Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Does the initial effort to add the SMB2 SetInfo command and better handle file lengths.

Browse source
This commit is contained in:
Seth Hall 2014-09-27 03:11:01 -04:00
parent 6ee2ec666f
commit e4ca588127
11 changed files with 83 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/base/protocols/smb/smb2-main.bro
View file

@ -131,10 +131,18 @@ event smb2_create_response(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID
# We can identify the file by its file id now so let's stick it
# in the file map.
c$smb$fid_map[file_id$persistent+file_id$volatile] = c$smb$current_file;
}
event smb2_create_response(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, file_size: count, times: SMB::MACTimes, attrs: SMB2::FileAttrs) &priority=-5
{
SMB::write_file_log(c$smb$current_file);
}
event smb2_set_info_request(c: connection, hdr: SMB2::Header, request: SMB2::SetInfoRequest) &priority=5
{
c$smb$current_file$size = request$eof;
}
event smb2_read_request(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, offset: count, length: count) &priority=5
{
SMB::set_current_file(c$smb, file_id$persistent+file_id$volatile);