]>
Commit | Line | Data |
---|---|---|
a3ffebd8 | 1 | /* Copyright (C) 2015 Open Information Security Foundation |
2 | * | |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
11 | * | |
12 | * You should have received a copy of the GNU General Public License | |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
17 | ||
18 | /** | |
19 | * \file | |
20 | * | |
21 | * \author Kevin Wong <kwong@solananetworks.com> | |
22 | */ | |
23 | ||
24 | #ifndef __APP_LAYER_ENIP_COMMON_H__ | |
25 | #define __APP_LAYER_ENIP_COMMON_H__ | |
26 | ||
27 | #include "app-layer-protos.h" | |
28 | #include "app-layer-parser.h" | |
29 | #include "flow.h" | |
30 | #include "queue.h" | |
31 | ||
a3ffebd8 | 32 | // EtherNet/IP commands |
33 | #define NOP 0x0000 | |
34 | #define LIST_SERVICES 0x0004 | |
35 | #define LIST_IDENTITY 0x0063 | |
36 | #define LIST_INTERFACES 0x0064 | |
37 | #define REGISTER_SESSION 0x0065 | |
38 | #define UNREGISTER_SESSION 0x0066 | |
39 | #define SEND_RR_DATA 0x006F | |
40 | #define SEND_UNIT_DATA 0x0070 | |
41 | #define INDICATE_STATUS 0x0072 | |
42 | #define CANCEL 0x0073 | |
43 | ||
44 | //Common Packet Format Types | |
45 | #define NULL_ADDR 0x0000 | |
46 | #define CONNECTION_BASED 0x00a1 | |
47 | #define CONNECTED_DATA_ITEM 0x00b1 | |
48 | #define UNCONNECTED_DATA_ITEM 0x00b2 | |
49 | #define SEQUENCE_ADDR_ITEM 0xB002 | |
50 | ||
51 | //status codes | |
52 | #define SUCCESS 0x0000 | |
53 | #define INVALID_CMD 0x0001 | |
54 | #define NO_RESOURCES 0x0002 | |
55 | #define INCORRECT_DATA 0x0003 | |
56 | #define INVALID_SESSION 0x0064 | |
57 | #define INVALID_LENGTH 0x0065 | |
58 | #define UNSUPPORTED_PROT_REV 0x0069 | |
0da4dc0d PA |
59 | //Found in wireshark |
60 | #define ENCAP_HEADER_ERROR 0x006A | |
a3ffebd8 | 61 | |
62 | #define MAX_CIP_SERVICE 127 | |
63 | #define MAX_CIP_CLASS 65535 | |
64 | #define MAX_CIP_ATTRIBUTE 65535 | |
65 | ||
66 | // CIP service codes | |
67 | #define CIP_RESERVED 0x00 | |
68 | #define CIP_GET_ATTR_ALL 0x01 | |
69 | #define CIP_GET_ATTR_LIST 0x03 | |
70 | #define CIP_SET_ATTR_LIST 0x04 | |
71 | #define CIP_RESET 0x05 | |
72 | #define CIP_START 0x06 | |
73 | #define CIP_STOP 0x07 | |
74 | #define CIP_CREATE 0x08 | |
75 | #define CIP_DELETE 0x09 | |
76 | #define CIP_MSP 0x0a | |
77 | #define CIP_APPLY_ATTR 0x0d | |
78 | #define CIP_GET_ATTR_SINGLE 0x0e | |
79 | #define CIP_SET_ATTR_SINGLE 0x10 | |
80 | #define CIP_KICK_TIMER 0x4b | |
81 | #define CIP_OPEN_CONNECTION 0x4c | |
82 | #define CIP_CHANGE_START 0x4f | |
83 | #define CIP_GET_STATUS 0x50 | |
84 | ||
85 | //PATH sizing codes | |
86 | #define PATH_CLASS_8BIT 0x20 | |
87 | #define PATH_CLASS_16BIT 0x21 | |
88 | #define PATH_INSTANCE_8BIT 0x24 | |
89 | #define PATH_INSTANCE_16BIT 0x25 | |
90 | #define PATH_ATTR_8BIT 0x30 | |
91 | #define PATH_ATTR_16BIT 0x31 //possible value | |
92 | ||
93 | /** | |
94 | * ENIP encapsulation header | |
95 | */ | |
96 | typedef struct ENIPEncapHdr_ | |
97 | { | |
98 | uint64_t context; | |
99 | uint32_t session; | |
100 | uint32_t status; | |
101 | uint32_t option; | |
102 | uint16_t command; | |
103 | uint16_t length; | |
104 | } ENIPEncapHdr; | |
105 | ||
106 | /** | |
107 | * ENIP encapsulation data header | |
108 | */ | |
109 | typedef struct ENIPEncapDataHdr_ | |
110 | { | |
111 | uint32_t interface_handle; | |
112 | uint16_t timeout; | |
113 | uint16_t item_count; | |
114 | } ENIPEncapDataHdr; | |
115 | ||
116 | /** | |
117 | * ENIP encapsulation address item | |
118 | */ | |
119 | typedef struct ENIPEncapAddresItem_ | |
120 | { | |
121 | uint16_t type; | |
122 | uint16_t length; | |
86f5d33f PA |
123 | uint32_t conn_id; |
124 | uint32_t sequence_num; | |
a3ffebd8 | 125 | } ENIPEncapAddresItem; |
126 | ||
127 | /** | |
128 | * ENIP encapsulation data item | |
129 | */ | |
130 | typedef struct ENIPEncapDataItem_ | |
131 | { | |
132 | uint16_t type; | |
133 | uint16_t length; | |
134 | uint16_t sequence_count; | |
135 | } ENIPEncapDataItem; | |
136 | ||
137 | /** | |
138 | * CIP Request Header | |
139 | */ | |
140 | typedef struct CIPReqHdr_ | |
141 | { | |
142 | uint8_t service; | |
143 | uint8_t path_size; | |
144 | } CIPReqHdr; | |
145 | ||
146 | /** | |
147 | * CIP Response Header | |
148 | */ | |
149 | typedef struct CIPRespHdr_ | |
150 | { | |
151 | uint8_t service; | |
152 | uint8_t pad; | |
153 | uint8_t status; | |
154 | uint8_t status_size; | |
155 | } CIPRespHdr; | |
156 | ||
157 | typedef struct SegmentEntry_ | |
158 | { | |
72b5da43 VJ |
159 | uint16_t segment; /**< segment type */ |
160 | uint16_t value; /**< segment value (class or attribute) */ | |
a3ffebd8 | 161 | |
72b5da43 | 162 | TAILQ_ENTRY(SegmentEntry_) next; |
a3ffebd8 | 163 | } SegmentEntry; |
164 | ||
165 | typedef struct AttributeEntry_ | |
166 | { | |
72b5da43 | 167 | uint16_t attribute; /**< segment class */ |
a3ffebd8 | 168 | |
72b5da43 | 169 | TAILQ_ENTRY(AttributeEntry_) next; |
a3ffebd8 | 170 | } AttributeEntry; |
171 | ||
172 | typedef struct CIPServiceEntry_ | |
173 | { | |
72b5da43 | 174 | uint8_t service; /**< cip service */ |
a3ffebd8 | 175 | uint8_t direction; |
176 | union | |
177 | { | |
178 | struct | |
179 | { | |
72b5da43 VJ |
180 | uint8_t path_size; /**< cip path size */ |
181 | uint16_t path_offset; /**< offset to cip path */ | |
a3ffebd8 | 182 | } request; |
183 | struct | |
184 | { | |
86f5d33f | 185 | uint16_t status; |
a3ffebd8 | 186 | } response; |
187 | }; | |
188 | ||
72b5da43 VJ |
189 | TAILQ_HEAD(, SegmentEntry_) segment_list; /**< list for CIP segment */ |
190 | TAILQ_HEAD(, AttributeEntry_) attrib_list; /**< list for CIP segment */ | |
a3ffebd8 | 191 | |
192 | TAILQ_ENTRY(CIPServiceEntry_) next; | |
193 | } CIPServiceEntry; | |
194 | ||
195 | typedef struct ENIPTransaction_ | |
196 | { | |
197 | struct ENIPState_ *enip; | |
86f5d33f | 198 | uint64_t tx_num; /**< internal: id */ |
72b5da43 VJ |
199 | uint16_t tx_id; /**< transaction id */ |
200 | uint16_t service_count; | |
a3ffebd8 | 201 | |
72b5da43 VJ |
202 | ENIPEncapHdr header; /**< encapsulation header */ |
203 | ENIPEncapDataHdr encap_data_header; /**< encapsulation data header */ | |
204 | ENIPEncapAddresItem encap_addr_item; /**< encapsulated address item */ | |
205 | ENIPEncapDataItem encap_data_item; /**< encapsulated data item */ | |
a3ffebd8 | 206 | |
207 | TAILQ_HEAD(, CIPServiceEntry_) service_list; /**< list for CIP */ | |
208 | ||
72b5da43 | 209 | AppLayerDecoderEvents *decoder_events; /**< per tx events */ |
a3ffebd8 | 210 | |
211 | TAILQ_ENTRY(ENIPTransaction_) next; | |
7d663ed5 | 212 | AppLayerTxData tx_data; |
a3ffebd8 | 213 | } ENIPTransaction; |
214 | ||
215 | /** \brief Per flow ENIP state container */ | |
216 | typedef struct ENIPState_ | |
217 | { | |
218 | TAILQ_HEAD(, ENIPTransaction_) tx_list; /**< transaction list */ | |
72b5da43 | 219 | ENIPTransaction *curr; /**< ptr to current tx */ |
a3ffebd8 | 220 | ENIPTransaction *iter; |
221 | uint64_t transaction_max; | |
222 | uint64_t tx_with_detect_state_cnt; | |
223 | ||
224 | uint16_t events; | |
225 | uint16_t givenup; | |
226 | ||
227 | /* used by TCP only */ | |
228 | uint16_t offset; | |
229 | uint16_t record_len; | |
230 | uint8_t *buffer; | |
231 | } ENIPState; | |
232 | ||
579cc9f0 | 233 | int DecodeENIPPDU(const uint8_t *input, uint32_t input_len, |
a3ffebd8 | 234 | ENIPTransaction *enip_data); |
579cc9f0 | 235 | int DecodeCommonPacketFormatPDU(const uint8_t *input, uint32_t input_len, |
a3ffebd8 | 236 | ENIPTransaction *enip_data, uint16_t offset); |
579cc9f0 | 237 | int DecodeCIPPDU(const uint8_t *input, uint32_t input_len, |
a3ffebd8 | 238 | ENIPTransaction *enip_data, uint16_t offset); |
579cc9f0 | 239 | int DecodeCIPRequestPDU(const uint8_t *input, uint32_t input_len, |
a3ffebd8 | 240 | ENIPTransaction *enip_data, uint16_t offset); |
579cc9f0 | 241 | int DecodeCIPResponsePDU(const uint8_t *input, uint32_t input_len, |
a3ffebd8 | 242 | ENIPTransaction *enip_data, uint16_t offset); |
579cc9f0 | 243 | int DecodeCIPRequestPathPDU(const uint8_t *input, uint32_t input_len, |
a3ffebd8 | 244 | CIPServiceEntry *node, uint16_t offset); |
579cc9f0 | 245 | int DecodeCIPRequestMSPPDU(const uint8_t *input, uint32_t input_len, |
a3ffebd8 | 246 | ENIPTransaction *enip_data, uint16_t offset); |
579cc9f0 | 247 | int DecodeCIPResponseMSPPDU(const uint8_t *input, uint32_t input_len, |
a3ffebd8 | 248 | ENIPTransaction *enip_data, uint16_t offset); |
249 | ||
250 | #endif /* __APP_LAYER_ENIP_COMMON_H__ */ |