Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/src/analyzer/protocol/smb/smb2-com-transform-header.pac

33 lines
1,015 B
JavaScript
Raw Blame History

refine connection SMB_Conn += {
function proc_smb2_transform_header(hdr: SMB2_transform_header) : bool
%{
if ( smb2_transform_header )
{
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Transform_header);
r->Assign(0, to_stringval(${hdr.signature}));
r->Assign(1, to_stringval(${hdr.nonce}));
r->Assign(2, ${hdr.orig_msg_size});
r->Assign(3, ${hdr.flags});
r->Assign(4, ${hdr.session_id});
zeek::BifEvent::enqueue_smb2_transform_header(zeek_analyzer(),
zeek_analyzer()->Conn(),
std::move(r));
}
return true;
%}
};
type SMB2_transform_header = record {
signature : bytestring &length = 16;
nonce : bytestring &length = 16;
orig_msg_size : uint32;
reserved : uint16;
flags : uint16;
session_id : uint64;
} &let {
proc: bool = $context.connection.proc_smb2_transform_header(this);
} &byteorder = littleendian;
Reference in a new issue View git blame Copy permalink