aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

smb: small cleanups, fixes and optimizations

Browse Source
pull/3281/head
Victor Julien 7 years ago
parent dab055d8c8
commit be615c9fbc
4 changed files with 11 additions and 21 deletions
Show Stats Download Patch File Download Diff File

6
rust/src/smb/smb.rs
Unescape Escape View File

@ -497,8 +497,7 @@ impl SMBCommonHdr {
_ => r.tree_id, _ => r.tree_id,
}; };
let msg_id = match rec_type { let msg_id = match rec_type {
SMBHDR_TYPE_TRANS_FRAG => { 0 }, SMBHDR_TYPE_TRANS_FRAG | SMBHDR_TYPE_SHARE => { 0 },
SMBHDR_TYPE_SHARE => { 0 },
_ => { r.message_id as u64 }, _ => { r.message_id as u64 },
}; };
@ -516,8 +515,7 @@ impl SMBCommonHdr {
_ => r.tree_id as u32, _ => r.tree_id as u32,
}; };
let msg_id = match rec_type { let msg_id = match rec_type {
SMBHDR_TYPE_TRANS_FRAG => { 0 }, SMBHDR_TYPE_TRANS_FRAG | SMBHDR_TYPE_SHARE => { 0 },
SMBHDR_TYPE_SHARE => { 0 },
_ => { r.multiplex_id as u64 }, _ => { r.multiplex_id as u64 },
}; };

2
rust/src/smb/smb1.rs
Unescape Escape View File

@ -170,7 +170,7 @@ fn smb1_close_file(state: &mut SMBState, fid: &Vec<u8>)
} }
pub fn smb1_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) -> u32 { pub fn smb1_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) -> u32 {
SCLogDebug!("record: {:?} command {}", r.greeter, r.command); SCLogDebug!("record: command {}: record {:?}", r.command, r);
let mut events : Vec<SMBEvent> = Vec::new(); let mut events : Vec<SMBEvent> = Vec::new();
let mut no_response_expected = false; let mut no_response_expected = false;

20
rust/src/smb/smb1_records.rs
Unescape Escape View File

@ -146,7 +146,6 @@ named!(pub parse_smb_connect_tree_andx_response_record<Smb1ResponseRecordTreeCon
#[derive(Debug,PartialEq)] #[derive(Debug,PartialEq)]
pub struct SmbRecordTreeConnectAndX<'a> { pub struct SmbRecordTreeConnectAndX<'a> {
pub len: usize,
pub share: &'a[u8], pub share: &'a[u8],
} }
@ -156,11 +155,10 @@ named!(pub parse_smb_connect_tree_andx_record<SmbRecordTreeConnectAndX>,
>> pwlen: le_u16 >> pwlen: le_u16
>> bcc: le_u16 >> bcc: le_u16
>> pw: take!(pwlen) >> pw: take!(pwlen)
>> share: take!(bcc - (6 + pwlen)) >> share: cond!(bcc >= (6 + pwlen), take!(bcc - (6 + pwlen)))
>> service: take!(6) >> service: take!(6)
>> (SmbRecordTreeConnectAndX { >> (SmbRecordTreeConnectAndX {
len:bcc as usize - (6 + pwlen as usize) as usize, share: share.unwrap_or(&[]),
share:share,
})) }))
); );
@ -404,7 +402,6 @@ named!(pub parse_smb_setup_andx_record<SmbRecordSetupAndX>,
>> skip2: take!(8) >> skip2: take!(8)
>> bcc: le_u16 >> bcc: le_u16
>> sec_blob: take!(sec_blob_len) >> sec_blob: take!(sec_blob_len)
//>> skip3: rest
>> (SmbRecordSetupAndX { >> (SmbRecordSetupAndX {
sec_blob:sec_blob, sec_blob:sec_blob,
})) }))
@ -460,7 +457,7 @@ pub struct SmbRequestReadAndXRecord<'a> {
named!(pub parse_smb_read_andx_request_record<SmbRequestReadAndXRecord>, named!(pub parse_smb_read_andx_request_record<SmbRequestReadAndXRecord>,
do_parse!( do_parse!(
wtc: le_u8 wct: le_u8
>> andx_command: le_u8 >> andx_command: le_u8
>> take!(1) // reserved >> take!(1) // reserved
>> andx_offset: le_u16 >> andx_offset: le_u16
@ -470,8 +467,7 @@ named!(pub parse_smb_read_andx_request_record<SmbRequestReadAndXRecord>,
>> take!(2) >> take!(2)
>> max_count_high: le_u32 >> max_count_high: le_u32
>> take!(2) >> take!(2)
>> high_offset: cond!(wtc==12,le_u32) // only from wtc ==12? >> high_offset: cond!(wct==12,le_u32) // only from wct ==12?
>> (SmbRequestReadAndXRecord { >> (SmbRequestReadAndXRecord {
fid:fid, fid:fid,
size: (((max_count_high as u64) << 16)|max_count_low as u64), size: (((max_count_high as u64) << 16)|max_count_low as u64),
@ -487,7 +483,7 @@ pub struct SmbResponseReadAndXRecord<'a> {
named!(pub parse_smb_read_andx_response_record<SmbResponseReadAndXRecord>, named!(pub parse_smb_read_andx_response_record<SmbResponseReadAndXRecord>,
do_parse!( do_parse!(
wtc: le_u8 wct: le_u8
>> andx_command: le_u8 >> andx_command: le_u8
>> take!(1) // reserved >> take!(1) // reserved
>> andx_offset: le_u16 >> andx_offset: le_u16
@ -587,9 +583,6 @@ named!(pub parse_smb_version<SmbVersion>,
#[derive(Debug,PartialEq)] #[derive(Debug,PartialEq)]
pub struct SmbRecord<'a> { pub struct SmbRecord<'a> {
//pub nbss_hdr: NbssRecord<'a>,
pub greeter: &'a[u8],
pub command: u8, pub command: u8,
pub is_dos_error: bool, pub is_dos_error: bool,
pub nt_status: u32, pub nt_status: u32,
@ -614,7 +607,7 @@ impl<'a> SmbRecord<'a> {
named!(pub parse_smb_record<SmbRecord>, named!(pub parse_smb_record<SmbRecord>,
do_parse!( do_parse!(
server_component: tag!(b"\xffSMB") tag!(b"\xffSMB")
>> command:le_u8 >> command:le_u8
>> nt_status:le_u32 >> nt_status:le_u32
>> flags:le_u8 >> flags:le_u8
@ -629,7 +622,6 @@ named!(pub parse_smb_record<SmbRecord>,
>> data: rest >> data: rest
>> (SmbRecord { >> (SmbRecord {
greeter:server_component,
command:command, command:command,
nt_status:nt_status, nt_status:nt_status,
flags:flags, flags:flags,

4
rust/src/smb/smb2_records.rs
Unescape Escape View File

@ -368,7 +368,7 @@ named!(pub parse_smb2_response_write<Smb2WriteResponseRecord>,
named!(pub parse_smb2_response_record<Smb2Record>, named!(pub parse_smb2_response_record<Smb2Record>,
do_parse!( do_parse!(
server_component: tag!(b"\xfeSMB") tag!(b"\xfeSMB")
>> hlen: le_u16 >> hlen: le_u16
>> credit_charge: le_u16 >> credit_charge: le_u16
>> nt_status: le_u32 >> nt_status: le_u32
@ -400,7 +400,7 @@ named!(pub parse_smb2_response_record<Smb2Record>,
tree_id: tree_id, tree_id: tree_id,
session_id: session_id, session_id: session_id,
command:command, command:command,
data: if data_c != None { data_c.unwrap() } else { data_r.unwrap() } data: data_c.or(data_r).unwrap()
}) })
)); ));

Write Preview
Loading…
Cancel
Save