From: Victor Julien <victor@inliniac.net>
Date: Tue, 7 Aug 2018 08:57:49 +0000 (+0200)
Subject: rust/smb: implement stream-depth, unlimited by default
X-Git-Tag: suricata-4.1.0-rc2~153
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b46d027d08335d30f051879fe739756dc8bf489;p=thirdparty%2Fsuricata.git

rust/smb: implement stream-depth, unlimited by default
---

diff --git a/src/app-layer-smb-tcp-rust.c b/src/app-layer-smb-tcp-rust.c
index 8ec3fa279d..bd3b5e12c7 100644
--- a/src/app-layer-smb-tcp-rust.c
+++ b/src/app-layer-smb-tcp-rust.c
@@ -29,6 +29,7 @@
 #include "app-layer-smb-tcp-rust.h"
 #include "rust-smb-smb-gen.h"
 #include "rust-smb-files-gen.h"
+#include "util-misc.h"
 
 #define MIN_REC_SIZE 32+4 // SMB hdr + nbss hdr
 
@@ -205,6 +206,10 @@ static int RustSMBRegisterPatternsForProtocolDetection(void)
 static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER;
 static SuricataFileContext sfc = { &sbcfg };
 
+#define SMB_CONFIG_DEFAULT_STREAM_DEPTH 0
+
+static uint32_t stream_depth = SMB_CONFIG_DEFAULT_STREAM_DEPTH;
+
 void RegisterRustSMBTCPParsers(void)
 {
     const char *proto_name = "smb";
@@ -278,6 +283,18 @@ void RegisterRustSMBTCPParsers(void)
         AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_SMB,
                 APP_LAYER_PARSER_OPT_ACCEPT_GAPS);
 
+        ConfNode *p = ConfGetNode("app-layer.protocols.smb.stream-depth");
+        if (p != NULL) {
+            uint32_t value;
+            if (ParseSizeStringU32(p->val, &value) < 0) {
+                SCLogError(SC_ERR_SMB_CONFIG, "invalid value for stream-depth %s", p->val);
+            } else {
+                stream_depth = value;
+            }
+        }
+        SCLogConfig("SMB stream depth: %u", stream_depth);
+
+        AppLayerParserSetStreamDepth(IPPROTO_TCP, ALPROTO_SMB, stream_depth);
     } else {
         SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
                   "still on.", proto_name);
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 6a8b6ca250..757e4169d6 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -817,6 +817,10 @@ app-layer:
       enabled: yes
       detection-ports:
         dp: 139, 445
+
+      # Stream reassembly size for SMB streams. By default track it completely.
+      #stream-depth: 0
+
     # Note: NFS parser depends on Rust support: pass --enable-rust
     # to configure.
     nfs: