]> git.ipfire.org Git - people/ms/suricata.git/blame - src/app-layer-enip-common.h
projects / people / ms / suricata.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
enip: fix int warnings
[people/ms/suricata.git] / src / app-layer-enip-common.h
CommitLineData
a3ffebd8 1/* Copyright (C) 2015 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Kevin Wong <kwong@solananetworks.com>
22 */
23
24#ifndef __APP_LAYER_ENIP_COMMON_H__
25#define __APP_LAYER_ENIP_COMMON_H__
26
27#include "app-layer-protos.h"
28#include "app-layer-parser.h"
29#include "flow.h"
30#include "queue.h"
31
a3ffebd8 32// EtherNet/IP commands
33#define NOP 0x0000
34#define LIST_SERVICES 0x0004
35#define LIST_IDENTITY 0x0063
36#define LIST_INTERFACES 0x0064
37#define REGISTER_SESSION 0x0065
38#define UNREGISTER_SESSION 0x0066
39#define SEND_RR_DATA 0x006F
40#define SEND_UNIT_DATA 0x0070
41#define INDICATE_STATUS 0x0072
42#define CANCEL 0x0073
43
44//Common Packet Format Types
45#define NULL_ADDR 0x0000
46#define CONNECTION_BASED 0x00a1
47#define CONNECTED_DATA_ITEM 0x00b1
48#define UNCONNECTED_DATA_ITEM 0x00b2
49#define SEQUENCE_ADDR_ITEM 0xB002
50
51//status codes
52#define SUCCESS 0x0000
53#define INVALID_CMD 0x0001
54#define NO_RESOURCES 0x0002
55#define INCORRECT_DATA 0x0003
56#define INVALID_SESSION 0x0064
57#define INVALID_LENGTH 0x0065
58#define UNSUPPORTED_PROT_REV 0x0069
0da4dc0d
PA		 59//Found in wireshark
60#define ENCAP_HEADER_ERROR 0x006A
a3ffebd8 61
62#define MAX_CIP_SERVICE 127
63#define MAX_CIP_CLASS 65535
64#define MAX_CIP_ATTRIBUTE 65535
65
66// CIP service codes
67#define CIP_RESERVED 0x00
68#define CIP_GET_ATTR_ALL 0x01
69#define CIP_GET_ATTR_LIST 0x03
70#define CIP_SET_ATTR_LIST 0x04
71#define CIP_RESET 0x05
72#define CIP_START 0x06
73#define CIP_STOP 0x07
74#define CIP_CREATE 0x08
75#define CIP_DELETE 0x09
76#define CIP_MSP 0x0a
77#define CIP_APPLY_ATTR 0x0d
78#define CIP_GET_ATTR_SINGLE 0x0e
79#define CIP_SET_ATTR_SINGLE 0x10
80#define CIP_KICK_TIMER 0x4b
81#define CIP_OPEN_CONNECTION 0x4c
82#define CIP_CHANGE_START 0x4f
83#define CIP_GET_STATUS 0x50
84
85//PATH sizing codes
86#define PATH_CLASS_8BIT 0x20
87#define PATH_CLASS_16BIT 0x21
88#define PATH_INSTANCE_8BIT 0x24
89#define PATH_INSTANCE_16BIT 0x25
90#define PATH_ATTR_8BIT 0x30
91#define PATH_ATTR_16BIT 0x31 //possible value
92
93/**
94 * ENIP encapsulation header
95 */
96typedef struct ENIPEncapHdr_
97{
98 uint64_t context;
99 uint32_t session;
100 uint32_t status;
101 uint32_t option;
102 uint16_t command;
103 uint16_t length;
104} ENIPEncapHdr;
105
106/**
107 * ENIP encapsulation data header
108 */
109typedef struct ENIPEncapDataHdr_
110{
111 uint32_t interface_handle;
112 uint16_t timeout;
113 uint16_t item_count;
114} ENIPEncapDataHdr;
115
116/**
117 * ENIP encapsulation address item
118 */
119typedef struct ENIPEncapAddresItem_
120{
121 uint16_t type;
122 uint16_t length;
86f5d33f
PA		 123 uint32_t conn_id;
124 uint32_t sequence_num;
a3ffebd8 125} ENIPEncapAddresItem;
126
127/**
128 * ENIP encapsulation data item
129 */
130typedef struct ENIPEncapDataItem_
131{
132 uint16_t type;
133 uint16_t length;
134 uint16_t sequence_count;
135} ENIPEncapDataItem;
136
137/**
138 * CIP Request Header
139 */
140typedef struct CIPReqHdr_
141{
142 uint8_t service;
143 uint8_t path_size;
144} CIPReqHdr;
145
146/**
147 * CIP Response Header
148 */
149typedef struct CIPRespHdr_
150{
151 uint8_t service;
152 uint8_t pad;
153 uint8_t status;
154 uint8_t status_size;
155} CIPRespHdr;
156
157typedef struct SegmentEntry_
158{
72b5da43
VJ		 159 uint16_t segment; /**< segment type */
160 uint16_t value; /**< segment value (class or attribute) */
a3ffebd8 161
72b5da43 162 TAILQ_ENTRY(SegmentEntry_) next;
a3ffebd8 163} SegmentEntry;
164
165typedef struct AttributeEntry_
166{
72b5da43 167 uint16_t attribute; /**< segment class */
a3ffebd8 168
72b5da43 169 TAILQ_ENTRY(AttributeEntry_) next;
a3ffebd8 170} AttributeEntry;
171
172typedef struct CIPServiceEntry_
173{
72b5da43 174 uint8_t service; /**< cip service */
a3ffebd8 175 uint8_t direction;
176 union
177 {
178 struct
179 {
72b5da43
VJ		 180 uint8_t path_size; /**< cip path size */
181 uint16_t path_offset; /**< offset to cip path */
a3ffebd8 182 } request;
183 struct
184 {
86f5d33f 185 uint16_t status;
a3ffebd8 186 } response;
187 };
188
72b5da43
VJ		 189 TAILQ_HEAD(, SegmentEntry_) segment_list; /**< list for CIP segment */
190 TAILQ_HEAD(, AttributeEntry_) attrib_list; /**< list for CIP segment */
a3ffebd8 191
192 TAILQ_ENTRY(CIPServiceEntry_) next;
193} CIPServiceEntry;
194
195typedef struct ENIPTransaction_
196{
197 struct ENIPState_ *enip;
86f5d33f 198 uint64_t tx_num; /**< internal: id */
72b5da43
VJ		 199 uint16_t tx_id; /**< transaction id */
200 uint16_t service_count;
a3ffebd8 201
72b5da43
VJ		 202 ENIPEncapHdr header; /**< encapsulation header */
203 ENIPEncapDataHdr encap_data_header; /**< encapsulation data header */
204 ENIPEncapAddresItem encap_addr_item; /**< encapsulated address item */
205 ENIPEncapDataItem encap_data_item; /**< encapsulated data item */
a3ffebd8 206
207 TAILQ_HEAD(, CIPServiceEntry_) service_list; /**< list for CIP */
208
72b5da43 209 AppLayerDecoderEvents *decoder_events; /**< per tx events */
a3ffebd8 210
211 TAILQ_ENTRY(ENIPTransaction_) next;
7d663ed5 212 AppLayerTxData tx_data;
a3ffebd8 213} ENIPTransaction;
214
215/** \brief Per flow ENIP state container */
216typedef struct ENIPState_
217{
218 TAILQ_HEAD(, ENIPTransaction_) tx_list; /**< transaction list */
72b5da43 219 ENIPTransaction *curr; /**< ptr to current tx */
a3ffebd8 220 ENIPTransaction *iter;
221 uint64_t transaction_max;
222 uint64_t tx_with_detect_state_cnt;
223
224 uint16_t events;
225 uint16_t givenup;
226
227 /* used by TCP only */
228 uint16_t offset;
229 uint16_t record_len;
230 uint8_t *buffer;
231} ENIPState;
232
579cc9f0 233int DecodeENIPPDU(const uint8_t *input, uint32_t input_len,
a3ffebd8 234 ENIPTransaction *enip_data);
579cc9f0 235int DecodeCommonPacketFormatPDU(const uint8_t *input, uint32_t input_len,
a3ffebd8 236 ENIPTransaction *enip_data, uint16_t offset);
579cc9f0 237int DecodeCIPPDU(const uint8_t *input, uint32_t input_len,
a3ffebd8 238 ENIPTransaction *enip_data, uint16_t offset);
579cc9f0 239int DecodeCIPRequestPDU(const uint8_t *input, uint32_t input_len,
a3ffebd8 240 ENIPTransaction *enip_data, uint16_t offset);
579cc9f0 241int DecodeCIPResponsePDU(const uint8_t *input, uint32_t input_len,
a3ffebd8 242 ENIPTransaction *enip_data, uint16_t offset);
579cc9f0 243int DecodeCIPRequestPathPDU(const uint8_t *input, uint32_t input_len,
a3ffebd8 244 CIPServiceEntry *node, uint16_t offset);
579cc9f0 245int DecodeCIPRequestMSPPDU(const uint8_t *input, uint32_t input_len,
a3ffebd8 246 ENIPTransaction *enip_data, uint16_t offset);
579cc9f0 247int DecodeCIPResponseMSPPDU(const uint8_t *input, uint32_t input_len,
a3ffebd8 248 ENIPTransaction *enip_data, uint16_t offset);
249
250#endif /* __APP_LAYER_ENIP_COMMON_H__ */
Michael's tree of suricata