~ubuntu-branches/ubuntu/precise/suricata/precise-proposed
» Revision
6
: src/detect-engine-dcepayload.c
« back to all changes in this revision
Viewing changes to src/detect-engine-dcepayload.c
- browse files at revision 6
- compare with another revision
- download diff
- download tarball
- view history from revision 6
- Committer: Bazaar Package Importer
- Author(s): Pierre Chifflier
- Date: 2010-06-19 17:39:14 UTC
- mfrom: (1.1.3 upstream)
- Revision ID: james.westby@ubuntu.com-20100619173914-5vkjfgz24mbia29z
Tags: 0.9.2-1
ImportedĀ UpstreamĀ versionĀ 0.9.2
- files added:
- doc/INSTALL.PF_RING
- libhtp/m4
- files modified:
- Makefile.am
added
removed
src/detect-engine-dcepayload.c
1
/* Copyright (C) 2007-2010 Open Information Security Foundation
2
*
3
* You can copy, redistribute or modify this Program under the terms of
4
* the GNU General Public License version 2 as published by the Free
5
* Software Foundation.
6
*
7
* This program is distributed in the hope that it will be useful,
8
* but WITHOUT ANY WARRANTY; without even the implied warranty of
9
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10
* GNU General Public License for more details.
11
*
12
* You should have received a copy of the GNU General Public License
13
* version 2 along with this program; if not, write to the Free Software
14
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15
* 02110-1301, USA.
16
*/
17
18
/**
19
* \file
20
*
21
* \author Anoop Saldanha <poonaatsoc@gmail.com>
22
*/
23
24
#include "suricata-common.h"
25
#include "suricata.h"
26
27
#include "decode.h"
28
29
#include "detect.h"
30
#include "detect-engine.h"
31
#include "detect-parse.h"
32
#include "detect-content.h"
33
#include "detect-pcre.h"
34
#include "detect-isdataat.h"
35
#include "detect-bytetest.h"
36
#include "detect-bytejump.h"
37
38
#include "util-spm.h"
39
#include "util-spm-bm.h"
40
41
#include "stream-tcp-reassemble.h"
42
#include "stream-tcp.h"
43
44
#include "app-layer.h"
45
#include "app-layer-dcerpc.h"
46
#include "decode-tcp.h"
47
#include "flow-util.h"
48
#include "util-debug.h"
49
#include "util-unittest.h"
50
#include "util-unittest-helper.h"
51
52
/**
53
* \brief Run the dce stub match functions for the dce stub based keywords.
54
*
55
* The following keywords are inspected:
56
* - content
57
* - isdaatat
58
* - pcre
59
* - bytejump
60
* - bytetest
61
*
62
* All keywords are evaluated against the dce stub data.
63
*
64
* For accounting the last match in relative matching,
65
* det_ctx->payload_offset var is used.
66
*
67
* \param de_ctx Detection engine context.
68
* \param det_ctx Detection engine thread context.
69
* \param s Signature to inspect.
70
* \param sm SigMatch to inspect.
71
* \param f Flow
72
* \param payload Pointer to the dce stub to inspect.
73
* \param payload_len Length of the payload
74
*
75
* \retval 0 No match.
76
* \retval 1 Match.
77
*/
78
static int DoInspectDcePayload(DetectEngineCtx *de_ctx,
79
DetectEngineThreadCtx *det_ctx, Signature *s,
80
SigMatch *sm, Flow *f, uint8_t *stub, uint32_t stub_len)
81
{
82
SCEnter();
83
84
if (sm == NULL) {
85
SCReturnInt(0);
86
}
87
88
switch(sm->type) {
89
case DETECT_CONTENT:
90
{
91
if (stub_len == 0) {
92
SCReturnInt(0);
93
}
94
95
DetectContentData *cd = NULL;
96
cd = (DetectContentData *)sm->ctx;
97
SCLogDebug("inspecting content %"PRIu32" stub_len %"PRIu32,
98
cd->id, stub_len);
99
100
/* rule parsers should take care of this */
101
BUG_ON(cd->depth != 0 && cd->depth <= cd->offset);
102
103
/* search for our pattern, checking the matches recursively.
104
* if we match we look for the next SigMatch as well */
105
uint8_t *found = NULL;
106
uint32_t offset = 0;
107
uint32_t depth = stub_len;
108
uint32_t prev_offset = 0; /**< used in recursive searching */
109
110
do {
111
if (cd->flags & DETECT_CONTENT_DISTANCE ||
112
cd->flags & DETECT_CONTENT_WITHIN) {
113
SCLogDebug("det_ctx->payload_offset %"PRIu32,
114
det_ctx->payload_offset);
115
116
offset = det_ctx->payload_offset;
117
depth = stub_len;
118
119
if (cd->flags & DETECT_CONTENT_DISTANCE) {
120
if (cd->distance < 0 && (uint32_t)(abs(cd->distance)) > offset) {
121
offset = 0;
122
} else {
123
offset += cd->distance;
124
}
125
126
SCLogDebug("cd->distance %"PRIi32", offset %"PRIu32", depth %"PRIu32,
127
cd->distance, offset, depth);
128
}
129
130
if (cd->flags & DETECT_CONTENT_WITHIN) {
131
if ((int32_t)depth > (int32_t)(det_ctx->payload_offset + cd->within)) {
132
depth = det_ctx->payload_offset + cd->within;
133
}
134
135
SCLogDebug("cd->within %"PRIi32", det_ctx->payload_offset "
136
"%"PRIu32", depth %"PRIu32, cd->within,
137
det_ctx->payload_offset, depth);
138
}
139
140
if (cd->depth != 0) {
141
if ((cd->depth + det_ctx->payload_offset) < depth) {
142
depth = det_ctx->payload_offset + cd->depth;
143
}
144
145
SCLogDebug("cd->depth %"PRIu32", depth %"PRIu32,
146
cd->depth, depth);
147
}
148
149
if (cd->offset > offset) {
150
offset = cd->offset;
151
SCLogDebug("setting offset %"PRIu32, offset);
152
}
153
154
/* implied no relative matches */
155
} else {
156
/* set depth */
157
if (cd->depth != 0) {
158
depth = cd->depth;
159
}
160
161
/* set offset */
162
offset = cd->offset;
163
}
164
165
/* update offset with prev_offset if we're searching for
166
* matches after the first occurence. */
167
SCLogDebug("offset %"PRIu32", prev_offset %"PRIu32, offset,
168
prev_offset);
169
offset += prev_offset;
170
171
SCLogDebug("offset %"PRIu32", depth %"PRIu32, offset, depth);
172
173
if (depth > stub_len)
174
depth = stub_len;
175
176
/* if offset is bigger than depth we can never match on a
177
* pattern. We can however, "match" on a negated pattern. */
178
if (offset > depth || depth == 0) {
179
if (cd->flags & DETECT_CONTENT_NEGATED) {
180
goto match;
181
} else {
182
SCReturnInt(0);
183
}
184
}
185
186
uint8_t *sstub = stub + offset;
187
uint32_t sstub_len = depth - offset;
188
uint32_t match_offset = 0;
189
SCLogDebug("sstub_len %"PRIu32, sstub_len);
190
BUG_ON(sstub_len > stub_len);
191
192
/* do the actual search */
193
if (cd->flags & DETECT_CONTENT_NOCASE) {
194
found = BoyerMooreNocase(cd->content, cd->content_len, sstub,
195
sstub_len, cd->bm_ctx->bmGs,
196
cd->bm_ctx->bmBc);
197
} else {
198
found = BoyerMoore(cd->content, cd->content_len, sstub,
199
sstub_len, cd->bm_ctx->bmGs,
200
cd->bm_ctx->bmBc);
201
}
202
203
/* next we evaluate the result in combination with the
204
* negation flag. */
205
SCLogDebug("found %p cd negated %s", found,
206
cd->flags & DETECT_CONTENT_NEGATED ? "true" : "false");
207
208
if (found == NULL && !(cd->flags & DETECT_CONTENT_NEGATED)) {
209
SCReturnInt(0);
210
} else if (found == NULL && cd->flags & DETECT_CONTENT_NEGATED) {
211
goto match;
212
} else if (found != NULL && cd->flags & DETECT_CONTENT_NEGATED) {
213
match_offset = (uint32_t)((found - stub) + cd->content_len);
214
SCLogDebug("content %"PRIu32" matched at offset %"PRIu32", but "
215
"negated so no match", cd->id, match_offset);
216
SCReturnInt(0);
217
} else {
218
match_offset = (uint32_t)((found - stub) + cd->content_len);
219
SCLogDebug("content %"PRIu32" matched at offset %"PRIu32"",
220
cd->id, match_offset);
221
det_ctx->payload_offset = match_offset;
222
223
if (!(cd->flags & DETECT_CONTENT_RELATIVE_NEXT)) {
224
SCLogDebug("no relative match coming up, so this is a match");
225
goto match;
226
}
227
228
BUG_ON(sm->next == NULL);
229
SCLogDebug("content %"PRIu32, cd->id);
230
231
/* see if the next payload keywords match. If not, we will
232
* search for another occurence of this content and see
233
* if the others match then until we run out of matches */
234
int r = DoInspectDcePayload(de_ctx, det_ctx, s, sm->next,
235
f, stub, stub_len);
236
if (r == 1) {
237
SCReturnInt(1);
238
}
239
240
/* set the previous match offset to the start of this match + 1 */
241
prev_offset += (match_offset - (cd->content_len - 1));
242
SCLogDebug("trying to see if there is another match after "
243
"prev_offset %"PRIu32, prev_offset);
244
}
245
246
} while(1);
247
}
248
249
case DETECT_ISDATAAT:
250
{
251
SCLogDebug("inspecting isdataat");
252
253
DetectIsdataatData *id = (DetectIsdataatData *)sm->ctx;
254
if (id->flags & ISDATAAT_RELATIVE) {
255
if (det_ctx->payload_offset + id->dataat > stub_len) {
256
SCLogDebug("det_ctx->payload_offset + id->dataat "
257
"%"PRIu32" > %"PRIu32,
258
det_ctx->payload_offset + id->dataat, stub_len);
259
SCReturnInt(0);
260
} else {
261
SCLogDebug("relative isdataat match");
262
goto match;
263
}
264
} else {
265
if (id->dataat < stub_len) {
266
SCLogDebug("absolute isdataat match");
267
goto match;
268
} else {
269
SCLogDebug("absolute isdataat mismatch, id->isdataat %"PRIu32", "
270
"stub_len %"PRIu32"", id->dataat, stub_len);
271
SCReturnInt(0);
272
}
273
}
274
}
275
276
case DETECT_PCRE:
277
{
278
SCLogDebug("inspecting pcre");
279
280
int r = DetectPcrePayloadMatch(det_ctx, s, sm, /* no packet */NULL,
281
f, stub, stub_len);
282
if (r == 1) {
283
goto match;
284
}
285
286
SCReturnInt(0);
287
}
288
289
case DETECT_BYTETEST:
290
{
291
if (DetectBytetestDoMatch(det_ctx, s, sm, stub, stub_len) != 1) {
292
SCReturnInt(0);
293
}
294
295
goto match;
296
}
297
298
case DETECT_BYTEJUMP:
299
{
300
if (DetectBytejumpDoMatch(det_ctx, s, sm, stub, stub_len) != 1) {
301
SCReturnInt(0);
302
}
303
304
goto match;
305
}
306
307
/* we should never get here, but bail out just in case */
308
default:
309
{
310
BUG_ON(1);
311
}
312
}
313
314
SCReturnInt(0);
315
316
match:
317
/* this sigmatch matched, inspect the next one. If it was the last,
318
* the payload portion of the signature matched. */
319
if (sm->next != NULL) {
320
int r = DoInspectDcePayload(de_ctx, det_ctx, s, sm->next, f, stub, stub_len);
321
SCReturnInt(r);
322
} else {
323
SCReturnInt(1);
324
}
325
}
326
327
/**
328
* \brief Do the content inspection & validation for a signature against dce stub.
329
*
330
* \param de_ctx Detection engine context.
331
* \param det_ctx Detection engine thread context.
332
* \param s Signature to inspect.
333
* \param sm SigMatch to inspect.
334
* \param f Flow.
335
* \param flags App layer flags.
336
* \param state App layer state.
337
*
338
* \retval 0 No match.
339
* \retval 1 Match.
340
*/
341
int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx,
342
DetectEngineThreadCtx *det_ctx, Signature *s,
343
Flow *f, uint8_t flags, void *alstate)
344
{
345
SCEnter();
346
DCERPCState *dcerpc_state = (DCERPCState *)alstate;
347
uint8_t *dce_stub_data = NULL;
348
uint16_t dce_stub_data_len;
349
int r = 0;
350
351
if (s->dmatch == NULL || dcerpc_state == NULL) {
352
SCReturnInt(0);
353
}
354
355
/* we are not relying on the stub pointer being set by the dce_stub_data
356
* match function. Instead we will retrieve it directly from the app layer. */
357
if (flags & STREAM_TOSERVER) {
358
if (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL ||
359
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) {
360
SCReturnInt(0);
361
}
362
dce_stub_data = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer;
363
dce_stub_data_len = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len;
364
} else {
365
if (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL ||
366
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) {
367
SCReturnInt(0);
368
}
369
dce_stub_data = dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer;
370
dce_stub_data_len = dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer_len;
371
}
372
373
det_ctx->payload_offset = 0;
374
375
r = DoInspectDcePayload(de_ctx, det_ctx, s, s->dmatch, f,
376
dce_stub_data, dce_stub_data_len);
377
if (r == 1) {
378
SCReturnInt(1);
379
}
380
381
SCReturnInt(0);
382
}
383
384
/**************************************Unittests*******************************/
385
386
#ifdef UNITTESTS
387
388
/**
389
* \test Test the working of detection engien with respect to dce keywords.
390
*/
391
int DcePayloadTest01(void)
392
{
393
int result = 0;
394
uint8_t bind[] = {
395
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
396
0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
397
0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00,
398
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
399
0x6a, 0x28, 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11,
400
0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
401
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
402
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
403
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
404
};
405
uint32_t bind_len = sizeof(bind);
406
407
uint8_t bind_ack[] = {
408
0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00,
409
0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
410
0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
411
0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c,
412
0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0x00, 0x00,
413
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
414
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
415
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
416
0x02, 0x00, 0x00, 0x00
417
};
418
uint32_t bind_ack_len = sizeof(bind_ack);
419
420
uint8_t request1[] = {
421
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
422
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
423
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
424
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
425
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
426
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
427
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
428
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
429
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
430
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
431
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
432
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
433
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
434
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
435
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
436
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
437
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
438
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
439
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
440
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
441
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
442
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
443
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
444
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
445
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
446
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
447
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
448
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
449
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
450
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
451
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
452
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
453
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
454
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
455
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
456
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
457
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
458
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
459
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
460
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
461
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
462
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
463
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
464
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
465
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
466
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
467
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
468
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
469
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
470
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
471
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
472
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
473
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
474
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
475
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
476
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
477
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
478
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
479
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
480
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
481
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
482
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
483
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
484
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
485
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
486
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
487
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
488
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
489
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
490
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
491
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
492
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
493
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
494
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
495
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
496
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
497
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
498
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
499
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
500
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
501
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
502
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
503
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
504
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
505
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
506
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
507
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
508
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
509
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
510
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
511
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
512
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
513
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
514
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
515
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
516
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
517
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
518
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
519
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
520
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
521
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
522
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
523
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
524
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
525
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
526
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
527
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
528
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
529
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
530
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
531
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
532
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
533
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
534
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
535
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
536
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
537
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
538
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
539
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
540
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
541
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
542
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
543
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
544
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
545
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
546
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
547
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
548
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
549
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
550
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
551
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
552
};
553
uint32_t request1_len = sizeof(request1);
554
555
uint8_t request2[] = {
556
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
557
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
558
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
559
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
560
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
561
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
562
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
563
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
564
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
565
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
566
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
567
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
568
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
569
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
570
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
571
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
572
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
573
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
574
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
575
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
576
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
577
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
578
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
579
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
580
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
581
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
582
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
583
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
584
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
585
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
586
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
587
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
588
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
589
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
590
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
591
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
592
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
593
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
594
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
595
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
596
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
597
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
598
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
599
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
600
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
601
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
602
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
603
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
604
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
605
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
606
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
607
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
608
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
609
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
610
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
611
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
612
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
613
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
614
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
615
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
616
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
617
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
618
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
619
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
620
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
621
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
622
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
623
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
624
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
625
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
626
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
627
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
628
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
629
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
630
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
631
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
632
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
633
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
634
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
635
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
636
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
637
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
638
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
639
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
640
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
641
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
642
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
643
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
644
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
645
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
646
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
647
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
648
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
649
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
650
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
651
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
652
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
653
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
654
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
655
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
656
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
657
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
658
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
659
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
660
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
661
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
662
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
663
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
664
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
665
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
666
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
667
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
668
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
669
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
670
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
671
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
672
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
673
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
674
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
675
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
676
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
677
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
678
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
679
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
680
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
681
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
682
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
683
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
684
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
685
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
686
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
687
};
688
uint32_t request2_len = sizeof(request2);
689
690
uint8_t request3[] = {
691
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
692
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
693
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
694
0x26, 0x65, 0x3c, 0x6e, 0x6d, 0x64, 0x24, 0x39,
695
0x56, 0x43, 0x3e, 0x61, 0x5c, 0x54, 0x42, 0x23,
696
0x75, 0x6b, 0x71, 0x27, 0x66, 0x2e, 0x6e, 0x3d,
697
0x58, 0x23, 0x54, 0x77, 0x3b, 0x52, 0x6b, 0x50,
698
0x3b, 0x74, 0x2c, 0x54, 0x25, 0x5c, 0x51, 0x7c,
699
0x29, 0x7c, 0x5f, 0x4a, 0x35, 0x5c, 0x3d, 0x3f,
700
0x33, 0x55, 0x3b, 0x5a, 0x57, 0x31, 0x59, 0x4f,
701
0x6d, 0x6d, 0x7b, 0x3e, 0x38, 0x4d, 0x68, 0x75,
702
0x64, 0x21, 0x50, 0x63, 0x47, 0x42, 0x56, 0x39,
703
0x6c, 0x6f, 0x61, 0x53, 0x32, 0x56, 0x43, 0x52,
704
0x43, 0x67, 0x26, 0x45, 0x28, 0x6b, 0x77, 0x28,
705
0x7c, 0x64, 0x61, 0x24, 0x38, 0x6b, 0x59, 0x2a,
706
0x4f, 0x6e, 0x5b, 0x57, 0x24, 0x54, 0x33, 0x37,
707
0x47, 0x58, 0x4b, 0x58, 0x3d, 0x21, 0x38, 0x7c,
708
0x2c, 0x24, 0x5f, 0x67, 0x3a, 0x41, 0x3e, 0x2a,
709
0x72, 0x66, 0x2d, 0x6b, 0x66, 0x7b, 0x2b, 0x75,
710
0x78, 0x2f, 0x4d, 0x4c, 0x51, 0x70, 0x5d, 0x55,
711
0x54, 0x3c, 0x63, 0x46, 0x6b, 0x64, 0x4d, 0x25,
712
0x45, 0x21, 0x34, 0x65, 0x48, 0x32, 0x58, 0x4c,
713
0x70, 0x4c, 0x4c, 0x75, 0x5c, 0x77, 0x68, 0x78,
714
0x34, 0x5c, 0x2d, 0x39, 0x58, 0x3b, 0x40, 0x71,
715
0x77, 0x47, 0x32, 0x2e, 0x3c, 0x61, 0x6f, 0x6d,
716
0x5f, 0x43, 0x74, 0x36, 0x4f, 0x21, 0x44, 0x66,
717
0x36, 0x62, 0x30, 0x29, 0x5a, 0x34, 0x66, 0x4e,
718
0x51, 0x23, 0x4e, 0x38, 0x51, 0x78, 0x74, 0x58,
719
0x2e, 0x6d, 0x51, 0x49, 0x55, 0x73, 0x2a, 0x71,
720
0x3c, 0x74, 0x38, 0x6f, 0x5d, 0x4b, 0x74, 0x68,
721
0x65, 0x4a, 0x58, 0x41, 0x55, 0x29, 0x42, 0x69,
722
0x55, 0x3b, 0x2b, 0x47, 0x64, 0x3b, 0x77, 0x72,
723
0x74, 0x38, 0x53, 0x5c, 0x69, 0x49, 0x49, 0x5b,
724
0x31, 0x41, 0x6a, 0x4e, 0x2c, 0x6a, 0x63, 0x3f,
725
0x58, 0x4e, 0x25, 0x3e, 0x57, 0x41, 0x61, 0x26,
726
0x5e, 0x24, 0x69, 0x7a, 0x38, 0x60, 0x73, 0x70,
727
0x7d, 0x63, 0x34, 0x78, 0x4d, 0x50, 0x35, 0x69,
728
0x49, 0x22, 0x45, 0x44, 0x3f, 0x6e, 0x75, 0x64,
729
0x57, 0x3a, 0x61, 0x60, 0x34, 0x21, 0x61, 0x21,
730
0x2a, 0x78, 0x7b, 0x52, 0x43, 0x50, 0x5b, 0x76,
731
0x5f, 0x4b, 0x6a, 0x5d, 0x23, 0x5b, 0x57, 0x40,
732
0x53, 0x51, 0x33, 0x21, 0x35, 0x7d, 0x31, 0x46,
733
0x65, 0x52, 0x28, 0x25, 0x30, 0x5a, 0x37, 0x7c,
734
0x2c, 0x3d, 0x2a, 0x48, 0x24, 0x5a, 0x2f, 0x47,
735
0x64, 0x73, 0x64, 0x3d, 0x7a, 0x5b, 0x34, 0x5e,
736
0x42, 0x22, 0x32, 0x47, 0x6e, 0x58, 0x3b, 0x3e,
737
0x25, 0x2f, 0x58, 0x78, 0x42, 0x66, 0x71, 0x56,
738
0x2a, 0x66, 0x66, 0x5b, 0x55, 0x35, 0x7a, 0x41,
739
0x7c, 0x7c, 0x6a, 0x2d, 0x59, 0x25, 0x22, 0x34,
740
0x5a, 0x61, 0x37, 0x48, 0x39, 0x31, 0x4a, 0x55,
741
0x6a, 0x68, 0x40, 0x2f, 0x45, 0x69, 0x46, 0x25,
742
0x51, 0x7d, 0x4f, 0x71, 0x21, 0x33, 0x55, 0x50,
743
0x56, 0x5f, 0x75, 0x27, 0x64, 0x36, 0x7a, 0x39,
744
0x40, 0x6a, 0x77, 0x38, 0x5d, 0x39, 0x30, 0x5e,
745
0x74, 0x54, 0x24, 0x3f, 0x3d, 0x79, 0x3b, 0x27,
746
0x7d, 0x68, 0x7d, 0x40, 0x71, 0x7a, 0x65, 0x54,
747
0x50, 0x66, 0x33, 0x3c, 0x42, 0x69, 0x6e, 0x3c,
748
0x63, 0x63, 0x69, 0x7a, 0x5e, 0x7b, 0x76, 0x26,
749
0x71, 0x6f, 0x4a, 0x6d, 0x70, 0x73, 0x66, 0x3b,
750
0x26, 0x70, 0x43, 0x5b, 0x52, 0x4c, 0x6d, 0x51,
751
0x2a, 0x66, 0x6c, 0x3e, 0x68, 0x6a, 0x31, 0x41,
752
0x79, 0x72, 0x37, 0x47, 0x7d, 0x2b, 0x3c, 0x40,
753
0x6b, 0x75, 0x56, 0x70, 0x7b, 0x2d, 0x5f, 0x33,
754
0x30, 0x30, 0x21, 0x35, 0x7a, 0x7a, 0x67, 0x48,
755
0x5e, 0x3b, 0x73, 0x50, 0x54, 0x47, 0x23, 0x2b,
756
0x4c, 0x4e, 0x2f, 0x24, 0x44, 0x34, 0x23, 0x5d,
757
0x76, 0x51, 0x5a, 0x73, 0x72, 0x3e, 0x47, 0x77,
758
0x40, 0x28, 0x65, 0x2e, 0x2a, 0x75, 0x3c, 0x2a,
759
0x27, 0x4a, 0x3f, 0x3c, 0x66, 0x2d, 0x21, 0x79,
760
0x2d, 0x2b, 0x78, 0x7c, 0x5a, 0x73, 0x46, 0x6b,
761
0x39, 0x65, 0x5e, 0x3d, 0x38, 0x40, 0x32, 0x3e,
762
0x21, 0x62, 0x34, 0x41, 0x58, 0x53, 0x67, 0x34,
763
0x58, 0x56, 0x61, 0x5b, 0x3e, 0x4e, 0x2c, 0x5b,
764
0x73, 0x35, 0x34, 0x35, 0x21, 0x3a, 0x61, 0x5f,
765
0x6e, 0x45, 0x78, 0x44, 0x28, 0x23, 0x48, 0x65,
766
0x53, 0x47, 0x6e, 0x2c, 0x38, 0x5e, 0x2c, 0x57,
767
0x58, 0x30, 0x7a, 0x3b, 0x4b, 0x4a, 0x74, 0x7d,
768
0x3e, 0x4d, 0x30, 0x24, 0x76, 0x66, 0x6d, 0x2e,
769
0x74, 0x75, 0x28, 0x48, 0x5c, 0x23, 0x6c, 0x46,
770
0x27, 0x46, 0x6e, 0x34, 0x63, 0x21, 0x58, 0x54,
771
0x50, 0x2f, 0x40, 0x47, 0x40, 0x32, 0x36, 0x48,
772
0x5f, 0x7d, 0x4a, 0x41, 0x6e, 0x60, 0x2c, 0x4a,
773
0x6a, 0x67, 0x6c, 0x41, 0x27, 0x23, 0x30, 0x48,
774
0x6a, 0x49, 0x73, 0x26, 0x77, 0x75, 0x4d, 0x65,
775
0x5b, 0x34, 0x79, 0x67, 0x61, 0x5b, 0x5c, 0x2b,
776
0x71, 0x3f, 0x62, 0x51, 0x3a, 0x53, 0x42, 0x26,
777
0x6f, 0x36, 0x57, 0x3f, 0x2b, 0x34, 0x24, 0x30,
778
0x60, 0x55, 0x70, 0x65, 0x70, 0x57, 0x5d, 0x68,
779
0x36, 0x52, 0x5d, 0x3f, 0x6a, 0x3a, 0x33, 0x31,
780
0x6c, 0x4e, 0x57, 0x79, 0x49, 0x79, 0x69, 0x71,
781
0x6f, 0x70, 0x6a, 0x76, 0x4b, 0x2f, 0x33, 0x51,
782
0x68, 0x30, 0x2e, 0x77, 0x78, 0x55, 0x2f, 0x53,
783
0x52, 0x5e, 0x57, 0x60, 0x3b, 0x6f, 0x69, 0x61,
784
0x6c, 0x60, 0x5a, 0x34, 0x5a, 0x35, 0x4b, 0x28,
785
0x54, 0x32, 0x6a, 0x35, 0x36, 0x6d, 0x68, 0x47,
786
0x5c, 0x74, 0x2e, 0x5f, 0x6c, 0x6d, 0x55, 0x42,
787
0x77, 0x64, 0x7d, 0x53, 0x4d, 0x39, 0x2c, 0x41,
788
0x42, 0x23, 0x3a, 0x73, 0x40, 0x60, 0x5d, 0x38,
789
0x6d, 0x36, 0x56, 0x57, 0x2a, 0x28, 0x3d, 0x3b,
790
0x5c, 0x75, 0x35, 0x2d, 0x69, 0x2d, 0x44, 0x51,
791
0x27, 0x63, 0x66, 0x33, 0x46, 0x42, 0x2e, 0x36,
792
0x6b, 0x7b, 0x2c, 0x23, 0x3b, 0x5a, 0x50, 0x2a,
793
0x65, 0x28, 0x3b, 0x3c, 0x51, 0x3f, 0x4d, 0x63,
794
0x38, 0x25, 0x74, 0x2e, 0x51, 0x22, 0x31, 0x74,
795
0x35, 0x33, 0x23, 0x2d, 0x3f, 0x77, 0x26, 0x2c,
796
0x55, 0x6d, 0x27, 0x39, 0x79, 0x76, 0x63, 0x4b,
797
0x43, 0x4a, 0x3a, 0x6b, 0x59, 0x55, 0x65, 0x26,
798
0x2f, 0x3f, 0x56, 0x67, 0x5a, 0x77, 0x71, 0x22,
799
0x51, 0x2b, 0x6d, 0x4c, 0x2c, 0x57, 0x66, 0x76,
800
0x37, 0x70, 0x5f, 0x52, 0x29, 0x44, 0x52, 0x22,
801
0x57, 0x37, 0x27, 0x79, 0x29, 0x5c, 0x57, 0x3b,
802
0x54, 0x3c, 0x3f, 0x53, 0x35, 0x27, 0x5e, 0x7c,
803
0x49, 0x77, 0x57, 0x5a, 0x22, 0x76, 0x7c, 0x5b,
804
0x2f, 0x53, 0x5e, 0x55, 0x6d, 0x64, 0x67, 0x34,
805
0x41, 0x23, 0x76, 0x67, 0x23, 0x78, 0x6a, 0x63,
806
0x27, 0x68, 0x43, 0x7d, 0x58, 0x49, 0x2d, 0x79,
807
0x2e, 0x75, 0x60, 0x6b, 0x34, 0x48, 0x6f, 0x4a,
808
0x6c, 0x48, 0x40, 0x68, 0x5f, 0x35, 0x25, 0x6c,
809
0x38, 0x5c, 0x30, 0x32, 0x4c, 0x36, 0x31, 0x29,
810
0x74, 0x4a, 0x55, 0x56, 0x6d, 0x4e, 0x23, 0x54,
811
0x2e, 0x69, 0x78, 0x61, 0x76, 0x66, 0x22, 0x44,
812
0x73, 0x25, 0x44, 0x29, 0x2a, 0x28, 0x3b, 0x67,
813
0x48, 0x58, 0x37, 0x4a, 0x76, 0x76, 0x51, 0x4a,
814
0x61, 0x70, 0x51, 0x74, 0x40, 0x23, 0x29, 0x63,
815
0x69, 0x4a, 0x29, 0x23, 0x34, 0x6a, 0x3b, 0x25,
816
0x28, 0x54, 0x45, 0x33, 0x28, 0x44, 0x30, 0x61,
817
0x5b, 0x60, 0x51, 0x3f, 0x68, 0x50, 0x70, 0x3d,
818
0x58, 0x2e, 0x6e, 0x59, 0x5a, 0x62, 0x66, 0x4d,
819
0x7a, 0x2e, 0x37, 0x37, 0x3d, 0x7b, 0x74, 0x79,
820
0x48, 0x45, 0x77, 0x56, 0x33, 0x76, 0x71, 0x60,
821
0x74, 0x3f, 0x61, 0x22, 0x52, 0x51, 0x71, 0x69
822
};
823
uint32_t request3_len = sizeof(request3);
824
825
uint8_t request4[] = {
826
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
827
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
828
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
829
0x75, 0x3e, 0x76, 0x3e, 0x66, 0x6b, 0x6b, 0x3e,
830
0x6d, 0x59, 0x38, 0x2b, 0x63, 0x4d, 0x2c, 0x73,
831
0x54, 0x57, 0x34, 0x25, 0x5b, 0x42, 0x7d, 0x5d,
832
0x37, 0x34, 0x2c, 0x79, 0x24, 0x4b, 0x74, 0x73,
833
0x25, 0x36, 0x73, 0x3a, 0x2c, 0x55, 0x69, 0x3c,
834
0x58, 0x67, 0x33, 0x53, 0x67, 0x5c, 0x61, 0x7b,
835
0x44, 0x2e, 0x42, 0x2d, 0x6b, 0x50, 0x55, 0x24,
836
0x70, 0x58, 0x60, 0x38, 0x42, 0x45, 0x70, 0x6d,
837
0x2f, 0x27, 0x27, 0x2c, 0x21, 0x6d, 0x57, 0x6e,
838
0x43, 0x3c, 0x5b, 0x27, 0x7a, 0x34, 0x49, 0x5a,
839
0x69, 0x30, 0x3f, 0x6f, 0x77, 0x70, 0x39, 0x2d,
840
0x51, 0x74, 0x4b, 0x25, 0x70, 0x51, 0x64, 0x4d,
841
0x75, 0x52, 0x5e, 0x3e, 0x37, 0x30, 0x5d, 0x3b,
842
0x2c, 0x72, 0x25, 0x6c, 0x6f, 0x79, 0x69, 0x3c,
843
0x5b, 0x73, 0x3d, 0x41, 0x28, 0x28, 0x64, 0x60,
844
0x4b, 0x7a, 0x2c, 0x4a, 0x6b, 0x3d, 0x2e, 0x6c,
845
0x7a, 0x54, 0x70, 0x61, 0x6f, 0x4b, 0x40, 0x28,
846
0x59, 0x31, 0x25, 0x21, 0x57, 0x79, 0x4b, 0x31,
847
0x6f, 0x4e, 0x71, 0x2b, 0x3c, 0x24, 0x30, 0x28,
848
0x3c, 0x61, 0x28, 0x4b, 0x35, 0x61, 0x4d, 0x55,
849
0x5e, 0x66, 0x34, 0x5f, 0x61, 0x70, 0x7b, 0x67,
850
0x51, 0x55, 0x68, 0x78, 0x26, 0x3a, 0x27, 0x4e,
851
0x71, 0x79, 0x4f, 0x67, 0x2c, 0x5a, 0x79, 0x75,
852
0x59, 0x3a, 0x33, 0x4a, 0x36, 0x71, 0x72, 0x6d,
853
0x49, 0x3e, 0x53, 0x59, 0x2b, 0x2b, 0x27, 0x4e,
854
0x50, 0x5d, 0x21, 0x55, 0x64, 0x4b, 0x72, 0x73,
855
0x25, 0x55, 0x26, 0x4f, 0x3a, 0x21, 0x54, 0x29,
856
0x4f, 0x64, 0x51, 0x59, 0x60, 0x7b, 0x7c, 0x6f,
857
0x3e, 0x65, 0x74, 0x6a, 0x5b, 0x52, 0x2c, 0x56,
858
0x4e, 0x45, 0x53, 0x4b, 0x7c, 0x38, 0x49, 0x4b,
859
0x4e, 0x4f, 0x4a, 0x47, 0x5e, 0x7c, 0x46, 0x3b,
860
0x67, 0x2e, 0x43, 0x79, 0x35, 0x55, 0x59, 0x6d,
861
0x38, 0x70, 0x2f, 0x59, 0x4f, 0x27, 0x63, 0x40,
862
0x66, 0x2d, 0x39, 0x4f, 0x3d, 0x2e, 0x4c, 0x67,
863
0x71, 0x7d, 0x34, 0x22, 0x52, 0x4e, 0x36, 0x7b,
864
0x2c, 0x39, 0x4d, 0x42, 0x60, 0x75, 0x74, 0x72,
865
0x4f, 0x72, 0x68, 0x3a, 0x51, 0x31, 0x2d, 0x21,
866
0x4a, 0x35, 0x47, 0x6d, 0x69, 0x3c, 0x50, 0x4c,
867
0x59, 0x66, 0x4c, 0x71, 0x24, 0x3a, 0x36, 0x67,
868
0x24, 0x5a, 0x59, 0x28, 0x7c, 0x21, 0x5e, 0x77,
869
0x68, 0x5e, 0x7b, 0x6e, 0x56, 0x62, 0x36, 0x29,
870
0x6f, 0x4f, 0x5d, 0x57, 0x56, 0x2b, 0x75, 0x2a,
871
0x2c, 0x69, 0x63, 0x51, 0x74, 0x6e, 0x5e, 0x46,
872
0x50, 0x28, 0x2c, 0x3b, 0x32, 0x53, 0x28, 0x78,
873
0x59, 0x72, 0x39, 0x5e, 0x44, 0x5c, 0x77, 0x60,
874
0x72, 0x44, 0x3b, 0x75, 0x68, 0x39, 0x55, 0x3e,
875
0x44, 0x50, 0x76, 0x3c, 0x48, 0x46, 0x43, 0x22,
876
0x56, 0x27, 0x21, 0x31, 0x33, 0x4a, 0x5a, 0x74,
877
0x41, 0x58, 0x3f, 0x39, 0x29, 0x71, 0x73, 0x30,
878
0x57, 0x70, 0x33, 0x62, 0x7b, 0x4a, 0x75, 0x3e,
879
0x4d, 0x4c, 0x4e, 0x55, 0x63, 0x38, 0x66, 0x7d,
880
0x68, 0x7d, 0x6f, 0x23, 0x55, 0x50, 0x3d, 0x34,
881
0x46, 0x5e, 0x2f, 0x55, 0x27, 0x62, 0x68, 0x7c,
882
0x6c, 0x21, 0x2b, 0x63, 0x4b, 0x47, 0x6b, 0x6a,
883
0x5b, 0x7b, 0x5c, 0x71, 0x37, 0x7c, 0x52, 0x2b,
884
0x2f, 0x4a, 0x47, 0x70, 0x78, 0x50, 0x2f, 0x75,
885
0x28, 0x4c, 0x60, 0x4c, 0x4c, 0x54, 0x6b, 0x68,
886
0x63, 0x4f, 0x47, 0x39, 0x2a, 0x70, 0x51, 0x7d,
887
0x28, 0x59, 0x52, 0x46, 0x4b, 0x38, 0x27, 0x49,
888
0x50, 0x5d, 0x25, 0x22, 0x5f, 0x48, 0x2c, 0x2f,
889
0x67, 0x59, 0x5d, 0x7d, 0x21, 0x3d, 0x72, 0x4f,
890
0x5c, 0x5b, 0x41, 0x47, 0x5f, 0x56, 0x69, 0x42,
891
0x55, 0x60, 0x68, 0x4b, 0x77, 0x44, 0x4c, 0x3b,
892
0x7d, 0x5a, 0x58, 0x43, 0x7a, 0x33, 0x22, 0x58,
893
0x58, 0x6f, 0x74, 0x53, 0x57, 0x6d, 0x6e, 0x29,
894
0x6b, 0x33, 0x71, 0x68, 0x29, 0x48, 0x67, 0x35,
895
0x52, 0x41, 0x6b, 0x36, 0x4f, 0x46, 0x31, 0x24,
896
0x73, 0x56, 0x40, 0x48, 0x37, 0x51, 0x24, 0x2a,
897
0x59, 0x21, 0x74, 0x76, 0x25, 0x2e, 0x4a, 0x74,
898
0x32, 0x29, 0x5f, 0x57, 0x7c, 0x58, 0x30, 0x2c,
899
0x7b, 0x70, 0x5b, 0x51, 0x73, 0x27, 0x4a, 0x28,
900
0x77, 0x2a, 0x43, 0x28, 0x2e, 0x32, 0x3d, 0x38,
901
0x36, 0x2e, 0x6b, 0x40, 0x6c, 0x76, 0x54, 0x66,
902
0x4a, 0x5c, 0x25, 0x62, 0x2e, 0x61, 0x48, 0x30,
903
0x28, 0x41, 0x40, 0x69, 0x3c, 0x39, 0x36, 0x4b,
904
0x64, 0x50, 0x76, 0x3d, 0x52, 0x50, 0x77, 0x33,
905
0x3b, 0x65, 0x59, 0x31, 0x5c, 0x48, 0x6a, 0x74,
906
0x78, 0x5b, 0x74, 0x60, 0x47, 0x27, 0x60, 0x22,
907
0x4a, 0x72, 0x25, 0x34, 0x5d, 0x3a, 0x21, 0x66,
908
0x61, 0x7b, 0x34, 0x41, 0x3b, 0x3a, 0x27, 0x44,
909
0x48, 0x7c, 0x7a, 0x74, 0x3a, 0x68, 0x59, 0x48,
910
0x61, 0x32, 0x49, 0x61, 0x40, 0x22, 0x33, 0x75,
911
0x29, 0x76, 0x5b, 0x24, 0x5b, 0x5c, 0x76, 0x5c,
912
0x28, 0x75, 0x36, 0x26, 0x2c, 0x65, 0x5e, 0x51,
913
0x7b, 0x3a, 0x7d, 0x4f, 0x35, 0x73, 0x6b, 0x5b,
914
0x5c, 0x37, 0x35, 0x6b, 0x41, 0x35, 0x40, 0x3a,
915
0x22, 0x28, 0x6c, 0x71, 0x46, 0x68, 0x7b, 0x66,
916
0x56, 0x24, 0x7c, 0x54, 0x28, 0x30, 0x22, 0x4e,
917
0x3c, 0x65, 0x69, 0x36, 0x44, 0x53, 0x3d, 0x6c,
918
0x5f, 0x73, 0x6c, 0x6f, 0x5e, 0x27, 0x23, 0x4e,
919
0x60, 0x45, 0x2f, 0x3d, 0x37, 0x28, 0x51, 0x29,
920
0x77, 0x6a, 0x6b, 0x2a, 0x2a, 0x51, 0x26, 0x4c,
921
0x4e, 0x71, 0x77, 0x73, 0x71, 0x2d, 0x5a, 0x2c,
922
0x23, 0x3d, 0x5f, 0x62, 0x63, 0x2e, 0x72, 0x2a,
923
0x75, 0x66, 0x43, 0x56, 0x5f, 0x21, 0x64, 0x66,
924
0x35, 0x3b, 0x7a, 0x45, 0x3f, 0x4f, 0x57, 0x22,
925
0x5a, 0x45, 0x65, 0x37, 0x58, 0x5b, 0x43, 0x66,
926
0x4f, 0x5d, 0x6e, 0x41, 0x41, 0x62, 0x5e, 0x39,
927
0x65, 0x6f, 0x43, 0x4b, 0x5e, 0x51, 0x42, 0x3f,
928
0x2d, 0x68, 0x4b, 0x6e, 0x46, 0x6f, 0x21, 0x44,
929
0x3c, 0x22, 0x46, 0x31, 0x31, 0x2e, 0x56, 0x2e,
930
0x77, 0x48, 0x68, 0x23, 0x4a, 0x36, 0x52, 0x5d,
931
0x61, 0x47, 0x71, 0x2e, 0x3a, 0x4a, 0x5b, 0x56,
932
0x6b, 0x52, 0x2a, 0x4c, 0x4f, 0x24, 0x34, 0x60,
933
0x70, 0x58, 0x7a, 0x76, 0x4b, 0x68, 0x24, 0x5f,
934
0x51, 0x6d, 0x75, 0x45, 0x48, 0x21, 0x53, 0x4d,
935
0x27, 0x75, 0x5f, 0x50, 0x3e, 0x40, 0x3f, 0x5e,
936
0x64, 0x41, 0x5f, 0x68, 0x48, 0x30, 0x71, 0x4b,
937
0x66, 0x2c, 0x2f, 0x76, 0x4b, 0x23, 0x46, 0x34,
938
0x50, 0x58, 0x52, 0x69, 0x2b, 0x6e, 0x7a, 0x33,
939
0x53, 0x43, 0x43, 0x35, 0x54, 0x30, 0x73, 0x63,
940
0x3b, 0x43, 0x52, 0x29, 0x45, 0x37, 0x71, 0x79,
941
0x5a, 0x26, 0x24, 0x72, 0x73, 0x4e, 0x44, 0x38,
942
0x5b, 0x71, 0x36, 0x3a, 0x4f, 0x5b, 0x71, 0x28,
943
0x71, 0x79, 0x72, 0x40, 0x6e, 0x51, 0x72, 0x29,
944
0x3d, 0x4f, 0x33, 0x22, 0x73, 0x5a, 0x30, 0x71,
945
0x58, 0x54, 0x59, 0x48, 0x29, 0x2b, 0x5c, 0x73,
946
0x6f, 0x4e, 0x60, 0x2a, 0x72, 0x39, 0x50, 0x59,
947
0x6f, 0x48, 0x3e, 0x62, 0x6c, 0x62, 0x49, 0x6c,
948
0x2c, 0x3f, 0x43, 0x3f, 0x32, 0x7c, 0x6f, 0x6c,
949
0x39, 0x26, 0x26, 0x7b, 0x5d, 0x65, 0x6f, 0x41,
950
0x7c, 0x42, 0x2b, 0x65, 0x6f, 0x3e, 0x7b, 0x69,
951
0x46, 0x4d, 0x68, 0x68, 0x5a, 0x33, 0x25, 0x5d,
952
0x6f, 0x48, 0x7c, 0x77, 0x7d, 0x3f, 0x4e, 0x30,
953
0x69, 0x65, 0x28, 0x2e, 0x34, 0x34, 0x41, 0x43,
954
0x5e, 0x30, 0x23, 0x3b, 0x60, 0x79, 0x5b, 0x26,
955
0x7c, 0x77, 0x3e, 0x43, 0x24, 0x31, 0x3a, 0x56,
956
0x24, 0x3c, 0x60, 0x3f, 0x60, 0x55, 0x6a, 0x68
957
};
958
uint32_t request4_len = sizeof(request4);
959
960
uint8_t request5[] = {
961
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
962
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
963
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
964
0x69, 0x3e, 0x72, 0x44, 0x31, 0x6b, 0x28, 0x2f,
965
0x79, 0x37, 0x58, 0x5d, 0x5f, 0x68, 0x71, 0x47,
966
0x7a, 0x68, 0x7c, 0x6c, 0x65, 0x3c, 0x74, 0x67,
967
0x59, 0x5c, 0x3d, 0x28, 0x65, 0x28, 0x58, 0x74,
968
0x44, 0x62, 0x2e, 0x36, 0x54, 0x2f, 0x24, 0x34,
969
0x4b, 0x6d, 0x3a, 0x7b, 0x60, 0x71, 0x5a, 0x77,
970
0x4a, 0x27, 0x25, 0x70, 0x75, 0x56, 0x78, 0x73,
971
0x2e, 0x38, 0x6c, 0x70, 0x66, 0x7b, 0x7b, 0x2d,
972
0x78, 0x27, 0x65, 0x63, 0x58, 0x4f, 0x7d, 0x5c,
973
0x31, 0x3e, 0x36, 0x6e, 0x65, 0x61, 0x2e, 0x4e,
974
0x26, 0x68, 0x2b, 0x33, 0x7d, 0x54, 0x2c, 0x28,
975
0x47, 0x3a, 0x31, 0x47, 0x56, 0x32, 0x74, 0x51,
976
0x79, 0x65, 0x42, 0x45, 0x60, 0x55, 0x6f, 0x48,
977
0x61, 0x23, 0x72, 0x62, 0x74, 0x3a, 0x5a, 0x26,
978
0x2d, 0x41, 0x58, 0x62, 0x75, 0x4b, 0x37, 0x2e,
979
0x3f, 0x2a, 0x6e, 0x2e, 0x2c, 0x43, 0x6f, 0x53,
980
0x5f, 0x48, 0x7a, 0x53, 0x7b, 0x54, 0x28, 0x30,
981
0x2b, 0x7a, 0x34, 0x33, 0x28, 0x2b, 0x23, 0x23,
982
0x72, 0x38, 0x25, 0x30, 0x35, 0x66, 0x76, 0x46,
983
0x2a, 0x57, 0x7a, 0x60, 0x38, 0x5a, 0x26, 0x4f,
984
0x78, 0x43, 0x2c, 0x7d, 0x3d, 0x76, 0x7d, 0x66,
985
0x48, 0x7d, 0x3e, 0x59, 0x31, 0x58, 0x6b, 0x30,
986
0x76, 0x45, 0x6e, 0x70, 0x72, 0x5f, 0x3c, 0x70,
987
0x6d, 0x77, 0x42, 0x75, 0x42, 0x73, 0x68, 0x5e,
988
0x5f, 0x72, 0x2b, 0x2a, 0x70, 0x38, 0x7a, 0x4c,
989
0x58, 0x2e, 0x5e, 0x2d, 0x2d, 0x78, 0x67, 0x5a,
990
0x77, 0x34, 0x5a, 0x50, 0x76, 0x2d, 0x2b, 0x77,
991
0x37, 0x6e, 0x38, 0x2d, 0x7b, 0x44, 0x78, 0x67,
992
0x52, 0x57, 0x79, 0x43, 0x7d, 0x6d, 0x4d, 0x32,
993
0x23, 0x37, 0x51, 0x4b, 0x41, 0x60, 0x6e, 0x53,
994
0x4e, 0x78, 0x37, 0x37, 0x60, 0x56, 0x64, 0x52,
995
0x25, 0x46, 0x53, 0x5f, 0x2b, 0x56, 0x2b, 0x3b,
996
0x40, 0x37, 0x33, 0x37, 0x23, 0x43, 0x36, 0x6b,
997
0x6b, 0x5d, 0x35, 0x28, 0x7d, 0x6a, 0x2c, 0x68,
998
0x28, 0x4b, 0x4a, 0x6c, 0x27, 0x35, 0x51, 0x66,
999
0x30, 0x39, 0x28, 0x4d, 0x61, 0x2f, 0x64, 0x36,
1000
0x59, 0x39, 0x68, 0x4b, 0x24, 0x51, 0x7b, 0x6e,
1001
0x38, 0x49, 0x55, 0x72, 0x5f, 0x33, 0x5c, 0x26,
1002
0x45, 0x2f, 0x71, 0x66, 0x33, 0x3d, 0x36, 0x68,
1003
0x65, 0x48, 0x42, 0x40, 0x58, 0x61, 0x4f, 0x50,
1004
0x70, 0x5e, 0x3c, 0x5d, 0x56, 0x43, 0x4c, 0x41,
1005
0x45, 0x54, 0x76, 0x4b, 0x21, 0x25, 0x45, 0x4c,
1006
0x5e, 0x58, 0x23, 0x7d, 0x34, 0x61, 0x5c, 0x53,
1007
0x2a, 0x47, 0x37, 0x22, 0x6d, 0x31, 0x42, 0x6e,
1008
0x22, 0x72, 0x62, 0x55, 0x59, 0x66, 0x28, 0x73,
1009
0x55, 0x50, 0x5c, 0x6f, 0x52, 0x40, 0x3e, 0x3b,
1010
0x44, 0x2a, 0x51, 0x3d, 0x4d, 0x47, 0x3a, 0x57,
1011
0x3e, 0x29, 0x29, 0x7d, 0x40, 0x36, 0x41, 0x3f,
1012
0x58, 0x77, 0x3b, 0x41, 0x2d, 0x64, 0x5a, 0x72,
1013
0x7c, 0x7d, 0x30, 0x68, 0x54, 0x34, 0x40, 0x21,
1014
0x7d, 0x2b, 0x2d, 0x2b, 0x6d, 0x5f, 0x49, 0x57,
1015
0x68, 0x65, 0x79, 0x2c, 0x21, 0x41, 0x31, 0x55,
1016
0x27, 0x4d, 0x78, 0x55, 0x2f, 0x61, 0x62, 0x78,
1017
0x58, 0x25, 0x3a, 0x4b, 0x3e, 0x67, 0x44, 0x7c,
1018
0x7d, 0x52, 0x3d, 0x3e, 0x3b, 0x62, 0x2d, 0x28,
1019
0x48, 0x70, 0x2c, 0x79, 0x31, 0x5a, 0x5e, 0x3f,
1020
0x6a, 0x30, 0x78, 0x41, 0x44, 0x60, 0x4e, 0x63,
1021
0x63, 0x2e, 0x31, 0x79, 0x2b, 0x47, 0x57, 0x26,
1022
0x22, 0x6a, 0x46, 0x43, 0x70, 0x30, 0x51, 0x7d,
1023
0x21, 0x3c, 0x68, 0x74, 0x40, 0x5a, 0x6e, 0x71,
1024
0x3f, 0x76, 0x73, 0x2e, 0x29, 0x3f, 0x6a, 0x55,
1025
0x21, 0x72, 0x65, 0x75, 0x5e, 0x6b, 0x39, 0x6e,
1026
0x3e, 0x76, 0x42, 0x41, 0x65, 0x3f, 0x2b, 0x37,
1027
0x70, 0x7a, 0x7a, 0x29, 0x50, 0x66, 0x21, 0x67,
1028
0x3f, 0x54, 0x32, 0x5f, 0x73, 0x27, 0x59, 0x6f,
1029
0x39, 0x4b, 0x4e, 0x23, 0x54, 0x3b, 0x39, 0x21,
1030
0x38, 0x41, 0x33, 0x44, 0x57, 0x6b, 0x51, 0x30,
1031
0x6a, 0x76, 0x62, 0x2c, 0x5c, 0x5e, 0x49, 0x3e,
1032
0x59, 0x38, 0x5e, 0x4a, 0x59, 0x77, 0x34, 0x25,
1033
0x4f, 0x76, 0x6a, 0x68, 0x6f, 0x73, 0x7c, 0x3d,
1034
0x2d, 0x64, 0x6c, 0x7a, 0x3d, 0x2c, 0x26, 0x28,
1035
0x58, 0x2b, 0x4b, 0x45, 0x68, 0x38, 0x74, 0x63,
1036
0x7b, 0x4a, 0x63, 0x52, 0x26, 0x54, 0x3c, 0x46,
1037
0x77, 0x2d, 0x6b, 0x78, 0x63, 0x7b, 0x6a, 0x50,
1038
0x26, 0x42, 0x62, 0x63, 0x65, 0x6b, 0x63, 0x54,
1039
0x4d, 0x47, 0x59, 0x48, 0x2e, 0x60, 0x7c, 0x4d,
1040
0x33, 0x4d, 0x61, 0x72, 0x76, 0x72, 0x21, 0x4d,
1041
0x2b, 0x43, 0x58, 0x47, 0x4a, 0x36, 0x2d, 0x7b,
1042
0x32, 0x72, 0x21, 0x78, 0x22, 0x38, 0x2c, 0x7a,
1043
0x34, 0x44, 0x45, 0x66, 0x31, 0x7b, 0x37, 0x68,
1044
0x62, 0x65, 0x62, 0x6d, 0x4e, 0x7c, 0x75, 0x38,
1045
0x2a, 0x73, 0x27, 0x64, 0x33, 0x4f, 0x21, 0x41,
1046
0x7c, 0x41, 0x3f, 0x60, 0x68, 0x34, 0x72, 0x5b,
1047
0x38, 0x33, 0x6f, 0x65, 0x3e, 0x5a, 0x7d, 0x25,
1048
0x49, 0x50, 0x60, 0x36, 0x59, 0x5e, 0x6b, 0x25,
1049
0x66, 0x7a, 0x7d, 0x71, 0x40, 0x6c, 0x2c, 0x6e,
1050
0x6a, 0x5a, 0x24, 0x5a, 0x76, 0x21, 0x67, 0x39,
1051
0x4b, 0x4a, 0x31, 0x24, 0x66, 0x66, 0x2e, 0x58,
1052
0x43, 0x46, 0x75, 0x6c, 0x47, 0x28, 0x4f, 0x21,
1053
0x75, 0x77, 0x6f, 0x71, 0x48, 0x3f, 0x4d, 0x4c,
1054
0x51, 0x37, 0x3b, 0x41, 0x4d, 0x41, 0x48, 0x28,
1055
0x71, 0x24, 0x2f, 0x7a, 0x22, 0x49, 0x4a, 0x39,
1056
0x44, 0x43, 0x68, 0x21, 0x3a, 0x34, 0x4e, 0x52,
1057
0x7a, 0x60, 0x71, 0x61, 0x6d, 0x51, 0x58, 0x2a,
1058
0x59, 0x4c, 0x4a, 0x59, 0x6b, 0x77, 0x78, 0x2e,
1059
0x27, 0x78, 0x76, 0x48, 0x4f, 0x46, 0x79, 0x2c,
1060
0x54, 0x42, 0x7b, 0x2c, 0x52, 0x41, 0x54, 0x2b,
1061
0x2c, 0x33, 0x6b, 0x70, 0x77, 0x2e, 0x2e, 0x41,
1062
0x25, 0x7a, 0x48, 0x6e, 0x71, 0x55, 0x6a, 0x43,
1063
0x5a, 0x2c, 0x6c, 0x76, 0x6d, 0x71, 0x72, 0x4d,
1064
0x76, 0x5b, 0x7b, 0x22, 0x4b, 0x45, 0x31, 0x30,
1065
0x26, 0x53, 0x75, 0x3f, 0x26, 0x59, 0x36, 0x2f,
1066
0x68, 0x4f, 0x34, 0x5e, 0x2b, 0x30, 0x63, 0x68,
1067
0x7b, 0x32, 0x5e, 0x77, 0x7d, 0x7b, 0x53, 0x5f,
1068
0x63, 0x53, 0x77, 0x7a, 0x7d, 0x35, 0x28, 0x3e,
1069
0x41, 0x6f, 0x5b, 0x31, 0x78, 0x7b, 0x2b, 0x51,
1070
0x23, 0x43, 0x46, 0x6a, 0x32, 0x32, 0x25, 0x45,
1071
0x57, 0x43, 0x22, 0x50, 0x60, 0x32, 0x70, 0x2e,
1072
0x79, 0x2e, 0x6b, 0x33, 0x67, 0x6c, 0x43, 0x5b,
1073
0x3b, 0x68, 0x53, 0x53, 0x6a, 0x48, 0x59, 0x5f,
1074
0x30, 0x72, 0x7d, 0x6b, 0x37, 0x24, 0x75, 0x52,
1075
0x50, 0x2b, 0x75, 0x35, 0x24, 0x3b, 0x6e, 0x53,
1076
0x56, 0x34, 0x23, 0x54, 0x65, 0x4f, 0x78, 0x3e,
1077
0x46, 0x7d, 0x25, 0x3f, 0x2f, 0x49, 0x6b, 0x49,
1078
0x47, 0x45, 0x24, 0x38, 0x3b, 0x68, 0x6c, 0x4f,
1079
0x29, 0x21, 0x50, 0x32, 0x67, 0x47, 0x5a, 0x72,
1080
0x76, 0x21, 0x39, 0x67, 0x3c, 0x72, 0x47, 0x43,
1081
0x4a, 0x2e, 0x31, 0x32, 0x34, 0x3c, 0x53, 0x2d,
1082
0x22, 0x5b, 0x5b, 0x6a, 0x77, 0x75, 0x31, 0x68,
1083
0x30, 0x45, 0x43, 0x5f, 0x60, 0x5d, 0x56, 0x67,
1084
0x66, 0x55, 0x6a, 0x72, 0x77, 0x7b, 0x44, 0x61,
1085
0x22, 0x64, 0x36, 0x39, 0x6e, 0x44, 0x37, 0x54,
1086
0x45, 0x46, 0x6f, 0x58, 0x35, 0x51, 0x3c, 0x62,
1087
0x49, 0x3a, 0x50, 0x58, 0x56, 0x5d, 0x77, 0x6f,
1088
0x56, 0x64, 0x7b, 0x49, 0x39, 0x21, 0x31, 0x2d,
1089
0x5f, 0x56, 0x56, 0x33, 0x31, 0x69, 0x4a, 0x52,
1090
0x62, 0x5b, 0x6e, 0x65, 0x7c, 0x3d, 0x31, 0x55,
1091
0x3d, 0x75, 0x25, 0x61, 0x50, 0x71, 0x45, 0x29
1092
};
1093
uint32_t request5_len = sizeof(request5);
1094
1095
uint8_t request6[] = {
1096
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1097
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1098
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
1099
0x5b, 0x56, 0x3d, 0x5a, 0x6b, 0x43, 0x73, 0x26,
1100
0x65, 0x3b, 0x38, 0x79, 0x26, 0x5e, 0x60, 0x59,
1101
0x40, 0x71, 0x7c, 0x72, 0x28, 0x29, 0x69, 0x32,
1102
0x72, 0x5a, 0x6c, 0x55, 0x43, 0x65, 0x3f, 0x4a,
1103
0x21, 0x66, 0x59, 0x30, 0x76, 0x39, 0x21, 0x69,
1104
0x4b, 0x25, 0x5d, 0x6e, 0x5f, 0x24, 0x2b, 0x38,
1105
0x70, 0x78, 0x35, 0x7d, 0x39, 0x36, 0x31, 0x72,
1106
0x44, 0x49, 0x45, 0x3d, 0x25, 0x50, 0x24, 0x3b,
1107
0x52, 0x27, 0x66, 0x46, 0x5d, 0x4f, 0x34, 0x50,
1108
0x26, 0x5a, 0x25, 0x3e, 0x3f, 0x34, 0x4b, 0x35,
1109
0x77, 0x3a, 0x3f, 0x3e, 0x23, 0x4e, 0x30, 0x23,
1110
0x70, 0x72, 0x33, 0x34, 0x60, 0x2a, 0x4a, 0x32,
1111
0x6e, 0x29, 0x54, 0x73, 0x5f, 0x26, 0x71, 0x3a,
1112
0x78, 0x5d, 0x3f, 0x31, 0x48, 0x59, 0x61, 0x44,
1113
0x5c, 0x38, 0x4f, 0x41, 0x73, 0x67, 0x62, 0x73,
1114
0x33, 0x52, 0x77, 0x73, 0x57, 0x49, 0x7a, 0x59,
1115
0x26, 0x21, 0x34, 0x38, 0x2b, 0x5f, 0x5f, 0x37,
1116
0x74, 0x28, 0x46, 0x3d, 0x43, 0x42, 0x26, 0x66,
1117
0x63, 0x37, 0x6d, 0x2a, 0x65, 0x3f, 0x71, 0x2d,
1118
0x4c, 0x72, 0x29, 0x4b, 0x3a, 0x77, 0x64, 0x6a,
1119
0x6b, 0x42, 0x70, 0x5c, 0x51, 0x38, 0x71, 0x25,
1120
0x4c, 0x7c, 0x6f, 0x74, 0x71, 0x39, 0x71, 0x25,
1121
0x3f, 0x62, 0x23, 0x45, 0x5f, 0x77, 0x59, 0x56,
1122
0x56, 0x67, 0x78, 0x3a, 0x2e, 0x4e, 0x27, 0x59,
1123
0x65, 0x2f, 0x64, 0x3c, 0x62, 0x40, 0x69, 0x52,
1124
0x36, 0x49, 0x3e, 0x3b, 0x2c, 0x47, 0x4f, 0x3e,
1125
0x61, 0x78, 0x2d, 0x45, 0x71, 0x3f, 0x7b, 0x55,
1126
0x34, 0x36, 0x47, 0x5e, 0x36, 0x51, 0x3d, 0x5a,
1127
0x4b, 0x75, 0x44, 0x72, 0x61, 0x44, 0x71, 0x4e,
1128
0x42, 0x6a, 0x2c, 0x34, 0x40, 0x3b, 0x40, 0x31,
1129
0x31, 0x75, 0x4b, 0x32, 0x71, 0x69, 0x3a, 0x5d,
1130
0x31, 0x25, 0x53, 0x2a, 0x61, 0x54, 0x68, 0x2a,
1131
0x76, 0x71, 0x57, 0x67, 0x56, 0x23, 0x7d, 0x70,
1132
0x7d, 0x28, 0x57, 0x5f, 0x2f, 0x4c, 0x71, 0x2e,
1133
0x40, 0x63, 0x49, 0x5b, 0x7c, 0x7b, 0x56, 0x76,
1134
0x77, 0x46, 0x69, 0x56, 0x3d, 0x75, 0x31, 0x3b,
1135
0x35, 0x40, 0x37, 0x2c, 0x51, 0x37, 0x49, 0x6a,
1136
0x79, 0x68, 0x53, 0x31, 0x4c, 0x6f, 0x57, 0x4c,
1137
0x48, 0x31, 0x6a, 0x30, 0x2b, 0x69, 0x30, 0x56,
1138
0x58, 0x4b, 0x76, 0x3b, 0x60, 0x6d, 0x35, 0x4d,
1139
0x74, 0x2f, 0x74, 0x2c, 0x54, 0x4f, 0x6e, 0x3f,
1140
0x38, 0x56, 0x5c, 0x67, 0x2b, 0x4a, 0x35, 0x30,
1141
0x67, 0x7d, 0x58, 0x24, 0x59, 0x54, 0x48, 0x2e,
1142
0x28, 0x7d, 0x6e, 0x51, 0x55, 0x68, 0x56, 0x54,
1143
0x59, 0x31, 0x4a, 0x65, 0x5a, 0x5e, 0x27, 0x76,
1144
0x76, 0x65, 0x6d, 0x2f, 0x75, 0x63, 0x67, 0x52,
1145
0x5e, 0x29, 0x58, 0x3d, 0x5c, 0x3f, 0x54, 0x7c,
1146
0x67, 0x21, 0x6e, 0x75, 0x67, 0x35, 0x77, 0x31,
1147
0x3d, 0x26, 0x3f, 0x60, 0x45, 0x2d, 0x2b, 0x45,
1148
0x5d, 0x3f, 0x55, 0x73, 0x59, 0x4c, 0x5e, 0x6c,
1149
0x30, 0x4a, 0x4e, 0x47, 0x55, 0x42, 0x6a, 0x4b,
1150
0x32, 0x3c, 0x75, 0x6e, 0x36, 0x51, 0x5f, 0x4c,
1151
0x68, 0x72, 0x72, 0x27, 0x3b, 0x51, 0x59, 0x7b,
1152
0x68, 0x7b, 0x3b, 0x54, 0x35, 0x37, 0x7c, 0x44,
1153
0x43, 0x36, 0x4c, 0x4f, 0x67, 0x62, 0x4e, 0x39,
1154
0x4b, 0x7a, 0x49, 0x36, 0x68, 0x38, 0x4c, 0x4a,
1155
0x64, 0x33, 0x35, 0x2f, 0x3e, 0x5c, 0x58, 0x61,
1156
0x23, 0x5b, 0x50, 0x6e, 0x34, 0x44, 0x60, 0x28,
1157
0x54, 0x41, 0x5c, 0x31, 0x53, 0x2d, 0x58, 0x58,
1158
0x54, 0x28, 0x77, 0x51, 0x6f, 0x64, 0x4c, 0x68,
1159
0x34, 0x79, 0x45, 0x66, 0x2c, 0x26, 0x77, 0x64,
1160
0x5f, 0x6c, 0x3b, 0x71, 0x28, 0x4d, 0x68, 0x2a,
1161
0x6b, 0x37, 0x6a, 0x34, 0x51, 0x27, 0x2a, 0x46,
1162
0x3a, 0x2e, 0x35, 0x21, 0x21, 0x79, 0x51, 0x44,
1163
0x58, 0x5d, 0x6f, 0x65, 0x6b, 0x76, 0x68, 0x3a,
1164
0x43, 0x70, 0x36, 0x41, 0x6b, 0x56, 0x64, 0x75,
1165
0x5b, 0x37, 0x24, 0x56, 0x7c, 0x6e, 0x6c, 0x41,
1166
0x3a, 0x60, 0x56, 0x38, 0x55, 0x63, 0x77, 0x4d,
1167
0x6e, 0x50, 0x3c, 0x3d, 0x7a, 0x44, 0x71, 0x42,
1168
0x4b, 0x55, 0x75, 0x72, 0x61, 0x60, 0x65, 0x6f,
1169
0x7a, 0x26, 0x64, 0x46, 0x67, 0x74, 0x29, 0x2a,
1170
0x5b, 0x62, 0x41, 0x28, 0x62, 0x30, 0x34, 0x33,
1171
0x40, 0x79, 0x7a, 0x38, 0x56, 0x38, 0x73, 0x22,
1172
0x7a, 0x7d, 0x73, 0x2a, 0x2a, 0x28, 0x2b, 0x63,
1173
0x27, 0x6f, 0x3d, 0x3e, 0x2c, 0x56, 0x23, 0x32,
1174
0x4b, 0x3b, 0x58, 0x4d, 0x72, 0x4c, 0x49, 0x6f,
1175
0x30, 0x76, 0x23, 0x21, 0x21, 0x3c, 0x49, 0x56,
1176
0x7a, 0x56, 0x79, 0x2f, 0x50, 0x7a, 0x5b, 0x21,
1177
0x21, 0x4a, 0x48, 0x61, 0x33, 0x52, 0x49, 0x2e,
1178
0x30, 0x7d, 0x2c, 0x2d, 0x67, 0x23, 0x55, 0x62,
1179
0x66, 0x52, 0x5a, 0x61, 0x75, 0x63, 0x3c, 0x39,
1180
0x69, 0x41, 0x31, 0x6b, 0x4e, 0x6f, 0x25, 0x34,
1181
0x74, 0x30, 0x21, 0x3a, 0x40, 0x72, 0x44, 0x40,
1182
0x60, 0x4c, 0x53, 0x74, 0x42, 0x64, 0x44, 0x49,
1183
0x76, 0x67, 0x21, 0x79, 0x36, 0x3c, 0x37, 0x70,
1184
0x4f, 0x58, 0x29, 0x71, 0x2a, 0x3a, 0x4d, 0x5d,
1185
0x67, 0x68, 0x52, 0x63, 0x23, 0x24, 0x4b, 0x21,
1186
0x3f, 0x68, 0x69, 0x6c, 0x66, 0x66, 0x42, 0x28,
1187
0x59, 0x35, 0x34, 0x6f, 0x2d, 0x6a, 0x25, 0x66,
1188
0x34, 0x54, 0x5d, 0x50, 0x26, 0x41, 0x22, 0x4f,
1189
0x34, 0x79, 0x3c, 0x50, 0x68, 0x2d, 0x5f, 0x7b,
1190
0x63, 0x7d, 0x58, 0x2e, 0x73, 0x46, 0x2f, 0x54,
1191
0x61, 0x27, 0x74, 0x45, 0x23, 0x72, 0x31, 0x7d,
1192
0x63, 0x4b, 0x43, 0x5e, 0x44, 0x54, 0x2c, 0x38,
1193
0x58, 0x24, 0x75, 0x6c, 0x50, 0x3c, 0x23, 0x5f,
1194
0x35, 0x57, 0x4f, 0x7b, 0x2f, 0x57, 0x29, 0x73,
1195
0x58, 0x2a, 0x66, 0x3e, 0x49, 0x42, 0x5a, 0x6b,
1196
0x75, 0x6a, 0x38, 0x3f, 0x73, 0x44, 0x42, 0x46,
1197
0x2d, 0x39, 0x66, 0x5b, 0x28, 0x3e, 0x63, 0x62,
1198
0x53, 0x75, 0x65, 0x64, 0x79, 0x32, 0x35, 0x71,
1199
0x22, 0x6a, 0x7b, 0x41, 0x2b, 0x26, 0x43, 0x79,
1200
0x58, 0x6f, 0x71, 0x25, 0x24, 0x34, 0x72, 0x5b,
1201
0x4a, 0x2c, 0x5c, 0x77, 0x23, 0x42, 0x27, 0x6a,
1202
0x67, 0x51, 0x5f, 0x3c, 0x75, 0x2c, 0x3f, 0x43,
1203
0x45, 0x5b, 0x48, 0x65, 0x6f, 0x6c, 0x27, 0x65,
1204
0x21, 0x3e, 0x33, 0x37, 0x5f, 0x2b, 0x2e, 0x24,
1205
0x22, 0x47, 0x4e, 0x33, 0x5b, 0x7b, 0x21, 0x3c,
1206
0x53, 0x69, 0x2e, 0x31, 0x3d, 0x48, 0x57, 0x3a,
1207
0x56, 0x48, 0x6b, 0x47, 0x5d, 0x33, 0x41, 0x6c,
1208
0x66, 0x4c, 0x61, 0x67, 0x32, 0x69, 0x53, 0x2c,
1209
0x2f, 0x3e, 0x36, 0x68, 0x37, 0x28, 0x40, 0x21,
1210
0x76, 0x27, 0x44, 0x26, 0x24, 0x6a, 0x30, 0x75,
1211
0x2a, 0x73, 0x48, 0x36, 0x52, 0x4a, 0x3b, 0x51,
1212
0x4e, 0x2f, 0x23, 0x36, 0x4b, 0x49, 0x33, 0x5a,
1213
0x70, 0x2c, 0x54, 0x5b, 0x67, 0x48, 0x53, 0x5d,
1214
0x21, 0x3e, 0x6b, 0x52, 0x6a, 0x3c, 0x48, 0x29,
1215
0x68, 0x27, 0x32, 0x75, 0x61, 0x7c, 0x51, 0x2e,
1216
0x7b, 0x49, 0x2f, 0x5b, 0x3d, 0x74, 0x5a, 0x28,
1217
0x26, 0x29, 0x2c, 0x30, 0x54, 0x74, 0x45, 0x55,
1218
0x4a, 0x3d, 0x39, 0x35, 0x66, 0x56, 0x28, 0x6d,
1219
0x6e, 0x38, 0x7b, 0x2b, 0x40, 0x31, 0x56, 0x61,
1220
0x74, 0x2b, 0x79, 0x5f, 0x63, 0x51, 0x53, 0x52,
1221
0x7d, 0x73, 0x4e, 0x2e, 0x45, 0x3b, 0x22, 0x28,
1222
0x6c, 0x2b, 0x47, 0x21, 0x50, 0x2a, 0x7c, 0x45,
1223
0x48, 0x57, 0x3e, 0x2f, 0x6d, 0x66, 0x6c, 0x51,
1224
0x23, 0x6c, 0x37, 0x4d, 0x4b, 0x4b, 0x66, 0x55,
1225
0x69, 0x2e, 0x4a, 0x69, 0x71, 0x7c, 0x71, 0x30,
1226
0x5c, 0x43, 0x46, 0x63, 0x5a, 0x23, 0x75, 0x40
1227
};
1228
uint32_t request6_len = sizeof(request6);
1229
1230
uint8_t request7[] = {
1231
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1232
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1233
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
1234
0x5d, 0x32, 0x55, 0x71, 0x51, 0x45, 0x4e, 0x54,
1235
0x34, 0x21, 0x46, 0x77, 0x5e, 0x5b, 0x75, 0x62,
1236
0x2b, 0x5c, 0x34, 0x26, 0x72, 0x2b, 0x2c, 0x64,
1237
0x4b, 0x65, 0x56, 0x72, 0x31, 0x7d, 0x6a, 0x5f,
1238
0x70, 0x26, 0x32, 0x29, 0x7d, 0x21, 0x5b, 0x3e,
1239
0x5e, 0x53, 0x3d, 0x48, 0x5e, 0x2a, 0x4c, 0x37,
1240
0x3d, 0x59, 0x79, 0x21, 0x4f, 0x56, 0x79, 0x2a,
1241
0x4e, 0x28, 0x61, 0x7d, 0x2c, 0x58, 0x2f, 0x78,
1242
0x5c, 0x3f, 0x5c, 0x42, 0x6d, 0x2f, 0x71, 0x54,
1243
0x25, 0x31, 0x73, 0x38, 0x6c, 0x31, 0x5a, 0x2e,
1244
0x42, 0x5b, 0x2d, 0x41, 0x24, 0x4c, 0x37, 0x40,
1245
0x39, 0x7d, 0x2a, 0x67, 0x60, 0x6a, 0x7a, 0x62,
1246
0x24, 0x4e, 0x3f, 0x2e, 0x69, 0x35, 0x28, 0x65,
1247
0x77, 0x53, 0x23, 0x44, 0x59, 0x71, 0x31, 0x5c,
1248
0x40, 0x5d, 0x3a, 0x27, 0x46, 0x55, 0x30, 0x56,
1249
0x21, 0x74, 0x3e, 0x73, 0x41, 0x22, 0x52, 0x68,
1250
0x40, 0x6c, 0x37, 0x3e, 0x62, 0x5a, 0x2e, 0x21,
1251
0x23, 0x33, 0x27, 0x73, 0x68, 0x26, 0x60, 0x67,
1252
0x70, 0x58, 0x50, 0x42, 0x58, 0x27, 0x3a, 0x35,
1253
0x6f, 0x51, 0x62, 0x78, 0x25, 0x2c, 0x7b, 0x66,
1254
0x34, 0x6a, 0x5a, 0x39, 0x60, 0x70, 0x41, 0x2d,
1255
0x65, 0x26, 0x5a, 0x67, 0x58, 0x2d, 0x3e, 0x56,
1256
0x6d, 0x30, 0x4b, 0x4d, 0x5d, 0x45, 0x41, 0x3d,
1257
0x6e, 0x27, 0x4e, 0x5a, 0x7d, 0x2e, 0x62, 0x4d,
1258
0x42, 0x70, 0x31, 0x24, 0x73, 0x5c, 0x78, 0x77,
1259
0x50, 0x73, 0x27, 0x48, 0x3d, 0x35, 0x2c, 0x4b,
1260
0x40, 0x2d, 0x25, 0x77, 0x5d, 0x3d, 0x6b, 0x50,
1261
0x6f, 0x57, 0x73, 0x2f, 0x4f, 0x6e, 0x4c, 0x6e,
1262
0x56, 0x7b, 0x55, 0x3c, 0x6d, 0x60, 0x47, 0x53,
1263
0x56, 0x39, 0x3b, 0x51, 0x61, 0x71, 0x75, 0x73,
1264
0x6b, 0x70, 0x58, 0x5f, 0x2c, 0x27, 0x74, 0x49,
1265
0x2c, 0x2b, 0x53, 0x2d, 0x5b, 0x79, 0x43, 0x34,
1266
0x39, 0x5a, 0x38, 0x3e, 0x2d, 0x66, 0x70, 0x3d,
1267
0x49, 0x51, 0x29, 0x4d, 0x5d, 0x4c, 0x57, 0x4a,
1268
0x2f, 0x41, 0x69, 0x56, 0x57, 0x77, 0x49, 0x58,
1269
0x75, 0x28, 0x29, 0x4a, 0x6d, 0x54, 0x4f, 0x4f,
1270
0x3f, 0x58, 0x5f, 0x58, 0x6f, 0x39, 0x22, 0x4d,
1271
0x5d, 0x31, 0x75, 0x43, 0x2f, 0x7d, 0x31, 0x3d,
1272
0x4c, 0x4d, 0x76, 0x74, 0x4d, 0x57, 0x3b, 0x56,
1273
0x57, 0x48, 0x2b, 0x5d, 0x32, 0x67, 0x51, 0x6e,
1274
0x60, 0x39, 0x6f, 0x64, 0x38, 0x37, 0x52, 0x4b,
1275
0x52, 0x42, 0x32, 0x4f, 0x24, 0x53, 0x31, 0x6e,
1276
0x4a, 0x68, 0x2f, 0x28, 0x2e, 0x27, 0x49, 0x75,
1277
0x77, 0x75, 0x26, 0x47, 0x7c, 0x5d, 0x72, 0x5a,
1278
0x77, 0x50, 0x2e, 0x6c, 0x27, 0x68, 0x6b, 0x7b,
1279
0x27, 0x63, 0x21, 0x3d, 0x30, 0x2d, 0x5c, 0x67,
1280
0x4d, 0x41, 0x79, 0x47, 0x42, 0x50, 0x6d, 0x32,
1281
0x74, 0x39, 0x62, 0x4d, 0x5f, 0x65, 0x78, 0x4f,
1282
0x67, 0x3a, 0x60, 0x26, 0x45, 0x61, 0x7c, 0x61,
1283
0x63, 0x40, 0x46, 0x79, 0x52, 0x47, 0x57, 0x49,
1284
0x53, 0x4c, 0x48, 0x36, 0x67, 0x47, 0x5c, 0x71,
1285
0x50, 0x4d, 0x4f, 0x58, 0x26, 0x40, 0x6d, 0x54,
1286
0x55, 0x67, 0x66, 0x23, 0x70, 0x23, 0x68, 0x70,
1287
0x4d, 0x2c, 0x7a, 0x3d, 0x60, 0x51, 0x35, 0x64,
1288
0x56, 0x2f, 0x26, 0x6d, 0x72, 0x6a, 0x59, 0x34,
1289
0x3a, 0x73, 0x4b, 0x27, 0x33, 0x61, 0x26, 0x45,
1290
0x61, 0x28, 0x74, 0x22, 0x54, 0x50, 0x2e, 0x39,
1291
0x6a, 0x2c, 0x27, 0x59, 0x26, 0x73, 0x44, 0x71,
1292
0x67, 0x4c, 0x37, 0x74, 0x2c, 0x63, 0x52, 0x2a,
1293
0x60, 0x4f, 0x7b, 0x32, 0x39, 0x21, 0x79, 0x54,
1294
0x79, 0x6d, 0x28, 0x27, 0x3a, 0x6a, 0x7d, 0x40,
1295
0x6a, 0x4f, 0x4b, 0x46, 0x61, 0x36, 0x6a, 0x22,
1296
0x3f, 0x77, 0x2d, 0x6a, 0x3b, 0x73, 0x71, 0x72,
1297
0x3c, 0x21, 0x2e, 0x3f, 0x33, 0x25, 0x76, 0x64,
1298
0x64, 0x70, 0x43, 0x32, 0x44, 0x73, 0x61, 0x51,
1299
0x3c, 0x3b, 0x45, 0x3a, 0x68, 0x46, 0x5b, 0x6e,
1300
0x36, 0x47, 0x4d, 0x38, 0x26, 0x4f, 0x5c, 0x7d,
1301
0x73, 0x29, 0x24, 0x78, 0x44, 0x75, 0x40, 0x42,
1302
0x41, 0x2a, 0x73, 0x2b, 0x24, 0x38, 0x51, 0x67,
1303
0x36, 0x67, 0x2f, 0x70, 0x58, 0x54, 0x6e, 0x5d,
1304
0x3b, 0x41, 0x59, 0x76, 0x7d, 0x2d, 0x40, 0x70,
1305
0x29, 0x4a, 0x4a, 0x31, 0x79, 0x2c, 0x4e, 0x22,
1306
0x31, 0x59, 0x31, 0x3c, 0x2f, 0x21, 0x29, 0x3f,
1307
0x65, 0x6c, 0x38, 0x55, 0x4f, 0x27, 0x66, 0x66,
1308
0x34, 0x45, 0x49, 0x41, 0x56, 0x24, 0x2e, 0x40,
1309
0x36, 0x23, 0x5a, 0x46, 0x40, 0x23, 0x7b, 0x2d,
1310
0x69, 0x54, 0x6c, 0x51, 0x58, 0x73, 0x56, 0x60,
1311
0x5f, 0x60, 0x63, 0x5f, 0x77, 0x6a, 0x4c, 0x2c,
1312
0x35, 0x39, 0x60, 0x73, 0x63, 0x3e, 0x2d, 0x55,
1313
0x5a, 0x26, 0x4b, 0x43, 0x3b, 0x56, 0x33, 0x58,
1314
0x74, 0x51, 0x4f, 0x5c, 0x2a, 0x44, 0x78, 0x66,
1315
0x78, 0x71, 0x40, 0x29, 0x5e, 0x26, 0x57, 0x51,
1316
0x49, 0x30, 0x29, 0x73, 0x38, 0x56, 0x6c, 0x41,
1317
0x78, 0x3d, 0x61, 0x3d, 0x2c, 0x33, 0x46, 0x57,
1318
0x54, 0x63, 0x3e, 0x79, 0x55, 0x4a, 0x7d, 0x2e,
1319
0x2a, 0x3c, 0x77, 0x47, 0x35, 0x29, 0x5a, 0x6d,
1320
0x69, 0x48, 0x6b, 0x73, 0x7d, 0x4f, 0x5f, 0x6f,
1321
0x3a, 0x7a, 0x4e, 0x54, 0x59, 0x38, 0x62, 0x44,
1322
0x72, 0x51, 0x57, 0x6a, 0x74, 0x54, 0x4f, 0x77,
1323
0x6b, 0x66, 0x4a, 0x6b, 0x39, 0x29, 0x69, 0x60,
1324
0x71, 0x52, 0x6a, 0x32, 0x66, 0x6c, 0x25, 0x76,
1325
0x27, 0x7a, 0x2c, 0x38, 0x72, 0x4e, 0x5f, 0x40,
1326
0x26, 0x74, 0x6a, 0x5e, 0x42, 0x38, 0x78, 0x34,
1327
0x4f, 0x4f, 0x35, 0x27, 0x39, 0x62, 0x52, 0x61,
1328
0x37, 0x54, 0x47, 0x38, 0x70, 0x31, 0x7a, 0x66,
1329
0x69, 0x72, 0x24, 0x52, 0x2a, 0x2a, 0x78, 0x72,
1330
0x2b, 0x2e, 0x2a, 0x57, 0x4a, 0x21, 0x52, 0x3c,
1331
0x2a, 0x2f, 0x24, 0x58, 0x34, 0x3c, 0x42, 0x5c,
1332
0x5b, 0x78, 0x27, 0x55, 0x63, 0x58, 0x3e, 0x26,
1333
0x50, 0x2c, 0x72, 0x60, 0x36, 0x6c, 0x46, 0x58,
1334
0x63, 0x59, 0x23, 0x2a, 0x2d, 0x63, 0x6a, 0x68,
1335
0x69, 0x74, 0x3f, 0x49, 0x4f, 0x48, 0x4a, 0x3b,
1336
0x59, 0x56, 0x77, 0x43, 0x6d, 0x57, 0x28, 0x5f,
1337
0x39, 0x73, 0x28, 0x74, 0x3c, 0x4f, 0x43, 0x48,
1338
0x6a, 0x57, 0x5d, 0x41, 0x73, 0x3f, 0x41, 0x7c,
1339
0x65, 0x5e, 0x2d, 0x38, 0x72, 0x3a, 0x53, 0x3e,
1340
0x33, 0x47, 0x69, 0x6a, 0x6e, 0x78, 0x67, 0x5d,
1341
0x35, 0x3b, 0x3f, 0x23, 0x7c, 0x71, 0x3d, 0x7c,
1342
0x3a, 0x3c, 0x75, 0x6e, 0x00, 0x00, 0x00, 0x00,
1343
0x50, 0x6a, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00,
1344
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1345
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1346
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1347
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1348
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1349
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1350
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1351
0x00, 0x00, 0x00, 0x00, 0x50, 0x6a, 0x40, 0x00,
1352
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1353
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1354
0x50, 0x6a, 0x40, 0x00, 0x01, 0x00, 0x00, 0x00,
1355
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
1356
0x00, 0x00, 0x00, 0x00, 0x50, 0x6a, 0x40, 0x00,
1357
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1358
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1359
0x50, 0x80, 0x23, 0x00, 0xdf, 0xaf, 0xff, 0x33,
1360
0x9b, 0x78, 0x70, 0x43, 0xc5, 0x0a, 0x4d, 0x98,
1361
0x96, 0x02, 0x64, 0x92, 0xc1, 0xee, 0x70, 0x32
1362
};
1363
uint32_t request7_len = sizeof(request7);
1364
1365
uint8_t request8[] = {
1366
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1367
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1368
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
1369
0x65, 0xc1, 0xef, 0x7b, 0xd6, 0xaa, 0xd6, 0x09,
1370
0x21, 0xf6, 0xe7, 0xd1, 0x4c, 0xdf, 0x6a, 0x2d,
1371
0x0a, 0xfb, 0x43, 0xea, 0xda, 0x07, 0x24, 0x84,
1372
0x88, 0x52, 0x9e, 0xa8, 0xa1, 0x7f, 0x4b, 0x60,
1373
0xec, 0x94, 0x57, 0x33, 0x06, 0x93, 0x92, 0x25,
1374
0xd6, 0xac, 0xdc, 0x89, 0x68, 0x5e, 0xbb, 0x32,
1375
0x2b, 0x17, 0x68, 0xf2, 0x06, 0xb7, 0x86, 0xac,
1376
0x81, 0xfe, 0x52, 0x27, 0xf5, 0x80, 0x11, 0x0d,
1377
0x4e, 0x2e, 0x1b, 0xa3, 0x44, 0x8a, 0x58, 0xed,
1378
0xf3, 0x9c, 0xe9, 0x31, 0x01, 0x72, 0xa6, 0xab,
1379
0xfa, 0xa8, 0x05, 0x00, 0x37, 0x60, 0x6b, 0x81,
1380
0xef, 0xf4, 0x96, 0x9a, 0xf7, 0x67, 0x95, 0x27,
1381
0x7a, 0x25, 0xef, 0x6f, 0x0e, 0xff, 0x2d, 0x15,
1382
0x7f, 0x23, 0x1c, 0xa7, 0x56, 0x94, 0x4a, 0x18,
1383
0x98, 0xc6, 0xd8, 0xd2, 0x29, 0x5b, 0x57, 0xb8,
1384
0x5d, 0x3a, 0x93, 0x58, 0x45, 0x77, 0x36, 0xe3,
1385
0xd1, 0x36, 0x87, 0xff, 0xe3, 0x94, 0x0f, 0x00,
1386
0xe6, 0x7c, 0x1a, 0x92, 0xc1, 0x5f, 0x40, 0xc3,
1387
0xa3, 0x25, 0xce, 0xd4, 0xaf, 0x39, 0xeb, 0x17,
1388
0xcf, 0x22, 0x43, 0xd9, 0x0c, 0xce, 0x37, 0x86,
1389
0x46, 0x54, 0xd6, 0xce, 0x00, 0x30, 0x36, 0xae,
1390
0xf9, 0xb5, 0x2b, 0x11, 0xa0, 0xfe, 0xa3, 0x4b,
1391
0x2e, 0x05, 0xbe, 0x54, 0xa9, 0xd8, 0xa5, 0x76,
1392
0x83, 0x5b, 0x63, 0x01, 0x1c, 0xd4, 0x56, 0x72,
1393
0xcd, 0xdc, 0x4a, 0x1d, 0x77, 0xda, 0x8a, 0x9e,
1394
0xba, 0xcb, 0x6c, 0xe8, 0x19, 0x5d, 0x68, 0xef,
1395
0x8e, 0xbc, 0x6a, 0x05, 0x53, 0x0b, 0xc7, 0xc5,
1396
0x96, 0x84, 0x04, 0xd9, 0xda, 0x4c, 0x42, 0x31,
1397
0xd9, 0xbd, 0x99, 0x06, 0xf7, 0xa3, 0x0a, 0x19,
1398
0x49, 0x07, 0x77, 0xf0, 0xdb, 0x7c, 0x43, 0xfa,
1399
0xb2, 0xad, 0xb0, 0xfa, 0x87, 0x52, 0xba, 0xc9,
1400
0x94, 0x61, 0xdc, 0xcf, 0x16, 0xac, 0x0f, 0x4a,
1401
0xa3, 0x6b, 0x5b, 0x6e, 0x27, 0x86, 0x1f, 0xfe,
1402
0x4d, 0x28, 0x3a, 0xa5, 0x10, 0x54, 0x6d, 0xed,
1403
0x53, 0xf9, 0x73, 0xc6, 0x6e, 0xa8, 0xc0, 0x97,
1404
0xcf, 0x56, 0x3b, 0x61, 0xdf, 0xab, 0x83, 0x18,
1405
0xe8, 0x09, 0xee, 0x6a, 0xb7, 0xf5, 0xc9, 0x62,
1406
0x55, 0x2d, 0xc7, 0x0c, 0x0d, 0xa0, 0x22, 0xd8,
1407
0xd4, 0xd6, 0xb2, 0x12, 0x21, 0xd7, 0x73, 0x3e,
1408
0x41, 0xb0, 0x5c, 0xd4, 0xcf, 0x98, 0xf3, 0x70,
1409
0xe6, 0x08, 0xe6, 0x2a, 0x4f, 0x24, 0x85, 0xe8,
1410
0x74, 0xa8, 0x41, 0x5f, 0x0e, 0xfd, 0xf1, 0xf3,
1411
0xbe, 0x9b, 0x14, 0xfd, 0xc0, 0x73, 0x11, 0xff,
1412
0xa5, 0x5b, 0x06, 0x34, 0xc3, 0x6c, 0x28, 0x42,
1413
0x07, 0xfe, 0x8a, 0xa5, 0xbe, 0x72, 0x7a, 0xf7,
1414
0xfa, 0x25, 0xec, 0x35, 0x5e, 0x98, 0x71, 0x50,
1415
0x60, 0x35, 0x76, 0x53, 0x40, 0x1a, 0x34, 0xa5,
1416
0x99, 0x09, 0xa2, 0xc6, 0xca, 0xa5, 0xce, 0x08,
1417
0x50, 0x45, 0xab, 0x8d, 0xfb, 0xe3, 0xb8, 0xe4,
1418
0x8a, 0x61, 0x48, 0x14, 0x6e, 0xf7, 0x58, 0x71,
1419
0xe5, 0x2e, 0xbc, 0x12, 0xd1, 0x25, 0xe9, 0x65,
1420
0x7a, 0xa1, 0x27, 0xbe, 0x3b, 0x8b, 0xe8, 0xe7,
1421
0xbc, 0xe1, 0x05, 0xe7, 0x92, 0xeb, 0xb9, 0xdf,
1422
0x5d, 0x53, 0x74, 0xc0, 0x63, 0x97, 0x80, 0xb8,
1423
0x3c, 0xae, 0xf3, 0xf2, 0x09, 0x12, 0x81, 0x6c,
1424
0x69, 0x10, 0x6f, 0xf6, 0xbe, 0x03, 0x7b, 0x88,
1425
0xcf, 0x26, 0x6b, 0x51, 0x06, 0x23, 0x68, 0x03,
1426
0xa1, 0xb7, 0xd3, 0x0c, 0xca, 0xbf, 0x29, 0x01,
1427
0xa9, 0x61, 0x34, 0x75, 0x98, 0x1e, 0x05, 0x59,
1428
0xb3, 0x46, 0x44, 0xff, 0x2b, 0x98, 0x04, 0x88,
1429
0x89, 0xfd, 0x7f, 0xd5, 0x19, 0x8a, 0xa6, 0xf3,
1430
0xd9, 0x44, 0xd5, 0xf9, 0x3a, 0x3c, 0xec, 0xd9,
1431
0x9b, 0x8c, 0x93, 0x93, 0x2b, 0x44, 0x86, 0x8b,
1432
0x80, 0x83, 0x23, 0x00, 0xdf, 0xaf, 0xff, 0x33,
1433
0x9b, 0x78, 0x70, 0x43, 0xf1, 0x55, 0x87, 0xb1,
1434
0xa1, 0xb3, 0x8e, 0x79, 0x02, 0x70, 0x82, 0x6c,
1435
0x0b, 0xc1, 0xef, 0x96, 0xf1, 0xef, 0xdd, 0xa2,
1436
0x69, 0x86, 0xc7, 0x85, 0x09, 0x7e, 0xf0, 0x2f,
1437
0x8e, 0xa0, 0x5f, 0xea, 0x39, 0x2e, 0x24, 0xf0,
1438
0x82, 0x30, 0x26, 0xa8, 0xa1, 0x4f, 0xc6, 0x5c,
1439
0xec, 0x94, 0x87, 0x52, 0x9b, 0x93, 0x92, 0xf3,
1440
0xa3, 0x1b, 0xc7, 0x8f, 0x9e, 0xb3, 0xbb, 0x32,
1441
0x2b, 0x17, 0x54, 0xf2, 0x06, 0x0c, 0x86, 0x92,
1442
0x0f, 0xb8, 0xe0, 0x27, 0x50, 0xaa, 0xeb, 0xf5,
1443
0x4e, 0x2b, 0x1b, 0xb2, 0x44, 0xe6, 0x58, 0x02,
1444
0xd7, 0x65, 0xdc, 0x31, 0x01, 0xec, 0xa6, 0xab,
1445
0xfa, 0xa8, 0x05, 0x00, 0x37, 0x60, 0x4f, 0xa1,
1446
0x3c, 0x4f, 0x7a, 0x9a, 0x10, 0x67, 0x95, 0xc2,
1447
0x5b, 0x25, 0xef, 0x76, 0x0e, 0xff, 0x2d, 0x15,
1448
0x7f, 0x23, 0x1c, 0x77, 0x56, 0x94, 0x4a, 0x18,
1449
0x98, 0xc6, 0xd8, 0xd2, 0x29, 0x44, 0x57, 0xb8,
1450
0x40, 0x3a, 0x93, 0x58, 0x45, 0x77, 0x36, 0x36,
1451
0x07, 0x35, 0x2a, 0xff, 0x00, 0x94, 0x5c, 0x80,
1452
0xe6, 0x7c, 0x1a, 0x92, 0xc1, 0x5f, 0x40, 0xc3,
1453
0xbc, 0xf8, 0xce, 0x05, 0x77, 0x39, 0x40, 0x17,
1454
0xcf, 0x63, 0x43, 0x77, 0x27, 0xce, 0x37, 0x86,
1455
0x46, 0x54, 0xd6, 0xce, 0x00, 0x30, 0x36, 0xae,
1456
0x9f, 0x24, 0x2b, 0x5a, 0xa0, 0xfe, 0xa3, 0x4b,
1457
0x2e, 0x7e, 0xf7, 0x54, 0xa9, 0xd8, 0xa5, 0x76,
1458
0x83, 0x7b, 0x63, 0x01, 0x1c, 0xd4, 0x56, 0x17,
1459
0x02, 0xdc, 0x4a, 0x89, 0x77, 0xda, 0x8f, 0x9e,
1460
0xba, 0xcb, 0x37, 0xe8, 0x19, 0x5d, 0x68, 0x38,
1461
0x8e, 0xbc, 0x6a, 0x05, 0x53, 0x0b, 0xc7, 0xc5,
1462
0x96, 0x84, 0x5a, 0xd9, 0x6d, 0x4c, 0x42, 0x31,
1463
0xd9, 0xf2, 0x99, 0x06, 0xf7, 0x0c, 0x99, 0xbe,
1464
0x49, 0x07, 0x77, 0xf0, 0x8b, 0x7c, 0x43, 0xfa,
1465
0xb2, 0xad, 0xb0, 0xfa, 0x87, 0x52, 0xba, 0xc9,
1466
0x94, 0x61, 0xdc, 0xcf, 0x16, 0xac, 0x0f, 0x4a,
1467
0xa3, 0x6b, 0x5b, 0x6e, 0x27, 0x86, 0x1f, 0xfe,
1468
0x4d, 0x28, 0x3a, 0xa5, 0x10, 0x98, 0x6d, 0xed,
1469
0x53, 0xf9, 0x73, 0xc6, 0xa5, 0xa8, 0xf7, 0x66,
1470
0xcf, 0x56, 0x3b, 0x61, 0xdf, 0xab, 0x83, 0x18,
1471
0xe8, 0x09, 0xee, 0x6a, 0xb7, 0xf5, 0xc9, 0x62,
1472
0x55, 0x2d, 0xc7, 0x0c, 0x0d, 0xa0, 0x22, 0xd8,
1473
0xd4, 0xd6, 0xb2, 0x12, 0x21, 0xd7, 0x73, 0x3e,
1474
0x41, 0xb0, 0x5c, 0xd4, 0xcf, 0x98, 0xf3, 0x70,
1475
0xe6, 0x08, 0xe6, 0x2a, 0x4f, 0x92, 0x85, 0xe8,
1476
0x74, 0xa8, 0x41, 0x5f, 0x0e, 0xfd, 0xf1, 0xf3,
1477
0xbe, 0x9b, 0x14, 0xfd, 0xc0, 0x73, 0x11, 0xff,
1478
0xa5, 0x5b, 0x06, 0x34, 0xc3, 0x5d, 0x28, 0x42,
1479
0x34, 0xfe, 0x8a, 0xa5, 0xbe, 0x72, 0x7a, 0xf7,
1480
0xfa, 0x25, 0x2b, 0x35, 0x5e, 0x98, 0x71, 0x50,
1481
0x2c, 0x35, 0x76, 0x53, 0x4e, 0x1a, 0x34, 0xa5,
1482
0x99, 0x09, 0xa2, 0xc6, 0xca, 0xa5, 0xce, 0x08,
1483
0x50, 0x45, 0xab, 0x8d, 0xfb, 0xe3, 0xb8, 0xe4,
1484
0x8a, 0x61, 0x48, 0x14, 0x6e, 0xf7, 0x58, 0x71,
1485
0xe5, 0x2e, 0xbc, 0x12, 0xd1, 0x25, 0xe9, 0x65,
1486
0x7a, 0xa1, 0x27, 0xbe, 0x3b, 0x8b, 0xe8, 0xe7,
1487
0xbc, 0x77, 0x05, 0xe7, 0x92, 0xeb, 0xb9, 0xdf,
1488
0x5d, 0x53, 0x74, 0xc0, 0x63, 0x97, 0x80, 0xb8,
1489
0x3c, 0xae, 0xf3, 0xf2, 0x09, 0x12, 0x81, 0x6c,
1490
0x69, 0x10, 0x6f, 0xf6, 0xbe, 0x03, 0x7b, 0x88,
1491
0xcf, 0x26, 0x6b, 0x51, 0x06, 0x23, 0x68, 0x03,
1492
0xa1, 0xb7, 0xd3, 0x0c, 0xca, 0xbf, 0x29, 0x01,
1493
0xa9, 0x61, 0x34, 0x75, 0x98, 0x1e, 0x6f, 0x59,
1494
0xb3, 0x46, 0x44, 0xff, 0x2b, 0x98, 0x04, 0x88,
1495
0x89, 0xfd, 0x1c, 0xd5, 0x19, 0x8a, 0xa6, 0xf3,
1496
0xd9, 0x44, 0xd5, 0xf9, 0x79, 0x26, 0x46, 0xf7
1497
};
1498
uint32_t request8_len = sizeof(request8);
1499
1500
uint8_t request9[] = {
1501
0x05, 0x00, 0x00, 0x02, 0x10, 0x00, 0x00, 0x00,
1502
0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1503
0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
1504
0xbf, 0xa1, 0x12, 0x73, 0x23, 0x44, 0x86, 0x8b,
1505
0x50, 0x6a, 0x40, 0x00
1506
};
1507
uint32_t request9_len = sizeof(request9);
1508
1509
TcpSession ssn;
1510
Packet p[11];
1511
ThreadVars tv;
1512
DetectEngineCtx *de_ctx = NULL;
1513
DetectEngineThreadCtx *det_ctx = NULL;
1514
Flow f;
1515
int r;
1516
int i = 0;
1517
1518
char *sig1 = "alert tcp any any -> any any (dce_stub_data; "
1519
"content:|26 d0 cf 80|; sid:1;)";
1520
char *sig2 = "alert tcp any any -> any any (dce_stub_data; "
1521
"content:|43 5b 67 26 65|; sid:2;)";
1522
char *sig3 = "alert tcp any any -> any any (dce_stub_data; "
1523
"content:|71 69 75 3e|; sid:3;)";
1524
char *sig4 = "alert tcp any any -> any any (dce_stub_data; "
1525
"content:|6a 68 69 3e 72|; sid:4;)";
1526
char *sig5 = "alert tcp any any -> any any (dce_stub_data; "
1527
"content:|61 50 71 45 29 5b 56 3d 5a|; sid:5;)";
1528
char *sig6 = "alert tcp any any -> any any (dce_stub_data; "
1529
"content:|23 75 40 5d 32 55|; sid:6;)";
1530
char *sig7 = "alert tcp any any -> any any (dce_stub_data; "
1531
"content:|ee 70 32 65 c1|; sid:7;)";
1532
char *sig8 = "alert tcp any any -> any any (dce_stub_data; "
1533
"content:|79 26 46 f7 bf a1|; sid:8;)";
1534
1535
Signature *s;
1536
1537
memset(&tv, 0, sizeof(ThreadVars));
1538
memset(&f, 0, sizeof(Flow));
1539
memset(&ssn, 0, sizeof(TcpSession));
1540
1541
for (i = 0; i < 11; i++) {
1542
memset(&p[i], 0, sizeof(Packet));
1543
p[i].src.family = AF_INET;
1544
p[i].dst.family = AF_INET;
1545
p[i].payload = NULL;
1546
p[i].payload_len = 0;
1547
p[i].proto = IPPROTO_TCP;
1548
p[i].flow = &f;
1549
p[i].flowflags |= FLOW_PKT_TOSERVER;
1550
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
1551
}
1552
p[1].flowflags |= FLOW_PKT_TOCLIENT;
1553
1554
FLOW_INITIALIZE(&f);
1555
f.protoctx = (void *)&ssn;
1556
f.src.family = AF_INET;
1557
f.dst.family = AF_INET;
1558
f.alproto = ALPROTO_DCERPC;
1559
1560
StreamTcpInitConfig(TRUE);
1561
FlowL7DataPtrInit(&f);
1562
1563
de_ctx = DetectEngineCtxInit();
1564
if (de_ctx == NULL)
1565
goto end;
1566
de_ctx->flags |= DE_QUIET;
1567
1568
de_ctx->sig_list = SigInit(de_ctx, sig1);
1569
s = de_ctx->sig_list;
1570
if (s == NULL)
1571
goto end;
1572
1573
s->next = SigInit(de_ctx, sig2);
1574
s = s->next;
1575
if (s == NULL)
1576
goto end;
1577
1578
s->next = SigInit(de_ctx, sig3);
1579
s = s->next;
1580
if (s == NULL)
1581
goto end;
1582
1583
s->next = SigInit(de_ctx, sig4);
1584
s = s->next;
1585
if (s == NULL)
1586
goto end;
1587
1588
s->next = SigInit(de_ctx, sig5);
1589
s = s->next;
1590
if (s == NULL)
1591
goto end;
1592
1593
s->next = SigInit(de_ctx, sig6);
1594
s = s->next;
1595
if (s == NULL)
1596
goto end;
1597
1598
s->next = SigInit(de_ctx, sig7);
1599
s = s->next;
1600
if (s == NULL)
1601
goto end;
1602
1603
s->next = SigInit(de_ctx, sig8);
1604
s = s->next;
1605
if (s == NULL)
1606
goto end;
1607
1608
1609
SigGroupBuild(de_ctx);
1610
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
1611
1612
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
1613
if (r != 0) {
1614
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1615
result = 0;
1616
goto end;
1617
}
1618
/* detection phase */
1619
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
1620
if ((PacketAlertCheck(&p[0], 1))) {
1621
printf("sid 1 matched but shouldn't have for packet 0: ");
1622
goto end;
1623
}
1624
if ((PacketAlertCheck(&p[0], 2))) {
1625
printf("sid 2 matched but shouldn't have for packet 0: ");
1626
goto end;
1627
}
1628
if ((PacketAlertCheck(&p[0], 3))) {
1629
printf("sid 3 matched but shouldn't have for packet 0: ");
1630
goto end;
1631
}
1632
if ((PacketAlertCheck(&p[0], 4))) {
1633
printf("sid 4 matched but shouldn't have for packet 0: ");
1634
goto end;
1635
}
1636
if ((PacketAlertCheck(&p[0], 5))) {
1637
printf("sid 5 matched but shouldn't have for packet 0: ");
1638
goto end;
1639
}
1640
if ((PacketAlertCheck(&p[0], 6))) {
1641
printf("sid 6 matched but shouldn't have for packet 0: ");
1642
goto end;
1643
}
1644
if ((PacketAlertCheck(&p[0], 7))) {
1645
printf("sid 7 matched but shouldn't have for packet 0: ");
1646
goto end;
1647
}
1648
if ((PacketAlertCheck(&p[0], 8))) {
1649
printf("sid 8 matched but shouldn't have for packet 0: ");
1650
goto end;
1651
}
1652
1653
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
1654
if (r != 0) {
1655
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1656
result = 0;
1657
goto end;
1658
}
1659
/* detection phase */
1660
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
1661
if ((PacketAlertCheck(&p[1], 1))) {
1662
printf("sid 1 matched but shouldn't have for packet 1: ");
1663
goto end;
1664
}
1665
if ((PacketAlertCheck(&p[1], 2))) {
1666
printf("sid 2 matched but shouldn't have for packet 1: ");
1667
goto end;
1668
}
1669
if ((PacketAlertCheck(&p[1], 3))) {
1670
printf("sid 3 matched but shouldn't have for packet 1: ");
1671
goto end;
1672
}
1673
if ((PacketAlertCheck(&p[1], 4))) {
1674
printf("sid 4 matched but shouldn't have for packet 1: ");
1675
goto end;
1676
}
1677
if ((PacketAlertCheck(&p[1], 5))) {
1678
printf("sid 5 matched but shouldn't have for packet 1: ");
1679
goto end;
1680
}
1681
if ((PacketAlertCheck(&p[1], 6))) {
1682
printf("sid 6 matched but shouldn't have for packet 1: ");
1683
goto end;
1684
}
1685
if ((PacketAlertCheck(&p[1], 7))) {
1686
printf("sid 7 matched but shouldn't have for packet 1: ");
1687
goto end;
1688
}
1689
if ((PacketAlertCheck(&p[1], 8))) {
1690
printf("sid 8 matched but shouldn't have for packet 1: ");
1691
goto end;
1692
}
1693
1694
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
1695
if (r != 0) {
1696
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1697
result = 0;
1698
goto end;
1699
}
1700
/* detection phase */
1701
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
1702
if ((PacketAlertCheck(&p[2], 1))) {
1703
printf("sid 1 matched but shouldn't have for packet 2: ");
1704
goto end;
1705
}
1706
if ((PacketAlertCheck(&p[2], 2))) {
1707
printf("sid 2 matched but shouldn't have for packet 2: ");
1708
goto end;
1709
}
1710
if ((PacketAlertCheck(&p[2], 3))) {
1711
printf("sid 3 matched but shouldn't have for packet 2: ");
1712
goto end;
1713
}
1714
if ((PacketAlertCheck(&p[2], 4))) {
1715
printf("sid 4 matched but shouldn't have for packet 2: ");
1716
goto end;
1717
}
1718
if ((PacketAlertCheck(&p[2], 5))) {
1719
printf("sid 5 matched but shouldn't have for packet 2: ");
1720
goto end;
1721
}
1722
if ((PacketAlertCheck(&p[2], 6))) {
1723
printf("sid 6 matched but shouldn't have for packet 2: ");
1724
goto end;
1725
}
1726
if ((PacketAlertCheck(&p[2], 7))) {
1727
printf("sid 7 matched but shouldn't have for packet 2: ");
1728
goto end;
1729
}
1730
if ((PacketAlertCheck(&p[2], 8))) {
1731
printf("sid 8 matched but shouldn't have for packet 2: ");
1732
goto end;
1733
}
1734
1735
SCLogDebug("sending request 2");
1736
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
1737
if (r != 0) {
1738
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1739
result = 0;
1740
goto end;
1741
}
1742
/* detection phase */
1743
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
1744
if (!(PacketAlertCheck(&p[3], 1))) {
1745
printf("sid 1 didn't match but should have for packet 3: ");
1746
goto end;
1747
}
1748
if ((PacketAlertCheck(&p[3], 2))) {
1749
printf("sid 2 matched but shouldn't have for packet 3: ");
1750
goto end;
1751
}
1752
if ((PacketAlertCheck(&p[3], 3))) {
1753
printf("sid 3 matched but shouldn't have for packet 3: ");
1754
goto end;
1755
}
1756
if ((PacketAlertCheck(&p[3], 4))) {
1757
printf("sid 4 matched but shouldn't have for packet 3: ");
1758
goto end;
1759
}
1760
if ((PacketAlertCheck(&p[3], 5))) {
1761
printf("sid 5 matched but shouldn't have for packet 3: ");
1762
goto end;
1763
}
1764
if ((PacketAlertCheck(&p[3], 6))) {
1765
printf("sid 6 matched but shouldn't have for packet 3: ");
1766
goto end;
1767
}
1768
if ((PacketAlertCheck(&p[3], 7))) {
1769
printf("sid 7 matched but shouldn't have for packet 3: ");
1770
goto end;
1771
}
1772
if ((PacketAlertCheck(&p[3], 8))) {
1773
printf("sid 8 matched but shouldn't have for packet 3: ");
1774
goto end;
1775
}
1776
1777
SCLogDebug("sending request 3");
1778
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len);
1779
if (r != 0) {
1780
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1781
result = 0;
1782
goto end;
1783
}
1784
/* detection phase */
1785
SCLogDebug("inspecting packet 4");
1786
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[4]);
1787
if ((PacketAlertCheck(&p[4], 1))) {
1788
printf("sid 1 matched but shouldn't have for packet 4: ");
1789
goto end;
1790
}
1791
if (!(PacketAlertCheck(&p[4], 2))) {
1792
printf("sid 2 didn't match but should have for packet 4: ");
1793
goto end;
1794
}
1795
if ((PacketAlertCheck(&p[4], 3))) {
1796
printf("sid 3 matched but shouldn't have for packet 4: ");
1797
goto end;
1798
}
1799
if ((PacketAlertCheck(&p[4], 4))) {
1800
printf("sid 4 matched but shouldn't have for packet 4: ");
1801
goto end;
1802
}
1803
if ((PacketAlertCheck(&p[4], 5))) {
1804
printf("sid 5 matched but shouldn't have for packet 4: ");
1805
goto end;
1806
}
1807
if ((PacketAlertCheck(&p[4], 6))) {
1808
printf("sid 6 matched but shouldn't have for packet 4: ");
1809
goto end;
1810
}
1811
if ((PacketAlertCheck(&p[4], 7))) {
1812
printf("sid 7 matched but shouldn't have for packet 4: ");
1813
goto end;
1814
}
1815
if ((PacketAlertCheck(&p[4], 8))) {
1816
printf("sid 8 matched but shouldn't have for packet 4: ");
1817
goto end;
1818
}
1819
1820
SCLogDebug("sending request 4");
1821
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request4, request4_len);
1822
if (r != 0) {
1823
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1824
result = 0;
1825
goto end;
1826
}
1827
/* detection phase */
1828
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[5]);
1829
if ((PacketAlertCheck(&p[5], 1))) {
1830
printf("sid 1 matched but shouldn't have for packet 5: ");
1831
goto end;
1832
}
1833
if ((PacketAlertCheck(&p[5], 2))) {
1834
printf("sid 2 matched but shouldn't have for packet 5: ");
1835
goto end;
1836
}
1837
if (!(PacketAlertCheck(&p[5], 3))) {
1838
printf("sid 3 didn't match but should have packet 5: ");
1839
goto end;
1840
}
1841
if ((PacketAlertCheck(&p[5], 4))) {
1842
printf("sid 4 matched but shouldn't have for packet 5: ");
1843
goto end;
1844
}
1845
if ((PacketAlertCheck(&p[5], 5))) {
1846
printf("sid 5 matched but shouldn't have for packet 5: ");
1847
goto end;
1848
}
1849
if ((PacketAlertCheck(&p[5], 6))) {
1850
printf("sid 6 matched but shouldn't have for packet 5: ");
1851
goto end;
1852
}
1853
if ((PacketAlertCheck(&p[5], 7))) {
1854
printf("sid 7 matched but shouldn't have for packet 5: ");
1855
goto end;
1856
}
1857
if ((PacketAlertCheck(&p[5], 8))) {
1858
printf("sid 8 matched but shouldn't have for packet 5: ");
1859
goto end;
1860
}
1861
1862
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request5, request5_len);
1863
if (r != 0) {
1864
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1865
result = 0;
1866
goto end;
1867
}
1868
/* detection phase */
1869
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[6]);
1870
if ((PacketAlertCheck(&p[6], 1))) {
1871
printf("sid 1 matched but shouldn't have for packet 6: ");
1872
goto end;
1873
}
1874
if ((PacketAlertCheck(&p[6], 2))) {
1875
printf("sid 2 matched but shouldn't have for packet 6: ");
1876
goto end;
1877
}
1878
if ((PacketAlertCheck(&p[6], 3))) {
1879
printf("sid 3 matched but shouldn't have for packet 6: ");
1880
goto end;
1881
}
1882
if (!(PacketAlertCheck(&p[6], 4))) {
1883
printf("sid 4 didn't match but should have packet 6: ");
1884
goto end;
1885
}
1886
if ((PacketAlertCheck(&p[6], 5))) {
1887
printf("sid 5 matched but shouldn't have for packet 6: ");
1888
goto end;
1889
}
1890
if ((PacketAlertCheck(&p[6], 6))) {
1891
printf("sid 6 matched but shouldn't have for packet 6: ");
1892
goto end;
1893
}
1894
if ((PacketAlertCheck(&p[6], 7))) {
1895
printf("sid 7 matched but shouldn't have for packet 6: ");
1896
goto end;
1897
}
1898
if ((PacketAlertCheck(&p[6], 8))) {
1899
printf("sid 8 matched but shouldn't have for packet 6: ");
1900
goto end;
1901
}
1902
1903
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request6, request6_len);
1904
if (r != 0) {
1905
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1906
result = 0;
1907
goto end;
1908
}
1909
/* detection phase */
1910
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[7]);
1911
if ((PacketAlertCheck(&p[7], 1))) {
1912
printf("sid 1 matched but shouldn't have for packet 7: ");
1913
goto end;
1914
}
1915
if ((PacketAlertCheck(&p[7], 2))) {
1916
printf("sid 2 matched but shouldn't have for packet 7: ");
1917
goto end;
1918
}
1919
if ((PacketAlertCheck(&p[7], 3))) {
1920
printf("sid 3 matched but shouldn't have for packet 7: ");
1921
goto end;
1922
}
1923
if ((PacketAlertCheck(&p[7], 4))) {
1924
printf("sid 4 matched but shouldn't have for packet 7: ");
1925
goto end;
1926
}
1927
if (!(PacketAlertCheck(&p[7], 5))) {
1928
printf("sid 5 didn't match but should have paket 7: ");
1929
goto end;
1930
}
1931
if ((PacketAlertCheck(&p[7], 6))) {
1932
printf("sid 6 matched but shouldn't have for packet 7: ");
1933
goto end;
1934
}
1935
if ((PacketAlertCheck(&p[7], 7))) {
1936
printf("sid 7 matched but shouldn't have for packet 7: ");
1937
goto end;
1938
}
1939
if ((PacketAlertCheck(&p[7], 8))) {
1940
printf("sid 8 matched but shouldn't have for packet 7: ");
1941
goto end;
1942
}
1943
1944
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request7, request7_len);
1945
if (r != 0) {
1946
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1947
result = 0;
1948
goto end;
1949
}
1950
/* detection phase */
1951
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[8]);
1952
if ((PacketAlertCheck(&p[8], 1))) {
1953
printf("sid 1 matched but shouldn't have for packet 8: ");
1954
goto end;
1955
}
1956
if ((PacketAlertCheck(&p[8], 2))) {
1957
printf("sid 2 matched but shouldn't have for packet 8: ");
1958
goto end;
1959
}
1960
if ((PacketAlertCheck(&p[8], 3))) {
1961
printf("sid 3 matched but shouldn't have for packet 8: ");
1962
goto end;
1963
}
1964
if ((PacketAlertCheck(&p[8], 4))) {
1965
printf("sid 4 matched but shouldn't have for packet 8: ");
1966
goto end;
1967
}
1968
if ((PacketAlertCheck(&p[8], 5))) {
1969
printf("sid 5 matched but shouldn't have for packet 8: ");
1970
goto end;
1971
}
1972
if (!(PacketAlertCheck(&p[8], 6))) {
1973
printf("sid 6 didn't match but should have paket 8: ");
1974
goto end;
1975
}
1976
if ((PacketAlertCheck(&p[8], 7))) {
1977
printf("sid 7 matched but shouldn't have for packet 8: ");
1978
goto end;
1979
}
1980
if ((PacketAlertCheck(&p[8], 8))) {
1981
printf("sid 8 matched but shouldn't have for packet 8: ");
1982
goto end;
1983
}
1984
1985
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request8, request8_len);
1986
if (r != 0) {
1987
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
1988
result = 0;
1989
goto end;
1990
}
1991
/* detection phase */
1992
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[9]);
1993
if ((PacketAlertCheck(&p[9], 1))) {
1994
printf("sid 1 matched but shouldn't have for packet 9: ");
1995
goto end;
1996
}
1997
if ((PacketAlertCheck(&p[9], 2))) {
1998
printf("sid 2 matched but shouldn't have for packet 9: ");
1999
goto end;
2000
}
2001
if ((PacketAlertCheck(&p[9], 3))) {
2002
printf("sid 3 matched but shouldn't have for packet 9: ");
2003
goto end;
2004
}
2005
if ((PacketAlertCheck(&p[9], 4))) {
2006
printf("sid 4 matched but shouldn't have for packet 9: ");
2007
goto end;
2008
}
2009
if ((PacketAlertCheck(&p[9], 5))) {
2010
printf("sid 5 matched but shouldn't have for packet 9: ");
2011
goto end;
2012
}
2013
if ((PacketAlertCheck(&p[9], 6))) {
2014
printf("sid 6 matched but shouldn't have for packet 9: ");
2015
goto end;
2016
}
2017
if (!(PacketAlertCheck(&p[9], 7))) {
2018
printf("sid 7 didn't match but should have for packet 9: ");
2019
goto end;
2020
}
2021
if ((PacketAlertCheck(&p[9], 8))) {
2022
printf("sid 8 matched but shouldn't have for packet 9: ");
2023
goto end;
2024
}
2025
2026
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request9, request9_len);
2027
if (r != 0) {
2028
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2029
result = 0;
2030
goto end;
2031
}
2032
/* detection phase */
2033
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[10]);
2034
if ((PacketAlertCheck(&p[10], 1))) {
2035
printf("sid 1 matched but shouldn't have for packet 10: ");
2036
goto end;
2037
}
2038
if ((PacketAlertCheck(&p[10], 2))) {
2039
printf("sid 2 matched but shouldn't have for packet 10: ");
2040
goto end;
2041
}
2042
if ((PacketAlertCheck(&p[10], 3))) {
2043
printf("sid 3 matched but shouldn't have for packet 10: ");
2044
goto end;
2045
}
2046
if ((PacketAlertCheck(&p[10], 4))) {
2047
printf("sid 4 matched but shouldn't have for packet 10: ");
2048
goto end;
2049
}
2050
if ((PacketAlertCheck(&p[10], 5))) {
2051
printf("sid 5 matched but shouldn't have for packet 10: ");
2052
goto end;
2053
}
2054
if ((PacketAlertCheck(&p[10], 6))) {
2055
printf("sid 6 matched but shouldn't have for packet 10: ");
2056
goto end;
2057
}
2058
if ((PacketAlertCheck(&p[10], 7))) {
2059
printf("sid 7 matched but shouldn't have for packet 10: ");
2060
goto end;
2061
}
2062
if (!(PacketAlertCheck(&p[10], 8))) {
2063
printf("sid 8 didn't match but should have for paket 10: ");
2064
goto end;
2065
}
2066
2067
result = 1;
2068
2069
end:
2070
if (de_ctx != NULL) {
2071
SigGroupCleanup(de_ctx);
2072
SigCleanSignatures(de_ctx);
2073
2074
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
2075
DetectEngineCtxFree(de_ctx);
2076
}
2077
2078
FlowL7DataPtrFree(&f);
2079
StreamTcpFreeConfig(TRUE);
2080
2081
return result;
2082
}
2083
2084
/**
2085
* \test Test the working of detection engien with respect to dce keywords.
2086
*/
2087
int DcePayloadTest02(void)
2088
{
2089
int result = 0;
2090
uint8_t bind[] = {
2091
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
2092
0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2093
0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00,
2094
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
2095
0x6a, 0x28, 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11,
2096
0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
2097
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2098
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2099
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
2100
};
2101
uint32_t bind_len = sizeof(bind);
2102
2103
uint8_t bind_ack[] = {
2104
0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00,
2105
0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2106
0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
2107
0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c,
2108
0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0x00, 0x00,
2109
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2110
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2111
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2112
0x02, 0x00, 0x00, 0x00
2113
};
2114
uint32_t bind_ack_len = sizeof(bind_ack);
2115
2116
uint8_t request1[] = {
2117
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
2118
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2119
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
2120
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2121
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
2122
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
2123
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
2124
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
2125
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
2126
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
2127
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
2128
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
2129
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
2130
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
2131
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
2132
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
2133
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
2134
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
2135
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
2136
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
2137
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
2138
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
2139
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
2140
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
2141
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
2142
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
2143
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
2144
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
2145
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
2146
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
2147
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
2148
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
2149
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
2150
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
2151
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
2152
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
2153
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
2154
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
2155
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
2156
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
2157
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
2158
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
2159
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
2160
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
2161
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
2162
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
2163
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
2164
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
2165
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
2166
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
2167
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
2168
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
2169
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
2170
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
2171
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
2172
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
2173
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
2174
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
2175
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
2176
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
2177
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
2178
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
2179
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
2180
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
2181
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
2182
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
2183
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
2184
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
2185
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
2186
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
2187
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
2188
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
2189
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
2190
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
2191
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
2192
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
2193
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
2194
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
2195
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
2196
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
2197
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
2198
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
2199
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
2200
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
2201
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
2202
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
2203
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
2204
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
2205
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
2206
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
2207
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
2208
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
2209
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
2210
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
2211
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
2212
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
2213
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
2214
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
2215
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
2216
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
2217
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
2218
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
2219
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
2220
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
2221
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
2222
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
2223
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
2224
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
2225
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
2226
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
2227
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
2228
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
2229
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
2230
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
2231
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
2232
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
2233
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
2234
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
2235
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
2236
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
2237
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
2238
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
2239
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
2240
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
2241
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
2242
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
2243
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
2244
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
2245
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
2246
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
2247
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
2248
};
2249
uint32_t request1_len = sizeof(request1);
2250
2251
uint8_t request2[] = {
2252
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
2253
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2254
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
2255
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
2256
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
2257
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
2258
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
2259
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
2260
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
2261
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
2262
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
2263
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
2264
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
2265
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
2266
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
2267
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
2268
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
2269
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
2270
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
2271
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
2272
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
2273
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
2274
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
2275
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
2276
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
2277
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
2278
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
2279
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
2280
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
2281
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
2282
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
2283
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
2284
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
2285
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
2286
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
2287
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
2288
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
2289
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
2290
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
2291
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
2292
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
2293
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
2294
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
2295
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
2296
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
2297
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
2298
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
2299
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
2300
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
2301
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
2302
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
2303
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
2304
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
2305
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
2306
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
2307
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
2308
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
2309
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
2310
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
2311
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
2312
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
2313
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
2314
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
2315
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
2316
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
2317
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
2318
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
2319
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
2320
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
2321
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
2322
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
2323
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
2324
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
2325
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
2326
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
2327
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
2328
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
2329
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
2330
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
2331
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
2332
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
2333
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
2334
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
2335
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
2336
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
2337
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
2338
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
2339
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
2340
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
2341
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
2342
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
2343
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
2344
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
2345
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
2346
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
2347
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
2348
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
2349
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
2350
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
2351
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
2352
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
2353
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
2354
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
2355
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
2356
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
2357
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
2358
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
2359
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
2360
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
2361
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
2362
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
2363
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
2364
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
2365
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
2366
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
2367
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
2368
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
2369
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
2370
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
2371
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
2372
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
2373
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
2374
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
2375
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
2376
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
2377
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
2378
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
2379
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
2380
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
2381
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
2382
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
2383
};
2384
uint32_t request2_len = sizeof(request2);
2385
2386
2387
TcpSession ssn;
2388
Packet p[4];
2389
ThreadVars tv;
2390
DetectEngineCtx *de_ctx = NULL;
2391
DetectEngineThreadCtx *det_ctx = NULL;
2392
Flow f;
2393
int r;
2394
int i = 0;
2395
2396
char *sig1 = "alert tcp any any -> any any "
2397
"(dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
2398
"sid:1;)";
2399
char *sig2 = "alert tcp any any -> any any (dce_stub_data; "
2400
"content:|2d 5e 63 2a 4c|; sid:2;)";
2401
2402
Signature *s;
2403
2404
memset(&tv, 0, sizeof(ThreadVars));
2405
memset(&f, 0, sizeof(Flow));
2406
memset(&ssn, 0, sizeof(TcpSession));
2407
2408
for (i = 0; i < 4; i++) {
2409
memset(&p[i], 0, sizeof(Packet));
2410
p[i].src.family = AF_INET;
2411
p[i].dst.family = AF_INET;
2412
p[i].payload = NULL;
2413
p[i].payload_len = 0;
2414
p[i].proto = IPPROTO_TCP;
2415
p[i].flow = &f;
2416
p[i].flowflags |= FLOW_PKT_TOSERVER;
2417
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
2418
}
2419
p[1].flowflags |= FLOW_PKT_TOCLIENT;
2420
p[1].flowflags &=~ FLOW_PKT_TOSERVER;
2421
2422
FLOW_INITIALIZE(&f);
2423
f.protoctx = (void *)&ssn;
2424
f.src.family = AF_INET;
2425
f.dst.family = AF_INET;
2426
f.alproto = ALPROTO_DCERPC;
2427
2428
StreamTcpInitConfig(TRUE);
2429
FlowL7DataPtrInit(&f);
2430
2431
de_ctx = DetectEngineCtxInit();
2432
if (de_ctx == NULL)
2433
goto end;
2434
de_ctx->flags |= DE_QUIET;
2435
2436
de_ctx->sig_list = SigInit(de_ctx, sig1);
2437
s = de_ctx->sig_list;
2438
if (s == NULL)
2439
goto end;
2440
2441
s->next = SigInit(de_ctx, sig2);
2442
s = s->next;
2443
if (s == NULL)
2444
goto end;
2445
2446
SigGroupBuild(de_ctx);
2447
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
2448
2449
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
2450
if (r != 0) {
2451
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2452
result = 0;
2453
goto end;
2454
}
2455
/* detection phase */
2456
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
2457
if (!(PacketAlertCheck(&p[0], 1))) {
2458
printf("sid 1 didn't match but should have for packet 0: ");
2459
goto end;
2460
}
2461
if ((PacketAlertCheck(&p[0], 2))) {
2462
printf("sid 2 matched but shouldn't have for packet 0: ");
2463
goto end;
2464
}
2465
2466
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
2467
if (r != 0) {
2468
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2469
result = 0;
2470
goto end;
2471
}
2472
/* detection phase */
2473
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
2474
if ((PacketAlertCheck(&p[1], 1))) {
2475
printf("sid 1 matched but shouldn't have for packet 1: ");
2476
goto end;
2477
}
2478
if ((PacketAlertCheck(&p[1], 2))) {
2479
printf("sid 2 matched but shouldn't have for packet 1: ");
2480
goto end;
2481
}
2482
2483
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
2484
if (r != 0) {
2485
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2486
result = 0;
2487
goto end;
2488
}
2489
/* detection phase */
2490
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
2491
if (!(PacketAlertCheck(&p[2], 1))) {
2492
printf("sid 1 didn't match but should have for packet 2: ");
2493
goto end;
2494
}
2495
if ((PacketAlertCheck(&p[2], 2))) {
2496
printf("sid 2 matched but shouldn't have for packet 2: ");
2497
goto end;
2498
}
2499
2500
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
2501
if (r != 0) {
2502
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2503
result = 0;
2504
goto end;
2505
}
2506
/* detection phase */
2507
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
2508
if ((PacketAlertCheck(&p[3], 1))) {
2509
printf("sid 1 matched but shouldn't have for packet 3: ");
2510
goto end;
2511
}
2512
if (!(PacketAlertCheck(&p[3], 2))) {
2513
printf("sid 2 didn't match but should have for packet 3: ");
2514
goto end;
2515
}
2516
2517
result = 1;
2518
2519
end:
2520
if (de_ctx != NULL) {
2521
SigGroupCleanup(de_ctx);
2522
SigCleanSignatures(de_ctx);
2523
2524
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
2525
DetectEngineCtxFree(de_ctx);
2526
}
2527
2528
FlowL7DataPtrFree(&f);
2529
StreamTcpFreeConfig(TRUE);
2530
2531
return result;
2532
}
2533
2534
/**
2535
* \test Test the working of detection engien with respect to dce keywords.
2536
*/
2537
int DcePayloadTest03(void)
2538
{
2539
int result = 0;
2540
uint8_t bind[] = {
2541
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
2542
0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2543
0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00,
2544
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
2545
0x6a, 0x28, 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11,
2546
0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
2547
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2548
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2549
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
2550
};
2551
uint32_t bind_len = sizeof(bind);
2552
2553
uint8_t bind_ack[] = {
2554
0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00,
2555
0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2556
0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
2557
0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c,
2558
0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0x00, 0x00,
2559
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2560
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
2561
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
2562
0x02, 0x00, 0x00, 0x00
2563
};
2564
uint32_t bind_ack_len = sizeof(bind_ack);
2565
2566
uint8_t request1[] = {
2567
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
2568
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2569
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
2570
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2571
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
2572
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
2573
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
2574
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
2575
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
2576
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
2577
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
2578
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
2579
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
2580
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
2581
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
2582
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
2583
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
2584
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
2585
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
2586
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
2587
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
2588
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
2589
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
2590
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
2591
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
2592
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
2593
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
2594
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
2595
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
2596
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
2597
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
2598
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
2599
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
2600
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
2601
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
2602
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
2603
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
2604
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
2605
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
2606
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
2607
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
2608
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
2609
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
2610
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
2611
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
2612
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
2613
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
2614
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
2615
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
2616
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
2617
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
2618
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
2619
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
2620
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
2621
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
2622
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
2623
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
2624
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
2625
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
2626
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
2627
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
2628
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
2629
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
2630
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
2631
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
2632
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
2633
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
2634
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
2635
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
2636
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
2637
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
2638
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
2639
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
2640
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
2641
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
2642
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
2643
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
2644
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
2645
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
2646
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
2647
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
2648
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
2649
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
2650
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
2651
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
2652
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
2653
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
2654
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
2655
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
2656
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
2657
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
2658
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
2659
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
2660
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
2661
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
2662
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
2663
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
2664
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
2665
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
2666
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
2667
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
2668
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
2669
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
2670
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
2671
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
2672
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
2673
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
2674
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
2675
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
2676
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
2677
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
2678
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
2679
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
2680
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
2681
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
2682
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
2683
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
2684
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
2685
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
2686
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
2687
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
2688
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
2689
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
2690
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
2691
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
2692
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
2693
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
2694
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
2695
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
2696
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
2697
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
2698
};
2699
uint32_t request1_len = sizeof(request1);
2700
2701
uint8_t request2[] = {
2702
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
2703
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2704
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
2705
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
2706
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
2707
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
2708
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
2709
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
2710
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
2711
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
2712
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
2713
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
2714
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
2715
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
2716
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
2717
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
2718
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
2719
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
2720
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
2721
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
2722
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
2723
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
2724
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
2725
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
2726
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
2727
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
2728
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
2729
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
2730
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
2731
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
2732
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
2733
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
2734
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
2735
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
2736
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
2737
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
2738
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
2739
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
2740
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
2741
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
2742
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
2743
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
2744
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
2745
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
2746
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
2747
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
2748
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
2749
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
2750
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
2751
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
2752
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
2753
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
2754
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
2755
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
2756
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
2757
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
2758
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
2759
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
2760
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
2761
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
2762
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
2763
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
2764
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
2765
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
2766
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
2767
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
2768
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
2769
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
2770
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
2771
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
2772
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
2773
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
2774
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
2775
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
2776
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
2777
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
2778
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
2779
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
2780
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
2781
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
2782
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
2783
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
2784
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
2785
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
2786
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
2787
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
2788
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
2789
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
2790
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
2791
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
2792
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
2793
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
2794
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
2795
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
2796
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
2797
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
2798
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
2799
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
2800
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
2801
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
2802
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
2803
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
2804
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
2805
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
2806
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
2807
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
2808
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
2809
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
2810
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
2811
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
2812
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
2813
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
2814
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
2815
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
2816
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
2817
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
2818
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
2819
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
2820
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
2821
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
2822
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
2823
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
2824
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
2825
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
2826
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
2827
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
2828
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
2829
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
2830
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
2831
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
2832
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
2833
};
2834
uint32_t request2_len = sizeof(request2);
2835
2836
2837
TcpSession ssn;
2838
Packet p[4];
2839
ThreadVars tv;
2840
DetectEngineCtx *de_ctx = NULL;
2841
DetectEngineThreadCtx *det_ctx = NULL;
2842
Flow f;
2843
int r;
2844
int i = 0;
2845
2846
char *sig1 = "alert tcp any any -> any any "
2847
"(dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef4; "
2848
"sid:1;)";
2849
char *sig2 = "alert tcp any any -> any any (dce_stub_data; "
2850
"content:|2d 5e 63 2a 4c|; sid:2;)";
2851
2852
Signature *s;
2853
2854
memset(&tv, 0, sizeof(ThreadVars));
2855
memset(&f, 0, sizeof(Flow));
2856
memset(&ssn, 0, sizeof(TcpSession));
2857
2858
for (i = 0; i < 4; i++) {
2859
memset(&p[i], 0, sizeof(Packet));
2860
p[i].src.family = AF_INET;
2861
p[i].dst.family = AF_INET;
2862
p[i].payload = NULL;
2863
p[i].payload_len = 0;
2864
p[i].proto = IPPROTO_TCP;
2865
p[i].flow = &f;
2866
p[i].flowflags |= FLOW_PKT_TOSERVER;
2867
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
2868
}
2869
p[1].flowflags |= FLOW_PKT_TOCLIENT;
2870
2871
FLOW_INITIALIZE(&f);
2872
f.protoctx = (void *)&ssn;
2873
f.src.family = AF_INET;
2874
f.dst.family = AF_INET;
2875
f.alproto = ALPROTO_DCERPC;
2876
2877
StreamTcpInitConfig(TRUE);
2878
FlowL7DataPtrInit(&f);
2879
2880
de_ctx = DetectEngineCtxInit();
2881
if (de_ctx == NULL)
2882
goto end;
2883
de_ctx->flags |= DE_QUIET;
2884
2885
de_ctx->sig_list = SigInit(de_ctx, sig1);
2886
s = de_ctx->sig_list;
2887
if (s == NULL)
2888
goto end;
2889
2890
s->next = SigInit(de_ctx, sig2);
2891
s = s->next;
2892
if (s == NULL)
2893
goto end;
2894
2895
SigGroupBuild(de_ctx);
2896
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
2897
2898
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
2899
if (r != 0) {
2900
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2901
result = 0;
2902
goto end;
2903
}
2904
/* detection phase */
2905
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
2906
if ((PacketAlertCheck(&p[0], 1))) {
2907
printf("sid 1 matched but shouldn't have for packet 0: ");
2908
goto end;
2909
}
2910
if ((PacketAlertCheck(&p[0], 2))) {
2911
printf("sid 2 matched but shouldn't have for packet 0: ");
2912
goto end;
2913
}
2914
2915
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
2916
if (r != 0) {
2917
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2918
result = 0;
2919
goto end;
2920
}
2921
/* detection phase */
2922
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
2923
if ((PacketAlertCheck(&p[1], 1))) {
2924
printf("sid 1 matched but shouldn't have for packet 1: ");
2925
goto end;
2926
}
2927
if ((PacketAlertCheck(&p[1], 2))) {
2928
printf("sid 2 matched but shouldn't have for packet 1: ");
2929
goto end;
2930
}
2931
2932
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
2933
if (r != 0) {
2934
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2935
result = 0;
2936
goto end;
2937
}
2938
/* detection phase */
2939
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
2940
if ((PacketAlertCheck(&p[2], 1))) {
2941
printf("sid 1 matched but shouldn't have for packet 2: ");
2942
goto end;
2943
}
2944
if ((PacketAlertCheck(&p[2], 2))) {
2945
printf("sid 2 matched but shouldn't have for packet 2: ");
2946
goto end;
2947
}
2948
2949
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
2950
if (r != 0) {
2951
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
2952
result = 0;
2953
goto end;
2954
}
2955
/* detection phase */
2956
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
2957
if ((PacketAlertCheck(&p[3], 1))) {
2958
printf("sid 1 matched but shouldn't have for packet 3: ");
2959
goto end;
2960
}
2961
if (!(PacketAlertCheck(&p[3], 2))) {
2962
printf("sid 2 didn't match but should have for packet 3: ");
2963
goto end;
2964
}
2965
2966
result = 1;
2967
2968
end:
2969
if (de_ctx != NULL) {
2970
SigGroupCleanup(de_ctx);
2971
SigCleanSignatures(de_ctx);
2972
2973
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
2974
DetectEngineCtxFree(de_ctx);
2975
}
2976
2977
FlowL7DataPtrFree(&f);
2978
StreamTcpFreeConfig(TRUE);
2979
2980
return result;
2981
}
2982
2983
/**
2984
* \test Test the working of detection engien with respect to dce keywords.
2985
*/
2986
int DcePayloadTest04(void)
2987
{
2988
int result = 0;
2989
uint8_t bind[] = {
2990
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
2991
0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2992
0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00,
2993
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
2994
0x6a, 0x28, 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11,
2995
0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
2996
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
2997
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
2998
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
2999
};
3000
uint32_t bind_len = sizeof(bind);
3001
3002
uint8_t bind_ack[] = {
3003
0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00,
3004
0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3005
0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
3006
0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c,
3007
0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0x00, 0x00,
3008
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3009
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
3010
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
3011
0x02, 0x00, 0x00, 0x00
3012
};
3013
uint32_t bind_ack_len = sizeof(bind_ack);
3014
3015
uint8_t request1[] = {
3016
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
3017
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3018
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
3019
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3020
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
3021
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
3022
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
3023
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
3024
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
3025
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
3026
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
3027
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
3028
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
3029
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
3030
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
3031
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
3032
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
3033
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
3034
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
3035
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
3036
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
3037
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
3038
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
3039
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
3040
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
3041
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
3042
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
3043
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
3044
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
3045
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
3046
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
3047
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
3048
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
3049
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
3050
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
3051
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
3052
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
3053
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
3054
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
3055
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
3056
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
3057
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
3058
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
3059
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
3060
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
3061
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
3062
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
3063
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
3064
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
3065
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
3066
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
3067
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
3068
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
3069
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
3070
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
3071
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
3072
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
3073
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
3074
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
3075
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
3076
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
3077
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
3078
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
3079
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
3080
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
3081
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
3082
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
3083
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
3084
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
3085
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
3086
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
3087
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
3088
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
3089
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
3090
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
3091
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
3092
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
3093
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
3094
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
3095
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
3096
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
3097
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
3098
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
3099
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
3100
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
3101
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
3102
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
3103
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
3104
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
3105
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
3106
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
3107
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
3108
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
3109
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
3110
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
3111
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
3112
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
3113
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
3114
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
3115
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
3116
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
3117
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
3118
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
3119
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
3120
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
3121
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
3122
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
3123
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
3124
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
3125
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
3126
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
3127
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
3128
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
3129
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
3130
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
3131
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
3132
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
3133
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
3134
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
3135
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
3136
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
3137
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
3138
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
3139
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
3140
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
3141
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
3142
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
3143
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
3144
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
3145
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
3146
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
3147
};
3148
uint32_t request1_len = sizeof(request1);
3149
3150
uint8_t request2[] = {
3151
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
3152
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3153
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
3154
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
3155
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
3156
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
3157
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
3158
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
3159
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
3160
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
3161
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
3162
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
3163
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
3164
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
3165
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
3166
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
3167
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
3168
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
3169
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
3170
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
3171
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
3172
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
3173
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
3174
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
3175
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
3176
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
3177
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
3178
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
3179
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
3180
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
3181
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
3182
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
3183
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
3184
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
3185
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
3186
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
3187
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
3188
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
3189
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
3190
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
3191
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
3192
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
3193
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
3194
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
3195
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
3196
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
3197
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
3198
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
3199
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
3200
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
3201
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
3202
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
3203
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
3204
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
3205
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
3206
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
3207
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
3208
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
3209
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
3210
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
3211
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
3212
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
3213
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
3214
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
3215
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
3216
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
3217
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
3218
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
3219
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
3220
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
3221
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
3222
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
3223
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
3224
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
3225
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
3226
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
3227
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
3228
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
3229
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
3230
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
3231
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
3232
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
3233
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
3234
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
3235
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
3236
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
3237
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
3238
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
3239
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
3240
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
3241
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
3242
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
3243
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
3244
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
3245
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
3246
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
3247
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
3248
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
3249
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
3250
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
3251
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
3252
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
3253
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
3254
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
3255
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
3256
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
3257
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
3258
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
3259
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
3260
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
3261
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
3262
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
3263
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
3264
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
3265
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
3266
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
3267
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
3268
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
3269
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
3270
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
3271
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
3272
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
3273
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
3274
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
3275
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
3276
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
3277
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
3278
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
3279
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
3280
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
3281
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
3282
};
3283
uint32_t request2_len = sizeof(request2);
3284
3285
3286
TcpSession ssn;
3287
Packet p[4];
3288
ThreadVars tv;
3289
DetectEngineCtx *de_ctx = NULL;
3290
DetectEngineThreadCtx *det_ctx = NULL;
3291
Flow f;
3292
int r;
3293
int i = 0;
3294
3295
char *sig1 = "alert tcp any any -> any any "
3296
"(dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
3297
"content:|91 27 27 40|; sid:1;)";
3298
char *sig2 = "alert tcp any any -> any any (dce_stub_data; "
3299
"content:|2d 5e 63 2a 4c|; sid:2;)";
3300
3301
Signature *s;
3302
3303
memset(&tv, 0, sizeof(ThreadVars));
3304
memset(&f, 0, sizeof(Flow));
3305
memset(&ssn, 0, sizeof(TcpSession));
3306
3307
for (i = 0; i < 4; i++) {
3308
memset(&p[i], 0, sizeof(Packet));
3309
p[i].src.family = AF_INET;
3310
p[i].dst.family = AF_INET;
3311
p[i].payload = NULL;
3312
p[i].payload_len = 0;
3313
p[i].proto = IPPROTO_TCP;
3314
p[i].flow = &f;
3315
p[i].flowflags |= FLOW_PKT_TOSERVER;
3316
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
3317
}
3318
p[1].flowflags |= FLOW_PKT_TOCLIENT;
3319
3320
FLOW_INITIALIZE(&f);
3321
f.protoctx = (void *)&ssn;
3322
f.src.family = AF_INET;
3323
f.dst.family = AF_INET;
3324
f.alproto = ALPROTO_DCERPC;
3325
3326
StreamTcpInitConfig(TRUE);
3327
FlowL7DataPtrInit(&f);
3328
3329
de_ctx = DetectEngineCtxInit();
3330
if (de_ctx == NULL)
3331
goto end;
3332
de_ctx->flags |= DE_QUIET;
3333
3334
de_ctx->sig_list = SigInit(de_ctx, sig1);
3335
s = de_ctx->sig_list;
3336
if (s == NULL)
3337
goto end;
3338
3339
s->next = SigInit(de_ctx, sig2);
3340
s = s->next;
3341
if (s == NULL)
3342
goto end;
3343
3344
SigGroupBuild(de_ctx);
3345
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
3346
3347
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
3348
if (r != 0) {
3349
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
3350
result = 0;
3351
goto end;
3352
}
3353
/* detection phase */
3354
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
3355
if ((PacketAlertCheck(&p[0], 1))) {
3356
printf("sid 1 matched but shouldn't have for packet 0: ");
3357
goto end;
3358
}
3359
if ((PacketAlertCheck(&p[0], 2))) {
3360
printf("sid 2 matched but shouldn't have for packet 0: ");
3361
goto end;
3362
}
3363
3364
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
3365
if (r != 0) {
3366
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
3367
result = 0;
3368
goto end;
3369
}
3370
/* detection phase */
3371
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
3372
if ((PacketAlertCheck(&p[1], 1))) {
3373
printf("sid 1 matched but shouldn't have for packet 1: ");
3374
goto end;
3375
}
3376
if ((PacketAlertCheck(&p[1], 2))) {
3377
printf("sid 2 matched but shouldn't have for packet 1: ");
3378
goto end;
3379
}
3380
3381
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
3382
if (r != 0) {
3383
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
3384
result = 0;
3385
goto end;
3386
}
3387
/* detection phase */
3388
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
3389
if (!(PacketAlertCheck(&p[2], 1))) {
3390
printf("sid 1 didn't match but should have for packet 2: ");
3391
goto end;
3392
}
3393
if ((PacketAlertCheck(&p[2], 2))) {
3394
printf("sid 2 matched but shouldn't have for packet 2: ");
3395
goto end;
3396
}
3397
3398
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
3399
if (r != 0) {
3400
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
3401
result = 0;
3402
goto end;
3403
}
3404
/* detection phase */
3405
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
3406
if ((PacketAlertCheck(&p[3], 1))) {
3407
printf("sid 1 matched but shouldn't have for packet 3: ");
3408
goto end;
3409
}
3410
if (!(PacketAlertCheck(&p[3], 2))) {
3411
printf("sid 2 didn't match but should have for packet 3: ");
3412
goto end;
3413
}
3414
3415
result = 1;
3416
3417
end:
3418
if (de_ctx != NULL) {
3419
SigGroupCleanup(de_ctx);
3420
SigCleanSignatures(de_ctx);
3421
3422
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
3423
DetectEngineCtxFree(de_ctx);
3424
}
3425
3426
FlowL7DataPtrFree(&f);
3427
StreamTcpFreeConfig(TRUE);
3428
3429
return result;
3430
}
3431
3432
/**
3433
* \test Test the working of detection engien with respect to dce keywords.
3434
*/
3435
int DcePayloadTest05(void)
3436
{
3437
int result = 0;
3438
uint8_t bind[] = {
3439
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
3440
0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3441
0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00,
3442
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
3443
0x6a, 0x28, 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11,
3444
0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
3445
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
3446
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
3447
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
3448
};
3449
uint32_t bind_len = sizeof(bind);
3450
3451
uint8_t bind_ack[] = {
3452
0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00,
3453
0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3454
0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
3455
0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c,
3456
0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0x00, 0x00,
3457
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3458
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
3459
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
3460
0x02, 0x00, 0x00, 0x00
3461
};
3462
uint32_t bind_ack_len = sizeof(bind_ack);
3463
3464
uint8_t request1[] = {
3465
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
3466
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3467
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
3468
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3469
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
3470
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
3471
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
3472
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
3473
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
3474
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
3475
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
3476
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
3477
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
3478
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
3479
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
3480
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
3481
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
3482
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
3483
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
3484
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
3485
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
3486
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
3487
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
3488
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
3489
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
3490
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
3491
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
3492
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
3493
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
3494
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
3495
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
3496
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
3497
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
3498
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
3499
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
3500
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
3501
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
3502
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
3503
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
3504
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
3505
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
3506
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
3507
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
3508
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
3509
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
3510
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
3511
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
3512
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
3513
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
3514
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
3515
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
3516
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
3517
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
3518
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
3519
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
3520
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
3521
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
3522
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
3523
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
3524
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
3525
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
3526
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
3527
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
3528
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
3529
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
3530
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
3531
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
3532
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
3533
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
3534
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
3535
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
3536
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
3537
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
3538
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
3539
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
3540
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
3541
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
3542
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
3543
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
3544
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
3545
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
3546
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
3547
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
3548
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
3549
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
3550
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
3551
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
3552
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
3553
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
3554
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
3555
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
3556
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
3557
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
3558
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
3559
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
3560
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
3561
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
3562
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
3563
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
3564
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
3565
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
3566
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
3567
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
3568
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
3569
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
3570
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
3571
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
3572
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
3573
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
3574
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
3575
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
3576
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
3577
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
3578
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
3579
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
3580
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
3581
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
3582
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
3583
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
3584
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
3585
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
3586
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
3587
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
3588
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
3589
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
3590
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
3591
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
3592
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
3593
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
3594
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
3595
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
3596
};
3597
uint32_t request1_len = sizeof(request1);
3598
3599
uint8_t request2[] = {
3600
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
3601
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3602
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
3603
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
3604
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
3605
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
3606
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
3607
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
3608
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
3609
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
3610
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
3611
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
3612
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
3613
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
3614
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
3615
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
3616
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
3617
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
3618
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
3619
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
3620
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
3621
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
3622
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
3623
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
3624
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
3625
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
3626
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
3627
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
3628
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
3629
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
3630
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
3631
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
3632
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
3633
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
3634
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
3635
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
3636
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
3637
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
3638
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
3639
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
3640
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
3641
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
3642
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
3643
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
3644
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
3645
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
3646
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
3647
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
3648
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
3649
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
3650
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
3651
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
3652
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
3653
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
3654
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
3655
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
3656
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
3657
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
3658
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
3659
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
3660
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
3661
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
3662
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
3663
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
3664
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
3665
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
3666
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
3667
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
3668
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
3669
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
3670
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
3671
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
3672
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
3673
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
3674
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
3675
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
3676
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
3677
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
3678
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
3679
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
3680
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
3681
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
3682
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
3683
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
3684
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
3685
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
3686
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
3687
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
3688
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
3689
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
3690
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
3691
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
3692
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
3693
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
3694
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
3695
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
3696
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
3697
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
3698
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
3699
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
3700
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
3701
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
3702
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
3703
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
3704
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
3705
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
3706
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
3707
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
3708
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
3709
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
3710
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
3711
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
3712
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
3713
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
3714
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
3715
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
3716
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
3717
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
3718
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
3719
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
3720
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
3721
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
3722
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
3723
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
3724
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
3725
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
3726
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
3727
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
3728
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
3729
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
3730
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
3731
};
3732
uint32_t request2_len = sizeof(request2);
3733
3734
TcpSession ssn;
3735
Packet p[4];
3736
ThreadVars tv;
3737
DetectEngineCtx *de_ctx = NULL;
3738
DetectEngineThreadCtx *det_ctx = NULL;
3739
Flow f;
3740
int r;
3741
int i = 0;
3742
3743
char *sig1 = "alert tcp any any -> any any "
3744
"(dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef4; "
3745
"content:|91 27 27 40|; sid:1;)";
3746
char *sig2 = "alert tcp any any -> any any (dce_stub_data; "
3747
"content:|2d 5e 63 2a 4c|; sid:2;)";
3748
3749
Signature *s;
3750
3751
memset(&tv, 0, sizeof(ThreadVars));
3752
memset(&f, 0, sizeof(Flow));
3753
memset(&ssn, 0, sizeof(TcpSession));
3754
3755
for (i = 0; i < 4; i++) {
3756
memset(&p[i], 0, sizeof(Packet));
3757
p[i].src.family = AF_INET;
3758
p[i].dst.family = AF_INET;
3759
p[i].payload = NULL;
3760
p[i].payload_len = 0;
3761
p[i].proto = IPPROTO_TCP;
3762
p[i].flow = &f;
3763
p[i].flowflags |= FLOW_PKT_TOSERVER;
3764
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
3765
}
3766
p[1].flowflags |= FLOW_PKT_TOCLIENT;
3767
3768
FLOW_INITIALIZE(&f);
3769
f.protoctx = (void *)&ssn;
3770
f.src.family = AF_INET;
3771
f.dst.family = AF_INET;
3772
f.alproto = ALPROTO_DCERPC;
3773
3774
StreamTcpInitConfig(TRUE);
3775
FlowL7DataPtrInit(&f);
3776
3777
de_ctx = DetectEngineCtxInit();
3778
if (de_ctx == NULL)
3779
goto end;
3780
de_ctx->flags |= DE_QUIET;
3781
3782
de_ctx->sig_list = SigInit(de_ctx, sig1);
3783
s = de_ctx->sig_list;
3784
if (s == NULL)
3785
goto end;
3786
3787
s->next = SigInit(de_ctx, sig2);
3788
s = s->next;
3789
if (s == NULL)
3790
goto end;
3791
3792
SigGroupBuild(de_ctx);
3793
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
3794
3795
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
3796
if (r != 0) {
3797
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
3798
result = 0;
3799
goto end;
3800
}
3801
/* detection phase */
3802
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
3803
if ((PacketAlertCheck(&p[0], 1))) {
3804
printf("sid 1 matched but shouldn't have for packet 0: ");
3805
goto end;
3806
}
3807
if ((PacketAlertCheck(&p[0], 2))) {
3808
printf("sid 2 matched but shouldn't have for packet 0: ");
3809
goto end;
3810
}
3811
3812
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
3813
if (r != 0) {
3814
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
3815
result = 0;
3816
goto end;
3817
}
3818
/* detection phase */
3819
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
3820
if ((PacketAlertCheck(&p[1], 1))) {
3821
printf("sid 1 matched but shouldn't have for packet 1: ");
3822
goto end;
3823
}
3824
if ((PacketAlertCheck(&p[1], 2))) {
3825
printf("sid 2 matched but shouldn't have for packet 1: ");
3826
goto end;
3827
}
3828
3829
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
3830
if (r != 0) {
3831
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
3832
result = 0;
3833
goto end;
3834
}
3835
/* detection phase */
3836
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
3837
if ((PacketAlertCheck(&p[2], 1))) {
3838
printf("sid 1 matched but shouldn't have for packet 2: ");
3839
goto end;
3840
}
3841
if ((PacketAlertCheck(&p[2], 2))) {
3842
printf("sid 2 matched but shouldn't have for packet 2: ");
3843
goto end;
3844
}
3845
3846
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
3847
if (r != 0) {
3848
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
3849
result = 0;
3850
goto end;
3851
}
3852
/* detection phase */
3853
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
3854
if ((PacketAlertCheck(&p[3], 1))) {
3855
printf("sid 2 matched but shouldn't have for packet 3: ");
3856
goto end;
3857
}
3858
if (!(PacketAlertCheck(&p[3], 2))) {
3859
printf("sid 2 didn't match but should have for packet 3: ");
3860
goto end;
3861
}
3862
3863
result = 1;
3864
3865
end:
3866
if (de_ctx != NULL) {
3867
SigGroupCleanup(de_ctx);
3868
SigCleanSignatures(de_ctx);
3869
3870
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
3871
DetectEngineCtxFree(de_ctx);
3872
}
3873
3874
FlowL7DataPtrFree(&f);
3875
StreamTcpFreeConfig(TRUE);
3876
3877
return result;
3878
}
3879
3880
/**
3881
* \test Test the working of detection engien with respect to dce keywords.
3882
*/
3883
int DcePayloadTest06(void)
3884
{
3885
int result = 0;
3886
uint8_t bind[] = {
3887
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
3888
0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3889
0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00,
3890
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
3891
0x6a, 0x28, 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11,
3892
0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
3893
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
3894
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
3895
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
3896
};
3897
uint32_t bind_len = sizeof(bind);
3898
3899
uint8_t bind_ack[] = {
3900
0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00,
3901
0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3902
0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
3903
0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c,
3904
0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0x00, 0x00,
3905
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3906
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
3907
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
3908
0x02, 0x00, 0x00, 0x00
3909
};
3910
uint32_t bind_ack_len = sizeof(bind_ack);
3911
3912
uint8_t request1[] = {
3913
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
3914
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3915
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
3916
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3917
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
3918
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
3919
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
3920
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
3921
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
3922
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
3923
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
3924
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
3925
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
3926
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
3927
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
3928
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
3929
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
3930
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
3931
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
3932
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
3933
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
3934
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
3935
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
3936
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
3937
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
3938
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
3939
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
3940
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
3941
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
3942
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
3943
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
3944
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
3945
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
3946
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
3947
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
3948
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
3949
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
3950
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
3951
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
3952
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
3953
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
3954
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
3955
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
3956
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
3957
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
3958
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
3959
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
3960
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
3961
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
3962
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
3963
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
3964
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
3965
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
3966
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
3967
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
3968
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
3969
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
3970
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
3971
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
3972
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
3973
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
3974
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
3975
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
3976
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
3977
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
3978
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
3979
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
3980
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
3981
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
3982
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
3983
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
3984
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
3985
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
3986
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
3987
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
3988
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
3989
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
3990
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
3991
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
3992
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
3993
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
3994
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
3995
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
3996
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
3997
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
3998
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
3999
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
4000
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
4001
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
4002
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
4003
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
4004
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
4005
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
4006
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
4007
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
4008
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
4009
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
4010
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
4011
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
4012
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
4013
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
4014
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
4015
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
4016
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
4017
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
4018
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
4019
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
4020
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
4021
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
4022
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
4023
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
4024
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
4025
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
4026
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
4027
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
4028
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
4029
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
4030
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
4031
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
4032
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
4033
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
4034
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
4035
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
4036
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
4037
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
4038
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
4039
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
4040
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
4041
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
4042
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
4043
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
4044
};
4045
uint32_t request1_len = sizeof(request1);
4046
4047
uint8_t request2[] = {
4048
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
4049
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4050
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
4051
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
4052
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
4053
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
4054
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
4055
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
4056
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
4057
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
4058
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
4059
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
4060
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
4061
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
4062
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
4063
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
4064
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
4065
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
4066
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
4067
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
4068
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
4069
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
4070
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
4071
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
4072
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
4073
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
4074
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
4075
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
4076
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
4077
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
4078
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
4079
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
4080
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
4081
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
4082
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
4083
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
4084
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
4085
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
4086
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
4087
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
4088
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
4089
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
4090
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
4091
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
4092
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
4093
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
4094
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
4095
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
4096
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
4097
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
4098
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
4099
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
4100
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
4101
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
4102
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
4103
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
4104
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
4105
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
4106
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
4107
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
4108
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
4109
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
4110
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
4111
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
4112
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
4113
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
4114
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
4115
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
4116
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
4117
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
4118
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
4119
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
4120
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
4121
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
4122
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
4123
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
4124
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
4125
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
4126
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
4127
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
4128
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
4129
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
4130
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
4131
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
4132
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
4133
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
4134
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
4135
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
4136
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
4137
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
4138
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
4139
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
4140
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
4141
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
4142
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
4143
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
4144
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
4145
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
4146
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
4147
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
4148
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
4149
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
4150
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
4151
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
4152
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
4153
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
4154
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
4155
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
4156
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
4157
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
4158
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
4159
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
4160
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
4161
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
4162
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
4163
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
4164
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
4165
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
4166
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
4167
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
4168
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
4169
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
4170
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
4171
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
4172
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
4173
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
4174
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
4175
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
4176
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
4177
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
4178
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
4179
};
4180
uint32_t request2_len = sizeof(request2);
4181
4182
4183
TcpSession ssn;
4184
Packet p[4];
4185
ThreadVars tv;
4186
DetectEngineCtx *de_ctx = NULL;
4187
DetectEngineThreadCtx *det_ctx = NULL;
4188
Flow f;
4189
int r;
4190
int i = 0;
4191
4192
char *sig1 = "alert tcp any any -> any any "
4193
"(dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
4194
"content:|91 27 27 30|; sid:1;)";
4195
char *sig2 = "alert tcp any any -> any any (dce_stub_data; "
4196
"content:|2d 5e 63 2a 4c|; sid:2;)";
4197
4198
Signature *s;
4199
4200
memset(&tv, 0, sizeof(ThreadVars));
4201
memset(&f, 0, sizeof(Flow));
4202
memset(&ssn, 0, sizeof(TcpSession));
4203
4204
for (i = 0; i < 4; i++) {
4205
memset(&p[i], 0, sizeof(Packet));
4206
p[i].src.family = AF_INET;
4207
p[i].dst.family = AF_INET;
4208
p[i].payload = NULL;
4209
p[i].payload_len = 0;
4210
p[i].proto = IPPROTO_TCP;
4211
p[i].flow = &f;
4212
p[i].flowflags |= FLOW_PKT_TOSERVER;
4213
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
4214
}
4215
p[1].flowflags |= FLOW_PKT_TOCLIENT;
4216
4217
FLOW_INITIALIZE(&f);
4218
f.protoctx = (void *)&ssn;
4219
f.src.family = AF_INET;
4220
f.dst.family = AF_INET;
4221
f.alproto = ALPROTO_DCERPC;
4222
4223
StreamTcpInitConfig(TRUE);
4224
FlowL7DataPtrInit(&f);
4225
4226
de_ctx = DetectEngineCtxInit();
4227
if (de_ctx == NULL)
4228
goto end;
4229
de_ctx->flags |= DE_QUIET;
4230
4231
de_ctx->sig_list = SigInit(de_ctx, sig1);
4232
s = de_ctx->sig_list;
4233
if (s == NULL)
4234
goto end;
4235
4236
s->next = SigInit(de_ctx, sig2);
4237
s = s->next;
4238
if (s == NULL)
4239
goto end;
4240
4241
SigGroupBuild(de_ctx);
4242
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
4243
4244
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
4245
if (r != 0) {
4246
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4247
result = 0;
4248
goto end;
4249
}
4250
/* detection phase */
4251
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
4252
if ((PacketAlertCheck(&p[0], 1))) {
4253
printf("sid 1 matched but shouldn't have for packet 0: ");
4254
goto end;
4255
}
4256
if ((PacketAlertCheck(&p[0], 2))) {
4257
printf("sid 2 matched but shouldn't have for packet 0: ");
4258
goto end;
4259
}
4260
4261
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
4262
if (r != 0) {
4263
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4264
result = 0;
4265
goto end;
4266
}
4267
/* detection phase */
4268
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
4269
if ((PacketAlertCheck(&p[1], 1))) {
4270
printf("sid 1 matched but shouldn't have for packet 1: ");
4271
goto end;
4272
}
4273
if ((PacketAlertCheck(&p[1], 2))) {
4274
printf("sid 2 matched but shouldn't have for packet 1: ");
4275
goto end;
4276
}
4277
4278
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
4279
if (r != 0) {
4280
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4281
result = 0;
4282
goto end;
4283
}
4284
/* detection phase */
4285
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
4286
if ((PacketAlertCheck(&p[2], 1))) {
4287
printf("sid 1 matched but shouldn't have for packet 2: ");
4288
goto end;
4289
}
4290
if ((PacketAlertCheck(&p[2], 2))) {
4291
printf("sid 2 matched but shouldn't have for packet 2: ");
4292
goto end;
4293
}
4294
4295
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
4296
if (r != 0) {
4297
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4298
result = 0;
4299
goto end;
4300
}
4301
/* detection phase */
4302
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
4303
if ((PacketAlertCheck(&p[3], 1))) {
4304
printf("sid 1 matched but shouldn't have for packet 3: ");
4305
goto end;
4306
}
4307
if (!(PacketAlertCheck(&p[3], 2))) {
4308
printf("sid 2 didn't match but should have for packet 3: ");
4309
goto end;
4310
}
4311
4312
result = 1;
4313
4314
end:
4315
if (de_ctx != NULL) {
4316
SigGroupCleanup(de_ctx);
4317
SigCleanSignatures(de_ctx);
4318
4319
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
4320
DetectEngineCtxFree(de_ctx);
4321
}
4322
4323
FlowL7DataPtrFree(&f);
4324
StreamTcpFreeConfig(TRUE);
4325
4326
return result;
4327
}
4328
4329
/**
4330
* \test Test the working of detection engien with respect to dce keywords.
4331
*/
4332
int DcePayloadTest07(void)
4333
{
4334
int result = 0;
4335
uint8_t bind[] = {
4336
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
4337
0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4338
0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00,
4339
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
4340
0x6a, 0x28, 0x19, 0x39, 0x0c, 0xb1, 0xd0, 0x11,
4341
0x9b, 0xa8, 0x00, 0xc0, 0x4f, 0xd9, 0x2e, 0xf5,
4342
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
4343
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
4344
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
4345
};
4346
uint32_t bind_len = sizeof(bind);
4347
4348
uint8_t bind_ack[] = {
4349
0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00,
4350
0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4351
0xb8, 0x10, 0xb8, 0x10, 0x48, 0x1a, 0x00, 0x00,
4352
0x0c, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c,
4353
0x6c, 0x73, 0x61, 0x73, 0x73, 0x00, 0x00, 0x00,
4354
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4355
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
4356
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
4357
0x02, 0x00, 0x00, 0x00
4358
};
4359
uint32_t bind_ack_len = sizeof(bind_ack);
4360
4361
uint8_t request1[] = {
4362
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
4363
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4364
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
4365
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4366
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
4367
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
4368
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
4369
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
4370
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
4371
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
4372
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
4373
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
4374
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
4375
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
4376
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
4377
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
4378
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
4379
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
4380
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
4381
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
4382
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
4383
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
4384
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
4385
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
4386
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
4387
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
4388
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
4389
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
4390
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
4391
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
4392
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
4393
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
4394
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
4395
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
4396
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
4397
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
4398
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
4399
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
4400
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
4401
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
4402
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
4403
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
4404
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
4405
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
4406
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
4407
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
4408
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
4409
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
4410
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
4411
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
4412
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
4413
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
4414
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
4415
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
4416
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
4417
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
4418
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
4419
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
4420
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
4421
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
4422
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
4423
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
4424
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
4425
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
4426
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
4427
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
4428
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
4429
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
4430
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
4431
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
4432
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
4433
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
4434
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
4435
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
4436
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
4437
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
4438
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
4439
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
4440
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
4441
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
4442
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
4443
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
4444
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
4445
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
4446
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
4447
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
4448
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
4449
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
4450
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
4451
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
4452
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
4453
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
4454
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
4455
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
4456
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
4457
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
4458
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
4459
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
4460
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
4461
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
4462
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
4463
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
4464
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
4465
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
4466
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
4467
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
4468
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
4469
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
4470
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
4471
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
4472
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
4473
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
4474
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
4475
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
4476
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
4477
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
4478
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
4479
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
4480
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
4481
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
4482
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
4483
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
4484
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
4485
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
4486
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
4487
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
4488
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
4489
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
4490
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
4491
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
4492
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
4493
};
4494
uint32_t request1_len = sizeof(request1);
4495
4496
uint8_t request2[] = {
4497
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
4498
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4499
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
4500
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
4501
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
4502
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
4503
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
4504
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
4505
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
4506
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
4507
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
4508
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
4509
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
4510
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
4511
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
4512
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
4513
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
4514
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
4515
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
4516
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
4517
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
4518
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
4519
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
4520
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
4521
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
4522
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
4523
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
4524
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
4525
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
4526
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
4527
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
4528
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
4529
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
4530
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
4531
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
4532
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
4533
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
4534
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
4535
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
4536
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
4537
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
4538
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
4539
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
4540
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
4541
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
4542
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
4543
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
4544
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
4545
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
4546
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
4547
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
4548
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
4549
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
4550
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
4551
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
4552
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
4553
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
4554
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
4555
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
4556
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
4557
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
4558
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
4559
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
4560
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
4561
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
4562
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
4563
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
4564
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
4565
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
4566
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
4567
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
4568
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
4569
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
4570
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
4571
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
4572
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
4573
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
4574
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
4575
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
4576
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
4577
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
4578
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
4579
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
4580
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
4581
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
4582
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
4583
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
4584
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
4585
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
4586
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
4587
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
4588
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
4589
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
4590
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
4591
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
4592
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
4593
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
4594
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
4595
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
4596
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
4597
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
4598
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
4599
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
4600
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
4601
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
4602
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
4603
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
4604
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
4605
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
4606
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
4607
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
4608
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
4609
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
4610
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
4611
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
4612
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
4613
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
4614
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
4615
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
4616
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
4617
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
4618
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
4619
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
4620
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
4621
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
4622
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
4623
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
4624
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
4625
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
4626
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
4627
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
4628
};
4629
uint32_t request2_len = sizeof(request2);
4630
4631
TcpSession ssn;
4632
Packet p[4];
4633
ThreadVars tv;
4634
DetectEngineCtx *de_ctx = NULL;
4635
DetectEngineThreadCtx *det_ctx = NULL;
4636
Flow f;
4637
int r;
4638
int i = 0;
4639
4640
char *sig1 = "alert tcp any any -> any any "
4641
"(dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
4642
"content:|91 27 27 30|; sid:1;)";
4643
char *sig2 = "alert tcp any any -> any any (dce_stub_data; "
4644
"content:|2d 5e 63 35 25|; sid:2;)";
4645
4646
Signature *s;
4647
4648
memset(&tv, 0, sizeof(ThreadVars));
4649
memset(&f, 0, sizeof(Flow));
4650
memset(&ssn, 0, sizeof(TcpSession));
4651
4652
for (i = 0; i < 4; i++) {
4653
memset(&p[i], 0, sizeof(Packet));
4654
p[i].src.family = AF_INET;
4655
p[i].dst.family = AF_INET;
4656
p[i].payload = NULL;
4657
p[i].payload_len = 0;
4658
p[i].proto = IPPROTO_TCP;
4659
p[i].flow = &f;
4660
p[i].flowflags |= FLOW_PKT_TOSERVER;
4661
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
4662
}
4663
p[1].flowflags |= FLOW_PKT_TOCLIENT;
4664
4665
FLOW_INITIALIZE(&f);
4666
f.protoctx = (void *)&ssn;
4667
f.src.family = AF_INET;
4668
f.dst.family = AF_INET;
4669
f.alproto = ALPROTO_DCERPC;
4670
4671
StreamTcpInitConfig(TRUE);
4672
FlowL7DataPtrInit(&f);
4673
4674
de_ctx = DetectEngineCtxInit();
4675
if (de_ctx == NULL)
4676
goto end;
4677
de_ctx->flags |= DE_QUIET;
4678
4679
de_ctx->sig_list = SigInit(de_ctx, sig1);
4680
s = de_ctx->sig_list;
4681
if (s == NULL)
4682
goto end;
4683
4684
s->next = SigInit(de_ctx, sig2);
4685
s = s->next;
4686
if (s == NULL)
4687
goto end;
4688
4689
SigGroupBuild(de_ctx);
4690
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
4691
4692
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
4693
if (r != 0) {
4694
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4695
result = 0;
4696
goto end;
4697
}
4698
/* detection phase */
4699
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
4700
if ((PacketAlertCheck(&p[0], 1))) {
4701
printf("sid 1 matched but shouldn't have for packet 0: ");
4702
goto end;
4703
}
4704
if ((PacketAlertCheck(&p[0], 2))) {
4705
printf("sid 2 matched but shouldn't have for packet 0: ");
4706
goto end;
4707
}
4708
4709
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
4710
if (r != 0) {
4711
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4712
result = 0;
4713
goto end;
4714
}
4715
/* detection phase */
4716
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
4717
if ((PacketAlertCheck(&p[1], 1))) {
4718
printf("sid 1 matched but shouldn't have for packet 1: ");
4719
goto end;
4720
}
4721
if ((PacketAlertCheck(&p[1], 2))) {
4722
printf("sid 2 matched but shouldn't have for packet 1: ");
4723
goto end;
4724
}
4725
4726
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
4727
if (r != 0) {
4728
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4729
result = 0;
4730
goto end;
4731
}
4732
/* detection phase */
4733
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
4734
if ((PacketAlertCheck(&p[2], 1))) {
4735
printf("sid 1 matched but shouldn't have for packet 2: ");
4736
goto end;
4737
}
4738
if ((PacketAlertCheck(&p[2], 2))) {
4739
printf("sid 2 matched but shouldn't have for packet 2: ");
4740
goto end;
4741
}
4742
4743
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
4744
if (r != 0) {
4745
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4746
result = 0;
4747
goto end;
4748
}
4749
/* detection phase */
4750
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
4751
if ((PacketAlertCheck(&p[3], 1))) {
4752
printf("sid 1 matched but shouldn't have for packet 3: ");
4753
goto end;
4754
}
4755
if ((PacketAlertCheck(&p[3], 2))) {
4756
printf("sid 2 matched but shouldn't have for packet 3: ");
4757
goto end;
4758
}
4759
4760
result = 1;
4761
4762
end:
4763
if (de_ctx != NULL) {
4764
SigGroupCleanup(de_ctx);
4765
SigCleanSignatures(de_ctx);
4766
4767
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
4768
DetectEngineCtxFree(de_ctx);
4769
}
4770
4771
FlowL7DataPtrFree(&f);
4772
StreamTcpFreeConfig(TRUE);
4773
4774
return result;
4775
}
4776
4777
/**
4778
* \test Positive test, to test the working of distance and within.
4779
*/
4780
int DcePayloadTest08(void)
4781
{
4782
int result = 0;
4783
4784
uint8_t request1[] = {
4785
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
4786
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4787
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
4788
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4789
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
4790
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
4791
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
4792
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
4793
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
4794
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
4795
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
4796
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
4797
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
4798
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
4799
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
4800
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
4801
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
4802
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
4803
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
4804
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
4805
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
4806
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
4807
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
4808
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
4809
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
4810
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
4811
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
4812
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
4813
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
4814
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
4815
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
4816
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
4817
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
4818
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
4819
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
4820
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
4821
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
4822
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
4823
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
4824
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
4825
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
4826
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
4827
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
4828
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
4829
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
4830
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
4831
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
4832
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
4833
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
4834
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
4835
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
4836
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
4837
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
4838
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
4839
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
4840
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
4841
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
4842
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
4843
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
4844
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
4845
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
4846
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
4847
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
4848
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
4849
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
4850
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
4851
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
4852
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
4853
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
4854
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
4855
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
4856
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
4857
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
4858
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
4859
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
4860
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
4861
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
4862
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
4863
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
4864
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
4865
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
4866
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
4867
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
4868
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
4869
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
4870
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
4871
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
4872
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
4873
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
4874
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
4875
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
4876
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
4877
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
4878
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
4879
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
4880
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
4881
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
4882
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
4883
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
4884
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
4885
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
4886
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
4887
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
4888
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
4889
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
4890
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
4891
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
4892
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
4893
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
4894
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
4895
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
4896
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
4897
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
4898
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
4899
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
4900
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
4901
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
4902
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
4903
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
4904
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
4905
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
4906
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
4907
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
4908
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
4909
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
4910
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
4911
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
4912
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
4913
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
4914
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
4915
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
4916
};
4917
uint32_t request1_len = sizeof(request1);
4918
4919
TcpSession ssn;
4920
Packet p[1];
4921
ThreadVars tv;
4922
DetectEngineCtx *de_ctx = NULL;
4923
DetectEngineThreadCtx *det_ctx = NULL;
4924
Flow f;
4925
int r;
4926
int i = 0;
4927
4928
char *sig1 = "alert tcp any any -> any any "
4929
"(dce_stub_data; content:|5d 5b 35|; content:|9e a3|; "
4930
"distance:0; within:2; sid:1;)";
4931
4932
Signature *s;
4933
4934
memset(&tv, 0, sizeof(ThreadVars));
4935
memset(&f, 0, sizeof(Flow));
4936
memset(&ssn, 0, sizeof(TcpSession));
4937
4938
for (i = 0; i < 1; i++) {
4939
memset(&p[i], 0, sizeof(Packet));
4940
p[i].src.family = AF_INET;
4941
p[i].dst.family = AF_INET;
4942
p[i].payload = NULL;
4943
p[i].payload_len = 0;
4944
p[i].proto = IPPROTO_TCP;
4945
p[i].flow = &f;
4946
p[i].flowflags |= FLOW_PKT_TOSERVER;
4947
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
4948
}
4949
4950
FLOW_INITIALIZE(&f);
4951
f.protoctx = (void *)&ssn;
4952
f.src.family = AF_INET;
4953
f.dst.family = AF_INET;
4954
f.alproto = ALPROTO_DCERPC;
4955
4956
StreamTcpInitConfig(TRUE);
4957
FlowL7DataPtrInit(&f);
4958
4959
de_ctx = DetectEngineCtxInit();
4960
if (de_ctx == NULL)
4961
goto end;
4962
de_ctx->flags |= DE_QUIET;
4963
4964
de_ctx->sig_list = SigInit(de_ctx, sig1);
4965
s = de_ctx->sig_list;
4966
if (s == NULL)
4967
goto end;
4968
4969
SigGroupBuild(de_ctx);
4970
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
4971
4972
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
4973
if (r != 0) {
4974
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
4975
result = 0;
4976
goto end;
4977
}
4978
/* detection phase */
4979
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
4980
if (!(PacketAlertCheck(&p[0], 1))) {
4981
printf("sid 1 didn't match but should have for packet 0: ");
4982
goto end;
4983
}
4984
4985
result = 1;
4986
4987
end:
4988
if (de_ctx != NULL) {
4989
SigGroupCleanup(de_ctx);
4990
SigCleanSignatures(de_ctx);
4991
4992
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
4993
DetectEngineCtxFree(de_ctx);
4994
}
4995
4996
FlowL7DataPtrFree(&f);
4997
StreamTcpFreeConfig(TRUE);
4998
4999
return result;
5000
}
5001
5002
/**
5003
* \test Positive test, to test the working of distance and within.
5004
*/
5005
int DcePayloadTest09(void)
5006
{
5007
int result = 0;
5008
5009
uint8_t request1[] = {
5010
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
5011
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5012
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
5013
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5014
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
5015
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
5016
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
5017
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
5018
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
5019
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
5020
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
5021
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
5022
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
5023
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
5024
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
5025
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
5026
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
5027
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
5028
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
5029
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
5030
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
5031
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
5032
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
5033
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
5034
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
5035
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
5036
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
5037
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
5038
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
5039
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
5040
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
5041
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
5042
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
5043
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
5044
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
5045
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
5046
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
5047
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
5048
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
5049
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
5050
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
5051
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
5052
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
5053
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
5054
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
5055
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
5056
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
5057
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
5058
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
5059
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
5060
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
5061
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
5062
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
5063
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
5064
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
5065
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
5066
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
5067
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
5068
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
5069
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
5070
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
5071
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
5072
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
5073
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
5074
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
5075
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
5076
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
5077
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
5078
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
5079
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
5080
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
5081
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
5082
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
5083
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
5084
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
5085
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
5086
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
5087
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
5088
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
5089
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
5090
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
5091
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
5092
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
5093
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
5094
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
5095
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
5096
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
5097
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
5098
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
5099
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
5100
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
5101
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
5102
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
5103
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
5104
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
5105
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
5106
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
5107
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
5108
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
5109
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
5110
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
5111
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
5112
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
5113
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
5114
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
5115
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
5116
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
5117
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
5118
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
5119
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
5120
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
5121
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
5122
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
5123
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
5124
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
5125
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
5126
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
5127
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
5128
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
5129
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
5130
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
5131
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
5132
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
5133
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
5134
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
5135
0x9b, 0x38, 0x5d, 0x5b, 0x35, 0x46, 0x9e, 0xa3,
5136
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
5137
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
5138
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
5139
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
5140
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
5141
};
5142
uint32_t request1_len = sizeof(request1);
5143
5144
TcpSession ssn;
5145
Packet p[1];
5146
ThreadVars tv;
5147
DetectEngineCtx *de_ctx = NULL;
5148
DetectEngineThreadCtx *det_ctx = NULL;
5149
Flow f;
5150
int r;
5151
int i = 0;
5152
5153
char *sig1 = "alert tcp any any -> any any "
5154
"(dce_stub_data; content:|5d 5b 35|; content:|9e a3|; "
5155
"distance:0; within:2; sid:1;)";
5156
5157
Signature *s;
5158
5159
memset(&tv, 0, sizeof(ThreadVars));
5160
memset(&f, 0, sizeof(Flow));
5161
memset(&ssn, 0, sizeof(TcpSession));
5162
5163
for (i = 0; i < 1; i++) {
5164
memset(&p[i], 0, sizeof(Packet));
5165
p[i].src.family = AF_INET;
5166
p[i].dst.family = AF_INET;
5167
p[i].payload = NULL;
5168
p[i].payload_len = 0;
5169
p[i].proto = IPPROTO_TCP;
5170
p[i].flow = &f;
5171
p[i].flowflags |= FLOW_PKT_TOSERVER;
5172
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
5173
}
5174
5175
FLOW_INITIALIZE(&f);
5176
f.protoctx = (void *)&ssn;
5177
f.src.family = AF_INET;
5178
f.dst.family = AF_INET;
5179
f.alproto = ALPROTO_DCERPC;
5180
5181
StreamTcpInitConfig(TRUE);
5182
FlowL7DataPtrInit(&f);
5183
5184
de_ctx = DetectEngineCtxInit();
5185
if (de_ctx == NULL)
5186
goto end;
5187
de_ctx->flags |= DE_QUIET;
5188
5189
de_ctx->sig_list = SigInit(de_ctx, sig1);
5190
s = de_ctx->sig_list;
5191
if (s == NULL)
5192
goto end;
5193
5194
SigGroupBuild(de_ctx);
5195
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
5196
5197
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
5198
if (r != 0) {
5199
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
5200
result = 0;
5201
goto end;
5202
}
5203
/* detection phase */
5204
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
5205
if (!(PacketAlertCheck(&p[0], 1))) {
5206
printf("sid 1 didn't match but should have for packet 0: ");
5207
goto end;
5208
}
5209
5210
result = 1;
5211
5212
end:
5213
if (de_ctx != NULL) {
5214
SigGroupCleanup(de_ctx);
5215
SigCleanSignatures(de_ctx);
5216
5217
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
5218
DetectEngineCtxFree(de_ctx);
5219
}
5220
5221
FlowL7DataPtrFree(&f);
5222
StreamTcpFreeConfig(TRUE);
5223
5224
return result;
5225
}
5226
5227
/**
5228
* \test Positive test, to test the working of distance and within.
5229
*/
5230
int DcePayloadTest10(void)
5231
{
5232
int result = 0;
5233
5234
uint8_t request1[] = {
5235
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
5236
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5237
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
5238
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5239
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
5240
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
5241
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
5242
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
5243
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
5244
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
5245
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
5246
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
5247
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
5248
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
5249
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
5250
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
5251
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
5252
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
5253
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
5254
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
5255
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
5256
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
5257
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
5258
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
5259
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
5260
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
5261
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
5262
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
5263
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
5264
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
5265
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
5266
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
5267
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
5268
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
5269
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
5270
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
5271
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
5272
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
5273
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
5274
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
5275
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
5276
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
5277
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
5278
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
5279
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
5280
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
5281
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
5282
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
5283
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
5284
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
5285
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
5286
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
5287
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
5288
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
5289
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
5290
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
5291
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
5292
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
5293
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
5294
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
5295
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
5296
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
5297
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
5298
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
5299
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
5300
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
5301
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
5302
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
5303
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
5304
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
5305
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
5306
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
5307
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
5308
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
5309
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
5310
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
5311
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
5312
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
5313
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
5314
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
5315
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
5316
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
5317
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
5318
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
5319
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
5320
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
5321
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
5322
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
5323
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
5324
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
5325
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
5326
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
5327
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
5328
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
5329
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
5330
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
5331
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
5332
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
5333
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
5334
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
5335
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
5336
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
5337
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
5338
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
5339
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
5340
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
5341
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
5342
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
5343
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
5344
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
5345
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
5346
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
5347
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
5348
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
5349
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
5350
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
5351
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
5352
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
5353
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
5354
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
5355
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
5356
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
5357
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
5358
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
5359
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
5360
0x9b, 0x38, 0x5d, 0x5b, 0x35, 0x46, 0x9e, 0xa3,
5361
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
5362
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
5363
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
5364
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
5365
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
5366
};
5367
uint32_t request1_len = sizeof(request1);
5368
5369
TcpSession ssn;
5370
Packet p[1];
5371
ThreadVars tv;
5372
DetectEngineCtx *de_ctx = NULL;
5373
DetectEngineThreadCtx *det_ctx = NULL;
5374
Flow f;
5375
int r;
5376
int i = 0;
5377
5378
char *sig1 = "alert tcp any any -> any any "
5379
"(dce_stub_data; content:|ad 0d|; content:|ad 0d 00|; "
5380
"distance:-10; within:3; sid:1;)";
5381
5382
Signature *s;
5383
5384
memset(&tv, 0, sizeof(ThreadVars));
5385
memset(&f, 0, sizeof(Flow));
5386
memset(&ssn, 0, sizeof(TcpSession));
5387
5388
for (i = 0; i < 1; i++) {
5389
memset(&p[i], 0, sizeof(Packet));
5390
p[i].src.family = AF_INET;
5391
p[i].dst.family = AF_INET;
5392
p[i].payload = NULL;
5393
p[i].payload_len = 0;
5394
p[i].proto = IPPROTO_TCP;
5395
p[i].flow = &f;
5396
p[i].flowflags |= FLOW_PKT_TOSERVER;
5397
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
5398
}
5399
5400
FLOW_INITIALIZE(&f);
5401
f.protoctx = (void *)&ssn;
5402
f.src.family = AF_INET;
5403
f.dst.family = AF_INET;
5404
f.alproto = ALPROTO_DCERPC;
5405
5406
StreamTcpInitConfig(TRUE);
5407
FlowL7DataPtrInit(&f);
5408
5409
de_ctx = DetectEngineCtxInit();
5410
if (de_ctx == NULL)
5411
goto end;
5412
de_ctx->flags |= DE_QUIET;
5413
5414
de_ctx->sig_list = SigInit(de_ctx, sig1);
5415
s = de_ctx->sig_list;
5416
if (s == NULL)
5417
goto end;
5418
5419
SigGroupBuild(de_ctx);
5420
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
5421
5422
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
5423
if (r != 0) {
5424
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
5425
result = 0;
5426
goto end;
5427
}
5428
/* detection phase */
5429
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
5430
if (!(PacketAlertCheck(&p[0], 1))) {
5431
printf("sid 1 didn't match but should have for packet 0: ");
5432
goto end;
5433
}
5434
5435
result = 1;
5436
5437
end:
5438
if (de_ctx != NULL) {
5439
SigGroupCleanup(de_ctx);
5440
SigCleanSignatures(de_ctx);
5441
5442
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
5443
DetectEngineCtxFree(de_ctx);
5444
}
5445
5446
FlowL7DataPtrFree(&f);
5447
StreamTcpFreeConfig(TRUE);
5448
5449
return result;
5450
}
5451
5452
/**
5453
* \test Postive test to check the working of disance and within across frags.
5454
*/
5455
int DcePayloadTest11(void)
5456
{
5457
int result = 0;
5458
5459
uint8_t request1[] = {
5460
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
5461
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5462
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
5463
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5464
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
5465
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
5466
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
5467
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
5468
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
5469
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
5470
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
5471
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
5472
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
5473
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
5474
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
5475
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
5476
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
5477
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
5478
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
5479
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
5480
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
5481
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
5482
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
5483
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
5484
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
5485
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
5486
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
5487
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
5488
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
5489
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
5490
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
5491
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
5492
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
5493
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
5494
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
5495
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
5496
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
5497
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
5498
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
5499
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
5500
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
5501
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
5502
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
5503
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
5504
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
5505
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
5506
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
5507
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
5508
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
5509
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
5510
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
5511
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
5512
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
5513
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
5514
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
5515
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
5516
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
5517
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
5518
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
5519
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
5520
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
5521
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
5522
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
5523
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
5524
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
5525
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
5526
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
5527
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
5528
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
5529
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
5530
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
5531
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
5532
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
5533
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
5534
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
5535
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
5536
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
5537
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
5538
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
5539
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
5540
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
5541
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
5542
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
5543
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
5544
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
5545
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
5546
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
5547
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
5548
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
5549
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
5550
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
5551
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
5552
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
5553
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
5554
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
5555
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
5556
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
5557
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
5558
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
5559
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
5560
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
5561
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
5562
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
5563
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
5564
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
5565
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
5566
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
5567
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
5568
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
5569
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
5570
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
5571
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
5572
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
5573
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
5574
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
5575
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
5576
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
5577
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
5578
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
5579
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
5580
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
5581
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
5582
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
5583
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
5584
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
5585
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
5586
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
5587
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
5588
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
5589
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
5590
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
5591
};
5592
uint32_t request1_len = sizeof(request1);
5593
5594
uint8_t request2[] = {
5595
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
5596
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5597
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
5598
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
5599
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
5600
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
5601
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
5602
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
5603
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
5604
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
5605
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
5606
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
5607
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
5608
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
5609
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
5610
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
5611
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
5612
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
5613
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
5614
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
5615
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
5616
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
5617
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
5618
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
5619
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
5620
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
5621
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
5622
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
5623
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
5624
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
5625
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
5626
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
5627
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
5628
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
5629
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
5630
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
5631
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
5632
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
5633
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
5634
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
5635
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
5636
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
5637
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
5638
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
5639
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
5640
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
5641
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
5642
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
5643
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
5644
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
5645
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
5646
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
5647
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
5648
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
5649
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
5650
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
5651
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
5652
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
5653
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
5654
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
5655
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
5656
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
5657
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
5658
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
5659
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
5660
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
5661
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
5662
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
5663
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
5664
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
5665
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
5666
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
5667
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
5668
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
5669
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
5670
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
5671
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
5672
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
5673
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
5674
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
5675
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
5676
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
5677
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
5678
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
5679
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
5680
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
5681
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
5682
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
5683
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
5684
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
5685
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
5686
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
5687
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
5688
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
5689
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
5690
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
5691
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
5692
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
5693
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
5694
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
5695
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
5696
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
5697
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
5698
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
5699
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
5700
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
5701
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
5702
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
5703
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
5704
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
5705
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
5706
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
5707
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
5708
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
5709
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
5710
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
5711
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
5712
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
5713
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
5714
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
5715
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
5716
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
5717
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
5718
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
5719
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
5720
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
5721
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
5722
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
5723
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
5724
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
5725
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
5726
};
5727
uint32_t request2_len = sizeof(request2);
5728
5729
TcpSession ssn;
5730
Packet p[2];
5731
ThreadVars tv;
5732
DetectEngineCtx *de_ctx = NULL;
5733
DetectEngineThreadCtx *det_ctx = NULL;
5734
Flow f;
5735
int r;
5736
int i = 0;
5737
5738
char *sig1 = "alert tcp any any -> any any "
5739
"(dce_stub_data; content:|af, 26, d0|; content:|80 98 6d|; "
5740
"distance:1; within:3; sid:1;)";
5741
5742
Signature *s;
5743
5744
memset(&tv, 0, sizeof(ThreadVars));
5745
memset(&f, 0, sizeof(Flow));
5746
memset(&ssn, 0, sizeof(TcpSession));
5747
5748
for (i = 0; i < 2; i++) {
5749
memset(&p[i], 0, sizeof(Packet));
5750
p[i].src.family = AF_INET;
5751
p[i].dst.family = AF_INET;
5752
p[i].payload = NULL;
5753
p[i].payload_len = 0;
5754
p[i].proto = IPPROTO_TCP;
5755
p[i].flow = &f;
5756
p[i].flowflags |= FLOW_PKT_TOSERVER;
5757
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
5758
}
5759
5760
FLOW_INITIALIZE(&f);
5761
f.protoctx = (void *)&ssn;
5762
f.src.family = AF_INET;
5763
f.dst.family = AF_INET;
5764
f.alproto = ALPROTO_DCERPC;
5765
5766
StreamTcpInitConfig(TRUE);
5767
FlowL7DataPtrInit(&f);
5768
5769
de_ctx = DetectEngineCtxInit();
5770
if (de_ctx == NULL)
5771
goto end;
5772
de_ctx->flags |= DE_QUIET;
5773
5774
de_ctx->sig_list = SigInit(de_ctx, sig1);
5775
s = de_ctx->sig_list;
5776
if (s == NULL)
5777
goto end;
5778
5779
SigGroupBuild(de_ctx);
5780
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
5781
5782
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
5783
if (r != 0) {
5784
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
5785
result = 0;
5786
goto end;
5787
}
5788
/* detection phase */
5789
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
5790
if ((PacketAlertCheck(&p[0], 1))) {
5791
printf("sid 1 matched but shouldn't have for packet 0: ");
5792
goto end;
5793
}
5794
5795
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
5796
if (r != 0) {
5797
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
5798
result = 0;
5799
goto end;
5800
}
5801
/* detection phase */
5802
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
5803
if (!(PacketAlertCheck(&p[1], 1))) {
5804
printf("sid 1 didn't match but should have for pacekt 1: ");
5805
goto end;
5806
}
5807
5808
result = 1;
5809
5810
end:
5811
if (de_ctx != NULL) {
5812
SigGroupCleanup(de_ctx);
5813
SigCleanSignatures(de_ctx);
5814
5815
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
5816
DetectEngineCtxFree(de_ctx);
5817
}
5818
5819
FlowL7DataPtrFree(&f);
5820
StreamTcpFreeConfig(TRUE);
5821
5822
return result;
5823
}
5824
5825
/**
5826
* \test Negative test the working of contents on stub data with invalid
5827
* distance.
5828
*/
5829
int DcePayloadTest12(void)
5830
{
5831
int result = 0;
5832
5833
uint8_t request1[] = {
5834
0x05, 0x00, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00,
5835
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5836
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
5837
0xad, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5838
0xad, 0x0d, 0x00, 0x00, 0x91, 0xfc, 0x27, 0x40,
5839
0x4a, 0x97, 0x4a, 0x98, 0x4b, 0x41, 0x3f, 0x48,
5840
0x99, 0x90, 0xf8, 0x27, 0xfd, 0x3f, 0x27, 0x37,
5841
0x40, 0xd6, 0x27, 0xfc, 0x3f, 0x9f, 0x4f, 0xfd,
5842
0x42, 0x47, 0x47, 0x49, 0x3f, 0xf9, 0x9b, 0xd6,
5843
0x48, 0x37, 0x27, 0x46, 0x93, 0x49, 0xfd, 0x93,
5844
0x91, 0xfd, 0x93, 0x90, 0x92, 0x96, 0xf5, 0x92,
5845
0x4e, 0x91, 0x98, 0x46, 0x4f, 0x4b, 0x46, 0xf5,
5846
0xf5, 0xfd, 0x40, 0xf9, 0x9b, 0x40, 0x9f, 0x93,
5847
0x4e, 0xf8, 0x40, 0x40, 0x4e, 0xf5, 0x4b, 0x98,
5848
0xf5, 0x91, 0xd6, 0x42, 0x99, 0x96, 0x27, 0x49,
5849
0x48, 0x47, 0x4f, 0x46, 0x99, 0x4b, 0x92, 0x92,
5850
0x90, 0x47, 0x46, 0x4e, 0x43, 0x9b, 0x43, 0x42,
5851
0x3f, 0x4b, 0x27, 0x97, 0x93, 0xf9, 0x42, 0x9b,
5852
0x46, 0x9b, 0x4b, 0x98, 0x41, 0x98, 0x37, 0x41,
5853
0x9f, 0x98, 0x4e, 0x93, 0x48, 0x46, 0x46, 0x9f,
5854
0x97, 0x9b, 0x42, 0x37, 0x90, 0x46, 0xf9, 0x97,
5855
0x91, 0xf5, 0x4e, 0x97, 0x4e, 0x99, 0xf8, 0x99,
5856
0x41, 0xf5, 0x41, 0x9f, 0x49, 0xfd, 0x92, 0x96,
5857
0x3f, 0x3f, 0x42, 0x27, 0x27, 0x93, 0x47, 0x49,
5858
0x91, 0x27, 0x27, 0x40, 0x42, 0x99, 0x9f, 0xfc,
5859
0x97, 0x47, 0x99, 0x4a, 0xf9, 0x3f, 0x48, 0x91,
5860
0x47, 0x97, 0x91, 0x42, 0x4b, 0x9b, 0x4a, 0x48,
5861
0x9f, 0x43, 0x43, 0x40, 0x99, 0xf9, 0x48, 0x4e,
5862
0x92, 0x93, 0x92, 0x41, 0x46, 0x4b, 0x4a, 0x4a,
5863
0x49, 0x96, 0x4a, 0x4f, 0xf5, 0x42, 0x47, 0x98,
5864
0x9b, 0xf5, 0x91, 0xf9, 0xd6, 0x9b, 0x48, 0x4e,
5865
0x9f, 0x91, 0xd6, 0x93, 0x4b, 0x37, 0x3f, 0x43,
5866
0xf5, 0x41, 0x41, 0xf5, 0x37, 0x4f, 0x43, 0x92,
5867
0x97, 0x27, 0x93, 0x92, 0x46, 0x47, 0x4b, 0x96,
5868
0x41, 0x90, 0x90, 0x3f, 0x96, 0x27, 0x41, 0xd6,
5869
0xd6, 0xd6, 0xf9, 0xf8, 0x47, 0x27, 0x46, 0x37,
5870
0x41, 0x90, 0x91, 0xfc, 0x46, 0x41, 0x43, 0x97,
5871
0x9f, 0x4a, 0x49, 0x92, 0x41, 0x91, 0x41, 0x92,
5872
0x42, 0x4a, 0x3f, 0x93, 0x99, 0x9b, 0x9f, 0x4e,
5873
0x47, 0x93, 0xd6, 0x37, 0x37, 0x40, 0x98, 0xfd,
5874
0x41, 0x42, 0x97, 0x4e, 0x4e, 0x98, 0x9f, 0x4e,
5875
0x48, 0x3f, 0x48, 0x42, 0x96, 0x9f, 0x99, 0x4f,
5876
0x4e, 0x42, 0x97, 0xf9, 0x3f, 0x37, 0x27, 0x46,
5877
0x41, 0xf9, 0x92, 0x96, 0x41, 0x93, 0x91, 0x4b,
5878
0x96, 0x4f, 0x43, 0xfd, 0xf5, 0x9f, 0x43, 0x27,
5879
0x99, 0xd6, 0xf5, 0x4e, 0xfd, 0x97, 0x4b, 0x47,
5880
0x47, 0x92, 0x98, 0x4f, 0x47, 0x49, 0x37, 0x97,
5881
0x3f, 0x4e, 0x40, 0x46, 0x4e, 0x9f, 0x4e, 0x4e,
5882
0xfc, 0x41, 0x47, 0xf8, 0x37, 0x9b, 0x41, 0x4e,
5883
0x96, 0x99, 0x46, 0x99, 0x46, 0xf9, 0x4e, 0x4f,
5884
0x48, 0x97, 0x97, 0x93, 0xd6, 0x9b, 0x41, 0x40,
5885
0x97, 0x97, 0x4f, 0x92, 0x91, 0xd6, 0x96, 0x40,
5886
0x4f, 0x4b, 0x91, 0x46, 0x27, 0x92, 0x3f, 0xf5,
5887
0xfc, 0x3f, 0x91, 0x97, 0xf8, 0x43, 0x4e, 0xfd,
5888
0x9b, 0x27, 0xfd, 0x9b, 0xf5, 0x27, 0x47, 0x42,
5889
0x46, 0x93, 0x37, 0x93, 0x91, 0x91, 0x91, 0xf8,
5890
0x4f, 0x92, 0x4f, 0xf8, 0x93, 0xf5, 0x49, 0x91,
5891
0x4b, 0x3f, 0xfc, 0x37, 0x4f, 0x46, 0x98, 0x97,
5892
0x9f, 0x40, 0xfd, 0x9f, 0x98, 0xfd, 0x4e, 0x97,
5893
0x4f, 0x47, 0x91, 0x27, 0x4a, 0x90, 0x96, 0x40,
5894
0x98, 0x97, 0x41, 0x3f, 0xd6, 0xfd, 0x41, 0xfd,
5895
0x42, 0x97, 0x4b, 0x9b, 0x46, 0x4e, 0xfc, 0x96,
5896
0xf9, 0x37, 0x4b, 0x96, 0x9f, 0x9b, 0x42, 0x9f,
5897
0x93, 0x40, 0x42, 0x43, 0xf5, 0x93, 0x48, 0x3f,
5898
0x4b, 0xfd, 0x9f, 0x4b, 0x41, 0x4a, 0x90, 0x9b,
5899
0x46, 0x97, 0x98, 0x96, 0x9b, 0x98, 0x92, 0xd6,
5900
0x4e, 0x4a, 0x27, 0x90, 0x96, 0x99, 0x91, 0x46,
5901
0x49, 0x41, 0x4b, 0x90, 0x43, 0x91, 0xd6, 0x48,
5902
0x42, 0x90, 0x4f, 0x96, 0x43, 0x9b, 0xf9, 0x9b,
5903
0x9f, 0x9f, 0x27, 0x47, 0x4b, 0xf5, 0x43, 0x99,
5904
0x99, 0x91, 0x4e, 0x41, 0x42, 0x46, 0x97, 0x46,
5905
0x47, 0xf9, 0xf5, 0x48, 0x4a, 0xf8, 0x4e, 0xd6,
5906
0x43, 0x4a, 0x27, 0x9b, 0x42, 0x90, 0x46, 0x46,
5907
0x3f, 0x99, 0x96, 0x9b, 0x91, 0x9f, 0xf5, 0x48,
5908
0x43, 0x9f, 0x4a, 0x99, 0x96, 0xfd, 0x92, 0x49,
5909
0x46, 0x91, 0x40, 0xfd, 0x4a, 0x48, 0x4f, 0x90,
5910
0x91, 0x98, 0x48, 0x4b, 0x9f, 0x42, 0x27, 0x93,
5911
0x47, 0xf8, 0x4f, 0x48, 0x3f, 0x90, 0x47, 0x41,
5912
0xf5, 0xfc, 0x27, 0xf8, 0x97, 0x4a, 0x49, 0x37,
5913
0x40, 0x4f, 0x40, 0x37, 0x41, 0x27, 0x96, 0x37,
5914
0xfc, 0x42, 0xd6, 0x4b, 0x48, 0x37, 0x42, 0xf5,
5915
0x27, 0xf9, 0xd6, 0x48, 0x9b, 0xfd, 0x40, 0x96,
5916
0x4e, 0x43, 0xf8, 0x90, 0x40, 0x40, 0x49, 0x3f,
5917
0xfc, 0x4a, 0x42, 0x47, 0xf8, 0x49, 0x42, 0x97,
5918
0x4f, 0x91, 0xfd, 0x4b, 0x46, 0x4b, 0xfc, 0x48,
5919
0x49, 0x96, 0x4b, 0x96, 0x43, 0x9f, 0x90, 0x37,
5920
0xd6, 0x4a, 0xd6, 0x3f, 0xd6, 0x90, 0x49, 0x27,
5921
0x4e, 0x96, 0x96, 0xf8, 0x49, 0x96, 0xf8, 0x37,
5922
0x90, 0x4e, 0x4b, 0x4f, 0x99, 0xf8, 0x6a, 0x52,
5923
0x59, 0xd9, 0xee, 0xd9, 0x74, 0x24, 0xf4, 0x5b,
5924
0x81, 0x73, 0x13, 0x30, 0x50, 0xf0, 0x82, 0x83,
5925
0xeb, 0xfc, 0xe2, 0xf4, 0xb1, 0x94, 0x0f, 0x6d,
5926
0xcf, 0xaf, 0xb4, 0x7e, 0x5a, 0xbb, 0xbf, 0x6a,
5927
0xc9, 0xaf, 0x0f, 0x7d, 0x50, 0xdb, 0x9c, 0xa6,
5928
0x14, 0xdb, 0xb5, 0xbe, 0xbb, 0x2c, 0xf5, 0xfa,
5929
0x31, 0xbf, 0x7b, 0xcd, 0x28, 0xdb, 0xaf, 0xa2,
5930
0x31, 0xbb, 0x13, 0xb2, 0x79, 0xdb, 0xc4, 0x09,
5931
0x31, 0xbe, 0xc1, 0x42, 0xa9, 0xfc, 0x74, 0x42,
5932
0x44, 0x57, 0x31, 0x48, 0x3d, 0x51, 0x32, 0x69,
5933
0xc4, 0x6b, 0xa4, 0xa6, 0x18, 0x25, 0x13, 0x09,
5934
0x6f, 0x74, 0xf1, 0x69, 0x56, 0xdb, 0xfc, 0xc9,
5935
0xbb, 0x0f, 0xec, 0x83, 0xdb, 0x53, 0xdc, 0x09,
5936
0xb9, 0x3c, 0xd4, 0x9e, 0x51, 0x93, 0xc1, 0x42,
5937
0x54, 0xdb, 0xb0, 0xb2, 0xbb, 0x10, 0xfc, 0x09,
5938
0x40, 0x4c, 0x5d, 0x09, 0x70, 0x58, 0xae, 0xea,
5939
0xbe, 0x1e, 0xfe, 0x6e, 0x60, 0xaf, 0x26, 0xb3,
5940
0xeb, 0x36, 0xa3, 0xe4, 0x58, 0x63, 0xc2, 0xea,
5941
0x47, 0x23, 0xc2, 0xdd, 0x64, 0xaf, 0x20, 0xea,
5942
0xfb, 0xbd, 0x0c, 0xb9, 0x60, 0xaf, 0x26, 0xdd,
5943
0xb9, 0xb5, 0x96, 0x03, 0xdd, 0x58, 0xf2, 0xd7,
5944
0x5a, 0x52, 0x0f, 0x52, 0x58, 0x89, 0xf9, 0x77,
5945
0x9d, 0x07, 0x0f, 0x54, 0x63, 0x03, 0xa3, 0xd1,
5946
0x63, 0x13, 0xa3, 0xc1, 0x63, 0xaf, 0x20, 0xe4,
5947
0x58, 0x41, 0xac, 0xe4, 0x63, 0xd9, 0x11, 0x17,
5948
0x58, 0xf4, 0xea, 0xf2, 0xf7, 0x07, 0x0f, 0x54,
5949
0x5a, 0x40, 0xa1, 0xd7, 0xcf, 0x80, 0x98, 0x26,
5950
0x9d, 0x7e, 0x19, 0xd5, 0xcf, 0x86, 0xa3, 0xd7,
5951
0xcf, 0x80, 0x98, 0x67, 0x79, 0xd6, 0xb9, 0xd5,
5952
0xcf, 0x86, 0xa0, 0xd6, 0x64, 0x05, 0x0f, 0x52,
5953
0xa3, 0x38, 0x17, 0xfb, 0xf6, 0x29, 0xa7, 0x7d,
5954
0xe6, 0x05, 0x0f, 0x52, 0x56, 0x3a, 0x94, 0xe4,
5955
0x58, 0x33, 0x9d, 0x0b, 0xd5, 0x3a, 0xa0, 0xdb,
5956
0x19, 0x9c, 0x79, 0x65, 0x5a, 0x14, 0x79, 0x60,
5957
0x01, 0x90, 0x03, 0x28, 0xce, 0x12, 0xdd, 0x7c,
5958
0x72, 0x7c, 0x63, 0x0f, 0x4a, 0x68, 0x5b, 0x29,
5959
0x9b, 0x38, 0x82, 0x7c, 0x83, 0x46, 0x0f, 0xf7,
5960
0x74, 0xaf, 0x26, 0xd9, 0x67, 0x02, 0xa1, 0xd3,
5961
0x61, 0x3a, 0xf1, 0xd3, 0x61, 0x05, 0xa1, 0x7d,
5962
0xe0, 0x38, 0x5d, 0x5b, 0x35, 0x9e, 0xa3, 0x7d,
5963
0xe6, 0x3a, 0x0f, 0x7d, 0x07, 0xaf, 0x20, 0x09,
5964
0x67, 0xac, 0x73, 0x46, 0x54, 0xaf, 0x26, 0xd0
5965
};
5966
uint32_t request1_len = sizeof(request1);
5967
5968
uint8_t request2[] = {
5969
0x05, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
5970
0x18, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5971
0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00,
5972
0xcf, 0x80, 0x98, 0x6d, 0xfe, 0xb0, 0x90, 0xd1,
5973
0xcf, 0x86, 0x0f, 0x52, 0x2c, 0x23, 0x66, 0x28,
5974
0x27, 0x30, 0x48, 0x55, 0x42, 0x6a, 0x48, 0x4b,
5975
0x68, 0x22, 0x2e, 0x23, 0x64, 0x33, 0x2c, 0x2d,
5976
0x5c, 0x51, 0x48, 0x55, 0x24, 0x67, 0x6c, 0x4c,
5977
0x45, 0x71, 0x35, 0x72, 0x5a, 0x48, 0x5e, 0x35,
5978
0x61, 0x78, 0x35, 0x42, 0x2c, 0x7a, 0x75, 0x61,
5979
0x5b, 0x4e, 0x76, 0x30, 0x26, 0x2f, 0x2a, 0x34,
5980
0x48, 0x29, 0x25, 0x6e, 0x5c, 0x3a, 0x6c, 0x3e,
5981
0x79, 0x4e, 0x2a, 0x21, 0x6f, 0x6f, 0x34, 0x46,
5982
0x43, 0x26, 0x5b, 0x35, 0x78, 0x27, 0x69, 0x23,
5983
0x72, 0x21, 0x69, 0x56, 0x6a, 0x7d, 0x4b, 0x5e,
5984
0x65, 0x37, 0x60, 0x44, 0x7c, 0x5d, 0x5b, 0x72,
5985
0x7d, 0x73, 0x7b, 0x47, 0x57, 0x21, 0x41, 0x38,
5986
0x76, 0x38, 0x76, 0x5c, 0x58, 0x32, 0x4a, 0x37,
5987
0x2f, 0x40, 0x4b, 0x4c, 0x3d, 0x41, 0x33, 0x56,
5988
0x73, 0x38, 0x61, 0x71, 0x24, 0x49, 0x4c, 0x4a,
5989
0x44, 0x2e, 0x3a, 0x3f, 0x74, 0x54, 0x4c, 0x65,
5990
0x54, 0x2d, 0x3b, 0x28, 0x41, 0x45, 0x49, 0x2c,
5991
0x6e, 0x48, 0x44, 0x43, 0x37, 0x3d, 0x7b, 0x6d,
5992
0x2b, 0x4b, 0x32, 0x5a, 0x31, 0x61, 0x6e, 0x2b,
5993
0x27, 0x50, 0x6b, 0x66, 0x76, 0x4e, 0x55, 0x35,
5994
0x2b, 0x72, 0x2d, 0x5e, 0x42, 0x3e, 0x5a, 0x5d,
5995
0x36, 0x45, 0x32, 0x3a, 0x58, 0x78, 0x78, 0x3e,
5996
0x60, 0x6c, 0x5d, 0x63, 0x41, 0x7c, 0x52, 0x21,
5997
0x75, 0x6a, 0x5a, 0x70, 0x55, 0x45, 0x76, 0x58,
5998
0x33, 0x40, 0x38, 0x39, 0x21, 0x37, 0x7d, 0x77,
5999
0x21, 0x70, 0x2b, 0x72, 0x29, 0x6a, 0x31, 0x5f,
6000
0x38, 0x4a, 0x66, 0x65, 0x62, 0x2c, 0x39, 0x52,
6001
0x5f, 0x2a, 0x2b, 0x63, 0x4f, 0x76, 0x43, 0x25,
6002
0x6a, 0x50, 0x37, 0x52, 0x5e, 0x23, 0x3c, 0x42,
6003
0x28, 0x75, 0x75, 0x42, 0x25, 0x23, 0x28, 0x56,
6004
0x6c, 0x46, 0x5c, 0x5e, 0x6b, 0x7d, 0x48, 0x24,
6005
0x77, 0x6c, 0x70, 0x62, 0x2e, 0x28, 0x7d, 0x6b,
6006
0x69, 0x4a, 0x75, 0x3d, 0x5d, 0x56, 0x21, 0x49,
6007
0x56, 0x47, 0x64, 0x2b, 0x4c, 0x52, 0x43, 0x60,
6008
0x77, 0x49, 0x46, 0x46, 0x33, 0x2c, 0x4b, 0x4b,
6009
0x3d, 0x63, 0x5d, 0x33, 0x78, 0x76, 0x51, 0x56,
6010
0x77, 0x3c, 0x72, 0x74, 0x52, 0x27, 0x40, 0x6c,
6011
0x42, 0x79, 0x49, 0x24, 0x62, 0x5e, 0x26, 0x31,
6012
0x5c, 0x22, 0x2b, 0x4c, 0x64, 0x49, 0x52, 0x45,
6013
0x47, 0x49, 0x3a, 0x2a, 0x51, 0x71, 0x22, 0x22,
6014
0x70, 0x24, 0x34, 0x67, 0x4b, 0x6d, 0x58, 0x29,
6015
0x63, 0x26, 0x7b, 0x6f, 0x38, 0x78, 0x25, 0x62,
6016
0x4d, 0x3a, 0x7d, 0x40, 0x23, 0x57, 0x67, 0x33,
6017
0x38, 0x31, 0x4e, 0x54, 0x3c, 0x4b, 0x48, 0x69,
6018
0x3c, 0x39, 0x31, 0x2b, 0x26, 0x70, 0x44, 0x66,
6019
0x4a, 0x37, 0x2b, 0x75, 0x36, 0x45, 0x59, 0x34,
6020
0x3e, 0x3e, 0x29, 0x70, 0x71, 0x5a, 0x55, 0x49,
6021
0x3e, 0x4b, 0x68, 0x4e, 0x75, 0x70, 0x3c, 0x5c,
6022
0x50, 0x58, 0x28, 0x75, 0x3c, 0x2a, 0x41, 0x70,
6023
0x2f, 0x2b, 0x37, 0x26, 0x75, 0x71, 0x55, 0x22,
6024
0x3a, 0x44, 0x30, 0x48, 0x5d, 0x2f, 0x6c, 0x44,
6025
0x28, 0x4b, 0x34, 0x45, 0x21, 0x60, 0x44, 0x36,
6026
0x7b, 0x32, 0x39, 0x5f, 0x6d, 0x3f, 0x68, 0x73,
6027
0x25, 0x45, 0x56, 0x7c, 0x78, 0x7a, 0x49, 0x6a,
6028
0x46, 0x3d, 0x2d, 0x33, 0x6c, 0x6f, 0x23, 0x77,
6029
0x38, 0x33, 0x36, 0x74, 0x7b, 0x57, 0x4b, 0x6d,
6030
0x27, 0x75, 0x24, 0x6e, 0x43, 0x61, 0x4d, 0x44,
6031
0x6d, 0x27, 0x48, 0x58, 0x5e, 0x7b, 0x26, 0x6a,
6032
0x50, 0x7c, 0x51, 0x23, 0x3c, 0x4f, 0x37, 0x4c,
6033
0x47, 0x3e, 0x45, 0x56, 0x22, 0x33, 0x7c, 0x66,
6034
0x35, 0x54, 0x7a, 0x6e, 0x5a, 0x24, 0x70, 0x62,
6035
0x29, 0x3f, 0x69, 0x79, 0x24, 0x43, 0x41, 0x24,
6036
0x65, 0x25, 0x62, 0x4f, 0x73, 0x3e, 0x2b, 0x36,
6037
0x46, 0x69, 0x27, 0x55, 0x2a, 0x6e, 0x24, 0x6c,
6038
0x7d, 0x64, 0x7c, 0x61, 0x26, 0x67, 0x2a, 0x53,
6039
0x73, 0x60, 0x28, 0x2d, 0x6b, 0x44, 0x54, 0x61,
6040
0x34, 0x53, 0x22, 0x59, 0x6d, 0x73, 0x56, 0x55,
6041
0x25, 0x2c, 0x38, 0x4a, 0x3b, 0x4e, 0x78, 0x46,
6042
0x54, 0x6e, 0x6d, 0x4f, 0x47, 0x4f, 0x4f, 0x5a,
6043
0x67, 0x77, 0x39, 0x66, 0x28, 0x29, 0x4e, 0x43,
6044
0x55, 0x6e, 0x60, 0x59, 0x28, 0x3b, 0x65, 0x62,
6045
0x61, 0x5a, 0x29, 0x6e, 0x79, 0x60, 0x41, 0x53,
6046
0x2f, 0x5d, 0x44, 0x36, 0x7b, 0x3e, 0x7c, 0x2b,
6047
0x77, 0x36, 0x70, 0x3f, 0x40, 0x55, 0x48, 0x67,
6048
0x4b, 0x4d, 0x5d, 0x51, 0x79, 0x76, 0x48, 0x4a,
6049
0x2d, 0x21, 0x60, 0x40, 0x46, 0x55, 0x7a, 0x60,
6050
0x22, 0x25, 0x3f, 0x4b, 0x54, 0x6a, 0x6a, 0x3c,
6051
0x77, 0x22, 0x5b, 0x43, 0x67, 0x58, 0x71, 0x22,
6052
0x79, 0x4b, 0x32, 0x61, 0x44, 0x4d, 0x6f, 0x42,
6053
0x33, 0x2d, 0x53, 0x35, 0x3d, 0x6f, 0x57, 0x48,
6054
0x33, 0x3b, 0x5a, 0x53, 0x3f, 0x4e, 0x3f, 0x6b,
6055
0x4c, 0x27, 0x26, 0x3b, 0x73, 0x49, 0x22, 0x55,
6056
0x79, 0x2f, 0x47, 0x2f, 0x55, 0x5a, 0x7a, 0x71,
6057
0x6c, 0x31, 0x43, 0x40, 0x56, 0x7b, 0x21, 0x7a,
6058
0x6d, 0x4c, 0x43, 0x5e, 0x38, 0x47, 0x29, 0x38,
6059
0x62, 0x49, 0x45, 0x78, 0x70, 0x2b, 0x2e, 0x65,
6060
0x47, 0x71, 0x58, 0x79, 0x39, 0x67, 0x7d, 0x6d,
6061
0x6a, 0x67, 0x4a, 0x71, 0x27, 0x35, 0x2a, 0x4c,
6062
0x3e, 0x58, 0x55, 0x30, 0x4d, 0x75, 0x77, 0x48,
6063
0x5f, 0x4b, 0x59, 0x34, 0x65, 0x68, 0x57, 0x59,
6064
0x63, 0x23, 0x47, 0x38, 0x47, 0x5e, 0x56, 0x28,
6065
0x79, 0x58, 0x3e, 0x39, 0x66, 0x77, 0x67, 0x33,
6066
0x29, 0x61, 0x24, 0x7d, 0x37, 0x44, 0x37, 0x67,
6067
0x3a, 0x58, 0x76, 0x21, 0x51, 0x59, 0x61, 0x73,
6068
0x66, 0x75, 0x71, 0x53, 0x4d, 0x24, 0x2d, 0x4b,
6069
0x29, 0x30, 0x32, 0x26, 0x59, 0x64, 0x27, 0x55,
6070
0x2c, 0x5a, 0x4c, 0x3c, 0x6c, 0x53, 0x56, 0x4b,
6071
0x3e, 0x55, 0x2e, 0x44, 0x38, 0x6b, 0x47, 0x76,
6072
0x2d, 0x2c, 0x3f, 0x4d, 0x22, 0x7b, 0x6d, 0x61,
6073
0x34, 0x6b, 0x50, 0x73, 0x28, 0x6d, 0x41, 0x71,
6074
0x21, 0x76, 0x52, 0x2a, 0x6d, 0x53, 0x2a, 0x74,
6075
0x28, 0x27, 0x62, 0x2a, 0x66, 0x25, 0x6e, 0x5e,
6076
0x37, 0x4f, 0x27, 0x72, 0x28, 0x47, 0x63, 0x6e,
6077
0x5a, 0x6a, 0x41, 0x35, 0x3a, 0x42, 0x3f, 0x27,
6078
0x75, 0x3e, 0x26, 0x3e, 0x6b, 0x55, 0x59, 0x60,
6079
0x24, 0x70, 0x49, 0x3c, 0x4e, 0x2c, 0x39, 0x7a,
6080
0x36, 0x6c, 0x27, 0x3e, 0x6a, 0x4a, 0x59, 0x5a,
6081
0x3e, 0x21, 0x73, 0x4e, 0x59, 0x6e, 0x3d, 0x32,
6082
0x27, 0x45, 0x49, 0x58, 0x7d, 0x37, 0x39, 0x77,
6083
0x28, 0x51, 0x79, 0x54, 0x2b, 0x78, 0x46, 0x5a,
6084
0x21, 0x75, 0x33, 0x21, 0x63, 0x5a, 0x7b, 0x3e,
6085
0x33, 0x4f, 0x67, 0x75, 0x3a, 0x50, 0x48, 0x60,
6086
0x26, 0x64, 0x76, 0x5c, 0x42, 0x5c, 0x72, 0x38,
6087
0x6c, 0x52, 0x21, 0x2b, 0x25, 0x6b, 0x7c, 0x6b,
6088
0x2d, 0x5e, 0x63, 0x2a, 0x4c, 0x26, 0x5b, 0x4c,
6089
0x58, 0x52, 0x51, 0x55, 0x31, 0x79, 0x6c, 0x53,
6090
0x62, 0x3a, 0x36, 0x46, 0x7a, 0x29, 0x27, 0x78,
6091
0x1a, 0xbf, 0x49, 0x74, 0x68, 0x24, 0x51, 0x44,
6092
0x5b, 0x3e, 0x34, 0x44, 0x29, 0x5e, 0x4f, 0x2a,
6093
0xe9, 0x3f, 0xf8, 0xff, 0xff, 0x52, 0x7d, 0x47,
6094
0x67, 0x40, 0x27, 0x5e, 0x47, 0x46, 0x6d, 0x72,
6095
0x5d, 0x49, 0x26, 0x45, 0x33, 0x6b, 0x4d, 0x4a,
6096
0x6f, 0x62, 0x60, 0x45, 0x62, 0x27, 0x27, 0x7d,
6097
0x6a, 0x41, 0x2c, 0x6c, 0x5b, 0x2a, 0x2b, 0x36,
6098
0x29, 0x58, 0x7a, 0x4c, 0x6e, 0x2d, 0x74, 0x5c,
6099
0x38, 0x22, 0x5f, 0x49, 0x63, 0x43, 0x5b, 0x67
6100
};
6101
uint32_t request2_len = sizeof(request2);
6102
6103
TcpSession ssn;
6104
Packet p[2];
6105
ThreadVars tv;
6106
DetectEngineCtx *de_ctx = NULL;
6107
DetectEngineThreadCtx *det_ctx = NULL;
6108
Flow f;
6109
int r;
6110
int i = 0;
6111
6112
char *sig1 = "alert tcp any any -> any any "
6113
"(dce_stub_data; content:|af, 26, d0|; content:|80 98 6d|; "
6114
"distance:2; within:3; sid:1;)";
6115
6116
Signature *s;
6117
6118
memset(&tv, 0, sizeof(ThreadVars));
6119
memset(&f, 0, sizeof(Flow));
6120
memset(&ssn, 0, sizeof(TcpSession));
6121
6122
for (i = 0; i < 2; i++) {
6123
memset(&p[i], 0, sizeof(Packet));
6124
p[i].src.family = AF_INET;
6125
p[i].dst.family = AF_INET;
6126
p[i].payload = NULL;
6127
p[i].payload_len = 0;
6128
p[i].proto = IPPROTO_TCP;
6129
p[i].flow = &f;
6130
p[i].flowflags |= FLOW_PKT_TOSERVER;
6131
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
6132
}
6133
6134
FLOW_INITIALIZE(&f);
6135
f.protoctx = (void *)&ssn;
6136
f.src.family = AF_INET;
6137
f.dst.family = AF_INET;
6138
f.alproto = ALPROTO_DCERPC;
6139
6140
StreamTcpInitConfig(TRUE);
6141
FlowL7DataPtrInit(&f);
6142
6143
de_ctx = DetectEngineCtxInit();
6144
if (de_ctx == NULL)
6145
goto end;
6146
de_ctx->flags |= DE_QUIET;
6147
6148
de_ctx->sig_list = SigInit(de_ctx, sig1);
6149
s = de_ctx->sig_list;
6150
if (s == NULL)
6151
goto end;
6152
6153
SigGroupBuild(de_ctx);
6154
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
6155
6156
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
6157
if (r != 0) {
6158
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6159
result = 0;
6160
goto end;
6161
}
6162
/* detection phase */
6163
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
6164
if ((PacketAlertCheck(&p[0], 1))) {
6165
printf("sid 1 matched but shouldn't have for packet 0: ");
6166
goto end;
6167
}
6168
6169
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
6170
if (r != 0) {
6171
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6172
result = 0;
6173
goto end;
6174
}
6175
/* detection phase */
6176
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
6177
if ((PacketAlertCheck(&p[1], 1))) {
6178
printf("sid 1 matched but shouldn't have for packet 1: ");
6179
goto end;
6180
}
6181
6182
result = 1;
6183
6184
end:
6185
if (de_ctx != NULL) {
6186
SigGroupCleanup(de_ctx);
6187
SigCleanSignatures(de_ctx);
6188
6189
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
6190
DetectEngineCtxFree(de_ctx);
6191
}
6192
6193
FlowL7DataPtrFree(&f);
6194
StreamTcpFreeConfig(TRUE);
6195
6196
return result;
6197
}
6198
6199
6200
/**
6201
* \test Test the working of detection engien with respect to dce keywords.
6202
*/
6203
int DcePayloadTest13(void)
6204
{
6205
int result = 0;
6206
uint8_t request1[] = {
6207
0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
6208
0x24, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6209
0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
6210
0x2c, 0xfd, 0xb5, 0x00, 0x40, 0xaa, 0x01, 0x00,
6211
0x00, 0x00, 0x00, 0x02,
6212
};
6213
uint32_t request1_len = sizeof(request1);
6214
6215
uint8_t response1[] = {
6216
0x05, 0x00, 0x02, 0x03, 0x10, 0x00, 0x00, 0x00,
6217
0x30, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6218
0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6219
0x00, 0x00, 0x00, 0x00, 0xf6, 0x72, 0x28, 0x9c,
6220
0xf0, 0x57, 0xd8, 0x11, 0xb0, 0x05, 0x00, 0x0c,
6221
0x29, 0x87, 0xea, 0xe9, 0x00, 0x00, 0x00, 0x00,
6222
};
6223
uint32_t response1_len = sizeof(response1);
6224
6225
uint8_t request2[] = {
6226
0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
6227
0xa4, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
6228
0x8c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00,
6229
0x00, 0x00, 0x00, 0x00, 0xf6, 0x72, 0x28, 0x9c,
6230
0xf0, 0x57, 0xd8, 0x11, 0xb0, 0x05, 0x00, 0x0c,
6231
0x29, 0x87, 0xea, 0xe9, 0x5c, 0x00, 0x5c, 0x00,
6232
0xa8, 0xb9, 0x14, 0x00, 0x2e, 0x00, 0x00, 0x00,
6233
0x00, 0x00, 0x00, 0x00, 0x2e, 0x00, 0x00, 0x00,
6234
0x53, 0x00, 0x4f, 0x00, 0x46, 0x00, 0x54, 0x00,
6235
0x57, 0x00, 0x41, 0x00, 0x52, 0x00, 0x45, 0x00,
6236
0x5c, 0x00, 0x4d, 0x00, 0x69, 0x00, 0x63, 0x00,
6237
0x72, 0x00, 0x6f, 0x00, 0x73, 0x00, 0x6f, 0x00,
6238
0x66, 0x00, 0x74, 0x00, 0x5c, 0x00, 0x57, 0x00,
6239
0x69, 0x00, 0x6e, 0x00, 0x64, 0x00, 0x6f, 0x00,
6240
0x77, 0x00, 0x73, 0x00, 0x5c, 0x00, 0x43, 0x00,
6241
0x75, 0x00, 0x72, 0x00, 0x72, 0x00, 0x65, 0x00,
6242
0x6e, 0x00, 0x74, 0x00, 0x56, 0x00, 0x65, 0x00,
6243
0x72, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6f, 0x00,
6244
0x6e, 0x00, 0x5c, 0x00, 0x52, 0x00, 0x75, 0x00,
6245
0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6246
0x03, 0x00, 0x00, 0x00,
6247
};
6248
uint32_t request2_len = sizeof(request2);
6249
6250
uint8_t response2[] = {
6251
0x05, 0x00, 0x02, 0x03, 0x10, 0x00, 0x00, 0x00,
6252
0x30, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
6253
0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6254
0x00, 0x00, 0x00, 0x00, 0xf7, 0x72, 0x28, 0x9c,
6255
0xf0, 0x57, 0xd8, 0x11, 0xb0, 0x05, 0x00, 0x0c,
6256
0x29, 0x87, 0xea, 0xe9, 0x00, 0x00, 0x00, 0x00,
6257
};
6258
uint32_t response2_len = sizeof(response2);
6259
6260
uint8_t request3[] = {
6261
0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
6262
0x70, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
6263
0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x00,
6264
0x00, 0x00, 0x00, 0x00, 0xf7, 0x72, 0x28, 0x9c,
6265
0xf0, 0x57, 0xd8, 0x11, 0xb0, 0x05, 0x00, 0x0c,
6266
0x29, 0x87, 0xea, 0xe9, 0x0c, 0x00, 0x0c, 0x00,
6267
0x98, 0xda, 0x14, 0x00, 0x06, 0x00, 0x00, 0x00,
6268
0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
6269
0x4f, 0x00, 0x73, 0x00, 0x61, 0x00, 0x33, 0x00,
6270
0x32, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6271
0x18, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x54, 0x00,
6272
0x4f, 0x00, 0x53, 0x00, 0x41, 0x00, 0x33, 0x00,
6273
0x32, 0x00, 0x2e, 0x00, 0x45, 0x00, 0x58, 0x00,
6274
0x45, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
6275
};
6276
uint32_t request3_len = sizeof(request3);
6277
6278
uint8_t response3[] = {
6279
0x05, 0x00, 0x02, 0x03, 0x10, 0x00, 0x00, 0x00,
6280
0x1c, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
6281
0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6282
0x00, 0x00, 0x00, 0x00,
6283
};
6284
uint32_t response3_len = sizeof(response3);
6285
6286
TcpSession ssn;
6287
Packet p[8];
6288
ThreadVars tv;
6289
DetectEngineCtx *de_ctx = NULL;
6290
DetectEngineThreadCtx *det_ctx = NULL;
6291
Flow f;
6292
int r;
6293
int i = 0;
6294
6295
char *sig1 = "alert tcp any any -> any any "
6296
"(dce_stub_data; sid:1;)";
6297
6298
Signature *s;
6299
6300
memset(&tv, 0, sizeof(ThreadVars));
6301
memset(&f, 0, sizeof(Flow));
6302
memset(&ssn, 0, sizeof(TcpSession));
6303
6304
/* let the 7 and the 8th packet be dummy packets the client sends to the server */
6305
for (i = 0; i < 8; i++) {
6306
memset(&p[i], 0, sizeof(Packet));
6307
p[i].src.family = AF_INET;
6308
p[i].dst.family = AF_INET;
6309
p[i].payload = NULL;
6310
p[i].payload_len = 0;
6311
p[i].proto = IPPROTO_TCP;
6312
p[i].flow = &f;
6313
p[i].flowflags |= FLOW_PKT_TOSERVER;
6314
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
6315
}
6316
p[1].flowflags |= FLOW_PKT_TOCLIENT;
6317
p[1].flowflags &=~ FLOW_PKT_TOSERVER;
6318
p[3].flowflags |= FLOW_PKT_TOCLIENT;
6319
p[3].flowflags &=~ FLOW_PKT_TOSERVER;
6320
p[5].flowflags |= FLOW_PKT_TOCLIENT;
6321
p[5].flowflags &=~ FLOW_PKT_TOSERVER;
6322
6323
FLOW_INITIALIZE(&f);
6324
f.protoctx = (void *)&ssn;
6325
f.src.family = AF_INET;
6326
f.dst.family = AF_INET;
6327
f.alproto = ALPROTO_DCERPC;
6328
6329
StreamTcpInitConfig(TRUE);
6330
FlowL7DataPtrInit(&f);
6331
6332
de_ctx = DetectEngineCtxInit();
6333
if (de_ctx == NULL)
6334
goto end;
6335
de_ctx->flags |= DE_QUIET;
6336
6337
de_ctx->sig_list = SigInit(de_ctx, sig1);
6338
s = de_ctx->sig_list;
6339
if (s == NULL)
6340
goto end;
6341
6342
SigGroupBuild(de_ctx);
6343
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
6344
6345
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
6346
if (r != 0) {
6347
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6348
result = 0;
6349
goto end;
6350
}
6351
/* detection phase */
6352
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
6353
if (!(PacketAlertCheck(&p[0], 1))) {
6354
printf("sid 1 didn't match but should have for packet 0: ");
6355
goto end;
6356
}
6357
6358
/* detection phase */
6359
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[6]);
6360
if ((PacketAlertCheck(&p[6], 1))) {
6361
printf("sid 1 matched but shouldn't have for packet 6: ");
6362
goto end;
6363
}
6364
6365
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, response1, response1_len);
6366
if (r != 0) {
6367
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6368
result = 0;
6369
goto end;
6370
}
6371
/* detection phase */
6372
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
6373
if ((PacketAlertCheck(&p[1], 1))) {
6374
printf("sid 1 matched but shouldn't have for packet 1: ");
6375
goto end;
6376
}
6377
6378
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
6379
if (r != 0) {
6380
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6381
result = 0;
6382
goto end;
6383
}
6384
/* detection phase */
6385
/* we should have a match for the sig once again for the same flow, since
6386
* the detection engine state for the flow has been reset because of a
6387
* fresh transaction */
6388
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
6389
if (!(PacketAlertCheck(&p[2], 1))) {
6390
printf("sid 1 didn't match but should have for packet 2: ");
6391
goto end;
6392
}
6393
6394
/* detection phase */
6395
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[7]);
6396
if ((PacketAlertCheck(&p[7], 1))) {
6397
printf("sid 1 matched but shouldn't have for packet 7: ");
6398
goto end;
6399
}
6400
6401
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len);
6402
if (r != 0) {
6403
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6404
result = 0;
6405
goto end;
6406
}
6407
/* detection phase */
6408
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
6409
if ((PacketAlertCheck(&p[3], 1))) {
6410
printf("sid 1 matched but shouldn't have for packet 3: ");
6411
goto end;
6412
}
6413
6414
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len);
6415
if (r != 0) {
6416
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6417
result = 0;
6418
goto end;
6419
}
6420
/* detection phase */
6421
/* we should have a match for the sig once again for the same flow, since
6422
* the detection engine state for the flow has been reset because of a
6423
* fresh transaction */
6424
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[4]);
6425
if (!(PacketAlertCheck(&p[4], 1))) {
6426
printf("sid 1 didn't match but should have for packet 4: ");
6427
goto end;
6428
}
6429
6430
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, response3, response3_len);
6431
if (r != 0) {
6432
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6433
result = 0;
6434
goto end;
6435
}
6436
/* detection phase */
6437
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[5]);
6438
if ((PacketAlertCheck(&p[5], 1))) {
6439
printf("sid 1 matched but shouldn't have for packet 5: ");
6440
goto end;
6441
}
6442
6443
result = 1;
6444
6445
end:
6446
if (de_ctx != NULL) {
6447
SigGroupCleanup(de_ctx);
6448
SigCleanSignatures(de_ctx);
6449
6450
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
6451
DetectEngineCtxFree(de_ctx);
6452
}
6453
6454
FlowL7DataPtrFree(&f);
6455
StreamTcpFreeConfig(TRUE);
6456
6457
return result;
6458
}
6459
6460
/**
6461
* \test Test the working of detection engien with respect to dce keywords.
6462
*/
6463
int DcePayloadTest14(void)
6464
{
6465
int result = 0;
6466
6467
uint8_t request1[] = {
6468
0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
6469
0x68, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6470
0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0x00,
6471
0x76, 0x7e, 0x32, 0x00, 0x0f, 0x00, 0x00, 0x00,
6472
0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
6473
0x5c, 0x00, 0x5c, 0x00, 0x31, 0x00, 0x37, 0x00,
6474
0x31, 0x00, 0x2e, 0x00, 0x37, 0x00, 0x31, 0x00,
6475
0x2e, 0x00, 0x38, 0x00, 0x34, 0x00, 0x2e, 0x00,
6476
0x36, 0x00, 0x37, 0x00, 0x00, 0x00, 0x00, 0x00,
6477
0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6478
0x84, 0xf9, 0x7f, 0x01, 0x00, 0x00, 0x00, 0x00,
6479
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
6480
0x14, 0xfa, 0x7f, 0x01, 0x00, 0x00, 0x00, 0x00
6481
};
6482
uint32_t request1_len = sizeof(request1);
6483
6484
uint8_t bind[] = {
6485
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
6486
0x48, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6487
0xb8, 0x10, 0xb8, 0x10, 0x00, 0x00, 0x00, 0x00,
6488
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
6489
0x81, 0xbb, 0x7a, 0x36, 0x44, 0x98, 0xf1, 0x35,
6490
0xad, 0x32, 0x98, 0xf0, 0x38, 0x00, 0x10, 0x03,
6491
0x02, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
6492
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
6493
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
6494
};
6495
uint32_t bind_len = sizeof(bind);
6496
6497
uint8_t bind_ack[] = {
6498
0x05, 0x00, 0x0c, 0x03, 0x10, 0x00, 0x00, 0x00,
6499
0x44, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6500
0xb8, 0x10, 0xb8, 0x10, 0x74, 0x73, 0x00, 0x00,
6501
0x0d, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c,
6502
0x6e, 0x74, 0x73, 0x76, 0x63, 0x73, 0x00, 0x00,
6503
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6504
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
6505
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
6506
0x02, 0x00, 0x00, 0x00
6507
};
6508
uint32_t bind_ack_len = sizeof(bind_ack);
6509
6510
uint8_t request2[] = {
6511
0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
6512
0x40, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6513
0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1b, 0x00,
6514
0x64, 0x7e, 0x32, 0x00, 0x0f, 0x00, 0x00, 0x00,
6515
0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
6516
0x5c, 0x5c, 0x31, 0x37, 0x31, 0x2e, 0x37, 0x31,
6517
0x2e, 0x38, 0x34, 0x2e, 0x36, 0x37, 0x00, 0x8a,
6518
0x00, 0x00, 0x00, 0x00, 0x3f, 0x00, 0x0f, 0x00
6519
};
6520
uint32_t request2_len = sizeof(request2);
6521
6522
uint8_t response2[] = {
6523
0x05, 0x00, 0x02, 0x03, 0x10, 0x00, 0x00, 0x00,
6524
0x30, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
6525
0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6526
0x00, 0x00, 0x00, 0x00, 0xd2, 0xc4, 0x88, 0x14,
6527
0xef, 0x31, 0xbb, 0x4d, 0xa8, 0x13, 0xb7, 0x1b,
6528
0x47, 0x49, 0xb5, 0xd7, 0x00, 0x00, 0x00, 0x00
6529
};
6530
uint32_t response2_len = sizeof(response2);
6531
6532
TcpSession ssn;
6533
Packet p[6];
6534
ThreadVars tv;
6535
DetectEngineCtx *de_ctx = NULL;
6536
DetectEngineThreadCtx *det_ctx = NULL;
6537
Flow f;
6538
int r;
6539
int i = 0;
6540
6541
char *sig1 = "alert tcp any any -> any any "
6542
"(dce_stub_data; sid:1;)";
6543
6544
Signature *s;
6545
6546
memset(&tv, 0, sizeof(ThreadVars));
6547
memset(&f, 0, sizeof(Flow));
6548
memset(&ssn, 0, sizeof(TcpSession));
6549
6550
for (i = 0; i < 6; i++) {
6551
memset(&p[i], 0, sizeof(Packet));
6552
p[i].src.family = AF_INET;
6553
p[i].dst.family = AF_INET;
6554
p[i].payload = NULL;
6555
p[i].payload_len = 0;
6556
p[i].proto = IPPROTO_TCP;
6557
p[i].flow = &f;
6558
p[i].flowflags |= FLOW_PKT_TOSERVER;
6559
p[i].flowflags |= FLOW_PKT_ESTABLISHED;
6560
}
6561
p[3].flowflags |= FLOW_PKT_TOCLIENT;
6562
p[3].flowflags &=~ FLOW_PKT_TOSERVER;
6563
p[5].flowflags |= FLOW_PKT_TOCLIENT;
6564
p[5].flowflags &=~ FLOW_PKT_TOSERVER;
6565
6566
FLOW_INITIALIZE(&f);
6567
f.protoctx = (void *)&ssn;
6568
f.src.family = AF_INET;
6569
f.dst.family = AF_INET;
6570
f.alproto = ALPROTO_DCERPC;
6571
6572
StreamTcpInitConfig(TRUE);
6573
FlowL7DataPtrInit(&f);
6574
6575
de_ctx = DetectEngineCtxInit();
6576
if (de_ctx == NULL)
6577
goto end;
6578
de_ctx->flags |= DE_QUIET;
6579
6580
de_ctx->sig_list = SigInit(de_ctx, sig1);
6581
s = de_ctx->sig_list;
6582
if (s == NULL)
6583
goto end;
6584
6585
SigGroupBuild(de_ctx);
6586
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
6587
6588
/* request 1 */
6589
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
6590
if (r != 0) {
6591
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6592
result = 0;
6593
goto end;
6594
}
6595
/* detection phase */
6596
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[0]);
6597
if (!(PacketAlertCheck(&p[0], 1))) {
6598
printf("sid 1 didn't match but should have for packet 0: ");
6599
goto end;
6600
}
6601
6602
/* detection phase */
6603
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[1]);
6604
if ((PacketAlertCheck(&p[1], 1))) {
6605
printf("sid 1 matched but shouldn't have for packet 1: ");
6606
goto end;
6607
}
6608
6609
/* bind */
6610
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
6611
if (r != 0) {
6612
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6613
result = 0;
6614
goto end;
6615
}
6616
/* detection phase */
6617
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[2]);
6618
if ((PacketAlertCheck(&p[2], 1))) {
6619
printf("sid 1 matched but shouldn't have for packet 2: ");
6620
goto end;
6621
}
6622
6623
/* bind_ack. A new transaction initiation */
6624
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
6625
if (r != 0) {
6626
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6627
result = 0;
6628
goto end;
6629
}
6630
/* detection phase */
6631
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[3]);
6632
if ((PacketAlertCheck(&p[3], 1))) {
6633
printf("sid 1 matched but shouldn't have for packet 3: ");
6634
goto end;
6635
}
6636
6637
/* we should have a match for the sig once again for the same flow, since
6638
* the detection engine state for the flow has been reset because of a
6639
* fresh transaction */
6640
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
6641
if (r != 0) {
6642
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6643
result = 0;
6644
goto end;
6645
}
6646
/* detection phase */
6647
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[4]);
6648
if (!(PacketAlertCheck(&p[4], 1))) {
6649
printf("sid 1 didn't match but should have for packet 4: ");
6650
goto end;
6651
}
6652
6653
/* response */
6654
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len);
6655
if (r != 0) {
6656
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
6657
result = 0;
6658
goto end;
6659
}
6660
/* detection phase */
6661
SigMatchSignatures(&tv, de_ctx, det_ctx, &p[5]);
6662
if ((PacketAlertCheck(&p[5], 1))) {
6663
printf("sid 1 matched but shouldn't have for packet 5: ");
6664
goto end;
6665
}
6666
6667
result = 1;
6668
6669
end:
6670
if (de_ctx != NULL) {
6671
SigGroupCleanup(de_ctx);
6672
SigCleanSignatures(de_ctx);
6673
6674
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
6675
DetectEngineCtxFree(de_ctx);
6676
}
6677
6678
FlowL7DataPtrFree(&f);
6679
StreamTcpFreeConfig(TRUE);
6680
6681
return result;
6682
}
6683
6684
#endif /* UNITTESTS */
6685
6686
void DcePayloadRegisterTests(void)
6687
{
6688
6689
#ifdef UNITTESTS
6690
UtRegisterTest("DcePayloadTest01", DcePayloadTest01, 1);
6691
UtRegisterTest("DcePayloadTest02", DcePayloadTest02, 1);
6692
UtRegisterTest("DcePayloadTest03", DcePayloadTest03, 1);
6693
UtRegisterTest("DcePayloadTest04", DcePayloadTest04, 1);
6694
UtRegisterTest("DcePayloadTest05", DcePayloadTest05, 1);
6695
UtRegisterTest("DcePayloadTest06", DcePayloadTest06, 1);
6696
UtRegisterTest("DcePayloadTest07", DcePayloadTest07, 1);
6697
UtRegisterTest("DcePayloadTest08", DcePayloadTest08, 1);
6698
UtRegisterTest("DcePayloadTest09", DcePayloadTest09, 1);
6699
UtRegisterTest("DcePayloadTest10", DcePayloadTest10, 1);
6700
UtRegisterTest("DcePayloadTest11", DcePayloadTest11, 1);
6701
UtRegisterTest("DcePayloadTest12", DcePayloadTest12, 1);
6702
UtRegisterTest("DcePayloadTest13", DcePayloadTest13, 1);
6703
UtRegisterTest("DcePayloadTest14", DcePayloadTest14, 1);
6704
#endif /* UNITTESTS */
6705
6706
return;
6707
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1