suricata
detect-engine-enip.c File Reference
#include "suricata-common.h"
#include "app-layer.h"
#include "app-layer-enip-common.h"
#include "detect.h"
#include "detect-cipservice.h"
#include "detect-engine-enip.h"
#include "flow.h"
#include "util-debug.h"
Include dependency graph for detect-engine-enip.c:

Go to the source code of this file.

Functions

uint8_t DetectEngineInspectCIP (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 Do the content inspection & validation for a signature. More...
 
uint8_t DetectEngineInspectENIP (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 Do the content inspection & validation for a signature. More...
 

Detailed Description

Author
Kevin Wong kwong.nosp@m.@sol.nosp@m.anane.nosp@m.twor.nosp@m.ks.co.nosp@m.m

Based on detect-engine-modbus.c

Definition in file detect-engine-enip.c.

Function Documentation

◆ DetectEngineInspectCIP()

uint8_t DetectEngineInspectCIP ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const struct DetectEngineAppInspectionEngine_ engine,
const Signature s,
Flow f,
uint8_t  flags,
void *  alstate,
void *  txv,
uint64_t  tx_id 
)

Do the content inspection & validation for a signature.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect ( and sm: SigMatch to inspect)
fFlow
flagsApp layer flags
alstateApp layer state
txvPointer to ENIP Transaction structure
Return values
0no match or 1 match

Definition at line 221 of file detect-engine-enip.c.

References SigMatchData_::ctx, SCEnter, SCLogDebug, SCReturnInt, and DetectEngineAppInspectionEngine_::smd.

◆ DetectEngineInspectENIP()

uint8_t DetectEngineInspectENIP ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const struct DetectEngineAppInspectionEngine_ engine,
const Signature s,
Flow f,
uint8_t  flags,
void *  alstate,
void *  txv,
uint64_t  tx_id 
)

Do the content inspection & validation for a signature.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect ( and sm: SigMatch to inspect)
fFlow
flagsApp layer flags
alstateApp layer state
txvPointer to ENIP Transaction structure
Return values
0no match or 1 match

Definition at line 260 of file detect-engine-enip.c.

References ENIPEncapHdr_::command, SigMatchData_::ctx, DetectEnipCommandData_::enipcommand, ENIPTransaction_::header, SCEnter, SCLogDebug, SCReturnInt, and DetectEngineAppInspectionEngine_::smd.