From 269324e84d79c4860533967e7fe226e3a9106613 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Thu, 12 Nov 2020 16:36:39 +0530 Subject: [PATCH] dcerpc/log: Log fields particular to an RPC version Log fields that only are meant to be in a PDU for a particular RPC version. Since DCERPC/UDP works on RPC version 4 and DCERPC/TCP works on RPC version 5, there are certain fields that are particular to each version. Remove call_id from the logger for UDP. Add activityuuid and seqnum fields to the logger for UDP. call_id and (activityuuid + seqnum) fields are used to uniquely pair a request with response for RPC versions 5 and 4 respectively. --- rust/src/dcerpc/log.rs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/rust/src/dcerpc/log.rs b/rust/src/dcerpc/log.rs index 1bf379172e..9f69fe5a4b 100644 --- a/rust/src/dcerpc/log.rs +++ b/rust/src/dcerpc/log.rs @@ -70,8 +70,15 @@ fn log_dcerpc_header( jsb.set_string("response", "UNREPLIED")?; } - jsb.set_uint("call_id", tx.call_id as u64)?; if let Some(ref hdr) = state.header { + if hdr.rpc_vers != 4 { + jsb.set_uint("call_id", tx.call_id as u64)?; + } else { + let activityuuid = Uuid::from_slice(tx.activityuuid.as_slice()); + let activityuuid = activityuuid.map(|uuid| uuid.to_hyphenated().to_string()).unwrap(); + jsb.set_string("activityuuid", &activityuuid)?; + jsb.set_uint("seqnum", tx.seqnum as u64)?; + } let vstr = format!("{}.{}", hdr.rpc_vers, hdr.rpc_vers_minor); jsb.set_string("rpc_version", &vstr)?; } -- 2.47.2