From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 18 Feb 2022 17:43:17 +0000 (-0600)
Subject: smb: expose smb1 request/reply flags with a method
X-Git-Tag: suricata-7.0.0-beta1~829
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09e2d3b216218eaed471b3ddb496873223744cf8;p=thirdparty%2Fsuricata.git

smb: expose smb1 request/reply flags with a method

Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.
---

diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs
index 97e26337c2..1d3b175b28 100644
--- a/rust/src/smb/smb1_records.rs
+++ b/rust/src/smb/smb1_records.rs
@@ -27,6 +27,9 @@ use nom7::IResult;
 
 pub const SMB1_HEADER_SIZE: usize = 32;
 
+// SMB_FLAGS_REPLY in Microsoft docs.
+const SMB1_FLAGS_RESPONSE: u8 = 0x80;
+
 fn smb_get_unicode_string_with_offset(i: &[u8], offset: usize) -> IResult<&[u8], Vec<u8>, SmbError>
 {
     let (i, _) = cond(offset % 2 == 1, take(1_usize))(i)?;
@@ -815,6 +818,16 @@ impl<'a> SmbRecord<'a> {
     pub fn is_dos_error(&self) -> bool {
         self.flags2 & 0x4000_u16 != 0
     }
+
+    /// Return true if record is a request.
+    pub fn is_request(&self) -> bool {
+        self.flags & SMB1_FLAGS_RESPONSE == 0
+    }
+
+    /// Return true if record is a reply.
+    pub fn is_response(&self) -> bool {
+        self.flags & SMB1_FLAGS_RESPONSE != 0
+    }
 }
 
 pub fn parse_smb_record(i: &[u8]) -> IResult<&[u8], SmbRecord> {