Merge pull request #2881 in SNORT/snort3 from ~BRASTULT/snort3:dcerpc_expected_sessio...

Squashed commit of the following:

commit a9e8adf33d65d0686f58bd67f88013e59402cb7c
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri May 7 16:28:50 2021 -0400

    dce_rpc: fix expected session protocol id

diff --git a/src/service_inspectors/dce_rpc/dce_expected_session.cc b/src/service_inspectors/dce_rpc/dce_expected_session.cc
index ba8306f11afdfe9f70a4b10575eae1ce0c280256..14d503d132ec82567c8cf7e89133cd05d09a19e0 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_expected_session.cc
+++ b/src/service_inspectors/dce_rpc/dce_expected_session.cc
@@ -32,12 +32,6 @@
 
 using namespace snort;
 
-DceExpSsnManager::DceExpSsnManager(const char* protocol,
-    IpProtocol proto, PktType type): proto(proto), type(type)
-{
-    protocol_id = SnortConfig::get_conf()->proto_ref->add(protocol);
-}
-
 void DceExpSsnManager::create_expected_session(const SfIp* ept_ip,
     uint16_t ept_port, const char* mod_name)
 {
@@ -62,8 +56,7 @@ void DceExpSsnManager::create_expected_session(const SfIp* ept_ip,
 }
 
 DceTcpExpSsnManager::DceTcpExpSsnManager(const dce2TcpProtoConf& config) :
-    DceExpSsnManager("dce-tcp", IpProtocol::TCP, PktType::TCP),
-    pc(config) { }
+    DceExpSsnManager(IpProtocol::TCP, PktType::TCP), pc(config) {}
 
 int DceTcpExpSsnManager::create_expected_session_impl(Packet* pkt,
     const snort::SfIp* src_ip, uint16_t src_port,

diff --git a/src/service_inspectors/dce_rpc/dce_expected_session.h b/src/service_inspectors/dce_rpc/dce_expected_session.h
index 1e37175d365a4a5232307b59640e5eed6b45daea..6872ef40872f19e189ae7db9ef25cd34d304cd00 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_expected_session.h
+++ b/src/service_inspectors/dce_rpc/dce_expected_session.h
@@ -36,9 +36,14 @@ struct dce2TcpProtoConf;
 class DceExpSsnManager
 {
 public:
-    DceExpSsnManager(const char*, IpProtocol, PktType);
+    DceExpSsnManager(IpProtocol p, PktType t) :
+        proto(p), type(t) {}
+
     virtual ~DceExpSsnManager() = default;
 
+    void set_proto_id(SnortProtocolId id)
+    { protocol_id = id; }
+
     SnortProtocolId get_proto_id() const
     { return protocol_id; }
 
@@ -56,7 +61,7 @@ private:
         PktType, IpProtocol, SnortProtocolId) = 0;
 
 private:
-    SnortProtocolId protocol_id;
+    SnortProtocolId protocol_id = UNKNOWN_PROTOCOL_ID;
     IpProtocol proto;
     PktType type;
 };

diff --git a/src/service_inspectors/dce_rpc/dce_tcp.cc b/src/service_inspectors/dce_rpc/dce_tcp.cc
index db44c0d49777eec1ee97364ccbca8a1402fea53d..bfc6db803a81548c906952deefdfc062348eda0e 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_tcp.cc
+++ b/src/service_inspectors/dce_rpc/dce_tcp.cc
@@ -111,7 +111,13 @@ static DCE2_TcpSsnData* dce2_handle_tcp_session(Packet* p, dce2TcpProtoConf* con
 // class stuff
 //-------------------------------------------------------------------------
 Dce2Tcp::Dce2Tcp(const dce2TcpProtoConf& pc) :
-    config(pc), esm(config) { }
+    config(pc), esm(config) {}
+
+bool Dce2Tcp::configure(snort::SnortConfig* sc)
+{
+    esm.set_proto_id(sc->proto_ref->add(DCE_RPC_SERVICE_NAME));
+    return true;
+}
 
 void Dce2Tcp::show(const SnortConfig*) const
 {

diff --git a/src/service_inspectors/dce_rpc/dce_tcp.h b/src/service_inspectors/dce_rpc/dce_tcp.h
index acc5daa6d70fcd2081de9bf7244c6f8712661257..3c473547678699ec645ff0c1c0e02653fde209eb 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_tcp.h
+++ b/src/service_inspectors/dce_rpc/dce_tcp.h
@@ -139,6 +139,7 @@ class Dce2Tcp : public snort::Inspector
 public:
     Dce2Tcp(const dce2TcpProtoConf&);
 
+    bool configure(snort::SnortConfig*) override;
     void show(const snort::SnortConfig*) const override;
     void eval(snort::Packet*) override;
     void clear(snort::Packet*) override;