_ => r.tree_id,
};
let msg_id = match rec_type {
- SMBHDR_TYPE_TRANS_FRAG => { 0 },
- SMBHDR_TYPE_SHARE => { 0 },
+ SMBHDR_TYPE_TRANS_FRAG | SMBHDR_TYPE_SHARE => { 0 },
_ => { r.message_id as u64 },
};
_ => r.tree_id as u32,
};
let msg_id = match rec_type {
- SMBHDR_TYPE_TRANS_FRAG => { 0 },
- SMBHDR_TYPE_SHARE => { 0 },
+ SMBHDR_TYPE_TRANS_FRAG | SMBHDR_TYPE_SHARE => { 0 },
_ => { r.multiplex_id as u64 },
};
}
pub fn smb1_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) -> u32 {
- SCLogDebug!("record: {:?} command {}", r.greeter, r.command);
+ SCLogDebug!("record: command {}: record {:?}", r.command, r);
let mut events : Vec<SMBEvent> = Vec::new();
let mut no_response_expected = false;
#[derive(Debug,PartialEq)]
pub struct SmbRecordTreeConnectAndX<'a> {
- pub len: usize,
pub share: &'a[u8],
}
>> pwlen: le_u16
>> bcc: le_u16
>> pw: take!(pwlen)
- >> share: take!(bcc - (6 + pwlen))
+ >> share: cond!(bcc >= (6 + pwlen), take!(bcc - (6 + pwlen)))
>> service: take!(6)
>> (SmbRecordTreeConnectAndX {
- len:bcc as usize - (6 + pwlen as usize) as usize,
- share:share,
+ share: share.unwrap_or(&[]),
}))
);
>> skip2: take!(8)
>> bcc: le_u16
>> sec_blob: take!(sec_blob_len)
- //>> skip3: rest
>> (SmbRecordSetupAndX {
sec_blob:sec_blob,
}))
named!(pub parse_smb_read_andx_request_record<SmbRequestReadAndXRecord>,
do_parse!(
- wtc: le_u8
+ wct: le_u8
>> andx_command: le_u8
>> take!(1) // reserved
>> andx_offset: le_u16
>> take!(2)
>> max_count_high: le_u32
>> take!(2)
- >> high_offset: cond!(wtc==12,le_u32) // only from wtc ==12?
-
+ >> high_offset: cond!(wct==12,le_u32) // only from wct ==12?
>> (SmbRequestReadAndXRecord {
fid:fid,
size: (((max_count_high as u64) << 16)|max_count_low as u64),
named!(pub parse_smb_read_andx_response_record<SmbResponseReadAndXRecord>,
do_parse!(
- wtc: le_u8
+ wct: le_u8
>> andx_command: le_u8
>> take!(1) // reserved
>> andx_offset: le_u16
#[derive(Debug,PartialEq)]
pub struct SmbRecord<'a> {
- //pub nbss_hdr: NbssRecord<'a>,
- pub greeter: &'a[u8],
-
pub command: u8,
pub is_dos_error: bool,
pub nt_status: u32,
named!(pub parse_smb_record<SmbRecord>,
do_parse!(
- server_component: tag!(b"\xffSMB")
+ tag!(b"\xffSMB")
>> command:le_u8
>> nt_status:le_u32
>> flags:le_u8
>> data: rest
>> (SmbRecord {
- greeter:server_component,
command:command,
nt_status:nt_status,
flags:flags,
named!(pub parse_smb2_response_record<Smb2Record>,
do_parse!(
- server_component: tag!(b"\xfeSMB")
+ tag!(b"\xfeSMB")
>> hlen: le_u16
>> credit_charge: le_u16
>> nt_status: le_u32
tree_id: tree_id,
session_id: session_id,
command:command,
- data: if data_c != None { data_c.unwrap() } else { data_r.unwrap() }
+ data: data_c.or(data_r).unwrap()
})
));
projects / thirdparty / suricata.git / commitdiff
