Merge pull request #2812 in SNORT/snort3 from ~SMINUT/snort3:smbfp_ftd to master

Squashed commit of the following:

commit dbfa20b6ac750dcc32956ecf5803c7fa0bcb212b
Author: Silviu Minut <sminut@cisco.com>
Date:   Wed Mar 24 19:24:42 2021 -0400

    rna: add the smb fingerprint processor to the get_or_create / set processor api

diff --git a/src/network_inspectors/rna/rna_fingerprint.h b/src/network_inspectors/rna/rna_fingerprint.h
index 63a772f8e37ddcc919003ea6d2754b7ad757cf75..36abd9bca65e89a40346406b96f804c03d5564fe 100644 (file)
--- a/src/network_inspectors/rna/rna_fingerprint.h
+++ b/src/network_inspectors/rna/rna_fingerprint.h
@@ -147,8 +147,8 @@ public:
     std::string dhcp55;
     std::string dhcp60;
 
-    int16_t smb_major;
-    int16_t smb_minor;
+    uint16_t smb_major;
+    uint16_t smb_minor;
     uint32_t smb_flags;
 
     void clear()
@@ -171,7 +171,7 @@ public:
         dhcp60.clear();
         smb_major = 0;
         smb_minor = 0;
-        smb_flags=0;
+        smb_flags = 0;
     }
 };
 

diff --git a/src/network_inspectors/rna/rna_inspector.cc b/src/network_inspectors/rna/rna_inspector.cc
index 79b605fa980df2ed536f61877caa6450f815c8b3..c0cda3c71c75a062d8ed8859ea13d3746a2ad6b3 100644 (file)
--- a/src/network_inspectors/rna/rna_inspector.cc
+++ b/src/network_inspectors/rna/rna_inspector.cc
@@ -216,7 +216,7 @@ void RnaInspector::load_rna_conf()
 }
 
 void RnaInspector::get_or_create_fp_processor(TcpFpProcessor*& tfp, UaFpProcessor*& uafp,
-    UdpFpProcessor*& udpfp)
+    UdpFpProcessor*& udpfp, SmbFpProcessor*& smbfp)
 {
     if ( !mod_conf )
         return;
@@ -227,13 +227,17 @@ void RnaInspector::get_or_create_fp_processor(TcpFpProcessor*& tfp, UaFpProcesso
         mod_conf->ua_processor = new UaFpProcessor;
     if ( !mod_conf->udp_processor )
         mod_conf->udp_processor = new UdpFpProcessor;
+    if ( !mod_conf->smb_processor )
+        mod_conf->smb_processor = new SmbFpProcessor;
 
     tfp = mod_conf->tcp_processor;
     uafp = mod_conf->ua_processor;
     udpfp = mod_conf->udp_processor;
+    smbfp = mod_conf->smb_processor;
 }
 
-void RnaInspector::set_fp_processor(TcpFpProcessor* tfp, UaFpProcessor* uafp, UdpFpProcessor* udpfp)
+void RnaInspector::set_fp_processor(TcpFpProcessor* tfp, UaFpProcessor* uafp, UdpFpProcessor* udpfp,
+    SmbFpProcessor* smbfp)
 {
     if ( !mod_conf )
         return;
@@ -246,6 +250,9 @@ void RnaInspector::set_fp_processor(TcpFpProcessor* tfp, UaFpProcessor* uafp, Ud
 
     delete mod_conf->udp_processor;
     mod_conf->udp_processor = udpfp;
+
+    delete mod_conf->smb_processor;
+    mod_conf->smb_processor = smbfp;
 }
 
 //-------------------------------------------------------------------------
@@ -334,11 +341,13 @@ TEST_CASE("RNA inspector", "[rna_inspector]")
         TcpFpProcessor* tfp = nullptr;
         UaFpProcessor* uafp = nullptr;
         UdpFpProcessor* udpfp = nullptr;
-        ins.set_fp_processor(tfp, uafp, udpfp);
-        ins.get_or_create_fp_processor(tfp, uafp, udpfp);
+        SmbFpProcessor* smbfp = nullptr;
+        ins.set_fp_processor(tfp, uafp, udpfp, smbfp);
+        ins.get_or_create_fp_processor(tfp, uafp, udpfp, smbfp);
         CHECK(tfp != nullptr);
         CHECK(uafp != nullptr);
         CHECK(udpfp != nullptr);
+        CHECK(smbfp != nullptr);
     }
 }
 #endif

diff --git a/src/network_inspectors/rna/rna_inspector.h b/src/network_inspectors/rna/rna_inspector.h
index cde7651f53c781397d5a7954a3d31a76851cc005..78dbcb52ee55ecf0411476fb2524c8c894580e02 100644 (file)
--- a/src/network_inspectors/rna/rna_inspector.h
+++ b/src/network_inspectors/rna/rna_inspector.h
@@ -31,6 +31,7 @@ struct Packet;
 class TcpFpProcessor;
 class UaFpProcessor;
 class UdpFpProcessor;
+class SmbFpProcessor;
 }
 
 struct RnaConfig;
@@ -51,8 +52,9 @@ public:
     void tterm() override;
 
     void get_or_create_fp_processor(snort::TcpFpProcessor*&, snort::UaFpProcessor*&,
-        snort::UdpFpProcessor*&);
-    void set_fp_processor(snort::TcpFpProcessor*, snort::UaFpProcessor*, snort::UdpFpProcessor*);
+        snort::UdpFpProcessor*&, snort::SmbFpProcessor*&);
+    void set_fp_processor(snort::TcpFpProcessor*, snort::UaFpProcessor*,
+        snort::UdpFpProcessor*, snort::SmbFpProcessor*);
 
     RnaPnd* get_pnd() const { return pnd; }
 

diff --git a/src/network_inspectors/rna/rna_module.cc b/src/network_inspectors/rna/rna_module.cc
index cdec7d974e52be448c66472923a04b23b8e68080..c0e172e4def1cb8e41eb5c5f3734109f2337a83f 100644 (file)
--- a/src/network_inspectors/rna/rna_module.cc
+++ b/src/network_inspectors/rna/rna_module.cc
@@ -500,9 +500,9 @@ bool RnaModule::set(const char* fqn, Value& v, SnortConfig*)
         else if (v.is("dhcp60"))
             fingerprint.dhcp60 = v.get_string();
         else if (v.is("major"))
-            fingerprint.smb_major = v.get_int16();
+            fingerprint.smb_major = v.get_uint16();
         else if (v.is("minor"))
-            fingerprint.smb_minor = v.get_int16();
+            fingerprint.smb_minor = v.get_uint16();
         else if (v.is("flags"))
             fingerprint.smb_flags = v.get_uint32();
         else