Skip to content

Update SMB parser to support IPv6 addresses #1584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
LaurenceJJones wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Update SMB parser to support IPv6 addresses #1584

LaurenceJJones wants to merge 3 commits into from

Conversation

@LaurenceJJones
Copy link
Member

@LaurenceJJones LaurenceJJones commented Nov 24, 2025

link to #1567

Description

  • Changed pattern from ipv4 to ipv\d to support both IPv4 and IPv6
  • Added missing SMB_AUTH_FAIL pattern for NT_STATUS_NO_SUCH_USER status
  • Made port number mandatory in pattern to help with IPv6 boundary detection
  • Added IPv6 test cases with private IPv6 addresses (fd00::/8)
  • Updated parser.assert with test results

Checklist

  • I have read the contributing guide
  • I have tested my changes locally
  • For new parsers or scenarios, tests have been added
  • I have run the hub linter and no issues were reported (see contributing guide)
  • Automated tests are passing
  • AI was used to generate any/all content of this PR

@LaurenceJJones
Update SMB parser to support IPv6 addresses
5e67ca2 
- Changed pattern from ipv4 to ipv\d to support both IPv4 and IPv6
- Added missing SMB_AUTH_FAIL pattern for NT_STATUS_NO_SUCH_USER status
- Made port number mandatory in pattern to help with IPv6 boundary detection
- Added IPv6 test cases with private IPv6 addresses (fd00::/8)
- Updated parser.assert with test results
LaurenceJJones
LaurenceJJones commented Nov 24, 2025
View reviewed changes
@LaurenceJJones
Update SMB parser to use GREEDYDATA and Go-style slicing for IPv6
300589b 
- Changed pattern to use DATA instead of IP pattern to capture IP:port
- Use Go-style slicing with lastIndexOf() to extract IP address
- This approach handles both IPv4 and IPv6 addresses correctly
- Updated parser.assert with test results
@LaurenceJJones
Replace GREEDYDATA with DATA pattern for SMB IP parsing
0cd4943 
- Removed SMB_IP_PORT custom pattern
- Use standard DATA pattern for ip_source_with_port extraction
- Extract IP using lastIndexOf expression to handle IPv6 addresses with ports
- Pattern now works correctly for both IPv4 and IPv6 addresses
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LaurenceJJones