Merge remote-tracking branch 'origin/topic/seth/smb-pending-fix'

* origin/topic/seth/smb-pending-fix:
  Updating the defined SMB2 dialects to match Microsofts current docs.
  On rare occasions the server doesn't return the tree id on read responses.
  Fix an issue with pending commands.

BIT-1862 #merged

scripts/base/protocols/smb/consts.bro

@@ -255,10 +255,12 @@ export {
 	} &default=function(i: count): string { return fmt("unknown-%d", i); };
 
 	const dialects: table[count] of string = {
-		[0x0202] = "2.002",
+		[0x0202] = "2.0.2",
 		[0x0210] = "2.1",
 		[0x0300] = "3.0",
-		[0x0302] = "3.02",
+		[0x0302] = "3.0.2",
+		[0x0311] = "3.1.1",
+		[0x02FF] = "2.1+",
 	} &default=function(i: count): string { return fmt("unknown-%d", i); };
 
 	const share_types: table[count] of string = {

scripts/policy/protocols/smb/smb2-main.bro

@@ -68,6 +68,14 @@ event smb2_message(c: connection, hdr: SMB2::Header, is_orig: bool) &priority=-5
 	# Is this a response?
 	if ( !is_orig )
 		{
+		# If the command that is being looked at right now was
+		# marked as PENDING, then we'll skip all of this and wait
+		# for a reply that isn't marked pending.
+		if ( c$smb_state$current_cmd$status == "PENDING" )
+			{
+			return;
+			}
+
 		if ( SMB::write_cmd_log &&
 		     c$smb_state$current_cmd$status !in SMB::ignored_command_statuses &&
 		     c$smb_state$current_cmd$command !in SMB::deferred_logging_cmds )