diff options
| author | Andreas Lindhé <andreas@lindhe.io> | 2017-10-31 08:33:46 +0100 |
|---|---|---|
| committer | Andreas Lindhé <andreas@lindhe.io> | 2017-10-31 08:41:40 +0100 |
| commit | bc5ecd6da7f068a12b9ee5397178723481c7a3ea (patch) | |
| tree | 6ac5bb33df7c3aacde8eb254c4aee1ce1df9dd29 /broccoli/script/modbus.bro | |
| parent | 2d5d5be5702867a7a719312a5a148489c3b68f31 (diff) | |
| download | midbro-bc5ecd6da7f068a12b9ee5397178723481c7a3ea.tar.gz midbro-bc5ecd6da7f068a12b9ee5397178723481c7a3ea.tar.bz2 | |
Move all files one level down
Diffstat (limited to 'broccoli/script/modbus.bro')
| -rw-r--r-- | broccoli/script/modbus.bro | 150 |
1 files changed, 0 insertions, 150 deletions
diff --git a/broccoli/script/modbus.bro b/broccoli/script/modbus.bro deleted file mode 100644 index d258de3..0000000 --- a/broccoli/script/modbus.bro +++ /dev/null @@ -1,150 +0,0 @@ -# Example usage: -# bro -b -C -i eth0 modbus.bro Log::default_writer=Log::WRITER_NONE -@load frameworks/communication/listen -@load base/protocols/modbus - -module Pasad; - -redef Pcap::bufsize = 256; - -redef Communication::listen_port = 47760/tcp; - -redef Communication::listen_ssl = F; - -## Global variables -global verbose=F; - -## DATA STRUCTURES - -export { - redef enum Log::ID += { LOG }; - - type Transaction: record { - start_address: count; - quantity: count; - }; - - type TransactionTable: table[count] of Transaction; - - type Info: record { - transactions: TransactionTable &default=TransactionTable(); - }; - - type RegisterData: record { - ip: addr &log; - uid: count &log; - regtype: string &log; - address: count &log; - register: count &log; - }; - - const enable_filtering : bool = T; - const filter_ip_addr : addr = 192.168.215.66; - const filter_mem_addr : count = 64; -} - -redef record connection += { - pasad: Info &default=Info(); -}; - -redef Communication::nodes += { - ["pasad"] = [$host = 127.0.0.1, $events = /pasad/, $connect=F, $ssl=F] -}; - -## CUSTOM EVENTS - -event pasad_register_received(data: RegisterData) { - Log::write(Pasad::LOG, data); - if(verbose) - print fmt("Received address=%d, register=%d", data$address, data$register); -} - -event pasad_unmatched_response(tid: count) { - if(verbose) - print fmt("Unmatched response: tid=%d", tid); -} - -## CUSTOM FUNCTIONS - -function pasad_check_filter(ip: addr, start_address: count, quantity: count) : bool { - if (!enable_filtering) - return T; - if (ip != filter_ip_addr) - return F; - - if (start_address == 0 && quantity == 0) - return T; - if (start_address > filter_mem_addr) - return F; - return filter_mem_addr < start_address + quantity; -} - -function pasad_generate_event(transaction: Transaction, c: connection, - headers: ModbusHeaders, registers: ModbusRegisters, regtype: string, - i: count) { - local data = RegisterData( - $ip=c$id$resp_h, - $uid=headers$uid, - $regtype=regtype, - $address=transaction$start_address + i, - $register=registers[i] - ); - event pasad_register_received(data); -} - -function pasad_generate_events(transaction: Transaction, c: connection, - headers: ModbusHeaders, registers: ModbusRegisters, regtype: string) { - # TODO: check registers size - if (enable_filtering) { - if(verbose) - print fmt("%d %d %d", filter_mem_addr, transaction$start_address, transaction$quantity); - pasad_generate_event(transaction, c, headers, registers, regtype, - filter_mem_addr - transaction$start_address); - } else { - local i = 0; - while (i < transaction$quantity) { - pasad_generate_event(transaction, c, headers, registers, regtype, i); - ++i; - } - } -} - -## EVENT HANDLERS - -event bro_init() &priority=5 { - Log::create_stream(Pasad::LOG, [$columns=RegisterData, $path="pasad-parsed"]); -} - -event modbus_read_holding_registers_request(c: connection, - headers: ModbusHeaders, start_address: count, quantity: count) { - if (!pasad_check_filter(c$id$resp_h, start_address, quantity)) { - if(verbose) - print fmt("Filtered %s/%d/%d", c$id$resp_h, start_address, quantity); - return; - } - - local tid = headers$tid; - local transaction = Transaction( - $start_address=start_address, - $quantity=quantity - ); - c$pasad$transactions[tid] = transaction; -} - -event modbus_read_holding_registers_response(c: connection, - headers: ModbusHeaders, registers: ModbusRegisters) { - if (!pasad_check_filter(c$id$resp_h, 0, 0)) { - if(verbose) - print fmt("Filtered %s", c$id$resp_h); - return; - } - - local tid = headers$tid; - if (tid !in c$pasad$transactions) { - event pasad_unmatched_response(tid); - return; - } - local transaction = c$pasad$transactions[tid]; - delete c$pasad$transactions[tid]; - pasad_generate_events(transaction, c, headers, registers, "h"); -} |