diff --git a/rust/src/smb/log.rs b/rust/src/smb/log.rs index 92d390b35b..bc2c6c6b1b 100644 --- a/rust/src/smb/log.rs +++ b/rust/src/smb/log.rs @@ -246,6 +246,15 @@ fn smb_common_header(state: &SMBState, tx: &SMBTransaction) -> Json jsd.set_string("response", &serv); } js.set("service", jsd); + + // share type only for SMB2 + } else { + match x.share_type { + 1 => { js.set_string("share_type", "FILE"); }, + 2 => { js.set_string("share_type", "PIPE"); }, + 3 => { js.set_string("share_type", "PRINT"); }, + _ => { js.set_string("share_type", "UNKNOWN"); }, + } } }, Some(SMBTransactionTypeData::FILE(ref x)) => { diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 52bc3238e6..19535f2876 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -391,6 +391,7 @@ impl SMBTransactionNegotiate { #[derive(Debug)] pub struct SMBTransactionTreeConnect { pub is_pipe: bool, + pub share_type: u8, pub tree_id: u32, pub share_name: Vec, @@ -403,6 +404,7 @@ impl SMBTransactionTreeConnect { pub fn new(share_name: Vec) -> SMBTransactionTreeConnect { return SMBTransactionTreeConnect { is_pipe:false, + share_type: 0, tree_id:0, share_name:share_name, req_service: None, diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs index f1462c79ea..346c58b17c 100644 --- a/rust/src/smb/smb2.rs +++ b/rust/src/smb/smb2.rs @@ -646,6 +646,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) let found = match state.get_treeconnect_tx(name_key) { Some(tx) => { if let Some(SMBTransactionTypeData::TREECONNECT(ref mut tdn)) = tx.type_data { + tdn.share_type = tr.share_type; tdn.is_pipe = is_pipe; tdn.tree_id = r.tree_id as u32; share_name = tdn.share_name.to_vec();