Merge branch 'add-dce-rpc-payloads' of https://github.com/ynadji/zeek

- Changed the new stub events to correctly check for existence of their associated handler before generating an event - Added a test case for the new stub event * 'add-dce-rpc-payloads' of https://github.com/ynadji/zeek: Add stub payload to dce_rpc_request and dce_rpc_response
2025-10-11 19:18:19 +00:00 · 2020-09-25 14:37:58 -07:00 · 2020-09-25 14:37:58 -07:00 · c1492942bb
commit c1492942bb
parent cc5066632b fd58c724a5
7 changed files with 97 additions and 3 deletions
--- a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.request-response-stub-events/out
+++ b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.request-response-stub-events/out
@ -0,0 +1,6 @@
+dce_rpc_request     , [orig_h=192.168.122.145, orig_p=55614/tcp, resp_h=192.168.122.3, resp_p=1024/tcp], 0, 0, 0, 144
+dce_rpc_request_stub, [orig_h=192.168.122.145, orig_p=55614/tcp, resp_h=192.168.122.3, resp_p=1024/tcp], 0, 0, 0, 144
+6b1ae0dd480552c8ea776ff61470f020fe55ccc3a3a8b4a9f09a7a03fe8ac77342df9323aadfce176f1b02143fa727496c8ae9308775f70a264ea627d2f1f1f514fb471650b2c2a69caa96fc2f885c31800820ea55852822d536ac0a71902aafd854d023cc6394a4d0861b991fd8a9e5e451c471a497eaf67e8652b8d107e8b80ba21a07763e67afcda009b18db916ab
+dce_rpc_response     , [orig_h=192.168.122.145, orig_p=55614/tcp, resp_h=192.168.122.3, resp_p=1024/tcp], 0, 0, 0, 64
+dce_rpc_response_stub, [orig_h=192.168.122.145, orig_p=55614/tcp, resp_h=192.168.122.3, resp_p=1024/tcp], 0, 0, 0, 64
+f79c0c2680ad63c2c48a2f2244450025ee5df82a8674cc448d085ac51a5c83950b8bc9d2fca2fc616fd88d28c12fd201c715d33d504d67b27179c7b145979ba2