msg_id : msg_id,
}
}
+
+ // don't include tree id
+ pub fn compare(&self, hdr: &SMBCommonHdr) -> bool {
+ (self.rec_type == hdr.rec_type && self.ssn_id == hdr.ssn_id &&
+ self.msg_id == hdr.msg_id)
+ }
}
#[derive(Hash, Eq, PartialEq, Debug)]
let found = if tx.vercmd.get_version() == smb_ver {
if smb_ver == 1 {
let (_, cmd) = tx.vercmd.get_smb1_cmd();
- cmd as u16 == smb_cmd && tx.hdr == *key
+ cmd as u16 == smb_cmd && tx.hdr.compare(key)
} else if smb_ver == 2 {
let (_, cmd) = tx.vercmd.get_smb2_cmd();
- cmd == smb_cmd && tx.hdr == *key
+ cmd == smb_cmd && tx.hdr.compare(key)
} else {
false
}
-> Option<&mut SMBTransaction>
{
for tx in &mut self.transactions {
- let hit = tx.hdr == hdr && match tx.type_data {
+ let hit = tx.hdr.compare(&hdr) && match tx.type_data {
Some(SMBTransactionTypeData::TREECONNECT(_)) => { true },
_ => { false },
};
for tx in &mut self.transactions {
let found = match tx.type_data {
Some(SMBTransactionTypeData::CREATE(ref _d)) => {
- *hdr == tx.hdr
+ tx.hdr.compare(&hdr)
},
_ => { false },
};
// IOCTL responses ASYNC don't set the tree id
pub fn smb2_ioctl_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
{
+ let hdr = SMBCommonHdr::from2(r, SMBHDR_TYPE_HEADER);
match parse_smb2_request_ioctl(r.data) {
IResult::Done(_, rd) => {
SCLogDebug!("IOCTL request data: {:?}", rd);
let is_dcerpc = rd.is_pipe && match state.get_service_for_guid(&rd.guid) {
(_, x) => x,
};
- let hdr = SMBCommonHdr::new(SMBHDR_TYPE_HEADER,
- r.session_id, 0, r.message_id);
if is_dcerpc {
SCLogDebug!("IOCTL request data is_pipe. Calling smb_write_dcerpc_record");
let vercmd = SMBVerCmdStat::new2(SMB2_COMMAND_IOCTL);
}
},
_ => {
- let hdr = SMBCommonHdr::new(SMBHDR_TYPE_HEADER,
- r.session_id, 0, r.message_id);
let tx = state.new_generic_tx(2, r.command, hdr);
tx.set_event(SMBEvent::MalformedData);
},
// IOCTL responses ASYNC don't set the tree id
pub fn smb2_ioctl_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>)
{
+ let hdr = SMBCommonHdr::from2(r, SMBHDR_TYPE_HEADER);
match parse_smb2_response_ioctl(r.data) {
IResult::Done(_, rd) => {
SCLogDebug!("IOCTL response data: {:?}", rd);
};
if is_dcerpc {
SCLogDebug!("IOCTL response data is_pipe. Calling smb_read_dcerpc_record");
- let hdr = SMBCommonHdr::new(SMBHDR_TYPE_HEADER,
- r.session_id, 0, r.message_id);
let vercmd = SMBVerCmdStat::new2_with_ntstatus(SMB2_COMMAND_IOCTL, r.nt_status);
SCLogDebug!("TODO passing empty GUID");
smb_read_dcerpc_record(state, vercmd, hdr, &[],rd.data);
} else {
- let tx_key = SMBCommonHdr::new(SMBHDR_TYPE_HEADER,
- r.session_id, 0, r.message_id);
- SCLogDebug!("SMB2_COMMAND_IOCTL/SMB_NTSTATUS_PENDING looking for {:?}", tx_key);
- match state.get_generic_tx(2, SMB2_COMMAND_IOCTL, &tx_key) {
+ SCLogDebug!("SMB2_COMMAND_IOCTL/SMB_NTSTATUS_PENDING looking for {:?}", hdr);
+ match state.get_generic_tx(2, SMB2_COMMAND_IOCTL, &hdr) {
Some(tx) => {
tx.set_status(r.nt_status, false);
if r.nt_status != SMB_NTSTATUS_PENDING {
}
},
_ => {
- let tx_key = SMBCommonHdr::new(SMBHDR_TYPE_HEADER,
- r.session_id, 0, r.message_id);
- SCLogDebug!("SMB2_COMMAND_IOCTL/SMB_NTSTATUS_PENDING looking for {:?}", tx_key);
- match state.get_generic_tx(2, SMB2_COMMAND_IOCTL, &tx_key) {
+ SCLogDebug!("SMB2_COMMAND_IOCTL/SMB_NTSTATUS_PENDING looking for {:?}", hdr);
+ match state.get_generic_tx(2, SMB2_COMMAND_IOCTL, &hdr) {
Some(tx) => {
SCLogDebug!("updated status of tx {}", tx.id);
tx.set_status(r.nt_status, false);
projects / thirdparty / suricata.git / commitdiff
