From 09e2d3b216218eaed471b3ddb496873223744cf8 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 18 Feb 2022 11:43:17 -0600
Subject: [PATCH] smb: expose smb1 request/reply flags with a method

Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.
---
 rust/src/smb/smb1_records.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs
index 97e26337c..1d3b175b2 100644
--- a/rust/src/smb/smb1_records.rs
+++ b/rust/src/smb/smb1_records.rs
@@ -27,6 +27,9 @@ use nom7::IResult;
 
 pub const SMB1_HEADER_SIZE: usize = 32;
 
+// SMB_FLAGS_REPLY in Microsoft docs.
+const SMB1_FLAGS_RESPONSE: u8 = 0x80;
+
 fn smb_get_unicode_string_with_offset(i: &[u8], offset: usize) -> IResult<&[u8], Vec<u8>, SmbError>
 {
     let (i, _) = cond(offset % 2 == 1, take(1_usize))(i)?;
@@ -815,6 +818,16 @@ impl<'a> SmbRecord<'a> {
     pub fn is_dos_error(&self) -> bool {
         self.flags2 & 0x4000_u16 != 0
     }
+
+    /// Return true if record is a request.
+    pub fn is_request(&self) -> bool {
+        self.flags & SMB1_FLAGS_RESPONSE == 0
+    }
+
+    /// Return true if record is a reply.
+    pub fn is_response(&self) -> bool {
+        self.flags & SMB1_FLAGS_RESPONSE != 0
+    }
 }
 
 pub fn parse_smb_record(i: &[u8]) -> IResult<&[u8], SmbRecord> {
-- 
2.47.3