1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2016-2021 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 // 19 // dce_udp_module.h author Maya Dagon <mdagon@cisco.com> 20 21 #ifndef DCE2_UDP_MODULE_H 22 #define DCE2_UDP_MODULE_H 23 24 #include "dce_common.h" 25 #include "framework/module.h" 26 27 namespace snort 28 { 29 class Trace; 30 struct SnortConfig; 31 } 32 33 extern THREAD_LOCAL const snort::Trace* dce_udp_trace; 34 35 #define DCE2_CL_BAD_MAJOR_VERSION 40 36 #define DCE2_CL_BAD_PDU_TYPE 41 37 #define DCE2_CL_DATA_LT_HDR 42 38 #define DCE2_CL_BAD_SEQ_NUM 43 39 40 #define DCE2_CL_BAD_MAJOR_VERSION_STR "connection-less DCE/RPC - invalid major version" 41 #define DCE2_CL_BAD_PDU_TYPE_STR "connection-less DCE/RPC - invalid PDU type" 42 #define DCE2_CL_DATA_LT_HDR_STR "connection-less DCE/RPC - data length less than header size" 43 #define DCE2_CL_BAD_SEQ_NUM_STR "connection-less DCE/RPC - bad sequence number" 44 45 struct dce2UdpProtoConf 46 { 47 dce2CommonProtoConf common; 48 }; 49 50 class Dce2UdpModule : public snort::Module 51 { 52 public: 53 Dce2UdpModule(); 54 55 bool set(const char*, snort::Value&, snort::SnortConfig*) override; 56 get_gid()57 unsigned get_gid() const override 58 { return GID_DCE2; } 59 60 const snort::RuleMap* get_rules() const override; 61 const PegInfo* get_pegs() const override; 62 PegCount* get_counts() const override; 63 snort::ProfileStats* get_profile() const override; 64 void get_data(dce2UdpProtoConf&); 65 get_usage()66 Usage get_usage() const override 67 { return INSPECT; } 68 is_bindable()69 bool is_bindable() const override 70 { return true; } 71 72 void set_trace(const snort::Trace*) const override; 73 const snort::TraceOption* get_trace_options() const override; 74 75 private: 76 dce2UdpProtoConf config; 77 }; 78 79 void print_dce2_udp_conf(const dce2UdpProtoConf&); 80 81 #endif 82 83