suricata
app-layer-smb2.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Kirby Kuehl <kkuehl@gmail.com>
22  *
23  * SMBv2 parser/decoder
24  */
25 
26 #include "suricata-common.h"
27 
28 #include "debug.h"
29 #include "decode.h"
30 #include "threads.h"
31 
32 #include "util-print.h"
33 #include "util-pool.h"
34 
35 #include "stream-tcp-private.h"
36 #include "stream-tcp-reassemble.h"
37 #include "stream-tcp.h"
38 #include "stream.h"
39 
40 #include "app-layer.h"
41 #include "app-layer-protos.h"
42 #include "app-layer-parser.h"
43 
44 #include "util-spm.h"
45 #include "util-unittest.h"
46 #include "util-debug.h"
47 #include "util-memcmp.h"
48 
49 #include "app-layer-smb2.h"
50 
51 enum {
55 
56  /* must be last */
58 };
59 
60 static uint32_t NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
61  uint8_t *input, uint32_t input_len)
62 {
63  SCEnter();
64  SMB2State *sstate = (SMB2State *) smb2_state;
65  uint8_t *p = input;
66 
67  if (input_len && sstate->bytesprocessed < NBSS_HDR_LEN - 1) {
68  switch (sstate->bytesprocessed) {
69  case 0:
70  /* Initialize */
71  if (input_len >= NBSS_HDR_LEN) {
72  sstate->nbss.type = *p;
73  sstate->nbss.length = (*(p + 1) & 0x01) << 16;
74  sstate->nbss.length |= *(p + 2) << 8;
75  sstate->nbss.length |= *(p + 3);
76  sstate->bytesprocessed += NBSS_HDR_LEN;
77  SCReturnUInt(4U);
78  } else {
79  sstate->nbss.type = *(p++);
80  if (!(--input_len))
81  break;
82  }
83  /* fall through */
84  case 1:
85  sstate->nbss.length = (*(p++) & 0x01) << 16;
86  if (!(--input_len))
87  break;
88  /* fall through */
89  case 2:
90  sstate->nbss.length |= *(p++) << 8;
91  if (!(--input_len))
92  break;
93  /* fall through */
94  case 3:
95  sstate->nbss.length |= *(p++);
96  --input_len;
97  break;
98  }
99  sstate->bytesprocessed += (p - input);
100  }
101  SCReturnUInt((uint32_t)(p - input));
102 }
103 
104 static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
105  uint8_t *input, uint32_t input_len)
106 {
107  SCEnter();
108 
109  SMB2State *sstate = (SMB2State *) smb2_state;
110  uint8_t *p = input;
111 
112  if (input_len) {
113  switch (sstate->bytesprocessed) {
114  case 4:
115  // fallthrough
116  /* above statement to prevent coverity FPs from the switch
117  * fall through */
118  if (input_len >= SMB2_HDR_LEN) {
119  if (SCMemcmp(p, "\xfe\x53\x4d\x42", 4) != 0) {
120  //printf("SMB2 Header did not validate\n");
121  return 0;
122  }
123  sstate->smb2.StructureSize = *(p + 4);
124  sstate->smb2.StructureSize |= *(p + 5) << 8;
125  sstate->smb2.CreditCharge = *(p + 6);
126  sstate->smb2.CreditCharge |= *(p + 7) << 8;
127  sstate->smb2.Status = *(p + 8);
128  sstate->smb2.Status |= *(p + 9) << 8;
129  sstate->smb2.Status |= *(p + 10) << 16;
130  sstate->smb2.Status |= *(p + 11) << 24;
131  sstate->smb2.Command = *(p + 12);
132  sstate->smb2.Command |= *(p + 13) << 8;
133  sstate->smb2.CreditRequestResponse = *(p + 14);
134  sstate->smb2.CreditRequestResponse |= *(p + 15) << 8;
135  sstate->smb2.Flags = *(p + 16);
136  sstate->smb2.Flags |= *(p + 17) << 8;
137  sstate->smb2.Flags |= *(p + 18) << 16;
138  sstate->smb2.Flags |= *(p + 19) << 24;
139  sstate->smb2.NextCommand = *(p + 20);
140  sstate->smb2.NextCommand |= *(p + 21) << 8;
141  sstate->smb2.NextCommand |= *(p + 22) << 16;
142  sstate->smb2.NextCommand |= *(p + 23) << 24;
143  sstate->smb2.MessageId = *(p + 24);
144  sstate->smb2.MessageId |= *(p + 25) << 8;
145  sstate->smb2.MessageId |= *(p + 26) << 16;
146  sstate->smb2.MessageId |= (uint64_t) *(p + 27) << 24;
147  sstate->smb2.MessageId |= (uint64_t) *(p + 28) << 32;
148  sstate->smb2.MessageId |= (uint64_t) *(p + 29) << 40;
149  sstate->smb2.MessageId |= (uint64_t) *(p + 30) << 48;
150  sstate->smb2.MessageId |= (uint64_t) *(p + 31) << 56;
151  sstate->smb2.ProcessId = *(p + 32);
152  sstate->smb2.ProcessId |= *(p + 33) << 8;
153  sstate->smb2.ProcessId |= *(p + 34) << 16;
154  sstate->smb2.ProcessId |= *(p + 35) << 24;
155  sstate->smb2.TreeId = *(p + 36);
156  sstate->smb2.TreeId |= *(p + 37) << 8;
157  sstate->smb2.TreeId |= *(p + 38) << 16;
158  sstate->smb2.TreeId |= *(p + 39) << 24;
159  sstate->smb2.SessionId = *(p + 40);
160  sstate->smb2.SessionId |= *(p + 41) << 8;
161  sstate->smb2.SessionId |= *(p + 42) << 16;
162  sstate->smb2.SessionId |= (uint64_t) *(p + 43) << 24;
163  sstate->smb2.SessionId |= (uint64_t) *(p + 44) << 32;
164  sstate->smb2.SessionId |= (uint64_t) *(p + 45) << 40;
165  sstate->smb2.SessionId |= (uint64_t) *(p + 46) << 48;
166  sstate->smb2.SessionId |= (uint64_t) *(p + 47) << 56;
167  sstate->smb2.Signature[0] = *(p + 48);
168  sstate->smb2.Signature[1] = *(p + 49);
169  sstate->smb2.Signature[2] = *(p + 50);
170  sstate->smb2.Signature[3] = *(p + 51);
171  sstate->smb2.Signature[4] = *(p + 52);
172  sstate->smb2.Signature[5] = *(p + 53);
173  sstate->smb2.Signature[6] = *(p + 54);
174  sstate->smb2.Signature[7] = *(p + 55);
175  sstate->smb2.Signature[8] = *(p + 56);
176  sstate->smb2.Signature[9] = *(p + 57);
177  sstate->smb2.Signature[10] = *(p + 58);
178  sstate->smb2.Signature[11] = *(p + 59);
179  sstate->smb2.Signature[12] = *(p + 60);
180  sstate->smb2.Signature[13] = *(p + 61);
181  sstate->smb2.Signature[14] = *(p + 62);
182  sstate->smb2.Signature[15] = *(p + 63);
183  sstate->bytesprocessed += SMB2_HDR_LEN;
184  SCReturnUInt(64U);
185  break;
186  } else {
187  //sstate->smb2.protocol[0] = *(p++);
188  if (*(p++) != 0xfe)
189  return 0;
190  if (!(--input_len))
191  break;
192  /* We fall through to the next case if we still have input.
193  * Same applies for other cases as well */
194  }
195  /* fall through */
196  case 5:
197  //sstate->smb2.protocol[1] = *(p++);
198  if (*(p++) != 'S')
199  return 0;
200  if (!(--input_len))
201  break;
202  /* fall through */
203  case 6:
204  //sstate->smb2.protocol[2] = *(p++);
205  if (*(p++) != 'M')
206  return 0;
207  if (!(--input_len))
208  break;
209  /* fall through */
210  case 7:
211  //sstate->smb2.protocol[3] = *(p++);
212  if (*(p++) != 'B')
213  return 0;
214  if (!(--input_len))
215  break;
216  /* fall through */
217  case 8:
218  sstate->smb2.StructureSize = *(p++);
219  if (!(--input_len))
220  break;
221  /* fall through */
222  case 9:
223  sstate->smb2.StructureSize |= *(p++) << 8;
224  if (!(--input_len))
225  break;
226  /* fall through */
227  case 10:
228  sstate->smb2.CreditCharge = *(p++);
229  if (!(--input_len))
230  break;
231  /* fall through */
232  case 11:
233  sstate->smb2.CreditCharge |= *(p++) << 8;
234  if (!(--input_len))
235  break;
236  /* fall through */
237  case 12:
238  sstate->smb2.Status = *(p++);
239  if (!(--input_len))
240  break;
241  /* fall through */
242  case 13:
243  sstate->smb2.Status |= *(p++) << 8;
244  if (!(--input_len))
245  break;
246  /* fall through */
247  case 14:
248  sstate->smb2.Status |= *(p++) << 16;
249  if (!(--input_len))
250  break;
251  /* fall through */
252  case 15:
253  sstate->smb2.Status |= *(p++) << 24;
254  if (!(--input_len))
255  break;
256  /* fall through */
257  case 16:
258  sstate->smb2.Command = *(p++);
259  if (!(--input_len))
260  break;
261  /* fall through */
262  case 17:
263  sstate->smb2.Command |= *(p++) << 8;
264  if (!(--input_len))
265  break;
266  /* fall through */
267  case 18:
268  sstate->smb2.CreditRequestResponse = *(p++);
269  if (!(--input_len))
270  break;
271  /* fall through */
272  case 19:
273  sstate->smb2.CreditRequestResponse |= *(p++) << 8;
274  if (!(--input_len))
275  break;
276  /* fall through */
277  case 20:
278  sstate->smb2.Flags = *(p++);
279  if (!(--input_len))
280  break;
281  /* fall through */
282  case 21:
283  sstate->smb2.Flags |= *(p++) << 8;
284  if (!(--input_len))
285  break;
286  /* fall through */
287  case 22:
288  sstate->smb2.Flags |= *(p++) << 16;
289  if (!(--input_len))
290  break;
291  /* fall through */
292  case 23:
293  sstate->smb2.Flags |= *(p++) << 24;
294  if (!(--input_len))
295  break;
296  /* fall through */
297  case 24:
298  sstate->smb2.NextCommand = *(p++);
299  if (!(--input_len))
300  break;
301  /* fall through */
302  case 25:
303  sstate->smb2.NextCommand |= *(p++) << 8;
304  if (!(--input_len))
305  break;
306  /* fall through */
307  case 26:
308  sstate->smb2.NextCommand |= *(p++) << 16;
309  if (!(--input_len))
310  break;
311  /* fall through */
312  case 27:
313  sstate->smb2.NextCommand |= *(p++) << 24;
314  if (!(--input_len))
315  break;
316  /* fall through */
317  case 28:
318  sstate->smb2.MessageId = *(p++);
319  if (!(--input_len))
320  break;
321  /* fall through */
322  case 29:
323  sstate->smb2.MessageId = *(p++) << 8;
324  if (!(--input_len))
325  break;
326  /* fall through */
327  case 30:
328  sstate->smb2.MessageId = *(p++) << 16;
329  if (!(--input_len))
330  break;
331  /* fall through */
332  case 31:
333  sstate->smb2.MessageId = (uint64_t) *(p++) << 24;
334  if (!(--input_len))
335  break;
336  /* fall through */
337  case 32:
338  sstate->smb2.MessageId = (uint64_t) *(p++) << 32;
339  if (!(--input_len))
340  break;
341  /* fall through */
342  case 33:
343  sstate->smb2.MessageId = (uint64_t) *(p++) << 40;
344  if (!(--input_len))
345  break;
346  /* fall through */
347  case 34:
348  sstate->smb2.MessageId = (uint64_t) *(p++) << 48;
349  if (!(--input_len))
350  break;
351  /* fall through */
352  case 35:
353  sstate->smb2.MessageId = (uint64_t) *(p++) << 56;
354  if (!(--input_len))
355  break;
356  /* fall through */
357  case 36:
358  sstate->smb2.ProcessId = *(p++);
359  if (!(--input_len))
360  break;
361  /* fall through */
362  case 37:
363  sstate->smb2.ProcessId |= *(p++) << 8;
364  if (!(--input_len))
365  break;
366  /* fall through */
367  case 38:
368  sstate->smb2.ProcessId |= *(p++) << 16;
369  if (!(--input_len))
370  break;
371  /* fall through */
372  case 39:
373  sstate->smb2.ProcessId |= *(p++) << 24;
374  if (!(--input_len))
375  break;
376  /* fall through */
377  case 40:
378  sstate->smb2.TreeId = *(p++);
379  if (!(--input_len))
380  break;
381  /* fall through */
382  case 41:
383  sstate->smb2.TreeId |= *(p++) << 8;
384  if (!(--input_len))
385  break;
386  /* fall through */
387  case 42:
388  sstate->smb2.TreeId |= *(p++) << 16;
389  if (!(--input_len))
390  break;
391  /* fall through */
392  case 43:
393  sstate->smb2.TreeId |= *(p++) << 24;
394  if (!(--input_len))
395  break;
396  /* fall through */
397  case 44:
398  sstate->smb2.SessionId = *(p++);
399  if (!(--input_len))
400  break;
401  /* fall through */
402  case 45:
403  sstate->smb2.SessionId |= *(p++) << 8;
404  if (!(--input_len))
405  break;
406  /* fall through */
407  case 46:
408  sstate->smb2.SessionId |= *(p++) << 16;
409  if (!(--input_len))
410  break;
411  /* fall through */
412  case 47:
413  sstate->smb2.SessionId |= (uint64_t) *(p++) << 24;
414  if (!(--input_len))
415  break;
416  /* fall through */
417  case 48:
418  sstate->smb2.SessionId |= (uint64_t) *(p++) << 32;
419  if (!(--input_len))
420  break;
421  /* fall through */
422  case 49:
423  sstate->smb2.SessionId |= (uint64_t) *(p++) << 40;
424  if (!(--input_len))
425  break;
426  /* fall through */
427  case 50:
428  sstate->smb2.SessionId |= (uint64_t) *(p++) << 48;
429  if (!(--input_len))
430  break;
431  /* fall through */
432  case 51:
433  sstate->smb2.SessionId |= (uint64_t) *(p++) << 56;
434  if (!(--input_len))
435  break;
436  /* fall through */
437  case 52:
438  sstate->smb2.Signature[0] = *(p++);
439  if (!(--input_len))
440  break;
441  /* fall through */
442  case 53:
443  sstate->smb2.Signature[1] = *(p++);
444  if (!(--input_len))
445  break;
446  /* fall through */
447  case 54:
448  sstate->smb2.Signature[2] = *(p++);
449  if (!(--input_len))
450  break;
451  /* fall through */
452  case 55:
453  sstate->smb2.Signature[3] = *(p++);
454  if (!(--input_len))
455  break;
456  /* fall through */
457  case 56:
458  sstate->smb2.Signature[4] = *(p++);
459  if (!(--input_len))
460  break;
461  /* fall through */
462  case 57:
463  sstate->smb2.Signature[5] = *(p++);
464  if (!(--input_len))
465  break;
466  /* fall through */
467  case 58:
468  sstate->smb2.Signature[6] = *(p++);
469  if (!(--input_len))
470  break;
471  /* fall through */
472  case 59:
473  sstate->smb2.Signature[7] = *(p++);
474  if (!(--input_len))
475  break;
476  /* fall through */
477  case 60:
478  sstate->smb2.Signature[8] = *(p++);
479  if (!(--input_len))
480  break;
481  /* fall through */
482  case 61:
483  sstate->smb2.Signature[9] = *(p++);
484  if (!(--input_len))
485  break;
486  /* fall through */
487  case 62:
488  sstate->smb2.Signature[10] = *(p++);
489  if (!(--input_len))
490  break;
491  /* fall through */
492  case 63:
493  sstate->smb2.Signature[11] = *(p++);
494  if (!(--input_len))
495  break;
496  /* fall through */
497  case 64:
498  sstate->smb2.Signature[12] = *(p++);
499  if (!(--input_len))
500  break;
501  /* fall through */
502  case 65:
503  sstate->smb2.Signature[13] = *(p++);
504  if (!(--input_len))
505  break;
506  /* fall through */
507  case 66:
508  sstate->smb2.Signature[14] = *(p++);
509  if (!(--input_len))
510  break;
511  /* fall through */
512  case 67:
513  sstate->smb2.Signature[15] = *(p++);
514  --input_len;
515  break;
516  /* fall through */
517  }
518  }
519  sstate->bytesprocessed += (p - input);
520  SCReturnUInt((uint32_t)(p - input));
521 }
522 
523 static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate,
524  uint8_t *input, uint32_t input_len,
525  void *local_data, const uint8_t flags)
526 {
527  SCEnter();
528  SMB2State *sstate = (SMB2State *) smb2_state;
529  uint32_t retval = 0;
530  uint32_t parsed = 0;
531 
532  if (pstate == NULL)
533  return -1;
534 
535  if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) {
536  SCReturnInt(1);
537  } else if (input == NULL || input_len == 0) {
538  SCReturnInt(-1);
539  }
540 
541  while (sstate->bytesprocessed < NBSS_HDR_LEN && input_len) {
542  retval = NBSSParseHeader(smb2_state, pstate, input, input_len);
543  if (retval <= input_len) {
544  parsed += retval;
545  input_len -= retval;
546  } else {
547  return -1;
548  }
549 
550  SCLogDebug("NBSS Header (%u/%u) Type 0x%02x Length 0x%04x parsed %u input_len %u",
551  sstate->bytesprocessed, NBSS_HDR_LEN, sstate->nbss.type,
552  sstate->nbss.length, parsed, input_len);
553  }
554 
555  switch(sstate->nbss.type) {
557  while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN &&
559  retval = SMB2ParseHeader(smb2_state, pstate, input + parsed, input_len);
560  if (retval <= input_len) {
561  parsed += retval;
562  input_len -= retval;
563  } else {
564  return -1;
565  }
566 
567  SCLogDebug("SMB2 Header (%u/%u) Command 0x%04x parsed %u input_len %u",
569  sstate->smb2.Command, parsed, input_len);
570  }
571  break;
572  default:
573  break;
574  }
575  SCReturnInt(1);
576 }
577 
578 
579 static void *SMB2StateAlloc(void)
580 {
581  void *s = SCMalloc(sizeof(SMB2State));
582  if (unlikely(s == NULL))
583  return NULL;
584 
585  memset(s, 0, sizeof(SMB2State));
586  return s;
587 }
588 
589 static void SMB2StateFree(void *s)
590 {
591  if (s) {
592  SCFree(s);
593  s = NULL;
594  }
595 }
596 
598 {
599  /** SMB2 */
600  const char *proto_name = "smb2";
601 
602  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
605  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree);
606  } else {
607  SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
608  "still on.", proto_name);
609  }
610 
611 #ifdef UNITTESTS
613 #endif
614  return;
615 }
616 
617 /* UNITTESTS */
618 #ifdef UNITTESTS
619 
620 static int SMB2ParserTest01(void)
621 {
622  int result = 1;
623  Flow f;
624  uint8_t smb2buf[] =
625  "\x00\x00\x00\x66" // NBSS
626  "\xfe\x53\x4d\x42\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00" // SMB2
627  "\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
628  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
629  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
630  "\x24\x00\x01\x00x00\x00\x00\x00\x00\x00\x0\x00\x00\x00\x00\x00\x00\x00\x00"
631  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x02";
632 
633  uint32_t smb2len = sizeof(smb2buf) - 1;
634  TcpSession ssn;
636 
637  memset(&f, 0, sizeof(f));
638  memset(&ssn, 0, sizeof(ssn));
639  f.protoctx = (void *)&ssn;
640 
642 
643  FLOWLOCK_WRLOCK(&f);
644  int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMB2,
645  STREAM_TOSERVER | STREAM_EOF, smb2buf,
646  smb2len);
647  if (r != 0) {
648  printf("smb2 header check returned %" PRId32 ", expected 0: ", r);
649  result = 0;
650  FLOWLOCK_UNLOCK(&f);
651  goto end;
652  }
653  FLOWLOCK_UNLOCK(&f);
654 
655  SMB2State *smb2_state = f.alstate;
656  if (smb2_state == NULL) {
657  printf("no smb2 state: ");
658  result = 0;
659  goto end;
660  }
661 
662  if (smb2_state->nbss.type != NBSS_SESSION_MESSAGE) {
663  printf("expected nbss type 0x%02x , got 0x%02x : ", NBSS_SESSION_MESSAGE, smb2_state->nbss.type);
664  result = 0;
665  goto end;
666  }
667 
668  if (smb2_state->nbss.length != 102) {
669  printf("expected nbss length 0x%02x , got 0x%02x : ", 102, smb2_state->nbss.length);
670  result = 0;
671  goto end;
672  }
673 
674  if (smb2_state->smb2.Command != SMB2_NEGOTIATE) {
675  printf("expected SMB2 command 0x%04x , got 0x%04x : ", SMB2_NEGOTIATE, smb2_state->smb2.Command);
676  result = 0;
677  goto end;
678  }
679 
680 end:
681  if (alp_tctx != NULL)
682  AppLayerParserThreadCtxFree(alp_tctx);
684  return result;
685 }
686 
688 {
689  UtRegisterTest("SMB2ParserTest01", SMB2ParserTest01);
690 }
691 #endif
692 
uint8_t type
uint32_t NextCommand
uint32_t TreeId
uint16_t flags
#define SCMemcmp(a, b, c)
Definition: util-memcmp.h:490
uint32_t Flags
#define SCLogDebug(...)
Definition: util-debug.h:335
uint32_t Status
uint16_t CreditRequestResponse
#define NBSS_SESSION_MESSAGE
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:235
#define unlikely(expr)
Definition: util-optimize.h:35
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define SCReturnUInt(x)
Definition: util-debug.h:343
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:669
uint64_t MessageId
uint16_t CreditCharge
#define FLOWLOCK_WRLOCK(fb)
Definition: flow.h:232
#define TRUE
void * protoctx
Definition: flow.h:398
void * alstate
Definition: flow.h:436
uint8_t Signature[16]
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
void RegisterSMB2Parsers(void)
#define SMB2_NEGOTIATE
uint16_t Command
#define STREAM_EOF
Definition: stream.h:30
#define SMB2_HDR_LEN
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCEnter(...)
Definition: util-debug.h:337
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
#define STREAM_TOCLIENT
Definition: stream.h:32
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol&#39;s parser thread context.
uint32_t length
#define SCReturnInt(x)
Definition: util-debug.h:341
void SMB2ParserRegisterTests(void)
NBSSHdr nbss
#define SCMalloc(a)
Definition: util-mem.h:174
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
#define SCFree(a)
Definition: util-mem.h:236
SMB2Hdr smb2
uint32_t ProcessId
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))
#define NBSS_HDR_LEN
#define STREAM_TOSERVER
Definition: stream.h:31
#define APP_LAYER_PARSER_EOF
uint16_t bytesprocessed
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void(*StateFree)(void *))
uint64_t SessionId
uint16_t StructureSize
Flow data structure.
Definition: flow.h:327
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, uint8_t *input, uint32_t input_len)