[Bro-Dev] [Bro-Commits] [git/bro] topic/jsiwek/modbus-fixes: Adjust modbus register array parsing. (c911d03)

Siwek, Jonathan Luke jsiwek at illinois.edu
Tue Nov 13 08:09:45 PST 2012

>>  Added another parameter to modbus events that carry register arrays to
>>   the script-layer which indicates the associated byte count from the
>>   message (allowing for invalid values to be detected):
> I actually don't like this.  If an invalid value is found, I'd rather that a protocol violation or weird gets generated instead since it actually indicates a protocol error (I believe it does in this case at least).

I can add a protocol violation and not generate the event in these cases… but do you care whether the extra parameter is provided to the events in the valid cases (I don't think it's hurting anything) ?

And really I'm just trying fix stuff that results in a crash... there's also a bunch of &check attributes in modbus-protocol.pac that seem to indicate protocol violations, but they don't do anything since that attribute is a no-op in binpac.  I didn't intend to go through and fix all those, but I suppose I could if you're concerned about that kind of thing.


More information about the bro-dev mailing list