DuplicateNegotiate = 5,
NegotiateMalformedDialects = 6,
FileOverlap = 7,
+ RequestToClient = 8,
+ ResponseToServer = 9,
}
impl SMBEvent {
5 => Some(SMBEvent::DuplicateNegotiate),
6 => Some(SMBEvent::NegotiateMalformedDialects),
7 => Some(SMBEvent::FileOverlap),
+ 8 => Some(SMBEvent::RequestToClient),
+ 9 => Some(SMBEvent::ResponseToServer),
_ => None,
}
}
"duplicate_negotiate" => SMBEvent::DuplicateNegotiate as i32,
"negotiate_malformed_dialects" => SMBEvent::NegotiateMalformedDialects as i32,
"file_overlap" => SMBEvent::FileOverlap as i32,
+ "request_to_client" => SMBEvent::RequestToClient as i32,
+ "response_to_server" => SMBEvent::ResponseToServer as i32,
_ => -1,
}
}
SCLogDebug!("SMBv1 record");
match parse_smb_record(&nbss_hdr.data) {
Ok((_, ref smb_record)) => {
- smb1_request_record(self, smb_record);
+ if smb_record.is_request() {
+ smb1_request_record(self, smb_record);
+ } else {
+ // If we recevied a response when expecting a request, set an event.
+ SCLogDebug!("SMB1 reply seen from client to server");
+ self.set_event(SMBEvent::ResponseToServer);
+ }
},
_ => {
self.set_event(SMBEvent::MalformedData);
match parse_smb2_request_record(&nbss_data) {
Ok((nbss_data_rem, ref smb_record)) => {
SCLogDebug!("nbss_data_rem {}", nbss_data_rem.len());
-
- smb2_request_record(self, smb_record);
+ if smb_record.is_request() {
+ smb2_request_record(self, smb_record);
+ } else {
+ // If we recevied a response when expecting a request, set an event.
+ SCLogDebug!("SMB2 reply seen from client to server");
+ self.set_event(SMBEvent::ResponseToServer);
+ }
nbss_data = nbss_data_rem;
},
_ => {
SCLogDebug!("SMBv1 record");
match parse_smb_record(&nbss_hdr.data) {
Ok((_, ref smb_record)) => {
- smb1_response_record(self, smb_record);
+ if smb_record.is_response() {
+ smb1_response_record(self, smb_record);
+ } else {
+ SCLogDebug!("SMB1 request seen from server to client");
+ self.set_event(SMBEvent::RequestToClient);
+ }
},
_ => {
self.set_event(SMBEvent::MalformedData);
SCLogDebug!("SMBv2 record");
match parse_smb2_response_record(&nbss_data) {
Ok((nbss_data_rem, ref smb_record)) => {
- smb2_response_record(self, smb_record);
+ if smb_record.is_response() {
+ smb2_response_record(self, smb_record);
+ } else {
+ SCLogDebug!("SMB2 request seen from server to client");
+ self.set_event(SMBEvent::RequestToClient);
+ }
nbss_data = nbss_data_rem;
},
_ => {
SMBEvent::DuplicateNegotiate => { "duplicate_negotiate\0" },
SMBEvent::NegotiateMalformedDialects => { "netogiate_malformed_dialects\0" },
SMBEvent::FileOverlap => { "file_overlap\0" },
+ SMBEvent::RequestToClient => { "request_to_client\0" },
+ SMBEvent::ResponseToServer => { "response_to_server\0" },
};
unsafe{
*event_name = estr.as_ptr() as *const std::os::raw::c_char;
projects / thirdparty / suricata.git / commitdiff
