smb2: parse async records

author Victor Julien <victor@inliniac.net>

Mon, 12 Mar 2018 20:05:07 +0000 (21:05 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 13 Mar 2018 12:02:03 +0000 (13:02 +0100)
author Victor Julien <victor@inliniac.net>
Mon, 12 Mar 2018 20:05:07 +0000 (21:05 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 13 Mar 2018 12:02:03 +0000 (13:02 +0100)
diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs

index 951ff722bc67e6c2757c5009bd7427827ce9a76b..858278aa6b937d53ccb140b07edd4a8f81119103 100644 (file)
--- a/rust/src/smb/smb2.rs
+++ b/rust/src/smb/smb2.rs
@@ -794,3 +794,4 @@ impl SMBState {
          return tx_ref.unwrap();
      }
  }
+
diff --git a/rust/src/smb/smb2_records.rs b/rust/src/smb/smb2_records.rs

index 05cb5fcac15845dec9075c426baac2e938de1739..3b299e4901352da6d5456c3397e5c6fbbc2b955c 100644 (file)
--- a/rust/src/smb/smb2_records.rs
+++ b/rust/src/smb/smb2_records.rs
@@ -38,10 +38,17 @@ pub struct Smb2Record<'a> {
      pub command: u16,
      pub message_id: u64,
      pub tree_id: u32,
+    pub async_id: u64,
      pub session_id: u64,
      pub data: &'a[u8],
  }
  
+impl<'a> Smb2Record<'a> {
+    pub fn is_async(&self) -> bool {
+        self.async_id != 0
+    }
+}
+
  named!(pub parse_smb2_request_record<Smb2Record>,
      do_parse!(
              server_component: tag!(b"\xfeSMB")
@@ -76,6 +83,7 @@ named!(pub parse_smb2_request_record<Smb2Record>,
                  command:command,
                  message_id: message_id,
                  tree_id: tree_id,
+                async_id: 0,
                  session_id: session_id,
                  data: if data_c != None { data_c.unwrap() } else { data_r.unwrap() }
             })
@@ -432,8 +440,9 @@ named!(pub parse_smb2_response_record<Smb2Record>,
              ))
          >> chain_offset: le_u32
          >> message_id: le_u64
-        >> process_id: le_u32
-        >> tree_id: le_u32
+        >> process_id: cond!(flags.6==0, le_u32)
+        >> tree_id: cond!(flags.6==0, le_u32)
+        >> async_id: cond!(flags.6==1, le_u64)
          >> session_id: le_u64
          >> signature: take!(16)
          // there is probably a cleaner way to do this
@@ -443,7 +452,8 @@ named!(pub parse_smb2_response_record<Smb2Record>,
                  direction: flags.7,
                  nt_status: nt_status,
                  message_id: message_id,
-                tree_id: tree_id,
+                tree_id: tree_id.unwrap_or(0),
+                async_id: async_id.unwrap_or(0),
                  session_id: session_id,
                  command:command,
                  data: data_c.or(data_r).unwrap()
author	Victor Julien <victor@inliniac.net>
	Mon, 12 Mar 2018 20:05:07 +0000 (21:05 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 13 Mar 2018 12:02:03 +0000 (13:02 +0100)
rust/src/smb/smb2.rs		patch \| blob \| blame \| history
rust/src/smb/smb2_records.rs		patch \| blob \| blame \| history