Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding SCADA EtherNet/IP and CIP protocol support #2311

Closed
wants to merge 3 commits into from
Closed

Adding SCADA EtherNet/IP and CIP protocol support #2311

wants to merge 3 commits into from

Conversation

kwong-solana
Copy link
Contributor

  1. The enip-feature-1495-v15 branch contains support for the ENIP/CIP
    Industrial protocol
  2. This is an app layer implementation which uses the "enip" protocol
    and "cip_service" and "enip_command" keywords
  3. Rebased master to clean out commits done on master and then
    merged to latest code
  4. Addresses failed PR's
    Enip feature 1495 v3 #1810 and
    Enip feature 1495 v4 #1819 and
    1. The enip-feature-1495-v4 branch contains support for the ENIP/CIP #1827 and
    1. The enip-feature-1495-v6 branch contains support for the ENIP/CIP #2009 and
    Enip feature 1495 v7 #2011 and
    Adding SCADA EtherNet/IP and CIP protocol support #2012 and
    Adding SCADA EtherNet/IP and CIP protocol support #2019 and
    Adding SCADA EtherNet/IP and CIP protocol support #2030 and
    Adding SCADA EtherNet/IP and CIP protocol support #2068 and
    Adding SCADA EtherNet/IP and CIP protocol support #2107 and
    Adding SCADA EtherNet/IP and CIP protocol support #2305
  5. As requested, added AFL entry points

@kwong-solana
Adding SCADA EtherNet/IP and CIP protocol support
d2506b6 
1.  The enip-feature-1495-v15 branch contains support for the ENIP/CIP
Industrial protocol

2. This is an app layer implementation which uses the "enip" protocol
and "cip_service" and "enip_command" keywords

3.  Rebased master to clean out commits done on master and then
merged to latest code

4.  Addresses failed PR's
OISF#1810 and
OISF#1819 and
OISF#1827 and
OISF#2009 and
OISF#2011 and
OISF#2012 and
OISF#2019 and
OISF#2030 and
OISF#2068 and
OISF#2107 and
OISF#2305

5.  As requested, added AFL entry points
inliniac
inliniac reviewed Sep 29, 2016
View reviewed changes
src/app-layer-enip-common.h
*/
typedef struct ENIPEncapHdr_
{
u_int64_t context;
Copy link
Contributor

@inliniac inliniac Sep 29, 2016
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

All these u_int* should be converted to uint*. The u_int* ones are not portable.

(update formatting)

inliniac
inliniac reviewed Sep 29, 2016
View reviewed changes
src/app-layer-enip-common.h
} response;
};

TAILQ_HEAD(, SegmentEntry_) segment_list; /**< list for CIP segment */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style looks off here

inliniac
inliniac reviewed Sep 29, 2016
View reviewed changes
src/app-layer-enip-common.h
{
uint16_t attribute; //segment class

TAILQ_ENTRY(AttributeEntry_) next;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would you like me to create a new branch for these fixes?

@inliniac
Copy link
Contributor

I think we also need a suricata.yaml.in update to add these protocols (disabled by default I think).

Then we'd need a doc update, which is new. This would need update https://github.com/inliniac/suricata/blob/master/doc/userguide/configuration/suricata-yaml.rst and here we'd need a new file: https://github.com/inliniac/suricata/tree/master/doc/userguide/rules

@inliniac
Copy link
Contributor

Can you fix these commit messages? I have no idea why they start with "1. ..."

@kwong-solana
Copy link
Contributor Author

Sure, would you like me to make a new branch for the changes? I put a

  1. Because I was numbering the changes, This one only had 1 change

On 29/09/2016 12:09 PM, Victor Julien wrote:

Can you fix these commit messages? I have no idea why they start with
"1. ..."


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#2311 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AMg0-jY2IURSxU_rEI2nVM3Q3-OjuPSXks5qu-KwgaJpZM4KKENx.

Kevin Wong

Solana Networks Inc | 613.596.2557 x575 | kwong@solananetworks.com

http://www.solananetworks.com

http://www.sparrowiq.com

kwong-solana added a commit to kwong-solana/suricata that referenced this pull request Sep 29, 2016
@kwong-solana
Adding SCADA EtherNet/IP and CIP protocol support
ffaa042 
1.  The enip-feature-1495-v16 branch contains support for the ENIP/CIP
Industrial protocol

2. This is an app layer implementation which uses the "enip" protocol
and "cip_service" and "enip_command" keywords

3.  Rebased master to clean out commits done on master and then
merged to latest code

4.  Addresses failed PR's
OISF#1810 and
OISF#1819 and
OISF#1827 and
OISF#2009 and
OISF#2011 and
OISF#2012 and
OISF#2019 and
OISF#2030 and
OISF#2068 and
OISF#2107 and
OISF#2305 and
OISF#2311

5.  As requested, added AFL entry points
@kwong-solana kwong-solana mentioned this pull request Sep 29, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inliniac inliniac inliniac left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@kwong-solana @inliniac