Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/doc/scripts/policy/protocols/modbus/track-memmap.bro.rst
Jon Siwek 7e9d48f532 Remove broxygen Sphinx integration 
The broxygen-generated files now live in the git repo, have tests
that check that they are up-to-date, and a script to re-generate
them on-demand.
2018-12-18 10:15:22 -06:00

126 lines
4.2 KiB
ReStructuredText
Raw Blame History

:tocdepth: 3
policy/protocols/modbus/track-memmap.bro
========================================
.. bro:namespace:: Modbus
This script tracks the memory map of holding (read/write) registers and logs
changes as they are discovered.
.. todo:: Not all register read and write functions are supported yet.
:Namespace: Modbus
:Imports: :doc:`base/protocols/modbus </scripts/base/protocols/modbus/index>`, :doc:`base/utils/directions-and-hosts.bro </scripts/base/utils/directions-and-hosts.bro>`
Summary
~~~~~~~
Runtime Options
###############
=================================================================== ==================================================
:bro:id:`Modbus::track_memmap`: :bro:type:`Host` :bro:attr:`&redef` The hosts that should have memory mapping enabled.
=================================================================== ==================================================
State Variables
###############
===================================================== =======================================================
:bro:id:`Modbus::device_registers`: :bro:type:`table` The memory map of slaves is tracked with this variable.
===================================================== =======================================================
Types
#####
===================================================== =====================================================================
:bro:type:`Modbus::MemmapInfo`: :bro:type:`record`
:bro:type:`Modbus::RegisterValue`: :bro:type:`record`
:bro:type:`Modbus::Registers`: :bro:type:`table` Indexed on the device register value and yielding the register value.
===================================================== =====================================================================
Redefinitions
#############
============================================ =
:bro:type:`Log::ID`: :bro:type:`enum`
:bro:type:`Modbus::Info`: :bro:type:`record`
============================================ =
Events
######
===================================================== =====================================================================
:bro:id:`Modbus::changed_register`: :bro:type:`event` This event is generated every time a register is seen to be different
than it was previously seen to be.
===================================================== =====================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Runtime Options
###############
.. bro:id:: Modbus::track_memmap
:Type: :bro:type:`Host`
:Attributes: :bro:attr:`&redef`
:Default: ``ALL_HOSTS``
The hosts that should have memory mapping enabled.
State Variables
###############
.. bro:id:: Modbus::device_registers
:Type: :bro:type:`table` [:bro:type:`addr`] of :bro:type:`Modbus::Registers`
:Default: ``{}``
The memory map of slaves is tracked with this variable.
Types
#####
.. bro:type:: Modbus::MemmapInfo
:Type: :bro:type:`record`
ts: :bro:type:`time` :bro:attr:`&log`
Timestamp for the detected register change.
uid: :bro:type:`string` :bro:attr:`&log`
Unique ID for the connection.
id: :bro:type:`conn_id` :bro:attr:`&log`
Connection ID.
register: :bro:type:`count` :bro:attr:`&log`
The device memory offset.
old_val: :bro:type:`count` :bro:attr:`&log`
The old value stored in the register.
new_val: :bro:type:`count` :bro:attr:`&log`
The new value stored in the register.
delta: :bro:type:`interval` :bro:attr:`&log`
The time delta between when the *old_val* and *new_val* were
seen.
.. bro:type:: Modbus::RegisterValue
:Type: :bro:type:`record`
last_set: :bro:type:`time`
value: :bro:type:`count`
.. bro:type:: Modbus::Registers
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`Modbus::RegisterValue`
Indexed on the device register value and yielding the register value.
Events
######
.. bro:id:: Modbus::changed_register
:Type: :bro:type:`event` (c: :bro:type:`connection`, register: :bro:type:`count`, old_val: :bro:type:`count`, new_val: :bro:type:`count`, delta: :bro:type:`interval`)
This event is generated every time a register is seen to be different
than it was previously seen to be.
Reference in a new issue View git blame Copy permalink