From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 18 Feb 2022 17:43:17 +0000 (-0600)
Subject: smb: expose smb1 request/reply flags with a method
X-Git-Tag: suricata-5.0.9~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d8dcc02f9086bb5b0786ab66d417891230c66e9;p=thirdparty%2Fsuricata.git

smb: expose smb1 request/reply flags with a method

Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.

(cherry picked from commit 09e2d3b216218eaed471b3ddb496873223744cf8)
---

diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs
index e7367e6443..24d48a9485 100644
--- a/rust/src/smb/smb1_records.rs
+++ b/rust/src/smb/smb1_records.rs
@@ -19,6 +19,9 @@ use nom::{rest, le_u8, le_u16, le_u32, le_u64, IResult};
 use crate::smb::smb::*;
 use crate::smb::smb_records::*;
 
+// SMB_FLAGS_REPLY in Microsoft docs.
+const SMB1_FLAGS_RESPONSE: u8 = 0x80;
+
 fn smb_get_unicode_string_with_offset(i: &[u8], offset: usize) -> IResult<&[u8], Vec<u8>>
 {
     do_parse!(i,
@@ -776,6 +779,16 @@ impl<'a> SmbRecord<'a> {
     pub fn is_dos_error(&self) -> bool {
         self.flags2 & 0x4000_u16 != 0
     }
+
+    /// Return true if record is a request.
+    pub fn is_request(&self) -> bool {
+        self.flags & SMB1_FLAGS_RESPONSE == 0
+    }
+
+    /// Return true if record is a reply.
+    pub fn is_response(&self) -> bool {
+        self.flags & SMB1_FLAGS_RESPONSE != 0
+    }
 }
 
 named!(pub parse_smb_record<SmbRecord>,