smb: use Direction enum

author Shivani Bhardwaj <shivanib134@gmail.com>

Thu, 12 Aug 2021 16:29:53 +0000 (21:59 +0530)

committer Victor Julien <vjulien@oisf.net>

Fri, 19 Nov 2021 16:20:01 +0000 (17:20 +0100)
author Shivani Bhardwaj <shivanib134@gmail.com>
Thu, 12 Aug 2021 16:29:53 +0000 (21:59 +0530)
committer Victor Julien <vjulien@oisf.net>
Fri, 19 Nov 2021 16:20:01 +0000 (17:20 +0100)
diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs

index cd6e16012985de1273b76c745002b0708eeff629..b76a1bc3610adb267a817363cbc8acef4c144ea5 100644 (file)
--- a/rust/src/smb/detect.rs
+++ b/rust/src/smb/detect.rs
@@ -77,7 +77,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_stub_data(tx: &mut SMBTransaction,
  {
      match tx.type_data {
          Some(SMBTransactionTypeData::DCERPC(ref x)) => {
-            let vref = if direction == STREAM_TOSERVER {
+            let vref = if direction == Direction::ToServer as u8 {
                  &x.stub_data_ts
              } else {
                  &x.stub_data_tc
diff --git a/rust/src/smb/files.rs b/rust/src/smb/files.rs

index 97f302179c678b3ada549261c1fad21b79bca098..7372641fd75f3f5913d9030d6e6de75a310fd93b 100644 (file)
--- a/rust/src/smb/files.rs
+++ b/rust/src/smb/files.rs
@@ -25,7 +25,7 @@ use crate::smb::smb::*;
  /// File tracking transaction. Single direction only.
  #[derive(Default, Debug)]
  pub struct SMBTransactionFile {
-    pub direction: u8,
+    pub direction: Direction,
      pub fuid: Vec<u8>,
      pub file_name: Vec<u8>,
      pub share_name: Vec<u8>,
@@ -58,7 +58,7 @@ pub fn filetracker_newchunk(ft: &mut FileTransferTracker, files: &mut FileContai
  }
  
  impl SMBState {
-    pub fn new_file_tx(&mut self, fuid: &Vec<u8>, file_name: &Vec<u8>, direction: u8)
+    pub fn new_file_tx(&mut self, fuid: &Vec<u8>, file_name: &Vec<u8>, direction: Direction)
          -> (&mut SMBTransaction, &mut FileContainer, u16)
      {
          let mut tx = self.new_tx();
@@ -77,11 +77,11 @@ impl SMBState {
                  tx.id, String::from_utf8_lossy(file_name));
          self.transactions.push(tx);
          let tx_ref = self.transactions.last_mut();
-        let (files, flags) = self.files.get(direction.into());
+        let (files, flags) = self.files.get(direction);
          return (tx_ref.unwrap(), files, flags)
      }
  
-    pub fn get_file_tx_by_fuid(&mut self, fuid: &Vec<u8>, direction: u8)
+    pub fn get_file_tx_by_fuid(&mut self, fuid: &Vec<u8>, direction: Direction)
          -> Option<(&mut SMBTransaction, &mut FileContainer, u16)>
      {
          let f = fuid.to_vec();
@@ -95,7 +95,7 @@ impl SMBState {
  
              if found {
                  SCLogDebug!("SMB: Found SMB file TX with ID {}", tx.id);
-                let (files, flags) = self.files.get(direction.into());
+                let (files, flags) = self.files.get(direction);
                  return Some((tx, files, flags));
              }
          }
@@ -103,17 +103,17 @@ impl SMBState {
          return None;
      }
  
-    fn getfiles(&mut self, direction: u8) -> * mut FileContainer {
-        //SCLogDebug!("direction: {}", direction);
-        if direction == STREAM_TOCLIENT {
+    fn getfiles(&mut self, direction: Direction) -> * mut FileContainer {
+        //SCLogDebug!("direction: {:?}", direction);
+        if direction == Direction::ToClient {
              &mut self.files.files_tc as *mut FileContainer
          } else {
              &mut self.files.files_ts as *mut FileContainer
          }
      }
-    fn setfileflags(&mut self, direction: u8, flags: u16) {
-        SCLogDebug!("direction: {}, flags: {}", direction, flags);
-        if direction == STREAM_TOCLIENT {
+    fn setfileflags(&mut self, direction: Direction, flags: u16) {
+        SCLogDebug!("direction: {:?}, flags: {}", direction, flags);
+        if direction == Direction::ToClient {
              self.files.flags_tc = flags;
          } else {
              self.files.flags_ts = flags;
@@ -122,8 +122,8 @@ impl SMBState {
  
      // update in progress chunks for file transfers
      // return how much data we consumed
-    pub fn filetracker_update(&mut self, direction: u8, data: &[u8], gap_size: u32) -> u32 {
-        let mut chunk_left = if direction == STREAM_TOSERVER {
+    pub fn filetracker_update(&mut self, direction: Direction, data: &[u8], gap_size: u32) -> u32 {
+        let mut chunk_left = if direction == Direction::ToServer {
              self.file_ts_left
          } else {
              self.file_tc_left
@@ -132,7 +132,7 @@ impl SMBState {
              return 0
          }
          SCLogDebug!("chunk_left {} data {}", chunk_left, data.len());
-        let file_handle = if direction == STREAM_TOSERVER {
+        let file_handle = if direction == Direction::ToServer {
              self.file_ts_guid.to_vec()
          } else {
              self.file_tc_guid.to_vec()
@@ -150,7 +150,7 @@ impl SMBState {
              chunk_left -= data.len() as u32;
          }
  
-        if direction == STREAM_TOSERVER {
+        if direction == Direction::ToServer {
              self.file_ts_left = chunk_left;
          } else {
              self.file_tc_left = chunk_left;
@@ -194,7 +194,7 @@ impl SMBState {
  pub unsafe extern "C" fn rs_smb_getfiles(ptr: *mut std::ffi::c_void, direction: u8) -> * mut FileContainer {
      if ptr.is_null() { panic!("NULL ptr"); };
      let parser = cast_pointer!(ptr, SMBState);
-    parser.getfiles(direction)
+    parser.getfiles(direction.into())
  }
  
  #[no_mangle]
@@ -202,5 +202,5 @@ pub unsafe extern "C" fn rs_smb_setfileflags(direction: u8, ptr: *mut SMBState,
      if ptr.is_null() { panic!("NULL ptr"); };
      let parser = &mut *ptr;
      SCLogDebug!("direction {} flags {}", direction, flags);
-    parser.setfileflags(direction, flags)
+    parser.setfileflags(direction.into(), flags)
  }
diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs

index 34f4e379dfd86331dc94b1fdf4a44f586708462c..616c99322b20bf24b302b56760e8314b0f34c9b1 100644 (file)
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -1131,7 +1131,7 @@ impl SMBState {
                      if self.ts > f.post_gap_ts {
                          tx.request_done = true;
                          tx.response_done = true;
-                        let (files, flags) = self.files.get(f.direction.into());
+                        let (files, flags) = self.files.get(f.direction);
                          f.file_tracker.trunc(files, flags);
                      } else {
                          post_gap_txs = true;
@@ -1147,9 +1147,9 @@ impl SMBState {
       * can handle gaps. For the file transactions we set the current
       * (flow) time and prune them in 60 seconds if no update for them
       * was received. */
-    fn post_gap_housekeeping(&mut self, dir: u8)
+    fn post_gap_housekeeping(&mut self, dir: Direction)
      {
-        if self.ts_ssn_gap && dir == STREAM_TOSERVER {
+        if self.ts_ssn_gap && dir == Direction::ToServer {
              for tx in &mut self.transactions {
                  if tx.id >= self.tx_id {
                      SCLogDebug!("post_gap_housekeeping: done");
@@ -1167,7 +1167,7 @@ impl SMBState {
                      tx.request_done = true;
                  }
              }
-        } else if self.tc_ssn_gap && dir == STREAM_TOCLIENT {
+        } else if self.tc_ssn_gap && dir == Direction::ToClient {
              for tx in &mut self.transactions {
                  if tx.id >= self.tx_id {
                      SCLogDebug!("post_gap_housekeeping: done");
@@ -1190,10 +1190,10 @@ impl SMBState {
          }
      }
  
-    pub fn set_file_left(&mut self, direction: u8, rec_size: u32, data_size: u32, fuid: Vec<u8>)
+    pub fn set_file_left(&mut self, direction: Direction, rec_size: u32, data_size: u32, fuid: Vec<u8>)
      {
          let left = rec_size.saturating_sub(data_size);
-        if direction == STREAM_TOSERVER {
+        if direction == Direction::ToServer {
              self.file_ts_left = left;
              self.file_ts_guid = fuid;
          } else {
@@ -1202,10 +1202,10 @@ impl SMBState {
          }
      }
  
-    pub fn set_skip(&mut self, direction: u8, rec_size: u32, data_size: u32)
+    pub fn set_skip(&mut self, direction: Direction, rec_size: u32, data_size: u32)
      {
          let skip = rec_size.saturating_sub(data_size);
-        if direction == STREAM_TOSERVER {
+        if direction == Direction::ToServer {
              self.skip_ts = skip;
          } else {
              self.skip_tc = skip;
@@ -1213,8 +1213,8 @@ impl SMBState {
      }
  
      // return how much data we consumed
-    fn handle_skip(&mut self, direction: u8, input_size: u32) -> u32 {
-        let mut skip_left = if direction == STREAM_TOSERVER {
+    fn handle_skip(&mut self, direction: Direction, input_size: u32) -> u32 {
+        let mut skip_left = if direction == Direction::ToServer {
              self.skip_ts
          } else {
              self.skip_tc
@@ -1236,7 +1236,7 @@ impl SMBState {
              skip_left -= input_size;
          }
  
-        if direction == STREAM_TOSERVER {
+        if direction == Direction::ToServer {
              self.skip_ts = skip_left;
          } else {
              self.skip_tc = skip_left;
@@ -1331,7 +1331,7 @@ impl SMBState {
      pub fn parse_tcp_data_ts<'b>(&mut self, i: &'b[u8]) -> AppLayerResult
      {
          let mut cur_i = i;
-        let consumed = self.handle_skip(STREAM_TOSERVER, cur_i.len() as u32);
+        let consumed = self.handle_skip(Direction::ToServer, cur_i.len() as u32);
          if consumed > 0 {
              if consumed > cur_i.len() as u32 {
                  self.set_event(SMBEvent::InternalError);
@@ -1341,7 +1341,7 @@ impl SMBState {
          }
          // take care of in progress file chunk transfers
          // and skip buffer beyond it
-        let consumed = self.filetracker_update(STREAM_TOSERVER, cur_i, 0);
+        let consumed = self.filetracker_update(Direction::ToServer, cur_i, 0);
          if consumed > 0 {
              if consumed > cur_i.len() as u32 {
                  self.set_event(SMBEvent::InternalError);
@@ -1478,7 +1478,7 @@ impl SMBState {
              }
          };
  
-        self.post_gap_housekeeping(STREAM_TOSERVER);
+        self.post_gap_housekeeping(Direction::ToServer);
          if self.check_post_gap_file_txs && !self.post_gap_files_checked {
              self.post_gap_housekeeping_for_files();
              self.post_gap_files_checked = true;
@@ -1570,7 +1570,7 @@ impl SMBState {
      pub fn parse_tcp_data_tc<'b>(&mut self, i: &'b[u8]) -> AppLayerResult
      {
          let mut cur_i = i;
-        let consumed = self.handle_skip(STREAM_TOCLIENT, cur_i.len() as u32);
+        let consumed = self.handle_skip(Direction::ToClient, cur_i.len() as u32);
          if consumed > 0 {
              if consumed > cur_i.len() as u32 {
                  self.set_event(SMBEvent::InternalError);
@@ -1580,7 +1580,7 @@ impl SMBState {
          }
          // take care of in progress file chunk transfers
          // and skip buffer beyond it
-        let consumed = self.filetracker_update(STREAM_TOCLIENT, cur_i, 0);
+        let consumed = self.filetracker_update(Direction::ToClient, cur_i, 0);
          if consumed > 0 {
              if consumed > cur_i.len() as u32 {
                  self.set_event(SMBEvent::InternalError);
@@ -1719,7 +1719,7 @@ impl SMBState {
                  },
              }
          };
-        self.post_gap_housekeeping(STREAM_TOCLIENT);
+        self.post_gap_housekeeping(Direction::ToClient);
          if self.check_post_gap_file_txs && !self.post_gap_files_checked {
              self.post_gap_housekeeping_for_files();
              self.post_gap_files_checked = true;
@@ -1731,12 +1731,12 @@ impl SMBState {
      /// handle a gap in the TOSERVER direction
      /// returns: 0 ok, 1 unrecoverable error
      pub fn parse_tcp_data_ts_gap(&mut self, gap_size: u32) -> AppLayerResult {
-        let consumed = self.handle_skip(STREAM_TOSERVER, gap_size);
+        let consumed = self.handle_skip(Direction::ToServer, gap_size);
          if consumed < gap_size {
              let new_gap_size = gap_size - consumed;
              let gap = vec![0; new_gap_size as usize];
  
-            let consumed2 = self.filetracker_update(STREAM_TOSERVER, &gap, new_gap_size);
+            let consumed2 = self.filetracker_update(Direction::ToServer, &gap, new_gap_size);
              if consumed2 > new_gap_size {
                  SCLogDebug!("consumed more than GAP size: {} > {}", consumed2, new_gap_size);
                  self.set_event(SMBEvent::InternalError);
@@ -1752,12 +1752,12 @@ impl SMBState {
      /// handle a gap in the TOCLIENT direction
      /// returns: 0 ok, 1 unrecoverable error
      pub fn parse_tcp_data_tc_gap(&mut self, gap_size: u32) -> AppLayerResult {
-        let consumed = self.handle_skip(STREAM_TOCLIENT, gap_size);
+        let consumed = self.handle_skip(Direction::ToClient, gap_size);
          if consumed < gap_size {
              let new_gap_size = gap_size - consumed;
              let gap = vec![0; new_gap_size as usize];
  
-            let consumed2 = self.filetracker_update(STREAM_TOCLIENT, &gap, new_gap_size);
+            let consumed2 = self.filetracker_update(Direction::ToClient, &gap, new_gap_size);
              if consumed2 > new_gap_size {
                  SCLogDebug!("consumed more than GAP size: {} > {}", consumed2, new_gap_size);
                  self.set_event(SMBEvent::InternalError);
@@ -1826,8 +1826,8 @@ pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow,
      let buf = std::slice::from_raw_parts(input, input_len as usize);
      let mut state = cast_pointer!(state, SMBState);
      let flow = cast_pointer!(flow, Flow);
-    let file_flags = FileFlowToFlags(flow, STREAM_TOSERVER);
-    rs_smb_setfileflags(STREAM_TOSERVER, state, file_flags|FILE_USE_DETECT);
+    let file_flags = FileFlowToFlags(flow, Direction::ToServer as u8);
+    rs_smb_setfileflags(Direction::ToServer as u8, state, file_flags|FILE_USE_DETECT);
      SCLogDebug!("parsing {} bytes of request data", input_len);
  
      if input.is_null() && input_len > 0 {
@@ -1864,8 +1864,8 @@ pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow,
  {
      let mut state = cast_pointer!(state, SMBState);
      let flow = cast_pointer!(flow, Flow);
-    let file_flags = FileFlowToFlags(flow, STREAM_TOCLIENT);
-    rs_smb_setfileflags(STREAM_TOCLIENT, state, file_flags|FILE_USE_DETECT);
+    let file_flags = FileFlowToFlags(flow, Direction::ToClient as u8);
+    rs_smb_setfileflags(Direction::ToClient as u8, state, file_flags|FILE_USE_DETECT);
  
      if input.is_null() && input_len > 0 {
          return rs_smb_parse_response_tcp_gap(state, input_len);
@@ -1891,7 +1891,7 @@ pub extern "C" fn rs_smb_parse_response_tcp_gap(
      state.parse_tcp_data_tc_gap(input_len as u32)
  }
  
-fn smb_probe_tcp_midstream(direction: u8, slice: &[u8], rdir: *mut u8) -> i8
+fn smb_probe_tcp_midstream(direction: Direction, slice: &[u8], rdir: *mut u8) -> i8
  {
      match search_smb_record(slice) {
          Ok((_, data)) => {
@@ -1905,13 +1905,13 @@ fn smb_probe_tcp_midstream(direction: u8, slice: &[u8], rdir: *mut u8) -> i8
                              Ok((_, ref smb_record)) => {
                                  if smb_record.flags & 0x80 != 0 {
                                      SCLogDebug!("RESPONSE {:02x}", smb_record.flags);
-                                    if direction & STREAM_TOSERVER != 0 {
-                                        unsafe { *rdir = STREAM_TOCLIENT; }
+                                    if direction == Direction::ToServer {
+                                        unsafe { *rdir = Direction::ToClient as u8; }
                                      }
                                  } else {
                                      SCLogDebug!("REQUEST {:02x}", smb_record.flags);
-                                    if direction & STREAM_TOCLIENT != 0 {
-                                        unsafe { *rdir = STREAM_TOSERVER; }
+                                    if direction == Direction::ToClient {
+                                        unsafe { *rdir = Direction::ToServer as u8; }
                                      }
                                  }
                                  return 1;
@@ -1922,15 +1922,15 @@ fn smb_probe_tcp_midstream(direction: u8, slice: &[u8], rdir: *mut u8) -> i8
                          SCLogDebug!("SMB2 record");
                          match parse_smb2_record_direction(data) {
                              Ok((_, ref smb_record)) => {
-                                if direction & STREAM_TOSERVER != 0 {
-                                    SCLogDebug!("direction STREAM_TOSERVER smb_record {:?}", smb_record);
+                                if direction == Direction::ToServer {
+                                    SCLogDebug!("direction Direction::ToServer smb_record {:?}", smb_record);
                                      if !smb_record.request {
-                                        unsafe { *rdir = STREAM_TOCLIENT; }
+                                        unsafe { *rdir = Direction::ToClient as u8; }
                                      }
                                  } else {
-                                    SCLogDebug!("direction STREAM_TOCLIENT smb_record {:?}", smb_record);
+                                    SCLogDebug!("direction Direction::ToClient smb_record {:?}", smb_record);
                                      if smb_record.request {
-                                        unsafe { *rdir = STREAM_TOSERVER; }
+                                        unsafe { *rdir = Direction::ToServer as u8; }
                                      }
                                  }
                              },
@@ -1966,7 +1966,7 @@ pub unsafe extern "C" fn rs_smb_probe_tcp(_f: *const Flow,
      }
      let slice = build_slice!(input, len as usize);
      if flags & STREAM_MIDSTREAM == STREAM_MIDSTREAM {
-        if smb_probe_tcp_midstream(flags, slice, rdir) == 1 {
+        if smb_probe_tcp_midstream(flags.into(), slice, rdir) == 1 {
              return ALPROTO_SMB;
          }
      }
@@ -2070,14 +2070,14 @@ pub unsafe extern "C" fn rs_smb_tx_get_alstate_progress(tx: *mut ffi::c_void,
  {
      let tx = cast_pointer!(tx, SMBTransaction);
  
-    if direction == STREAM_TOSERVER && tx.request_done {
+    if direction == Direction::ToServer as u8 && tx.request_done {
          SCLogDebug!("tx {} TOSERVER progress 1 => {:?}", tx.id, tx);
          return 1;
-    } else if direction == STREAM_TOCLIENT && tx.response_done {
+    } else if direction == Direction::ToClient as u8 && tx.response_done {
          SCLogDebug!("tx {} TOCLIENT progress 1 => {:?}", tx.id, tx);
          return 1;
      } else {
-        SCLogDebug!("tx {} direction {} progress 0", tx.id, direction);
+        SCLogDebug!("tx {} direction {:?} progress 0", tx.id, direction);
          return 0;
      }
  }
@@ -2124,10 +2124,13 @@ pub unsafe extern "C" fn rs_smb_state_truncate(
          direction: u8)
  {
      let state = cast_pointer!(state, SMBState);
-    if (direction & STREAM_TOSERVER) != 0 {
-        state.trunc_ts();
-    } else {
-        state.trunc_tc();
+    match direction.into() {
+        Direction::ToServer => {
+            state.trunc_ts();
+        }
+        Direction::ToClient => {
+            state.trunc_tc();
+        }
      }
  }
  
@@ -2168,10 +2171,13 @@ pub unsafe extern "C" fn smb3_probe_tcp(f: *const Flow, dir: u8, input: *const u
      let fsp = if (flags & FLOW_DIR_REVERSED) != 0 { dp } else { sp };
      let fdp = if (flags & FLOW_DIR_REVERSED) != 0 { sp } else { dp };
      if fsp == 445 && fdp != 445 {
-        if dir & STREAM_TOSERVER != 0 {
-            *rdir = STREAM_TOCLIENT;
-        } else {
-            *rdir = STREAM_TOSERVER;
+        match dir.into() {
+            Direction::ToServer => {
+                *rdir = Direction::ToClient as u8;
+            }
+            Direction::ToClient => {
+                *rdir = Direction::ToServer as u8;
+            }
          }
      }
      return ALPROTO_SMB;
@@ -2183,24 +2189,24 @@ fn register_pattern_probe() -> i8 {
          // SMB1
          r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB,
                                                       b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
-                                                     STREAM_TOSERVER, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+                                                     Direction::ToServer as u8, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
          r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB,
                                                       b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
-                                                     STREAM_TOCLIENT, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+                                                     Direction::ToClient as u8, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
          // SMB2/3
          r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB,
                                                       b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
-                                                     STREAM_TOSERVER, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+                                                     Direction::ToServer as u8, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
          r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB,
                                                       b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
-                                                     STREAM_TOCLIENT, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+                                                     Direction::ToClient as u8, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
          // SMB3 encrypted records
          r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB,
                                                       b"|fd|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
-                                                     STREAM_TOSERVER, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+                                                     Direction::ToServer as u8, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
          r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB,
                                                       b"|fd|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
-                                                     STREAM_TOCLIENT, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+                                                     Direction::ToClient as u8, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
      }
  
      if r == 0 {
@@ -2269,7 +2275,7 @@ pub unsafe extern "C" fn rs_smb_register_parser() {
  
          if have_cfg == 0 {
              AppLayerProtoDetectPPRegister(IPPROTO_TCP as u8, default_port.as_ptr(), ALPROTO_SMB,
-                                          0, MIN_REC_SIZE, STREAM_TOSERVER, rs_smb_probe_tcp, rs_smb_probe_tcp);
+                                          0, MIN_REC_SIZE, Direction::ToServer as u8, rs_smb_probe_tcp, rs_smb_probe_tcp);
          }
  
          if AppLayerParserConfParserEnabled(
diff --git a/rust/src/smb/smb1.rs b/rust/src/smb/smb1.rs

index 5d9de58f5ed38772b308f9b2fc50552574f02aa5..b81ebee944257679f74706cba63e045423a47dee 100644 (file)
--- a/rust/src/smb/smb1.rs
+++ b/rust/src/smb/smb1.rs
@@ -148,7 +148,7 @@ fn smb1_close_file(state: &mut SMBState, fid: &Vec<u8>)
  {
      // we can have created 2 txs for a FID: one for reads
      // and one for writes. So close both.
-    match state.get_file_tx_by_fuid(fid, STREAM_TOSERVER) {
+    match state.get_file_tx_by_fuid(fid, Direction::ToServer) {
          Some((tx, files, flags)) => {
              SCLogDebug!("found tx {}", tx.id);
              if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
@@ -163,7 +163,7 @@ fn smb1_close_file(state: &mut SMBState, fid: &Vec<u8>)
          },
          None => { },
      }
-    match state.get_file_tx_by_fuid(fid, STREAM_TOCLIENT) {
+    match state.get_file_tx_by_fuid(fid, Direction::ToClient) {
          Some((tx, files, flags)) => {
              SCLogDebug!("found tx {}", tx.id);
              if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
@@ -976,7 +976,7 @@ pub fn smb1_write_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an
                  None => b"<unknown>".to_vec(),
              };
              let mut set_event_fileoverlap = false;
-            let found = match state.get_file_tx_by_fuid(&file_fid, STREAM_TOSERVER) {
+            let found = match state.get_file_tx_by_fuid(&file_fid, Direction::ToServer) {
                  Some((tx, files, flags)) => {
                      let file_id : u32 = tx.id as u32;
                      if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
@@ -1004,7 +1004,7 @@ pub fn smb1_write_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an
                      let vercmd = SMBVerCmdStat::new1_with_ntstatus(command, r.nt_status);
                      smb_write_dcerpc_record(state, vercmd, hdr, rd.data);
                  } else {
-                    let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, STREAM_TOSERVER);
+                    let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, Direction::ToServer);
                      if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
                          let file_id : u32 = tx.id as u32;
                          SCLogDebug!("FID {:?} found at tx {}", file_fid, tx.id);
@@ -1023,7 +1023,7 @@ pub fn smb1_write_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an
                  state.set_event(SMBEvent::FileOverlap);
              }
  
-            state.set_file_left(STREAM_TOSERVER, rd.len, rd.data.len() as u32, file_fid.to_vec());
+            state.set_file_left(Direction::ToServer, rd.len, rd.data.len() as u32, file_fid.to_vec());
  
              if command == SMB1_COMMAND_WRITE_AND_CLOSE {
                  SCLogDebug!("closing FID {:?}", file_fid);
@@ -1052,7 +1052,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an
                      None => {
                          SCLogDebug!("SMBv1 READ response: reply to unknown request: left {} {:?}",
                                  rd.len - rd.data.len() as u32, rd);
-                        state.set_skip(STREAM_TOCLIENT, rd.len, rd.data.len() as u32);
+                        state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32);
                          return;
                      },
                  };
@@ -1069,7 +1069,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an
                          None => Vec::new(),
                      };
                      let mut set_event_fileoverlap = false;
-                    let found = match state.get_file_tx_by_fuid(&file_fid, STREAM_TOCLIENT) {
+                    let found = match state.get_file_tx_by_fuid(&file_fid, Direction::ToClient) {
                          Some((tx, files, flags)) => {
                              if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
                                  let file_id : u32 = tx.id as u32;
@@ -1086,7 +1086,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an
                          None => { false },
                      };
                      if !found {
-                        let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, STREAM_TOCLIENT);
+                        let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, Direction::ToClient);
                          if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
                              let file_id : u32 = tx.id as u32;
                              SCLogDebug!("FID {:?} found at tx {}", file_fid, tx.id);
@@ -1114,7 +1114,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an
                      smb_read_dcerpc_record(state, vercmd, hdr, pure_fid, rd.data);
                  }
  
-                state.set_file_left(STREAM_TOCLIENT, rd.len, rd.data.len() as u32, file_fid.to_vec());
+                state.set_file_left(Direction::ToClient, rd.len, rd.data.len() as u32, file_fid.to_vec());
              }
              _ => {
                  events.push(SMBEvent::MalformedData);
diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs

index 756c69081d484f716960429b5aeb2200b36d533e..271428f3d6f13b8decd6041457ebc1c5e2447c38 100644 (file)
--- a/rust/src/smb/smb2.rs
+++ b/rust/src/smb/smb2.rs
@@ -124,7 +124,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
  
              } else if r.nt_status != SMB_NTSTATUS_SUCCESS {
                  SCLogDebug!("SMBv2: read response error code received: skip record");
-                state.set_skip(STREAM_TOCLIENT, rd.len, rd.data.len() as u32);
+                state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32);
                  return;
              }
  
@@ -137,7 +137,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
                  Some(o) => (o.offset, o.guid),
                  None => {
                      SCLogDebug!("SMBv2 READ response: reply to unknown request {:?}",rd);
-                    state.set_skip(STREAM_TOCLIENT, rd.len, rd.data.len() as u32);
+                    state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32);
                      return;
                  },
              };
@@ -145,7 +145,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
  
              let mut set_event_fileoverlap = false;
              // look up existing tracker and if we have it update it
-            let found = match state.get_file_tx_by_fuid(&file_guid, STREAM_TOCLIENT) {
+            let found = match state.get_file_tx_by_fuid(&file_guid, Direction::ToClient) {
                  Some((tx, files, flags)) => {
                      if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
                          let file_id : u32 = tx.id as u32;
@@ -200,13 +200,13 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
                      smb_read_dcerpc_record(state, vercmd, hdr, &file_guid, rd.data);
                  } else if is_pipe {
                      SCLogDebug!("non-DCERPC pipe");
-                    state.set_skip(STREAM_TOCLIENT, rd.len, rd.data.len() as u32);
+                    state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32);
                  } else {
                      let file_name = match state.guid2name_map.get(&file_guid) {
                          Some(n) => { n.to_vec() },
                          None => { b"<unknown>".to_vec() },
                      };
-                    let (tx, files, flags) = state.new_file_tx(&file_guid, &file_name, STREAM_TOCLIENT);
+                    let (tx, files, flags) = state.new_file_tx(&file_guid, &file_name, Direction::ToClient);
                      if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
                          let file_id : u32 = tx.id as u32;
                          if offset < tdf.file_tracker.tracked {
@@ -226,7 +226,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
              if set_event_fileoverlap {
                  state.set_event(SMBEvent::FileOverlap);
              }
-            state.set_file_left(STREAM_TOCLIENT, rd.len, rd.data.len() as u32, file_guid.to_vec());
+            state.set_file_left(Direction::ToClient, rd.len, rd.data.len() as u32, file_guid.to_vec());
          }
          _ => {
              SCLogDebug!("SMBv2: failed to parse read response");
@@ -256,7 +256,7 @@ pub fn smb2_write_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
              };
  
              let mut set_event_fileoverlap = false;
-            let found = match state.get_file_tx_by_fuid(&file_guid, STREAM_TOSERVER) {
+            let found = match state.get_file_tx_by_fuid(&file_guid, Direction::ToServer) {
                  Some((tx, files, flags)) => {
                      if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
                          let file_id : u32 = tx.id as u32;
@@ -311,9 +311,9 @@ pub fn smb2_write_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
                      smb_write_dcerpc_record(state, vercmd, hdr, wr.data);
                  } else if is_pipe {
                      SCLogDebug!("non-DCERPC pipe: skip rest of the record");
-                    state.set_skip(STREAM_TOSERVER, wr.wr_len, wr.data.len() as u32);
+                    state.set_skip(Direction::ToServer, wr.wr_len, wr.data.len() as u32);
                  } else {
-                    let (tx, files, flags) = state.new_file_tx(&file_guid, &file_name, STREAM_TOSERVER);
+                    let (tx, files, flags) = state.new_file_tx(&file_guid, &file_name, Direction::ToServer);
                      if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
                          let file_id : u32 = tx.id as u32;
                          if wr.wr_offset < tdf.file_tracker.tracked {
@@ -332,7 +332,7 @@ pub fn smb2_write_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
              if set_event_fileoverlap {
                  state.set_event(SMBEvent::FileOverlap);
              }
-            state.set_file_left(STREAM_TOSERVER, wr.wr_len, wr.data.len() as u32, file_guid.to_vec());
+            state.set_file_left(Direction::ToServer, wr.wr_len, wr.data.len() as u32, file_guid.to_vec());
          },
          _ => {
              state.set_event(SMBEvent::MalformedData);
@@ -521,7 +521,7 @@ pub fn smb2_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
          SMB2_COMMAND_CLOSE => {
              match parse_smb2_request_close(r.data) {
                  Ok((_, cd)) => {
-                    let found_ts = match state.get_file_tx_by_fuid(&cd.guid.to_vec(), STREAM_TOSERVER) {
+                    let found_ts = match state.get_file_tx_by_fuid(&cd.guid.to_vec(), Direction::ToServer) {
                          Some((tx, files, flags)) => {
                              if !tx.request_done {
                                  if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
@@ -535,7 +535,7 @@ pub fn smb2_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
                          },
                          None => { false },
                      };
-                    let found_tc = match state.get_file_tx_by_fuid(&cd.guid.to_vec(), STREAM_TOCLIENT) {
+                    let found_tc = match state.get_file_tx_by_fuid(&cd.guid.to_vec(), Direction::ToClient) {
                          Some((tx, files, flags)) => {
                              if !tx.request_done {
                                  if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
@@ -635,7 +635,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
                          Vec::new()
                      },
                  };
-                let found = match state.get_file_tx_by_fuid(&file_guid, STREAM_TOCLIENT) {
+                let found = match state.get_file_tx_by_fuid(&file_guid, Direction::ToClient) {
                      Some((tx, files, flags)) => {
                          if !tx.request_done {
                              if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
author	Shivani Bhardwaj <shivanib134@gmail.com>
	Thu, 12 Aug 2021 16:29:53 +0000 (21:59 +0530)
committer	Victor Julien <vjulien@oisf.net>
	Fri, 19 Nov 2021 16:20:01 +0000 (17:20 +0100)
rust/src/smb/detect.rs		patch \| blob \| blame \| history
rust/src/smb/files.rs		patch \| blob \| blame \| history
rust/src/smb/smb.rs		patch \| blob \| blame \| history
rust/src/smb/smb1.rs		patch \| blob \| blame \| history
rust/src/smb/smb2.rs		patch \| blob \| blame \| history