aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

64 bit portability

Browse Source
remotes/origin/master-1.0.x
root 16 years ago committed by Victor Julien
parent d7958f7983
commit 9b74a2765e
3 changed files with 93 additions and 117 deletions
Show Stats Download Patch File Download Diff File

77
src/app-layer-dcerpc.c
Unescape Escape View File

@ -46,7 +46,7 @@ void printUUID(char *type, struct uuid_entry *uuid) {
printf(" Major Version 0x%04x Minor Version 0x%04x\n", uuid->version, uuid->versionminor); printf(" Major Version 0x%04x Minor Version 0x%04x\n", uuid->version, uuid->versionminor);
} }
static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, static uint32_t DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{ {
SCEnter(); SCEnter();
@ -57,11 +57,12 @@ static int DCERPCParseSecondaryAddr(Flow *f, void *dcerpc_state, AppLayerParserS
p++; p++;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, static uint32_t PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state; DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input; uint8_t *p = input;
while (sstate->padleft-- && input_len--) { while (sstate->padleft-- && input_len--) {
@ -69,10 +70,10 @@ static int PaddingParser(Flow *f, void *dcerpc_state, AppLayerParserState *pstat
p++; p++;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
return (p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, static uint32_t DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter(); SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state; DCERPCState *sstate = (DCERPCState *)dcerpc_state;
@ -80,16 +81,17 @@ static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *p
if (input_len) { if (input_len) {
switch(sstate->ctxbytesprocessed) { switch(sstate->ctxbytesprocessed) {
case 0: case 0:
/*if (input_len >= 4) { if (input_len >= 4) {
sstate->numctxitems = *p; sstate->numctxitems = *p;
sstate->numctxitemsleft = sstate->numctxitems; sstate->numctxitemsleft = sstate->numctxitems;
sstate->ctxbytesprocessed += (4); sstate->ctxbytesprocessed += 4;
SCReturnInt(4); sstate->bytesprocessed += 4;
} else { */ SCReturnUInt(4U);
} else {
sstate->numctxitems = *(p++); sstate->numctxitems = *(p++);
sstate->numctxitemsleft = sstate->numctxitems; sstate->numctxitemsleft = sstate->numctxitems;
if (!(--input_len)) break; if (!(--input_len)) break;
//} }
case 1: case 1:
p++; p++;
if (!(--input_len)) break; if (!(--input_len)) break;
@ -104,11 +106,11 @@ static int DCERPCGetCTXItems(Flow *f, void *dcerpc_state, AppLayerParserState *p
} }
sstate->ctxbytesprocessed += (p - input); sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { static uint32_t DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter(); SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state; DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input; uint8_t *p = input;
@ -141,7 +143,7 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta
sstate->versionminor |= *(p + 23) << 8; sstate->versionminor |= *(p + 23) << 8;
sstate->uuid_entry = (struct uuid_entry *) calloc(1, sizeof(struct uuid_entry)); sstate->uuid_entry = (struct uuid_entry *) calloc(1, sizeof(struct uuid_entry));
if (sstate->uuid_entry == NULL) { if (sstate->uuid_entry == NULL) {
SCReturnInt(-1); SCReturnUInt(0);
} else { } else {
memcpy(sstate->uuid_entry->uuid, sstate->uuid, memcpy(sstate->uuid_entry->uuid, sstate->uuid,
sizeof(sstate->uuid)); sizeof(sstate->uuid));
@ -149,12 +151,12 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta
sstate->uuid_entry->version = sstate->version; sstate->uuid_entry->version = sstate->version;
sstate->uuid_entry->versionminor = sstate->versionminor; sstate->uuid_entry->versionminor = sstate->versionminor;
TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry, next); TAILQ_INSERT_HEAD(&sstate->uuid_list, sstate->uuid_entry, next);
printUUID("BIND", sstate->uuid_entry); //printUUID("BIND", sstate->uuid_entry);
} }
sstate->numctxitemsleft--; sstate->numctxitemsleft--;
sstate->bytesprocessed += (44); sstate->bytesprocessed += (44);
sstate->ctxbytesprocessed += (44); sstate->ctxbytesprocessed += (44);
SCReturnInt(44); SCReturnUInt(44U);
} else { } else {
sstate->ctxid = *(p++); sstate->ctxid = *(p++);
if (!(--input_len)) break; if (!(--input_len)) break;
@ -290,7 +292,7 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta
case 43: case 43:
sstate->numctxitemsleft--; sstate->numctxitemsleft--;
if (sstate->uuid_entry == NULL) { if (sstate->uuid_entry == NULL) {
SCReturnInt(-1); SCReturnUInt(0);
} else { } else {
memcpy(sstate->uuid_entry->uuid, sstate->uuid, memcpy(sstate->uuid_entry->uuid, sstate->uuid,
sizeof(sstate->uuid)); sizeof(sstate->uuid));
@ -306,10 +308,10 @@ static int DCERPCParseBINDCTXItem(Flow *f, void *dcerpc_state, AppLayerParserSta
} }
sstate->ctxbytesprocessed += (p - input); sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { static uint32_t DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter(); SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state; DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input; uint8_t *p = input;
@ -323,14 +325,14 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser
TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) { TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) {
if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) { if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) {
uuid_entry->result = sstate->result; uuid_entry->result = sstate->result;
printUUID("BIND_ACK", uuid_entry); //printUUID("BIND_ACK", uuid_entry);
break; break;
} }
} }
sstate->numctxitemsleft--; sstate->numctxitemsleft--;
sstate->bytesprocessed += (24); sstate->bytesprocessed += (24);
sstate->ctxbytesprocessed += (24); sstate->ctxbytesprocessed += (24);
SCReturnInt(24); SCReturnUInt(24U);
} else { } else {
sstate->result = *(p++); sstate->result = *(p++);
if (!(--input_len)) break; if (!(--input_len)) break;
@ -407,7 +409,7 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser
TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) { TAILQ_FOREACH(uuid_entry, &sstate->uuid_list, next) {
if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) { if(uuid_entry->ctxid == sstate->numctxitems - sstate->numctxitemsleft) {
uuid_entry->result = sstate->result; uuid_entry->result = sstate->result;
printUUID("BIND_ACK", uuid_entry); //printUUID("BIND_ACK", uuid_entry);
break; break;
} }
} }
@ -420,10 +422,10 @@ static int DCERPCParseBINDACKCTXItem(Flow *f, void *dcerpc_state, AppLayerParser
} }
sstate->ctxbytesprocessed += (p - input); sstate->ctxbytesprocessed += (p - input);
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, static uint32_t DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter(); SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state; DCERPCState *sstate = (DCERPCState *)dcerpc_state;
@ -437,7 +439,7 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst
sstate->numctxitems = *(p+8); sstate->numctxitems = *(p+8);
sstate->numctxitemsleft = sstate->numctxitems; sstate->numctxitemsleft = sstate->numctxitems;
sstate->bytesprocessed += 12; sstate->bytesprocessed += 12;
SCReturnInt(12); SCReturnUInt(12U);
} else { } else {
/* max_xmit_frag */ /* max_xmit_frag */
p++; p++;
@ -492,10 +494,10 @@ static int DCERPCParseBIND(Flow *f, void *dcerpc_state, AppLayerParserState *pst
} }
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { static uint32_t DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter(); SCEnter();
DCERPCState *sstate = (DCERPCState *)dcerpc_state; DCERPCState *sstate = (DCERPCState *)dcerpc_state;
uint8_t *p = input; uint8_t *p = input;
@ -508,7 +510,7 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *
sstate->secondaryaddrlen |= *(p+9) << 8; sstate->secondaryaddrlen |= *(p+9) << 8;
sstate->secondaryaddrlenleft = sstate->secondaryaddrlen; sstate->secondaryaddrlenleft = sstate->secondaryaddrlen;
sstate->bytesprocessed += 10; sstate->bytesprocessed += 10;
SCReturnInt(10); SCReturnUInt(10U);
} else { } else {
/* max_xmit_frag */ /* max_xmit_frag */
p++; p++;
@ -553,10 +555,10 @@ static int DCERPCParseBINDACK(Flow *f, void *dcerpc_state, AppLayerParserState *
break; break;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState static uint32_t DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
*pstate, uint8_t *input, uint32_t input_len, *pstate, uint8_t *input, uint32_t input_len,
AppLayerParserResult *output) { AppLayerParserResult *output) {
SCEnter(); SCEnter();
@ -592,7 +594,7 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
sstate->dcerpc.call_id |= *(p + 14) << 8; sstate->dcerpc.call_id |= *(p + 14) << 8;
sstate->dcerpc.call_id |= *(p + 15); sstate->dcerpc.call_id |= *(p + 15);
sstate->bytesprocessed = DCERPC_HDR_LEN; sstate->bytesprocessed = DCERPC_HDR_LEN;
SCReturnInt(DCERPC_HDR_LEN); SCReturnUInt(16U);
break; break;
} else { } else {
sstate->dcerpc.rpc_vers = *(p++); sstate->dcerpc.rpc_vers = *(p++);
@ -647,13 +649,10 @@ static int DCERPCParseHeader(Flow *f, void *dcerpc_state, AppLayerParserState
sstate->dcerpc.call_id |= *(p++); sstate->dcerpc.call_id |= *(p++);
--input_len; --input_len;
break; break;
default: // SHOULD NEVER OCCUR
SCLogDebug("Odd");
SCReturnInt(8);
} }
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
@ -672,6 +671,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCLogDebug("Done with DCERPCParseHeader bytesprocessed %u\n", sstate->bytesprocessed);
switch (sstate->dcerpc.type) { switch (sstate->dcerpc.type) {
case BIND: case BIND:
@ -684,6 +684,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCLogDebug("Done with DCERPCParseBIND bytesprocessed %u\n", sstate->bytesprocessed);
while (sstate->numctxitemsleft && sstate->bytesprocessed < sstate->dcerpc.frag_length && while (sstate->numctxitemsleft && sstate->bytesprocessed < sstate->dcerpc.frag_length &&
input_len) { input_len) {
@ -695,6 +696,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCLogDebug("Done with DCERPCParseBINDCTXItem bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == sstate->dcerpc.frag_length) { if (sstate->bytesprocessed == sstate->dcerpc.frag_length) {
sstate->bytesprocessed = 0; sstate->bytesprocessed = 0;
@ -711,6 +713,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCLogDebug("Done with DCERPCParseBINDACK bytesprocessed %u\n", sstate->bytesprocessed);
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen && input_len--) { while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen && input_len--) {
retval = DCERPCParseSecondaryAddr(f, dcerpc_state, pstate, input + parsed, input_len, retval = DCERPCParseSecondaryAddr(f, dcerpc_state, pstate, input + parsed, input_len,
@ -718,11 +721,13 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCLogDebug("Done with DCERPCParseSecondaryAddr bytesprocessed %u\n", sstate->bytesprocessed);
if(sstate->bytesprocessed == DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen) { if(sstate->bytesprocessed == DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen) {
sstate->pad = sstate->bytesprocessed % 4; sstate->pad = sstate->bytesprocessed % 4;
sstate->padleft = sstate->pad; sstate->padleft = sstate->pad;
} }
SCLogDebug("pad %u\n", sstate->pad);
while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen + sstate->pad && input_len--) { while (sstate->bytesprocessed < DCERPC_HDR_LEN + 10 + sstate->secondaryaddrlen + sstate->pad && input_len--) {
retval = PaddingParser(f, dcerpc_state, pstate, input + parsed, input_len, retval = PaddingParser(f, dcerpc_state, pstate, input + parsed, input_len,
@ -730,6 +735,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCLogDebug("Done with PaddingParser bytesprocessed %u\n", sstate->bytesprocessed);
while(sstate->bytesprocessed >= DCERPC_HDR_LEN + 10 + sstate->pad + sstate->secondaryaddrlen && while(sstate->bytesprocessed >= DCERPC_HDR_LEN + 10 + sstate->pad + sstate->secondaryaddrlen &&
sstate->bytesprocessed < DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) { sstate->bytesprocessed < DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) {
@ -738,6 +744,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCLogDebug("Done with DCERPCGetCTXItems bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) { if (sstate->bytesprocessed == DCERPC_HDR_LEN + 14 + sstate->pad + sstate->secondaryaddrlen) {
sstate->ctxbytesprocessed = 0; sstate->ctxbytesprocessed = 0;
@ -752,6 +759,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCLogDebug("Done with DCERPCParseBINDACKCTXItem bytesprocessed %u\n", sstate->bytesprocessed);
if (sstate->bytesprocessed == sstate->dcerpc.frag_length) { if (sstate->bytesprocessed == sstate->dcerpc.frag_length) {
sstate->bytesprocessed = 0; sstate->bytesprocessed = 0;
@ -793,7 +801,6 @@ static void DCERPCStateFree(void *s) {
void RegisterDCERPCParsers(void) { void RegisterDCERPCParsers(void) {
AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOSERVER, DCERPCParse); AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOSERVER, DCERPCParse);
AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOCLIENT, DCERPCParse); AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOCLIENT, DCERPCParse);
AppLayerRegisterParser("dcerpc.hdr", ALPROTO_DCERPC, DCERPC_PARSE_DCERPC_HEADER, DCERPCParseHeader, "dcerpc");
AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc, DCERPCStateFree); AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc, DCERPCStateFree);
} }

95
src/app-layer-smb.c
Unescape Escape View File

@ -102,8 +102,9 @@ void hexdump(const void *buf, size_t len) {
* \brief SMB Write AndX Request Parsing * \brief SMB Write AndX Request Parsing
*/ */
/* For WriteAndX we need to get writeandxdataoffset */ /* For WriteAndX we need to get writeandxdataoffset */
static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, static uint32_t SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state; SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input; uint8_t *p = input;
switch (sstate->andx.andxbytesprocessed) { switch (sstate->andx.andxbytesprocessed) {
@ -123,9 +124,8 @@ static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *psta
sstate->andx.dataoffset|= (uint64_t) *(p+25) << 48; sstate->andx.dataoffset|= (uint64_t) *(p+25) << 48;
sstate->andx.dataoffset|= (uint64_t) *(p+26) << 40; sstate->andx.dataoffset|= (uint64_t) *(p+26) << 40;
sstate->andx.dataoffset|= (uint64_t) *(p+27) << 32; sstate->andx.dataoffset|= (uint64_t) *(p+27) << 32;
input_len -= 28;
sstate->bytesprocessed += 28; sstate->bytesprocessed += 28;
return 28; SCReturnUInt(28U);
} else { } else {
sstate->andx.andxcommand = *(p++); sstate->andx.andxcommand = *(p++);
if (!(--input_len)) break; if (!(--input_len)) break;
@ -230,19 +230,17 @@ static int SMBParseWriteAndX(Flow *f, void *smb_state, AppLayerParserState *psta
sstate->andx.dataoffset|= (uint64_t) *(p++) << 32; sstate->andx.dataoffset|= (uint64_t) *(p++) << 32;
--input_len; --input_len;
break; break;
default:
// SHOULD NEVER OCCUR
return 0;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
return (p - input); SCReturnUInt((uint32_t)(p - input));
} }
/** /**
* \brief SMB Read AndX Response Parsing * \brief SMB Read AndX Response Parsing
*/ */
static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate, static uint32_t SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state; SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input; uint8_t *p = input;
switch (sstate->andx.andxbytesprocessed) { switch (sstate->andx.andxbytesprocessed) {
@ -260,9 +258,8 @@ static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstat
sstate->andx.datalength |= (uint64_t) *(p+15) << 48; sstate->andx.datalength |= (uint64_t) *(p+15) << 48;
sstate->andx.datalength |= (uint64_t) *(p+16) << 40; sstate->andx.datalength |= (uint64_t) *(p+16) << 40;
sstate->andx.datalength |= (uint64_t) *(p+17) << 32; sstate->andx.datalength |= (uint64_t) *(p+17) << 32;
input_len -= 24;
sstate->bytesprocessed += 24; sstate->bytesprocessed += 24;
return 24; SCReturnUInt(24U);
} else { } else {
sstate->andx.andxcommand = *(p++); sstate->andx.andxcommand = *(p++);
if (!(--input_len)) break; if (!(--input_len)) break;
@ -331,20 +328,17 @@ static int SMBParseReadAndX(Flow *f, void *smb_state, AppLayerParserState *pstat
p++; p++;
--input_len; --input_len;
break; break;
default:
// SHOULD NEVER OCCUR
return 0;
} }
return 0;
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
return (p - input); SCReturnUInt((uint32_t)(p - input));
} }
/** /**
* Handle variable length padding for WriteAndX and ReadAndX * Handle variable length padding for WriteAndX and ReadAndX
*/ */
static int PaddingParser(void *smb_state, AppLayerParserState *pstate, static uint32_t PaddingParser(void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state; SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input; uint8_t *p = input;
while ((uint32_t)(sstate->bytesprocessed + (p - input)) < sstate->andx.dataoffset && sstate->bytecount.bytecount-- && input_len--) { while ((uint32_t)(sstate->bytesprocessed + (p - input)) < sstate->andx.dataoffset && sstate->bytecount.bytecount-- && input_len--) {
@ -354,15 +348,16 @@ static int PaddingParser(void *smb_state, AppLayerParserState *pstate,
sstate->andx.paddingparsed = 1; sstate->andx.paddingparsed = 1;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
return (p - input); SCReturnUInt((uint32_t)(p - input));
} }
/** /**
* \brief Parse WriteAndX and ReadAndX Data * \brief Parse WriteAndX and ReadAndX Data
* \todo Hand off to DCERPC parser for DCERPC over SMB * \todo Hand off to DCERPC parser for DCERPC over SMB
*/ */
static int DataParser(void *smb_state, AppLayerParserState *pstate, static uint32_t DataParser(void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMBState *sstate = (SMBState *) smb_state; SMBState *sstate = (SMBState *) smb_state;
uint8_t *p = input; uint8_t *p = input;
@ -373,7 +368,7 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate,
} }
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
return (p - input); SCReturnUInt((uint32_t)(p - input));
} }
@ -382,7 +377,7 @@ static int DataParser(void *smb_state, AppLayerParserState *pstate,
* Reset bytecount.bytecountbytes to 0. * Reset bytecount.bytecountbytes to 0.
* Determine if this is an SMB AndX Command * Determine if this is an SMB AndX Command
*/ */
static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, static uint32_t SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{ {
SCEnter(); SCEnter();
@ -393,9 +388,9 @@ static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate
sstate->bytecount.bytecountbytes = 0; sstate->bytecount.bytecountbytes = 0;
sstate->andx.isandx = isAndX(sstate); sstate->andx.isandx = isAndX(sstate);
SCLogDebug("Wordcount (%u):", sstate->wordcount.wordcount); SCLogDebug("Wordcount (%u):", sstate->wordcount.wordcount);
SCReturnInt(1); SCReturnUInt(1U);
} }
SCReturnInt(0); SCReturnUInt(0);
} }
/* /*
@ -403,7 +398,7 @@ static int SMBGetWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate
* is after the first bytecount byte. * is after the first bytecount byte.
*/ */
static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, static uint32_t SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{ {
SCEnter(); SCEnter();
@ -422,14 +417,14 @@ static int SMBGetByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate
SCLogDebug("Bytecount %u", sstate->bytecount.bytecount); SCLogDebug("Bytecount %u", sstate->bytecount.bytecount);
--input_len; --input_len;
} }
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
/** /**
* \brief SMBParseWordCount parses the SMB Wordcount portion of the SMB Transaction. * \brief SMBParseWordCount parses the SMB Wordcount portion of the SMB Transaction.
* until sstate->wordcount.wordcount bytes are parsed. * until sstate->wordcount.wordcount bytes are parsed.
*/ */
static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate, static uint32_t SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{ {
SCEnter(); SCEnter();
@ -442,20 +437,20 @@ static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *psta
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
sstate->wordcount.wordcount -= retval; sstate->wordcount.wordcount -= retval;
return retval; SCReturnUInt(retval);
} else if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0) && sstate->smb.command == SMB_COM_WRITE_ANDX) { } else if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0) && sstate->smb.command == SMB_COM_WRITE_ANDX) {
retval = SMBParseWriteAndX(f, sstate, pstate, input + parsed, input_len, output); retval = SMBParseWriteAndX(f, sstate, pstate, input + parsed, input_len, output);
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
sstate->wordcount.wordcount -= retval; sstate->wordcount.wordcount -= retval;
return retval; SCReturnUInt(retval);
} else { /* Generic WordCount Handler */ } else { /* Generic WordCount Handler */
while (sstate->wordcount.wordcount-- && input_len--) { while (sstate->wordcount.wordcount-- && input_len--) {
SCLogDebug("0x%02x ", *p); SCLogDebug("0x%02x ", *p);
p++; p++;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
} }
@ -464,7 +459,7 @@ static int SMBParseWordCount(Flow *f, void *smb_state, AppLayerParserState *psta
* until sstate->bytecount.bytecount bytes are parsed. * until sstate->bytecount.bytecount bytes are parsed.
*/ */
static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate, static uint32_t SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{ {
SCEnter(); SCEnter();
@ -484,23 +479,21 @@ static int SMBParseByteCount(Flow *f, void *smb_state, AppLayerParserState *psta
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
} }
SCReturnUInt(retval);
} }
while (sstate->bytecount.bytecount && input_len) { while (sstate->bytecount.bytecount && input_len) {
SCLogDebug("0x%02x bytecount %u input_len %u", *p, SCLogDebug("0x%02x bytecount %u input_len %u", *p,
sstate->bytecount.bytecount, input_len); sstate->bytecount.bytecount, input_len);
p++; p++;
sstate->wordcount.wordcount--; sstate->wordcount.wordcount--;
input_len--; input_len--;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnUInt((uint32_t)(p - input));
SCReturnInt(p - input);
} }
//#define DEBUG 1 static uint32_t NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{ {
SCEnter(); SCEnter();
@ -517,9 +510,8 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate
sstate->nbss.length = (*(p + 1) & 0x01) << 16; sstate->nbss.length = (*(p + 1) & 0x01) << 16;
sstate->nbss.length |= *(p + 2) << 8; sstate->nbss.length |= *(p + 2) << 8;
sstate->nbss.length |= *(p + 3); sstate->nbss.length |= *(p + 3);
input_len -= NBSS_HDR_LEN;
sstate->bytesprocessed += NBSS_HDR_LEN; sstate->bytesprocessed += NBSS_HDR_LEN;
SCReturnInt(NBSS_HDR_LEN); SCReturnUInt(4U);
} else { } else {
sstate->nbss.type = *(p++); sstate->nbss.type = *(p++);
if (!(--input_len)) break; if (!(--input_len)) break;
@ -534,16 +526,13 @@ static int NBSSParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate
sstate->nbss.length |= *(p++); sstate->nbss.length |= *(p++);
--input_len; --input_len;
break; break;
default:
SCReturnInt(-1);
break;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
} }
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate, static uint32_t SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) uint8_t *input, uint32_t input_len, AppLayerParserResult *output)
{ {
SCEnter(); SCEnter();
@ -555,7 +544,7 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
if (input_len >= SMB_HDR_LEN) { if (input_len >= SMB_HDR_LEN) {
if (memcmp(p, "\xff\x53\x4d\x42", 4) != 0) { if (memcmp(p, "\xff\x53\x4d\x42", 4) != 0) {
SCLogDebug("SMB Header did not validate"); SCLogDebug("SMB Header did not validate");
SCReturnInt(0); SCReturnUInt(0);
} }
sstate->smb.command = *(p + 4); sstate->smb.command = *(p + 4);
sstate->smb.status = *(p + 5) << 24; sstate->smb.status = *(p + 5) << 24;
@ -583,9 +572,8 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
sstate->smb.uid |= *(p + 29); sstate->smb.uid |= *(p + 29);
sstate->smb.mid = *(p + 30) << 8; sstate->smb.mid = *(p + 30) << 8;
sstate->smb.mid |= *(p + 31); sstate->smb.mid |= *(p + 31);
input_len -= SMB_HDR_LEN;
sstate->bytesprocessed += SMB_HDR_LEN; sstate->bytesprocessed += SMB_HDR_LEN;
SCReturnInt(SMB_HDR_LEN); SCReturnUInt(32U);
break; break;
} else { } else {
//sstate->smb.protocol[0] = *(p++); //sstate->smb.protocol[0] = *(p++);
@ -693,12 +681,10 @@ static int SMBParseHeader(Flow *f, void *smb_state, AppLayerParserState *pstate,
sstate->smb.mid |= *(p++); sstate->smb.mid |= *(p++);
--input_len; --input_len;
break; break;
default: // SHOULD NEVER OCCUR
SCReturnInt(8);
} }
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
SCReturnInt(p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
@ -707,8 +693,8 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
SCEnter(); SCEnter();
SMBState *sstate = (SMBState *) smb_state; SMBState *sstate = (SMBState *) smb_state;
uint32_t retval = 0; long int retval = 0;
uint32_t parsed = 0; long int parsed = 0;
if (pstate == NULL) if (pstate == NULL)
SCReturnInt(-1); SCReturnInt(-1);
@ -719,7 +705,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %u input_len %u", SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %ld input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type, sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type,
sstate->nbss.length, parsed, input_len); sstate->nbss.length, parsed, input_len);
} }
@ -732,7 +718,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
parsed, input_len, output); parsed, input_len, output);
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %u input_len %u", SCLogDebug("SMB Header (%u/%u) Command 0x%02x parsed %ld input_len %u",
sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN, sstate->bytesprocessed, NBSS_HDR_LEN + SMB_HDR_LEN,
sstate->smb.command, parsed, input_len); sstate->smb.command, parsed, input_len);
} }
@ -744,7 +730,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
output); output);
parsed += retval; parsed += retval;
input_len -= retval; input_len -= retval;
SCLogDebug("wordcount (%u) parsed %u input_len %u", SCLogDebug("wordcount (%u) parsed %ld input_len %u",
sstate->wordcount.wordcount, parsed, input_len); sstate->wordcount.wordcount, parsed, input_len);
} }
@ -795,6 +781,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
*/ */
int isAndX(SMBState *smb_state) { int isAndX(SMBState *smb_state) {
SCEnter();
switch (smb_state->smb.command) { switch (smb_state->smb.command) {
case SMB_NO_SECONDARY_ANDX_COMMAND: case SMB_NO_SECONDARY_ANDX_COMMAND:
case SMB_COM_LOCKING_ANDX: case SMB_COM_LOCKING_ANDX:
@ -806,9 +793,9 @@ int isAndX(SMBState *smb_state) {
case SMB_COM_TREE_CONNECT_ANDX: case SMB_COM_TREE_CONNECT_ANDX:
case SMB_COM_NT_CREATE_ANDX: case SMB_COM_NT_CREATE_ANDX:
smb_state->andx.andxbytesprocessed = 0; smb_state->andx.andxbytesprocessed = 0;
return 1; SCReturnInt(1);
default: default:
return 0; SCReturnInt(0);
} }
} }

38
src/app-layer-smb2.c
Unescape Escape View File

@ -35,9 +35,9 @@ enum {
SMB_FIELD_MAX, SMB_FIELD_MAX,
}; };
//#define DEBUG 1 static uint32_t NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state; SMB2State *sstate = (SMB2State *) smb2_state;
uint8_t *p = input; uint8_t *p = input;
@ -50,9 +50,8 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->nbss.length = (*(p + 1) & 0x01) << 16; sstate->nbss.length = (*(p + 1) & 0x01) << 16;
sstate->nbss.length |= *(p + 2) << 8; sstate->nbss.length |= *(p + 2) << 8;
sstate->nbss.length |= *(p + 3); sstate->nbss.length |= *(p + 3);
input_len -= NBSS_HDR_LEN;
sstate->bytesprocessed += NBSS_HDR_LEN; sstate->bytesprocessed += NBSS_HDR_LEN;
return NBSS_HDR_LEN; SCReturnUInt(4U);
} else { } else {
sstate->nbss.type = *(p++); sstate->nbss.type = *(p++);
if (!(--input_len)) break; if (!(--input_len)) break;
@ -67,17 +66,15 @@ static int NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->nbss.length |= *(p++); sstate->nbss.length |= *(p++);
--input_len; --input_len;
break; break;
default:
return -1;
break;
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
} }
return (p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state; SMB2State *sstate = (SMB2State *) smb2_state;
uint8_t *p = input; uint8_t *p = input;
if (input_len) { if (input_len) {
@ -148,9 +145,8 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.Signature[13] = *(p + 61); sstate->smb2.Signature[13] = *(p + 61);
sstate->smb2.Signature[14] = *(p + 62); sstate->smb2.Signature[14] = *(p + 62);
sstate->smb2.Signature[15] = *(p + 63); sstate->smb2.Signature[15] = *(p + 63);
input_len -= SMB2_HDR_LEN;
sstate->bytesprocessed += SMB2_HDR_LEN; sstate->bytesprocessed += SMB2_HDR_LEN;
return SMB2_HDR_LEN; SCReturnUInt(64U);
break; break;
} else { } else {
//sstate->smb2.protocol[0] = *(p++); //sstate->smb2.protocol[0] = *(p++);
@ -354,16 +350,15 @@ static int SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
sstate->smb2.Signature[15] = *(p++); sstate->smb2.Signature[15] = *(p++);
--input_len; --input_len;
break; break;
default: // SHOULD NEVER OCCUR
return 0;
} }
} }
sstate->bytesprocessed += (p - input); sstate->bytesprocessed += (p - input);
return (p - input); SCReturnUInt((uint32_t)(p - input));
} }
static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state; SMB2State *sstate = (SMB2State *) smb2_state;
uint32_t retval = 0; uint32_t retval = 0;
uint32_t parsed = 0; uint32_t parsed = 0;
@ -399,7 +394,7 @@ static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate,
} }
pstate->parse_field = 0; pstate->parse_field = 0;
pstate->flags |= APP_LAYER_PARSER_DONE; pstate->flags |= APP_LAYER_PARSER_DONE;
return 1; SCReturnInt(1);
} }
@ -422,19 +417,6 @@ static void SMB2StateFree(void *s) {
void RegisterSMB2Parsers(void) { void RegisterSMB2Parsers(void) {
AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse); AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse);
AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse); AppLayerRegisterProto("smb", ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse);
/*AppLayerRegisterParser("nbss.hdr", ALPROTO_SMB, SMB_PARSE_NBSS_HEADER,
NBSSParseHeader, "smb");
AppLayerRegisterParser("smb.hdr", ALPROTO_SMB, SMB_PARSE_SMB_HEADER,
SMBParseHeader, "smb");
AppLayerRegisterParser("smb.getwordcount", ALPROTO_SMB, SMB_PARSE_GET_WORDCOUNT,
SMBGetWordCount, "smb");
AppLayerRegisterParser("smb.wordcount", ALPROTO_SMB, SMB_PARSE_WORDCOUNT,
SMBParseWordCount, "smb");
AppLayerRegisterParser("smb.getbytecount", ALPROTO_SMB, SMB_PARSE_GET_BYTECOUNT,
SMBGetByteCount, "smb");
AppLayerRegisterParser("smb.bytecount", ALPROTO_SMB, SMB_PARSE_BYTECOUNT,
SMBParseByteCount, "smb");
*/
AppLayerRegisterStateFuncs(ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree); AppLayerRegisterStateFuncs(ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree);
} }

Write Preview
Loading…
Cancel
Save