From 3dc5cebc54f0e0c002bbd371c315fef9cdfa426b Mon Sep 17 00:00:00 2001 From: helenwangjia <1573523714@qq.com> Date: Wed, 25 Oct 2023 09:22:34 +0000 Subject: [PATCH] install zeek parser with zkg install --- .../Infrastructure/edge_cron/Dockerfile | 19 +- .../broscript/CC_LINK_BASIC/cc_link_basic.evt | 20 - .../CC_LINK_BASIC/cc_link_basic.spicy | 151 -- .../CC_LINK_BASIC/cc_link_basic.zeek | 240 ---- .../broscript/CC_LINK_NOIP/cc_link_noip.evt | 63 - .../broscript/CC_LINK_NOIP/cc_link_noip.spicy | 703 --------- .../broscript/CC_LINK_NOIP/cc_link_noip.zeek | 1274 ----------------- osect_sensor/conf/local.zeek | 4 +- 8 files changed, 8 insertions(+), 2466 deletions(-) delete mode 100644 osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.evt delete mode 100755 osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.spicy delete mode 100755 osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.zeek delete mode 100644 osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.evt delete mode 100755 osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.spicy delete mode 100755 osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.zeek diff --git a/osect_sensor/Infrastructure/edge_cron/Dockerfile b/osect_sensor/Infrastructure/edge_cron/Dockerfile index aa34c92..47851b4 100755 --- a/osect_sensor/Infrastructure/edge_cron/Dockerfile +++ b/osect_sensor/Infrastructure/edge_cron/Dockerfile @@ -154,7 +154,8 @@ ENV PATH $PATH:/root/.cargo/bin # zkgパッケージ(必要なものだけ入れる) ENV PATH $PATH:/usr/local/zeek/bin # RUN zkg autoconfig -RUN zkg install --force --skiptest \ +RUN zkg refresh && \ + zkg install --force --skiptest \ # zeek-plugin-bacnet \ # zeek-plugin-enip \ # zeek-plugin-profinet \ @@ -164,7 +165,9 @@ RUN zkg install --force --skiptest \ icsnpp-modbus \ # icsnpp-bacnet \ zeek/corelight/zeek-long-connections \ - zeek-af_packet-plugin + zeek-af_packet-plugin \ + zeek-parser-CCLinkFieldBasic \ + zeek-parser-CCLinkField-CCLinkControl # spicyのコンパイル WORKDIR /home/work/ot_tools/broscript/CIFS_B/ @@ -182,12 +185,6 @@ RUN spicyz -o nbns.hlto nbns.spicy nbns.evt WORKDIR /home/work/ot_tools/broscript/SSDP/ RUN spicyz -o ssdp.hlto ssdp.spicy ssdp.evt -WORKDIR /home/work/ot_tools/broscript/CC_LINK_BASIC/ -RUN spicyz -o cc_link_basic.hlto cc_link_basic.spicy cc_link_basic.evt - -WORKDIR /home/work/ot_tools/broscript/CC_LINK_NOIP/ -RUN spicyz -o cc_link_noip.hlto cc_link_noip.spicy cc_link_noip.evt - WORKDIR /home/work RUN cp -p ot_tools/broscript/CIFS_B/CIFS_B.hlto /usr/local/zeek/lib/zeek-spicy/modules \ && cp -p ot_tools/broscript/CIFS_B/CIFS_B.zeek /usr/local/zeek/share/zeek/site \ @@ -198,11 +195,7 @@ RUN cp -p ot_tools/broscript/CIFS_B/CIFS_B.hlto /usr/local/zeek/lib/zeek-spicy/m && cp -p ot_tools/broscript/NBNS/nbns.hlto /usr/local/zeek/lib/zeek-spicy/modules \ && cp -p ot_tools/broscript/NBNS/nbns.zeek /usr/local/zeek/share/zeek/site \ && cp -p ot_tools/broscript/SSDP/ssdp.hlto /usr/local/zeek/lib/zeek-spicy/modules \ - && cp -p ot_tools/broscript/SSDP/ssdp.zeek /usr/local/zeek/share/zeek/site \ - && cp -p ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.hlto /usr/local/zeek/lib/zeek-spicy/modules \ - && cp -p ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.zeek /usr/local/zeek/share/zeek/site \ - && cp -p ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.hlto /usr/local/zeek/lib/zeek-spicy/modules \ - && cp -p ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.zeek /usr/local/zeek/share/zeek/site + && cp -p ot_tools/broscript/SSDP/ssdp.zeek /usr/local/zeek/share/zeek/site # Yafを含むバイナリファイルをコピー RUN mkdir /var/log/yaf diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.evt b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.evt deleted file mode 100644 index 3940f0a..0000000 --- a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.evt +++ /dev/null @@ -1,20 +0,0 @@ -protocol analyzer spicy::cclink_ie_field_basic over UDP: - parse originator with cclink_ie_field_basic::Packet, - parse responder with cclink_ie_field_basic::Packet, - ports { 61450/udp }; - -import cclink_ie_field_basic; - -on cclink_ie_field_basic::CyclicDataReq -> event cclink_ie_field_basic::cyclicDataReq($conn, self.dl, self.command, self.subCommand, - self.reqData.protocolVer, - self.reqData.offsetAddrInfo.cyclicInfoOffsetAddr, - self.reqData.masterNoticeInfo.protocolVer1, - self.reqData.cyclicInfo.masterID, self.reqData.cyclicInfo.groupNo, self.reqData.cyclicInfo.parameterNo, self.reqData.cyclicInfo.slaveTotalOccupiedStationCount, self.reqData.cyclicInfo.cyclicTransmissionState, self.reqData.cyclicInfo.slaveNo_slaveID - ); -on cclink_ie_field_basic::CyclicDataRes -> event cclink_ie_field_basic::cyclicDataRes($conn, self.dl, - self.resData.protocolVer, - self.resData.endCode, - self.resData.offsetAddrInfo.cyclicInfoOffsetAddr, - self.resData.slaveNoticeInfo.protocolVer1, - self.resData.cyclicInfo.slaveID, self.resData.cyclicInfo.groupNo - ); \ No newline at end of file diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.spicy b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.spicy deleted file mode 100755 index d01a2dc..0000000 --- a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.spicy +++ /dev/null @@ -1,151 +0,0 @@ -module cclink_ie_field_basic; - -import zeek; -import spicy; - -public type Packet = unit { - reserved1: uint16 &convert=Reserved1($$); - switch ( self.reserved1 ) { - Reserved1::CyclicDataReq -> rq: CyclicDataReq; - Reserved1::CyclicDataRes -> rs: CyclicDataRes; - * -> unk: Unknown; - }; - - on %done { print self; } -}; - -type Reserved1 = enum { - CyclicDataReq = 0x5000, - CyclicDataRes = 0xd000, -}; -# -------------------------------- -# cc_link_ief_basicの基本リクエスト -type CyclicDataReq = unit { - reserved2: bytes &size=1; - reserved3: bytes &size=1; - reserved4: bytes &size=2; - reserved5: bytes &size=1; - dl: uint16 &byte-order=spicy::ByteOrder::Little; - reserved6: bytes &size=2; - command: bytes &size=2; - subCommand: bytes &size=2; - reqData: ReqCyclicData; - - on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -# cc_link_ief_basicの基本リクエストのデータ部 -type ReqCyclicData = unit { - protocolVer: bytes &size=2; - reserved1: bytes &size=2; - offsetAddrInfo: OffsetAddrInfoRQ; - masterNoticeInfo: MasterNoticeInfoRQ; - cyclicInfo: CyclicInfoRQ; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -# cc_link_ief_basicの基本リクエストのデータ部の中身 -type OffsetAddrInfoRQ = unit { - cyclicInfoOffsetAddr: bytes &size=2; - reserved2: bytes &size=14; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -# cc_link_ief_basicの基本リクエストのデータ部の中身 -type MasterNoticeInfoRQ = unit { - protocolVer1: bytes &size=12; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -# cc_link_ief_basicのの基本リクエストのデータ部の中身 -type CyclicInfoRQ = unit { - masterID: bytes &size=4; - groupNo: bytes &size=1; - reserved3: bytes &size=1; - frameSequenceNo: bytes &size=2; - timeoutValue: bytes &size=2; - parallelOffTimeoutCount: bytes &size=2; - parameterNo: bytes &size=2; - slaveTotalOccupiedStationCount: uint16 &byte-order=spicy::ByteOrder::Little; - cyclicTransmissionState: bytes &size=2; - reserved: bytes &size=2; - slaveNo_slaveID: bytes &size=self.slaveTotalOccupiedStationCount * 4; - cyclicDataRWw: bytes &size=self.slaveTotalOccupiedStationCount * 64; - cyclicDataRY: bytes &size=self.slaveTotalOccupiedStationCount * 8; - demo: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; -# -------------------------------- - -# -------------------------------- -# cc_link_ief_basicの基本レスポンス -type CyclicDataRes = unit { - reserved2: bytes &size=1; - reserved3: bytes &size=1; - reserved4: bytes &size=2; - reserved5: bytes &size=1; - dl: uint16 &byte-order=spicy::ByteOrder::Little; - reserved6: bytes &size=2; - resData: ResCyclicData(self.dl); - - on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -# cc_link_ief_basicの基本レスポンスのデータ部 -type ResCyclicData = unit(dl: uint16) { - protocolVer: bytes &size=2; - endCode: bytes &size=2; - offsetAddrInfo: OffsetAddrInfoRS; - slaveNoticeInfo: SlaveNoticeInfo; - cyclicInfo: CyclicInfoRS(dl); - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -# cc_link_ief_basicのデータ部の中身 -type OffsetAddrInfoRS = unit { - cyclicInfoOffsetAddr: bytes &size=2; - reserved1: bytes &size=14; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -# cc_link_ief_basicのデータ部の中身 -type SlaveNoticeInfo = unit { - protocolVer1: bytes &size=20; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -# cc_link_ief_basicのデータ部の中身 -type CyclicInfoRS = unit(dl: uint16) { - slaveID: bytes &size=4; - groupNo: bytes &size=1; - reserved2: bytes &size=1; - frameSequenceNo: bytes &size=2; - cyclicDataRWr: bytes &size=((dl - 50) / 72) * 64; - cyclicDataRX: bytes &size=((dl - 50) / 72) * 8; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; -# -------------------------------- - -type Unknown = unit { - data: bytes &eod; - - # on %done { print self; } -}; \ No newline at end of file diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.zeek b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.zeek deleted file mode 100755 index 8eb9d60..0000000 --- a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_BASIC/cc_link_basic.zeek +++ /dev/null @@ -1,240 +0,0 @@ -module cclink_ie_field_basic; - -export { - redef enum Log::ID += { LOG }; - - type Info: record { - ## Timestamp for when the request happened. - ts: time &log &optional; - ## Unique ID for the connection. - uid: string &log &optional; - ## The connection's 4-tuple of endpoint addresses/ports. - id: conn_id &log &optional; - pdu: string &log &optional; - cmd: string &log &optional; - # ## cclink_ie_field_basic data. - # dl: int &log; - # ## cclink_ie_field_basic REQ data. - # command: string &log; - # ## cclink_ie_field_basic REQ data. - # subCommand: string &log; - # ## cclink_ie_field_basic REQ data. - # reqData_protocolVer: string &log; - # ## cclink_ie_field_basic REQ data. - # reqData_masterNoticeInfo_protocolVer1: string &log; - # ## cclink_ie_field_basic REQ data. - # reqData_cyclicInfoRQ_masterID: string &log; - # ## cclink_ie_field_basic REQ data. - # reqData_cyclicInfoRQ_groupNo: string &log; - # ## cclink_ie_field_basic REQ data. - # reqData_cyclicInfoRQ_parameterNo: string &log; - # ## cclink_ie_field_basic REQ data. - # reqData_cyclicInfoRQ_slaveTotalOccupiedStationCount: int &log; - # ## cclink_ie_field_basic REQ data. - # reqData_cyclicInfoRQ_cyclicTransmissionState: string &log; - # ## cclink_ie_field_basic REQ data. - # reqData_cyclicInfoRQ_slaveNo_slaveID: string &log; - # ## cclink_ie_field_basic RES data. - # resData_protocolVer: string &log; - # ## cclink_ie_field_basic RES data. - # resData_endCode: string &log; - # ## cclink_ie_field_basic RES data. - # resData_offsetAddrInfo_cyclicInfoOffsetAddr: string &log; - # ## cclink_ie_field_basic RES data. - # resData_slaveNoticeInfo_protocolVer1: string &log; - # ## cclink_ie_field_basic RES data. - # resData_cyclicInfo_slaveID: string &log; - # ## cclink_ie_field_basic RES data. - # resData_cyclicInfo_groupNo: string &log; - number: int &log &optional; - ts_end: time &log &optional; - - # Set to block number of final piece of data once received. - final_block: count &optional; - - # Set to true once logged. - done: bool &default=F; - }; - - ## Event that can be handled to access the cclink_ie_field_basic logging record. - global log_cclink_ie_field_basic: event(rec: Info); - - global res_endCode: table[string] of string = { ["\x00\x00"] = "nomal", - ["\xCF\x80"] = "stop",}; - - global res_cmd: table[string] of string = { ["p\x0e"] = "cyclic",}; - - type AggregationData: record { - uid: string &log &optional; - id: conn_id &log &optional; - pdu: string &log &optional; - cmd: string &log &optional; - }; - - type Ts_num: record { - ts_s: time &log; - num: int &log; - ts_e: time &log &optional; - }; - - function insert_log(res_aggregationData: table[AggregationData] of Ts_num, idx: AggregationData): interval - { - local info_insert: Info = []; - info_insert$ts = res_aggregationData[idx]$ts_s; - info_insert$uid = idx$uid; - info_insert$id = idx$id; - info_insert$pdu = idx$pdu; - if ( idx?$cmd ){ - info_insert$cmd = idx$cmd; - } - if ( res_aggregationData[idx]?$ts_e ){ - info_insert$ts_end = res_aggregationData[idx]$ts_e; - } - if ( res_aggregationData[idx]?$num ){ - info_insert$number = res_aggregationData[idx]$num; - } - # print res_aggregationData; - # print info; - Log::write(cclink_ie_field_basic::LOG, info_insert); - # res_aggregationData = {}; - return 0secs; - } - - global res_aggregationData: table[AggregationData] of Ts_num &create_expire=60sec &expire_func=insert_log; -} - -# Maps a partial data connection ID to the request's Info record. -global expected_data_conns: table[addr, port, addr] of Info; - -redef record connection += { - cclink_ie_field_basic: Info &optional; -}; - -event zeek_init() &priority=5 - { - Log::create_stream(cclink_ie_field_basic::LOG, [$columns = Info, $ev = log_cclink_ie_field_basic, $path="cclink-ief-basic"]); - } - -function create_aggregationData(info: Info): AggregationData - { - local aggregationData: AggregationData; - aggregationData$uid = info$uid; - aggregationData$id = info$id; - aggregationData$pdu = info$pdu; - if ( info?$cmd ){ - aggregationData$cmd = info$cmd; - } - - return aggregationData; - } - -function insert_res_aggregationData(aggregationData: AggregationData, info: Info): string - { - if (aggregationData in res_aggregationData){ - res_aggregationData[aggregationData]$num = res_aggregationData[aggregationData]$num + 1; - res_aggregationData[aggregationData]$ts_e = info$ts; - } else { - res_aggregationData[aggregationData] = [$ts_s = info$ts, $num = 1, $ts_e = info$ts]; - } - - return "done"; - } - -event cclink_ie_field_basic::cyclicDataReq(c: connection, dl: int, command: string, subCommand: string, - reqData_protocolVer: string, - reqData_offsetAddrInfo_cyclicInfoOffsetAddr: string, - reqData_masterNoticeInfo_protocolVer1: string, - reqData_cyclicInfoRQ_masterID: string , reqData_cyclicInfoRQ_groupNo: string , reqData_cyclicInfoRQ_parameterNo: string , reqData_cyclicInfoRQ_slaveTotalOccupiedStationCount: int , reqData_cyclicInfoRQ_cyclicTransmissionState: string, reqData_cyclicInfoRQ_slaveNo_slaveID: string - ) - { - - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$uid = c$uid; - info$id = c$id; - info$pdu = "cyclicDataReq"; - if (command in res_cmd){ - info$cmd = res_cmd[command]; - } else { - info$cmd = "unknown_ct_" + command; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(cclink_ie_field_basic::LOG, info); - # info$dl = dl; - # info$command = command; - # info$subCommand = subCommand; - # info$reqData_protocolVer = reqData_protocolVer; - # info$reqData_masterNoticeInfo_protocolVer1 = reqData_masterNoticeInfo_protocolVer1; - # info$reqData_cyclicInfoRQ_masterID = reqData_cyclicInfoRQ_masterID; - # info$reqData_cyclicInfoRQ_groupNo = reqData_cyclicInfoRQ_groupNo; - # info$reqData_cyclicInfoRQ_parameterNo = reqData_cyclicInfoRQ_parameterNo; - # info$reqData_cyclicInfoRQ_slaveTotalOccupiedStationCount = reqData_cyclicInfoRQ_slaveTotalOccupiedStationCount; - # info$reqData_cyclicInfoRQ_cyclicTransmissionState = reqData_cyclicInfoRQ_cyclicTransmissionState; - # info$reqData_cyclicInfoRQ_slaveNo_slaveID = reqData_cyclicInfoRQ_slaveNo_slaveID; - c$cclink_ie_field_basic = info; - # print fmt("Zeek saw from %s %s to %s: dl:%s command:%s subCommanda:%s %s", c$start_time, c$id$orig_h, c$id$resp_h, dl, command, subCommand, reqData_protocolVer); - } - -event cclink_ie_field_basic::cyclicDataRes(c: connection, dl: int, - resData_protocolVer: string, - resData_endCode: string, - resData_offsetAddrInfo_cyclicInfoOffsetAddr: string, - resData_slaveNoticeInfo_protocolVer1: string, - resData_cyclicInfo_slaveID: string, resData_cyclicInfo_groupNo: string - ) - { - - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$uid = c$uid; - info$id = c$id; - info$pdu = "cyclicDataRes"; - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(cclink_ie_field_basic::LOG, info); - # info$dl = dl; - # info$resData_protocolVer = resData_protocolVer; - # info$resData_endCode = res_endCode[resData_endCode]; - # info$resData_offsetAddrInfo_cyclicInfoOffsetAddr = resData_offsetAddrInfo_cyclicInfoOffsetAddr; - # info$resData_slaveNoticeInfo_protocolVer1 = resData_slaveNoticeInfo_protocolVer1; - # info$resData_cyclicInfo_slaveID = resData_cyclicInfo_slaveID; - # info$resData_cyclicInfo_groupNo = resData_cyclicInfo_groupNo; - c$cclink_ie_field_basic = info; - # print fmt("Zeek saw from %s %s to %s: dl:%s", c$start_time, c$id$orig_h, c$id$resp_h, dl); - } - -# # 集約 local debug用 -# event zeek_done() -# { -# # print "zeek_done()"; -# print res_aggregationData; -# for ( i in res_aggregationData ){ -# # print i; -# local info: Info = []; -# info$ts = res_aggregationData[i]$ts_s; -# info$uid = i$uid; -# info$id = i$id; -# info$pdu = i$pdu; -# if ( i?$cmd ){ -# info$cmd = i$cmd; -# } -# if ( res_aggregationData[i]?$ts_e ){ -# info$ts_end = res_aggregationData[i]$ts_e; -# } -# if ( res_aggregationData[i]?$num ){ -# info$number = res_aggregationData[i]$num; -# } -# # print res_aggregationData; -# # print info; -# Log::write(cclink_ie_field_basic::LOG, info); -# } -# # res_aggregationData = {}; -# # print res_aggregationData; -# } diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.evt b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.evt deleted file mode 100644 index 8f0c2f9..0000000 --- a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.evt +++ /dev/null @@ -1,63 +0,0 @@ -packet analyzer spicy::NO_IP: - parse with NO_IP::Packet; - -# field 伝送制御フレーム -# ----------------------------------- -on NO_IP::Packet::tokenM -> event raw::tokenM($packet, self.tokenM.dataType, self.tokenM.protocolVerType, self.tokenM.srcNodeNumber, self.tokenM.nodeId); -on NO_IP::Packet::persuasion -> event raw::persuasion($packet, self.persuasion.dataType, self.persuasion.protocolVerType, self.persuasion.srcNodeNumber, self.persuasion.nodeType); -on NO_IP::Packet::testData -> event raw::testData($packet, self.testData.dataType, self.testData.protocolVerType, self.testData.srcNodeNumber, self.testData.nodeType); -on NO_IP::Packet::testDataAck -> event raw::testDataAck($packet, self.testDataAck.dataType, self.testDataAck.protocolVerType, self.testDataAck.srcNodeNumber, self.testDataAck.nodeType); -on NO_IP::Packet::setup -> event raw::setup($packet, self.setup.dataType, self.setup.protocolVerType, self.setup.srcNodeNumber, self.setup.nodeId); -on NO_IP::Packet::setupAck -> event raw::setupAck($packet, self.setupAck.dataType, self.setupAck.protocolVerType, self.setupAck.srcNodeNumber); -on NO_IP::Packet::myStatus -> event raw::myStatus($packet, self.myStatus.dataType, self.myStatus.protocolVerType, self.myStatus.srcNodeNumber, self.myStatus.nodeType, self.myStatus.nodeId, self.myStatus.syncFlag); -# ----------------------------------- - -# field 同期フレーム -# ----------------------------------- -on NO_IP::Packet::measure -> event raw::measure($packet, self.measure.dataType, self.measure.protocolVerType, self.measure.srcNodeNumber, self.measure.nodeId); -on NO_IP::Packet::measureAck -> event raw::measureAck($packet, self.measureAck.dataType, self.measureAck.protocolVerType, self.measureAck.srcNodeNumber, self.measureAck.nodeId); -on NO_IP::Packet::offset -> event raw::offset($packet, self.offset.dataType, self.offset.protocolVerType, self.offset.srcNodeNumber, self.offset.nodeId); -on NO_IP::Packet::update -> event raw::update($packet, self.update.dataType, self.update.protocolVerType, self.update.srcNodeNumber, self.update.nodeId); -# ----------------------------------- - -# field サイクリック伝送フレーム -# ----------------------------------- -on NO_IP::Packet::cyclicDataRWw -> event raw::cyclicDataRWw($packet, self.cyclicDataRWw.dataType, self.cyclicDataRWw.protocolVerType, self.cyclicDataRWw.srcNodeNumber, self.cyclicDataRWw.nodeId); -on NO_IP::Packet::cyclicDataRY -> event raw::cyclicDataRY($packet, self.cyclicDataRY.dataType, self.cyclicDataRY.protocolVerType, self.cyclicDataRY.srcNodeNumber, self.cyclicDataRY.nodeId); -on NO_IP::Packet::cyclicDataRWr -> event raw::cyclicDataRWr($packet, self.cyclicDataRWr.dataType, self.cyclicDataRWr.protocolVerType, self.cyclicDataRWr.srcNodeNumber, self.cyclicDataRWr.nodeId); -on NO_IP::Packet::cyclicDataRX -> event raw::cyclicDataRX($packet, self.cyclicDataRX.dataType, self.cyclicDataRX.protocolVerType, self.cyclicDataRX.srcNodeNumber, self.cyclicDataRX.nodeId); -# ----------------------------------- - -# field トランジェント伝送フレーム -# ----------------------------------- -on NO_IP::Packet::transient1 -> event raw::transient1($packet, self.transient1.dataType, self.transient1.protocolVerType, self.transient1.srcNodeNumber, NO_IP::arrangement_transient1(self.transient1), self.transient1.connectionInfo, self.transient1.nodeId); -on NO_IP::Packet::transientAck -> event raw::transientAck($packet, self.transientAck.dataType, self.transientAck.protocolVerType, self.transientAck.srcNodeNumber, self.transientAck.connectionInfo, self.transientAck.nodeId); -on NO_IP::Packet::transient2 -> event raw::transient2($packet, self.transient2.dataType, self.transient2.protocolVerType, self.transient2.srcNodeNumber, self.transient2.connectionInfo, self.transient2.nodeId, self.transient2.ct); -on NO_IP::Packet::paramCheck -> event raw::paramCheck($packet, self.paramCheck.dataType, self.paramCheck.protocolVerType, self.paramCheck.srcNodeNumber, self.paramCheck.connectionInfo, self.paramCheck.nodeId); -on NO_IP::Packet::parameter -> event raw::parameter($packet, self.parameter.dataType, self.parameter.protocolVerType, self.parameter.srcNodeNumber, self.parameter.connectionInfo, self.parameter.nodeId); -on NO_IP::Packet::c_timer -> event raw::c_timer($packet, self.c_timer.dataType, self.c_timer.protocolVerType, self.c_timer.srcNodeNumber); -on NO_IP::Packet::ipTransient -> event raw::ipTransient($packet, self.ipTransient.dataType, self.ipTransient.protocolVerType, self.ipTransient.srcNodeNumber, self.ipTransient.connectionInfo, self.ipTransient.nodeId); -# ----------------------------------- - -# control 伝送制御フレーム -# ----------------------------------- -on NO_IP::Packet::connect -> event raw::connect($packet, self.connect.c_priority, self.connect.srcNodeNumber); -on NO_IP::Packet::connectAck -> event raw::connectAck($packet, self.connectAck.c_priority, self.connectAck.srcNodeNumber); -on NO_IP::Packet::scan -> event raw::scan($packet, self.scan.c_priority, self.scan.srcNodeNumber); -on NO_IP::Packet::collect -> event raw::collect($packet, self.collect.c_priority, self.collect.srcNodeNumber); -on NO_IP::Packet::select -> event raw::select($packet, self.select.c_priority, self.select.srcNodeNumber); -on NO_IP::Packet::launch -> event raw::launch($packet, self.launch.c_priority, self.launch.srcNodeNumber); -on NO_IP::Packet::token -> event raw::token($packet, self.token.c_priority, self.token.srcNodeNumber); -on NO_IP::Packet::dummy -> event raw::dummy($packet, self.dummy.c_priority, self.dummy.srcNodeNumber); -on NO_IP::Packet::nTNTest -> event raw::nTNTest($packet, self.nTNTest.c_priority, self.nTNTest.srcNodeNumber); -# ----------------------------------- - -# control サイクリック伝送フレーム -# ----------------------------------- -on NO_IP::Packet::cyclicDataW -> event raw::cyclicDataW($packet, self.cyclicDataW.c_priority, self.cyclicDataW.srcNodeNumber); -on NO_IP::Packet::cyclicDataB -> event raw::cyclicDataB($packet, self.cyclicDataB.c_priority, self.cyclicDataB.srcNodeNumber); -on NO_IP::Packet::cyclicDataOut1 -> event raw::cyclicDataOut1($packet, self.cyclicDataOut1.c_priority, self.cyclicDataOut1.srcNodeNumber); -on NO_IP::Packet::cyclicDataOut2 -> event raw::cyclicDataOut2($packet, self.cyclicDataOut2.c_priority, self.cyclicDataOut2.srcNodeNumber); -on NO_IP::Packet::cyclicDataIn1 -> event raw::cyclicDataIn1($packet, self.cyclicDataIn1.c_priority, self.cyclicDataIn1.srcNodeNumber); -on NO_IP::Packet::cyclicDataIn2 -> event raw::cyclicDataIn2($packet, self.cyclicDataIn2.c_priority, self.cyclicDataIn2.srcNodeNumber); -# ----------------------------------- diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.spicy b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.spicy deleted file mode 100755 index a811c32..0000000 --- a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.spicy +++ /dev/null @@ -1,703 +0,0 @@ -module NO_IP; - -# import zeek; - -public type Packet = unit { - arFType: uint8 &convert=RrFType($$); - switch ( self.arFType ) { - RrFType::TokenM -> tokenM: TokenM; - RrFType::Persuasion -> persuasion: Persuasion; - RrFType::TestData -> testData: TestData; - RrFType::TestDataAck -> testDataAck: TestDataAck; - RrFType::Setup -> setup: Setup; - RrFType::SetupAck -> setupAck: SetupAck; - RrFType::MyStatus -> myStatus: MyStatus; - RrFType::Measure -> measure: Measure; - RrFType::MeasureAck -> measureAck: MeasureAck; - RrFType::Offset -> offset: Offset; - RrFType::Update -> update: Update; - RrFType::CyclicDataRWw -> cyclicDataRWw: CyclicDataRWw; - RrFType::CyclicDataRY -> cyclicDataRY: CyclicDataRY; - RrFType::CyclicDataRWr -> cyclicDataRWr: CyclicDataRWr; - RrFType::CyclicDataRX -> cyclicDataRX: CyclicDataRX; - RrFType::Transient1 -> transient1: Transient1; - RrFType::TransientAck -> transientAck: TransientAck; - RrFType::Transient2 -> transient2: Transient2; - RrFType::ParamCheck -> paramCheck: ParamCheck; - RrFType::Parameter -> parameter: Parameter; - RrFType::c_Timer -> c_timer: c_Timer; - RrFType::IpTransient -> ipTransient: IpTransient; - RrFType::Connect -> connect: Connect; - RrFType::ConnectAck -> connectAck: ConnectAck; - RrFType::Scan -> scan: Scan; - RrFType::Collect -> collect: Collect; - RrFType::Select -> select: Select; - RrFType::Launch -> launch: Launch; - RrFType::Token -> token: Token; - RrFType::Dummy -> dummy: Dummy; - RrFType::NTNTest -> nTNTest: NTNTest; - RrFType::CyclicDataW -> cyclicDataW: CyclicDataW; - RrFType::CyclicDataB -> cyclicDataB: CyclicDataB; - RrFType::CyclicDataOut1 -> cyclicDataOut1: CyclicDataOut1; - RrFType::CyclicDataOut2 -> cyclicDataOut2: CyclicDataOut2; - RrFType::CyclicDataIn1 -> cyclicDataIn1: CyclicDataIn1; - RrFType::CyclicDataIn2 -> cyclicDataIn2: CyclicDataIn2; - * -> unk: Unknown; - }; - on %done { print self;} -}; - -type RrFType = enum { - TokenM = 0x15, - Persuasion = 0x10, - TestData = 0x11, - TestDataAck = 0x12, - Setup = 0x13, - SetupAck = 0x14, - MyStatus = 0x20, - Measure = 0x40, - MeasureAck = 0x41, - Offset = 0x42, - Update = 0x43, - CyclicDataRWw = 0x82, - CyclicDataRY = 0x83, - CyclicDataRWr = 0x84, - CyclicDataRX = 0x85, - Transient1 = 0x22, - TransientAck = 0x23, - Transient2 = 0x25, - ParamCheck = 0x28, - Parameter = 0x29, - c_Timer = 0x1c, - IpTransient = 0x26, - Connect = 0x00, - ConnectAck = 0x01, - Scan = 0x02, - Collect = 0x03, - Select = 0x04, - Launch = 0x05, - Token = 0x06, - Dummy = 0x24, - NTNTest = 0x2f, - CyclicDataW = 0x80, - CyclicDataB = 0x81, - CyclicDataOut1 = 0x8c, - CyclicDataOut2 = 0x8d, - CyclicDataIn1 = 0x8e, - CyclicDataIn2 = 0x8f, -}; - -# field 伝送制御フレーム -# ----------------------------------- -type TokenM = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Persuasion = unit { - dataType: bytes &size=1; - persPriority: bytes &size=3; - nodeType: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type TestData = unit { - dataType: bytes &size=1; - persPriority: bytes &size=3; - nodeType: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type TestDataAck = unit { - dataType: bytes &size=1; - persPriority: bytes &size=3; - nodeType: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Setup = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type SetupAck = unit { - dataType: bytes &size=1; - reserved1: bytes &size=4; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type MyStatus = unit { - dataType: bytes &size=1; - nodeId: uint16; - syncFlag: bytes &size=1; - nodeType: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; -# ----------------------------------- - -# field 同期フレーム -# ----------------------------------- -type Measure = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type MeasureAck = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Offset = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Update = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; -# ----------------------------------- - -# field サイクリック伝送フレーム -# ----------------------------------- -type CyclicDataRWw = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type CyclicDataRY = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type CyclicDataRWr = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type CyclicDataRX = unit { - dataType: bytes &size=1; - nodeId: uint16; - reserved2: bytes &size=2; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; -# ----------------------------------- - -# field トランジェント伝送フレーム -# ----------------------------------- -# ------------------------------------------ -public function arrangement_transient1(msg: NO_IP::Transient1): - tuple< - command_7: bytes, - sub_command_7: bytes, - command_8: bytes, - sub_command_8: bytes, - ct: bytes - >{ - - local command_7: bytes; - local subCommand_7: bytes; - local command_8: bytes; - local subCommand_8: bytes; - local ct: bytes; - - if (msg?.common){ - print msg.common; - ct = msg.common.ct; - } - if (msg?.ie_field){ - print msg.ie_field; - command_7 = msg.ie_field.command; - subCommand_7 = msg.ie_field.subCommand; - } - - if (msg?.ie_field_motion){ - print msg.ie_field_motion; - command_8 = msg.ie_field_motion.command; - subCommand_8 = msg.ie_field_motion.subCommand; - } - - return ( - command_7, - subCommand_7, - command_8, - subCommand_8, - ct, - ); -} - -type Transient1 = unit { - dataType: uint8; - nodeId: uint16; - connectionInfo: bytes &size=1; - reserved4: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - traMsgHeader: bytes &size=16; - switch ( self.dataType ) { - 0x05 -> common: Common; - 0x07 -> ie_field: Ie_field; - 0x08 -> ie_field_motion: Ie_field_motion; - }; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type DataType = enum { - Common = 0x05, - Ie_field = 0x07, - Ie_field_motion = 0x08, -}; - -type Common = unit { - : bytes &size=22; - ct : bytes &size=1; - except_data : bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; - -type Ie_field = unit { - command : bytes &size=1; - subCommand : bytes &size=1; - except_data : bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self; create_options(self);} -}; - -type Ie_field_motion = unit { - command : bytes &size=1; - subCommand : bytes &size=1; - except_data : bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - # on %done { print self;} -}; -# ------------------------------------------ - -type TransientAck = unit { - dataType: bytes &size=1; - nodeId: uint16; - connectionInfo: bytes &size=1; - reserved4: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Transient2 = unit { - dataType: bytes &size=1; - nodeId: uint16; - connectionInfo: bytes &size=1; - reserved4: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - : bytes &size=22; - ct: bytes &size=1; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type ParamCheck = unit { - dataType: bytes &size=1; - nodeId: uint16; - connectionInfo: bytes &size=1; - reserved4: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Parameter = unit { - dataType: bytes &size=1; - nodeId: uint16; - connectionInfo: bytes &size=1; - reserved4: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type c_Timer = unit { - dataType: bytes &size=1; - reserved1: bytes &size=4; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type IpTransient = unit { - dataType: bytes &size=1; - nodeId: uint16; - connectionInfo: bytes &size=1; - reserved4: bytes &size=1; - srcNodeNumber: bytes &size=2; - protocolVerType: bytes &size=1; - reserved: bytes &size=1; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; -# ----------------------------------- - -# control 伝送制御フレーム -# ----------------------------------- -type Connect = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type ConnectAck = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Scan = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Collect = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Select = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Launch = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Token = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type Dummy = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type NTNTest = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; -# ----------------------------------- - -# control サイクリック伝送フレーム -# ----------------------------------- -type CyclicDataW = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type CyclicDataB = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type CyclicDataOut1 = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type CyclicDataOut2 = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type CyclicDataIn1 = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; - -type CyclicDataIn2 = unit { - c_priority: bytes &size=1; - scanNumber: bytes &size=3; - reserved1: bytes &size=1; - srcNodeNumber: bytes &size=2; - reserved2: bytes &size=2; - hec: bytes &size=4; - except_Header: bytes &eod; - - # on %done { print self; zeek::confirm_protocol();} - on %done { print self;} -}; -# ----------------------------------- - -type Unknown = unit { - data: bytes &eod; - - # on %done { print self; } -}; diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.zeek b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.zeek deleted file mode 100755 index 4802461..0000000 --- a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/broscript/CC_LINK_NOIP/cc_link_noip.zeek +++ /dev/null @@ -1,1274 +0,0 @@ -module PacketAnalyzer::SPICY_RAWLAYER; -module NO_IP; - -export { - redef enum Log::ID += { LOG }; - - type Info: record { - ts: time &log &optional; - src_mac: string &log &optional; - dst_mac: string &log &optional; - service: string &log &optional; - pdu_type: string &log &optional; - cmd: string &log &optional; - node_type: string &log &optional; - node_id: int &log &optional; - connection_info:string &log &optional; - src_node_number:string &log &optional; - number: int &log &optional; - ts_end: time &log &optional; - }; - - global res_nodetype_control: table[string] of string = { ["\x00"] = "management node", - ["\x02"] = "normal node", - ["!"] = "master node in the Node-to-node test",}; - - global res_nodetype_field: table[string] of string = { ["0"] = "master node", - ["2"] = "local node", - ["3"] = "intelligent device node", - ["4"] = "remote device node", - ["5"] = "remote I/O node",}; - - global res_ct_1: table[string] of string = { ["0"] = "slmpTransmitRequest", - ["\xb0"] = "slmpTransmitResponse",}; - - global res_ct_2_field: table[string] of string = { ["\x04"] = "getMemoryAccessInfo", - ["\x08"] = "run", - ["\x09"] = "stop", - ["\x10"] = "readMemory", - ["\x12"] = "writeMemory", - ["\x20"] = "messageTransfer",}; - - global res_ct_2_control: table[string] of string = { ["\x04"] = "getMemoryAccessInfo", - ["\x08"] = "run", - ["\x09"] = "stop", - ["\x10"] = "readMemory", - ["\x12"] = "writeMemory",}; - - global res_command_7: table[string] of string = { ["\x01"] = "deliverNodeInformation", - ["\x03"] = "getStatisticalInformation", - ["\x04"] = "acquiresDetailedNodeInformation", - ["\x0a"] = "acquiresOptionalInformation",}; - - global res_command_8: table[string] of string = { ["\x01"] = "communicationCycleSetting", - ["\x02"] = "objectRead", - ["\x03"] = "objectWrite",}; - - global res_subCommand: table[string] of string = { ["\x80"] = "Response", - ["\x00"] = "Request",}; - - type AggregationData: record { - src_mac: string &log &optional; - dst_mac: string &log &optional; - service: string &log &optional; - pdu_type: string &log &optional; - cmd: string &log &optional; - node_type: string &log &optional; - node_id: int &log &optional; - connection_info:string &log &optional; - src_node_number:string &log &optional; - }; - - type Ts_num: record { - ts_s: time &log; - num: int &log; - ts_e: time &log &optional; - }; - - function insert_log(res_aggregationData: table[AggregationData] of Ts_num, idx: AggregationData): interval - { - local info_insert: Info = []; - info_insert$ts = res_aggregationData[idx]$ts_s; - info_insert$src_mac = idx$src_mac; - info_insert$dst_mac = idx$dst_mac; - info_insert$service = idx$service; - info_insert$pdu_type = idx$pdu_type; - if ( idx?$cmd ){ - info_insert$cmd = idx$cmd; - } - if ( idx?$node_type ){ - info_insert$node_type = idx$node_type; - } - if ( idx?$node_id ){ - info_insert$node_id = idx$node_id; - } - if ( idx?$connection_info ){ - info_insert$connection_info = idx$connection_info; - } - if ( idx?$src_node_number ){ - info_insert$src_node_number = idx$src_node_number; - } - if ( res_aggregationData[idx]?$ts_e ){ - info_insert$ts_end = res_aggregationData[idx]$ts_e; - } - if ( res_aggregationData[idx]?$num ){ - info_insert$number = res_aggregationData[idx]$num; - } - # print res_aggregationData; - # print info; - Log::write(NO_IP::LOG, info_insert); - # res_aggregationData = {}; - return 0secs; - } - - global res_aggregationData: table[AggregationData] of Ts_num &create_expire=60sec &expire_func=insert_log; -} - -event zeek_init() &priority=5 - { - # local f = Log::get_filter(Conn::LOG, "default"); - # f$interv = 1 min; - # Log::add_filter(NO_IP::LOG, f); - # insert_log(res_aggregationData, "test"); - Log::create_stream(NO_IP::LOG, [$columns = Info, $path="cclink-ie"]); - } - -event zeek_init() - { - if ( ! PacketAnalyzer::try_register_packet_analyzer_by_name("Ethernet", 0x890f, "spicy::NO_IP") ) - print "cannot register raw layer analyzer"; - } - -function create_aggregationData(info: Info): AggregationData - { - local aggregationData: AggregationData; - aggregationData$src_mac = info$src_mac; - aggregationData$dst_mac = info$dst_mac; - aggregationData$pdu_type = info$pdu_type; - if ( info?$cmd ){ - aggregationData$cmd = info$cmd; - } - if ( info?$node_type ){ - aggregationData$node_type = info$node_type; - } - if ( info?$node_id ){ - aggregationData$node_id = info$node_id; - } - if ( info?$connection_info ){ - aggregationData$connection_info = info$connection_info; - } - if ( info?$src_node_number ){ - aggregationData$src_node_number = info$src_node_number; - } - aggregationData$service = info$service; - - return aggregationData; - } - -function insert_res_aggregationData(aggregationData: AggregationData, info: Info): string - { - if (aggregationData in res_aggregationData){ - res_aggregationData[aggregationData]$num = res_aggregationData[aggregationData]$num + 1; - res_aggregationData[aggregationData]$ts_e = info$ts; - } else { - res_aggregationData[aggregationData] = [$ts_s = info$ts, $num = 1, $ts_e = info$ts]; - } - - return "done"; - } - -# field 伝送制御フレーム -# ----------------------------------- -event raw::tokenM(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "tokenM"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::persuasion(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodetype: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "persuasion"; - if ( protocolVerType == "\x00" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - if (nodetype in res_nodetype_control){ - info$node_type = res_nodetype_control[nodetype]; - } else { - info$node_type = "unknownNodetype" + nodetype; - } - info$service = "cclink_ie_control"; - } - else if ( protocolVerType == "\x01" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - if (nodetype in res_nodetype_field){ - info$node_type = res_nodetype_field[nodetype]; - } else { - info$node_type = "unknownNodetype" + nodetype; - } - info$service = "cclink_ie_field"; - } else { - info$service = "unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::testData(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodetype: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "testData"; - if ( protocolVerType == "\x00" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - if (nodetype in res_nodetype_control){ - info$node_type = res_nodetype_control[nodetype]; - } else { - info$node_type = "unknownNodetype" + nodetype; - } - info$service = "cclink_ie_control"; - } - else if ( protocolVerType == "\x01" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - if (nodetype in res_nodetype_field){ - info$node_type = res_nodetype_field[nodetype]; - } else { - info$node_type = "unknownNodetype" + nodetype; - } - info$service = "cclink_ie_field"; - } else { - info$service = "unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::testDataAck(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodetype: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - if ( protocolVerType == "\x00" ) - { - info$pdu_type = "testDataAck"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - if (nodetype in res_nodetype_control){ - info$node_type = res_nodetype_control[nodetype]; - } else { - info$node_type = "unknownNodetype" + nodetype; - } - info$service = "cclink_ie_control"; - } - else if ( protocolVerType == "\x01" ) - { - info$pdu_type = "testDataAck"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - if (nodetype in res_nodetype_field){ - info$node_type = res_nodetype_field[nodetype]; - } else { - info$node_type = "unknownNodetype" + nodetype; - } - info$service = "cclink_ie_field"; - } else { - info$service = "unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::setup(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "setup"; - if ( protocolVerType == "\x00" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - info$service="cclink_ie_control"; - } - else if ( protocolVerType == "\x01" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - info$service="cclink_ie_field"; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::setupAck(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "setupAck"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::myStatus(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodetype: string, nodeId: int, connectionInfo: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "myStatus"; - if ( protocolVerType == "\x00" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - info$service = "cclink_ie_control"; - } - else if ( protocolVerType == "\x01" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - if (nodetype in res_nodetype_field){ - info$node_type = res_nodetype_field[nodetype]; - } else { - info$node_type = "unknownNodetype" + nodetype; - } - info$service = "cclink_ie_field"; - } else { - info$service = "unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } -# ----------------------------------- - -# field 同期フレーム -# ----------------------------------- -event raw::measure(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "measure"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::measureAck(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "measureAck"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::offset(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "offset"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::update(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "update"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } -# ----------------------------------- - -# field サイクリック伝送フレーム -# ----------------------------------- -event raw::cyclicDataRWw(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataRWw"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::cyclicDataRY(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataRY"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::cyclicDataRWr(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataRWr"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::cyclicDataRX(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataRX"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } -# ----------------------------------- - -# field トランジェント伝送フレーム -# ----------------------------------- -type Transient1Data: record { - command_7: string; - subCommand_7: string; - command_8: string; - subCommand_8: string; - ct: string; -}; - -event raw::transient1(p: raw_pkt_hdr, dataType: int, protocolVerType: string, srcNodeNumber: string, data: Transient1Data, connectionInfo: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "transient1"; - - if ( protocolVerType == "\x00" ){ - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$connection_info="0x" + string_to_ascii_hex(connectionInfo); - info$node_id=nodeId; - info$service = "cclink_ie_control"; - } else if ( protocolVerType == "\x01" ){ - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$connection_info="0x" + string_to_ascii_hex(connectionInfo); - info$node_id=nodeId; - if (dataType == 5){ - if (data$ct in res_ct_1){ - info$cmd = res_ct_1[data$ct]; - } else { - info$cmd = "unknownCt" + data$ct; - } - } else if (dataType == 7){ - if (data$command_7 in res_command_7 && data$subCommand_7 in res_subCommand){ - info$cmd = res_command_7[data$command_7] + res_subCommand[data$subCommand_7]; - } else { - info$cmd = "unknownCmd" + data$command_7 + data$subCommand_7; - } - } else if (dataType == 8){ - if (data$command_8 in res_command_8 && data$subCommand_8 in res_subCommand){ - info$cmd = res_command_8[data$command_8] + res_subCommand[data$subCommand_8]; - } else { - info$cmd = "unknownCmd" + data$command_8 + data$subCommand_8; - } - } - info$service = "cclink_ie_field"; - } else { - info$service = "unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s %s", p$l2$src, p$l2$dst, data); - # print "raw data", dataType; - } - -event raw::transientAck(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, connectionInfo: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "transientAck"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$connection_info="0x" + string_to_ascii_hex(connectionInfo); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::transient2(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, connectionInfo: string, nodeId: int, ct: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "transient2"; - if ( protocolVerType == "\x00" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$connection_info="0x" + string_to_ascii_hex(connectionInfo); - info$node_id=nodeId; - if (ct in res_ct_2_control){ - info$cmd = res_ct_2_control[ct]; - } else { - info$cmd = "unknownCt" + ct; - } - info$service = "cclink_ie_control"; - } - else if ( protocolVerType == "\x01" ) - { - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$connection_info="0x" + string_to_ascii_hex(connectionInfo); - info$node_id=nodeId; - if (ct in res_ct_2_field){ - info$cmd = res_ct_2_field[ct]; - } else { - info$cmd = "unknownCt" + ct; - } - info$service = "cclink_ie_field"; - } else { - info$service = "unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::paramCheck(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, connectionInfo: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "paramCheck"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$connection_info="0x" + string_to_ascii_hex(connectionInfo); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::parameter(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, connectionInfo: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "parameter"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$connection_info="0x" + string_to_ascii_hex(connectionInfo); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::c_timer(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "timer"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } - -event raw::ipTransient(p: raw_pkt_hdr, dataType: string, protocolVerType: string, srcNodeNumber: string, connectionInfo: string, nodeId: int) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "ipTransient"; - if ( protocolVerType == "\x00" ) - { - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - } - else if ( protocolVerType == "\x01" ) - { - info$service="cclink_ie_field"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - info$connection_info="0x" + string_to_ascii_hex(connectionInfo); - info$node_id=nodeId; - } else { - info$service="unknownProtocolVerType" + protocolVerType; - } - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", protocolVerType; - } -# ----------------------------------- - -# control 伝送制御フレーム -# ----------------------------------- -event raw::connect(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "connect"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::connectAck(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "connectAck"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::scan(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "scan"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::collect(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "collect"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::select(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "select"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::launch(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "launch"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::token(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "token"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::dummy(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "dummy"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::nTNTest(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "nTNTest"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } -# ----------------------------------- - -# control サイクリック伝送フレーム -# ----------------------------------- -event raw::cyclicDataW(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataW"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::cyclicDataB(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataB"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::cyclicDataOut1(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataOut1"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::cyclicDataOut2(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataOut2"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::cyclicDataIn1(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataIn1"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } - -event raw::cyclicDataIn2(p: raw_pkt_hdr, c_priority: string, srcNodeNumber: string) - { - local info: Info; - local aggregationData: AggregationData; - info$ts = network_time(); - info$src_mac = p$l2$src; - info$dst_mac = p$l2$dst; - info$pdu_type = "cyclicDataIn2"; - info$service="cclink_ie_control"; - info$src_node_number="0x" + string_to_ascii_hex(srcNodeNumber); - - aggregationData = create_aggregationData(info); - insert_res_aggregationData(aggregationData, info); - - # Log::write(NO_IP::LOG, info); - # print fmt("MACs: src=%s dst=%s", p$l2$src, p$l2$dst); - # print "raw data", c_priority; - } -# ----------------------------------- - -# 集約 local debug用 -#event zeek_done() -# { -# # print "zeek_done()"; -# # print res_aggregationData; -# for ( i in res_aggregationData ){ -# # print i; -# local info: Info = []; -# info$ts = res_aggregationData[i]$ts_s; -# info$src_mac = i$src_mac; -# info$dst_mac = i$dst_mac; -# info$service = i$service; -# info$pdu_type = i$pdu_type; -# if ( i?$cmd ){ -# info$cmd = i$cmd; -# } -# if ( i?$node_type ){ -# info$node_type = i$node_type; -# } -# if ( i?$node_id ){ -# info$node_id = i$node_id; -# } -# if ( i?$connection_info ){ -# info$connection_info = i$connection_info; -# } -# if ( i?$src_node_number ){ -# info$src_node_number = i$src_node_number; -# } -# if ( res_aggregationData[i]?$ts_e ){ -# info$ts_end = res_aggregationData[i]$ts_e; -# } -# if ( res_aggregationData[i]?$num ){ -# info$number = res_aggregationData[i]$num; -# } -# # print res_aggregationData; -# # print info; -# Log::write(NO_IP::LOG, info); -# } -# Log::write(NO_IP::LOG, [$ts = network_time()]); -# Log::write(NO_IP::LOG, [$ts = network_time()]); -# # res_aggregationData = {}; -# # print res_aggregationData; -# } diff --git a/osect_sensor/conf/local.zeek b/osect_sensor/conf/local.zeek index 875328f..13832bb 100755 --- a/osect_sensor/conf/local.zeek +++ b/osect_sensor/conf/local.zeek @@ -121,13 +121,13 @@ redef LogAscii::enable_utf_8 = F; #@load icsnpp-modbus @load zeek-long-connections @load zeek-af_packet-plugin +@load zeek-parser-CCLinkFieldBasic +@load zeek-parser-CCLinkField-CCLinkControl @load CIFS_B @load MYDHCP @load dhcpv6 @load nbns @load ssdp -@load cc_link_basic -@load cc_link_noip # セッション接続されたままパケットが1分以上流れない場合はセッションを閉じる redef Conn::analyzer_inactivity_timeouts += {