suricata
Data Structures | Macros | Typedefs | Functions | Variables
app-layer-modbus.c File Reference
#include "suricata-common.h"
#include "util-debug.h"
#include "util-byte.h"
#include "util-enum.h"
#include "util-mem.h"
#include "util-misc.h"
#include "stream.h"
#include "stream-tcp.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-modbus.h"
#include "app-layer-detect-proto.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "decode.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "flow-util.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "stream-tcp-private.h"
Include dependency graph for app-layer-modbus.c:

Go to the source code of this file.

Data Structures

struct  ModbusHeader_
 
struct  ModbusFunctionCodeRange_
 

Macros

#define MODBUS_MIN_ADU_LEN   2
 
#define MODBUS_MAX_ADU_LEN   254
 
#define MODBUS_PROTOCOL_VER   0
 
#define MODBUS_MIN_INVALID_UNIT_ID   247
 
#define MODBUS_MAX_INVALID_UNIT_ID   255
 
#define MODBUS_MIN_QUANTITY   0
 
#define MODBUS_MAX_QUANTITY_IN_BIT_ACCESS   2000
 
#define MODBUS_MAX_QUANTITY_IN_WORD_ACCESS   125
 
#define MODBUS_MIN_COUNT   1
 
#define MODBUS_MAX_COUNT   250
 
#define MODBUS_FUNC_READCOILS   0x01
 
#define MODBUS_FUNC_READDISCINPUTS   0x02
 
#define MODBUS_FUNC_READHOLDREGS   0x03
 
#define MODBUS_FUNC_READINPUTREGS   0x04
 
#define MODBUS_FUNC_WRITESINGLECOIL   0x05
 
#define MODBUS_FUNC_WRITESINGLEREG   0x06
 
#define MODBUS_FUNC_READEXCSTATUS   0x07
 
#define MODBUS_FUNC_DIAGNOSTIC   0x08
 
#define MODBUS_FUNC_GETCOMEVTCOUNTER   0x0b
 
#define MODBUS_FUNC_GETCOMEVTLOG   0x0c
 
#define MODBUS_FUNC_WRITEMULTCOILS   0x0f
 
#define MODBUS_FUNC_WRITEMULTREGS   0x10
 
#define MODBUS_FUNC_REPORTSERVERID   0x11
 
#define MODBUS_FUNC_READFILERECORD   0x14
 
#define MODBUS_FUNC_WRITEFILERECORD   0x15
 
#define MODBUS_FUNC_MASKWRITEREG   0x16
 
#define MODBUS_FUNC_READWRITEMULTREGS   0x17
 
#define MODBUS_FUNC_READFIFOQUEUE   0x18
 
#define MODBUS_FUNC_ENCAPINTTRANS   0x2b
 
#define MODBUS_FUNC_MASK   0x7f
 
#define MODBUS_FUNC_ERRORMASK   0x80
 
#define MODBUS_SUBFUNC_QUERY_DATA   0x00
 
#define MODBUS_SUBFUNC_RESTART_COM   0x01
 
#define MODBUS_SUBFUNC_DIAG_REGS   0x02
 
#define MODBUS_SUBFUNC_CHANGE_DELIMITER   0x03
 
#define MODBUS_SUBFUNC_LISTEN_MODE   0x04
 
#define MODBUS_SUBFUNC_CLEAR_REGS   0x0a
 
#define MODBUS_SUBFUNC_BUS_MSG_COUNT   0x0b
 
#define MODBUS_SUBFUNC_COM_ERR_COUNT   0x0c
 
#define MODBUS_SUBFUNC_EXCEPT_ERR_COUNT   0x0d
 
#define MODBUS_SUBFUNC_SERVER_MSG_COUNT   0x0e
 
#define MODBUS_SUBFUNC_SERVER_NO_RSP_COUNT   0x0f
 
#define MODBUS_SUBFUNC_SERVER_NAK_COUNT   0x10
 
#define MODBUS_SUBFUNC_SERVER_BUSY_COUNT   0x11
 
#define MODBUS_SUBFUNC_SERVER_CHAR_COUNT   0x12
 
#define MODBUS_SUBFUNC_CLEAR_COUNT   0x14
 
#define MODBUS_MEI_ENCAPINTTRANS_CAN   0x0d
 
#define MODBUS_MEI_ENCAPINTTRANS_READ   0x0e
 
#define MODBUS_ERROR_CODE_ILLEGAL_FUNCTION   0x01
 
#define MODBUS_ERROR_CODE_ILLEGAL_DATA_ADDRESS   0x02
 
#define MODBUS_ERROR_CODE_ILLEGAL_DATA_VALUE   0x03
 
#define MODBUS_ERROR_CODE_SERVER_DEVICE_FAILURE   0x04
 
#define MODBUS_ERROR_CODE_MEMORY_PARITY_ERROR   0x08
 
#define MODBUS_TYP_WRITE_SINGLE   (MODBUS_TYP_WRITE | MODBUS_TYP_SINGLE)
 
#define MODBUS_TYP_WRITE_MULTIPLE   (MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)
 
#define MODBUS_TYP_READ_WRITE_MULTIPLE   (MODBUS_TYP_READ | MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)
 
#define CEIL(quantity)   (((quantity) + 7)>>3)
 
#define MODBUS_CONFIG_DEFAULT_REQUEST_FLOOD   500
 
#define MODBUS_CONFIG_DEFAULT_STREAM_DEPTH   0
 

Typedefs

typedef struct ModbusHeader_ ModbusHeader
 
typedef struct ModbusFunctionCodeRange_ ModbusFunctionCodeRange
 

Functions

struct ModbusHeader_ __attribute__ ((__packed__))
 DNP3 link header. More...
 
void RegisterModbusParsers (void)
 Function to register the Modbus protocol parsers and other functions. More...
 
void ModbusParserRegisterTests (void)
 

Variables

SCEnumCharMap modbus_decoder_event_table []
 
uint16_t transactionId
 
uint16_t protocolId
 
uint16_t length
 
uint8_t unitId
 

Detailed Description

Author
David DIALLO diall.nosp@m.o@et.nosp@m..esie.nosp@m.a.fr

App-layer parser for Modbus protocol

Definition in file app-layer-modbus.c.

Macro Definition Documentation

#define CEIL (   quantity)    (((quantity) + 7)>>3)

Definition at line 162 of file app-layer-modbus.c.

#define MODBUS_CONFIG_DEFAULT_REQUEST_FLOOD   500

Definition at line 165 of file app-layer-modbus.c.

#define MODBUS_CONFIG_DEFAULT_STREAM_DEPTH   0

Definition at line 168 of file app-layer-modbus.c.

Referenced by RegisterModbusParsers().

#define MODBUS_ERROR_CODE_ILLEGAL_DATA_ADDRESS   0x02

Definition at line 142 of file app-layer-modbus.c.

#define MODBUS_ERROR_CODE_ILLEGAL_DATA_VALUE   0x03

Definition at line 143 of file app-layer-modbus.c.

#define MODBUS_ERROR_CODE_ILLEGAL_FUNCTION   0x01

Definition at line 141 of file app-layer-modbus.c.

#define MODBUS_ERROR_CODE_MEMORY_PARITY_ERROR   0x08

Definition at line 145 of file app-layer-modbus.c.

#define MODBUS_ERROR_CODE_SERVER_DEVICE_FAILURE   0x04

Definition at line 144 of file app-layer-modbus.c.

#define MODBUS_FUNC_DIAGNOSTIC   0x08

Definition at line 104 of file app-layer-modbus.c.

#define MODBUS_FUNC_ENCAPINTTRANS   0x2b

Definition at line 115 of file app-layer-modbus.c.

#define MODBUS_FUNC_ERRORMASK   0x80

Definition at line 117 of file app-layer-modbus.c.

#define MODBUS_FUNC_GETCOMEVTCOUNTER   0x0b

Definition at line 105 of file app-layer-modbus.c.

#define MODBUS_FUNC_GETCOMEVTLOG   0x0c

Definition at line 106 of file app-layer-modbus.c.

#define MODBUS_FUNC_MASK   0x7f

Definition at line 116 of file app-layer-modbus.c.

#define MODBUS_FUNC_MASKWRITEREG   0x16

Definition at line 112 of file app-layer-modbus.c.

#define MODBUS_FUNC_READCOILS   0x01

Definition at line 97 of file app-layer-modbus.c.

#define MODBUS_FUNC_READDISCINPUTS   0x02

Definition at line 98 of file app-layer-modbus.c.

#define MODBUS_FUNC_READEXCSTATUS   0x07

Definition at line 103 of file app-layer-modbus.c.

#define MODBUS_FUNC_READFIFOQUEUE   0x18

Definition at line 114 of file app-layer-modbus.c.

#define MODBUS_FUNC_READFILERECORD   0x14

Definition at line 110 of file app-layer-modbus.c.

#define MODBUS_FUNC_READHOLDREGS   0x03

Definition at line 99 of file app-layer-modbus.c.

#define MODBUS_FUNC_READINPUTREGS   0x04

Definition at line 100 of file app-layer-modbus.c.

#define MODBUS_FUNC_READWRITEMULTREGS   0x17

Definition at line 113 of file app-layer-modbus.c.

#define MODBUS_FUNC_REPORTSERVERID   0x11

Definition at line 109 of file app-layer-modbus.c.

#define MODBUS_FUNC_WRITEFILERECORD   0x15

Definition at line 111 of file app-layer-modbus.c.

#define MODBUS_FUNC_WRITEMULTCOILS   0x0f

Definition at line 107 of file app-layer-modbus.c.

#define MODBUS_FUNC_WRITEMULTREGS   0x10

Definition at line 108 of file app-layer-modbus.c.

#define MODBUS_FUNC_WRITESINGLECOIL   0x05

Definition at line 101 of file app-layer-modbus.c.

#define MODBUS_FUNC_WRITESINGLEREG   0x06

Definition at line 102 of file app-layer-modbus.c.

#define MODBUS_MAX_ADU_LEN   254

Definition at line 78 of file app-layer-modbus.c.

#define MODBUS_MAX_COUNT   250

Definition at line 94 of file app-layer-modbus.c.

#define MODBUS_MAX_INVALID_UNIT_ID   255

Definition at line 85 of file app-layer-modbus.c.

#define MODBUS_MAX_QUANTITY_IN_BIT_ACCESS   2000

Definition at line 89 of file app-layer-modbus.c.

#define MODBUS_MAX_QUANTITY_IN_WORD_ACCESS   125

Definition at line 90 of file app-layer-modbus.c.

#define MODBUS_MEI_ENCAPINTTRANS_CAN   0x0d

Definition at line 137 of file app-layer-modbus.c.

#define MODBUS_MEI_ENCAPINTTRANS_READ   0x0e

Definition at line 138 of file app-layer-modbus.c.

#define MODBUS_MIN_ADU_LEN   2

Definition at line 77 of file app-layer-modbus.c.

#define MODBUS_MIN_COUNT   1

Definition at line 93 of file app-layer-modbus.c.

#define MODBUS_MIN_INVALID_UNIT_ID   247

Definition at line 84 of file app-layer-modbus.c.

#define MODBUS_MIN_QUANTITY   0

Definition at line 88 of file app-layer-modbus.c.

#define MODBUS_PROTOCOL_VER   0

Definition at line 81 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_BUS_MSG_COUNT   0x0b

Definition at line 126 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_CHANGE_DELIMITER   0x03

Definition at line 123 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_CLEAR_COUNT   0x14

Definition at line 134 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_CLEAR_REGS   0x0a

Definition at line 125 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_COM_ERR_COUNT   0x0c

Definition at line 127 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_DIAG_REGS   0x02

Definition at line 122 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_EXCEPT_ERR_COUNT   0x0d

Definition at line 128 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_LISTEN_MODE   0x04

Definition at line 124 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_QUERY_DATA   0x00

Definition at line 120 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_RESTART_COM   0x01

Definition at line 121 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_SERVER_BUSY_COUNT   0x11

Definition at line 132 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_SERVER_CHAR_COUNT   0x12

Definition at line 133 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_SERVER_MSG_COUNT   0x0e

Definition at line 129 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_SERVER_NAK_COUNT   0x10

Definition at line 131 of file app-layer-modbus.c.

#define MODBUS_SUBFUNC_SERVER_NO_RSP_COUNT   0x0f

Definition at line 130 of file app-layer-modbus.c.

#define MODBUS_TYP_READ_WRITE_MULTIPLE   (MODBUS_TYP_READ | MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)

Definition at line 159 of file app-layer-modbus.c.

#define MODBUS_TYP_WRITE_MULTIPLE   (MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)

Definition at line 158 of file app-layer-modbus.c.

#define MODBUS_TYP_WRITE_SINGLE   (MODBUS_TYP_WRITE | MODBUS_TYP_SINGLE)

Definition at line 157 of file app-layer-modbus.c.

Typedef Documentation

typedef struct ModbusFunctionCodeRange_ ModbusFunctionCodeRange
typedef struct ModbusHeader_ ModbusHeader

Definition at line 154 of file app-layer-modbus.c.

Function Documentation

void ModbusParserRegisterTests ( void  )

Definition at line 3025 of file app-layer-modbus.c.

References UtRegisterTest().

Referenced by RegisterModbusParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

void RegisterModbusParsers ( void  )

Function to register the Modbus protocol parsers and other functions.

Definition at line 1462 of file app-layer-modbus.c.

References Flow_::alproto, ALPROTO_MODBUS, Flow_::alstate, AppLayerParserConfParserEnabled(), AppLayerParserParse(), AppLayerParserRegisterDetectStateFuncs(), AppLayerParserRegisterGetEventInfo(), AppLayerParserRegisterGetEventsFunc(), AppLayerParserRegisterGetStateProgressCompletionStatus(), AppLayerParserRegisterGetStateProgressFunc(), AppLayerParserRegisterGetTx(), AppLayerParserRegisterGetTxCnt(), AppLayerParserRegisterLoggerFuncs(), AppLayerParserRegisterParser(), AppLayerParserRegisterParserAcceptableDataDirection(), AppLayerParserRegisterProtocolUnittests(), AppLayerParserRegisterStateFuncs(), AppLayerParserRegisterTxFreeFunc(), AppLayerParserSetStreamDepth(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectPPParseConfPorts(), AppLayerProtoDetectPPRegister(), AppLayerProtoDetectRegisterProtocol(), ConfGetNode(), ModbusTransaction_::data, DE_QUIET, DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), FAIL_IF, FAIL_IF_NOT, FAIL_IF_NULL, Flow_::flags, Packet_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_IPV4, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, ModbusTransaction_::function, MODBUS_CONFIG_DEFAULT_STREAM_DEPTH, ModbusParserRegisterTests(), PacketAlertCheck(), ParseSizeStringU32(), PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, Flow_::protoctx, ModbusTransaction_::read, RunmodeIsUnittests(), SC_ERR_MODBUS_CONFIG, SCEnter, SCFree, SCLogError, SCMalloc, SCRealloc, SCReturn, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigMatchSignatures(), STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), ModbusTransaction_::subFunction, ModbusState_::transaction_max, TRUE, UTHBuildPacket(), UTHFreePackets(), ConfNode_::val, and ModbusTransaction_::write.

Referenced by AppLayerParserRegisterProtocolParsers(), and RegisterAllModules().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

uint16_t length

Definition at line 61 of file app-layer-modbus.c.

Referenced by DetectFastPatternRegister(), DNP3FreeObjectPointList(), DNSStoreAnswerInState(), LiveGetDeviceName(), and SCAsn1CtxInit().

SCEnumCharMap modbus_decoder_event_table[]
Initial value:
= {
{ "INVALID_PROTOCOL_ID", MODBUS_DECODER_EVENT_INVALID_PROTOCOL_ID },
{ "UNSOLICITED_RESPONSE", MODBUS_DECODER_EVENT_UNSOLICITED_RESPONSE },
{ "INVALID_LENGTH", MODBUS_DECODER_EVENT_INVALID_LENGTH },
{ "INVALID_UNIT_IDENTIFIER", MODBUS_DECODER_EVENT_INVALID_UNIT_IDENTIFIER},
{ "INVALID_FUNCTION_CODE", MODBUS_DECODER_EVENT_INVALID_FUNCTION_CODE },
{ "INVALID_VALUE", MODBUS_DECODER_EVENT_INVALID_VALUE },
{ "INVALID_EXCEPTION_CODE", MODBUS_DECODER_EVENT_INVALID_EXCEPTION_CODE },
{ "VALUE_MISMATCH", MODBUS_DECODER_EVENT_VALUE_MISMATCH },
{ "FLOODED", MODBUS_DECODER_EVENT_FLOODED},
{ NULL, -1 },
}

Definition at line 58 of file app-layer-modbus.c.

uint16_t protocolId

Definition at line 60 of file app-layer-modbus.c.

uint16_t transactionId

Definition at line 59 of file app-layer-modbus.c.

uint8_t unitId

Definition at line 62 of file app-layer-modbus.c.