Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fixed number of object bug in dnp3-protocol pac; update two base test trases

Browse source
This commit is contained in:
Hui Lin 2013-08-23 18:10:30 -05:00
parent 927f534833
commit 3e3ca1bb74
7 changed files with 181 additions and 1336 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/analyzer/protocol/dnp3/dnp3-protocol.pac
View file

@ -112,10 +112,10 @@ type Request_Objects(function_code: uint8) = record {
type Response_Objects(function_code: uint8) = record { type Response_Objects(function_code: uint8) = record {
object_header: Object_Header(function_code); object_header: Object_Header(function_code);
data: case (object_header.object_type_field) of { data: case (object_header.object_type_field) of {
0x0101 -> biwoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) ]; 0x0101 -> biwoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) + 1 ];
0x0301 -> diwoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) ]; 0x0301 -> diwoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) + 1 ];
0x0a01 -> bowoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) ]; 0x0a01 -> bowoflag: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) + 1 ];
0x0c03 -> bocmd_PM: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) ]; 0x0c03 -> bocmd_PM: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ ( object_header.number_of_item / 8 ) + 1 ];
default -> ojbects: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item]; default -> ojbects: Response_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
}; };
}; };

2
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/coverage
View file

@ -1 +1 @@
6 of 51 events triggered by trace 7 of 51 events triggered by trace

1407
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/output
View file

File diff suppressed because it is too large Load diff

2
testing/btest/Baseline/scripts.base.protocols.dnp3.events/coverage
View file

@ -1 +1 @@
9 of 51 events triggered by trace 11 of 51 events triggered by trace

4
testing/btest/Baseline/scripts.base.protocols.dnp3.events/dnp3.log
View file

@ -3,7 +3,7 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path dnp3 #path dnp3
#open 2013-08-12-18-24-03 #open 2013-08-23-23-05-27
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count #types time string addr port addr port string string count
1097501938.504844 UWkUyAuUGXf 10.0.0.8 2789 10.0.0.3 20000 - UNSOLICITED_RESPONSE 4096 1097501938.504844 UWkUyAuUGXf 10.0.0.8 2789 10.0.0.3 20000 - UNSOLICITED_RESPONSE 4096
@ -72,4 +72,4 @@
1178206045.032815 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6 1178206045.032815 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
1178206045.557097 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6 1178206045.557097 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
1178206046.086403 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6 1178206046.086403 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
#close 2013-08-12-18-24-03 #close 2013-08-23-23-05-27

92
testing/btest/Baseline/scripts.base.protocols.dnp3.events/output
View file

@ -335,11 +335,50 @@ dnp3_object_header, T, 15361, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 78, 68, 3, 4 dnp3_header_block, F, 25605, 78, 68, 3, 4
dnp3_application_response_header, F, 129, 0 dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 257, 0, 6, 0, 5 dnp3_object_header, F, 257, 0, 6, 0, 5
dnp3_object_header, F, 522, 2, 4294705410, 17104896, 16843009
dnp3_object_header, F, 276, 5, 0, 0, 21
dnp3_object_header, F, 2304, 0, 1, 0, 0
dnp3_object_prefix, F, 0 dnp3_object_prefix, F, 0
dnp3_debug_byte, F, \0\0\0\x1e^C\0\0^F\xc5\0\0\0\xc7\0\0\0\xc8\0\0\0^A\0\0\0%\x1c\0\0^N\x1c\0\0^P\x1c\0\0 dnp3_response_data_object, F, 2
dnp3_object_header, F, 2562, 0, 6, 0, 5
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_header, F, 5125, 0, 1, 0, 0
dnp3_object_prefix, F, 0
dnp3_counter_32woFlag, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 5385, 0, 1, 0, 0
dnp3_object_prefix, F, 0
dnp3_frozen_counter_32woFlag, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 7683, 0, 7, 0, 6
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 197
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 199
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 200
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 7205
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 7182
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 7184
dnp3_response_data_object, F, 255 dnp3_response_data_object, F, 255
dnp3_header_block, F, 25605, 10, 68, 6, 4 dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0 dnp3_application_response_header, F, 130, 0
@ -427,9 +466,50 @@ dnp3_object_header, T, 15361, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 78, 68, 3, 4 dnp3_header_block, F, 25605, 78, 68, 3, 4
dnp3_application_response_header, F, 129, 0 dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 257, 0, 6, 0, 5 dnp3_object_header, F, 257, 0, 6, 0, 5
dnp3_object_header, F, 6410, 2, 2155643138, 2164588544, 25264385
dnp3_object_prefix, F, 0 dnp3_object_prefix, F, 0
dnp3_debug_byte, F, ^A^T^E\0\0\0 \0\0\0^U^I\0\0\0\0\0\0\0\x1e^C\0\0^F\xca\0\0\0\xcb\0\0\0\xc9\0\0\0\xff\xff\xff\xfff!\0\0Y!\0\0K!\0\0 dnp3_response_data_object, F, 25
dnp3_object_header, F, 2562, 0, 6, 0, 5
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 129
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 129
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 129
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_header, F, 5125, 0, 1, 0, 0
dnp3_object_prefix, F, 0
dnp3_counter_32woFlag, F, 32
dnp3_response_data_object, F, 255
dnp3_object_header, F, 5385, 0, 1, 0, 0
dnp3_object_prefix, F, 0
dnp3_frozen_counter_32woFlag, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 7683, 0, 7, 0, 6
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 202
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 203
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 201
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 18446744073709551615
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 8550
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 8537
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 8523
dnp3_response_data_object, F, 255 dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3 dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 14 dnp3_application_request_header, T, 14

2
testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro
View file

@ -1,5 +1,5 @@
# #
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.bro >output # @TEST-EXEC: bro -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total