pub ack_result: u16,
pub ack_reason: u16,
pub acked: bool,
+ pub context_id: u16,
}
impl DCERPCIface {
#[derive(Default, Debug)]
pub struct SMBTransactionDCERPC {
pub opnum: u16,
+ pub context_id: u16,
pub req_cmd: u8,
pub req_set: bool,
pub res_cmd: u8,
fn new_request(req: u8, call_id: u32) -> Self {
return Self {
opnum: 0,
+ context_id: 0,
req_cmd: req,
req_set: true,
call_id: call_id,
SCLogDebug!("first frag size {}", recr.data.len());
tdn.stub_data_ts.extend_from_slice(recr.data);
tdn.opnum = recr.opnum;
+ tdn.context_id = recr.context_id;
tdn.frag_cnt_ts += 1;
SCLogDebug!("DCERPC: REQUEST opnum {} stub data len {}",
tdn.opnum, tdn.stub_data_ts.len());
#[derive(Debug,PartialEq)]
pub struct DceRpcRequestRecord<'a> {
pub opnum: u16,
+ pub context_id: u16,
pub data: &'a[u8],
}
if frag_len < 24 {
return Err(Err::Error(SmbError::RecordTooSmall));
}
- let (i, _) = take(6_usize)(i)?;
+ let (i, _) = take(4_usize)(i)?;
let endian = if little { Endianness::Little } else { Endianness::Big };
+ let (i, context_id) = u16(endian)(i)?;
let (i, opnum) = u16(endian)(i)?;
let (i, data) = take(frag_len - 24)(i)?;
- let record = DceRpcRequestRecord { opnum, data };
+ let record = DceRpcRequestRecord { opnum, context_id, data };
Ok((i, record))
}
projects / thirdparty / suricata.git / commitdiff
