rust/smb: implement minimal record parsing in probing

7 years ago · 7ab071a58d
parent ff398deda9
commit 7ab071a58d
2 changed files with 18 additions and 40 deletions
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@ -1696,26 +1696,21 @@ pub extern "C" fn rs_smb_parse_response_tcp_gap(
    return -1;
 }

-/// TOSERVER probe function
 #[no_mangle]
-pub extern "C" fn rs_smb_probe_tcp_ts(_input: *const libc::uint8_t, _len: libc::uint32_t)
+pub extern "C" fn rs_smb_probe_tcp(input: *const libc::uint8_t, len: libc::uint32_t)
                               -> libc::int8_t
 {
-//    let slice: &[u8] = unsafe {
-//        std::slice::from_raw_parts(input as *mut u8, len as usize)
-//    };
-    //return smb3_probe(slice, STREAM_TOSERVER);
-    return 1
-}
-/// TOCLIENT probe function
-#[no_mangle]
-pub extern "C" fn rs_smb_probe_tcp_tc(_input: *const libc::uint8_t, _len: libc::uint32_t)
-                               -> libc::int8_t
-{
-//    let slice: &[u8] = unsafe {
-//        std::slice::from_raw_parts(input as *mut u8, len as usize)
-//    };
-    //return smb3_probe(slice, STREAM_TOCLIENT);
+    let slice: &[u8] = unsafe {
+        std::slice::from_raw_parts(input as *mut u8, len as usize)
+    };
+    match parse_nbss_record_partial(slice) {
+        IResult::Done(_, ref hdr) => {
+            if hdr.is_smb() {
+                return 1;
+            }
+        },
+        _ => { },
+    }
    return 1
 }

--- a/src/app-layer-smb-tcp-rust.c
+++ b/src/app-layer-smb-tcp-rust.c
@ -77,7 +77,7 @@ static int RustSMBTCPParseResponse(Flow *f, void *state,
    return res;
 }

-static uint16_t RustSMBTCPProbeTS(Flow *f,
+static uint16_t RustSMBTCPProbe(Flow *f,
        uint8_t *input, uint32_t len, uint32_t *offset)
 {
    SCLogDebug("RustSMBTCPProbe");
@ -87,24 +87,7 @@ static uint16_t RustSMBTCPProbeTS(Flow *f,
    }

    // Validate and return ALPROTO_FAILED if needed.
-    if (!rs_smb_probe_tcp_ts(input, len)) {
-        return ALPROTO_FAILED;
-    }
-
-    return ALPROTO_SMB;
-}
-
-static uint16_t RustSMBTCPProbeTC(Flow *f,
-        uint8_t *input, uint32_t len, uint32_t *offset)
-{
-    SCLogDebug("RustSMBTCPProbe");
-
-    if (len < MIN_REC_SIZE) {
-        return ALPROTO_UNKNOWN;
-    }
-
-    // Validate and return ALPROTO_FAILED if needed.
-    if (!rs_smb_probe_tcp_tc(input, len)) {
+    if (!rs_smb_probe_tcp(input, len)) {
        return ALPROTO_FAILED;
    }

@ -232,20 +215,20 @@ void RegisterRustSMBTCPParsers(void)

        if (RunmodeIsUnittests()) {
            AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0,
-                    MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbeTS,
+                    MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbe,
                    NULL);
        } else {
            int have_cfg = AppLayerProtoDetectPPParseConfPorts("tcp",
                    IPPROTO_TCP, proto_name, ALPROTO_SMB, 0,
-                    MIN_REC_SIZE, RustSMBTCPProbeTS, RustSMBTCPProbeTC);
+                    MIN_REC_SIZE, RustSMBTCPProbe, RustSMBTCPProbe);
            /* if we have no config, we enable the default port 445 */
            if (!have_cfg) {
                SCLogWarning(SC_ERR_SMB_CONFIG, "no SMB TCP config found, "
                                                "enabling SMB detection on "
                                                "port 445.");
                AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0,
-                        MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbeTS,
-                        RustSMBTCPProbeTC);
+                        MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbe,
+                        RustSMBTCPProbe);
            }
        }
    } else {