smb/dce_opnum: use DCERPC_TYPE_REQUEST

The smb dce_opnum keyword doesn't match the dcerpc requests/responses. This occurs because in the rs_smb_tx_match_dce_opnum function, the x.req_cmd is matched against the erroneous code 1. Fix this by using DCERPC_TYPE_REQUEST for the comparison instead. Ticket: 4767
4 years ago · 8dca3d0416
parent 15f493f516
commit 8dca3d0416
1 changed files with 2 additions and 1 deletions
--- a/rust/src/smb/detect.rs
+++ b/rust/src/smb/detect.rs
@ -19,6 +19,7 @@ use std::ptr;
 use crate::core::*;
 use crate::smb::smb::*;
 use crate::dcerpc::detect::{DCEIfaceData, DCEOpnumData, DETECT_DCE_OPNUM_RANGE_UNINITIALIZED};
+use crate::dcerpc::dcerpc::DCERPC_TYPE_REQUEST;

 #[no_mangle]
 pub unsafe extern "C" fn rs_smb_tx_get_share(tx: &mut SMBTransaction,
@ -105,7 +106,7 @@ pub extern "C" fn rs_smb_tx_match_dce_opnum(tx: &mut SMBTransaction,
    SCLogDebug!("rs_smb_tx_get_dce_opnum: start");
    match tx.type_data {
        Some(SMBTransactionTypeData::DCERPC(ref x)) => {
-            if x.req_cmd == 1 { // REQUEST
+            if x.req_cmd == DCERPC_TYPE_REQUEST {
                for range in dce_data.data.iter() {
                    if range.range2 == DETECT_DCE_OPNUM_RANGE_UNINITIALIZED {
                        if range.range1 == x.opnum as u32 {