Remove byte count parameter from modbus events carrying register arrays

Instead of these events being generated for invalid byte count values (they should always be even, not odd), a protocol_violation is raised. modbus_read_holding_registers_response modbus_read_input_registers_response modbus_write_multiple_registers_request modbus_read_write_multiple_registers_request modbus_read_write_multiple_registers_response modbus_read_fifo_queue_respons
2025-10-03 23:28:20 +00:00 · 2012-11-13 12:09:14 -06:00 · 2012-11-13 12:09:14 -06:00 · fd5eb23fa6
commit fd5eb23fa6
parent c911d03c30
6 changed files with 64 additions and 38 deletions
--- a/testing/btest/scripts/base/protocols/modbus/events.bro
+++ b/testing/btest/scripts/base/protocols/modbus/events.bro
@ -41,7 +41,7 @@ event modbus_read_holding_registers_request(c: connection, headers: ModbusHeader
    print "modbus_read_holding_registers_request", c, headers, start_address, quantity;
 }

-event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, byte_count: count, registers: ModbusRegisters)
+event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters)
 {
    print "modbus_read_holding_registers_response", c, headers, registers;
 }
@ -51,7 +51,7 @@ event modbus_read_input_registers_request(c: connection, headers: ModbusHeaders,
    print "modbus_read_input_registers_request", c, headers, start_address, quantity;
 }

-event modbus_read_input_registers_response(c: connection, headers: ModbusHeaders, byte_count: count, registers: ModbusRegisters)
+event modbus_read_input_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters)
 {
    print "modbus_read_input_registers_response", c, headers, registers;
 }
@ -86,7 +86,7 @@ event modbus_write_multiple_coils_response(c: connection, headers: ModbusHeaders
    print "modbus_write_multiple_coils_response", c, headers, start_address, quantity;
 }

-event modbus_write_multiple_registers_request(c: connection, headers: ModbusHeaders, start_address: count, byte_count: count, registers: ModbusRegisters)
+event modbus_write_multiple_registers_request(c: connection, headers: ModbusHeaders, start_address: count, registers: ModbusRegisters)
 {
    print "modbus_write_multiple_registers_request", c, headers, start_address, registers;
 }
@ -126,12 +126,12 @@ event modbus_mask_write_register_response(c: connection, headers: ModbusHeaders,
    print "modbus_mask_write_register_response", c, headers, address, and_mask, or_mask;
 }

-event modbus_read_write_multiple_registers_request(c: connection, headers: ModbusHeaders, read_start_address: count, read_quantity: count, write_start_address: count, write_byte_count: count, write_registers: ModbusRegisters)
+event modbus_read_write_multiple_registers_request(c: connection, headers: ModbusHeaders, read_start_address: count, read_quantity: count, write_start_address: count, write_registers: ModbusRegisters)
 {
    print "modbus_read_write_multiple_registers_request", c, headers, read_start_address, read_quantity, write_start_address, write_registers;
 }

-event modbus_read_write_multiple_registers_response(c: connection, headers: ModbusHeaders, byte_count: count, written_registers: ModbusRegisters)
+event modbus_read_write_multiple_registers_response(c: connection, headers: ModbusHeaders, written_registers: ModbusRegisters)
 {
    print "modbus_read_write_multiple_registers_response", c, headers, written_registers;
 }
@ -141,7 +141,7 @@ event modbus_read_fifo_queue_request(c: connection, headers: ModbusHeaders, star
    print "modbus_read_fifo_queue_request", c, headers, start_address;
 }

-event modbus_read_fifo_queue_response(c: connection, headers: ModbusHeaders, byte_count: count, fifos: ModbusRegisters)
+event modbus_read_fifo_queue_response(c: connection, headers: ModbusHeaders, fifos: ModbusRegisters)
 {
    print "modbus_read_fifo_queue_response", c, headers, fifos;
 }
--- a/testing/btest/scripts/base/protocols/modbus/register_parsing.bro
+++ b/testing/btest/scripts/base/protocols/modbus/register_parsing.bro
@ -6,15 +6,16 @@
 # of register values, with the quantity being derived from a byte count value
 # that is also sent.  If the byte count value is invalid (e.g. an odd value
 # might not be valid since registers must be 2-byte values), then the parser
-# should not trigger any asserts, but the resulting event could indicate
-# the strangeness (i.e. byte_count != 2*|registers|).
+# should not trigger any asserts, but generate a protocol_violation (in this
+# case TCP_ApplicationAnalyzer::ProtocolViolation asserts its behavior for
+# incomplete connections).

 event modbus_read_input_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
 	{
 	print "modbus_read_input_registers_request", c$id, headers, start_address, quantity;
 	}

-event modbus_read_input_registers_response(c: connection, headers: ModbusHeaders, byte_count: count, registers: ModbusRegisters)
+event modbus_read_input_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters)
 	{
-	print "modbus_read_input_registers_response", c$id, headers, registers, |registers|, byte_count;
+	print "modbus_read_input_registers_response", c$id, headers, registers, |registers|;
 	}