suricata
Functions
detect-engine-enip.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

int DetectEngineInspectCIP (ThreadVars *, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *, const Signature *, const SigMatchData *smd, Flow *, uint8_t, void *, void *, uint64_t)
 Do the content inspection & validation for a signature. More...
 
int DetectEngineInspectENIP (ThreadVars *, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *, const Signature *, const SigMatchData *smd, Flow *, uint8_t, void *, void *, uint64_t)
 Do the content inspection & validation for a signature. More...
 
void DetectEngineInspectENIPRegisterTests (void)
 

Detailed Description

Author
Kevin Wong kwong.nosp@m.@sol.nosp@m.anane.nosp@m.twor.nosp@m.ks.co.nosp@m.m

Definition in file detect-engine-enip.h.

Function Documentation

int DetectEngineInspectCIP ( ThreadVars tv,
DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Flow f,
uint8_t  flags,
void *  alstate,
void *  txv,
uint64_t  tx_id 
)

Do the content inspection & validation for a signature.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect ( and sm: SigMatch to inspect)
fFlow
flagsApp layer flags
alstateApp layer state
txvPointer to ENIP Transaction structure
Return values
0no match or 1 match

Definition at line 220 of file detect-engine-enip.c.

References SigMatchData_::ctx, SCEnter, SCLogDebug, and SCReturnInt.

Referenced by DetectCipServiceRegister().

Here is the caller graph for this function:

int DetectEngineInspectENIP ( ThreadVars tv,
DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Flow f,
uint8_t  flags,
void *  alstate,
void *  txv,
uint64_t  tx_id 
)

Do the content inspection & validation for a signature.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect ( and sm: SigMatch to inspect)
fFlow
flagsApp layer flags
alstateApp layer state
txvPointer to ENIP Transaction structure
Return values
0no match or 1 match

Definition at line 260 of file detect-engine-enip.c.

References Flow_::alproto, ALPROTO_ENIP, Flow_::alstate, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), ENIPEncapHdr_::command, SigMatchData_::ctx, DE_QUIET, DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectEnipCommandData_::enipcommand, FAIL_IF, FAIL_IF_NULL, Flow_::flags, Packet_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_IPV4, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, ENIPTransaction_::header, PacketAlertCheck(), PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, Flow_::protoctx, SCEnter, SCLogDebug, SCReturnInt, DetectEngineCtx_::sig_list, SigGroupBuild(), SigInit(), SigMatchSignatures(), STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, UTHBuildPacket(), and UTHFreePacket().

Referenced by DetectEnipCommandRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectEngineInspectENIPRegisterTests ( void  )

Definition at line 372 of file detect-engine-enip.c.

References UtRegisterTest().

Here is the call graph for this function: