enip: support gaps

Due to a bug in the GAP handling the TCP layer the parser would already get data after GAPs before.
8 years ago · 700781c53b
parent 89dc05d4a6
commit 700781c53b
1 changed files with 8 additions and 0 deletions
--- a/src/app-layer-enip.c
+++ b/src/app-layer-enip.c
@ -323,6 +323,9 @@ static int ENIPParse(Flow *f, void *state, AppLayerParserState *pstate,
            APP_LAYER_PARSER_EOF))
    {
        SCReturnInt(1);
+    } else if (input == NULL && input_len != 0) {
+        // GAP
+        SCReturnInt(0);
    } else if (input == NULL || input_len == 0)
    {
        SCReturnInt(-1);
@ -526,6 +529,11 @@ void RegisterENIPTCPParsers(void)

        AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP,
                ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT);
+
+        /* This parser accepts gaps. */
+        AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_ENIP,
+                APP_LAYER_PARSER_OPT_ACCEPT_GAPS);
+
    } else
    {
        SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.",