"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/dynamic-preprocessors/dcerpc2/dce2_smb.h" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

dce2_smb.h  (snort-2.9.16.1):dce2_smb.h  (snort-2.9.17)
skipping to change at line 100 skipping to change at line 100
} DCE2_SmbPduState; } DCE2_SmbPduState;
typedef enum _DCE2_SmbFileDirection typedef enum _DCE2_SmbFileDirection
{ {
DCE2_SMB_FILE_DIRECTION__UNKNOWN = 0, DCE2_SMB_FILE_DIRECTION__UNKNOWN = 0,
DCE2_SMB_FILE_DIRECTION__UPLOAD, DCE2_SMB_FILE_DIRECTION__UPLOAD,
DCE2_SMB_FILE_DIRECTION__DOWNLOAD DCE2_SMB_FILE_DIRECTION__DOWNLOAD
} DCE2_SmbFileDirection; } DCE2_SmbFileDirection;
/* This structure is to maintain that we have received a pending veridct in case
of upload & we will not delete the trackers*/
typedef enum _DCE2_SmbRetransmitPending
{
DCE2_SMB_RETRANSMIT_PENDING__UNSET = 0,
DCE2_SMB_RETRANSMIT_PENDING__SET
} DCE2_SmbRetransmitPending;
/******************************************************************** /********************************************************************
* Structures * Structures
********************************************************************/ ********************************************************************/
typedef struct _DCE2_SmbWriteAndXRaw typedef struct _DCE2_SmbWriteAndXRaw
{ {
int remaining; // A signed integer so it can be negative int remaining; // A signed integer so it can be negative
DCE2_Buffer *buf; DCE2_Buffer *buf;
} DCE2_SmbWriteAndXRaw; } DCE2_SmbWriteAndXRaw;
skipping to change at line 138 skipping to change at line 146
struct struct
{ {
uint64_t file_id; uint64_t file_id;
} id_smb2; } id_smb2;
} file_key; } file_key;
bool is_ipc; bool is_ipc;
bool is_smb2; bool is_smb2;
uint8_t *file_name;
uint16_t file_name_len; uint16_t file_name_len;
uint8_t *file_name;
union union
{ {
struct struct
{ {
// If pipe has been set to byte mode via TRANS_SET_NMPIPE_STATE // If pipe has been set to byte mode via TRANS_SET_NMPIPE_STATE
bool byte_mode; bool byte_mode;
// For Windows 2000 // For Windows 2000
bool used; bool used;
skipping to change at line 247 skipping to change at line 255
int smb_com; int smb_com;
int mid; // A signed integer so it can be set to sentinel int mid; // A signed integer so it can be set to sentinel
uint16_t uid; uint16_t uid;
uint16_t tid; uint16_t tid;
uint16_t pid; uint16_t pid;
// For WriteRaw // For WriteRaw
bool writeraw_writethrough; bool writeraw_writethrough;
uint32_t writeraw_remaining; uint32_t writeraw_remaining;
uint16_t file_name_len;
// For Transaction/Transaction2/NtTransact // For Transaction/Transaction2/NtTransact
DCE2_SmbTransactionTracker ttracker; DCE2_SmbTransactionTracker ttracker;
// Client can chain a write to an open. Need to write data, but also // Client can chain a write to an open. Need to write data, but also
// need to associate tracker with fid returned from server // need to associate tracker with fid returned from server
DCE2_Queue *ft_queue; DCE2_Queue *ft_queue;
// This is a reference to an existing file tracker // This is a reference to an existing file tracker
DCE2_SmbFileTracker *ftracker; DCE2_SmbFileTracker *ftracker;
// Used for requests to cache data that will ultimately end up in // Used for requests to cache data that will ultimately end up in
// the file tracker upon response. // the file tracker upon response.
uint8_t *file_name; uint8_t *file_name;
uint16_t file_name_len;
uint64_t file_size; uint64_t file_size;
uint64_t file_offset; uint64_t file_offset;
bool sequential_only; bool sequential_only;
// For TreeConnect to know whether it's to IPC // For TreeConnect to know whether it's to IPC
bool is_ipc; bool is_ipc;
} DCE2_SmbRequestTracker; } DCE2_SmbRequestTracker;
typedef struct _DCE2_SmbSsnData typedef struct _DCE2_SmbSsnData
skipping to change at line 297 skipping to change at line 305
DCE2_List *uids; DCE2_List *uids;
DCE2_List *tids; DCE2_List *tids;
// For tracking files and named pipes // For tracking files and named pipes
DCE2_SmbFileTracker ftracker; DCE2_SmbFileTracker ftracker;
DCE2_List *ftrackers; // List of DCE2_SmbFileTracker DCE2_List *ftrackers; // List of DCE2_SmbFileTracker
// For tracking requests / responses // For tracking requests / responses
DCE2_SmbRequestTracker rtracker; DCE2_SmbRequestTracker rtracker;
DCE2_Queue *rtrackers; DCE2_Queue *rtrackers;
uint16_t max_outstanding_requests;
uint16_t outstanding_requests;
// The current pid/mid node for this request/response // The current pid/mid node for this request/response
DCE2_SmbRequestTracker *cur_rtracker; DCE2_SmbRequestTracker *cur_rtracker;
// Used for TCP segmentation to get full PDU // Used for TCP segmentation to get full PDU
DCE2_Buffer *cli_seg; DCE2_Buffer *cli_seg;
DCE2_Buffer *srv_seg; DCE2_Buffer *srv_seg;
// These are used for commands we don't need to process // These are used for commands we don't need to process
uint32_t cli_ignore_bytes; uint32_t cli_ignore_bytes;
skipping to change at line 323 skipping to change at line 329
DCE2_SmbFileTracker *fapi_ftracker; DCE2_SmbFileTracker *fapi_ftracker;
Smb2Request *smb2_requests; Smb2Request *smb2_requests;
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
DCE2_SmbFileTracker *fb_ftracker; DCE2_SmbFileTracker *fb_ftracker;
bool block_pdus; bool block_pdus;
#endif #endif
bool smbfound; bool smbfound;
bool smbretransmit;
uint16_t max_outstanding_requests;
uint16_t outstanding_requests;
// Maximum file depth as returned from file API // Maximum file depth as returned from file API
int64_t max_file_depth; int64_t max_file_depth;
} DCE2_SmbSsnData; } DCE2_SmbSsnData;
typedef struct _DCE2SmbFsm typedef struct _DCE2SmbFsm
{ {
char input; char input;
int next_state; int next_state;
int fail_state; int fail_state;
skipping to change at line 358 skipping to change at line 367
void DCE2_SmbInitGlobals(void); void DCE2_SmbInitGlobals(void);
void DCE2_SmbInitRdata(uint8_t *, int); void DCE2_SmbInitRdata(uint8_t *, int);
void DCE2_SmbSetRdata(DCE2_SmbSsnData *, uint8_t *, uint16_t); void DCE2_SmbSetRdata(DCE2_SmbSsnData *, uint8_t *, uint16_t);
DCE2_SmbSsnData * DCE2_SmbSsnInit(SFSnortPacket *); DCE2_SmbSsnData * DCE2_SmbSsnInit(SFSnortPacket *);
void DCE2_SmbProcess(DCE2_SmbSsnData *); void DCE2_SmbProcess(DCE2_SmbSsnData *);
void DCE2_SmbDataFree(DCE2_SmbSsnData *); void DCE2_SmbDataFree(DCE2_SmbSsnData *);
void DCE2_SmbSsnFree(void *); void DCE2_SmbSsnFree(void *);
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
void DCE2_SmbInitDeletePdu(void); void DCE2_SmbInitDeletePdu(void);
#endif #endif
void DCE2_Process_Retransmitted(SFSnortPacket *);
/********************************************************************* /*********************************************************************
* Function: DCE2_SmbAutodetect() * Function: DCE2_SmbAutodetect()
* *
* Purpose: Tries to determine if a packet is likely to be SMB. * Purpose: Tries to determine if a packet is likely to be SMB.
* *
* Arguments: * Arguments:
* const uint8_t * - pointer to packet data. * const uint8_t * - pointer to packet data.
* uint16_t - packet data length. * uint16_t - packet data length.
* *
* Returns: * Returns:
 End of changes. 8 change blocks. 
5 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)