]> git.ipfire.org Git - people/ms/suricata.git/blame - rust/src/dcerpc/dcerpc.rs
projects / people / ms / suricata.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
app-layer: include DetectEngineState in AppLayerTxData
[people/ms/suricata.git] / rust / src / dcerpc / dcerpc.rs
CommitLineData
8036202c
SB		 1/* Copyright (C) 2020 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
3641f1b5 18use crate::applayer::*;
0ac5c537 19use crate::core::{self, *};
8036202c 20use crate::dcerpc::parser;
8036202c
SB		 21use nom::error::ErrorKind;
22use nom::number::Endianness;
4c7f55e6 23use nom;
f4f6387a 24use std;
8036202c 25use std::cmp;
bac69af7 26use std::ffi::CString;
8036202c
SB		 27
28// Constant DCERPC UDP Header length
29pub const DCERPC_HDR_LEN: u16 = 16;
30// FIRST flag set on the packet
31pub const DCERPC_UUID_ENTRY_FLAG_FF: u16 = 0x0001;
32
e9b21553
IB		 33// Flag bits in connection-oriented PDU header
34
8036202c
SB		 35// Value to indicate first fragment
36pub const PFC_FIRST_FRAG: u8 = 0x01;
37// Value to indicate last fragment
38pub const PFC_LAST_FRAG: u8 = 0x02;
39// Cancel was pending at sender
40pub const PFC_PENDING_CANCEL: u8 = 0x04;
41pub const PFC_RESERVED_1: u8 = 0x08;
42// supports concurrent multiplexing of a single connection.
43pub const PFC_CONC_MPX: u8 = 0x10;
44// only meaningful on `fault' packet; if true, guaranteed
45// call did not execute.
46pub const PFC_DID_NOT_EXECUTE: u8 = 0x20;
47// `maybe' call semantics requested
48pub const PFC_MAYBE: u8 = 0x40;
49// if true, a non-nil object UUID was specified in the handle, and
50// is present in the optional object field. If false, the object field
51// is omitted.
52pub const PFC_OBJECT_UUID: u8 = 0x80;
53
e9b21553
IB		 54// Flag bits in first flag field in connectionless PDU header.
55pub const PFCL1_RESERVED_01: u8 = 0x01; // Reserved for use by implementations
56pub const PFCL1_LASTFRAG: u8 = 0x02; // If set, the PDU is the last fragment
57 // of a multi-PDU transmission
58pub const PFCL1_FRAG: u8 = 0x04; // If set, the PDU is a fragment
59 // of a multi-PDU transmission
60pub const PFCL1_NOFACK: u8 = 0x08; // If set, the receiver is not requested
61 // to send a `fack' PDU for the fragment
62pub const PFCL1_MAYBE: u8 = 0x10; // If set, the PDU is for a `maybe' request
63pub const PFCL1_IDEMPOTENT: u8 = 0x20; // If set, the PDU is for
64 // an idempotent request
65pub const PFCL1_BROADCAST: u8 = 0x40; // If set, the PDU is for
66 // a broadcast request
67pub const PFCL1_RESERVED_80: u8 = 0x80; // Reserved for use by implementations
68
69// Flag bits in second flag field in connectionless PDU header.
70pub const PFCL2_RESERVED_01: u8 = 0x01; // Reserved for use by implementations
71pub const PFCL2_CANCEL_PENDING: u8 = 0x02; // Cancel pending at the call end
72pub const PFCL2_RESERVED_04: u8 = 0x04; // Reserved for future use
73pub const PFCL2_RESERVED_08: u8 = 0x08; // Reserved for future use
74pub const PFCL2_RESERVED_10: u8 = 0x10; // Reserved for future use
75pub const PFCL2_RESERVED_20: u8 = 0x20; // Reserved for future use
76pub const PFCL2_RESERVED_40: u8 = 0x40; // Reserved for future use
77pub const PFCL2_RESERVED_80: u8 = 0x80; // Reserved for future use
78
8036202c
SB		 79pub const REASON_NOT_SPECIFIED: u8 = 0;
80pub const TEMPORARY_CONGESTION: u8 = 1;
81pub const LOCAL_LIMIT_EXCEEDED: u8 = 2;
82pub const CALLED_PADDR_UNKNOWN: u8 = 3; /* not used */
83pub const PROTOCOL_VERSION_NOT_SUPPORTED: u8 = 4;
84pub const DEFAULT_CONTEXT_NOT_SUPPORTED: u8 = 5; /* not used */
85pub const USER_DATA_NOT_READABLE: u8 = 6; /* not used */
86pub const NO_PSAP_AVAILABLE: u8 = 7; /* not used */
87
88// DCERPC Header packet types
89pub const DCERPC_TYPE_REQUEST: u8 = 0;
90pub const DCERPC_TYPE_PING: u8 = 1;
91pub const DCERPC_TYPE_RESPONSE: u8 = 2;
92pub const DCERPC_TYPE_FAULT: u8 = 3;
93pub const DCERPC_TYPE_WORKING: u8 = 4;
94pub const DCERPC_TYPE_NOCALL: u8 = 5;
95pub const DCERPC_TYPE_REJECT: u8 = 6;
96pub const DCERPC_TYPE_ACK: u8 = 7;
97pub const DCERPC_TYPE_CL_CANCEL: u8 = 8;
98pub const DCERPC_TYPE_FACK: u8 = 9;
99pub const DCERPC_TYPE_CANCEL_ACK: u8 = 10;
100pub const DCERPC_TYPE_BIND: u8 = 11;
101pub const DCERPC_TYPE_BINDACK: u8 = 12;
102pub const DCERPC_TYPE_BINDNAK: u8 = 13;
103pub const DCERPC_TYPE_ALTER_CONTEXT: u8 = 14;
104pub const DCERPC_TYPE_ALTER_CONTEXT_RESP: u8 = 15;
105pub const DCERPC_TYPE_AUTH3: u8 = 16;
106pub const DCERPC_TYPE_SHUTDOWN: u8 = 17;
107pub const DCERPC_TYPE_CO_CANCEL: u8 = 18;
108pub const DCERPC_TYPE_ORPHANED: u8 = 19;
109pub const DCERPC_TYPE_RTS: u8 = 20;
bab497ab 110pub const DCERPC_TYPE_UNKNOWN: u8 = 99;
8036202c 111
bac69af7
SB		 112pub static mut ALPROTO_DCERPC: AppProto = ALPROTO_UNKNOWN;
113
8036202c
SB		 114pub fn dcerpc_type_string(t: u8) -> String {
115 match t {
116 DCERPC_TYPE_REQUEST => "REQUEST",
117 DCERPC_TYPE_PING => "PING",
118 DCERPC_TYPE_RESPONSE => "RESPONSE",
119 DCERPC_TYPE_FAULT => "FAULT",
120 DCERPC_TYPE_WORKING => "WORKING",
121 DCERPC_TYPE_NOCALL => "NOCALL",
122 DCERPC_TYPE_REJECT => "REJECT",
123 DCERPC_TYPE_ACK => "ACK",
124 DCERPC_TYPE_CL_CANCEL => "CL_CANCEL",
125 DCERPC_TYPE_FACK => "FACK",
126 DCERPC_TYPE_CANCEL_ACK => "CANCEL_ACK",
127 DCERPC_TYPE_BIND => "BIND",
128 DCERPC_TYPE_BINDACK => "BINDACK",
129 DCERPC_TYPE_BINDNAK => "BINDNAK",
130 DCERPC_TYPE_ALTER_CONTEXT => "ALTER_CONTEXT",
131 DCERPC_TYPE_ALTER_CONTEXT_RESP => "ALTER_CONTEXT_RESP",
132 DCERPC_TYPE_AUTH3 => "AUTH3",
133 DCERPC_TYPE_SHUTDOWN => "SHUTDOWN",
134 DCERPC_TYPE_CO_CANCEL => "CO_CANCEL",
135 DCERPC_TYPE_ORPHANED => "ORPHANED",
136 DCERPC_TYPE_RTS => "RTS",
bab497ab 137 DCERPC_TYPE_UNKNOWN => "UNKNOWN",
8036202c
SB		 138 _ => {
139 return (t).to_string();
140 }
141 }
142 .to_string()
143}
144
bab497ab
SB		 145pub fn get_resp_type_for_req(t: u8) -> u8 {
146 match t {
147 DCERPC_TYPE_REQUEST => DCERPC_TYPE_RESPONSE,
148 DCERPC_TYPE_BIND => DCERPC_TYPE_BINDACK,
149 DCERPC_TYPE_ALTER_CONTEXT => DCERPC_TYPE_ALTER_CONTEXT_RESP,
150 _ => DCERPC_TYPE_UNKNOWN,
151 }
152}
153
154pub fn get_req_type_for_resp(t: u8) -> u8 {
155 match t {
156 DCERPC_TYPE_RESPONSE => DCERPC_TYPE_REQUEST,
157 DCERPC_TYPE_BINDACK => DCERPC_TYPE_BIND,
158 DCERPC_TYPE_ALTER_CONTEXT_RESP => DCERPC_TYPE_ALTER_CONTEXT,
159 _ => DCERPC_TYPE_UNKNOWN,
160 }
161}
162
1ef0bd58 163#[derive(Default, Debug)]
bab497ab 164pub struct DCERPCTransaction {
2840a2e0 165 pub id: u64, // internal transaction ID
8036202c
SB		 166 pub ctxid: u16,
167 pub opnum: u16,
168 pub first_request_seen: u8,
bab497ab
SB		 169 pub call_id: u32, // ID to match any request-response pair
170 pub frag_cnt_ts: u16,
171 pub frag_cnt_tc: u16,
172 pub endianness: u8,
173 pub stub_data_buffer_ts: Vec<u8>,
174 pub stub_data_buffer_tc: Vec<u8>,
bab497ab
SB		 175 pub stub_data_buffer_reset_ts: bool,
176 pub stub_data_buffer_reset_tc: bool,
177 pub req_done: bool,
178 pub resp_done: bool,
4c7f55e6
SB		 179 pub req_lost: bool,
180 pub resp_lost: bool,
bab497ab
SB		 181 pub req_cmd: u8,
182 pub resp_cmd: u8,
6916b63f
IB		 183 pub activityuuid: Vec<u8>,
184 pub seqnum: u32,
bab497ab 185 pub tx_data: AppLayerTxData,
8036202c
SB		 186}
187
bab497ab 188impl DCERPCTransaction {
1ef0bd58
JL		 189 pub fn new() -> Self {
190 return Self {
bab497ab
SB		 191 stub_data_buffer_ts: Vec::new(),
192 stub_data_buffer_tc: Vec::new(),
bab497ab
SB		 193 req_cmd: DCERPC_TYPE_REQUEST,
194 resp_cmd: DCERPC_TYPE_RESPONSE,
6916b63f 195 activityuuid: Vec::new(),
bab497ab 196 tx_data: AppLayerTxData::new(),
1ef0bd58
JL		 197 ..Default::default()
198 }
8036202c 199 }
8036202c 200
bab497ab
SB		 201 pub fn get_req_ctxid(&self) -> u16 {
202 self.ctxid
203 }
8036202c 204
bab497ab
SB		 205 pub fn get_first_req_seen(&self) -> u8 {
206 self.first_request_seen
207 }
208
209 pub fn get_req_opnum(&self) -> u16 {
210 self.opnum
211 }
212
213 pub fn get_endianness(&self) -> u8 {
214 self.endianness
8036202c
SB		 215 }
216}
217
bab497ab
SB		 218#[derive(Debug)]
219pub struct DCERPCRequest {
220 pub ctxid: u16,
221 pub opnum: u16,
222 pub first_request_seen: u8,
223}
224
1ef0bd58 225#[derive(Default, Debug, Clone)]
8036202c
SB		 226pub struct DCERPCUuidEntry {
227 pub ctxid: u16,
228 pub internal_id: u16,
229 pub result: u16,
230 pub uuid: Vec<u8>,
231 pub version: u16,
232 pub versionminor: u16,
233 pub flags: u16,
234}
235
236impl DCERPCUuidEntry {
1ef0bd58
JL		 237 pub fn new() -> Self {
238 Default::default()
8036202c
SB		 239 }
240}
241
242#[derive(Debug, PartialEq)]
243pub struct Uuid {
244 pub time_low: Vec<u8>,
245 pub time_mid: Vec<u8>,
246 pub time_hi_and_version: Vec<u8>,
247 pub clock_seq_hi_and_reserved: u8,
248 pub clock_seq_low: u8,
249 pub node: Vec<u8>,
250}
251
252#[derive(Debug)]
253pub struct DCERPCHdr {
254 pub rpc_vers: u8,
255 pub rpc_vers_minor: u8,
256 pub hdrtype: u8,
257 pub pfc_flags: u8,
258 pub packed_drep: Vec<u8>,
259 pub frag_length: u16,
260 pub auth_length: u16,
261 pub call_id: u32,
262}
263
264#[derive(Debug)]
265pub struct DCERPCBind {
266 pub numctxitems: u8,
267 pub uuid_list: Vec<DCERPCUuidEntry>,
268}
269
270#[derive(Debug)]
271pub struct BindCtxItem {
272 pub ctxid: u16,
273 pub uuid: Vec<u8>,
274 pub version: u16,
275 pub versionminor: u16,
276}
277
278#[derive(Debug, PartialEq)]
279pub struct DCERPCBindAckResult {
280 pub ack_result: u16,
281 pub ack_reason: u16,
282 pub transfer_syntax: Vec<u8>,
283 pub syntax_version: u32,
284}
285
286#[derive(Debug)]
287pub struct DCERPCBindAck {
288 pub accepted_uuid_list: Vec<DCERPCUuidEntry>,
289 pub sec_addr_len: u16,
290 pub numctxitems: u8,
291 pub ctxitems: Vec<DCERPCBindAckResult>,
292}
293
1ef0bd58 294#[derive(Default, Debug)]
8036202c
SB		 295pub struct DCERPCState {
296 pub header: Option<DCERPCHdr>,
297 pub bind: Option<DCERPCBind>,
298 pub bindack: Option<DCERPCBindAck>,
bab497ab 299 pub transactions: Vec<DCERPCTransaction>,
8036202c
SB		 300 pub buffer_ts: Vec<u8>,
301 pub buffer_tc: Vec<u8>,
302 pub pad: u8,
303 pub padleft: u16,
304 pub bytes_consumed: u16,
2840a2e0 305 pub tx_id: u64,
8036202c 306 pub query_completed: bool,
a866499b
SB		 307 pub data_needed_for_dir: Direction,
308 pub prev_dir: Direction,
bab497ab
SB		 309 pub prev_tx_call_id: u32,
310 pub clear_bind_cache: bool,
4c7f55e6
SB		 311 pub ts_gap: bool,
312 pub tc_gap: bool,
313 pub ts_ssn_gap: bool,
314 pub tc_ssn_gap: bool,
8b288663
VJ		 315 pub ts_ssn_trunc: bool, /// true if Truncated in this direction
316 pub tc_ssn_trunc: bool,
0ac5c537 317 pub flow: Option<*const core::Flow>,
8036202c
SB		 318}
319
320impl DCERPCState {
1ef0bd58
JL		 321 pub fn new() -> Self {
322 return Self {
a866499b
SB		 323 data_needed_for_dir: Direction::ToServer,
324 prev_dir: Direction::ToServer,
1ef0bd58
JL		 325 ..Default::default()
326 }
8036202c
SB		 327 }
328
bab497ab
SB		 329 fn create_tx(&mut self, call_id: u32) -> DCERPCTransaction {
330 let mut tx = DCERPCTransaction::new();
331 let endianness = self.get_hdr_drep_0() & 0x10;
332 tx.id = self.tx_id;
333 tx.call_id = call_id;
334 tx.endianness = endianness;
335 self.tx_id += 1;
8b288663
VJ		 336 tx.req_done = self.ts_ssn_trunc;
337 tx.resp_done = self.tc_ssn_trunc;
bab497ab
SB		 338 tx
339 }
340
5d985c42
VJ		 341 pub fn free_tx(&mut self, tx_id: u64) {
342 SCLogDebug!("Freeing TX with ID {} TX.ID {}", tx_id, tx_id+1);
343 let len = self.transactions.len();
344 let mut found = false;
345 let mut index = 0;
346 for i in 0..len {
347 let tx = &self.transactions[i];
348 if tx.id as u64 == tx_id { //+ 1 {
349 found = true;
350 index = i;
351 SCLogDebug!("tx {} progress {}/{}", tx.id, tx.req_done, tx.resp_done);
352 break;
353 }
354 }
355 if found {
356 SCLogDebug!("freeing TX with ID {} TX.ID {} at index {} left: {} max id: {}",
357 tx_id, tx_id+1, index, self.transactions.len(), self.tx_id);
358 self.transactions.remove(index);
359 }
360 }
361
8036202c
SB		 362 fn get_hdr_drep_0(&self) -> u8 {
363 if let Some(ref hdr) = &self.header {
364 return hdr.packed_drep[0];
365 }
366 0
367 }
368
369 fn get_endianness(&self) -> Endianness {
370 let drep_0 = self.get_hdr_drep_0();
371 if drep_0 & 0x10 == 0 {
372 return Endianness::Big;
373 }
374 Endianness::Little
375 }
376
377 fn get_hdr_fraglen(&self) -> Option<u16> {
378 debug_validate_bug_on!(self.header.is_none());
379 if let Some(ref hdr) = self.header {
380 return Some(hdr.frag_length);
381 }
382 // Shouldn't happen
383 None
384 }
385
386 fn get_hdr_pfcflags(&self) -> Option<u8> {
387 debug_validate_bug_on!(self.header.is_none());
388 if let Some(ref hdr) = self.header {
389 return Some(hdr.pfc_flags);
390 }
391 // Shouldn't happen
392 None
393 }
394
395 pub fn get_hdr_type(&self) -> Option<u8> {
396 debug_validate_bug_on!(self.header.is_none());
397 if let Some(ref hdr) = self.header {
398 return Some(hdr.hdrtype);
399 }
400 // Shouldn't happen
401 None
402 }
403
404 pub fn get_hdr_rpc_vers(&self) -> Option<u8> {
405 debug_validate_bug_on!(self.header.is_none());
406 if let Some(ref hdr) = self.header {
407 return Some(hdr.rpc_vers);
408 }
409 // Shouldn't happen
410 None
411 }
412
bab497ab
SB		 413 pub fn get_hdr_call_id(&self) -> Option<u32> {
414 debug_validate_bug_on!(self.header.is_none());
415 if let Some(ref hdr) = self.header {
416 return Some(hdr.call_id);
8036202c
SB		 417 }
418 // Shouldn't happen
419 None
420 }
421
422 pub fn handle_gap_ts(&mut self) -> u8 {
423 if self.buffer_ts.len() > 0 {
424 self.buffer_ts.clear();
425 }
426 return 0;
427 }
428
429 pub fn handle_gap_tc(&mut self) -> u8 {
430 if self.buffer_tc.len() > 0 {
431 self.buffer_tc.clear();
432 }
433 return 0;
434 }
435
a866499b 436 pub fn clean_buffer(&mut self, direction: Direction) {
8036202c 437 match direction {
a866499b 438 Direction::ToServer => {
8036202c 439 self.buffer_ts.clear();
4c7f55e6 440 self.ts_gap = false;
8036202c 441 }
a866499b 442 Direction::ToClient => {
8036202c 443 self.buffer_tc.clear();
4c7f55e6 444 self.tc_gap = false;
8036202c
SB		 445 }
446 }
447 self.bytes_consumed = 0;
448 }
449
a866499b 450 pub fn extend_buffer(&mut self, buffer: &[u8], direction: Direction) {
8036202c 451 match direction {
a866499b 452 Direction::ToServer => {
8036202c
SB		 453 self.buffer_ts.extend_from_slice(buffer);
454 }
a866499b 455 Direction::ToClient => {
8036202c
SB		 456 self.buffer_tc.extend_from_slice(buffer);
457 }
458 }
459 self.data_needed_for_dir = direction;
460 }
461
a866499b
SB		 462 pub fn reset_direction(&mut self, direction: Direction) {
463 if direction == Direction::ToServer {
464 self.data_needed_for_dir = Direction::ToClient;
8036202c 465 } else {
a866499b 466 self.data_needed_for_dir = Direction::ToServer;
8036202c
SB		 467 }
468 }
469
bab497ab
SB		 470 /// Get transaction as per the given transaction ID. Transaction ID with
471 /// which the lookup is supposed to be done as per the calls from AppLayer
472 /// parser in C. This requires an internal transaction ID to be maintained.
473 ///
474 /// Arguments:
475 /// * `tx_id`:
476 /// type: unsigned 32 bit integer
477 /// description: internal transaction ID to track transactions
478 ///
479 /// Return value:
480 /// Option mutable reference to DCERPCTransaction
2840a2e0 481 pub fn get_tx(&mut self, tx_id: u64) -> Option<&mut DCERPCTransaction> {
bab497ab
SB		 482 for tx in &mut self.transactions {
483 let found = tx.id == tx_id;
484 if found {
485 return Some(tx);
486 }
487 }
488 None
489 }
490
491 /// Find the transaction as per call ID defined in header. If the tx is not
492 /// found, create one.
493 ///
494 /// Arguments:
495 /// * `call_id`:
496 /// type: unsigned 32 bit integer
497 /// description: call_id param derived from TCP Header
498 /// * `dir`:
a866499b 499 /// type: enum Direction
bab497ab
SB		 500 /// description: direction of the flow
501 ///
502 /// Return value:
503 /// Option mutable reference to DCERPCTransaction
a866499b 504 pub fn get_tx_by_call_id(&mut self, call_id: u32, dir: Direction) -> Option<&mut DCERPCTransaction> {
bab497ab
SB		 505 let cmd = self.get_hdr_type().unwrap_or(0);
506 for tx in &mut self.transactions {
507 let found = tx.call_id == call_id;
508 if found {
509 match dir {
a866499b 510 Direction::ToServer => {
bab497ab
SB		 511 let resp_cmd = get_resp_type_for_req(cmd);
512 if resp_cmd != tx.resp_cmd {
513 continue;
514 }
515 }
a866499b 516 Direction::ToClient => {
bab497ab
SB		 517 let req_cmd = get_req_type_for_resp(cmd);
518 if req_cmd != tx.req_cmd {
519 continue;
520 }
521 }
522 }
523 return Some(tx);
524 }
525 }
526 None
527 }
528
529 pub fn handle_bind_cache(&mut self, call_id: u32, is_response: bool) {
530 if self.clear_bind_cache == true {
531 self.bind = None;
532 self.bindack = None;
533 }
534 if self.prev_tx_call_id == call_id && is_response == true {
535 self.clear_bind_cache = true;
536 } else {
537 self.clear_bind_cache = false;
538 }
539 self.prev_tx_call_id = call_id;
540 }
541
a866499b 542 pub fn parse_data_gap(&mut self, direction: Direction) -> AppLayerResult {
4c7f55e6 543 match direction {
a866499b 544 Direction::ToServer => {
4c7f55e6
SB		 545 self.ts_gap = true;
546 self.ts_ssn_gap = true;
547 },
a866499b 548 Direction::ToClient => {
4c7f55e6
SB		 549 self.tc_gap = true;
550 self.tc_ssn_gap = true;
551 },
552 }
553 AppLayerResult::ok()
554 }
555
a866499b 556 pub fn post_gap_housekeeping(&mut self, dir: Direction) {
4c7f55e6 557 SCLogDebug!("ts ssn gap: {:?}, tc ssn gap: {:?}, dir: {:?}", self.ts_ssn_gap, self.tc_ssn_gap, dir);
a866499b 558 if self.ts_ssn_gap && dir == Direction::ToServer {
4c7f55e6
SB		 559 for tx in &mut self.transactions {
560 if tx.id >= self.tx_id {
561 SCLogDebug!("post_gap_housekeeping: done");
562 break;
563 }
564 if tx.req_done == false {
565 tx.req_lost = true;
566 }
567 tx.req_done = true;
0ac5c537 568 if let Some(flow) = self.flow {
a866499b 569 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, dir as i32);
0ac5c537 570 }
4c7f55e6 571 }
a866499b 572 } else if self.tc_ssn_gap && dir == Direction::ToClient {
4c7f55e6
SB		 573 for tx in &mut self.transactions {
574 if tx.id >= self.tx_id {
575 SCLogDebug!("post_gap_housekeeping: done");
576 break;
577 }
578 if tx.req_done == false {
579 tx.req_lost = true;
580 }
581 if tx.resp_done == false {
582 tx.resp_lost = true;
583 }
584 tx.req_done = true;
585 tx.resp_done = true;
0ac5c537 586 if let Some(flow) = self.flow {
a866499b 587 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, dir as i32);
0ac5c537 588 }
4c7f55e6
SB		 589 }
590 }
591 }
592
593 pub fn search_dcerpc_record<'a>(&mut self, i: &'a[u8]) -> nom::IResult<&'a[u8], &'a[u8]> {
594 let mut d = i;
595 while d.len() >= 2 {
596 if d[0] == 0x05 && d[1] == 0x00 {
597 return Ok((&d[2..], d));
598 }
599 d = &d[1..];
600 }
601 Err(nom::Err::Incomplete(nom::Needed::Size(2 as usize - d.len())))
602 }
603
8036202c
SB		 604 /// Makes a call to the nom parser for parsing DCERPC Header.
605 ///
606 /// Arguments:
607 /// * `input`:
608 /// type: u8 vector slice.
609 /// description: bytes from the beginning of the buffer.
610 ///
611 /// Return value:
612 /// * Success: Number of bytes successfully parsed.
613 /// * Failure: -1 in case of Incomplete data or Eof.
614 /// -2 in case of Error while parsing.
615 pub fn process_header(&mut self, input: &[u8]) -> i32 {
616 match parser::parse_dcerpc_header(input) {
617 Ok((leftover_bytes, header)) => {
618 if header.rpc_vers != 5
619 || (header.rpc_vers_minor != 0 && header.rpc_vers_minor != 1)
620 {
621 SCLogDebug!(
622 "DCERPC Header did not validate. Major version: {:?} Minor version: {:?}",
623 header.rpc_vers,
624 header.rpc_vers_minor
625 );
626 return -1;
627 }
628 self.header = Some(header);
629 (input.len() - leftover_bytes.len()) as i32
630 }
631 Err(nom::Err::Incomplete(_)) => {
632 // Insufficient data.
633 SCLogDebug!("Insufficient data while parsing DCERPC header");
634 -1
635 }
636 Err(nom::Err::Error(([], ErrorKind::Eof))) => {
637 SCLogDebug!("EoF reached while parsing DCERPC header");
638 -1
639 }
640 Err(_) => {
641 // Error, probably malformed data.
642 SCLogDebug!("An error occured while parsing DCERPC header");
643 -2
644 }
645 }
646 }
647
648 pub fn handle_bindctxitem(&mut self, input: &[u8], uuid_internal_id: u16) -> i32 {
649 let endianness = self.get_endianness();
650 match parser::parse_bindctx_item(input, endianness) {
651 Ok((leftover_bytes, ctxitem)) => {
652 let mut uuidentry = DCERPCUuidEntry::new();
653 uuidentry.uuid = ctxitem.uuid;
654 uuidentry.internal_id = uuid_internal_id;
655 uuidentry.ctxid = ctxitem.ctxid;
656 uuidentry.version = ctxitem.version;
657 uuidentry.versionminor = ctxitem.versionminor;
658 let pfcflags = self.get_hdr_pfcflags().unwrap_or(0);
659 // Store the first frag flag in the uuid as pfc_flags will
660 // be overwritten by new packets
661 if pfcflags & PFC_FIRST_FRAG > 0 {
662 uuidentry.flags |= DCERPC_UUID_ENTRY_FLAG_FF;
663 }
664 if let Some(ref mut bind) = self.bind {
665 SCLogDebug!("DCERPC BIND CtxItem: Pushing uuid: {:?}", uuidentry);
666 bind.uuid_list.push(uuidentry);
667 }
668 (input.len() - leftover_bytes.len()) as i32
669 }
670 Err(nom::Err::Incomplete(_)) => {
671 // Insufficient data.
672 SCLogDebug!("Insufficient data while parsing DCERPC BIND CTXItem");
673 -1
674 }
675 Err(_) => {
676 // Error, probably malformed data.
677 SCLogDebug!("An error occurred while parsing DCERPC BIND CTXItem");
678 -1
679 }
680 }
681 }
682
683 pub fn process_bind_pdu(&mut self, input: &[u8]) -> i32 {
684 let mut retval = 0;
685 let mut idx = 12; // Bytes consumed if parser returns OK would be 12
686 match parser::parse_dcerpc_bind(input) {
687 Ok((leftover_bytes, header)) => {
688 let numctxitems = header.numctxitems;
689 self.bind = Some(header);
690 for i in 0..numctxitems {
691 retval = self.handle_bindctxitem(&input[idx as usize..], i as u16);
692 if retval == -1 {
693 return -1;
694 }
695 idx = retval + idx;
696 }
bab497ab
SB		 697 let call_id = self.get_hdr_call_id().unwrap_or(0);
698 let mut tx = self.create_tx(call_id);
699 tx.req_cmd = self.get_hdr_type().unwrap_or(0);
700 tx.req_done = true;
0ac5c537 701 if let Some(flow) = self.flow {
a866499b 702 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToServer as i32);
0ac5c537 703 }
bab497ab
SB		 704 tx.frag_cnt_ts = 1;
705 self.transactions.push(tx);
8036202c
SB		 706 // Bytes parsed with `parse_dcerpc_bind` + (bytes parsed per bindctxitem [44] * number
707 // of bindctxitems)
708 (input.len() - leftover_bytes.len()) as i32 + retval * numctxitems as i32
709 }
710 Err(nom::Err::Incomplete(_)) => {
711 // Insufficient data.
712 SCLogDebug!("Insufficient data while parsing DCERPC BIND header");
713 -1
714 }
715 Err(_) => {
716 // Error, probably malformed data.
717 SCLogDebug!("An error occurred while parsing DCERPC BIND header");
718 -1
719 }
720 }
721 }
722
723 pub fn process_bindack_pdu(&mut self, input: &[u8]) -> i32 {
724 match parser::parse_dcerpc_bindack(input) {
725 Ok((leftover_bytes, mut back)) => {
726 if let Some(ref mut bind) = self.bind {
727 let mut uuid_internal_id = 0;
728 for r in back.ctxitems.iter() {
729 for mut uuid in bind.uuid_list.iter_mut() {
730 if uuid.internal_id == uuid_internal_id {
731 uuid.result = r.ack_result;
732 if uuid.result != 0 {
733 break;
734 }
735 back.accepted_uuid_list.push(uuid.clone());
736 SCLogDebug!("DCERPC BINDACK accepted UUID: {:?}", uuid);
737 }
738 }
739 uuid_internal_id += 1;
740 }
741 self.bindack = Some(back);
742 }
743 (input.len() - leftover_bytes.len()) as i32
744 }
745 Err(nom::Err::Incomplete(_)) => {
746 // Insufficient data.
747 SCLogDebug!("Insufficient data while parsing DCERPC BINDACK");
748 -1
749 }
750 Err(_) => {
751 // Error, probably malformed data.
752 SCLogDebug!("An error occurred while parsing DCERPC BINDACK");
753 -1
754 }
755 }
756 }
757
a866499b 758 pub fn handle_stub_data(&mut self, input: &[u8], input_len: u16, dir: Direction) -> u16 {
bab497ab 759 let retval;
8036202c
SB		 760 let hdrpfcflags = self.get_hdr_pfcflags().unwrap_or(0);
761 let padleft = self.padleft;
bab497ab
SB		 762 let call_id = self.get_hdr_call_id().unwrap_or(0);
763 let hdrtype = self.get_hdr_type();
764 let tx;
765 if let Some(transaction) = self.get_tx_by_call_id(call_id, dir) {
766 tx = transaction;
767 } else {
768 SCLogDebug!("No transaction found matching the call ID: {:?}", call_id);
769 return 0;
770 }
771
8036202c 772 // Update the stub params based on the packet type
bab497ab 773 match hdrtype {
8036202c
SB		 774 Some(x) => match x {
775 DCERPC_TYPE_REQUEST => {
bab497ab
SB		 776 retval = evaluate_stub_params(
777 input,
778 input_len,
779 hdrpfcflags,
780 padleft,
781 &mut tx.stub_data_buffer_ts,
bab497ab
SB		 782 &mut tx.stub_data_buffer_reset_ts,
783 );
784 tx.req_done = true;
785 tx.frag_cnt_ts = 1;
0ac5c537 786 if let Some(flow) = self.flow {
a866499b 787 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToServer as i32);
0ac5c537 788 }
8036202c
SB		 789 }
790 DCERPC_TYPE_RESPONSE => {
bab497ab
SB		 791 retval = evaluate_stub_params(
792 input,
793 input_len,
794 hdrpfcflags,
795 padleft,
796 &mut tx.stub_data_buffer_tc,
bab497ab
SB		 797 &mut tx.stub_data_buffer_reset_tc,
798 );
799 tx.resp_done = true;
800 tx.frag_cnt_tc = 1;
0ac5c537 801 if let Some(flow) = self.flow {
a866499b 802 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToClient as i32);
0ac5c537 803 }
8036202c
SB		 804 }
805 _ => {
806 SCLogDebug!("Unrecognized packet type");
807 return 0;
808 }
809 },
810 None => {
811 return 0;
812 }
813 }
814 // Update the remaining fragment length
815 self.padleft -= retval;
816
817 retval
818 }
819
820 /// Handles stub data for both request and response.
821 ///
822 /// Arguments:
823 /// * `input`:
824 /// type: u8 vector slice.
825 /// description: bytes left *after* parsing header.
826 /// * `bytes_consumed`:
827 /// type: 16 bit unsigned integer.
828 /// description: bytes consumed *after* parsing header.
829 /// * `dir`:
a866499b 830 /// type: enum Direction.
8036202c
SB		 831 /// description: direction whose stub is supposed to be handled.
832 ///
833 /// Return value:
834 /// * Success: Number of bytes successfully parsed.
835 /// * Failure: -1 in case fragment length defined by header mismatches the data.
a866499b 836 pub fn handle_common_stub(&mut self, input: &[u8], bytes_consumed: u16, dir: Direction) -> i32 {
8036202c
SB		 837 let fraglen = self.get_hdr_fraglen().unwrap_or(0);
838 if fraglen < bytes_consumed as u16 + DCERPC_HDR_LEN {
839 return -1;
840 }
841 self.padleft = fraglen - DCERPC_HDR_LEN - bytes_consumed;
842 let mut input_left = input.len() as u16 - bytes_consumed;
301454e9
SB		 843 let mut parsed = bytes_consumed as i32;
844 while input_left > 0 && parsed < fraglen as i32 {
bab497ab 845 let retval = self.handle_stub_data(&input[parsed as usize..], input_left, dir);
8036202c 846 if retval > 0 && retval <= input_left {
301454e9 847 parsed += retval as i32;
8036202c
SB		 848 input_left -= retval;
849 } else if input_left > 0 {
850 SCLogDebug!(
851 "Error parsing DCERPC {} stub data",
a866499b 852 if dir == Direction::ToServer {
8036202c
SB		 853 "request"
854 } else {
855 "response"
856 }
857 );
301454e9 858 parsed -= input_left as i32;
8036202c
SB		 859 input_left = 0;
860 }
861 }
301454e9 862 parsed
8036202c
SB		 863 }
864
865 pub fn process_request_pdu(&mut self, input: &[u8]) -> i32 {
866 let endianness = self.get_endianness();
867 match parser::parse_dcerpc_request(input, endianness) {
bab497ab
SB		 868 Ok((leftover_input, request)) => {
869 let call_id = self.get_hdr_call_id().unwrap_or(0);
870 let hdr_type = self.get_hdr_type().unwrap_or(0);
a866499b 871 let mut transaction = self.get_tx_by_call_id(call_id, Direction::ToServer);
bab497ab
SB		 872 match transaction {
873 Some(ref mut tx) => {
874 tx.req_cmd = hdr_type;
875 tx.ctxid = request.ctxid;
876 tx.opnum = request.opnum;
877 tx.first_request_seen = request.first_request_seen;
878 }
879 None => {
880 let mut tx = self.create_tx(call_id);
881 tx.req_cmd = hdr_type;
882 tx.ctxid = request.ctxid;
883 tx.opnum = request.opnum;
884 tx.first_request_seen = request.first_request_seen;
885 self.transactions.push(tx);
886 }
887 }
8036202c 888 let parsed = self.handle_common_stub(
69cf5c9e 889 input,
8036202c 890 (input.len() - leftover_input.len()) as u16,
a866499b 891 Direction::ToServer,
8036202c
SB		 892 );
893 parsed
894 }
895 Err(nom::Err::Incomplete(_)) => {
896 // Insufficient data.
897 SCLogDebug!("Insufficient data while parsing DCERPC REQUEST");
898 -1
899 }
900 Err(_) => {
901 // Error, probably malformed data.
902 SCLogDebug!("An error occurred while parsing DCERPC REQUEST");
903 -1
904 }
905 }
906 }
907
a866499b 908 pub fn handle_input_data(&mut self, input: &[u8], direction: Direction) -> AppLayerResult {
8036202c
SB		 909 let mut parsed;
910 let retval;
4c7f55e6
SB		 911 let mut cur_i = input;
912 let input_len = cur_i.len();
8036202c
SB		 913 let mut v: Vec<u8>;
914 // Set any query's completion status to false in the beginning
915 self.query_completed = false;
4c7f55e6
SB		 916
917 // Skip the record since this means that its in the middle of a known length record
a866499b 918 if (self.ts_gap && direction == Direction::ToServer) || (self.tc_gap && direction == Direction::ToClient) {
4c7f55e6 919 SCLogDebug!("Trying to catch up after GAP (input {})", cur_i.len());
97c67cd5
SB		 920 match self.search_dcerpc_record(cur_i) {
921 Ok((_, pg)) => {
922 SCLogDebug!("DCERPC record found");
923 let offset = cur_i.len() - pg.len();
924 cur_i = &cur_i[offset..];
925 match direction {
a866499b 926 Direction::ToServer => {
97c67cd5
SB		 927 self.ts_gap = false;
928 },
a866499b 929 Direction::ToClient => {
97c67cd5 930 self.tc_gap = false;
4c7f55e6 931 }
97c67cd5
SB		 932 }
933 },
934 _ => {
935 let mut consumed = cur_i.len();
936 // At least 2 bytes are required to know if a new record is beginning
937 if consumed < 2 {
938 consumed = 0;
939 } else {
940 consumed = consumed - 1;
941 }
942 SCLogDebug!("DCERPC record NOT found");
943 return AppLayerResult::incomplete(consumed as u32, 2);
944 },
4c7f55e6
SB		 945 }
946 }
947
8036202c
SB		 948 // Overwrite the dcerpc_state data in case of multiple complete queries in the
949 // same direction
950 if self.prev_dir == direction {
951 self.data_needed_for_dir = direction;
952 }
953
954 let buffer = match direction {
a866499b 955 Direction::ToServer => {
8036202c
SB		 956 if self.buffer_ts.len() + input_len > 1024 * 1024 {
957 SCLogDebug!("DCERPC TOSERVER stream: Buffer Overflow");
958 return AppLayerResult::err();
959 }
960 v = self.buffer_ts.split_off(0);
4c7f55e6 961 v.extend_from_slice(cur_i);
8036202c
SB		 962 v.as_slice()
963 }
a866499b 964 Direction::ToClient => {
8036202c
SB		 965 if self.buffer_tc.len() + input_len > 1024 * 1024 {
966 SCLogDebug!("DCERPC TOCLIENT stream: Buffer Overflow");
967 return AppLayerResult::err();
968 }
969 v = self.buffer_tc.split_off(0);
4c7f55e6 970 v.extend_from_slice(cur_i);
8036202c
SB		 971 v.as_slice()
972 }
973 };
974
975 if self.data_needed_for_dir != direction && buffer.len() != 0 {
976 return AppLayerResult::err();
977 }
978
979 // Set data_needed_for_dir in the same direction in case there is an issue with upcoming parsing
980 self.data_needed_for_dir = direction;
981
982 // Check if header data was complete. In case of EoF or incomplete data, wait for more
983 // data else return error
984 if self.bytes_consumed < DCERPC_HDR_LEN && input_len > 0 {
69cf5c9e 985 parsed = self.process_header(buffer);
8036202c
SB		 986 if parsed == -1 {
987 self.extend_buffer(buffer, direction);
988 return AppLayerResult::ok();
989 }
990 if parsed == -2 {
991 return AppLayerResult::err();
992 }
993 self.bytes_consumed += parsed as u16;
994 }
995
996 let fraglen = self.get_hdr_fraglen().unwrap_or(0);
997
6f03ee2e 998 if (buffer.len()) < fraglen as usize {
8036202c
SB		 999 SCLogDebug!("Possibly fragmented data, waiting for more..");
1000 self.extend_buffer(buffer, direction);
1001 return AppLayerResult::ok();
1002 } else {
1003 self.query_completed = true;
1004 }
8036202c
SB		 1005 parsed = self.bytes_consumed as i32;
1006
bab497ab
SB		 1007 let current_call_id = self.get_hdr_call_id().unwrap_or(0);
1008
8036202c
SB		 1009 match self.get_hdr_type() {
1010 Some(x) => match x {
1011 DCERPC_TYPE_BIND | DCERPC_TYPE_ALTER_CONTEXT => {
1012 retval = self.process_bind_pdu(&buffer[parsed as usize..]);
1013 if retval == -1 {
1014 return AppLayerResult::err();
1015 }
bab497ab 1016 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1017 }
1018 DCERPC_TYPE_BINDACK | DCERPC_TYPE_ALTER_CONTEXT_RESP => {
1019 retval = self.process_bindack_pdu(&buffer[parsed as usize..]);
1020 if retval == -1 {
1021 return AppLayerResult::err();
1022 }
a866499b 1023 let tx = if let Some(tx) = self.get_tx_by_call_id(current_call_id, Direction::ToClient) {
bab497ab
SB		 1024 tx.resp_cmd = x;
1025 tx
1026 } else {
1027 let mut tx = self.create_tx(current_call_id);
1028 tx.resp_cmd = x;
1029 self.transactions.push(tx);
1030 self.transactions.last_mut().unwrap()
1031 };
1032 tx.resp_done = true;
1033 tx.frag_cnt_tc = 1;
0ac5c537 1034 if let Some(flow) = self.flow {
a866499b 1035 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToClient as i32);
0ac5c537 1036 }
bab497ab 1037 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1038 }
1039 DCERPC_TYPE_REQUEST => {
1040 retval = self.process_request_pdu(&buffer[parsed as usize..]);
301454e9 1041 if retval < 0 {
8036202c
SB		 1042 return AppLayerResult::err();
1043 }
bab497ab
SB		 1044 // In case the response came first, the transaction would complete later when
1045 // the corresponding request also comes through
1046 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1047 }
1048 DCERPC_TYPE_RESPONSE => {
a866499b 1049 let transaction = self.get_tx_by_call_id(current_call_id, Direction::ToClient);
bab497ab 1050 match transaction {
f31372ad 1051 Some(tx) => {
bab497ab
SB		 1052 tx.resp_cmd = x;
1053 }
1054 None => {
1055 let mut tx = self.create_tx(current_call_id);
1056 tx.resp_cmd = x;
1057 self.transactions.push(tx);
1058 }
1059 };
8036202c
SB		 1060 retval = self.handle_common_stub(
1061 &buffer[parsed as usize..],
1062 0,
a866499b 1063 Direction::ToClient,
8036202c 1064 );
301454e9 1065 if retval < 0 {
8036202c
SB		 1066 return AppLayerResult::err();
1067 }
bab497ab 1068 self.handle_bind_cache(current_call_id, true);
8036202c
SB		 1069 }
1070 _ => {
4c7f55e6 1071 SCLogDebug!("Unrecognized packet type: {:?}", x);
8036202c
SB		 1072 self.clean_buffer(direction);
1073 return AppLayerResult::err();
1074 }
1075 },
1076 None => {
1077 return AppLayerResult::err();
1078 }
1079 }
1080 self.bytes_consumed += retval as u16;
1081
1082 // If the query has been completed, clean the buffer and reset the direction
1083 if self.query_completed == true {
1084 self.clean_buffer(direction);
1085 self.reset_direction(direction);
1086 }
4c7f55e6 1087 self.post_gap_housekeeping(direction);
8036202c
SB		 1088 self.prev_dir = direction;
1089 return AppLayerResult::ok();
1090 }
1091}
1092
1093fn evaluate_stub_params(
2033f386
IB		 1094 input: &[u8], input_len: u16, hdrflags: u8, lenleft: u16,
1095 stub_data_buffer: &mut Vec<u8>,stub_data_buffer_reset: &mut bool,
8036202c
SB		 1096) -> u16 {
1097 let stub_len: u16;
1098 let fragtype = hdrflags & (PFC_FIRST_FRAG | PFC_LAST_FRAG);
1099 stub_len = cmp::min(lenleft, input_len);
1100 if stub_len == 0 {
1101 return 0;
1102 }
1103 if stub_len == lenleft && (fragtype == 0 || (fragtype & PFC_LAST_FRAG > 0)) {
1104 *stub_data_buffer_reset = true;
1105 }
1106
1107 let input_slice = &input[..stub_len as usize];
69cf5c9e 1108 stub_data_buffer.extend_from_slice(input_slice);
8036202c
SB		 1109
1110 stub_len
1111}
1112
1113#[no_mangle]
1114pub extern "C" fn rs_parse_dcerpc_request_gap(
4c7f55e6
SB		 1115 state: &mut DCERPCState,
1116 _input_len: u32,
8036202c 1117) -> AppLayerResult {
a866499b 1118 state.parse_data_gap(Direction::ToServer)
8036202c
SB		 1119}
1120
1121#[no_mangle]
1122pub extern "C" fn rs_parse_dcerpc_response_gap(
4c7f55e6
SB		 1123 state: &mut DCERPCState,
1124 _input_len: u32,
8036202c 1125) -> AppLayerResult {
a866499b 1126 state.parse_data_gap(Direction::ToClient)
8036202c
SB		 1127}
1128
1129#[no_mangle]
363b5f99 1130pub unsafe extern "C" fn rs_dcerpc_parse_request(
a0a09a10
SB		 1131 flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
1132 input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, flags: u8,
8036202c 1133) -> AppLayerResult {
a0a09a10 1134 let state = cast_pointer!(state, DCERPCState);
9f9c29a1
VJ		 1135 SCLogDebug!("Handling request: input {:p} input_len {} flags {:x} EOF {}",
1136 input, input_len, flags, flags & core::STREAM_EOF != 0);
1137 if flags & core::STREAM_EOF != 0 && input_len == 0 {
1138 return AppLayerResult::ok();
1139 }
4c7f55e6
SB		 1140 /* START with MIDSTREAM set: record might be starting the middle. */
1141 if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) {
1142 state.ts_gap = true;
1143 }
922a453d 1144 if input_len > 0 && !input.is_null() {
8036202c 1145 let buf = build_slice!(input, input_len as usize);
0ac5c537 1146 state.flow = Some(flow);
a866499b 1147 return state.handle_input_data(buf, Direction::ToServer);
8036202c
SB		 1148 }
1149 AppLayerResult::err()
1150}
1151
1152#[no_mangle]
363b5f99 1153pub unsafe extern "C" fn rs_dcerpc_parse_response(
a0a09a10
SB		 1154 flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
1155 input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, flags: u8,
8036202c 1156) -> AppLayerResult {
a0a09a10 1157 let state = cast_pointer!(state, DCERPCState);
9f9c29a1
VJ		 1158 if flags & core::STREAM_EOF != 0 && input_len == 0 {
1159 return AppLayerResult::ok();
1160 }
4c7f55e6
SB		 1161 /* START with MIDSTREAM set: record might be starting the middle. */
1162 if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) {
1163 state.tc_gap = true;
1164 }
8036202c 1165 if input_len > 0 {
922a453d 1166 if !input.is_null() {
8036202c 1167 let buf = build_slice!(input, input_len as usize);
0ac5c537 1168 state.flow = Some(flow);
a866499b 1169 return state.handle_input_data(buf, Direction::ToClient);
8036202c
SB		 1170 }
1171 }
1172 AppLayerResult::err()
1173}
1174
1175#[no_mangle]
a0a09a10 1176pub extern "C" fn rs_dcerpc_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: core::AppProto) -> *mut std::os::raw::c_void {
8036202c
SB		 1177 let state = DCERPCState::new();
1178 let boxed = Box::new(state);
53413f2d 1179 return Box::into_raw(boxed) as *mut _;
8036202c
SB		 1180}
1181
1182#[no_mangle]
a0a09a10 1183pub extern "C" fn rs_dcerpc_state_free(state: *mut std::os::raw::c_void) {
53413f2d 1184 std::mem::drop(unsafe { Box::from_raw(state as *mut DCERPCState)} );
8036202c
SB		 1185}
1186
1187#[no_mangle]
363b5f99 1188pub unsafe extern "C" fn rs_dcerpc_state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) {
5d985c42
VJ		 1189 let dce_state = cast_pointer!(state, DCERPCState);
1190 SCLogDebug!("freeing tx {}", tx_id as u64);
1191 dce_state.free_tx(tx_id);
8036202c
SB		 1192}
1193
8b288663 1194#[no_mangle]
363b5f99 1195pub unsafe extern "C" fn rs_dcerpc_state_trunc(state: *mut std::os::raw::c_void, direction: u8) {
8b288663 1196 let dce_state = cast_pointer!(state, DCERPCState);
a866499b
SB		 1197 match direction.into() {
1198 Direction::ToServer => {
1199 dce_state.ts_ssn_trunc = true;
1200 for tx in &mut dce_state.transactions {
1201 tx.req_done = true;
1202 if let Some(flow) = dce_state.flow {
1203 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToServer as i32);
1204 }
0ac5c537 1205 }
a866499b 1206 SCLogDebug!("dce_state.ts_ssn_trunc = true; txs {}", dce_state.transactions.len());
8b288663 1207 }
a866499b
SB		 1208 Direction::ToClient => {
1209 dce_state.tc_ssn_trunc = true;
1210 for tx in &mut dce_state.transactions {
1211 tx.resp_done = true;
1212 if let Some(flow) = dce_state.flow {
1213 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToClient as i32);
1214 }
0ac5c537 1215 }
a866499b 1216 SCLogDebug!("dce_state.tc_ssn_trunc = true; txs {}", dce_state.transactions.len());
8b288663 1217 }
8b288663
VJ		 1218 }
1219}
1220
8036202c 1221#[no_mangle]
363b5f99 1222pub unsafe extern "C" fn rs_dcerpc_get_tx(
2840a2e0 1223 vtx: *mut std::os::raw::c_void, tx_id: u64,
a0a09a10 1224) -> *mut std::os::raw::c_void {
bab497ab
SB		 1225 let dce_state = cast_pointer!(vtx, DCERPCState);
1226 match dce_state.get_tx(tx_id) {
53413f2d 1227 Some(tx) => tx as *const _ as *mut _,
bab497ab
SB		 1228 None => std::ptr::null_mut(),
1229 }
8036202c
SB		 1230}
1231
1232#[no_mangle]
363b5f99 1233pub unsafe extern "C" fn rs_dcerpc_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
bab497ab
SB		 1234 let dce_state = cast_pointer!(vtx, DCERPCState);
1235 dce_state.tx_id
8036202c
SB		 1236}
1237
1238#[no_mangle]
363b5f99 1239pub unsafe extern "C" fn rs_dcerpc_get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8
a0a09a10
SB		 1240 )-> std::os::raw::c_int {
1241 let tx = cast_pointer!(tx, DCERPCTransaction);
a866499b 1242 if direction == Direction::ToServer.into() && tx.req_done {
bab497ab
SB		 1243 SCLogDebug!("tx {} TOSERVER progress 1 => {:?}", tx.call_id, tx);
1244 return 1;
a866499b 1245 } else if direction == Direction::ToClient.into() && tx.resp_done {
bab497ab
SB		 1246 SCLogDebug!("tx {} TOCLIENT progress 1 => {:?}", tx.call_id, tx);
1247 return 1;
1248 }
1249 SCLogDebug!("tx {} direction {} progress 0", tx.call_id, direction);
1250 return 0;
8036202c
SB		 1251}
1252
8036202c 1253#[no_mangle]
363b5f99 1254pub unsafe extern "C" fn rs_dcerpc_get_tx_data(
3202d293
VJ		 1255 tx: *mut std::os::raw::c_void)
1256 -> *mut AppLayerTxData
1257{
bab497ab 1258 let tx = cast_pointer!(tx, DCERPCTransaction);
3202d293 1259 return &mut tx.tx_data;
8036202c
SB		 1260}
1261
1262#[no_mangle]
1263pub unsafe extern "C" fn rs_dcerpc_get_stub_data(
bab497ab 1264 tx: &mut DCERPCTransaction, buf: *mut *const u8, len: *mut u32, endianness: *mut u8, dir: u8,
8036202c 1265) {
a866499b
SB		 1266 match dir.into() {
1267 Direction::ToServer => {
2033f386 1268 *len = tx.stub_data_buffer_ts.len() as u32;
bab497ab
SB		 1269 *buf = tx.stub_data_buffer_ts.as_ptr();
1270 SCLogDebug!("DCERPC Request stub buffer: Setting buffer to: {:?}", *buf);
8036202c 1271 }
a866499b 1272 Direction::ToClient => {
2033f386 1273 *len = tx.stub_data_buffer_tc.len() as u32;
bab497ab
SB		 1274 *buf = tx.stub_data_buffer_tc.as_ptr();
1275 SCLogDebug!("DCERPC Response stub buffer: Setting buffer to: {:?}", *buf);
8036202c
SB		 1276 }
1277 }
bab497ab 1278 *endianness = tx.get_endianness();
8036202c
SB		 1279}
1280
3641f1b5
SB		 1281/// Probe input to see if it looks like DCERPC.
1282fn probe(input: &[u8]) -> (bool, bool) {
1283 match parser::parse_dcerpc_header(input) {
1284 Ok((_, hdr)) => {
1285 let is_request = hdr.hdrtype == 0x00;
c663ac6d
SB		 1286 let is_dcerpc = hdr.rpc_vers == 0x05 &&
1287 hdr.rpc_vers_minor == 0x00 &&
1288 hdr.packed_drep[0] & 0xee == 0 &&
1289 hdr.packed_drep[1] <= 3;
3641f1b5
SB		 1290 return (is_dcerpc, is_request);
1291 },
1292 Err(_) => (false, false),
1293 }
1294}
1295
363b5f99 1296pub unsafe extern "C" fn rs_dcerpc_probe_tcp(_f: *const core::Flow, direction: u8, input: *const u8,
dee972b8 1297 len: u32, rdir: *mut u8) -> AppProto
3641f1b5
SB		 1298{
1299 SCLogDebug!("Probing packet for DCERPC");
1300 if len == 0 {
1301 return core::ALPROTO_UNKNOWN;
1302 }
363b5f99 1303 let slice: &[u8] = std::slice::from_raw_parts(input as *mut u8, len as usize);
3641f1b5
SB		 1304 //is_incomplete is checked by caller
1305 let (is_dcerpc, is_request, ) = probe(slice);
1306 if is_dcerpc {
1307 let dir = if is_request {
a866499b 1308 Direction::ToServer
3641f1b5 1309 } else {
a866499b 1310 Direction::ToClient
3641f1b5 1311 };
a866499b
SB		 1312 if (direction & DIR_BOTH) != dir as u8 {
1313 *rdir = dir as u8;
3641f1b5 1314 }
363b5f99 1315 return ALPROTO_DCERPC;
bac69af7 1316 }
363b5f99 1317 return core::ALPROTO_FAILED;
bac69af7
SB		 1318}
1319
1320fn register_pattern_probe() -> i8 {
1321 unsafe {
1322 if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_DCERPC,
1323 b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
a866499b 1324 Direction::ToServer.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 {
bac69af7
SB		 1325 SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
1326 return -1;
1327 }
1328 if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_DCERPC,
1329 b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
a866499b 1330 Direction::ToClient.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 {
bac69af7
SB		 1331 SCLogDebug!("TOCLIENT => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
1332 return -1;
1333 }
1334 }
1335
1336 0
1337}
1338
1339
1340// Parser name as a C style string.
1341pub const PARSER_NAME: &'static [u8] = b"dcerpc\0";
1342
1343#[no_mangle]
1344pub unsafe extern "C" fn rs_dcerpc_register_parser() {
bac69af7
SB		 1345 let parser = RustParser {
1346 name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
f4f6387a 1347 default_port: std::ptr::null(),
bac69af7
SB		 1348 ipproto: IPPROTO_TCP,
1349 probe_ts: None,
1350 probe_tc: None,
1351 min_depth: 0,
1352 max_depth: 16,
1353 state_new: rs_dcerpc_state_new,
1354 state_free: rs_dcerpc_state_free,
1355 tx_free: rs_dcerpc_state_transaction_free,
1356 parse_ts: rs_dcerpc_parse_request,
1357 parse_tc: rs_dcerpc_parse_response,
1358 get_tx_count: rs_dcerpc_get_tx_cnt,
1359 get_tx: rs_dcerpc_get_tx,
1360 tx_comp_st_ts: 1,
1361 tx_comp_st_tc: 1,
1362 tx_get_progress: rs_dcerpc_get_alstate_progress,
bac69af7
SB		 1363 get_events: None,
1364 get_eventinfo: None,
1365 get_eventinfo_byid : None,
1366 localstorage_new: None,
1367 localstorage_free: None,
1368 get_files: None,
1369 get_tx_iterator: None,
1370 get_tx_data: rs_dcerpc_get_tx_data,
1371 apply_tx_config: None,
1372 flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
1373 truncate: None,
1374 };
1375
1376 let ip_proto_str = CString::new("tcp").unwrap();
1377
1378 if AppLayerProtoDetectConfProtoDetectionEnabled(
1379 ip_proto_str.as_ptr(),
1380 parser.name,
1381 ) != 0
1382 {
1383 let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
1384 ALPROTO_DCERPC = alproto;
1385 if register_pattern_probe() < 0 {
1386 return;
1387 }
1388 if AppLayerParserConfParserEnabled(
1389 ip_proto_str.as_ptr(),
1390 parser.name,
1391 ) != 0
1392 {
1393 let _ = AppLayerRegisterParser(&parser, alproto);
1394 }
1395 SCLogDebug!("Rust DCERPC parser registered.");
1396 } else {
1397 SCLogDebug!("Protocol detector and parser disabled for DCERPC.");
3641f1b5 1398 }
3641f1b5
SB		 1399}
1400
8036202c
SB		 1401#[cfg(test)]
1402mod tests {
1403 use crate::applayer::AppLayerResult;
a866499b 1404 use crate::core::*;
8036202c
SB		 1405 use crate::dcerpc::dcerpc::DCERPCState;
1406 use std::cmp;
1407
1408 #[test]
1409 fn test_process_header() {
1410 let request: &[u8] = &[
1411 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1412 0x00, 0x00,
1413 ];
1414 let mut dcerpc_state = DCERPCState::new();
1415 assert_eq!(16, dcerpc_state.process_header(request));
1416 }
1417
1418 #[test]
1419 fn test_process_bind_pdu() {
2ce7d98a
SB		 1420 let header: &[u8] = &[
1421 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1422 0x00, 0x00,
1423 ];
8036202c
SB		 1424 let bind: &[u8] = &[
1425 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00,
1426 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f, 0xbf, 0x85,
1427 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1428 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1429 0x01, 0x00, 0x01, 0x00, 0x2c, 0x75, 0xce, 0x7e, 0x82, 0x3b, 0x06, 0xac, 0x1b, 0xf0,
1430 0xf5, 0xb7, 0xa7, 0xf7, 0x28, 0xaf, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1431 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1432 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xe3, 0xb2, 0x10, 0xd1, 0xd0, 0x0c, 0xcc, 0x3d,
1433 0x2f, 0x80, 0x20, 0x7c, 0xef, 0xe7, 0x09, 0xe0, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1434 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1435 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xde, 0x85, 0x70, 0xc4, 0x02, 0x7c,
1436 0x60, 0x23, 0x67, 0x0c, 0x22, 0xbf, 0x18, 0x36, 0x79, 0x17, 0x01, 0x00, 0x02, 0x00,
1437 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1438 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x41, 0x65, 0x29, 0x51,
1439 0xaa, 0xe7, 0x7b, 0xa8, 0xf2, 0x37, 0x0b, 0xd0, 0x3f, 0xb3, 0x36, 0xed, 0x05, 0x00,
1440 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1441 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00, 0x14, 0x96,
1442 0x80, 0x01, 0x2e, 0x78, 0xfb, 0x5d, 0xb4, 0x3c, 0x14, 0xb3, 0x3d, 0xaa, 0x02, 0xfb,
1443 0x06, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1444 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00,
1445 0x3b, 0x04, 0x68, 0x3e, 0x63, 0xfe, 0x9f, 0xd8, 0x64, 0x55, 0xcd, 0xe7, 0x39, 0xaf,
1446 0x98, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1447 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x07, 0x00,
1448 0x01, 0x00, 0x16, 0x7a, 0x4f, 0x1b, 0xdb, 0x25, 0x92, 0x55, 0xdd, 0xae, 0x9e, 0x5b,
1449 0x3e, 0x93, 0x66, 0x93, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1450 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1451 0x08, 0x00, 0x01, 0x00, 0xe8, 0xa4, 0x8a, 0xcf, 0x95, 0x6c, 0xc7, 0x8f, 0x14, 0xcc,
1452 0x56, 0xfc, 0x7b, 0x5f, 0x4f, 0xe8, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1453 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1454 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xd8, 0xda, 0xfb, 0xbc, 0xa2, 0x55, 0x6f, 0x5d,
1455 0xc0, 0x2d, 0x88, 0x6f, 0x00, 0x17, 0x52, 0x8d, 0x06, 0x00, 0x03, 0x00, 0x04, 0x5d,
1456 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1457 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x3f, 0x17, 0x55, 0x0c, 0xf4, 0x23,
1458 0x3c, 0xca, 0xe6, 0xa0, 0xaa, 0xcc, 0xb5, 0xe3, 0xf9, 0xce, 0x04, 0x00, 0x00, 0x00,
1459 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1460 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x6a, 0x28, 0x19, 0x39,
1461 0x0c, 0xb1, 0xd0, 0x11, 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5, 0x00, 0x00,
1462 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1463 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00, 0xc9, 0x9f,
1464 0x3e, 0x6e, 0x82, 0x0a, 0x2b, 0x28, 0x37, 0x78, 0xe1, 0x13, 0x70, 0x05, 0x38, 0x4d,
1465 0x01, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1466 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x01, 0x00,
1467 0x11, 0xaa, 0x4b, 0x15, 0xdf, 0xa6, 0x86, 0x3f, 0xfb, 0xe0, 0x09, 0xb7, 0xf8, 0x56,
1468 0xd2, 0x3f, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1469 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0e, 0x00,
1470 0x01, 0x00, 0xee, 0x99, 0xc4, 0x25, 0x11, 0xe4, 0x95, 0x62, 0x29, 0xfa, 0xfd, 0x26,
1471 0x57, 0x02, 0xf1, 0xce, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1472 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1473 0x0f, 0x00, 0x01, 0x00, 0xba, 0x81, 0x9e, 0x1a, 0xdf, 0x2b, 0xba, 0xe4, 0xd3, 0x17,
1474 0x41, 0x60, 0x6d, 0x2d, 0x9e, 0x28, 0x03, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1475 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1476 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0xa0, 0x24, 0x03, 0x9a, 0xa9, 0x99, 0xfb, 0xbe,
1477 0x49, 0x11, 0xad, 0x77, 0x30, 0xaa, 0xbc, 0xb6, 0x02, 0x00, 0x03, 0x00, 0x04, 0x5d,
1478 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1479 0x02, 0x00, 0x00, 0x00, 0x11, 0x00, 0x01, 0x00, 0x32, 0x04, 0x7e, 0xae, 0xec, 0x28,
1480 0xd1, 0x55, 0x83, 0x4e, 0xc3, 0x47, 0x5d, 0x1d, 0xc6, 0x65, 0x02, 0x00, 0x03, 0x00,
1481 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1482 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x00, 0xc6, 0xa4, 0x81, 0x48,
1483 0x66, 0x2a, 0x74, 0x7d, 0x56, 0x6e, 0xc5, 0x1d, 0x19, 0xf2, 0xb5, 0xb6, 0x03, 0x00,
1484 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1485 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x00, 0xcb, 0xae,
1486 0xb3, 0xc0, 0x0c, 0xf4, 0xa4, 0x5e, 0x91, 0x72, 0xdd, 0x53, 0x24, 0x70, 0x89, 0x02,
1487 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1488 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00, 0x01, 0x00,
1489 0xb8, 0xd0, 0xa0, 0x1a, 0x5e, 0x7a, 0x2d, 0xfe, 0x35, 0xc6, 0x7d, 0x08, 0x0d, 0x33,
1490 0x73, 0x18, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1491 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x15, 0x00,
1492 0x01, 0x00, 0x21, 0xd3, 0xaa, 0x09, 0x03, 0xa7, 0x0b, 0xc2, 0x06, 0x45, 0xd9, 0x6c,
1493 0x75, 0xc2, 0x15, 0xa8, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1494 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1495 0x16, 0x00, 0x01, 0x00, 0xe1, 0xbd, 0x59, 0xfc, 0xbc, 0xa9, 0x95, 0xc2, 0x68, 0x79,
1496 0xf3, 0x75, 0xe0, 0xae, 0x6c, 0xe5, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1497 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1498 0x00, 0x00, 0x17, 0x00, 0x01, 0x00, 0x06, 0x52, 0xb4, 0x71, 0x70, 0x15, 0x4e, 0xf5,
1499 0x7f, 0x08, 0x86, 0x14, 0xe6, 0x17, 0xd5, 0x97, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1500 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1501 0x02, 0x00, 0x00, 0x00,
1502 ];
1503 let mut dcerpc_state = DCERPCState::new();
2ce7d98a 1504 assert_eq!(16, dcerpc_state.process_header(header));
8036202c
SB		 1505 assert_eq!(1068, dcerpc_state.process_bind_pdu(bind));
1506 }
1507
1508 #[test]
1509 fn test_handle_bindctxitem() {
2ce7d98a
SB		 1510 let header: &[u8] = &[
1511 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1512 0x00, 0x00,
1513 ];
8036202c
SB		 1514 let bind: &[u8] = &[
1515 0x00, 0x00, 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f,
1516 0xbf, 0x85, 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1517 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1518 0x00, 0x00,
1519 ];
1520 let mut dcerpc_state = DCERPCState::new();
2ce7d98a 1521 assert_eq!(16, dcerpc_state.process_header(header));
8036202c
SB		 1522 assert_eq!(44, dcerpc_state.handle_bindctxitem(bind, 0));
1523 }
1524
1525 #[test]
1526 fn test_process_bindack_pdu() {
1527 let bind: &[u8] = &[
1528 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x3c, 0x04, 0x00, 0x00, 0x00, 0x00,
1529 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
1530 0x00, 0x00, 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f,
1531 0xbf, 0x85, 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1532 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1533 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x2c, 0x75, 0xce, 0x7e, 0x82, 0x3b, 0x06, 0xac,
1534 0x1b, 0xf0, 0xf5, 0xb7, 0xa7, 0xf7, 0x28, 0xaf, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d,
1535 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1536 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xe3, 0xb2, 0x10, 0xd1, 0xd0, 0x0c,
1537 0xcc, 0x3d, 0x2f, 0x80, 0x20, 0x7c, 0xef, 0xe7, 0x09, 0xe0, 0x04, 0x00, 0x00, 0x00,
1538 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1539 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xde, 0x85, 0x70, 0xc4,
1540 0x02, 0x7c, 0x60, 0x23, 0x67, 0x0c, 0x22, 0xbf, 0x18, 0x36, 0x79, 0x17, 0x01, 0x00,
1541 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1542 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x41, 0x65,
1543 0x29, 0x51, 0xaa, 0xe7, 0x7b, 0xa8, 0xf2, 0x37, 0x0b, 0xd0, 0x3f, 0xb3, 0x36, 0xed,
1544 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1545 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
1546 0x14, 0x96, 0x80, 0x01, 0x2e, 0x78, 0xfb, 0x5d, 0xb4, 0x3c, 0x14, 0xb3, 0x3d, 0xaa,
1547 0x02, 0xfb, 0x06, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1548 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
1549 0x01, 0x00, 0x3b, 0x04, 0x68, 0x3e, 0x63, 0xfe, 0x9f, 0xd8, 0x64, 0x55, 0xcd, 0xe7,
1550 0x39, 0xaf, 0x98, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1551 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1552 0x07, 0x00, 0x01, 0x00, 0x16, 0x7a, 0x4f, 0x1b, 0xdb, 0x25, 0x92, 0x55, 0xdd, 0xae,
1553 0x9e, 0x5b, 0x3e, 0x93, 0x66, 0x93, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1554 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1555 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0xe8, 0xa4, 0x8a, 0xcf, 0x95, 0x6c, 0xc7, 0x8f,
1556 0x14, 0xcc, 0x56, 0xfc, 0x7b, 0x5f, 0x4f, 0xe8, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1557 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1558 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xd8, 0xda, 0xfb, 0xbc, 0xa2, 0x55,
1559 0x6f, 0x5d, 0xc0, 0x2d, 0x88, 0x6f, 0x00, 0x17, 0x52, 0x8d, 0x06, 0x00, 0x03, 0x00,
1560 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1561 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x3f, 0x17, 0x55, 0x0c,
1562 0xf4, 0x23, 0x3c, 0xca, 0xe6, 0xa0, 0xaa, 0xcc, 0xb5, 0xe3, 0xf9, 0xce, 0x04, 0x00,
1563 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1564 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x6a, 0x28,
1565 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11, 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
1566 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1567 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
1568 0xc9, 0x9f, 0x3e, 0x6e, 0x82, 0x0a, 0x2b, 0x28, 0x37, 0x78, 0xe1, 0x13, 0x70, 0x05,
1569 0x38, 0x4d, 0x01, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1570 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
1571 0x01, 0x00, 0x11, 0xaa, 0x4b, 0x15, 0xdf, 0xa6, 0x86, 0x3f, 0xfb, 0xe0, 0x09, 0xb7,
1572 0xf8, 0x56, 0xd2, 0x3f, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1573 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1574 0x0e, 0x00, 0x01, 0x00, 0xee, 0x99, 0xc4, 0x25, 0x11, 0xe4, 0x95, 0x62, 0x29, 0xfa,
1575 0xfd, 0x26, 0x57, 0x02, 0xf1, 0xce, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1576 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1577 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xba, 0x81, 0x9e, 0x1a, 0xdf, 0x2b, 0xba, 0xe4,
1578 0xd3, 0x17, 0x41, 0x60, 0x6d, 0x2d, 0x9e, 0x28, 0x03, 0x00, 0x03, 0x00, 0x04, 0x5d,
1579 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1580 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0xa0, 0x24, 0x03, 0x9a, 0xa9, 0x99,
1581 0xfb, 0xbe, 0x49, 0x11, 0xad, 0x77, 0x30, 0xaa, 0xbc, 0xb6, 0x02, 0x00, 0x03, 0x00,
1582 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1583 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x11, 0x00, 0x01, 0x00, 0x32, 0x04, 0x7e, 0xae,
1584 0xec, 0x28, 0xd1, 0x55, 0x83, 0x4e, 0xc3, 0x47, 0x5d, 0x1d, 0xc6, 0x65, 0x02, 0x00,
1585 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1586 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x00, 0xc6, 0xa4,
1587 0x81, 0x48, 0x66, 0x2a, 0x74, 0x7d, 0x56, 0x6e, 0xc5, 0x1d, 0x19, 0xf2, 0xb5, 0xb6,
1588 0x03, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1589 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x00,
1590 0xcb, 0xae, 0xb3, 0xc0, 0x0c, 0xf4, 0xa4, 0x5e, 0x91, 0x72, 0xdd, 0x53, 0x24, 0x70,
1591 0x89, 0x02, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1592 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00,
1593 0x01, 0x00, 0xb8, 0xd0, 0xa0, 0x1a, 0x5e, 0x7a, 0x2d, 0xfe, 0x35, 0xc6, 0x7d, 0x08,
1594 0x0d, 0x33, 0x73, 0x18, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1595 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1596 0x15, 0x00, 0x01, 0x00, 0x21, 0xd3, 0xaa, 0x09, 0x03, 0xa7, 0x0b, 0xc2, 0x06, 0x45,
1597 0xd9, 0x6c, 0x75, 0xc2, 0x15, 0xa8, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1598 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1599 0x00, 0x00, 0x16, 0x00, 0x01, 0x00, 0xe1, 0xbd, 0x59, 0xfc, 0xbc, 0xa9, 0x95, 0xc2,
1600 0x68, 0x79, 0xf3, 0x75, 0xe0, 0xae, 0x6c, 0xe5, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d,
1601 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1602 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x01, 0x00, 0x06, 0x52, 0xb4, 0x71, 0x70, 0x15,
1603 0x4e, 0xf5, 0x7f, 0x08, 0x86, 0x14, 0xe6, 0x17, 0xd5, 0x97, 0x04, 0x00, 0x00, 0x00,
1604 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1605 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1606 ];
1607 let bindack: &[u8] = &[
1608 0xb8, 0x10, 0xb8, 0x10, 0xce, 0x47, 0x00, 0x00, 0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50,
1609 0x45, 0x5c, 0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0xf6, 0x6e, 0x18, 0x00, 0x00, 0x00,
1610 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1611 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1612 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1613 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1614 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1615 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1616 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
1617 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1618 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1619 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1620 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1621 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1622 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1623 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1624 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1625 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1626 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1627 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1628 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1629 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1630 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1631 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1632 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1633 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1634 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1635 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1636 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1637 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1638 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1639 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1640 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
1641 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1642 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1643 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1644 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1645 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1646 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1647 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1648 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1649 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1650 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1651 0x00, 0x00,
1652 ];
1653 let mut dcerpc_state = DCERPCState::new();
1654 assert_eq!(16, dcerpc_state.process_header(bind));
1655 assert_eq!(1068, dcerpc_state.process_bind_pdu(&bind[16..]));
1656 assert_eq!(604, dcerpc_state.process_bindack_pdu(bindack));
1657 if let Some(back) = dcerpc_state.bindack {
1658 assert_eq!(1, back.accepted_uuid_list.len());
1659 assert_eq!(
1660 vec!(57, 25, 40, 106, 177, 12, 17, 208, 155, 168, 0, 192, 79, 217, 46, 245),
1661 back.accepted_uuid_list[0].uuid
1662 );
1663 assert_eq!(11, back.accepted_uuid_list[0].internal_id);
1664 }
1665 }
1666
1667 #[test]
1668 pub fn test_process_request_pdu() {
1669 let request: &[u8] = &[
1670 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1671 0x00, 0x00, 0xe8, 0x03, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x45, 0x00, 0x2c, 0x00,
1672 0x4d, 0x00, 0x73, 0x00, 0x53, 0x00, 0x59, 0x00, 0x2a, 0x00, 0x4a, 0x00, 0x7a, 0x00,
1673 0x3e, 0x00, 0x58, 0x00, 0x21, 0x00, 0x4a, 0x00, 0x30, 0x00, 0x41, 0x00, 0x4b, 0x00,
1674 0x4b, 0x00, 0x3c, 0x00, 0x48, 0x00, 0x24, 0x00, 0x38, 0x00, 0x54, 0x00, 0x60, 0x00,
1675 0x2d, 0x00, 0x29, 0x00, 0x64, 0x00, 0x5b, 0x00, 0x77, 0x00, 0x3a, 0x00, 0x4c, 0x00,
1676 0x24, 0x00, 0x23, 0x00, 0x66, 0x00, 0x43, 0x00, 0x68, 0x00, 0x22, 0x00, 0x55, 0x00,
1677 0x29, 0x00, 0x2c, 0x00, 0x4f, 0x00, 0x5a, 0x00, 0x50, 0x00, 0x61, 0x00, 0x2a, 0x00,
1678 0x6f, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x68, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x67, 0x00,
1679 0x68, 0x00, 0x68, 0x00, 0x49, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x72, 0x00, 0x53, 0x00,
1680 0x4c, 0x00, 0x25, 0x00, 0x4d, 0x00, 0x67, 0x00, 0x2e, 0x00, 0x4f, 0x00, 0x64, 0x00,
1681 0x61, 0x00, 0x73, 0x00, 0x24, 0x00, 0x46, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x45, 0x00,
1682 0x6f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x33, 0x00, 0x38, 0x00, 0x47, 0x00, 0x71, 0x00,
1683 0x5a, 0x00, 0x37, 0x00, 0x7a, 0x00, 0x35, 0x00, 0x6b, 0x00, 0x3c, 0x00, 0x26, 0x00,
1684 0x37, 0x00, 0x69, 0x00, 0x75, 0x00, 0x36, 0x00, 0x37, 0x00, 0x47, 0x00, 0x21, 0x00,
1685 0x2d, 0x00, 0x69, 0x00, 0x37, 0x00, 0x78, 0x00, 0x5f, 0x00, 0x72, 0x00, 0x4b, 0x00,
1686 0x5c, 0x00, 0x74, 0x00, 0x3e, 0x00, 0x52, 0x00, 0x7a, 0x00, 0x49, 0x00, 0x31, 0x00,
1687 0x5a, 0x00, 0x7b, 0x00, 0x29, 0x00, 0x3b, 0x00, 0x78, 0x00, 0x3b, 0x00, 0x55, 0x00,
1688 0x3e, 0x00, 0x35, 0x00, 0x2b, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x59, 0x00, 0x38, 0x00,
1689 0x2a, 0x00, 0x59, 0x00, 0x6b, 0x00, 0x42, 0x00, 0x4c, 0x00, 0x3e, 0x00, 0x6a, 0x00,
1690 0x49, 0x00, 0x2c, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x35, 0x00, 0x4f, 0x00, 0x49, 0x00,
1691 0x55, 0x00, 0x35, 0x00, 0x61, 0x00, 0x72, 0x00, 0x77, 0x00, 0x38, 0x00, 0x32, 0x00,
1692 0x24, 0x00, 0x46, 0x00, 0x32, 0x00, 0x32, 0x00, 0x27, 0x00, 0x64, 0x00, 0x5a, 0x00,
1693 0x77, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x77, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x63, 0x00,
1694 0x4f, 0x00, 0x67, 0x00, 0x64, 0x00, 0x39, 0x00, 0x37, 0x00, 0x31, 0x00, 0x30, 0x00,
1695 0x28, 0x00, 0x2e, 0x00, 0x6f, 0x00, 0x3e, 0x00, 0x59, 0x00, 0x28, 0x00, 0x67, 0x00,
1696 0x52, 0x00, 0x35, 0x00, 0x5a, 0x00, 0x7c, 0x00, 0x56, 0x00, 0x6a, 0x00, 0x5c, 0x00,
1697 0x3c, 0x00, 0x30, 0x00, 0x59, 0x00, 0x5c, 0x00, 0x5e, 0x00, 0x38, 0x00, 0x54, 0x00,
1698 0x5c, 0x00, 0x5b, 0x00, 0x42, 0x00, 0x62, 0x00, 0x70, 0x00, 0x34, 0x00, 0x5c, 0x00,
1699 0x57, 0x00, 0x7a, 0x00, 0x4b, 0x00, 0x2f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x4f, 0x00,
1700 0x41, 0x00, 0x33, 0x00, 0x52, 0x00, 0x36, 0x00, 0x27, 0x00, 0x30, 0x00, 0x6d, 0x00,
1701 0x4a, 0x00, 0x30, 0x00, 0x78, 0x00, 0x46, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x29, 0x00,
1702 0x66, 0x00, 0x3f, 0x00, 0x72, 0x00, 0x71, 0x00, 0x75, 0x00, 0x4c, 0x00, 0x2b, 0x00,
1703 0x5c, 0x00, 0x46, 0x00, 0x52, 0x00, 0x7b, 0x00, 0x5c, 0x00, 0x69, 0x00, 0x66, 0x00,
1704 0x56, 0x00, 0x31, 0x00, 0x2d, 0x00, 0x72, 0x00, 0x61, 0x00, 0x68, 0x00, 0x28, 0x00,
1705 0x7d, 0x00, 0x58, 0x00, 0x2a, 0x00, 0x7b, 0x00, 0x28, 0x00, 0x5b, 0x00, 0x54, 0x00,
1706 0x3a, 0x00, 0x26, 0x00, 0x52, 0x00, 0x44, 0x00, 0x60, 0x00, 0x50, 0x00, 0x65, 0x00,
1707 0x48, 0x00, 0x7d, 0x00, 0x2a, 0x00, 0x74, 0x00, 0x49, 0x00, 0x7b, 0x00, 0x21, 0x00,
1708 0x61, 0x00, 0x52, 0x00, 0x43, 0x00, 0x5f, 0x00, 0x5a, 0x00, 0x74, 0x00, 0x5c, 0x00,
1709 0x62, 0x00, 0x68, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x2b, 0x00, 0x6f, 0x00, 0x7c, 0x00,
1710 0x42, 0x00, 0x67, 0x00, 0x32, 0x00, 0x58, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2f, 0x00,
1711 0x2d, 0x00, 0x60, 0x00, 0x62, 0x00, 0x51, 0x00, 0x2a, 0x00, 0x30, 0x00, 0x31, 0x00,
1712 0x48, 0x00, 0x5b, 0x00, 0x5b, 0x00, 0x5d, 0x00, 0x25, 0x00, 0x58, 0x00, 0x4a, 0x00,
1713 0x76, 0x00, 0x32, 0x00, 0x62, 0x00, 0x27, 0x00, 0x42, 0x00, 0x40, 0x00, 0x53, 0x00,
1714 0x7c, 0x00, 0x7d, 0x00, 0x50, 0x00, 0x3d, 0x00, 0x40, 0x00, 0x76, 0x00, 0x38, 0x00,
1715 0x58, 0x00, 0x39, 0x00, 0x63, 0x00, 0x3c, 0x00, 0x5b, 0x00, 0x23, 0x00, 0x53, 0x00,
1716 0x7a, 0x00, 0x54, 0x00, 0x74, 0x00, 0x61, 0x00, 0x76, 0x00, 0x4a, 0x00, 0x3e, 0x00,
1717 0x33, 0x00, 0x75, 0x00, 0x66, 0x00, 0x2d, 0x00, 0x48, 0x00, 0x33, 0x00, 0x71, 0x00,
1718 0x76, 0x00, 0x48, 0x00, 0x71, 0x00, 0x41, 0x00, 0x6f, 0x00, 0x2a, 0x00, 0x67, 0x00,
1719 0x70, 0x00, 0x21, 0x00, 0x70, 0x00, 0x4b, 0x00, 0x52, 0x00, 0x58, 0x00, 0x68, 0x00,
1720 0x23, 0x00, 0x39, 0x00, 0x46, 0x00, 0x4d, 0x00, 0x51, 0x00, 0x57, 0x00, 0x3a, 0x00,
1721 0x79, 0x00, 0x7b, 0x00, 0x6c, 0x00, 0x55, 0x00, 0x33, 0x00, 0x65, 0x00, 0x49, 0x00,
1722 0x72, 0x00, 0x30, 0x00, 0x4f, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x31, 0x00, 0x4a, 0x00,
1723 0x60, 0x00, 0x79, 0x00, 0x70, 0x00, 0x4f, 0x00, 0x58, 0x00, 0x75, 0x00, 0x44, 0x00,
1724 0x59, 0x00, 0x58, 0x00, 0x46, 0x00, 0x3d, 0x00, 0x46, 0x00, 0x74, 0x00, 0x51, 0x00,
1725 0x57, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x23, 0x00, 0x45, 0x00, 0x60, 0x00,
1726 0x4c, 0x00, 0x72, 0x00, 0x4e, 0x00, 0x74, 0x00, 0x40, 0x00, 0x76, 0x00, 0x75, 0x00,
1727 0x74, 0x00, 0x56, 0x00, 0x44, 0x00, 0x29, 0x00, 0x62, 0x00, 0x58, 0x00, 0x31, 0x00,
1728 0x78, 0x00, 0x32, 0x00, 0x52, 0x00, 0x4a, 0x00, 0x6b, 0x00, 0x55, 0x00, 0x72, 0x00,
1729 0x6f, 0x00, 0x6f, 0x00, 0x4a, 0x00, 0x54, 0x00, 0x7d, 0x00, 0x68, 0x00, 0x3f, 0x00,
1730 0x28, 0x00, 0x21, 0x00, 0x53, 0x00, 0x48, 0x00, 0x5a, 0x00, 0x34, 0x00, 0x36, 0x00,
1731 0x35, 0x00, 0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x69, 0x00, 0x23, 0x00, 0x75, 0x00,
1732 0x55, 0x00, 0x43, 0x00, 0x75, 0x00, 0x2f, 0x00, 0x73, 0x00, 0x62, 0x00, 0x6f, 0x00,
1733 0x37, 0x00, 0x4e, 0x00, 0x25, 0x00, 0x25, 0x00, 0x21, 0x00, 0x3d, 0x00, 0x3c, 0x00,
1734 0x71, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x30, 0x00, 0x36, 0x00, 0x62, 0x00, 0x63, 0x00,
1735 0x53, 0x00, 0x54, 0x00, 0x5d, 0x00, 0x61, 0x00, 0x4c, 0x00, 0x28, 0x00, 0x2b, 0x00,
1736 0x4c, 0x00, 0x4e, 0x00, 0x66, 0x00, 0x5f, 0x00, 0x4b, 0x00, 0x43, 0x00, 0x75, 0x00,
1737 0x45, 0x00, 0x37, 0x00, 0x28, 0x00, 0x56, 0x00, 0x36, 0x00, 0x6a, 0x00, 0x3e, 0x00,
1738 0x64, 0x00, 0x34, 0x00, 0x6a, 0x00, 0x7d, 0x00, 0x4a, 0x00, 0x66, 0x00, 0x7a, 0x00,
1739 0x3e, 0x00, 0x75, 0x00, 0x38, 0x00, 0x7b, 0x00, 0x42, 0x00, 0x76, 0x00, 0x29, 0x00,
1740 0x4c, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x2b, 0x00, 0x51, 0x00,
1741 0x47, 0x00, 0x22, 0x00, 0x48, 0x00, 0x3d, 0x00, 0x49, 0x00, 0x44, 0x00, 0x5d, 0x00,
1742 0x59, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x24, 0x00, 0x35, 0x00, 0x34, 0x00, 0x70, 0x00,
1743 0x69, 0x00,
1744 ];
1745 let mut dcerpc_state = DCERPCState::new();
69cf5c9e 1746 assert_eq!(16, dcerpc_state.process_header(request));
8036202c
SB		 1747 assert_eq!(1008, dcerpc_state.process_request_pdu(&request[16..]));
1748 }
1749
1750 #[test]
1751 pub fn test_parse_dcerpc() {
1752 let request: &[u8] = &[
1753 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1754 0x00, 0x00, 0xe8, 0x03, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x45, 0x00, 0x2c, 0x00,
1755 0x4d, 0x00, 0x73, 0x00, 0x53, 0x00, 0x59, 0x00, 0x2a, 0x00, 0x4a, 0x00, 0x7a, 0x00,
1756 0x3e, 0x00, 0x58, 0x00, 0x21, 0x00, 0x4a, 0x00, 0x30, 0x00, 0x41, 0x00, 0x4b, 0x00,
1757 0x4b, 0x00, 0x3c, 0x00, 0x48, 0x00, 0x24, 0x00, 0x38, 0x00, 0x54, 0x00, 0x60, 0x00,
1758 0x2d, 0x00, 0x29, 0x00, 0x64, 0x00, 0x5b, 0x00, 0x77, 0x00, 0x3a, 0x00, 0x4c, 0x00,
1759 0x24, 0x00, 0x23, 0x00, 0x66, 0x00, 0x43, 0x00, 0x68, 0x00, 0x22, 0x00, 0x55, 0x00,
1760 0x29, 0x00, 0x2c, 0x00, 0x4f, 0x00, 0x5a, 0x00, 0x50, 0x00, 0x61, 0x00, 0x2a, 0x00,
1761 0x6f, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x68, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x67, 0x00,
1762 0x68, 0x00, 0x68, 0x00, 0x49, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x72, 0x00, 0x53, 0x00,
1763 0x4c, 0x00, 0x25, 0x00, 0x4d, 0x00, 0x67, 0x00, 0x2e, 0x00, 0x4f, 0x00, 0x64, 0x00,
1764 0x61, 0x00, 0x73, 0x00, 0x24, 0x00, 0x46, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x45, 0x00,
1765 0x6f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x33, 0x00, 0x38, 0x00, 0x47, 0x00, 0x71, 0x00,
1766 0x5a, 0x00, 0x37, 0x00, 0x7a, 0x00, 0x35, 0x00, 0x6b, 0x00, 0x3c, 0x00, 0x26, 0x00,
1767 0x37, 0x00, 0x69, 0x00, 0x75, 0x00, 0x36, 0x00, 0x37, 0x00, 0x47, 0x00, 0x21, 0x00,
1768 0x2d, 0x00, 0x69, 0x00, 0x37, 0x00, 0x78, 0x00, 0x5f, 0x00, 0x72, 0x00, 0x4b, 0x00,
1769 0x5c, 0x00, 0x74, 0x00, 0x3e, 0x00, 0x52, 0x00, 0x7a, 0x00, 0x49, 0x00, 0x31, 0x00,
1770 0x5a, 0x00, 0x7b, 0x00, 0x29, 0x00, 0x3b, 0x00, 0x78, 0x00, 0x3b, 0x00, 0x55, 0x00,
1771 0x3e, 0x00, 0x35, 0x00, 0x2b, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x59, 0x00, 0x38, 0x00,
1772 0x2a, 0x00, 0x59, 0x00, 0x6b, 0x00, 0x42, 0x00, 0x4c, 0x00, 0x3e, 0x00, 0x6a, 0x00,
1773 0x49, 0x00, 0x2c, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x35, 0x00, 0x4f, 0x00, 0x49, 0x00,
1774 0x55, 0x00, 0x35, 0x00, 0x61, 0x00, 0x72, 0x00, 0x77, 0x00, 0x38, 0x00, 0x32, 0x00,
1775 0x24, 0x00, 0x46, 0x00, 0x32, 0x00, 0x32, 0x00, 0x27, 0x00, 0x64, 0x00, 0x5a, 0x00,
1776 0x77, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x77, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x63, 0x00,
1777 0x4f, 0x00, 0x67, 0x00, 0x64, 0x00, 0x39, 0x00, 0x37, 0x00, 0x31, 0x00, 0x30, 0x00,
1778 0x28, 0x00, 0x2e, 0x00, 0x6f, 0x00, 0x3e, 0x00, 0x59, 0x00, 0x28, 0x00, 0x67, 0x00,
1779 0x52, 0x00, 0x35, 0x00, 0x5a, 0x00, 0x7c, 0x00, 0x56, 0x00, 0x6a, 0x00, 0x5c, 0x00,
1780 0x3c, 0x00, 0x30, 0x00, 0x59, 0x00, 0x5c, 0x00, 0x5e, 0x00, 0x38, 0x00, 0x54, 0x00,
1781 0x5c, 0x00, 0x5b, 0x00, 0x42, 0x00, 0x62, 0x00, 0x70, 0x00, 0x34, 0x00, 0x5c, 0x00,
1782 0x57, 0x00, 0x7a, 0x00, 0x4b, 0x00, 0x2f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x4f, 0x00,
1783 0x41, 0x00, 0x33, 0x00, 0x52, 0x00, 0x36, 0x00, 0x27, 0x00, 0x30, 0x00, 0x6d, 0x00,
1784 0x4a, 0x00, 0x30, 0x00, 0x78, 0x00, 0x46, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x29, 0x00,
1785 0x66, 0x00, 0x3f, 0x00, 0x72, 0x00, 0x71, 0x00, 0x75, 0x00, 0x4c, 0x00, 0x2b, 0x00,
1786 0x5c, 0x00, 0x46, 0x00, 0x52, 0x00, 0x7b, 0x00, 0x5c, 0x00, 0x69, 0x00, 0x66, 0x00,
1787 0x56, 0x00, 0x31, 0x00, 0x2d, 0x00, 0x72, 0x00, 0x61, 0x00, 0x68, 0x00, 0x28, 0x00,
1788 0x7d, 0x00, 0x58, 0x00, 0x2a, 0x00, 0x7b, 0x00, 0x28, 0x00, 0x5b, 0x00, 0x54, 0x00,
1789 0x3a, 0x00, 0x26, 0x00, 0x52, 0x00, 0x44, 0x00, 0x60, 0x00, 0x50, 0x00, 0x65, 0x00,
1790 0x48, 0x00, 0x7d, 0x00, 0x2a, 0x00, 0x74, 0x00, 0x49, 0x00, 0x7b, 0x00, 0x21, 0x00,
1791 0x61, 0x00, 0x52, 0x00, 0x43, 0x00, 0x5f, 0x00, 0x5a, 0x00, 0x74, 0x00, 0x5c, 0x00,
1792 0x62, 0x00, 0x68, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x2b, 0x00, 0x6f, 0x00, 0x7c, 0x00,
1793 0x42, 0x00, 0x67, 0x00, 0x32, 0x00, 0x58, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2f, 0x00,
1794 0x2d, 0x00, 0x60, 0x00, 0x62, 0x00, 0x51, 0x00, 0x2a, 0x00, 0x30, 0x00, 0x31, 0x00,
1795 0x48, 0x00, 0x5b, 0x00, 0x5b, 0x00, 0x5d, 0x00, 0x25, 0x00, 0x58, 0x00, 0x4a, 0x00,
1796 0x76, 0x00, 0x32, 0x00, 0x62, 0x00, 0x27, 0x00, 0x42, 0x00, 0x40, 0x00, 0x53, 0x00,
1797 0x7c, 0x00, 0x7d, 0x00, 0x50, 0x00, 0x3d, 0x00, 0x40, 0x00, 0x76, 0x00, 0x38, 0x00,
1798 0x58, 0x00, 0x39, 0x00, 0x63, 0x00, 0x3c, 0x00, 0x5b, 0x00, 0x23, 0x00, 0x53, 0x00,
1799 0x7a, 0x00, 0x54, 0x00, 0x74, 0x00, 0x61, 0x00, 0x76, 0x00, 0x4a, 0x00, 0x3e, 0x00,
1800 0x33, 0x00, 0x75, 0x00, 0x66, 0x00, 0x2d, 0x00, 0x48, 0x00, 0x33, 0x00, 0x71, 0x00,
1801 0x76, 0x00, 0x48, 0x00, 0x71, 0x00, 0x41, 0x00, 0x6f, 0x00, 0x2a, 0x00, 0x67, 0x00,
1802 0x70, 0x00, 0x21, 0x00, 0x70, 0x00, 0x4b, 0x00, 0x52, 0x00, 0x58, 0x00, 0x68, 0x00,
1803 0x23, 0x00, 0x39, 0x00, 0x46, 0x00, 0x4d, 0x00, 0x51, 0x00, 0x57, 0x00, 0x3a, 0x00,
1804 0x79, 0x00, 0x7b, 0x00, 0x6c, 0x00, 0x55, 0x00, 0x33, 0x00, 0x65, 0x00, 0x49, 0x00,
1805 0x72, 0x00, 0x30, 0x00, 0x4f, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x31, 0x00, 0x4a, 0x00,
1806 0x60, 0x00, 0x79, 0x00, 0x70, 0x00, 0x4f, 0x00, 0x58, 0x00, 0x75, 0x00, 0x44, 0x00,
1807 0x59, 0x00, 0x58, 0x00, 0x46, 0x00, 0x3d, 0x00, 0x46, 0x00, 0x74, 0x00, 0x51, 0x00,
1808 0x57, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x23, 0x00, 0x45, 0x00, 0x60, 0x00,
1809 0x4c, 0x00, 0x72, 0x00, 0x4e, 0x00, 0x74, 0x00, 0x40, 0x00, 0x76, 0x00, 0x75, 0x00,
1810 0x74, 0x00, 0x56, 0x00, 0x44, 0x00, 0x29, 0x00, 0x62, 0x00, 0x58, 0x00, 0x31, 0x00,
1811 0x78, 0x00, 0x32, 0x00, 0x52, 0x00, 0x4a, 0x00, 0x6b, 0x00, 0x55, 0x00, 0x72, 0x00,
1812 0x6f, 0x00, 0x6f, 0x00, 0x4a, 0x00, 0x54, 0x00, 0x7d, 0x00, 0x68, 0x00, 0x3f, 0x00,
1813 0x28, 0x00, 0x21, 0x00, 0x53, 0x00, 0x48, 0x00, 0x5a, 0x00, 0x34, 0x00, 0x36, 0x00,
1814 0x35, 0x00, 0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x69, 0x00, 0x23, 0x00, 0x75, 0x00,
1815 0x55, 0x00, 0x43, 0x00, 0x75, 0x00, 0x2f, 0x00, 0x73, 0x00, 0x62, 0x00, 0x6f, 0x00,
1816 0x37, 0x00, 0x4e, 0x00, 0x25, 0x00, 0x25, 0x00, 0x21, 0x00, 0x3d, 0x00, 0x3c, 0x00,
1817 0x71, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x30, 0x00, 0x36, 0x00, 0x62, 0x00, 0x63, 0x00,
1818 0x53, 0x00, 0x54, 0x00, 0x5d, 0x00, 0x61, 0x00, 0x4c, 0x00, 0x28, 0x00, 0x2b, 0x00,
1819 0x4c, 0x00, 0x4e, 0x00, 0x66, 0x00, 0x5f, 0x00, 0x4b, 0x00, 0x43, 0x00, 0x75, 0x00,
1820 0x45, 0x00, 0x37, 0x00, 0x28, 0x00, 0x56, 0x00, 0x36, 0x00, 0x6a, 0x00, 0x3e, 0x00,
1821 0x64, 0x00, 0x34, 0x00, 0x6a, 0x00, 0x7d, 0x00, 0x4a, 0x00, 0x66, 0x00, 0x7a, 0x00,
1822 0x3e, 0x00, 0x75, 0x00, 0x38, 0x00, 0x7b, 0x00, 0x42, 0x00, 0x76, 0x00, 0x29, 0x00,
1823 0x4c, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x2b, 0x00, 0x51, 0x00,
1824 0x47, 0x00, 0x22, 0x00, 0x48, 0x00, 0x3d, 0x00, 0x49, 0x00, 0x44, 0x00, 0x5d, 0x00,
1825 0x59, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x24, 0x00, 0x35, 0x00, 0x34, 0x00, 0x70, 0x00,
1826 0x69, 0x00,
1827 ];
1828 let mut dcerpc_state = DCERPCState::new();
1829 assert_eq!(
1830 AppLayerResult::ok(),
a866499b 1831 dcerpc_state.handle_input_data(request, Direction::ToServer)
8036202c
SB		 1832 );
1833 if let Some(hdr) = dcerpc_state.header {
1834 assert_eq!(0, hdr.hdrtype);
1835 assert_eq!(5, hdr.rpc_vers);
1836 assert_eq!(1024, hdr.frag_length);
1837 }
bab497ab
SB		 1838 let tx = &dcerpc_state.transactions[0];
1839 assert_eq!(11, tx.ctxid);
1840 assert_eq!(9, tx.opnum);
1841 assert_eq!(1, tx.first_request_seen);
2033f386 1842 assert_eq!(1000, tx.stub_data_buffer_ts.len());
bab497ab 1843 assert_eq!(true, tx.stub_data_buffer_reset_ts);
8036202c
SB		 1844 }
1845
1846 #[test]
1847 pub fn test_parse_bind_pdu() {
1848 let bind1: &[u8] = &[
1849 0x05, 0x00, 0x0b, 0x01, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
1850 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1851 0x00, 0x00, 0x01, 0x00, 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, 0x86, 0x1e,
1852 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1853 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1854 0x00, 0x00,
1855 ];
1856 let bind2: &[u8] = &[
1857 0x05, 0x00, 0x0b, 0x02, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
1858 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1859 0x01, 0x00, 0x01, 0x00, 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, 0x86, 0x1e,
1860 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x67, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1861 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1862 0x00, 0x00,
1863 ];
1864 let mut dcerpc_state = DCERPCState::new();
1865 assert_eq!(
1866 AppLayerResult::ok(),
a866499b 1867 dcerpc_state.handle_input_data(bind1, Direction::ToServer)
8036202c
SB		 1868 );
1869 assert_eq!(
1870 AppLayerResult::ok(), // TODO ASK if this is correct?
a866499b 1871 dcerpc_state.handle_input_data(bind2, Direction::ToServer)
8036202c
SB		 1872 );
1873 }
1874
1875 #[test]
1876 pub fn test_parse_bind_frag_1() {
1877 let bind1: &[u8] = &[
1878 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0xdc, 0x02, 0x00, 0x00, 0x00, 0x00,
1879 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1880 0x00, 0x00, 0x01, 0x00, 0xc7, 0x70, 0x0d, 0x3e, 0x71, 0x37, 0x39, 0x0d, 0x3a, 0x4f,
1881 0xd3, 0xdc, 0xca, 0x49, 0xe8, 0xa3, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1882 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1883 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x84, 0xb6, 0x55, 0x75, 0xdb, 0x9e, 0xba, 0x54,
1884 0x56, 0xd3, 0x45, 0x10, 0xb7, 0x7a, 0x2a, 0xe2, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
1885 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1886 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x6e, 0x39, 0x21, 0x24, 0x70, 0x6f,
1887 0x41, 0x57, 0x54, 0x70, 0xb8, 0xc3, 0x5e, 0x89, 0x3b, 0x43, 0x03, 0x00, 0x00, 0x00,
1888 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1889 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x39, 0x6a, 0x86, 0x5d,
1890 0x24, 0x0f, 0xd2, 0xf7, 0xb6, 0xce, 0x95, 0x9c, 0x54, 0x1d, 0x3a, 0xdb, 0x02, 0x00,
1891 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1892 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x12, 0xa5,
1893 0xdd, 0xc5, 0x55, 0xce, 0xc3, 0x46, 0xbd, 0xa0, 0x94, 0x39, 0x3c, 0x0d, 0x9b, 0x5b,
1894 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1895 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
1896 0x87, 0x1c, 0x8b, 0x6e, 0x11, 0xa8, 0x67, 0x98, 0xd4, 0x5d, 0xf6, 0x8a, 0x2f, 0x33,
1897 0x24, 0x7b, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1898 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
1899 0x01, 0x00, 0x9b, 0x82, 0x13, 0xd1, 0x28, 0xe0, 0x63, 0xf3, 0x62, 0xee, 0x76, 0x73,
1900 0xf9, 0xac, 0x3d, 0x2e, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1901 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1902 0x07, 0x00, 0x01, 0x00, 0xa9, 0xd4, 0x73, 0xf2, 0xed, 0xad, 0xe8, 0x82, 0xf8, 0xcf,
1903 0x9d, 0x9f, 0x66, 0xe6, 0x43, 0x37, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1904 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1905 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x06, 0x2b, 0x85, 0x38, 0x4f, 0x73, 0x96, 0xb1,
1906 0x73, 0xe1, 0x59, 0xbe, 0x9d, 0xe2, 0x6c, 0x07, 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d,
1907 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1908 ];
1909 let bind2: &[u8] = &[
1910 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xbf, 0xfa, 0xbb, 0xa4, 0x9e, 0x5c,
1911 0x80, 0x61, 0xb5, 0x8b, 0x79, 0x69, 0xa6, 0x32, 0x88, 0x77, 0x01, 0x00, 0x01, 0x00,
1912 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1913 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x39, 0xa8, 0x2c, 0x39,
1914 0x73, 0x50, 0x06, 0x8d, 0xf2, 0x37, 0x1e, 0x1e, 0xa8, 0x8f, 0x46, 0x98, 0x02, 0x00,
1915 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1916 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x91, 0x13,
1917 0xd0, 0xa7, 0xef, 0xc4, 0xa7, 0x96, 0x0c, 0x4a, 0x0d, 0x29, 0x80, 0xd3, 0xfe, 0xbf,
1918 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1919 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
1920 0xcc, 0x2b, 0x55, 0x1d, 0xd4, 0xa4, 0x0d, 0xfb, 0xcb, 0x6f, 0x86, 0x36, 0xa6, 0x57,
1921 0xc3, 0x21, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1922 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
1923 0x01, 0x00, 0x43, 0x7b, 0x07, 0xee, 0x85, 0xa8, 0xb9, 0x3a, 0x0f, 0xf9, 0x83, 0x70,
1924 0xe6, 0x0b, 0x4f, 0x33, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1925 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1926 0x0e, 0x00, 0x01, 0x00, 0x9c, 0x6a, 0x15, 0x8c, 0xd6, 0x9c, 0xa6, 0xc3, 0xb2, 0x9e,
1927 0x62, 0x9f, 0x3d, 0x8e, 0x47, 0x73, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1928 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1929 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,
1930 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,
1931 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1932 0x02, 0x00, 0x00, 0x00,
1933 ];
1934 let mut dcerpc_state = DCERPCState::new();
1935 assert_eq!(
1936 AppLayerResult::ok(),
a866499b 1937 dcerpc_state.handle_input_data(bind1, Direction::ToServer)
8036202c
SB		 1938 );
1939 assert_eq!(
1940 AppLayerResult::ok(),
a866499b 1941 dcerpc_state.handle_input_data(bind2, Direction::ToServer)
8036202c
SB		 1942 );
1943 if let Some(ref bind) = dcerpc_state.bind {
1944 assert_eq!(16, bind.numctxitems);
1945 assert_eq!(0, dcerpc_state.bytes_consumed); // because the buffer is cleared after a query is complete
1946 }
1947 }
1948
1949 #[test]
1950 pub fn test_parse_bind_frag_2() {
1951 let request1: &[u8] = &[
1952 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1953 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1954 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1955 ];
1956 let request2: &[u8] = &[0x0D, 0x0E];
1957 let request3: &[u8] = &[0x0F, 0x10, 0x11, 0x12, 0x13, 0x14];
1958 let mut dcerpc_state = DCERPCState::new();
1959 assert_eq!(
1960 AppLayerResult::ok(),
a866499b 1961 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 1962 );
1963 assert_eq!(
1964 AppLayerResult::ok(),
a866499b 1965 dcerpc_state.handle_input_data(request2, Direction::ToServer)
8036202c
SB		 1966 );
1967 assert_eq!(
1968 AppLayerResult::ok(),
a866499b 1969 dcerpc_state.handle_input_data(request3, Direction::ToServer)
8036202c 1970 );
bab497ab 1971 let tx = &dcerpc_state.transactions[0];
2033f386 1972 assert_eq!(20, tx.stub_data_buffer_ts.len());
8036202c
SB		 1973 }
1974
1975 #[test]
1976 pub fn test_parse_bind_frag_3() {
1977 let request1: &[u8] = &[
1978 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1979 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1980 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1981 ];
1982 let mut dcerpc_state = DCERPCState::new();
1983 assert_eq!(
1984 AppLayerResult::ok(),
a866499b 1985 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 1986 );
1987 }
1988
1989 #[test]
1990 pub fn test_parse_bind_frag_4() {
1991 let request1: &[u8] = &[
1992 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1993 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1994 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1995 ];
1996 let mut dcerpc_state = DCERPCState::new();
1997 assert_eq!(
1998 AppLayerResult::ok(),
a866499b 1999 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 2000 );
2001 }
2002
2003 #[test]
2004 pub fn test_parse_dcerpc_frag_1() {
2005 let fault: &[u8] = &[
2006 0x05, 0x00, 0x03, 0x03, 0x10, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
2007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0xf7, 0x06, 0x00, 0x00,
2008 0x00, 0x00, 0x00, 0x00,
2009 ];
2010 let request1: &[u8] = &[0x05, 0x00];
2011 let request2: &[u8] = &[
2012 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2013 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
2014 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2015 ];
2016 let mut dcerpc_state = DCERPCState::new();
2017 assert_eq!(
2018 AppLayerResult::err(),
a866499b 2019 dcerpc_state.handle_input_data(fault, Direction::ToServer)
8036202c
SB		 2020 );
2021 assert_eq!(
2022 AppLayerResult::ok(),
a866499b 2023 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 2024 );
2025 assert_eq!(
2026 AppLayerResult::ok(),
a866499b 2027 dcerpc_state.handle_input_data(request2, Direction::ToServer)
8036202c 2028 );
bab497ab 2029 let tx = &dcerpc_state.transactions[0];
2033f386 2030 assert_eq!(12, tx.stub_data_buffer_ts.len());
8036202c
SB		 2031 }
2032
2033 #[test]
2034 pub fn test_parse_dcerpc_frag_2() {
2035 let request1: &[u8] = &[
2036 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00,
2037 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
2038 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2039 ];
2040 let request2: &[u8] = &[0x05, 0x00];
2041 let request3: &[u8] = &[
2042 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2043 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
2044 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2045 ];
2046 let mut dcerpc_state = DCERPCState::new();
2047 assert_eq!(
2048 AppLayerResult::ok(),
a866499b 2049 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 2050 );
2051 assert_eq!(
2052 AppLayerResult::ok(),
a866499b 2053 dcerpc_state.handle_input_data(request2, Direction::ToServer)
8036202c
SB		 2054 );
2055 assert_eq!(
2056 AppLayerResult::ok(),
a866499b 2057 dcerpc_state.handle_input_data(request3, Direction::ToServer)
8036202c
SB		 2058 );
2059 }
2060
2061 #[test]
2062 pub fn test_parse_dcerpc_back_frag() {
2063 let bind_ack1: &[u8] = &[
2064 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00,
2065 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
2066 ];
2067 let bind_ack2: &[u8] = &[
2068 0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x6c, 0x73, 0x61, 0x73, 0x73, 0x00,
2069 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2070 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2071 0x00, 0x00,
2072 ];
2073 let mut dcerpc_state = DCERPCState::new();
a866499b 2074 dcerpc_state.data_needed_for_dir = Direction::ToClient;
8036202c
SB		 2075 assert_eq!(
2076 AppLayerResult::ok(),
a866499b 2077 dcerpc_state.handle_input_data(bind_ack1, Direction::ToClient)
8036202c
SB		 2078 );
2079 assert_eq!(
2080 AppLayerResult::ok(),
a866499b 2081 dcerpc_state.handle_input_data(bind_ack2, Direction::ToClient)
8036202c
SB		 2082 );
2083 }
2084
2085 #[test]
2086 // Check if the parser accepts bind pdus that have context ids starting
2087 // from a non-zero value.
2088 pub fn test_parse_bind_pdu_ctx_id_non_zero() {
2089 let bindbuf: &[u8] = &[
2090 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x7f, 0x00,
2091 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2092 0x01, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00,
2093 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2094 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2095 0x00, 0x00,
2096 ];
2097 let mut dcerpc_state = DCERPCState::new();
2098 let expected_uuid: &[u8] = &[
2099 0x00, 0x00, 0x01, 0xa0, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00,
2100 0x00, 0x46,
2101 ];
2102 assert_eq!(
2103 AppLayerResult::ok(),
a866499b 2104 dcerpc_state.handle_input_data(bindbuf, Direction::ToServer)
8036202c
SB		 2105 );
2106 if let Some(ref bind) = dcerpc_state.bind {
2107 let bind_uuid = &bind.uuid_list[0].uuid;
2108 assert_eq!(1, bind.uuid_list.len());
2109 assert_eq!(
2110 cmp::Ordering::Equal,
2111 bind_uuid
2112 .iter()
2113 .zip(expected_uuid)
2114 .map(|(x, y)| x.cmp(y))
2115 .find(|&ord| ord != cmp::Ordering::Equal)
5bf5de33 2116 .unwrap_or_else(|| bind_uuid.len().cmp(&expected_uuid.len()))
8036202c
SB		 2117 );
2118 }
2119 }
2120
2121 #[test]
2122 // Check for endless loop with bind PDUs (Imported from C code)
2123 pub fn test_parse_bind_pdu_infinite_loop() {
2124 let bindbuf: &[u8] = &[
2125 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x4A, 0x00, 0x00, 0x00, 0x7f, 0x00,
2126 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
2127 0x01, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00,
2128 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2129 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2130 0x00, 0x00, 0x02, 0x00, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04,
2131 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02,
2132 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
2133 0x01, 0x02, 0x03, 0x04, 0xFF, /* ka boom - endless loop */
2134 ];
2135 let mut dcerpc_state = DCERPCState::new();
2136 assert_eq!(
2137 AppLayerResult::ok(),
a866499b 2138 dcerpc_state.handle_input_data(bindbuf, Direction::ToServer)
8036202c
SB		 2139 );
2140 }
2141
2142 #[test]
2143 // Check for endless loop with bind_ack PDUs (Imported from C code)
2144 pub fn test_parse_bindack_pdu_infinite_loop() {
2145 let bind_ack: &[u8] = &[
2146 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x00, 0x00, 0x7f, 0x00,
2147 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0xfd, 0x04, 0x01, 0x00, 0x04, 0x00, 0x31, 0x33,
2148 0x35, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d,
2149 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2150 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2151 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x01, 0x02, 0x03, 0x04,
2152 0xFF,
2153 ];
2154 let mut dcerpc_state = DCERPCState::new();
a866499b 2155 dcerpc_state.data_needed_for_dir = Direction::ToClient;
8036202c
SB		 2156 assert_eq!(
2157 AppLayerResult::ok(),
a866499b 2158 dcerpc_state.handle_input_data(bind_ack, Direction::ToClient)
8036202c
SB		 2159 );
2160 }
2161
2162 #[test]
2163 // Check for correct internal ids for bind_acks
2164 pub fn test_parse_bindack_internal_ids() {
2165 let bind1: &[u8] = &[
2166 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x58, 0x02, 0x00, 0x00, 0x00, 0x00,
2167 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
2168 0x00, 0x00, 0x01, 0x00, 0x50, 0x08, 0x43, 0x95, 0x43, 0x5a, 0x8b, 0xb2, 0xf4, 0xc5,
2169 0xb9, 0xee, 0x67, 0x55, 0x7c, 0x19, 0x00, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2170 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2171 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0xda, 0xc2, 0xbc, 0x9b, 0x35, 0x2e, 0xd4, 0xc9,
2172 0x1f, 0x85, 0x01, 0xe6, 0x4e, 0x5a, 0x5e, 0xd4, 0x04, 0x00, 0x03, 0x00, 0x04, 0x5d,
2173 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2174 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xb2, 0x97, 0xcc, 0x14, 0x6f, 0x70,
2175 0x0d, 0xa5, 0x33, 0xd7, 0xf4, 0xe3, 0x8e, 0xb2, 0x2a, 0x1e, 0x05, 0x00, 0x02, 0x00,
2176 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2177 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x96, 0x4e, 0xa6, 0xf6,
2178 0xb2, 0x4b, 0xae, 0xb3, 0x21, 0xf4, 0x97, 0x7c, 0xcd, 0xa7, 0x08, 0xb0, 0x00, 0x00,
2179 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2180 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0xbc, 0xc0,
2181 0xf7, 0x71, 0x3f, 0x71, 0x54, 0x44, 0x22, 0xa8, 0x55, 0x0f, 0x98, 0x83, 0x1f, 0xfe,
2182 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2183 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2184 0xbe, 0x52, 0xf2, 0x58, 0x4a, 0xc3, 0xb5, 0xd0, 0xba, 0xac, 0xda, 0xf0, 0x12, 0x99,
2185 0x38, 0x6e, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2186 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2187 0x01, 0x00, 0xdb, 0xfa, 0x73, 0x01, 0xb3, 0x81, 0x01, 0xd4, 0x7f, 0xa0, 0x36, 0xb1,
2188 0x97, 0xae, 0x29, 0x7f, 0x01, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2189 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2190 0x07, 0x00, 0x01, 0x00, 0x89, 0xbe, 0x41, 0x1d, 0x38, 0x75, 0xf5, 0xb5, 0xad, 0x27,
2191 0x73, 0xf1, 0xb0, 0x7a, 0x28, 0x82, 0x05, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2192 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2193 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0xf6, 0x87, 0x09, 0x93, 0xb8, 0xa8, 0x20, 0xc4,
2194 0xb8, 0x63, 0xe6, 0x95, 0xed, 0x59, 0xee, 0x3f, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d,
2195 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2196 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x92, 0x77, 0x92, 0x68, 0x3e, 0xa4,
2197 0xbc, 0x3f, 0x44, 0x33, 0x0e, 0xb8, 0x33, 0x0a, 0x2f, 0xdf, 0x01, 0x00, 0x02, 0x00,
2198 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2199 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0xa1, 0x03, 0xd2, 0xa9,
2200 0xd2, 0x16, 0xc9, 0x89, 0x67, 0x18, 0x3e, 0xb1, 0xee, 0x6b, 0xf9, 0x18, 0x02, 0x00,
2201 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2202 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x2f, 0x09,
2203 0x5e, 0x74, 0xec, 0xa0, 0xbb, 0xc1, 0x60, 0x18, 0xf1, 0x93, 0x04, 0x17, 0x11, 0xf9,
2204 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2205 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
2206 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2207 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2208 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2209 ];
2210 let bind_ack1: &[u8] = &[
2211 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00,
2212 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0xc1, 0x2b, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x50,
2213 0x49, 0x50, 0x45, 0x5c, 0x62, 0x72, 0x6f, 0x77, 0x73, 0x65, 0x72, 0x00, 0x0d, 0x00,
2214 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2215 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2216 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2217 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2218 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2219 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2220 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2221 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2222 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2223 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2224 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2225 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2226 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2227 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2228 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2229 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2230 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2231 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2232 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2233 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2234 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2235 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2236 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2237 ];
2238 let bind2: &[u8] = &[
2239 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0xdc, 0x02, 0x00, 0x00, 0x00, 0x00,
2240 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
2241 0x00, 0x00, 0x01, 0x00, 0xc7, 0x70, 0x0d, 0x3e, 0x71, 0x37, 0x39, 0x0d, 0x3a, 0x4f,
2242 0xd3, 0xdc, 0xca, 0x49, 0xe8, 0xa3, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2243 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2244 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x84, 0xb6, 0x55, 0x75, 0xdb, 0x9e, 0xba, 0x54,
2245 0x56, 0xd3, 0x45, 0x10, 0xb7, 0x7a, 0x2a, 0xe2, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
2246 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2247 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x6e, 0x39, 0x21, 0x24, 0x70, 0x6f,
2248 0x41, 0x57, 0x54, 0x70, 0xb8, 0xc3, 0x5e, 0x89, 0x3b, 0x43, 0x03, 0x00, 0x00, 0x00,
2249 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2250 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x39, 0x6a, 0x86, 0x5d,
2251 0x24, 0x0f, 0xd2, 0xf7, 0xb6, 0xce, 0x95, 0x9c, 0x54, 0x1d, 0x3a, 0xdb, 0x02, 0x00,
2252 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2253 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x12, 0xa5,
2254 0xdd, 0xc5, 0x55, 0xce, 0xc3, 0x46, 0xbd, 0xa0, 0x94, 0x39, 0x3c, 0x0d, 0x9b, 0x5b,
2255 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2256 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2257 0x87, 0x1c, 0x8b, 0x6e, 0x11, 0xa8, 0x67, 0x98, 0xd4, 0x5d, 0xf6, 0x8a, 0x2f, 0x33,
2258 0x24, 0x7b, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2259 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2260 0x01, 0x00, 0x9b, 0x82, 0x13, 0xd1, 0x28, 0xe0, 0x63, 0xf3, 0x62, 0xee, 0x76, 0x73,
2261 0xf9, 0xac, 0x3d, 0x2e, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2262 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2263 0x07, 0x00, 0x01, 0x00, 0xa9, 0xd4, 0x73, 0xf2, 0xed, 0xad, 0xe8, 0x82, 0xf8, 0xcf,
2264 0x9d, 0x9f, 0x66, 0xe6, 0x43, 0x37, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2265 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2266 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x06, 0x2b, 0x85, 0x38, 0x4f, 0x73, 0x96, 0xb1,
2267 0x73, 0xe1, 0x59, 0xbe, 0x9d, 0xe2, 0x6c, 0x07, 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d,
2268 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2269 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xbf, 0xfa, 0xbb, 0xa4, 0x9e, 0x5c,
2270 0x80, 0x61, 0xb5, 0x8b, 0x79, 0x69, 0xa6, 0x32, 0x88, 0x77, 0x01, 0x00, 0x01, 0x00,
2271 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2272 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x39, 0xa8, 0x2c, 0x39,
2273 0x73, 0x50, 0x06, 0x8d, 0xf2, 0x37, 0x1e, 0x1e, 0xa8, 0x8f, 0x46, 0x98, 0x02, 0x00,
2274 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2275 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x91, 0x13,
2276 0xd0, 0xa7, 0xef, 0xc4, 0xa7, 0x96, 0x0c, 0x4a, 0x0d, 0x29, 0x80, 0xd3, 0xfe, 0xbf,
2277 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2278 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
2279 0xcc, 0x2b, 0x55, 0x1d, 0xd4, 0xa4, 0x0d, 0xfb, 0xcb, 0x6f, 0x86, 0x36, 0xa6, 0x57,
2280 0xc3, 0x21, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2281 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
2282 0x01, 0x00, 0x43, 0x7b, 0x07, 0xee, 0x85, 0xa8, 0xb9, 0x3a, 0x0f, 0xf9, 0x83, 0x70,
2283 0xe6, 0x0b, 0x4f, 0x33, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2284 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2285 0x0e, 0x00, 0x01, 0x00, 0x9c, 0x6a, 0x15, 0x8c, 0xd6, 0x9c, 0xa6, 0xc3, 0xb2, 0x9e,
2286 0x62, 0x9f, 0x3d, 0x8e, 0x47, 0x73, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2287 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2288 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,
2289 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,
2290 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2291 0x02, 0x00, 0x00, 0x00,
2292 ];
2293 let bind_ack2: &[u8] = &[
2294 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0xac, 0x01, 0x00, 0x00, 0x00, 0x00,
2295 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0xc2, 0x2b, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x50,
2296 0x49, 0x50, 0x45, 0x5c, 0x62, 0x72, 0x6f, 0x77, 0x73, 0x65, 0x72, 0x00, 0x10, 0x00,
2297 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2298 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2299 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2300 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2301 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2302 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2303 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2304 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2305 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2306 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2307 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2308 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2309 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2310 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2311 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2312 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2313 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2314 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2315 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2316 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2318 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2319 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2320 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2321 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2322 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2323 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2324 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2325 ];
2326 let bind3: &[u8] = &[
2327 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2c, 0x02, 0x00, 0x00, 0x00, 0x00,
2328 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
2329 0x00, 0x00, 0x01, 0x00, 0xa4, 0x7f, 0x8e, 0xc6, 0xef, 0x56, 0x9b, 0x63, 0x92, 0xfa,
2330 0x08, 0xb3, 0x35, 0xe2, 0xa5, 0x81, 0x00, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2331 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2332 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x9f, 0xfc, 0x78, 0xd2, 0x5f, 0x16, 0x0b, 0xbc,
2333 0xc6, 0xdb, 0x5d, 0xef, 0xde, 0x54, 0xa2, 0x6f, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
2334 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2335 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x78, 0xb8, 0x96, 0xc7, 0x2f, 0xda,
2336 0x11, 0x6b, 0xd1, 0x28, 0x68, 0xe1, 0xd6, 0x71, 0xac, 0x9d, 0x03, 0x00, 0x00, 0x00,
2337 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2338 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xcf, 0xf4, 0xd7, 0x37,
2339 0x03, 0xda, 0xcc, 0xe3, 0x3e, 0x34, 0x7f, 0x67, 0x99, 0x91, 0x41, 0x3d, 0x01, 0x00,
2340 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2341 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x48, 0xeb,
2342 0x32, 0xf0, 0x27, 0xd5, 0x9d, 0xd0, 0x1e, 0xc6, 0x48, 0x46, 0x97, 0xe9, 0xdb, 0x09,
2343 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2344 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2345 0x82, 0xec, 0x0d, 0x08, 0xf2, 0x8f, 0x22, 0x57, 0x42, 0x9b, 0xce, 0xa8, 0x74, 0x16,
2346 0xc6, 0xec, 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2347 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2348 0x01, 0x00, 0x2e, 0x00, 0x70, 0x44, 0xee, 0xc9, 0x30, 0x6b, 0xf4, 0x34, 0x1e, 0x3d,
2349 0x35, 0x0f, 0xf7, 0xf7, 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2350 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2351 0x07, 0x00, 0x01, 0x00, 0x59, 0x04, 0x39, 0x3f, 0x59, 0x87, 0x14, 0x0e, 0x76, 0x8d,
2352 0x17, 0xc2, 0x47, 0xfa, 0x67, 0x7f, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2353 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2354 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x30, 0xd6, 0xed, 0x2e, 0x57, 0xfa, 0xf4, 0x72,
2355 0x6c, 0x10, 0x0d, 0xe5, 0x51, 0x7f, 0xd0, 0x39, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d,
2356 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2357 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xea, 0x8b, 0x84, 0x4d, 0x44, 0x43,
2358 0xc1, 0x94, 0x75, 0xe2, 0x81, 0x48, 0xd8, 0x77, 0xd9, 0xce, 0x05, 0x00, 0x00, 0x00,
2359 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2360 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x89, 0x4f, 0xe7, 0x95,
2361 0xa3, 0xc1, 0x62, 0x36, 0x26, 0x9e, 0x67, 0xdb, 0x2c, 0x52, 0x89, 0xd3, 0x01, 0x00,
2362 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2363 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x78, 0x56,
2364 0x34, 0x12, 0x34, 0x12, 0xcd, 0xab, 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
2365 0x01, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2366 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2367 ];
2368 let bind_ack3: &[u8] = &[
2369 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x4c, 0x01, 0x00, 0x00, 0x00, 0x00,
2370 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x1a, 0x33, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x70,
2371 0x69, 0x70, 0x65, 0x5c, 0x73, 0x70, 0x6f, 0x6f, 0x6c, 0x73, 0x73, 0x00, 0x0c, 0x00,
2372 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2373 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2374 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2375 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2376 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2377 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2378 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2379 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2380 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2383 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2384 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2385 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2386 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2388 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2389 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2390 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2391 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2392 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2393 ];
2394 let mut dcerpc_state = DCERPCState::new();
2395 let expected_uuid1 = vec![
2396 0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2397 0xe1, 0x88,
2398 ];
2399 let expected_uuid2 = vec![
2400 0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2401 0xe1, 0x88,
2402 ];
2403 let expected_uuid3 = vec![
2404 0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0xab, 0xcd, 0xef, 0x00, 0x01, 0x23, 0x45, 0x67,
2405 0x89, 0xab,
2406 ];
2407 assert_eq!(
2408 AppLayerResult::ok(),
a866499b 2409 dcerpc_state.handle_input_data(bind1, Direction::ToServer)
8036202c
SB		 2410 );
2411 assert_eq!(
2412 AppLayerResult::ok(),
a866499b 2413 dcerpc_state.handle_input_data(bind_ack1, Direction::ToClient)
8036202c
SB		 2414 );
2415 if let Some(ref back) = dcerpc_state.bindack {
2416 assert_eq!(1, back.accepted_uuid_list.len());
2417 assert_eq!(12, back.accepted_uuid_list[0].ctxid);
2418 assert_eq!(expected_uuid1, back.accepted_uuid_list[0].uuid);
2419 }
2420 assert_eq!(
2421 AppLayerResult::ok(),
a866499b 2422 dcerpc_state.handle_input_data(bind2, Direction::ToServer)
8036202c
SB		 2423 );
2424 assert_eq!(
2425 AppLayerResult::ok(),
a866499b 2426 dcerpc_state.handle_input_data(bind_ack2, Direction::ToClient)
8036202c
SB		 2427 );
2428 if let Some(ref back) = dcerpc_state.bindack {
2429 assert_eq!(1, back.accepted_uuid_list.len());
2430 assert_eq!(15, back.accepted_uuid_list[0].ctxid);
2431 assert_eq!(expected_uuid2, back.accepted_uuid_list[0].uuid);
2432 }
2433 assert_eq!(
2434 AppLayerResult::ok(),
a866499b 2435 dcerpc_state.handle_input_data(bind3, Direction::ToServer)
8036202c
SB		 2436 );
2437 assert_eq!(
2438 AppLayerResult::ok(),
a866499b 2439 dcerpc_state.handle_input_data(bind_ack3, Direction::ToClient)
8036202c
SB		 2440 );
2441 if let Some(ref back) = dcerpc_state.bindack {
2442 assert_eq!(1, back.accepted_uuid_list.len());
a866499b 2443 dcerpc_state.data_needed_for_dir = Direction::ToServer;
8036202c
SB		 2444 assert_eq!(11, back.accepted_uuid_list[0].ctxid);
2445 assert_eq!(expected_uuid3, back.accepted_uuid_list[0].uuid);
2446 }
2447 }
2448
2449 #[test]
2450 pub fn test_bind_acks_alter_contexts_internal_ids() {
2451 let bind: &[u8] = &[
2452 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01, 0x00,
2453 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2454 0x00, 0x00, 0x01, 0x00, 0x40, 0xfd, 0x2c, 0x34, 0x6c, 0x3c, 0xce, 0x11, 0xa8, 0x93,
2455 0x08, 0x00, 0x2b, 0x2e, 0x9c, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2456 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2457 0x00, 0x00,
2458 ];
2459 let bindack: &[u8] = &[
2460 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x01, 0x00,
2461 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x7d, 0xd8, 0x00, 0x00, 0x0d, 0x00, 0x5c, 0x70,
2462 0x69, 0x70, 0x65, 0x5c, 0x6c, 0x6c, 0x73, 0x72, 0x70, 0x63, 0x00, 0x00, 0x01, 0x00,
2463 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2464 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2465 ];
2466 let alter_context: &[u8] = &[
2467 0x05, 0x00, 0x0e, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01, 0x00,
2468 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2469 0x01, 0x00, 0x01, 0x00, 0xd0, 0x4c, 0x67, 0x57, 0x00, 0x52, 0xce, 0x11, 0xa8, 0x97,
2470 0x08, 0x00, 0x2b, 0x2e, 0x9c, 0x6d, 0x01, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2471 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2472 0x00, 0x00,
2473 ];
2474 let alter_context_resp: &[u8] = &[
2475 0x05, 0x00, 0x0f, 0x03, 0x10, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x01, 0x00,
2476 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x7d, 0xd8, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00,
2477 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2478 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2479 ];
2480
2481 let mut dcerpc_state = DCERPCState::new();
2482 let expected_uuid1 = vec![
2483 0x34, 0x2c, 0xfd, 0x40, 0x3c, 0x6c, 0x11, 0xce, 0xa8, 0x93, 0x08, 0x00, 0x2b, 0x2e,
2484 0x9c, 0x6d,
2485 ];
2486 let expected_uuid2 = vec![
2487 0x57, 0x67, 0x4c, 0xd0, 0x52, 0x00, 0x11, 0xce, 0xa8, 0x97, 0x08, 0x00, 0x2b, 0x2e,
2488 0x9c, 0x6d,
2489 ];
2490 assert_eq!(
2491 AppLayerResult::ok(),
a866499b 2492 dcerpc_state.handle_input_data(bind, Direction::ToServer)
8036202c
SB		 2493 );
2494 assert_eq!(
2495 AppLayerResult::ok(),
a866499b 2496 dcerpc_state.handle_input_data(bindack, Direction::ToClient)
8036202c
SB		 2497 );
2498 if let Some(ref back) = dcerpc_state.bindack {
2499 assert_eq!(1, back.accepted_uuid_list.len());
2500 assert_eq!(0, back.accepted_uuid_list[0].ctxid);
2501 assert_eq!(expected_uuid1, back.accepted_uuid_list[0].uuid);
2502 }
2503 assert_eq!(
2504 AppLayerResult::ok(),
a866499b 2505 dcerpc_state.handle_input_data(alter_context, Direction::ToServer)
8036202c
SB		 2506 );
2507 assert_eq!(
2508 AppLayerResult::ok(),
a866499b 2509 dcerpc_state.handle_input_data(alter_context_resp, Direction::ToClient)
8036202c
SB		 2510 );
2511 if let Some(ref back) = dcerpc_state.bindack {
2512 assert_eq!(1, back.accepted_uuid_list.len());
2513 assert_eq!(1, back.accepted_uuid_list[0].ctxid);
2514 assert_eq!(expected_uuid2, back.accepted_uuid_list[0].uuid);
2515 }
2516 }
2517
2518 #[test]
2519 pub fn test_parse_dcerpc_frag_3() {
2520 let request1: &[u8] = &[
2521 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x01, 0x00,
2522 0x00, 0x00, 0x0c, 0x00,
2523 ];
2524 let request2: &[u8] = &[
2525 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
2526 0x09, 0x0A, 0x0B, 0x0C, 0xFF, 0xFF,
2527 ];
2528 let mut dcerpc_state = DCERPCState::new();
2529 assert_eq!(
2530 AppLayerResult::ok(),
a866499b 2531 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 2532 );
2533 assert_eq!(
2534 AppLayerResult::ok(),
a866499b 2535 dcerpc_state.handle_input_data(request2, Direction::ToServer)
8036202c 2536 );
bab497ab
SB		 2537 let tx = &dcerpc_state.transactions[0];
2538 assert_eq!(2, tx.opnum);
2539 assert_eq!(0, tx.ctxid);
2033f386 2540 assert_eq!(14, tx.stub_data_buffer_ts.len());
8036202c
SB		 2541 }
2542}
Michael's tree of suricata