aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dcerpc request smb transact and fix for dcerpc bindack

Browse Source
remotes/origin/master-1.0.x
Kirby Kuehl 16 years ago committed by Victor Julien
parent 8f00718b0d
commit 90b42232fa
6 changed files with 1544 additions and 902 deletions
Show Stats Download Patch File Download Diff File

1036
src/app-layer-dcerpc.c
View File

File diff suppressed because it is too large Load Diff

16
src/app-layer-dcerpc.h
Unescape Escape View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009 Open Information Security Foundation
* Copyright (c) 2009,2010 Open Information Security Foundation
* app-layer-dcerpc.h
*
* \author Kirby Kuehl <kkuehl@gmail.com>
@ -11,6 +11,7 @@
#include "app-layer-parser.h"
#include "flow.h"
#include "queue.h"
#include <byteswap.h>
void RegisterDCERPCParsers(void);
void DCERPCParserTests(void);
@ -115,6 +116,7 @@ typedef struct DCERPCState_ {
TAILQ_HEAD(, uuid_entry) uuid_list;
uint16_t secondaryaddrlen;
uint16_t secondaryaddrlenleft;
uint16_t opnum;
}DCERPCState;
@ -142,20 +144,20 @@ typedef struct DCERPCState_ {
#define USER_DATA_NOT_READABLE 6 /* not used */
#define NO_PSAP_AVAILABLE 7 /* not used */
/*
typedef uint16_t p_context_id_t;
typedef struct {
typedef uint16_t p_context_id_t;
typedef struct {
uuid_t if_uuid;
uint32_t if_version;
} p_syntax_id_t;
} p_syntax_id_t;
typedef struct {
typedef struct {
p_context_id_t p_cont_id;
uint8_t n_transfer_syn; // number of items
uint8_t reserved; // alignment pad, m.b.z.
p_syntax_id_t abstract_syntax; // transfer syntax list
p_syntax_id_t [size_is(n_transfer_syn)] transfer_syntaxes[];
} p_cont_elem_t;
*/
} p_cont_elem_t;
*/
#endif /* APPLAYERDCERPC_H_ */

688
src/app-layer-smb.c
View File

File diff suppressed because it is too large Load Diff

28
src/app-layer-smb.h
Unescape Escape View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009 Open Information Security Foundation
* Copyright (c) 2009,2010 Open Information Security Foundation
* app-layer-smb.h
*
* \author Kirby Kuehl <kkuehl@gmail.com>
@ -13,21 +13,21 @@
#include "stream.h"
#include <stdint.h>
/*
http://ubiqx.org/cifs/rfc-draft/rfc1002.html#s4.3
All session packets are of the following general structure:
http://ubiqx.org/cifs/rfc-draft/rfc1002.html#s4.3
All session packets are of the following general structure:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TYPE | FLAGS | LENGTH |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ TRAILER (Packet Type Dependent) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TYPE | FLAGS | LENGTH |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ TRAILER (Packet Type Dependent) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The TYPE, FLAGS, and LENGTH fields are present in every session
packet.
The TYPE, FLAGS, and LENGTH fields are present in every session
packet.
*/
#define NBSS_SESSION_MESSAGE 0x00
#define NBSS_SESSION_REQUEST 0x81

2
src/app-layer-smb2.c
Unescape Escape View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009 Open Information Security Foundation
* Copyright (c) 2009,2010 Open Information Security Foundation
* app-layer-smb.c
*
* \author Kirby Kuehl <kkuehl@gmail.com>

2
src/app-layer-smb2.h
Unescape Escape View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009 Open Information Security Foundation
* Copyright (c) 2009,2010 Open Information Security Foundation
* app-layer-smb2.h
*
* \author Kirby Kuehl <kkuehl@gmail.com>

Write Preview
Loading…
Cancel
Save