[Bro-Dev] [Bro-Commits] [git/bro] topic/jsiwek/modbus-fixes: Adjust modbus register array parsing. (c911d03)
Seth Hall
seth at icir.org
Tue Nov 13 08:16:03 PST 2012
On Nov 13, 2012, at 11:09 AM, "Siwek, Jonathan Luke" <jsiwek at illinois.edu> wrote:
> I can add a protocol violation and not generate the event in these cases… but do you care whether the extra parameter is provided to the events in the valid cases (I don't think it's hurting anything) ?
You're right, it's not hurting anything, but I think the events are redundant if they include those lengths since it's implicitly included in the number of registers included. As I've changed events and added new ones, I try not include length fields that are implicit in other fields. This case is a little weird because the protocol itself is a little weird, but I still think it makes sense to leave the length out.
> And really I'm just trying fix stuff that results in a crash... there's also a bunch of &check attributes in modbus-protocol.pac that seem to indicate protocol violations, but they don't do anything since that attribute is a no-op in binpac.
Yeah, I left those there as place holders so that we didn't need to refer back to the standard for those values when we port this to binpac++. Feel free to ignore those.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list