SCLogDebug!("SMBv1 response: GUID NOT FOUND");
},
}
+
+ let tx_hdr = SMBCommonHdr::from1(r, SMBHDR_TYPE_GENERICTX);
+ if let Some(tx) = state.get_generic_tx(1, r.command as u16, &tx_hdr) {
+ SCLogDebug!("tx {} with {}/{} marked as done",
+ tx.id, r.command, &smb1_command_string(r.command));
+ tx.set_status(r.nt_status, false);
+ tx.response_done = true;
+
+ if let Some(SMBTransactionTypeData::CREATE(ref mut tdn)) = tx.type_data {
+ tdn.create_ts = cr.create_ts.as_unix();
+ tdn.last_access_ts = cr.last_access_ts.as_unix();
+ tdn.last_write_ts = cr.last_write_ts.as_unix();
+ tdn.last_change_ts = cr.last_change_ts.as_unix();
+ tdn.size = cr.file_size;
+ }
+ }
+ true
+ },
+ _ => {
+ events.push(SMBEvent::MalformedData);
+ false
},
- _ => { events.push(SMBEvent::MalformedData); },
}
+ } else {
+ false
}
- false
},
SMB1_COMMAND_TRANS => {
smb1_trans_response_record(state, r);
use log::*;
use nom::{rest, le_u8, le_u16, le_u32, le_u64, IResult};
+use smb::smb::*;
#[derive(Debug,PartialEq)]
pub struct Smb1WriteRequestRecord<'a> {
#[derive(Debug,PartialEq)]
pub struct SmbResponseCreateAndXRecord<'a> {
pub fid: &'a[u8],
+ pub create_ts: SMBFiletime,
+ pub last_access_ts: SMBFiletime,
+ pub last_write_ts: SMBFiletime,
+ pub last_change_ts: SMBFiletime,
pub file_size: u64,
}
>> oplock_level: le_u8
>> fid: take!(2)
>> create_action: le_u32
- >> take!(36)
+ >> create_ts: le_u64
+ >> last_access_ts: le_u64
+ >> last_write_ts: le_u64
+ >> last_change_ts: le_u64
+ >> take!(8)
>> file_size: le_u64
>> take!(8)
>> file_type: le_u16
>> is_dir: le_u8
>> (SmbResponseCreateAndXRecord {
fid:fid,
+ create_ts: SMBFiletime::new(create_ts),
+ last_access_ts: SMBFiletime::new(last_access_ts),
+ last_write_ts: SMBFiletime::new(last_write_ts),
+ last_change_ts: SMBFiletime::new(last_change_ts),
file_size:file_size,
}))
);
projects / thirdparty / suricata.git / commitdiff
