diff --git a/scripts/base/protocols/dnp3/dpd.sig b/scripts/base/protocols/dnp3/dpd.sig index c482661a43..24fa740626 100644 --- a/scripts/base/protocols/dnp3/dpd.sig +++ b/scripts/base/protocols/dnp3/dpd.sig @@ -7,3 +7,9 @@ signature dpd_dnp3_server { tcp-state responder enable "dnp3" } + +signature dpd_dnp3_server_udp { + ip-proto == udp + payload /\x05\x64/ + enable "dnp3_udp" +} diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc index f07e999ad0..b6b4a5ea3d 100644 --- a/src/analyzer/protocol/dnp3/DNP3.cc +++ b/src/analyzer/protocol/dnp3/DNP3.cc @@ -109,13 +109,12 @@ const unsigned int PSEUDO_APP_LAYER_INDEX = 11; // index of first DNP3 app-laye const unsigned int PSEUDO_TRANSPORT_LEN = 1; // length of DNP3 Transport Layer const unsigned int PSEUDO_LINK_LAYER_LEN = 8; // length of DNP3 Pseudo Link Layer -//bool DNP3_Analyzer::crc_table_initialized = false; -//unsigned int DNP3_Analyzer::crc_table[256]; +bool DNP3_Analyzer::crc_table_initialized = false; +unsigned int DNP3_Analyzer::crc_table[256]; bool DNP3_UDP_Analyzer::crc_table_initialized = false; unsigned int DNP3_UDP_Analyzer::crc_table[256]; -/* DNP3_Analyzer::DNP3_Analyzer(Connection* c) : TCP_ApplicationAnalyzer("DNP3", c) { interp = new binpac::DNP3::DNP3_Conn(this); @@ -378,11 +377,10 @@ unsigned int DNP3_Analyzer::CalcCRC(int len, const u_char* data) return ~crc & 0xFFFF; } -*/ // ?? For DNP3 over UDP analyzer. most of the codes are copied and pasted. Better way to reuse the code? -DNP3_UDP_Analyzer::DNP3_UDP_Analyzer(Connection* c) : Analyzer("DNP3", c) +DNP3_UDP_Analyzer::DNP3_UDP_Analyzer(Connection* c) : Analyzer("DNP3_UDP", c) { printf("enter DNP3_UDP_Analyzer\n"); @@ -405,7 +403,7 @@ void DNP3_UDP_Analyzer::Done() Analyzer::Done(); } -void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, int seq, const IP_Hdr* ip, int caplen) +void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64 seq, const IP_Hdr* ip, int caplen) { printf("enter DNP3_UDP_Analyzer DeliverPacket\n"); Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/dnp3/DNP3.h b/src/analyzer/protocol/dnp3/DNP3.h index fcb1758ddb..0cc7fc9c85 100644 --- a/src/analyzer/protocol/dnp3/DNP3.h +++ b/src/analyzer/protocol/dnp3/DNP3.h @@ -2,13 +2,13 @@ #ifndef ANALYZER_PROTOCOL_DNP3_DNP3_H #define ANALYZER_PROTOCOL_DNP3_DNP3_H -//#include "analyzer/protocol/tcp/TCP.h" +#include "analyzer/protocol/tcp/TCP.h" #include "analyzer/protocol/udp/UDP.h" #include "dnp3_pac.h" namespace analyzer { namespace dnp3 { -/* + class DNP3_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: DNP3_Analyzer(Connection* conn); @@ -52,7 +52,7 @@ private: static bool crc_table_initialized; static unsigned int crc_table[256]; }; -*/ + class DNP3_UDP_Analyzer : public analyzer::Analyzer { public: @@ -61,7 +61,7 @@ public: virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, - int seq, const IP_Hdr* ip, int caplen); + uint64 seq, const IP_Hdr* ip, int caplen); //virtual void Undelivered(uint64 seq, int len, bool orig); //virtual void EndpointEOF(bool is_orig); diff --git a/src/analyzer/protocol/dnp3/Plugin.cc b/src/analyzer/protocol/dnp3/Plugin.cc index 0ebc49355a..c2462b7af7 100644 --- a/src/analyzer/protocol/dnp3/Plugin.cc +++ b/src/analyzer/protocol/dnp3/Plugin.cc @@ -12,13 +12,12 @@ class Plugin : public plugin::Plugin { public: plugin::Configuration Configure() { - //AddComponent(new ::analyzer::Component("DNP3", ::analyzer::dnp3::DNP3_Analyzer::Instantiate)); - AddComponent(new ::analyzer::Component("DNP3", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate)); + AddComponent(new ::analyzer::Component("DNP3", ::analyzer::dnp3::DNP3_Analyzer::Instantiate)); + AddComponent(new ::analyzer::Component("DNP3_UDP", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate)); plugin::Configuration config; config.name = "Bro::DNP3"; - //config.description = "DNP3 analyzer"; - config.description = "DNP3 UDP analyzer"; + config.description = "DNP3 UDP/TCP analyzers"; return config; } } plugin;