in src/analysis/cifs_parser.cpp [86:122]
void CIFSParser::parse_packet(const CIFSv2::MessageHeader* header, utils::FilteredDataQueue::Ptr&& ptr)
{
using namespace NST::API::SMBv2;
using namespace NST::protocols::CIFSv2;
if(header->isFlag(Flags::SERVER_TO_REDIR))
{
// It is response
if(Session* session = sessions.get_session(ptr->session, ptr->direction, MsgType::REPLY))
{
FilteredDataQueue::Ptr&& requestData = session->get_call_data(header->messageId);
if(requestData)
{
if(const MessageHeader* request = get_header(requestData->data))
{
return analyse_operation(session, request, header, std::move(requestData), std::move(ptr));
}
LOG("Can't find request for response");
}
LOG("Can't find request's raw data for response");
}
}
else
{
// It is request
if(Session* session = sessions.get_session(ptr->session, ptr->direction, MsgType::CALL))
{
// It is async request
if(header->isFlag(Flags::ASYNC_COMMAND))
{
return analyse_operation(session, header, nullptr, std::move(ptr), std::move(nullptr));
}
return session->save_call_data(header->messageId, std::move(ptr));
}
LOG("Can't get right CIFS session");
}
}