summaryrefslogtreecommitdiff
path: root/bro-script
diff options
context:
space:
mode:
authorRobin Krahl <guskraro@student.gu.se>2017-09-25 21:26:55 +0000
committerRobin Krahl <guskraro@student.gu.se>2017-09-25 21:26:55 +0000
commit02f25d16fa3366f1d067f7b2ee6d853eea2bbcb4 (patch)
tree6adf224a572058f73ca7ff9e2ac82a9ca8b25290 /bro-script
parentb88e20cf164716368bc19937cd8eb6525d991a90 (diff)
downloadmidbro-02f25d16fa3366f1d067f7b2ee6d853eea2bbcb4.tar.gz
midbro-02f25d16fa3366f1d067f7b2ee6d853eea2bbcb4.tar.bz2
bro-script: Add more advanced implementation
Add a more advanced Bro script implementation that outputs the address and the register value, one line per address. This approach also suffers from the connection assumption described for pasad-simple and contains no sanity checks at all.
Diffstat (limited to 'bro-script')
-rw-r--r--bro-script/pasad-parsed.bro46
-rw-r--r--bro-script/pasad-parsed.log100
2 files changed, 146 insertions, 0 deletions
diff --git a/bro-script/pasad-parsed.bro b/bro-script/pasad-parsed.bro
new file mode 100644
index 0000000..7fcc905
--- /dev/null
+++ b/bro-script/pasad-parsed.bro
@@ -0,0 +1,46 @@
+## Implementation that outputs pairs of register IDs and values.
+## Otherwise, the same restrictions as with pasad-simple apply. Additionally,
+## the correct register count is not checked and might lead to indexing errors.
+
+module Pasad;
+
+export {
+ redef enum Log::ID += { LOG };
+
+ type Info: record {
+ start_address: count &log;
+ quantity: count &log;
+ };
+
+ type Entry: record {
+ address: count &log;
+ register: count &log;
+ };
+}
+
+redef record connection += {
+ pasad: Info &optional;
+};
+
+event bro_init() &priority=5
+ {
+ Log::create_stream(Pasad::LOG, [$columns=Entry, $path="pasad-parsed"]);
+ }
+
+event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
+ {
+ c$pasad = [$start_address=start_address, $quantity=quantity];
+ }
+
+event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters)
+ {
+ local i = 0;
+ while ( i < c$pasad$quantity )
+ {
+ local address = c$pasad$start_address + i;
+ local mb_register = registers[i];
+ local entry = Entry($address=address, $register=mb_register);
+ Log::write(Pasad::LOG, entry);
+ ++i;
+ }
+ }
diff --git a/bro-script/pasad-parsed.log b/bro-script/pasad-parsed.log
new file mode 100644
index 0000000..bf195b7
--- /dev/null
+++ b/bro-script/pasad-parsed.log
@@ -0,0 +1,100 @@
+#separator \x09
+#set_separator ,
+#empty_field (empty)
+#unset_field -
+#path pasad-parsed
+#open 2017-09-25-21-23-53
+#fields address register
+#types count count
+80 48979
+81 7282
+82 15636
+83 9709
+84 48404
+85 9709
+86 16943
+87 32237
+60 17173
+61 45657
+62 49927
+63 27307
+64 17146
+65 46421
+66 17120
+67 57951
+68 17107
+69 22452
+70 16795
+71 13653
+0 244
+1 32776
+2 9728
+68 0
+69 0
+70 0
+71 0
+72 0
+73 0
+50 2016
+51 11
+52 28
+53 13
+54 56
+55 15
+40 7
+41 0
+42 32768
+43 0
+44 0
+45 0
+50 2016
+51 11
+52 28
+53 13
+54 56
+55 15
+40 120
+41 1
+42 0
+43 0
+44 0
+45 0
+46 0
+0 31840
+1 27348
+2 32541
+3 6170
+4 26
+5 12311
+6 0
+7 0
+8 0
+9 0
+68 17000
+69 0
+70 17012
+71 0
+72 17008
+73 0
+74 15948
+75 52429
+68 17052
+69 0
+70 17048
+71 0
+72 17046
+73 0
+74 17042
+75 0
+76 16256
+77 0
+50 2016
+51 11
+52 28
+53 13
+54 56
+55 14
+40 263
+41 0
+42 0
+43 0