scripts/smb2-main: Reset script-level state upon smb2_discarded_messages_state()

This is similar to what the external corelight/zeek-smb-clear-state script does, but leverages the smb2_discarded_messages_state() event instead of regularly checking on the state of SMB connections. The pcap was created using the dperson/samba container image and mounting a share with Linux's CIFS filesystem, then copying the content of a directory with 100 files. The test uses a BPF filter to imitate mostly "half-duplex" traffic.
2025-10-09 01:58:20 +00:00 · 2023-04-25 17:19:14 +02:00 · 2023-04-25 17:19:14 +02:00 · 3ac877e20d
commit 3ac877e20d
parent 5caab1a667
8 changed files with 89 additions and 0 deletions
--- a/testing/btest/Baseline/scripts.base.protocols.smb.smb2-max-pending-messages/out
+++ b/testing/btest/Baseline/scripts.base.protocols.smb.smb2-max-pending-messages/out
@ -0,0 +1,25 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+smb2_discarded_messages_state before, tree, 20
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, tree, 20
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, tree, 20
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, tree, 20
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, tree, 20
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, read, 15
+smb2_discarded_messages_state after, read, 0
+smb2_discarded_messages_state before, tree, 5
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, tree, 20
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, tree, 20
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, read, 15
+smb2_discarded_messages_state after, read, 0
+smb2_discarded_messages_state before, tree, 5
+smb2_discarded_messages_state after, tree, 0
+smb2_discarded_messages_state before, tree, 20
+smb2_discarded_messages_state after, tree, 0
--- a/testing/btest/Baseline/scripts.base.protocols.smb.smb2-max-pending-messages/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.smb.smb2-max-pending-messages/weird.log
@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	34884	127.0.0.1	445	SMB_discarded_messages_state	state=tree fid_map=0 tid_map=2 pending_cmds=20 pipe_map=0	F	zeek	SMB2
+#close XXXX-XX-XX-XX-XX-XX