diff options
| author | Robin Krahl <guskraro@student.gu.se> | 2017-09-25 20:55:08 +0000 |
|---|---|---|
| committer | Robin Krahl <guskraro@student.gu.se> | 2017-09-25 20:58:16 +0000 |
| commit | 7c55cebd914ac059b9c91a897cb00011b689eb57 (patch) | |
| tree | 9c84a17bff5328d298add5abffd3e65d87297dd6 /bro-script/pasad-simple.bro | |
| parent | 478b8df6262d405015bf2ea7ca28ef06d2df3e5e (diff) | |
| download | midbro-7c55cebd914ac059b9c91a897cb00011b689eb57.tar.gz midbro-7c55cebd914ac059b9c91a897cb00011b689eb57.tar.bz2 | |
bro-script: Add simple baseline implementation
This implementation only logs the (combined) request and response events
that occur within the same connection. This assumes that a response is
always send over the same connection as a request. It is unclear
whether this assumption really holds.
This implementation does not yet contain error handling, so if there was
no response for a request, Bro displays an error message.
It also does not contain an interpretation of the values, so if multiple
values are read within one request, they are displayed in the same log
entry.
Diffstat (limited to 'bro-script/pasad-simple.bro')
| -rw-r--r-- | bro-script/pasad-simple.bro | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/bro-script/pasad-simple.bro b/bro-script/pasad-simple.bro new file mode 100644 index 0000000..d5f3e10 --- /dev/null +++ b/bro-script/pasad-simple.bro @@ -0,0 +1,46 @@ +## Simple implementation that outputs the raw request and response data +## to a log file. +## Currently, this only handles the read_holding_registers event. Other +## events can be handled similarily. This implementation assumes that +## requests and responses are exchanged within the same connection. I am not +## sure whether this really holds. + +module Pasad; + +export { + redef enum Log::ID += { LOG }; + + type Info: record { + ts_request: time &log; + ts_response: time &log &optional; + rtype: string &log; + tid_request: count &log; + tid_response: count &log &optional; + start_adress: count &log; + quantity: count &log; + registers: ModbusRegisters &log &optional; + }; +} + +redef record connection += { + pasad: Info &optional; +}; + +event bro_init() &priority=5 + { + Log::create_stream(Pasad::LOG, [$columns=Info, $path="pasad"]); + } + +event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_adress: count, quantity: count) + { + local rec: Info = [$ts_request=network_time(), $rtype="holding", $tid_request=headers$tid, $start_adress=start_adress, $quantity=quantity]; + c$pasad = rec; + } + +event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters) + { + c$pasad$tid_response = headers$tid; + c$pasad$ts_response = network_time(); + c$pasad$registers = registers; + Log::write(Pasad::LOG, c$pasad); + } |