|
|
|
|
@ -403,11 +403,11 @@ impl NFSState {
|
|
|
|
|
SCLogDebug!("get_tx_by_xid: tx_xid={}", tx_xid);
|
|
|
|
|
for tx in &mut self.transactions {
|
|
|
|
|
if !tx.is_file_tx && tx.xid == tx_xid {
|
|
|
|
|
SCLogDebug!("Found NFS TX with ID {} XID {}", tx.id, tx.xid);
|
|
|
|
|
SCLogDebug!("Found NFS TX with ID {} XID {:04X}", tx.id, tx.xid);
|
|
|
|
|
return Some(tx);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
SCLogDebug!("Failed to find NFS TX with XID {}", tx_xid);
|
|
|
|
|
SCLogDebug!("Failed to find NFS TX with XID {:04X}", tx_xid);
|
|
|
|
|
return None;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -457,7 +457,7 @@ impl NFSState {
|
|
|
|
|
mytx.file_handle = resp_handle.to_vec();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SCLogDebug!("process_reply_record: tx ID {} XID {} REQUEST {} RESPONSE {}",
|
|
|
|
|
SCLogDebug!("process_reply_record: tx ID {} XID {:04X} REQUEST {} RESPONSE {}",
|
|
|
|
|
mytx.id, mytx.xid, mytx.request_done, mytx.response_done);
|
|
|
|
|
},
|
|
|
|
|
None => {
|
|
|
|
|
@ -540,7 +540,7 @@ impl NFSState {
|
|
|
|
|
direction == tx.file_tx_direction &&
|
|
|
|
|
tx.file_handle == fh
|
|
|
|
|
{
|
|
|
|
|
SCLogDebug!("Found NFS file TX with ID {} XID {}", tx.id, tx.xid);
|
|
|
|
|
SCLogDebug!("Found NFS file TX with ID {} XID {:04X}", tx.id, tx.xid);
|
|
|
|
|
let (files, flags) = self.files.get(direction);
|
|
|
|
|
return Some((tx, files, flags));
|
|
|
|
|
}
|
|
|
|
|
@ -630,7 +630,7 @@ impl NFSState {
|
|
|
|
|
match self.requestmap.remove(&r.hdr.xid) {
|
|
|
|
|
Some(p) => { xidmap = p; },
|
|
|
|
|
_ => {
|
|
|
|
|
SCLogDebug!("REPLY: xid {} NOT FOUND. GAPS? TS:{} TC:{}",
|
|
|
|
|
SCLogDebug!("REPLY: xid {:04X} NOT FOUND. GAPS? TS:{} TC:{}",
|
|
|
|
|
r.hdr.xid, self.ts_ssn_gap, self.tc_ssn_gap);
|
|
|
|
|
|
|
|
|
|
// TODO we might be able to try to infer from the size + data
|
|
|
|
|
@ -638,6 +638,8 @@ impl NFSState {
|
|
|
|
|
return 0;
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
SCLogDebug!("process_reply_record: removed xid {:04X} from requestmap",
|
|
|
|
|
r.hdr.xid);
|
|
|
|
|
|
|
|
|
|
if self.nfs_version == 0 {
|
|
|
|
|
self.nfs_version = xidmap.progver as u16;
|
|
|
|
|
@ -680,7 +682,7 @@ impl NFSState {
|
|
|
|
|
} else {
|
|
|
|
|
self.tc_chunk_xid
|
|
|
|
|
};
|
|
|
|
|
SCLogDebug!("chunk left {}, input {}", chunk_left, data.len());
|
|
|
|
|
SCLogDebug!("filetracker_update: chunk left {}, input {} chunk_xid {:04X}", chunk_left, data.len(), xid);
|
|
|
|
|
|
|
|
|
|
let file_handle;
|
|
|
|
|
// we have the data that we expect
|
|
|
|
|
@ -887,8 +889,9 @@ impl NFSState {
|
|
|
|
|
self.tc_chunk_left = (reply.count as u32 + fill_bytes) - reply.data.len() as u32;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SCLogDebug!("REPLY {} to procedure {} blob size {} / {}: chunk_left {}",
|
|
|
|
|
r.hdr.xid, NFSPROC3_READ, r.prog_data.len(), reply.count, self.tc_chunk_left);
|
|
|
|
|
SCLogDebug!("REPLY {} to procedure {} blob size {} / {}: chunk_left {} chunk_xid {:04X}",
|
|
|
|
|
r.hdr.xid, NFSPROC3_READ, r.prog_data.len(), reply.count, self.tc_chunk_left,
|
|
|
|
|
self.tc_chunk_xid);
|
|
|
|
|
0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -910,6 +913,7 @@ impl NFSState {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn parse_tcp_data_ts_gap<'b>(&mut self, gap_size: u32) -> u32 {
|
|
|
|
|
SCLogDebug!("parse_tcp_data_ts_gap ({})", gap_size);
|
|
|
|
|
if self.tcp_buffer_ts.len() > 0 {
|
|
|
|
|
self.tcp_buffer_ts.clear();
|
|
|
|
|
}
|
|
|
|
|
@ -921,10 +925,12 @@ impl NFSState {
|
|
|
|
|
}
|
|
|
|
|
self.ts_ssn_gap = true;
|
|
|
|
|
self.ts_gap = true;
|
|
|
|
|
SCLogDebug!("parse_tcp_data_ts_gap ({}) done", gap_size);
|
|
|
|
|
return 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn parse_tcp_data_tc_gap<'b>(&mut self, gap_size: u32) -> u32 {
|
|
|
|
|
SCLogDebug!("parse_tcp_data_tc_gap ({})", gap_size);
|
|
|
|
|
if self.tcp_buffer_tc.len() > 0 {
|
|
|
|
|
self.tcp_buffer_tc.clear();
|
|
|
|
|
}
|
|
|
|
|
@ -936,6 +942,7 @@ impl NFSState {
|
|
|
|
|
}
|
|
|
|
|
self.tc_ssn_gap = true;
|
|
|
|
|
self.tc_gap = true;
|
|
|
|
|
SCLogDebug!("parse_tcp_data_tc_gap ({}) done", gap_size);
|
|
|
|
|
return 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Victor Julien
6 years ago