1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
/*
* Copyright (C) 2014 ANSSI
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \file
*
* \author David DIALLO <diallo@et.esiea.fr>
*/
#ifndef __APP_LAYER_MODBUS_H__
#define __APP_LAYER_MODBUS_H__
#include "decode.h"
#include "detect-engine-state.h"
#include "queue.h"
/* Modbus Application Data Unit (ADU)
* and Protocol Data Unit (PDU) messages */
enum {
MODBUS_DECODER_EVENT_INVALID_PROTOCOL_ID,
MODBUS_DECODER_EVENT_UNSOLICITED_RESPONSE,
MODBUS_DECODER_EVENT_INVALID_LENGTH,
MODBUS_DECODER_EVENT_INVALID_UNIT_IDENTIFIER,
MODBUS_DECODER_EVENT_INVALID_FUNCTION_CODE,
MODBUS_DECODER_EVENT_INVALID_VALUE,
MODBUS_DECODER_EVENT_INVALID_EXCEPTION_CODE,
MODBUS_DECODER_EVENT_VALUE_MISMATCH,
MODBUS_DECODER_EVENT_FLOODED,
};
/* Modbus Function Code Categories. */
#define MODBUS_CAT_NONE 0x0
#define MODBUS_CAT_PUBLIC_ASSIGNED (1<<0)
#define MODBUS_CAT_PUBLIC_UNASSIGNED (1<<1)
#define MODBUS_CAT_USER_DEFINED (1<<2)
#define MODBUS_CAT_RESERVED (1<<3)
#define MODBUS_CAT_ALL 0xFF
/* Modbus Read/Write function and Access Types. */
#define MODBUS_TYP_NONE 0x0
#define MODBUS_TYP_ACCESS_MASK 0x03
#define MODBUS_TYP_READ (1<<0)
#define MODBUS_TYP_WRITE (1<<1)
#define MODBUS_TYP_ACCESS_FUNCTION_MASK 0x3C
#define MODBUS_TYP_BIT_ACCESS_MASK 0x0C
#define MODBUS_TYP_DISCRETES (1<<2)
#define MODBUS_TYP_COILS (1<<3)
#define MODBUS_TYP_WORD_ACCESS_MASK 0x30
#define MODBUS_TYP_INPUT (1<<4)
#define MODBUS_TYP_HOLDING (1<<5)
#define MODBUS_TYP_SINGLE (1<<6)
#define MODBUS_TYP_MULTIPLE (1<<7)
#define MODBUS_TYP_WRITE_SINGLE (MODBUS_TYP_WRITE | MODBUS_TYP_SINGLE)
#define MODBUS_TYP_WRITE_MULTIPLE (MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)
#define MODBUS_TYP_READ_WRITE_MULTIPLE (MODBUS_TYP_READ | MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)
/* Modbus Transaction Structure, request/response. */
typedef struct ModbusTransaction_ {
struct ModbusState_ *modbus;
uint64_t tx_num; /**< internal: id */
uint16_t transactionId;
uint16_t length;
uint8_t function;
uint8_t category;
uint8_t type;
uint8_t replied; /**< bool indicating request is replied to. */
union {
uint16_t subFunction;
uint8_t mei;
struct {
struct {
uint16_t address;
uint16_t quantity;
} read;
struct {
uint16_t address;
uint16_t quantity;
uint8_t count;
} write;
};
};
uint16_t *data; /**< to store data to write, bit is converted in 16bits. */
AppLayerDecoderEvents *decoder_events; /**< per tx events */
DetectEngineState *de_state;
TAILQ_ENTRY(ModbusTransaction_) next;
} ModbusTransaction;
/* Modbus State Structure. */
typedef struct ModbusState_ {
TAILQ_HEAD(, ModbusTransaction_) tx_list; /**< transaction list */
ModbusTransaction *curr; /**< ptr to current tx */
uint64_t transaction_max;
uint32_t unreplied_cnt; /**< number of unreplied requests */
uint16_t events;
uint8_t givenup; /**< bool indicating flood. */
} ModbusState;
void RegisterModbusParsers(void);
void ModbusParserRegisterTests(void);
#endif /* __APP_LAYER_MODBUS_H__ */
|