Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'add-dce-rpc-payloads' of https://github.com/ynadji/zeek

Browse source 
- Changed the new stub events to correctly check for existence of
  their associated handler before generating an event

- Added a test case for the new stub event

* 'add-dce-rpc-payloads' of https://github.com/ynadji/zeek:
  Add stub payload to dce_rpc_request and dce_rpc_response
This commit is contained in:
Jon Siwek 2020-09-25 14:37:58 -07:00
commit c1492942bb
7 changed files with 97 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

28
testing/btest/scripts/base/protocols/dce-rpc/request-response-stub-events.zeek Normal file
View file

@ -0,0 +1,28 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT > out
# @TEST-EXEC: btest-diff out
@load base/protocols/dce-rpc
event dce_rpc_request(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count)
{
print "dce_rpc_request ", c$id, fid, ctx_id, opnum, stub_len;
}
event dce_rpc_request_stub(c: connection, fid: count, ctx_id: count, opnum: count, stub: string)
{
print "dce_rpc_request_stub", c$id, fid, ctx_id, opnum, |stub|;
print bytestring_to_hexstr(stub);
}
event dce_rpc_response(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count)
{
print "dce_rpc_response ", c$id, fid, ctx_id, opnum, stub_len;
}
event dce_rpc_response_stub(c: connection, fid: count, ctx_id: count, opnum: count, stub: string)
{
print "dce_rpc_response_stub", c$id, fid, ctx_id, opnum, |stub|;
print bytestring_to_hexstr(stub);
terminate();
}