Merge pull request #2470 in SNORT/snort3 from ~PRDAMODH/snort3:S7COMMPLUS-V3HEADER...

Squashed commit of the following:

commit 3c718aa3078496b0bf0ff1fd7a8cce723ca24a8a
Author: Pradeep Damodharan <prdamodh@cisco.com>
Date:   Thu Sep 10 09:01:40 2020 -0400

    S7commplus : V3 header support

diff --git a/src/service_inspectors/s7commplus/s7comm.h b/src/service_inspectors/s7commplus/s7comm.h
index add0a8fa6d04ce96e23b57be15635ec305331053..3df6561caa85841975cb7cde599697a6887b1141 100644 (file)
--- a/src/service_inspectors/s7commplus/s7comm.h
+++ b/src/service_inspectors/s7commplus/s7comm.h
@@ -36,7 +36,7 @@ struct S7commplusStats
 struct S7commplusSessionData
 {
     uint8_t s7commplus_proto_id = 0;
-    uint8_t s7commplus_pdu_type = 0;
+    uint8_t s7commplus_proto_version = 0;
     uint16_t s7commplus_data_len = 0;
     uint8_t s7commplus_opcode = 0;
     uint16_t s7commplus_reserved_1 = 0;
@@ -45,7 +45,7 @@ struct S7commplusSessionData
 
     void session_data_reset()
     {
-        s7commplus_proto_id = s7commplus_pdu_type = s7commplus_opcode = 0;
+        s7commplus_proto_id = s7commplus_proto_version = s7commplus_opcode = 0;
         s7commplus_data_len = s7commplus_function = 0;
         s7commplus_reserved_1 = s7commplus_reserved_2 = 0;
     }

diff --git a/src/service_inspectors/s7commplus/s7comm_decode.cc b/src/service_inspectors/s7commplus/s7comm_decode.cc
index 284d99915a3ff507a71df5956303f9efd60df3f1..83bf3877e392198571bd4796683b25b26cc0a18b 100644 (file)
--- a/src/service_inspectors/s7commplus/s7comm_decode.cc
+++ b/src/service_inspectors/s7commplus/s7comm_decode.cc
@@ -56,7 +56,7 @@ struct CotpHeader
 struct S7commplusHeader
 {
     uint8_t proto_id;
-    uint8_t pdu_type;
+    uint8_t proto_version;
     uint16_t data_len;
 };
 
@@ -86,10 +86,19 @@ static bool S7commPlusProtocolDecode(S7commplusSessionData* session, Packet* p)
     s7commplus_header = (const S7commplusHeader*)(p->data + offset);
     /* Set the session data. Swap byte order for 16-bit fields. */
     session->s7commplus_proto_id = s7commplus_header->proto_id;
-    session->s7commplus_pdu_type = s7commplus_header->pdu_type;
+    session->s7commplus_proto_version = s7commplus_header->proto_version;
     session->s7commplus_data_len = ntohs(s7commplus_header->data_len);
 
-    offset += sizeof(S7commplusHeader);
+    if (s7commplus_header->proto_version <= HDR_VERSION_TWO)
+    {
+        /* V1 or V2 header packets */
+        offset += sizeof(S7commplusHeader);
+    }
+    else
+    {
+        /* 33 byte Integrity part for V3 header packets */
+        offset += sizeof(S7commplusHeader) + INTEGRITY_PART_LEN ;
+    }
 
     s7commplus_data_header = (const S7commplusDataHeader*)(p->data + offset);
     /* Set the session data. Swap byte order for 16-bit fields. */

diff --git a/src/service_inspectors/s7commplus/s7comm_decode.h b/src/service_inspectors/s7commplus/s7comm_decode.h
index 7fbdf7fc85599c0172b7ec930ada91bdacc69679..0da54bb30986edd610396dc59a2c9594a93f7bcf 100644 (file)
--- a/src/service_inspectors/s7commplus/s7comm_decode.h
+++ b/src/service_inspectors/s7commplus/s7comm_decode.h
@@ -44,6 +44,8 @@ class S7commplusFlowData;
 #define TPKT_MIN_HDR_LEN 7     /* length field in TPKT header for S7comm */
 #define TPKT_MAX_HDR_LEN       /* Undecided */
 #define S7COMMPLUS_MIN_HDR_LEN 4
+#define HDR_VERSION_TWO 0x02
+#define INTEGRITY_PART_LEN 33 /* length of Integrity part in V3 Header packets */
 
 /* Need 8 bytes for MBAP Header + Function Code */
 #define S7COMMPLUS_MIN_LEN 8       this value needs to be decided