From bc5ecd6da7f068a12b9ee5397178723481c7a3ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Lindh=C3=A9?= <andreas@lindhe.io>
Date: Tue, 31 Oct 2017 08:33:46 +0100
Subject: Move all files one level down

---
 script/pasad-parsed.bro | 96 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 script/pasad-parsed.bro

(limited to 'script/pasad-parsed.bro')

diff --git a/script/pasad-parsed.bro b/script/pasad-parsed.bro
new file mode 100644
index 0000000..88b1be1
--- /dev/null
+++ b/script/pasad-parsed.bro
@@ -0,0 +1,96 @@
+## Implementation that outputs the register identification and the register
+## value. The correct register count is not checked and might lead to indexing
+## errors.
+
+module Pasad;
+
+## DATA STRUCTURES
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Transaction: record {
+		start_address:	count;
+		quantity:	count;
+	};
+
+	type TransactionTable: table[count] of Transaction;
+
+	type Info: record {
+		transactions:	TransactionTable	&default=TransactionTable();
+	};
+
+	type Entry: record {
+		ip:		addr	&log;
+		uid:		count	&log;
+		regtype:	string	&log;
+		address:	count	&log;
+		register:	count	&log;
+	};
+}
+
+redef record connection += {
+	pasad: Info	&default=Info();
+};
+
+## CUSTOM EVENTS
+
+event pasad_entry(entry: Entry)
+	{
+	Log::write(Pasad::LOG, entry);
+	}
+
+event pasad_unmatched(tid: count)
+	{
+	print fmt("Unmatched response: tid=%d", tid);
+	}
+
+## CUSTOM FUNCTIONS
+
+function pasad_generate_events(transaction: Transaction, c: connection, headers: ModbusHeaders, registers: ModbusRegisters, regtype: string)
+	{
+	# TODO: check registers size
+	local i = 0;
+	while ( i < transaction$quantity )
+		{
+		local entry  = Entry(
+			$ip=c$id$orig_h,
+			$uid=headers$uid,
+			$regtype=regtype,
+			$address=transaction$start_address + i,
+			$register=registers[i]
+		);
+		event pasad_entry(entry);
+		++i;
+		}
+	}
+
+## EVENT HANDLERS
+
+event bro_init() &priority=5
+	{
+	Log::create_stream(Pasad::LOG, [$columns=Entry, $path="pasad-parsed"]);
+	}
+
+event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
+	{
+	local tid = headers$tid;
+	local transaction = Transaction(
+		$start_address=start_address,
+		$quantity=quantity
+	);
+	c$pasad$transactions[tid] = transaction;
+	}
+
+event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters)
+	{
+	local tid = headers$tid;
+	if ( tid !in c$pasad$transactions )
+		{
+		event pasad_unmatched(tid);
+		return;
+		}
+	local transaction = c$pasad$transactions[tid];
+	delete c$pasad$transactions[tid];
+	pasad_generate_events(transaction, c, headers, registers, "h");
+	}
-- 
cgit v1.2.1