From: Shravan Rangarajuvenkata (shrarang) Date: Mon, 21 Sep 2020 19:49:28 +0000 (+0000) Subject: Merge pull request #2470 in SNORT/snort3 from ~PRDAMODH/snort3:S7COMMPLUS-V3HEADER... X-Git-Tag: 3.0.3-1~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63e083184aeefc397db19e609aceb42fe31db9bd;p=thirdparty%2Fsnort3.git Merge pull request #2470 in SNORT/snort3 from ~PRDAMODH/snort3:S7COMMPLUS-V3HEADER to master Squashed commit of the following: commit 3c718aa3078496b0bf0ff1fd7a8cce723ca24a8a Author: Pradeep Damodharan Date: Thu Sep 10 09:01:40 2020 -0400 S7commplus : V3 header support --- diff --git a/src/service_inspectors/s7commplus/s7comm.h b/src/service_inspectors/s7commplus/s7comm.h index add0a8fa6..3df6561ca 100644 --- a/src/service_inspectors/s7commplus/s7comm.h +++ b/src/service_inspectors/s7commplus/s7comm.h @@ -36,7 +36,7 @@ struct S7commplusStats struct S7commplusSessionData { uint8_t s7commplus_proto_id = 0; - uint8_t s7commplus_pdu_type = 0; + uint8_t s7commplus_proto_version = 0; uint16_t s7commplus_data_len = 0; uint8_t s7commplus_opcode = 0; uint16_t s7commplus_reserved_1 = 0; @@ -45,7 +45,7 @@ struct S7commplusSessionData void session_data_reset() { - s7commplus_proto_id = s7commplus_pdu_type = s7commplus_opcode = 0; + s7commplus_proto_id = s7commplus_proto_version = s7commplus_opcode = 0; s7commplus_data_len = s7commplus_function = 0; s7commplus_reserved_1 = s7commplus_reserved_2 = 0; } diff --git a/src/service_inspectors/s7commplus/s7comm_decode.cc b/src/service_inspectors/s7commplus/s7comm_decode.cc index 284d99915..83bf3877e 100644 --- a/src/service_inspectors/s7commplus/s7comm_decode.cc +++ b/src/service_inspectors/s7commplus/s7comm_decode.cc @@ -56,7 +56,7 @@ struct CotpHeader struct S7commplusHeader { uint8_t proto_id; - uint8_t pdu_type; + uint8_t proto_version; uint16_t data_len; }; @@ -86,10 +86,19 @@ static bool S7commPlusProtocolDecode(S7commplusSessionData* session, Packet* p) s7commplus_header = (const S7commplusHeader*)(p->data + offset); /* Set the session data. Swap byte order for 16-bit fields. */ session->s7commplus_proto_id = s7commplus_header->proto_id; - session->s7commplus_pdu_type = s7commplus_header->pdu_type; + session->s7commplus_proto_version = s7commplus_header->proto_version; session->s7commplus_data_len = ntohs(s7commplus_header->data_len); - offset += sizeof(S7commplusHeader); + if (s7commplus_header->proto_version <= HDR_VERSION_TWO) + { + /* V1 or V2 header packets */ + offset += sizeof(S7commplusHeader); + } + else + { + /* 33 byte Integrity part for V3 header packets */ + offset += sizeof(S7commplusHeader) + INTEGRITY_PART_LEN ; + } s7commplus_data_header = (const S7commplusDataHeader*)(p->data + offset); /* Set the session data. Swap byte order for 16-bit fields. */ diff --git a/src/service_inspectors/s7commplus/s7comm_decode.h b/src/service_inspectors/s7commplus/s7comm_decode.h index 7fbdf7fc8..0da54bb30 100644 --- a/src/service_inspectors/s7commplus/s7comm_decode.h +++ b/src/service_inspectors/s7commplus/s7comm_decode.h @@ -44,6 +44,8 @@ class S7commplusFlowData; #define TPKT_MIN_HDR_LEN 7 /* length field in TPKT header for S7comm */ #define TPKT_MAX_HDR_LEN /* Undecided */ #define S7COMMPLUS_MIN_HDR_LEN 4 +#define HDR_VERSION_TWO 0x02 +#define INTEGRITY_PART_LEN 33 /* length of Integrity part in V3 Header packets */ /* Need 8 bytes for MBAP Header + Function Code */ #define S7COMMPLUS_MIN_LEN 8 this value needs to be decided