From: Shivani Bhardwaj Date: Thu, 12 Aug 2021 16:29:53 +0000 (+0530) Subject: smb: use Direction enum X-Git-Tag: suricata-7.0.0-beta1~1217 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89cb337930ceea9cb61ac2f4d64f68b2e2817509;p=thirdparty%2Fsuricata.git smb: use Direction enum --- diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs index cd6e160129..b76a1bc361 100644 --- a/rust/src/smb/detect.rs +++ b/rust/src/smb/detect.rs @@ -77,7 +77,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_stub_data(tx: &mut SMBTransaction, { match tx.type_data { Some(SMBTransactionTypeData::DCERPC(ref x)) => { - let vref = if direction == STREAM_TOSERVER { + let vref = if direction == Direction::ToServer as u8 { &x.stub_data_ts } else { &x.stub_data_tc diff --git a/rust/src/smb/files.rs b/rust/src/smb/files.rs index 97f302179c..7372641fd7 100644 --- a/rust/src/smb/files.rs +++ b/rust/src/smb/files.rs @@ -25,7 +25,7 @@ use crate::smb::smb::*; /// File tracking transaction. Single direction only. #[derive(Default, Debug)] pub struct SMBTransactionFile { - pub direction: u8, + pub direction: Direction, pub fuid: Vec, pub file_name: Vec, pub share_name: Vec, @@ -58,7 +58,7 @@ pub fn filetracker_newchunk(ft: &mut FileTransferTracker, files: &mut FileContai } impl SMBState { - pub fn new_file_tx(&mut self, fuid: &Vec, file_name: &Vec, direction: u8) + pub fn new_file_tx(&mut self, fuid: &Vec, file_name: &Vec, direction: Direction) -> (&mut SMBTransaction, &mut FileContainer, u16) { let mut tx = self.new_tx(); @@ -77,11 +77,11 @@ impl SMBState { tx.id, String::from_utf8_lossy(file_name)); self.transactions.push(tx); let tx_ref = self.transactions.last_mut(); - let (files, flags) = self.files.get(direction.into()); + let (files, flags) = self.files.get(direction); return (tx_ref.unwrap(), files, flags) } - pub fn get_file_tx_by_fuid(&mut self, fuid: &Vec, direction: u8) + pub fn get_file_tx_by_fuid(&mut self, fuid: &Vec, direction: Direction) -> Option<(&mut SMBTransaction, &mut FileContainer, u16)> { let f = fuid.to_vec(); @@ -95,7 +95,7 @@ impl SMBState { if found { SCLogDebug!("SMB: Found SMB file TX with ID {}", tx.id); - let (files, flags) = self.files.get(direction.into()); + let (files, flags) = self.files.get(direction); return Some((tx, files, flags)); } } @@ -103,17 +103,17 @@ impl SMBState { return None; } - fn getfiles(&mut self, direction: u8) -> * mut FileContainer { - //SCLogDebug!("direction: {}", direction); - if direction == STREAM_TOCLIENT { + fn getfiles(&mut self, direction: Direction) -> * mut FileContainer { + //SCLogDebug!("direction: {:?}", direction); + if direction == Direction::ToClient { &mut self.files.files_tc as *mut FileContainer } else { &mut self.files.files_ts as *mut FileContainer } } - fn setfileflags(&mut self, direction: u8, flags: u16) { - SCLogDebug!("direction: {}, flags: {}", direction, flags); - if direction == STREAM_TOCLIENT { + fn setfileflags(&mut self, direction: Direction, flags: u16) { + SCLogDebug!("direction: {:?}, flags: {}", direction, flags); + if direction == Direction::ToClient { self.files.flags_tc = flags; } else { self.files.flags_ts = flags; @@ -122,8 +122,8 @@ impl SMBState { // update in progress chunks for file transfers // return how much data we consumed - pub fn filetracker_update(&mut self, direction: u8, data: &[u8], gap_size: u32) -> u32 { - let mut chunk_left = if direction == STREAM_TOSERVER { + pub fn filetracker_update(&mut self, direction: Direction, data: &[u8], gap_size: u32) -> u32 { + let mut chunk_left = if direction == Direction::ToServer { self.file_ts_left } else { self.file_tc_left @@ -132,7 +132,7 @@ impl SMBState { return 0 } SCLogDebug!("chunk_left {} data {}", chunk_left, data.len()); - let file_handle = if direction == STREAM_TOSERVER { + let file_handle = if direction == Direction::ToServer { self.file_ts_guid.to_vec() } else { self.file_tc_guid.to_vec() @@ -150,7 +150,7 @@ impl SMBState { chunk_left -= data.len() as u32; } - if direction == STREAM_TOSERVER { + if direction == Direction::ToServer { self.file_ts_left = chunk_left; } else { self.file_tc_left = chunk_left; @@ -194,7 +194,7 @@ impl SMBState { pub unsafe extern "C" fn rs_smb_getfiles(ptr: *mut std::ffi::c_void, direction: u8) -> * mut FileContainer { if ptr.is_null() { panic!("NULL ptr"); }; let parser = cast_pointer!(ptr, SMBState); - parser.getfiles(direction) + parser.getfiles(direction.into()) } #[no_mangle] @@ -202,5 +202,5 @@ pub unsafe extern "C" fn rs_smb_setfileflags(direction: u8, ptr: *mut SMBState, if ptr.is_null() { panic!("NULL ptr"); }; let parser = &mut *ptr; SCLogDebug!("direction {} flags {}", direction, flags); - parser.setfileflags(direction, flags) + parser.setfileflags(direction.into(), flags) } diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 34f4e379df..616c99322b 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -1131,7 +1131,7 @@ impl SMBState { if self.ts > f.post_gap_ts { tx.request_done = true; tx.response_done = true; - let (files, flags) = self.files.get(f.direction.into()); + let (files, flags) = self.files.get(f.direction); f.file_tracker.trunc(files, flags); } else { post_gap_txs = true; @@ -1147,9 +1147,9 @@ impl SMBState { * can handle gaps. For the file transactions we set the current * (flow) time and prune them in 60 seconds if no update for them * was received. */ - fn post_gap_housekeeping(&mut self, dir: u8) + fn post_gap_housekeeping(&mut self, dir: Direction) { - if self.ts_ssn_gap && dir == STREAM_TOSERVER { + if self.ts_ssn_gap && dir == Direction::ToServer { for tx in &mut self.transactions { if tx.id >= self.tx_id { SCLogDebug!("post_gap_housekeeping: done"); @@ -1167,7 +1167,7 @@ impl SMBState { tx.request_done = true; } } - } else if self.tc_ssn_gap && dir == STREAM_TOCLIENT { + } else if self.tc_ssn_gap && dir == Direction::ToClient { for tx in &mut self.transactions { if tx.id >= self.tx_id { SCLogDebug!("post_gap_housekeeping: done"); @@ -1190,10 +1190,10 @@ impl SMBState { } } - pub fn set_file_left(&mut self, direction: u8, rec_size: u32, data_size: u32, fuid: Vec) + pub fn set_file_left(&mut self, direction: Direction, rec_size: u32, data_size: u32, fuid: Vec) { let left = rec_size.saturating_sub(data_size); - if direction == STREAM_TOSERVER { + if direction == Direction::ToServer { self.file_ts_left = left; self.file_ts_guid = fuid; } else { @@ -1202,10 +1202,10 @@ impl SMBState { } } - pub fn set_skip(&mut self, direction: u8, rec_size: u32, data_size: u32) + pub fn set_skip(&mut self, direction: Direction, rec_size: u32, data_size: u32) { let skip = rec_size.saturating_sub(data_size); - if direction == STREAM_TOSERVER { + if direction == Direction::ToServer { self.skip_ts = skip; } else { self.skip_tc = skip; @@ -1213,8 +1213,8 @@ impl SMBState { } // return how much data we consumed - fn handle_skip(&mut self, direction: u8, input_size: u32) -> u32 { - let mut skip_left = if direction == STREAM_TOSERVER { + fn handle_skip(&mut self, direction: Direction, input_size: u32) -> u32 { + let mut skip_left = if direction == Direction::ToServer { self.skip_ts } else { self.skip_tc @@ -1236,7 +1236,7 @@ impl SMBState { skip_left -= input_size; } - if direction == STREAM_TOSERVER { + if direction == Direction::ToServer { self.skip_ts = skip_left; } else { self.skip_tc = skip_left; @@ -1331,7 +1331,7 @@ impl SMBState { pub fn parse_tcp_data_ts<'b>(&mut self, i: &'b[u8]) -> AppLayerResult { let mut cur_i = i; - let consumed = self.handle_skip(STREAM_TOSERVER, cur_i.len() as u32); + let consumed = self.handle_skip(Direction::ToServer, cur_i.len() as u32); if consumed > 0 { if consumed > cur_i.len() as u32 { self.set_event(SMBEvent::InternalError); @@ -1341,7 +1341,7 @@ impl SMBState { } // take care of in progress file chunk transfers // and skip buffer beyond it - let consumed = self.filetracker_update(STREAM_TOSERVER, cur_i, 0); + let consumed = self.filetracker_update(Direction::ToServer, cur_i, 0); if consumed > 0 { if consumed > cur_i.len() as u32 { self.set_event(SMBEvent::InternalError); @@ -1478,7 +1478,7 @@ impl SMBState { } }; - self.post_gap_housekeeping(STREAM_TOSERVER); + self.post_gap_housekeeping(Direction::ToServer); if self.check_post_gap_file_txs && !self.post_gap_files_checked { self.post_gap_housekeeping_for_files(); self.post_gap_files_checked = true; @@ -1570,7 +1570,7 @@ impl SMBState { pub fn parse_tcp_data_tc<'b>(&mut self, i: &'b[u8]) -> AppLayerResult { let mut cur_i = i; - let consumed = self.handle_skip(STREAM_TOCLIENT, cur_i.len() as u32); + let consumed = self.handle_skip(Direction::ToClient, cur_i.len() as u32); if consumed > 0 { if consumed > cur_i.len() as u32 { self.set_event(SMBEvent::InternalError); @@ -1580,7 +1580,7 @@ impl SMBState { } // take care of in progress file chunk transfers // and skip buffer beyond it - let consumed = self.filetracker_update(STREAM_TOCLIENT, cur_i, 0); + let consumed = self.filetracker_update(Direction::ToClient, cur_i, 0); if consumed > 0 { if consumed > cur_i.len() as u32 { self.set_event(SMBEvent::InternalError); @@ -1719,7 +1719,7 @@ impl SMBState { }, } }; - self.post_gap_housekeeping(STREAM_TOCLIENT); + self.post_gap_housekeeping(Direction::ToClient); if self.check_post_gap_file_txs && !self.post_gap_files_checked { self.post_gap_housekeeping_for_files(); self.post_gap_files_checked = true; @@ -1731,12 +1731,12 @@ impl SMBState { /// handle a gap in the TOSERVER direction /// returns: 0 ok, 1 unrecoverable error pub fn parse_tcp_data_ts_gap(&mut self, gap_size: u32) -> AppLayerResult { - let consumed = self.handle_skip(STREAM_TOSERVER, gap_size); + let consumed = self.handle_skip(Direction::ToServer, gap_size); if consumed < gap_size { let new_gap_size = gap_size - consumed; let gap = vec![0; new_gap_size as usize]; - let consumed2 = self.filetracker_update(STREAM_TOSERVER, &gap, new_gap_size); + let consumed2 = self.filetracker_update(Direction::ToServer, &gap, new_gap_size); if consumed2 > new_gap_size { SCLogDebug!("consumed more than GAP size: {} > {}", consumed2, new_gap_size); self.set_event(SMBEvent::InternalError); @@ -1752,12 +1752,12 @@ impl SMBState { /// handle a gap in the TOCLIENT direction /// returns: 0 ok, 1 unrecoverable error pub fn parse_tcp_data_tc_gap(&mut self, gap_size: u32) -> AppLayerResult { - let consumed = self.handle_skip(STREAM_TOCLIENT, gap_size); + let consumed = self.handle_skip(Direction::ToClient, gap_size); if consumed < gap_size { let new_gap_size = gap_size - consumed; let gap = vec![0; new_gap_size as usize]; - let consumed2 = self.filetracker_update(STREAM_TOCLIENT, &gap, new_gap_size); + let consumed2 = self.filetracker_update(Direction::ToClient, &gap, new_gap_size); if consumed2 > new_gap_size { SCLogDebug!("consumed more than GAP size: {} > {}", consumed2, new_gap_size); self.set_event(SMBEvent::InternalError); @@ -1826,8 +1826,8 @@ pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow, let buf = std::slice::from_raw_parts(input, input_len as usize); let mut state = cast_pointer!(state, SMBState); let flow = cast_pointer!(flow, Flow); - let file_flags = FileFlowToFlags(flow, STREAM_TOSERVER); - rs_smb_setfileflags(STREAM_TOSERVER, state, file_flags|FILE_USE_DETECT); + let file_flags = FileFlowToFlags(flow, Direction::ToServer as u8); + rs_smb_setfileflags(Direction::ToServer as u8, state, file_flags|FILE_USE_DETECT); SCLogDebug!("parsing {} bytes of request data", input_len); if input.is_null() && input_len > 0 { @@ -1864,8 +1864,8 @@ pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow, { let mut state = cast_pointer!(state, SMBState); let flow = cast_pointer!(flow, Flow); - let file_flags = FileFlowToFlags(flow, STREAM_TOCLIENT); - rs_smb_setfileflags(STREAM_TOCLIENT, state, file_flags|FILE_USE_DETECT); + let file_flags = FileFlowToFlags(flow, Direction::ToClient as u8); + rs_smb_setfileflags(Direction::ToClient as u8, state, file_flags|FILE_USE_DETECT); if input.is_null() && input_len > 0 { return rs_smb_parse_response_tcp_gap(state, input_len); @@ -1891,7 +1891,7 @@ pub extern "C" fn rs_smb_parse_response_tcp_gap( state.parse_tcp_data_tc_gap(input_len as u32) } -fn smb_probe_tcp_midstream(direction: u8, slice: &[u8], rdir: *mut u8) -> i8 +fn smb_probe_tcp_midstream(direction: Direction, slice: &[u8], rdir: *mut u8) -> i8 { match search_smb_record(slice) { Ok((_, data)) => { @@ -1905,13 +1905,13 @@ fn smb_probe_tcp_midstream(direction: u8, slice: &[u8], rdir: *mut u8) -> i8 Ok((_, ref smb_record)) => { if smb_record.flags & 0x80 != 0 { SCLogDebug!("RESPONSE {:02x}", smb_record.flags); - if direction & STREAM_TOSERVER != 0 { - unsafe { *rdir = STREAM_TOCLIENT; } + if direction == Direction::ToServer { + unsafe { *rdir = Direction::ToClient as u8; } } } else { SCLogDebug!("REQUEST {:02x}", smb_record.flags); - if direction & STREAM_TOCLIENT != 0 { - unsafe { *rdir = STREAM_TOSERVER; } + if direction == Direction::ToClient { + unsafe { *rdir = Direction::ToServer as u8; } } } return 1; @@ -1922,15 +1922,15 @@ fn smb_probe_tcp_midstream(direction: u8, slice: &[u8], rdir: *mut u8) -> i8 SCLogDebug!("SMB2 record"); match parse_smb2_record_direction(data) { Ok((_, ref smb_record)) => { - if direction & STREAM_TOSERVER != 0 { - SCLogDebug!("direction STREAM_TOSERVER smb_record {:?}", smb_record); + if direction == Direction::ToServer { + SCLogDebug!("direction Direction::ToServer smb_record {:?}", smb_record); if !smb_record.request { - unsafe { *rdir = STREAM_TOCLIENT; } + unsafe { *rdir = Direction::ToClient as u8; } } } else { - SCLogDebug!("direction STREAM_TOCLIENT smb_record {:?}", smb_record); + SCLogDebug!("direction Direction::ToClient smb_record {:?}", smb_record); if smb_record.request { - unsafe { *rdir = STREAM_TOSERVER; } + unsafe { *rdir = Direction::ToServer as u8; } } } }, @@ -1966,7 +1966,7 @@ pub unsafe extern "C" fn rs_smb_probe_tcp(_f: *const Flow, } let slice = build_slice!(input, len as usize); if flags & STREAM_MIDSTREAM == STREAM_MIDSTREAM { - if smb_probe_tcp_midstream(flags, slice, rdir) == 1 { + if smb_probe_tcp_midstream(flags.into(), slice, rdir) == 1 { return ALPROTO_SMB; } } @@ -2070,14 +2070,14 @@ pub unsafe extern "C" fn rs_smb_tx_get_alstate_progress(tx: *mut ffi::c_void, { let tx = cast_pointer!(tx, SMBTransaction); - if direction == STREAM_TOSERVER && tx.request_done { + if direction == Direction::ToServer as u8 && tx.request_done { SCLogDebug!("tx {} TOSERVER progress 1 => {:?}", tx.id, tx); return 1; - } else if direction == STREAM_TOCLIENT && tx.response_done { + } else if direction == Direction::ToClient as u8 && tx.response_done { SCLogDebug!("tx {} TOCLIENT progress 1 => {:?}", tx.id, tx); return 1; } else { - SCLogDebug!("tx {} direction {} progress 0", tx.id, direction); + SCLogDebug!("tx {} direction {:?} progress 0", tx.id, direction); return 0; } } @@ -2124,10 +2124,13 @@ pub unsafe extern "C" fn rs_smb_state_truncate( direction: u8) { let state = cast_pointer!(state, SMBState); - if (direction & STREAM_TOSERVER) != 0 { - state.trunc_ts(); - } else { - state.trunc_tc(); + match direction.into() { + Direction::ToServer => { + state.trunc_ts(); + } + Direction::ToClient => { + state.trunc_tc(); + } } } @@ -2168,10 +2171,13 @@ pub unsafe extern "C" fn smb3_probe_tcp(f: *const Flow, dir: u8, input: *const u let fsp = if (flags & FLOW_DIR_REVERSED) != 0 { dp } else { sp }; let fdp = if (flags & FLOW_DIR_REVERSED) != 0 { sp } else { dp }; if fsp == 445 && fdp != 445 { - if dir & STREAM_TOSERVER != 0 { - *rdir = STREAM_TOCLIENT; - } else { - *rdir = STREAM_TOSERVER; + match dir.into() { + Direction::ToServer => { + *rdir = Direction::ToClient as u8; + } + Direction::ToClient => { + *rdir = Direction::ToServer as u8; + } } } return ALPROTO_SMB; @@ -2183,24 +2189,24 @@ fn register_pattern_probe() -> i8 { // SMB1 r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB, b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - STREAM_TOSERVER, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToServer as u8, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB, b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - STREAM_TOCLIENT, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToClient as u8, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); // SMB2/3 r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB, b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - STREAM_TOSERVER, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToServer as u8, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB, b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - STREAM_TOCLIENT, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToClient as u8, rs_smb_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); // SMB3 encrypted records r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB, b"|fd|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - STREAM_TOSERVER, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToServer as u8, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_SMB, b"|fd|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - STREAM_TOCLIENT, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToClient as u8, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE); } if r == 0 { @@ -2269,7 +2275,7 @@ pub unsafe extern "C" fn rs_smb_register_parser() { if have_cfg == 0 { AppLayerProtoDetectPPRegister(IPPROTO_TCP as u8, default_port.as_ptr(), ALPROTO_SMB, - 0, MIN_REC_SIZE, STREAM_TOSERVER, rs_smb_probe_tcp, rs_smb_probe_tcp); + 0, MIN_REC_SIZE, Direction::ToServer as u8, rs_smb_probe_tcp, rs_smb_probe_tcp); } if AppLayerParserConfParserEnabled( diff --git a/rust/src/smb/smb1.rs b/rust/src/smb/smb1.rs index 5d9de58f5e..b81ebee944 100644 --- a/rust/src/smb/smb1.rs +++ b/rust/src/smb/smb1.rs @@ -148,7 +148,7 @@ fn smb1_close_file(state: &mut SMBState, fid: &Vec) { // we can have created 2 txs for a FID: one for reads // and one for writes. So close both. - match state.get_file_tx_by_fuid(fid, STREAM_TOSERVER) { + match state.get_file_tx_by_fuid(fid, Direction::ToServer) { Some((tx, files, flags)) => { SCLogDebug!("found tx {}", tx.id); if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { @@ -163,7 +163,7 @@ fn smb1_close_file(state: &mut SMBState, fid: &Vec) }, None => { }, } - match state.get_file_tx_by_fuid(fid, STREAM_TOCLIENT) { + match state.get_file_tx_by_fuid(fid, Direction::ToClient) { Some((tx, files, flags)) => { SCLogDebug!("found tx {}", tx.id); if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { @@ -976,7 +976,7 @@ pub fn smb1_write_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an None => b"".to_vec(), }; let mut set_event_fileoverlap = false; - let found = match state.get_file_tx_by_fuid(&file_fid, STREAM_TOSERVER) { + let found = match state.get_file_tx_by_fuid(&file_fid, Direction::ToServer) { Some((tx, files, flags)) => { let file_id : u32 = tx.id as u32; if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { @@ -1004,7 +1004,7 @@ pub fn smb1_write_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an let vercmd = SMBVerCmdStat::new1_with_ntstatus(command, r.nt_status); smb_write_dcerpc_record(state, vercmd, hdr, rd.data); } else { - let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, STREAM_TOSERVER); + let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, Direction::ToServer); if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { let file_id : u32 = tx.id as u32; SCLogDebug!("FID {:?} found at tx {}", file_fid, tx.id); @@ -1023,7 +1023,7 @@ pub fn smb1_write_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an state.set_event(SMBEvent::FileOverlap); } - state.set_file_left(STREAM_TOSERVER, rd.len, rd.data.len() as u32, file_fid.to_vec()); + state.set_file_left(Direction::ToServer, rd.len, rd.data.len() as u32, file_fid.to_vec()); if command == SMB1_COMMAND_WRITE_AND_CLOSE { SCLogDebug!("closing FID {:?}", file_fid); @@ -1052,7 +1052,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an None => { SCLogDebug!("SMBv1 READ response: reply to unknown request: left {} {:?}", rd.len - rd.data.len() as u32, rd); - state.set_skip(STREAM_TOCLIENT, rd.len, rd.data.len() as u32); + state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32); return; }, }; @@ -1069,7 +1069,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an None => Vec::new(), }; let mut set_event_fileoverlap = false; - let found = match state.get_file_tx_by_fuid(&file_fid, STREAM_TOCLIENT) { + let found = match state.get_file_tx_by_fuid(&file_fid, Direction::ToClient) { Some((tx, files, flags)) => { if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { let file_id : u32 = tx.id as u32; @@ -1086,7 +1086,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an None => { false }, }; if !found { - let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, STREAM_TOCLIENT); + let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, Direction::ToClient); if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { let file_id : u32 = tx.id as u32; SCLogDebug!("FID {:?} found at tx {}", file_fid, tx.id); @@ -1114,7 +1114,7 @@ pub fn smb1_read_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>, an smb_read_dcerpc_record(state, vercmd, hdr, pure_fid, rd.data); } - state.set_file_left(STREAM_TOCLIENT, rd.len, rd.data.len() as u32, file_fid.to_vec()); + state.set_file_left(Direction::ToClient, rd.len, rd.data.len() as u32, file_fid.to_vec()); } _ => { events.push(SMBEvent::MalformedData); diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs index 756c69081d..271428f3d6 100644 --- a/rust/src/smb/smb2.rs +++ b/rust/src/smb/smb2.rs @@ -124,7 +124,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) } else if r.nt_status != SMB_NTSTATUS_SUCCESS { SCLogDebug!("SMBv2: read response error code received: skip record"); - state.set_skip(STREAM_TOCLIENT, rd.len, rd.data.len() as u32); + state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32); return; } @@ -137,7 +137,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) Some(o) => (o.offset, o.guid), None => { SCLogDebug!("SMBv2 READ response: reply to unknown request {:?}",rd); - state.set_skip(STREAM_TOCLIENT, rd.len, rd.data.len() as u32); + state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32); return; }, }; @@ -145,7 +145,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) let mut set_event_fileoverlap = false; // look up existing tracker and if we have it update it - let found = match state.get_file_tx_by_fuid(&file_guid, STREAM_TOCLIENT) { + let found = match state.get_file_tx_by_fuid(&file_guid, Direction::ToClient) { Some((tx, files, flags)) => { if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { let file_id : u32 = tx.id as u32; @@ -200,13 +200,13 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) smb_read_dcerpc_record(state, vercmd, hdr, &file_guid, rd.data); } else if is_pipe { SCLogDebug!("non-DCERPC pipe"); - state.set_skip(STREAM_TOCLIENT, rd.len, rd.data.len() as u32); + state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32); } else { let file_name = match state.guid2name_map.get(&file_guid) { Some(n) => { n.to_vec() }, None => { b"".to_vec() }, }; - let (tx, files, flags) = state.new_file_tx(&file_guid, &file_name, STREAM_TOCLIENT); + let (tx, files, flags) = state.new_file_tx(&file_guid, &file_name, Direction::ToClient); if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { let file_id : u32 = tx.id as u32; if offset < tdf.file_tracker.tracked { @@ -226,7 +226,7 @@ pub fn smb2_read_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) if set_event_fileoverlap { state.set_event(SMBEvent::FileOverlap); } - state.set_file_left(STREAM_TOCLIENT, rd.len, rd.data.len() as u32, file_guid.to_vec()); + state.set_file_left(Direction::ToClient, rd.len, rd.data.len() as u32, file_guid.to_vec()); } _ => { SCLogDebug!("SMBv2: failed to parse read response"); @@ -256,7 +256,7 @@ pub fn smb2_write_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) }; let mut set_event_fileoverlap = false; - let found = match state.get_file_tx_by_fuid(&file_guid, STREAM_TOSERVER) { + let found = match state.get_file_tx_by_fuid(&file_guid, Direction::ToServer) { Some((tx, files, flags)) => { if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { let file_id : u32 = tx.id as u32; @@ -311,9 +311,9 @@ pub fn smb2_write_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) smb_write_dcerpc_record(state, vercmd, hdr, wr.data); } else if is_pipe { SCLogDebug!("non-DCERPC pipe: skip rest of the record"); - state.set_skip(STREAM_TOSERVER, wr.wr_len, wr.data.len() as u32); + state.set_skip(Direction::ToServer, wr.wr_len, wr.data.len() as u32); } else { - let (tx, files, flags) = state.new_file_tx(&file_guid, &file_name, STREAM_TOSERVER); + let (tx, files, flags) = state.new_file_tx(&file_guid, &file_name, Direction::ToServer); if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { let file_id : u32 = tx.id as u32; if wr.wr_offset < tdf.file_tracker.tracked { @@ -332,7 +332,7 @@ pub fn smb2_write_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) if set_event_fileoverlap { state.set_event(SMBEvent::FileOverlap); } - state.set_file_left(STREAM_TOSERVER, wr.wr_len, wr.data.len() as u32, file_guid.to_vec()); + state.set_file_left(Direction::ToServer, wr.wr_len, wr.data.len() as u32, file_guid.to_vec()); }, _ => { state.set_event(SMBEvent::MalformedData); @@ -521,7 +521,7 @@ pub fn smb2_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) SMB2_COMMAND_CLOSE => { match parse_smb2_request_close(r.data) { Ok((_, cd)) => { - let found_ts = match state.get_file_tx_by_fuid(&cd.guid.to_vec(), STREAM_TOSERVER) { + let found_ts = match state.get_file_tx_by_fuid(&cd.guid.to_vec(), Direction::ToServer) { Some((tx, files, flags)) => { if !tx.request_done { if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { @@ -535,7 +535,7 @@ pub fn smb2_request_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) }, None => { false }, }; - let found_tc = match state.get_file_tx_by_fuid(&cd.guid.to_vec(), STREAM_TOCLIENT) { + let found_tc = match state.get_file_tx_by_fuid(&cd.guid.to_vec(), Direction::ToClient) { Some((tx, files, flags)) => { if !tx.request_done { if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { @@ -635,7 +635,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) Vec::new() }, }; - let found = match state.get_file_tx_by_fuid(&file_guid, STREAM_TOCLIENT) { + let found = match state.get_file_tx_by_fuid(&file_guid, Direction::ToClient) { Some((tx, files, flags)) => { if !tx.request_done { if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {