Merge remote-tracking branch 'origin/topic/jsiwek/gh-684-fix-rpc-parsing'

* origin/topic/jsiwek/gh-684-fix-rpc-parsing: GH-684: Fix parsing of RPC calls with non-AUTH_UNIX flavors Addresses GH-684
2025-10-05 08:08:19 +00:00 · 2019-11-21 08:47:32 -08:00 · 2019-11-21 08:47:32 -08:00 · e5db1f085c
commit e5db1f085c
parent 5dafa7218d 37a478ae99
8 changed files with 132 additions and 57 deletions
--- a/testing/btest/scripts/base/protocols/portmap/basic.test
+++ b/testing/btest/scripts/base/protocols/portmap/basic.test
@ -0,0 +1,30 @@
+# @TEST-EXEC: zeek -b -r $TRACES/rpc-portmap-sadmind.pcap %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+const rpc_ports = { 111/udp };
+redef likely_server_ports += { rpc_ports };
+
+event zeek_init()
+	{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_PORTMAPPER, rpc_ports);
+	}
+
+event pm_request_getport(r: connection, pr: pm_port_request, p: port)
+	{
+	print "portmap request getport", r$id$orig_p, pr, p;
+	}
+
+event pm_request_callit(r: connection, call: pm_callit_request, p: port)
+	{
+	print "portmap request callit", r$id$orig_p, call, p;
+	}
+
+event rpc_call(c: connection, xid: count, prog: count, ver: count, proc: count, call_len: count)
+	{
+	print "rpc call", c$id$orig_p, xid, prog, ver, proc, call_len;
+	}
+
+event rpc_reply(c: connection, xid: count, status: rpc_status, reply_len: count)
+	{
+	print "rpc reply", c$id$orig_p, xid, status, reply_len;
+	}