mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
fix smb1_com_transaction* messages
This commit is contained in:
Jeffrey Bencteux
parent
bbe89a79a4
commit
f7a8726ffc
4 changed files with 60 additions and 73 deletions
|
|
@ -2,6 +2,9 @@ refine connection SMB_Conn += {
|
||||||
|
|
||||||
function proc_smb1_transaction_secondary_request(header: SMB_Header, val: SMB1_transaction_secondary_request): bool
|
function proc_smb1_transaction_secondary_request(header: SMB_Header, val: SMB1_transaction_secondary_request): bool
|
||||||
%{
|
%{
|
||||||
|
if ( ! smb1_transaction_secondary_request )
|
||||||
|
return false;
|
||||||
|
|
||||||
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans_Sec_Args);
|
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans_Sec_Args);
|
||||||
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
|
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
|
||||||
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
|
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
|
||||||
|
|
@ -12,16 +15,11 @@ refine connection SMB_Conn += {
|
||||||
args->Assign(6, new Val(${val.data_offset}, TYPE_COUNT));
|
args->Assign(6, new Val(${val.data_offset}, TYPE_COUNT));
|
||||||
args->Assign(7, new Val(${val.data_displacement}, TYPE_COUNT));
|
args->Assign(7, new Val(${val.data_displacement}, TYPE_COUNT));
|
||||||
|
|
||||||
StringVal *parameters = new StringVal(${val.param_count}, (const char*)${val.parameters}.data());
|
StringVal *parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
|
||||||
StringVal *payload_str = nullptr;
|
StringVal *payload_str = nullptr;
|
||||||
SMB1_transaction_data *payload = nullptr;
|
SMB1_transaction_data *payload = nullptr;
|
||||||
|
|
||||||
if ( !parameters )
|
if ( ${val.data_count} > 0 )
|
||||||
{
|
|
||||||
parameters = new StringVal("");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ${val.data_count > 0} )
|
|
||||||
{
|
{
|
||||||
payload = ${val.data};
|
payload = ${val.data};
|
||||||
}
|
}
|
||||||
|
|
@ -47,15 +45,12 @@ refine connection SMB_Conn += {
|
||||||
payload_str = new StringVal("");
|
payload_str = new StringVal("");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( smb1_transaction_secondary_request )
|
|
||||||
{
|
|
||||||
BifEvent::generate_smb1_transaction_secondary_request(bro_analyzer(),
|
BifEvent::generate_smb1_transaction_secondary_request(bro_analyzer(),
|
||||||
bro_analyzer()->Conn(),
|
bro_analyzer()->Conn(),
|
||||||
BuildHeaderVal(header),
|
BuildHeaderVal(header),
|
||||||
args,
|
args,
|
||||||
parameters,
|
parameters,
|
||||||
payload_str);
|
payload_str);
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
%}
|
%}
|
||||||
|
|
|
||||||
|
|
@ -31,16 +31,14 @@ refine connection SMB_Conn += {
|
||||||
|
|
||||||
function proc_smb1_transaction_request(header: SMB_Header, val: SMB1_transaction_request): bool
|
function proc_smb1_transaction_request(header: SMB_Header, val: SMB1_transaction_request): bool
|
||||||
%{
|
%{
|
||||||
StringVal *parameters = new StringVal(${val.param_count}, (const char*)${val.parameters}.data());
|
if ( ! smb1_transaction_request )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
StringVal *parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
|
||||||
StringVal *payload_str = nullptr;
|
StringVal *payload_str = nullptr;
|
||||||
SMB1_transaction_data *payload = nullptr;
|
SMB1_transaction_data *payload = nullptr;
|
||||||
|
|
||||||
if ( !parameters )
|
if ( ${val.data_count} > 0 )
|
||||||
{
|
|
||||||
parameters = new StringVal("");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ${val.data_count > 0} )
|
|
||||||
{
|
{
|
||||||
payload = ${val.data};
|
payload = ${val.data};
|
||||||
}
|
}
|
||||||
|
|
@ -66,7 +64,6 @@ refine connection SMB_Conn += {
|
||||||
payload_str = new StringVal("");
|
payload_str = new StringVal("");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( smb1_transaction_request )
|
|
||||||
BifEvent::generate_smb1_transaction_request(bro_analyzer(),
|
BifEvent::generate_smb1_transaction_request(bro_analyzer(),
|
||||||
bro_analyzer()->Conn(),
|
bro_analyzer()->Conn(),
|
||||||
BuildHeaderVal(header),
|
BuildHeaderVal(header),
|
||||||
|
|
@ -80,16 +77,14 @@ refine connection SMB_Conn += {
|
||||||
|
|
||||||
function proc_smb1_transaction_response(header: SMB_Header, val: SMB1_transaction_response): bool
|
function proc_smb1_transaction_response(header: SMB_Header, val: SMB1_transaction_response): bool
|
||||||
%{
|
%{
|
||||||
StringVal *parameters = new StringVal(${val.param_count}, (const char*)${val.parameters}.data());
|
if ( !smb1_transaction_response )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
StringVal *parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
|
||||||
StringVal *payload_str = nullptr;
|
StringVal *payload_str = nullptr;
|
||||||
SMB1_transaction_data *payload = nullptr;
|
SMB1_transaction_data *payload = nullptr;
|
||||||
|
|
||||||
if ( !parameters )
|
if ( ${val.data_count} > 0 )
|
||||||
{
|
|
||||||
parameters = new StringVal("");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ${val.data_count > 0} )
|
|
||||||
{
|
{
|
||||||
payload = ${val.data[0]};
|
payload = ${val.data[0]};
|
||||||
}
|
}
|
||||||
|
|
@ -115,7 +110,6 @@ refine connection SMB_Conn += {
|
||||||
payload_str = new StringVal("");
|
payload_str = new StringVal("");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( smb1_transaction_response )
|
|
||||||
BifEvent::generate_smb1_transaction_response(bro_analyzer(),
|
BifEvent::generate_smb1_transaction_response(bro_analyzer(),
|
||||||
bro_analyzer()->Conn(),
|
bro_analyzer()->Conn(),
|
||||||
BuildHeaderVal(header),
|
BuildHeaderVal(header),
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,9 @@ refine connection SMB_Conn += {
|
||||||
|
|
||||||
function proc_smb1_transaction2_secondary_request(header: SMB_Header, val: SMB1_transaction2_secondary_request): bool
|
function proc_smb1_transaction2_secondary_request(header: SMB_Header, val: SMB1_transaction2_secondary_request): bool
|
||||||
%{
|
%{
|
||||||
|
if ( !smb1_transaction2_secondary_request )
|
||||||
|
return false;
|
||||||
|
|
||||||
RecordVal *args = new RecordVal(BifType::Record::SMB1::Trans2_Sec_Args);
|
RecordVal *args = new RecordVal(BifType::Record::SMB1::Trans2_Sec_Args);
|
||||||
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
|
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
|
||||||
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
|
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
|
||||||
|
|
@ -13,28 +16,20 @@ refine connection SMB_Conn += {
|
||||||
args->Assign(7, new Val(${val.data_displacement}, TYPE_COUNT));
|
args->Assign(7, new Val(${val.data_displacement}, TYPE_COUNT));
|
||||||
args->Assign(8, new Val(${val.FID}, TYPE_COUNT));
|
args->Assign(8, new Val(${val.FID}, TYPE_COUNT));
|
||||||
|
|
||||||
StringVal *parameters = new StringVal(${val.param_count}, (const char*)${val.parameters}.data());
|
StringVal *parameters = new StringVal(${val.parameters}.length(), (const char*)${val.parameters}.data());
|
||||||
StringVal *payload = new StringVal(${val.data_count}, (const char*)${val.data}.data());
|
StringVal *payload = new StringVal(${val.data}.length(), (const char*)${val.data}.data());
|
||||||
|
|
||||||
if ( !parameters )
|
|
||||||
{
|
|
||||||
parameters = new StringVal("");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( !payload )
|
if ( !payload )
|
||||||
{
|
{
|
||||||
payload = new StringVal("");
|
payload = new StringVal("");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( smb1_transaction2_secondary_request )
|
|
||||||
{
|
|
||||||
BifEvent::generate_smb1_transaction2_secondary_request(bro_analyzer(),
|
BifEvent::generate_smb1_transaction2_secondary_request(bro_analyzer(),
|
||||||
bro_analyzer()->Conn(),
|
bro_analyzer()->Conn(),
|
||||||
BuildHeaderVal(header),
|
BuildHeaderVal(header),
|
||||||
args,
|
args,
|
||||||
parameters,
|
parameters,
|
||||||
payload);
|
payload);
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
%}
|
%}
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,8 @@ refine connection SMB_Conn += {
|
||||||
|
|
||||||
function proc_smb1_transaction2_request(header: SMB_Header, val: SMB1_transaction2_request): bool
|
function proc_smb1_transaction2_request(header: SMB_Header, val: SMB1_transaction2_request): bool
|
||||||
%{
|
%{
|
||||||
|
if ( smb1_transaction2_request )
|
||||||
|
{
|
||||||
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans2_Args);
|
RecordVal* args = new RecordVal(BifType::Record::SMB1::Trans2_Args);
|
||||||
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
|
args->Assign(0, new Val(${val.total_param_count}, TYPE_COUNT));
|
||||||
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
|
args->Assign(1, new Val(${val.total_data_count}, TYPE_COUNT));
|
||||||
|
|
@ -35,8 +37,9 @@ refine connection SMB_Conn += {
|
||||||
args->Assign(9, new Val(${val.data_count}, TYPE_COUNT));
|
args->Assign(9, new Val(${val.data_count}, TYPE_COUNT));
|
||||||
args->Assign(10, new Val(${val.data_offset}, TYPE_COUNT));
|
args->Assign(10, new Val(${val.data_offset}, TYPE_COUNT));
|
||||||
args->Assign(11, new Val(${val.setup_count}, TYPE_COUNT));
|
args->Assign(11, new Val(${val.setup_count}, TYPE_COUNT));
|
||||||
if ( smb1_transaction2_request )
|
|
||||||
BifEvent::generate_smb1_transaction2_request(bro_analyzer(), bro_analyzer()->Conn(), BuildHeaderVal(header), args, ${val.sub_cmd});
|
BifEvent::generate_smb1_transaction2_request(bro_analyzer(), bro_analyzer()->Conn(), BuildHeaderVal(header), args, ${val.sub_cmd});
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
%}
|
%}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue