- }
+ IResult::Incomplete(ii) => { return IResult::Incomplete(ii); }
+ IResult::Error(e) => { return IResult::Error(e); }
};
let mut offset = 32 + (i.len() - rem.len()); // init with SMB header
SCLogDebug!("params {:?}: offset {}", params, offset);
- let name = if r.flags2 & 0x8000_u16 != 0 { // unicode
- SCLogDebug!("unicode flag set");
+ let name = if r.has_unicode_support() {
parse_smb_trans_request_tx_name_unicode(rem, offset)
} else {
- SCLogDebug!("unicode flag NOT set");
parse_smb_trans_request_tx_name_ascii(rem)
};
let (rem2, n) = match name {
IResult::Done(rem, rd) => (rem, rd),
- IResult::Incomplete(ii) => {
- return IResult::Incomplete(ii);
- }
- IResult::Error(e) => {
- return IResult::Error(e);
- }
+ IResult::Incomplete(ii) => { return IResult::Incomplete(ii); }
+ IResult::Error(e) => { return IResult::Error(e); }
};
offset += rem.len() - rem2.len();
SCLogDebug!("n {:?}: offset {}", n, offset);
let d = match parse_smb_trans_request_record_data(rem2,
pad1, params.param_cnt, pad2, params.data_cnt) {
IResult::Done(_, rd) => rd,
- IResult::Incomplete(ii) => {
- return IResult::Incomplete(ii);
- }
- IResult::Error(e) => {
- return IResult::Error(e);
- }
+ IResult::Incomplete(ii) => { return IResult::Incomplete(ii); }
+ IResult::Error(e) => { return IResult::Error(e); }
};
SCLogDebug!("d {:?}", d);
d
pub data: &'a[u8],
}
+impl<'a> SmbRecord<'a> {
+ pub fn has_unicode_support(&self) -> bool {
+ self.flags2 & 0x8000_u16 != 0
+ }
+}
+
named!(pub parse_smb_record<SmbRecord>,
do_parse!(
server_component: tag!(b"\xffSMB")
pub fn smb1_session_setup_request_host_info(r: &SmbRecord, blob: &[u8]) -> SessionSetupRequest
{
- if blob.len() > 1 && r.flags2 & 0x8000_u16 != 0 {
+ if blob.len() > 1 && r.has_unicode_support() {
let offset = r.data.len() - blob.len();
let blob = if offset % 2 == 1 { &blob[1..] } else { blob };
let (native_os, native_lm, primary_domain) = match get_unicode_string(blob) {
pub fn smb1_session_setup_response_host_info(r: &SmbRecord, blob: &[u8]) -> SessionSetupResponse
{
- if blob.len() > 1 && r.flags2 & 0x8000_u16 != 0 {
+ if blob.len() > 1 && r.has_unicode_support() {
let offset = r.data.len() - blob.len();
let blob = if offset % 2 == 1 { &blob[1..] } else { blob };
let (native_os, native_lm) = match get_unicode_string(blob) {
IResult::Done(rem, n1) => {
match get_unicode_string(rem) {
- IResult::Done(_, n2) => {
- (n1, n2)
- },
+ IResult::Done(_, n2) => (n1, n2),
_ => { (n1, Vec::new()) },
}
},
let (native_os, native_lm) = match get_nullterm_string(blob) {
IResult::Done(rem, n1) => {
match get_nullterm_string(rem) {
- IResult::Done(_, n2) => {
- (n1, n2)
- },
+ IResult::Done(_, n2) => (n1, n2),
_ => { (n1, Vec::new()) },
}
},
projects / thirdparty / suricata.git / commitdiff
