Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add support for transaction2 Find_First2.

Browse source
This commit is contained in:
Vlad Grigorescu 2014-10-08 16:29:51 -04:00
parent 261f6e8c45
commit f38a580c8c
3 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/init-bare.bro
View file

@ -2628,7 +2628,7 @@ export {
type SMB1::Find_First2_Request_Args: record { type SMB1::Find_First2_Request_Args: record {
## File attributes to apply as a constraint to the search ## File attributes to apply as a constraint to the search
search_attrs : string; search_attrs : count;
## Max search results ## Max search results
search_count : count; search_count : count;
## Misc. flags for how the server should manage the transaction ## Misc. flags for how the server should manage the transaction

5
scripts/base/protocols/smb/smb1-main.bro
View file

@ -222,6 +222,11 @@ event smb1_trans2_query_path_info_request(c: connection, hdr: SMB1::Header, file
{ {
c$smb_state$current_cmd$argument = file_name; c$smb_state$current_cmd$argument = file_name;
} }
event smb1_trans2_find_first2_request(c: connection, hdr: SMB1::Header, args: SMB1::Find_First2_Request_Args)
{
c$smb_state$current_cmd$argument = args$file_name;
}
event smb1_session_setup_andx_response(c: connection, hdr: SMB1::Header, response: SMB1::SessionSetupAndXResponse) &priority=-5 event smb1_session_setup_andx_response(c: connection, hdr: SMB1::Header, response: SMB1::SessionSetupAndXResponse) &priority=-5
{ {

15
src/analyzer/protocol/smb/smb1-com-transaction2.pac
View file

@ -109,8 +109,19 @@ refine connection SMB_Conn += {
function proc_trans2_find_first2_request(header: SMB_Header, val: trans2_find_first2_request): bool function proc_trans2_find_first2_request(header: SMB_Header, val: trans2_find_first2_request): bool
%{ %{
// TODO: implement this. if ( smb1_trans2_find_first2_request )
//printf("trans2_find_first2 request!\n"); {
RecordVal* result = new RecordVal(BifType::Record::SMB1::Find_First2_Request_Args);
result->Assign(0, new Val(${val.search_attrs}, TYPE_COUNT));
result->Assign(1, new Val(${val.search_count}, TYPE_COUNT));
result->Assign(2, new Val(${val.flags}, TYPE_COUNT));
result->Assign(3, new Val(${val.info_level}, TYPE_COUNT));
result->Assign(4, new Val(${val.search_storage_type}, TYPE_COUNT));
result->Assign(5, smb_string2stringval(${val.file_name}));
BifEvent::generate_smb1_trans2_find_first2_request(bro_analyzer(), bro_analyzer()->Conn(), \
BuildHeaderVal(header), result);
}
return true; return true;
%} %}