From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 27 Nov 2019 15:50:40 +0000 (-0600)
Subject: enip: add tx detect flags
X-Git-Tag: suricata-5.0.1~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=706558d4d5211c545b779be43eb1b3fe28b3b876;p=thirdparty%2Fsuricata.git

enip: add tx detect flags
---

diff --git a/src/app-layer-enip-common.h b/src/app-layer-enip-common.h
index 65b2500d97..a9b138d7e6 100644
--- a/src/app-layer-enip-common.h
+++ b/src/app-layer-enip-common.h
@@ -210,6 +210,8 @@ typedef struct ENIPTransaction_
 
     TAILQ_ENTRY(ENIPTransaction_) next;
     DetectEngineState *de_state;
+    uint64_t detect_flags_ts;
+    uint64_t detect_flags_tc;
 } ENIPTransaction;
 
 /** \brief Per flow ENIP state container */
diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c
index 1643dc0212..22cac4e44d 100644
--- a/src/app-layer-enip.c
+++ b/src/app-layer-enip.c
@@ -88,6 +88,26 @@ static int ENIPSetTxDetectState(void *vtx, DetectEngineState *s)
     return 0;
 }
 
+static uint64_t ENIPGetTxDetectFlags(void *vtx, uint8_t dir)
+{
+    ENIPTransaction *tx = (ENIPTransaction *)vtx;
+    if (dir & STREAM_TOSERVER) {
+        return tx->detect_flags_ts;
+    } else {
+        return tx->detect_flags_tc;
+    }
+}
+
+static void ENIPSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t flags)
+{
+    ENIPTransaction *tx = (ENIPTransaction *)vtx;
+    if (dir &STREAM_TOSERVER) {
+        tx->detect_flags_ts = flags;
+    } else {
+        tx->detect_flags_tc = flags;
+    }
+}
+
 static void *ENIPGetTx(void *alstate, uint64_t tx_id)
 {
     ENIPState         *enip = (ENIPState *) alstate;
@@ -450,6 +470,8 @@ void RegisterENIPUDPParsers(void)
 
         AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_UDP,
                 ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT);
+        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_UDP, ALPROTO_ENIP,
+                ENIPGetTxDetectFlags, ENIPSetTxDetectFlags);
 
     } else
     {
@@ -533,6 +555,8 @@ void RegisterENIPTCPParsers(void)
         /* This parser accepts gaps. */
         AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_ENIP,
                 APP_LAYER_PARSER_OPT_ACCEPT_GAPS);
+        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_ENIP,
+                ENIPGetTxDetectFlags, ENIPSetTxDetectFlags);
 
     } else
     {