From 99c4dbd7afa31b3977c84e92155c2f75215b148e Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Sun, 3 Dec 2023 16:53:59 -0600 Subject: [PATCH] modbus: move into app-layer/modbus --- src/Makefile.am | 12 +- src/app-layer-parser.c | 2 +- .../modbus/detect.c} | 5 +- .../modbus/detect.h} | 0 .../modbus/logger.c} | 3 +- .../modbus/logger.h} | 0 .../modbus/parser.c} | 793 +++++++++--------- .../modbus/parser.h} | 0 src/detect-engine-register.c | 2 +- src/output-json-alert.c | 2 +- src/output.c | 2 +- 11 files changed, 398 insertions(+), 423 deletions(-) rename src/{detect-modbus.c => app-layer/modbus/detect.c} (99%) rename src/{detect-modbus.h => app-layer/modbus/detect.h} (100%) rename src/{output-json-modbus.c => app-layer/modbus/logger.c} (98%) rename src/{output-json-modbus.h => app-layer/modbus/logger.h} (100%) rename src/{app-layer-modbus.c => app-layer/modbus/parser.c} (60%) rename src/{app-layer-modbus.h => app-layer/modbus/parser.h} (100%) diff --git a/src/Makefile.am b/src/Makefile.am index 16a067a81c74..f650ed15be20 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -34,7 +34,7 @@ noinst_HEADERS = \ app-layer-http2.h \ app-layer/ike/parser.h \ app-layer-krb5.h \ - app-layer-modbus.h \ + app-layer/modbus/parser.h \ app-layer-quic.h \ app-layer-mqtt.h \ app-layer-nfs-tcp.h \ @@ -240,7 +240,7 @@ noinst_HEADERS = \ detect-lua.h \ detect-mark.h \ detect-metadata.h \ - detect-modbus.h \ + app-layer/modbus/detect.h \ detect-quic-sni.h \ detect-quic-ua.h \ detect-quic-version.h \ @@ -415,7 +415,7 @@ noinst_HEADERS = \ app-layer/ike/logger.h \ output-json-krb5.h \ output-json-metadata.h \ - output-json-modbus.h \ + app-layer/modbus/logger.h \ output-json-quic.h \ output-json-mqtt.h \ output-json-netflow.h \ @@ -650,7 +650,7 @@ libsuricata_c_a_SOURCES = \ app-layer-http2.c \ app-layer/ike/parser.c \ app-layer-krb5.c \ - app-layer-modbus.c \ + app-layer/modbus/parser.c \ app-layer-quic.c \ app-layer-mqtt.c \ app-layer-nfs-tcp.c \ @@ -853,7 +853,7 @@ libsuricata_c_a_SOURCES = \ detect-lua-extensions.c \ detect-mark.c \ detect-metadata.c \ - detect-modbus.c \ + app-layer/modbus/detect.c \ detect-quic-sni.c \ detect-quic-ua.c \ detect-quic-version.c \ @@ -1027,7 +1027,7 @@ libsuricata_c_a_SOURCES = \ app-layer/ike/logger.c \ output-json-krb5.c \ output-json-metadata.c \ - output-json-modbus.c \ + app-layer/modbus/logger.c \ output-json-quic.c \ output-json-mqtt.c \ output-json-netflow.c \ diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index d2468f793128..8d9fb2ce97de 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -46,7 +46,7 @@ #include "app-layer-htp.h" #include "app-layer-ssl.h" #include "app-layer-ssh.h" -#include "app-layer-modbus.h" +#include "app-layer/modbus/parser.h" #include "app-layer-enip.h" #include "app-layer/dnp3/app-layer-dnp3.h" #include "app-layer-nfs-tcp.h" diff --git a/src/detect-modbus.c b/src/app-layer/modbus/detect.c similarity index 99% rename from src/detect-modbus.c rename to src/app-layer/modbus/detect.c index f4e6d4fd03ff..8c25912e2586 100644 --- a/src/detect-modbus.c +++ b/src/app-layer/modbus/detect.c @@ -47,7 +47,7 @@ #include "detect-parse.h" #include "detect-engine.h" -#include "detect-modbus.h" +#include "app-layer/modbus/detect.h" #include "util-debug.h" #include "util-byte.h" @@ -63,7 +63,8 @@ static int g_modbus_buffer_id = 0; * * \param ptr pointer to DetectModbus */ -static void DetectModbusFree(DetectEngineCtx *de_ctx, void *ptr) { +static void DetectModbusFree(DetectEngineCtx *de_ctx, void *ptr) +{ SCEnter(); if (ptr != NULL) { rs_modbus_free(ptr); diff --git a/src/detect-modbus.h b/src/app-layer/modbus/detect.h similarity index 100% rename from src/detect-modbus.h rename to src/app-layer/modbus/detect.h diff --git a/src/output-json-modbus.c b/src/app-layer/modbus/logger.c similarity index 98% rename from src/output-json-modbus.c rename to src/app-layer/modbus/logger.c index 9e508ead9acc..b5db49a3131a 100644 --- a/src/output-json-modbus.c +++ b/src/app-layer/modbus/logger.c @@ -17,7 +17,6 @@ #include "suricata-common.h" #include "detect.h" -#include "pkt-var.h" #include "conf.h" #include "threads.h" #include "threadvars.h" @@ -30,7 +29,7 @@ #include "output-json.h" #include "app-layer.h" #include "app-layer-parser.h" -#include "output-json-modbus.h" +#include "app-layer/modbus/logger.h" #include "rust.h" typedef struct LogModbusFileCtx_ { diff --git a/src/output-json-modbus.h b/src/app-layer/modbus/logger.h similarity index 100% rename from src/output-json-modbus.h rename to src/app-layer/modbus/logger.h diff --git a/src/app-layer-modbus.c b/src/app-layer/modbus/parser.c similarity index 60% rename from src/app-layer-modbus.c rename to src/app-layer/modbus/parser.c index c1edbf2d3698..7b7bae464899 100644 --- a/src/app-layer-modbus.c +++ b/src/app-layer/modbus/parser.c @@ -39,7 +39,7 @@ #include "util-debug.h" #include "app-layer-parser.h" -#include "app-layer-modbus.h" +#include "app-layer/modbus/parser.h" void ModbusParserRegisterTests(void); @@ -88,21 +88,21 @@ static uint8_t invalidFunctionCode[] = { /* Modbus Application Protocol Specification V1.1b3 6.1: Read Coils */ /* Example of a request to read discrete outputs 20-38 */ -static uint8_t readCoilsReq[] = {/* Transaction ID */ 0x00, 0x00, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x06, - /* Unit ID */ 0x00, - /* Function code */ 0x01, - /* Starting Address */ 0x78, 0x90, - /* Quantity of coils */ 0x00, 0x13 }; - -static uint8_t readCoilsRsp[] = {/* Transaction ID */ 0x00, 0x00, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x06, - /* Unit ID */ 0x00, - /* Function code */ 0x01, - /* Byte count */ 0x03, - /* Coil Status */ 0xCD, 0x6B, 0x05 }; +static uint8_t readCoilsReq[] = { /* Transaction ID */ 0x00, 0x00, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x06, + /* Unit ID */ 0x00, + /* Function code */ 0x01, + /* Starting Address */ 0x78, 0x90, + /* Quantity of coils */ 0x00, 0x13 }; + +static uint8_t readCoilsRsp[] = { /* Transaction ID */ 0x00, 0x00, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x06, + /* Unit ID */ 0x00, + /* Function code */ 0x01, + /* Byte count */ 0x03, + /* Coil Status */ 0xCD, 0x6B, 0x05 }; static uint8_t readCoilsErrorRsp[] = { /* Transaction ID */ 0x00, 0x00, @@ -116,158 +116,153 @@ static uint8_t readCoilsErrorRsp[] = { /* Modbus Application Protocol Specification V1.1b3 6.6: Write Single register */ /* Example of a request to write register 2 to 00 03 hex */ -static uint8_t writeSingleRegisterReq[] = {/* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x06, - /* Unit ID */ 0x00, - /* Function code */ 0x06, - /* Register Address */ 0x00, 0x01, - /* Register Value */ 0x00, 0x03}; - -static uint8_t invalidWriteSingleRegisterReq[] = {/* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x04, - /* Unit ID */ 0x00, - /* Function code */ 0x06, - /* Register Address */ 0x00, 0x01}; - -static uint8_t writeSingleRegisterRsp[] = {/* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x06, - /* Unit ID */ 0x00, - /* Function code */ 0x06, - /* Register Address */ 0x00, 0x01, - /* Register Value */ 0x00, 0x03}; +static uint8_t writeSingleRegisterReq[] = { /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x06, + /* Unit ID */ 0x00, + /* Function code */ 0x06, + /* Register Address */ 0x00, 0x01, + /* Register Value */ 0x00, 0x03 }; + +static uint8_t invalidWriteSingleRegisterReq[] = { /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x04, + /* Unit ID */ 0x00, + /* Function code */ 0x06, + /* Register Address */ 0x00, 0x01 }; + +static uint8_t writeSingleRegisterRsp[] = { /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x06, + /* Unit ID */ 0x00, + /* Function code */ 0x06, + /* Register Address */ 0x00, 0x01, + /* Register Value */ 0x00, 0x03 }; /* Modbus Application Protocol Specification V1.1b3 6.12: Write Multiple registers */ /* Example of a request to write two registers starting at 2 to 00 0A and 01 02 hex */ -static uint8_t writeMultipleRegistersReq[] = {/* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x0B, - /* Unit ID */ 0x00, - /* Function code */ 0x10, - /* Starting Address */ 0x00, 0x01, - /* Quantity of Registers */ 0x00, 0x02, - /* Byte count */ 0x04, - /* Registers Value */ 0x00, 0x0A, - 0x01, 0x02}; - -static uint8_t writeMultipleRegistersRsp[] = {/* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x06, - /* Unit ID */ 0x00, - /* Function code */ 0x10, - /* Starting Address */ 0x00, 0x01, - /* Quantity of Registers */ 0x00, 0x02}; +static uint8_t writeMultipleRegistersReq[] = { /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x0B, + /* Unit ID */ 0x00, + /* Function code */ 0x10, + /* Starting Address */ 0x00, 0x01, + /* Quantity of Registers */ 0x00, 0x02, + /* Byte count */ 0x04, + /* Registers Value */ 0x00, 0x0A, 0x01, 0x02 }; + +static uint8_t writeMultipleRegistersRsp[] = { /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x06, + /* Unit ID */ 0x00, + /* Function code */ 0x10, + /* Starting Address */ 0x00, 0x01, + /* Quantity of Registers */ 0x00, 0x02 }; /* Modbus Application Protocol Specification V1.1b3 6.16: Mask Write Register */ /* Example of a request to mask write to register 5 */ -static uint8_t maskWriteRegisterReq[] = {/* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x08, - /* Unit ID */ 0x00, - /* Function code */ 0x16, - /* Reference Address */ 0x00, 0x04, - /* And_Mask */ 0x00, 0xF2, - /* Or_Mask */ 0x00, 0x25}; - -static uint8_t invalidMaskWriteRegisterReq[] = {/* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x06, - /* Unit ID */ 0x00, - /* Function code */ 0x16, - /* Reference Address */ 0x00, 0x04, - /* And_Mask */ 0x00, 0xF2}; - -static uint8_t maskWriteRegisterRsp[] = {/* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x08, - /* Unit ID */ 0x00, - /* Function code */ 0x16, - /* Reference Address */ 0x00, 0x04, - /* And_Mask */ 0x00, 0xF2, - /* Or_Mask */ 0x00, 0x25}; +static uint8_t maskWriteRegisterReq[] = { /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x08, + /* Unit ID */ 0x00, + /* Function code */ 0x16, + /* Reference Address */ 0x00, 0x04, + /* And_Mask */ 0x00, 0xF2, + /* Or_Mask */ 0x00, 0x25 }; + +static uint8_t invalidMaskWriteRegisterReq[] = { /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x06, + /* Unit ID */ 0x00, + /* Function code */ 0x16, + /* Reference Address */ 0x00, 0x04, + /* And_Mask */ 0x00, 0xF2 }; + +static uint8_t maskWriteRegisterRsp[] = { /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x08, + /* Unit ID */ 0x00, + /* Function code */ 0x16, + /* Reference Address */ 0x00, 0x04, + /* And_Mask */ 0x00, 0xF2, + /* Or_Mask */ 0x00, 0x25 }; /* Modbus Application Protocol Specification V1.1b3 6.17: Read/Write Multiple registers */ /* Example of a request to read six registers starting at register 4, */ /* and to write three registers starting at register 15 */ -static uint8_t readWriteMultipleRegistersReq[] = {/* Transaction ID */ 0x12, 0x34, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x11, - /* Unit ID */ 0x00, - /* Function code */ 0x17, - /* Read Starting Address */ 0x00, 0x03, - /* Quantity to Read */ 0x00, 0x06, - /* Write Starting Address */ 0x00, 0x0E, - /* Quantity to Write */ 0x00, 0x03, - /* Write Byte count */ 0x06, - /* Write Registers Value */ 0x12, 0x34, - 0x56, 0x78, - 0x9A, 0xBC}; +static uint8_t readWriteMultipleRegistersReq[] = { /* Transaction ID */ 0x12, 0x34, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x11, + /* Unit ID */ 0x00, + /* Function code */ 0x17, + /* Read Starting Address */ 0x00, 0x03, + /* Quantity to Read */ 0x00, 0x06, + /* Write Starting Address */ 0x00, 0x0E, + /* Quantity to Write */ 0x00, 0x03, + /* Write Byte count */ 0x06, + /* Write Registers Value */ 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC }; /* Mismatch value in Byte count 0x0B instead of 0x0C */ -static uint8_t readWriteMultipleRegistersRsp[] = {/* Transaction ID */ 0x12, 0x34, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x0E, - /* Unit ID */ 0x00, - /* Function code */ 0x17, - /* Byte count */ 0x0B, - /* Read Registers Value */ 0x00, 0xFE, - 0x0A, 0xCD, - 0x00, 0x01, - 0x00, 0x03, - 0x00, 0x0D, - 0x00}; +static uint8_t readWriteMultipleRegistersRsp[] = { /* Transaction ID */ 0x12, 0x34, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x0E, + /* Unit ID */ 0x00, + /* Function code */ 0x17, + /* Byte count */ 0x0B, + /* Read Registers Value */ 0x00, 0xFE, 0x0A, 0xCD, 0x00, 0x01, 0x00, 0x03, 0x00, 0x0D, 0x00 }; /* Modbus Application Protocol Specification V1.1b3 6.8.1: 04 Force Listen Only Mode */ /* Example of a request to to remote device to its Listen Only Mode for Modbus Communications. */ -static uint8_t forceListenOnlyMode[] = {/* Transaction ID */ 0x0A, 0x00, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x06, - /* Unit ID */ 0x00, - /* Function code */ 0x08, - /* Sub-function code */ 0x00, 0x04, - /* Data */ 0x00, 0x00}; - -static uint8_t invalidProtocolIdReq[] = {/* Transaction ID */ 0x00, 0x00, - /* Protocol ID */ 0x00, 0x01, - /* Length */ 0x00, 0x06, - /* Unit ID */ 0x00, - /* Function code */ 0x01, - /* Starting Address */ 0x78, 0x90, - /* Quantity of coils */ 0x00, 0x13 }; +static uint8_t forceListenOnlyMode[] = { /* Transaction ID */ 0x0A, 0x00, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x06, + /* Unit ID */ 0x00, + /* Function code */ 0x08, + /* Sub-function code */ 0x00, 0x04, + /* Data */ 0x00, 0x00 }; + +static uint8_t invalidProtocolIdReq[] = { /* Transaction ID */ 0x00, 0x00, + /* Protocol ID */ 0x00, 0x01, + /* Length */ 0x00, 0x06, + /* Unit ID */ 0x00, + /* Function code */ 0x01, + /* Starting Address */ 0x78, 0x90, + /* Quantity of coils */ 0x00, 0x13 }; static uint8_t invalidLengthWriteMultipleRegistersReq[] = { - /* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x09, - /* Unit ID */ 0x00, - /* Function code */ 0x10, - /* Starting Address */ 0x00, 0x01, - /* Quantity of Registers */ 0x00, 0x02, - /* Byte count */ 0x04, - /* Registers Value */ 0x00, 0x0A, - 0x01, 0x02}; + /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x09, + /* Unit ID */ 0x00, + /* Function code */ 0x10, + /* Starting Address */ 0x00, 0x01, + /* Quantity of Registers */ 0x00, 0x02, + /* Byte count */ 0x04, + /* Registers Value */ 0x00, 0x0A, 0x01, 0x02 +}; static uint8_t exceededLengthWriteMultipleRegistersReq[] = { - /* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0xff, 0xfa, - /* Unit ID */ 0x00, - /* Function code */ 0x10, - /* Starting Address */ 0x00, 0x01, - /* Quantity of Registers */ 0x7f, 0xf9, - /* Byte count */ 0xff}; + /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0xff, 0xfa, + /* Unit ID */ 0x00, + /* Function code */ 0x10, + /* Starting Address */ 0x00, 0x01, + /* Quantity of Registers */ 0x7f, 0xf9, + /* Byte count */ 0xff +}; static uint8_t invalidLengthPDUWriteMultipleRegistersReq[] = { - /* Transaction ID */ 0x00, 0x0A, - /* Protocol ID */ 0x00, 0x00, - /* Length */ 0x00, 0x02, - /* Unit ID */ 0x00, - /* Function code */ 0x10}; + /* Transaction ID */ 0x00, 0x0A, + /* Protocol ID */ 0x00, 0x00, + /* Length */ 0x00, 0x02, + /* Unit ID */ 0x00, + /* Function code */ 0x10 +}; /** \test Send Modbus Read Coils request/response. */ -static int ModbusParserTest01(void) { +static int ModbusParserTest01(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; TcpSession ssn; @@ -278,15 +273,14 @@ static int ModbusParserTest01(void) { memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, readCoilsReq, - sizeof(readCoilsReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, readCoilsReq, + sizeof(readCoilsReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -298,9 +292,8 @@ static int ModbusParserTest01(void) { FAIL_IF_NOT(rs_modbus_message_get_read_request_address(&request) == 0x7890); FAIL_IF_NOT(rs_modbus_message_get_read_request_quantity(&request) == 19); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, readCoilsRsp, - sizeof(readCoilsRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, readCoilsRsp, + sizeof(readCoilsRsp)); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -312,7 +305,8 @@ static int ModbusParserTest01(void) { } /** \test Send Modbus Write Multiple registers request/response. */ -static int ModbusParserTest02(void) { +static int ModbusParserTest02(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; TcpSession ssn; @@ -323,15 +317,14 @@ static int ModbusParserTest02(void) { memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, writeMultipleRegistersReq, - sizeof(writeMultipleRegistersReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + writeMultipleRegistersReq, sizeof(writeMultipleRegistersReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -351,9 +344,8 @@ static int ModbusParserTest02(void) { FAIL_IF_NOT(data[2] == 0x01); FAIL_IF_NOT(data[3] == 0x02); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, writeMultipleRegistersRsp, - sizeof(writeMultipleRegistersRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, + writeMultipleRegistersRsp, sizeof(writeMultipleRegistersRsp)); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -365,7 +357,8 @@ static int ModbusParserTest02(void) { } /** \test Send Modbus Read/Write Multiple registers request/response with mismatch value. */ -static int ModbusParserTest03(void) { +static int ModbusParserTest03(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -383,15 +376,15 @@ static int ModbusParserTest03(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -409,10 +402,8 @@ static int ModbusParserTest03(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, - readWriteMultipleRegistersReq, - sizeof(readWriteMultipleRegistersReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + readWriteMultipleRegistersReq, sizeof(readWriteMultipleRegistersReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -437,9 +428,8 @@ static int ModbusParserTest03(void) { FAIL_IF_NOT(data[4] == 0x9A); FAIL_IF_NOT(data[5] == 0xBC); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, readWriteMultipleRegistersRsp, - sizeof(readWriteMultipleRegistersRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, + readWriteMultipleRegistersRsp, sizeof(readWriteMultipleRegistersRsp)); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -463,7 +453,8 @@ static int ModbusParserTest03(void) { } /** \test Send Modbus Force Listen Only Mode request. */ -static int ModbusParserTest04(void) { +static int ModbusParserTest04(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; TcpSession ssn; @@ -474,15 +465,14 @@ static int ModbusParserTest04(void) { memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, forceListenOnlyMode, - sizeof(forceListenOnlyMode)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + forceListenOnlyMode, sizeof(forceListenOnlyMode)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -501,7 +491,8 @@ static int ModbusParserTest04(void) { } /** \test Send Modbus invalid Protocol version in request. */ -static int ModbusParserTest05(void) { +static int ModbusParserTest05(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -519,15 +510,15 @@ static int ModbusParserTest05(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -545,9 +536,8 @@ static int ModbusParserTest05(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, invalidProtocolIdReq, - sizeof(invalidProtocolIdReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + invalidProtocolIdReq, sizeof(invalidProtocolIdReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -572,7 +562,8 @@ static int ModbusParserTest05(void) { } /** \test Send Modbus unsolicited response. */ -static int ModbusParserTest06(void) { +static int ModbusParserTest06(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -590,15 +581,15 @@ static int ModbusParserTest06(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -616,9 +607,8 @@ static int ModbusParserTest06(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, readCoilsRsp, - sizeof(readCoilsRsp)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, readCoilsRsp, + sizeof(readCoilsRsp)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -643,7 +633,8 @@ static int ModbusParserTest06(void) { } /** \test Send Modbus invalid Length request. */ -static int ModbusParserTest07(void) { +static int ModbusParserTest07(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -661,15 +652,15 @@ static int ModbusParserTest07(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -687,10 +678,8 @@ static int ModbusParserTest07(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, - invalidLengthWriteMultipleRegistersReq, - sizeof(invalidLengthWriteMultipleRegistersReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + invalidLengthWriteMultipleRegistersReq, sizeof(invalidLengthWriteMultipleRegistersReq)); FAIL_IF_NOT(r == 1); ModbusState *modbus_state = f.alstate; @@ -715,7 +704,8 @@ static int ModbusParserTest07(void) { } /** \test Send Modbus Read Coils request and error response with Exception code invalid. */ -static int ModbusParserTest08(void) { +static int ModbusParserTest08(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -733,15 +723,15 @@ static int ModbusParserTest08(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -759,9 +749,8 @@ static int ModbusParserTest08(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, readCoilsReq, - sizeof(readCoilsReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, readCoilsReq, + sizeof(readCoilsReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -774,9 +763,8 @@ static int ModbusParserTest08(void) { FAIL_IF_NOT(rs_modbus_message_get_read_request_address(&request) == 0x7890); FAIL_IF_NOT(rs_modbus_message_get_read_request_quantity(&request) == 19); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, readCoilsErrorRsp, - sizeof(readCoilsErrorRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, readCoilsErrorRsp, + sizeof(readCoilsErrorRsp)); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -800,13 +788,14 @@ static int ModbusParserTest08(void) { } /** \test Modbus fragmentation - 1 ADU over 2 TCP packets. */ -static int ModbusParserTest09(void) { +static int ModbusParserTest09(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; TcpSession ssn; - uint32_t input_len = sizeof(readCoilsReq), part2_len = 3; - uint8_t *input = readCoilsReq; + uint32_t input_len = sizeof(readCoilsReq), part2_len = 3; + uint8_t *input = readCoilsReq; FAIL_IF_NULL(alp_tctx); @@ -814,18 +803,17 @@ static int ModbusParserTest09(void) { memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, input, input_len - part2_len); + int r = AppLayerParserParse( + NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, input, input_len - part2_len); FAIL_IF_NOT(r == 1); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, input, input_len); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, input, input_len); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -842,12 +830,11 @@ static int ModbusParserTest09(void) { part2_len = 10; input = readCoilsRsp; - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, input, input_len - part2_len); + r = AppLayerParserParse( + NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, input, input_len - part2_len); FAIL_IF_NOT(r == 1); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, input, input_len); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, input, input_len); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -859,9 +846,10 @@ static int ModbusParserTest09(void) { } /** \test Modbus fragmentation - 2 ADU in 1 TCP packet. */ -static int ModbusParserTest10(void) { - uint32_t input_len = sizeof(readCoilsReq) + sizeof(writeMultipleRegistersReq); - uint8_t *input, *ptr; +static int ModbusParserTest10(void) +{ + uint32_t input_len = sizeof(readCoilsReq) + sizeof(writeMultipleRegistersReq); + uint8_t *input, *ptr; AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; @@ -869,24 +857,25 @@ static int ModbusParserTest10(void) { FAIL_IF_NULL(alp_tctx); - input = (uint8_t *) SCMalloc (input_len * sizeof(uint8_t)); + input = (uint8_t *)SCMalloc(input_len * sizeof(uint8_t)); FAIL_IF_NULL(input); memcpy(input, readCoilsReq, sizeof(readCoilsReq)); - memcpy(input + sizeof(readCoilsReq), writeMultipleRegistersReq, sizeof(writeMultipleRegistersReq)); + memcpy(input + sizeof(readCoilsReq), writeMultipleRegistersReq, + sizeof(writeMultipleRegistersReq)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, input, input_len); + int r = AppLayerParserParse( + NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, input, input_len); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -911,12 +900,13 @@ static int ModbusParserTest10(void) { input_len = sizeof(readCoilsRsp) + sizeof(writeMultipleRegistersRsp); - ptr = (uint8_t *) SCRealloc (input, input_len * sizeof(uint8_t)); + ptr = (uint8_t *)SCRealloc(input, input_len * sizeof(uint8_t)); FAIL_IF_NULL(ptr); input = ptr; memcpy(input, readCoilsRsp, sizeof(readCoilsRsp)); - memcpy(input + sizeof(readCoilsRsp), writeMultipleRegistersRsp, sizeof(writeMultipleRegistersRsp)); + memcpy(input + sizeof(readCoilsRsp), writeMultipleRegistersRsp, + sizeof(writeMultipleRegistersRsp)); r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, input, input_len); FAIL_IF_NOT(r == 0); @@ -929,7 +919,8 @@ static int ModbusParserTest10(void) { } /** \test Send Modbus exceed Length request. */ -static int ModbusParserTest11(void) { +static int ModbusParserTest11(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -955,15 +946,15 @@ static int ModbusParserTest11(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -1007,7 +998,8 @@ static int ModbusParserTest11(void) { } /** \test Send Modbus invalid PDU Length. */ -static int ModbusParserTest12(void) { +static int ModbusParserTest12(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -1025,15 +1017,15 @@ static int ModbusParserTest12(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -1051,10 +1043,9 @@ static int ModbusParserTest12(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, - invalidLengthPDUWriteMultipleRegistersReq, - sizeof(invalidLengthPDUWriteMultipleRegistersReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + invalidLengthPDUWriteMultipleRegistersReq, + sizeof(invalidLengthPDUWriteMultipleRegistersReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -1079,7 +1070,8 @@ static int ModbusParserTest12(void) { } /** \test Send Modbus Mask Write register request/response. */ -static int ModbusParserTest13(void) { +static int ModbusParserTest13(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; TcpSession ssn; @@ -1090,15 +1082,14 @@ static int ModbusParserTest13(void) { memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, maskWriteRegisterReq, - sizeof(maskWriteRegisterReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + maskWriteRegisterReq, sizeof(maskWriteRegisterReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -1111,9 +1102,8 @@ static int ModbusParserTest13(void) { FAIL_IF_NOT(rs_modbus_message_get_and_mask(&request) == 0x00F2); FAIL_IF_NOT(rs_modbus_message_get_or_mask(&request) == 0x0025); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, maskWriteRegisterRsp, - sizeof(maskWriteRegisterRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, + maskWriteRegisterRsp, sizeof(maskWriteRegisterRsp)); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -1125,7 +1115,8 @@ static int ModbusParserTest13(void) { } /** \test Send Modbus Write single register request/response. */ -static int ModbusParserTest14(void) { +static int ModbusParserTest14(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; TcpSession ssn; @@ -1136,15 +1127,14 @@ static int ModbusParserTest14(void) { memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, writeSingleRegisterReq, - sizeof(writeSingleRegisterReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + writeSingleRegisterReq, sizeof(writeSingleRegisterReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -1157,9 +1147,8 @@ static int ModbusParserTest14(void) { FAIL_IF_NOT(rs_modbus_message_get_write_address(&request) == 0x0001); FAIL_IF_NOT(rs_modbus_message_get_write_data(&request) == 0x0003); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, writeSingleRegisterRsp, - sizeof(writeSingleRegisterRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, + writeSingleRegisterRsp, sizeof(writeSingleRegisterRsp)); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -1171,7 +1160,8 @@ static int ModbusParserTest14(void) { } /** \test Send invalid Modbus Mask Write register request. */ -static int ModbusParserTest15(void) { +static int ModbusParserTest15(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -1189,15 +1179,15 @@ static int ModbusParserTest15(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -1215,9 +1205,8 @@ static int ModbusParserTest15(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, invalidMaskWriteRegisterReq, - sizeof(invalidMaskWriteRegisterReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + invalidMaskWriteRegisterReq, sizeof(invalidMaskWriteRegisterReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -1233,9 +1222,8 @@ static int ModbusParserTest15(void) { FAIL_IF_NOT(PacketAlertCheck(p, 1)); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, maskWriteRegisterRsp, - sizeof(maskWriteRegisterRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, + maskWriteRegisterRsp, sizeof(maskWriteRegisterRsp)); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -1258,7 +1246,8 @@ static int ModbusParserTest15(void) { } /** \test Send invalid Modbus Mask Write register request. */ -static int ModbusParserTest16(void) { +static int ModbusParserTest16(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -1276,15 +1265,15 @@ static int ModbusParserTest16(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -1302,10 +1291,8 @@ static int ModbusParserTest16(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, - invalidWriteSingleRegisterReq, - sizeof(invalidWriteSingleRegisterReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + invalidWriteSingleRegisterReq, sizeof(invalidWriteSingleRegisterReq)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -1326,9 +1313,8 @@ static int ModbusParserTest16(void) { FAIL_IF_NOT(PacketAlertCheck(p, 1)); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOCLIENT, writeSingleRegisterRsp, - sizeof(writeSingleRegisterRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, + writeSingleRegisterRsp, sizeof(writeSingleRegisterRsp)); FAIL_IF_NOT(r == 0); FAIL_IF_NOT(rs_modbus_state_get_tx_count(modbus_state) == 1); @@ -1348,10 +1334,12 @@ static int ModbusParserTest16(void) { StreamTcpFreeConfig(true); FLOW_DESTROY(&f); UTHFreePackets(&p, 1); - PASS;} + PASS; +} /** \test Checks if stream_depth is correct */ -static int ModbusParserTest17(void) { +static int ModbusParserTest17(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; TcpSession ssn; @@ -1362,22 +1350,22 @@ static int ModbusParserTest17(void) { memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, - readCoilsReq, sizeof(readCoilsReq)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, readCoilsReq, + sizeof(readCoilsReq)); FAIL_IF(r != 0); FAIL_IF(f.alstate == NULL); FAIL_IF(((TcpSession *)(f.protoctx))->reassembly_depth != MODBUS_CONFIG_DEFAULT_STREAM_DEPTH); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, - readCoilsRsp, sizeof(readCoilsRsp)); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, readCoilsRsp, + sizeof(readCoilsRsp)); FAIL_IF(r != 0); FAIL_IF(((TcpSession *)(f.protoctx))->reassembly_depth != MODBUS_CONFIG_DEFAULT_STREAM_DEPTH); @@ -1389,13 +1377,14 @@ static int ModbusParserTest17(void) { } /*/ \test Checks if stream depth is correct over 2 TCP packets */ -static int ModbusParserTest18(void) { +static int ModbusParserTest18(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); Flow f; TcpSession ssn; - uint32_t input_len = sizeof(readCoilsReq), part2_len = 3; - uint8_t *input = readCoilsReq; + uint32_t input_len = sizeof(readCoilsReq), part2_len = 3; + uint8_t *input = readCoilsReq; FAIL_IF_NULL(alp_tctx); @@ -1403,20 +1392,19 @@ static int ModbusParserTest18(void) { memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; StreamTcpInitConfig(true); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, - input, input_len - part2_len); + int r = AppLayerParserParse( + NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, input, input_len - part2_len); FAIL_IF(r != 1); FAIL_IF(((TcpSession *)(f.protoctx))->reassembly_depth != MODBUS_CONFIG_DEFAULT_STREAM_DEPTH); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, - input, input_len); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, input, input_len); FAIL_IF(r != 0); FAIL_IF(((TcpSession *)(f.protoctx))->reassembly_depth != MODBUS_CONFIG_DEFAULT_STREAM_DEPTH); @@ -1427,14 +1415,13 @@ static int ModbusParserTest18(void) { part2_len = 10; input = readCoilsRsp; - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, - input, input_len - part2_len); + r = AppLayerParserParse( + NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, input, input_len - part2_len); FAIL_IF(r != 1); FAIL_IF(((TcpSession *)(f.protoctx))->reassembly_depth != MODBUS_CONFIG_DEFAULT_STREAM_DEPTH); - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, - input, input_len); + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOCLIENT, input, input_len); FAIL_IF(r != 0); FAIL_IF(((TcpSession *)(f.protoctx))->reassembly_depth != MODBUS_CONFIG_DEFAULT_STREAM_DEPTH); @@ -1446,7 +1433,8 @@ static int ModbusParserTest18(void) { } /** \test Send Modbus invalid function. */ -static int ModbusParserTest19(void) { +static int ModbusParserTest19(void) +{ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); DetectEngineThreadCtx *det_ctx = NULL; Flow f; @@ -1464,15 +1452,15 @@ static int ModbusParserTest19(void) { p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); FLOW_INITIALIZE(&f); - f.alproto = ALPROTO_MODBUS; - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_MODBUS; - f.flags |= FLOW_IPV4; + f.alproto = ALPROTO_MODBUS; + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + f.alproto = ALPROTO_MODBUS; + f.flags |= FLOW_IPV4; - p->flow = &f; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; + p->flow = &f; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; StreamTcpInitConfig(true); @@ -1490,10 +1478,8 @@ static int ModbusParserTest19(void) { SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, - STREAM_TOSERVER, - invalidFunctionCode, - sizeof(invalidFunctionCode)); + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_MODBUS, STREAM_TOSERVER, + invalidFunctionCode, sizeof(invalidFunctionCode)); FAIL_IF_NOT(r == 0); ModbusState *modbus_state = f.alstate; @@ -1518,45 +1504,34 @@ static int ModbusParserTest19(void) { } #endif /* UNITTESTS */ -void ModbusParserRegisterTests(void) { +void ModbusParserRegisterTests(void) +{ #ifdef UNITTESTS - UtRegisterTest("ModbusParserTest01 - Modbus Read Coils request", - ModbusParserTest01); - UtRegisterTest("ModbusParserTest02 - Modbus Write Multiple registers request", - ModbusParserTest02); + UtRegisterTest("ModbusParserTest01 - Modbus Read Coils request", ModbusParserTest01); + UtRegisterTest( + "ModbusParserTest02 - Modbus Write Multiple registers request", ModbusParserTest02); UtRegisterTest("ModbusParserTest03 - Modbus Read/Write Multiple registers request", - ModbusParserTest03); - UtRegisterTest("ModbusParserTest04 - Modbus Force Listen Only Mode request", - ModbusParserTest04); - UtRegisterTest("ModbusParserTest05 - Modbus invalid Protocol version", - ModbusParserTest05); - UtRegisterTest("ModbusParserTest06 - Modbus unsolicited response", - ModbusParserTest06); - UtRegisterTest("ModbusParserTest07 - Modbus invalid Length request", - ModbusParserTest07); - UtRegisterTest("ModbusParserTest08 - Modbus Exception code invalid", - ModbusParserTest08); + ModbusParserTest03); + UtRegisterTest( + "ModbusParserTest04 - Modbus Force Listen Only Mode request", ModbusParserTest04); + UtRegisterTest("ModbusParserTest05 - Modbus invalid Protocol version", ModbusParserTest05); + UtRegisterTest("ModbusParserTest06 - Modbus unsolicited response", ModbusParserTest06); + UtRegisterTest("ModbusParserTest07 - Modbus invalid Length request", ModbusParserTest07); + UtRegisterTest("ModbusParserTest08 - Modbus Exception code invalid", ModbusParserTest08); UtRegisterTest("ModbusParserTest09 - Modbus fragmentation - 1 ADU in 2 TCP packets", - ModbusParserTest09); + ModbusParserTest09); UtRegisterTest("ModbusParserTest10 - Modbus fragmentation - 2 ADU in 1 TCP packet", - ModbusParserTest10); - UtRegisterTest("ModbusParserTest11 - Modbus exceeded Length request", - ModbusParserTest11); - UtRegisterTest("ModbusParserTest12 - Modbus invalid PDU Length", - ModbusParserTest12); - UtRegisterTest("ModbusParserTest13 - Modbus Mask Write register request", - ModbusParserTest13); - UtRegisterTest("ModbusParserTest14 - Modbus Write single register request", - ModbusParserTest14); - UtRegisterTest("ModbusParserTest15 - Modbus invalid Mask Write register request", - ModbusParserTest15); + ModbusParserTest10); + UtRegisterTest("ModbusParserTest11 - Modbus exceeded Length request", ModbusParserTest11); + UtRegisterTest("ModbusParserTest12 - Modbus invalid PDU Length", ModbusParserTest12); + UtRegisterTest("ModbusParserTest13 - Modbus Mask Write register request", ModbusParserTest13); + UtRegisterTest("ModbusParserTest14 - Modbus Write single register request", ModbusParserTest14); + UtRegisterTest( + "ModbusParserTest15 - Modbus invalid Mask Write register request", ModbusParserTest15); UtRegisterTest("ModbusParserTest16 - Modbus invalid Write single register request", - ModbusParserTest16); - UtRegisterTest("ModbusParserTest17 - Modbus stream depth", - ModbusParserTest17); - UtRegisterTest("ModbusParserTest18 - Modbus stream depth in 2 TCP packets", - ModbusParserTest18); - UtRegisterTest("ModbusParserTest19 - Modbus invalid Function code", - ModbusParserTest19); + ModbusParserTest16); + UtRegisterTest("ModbusParserTest17 - Modbus stream depth", ModbusParserTest17); + UtRegisterTest("ModbusParserTest18 - Modbus stream depth in 2 TCP packets", ModbusParserTest18); + UtRegisterTest("ModbusParserTest19 - Modbus invalid Function code", ModbusParserTest19); #endif /* UNITTESTS */ } diff --git a/src/app-layer-modbus.h b/src/app-layer/modbus/parser.h similarity index 100% rename from src/app-layer-modbus.h rename to src/app-layer/modbus/parser.h diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index fbc9ede3624e..41662b72fcd9 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -270,7 +270,7 @@ #include "detect-http-stat-code.h" #include "detect-ssl-version.h" #include "detect-ssl-state.h" -#include "detect-modbus.h" +#include "app-layer/modbus/detect.h" #include "detect-cipservice.h" #include "app-layer/dnp3/detect-dnp3.h" #include "app-layer/ike/detect-exch-type.h" diff --git a/src/output-json-alert.c b/src/output-json-alert.c index 75a386ee67b2..bbfeb61f535f 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -75,7 +75,7 @@ #include "output-json-rfb.h" #include "output-json-mqtt.h" #include "app-layer/ike/logger.h" -#include "output-json-modbus.h" +#include "app-layer/modbus/logger.h" #include "output-json-frame.h" #include "output-json-quic.h" diff --git a/src/output.c b/src/output.c index 410dea9c5d63..053339deae65 100644 --- a/src/output.c +++ b/src/output.c @@ -54,7 +54,7 @@ #include "log-httplog.h" #include "output-json-http.h" #include "output-json-dns.h" -#include "output-json-modbus.h" +#include "app-layer/modbus/logger.h" #include "log-tlslog.h" #include "log-tlsstore.h" #include "output-json-tls.h"