diff options
author | Robin Krahl <guskraro@student.gu.se> | 2017-10-04 14:51:12 +0200 |
---|---|---|
committer | Andreas Lindhé <andreas@lindhe.io> | 2017-10-09 12:14:35 +0200 |
commit | a0095ef4c4ef74d3726e58dea5f04cb55f2a6a20 (patch) | |
tree | 234c7fb0d8d6cb23d32a3d3db1de3d79e1793f3b /broccoli | |
parent | c0c910535b03a7565dd57e2f8dddecf0ad6714df (diff) | |
download | midbro-a0095ef4c4ef74d3726e58dea5f04cb55f2a6a20.tar.gz midbro-a0095ef4c4ef74d3726e58dea5f04cb55f2a6a20.tar.bz2 |
broevent: Combine the pasad-parsed script with midbro
Diffstat (limited to 'broccoli')
-rw-r--r-- | broccoli/script/modbus.bro | 90 | ||||
-rw-r--r-- | broccoli/src/broevent.c | 29 |
2 files changed, 104 insertions, 15 deletions
diff --git a/broccoli/script/modbus.bro b/broccoli/script/modbus.bro index a2caed9..813bf9c 100644 --- a/broccoli/script/modbus.bro +++ b/broccoli/script/modbus.bro @@ -1,26 +1,98 @@ @load frameworks/communication/listen + module Pasad; redef Communication::listen_port = 47760/tcp; redef Communication::listen_ssl = F; -global response: event(register: count, uid: count); +## DATA STRUCTURES + +export { + redef enum Log::ID += { LOG }; + + type Transaction: record { + start_address: count; + quantity: count; + }; + + type TransactionTable: table[count] of Transaction; + + type Info: record { + transactions: TransactionTable &default=TransactionTable(); + }; + + type RegisterData: record { + ip: addr &log; + uid: count &log; + regtype: string &log; + address: count &log; + register: count &log; + }; +} + +redef record connection += { + pasad: Info &default=Info(); +}; redef Communication::nodes += { - ["broevent"] = [$host = 127.0.0.1, $events = /broevent/, $connect=F, $ssl=F] + ["pasad"] = [$host = 127.0.0.1, $events = /pasad/, $connect=F, $ssl=F] }; -event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_adress: count, quantity: count) +## CUSTOM EVENTS -{ - print fmt("Request: %d", quantity); +event pasad_register_received(data: RegisterData) { + Log::write(Pasad::LOG, data); + print fmt("Received address=%d, register=%d", data$address, data$register); } -event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters) +event pasad_unmatched_response(tid: count) { + print fmt("Unmatched response: tid=%d", tid); +} + +## CUSTOM FUNCTIONS + +function pasad_generate_events(transaction: Transaction, c: connection, + headers: ModbusHeaders, registers: ModbusRegisters, regtype: string) { + # TODO: check registers size + local i = 0; + while (i < transaction$quantity) { + local data = RegisterData( + $ip=c$id$orig_h, + $uid=headers$uid, + $regtype=regtype, + $address=transaction$start_address + i, + $register=registers[i] + ); + event pasad_register_received(data); + ++i; + } +} -{ - print fmt("Response: %d", registers[0]); - event response(registers[0],headers$uid); +## EVENT HANDLERS + +event bro_init() &priority=5 { + Log::create_stream(Pasad::LOG, [$columns=RegisterData, $path="pasad-parsed"]); +} + +event modbus_read_holding_registers_request(c: connection, + headers: ModbusHeaders, start_address: count, quantity: count) { + local tid = headers$tid; + local transaction = Transaction( + $start_address=start_address, + $quantity=quantity + ); + c$pasad$transactions[tid] = transaction; } +event modbus_read_holding_registers_response(c: connection, + headers: ModbusHeaders, registers: ModbusRegisters) { + local tid = headers$tid; + if (tid !in c$pasad$transactions) { + event pasad_unmatched_response(tid); + return; + } + local transaction = c$pasad$transactions[tid]; + delete c$pasad$transactions[tid]; + pasad_generate_events(transaction, c, headers, registers, "h"); +} diff --git a/broccoli/src/broevent.c b/broccoli/src/broevent.c index 3813270..8a74881 100644 --- a/broccoli/src/broevent.c +++ b/broccoli/src/broevent.c @@ -9,13 +9,29 @@ char *port_default = "47760"; Fifo_q * q; static void -bro_response(BroConn *conn, void *data, uint64* registers, uint64* uid) +pasad_register_received(BroConn *conn, void *data, BroRecord *record) { - add_to_queue(q,create_sensor_object(*registers,*uid)); - //printf("Received value %"PRIu64" from uid=%"PRIu64"\n",*registers,*uid); + int type = BRO_TYPE_COUNT; + uint64 *address = NULL; + uint64 *value = NULL; - conn = NULL; - data = NULL; + // TODO: handle regtype + address = bro_record_get_named_val(record, "address", &type); + if (!address) { + // TODO: handle error + return; + } + value = bro_record_get_named_val(record, "register", &type); + if (!value) { + // TODO: handle error + return; + } + + printf("Received value %"PRIu64" from uid=%"PRIu64"\n",*value,*address); + + add_to_queue(q, create_sensor_object(*value, *address)); + + printf("Added to queue.\n"); } void * @@ -36,7 +52,8 @@ bro_event_listener(void * args) bro_debug_calltrace = 0; bro_debug_messages = 0; - bro_event_registry_add(bc, "response",(BroEventFunc) bro_response, NULL); + bro_event_registry_add(bc, "pasad_register_received", + (BroEventFunc) pasad_register_received, NULL); if (! bro_conn_connect(bc)) { |