snort  2.9.17
About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.
  Fossies Dox: snort-2.9.17.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

service_rpc.c File Reference
#include <ctype.h>
#include <string.h>
#include <stdlib.h>
#include <stddef.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
#include "appIdApi.h"
#include "appInfoTable.h"
#include "flow.h"
#include "service_api.h"
Include dependency graph for service_rpc.c:

Go to the source code of this file.

Data Structures

struct  _SERVICE_RPC_FRAG
 
struct  _SERVICE_RPC_AUTH
 
struct  _SERVICE_RPC_PORTMAP
 
struct  _SERVICE_RPC_PORTMAP_REPLY
 
struct  _SERVICE_RPC_HEADER
 
struct  _SERVICE_RPC_CALL_HEADER
 
struct  _SERVICE_RPC_REPLY_HEADER
 
struct  _SERVICE_RPC_DATA
 
struct  _RPC_PROGRAM
 

Macros

#define min(x, y)   ((x)<(y) ? (x):(y))
 
#define RPC_TYPE_CALL   0
 
#define RPC_TYPE_REPLY   1
 
#define RPC_PROGRAM_PORTMAP   100000
 
#define RPC_PORTMAP_GETPORT   3
 
#define RPC_REPLY_ACCEPTED   0
 
#define RPC_REPLY_DENIED   1
 
#define RPC_MAX_ACCEPTED   4
 
#define RPC_MAX_DENIED   5
 
#define RPC_TCP_FRAG_MASK   0x80000000
 
#define RPC_MAX_TCP_PACKET_SIZE   56
 
#define RPC_PORT_PORTMAPPER   111
 
#define RPC_PORT_NFS   2049
 
#define RPC_PORT_MOUNTD   4046
 
#define RPC_PORT_NLOCKMGR   4045
 

Typedefs

typedef struct _SERVICE_RPC_FRAG ServiceRPCFragment
 
typedef struct _SERVICE_RPC_AUTH ServiceRPCAuth
 
typedef struct _SERVICE_RPC_PORTMAP ServiceRPCPortmap
 
typedef struct _SERVICE_RPC_PORTMAP_REPLY ServiceRPCPortmapReply
 
typedef struct _SERVICE_RPC_HEADER ServiceRPC
 
typedef struct _SERVICE_RPC_CALL_HEADER ServiceRPCCall
 
typedef struct _SERVICE_RPC_REPLY_HEADER ServiceRPCReply
 
typedef struct _SERVICE_RPC_DATA ServiceRPCData
 
typedef struct _RPC_PROGRAM RPCProgram
 

Enumerations

enum  RPCState { RPC_STATE_CALL, RPC_STATE_REPLY, RPC_STATE_DONE }
 
enum  RPCTCPState {
  RPC_TCP_STATE_FRAG, RPC_TCP_STATE_HEADER, RPC_TCP_STATE_CRED, RPC_TCP_STATE_CRED_DATA,
  RPC_TCP_STATE_VERIFY, RPC_TCP_STATE_VERIFY_DATA, RPC_TCP_STATE_REPLY_HEADER, RPC_TCP_STATE_PARTIAL,
  RPC_TCP_STATE_DONE
}
 
enum  RPCReplyState { RPC_REPLY_BEGIN, RPC_REPLY_MULTI, RPC_REPLY_MID }
 

Functions

static int rpc_init (const InitServiceAPI *const init_api)
 
static int rpc_validate (ServiceValidationArgs *args)
 
static int rpc_tcp_validate (ServiceValidationArgs *args)
 
static void rpc_clean (const CleanServiceAPI *const clean_api)
 
static const RPCProgramFindRPCProgram (uint32_t program)
 
static int validate_packet (const uint8_t *data, uint16_t size, int dir, tAppIdData *flowp, SFSnortPacket *pkt, ServiceRPCData *rd, const char **pname, uint32_t *program)
 

Variables

static tRNAServiceElement svc_element
 
static tRNAServiceElement tcp_svc_element
 
static RNAServiceValidationPort pp []
 
tRNAServiceValidationModule rpc_service_mod
 
static RPCProgramrpc_programs = NULL
 
static uint8_t rpc_reply_accepted_pattern [8] = {0,0,0,1,0,0,0,0}
 
static uint8_t rpc_reply_denied_pattern [8] = {0,0,0,1,0,0,0,1}
 
static tAppRegistryEntry appIdRegistry []
 
static int16_t app_id = 0
 

Macro Definition Documentation

◆ min

#define min (   x,
 
)    ((x)<(y) ? (x):(y))

Definition at line 68 of file service_rpc.c.

◆ RPC_MAX_ACCEPTED

#define RPC_MAX_ACCEPTED   4

Definition at line 79 of file service_rpc.c.

◆ RPC_MAX_DENIED

#define RPC_MAX_DENIED   5

Definition at line 80 of file service_rpc.c.

◆ RPC_MAX_TCP_PACKET_SIZE

#define RPC_MAX_TCP_PACKET_SIZE   56

Definition at line 85 of file service_rpc.c.

◆ RPC_PORT_MOUNTD

#define RPC_PORT_MOUNTD   4046

Definition at line 183 of file service_rpc.c.

◆ RPC_PORT_NFS

#define RPC_PORT_NFS   2049

Definition at line 182 of file service_rpc.c.

◆ RPC_PORT_NLOCKMGR

#define RPC_PORT_NLOCKMGR   4045

Definition at line 184 of file service_rpc.c.

◆ RPC_PORT_PORTMAPPER

#define RPC_PORT_PORTMAPPER   111

Definition at line 181 of file service_rpc.c.

◆ RPC_PORTMAP_GETPORT

#define RPC_PORTMAP_GETPORT   3

Definition at line 74 of file service_rpc.c.

◆ RPC_PROGRAM_PORTMAP

#define RPC_PROGRAM_PORTMAP   100000

Definition at line 73 of file service_rpc.c.

◆ RPC_REPLY_ACCEPTED

#define RPC_REPLY_ACCEPTED   0

Definition at line 76 of file service_rpc.c.

◆ RPC_REPLY_DENIED

#define RPC_REPLY_DENIED   1

Definition at line 77 of file service_rpc.c.

◆ RPC_TCP_FRAG_MASK

#define RPC_TCP_FRAG_MASK   0x80000000

Definition at line 82 of file service_rpc.c.

◆ RPC_TYPE_CALL

#define RPC_TYPE_CALL   0

Definition at line 70 of file service_rpc.c.

◆ RPC_TYPE_REPLY

#define RPC_TYPE_REPLY   1

Definition at line 71 of file service_rpc.c.

Typedef Documentation

◆ RPCProgram

typedef struct _RPC_PROGRAM RPCProgram

◆ ServiceRPC

◆ ServiceRPCAuth

◆ ServiceRPCCall

◆ ServiceRPCData

◆ ServiceRPCFragment

◆ ServiceRPCPortmap

◆ ServiceRPCPortmapReply

◆ ServiceRPCReply

Enumeration Type Documentation

◆ RPCReplyState

Enumerator
RPC_REPLY_BEGIN 
RPC_REPLY_MULTI 
RPC_REPLY_MID 

Definition at line 61 of file service_rpc.c.

◆ RPCState

enum RPCState
Enumerator
RPC_STATE_CALL 
RPC_STATE_REPLY 
RPC_STATE_DONE 

Definition at line 41 of file service_rpc.c.

◆ RPCTCPState

Enumerator
RPC_TCP_STATE_FRAG 
RPC_TCP_STATE_HEADER 
RPC_TCP_STATE_CRED 
RPC_TCP_STATE_CRED_DATA 
RPC_TCP_STATE_VERIFY 
RPC_TCP_STATE_VERIFY_DATA 
RPC_TCP_STATE_REPLY_HEADER 
RPC_TCP_STATE_PARTIAL 
RPC_TCP_STATE_DONE 

Definition at line 48 of file service_rpc.c.

Function Documentation

◆ FindRPCProgram()

static const RPCProgram* FindRPCProgram ( uint32_t  program)
static

Definition at line 279 of file service_rpc.c.

References _RPC_PROGRAM::next, _RPC_PROGRAM::program, and rpc_programs.

Referenced by validate_packet().

◆ rpc_clean()

static void rpc_clean ( const CleanServiceAPI *const  clean_api)
static

Definition at line 933 of file service_rpc.c.

References _RPC_PROGRAM::name, _RPC_PROGRAM::next, NULL, and rpc_programs.

◆ rpc_init()

◆ rpc_tcp_validate()

static int rpc_tcp_validate ( ServiceValidationArgs args)
static

Definition at line 555 of file service_rpc.c.

References _SERVICE_API::add_service, RNAServiceValidationModule::api, APP_ID_APPID_SESSION_DIRECTION_MAX, APP_ID_FROM_INITIATOR, APP_ID_FROM_RESPONDER, APP_ID_SUN_RPC, APPID_SESSION_CONTINUE, APPID_SESSION_SERVICE_DETECTED, clearAppIdFlag(), _SERVICE_RPC_CALL_HEADER::cred, _ServiceValidationArgs::data, _SERVICE_API::data_add, _SERVICE_API::data_get, _ServiceValidationArgs::dir, _SFSnortPacket::dst_port, _SERVICE_API::fail_service, _SERVICE_RPC_AUTH::flavor, RNAServiceValidationModule::flow_data_index, _ServiceValidationArgs::flowp, getAppIdFlag(), _SERVICE_RPC_CALL_HEADER::header, _SERVICE_RPC_REPLY_HEADER::header, _SERVICE_API::incompatible_data, _SERVICE_RPC_FRAG::length, _SERVICE_RPC_AUTH::length, length, min, NULL, _ServiceValidationArgs::pConfig, _ServiceValidationArgs::pkt, AppIdData::proto, RPC_MAX_TCP_PACKET_SIZE, rpc_service_mod, RPC_STATE_CALL, RPC_TCP_FRAG_MASK, RPC_TCP_STATE_CRED, RPC_TCP_STATE_CRED_DATA, RPC_TCP_STATE_DONE, RPC_TCP_STATE_FRAG, RPC_TCP_STATE_HEADER, RPC_TCP_STATE_PARTIAL, RPC_TCP_STATE_REPLY_HEADER, RPC_TCP_STATE_VERIFY, RPC_TCP_STATE_VERIFY_DATA, RPC_TYPE_CALL, RPC_TYPE_REPLY, _RNAServiceSubtype::service, SERVICE_ENOMEM, SERVICE_INPROCESS, _SERVICE_API::service_inprocess, SERVICE_NOMATCH, SERVICE_NOT_COMPATIBLE, SERVICE_SUCCESS, setAppIdFlag(), SF_DEBUG_FILE, _ServiceValidationArgs::size, _SFSnortPacket::src_port, _SERVICE_RPC_DATA::state, tcp_svc_element, _SERVICE_RPC_DATA::tcpauthsize, _SERVICE_RPC_DATA::tcpdata, _SERVICE_RPC_DATA::tcpfragpos, _SERVICE_RPC_DATA::tcpfragstate, _SERVICE_RPC_DATA::tcppos, _SERVICE_RPC_DATA::tcpsize, _SERVICE_RPC_DATA::tcpstate, _SERVICE_RPC_HEADER::type, validate_packet(), _SERVICE_RPC_CALL_HEADER::verify, _SERVICE_RPC_REPLY_HEADER::verify, and _SERVICE_RPC_CALL_HEADER::version.

Referenced by rpc_init().

◆ rpc_validate()

◆ validate_packet()

static int validate_packet ( const uint8_t data,
uint16_t  size,
int  dir,
tAppIdData flowp,
SFSnortPacket pkt,
ServiceRPCData rd,
const char **  pname,
uint32_t program 
)
static

Definition at line 290 of file service_rpc.c.

References RNAServiceValidationModule::api, app_id, APP_ID_FROM_INITIATOR, APP_ID_FROM_RESPONDER, APPID_SESSION_DISCOVER_APP, APPID_SESSION_DISCOVER_USER, APPID_SESSION_INITIATOR_CHECKED, APPID_SESSION_INITIATOR_MONITORED, APPID_SESSION_RESPONDER_CHECKED, APPID_SESSION_RESPONDER_MONITORED, APPID_SESSION_SPECIAL_MONITORED, APPID_SESSION_UDP_REVERSED, _SERVICE_RPC_CALL_HEADER::cred, _SERVICE_API::data_add_id, FindRPCProgram(), _SERVICE_API::flow_new, GET_DST_IP, GET_SRC_IP, getAppIdFlag(), _SERVICE_RPC_CALL_HEADER::header, _SERVICE_RPC_REPLY_HEADER::header, _SERVICE_RPC_AUTH::length, _RPC_PROGRAM::name, _SERVICE_RPC_DATA::once, _SERVICE_RPC_PORTMAP_REPLY::port, _SERVICE_RPC_CALL_HEADER::procedure, _SERVICE_RPC_DATA::procedure, _SERVICE_RPC_CALL_HEADER::program, _SERVICE_RPC_DATA::program, AppIdData::proto, _SERVICE_RPC_PORTMAP::proto, _SERVICE_RPC_DATA::proto, _SERVICE_RPC_REPLY_HEADER::reply_state, RNA_STATE_STATEFUL, AppIdData::rnaServiceState, RPC_MAX_ACCEPTED, RPC_MAX_DENIED, RPC_PORTMAP_GETPORT, RPC_PROGRAM_PORTMAP, RPC_REPLY_ACCEPTED, RPC_REPLY_DENIED, rpc_service_mod, RPC_STATE_CALL, RPC_STATE_DONE, RPC_STATE_REPLY, RPC_TYPE_CALL, RPC_TYPE_REPLY, SERVICE_INPROCESS, SERVICE_NOMATCH, SERVICE_NOT_COMPATIBLE, SERVICE_SUCCESS, setAppIdFlag(), _SERVICE_RPC_REPLY_HEADER::state, _SERVICE_RPC_DATA::state, svc_element, tcp_svc_element, _SERVICE_RPC_HEADER::type, _SERVICE_RPC_REPLY_HEADER::verify, _SERVICE_RPC_CALL_HEADER::version, _SERVICE_RPC_HEADER::xid, and _SERVICE_RPC_DATA::xid.

Referenced by rpc_tcp_validate(), and rpc_validate().

Variable Documentation

◆ app_id

int16_t app_id = 0
static

Definition at line 228 of file service_rpc.c.

Referenced by rpc_init(), and validate_packet().

◆ appIdRegistry

tAppRegistryEntry appIdRegistry[]
static
Initial value:
=
{
}
@ APP_ID_SUN_RPC
Definition: appId.h:479
@ APPINFO_FLAG_SERVICE_UDP_REVERSED
Definition: appInfoTable.h:37
@ APPINFO_FLAG_SERVICE_ADDITIONAL
Definition: appInfoTable.h:36

Definition at line 223 of file service_rpc.c.

Referenced by rpc_init().

◆ pp

Initial value:
=
{
{&rpc_validate, 111 , IPPROTO_UDP},
{&rpc_validate, 111 , IPPROTO_UDP, 1},
{&rpc_tcp_validate, 111 , IPPROTO_TCP},
{&rpc_validate, 2049 , IPPROTO_UDP},
{&rpc_validate, 2049 , IPPROTO_UDP, 1},
{&rpc_tcp_validate, 2049 , IPPROTO_TCP},
{&rpc_validate, 4046 , IPPROTO_UDP},
{&rpc_validate, 4046 , IPPROTO_UDP, 1},
{&rpc_tcp_validate, 4046 , IPPROTO_TCP},
{&rpc_validate, 4045 , IPPROTO_UDP},
{&rpc_validate, 4045 , IPPROTO_UDP, 1},
{&rpc_tcp_validate, 4045 , IPPROTO_TCP},
{NULL, 0, 0}
}
static int rpc_tcp_validate(ServiceValidationArgs *args)
Definition: service_rpc.c:555
static int rpc_validate(ServiceValidationArgs *args)
Definition: service_rpc.c:452
#define NULL
Definition: types.h:63

Definition at line 186 of file service_rpc.c.

◆ rpc_programs

RPCProgram* rpc_programs = NULL
static

Definition at line 218 of file service_rpc.c.

Referenced by FindRPCProgram(), rpc_clean(), and rpc_init().

◆ rpc_reply_accepted_pattern

uint8_t rpc_reply_accepted_pattern[8] = {0,0,0,1,0,0,0,0}
static

Definition at line 220 of file service_rpc.c.

Referenced by rpc_init().

◆ rpc_reply_denied_pattern

uint8_t rpc_reply_denied_pattern[8] = {0,0,0,1,0,0,0,1}
static

Definition at line 221 of file service_rpc.c.

Referenced by rpc_init().

◆ rpc_service_mod

tRNAServiceValidationModule rpc_service_mod
Initial value:
=
{
"RPC",
pp,
.clean = rpc_clean
}
static void rpc_clean(const CleanServiceAPI *const clean_api)
Definition: service_rpc.c:933
static RNAServiceValidationPort pp[]
Definition: service_rpc.c:186
static int rpc_init(const InitServiceAPI *const init_api)
Definition: service_rpc.c:230

Definition at line 203 of file service_rpc.c.

Referenced by rpc_tcp_validate(), rpc_validate(), and validate_packet().

◆ svc_element

tRNAServiceElement svc_element
static
Initial value:
=
{
.next = NULL,
.validate = &rpc_validate,
.detectorType = 0 ,
.name = "rpc",
.ref_count = 1,
.current_ref_count = 1,
}
static int rpc_validate(ServiceValidationArgs *args)
Definition: service_rpc.c:452
#define NULL
Definition: types.h:63

Definition at line 162 of file service_rpc.c.

Referenced by rpc_validate(), and validate_packet().

◆ tcp_svc_element

tRNAServiceElement tcp_svc_element
static
Initial value:
=
{
.next = NULL,
.validate = &rpc_tcp_validate,
.detectorType = 0 ,
.name = "tcp rpc",
.ref_count = 1,
.current_ref_count = 1,
}
static int rpc_tcp_validate(ServiceValidationArgs *args)
Definition: service_rpc.c:555
#define NULL
Definition: types.h:63

Definition at line 171 of file service_rpc.c.

Referenced by rpc_tcp_validate(), and validate_packet().