[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.1beta2-3-g55c5081
OISF Git
noreply at openinfosecfoundation.org
Thu Nov 6 15:46:17 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 55c50812407556c1276c3e6b6f7e98e869427214 (commit)
via b3bf2f99394158285caae51e9773f519318b54ad (commit)
via 5a0409959f418027b41f5c75f30d3b03cc9dab14 (commit)
from 0b28943487424f4831072a7161b33ebb5fc22211 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 55c50812407556c1276c3e6b6f7e98e869427214
Author: DIALLO David <diallo at et.esiea.fr>
Date: Tue Jul 22 09:49:58 2014 +0200
Detect-engine: Add Modbus detection engine
Management of Modbus Tx
Based on DNS source code.
Signed-off-by: David DIALLO <diallo at et.esia.fr>
commit b3bf2f99394158285caae51e9773f519318b54ad
Author: DIALLO David <diallo at et.esiea.fr>
Date: Thu Aug 14 16:53:30 2014 +0200
Detect: Add Modbus keyword management
Add the modbus.function and subfunction) keywords for public function match in rules (Modbus layer).
Matching based on code function, and if necessary, sub-function code
or based on category (assigned, unassigned, public, user or reserved)
and negation is permitted.
Add the modbus.access keyword for read/write Modbus function match in rules (Modbus layer).
Matching based on access type (read or write),
and/or function type (discretes, coils, input or holding)
and, if necessary, read or write address access,
and, if necessary, value to write.
For address and value matching, "<", ">" and "<>" is permitted.
Based on TLS source code and file size source code (address and value matching).
Signed-off-by: David DIALLO <diallo at et.esia.fr>
commit 5a0409959f418027b41f5c75f30d3b03cc9dab14
Author: DIALLO David <diallo at et.esiea.fr>
Date: Wed Jul 23 11:12:59 2014 +0200
App-layer: Add Modbus protocol parser
Decode Modbus request and response messages, and extracts
MODBUS Application Protocol header and the code function.
In case of read/write function, extracts message contents
(read/write address, quantity, count, data to write).
Links request and response messages in a transaction according to
Transaction Identifier (transaction management based on DNS source code).
MODBUS Messaging on TCP/IP Implementation Guide V1.0b
(http://www.modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf)
MODBUS Application Protocol Specification V1.1b3
(http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf)
Based on DNS source code.
Signed-off-by: David DIALLO <diallo at et.esia.fr>
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 1 +
rules/Makefile.am | 1 +
rules/modbus-events.rules | 18 +
src/Makefile.am | 3 +
src/app-layer-modbus.c | 2401 ++++++++++++++++++++
src/app-layer-modbus.h | 128 ++
src/app-layer-parser.c | 2 +
src/app-layer-protos.h | 1 +
src/detect-engine-modbus.c | 1345 +++++++++++
...ayer-tls-handshake.h => detect-engine-modbus.h} | 19 +-
src/detect-engine-state.h | 1 +
src/detect-engine.c | 22 +-
src/detect-modbus.c | 895 ++++++++
src/{detect-tls.h => detect-modbus.h} | 42 +-
src/detect-parse.c | 2 +
src/detect.c | 2 +
src/detect.h | 2 +
src/runmode-unittests.c | 2 +
src/util-error.c | 1 +
src/util-error.h | 1 +
suricata.yaml.in | 16 +
21 files changed, 4882 insertions(+), 23 deletions(-)
create mode 100644 rules/modbus-events.rules
create mode 100644 src/app-layer-modbus.c
create mode 100644 src/app-layer-modbus.h
create mode 100644 src/detect-engine-modbus.c
copy src/{app-layer-tls-handshake.h => detect-engine-modbus.h} (75%)
create mode 100644 src/detect-modbus.c
copy src/{detect-tls.h => detect-modbus.h} (52%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list