This directory contains all the files related to DCE-RPC protocol
processing.

DCE is supported over TCP/IP, UDP, SMB and HTTP v1 Proxy and Server.
The DCE-RPC preprocessor is split into four inspectors - one for each
transport. This includes the configuration as well as the inspector
modules.

The inspectors perform SMB desegmentation and DCE-RPC defragmentation
to avoid rule evasion using these techniques. IPS rule options are
supported for matching on interface, opnum and stub data.

The Snort 2x server configuration is now split between the inspectors.
Options that are meaningful to all inspectors, such as policy, are
copied into each inspector configuration.

The address/port mapping is handled by the binder. Autodetect
functionality is replaced by wizard curses.

The Snort 2x global configuration is now rolled into server
configuration.

The http_proxy and http_server functionality is implemented as two
inspectors.  These inspectors only serve to locate the 'tunnel' setup
content.  If/when the setup content is located, the session is transferred
to the DCE TCP inspector.

The SMB inspector supports version 1 and version 2 of the protocol. 
It processes relevant messages and inspects file transferred over this transport. 
For SMBv2, it supports TCP as transport and it also supports multiple File transfer
on single SMB2 connection.
The SMB inspector implements base class for smb flow data,
which all versions now inherits and implements. SMBv1 and SMBv2 code is completely
segregated, maintaining common code in separate file to reduce redundancy.
The common functionality used by both versions are in dce_smb_common files.
SMBv2 specific trackers are in there own file now.

The inspector eval function checks for the presence of SMB flow data in the flow,
if not present, it creates an SMB flow data according to detected version, otherwise
calls the respective process function.
The process functions processes the commands according to respective versions and when
file transfer is detected, it calls file_flow process().