Added RSH dissector. Fixes #202.add/rsh

 - added syslog false-positive pcap that was missing in 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c
 - added NDPI_ARRAY_LENGTH() macro, usable on `type var[]` declarations

Signed-off-by: lns <matzeton@googlemail.com>

1 files changed, 9 insertions, 0 deletions

diff --git a/tests/result/rsh.pcap.out b/tests/result/rsh.pcap.out
new file mode 100644
index 000000000..fc9b5cb13
--- /dev/null
+++ b/tests/result/rsh.pcap.out
@@ -0,0 +1,9 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	12	(6.00 pkts/flow)
+Confidence DPI              : 2 (flows)
+
+RSH	24	1721	2
+
+	1	TCP 127.0.0.1:1021 <-> 127.0.0.1:514 [proto: 294/RSH][ClearText][Confidence: DPI][cat: RemoteAccess/12][7 pkts/508 bytes <-> 5 pkts/356 bytes][Goodput ratio: 7/5][1.43 sec][bytes ratio: 0.176 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/16 286/477 1414/1414 564/663][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/71 99/84 11/7][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: User 'someuser' executing 'some random command'][PLAIN TEXT (someuser)][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 127.0.0.1:1023 <-> 127.0.0.1:514 [proto: 294/RSH][ClearText][Confidence: DPI][cat: RemoteAccess/12][7 pkts/498 bytes <-> 5 pkts/359 bytes][Goodput ratio: 6/6][1.31 sec][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/15 262/437 1295/1295 517/607][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/72 89/87 8/8][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: User 'root' executing 'mkdir testdir'][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]