1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation. You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 //--------------------------------------------------------------------------
18
19 // rpc_module.cc author Russ Combs <rucombs@cisco.com>
20
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "rpc_module.h"
26
27 using namespace snort;
28
29 #define RPC_FRAG_TRAFFIC_STR \
30 "fragmented RPC records"
31 #define RPC_MULTIPLE_RECORD_STR \
32 "multiple RPC records"
33 #define RPC_LARGE_FRAGSIZE_STR \
34 "large RPC record fragment"
35 #define RPC_INCOMPLETE_SEGMENT_STR \
36 "incomplete RPC segment"
37 #define RPC_ZERO_LENGTH_FRAGMENT_STR \
38 "zero-length RPC fragment"
39
40 static const Parameter s_params[] =
41 {
42 { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
43 };
44
45 static const RuleMap rpc_rules[] =
46 {
47 { RPC_FRAG_TRAFFIC, RPC_FRAG_TRAFFIC_STR },
48 { RPC_MULTIPLE_RECORD, RPC_MULTIPLE_RECORD_STR },
49 { RPC_LARGE_FRAGSIZE, RPC_LARGE_FRAGSIZE_STR },
50 { RPC_INCOMPLETE_SEGMENT, RPC_INCOMPLETE_SEGMENT_STR },
51 { RPC_ZERO_LENGTH_FRAGMENT, RPC_ZERO_LENGTH_FRAGMENT_STR },
52
53 { 0, nullptr }
54 };
55
56 //-------------------------------------------------------------------------
57 // rpc module
58 //-------------------------------------------------------------------------
59
60 #define s_name "rpc_decode"
61 #define s_help "RPC inspector"
62
63 static const PegInfo rpc_pegs[] =
64 {
65 { CountType::SUM, "total_packets", "total packets" },
66 { CountType::NOW, "concurrent_sessions", "total concurrent rpc sessions" },
67 { CountType::MAX, "max_concurrent_sessions", "maximum concurrent rpc sessions" },
68
69 { CountType::END, nullptr, nullptr }
70 };
71
RpcDecodeModule()72 RpcDecodeModule::RpcDecodeModule() : Module(s_name, s_help, s_params)
73 { }
74
get_rules() const75 const RuleMap* RpcDecodeModule::get_rules() const
76 { return rpc_rules; }
77
get_pegs() const78 const PegInfo* RpcDecodeModule::get_pegs() const
79 { return rpc_pegs; }
80
get_counts() const81 PegCount* RpcDecodeModule::get_counts() const
82 { return (PegCount*)&rdstats; }
83
get_profile() const84 ProfileStats* RpcDecodeModule::get_profile() const
85 { return &rpcdecodePerfStats; }
86
87