]> git.ipfire.org Git - people/ms/suricata.git/blame - rust/src/dcerpc/dcerpc.rs
projects / people / ms / suricata.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
app-layer: include decoder events in app-layer tx data
[people/ms/suricata.git] / rust / src / dcerpc / dcerpc.rs
CommitLineData
8036202c
SB		 1/* Copyright (C) 2020 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
3641f1b5 18use crate::applayer::*;
0ac5c537 19use crate::core::{self, *};
8036202c 20use crate::dcerpc::parser;
8036202c
SB		 21use nom::error::ErrorKind;
22use nom::number::Endianness;
4c7f55e6 23use nom;
f4f6387a 24use std;
8036202c 25use std::cmp;
bac69af7 26use std::ffi::CString;
8036202c
SB		 27
28// Constant DCERPC UDP Header length
29pub const DCERPC_HDR_LEN: u16 = 16;
30// FIRST flag set on the packet
31pub const DCERPC_UUID_ENTRY_FLAG_FF: u16 = 0x0001;
32
e9b21553
IB		 33// Flag bits in connection-oriented PDU header
34
8036202c
SB		 35// Value to indicate first fragment
36pub const PFC_FIRST_FRAG: u8 = 0x01;
37// Value to indicate last fragment
38pub const PFC_LAST_FRAG: u8 = 0x02;
39// Cancel was pending at sender
40pub const PFC_PENDING_CANCEL: u8 = 0x04;
41pub const PFC_RESERVED_1: u8 = 0x08;
42// supports concurrent multiplexing of a single connection.
43pub const PFC_CONC_MPX: u8 = 0x10;
44// only meaningful on `fault' packet; if true, guaranteed
45// call did not execute.
46pub const PFC_DID_NOT_EXECUTE: u8 = 0x20;
47// `maybe' call semantics requested
48pub const PFC_MAYBE: u8 = 0x40;
49// if true, a non-nil object UUID was specified in the handle, and
50// is present in the optional object field. If false, the object field
51// is omitted.
52pub const PFC_OBJECT_UUID: u8 = 0x80;
53
e9b21553
IB		 54// Flag bits in first flag field in connectionless PDU header.
55pub const PFCL1_RESERVED_01: u8 = 0x01; // Reserved for use by implementations
56pub const PFCL1_LASTFRAG: u8 = 0x02; // If set, the PDU is the last fragment
57 // of a multi-PDU transmission
58pub const PFCL1_FRAG: u8 = 0x04; // If set, the PDU is a fragment
59 // of a multi-PDU transmission
60pub const PFCL1_NOFACK: u8 = 0x08; // If set, the receiver is not requested
61 // to send a `fack' PDU for the fragment
62pub const PFCL1_MAYBE: u8 = 0x10; // If set, the PDU is for a `maybe' request
63pub const PFCL1_IDEMPOTENT: u8 = 0x20; // If set, the PDU is for
64 // an idempotent request
65pub const PFCL1_BROADCAST: u8 = 0x40; // If set, the PDU is for
66 // a broadcast request
67pub const PFCL1_RESERVED_80: u8 = 0x80; // Reserved for use by implementations
68
69// Flag bits in second flag field in connectionless PDU header.
70pub const PFCL2_RESERVED_01: u8 = 0x01; // Reserved for use by implementations
71pub const PFCL2_CANCEL_PENDING: u8 = 0x02; // Cancel pending at the call end
72pub const PFCL2_RESERVED_04: u8 = 0x04; // Reserved for future use
73pub const PFCL2_RESERVED_08: u8 = 0x08; // Reserved for future use
74pub const PFCL2_RESERVED_10: u8 = 0x10; // Reserved for future use
75pub const PFCL2_RESERVED_20: u8 = 0x20; // Reserved for future use
76pub const PFCL2_RESERVED_40: u8 = 0x40; // Reserved for future use
77pub const PFCL2_RESERVED_80: u8 = 0x80; // Reserved for future use
78
8036202c
SB		 79pub const REASON_NOT_SPECIFIED: u8 = 0;
80pub const TEMPORARY_CONGESTION: u8 = 1;
81pub const LOCAL_LIMIT_EXCEEDED: u8 = 2;
82pub const CALLED_PADDR_UNKNOWN: u8 = 3; /* not used */
83pub const PROTOCOL_VERSION_NOT_SUPPORTED: u8 = 4;
84pub const DEFAULT_CONTEXT_NOT_SUPPORTED: u8 = 5; /* not used */
85pub const USER_DATA_NOT_READABLE: u8 = 6; /* not used */
86pub const NO_PSAP_AVAILABLE: u8 = 7; /* not used */
87
88// DCERPC Header packet types
89pub const DCERPC_TYPE_REQUEST: u8 = 0;
90pub const DCERPC_TYPE_PING: u8 = 1;
91pub const DCERPC_TYPE_RESPONSE: u8 = 2;
92pub const DCERPC_TYPE_FAULT: u8 = 3;
93pub const DCERPC_TYPE_WORKING: u8 = 4;
94pub const DCERPC_TYPE_NOCALL: u8 = 5;
95pub const DCERPC_TYPE_REJECT: u8 = 6;
96pub const DCERPC_TYPE_ACK: u8 = 7;
97pub const DCERPC_TYPE_CL_CANCEL: u8 = 8;
98pub const DCERPC_TYPE_FACK: u8 = 9;
99pub const DCERPC_TYPE_CANCEL_ACK: u8 = 10;
100pub const DCERPC_TYPE_BIND: u8 = 11;
101pub const DCERPC_TYPE_BINDACK: u8 = 12;
102pub const DCERPC_TYPE_BINDNAK: u8 = 13;
103pub const DCERPC_TYPE_ALTER_CONTEXT: u8 = 14;
104pub const DCERPC_TYPE_ALTER_CONTEXT_RESP: u8 = 15;
105pub const DCERPC_TYPE_AUTH3: u8 = 16;
106pub const DCERPC_TYPE_SHUTDOWN: u8 = 17;
107pub const DCERPC_TYPE_CO_CANCEL: u8 = 18;
108pub const DCERPC_TYPE_ORPHANED: u8 = 19;
109pub const DCERPC_TYPE_RTS: u8 = 20;
bab497ab 110pub const DCERPC_TYPE_UNKNOWN: u8 = 99;
8036202c 111
bac69af7
SB		 112pub static mut ALPROTO_DCERPC: AppProto = ALPROTO_UNKNOWN;
113
8036202c
SB		 114pub fn dcerpc_type_string(t: u8) -> String {
115 match t {
116 DCERPC_TYPE_REQUEST => "REQUEST",
117 DCERPC_TYPE_PING => "PING",
118 DCERPC_TYPE_RESPONSE => "RESPONSE",
119 DCERPC_TYPE_FAULT => "FAULT",
120 DCERPC_TYPE_WORKING => "WORKING",
121 DCERPC_TYPE_NOCALL => "NOCALL",
122 DCERPC_TYPE_REJECT => "REJECT",
123 DCERPC_TYPE_ACK => "ACK",
124 DCERPC_TYPE_CL_CANCEL => "CL_CANCEL",
125 DCERPC_TYPE_FACK => "FACK",
126 DCERPC_TYPE_CANCEL_ACK => "CANCEL_ACK",
127 DCERPC_TYPE_BIND => "BIND",
128 DCERPC_TYPE_BINDACK => "BINDACK",
129 DCERPC_TYPE_BINDNAK => "BINDNAK",
130 DCERPC_TYPE_ALTER_CONTEXT => "ALTER_CONTEXT",
131 DCERPC_TYPE_ALTER_CONTEXT_RESP => "ALTER_CONTEXT_RESP",
132 DCERPC_TYPE_AUTH3 => "AUTH3",
133 DCERPC_TYPE_SHUTDOWN => "SHUTDOWN",
134 DCERPC_TYPE_CO_CANCEL => "CO_CANCEL",
135 DCERPC_TYPE_ORPHANED => "ORPHANED",
136 DCERPC_TYPE_RTS => "RTS",
bab497ab 137 DCERPC_TYPE_UNKNOWN => "UNKNOWN",
8036202c
SB		 138 _ => {
139 return (t).to_string();
140 }
141 }
142 .to_string()
143}
144
bab497ab
SB		 145pub fn get_resp_type_for_req(t: u8) -> u8 {
146 match t {
147 DCERPC_TYPE_REQUEST => DCERPC_TYPE_RESPONSE,
148 DCERPC_TYPE_BIND => DCERPC_TYPE_BINDACK,
149 DCERPC_TYPE_ALTER_CONTEXT => DCERPC_TYPE_ALTER_CONTEXT_RESP,
150 _ => DCERPC_TYPE_UNKNOWN,
151 }
152}
153
154pub fn get_req_type_for_resp(t: u8) -> u8 {
155 match t {
156 DCERPC_TYPE_RESPONSE => DCERPC_TYPE_REQUEST,
157 DCERPC_TYPE_BINDACK => DCERPC_TYPE_BIND,
158 DCERPC_TYPE_ALTER_CONTEXT_RESP => DCERPC_TYPE_ALTER_CONTEXT,
159 _ => DCERPC_TYPE_UNKNOWN,
160 }
161}
162
1ef0bd58 163#[derive(Default, Debug)]
bab497ab 164pub struct DCERPCTransaction {
2840a2e0 165 pub id: u64, // internal transaction ID
8036202c
SB		 166 pub ctxid: u16,
167 pub opnum: u16,
168 pub first_request_seen: u8,
bab497ab
SB		 169 pub call_id: u32, // ID to match any request-response pair
170 pub frag_cnt_ts: u16,
171 pub frag_cnt_tc: u16,
172 pub endianness: u8,
173 pub stub_data_buffer_ts: Vec<u8>,
174 pub stub_data_buffer_tc: Vec<u8>,
bab497ab
SB		 175 pub stub_data_buffer_reset_ts: bool,
176 pub stub_data_buffer_reset_tc: bool,
177 pub req_done: bool,
178 pub resp_done: bool,
4c7f55e6
SB		 179 pub req_lost: bool,
180 pub resp_lost: bool,
bab497ab
SB		 181 pub req_cmd: u8,
182 pub resp_cmd: u8,
6916b63f
IB		 183 pub activityuuid: Vec<u8>,
184 pub seqnum: u32,
bab497ab 185 pub tx_data: AppLayerTxData,
8036202c
SB		 186}
187
bab497ab 188impl DCERPCTransaction {
1ef0bd58
JL		 189 pub fn new() -> Self {
190 return Self {
bab497ab
SB		 191 stub_data_buffer_ts: Vec::new(),
192 stub_data_buffer_tc: Vec::new(),
bab497ab
SB		 193 req_cmd: DCERPC_TYPE_REQUEST,
194 resp_cmd: DCERPC_TYPE_RESPONSE,
6916b63f 195 activityuuid: Vec::new(),
bab497ab 196 tx_data: AppLayerTxData::new(),
1ef0bd58
JL		 197 ..Default::default()
198 }
8036202c 199 }
8036202c 200
bab497ab
SB		 201 pub fn get_req_ctxid(&self) -> u16 {
202 self.ctxid
203 }
8036202c 204
bab497ab
SB		 205 pub fn get_first_req_seen(&self) -> u8 {
206 self.first_request_seen
207 }
208
209 pub fn get_req_opnum(&self) -> u16 {
210 self.opnum
211 }
212
213 pub fn get_endianness(&self) -> u8 {
214 self.endianness
8036202c
SB		 215 }
216}
217
bab497ab
SB		 218#[derive(Debug)]
219pub struct DCERPCRequest {
220 pub ctxid: u16,
221 pub opnum: u16,
222 pub first_request_seen: u8,
223}
224
1ef0bd58 225#[derive(Default, Debug, Clone)]
8036202c
SB		 226pub struct DCERPCUuidEntry {
227 pub ctxid: u16,
228 pub internal_id: u16,
229 pub result: u16,
230 pub uuid: Vec<u8>,
231 pub version: u16,
232 pub versionminor: u16,
233 pub flags: u16,
234}
235
236impl DCERPCUuidEntry {
1ef0bd58
JL		 237 pub fn new() -> Self {
238 Default::default()
8036202c
SB		 239 }
240}
241
242#[derive(Debug, PartialEq)]
243pub struct Uuid {
244 pub time_low: Vec<u8>,
245 pub time_mid: Vec<u8>,
246 pub time_hi_and_version: Vec<u8>,
247 pub clock_seq_hi_and_reserved: u8,
248 pub clock_seq_low: u8,
249 pub node: Vec<u8>,
250}
251
252#[derive(Debug)]
253pub struct DCERPCHdr {
254 pub rpc_vers: u8,
255 pub rpc_vers_minor: u8,
256 pub hdrtype: u8,
257 pub pfc_flags: u8,
258 pub packed_drep: Vec<u8>,
259 pub frag_length: u16,
260 pub auth_length: u16,
261 pub call_id: u32,
262}
263
264#[derive(Debug)]
265pub struct DCERPCBind {
266 pub numctxitems: u8,
267 pub uuid_list: Vec<DCERPCUuidEntry>,
268}
269
270#[derive(Debug)]
271pub struct BindCtxItem {
272 pub ctxid: u16,
273 pub uuid: Vec<u8>,
274 pub version: u16,
275 pub versionminor: u16,
276}
277
278#[derive(Debug, PartialEq)]
279pub struct DCERPCBindAckResult {
280 pub ack_result: u16,
281 pub ack_reason: u16,
282 pub transfer_syntax: Vec<u8>,
283 pub syntax_version: u32,
284}
285
286#[derive(Debug)]
287pub struct DCERPCBindAck {
288 pub accepted_uuid_list: Vec<DCERPCUuidEntry>,
289 pub sec_addr_len: u16,
290 pub numctxitems: u8,
291 pub ctxitems: Vec<DCERPCBindAckResult>,
292}
293
1ef0bd58 294#[derive(Default, Debug)]
8036202c
SB		 295pub struct DCERPCState {
296 pub header: Option<DCERPCHdr>,
297 pub bind: Option<DCERPCBind>,
298 pub bindack: Option<DCERPCBindAck>,
bab497ab 299 pub transactions: Vec<DCERPCTransaction>,
8036202c
SB		 300 pub buffer_ts: Vec<u8>,
301 pub buffer_tc: Vec<u8>,
302 pub pad: u8,
303 pub padleft: u16,
304 pub bytes_consumed: u16,
2840a2e0 305 pub tx_id: u64,
8036202c 306 pub query_completed: bool,
a866499b
SB		 307 pub data_needed_for_dir: Direction,
308 pub prev_dir: Direction,
bab497ab
SB		 309 pub prev_tx_call_id: u32,
310 pub clear_bind_cache: bool,
4c7f55e6
SB		 311 pub ts_gap: bool,
312 pub tc_gap: bool,
313 pub ts_ssn_gap: bool,
314 pub tc_ssn_gap: bool,
8b288663
VJ		 315 pub ts_ssn_trunc: bool, /// true if Truncated in this direction
316 pub tc_ssn_trunc: bool,
0ac5c537 317 pub flow: Option<*const core::Flow>,
8036202c
SB		 318}
319
320impl DCERPCState {
1ef0bd58
JL		 321 pub fn new() -> Self {
322 return Self {
a866499b
SB		 323 data_needed_for_dir: Direction::ToServer,
324 prev_dir: Direction::ToServer,
1ef0bd58
JL		 325 ..Default::default()
326 }
8036202c
SB		 327 }
328
bab497ab
SB		 329 fn create_tx(&mut self, call_id: u32) -> DCERPCTransaction {
330 let mut tx = DCERPCTransaction::new();
331 let endianness = self.get_hdr_drep_0() & 0x10;
332 tx.id = self.tx_id;
333 tx.call_id = call_id;
334 tx.endianness = endianness;
335 self.tx_id += 1;
8b288663
VJ		 336 tx.req_done = self.ts_ssn_trunc;
337 tx.resp_done = self.tc_ssn_trunc;
bab497ab
SB		 338 tx
339 }
340
5d985c42
VJ		 341 pub fn free_tx(&mut self, tx_id: u64) {
342 SCLogDebug!("Freeing TX with ID {} TX.ID {}", tx_id, tx_id+1);
343 let len = self.transactions.len();
344 let mut found = false;
345 let mut index = 0;
346 for i in 0..len {
347 let tx = &self.transactions[i];
348 if tx.id as u64 == tx_id { //+ 1 {
349 found = true;
350 index = i;
351 SCLogDebug!("tx {} progress {}/{}", tx.id, tx.req_done, tx.resp_done);
352 break;
353 }
354 }
355 if found {
356 SCLogDebug!("freeing TX with ID {} TX.ID {} at index {} left: {} max id: {}",
357 tx_id, tx_id+1, index, self.transactions.len(), self.tx_id);
358 self.transactions.remove(index);
359 }
360 }
361
8036202c
SB		 362 fn get_hdr_drep_0(&self) -> u8 {
363 if let Some(ref hdr) = &self.header {
364 return hdr.packed_drep[0];
365 }
366 0
367 }
368
369 fn get_endianness(&self) -> Endianness {
370 let drep_0 = self.get_hdr_drep_0();
371 if drep_0 & 0x10 == 0 {
372 return Endianness::Big;
373 }
374 Endianness::Little
375 }
376
377 fn get_hdr_fraglen(&self) -> Option<u16> {
378 debug_validate_bug_on!(self.header.is_none());
379 if let Some(ref hdr) = self.header {
380 return Some(hdr.frag_length);
381 }
382 // Shouldn't happen
383 None
384 }
385
386 fn get_hdr_pfcflags(&self) -> Option<u8> {
387 debug_validate_bug_on!(self.header.is_none());
388 if let Some(ref hdr) = self.header {
389 return Some(hdr.pfc_flags);
390 }
391 // Shouldn't happen
392 None
393 }
394
395 pub fn get_hdr_type(&self) -> Option<u8> {
396 debug_validate_bug_on!(self.header.is_none());
397 if let Some(ref hdr) = self.header {
398 return Some(hdr.hdrtype);
399 }
400 // Shouldn't happen
401 None
402 }
403
404 pub fn get_hdr_rpc_vers(&self) -> Option<u8> {
405 debug_validate_bug_on!(self.header.is_none());
406 if let Some(ref hdr) = self.header {
407 return Some(hdr.rpc_vers);
408 }
409 // Shouldn't happen
410 None
411 }
412
bab497ab
SB		 413 pub fn get_hdr_call_id(&self) -> Option<u32> {
414 debug_validate_bug_on!(self.header.is_none());
415 if let Some(ref hdr) = self.header {
416 return Some(hdr.call_id);
8036202c
SB		 417 }
418 // Shouldn't happen
419 None
420 }
421
422 pub fn handle_gap_ts(&mut self) -> u8 {
423 if self.buffer_ts.len() > 0 {
424 self.buffer_ts.clear();
425 }
426 return 0;
427 }
428
429 pub fn handle_gap_tc(&mut self) -> u8 {
430 if self.buffer_tc.len() > 0 {
431 self.buffer_tc.clear();
432 }
433 return 0;
434 }
435
a866499b 436 pub fn clean_buffer(&mut self, direction: Direction) {
8036202c 437 match direction {
a866499b 438 Direction::ToServer => {
8036202c 439 self.buffer_ts.clear();
4c7f55e6 440 self.ts_gap = false;
8036202c 441 }
a866499b 442 Direction::ToClient => {
8036202c 443 self.buffer_tc.clear();
4c7f55e6 444 self.tc_gap = false;
8036202c
SB		 445 }
446 }
447 self.bytes_consumed = 0;
448 }
449
a866499b 450 pub fn extend_buffer(&mut self, buffer: &[u8], direction: Direction) {
8036202c 451 match direction {
a866499b 452 Direction::ToServer => {
8036202c
SB		 453 self.buffer_ts.extend_from_slice(buffer);
454 }
a866499b 455 Direction::ToClient => {
8036202c
SB		 456 self.buffer_tc.extend_from_slice(buffer);
457 }
458 }
459 self.data_needed_for_dir = direction;
460 }
461
a866499b
SB		 462 pub fn reset_direction(&mut self, direction: Direction) {
463 if direction == Direction::ToServer {
464 self.data_needed_for_dir = Direction::ToClient;
8036202c 465 } else {
a866499b 466 self.data_needed_for_dir = Direction::ToServer;
8036202c
SB		 467 }
468 }
469
bab497ab
SB		 470 /// Get transaction as per the given transaction ID. Transaction ID with
471 /// which the lookup is supposed to be done as per the calls from AppLayer
472 /// parser in C. This requires an internal transaction ID to be maintained.
473 ///
474 /// Arguments:
475 /// * `tx_id`:
476 /// type: unsigned 32 bit integer
477 /// description: internal transaction ID to track transactions
478 ///
479 /// Return value:
480 /// Option mutable reference to DCERPCTransaction
2840a2e0 481 pub fn get_tx(&mut self, tx_id: u64) -> Option<&mut DCERPCTransaction> {
bab497ab
SB		 482 for tx in &mut self.transactions {
483 let found = tx.id == tx_id;
484 if found {
485 return Some(tx);
486 }
487 }
488 None
489 }
490
491 /// Find the transaction as per call ID defined in header. If the tx is not
492 /// found, create one.
493 ///
494 /// Arguments:
495 /// * `call_id`:
496 /// type: unsigned 32 bit integer
497 /// description: call_id param derived from TCP Header
498 /// * `dir`:
a866499b 499 /// type: enum Direction
bab497ab
SB		 500 /// description: direction of the flow
501 ///
502 /// Return value:
503 /// Option mutable reference to DCERPCTransaction
a866499b 504 pub fn get_tx_by_call_id(&mut self, call_id: u32, dir: Direction) -> Option<&mut DCERPCTransaction> {
bab497ab
SB		 505 let cmd = self.get_hdr_type().unwrap_or(0);
506 for tx in &mut self.transactions {
507 let found = tx.call_id == call_id;
508 if found {
509 match dir {
a866499b 510 Direction::ToServer => {
bab497ab
SB		 511 let resp_cmd = get_resp_type_for_req(cmd);
512 if resp_cmd != tx.resp_cmd {
513 continue;
514 }
515 }
a866499b 516 Direction::ToClient => {
bab497ab
SB		 517 let req_cmd = get_req_type_for_resp(cmd);
518 if req_cmd != tx.req_cmd {
519 continue;
520 }
521 }
522 }
523 return Some(tx);
524 }
525 }
526 None
527 }
528
529 pub fn handle_bind_cache(&mut self, call_id: u32, is_response: bool) {
530 if self.clear_bind_cache == true {
531 self.bind = None;
532 self.bindack = None;
533 }
534 if self.prev_tx_call_id == call_id && is_response == true {
535 self.clear_bind_cache = true;
536 } else {
537 self.clear_bind_cache = false;
538 }
539 self.prev_tx_call_id = call_id;
540 }
541
a866499b 542 pub fn parse_data_gap(&mut self, direction: Direction) -> AppLayerResult {
4c7f55e6 543 match direction {
a866499b 544 Direction::ToServer => {
4c7f55e6
SB		 545 self.ts_gap = true;
546 self.ts_ssn_gap = true;
547 },
a866499b 548 Direction::ToClient => {
4c7f55e6
SB		 549 self.tc_gap = true;
550 self.tc_ssn_gap = true;
551 },
552 }
553 AppLayerResult::ok()
554 }
555
a866499b 556 pub fn post_gap_housekeeping(&mut self, dir: Direction) {
4c7f55e6 557 SCLogDebug!("ts ssn gap: {:?}, tc ssn gap: {:?}, dir: {:?}", self.ts_ssn_gap, self.tc_ssn_gap, dir);
a866499b 558 if self.ts_ssn_gap && dir == Direction::ToServer {
4c7f55e6
SB		 559 for tx in &mut self.transactions {
560 if tx.id >= self.tx_id {
561 SCLogDebug!("post_gap_housekeeping: done");
562 break;
563 }
564 if tx.req_done == false {
565 tx.req_lost = true;
566 }
567 tx.req_done = true;
0ac5c537 568 if let Some(flow) = self.flow {
a866499b 569 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, dir as i32);
0ac5c537 570 }
4c7f55e6 571 }
a866499b 572 } else if self.tc_ssn_gap && dir == Direction::ToClient {
4c7f55e6
SB		 573 for tx in &mut self.transactions {
574 if tx.id >= self.tx_id {
575 SCLogDebug!("post_gap_housekeeping: done");
576 break;
577 }
578 if tx.req_done == false {
579 tx.req_lost = true;
580 }
581 if tx.resp_done == false {
582 tx.resp_lost = true;
583 }
584 tx.req_done = true;
585 tx.resp_done = true;
0ac5c537 586 if let Some(flow) = self.flow {
a866499b 587 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, dir as i32);
0ac5c537 588 }
4c7f55e6
SB		 589 }
590 }
591 }
592
593 pub fn search_dcerpc_record<'a>(&mut self, i: &'a[u8]) -> nom::IResult<&'a[u8], &'a[u8]> {
594 let mut d = i;
595 while d.len() >= 2 {
596 if d[0] == 0x05 && d[1] == 0x00 {
597 return Ok((&d[2..], d));
598 }
599 d = &d[1..];
600 }
601 Err(nom::Err::Incomplete(nom::Needed::Size(2 as usize - d.len())))
602 }
603
8036202c
SB		 604 /// Makes a call to the nom parser for parsing DCERPC Header.
605 ///
606 /// Arguments:
607 /// * `input`:
608 /// type: u8 vector slice.
609 /// description: bytes from the beginning of the buffer.
610 ///
611 /// Return value:
612 /// * Success: Number of bytes successfully parsed.
613 /// * Failure: -1 in case of Incomplete data or Eof.
614 /// -2 in case of Error while parsing.
615 pub fn process_header(&mut self, input: &[u8]) -> i32 {
616 match parser::parse_dcerpc_header(input) {
617 Ok((leftover_bytes, header)) => {
618 if header.rpc_vers != 5
619 || (header.rpc_vers_minor != 0 && header.rpc_vers_minor != 1)
620 {
621 SCLogDebug!(
622 "DCERPC Header did not validate. Major version: {:?} Minor version: {:?}",
623 header.rpc_vers,
624 header.rpc_vers_minor
625 );
626 return -1;
627 }
628 self.header = Some(header);
629 (input.len() - leftover_bytes.len()) as i32
630 }
631 Err(nom::Err::Incomplete(_)) => {
632 // Insufficient data.
633 SCLogDebug!("Insufficient data while parsing DCERPC header");
634 -1
635 }
636 Err(nom::Err::Error(([], ErrorKind::Eof))) => {
637 SCLogDebug!("EoF reached while parsing DCERPC header");
638 -1
639 }
640 Err(_) => {
641 // Error, probably malformed data.
642 SCLogDebug!("An error occured while parsing DCERPC header");
643 -2
644 }
645 }
646 }
647
648 pub fn handle_bindctxitem(&mut self, input: &[u8], uuid_internal_id: u16) -> i32 {
649 let endianness = self.get_endianness();
650 match parser::parse_bindctx_item(input, endianness) {
651 Ok((leftover_bytes, ctxitem)) => {
652 let mut uuidentry = DCERPCUuidEntry::new();
653 uuidentry.uuid = ctxitem.uuid;
654 uuidentry.internal_id = uuid_internal_id;
655 uuidentry.ctxid = ctxitem.ctxid;
656 uuidentry.version = ctxitem.version;
657 uuidentry.versionminor = ctxitem.versionminor;
658 let pfcflags = self.get_hdr_pfcflags().unwrap_or(0);
659 // Store the first frag flag in the uuid as pfc_flags will
660 // be overwritten by new packets
661 if pfcflags & PFC_FIRST_FRAG > 0 {
662 uuidentry.flags |= DCERPC_UUID_ENTRY_FLAG_FF;
663 }
664 if let Some(ref mut bind) = self.bind {
665 SCLogDebug!("DCERPC BIND CtxItem: Pushing uuid: {:?}", uuidentry);
666 bind.uuid_list.push(uuidentry);
667 }
668 (input.len() - leftover_bytes.len()) as i32
669 }
670 Err(nom::Err::Incomplete(_)) => {
671 // Insufficient data.
672 SCLogDebug!("Insufficient data while parsing DCERPC BIND CTXItem");
673 -1
674 }
675 Err(_) => {
676 // Error, probably malformed data.
677 SCLogDebug!("An error occurred while parsing DCERPC BIND CTXItem");
678 -1
679 }
680 }
681 }
682
683 pub fn process_bind_pdu(&mut self, input: &[u8]) -> i32 {
684 let mut retval = 0;
685 let mut idx = 12; // Bytes consumed if parser returns OK would be 12
686 match parser::parse_dcerpc_bind(input) {
687 Ok((leftover_bytes, header)) => {
688 let numctxitems = header.numctxitems;
689 self.bind = Some(header);
690 for i in 0..numctxitems {
691 retval = self.handle_bindctxitem(&input[idx as usize..], i as u16);
692 if retval == -1 {
693 return -1;
694 }
695 idx = retval + idx;
696 }
bab497ab
SB		 697 let call_id = self.get_hdr_call_id().unwrap_or(0);
698 let mut tx = self.create_tx(call_id);
699 tx.req_cmd = self.get_hdr_type().unwrap_or(0);
700 tx.req_done = true;
0ac5c537 701 if let Some(flow) = self.flow {
a866499b 702 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToServer as i32);
0ac5c537 703 }
bab497ab
SB		 704 tx.frag_cnt_ts = 1;
705 self.transactions.push(tx);
8036202c
SB		 706 // Bytes parsed with `parse_dcerpc_bind` + (bytes parsed per bindctxitem [44] * number
707 // of bindctxitems)
708 (input.len() - leftover_bytes.len()) as i32 + retval * numctxitems as i32
709 }
710 Err(nom::Err::Incomplete(_)) => {
711 // Insufficient data.
712 SCLogDebug!("Insufficient data while parsing DCERPC BIND header");
713 -1
714 }
715 Err(_) => {
716 // Error, probably malformed data.
717 SCLogDebug!("An error occurred while parsing DCERPC BIND header");
718 -1
719 }
720 }
721 }
722
723 pub fn process_bindack_pdu(&mut self, input: &[u8]) -> i32 {
724 match parser::parse_dcerpc_bindack(input) {
725 Ok((leftover_bytes, mut back)) => {
726 if let Some(ref mut bind) = self.bind {
727 let mut uuid_internal_id = 0;
728 for r in back.ctxitems.iter() {
729 for mut uuid in bind.uuid_list.iter_mut() {
730 if uuid.internal_id == uuid_internal_id {
731 uuid.result = r.ack_result;
732 if uuid.result != 0 {
733 break;
734 }
735 back.accepted_uuid_list.push(uuid.clone());
736 SCLogDebug!("DCERPC BINDACK accepted UUID: {:?}", uuid);
737 }
738 }
739 uuid_internal_id += 1;
740 }
741 self.bindack = Some(back);
742 }
743 (input.len() - leftover_bytes.len()) as i32
744 }
745 Err(nom::Err::Incomplete(_)) => {
746 // Insufficient data.
747 SCLogDebug!("Insufficient data while parsing DCERPC BINDACK");
748 -1
749 }
750 Err(_) => {
751 // Error, probably malformed data.
752 SCLogDebug!("An error occurred while parsing DCERPC BINDACK");
753 -1
754 }
755 }
756 }
757
a866499b 758 pub fn handle_stub_data(&mut self, input: &[u8], input_len: u16, dir: Direction) -> u16 {
bab497ab 759 let retval;
8036202c
SB		 760 let hdrpfcflags = self.get_hdr_pfcflags().unwrap_or(0);
761 let padleft = self.padleft;
bab497ab
SB		 762 let call_id = self.get_hdr_call_id().unwrap_or(0);
763 let hdrtype = self.get_hdr_type();
764 let tx;
765 if let Some(transaction) = self.get_tx_by_call_id(call_id, dir) {
766 tx = transaction;
767 } else {
768 SCLogDebug!("No transaction found matching the call ID: {:?}", call_id);
769 return 0;
770 }
771
8036202c 772 // Update the stub params based on the packet type
bab497ab 773 match hdrtype {
8036202c
SB		 774 Some(x) => match x {
775 DCERPC_TYPE_REQUEST => {
bab497ab
SB		 776 retval = evaluate_stub_params(
777 input,
778 input_len,
779 hdrpfcflags,
780 padleft,
781 &mut tx.stub_data_buffer_ts,
bab497ab
SB		 782 &mut tx.stub_data_buffer_reset_ts,
783 );
784 tx.req_done = true;
785 tx.frag_cnt_ts = 1;
0ac5c537 786 if let Some(flow) = self.flow {
a866499b 787 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToServer as i32);
0ac5c537 788 }
8036202c
SB		 789 }
790 DCERPC_TYPE_RESPONSE => {
bab497ab
SB		 791 retval = evaluate_stub_params(
792 input,
793 input_len,
794 hdrpfcflags,
795 padleft,
796 &mut tx.stub_data_buffer_tc,
bab497ab
SB		 797 &mut tx.stub_data_buffer_reset_tc,
798 );
799 tx.resp_done = true;
800 tx.frag_cnt_tc = 1;
0ac5c537 801 if let Some(flow) = self.flow {
a866499b 802 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToClient as i32);
0ac5c537 803 }
8036202c
SB		 804 }
805 _ => {
806 SCLogDebug!("Unrecognized packet type");
807 return 0;
808 }
809 },
810 None => {
811 return 0;
812 }
813 }
814 // Update the remaining fragment length
815 self.padleft -= retval;
816
817 retval
818 }
819
820 /// Handles stub data for both request and response.
821 ///
822 /// Arguments:
823 /// * `input`:
824 /// type: u8 vector slice.
825 /// description: bytes left *after* parsing header.
826 /// * `bytes_consumed`:
827 /// type: 16 bit unsigned integer.
828 /// description: bytes consumed *after* parsing header.
829 /// * `dir`:
a866499b 830 /// type: enum Direction.
8036202c
SB		 831 /// description: direction whose stub is supposed to be handled.
832 ///
833 /// Return value:
834 /// * Success: Number of bytes successfully parsed.
835 /// * Failure: -1 in case fragment length defined by header mismatches the data.
a866499b 836 pub fn handle_common_stub(&mut self, input: &[u8], bytes_consumed: u16, dir: Direction) -> i32 {
8036202c
SB		 837 let fraglen = self.get_hdr_fraglen().unwrap_or(0);
838 if fraglen < bytes_consumed as u16 + DCERPC_HDR_LEN {
839 return -1;
840 }
841 self.padleft = fraglen - DCERPC_HDR_LEN - bytes_consumed;
842 let mut input_left = input.len() as u16 - bytes_consumed;
301454e9
SB		 843 let mut parsed = bytes_consumed as i32;
844 while input_left > 0 && parsed < fraglen as i32 {
bab497ab 845 let retval = self.handle_stub_data(&input[parsed as usize..], input_left, dir);
8036202c 846 if retval > 0 && retval <= input_left {
301454e9 847 parsed += retval as i32;
8036202c
SB		 848 input_left -= retval;
849 } else if input_left > 0 {
850 SCLogDebug!(
851 "Error parsing DCERPC {} stub data",
a866499b 852 if dir == Direction::ToServer {
8036202c
SB		 853 "request"
854 } else {
855 "response"
856 }
857 );
301454e9 858 parsed -= input_left as i32;
8036202c
SB		 859 input_left = 0;
860 }
861 }
301454e9 862 parsed
8036202c
SB		 863 }
864
865 pub fn process_request_pdu(&mut self, input: &[u8]) -> i32 {
866 let endianness = self.get_endianness();
867 match parser::parse_dcerpc_request(input, endianness) {
bab497ab
SB		 868 Ok((leftover_input, request)) => {
869 let call_id = self.get_hdr_call_id().unwrap_or(0);
870 let hdr_type = self.get_hdr_type().unwrap_or(0);
a866499b 871 let mut transaction = self.get_tx_by_call_id(call_id, Direction::ToServer);
bab497ab
SB		 872 match transaction {
873 Some(ref mut tx) => {
874 tx.req_cmd = hdr_type;
875 tx.ctxid = request.ctxid;
876 tx.opnum = request.opnum;
877 tx.first_request_seen = request.first_request_seen;
878 }
879 None => {
880 let mut tx = self.create_tx(call_id);
881 tx.req_cmd = hdr_type;
882 tx.ctxid = request.ctxid;
883 tx.opnum = request.opnum;
884 tx.first_request_seen = request.first_request_seen;
885 self.transactions.push(tx);
886 }
887 }
8036202c 888 let parsed = self.handle_common_stub(
69cf5c9e 889 input,
8036202c 890 (input.len() - leftover_input.len()) as u16,
a866499b 891 Direction::ToServer,
8036202c
SB		 892 );
893 parsed
894 }
895 Err(nom::Err::Incomplete(_)) => {
896 // Insufficient data.
897 SCLogDebug!("Insufficient data while parsing DCERPC REQUEST");
898 -1
899 }
900 Err(_) => {
901 // Error, probably malformed data.
902 SCLogDebug!("An error occurred while parsing DCERPC REQUEST");
903 -1
904 }
905 }
906 }
907
a866499b 908 pub fn handle_input_data(&mut self, input: &[u8], direction: Direction) -> AppLayerResult {
8036202c
SB		 909 let mut parsed;
910 let retval;
4c7f55e6
SB		 911 let mut cur_i = input;
912 let input_len = cur_i.len();
8036202c
SB		 913 let mut v: Vec<u8>;
914 // Set any query's completion status to false in the beginning
915 self.query_completed = false;
4c7f55e6
SB		 916
917 // Skip the record since this means that its in the middle of a known length record
a866499b 918 if (self.ts_gap && direction == Direction::ToServer) || (self.tc_gap && direction == Direction::ToClient) {
4c7f55e6 919 SCLogDebug!("Trying to catch up after GAP (input {})", cur_i.len());
97c67cd5
SB		 920 match self.search_dcerpc_record(cur_i) {
921 Ok((_, pg)) => {
922 SCLogDebug!("DCERPC record found");
923 let offset = cur_i.len() - pg.len();
924 cur_i = &cur_i[offset..];
925 match direction {
a866499b 926 Direction::ToServer => {
97c67cd5
SB		 927 self.ts_gap = false;
928 },
a866499b 929 Direction::ToClient => {
97c67cd5 930 self.tc_gap = false;
4c7f55e6 931 }
97c67cd5
SB		 932 }
933 },
934 _ => {
935 let mut consumed = cur_i.len();
936 // At least 2 bytes are required to know if a new record is beginning
937 if consumed < 2 {
938 consumed = 0;
939 } else {
940 consumed = consumed - 1;
941 }
942 SCLogDebug!("DCERPC record NOT found");
943 return AppLayerResult::incomplete(consumed as u32, 2);
944 },
4c7f55e6
SB		 945 }
946 }
947
8036202c
SB		 948 // Overwrite the dcerpc_state data in case of multiple complete queries in the
949 // same direction
950 if self.prev_dir == direction {
951 self.data_needed_for_dir = direction;
952 }
953
954 let buffer = match direction {
a866499b 955 Direction::ToServer => {
8036202c
SB		 956 if self.buffer_ts.len() + input_len > 1024 * 1024 {
957 SCLogDebug!("DCERPC TOSERVER stream: Buffer Overflow");
958 return AppLayerResult::err();
959 }
960 v = self.buffer_ts.split_off(0);
4c7f55e6 961 v.extend_from_slice(cur_i);
8036202c
SB		 962 v.as_slice()
963 }
a866499b 964 Direction::ToClient => {
8036202c
SB		 965 if self.buffer_tc.len() + input_len > 1024 * 1024 {
966 SCLogDebug!("DCERPC TOCLIENT stream: Buffer Overflow");
967 return AppLayerResult::err();
968 }
969 v = self.buffer_tc.split_off(0);
4c7f55e6 970 v.extend_from_slice(cur_i);
8036202c
SB		 971 v.as_slice()
972 }
973 };
974
975 if self.data_needed_for_dir != direction && buffer.len() != 0 {
976 return AppLayerResult::err();
977 }
978
979 // Set data_needed_for_dir in the same direction in case there is an issue with upcoming parsing
980 self.data_needed_for_dir = direction;
981
982 // Check if header data was complete. In case of EoF or incomplete data, wait for more
983 // data else return error
984 if self.bytes_consumed < DCERPC_HDR_LEN && input_len > 0 {
69cf5c9e 985 parsed = self.process_header(buffer);
8036202c
SB		 986 if parsed == -1 {
987 self.extend_buffer(buffer, direction);
988 return AppLayerResult::ok();
989 }
990 if parsed == -2 {
991 return AppLayerResult::err();
992 }
993 self.bytes_consumed += parsed as u16;
994 }
995
996 let fraglen = self.get_hdr_fraglen().unwrap_or(0);
997
6f03ee2e 998 if (buffer.len()) < fraglen as usize {
8036202c
SB		 999 SCLogDebug!("Possibly fragmented data, waiting for more..");
1000 self.extend_buffer(buffer, direction);
1001 return AppLayerResult::ok();
1002 } else {
1003 self.query_completed = true;
1004 }
8036202c
SB		 1005 parsed = self.bytes_consumed as i32;
1006
bab497ab
SB		 1007 let current_call_id = self.get_hdr_call_id().unwrap_or(0);
1008
8036202c
SB		 1009 match self.get_hdr_type() {
1010 Some(x) => match x {
1011 DCERPC_TYPE_BIND | DCERPC_TYPE_ALTER_CONTEXT => {
1012 retval = self.process_bind_pdu(&buffer[parsed as usize..]);
1013 if retval == -1 {
1014 return AppLayerResult::err();
1015 }
bab497ab 1016 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1017 }
1018 DCERPC_TYPE_BINDACK | DCERPC_TYPE_ALTER_CONTEXT_RESP => {
1019 retval = self.process_bindack_pdu(&buffer[parsed as usize..]);
1020 if retval == -1 {
1021 return AppLayerResult::err();
1022 }
a866499b 1023 let tx = if let Some(tx) = self.get_tx_by_call_id(current_call_id, Direction::ToClient) {
bab497ab
SB		 1024 tx.resp_cmd = x;
1025 tx
1026 } else {
1027 let mut tx = self.create_tx(current_call_id);
1028 tx.resp_cmd = x;
1029 self.transactions.push(tx);
1030 self.transactions.last_mut().unwrap()
1031 };
1032 tx.resp_done = true;
1033 tx.frag_cnt_tc = 1;
0ac5c537 1034 if let Some(flow) = self.flow {
a866499b 1035 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToClient as i32);
0ac5c537 1036 }
bab497ab 1037 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1038 }
1039 DCERPC_TYPE_REQUEST => {
1040 retval = self.process_request_pdu(&buffer[parsed as usize..]);
301454e9 1041 if retval < 0 {
8036202c
SB		 1042 return AppLayerResult::err();
1043 }
bab497ab
SB		 1044 // In case the response came first, the transaction would complete later when
1045 // the corresponding request also comes through
1046 self.handle_bind_cache(current_call_id, false);
8036202c
SB		 1047 }
1048 DCERPC_TYPE_RESPONSE => {
a866499b 1049 let transaction = self.get_tx_by_call_id(current_call_id, Direction::ToClient);
bab497ab 1050 match transaction {
f31372ad 1051 Some(tx) => {
bab497ab
SB		 1052 tx.resp_cmd = x;
1053 }
1054 None => {
1055 let mut tx = self.create_tx(current_call_id);
1056 tx.resp_cmd = x;
1057 self.transactions.push(tx);
1058 }
1059 };
8036202c
SB		 1060 retval = self.handle_common_stub(
1061 &buffer[parsed as usize..],
1062 0,
a866499b 1063 Direction::ToClient,
8036202c 1064 );
301454e9 1065 if retval < 0 {
8036202c
SB		 1066 return AppLayerResult::err();
1067 }
bab497ab 1068 self.handle_bind_cache(current_call_id, true);
8036202c
SB		 1069 }
1070 _ => {
4c7f55e6 1071 SCLogDebug!("Unrecognized packet type: {:?}", x);
8036202c
SB		 1072 self.clean_buffer(direction);
1073 return AppLayerResult::err();
1074 }
1075 },
1076 None => {
1077 return AppLayerResult::err();
1078 }
1079 }
1080 self.bytes_consumed += retval as u16;
1081
1082 // If the query has been completed, clean the buffer and reset the direction
1083 if self.query_completed == true {
1084 self.clean_buffer(direction);
1085 self.reset_direction(direction);
1086 }
4c7f55e6 1087 self.post_gap_housekeeping(direction);
8036202c
SB		 1088 self.prev_dir = direction;
1089 return AppLayerResult::ok();
1090 }
1091}
1092
1093fn evaluate_stub_params(
2033f386
IB		 1094 input: &[u8], input_len: u16, hdrflags: u8, lenleft: u16,
1095 stub_data_buffer: &mut Vec<u8>,stub_data_buffer_reset: &mut bool,
8036202c
SB		 1096) -> u16 {
1097 let stub_len: u16;
1098 let fragtype = hdrflags & (PFC_FIRST_FRAG | PFC_LAST_FRAG);
1099 stub_len = cmp::min(lenleft, input_len);
1100 if stub_len == 0 {
1101 return 0;
1102 }
1103 if stub_len == lenleft && (fragtype == 0 || (fragtype & PFC_LAST_FRAG > 0)) {
1104 *stub_data_buffer_reset = true;
1105 }
1106
1107 let input_slice = &input[..stub_len as usize];
69cf5c9e 1108 stub_data_buffer.extend_from_slice(input_slice);
8036202c
SB		 1109
1110 stub_len
1111}
1112
1113#[no_mangle]
1114pub extern "C" fn rs_parse_dcerpc_request_gap(
4c7f55e6
SB		 1115 state: &mut DCERPCState,
1116 _input_len: u32,
8036202c 1117) -> AppLayerResult {
a866499b 1118 state.parse_data_gap(Direction::ToServer)
8036202c
SB		 1119}
1120
1121#[no_mangle]
1122pub extern "C" fn rs_parse_dcerpc_response_gap(
4c7f55e6
SB		 1123 state: &mut DCERPCState,
1124 _input_len: u32,
8036202c 1125) -> AppLayerResult {
a866499b 1126 state.parse_data_gap(Direction::ToClient)
8036202c
SB		 1127}
1128
1129#[no_mangle]
363b5f99 1130pub unsafe extern "C" fn rs_dcerpc_parse_request(
a0a09a10
SB		 1131 flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
1132 input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, flags: u8,
8036202c 1133) -> AppLayerResult {
a0a09a10 1134 let state = cast_pointer!(state, DCERPCState);
9f9c29a1
VJ		 1135 SCLogDebug!("Handling request: input {:p} input_len {} flags {:x} EOF {}",
1136 input, input_len, flags, flags & core::STREAM_EOF != 0);
1137 if flags & core::STREAM_EOF != 0 && input_len == 0 {
1138 return AppLayerResult::ok();
1139 }
4c7f55e6
SB		 1140 /* START with MIDSTREAM set: record might be starting the middle. */
1141 if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) {
1142 state.ts_gap = true;
1143 }
922a453d 1144 if input_len > 0 && !input.is_null() {
8036202c 1145 let buf = build_slice!(input, input_len as usize);
0ac5c537 1146 state.flow = Some(flow);
a866499b 1147 return state.handle_input_data(buf, Direction::ToServer);
8036202c
SB		 1148 }
1149 AppLayerResult::err()
1150}
1151
1152#[no_mangle]
363b5f99 1153pub unsafe extern "C" fn rs_dcerpc_parse_response(
a0a09a10
SB		 1154 flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
1155 input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, flags: u8,
8036202c 1156) -> AppLayerResult {
a0a09a10 1157 let state = cast_pointer!(state, DCERPCState);
9f9c29a1
VJ		 1158 if flags & core::STREAM_EOF != 0 && input_len == 0 {
1159 return AppLayerResult::ok();
1160 }
4c7f55e6
SB		 1161 /* START with MIDSTREAM set: record might be starting the middle. */
1162 if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) {
1163 state.tc_gap = true;
1164 }
8036202c 1165 if input_len > 0 {
922a453d 1166 if !input.is_null() {
8036202c 1167 let buf = build_slice!(input, input_len as usize);
0ac5c537 1168 state.flow = Some(flow);
a866499b 1169 return state.handle_input_data(buf, Direction::ToClient);
8036202c
SB		 1170 }
1171 }
1172 AppLayerResult::err()
1173}
1174
1175#[no_mangle]
a0a09a10 1176pub extern "C" fn rs_dcerpc_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: core::AppProto) -> *mut std::os::raw::c_void {
8036202c
SB		 1177 let state = DCERPCState::new();
1178 let boxed = Box::new(state);
53413f2d 1179 return Box::into_raw(boxed) as *mut _;
8036202c
SB		 1180}
1181
1182#[no_mangle]
a0a09a10 1183pub extern "C" fn rs_dcerpc_state_free(state: *mut std::os::raw::c_void) {
53413f2d 1184 std::mem::drop(unsafe { Box::from_raw(state as *mut DCERPCState)} );
8036202c
SB		 1185}
1186
1187#[no_mangle]
363b5f99 1188pub unsafe extern "C" fn rs_dcerpc_state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) {
5d985c42
VJ		 1189 let dce_state = cast_pointer!(state, DCERPCState);
1190 SCLogDebug!("freeing tx {}", tx_id as u64);
1191 dce_state.free_tx(tx_id);
8036202c
SB		 1192}
1193
8b288663 1194#[no_mangle]
363b5f99 1195pub unsafe extern "C" fn rs_dcerpc_state_trunc(state: *mut std::os::raw::c_void, direction: u8) {
8b288663 1196 let dce_state = cast_pointer!(state, DCERPCState);
a866499b
SB		 1197 match direction.into() {
1198 Direction::ToServer => {
1199 dce_state.ts_ssn_trunc = true;
1200 for tx in &mut dce_state.transactions {
1201 tx.req_done = true;
1202 if let Some(flow) = dce_state.flow {
1203 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToServer as i32);
1204 }
0ac5c537 1205 }
a866499b 1206 SCLogDebug!("dce_state.ts_ssn_trunc = true; txs {}", dce_state.transactions.len());
8b288663 1207 }
a866499b
SB		 1208 Direction::ToClient => {
1209 dce_state.tc_ssn_trunc = true;
1210 for tx in &mut dce_state.transactions {
1211 tx.resp_done = true;
1212 if let Some(flow) = dce_state.flow {
1213 sc_app_layer_parser_trigger_raw_stream_reassembly(flow, Direction::ToClient as i32);
1214 }
0ac5c537 1215 }
a866499b 1216 SCLogDebug!("dce_state.tc_ssn_trunc = true; txs {}", dce_state.transactions.len());
8b288663 1217 }
8b288663
VJ		 1218 }
1219}
1220
8036202c 1221#[no_mangle]
363b5f99 1222pub unsafe extern "C" fn rs_dcerpc_get_tx(
2840a2e0 1223 vtx: *mut std::os::raw::c_void, tx_id: u64,
a0a09a10 1224) -> *mut std::os::raw::c_void {
bab497ab
SB		 1225 let dce_state = cast_pointer!(vtx, DCERPCState);
1226 match dce_state.get_tx(tx_id) {
53413f2d 1227 Some(tx) => tx as *const _ as *mut _,
bab497ab
SB		 1228 None => std::ptr::null_mut(),
1229 }
8036202c
SB		 1230}
1231
1232#[no_mangle]
363b5f99 1233pub unsafe extern "C" fn rs_dcerpc_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
bab497ab
SB		 1234 let dce_state = cast_pointer!(vtx, DCERPCState);
1235 dce_state.tx_id
8036202c
SB		 1236}
1237
1238#[no_mangle]
363b5f99 1239pub unsafe extern "C" fn rs_dcerpc_get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8
a0a09a10
SB		 1240 )-> std::os::raw::c_int {
1241 let tx = cast_pointer!(tx, DCERPCTransaction);
a866499b 1242 if direction == Direction::ToServer.into() && tx.req_done {
bab497ab
SB		 1243 SCLogDebug!("tx {} TOSERVER progress 1 => {:?}", tx.call_id, tx);
1244 return 1;
a866499b 1245 } else if direction == Direction::ToClient.into() && tx.resp_done {
bab497ab
SB		 1246 SCLogDebug!("tx {} TOCLIENT progress 1 => {:?}", tx.call_id, tx);
1247 return 1;
1248 }
1249 SCLogDebug!("tx {} direction {} progress 0", tx.call_id, direction);
1250 return 0;
8036202c
SB		 1251}
1252
8036202c 1253#[no_mangle]
363b5f99 1254pub unsafe extern "C" fn rs_dcerpc_get_tx_data(
3202d293
VJ		 1255 tx: *mut std::os::raw::c_void)
1256 -> *mut AppLayerTxData
1257{
bab497ab 1258 let tx = cast_pointer!(tx, DCERPCTransaction);
3202d293 1259 return &mut tx.tx_data;
8036202c
SB		 1260}
1261
1262#[no_mangle]
1263pub unsafe extern "C" fn rs_dcerpc_get_stub_data(
bab497ab 1264 tx: &mut DCERPCTransaction, buf: *mut *const u8, len: *mut u32, endianness: *mut u8, dir: u8,
8036202c 1265) {
a866499b
SB		 1266 match dir.into() {
1267 Direction::ToServer => {
2033f386 1268 *len = tx.stub_data_buffer_ts.len() as u32;
bab497ab
SB		 1269 *buf = tx.stub_data_buffer_ts.as_ptr();
1270 SCLogDebug!("DCERPC Request stub buffer: Setting buffer to: {:?}", *buf);
8036202c 1271 }
a866499b 1272 Direction::ToClient => {
2033f386 1273 *len = tx.stub_data_buffer_tc.len() as u32;
bab497ab
SB		 1274 *buf = tx.stub_data_buffer_tc.as_ptr();
1275 SCLogDebug!("DCERPC Response stub buffer: Setting buffer to: {:?}", *buf);
8036202c
SB		 1276 }
1277 }
bab497ab 1278 *endianness = tx.get_endianness();
8036202c
SB		 1279}
1280
3641f1b5
SB		 1281/// Probe input to see if it looks like DCERPC.
1282fn probe(input: &[u8]) -> (bool, bool) {
1283 match parser::parse_dcerpc_header(input) {
1284 Ok((_, hdr)) => {
1285 let is_request = hdr.hdrtype == 0x00;
c663ac6d
SB		 1286 let is_dcerpc = hdr.rpc_vers == 0x05 &&
1287 hdr.rpc_vers_minor == 0x00 &&
1288 hdr.packed_drep[0] & 0xee == 0 &&
1289 hdr.packed_drep[1] <= 3;
3641f1b5
SB		 1290 return (is_dcerpc, is_request);
1291 },
1292 Err(_) => (false, false),
1293 }
1294}
1295
363b5f99 1296pub unsafe extern "C" fn rs_dcerpc_probe_tcp(_f: *const core::Flow, direction: u8, input: *const u8,
dee972b8 1297 len: u32, rdir: *mut u8) -> AppProto
3641f1b5
SB		 1298{
1299 SCLogDebug!("Probing packet for DCERPC");
1300 if len == 0 {
1301 return core::ALPROTO_UNKNOWN;
1302 }
363b5f99 1303 let slice: &[u8] = std::slice::from_raw_parts(input as *mut u8, len as usize);
3641f1b5
SB		 1304 //is_incomplete is checked by caller
1305 let (is_dcerpc, is_request, ) = probe(slice);
1306 if is_dcerpc {
1307 let dir = if is_request {
a866499b 1308 Direction::ToServer
3641f1b5 1309 } else {
a866499b 1310 Direction::ToClient
3641f1b5 1311 };
a866499b
SB		 1312 if (direction & DIR_BOTH) != dir as u8 {
1313 *rdir = dir as u8;
3641f1b5 1314 }
363b5f99 1315 return ALPROTO_DCERPC;
bac69af7 1316 }
363b5f99 1317 return core::ALPROTO_FAILED;
bac69af7
SB		 1318}
1319
1320fn register_pattern_probe() -> i8 {
1321 unsafe {
1322 if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_DCERPC,
1323 b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
a866499b 1324 Direction::ToServer.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 {
bac69af7
SB		 1325 SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
1326 return -1;
1327 }
1328 if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP as u8, ALPROTO_DCERPC,
1329 b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
a866499b 1330 Direction::ToClient.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 {
bac69af7
SB		 1331 SCLogDebug!("TOCLIENT => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
1332 return -1;
1333 }
1334 }
1335
1336 0
1337}
1338
1339
1340// Parser name as a C style string.
1341pub const PARSER_NAME: &'static [u8] = b"dcerpc\0";
1342
1343#[no_mangle]
1344pub unsafe extern "C" fn rs_dcerpc_register_parser() {
bac69af7
SB		 1345 let parser = RustParser {
1346 name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
f4f6387a 1347 default_port: std::ptr::null(),
bac69af7
SB		 1348 ipproto: IPPROTO_TCP,
1349 probe_ts: None,
1350 probe_tc: None,
1351 min_depth: 0,
1352 max_depth: 16,
1353 state_new: rs_dcerpc_state_new,
1354 state_free: rs_dcerpc_state_free,
1355 tx_free: rs_dcerpc_state_transaction_free,
1356 parse_ts: rs_dcerpc_parse_request,
1357 parse_tc: rs_dcerpc_parse_response,
1358 get_tx_count: rs_dcerpc_get_tx_cnt,
1359 get_tx: rs_dcerpc_get_tx,
1360 tx_comp_st_ts: 1,
1361 tx_comp_st_tc: 1,
1362 tx_get_progress: rs_dcerpc_get_alstate_progress,
bac69af7
SB		 1363 get_eventinfo: None,
1364 get_eventinfo_byid : None,
1365 localstorage_new: None,
1366 localstorage_free: None,
1367 get_files: None,
1368 get_tx_iterator: None,
1369 get_tx_data: rs_dcerpc_get_tx_data,
1370 apply_tx_config: None,
1371 flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
1372 truncate: None,
1373 };
1374
1375 let ip_proto_str = CString::new("tcp").unwrap();
1376
1377 if AppLayerProtoDetectConfProtoDetectionEnabled(
1378 ip_proto_str.as_ptr(),
1379 parser.name,
1380 ) != 0
1381 {
1382 let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
1383 ALPROTO_DCERPC = alproto;
1384 if register_pattern_probe() < 0 {
1385 return;
1386 }
1387 if AppLayerParserConfParserEnabled(
1388 ip_proto_str.as_ptr(),
1389 parser.name,
1390 ) != 0
1391 {
1392 let _ = AppLayerRegisterParser(&parser, alproto);
1393 }
1394 SCLogDebug!("Rust DCERPC parser registered.");
1395 } else {
1396 SCLogDebug!("Protocol detector and parser disabled for DCERPC.");
3641f1b5 1397 }
3641f1b5
SB		 1398}
1399
8036202c
SB		 1400#[cfg(test)]
1401mod tests {
1402 use crate::applayer::AppLayerResult;
a866499b 1403 use crate::core::*;
8036202c
SB		 1404 use crate::dcerpc::dcerpc::DCERPCState;
1405 use std::cmp;
1406
1407 #[test]
1408 fn test_process_header() {
1409 let request: &[u8] = &[
1410 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1411 0x00, 0x00,
1412 ];
1413 let mut dcerpc_state = DCERPCState::new();
1414 assert_eq!(16, dcerpc_state.process_header(request));
1415 }
1416
1417 #[test]
1418 fn test_process_bind_pdu() {
2ce7d98a
SB		 1419 let header: &[u8] = &[
1420 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1421 0x00, 0x00,
1422 ];
8036202c
SB		 1423 let bind: &[u8] = &[
1424 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00,
1425 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f, 0xbf, 0x85,
1426 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1427 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1428 0x01, 0x00, 0x01, 0x00, 0x2c, 0x75, 0xce, 0x7e, 0x82, 0x3b, 0x06, 0xac, 0x1b, 0xf0,
1429 0xf5, 0xb7, 0xa7, 0xf7, 0x28, 0xaf, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1430 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1431 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xe3, 0xb2, 0x10, 0xd1, 0xd0, 0x0c, 0xcc, 0x3d,
1432 0x2f, 0x80, 0x20, 0x7c, 0xef, 0xe7, 0x09, 0xe0, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1433 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1434 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xde, 0x85, 0x70, 0xc4, 0x02, 0x7c,
1435 0x60, 0x23, 0x67, 0x0c, 0x22, 0xbf, 0x18, 0x36, 0x79, 0x17, 0x01, 0x00, 0x02, 0x00,
1436 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1437 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x41, 0x65, 0x29, 0x51,
1438 0xaa, 0xe7, 0x7b, 0xa8, 0xf2, 0x37, 0x0b, 0xd0, 0x3f, 0xb3, 0x36, 0xed, 0x05, 0x00,
1439 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1440 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00, 0x14, 0x96,
1441 0x80, 0x01, 0x2e, 0x78, 0xfb, 0x5d, 0xb4, 0x3c, 0x14, 0xb3, 0x3d, 0xaa, 0x02, 0xfb,
1442 0x06, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1443 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00,
1444 0x3b, 0x04, 0x68, 0x3e, 0x63, 0xfe, 0x9f, 0xd8, 0x64, 0x55, 0xcd, 0xe7, 0x39, 0xaf,
1445 0x98, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1446 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x07, 0x00,
1447 0x01, 0x00, 0x16, 0x7a, 0x4f, 0x1b, 0xdb, 0x25, 0x92, 0x55, 0xdd, 0xae, 0x9e, 0x5b,
1448 0x3e, 0x93, 0x66, 0x93, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1449 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1450 0x08, 0x00, 0x01, 0x00, 0xe8, 0xa4, 0x8a, 0xcf, 0x95, 0x6c, 0xc7, 0x8f, 0x14, 0xcc,
1451 0x56, 0xfc, 0x7b, 0x5f, 0x4f, 0xe8, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1452 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1453 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xd8, 0xda, 0xfb, 0xbc, 0xa2, 0x55, 0x6f, 0x5d,
1454 0xc0, 0x2d, 0x88, 0x6f, 0x00, 0x17, 0x52, 0x8d, 0x06, 0x00, 0x03, 0x00, 0x04, 0x5d,
1455 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1456 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x3f, 0x17, 0x55, 0x0c, 0xf4, 0x23,
1457 0x3c, 0xca, 0xe6, 0xa0, 0xaa, 0xcc, 0xb5, 0xe3, 0xf9, 0xce, 0x04, 0x00, 0x00, 0x00,
1458 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1459 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x6a, 0x28, 0x19, 0x39,
1460 0x0c, 0xb1, 0xd0, 0x11, 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5, 0x00, 0x00,
1461 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1462 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00, 0xc9, 0x9f,
1463 0x3e, 0x6e, 0x82, 0x0a, 0x2b, 0x28, 0x37, 0x78, 0xe1, 0x13, 0x70, 0x05, 0x38, 0x4d,
1464 0x01, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1465 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x01, 0x00,
1466 0x11, 0xaa, 0x4b, 0x15, 0xdf, 0xa6, 0x86, 0x3f, 0xfb, 0xe0, 0x09, 0xb7, 0xf8, 0x56,
1467 0xd2, 0x3f, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1468 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0e, 0x00,
1469 0x01, 0x00, 0xee, 0x99, 0xc4, 0x25, 0x11, 0xe4, 0x95, 0x62, 0x29, 0xfa, 0xfd, 0x26,
1470 0x57, 0x02, 0xf1, 0xce, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1471 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1472 0x0f, 0x00, 0x01, 0x00, 0xba, 0x81, 0x9e, 0x1a, 0xdf, 0x2b, 0xba, 0xe4, 0xd3, 0x17,
1473 0x41, 0x60, 0x6d, 0x2d, 0x9e, 0x28, 0x03, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1474 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1475 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0xa0, 0x24, 0x03, 0x9a, 0xa9, 0x99, 0xfb, 0xbe,
1476 0x49, 0x11, 0xad, 0x77, 0x30, 0xaa, 0xbc, 0xb6, 0x02, 0x00, 0x03, 0x00, 0x04, 0x5d,
1477 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1478 0x02, 0x00, 0x00, 0x00, 0x11, 0x00, 0x01, 0x00, 0x32, 0x04, 0x7e, 0xae, 0xec, 0x28,
1479 0xd1, 0x55, 0x83, 0x4e, 0xc3, 0x47, 0x5d, 0x1d, 0xc6, 0x65, 0x02, 0x00, 0x03, 0x00,
1480 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1481 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x00, 0xc6, 0xa4, 0x81, 0x48,
1482 0x66, 0x2a, 0x74, 0x7d, 0x56, 0x6e, 0xc5, 0x1d, 0x19, 0xf2, 0xb5, 0xb6, 0x03, 0x00,
1483 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1484 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x00, 0xcb, 0xae,
1485 0xb3, 0xc0, 0x0c, 0xf4, 0xa4, 0x5e, 0x91, 0x72, 0xdd, 0x53, 0x24, 0x70, 0x89, 0x02,
1486 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1487 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00, 0x01, 0x00,
1488 0xb8, 0xd0, 0xa0, 0x1a, 0x5e, 0x7a, 0x2d, 0xfe, 0x35, 0xc6, 0x7d, 0x08, 0x0d, 0x33,
1489 0x73, 0x18, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1490 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x15, 0x00,
1491 0x01, 0x00, 0x21, 0xd3, 0xaa, 0x09, 0x03, 0xa7, 0x0b, 0xc2, 0x06, 0x45, 0xd9, 0x6c,
1492 0x75, 0xc2, 0x15, 0xa8, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1493 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1494 0x16, 0x00, 0x01, 0x00, 0xe1, 0xbd, 0x59, 0xfc, 0xbc, 0xa9, 0x95, 0xc2, 0x68, 0x79,
1495 0xf3, 0x75, 0xe0, 0xae, 0x6c, 0xe5, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1496 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1497 0x00, 0x00, 0x17, 0x00, 0x01, 0x00, 0x06, 0x52, 0xb4, 0x71, 0x70, 0x15, 0x4e, 0xf5,
1498 0x7f, 0x08, 0x86, 0x14, 0xe6, 0x17, 0xd5, 0x97, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1499 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1500 0x02, 0x00, 0x00, 0x00,
1501 ];
1502 let mut dcerpc_state = DCERPCState::new();
2ce7d98a 1503 assert_eq!(16, dcerpc_state.process_header(header));
8036202c
SB		 1504 assert_eq!(1068, dcerpc_state.process_bind_pdu(bind));
1505 }
1506
1507 #[test]
1508 fn test_handle_bindctxitem() {
2ce7d98a
SB		 1509 let header: &[u8] = &[
1510 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1511 0x00, 0x00,
1512 ];
8036202c
SB		 1513 let bind: &[u8] = &[
1514 0x00, 0x00, 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f,
1515 0xbf, 0x85, 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1516 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1517 0x00, 0x00,
1518 ];
1519 let mut dcerpc_state = DCERPCState::new();
2ce7d98a 1520 assert_eq!(16, dcerpc_state.process_header(header));
8036202c
SB		 1521 assert_eq!(44, dcerpc_state.handle_bindctxitem(bind, 0));
1522 }
1523
1524 #[test]
1525 fn test_process_bindack_pdu() {
1526 let bind: &[u8] = &[
1527 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x3c, 0x04, 0x00, 0x00, 0x00, 0x00,
1528 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
1529 0x00, 0x00, 0x01, 0x00, 0x2c, 0xd0, 0x28, 0xda, 0x76, 0x91, 0xf6, 0x6e, 0xcb, 0x0f,
1530 0xbf, 0x85, 0xcd, 0x9b, 0xf6, 0x39, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1531 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1532 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x2c, 0x75, 0xce, 0x7e, 0x82, 0x3b, 0x06, 0xac,
1533 0x1b, 0xf0, 0xf5, 0xb7, 0xa7, 0xf7, 0x28, 0xaf, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d,
1534 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1535 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xe3, 0xb2, 0x10, 0xd1, 0xd0, 0x0c,
1536 0xcc, 0x3d, 0x2f, 0x80, 0x20, 0x7c, 0xef, 0xe7, 0x09, 0xe0, 0x04, 0x00, 0x00, 0x00,
1537 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1538 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xde, 0x85, 0x70, 0xc4,
1539 0x02, 0x7c, 0x60, 0x23, 0x67, 0x0c, 0x22, 0xbf, 0x18, 0x36, 0x79, 0x17, 0x01, 0x00,
1540 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1541 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x41, 0x65,
1542 0x29, 0x51, 0xaa, 0xe7, 0x7b, 0xa8, 0xf2, 0x37, 0x0b, 0xd0, 0x3f, 0xb3, 0x36, 0xed,
1543 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1544 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
1545 0x14, 0x96, 0x80, 0x01, 0x2e, 0x78, 0xfb, 0x5d, 0xb4, 0x3c, 0x14, 0xb3, 0x3d, 0xaa,
1546 0x02, 0xfb, 0x06, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1547 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
1548 0x01, 0x00, 0x3b, 0x04, 0x68, 0x3e, 0x63, 0xfe, 0x9f, 0xd8, 0x64, 0x55, 0xcd, 0xe7,
1549 0x39, 0xaf, 0x98, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1550 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1551 0x07, 0x00, 0x01, 0x00, 0x16, 0x7a, 0x4f, 0x1b, 0xdb, 0x25, 0x92, 0x55, 0xdd, 0xae,
1552 0x9e, 0x5b, 0x3e, 0x93, 0x66, 0x93, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1553 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1554 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0xe8, 0xa4, 0x8a, 0xcf, 0x95, 0x6c, 0xc7, 0x8f,
1555 0x14, 0xcc, 0x56, 0xfc, 0x7b, 0x5f, 0x4f, 0xe8, 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d,
1556 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1557 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xd8, 0xda, 0xfb, 0xbc, 0xa2, 0x55,
1558 0x6f, 0x5d, 0xc0, 0x2d, 0x88, 0x6f, 0x00, 0x17, 0x52, 0x8d, 0x06, 0x00, 0x03, 0x00,
1559 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1560 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x3f, 0x17, 0x55, 0x0c,
1561 0xf4, 0x23, 0x3c, 0xca, 0xe6, 0xa0, 0xaa, 0xcc, 0xb5, 0xe3, 0xf9, 0xce, 0x04, 0x00,
1562 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1563 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x6a, 0x28,
1564 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11, 0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
1565 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1566 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
1567 0xc9, 0x9f, 0x3e, 0x6e, 0x82, 0x0a, 0x2b, 0x28, 0x37, 0x78, 0xe1, 0x13, 0x70, 0x05,
1568 0x38, 0x4d, 0x01, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1569 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
1570 0x01, 0x00, 0x11, 0xaa, 0x4b, 0x15, 0xdf, 0xa6, 0x86, 0x3f, 0xfb, 0xe0, 0x09, 0xb7,
1571 0xf8, 0x56, 0xd2, 0x3f, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1572 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1573 0x0e, 0x00, 0x01, 0x00, 0xee, 0x99, 0xc4, 0x25, 0x11, 0xe4, 0x95, 0x62, 0x29, 0xfa,
1574 0xfd, 0x26, 0x57, 0x02, 0xf1, 0xce, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1575 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1576 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xba, 0x81, 0x9e, 0x1a, 0xdf, 0x2b, 0xba, 0xe4,
1577 0xd3, 0x17, 0x41, 0x60, 0x6d, 0x2d, 0x9e, 0x28, 0x03, 0x00, 0x03, 0x00, 0x04, 0x5d,
1578 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1579 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0xa0, 0x24, 0x03, 0x9a, 0xa9, 0x99,
1580 0xfb, 0xbe, 0x49, 0x11, 0xad, 0x77, 0x30, 0xaa, 0xbc, 0xb6, 0x02, 0x00, 0x03, 0x00,
1581 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1582 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x11, 0x00, 0x01, 0x00, 0x32, 0x04, 0x7e, 0xae,
1583 0xec, 0x28, 0xd1, 0x55, 0x83, 0x4e, 0xc3, 0x47, 0x5d, 0x1d, 0xc6, 0x65, 0x02, 0x00,
1584 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1585 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x12, 0x00, 0x01, 0x00, 0xc6, 0xa4,
1586 0x81, 0x48, 0x66, 0x2a, 0x74, 0x7d, 0x56, 0x6e, 0xc5, 0x1d, 0x19, 0xf2, 0xb5, 0xb6,
1587 0x03, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1588 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x13, 0x00, 0x01, 0x00,
1589 0xcb, 0xae, 0xb3, 0xc0, 0x0c, 0xf4, 0xa4, 0x5e, 0x91, 0x72, 0xdd, 0x53, 0x24, 0x70,
1590 0x89, 0x02, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1591 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00,
1592 0x01, 0x00, 0xb8, 0xd0, 0xa0, 0x1a, 0x5e, 0x7a, 0x2d, 0xfe, 0x35, 0xc6, 0x7d, 0x08,
1593 0x0d, 0x33, 0x73, 0x18, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1594 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1595 0x15, 0x00, 0x01, 0x00, 0x21, 0xd3, 0xaa, 0x09, 0x03, 0xa7, 0x0b, 0xc2, 0x06, 0x45,
1596 0xd9, 0x6c, 0x75, 0xc2, 0x15, 0xa8, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1597 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1598 0x00, 0x00, 0x16, 0x00, 0x01, 0x00, 0xe1, 0xbd, 0x59, 0xfc, 0xbc, 0xa9, 0x95, 0xc2,
1599 0x68, 0x79, 0xf3, 0x75, 0xe0, 0xae, 0x6c, 0xe5, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d,
1600 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1601 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x01, 0x00, 0x06, 0x52, 0xb4, 0x71, 0x70, 0x15,
1602 0x4e, 0xf5, 0x7f, 0x08, 0x86, 0x14, 0xe6, 0x17, 0xd5, 0x97, 0x04, 0x00, 0x00, 0x00,
1603 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1604 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1605 ];
1606 let bindack: &[u8] = &[
1607 0xb8, 0x10, 0xb8, 0x10, 0xce, 0x47, 0x00, 0x00, 0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50,
1608 0x45, 0x5c, 0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0xf6, 0x6e, 0x18, 0x00, 0x00, 0x00,
1609 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1610 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1611 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1612 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1613 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1614 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1615 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
1616 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1617 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1618 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1619 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1620 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1621 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1622 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1623 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1624 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1625 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1626 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1627 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1628 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1629 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1630 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1631 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1632 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1633 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1634 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1635 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1636 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1637 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1638 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1639 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
1640 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1641 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
1642 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1643 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1644 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1645 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1646 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
1647 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1648 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1649 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1650 0x00, 0x00,
1651 ];
1652 let mut dcerpc_state = DCERPCState::new();
1653 assert_eq!(16, dcerpc_state.process_header(bind));
1654 assert_eq!(1068, dcerpc_state.process_bind_pdu(&bind[16..]));
1655 assert_eq!(604, dcerpc_state.process_bindack_pdu(bindack));
1656 if let Some(back) = dcerpc_state.bindack {
1657 assert_eq!(1, back.accepted_uuid_list.len());
1658 assert_eq!(
1659 vec!(57, 25, 40, 106, 177, 12, 17, 208, 155, 168, 0, 192, 79, 217, 46, 245),
1660 back.accepted_uuid_list[0].uuid
1661 );
1662 assert_eq!(11, back.accepted_uuid_list[0].internal_id);
1663 }
1664 }
1665
1666 #[test]
1667 pub fn test_process_request_pdu() {
1668 let request: &[u8] = &[
1669 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1670 0x00, 0x00, 0xe8, 0x03, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x45, 0x00, 0x2c, 0x00,
1671 0x4d, 0x00, 0x73, 0x00, 0x53, 0x00, 0x59, 0x00, 0x2a, 0x00, 0x4a, 0x00, 0x7a, 0x00,
1672 0x3e, 0x00, 0x58, 0x00, 0x21, 0x00, 0x4a, 0x00, 0x30, 0x00, 0x41, 0x00, 0x4b, 0x00,
1673 0x4b, 0x00, 0x3c, 0x00, 0x48, 0x00, 0x24, 0x00, 0x38, 0x00, 0x54, 0x00, 0x60, 0x00,
1674 0x2d, 0x00, 0x29, 0x00, 0x64, 0x00, 0x5b, 0x00, 0x77, 0x00, 0x3a, 0x00, 0x4c, 0x00,
1675 0x24, 0x00, 0x23, 0x00, 0x66, 0x00, 0x43, 0x00, 0x68, 0x00, 0x22, 0x00, 0x55, 0x00,
1676 0x29, 0x00, 0x2c, 0x00, 0x4f, 0x00, 0x5a, 0x00, 0x50, 0x00, 0x61, 0x00, 0x2a, 0x00,
1677 0x6f, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x68, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x67, 0x00,
1678 0x68, 0x00, 0x68, 0x00, 0x49, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x72, 0x00, 0x53, 0x00,
1679 0x4c, 0x00, 0x25, 0x00, 0x4d, 0x00, 0x67, 0x00, 0x2e, 0x00, 0x4f, 0x00, 0x64, 0x00,
1680 0x61, 0x00, 0x73, 0x00, 0x24, 0x00, 0x46, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x45, 0x00,
1681 0x6f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x33, 0x00, 0x38, 0x00, 0x47, 0x00, 0x71, 0x00,
1682 0x5a, 0x00, 0x37, 0x00, 0x7a, 0x00, 0x35, 0x00, 0x6b, 0x00, 0x3c, 0x00, 0x26, 0x00,
1683 0x37, 0x00, 0x69, 0x00, 0x75, 0x00, 0x36, 0x00, 0x37, 0x00, 0x47, 0x00, 0x21, 0x00,
1684 0x2d, 0x00, 0x69, 0x00, 0x37, 0x00, 0x78, 0x00, 0x5f, 0x00, 0x72, 0x00, 0x4b, 0x00,
1685 0x5c, 0x00, 0x74, 0x00, 0x3e, 0x00, 0x52, 0x00, 0x7a, 0x00, 0x49, 0x00, 0x31, 0x00,
1686 0x5a, 0x00, 0x7b, 0x00, 0x29, 0x00, 0x3b, 0x00, 0x78, 0x00, 0x3b, 0x00, 0x55, 0x00,
1687 0x3e, 0x00, 0x35, 0x00, 0x2b, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x59, 0x00, 0x38, 0x00,
1688 0x2a, 0x00, 0x59, 0x00, 0x6b, 0x00, 0x42, 0x00, 0x4c, 0x00, 0x3e, 0x00, 0x6a, 0x00,
1689 0x49, 0x00, 0x2c, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x35, 0x00, 0x4f, 0x00, 0x49, 0x00,
1690 0x55, 0x00, 0x35, 0x00, 0x61, 0x00, 0x72, 0x00, 0x77, 0x00, 0x38, 0x00, 0x32, 0x00,
1691 0x24, 0x00, 0x46, 0x00, 0x32, 0x00, 0x32, 0x00, 0x27, 0x00, 0x64, 0x00, 0x5a, 0x00,
1692 0x77, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x77, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x63, 0x00,
1693 0x4f, 0x00, 0x67, 0x00, 0x64, 0x00, 0x39, 0x00, 0x37, 0x00, 0x31, 0x00, 0x30, 0x00,
1694 0x28, 0x00, 0x2e, 0x00, 0x6f, 0x00, 0x3e, 0x00, 0x59, 0x00, 0x28, 0x00, 0x67, 0x00,
1695 0x52, 0x00, 0x35, 0x00, 0x5a, 0x00, 0x7c, 0x00, 0x56, 0x00, 0x6a, 0x00, 0x5c, 0x00,
1696 0x3c, 0x00, 0x30, 0x00, 0x59, 0x00, 0x5c, 0x00, 0x5e, 0x00, 0x38, 0x00, 0x54, 0x00,
1697 0x5c, 0x00, 0x5b, 0x00, 0x42, 0x00, 0x62, 0x00, 0x70, 0x00, 0x34, 0x00, 0x5c, 0x00,
1698 0x57, 0x00, 0x7a, 0x00, 0x4b, 0x00, 0x2f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x4f, 0x00,
1699 0x41, 0x00, 0x33, 0x00, 0x52, 0x00, 0x36, 0x00, 0x27, 0x00, 0x30, 0x00, 0x6d, 0x00,
1700 0x4a, 0x00, 0x30, 0x00, 0x78, 0x00, 0x46, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x29, 0x00,
1701 0x66, 0x00, 0x3f, 0x00, 0x72, 0x00, 0x71, 0x00, 0x75, 0x00, 0x4c, 0x00, 0x2b, 0x00,
1702 0x5c, 0x00, 0x46, 0x00, 0x52, 0x00, 0x7b, 0x00, 0x5c, 0x00, 0x69, 0x00, 0x66, 0x00,
1703 0x56, 0x00, 0x31, 0x00, 0x2d, 0x00, 0x72, 0x00, 0x61, 0x00, 0x68, 0x00, 0x28, 0x00,
1704 0x7d, 0x00, 0x58, 0x00, 0x2a, 0x00, 0x7b, 0x00, 0x28, 0x00, 0x5b, 0x00, 0x54, 0x00,
1705 0x3a, 0x00, 0x26, 0x00, 0x52, 0x00, 0x44, 0x00, 0x60, 0x00, 0x50, 0x00, 0x65, 0x00,
1706 0x48, 0x00, 0x7d, 0x00, 0x2a, 0x00, 0x74, 0x00, 0x49, 0x00, 0x7b, 0x00, 0x21, 0x00,
1707 0x61, 0x00, 0x52, 0x00, 0x43, 0x00, 0x5f, 0x00, 0x5a, 0x00, 0x74, 0x00, 0x5c, 0x00,
1708 0x62, 0x00, 0x68, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x2b, 0x00, 0x6f, 0x00, 0x7c, 0x00,
1709 0x42, 0x00, 0x67, 0x00, 0x32, 0x00, 0x58, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2f, 0x00,
1710 0x2d, 0x00, 0x60, 0x00, 0x62, 0x00, 0x51, 0x00, 0x2a, 0x00, 0x30, 0x00, 0x31, 0x00,
1711 0x48, 0x00, 0x5b, 0x00, 0x5b, 0x00, 0x5d, 0x00, 0x25, 0x00, 0x58, 0x00, 0x4a, 0x00,
1712 0x76, 0x00, 0x32, 0x00, 0x62, 0x00, 0x27, 0x00, 0x42, 0x00, 0x40, 0x00, 0x53, 0x00,
1713 0x7c, 0x00, 0x7d, 0x00, 0x50, 0x00, 0x3d, 0x00, 0x40, 0x00, 0x76, 0x00, 0x38, 0x00,
1714 0x58, 0x00, 0x39, 0x00, 0x63, 0x00, 0x3c, 0x00, 0x5b, 0x00, 0x23, 0x00, 0x53, 0x00,
1715 0x7a, 0x00, 0x54, 0x00, 0x74, 0x00, 0x61, 0x00, 0x76, 0x00, 0x4a, 0x00, 0x3e, 0x00,
1716 0x33, 0x00, 0x75, 0x00, 0x66, 0x00, 0x2d, 0x00, 0x48, 0x00, 0x33, 0x00, 0x71, 0x00,
1717 0x76, 0x00, 0x48, 0x00, 0x71, 0x00, 0x41, 0x00, 0x6f, 0x00, 0x2a, 0x00, 0x67, 0x00,
1718 0x70, 0x00, 0x21, 0x00, 0x70, 0x00, 0x4b, 0x00, 0x52, 0x00, 0x58, 0x00, 0x68, 0x00,
1719 0x23, 0x00, 0x39, 0x00, 0x46, 0x00, 0x4d, 0x00, 0x51, 0x00, 0x57, 0x00, 0x3a, 0x00,
1720 0x79, 0x00, 0x7b, 0x00, 0x6c, 0x00, 0x55, 0x00, 0x33, 0x00, 0x65, 0x00, 0x49, 0x00,
1721 0x72, 0x00, 0x30, 0x00, 0x4f, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x31, 0x00, 0x4a, 0x00,
1722 0x60, 0x00, 0x79, 0x00, 0x70, 0x00, 0x4f, 0x00, 0x58, 0x00, 0x75, 0x00, 0x44, 0x00,
1723 0x59, 0x00, 0x58, 0x00, 0x46, 0x00, 0x3d, 0x00, 0x46, 0x00, 0x74, 0x00, 0x51, 0x00,
1724 0x57, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x23, 0x00, 0x45, 0x00, 0x60, 0x00,
1725 0x4c, 0x00, 0x72, 0x00, 0x4e, 0x00, 0x74, 0x00, 0x40, 0x00, 0x76, 0x00, 0x75, 0x00,
1726 0x74, 0x00, 0x56, 0x00, 0x44, 0x00, 0x29, 0x00, 0x62, 0x00, 0x58, 0x00, 0x31, 0x00,
1727 0x78, 0x00, 0x32, 0x00, 0x52, 0x00, 0x4a, 0x00, 0x6b, 0x00, 0x55, 0x00, 0x72, 0x00,
1728 0x6f, 0x00, 0x6f, 0x00, 0x4a, 0x00, 0x54, 0x00, 0x7d, 0x00, 0x68, 0x00, 0x3f, 0x00,
1729 0x28, 0x00, 0x21, 0x00, 0x53, 0x00, 0x48, 0x00, 0x5a, 0x00, 0x34, 0x00, 0x36, 0x00,
1730 0x35, 0x00, 0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x69, 0x00, 0x23, 0x00, 0x75, 0x00,
1731 0x55, 0x00, 0x43, 0x00, 0x75, 0x00, 0x2f, 0x00, 0x73, 0x00, 0x62, 0x00, 0x6f, 0x00,
1732 0x37, 0x00, 0x4e, 0x00, 0x25, 0x00, 0x25, 0x00, 0x21, 0x00, 0x3d, 0x00, 0x3c, 0x00,
1733 0x71, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x30, 0x00, 0x36, 0x00, 0x62, 0x00, 0x63, 0x00,
1734 0x53, 0x00, 0x54, 0x00, 0x5d, 0x00, 0x61, 0x00, 0x4c, 0x00, 0x28, 0x00, 0x2b, 0x00,
1735 0x4c, 0x00, 0x4e, 0x00, 0x66, 0x00, 0x5f, 0x00, 0x4b, 0x00, 0x43, 0x00, 0x75, 0x00,
1736 0x45, 0x00, 0x37, 0x00, 0x28, 0x00, 0x56, 0x00, 0x36, 0x00, 0x6a, 0x00, 0x3e, 0x00,
1737 0x64, 0x00, 0x34, 0x00, 0x6a, 0x00, 0x7d, 0x00, 0x4a, 0x00, 0x66, 0x00, 0x7a, 0x00,
1738 0x3e, 0x00, 0x75, 0x00, 0x38, 0x00, 0x7b, 0x00, 0x42, 0x00, 0x76, 0x00, 0x29, 0x00,
1739 0x4c, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x2b, 0x00, 0x51, 0x00,
1740 0x47, 0x00, 0x22, 0x00, 0x48, 0x00, 0x3d, 0x00, 0x49, 0x00, 0x44, 0x00, 0x5d, 0x00,
1741 0x59, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x24, 0x00, 0x35, 0x00, 0x34, 0x00, 0x70, 0x00,
1742 0x69, 0x00,
1743 ];
1744 let mut dcerpc_state = DCERPCState::new();
69cf5c9e 1745 assert_eq!(16, dcerpc_state.process_header(request));
8036202c
SB		 1746 assert_eq!(1008, dcerpc_state.process_request_pdu(&request[16..]));
1747 }
1748
1749 #[test]
1750 pub fn test_parse_dcerpc() {
1751 let request: &[u8] = &[
1752 0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
1753 0x00, 0x00, 0xe8, 0x03, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x45, 0x00, 0x2c, 0x00,
1754 0x4d, 0x00, 0x73, 0x00, 0x53, 0x00, 0x59, 0x00, 0x2a, 0x00, 0x4a, 0x00, 0x7a, 0x00,
1755 0x3e, 0x00, 0x58, 0x00, 0x21, 0x00, 0x4a, 0x00, 0x30, 0x00, 0x41, 0x00, 0x4b, 0x00,
1756 0x4b, 0x00, 0x3c, 0x00, 0x48, 0x00, 0x24, 0x00, 0x38, 0x00, 0x54, 0x00, 0x60, 0x00,
1757 0x2d, 0x00, 0x29, 0x00, 0x64, 0x00, 0x5b, 0x00, 0x77, 0x00, 0x3a, 0x00, 0x4c, 0x00,
1758 0x24, 0x00, 0x23, 0x00, 0x66, 0x00, 0x43, 0x00, 0x68, 0x00, 0x22, 0x00, 0x55, 0x00,
1759 0x29, 0x00, 0x2c, 0x00, 0x4f, 0x00, 0x5a, 0x00, 0x50, 0x00, 0x61, 0x00, 0x2a, 0x00,
1760 0x6f, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x68, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x67, 0x00,
1761 0x68, 0x00, 0x68, 0x00, 0x49, 0x00, 0x45, 0x00, 0x4c, 0x00, 0x72, 0x00, 0x53, 0x00,
1762 0x4c, 0x00, 0x25, 0x00, 0x4d, 0x00, 0x67, 0x00, 0x2e, 0x00, 0x4f, 0x00, 0x64, 0x00,
1763 0x61, 0x00, 0x73, 0x00, 0x24, 0x00, 0x46, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x45, 0x00,
1764 0x6f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x33, 0x00, 0x38, 0x00, 0x47, 0x00, 0x71, 0x00,
1765 0x5a, 0x00, 0x37, 0x00, 0x7a, 0x00, 0x35, 0x00, 0x6b, 0x00, 0x3c, 0x00, 0x26, 0x00,
1766 0x37, 0x00, 0x69, 0x00, 0x75, 0x00, 0x36, 0x00, 0x37, 0x00, 0x47, 0x00, 0x21, 0x00,
1767 0x2d, 0x00, 0x69, 0x00, 0x37, 0x00, 0x78, 0x00, 0x5f, 0x00, 0x72, 0x00, 0x4b, 0x00,
1768 0x5c, 0x00, 0x74, 0x00, 0x3e, 0x00, 0x52, 0x00, 0x7a, 0x00, 0x49, 0x00, 0x31, 0x00,
1769 0x5a, 0x00, 0x7b, 0x00, 0x29, 0x00, 0x3b, 0x00, 0x78, 0x00, 0x3b, 0x00, 0x55, 0x00,
1770 0x3e, 0x00, 0x35, 0x00, 0x2b, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x59, 0x00, 0x38, 0x00,
1771 0x2a, 0x00, 0x59, 0x00, 0x6b, 0x00, 0x42, 0x00, 0x4c, 0x00, 0x3e, 0x00, 0x6a, 0x00,
1772 0x49, 0x00, 0x2c, 0x00, 0x79, 0x00, 0x6e, 0x00, 0x35, 0x00, 0x4f, 0x00, 0x49, 0x00,
1773 0x55, 0x00, 0x35, 0x00, 0x61, 0x00, 0x72, 0x00, 0x77, 0x00, 0x38, 0x00, 0x32, 0x00,
1774 0x24, 0x00, 0x46, 0x00, 0x32, 0x00, 0x32, 0x00, 0x27, 0x00, 0x64, 0x00, 0x5a, 0x00,
1775 0x77, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x77, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x63, 0x00,
1776 0x4f, 0x00, 0x67, 0x00, 0x64, 0x00, 0x39, 0x00, 0x37, 0x00, 0x31, 0x00, 0x30, 0x00,
1777 0x28, 0x00, 0x2e, 0x00, 0x6f, 0x00, 0x3e, 0x00, 0x59, 0x00, 0x28, 0x00, 0x67, 0x00,
1778 0x52, 0x00, 0x35, 0x00, 0x5a, 0x00, 0x7c, 0x00, 0x56, 0x00, 0x6a, 0x00, 0x5c, 0x00,
1779 0x3c, 0x00, 0x30, 0x00, 0x59, 0x00, 0x5c, 0x00, 0x5e, 0x00, 0x38, 0x00, 0x54, 0x00,
1780 0x5c, 0x00, 0x5b, 0x00, 0x42, 0x00, 0x62, 0x00, 0x70, 0x00, 0x34, 0x00, 0x5c, 0x00,
1781 0x57, 0x00, 0x7a, 0x00, 0x4b, 0x00, 0x2f, 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x4f, 0x00,
1782 0x41, 0x00, 0x33, 0x00, 0x52, 0x00, 0x36, 0x00, 0x27, 0x00, 0x30, 0x00, 0x6d, 0x00,
1783 0x4a, 0x00, 0x30, 0x00, 0x78, 0x00, 0x46, 0x00, 0x65, 0x00, 0x4e, 0x00, 0x29, 0x00,
1784 0x66, 0x00, 0x3f, 0x00, 0x72, 0x00, 0x71, 0x00, 0x75, 0x00, 0x4c, 0x00, 0x2b, 0x00,
1785 0x5c, 0x00, 0x46, 0x00, 0x52, 0x00, 0x7b, 0x00, 0x5c, 0x00, 0x69, 0x00, 0x66, 0x00,
1786 0x56, 0x00, 0x31, 0x00, 0x2d, 0x00, 0x72, 0x00, 0x61, 0x00, 0x68, 0x00, 0x28, 0x00,
1787 0x7d, 0x00, 0x58, 0x00, 0x2a, 0x00, 0x7b, 0x00, 0x28, 0x00, 0x5b, 0x00, 0x54, 0x00,
1788 0x3a, 0x00, 0x26, 0x00, 0x52, 0x00, 0x44, 0x00, 0x60, 0x00, 0x50, 0x00, 0x65, 0x00,
1789 0x48, 0x00, 0x7d, 0x00, 0x2a, 0x00, 0x74, 0x00, 0x49, 0x00, 0x7b, 0x00, 0x21, 0x00,
1790 0x61, 0x00, 0x52, 0x00, 0x43, 0x00, 0x5f, 0x00, 0x5a, 0x00, 0x74, 0x00, 0x5c, 0x00,
1791 0x62, 0x00, 0x68, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x2b, 0x00, 0x6f, 0x00, 0x7c, 0x00,
1792 0x42, 0x00, 0x67, 0x00, 0x32, 0x00, 0x58, 0x00, 0x35, 0x00, 0x30, 0x00, 0x2f, 0x00,
1793 0x2d, 0x00, 0x60, 0x00, 0x62, 0x00, 0x51, 0x00, 0x2a, 0x00, 0x30, 0x00, 0x31, 0x00,
1794 0x48, 0x00, 0x5b, 0x00, 0x5b, 0x00, 0x5d, 0x00, 0x25, 0x00, 0x58, 0x00, 0x4a, 0x00,
1795 0x76, 0x00, 0x32, 0x00, 0x62, 0x00, 0x27, 0x00, 0x42, 0x00, 0x40, 0x00, 0x53, 0x00,
1796 0x7c, 0x00, 0x7d, 0x00, 0x50, 0x00, 0x3d, 0x00, 0x40, 0x00, 0x76, 0x00, 0x38, 0x00,
1797 0x58, 0x00, 0x39, 0x00, 0x63, 0x00, 0x3c, 0x00, 0x5b, 0x00, 0x23, 0x00, 0x53, 0x00,
1798 0x7a, 0x00, 0x54, 0x00, 0x74, 0x00, 0x61, 0x00, 0x76, 0x00, 0x4a, 0x00, 0x3e, 0x00,
1799 0x33, 0x00, 0x75, 0x00, 0x66, 0x00, 0x2d, 0x00, 0x48, 0x00, 0x33, 0x00, 0x71, 0x00,
1800 0x76, 0x00, 0x48, 0x00, 0x71, 0x00, 0x41, 0x00, 0x6f, 0x00, 0x2a, 0x00, 0x67, 0x00,
1801 0x70, 0x00, 0x21, 0x00, 0x70, 0x00, 0x4b, 0x00, 0x52, 0x00, 0x58, 0x00, 0x68, 0x00,
1802 0x23, 0x00, 0x39, 0x00, 0x46, 0x00, 0x4d, 0x00, 0x51, 0x00, 0x57, 0x00, 0x3a, 0x00,
1803 0x79, 0x00, 0x7b, 0x00, 0x6c, 0x00, 0x55, 0x00, 0x33, 0x00, 0x65, 0x00, 0x49, 0x00,
1804 0x72, 0x00, 0x30, 0x00, 0x4f, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x31, 0x00, 0x4a, 0x00,
1805 0x60, 0x00, 0x79, 0x00, 0x70, 0x00, 0x4f, 0x00, 0x58, 0x00, 0x75, 0x00, 0x44, 0x00,
1806 0x59, 0x00, 0x58, 0x00, 0x46, 0x00, 0x3d, 0x00, 0x46, 0x00, 0x74, 0x00, 0x51, 0x00,
1807 0x57, 0x00, 0x6e, 0x00, 0x2d, 0x00, 0x47, 0x00, 0x23, 0x00, 0x45, 0x00, 0x60, 0x00,
1808 0x4c, 0x00, 0x72, 0x00, 0x4e, 0x00, 0x74, 0x00, 0x40, 0x00, 0x76, 0x00, 0x75, 0x00,
1809 0x74, 0x00, 0x56, 0x00, 0x44, 0x00, 0x29, 0x00, 0x62, 0x00, 0x58, 0x00, 0x31, 0x00,
1810 0x78, 0x00, 0x32, 0x00, 0x52, 0x00, 0x4a, 0x00, 0x6b, 0x00, 0x55, 0x00, 0x72, 0x00,
1811 0x6f, 0x00, 0x6f, 0x00, 0x4a, 0x00, 0x54, 0x00, 0x7d, 0x00, 0x68, 0x00, 0x3f, 0x00,
1812 0x28, 0x00, 0x21, 0x00, 0x53, 0x00, 0x48, 0x00, 0x5a, 0x00, 0x34, 0x00, 0x36, 0x00,
1813 0x35, 0x00, 0x64, 0x00, 0x4e, 0x00, 0x75, 0x00, 0x69, 0x00, 0x23, 0x00, 0x75, 0x00,
1814 0x55, 0x00, 0x43, 0x00, 0x75, 0x00, 0x2f, 0x00, 0x73, 0x00, 0x62, 0x00, 0x6f, 0x00,
1815 0x37, 0x00, 0x4e, 0x00, 0x25, 0x00, 0x25, 0x00, 0x21, 0x00, 0x3d, 0x00, 0x3c, 0x00,
1816 0x71, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x30, 0x00, 0x36, 0x00, 0x62, 0x00, 0x63, 0x00,
1817 0x53, 0x00, 0x54, 0x00, 0x5d, 0x00, 0x61, 0x00, 0x4c, 0x00, 0x28, 0x00, 0x2b, 0x00,
1818 0x4c, 0x00, 0x4e, 0x00, 0x66, 0x00, 0x5f, 0x00, 0x4b, 0x00, 0x43, 0x00, 0x75, 0x00,
1819 0x45, 0x00, 0x37, 0x00, 0x28, 0x00, 0x56, 0x00, 0x36, 0x00, 0x6a, 0x00, 0x3e, 0x00,
1820 0x64, 0x00, 0x34, 0x00, 0x6a, 0x00, 0x7d, 0x00, 0x4a, 0x00, 0x66, 0x00, 0x7a, 0x00,
1821 0x3e, 0x00, 0x75, 0x00, 0x38, 0x00, 0x7b, 0x00, 0x42, 0x00, 0x76, 0x00, 0x29, 0x00,
1822 0x4c, 0x00, 0x65, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x2b, 0x00, 0x51, 0x00,
1823 0x47, 0x00, 0x22, 0x00, 0x48, 0x00, 0x3d, 0x00, 0x49, 0x00, 0x44, 0x00, 0x5d, 0x00,
1824 0x59, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x24, 0x00, 0x35, 0x00, 0x34, 0x00, 0x70, 0x00,
1825 0x69, 0x00,
1826 ];
1827 let mut dcerpc_state = DCERPCState::new();
1828 assert_eq!(
1829 AppLayerResult::ok(),
a866499b 1830 dcerpc_state.handle_input_data(request, Direction::ToServer)
8036202c
SB		 1831 );
1832 if let Some(hdr) = dcerpc_state.header {
1833 assert_eq!(0, hdr.hdrtype);
1834 assert_eq!(5, hdr.rpc_vers);
1835 assert_eq!(1024, hdr.frag_length);
1836 }
bab497ab
SB		 1837 let tx = &dcerpc_state.transactions[0];
1838 assert_eq!(11, tx.ctxid);
1839 assert_eq!(9, tx.opnum);
1840 assert_eq!(1, tx.first_request_seen);
2033f386 1841 assert_eq!(1000, tx.stub_data_buffer_ts.len());
bab497ab 1842 assert_eq!(true, tx.stub_data_buffer_reset_ts);
8036202c
SB		 1843 }
1844
1845 #[test]
1846 pub fn test_parse_bind_pdu() {
1847 let bind1: &[u8] = &[
1848 0x05, 0x00, 0x0b, 0x01, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
1849 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1850 0x00, 0x00, 0x01, 0x00, 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, 0x86, 0x1e,
1851 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1852 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1853 0x00, 0x00,
1854 ];
1855 let bind2: &[u8] = &[
1856 0x05, 0x00, 0x0b, 0x02, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00,
1857 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1858 0x01, 0x00, 0x01, 0x00, 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, 0x86, 0x1e,
1859 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x67, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1860 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1861 0x00, 0x00,
1862 ];
1863 let mut dcerpc_state = DCERPCState::new();
1864 assert_eq!(
1865 AppLayerResult::ok(),
a866499b 1866 dcerpc_state.handle_input_data(bind1, Direction::ToServer)
8036202c
SB		 1867 );
1868 assert_eq!(
1869 AppLayerResult::ok(), // TODO ASK if this is correct?
a866499b 1870 dcerpc_state.handle_input_data(bind2, Direction::ToServer)
8036202c
SB		 1871 );
1872 }
1873
1874 #[test]
1875 pub fn test_parse_bind_frag_1() {
1876 let bind1: &[u8] = &[
1877 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0xdc, 0x02, 0x00, 0x00, 0x00, 0x00,
1878 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1879 0x00, 0x00, 0x01, 0x00, 0xc7, 0x70, 0x0d, 0x3e, 0x71, 0x37, 0x39, 0x0d, 0x3a, 0x4f,
1880 0xd3, 0xdc, 0xca, 0x49, 0xe8, 0xa3, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1881 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1882 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x84, 0xb6, 0x55, 0x75, 0xdb, 0x9e, 0xba, 0x54,
1883 0x56, 0xd3, 0x45, 0x10, 0xb7, 0x7a, 0x2a, 0xe2, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
1884 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1885 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x6e, 0x39, 0x21, 0x24, 0x70, 0x6f,
1886 0x41, 0x57, 0x54, 0x70, 0xb8, 0xc3, 0x5e, 0x89, 0x3b, 0x43, 0x03, 0x00, 0x00, 0x00,
1887 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1888 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x39, 0x6a, 0x86, 0x5d,
1889 0x24, 0x0f, 0xd2, 0xf7, 0xb6, 0xce, 0x95, 0x9c, 0x54, 0x1d, 0x3a, 0xdb, 0x02, 0x00,
1890 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1891 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x12, 0xa5,
1892 0xdd, 0xc5, 0x55, 0xce, 0xc3, 0x46, 0xbd, 0xa0, 0x94, 0x39, 0x3c, 0x0d, 0x9b, 0x5b,
1893 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1894 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
1895 0x87, 0x1c, 0x8b, 0x6e, 0x11, 0xa8, 0x67, 0x98, 0xd4, 0x5d, 0xf6, 0x8a, 0x2f, 0x33,
1896 0x24, 0x7b, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1897 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
1898 0x01, 0x00, 0x9b, 0x82, 0x13, 0xd1, 0x28, 0xe0, 0x63, 0xf3, 0x62, 0xee, 0x76, 0x73,
1899 0xf9, 0xac, 0x3d, 0x2e, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1900 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1901 0x07, 0x00, 0x01, 0x00, 0xa9, 0xd4, 0x73, 0xf2, 0xed, 0xad, 0xe8, 0x82, 0xf8, 0xcf,
1902 0x9d, 0x9f, 0x66, 0xe6, 0x43, 0x37, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1903 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1904 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x06, 0x2b, 0x85, 0x38, 0x4f, 0x73, 0x96, 0xb1,
1905 0x73, 0xe1, 0x59, 0xbe, 0x9d, 0xe2, 0x6c, 0x07, 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d,
1906 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1907 ];
1908 let bind2: &[u8] = &[
1909 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xbf, 0xfa, 0xbb, 0xa4, 0x9e, 0x5c,
1910 0x80, 0x61, 0xb5, 0x8b, 0x79, 0x69, 0xa6, 0x32, 0x88, 0x77, 0x01, 0x00, 0x01, 0x00,
1911 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
1912 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x39, 0xa8, 0x2c, 0x39,
1913 0x73, 0x50, 0x06, 0x8d, 0xf2, 0x37, 0x1e, 0x1e, 0xa8, 0x8f, 0x46, 0x98, 0x02, 0x00,
1914 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
1915 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x91, 0x13,
1916 0xd0, 0xa7, 0xef, 0xc4, 0xa7, 0x96, 0x0c, 0x4a, 0x0d, 0x29, 0x80, 0xd3, 0xfe, 0xbf,
1917 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
1918 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
1919 0xcc, 0x2b, 0x55, 0x1d, 0xd4, 0xa4, 0x0d, 0xfb, 0xcb, 0x6f, 0x86, 0x36, 0xa6, 0x57,
1920 0xc3, 0x21, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
1921 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
1922 0x01, 0x00, 0x43, 0x7b, 0x07, 0xee, 0x85, 0xa8, 0xb9, 0x3a, 0x0f, 0xf9, 0x83, 0x70,
1923 0xe6, 0x0b, 0x4f, 0x33, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
1924 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
1925 0x0e, 0x00, 0x01, 0x00, 0x9c, 0x6a, 0x15, 0x8c, 0xd6, 0x9c, 0xa6, 0xc3, 0xb2, 0x9e,
1926 0x62, 0x9f, 0x3d, 0x8e, 0x47, 0x73, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
1927 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
1928 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,
1929 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,
1930 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
1931 0x02, 0x00, 0x00, 0x00,
1932 ];
1933 let mut dcerpc_state = DCERPCState::new();
1934 assert_eq!(
1935 AppLayerResult::ok(),
a866499b 1936 dcerpc_state.handle_input_data(bind1, Direction::ToServer)
8036202c
SB		 1937 );
1938 assert_eq!(
1939 AppLayerResult::ok(),
a866499b 1940 dcerpc_state.handle_input_data(bind2, Direction::ToServer)
8036202c
SB		 1941 );
1942 if let Some(ref bind) = dcerpc_state.bind {
1943 assert_eq!(16, bind.numctxitems);
1944 assert_eq!(0, dcerpc_state.bytes_consumed); // because the buffer is cleared after a query is complete
1945 }
1946 }
1947
1948 #[test]
1949 pub fn test_parse_bind_frag_2() {
1950 let request1: &[u8] = &[
1951 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1952 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1953 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1954 ];
1955 let request2: &[u8] = &[0x0D, 0x0E];
1956 let request3: &[u8] = &[0x0F, 0x10, 0x11, 0x12, 0x13, 0x14];
1957 let mut dcerpc_state = DCERPCState::new();
1958 assert_eq!(
1959 AppLayerResult::ok(),
a866499b 1960 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 1961 );
1962 assert_eq!(
1963 AppLayerResult::ok(),
a866499b 1964 dcerpc_state.handle_input_data(request2, Direction::ToServer)
8036202c
SB		 1965 );
1966 assert_eq!(
1967 AppLayerResult::ok(),
a866499b 1968 dcerpc_state.handle_input_data(request3, Direction::ToServer)
8036202c 1969 );
bab497ab 1970 let tx = &dcerpc_state.transactions[0];
2033f386 1971 assert_eq!(20, tx.stub_data_buffer_ts.len());
8036202c
SB		 1972 }
1973
1974 #[test]
1975 pub fn test_parse_bind_frag_3() {
1976 let request1: &[u8] = &[
1977 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1978 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1979 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1980 ];
1981 let mut dcerpc_state = DCERPCState::new();
1982 assert_eq!(
1983 AppLayerResult::ok(),
a866499b 1984 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 1985 );
1986 }
1987
1988 #[test]
1989 pub fn test_parse_bind_frag_4() {
1990 let request1: &[u8] = &[
1991 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x01, 0x00,
1992 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
1993 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
1994 ];
1995 let mut dcerpc_state = DCERPCState::new();
1996 assert_eq!(
1997 AppLayerResult::ok(),
a866499b 1998 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 1999 );
2000 }
2001
2002 #[test]
2003 pub fn test_parse_dcerpc_frag_1() {
2004 let fault: &[u8] = &[
2005 0x05, 0x00, 0x03, 0x03, 0x10, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
2006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0xf7, 0x06, 0x00, 0x00,
2007 0x00, 0x00, 0x00, 0x00,
2008 ];
2009 let request1: &[u8] = &[0x05, 0x00];
2010 let request2: &[u8] = &[
2011 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2012 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
2013 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2014 ];
2015 let mut dcerpc_state = DCERPCState::new();
2016 assert_eq!(
2017 AppLayerResult::err(),
a866499b 2018 dcerpc_state.handle_input_data(fault, Direction::ToServer)
8036202c
SB		 2019 );
2020 assert_eq!(
2021 AppLayerResult::ok(),
a866499b 2022 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 2023 );
2024 assert_eq!(
2025 AppLayerResult::ok(),
a866499b 2026 dcerpc_state.handle_input_data(request2, Direction::ToServer)
8036202c 2027 );
bab497ab 2028 let tx = &dcerpc_state.transactions[0];
2033f386 2029 assert_eq!(12, tx.stub_data_buffer_ts.len());
8036202c
SB		 2030 }
2031
2032 #[test]
2033 pub fn test_parse_dcerpc_frag_2() {
2034 let request1: &[u8] = &[
2035 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00,
2036 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04,
2037 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2038 ];
2039 let request2: &[u8] = &[0x05, 0x00];
2040 let request3: &[u8] = &[
2041 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2042 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
2043 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
2044 ];
2045 let mut dcerpc_state = DCERPCState::new();
2046 assert_eq!(
2047 AppLayerResult::ok(),
a866499b 2048 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 2049 );
2050 assert_eq!(
2051 AppLayerResult::ok(),
a866499b 2052 dcerpc_state.handle_input_data(request2, Direction::ToServer)
8036202c
SB		 2053 );
2054 assert_eq!(
2055 AppLayerResult::ok(),
a866499b 2056 dcerpc_state.handle_input_data(request3, Direction::ToServer)
8036202c
SB		 2057 );
2058 }
2059
2060 #[test]
2061 pub fn test_parse_dcerpc_back_frag() {
2062 let bind_ack1: &[u8] = &[
2063 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00,
2064 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
2065 ];
2066 let bind_ack2: &[u8] = &[
2067 0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x6c, 0x73, 0x61, 0x73, 0x73, 0x00,
2068 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2069 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2070 0x00, 0x00,
2071 ];
2072 let mut dcerpc_state = DCERPCState::new();
a866499b 2073 dcerpc_state.data_needed_for_dir = Direction::ToClient;
8036202c
SB		 2074 assert_eq!(
2075 AppLayerResult::ok(),
a866499b 2076 dcerpc_state.handle_input_data(bind_ack1, Direction::ToClient)
8036202c
SB		 2077 );
2078 assert_eq!(
2079 AppLayerResult::ok(),
a866499b 2080 dcerpc_state.handle_input_data(bind_ack2, Direction::ToClient)
8036202c
SB		 2081 );
2082 }
2083
2084 #[test]
2085 // Check if the parser accepts bind pdus that have context ids starting
2086 // from a non-zero value.
2087 pub fn test_parse_bind_pdu_ctx_id_non_zero() {
2088 let bindbuf: &[u8] = &[
2089 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x7f, 0x00,
2090 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2091 0x01, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00,
2092 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2093 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2094 0x00, 0x00,
2095 ];
2096 let mut dcerpc_state = DCERPCState::new();
2097 let expected_uuid: &[u8] = &[
2098 0x00, 0x00, 0x01, 0xa0, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00,
2099 0x00, 0x46,
2100 ];
2101 assert_eq!(
2102 AppLayerResult::ok(),
a866499b 2103 dcerpc_state.handle_input_data(bindbuf, Direction::ToServer)
8036202c
SB		 2104 );
2105 if let Some(ref bind) = dcerpc_state.bind {
2106 let bind_uuid = &bind.uuid_list[0].uuid;
2107 assert_eq!(1, bind.uuid_list.len());
2108 assert_eq!(
2109 cmp::Ordering::Equal,
2110 bind_uuid
2111 .iter()
2112 .zip(expected_uuid)
2113 .map(|(x, y)| x.cmp(y))
2114 .find(|&ord| ord != cmp::Ordering::Equal)
5bf5de33 2115 .unwrap_or_else(|| bind_uuid.len().cmp(&expected_uuid.len()))
8036202c
SB		 2116 );
2117 }
2118 }
2119
2120 #[test]
2121 // Check for endless loop with bind PDUs (Imported from C code)
2122 pub fn test_parse_bind_pdu_infinite_loop() {
2123 let bindbuf: &[u8] = &[
2124 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x4A, 0x00, 0x00, 0x00, 0x7f, 0x00,
2125 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
2126 0x01, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00,
2127 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2128 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2129 0x00, 0x00, 0x02, 0x00, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04,
2130 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02,
2131 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
2132 0x01, 0x02, 0x03, 0x04, 0xFF, /* ka boom - endless loop */
2133 ];
2134 let mut dcerpc_state = DCERPCState::new();
2135 assert_eq!(
2136 AppLayerResult::ok(),
a866499b 2137 dcerpc_state.handle_input_data(bindbuf, Direction::ToServer)
8036202c
SB		 2138 );
2139 }
2140
2141 #[test]
2142 // Check for endless loop with bind_ack PDUs (Imported from C code)
2143 pub fn test_parse_bindack_pdu_infinite_loop() {
2144 let bind_ack: &[u8] = &[
2145 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x00, 0x00, 0x7f, 0x00,
2146 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0xfd, 0x04, 0x01, 0x00, 0x04, 0x00, 0x31, 0x33,
2147 0x35, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d,
2148 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2149 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2150 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x01, 0x02, 0x03, 0x04,
2151 0xFF,
2152 ];
2153 let mut dcerpc_state = DCERPCState::new();
a866499b 2154 dcerpc_state.data_needed_for_dir = Direction::ToClient;
8036202c
SB		 2155 assert_eq!(
2156 AppLayerResult::ok(),
a866499b 2157 dcerpc_state.handle_input_data(bind_ack, Direction::ToClient)
8036202c
SB		 2158 );
2159 }
2160
2161 #[test]
2162 // Check for correct internal ids for bind_acks
2163 pub fn test_parse_bindack_internal_ids() {
2164 let bind1: &[u8] = &[
2165 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x58, 0x02, 0x00, 0x00, 0x00, 0x00,
2166 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00,
2167 0x00, 0x00, 0x01, 0x00, 0x50, 0x08, 0x43, 0x95, 0x43, 0x5a, 0x8b, 0xb2, 0xf4, 0xc5,
2168 0xb9, 0xee, 0x67, 0x55, 0x7c, 0x19, 0x00, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2169 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2170 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0xda, 0xc2, 0xbc, 0x9b, 0x35, 0x2e, 0xd4, 0xc9,
2171 0x1f, 0x85, 0x01, 0xe6, 0x4e, 0x5a, 0x5e, 0xd4, 0x04, 0x00, 0x03, 0x00, 0x04, 0x5d,
2172 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2173 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0xb2, 0x97, 0xcc, 0x14, 0x6f, 0x70,
2174 0x0d, 0xa5, 0x33, 0xd7, 0xf4, 0xe3, 0x8e, 0xb2, 0x2a, 0x1e, 0x05, 0x00, 0x02, 0x00,
2175 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2176 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x96, 0x4e, 0xa6, 0xf6,
2177 0xb2, 0x4b, 0xae, 0xb3, 0x21, 0xf4, 0x97, 0x7c, 0xcd, 0xa7, 0x08, 0xb0, 0x00, 0x00,
2178 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2179 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0xbc, 0xc0,
2180 0xf7, 0x71, 0x3f, 0x71, 0x54, 0x44, 0x22, 0xa8, 0x55, 0x0f, 0x98, 0x83, 0x1f, 0xfe,
2181 0x04, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2182 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2183 0xbe, 0x52, 0xf2, 0x58, 0x4a, 0xc3, 0xb5, 0xd0, 0xba, 0xac, 0xda, 0xf0, 0x12, 0x99,
2184 0x38, 0x6e, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2185 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2186 0x01, 0x00, 0xdb, 0xfa, 0x73, 0x01, 0xb3, 0x81, 0x01, 0xd4, 0x7f, 0xa0, 0x36, 0xb1,
2187 0x97, 0xae, 0x29, 0x7f, 0x01, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2188 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2189 0x07, 0x00, 0x01, 0x00, 0x89, 0xbe, 0x41, 0x1d, 0x38, 0x75, 0xf5, 0xb5, 0xad, 0x27,
2190 0x73, 0xf1, 0xb0, 0x7a, 0x28, 0x82, 0x05, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2191 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2192 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0xf6, 0x87, 0x09, 0x93, 0xb8, 0xa8, 0x20, 0xc4,
2193 0xb8, 0x63, 0xe6, 0x95, 0xed, 0x59, 0xee, 0x3f, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d,
2194 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2195 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x92, 0x77, 0x92, 0x68, 0x3e, 0xa4,
2196 0xbc, 0x3f, 0x44, 0x33, 0x0e, 0xb8, 0x33, 0x0a, 0x2f, 0xdf, 0x01, 0x00, 0x02, 0x00,
2197 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2198 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0xa1, 0x03, 0xd2, 0xa9,
2199 0xd2, 0x16, 0xc9, 0x89, 0x67, 0x18, 0x3e, 0xb1, 0xee, 0x6b, 0xf9, 0x18, 0x02, 0x00,
2200 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2201 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x2f, 0x09,
2202 0x5e, 0x74, 0xec, 0xa0, 0xbb, 0xc1, 0x60, 0x18, 0xf1, 0x93, 0x04, 0x17, 0x11, 0xf9,
2203 0x01, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2204 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
2205 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2206 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2207 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2208 ];
2209 let bind_ack1: &[u8] = &[
2210 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x64, 0x01, 0x00, 0x00, 0x00, 0x00,
2211 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0xc1, 0x2b, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x50,
2212 0x49, 0x50, 0x45, 0x5c, 0x62, 0x72, 0x6f, 0x77, 0x73, 0x65, 0x72, 0x00, 0x0d, 0x00,
2213 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2214 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2215 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2216 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2217 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2218 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2219 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2220 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2221 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2222 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2223 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2224 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2225 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2226 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2227 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2228 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2229 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2230 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2231 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2232 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2233 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2234 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2235 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2236 ];
2237 let bind2: &[u8] = &[
2238 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0xdc, 0x02, 0x00, 0x00, 0x00, 0x00,
2239 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
2240 0x00, 0x00, 0x01, 0x00, 0xc7, 0x70, 0x0d, 0x3e, 0x71, 0x37, 0x39, 0x0d, 0x3a, 0x4f,
2241 0xd3, 0xdc, 0xca, 0x49, 0xe8, 0xa3, 0x05, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2242 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2243 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x84, 0xb6, 0x55, 0x75, 0xdb, 0x9e, 0xba, 0x54,
2244 0x56, 0xd3, 0x45, 0x10, 0xb7, 0x7a, 0x2a, 0xe2, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
2245 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2246 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x6e, 0x39, 0x21, 0x24, 0x70, 0x6f,
2247 0x41, 0x57, 0x54, 0x70, 0xb8, 0xc3, 0x5e, 0x89, 0x3b, 0x43, 0x03, 0x00, 0x00, 0x00,
2248 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2249 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0x39, 0x6a, 0x86, 0x5d,
2250 0x24, 0x0f, 0xd2, 0xf7, 0xb6, 0xce, 0x95, 0x9c, 0x54, 0x1d, 0x3a, 0xdb, 0x02, 0x00,
2251 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2252 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x12, 0xa5,
2253 0xdd, 0xc5, 0x55, 0xce, 0xc3, 0x46, 0xbd, 0xa0, 0x94, 0x39, 0x3c, 0x0d, 0x9b, 0x5b,
2254 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2255 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2256 0x87, 0x1c, 0x8b, 0x6e, 0x11, 0xa8, 0x67, 0x98, 0xd4, 0x5d, 0xf6, 0x8a, 0x2f, 0x33,
2257 0x24, 0x7b, 0x05, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2258 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2259 0x01, 0x00, 0x9b, 0x82, 0x13, 0xd1, 0x28, 0xe0, 0x63, 0xf3, 0x62, 0xee, 0x76, 0x73,
2260 0xf9, 0xac, 0x3d, 0x2e, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2261 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2262 0x07, 0x00, 0x01, 0x00, 0xa9, 0xd4, 0x73, 0xf2, 0xed, 0xad, 0xe8, 0x82, 0xf8, 0xcf,
2263 0x9d, 0x9f, 0x66, 0xe6, 0x43, 0x37, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2264 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2265 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x06, 0x2b, 0x85, 0x38, 0x4f, 0x73, 0x96, 0xb1,
2266 0x73, 0xe1, 0x59, 0xbe, 0x9d, 0xe2, 0x6c, 0x07, 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d,
2267 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2268 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xbf, 0xfa, 0xbb, 0xa4, 0x9e, 0x5c,
2269 0x80, 0x61, 0xb5, 0x8b, 0x79, 0x69, 0xa6, 0x32, 0x88, 0x77, 0x01, 0x00, 0x01, 0x00,
2270 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2271 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x39, 0xa8, 0x2c, 0x39,
2272 0x73, 0x50, 0x06, 0x8d, 0xf2, 0x37, 0x1e, 0x1e, 0xa8, 0x8f, 0x46, 0x98, 0x02, 0x00,
2273 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2274 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x91, 0x13,
2275 0xd0, 0xa7, 0xef, 0xc4, 0xa7, 0x96, 0x0c, 0x4a, 0x0d, 0x29, 0x80, 0xd3, 0xfe, 0xbf,
2276 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2277 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x01, 0x00,
2278 0xcc, 0x2b, 0x55, 0x1d, 0xd4, 0xa4, 0x0d, 0xfb, 0xcb, 0x6f, 0x86, 0x36, 0xa6, 0x57,
2279 0xc3, 0x21, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2280 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0d, 0x00,
2281 0x01, 0x00, 0x43, 0x7b, 0x07, 0xee, 0x85, 0xa8, 0xb9, 0x3a, 0x0f, 0xf9, 0x83, 0x70,
2282 0xe6, 0x0b, 0x4f, 0x33, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2283 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2284 0x0e, 0x00, 0x01, 0x00, 0x9c, 0x6a, 0x15, 0x8c, 0xd6, 0x9c, 0xa6, 0xc3, 0xb2, 0x9e,
2285 0x62, 0x9f, 0x3d, 0x8e, 0x47, 0x73, 0x02, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2286 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2287 0x00, 0x00, 0x0f, 0x00, 0x01, 0x00, 0xc8, 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01,
2288 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04, 0x5d,
2289 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2290 0x02, 0x00, 0x00, 0x00,
2291 ];
2292 let bind_ack2: &[u8] = &[
2293 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0xac, 0x01, 0x00, 0x00, 0x00, 0x00,
2294 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0xc2, 0x2b, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x50,
2295 0x49, 0x50, 0x45, 0x5c, 0x62, 0x72, 0x6f, 0x77, 0x73, 0x65, 0x72, 0x00, 0x10, 0x00,
2296 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2298 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2299 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2300 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2301 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2302 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2303 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2304 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2305 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2306 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2307 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2308 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2309 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2310 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2311 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2312 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2313 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2314 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2315 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2316 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2318 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2319 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2320 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2321 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2322 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2323 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2324 ];
2325 let bind3: &[u8] = &[
2326 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x2c, 0x02, 0x00, 0x00, 0x00, 0x00,
2327 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
2328 0x00, 0x00, 0x01, 0x00, 0xa4, 0x7f, 0x8e, 0xc6, 0xef, 0x56, 0x9b, 0x63, 0x92, 0xfa,
2329 0x08, 0xb3, 0x35, 0xe2, 0xa5, 0x81, 0x00, 0x00, 0x03, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2330 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2331 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x9f, 0xfc, 0x78, 0xd2, 0x5f, 0x16, 0x0b, 0xbc,
2332 0xc6, 0xdb, 0x5d, 0xef, 0xde, 0x54, 0xa2, 0x6f, 0x04, 0x00, 0x01, 0x00, 0x04, 0x5d,
2333 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2334 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x78, 0xb8, 0x96, 0xc7, 0x2f, 0xda,
2335 0x11, 0x6b, 0xd1, 0x28, 0x68, 0xe1, 0xd6, 0x71, 0xac, 0x9d, 0x03, 0x00, 0x00, 0x00,
2336 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2337 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00, 0xcf, 0xf4, 0xd7, 0x37,
2338 0x03, 0xda, 0xcc, 0xe3, 0x3e, 0x34, 0x7f, 0x67, 0x99, 0x91, 0x41, 0x3d, 0x01, 0x00,
2339 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2340 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x01, 0x00, 0x48, 0xeb,
2341 0x32, 0xf0, 0x27, 0xd5, 0x9d, 0xd0, 0x1e, 0xc6, 0x48, 0x46, 0x97, 0xe9, 0xdb, 0x09,
2342 0x05, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2343 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x05, 0x00, 0x01, 0x00,
2344 0x82, 0xec, 0x0d, 0x08, 0xf2, 0x8f, 0x22, 0x57, 0x42, 0x9b, 0xce, 0xa8, 0x74, 0x16,
2345 0xc6, 0xec, 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2346 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00,
2347 0x01, 0x00, 0x2e, 0x00, 0x70, 0x44, 0xee, 0xc9, 0x30, 0x6b, 0xf4, 0x34, 0x1e, 0x3d,
2348 0x35, 0x0f, 0xf7, 0xf7, 0x00, 0x00, 0x01, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2349 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2350 0x07, 0x00, 0x01, 0x00, 0x59, 0x04, 0x39, 0x3f, 0x59, 0x87, 0x14, 0x0e, 0x76, 0x8d,
2351 0x17, 0xc2, 0x47, 0xfa, 0x67, 0x7f, 0x04, 0x00, 0x02, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2352 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2353 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, 0x30, 0xd6, 0xed, 0x2e, 0x57, 0xfa, 0xf4, 0x72,
2354 0x6c, 0x10, 0x0d, 0xe5, 0x51, 0x7f, 0xd0, 0x39, 0x02, 0x00, 0x01, 0x00, 0x04, 0x5d,
2355 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2356 0x02, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0xea, 0x8b, 0x84, 0x4d, 0x44, 0x43,
2357 0xc1, 0x94, 0x75, 0xe2, 0x81, 0x48, 0xd8, 0x77, 0xd9, 0xce, 0x05, 0x00, 0x00, 0x00,
2358 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10,
2359 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x89, 0x4f, 0xe7, 0x95,
2360 0xa3, 0xc1, 0x62, 0x36, 0x26, 0x9e, 0x67, 0xdb, 0x2c, 0x52, 0x89, 0xd3, 0x01, 0x00,
2361 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2362 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, 0x78, 0x56,
2363 0x34, 0x12, 0x34, 0x12, 0xcd, 0xab, 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
2364 0x01, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2365 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2366 ];
2367 let bind_ack3: &[u8] = &[
2368 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x4c, 0x01, 0x00, 0x00, 0x00, 0x00,
2369 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x1a, 0x33, 0x00, 0x00, 0x0e, 0x00, 0x5c, 0x70,
2370 0x69, 0x70, 0x65, 0x5c, 0x73, 0x70, 0x6f, 0x6f, 0x6c, 0x73, 0x73, 0x00, 0x0c, 0x00,
2371 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2372 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2373 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2374 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2375 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2376 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2378 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2379 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00,
2380 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
2382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2383 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
2385 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2386 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00,
2387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2388 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2389 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2390 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8,
2391 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2392 ];
2393 let mut dcerpc_state = DCERPCState::new();
2394 let expected_uuid1 = vec![
2395 0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2396 0xe1, 0x88,
2397 ];
2398 let expected_uuid2 = vec![
2399 0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e,
2400 0xe1, 0x88,
2401 ];
2402 let expected_uuid3 = vec![
2403 0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0xab, 0xcd, 0xef, 0x00, 0x01, 0x23, 0x45, 0x67,
2404 0x89, 0xab,
2405 ];
2406 assert_eq!(
2407 AppLayerResult::ok(),
a866499b 2408 dcerpc_state.handle_input_data(bind1, Direction::ToServer)
8036202c
SB		 2409 );
2410 assert_eq!(
2411 AppLayerResult::ok(),
a866499b 2412 dcerpc_state.handle_input_data(bind_ack1, Direction::ToClient)
8036202c
SB		 2413 );
2414 if let Some(ref back) = dcerpc_state.bindack {
2415 assert_eq!(1, back.accepted_uuid_list.len());
2416 assert_eq!(12, back.accepted_uuid_list[0].ctxid);
2417 assert_eq!(expected_uuid1, back.accepted_uuid_list[0].uuid);
2418 }
2419 assert_eq!(
2420 AppLayerResult::ok(),
a866499b 2421 dcerpc_state.handle_input_data(bind2, Direction::ToServer)
8036202c
SB		 2422 );
2423 assert_eq!(
2424 AppLayerResult::ok(),
a866499b 2425 dcerpc_state.handle_input_data(bind_ack2, Direction::ToClient)
8036202c
SB		 2426 );
2427 if let Some(ref back) = dcerpc_state.bindack {
2428 assert_eq!(1, back.accepted_uuid_list.len());
2429 assert_eq!(15, back.accepted_uuid_list[0].ctxid);
2430 assert_eq!(expected_uuid2, back.accepted_uuid_list[0].uuid);
2431 }
2432 assert_eq!(
2433 AppLayerResult::ok(),
a866499b 2434 dcerpc_state.handle_input_data(bind3, Direction::ToServer)
8036202c
SB		 2435 );
2436 assert_eq!(
2437 AppLayerResult::ok(),
a866499b 2438 dcerpc_state.handle_input_data(bind_ack3, Direction::ToClient)
8036202c
SB		 2439 );
2440 if let Some(ref back) = dcerpc_state.bindack {
2441 assert_eq!(1, back.accepted_uuid_list.len());
a866499b 2442 dcerpc_state.data_needed_for_dir = Direction::ToServer;
8036202c
SB		 2443 assert_eq!(11, back.accepted_uuid_list[0].ctxid);
2444 assert_eq!(expected_uuid3, back.accepted_uuid_list[0].uuid);
2445 }
2446 }
2447
2448 #[test]
2449 pub fn test_bind_acks_alter_contexts_internal_ids() {
2450 let bind: &[u8] = &[
2451 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01, 0x00,
2452 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2453 0x00, 0x00, 0x01, 0x00, 0x40, 0xfd, 0x2c, 0x34, 0x6c, 0x3c, 0xce, 0x11, 0xa8, 0x93,
2454 0x08, 0x00, 0x2b, 0x2e, 0x9c, 0x6d, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2455 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2456 0x00, 0x00,
2457 ];
2458 let bindack: &[u8] = &[
2459 0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x01, 0x00,
2460 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x7d, 0xd8, 0x00, 0x00, 0x0d, 0x00, 0x5c, 0x70,
2461 0x69, 0x70, 0x65, 0x5c, 0x6c, 0x6c, 0x73, 0x72, 0x70, 0x63, 0x00, 0x00, 0x01, 0x00,
2462 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2463 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2464 ];
2465 let alter_context: &[u8] = &[
2466 0x05, 0x00, 0x0e, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x01, 0x00,
2467 0x00, 0x00, 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
2468 0x01, 0x00, 0x01, 0x00, 0xd0, 0x4c, 0x67, 0x57, 0x00, 0x52, 0xce, 0x11, 0xa8, 0x97,
2469 0x08, 0x00, 0x2b, 0x2e, 0x9c, 0x6d, 0x01, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2470 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,
2471 0x00, 0x00,
2472 ];
2473 let alter_context_resp: &[u8] = &[
2474 0x05, 0x00, 0x0f, 0x03, 0x10, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x01, 0x00,
2475 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x7d, 0xd8, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00,
2476 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c,
2477 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
2478 ];
2479
2480 let mut dcerpc_state = DCERPCState::new();
2481 let expected_uuid1 = vec![
2482 0x34, 0x2c, 0xfd, 0x40, 0x3c, 0x6c, 0x11, 0xce, 0xa8, 0x93, 0x08, 0x00, 0x2b, 0x2e,
2483 0x9c, 0x6d,
2484 ];
2485 let expected_uuid2 = vec![
2486 0x57, 0x67, 0x4c, 0xd0, 0x52, 0x00, 0x11, 0xce, 0xa8, 0x97, 0x08, 0x00, 0x2b, 0x2e,
2487 0x9c, 0x6d,
2488 ];
2489 assert_eq!(
2490 AppLayerResult::ok(),
a866499b 2491 dcerpc_state.handle_input_data(bind, Direction::ToServer)
8036202c
SB		 2492 );
2493 assert_eq!(
2494 AppLayerResult::ok(),
a866499b 2495 dcerpc_state.handle_input_data(bindack, Direction::ToClient)
8036202c
SB		 2496 );
2497 if let Some(ref back) = dcerpc_state.bindack {
2498 assert_eq!(1, back.accepted_uuid_list.len());
2499 assert_eq!(0, back.accepted_uuid_list[0].ctxid);
2500 assert_eq!(expected_uuid1, back.accepted_uuid_list[0].uuid);
2501 }
2502 assert_eq!(
2503 AppLayerResult::ok(),
a866499b 2504 dcerpc_state.handle_input_data(alter_context, Direction::ToServer)
8036202c
SB		 2505 );
2506 assert_eq!(
2507 AppLayerResult::ok(),
a866499b 2508 dcerpc_state.handle_input_data(alter_context_resp, Direction::ToClient)
8036202c
SB		 2509 );
2510 if let Some(ref back) = dcerpc_state.bindack {
2511 assert_eq!(1, back.accepted_uuid_list.len());
2512 assert_eq!(1, back.accepted_uuid_list[0].ctxid);
2513 assert_eq!(expected_uuid2, back.accepted_uuid_list[0].uuid);
2514 }
2515 }
2516
2517 #[test]
2518 pub fn test_parse_dcerpc_frag_3() {
2519 let request1: &[u8] = &[
2520 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x01, 0x00,
2521 0x00, 0x00, 0x0c, 0x00,
2522 ];
2523 let request2: &[u8] = &[
2524 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
2525 0x09, 0x0A, 0x0B, 0x0C, 0xFF, 0xFF,
2526 ];
2527 let mut dcerpc_state = DCERPCState::new();
2528 assert_eq!(
2529 AppLayerResult::ok(),
a866499b 2530 dcerpc_state.handle_input_data(request1, Direction::ToServer)
8036202c
SB		 2531 );
2532 assert_eq!(
2533 AppLayerResult::ok(),
a866499b 2534 dcerpc_state.handle_input_data(request2, Direction::ToServer)
8036202c 2535 );
bab497ab
SB		 2536 let tx = &dcerpc_state.transactions[0];
2537 assert_eq!(2, tx.opnum);
2538 assert_eq!(0, tx.ctxid);
2033f386 2539 assert_eq!(14, tx.stub_data_buffer_ts.len());
8036202c
SB		 2540 }
2541}
Michael's tree of suricata