alert smb any any -> any any (msg:"SURICATA SMB supported WRITE size exceeded"; flow:to_server; app-layer-event:smb.negotiate_max_write_size_too_large; classtype:protocol-command-decode; sid:2225013; rev:1;)
# checks 'app-layer.protocols.smb.max-write-queue-size` against out of order chunks
-alert smb any any -> any any (msg:"SURICATA SMB max WRITE queue size exceeded"; flow:to_server; app-layer-event:smb.write_queue_size_too_large; classtype:protocol-command-decode; sid:2225014; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB max WRITE queue size exceeded"; flow:to_server; app-layer-event:smb.write_queue_size_exceeded; classtype:protocol-command-decode; sid:2225014; rev:1;)
# checks 'app-layer.protocols.smb.max-write-queue-cnt` against out of order chunks
-alert smb any any -> any any (msg:"SURICATA SMB max WRITE queue cnt exceeded"; flow:to_server; app-layer-event:smb.write_queue_cnt_too_large; classtype:protocol-command-decode; sid:2225015; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB max WRITE queue cnt exceeded"; flow:to_server; app-layer-event:smb.write_queue_cnt_exceeded; classtype:protocol-command-decode; sid:2225015; rev:1;)
# checks 'app-layer.protocols.smb.max-read-queue-size` against out of order chunks
-alert smb any any -> any any (msg:"SURICATA SMB max READ queue size exceeded"; flow:to_client; app-layer-event:smb.read_queue_size_too_large; classtype:protocol-command-decode; sid:2225016; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB max READ queue size exceeded"; flow:to_client; app-layer-event:smb.read_queue_size_exceeded; classtype:protocol-command-decode; sid:2225016; rev:1;)
# checks 'app-layer.protocols.smb.max-read-queue-cnt` against out of order chunks
-alert smb any any -> any any (msg:"SURICATA SMB max READ queue cnt exceeded"; flow:to_client; app-layer-event:smb.read_queue_cnt_too_large; classtype:protocol-command-decode; sid:2225017; rev:1;)
+alert smb any any -> any any (msg:"SURICATA SMB max READ queue cnt exceeded"; flow:to_client; app-layer-event:smb.read_queue_cnt_exceeded; classtype:protocol-command-decode; sid:2225017; rev:1;)
# next sid 2225018
ReadRequestTooLarge = 12,
/// READ response bigger than `max_read_size`
ReadResponseTooLarge = 13,
- ReadResponseQueueSizeExceeded = 14,
- ReadResponseQueueCntExceeded = 15,
+ ReadQueueSizeExceeded = 14,
+ ReadQueueCntExceeded = 15,
/// WRITE request for more than `max_write_size`
WriteRequestTooLarge = 16,
WriteQueueSizeExceeded = 17,
11 => Some(SMBEvent::NegotiateMaxWriteSizeTooLarge),
12 => Some(SMBEvent::ReadRequestTooLarge),
13 => Some(SMBEvent::ReadResponseTooLarge),
- 14 => Some(SMBEvent::ReadResponseQueueSizeExceeded),
- 15 => Some(SMBEvent::ReadResponseQueueCntExceeded),
+ 14 => Some(SMBEvent::ReadQueueSizeExceeded),
+ 15 => Some(SMBEvent::ReadQueueCntExceeded),
16 => Some(SMBEvent::WriteRequestTooLarge),
17 => Some(SMBEvent::WriteQueueSizeExceeded),
18 => Some(SMBEvent::WriteQueueCntExceeded),
"negotiate_max_write_size_too_large" => SMBEvent::NegotiateMaxWriteSizeTooLarge as i32,
"read_request_too_large" => SMBEvent::ReadRequestTooLarge as i32,
"read_response_too_large" => SMBEvent::ReadResponseTooLarge as i32,
- "read_queue_size_too_large" => SMBEvent::ReadResponseQueueSizeExceeded as i32,
- "read_queue_cnt_too_large" => SMBEvent::ReadResponseQueueCntExceeded as i32,
+ "read_queue_size_exceeded" => SMBEvent::ReadQueueSizeExceeded as i32,
+ "read_queue_cnt_exceeded" => SMBEvent::ReadQueueCntExceeded as i32,
"write_request_too_large" => SMBEvent::WriteRequestTooLarge as i32,
- "write_queue_size_too_large" => SMBEvent::WriteQueueSizeExceeded as i32,
- "write_queue_cnt_too_large" => SMBEvent::WriteQueueCntExceeded as i32,
+ "write_queue_size_exceeded" => SMBEvent::WriteQueueSizeExceeded as i32,
+ "write_queue_cnt_exceeded" => SMBEvent::WriteQueueCntExceeded as i32,
_ => -1,
}
}
SMBEvent::NegotiateMaxWriteSizeTooLarge => { "negotiate_max_write_size_too_large\0" },
SMBEvent::ReadRequestTooLarge => { "read_request_too_large\0" },
SMBEvent::ReadResponseTooLarge => { "read_response_too_large\0" },
- SMBEvent::ReadResponseQueueSizeExceeded => { "read_queue_size_too_large\0" },
- SMBEvent::ReadResponseQueueCntExceeded => { "read_queue_cnt_too_large\0" },
+ SMBEvent::ReadQueueSizeExceeded => { "read_queue_size_exceeded\0" },
+ SMBEvent::ReadQueueCntExceeded => { "read_queue_cnt_exceeded\0" },
SMBEvent::WriteRequestTooLarge => { "write_request_too_large\0" },
- SMBEvent::WriteQueueSizeExceeded => { "write_queue_size_too_large\0" },
- SMBEvent::WriteQueueCntExceeded => { "write_queue_cnt_too_large\0" },
+ SMBEvent::WriteQueueSizeExceeded => { "write_queue_size_exceeded\0" },
+ SMBEvent::WriteQueueCntExceeded => { "write_queue_cnt_exceeded\0" },
};
unsafe{
*event_name = estr.as_ptr() as *const std::os::raw::c_char;
set_event_fileoverlap = true;
}
if max_queue_size != 0 && tdf.file_tracker.get_inflight_size() + rd.len as u64 > max_queue_size.into() {
- event = Some(SMBEvent::ReadResponseQueueCntExceeded);
+ event = Some(SMBEvent::ReadQueueCntExceeded);
skip = Some((rd.len, rd.data.len()));
} else if max_queue_cnt != 0 && tdf.file_tracker.get_inflight_cnt() >= max_queue_cnt as usize {
- event = Some(SMBEvent::ReadResponseQueueCntExceeded);
+ event = Some(SMBEvent::ReadQueueCntExceeded);
skip = Some((rd.len, rd.data.len()));
} else {
filetracker_newchunk(&mut tdf.file_tracker, files, flags,
set_event_fileoverlap = true;
}
if max_queue_size != 0 && tdf.file_tracker.get_inflight_size() + rd.len as u64 > max_queue_size.into() {
- event = Some(SMBEvent::ReadResponseQueueSizeExceeded);
+ event = Some(SMBEvent::ReadQueueSizeExceeded);
skip = Some((rd.len, rd.data.len()));
} else if max_queue_cnt != 0 && tdf.file_tracker.get_inflight_cnt() >= max_queue_cnt as usize {
- event = Some(SMBEvent::ReadResponseQueueCntExceeded);
+ event = Some(SMBEvent::ReadQueueCntExceeded);
skip = Some((rd.len, rd.data.len()));
} else {
filetracker_newchunk(&mut tdf.file_tracker, files, flags,
projects / thirdparty / suricata.git / commitdiff
