From 02f25d16fa3366f1d067f7b2ee6d853eea2bbcb4 Mon Sep 17 00:00:00 2001
From: Robin Krahl <guskraro@student.gu.se>
Date: Mon, 25 Sep 2017 21:26:55 +0000
Subject: bro-script: Add more advanced implementation

Add a more advanced Bro script implementation that outputs the address
and the register value, one line per address.  This approach also
suffers from the connection assumption described for pasad-simple and
contains no sanity checks at all.
---
 bro-script/pasad-parsed.bro |  46 ++++++++++++++++++++
 bro-script/pasad-parsed.log | 100 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 146 insertions(+)
 create mode 100644 bro-script/pasad-parsed.bro
 create mode 100644 bro-script/pasad-parsed.log

diff --git a/bro-script/pasad-parsed.bro b/bro-script/pasad-parsed.bro
new file mode 100644
index 0000000..7fcc905
--- /dev/null
+++ b/bro-script/pasad-parsed.bro
@@ -0,0 +1,46 @@
+## Implementation that outputs pairs of register IDs and values.
+## Otherwise, the same restrictions as with pasad-simple apply.  Additionally,
+## the correct register count is not checked and might lead to indexing errors.
+
+module Pasad;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Info: record {
+		start_address:	count	&log;
+		quantity:	count	&log;
+	};
+
+	type Entry: record {
+		address:	count &log;
+		register:	count &log;
+	};
+}
+
+redef record connection += {
+	pasad: Info &optional;
+};
+
+event bro_init() &priority=5
+	{
+	Log::create_stream(Pasad::LOG, [$columns=Entry, $path="pasad-parsed"]);
+	}
+
+event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
+	{
+	c$pasad = [$start_address=start_address, $quantity=quantity];
+	}
+
+event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters)
+	{
+		local i = 0;
+		while ( i < c$pasad$quantity )
+			{
+			local address = c$pasad$start_address + i;
+			local mb_register = registers[i];
+			local entry  = Entry($address=address, $register=mb_register);
+			Log::write(Pasad::LOG, entry);
+			++i;
+			}
+	}
diff --git a/bro-script/pasad-parsed.log b/bro-script/pasad-parsed.log
new file mode 100644
index 0000000..bf195b7
--- /dev/null
+++ b/bro-script/pasad-parsed.log
@@ -0,0 +1,100 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	pasad-parsed
+#open	2017-09-25-21-23-53
+#fields	address	register
+#types	count	count
+80	48979
+81	7282
+82	15636
+83	9709
+84	48404
+85	9709
+86	16943
+87	32237
+60	17173
+61	45657
+62	49927
+63	27307
+64	17146
+65	46421
+66	17120
+67	57951
+68	17107
+69	22452
+70	16795
+71	13653
+0	244
+1	32776
+2	9728
+68	0
+69	0
+70	0
+71	0
+72	0
+73	0
+50	2016
+51	11
+52	28
+53	13
+54	56
+55	15
+40	7
+41	0
+42	32768
+43	0
+44	0
+45	0
+50	2016
+51	11
+52	28
+53	13
+54	56
+55	15
+40	120
+41	1
+42	0
+43	0
+44	0
+45	0
+46	0
+0	31840
+1	27348
+2	32541
+3	6170
+4	26
+5	12311
+6	0
+7	0
+8	0
+9	0
+68	17000
+69	0
+70	17012
+71	0
+72	17008
+73	0
+74	15948
+75	52429
+68	17052
+69	0
+70	17048
+71	0
+72	17046
+73	0
+74	17042
+75	0
+76	16256
+77	0
+50	2016
+51	11
+52	28
+53	13
+54	56
+55	14
+40	263
+41	0
+42	0
+43	0
-- 
cgit v1.2.1