From: Unnikrishnan M (umunnikr) Date: Fri, 21 Jun 2024 06:07:29 +0000 (+0000) Subject: Pull request #4320: dce_rpc: correct the session counters post the upgrade to smb... X-Git-Tag: 3.3.1.0~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2446b1e89262eac2d54df95d195291dd12977e86;p=thirdparty%2Fsnort3.git Pull request #4320: dce_rpc: correct the session counters post the upgrade to smb v2 from v1 Merge in SNORT/snort3 from ~UMUNNIKR/snort3:smb_session_cnt_fix to master Squashed commit of the following: commit c60b9aa485041567f3094223c9e21c1bdbd10068 Author: Unnikrishnan M Date: Fri May 10 12:20:38 2024 +0530 dce_rpc: correct the session counters post the upgrade to smb v2 from v1 --- diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index 963de3ba9..7ad61611a 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -1627,7 +1627,7 @@ void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) Dce2SmbFlowData* fd = (Dce2SmbFlowData*)p->flow->get_flow_data( Dce2SmbFlowData::inspector_id); p->flow->free_flow_data(fd); - DCE2_Smb2SsnData* dce2_smb2_sess = dce2_create_new_smb2_session(p, config); + DCE2_Smb2SsnData* dce2_smb2_sess = dce2_create_new_smb2_session(p, config, true); DCE2_Smb2Process(dce2_smb2_sess); if (!dce2_detected) DCE2_Detect(&dce2_smb2_sess->sd); @@ -2568,7 +2568,7 @@ static inline DCE2_Smb2SsnData* set_new_dce2_smb2_session(Packet* p) return((DCE2_Smb2SsnData*)fd->dce2_smb_session_data); } -DCE2_Smb2SsnData* dce2_create_new_smb2_session(Packet* p, dce2SmbProtoConf* config) +DCE2_Smb2SsnData* dce2_create_new_smb2_session(Packet* p, dce2SmbProtoConf* config, bool upgrade) { DCE2_Smb2SsnData* dce2_smb2_sess = set_new_dce2_smb2_session(p); if ( dce2_smb2_sess ) @@ -2578,7 +2578,10 @@ DCE2_Smb2SsnData* dce2_create_new_smb2_session(Packet* p, dce2SmbProtoConf* conf DCE2_ResetRopts(&dce2_smb2_sess->sd, p); - dce2_smb_stats.smb_sessions++; + if (upgrade) + dce2_smb_stats.total_smb1_sessions--; + else + dce2_smb_stats.smb_sessions++; dce2_smb_stats.total_smb2_sessions++; dce2_smb2_sess->sd.trans = DCE2_TRANS_TYPE__SMB; diff --git a/src/service_inspectors/dce_rpc/smb_message.h b/src/service_inspectors/dce_rpc/smb_message.h index 58e7f18b1..1058dfa1f 100644 --- a/src/service_inspectors/dce_rpc/smb_message.h +++ b/src/service_inspectors/dce_rpc/smb_message.h @@ -2193,7 +2193,7 @@ inline uint16_t SmbWriteAndCloseRespCount(const SmbWriteAndCloseResp* resp) void DCE2_SmbInitGlobals(); void DCE2_Smb1Process(struct DCE2_SmbSsnData*); struct DCE2_SmbSsnData* dce2_create_new_smb_session(snort::Packet*, struct dce2SmbProtoConf*); -struct DCE2_Smb2SsnData* dce2_create_new_smb2_session(snort::Packet*, struct dce2SmbProtoConf*); +struct DCE2_Smb2SsnData* dce2_create_new_smb2_session(snort::Packet*, struct dce2SmbProtoConf*, bool upgrade = false); void DCE2_SmbDataFree(DCE2_SmbSsnData*); void set_smb_reassembled_data(uint8_t* nb_ptr, uint16_t co_len);