From: Victor Julien <victor@inliniac.net>
Date: Mon, 10 Jul 2017 09:51:43 +0000 (+0200)
Subject: rust/nfs: improve proto detect
X-Git-Tag: suricata-4.0.0-rc2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82bd732f4e7f553f07061dbcc49bb549cad58431;p=thirdparty%2Fsuricata.git

rust/nfs: improve proto detect
---

diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs
index 7e4197ee12..2489ce8cd5 100644
--- a/rust/src/nfs/nfs.rs
+++ b/rust/src/nfs/nfs.rs
@@ -1930,7 +1930,10 @@ pub fn nfs3_probe(i: &[u8], direction: u8) -> i8 {
     } else {
         match parse_rpc(i) {
             IResult::Done(_, ref rpc) => {
-                if rpc.hdr.frag_len >= 40 && rpc.hdr.frag_len <= 35000 && rpc.hdr.msgtype == 0 && rpc.progver == 3 && rpc.program == 100003 {
+                if rpc.hdr.frag_len >= 40 && rpc.hdr.msgtype == 0 &&
+                   rpc.rpcver == 2 && rpc.progver == 3 && rpc.program == 100003 &&
+                   rpc.procedure <= NFSPROC3_COMMIT
+                {
                     return 1;
                 } else {
                     return -1;