diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:49 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:49 +0000 |
commit | a0aa2307322cd47bbf416810ac0292925e03be87 (patch) | |
tree | 37076262a026c4b48c8a0e84f44ff9187556ca35 /rust/src/smb/events.rs | |
parent | Initial commit. (diff) | |
download | suricata-a0aa2307322cd47bbf416810ac0292925e03be87.tar.xz suricata-a0aa2307322cd47bbf416810ac0292925e03be87.zip |
Adding upstream version 1:7.0.3.upstream/1%7.0.3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'rust/src/smb/events.rs')
-rw-r--r-- | rust/src/smb/events.rs | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/rust/src/smb/events.rs b/rust/src/smb/events.rs new file mode 100644 index 0000000..ec79354 --- /dev/null +++ b/rust/src/smb/events.rs @@ -0,0 +1,80 @@ +/* Copyright (C) 2018 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +use crate::smb::smb::*; + +#[derive(AppLayerEvent)] +pub enum SMBEvent { + InternalError, + MalformedData, + RecordOverflow, + MalformedNtlmsspRequest, + MalformedNtlmsspResponse, + DuplicateNegotiate, + NegotiateMalformedDialects, + FileOverlap, + /// A request was seen in the to client direction. + RequestToClient, + /// A response was seen in the to server direction, + ResponseToServer, + + /// Negotiated max sizes exceed our limit + NegotiateMaxReadSizeTooLarge, + NegotiateMaxWriteSizeTooLarge, + + /// READ request asking for more than `max_read_size` + ReadRequestTooLarge, + /// READ response bigger than `max_read_size` + ReadResponseTooLarge, + ReadQueueSizeExceeded, + ReadQueueCntExceeded, + /// WRITE request for more than `max_write_size` + WriteRequestTooLarge, + WriteQueueSizeExceeded, + WriteQueueCntExceeded, + /// Unusual NTLMSSP fields order + UnusualNtlmsspOrder, + /// Too many live transactions in one flow + TooManyTransactions, +} + +impl SMBTransaction { + /// Set event. + pub fn set_event(&mut self, e: SMBEvent) { + self.tx_data.set_event(e as u8); + } + + /// Set events from vector of events. + pub fn set_events(&mut self, events: Vec<SMBEvent>) { + for e in events { + self.tx_data.set_event(e as u8); + } + } +} + +impl SMBState { + /// Set an event. The event is set on the most recent transaction. + pub fn set_event(&mut self, event: SMBEvent) { + let len = self.transactions.len(); + if len == 0 { + return; + } + + let tx = &mut self.transactions[len - 1]; + tx.set_event(event); + } +} |