From: Russ Combs (rucombs) Date: Thu, 13 May 2021 15:11:30 +0000 (+0000) Subject: Merge pull request #2881 in SNORT/snort3 from ~BRASTULT/snort3:dcerpc_expected_sessio... X-Git-Tag: 3.1.5.0~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99bedf1a0c120e0f91a895c4ad818ec7f928e38d;p=thirdparty%2Fsnort3.git Merge pull request #2881 in SNORT/snort3 from ~BRASTULT/snort3:dcerpc_expected_session to master Squashed commit of the following: commit a9e8adf33d65d0686f58bd67f88013e59402cb7c Author: Brandon Stultz Date: Fri May 7 16:28:50 2021 -0400 dce_rpc: fix expected session protocol id --- diff --git a/src/service_inspectors/dce_rpc/dce_expected_session.cc b/src/service_inspectors/dce_rpc/dce_expected_session.cc index ba8306f11..14d503d13 100644 --- a/src/service_inspectors/dce_rpc/dce_expected_session.cc +++ b/src/service_inspectors/dce_rpc/dce_expected_session.cc @@ -32,12 +32,6 @@ using namespace snort; -DceExpSsnManager::DceExpSsnManager(const char* protocol, - IpProtocol proto, PktType type): proto(proto), type(type) -{ - protocol_id = SnortConfig::get_conf()->proto_ref->add(protocol); -} - void DceExpSsnManager::create_expected_session(const SfIp* ept_ip, uint16_t ept_port, const char* mod_name) { @@ -62,8 +56,7 @@ void DceExpSsnManager::create_expected_session(const SfIp* ept_ip, } DceTcpExpSsnManager::DceTcpExpSsnManager(const dce2TcpProtoConf& config) : - DceExpSsnManager("dce-tcp", IpProtocol::TCP, PktType::TCP), - pc(config) { } + DceExpSsnManager(IpProtocol::TCP, PktType::TCP), pc(config) {} int DceTcpExpSsnManager::create_expected_session_impl(Packet* pkt, const snort::SfIp* src_ip, uint16_t src_port, diff --git a/src/service_inspectors/dce_rpc/dce_expected_session.h b/src/service_inspectors/dce_rpc/dce_expected_session.h index 1e37175d3..6872ef408 100644 --- a/src/service_inspectors/dce_rpc/dce_expected_session.h +++ b/src/service_inspectors/dce_rpc/dce_expected_session.h @@ -36,9 +36,14 @@ struct dce2TcpProtoConf; class DceExpSsnManager { public: - DceExpSsnManager(const char*, IpProtocol, PktType); + DceExpSsnManager(IpProtocol p, PktType t) : + proto(p), type(t) {} + virtual ~DceExpSsnManager() = default; + void set_proto_id(SnortProtocolId id) + { protocol_id = id; } + SnortProtocolId get_proto_id() const { return protocol_id; } @@ -56,7 +61,7 @@ private: PktType, IpProtocol, SnortProtocolId) = 0; private: - SnortProtocolId protocol_id; + SnortProtocolId protocol_id = UNKNOWN_PROTOCOL_ID; IpProtocol proto; PktType type; }; diff --git a/src/service_inspectors/dce_rpc/dce_tcp.cc b/src/service_inspectors/dce_rpc/dce_tcp.cc index db44c0d49..bfc6db803 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp.cc @@ -111,7 +111,13 @@ static DCE2_TcpSsnData* dce2_handle_tcp_session(Packet* p, dce2TcpProtoConf* con // class stuff //------------------------------------------------------------------------- Dce2Tcp::Dce2Tcp(const dce2TcpProtoConf& pc) : - config(pc), esm(config) { } + config(pc), esm(config) {} + +bool Dce2Tcp::configure(snort::SnortConfig* sc) +{ + esm.set_proto_id(sc->proto_ref->add(DCE_RPC_SERVICE_NAME)); + return true; +} void Dce2Tcp::show(const SnortConfig*) const { diff --git a/src/service_inspectors/dce_rpc/dce_tcp.h b/src/service_inspectors/dce_rpc/dce_tcp.h index acc5daa6d..3c4735476 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.h +++ b/src/service_inspectors/dce_rpc/dce_tcp.h @@ -139,6 +139,7 @@ class Dce2Tcp : public snort::Inspector public: Dce2Tcp(const dce2TcpProtoConf&); + bool configure(snort::SnortConfig*) override; void show(const snort::SnortConfig*) const override; void eval(snort::Packet*) override; void clear(snort::Packet*) override;