Project

General

Profile

Download (4.88 KB)

Bug #94 » 0002-dcerpc-udp-support.patch

New Patch 2 - Kirby Kuehl, 06/19/2010 04:51 PM

View differences:

src/Makefile.am
app-layer-smb.c app-layer-smb.h \
app-layer-smb2.c app-layer-smb2.h \
app-layer-dcerpc.c app-layer-dcerpc.h \
app-layer-dcerpc-udp.c app-layer-dcerpc-udp.h \
app-layer-ftp.c app-layer-ftp.h \
app-layer-ssl.c app-layer-ssl.h \
defrag.c defrag.h \
src/app-layer-dcerpc-common.h
#define DCERPC_HDR_LEN 16
typedef struct DCERPCHdrUdp_ {
uint8_t rpc_vers; /* 4 RPC protocol major version (4 LSB only)*/
uint8_t type; /* Packet type (5 LSB only) */
uint8_t flags1; /* Packet flags */
uint8_t flags2; /* Packet flags */
uint8_t drep[3]; /* Data representation format label */
uint8_t serial_hi; /* High byte of serial number */
uint8_t objectuuid[16];
uint8_t interfaceuuid[16];
uint8_t activityuuid[16];
uint32_t server_boot;/* Server boot time */
uint32_t if_vers; /* Interface version */
uint32_t seqnum; /* Sequence number */
uint16_t opnum; /* Operation number */
uint16_t ihint; /* Interface hint */
uint16_t ahint; /* Activity hint */
uint16_t fraglen; /* Length of packet body */
uint16_t fragnum; /* Fragment number */
uint8_t auth_proto; /* Authentication protocol identifier*/
uint8_t serial_lo; /* Low byte of serial number */
}DCERPCHdrUdp;
#define DCERPC_UDP_HDR_LEN 80
typedef struct DCERPCUuidEntry_ {
uint16_t ctxid;
uint16_t result;
......
uint16_t transaction_id;
} DCERPC;
typedef struct DCERPCUDP_ {
DCERPCHdrUdp dcerpchdrudp;
DCERPCBindBindAck dcerpcbindbindack;
DCERPCRequest dcerpcrequest;
DCERPCResponse dcerpcresponse;
uint16_t bytesprocessed;
uint16_t fraglenleft;
uint8_t *frag_data;
DCERPCUuidEntry *uuid_entry;
TAILQ_HEAD(, uuid_entry) uuid_list;
}DCERPCUDP;
/** First fragment */
#define PFC_FIRST_FRAG 0x01
src/app-layer-detect-proto.c
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
/** SMB2 */
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 4, 4, STREAM_TOCLIENT);
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 4, 4, STREAM_TOSERVER);
/** DCERPC */
AlpProtoAdd(&alp_proto_ctx, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOCLIENT);
AlpProtoAdd(&alp_proto_ctx, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOSERVER);
/** DCERPC */
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOCLIENT);
src/app-layer-protos.h
ALPROTO_SMB,
ALPROTO_SMB2,
ALPROTO_DCERPC,
ALPROTO_DCERPC_UDP,
#ifdef UNITTESTS
ALPROTO_TEST,
#endif /* UNITESTS */
src/suricata.c
#include "app-layer-tls.h"
#include "app-layer-smb.h"
#include "app-layer-dcerpc.h"
#include "app-layer-dcerpc-udp.h"
#include "app-layer-htp.h"
#include "app-layer-ftp.h"
#include "app-layer-ssl.h"
......
RegisterTLSParsers();
RegisterSMBParsers();
RegisterDCERPCParsers();
RegisterDCERPCUDPParsers();
RegisterFTPParsers();
RegisterSSLParsers();
AppLayerParsersInitPostProcess();
......
TLSParserRegisterTests();
SMBParserRegisterTests();
DCERPCParserRegisterTests();
DCERPCUDPParserRegisterTests();
FTPParserRegisterTests();
DecodeRawRegisterTests();
DecodePPPOERegisterTests();
(4-4/5)