Merge remote-tracking branch 'origin/topic/dina/modbus' into topic/robin/modbus-merge

* origin/topic/dina/modbus:
  put some make-up on Modbus analyser
  Modbus analyser, added support: FC=20,21
  Modbus analyzer,added support: FC=1,2,15,24
  Modbus analyzer, current support: FC=3,4,5,6,7,16,22,23

I cleaned up the code a bit, mainly layout style.

I did not include the *.bro scripts for now, but a test script
../testing/btest/scripts/base/protocols/modbus/events.bro that prints
out the value for each event.

Merged the Modbus traces from the ics repository into a single trace
as input for the test. They currently trigger 20 of the 34 events.

Addresses #870.

scripts/base/init-bare.bro

@@ -53,6 +53,14 @@ type string_vec: vector of string;
 ##    then remove this alias.
 type addr_vec: vector of addr;
 
+
+## A vector of integers.
+##
+## .. todo:: We need this type definition only for declaring builtin functions via
+##    ``bifcl``. We should extend ``bifcl`` to understand composite types directly and
+##    then remove this alias.
+type int_vec:vector of int;
+
 ## A table of strings indexed by strings.
 ##
 ## .. todo:: We need this type definition only for declaring builtin functions via

scripts/base/init-default.bro

@@ -36,6 +36,7 @@
 @load base/protocols/ftp
 @load base/protocols/http
 @load base/protocols/irc
+@load base/protocols/modbus
 @load base/protocols/smtp
 @load base/protocols/socks
 @load base/protocols/ssh

scripts/base/protocols/modbus/__load__.bro

@@ -0,0 +1 @@
+@load ./main

scripts/base/protocols/modbus/main.bro

@@ -0,0 +1,12 @@
+##! Base Modbus analysis script. For now it does not do anything else than
+##! activating the analyzer for connections on Modbus port 502/tcp.  
+
+module Modbus;
+
+export {
+}
+
+# Configure DPD and the packet filter.
+redef capture_filters += { ["modbus"] = "tcp port 502" };
+redef dpd_config += { [ANALYZER_MODBUS] = [$ports = set(502/tcp)] };
+redef likely_server_ports += { 502/tcp };