|  |  |  | @ -359,7 +359,7 @@ static AppLayerResult ENIPParse(Flow *f, void *state, AppLayerParserState *pstat | 
		
	
		
			
				|  |  |  |  |     SCReturnStruct(APP_LAYER_OK); | 
		
	
		
			
				|  |  |  |  | } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | #define ENIP_LEN_REGISTER_SESSION 4 // protocol u16, options u16
 | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | static uint16_t ENIPProbingParser(Flow *f, uint8_t direction, | 
		
	
		
			
				|  |  |  |  |         const uint8_t *input, uint32_t input_len, uint8_t *rdir) | 
		
	
	
		
			
				
					|  |  |  | @ -371,27 +371,21 @@ static uint16_t ENIPProbingParser(Flow *f, uint8_t direction, | 
		
	
		
			
				|  |  |  |  |         return ALPROTO_UNKNOWN; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  |     uint16_t cmd; | 
		
	
		
			
				|  |  |  |  |     uint16_t enip_len; | 
		
	
		
			
				|  |  |  |  |     uint32_t status; | 
		
	
		
			
				|  |  |  |  |     int ret = ByteExtractUint16(&cmd, BYTE_LITTLE_ENDIAN, sizeof(uint16_t), | 
		
	
		
			
				|  |  |  |  |                                 (const uint8_t *) (input)); | 
		
	
		
			
				|  |  |  |  |     uint32_t option; | 
		
	
		
			
				|  |  |  |  |     uint16_t nbitems; | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     int ret = ByteExtractUint16( | 
		
	
		
			
				|  |  |  |  |             &enip_len, BYTE_LITTLE_ENDIAN, sizeof(uint16_t), (const uint8_t *)(input + 2)); | 
		
	
		
			
				|  |  |  |  |     if (ret < 0) { | 
		
	
		
			
				|  |  |  |  |         return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  |     //ok for all the known commands
 | 
		
	
		
			
				|  |  |  |  |     switch(cmd) { | 
		
	
		
			
				|  |  |  |  |         case NOP: | 
		
	
		
			
				|  |  |  |  |         case LIST_SERVICES: | 
		
	
		
			
				|  |  |  |  |         case LIST_IDENTITY: | 
		
	
		
			
				|  |  |  |  |         case LIST_INTERFACES: | 
		
	
		
			
				|  |  |  |  |         case REGISTER_SESSION: | 
		
	
		
			
				|  |  |  |  |         case UNREGISTER_SESSION: | 
		
	
		
			
				|  |  |  |  |         case SEND_RR_DATA: | 
		
	
		
			
				|  |  |  |  |         case SEND_UNIT_DATA: | 
		
	
		
			
				|  |  |  |  |         case INDICATE_STATUS: | 
		
	
		
			
				|  |  |  |  |         case CANCEL: | 
		
	
		
			
				|  |  |  |  |             ret = ByteExtractUint32(&status, BYTE_LITTLE_ENDIAN, | 
		
	
		
			
				|  |  |  |  |                                     sizeof(uint32_t), | 
		
	
		
			
				|  |  |  |  |                                     (const uint8_t *) (input + 8)); | 
		
	
		
			
				|  |  |  |  |     if (enip_len < sizeof(ENIPEncapHdr)) { | 
		
	
		
			
				|  |  |  |  |         return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  |     ret = ByteExtractUint32( | 
		
	
		
			
				|  |  |  |  |             &status, BYTE_LITTLE_ENDIAN, sizeof(uint32_t), (const uint8_t *)(input + 8)); | 
		
	
		
			
				|  |  |  |  |     if (ret < 0) { | 
		
	
		
			
				|  |  |  |  |         return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
	
		
			
				
					|  |  |  | @ -404,11 +398,64 @@ static uint16_t ENIPProbingParser(Flow *f, uint8_t direction, | 
		
	
		
			
				|  |  |  |  |         case INVALID_LENGTH: | 
		
	
		
			
				|  |  |  |  |         case UNSUPPORTED_PROT_REV: | 
		
	
		
			
				|  |  |  |  |         case ENCAP_HEADER_ERROR: | 
		
	
		
			
				|  |  |  |  |                     return ALPROTO_ENIP; | 
		
	
		
			
				|  |  |  |  |             break; | 
		
	
		
			
				|  |  |  |  |         default: | 
		
	
		
			
				|  |  |  |  |             return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  |     ret = ByteExtractUint16(&cmd, BYTE_LITTLE_ENDIAN, sizeof(uint16_t), (const uint8_t *)(input)); | 
		
	
		
			
				|  |  |  |  |     if(ret < 0) { | 
		
	
		
			
				|  |  |  |  |         return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  |     ret = ByteExtractUint32( | 
		
	
		
			
				|  |  |  |  |             &option, BYTE_LITTLE_ENDIAN, sizeof(uint32_t), (const uint8_t *)(input + 20)); | 
		
	
		
			
				|  |  |  |  |     if (ret < 0) { | 
		
	
		
			
				|  |  |  |  |         return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     //ok for all the known commands
 | 
		
	
		
			
				|  |  |  |  |     switch(cmd) { | 
		
	
		
			
				|  |  |  |  |         case NOP: | 
		
	
		
			
				|  |  |  |  |             if (option != 0) { | 
		
	
		
			
				|  |  |  |  |                 return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |             break; | 
		
	
		
			
				|  |  |  |  |         case REGISTER_SESSION: | 
		
	
		
			
				|  |  |  |  |             if (enip_len != ENIP_LEN_REGISTER_SESSION) { | 
		
	
		
			
				|  |  |  |  |                 return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |             break; | 
		
	
		
			
				|  |  |  |  |         case UNREGISTER_SESSION: | 
		
	
		
			
				|  |  |  |  |             if (enip_len != ENIP_LEN_REGISTER_SESSION && enip_len != 0) { | 
		
	
		
			
				|  |  |  |  |                 // 0 for request and 4 for response
 | 
		
	
		
			
				|  |  |  |  |                 return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |             break; | 
		
	
		
			
				|  |  |  |  |         case LIST_SERVICES: | 
		
	
		
			
				|  |  |  |  |         case LIST_IDENTITY: | 
		
	
		
			
				|  |  |  |  |         case SEND_RR_DATA: | 
		
	
		
			
				|  |  |  |  |         case SEND_UNIT_DATA: | 
		
	
		
			
				|  |  |  |  |         case INDICATE_STATUS: | 
		
	
		
			
				|  |  |  |  |         case CANCEL: | 
		
	
		
			
				|  |  |  |  |             break; | 
		
	
		
			
				|  |  |  |  |         case LIST_INTERFACES: | 
		
	
		
			
				|  |  |  |  |             if (input_len < sizeof(ENIPEncapHdr) + 2) { | 
		
	
		
			
				|  |  |  |  |                 SCLogDebug("length too small to be a ENIP LIST_INTERFACES"); | 
		
	
		
			
				|  |  |  |  |                 return ALPROTO_UNKNOWN; | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |             ret = ByteExtractUint16( | 
		
	
		
			
				|  |  |  |  |                     &nbitems, BYTE_LITTLE_ENDIAN, sizeof(uint16_t), (const uint8_t *)(input)); | 
		
	
		
			
				|  |  |  |  |             if(ret < 0) { | 
		
	
		
			
				|  |  |  |  |                 return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |             if (enip_len < sizeof(ENIPEncapHdr) + 2 * (size_t)nbitems) { | 
		
	
		
			
				|  |  |  |  |                 return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |             break; | 
		
	
		
			
				|  |  |  |  |         default: | 
		
	
		
			
				|  |  |  |  |             return ALPROTO_FAILED; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  |     return ALPROTO_ENIP; | 
		
	
		
			
				|  |  |  |  | } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | /**
 | 
		
	
		
			
				|  |  |  |  |  * \brief Function to register the ENIP protocol parsers and other functions | 
		
	
	
		
			
				
					|  |  |  | 
 |