]> git.ipfire.org Git - people/ms/suricata.git/blame - rust/src/dcerpc/dcerpc.rs
projects / people / ms / suricata.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dcerpc/tcp: fix compile warning
[people/ms/suricata.git] / rust / src / dcerpc / dcerpc.rs
CommitLineData
8036202c
SB		 1/* Copyright (C) 2020 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18use std::mem::transmute;
3202d293 19use crate::applayer::{AppLayerResult, AppLayerTxData};
67b5295b 20use crate::core::{self, sc_detect_engine_state_free};
8036202c 21use crate::dcerpc::parser;
8036202c
SB		 22use nom::error::ErrorKind;
23use nom::number::Endianness;
4c7f55e6 24use nom;
8036202c
SB		 25use std::cmp;
26
27// Constant DCERPC UDP Header length
28pub const DCERPC_HDR_LEN: u16 = 16;
29// FIRST flag set on the packet
30pub const DCERPC_UUID_ENTRY_FLAG_FF: u16 = 0x0001;
31
32// Value to indicate first fragment
33pub const PFC_FIRST_FRAG: u8 = 0x01;
34// Value to indicate last fragment
35pub const PFC_LAST_FRAG: u8 = 0x02;
36// Cancel was pending at sender
37pub const PFC_PENDING_CANCEL: u8 = 0x04;
38pub const PFC_RESERVED_1: u8 = 0x08;
39// supports concurrent multiplexing of a single connection.
40pub const PFC_CONC_MPX: u8 = 0x10;
41// only meaningful on `fault' packet; if true, guaranteed
42// call did not execute.
43pub const PFC_DID_NOT_EXECUTE: u8 = 0x20;
44// `maybe' call semantics requested
45pub const PFC_MAYBE: u8 = 0x40;
46// if true, a non-nil object UUID was specified in the handle, and
47// is present in the optional object field. If false, the object field
48// is omitted.
49pub const PFC_OBJECT_UUID: u8 = 0x80;
50
51pub const REASON_NOT_SPECIFIED: u8 = 0;
52pub const TEMPORARY_CONGESTION: u8 = 1;
53pub const LOCAL_LIMIT_EXCEEDED: u8 = 2;
54pub const CALLED_PADDR_UNKNOWN: u8 = 3; /* not used */
55pub const PROTOCOL_VERSION_NOT_SUPPORTED: u8 = 4;
56pub const DEFAULT_CONTEXT_NOT_SUPPORTED: u8 = 5; /* not used */
57pub const USER_DATA_NOT_READABLE: u8 = 6; /* not used */
58pub const NO_PSAP_AVAILABLE: u8 = 7; /* not used */
59
60// DCERPC Header packet types
61pub const DCERPC_TYPE_REQUEST: u8 = 0;
62pub const DCERPC_TYPE_PING: u8 = 1;
63pub const DCERPC_TYPE_RESPONSE: u8 = 2;
64pub const DCERPC_TYPE_FAULT: u8 = 3;
65pub const DCERPC_TYPE_WORKING: u8 = 4;
66pub const DCERPC_TYPE_NOCALL: u8 = 5;
67pub const DCERPC_TYPE_REJECT: u8 = 6;
68pub const DCERPC_TYPE_ACK: u8 = 7;
69pub const DCERPC_TYPE_CL_CANCEL: u8 = 8;
70pub const DCERPC_TYPE_FACK: u8 = 9;
71pub const DCERPC_TYPE_CANCEL_ACK: u8 = 10;
72pub const DCERPC_TYPE_BIND: u8 = 11;
73pub const DCERPC_TYPE_BINDACK: u8 = 12;
74pub const DCERPC_TYPE_BINDNAK: u8 = 13;
75pub const DCERPC_TYPE_ALTER_CONTEXT: u8 = 14;
76pub const DCERPC_TYPE_ALTER_CONTEXT_RESP: u8 = 15;
77pub const DCERPC_TYPE_AUTH3: u8 = 16;
78pub const DCERPC_TYPE_SHUTDOWN: u8 = 17;
79pub const DCERPC_TYPE_CO_CANCEL: u8 = 18;
80pub const DCERPC_TYPE_ORPHANED: u8 = 19;
81pub const DCERPC_TYPE_RTS: u8 = 20;
bab497ab 82pub const DCERPC_TYPE_UNKNOWN: u8 = 99;
8036202c
SB		 83
84pub fn dcerpc_type_string(t: u8) -> String {
85 match t {
86 DCERPC_TYPE_REQUEST => "REQUEST",
87 DCERPC_TYPE_PING => "PING",
88 DCERPC_TYPE_RESPONSE => "RESPONSE",
89 DCERPC_TYPE_FAULT => "FAULT",
90 DCERPC_TYPE_WORKING => "WORKING",
91 DCERPC_TYPE_NOCALL => "NOCALL",
92 DCERPC_TYPE_REJECT => "REJECT",
93 DCERPC_TYPE_ACK => "ACK",
94 DCERPC_TYPE_CL_CANCEL => "CL_CANCEL",
95 DCERPC_TYPE_FACK => "FACK",
96 DCERPC_TYPE_CANCEL_ACK => "CANCEL_ACK",
97 DCERPC_TYPE_BIND => "BIND",
98 DCERPC_TYPE_BINDACK => "BINDACK",
99 DCERPC_TYPE_BINDNAK => "BINDNAK",
100 DCERPC_TYPE_ALTER_CONTEXT => "ALTER_CONTEXT",
101 DCERPC_TYPE_ALTER_CONTEXT_RESP => "ALTER_CONTEXT_RESP",
102 DCERPC_TYPE_AUTH3 => "AUTH3",
103 DCERPC_TYPE_SHUTDOWN => "SHUTDOWN",
104 DCERPC_TYPE_CO_CANCEL => "CO_CANCEL",
105 DCERPC_TYPE_ORPHANED => "ORPHANED",
106 DCERPC_TYPE_RTS => "RTS",
bab497ab 107 DCERPC_TYPE_UNKNOWN => "UNKNOWN",
8036202c
SB		 108 _ => {
109 return (t).to_string();
110 }
111 }
112 .to_string()
113}
114
bab497ab
SB		 115pub fn get_resp_type_for_req(t: u8) -> u8 {
116 match t {
117 DCERPC_TYPE_REQUEST => DCERPC_TYPE_RESPONSE,
118 DCERPC_TYPE_BIND => DCERPC_TYPE_BINDACK,
119 DCERPC_TYPE_ALTER_CONTEXT => DCERPC_TYPE_ALTER_CONTEXT_RESP,
120 _ => DCERPC_TYPE_UNKNOWN,
121 }
122}
123
124pub fn get_req_type_for_resp(t: u8) -> u8 {
125 match t {
126 DCERPC_TYPE_RESPONSE => DCERPC_TYPE_REQUEST,
127 DCERPC_TYPE_BINDACK => DCERPC_TYPE_BIND,
128 DCERPC_TYPE_ALTER_CONTEXT_RESP => DCERPC_TYPE_ALTER_CONTEXT,
129 _ => DCERPC_TYPE_UNKNOWN,
130 }
131}
132
8036202c 133#[derive(Debug)]
bab497ab
SB		 134pub struct DCERPCTransaction {
135 pub id: u32, // internal transaction ID
8036202c
SB		 136 pub ctxid: u16,
137 pub opnum: u16,
138 pub first_request_seen: u8,
bab497ab
SB		 139 pub call_id: u32, // ID to match any request-response pair
140 pub frag_cnt_ts: u16,
141 pub frag_cnt_tc: u16,
142 pub endianness: u8,
143 pub stub_data_buffer_ts: Vec<u8>,
144 pub stub_data_buffer_tc: Vec<u8>,
3fd9a3d4
SB		 145 pub stub_data_buffer_len_ts: u32,
146 pub stub_data_buffer_len_tc: u32,
bab497ab
SB		 147 pub stub_data_buffer_reset_ts: bool,
148 pub stub_data_buffer_reset_tc: bool,
149 pub req_done: bool,
150 pub resp_done: bool,
4c7f55e6
SB		 151 pub req_lost: bool,
152 pub resp_lost: bool,
bab497ab
SB		 153 pub req_cmd: u8,
154 pub resp_cmd: u8,
155 pub tx_data: AppLayerTxData,
156 pub de_state: Option<*mut core::DetectEngineState>,
8036202c
SB		 157}
158
bab497ab
SB		 159impl DCERPCTransaction {
160 pub fn new() -> DCERPCTransaction {
161 return DCERPCTransaction {
162 id: 0,
8036202c
SB		 163 ctxid: 0,
164 opnum: 0,
165 first_request_seen: 0,
bab497ab
SB		 166 call_id: 0,
167 frag_cnt_ts: 0,
168 frag_cnt_tc: 0,
169 endianness: 0,
170 stub_data_buffer_ts: Vec::new(),
171 stub_data_buffer_tc: Vec::new(),
172 stub_data_buffer_len_ts: 0, // TODO maybe retrieve length from buffer and avoid this param
173 stub_data_buffer_len_tc: 0,
174 stub_data_buffer_reset_ts: false,
175 stub_data_buffer_reset_tc: false,
176 req_done: false,
177 resp_done: false,
4c7f55e6
SB		 178 req_lost: false,
179 resp_lost: false,
bab497ab
SB		 180 req_cmd: DCERPC_TYPE_REQUEST,
181 resp_cmd: DCERPC_TYPE_RESPONSE,
182 tx_data: AppLayerTxData::new(),
183 de_state: None,
8036202c
SB		 184 };
185 }
8036202c 186
67b5295b
VJ		 187 pub fn free(&mut self) {
188 match self.de_state {
189 Some(state) => {
190 sc_detect_engine_state_free(state);
191 }
192 _ => {}
193 }
194 }
195
bab497ab
SB		 196 pub fn get_req_ctxid(&self) -> u16 {
197 self.ctxid
198 }
8036202c 199
bab497ab
SB		 200 pub fn get_first_req_seen(&self) -> u8 {
201 self.first_request_seen
202 }
203
204 pub fn get_req_opnum(&self) -> u16 {
205 self.opnum
206 }
207
208 pub fn get_endianness(&self) -> u8 {
209 self.endianness
8036202c
SB		 210 }
211}
212
67b5295b
VJ		 213impl Drop for DCERPCTransaction {
214 fn drop(&mut self) {
215 self.free();
216 }
217}
218
bab497ab
SB		 219#[derive(Debug)]
220pub struct DCERPCRequest {
221 pub ctxid: u16,
222 pub opnum: u16,
223 pub first_request_seen: u8,
224}
225
8036202c
SB		 226#[derive(Debug, Clone)]
227pub struct DCERPCUuidEntry {
228 pub ctxid: u16,
229 pub internal_id: u16,
230 pub result: u16,
231 pub uuid: Vec<u8>,
232 pub version: u16,
233 pub versionminor: u16,
234 pub flags: u16,
235}
236
237impl DCERPCUuidEntry {
238 pub fn new() -> DCERPCUuidEntry {
239 return DCERPCUuidEntry {
240 ctxid: 0,
241 internal_id: 0,
242 result: 0,
243 uuid: Vec::new(),
244 version: 0,
245 versionminor: 0,
246 flags: 0,
247 };
248 }
249}
250
251#[derive(Debug, PartialEq)]
252pub struct Uuid {
253 pub time_low: Vec<u8>,
254 pub time_mid: Vec<u8>,
255 pub time_hi_and_version: Vec<u8>,
256 pub clock_seq_hi_and_reserved: u8,
257 pub clock_seq_low: u8,
258 pub node: Vec<u8>,
259}
260
261#[derive(Debug)]
262pub struct DCERPCHdr {
263 pub rpc_vers: u8,
264 pub rpc_vers_minor: u8,
265 pub hdrtype: u8,
266 pub pfc_flags: u8,
267 pub packed_drep: Vec<u8>,
268 pub frag_length: u16,
269 pub auth_length: u16,
270 pub call_id: u32,
271}
272
273#[derive(Debug)]
274pub struct DCERPCBind {
275 pub numctxitems: u8,
276 pub uuid_list: Vec<DCERPCUuidEntry>,
277}
278
279#[derive(Debug)]
280pub struct BindCtxItem {
281 pub ctxid: u16,
282 pub uuid: Vec<u8>,
283 pub version: u16,
284 pub versionminor: u16,
285}
286
287#[derive(Debug, PartialEq)]
288pub struct DCERPCBindAckResult {
289 pub ack_result: u16,
290 pub ack_reason: u16,
291 pub transfer_syntax: Vec<u8>,
292 pub syntax_version: u32,
293}
294
295#[derive(Debug)]
296pub struct DCERPCBindAck {
297 pub accepted_uuid_list: Vec<DCERPCUuidEntry>,
298 pub sec_addr_len: u16,
299 pub numctxitems: u8,
300 pub ctxitems: Vec<DCERPCBindAckResult>,
301}
302
303#[derive(Debug)]
304pub struct DCERPCState {
305 pub header: Option<DCERPCHdr>,
306 pub bind: Option<DCERPCBind>,
307 pub bindack: Option<DCERPCBindAck>,
bab497ab 308 pub transactions: Vec<DCERPCTransaction>,
8036202c
SB		 309 pub buffer_ts: Vec<u8>,
310 pub buffer_tc: Vec<u8>,
311 pub pad: u8,
312 pub padleft: u16,
313 pub bytes_consumed: u16,
bab497ab 314 pub tx_id: u32,
8036202c
SB		 315 pub query_completed: bool,
316 pub data_needed_for_dir: u8,
317 pub prev_dir: u8,
bab497ab
SB		 318 pub prev_tx_call_id: u32,
319 pub clear_bind_cache: bool,
4c7f55e6
SB		 320 pub ts_gap: bool,
321 pub tc_gap: bool,
322 pub ts_ssn_gap: bool,
323 pub tc_ssn_gap: bool,
8b288663
VJ		 324 pub ts_ssn_trunc: bool, /// true if Truncated in this direction
325 pub tc_ssn_trunc: bool,
8036202c
SB		 326}
327
328impl DCERPCState {
329 pub fn new() -> DCERPCState {
330 return DCERPCState {
331 header: None,
332 bind: None,
333 bindack: None,
bab497ab 334 transactions: Vec::new(),
8036202c
SB		 335 buffer_ts: Vec::new(),
336 buffer_tc: Vec::new(),
337 pad: 0,
338 padleft: 0,
339 bytes_consumed: 0,
340 tx_id: 0,
341 query_completed: false,
342 data_needed_for_dir: core::STREAM_TOSERVER,
343 prev_dir: core::STREAM_TOSERVER,
bab497ab
SB		 344 prev_tx_call_id: 0,
345 clear_bind_cache: false,
4c7f55e6
SB		 346 ts_gap: false,
347 tc_gap: false,
348 ts_ssn_gap: false,
349 tc_ssn_gap: false,
8b288663
VJ		 350 ts_ssn_trunc: false,
351 tc_ssn_trunc: false,
8036202c
SB		 352 };
353 }
354
bab497ab
SB		 355 fn create_tx(&mut self, call_id: u32) -> DCERPCTransaction {
356 let mut tx = DCERPCTransaction::new();
357 let endianness = self.get_hdr_drep_0() & 0x10;
358 tx.id = self.tx_id;
359 tx.call_id = call_id;
360 tx.endianness = endianness;
361 self.tx_id += 1;
8b288663
VJ		 362 tx.req_done = self.ts_ssn_trunc;
363 tx.resp_done = self.tc_ssn_trunc;
bab497ab
SB		 364 tx
365 }
366
5d985c42
VJ		 367 pub fn free_tx(&mut self, tx_id: u64) {
368 SCLogDebug!("Freeing TX with ID {} TX.ID {}", tx_id, tx_id+1);
369 let len = self.transactions.len();
370 let mut found = false;
371 let mut index = 0;
372 for i in 0..len {
373 let tx = &self.transactions[i];
374 if tx.id as u64 == tx_id { //+ 1 {
375 found = true;
376 index = i;
377 SCLogDebug!("tx {} progress {}/{}", tx.id, tx.req_done, tx.resp_done);
378 break;
379 }
380 }
381 if found {
382 SCLogDebug!("freeing TX with ID {} TX.ID {} at index {} left: {} max id: {}",
383 tx_id, tx_id+1, index, self.transactions.len(), self.tx_id);
384 self.transactions.remove(index);
385 }
386 }
387
8036202c
SB		 388 fn get_hdr_drep_0(&self) -> u8 {
389 if let Some(ref hdr) = &self.header {
390 return hdr.packed_drep[0];
391 }
392 0
393 }
394
395 fn get_endianness(&self) -> Endianness {
396 let drep_0 = self.get_hdr_drep_0();
397 if drep_0 & 0x10 == 0 {
398 return Endianness::Big;
399 }
400 Endianness::Little
401 }
402
403 fn get_hdr_fraglen(&self) -> Option<u16> {
404 debug_validate_bug_on!(self.header.is_none());
405 if let Some(ref hdr) = self.header {
406 return Some(hdr.frag_length);
407 }
408 // Shouldn't happen
409 None
410 }
411
412 fn get_hdr_pfcflags(&self) -> Option<u8> {
413 debug_validate_bug_on!(self.header.is_none());
414 if let Some(ref hdr) = self.header {
415 return Some(hdr.pfc_flags);
416 }
417 // Shouldn't happen
418 None
419 }
420
421 pub fn get_hdr_type(&self) -> Option<u8> {
422 debug_validate_bug_on!(self.header.is_none());
423 if let Some(ref hdr) = self.header {
424 return Some(hdr.hdrtype);
425 }
426 // Shouldn't happen
427 None
428 }
429
430 pub fn get_hdr_rpc_vers(&self) -> Option<u8> {
431 debug_validate_bug_on!(self.header.is_none());
432 if let Some(ref hdr) = self.header {
433 return Some(hdr.rpc_vers);
434 }
435 // Shouldn't happen
436 None
437 }
438
bab497ab
SB		 439 pub fn get_hdr_call_id(&self) -> Option<u32> {
440 debug_validate_bug_on!(self.header.is_none());
441 if let Some(ref hdr) = self.header {
442 return Some(hdr.call_id);
8036202c
SB		 443 }
444 // Shouldn't happen
445 None
446 }
447
448 pub fn handle_gap_ts(&mut self) -> u8 {
449 if self.buffer_ts.len() > 0 {
450 self.buffer_ts.clear();
451 }
452 return 0;
453 }
454
455 pub fn handle_gap_tc(&mut self) -> u8 {
456 if self.buffer_tc.len() > 0 {
457 self.buffer_tc.clear();
458 }
459 return 0;
460 }
461
462 pub fn clean_buffer(&mut self, direction: u8) {
463 match direction {
464 core::STREAM_TOSERVER => {
465 self.buffer_ts.clear();
4c7f55e6 466 self.ts_gap = false;
8036202c
SB		 467 }
468 _ => {
469 self.buffer_tc.clear();
4c7f55e6 470 self.tc_gap = false;
8036202c
SB		 471 }
472 }
473 self.bytes_consumed = 0;
474 }
475
476 pub fn extend_buffer(&mut self, buffer: &[u8], direction: u8) {
477 match direction {
478 core::STREAM_TOSERVER => {
479 self.buffer_ts.extend_from_slice(buffer);
480 }
481 _ => {
482 self.buffer_tc.extend_from_slice(buffer);
483 }
484 }
485 self.data_needed_for_dir = direction;
486 }
487
488 pub fn reset_direction(&mut self, direction: u8) {
489 if direction == core::STREAM_TOSERVER {
490 self.data_needed_for_dir = core::STREAM_TOCLIENT;
491 } else {
492 self.data_needed_for_dir = core::STREAM_TOSERVER;
493 }
494 }
495
bab497ab
SB		 496 /// Get transaction as per the given transaction ID. Transaction ID with
497 /// which the lookup is supposed to be done as per the calls from AppLayer
498 /// parser in C. This requires an internal transaction ID to be maintained.
499 ///
500 /// Arguments:
501 /// * `tx_id`:
502 /// type: unsigned 32 bit integer
503 /// description: internal transaction ID to track transactions
504 ///
505 /// Return value:
506 /// Option mutable reference to DCERPCTransaction
507 pub fn get_tx(&mut self, tx_id: u32) -> Option<&mut DCERPCTransaction> {
508 for tx in &mut self.transactions {
509 let found = tx.id == tx_id;
510 if found {
511 return Some(tx);
512 }
513 }
514 None
515 }
516
517 /// Find the transaction as per call ID defined in header. If the tx is not
518 /// found, create one.
519 ///
520 /// Arguments:
521 /// * `call_id`:
522 /// type: unsigned 32 bit integer
523 /// description: call_id param derived from TCP Header
524 /// * `dir`:
525 /// type: unsigned 8 bit integer
526 /// description: direction of the flow
527 ///
528 /// Return value:
529 /// Option mutable reference to DCERPCTransaction
530 pub fn get_tx_by_call_id(&mut self, call_id: u32, dir: u8) -> Option<&mut DCERPCTransaction> {
531 let cmd = self.get_hdr_type().unwrap_or(0);
532 for tx in &mut self.transactions {
533 let found = tx.call_id == call_id;
534 if found {
535 match dir {
536 core::STREAM_TOSERVER => {
537 let resp_cmd = get_resp_type_for_req(cmd);
538 if resp_cmd != tx.resp_cmd {
539 continue;
540 }
541 }
542 _ => {
543 let req_cmd = get_req_type_for_resp(cmd);
544 if req_cmd != tx.req_cmd {
545 continue;
546 }
547 }
548 }
549 return Some(tx);
550 }
551 }
552 None
553 }
554
555 pub fn handle_bind_cache(&mut self, call_id: u32, is_response: bool) {
556 if self.clear_bind_cache == true {
557 self.bind = None;
558 self.bindack = None;
559 }
560 if self.prev_tx_call_id == call_id && is_response == true {
561 self.clear_bind_cache = true;
562 } else {
563 self.clear_bind_cache = false;
564 }
565 self.prev_tx_call_id = call_id;
566 }
567
4c7f55e6
SB		 568 pub fn parse_data_gap(&mut self, direction: u8) -> AppLayerResult {
569 match direction {
570 core::STREAM_TOSERVER => {
571 self.ts_gap = true;
572 self.ts_ssn_gap = true;
573 },
574 _ => {
575 self.tc_gap = true;
576 self.tc_ssn_gap = true;
577 },
578 }
579 AppLayerResult::ok()
580 }
581
582 pub fn post_gap_housekeeping(&mut self, dir: u8) {
583 SCLogDebug!("ts ssn gap: {:?}, tc ssn gap: {:?}, dir: {:?}", self.ts_ssn_gap, self.tc_ssn_gap, dir);
584 if self.ts_ssn_gap && dir == core::STREAM_TOSERVER {
585 for tx in &mut self.transactions {
586 if tx.id >= self.tx_id {
587 SCLogDebug!("post_gap_housekeeping: done");
588 break;
589 }
590 if tx.req_done == false {
591 tx.req_lost = true;
592 }
593 tx.req_done = true;
594 }
595 } else if self.tc_ssn_gap && dir == core::STREAM_TOCLIENT {
596 for tx in &mut self.transactions {
597 if tx.id >= self.tx_id {
598 SCLogDebug!("post_gap_housekeeping: done");
599 break;
600 }
601 if tx.req_done == false {
602 tx.req_lost = true;
603 }
604 if tx.resp_done == false {
605 tx.resp_lost = true;
606 }
607 tx.req_done = true;
608 tx.resp_done = true;
609 }
610 }
611 }
612
613 pub fn search_dcerpc_record<'a>(&mut self, i: &'a[u8]) -> nom::IResult<&'a[u8], &'a[u8]> {
614 let mut d = i;
615 while d.len() >= 2 {
616 if d[0] == 0x05 && d[1] == 0x00 {
617 return Ok((&d[2..], d));
618 }
619 d = &d[1..];
620 }
621 Err(nom::Err::Incomplete(nom::Needed::Size(2 as usize - d.len())))
622 }
623
8036202c
SB		 624 /// Makes a call to the nom parser for parsing DCERPC Header.
625 ///
626 /// Arguments:
627 /// * `input`:
628 /// type: u8 vector slice.
629 /// description: bytes from the beginning of the buffer.
630 ///
631 /// Return value:
632 /// * Success: Number of bytes successfully parsed.
633 /// * Failure: -1 in case of Incomplete data or Eof.
634 /// -2 in case of Error while parsing.
635 pub fn process_header(&mut self, input: &[u8]) -> i32 {
636 match parser::parse_dcerpc_header(input) {
637 Ok((leftover_bytes, header)) => {
638 if header.rpc_vers != 5
639 || (header.rpc_vers_minor != 0 && header.rpc_vers_minor != 1)
640 {
641 SCLogDebug!(
642 "DCERPC Header did not validate. Major version: {:?} Minor version: {:?}",
643 header.rpc_vers,
644 header.rpc_vers_minor
645 );
646 return -1;
647 }
648 self.header = Some(header);
649 (input.len() - leftover_bytes.len()) as i32
650 }
651 Err(nom::Err::Incomplete(_)) => {
652 // Insufficient data.
653 SCLogDebug!("Insufficient data while parsing DCERPC header");
654 -1
655 }
656 Err(nom::Err::Error(([], ErrorKind::Eof))) => {
657 SCLogDebug!("EoF reached while parsing DCERPC header");
658 -1
659 }
660 Err(_) => {
661 // Error, probably malformed data.
662 SCLogDebug!("An error occured while parsing DCERPC header");
663 -2
664 }
665 }
666 }
667
668 pub fn handle_bindctxitem(&mut self, input: &[u8], uuid_internal_id: u16) -> i32 {
669 let endianness = self.get_endianness();
670 match parser::parse_bindctx_item(input, endianness) {
671 Ok((leftover_bytes, ctxitem)) => {
672 let mut uuidentry = DCERPCUuidEntry::new();
673 uuidentry.uuid = ctxitem.uuid;
674 uuidentry.internal_id = uuid_internal_id;
675 uuidentry.ctxid = ctxitem.ctxid;
676 uuidentry.version = ctxitem.version;
677 uuidentry.versionminor = ctxitem.versionminor;
678 let pfcflags = self.get_hdr_pfcflags().unwrap_or(0);
679 // Store the first frag flag in the uuid as pfc_flags will
680 // be overwritten by new packets
681 if pfcflags & PFC_FIRST_FRAG > 0 {
682 uuidentry.flags |= DCERPC_UUID_ENTRY_FLAG_FF;
683 }
684 if let Some(ref mut bind) = self.bind {
685 SCLogDebug!("DCERPC BIND CtxItem: Pushing uuid: {:?}", uuidentry);
686 bind.uuid_list.push(uuidentry);
687 }
688 (input.len() - leftover_bytes.len()) as i32
689 }
690 Err(nom::Err::Incomplete(_)) => {
691 // Insufficient data.
692 SCLogDebug!("Insufficient data while parsing DCERPC BIND CTXItem");
693 -1
694 }
695 Err(_) => {
696 // Error, probably malformed data.
697 SCLogDebug!("An error occurred while parsing DCERPC BIND CTXItem");
698 -1
699 }
700 }
701 }
702
703 pub fn process_bind_pdu(&mut self, input: &[u8]) -> i32 {
704 let mut retval = 0;
705 let mut idx = 12; // Bytes consumed if parser returns OK would be 12
706 match parser::parse_dcerpc_bind(input) {
707 Ok((leftover_bytes, header)) => {
708 let numctxitems = header.numctxitems;
709 self.bind = Some(header);
710 for i in 0..numctxitems {
711 retval = self.handle_bindctxitem(&input[idx as usize..], i as u16);
712 if retval == -1 {
713 return -1;
714 }
715 idx = retval + idx;
716 }
bab497ab
SB		 717 let call_id = self.get_hdr_call_id().unwrap_or(0);
718 let mut tx = self.create_tx(call_id);
719 tx.req_cmd = self.get_hdr_type().unwrap_or(0);
720 tx.req_done = true;
721 tx.frag_cnt_ts = 1;
722 self.transactions.push(tx);
8036202c
SB		 723 // Bytes parsed with `parse_dcerpc_bind` + (bytes parsed per bindctxitem [44] * number
724 // of bindctxitems)
725 (input.len() - leftover_bytes.len()) as i32 + retval * numctxitems as i32
726 }
727 Err(nom::Err::Incomplete(_)) => {
728 // Insufficient data.
729 SCLogDebug!("Insufficient data while parsing DCERPC BIND header");
730 -1
731 }
732 Err(_) => {
733 // Error, probably malformed data.
734 SCLogDebug!("An error occurred while parsing DCERPC BIND header");
735 -1
736 }
737 }
738 }
739
740 pub fn process_bindack_pdu(&mut self, input: &[u8]) -> i32 {
741 match parser::parse_dcerpc_bindack(input) {
742 Ok((leftover_bytes, mut back)) => {
743 if let Some(ref mut bind) = self.bind {
744 let mut uuid_internal_id = 0;
745 for r in back.ctxitems.iter() {
746 for mut uuid in bind.uuid_list.iter_mut() {
747 if uuid.internal_id == uuid_internal_id {
748 uuid.result = r.ack_result;
749 if uuid.result != 0 {
750 break;
751 }
752 back.accepted_uuid_list.push(uuid.clone());
753 SCLogDebug!("DCERPC BINDACK accepted UUID: {:?}", uuid);
754 }
755 }
756 uuid_internal_id += 1;
757 }
758 self.bindack = Some(back);
759 }
760 (input.len() - leftover_bytes.len()) as i32
761 }
762 Err(nom::Err::Incomplete(_)) => {
763 // Insufficient data.
764 SCLogDebug!("Insufficient data while parsing DCERPC BINDACK");
765 -1
766 }
767 Err(_) => {
768 // Error, probably malformed data.
769 SCLogDebug!("An error occurred while parsing DCERPC BINDACK");
770 -1
771 }
772 }
773 }
774
bab497ab
SB		 775 pub fn handle_stub_data(&mut self, input: &[u8], input_len: u16, dir: u8) -> u16 {
776 let retval;
8036202c
SB		 777 let hdrpfcflags = self.get_hdr_pfcflags().unwrap_or(0);
778 let padleft = self.padleft;
bab497ab
SB		 779 let call_id = self.get_hdr_call_id().unwrap_or(0);
780 let hdrtype = self.get_hdr_type();
781 let tx;
782 if let Some(transaction) = self.get_tx_by_call_id(call_id, dir) {
783 tx = transaction;
784 } else {
785 SCLogDebug!("No transaction found matching the call ID: {:?}", call_id);
786 return 0;
787 }
788
8036202c 789 // Update the stub params based on the packet type
bab497ab 790 match hdrtype {
8036202c
SB		 791 Some(x) => match x {
792 DCERPC_TYPE_REQUEST => {
bab497ab
SB		 793 retval = evaluate_stub_params(
794 input,
795 input_len,
796 hdrpfcflags,
797 padleft,
798 &mut tx.stub_data_buffer_ts,
799 &mut tx.stub_data_buffer_len_ts,
800 &mut tx.stub_data_buffer_reset_ts,
801 );
802 tx.req_done = true;
803 tx.frag_cnt_ts = 1;
8036202c
SB		 804 }
805 DCERPC_TYPE_RESPONSE => {
bab497ab
SB		 806 retval = evaluate_stub_params(
807 input,
808 input_len,
809 hdrpfcflags,
810 padleft,
811 &mut tx.stub_data_buffer_tc,
812 &mut tx.stub_data_buffer_len_tc,
813 &mut tx.stub_data_buffer_reset_tc,
814 );
815 tx.resp_done = true;
816 tx.frag_cnt_tc = 1;
8036202c
SB		 817 }
818 _ => {
819 SCLogDebug!("Unrecognized packet type");
820 return 0;
821 }
822 },
823 None => {
824 return 0;
825 }
826 }
827 // Update the remaining fragment length
828 self.padleft -= retval;
829
830 retval
831 }
832
833 /// Handles stub data for both request and response.
834 ///
835 /// Arguments:
836 /// * `input`:
837 /// type: u8 vector slice.
838 /// description: bytes left *after* parsing header.
839 /// * `bytes_consumed`:
840 /// type: 16 bit unsigned integer.
841 /// description: bytes consumed *after* parsing header.
842 /// * `dir`:
843 /// type: 8 bit unsigned integer.
844 /// description: direction whose stub is supposed to be handled.
845 ///
846 /// Return value:
847 /// * Success: Number of bytes successfully parsed.
848 /// * Failure: -1 in case fragment length defined by header mismatches the data.
849 pub fn handle_common_stub(&mut self, input: &[u8], bytes_consumed: u16, dir: u8) -> i32 {
850 let fraglen = self.get_hdr_fraglen().unwrap_or(0);
851 if fraglen < bytes_consumed as u16 + DCERPC_HDR_LEN {
852 return -1;
853 }
854 self.padleft = fraglen - DCERPC_HDR_LEN - bytes_consumed;
855 let mut input_left = input.len() as u16 - bytes_consumed;
301454e9
SB		 856 let mut parsed = bytes_consumed as i32;
857 while input_left > 0 && parsed < fraglen as i32 {
bab497ab 858 let retval = self.handle_stub_data(&input[parsed as usize..], input_left, dir);
8036202c 859 if retval > 0 && retval <= input_left {
301454e9 860 parsed += retval as i32;
8036202c
SB		 861 input_left -= retval;
862 } else if input_left > 0 {
863 SCLogDebug!(
864 "Error parsing DCERPC {} stub data",
865 if dir == core::STREAM_TOSERVER {
866 "request"
867 } else {
868 "response"
869 }
870 );
301454e9 871 parsed -= input_left as i32;
8036202c
SB		 872 input_left = 0;
873 }
874 }
301454e9 875 parsed
8036202c
SB		 876 }
877
878 pub fn process_request_pdu(&mut self, input: &[u8]) -> i32 {
879 let endianness = self.get_endianness();
880 match parser::parse_dcerpc_request(input, endianness) {
bab497ab
SB		 881 Ok((leftover_input, request)) => {
882 let call_id = self.get_hdr_call_id().unwrap_or(0);
883 let hdr_type = self.get_hdr_type().unwrap_or(0);
884 let mut transaction = self.get_tx_by_call_id(call_id, core::STREAM_TOSERVER);
885 match transaction {
886 Some(ref mut tx) => {
887 tx.req_cmd = hdr_type;
888 tx.ctxid = request.ctxid;
889 tx.opnum = request.opnum;
890 tx.first_request_seen = request.first_request_seen;
891 }
892 None => {
893 let mut tx = self.create_tx(call_id);
894 tx.req_cmd = hdr_type;
895 tx.ctxid = request.ctxid;
896 tx.opnum = request.opnum;
897 tx.first_request_seen = request.first_request_seen;
898 self.transactions.push(tx);
899 }
900 }
8036202c
SB		 901 let parsed = self.handle_common_stub(
902 &input,
903 (input.len() - leftover_input.len()) as u16,
904 core::STREAM_TOSERVER,
905 );
906 parsed
907 }
908 Err(nom::Err::Incomplete(_)) => {
909 // Insufficient data.
910 SCLogDebug!("Insufficient data while parsing DCERPC REQUEST");
911 -1
912 }
913 Err(_) => {
914 // Error, probably malformed data.
915 SCLogDebug!("An error occurred while parsing DCERPC REQUEST");
916 -1
917 }
918 }
919 }
920
921 pub fn handle_input_data(&mut self, input: &[u8], direction: u8) -> AppLayerResult {
922 let mut parsed;
923 let retval;
4c7f55e6
SB		 924 let mut cur_i = input;
925 let input_len = cur_i.len();
8036202c
SB		 926 let mut v: Vec<u8>;
927 // Set any query's completion status to false in the beginning
928 self.query_completed = false;
4c7f55e6
SB		 929
930 // Skip the record since this means that its in the middle of a known length record
97c67cd5 931 if (self.ts_gap && direction == core::STREAM_TOSERVER) || (self.tc_gap && direction == core::STREAM_TOCLIENT) {
4c7f55e6 932 SCLogDebug!("Trying to catch up after GAP (input {})", cur_i.len());
97c67cd5
SB		 933 match self.search_dcerpc_record(cur_i) {
934 Ok((_, pg)) => {
935 SCLogDebug!("DCERPC record found");
936 let offset = cur_i.len() - pg.len();
937 cur_i = &cur_i[offset..];
938 match direction {
939 core::STREAM_TOSERVER => {
940 self.ts_gap = false;
941 },
942 _ => {
943 self.tc_gap = false;
4c7f55e6 944 }
97c67cd5
SB		 945 }
946 },
947 _ => {
948 let mut consumed = cur_i.len();
949 // At least 2 bytes are required to know if a new record is beginning
950 if consumed < 2 {
951 consumed = 0;
952 } else {
953 consumed = consumed - 1;
954 }
955 SCLogDebug!("DCERPC record NOT found");
956 return AppLayerResult::incomplete(consumed as u32, 2);
957 },
4c7f55e6
SB		 958 }
959 }
960
8036202c
SB		 961 // Overwrite the dcerpc_state data in case of multiple complete queries in the
962 // same direction
963 if self.prev_dir == direction {
964 self.data_needed_for_dir = direction;
965 }
966
967 let buffer = match direction {
968 core::STREAM_TOSERVER => {
969 if self.buffer_ts.len() + input_len > 1024 * 1024 {
970 SCLogDebug!("DCERPC TOSERVER stream: Buffer Overflow");
971 return AppLayerResult::err();
972 }
973 v = self.buffer_ts.split_off(0);
4c7f55e6 974 v.extend_from_slice(cur_i);
8036202c
SB		 975 v.as_slice()
976 }
977 _ => {
978 if self.buffer_tc.len() + input_len > 1024 * 1024 {
979 SCLogDebug!("DCERPC TOCLIENT stream: Buffer Overflow");
980 return AppLayerResult::err();
981 }
982 v = self.buffer_tc.split_off(0);
4c7f55e6 983 v.extend_from_slice(cur_i);
8036202c
SB		 984 v.as_slice()
985 }
986 };
987
988 if self.data_needed_for_dir != direction && buffer.len() != 0 {
989 return AppLayerResult::err();
990 }
991
992 // Set data_needed_for_dir in the same direction in case there is an issue with upcoming parsing
993 self.data_needed_for_dir = direction;
994
995 // Check if header data was complete. In case of EoF or incomplete data, wait for more
996 // data else return error
997 if self.bytes_consumed < DCERPC_HDR_LEN && input_len > 0 {
998 parsed = self.process_header(&buffer);
999 if parsed == -1 {
1000 self.extend_buffer(buffer, direction);
1001 return AppLayerResult::ok();
1002 }
1003 if parsed == -2 {
1004 return AppLayerResult::err();
1005 }
1006 self.bytes_consumed += parsed as u16;
1007 }
1008
1009 let fraglen = self.get_hdr_fraglen().unwrap_or(0);
1010
1011 if (buffer.len() as u16) < fraglen {
1012 SCLogDebug!("Possibly fragmented data, waiting for more..");
1013 self.extend_buffer(buffer, direction);
1014 return AppLayerResult::ok();
1015 } else {
1016 self.query_completed = true;
1017 }
8036202c
SB		 1018 parsed = self.bytes_consumed as i32;
1019
bab497ab
SB		 1020 let current_call_id = self.get_hdr_call_id().unwrap_or(0);
1021
8036202c
SB		 1022 match self.get_hdr_type() {
1023 Some(x) => match x {
1024 DCERPC_TYPE_BIND | DCERPC_TYPE_ALTER_CONTEXT => {
1025 retval = self.process_bind_pdu(&buffer[parsed as usize..]);
1026 if retval == -1 {
1027 return AppLayerResult::err();
1028 }
bab497ab 1029 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1030 }
1031 DCERPC_TYPE_BINDACK | DCERPC_TYPE_ALTER_CONTEXT_RESP => {
1032 retval = self.process_bindack_pdu(&buffer[parsed as usize..]);
1033 if retval == -1 {
1034 return AppLayerResult::err();
1035 }
f31372ad 1036 let tx = if let Some(tx) = self.get_tx_by_call_id(current_call_id, core::STREAM_TOCLIENT) {
bab497ab
SB		 1037 tx.resp_cmd = x;
1038 tx
1039 } else {
1040 let mut tx = self.create_tx(current_call_id);
1041 tx.resp_cmd = x;
1042 self.transactions.push(tx);
1043 self.transactions.last_mut().unwrap()
1044 };
1045 tx.resp_done = true;
1046 tx.frag_cnt_tc = 1;
1047 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1048 }
1049 DCERPC_TYPE_REQUEST => {
1050 retval = self.process_request_pdu(&buffer[parsed as usize..]);
301454e9 1051 if retval < 0 {
8036202c
SB		 1052 return AppLayerResult::err();
1053 }
bab497ab
SB		 1054 // In case the response came first, the transaction would complete later when
1055 // the corresponding request also comes through
1056 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1057 }
1058 DCERPC_TYPE_RESPONSE => {
bab497ab
SB		 1059 let transaction = self.get_tx_by_call_id(current_call_id, core::STREAM_TOCLIENT);
1060 match transaction {
f31372ad 1061 Some(tx) => {
bab497ab
SB		 1062 tx.resp_cmd = x;
1063 }
1064 None => {
1065 let mut tx = self.create_tx(current_call_id);
1066 tx.resp_cmd = x;
1067 self.transactions.push(tx);
1068 }
1069 };
8036202c
SB		 1070 retval = self.handle_common_stub(
1071 &buffer[parsed as usize..],
1072 0,
1073 core::STREAM_TOCLIENT,
1074 );
301454e9 1075 if retval < 0 {
8036202c
SB		 1076 return AppLayerResult::err();
1077 }
bab497ab 1078 self.handle_bind_cache(current_call_id, true);
8036202c
SB		 1079 }
1080 _ => {
4c7f55e6 1081 SCLogDebug!("Unrecognized packet type: {:?}", x);
8036202c
SB		 1082 self.clean_buffer(direction);
1083 return AppLayerResult::err();
1084 }
1085 },
1086 None => {
1087 return AppLayerResult::err();
1088 }
1089 }
1090 self.bytes_consumed += retval as u16;
1091
1092 // If the query has been completed, clean the buffer and reset the direction
1093 if self.query_completed == true {
1094 self.clean_buffer(direction);
1095 self.reset_direction(direction);
1096 }
4c7f55e6 1097 self.post_gap_housekeeping(direction);
8036202c
SB		 1098 self.prev_dir = direction;
1099 return AppLayerResult::ok();
1100 }
1101}
1102
1103fn evaluate_stub_params(
bab497ab 1104 input: &[u8], input_len: u16, hdrflags: u8, lenleft: u16, stub_data_buffer: &mut Vec<u8>,
3fd9a3d4 1105 stub_data_buffer_len: &mut u32, stub_data_buffer_reset: &mut bool,
8036202c
SB		 1106) -> u16 {
1107 let stub_len: u16;
1108 let fragtype = hdrflags & (PFC_FIRST_FRAG | PFC_LAST_FRAG);
1109 stub_len = cmp::min(lenleft, input_len);
1110 if stub_len == 0 {
1111 return 0;
1112 }
1113 if stub_len == lenleft && (fragtype == 0 || (fragtype & PFC_LAST_FRAG > 0)) {
1114 *stub_data_buffer_reset = true;
1115 }
1116
1117 let input_slice = &input[..stub_len as usize];
1118 stub_data_buffer.extend_from_slice(&input_slice);
3fd9a3d4 1119 *stub_data_buffer_len += stub_len as u32;
8036202c
SB		 1120
1121 stub_len
1122}
1123
1124#[no_mangle]
1125pub extern "C" fn rs_parse_dcerpc_request_gap(
4c7f55e6
SB		 1126 state: &mut DCERPCState,
1127 _input_len: u32,
8036202c 1128) -> AppLayerResult {
4c7f55e6 1129 state.parse_data_gap(core::STREAM_TOSERVER)
8036202c
SB		 1130}
1131
1132#[no_mangle]
1133pub extern "C" fn rs_parse_dcerpc_response_gap(
4c7f55e6
SB		 1134 state: &mut DCERPCState,
1135 _input_len: u32,
8036202c 1136) -> AppLayerResult {
4c7f55e6 1137 state.parse_data_gap(core::STREAM_TOCLIENT)
8036202c
SB		 1138}
1139
1140#[no_mangle]
1141pub extern "C" fn rs_dcerpc_parse_request(
bab497ab
SB		 1142 _flow: *mut core::Flow, state: &mut DCERPCState, _pstate: *mut std::os::raw::c_void,
1143 input: *const u8, input_len: u32, _data: *mut std::os::raw::c_void, flags: u8,
8036202c 1144) -> AppLayerResult {
4c7f55e6
SB		 1145 SCLogDebug!("Handling request");
1146 /* START with MIDSTREAM set: record might be starting the middle. */
1147 if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) {
1148 state.ts_gap = true;
1149 }
8036202c
SB		 1150 if input_len > 0 && input != std::ptr::null_mut() {
1151 let buf = build_slice!(input, input_len as usize);
1152 return state.handle_input_data(buf, flags);
1153 }
1154 AppLayerResult::err()
1155}
1156
1157#[no_mangle]
1158pub extern "C" fn rs_dcerpc_parse_response(
bab497ab
SB		 1159 _flow: *mut core::Flow, state: &mut DCERPCState, _pstate: *mut std::os::raw::c_void,
1160 input: *const u8, input_len: u32, _data: *mut std::os::raw::c_void, flags: u8,
8036202c 1161) -> AppLayerResult {
4c7f55e6
SB		 1162 /* START with MIDSTREAM set: record might be starting the middle. */
1163 if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) {
1164 state.tc_gap = true;
1165 }
8036202c
SB		 1166 if input_len > 0 {
1167 if input != std::ptr::null_mut() {
1168 let buf = build_slice!(input, input_len as usize);
1169 return state.handle_input_data(buf, flags);
1170 }
1171 }
1172 AppLayerResult::err()
1173}
1174
1175#[no_mangle]
547d6c2d 1176pub unsafe extern "C" fn rs_dcerpc_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: core::AppProto) -> *mut std::os::raw::c_void {
8036202c
SB		 1177 let state = DCERPCState::new();
1178 let boxed = Box::new(state);
1179 transmute(boxed)
1180}
1181
1182#[no_mangle]
1183pub unsafe extern "C" fn rs_dcerpc_state_free(state: *mut std::os::raw::c_void) {
1184 let _drop: Box<DCERPCState> = transmute(state);
1185}
1186
1187#[no_mangle]
5d985c42
VJ		 1188pub extern "C" fn rs_dcerpc_state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) {
1189 let dce_state = cast_pointer!(state, DCERPCState);
1190 SCLogDebug!("freeing tx {}", tx_id as u64);
1191 dce_state.free_tx(tx_id);
8036202c
SB		 1192}
1193
8b288663
VJ		 1194#[no_mangle]
1195pub extern "C" fn rs_dcerpc_state_trunc(state: *mut std::os::raw::c_void, direction: u8) {
1196 let dce_state = cast_pointer!(state, DCERPCState);
1197 if direction & core::STREAM_TOSERVER != 0 {
1198 dce_state.ts_ssn_trunc = true;
1199 for tx in &mut dce_state.transactions {
1200 tx.req_done = true;
1201 }
1202 SCLogDebug!("dce_state.ts_ssn_trunc = true; txs {}", dce_state.transactions.len());
1203 } else if direction & core::STREAM_TOCLIENT != 0 {
1204 dce_state.tc_ssn_trunc = true;
1205 for tx in &mut dce_state.transactions {
1206 tx.resp_done = true;
1207 }
1208 SCLogDebug!("dce_state.tc_ssn_trunc = true; txs {}", dce_state.transactions.len());
1209 }
1210}
1211
8036202c
SB		 1212#[no_mangle]
1213pub extern "C" fn rs_dcerpc_get_tx_detect_state(
1214 vtx: *mut std::os::raw::c_void,
1215) -> *mut core::DetectEngineState {
bab497ab
SB		 1216 let dce_tx = cast_pointer!(vtx, DCERPCTransaction);
1217 match dce_tx.de_state {
8036202c
SB		 1218 Some(ds) => ds,
1219 None => std::ptr::null_mut(),
1220 }
1221}
1222
1223#[no_mangle]
1224pub extern "C" fn rs_dcerpc_set_tx_detect_state(
bab497ab 1225 vtx: *mut std::os::raw::c_void, de_state: *mut core::DetectEngineState,
8036202c 1226) -> u8 {
bab497ab
SB		 1227 let dce_tx = cast_pointer!(vtx, DCERPCTransaction);
1228 dce_tx.de_state = Some(de_state);
8036202c
SB		 1229 0
1230}
1231
1232#[no_mangle]
1233pub extern "C" fn rs_dcerpc_get_tx(
bab497ab
SB		 1234 vtx: *mut std::os::raw::c_void, tx_id: u32,
1235) -> *mut DCERPCTransaction {
1236 let dce_state = cast_pointer!(vtx, DCERPCState);
1237 match dce_state.get_tx(tx_id) {
1238 Some(tx) => tx,
1239 None => std::ptr::null_mut(),
1240 }
8036202c
SB		 1241}
1242
1243#[no_mangle]
bab497ab
SB		 1244pub extern "C" fn rs_dcerpc_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u32 {
1245 let dce_state = cast_pointer!(vtx, DCERPCState);
1246 dce_state.tx_id
8036202c
SB		 1247}
1248
1249#[no_mangle]
bab497ab
SB		 1250pub extern "C" fn rs_dcerpc_get_alstate_progress(tx: &mut DCERPCTransaction, direction: u8) -> u8 {
1251 if direction == core::STREAM_TOSERVER && tx.req_done {
1252 SCLogDebug!("tx {} TOSERVER progress 1 => {:?}", tx.call_id, tx);
1253 return 1;
1254 } else if direction == core::STREAM_TOCLIENT && tx.resp_done {
1255 SCLogDebug!("tx {} TOCLIENT progress 1 => {:?}", tx.call_id, tx);
1256 return 1;
1257 }
1258 SCLogDebug!("tx {} direction {} progress 0", tx.call_id, direction);
1259 return 0;
8036202c
SB		 1260}
1261
1262#[no_mangle]
1263pub extern "C" fn rs_dcerpc_get_alstate_progress_completion_status(_direction: u8) -> u8 {
1264 1
1265}
1266
1267#[no_mangle]
3202d293
VJ		 1268pub extern "C" fn rs_dcerpc_get_tx_data(
1269 tx: *mut std::os::raw::c_void)
1270 -> *mut AppLayerTxData
1271{
bab497ab 1272 let tx = cast_pointer!(tx, DCERPCTransaction);
3202d293 1273 return &mut tx.tx_data;
8036202c
SB		 1274}
1275
1276#[no_mangle]
1277pub unsafe extern "C" fn rs_dcerpc_get_stub_data(
bab497ab 1278 tx: &mut DCERPCTransaction, buf: *mut *const u8, len: *mut u32, endianness: *mut u8, dir: u8,
8036202c
SB		 1279) {
1280 match dir {
1281 core::STREAM_TOSERVER => {
3fd9a3d4 1282 *len = tx.stub_data_buffer_len_ts;
bab497ab
SB		 1283 *buf = tx.stub_data_buffer_ts.as_ptr();
1284 SCLogDebug!("DCERPC Request stub buffer: Setting buffer to: {:?}", *buf);
8036202c
SB		 1285 }
1286 _ => {
3fd9a3d4 1287 *len = tx.stub_data_buffer_len_tc;
bab497ab
SB		 1288 *buf = tx.stub_data_buffer_tc.as_ptr();
1289 SCLogDebug!("DCERPC Response stub buffer: Setting buffer to: {:?}", *buf);
8036202c
SB		 1290 }
1291 }
bab497ab 1292 *endianness = tx.get_endianness();
8036202c
SB		 1293}
1294
1295#[cfg(test)]
1296mod tests {
1297 use crate::applayer::AppLayerResult;
1298 use crate::core;
1299 use crate::dcerpc::dcerpc::DCERPCState;
1300 use std::cmp;
1301
1302 #[test]
1303 fn test_process_header() {
1304 let request: &[u8] = &[
1305 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1306 0x00, 0x00,
1307 ];
1308 let mut dcerpc_state = DCERPCState::new();
1309 assert_eq!(16, dcerpc_state.process_header(request));
1310 }
1311
1312 #[test]
1313 fn test_process_bind_pdu() {
2ce7d98a
SB		 1314 let header: &[u8] = &[
1315 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1316 0x00, 0x00,
1317 ];
8036202c
SB		 1318 let bind: &[u8] = &[
1319 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00,
1320 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f, 0xbf, 0x85,
1321 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1322 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1323 0x01, 0x00, 0x01, 0x00, 0x2c, 0x75, 0xce, 0x7e, 0x82, 0x3b, 0x06, 0xac, 0x1b, 0xf0,
1324 0xf5, 0xb7, 0xa7, 0xf7, 0x28, 0xaf, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1325 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1326 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xe3, 0xb2, 0x10, 0xd1, 0xd0, 0x0c, 0xcc, 0x3d,
1327 0x2f, 0x80, 0x20, 0x7c, 0xef, 0xe7, 0x09, 0xe0, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1328 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1329 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xde, 0x85, 0x70, 0xc4, 0x02, 0x7c,
1330 0x60, 0x23, 0x67, 0x0c, 0x22, 0xbf, 0x18, 0x36, 0x79, 0x17, 0x01, 0x00, 0x02, 0x00,
1331 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1332 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x41, 0x65, 0x29, 0x51,
1333 0xaa, 0xe7, 0x7b, 0xa8, 0xf2, 0x37, 0x0b, 0xd0, 0x3f, 0xb3, 0x36, 0xed, 0x05, 0x00,
1334 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1335 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00, 0x14, 0x96,
1336 0x80, 0x01, 0x2e, 0x78, 0xfb, 0x5d, 0xb4, 0x3c, 0x14, 0xb3, 0x3d, 0xaa, 0x02, 0xfb,
1337 0x06, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1338 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00,
1339 0x3b, 0x04, 0x68, 0x3e, 0x63, 0xfe, 0x9f, 0xd8, 0x64, 0x55, 0xcd, 0xe7, 0x39, 0xaf,
1340 0x98, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1341 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x07, 0x00,
1342 0x01, 0x00, 0x16, 0x7a, 0x4f, 0x1b, 0xdb, 0x25, 0x92, 0x55, 0xdd, 0xae, 0x9e, 0x5b,
1343 0x3e, 0x93, 0x66, 0x93, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1344 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1345 0x08, 0x00, 0x01, 0x00, 0xe8, 0xa4, 0x8a, 0xcf, 0x95, 0x6c, 0xc7, 0x8f, 0x14, 0xcc,
1346 0x56, 0xfc, 0x7b, 0x5f, 0x4f, 0xe8, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1347 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1348 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xd8, 0xda, 0xfb, 0xbc, 0xa2, 0x55, 0x6f, 0x5d,
1349 0xc0, 0x2d, 0x88, 0x6f, 0x00, 0x17, 0x52, 0x8d, 0x06, 0x00, 0x03, 0x00, 0x04, 0x5d,
1350 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1351 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x3f, 0x17, 0x55, 0x0c, 0xf4, 0x23,
1352 0x3c, 0xca, 0xe6, 0xa0, 0xaa, 0xcc, 0xb5, 0xe3, 0xf9, 0xce, 0x04, 0x00, 0x00, 0x00,
1353 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1354 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x6a, 0x28, 0x19, 0x39,
1355 0x0c, 0xb1, 0xd0, 0x11, 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5, 0x00, 0x00,
1356 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1357 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00, 0xc9, 0x9f,
1358 0x3e, 0x6e, 0x82, 0x0a, 0x2b, 0x28, 0x37, 0x78, 0xe1, 0x13, 0x70, 0x05, 0x38, 0x4d,
1359 0x01, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1360 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x01, 0x00,
1361 0x11, 0xaa, 0x4b, 0x15, 0xdf, 0xa6, 0x86, 0x3f, 0xfb, 0xe0, 0x09, 0xb7, 0xf8, 0x56,
1362 0xd2, 0x3f, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1363 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0e, 0x00,
1364 0x01, 0x00, 0xee, 0x99, 0xc4, 0x25, 0x11, 0xe4, 0x95, 0x62, 0x29, 0xfa, 0xfd, 0x26,
1365 0x57, 0x02, 0xf1, 0xce, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1366 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1367 0x0f, 0x00, 0x01, 0x00, 0xba, 0x81, 0x9e, 0x1a, 0xdf, 0x2b, 0xba, 0xe4, 0xd3, 0x17,
1368 0x41, 0x60, 0x6d, 0x2d, 0x9e, 0x28, 0x03, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1369 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1370 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0xa0, 0x24, 0x03, 0x9a, 0xa9, 0x99, 0xfb, 0xbe,
1371 0x49, 0x11, 0xad, 0x77, 0x30, 0xaa, 0xbc, 0xb6, 0x02, 0x00, 0x03, 0x00, 0x04, 0x5d,
1372 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1373 0x02, 0x00, 0x00, 0x00, 0x11, 0x00, 0x01, 0x00, 0x32, 0x04, 0x7e, 0xae, 0xec, 0x28,
1374 0xd1, 0x55, 0x83, 0x4e, 0xc3, 0x47, 0x5d, 0x1d, 0xc6, 0x65, 0x02, 0x00, 0x03, 0x00,
1375 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1376 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x00, 0xc6, 0xa4, 0x81, 0x48,
1377 0x66, 0x2a, 0x74, 0x7d, 0x56, 0x6e, 0xc5, 0x1d, 0x19, 0xf2, 0xb5, 0xb6, 0x03, 0x00,
1378 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1379 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x00, 0xcb, 0xae,
1380 0xb3, 0xc0, 0x0c, 0xf4, 0xa4, 0x5e, 0x91, 0x72, 0xdd, 0x53, 0x24, 0x70, 0x89, 0x02,
1381 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1382 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00, 0x01, 0x00,
1383 0xb8, 0xd0, 0xa0, 0x1a, 0x5e, 0x7a, 0x2d, 0xfe, 0x35, 0xc6, 0x7d, 0x08, 0x0d, 0x33,
1384 0x73, 0x18, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1385 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x15, 0x00,
1386 0x01, 0x00, 0x21, 0xd3, 0xaa, 0x09, 0x03, 0xa7, 0x0b, 0xc2, 0x06, 0x45, 0xd9, 0x6c,
1387 0x75, 0xc2, 0x15, 0xa8, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1388 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1389 0x16, 0x00, 0x01, 0x00, 0xe1, 0xbd, 0x59, 0xfc, 0xbc, 0xa9, 0x95, 0xc2, 0x68, 0x79,
1390 0xf3, 0x75, 0xe0, 0xae, 0x6c, 0xe5, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1391 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1392 0x00, 0x00, 0x17, 0x00, 0x01, 0x00, 0x06, 0x52, 0xb4, 0x71, 0x70, 0x15, 0x4e, 0xf5,
1393 0x7f, 0x08, 0x86, 0x14, 0xe6, 0x17, 0xd5, 0x97, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1394 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1395 0x02, 0x00, 0x00, 0x00,
1396 ];
1397 let mut dcerpc_state = DCERPCState::new();
2ce7d98a 1398 assert_eq!(16, dcerpc_state.process_header(header));
8036202c
SB		 1399 assert_eq!(1068, dcerpc_state.process_bind_pdu(bind));
1400 }
1401
1402 #[test]
1403 fn test_handle_bindctxitem() {
2ce7d98a
SB		 1404 let header: &[u8] = &[
1405 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1406 0x00, 0x00,
1407 ];
8036202c
SB		 1408 let bind: &[u8] = &[
1409 0x00, 0x00, 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f,
1410 0xbf, 0x85, 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1411 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1412 0x00, 0x00,
1413 ];
1414 let mut dcerpc_state = DCERPCState::new();
2ce7d98a 1415 assert_eq!(16, dcerpc_state.process_header(header));
8036202c
SB		 1416 assert_eq!(44, dcerpc_state.handle_bindctxitem(bind, 0));
1417 }
1418
1419 #[test]
1420 fn test_process_bindack_pdu() {
1421 let bind: &[u8] = &[
1422 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x3c, 0x04, 0x00, 0x00, 0x00, 0x00,
1423 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
1424 0x00, 0x00, 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f,
1425 0xbf, 0x85, 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1426 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1427 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x2c, 0x75, 0xce, 0x7e, 0x82, 0x3b, 0x06, 0xac,
1428 0x1b, 0xf0, 0xf5, 0xb7, 0xa7, 0xf7, 0x28, 0xaf, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d,
1429 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1430 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xe3, 0xb2, 0x10, 0xd1, 0xd0, 0x0c,
1431 0xcc, 0x3d, 0x2f, 0x80, 0x20, 0x7c, 0xef, 0xe7, 0x09, 0xe0, 0x04, 0x00, 0x00, 0x00,
1432 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1433 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xde, 0x85, 0x70, 0xc4,
1434 0x02, 0x7c, 0x60, 0x23, 0x67, 0x0c, 0x22, 0xbf, 0x18, 0x36, 0x79, 0x17, 0x01, 0x00,
1435 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1436 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x41, 0x65,
1437 0x29, 0x51, 0xaa, 0xe7, 0x7b, 0xa8, 0xf2, 0x37, 0x0b, 0xd0, 0x3f, 0xb3, 0x36, 0xed,
1438 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1439 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
1440 0x14, 0x96, 0x80, 0x01, 0x2e, 0x78, 0xfb, 0x5d, 0xb4, 0x3c, 0x14, 0xb3, 0x3d, 0xaa,
1441 0x02, 0xfb, 0x06, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1442 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
1443 0x01, 0x00, 0x3b, 0x04, 0x68, 0x3e, 0x63, 0xfe, 0x9f, 0xd8, 0x64, 0x55, 0xcd, 0xe7,
1444 0x39, 0xaf, 0x98, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1445 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1446 0x07, 0x00, 0x01, 0x00, 0x16, 0x7a, 0x4f, 0x1b, 0xdb, 0x25, 0x92, 0x55, 0xdd, 0xae,
1447 0x9e, 0x5b, 0x3e, 0x93, 0x66, 0x93, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1448 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1449 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0xe8, 0xa4, 0x8a, 0xcf, 0x95, 0x6c, 0xc7, 0x8f,
1450 0x14, 0xcc, 0x56, 0xfc, 0x7b, 0x5f, 0x4f, 0xe8, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1451 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1452 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xd8, 0xda, 0xfb, 0xbc, 0xa2, 0x55,
1453 0x6f, 0x5d, 0xc0, 0x2d, 0x88, 0x6f, 0x00, 0x17, 0x52, 0x8d, 0x06, 0x00, 0x03, 0x00,
1454 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1455 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x3f, 0x17, 0x55, 0x0c,
1456 0xf4, 0x23, 0x3c, 0xca, 0xe6, 0xa0, 0xaa, 0xcc, 0xb5, 0xe3, 0xf9, 0xce, 0x04, 0x00,
1457 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1458 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x6a, 0x28,
1459 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11, 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
1460 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1461 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
1462 0xc9, 0x9f, 0x3e, 0x6e, 0x82, 0x0a, 0x2b, 0x28, 0x37, 0x78, 0xe1, 0x13, 0x70, 0x05,
1463 0x38, 0x4d, 0x01, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1464 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
1465 0x01, 0x00, 0x11, 0xaa, 0x4b, 0x15, 0xdf, 0xa6, 0x86, 0x3f, 0xfb, 0xe0, 0x09, 0xb7,
1466 0xf8, 0x56, 0xd2, 0x3f, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1467 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1468 0x0e, 0x00, 0x01, 0x00, 0xee, 0x99, 0xc4, 0x25, 0x11, 0xe4, 0x95, 0x62, 0x29, 0xfa,
1469 0xfd, 0x26, 0x57, 0x02, 0xf1, 0xce, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1470 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1471 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xba, 0x81, 0x9e, 0x1a, 0xdf, 0x2b, 0xba, 0xe4,
1472 0xd3, 0x17, 0x41, 0x60, 0x6d, 0x2d, 0x9e, 0x28, 0x03, 0x00, 0x03, 0x00, 0x04, 0x5d,
1473 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1474 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0xa0, 0x24, 0x03, 0x9a, 0xa9, 0x99,
1475 0xfb, 0xbe, 0x49, 0x11, 0xad, 0x77, 0x30, 0xaa, 0xbc, 0xb6, 0x02, 0x00, 0x03, 0x00,
1476 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1477 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x11, 0x00, 0x01, 0x00, 0x32, 0x04, 0x7e, 0xae,
1478 0xec, 0x28, 0xd1, 0x55, 0x83, 0x4e, 0xc3, 0x47, 0x5d, 0x1d, 0xc6, 0x65, 0x02, 0x00,
1479 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1480 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x00, 0xc6, 0xa4,
1481 0x81, 0x48, 0x66, 0x2a, 0x74, 0x7d, 0x56, 0x6e, 0xc5, 0x1d, 0x19, 0xf2, 0xb5, 0xb6,
1482 0x03, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1483 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x00,
1484 0xcb, 0xae, 0xb3, 0xc0, 0x0c, 0xf4, 0xa4, 0x5e, 0x91, 0x72, 0xdd, 0x53, 0x24, 0x70,
1485 0x89, 0x02, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1486 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00,
1487 0x01, 0x00, 0xb8, 0xd0, 0xa0, 0x1a, 0x5e, 0x7a, 0x2d, 0xfe, 0x35, 0xc6, 0x7d, 0x08,
1488 0x0d, 0x33, 0x73, 0x18, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1489 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1490 0x15, 0x00, 0x01, 0x00, 0x21, 0xd3, 0xaa, 0x09, 0x03, 0xa7, 0x0b, 0xc2, 0x06, 0x45,
1491 0xd9, 0x6c, 0x75, 0xc2, 0x15, 0xa8, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1492 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1493 0x00, 0x00, 0x16, 0x00, 0x01, 0x00, 0xe1, 0xbd, 0x59, 0xfc, 0xbc, 0xa9, 0x95, 0xc2,
1494 0x68, 0x79, 0xf3, 0x75, 0xe0, 0xae, 0x6c, 0xe5, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d,
1495 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1496 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x01, 0x00, 0x06, 0x52, 0xb4, 0x71, 0x70, 0x15,
1497 0x4e, 0xf5, 0x7f, 0x08, 0x86, 0x14, 0xe6, 0x17, 0xd5, 0x97, 0x04, 0x00, 0x00, 0x00,
1498 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1499 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1500 ];
1501 let bindack: &[u8] = &[
1502 0xb8, 0x10, 0xb8, 0x10, 0xce, 0x47, 0x00, 0x00, 0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50,
1503 0x45, 0x5c, 0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0xf6, 0x6e, 0x18, 0x00, 0x00, 0x00,
1504 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1506 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1507 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1508 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1509 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1510 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
1511 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1512 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1513 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1514 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1515 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1516 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1518 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1519 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1520 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1521 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1522 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1523 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1524 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1525 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1526 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1527 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1528 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1529 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1530 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1531 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1532 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1533 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1534 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
1535 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1536 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1537 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1538 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1539 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1540 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1541 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1542 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1543 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1544 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1545 0x00, 0x00,
1546 ];
1547 let mut dcerpc_state = DCERPCState::new();
1548 assert_eq!(16, dcerpc_state.process_header(bind));
1549 assert_eq!(1068, dcerpc_state.process_bind_pdu(&bind[16..]));
1550 assert_eq!(604, dcerpc_state.process_bindack_pdu(bindack));
1551 if let Some(back) = dcerpc_state.bindack {
1552 assert_eq!(1, back.accepted_uuid_list.len());
1553 assert_eq!(
1554 vec!(57, 25, 40, 106, 177, 12, 17, 208, 155, 168, 0, 192, 79, 217, 46, 245),
1555 back.accepted_uuid_list[0].uuid
1556 );
1557 assert_eq!(11, back.accepted_uuid_list[0].internal_id);
1558 }
1559 }
1560
1561 #[test]
1562 pub fn test_process_request_pdu() {
1563 let request: &[u8] = &[
1564 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1565 0x00, 0x00, 0xe8, 0x03, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x45, 0x00, 0x2c, 0x00,
1566 0x4d, 0x00, 0x73, 0x00, 0x53, 0x00, 0x59, 0x00, 0x2a, 0x00, 0x4a, 0x00, 0x7a, 0x00,
1567 0x3e, 0x00, 0x58, 0x00, 0x21, 0x00, 0x4a, 0x00, 0x30, 0x00, 0x41, 0x00, 0x4b, 0x00,
1568 0x4b, 0x00, 0x3c, 0x00, 0x48, 0x00, 0x24, 0x00, 0x38, 0x00, 0x54, 0x00, 0x60, 0x00,
1569 0x2d, 0x00, 0x29, 0x00, 0x64, 0x00, 0x5b, 0x00, 0x77, 0x00, 0x3a, 0x00, 0x4c, 0x00,
1570 0x24, 0x00, 0x23, 0x00, 0x66, 0x00, 0x43, 0x00, 0x68, 0x00, 0x22, 0x00, 0x55, 0x00,
1571 0x29, 0x00, 0x2c, 0x00, 0x4f, 0x00, 0x5a, 0x00, 0x50, 0x00, 0x61, 0x00, 0x2a, 0x00,
1572 0x6f, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x68, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x67, 0x00,
1573 0x68, 0x00, 0x68, 0x00, 0x49, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x72, 0x00, 0x53, 0x00,
1574 0x4c, 0x00, 0x25, 0x00, 0x4d, 0x00, 0x67, 0x00, 0x2e, 0x00, 0x4f, 0x00, 0x64, 0x00,
1575 0x61, 0x00, 0x73, 0x00, 0x24, 0x00, 0x46, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x45, 0x00,
1576 0x6f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x33, 0x00, 0x38, 0x00, 0x47, 0x00, 0x71, 0x00,
1577 0x5a, 0x00, 0x37, 0x00, 0x7a, 0x00, 0x35, 0x00, 0x6b, 0x00, 0x3c, 0x00, 0x26, 0x00,
1578 0x37, 0x00, 0x69, 0x00, 0x75, 0x00, 0x36, 0x00, 0x37, 0x00, 0x47, 0x00, 0x21, 0x00,
1579 0x2d, 0x00, 0x69, 0x00, 0x37, 0x00, 0x78, 0x00, 0x5f, 0x00, 0x72, 0x00, 0x4b, 0x00,
1580 0x5c, 0x00, 0x74, 0x00, 0x3e, 0x00, 0x52, 0x00, 0x7a, 0x00, 0x49, 0x00, 0x31, 0x00,
1581 0x5a, 0x00, 0x7b, 0x00, 0x29, 0x00, 0x3b, 0x00, 0x78, 0x00, 0x3b, 0x00, 0x55, 0x00,
1582 0x3e, 0x00, 0x35, 0x00, 0x2b, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x59, 0x00, 0x38, 0x00,
1583 0x2a, 0x00, 0x59, 0x00, 0x6b, 0x00, 0x42, 0x00, 0x4c, 0x00, 0x3e, 0x00, 0x6a, 0x00,
1584 0x49, 0x00, 0x2c, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x35, 0x00, 0x4f, 0x00, 0x49, 0x00,
1585 0x55, 0x00, 0x35, 0x00, 0x61, 0x00, 0x72, 0x00, 0x77, 0x00, 0x38, 0x00, 0x32, 0x00,
1586 0x24, 0x00, 0x46, 0x00, 0x32, 0x00, 0x32, 0x00, 0x27, 0x00, 0x64, 0x00, 0x5a, 0x00,
1587 0x77, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x77, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x63, 0x00,
1588 0x4f, 0x00, 0x67, 0x00, 0x64, 0x00, 0x39, 0x00, 0x37, 0x00, 0x31, 0x00, 0x30, 0x00,
1589 0x28, 0x00, 0x2e, 0x00, 0x6f, 0x00, 0x3e, 0x00, 0x59, 0x00, 0x28, 0x00, 0x67, 0x00,
1590 0x52, 0x00, 0x35, 0x00, 0x5a, 0x00, 0x7c, 0x00, 0x56, 0x00, 0x6a, 0x00, 0x5c, 0x00,
1591 0x3c, 0x00, 0x30, 0x00, 0x59, 0x00, 0x5c, 0x00, 0x5e, 0x00, 0x38, 0x00, 0x54, 0x00,
1592 0x5c, 0x00, 0x5b, 0x00, 0x42, 0x00, 0x62, 0x00, 0x70, 0x00, 0x34, 0x00, 0x5c, 0x00,
1593 0x57, 0x00, 0x7a, 0x00, 0x4b, 0x00, 0x2f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x4f, 0x00,
1594 0x41, 0x00, 0x33, 0x00, 0x52, 0x00, 0x36, 0x00, 0x27, 0x00, 0x30, 0x00, 0x6d, 0x00,
1595 0x4a, 0x00, 0x30, 0x00, 0x78, 0x00, 0x46, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x29, 0x00,
1596 0x66, 0x00, 0x3f, 0x00, 0x72, 0x00, 0x71, 0x00, 0x75, 0x00, 0x4c, 0x00, 0x2b, 0x00,
1597 0x5c, 0x00, 0x46, 0x00, 0x52, 0x00, 0x7b, 0x00, 0x5c, 0x00, 0x69, 0x00, 0x66, 0x00,
1598 0x56, 0x00, 0x31, 0x00, 0x2d, 0x00, 0x72, 0x00, 0x61, 0x00, 0x68, 0x00, 0x28, 0x00,
1599 0x7d, 0x00, 0x58, 0x00, 0x2a, 0x00, 0x7b, 0x00, 0x28, 0x00, 0x5b, 0x00, 0x54, 0x00,
1600 0x3a, 0x00, 0x26, 0x00, 0x52, 0x00, 0x44, 0x00, 0x60, 0x00, 0x50, 0x00, 0x65, 0x00,
1601 0x48, 0x00, 0x7d, 0x00, 0x2a, 0x00, 0x74, 0x00, 0x49, 0x00, 0x7b, 0x00, 0x21, 0x00,
1602 0x61, 0x00, 0x52, 0x00, 0x43, 0x00, 0x5f, 0x00, 0x5a, 0x00, 0x74, 0x00, 0x5c, 0x00,
1603 0x62, 0x00, 0x68, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x2b, 0x00, 0x6f, 0x00, 0x7c, 0x00,
1604 0x42, 0x00, 0x67, 0x00, 0x32, 0x00, 0x58, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2f, 0x00,
1605 0x2d, 0x00, 0x60, 0x00, 0x62, 0x00, 0x51, 0x00, 0x2a, 0x00, 0x30, 0x00, 0x31, 0x00,
1606 0x48, 0x00, 0x5b, 0x00, 0x5b, 0x00, 0x5d, 0x00, 0x25, 0x00, 0x58, 0x00, 0x4a, 0x00,
1607 0x76, 0x00, 0x32, 0x00, 0x62, 0x00, 0x27, 0x00, 0x42, 0x00, 0x40, 0x00, 0x53, 0x00,
1608 0x7c, 0x00, 0x7d, 0x00, 0x50, 0x00, 0x3d, 0x00, 0x40, 0x00, 0x76, 0x00, 0x38, 0x00,
1609 0x58, 0x00, 0x39, 0x00, 0x63, 0x00, 0x3c, 0x00, 0x5b, 0x00, 0x23, 0x00, 0x53, 0x00,
1610 0x7a, 0x00, 0x54, 0x00, 0x74, 0x00, 0x61, 0x00, 0x76, 0x00, 0x4a, 0x00, 0x3e, 0x00,
1611 0x33, 0x00, 0x75, 0x00, 0x66, 0x00, 0x2d, 0x00, 0x48, 0x00, 0x33, 0x00, 0x71, 0x00,
1612 0x76, 0x00, 0x48, 0x00, 0x71, 0x00, 0x41, 0x00, 0x6f, 0x00, 0x2a, 0x00, 0x67, 0x00,
1613 0x70, 0x00, 0x21, 0x00, 0x70, 0x00, 0x4b, 0x00, 0x52, 0x00, 0x58, 0x00, 0x68, 0x00,
1614 0x23, 0x00, 0x39, 0x00, 0x46, 0x00, 0x4d, 0x00, 0x51, 0x00, 0x57, 0x00, 0x3a, 0x00,
1615 0x79, 0x00, 0x7b, 0x00, 0x6c, 0x00, 0x55, 0x00, 0x33, 0x00, 0x65, 0x00, 0x49, 0x00,
1616 0x72, 0x00, 0x30, 0x00, 0x4f, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x31, 0x00, 0x4a, 0x00,
1617 0x60, 0x00, 0x79, 0x00, 0x70, 0x00, 0x4f, 0x00, 0x58, 0x00, 0x75, 0x00, 0x44, 0x00,
1618 0x59, 0x00, 0x58, 0x00, 0x46, 0x00, 0x3d, 0x00, 0x46, 0x00, 0x74, 0x00, 0x51, 0x00,
1619 0x57, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x23, 0x00, 0x45, 0x00, 0x60, 0x00,
1620 0x4c, 0x00, 0x72, 0x00, 0x4e, 0x00, 0x74, 0x00, 0x40, 0x00, 0x76, 0x00, 0x75, 0x00,
1621 0x74, 0x00, 0x56, 0x00, 0x44, 0x00, 0x29, 0x00, 0x62, 0x00, 0x58, 0x00, 0x31, 0x00,
1622 0x78, 0x00, 0x32, 0x00, 0x52, 0x00, 0x4a, 0x00, 0x6b, 0x00, 0x55, 0x00, 0x72, 0x00,
1623 0x6f, 0x00, 0x6f, 0x00, 0x4a, 0x00, 0x54, 0x00, 0x7d, 0x00, 0x68, 0x00, 0x3f, 0x00,
1624 0x28, 0x00, 0x21, 0x00, 0x53, 0x00, 0x48, 0x00, 0x5a, 0x00, 0x34, 0x00, 0x36, 0x00,
1625 0x35, 0x00, 0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x69, 0x00, 0x23, 0x00, 0x75, 0x00,
1626 0x55, 0x00, 0x43, 0x00, 0x75, 0x00, 0x2f, 0x00, 0x73, 0x00, 0x62, 0x00, 0x6f, 0x00,
1627 0x37, 0x00, 0x4e, 0x00, 0x25, 0x00, 0x25, 0x00, 0x21, 0x00, 0x3d, 0x00, 0x3c, 0x00,
1628 0x71, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x30, 0x00, 0x36, 0x00, 0x62, 0x00, 0x63, 0x00,
1629 0x53, 0x00, 0x54, 0x00, 0x5d, 0x00, 0x61, 0x00, 0x4c, 0x00, 0x28, 0x00, 0x2b, 0x00,
1630 0x4c, 0x00, 0x4e, 0x00, 0x66, 0x00, 0x5f, 0x00, 0x4b, 0x00, 0x43, 0x00, 0x75, 0x00,
1631 0x45, 0x00, 0x37, 0x00, 0x28, 0x00, 0x56, 0x00, 0x36, 0x00, 0x6a, 0x00, 0x3e, 0x00,
1632 0x64, 0x00, 0x34, 0x00, 0x6a, 0x00, 0x7d, 0x00, 0x4a, 0x00, 0x66, 0x00, 0x7a, 0x00,
1633 0x3e, 0x00, 0x75, 0x00, 0x38, 0x00, 0x7b, 0x00, 0x42, 0x00, 0x76, 0x00, 0x29, 0x00,
1634 0x4c, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x2b, 0x00, 0x51, 0x00,
1635 0x47, 0x00, 0x22, 0x00, 0x48, 0x00, 0x3d, 0x00, 0x49, 0x00, 0x44, 0x00, 0x5d, 0x00,
1636 0x59, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x24, 0x00, 0x35, 0x00, 0x34, 0x00, 0x70, 0x00,
1637 0x69, 0x00,
1638 ];
1639 let mut dcerpc_state = DCERPCState::new();
1640 assert_eq!(16, dcerpc_state.process_header(&request));
1641 assert_eq!(1008, dcerpc_state.process_request_pdu(&request[16..]));
1642 }
1643
1644 #[test]
1645 pub fn test_parse_dcerpc() {
1646 let request: &[u8] = &[
1647 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1648 0x00, 0x00, 0xe8, 0x03, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x45, 0x00, 0x2c, 0x00,
1649 0x4d, 0x00, 0x73, 0x00, 0x53, 0x00, 0x59, 0x00, 0x2a, 0x00, 0x4a, 0x00, 0x7a, 0x00,
1650 0x3e, 0x00, 0x58, 0x00, 0x21, 0x00, 0x4a, 0x00, 0x30, 0x00, 0x41, 0x00, 0x4b, 0x00,
1651 0x4b, 0x00, 0x3c, 0x00, 0x48, 0x00, 0x24, 0x00, 0x38, 0x00, 0x54, 0x00, 0x60, 0x00,
1652 0x2d, 0x00, 0x29, 0x00, 0x64, 0x00, 0x5b, 0x00, 0x77, 0x00, 0x3a, 0x00, 0x4c, 0x00,
1653 0x24, 0x00, 0x23, 0x00, 0x66, 0x00, 0x43, 0x00, 0x68, 0x00, 0x22, 0x00, 0x55, 0x00,
1654 0x29, 0x00, 0x2c, 0x00, 0x4f, 0x00, 0x5a, 0x00, 0x50, 0x00, 0x61, 0x00, 0x2a, 0x00,
1655 0x6f, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x68, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x67, 0x00,
1656 0x68, 0x00, 0x68, 0x00, 0x49, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x72, 0x00, 0x53, 0x00,
1657 0x4c, 0x00, 0x25, 0x00, 0x4d, 0x00, 0x67, 0x00, 0x2e, 0x00, 0x4f, 0x00, 0x64, 0x00,
1658 0x61, 0x00, 0x73, 0x00, 0x24, 0x00, 0x46, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x45, 0x00,
1659 0x6f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x33, 0x00, 0x38, 0x00, 0x47, 0x00, 0x71, 0x00,
1660 0x5a, 0x00, 0x37, 0x00, 0x7a, 0x00, 0x35, 0x00, 0x6b, 0x00, 0x3c, 0x00, 0x26, 0x00,
1661 0x37, 0x00, 0x69, 0x00, 0x75, 0x00, 0x36, 0x00, 0x37, 0x00, 0x47, 0x00, 0x21, 0x00,
1662 0x2d, 0x00, 0x69, 0x00, 0x37, 0x00, 0x78, 0x00, 0x5f, 0x00, 0x72, 0x00, 0x4b, 0x00,
1663 0x5c, 0x00, 0x74, 0x00, 0x3e, 0x00, 0x52, 0x00, 0x7a, 0x00, 0x49, 0x00, 0x31, 0x00,
1664 0x5a, 0x00, 0x7b, 0x00, 0x29, 0x00, 0x3b, 0x00, 0x78, 0x00, 0x3b, 0x00, 0x55, 0x00,
1665 0x3e, 0x00, 0x35, 0x00, 0x2b, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x59, 0x00, 0x38, 0x00,
1666 0x2a, 0x00, 0x59, 0x00, 0x6b, 0x00, 0x42, 0x00, 0x4c, 0x00, 0x3e, 0x00, 0x6a, 0x00,
1667 0x49, 0x00, 0x2c, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x35, 0x00, 0x4f, 0x00, 0x49, 0x00,
1668 0x55, 0x00, 0x35, 0x00, 0x61, 0x00, 0x72, 0x00, 0x77, 0x00, 0x38, 0x00, 0x32, 0x00,
1669 0x24, 0x00, 0x46, 0x00, 0x32, 0x00, 0x32, 0x00, 0x27, 0x00, 0x64, 0x00, 0x5a, 0x00,
1670 0x77, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x77, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x63, 0x00,
1671 0x4f, 0x00, 0x67, 0x00, 0x64, 0x00, 0x39, 0x00, 0x37, 0x00, 0x31, 0x00, 0x30, 0x00,
1672 0x28, 0x00, 0x2e, 0x00, 0x6f, 0x00, 0x3e, 0x00, 0x59, 0x00, 0x28, 0x00, 0x67, 0x00,
1673 0x52, 0x00, 0x35, 0x00, 0x5a, 0x00, 0x7c, 0x00, 0x56, 0x00, 0x6a, 0x00, 0x5c, 0x00,
1674 0x3c, 0x00, 0x30, 0x00, 0x59, 0x00, 0x5c, 0x00, 0x5e, 0x00, 0x38, 0x00, 0x54, 0x00,
1675 0x5c, 0x00, 0x5b, 0x00, 0x42, 0x00, 0x62, 0x00, 0x70, 0x00, 0x34, 0x00, 0x5c, 0x00,
1676 0x57, 0x00, 0x7a, 0x00, 0x4b, 0x00, 0x2f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x4f, 0x00,
1677 0x41, 0x00, 0x33, 0x00, 0x52, 0x00, 0x36, 0x00, 0x27, 0x00, 0x30, 0x00, 0x6d, 0x00,
1678 0x4a, 0x00, 0x30, 0x00, 0x78, 0x00, 0x46, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x29, 0x00,
1679 0x66, 0x00, 0x3f, 0x00, 0x72, 0x00, 0x71, 0x00, 0x75, 0x00, 0x4c, 0x00, 0x2b, 0x00,
1680 0x5c, 0x00, 0x46, 0x00, 0x52, 0x00, 0x7b, 0x00, 0x5c, 0x00, 0x69, 0x00, 0x66, 0x00,
1681 0x56, 0x00, 0x31, 0x00, 0x2d, 0x00, 0x72, 0x00, 0x61, 0x00, 0x68, 0x00, 0x28, 0x00,
1682 0x7d, 0x00, 0x58, 0x00, 0x2a, 0x00, 0x7b, 0x00, 0x28, 0x00, 0x5b, 0x00, 0x54, 0x00,
1683 0x3a, 0x00, 0x26, 0x00, 0x52, 0x00, 0x44, 0x00, 0x60, 0x00, 0x50, 0x00, 0x65, 0x00,
1684 0x48, 0x00, 0x7d, 0x00, 0x2a, 0x00, 0x74, 0x00, 0x49, 0x00, 0x7b, 0x00, 0x21, 0x00,
1685 0x61, 0x00, 0x52, 0x00, 0x43, 0x00, 0x5f, 0x00, 0x5a, 0x00, 0x74, 0x00, 0x5c, 0x00,
1686 0x62, 0x00, 0x68, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x2b, 0x00, 0x6f, 0x00, 0x7c, 0x00,
1687 0x42, 0x00, 0x67, 0x00, 0x32, 0x00, 0x58, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2f, 0x00,
1688 0x2d, 0x00, 0x60, 0x00, 0x62, 0x00, 0x51, 0x00, 0x2a, 0x00, 0x30, 0x00, 0x31, 0x00,
1689 0x48, 0x00, 0x5b, 0x00, 0x5b, 0x00, 0x5d, 0x00, 0x25, 0x00, 0x58, 0x00, 0x4a, 0x00,
1690 0x76, 0x00, 0x32, 0x00, 0x62, 0x00, 0x27, 0x00, 0x42, 0x00, 0x40, 0x00, 0x53, 0x00,
1691 0x7c, 0x00, 0x7d, 0x00, 0x50, 0x00, 0x3d, 0x00, 0x40, 0x00, 0x76, 0x00, 0x38, 0x00,
1692 0x58, 0x00, 0x39, 0x00, 0x63, 0x00, 0x3c, 0x00, 0x5b, 0x00, 0x23, 0x00, 0x53, 0x00,
1693 0x7a, 0x00, 0x54, 0x00, 0x74, 0x00, 0x61, 0x00, 0x76, 0x00, 0x4a, 0x00, 0x3e, 0x00,
1694 0x33, 0x00, 0x75, 0x00, 0x66, 0x00, 0x2d, 0x00, 0x48, 0x00, 0x33, 0x00, 0x71, 0x00,
1695 0x76, 0x00, 0x48, 0x00, 0x71, 0x00, 0x41, 0x00, 0x6f, 0x00, 0x2a, 0x00, 0x67, 0x00,
1696 0x70, 0x00, 0x21, 0x00, 0x70, 0x00, 0x4b, 0x00, 0x52, 0x00, 0x58, 0x00, 0x68, 0x00,
1697 0x23, 0x00, 0x39, 0x00, 0x46, 0x00, 0x4d, 0x00, 0x51, 0x00, 0x57, 0x00, 0x3a, 0x00,
1698 0x79, 0x00, 0x7b, 0x00, 0x6c, 0x00, 0x55, 0x00, 0x33, 0x00, 0x65, 0x00, 0x49, 0x00,
1699 0x72, 0x00, 0x30, 0x00, 0x4f, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x31, 0x00, 0x4a, 0x00,
1700 0x60, 0x00, 0x79, 0x00, 0x70, 0x00, 0x4f, 0x00, 0x58, 0x00, 0x75, 0x00, 0x44, 0x00,
1701 0x59, 0x00, 0x58, 0x00, 0x46, 0x00, 0x3d, 0x00, 0x46, 0x00, 0x74, 0x00, 0x51, 0x00,
1702 0x57, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x23, 0x00, 0x45, 0x00, 0x60, 0x00,
1703 0x4c, 0x00, 0x72, 0x00, 0x4e, 0x00, 0x74, 0x00, 0x40, 0x00, 0x76, 0x00, 0x75, 0x00,
1704 0x74, 0x00, 0x56, 0x00, 0x44, 0x00, 0x29, 0x00, 0x62, 0x00, 0x58, 0x00, 0x31, 0x00,
1705 0x78, 0x00, 0x32, 0x00, 0x52, 0x00, 0x4a, 0x00, 0x6b, 0x00, 0x55, 0x00, 0x72, 0x00,
1706 0x6f, 0x00, 0x6f, 0x00, 0x4a, 0x00, 0x54, 0x00, 0x7d, 0x00, 0x68, 0x00, 0x3f, 0x00,
1707 0x28, 0x00, 0x21, 0x00, 0x53, 0x00, 0x48, 0x00, 0x5a, 0x00, 0x34, 0x00, 0x36, 0x00,
1708 0x35, 0x00, 0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x69, 0x00, 0x23, 0x00, 0x75, 0x00,
1709 0x55, 0x00, 0x43, 0x00, 0x75, 0x00, 0x2f, 0x00, 0x73, 0x00, 0x62, 0x00, 0x6f, 0x00,
1710 0x37, 0x00, 0x4e, 0x00, 0x25, 0x00, 0x25, 0x00, 0x21, 0x00, 0x3d, 0x00, 0x3c, 0x00,
1711 0x71, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x30, 0x00, 0x36, 0x00, 0x62, 0x00, 0x63, 0x00,
1712 0x53, 0x00, 0x54, 0x00, 0x5d, 0x00, 0x61, 0x00, 0x4c, 0x00, 0x28, 0x00, 0x2b, 0x00,
1713 0x4c, 0x00, 0x4e, 0x00, 0x66, 0x00, 0x5f, 0x00, 0x4b, 0x00, 0x43, 0x00, 0x75, 0x00,
1714 0x45, 0x00, 0x37, 0x00, 0x28, 0x00, 0x56, 0x00, 0x36, 0x00, 0x6a, 0x00, 0x3e, 0x00,
1715 0x64, 0x00, 0x34, 0x00, 0x6a, 0x00, 0x7d, 0x00, 0x4a, 0x00, 0x66, 0x00, 0x7a, 0x00,
1716 0x3e, 0x00, 0x75, 0x00, 0x38, 0x00, 0x7b, 0x00, 0x42, 0x00, 0x76, 0x00, 0x29, 0x00,
1717 0x4c, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x2b, 0x00, 0x51, 0x00,
1718 0x47, 0x00, 0x22, 0x00, 0x48, 0x00, 0x3d, 0x00, 0x49, 0x00, 0x44, 0x00, 0x5d, 0x00,
1719 0x59, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x24, 0x00, 0x35, 0x00, 0x34, 0x00, 0x70, 0x00,
1720 0x69, 0x00,
1721 ];
1722 let mut dcerpc_state = DCERPCState::new();
1723 assert_eq!(
1724 AppLayerResult::ok(),
1725 dcerpc_state.handle_input_data(&request, core::STREAM_TOSERVER)
1726 );
1727 if let Some(hdr) = dcerpc_state.header {
1728 assert_eq!(0, hdr.hdrtype);
1729 assert_eq!(5, hdr.rpc_vers);
1730 assert_eq!(1024, hdr.frag_length);
1731 }
bab497ab
SB		 1732 let tx = &dcerpc_state.transactions[0];
1733 assert_eq!(11, tx.ctxid);
1734 assert_eq!(9, tx.opnum);
1735 assert_eq!(1, tx.first_request_seen);
1736 assert_eq!(1000, tx.stub_data_buffer_len_ts);
1737 assert_eq!(true, tx.stub_data_buffer_reset_ts);
8036202c
SB		 1738 }
1739
1740 #[test]
1741 pub fn test_parse_bind_pdu() {
1742 let bind1: &[u8] = &[
1743 0x05, 0x00, 0x0b, 0x01, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
1744 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1745 0x00, 0x00, 0x01, 0x00, 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, 0x86, 0x1e,
1746 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1747 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1748 0x00, 0x00,
1749 ];
1750 let bind2: &[u8] = &[
1751 0x05, 0x00, 0x0b, 0x02, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
1752 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1753 0x01, 0x00, 0x01, 0x00, 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, 0x86, 0x1e,
1754 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x67, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1755 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1756 0x00, 0x00,
1757 ];
1758 let mut dcerpc_state = DCERPCState::new();
1759 assert_eq!(
1760 AppLayerResult::ok(),
1761 dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
1762 );
1763 assert_eq!(
1764 AppLayerResult::ok(), // TODO ASK if this is correct?
1765 dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
1766 );
1767 }
1768
1769 #[test]
1770 pub fn test_parse_bind_frag_1() {
1771 let bind1: &[u8] = &[
1772 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0xdc, 0x02, 0x00, 0x00, 0x00, 0x00,
1773 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1774 0x00, 0x00, 0x01, 0x00, 0xc7, 0x70, 0x0d, 0x3e, 0x71, 0x37, 0x39, 0x0d, 0x3a, 0x4f,
1775 0xd3, 0xdc, 0xca, 0x49, 0xe8, 0xa3, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1776 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1777 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x84, 0xb6, 0x55, 0x75, 0xdb, 0x9e, 0xba, 0x54,
1778 0x56, 0xd3, 0x45, 0x10, 0xb7, 0x7a, 0x2a, 0xe2, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
1779 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1780 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x6e, 0x39, 0x21, 0x24, 0x70, 0x6f,
1781 0x41, 0x57, 0x54, 0x70, 0xb8, 0xc3, 0x5e, 0x89, 0x3b, 0x43, 0x03, 0x00, 0x00, 0x00,
1782 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1783 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x39, 0x6a, 0x86, 0x5d,
1784 0x24, 0x0f, 0xd2, 0xf7, 0xb6, 0xce, 0x95, 0x9c, 0x54, 0x1d, 0x3a, 0xdb, 0x02, 0x00,
1785 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1786 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x12, 0xa5,
1787 0xdd, 0xc5, 0x55, 0xce, 0xc3, 0x46, 0xbd, 0xa0, 0x94, 0x39, 0x3c, 0x0d, 0x9b, 0x5b,
1788 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1789 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
1790 0x87, 0x1c, 0x8b, 0x6e, 0x11, 0xa8, 0x67, 0x98, 0xd4, 0x5d, 0xf6, 0x8a, 0x2f, 0x33,
1791 0x24, 0x7b, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1792 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
1793 0x01, 0x00, 0x9b, 0x82, 0x13, 0xd1, 0x28, 0xe0, 0x63, 0xf3, 0x62, 0xee, 0x76, 0x73,
1794 0xf9, 0xac, 0x3d, 0x2e, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1795 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1796 0x07, 0x00, 0x01, 0x00, 0xa9, 0xd4, 0x73, 0xf2, 0xed, 0xad, 0xe8, 0x82, 0xf8, 0xcf,
1797 0x9d, 0x9f, 0x66, 0xe6, 0x43, 0x37, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1798 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1799 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x06, 0x2b, 0x85, 0x38, 0x4f, 0x73, 0x96, 0xb1,
1800 0x73, 0xe1, 0x59, 0xbe, 0x9d, 0xe2, 0x6c, 0x07, 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d,
1801 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1802 ];
1803 let bind2: &[u8] = &[
1804 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xbf, 0xfa, 0xbb, 0xa4, 0x9e, 0x5c,
1805 0x80, 0x61, 0xb5, 0x8b, 0x79, 0x69, 0xa6, 0x32, 0x88, 0x77, 0x01, 0x00, 0x01, 0x00,
1806 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1807 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x39, 0xa8, 0x2c, 0x39,
1808 0x73, 0x50, 0x06, 0x8d, 0xf2, 0x37, 0x1e, 0x1e, 0xa8, 0x8f, 0x46, 0x98, 0x02, 0x00,
1809 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1810 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x91, 0x13,
1811 0xd0, 0xa7, 0xef, 0xc4, 0xa7, 0x96, 0x0c, 0x4a, 0x0d, 0x29, 0x80, 0xd3, 0xfe, 0xbf,
1812 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1813 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
1814 0xcc, 0x2b, 0x55, 0x1d, 0xd4, 0xa4, 0x0d, 0xfb, 0xcb, 0x6f, 0x86, 0x36, 0xa6, 0x57,
1815 0xc3, 0x21, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1816 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
1817 0x01, 0x00, 0x43, 0x7b, 0x07, 0xee, 0x85, 0xa8, 0xb9, 0x3a, 0x0f, 0xf9, 0x83, 0x70,
1818 0xe6, 0x0b, 0x4f, 0x33, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1819 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1820 0x0e, 0x00, 0x01, 0x00, 0x9c, 0x6a, 0x15, 0x8c, 0xd6, 0x9c, 0xa6, 0xc3, 0xb2, 0x9e,
1821 0x62, 0x9f, 0x3d, 0x8e, 0x47, 0x73, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1822 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1823 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,
1824 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,
1825 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1826 0x02, 0x00, 0x00, 0x00,
1827 ];
1828 let mut dcerpc_state = DCERPCState::new();
1829 assert_eq!(
1830 AppLayerResult::ok(),
1831 dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
1832 );
1833 assert_eq!(
1834 AppLayerResult::ok(),
1835 dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
1836 );
1837 if let Some(ref bind) = dcerpc_state.bind {
1838 assert_eq!(16, bind.numctxitems);
1839 assert_eq!(0, dcerpc_state.bytes_consumed); // because the buffer is cleared after a query is complete
1840 }
1841 }
1842
1843 #[test]
1844 pub fn test_parse_bind_frag_2() {
1845 let request1: &[u8] = &[
1846 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1847 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1848 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1849 ];
1850 let request2: &[u8] = &[0x0D, 0x0E];
1851 let request3: &[u8] = &[0x0F, 0x10, 0x11, 0x12, 0x13, 0x14];
1852 let mut dcerpc_state = DCERPCState::new();
1853 assert_eq!(
1854 AppLayerResult::ok(),
1855 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
1856 );
1857 assert_eq!(
1858 AppLayerResult::ok(),
1859 dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
1860 );
1861 assert_eq!(
1862 AppLayerResult::ok(),
1863 dcerpc_state.handle_input_data(&request3, core::STREAM_TOSERVER)
1864 );
bab497ab
SB		 1865 let tx = &dcerpc_state.transactions[0];
1866 assert_eq!(20, tx.stub_data_buffer_len_ts);
8036202c
SB		 1867 }
1868
1869 #[test]
1870 pub fn test_parse_bind_frag_3() {
1871 let request1: &[u8] = &[
1872 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1873 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1874 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1875 ];
1876 let mut dcerpc_state = DCERPCState::new();
1877 assert_eq!(
1878 AppLayerResult::ok(),
1879 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
1880 );
1881 }
1882
1883 #[test]
1884 pub fn test_parse_bind_frag_4() {
1885 let request1: &[u8] = &[
1886 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1887 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1888 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1889 ];
1890 let mut dcerpc_state = DCERPCState::new();
1891 assert_eq!(
1892 AppLayerResult::ok(),
1893 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
1894 );
1895 }
1896
1897 #[test]
1898 pub fn test_parse_dcerpc_frag_1() {
1899 let fault: &[u8] = &[
1900 0x05, 0x00, 0x03, 0x03, 0x10, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
1901 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0xf7, 0x06, 0x00, 0x00,
1902 0x00, 0x00, 0x00, 0x00,
1903 ];
1904 let request1: &[u8] = &[0x05, 0x00];
1905 let request2: &[u8] = &[
1906 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1907 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
1908 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1909 ];
1910 let mut dcerpc_state = DCERPCState::new();
1911 assert_eq!(
1912 AppLayerResult::err(),
1913 dcerpc_state.handle_input_data(&fault, core::STREAM_TOSERVER)
1914 );
1915 assert_eq!(
1916 AppLayerResult::ok(),
1917 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
1918 );
1919 assert_eq!(
1920 AppLayerResult::ok(),
1921 dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
1922 );
bab497ab
SB		 1923 let tx = &dcerpc_state.transactions[0];
1924 assert_eq!(12, tx.stub_data_buffer_len_ts);
8036202c
SB		 1925 }
1926
1927 #[test]
1928 pub fn test_parse_dcerpc_frag_2() {
1929 let request1: &[u8] = &[
1930 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00,
1931 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1932 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1933 ];
1934 let request2: &[u8] = &[0x05, 0x00];
1935 let request3: &[u8] = &[
1936 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1937 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
1938 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1939 ];
1940 let mut dcerpc_state = DCERPCState::new();
1941 assert_eq!(
1942 AppLayerResult::ok(),
1943 dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
1944 );
1945 assert_eq!(
1946 AppLayerResult::ok(),
1947 dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
1948 );
1949 assert_eq!(
1950 AppLayerResult::ok(),
1951 dcerpc_state.handle_input_data(&request3, core::STREAM_TOSERVER)
1952 );
1953 }
1954
1955 #[test]
1956 pub fn test_parse_dcerpc_back_frag() {
1957 let bind_ack1: &[u8] = &[
1958 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00,
1959 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
1960 ];
1961 let bind_ack2: &[u8] = &[
1962 0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x6c, 0x73, 0x61, 0x73, 0x73, 0x00,
1963 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1964 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1965 0x00, 0x00,
1966 ];
1967 let mut dcerpc_state = DCERPCState::new();
1968 dcerpc_state.data_needed_for_dir = core::STREAM_TOCLIENT;
1969 assert_eq!(
1970 AppLayerResult::ok(),
1971 dcerpc_state.handle_input_data(&bind_ack1, core::STREAM_TOCLIENT)
1972 );
1973 assert_eq!(
1974 AppLayerResult::ok(),
1975 dcerpc_state.handle_input_data(&bind_ack2, core::STREAM_TOCLIENT)
1976 );
1977 }
1978
1979 #[test]
1980 // Check if the parser accepts bind pdus that have context ids starting
1981 // from a non-zero value.
1982 pub fn test_parse_bind_pdu_ctx_id_non_zero() {
1983 let bindbuf: &[u8] = &[
1984 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x7f, 0x00,
1985 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1986 0x01, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00,
1987 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1988 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1989 0x00, 0x00,
1990 ];
1991 let mut dcerpc_state = DCERPCState::new();
1992 let expected_uuid: &[u8] = &[
1993 0x00, 0x00, 0x01, 0xa0, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00,
1994 0x00, 0x46,
1995 ];
1996 assert_eq!(
1997 AppLayerResult::ok(),
1998 dcerpc_state.handle_input_data(&bindbuf, core::STREAM_TOSERVER)
1999 );
2000 if let Some(ref bind) = dcerpc_state.bind {
2001 let bind_uuid = &bind.uuid_list[0].uuid;
2002 assert_eq!(1, bind.uuid_list.len());
2003 assert_eq!(
2004 cmp::Ordering::Equal,
2005 bind_uuid
2006 .iter()
2007 .zip(expected_uuid)
2008 .map(|(x, y)| x.cmp(y))
2009 .find(|&ord| ord != cmp::Ordering::Equal)
2010 .unwrap_or(bind_uuid.len().cmp(&expected_uuid.len()))
2011 );
2012 }
2013 }
2014
2015 #[test]
2016 // Check for endless loop with bind PDUs (Imported from C code)
2017 pub fn test_parse_bind_pdu_infinite_loop() {
2018 let bindbuf: &[u8] = &[
2019 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x4A, 0x00, 0x00, 0x00, 0x7f, 0x00,
2020 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
2021 0x01, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00,
2022 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2023 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2024 0x00, 0x00, 0x02, 0x00, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04,
2025 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02,
2026 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
2027 0x01, 0x02, 0x03, 0x04, 0xFF, /* ka boom - endless loop */
2028 ];
2029 let mut dcerpc_state = DCERPCState::new();
2030 assert_eq!(
2031 AppLayerResult::ok(),
2032 dcerpc_state.handle_input_data(&bindbuf, core::STREAM_TOSERVER)
2033 );
2034 }
2035
2036 #[test]
2037 // Check for endless loop with bind_ack PDUs (Imported from C code)
2038 pub fn test_parse_bindack_pdu_infinite_loop() {
2039 let bind_ack: &[u8] = &[
2040 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x00, 0x00, 0x7f, 0x00,
2041 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0xfd, 0x04, 0x01, 0x00, 0x04, 0x00, 0x31, 0x33,
2042 0x35, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d,
2043 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2044 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2045 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x01, 0x02, 0x03, 0x04,
2046 0xFF,
2047 ];
2048 let mut dcerpc_state = DCERPCState::new();
2049 dcerpc_state.data_needed_for_dir = core::STREAM_TOCLIENT;
2050 assert_eq!(
2051 AppLayerResult::ok(),
2052 dcerpc_state.handle_input_data(&bind_ack, core::STREAM_TOCLIENT)
2053 );
2054 }
2055
2056 #[test]
2057 // Check for correct internal ids for bind_acks
2058 pub fn test_parse_bindack_internal_ids() {
2059 let bind1: &[u8] = &[
2060 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x58, 0x02, 0x00, 0x00, 0x00, 0x00,
2061 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
2062 0x00, 0x00, 0x01, 0x00, 0x50, 0x08, 0x43, 0x95, 0x43, 0x5a, 0x8b, 0xb2, 0xf4, 0xc5,
2063 0xb9, 0xee, 0x67, 0x55, 0x7c, 0x19, 0x00, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2064 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2065 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0xda, 0xc2, 0xbc, 0x9b, 0x35, 0x2e, 0xd4, 0xc9,
2066 0x1f, 0x85, 0x01, 0xe6, 0x4e, 0x5a, 0x5e, 0xd4, 0x04, 0x00, 0x03, 0x00, 0x04, 0x5d,
2067 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2068 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xb2, 0x97, 0xcc, 0x14, 0x6f, 0x70,
2069 0x0d, 0xa5, 0x33, 0xd7, 0xf4, 0xe3, 0x8e, 0xb2, 0x2a, 0x1e, 0x05, 0x00, 0x02, 0x00,
2070 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2071 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x96, 0x4e, 0xa6, 0xf6,
2072 0xb2, 0x4b, 0xae, 0xb3, 0x21, 0xf4, 0x97, 0x7c, 0xcd, 0xa7, 0x08, 0xb0, 0x00, 0x00,
2073 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2074 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0xbc, 0xc0,
2075 0xf7, 0x71, 0x3f, 0x71, 0x54, 0x44, 0x22, 0xa8, 0x55, 0x0f, 0x98, 0x83, 0x1f, 0xfe,
2076 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2077 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2078 0xbe, 0x52, 0xf2, 0x58, 0x4a, 0xc3, 0xb5, 0xd0, 0xba, 0xac, 0xda, 0xf0, 0x12, 0x99,
2079 0x38, 0x6e, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2080 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2081 0x01, 0x00, 0xdb, 0xfa, 0x73, 0x01, 0xb3, 0x81, 0x01, 0xd4, 0x7f, 0xa0, 0x36, 0xb1,
2082 0x97, 0xae, 0x29, 0x7f, 0x01, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2083 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2084 0x07, 0x00, 0x01, 0x00, 0x89, 0xbe, 0x41, 0x1d, 0x38, 0x75, 0xf5, 0xb5, 0xad, 0x27,
2085 0x73, 0xf1, 0xb0, 0x7a, 0x28, 0x82, 0x05, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2086 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2087 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0xf6, 0x87, 0x09, 0x93, 0xb8, 0xa8, 0x20, 0xc4,
2088 0xb8, 0x63, 0xe6, 0x95, 0xed, 0x59, 0xee, 0x3f, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d,
2089 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2090 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x92, 0x77, 0x92, 0x68, 0x3e, 0xa4,
2091 0xbc, 0x3f, 0x44, 0x33, 0x0e, 0xb8, 0x33, 0x0a, 0x2f, 0xdf, 0x01, 0x00, 0x02, 0x00,
2092 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2093 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0xa1, 0x03, 0xd2, 0xa9,
2094 0xd2, 0x16, 0xc9, 0x89, 0x67, 0x18, 0x3e, 0xb1, 0xee, 0x6b, 0xf9, 0x18, 0x02, 0x00,
2095 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2096 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x2f, 0x09,
2097 0x5e, 0x74, 0xec, 0xa0, 0xbb, 0xc1, 0x60, 0x18, 0xf1, 0x93, 0x04, 0x17, 0x11, 0xf9,
2098 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2099 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
2100 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2101 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2102 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2103 ];
2104 let bind_ack1: &[u8] = &[
2105 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00,
2106 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0xc1, 0x2b, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x50,
2107 0x49, 0x50, 0x45, 0x5c, 0x62, 0x72, 0x6f, 0x77, 0x73, 0x65, 0x72, 0x00, 0x0d, 0x00,
2108 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2109 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2110 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2111 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2112 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2113 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2114 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2115 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2116 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2117 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2118 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2119 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2120 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2121 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2122 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2123 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2124 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2125 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2126 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2127 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2128 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2129 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2130 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2131 ];
2132 let bind2: &[u8] = &[
2133 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0xdc, 0x02, 0x00, 0x00, 0x00, 0x00,
2134 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
2135 0x00, 0x00, 0x01, 0x00, 0xc7, 0x70, 0x0d, 0x3e, 0x71, 0x37, 0x39, 0x0d, 0x3a, 0x4f,
2136 0xd3, 0xdc, 0xca, 0x49, 0xe8, 0xa3, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2137 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2138 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x84, 0xb6, 0x55, 0x75, 0xdb, 0x9e, 0xba, 0x54,
2139 0x56, 0xd3, 0x45, 0x10, 0xb7, 0x7a, 0x2a, 0xe2, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
2140 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2141 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x6e, 0x39, 0x21, 0x24, 0x70, 0x6f,
2142 0x41, 0x57, 0x54, 0x70, 0xb8, 0xc3, 0x5e, 0x89, 0x3b, 0x43, 0x03, 0x00, 0x00, 0x00,
2143 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2144 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x39, 0x6a, 0x86, 0x5d,
2145 0x24, 0x0f, 0xd2, 0xf7, 0xb6, 0xce, 0x95, 0x9c, 0x54, 0x1d, 0x3a, 0xdb, 0x02, 0x00,
2146 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2147 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x12, 0xa5,
2148 0xdd, 0xc5, 0x55, 0xce, 0xc3, 0x46, 0xbd, 0xa0, 0x94, 0x39, 0x3c, 0x0d, 0x9b, 0x5b,
2149 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2150 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2151 0x87, 0x1c, 0x8b, 0x6e, 0x11, 0xa8, 0x67, 0x98, 0xd4, 0x5d, 0xf6, 0x8a, 0x2f, 0x33,
2152 0x24, 0x7b, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2153 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2154 0x01, 0x00, 0x9b, 0x82, 0x13, 0xd1, 0x28, 0xe0, 0x63, 0xf3, 0x62, 0xee, 0x76, 0x73,
2155 0xf9, 0xac, 0x3d, 0x2e, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2156 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2157 0x07, 0x00, 0x01, 0x00, 0xa9, 0xd4, 0x73, 0xf2, 0xed, 0xad, 0xe8, 0x82, 0xf8, 0xcf,
2158 0x9d, 0x9f, 0x66, 0xe6, 0x43, 0x37, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2159 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2160 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x06, 0x2b, 0x85, 0x38, 0x4f, 0x73, 0x96, 0xb1,
2161 0x73, 0xe1, 0x59, 0xbe, 0x9d, 0xe2, 0x6c, 0x07, 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d,
2162 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2163 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xbf, 0xfa, 0xbb, 0xa4, 0x9e, 0x5c,
2164 0x80, 0x61, 0xb5, 0x8b, 0x79, 0x69, 0xa6, 0x32, 0x88, 0x77, 0x01, 0x00, 0x01, 0x00,
2165 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2166 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x39, 0xa8, 0x2c, 0x39,
2167 0x73, 0x50, 0x06, 0x8d, 0xf2, 0x37, 0x1e, 0x1e, 0xa8, 0x8f, 0x46, 0x98, 0x02, 0x00,
2168 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2169 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x91, 0x13,
2170 0xd0, 0xa7, 0xef, 0xc4, 0xa7, 0x96, 0x0c, 0x4a, 0x0d, 0x29, 0x80, 0xd3, 0xfe, 0xbf,
2171 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2172 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
2173 0xcc, 0x2b, 0x55, 0x1d, 0xd4, 0xa4, 0x0d, 0xfb, 0xcb, 0x6f, 0x86, 0x36, 0xa6, 0x57,
2174 0xc3, 0x21, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2175 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
2176 0x01, 0x00, 0x43, 0x7b, 0x07, 0xee, 0x85, 0xa8, 0xb9, 0x3a, 0x0f, 0xf9, 0x83, 0x70,
2177 0xe6, 0x0b, 0x4f, 0x33, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2178 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2179 0x0e, 0x00, 0x01, 0x00, 0x9c, 0x6a, 0x15, 0x8c, 0xd6, 0x9c, 0xa6, 0xc3, 0xb2, 0x9e,
2180 0x62, 0x9f, 0x3d, 0x8e, 0x47, 0x73, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2181 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2182 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,
2183 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,
2184 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2185 0x02, 0x00, 0x00, 0x00,
2186 ];
2187 let bind_ack2: &[u8] = &[
2188 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0xac, 0x01, 0x00, 0x00, 0x00, 0x00,
2189 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0xc2, 0x2b, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x50,
2190 0x49, 0x50, 0x45, 0x5c, 0x62, 0x72, 0x6f, 0x77, 0x73, 0x65, 0x72, 0x00, 0x10, 0x00,
2191 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2192 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2193 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2194 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2195 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2196 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2197 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2198 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2199 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2200 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2201 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2202 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2203 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2204 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2205 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2206 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2207 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2208 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2209 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2210 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2213 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2214 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2215 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2216 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2217 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2218 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2219 ];
2220 let bind3: &[u8] = &[
2221 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2c, 0x02, 0x00, 0x00, 0x00, 0x00,
2222 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
2223 0x00, 0x00, 0x01, 0x00, 0xa4, 0x7f, 0x8e, 0xc6, 0xef, 0x56, 0x9b, 0x63, 0x92, 0xfa,
2224 0x08, 0xb3, 0x35, 0xe2, 0xa5, 0x81, 0x00, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2225 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2226 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x9f, 0xfc, 0x78, 0xd2, 0x5f, 0x16, 0x0b, 0xbc,
2227 0xc6, 0xdb, 0x5d, 0xef, 0xde, 0x54, 0xa2, 0x6f, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
2228 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2229 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x78, 0xb8, 0x96, 0xc7, 0x2f, 0xda,
2230 0x11, 0x6b, 0xd1, 0x28, 0x68, 0xe1, 0xd6, 0x71, 0xac, 0x9d, 0x03, 0x00, 0x00, 0x00,
2231 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2232 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xcf, 0xf4, 0xd7, 0x37,
2233 0x03, 0xda, 0xcc, 0xe3, 0x3e, 0x34, 0x7f, 0x67, 0x99, 0x91, 0x41, 0x3d, 0x01, 0x00,
2234 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2235 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x48, 0xeb,
2236 0x32, 0xf0, 0x27, 0xd5, 0x9d, 0xd0, 0x1e, 0xc6, 0x48, 0x46, 0x97, 0xe9, 0xdb, 0x09,
2237 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2238 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2239 0x82, 0xec, 0x0d, 0x08, 0xf2, 0x8f, 0x22, 0x57, 0x42, 0x9b, 0xce, 0xa8, 0x74, 0x16,
2240 0xc6, 0xec, 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2241 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2242 0x01, 0x00, 0x2e, 0x00, 0x70, 0x44, 0xee, 0xc9, 0x30, 0x6b, 0xf4, 0x34, 0x1e, 0x3d,
2243 0x35, 0x0f, 0xf7, 0xf7, 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2244 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2245 0x07, 0x00, 0x01, 0x00, 0x59, 0x04, 0x39, 0x3f, 0x59, 0x87, 0x14, 0x0e, 0x76, 0x8d,
2246 0x17, 0xc2, 0x47, 0xfa, 0x67, 0x7f, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2247 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2248 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x30, 0xd6, 0xed, 0x2e, 0x57, 0xfa, 0xf4, 0x72,
2249 0x6c, 0x10, 0x0d, 0xe5, 0x51, 0x7f, 0xd0, 0x39, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d,
2250 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2251 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xea, 0x8b, 0x84, 0x4d, 0x44, 0x43,
2252 0xc1, 0x94, 0x75, 0xe2, 0x81, 0x48, 0xd8, 0x77, 0xd9, 0xce, 0x05, 0x00, 0x00, 0x00,
2253 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2254 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x89, 0x4f, 0xe7, 0x95,
2255 0xa3, 0xc1, 0x62, 0x36, 0x26, 0x9e, 0x67, 0xdb, 0x2c, 0x52, 0x89, 0xd3, 0x01, 0x00,
2256 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2257 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x78, 0x56,
2258 0x34, 0x12, 0x34, 0x12, 0xcd, 0xab, 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
2259 0x01, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2260 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2261 ];
2262 let bind_ack3: &[u8] = &[
2263 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x4c, 0x01, 0x00, 0x00, 0x00, 0x00,
2264 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x1a, 0x33, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x70,
2265 0x69, 0x70, 0x65, 0x5c, 0x73, 0x70, 0x6f, 0x6f, 0x6c, 0x73, 0x73, 0x00, 0x0c, 0x00,
2266 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2267 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2268 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2269 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2270 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2271 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2272 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2273 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2274 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2275 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2276 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2277 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2278 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2279 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2280 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2281 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2282 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2283 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2284 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2285 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2286 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2287 ];
2288 let mut dcerpc_state = DCERPCState::new();
2289 let expected_uuid1 = vec![
2290 0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2291 0xe1, 0x88,
2292 ];
2293 let expected_uuid2 = vec![
2294 0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2295 0xe1, 0x88,
2296 ];
2297 let expected_uuid3 = vec![
2298 0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0xab, 0xcd, 0xef, 0x00, 0x01, 0x23, 0x45, 0x67,
2299 0x89, 0xab,
2300 ];
2301 assert_eq!(
2302 AppLayerResult::ok(),
2303 dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
2304 );
2305 assert_eq!(
2306 AppLayerResult::ok(),
2307 dcerpc_state.handle_input_data(&bind_ack1, core::STREAM_TOCLIENT)
2308 );
2309 if let Some(ref back) = dcerpc_state.bindack {
2310 assert_eq!(1, back.accepted_uuid_list.len());
2311 assert_eq!(12, back.accepted_uuid_list[0].ctxid);
2312 assert_eq!(expected_uuid1, back.accepted_uuid_list[0].uuid);
2313 }
2314 assert_eq!(
2315 AppLayerResult::ok(),
2316 dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
2317 );
2318 assert_eq!(
2319 AppLayerResult::ok(),
2320 dcerpc_state.handle_input_data(&bind_ack2, core::STREAM_TOCLIENT)
2321 );
2322 if let Some(ref back) = dcerpc_state.bindack {
2323 assert_eq!(1, back.accepted_uuid_list.len());
2324 assert_eq!(15, back.accepted_uuid_list[0].ctxid);
2325 assert_eq!(expected_uuid2, back.accepted_uuid_list[0].uuid);
2326 }
2327 assert_eq!(
2328 AppLayerResult::ok(),
2329 dcerpc_state.handle_input_data(&bind3, core::STREAM_TOSERVER)
2330 );
2331 assert_eq!(
2332 AppLayerResult::ok(),
2333 dcerpc_state.handle_input_data(&bind_ack3, core::STREAM_TOCLIENT)
2334 );
2335 if let Some(ref back) = dcerpc_state.bindack {
2336 assert_eq!(1, back.accepted_uuid_list.len());
2337 dcerpc_state.data_needed_for_dir = core::STREAM_TOSERVER;
2338 assert_eq!(11, back.accepted_uuid_list[0].ctxid);
2339 assert_eq!(expected_uuid3, back.accepted_uuid_list[0].uuid);
2340 }
2341 }
2342
2343 #[test]
2344 pub fn test_bind_acks_alter_contexts_internal_ids() {
2345 let bind: &[u8] = &[
2346 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01, 0x00,
2347 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2348 0x00, 0x00, 0x01, 0x00, 0x40, 0xfd, 0x2c, 0x34, 0x6c, 0x3c, 0xce, 0x11, 0xa8, 0x93,
2349 0x08, 0x00, 0x2b, 0x2e, 0x9c, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2350 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2351 0x00, 0x00,
2352 ];
2353 let bindack: &[u8] = &[
2354 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x01, 0x00,
2355 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x7d, 0xd8, 0x00, 0x00, 0x0d, 0x00, 0x5c, 0x70,
2356 0x69, 0x70, 0x65, 0x5c, 0x6c, 0x6c, 0x73, 0x72, 0x70, 0x63, 0x00, 0x00, 0x01, 0x00,
2357 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2358 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2359 ];
2360 let alter_context: &[u8] = &[
2361 0x05, 0x00, 0x0e, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01, 0x00,
2362 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2363 0x01, 0x00, 0x01, 0x00, 0xd0, 0x4c, 0x67, 0x57, 0x00, 0x52, 0xce, 0x11, 0xa8, 0x97,
2364 0x08, 0x00, 0x2b, 0x2e, 0x9c, 0x6d, 0x01, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2365 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2366 0x00, 0x00,
2367 ];
2368 let alter_context_resp: &[u8] = &[
2369 0x05, 0x00, 0x0f, 0x03, 0x10, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x01, 0x00,
2370 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x7d, 0xd8, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00,
2371 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2372 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2373 ];
2374
2375 let mut dcerpc_state = DCERPCState::new();
2376 let expected_uuid1 = vec![
2377 0x34, 0x2c, 0xfd, 0x40, 0x3c, 0x6c, 0x11, 0xce, 0xa8, 0x93, 0x08, 0x00, 0x2b, 0x2e,
2378 0x9c, 0x6d,
2379 ];
2380 let expected_uuid2 = vec![
2381 0x57, 0x67, 0x4c, 0xd0, 0x52, 0x00, 0x11, 0xce, 0xa8, 0x97, 0x08, 0x00, 0x2b, 0x2e,
2382 0x9c, 0x6d,
2383 ];
2384 assert_eq!(
2385 AppLayerResult::ok(),
2386 dcerpc_state.handle_input_data(bind, core::STREAM_TOSERVER)
2387 );
2388 assert_eq!(
2389 AppLayerResult::ok(),
2390 dcerpc_state.handle_input_data(bindack, core::STREAM_TOCLIENT)
2391 );
2392 if let Some(ref back) = dcerpc_state.bindack {
2393 assert_eq!(1, back.accepted_uuid_list.len());
2394 assert_eq!(0, back.accepted_uuid_list[0].ctxid);
2395 assert_eq!(expected_uuid1, back.accepted_uuid_list[0].uuid);
2396 }
2397 assert_eq!(
2398 AppLayerResult::ok(),
2399 dcerpc_state.handle_input_data(alter_context, core::STREAM_TOSERVER)
2400 );
2401 assert_eq!(
2402 AppLayerResult::ok(),
2403 dcerpc_state.handle_input_data(alter_context_resp, core::STREAM_TOCLIENT)
2404 );
2405 if let Some(ref back) = dcerpc_state.bindack {
2406 assert_eq!(1, back.accepted_uuid_list.len());
2407 assert_eq!(1, back.accepted_uuid_list[0].ctxid);
2408 assert_eq!(expected_uuid2, back.accepted_uuid_list[0].uuid);
2409 }
2410 }
2411
2412 #[test]
2413 pub fn test_parse_dcerpc_frag_3() {
2414 let request1: &[u8] = &[
2415 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x01, 0x00,
2416 0x00, 0x00, 0x0c, 0x00,
2417 ];
2418 let request2: &[u8] = &[
2419 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
2420 0x09, 0x0A, 0x0B, 0x0C, 0xFF, 0xFF,
2421 ];
2422 let mut dcerpc_state = DCERPCState::new();
2423 assert_eq!(
2424 AppLayerResult::ok(),
2425 dcerpc_state.handle_input_data(request1, core::STREAM_TOSERVER)
2426 );
2427 assert_eq!(
2428 AppLayerResult::ok(),
2429 dcerpc_state.handle_input_data(request2, core::STREAM_TOSERVER)
2430 );
bab497ab
SB		 2431 let tx = &dcerpc_state.transactions[0];
2432 assert_eq!(2, tx.opnum);
2433 assert_eq!(0, tx.ctxid);
2434 assert_eq!(14, tx.stub_data_buffer_len_ts);
8036202c
SB		 2435 }
2436}
Michael's tree of suricata