Merge remote-tracking branch 'origin/topic/dina/modbus' into topic/robin/modbus-merge

* origin/topic/dina/modbus: put some make-up on Modbus analyser Modbus analyser, added support: FC=20,21 Modbus analyzer,added support: FC=1,2,15,24 Modbus analyzer, current support: FC=3,4,5,6,7,16,22,23 I cleaned up the code a bit, mainly layout style. I did not include the *.bro scripts for now, but a test script ../testing/btest/scripts/base/protocols/modbus/events.bro that prints out the value for each event. Merged the Modbus traces from the ics repository into a single trace as input for the test. They currently trigger 20 of the 34 events. Addresses #870.
2025-10-10 18:48:20 +00:00 · 2012-08-28 21:18:37 -07:00 · 2012-08-28 21:18:37 -07:00 · cbb31cedc3
commit cbb31cedc3
parent 20c71cac51 fb0d93de1e
17 changed files with 81106 additions and 1 deletions
--- a/src/Modbus.cc
+++ b/src/Modbus.cc
@ -0,0 +1,41 @@
+
+#include "Modbus.h"
+#include "TCP_Reassembler.h"
+
+ModbusTCP_Analyzer::ModbusTCP_Analyzer(Connection* c)
+	: TCP_ApplicationAnalyzer(AnalyzerTag::Modbus, c)
+	{
+	interp = new binpac::ModbusTCP::ModbusTCP_Conn(this);
+	}
+
+ModbusTCP_Analyzer::~ModbusTCP_Analyzer()
+	{
+	delete interp;
+	}
+
+void ModbusTCP_Analyzer::Done()
+	{
+	TCP_ApplicationAnalyzer::Done();
+
+	interp->FlowEOF(true);
+	interp->FlowEOF(false);
+	}
+
+void ModbusTCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
+	interp->NewData(orig, data, data + len);
+	}
+
+void ModbusTCP_Analyzer::Undelivered(int seq, int len, bool orig)
+	{
+	TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	interp->NewGap(orig, len);
+	}
+
+void ModbusTCP_Analyzer::EndpointEOF(TCP_Reassembler* endp)
+	{
+	TCP_ApplicationAnalyzer::EndpointEOF(endp);
+	interp->FlowEOF(endp->IsOrig());
+	}
+