mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Revert "Merge remote-tracking branch 'origin/topic/timw/3184-modbus-extensions'"
This reverts commit30b2afe2ad, reversing changes made tobacc0dcae3.
This commit is contained in:
Tim Wojtulewicz
parent
b7a082b145
commit
e3a34e44b5
21 changed files with 90911 additions and 91239 deletions
10
CHANGES
10
CHANGES
|
|
@ -1,13 +1,3 @@
|
|||
6.1.0-dev.277 | 2023-08-07 14:34:32 -0700
|
||||
|
||||
* Pass parsed file record information with ReadFile/WriteFile events (Tim Wojtulewicz, Corelight)
|
||||
|
||||
* Add length field from header to ModbusHeaders record type (Tim Wojtulewicz, Corelight)
|
||||
|
||||
* Modbus: Add support for Encapsulation Interface Transport (FC=2B) requests and responses (Tim Wojtulewicz, Corelight)
|
||||
|
||||
* Modbus: Add support for Diagnostics (FC=8) requests and responses (Tim Wojtulewicz, Corelight)
|
||||
|
||||
6.1.0-dev.272 | 2023-08-07 09:41:34 -0700
|
||||
|
||||
* Change VERSION variable in CMake config to ZEEK_VERSION_FULL (Tim Wojtulewicz, Corelight)
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
6.1.0-dev.277
|
||||
6.1.0-dev.272
|
||||
|
|
|
|||
|
|
@ -4436,39 +4436,8 @@ type ModbusHeaders: record {
|
|||
uid: count;
|
||||
## MODBUS function code
|
||||
function_code: count;
|
||||
## Length of the application PDU following the header plus
|
||||
## one byte for the uid field.
|
||||
len: count;
|
||||
};
|
||||
|
||||
type ModbusFileRecordRequest: record {
|
||||
ref_type: count;
|
||||
file_num: count;
|
||||
record_num: count;
|
||||
record_len: count;
|
||||
};
|
||||
|
||||
type ModbusFileRecordRequests: vector of ModbusFileRecordRequest;
|
||||
|
||||
type ModbusFileRecordResponse: record {
|
||||
file_len: count;
|
||||
ref_type: count;
|
||||
record_data: string;
|
||||
};
|
||||
|
||||
type ModbusFileRecordResponses: vector of ModbusFileRecordResponse;
|
||||
|
||||
type ModbusFileReference: record {
|
||||
ref_type: count;
|
||||
file_num: count;
|
||||
record_num: count;
|
||||
record_length: count;
|
||||
record_data: string;
|
||||
};
|
||||
|
||||
type ModbusFileReferences: vector of ModbusFileReference;
|
||||
|
||||
|
||||
module SSL;
|
||||
export {
|
||||
type SignatureAndHashAlgorithm: record {
|
||||
|
|
|
|||
|
|
@ -79,3 +79,4 @@ event modbus_exception(c: connection, headers: ModbusHeaders, code: count) &prio
|
|||
Log::write(LOG, c$modbus);
|
||||
delete c$modbus$exception;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -191,11 +191,9 @@ event modbus_write_multiple_registers_response%(c: connection, headers: ModbusHe
|
|||
##
|
||||
## headers: The headers for the modbus function.
|
||||
##
|
||||
## byte_count: The full byte count for all of the reference records that follow.
|
||||
##
|
||||
## refs: A vector of reference records.
|
||||
event modbus_read_file_record_request%(c: connection, headers: ModbusHeaders, byte_count: count, refs: ModbusFileRecordRequests%);
|
||||
event modbus_read_file_record_request%(c: connection, headers: ModbusHeaders%) &deprecated="Remove in v7.1. Use the version that takes a byte_count and vector of references";
|
||||
## .. note: This event is incomplete. The information from the data structure
|
||||
## is not yet passed through to the event.
|
||||
event modbus_read_file_record_request%(c: connection, headers: ModbusHeaders%);
|
||||
|
||||
## Generated for a Modbus read file record response.
|
||||
##
|
||||
|
|
@ -203,11 +201,9 @@ event modbus_read_file_record_request%(c: connection, headers: ModbusHeaders%) &
|
|||
##
|
||||
## headers: The headers for the modbus function.
|
||||
##
|
||||
## byte_count: The full byte count for all of the reference records that follow.
|
||||
##
|
||||
## refs: A vector of reference records.
|
||||
event modbus_read_file_record_response%(c: connection, headers: ModbusHeaders, byte_count: count, refs: ModbusFileRecordResponses%);
|
||||
event modbus_read_file_record_response%(c: connection, headers: ModbusHeaders%) &deprecated="Remove in v7.1. Use the version that takes a byte_count and vector of references";
|
||||
## .. note: This event is incomplete. The information from the data structure
|
||||
## is not yet passed through to the event.
|
||||
event modbus_read_file_record_response%(c: connection, headers: ModbusHeaders%);
|
||||
|
||||
## Generated for a Modbus write file record request.
|
||||
##
|
||||
|
|
@ -215,11 +211,9 @@ event modbus_read_file_record_response%(c: connection, headers: ModbusHeaders%)
|
|||
##
|
||||
## headers: The headers for the modbus function.
|
||||
##
|
||||
## byte_count: The full byte count for all of the reference records that follow.
|
||||
##
|
||||
## refs: A vector of reference records.
|
||||
event modbus_write_file_record_request%(c: connection, headers: ModbusHeaders, byte_count: count, refs: ModbusFileReferences%);
|
||||
event modbus_write_file_record_request%(c: connection, headers: ModbusHeaders%) &deprecated="Remove in v7.1. Use the version that takes a byte_count and vector of references";
|
||||
## .. note: This event is incomplete. The information from the data structure
|
||||
## is not yet passed through to the event.
|
||||
event modbus_write_file_record_request%(c: connection, headers: ModbusHeaders%);
|
||||
|
||||
## Generated for a Modbus write file record response.
|
||||
##
|
||||
|
|
@ -227,11 +221,9 @@ event modbus_write_file_record_request%(c: connection, headers: ModbusHeaders%)
|
|||
##
|
||||
## headers: The headers for the modbus function.
|
||||
##
|
||||
## byte_count: The full byte count for all of the reference records that follow.
|
||||
##
|
||||
## refs: A vector of reference records.
|
||||
event modbus_write_file_record_response%(c: connection, headers: ModbusHeaders, byte_count: count, refs: ModbusFileReferences%);
|
||||
event modbus_write_file_record_response%(c: connection, headers: ModbusHeaders%) &deprecated="Remove in v7.1. Use the version that takes a byte_count and vector of references";
|
||||
## .. note: This event is incomplete. The information from the data structure
|
||||
## is not yet passed through to the event.
|
||||
event modbus_write_file_record_response%(c: connection, headers: ModbusHeaders%);
|
||||
|
||||
## Generated for a Modbus mask write register request.
|
||||
##
|
||||
|
|
@ -302,46 +294,3 @@ event modbus_read_fifo_queue_request%(c: connection, headers: ModbusHeaders, sta
|
|||
## fifos: The register values read from the FIFO queue on the device.
|
||||
event modbus_read_fifo_queue_response%(c: connection, headers: ModbusHeaders, fifos: ModbusRegisters%);
|
||||
|
||||
## Generated for a Modbus Diagnostics request.
|
||||
##
|
||||
## c: The connection.
|
||||
##
|
||||
## headers: The headers for the modbus function.
|
||||
##
|
||||
## subfunction: The subfunction for the diagnostics request.
|
||||
##
|
||||
## data: The data passed in the diagnostics request.
|
||||
event modbus_diagnostics_request%(c: connection, headers: ModbusHeaders, subfunction: count, data: string%);
|
||||
|
||||
## Generated for a Modbus Diagnostics response.
|
||||
##
|
||||
## c: The connection.
|
||||
##
|
||||
## headers: The headers for the modbus function.
|
||||
##
|
||||
## subfunction: The subfunction for the diagnostics response.
|
||||
##
|
||||
## data: The data passed in the diagnostics response.
|
||||
event modbus_diagnostics_response%(c: connection, headers: ModbusHeaders, subfunction: count, data: string%);
|
||||
|
||||
## Generated for a Modbus Encapsulated Interface Transport request.
|
||||
##
|
||||
## c: The connection.
|
||||
##
|
||||
## headers: The headers for the modbus function.
|
||||
##
|
||||
## mei_type: The MEI type for the request.
|
||||
##
|
||||
## data: The MEI type specific data passed in the request.
|
||||
event modbus_encap_interface_transport_request%(c: connection, headers: ModbusHeaders, mei_type: count, data: string%);
|
||||
|
||||
## Generated for a Modbus Encapsulated Interface Transport response.
|
||||
##
|
||||
## c: The connection.
|
||||
##
|
||||
## headers: The headers for the modbus function.
|
||||
##
|
||||
## mei_type: The MEI type for the response.
|
||||
##
|
||||
## data: The MEI type specific data passed in the response.
|
||||
event modbus_encap_interface_transport_response%(c: connection, headers: ModbusHeaders, mei_type: count, data: string%);
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@
|
|||
modbus_header->Assign(1, header->pid());
|
||||
modbus_header->Assign(2, header->uid());
|
||||
modbus_header->Assign(3, header->fc());
|
||||
modbus_header->Assign(4, header->len());
|
||||
return modbus_header;
|
||||
}
|
||||
|
||||
|
|
@ -356,97 +355,6 @@ refine flow ModbusTCP_Flow += {
|
|||
%}
|
||||
|
||||
|
||||
# REQUEST FC=8
|
||||
function deliver_DiagnosticsRequest(header: ModbusTCP_TransportHeader, message: DiagnosticsRequest): bool
|
||||
%{
|
||||
if ( ::modbus_diagnostics_request )
|
||||
{
|
||||
auto data = to_stringval(${message.data});
|
||||
|
||||
// Data should always be a multiple of two bytes. For everything except
|
||||
// "Return Query Data (0x00)" it should be two bytes long.
|
||||
if ( data->Len() < 2 || data->Len() % 2 != 0 ||
|
||||
(${message.subfunction} != DIAGNOSTICS_RETURN_QUERY_DATA && data->Len() != 2) )
|
||||
{
|
||||
zeek::reporter->Weird("modbus_diag_invalid_request_data",
|
||||
zeek::util::fmt("%s", data->CheckString()));
|
||||
return false;
|
||||
}
|
||||
|
||||
switch (${message.subfunction})
|
||||
{
|
||||
case DIAGNOSTICS_RESTART_COMMUNICATIONS_OPTION:
|
||||
// For "Restart Communications Option" it's either 0x0000 or 0xFF00.
|
||||
if ( ( data->Bytes()[0] != 0x00 && data->Bytes()[0] != 0xFF ) ||
|
||||
data->Bytes()[1] != 0x00 )
|
||||
{
|
||||
zeek::reporter->Weird("modbus_diag_invalid_request_data",
|
||||
zeek::util::fmt("%s", data->CheckString()));
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
case DIAGNOSTICS_RETURN_DIAGNOSTIC_REGISTER:
|
||||
case DIAGNOSTICS_FORCE_LISTEN_ONLY_MODE:
|
||||
case DIAGNOSTICS_CLEAR_COUNTERS_AND_DIAGNOSTIC_REGISTER:
|
||||
case DIAGNOSTICS_RETURN_BUS_MESSAGE_COUNT:
|
||||
case DIAGNOSTICS_RETURN_BUS_COMMUNICATION_ERROR_COUNT:
|
||||
case DIAGNOSTICS_RETURN_BUS_EXCEPTION_ERROR_COUNT:
|
||||
case DIAGNOSTICS_RETURN_SERVER_MESSAGE_COUNT:
|
||||
case DIAGNOSTICS_RETURN_SERVER_NO_RESPONSE_COUNT:
|
||||
case DIAGNOSTICS_RETURN_SERVER_NAK_COUNT:
|
||||
case DIAGNOSTICS_RETURN_SERVER_BUSY_COUNT:
|
||||
case DIAGNOSTICS_RETURN_BUS_CHARACTER_OVERRUN_COUNT:
|
||||
case DIAGNOSTICS_CLEAR_OVERRUN_COUNTER_AND_FLAG:
|
||||
// For all of these subfunctions, the data should be 0x0000.
|
||||
if ( data->Bytes()[0] != 0x00 || data->Bytes()[1] != 0x00 )
|
||||
{
|
||||
zeek::reporter->Weird("modbus_diag_invalid_request_data",
|
||||
zeek::util::fmt("%s", data->CheckString()));
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
|
||||
case DIAGNOSTICS_CHANGE_ASCII_INPUT_DELIMITER:
|
||||
// For "Change ASCII Input Delimiter", it should be an ascii character
|
||||
// followed by a zero.
|
||||
if ( ! isascii(data->Bytes()[0]) || data->Bytes()[1] != 0x00 )
|
||||
{
|
||||
zeek::reporter->Weird("modbus_diag_invalid_request_data",
|
||||
zeek::util::fmt("%s", data->CheckString()));
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
zeek::reporter->Weird("modbus_diag_unknown_request_subfunction",
|
||||
zeek::util::fmt("%d", ${message.subfunction}));
|
||||
return false;
|
||||
}
|
||||
|
||||
zeek::BifEvent::enqueue_modbus_diagnostics_request(connection()->zeek_analyzer(),
|
||||
connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header),
|
||||
${message.subfunction}, to_stringval(${message.data}));
|
||||
}
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
||||
# RESPONSE FC=8
|
||||
function deliver_DiagnosticsResponse(header: ModbusTCP_TransportHeader, message: DiagnosticsResponse): bool
|
||||
%{
|
||||
if ( ::modbus_diagnostics_response )
|
||||
{
|
||||
zeek::BifEvent::enqueue_modbus_diagnostics_response(connection()->zeek_analyzer(),
|
||||
connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header),
|
||||
${message.subfunction}, to_stringval(${message.data}));
|
||||
}
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
||||
|
||||
# REQUEST FC=15
|
||||
function deliver_WriteMultipleCoilsRequest(header: ModbusTCP_TransportHeader, message: WriteMultipleCoilsRequest): bool
|
||||
%{
|
||||
|
|
@ -525,23 +433,23 @@ refine flow ModbusTCP_Flow += {
|
|||
%{
|
||||
if ( ::modbus_read_file_record_request )
|
||||
{
|
||||
auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileRecordRequests);
|
||||
|
||||
for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
|
||||
{
|
||||
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileRecordRequest);
|
||||
|
||||
r->Assign(0, zeek::val_mgr->Count(${message.references[i].ref_type}));
|
||||
r->Assign(1, zeek::val_mgr->Count(${message.references[i].file_num}));
|
||||
r->Assign(2, zeek::val_mgr->Count(${message.references[i].record_num}));
|
||||
r->Assign(3, zeek::val_mgr->Count(${message.references[i].record_len}));
|
||||
|
||||
vect->Append(r);
|
||||
}
|
||||
//TODO: this need to be a vector of some Reference Request record type
|
||||
//auto t = create_vector_of_count();
|
||||
//for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
|
||||
// {
|
||||
// auto r = zeek::val_mgr->Count((${message.references[i].ref_type}));
|
||||
// t->Assign(i, r);
|
||||
//
|
||||
// auto k = zeek::val_mgr->Count((${message.references[i].file_num}));
|
||||
// t->Assign(i, k);
|
||||
//
|
||||
// auto l = zeek::val_mgr->Count((${message.references[i].record_num}));
|
||||
// t->Assign(i, l);
|
||||
// }
|
||||
|
||||
zeek::BifEvent::enqueue_modbus_read_file_record_request(connection()->zeek_analyzer(),
|
||||
connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header), ${message.byte_count}, vect);
|
||||
connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header));
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
@ -552,22 +460,17 @@ refine flow ModbusTCP_Flow += {
|
|||
%{
|
||||
if ( ::modbus_read_file_record_response )
|
||||
{
|
||||
auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileRecordResponses);
|
||||
|
||||
for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
|
||||
{
|
||||
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileRecordResponse);
|
||||
|
||||
r->Assign(0, zeek::val_mgr->Count(${message.references[i].file_len}));
|
||||
r->Assign(1, zeek::val_mgr->Count(${message.references[i].ref_type}));
|
||||
r->Assign(2, to_stringval(${message.references[i].record_data}));
|
||||
|
||||
vect->Append(r);
|
||||
}
|
||||
//auto t = create_vector_of_count();
|
||||
//for ( unsigned int i = 0; i < ${message.references}->size(); ++i )
|
||||
// {
|
||||
// //TODO: work the reference type in here somewhere
|
||||
// auto r = zeek::val_mgr->Count(${message.references[i].record_data}));
|
||||
// t->Assign(i, r);
|
||||
// }
|
||||
|
||||
zeek::BifEvent::enqueue_modbus_read_file_record_response(connection()->zeek_analyzer(),
|
||||
connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header), ${message.byte_count}, vect);
|
||||
HeaderToVal(header));
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
@ -578,50 +481,60 @@ refine flow ModbusTCP_Flow += {
|
|||
%{
|
||||
if ( ::modbus_write_file_record_request )
|
||||
{
|
||||
auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileReferences);
|
||||
|
||||
for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
|
||||
{
|
||||
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileReference);
|
||||
r->Assign(0, zeek::val_mgr->Count(${message.references[i].ref_type}));
|
||||
r->Assign(1, zeek::val_mgr->Count(${message.references[i].file_num}));
|
||||
r->Assign(2, zeek::val_mgr->Count(${message.references[i].record_num}));
|
||||
r->Assign(3, zeek::val_mgr->Count(${message.references[i].record_length}));
|
||||
r->Assign(4, to_stringval(${message.references[i].record_data}));
|
||||
|
||||
vect->Append(r);
|
||||
}
|
||||
//auto t = create_vector_of_count();
|
||||
//for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
|
||||
// {
|
||||
// auto r = zeek::val_mgr->Count((${message.references[i].ref_type}));
|
||||
// t->Assign(i, r);
|
||||
//
|
||||
// auto k = zeek::val_mgr->Count((${message.references[i].file_num}));
|
||||
// t->Assign(i, k);
|
||||
//
|
||||
// auto n = zeek::val_mgr->Count((${message.references[i].record_num}));
|
||||
// t->Assign(i, n);
|
||||
//
|
||||
// for ( unsigned int j = 0; j < (${message.references[i].register_value}->size()); ++j )
|
||||
// {
|
||||
// k = zeek::val_mgr->Count((${message.references[i].register_value[j]}));
|
||||
// t->Assign(i, k);
|
||||
// }
|
||||
// }
|
||||
|
||||
zeek::BifEvent::enqueue_modbus_write_file_record_request(connection()->zeek_analyzer(),
|
||||
connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header), ${message.byte_count}, vect);
|
||||
HeaderToVal(header));
|
||||
}
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
||||
|
||||
# RESPONSE FC=21
|
||||
function deliver_WriteFileRecordResponse(header: ModbusTCP_TransportHeader, message: WriteFileRecordResponse): bool
|
||||
%{
|
||||
if ( ::modbus_write_file_record_response )
|
||||
{
|
||||
auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileReferences);
|
||||
|
||||
for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
|
||||
{
|
||||
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileReference);
|
||||
r->Assign(0, zeek::val_mgr->Count(${message.references[i].ref_type}));
|
||||
r->Assign(1, zeek::val_mgr->Count(${message.references[i].file_num}));
|
||||
r->Assign(2, zeek::val_mgr->Count(${message.references[i].record_num}));
|
||||
r->Assign(3, zeek::val_mgr->Count(${message.references[i].record_length}));
|
||||
r->Assign(4, to_stringval(${message.references[i].record_data}));
|
||||
|
||||
vect->Append(r);
|
||||
}
|
||||
//auto t = create_vector_of_count();
|
||||
//for ( unsigned int i = 0; i < (${messages.references}->size()); ++i )
|
||||
// {
|
||||
// auto r = zeek::val_mgr->Count((${message.references[i].ref_type}));
|
||||
// t->Assign(i, r);
|
||||
//
|
||||
// auto f = zeek::val_mgr->Count((${message.references[i].file_num}));
|
||||
// t->Assign(i, f);
|
||||
//
|
||||
// auto rn = zeek::val_mgr->Count((${message.references[i].record_num}));
|
||||
// t->Assign(i, rn);
|
||||
//
|
||||
// for ( unsigned int j = 0; j<(${message.references[i].register_value}->size()); ++j )
|
||||
// {
|
||||
// auto k = zeek::val_mgr->Count((${message.references[i].register_value[j]}));
|
||||
// t->Assign(i, k);
|
||||
// }
|
||||
|
||||
zeek::BifEvent::enqueue_modbus_write_file_record_response(connection()->zeek_analyzer(),
|
||||
connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header), ${message.byte_count}, vect);
|
||||
HeaderToVal(header));
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
@ -761,31 +674,4 @@ refine flow ModbusTCP_Flow += {
|
|||
|
||||
return true;
|
||||
%}
|
||||
|
||||
# REQUEST FC=2B
|
||||
function deliver_EncapInterfaceTransportRequest(header: ModbusTCP_TransportHeader, message: EncapInterfaceTransportRequest): bool
|
||||
%{
|
||||
if ( ::modbus_encap_interface_transport_request )
|
||||
{
|
||||
zeek::BifEvent::enqueue_modbus_encap_interface_transport_request(
|
||||
connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header), ${message.mei_type}, to_stringval(${message.data}));
|
||||
}
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
||||
# RESPONSE FC=2B
|
||||
function deliver_EncapInterfaceTransportResponse(header: ModbusTCP_TransportHeader, message: EncapInterfaceTransportResponse): bool
|
||||
%{
|
||||
if ( ::modbus_encap_interface_transport_response )
|
||||
{
|
||||
zeek::BifEvent::enqueue_modbus_encap_interface_transport_response(
|
||||
connection()->zeek_analyzer(), connection()->zeek_analyzer()->Conn(),
|
||||
HeaderToVal(header), ${message.mei_type}, to_stringval(${message.data}));
|
||||
}
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
||||
};
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ enum function_codes {
|
|||
WRITE_SINGLE_COIL = 0x05,
|
||||
WRITE_SINGLE_REGISTER = 0x06,
|
||||
# READ_EXCEPTION_STATUS = 0x07,
|
||||
DIAGNOSTICS = 0x08,
|
||||
# DIAGNOSTICS = 0x08,
|
||||
# GET_COMM_EVENT_COUNTER = 0x0B,
|
||||
# GET_COMM_EVENT_LOG = 0x0C,
|
||||
WRITE_MULTIPLE_COILS = 0x0F,
|
||||
|
|
@ -48,7 +48,6 @@ enum function_codes {
|
|||
WRITE_SINGLE_COIL_EXCEPTION = 0x85,
|
||||
WRITE_SINGLE_REGISTER_EXCEPTION = 0x86,
|
||||
READ_EXCEPTION_STATUS_EXCEPTION = 0x87,
|
||||
DIAGNOSTICS_EXCEPTION = 0x88,
|
||||
WRITE_MULTIPLE_COILS_EXCEPTION = 0x8F,
|
||||
WRITE_MULTIPLE_REGISTERS_EXCEPTION = 0x90,
|
||||
READ_FILE_RECORD_EXCEPTION = 0x94,
|
||||
|
|
@ -56,25 +55,6 @@ enum function_codes {
|
|||
MASK_WRITE_REGISTER_EXCEPTION = 0x96,
|
||||
READ_WRITE_MULTIPLE_REGISTERS_EXCEPTION = 0x97,
|
||||
READ_FIFO_QUEUE_EXCEPTION = 0x98,
|
||||
ENCAP_INTERFACE_TRANSPORT_EXCEPTION = 0xAB,
|
||||
};
|
||||
|
||||
enum diagnostic_subfunctions {
|
||||
DIAGNOSTICS_RETURN_QUERY_DATA = 0x00,
|
||||
DIAGNOSTICS_RESTART_COMMUNICATIONS_OPTION = 0x01,
|
||||
DIAGNOSTICS_RETURN_DIAGNOSTIC_REGISTER = 0x02,
|
||||
DIAGNOSTICS_CHANGE_ASCII_INPUT_DELIMITER = 0x03,
|
||||
DIAGNOSTICS_FORCE_LISTEN_ONLY_MODE = 0x04,
|
||||
DIAGNOSTICS_CLEAR_COUNTERS_AND_DIAGNOSTIC_REGISTER = 0x0A,
|
||||
DIAGNOSTICS_RETURN_BUS_MESSAGE_COUNT = 0x0B,
|
||||
DIAGNOSTICS_RETURN_BUS_COMMUNICATION_ERROR_COUNT = 0x0C,
|
||||
DIAGNOSTICS_RETURN_BUS_EXCEPTION_ERROR_COUNT = 0x0D,
|
||||
DIAGNOSTICS_RETURN_SERVER_MESSAGE_COUNT = 0x0E,
|
||||
DIAGNOSTICS_RETURN_SERVER_NO_RESPONSE_COUNT = 0x0F,
|
||||
DIAGNOSTICS_RETURN_SERVER_NAK_COUNT = 0x10,
|
||||
DIAGNOSTICS_RETURN_SERVER_BUSY_COUNT = 0x11,
|
||||
DIAGNOSTICS_RETURN_BUS_CHARACTER_OVERRUN_COUNT = 0x12,
|
||||
DIAGNOSTICS_CLEAR_OVERRUN_COUNTER_AND_FLAG = 0x14,
|
||||
};
|
||||
|
||||
# Main Modbus/TCP PDU
|
||||
|
|
@ -106,7 +86,7 @@ type ModbusTCP_Request(header: ModbusTCP_TransportHeader) = case header.fc of {
|
|||
WRITE_SINGLE_COIL -> writeSingleCoil: WriteSingleCoilRequest(header);
|
||||
WRITE_SINGLE_REGISTER -> writeSingleRegister: WriteSingleRegisterRequest(header);
|
||||
#READ_EXCEPTION_STATUS -> readExceptionStatus: ReadExceptionStatusRequest(header);
|
||||
DIAGNOSTICS -> diagnostics: DiagnosticsRequest(header);
|
||||
#DIAGNOSTICS -> diagnostics: DiagnosticsRequest(header);
|
||||
#GET_COMM_EVENT_COUNTER -> getCommEventCounter: GetCommEventCounterRequest(header);
|
||||
#GET_COMM_EVENT_LOG -> getCommEventLog: GetCommEventLogRequest(header);
|
||||
WRITE_MULTIPLE_COILS -> writeMultipleCoils: WriteMultipleCoilsRequest(header);
|
||||
|
|
@ -117,7 +97,7 @@ type ModbusTCP_Request(header: ModbusTCP_TransportHeader) = case header.fc of {
|
|||
MASK_WRITE_REGISTER -> maskWriteRegister: MaskWriteRegisterRequest(header);
|
||||
READ_WRITE_MULTIPLE_REGISTERS -> readWriteMultipleRegisters: ReadWriteMultipleRegistersRequest(header);
|
||||
READ_FIFO_QUEUE -> readFIFOQueue: ReadFIFOQueueRequest(header);
|
||||
ENCAP_INTERFACE_TRANSPORT -> encapInterfaceException: EncapInterfaceTransportRequest(header);
|
||||
#ENCAP_INTERFACE_TRANSPORT
|
||||
|
||||
# All the rest
|
||||
default -> unknown: bytestring &restofdata;
|
||||
|
|
@ -133,7 +113,7 @@ type ModbusTCP_Response(header: ModbusTCP_TransportHeader) = case header.fc of {
|
|||
WRITE_SINGLE_COIL -> writeSingleCoil: WriteSingleCoilResponse(header);
|
||||
WRITE_SINGLE_REGISTER -> writeSingleRegister: WriteSingleRegisterResponse(header);
|
||||
#READ_EXCEPTION_STATUS -> readExceptionStatus: ReadExceptionStatusResponse(header);
|
||||
DIAGNOSTICS -> diagnostics: DiagnosticsResponse(header);
|
||||
#DIAGNOSTICS -> diagnostics: DiagnosticsResponse(header);
|
||||
#GET_COMM_EVENT_COUNTER -> getCommEventCounter: GetCommEventCounterResponse(header);
|
||||
#GET_COMM_EVENT_LOG -> getCommEventLog: GetCommEventLogResponse(header);
|
||||
WRITE_MULTIPLE_COILS -> writeMultipleCoils: WriteMultipleCoilsResponse(header);
|
||||
|
|
@ -144,25 +124,22 @@ type ModbusTCP_Response(header: ModbusTCP_TransportHeader) = case header.fc of {
|
|||
MASK_WRITE_REGISTER -> maskWriteRegister: MaskWriteRegisterResponse(header);
|
||||
READ_WRITE_MULTIPLE_REGISTERS -> readWriteMultipleRegisters: ReadWriteMultipleRegistersResponse(header);
|
||||
READ_FIFO_QUEUE -> readFIFOQueue: ReadFIFOQueueResponse(header);
|
||||
ENCAP_INTERFACE_TRANSPORT -> encapInterfaceException: EncapInterfaceTransportResponse(header);
|
||||
|
||||
# Exceptions
|
||||
READ_HOLDING_REGISTERS_EXCEPTION -> readHoldingRegistersException: Exception(header);
|
||||
WRITE_MULTIPLE_REGISTERS_EXCEPTION -> writeMultRegistersException: Exception(header);
|
||||
READ_COILS_EXCEPTION -> readCoilsException: Exception(header);
|
||||
READ_DISCRETE_INPUTS_EXCEPTION -> readDiscreteInputsException: Exception(header);
|
||||
READ_INPUT_REGISTERS_EXCEPTION -> readInputRegistersException: Exception(header);
|
||||
WRITE_SINGLE_COIL_EXCEPTION -> writeCoilException: Exception(header);
|
||||
WRITE_SINGLE_REGISTER_EXCEPTION -> writeSingleRegisterException: Exception(header);
|
||||
READ_EXCEPTION_STATUS_EXCEPTION -> readExceptionStatusException: Exception(header);
|
||||
DIAGNOSTICS_EXCEPTION -> diagnosticsException: Exception(header);
|
||||
WRITE_MULTIPLE_COILS_EXCEPTION -> forceMultipleCoilsException: Exception(header);
|
||||
READ_FILE_RECORD_EXCEPTION -> readGeneralReferenceException: Exception(header);
|
||||
WRITE_FILE_RECORD_EXCEPTION -> writeGeneralReferenceException: Exception(header);
|
||||
MASK_WRITE_REGISTER_EXCEPTION -> maskWriteRegisterException: Exception(header);
|
||||
READ_WRITE_MULTIPLE_REGISTERS_EXCEPTION -> readWriteRegistersException: Exception(header);
|
||||
READ_FIFO_QUEUE_EXCEPTION -> readFIFOQueueException: Exception(header);
|
||||
ENCAP_INTERFACE_TRANSPORT_EXCEPTION -> encapInterfaceTransportException: Exception(header);
|
||||
READ_HOLDING_REGISTERS_EXCEPTION -> readHoldingRegistersException: Exception(header);
|
||||
WRITE_MULTIPLE_REGISTERS_EXCEPTION -> writeMultRegistersException: Exception(header);
|
||||
READ_COILS_EXCEPTION -> readCoilsException: Exception(header);
|
||||
READ_DISCRETE_INPUTS_EXCEPTION -> readDiscreteInputsException: Exception(header);
|
||||
READ_INPUT_REGISTERS_EXCEPTION -> readInputRegistersException: Exception(header);
|
||||
WRITE_SINGLE_COIL_EXCEPTION -> writeCoilException: Exception(header);
|
||||
WRITE_SINGLE_REGISTER_EXCEPTION -> writeSingleRegisterException: Exception(header);
|
||||
READ_EXCEPTION_STATUS_EXCEPTION -> readExceptionStatusException: Exception(header);
|
||||
WRITE_MULTIPLE_COILS_EXCEPTION -> forceMultipleCoilsException: Exception(header);
|
||||
READ_FILE_RECORD_EXCEPTION -> readGeneralReferenceException: Exception(header);
|
||||
WRITE_FILE_RECORD_EXCEPTION -> writeGeneralReferenceException: Exception(header);
|
||||
MASK_WRITE_REGISTER_EXCEPTION -> maskWriteRegisterException: Exception(header);
|
||||
READ_WRITE_MULTIPLE_REGISTERS_EXCEPTION -> readWriteRegistersException: Exception(header);
|
||||
READ_FIFO_QUEUE_EXCEPTION -> readFIFOQueueException: Exception(header);
|
||||
|
||||
# All the rest
|
||||
default -> unknown: bytestring &restofdata;
|
||||
|
|
@ -270,22 +247,6 @@ type WriteSingleRegisterResponse(header: ModbusTCP_TransportHeader) = record {
|
|||
deliver: bool = $context.flow.deliver_WriteSingleRegisterResponse(header, this);
|
||||
} &byteorder=bigendian;
|
||||
|
||||
# REQUEST FC=8
|
||||
type DiagnosticsRequest(header: ModbusTCP_TransportHeader) = record {
|
||||
subfunction: uint16;
|
||||
data: bytestring &restofdata;
|
||||
} &let {
|
||||
deliver: bool = $context.flow.deliver_DiagnosticsRequest(header, this);
|
||||
} &byteorder=bigendian;
|
||||
|
||||
# RESPONSE FC=8
|
||||
type DiagnosticsResponse(header: ModbusTCP_TransportHeader) = record {
|
||||
subfunction: uint16;
|
||||
data: bytestring &restofdata;
|
||||
} &let {
|
||||
deliver: bool = $context.flow.deliver_DiagnosticsResponse(header, this);
|
||||
} &byteorder=bigendian;
|
||||
|
||||
# REQUEST FC=15
|
||||
type WriteMultipleCoilsRequest(header: ModbusTCP_TransportHeader) = record {
|
||||
start_address: uint16;
|
||||
|
|
@ -344,7 +305,7 @@ type ReadFileRecordRequest(header: ModbusTCP_TransportHeader) = record {
|
|||
type FileRecordResponse = record {
|
||||
file_len: uint8; # &check(file_len >= 0x07 && file_len <= 0xF5);
|
||||
ref_type: uint8; # &check(ref_type == 6);
|
||||
record_data: bytestring &length=file_len;
|
||||
record_data: uint16[file_len/2] &length=file_len;
|
||||
} &byteorder=bigendian;
|
||||
|
||||
# RESPONSE FC=20
|
||||
|
|
@ -357,11 +318,11 @@ type ReadFileRecordResponse(header: ModbusTCP_TransportHeader) = record {
|
|||
|
||||
# Support data structure for the two following message types.
|
||||
type ReferenceWithData = record {
|
||||
ref_type: uint8;
|
||||
file_num: uint16;
|
||||
record_num: uint16;
|
||||
record_length: uint16;
|
||||
record_data: bytestring &length=record_length*2;
|
||||
ref_type: uint8;
|
||||
file_num: uint16;
|
||||
record_num: uint16;
|
||||
word_count: uint16;
|
||||
register_value: uint16[word_count];
|
||||
} &byteorder=bigendian;
|
||||
|
||||
# REQUEST FC=21
|
||||
|
|
@ -433,19 +394,3 @@ type ReadFIFOQueueResponse(header: ModbusTCP_TransportHeader) = record {
|
|||
} &let {
|
||||
deliver: bool = $context.flow.deliver_ReadFIFOQueueResponse(header, this);
|
||||
} &byteorder=bigendian;
|
||||
|
||||
# REQUEST FC=2B
|
||||
type EncapInterfaceTransportRequest(header: ModbusTCP_TransportHeader) = record {
|
||||
mei_type: uint8;
|
||||
data: bytestring &restofdata;
|
||||
} &let {
|
||||
deliver: bool = $context.flow.deliver_EncapInterfaceTransportRequest(header, this);
|
||||
} &byteorder=bigendian;
|
||||
|
||||
# RESPONSE FC=2B
|
||||
type EncapInterfaceTransportResponse(header: ModbusTCP_TransportHeader) = record {
|
||||
mei_type: uint8;
|
||||
data: bytestring &restofdata;
|
||||
} &let {
|
||||
deliver: bool = $context.flow.deliver_EncapInterfaceTransportResponse(header, this);
|
||||
} &byteorder=bigendian;
|
||||
|
|
|
|||
|
|
@ -176,12 +176,6 @@ module GLOBAL;
|
|||
type ModbusHeaders: record;
|
||||
type ModbusCoils: vector;
|
||||
type ModbusRegisters: vector;
|
||||
type ModbusFileRecordRequest: record;
|
||||
type ModbusFileRecordRequests: vector;
|
||||
type ModbusFileRecordResponse: record;
|
||||
type ModbusFileRecordResponses: vector;
|
||||
type ModbusFileReference: record;
|
||||
type ModbusFileReferences: vector;
|
||||
|
||||
type PE::DOSHeader: record;
|
||||
type PE::FileHeader: record;
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
5 of 36 events triggered by trace
|
||||
5 of 28 events triggered by trace
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -1,2 +1,2 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
5 of 36 events triggered by trace
|
||||
5 of 28 events triggered by trace
|
||||
|
|
|
|||
|
|
@ -1,65 +1,65 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], T
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=6], 0, 3
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], [F, F, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], [F, F, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], [F, T, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], [F, T, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], [T, F, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], [T, F, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], [T, T, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1, len=4], [T, T, T, F, F, F, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], 0, [F, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], 0, [F, F, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], 0, [F, T, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], 0, [F, T, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], 0, [T, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], 0, [T, F, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], 0, [T, T, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=8], 0, [T, T, T]
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15, len=6], 0, 3
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], T
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], [F, F, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], [F, F, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], [F, T, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], [F, T, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], [T, F, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], [T, F, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], [T, T, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=1], [T, T, T, F, F, F, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, [F, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, [F, F, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, [F, T, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, [F, T, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, [T, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, [T, F, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, [T, T, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, [T, T, T]
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, uid=1, function_code=15], 0, 3
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.2.42 54297 192.168.88.100 502 tcp modbus 0.022532 11 18 OTH T T 0 Dd 1 51 1 58 -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.2.42 54298 192.168.88.100 502 tcp modbus 3.019519 11 9 OTH T T 0 Dd 1 51 1 49 -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
22 of 36 events triggered by trace
|
||||
18 of 28 events triggered by trace
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -8,13 +8,9 @@
|
|||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tid unit func pdu_type exception
|
||||
#types time string addr port addr port count count string string string
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 DIAGNOSTICS REQ -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 unknown-136 RESP GATEWAY_TARGET_DEVICE_FAILED_TO_RESPOND
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 DIAGNOSTICS REQ -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 unknown-136 RESP GATEWAY_TARGET_DEVICE_FAILED_TO_RESPOND
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 DIAGNOSTICS REQ -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 unknown-136 RESP GATEWAY_TARGET_DEVICE_FAILED_TO_RESPOND
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 DIAGNOSTICS REQ -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 unknown-136 RESP GATEWAY_TARGET_DEVICE_FAILED_TO_RESPOND
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 DIAGNOSTICS REQ -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 DIAGNOSTICS RESP -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.57 2578 10.0.0.3 502 0 10 DIAGNOSTICS REQ -
|
||||
|
|
@ -123,7 +119,6 @@ XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 0 1
|
|||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 0 1 unknown-42 RESP -
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 0 1 ENCAP_INTERFACE_TRANSPORT REQ -
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 0 1 unknown-171 RESP -
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 0 1 unknown-171 RESP ILLEGAL_FUNCTION
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 0 1 unknown-44 REQ -
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 0 1 unknown-172 RESP -
|
||||
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 192.168.66.235 2582 166.161.16.230 502 0 1 unknown-45 REQ -
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=1119, pid=0, uid=255, function_code=4, len=6], 900, 147
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=2606, pid=0, uid=255, function_code=4, len=203], [0, 0, 0, 0, 0, 0, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=12993, pid=0, uid=255, function_code=4, len=6], 400, 100
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=17667, pid=0, uid=255, function_code=4, len=203], [49, 18012, 51, 42, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 54324, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 69, 63, 64, 65, 66, 67, 68, 49, 189, 51, 52, 53, 54, 4151, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 136, 49, 50, 51, 212, 53, 54, 170, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=1119, pid=0, uid=255, function_code=4], 900, 147
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=2606, pid=0, uid=255, function_code=4], [0, 0, 0, 0, 0, 0, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=12993, pid=0, uid=255, function_code=4], 400, 100
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=17667, pid=0, uid=255, function_code=4], [49, 18012, 51, 42, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 54324, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 69, 63, 64, 65, 66, 67, 68, 49, 189, 51, 52, 53, 54, 4151, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 136, 49, 50, 51, 212, 53, 54, 170, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
|
|
|
|||
|
|
@ -3,7 +3,3 @@ These are the trace files that are used by the Zeek test suite.
|
|||
Note to maintainers: please take care when modifying/removing files from here.
|
||||
We install these traces with the Zeek distribution and external packages might
|
||||
depend on them for tests.
|
||||
|
||||
Trace Index/Sources:
|
||||
|
||||
- modbus/modbus-eit.trace: Sourced from https://www.netresec.com/?page=PCAP4SICS, credit to https://cs3sthlm.se/. The packets in this trace were pulled from the 4SICS-GeekLounge-151021.pcap file.
|
||||
Binary file not shown.
|
|
@ -1,15 +1,11 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output
|
||||
# @TEST-EXEC: mv conn.log conn-first.log
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/modbus/modbus-eit.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >>output
|
||||
# @TEST-EXEC: mv conn.log conn-second.log
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered
|
||||
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total
|
||||
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
|
||||
# @TEST-EXEC: btest-diff coverage
|
||||
# @TEST-EXEC: btest-diff conn-first.log
|
||||
# @TEST-EXEC: btest-diff conn-second.log
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
|
||||
@load base/protocols/modbus
|
||||
@load base/protocols/conn
|
||||
|
|
@ -106,24 +102,24 @@ event modbus_write_multiple_registers_response(c: connection, headers: ModbusHea
|
|||
print "modbus_write_multiple_registers_response", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_read_file_record_request(c: connection, headers: ModbusHeaders, byte_count: count, refs: ModbusFileRecordRequests)
|
||||
event modbus_read_file_record_request(c: connection, headers: ModbusHeaders)
|
||||
{
|
||||
print "modbus_read_file_record_request", c$id, headers, byte_count, refs;
|
||||
print "modbus_read_file_record_request", c$id, headers;
|
||||
}
|
||||
|
||||
event modbus_read_file_record_response(c: connection, headers: ModbusHeaders, byte_count: count, refs: ModbusFileRecordResponses)
|
||||
event modbus_read_file_record_response(c: connection, headers: ModbusHeaders)
|
||||
{
|
||||
print "modbus_read_file_record_response", c$id, headers, byte_count, refs;
|
||||
print "modbus_read_file_record_response", c$id, headers;
|
||||
}
|
||||
|
||||
event modbus_write_file_record_request(c: connection, headers: ModbusHeaders, byte_count: count, refs: ModbusFileReferences)
|
||||
event modbus_write_file_record_request(c: connection, headers: ModbusHeaders)
|
||||
{
|
||||
print "modbus_write_file_record_request", c$id, headers, byte_count, refs;
|
||||
print "modbus_write_file_record_request", c$id, headers;
|
||||
}
|
||||
|
||||
event modbus_write_file_record_response(c: connection, headers: ModbusHeaders, byte_count: count, refs: ModbusFileReferences)
|
||||
event modbus_write_file_record_response(c: connection, headers: ModbusHeaders)
|
||||
{
|
||||
print "modbus_write_file_record_response", c$id, headers, byte_count, refs;
|
||||
print "modbus_write_file_record_response", c$id, headers;
|
||||
}
|
||||
|
||||
event modbus_mask_write_register_request(c: connection, headers: ModbusHeaders, address: count, and_mask: count, or_mask: count)
|
||||
|
|
@ -156,22 +152,3 @@ event modbus_read_fifo_queue_response(c: connection, headers: ModbusHeaders, fif
|
|||
print "modbus_read_fifo_queue_response", c$id, headers, fifos;
|
||||
}
|
||||
|
||||
event modbus_diagnostics_request(c: connection, headers: ModbusHeaders, subfunction: count, data: string)
|
||||
{
|
||||
print "modbus_diagnostics_request", c$id, headers, subfunction, data;
|
||||
}
|
||||
|
||||
event modbus_diagnostics_response(c: connection, headers: ModbusHeaders, subfunction: count, data: string)
|
||||
{
|
||||
print "modbus_diagnostics_response", c$id, headers, subfunction, data;
|
||||
}
|
||||
|
||||
event modbus_encap_interface_transport_request(c: connection, headers: ModbusHeaders, mei_type: count, data: string)
|
||||
{
|
||||
print "modbus_encap_interface_transport_request", c$id, headers, mei_type, data;
|
||||
}
|
||||
|
||||
event modbus_encap_interface_transport_response(c: connection, headers: ModbusHeaders, mei_type: count, data: string)
|
||||
{
|
||||
print "modbus_encap_interface_transport_response", c$id, headers, mei_type, data;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue