Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / preprocessors

spp_rpc_decode.c File Reference

#include <sys/types.h>
#include <stdlib.h>
#include <ctype.h>
#include "decode.h"
#include "plugbase.h"
#include "parser.h"
#include "log.h"
#include "debug.h"
#include "util.h"
#include "mstring.h"
#include "snort.h"
#include "detect.h"
#include "generators.h"
#include "event_queue.h"

Go to the source code of this file.

Defines

#define OPT_ALERT_FRAGMENTS   "alert_fragments"
#define OPT_ALERT_MULTIPLE_REQUESTS   "no_alert_multiple_requests"
#define OPT_ALERT_LARGE_FRAGMENTS   "no_alert_large_fragments"
#define OPT_ALERT_INCOMPLETE   "no_alert_incomplete"
#define TEXT_ALERT_MULTIPLE_REQUESTS   "alert_multiple_requests"
#define TEXT_ALERT_LARGE_FRAGMENTS   "alert_large_fragments"
#define TEXT_ALERT_INCOMPLETE   "alert_incomplete"
#define RPC_CLASS   DECODE_CLASS
#define MSB   0x80000000

Typedefs

typedef _RpcDecodeData RpcDecodeData

Functions

void RpcDecodeInit (u_char *)
void RpcDecodeInitIgnore (u_char *)
void PreprocRpcDecode (Packet *, void *)
void SetRpcPorts (char *)
int ConvertRPC (Packet *)
void SetupRpcDecode ()

Variables

char * file_name
int file_line
int do_detect
static RpcDecodeData rpcpreprocdata
static char RpcDecodePorts [65536/8]

Define Documentation

#define MSB   0x80000000
 

Definition at line 348 of file spp_rpc_decode.c.

Referenced by ConvertRPC().

#define OPT_ALERT_FRAGMENTS   "alert_fragments"
 

Definition at line 74 of file spp_rpc_decode.c.

Referenced by SetRpcPorts().

#define OPT_ALERT_INCOMPLETE   "no_alert_incomplete"
 

Definition at line 77 of file spp_rpc_decode.c.

Referenced by SetRpcPorts().

#define OPT_ALERT_LARGE_FRAGMENTS   "no_alert_large_fragments"
 

Definition at line 76 of file spp_rpc_decode.c.

Referenced by SetRpcPorts().

#define OPT_ALERT_MULTIPLE_REQUESTS   "no_alert_multiple_requests"
 

Definition at line 75 of file spp_rpc_decode.c.

Referenced by SetRpcPorts().

#define RPC_CLASS   DECODE_CLASS
 

Definition at line 83 of file spp_rpc_decode.c.

Referenced by PreprocRpcDecode().

#define TEXT_ALERT_INCOMPLETE   "alert_incomplete"
 

Definition at line 81 of file spp_rpc_decode.c.

Referenced by SetRpcPorts().

#define TEXT_ALERT_LARGE_FRAGMENTS   "alert_large_fragments"
 

Definition at line 80 of file spp_rpc_decode.c.

Referenced by SetRpcPorts().

#define TEXT_ALERT_MULTIPLE_REQUESTS   "alert_multiple_requests"
 

Definition at line 79 of file spp_rpc_decode.c.

Referenced by SetRpcPorts().

Typedef Documentation

typedef struct _RpcDecodeData RpcDecodeData
 

Function Documentation

int ConvertRPC Packet  ) 
 

Definition at line 387 of file spp_rpc_decode.c.

References _RpcDecodeData::alert_fragments, _Packet::data, DEBUG_RPC, DEBUG_WRAP, _Packet::dsize, index, MSB, _Packet::packet_flags, PKT_REBUILT_STREAM, RPC_FRAG_TRAFFIC, RPC_INCOMPLETE_SEGMENT, RPC_LARGE_FRAGSIZE, RPC_MULTIPLE_RECORD, and RPC_ZERO_LENGTH_FRAGMENT.

Referenced by PreprocRpcDecode().

void PreprocRpcDecode Packet ,
void * 
 

Definition at line 265 of file spp_rpc_decode.c.

References _RpcDecodeData::alert_fragments, _RpcDecodeData::alert_incomplete, _RpcDecodeData::alert_large, _RpcDecodeData::alert_multi, _runtime_config::capabilities, ConvertRPC(), DEBUG_RPC, DEBUG_WRAP, _Packet::dp, _Packet::dsize, GENERATOR_SPP_RPC_DECODE, _Packet::packet_flags, PacketIsTCP(), PKT_FROM_SERVER, PP_RPCDECODE, _Packet::preprocessors, RPC_CLASS, RPC_FRAG_TRAFFIC, RPC_FRAG_TRAFFIC_STR, RPC_INCOMPLETE_SEGMENT, RPC_INCOMPLETE_SEGMENT_STR, RPC_LARGE_FRAGSIZE, RPC_LARGE_FRAGSIZE_STR, RPC_MULTIPLE_RECORD, RPC_MULTIPLE_RECORD_STR, RPC_ZERO_LENGTH_FRAGMENT, RPC_ZERO_LENGTH_FRAGMENT_STR, RpcDecodePorts, snort_runtime, SnortEventqAdd(), and _Capabilities::stateful_inspection.

Referenced by RpcDecodeInit().

void RpcDecodeInit u_char *   ) 
 

Definition at line 135 of file spp_rpc_decode.c.

References AddFuncToPreprocList(), _RpcDecodeData::alert_incomplete, _RpcDecodeData::alert_large, _RpcDecodeData::alert_multi, bzero, DEBUG_RPC, DEBUG_WRAP, PreprocRpcDecode(), and SetRpcPorts().

Referenced by SetupRpcDecode().

void RpcDecodeInitIgnore u_char *   ) 
 

void SetRpcPorts char *   ) 
 

Definition at line 164 of file spp_rpc_decode.c.

References _RpcDecodeData::alert_fragments, _RpcDecodeData::alert_incomplete, _RpcDecodeData::alert_large, _RpcDecodeData::alert_multi, bzero, FatalError(), file_line, file_name, LogMessage(), mSplit(), mSplitFree(), NULL, OPT_ALERT_FRAGMENTS, OPT_ALERT_INCOMPLETE, OPT_ALERT_LARGE_FRAGMENTS, OPT_ALERT_MULTIPLE_REQUESTS, RpcDecodePorts, STD_BUF, strcasecmp, strlcat(), strtol(), TEXT_ALERT_INCOMPLETE, TEXT_ALERT_LARGE_FRAGMENTS, and TEXT_ALERT_MULTIPLE_REQUESTS.

Referenced by RpcDecodeInit().

void SetupRpcDecode  ) 
 

Definition at line 113 of file spp_rpc_decode.c.

References DEBUG_RPC, DEBUG_WRAP, RegisterPreprocessor(), and RpcDecodeInit().

Referenced by InitPreprocessors().

Variable Documentation

int do_detect
 

Definition at line 98 of file detect.c.

int file_line
 

Definition at line 88 of file parser.c.

char* file_name
 

external globals from rules.c

Definition at line 87 of file parser.c.

char RpcDecodePorts[65536/8] [static]
 

Definition at line 94 of file spp_rpc_decode.c.

Referenced by PreprocRpcDecode(), and SetRpcPorts().

RpcDecodeData rpcpreprocdata [static]
 

Definition at line 93 of file spp_rpc_decode.c.

Generated on Sun May 14 14:51:25 2006 by  doxygen 1.4.2