Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Does the initial effort to add the SMB2 SetInfo command and better handle file lengths.

Browse source
This commit is contained in:
Seth Hall 2014-09-27 03:11:01 -04:00
parent 6ee2ec666f
commit e4ca588127
11 changed files with 83 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/protocols/smb/files.bro
View file

@ -57,6 +57,9 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
{
c$smb$current_file$fuid = f$id;
if ( c$smb$current_file$size > 0 )
f$total_bytes = c$smb$current_file$size;
if ( c$smb$current_file?$name )
f$info$filename = c$smb$current_file$name;
}

7
scripts/base/protocols/smb/smb1-main.bro
View file

@ -127,10 +127,13 @@ event smb1_nt_create_andx_response(c: connection, hdr: SMB1::Header, file_id: co
# We can identify the file by its file id now so let's stick it
# in the file map.
c$smb$fid_map[file_id] = c$smb$current_file;
SMB::write_file_log(c$smb$current_file);
}
event smb1_nt_create_andx_response(c: connection, hdr: SMB1::Header, file_id: count, file_size: count, times: SMB::MACTimes) &priority=-5
{
SMB::write_file_log(c$smb$current_file);
}
event smb1_read_andx_request(c: connection, hdr: SMB1::Header, file_id: count, offset: count, length: count) &priority=5
{
SMB::set_current_file(c$smb, file_id);

8
scripts/base/protocols/smb/smb2-main.bro
View file

@ -131,10 +131,18 @@ event smb2_create_response(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID
# We can identify the file by its file id now so let's stick it
# in the file map.
c$smb$fid_map[file_id$persistent+file_id$volatile] = c$smb$current_file;
}
event smb2_create_response(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, file_size: count, times: SMB::MACTimes, attrs: SMB2::FileAttrs) &priority=-5
{
SMB::write_file_log(c$smb$current_file);
}
event smb2_set_info_request(c: connection, hdr: SMB2::Header, request: SMB2::SetInfoRequest) &priority=5
{
c$smb$current_file$size = request$eof;
}
event smb2_read_request(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, offset: count, length: count) &priority=5
{
SMB::set_current_file(c$smb, file_id$persistent+file_id$volatile);