Go to the documentation of this file.
33 static int g_dnp3_match_buffer_id = 0;
34 static int g_dnp3_data_buffer_id = 0;
61 {
"device_restart", 0x8000},
62 {
"device_trouble", 0x4000},
63 {
"local_control", 0x2000},
64 {
"need_time", 0x1000},
65 {
"class_3_events", 0x0800},
66 {
"class_2_events", 0x0400},
67 {
"class_1_events", 0x0200},
68 {
"all_stations", 0x0100},
70 {
"reserved_1", 0x0080},
71 {
"reserved_2", 0x0040},
72 {
"config_corrupt", 0x0020},
73 {
"already_executing", 0x0010},
74 {
"event_buffer_overflow", 0x0008},
75 {
"parameter_error", 0x0004},
76 {
"object_unknown", 0x0002},
77 {
"no_func_code_support", 0x0001},
91 {
"direct_operate", 5},
92 {
"direct_operate_nr", 6},
94 {
"immed_freeze_nr", 8},
96 {
"freeze_clear_nr", 10},
97 {
"freeze_at_time", 11},
98 {
"freeze_at_time_nr", 12},
100 {
"warm_restart", 14},
101 {
"initialize_data", 15},
102 {
"initialize_appl", 16},
106 {
"enable_unsolicited", 20},
107 {
"disable_unsolicited", 21},
108 {
"assign_class", 22},
109 {
"delay_measure", 23},
110 {
"record_current_time", 24},
114 {
"get_file_info", 28},
115 {
"authenticate_file", 29},
117 {
"activate_config", 31},
118 {
"authenticate_req", 32},
119 {
"authenticate_err", 33},
121 {
"unsolicited_response", 130},
122 {
"authenticate_resp", 131}
126 static void DetectDNP3FuncRegisterTests(
void);
127 static void DetectDNP3IndRegisterTests(
void);
128 static void DetectDNP3ObjRegisterTests(
void);
135 static char *TrimString(
char *
str)
137 char *end =
str + strlen(
str) - 1;
138 while (isspace(*
str)) {
141 while (end >
str && isspace(*end)) {
150 Flow *_f,
const uint8_t flow_flags,
151 void *txv,
const int list_id)
159 if ((flow_flags & STREAM_TOSERVER && !tx->
is_request) ||
160 (flow_flags & STREAM_TOCLIENT && tx->
is_request)) {
186 static int DetectDNP3FuncParseFunctionCode(
const char *
str, uint8_t *fc)
215 SCLogError(
"Invalid argument \"%s\" supplied to dnp3_func keyword.",
str);
230 sm->
ctx = (
void *)dnp3;
245 static int DetectDNP3IndParseByName(
const char *
str, uint16_t *
flags)
247 char tmp[strlen(
str) + 1];
248 char *p, *last = NULL;
252 for ((p = strtok_r(tmp,
",", &last)); p; (p = strtok_r(NULL,
",", &last))) {
266 SCLogError(
"Bad argument \"%s\" supplied to dnp3.ind keyword.", p);
274 static int DetectDNP3IndParse(
const char *
str, uint16_t *
flags)
283 if (DetectDNP3IndParseByName(
str,
flags)) {
300 if (!DetectDNP3IndParse(
str, &
flags)) {
301 SCLogError(
"Invalid argument \"%s\" supplied to dnp3.ind keyword.",
str);
316 sm->
ctx = (
void *)detect;
321 if (detect != NULL) {
339 static int DetectDNP3ObjParse(
const char *
str, uint8_t *
group, uint8_t *var)
341 size_t size = strlen(
str) + 1;
342 char groupstr[size], *varstr, *sep;
345 sep = strchr(groupstr,
',');
378 detect =
SCCalloc(1,
sizeof(*detect));
390 sm->
ctx = (
void *)detect;
395 if (detect != NULL) {
436 DNP3ObjectList *objects = NULL;
444 if (objects != NULL) {
464 if (
flags & STREAM_TOCLIENT) {
474 static void DetectDNP3FuncRegister(
void)
488 DetectDNP3FuncRegisterTests;
493 static void DetectDNP3IndRegister(
void)
507 DetectDNP3IndRegisterTests;
512 static void DetectDNP3ObjRegister(
void)
526 DetectDNP3ObjRegisterTests;
543 static void DetectDNP3DataRegister(
void)
576 DetectDNP3DataRegister();
578 DetectDNP3FuncRegister();
579 DetectDNP3IndRegister();
580 DetectDNP3ObjRegister();
600 static int DetectDNP3FuncParseFunctionCodeTest(
void)
605 FAIL_IF_NOT(DetectDNP3FuncParseFunctionCode(
"0", &fc));
608 FAIL_IF_NOT(DetectDNP3FuncParseFunctionCode(
"1", &fc));
611 FAIL_IF_NOT(DetectDNP3FuncParseFunctionCode(
"254", &fc));
614 FAIL_IF_NOT(DetectDNP3FuncParseFunctionCode(
"255", &fc));
617 FAIL_IF_NOT(DetectDNP3FuncParseFunctionCode(
"confirm", &fc));
620 FAIL_IF_NOT(DetectDNP3FuncParseFunctionCode(
"CONFIRM", &fc));
624 FAIL_IF(DetectDNP3FuncParseFunctionCode(
"", &fc));
625 FAIL_IF(DetectDNP3FuncParseFunctionCode(
"-1", &fc));
626 FAIL_IF(DetectDNP3FuncParseFunctionCode(
"-2", &fc));
627 FAIL_IF(DetectDNP3FuncParseFunctionCode(
"256", &fc));
628 FAIL_IF(DetectDNP3FuncParseFunctionCode(
"unknown_function_code", &fc));
633 static int DetectDNP3FuncTest01(
void)
639 "(msg:\"SURICATA DNP3 Write request\"; "
640 "dnp3_func:2; sid:5000009; rev:1;)");
654 static int DetectDNP3IndTestParseAsInteger(
void)
678 static int DetectDNP3IndTestParseByName(
void)
684 FAIL_IF(!DetectDNP3IndParse(
"class_1_events , class_2_events", &
flags));
694 static int DetectDNP3ObjSetupTest(
void)
700 "(msg:\"SURICATA DNP3 Object Test\"; "
701 "dnp3_obj:99,99; sid:1; rev:1;)");
716 static int DetectDNP3ObjParseTest(
void)
734 static void DetectDNP3FuncRegisterTests(
void)
737 DetectDNP3FuncParseFunctionCodeTest);
741 static void DetectDNP3IndRegisterTests(
void)
744 DetectDNP3IndTestParseAsInteger);
746 DetectDNP3IndTestParseByName);
749 static void DetectDNP3ObjRegisterTests(
void)
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
#define SIGMATCH_INFO_STICKY_BUFFER
void SigMatchAppendSMToList(Signature *s, SigMatch *new, const int list)
Append a SigMatch to the list type.
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void(* Free)(DetectEngineCtx *, void *)
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, int(*PrefilterRegister)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id), InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void DetectDNP3Register(void)
struct HtpBodyChunk_ * next
Struct to hold the list of decoded objects.
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
#define TAILQ_FOREACH(var, head, field)
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
int DetectBufferTypeGetByName(const char *name)
size_t strlcpy(char *dst, const char *src, size_t siz)
DNP3Mapping DNP3IndicatorsMap[]
int StringParseUint8(uint8_t *res, int base, size_t len, const char *str)
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
int DetectBufferTypeRegister(const char *name)
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
SigMatch * DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
#define SCLogError(...)
Macro used to log ERROR messages.
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
a single match condition for a signature
DetectEngineCtx * DetectEngineCtxInit(void)
struct DetectDNP3_ DetectDNP3
DNP3Mapping DNP3FunctionNameMap[]
void(* RegisterTests)(void)