[Bro-Dev] [JIRA] (BIT-1231) DNP3 Analyzer Supports for DNP3-over-UDP

hui (JIRA) jira at bro-tracker.atlassian.net
Mon Aug 25 09:42:08 PDT 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17701#comment-17701 ] 

hui commented on BIT-1231:
--------------------------

Hi Robin,

What I did to avoid the same code being copied and pasted is to define a
independent class, i.e., DNP3_Analyzer which includes most of the repeated
codes. Then I let DNP3_TCP_Analyzer inherits from both this DNP3_Analyzer
and TCP_ApplicationAnalyzer. I can pass the test by doing this. The only
issue is that because the DNP3_Analyzer is defined independently, it can
not use the function such as Weird, ProtocolViolation and
ProtocolConfirmation. Do you know how I can call them inside this class?

If this is not possible, I am thinking about let the function in
DNP3_Analyzer return different error values to DNP3_TCP_Analyzer and call
the Weird function in the DNP3_TCP_Analyzer. Is this OK to you?

Best,

Hui Lin



On Fri, Aug 22, 2014 at 4:37 PM, Robin Sommer (JIRA) <




-- 
Hui Lin
PhD Candidate, Research Assistant
Electrical and Computer Engineering Department
University of Illinois at Urbana-Champaign


> DNP3 Analyzer Supports for DNP3-over-UDP
> ----------------------------------------
>
>                 Key: BIT-1231
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1231
>             Project: Bro Issue Tracker
>          Issue Type: Improvement
>          Components: Bro
>    Affects Versions: 2.3
>            Reporter: hui
>            Assignee: hui
>              Labels: DNP3, analyzer
>
> Two major changes are made for the DNP3 analyzer
> 1. Make the analyzer support both the DNP3-over-UDP and the DNP3-over-TCP.
>     The changes are made in DNP3.cc, DNP3.h and dpd.sig
> 2. Fix a bug in the binpac codes of the DNP3 analyzer
>    The changes are made in dnp3-protocol.pac. The changes results in different baseline results of testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only
>  



--
This message was sent by Atlassian JIRA
(v6.4-OD-04-006#64001)


More information about the bro-dev mailing list