Merge remote-tracking branch 'origin/topic/timw/smb2-ioctl-errors'

* origin/topic/timw/smb2-ioctl-errors: Update 7.0 NEWS with blurb about multi-PDU parsing causing increased load [nomail] [skip ci] Fix handling of zero-length SMB2 error responses (cherry picked from commit bd208f4c54)
2025-10-10 02:28:21 +00:00 · 2024-07-24 13:25:52 -07:00 · 2024-07-24 13:25:52 -07:00 · a4b746e5e8
commit a4b746e5e8
parent 746ae4d2cc
5 changed files with 32 additions and 2 deletions
--- a/testing/btest/scripts/base/protocols/smb/smb2-zero-byte-error-ioctl.test
+++ b/testing/btest/scripts/base/protocols/smb/smb2-zero-byte-error-ioctl.test
@ -0,0 +1,16 @@
+# @TEST-DOC: Tests handling of PDUs containing error ioctls with byte lengths of zero
+# @TEST-EXEC: zeek -b -r $TRACES/smb/smb2-zero-byte-error-ioctl.pcap %INPUT 2>&1 >out
+# @TEST-EXEC: ! test -f analyzer.log
+# @TEST-EXEC: btest-diff out
+
+@load base/protocols/smb
+
+event smb2_close_request(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID)
+{
+    print "smb2_close_request", hdr;
+}
+
+event smb2_close_response(c: connection, hdr: SMB2::Header, response: SMB2::CloseResponse)
+{
+    print "smb2_close_response", hdr, response;
+}