1 //--------------------------------------------------------------------------
2 // Copyright (C) 2016-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation.  You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 //--------------------------------------------------------------------------
18 //
19 // dce_udp_module.h author Maya Dagon <mdagon@cisco.com>
20 
21 #ifndef DCE2_UDP_MODULE_H
22 #define DCE2_UDP_MODULE_H
23 
24 #include "dce_common.h"
25 #include "framework/module.h"
26 
27 namespace snort
28 {
29 class Trace;
30 struct SnortConfig;
31 }
32 
33 extern THREAD_LOCAL const snort::Trace* dce_udp_trace;
34 
35 #define DCE2_CL_BAD_MAJOR_VERSION 40
36 #define DCE2_CL_BAD_PDU_TYPE      41
37 #define DCE2_CL_DATA_LT_HDR       42
38 #define DCE2_CL_BAD_SEQ_NUM       43
39 
40 #define DCE2_CL_BAD_MAJOR_VERSION_STR "connection-less DCE/RPC - invalid major version"
41 #define DCE2_CL_BAD_PDU_TYPE_STR "connection-less DCE/RPC - invalid PDU type"
42 #define DCE2_CL_DATA_LT_HDR_STR  "connection-less DCE/RPC - data length less than header size"
43 #define DCE2_CL_BAD_SEQ_NUM_STR  "connection-less DCE/RPC - bad sequence number"
44 
45 struct dce2UdpProtoConf
46 {
47     dce2CommonProtoConf common;
48 };
49 
50 class Dce2UdpModule : public snort::Module
51 {
52 public:
53     Dce2UdpModule();
54 
55     bool set(const char*, snort::Value&, snort::SnortConfig*) override;
56 
get_gid()57     unsigned get_gid() const override
58     { return GID_DCE2; }
59 
60     const snort::RuleMap* get_rules() const override;
61     const PegInfo* get_pegs() const override;
62     PegCount* get_counts() const override;
63     snort::ProfileStats* get_profile() const override;
64     void get_data(dce2UdpProtoConf&);
65 
get_usage()66     Usage get_usage() const override
67     { return INSPECT; }
68 
is_bindable()69     bool is_bindable() const override
70     { return true; }
71 
72     void set_trace(const snort::Trace*) const override;
73     const snort::TraceOption* get_trace_options() const override;
74 
75 private:
76     dce2UdpProtoConf config;
77 };
78 
79 void print_dce2_udp_conf(const dce2UdpProtoConf&);
80 
81 #endif
82 
83