Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Expand parsing of RPC Call packets to add Uid, Gid, Stamp, MachineName

Browse source 
and AuxGIDs
This commit is contained in:
Julien Wallior 2017-02-14 10:23:34 -05:00
parent 04478acb59
commit e69bb37cc7
4 changed files with 43 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/analyzer/protocol/rpc/RPC.h
View file

@ -62,6 +62,11 @@ public:
uint32 Program() const { return prog; }
uint32 Version() const { return vers; }
uint32 Proc() const { return proc; }
uint32 Uid() const { return uid; }
uint32 Gid() const { return gid; }
uint32 Stamp() const { return stamp; }
const std::string& MachineName() const { return machinename; }
const std::vector<int>& AuxGIDs() const { return auxgids; }
double StartTime() const { return start_time; }
void SetStartTime(double t) { start_time = t; }
@ -78,8 +83,12 @@ public:
protected:
uint32 xid, rpc_version, prog, vers, proc;
uint32 cred_flavor, verf_flavor;
uint32 cred_flavor, stamp;
uint32 uid, gid;
std::vector<int> auxgids;
uint32 verf_flavor;
u_char* call_buf; // copy of original call buffer
std::string machinename;
double start_time;
double last_time;
int rpc_len; // size of the full RPC call, incl. xid and msg_type