aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

enip: add TX orientation

Browse Source 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
pull/8660/head
Eric Leblond 2 years ago committed by Victor Julien
parent 1decdbe409
commit 301237f82e
1 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File

31
src/app-layer-enip.c
Unescape Escape View File

@ -299,7 +299,7 @@ static void ENIPStateTransactionFree(void *state, uint64_t tx_id)
* \retval 1 when the command is parsed, 0 otherwise
*/
static AppLayerResult ENIPParse(Flow *f, void *state, AppLayerParserState *pstate,
StreamSlice stream_slice, void *local_data)
StreamSlice stream_slice, void *local_data, uint8_t direction)
{
SCEnter();
ENIPState *enip = (ENIPState *) state;
@ -326,6 +326,11 @@ static AppLayerResult ENIPParse(Flow *f, void *state, AppLayerParserState *pstat
if (tx == NULL)
SCReturnStruct(APP_LAYER_OK);
if (direction == STREAM_TOCLIENT)
tx->tx_data.detect_flags_ts |= APP_LAYER_TX_SKIP_INSPECT_FLAG;
else
tx->tx_data.detect_flags_tc |= APP_LAYER_TX_SKIP_INSPECT_FLAG;
SCLogDebug("ENIPParse input len %d", input_len);
DecodeENIPPDU(input, input_len, tx);
uint32_t pkt_len = tx->header.length + sizeof(ENIPEncapHdr);
@ -350,6 +355,18 @@ static AppLayerResult ENIPParse(Flow *f, void *state, AppLayerParserState *pstat
SCReturnStruct(APP_LAYER_OK);
}
static AppLayerResult ENIPParseRequest(Flow *f, void *state, AppLayerParserState *pstate,
StreamSlice stream_slice, void *local_data)
{
return ENIPParse(f, state, pstate, stream_slice, local_data, STREAM_TOSERVER);
}
static AppLayerResult ENIPParseResponse(Flow *f, void *state, AppLayerParserState *pstate,
StreamSlice stream_slice, void *local_data)
{
return ENIPParse(f, state, pstate, stream_slice, local_data, STREAM_TOCLIENT);
}
#define ENIP_LEN_REGISTER_SESSION 4 // protocol u16, options u16
static uint16_t ENIPProbingParser(Flow *f, uint8_t direction,
@ -525,10 +542,8 @@ void RegisterENIPUDPParsers(void)
if (AppLayerParserConfParserEnabled("udp", proto_name))
{
AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_ENIP,
STREAM_TOSERVER, ENIPParse);
AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_ENIP,
STREAM_TOCLIENT, ENIPParse);
AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_ENIP, STREAM_TOSERVER, ENIPParseRequest);
AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_ENIP, STREAM_TOCLIENT, ENIPParseResponse);
AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_ENIP,
ENIPStateAlloc, ENIPStateFree);
@ -601,10 +616,8 @@ void RegisterENIPTCPParsers(void)
if (AppLayerParserConfParserEnabled("tcp", proto_name))
{
AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_ENIP,
STREAM_TOSERVER, ENIPParse);
AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_ENIP,
STREAM_TOCLIENT, ENIPParse);
AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_ENIP, STREAM_TOSERVER, ENIPParseRequest);
AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_ENIP, STREAM_TOCLIENT, ENIPParseResponse);
AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_ENIP,
ENIPStateAlloc, ENIPStateFree);

Write Preview
Loading…
Cancel
Save