Merge remote-tracking branch 'origin/topic/seth/smb-pending-fix'

* origin/topic/seth/smb-pending-fix: Updating the defined SMB2 dialects to match Microsofts current docs. On rare occasions the server doesn't return the tree id on read responses. Fix an issue with pending commands. BIT-1862 #merged
2025-10-14 20:48:21 +00:00 · 2018-04-18 10:38:41 -05:00 · 2018-04-18 10:38:41 -05:00 · 181b36cafb
commit 181b36cafb
parent 0747080e5f a80131c06e
7 changed files with 76 additions and 18 deletions
--- a/scripts/policy/protocols/smb/smb2-main.bro
+++ b/scripts/policy/protocols/smb/smb2-main.bro
@ -68,6 +68,14 @@ event smb2_message(c: connection, hdr: SMB2::Header, is_orig: bool) &priority=-5
 	# Is this a response?
 	if ( !is_orig )
 		{
+		# If the command that is being looked at right now was
+		# marked as PENDING, then we'll skip all of this and wait
+		# for a reply that isn't marked pending.
+		if ( c$smb_state$current_cmd$status == "PENDING" )
+			{
+			return;
+			}
+
 		if ( SMB::write_cmd_log &&
 		     c$smb_state$current_cmd$status !in SMB::ignored_command_statuses &&
 		     c$smb_state$current_cmd$command !in SMB::deferred_logging_cmds )