enip: add tx detect flags

author Jason Ish <jason.ish@oisf.net>

Wed, 27 Nov 2019 15:50:40 +0000 (09:50 -0600)

committer Jason Ish <jason.ish@oisf.net>

Wed, 27 Nov 2019 19:42:53 +0000 (13:42 -0600)
author Jason Ish <jason.ish@oisf.net>
Wed, 27 Nov 2019 15:50:40 +0000 (09:50 -0600)
committer Jason Ish <jason.ish@oisf.net>
Wed, 27 Nov 2019 19:42:53 +0000 (13:42 -0600)
diff --git a/src/app-layer-enip-common.h b/src/app-layer-enip-common.h

index 65b2500d978f730e56eea13b44cfc33d19890402..a9b138d7e695fed4ff35bb904cb3aaf43e1e74ba 100644 (file)
--- a/src/app-layer-enip-common.h
+++ b/src/app-layer-enip-common.h
@@ -210,6 +210,8 @@ typedef struct ENIPTransaction_
  
      TAILQ_ENTRY(ENIPTransaction_) next;
      DetectEngineState *de_state;
+    uint64_t detect_flags_ts;
+    uint64_t detect_flags_tc;
  } ENIPTransaction;
  
  /** \brief Per flow ENIP state container */
diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c

index 1643dc0212a1302b9ee038f116d21e2a5259fed4..22cac4e44ddd92092ebf3d51b83e6dae24c461e7 100644 (file)
--- a/src/app-layer-enip.c
+++ b/src/app-layer-enip.c
@@ -88,6 +88,26 @@ static int ENIPSetTxDetectState(void *vtx, DetectEngineState *s)
      return 0;
  }
  
+static uint64_t ENIPGetTxDetectFlags(void *vtx, uint8_t dir)
+{
+    ENIPTransaction *tx = (ENIPTransaction *)vtx;
+    if (dir & STREAM_TOSERVER) {
+        return tx->detect_flags_ts;
+    } else {
+        return tx->detect_flags_tc;
+    }
+}
+
+static void ENIPSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t flags)
+{
+    ENIPTransaction *tx = (ENIPTransaction *)vtx;
+    if (dir &STREAM_TOSERVER) {
+        tx->detect_flags_ts = flags;
+    } else {
+        tx->detect_flags_tc = flags;
+    }
+}
+
  static void *ENIPGetTx(void *alstate, uint64_t tx_id)
  {
      ENIPState         *enip = (ENIPState *) alstate;
@@ -450,6 +470,8 @@ void RegisterENIPUDPParsers(void)
  
          AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_UDP,
                  ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT);
+        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_UDP, ALPROTO_ENIP,
+                ENIPGetTxDetectFlags, ENIPSetTxDetectFlags);
  
      } else
      {
@@ -533,6 +555,8 @@ void RegisterENIPTCPParsers(void)
          /* This parser accepts gaps. */
          AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_ENIP,
                  APP_LAYER_PARSER_OPT_ACCEPT_GAPS);
+        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_ENIP,
+                ENIPGetTxDetectFlags, ENIPSetTxDetectFlags);
  
      } else
      {
author	Jason Ish <jason.ish@oisf.net>
	Wed, 27 Nov 2019 15:50:40 +0000 (09:50 -0600)
committer	Jason Ish <jason.ish@oisf.net>
	Wed, 27 Nov 2019 19:42:53 +0000 (13:42 -0600)
src/app-layer-enip-common.h		patch \| blob \| blame \| history
src/app-layer-enip.c		patch \| blob \| blame \| history