Bug #5751
openDNP3 preprocessor incorrectly parses READ requests
Description
The DNP3 preprocessor incorrectly parses read (function code 1) requests. Read requests only include object headers, not the object values. The DNP3 preprocessor is incorrectly treating 2nd and subsequent object headers in a read request as if they are object values for the 1st header, as shown by the attached eve application layer output for the g50v1 read request. Subsequent testing (not shown) using the signature 'dnp3_obj:50,1; dnp3_obj:60,2;' confirms that this is not just an artefact of the eve output, but that this is how the dnp3_obj rules also parse the fragment.
Files
Updated by Jason Ish about 2 years ago
- Assignee changed from OISF Dev to Jason Ish
Thanks for trying out the DNP3 support. I'll take a look at these as soon as possible, but might be a week or so until I can.
Updated by Michael Torres almost 2 years ago
I'd love to take this one if you're OK with it Jason