Pull request #3848: appid: add support for cip multiple service packet

author Suriya Balu -X (subalu - HCL TECHNOLOGIES LIMITED at Cisco) <subalu@cisco.com>

Wed, 21 Jun 2023 13:17:25 +0000 (13:17 +0000)

committer Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>

Wed, 21 Jun 2023 13:17:25 +0000 (13:17 +0000)
author Suriya Balu -X (subalu - HCL TECHNOLOGIES LIMITED at Cisco) <subalu@cisco.com>
Wed, 21 Jun 2023 13:17:25 +0000 (13:17 +0000)
committer Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
Wed, 21 Jun 2023 13:17:25 +0000 (13:17 +0000)
diff --git a/src/network_inspectors/appid/appid_cip_event_handler.cc b/src/network_inspectors/appid/appid_cip_event_handler.cc

index 9ef7c546af7482b2ea091de102722b5b007d1aa5..14b1509f6f2aa1cc4879cafdad79b5a19f4425aa 100644 (file)
--- a/src/network_inspectors/appid/appid_cip_event_handler.cc
+++ b/src/network_inspectors/appid/appid_cip_event_handler.cc
@@ -24,6 +24,7 @@
  
  #include "appid_cip_event_handler.h"
  #include "detector_plugins/cip_patterns.h"
+#include "service_inspectors/cip/cip.h"
  #include "appid_debug.h"
  
  using namespace snort;
@@ -90,7 +91,8 @@ void CipEventHandler::handle(DataEvent& event, Flow* flow)
      AppId payload_id = asd->get_odp_ctxt().get_cip_matchers().get_cip_payload_id(event_data);
      asd->set_payload_id(payload_id);
      asd->set_ss_application_ids(APP_ID_CIP, APP_ID_CIP, payload_id, APP_ID_NONE, APP_ID_NONE, change_bits);
-   
+    asd->set_cip_msp(event_data->multipayload);
+
      if (change_bits[APPID_PAYLOAD_BIT] and appidDebug->is_enabled())
      {
          appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions);
diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h

index 5f57ecb358360163ad3ed1c21f7461fd762abd89..9f4da772af1c797c462443491d17626fc978899d 100644 (file)
--- a/src/network_inspectors/appid/appid_session.h
+++ b/src/network_inspectors/appid/appid_session.h
@@ -702,6 +702,17 @@ public:
      {
          return client_info_unpublished;
      }
+ 
+    void set_cip_msp(bool multipayload)
+    {
+        cip_msp = multipayload;
+    }
+ 
+    bool is_cip_msp() const
+    {
+        return cip_msp;
+    }
+
  private:
      uint16_t prev_httpx_raw_packet = 0;
  
@@ -725,6 +736,7 @@ private:
      bool no_service_candidate = false;
      bool no_service_inspector = false;
      bool client_info_unpublished = false;
+    bool cip_msp = false;
  };
  
  #endif
diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc

index 8e7d2a13bfb251d9f335fec7b30272c507b64066..c38fba1d51fcdc326155bfc128b3c311e6231690 100644 (file)
--- a/src/network_inspectors/appid/appid_session_api.cc
+++ b/src/network_inspectors/appid/appid_session_api.cc
@@ -239,6 +239,11 @@ bool AppIdSessionApi::is_appid_inspecting_session() const
          return true;
      }
  
+    if ( get_service_app_id() == APP_ID_CIP and asd->is_cip_msp())
+    {
+         return true;
+    }
+
      if (asd->get_odp_ctxt().check_host_port_app_cache)
          return true;
  
diff --git a/src/service_inspectors/cip/cip.h b/src/service_inspectors/cip/cip.h

index 207489a1aac7d675bac5b2d40ac7f9e5d5c082e9..6499ea53e9937dd3d9f9cb8a6f03c44c3254dad1 100644 (file)
--- a/src/service_inspectors/cip/cip.h
+++ b/src/service_inspectors/cip/cip.h
@@ -62,6 +62,9 @@ struct CipEventData
      //  CIP_DATA_TYPE_SET_ATTRIBUTE
      uint8_t service_id;
  
+    // Set when the packet is a multiple service packet
+    bool multipayload;
+
      // Used for:
      //  CIP_DATA_TYPE_PATH_CLASS: This represents the Request Path Class.
      //  CIP_DATA_TYPE_SET_ATTRIBUTE: This represents the Request Path Class.
diff --git a/src/service_inspectors/cip/cip_parsing.cc b/src/service_inspectors/cip/cip_parsing.cc

index 6889b712091b51d2ff3a0e7504a401cd7a287f4c..9f2f074003708293dedf0e59ea4d5c7f8b883ef3 100644 (file)
--- a/src/service_inspectors/cip/cip_parsing.cc
+++ b/src/service_inspectors/cip/cip_parsing.cc
@@ -1538,6 +1538,11 @@ static bool parse_multiple_service_packet(const uint8_t* data,
  
          pack_cip_request_event(&embedded_request, &cip_event_data);
  
+        if (i != number_services)
+            cip_event_data.multipayload = true;
+        else
+            cip_event_data.multipayload = false;
+
          DataBus::publish(CipEventData::pub_id, CipEventIds::DATA, cip_event, global_data->snort_packet->flow);
      }
author	Suriya Balu -X (subalu - HCL TECHNOLOGIES LIMITED at Cisco) <subalu@cisco.com>
	Wed, 21 Jun 2023 13:17:25 +0000 (13:17 +0000)
committer	Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
	Wed, 21 Jun 2023 13:17:25 +0000 (13:17 +0000)
src/network_inspectors/appid/appid_cip_event_handler.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_session.h		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_session_api.cc		patch \| blob \| blame \| history
src/service_inspectors/cip/cip.h		patch \| blob \| blame \| history
src/service_inspectors/cip/cip_parsing.cc		patch \| blob \| blame \| history