dcerpc/log: Log fields particular to an RPC version

Log fields that only are meant to be in a PDU for a particular RPC
version. Since DCERPC/UDP works on RPC version 4 and DCERPC/TCP works on
RPC version 5, there are certain fields that are particular to each
version.
Remove call_id from the logger for UDP.
Add activityuuid and seqnum fields to the logger for UDP.
call_id and (activityuuid + seqnum) fields are used to uniquely pair a
request with response for RPC versions 5 and 4 respectively.

diff --git a/rust/src/dcerpc/log.rs b/rust/src/dcerpc/log.rs
index 1bf379172e7de475c642dbb36baaa22fb8f4d96e..9f69fe5a4b744b816529bb1dc4bec7e9a4ba85e6 100644 (file)
--- a/rust/src/dcerpc/log.rs
+++ b/rust/src/dcerpc/log.rs
@@ -70,8 +70,15 @@ fn log_dcerpc_header(
         jsb.set_string("response", "UNREPLIED")?;
     }
 
-    jsb.set_uint("call_id", tx.call_id as u64)?;
     if let Some(ref hdr) = state.header {
+        if hdr.rpc_vers != 4 {
+            jsb.set_uint("call_id", tx.call_id as u64)?;
+        } else {
+            let activityuuid = Uuid::from_slice(tx.activityuuid.as_slice());
+            let activityuuid = activityuuid.map(|uuid| uuid.to_hyphenated().to_string()).unwrap();
+            jsb.set_string("activityuuid", &activityuuid)?;
+            jsb.set_uint("seqnum", tx.seqnum as u64)?;
+        }
         let vstr = format!("{}.{}", hdr.rpc_vers, hdr.rpc_vers_minor);
         jsb.set_string("rpc_version", &vstr)?;
     }