#include "app-layer-protos.h"#include "app-layer-parser.h"#include "flow.h"#include "queue.h"#include "util-byte.h"
Go to the source code of this file.
Data Structures | |
| struct | DCERPCHdr_ |
| struct | DCERPCHdrUdp_ |
| struct | DCERPCUuidEntry_ |
| struct | DCERPCBindBindAck_ |
| struct | DCERPCRequest_ |
| struct | DCERPCResponse_ |
| struct | DCERPC_ |
| struct | DCERPCUDP_ |
Macros | |
| #define | REQUEST 0 |
| #define | PING 1 |
| #define | RESPONSE 2 |
| #define | FAULT 3 |
| #define | WORKING 4 |
| #define | NOCALL 5 |
| #define | REJECT 6 |
| #define | ACK 7 |
| #define | CL_CANCEL 8 |
| #define | FACK 9 |
| #define | CANCEL_ACK 10 |
| #define | BIND 11 |
| #define | BIND_ACK 12 |
| #define | BIND_NAK 13 |
| #define | ALTER_CONTEXT 14 |
| #define | ALTER_CONTEXT_RESP 15 |
| #define | SHUTDOWN 17 |
| #define | CO_CANCEL 18 |
| #define | ORPHANED 19 |
| #define | RESERVED_01 0x01 |
| #define | LASTFRAG 0x02 |
| #define | FRAG 0x04 |
| #define | NOFACK 0x08 |
| #define | MAYBE 0x10 |
| #define | IDEMPOTENT 0x20 |
| #define | BROADCAST 0x40 |
| #define | RESERVED_80 0x80 |
| #define | CANCEL_PENDING 0x02 |
| #define | RESERVED_04 0x04 |
| #define | RESERVED_10 0x10 |
| #define | RESERVED_20 0x20 |
| #define | RESERVED_40 0x40 |
| #define | RESERVED_80 0x80 |
| #define | DCERPC_HDR_LEN 16 |
| #define | DCERPC_UDP_HDR_LEN 80 |
| #define | DCERPC_UUID_ENTRY_FLAG_FF 0x0001 |
| #define | PFC_FIRST_FRAG 0x01 |
| #define | PFC_LAST_FRAG 0x02 |
| #define | PFC_PENDING_CANCEL 0x04 |
| #define | PFC_RESERVED_1 0x08 |
| #define | PFC_CONC_MPX 0x10 |
| #define | PFC_DID_NOT_EXECUTE 0x20 |
| #define | PFC_MAYBE 0x40 |
| #define | PFC_OBJECT_UUID 0x80 |
| #define | REASON_NOT_SPECIFIED 0 |
| #define | TEMPORARY_CONGESTION 1 |
| #define | LOCAL_LIMIT_EXCEEDED 2 |
| #define | CALLED_PADDR_UNKNOWN 3 /* not used */ |
| #define | PROTOCOL_VERSION_NOT_SUPPORTED 4 |
| #define | DEFAULT_CONTEXT_NOT_SUPPORTED 5 /* not used */ |
| #define | USER_DATA_NOT_READABLE 6 /* not used */ |
| #define | NO_PSAP_AVAILABLE 7 /* not used */ |
Typedefs | |
| typedef struct DCERPCHdr_ | DCERPCHdr |
| typedef struct DCERPCHdrUdp_ | DCERPCHdrUdp |
| typedef struct DCERPCUuidEntry_ | DCERPCUuidEntry |
| typedef struct DCERPCBindBindAck_ | DCERPCBindBindAck |
| typedef struct DCERPCRequest_ | DCERPCRequest |
| typedef struct DCERPCResponse_ | DCERPCResponse |
| typedef struct DCERPC_ | DCERPC |
| typedef struct DCERPCUDP_ | DCERPCUDP |
Functions | |
| void | RegisterDCERPCParsers (void) |
| void | DCERPCParserTests (void) |
| void | DCERPCParserRegisterTests (void) |
| typedef | TAILQ_HEAD (DCERPCUuidEntryList_, DCERPCUuidEntry_) DCERPCUuidEntryList |
| int32_t | DCERPCParser (DCERPC *, const uint8_t *, uint32_t) |
| void | hexdump (const void *buf, size_t len) |
| void | printUUID (const char *type, DCERPCUuidEntry *uuid) |
| printUUID function used to print UUID, Major and Minor Version Number and if it was Accepted or Rejected in the BIND_ACK. More... | |
Detailed Description
Definition in file app-layer-dcerpc-common.h.
Macro Definition Documentation
◆ ACK
| #define ACK 7 |
Definition at line 45 of file app-layer-dcerpc-common.h.
◆ ALTER_CONTEXT
| #define ALTER_CONTEXT 14 |
Definition at line 52 of file app-layer-dcerpc-common.h.
◆ ALTER_CONTEXT_RESP
| #define ALTER_CONTEXT_RESP 15 |
Definition at line 53 of file app-layer-dcerpc-common.h.
◆ BIND
| #define BIND 11 |
Definition at line 49 of file app-layer-dcerpc-common.h.
◆ BIND_ACK
| #define BIND_ACK 12 |
Definition at line 50 of file app-layer-dcerpc-common.h.
◆ BIND_NAK
| #define BIND_NAK 13 |
Definition at line 51 of file app-layer-dcerpc-common.h.
◆ BROADCAST
| #define BROADCAST 0x40 |
Definition at line 87 of file app-layer-dcerpc-common.h.
◆ CALLED_PADDR_UNKNOWN
| #define CALLED_PADDR_UNKNOWN 3 /* not used */ |
Definition at line 232 of file app-layer-dcerpc-common.h.
◆ CANCEL_ACK
| #define CANCEL_ACK 10 |
Definition at line 48 of file app-layer-dcerpc-common.h.
◆ CANCEL_PENDING
| #define CANCEL_PENDING 0x02 |
Definition at line 90 of file app-layer-dcerpc-common.h.
◆ CL_CANCEL
| #define CL_CANCEL 8 |
Definition at line 46 of file app-layer-dcerpc-common.h.
◆ CO_CANCEL
| #define CO_CANCEL 18 |
Definition at line 55 of file app-layer-dcerpc-common.h.
◆ DCERPC_HDR_LEN
| #define DCERPC_HDR_LEN 16 |
Definition at line 108 of file app-layer-dcerpc-common.h.
◆ DCERPC_UDP_HDR_LEN
| #define DCERPC_UDP_HDR_LEN 80 |
Definition at line 132 of file app-layer-dcerpc-common.h.
◆ DCERPC_UUID_ENTRY_FLAG_FF
| #define DCERPC_UUID_ENTRY_FLAG_FF 0x0001 |
FIRST flag set on the packet that contained this uuid entry
Definition at line 134 of file app-layer-dcerpc-common.h.
◆ DEFAULT_CONTEXT_NOT_SUPPORTED
| #define DEFAULT_CONTEXT_NOT_SUPPORTED 5 /* not used */ |
Definition at line 234 of file app-layer-dcerpc-common.h.
◆ FACK
| #define FACK 9 |
Definition at line 47 of file app-layer-dcerpc-common.h.
◆ FAULT
| #define FAULT 3 |
Definition at line 41 of file app-layer-dcerpc-common.h.
◆ FRAG
| #define FRAG 0x04 |
Definition at line 83 of file app-layer-dcerpc-common.h.
◆ IDEMPOTENT
| #define IDEMPOTENT 0x20 |
Definition at line 86 of file app-layer-dcerpc-common.h.
◆ LASTFRAG
| #define LASTFRAG 0x02 |
Definition at line 82 of file app-layer-dcerpc-common.h.
◆ LOCAL_LIMIT_EXCEEDED
| #define LOCAL_LIMIT_EXCEEDED 2 |
Definition at line 231 of file app-layer-dcerpc-common.h.
◆ MAYBE
| #define MAYBE 0x10 |
Definition at line 85 of file app-layer-dcerpc-common.h.
◆ NO_PSAP_AVAILABLE
| #define NO_PSAP_AVAILABLE 7 /* not used */ |
Definition at line 236 of file app-layer-dcerpc-common.h.
◆ NOCALL
| #define NOCALL 5 |
Definition at line 43 of file app-layer-dcerpc-common.h.
◆ NOFACK
| #define NOFACK 0x08 |
Definition at line 84 of file app-layer-dcerpc-common.h.
◆ ORPHANED
| #define ORPHANED 19 |
Definition at line 56 of file app-layer-dcerpc-common.h.
◆ PFC_CONC_MPX
| #define PFC_CONC_MPX 0x10 |
supports concurrent multiplexing of a single connection.
Definition at line 218 of file app-layer-dcerpc-common.h.
◆ PFC_DID_NOT_EXECUTE
| #define PFC_DID_NOT_EXECUTE 0x20 |
only meaningful on ‘fault’ packet; if true, guaranteed call did not execute.
Definition at line 221 of file app-layer-dcerpc-common.h.
◆ PFC_FIRST_FRAG
| #define PFC_FIRST_FRAG 0x01 |
First fragment
Definition at line 211 of file app-layer-dcerpc-common.h.
◆ PFC_LAST_FRAG
| #define PFC_LAST_FRAG 0x02 |
Last fragment
Definition at line 213 of file app-layer-dcerpc-common.h.
◆ PFC_MAYBE
| #define PFC_MAYBE 0x40 |
‘maybe’ call semantics requested
Definition at line 223 of file app-layer-dcerpc-common.h.
◆ PFC_OBJECT_UUID
| #define PFC_OBJECT_UUID 0x80 |
if true, a non-nil object UUID was specified in the handle, and is present in the optional object field. If false, the object field is omitted.
Definition at line 227 of file app-layer-dcerpc-common.h.
◆ PFC_PENDING_CANCEL
| #define PFC_PENDING_CANCEL 0x04 |
Cancel was pending at sender
Definition at line 215 of file app-layer-dcerpc-common.h.
◆ PFC_RESERVED_1
| #define PFC_RESERVED_1 0x08 |
Definition at line 216 of file app-layer-dcerpc-common.h.
◆ PING
| #define PING 1 |
Definition at line 39 of file app-layer-dcerpc-common.h.
◆ PROTOCOL_VERSION_NOT_SUPPORTED
| #define PROTOCOL_VERSION_NOT_SUPPORTED 4 |
Definition at line 233 of file app-layer-dcerpc-common.h.
◆ REASON_NOT_SPECIFIED
| #define REASON_NOT_SPECIFIED 0 |
Definition at line 229 of file app-layer-dcerpc-common.h.
◆ REJECT
| #define REJECT 6 |
Definition at line 44 of file app-layer-dcerpc-common.h.
◆ REQUEST
| #define REQUEST 0 |
Definition at line 38 of file app-layer-dcerpc-common.h.
◆ RESERVED_01
| #define RESERVED_01 0x01 |
Definition at line 81 of file app-layer-dcerpc-common.h.
◆ RESERVED_04
| #define RESERVED_04 0x04 |
Definition at line 91 of file app-layer-dcerpc-common.h.
◆ RESERVED_10
| #define RESERVED_10 0x10 |
Definition at line 92 of file app-layer-dcerpc-common.h.
◆ RESERVED_20
| #define RESERVED_20 0x20 |
Definition at line 93 of file app-layer-dcerpc-common.h.
◆ RESERVED_40
| #define RESERVED_40 0x40 |
Definition at line 94 of file app-layer-dcerpc-common.h.
◆ RESERVED_80 [1/2]
| #define RESERVED_80 0x80 |
Definition at line 95 of file app-layer-dcerpc-common.h.
◆ RESERVED_80 [2/2]
| #define RESERVED_80 0x80 |
Definition at line 95 of file app-layer-dcerpc-common.h.
◆ RESPONSE
| #define RESPONSE 2 |
Definition at line 40 of file app-layer-dcerpc-common.h.
◆ SHUTDOWN
| #define SHUTDOWN 17 |
Definition at line 54 of file app-layer-dcerpc-common.h.
◆ TEMPORARY_CONGESTION
| #define TEMPORARY_CONGESTION 1 |
Definition at line 230 of file app-layer-dcerpc-common.h.
◆ USER_DATA_NOT_READABLE
| #define USER_DATA_NOT_READABLE 6 /* not used */ |
Definition at line 235 of file app-layer-dcerpc-common.h.
◆ WORKING
| #define WORKING 4 |
Definition at line 42 of file app-layer-dcerpc-common.h.
Typedef Documentation
◆ DCERPC
◆ DCERPCBindBindAck
| typedef struct DCERPCBindBindAck_ DCERPCBindBindAck |
◆ DCERPCHdr
| typedef struct DCERPCHdr_ DCERPCHdr |
◆ DCERPCHdrUdp
| typedef struct DCERPCHdrUdp_ DCERPCHdrUdp |
◆ DCERPCRequest
| typedef struct DCERPCRequest_ DCERPCRequest |
◆ DCERPCResponse
| typedef struct DCERPCResponse_ DCERPCResponse |
◆ DCERPCUDP
| typedef struct DCERPCUDP_ DCERPCUDP |
◆ DCERPCUuidEntry
| typedef struct DCERPCUuidEntry_ DCERPCUuidEntry |
Function Documentation
◆ DCERPCParser()
| int32_t DCERPCParser | ( | DCERPC * | dcerpc, |
| const uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
- Todo:
- Currently the parser is very generic. Enable target based reassembly.
- Disable reiniting tailq for mid and last bind/alter_context pdus.
- Use a PM to search for subsequent 05 00 when we see an inconsistent pdu. This should be done for each platform based on how it handles a condition where it has receives a segment with 2 pdus, while the first pdu in the segment is corrupt.
- Currently the parser is very generic. Enable target based reassembly.
Definition at line 1458 of file app-layer-dcerpc.c.
References SCEnter, and SCLogDebug.
◆ DCERPCParserRegisterTests()
| void DCERPCParserRegisterTests | ( | void | ) |
Definition at line 5093 of file app-layer-dcerpc.c.
◆ DCERPCParserTests()
| void DCERPCParserTests | ( | void | ) |
◆ hexdump()
| void hexdump | ( | const void * | buf, |
| size_t | len | ||
| ) |
Definition at line 83 of file app-layer-dcerpc.c.
References len, and strlcat().
◆ printUUID()
| void printUUID | ( | const char * | type, |
| DCERPCUuidEntry * | uuid | ||
| ) |
printUUID function used to print UUID, Major and Minor Version Number and if it was Accepted or Rejected in the BIND_ACK.
Definition at line 146 of file app-layer-dcerpc.c.
References DCERPCUuidEntry_::ctxid, DCERPCUuidEntry_::result, type, DCERPCUuidEntry_::uuid, DCERPCUuidEntry_::version, and DCERPCUuidEntry_::versionminor.
◆ RegisterDCERPCParsers()
| void RegisterDCERPCParsers | ( | void | ) |
Definition at line 2078 of file app-layer-dcerpc.c.
Referenced by AppLayerParserRegisterProtocolParsers().
◆ TAILQ_HEAD()
| typedef TAILQ_HEAD | ( | DCERPCUuidEntryList_ | , |
| DCERPCUuidEntry_ | |||
| ) |
