# This file was automatically generated by bifcl from /Users/jon/tmp/bro-2.5.5/src/analyzer/protocol/dce-rpc/events.bif (plugin mode).

## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` message.
##
## c: The connection.
##
## is_orig: True if the message was sent by the originator of the TCP connection.
##
## fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
##      message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
##      not transported over a pipe.
##
## ptype_id: Numeric representation of the procedure type of the message.
##
## ptype: Enum representation of the prodecure type of the message.
##
## .. bro:see:: dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response
export {
global dce_rpc_message: event(c: connection , is_orig: bool , fid: count , ptype_id: count , ptype: DCE_RPC::PType );


## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request message.
## Since RPC offers the ability for a client to request connections to multiple endpoints, this event can occur 
## multiple times for a single RPC message.
##
## c: The connection.
##
## fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
##      message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
##      not transported over a pipe.
##
## uuid: The string interpretted uuid of the endpoint being requested.
##
## ver_major: The major version of the endpoint being requested.
##
## ver_minor: The minor version of the endpoint being requested.
##
## .. bro:see:: dce_rpc_message dce_rpc_bind_ack dce_rpc_request dce_rpc_response
global dce_rpc_bind: event(c: connection , fid: count , uuid: string , ver_major: count , ver_minor: count );


## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request ack message.
##
## c: The connection.
##
## fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
##      message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
##      not transported over a pipe.
##
## sec_addr: Secondary address for the ack.
##
## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_request dce_rpc_response
global dce_rpc_bind_ack: event(c: connection , fid: count , sec_addr: string );


## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` request message.
##
## c: The connection.
##
## fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
##      message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
##      not transported over a pipe.
##
## opnum: Number of the RPC operation.
##
## stub_len: Length of the data for the request.
##
## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response
global dce_rpc_request: event(c: connection , fid: count , opnum: count , stub_len: count );


## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` response message.
##
## c: The connection.
##
## fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
##      message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
##      not transported over a pipe.
##
## opnum: Number of the RPC operation.
##
## stub_len: Length of the data for the response.
##
## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request
global dce_rpc_response: event(c: connection , fid: count , opnum: count , stub_len: count );

} # end of export section
module GLOBAL;