aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rust/smb: implement minimal record parsing in probing

Browse Source
pull/3284/head
Victor Julien 8 years ago
parent ff398deda9
commit 7ab071a58d
2 changed files with 18 additions and 40 deletions
Show Stats Download Patch File Download Diff File

29
rust/src/smb/smb.rs
Unescape Escape View File

@ -1696,26 +1696,21 @@ pub extern "C" fn rs_smb_parse_response_tcp_gap(
return -1; return -1;
} }
/// TOSERVER probe function
#[no_mangle] #[no_mangle]
pub extern "C" fn rs_smb_probe_tcp_ts(_input: *const libc::uint8_t, _len: libc::uint32_t) pub extern "C" fn rs_smb_probe_tcp(input: *const libc::uint8_t, len: libc::uint32_t)
-> libc::int8_t -> libc::int8_t
{ {
// let slice: &[u8] = unsafe { let slice: &[u8] = unsafe {
// std::slice::from_raw_parts(input as *mut u8, len as usize) std::slice::from_raw_parts(input as *mut u8, len as usize)
// }; };
//return smb3_probe(slice, STREAM_TOSERVER); match parse_nbss_record_partial(slice) {
return 1 IResult::Done(_, ref hdr) => {
} if hdr.is_smb() {
/// TOCLIENT probe function return 1;
#[no_mangle] }
pub extern "C" fn rs_smb_probe_tcp_tc(_input: *const libc::uint8_t, _len: libc::uint32_t) },
-> libc::int8_t _ => { },
{ }
// let slice: &[u8] = unsafe {
// std::slice::from_raw_parts(input as *mut u8, len as usize)
// };
//return smb3_probe(slice, STREAM_TOCLIENT);
return 1 return 1
} }

29
src/app-layer-smb-tcp-rust.c
Unescape Escape View File

@ -77,7 +77,7 @@ static int RustSMBTCPParseResponse(Flow *f, void *state,
return res; return res;
} }
static uint16_t RustSMBTCPProbeTS(Flow *f, static uint16_t RustSMBTCPProbe(Flow *f,
uint8_t *input, uint32_t len, uint32_t *offset) uint8_t *input, uint32_t len, uint32_t *offset)
{ {
SCLogDebug("RustSMBTCPProbe"); SCLogDebug("RustSMBTCPProbe");
@ -87,24 +87,7 @@ static uint16_t RustSMBTCPProbeTS(Flow *f,
} }
// Validate and return ALPROTO_FAILED if needed. // Validate and return ALPROTO_FAILED if needed.
if (!rs_smb_probe_tcp_ts(input, len)) { if (!rs_smb_probe_tcp(input, len)) {
return ALPROTO_FAILED;
}
return ALPROTO_SMB;
}
static uint16_t RustSMBTCPProbeTC(Flow *f,
uint8_t *input, uint32_t len, uint32_t *offset)
{
SCLogDebug("RustSMBTCPProbe");
if (len < MIN_REC_SIZE) {
return ALPROTO_UNKNOWN;
}
// Validate and return ALPROTO_FAILED if needed.
if (!rs_smb_probe_tcp_tc(input, len)) {
return ALPROTO_FAILED; return ALPROTO_FAILED;
} }
@ -232,20 +215,20 @@ void RegisterRustSMBTCPParsers(void)
if (RunmodeIsUnittests()) { if (RunmodeIsUnittests()) {
AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0, AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0,
MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbeTS, MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbe,
NULL); NULL);
} else { } else {
int have_cfg = AppLayerProtoDetectPPParseConfPorts("tcp", int have_cfg = AppLayerProtoDetectPPParseConfPorts("tcp",
IPPROTO_TCP, proto_name, ALPROTO_SMB, 0, IPPROTO_TCP, proto_name, ALPROTO_SMB, 0,
MIN_REC_SIZE, RustSMBTCPProbeTS, RustSMBTCPProbeTC); MIN_REC_SIZE, RustSMBTCPProbe, RustSMBTCPProbe);
/* if we have no config, we enable the default port 445 */ /* if we have no config, we enable the default port 445 */
if (!have_cfg) { if (!have_cfg) {
SCLogWarning(SC_ERR_SMB_CONFIG, "no SMB TCP config found, " SCLogWarning(SC_ERR_SMB_CONFIG, "no SMB TCP config found, "
"enabling SMB detection on " "enabling SMB detection on "
"port 445."); "port 445.");
AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0, AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0,
MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbeTS, MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbe,
RustSMBTCPProbeTC); RustSMBTCPProbe);
} }
} }
} else { } else {

Write Preview
Loading…
Cancel
Save