suricata
app-layer-modbus.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2014 ANSSI
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  * 3. The name of the author may not be used to endorse or promote products
14  * derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
17  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
18  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
19  * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 /**
29  * \file
30  *
31  * \author David DIALLO <diallo@et.esiea.fr>
32  */
33 
34 #ifndef __APP_LAYER_MODBUS_H__
35 #define __APP_LAYER_MODBUS_H__
36 
37 #include "decode.h"
38 #include "detect-engine-state.h"
39 #include "queue.h"
40 
41 /* Modbus Application Data Unit (ADU)
42  * and Protocol Data Unit (PDU) messages */
43 enum {
53 };
54 
55 /* Modbus Function Code Categories. */
56 #define MODBUS_CAT_NONE 0x0
57 #define MODBUS_CAT_PUBLIC_ASSIGNED (1<<0)
58 #define MODBUS_CAT_PUBLIC_UNASSIGNED (1<<1)
59 #define MODBUS_CAT_USER_DEFINED (1<<2)
60 #define MODBUS_CAT_RESERVED (1<<3)
61 #define MODBUS_CAT_ALL 0xFF
62 
63 /* Modbus Read/Write function and Access Types. */
64 #define MODBUS_TYP_NONE 0x0
65 #define MODBUS_TYP_ACCESS_MASK 0x03
66 #define MODBUS_TYP_READ (1<<0)
67 #define MODBUS_TYP_WRITE (1<<1)
68 #define MODBUS_TYP_ACCESS_FUNCTION_MASK 0x3C
69 #define MODBUS_TYP_BIT_ACCESS_MASK 0x0C
70 #define MODBUS_TYP_DISCRETES (1<<2)
71 #define MODBUS_TYP_COILS (1<<3)
72 #define MODBUS_TYP_WORD_ACCESS_MASK 0x30
73 #define MODBUS_TYP_INPUT (1<<4)
74 #define MODBUS_TYP_HOLDING (1<<5)
75 #define MODBUS_TYP_SINGLE (1<<6)
76 #define MODBUS_TYP_MULTIPLE (1<<7)
77 #define MODBUS_TYP_WRITE_SINGLE (MODBUS_TYP_WRITE | MODBUS_TYP_SINGLE)
78 #define MODBUS_TYP_WRITE_MULTIPLE (MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)
79 #define MODBUS_TYP_READ_WRITE_MULTIPLE (MODBUS_TYP_READ | MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)
80 
81 /* Modbus Function Code. */
82 #define MODBUS_FUNC_NONE 0x00
83 
84 /* Modbus Transaction Structure, request/response. */
85 typedef struct ModbusTransaction_ {
87 
88  uint64_t tx_num; /**< internal: id */
89  uint32_t logged; /**< flags indicating which loggers have logged */
90  uint16_t transactionId;
91  uint16_t length;
92  uint8_t unit_id;
93  uint8_t function;
94  uint8_t category;
95  uint8_t type;
96  uint8_t replied; /**< bool indicating request is replied to. */
97 
98  union {
99  uint16_t subFunction;
100  uint8_t mei;
101  struct {
102  struct {
103  uint16_t address;
104  uint16_t quantity;
105  } read;
106  struct {
107  uint16_t address;
108  uint16_t quantity;
109  uint8_t count;
110  } write;
111  };
112  };
113  uint16_t *data; /**< to store data to write, bit is converted in 16bits. */
114 
115  AppLayerDecoderEvents *decoder_events; /**< per tx events */
117  uint64_t detect_flags_ts;
118  uint64_t detect_flags_tc;
119 
122 
123 /* Modbus State Structure. */
124 typedef struct ModbusState_ {
125  TAILQ_HEAD(, ModbusTransaction_) tx_list; /**< transaction list */
126  ModbusTransaction *curr; /**< ptr to current tx */
127  uint64_t transaction_max;
128  uint32_t unreplied_cnt; /**< number of unreplied requests */
129  uint16_t events;
130  uint8_t givenup; /**< bool indicating flood. */
131 } ModbusState;
132 
133 void RegisterModbusParsers(void);
134 void ModbusParserRegisterTests(void);
135 
136 #endif /* __APP_LAYER_MODBUS_H__ */
RegisterModbusParsers
void RegisterModbusParsers(void)
Function to register the Modbus protocol parsers and other functions.
Definition: app-layer-modbus.c:1490
ModbusTransaction_::type
uint8_t type
Definition: app-layer-modbus.h:95
ModbusTransaction_::category
uint8_t category
Definition: app-layer-modbus.h:94
ModbusTransaction_::quantity
uint16_t quantity
Definition: app-layer-modbus.h:104
ModbusTransaction_::decoder_events
AppLayerDecoderEvents * decoder_events
Definition: app-layer-modbus.h:115
DetectEngineState_
Definition: detect-engine-state.h:92
ModbusState_::TAILQ_HEAD
TAILQ_HEAD(, ModbusTransaction_) tx_list
ModbusTransaction_::count
uint8_t count
Definition: app-layer-modbus.h:109
ModbusTransaction_::de_state
DetectEngineState * de_state
Definition: app-layer-modbus.h:116
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:2
ModbusTransaction_::TAILQ_ENTRY
TAILQ_ENTRY(ModbusTransaction_) next
ModbusTransaction_::logged
uint32_t logged
Definition: app-layer-modbus.h:89
ModbusTransaction_::detect_flags_ts
uint64_t detect_flags_ts
Definition: app-layer-modbus.h:117
AppLayerDecoderEvents_
Data structure to store app layer decoder events.
Definition: app-layer-events.h:34
MODBUS_DECODER_EVENT_INVALID_PROTOCOL_ID
@ MODBUS_DECODER_EVENT_INVALID_PROTOCOL_ID
Definition: app-layer-modbus.h:44
decode.h
ModbusTransaction_::length
uint16_t length
Definition: app-layer-modbus.h:91
ModbusTransaction_::read
struct ModbusTransaction_::@17::@19::@21 read
ModbusState_::transaction_max
uint64_t transaction_max
Definition: app-layer-modbus.h:127
ModbusTransaction_::data
uint16_t * data
Definition: app-layer-modbus.h:113
ModbusTransaction_
Definition: app-layer-modbus.h:85
ModbusState_::events
uint16_t events
Definition: app-layer-modbus.h:129
MODBUS_DECODER_EVENT_INVALID_VALUE
@ MODBUS_DECODER_EVENT_INVALID_VALUE
Definition: app-layer-modbus.h:49
ModbusState_::givenup
uint8_t givenup
Definition: app-layer-modbus.h:130
ModbusTransaction_::replied
uint8_t replied
Definition: app-layer-modbus.h:96
ModbusState
struct ModbusState_ ModbusState
ModbusTransaction
struct ModbusTransaction_ ModbusTransaction
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
queue.h
ModbusTransaction_::mei
uint8_t mei
Definition: app-layer-modbus.h:100
MODBUS_DECODER_EVENT_INVALID_EXCEPTION_CODE
@ MODBUS_DECODER_EVENT_INVALID_EXCEPTION_CODE
Definition: app-layer-modbus.h:50
MODBUS_DECODER_EVENT_UNSOLICITED_RESPONSE
@ MODBUS_DECODER_EVENT_UNSOLICITED_RESPONSE
Definition: app-layer-modbus.h:45
ModbusState_::curr
ModbusTransaction * curr
Definition: app-layer-modbus.h:126
ModbusTransaction_::tx_num
uint64_t tx_num
Definition: app-layer-modbus.h:88
MODBUS_DECODER_EVENT_VALUE_MISMATCH
@ MODBUS_DECODER_EVENT_VALUE_MISMATCH
Definition: app-layer-modbus.h:51
ModbusState_::unreplied_cnt
uint32_t unreplied_cnt
Definition: app-layer-modbus.h:128
ModbusTransaction_::write
struct ModbusTransaction_::@17::@19::@22 write
ModbusTransaction_::modbus
struct ModbusState_ * modbus
Definition: app-layer-modbus.h:86
ModbusTransaction_::unit_id
uint8_t unit_id
Definition: app-layer-modbus.h:92
MODBUS_DECODER_EVENT_INVALID_LENGTH
@ MODBUS_DECODER_EVENT_INVALID_LENGTH
Definition: app-layer-modbus.h:46
ModbusState_
Definition: app-layer-modbus.h:124
MODBUS_DECODER_EVENT_INVALID_FUNCTION_CODE
@ MODBUS_DECODER_EVENT_INVALID_FUNCTION_CODE
Definition: app-layer-modbus.h:48
ModbusTransaction_::transactionId
uint16_t transactionId
Definition: app-layer-modbus.h:90
ModbusTransaction_::detect_flags_tc
uint64_t detect_flags_tc
Definition: app-layer-modbus.h:118
MODBUS_DECODER_EVENT_INVALID_UNIT_IDENTIFIER
@ MODBUS_DECODER_EVENT_INVALID_UNIT_IDENTIFIER
Definition: app-layer-modbus.h:47
ModbusTransaction_::address
uint16_t address
Definition: app-layer-modbus.h:103
MODBUS_DECODER_EVENT_FLOODED
@ MODBUS_DECODER_EVENT_FLOODED
Definition: app-layer-modbus.h:52
ModbusTransaction_::subFunction
uint16_t subFunction
Definition: app-layer-modbus.h:99
ModbusParserRegisterTests
void ModbusParserRegisterTests(void)
Definition: app-layer-modbus.c:3052