suricata
app-layer-modbus.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2014 ANSSI
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  * 3. The name of the author may not be used to endorse or promote products
14  * derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
17  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
18  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
19  * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 /**
29  * \file
30  *
31  * \author David DIALLO <diallo@et.esiea.fr>
32  */
33 
34 #ifndef __APP_LAYER_MODBUS_H__
35 #define __APP_LAYER_MODBUS_H__
36 
37 #include "decode.h"
38 #include "detect-engine-state.h"
39 #include "queue.h"
40 
41 /* Modbus Application Data Unit (ADU)
42  * and Protocol Data Unit (PDU) messages */
43 enum {
53 };
54 
55 /* Modbus Function Code Categories. */
56 #define MODBUS_CAT_NONE 0x0
57 #define MODBUS_CAT_PUBLIC_ASSIGNED (1<<0)
58 #define MODBUS_CAT_PUBLIC_UNASSIGNED (1<<1)
59 #define MODBUS_CAT_USER_DEFINED (1<<2)
60 #define MODBUS_CAT_RESERVED (1<<3)
61 #define MODBUS_CAT_ALL 0xFF
62 
63 /* Modbus Read/Write function and Access Types. */
64 #define MODBUS_TYP_NONE 0x0
65 #define MODBUS_TYP_ACCESS_MASK 0x03
66 #define MODBUS_TYP_READ (1<<0)
67 #define MODBUS_TYP_WRITE (1<<1)
68 #define MODBUS_TYP_ACCESS_FUNCTION_MASK 0x3C
69 #define MODBUS_TYP_BIT_ACCESS_MASK 0x0C
70 #define MODBUS_TYP_DISCRETES (1<<2)
71 #define MODBUS_TYP_COILS (1<<3)
72 #define MODBUS_TYP_WORD_ACCESS_MASK 0x30
73 #define MODBUS_TYP_INPUT (1<<4)
74 #define MODBUS_TYP_HOLDING (1<<5)
75 #define MODBUS_TYP_SINGLE (1<<6)
76 #define MODBUS_TYP_MULTIPLE (1<<7)
77 #define MODBUS_TYP_WRITE_SINGLE (MODBUS_TYP_WRITE | MODBUS_TYP_SINGLE)
78 #define MODBUS_TYP_WRITE_MULTIPLE (MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)
79 #define MODBUS_TYP_READ_WRITE_MULTIPLE (MODBUS_TYP_READ | MODBUS_TYP_WRITE | MODBUS_TYP_MULTIPLE)
80 
81 /* Modbus Function Code. */
82 #define MODBUS_FUNC_NONE 0x00
83 
84 /* Modbus Transaction Structure, request/response. */
85 typedef struct ModbusTransaction_ {
87 
88  uint64_t tx_num; /**< internal: id */
89  uint32_t logged; /**< flags indicating which loggers have logged */
90  uint16_t transactionId;
91  uint16_t length;
92  uint8_t unit_id;
93  uint8_t function;
94  uint8_t category;
95  uint8_t type;
96  uint8_t replied; /**< bool indicating request is replied to. */
97 
98  union {
99  uint16_t subFunction;
100  uint8_t mei;
101  struct {
102  struct {
103  uint16_t address;
104  uint16_t quantity;
105  } read;
106  struct {
107  uint16_t address;
108  uint16_t quantity;
109  uint8_t count;
110  } write;
111  };
112  };
113  uint16_t *data; /**< to store data to write, bit is converted in 16bits. */
114 
115  AppLayerDecoderEvents *decoder_events; /**< per tx events */
117  uint64_t detect_flags_ts;
118  uint64_t detect_flags_tc;
119 
122 
123 /* Modbus State Structure. */
124 typedef struct ModbusState_ {
125  TAILQ_HEAD(, ModbusTransaction_) tx_list; /**< transaction list */
126  ModbusTransaction *curr; /**< ptr to current tx */
127  uint64_t transaction_max;
128  uint32_t unreplied_cnt; /**< number of unreplied requests */
129  uint16_t events;
130  uint8_t givenup; /**< bool indicating flood. */
131 } ModbusState;
132 
133 void RegisterModbusParsers(void);
134 void ModbusParserRegisterTests(void);
135 
136 #endif /* __APP_LAYER_MODBUS_H__ */
struct ModbusState_ * modbus
struct ModbusState_ ModbusState
struct ModbusTransaction_::@18::@20::@22 read
struct HtpBodyChunk_ * next
uint64_t transaction_max
uint32_t unreplied_cnt
AppLayerDecoderEvents * decoder_events
#define TAILQ_HEAD(name, type)
Definition: queue.h:321
Data structure to store app layer decoder events.
Data structures and function prototypes for keeping state for the detection engine.
void ModbusParserRegisterTests(void)
void RegisterModbusParsers(void)
Function to register the Modbus protocol parsers and other functions.
DetectEngineState * de_state
TAILQ_ENTRY(ModbusTransaction_) next
struct ModbusTransaction_::@18::@20::@23 write
ModbusTransaction * curr