aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

style patch

Browse Source
remotes/origin/master-1.0.x
Kirby Kuehl 16 years ago committed by Victor Julien
parent 706bb95209
commit 3d59f40640
5 changed files with 32 additions and 47 deletions
Show Stats Download Patch File Download Diff File

18
src/app-layer-dcerpc.c
Unescape Escape View File

@ -1215,7 +1215,8 @@ void RegisterDCERPCParsers(void) {
/* UNITTESTS */ /* UNITTESTS */
#ifdef UNITTESTS #ifdef UNITTESTS
/* set this to 1 to see problem */
#define KNOWNFAILURE 0
int DCERPCParserTest01(void) { int DCERPCParserTest01(void) {
int result = 1; int result = 1;
Flow f; Flow f;
@ -1437,7 +1438,7 @@ int DCERPCParserTest01(void) {
0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
#if 0 #if KNOWNFAILURE
uint8_t dcerpcrequest[] = { uint8_t dcerpcrequest[] = {
0x05, 0x00, 0x00, 0x00, 0x10, 0x05, 0x00, 0x00, 0x00, 0x10,
0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
@ -1634,6 +1635,19 @@ int DCERPCParserTest01(void) {
TAILQ_FOREACH(uuid_entry, &dcerpc_state->uuid_list, next) { TAILQ_FOREACH(uuid_entry, &dcerpc_state->uuid_list, next) {
printUUID("BIND_ACK", uuid_entry); printUUID("BIND_ACK", uuid_entry);
} }
#if KNOWNFAILURE
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpcrequest, requestlen, FALSE);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
if (dcerpc_state->dcerpc.type != REQUEST) {
printf("expected dcerpc type 0x%02x , got 0x%02x : ", REQUEST, dcerpc_state->dcerpc.type);
result = 0;
goto end;
}
#endif
end: end:
return result; return result;
} }

4
src/app-layer-dcerpc.h
Unescape Escape View File

@ -86,7 +86,7 @@ typedef struct dcerpc_hdr_ {
uint16_t frag_length; /* 08:02 total length of fragment */ uint16_t frag_length; /* 08:02 total length of fragment */
uint16_t auth_length; /* 10:02 length of auth_value */ uint16_t auth_length; /* 10:02 length of auth_value */
uint32_t call_id; /* 12:04 call identifier */ uint32_t call_id; /* 12:04 call identifier */
}dcerpc_t; }DCERPCHdr;
#define DCERPC_HDR_LEN 16 #define DCERPC_HDR_LEN 16
@ -100,7 +100,7 @@ struct uuid_entry {
}; };
typedef struct DCERPCState_ { typedef struct DCERPCState_ {
dcerpc_t dcerpc; DCERPCHdr dcerpc;
uint16_t bytesprocessed; uint16_t bytesprocessed;
uint8_t numctxitems; uint8_t numctxitems;
uint8_t numctxitemsleft; uint8_t numctxitemsleft;

2
src/app-layer-nbss.h
Unescape Escape View File

@ -40,7 +40,7 @@ typedef struct nbss_hdr_ {
uint8_t type; uint8_t type;
uint8_t flags; uint8_t flags;
uint32_t length; uint32_t length;
}nbss_hdr_t, *pnbss_hdr_t; }NBSSHdr;
#define NBSS_HDR_LEN 4 #define NBSS_HDR_LEN 4
#endif /* APPLAYERNBSS_H_ */ #endif /* APPLAYERNBSS_H_ */

49
src/app-layer-smb.h
Unescape Escape View File

@ -12,36 +12,7 @@
#include "flow.h" #include "flow.h"
#include "stream.h" #include "stream.h"
#include <stdint.h> #include <stdint.h>
/* #include "app-layer-nbss.h"
http://ubiqx.org/cifs/rfc-draft/rfc1002.html#s4.3
All session packets are of the following general structure:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TYPE | FLAGS | LENGTH |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ TRAILER (Packet Type Dependent) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The TYPE, FLAGS, and LENGTH fields are present in every session
packet.
*/
#define NBSS_SESSION_MESSAGE 0x00
#define NBSS_SESSION_REQUEST 0x81
#define NBSS_POSITIVE_SESSION_RESPONSE 0x82
#define NBSS_NEGATIVE_SESSION_RESPONSE 0x83
#define NBSS_RETARGET_SESSION_RESPONSE 0x84
#define NBSS_SESSION_KEEP_ALIVE 0x85
typedef struct nbss_hdr_ {
uint8_t type;
uint8_t flags;
uint32_t length;
}nbss_hdr_t, *pnbss_hdr_t;
#define NBSS_HDR_LEN 4
typedef struct smb_hdr_ { typedef struct smb_hdr_ {
uint8_t protocol[4]; uint8_t protocol[4];
@ -56,7 +27,7 @@ typedef struct smb_hdr_ {
uint16_t pid; uint16_t pid;
uint16_t uid; uint16_t uid;
uint16_t mid; uint16_t mid;
}smb_hdr_t, *psmb_hdr_t; }SMBHdr;
#define SMB_HDR_LEN 32 #define SMB_HDR_LEN 32
#define MINIMUM_SMB_LEN 35 #define MINIMUM_SMB_LEN 35
#define NBSS_SMB_HDRS_LEN 36 #define NBSS_SMB_HDRS_LEN 36
@ -64,13 +35,13 @@ typedef struct smb_hdr_ {
typedef struct wordcount_ { typedef struct wordcount_ {
uint8_t wordcount; uint8_t wordcount;
uint8_t *words; uint8_t *words;
}wordcount_t, *pwordcount_t; }SMBWordCount;
typedef struct bytecount_ { typedef struct bytecount_ {
uint8_t bytecountbytes; uint8_t bytecountbytes;
uint16_t bytecount; uint16_t bytecount;
uint8_t *bytes; uint8_t *bytes;
}bytecount_t, *pbytyecount_t; }SMBByteCount;
typedef struct andxcount_ { typedef struct andxcount_ {
uint8_t isandx; uint8_t isandx;
@ -80,14 +51,14 @@ typedef struct andxcount_ {
uint16_t andxbytesprocessed; uint16_t andxbytesprocessed;
uint32_t datalength; uint32_t datalength;
uint64_t dataoffset; uint64_t dataoffset;
}andx_t, *pandx_t; }SMBAndX;
typedef struct SMBState_ { typedef struct SMBState_ {
nbss_hdr_t nbss; NBSSHdr nbss;
smb_hdr_t smb; SMBHdr smb;
wordcount_t wordcount; SMBWordCount wordcount;
bytecount_t bytecount; SMBByteCount bytecount;
andx_t andx; SMBAndX andx;
uint16_t bytesprocessed; uint16_t bytesprocessed;
}SMBState; }SMBState;

6
src/app-layer-smb2.h
Unescape Escape View File

@ -28,13 +28,13 @@ typedef struct smb2_hdr {
uint32_t TreeId; uint32_t TreeId;
uint64_t SessionId; uint64_t SessionId;
uint8_t Signature[16]; uint8_t Signature[16];
}smb2_hdr_t, *psmb2_hdr_t; }SMB2Hdr;
#define SMB2_HDR_LEN 64 #define SMB2_HDR_LEN 64
typedef struct SMB2State_ { typedef struct SMB2State_ {
nbss_hdr_t nbss; NBSSHdr nbss;
smb2_hdr_t smb2; SMB2Hdr smb2;
uint16_t bytesprocessed; uint16_t bytesprocessed;
}SMB2State; }SMB2State;

Write Preview
Loading…
Cancel
Save