From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 18 Feb 2022 17:43:17 +0000 (-0600)
Subject: smb: expose smb1 request/reply flags with a method
X-Git-Tag: suricata-6.0.5~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e63795543f3c98c427ba200ac43f5d27e9d598ad;p=thirdparty%2Fsuricata.git

smb: expose smb1 request/reply flags with a method

Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.

(cherry picked from commit 09e2d3b216218eaed471b3ddb496873223744cf8)
---

diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs
index 2112304c5c..18f80d93ef 100644
--- a/rust/src/smb/smb1_records.rs
+++ b/rust/src/smb/smb1_records.rs
@@ -22,6 +22,9 @@ use nom::number::streaming::{le_u8, le_u16, le_u32, le_u64};
 use crate::smb::smb::*;
 use crate::smb::smb_records::*;
 
+// SMB_FLAGS_REPLY in Microsoft docs.
+const SMB1_FLAGS_RESPONSE: u8 = 0x80;
+
 fn smb_get_unicode_string_with_offset(i: &[u8], offset: usize) -> IResult<&[u8], Vec<u8>, SmbError>
 {
     do_parse!(i,
@@ -779,6 +782,16 @@ impl<'a> SmbRecord<'a> {
     pub fn is_dos_error(&self) -> bool {
         self.flags2 & 0x4000_u16 != 0
     }
+
+    /// Return true if record is a request.
+    pub fn is_request(&self) -> bool {
+        self.flags & SMB1_FLAGS_RESPONSE == 0
+    }
+
+    /// Return true if record is a reply.
+    pub fn is_response(&self) -> bool {
+        self.flags & SMB1_FLAGS_RESPONSE != 0
+    }
 }
 
 named!(pub parse_smb_record<SmbRecord>,