detect-engine-enip.c File Reference
#include "suricata-common.h"#include "app-layer.h"#include "app-layer-enip-common.h"#include "detect.h"#include "detect-cipservice.h"#include "detect-engine-enip.h"#include "flow.h"#include "util-debug.h"
Include dependency graph for detect-engine-enip.c:
Go to the source code of this file.
Functions | |
| uint8_t | DetectEngineInspectCIP (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) |
| Do the content inspection & validation for a signature. More... | |
| uint8_t | DetectEngineInspectENIP (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) |
| Do the content inspection & validation for a signature. More... | |
Detailed Description
Based on detect-engine-modbus.c
Definition in file detect-engine-enip.c.
Function Documentation
◆ DetectEngineInspectCIP()
| uint8_t DetectEngineInspectCIP | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const struct DetectEngineAppInspectionEngine_ * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect ( and sm: SigMatch to inspect) f Flow flags App layer flags alstate App layer state txv Pointer to ENIP Transaction structure
- Return values
-
0 no match or 1 match
Definition at line 225 of file detect-engine-enip.c.
References SigMatchData_::ctx, SCEnter, SCLogDebug, SCReturnInt, and DetectEngineAppInspectionEngine_::smd.
◆ DetectEngineInspectENIP()
| uint8_t DetectEngineInspectENIP | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const struct DetectEngineAppInspectionEngine_ * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect ( and sm: SigMatch to inspect) f Flow flags App layer flags alstate App layer state txv Pointer to ENIP Transaction structure
- Return values
-
0 no match or 1 match
Definition at line 264 of file detect-engine-enip.c.
References ENIPEncapHdr_::command, SigMatchData_::ctx, DetectEnipCommandData_::enipcommand, ENIPTransaction_::header, SCEnter, SCLogDebug, SCReturnInt, and DetectEngineAppInspectionEngine_::smd.
