{ when = { proto = 'tcp', ports = '2123 2152 3386', role='server' }, use = { type = 'gtp_inspect' } },
{ when = { proto = 'tcp', ports = '2404', role='server' }, use = { type = 'iec104' } },
{ when = { proto = 'udp', ports = '2222', role = 'server' }, use = { type = 'cip' } },
+ { when = { proto = 'tcp', ports = '4840', role = 'server' }, use = { type = 'opcua' } },
{ when = { proto = 'tcp', ports = '44818', role = 'server' }, use = { type = 'cip' } },
{ when = { proto = 'tcp', service = 'dcerpc' }, use = { type = 'dce_tcp' } },
#include "protocols/packet.h"
#include "profiler/profiler.h"
+#include <unordered_map>
+
#include "opcua_session.h"
using namespace snort;
// msg_service lookup
//-------------------------------------------------------------------------
-struct OpcuaMsgServiceMap
-{
- const char* name;
- OpcuaMsgServiceType type;
-};
-
-static OpcuaMsgServiceMap opcua_msg_service_map[] =
+static const std::unordered_map<std::string, OpcuaMsgServiceType> opcua_msg_service_map =
{
- { "DataTypeDefinition", OPCUA_MSG_SERVICE_DATA_TYPE_DEFINITION },
- { "StructureDefinition", OPCUA_MSG_SERVICE_STRUCTURE_DEFINITION },
- { "EnumDefinition", OPCUA_MSG_SERVICE_ENUM_DEFINITION },
- { "DataSetMetaDataType", OPCUA_MSG_SERVICE_DATA_SET_META_DATA_TYPE },
- { "DataTypeDescription", OPCUA_MSG_SERVICE_DATA_TYPE_DESCRIPTION },
- { "StructureDescription", OPCUA_MSG_SERVICE_STRUCTURE_DESCRIPTION },
- { "EnumDescription", OPCUA_MSG_SERVICE_ENUM_DESCRIPTION },
- { "RolePermissionType", OPCUA_MSG_SERVICE_ROLE_PERMISSION_TYPE },
- { "Node", OPCUA_MSG_SERVICE_NODE },
- { "ObjectNode", OPCUA_MSG_SERVICE_OBJECT_NODE },
- { "ObjectTypeNode", OPCUA_MSG_SERVICE_OBJECT_TYPE_NODE },
- { "VariableNode", OPCUA_MSG_SERVICE_VARIABLE_NODE },
- { "VariableTypeNode", OPCUA_MSG_SERVICE_VARIABLE_TYPE_NODE },
- { "ReferenceTypeNode", OPCUA_MSG_SERVICE_REFERENCE_TYPE_NODE },
- { "MethodNode", OPCUA_MSG_SERVICE_METHOD_NODE },
- { "ViewNode", OPCUA_MSG_SERVICE_VIEW_NODE },
- { "DataTypeNode", OPCUA_MSG_SERVICE_DATA_TYPE_NODE },
- { "ReferenceNode", OPCUA_MSG_SERVICE_REFERENCE_NODE },
- { "Argument", OPCUA_MSG_SERVICE_ARGUMENT },
- { "StatusResult", OPCUA_MSG_SERVICE_STATUS_RESULT },
- { "UserTokenPolicy", OPCUA_MSG_SERVICE_USER_TOKEN_POLICY },
- { "ApplicationDescription", OPCUA_MSG_SERVICE_APPLICATION_DESCRIPTION },
- { "EndpointDescription", OPCUA_MSG_SERVICE_ENDPOINT_DESCRIPTION },
- { "UserIdentityToken", OPCUA_MSG_SERVICE_USER_IDENTITY_TOKEN },
- { "AnonymousIdentityToken", OPCUA_MSG_SERVICE_ANONYMOUS_IDENTITY_TOKEN },
- { "UserNameIdentityToken", OPCUA_MSG_SERVICE_USER_NAME_IDENTITY_TOKEN },
- { "X509IdentityToken", OPCUA_MSG_SERVICE_X509_IDENTITY_TOKEN },
- { "EndpointConfiguration", OPCUA_MSG_SERVICE_ENDPOINT_CONFIGURATION },
- { "BuildInfo", OPCUA_MSG_SERVICE_BUILD_INFO },
- { "SignedSoftwareCertificate", OPCUA_MSG_SERVICE_SIGNED_SOFTWARE_CERTIFICATE },
- { "NodeAttributes", OPCUA_MSG_SERVICE_NODE_ATTRIBUTES },
- { "ObjectAttributes", OPCUA_MSG_SERVICE_OBJECT_ATTRIBUTES },
- { "VariableAttributes", OPCUA_MSG_SERVICE_VARIABLE_ATTRIBUTES },
- { "MethodAttributes", OPCUA_MSG_SERVICE_METHOD_ATTRIBUTES },
- { "ObjectTypeAttributes", OPCUA_MSG_SERVICE_OBJECT_TYPE_ATTRIBUTES },
- { "VariableTypeAttributes", OPCUA_MSG_SERVICE_VARIABLE_TYPE_ATTRIBUTES },
- { "ReferenceTypeAttributes", OPCUA_MSG_SERVICE_REFERENCE_TYPE_ATTRIBUTES },
- { "DataTypeAttributes", OPCUA_MSG_SERVICE_DATA_TYPE_ATTRIBUTES },
- { "ViewAttributes", OPCUA_MSG_SERVICE_VIEW_ATTRIBUTES },
- { "AddNodesItem", OPCUA_MSG_SERVICE_ADD_NODES_ITEM },
- { "AddReferencesItem", OPCUA_MSG_SERVICE_ADD_REFERENCES_ITEM },
- { "DeleteNodesItem", OPCUA_MSG_SERVICE_DELETE_NODES_ITEM },
- { "DeleteReferencesItem", OPCUA_MSG_SERVICE_DELETE_REFERENCES_ITEM },
- { "RequestHeader", OPCUA_MSG_SERVICE_REQUEST_HEADER },
- { "ResponseHeader", OPCUA_MSG_SERVICE_RESPONSE_HEADER },
{ "ServiceFault", OPCUA_MSG_SERVICE_SERVICE_FAULT },
{ "FindServersRequest", OPCUA_MSG_SERVICE_FIND_SERVERS_REQUEST },
{ "FindServersResponse", OPCUA_MSG_SERVICE_FIND_SERVERS_RESPONSE },
{ "GetEndpointsRequest", OPCUA_MSG_SERVICE_GET_ENDPOINTS_REQUEST },
{ "GetEndpointsResponse", OPCUA_MSG_SERVICE_GET_ENDPOINTS_RESPONSE },
- { "RegisteredServer", OPCUA_MSG_SERVICE_REGISTERED_SERVER },
{ "RegisterServerRequest", OPCUA_MSG_SERVICE_REGISTER_SERVER_REQUEST },
{ "RegisterServerResponse", OPCUA_MSG_SERVICE_REGISTER_SERVER_RESPONSE },
- { "ChannelSecurityToken", OPCUA_MSG_SERVICE_CHANNEL_SECURITY_TOKEN },
{ "OpenSecureChannelRequest", OPCUA_MSG_SERVICE_OPEN_SECURE_CHANNEL_REQUEST },
{ "OpenSecureChannelResponse", OPCUA_MSG_SERVICE_OPEN_SECURE_CHANNEL_RESPONSE },
{ "CloseSecureChannelRequest", OPCUA_MSG_SERVICE_CLOSE_SECURE_CHANNEL_REQUEST },
{ "CloseSecureChannelResponse", OPCUA_MSG_SERVICE_CLOSE_SECURE_CHANNEL_RESPONSE },
- { "SignatureData", OPCUA_MSG_SERVICE_SIGNATURE_DATA },
{ "CreateSessionRequest", OPCUA_MSG_SERVICE_CREATE_SESSION_REQUEST },
{ "CreateSessionResponse", OPCUA_MSG_SERVICE_CREATE_SESSION_RESPONSE },
{ "ActivateSessionRequest", OPCUA_MSG_SERVICE_ACTIVATE_SESSION_REQUEST },
{ "CloseSessionResponse", OPCUA_MSG_SERVICE_CLOSE_SESSION_RESPONSE },
{ "CancelRequest", OPCUA_MSG_SERVICE_CANCEL_REQUEST },
{ "CancelResponse", OPCUA_MSG_SERVICE_CANCEL_RESPONSE },
- { "AddNodesResult", OPCUA_MSG_SERVICE_ADD_NODES_RESULT },
{ "AddNodesRequest", OPCUA_MSG_SERVICE_ADD_NODES_REQUEST },
{ "AddNodesResponse", OPCUA_MSG_SERVICE_ADD_NODES_RESPONSE },
{ "AddReferencesRequest", OPCUA_MSG_SERVICE_ADD_REFERENCES_REQUEST },
{ "DeleteNodesResponse", OPCUA_MSG_SERVICE_DELETE_NODES_RESPONSE },
{ "DeleteReferencesRequest", OPCUA_MSG_SERVICE_DELETE_REFERENCES_REQUEST },
{ "DeleteReferencesResponse", OPCUA_MSG_SERVICE_DELETE_REFERENCES_RESPONSE },
- { "ViewDescription", OPCUA_MSG_SERVICE_VIEW_DESCRIPTION },
- { "BrowseDescription", OPCUA_MSG_SERVICE_BROWSE_DESCRIPTION },
- { "ReferenceDescription", OPCUA_MSG_SERVICE_REFERENCE_DESCRIPTION },
- { "BrowseResult", OPCUA_MSG_SERVICE_BROWSE_RESULT },
{ "BrowseRequest", OPCUA_MSG_SERVICE_BROWSE_REQUEST },
{ "BrowseResponse", OPCUA_MSG_SERVICE_BROWSE_RESPONSE },
{ "BrowseNextRequest", OPCUA_MSG_SERVICE_BROWSE_NEXT_REQUEST },
{ "BrowseNextResponse", OPCUA_MSG_SERVICE_BROWSE_NEXT_RESPONSE },
- { "RelativePathElement", OPCUA_MSG_SERVICE_RELATIVE_PATH_ELEMENT },
- { "RelativePath", OPCUA_MSG_SERVICE_RELATIVE_PATH },
- { "BrowsePath", OPCUA_MSG_SERVICE_BROWSE_PATH },
- { "BrowsePathTarget", OPCUA_MSG_SERVICE_BROWSE_PATH_TARGET },
- { "BrowsePathResult", OPCUA_MSG_SERVICE_BROWSE_PATH_RESULT },
{ "TranslateBrowsePathsToNodeIdsRequest", OPCUA_MSG_SERVICE_TRANSLATE_BROWSE_PATHS_TO_NODE_IDS_REQUEST },
{ "TranslateBrowsePathsToNodeIdsResponse", OPCUA_MSG_SERVICE_TRANSLATE_BROWSE_PATHS_TO_NODE_IDS_RESPONSE },
{ "RegisterNodesRequest", OPCUA_MSG_SERVICE_REGISTER_NODES_REQUEST },
{ "RegisterNodesResponse", OPCUA_MSG_SERVICE_REGISTER_NODES_RESPONSE },
{ "UnregisterNodesRequest", OPCUA_MSG_SERVICE_UNREGISTER_NODES_REQUEST },
{ "UnregisterNodesResponse", OPCUA_MSG_SERVICE_UNREGISTER_NODES_RESPONSE },
- { "QueryDataDescription", OPCUA_MSG_SERVICE_QUERY_DATA_DESCRIPTION },
- { "NodeTypeDescription", OPCUA_MSG_SERVICE_NODE_TYPE_DESCRIPTION },
- { "QueryDataSet", OPCUA_MSG_SERVICE_QUERY_DATA_SET },
- { "NodeReference", OPCUA_MSG_SERVICE_NODE_REFERENCE },
- { "ContentFilterElement", OPCUA_MSG_SERVICE_CONTENT_FILTER_ELEMENT },
- { "ContentFilter", OPCUA_MSG_SERVICE_CONTENT_FILTER },
- { "FilterOperand", OPCUA_MSG_SERVICE_FILTER_OPERAND },
- { "ElementOperand", OPCUA_MSG_SERVICE_ELEMENT_OPERAND },
- { "LiteralOperand", OPCUA_MSG_SERVICE_LITERAL_OPERAND },
- { "AttributeOperand", OPCUA_MSG_SERVICE_ATTRIBUTE_OPERAND },
- { "SimpleAttributeOperand", OPCUA_MSG_SERVICE_SIMPLE_ATTRIBUTE_OPERAND },
- { "ContentFilterElementResult", OPCUA_MSG_SERVICE_CONTENT_FILTER_ELEMENT_RESULT },
- { "ContentFilterResult", OPCUA_MSG_SERVICE_CONTENT_FILTER_RESULT },
- { "ParsingResult", OPCUA_MSG_SERVICE_PARSING_RESULT },
{ "QueryFirstRequest", OPCUA_MSG_SERVICE_QUERY_FIRST_REQUEST },
{ "QueryFirstResponse", OPCUA_MSG_SERVICE_QUERY_FIRST_RESPONSE },
{ "QueryNextRequest", OPCUA_MSG_SERVICE_QUERY_NEXT_REQUEST },
{ "QueryNextResponse", OPCUA_MSG_SERVICE_QUERY_NEXT_RESPONSE },
- { "ReadValueId", OPCUA_MSG_SERVICE_READ_VALUE_ID },
{ "ReadRequest", OPCUA_MSG_SERVICE_READ_REQUEST },
{ "ReadResponse", OPCUA_MSG_SERVICE_READ_RESPONSE },
- { "HistoryReadValueId", OPCUA_MSG_SERVICE_HISTORY_READ_VALUE_ID },
- { "HistoryReadResult", OPCUA_MSG_SERVICE_HISTORY_READ_RESULT },
- { "HistoryReadDetails", OPCUA_MSG_SERVICE_HISTORY_READ_DETAILS },
- { "ReadEventDetails", OPCUA_MSG_SERVICE_READ_EVENT_DETAILS },
- { "ReadRawModifiedDetails", OPCUA_MSG_SERVICE_READ_RAW_MODIFIED_DETAILS },
- { "ReadProcessedDetails", OPCUA_MSG_SERVICE_READ_PROCESSED_DETAILS },
- { "ReadAtTimeDetails", OPCUA_MSG_SERVICE_READ_AT_TIME_DETAILS },
- { "HistoryData", OPCUA_MSG_SERVICE_HISTORY_DATA },
- { "HistoryEvent", OPCUA_MSG_SERVICE_HISTORY_EVENT },
{ "HistoryReadRequest", OPCUA_MSG_SERVICE_HISTORY_READ_REQUEST },
{ "HistoryReadResponse", OPCUA_MSG_SERVICE_HISTORY_READ_RESPONSE },
- { "WriteValue", OPCUA_MSG_SERVICE_WRITE_VALUE },
{ "WriteRequest", OPCUA_MSG_SERVICE_WRITE_REQUEST },
{ "WriteResponse", OPCUA_MSG_SERVICE_WRITE_RESPONSE },
- { "HistoryUpdateDetails", OPCUA_MSG_SERVICE_HISTORY_UPDATE_DETAILS },
- { "UpdateDataDetails", OPCUA_MSG_SERVICE_UPDATE_DATA_DETAILS },
- { "UpdateEventDetails", OPCUA_MSG_SERVICE_UPDATE_EVENT_DETAILS },
- { "DeleteRawModifiedDetails", OPCUA_MSG_SERVICE_DELETE_RAW_MODIFIED_DETAILS },
- { "DeleteAtTimeDetails", OPCUA_MSG_SERVICE_DELETE_AT_TIME_DETAILS },
- { "DeleteEventDetails", OPCUA_MSG_SERVICE_DELETE_EVENT_DETAILS },
- { "HistoryUpdateResult", OPCUA_MSG_SERVICE_HISTORY_UPDATE_RESULT },
{ "HistoryUpdateRequest", OPCUA_MSG_SERVICE_HISTORY_UPDATE_REQUEST },
{ "HistoryUpdateResponse", OPCUA_MSG_SERVICE_HISTORY_UPDATE_RESPONSE },
{ "CallMethodRequest", OPCUA_MSG_SERVICE_CALL_METHOD_REQUEST },
- { "CallMethodResult", OPCUA_MSG_SERVICE_CALL_METHOD_RESULT },
{ "CallRequest", OPCUA_MSG_SERVICE_CALL_REQUEST },
{ "CallResponse", OPCUA_MSG_SERVICE_CALL_RESPONSE },
- { "MonitoringFilter", OPCUA_MSG_SERVICE_MONITORING_FILTER },
- { "DataChangeFilter", OPCUA_MSG_SERVICE_DATA_CHANGE_FILTER },
- { "EventFilter", OPCUA_MSG_SERVICE_EVENT_FILTER },
- { "AggregateFilter", OPCUA_MSG_SERVICE_AGGREGATE_FILTER },
- { "MonitoringFilterResult", OPCUA_MSG_SERVICE_MONITORING_FILTER_RESULT },
- { "EventFilterResult", OPCUA_MSG_SERVICE_EVENT_FILTER_RESULT },
- { "AggregateFilterResult", OPCUA_MSG_SERVICE_AGGREGATE_FILTER_RESULT },
- { "MonitoringParameters", OPCUA_MSG_SERVICE_MONITORING_PARAMETERS },
{ "MonitoredItemCreateRequest", OPCUA_MSG_SERVICE_MONITORED_ITEM_CREATE_REQUEST },
- { "MonitoredItemCreateResult", OPCUA_MSG_SERVICE_MONITORED_ITEM_CREATE_RESULT },
{ "CreateMonitoredItemsRequest", OPCUA_MSG_SERVICE_CREATE_MONITORED_ITEMS_REQUEST },
{ "CreateMonitoredItemsResponse", OPCUA_MSG_SERVICE_CREATE_MONITORED_ITEMS_RESPONSE },
{ "MonitoredItemModifyRequest", OPCUA_MSG_SERVICE_MONITORED_ITEM_MODIFY_REQUEST },
- { "MonitoredItemModifyResult", OPCUA_MSG_SERVICE_MONITORED_ITEM_MODIFY_RESULT },
{ "ModifyMonitoredItemsRequest", OPCUA_MSG_SERVICE_MODIFY_MONITORED_ITEMS_REQUEST },
{ "ModifyMonitoredItemsResponse", OPCUA_MSG_SERVICE_MODIFY_MONITORED_ITEMS_RESPONSE },
{ "SetMonitoringModeRequest", OPCUA_MSG_SERVICE_SET_MONITORING_MODE_REQUEST },
{ "ModifySubscriptionResponse", OPCUA_MSG_SERVICE_MODIFY_SUBSCRIPTION_RESPONSE },
{ "SetPublishingModeRequest", OPCUA_MSG_SERVICE_SET_PUBLISHING_MODE_REQUEST },
{ "SetPublishingModeResponse", OPCUA_MSG_SERVICE_SET_PUBLISHING_MODE_RESPONSE },
- { "NotificationMessage", OPCUA_MSG_SERVICE_NOTIFICATION_MESSAGE },
- { "MonitoredItemNotification", OPCUA_MSG_SERVICE_MONITORED_ITEM_NOTIFICATION },
- { "DataChangeNotification", OPCUA_MSG_SERVICE_DATA_CHANGE_NOTIFICATION },
- { "StatusChangeNotification", OPCUA_MSG_SERVICE_STATUS_CHANGE_NOTIFICATION },
- { "SubscriptionAcknowledgement", OPCUA_MSG_SERVICE_SUBSCRIPTION_ACKNOWLEDGEMENT },
{ "PublishRequest", OPCUA_MSG_SERVICE_PUBLISH_REQUEST },
{ "PublishResponse", OPCUA_MSG_SERVICE_PUBLISH_RESPONSE },
{ "RepublishRequest", OPCUA_MSG_SERVICE_REPUBLISH_REQUEST },
{ "RepublishResponse", OPCUA_MSG_SERVICE_REPUBLISH_RESPONSE },
- { "TransferResult", OPCUA_MSG_SERVICE_TRANSFER_RESULT },
{ "TransferSubscriptionsRequest", OPCUA_MSG_SERVICE_TRANSFER_SUBSCRIPTIONS_REQUEST },
{ "TransferSubscriptionsResponse", OPCUA_MSG_SERVICE_TRANSFER_SUBSCRIPTIONS_RESPONSE },
{ "DeleteSubscriptionsRequest", OPCUA_MSG_SERVICE_DELETE_SUBSCRIPTIONS_REQUEST },
{ "DeleteSubscriptionsResponse", OPCUA_MSG_SERVICE_DELETE_SUBSCRIPTIONS_RESPONSE },
- { "RedundantServerDataType", OPCUA_MSG_SERVICE_REDUNDANT_SERVER_DATA_TYPE },
- { "SamplingIntervalDiagnosticsDataType", OPCUA_MSG_SERVICE_SAMPLING_INTERVAL_DIAGNOSTICS_DATA_TYPE },
- { "ServerDiagnosticsSummaryDataType", OPCUA_MSG_SERVICE_SERVER_DIAGNOSTICS_SUMMARY_DATA_TYPE },
- { "ServerStatusDataType", OPCUA_MSG_SERVICE_SERVER_STATUS_DATA_TYPE },
- { "SessionDiagnosticsDataType", OPCUA_MSG_SERVICE_SESSION_DIAGNOSTICS_DATA_TYPE },
- { "SessionSecurityDiagnosticsDataType", OPCUA_MSG_SERVICE_SESSION_SECURITY_DIAGNOSTICS_DATA_TYPE },
- { "ServiceCounterDataType", OPCUA_MSG_SERVICE_SERVICE_COUNTER_DATA_TYPE },
- { "SubscriptionDiagnosticsDataType", OPCUA_MSG_SERVICE_SUBSCRIPTION_DIAGNOSTICS_DATA_TYPE },
- { "ModelChangeStructureDataType", OPCUA_MSG_SERVICE_MODEL_CHANGE_STRUCTURE_DATA_TYPE },
- { "Range", OPCUA_MSG_SERVICE_RANGE },
- { "EUInformation", OPCUA_MSG_SERVICE_E_U_INFORMATION },
- { "Annotation", OPCUA_MSG_SERVICE_ANNOTATION },
- { "ProgramDiagnosticDataType", OPCUA_MSG_SERVICE_PROGRAM_DIAGNOSTIC_DATA_TYPE },
- { "SemanticChangeStructureDataType", OPCUA_MSG_SERVICE_SEMANTIC_CHANGE_STRUCTURE_DATA_TYPE },
- { "EventNotificationList", OPCUA_MSG_SERVICE_EVENT_NOTIFICATION_LIST },
- { "EventFieldList", OPCUA_MSG_SERVICE_EVENT_FIELD_LIST },
- { "HistoryEventFieldList", OPCUA_MSG_SERVICE_HISTORY_EVENT_FIELD_LIST },
- { "IssuedIdentityToken", OPCUA_MSG_SERVICE_ISSUED_IDENTITY_TOKEN },
- { "NotificationData", OPCUA_MSG_SERVICE_NOTIFICATION_DATA },
- { "AggregateConfiguration", OPCUA_MSG_SERVICE_AGGREGATE_CONFIGURATION },
- { "EnumValueType", OPCUA_MSG_SERVICE_ENUM_VALUE_TYPE },
- { "TimeZoneDataType", OPCUA_MSG_SERVICE_TIME_ZONE_DATA_TYPE },
- { "ModificationInfo", OPCUA_MSG_SERVICE_MODIFICATION_INFO },
- { "HistoryModifiedData", OPCUA_MSG_SERVICE_HISTORY_MODIFIED_DATA },
- { "UpdateStructureDataDetails", OPCUA_MSG_SERVICE_UPDATE_STRUCTURE_DATA_DETAILS },
- { "InstanceNode", OPCUA_MSG_SERVICE_INSTANCE_NODE },
- { "TypeNode", OPCUA_MSG_SERVICE_TYPE_NODE },
- { "EndpointUrlListDataType", OPCUA_MSG_SERVICE_ENDPOINT_URL_LIST_DATA_TYPE },
- { "NetworkGroupDataType", OPCUA_MSG_SERVICE_NETWORK_GROUP_DATA_TYPE },
- { "AxisInformation", OPCUA_MSG_SERVICE_AXIS_INFORMATION },
- { "XVType", OPCUA_MSG_SERVICE_X_V_TYPE },
- { "ComplexNumberType", OPCUA_MSG_SERVICE_COMPLEX_NUMBER_TYPE },
- { "DoubleComplexNumberType", OPCUA_MSG_SERVICE_DOUBLE_COMPLEX_NUMBER_TYPE },
- { "ServerOnNetwork", OPCUA_MSG_SERVICE_SERVER_ON_NETWORK },
{ "FindServersOnNetworkRequest", OPCUA_MSG_SERVICE_FIND_SERVERS_ON_NETWORK_REQUEST },
{ "FindServersOnNetworkResponse", OPCUA_MSG_SERVICE_FIND_SERVERS_ON_NETWORK_RESPONSE },
{ "RegisterServer2Request", OPCUA_MSG_SERVICE_REGISTER_SERVER2_REQUEST },
{ "RegisterServer2Response", OPCUA_MSG_SERVICE_REGISTER_SERVER2_RESPONSE },
- { "TrustListDataType", OPCUA_MSG_SERVICE_TRUST_LIST_DATA_TYPE },
- { "OptionSet", OPCUA_MSG_SERVICE_OPTION_SET },
- { "Union", OPCUA_MSG_SERVICE_UNION },
- { "DiscoveryConfiguration", OPCUA_MSG_SERVICE_DISCOVERY_CONFIGURATION },
- { "MdnsDiscoveryConfiguration", OPCUA_MSG_SERVICE_MDNS_DISCOVERY_CONFIGURATION },
- { "PublishedVariableDataType", OPCUA_MSG_SERVICE_PUBLISHED_VARIABLE_DATA_TYPE },
- { "FieldMetaData", OPCUA_MSG_SERVICE_FIELD_META_DATA },
- { "StructureField", OPCUA_MSG_SERVICE_STRUCTURE_FIELD },
- { "EnumField", OPCUA_MSG_SERVICE_ENUM_FIELD },
- { "KeyValuePair", OPCUA_MSG_SERVICE_KEY_VALUE_PAIR },
- { "ConfigurationVersionDataType", OPCUA_MSG_SERVICE_CONFIGURATION_VERSION_DATA_TYPE },
- { "FieldTargetDataType", OPCUA_MSG_SERVICE_FIELD_TARGET_DATA_TYPE },
- { "TestScalarStructure", OPCUA_MSG_SERVICE_TEST_SCALAR_STRUCTURE },
- { "TestArrayStructure", OPCUA_MSG_SERVICE_TEST_ARRAY_STRUCTURE },
- { "TestStructure", OPCUA_MSG_SERVICE_TEST_STRUCTURE },
- { "TestAbstractStructure", OPCUA_MSG_SERVICE_TEST_ABSTRACT_STRUCTURE },
- { "TestConcreteStructure", OPCUA_MSG_SERVICE_TEST_CONCRETE_STRUCTURE },
- { "SimpleTypeDescription", OPCUA_MSG_SERVICE_SIMPLE_TYPE_DESCRIPTION },
- { "UABinaryFileDataType", OPCUA_MSG_SERVICE_U_A_BINARY_FILE_DATA_TYPE },
- { "BrokerConnectionTransportDataType", OPCUA_MSG_SERVICE_BROKER_CONNECTION_TRANSPORT_DATA_TYPE },
- { "EndpointType", OPCUA_MSG_SERVICE_ENDPOINT_TYPE },
- { "DataTypeSchemaHeader", OPCUA_MSG_SERVICE_DATA_TYPE_SCHEMA_HEADER },
- { "PublishedDataSetDataType", OPCUA_MSG_SERVICE_PUBLISHED_DATA_SET_DATA_TYPE },
- { "PublishedDataSetSourceDataType", OPCUA_MSG_SERVICE_PUBLISHED_DATA_SET_SOURCE_DATA_TYPE },
- { "PublishedDataItemsDataType", OPCUA_MSG_SERVICE_PUBLISHED_DATA_ITEMS_DATA_TYPE },
- { "PublishedEventsDataType", OPCUA_MSG_SERVICE_PUBLISHED_EVENTS_DATA_TYPE },
- { "DataSetWriterDataType", OPCUA_MSG_SERVICE_DATA_SET_WRITER_DATA_TYPE },
- { "DataSetWriterTransportDataType", OPCUA_MSG_SERVICE_DATA_SET_WRITER_TRANSPORT_DATA_TYPE },
- { "DataSetWriterMessageDataType", OPCUA_MSG_SERVICE_DATA_SET_WRITER_MESSAGE_DATA_TYPE },
- { "PubSubGroupDataType", OPCUA_MSG_SERVICE_PUB_SUB_GROUP_DATA_TYPE },
- { "WriterGroupTransportDataType", OPCUA_MSG_SERVICE_WRITER_GROUP_TRANSPORT_DATA_TYPE },
- { "WriterGroupMessageDataType", OPCUA_MSG_SERVICE_WRITER_GROUP_MESSAGE_DATA_TYPE },
- { "PubSubConnectionDataType", OPCUA_MSG_SERVICE_PUB_SUB_CONNECTION_DATA_TYPE },
- { "ConnectionTransportDataType", OPCUA_MSG_SERVICE_CONNECTION_TRANSPORT_DATA_TYPE },
- { "ReaderGroupTransportDataType", OPCUA_MSG_SERVICE_READER_GROUP_TRANSPORT_DATA_TYPE },
- { "ReaderGroupMessageDataType", OPCUA_MSG_SERVICE_READER_GROUP_MESSAGE_DATA_TYPE },
- { "DataSetReaderDataType", OPCUA_MSG_SERVICE_DATA_SET_READER_DATA_TYPE },
- { "DataSetReaderTransportDataType", OPCUA_MSG_SERVICE_DATA_SET_READER_TRANSPORT_DATA_TYPE },
- { "DataSetReaderMessageDataType", OPCUA_MSG_SERVICE_DATA_SET_READER_MESSAGE_DATA_TYPE },
- { "SubscribedDataSetDataType", OPCUA_MSG_SERVICE_SUBSCRIBED_DATA_SET_DATA_TYPE },
- { "TargetVariablesDataType", OPCUA_MSG_SERVICE_TARGET_VARIABLES_DATA_TYPE },
- { "SubscribedDataSetMirrorDataType", OPCUA_MSG_SERVICE_SUBSCRIBED_DATA_SET_MIRROR_DATA_TYPE },
- { "UadpWriterGroupMessageDataType", OPCUA_MSG_SERVICE_UADP_WRITER_GROUP_MESSAGE_DATA_TYPE },
- { "UadpDataSetWriterMessageDataType", OPCUA_MSG_SERVICE_UADP_DATA_SET_WRITER_MESSAGE_DATA_TYPE },
- { "UadpDataSetReaderMessageDataType", OPCUA_MSG_SERVICE_UADP_DATA_SET_READER_MESSAGE_DATA_TYPE },
- { "JsonWriterGroupMessageDataType", OPCUA_MSG_SERVICE_JSON_WRITER_GROUP_MESSAGE_DATA_TYPE },
- { "JsonDataSetWriterMessageDataType", OPCUA_MSG_SERVICE_JSON_DATA_SET_WRITER_MESSAGE_DATA_TYPE },
- { "JsonDataSetReaderMessageDataType", OPCUA_MSG_SERVICE_JSON_DATA_SET_READER_MESSAGE_DATA_TYPE },
- { "BrokerWriterGroupTransportDataType", OPCUA_MSG_SERVICE_BROKER_WRITER_GROUP_TRANSPORT_DATA_TYPE },
- { "BrokerDataSetWriterTransportDataType", OPCUA_MSG_SERVICE_BROKER_DATA_SET_WRITER_TRANSPORT_DATA_TYPE },
- { "BrokerDataSetReaderTransportDataType", OPCUA_MSG_SERVICE_BROKER_DATA_SET_READER_TRANSPORT_DATA_TYPE },
- { "IdentityMappingRuleType", OPCUA_MSG_SERVICE_IDENTITY_MAPPING_RULE_TYPE },
{ "SessionlessInvokeRequestType", OPCUA_MSG_SERVICE_SESSIONLESS_INVOKE_REQUEST_TYPE },
- { "DatagramConnectionTransportDataType", OPCUA_MSG_SERVICE_DATAGRAM_CONNECTION_TRANSPORT_DATA_TYPE },
- { "AdditionalParametersType", OPCUA_MSG_SERVICE_ADDITIONAL_PARAMETERS_TYPE },
- { "EphemeralKeyType", OPCUA_MSG_SERVICE_EPHEMERAL_KEY_TYPE },
- { "GenericAttributeValue", OPCUA_MSG_SERVICE_GENERIC_ATTRIBUTE_VALUE },
- { "GenericAttributes", OPCUA_MSG_SERVICE_GENERIC_ATTRIBUTES },
- { "DecimalDataType", OPCUA_MSG_SERVICE_DECIMAL_DATA_TYPE },
- { "ActionTargetDataType", OPCUA_MSG_SERVICE_ACTION_TARGET_DATA_TYPE },
- { "PublishedActionDataType", OPCUA_MSG_SERVICE_PUBLISHED_ACTION_DATA_TYPE },
- { "ActionMethodDataType", OPCUA_MSG_SERVICE_ACTION_METHOD_DATA_TYPE },
- { "SortRuleElement", OPCUA_MSG_SERVICE_SORT_RULE_ELEMENT },
- { "ReadEventDetailsSorted", OPCUA_MSG_SERVICE_READ_EVENT_DETAILS_SORTED },
- { "PublishedActionMethodDataType", OPCUA_MSG_SERVICE_PUBLISHED_ACTION_METHOD_DATA_TYPE },
- { "RationalNumber", OPCUA_MSG_SERVICE_RATIONAL_NUMBER },
- { "Vector", OPCUA_MSG_SERVICE_VECTOR },
- { "ThreeDVector", OPCUA_MSG_SERVICE_THREE_D_VECTOR },
- { "CartesianCoordinates", OPCUA_MSG_SERVICE_CARTESIAN_COORDINATES },
- { "ThreeDCartesianCoordinates", OPCUA_MSG_SERVICE_THREE_D_CARTESIAN_COORDINATES },
- { "Orientation", OPCUA_MSG_SERVICE_ORIENTATION },
- { "ThreeDOrientation", OPCUA_MSG_SERVICE_THREE_D_ORIENTATION },
- { "Frame", OPCUA_MSG_SERVICE_FRAME },
- { "ThreeDFrame", OPCUA_MSG_SERVICE_THREE_D_FRAME },
- { "DtlsPubSubConnectionDataType", OPCUA_MSG_SERVICE_DTLS_PUB_SUB_CONNECTION_DATA_TYPE },
- { "LldpManagementAddressTxPortType", OPCUA_MSG_SERVICE_LLDP_MANAGEMENT_ADDRESS_TX_PORT_TYPE },
- { "LldpManagementAddressType", OPCUA_MSG_SERVICE_LLDP_MANAGEMENT_ADDRESS_TYPE },
- { "LldpTlvType", OPCUA_MSG_SERVICE_LLDP_TLV_TYPE },
- { "TestUnion", OPCUA_MSG_SERVICE_TEST_UNION },
- { "TestOptionalFields", OPCUA_MSG_SERVICE_TEST_OPTIONAL_FIELDS },
{ "SessionlessInvokeResponseType", OPCUA_MSG_SERVICE_SESSIONLESS_INVOKE_RESPONSE_TYPE },
- { "WriterGroupDataType", OPCUA_MSG_SERVICE_WRITER_GROUP_DATA_TYPE },
- { "NetworkAddressDataType", OPCUA_MSG_SERVICE_NETWORK_ADDRESS_DATA_TYPE },
- { "NetworkAddressUrlDataType", OPCUA_MSG_SERVICE_NETWORK_ADDRESS_URL_DATA_TYPE },
- { "ReaderGroupDataType", OPCUA_MSG_SERVICE_READER_GROUP_DATA_TYPE },
- { "PubSubConfigurationDataType", OPCUA_MSG_SERVICE_PUB_SUB_CONFIGURATION_DATA_TYPE },
- { "DatagramWriterGroupTransportDataType", OPCUA_MSG_SERVICE_DATAGRAM_WRITER_GROUP_TRANSPORT_DATA_TYPE },
- { "AliasNameDataType", OPCUA_MSG_SERVICE_ALIAS_NAME_DATA_TYPE },
- { "ReadAnnotationDataDetails", OPCUA_MSG_SERVICE_READ_ANNOTATION_DATA_DETAILS },
- { "CurrencyUnitType", OPCUA_MSG_SERVICE_CURRENCY_UNIT_TYPE },
- { "StandaloneSubscribedDataSetRefDataType", OPCUA_MSG_SERVICE_STANDALONE_SUBSCRIBED_DATA_SET_REF_DATA_TYPE },
- { "StandaloneSubscribedDataSetDataType", OPCUA_MSG_SERVICE_STANDALONE_SUBSCRIBED_DATA_SET_DATA_TYPE },
- { "SecurityGroupDataType", OPCUA_MSG_SERVICE_SECURITY_GROUP_DATA_TYPE },
- { "PubSubConfiguration2DataType", OPCUA_MSG_SERVICE_PUB_SUB_CONFIGURATION2_DATA_TYPE },
- { "QosDataType", OPCUA_MSG_SERVICE_QOS_DATA_TYPE },
- { "TransmitQosDataType", OPCUA_MSG_SERVICE_TRANSMIT_QOS_DATA_TYPE },
- { "TransmitQosPriorityDataType", OPCUA_MSG_SERVICE_TRANSMIT_QOS_PRIORITY_DATA_TYPE },
- { "ReceiveQosDataType", OPCUA_MSG_SERVICE_RECEIVE_QOS_DATA_TYPE },
- { "ReceiveQosPriorityDataType", OPCUA_MSG_SERVICE_RECEIVE_QOS_PRIORITY_DATA_TYPE },
- { "DatagramConnectionTransport2DataType", OPCUA_MSG_SERVICE_DATAGRAM_CONNECTION_TRANSPORT2_DATA_TYPE },
- { "DatagramWriterGroupTransport2DataType", OPCUA_MSG_SERVICE_DATAGRAM_WRITER_GROUP_TRANSPORT2_DATA_TYPE },
- { "DatagramDataSetReaderTransportDataType", OPCUA_MSG_SERVICE_DATAGRAM_DATA_SET_READER_TRANSPORT_DATA_TYPE },
- { "ProgramDiagnostic2DataType", OPCUA_MSG_SERVICE_PROGRAM_DIAGNOSTIC2_DATA_TYPE },
- { "PortableQualifiedName", OPCUA_MSG_SERVICE_PORTABLE_QUALIFIED_NAME },
- { "PortableNodeId", OPCUA_MSG_SERVICE_PORTABLE_NODE_ID },
- { "UnsignedRationalNumber", OPCUA_MSG_SERVICE_UNSIGNED_RATIONAL_NUMBER },
- { "UserManagementDataType", OPCUA_MSG_SERVICE_USER_MANAGEMENT_DATA_TYPE },
- { "PriorityMappingEntryType", OPCUA_MSG_SERVICE_PRIORITY_MAPPING_ENTRY_TYPE },
- { "PublishedDataSetCustomSourceDataType", OPCUA_MSG_SERVICE_PUBLISHED_DATA_SET_CUSTOM_SOURCE_DATA_TYPE },
- { "PubSubKeyPushTargetDataType", OPCUA_MSG_SERVICE_PUB_SUB_KEY_PUSH_TARGET_DATA_TYPE },
- { "PubSubConfigurationRefDataType", OPCUA_MSG_SERVICE_PUB_SUB_CONFIGURATION_REF_DATA_TYPE },
- { "PubSubConfigurationValueDataType", OPCUA_MSG_SERVICE_PUB_SUB_CONFIGURATION_VALUE_DATA_TYPE },
- { "TransactionErrorType", OPCUA_MSG_SERVICE_TRANSACTION_ERROR_TYPE },
- { "BitFieldDefinition", OPCUA_MSG_SERVICE_BIT_FIELD_DEFINITION },
- { "AnnotationDataType", OPCUA_MSG_SERVICE_ANNOTATION_DATA_TYPE },
- { "LinearConversionDataType", OPCUA_MSG_SERVICE_LINEAR_CONVERSION_DATA_TYPE },
- { "QuantityDimension", OPCUA_MSG_SERVICE_QUANTITY_DIMENSION },
- { "ReferenceDescriptionDataType", OPCUA_MSG_SERVICE_REFERENCE_DESCRIPTION_DATA_TYPE },
- { "ReferenceListEntryDataType", OPCUA_MSG_SERVICE_REFERENCE_LIST_ENTRY_DATA_TYPE },
- { "ReadEventDetails2", OPCUA_MSG_SERVICE_READ_EVENT_DETAILS2 },
- { "HistoryModifiedEvent", OPCUA_MSG_SERVICE_HISTORY_MODIFIED_EVENT },
};
-static bool get_msg_service(const char* s, OpcuaMsgServiceType& t)
+static bool get_msg_service(std::string s, OpcuaMsgServiceType& t)
{
- constexpr size_t max = (sizeof(opcua_msg_service_map) / sizeof(OpcuaMsgServiceMap));
-
- for (size_t i = 0; i < max; ++i)
+ auto it = opcua_msg_service_map.find(s);
+ if (it != opcua_msg_service_map.end())
{
- if (strcmp(s, opcua_msg_service_map[i].name) == 0)
- {
- t = opcua_msg_service_map[i].type;
- return true;
- }
+ t = it->second;
+ return true;
}
return false;
}
static bool append_message_chunk(Packet* p, OpcuaSessionData* ssn_data)
{
-
+ // reject undersized messages
if ( p->dsize <= OPCUA_MSG_HDR_LEN )
{
DetectionEngine::queue_event(GID_OPCUA, OPCUA_BAD_MSG_SIZE);
return false;
}
- const uint32_t current_chunk_data_len = p->dsize - OPCUA_MSG_HDR_LEN;
- const uint32_t new_chunk_data_len = ssn_data->chunk_data_len + current_chunk_data_len;
+ // reject impossibly large messages
+ if ( p->dsize > OPCUA_CHUNK_DATA_BUF_SIZE )
+ {
+ DetectionEngine::queue_event(GID_OPCUA, OPCUA_BAD_MSG_SIZE);
+ return false;
+ }
- if ( new_chunk_data_len >= OPCUA_CHUNK_DATA_BUF_SIZE )
+ // reject new chunks when the chunk data buffer is already full
+ const uint32_t current_chunk_buf_used = ssn_data->chunk_data_len;
+ if ( current_chunk_buf_used >= OPCUA_CHUNK_DATA_BUF_SIZE )
{
DetectionEngine::queue_event(GID_OPCUA, OPCUA_LARGE_CHUNKED_MSG);
return false;
}
- else
- {
- void* dst = ssn_data->chunk_data + ssn_data->chunk_data_len;
- const void* src = p->data + OPCUA_MSG_HDR_LEN;
- memcpy(dst, src, current_chunk_data_len);
- ssn_data->chunk_data_len = new_chunk_data_len;
+ // reject instances where adding in the new chunk data would be too large to process
+ const uint32_t current_chunk_len = p->dsize - OPCUA_MSG_HDR_LEN;
+ const uint32_t available_space = OPCUA_CHUNK_DATA_BUF_SIZE - current_chunk_buf_used;
+ if ( current_chunk_len >= available_space )
+ {
+ DetectionEngine::queue_event(GID_OPCUA, OPCUA_LARGE_CHUNKED_MSG);
+ return false;
}
+
+ // append new chunk data to the message chunk buffer
+ void* dst = ssn_data->chunk_data + current_chunk_buf_used;
+ const void* src = p->data + OPCUA_MSG_HDR_LEN;
+ memcpy(dst, src, current_chunk_len);
+ ssn_data->chunk_data_len = current_chunk_buf_used + current_chunk_len;
+
return true;
}
}
ssn_data->is_chunked = false;
+ ssn_data->reset_chunk_data();
}
ssn_data->is_complete_msg = false;
#define OPCUA_RHE_ENDPOINT_URL_MAX_SIZE 4096
#define OPCUA_SECURITY_POLICY_URI_MAX_SIZE 255
#define OPCUA_OPN_RECEIVER_CERT_THUMBPRINT_SIZE 20
-#define OPCUA_CHUNK_DATA_BUF_SIZE 8192
+#define OPCUA_CHUNK_DATA_BUF_SIZE 32767
// Field and size constants
#define OPCUA_MSG_HDR_LEN 24
#define OPCUA_BAD_MSG_SIZE_STR \
"invalid OPC UA MessageSize value detected"
#define OPCUA_ABNORMAL_MSG_SIZE_STR \
- "abnormal OPC UA MessageSize value detected"
+ "large OPC UA MessageSize value detected"
#define OPCUA_BAD_MSG_TYPE_STR \
"invalid OPC UA MsgType value detected"
#define OPCUA_BAD_ISFINAL_STR \
enum OpcuaMsgServiceType
{
OPCUA_MSG_SERVICE_UNDEFINED = 0,
- OPCUA_MSG_SERVICE_DATA_TYPE_DEFINITION = 121,
- OPCUA_MSG_SERVICE_STRUCTURE_DEFINITION = 122,
- OPCUA_MSG_SERVICE_ENUM_DEFINITION = 123,
- OPCUA_MSG_SERVICE_DATA_SET_META_DATA_TYPE = 124,
- OPCUA_MSG_SERVICE_DATA_TYPE_DESCRIPTION = 125,
- OPCUA_MSG_SERVICE_STRUCTURE_DESCRIPTION = 126,
- OPCUA_MSG_SERVICE_ENUM_DESCRIPTION = 127,
- OPCUA_MSG_SERVICE_ROLE_PERMISSION_TYPE = 128,
- OPCUA_MSG_SERVICE_NODE = 260,
- OPCUA_MSG_SERVICE_OBJECT_NODE = 263,
- OPCUA_MSG_SERVICE_OBJECT_TYPE_NODE = 266,
- OPCUA_MSG_SERVICE_VARIABLE_NODE = 269,
- OPCUA_MSG_SERVICE_VARIABLE_TYPE_NODE = 272,
- OPCUA_MSG_SERVICE_REFERENCE_TYPE_NODE = 275,
- OPCUA_MSG_SERVICE_METHOD_NODE = 278,
- OPCUA_MSG_SERVICE_VIEW_NODE = 281,
- OPCUA_MSG_SERVICE_DATA_TYPE_NODE = 284,
- OPCUA_MSG_SERVICE_REFERENCE_NODE = 287,
- OPCUA_MSG_SERVICE_ARGUMENT = 298,
- OPCUA_MSG_SERVICE_STATUS_RESULT = 301,
- OPCUA_MSG_SERVICE_USER_TOKEN_POLICY = 306,
- OPCUA_MSG_SERVICE_APPLICATION_DESCRIPTION = 310,
- OPCUA_MSG_SERVICE_ENDPOINT_DESCRIPTION = 314,
- OPCUA_MSG_SERVICE_USER_IDENTITY_TOKEN = 318,
- OPCUA_MSG_SERVICE_ANONYMOUS_IDENTITY_TOKEN = 321,
- OPCUA_MSG_SERVICE_USER_NAME_IDENTITY_TOKEN = 324,
- OPCUA_MSG_SERVICE_X509_IDENTITY_TOKEN = 327,
- OPCUA_MSG_SERVICE_ENDPOINT_CONFIGURATION = 333,
- OPCUA_MSG_SERVICE_BUILD_INFO = 340,
- OPCUA_MSG_SERVICE_SIGNED_SOFTWARE_CERTIFICATE = 346,
- OPCUA_MSG_SERVICE_NODE_ATTRIBUTES = 351,
- OPCUA_MSG_SERVICE_OBJECT_ATTRIBUTES = 354,
- OPCUA_MSG_SERVICE_VARIABLE_ATTRIBUTES = 357,
- OPCUA_MSG_SERVICE_METHOD_ATTRIBUTES = 360,
- OPCUA_MSG_SERVICE_OBJECT_TYPE_ATTRIBUTES = 363,
- OPCUA_MSG_SERVICE_VARIABLE_TYPE_ATTRIBUTES = 366,
- OPCUA_MSG_SERVICE_REFERENCE_TYPE_ATTRIBUTES = 369,
- OPCUA_MSG_SERVICE_DATA_TYPE_ATTRIBUTES = 372,
- OPCUA_MSG_SERVICE_VIEW_ATTRIBUTES = 375,
- OPCUA_MSG_SERVICE_ADD_NODES_ITEM = 378,
- OPCUA_MSG_SERVICE_ADD_REFERENCES_ITEM = 381,
- OPCUA_MSG_SERVICE_DELETE_NODES_ITEM = 384,
- OPCUA_MSG_SERVICE_DELETE_REFERENCES_ITEM = 387,
- OPCUA_MSG_SERVICE_REQUEST_HEADER = 391,
- OPCUA_MSG_SERVICE_RESPONSE_HEADER = 394,
OPCUA_MSG_SERVICE_SERVICE_FAULT = 397,
OPCUA_MSG_SERVICE_FIND_SERVERS_REQUEST = 422,
OPCUA_MSG_SERVICE_FIND_SERVERS_RESPONSE = 425,
OPCUA_MSG_SERVICE_GET_ENDPOINTS_REQUEST = 428,
OPCUA_MSG_SERVICE_GET_ENDPOINTS_RESPONSE = 431,
- OPCUA_MSG_SERVICE_REGISTERED_SERVER = 434,
OPCUA_MSG_SERVICE_REGISTER_SERVER_REQUEST = 437,
OPCUA_MSG_SERVICE_REGISTER_SERVER_RESPONSE = 440,
- OPCUA_MSG_SERVICE_CHANNEL_SECURITY_TOKEN = 443,
OPCUA_MSG_SERVICE_OPEN_SECURE_CHANNEL_REQUEST = 446,
OPCUA_MSG_SERVICE_OPEN_SECURE_CHANNEL_RESPONSE = 449,
OPCUA_MSG_SERVICE_CLOSE_SECURE_CHANNEL_REQUEST = 452,
OPCUA_MSG_SERVICE_CLOSE_SECURE_CHANNEL_RESPONSE = 455,
- OPCUA_MSG_SERVICE_SIGNATURE_DATA = 458,
OPCUA_MSG_SERVICE_CREATE_SESSION_REQUEST = 461,
OPCUA_MSG_SERVICE_CREATE_SESSION_RESPONSE = 464,
OPCUA_MSG_SERVICE_ACTIVATE_SESSION_REQUEST = 467,
OPCUA_MSG_SERVICE_CLOSE_SESSION_RESPONSE = 476,
OPCUA_MSG_SERVICE_CANCEL_REQUEST = 479,
OPCUA_MSG_SERVICE_CANCEL_RESPONSE = 482,
- OPCUA_MSG_SERVICE_ADD_NODES_RESULT = 485,
OPCUA_MSG_SERVICE_ADD_NODES_REQUEST = 488,
OPCUA_MSG_SERVICE_ADD_NODES_RESPONSE = 491,
OPCUA_MSG_SERVICE_ADD_REFERENCES_REQUEST = 494,
OPCUA_MSG_SERVICE_DELETE_NODES_RESPONSE = 503,
OPCUA_MSG_SERVICE_DELETE_REFERENCES_REQUEST = 506,
OPCUA_MSG_SERVICE_DELETE_REFERENCES_RESPONSE = 509,
- OPCUA_MSG_SERVICE_VIEW_DESCRIPTION = 513,
- OPCUA_MSG_SERVICE_BROWSE_DESCRIPTION = 516,
- OPCUA_MSG_SERVICE_REFERENCE_DESCRIPTION = 520,
- OPCUA_MSG_SERVICE_BROWSE_RESULT = 524,
OPCUA_MSG_SERVICE_BROWSE_REQUEST = 527,
OPCUA_MSG_SERVICE_BROWSE_RESPONSE = 530,
OPCUA_MSG_SERVICE_BROWSE_NEXT_REQUEST = 533,
OPCUA_MSG_SERVICE_BROWSE_NEXT_RESPONSE = 536,
- OPCUA_MSG_SERVICE_RELATIVE_PATH_ELEMENT = 539,
- OPCUA_MSG_SERVICE_RELATIVE_PATH = 542,
- OPCUA_MSG_SERVICE_BROWSE_PATH = 545,
- OPCUA_MSG_SERVICE_BROWSE_PATH_TARGET = 548,
- OPCUA_MSG_SERVICE_BROWSE_PATH_RESULT = 551,
OPCUA_MSG_SERVICE_TRANSLATE_BROWSE_PATHS_TO_NODE_IDS_REQUEST = 554,
OPCUA_MSG_SERVICE_TRANSLATE_BROWSE_PATHS_TO_NODE_IDS_RESPONSE = 557,
OPCUA_MSG_SERVICE_REGISTER_NODES_REQUEST = 560,
OPCUA_MSG_SERVICE_REGISTER_NODES_RESPONSE = 563,
OPCUA_MSG_SERVICE_UNREGISTER_NODES_REQUEST = 566,
OPCUA_MSG_SERVICE_UNREGISTER_NODES_RESPONSE = 569,
- OPCUA_MSG_SERVICE_QUERY_DATA_DESCRIPTION = 572,
- OPCUA_MSG_SERVICE_NODE_TYPE_DESCRIPTION = 575,
- OPCUA_MSG_SERVICE_QUERY_DATA_SET = 579,
- OPCUA_MSG_SERVICE_NODE_REFERENCE = 582,
- OPCUA_MSG_SERVICE_CONTENT_FILTER_ELEMENT = 585,
- OPCUA_MSG_SERVICE_CONTENT_FILTER = 588,
- OPCUA_MSG_SERVICE_FILTER_OPERAND = 591,
- OPCUA_MSG_SERVICE_ELEMENT_OPERAND = 594,
- OPCUA_MSG_SERVICE_LITERAL_OPERAND = 597,
- OPCUA_MSG_SERVICE_ATTRIBUTE_OPERAND = 600,
- OPCUA_MSG_SERVICE_SIMPLE_ATTRIBUTE_OPERAND = 603,
- OPCUA_MSG_SERVICE_CONTENT_FILTER_ELEMENT_RESULT = 606,
- OPCUA_MSG_SERVICE_CONTENT_FILTER_RESULT = 609,
- OPCUA_MSG_SERVICE_PARSING_RESULT = 612,
OPCUA_MSG_SERVICE_QUERY_FIRST_REQUEST = 615,
OPCUA_MSG_SERVICE_QUERY_FIRST_RESPONSE = 618,
OPCUA_MSG_SERVICE_QUERY_NEXT_REQUEST = 621,
OPCUA_MSG_SERVICE_QUERY_NEXT_RESPONSE = 624,
- OPCUA_MSG_SERVICE_READ_VALUE_ID = 628,
OPCUA_MSG_SERVICE_READ_REQUEST = 631,
OPCUA_MSG_SERVICE_READ_RESPONSE = 634,
- OPCUA_MSG_SERVICE_HISTORY_READ_VALUE_ID = 637,
- OPCUA_MSG_SERVICE_HISTORY_READ_RESULT = 640,
- OPCUA_MSG_SERVICE_HISTORY_READ_DETAILS = 643,
- OPCUA_MSG_SERVICE_READ_EVENT_DETAILS = 646,
- OPCUA_MSG_SERVICE_READ_RAW_MODIFIED_DETAILS = 649,
- OPCUA_MSG_SERVICE_READ_PROCESSED_DETAILS = 652,
- OPCUA_MSG_SERVICE_READ_AT_TIME_DETAILS = 655,
- OPCUA_MSG_SERVICE_HISTORY_DATA = 658,
- OPCUA_MSG_SERVICE_HISTORY_EVENT = 661,
OPCUA_MSG_SERVICE_HISTORY_READ_REQUEST = 664,
OPCUA_MSG_SERVICE_HISTORY_READ_RESPONSE = 667,
- OPCUA_MSG_SERVICE_WRITE_VALUE = 670,
OPCUA_MSG_SERVICE_WRITE_REQUEST = 673,
OPCUA_MSG_SERVICE_WRITE_RESPONSE = 676,
- OPCUA_MSG_SERVICE_HISTORY_UPDATE_DETAILS = 679,
- OPCUA_MSG_SERVICE_UPDATE_DATA_DETAILS = 682,
- OPCUA_MSG_SERVICE_UPDATE_EVENT_DETAILS = 685,
- OPCUA_MSG_SERVICE_DELETE_RAW_MODIFIED_DETAILS = 688,
- OPCUA_MSG_SERVICE_DELETE_AT_TIME_DETAILS = 691,
- OPCUA_MSG_SERVICE_DELETE_EVENT_DETAILS = 694,
- OPCUA_MSG_SERVICE_HISTORY_UPDATE_RESULT = 697,
OPCUA_MSG_SERVICE_HISTORY_UPDATE_REQUEST = 700,
OPCUA_MSG_SERVICE_HISTORY_UPDATE_RESPONSE = 703,
OPCUA_MSG_SERVICE_CALL_METHOD_REQUEST = 706,
- OPCUA_MSG_SERVICE_CALL_METHOD_RESULT = 709,
OPCUA_MSG_SERVICE_CALL_REQUEST = 712,
OPCUA_MSG_SERVICE_CALL_RESPONSE = 715,
- OPCUA_MSG_SERVICE_MONITORING_FILTER = 721,
- OPCUA_MSG_SERVICE_DATA_CHANGE_FILTER = 724,
- OPCUA_MSG_SERVICE_EVENT_FILTER = 727,
- OPCUA_MSG_SERVICE_AGGREGATE_FILTER = 730,
- OPCUA_MSG_SERVICE_MONITORING_FILTER_RESULT = 733,
- OPCUA_MSG_SERVICE_EVENT_FILTER_RESULT = 736,
- OPCUA_MSG_SERVICE_AGGREGATE_FILTER_RESULT = 739,
- OPCUA_MSG_SERVICE_MONITORING_PARAMETERS = 742,
OPCUA_MSG_SERVICE_MONITORED_ITEM_CREATE_REQUEST = 745,
- OPCUA_MSG_SERVICE_MONITORED_ITEM_CREATE_RESULT = 748,
OPCUA_MSG_SERVICE_CREATE_MONITORED_ITEMS_REQUEST = 751,
OPCUA_MSG_SERVICE_CREATE_MONITORED_ITEMS_RESPONSE = 754,
OPCUA_MSG_SERVICE_MONITORED_ITEM_MODIFY_REQUEST = 757,
- OPCUA_MSG_SERVICE_MONITORED_ITEM_MODIFY_RESULT = 760,
OPCUA_MSG_SERVICE_MODIFY_MONITORED_ITEMS_REQUEST = 763,
OPCUA_MSG_SERVICE_MODIFY_MONITORED_ITEMS_RESPONSE = 766,
OPCUA_MSG_SERVICE_SET_MONITORING_MODE_REQUEST = 769,
OPCUA_MSG_SERVICE_MODIFY_SUBSCRIPTION_RESPONSE = 796,
OPCUA_MSG_SERVICE_SET_PUBLISHING_MODE_REQUEST = 799,
OPCUA_MSG_SERVICE_SET_PUBLISHING_MODE_RESPONSE = 802,
- OPCUA_MSG_SERVICE_NOTIFICATION_MESSAGE = 805,
- OPCUA_MSG_SERVICE_MONITORED_ITEM_NOTIFICATION = 808,
- OPCUA_MSG_SERVICE_DATA_CHANGE_NOTIFICATION = 811,
- OPCUA_MSG_SERVICE_STATUS_CHANGE_NOTIFICATION = 820,
- OPCUA_MSG_SERVICE_SUBSCRIPTION_ACKNOWLEDGEMENT = 823,
OPCUA_MSG_SERVICE_PUBLISH_REQUEST = 826,
OPCUA_MSG_SERVICE_PUBLISH_RESPONSE = 829,
OPCUA_MSG_SERVICE_REPUBLISH_REQUEST = 832,
OPCUA_MSG_SERVICE_REPUBLISH_RESPONSE = 835,
- OPCUA_MSG_SERVICE_TRANSFER_RESULT = 838,
OPCUA_MSG_SERVICE_TRANSFER_SUBSCRIPTIONS_REQUEST = 841,
OPCUA_MSG_SERVICE_TRANSFER_SUBSCRIPTIONS_RESPONSE = 844,
OPCUA_MSG_SERVICE_DELETE_SUBSCRIPTIONS_REQUEST = 847,
OPCUA_MSG_SERVICE_DELETE_SUBSCRIPTIONS_RESPONSE = 850,
- OPCUA_MSG_SERVICE_REDUNDANT_SERVER_DATA_TYPE = 855,
- OPCUA_MSG_SERVICE_SAMPLING_INTERVAL_DIAGNOSTICS_DATA_TYPE = 858,
- OPCUA_MSG_SERVICE_SERVER_DIAGNOSTICS_SUMMARY_DATA_TYPE = 861,
- OPCUA_MSG_SERVICE_SERVER_STATUS_DATA_TYPE = 864,
- OPCUA_MSG_SERVICE_SESSION_DIAGNOSTICS_DATA_TYPE = 867,
- OPCUA_MSG_SERVICE_SESSION_SECURITY_DIAGNOSTICS_DATA_TYPE = 870,
- OPCUA_MSG_SERVICE_SERVICE_COUNTER_DATA_TYPE = 873,
- OPCUA_MSG_SERVICE_SUBSCRIPTION_DIAGNOSTICS_DATA_TYPE = 876,
- OPCUA_MSG_SERVICE_MODEL_CHANGE_STRUCTURE_DATA_TYPE = 879,
- OPCUA_MSG_SERVICE_RANGE = 886,
- OPCUA_MSG_SERVICE_E_U_INFORMATION = 889,
- OPCUA_MSG_SERVICE_ANNOTATION = 893,
- OPCUA_MSG_SERVICE_PROGRAM_DIAGNOSTIC_DATA_TYPE = 896,
- OPCUA_MSG_SERVICE_SEMANTIC_CHANGE_STRUCTURE_DATA_TYPE = 899,
- OPCUA_MSG_SERVICE_EVENT_NOTIFICATION_LIST = 916,
- OPCUA_MSG_SERVICE_EVENT_FIELD_LIST = 919,
- OPCUA_MSG_SERVICE_HISTORY_EVENT_FIELD_LIST = 922,
- OPCUA_MSG_SERVICE_ISSUED_IDENTITY_TOKEN = 940,
- OPCUA_MSG_SERVICE_NOTIFICATION_DATA = 947,
- OPCUA_MSG_SERVICE_AGGREGATE_CONFIGURATION = 950,
- OPCUA_MSG_SERVICE_ENUM_VALUE_TYPE = 8251,
- OPCUA_MSG_SERVICE_TIME_ZONE_DATA_TYPE = 8917,
- OPCUA_MSG_SERVICE_MODIFICATION_INFO = 11226,
- OPCUA_MSG_SERVICE_HISTORY_MODIFIED_DATA = 11227,
- OPCUA_MSG_SERVICE_UPDATE_STRUCTURE_DATA_DETAILS = 11300,
- OPCUA_MSG_SERVICE_INSTANCE_NODE = 11889,
- OPCUA_MSG_SERVICE_TYPE_NODE = 11890,
- OPCUA_MSG_SERVICE_ENDPOINT_URL_LIST_DATA_TYPE = 11957,
- OPCUA_MSG_SERVICE_NETWORK_GROUP_DATA_TYPE = 11958,
- OPCUA_MSG_SERVICE_AXIS_INFORMATION = 12089,
- OPCUA_MSG_SERVICE_X_V_TYPE = 12090,
- OPCUA_MSG_SERVICE_COMPLEX_NUMBER_TYPE = 12181,
- OPCUA_MSG_SERVICE_DOUBLE_COMPLEX_NUMBER_TYPE = 12182,
- OPCUA_MSG_SERVICE_SERVER_ON_NETWORK = 12207,
OPCUA_MSG_SERVICE_FIND_SERVERS_ON_NETWORK_REQUEST = 12208,
OPCUA_MSG_SERVICE_FIND_SERVERS_ON_NETWORK_RESPONSE = 12209,
OPCUA_MSG_SERVICE_REGISTER_SERVER2_REQUEST = 12211,
OPCUA_MSG_SERVICE_REGISTER_SERVER2_RESPONSE = 12212,
- OPCUA_MSG_SERVICE_TRUST_LIST_DATA_TYPE = 12680,
- OPCUA_MSG_SERVICE_OPTION_SET = 12765,
- OPCUA_MSG_SERVICE_UNION = 12766,
- OPCUA_MSG_SERVICE_DISCOVERY_CONFIGURATION = 12900,
- OPCUA_MSG_SERVICE_MDNS_DISCOVERY_CONFIGURATION = 12901,
- OPCUA_MSG_SERVICE_PUBLISHED_VARIABLE_DATA_TYPE = 14323,
- OPCUA_MSG_SERVICE_FIELD_META_DATA = 14839,
- OPCUA_MSG_SERVICE_STRUCTURE_FIELD = 14844,
- OPCUA_MSG_SERVICE_ENUM_FIELD = 14845,
- OPCUA_MSG_SERVICE_KEY_VALUE_PAIR = 14846,
- OPCUA_MSG_SERVICE_CONFIGURATION_VERSION_DATA_TYPE = 14847,
- OPCUA_MSG_SERVICE_FIELD_TARGET_DATA_TYPE = 14848,
- OPCUA_MSG_SERVICE_TEST_SCALAR_STRUCTURE = 15024,
- OPCUA_MSG_SERVICE_TEST_ARRAY_STRUCTURE = 15025,
- OPCUA_MSG_SERVICE_TEST_STRUCTURE = 15026,
- OPCUA_MSG_SERVICE_TEST_ABSTRACT_STRUCTURE = 15401,
- OPCUA_MSG_SERVICE_TEST_CONCRETE_STRUCTURE = 15402,
- OPCUA_MSG_SERVICE_SIMPLE_TYPE_DESCRIPTION = 15421,
- OPCUA_MSG_SERVICE_U_A_BINARY_FILE_DATA_TYPE = 15422,
- OPCUA_MSG_SERVICE_BROKER_CONNECTION_TRANSPORT_DATA_TYPE = 15479,
- OPCUA_MSG_SERVICE_ENDPOINT_TYPE = 15671,
- OPCUA_MSG_SERVICE_DATA_TYPE_SCHEMA_HEADER = 15676,
- OPCUA_MSG_SERVICE_PUBLISHED_DATA_SET_DATA_TYPE = 15677,
- OPCUA_MSG_SERVICE_PUBLISHED_DATA_SET_SOURCE_DATA_TYPE = 15678,
- OPCUA_MSG_SERVICE_PUBLISHED_DATA_ITEMS_DATA_TYPE = 15679,
- OPCUA_MSG_SERVICE_PUBLISHED_EVENTS_DATA_TYPE = 15681,
- OPCUA_MSG_SERVICE_DATA_SET_WRITER_DATA_TYPE = 15682,
- OPCUA_MSG_SERVICE_DATA_SET_WRITER_TRANSPORT_DATA_TYPE = 15683,
- OPCUA_MSG_SERVICE_DATA_SET_WRITER_MESSAGE_DATA_TYPE = 15688,
- OPCUA_MSG_SERVICE_PUB_SUB_GROUP_DATA_TYPE = 15689,
- OPCUA_MSG_SERVICE_WRITER_GROUP_TRANSPORT_DATA_TYPE = 15691,
- OPCUA_MSG_SERVICE_WRITER_GROUP_MESSAGE_DATA_TYPE = 15693,
- OPCUA_MSG_SERVICE_PUB_SUB_CONNECTION_DATA_TYPE = 15694,
- OPCUA_MSG_SERVICE_CONNECTION_TRANSPORT_DATA_TYPE = 15695,
- OPCUA_MSG_SERVICE_READER_GROUP_TRANSPORT_DATA_TYPE = 15701,
- OPCUA_MSG_SERVICE_READER_GROUP_MESSAGE_DATA_TYPE = 15702,
- OPCUA_MSG_SERVICE_DATA_SET_READER_DATA_TYPE = 15703,
- OPCUA_MSG_SERVICE_DATA_SET_READER_TRANSPORT_DATA_TYPE = 15705,
- OPCUA_MSG_SERVICE_DATA_SET_READER_MESSAGE_DATA_TYPE = 15706,
- OPCUA_MSG_SERVICE_SUBSCRIBED_DATA_SET_DATA_TYPE = 15707,
- OPCUA_MSG_SERVICE_TARGET_VARIABLES_DATA_TYPE = 15712,
- OPCUA_MSG_SERVICE_SUBSCRIBED_DATA_SET_MIRROR_DATA_TYPE = 15713,
- OPCUA_MSG_SERVICE_UADP_WRITER_GROUP_MESSAGE_DATA_TYPE = 15715,
- OPCUA_MSG_SERVICE_UADP_DATA_SET_WRITER_MESSAGE_DATA_TYPE = 15717,
- OPCUA_MSG_SERVICE_UADP_DATA_SET_READER_MESSAGE_DATA_TYPE = 15718,
- OPCUA_MSG_SERVICE_JSON_WRITER_GROUP_MESSAGE_DATA_TYPE = 15719,
- OPCUA_MSG_SERVICE_JSON_DATA_SET_WRITER_MESSAGE_DATA_TYPE = 15724,
- OPCUA_MSG_SERVICE_JSON_DATA_SET_READER_MESSAGE_DATA_TYPE = 15725,
- OPCUA_MSG_SERVICE_BROKER_WRITER_GROUP_TRANSPORT_DATA_TYPE = 15727,
- OPCUA_MSG_SERVICE_BROKER_DATA_SET_WRITER_TRANSPORT_DATA_TYPE = 15729,
- OPCUA_MSG_SERVICE_BROKER_DATA_SET_READER_TRANSPORT_DATA_TYPE = 15733,
- OPCUA_MSG_SERVICE_IDENTITY_MAPPING_RULE_TYPE = 15736,
OPCUA_MSG_SERVICE_SESSIONLESS_INVOKE_REQUEST_TYPE = 15903,
- OPCUA_MSG_SERVICE_DATAGRAM_CONNECTION_TRANSPORT_DATA_TYPE = 17468,
- OPCUA_MSG_SERVICE_ADDITIONAL_PARAMETERS_TYPE = 17537,
- OPCUA_MSG_SERVICE_EPHEMERAL_KEY_TYPE = 17549,
- OPCUA_MSG_SERVICE_GENERIC_ATTRIBUTE_VALUE = 17610,
- OPCUA_MSG_SERVICE_GENERIC_ATTRIBUTES = 17611,
- OPCUA_MSG_SERVICE_DECIMAL_DATA_TYPE = 17863,
- OPCUA_MSG_SERVICE_ACTION_TARGET_DATA_TYPE = 18598,
- OPCUA_MSG_SERVICE_PUBLISHED_ACTION_DATA_TYPE = 18599,
- OPCUA_MSG_SERVICE_ACTION_METHOD_DATA_TYPE = 18600,
- OPCUA_MSG_SERVICE_SORT_RULE_ELEMENT = 18650,
- OPCUA_MSG_SERVICE_READ_EVENT_DETAILS_SORTED = 18651,
- OPCUA_MSG_SERVICE_PUBLISHED_ACTION_METHOD_DATA_TYPE = 18795,
- OPCUA_MSG_SERVICE_RATIONAL_NUMBER = 18815,
- OPCUA_MSG_SERVICE_VECTOR = 18816,
- OPCUA_MSG_SERVICE_THREE_D_VECTOR = 18817,
- OPCUA_MSG_SERVICE_CARTESIAN_COORDINATES = 18818,
- OPCUA_MSG_SERVICE_THREE_D_CARTESIAN_COORDINATES = 18819,
- OPCUA_MSG_SERVICE_ORIENTATION = 18820,
- OPCUA_MSG_SERVICE_THREE_D_ORIENTATION = 18821,
- OPCUA_MSG_SERVICE_FRAME = 18822,
- OPCUA_MSG_SERVICE_THREE_D_FRAME = 18823,
- OPCUA_MSG_SERVICE_DTLS_PUB_SUB_CONNECTION_DATA_TYPE = 18930,
- OPCUA_MSG_SERVICE_LLDP_MANAGEMENT_ADDRESS_TX_PORT_TYPE = 19079,
- OPCUA_MSG_SERVICE_LLDP_MANAGEMENT_ADDRESS_TYPE = 19080,
- OPCUA_MSG_SERVICE_LLDP_TLV_TYPE = 19081,
- OPCUA_MSG_SERVICE_TEST_UNION = 19435,
- OPCUA_MSG_SERVICE_TEST_OPTIONAL_FIELDS = 19436,
OPCUA_MSG_SERVICE_SESSIONLESS_INVOKE_RESPONSE_TYPE = 21001,
- OPCUA_MSG_SERVICE_WRITER_GROUP_DATA_TYPE = 21150,
- OPCUA_MSG_SERVICE_NETWORK_ADDRESS_DATA_TYPE = 21151,
- OPCUA_MSG_SERVICE_NETWORK_ADDRESS_URL_DATA_TYPE = 21152,
- OPCUA_MSG_SERVICE_READER_GROUP_DATA_TYPE = 21153,
- OPCUA_MSG_SERVICE_PUB_SUB_CONFIGURATION_DATA_TYPE = 21154,
- OPCUA_MSG_SERVICE_DATAGRAM_WRITER_GROUP_TRANSPORT_DATA_TYPE = 21155,
- OPCUA_MSG_SERVICE_ALIAS_NAME_DATA_TYPE = 23499,
- OPCUA_MSG_SERVICE_READ_ANNOTATION_DATA_DETAILS = 23500,
- OPCUA_MSG_SERVICE_CURRENCY_UNIT_TYPE = 23507,
- OPCUA_MSG_SERVICE_STANDALONE_SUBSCRIBED_DATA_SET_REF_DATA_TYPE = 23851,
- OPCUA_MSG_SERVICE_STANDALONE_SUBSCRIBED_DATA_SET_DATA_TYPE = 23852,
- OPCUA_MSG_SERVICE_SECURITY_GROUP_DATA_TYPE = 23853,
- OPCUA_MSG_SERVICE_PUB_SUB_CONFIGURATION2_DATA_TYPE = 23854,
- OPCUA_MSG_SERVICE_QOS_DATA_TYPE = 23855,
- OPCUA_MSG_SERVICE_TRANSMIT_QOS_DATA_TYPE = 23856,
- OPCUA_MSG_SERVICE_TRANSMIT_QOS_PRIORITY_DATA_TYPE = 23857,
- OPCUA_MSG_SERVICE_RECEIVE_QOS_DATA_TYPE = 23860,
- OPCUA_MSG_SERVICE_RECEIVE_QOS_PRIORITY_DATA_TYPE = 23861,
- OPCUA_MSG_SERVICE_DATAGRAM_CONNECTION_TRANSPORT2_DATA_TYPE = 23864,
- OPCUA_MSG_SERVICE_DATAGRAM_WRITER_GROUP_TRANSPORT2_DATA_TYPE = 23865,
- OPCUA_MSG_SERVICE_DATAGRAM_DATA_SET_READER_TRANSPORT_DATA_TYPE = 23866,
- OPCUA_MSG_SERVICE_PROGRAM_DIAGNOSTIC2_DATA_TYPE = 24034,
- OPCUA_MSG_SERVICE_PORTABLE_QUALIFIED_NAME = 24108,
- OPCUA_MSG_SERVICE_PORTABLE_NODE_ID = 24109,
- OPCUA_MSG_SERVICE_UNSIGNED_RATIONAL_NUMBER = 24110,
- OPCUA_MSG_SERVICE_USER_MANAGEMENT_DATA_TYPE = 24292,
- OPCUA_MSG_SERVICE_PRIORITY_MAPPING_ENTRY_TYPE = 25239,
- OPCUA_MSG_SERVICE_PUBLISHED_DATA_SET_CUSTOM_SOURCE_DATA_TYPE = 25529,
- OPCUA_MSG_SERVICE_PUB_SUB_KEY_PUSH_TARGET_DATA_TYPE = 25530,
- OPCUA_MSG_SERVICE_PUB_SUB_CONFIGURATION_REF_DATA_TYPE = 25531,
- OPCUA_MSG_SERVICE_PUB_SUB_CONFIGURATION_VALUE_DATA_TYPE = 25532,
- OPCUA_MSG_SERVICE_TRANSACTION_ERROR_TYPE = 32382,
- OPCUA_MSG_SERVICE_BIT_FIELD_DEFINITION = 32422,
- OPCUA_MSG_SERVICE_ANNOTATION_DATA_TYPE = 32560,
- OPCUA_MSG_SERVICE_LINEAR_CONVERSION_DATA_TYPE = 32561,
- OPCUA_MSG_SERVICE_QUANTITY_DIMENSION = 32562,
- OPCUA_MSG_SERVICE_REFERENCE_DESCRIPTION_DATA_TYPE = 32661,
- OPCUA_MSG_SERVICE_REFERENCE_LIST_ENTRY_DATA_TYPE = 32662,
- OPCUA_MSG_SERVICE_READ_EVENT_DETAILS2 = 32800,
- OPCUA_MSG_SERVICE_HISTORY_MODIFIED_EVENT = 32825,
};
#endif
using namespace snort;
static const std::unordered_set<uint32_t> opcua_known_msg_types = {
- make_opcua_msg_key('H','E','L','F'),
- make_opcua_msg_key('A','C','K','F'),
- make_opcua_msg_key('E','R','R','F'),
- make_opcua_msg_key('R','H','E','F'),
- make_opcua_msg_key('O','P','N','F'),
- make_opcua_msg_key('M','S','G','C'),
- make_opcua_msg_key('M','S','G','F'),
- make_opcua_msg_key('M','S','G','A'),
- make_opcua_msg_key('C','L','O','F')
+ make_opcua_msg_key('H','E','L'),
+ make_opcua_msg_key('A','C','K'),
+ make_opcua_msg_key('E','R','R'),
+ make_opcua_msg_key('R','H','E'),
+ make_opcua_msg_key('O','P','N'),
+ make_opcua_msg_key('M','S','G'),
+ make_opcua_msg_key('C','L','O')
};
static StreamSplitter::Status abort_search(OpcuaSplitterPduData*);
}
uint32_t msg_key = make_opcua_msg_key(cur_pdu_data->msg_type[0], cur_pdu_data->msg_type[1],
- cur_pdu_data->msg_type[2], cur_pdu_data->is_final);
+ cur_pdu_data->msg_type[2]);
if ( opcua_known_msg_types.count(msg_key) )
{
return true;
#include "opcua_session.h"
-#define OPCUA_LARGE_MSG_SIZE 4096
+#define OPCUA_LARGE_MSG_SIZE 16383
enum opcua_splitter_state_t
{
// of message type, namespace index, and node ID matching.
TEST(IpsOpcuaTest, msg_service_detection_test)
{
- OpcuaMsgServiceOption opcua_ips(OPCUA_MSG_SERVICE_TEST_UNION);
+ OpcuaMsgServiceOption opcua_ips(OPCUA_MSG_SERVICE_GET_ENDPOINTS_REQUEST);
Cursor c; Packet p(true);
// Test case 1: Packet with no flow context should not match
// Test case 7: Valid client packet with all correct attributes should match
// Complete MSG PDU with default namespace and matching service node ID
- ofd->client_ssn_data.node_id = OPCUA_MSG_SERVICE_TEST_UNION;
+ ofd->client_ssn_data.node_id = OPCUA_MSG_SERVICE_GET_ENDPOINTS_REQUEST;
CHECK_EQUAL(IpsOption::MATCH, opcua_ips.eval(c, &p));
// Test case 8: Server packet validation follows same logic as client
CHECK_EQUAL(IpsOption::NO_MATCH, opcua_ips.eval(c, &p));
// Test case 11: Valid server packet with matching service node ID should match
- ofd->server_ssn_data.node_id = OPCUA_MSG_SERVICE_TEST_UNION;
+ ofd->server_ssn_data.node_id = OPCUA_MSG_SERVICE_GET_ENDPOINTS_REQUEST;
CHECK_EQUAL(IpsOption::MATCH, opcua_ips.eval(c, &p));
// Test case 12: No flow data should result in no match
// node IDs are specific to OPC UA service calls, not protocol control messages.
TEST(IpsOpcuaNodeIdTest, node_id_detection_comprehensive_test)
{
- OpcuaNodeIdOption opcua_node_id(OPCUA_MSG_SERVICE_DATA_TYPE_DEFINITION);
+ OpcuaNodeIdOption opcua_node_id(OPCUA_MSG_SERVICE_GET_ENDPOINTS_REQUEST);
Cursor c; Packet p(true);
// Test case 1: Packet with no flow context should not match
// Test case 5: MSG packet with non-matching node ID should not match
// Testing with different node ID value than expected
ofd->client_ssn_data.msg_type = OPCUA_MSG_MSG;
- ofd->client_ssn_data.node_id = OPCUA_MSG_SERVICE_NODE;
+ ofd->client_ssn_data.node_id = OPCUA_MSG_SERVICE_REGISTER_SERVER_REQUEST;
CHECK_EQUAL(IpsOption::NO_MATCH, opcua_node_id.eval(c, &p));
// Test case 6: MSG packet with matching node ID should match
// Valid MSG PDU with correct node ID should trigger detection
- ofd->client_ssn_data.node_id = OPCUA_MSG_SERVICE_DATA_TYPE_DEFINITION;
+ ofd->client_ssn_data.node_id = OPCUA_MSG_SERVICE_GET_ENDPOINTS_REQUEST;
CHECK_EQUAL(IpsOption::MATCH, opcua_node_id.eval(c, &p));
// Test case 7: Server packet with matching conditions should match
p.packet_flags &= ~PKT_FROM_CLIENT;
p.packet_flags |= PKT_FROM_SERVER;
ofd->server_ssn_data.msg_type = OPCUA_MSG_MSG;
- ofd->server_ssn_data.node_id = OPCUA_MSG_SERVICE_DATA_TYPE_DEFINITION;
+ ofd->server_ssn_data.node_id = OPCUA_MSG_SERVICE_GET_ENDPOINTS_REQUEST;
CHECK_EQUAL(IpsOption::MATCH, opcua_node_id.eval(c, &p));
// Test case 8: No flow data should result in no match
{
snort::Packet packet;
OpcuaFlowData* opcua_fd;
- uint8_t test_data[1024];
+ uint8_t test_data[OPCUA_CHUNK_DATA_BUF_SIZE];
void setup() override
{
CHECK_EQUAL(OPCUA_BAD_TYPEID_ENCODING, event_sid);
// Test case 4: MSG message with extremely large size exceeding buffer limits
- // Message claims size (10000) that would exceed chunked message buffer capacity
- // Should fail and trigger large chunked message event
+ // Message claims size exceeding OPCUA_CHUNK_DATA_BUF_SIZE
+ // Should fail and trigger bad message size event from the dsize guard
reset();
- create_msg_message(10000);
+ create_msg_message(OPCUA_CHUNK_DATA_BUF_SIZE + 1);
+ CHECK_FALSE(opcua_decode(&packet, opcua_fd));
+ CHECK_EQUAL(OPCUA_BAD_MSG_SIZE, event_sid);
+
+ // Test case 5: MSG chunked message sequence that exceeds buffer capacity
+ // First chunk fills most of the buffer, second chunk overflows remaining space
+ // Should fail on the second chunk with large chunked message event
+ reset();
+ create_msg_message(OPCUA_CHUNK_DATA_BUF_SIZE - 100, OPCUA_TYPEID_ENCODING_FOUR_BYTES_ENCODED_NUMERIC, OPCUA_DEFAULT_NAMESPACE_INDEX, 'C');
+ CHECK_TRUE(opcua_decode(&packet, opcua_fd));
+ event_sid = 0;
+ create_msg_message(200, OPCUA_TYPEID_ENCODING_FOUR_BYTES_ENCODED_NUMERIC, OPCUA_DEFAULT_NAMESPACE_INDEX, 'F');
CHECK_FALSE(opcua_decode(&packet, opcua_fd));
CHECK_EQUAL(OPCUA_LARGE_CHUNKED_MSG, event_sid);
- // Test case 5: Valid MSG chunked message sequence (intermediate + final)
+ // Test case 6: Valid MSG chunked message sequence (intermediate + final)
// First chunk with 'C' flag (continue), followed by final chunk with 'F' flag
// Should decode both chunks successfully, triggering intermediate event on first chunk
reset();
CHECK_TRUE(opcua_decode(&packet, opcua_fd));
CHECK_EQUAL(0, event_sid);
- // Test case 6: MSG chunked message sequence with abort
+ // Test case 7: MSG chunked message sequence with abort
// First chunk with 'C' flag (continue), followed by abort chunk with 'A' flag
// Should handle both chunks
reset();
result = splitter->scan(&packet, test_data, msg_size, 0, &fp);
CHECK_EQUAL(snort::StreamSplitter::ABORT, result);
- // Test case 4: Invalid is final field ("O")
- // Non-standard OPC UA is final field should abort processing and trigger bad message type event
+ // Test case 5: Invalid is final field ("O")
+ // Non-standard OPC UA is final fields are considered abnormal but do not affect parsing in most cases
+ // Should flush but trigger a bad IsFinal event for security monitoring in the decoder
reset();
create_opcua_message("HELO", test_data, msg_size);
result = splitter->scan(&server_packet, test_data, msg_size, 0, &fp);
- CHECK_EQUAL(snort::StreamSplitter::ABORT, result);
- CHECK_EQUAL(OPCUA_BAD_MSG_TYPE, event_sid);
+ CHECK_EQUAL(snort::StreamSplitter::FLUSH, result);
}
TEST(OpcuaSplitterTest, scan_size_issues)
{
- // Test case 1: Message with abnormally large size (4097 bytes)
- // OPC UA messages over 4096 bytes are considered abnormal and may indicate attacks
+ // Test case 1: Message with abnormally large size (16384 bytes)
+ // OPC UA messages over 16383 bytes are considered abnormal and may indicate attacks
// Should flush but trigger abnormal message size event for security monitoring
- uint32_t msg_size = 4097;
+ uint32_t msg_size = 16384;
create_opcua_message("HELF", test_data, msg_size);
snort::StreamSplitter::Status result = splitter->scan(&client_packet, test_data, msg_size, 0, &fp);
CHECK_EQUAL(snort::StreamSplitter::FLUSH, result);
projects / thirdparty / snort3.git / commitdiff
