From: Eric Leblond <el@stamus-networks.com>
Date: Mon, 23 Jan 2023 19:08:57 +0000 (+0100)
Subject: enip: add TX orientation
X-Git-Tag: suricata-6.0.11~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce12cb85d7e2a9c979d8bb788e1cd64f5b3749ff;p=thirdparty%2Fsuricata.git

enip: add TX orientation

Set no inspection in the opposite side of the transaction.

Ticket: #5799
---

diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c
index 99ce6d3ce6..80695647bb 100644
--- a/src/app-layer-enip.c
+++ b/src/app-layer-enip.c
@@ -344,6 +344,11 @@ static AppLayerResult ENIPParse(Flow *f, void *state, AppLayerParserState *pstat
         if (tx == NULL)
             SCReturnStruct(APP_LAYER_OK);
 
+        if (flags & STREAM_TOCLIENT)
+            tx->tx_data.detect_flags_ts |= APP_LAYER_TX_SKIP_INSPECT_FLAG;
+        else
+            tx->tx_data.detect_flags_tc |= APP_LAYER_TX_SKIP_INSPECT_FLAG;
+
         SCLogDebug("ENIPParse input len %d", input_len);
         DecodeENIPPDU(input, input_len, tx);
         uint32_t pkt_len = tx->header.length + sizeof(ENIPEncapHdr);
@@ -368,6 +373,18 @@ static AppLayerResult ENIPParse(Flow *f, void *state, AppLayerParserState *pstat
     SCReturnStruct(APP_LAYER_OK);
 }
 
+static AppLayerResult ENIPParseRequest(Flow *f, void *state, AppLayerParserState *pstate,
+        const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags)
+{
+    return ENIPParse(f, state, pstate, input, input_len, local_data, STREAM_TOSERVER);
+}
+
+static AppLayerResult ENIPParseResponse(Flow *f, void *state, AppLayerParserState *pstate,
+        const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags)
+{
+    return ENIPParse(f, state, pstate, input, input_len, local_data, STREAM_TOCLIENT);
+}
+
 #define ENIP_LEN_REGISTER_SESSION 4 // protocol u16, options u16
 
 static uint16_t ENIPProbingParser(Flow *f, uint8_t direction,
@@ -514,10 +531,8 @@ void RegisterENIPUDPParsers(void)
 
     if (AppLayerParserConfParserEnabled("udp", proto_name))
     {
-        AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_ENIP,
-                STREAM_TOSERVER, ENIPParse);
-        AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_ENIP,
-                STREAM_TOCLIENT, ENIPParse);
+        AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_ENIP, STREAM_TOSERVER, ENIPParseRequest);
+        AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_ENIP, STREAM_TOCLIENT, ENIPParseResponse);
 
         AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_ENIP,
                 ENIPStateAlloc, ENIPStateFree);
@@ -595,10 +610,8 @@ void RegisterENIPTCPParsers(void)
 
     if (AppLayerParserConfParserEnabled("tcp", proto_name))
     {
-        AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_ENIP,
-                STREAM_TOSERVER, ENIPParse);
-        AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_ENIP,
-                STREAM_TOCLIENT, ENIPParse);
+        AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_ENIP, STREAM_TOSERVER, ENIPParseRequest);
+        AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_ENIP, STREAM_TOCLIENT, ENIPParseResponse);
         AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_ENIP,
                 ENIPStateAlloc, ENIPStateFree);