Improve Modbus/TCP dissector, Part 1

This is a portion of the patch supplied in bug 7902 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7902). Breaking the functionality up into smaller chunks. This definitively breaks the Modbus dissection into 3 dissectors: Modbus - real protocol PDU Modbus/TCP - Encapsulation of Modbus over TCP (with a small header before PDU) Modbus RTU - Originally an encapsulation of Modbus over serial (with smaller header + CRC), but can also be sent over TCP. General cleanup/refactoring (including display filter names) based on the 3 dissectors. Also included: 1. Enhanced dissection to include preferences for register data to be dissected as UINT16, UINT32 or FLOAT 2. Dynamic port registration 3. Additional fields now filterable svn path=/trunk/; revision=45793
2012-10-26 02:15:20 +00:00 · 2012-10-26 02:15:20 +00:00 · 1fe105a5ab
parent 361aedec1f
commit 1fe105a5ab
3 changed files with 831 additions and 253 deletions
--- a/epan/dissectors/packet-cip.c
+++ b/epan/dissectors/packet-cip.c
@ -4733,6 +4733,7 @@ dissect_cip_mb_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, int item_
   tvbuff_t *next_tvb;
   int req_path_size;
   guint8 gen_status, add_stat_size, service;
+   modbus_request_info_t* request_info;

   col_set_str(pinfo->cinfo, COL_PROTOCOL, "CIP MB");

@ -4804,7 +4805,11 @@ dissect_cip_mb_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, int item_
                  next_tvb = tvb_new_subset( tvb, offset+4+add_stat_size, item_length-4-add_stat_size, item_length-4-add_stat_size);

                  /* keep packet context */
-                  p_add_proto_data(pinfo->fd, proto_modbus, (void*)RESPONSE_PACKET);
+                  request_info = ep_alloc(sizeof(modbus_request_info_t));
+                  request_info->packet_type = RESPONSE_PACKET;
+                  request_info->register_addr_type = MBTCP_PREF_REGISTER_ADDR_RAW;
+                  request_info->register_format = MBTCP_PREF_REGISTER_FORMAT_UINT16;
+                  p_add_proto_data(pinfo->fd, proto_modbus, request_info);

                  call_dissector(modbus_handle, next_tvb, pinfo, cmd_data_tree);
                  p_remove_proto_data(pinfo->fd, proto_modbus);
@ -4895,7 +4900,11 @@ dissect_cip_mb_data( proto_tree *item_tree, tvbuff_t *tvb, int offset, int item_
               next_tvb = tvb_new_subset( tvb, offset+2+req_path_size, item_length-req_path_size-2, item_length-req_path_size-2);

               /* keep packet context */
-               p_add_proto_data(pinfo->fd, proto_modbus, (void*)QUERY_PACKET);
+               request_info = ep_alloc(sizeof(modbus_request_info_t));
+               request_info->packet_type = QUERY_PACKET;
+               request_info->register_addr_type = MBTCP_PREF_REGISTER_ADDR_RAW;
+               request_info->register_format = MBTCP_PREF_REGISTER_FORMAT_UINT16;
+               p_add_proto_data(pinfo->fd, proto_modbus, request_info);

               call_dissector(modbus_handle, next_tvb, pinfo, cmd_data_tree);
               p_remove_proto_data(pinfo->fd, proto_modbus);
--- a/epan/dissectors/packet-mbtcp.c
+++ b/epan/dissectors/packet-mbtcp.c
--- a/epan/dissectors/packet-mbtcp.h
+++ b/epan/dissectors/packet-mbtcp.h
@ -1,15 +1,11 @@
 /* packet-mbtcp.h
- * $Id$
+ *
 * Routines for Modbus/TCP dissection
 * By Riaan Swart <rswart@cs.sun.ac.za>
 * Copyright 2001, Institute for Applied Computer Science
 * 					 University of Stellenbosch
 *
- * See
- *
- *	http://www.modbus.org/
- *
- * for information on Modbus/TCP.
+ * See http://www.modbus.org/ for information on Modbus/TCP.
 *
 * $Id$
 *
@ -31,28 +27,29 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
-#define PORT_MBTCP		502	/* Modbus/TCP located on port 502 */
+#define PORT_MBTCP		502	/* Modbus/TCP located on port 502, with IANA registration */
+#define PORT_MBRTU		0	/* Modbus RTU over TCP does not have a standard port, default to zero */

 /* Modbus protocol function codes */
-#define READ_COILS		1
-#define READ_INPUT_DISCRETES	2
-#define READ_MULT_REGS		3
-#define READ_INPUT_REGS		4
-#define WRITE_COIL		5
-#define WRITE_SINGLE_REG	6
-#define READ_EXCEPT_STAT	7
-#define DIAGNOSTICS		8
-#define GET_COMM_EVENT_CTRS	11
-#define GET_COMM_EVENT_LOG	12
-#define WRITE_MULT_COILS	15
-#define WRITE_MULT_REGS		16
-#define REPORT_SLAVE_ID		17
-#define READ_FILE_RECORD	20
-#define WRITE_FILE_RECORD	21
-#define MASK_WRITE_REG		22
-#define READ_WRITE_REG		23
-#define READ_FIFO_QUEUE		24
-#define ENCAP_INTERFACE_TRANSP  43
+#define READ_COILS				1
+#define READ_DISCRETE_INPUTS	2
+#define READ_HOLDING_REGS		3
+#define READ_INPUT_REGS			4
+#define WRITE_SINGLE_COIL		5
+#define WRITE_SINGLE_REG		6
+#define READ_EXCEPT_STAT		7
+#define DIAGNOSTICS				8
+#define GET_COMM_EVENT_CTRS		11
+#define GET_COMM_EVENT_LOG		12
+#define WRITE_MULT_COILS		15
+#define WRITE_MULT_REGS			16
+#define REPORT_SLAVE_ID			17
+#define READ_FILE_RECORD		20
+#define WRITE_FILE_RECORD		21
+#define MASK_WRITE_REG			22
+#define READ_WRITE_REG			23
+#define READ_FIFO_QUEUE			24
+#define ENCAP_INTERFACE_TRANSP	43

 /* Modbus protocol exception codes */
 #define ILLEGAL_FUNCTION	0x01
@ -99,3 +96,20 @@
 #define CANNOT_CLASSIFY		2

 #define MODBUS_PROTOCOL_ID 0
+
+/* Preferences for Modbus/TCP Dissector */
+#define MBTCP_PREF_REGISTER_FORMAT_UINT16			0
+#define MBTCP_PREF_REGISTER_FORMAT_UINT32			1
+#define MBTCP_PREF_REGISTER_FORMAT_IEEE_FLOAT		2
+#define MBTCP_PREF_REGISTER_FORMAT_MODICON_FLOAT	3
+
+#define MBTCP_PREF_REGISTER_ADDR_RAW	0
+#define MBTCP_PREF_REGISTER_ADDR_MOD5	1
+#define MBTCP_PREF_REGISTER_ADDR_MOD6	2
+
+
+typedef struct {
+    guint8 register_format;
+    guint8 register_addr_type;
+    guint8 packet_type;
+} modbus_request_info_t;