rust/smb: implement stream-depth, unlimited by default

pull/3448/head
Victor Julien 7 years ago
parent d38e7d9410
commit 0b46d027d0

@ -29,6 +29,7 @@
#include "app-layer-smb-tcp-rust.h" #include "app-layer-smb-tcp-rust.h"
#include "rust-smb-smb-gen.h" #include "rust-smb-smb-gen.h"
#include "rust-smb-files-gen.h" #include "rust-smb-files-gen.h"
#include "util-misc.h"
#define MIN_REC_SIZE 32+4 // SMB hdr + nbss hdr #define MIN_REC_SIZE 32+4 // SMB hdr + nbss hdr
@ -205,6 +206,10 @@ static int RustSMBRegisterPatternsForProtocolDetection(void)
static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER; static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER;
static SuricataFileContext sfc = { &sbcfg }; static SuricataFileContext sfc = { &sbcfg };
#define SMB_CONFIG_DEFAULT_STREAM_DEPTH 0
static uint32_t stream_depth = SMB_CONFIG_DEFAULT_STREAM_DEPTH;
void RegisterRustSMBTCPParsers(void) void RegisterRustSMBTCPParsers(void)
{ {
const char *proto_name = "smb"; const char *proto_name = "smb";
@ -278,6 +283,18 @@ void RegisterRustSMBTCPParsers(void)
AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_SMB, AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_SMB,
APP_LAYER_PARSER_OPT_ACCEPT_GAPS); APP_LAYER_PARSER_OPT_ACCEPT_GAPS);
ConfNode *p = ConfGetNode("app-layer.protocols.smb.stream-depth");
if (p != NULL) {
uint32_t value;
if (ParseSizeStringU32(p->val, &value) < 0) {
SCLogError(SC_ERR_SMB_CONFIG, "invalid value for stream-depth %s", p->val);
} else {
stream_depth = value;
}
}
SCLogConfig("SMB stream depth: %u", stream_depth);
AppLayerParserSetStreamDepth(IPPROTO_TCP, ALPROTO_SMB, stream_depth);
} else { } else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection" SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name); "still on.", proto_name);

@ -817,6 +817,10 @@ app-layer:
enabled: yes enabled: yes
detection-ports: detection-ports:
dp: 139, 445 dp: 139, 445
# Stream reassembly size for SMB streams. By default track it completely.
#stream-depth: 0
# Note: NFS parser depends on Rust support: pass --enable-rust # Note: NFS parser depends on Rust support: pass --enable-rust
# to configure. # to configure.
nfs: nfs:

Loading…
Cancel
Save