suricata
|
#include "suricata-common.h"
#include "app-layer.h"
#include "app-layer-enip-common.h"
#include "detect.h"
#include "detect-cipservice.h"
#include "detect-engine-enip.h"
#include "flow.h"
#include "util-debug.h"
Go to the source code of this file.
Functions | |
uint8_t | DetectEngineInspectCIP (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) |
Do the content inspection & validation for a signature. More... | |
uint8_t | DetectEngineInspectENIP (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) |
Do the content inspection & validation for a signature. More... | |
Based on detect-engine-modbus.c
Definition in file detect-engine-enip.c.
uint8_t DetectEngineInspectCIP | ( | DetectEngineCtx * | de_ctx, |
DetectEngineThreadCtx * | det_ctx, | ||
const struct DetectEngineAppInspectionEngine_ * | engine, | ||
const Signature * | s, | ||
Flow * | f, | ||
uint8_t | flags, | ||
void * | alstate, | ||
void * | txv, | ||
uint64_t | tx_id | ||
) |
Do the content inspection & validation for a signature.
de_ctx | Detection engine context |
det_ctx | Detection engine thread context |
s | Signature to inspect ( and sm: SigMatch to inspect) |
f | Flow |
flags | App layer flags |
alstate | App layer state |
txv | Pointer to ENIP Transaction structure |
0 | no match or 1 match |
Definition at line 225 of file detect-engine-enip.c.
References SigMatchData_::ctx, SCEnter, SCLogDebug, SCReturnInt, and DetectEngineAppInspectionEngine_::smd.
uint8_t DetectEngineInspectENIP | ( | DetectEngineCtx * | de_ctx, |
DetectEngineThreadCtx * | det_ctx, | ||
const struct DetectEngineAppInspectionEngine_ * | engine, | ||
const Signature * | s, | ||
Flow * | f, | ||
uint8_t | flags, | ||
void * | alstate, | ||
void * | txv, | ||
uint64_t | tx_id | ||
) |
Do the content inspection & validation for a signature.
de_ctx | Detection engine context |
det_ctx | Detection engine thread context |
s | Signature to inspect ( and sm: SigMatch to inspect) |
f | Flow |
flags | App layer flags |
alstate | App layer state |
txv | Pointer to ENIP Transaction structure |
0 | no match or 1 match |
Definition at line 264 of file detect-engine-enip.c.
References ENIPEncapHdr_::command, SigMatchData_::ctx, DetectEnipCommandData_::enipcommand, ENIPTransaction_::header, SCEnter, SCLogDebug, SCReturnInt, and DetectEngineAppInspectionEngine_::smd.