Project

General

Profile

Download (36.2 KB)

Bug #94 » 0001-dcerpc-udp-support.patch

Kirby Kuehl, 02/16/2010 10:56 AM

View differences:

src/Makefile.am
app-layer-smb.c app-layer-smb.h \
app-layer-smb2.c app-layer-smb2.h \
app-layer-dcerpc.c app-layer-dcerpc.h \
app-layer-dcerpc-udp.c app-layer-dcerpc-udp.h \
app-layer-ftp.c app-layer-ftp.h \
defrag.c defrag.h \
output.c output.h
src/app-layer-dcerpc-common.h
#define DCERPC_HDR_LEN 16
typedef struct dcerpc_hdr_udp_ {
uint8_t rpc_vers; /* 4 RPC protocol major version (4 LSB only)*/
uint8_t ptype; /* Packet type (5 LSB only) */
uint8_t flags1; /* Packet flags */
uint8_t flags2; /* Packet flags */
uint8_t drep[3]; /* Data representation format label */
uint8_t serial_hi; /* High byte of serial number */
uint8_t objectuuid[16];
uint8_t interfaceuuid[16];
uint8_t activityuuid[16];
uint32_t server_boot;/* Server boot time */
uint32_t if_vers; /* Interface version */
uint32_t seqnum; /* Sequence number */
uint16_t opnum; /* Operation number */
uint16_t ihint; /* Interface hint */
uint16_t ahint; /* Activity hint */
uint16_t fraglen; /* Length of packet body */
uint16_t fragnum; /* Fragment number */
uint8_t auth_proto; /* Authentication protocol identifier*/
uint8_t serial_lo; /* Low byte of serial number */
}DCERPCHdrUdp;
#define DCERPC_UDP_HDR_LEN 80
struct uuid_entry {
uint16_t ctxid;
uint16_t result;
......
#define DEFAULT_CONTEXT_NOT_SUPPORTED 5 /* not used */
#define USER_DATA_NOT_READABLE 6 /* not used */
#define NO_PSAP_AVAILABLE 7 /* not used */
/*
typedef uint16_t p_context_id_t;
typedef struct {
uuid_t if_uuid;
uint32_t if_version;
} p_syntax_id_t;
typedef struct {
p_context_id_t p_cont_id;
uint8_t n_transfer_syn; // number of items
uint8_t reserved; // alignment pad, m.b.z.
p_syntax_id_t abstract_syntax; // transfer syntax list
p_syntax_id_t [size_is(n_transfer_syn)] transfer_syntaxes[];
} p_cont_elem_t;
*/
int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len);
void hexdump(const void *buf, size_t len);
src/app-layer-dcerpc-udp.c
/*
* Copyright (c) 2009, 2010 Open Information Security Foundation
* app-layer-dcerpc.c
*
* \author Kirby Kuehl <kkuehl@gmail.com>
*/
#include "suricata-common.h"
#include "suricata.h"
#include "debug.h"
#include "decode.h"
#include "threads.h"
#include "util-print.h"
#include "util-pool.h"
#include "util-debug.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp.h"
#include "stream.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "util-spm.h"
#include "util-unittest.h"
#include "app-layer-dcerpc-udp.h"
enum {
DCERPC_FIELD_NONE = 0,
DCERPC_PARSE_DCERPC_HEADER,
DCERPC_PARSE_DCERPC_BIND,
DCERPC_PARSE_DCERPC_BIND_ACK,
DCERPC_PARSE_DCERPC_REQUEST,
/* must be last */
DCERPC_FIELD_MAX,
};
static uint32_t FragmentDataParser(Flow *f, void *dcerpcudp_state,
AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
AppLayerParserResult *output) {
SCEnter();
uint8_t *p = input;
DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpcudp_state;
sstate->frag_data = input;
while (sstate->fraglenleft-- && input_len--) {
SCLogDebug("0x%02x ", *p);
p++;
}
sstate->bytesprocessed += (p - input);
SCReturnUInt((uint32_t)(p - input));
}
/**
* \brief DCERPCParseHeader parses the 16 byte DCERPC header
* A fast path for normal decoding is used when there is enough bytes
* present to parse the entire header. A slow path is used to parse
* fragmented packets.
*/
static uint32_t DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state,
AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
AppLayerParserResult *output) {
SCEnter();
uint8_t *p = input;
DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpcudp_state;
if (input_len) {
switch (sstate->bytesprocessed) {
case 0:
if (input_len >= DCERPC_UDP_HDR_LEN) {
sstate->dcerpchdrudp.rpc_vers = *p;
sstate->dcerpchdrudp.ptype = *(p + 1);
sstate->dcerpchdrudp.flags1 = *(p + 2);
sstate->dcerpchdrudp.flags2 = *(p + 3);
sstate->dcerpchdrudp.drep[0] = *(p + 4);
sstate->dcerpchdrudp.drep[1] = *(p + 5);
sstate->dcerpchdrudp.drep[2] = *(p + 6);
sstate->dcerpchdrudp.serial_hi = *(p + 7);
sstate->dcerpchdrudp.objectuuid[3] = *(p + 8);
sstate->dcerpchdrudp.objectuuid[2] = *(p + 9);
sstate->dcerpchdrudp.objectuuid[1] = *(p + 10);
sstate->dcerpchdrudp.objectuuid[0] = *(p + 11);
sstate->dcerpchdrudp.objectuuid[5] = *(p + 12);
sstate->dcerpchdrudp.objectuuid[4] = *(p + 13);
sstate->dcerpchdrudp.objectuuid[7] = *(p + 14);
sstate->dcerpchdrudp.objectuuid[6] = *(p + 15);
sstate->dcerpchdrudp.objectuuid[8] = *(p + 16);
sstate->dcerpchdrudp.objectuuid[9] = *(p + 17);
sstate->dcerpchdrudp.objectuuid[10] = *(p + 18);
sstate->dcerpchdrudp.objectuuid[11] = *(p + 19);
sstate->dcerpchdrudp.objectuuid[12] = *(p + 20);
sstate->dcerpchdrudp.objectuuid[13] = *(p + 21);
sstate->dcerpchdrudp.objectuuid[14] = *(p + 22);
sstate->dcerpchdrudp.objectuuid[15] = *(p + 23);
sstate->dcerpchdrudp.interfaceuuid[3] = *(p + 24);
sstate->dcerpchdrudp.interfaceuuid[2] = *(p + 25);
sstate->dcerpchdrudp.interfaceuuid[1] = *(p + 26);
sstate->dcerpchdrudp.interfaceuuid[0] = *(p + 27);
sstate->dcerpchdrudp.interfaceuuid[5] = *(p + 28);
sstate->dcerpchdrudp.interfaceuuid[4] = *(p + 29);
sstate->dcerpchdrudp.interfaceuuid[7] = *(p + 30);
sstate->dcerpchdrudp.interfaceuuid[6] = *(p + 31);
sstate->dcerpchdrudp.interfaceuuid[8] = *(p + 32);
sstate->dcerpchdrudp.interfaceuuid[9] = *(p + 33);
sstate->dcerpchdrudp.interfaceuuid[10] = *(p + 34);
sstate->dcerpchdrudp.interfaceuuid[11] = *(p + 35);
sstate->dcerpchdrudp.interfaceuuid[12] = *(p + 36);
sstate->dcerpchdrudp.interfaceuuid[13] = *(p + 37);
sstate->dcerpchdrudp.interfaceuuid[14] = *(p + 38);
sstate->dcerpchdrudp.interfaceuuid[15] = *(p + 39);
sstate->dcerpchdrudp.activityuuid[3] = *(p + 40);
sstate->dcerpchdrudp.activityuuid[2] = *(p + 41);
sstate->dcerpchdrudp.activityuuid[1] = *(p + 42);
sstate->dcerpchdrudp.activityuuid[0] = *(p + 43);
sstate->dcerpchdrudp.activityuuid[5] = *(p + 44);
sstate->dcerpchdrudp.activityuuid[4] = *(p + 45);
sstate->dcerpchdrudp.activityuuid[7] = *(p + 46);
sstate->dcerpchdrudp.activityuuid[6] = *(p + 47);
sstate->dcerpchdrudp.activityuuid[8] = *(p + 48);
sstate->dcerpchdrudp.activityuuid[9] = *(p + 49);
sstate->dcerpchdrudp.activityuuid[10] = *(p + 50);
sstate->dcerpchdrudp.activityuuid[11] = *(p + 51);
sstate->dcerpchdrudp.activityuuid[12] = *(p + 52);
sstate->dcerpchdrudp.activityuuid[13] = *(p + 53);
sstate->dcerpchdrudp.activityuuid[14] = *(p + 54);
sstate->dcerpchdrudp.activityuuid[15] = *(p + 55);
if (sstate->dcerpchdrudp.drep[0] == 0x10) {
sstate->dcerpchdrudp.server_boot = *(p + 56);
sstate->dcerpchdrudp.server_boot |= *(p + 57) << 8;
sstate->dcerpchdrudp.server_boot |= *(p + 58) << 16;
sstate->dcerpchdrudp.server_boot |= *(p + 59) << 24;
sstate->dcerpchdrudp.if_vers = *(p + 60);
sstate->dcerpchdrudp.if_vers |= *(p + 61) << 8;
sstate->dcerpchdrudp.if_vers |= *(p + 62) << 16;
sstate->dcerpchdrudp.if_vers |= *(p + 63) >> 24;
sstate->dcerpchdrudp.seqnum = *(p + 64);
sstate->dcerpchdrudp.seqnum |= *(p + 65) << 8;
sstate->dcerpchdrudp.seqnum |= *(p + 66) << 16;
sstate->dcerpchdrudp.seqnum |= *(p + 67) << 24;
sstate->dcerpchdrudp.opnum = *(p + 68);
sstate->dcerpchdrudp.opnum |= *(p + 69) << 8;
sstate->dcerpchdrudp.ihint = *(p + 70);
sstate->dcerpchdrudp.ihint |= *(p + 71) << 8;
sstate->dcerpchdrudp.ahint = *(p + 72);
sstate->dcerpchdrudp.ahint |= *(p + 73) << 8;
sstate->dcerpchdrudp.fraglen = *(p + 74);
sstate->dcerpchdrudp.fraglen |= *(p + 75) << 8;
sstate->dcerpchdrudp.fragnum = *(p + 76);
sstate->dcerpchdrudp.fragnum |= *(p + 77) << 8;
} else {
sstate->dcerpchdrudp.server_boot = *(p + 56) << 24;
sstate->dcerpchdrudp.server_boot |= *(p + 57) << 16;
sstate->dcerpchdrudp.server_boot |= *(p + 58) << 8;
sstate->dcerpchdrudp.server_boot |= *(p + 59);
sstate->dcerpchdrudp.if_vers = *(p + 60) << 24;
sstate->dcerpchdrudp.if_vers |= *(p + 61) << 16;
sstate->dcerpchdrudp.if_vers |= *(p + 62) << 8;
sstate->dcerpchdrudp.if_vers |= *(p + 63);
sstate->dcerpchdrudp.seqnum = *(p + 64) << 24;
sstate->dcerpchdrudp.seqnum |= *(p + 65) << 16;
sstate->dcerpchdrudp.seqnum |= *(p + 66) << 8;
sstate->dcerpchdrudp.seqnum |= *(p + 67);
sstate->dcerpchdrudp.opnum = *(p + 68) << 24;
sstate->dcerpchdrudp.opnum |= *(p + 69) << 16;
sstate->dcerpchdrudp.ihint = *(p + 70) << 8;
sstate->dcerpchdrudp.ihint |= *(p + 71);
sstate->dcerpchdrudp.ahint = *(p + 72) << 8;
sstate->dcerpchdrudp.ahint |= *(p + 73);
sstate->dcerpchdrudp.fraglen = *(p + 74) << 8;
sstate->dcerpchdrudp.fraglen |= *(p + 75);
sstate->dcerpchdrudp.fragnum = *(p + 76) << 8;
sstate->dcerpchdrudp.fragnum |= *(p + 77);
}
sstate->fraglenleft = sstate->dcerpchdrudp.fraglen;
sstate->dcerpchdrudp.auth_proto = *(p + 78);
sstate->dcerpchdrudp.serial_lo = *(p + 79);
sstate->bytesprocessed = DCERPC_UDP_HDR_LEN;
sstate->uuid_entry = (struct uuid_entry *) calloc(1,
sizeof(struct uuid_entry));
if (sstate->uuid_entry == NULL) {
SCReturnUInt(0);
} else {
memcpy(sstate->uuid_entry->uuid,
sstate->dcerpchdrudp.activityuuid,
sizeof(sstate->dcerpchdrudp.activityuuid));
}
SCReturnUInt(80U);
break;
} else {
sstate->dcerpchdrudp.rpc_vers = *(p++);
if (!(--input_len))
break;
}
case 1:
sstate->dcerpchdrudp.ptype = *(p++);
if (!(--input_len))
break;
case 2:
sstate->dcerpchdrudp.flags1 = *(p++);
if (!(--input_len))
break;
case 3:
sstate->dcerpchdrudp.flags2 = *(p++);
if (!(--input_len))
break;
case 4:
sstate->dcerpchdrudp.drep[0] = *(p++);
if (!(--input_len))
break;
case 5:
sstate->dcerpchdrudp.drep[1] = *(p++);
if (!(--input_len))
break;
case 6:
sstate->dcerpchdrudp.drep[2] = *(p++);
if (!(--input_len))
break;
case 7:
sstate->dcerpchdrudp.serial_hi = *(p++);
if (!(--input_len))
break;
case 8:
sstate->dcerpchdrudp.objectuuid[3] = *(p++);
if (!(--input_len))
break;
case 9:
sstate->dcerpchdrudp.objectuuid[2] = *(p++);
if (!(--input_len))
break;
case 10:
sstate->dcerpchdrudp.objectuuid[1] = *(p++);
if (!(--input_len))
break;
case 11:
sstate->dcerpchdrudp.objectuuid[0] = *(p++);
if (!(--input_len))
break;
case 12:
sstate->dcerpchdrudp.objectuuid[5] = *(p++);
if (!(--input_len))
break;
case 13:
sstate->dcerpchdrudp.objectuuid[4] = *(p++);
if (!(--input_len))
break;
case 14:
sstate->dcerpchdrudp.objectuuid[7] = *(p++);
if (!(--input_len))
break;
case 15:
sstate->dcerpchdrudp.objectuuid[6] = *(p++);
if (!(--input_len))
break;
case 16:
sstate->dcerpchdrudp.objectuuid[8] = *(p++);
if (!(--input_len))
break;
case 17:
sstate->dcerpchdrudp.objectuuid[9] = *(p++);
if (!(--input_len))
break;
case 18:
sstate->dcerpchdrudp.objectuuid[10] = *(p++);
if (!(--input_len))
break;
case 19:
sstate->dcerpchdrudp.objectuuid[11] = *(p++);
if (!(--input_len))
break;
case 20:
sstate->dcerpchdrudp.objectuuid[12] = *(p++);
if (!(--input_len))
break;
case 21:
sstate->dcerpchdrudp.objectuuid[13] = *(p++);
if (!(--input_len))
break;
case 22:
sstate->dcerpchdrudp.objectuuid[14] = *(p++);
if (!(--input_len))
break;
case 23:
sstate->dcerpchdrudp.objectuuid[15] = *(p++);
if (!(--input_len))
break;
case 24:
sstate->dcerpchdrudp.interfaceuuid[3] = *(p++);
if (!(--input_len))
break;
case 25:
sstate->dcerpchdrudp.interfaceuuid[2] = *(p++);
if (!(--input_len))
break;
case 26:
sstate->dcerpchdrudp.interfaceuuid[1] = *(p++);
if (!(--input_len))
break;
case 27:
sstate->dcerpchdrudp.interfaceuuid[0] = *(p++);
if (!(--input_len))
break;
case 28:
sstate->dcerpchdrudp.interfaceuuid[5] = *(p++);
if (!(--input_len))
break;
case 29:
sstate->dcerpchdrudp.interfaceuuid[4] = *(p++);
if (!(--input_len))
break;
case 30:
sstate->dcerpchdrudp.interfaceuuid[7] = *(p++);
if (!(--input_len))
break;
case 31:
sstate->dcerpchdrudp.interfaceuuid[6] = *(p++);
if (!(--input_len))
break;
case 32:
sstate->dcerpchdrudp.interfaceuuid[8] = *(p++);
if (!(--input_len))
break;
case 33:
sstate->dcerpchdrudp.interfaceuuid[9] = *(p++);
if (!(--input_len))
break;
case 34:
sstate->dcerpchdrudp.interfaceuuid[10] = *(p++);
if (!(--input_len))
break;
case 35:
sstate->dcerpchdrudp.interfaceuuid[11] = *(p++);
if (!(--input_len))
break;
case 36:
sstate->dcerpchdrudp.interfaceuuid[12] = *(p++);
if (!(--input_len))
break;
case 37:
sstate->dcerpchdrudp.interfaceuuid[13] = *(p++);
if (!(--input_len))
break;
case 38:
sstate->dcerpchdrudp.interfaceuuid[14] = *(p++);
if (!(--input_len))
break;
case 39:
sstate->dcerpchdrudp.interfaceuuid[15] = *(p++);
if (!(--input_len))
break;
case 40:
sstate->dcerpchdrudp.activityuuid[3] = *(p++);
if (!(--input_len))
break;
case 41:
sstate->dcerpchdrudp.activityuuid[2] = *(p++);
if (!(--input_len))
break;
case 42:
sstate->dcerpchdrudp.activityuuid[1] = *(p++);
if (!(--input_len))
break;
case 43:
sstate->dcerpchdrudp.activityuuid[0] = *(p++);
if (!(--input_len))
break;
case 44:
sstate->dcerpchdrudp.activityuuid[5] = *(p++);
if (!(--input_len))
break;
case 45:
sstate->dcerpchdrudp.activityuuid[4] = *(p++);
if (!(--input_len))
break;
case 46:
sstate->dcerpchdrudp.activityuuid[7] = *(p++);
if (!(--input_len))
break;
case 47:
sstate->dcerpchdrudp.activityuuid[6] = *(p++);
if (!(--input_len))
break;
case 48:
sstate->dcerpchdrudp.activityuuid[8] = *(p++);
if (!(--input_len))
break;
case 49:
sstate->dcerpchdrudp.activityuuid[9] = *(p++);
if (!(--input_len))
break;
case 50:
sstate->dcerpchdrudp.activityuuid[10] = *(p++);
if (!(--input_len))
break;
case 51:
sstate->dcerpchdrudp.activityuuid[11] = *(p++);
if (!(--input_len))
break;
case 52:
sstate->dcerpchdrudp.activityuuid[12] = *(p++);
if (!(--input_len))
break;
case 53:
sstate->dcerpchdrudp.activityuuid[13] = *(p++);
if (!(--input_len))
break;
case 54:
sstate->dcerpchdrudp.activityuuid[14] = *(p++);
if (!(--input_len))
break;
case 55:
sstate->dcerpchdrudp.activityuuid[15] = *(p++);
if (!(--input_len))
break;
case 56:
sstate->dcerpchdrudp.server_boot = *(p++);
if (!(--input_len))
break;
case 57:
sstate->dcerpchdrudp.server_boot |= *(p++) << 8;
if (!(--input_len))
break;
case 58:
sstate->dcerpchdrudp.server_boot |= *(p++) << 16;
if (!(--input_len))
break;
case 59:
sstate->dcerpchdrudp.server_boot |= *(p++) << 24;
if (!(--input_len))
break;
case 60:
sstate->dcerpchdrudp.if_vers = *(p++);
if (!(--input_len))
break;
case 61:
sstate->dcerpchdrudp.if_vers |= *(p++) << 8;
if (!(--input_len))
break;
case 62:
sstate->dcerpchdrudp.if_vers |= *(p++) << 16;
if (!(--input_len))
break;
case 63:
sstate->dcerpchdrudp.if_vers |= *(p++) << 24;
if (!(--input_len))
break;
case 64:
sstate->dcerpchdrudp.seqnum = *(p++);
if (!(--input_len))
break;
case 65:
sstate->dcerpchdrudp.seqnum |= *(p++) << 8;
if (!(--input_len))
break;
case 66:
sstate->dcerpchdrudp.seqnum |= *(p++) << 16;
if (!(--input_len))
break;
case 67:
sstate->dcerpchdrudp.seqnum |= *(p++) << 24;
if (!(--input_len))
break;
case 68:
sstate->dcerpchdrudp.opnum = *(p++);
if (!(--input_len))
break;
case 69:
sstate->dcerpchdrudp.opnum |= *(p++) << 8;
if (!(--input_len))
break;
case 70:
sstate->dcerpchdrudp.ihint = *(p++);
if (!(--input_len))
break;
case 71:
sstate->dcerpchdrudp.ihint |= *(p++) << 8;
if (!(--input_len))
break;
case 72:
sstate->dcerpchdrudp.ahint = *(p++);
if (!(--input_len))
break;
case 73:
sstate->dcerpchdrudp.ahint |= *(p++) << 8;
if (!(--input_len))
break;
case 74:
sstate->dcerpchdrudp.fraglen = *(p++);
if (!(--input_len))
break;
case 75:
sstate->dcerpchdrudp.fraglen |= *(p++) << 8;
if (!(--input_len))
break;
case 76:
sstate->dcerpchdrudp.fragnum = *(p++);
if (!(--input_len))
break;
case 77:
sstate->dcerpchdrudp.fragnum |= *(p++);
if (!(--input_len))
break;
case 78:
sstate->dcerpchdrudp.auth_proto = *(p++);
if (!(--input_len))
break;
case 79:
sstate->dcerpchdrudp.serial_lo = *(p++);
if (sstate->dcerpchdrudp.drep[0] != 0x10) {
SCByteSwap32(sstate->dcerpchdrudp.server_boot);
SCByteSwap32(sstate->dcerpchdrudp.if_vers);
SCByteSwap32(sstate->dcerpchdrudp.seqnum);
SCByteSwap16(sstate->dcerpchdrudp.opnum);
SCByteSwap16(sstate->dcerpchdrudp.ihint);
SCByteSwap16(sstate->dcerpchdrudp.ahint);
SCByteSwap16(sstate->dcerpchdrudp.fraglen);
SCByteSwap16(sstate->dcerpchdrudp.fragnum);
}
sstate->fraglenleft = sstate->dcerpchdrudp.fraglen;
sstate->uuid_entry = (struct uuid_entry *) calloc(1,
sizeof(struct uuid_entry));
if (sstate->uuid_entry == NULL) {
SCReturnUInt(0);
} else {
memcpy(sstate->uuid_entry->uuid,
sstate->dcerpchdrudp.activityuuid,
sizeof(sstate->dcerpchdrudp.activityuuid));
}
--input_len;
break;
}
}
sstate->bytesprocessed += (p - input);
SCReturnUInt((uint32_t)(p - input));
}
static int DCERPCUDPParse(Flow *f, void *dcerpc_state,
AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
AppLayerParserResult *output) {
uint32_t retval = 0;
uint32_t parsed = 0;
SCEnter();
DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpc_state;
while (sstate->bytesprocessed < DCERPC_UDP_HDR_LEN && input_len) {
retval = DCERPCUDPParseHeader(f, dcerpc_state, pstate, input,
input_len, output);
parsed += retval;
input_len -= retval;
}
#if 0
printf("Done with DCERPCUDPParseHeader bytesprocessed %u/%u left %u\n",
sstate->bytesprocessed, sstate->dcerpchdrudp.fraglen, input_len);
printf("\nDCERPC Version:\t%u\n", sstate->dcerpchdrudp.rpc_vers);
printf("DCERPC Type:\t%u\n", sstate->dcerpchdrudp.ptype);
printf("DCERPC Flags1:\t0x%02x\n", sstate->dcerpchdrudp.flags1);
printf("DCERPC Flags2:\t0x%02x\n", sstate->dcerpchdrudp.flags2);
printf("DCERPC Packed Drep:\t%02x %02x %02x\n",
sstate->dcerpchdrudp.drep[0], sstate->dcerpchdrudp.drep[1],
sstate->dcerpchdrudp.drep[2]);
printf("DCERPC Frag Length:\t0x%04x %u\n", sstate->dcerpchdrudp.fraglen,
sstate->dcerpchdrudp.fraglen);
printf("DCERPC Frag Number:\t0x%04x\n", sstate->dcerpchdrudp.fragnum);
printf("DCERPC OpNum:\t0x%04x\n", sstate->dcerpchdrudp.opnum);
#endif
while (sstate->bytesprocessed >= DCERPC_UDP_HDR_LEN
&& sstate->bytesprocessed < sstate->dcerpchdrudp.fraglen
&& input_len) {
retval = FragmentDataParser(f, dcerpc_state, pstate, input + parsed,
input_len, output);
if (retval) {
parsed += retval;
input_len -= retval;
} else if (input_len) {
SCLogDebug("Error parsing DCERPC UDP Fragment Data");
parsed -= input_len;
input_len = 0;
sstate->bytesprocessed = 0;
}
}
if (sstate->bytesprocessed == sstate->dcerpchdrudp.fraglen) {
sstate->bytesprocessed = 0;
}
if (pstate == NULL)
SCReturnInt(-1);
pstate->parse_field = 0;
SCReturnInt(1);
}
static void *DCERPCUDPStateAlloc(void) {
void *s = malloc(sizeof(DCERPCUDPState));
if (s == NULL)
return NULL;
memset(s, 0, sizeof(DCERPCUDPState));
return s;
}
static void DCERPCUDPStateFree(void *s) {
DCERPCUDPState *sstate = (DCERPCUDPState *) s;
struct uuid_entry *item;
while ((item = TAILQ_FIRST(&sstate->uuid_list))) {
//printUUID("Free", item);
TAILQ_REMOVE(&sstate->uuid_list, item, next);
free(item);
}
if (s) {
free(s);
s = NULL;
}
}
void RegisterDCERPCUDPParsers(void) {
AppLayerRegisterProto("dcerpcudp", ALPROTO_DCERPC_UDP, STREAM_TOSERVER,
DCERPCUDPParse);
AppLayerRegisterProto("dcerpcudp", ALPROTO_DCERPC_UDP, STREAM_TOCLIENT,
DCERPCUDPParse);
AppLayerRegisterStateFuncs(ALPROTO_DCERPC_UDP, DCERPCUDPStateAlloc,
DCERPCUDPStateFree);
}
/* UNITTESTS */
#ifdef UNITTESTS
/** \test DCERPC UDP Header Parsing and UUID handling
*/
int DCERPCUDPParserTest01(void) {
int result = 1;
Flow f;
uint8_t dcerpcrequest[] = {
0x04, 0x00, 0x2c, 0x00, 0x10, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x3f, 0x98, 0xf0, 0x5c, 0xd9, 0x63, 0xcc, 0x46,
0xc2, 0x74, 0x51, 0x6c, 0x8a, 0x53, 0x7d, 0x6f,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0xff, 0xff,
0xff, 0xff, 0x70, 0x05, 0x00, 0x00, 0x00, 0x00,
0x05, 0x00, 0x06, 0x00, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x32, 0x24, 0x58, 0xfd,
0xcc, 0x45, 0x64, 0x49, 0xb0, 0x70, 0xdd, 0xae,
0x74, 0x2c, 0x96, 0xd2, 0x60, 0x5e, 0x0d, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x70, 0x5e, 0x0d, 0x00, 0x02, 0x00, 0x00, 0x00,
0x7c, 0x5e, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
0x10, 0x00, 0x00, 0x00, 0x80, 0x96, 0xf1, 0xf1,
0x2a, 0x4d, 0xce, 0x11, 0xa6, 0x6a, 0x00, 0x20,
0xaf, 0x6e, 0x72, 0xf4, 0x0c, 0x00, 0x00, 0x00,
0x4d, 0x41, 0x52, 0x42, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x0d, 0xf0, 0xad, 0xba,
0x00, 0x00, 0x00, 0x00, 0xa8, 0xf4, 0x0b, 0x00,
0x10, 0x09, 0x00, 0x00, 0x10, 0x09, 0x00, 0x00,
0x4d, 0x45, 0x4f, 0x57, 0x04, 0x00, 0x00, 0x00,
0xa2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x38, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x00, 0x00, 0x00, 0x00, 0xe0, 0x08, 0x00, 0x00,
0xd8, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
0xc8, 0x00, 0x00, 0x00, 0x4d, 0x45, 0x4f, 0x57,
0xd8, 0x08, 0x00, 0x00, 0xd8, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc4, 0x28, 0xcd, 0x00,
0x64, 0x29, 0xcd, 0x00, 0x00, 0x00, 0x00, 0x00,
0x07, 0x00, 0x00, 0x00, 0xb9, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0xab, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0xa5, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0xa6, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0xa4, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0xad, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0xaa, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0x07, 0x00, 0x00, 0x00,
0x60, 0x00, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00,
0x90, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
0x20, 0x00, 0x00, 0x00, 0x28, 0x06, 0x00, 0x00,
0x30, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
0x50, 0x00, 0x00, 0x00, 0x4f, 0xb6, 0x88, 0x20,
0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
0x48, 0x00, 0x00, 0x00, 0x07, 0x00, 0x66, 0x00,
0x06, 0x09, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x78, 0x19, 0x0c, 0x00,
0x58, 0x00, 0x00, 0x00, 0x05, 0x00, 0x06, 0x00,
0x01, 0x00, 0x00, 0x00, 0x70, 0xd8, 0x98, 0x93,
0x98, 0x4f, 0xd2, 0x11, 0xa9, 0x3d, 0xbe, 0x57,
0xb2, 0x00, 0x00, 0x00, 0x32, 0x00, 0x31, 0x00,
0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
0x80, 0x00, 0x00, 0x00, 0x0d, 0xf0, 0xad, 0xba,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x18, 0x43, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00,
0x60, 0x00, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00,
0x4d, 0x45, 0x4f, 0x57, 0x04, 0x00, 0x00, 0x00,
0xc0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x3b, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00,
0x01, 0x00, 0x01, 0x00, 0x81, 0xc5, 0x17, 0x03,
0x80, 0x0e, 0xe9, 0x4a, 0x99, 0x99, 0xf1, 0x8a,
0x50, 0x6f, 0x7a, 0x85, 0x02, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
0x30, 0x00, 0x00, 0x00, 0x78, 0x00, 0x6e, 0x00,
0x00, 0x00, 0x00, 0x00, 0xd8, 0xda, 0x0d, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x20, 0x2f, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
0x46, 0x00, 0x58, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
0x10, 0x00, 0x00, 0x00, 0x30, 0x00, 0x2e, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
0x68, 0x00, 0x00, 0x00, 0x0e, 0x00, 0xff, 0xff,
0x68, 0x8b, 0x0b, 0x00, 0x02, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xfe, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xfe, 0x02, 0x00, 0x00, 0x5c, 0x00, 0x5c, 0x00,
0x31, 0x00, 0x31, 0x00, 0x31, 0x00, 0x31, 0x00,
0x31, 0x00, 0x31, 0x00, 0x31, 0x00, 0x31, 0x00,
0x31, 0x00, 0x31, 0x00, 0x31, 0x00, 0x31, 0x00,
0x31, 0x00, 0x31, 0x00, 0x31, 0x00, 0x31, 0x00,
0x31, 0x00, 0x31, 0x00, 0x9d, 0x13, 0x00, 0x01,
0xcc, 0xe0, 0xfd, 0x7f, 0xcc, 0xe0, 0xfd, 0x7f,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
uint32_t requestlen = sizeof(dcerpcrequest);
TcpSession ssn;
struct uuid_entry *uuid_entry;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
int r = AppLayerParse(&f, ALPROTO_DCERPC_UDP, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
DCERPCUDPState *dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC_UDP)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
result = 0;
goto end;
}
if (dcerpc_state->dcerpchdrudp.rpc_vers != 4) {
printf("expected dcerpc version 0x04, got 0x%02x : ",
dcerpc_state->dcerpchdrudp.rpc_vers);
result = 0;
goto end;
}
if (dcerpc_state->dcerpchdrudp.ptype != REQUEST) {
printf("expected dcerpc type 0x%02x , got 0x%02x : ", REQUEST, dcerpc_state->dcerpchdrudp.ptype);
result = 0;
goto end;
}
if (dcerpc_state->dcerpchdrudp.fraglen != 1392) {
printf("expected dcerpc fraglen 0x%02x , got 0x%02x : ", 1392, dcerpc_state->dcerpchdrudp.fraglen);
result = 0;
goto end;
}
if (dcerpc_state->dcerpchdrudp.opnum != 4) {
printf("expected dcerpc opnum 0x%02x , got 0x%02x : ", 4, dcerpc_state->dcerpchdrudp.opnum);
result = 0;
goto end;
}
TAILQ_FOREACH(uuid_entry, &dcerpc_state->uuid_list, next) {
printUUID("REQUEST", uuid_entry);
}
end:
StreamL7DataPtrFree(&ssn);
StreamTcpFreeConfig(TRUE);
return result;
}
void DCERPCUDPParserRegisterTests(void) {
printf("DCERPCUDPParserRegisterTests\n");
UtRegisterTest("DCERPCUDPParserTest01", DCERPCUDPParserTest01, 1);
}
#endif
src/app-layer-dcerpc-udp.h
/*
* Copyright (c) 2009,2010 Open Information Security Foundation
* app-layer-dcerpc.h
*
* \author Kirby Kuehl <kkuehl@gmail.com>
*/
#ifndef APPLAYERDCERPCUDP_H_
#define APPLAYERDCERPCUDP_H_
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-dcerpc-common.h"
#include "flow.h"
#include "queue.h"
#include "util-byte.h"
typedef struct DCERPCUDPState_ {
DCERPCHdrUdp dcerpchdrudp;
uint16_t bytesprocessed;
uint16_t fraglenleft;
uint8_t *frag_data;
struct uuid_entry *uuid_entry;
TAILQ_HEAD(, uuid_entry) uuid_list;
}DCERPCUDPState;
void RegisterDCERPCUDPParsers(void);
void DCERPCUDPParserTests(void);
void DCERPCUDPParserRegisterTests(void);
#endif /* APPLAYERDCERPCUDP_H_ */
src/app-layer-dcerpc.c
/** \test DCERPC Header Parsing and BIND / BIND_ACK multiple UUID handling
*/
/* set this to 1 to see problem */
int DCERPCParserTest01(void) {
int result = 1;
Flow f;
src/app-layer-protos.h
ALPROTO_SMB,
ALPROTO_SMB2,
ALPROTO_DCERPC,
ALPROTO_DCERPC_UDP,
#ifdef UNITTESTS
ALPROTO_TEST,
#endif /* UNITESTS */
src/app-layer-smb.c
#endif
void SMBParserRegisterTests(void) {
#ifdef UNITTESTS
printf("SMBParserRegisterTests\n");
UtRegisterTest("SMBParserTest01", SMBParserTest01, 1);
UtRegisterTest("SMBParserTest02", SMBParserTest02, 1);
UtRegisterTest("SMBParserTest03", SMBParserTest03, 1);
UtRegisterTest("SMBParserTest04", SMBParserTest04, 1);
#endif
}
src/suricata.c
#include "app-layer-tls.h"
#include "app-layer-smb.h"
#include "app-layer-dcerpc.h"
#include "app-layer-dcerpc-udp.h"
#include "app-layer-htp.h"
#include "app-layer-ftp.h"
......
RegisterTLSParsers();
RegisterSMBParsers();
RegisterDCERPCParsers();
RegisterDCERPCUDPParsers();
RegisterFTPParsers();
AppLayerParsersInitPostProcess();
......
TLSParserRegisterTests();
SMBParserRegisterTests();
DCERPCParserRegisterTests();
DCERPCUDPParserRegisterTests();
FTPParserRegisterTests();
DecodeRawRegisterTests();
DecodePPPOERegisterTests();
(1-1/5)