policy/protocols/modbus/track-memmap.bro

Modbus

This script tracks the memory map of holding (read/write) registers and logs changes as they are discovered.

Todo

Not all register read and write functions are supported yet.

Namespace:Modbus
Imports:base/protocols/modbus, base/utils/directions-and-hosts.bro
Source File:/scripts/policy/protocols/modbus/track-memmap.bro

Summary

Options

Modbus::track_memmap: Host &redef The hosts that should have memory mapping enabled.

State Variables

Modbus::device_registers: table The memory map of slaves is tracked with this variable.

Types

Modbus::MemmapInfo: record  
Modbus::RegisterValue: record  
Modbus::Registers: table Indexed on the device register value and yielding the register value.

Redefinitions

Log::ID: enum  
Modbus::Info: record  

Events

Modbus::changed_register: event This event is generated every time a register is seen to be different than it was previously seen to be.

Detailed Interface

Options

Modbus::track_memmap
Type:Host
Attributes:&redef
Default:ALL_HOSTS

The hosts that should have memory mapping enabled.

State Variables

Modbus::device_registers
Type:table [addr] of Modbus::Registers
Default:{}

The memory map of slaves is tracked with this variable.

Types

Modbus::MemmapInfo
Type:

record

ts: time &log

Timestamp for the detected register change.

uid: string &log

Unique ID for the connection.

id: conn_id &log

Connection ID.

register: count &log

The device memory offset.

old_val: count &log

The old value stored in the register.

new_val: count &log

The new value stored in the register.

delta: interval &log

The time delta between when the old_val and new_val were seen.

Modbus::RegisterValue
Type:

record

last_set: time

value: count

Modbus::Registers
Type:table [count] of Modbus::RegisterValue

Indexed on the device register value and yielding the register value.

Events

Modbus::changed_register
Type:event (c: connection, register: count, old_val: count, new_val: count, delta: interval)

This event is generated every time a register is seen to be different than it was previously seen to be.

Copyright 2016, The Bro Project. Last updated on December 11, 2017. Created using Sphinx 1.5.2.