Fix some things in DNP3 UDP analyzer.

- DeliverPacket override had a wrong parameter.
- Change the DNP3 plugin to provide both UDP and TCP analyzer versions.
- Add a DPD signature.

scripts/base/protocols/dnp3/dpd.sig

@@ -7,3 +7,9 @@ signature dpd_dnp3_server {
 	tcp-state responder
  	enable "dnp3"
 }
+
+signature dpd_dnp3_server_udp {
+	ip-proto == udp
+	payload /\x05\x64/
+	enable "dnp3_udp"
+}

src/analyzer/protocol/dnp3/DNP3.cc

@@ -109,13 +109,12 @@ const unsigned int PSEUDO_APP_LAYER_INDEX = 11;		// index of first DNP3 app-laye
 const unsigned int PSEUDO_TRANSPORT_LEN = 1;		// length of DNP3 Transport Layer
 const unsigned int PSEUDO_LINK_LAYER_LEN = 8;		// length of DNP3 Pseudo Link Layer
 
-//bool DNP3_Analyzer::crc_table_initialized = false;
-//unsigned int DNP3_Analyzer::crc_table[256];
+bool DNP3_Analyzer::crc_table_initialized = false;
+unsigned int DNP3_Analyzer::crc_table[256];
 
 bool DNP3_UDP_Analyzer::crc_table_initialized = false;
 unsigned int DNP3_UDP_Analyzer::crc_table[256];
 
-/*
 DNP3_Analyzer::DNP3_Analyzer(Connection* c) : TCP_ApplicationAnalyzer("DNP3", c)
 	{
 	interp = new binpac::DNP3::DNP3_Conn(this);
@@ -378,11 +377,10 @@ unsigned int DNP3_Analyzer::CalcCRC(int len, const u_char* data)
 
 	return ~crc & 0xFFFF;
 	}
-*/
 
 // ?? For DNP3 over UDP analyzer. most of the codes are copied and pasted. Better way to reuse the code?
 
-DNP3_UDP_Analyzer::DNP3_UDP_Analyzer(Connection* c) : Analyzer("DNP3", c)
+DNP3_UDP_Analyzer::DNP3_UDP_Analyzer(Connection* c) : Analyzer("DNP3_UDP", c)
 	{
 
 	printf("enter DNP3_UDP_Analyzer\n");
@@ -405,7 +403,7 @@ void DNP3_UDP_Analyzer::Done()
 	Analyzer::Done();
 	}
 
-void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, int seq, const IP_Hdr* ip, int caplen)
+void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64 seq, const IP_Hdr* ip, int caplen)
 	{
 	printf("enter DNP3_UDP_Analyzer DeliverPacket\n");
 	Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

src/analyzer/protocol/dnp3/DNP3.h

@@ -2,13 +2,13 @@
 #ifndef ANALYZER_PROTOCOL_DNP3_DNP3_H
 #define ANALYZER_PROTOCOL_DNP3_DNP3_H
 
-//#include "analyzer/protocol/tcp/TCP.h"
+#include "analyzer/protocol/tcp/TCP.h"
 #include "analyzer/protocol/udp/UDP.h"
 
 #include "dnp3_pac.h"
 
 namespace analyzer { namespace dnp3 {
-/*
+
 class DNP3_Analyzer : public tcp::TCP_ApplicationAnalyzer {
 public:
 	DNP3_Analyzer(Connection* conn);
@@ -52,7 +52,7 @@ private:
 	static bool crc_table_initialized;
 	static unsigned int crc_table[256];
 };
-*/
+
 
 class DNP3_UDP_Analyzer : public analyzer::Analyzer {
 public:
@@ -61,7 +61,7 @@ public:
 
 	virtual void Done();
 	virtual void DeliverPacket(int len, const u_char* data, bool orig,
-                    int seq, const IP_Hdr* ip, int caplen);
+                    uint64 seq, const IP_Hdr* ip, int caplen);
 	//virtual void Undelivered(uint64 seq, int len, bool orig);
 	//virtual void EndpointEOF(bool is_orig);
 

src/analyzer/protocol/dnp3/Plugin.cc

@@ -12,13 +12,12 @@ class Plugin : public plugin::Plugin {
 public:
 	plugin::Configuration Configure()
 		{
-		//AddComponent(new ::analyzer::Component("DNP3", ::analyzer::dnp3::DNP3_Analyzer::Instantiate));
-		AddComponent(new ::analyzer::Component("DNP3", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate));
+		AddComponent(new ::analyzer::Component("DNP3", ::analyzer::dnp3::DNP3_Analyzer::Instantiate));
+		AddComponent(new ::analyzer::Component("DNP3_UDP", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate));
 
 		plugin::Configuration config;
 		config.name = "Bro::DNP3";
-		//config.description = "DNP3 analyzer";
-		config.description = "DNP3 UDP analyzer";
+		config.description = "DNP3 UDP/TCP analyzers";
 		return config;
 		}
 } plugin;