├── .gitignore ├── CMakeLists.txt ├── LICENSE.txt ├── Makefile ├── NOTICE.txt ├── README.md ├── configure ├── configure.plugin ├── developer_guide.md ├── pcaps ├── README.md ├── opcua_with-gap.pcap ├── opcua_with-gap_with-handshake.pcap ├── open62541_browse_has_server_idx.pcap ├── open62541_browse_next.pcap ├── open62541_browse_request_with_results.pcap ├── open62541_browse_with_diagnostic_info.pcap ├── open62541_client-server-getEndpoints.pcap ├── open62541_client-server_encrypted.pcap ├── open62541_client-server_mainloop-4-InnerDiagInfo.pcap ├── open62541_client-server_mainloop-ActivateSession-diagInfo.pcap ├── open62541_client-server_mainloop-hasInnerDiagInfo.pcap ├── open62541_client-server_mainloop-hasInnerDiagInfohasAddlInfo.pcap ├── open62541_client-server_mainloop-hasInnerStatusCode.pcap ├── open62541_client-server_mainloop-no-handshake.pcap ├── open62541_client-server_mainloop-not-localhost-non-standard-port.pcap ├── open62541_client-server_mainloop-not-localhost.pcap ├── open62541_client-server_mainloop-withStringTable.pcap ├── open62541_client-server_mainloop.pcap ├── open62541_client-server_minimal.pcap ├── open62541_create_monitored_items.pcap ├── open62541_discover_getendpoints_discover_urls.pcap ├── open62541_read_service_test_data.pcap ├── open62541_read_service_test_data_with_history.pcap ├── python_opcua-client-server_encrypted.pcap ├── python_opcua-client-server_minimal-2.pcap └── python_opcua-client-server_minimal.pcap ├── scripts ├── __load__.zeek ├── __preload__.zeek ├── activate-session-types.zeek ├── browse-types.zeek ├── close-session-types.zeek ├── create-monitored-items-types.zeek ├── create-session-types.zeek ├── create-subscription-types.zeek ├── filter-types.zeek ├── get-endpoints-types.zeek ├── icsnpp │ └── opcua-binary │ │ ├── __load__.zeek │ │ ├── dpd.sig │ │ └── main.zeek ├── read-types.zeek ├── secure-channel-types.zeek ├── statuscode-diagnostic-types.zeek ├── types.zeek ├── variant-types.zeek └── write-types.zeek ├── src ├── OPCUA_Binary.cc ├── OPCUA_Binary.h ├── Plugin.cc ├── Plugin.h ├── events.bif ├── headers │ ├── attribute_id.h │ ├── built_in_data_types.h │ ├── extension_object_node_id.h │ ├── filter-enums.h │ ├── node_classes.h │ ├── node_identifiers.h │ ├── status_codes.h │ ├── statuscode-diagnostic-source-consts.h │ ├── timestamps_to_return.h │ └── variant-source-consts.h ├── index-consts.h ├── opcua_binary-analyzer.pac ├── opcua_binary-protocol.pac ├── opcua_binary-protocol_debug.pac ├── opcua_binary-utilities.pac ├── opcua_binary.pac ├── req-res-header │ ├── index-consts.h │ ├── opcua_binary-req_res_header.pac │ ├── opcua_binary-req_res_header_analyzer.pac │ └── opcua_binary-req_res_header_debug.pac ├── services │ ├── activate-session │ │ ├── index-consts.h │ │ ├── opcua_binary-activate_session.pac │ │ ├── opcua_binary-activate_session_analyzer.pac │ │ └── opcua_binary-activate_session_debug.pac │ ├── browse │ │ ├── index-consts.h │ │ ├── opcua_binary-browse.pac │ │ ├── opcua_binary-browse_analyzer.pac │ │ └── opcua_binary-browse_debug.pac │ ├── close-session │ │ ├── index-consts.h │ │ ├── opcua_binary-close_session.pac │ │ ├── opcua_binary-close_session_analyzer.pac │ │ └── opcua_binary-close_session_debug.pac │ ├── create-monitored-items │ │ ├── index-consts.h │ │ ├── opcua_binary-create_monitored_items.pac │ │ ├── opcua_binary-create_monitored_items_analyzer.pac │ │ └── opcua_binary-create_monitored_items_debug.pac │ ├── create-session │ │ ├── index-consts.h │ │ ├── opcua_binary-create_session.pac │ │ ├── opcua_binary-create_session_analyzer.pac │ │ └── opcua_binary-create_session_debug.pac │ ├── create-subscription │ │ ├── index-consts.h │ │ ├── opcua_binary-create_subscription.pac │ │ ├── opcua_binary-create_subscription_analyzer.pac │ │ └── opcua_binary-create_subscription_debug.pac │ ├── get-endpoints │ │ ├── index-consts.h │ │ ├── opcua_binary-get_endpoints.pac │ │ ├── opcua_binary-get_endpoints_analyzer.pac │ │ └── opcua_binary-get_endpoints_debug.pac │ ├── opcua_binary-services.pac │ ├── read │ │ ├── index-consts.h │ │ ├── opcua_binary-read.pac │ │ ├── opcua_binary-read_analyzer.pac │ │ └── opcua_binary-read_debug.pac │ ├── secure-channel │ │ ├── index-consts.h │ │ ├── opcua_binary-secure_channel.pac │ │ ├── opcua_binary-secure_channel_analyzer.pac │ │ └── opcua_binary-secure_channel_debug.pac │ ├── service-fault │ │ ├── index-consts.h │ │ ├── opcua_binary-service_fault.pac │ │ ├── opcua_binary-service_fault_analyzer.pac │ │ └── opcua_binary-service_fault_debug.pac │ └── write │ │ ├── index-consts.h │ │ ├── opcua_binary-write.pac │ │ ├── opcua_binary-write_analyzer.pac │ │ └── opcua_binary-write_debug.pac ├── stubbed-out │ ├── opcua_binary-stubbed_out_service.pac │ ├── opcua_binary-stubbed_out_service_analyzer.pac │ └── opcua_binary-stubbed_out_service_debug.pac ├── types.bif └── types │ ├── filters │ ├── index-consts.h │ ├── opcua_binary-filter_types.pac │ ├── opcua_binary-filter_types_analyzer.pac │ └── opcua_binary-filter_types_debug.pac │ ├── nodeid │ ├── opcua_binary-nodeid_types.pac │ ├── opcua_binary-nodeid_types_analyzer.pac │ └── opcua_binary-nodeid_types_debug.pac │ ├── opcua_binary-types.pac │ ├── opcua_binary-types_analyzer.pac │ ├── opcua_binary-types_consts.pac │ ├── opcua_binary-types_debug.pac │ ├── statuscode-diagnostic-index-consts.h │ └── variants │ ├── index-consts.h │ ├── opcua_binary-variant_types.pac │ ├── opcua_binary-variant_types_analyzer.pac │ └── opcua_binary-variant_types_debug.pac ├── tests ├── .gitignore ├── analyzer │ ├── availability.zeek │ ├── basic.zeek │ ├── data-gap.zeek │ ├── data-gap_with-handshake.zeek │ ├── no-handshake.zeek │ └── non-standard-port.zeek ├── baseline │ ├── analyzer.basic │ │ ├── conn.log │ │ ├── opcua_binary.log │ │ ├── opcua_binary_activate_session.log │ │ ├── opcua_binary_browse.log │ │ ├── opcua_binary_browse_description.log │ │ ├── opcua_binary_browse_response_references.log │ │ ├── opcua_binary_browse_result.log │ │ ├── opcua_binary_close_session.log │ │ ├── opcua_binary_create_monitored_items.log │ │ ├── opcua_binary_create_monitored_items_create_item.log │ │ ├── opcua_binary_create_session.log │ │ ├── opcua_binary_create_session_endpoints.log │ │ ├── opcua_binary_create_session_user_token.log │ │ ├── opcua_binary_create_subscription.log │ │ ├── opcua_binary_get_endpoints.log │ │ ├── opcua_binary_get_endpoints_description.log │ │ ├── opcua_binary_get_endpoints_user_token.log │ │ ├── opcua_binary_opensecure_channel.log │ │ ├── opcua_binary_read.log │ │ ├── opcua_binary_read_nodes_to_read.log │ │ ├── opcua_binary_read_results.log │ │ ├── opcua_binary_status_code_detail.log │ │ └── opcua_binary_write.log │ ├── analyzer.data-gap │ │ ├── opcua_binary.log │ │ ├── opcua_binary_create_session.log │ │ ├── opcua_binary_opensecure_channel.log │ │ └── opcua_binary_status_code_detail.log │ ├── analyzer.data-gap_with-handshake │ │ ├── opcua_binary.log │ │ ├── opcua_binary_activate_session.log │ │ ├── opcua_binary_browse.log │ │ ├── opcua_binary_browse_description.log │ │ ├── opcua_binary_browse_response_references.log │ │ ├── opcua_binary_browse_result.log │ │ ├── opcua_binary_close_session.log │ │ ├── opcua_binary_create_monitored_items.log │ │ ├── opcua_binary_create_monitored_items_create_item.log │ │ ├── opcua_binary_create_session.log │ │ ├── opcua_binary_create_session_endpoints.log │ │ ├── opcua_binary_create_session_user_token.log │ │ ├── opcua_binary_create_subscription.log │ │ ├── opcua_binary_get_endpoints.log │ │ ├── opcua_binary_get_endpoints_description.log │ │ ├── opcua_binary_get_endpoints_user_token.log │ │ ├── opcua_binary_opensecure_channel.log │ │ ├── opcua_binary_read.log │ │ ├── opcua_binary_read_nodes_to_read.log │ │ ├── opcua_binary_read_results.log │ │ ├── opcua_binary_status_code_detail.log │ │ └── opcua_binary_write.log │ ├── analyzer.no-handshake │ │ ├── opcua_binary.log │ │ ├── opcua_binary_activate_session.log │ │ ├── opcua_binary_browse.log │ │ ├── opcua_binary_browse_description.log │ │ ├── opcua_binary_browse_response_references.log │ │ ├── opcua_binary_browse_result.log │ │ ├── opcua_binary_close_session.log │ │ ├── opcua_binary_create_monitored_items.log │ │ ├── opcua_binary_create_monitored_items_create_item.log │ │ ├── opcua_binary_create_session.log │ │ ├── opcua_binary_create_session_endpoints.log │ │ ├── opcua_binary_create_session_user_token.log │ │ ├── opcua_binary_create_subscription.log │ │ ├── opcua_binary_get_endpoints.log │ │ ├── opcua_binary_get_endpoints_description.log │ │ ├── opcua_binary_get_endpoints_user_token.log │ │ ├── opcua_binary_read.log │ │ ├── opcua_binary_read_nodes_to_read.log │ │ ├── opcua_binary_read_results.log │ │ ├── opcua_binary_status_code_detail.log │ │ └── opcua_binary_write.log │ └── analyzer.non-standard-port │ │ ├── opcua_binary.log │ │ ├── opcua_binary_activate_session.log │ │ ├── opcua_binary_browse.log │ │ ├── opcua_binary_browse_description.log │ │ ├── opcua_binary_browse_response_references.log │ │ ├── opcua_binary_browse_result.log │ │ ├── opcua_binary_close_session.log │ │ ├── opcua_binary_create_monitored_items.log │ │ ├── opcua_binary_create_monitored_items_create_item.log │ │ ├── opcua_binary_create_session.log │ │ ├── opcua_binary_create_session_endpoints.log │ │ ├── opcua_binary_create_session_user_token.log │ │ ├── opcua_binary_create_subscription.log │ │ ├── opcua_binary_get_endpoints.log │ │ ├── opcua_binary_get_endpoints_description.log │ │ ├── opcua_binary_get_endpoints_user_token.log │ │ ├── opcua_binary_opensecure_channel.log │ │ ├── opcua_binary_read.log │ │ ├── opcua_binary_read_nodes_to_read.log │ │ ├── opcua_binary_read_results.log │ │ ├── opcua_binary_status_code_detail.log │ │ └── opcua_binary_write.log ├── btest.cfg ├── files │ └── random.seed ├── scripts │ ├── diff-remove-timestamps │ └── get-zeek-env └── traces │ ├── opcua_with-gap.pcap │ ├── opcua_with-gap_with-handshake.pcap │ ├── open62541_client-server_mainloop-no-handshake.pcap │ ├── open62541_client-server_mainloop-not-localhost-non-standard-port.pcap │ └── open62541_client-server_mainloop.pcap └── zkg.meta /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | /*.log 3 | .vscode/ 4 | .DS_Store -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.15 FATAL_ERROR) 2 | 3 | project(ZeekPluginBinary) 4 | 5 | include(ZeekPlugin) 6 | 7 | zeek_plugin_begin(ICSNPP OPCUA_Binary) 8 | zeek_plugin_cc(src/OPCUA_Binary.cc src/Plugin.cc) 9 | zeek_plugin_bif(src/types.bif src/events.bif) 10 | zeek_plugin_dist_files(README.md CHANGES COPYING VERSION) 11 | zeek_plugin_pac(src/opcua_binary.pac src/opcua_binary-analyzer.pac src/opcua_binary-protocol.pac) 12 | zeek_plugin_end() 13 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2023, Battelle Energy Alliance, LLC 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this 9 | list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above copyright notice, 12 | this list of conditions and the following disclaimer in the documentation 13 | and/or other materials provided with the distribution. 14 | 15 | 3. Neither the name of the copyright holder nor the names of its 16 | contributors may be used to endorse or promote products derived from 17 | this software without specific prior written permission. 18 | 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Convenience Makefile providing a few common top-level targets. 3 | # 4 | 5 | cmake_build_dir=build 6 | arch=`uname -s | tr A-Z a-z`-`uname -m` 7 | 8 | all: build-it 9 | 10 | build-it: 11 | @test -e $(cmake_build_dir)/config.status || ./configure 12 | -@test -e $(cmake_build_dir)/CMakeCache.txt && \ 13 | test $(cmake_build_dir)/CMakeCache.txt -ot `cat $(cmake_build_dir)/CMakeCache.txt | grep ZEEK_DIST | cut -d '=' -f 2`/build/CMakeCache.txt && \ 14 | echo Updating stale CMake cache && \ 15 | touch $(cmake_build_dir)/CMakeCache.txt 16 | 17 | ( cd $(cmake_build_dir) && make ) 18 | 19 | install: 20 | ( cd $(cmake_build_dir) && make install ) 21 | 22 | clean: 23 | ( cd $(cmake_build_dir) && make clean ) 24 | 25 | distclean: 26 | rm -rf $(cmake_build_dir) 27 | 28 | test: 29 | make -C tests 30 | -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- 1 | This project contains code from Idaho National Laboratory's ICSNPP Project 2 | Github URL: https://github.com/cisagov/ICSNPP 3 | Licensed under BSD 3-Part License. 4 | 5 | 6 | © 2023 Battelle Energy Alliance, LLC 7 | ALL RIGHTS RESERVED 8 | 9 | Prepared by Battelle Energy Alliance, LLC 10 | Under Contract No. DE-AC07-05ID14517 11 | With the U. S. Department of Energy 12 | 13 | NOTICE: This computer software was prepared by Battelle Energy 14 | Alliance, LLC, hereinafter the Contractor, under Contract 15 | No. AC07-05ID14517 with the United States (U. S.) Department of 16 | Energy (DOE). The Government is granted for itself and others acting on 17 | its behalf a nonexclusive, paid-up, irrevocable worldwide license in this 18 | data to reproduce, prepare derivative works, and perform publicly and 19 | display publicly, by or on behalf of the Government. There is provision for 20 | the possible extension of the term of this license. Subsequent to that 21 | period or any extension granted, the Government is granted for itself and 22 | others acting on its behalf a nonexclusive, paid-up, irrevocable worldwide 23 | license in this data to reproduce, prepare derivative works, distribute 24 | copies to the public, perform publicly and display publicly, and to permit 25 | others to do so. The specific term of the license can be identified by 26 | inquiry made to Contractor or DOE. NEITHER THE UNITED STATES NOR THE UNITED 27 | STATES DEPARTMENT OF ENERGY, NOR CONTRACTOR MAKES ANY WARRANTY, EXPRESS OR 28 | IMPLIED, OR ASSUMES ANY LIABILITY OR RESPONSIBILITY FOR THE USE, ACCURACY, 29 | COMPLETENESS, OR USEFULNESS OR ANY INFORMATION, APPARATUS, PRODUCT, OR 30 | PROCESS DISCLOSED, OR REPRESENTS THAT ITS USE WOULD NOT INFRINGE PRIVATELY 31 | OWNED RIGHTS. 32 | -------------------------------------------------------------------------------- /configure.plugin: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Hooks to add custom options to the configure script. 4 | # 5 | 6 | plugin_usage() 7 | { 8 | : # Do nothing 9 | # cat <= 1024 4 | dst-port >= 1024 5 | payload /^\x48\x45\x4c/ 6 | enable "ICSNPP_OPCUA_BINARY" 7 | } 8 | -------------------------------------------------------------------------------- /scripts/read-types.zeek: -------------------------------------------------------------------------------- 1 | ##! read-types.zeek 2 | ##! 3 | ##! OPCUA Binary Protocol Analyzer 4 | ##! 5 | ##! Zeek script type/record definitions describing the information 6 | ##! that will be written to the log files. 7 | ##! 8 | ##! Author: Kent Kvarfordt 9 | ##! Contact: kent.kvarfordt@inl.gov 10 | ##! 11 | ##! Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 12 | 13 | module ICSNPP_OPCUA_Binary; 14 | export { 15 | type OPCUA_Binary::Read: record { 16 | ts : time &log; 17 | uid : string &log; 18 | id : conn_id &log; 19 | 20 | is_orig : bool &log; 21 | source_h : addr &log; # Source IP Address 22 | source_p : port &log; # Source Port 23 | destination_h : addr &log; # Destination IP Address 24 | destination_p : port &log; # Destination Port 25 | 26 | opcua_link_id : string &log; # Link back into OPCUA_Binary::Info 27 | 28 | # Request 29 | max_age : count &log &optional; 30 | timestamps_to_return : count &log &optional; 31 | timestamps_to_return_str : string &log &optional; 32 | nodes_to_read_link_id : string &log &optional; # Link into OPCUA_Binary::NodesToRead 33 | 34 | # Response 35 | read_results_link_id : string &log &optional; # Link into OPCUA_Binary::ReadResults 36 | diag_info_link_id : string &log &optional; # Link into OPCUA_Binary::DiagnosticInfoDetail log 37 | }; 38 | 39 | type OPCUA_Binary::ReadNodesToRead: record { 40 | ts : time &log; 41 | uid : string &log; 42 | id : conn_id &log; 43 | 44 | is_orig : bool &log; 45 | source_h : addr &log; # Source IP Address 46 | source_p : port &log; # Source Port 47 | destination_h : addr &log; # Destination IP Address 48 | destination_p : port &log; # Destination Port 49 | 50 | nodes_to_read_link_id : string &log; # Link back into OPCUA_Binary::Read 51 | 52 | # node_id : OpcUA_NodeId 53 | node_id_encoding_mask : string &log &optional; 54 | node_id_namespace_idx : count &log &optional; 55 | node_id_numeric : count &log &optional; 56 | node_id_string : string &log &optional; 57 | node_id_guid : string &log &optional; 58 | node_id_opaque : string &log &optional; 59 | 60 | attribute_id : count &log; 61 | attribute_id_str : string &log; 62 | index_range : string &log; 63 | 64 | # data_encoding : QualifiedName 65 | data_encoding_name_idx : count &log &optional; 66 | data_encoding_name : string &log &optional; 67 | }; 68 | 69 | type OPCUA_Binary::ReadResults: record { 70 | ts : time &log; 71 | uid : string &log; 72 | id : conn_id &log; 73 | 74 | is_orig : bool &log; 75 | source_h : addr &log; # Source IP Address 76 | source_p : port &log; # Source Port 77 | destination_h : addr &log; # Destination IP Address 78 | destination_p : port &log; # Destination Port 79 | 80 | results_link_id : string &log; 81 | level : count &log; 82 | 83 | data_value_encoding_mask : string &log; 84 | 85 | status_code_link_id : string &log &optional; # Id into OPCUA_Binary::StatusCodeDetail log 86 | 87 | source_timestamp : time &log &optional; 88 | source_pico_sec : count &log &optional; 89 | 90 | server_timestamp : time &log &optional; 91 | server_pico_sec : count &log &optional; 92 | 93 | read_results_variant_metadata_link_id : string &log &optional; # Link into OPCUA_Binary::VariantMetadata log 94 | }; 95 | } 96 | -------------------------------------------------------------------------------- /scripts/secure-channel-types.zeek: -------------------------------------------------------------------------------- 1 | ##! secure-channel-types.zeek 2 | ##! 3 | ##! OPCUA Binary Protocol Analyzer 4 | ##! 5 | ##! Zeek script type/record definitions describing the information 6 | ##! that will be written to the log files. 7 | ##! 8 | ##! Author: Kent Kvarfordt 9 | ##! Contact: kent.kvarfordt@inl.gov 10 | ##! 11 | ##! Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 12 | 13 | module ICSNPP_OPCUA_Binary; 14 | export { 15 | 16 | type OPCUA_Binary::OpenSecureChannel: record { 17 | ts : time &log; 18 | uid : string &log; 19 | id : conn_id &log; 20 | 21 | is_orig : bool &log; 22 | source_h : addr &log; # Source IP Address 23 | source_p : port &log; # Source Port 24 | destination_h : addr &log; # Destination IP Address 25 | destination_p : port &log; # Destination Port 26 | 27 | opcua_link_id : string &log; # Link back into OPCUA_Binary::Info 28 | 29 | # OpenSecureChannel Request 30 | client_proto_ver : count &log &optional; 31 | sec_token_request_type : count &log &optional; 32 | message_security_mode : count &log &optional; 33 | client_nonce : string &log &optional; 34 | req_lifetime : count &log &optional; 35 | 36 | # OpenSecureChannel Response 37 | server_proto_ver : count &log &optional; 38 | sec_token_sec_channel_id : count &log &optional; 39 | sec_token_id : count &log &optional; 40 | sec_token_created_at : time &log &optional; 41 | sec_token_revised_time : count &log &optional; 42 | server_nonce : string &log &optional; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /scripts/statuscode-diagnostic-types.zeek: -------------------------------------------------------------------------------- 1 | ##! statuscode-diagnostic-types.zeek 2 | ##! 3 | ##! OPCUA Binary Protocol Analyzer 4 | ##! 5 | ##! Zeek script type/record definitions describing the information 6 | ##! that will be written to the log files. 7 | ##! 8 | ##! Author: Kent Kvarfordt 9 | ##! Contact: kent.kvarfordt@inl.gov 10 | ##! 11 | ##! Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 12 | 13 | module ICSNPP_OPCUA_Binary; 14 | export { 15 | type OPCUA_Binary::StatusCodeDetail: record { 16 | ts : time &log; 17 | uid : string &log; 18 | id : conn_id &log; 19 | 20 | is_orig : bool &log; 21 | source_h : addr &log; # Source IP Address 22 | source_p : port &log; # Source Port 23 | destination_h : addr &log; # Destination IP Address 24 | destination_p : port &log; # Destination Port 25 | 26 | status_code_link_id : string &log; 27 | source : count &log; 28 | source_str : string &log; 29 | source_level : count &log; 30 | status_code : string &log; 31 | severity : count &log; 32 | severity_str : string &log; 33 | sub_code : count &log; 34 | sub_code_str : string &log; 35 | structure_changed : bool &log; 36 | semantics_changed : bool &log; 37 | info_type : count &log; 38 | info_type_str : string &log; 39 | limit_bits : count &log; 40 | limit_bits_str : string &log; 41 | overflow : bool &log; 42 | historian_bits : count &log; 43 | historian_bits_str : string &log; 44 | historianPartial : bool &log; 45 | historianExtraData : bool &log; 46 | historianMultiValue : bool &log; 47 | }; 48 | 49 | type OPCUA_Binary::DiagnosticInfoDetail: record { 50 | ts : time &log; 51 | uid : string &log; 52 | id : conn_id &log; 53 | 54 | is_orig : bool &log; 55 | source_h : addr &log; # Source IP Address 56 | source_p : port &log; # Source Port 57 | destination_h : addr &log; # Destination IP Address 58 | destination_p : port &log; # Destination Port 59 | 60 | diag_info_link_id : string &log; 61 | root_object_id : string &log; # This connects inner objects with the root object 62 | source : count &log; 63 | source_str : string &log; 64 | inner_diag_level : count &log; 65 | has_symbolic_id : bool &log; 66 | symbolic_id : count &log &optional; 67 | symbolic_id_str : string &log &optional; 68 | has_namespace_uri : bool &log; 69 | namespace_uri : count &log &optional; 70 | namespace_uri_str : string &log &optional; 71 | has_locale : bool &log; 72 | locale : count &log &optional; 73 | locale_str : string &log &optional; 74 | has_locale_txt : bool &log; 75 | locale_txt : count &log &optional; 76 | locale_txt_str : string &log &optional; 77 | has_addl_info : bool &log; 78 | addl_info : string &log &optional; 79 | has_inner_stat_code : bool &log; 80 | inner_stat_code : string &log &optional; 81 | has_inner_diag_info : bool &log; 82 | }; 83 | } 84 | -------------------------------------------------------------------------------- /scripts/types.zeek: -------------------------------------------------------------------------------- 1 | ##! types.zeek 2 | ##! 3 | ##! OPCUA Binary Protocol Analyzer 4 | ##! 5 | ##! Zeek script type/record definitions describing the information 6 | ##! that will be written to the log files. 7 | ##! 8 | ##! Author: Kent Kvarfordt 9 | ##! Contact: kent.kvarfordt@inl.gov 10 | ##! 11 | ##! Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 12 | 13 | module ICSNPP_OPCUA_Binary; 14 | export { 15 | type OPCUA_Binary::Info: record { 16 | ts : time &log; 17 | uid : string &log; 18 | id : conn_id &log; 19 | 20 | # Source/Destination 21 | is_orig : bool &log; # Source IP Address 22 | source_h : addr &log; # Source IP Address 23 | source_p : port &log; # Source Port 24 | destination_h : addr &log; # Destination IP Address 25 | destination_p : port &log; # Destination Port 26 | 27 | # Msg Header 28 | opcua_link_id : string &log; 29 | msg_type : string &log; 30 | is_final : string &log; 31 | msg_size : count &log; 32 | 33 | # Msg_ERR 34 | error : count &log &optional; 35 | reason : string &log &optional; 36 | 37 | # Msg_HEL and Msg_ACK 38 | version : count &log &optional; 39 | rcv_buf_size : count &log &optional; 40 | snd_buf_size : count &log &optional; 41 | max_msg_size : count &log &optional; 42 | max_chunk_cnt : count &log &optional; 43 | endpoint_url : string &log &optional; 44 | 45 | # Msg Body 46 | sec_channel_id : count &log &optional; 47 | sec_policy_uri_len : int &log &optional; 48 | sec_policy_uri : string &log &optional; 49 | snd_cert_len : int &log &optional; 50 | snd_cert : string &log &optional; 51 | rcv_cert_len : int &log &optional; 52 | rcv_cert : string &log &optional; 53 | seq_number : count &log &optional; 54 | request_id : count &log &optional; 55 | encoding_mask : count &log &optional; 56 | namespace_idx : count &log &optional; 57 | identifier : count &log &optional; 58 | identifier_str : string &log &optional; 59 | 60 | # Request Header 61 | req_hdr_node_id_type : string &log &optional; 62 | req_hdr_node_id_namespace_idx : count &log &optional; 63 | req_hdr_node_id_numeric : count &log &optional; 64 | req_hdr_node_id_string : string &log &optional; 65 | req_hdr_node_id_guid : string &log &optional; 66 | req_hdr_node_id_opaque : string &log &optional; 67 | req_hdr_timestamp : time &log &optional; 68 | req_hdr_request_handle : count &log &optional; 69 | req_hdr_return_diag : count &log &optional; 70 | req_hdr_audit_entry_id : string &log &optional; 71 | req_hdr_timeout_hint : count &log &optional; 72 | req_hdr_add_hdr_type_id : count &log &optional; 73 | req_hdr_add_hdr_enc_mask : count &log &optional; 74 | 75 | # Response Header 76 | res_hdr_timestamp : time &log &optional; 77 | res_hdr_request_handle : count &log &optional; 78 | status_code_link_id : string &log &optional; # Link into StatusCodeDetail log 79 | res_hdr_service_diag_encoding : count &log &optional; 80 | res_hdr_add_hdr_type_id : count &log &optional; 81 | res_hdr_add_hdr_enc_mask : count &log &optional; 82 | 83 | }; 84 | } 85 | -------------------------------------------------------------------------------- /scripts/write-types.zeek: -------------------------------------------------------------------------------- 1 | ##! write-types.zeek 2 | ##! 3 | ##! OPCUA Binary Protocol Analyzer 4 | ##! 5 | ##! Zeek script type/record definitions describing the information 6 | ##! that will be written to the log files. 7 | ##! 8 | ##! Author: Jason Rush 9 | ##! Contact: jason.rush@inl.gov 10 | ##! 11 | ##! Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 12 | 13 | module ICSNPP_OPCUA_Binary; 14 | export { 15 | type OPCUA_Binary::Write: record { 16 | ts : time &log; 17 | uid : string &log; 18 | id : conn_id &log; 19 | 20 | is_orig : bool &log; 21 | source_h : addr &log; # Source IP Address 22 | source_p : port &log; # Source Port 23 | destination_h : addr &log; # Destination IP Address 24 | destination_p : port &log; # Destination Port 25 | 26 | opcua_link_id : string &log; # Link back into OPCUA_Binary::Info 27 | 28 | # 29 | # Request 30 | # 31 | 32 | # 33 | # See opcua_binary-read_analyzer.pac: deliver_Svc_ReadReq for an example how to handle 34 | # flattenOpcUA_NodeId, attrubutes and index_range 35 | # 36 | # node_id : OpcUA_NodeId 37 | node_id_encoding_mask : string &log &optional; 38 | node_id_namespace_idx : count &log &optional; 39 | node_id_numeric : count &log &optional; 40 | node_id_string : string &log &optional; 41 | node_id_guid : string &log &optional; 42 | node_id_opaque : string &log &optional; 43 | 44 | attribute_id : count &log; 45 | attribute_id_str : string &log; 46 | index_range : string &log; 47 | 48 | # 49 | # See opcua_binary-read_analyzer.pac: deliver_Svc_ReadRes for an example how to handle 50 | # flattenOpcUA_DataValue 51 | # 52 | data_value_encoding_mask : string &log; 53 | 54 | req_status_code_link_id : string &log &optional; # Request status code link Id into OPCUA_Binary::StatusCodeDetail log 55 | 56 | source_timestamp : time &log &optional; 57 | source_pico_sec : count &log &optional; 58 | 59 | server_timestamp : time &log &optional; 60 | server_pico_sec : count &log &optional; 61 | 62 | 63 | write_results_variant_metadata_link_id : string &log &optional; # Link into OPCUA_Binary::VariantMetadata log 64 | 65 | # 66 | # Response 67 | # 68 | 69 | # 70 | # See opcua_binary-activate_session_analyzer.pac: deliver_Svc_ActivateSessionRes for an example of how to handle 71 | # an array of StatusCode(s) and an array of DiagnosticInfo(s) 72 | # 73 | # See statuscode-diagnostic-source-consts.h for the *Key(s) to use with generateDisgInfoEvent and generateStatusCodeEvent 74 | # 75 | res_status_code_link_id : string &log &optional; # Response status code link Id into OPCUA_Binary::StatusCodeDetail log 76 | diag_info_link_id : string &log &optional; # Link into OPCUA_Binary::DiagnosticInfoDetail log 77 | 78 | }; 79 | } 80 | -------------------------------------------------------------------------------- /src/OPCUA_Binary.cc: -------------------------------------------------------------------------------- 1 | // OPCUA_Binary.cc 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #include "OPCUA_Binary.h" 11 | 12 | #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h" 13 | 14 | #include "zeek/Reporter.h" 15 | 16 | #include "events.bif.h" 17 | 18 | using namespace analyzer::ICSNPP_OPCUA_Binary; 19 | 20 | OPCUA_Binary_Analyzer::OPCUA_Binary_Analyzer(zeek::Connection* c) 21 | 22 | : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("ICSNPP_OPCUA_BINARY", c) 23 | 24 | { 25 | interp = new binpac::OPCUA_Binary::OPCUA_Binary_Conn(this); 26 | 27 | had_gap = false; 28 | 29 | } 30 | 31 | OPCUA_Binary_Analyzer::~OPCUA_Binary_Analyzer() 32 | { 33 | delete interp; 34 | } 35 | 36 | void OPCUA_Binary_Analyzer::Done() 37 | { 38 | 39 | zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); 40 | 41 | interp->FlowEOF(true); 42 | interp->FlowEOF(false); 43 | 44 | } 45 | 46 | void OPCUA_Binary_Analyzer::EndpointEOF(bool is_orig) 47 | { 48 | zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); 49 | interp->FlowEOF(is_orig); 50 | } 51 | 52 | void OPCUA_Binary_Analyzer::DeliverStream(int len, const u_char* data, bool orig) 53 | { 54 | zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); 55 | 56 | assert(TCP()); 57 | 58 | if ( had_gap ) 59 | // If only one side had a content gap, we could still try to 60 | // deliver data to the other side if the script layer can handle this. 61 | return; 62 | 63 | try 64 | { 65 | interp->NewData(orig, data, data + len); 66 | } 67 | catch ( const binpac::Exception& e ) 68 | { 69 | 70 | /* Debug 71 | printf("\n###############################\n"); 72 | printf(" EXCEPTION:\n"); 73 | printf(" %s \n", e.c_msg()); 74 | printf("###############################\n\n"); 75 | */ 76 | 77 | AnalyzerViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); 78 | } 79 | } 80 | 81 | void OPCUA_Binary_Analyzer::Undelivered(uint64_t seq, int len, bool orig) 82 | { 83 | zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); 84 | had_gap = true; 85 | interp->NewGap(orig, len); 86 | } 87 | -------------------------------------------------------------------------------- /src/OPCUA_Binary.h: -------------------------------------------------------------------------------- 1 | // OPCUA_Binary.cc 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef ANALYZER_PROTOCOL_OPCUA_BINARY_H 11 | #define ANALYZER_PROTOCOL_OPCUA_BINARY_H 12 | 13 | #if __has_include() 14 | #include 15 | #else 16 | #include 17 | #endif 18 | 19 | #include "events.bif.h" 20 | 21 | 22 | #include "zeek/analyzer/protocol/tcp/TCP.h" 23 | 24 | #include "opcua_binary_pac.h" 25 | 26 | namespace analyzer { namespace ICSNPP_OPCUA_Binary { 27 | 28 | class OPCUA_Binary_Analyzer 29 | 30 | : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { 31 | 32 | public: 33 | OPCUA_Binary_Analyzer(zeek::Connection* conn); 34 | virtual ~OPCUA_Binary_Analyzer(); 35 | 36 | // Overriden from Analyzer. 37 | virtual void Done(); 38 | 39 | virtual void DeliverStream(int len, const u_char* data, bool orig); 40 | virtual void Undelivered(uint64_t seq, int len, bool orig); 41 | 42 | // Overriden from tcp::TCP_ApplicationAnalyzer. 43 | virtual void EndpointEOF(bool is_orig); 44 | 45 | 46 | static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn) 47 | { return new OPCUA_Binary_Analyzer(conn); } 48 | 49 | protected: 50 | binpac::OPCUA_Binary::OPCUA_Binary_Conn* interp; 51 | 52 | bool had_gap; 53 | 54 | }; 55 | 56 | } } // namespace analyzer::* 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /src/Plugin.cc: -------------------------------------------------------------------------------- 1 | // Plugin.cc 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #include "Plugin.h" 11 | #include "zeek/analyzer/Component.h" 12 | #include "OPCUA_Binary.h" 13 | 14 | namespace plugin { namespace ICSNPP_OPCUA_Binary { Plugin plugin; } } 15 | 16 | using namespace plugin::ICSNPP_OPCUA_Binary; 17 | 18 | zeek::plugin::Configuration Plugin::Configure() 19 | { 20 | AddComponent(new zeek::analyzer::Component("ICSNPP_OPCUA_BINARY", 21 | ::analyzer::ICSNPP_OPCUA_Binary::OPCUA_Binary_Analyzer::InstantiateAnalyzer)); 22 | 23 | zeek::plugin::Configuration config; 24 | config.name = "ICSNPP::OPCUA_Binary"; 25 | config.description = "OPC Unified Architecture Binary Protocol analyzer"; 26 | config.version.major = 0; 27 | config.version.minor = 1; 28 | config.version.patch = 0; 29 | return config; 30 | } 31 | -------------------------------------------------------------------------------- /src/Plugin.h: -------------------------------------------------------------------------------- 1 | // Plugin.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef BRO_PLUGIN_OPCUA_BINARY 11 | #define BRO_PLUGIN_OPCUA_BINARY 12 | 13 | #include 14 | 15 | namespace plugin { 16 | namespace ICSNPP_OPCUA_Binary { 17 | 18 | class Plugin : public zeek::plugin::Plugin 19 | { 20 | protected: 21 | // Overridden from plugin::Plugin. 22 | zeek::plugin::Configuration Configure() override; 23 | }; 24 | 25 | extern Plugin plugin; 26 | 27 | } 28 | } 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /src/headers/attribute_id.h: -------------------------------------------------------------------------------- 1 | // attribute_id.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | // 11 | // UA Specification Part 6 - Mappings 1.04.pdf 12 | // 13 | // Annex A.1 - Attribute Ids; 14 | // Table A.1 Identifiers assigned to Attributes 15 | // 16 | #ifndef OPCUA_BINARY_ATTRIBUTE_ID_H 17 | #define OPCUA_BINARY_ATTRIBUTE_ID_H 18 | #include 19 | 20 | const static uint32_t Attr_Unknown_Key = 0; 21 | const static uint32_t Attr_NodeId_Key = 1; 22 | const static uint32_t Attr_NodeClass_Key = 2; 23 | const static uint32_t Attr_BrowseName_Key = 3; 24 | const static uint32_t Attr_DisplayName_Key = 4; 25 | const static uint32_t Attr_Description_Key = 5; 26 | const static uint32_t Attr_WriteMask_Key = 6; 27 | const static uint32_t Attr_UserWriteMask_Key = 7; 28 | const static uint32_t Attr_IsAbstract_Key = 8; 29 | const static uint32_t Attr_Symmetric_Key = 9; 30 | const static uint32_t Attr_InverseName_Key = 10; 31 | const static uint32_t Attr_ContainsNoLoops_Key = 11; 32 | const static uint32_t Attr_EventNotifier_Key = 12; 33 | const static uint32_t Attr_Value_Key = 13; 34 | const static uint32_t Attr_DataType_Key = 14; 35 | const static uint32_t Attr_ValueRank_Key = 15; 36 | const static uint32_t Attr_ArrayDimensions_Key = 16; 37 | const static uint32_t Attr_AccessLevel_Key = 17; 38 | const static uint32_t Attr_UserAccessLevel_Key = 18; 39 | const static uint32_t Attr_MinimumSamplingInterval_Key = 19; 40 | const static uint32_t Attr_Historizing_Key = 20; 41 | const static uint32_t Attr_Executable_Key = 21; 42 | const static uint32_t Attr_UserExecutable_Key = 22; 43 | const static uint32_t Attr_DataTypeDefinition_Key = 23; 44 | const static uint32_t Attr_RolePermissions_Key = 24; 45 | const static uint32_t Attr_UserRolePermissions_Key = 25; 46 | const static uint32_t Attr_AccessRestrictions_Key = 26; 47 | const static uint32_t Attr_AccessLevelEx_Key = 27; 48 | 49 | static std::map ATTRIBUTE_ID_MAP = 50 | { 51 | { Attr_Unknown_Key , "Unknown"}, 52 | { Attr_NodeId_Key , "NodeId" }, 53 | { Attr_NodeClass_Key , "NodeClass" }, 54 | { Attr_BrowseName_Key , "BrowseName" }, 55 | { Attr_DisplayName_Key , "DisplayName" }, 56 | { Attr_Description_Key , "Description" }, 57 | { Attr_WriteMask_Key , "WriteMask" }, 58 | { Attr_UserWriteMask_Key , "UserWriteMask" }, 59 | { Attr_IsAbstract_Key , "IsAbstract" }, 60 | { Attr_Symmetric_Key , "Symmetric" }, 61 | { Attr_InverseName_Key , "InverseName" }, 62 | { Attr_ContainsNoLoops_Key , "ContainsNoLoops" }, 63 | { Attr_EventNotifier_Key , "EventNotifier" }, 64 | { Attr_Value_Key , "Value" }, 65 | { Attr_DataType_Key , "DataType" }, 66 | { Attr_ValueRank_Key , "ValueRank" }, 67 | { Attr_ArrayDimensions_Key , "ArrayDimensions" }, 68 | { Attr_AccessLevel_Key , "AccessLevel" }, 69 | { Attr_UserAccessLevel_Key , "UserAccessLevel" }, 70 | { Attr_MinimumSamplingInterval_Key , "MinimumSamplingInterval" }, 71 | { Attr_Historizing_Key , "Historizing" }, 72 | { Attr_Executable_Key , "Executable" }, 73 | { Attr_UserExecutable_Key , "UserExcutable" }, 74 | { Attr_DataTypeDefinition_Key , "DataTypeDefinition" }, 75 | { Attr_RolePermissions_Key , "RolePermissions" }, 76 | { Attr_UserRolePermissions_Key , "UserRolePermissions" }, 77 | { Attr_AccessRestrictions_Key , "AccessRestrictions" }, 78 | { Attr_AccessLevelEx_Key , "AccessLevelEx" } 79 | }; 80 | 81 | #endif 82 | 83 | -------------------------------------------------------------------------------- /src/headers/built_in_data_types.h: -------------------------------------------------------------------------------- 1 | // built_in_data_types.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | // 11 | // UA Specification Part 6 - Mappings 1.04.pdf 12 | // 13 | // 5.1.2 Built-in Types Table 1 - Built-in Data Types 14 | // 15 | 16 | #ifndef OPCUA_BINARY_BUILT_IN_DATA_TYPES_H 17 | #define OPCUA_BINARY_BUILT_IN_DATA_TYPES_H 18 | #include 19 | 20 | const static uint32_t Boolean_Key = 1; 21 | const static uint32_t SByte_Key = 2; 22 | const static uint32_t Byte_Key = 3; 23 | const static uint32_t Int16_Key = 4; 24 | const static uint32_t Uint16_Key = 5; 25 | const static uint32_t Int32_Key = 6; 26 | const static uint32_t Uint32_Key = 7; 27 | const static uint32_t Int64_Key = 8; 28 | const static uint32_t Uint64_Key = 9; 29 | const static uint32_t Float_Key = 10; 30 | const static uint32_t Double_Key = 11; 31 | const static uint32_t String_Key = 12; 32 | const static uint32_t DateTime_Key = 13; 33 | const static uint32_t Guid_Key = 14; 34 | const static uint32_t ByteString_Key = 15; 35 | const static uint32_t XmlElement_Key = 16; 36 | const static uint32_t NodeId_Key = 17; 37 | const static uint32_t ExpandedNodeId_Key = 18; 38 | const static uint32_t StatusCode_Key = 19; 39 | const static uint32_t QualifiedName_Key = 20; 40 | const static uint32_t LocalizedText_Key = 21; 41 | const static uint32_t ExtensionObject_Key = 22; 42 | const static uint32_t DataValue_Key = 23; 43 | const static uint32_t Variant_Key = 24; 44 | const static uint32_t DiagnosticInfo_Key = 25; 45 | 46 | static std::map BUILT_IN_DATA_TYPES_MAP = 47 | { 48 | { Boolean_Key, "Boolean" }, 49 | { SByte_Key, "SByte" }, 50 | { Byte_Key, "Byte" }, 51 | { Int16_Key, "Int16" }, 52 | { Uint16_Key, "Uint16" }, 53 | { Int32_Key, "Int32" }, 54 | { Uint32_Key, "Uint32" }, 55 | { Int64_Key, "Int64" }, 56 | { Uint64_Key, "Uint64" }, 57 | { Float_Key, "Float" }, 58 | { Double_Key, "Double" }, 59 | { String_Key, "String" }, 60 | { DateTime_Key, "DateTime" }, 61 | { Guid_Key, "Guid" }, 62 | { ByteString_Key, "ByteString" }, 63 | { XmlElement_Key, "XmlElement" }, 64 | { NodeId_Key, "NodeId" }, 65 | { ExpandedNodeId_Key, "ExpandedNodeId" }, 66 | { StatusCode_Key, "StatusCode" }, 67 | { QualifiedName_Key, "QualifiedName" }, 68 | { LocalizedText_Key, "LocalizedText" }, 69 | { ExtensionObject_Key, "ExtensionObject" }, 70 | { DataValue_Key, "DataValue" }, 71 | { Variant_Key, "Variant" }, 72 | { DiagnosticInfo_Key, "DiagnosticInfo" } 73 | }; 74 | 75 | const static uint32_t VariantIsValue_Key = 0; 76 | const static uint32_t VariantIsArray_Key = 1; 77 | const static uint32_t VariantIsMultiDimensionalArray = 2; 78 | 79 | static std::map VARIANT_DATA_TYPES_MAP = 80 | { 81 | { VariantIsValue_Key, "Value" }, 82 | { VariantIsArray_Key, "Array" }, 83 | { VariantIsMultiDimensionalArray, "MultiDimArray" } 84 | }; 85 | 86 | #endif -------------------------------------------------------------------------------- /src/headers/node_classes.h: -------------------------------------------------------------------------------- 1 | // node_classes.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Numeric Node Class Identifiers for OPCUA Binary protocol services. 6 | // The constants are used to process the supplied service identifier and 7 | // map the identifier to a string representation for logging. 8 | // 9 | // Author: Melanie Pierce 10 | // Contact: melanie.pierce@inl.gov 11 | // 12 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 13 | #ifndef OPCUA_BINARY_NODE_CLASSES_H 14 | #define OPCUA_BINARY_NODE_CLASSES_H 15 | #include 16 | // 17 | // UA Specification Part 3 - Address Space Model 1.04.pdf 18 | // Table 1 - NodeClass Values: 19 | // 20 | // Value Description 21 | // 0x01 An object NodeClass mask. 22 | // 0x02 A variable NodeClass mask. 23 | // 0x04 A method NodeClass mask. 24 | // 0x08 An object type NodeClass mask. 25 | // 0x10 A variable type NodeClass mask. 26 | // 0x20 A reference type NodeClass mask. 27 | // 0x40 A data type NodeClass mask. 28 | // 0x80 A view NodeClass mask 29 | 30 | static uint32_t AllClasses_Key = 0; 31 | static uint32_t ObjectClass_Key = 1; 32 | static uint32_t VariableClass_Key = 2; 33 | static uint32_t MethodClass_Key = 4; 34 | static uint32_t ObjectTypeClass_Key = 8; 35 | static uint32_t VariableTypeClass_Key = 16; 36 | static uint32_t ReferenceTypeClass_Key = 32; 37 | static uint32_t DataType_Key = 64; 38 | static uint32_t View_Key = 128; 39 | 40 | static std::map NODE_CLASSES_MAP = 41 | { 42 | { AllClasses_Key , "All"}, 43 | { ObjectClass_Key , "ObjectNodeClass" }, 44 | { VariableClass_Key , "VariableNodeClass" }, 45 | { MethodClass_Key , "MethodNodeClass" }, 46 | { ObjectTypeClass_Key , "ObjectTypeNodeClass" }, 47 | { VariableTypeClass_Key , "VariableTypeNodeClass" }, 48 | { ReferenceTypeClass_Key , "ReferenceTypeNodeClass" }, 49 | { DataType_Key , "DataTypeNodeClass" }, 50 | { View_Key , "ViewNodeClass" } 51 | }; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/headers/timestamps_to_return.h: -------------------------------------------------------------------------------- 1 | // timestamps_to-return.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Timestamps to Return Enumeration for OPCUA Binary protocol services. 6 | // The constants are used to process the supplied service identifier and 7 | // map the identifier to a string representation for logging. 8 | // 9 | // Author: Melanie Pierce 10 | // Contact: melanie.pierce@inl.gov 11 | // 12 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 13 | #ifndef OPCUA_TIMESTAMPS_TO_RETURN_H 14 | #define OPCUA_TIMESTAMPS_TO_RETURN_H 15 | #include 16 | // 17 | // UA Specification Part 4 - Address Space Model 1.04.pdf 18 | // Table 179 - TimestampsToReturn Values: 19 | // 20 | // Value Description 21 | // 0 Return the source timestamp. 22 | // 1 Return the server timestamp. 23 | // 2 Return both source and server timestamps. 24 | // 3 Return neither timestamp. 25 | 26 | static uint32_t SourceTimestamp_Key = 0; 27 | static uint32_t ServerTimestamp_Key = 1; 28 | static uint32_t BothTimestamps_Key = 2; 29 | static uint32_t NeitherTimestamp_Key = 3; 30 | 31 | 32 | static std::map TIMESTAMPS_TO_RETURN_MAP = 33 | { 34 | { SourceTimestamp_Key, "Source"}, 35 | { ServerTimestamp_Key, "Server"}, 36 | { BothTimestamps_Key, "Both"}, 37 | { NeitherTimestamp_Key, "Neither"} 38 | 39 | }; 40 | 41 | #endif -------------------------------------------------------------------------------- /src/headers/variant-source-consts.h: -------------------------------------------------------------------------------- 1 | // variant-source-consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Stores the constants used to indicate the service that generated Variant Events 6 | // 7 | // Author: Melanie Pierce 8 | // Contact: melanie.pierce@inl.gov 9 | // 10 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | #ifndef OPCUA_BINARY_VARIANT_SOURCE_CONSTS_H 13 | #define OPCUA_BINARY_VARIANT_SOURCE_CONSTS_H 14 | #include 15 | 16 | // Internal constants used to associate detailed status code information 17 | // with the service/structure that generated the status code. 18 | static const uint32_t Variant_Read_Key = 0; 19 | static const uint32_t Variant_Read_Inner_Key = 1; 20 | static const uint32_t Variant_LiteralOperand_Key = 2; 21 | static const uint32_t Variant_LiteralOperand_Inner_Key = 3; 22 | static const uint32_t Variant_Write_Key = 4; 23 | 24 | 25 | static std::map VARIANT_SRC_MAP = 26 | { 27 | {Variant_Read_Key, "Read_Variant"}, 28 | {Variant_Read_Inner_Key, "Read_InnerVariant"}, 29 | {Variant_LiteralOperand_Key, "LiteralOperand_Variant"}, 30 | {Variant_LiteralOperand_Inner_Key, "LiteralOperand_InnerVariant"}, 31 | {Variant_Write_Key, "Write_Variant"} 32 | }; 33 | #endif -------------------------------------------------------------------------------- /src/index-consts.h: -------------------------------------------------------------------------------- 1 | // consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_CONSTS_H 11 | #define OPCUA_BINARY_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUC_Binary::Info 15 | // 16 | 17 | #define IS_ORIG_IDX 3 18 | #define SOURCE_H_IDX 4 19 | #define SOURCE_P_IDX 5 20 | #define DESTINATION_H_IDX 6 21 | #define DESTINATION_P_IDX 7 22 | 23 | // OpcUA_ID 24 | // While this id is NOT part of the OpcUA documented spec, we use it to tie nested log files 25 | // together - e.g. any nested log files such as the status code detail log will contain 26 | // this id which can be used to reference back to the primary OpcUA log file. 27 | // 28 | #define OPCUA_LINK_ID_SRC_IDX 8 29 | 30 | // Msg Header 31 | #define MSG_TYPE_IDX 9 32 | #define IS_FINAL_IDX 10 33 | #define MSG_SIZE_IDX 11 34 | 35 | // Msg_ERR 36 | #define ERROR_IDX 12 37 | #define REASON_IDX 13 38 | 39 | // Msg_HEL and Msg_ACK 40 | #define VERSION_IDX 14 41 | #define RCV_BUF_SIZE_IDX 15 42 | #define SND_BUF_SIZE_IDX 16 43 | #define MAX_MSG_SIZE_IDX 17 44 | #define MAX_CHUNK_CNT_IDX 18 45 | #define ENDPOINT_URL_IDX 19 // Msg_HEL 46 | 47 | // Msg Body 48 | #define SEC_CHANNEL_ID_IDX 20 49 | #define SEC_POLICY_URI_LEN_IDX 21 50 | #define SEC_POLICY_URI_IDX 22 51 | #define SND_CERT_LEN_IDX 23 52 | #define SND_CERT_IDX 24 53 | #define RCV_CERT_LEN_IDX 25 54 | #define RCV_CERT_IDX 26 55 | #define SEQ_NUMBER_IDX 27 56 | #define REQUEST_ID_IDX 28 57 | #define ENCODING_MASK_IDX 29 58 | #define NAMESPACE_IDX 30 59 | #define IDENTIFIER_IDX 31 60 | #define IDENTIFIER_STR_IDX 32 61 | 62 | #endif 63 | 64 | -------------------------------------------------------------------------------- /src/opcua_binary-protocol_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-debug.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Development/Debug utilities 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printMsgHeader( Msg_Header *msg_header); 14 | void printMsgHEL( Msg_HEL *msg_hel); 15 | void printMsgACK( Msg_ACK *msg_ack); 16 | void printMsgERR( Msg_ERR *msg_err); 17 | void printMsgOPN( Msg_OPN *msg_opn); 18 | void printMsgCLO( Msg_CLO *msg_clo); 19 | void printMsgMSG( Msg_MSG *msg_msg); 20 | void printMsgType( Msg_Header *msg_header); 21 | void printService(Service *service); 22 | %} 23 | 24 | %code{ 25 | void printMsgHeader( Msg_Header *msg_header) { 26 | // Stubbed out 27 | return; 28 | } 29 | 30 | void printMsgHEL( Msg_HEL *msg_hel) { 31 | // Stubbed out 32 | return; 33 | } 34 | 35 | void printMsgACK( Msg_ACK *msg_ack) { 36 | // Stubbed out 37 | return; 38 | } 39 | 40 | void printMsgERR( Msg_ERR *msg_err) { 41 | // Stubbed out 42 | return; 43 | } 44 | 45 | void printMsgOPN( Msg_OPN *msg_opn) { 46 | // Stubbed out 47 | return; 48 | } 49 | 50 | void printMsgCLO( Msg_CLO *msg_clo) { 51 | // Stubbed out 52 | return; 53 | } 54 | 55 | void printMsgMSG( Msg_MSG *msg_msg) { 56 | // Stubbed out 57 | return; 58 | } 59 | 60 | void printMsgType( Msg_Header *msg_header) { 61 | switch (uint8VectorToUint32(msg_header->msg_type())) { 62 | case HEL: printMsgHEL( msg_header->hel()); 63 | break; 64 | case ACK: printMsgACK( msg_header->ack()); 65 | break; 66 | case ERR: printMsgERR( msg_header->err()); 67 | break; 68 | case OPN: printMsgOPN( msg_header->opn()); 69 | break; 70 | case MSG: printMsgMSG( msg_header->msg()); 71 | break; 72 | case CLO: printMsgCLO( msg_header->clo()); 73 | break; 74 | } 75 | 76 | return; 77 | } 78 | 79 | void printService(Service *service) { 80 | printf("%s TypeId: ExpandedNodeId\n", indent(2).c_str()); 81 | printf("%s NodeId EncodingMask: 0x%02x\n", indent(3).c_str(), service->msg_body()->encoding_mask()); 82 | printf("%s NodeId Namespace Index: %d\n", indent(3).c_str(), service->namespace_idx()); 83 | printf("%s NodeId Identifier Numeric: %s (%d)\n", indent(3).c_str(), NODE_IDENTIFIER_MAP.find(service->identifier())->second.c_str(), service->identifier()); 84 | 85 | return; 86 | } 87 | 88 | %} -------------------------------------------------------------------------------- /src/opcua_binary.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Author: Kent Kvarfordt 6 | ## Contact: kent.kvarfordt@inl.gov 7 | ## 8 | ## Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | %include zeek/binpac.pac 11 | %include zeek/zeek.pac 12 | 13 | %extern{ 14 | #include "events.bif.h" 15 | %} 16 | 17 | analyzer OPCUA_Binary withcontext { 18 | connection: OPCUA_Binary_Conn; 19 | flow: OPCUA_Binary_Flow; 20 | }; 21 | 22 | # Our connection consists of two flows, one in each direction. 23 | connection OPCUA_Binary_Conn(bro_analyzer: ZeekAnalyzer) { 24 | upflow = OPCUA_Binary_Flow(true); 25 | downflow = OPCUA_Binary_Flow(false); 26 | }; 27 | 28 | %include opcua_binary-protocol.pac 29 | 30 | # Now we define the flow: 31 | flow OPCUA_Binary_Flow(is_orig: bool) { 32 | flowunit = Msg_Header(is_orig) withcontext(connection, this); 33 | }; 34 | 35 | %include opcua_binary-utilities.pac 36 | %include opcua_binary-analyzer.pac 37 | %include types/opcua_binary-types_analyzer.pac 38 | %include types/filters/opcua_binary-filter_types_analyzer.pac 39 | %include types/nodeid/opcua_binary-nodeid_types_analyzer.pac 40 | %include types/variants/opcua_binary-variant_types_analyzer.pac 41 | %include services/activate-session/opcua_binary-activate_session_analyzer.pac 42 | %include services/browse/opcua_binary-browse_analyzer.pac 43 | %include services/close-session/opcua_binary-close_session_analyzer.pac 44 | %include services/create-monitored-items/opcua_binary-create_monitored_items_analyzer.pac 45 | %include services/create-session/opcua_binary-create_session_analyzer.pac 46 | %include services/create-subscription/opcua_binary-create_subscription_analyzer.pac 47 | %include services/get-endpoints/opcua_binary-get_endpoints_analyzer.pac 48 | %include services/read/opcua_binary-read_analyzer.pac 49 | %include services/secure-channel/opcua_binary-secure_channel_analyzer.pac 50 | %include services/service-fault/opcua_binary-service_fault_analyzer.pac 51 | %include services/write/opcua_binary-write_analyzer.pac 52 | %include stubbed-out/opcua_binary-stubbed_out_service_analyzer.pac 53 | %include req-res-header/opcua_binary-req_res_header_analyzer.pac 54 | 55 | -------------------------------------------------------------------------------- /src/req-res-header/index-consts.h: -------------------------------------------------------------------------------- 1 | // Request and Response Header consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_REQ_RES_HEADER_CONSTS_H 11 | #define OPCUA_BINARY_REQ_RES_HEADER_CONSTS_H 12 | 13 | // Request Header 14 | #define REQ_HDR_NODE_ID_TYPE_IDX 33 15 | #define REQ_HDR_NODE_ID_NAMESPACE_IDX 34 16 | #define REQ_HDR_NODE_ID_NUMERIC_IDX 35 17 | #define REQ_HDR_NODE_ID_STRING_IDX 36 18 | #define REQ_HDR_NODE_ID_GUID_IDX 37 19 | #define REQ_HDR_NODE_ID_OPAQUE_IDX 38 20 | #define REQ_HDR_TIMESTAMP_IDX 39 21 | #define REQ_HDR_HANDLE_IDX 40 22 | #define REQ_HDR_RET_DIAG_IDX 41 23 | #define REQ_HDR_AUDIT_ENTRY_IDX 42 24 | #define REQ_HDR_TIMEOUT_HINT_IDX 43 25 | #define REQ_HDR_ADD_HDR_TYPE_ID_IDX 44 26 | #define REQ_HDR_ADD_HDR_ENC_MASK_IDX 45 27 | 28 | // Response Header 29 | #define RES_HDR_TIMESTAMP_IDX 46 30 | #define RES_HDR_HANDLE_IDX 47 31 | #define RES_HDR_STATUS_CODE_LINK_ID_SRC_IDX 48 32 | #define RES_HDR_SERVICE_DIAG_ENCODING_IDX 49 33 | #define RES_HDR_ADD_HDR_TYPE_ID_IDX 50 34 | #define RES_HDR_ADD_HDR_ENC_MASK_IDX 51 35 | 36 | #endif 37 | 38 | -------------------------------------------------------------------------------- /src/req-res-header/opcua_binary-req_res_header.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-req_res_header_analyzer.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the request and response headers. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 4 - Services 1.04.pdf 14 | # 15 | # RequestHeader: Table 170 16 | # 17 | type Request_Header = record { 18 | # SessionAuthenticationToken: Section 7.31: 0x0000 un-encrypted; Opaque otherwise 19 | auth_token : OpcUA_NodeId; 20 | 21 | timestamp : OpcUA_DateTime; 22 | request_handle : OpcUA_IntegerId; 23 | return_diag : uint32; 24 | audit_entry_id : OpcUA_String; 25 | timeout_hint : uint32; 26 | additional_hdr : Additional_Header; 27 | } &byteorder=littleendian; 28 | 29 | # 30 | # UA Specification Part 4 - Services 1.04.pdf 31 | # 32 | # ResponseHeader: Table 171 33 | # 34 | type Response_Header = record { 35 | timestamp : OpcUA_DateTime; 36 | request_handle : OpcUA_IntegerId; 37 | service_result : OpcUA_StatusCode; 38 | service_diag : OpcUA_DiagInfo; 39 | 40 | string_table_size : int32; 41 | has_string_table : case (string_table_size > 0) of { 42 | true -> string_table : OpcUA_String[string_table_size]; 43 | default -> empty_string_table : empty; 44 | }; 45 | 46 | additional_hdr : Additional_Header; 47 | } &byteorder=littleendian; 48 | 49 | type Additional_Header = record { 50 | type_id : uint16; 51 | encoding_mask : uint8; 52 | } &byteorder=littleendian; 53 | 54 | -------------------------------------------------------------------------------- /src/req-res-header/opcua_binary-req_res_header_analyzer.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-req_res_header_analyzer.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Analyzer code for processing the request and response headers. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | zeek::RecordValPtr assignReqHdr(zeek::RecordValPtr info, Request_Header *req_hdr); 14 | zeek::RecordValPtr assignResHdr(OPCUA_Binary_Conn *connection, zeek::RecordValPtr info, Response_Header *res_hdr, bool is_orig); 15 | %} 16 | 17 | %code{ 18 | 19 | 20 | // 21 | // Common code used to assign the request header information to a zeek::RecordValPtr 22 | // for future logging. 23 | // 24 | zeek::RecordValPtr assignReqHdr(zeek::RecordValPtr info, Request_Header *req_hdr) { 25 | 26 | // Auth token 27 | flattenOpcUA_NodeId(info, req_hdr->auth_token(), REQ_HDR_NODE_ID_TYPE_IDX); 28 | 29 | double unix_timestamp = winFiletimeToUnixTime(req_hdr->timestamp()); 30 | info->Assign(REQ_HDR_TIMESTAMP_IDX, zeek::make_intrusive(unix_timestamp)); 31 | 32 | info->Assign(REQ_HDR_HANDLE_IDX, zeek::val_mgr->Count(req_hdr->request_handle())); 33 | info->Assign(REQ_HDR_RET_DIAG_IDX, zeek::val_mgr->Count(req_hdr->return_diag())); 34 | 35 | info->Assign(REQ_HDR_AUDIT_ENTRY_IDX, zeek::make_intrusive(std_str(req_hdr->audit_entry_id()->string()))); 36 | info->Assign(REQ_HDR_TIMEOUT_HINT_IDX, zeek::val_mgr->Count((double)req_hdr->timeout_hint())); 37 | 38 | info->Assign(REQ_HDR_ADD_HDR_TYPE_ID_IDX, zeek::val_mgr->Count(req_hdr->additional_hdr()->type_id())); 39 | info->Assign(REQ_HDR_ADD_HDR_ENC_MASK_IDX, zeek::val_mgr->Count(req_hdr->additional_hdr()->encoding_mask())); 40 | 41 | return info; 42 | } 43 | 44 | // 45 | // Common code used to assign the response header information to a zeek::RecordValPtr 46 | // for future logging. 47 | // 48 | zeek::RecordValPtr assignResHdr(OPCUA_Binary_Conn *connection, zeek::RecordValPtr info, Response_Header *res_hdr, bool is_orig) { 49 | double unix_timestamp = winFiletimeToUnixTime(res_hdr->timestamp()); 50 | info->Assign(RES_HDR_TIMESTAMP_IDX, zeek::make_intrusive(unix_timestamp)); 51 | info->Assign(RES_HDR_HANDLE_IDX, zeek::val_mgr->Count(res_hdr->request_handle())); 52 | 53 | // Service Result aka Status Code 54 | uint32_t status_code_level = 0; 55 | string service_result_idx = generateId(); 56 | info->Assign(RES_HDR_STATUS_CODE_LINK_ID_SRC_IDX, zeek::make_intrusive(service_result_idx)); 57 | generateStatusCodeEvent(connection, info->GetField(RES_HDR_STATUS_CODE_LINK_ID_SRC_IDX), StatusCode_ResponseHeader_Key, res_hdr->service_result(), status_code_level, is_orig); 58 | 59 | // If there is DiagnosticInfo - then log the detailed information. 60 | info->Assign(RES_HDR_SERVICE_DIAG_ENCODING_IDX, zeek::val_mgr->Count(res_hdr->service_diag()->encoding_mask())); 61 | uint32 innerDiagLevel = 0; 62 | if (res_hdr->service_diag()->encoding_mask() != 0x00) { 63 | 64 | vector *stringTable = NULL; 65 | if (res_hdr->string_table_size() > 0) { 66 | stringTable = res_hdr->string_table(); 67 | } 68 | 69 | generateDiagInfoEvent(connection, info->GetField(OPCUA_LINK_ID_SRC_IDX), res_hdr->service_diag(), stringTable, innerDiagLevel, StatusCode_ResponseHeader_DiagInfo_Key, is_orig, DiagInfo_ResponseHeader_Key); 70 | } 71 | 72 | // Log the Additional Header information 73 | info->Assign(RES_HDR_ADD_HDR_TYPE_ID_IDX, zeek::val_mgr->Count(res_hdr->additional_hdr()->type_id())); 74 | info->Assign(RES_HDR_ADD_HDR_ENC_MASK_IDX, zeek::val_mgr->Count(res_hdr->additional_hdr()->encoding_mask())); 75 | 76 | return info; 77 | } 78 | 79 | %} 80 | -------------------------------------------------------------------------------- /src/req-res-header/opcua_binary-req_res_header_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-req_res_header_debug.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Debug code for verifying the request and response headers. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | 13 | %header{ 14 | void printReqHdr(Request_Header *req_hdr); 15 | void printResHdr(Response_Header *res_hdr); 16 | %} 17 | 18 | %code{ 19 | 20 | void printReqHdr(Request_Header *req_hdr) { 21 | // Stubbed out 22 | return; 23 | } 24 | 25 | void printResHdr(Response_Header *res_hdr) { 26 | // Stubbed out 27 | return; 28 | } 29 | 30 | %} -------------------------------------------------------------------------------- /src/services/activate-session/index-consts.h: -------------------------------------------------------------------------------- 1 | // Activate Session consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_ACTIVATE_SESSION_CONSTS_H 11 | #define OPCUA_BINARY_ACTIVATE_SESSION_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::ActivateSession 15 | // based on the parsed values from Activate_Session_Req and Activate_Session_Res 16 | // 17 | 18 | // Request 19 | #define ACTIVATE_SESSION_OPCUA_LINK_ID_DST_IDX 8 // Id back into OCPUA_Binary::Info log 20 | #define ACTIVATE_SESSION_REQ_CLIENT_ALGORITHM_IDX 9 21 | #define ACTIVATE_SESSION_REQ_CLIENT_SIGNATURE_IDX 10 22 | #define ACTIVATE_SESSION_REQ_CLIENT_SOFTWARE_CERT_LINK_ID_SRC_IDX 11 // Id into OPCUA_Binary::ActivateSessionClientSoftwareCert log 23 | #define ACTIVATE_SESSION_REQ_OPCUA_LOCAL_LINK_ID_SRC_IDX 12 // Id into OPCUA_Binary::ActivateSessionLocaleId log 24 | 25 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_TYPE_ID_ENCODING_IDX 13 26 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_TYPE_ID_NAMESPACE_IDX 14 27 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_TYPE_ID_NUMERIC_IDX 15 28 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_TYPE_ID_STRING_IDX 16 29 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_TYPE_ID_GUID_IDX 17 30 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_TYPE_ID_OPAQUE_IDX 18 31 | 32 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_TYPE_ID_STR_IDX 19 33 | 34 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_ENCODING_IDX 20 35 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_POLICY_ID_IDX 21 36 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_USERNAME_IDX 22 37 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_PASSWORD_IDX 23 38 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_ENCRYPTION_ALGORITHM_IDX 24 39 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_CERT_DATA_IDX 25 40 | #define ACTIVATE_SESSION_REQ_EXT_OBJ_TOKEN_DATA_IDX 26 41 | 42 | #define ACTIVATE_SESSION_REQ_USER_TOKEN_ALGORITHM_IDX 27 43 | #define ACTIVATE_SESSION_REQ_USER_TOKEN_SIGNATURE_IDX 28 44 | 45 | // Response 46 | #define ACTIVATE_SESSION_RES_SERVER_NONCE_IDX 29 47 | #define ACTIVATE_SESSION_RES_STATUS_CODE_LINK_ID_SRC_IDX 30 // Id into OPCUA_Binary::StatusCodeDetail log 48 | #define ACTIVATE_SESSION_RES_DIAG_INFO_LINK_ID_SRC_IDX 31 // Id into OPCUA_Binary::ActivateSessionDignosticInfo log 49 | 50 | 51 | // 52 | // Index constants for setting values in OPCUA_Binary::ActivateSessionClientSoftwareCert 53 | // based on the parsed values from Activate_Session_Req and Activate_Session_Res 54 | // 55 | #define ACTIVATE_SESSION_REQ_CLIENT_SOFTWARE_CERT_LINK_ID_DST_IDX 8 // Id back into OPCUA_Binary::ActivateSession 56 | #define ACTIVATE_SESSION_REQ_CLIENT_SOFTWARE_CERT_DATA_IDX 9 57 | #define ACTIVATE_SESSION_REQ_CLIENT_SOFTWARE_CERT_SIGNATURE_IDX 10 58 | 59 | // 60 | // Index constants for setting values in OPCUA_Binary::ActivateSessionLocaleId 61 | // based on the parsed values from Activate_Session_Req and Activate_Session_Res 62 | // 63 | #define ACTIVATE_SESSION_REQ_OPCUA_LOCAL_LINK_ID_DST_IDX 8 // Id back into OPCUA_Binary::ActivateSession 64 | #define ACTIVATE_SESSION_REQ_LOCALE_ID_IDX 9 65 | 66 | // 67 | // Index constants for setting values in OPCUA_Binary::ActivateSessionDignosticInfo 68 | // based on the parsed values from Activate_Session_Req and Activate_Session_Res 69 | // 70 | #define ACTIVATE_SESSION_RES_DIAG_INFO_LINK_ID_DST_IDX 8 // Id back into OPCUA_Binary::ActivateSession 71 | #define ACTIVATE_SESSION_DIAG_INFO_LINK_ID_SRC_IDX 9 // Id into OPCUA_Binary::DiagnosticInfoDetail 72 | 73 | 74 | #endif 75 | 76 | -------------------------------------------------------------------------------- /src/services/activate-session/opcua_binary-activate_session.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-activate_session.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the activate session service. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 4 - Services 1.04.pdf - ActivateSession Service 14 | # 15 | # 5.6.3.2 - Table 17 - ActivateSession Service Parameters 16 | # 17 | type Activate_Session_Req(service: Service) = record { 18 | req_hdr : Request_Header; 19 | client_signature : OpcUA_SignatureData; 20 | 21 | client_software_size : int32; 22 | client_software_cert : OpcUA_SignedSoftwareCertificate[$context.flow.bind_length(client_software_size)]; 23 | 24 | locale_id_size : int32; 25 | locale_id : OpcUA_LocaleId[$context.flow.bind_length(locale_id_size)]; 26 | 27 | user_identity_token : OpcUA_ExtensionObject; 28 | 29 | user_token_signature : OpcUA_SignatureData; 30 | 31 | } &let { 32 | deliver: bool = $context.flow.deliver_Svc_ActivateSessionReq(this); 33 | } &byteorder=littleendian; 34 | 35 | # 36 | # UA Specification Part 4 - Services 1.04.pdf - ActivateSession Service 37 | # 38 | # 5.6.3.2 - Table 17 - ActivateSession Service Parameters 39 | # 40 | type Activate_Session_Res(service: Service) = record { 41 | res_hdr : Response_Header; 42 | 43 | server_nonce : OpcUA_ByteString; 44 | 45 | result_size : int32; 46 | results : OpcUA_StatusCode[$context.flow.bind_length(result_size)]; 47 | 48 | diagnostic_info_size : int32; 49 | diagnostic_info : OpcUA_DiagInfo[$context.flow.bind_length(diagnostic_info_size)]; 50 | 51 | } &let { 52 | deliver: bool = $context.flow.deliver_Svc_ActivateSessionRes(this); 53 | } &byteorder=littleendian; 54 | 55 | -------------------------------------------------------------------------------- /src/services/activate-session/opcua_binary-activate_session_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-activate_sessions_debug.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Debug code for processing the activate session service. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printActivateSessionReq(Activate_Session_Req *msg); 14 | void printActivateSessionRes(Activate_Session_Res *msg); 15 | %} 16 | 17 | %code{ 18 | 19 | void printActivateSessionReq(Activate_Session_Req *msg) { 20 | printMsgHeader( msg->service()->msg_body()->header()); 21 | printMsgType( msg->service()->msg_body()->header()); 22 | printService(msg->service()); 23 | 24 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 25 | printReqHdr(msg->req_hdr()); 26 | 27 | // Client Signature 28 | printOpcUA_SignatureData(3, "ClientSignature", msg->client_signature()); 29 | 30 | // Client Software Cert 31 | printf("%s ClientSoftwareCertificates: Array of SignedSoftwareCertificate\n", indent(3).c_str()); 32 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->client_software_size()); 33 | printOpcUA_SignedSoftwareCertificateVec(3, msg->client_software_cert()); 34 | 35 | // Locale Id 36 | printf("%s LocaleIds: Array of String\n", indent(3).c_str()); 37 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->locale_id_size()); 38 | printOpcUA_LocaleIdVec(3, msg->locale_id()); 39 | 40 | // User Identity Token 41 | printf("%s UserIdentityToken: ExtensionObject\n", indent(3).c_str()); 42 | printOpcUA_ExtensionObject(3, msg->user_identity_token()); 43 | 44 | // User Token Signature 45 | printOpcUA_SignatureData(3, "UserTokenSignature", msg->user_token_signature()); 46 | 47 | } 48 | 49 | void printActivateSessionRes(Activate_Session_Res *msg) { 50 | printMsgHeader( msg->service()->msg_body()->header()); 51 | printMsgType( msg->service()->msg_body()->header()); 52 | printService(msg->service()); 53 | 54 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 55 | printResHdr(msg->res_hdr()); 56 | 57 | // Server Nonce 58 | if (msg->server_nonce()->length() > 0) { 59 | printf("%s ServerNonce: %s\n", indent(3).c_str(), bytestringToHexstring(msg->server_nonce()->byteString()).c_str()); 60 | } else { 61 | printf("%s ServerNonce: [OpcUa Null ByteString]\n", indent(3).c_str()); 62 | } 63 | 64 | // Array of StatusCode(s) 65 | printf("%s Results: Array of StatusCode\n", indent(3).c_str()); 66 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->result_size()); 67 | for (int i = 0; i < msg->result_size(); i++) { 68 | printf("%s [%d]: Results: 0x%08x [%s]\n", indent(4).c_str(), i, msg->results()->at(i), STATUS_CODE_MAP.find(msg->results()->at(i))->second.c_str()); 69 | } 70 | 71 | // Array of DiagnosticInfo(s) 72 | printf("%s Results: Array of DiagnosticInfo\n", indent(3).c_str()); 73 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->diagnostic_info_size()); 74 | for (int i = 0; i < msg->diagnostic_info_size(); i++) { 75 | printf("%s [%d]: DiagnosticInfo\n", indent(4).c_str(), i); 76 | printOpcUA_DiagInfo(5, msg->diagnostic_info()->at(i)); 77 | } 78 | } 79 | %} -------------------------------------------------------------------------------- /src/services/browse/opcua_binary-browse.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-browse.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the browse service. 6 | ## 7 | ## Author: Melanie Pierce 8 | ## Contact: melanie.pierce@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | 13 | # 14 | # UA Specification Part 4 - Services 1.04.pdf - Browse 15 | # 5.8.2.2 - Table 34 - Browse Service Parameters 16 | # 17 | 18 | type Browse_Req(service: Service) = record { 19 | req_hdr : Request_Header; 20 | view_description : OpcUA_ViewDescription; 21 | req_max_refs_per_node : uint32; # Full name is RequestedMaxReferencesPerNode 22 | num_nodes_to_browse : int32; # Not documented in UA Specifications, found in the open62541 source code 23 | nodes_to_browse : Browse_Description[$context.flow.bind_length(num_nodes_to_browse)]; 24 | } &let { 25 | deliver: bool = $context.flow.deliver_Svc_BrowseReq(this); 26 | } &byteorder=littleendian; 27 | 28 | type Browse_Description = record { 29 | node_id : OpcUA_NodeId; 30 | browse_direction_id : int32; 31 | ref_type_id : OpcUA_NodeId; 32 | include_subtypes : int8; 33 | node_class_mask : uint32; 34 | result_mask : uint32; 35 | } &byteorder=littleendian; 36 | 37 | type Browse_Res(service: Service) = record { 38 | res_hdr : Response_Header; 39 | results_table_size : int32; 40 | results : Browse_Result[$context.flow.bind_length(results_table_size)]; 41 | diag_info_size : int32; 42 | diag_info : OpcUA_DiagInfo[$context.flow.bind_length(diag_info_size)]; 43 | } &let { 44 | deliver: bool = $context.flow.deliver_Svc_BrowseRes(this); 45 | } &byteorder=littleendian; 46 | 47 | # 48 | # UA Specification Part 4 - Services 1.04.pdf - Browse 49 | # 5.8.3.2 - Table 37 - BrowseNext Service Parameters 50 | # 51 | 52 | type Browse_Next_Req(service: Service) = record { 53 | req_hdr : Request_Header; 54 | release_continuation_points : uint8; # Actually a boolean but represented as an unsigned int; 55 | num_continuation_points : int32; 56 | continuation_points : OpcUA_ByteString[$context.flow.bind_length(num_continuation_points)]; 57 | } &let { 58 | deliver: bool = $context.flow.deliver_Svc_BrowseNextReq(this); 59 | } &byteorder=littleendian; 60 | 61 | # 62 | # UA Specification Part 4 - Services 1.04.pdf 63 | # 64 | # 7.25 - Table 167 - ReferenceDescription 65 | # 66 | 67 | type Browse_ReferenceDescription = record { 68 | ref_type_id : OpcUA_NodeId; 69 | is_forward : int8; 70 | target_node_id : OpcUA_ExpandedNodeId; 71 | browse_name : OpcUA_QualifiedName; 72 | display_name : OpcUA_LocalizedText; 73 | node_class : uint32; 74 | type_definition : OpcUA_ExpandedNodeId; 75 | } &byteorder=littleendian; 76 | 77 | # 78 | # UA Specification Part 4 - Services 1.04.pdf 79 | # 80 | # 7.39 - Table 114 - BrowseResult 81 | # 82 | 83 | type Browse_Result = record { 84 | status_code : OpcUA_StatusCode; 85 | continuation_point : OpcUA_ByteString; 86 | num_references : int32; 87 | references : Browse_ReferenceDescription[$context.flow.bind_length(num_references)]; 88 | } &byteorder=littleendian; 89 | -------------------------------------------------------------------------------- /src/services/close-session/index-consts.h: -------------------------------------------------------------------------------- 1 | // Close Session consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Christian Weelborg 6 | // Contact: Christian.Weelborg@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_CLOSE_SESSION_CONSTS_H 11 | #define OPCUA_BINARY_CLOSE_SESSION_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::CloseSession 15 | // based on the parsed values from CloseSession_Req and CloseSession_Res 16 | // 17 | #define CLOSE_SESSION_OPCUA_LINK_ID_DST_IDX 8 18 | 19 | #define CLOSE_SESSION_DEL_SUBSCRIPTIONS_IDX 9 20 | 21 | #endif -------------------------------------------------------------------------------- /src/services/close-session/opcua_binary-close_session.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-close_session.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the get endpoints service. 6 | ## 7 | ## Author: Christian Weelborg 8 | ## Contact: christian.weelborg@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 4 - Services 1.04.pdf - CloseSession Service 14 | # 15 | # 5.6.4.2 - Table 19 - CloseSession Service Parameters 16 | # 17 | type Close_Session_Req(service: Service) = record { 18 | req_hdr : Request_Header; 19 | del_subscriptions : OpcUA_Boolean; 20 | } &let { 21 | deliver: bool = $context.flow.deliver_Svc_CloseSessionReq(this); 22 | } &byteorder=littleendian; 23 | 24 | # 25 | # UA Specification Part 4 - Services 1.04.pdf - CloseSession Service 26 | # 27 | # 5.6.4.2 - Table 19 - CloseSession Service Parameters 28 | # 29 | type Close_Session_Res(service: Service) = record { 30 | res_hdr : Response_Header; 31 | } &let { 32 | deliver: bool = $context.flow.deliver_Svc_CloseSessionRes(this); 33 | } &byteorder=littleendian; 34 | -------------------------------------------------------------------------------- /src/services/close-session/opcua_binary-close_session_analyzer.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-create_sessions_analyzer.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Analyzer code for processing the get endpoints service. 6 | ## 7 | ## Author: Christian Weelborg 8 | ## Contact: Christian.Weelborg@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | refine flow OPCUA_Binary_Flow += { 13 | # CloseSessionRequest 14 | function deliver_Svc_CloseSessionReq(msg : Close_Session_Req): bool 15 | %{ 16 | /* Debug 17 | printf("deliver_Svc_CloseSessionReq - begin\n"); 18 | printCloseSessionReq(msg); 19 | printf("deliver_Svc_CloseSessionReq - end\n"); 20 | */ 21 | 22 | zeek::RecordValPtr info = zeek::make_intrusive(zeek::BifType::Record::OPCUA_Binary::Info); 23 | 24 | info = assignMsgHeader(connection(), info, msg->service()->msg_body()->header()); 25 | info = assignMsgType(info, msg->service()->msg_body()->header()); 26 | info = assignReqHdr(info, msg->req_hdr()); 27 | info = assignService(info, msg->service()); 28 | zeek::BifEvent::enqueue_opcua_binary_event(connection()->bro_analyzer(), 29 | connection()->bro_analyzer()->Conn(), 30 | info); 31 | 32 | zeek::RecordValPtr close_session_req = zeek::make_intrusive(zeek::BifType::Record::OPCUA_Binary::CloseSession); 33 | 34 | Msg_Header *msg_header = msg->service()->msg_body()->header(); 35 | const zeek::RecordValPtr conn_val = connection()->bro_analyzer()->Conn()->GetVal(); 36 | const zeek::RecordValPtr id_val = conn_val->GetField(0); 37 | 38 | // Source & Destination 39 | close_session_req = assignSourceDestination(msg_header->is_orig(), close_session_req, id_val); 40 | 41 | // OpcUA_id 42 | close_session_req->Assign(CLOSE_SESSION_OPCUA_LINK_ID_DST_IDX, info->GetField(OPCUA_LINK_ID_SRC_IDX)); 43 | 44 | close_session_req->Assign(CLOSE_SESSION_DEL_SUBSCRIPTIONS_IDX, zeek::val_mgr->Bool(msg->del_subscriptions())); 45 | 46 | zeek::BifEvent::enqueue_opcua_binary_close_session_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), close_session_req); 47 | 48 | return true; 49 | %} 50 | 51 | function deliver_Svc_CloseSessionRes(msg : Close_Session_Res): bool 52 | %{ 53 | /* Debug 54 | printf("deliver_Svc_CloseSessionRes - begin\n"); 55 | printCloseSessionRes(msg); 56 | printf("deliver_Svc_CloseSessionRes - end\n"); 57 | */ 58 | 59 | zeek::RecordValPtr info = zeek::make_intrusive(zeek::BifType::Record::OPCUA_Binary::Info); 60 | 61 | info = assignMsgHeader(connection(), info, msg->service()->msg_body()->header()); 62 | info = assignMsgType(info, msg->service()->msg_body()->header()); 63 | info = assignResHdr(connection(), info, msg->res_hdr(), msg->service()->msg_body()->header()->is_orig()); 64 | info = assignService(info, msg->service()); 65 | 66 | zeek::BifEvent::enqueue_opcua_binary_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), info); 67 | 68 | return true; 69 | %} 70 | } -------------------------------------------------------------------------------- /src/services/close-session/opcua_binary-close_session_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-close-session_debug.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Debug code for processing the close session service. 6 | ## 7 | ## Author: Melanie Pierce 8 | ## Contact: melanie.pierce@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printCloseSessionReq(Close_Session_Req *msg); 14 | void printCloseSessionRes(Close_Session_Res *msg); 15 | %} 16 | 17 | %code{ 18 | void printCloseSessionReq(Close_Session_Req *msg){ 19 | printMsgHeader(msg->service()->msg_body()->header()); 20 | printMsgType(msg->service()->msg_body()->header()); 21 | printService(msg->service()); 22 | 23 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 24 | printReqHdr(msg->req_hdr()); 25 | 26 | if (msg->del_subscriptions() == 1){ 27 | printf("%s DeleteSubscriptions: True \n", indent(3).c_str()); 28 | } else { 29 | printf("%s DeleteSubscriptions: False \n", indent(3).c_str()); 30 | } 31 | 32 | } 33 | void printCloseSessionRes(Close_Session_Res *msg){ 34 | printMsgHeader(msg->service()->msg_body()->header()); 35 | printMsgType(msg->service()->msg_body()->header()); 36 | printService(msg->service()); 37 | 38 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 39 | printResHdr(msg->res_hdr()); 40 | } 41 | %} -------------------------------------------------------------------------------- /src/services/create-monitored-items/index-consts.h: -------------------------------------------------------------------------------- 1 | 2 | // CreateMonitoredItems Request/Response consts.h 3 | // 4 | // OPCUA Binary Protocol Analyzer 5 | // 6 | // Author: Melanie Pierce 7 | // Contact: Melanie.Pierce@inl.gov 8 | // 9 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 10 | 11 | #ifndef OPCUA_CREATE_MONITORED_ITEMS_CONSTS_H 12 | #define OPCUA_CREATE_MONITORED_ITEMS_CONSTS_H 13 | 14 | // 15 | // Index constants for setting values in OPCUA_Binary::CreateMonitoredItems 16 | // based on the parsed values from Create_Monitored_Items_Req and Create_Monitored_Items_Res 17 | // 18 | #define CREATE_MONITORED_ITEMS_OPCUA_ID_LINK_IDX 8 // Id back into OCPUA_Binary::Info log 19 | #define CREATE_MONITORED_ITEMS_SUBSCRIPTION_ID_IDX 9 20 | #define CREATE_MONITORED_ITEMS_TIMESTAMPS_TO_RETURN_IDX 10 21 | #define CREATE_MONITORED_ITEMS_TIMESTAMPS_TO_RETURN_STR_IDX 11 22 | #define CREATE_MONITORED_ITEMS_MONITORED_ITEM_LINK_ID_SRC_IDX 12 // Id into Monitored Item 23 | #define CREATE_MONITORED_ITEMS_RESPONSE_DIAG_INFO_LINK_ID_SRC_IDX 13 // Id into DiagnosticInfo detail 24 | 25 | 26 | // Monitored Item Indexes 27 | #define MONITORED_ITEM_LINK_ID_DST_IDX 8 28 | #define ITEM_TO_MONITOR_NODE_ID_ENCODING_MASK_IDX 9 29 | #define ITEM_TO_MONITOR_NODE_ID_NAMESPACE_IDX 10 30 | #define ITEM_TO_MONITOR_NODE_ID_NUMERIC_IDX 11 31 | #define ITEM_TO_MONITOR_NODE_ID_STRING_IDX 12 32 | #define ITEM_TO_MONITOR_NODE_ID_IDX 13 33 | #define ITEM_TO_MONITOR_NODE_ID_OPAQUE_IDX 14 34 | #define ITEM_TO_MONITOR_ATTRIBUTE_ID_IDX 15 35 | #define ITEM_TO_MONITOR_INDEX_RANGE_IDX 16 36 | #define ITEM_TO_MONITOR_DATA_ENCODING_NAMESPACE_INDEX_IDX 17 37 | #define ITEM_TO_MONITOR_DATA_ENCODING_NAME_IDX 18 38 | #define MONITORED_ITEM_MONITORING_MODE_IDX 19 39 | #define MONITORING_PARAMETERS_CLIENT_HANDLE_IDX 20 40 | #define MONITORING_PARAMETERS_SAMPLING_INTERVAL_IDX 21 41 | #define MONITORING_PARAMETERS_QUEUE_SIZE_IDX 22 42 | #define MONITORING_PARAMETERS_DISCARD_OLDEST_IDX 23 43 | #define MONITORING_PARAMETERS_FILTER_INFO_EXT_OBJ_TYPE_ID_ENCODING_MASK_IDX 24 44 | #define MONITORING_PARAMETERS_FILTER_INFO_EXT_OBJ_TYPE_ID_NAMESPACE_IDX 25 45 | #define MONITORING_PARAMETERS_FILTER_INFO_EXT_OBJ_TYPE_ID_NUMERIC_IDX 26 46 | #define MONITORING_PARAMETERS_FILTER_INFO_EXT_OBJ_TYPE_ID_STRING_IDX 27 47 | #define MONITORING_PARAMETERS_FILTER_INFO_EXT_OBJ_TYPE_ID_GUID_IDX 28 48 | #define MONITORING_PARAMETERS_FILTER_INFO_EXT_OBJ_TYPE_ID_OPAQUE_IDX 29 49 | #define MONITORING_PARAMETERS_FILTER_INFO_EXT_OBJ_TYPE_ID_STR_IDX 30 50 | #define MONITORING_PARAMETERS_FILTER_INFO_EXT_OBJ_ENCODING_IDX 31 51 | #define MONITORING_PARAMETERS_FILTER_INFO_LINK_ID_SRC_IDX 32 52 | #define MONITORED_ITEM_STATUS_CODE_LINK_ID_SRC_IDX 33 53 | #define MONTORED_ITEM_INDEX_ID_IDX 34 54 | #define MONITORING_PARAMETERS_REVISED_SAMPLING_INTERVAL_IDX 35 55 | #define MONITORING_PARAMETERS_REVISED_QUEUE_SIZE_IDX 36 56 | 57 | // Diagnostic Info link file 58 | #define CREATE_MONITORED_ITEMS_RESPONSE_DIAG_INFO_LINK_ID_DST_IDX 3 // Id back into OPCUA_Binary::CreateMonitoredItems 59 | #define CREATE_MONITORED_ITEMS_DIAG_INFO_LINK_ID_SRC_IDX 4 // Id into OPCUA_Binary::DiagnosticInfoDetail 60 | 61 | #endif -------------------------------------------------------------------------------- /src/services/create-monitored-items/opcua_binary-create_monitored_items.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-create_monitored_items.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the create monitored items service. 6 | ## 7 | ## Author: Melanie Pierce 8 | ## Contact: Melanie.Pierce@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | 13 | # 14 | # UA Specification Part 4 - Services 1.04.pdf - Create Monitored Items 15 | # 5.12.2.2 - Table 69 - CreateMonitoredItems Service Parameters 16 | # 17 | 18 | type Create_Monitored_Items_Req(service: Service) = record { 19 | req_hdr : Request_Header; 20 | subscription_id : uint32; 21 | timestamps_to_return : uint32; 22 | num_items_to_create : int32; # Not documsented in UA Specifications, found in pcap captures 23 | items_to_create : MonitoredItem_Create_Request[$context.flow.bind_length(num_items_to_create)]; 24 | } &let { 25 | deliver: bool = $context.flow.deliver_Svc_CreateMonitoredItemsReq(this); 26 | } &byteorder=littleendian; 27 | 28 | type Create_Monitored_Items_Res(service: Service) = record { 29 | res_hdr : Response_Header; 30 | num_results : int32; 31 | results : MonitoredItem_Create_Response[$context.flow.bind_length(num_results)]; 32 | diag_info_size : int32; 33 | diag_info : OpcUA_DiagInfo[$context.flow.bind_length(diag_info_size)]; 34 | 35 | } &let { 36 | deliver: bool = $context.flow.deliver_Svc_CreateMonitoredItemsRes(this); 37 | } &byteorder=littleendian; 38 | 39 | type MonitoredItem_Create_Request = record { 40 | item_to_monitor : OpcUA_ReadValueId; 41 | monitoring_mode : uint32; 42 | requested_parameters : OpcUA_MonitoringParameters; 43 | } &byteorder=littleendian; 44 | 45 | type MonitoredItem_Create_Response = record { 46 | status_code : OpcUA_StatusCode; 47 | monitored_item_id : uint32; 48 | revised_sampling_interval : OpcUA_Duration; 49 | revised_queue_size : uint32; 50 | filter_result : OpcUA_ExtensionObject; 51 | } &byteorder=littleendian; 52 | 53 | # 54 | # UA Specification Part 4 - Services 1.04.pdf - Create Subscription 55 | # 7.16 - Table 139 - MonitoringParameters 56 | # 57 | 58 | type OpcUA_MonitoringParameters = record { 59 | client_handle : uint32; 60 | sampling_interval : OpcUA_Duration; 61 | filter : OpcUA_ExtensionObject; 62 | queue_size : uint32; 63 | discard_oldest : uint8; 64 | } &byteorder=littleendian; -------------------------------------------------------------------------------- /src/services/create-session/opcua_binary-create_session.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-create_session.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the create session service. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 4 - Services 1.04.pdf - GetEndpoints Service 14 | # 15 | # 5.6.2.2 - Table 15 - CreateSession Service Parameters 16 | # 17 | type Create_Session_Req(service: Service) = record { 18 | req_hdr : Request_Header; 19 | client_description : OpcUA_ApplicationDescription; 20 | server_uri : OpcUA_String; 21 | endpoint_url : OpcUA_String; 22 | session_name : OpcUA_String; 23 | client_nonce : OpcUA_ByteString; 24 | client_cert : OpcUA_ApplicationInstanceCert; 25 | req_session_timeout : OpcUA_Duration; 26 | max_res_msg_size : uint32; 27 | 28 | } &let { 29 | deliver: bool = $context.flow.deliver_Svc_CreateSessionReq(this); 30 | } &byteorder=littleendian; 31 | 32 | # 33 | # UA Specification Part 4 - Services 1.04.pdf - GetEndpoints Service 34 | # 35 | # 5.6.2.2 - Table 15 - CreateSession Service Parameters 36 | # 37 | type Create_Session_Res(service: Service) = record { 38 | res_hdr : Response_Header; 39 | session_id : OpcUA_NodeId; 40 | 41 | # SessionAuthenticationToken: Section 7.31: 0x0000 un-encrypted; Opaque otherwise 42 | auth_token : OpcUA_NodeId; 43 | 44 | revised_session_timeout : OpcUA_Duration; 45 | 46 | server_nonce : OpcUA_ByteString; 47 | server_cert : OpcUA_ApplicationInstanceCert; 48 | 49 | endpoints_size : int32; 50 | endpoints : OpcUA_EndpointDescription[$context.flow.bind_length(endpoints_size)]; 51 | 52 | # 53 | # From Table 15 - CreateSession Service Parameters: Response 54 | # 55 | # Description: serverSoftwareCertificates: 56 | # 57 | # This parameter is deprecated and the array shall be empty. Note: Based on sample 58 | # packet capture data, the server_software_cert_size is present, but always set to -1 59 | # 60 | server_software_cert_size : int32; 61 | # server_software_cert : SignedSoftwareCertificate 62 | 63 | server_signature : OpcUA_SignatureData; 64 | max_req_msg_size : uint32; 65 | 66 | } &let { 67 | deliver: bool = $context.flow.deliver_Svc_CreateSessionRes(this); 68 | } &byteorder=littleendian; 69 | 70 | -------------------------------------------------------------------------------- /src/services/create-subscription/index-consts.h: -------------------------------------------------------------------------------- 1 | // Create Subscription consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Melanie Pierce 6 | // Contact: Melanie.Pierce@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_CREATE_SUBSCRIPTION_CONSTS_H 11 | #define OPCUA_BINARY_CREATE_SUBSCRIPTION_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::CreateSubscription 15 | // based on the parsed values from Create_Subscription_Req and Create_Subscription_Res 16 | // 17 | #define CREATE_SUB_OPCUA_LINK_ID_DST_IDX 8 18 | 19 | #define CREATE_SUB_REQ_PUB_INT_IDX 9 20 | #define CREATE_SUB_REQ_LIFETIME_COUNT_IDX 10 21 | #define CREATE_SUB_REQ_MAX_KEEP_ALIVE_IDX 11 22 | #define CREATE_SUB_MAX_NOTIFICATIONS_PER_PUBLISH_IDX 12 23 | #define CREATE_SUB_PUBLISHING_ENABLED_IDX 13 24 | #define CREATE_SUB_PRIORITY_IDX 14 25 | 26 | #define CREATE_SUB_SUB_ID_IDX 15 27 | #define CREATE_SUB_REV_PUB_INT_IDX 16 28 | #define CREATE_SUB_REV_LIFETIME_COUNT_IDX 17 29 | #define CREATE_SUB_REV_MAX_KEEP_ALIVE_IDX 18 30 | 31 | #endif -------------------------------------------------------------------------------- /src/services/create-subscription/opcua_binary-create_subscription.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-create_subscription.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the create subscription service. 6 | ## 7 | ## Author: Melanie Pierce 8 | ## Contact: Melanie.Pierce@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | 13 | # 14 | # UA Specification Part 4 - Services 1.04.pdf - Create Subscription 15 | # 5.13.2.2 - Table 88 - CreateSubscription Service Parameters 16 | # 17 | 18 | type Create_Subscription_Req(service: Service) = record { 19 | req_hdr : Request_Header; 20 | req_publishing_interval : OpcUA_Duration; 21 | req_lifetime_count : uint32; 22 | req_max_keep_alive_count : uint32; 23 | max_notifications_per_publish : uint32; 24 | publishing_enabled : OpcUA_Boolean; 25 | priority : uint8; 26 | } &let { 27 | deliver: bool = $context.flow.deliver_Svc_CreateSubscriptionReq(this); 28 | } &byteorder=littleendian; 29 | 30 | type Create_Subscription_Res(service: Service) = record { 31 | res_hdr : Response_Header; 32 | subscription_id : uint32; 33 | revised_publishing_interval : OpcUA_Duration; 34 | revised_lifetime_count : uint32; 35 | revised_max_keep_alive_count : uint32; 36 | } &let { 37 | deliver: bool = $context.flow.deliver_Svc_CreateSubscriptionRes(this); 38 | } &byteorder=littleendian; -------------------------------------------------------------------------------- /src/services/create-subscription/opcua_binary-create_subscription_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-create_subscription_debug.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Debug code for processing the create subscription service. 6 | ## 7 | ## Author: Melanie Pierce 8 | ## Contact: Melanie.Pierce@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printCreateSubscriptionReq(Create_Subscription_Req *msg); 14 | void printCreateSubscriptionRes(Create_Subscription_Res *msg); 15 | %} 16 | 17 | %code{ 18 | void printCreateSubscriptionReq(Create_Subscription_Req *msg){ 19 | printMsgHeader(msg->service()->msg_body()->header()); 20 | printMsgType(msg->service()->msg_body()->header()); 21 | printService(msg->service()); 22 | 23 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 24 | printReqHdr(msg->req_hdr()); 25 | 26 | printf("%s RequestedPublishingInterval: %f\n", indent(3).c_str(), bytestringToDouble(msg->req_publishing_interval()->duration())); 27 | printf("%s RequestedLifetimeCount: %d\n", indent(3).c_str(), msg->req_lifetime_count()); 28 | printf("%s RequestedMaxKeepAliveCount: %d\n", indent(3).c_str(), msg->req_max_keep_alive_count()); 29 | printf("%s MaxNotificationsPerPublish: %d\n", indent(3).c_str(), msg->max_notifications_per_publish()); 30 | if (msg->publishing_enabled() == 1){ 31 | printf("%s PublishingEnabled: True\n",indent(3).c_str()); 32 | } else { 33 | printf("%s PublishingEnabled: False\n", indent(3).c_str()); 34 | } 35 | printf("%s Priority: %d\n", indent(3).c_str(), msg->priority()); 36 | } 37 | void printCreateSubscriptionRes(Create_Subscription_Res *msg){ 38 | printMsgHeader(msg->service()->msg_body()->header()); 39 | printMsgType(msg->service()->msg_body()->header()); 40 | printService(msg->service()); 41 | 42 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 43 | printResHdr(msg->res_hdr()); 44 | 45 | printf("%s SubscriptionId: %d\n", indent(3).c_str(), msg->subscription_id()); 46 | printf("%s RevisedPublishingInterval: %f\n", indent(3).c_str(), bytestringToDouble(msg->revised_publishing_interval()->duration())); 47 | printf("%s RevisedLifetimeCount: %d\n", indent(3).c_str(), msg->revised_lifetime_count()); 48 | printf("%s RevisedMaxKeepAliveCount: %d\n", indent(3).c_str(), msg->revised_max_keep_alive_count()); 49 | } 50 | %} -------------------------------------------------------------------------------- /src/services/get-endpoints/index-consts.h: -------------------------------------------------------------------------------- 1 | // Get Endpoints consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_GET_ENDPOINTS_CONSTS_H 11 | #define OPCUA_BINARY_GET_ENDPOINTS_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::GetEndpoints 15 | // based on the parsed values from Get_Endpoints_Req and Get_Endpoints_Res 16 | // 17 | #define GET_ENDPOINT_OPCUA_LINK_ID_DST_IDX 8 18 | #define GET_ENDPOINT_URL_IDX 9 19 | #define GET_ENDPOINT_REQ_LOCALE_LINK_ID_SRC_IDX 10 // Link into GetEndpointsLocalId log 20 | #define GET_ENDPOINT_REQ_PROFILE_URI_LINK_ID_SRC_IDX 11 // Link into GetEndpointsProfileUri log 21 | #define GET_ENDPOINT_RES_ENDPOINT_DESCRIPTION_LINK_ID_SRC_IDX 12 // Link into GetEndpointsDescription log 22 | 23 | // 24 | // Index constants for setting values in OPCUA_Binary::GetEndpointsDescription 25 | // based on the parsed values from Get_Endpoints_Req and Get_Endpoints_Res 26 | // 27 | #define GET_ENDPOINT_RES_ENDPOINT_DESCRIPTION_LINK_ID_DST_IDX 8 // Link backinto GetEndpoints log 28 | #define GET_ENDPOINT_RES_ENDPOINT_DESCRIPITON_URI_IDX 9 29 | #define GET_ENDPOINT_RES_APPLICATION_URI_IDX 10 30 | #define GET_ENDPOINT_RES_PRODUCT_URI_IDX 11 31 | #define GET_ENDPOINT_RES_ENCODING_MASK_IDX 12 32 | #define GET_ENDPOINT_RES_LOCALE_IDX 13 33 | #define GET_ENDPOINT_RES_TEXT_IDX 14 34 | #define GET_ENDPOINT_RES_APPLICATION_TYPE_IDX 15 35 | #define GET_ENDPOINT_RES_GW_SERVER_URI_IDX 16 36 | #define GET_ENDPOINT_RES_DISCOVERY_URI_IDX 17 37 | #define GET_ENDPOINT_RES_DISCOVERY_PROFILE_LINK_ID_SRC_IDX 18 38 | #define GET_ENDPOINT_RES_CERT_SIZE_IDX 19 39 | #define GET_ENDPOINT_RES_SERVER_CERT_IDX 20 40 | #define GET_ENDPOINT_RES_MSG_SECURITY_MODE_IDX 21 41 | #define GET_ENDPOINT_RES_SECURITY_POLICY_URI_IDX 22 42 | #define GET_ENDPOINT_RES_USER_TOKEN_LINK_ID_SRC_IDX 23 43 | #define GET_ENDPOINT_RES_TRANSPORT_PROFILE_URI_IDX 24 44 | #define GET_ENDPOINT_RES_SECURITY_LEVEL_IDX 25 45 | 46 | // 47 | // Index constants for setting values in OPCUA_Binary::GetEndpointsLocaleId 48 | // based on the parsed values from Get_Endpoints_Req and Get_Endpoints_Res 49 | // 50 | #define GET_ENDPOINT_REQ_LOCALE_LINK_ID_DST_IDX 8 // Link back into GetEndpoints log 51 | #define GET_ENDPOINT_REQ_LOCALE_ID_STR_IDX 9 52 | 53 | // 54 | // Index constants for setting values in OPCUA_Binary::GetEndpointsProfileUri 55 | // based on the parsed values from Get_Endpoints_Req and Get_Endpoints_Res 56 | // 57 | #define GET_ENDPOINT_REQ_PROFILE_URI_LINK_ID_DST_IDX 8 // Link back into GetEndpoints log 58 | #define GET_ENDPOINT_REQ_PROFILE_URI_IDX 9 59 | 60 | // 61 | // Index constants for setting values in OPCUA_Binary::GetEndpointsDiscovery 62 | // based on the parsed values from Get_Endpoints_Req and Get_Endpoints_Res 63 | // 64 | #define GET_ENDPOINT_RES_DISCOVERY_PROFILE_LINK_ID_DST_IDX 8 65 | #define GET_ENDPOINT_RES_DISCOVORY_URL_IDX 9 66 | 67 | // 68 | // Index constants for setting values in OPCUA_Binary::GetEndpointsUserToken 69 | // based on the parsed values from Get_Endpoints_Req and Get_Endpoints_Res 70 | // 71 | #define GET_ENDPOINT_RES_USER_TOKEN_LINK_ID_DST_IDX 8 72 | #define GET_ENDPOINT_RES_USER_TOKEN_POLICY_ID_IDX 9 73 | #define GET_ENDPOINT_RES_USER_TOKEN_TYPE_IDX 10 74 | #define GET_ENDPOINT_RES_USER_TOKEN_ISSUED_TYPE_IDX 11 75 | #define GET_ENDPOINT_RES_USER_TOKEN_ISSUER_ENDPOINT_URL_IDX 12 76 | #define GET_ENDPOINT_RES_USER_TOKEN_SECURITY_POLICY_URI_IDX 13 77 | 78 | #endif 79 | 80 | -------------------------------------------------------------------------------- /src/services/get-endpoints/opcua_binary-get_endpoints.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-get_endpoints.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the get endpoints service. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 4 - Services 1.04.pdf - GetEndpoints Service 14 | # 15 | # 5.4.4.2 - Table 5 - GetEndpoints Service Parameters 16 | # 17 | type Get_Endpoints_Req(service: Service) = record { 18 | req_hdr : Request_Header; 19 | endpoint_url : OpcUA_String; 20 | 21 | locale_id_size : int32; # Not documented in UA Specifications; Found in the open62541 source code. 22 | locale_ids : OpcUA_LocaleId[$context.flow.bind_length(locale_id_size)]; 23 | 24 | profile_uri_size : int32; # Not documented in the UA Specifications; Found in the open62541 source code. 25 | profile_uris : OpcUA_String[$context.flow.bind_length(profile_uri_size)]; 26 | } &let { 27 | deliver: bool = $context.flow.deliver_Svc_GetEndpointsReq(this); 28 | } &byteorder=littleendian; 29 | 30 | # 31 | # UA Specification Part 4 - Services 1.04.pdf - GetEndpoints Service 32 | # 33 | # 5.4.4.2 - Table 5 - GetEndpoints Service Parameters 34 | # 35 | type Get_Endpoints_Res(service: Service) = record { 36 | res_hdr : Response_Header; 37 | 38 | endpoints_size : int32; 39 | endpoints : OpcUA_EndpointDescription[$context.flow.bind_length(endpoints_size)]; 40 | 41 | } &let { 42 | deliver: bool = $context.flow.deliver_Svc_GetEndpointsRes(this); 43 | } &byteorder=littleendian; 44 | 45 | -------------------------------------------------------------------------------- /src/services/read/index-consts.h: -------------------------------------------------------------------------------- 1 | // Read consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_READ_CONSTS_H 11 | #define OPCUA_BINARY_READ_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::Read 15 | // based on the parsed values from Read_Req and Read_Res 16 | // 17 | #define READ_OPCUA_LINK_ID_DST_IDX 8 // Id back into OCPUA_Binary::Info log 18 | 19 | // Request 20 | #define READ_REQ_MAX_AGE_IDX 9 21 | #define READ_REQ_TIMESTAMPS_TO_RETURN_IDX 10 22 | #define READ_REQ_TIMESTAMPS_TO_RETURN_STR_IDX 11 23 | #define READ_REQ_NODES_TO_READ_LINK_ID_SRC_IDX 12 // Id into OPCUA_Binary::NodesToRead log 24 | 25 | // Response 26 | #define READ_RES_RESULTS_LINK_ID_SRC_IDX 13 // Id into OPCUA_Binary::ReadResults 27 | #define READ_RES_DIAG_INFO_LINK_ID_SRC_IDX 14 // Id into OPCUA_Binary::ReadDiagnosticInfo log 28 | 29 | // 30 | // Index constants for setting values in OPCUA_Binary::NodesToRead 31 | // based on the parsed values from Read_Req 32 | // 33 | #define READ_REQ_NODES_TO_READ_LINK_ID_DST_IDX 8 // Id back into OPCUA_Binary::Read log 34 | 35 | // OpcUA_NodeId 36 | #define READ_REQ_NODE_ID_ENCODING_MASK_IDX 9 37 | #define READ_REQ_NODE_ID_NAMESPACE_ID_IDX 10 38 | #define READ_REQ_NODE_ID_NUMERIC_IDX 11 39 | #define READ_REQ_NODE_ID_STRING_IDX 12 40 | #define READ_REQ_NODE_ID_GUID_IDX 13 41 | #define READ_REQ_NODE_ID_OPAQUE_IDX 14 42 | 43 | #define READ_REQ_ATTRIBUTE_ID_IDX 15 44 | #define READ_REQ_ATTRIBUTE_ID_STR_IDX 16 45 | #define READ_REQ_INDEX_RANGE_IDX 17 46 | 47 | // QualifiedName 48 | #define READ_REQ_DATA_ENCODING_NAME_ID_IDX 18 49 | #define READ_REQ_DATA_ENCODING_NAME_IDX 19 50 | 51 | 52 | // 53 | // Index constants for setting values in OPCUA_Binary::ReadResults 54 | // based on the parsed values from Read_Res 55 | // 56 | #define READ_RES_LINK_ID_DST_IDX 8 // Id back into OPCUA_Binary::ReadResultsLink 57 | #define READ_RES_LEVEL_IDX 9 58 | #define READ_RES_DATA_VALUE_ENCODING_MASK_IDX 10 59 | #define READ_RES_STATUS_CODE_LINK_ID_SRC_IDX 11 // Id into OPCUA_Binary::StatusCodeDetail log 60 | #define READ_RES_SOURCE_TIMESTAMP_IDX 12 61 | #define READ_RES_SOURCE_PICO_SEC_IDX 13 62 | #define READ_RES_SERVER_TIMESTAMP_IDX 14 63 | #define READ_RES_SERVER_PICO_SEC_IDX 15 64 | #define READ_RES_VARIANT_DATA_LINK_IDX 16 65 | 66 | 67 | #endif 68 | -------------------------------------------------------------------------------- /src/services/read/opcua_binary-read.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-read.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the read service. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 4 - Services 1.04.pdf - Read Service 14 | # 15 | # 5.10.2.2 - Table 53 - Read Service Parameters 16 | # 17 | type Read_Req(service: Service) = record { 18 | req_hdr : Request_Header; 19 | 20 | max_age : OpcUA_Duration; 21 | timestamps_to_return : uint32; 22 | nodes_to_read_size : int32; 23 | nodes_to_read : OpcUA_ReadValueId[$context.flow.bind_length(nodes_to_read_size)]; 24 | 25 | } &let { 26 | deliver: bool = $context.flow.deliver_Svc_ReadReq(this); 27 | } &byteorder=littleendian; 28 | 29 | # 30 | # UA Specification Part 4 - Services 1.04.pdf - Read Service 31 | # 32 | # 5.10.2.2 - Table 53 - Read Service Parameters 33 | # 34 | type Read_Res(service: Service) = record { 35 | res_hdr : Response_Header; 36 | 37 | results_size : int32; 38 | results : OpcUA_DataValue[$context.flow.bind_length(results_size)]; 39 | 40 | diagnostic_info_size : int32; 41 | diagnostic_info : OpcUA_DiagInfo[$context.flow.bind_length(diagnostic_info_size)]; 42 | 43 | } &let { 44 | deliver: bool = $context.flow.deliver_Svc_ReadRes(this); 45 | } &byteorder=littleendian; 46 | 47 | -------------------------------------------------------------------------------- /src/services/read/opcua_binary-read_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-read_debug.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Debug code for processing the read service. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printReadReq(Read_Req *msg); 14 | void printReadRes(Read_Res *msg); 15 | %} 16 | 17 | %code{ 18 | 19 | void printReadReq(Read_Req *msg) { 20 | printMsgHeader( msg->service()->msg_body()->header()); 21 | printMsgType( msg->service()->msg_body()->header()); 22 | printService(msg->service()); 23 | 24 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 25 | printReqHdr(msg->req_hdr()); 26 | 27 | // Max Age 28 | printf("%s MaxAge: %f\n", indent(3).c_str(), bytestringToDouble(msg->max_age()->duration())); 29 | 30 | // Timestamps to return 31 | if (msg->timestamps_to_return() == 0) { 32 | printf("%s TimestampsToReturn: Source (0x%08x)\n", indent(3).c_str(), msg->timestamps_to_return()); 33 | } else if (msg->timestamps_to_return() == 1) { 34 | printf("%s TimestampsToReturn: Server (0x%08x)\n", indent(3).c_str(), msg->timestamps_to_return()); 35 | } else if (msg->timestamps_to_return() == 1) { 36 | printf("%s TimestampsToReturn: Both (0x%08x)\n", indent(3).c_str(), msg->timestamps_to_return()); 37 | } else if (msg->timestamps_to_return() == 1) { 38 | printf("%s TimestampsToReturn: Neither (0x%08x)\n", indent(3).c_str(), msg->timestamps_to_return()); 39 | } 40 | 41 | // Nodes to read 42 | printf("%s NodesToRead: Array of ReadValueId\n", indent(3).c_str()); 43 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->nodes_to_read_size()); 44 | for (int i = 0; i < msg->nodes_to_read_size(); i++) { 45 | printf("%s [%d]: ReadValueId\n", indent(4).c_str(), i); 46 | printOpcUA_ReadValueId(5, msg->nodes_to_read()->at(i)); 47 | } 48 | } 49 | 50 | void printReadRes(Read_Res *msg) { 51 | printMsgHeader( msg->service()->msg_body()->header()); 52 | printMsgType( msg->service()->msg_body()->header()); 53 | printService(msg->service()); 54 | 55 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 56 | printResHdr(msg->res_hdr()); 57 | 58 | // Array of DataValue(s) 59 | printf("%s Results: Array of DataValue\n", indent(3).c_str()); 60 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->results_size()); 61 | for (int i = 0; i < msg->results_size(); i++) { 62 | printf("%s [%d]: DataValue\n", indent(4).c_str(), i); 63 | printOpcUA_DataValue(5, msg->results()->at(i)); 64 | } 65 | 66 | // Array of DiagnosticInfo(s) 67 | printf("%s DiagnosticInfos: Array of DiagnosticInfo\n", indent(3).c_str()); 68 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->diagnostic_info_size()); 69 | for (int i = 0; i < msg->diagnostic_info_size(); i++) { 70 | printf("%s [%d]: DiagnosticInfo\n", indent(4).c_str(), i); 71 | printOpcUA_DiagInfo(5, msg->diagnostic_info()->at(i)); 72 | } 73 | 74 | } 75 | %} -------------------------------------------------------------------------------- /src/services/secure-channel/index-consts.h: -------------------------------------------------------------------------------- 1 | // Secure Channel consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_SECURE_CHANNEL_CONSTS_H 11 | #define OPCUA_BINARY_SECURE_CHANNEL_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::OpenSecureChannel 15 | // 16 | #define OPENSECURE_CHANNEL_OPCUA_LINK_ID_DST_IDX 8 17 | 18 | // OpenSecureChannel Request 19 | #define CLIENT_PROTO_VER_IDX 9 20 | #define SECURITY_TOKEN_REQ_TYPE_IDX 10 21 | #define MESSAGE_SECURITY_MODE_IDX 11 22 | #define CLIENT_NONCE_IDX 12 23 | #define REQ_LIFETIME_IDX 13 24 | 25 | // OpenSecureChannel Response 26 | #define SERVER_PROTO_VER_IDX 14 27 | 28 | // 29 | // Secure Channel Id & Secure Token Id. 30 | // Returned by the server when processing the 31 | // OpenSecureChannel Service. Used down stream 32 | // by other services to secure the Message 33 | // 34 | #define SEC_TOKEN_CHANNEL_ID_IDX 15 35 | #define SEC_TOKEN_ID_IDX 16 36 | 37 | #define SEC_TOKEN_CREATED_AT_IDX 17 38 | #define SEC_TOKEN_REVISED_LIFETIME_IDX 18 39 | #define SERVER_NONCE_IDX 19 40 | 41 | #endif 42 | 43 | -------------------------------------------------------------------------------- /src/services/secure-channel/opcua_binary-secure_channel.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-secure_channel_analyzer.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the secure channel service. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 6 - Mappings 1.04.pdf - OpenSecureChannel Service 14 | # 15 | # 6.7.4 Establishing a SecureChannel - Table 47 16 | # 17 | type Opn_Sec_Chnl_Req(service: Service) = record { 18 | req_hdr : Request_Header; 19 | client_proto_ver : uint32; 20 | req_type : OpcUA_SecurityTokenReqType; 21 | sec_mode : OpcUA_MessageSecurityMode; 22 | client_nonce : OpcUA_ByteString; 23 | req_lifetime : uint32; 24 | } &let { 25 | deliver: bool = $context.flow.deliver_Svc_OpnSecChnlReq(this); 26 | } &byteorder=littleendian; 27 | 28 | # 29 | # UA Specification Part 6 - Mappings 1.04.pdf - OpenSecureChannel Service 30 | # 31 | # 6.7.4 Establishing a SecureChannel - Table 47 32 | # 33 | type Opn_Sec_Chnl_Res(service: Service) = record { 34 | res_hdr : Response_Header; 35 | server_proto_ver : uint32; 36 | security_token : OpcUA_ChannelSecurityToken; 37 | server_nonce : OpcUA_ByteString; 38 | } &let { 39 | deliver: bool = $context.flow.deliver_Svc_OpnSecChnlRes(this); 40 | } &byteorder=littleendian; 41 | 42 | # 43 | # UA Specification Part 4 - Services 1.04.pdf - CloseSecureChannel 44 | # 45 | # 5.5.3.2 Parameters - Table 13 46 | # 47 | type Clo_Sec_Chnl_Req(service: Service) = record { 48 | req_hdr : Request_Header; 49 | } &let { 50 | deliver: bool = $context.flow.deliver_Svc_CloSecChnlReq(this); 51 | } &byteorder=littleendian; 52 | 53 | # 54 | # UA Specification Part 4 - Services 1.04.pdf - CloseSecureChannel 55 | # 56 | # 5.5.3.2 Parameters - Table 13 57 | # 58 | type Clo_Sec_Chnl_Res(service: Service) = record { 59 | res_hdr : Response_Header; 60 | } &let { 61 | deliver: bool = $context.flow.deliver_Svc_CloSecChnlRes(this); 62 | } &byteorder=littleendian; 63 | -------------------------------------------------------------------------------- /src/services/secure-channel/opcua_binary-secure_channel_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-secure_channel_analyzer.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Debug code for processing the secure channel service. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printOpnSecChnlReq(Opn_Sec_Chnl_Req *msg); 14 | void printOpnSecChnlRes(Opn_Sec_Chnl_Res *msg); 15 | void printCloSecChnlReq(Clo_Sec_Chnl_Req *msg); 16 | %} 17 | 18 | %code{ 19 | 20 | void printOpnSecChnlReq(Opn_Sec_Chnl_Req *msg) { 21 | printMsgHeader( msg->service()->msg_body()->header()); 22 | printMsgType( msg->service()->msg_body()->header()); 23 | printService(msg->service()); 24 | printReqHdr(msg->req_hdr()); 25 | 26 | // Details need implemented 27 | 28 | return; 29 | } 30 | 31 | void printOpnSecChnlRes(Opn_Sec_Chnl_Res *msg) { 32 | printMsgHeader( msg->service()->msg_body()->header()); 33 | printMsgType( msg->service()->msg_body()->header()); 34 | printService(msg->service()); 35 | printResHdr(msg->res_hdr()); 36 | 37 | // Details need implemented 38 | 39 | return; 40 | } 41 | 42 | void printCloSecChnlReq(Clo_Sec_Chnl_Req *msg) { 43 | printMsgHeader( msg->service()->msg_body()->header()); 44 | printMsgType( msg->service()->msg_body()->header()); 45 | printService(msg->service()); 46 | printReqHdr(msg->req_hdr()); 47 | 48 | // Details need implemented 49 | 50 | return; 51 | } 52 | %} -------------------------------------------------------------------------------- /src/services/service-fault/index-consts.h: -------------------------------------------------------------------------------- 1 | // Service Fault consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Jason Rush 6 | // Contact: jason.rush@inl.gov 7 | // 8 | // Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_SERVICE_FAULT_CONSTS_H 11 | #define OPCUA_BINARY_SERVICE_FAULT_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::ServiceFault 15 | // based on the parsed values from Service_Faults_Req and Service_Faults_Res 16 | // 17 | 18 | // Service fault only consists of a response header so there are no indices provided in this file. 19 | 20 | #endif -------------------------------------------------------------------------------- /src/services/service-fault/opcua_binary-service_fault.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-service_fault.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the service fault. 6 | ## 7 | ## Author: Jason Rush 8 | ## Contact: jason.rush@inl.gov 9 | ## 10 | ## Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 4 - Services 1.04.pdf - ServiceFault 14 | # 15 | # 7.30 - Table 172 - ServiceFault Parameters 16 | type Service_Fault_Res(service: Service) = record { 17 | res_hdr : Response_Header; 18 | } &let { 19 | deliver: bool = $context.flow.deliver_Svc_ServiceFaultRes(this); 20 | } &byteorder=littleendian; -------------------------------------------------------------------------------- /src/services/service-fault/opcua_binary-service_fault_analyzer.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-service_fault.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the service fault. 6 | ## 7 | ## Author: Jason Rush 8 | ## Contact: jason.rush@inl.gov 9 | ## 10 | ## Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | refine flow OPCUA_Binary_Flow += { 13 | 14 | # 15 | # ServiceFaultResponse 16 | # 17 | function deliver_Svc_ServiceFaultRes(msg: Service_Fault_Res): bool 18 | %{ 19 | /* Debug 20 | printf("deliver_Svc_ServiceFaultRes - begin\n"); 21 | printServiceFaultRes(msg); 22 | printf("deliver_Svc_ServiceFaultRes - end\n"); 23 | */ 24 | 25 | zeek::RecordValPtr info = zeek::make_intrusive(zeek::BifType::Record::OPCUA_Binary::Info); 26 | 27 | info = assignMsgHeader(connection(), info, msg->service()->msg_body()->header()); 28 | info = assignMsgType(info, msg->service()->msg_body()->header()); 29 | info = assignResHdr(connection(), info, msg->res_hdr(), msg->service()->msg_body()->header()->is_orig()); 30 | info = assignService(info, msg->service()); 31 | 32 | zeek::BifEvent::enqueue_opcua_binary_event(connection()->bro_analyzer(), 33 | connection()->bro_analyzer()->Conn(), 34 | info); 35 | 36 | return true; 37 | %} 38 | } -------------------------------------------------------------------------------- /src/services/service-fault/opcua_binary-service_fault_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-service_fault.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the service fault. 6 | ## 7 | ## Author: Jason Rush 8 | ## Contact: jason.rush@inl.gov 9 | ## 10 | ## Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printServiceFaultRes(Service_Fault_Res *msg); 14 | %} 15 | 16 | %code{ 17 | void printServiceFaultRes(Service_Fault_Res *msg) { 18 | printMsgHeader( msg->service()->msg_body()->header()); 19 | printMsgType( msg->service()->msg_body()->header()); 20 | printService(msg->service()); 21 | printResHdr(msg->res_hdr()); 22 | 23 | return; 24 | } 25 | %} -------------------------------------------------------------------------------- /src/services/write/index-consts.h: -------------------------------------------------------------------------------- 1 | // Write consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Jason Rush 6 | // Contact: jason.rush@inl.gov 7 | // 8 | // Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_WRITE_CONSTS_H 11 | #define OPCUA_BINARY_WRITE_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::Write 15 | // based on the parsed values from Write_Req and Write_Res 16 | // 17 | #define WRITE_OPCUA_LINK_ID_DST_IDX 8 // Id back into OCPUA_Binary::Info log 18 | 19 | // Request 20 | 21 | // OpcUA_NodeId 22 | #define WRITE_REQ_NODE_ID_ENCODING_MASK_IDX 9 23 | #define WRITE_REQ_NODE_ID_NAMESPACE_ID_IDX 10 24 | #define WRITE_REQ_NODE_ID_NUMERIC_IDX 11 25 | #define WRITE_REQ_NODE_ID_STRING_IDX 12 26 | #define WRITE_REQ_NODE_ID_GUID_IDX 13 27 | #define WRITE_REQ_NODE_ID_OPAQUE_IDX 14 28 | 29 | #define WRITE_REQ_ATTRIBUTE_ID_IDX 15 30 | #define WRITE_REQ_ATTRIBUTE_ID_STR_IDX 16 31 | #define WRITE_REQ_INDEX_RANGE_IDX 17 32 | 33 | // OpcUA_DataValue 34 | #define WRITE_REQ_DATA_VALUE_ENCODING_MASK_IDX 18 35 | 36 | // Response 37 | #define WRITE_RES_STATUS_LINK_ID_SRC_IDX 19 // Id into OPCUA_Binary::StatusCodeDetail log 38 | #define WRITE_RES_DIAG_INFO_LINK_ID_SRC_IDX 20 // Id into OPCUA_Binary::WriteDiagnosticInfo log 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /src/services/write/opcua_binary-write.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-write.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac code for processing the write service. 6 | ## 7 | ## Author: Jason Rush 8 | ## Contact: jason.rush@inl.gov 9 | ## 10 | ## Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 4 - Services 1.04.pdf - Write Service 14 | # 15 | # 5.10.4.1 - Table 59 - Write Service Parameters 16 | # 17 | type Write_Req(service: Service) = record { 18 | req_hdr : Request_Header; 19 | 20 | nodes_to_write_size : int32; 21 | nodes_to_write : OpcUA_WriteValue[$context.flow.bind_length(nodes_to_write_size)]; 22 | 23 | } &let { 24 | deliver: bool = $context.flow.deliver_Svc_WriteReq(this); 25 | } &byteorder=littleendian; 26 | 27 | # 28 | # UA Specification Part 4 - Services 1.04.pdf - Write Service 29 | # 30 | # 5.10.4.1 - Table 59 - Read Service Parameters 31 | # 32 | type Write_Res(service: Service) = record { 33 | res_hdr : Response_Header; 34 | 35 | results_size : int32; 36 | results : OpcUA_StatusCode[$context.flow.bind_length(results_size)]; 37 | 38 | diagnostic_info_size : int32; 39 | diagnostic_info : OpcUA_DiagInfo[$context.flow.bind_length(diagnostic_info_size)]; 40 | 41 | } &let { 42 | deliver: bool = $context.flow.deliver_Svc_WriteRes(this); 43 | } &byteorder=littleendian; 44 | 45 | -------------------------------------------------------------------------------- /src/services/write/opcua_binary-write_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-write_debug.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Debug code for processing the write service. 6 | ## 7 | ## Author: Jason Rush 8 | ## Contact: jason.rush@inl.gov 9 | ## 10 | ## Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printWriteReq(Write_Req *msg); 14 | void printWriteRes(Write_Res *msg); 15 | %} 16 | 17 | %code{ 18 | 19 | void printWriteReq(Write_Req *msg) { 20 | printMsgHeader(msg->service()->msg_body()->header()); 21 | printMsgType(msg->service()->msg_body()->header()); 22 | printService(msg->service()); 23 | 24 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 25 | printReqHdr(msg->req_hdr()); 26 | 27 | // Nodes to write 28 | printf("%s NodesToWrite: Array of WriteValue\n", indent(3).c_str()); 29 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->nodes_to_write_size()); 30 | for (int i = 0; i < msg->nodes_to_write_size(); i++) { 31 | printf("%s [%d]: WriteValue\n", indent(4).c_str(), i); 32 | printOpcUA_WriteValue(5, msg->nodes_to_write()->at(i)); 33 | } 34 | } 35 | 36 | void printWriteRes(Write_Res *msg) { 37 | printMsgHeader(msg->service()->msg_body()->header()); 38 | printMsgType(msg->service()->msg_body()->header()); 39 | printService(msg->service()); 40 | 41 | printf("%s %s\n", indent(2).c_str(), NODE_IDENTIFIER_MAP.find(msg->service()->identifier())->second.c_str()); 42 | printResHdr(msg->res_hdr()); 43 | 44 | printf("%s Results: Array of StatusCode\n", indent(3).c_str()); 45 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->results_size()); 46 | for (int i = 0; i < msg->results_size(); i++) { 47 | printf("%s [%d]: Results: 0x%08x [%s]\n", indent(4).c_str(), i, msg->results()->at(i), STATUS_CODE_MAP.find(msg->results()->at(i))->second.c_str()); 48 | } 49 | 50 | // Array of DiagnosticInfo(s) 51 | printf("%s DiagnosticInfos: Array of DiagnosticInfo\n", indent(3).c_str()); 52 | printf("%s ArraySize: %d\n", indent(4).c_str(), msg->diagnostic_info_size()); 53 | for (int i = 0; i < msg->diagnostic_info_size(); i++) { 54 | printf("%s [%d]: DiagnosticInfo\n", indent(4).c_str(), i); 55 | printOpcUA_DiagInfo(5, msg->diagnostic_info()->at(i)); 56 | } 57 | 58 | } 59 | %} -------------------------------------------------------------------------------- /src/stubbed-out/opcua_binary-stubbed_out_service.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-stubbed_out_service.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Placeholder binpac code for processing services that have yet to be implemented. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # A generic request used to stub out services and log 14 | # the request header which includes the service identifier. 15 | # 16 | type Stubbed_Out_Req(service: Service) = record { 17 | req_hdr : Request_Header; 18 | } &let { 19 | deliver: bool = $context.flow.deliver_Stubbed_Out_Req(this); 20 | } &byteorder=littleendian; 21 | 22 | # 23 | # A generic response used to stub out services and log 24 | # the response header which includes the service identifier. 25 | # 26 | type Stubbed_Out_Res(service: Service) = record { 27 | res_hdr : Response_Header; 28 | } &let { 29 | deliver: bool = $context.flow.deliver_Stubbed_Out_Res(this); 30 | } &byteorder=littleendian; 31 | 32 | -------------------------------------------------------------------------------- /src/stubbed-out/opcua_binary-stubbed_out_service_analyzer.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-stubbed_out_service_analyzer.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Placeholder analyzer code for processing services that have yet to be implemented. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | refine flow OPCUA_Binary_Flow += { 13 | 14 | # 15 | # Process a generic request used of a stubbed out service. Log 16 | # the request header which includes the service identifier. 17 | # 18 | function deliver_Stubbed_Out_Req(request: Stubbed_Out_Req): bool 19 | %{ 20 | zeek::RecordValPtr info = zeek::make_intrusive(zeek::BifType::Record::OPCUA_Binary::Info); 21 | 22 | info = assignMsgHeader(connection(), info, request->service()->msg_body()->header()); 23 | info = assignMsgType(info, request->service()->msg_body()->header()); 24 | info = assignReqHdr(info, request->req_hdr()); 25 | info = assignService(info, request->service()); 26 | 27 | zeek::BifEvent::enqueue_opcua_binary_event(connection()->bro_analyzer(), 28 | connection()->bro_analyzer()->Conn(), 29 | info); 30 | 31 | return true; 32 | %} 33 | 34 | # 35 | # Process a generic response of a stubbed out services. Log 36 | # the response header which includes the service identifier. 37 | # 38 | function deliver_Stubbed_Out_Res(response: Stubbed_Out_Res): bool 39 | %{ 40 | zeek::RecordValPtr info = zeek::make_intrusive(zeek::BifType::Record::OPCUA_Binary::Info); 41 | 42 | info = assignMsgHeader(connection(), info, response->service()->msg_body()->header()); 43 | info = assignMsgType(info, response->service()->msg_body()->header()); 44 | info = assignResHdr(connection(), info, response->res_hdr(), response->service()->msg_body()->header()->is_orig()); 45 | info = assignService(info, response->service()); 46 | 47 | zeek::BifEvent::enqueue_opcua_binary_event(connection()->bro_analyzer(), 48 | connection()->bro_analyzer()->Conn(), 49 | info); 50 | 51 | return true; 52 | %} 53 | 54 | }; 55 | -------------------------------------------------------------------------------- /src/stubbed-out/opcua_binary-stubbed_out_service_debug.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-stubbed_out_service_debug.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Placeholder debug code for processing services that have yet to be implemented. 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %header{ 13 | void printStubbedOutRes(Stubbed_Out_Res *msg); 14 | void printStubbedOutReq(Stubbed_Out_Req *msg); 15 | %} 16 | 17 | %code{ 18 | 19 | void printStubbedOutReq(Stubbed_Out_Req *msg) { 20 | printMsgHeader( msg->service()->msg_body()->header()); 21 | printMsgType( msg->service()->msg_body()->header()); 22 | printService(msg->service()); 23 | printReqHdr(msg->req_hdr()); 24 | 25 | // Details need implemented 26 | 27 | return; 28 | } 29 | 30 | void printStubbedOutRes(Stubbed_Out_Res *msg) { 31 | printMsgHeader( msg->service()->msg_body()->header()); 32 | printMsgType( msg->service()->msg_body()->header()); 33 | printService(msg->service()); 34 | printResHdr(msg->res_hdr()); 35 | 36 | // Details need implemented 37 | 38 | return; 39 | } 40 | %} -------------------------------------------------------------------------------- /src/types.bif: -------------------------------------------------------------------------------- 1 | module OPCUA_Binary; 2 | 3 | type Info: record; 4 | type StatusCodeDetail: record; 5 | type DiagnosticInfoDetail: record; 6 | 7 | type AggregateFilter: record; 8 | type AttributeOperand: record; 9 | type AttributeOperandBrowsePathElement: record; 10 | type ContentFilter: record; 11 | type ContentFilterElement: record; 12 | type DataChangeFilter: record; 13 | type ElementOperand: record; 14 | type EventFilter: record; 15 | type LiteralOperand: record; 16 | type SelectClause: record; 17 | type SimpleAttributeOperand: record; 18 | type SimpleAttributeOperandBrowsePaths: record; 19 | 20 | type VariantArrayDims: record; 21 | type VariantData: record; 22 | type VariantDataValue: record; 23 | type VariantExtensionObject: record; 24 | type VariantMetadata: record; 25 | 26 | type ActivateSession: record; 27 | type ActivateSessionClientSoftwareCert: record; 28 | type ActivateSessionLocaleId: record; 29 | 30 | type Browse: record; 31 | type BrowseDescription: record; 32 | type BrowseReference: record; 33 | type BrowseRequestContinuationPoint: record; 34 | type BrowseResult: record; 35 | 36 | type CloseSession: record; 37 | 38 | type CreateMonitoredItems: record; 39 | type CreateMonitoredItemsItem: record; 40 | 41 | type CreateSession: record; 42 | type CreateSessionDiscovery: record; 43 | type CreateSessionEndpoints: record; 44 | type CreateSessionUserToken: record; 45 | 46 | type CreateSubscription: record; 47 | 48 | type GetEndpoints: record; 49 | type GetEndpointsDescription: record; 50 | type GetEndpointsDiscovery: record; 51 | type GetEndpointsLocaleId: record; 52 | type GetEndpointsProfileUri: record; 53 | type GetEndpointsUserToken: record; 54 | 55 | type Read: record; 56 | type ReadNodesToRead: record; 57 | type ReadResults: record; 58 | 59 | type Write: record; 60 | 61 | type OpenSecureChannel: record; 62 | 63 | module GLOBAL; 64 | 65 | -------------------------------------------------------------------------------- /src/types/nodeid/opcua_binary-nodeid_types.pac: -------------------------------------------------------------------------------- 1 | ## CreateMonitoredItemsItem.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Binpac type mappings for nodeid types 6 | ## 7 | ## Author: Kent Kvarfordt 8 | ## Contact: kent.kvarfordt@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | # 13 | # UA Specification Part 6 - Mappings 1.04.pdf 14 | # Table 6 - NodeId DataEncoding: 15 | # 16 | # Value Description 17 | # 0x00 A numeric value that fits into the two-byte representation. 18 | # 0x01 A numeric value that fits into the four-byte representation. 19 | # 0x02 A numeric value that does not fit into the two or four byte representations. 20 | # 0x03 A String value. 21 | # 0x04 A Guid value. 22 | # 0x05 An opaque (ByteString) value. 23 | # 0x80 NamespaceUriFlag See discussion of ExpandedNodeId in 5.2.2.10. 24 | # 0x40 ServerIndexFlag See discussion of ExpandedNodeId in 5.2.2.10. 25 | # 26 | enum node_encoding 27 | { 28 | TwoByte = 0x00, 29 | FourByte = 0x01, 30 | Numeric = 0x02, 31 | String = 0x03, 32 | GUID = 0x04, 33 | Opaque = 0x05, 34 | NamespaceUriFlag = 0x80, 35 | ServerIndexFlag = 0x40 36 | } 37 | 38 | # 39 | # UA Specification Part 6 - Mappings 1.04.pdf 40 | # 41 | # Table 5 - NodeId components 42 | # 43 | # The DataEncoding of a NodeId varies according to the contents of 44 | # the instance. For that reason, the first byte of the encoded form 45 | # indicates the format of the rest of the encoded NodeId. The possible 46 | # DataEncoding formats are shown in Table 6. The tables that follow 47 | # describe the structure of each possible format (they exclude the byte 48 | # which indicates the format). See 49 | # Table 6 - NodeId DataEncoding Values 50 | # Table 7 - Standard NodeId Binary DataEncoding 51 | # Table 8 - Two Byte NodeId Binary DataEncoding 52 | # Table 9 - Four Byte NodeId Binary DataEncoding 53 | # 54 | type OpcUA_NodeId = record { 55 | identifier_type : uint8; 56 | identifier : case(identifier_type & 0x0f) of { 57 | TwoByte -> two_byte_numeric : OpcUA_NodeId_TwoByte; 58 | FourByte -> four_byte_numeric : OpcUA_NodeId_FourByte; 59 | Numeric -> numeric : OpcUA_NodeId_Numeric; 60 | String -> string : OpcUA_NodeId_String; 61 | GUID -> guid : OpcUA_NodeId_Guid; 62 | Opaque -> opaque : OpcUA_NodeId_Opaque; 63 | }; 64 | } &byteorder=littleendian; 65 | 66 | # 67 | # UA Specification Part 6 - Mappings 1.04.pdf 68 | # 69 | # Table 8 - Two Byte NodeId Binary DataEncoding 70 | # 71 | type OpcUA_NodeId_TwoByte = record { 72 | numeric : uint8; 73 | } &byteorder=littleendian; 74 | 75 | # 76 | # UA Specification Part 6 - Mappings 1.04.pdf 77 | # 78 | # Table 9 - Four Byte NodeId Binary DataEncoding 79 | # 80 | type OpcUA_NodeId_FourByte = record { 81 | namespace_index : uint8; 82 | numeric : uint16; 83 | } &byteorder=littleendian; 84 | 85 | # 86 | # UA Specification Part 6 - Mappings 1.04.pdf 87 | # 88 | # Table 7 - Standard NodeId Binary DataEncoding 89 | # 90 | type OpcUA_NodeId_Numeric = record { 91 | namespace_index : uint16; 92 | numeric : uint32; 93 | } &byteorder=littleendian; 94 | 95 | # 96 | # UA Specification Part 6 - Mappings 1.04.pdf 97 | # 98 | # Figure 7 - A String NodeId 99 | # 100 | type OpcUA_NodeId_String = record { 101 | namespace_index : uint16; 102 | string : OpcUA_String; 103 | } &byteorder=littleendian; 104 | 105 | # 106 | # UA Specification Part 6 - Mappings 1.04.pdf 107 | # 108 | # Table 7 - Standard NodeId Binary DataEncoding 109 | # 110 | type OpcUA_NodeId_Guid = record { 111 | namespace_index : uint16; 112 | guid : OpcUA_Guid; 113 | } &byteorder=littleendian; 114 | 115 | # 116 | # UA Specification Part 6 - Mappings 1.04.pdf 117 | # 118 | # Table 7 - Standard NodeId Binary DataEncoding 119 | # 120 | type OpcUA_NodeId_Opaque = record { 121 | namespace_index : uint16; 122 | opaque : OpcUA_ByteString; 123 | } &byteorder=littleendian; 124 | 125 | # 126 | # UA Specification Part 6 - Mappings 1.04.pdf 127 | # 128 | # Table 10 - ExpandedNodeId Binary DataEncoding 129 | # 130 | 131 | type OpcUA_ExpandedNodeId = record { 132 | node_id : OpcUA_NodeId; 133 | has_namespace_uri : case $context.flow.is_bit_set(node_id.identifier_type, NamespaceUriFlag) of { 134 | true -> namespace_uri : OpcUA_String; 135 | default -> empty_namespace_uri : empty; 136 | }; 137 | has_server_idx : case $context.flow.is_bit_set(node_id.identifier_type, ServerIndexFlag) of { 138 | true -> server_idx : uint32; 139 | default -> empty_server_idx : empty; 140 | }; 141 | } &byteorder=littleendian; 142 | -------------------------------------------------------------------------------- /src/types/nodeid/opcua_binary-nodeid_types_analyzer.pac: -------------------------------------------------------------------------------- 1 | ## opcua_binary-nodeid_types_ananlyzer.pac 2 | ## 3 | ## OPCUA Binary Protocol Analyzer 4 | ## 5 | ## Analyzer utilitiy functions for the nodeid types. 6 | ## 7 | ## Author: Melanie Pierce 8 | ## Contact: melanie.pierce@inl.gov 9 | ## 10 | ## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 11 | 12 | %extern{ 13 | /* 14 | Note: 15 | The binpac compiler generates one header file along with the associated source file so there 16 | isn't a need to bring in additional headers here. We'll just track header files in the 17 | opcua_binary-analyzer.pac binpac file. See the build/opcua_binary_pac.h and 18 | build/opcua_binary_pac.cc file(s) for details. 19 | */ 20 | %} 21 | 22 | %header{ 23 | void flattenOpcUA_NodeId(zeek::RecordValPtr service_object, OpcUA_NodeId *node_ptr, uint32 offset); 24 | void flattenOpcUA_ExpandedNodeId(zeek::RecordValPtr service_object, OpcUA_ExpandedNodeId *node_ptr, uint32 offset); 25 | %} 26 | 27 | %code{ 28 | // Utility function to flatten NodeID objects 29 | void flattenOpcUA_NodeId(zeek::RecordValPtr service_object, OpcUA_NodeId *node_ptr, uint32 offset){ 30 | uint8_t encoding = node_ptr->identifier_type(); 31 | uint8_t node_id_encoding = encoding & 0x0f; 32 | 33 | service_object->Assign((offset+0), zeek::make_intrusive(uint8ToHexstring(encoding))); 34 | switch (node_id_encoding) { 35 | case node_encoding::TwoByte : service_object->Assign((offset+2), zeek::val_mgr->Count(node_ptr->two_byte_numeric()->numeric())); 36 | break; 37 | case node_encoding::FourByte : 38 | service_object->Assign((offset+1), zeek::val_mgr->Count(node_ptr->four_byte_numeric()->namespace_index())); 39 | service_object->Assign((offset+2), zeek::val_mgr->Count(node_ptr->four_byte_numeric()->numeric())); 40 | break; 41 | case node_encoding::Numeric : 42 | service_object->Assign((offset+1), zeek::val_mgr->Count(node_ptr->numeric()->namespace_index())); 43 | service_object->Assign((offset+2), zeek::val_mgr->Count(node_ptr->numeric()->numeric())); 44 | break; 45 | case node_encoding::String : 46 | service_object->Assign((offset+1), zeek::val_mgr->Count(node_ptr->string()->namespace_index())); 47 | service_object->Assign((offset+3), zeek::make_intrusive(std_str(node_ptr->string()->string()->string()))); 48 | break; 49 | case node_encoding::GUID : 50 | service_object->Assign((offset+1), zeek::val_mgr->Count(node_ptr->guid()->namespace_index())); 51 | service_object->Assign((offset+4), zeek::make_intrusive(guidToGuidstring(node_ptr->guid()->guid()->data1(), 52 | node_ptr->guid()->guid()->data2(), 53 | node_ptr->guid()->guid()->data3(), 54 | node_ptr->guid()->guid()->data4()))); 55 | break; 56 | case node_encoding::Opaque : 57 | service_object->Assign((offset+1), zeek::val_mgr->Count(node_ptr->opaque()->namespace_index())); 58 | service_object->Assign((offset+5), zeek::make_intrusive(bytestringToHexstring(node_ptr->opaque()->opaque()->byteString()))); 59 | break; 60 | } 61 | } 62 | 63 | // Utility function to flatten ExpandedNodeID objects 64 | void flattenOpcUA_ExpandedNodeId(zeek::RecordValPtr service_object, OpcUA_ExpandedNodeId *node_ptr, uint32 offset){ 65 | flattenOpcUA_NodeId(service_object, node_ptr->node_id(), offset); 66 | if (isBitSet(node_ptr->node_id()->identifier_type(), NamespaceUriFlag)){ 67 | service_object->Assign((offset+6), zeek::make_intrusive(std_str(node_ptr->namespace_uri()->string()))); 68 | } 69 | if (isBitSet(node_ptr->node_id()->identifier_type(), ServerIndexFlag)){ 70 | service_object->Assign((offset+7), zeek::val_mgr->Count(node_ptr->server_idx())); 71 | } 72 | } 73 | %} 74 | -------------------------------------------------------------------------------- /src/types/statuscode-diagnostic-index-consts.h: -------------------------------------------------------------------------------- 1 | // statuscode-diagnostic-consts.h 2 | // 3 | // OPCUA Binary Protocol Analyzer 4 | // 5 | // Author: Kent Kvarfordt 6 | // Contact: kent.kvarfordt@inl.gov 7 | // 8 | // Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved. 9 | 10 | #ifndef OPCUA_BINARY_STATUSCODE_DIAGNOSTICS_CONSTS_H 11 | #define OPCUA_BINARY_STATUSCODE_DIAGNOSTICS_CONSTS_H 12 | 13 | // 14 | // Index constants for setting values in OPCUA_Binary::StatusCodeDetail 15 | // 16 | #define STATUS_CODE_LINK_ID_DST_IDX 8 17 | #define STATUS_CODE_SOURCE_IDX 9 18 | #define STATUS_CODE_SOURCE_STR_IDX 10 19 | #define STATUS_CODE_SOURCE_LEVEL_IDX 11 20 | #define STATUS_CODE_IDX 12 21 | #define SEVERITY_IDX 13 22 | #define SEVERITY_STR_IDX 14 23 | #define SUBCODE_IDX 15 24 | #define SUBCODE_STR_IDX 16 25 | #define STRUCTURE_CHANGED_IDX 17 26 | #define SEMANTICS_CHANGED_IDX 18 27 | #define INFO_TYPE_IDX 19 28 | #define INFO_TYPE_STR_IDX 20 29 | #define LIMIT_BITS_IDX 21 30 | #define LIMIT_BITS_STR_IDX 22 31 | #define OVERFLOW_IDX 23 32 | #define HISTORIAN_BITS_IDX 24 33 | #define HISTORIAN_BITS_STR_IDX 25 34 | #define HISTORIAN_BITS_PARTIAL_IDX 26 35 | #define HISTORIAN_BITS_EXTRADATA_IDX 27 36 | #define HISTORIAN_BITS_MULTIVALUE_IDX 28 37 | 38 | // 39 | // Index constants for setting values in OPCUA_Binary::DiagnosticInfoDetail 40 | // 41 | #define DIAG_INFO_LINK_ID_DST_IDX 8 42 | #define DIAG_INFO_ROOT_OBJECT_ID_IDX 9 43 | #define DIAG_INFO_SOURCE_IDX 10 44 | #define DIAG_INFO_SOURCE_STR_IDX 11 45 | #define INNER_DIAG_LEVEL_IDX 12 46 | #define HAS_SYMBOLIC_ID_IDX 13 47 | #define SYMBOLIC_ID_IDX 14 48 | #define SYMBOLIC_ID_STR_IDX 15 49 | #define HAS_NAMESPACE_URI_IDX 16 50 | #define NAMESPACE_URI_IDX 17 51 | #define NAMESPACE_URI_STR_IDX 18 52 | #define HAS_LOCALE_IDX 19 53 | #define LOCALE_IDX 20 54 | #define LOCALE_STR_IDX 21 55 | #define HAS_LOCALE_TXT_IDX 22 56 | #define LOCALE_TXT_IDX 23 57 | #define LOCALE_TXT_STR_IDX 24 58 | #define HAS_ADDL_INFO_IDX 25 59 | #define ADDL_INFO_IDX 26 60 | #define HAS_INNER_STAT_CODE_IDX 27 61 | #define INNER_STAT_CODE_IDX 28 62 | #define HAS_INNER_DIAG_INFO_IDX 29 63 | 64 | #endif 65 | 66 | -------------------------------------------------------------------------------- /tests/.gitignore: -------------------------------------------------------------------------------- 1 | .tmp 2 | .btest.failed.dat 3 | -------------------------------------------------------------------------------- /tests/analyzer/availability.zeek: -------------------------------------------------------------------------------- 1 | # @TEST-EXEC: zeek -NN | grep -i -q ANALYZER_ICSNPP_OPCUA_BINARY 2 | # 3 | # @TEST-DOC: Check that OPCUA-binary analyzer is available. 4 | -------------------------------------------------------------------------------- /tests/analyzer/data-gap.zeek: -------------------------------------------------------------------------------- 1 | # @TEST-EXEC: zeek -C -r ${TRACES}/opcua_with-gap.pcap %INPUT 2 | # @TEST-EXEC: zeek-cut -n opcua_link_id < opcua_binary_opensecure_channel.log > opcua_binary_opensecure_channel.tmp && mv opcua_binary_opensecure_channel.tmp opcua_binary_opensecure_channel.log 3 | # @TEST-EXEC: zeek-cut -n status_code_link_id < opcua_binary_status_code_detail.log > opcua_binary_status_code_detail.tmp && mv opcua_binary_status_code_detail.tmp opcua_binary_status_code_detail.log 4 | # @TEST-EXEC: zeek-cut -n opcua_link_id status_code_link_id < opcua_binary.log > opcua_binary.tmp && mv opcua_binary.tmp opcua_binary.log 5 | # @TEST-EXEC: zeek-cut -n opcua_link_id discovery_profile_link_id endpoint_link_id < opcua_binary_create_session.log > opcua_binary_create_session.tmp && mv opcua_binary_create_session.tmp opcua_binary_create_session.log 6 | # @TEST-EXEC: btest-diff opcua_binary_opensecure_channel.log 7 | # @TEST-EXEC: btest-diff opcua_binary_status_code_detail.log 8 | # @TEST-EXEC: btest-diff opcua_binary.log 9 | # @TEST-EXEC: btest-diff opcua_binary_create_session.log 10 | 11 | # 12 | # @TEST-DOC: Test OPCUA-binary analyzer with a trace file that contains a gap in the transmitted data. 13 | 14 | @load icsnpp/opcua-binary 15 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/conn.log: -------------------------------------------------------------------------------- 1 | #separator \x09 2 | #set_separator , 3 | #empty_field (empty) 4 | #unset_field - 5 | #path conn 6 | #open XXXX-XX-XX-XX-XX-XX 7 | #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents 8 | #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 9 | XXXXXXXXXX.XXXXXX CADif11pxAaty8L2Ol ::1 56322 ::1 4840 tcp opcua-binary 1.708381 3523 3660 SF T T 0 ShAaDdFf 63 8071 63 8208 - 10 | XXXXXXXXXX.XXXXXX CTN9ff4xcfTGPbMWai ::1 56321 ::1 4840 tcp opcua-binary 0.270417 338 639 SF T T 0 ShAaDdFf 11 1142 11 1443 - 11 | XXXXXXXXXX.XXXXXX CX3cSc4fx90nGsMzvb 127.0.0.1 62228 127.0.0.1 63329 udp - 0.000122 48 48 SF T T 0 Dd 1 76 1 76 - 12 | XXXXXXXXXX.XXXXXX CcLcu71Qwhyx0AYNVg 127.0.0.1 63974 127.0.0.1 58543 udp - 0.000321 82 98 SF T T 0 Dd 2 138 2 154 - 13 | #close XXXX-XX-XX-XX-XX-XX 14 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_activate_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 - - 0x01 0 324 - - - UserNameIdentityToken 0x01 open62541-username-policy user1 password - - - - - - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - - - - - 0xaf823f28a4fd9fda7a4a82598c36a432fb0138ce7ca1f5d7... 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_browse.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 BrowseRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 BrowseResponse - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 BrowseRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 - 5 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 BrowseResponse - - - - - - - - - - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_browse_description.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x00 - 85 - - - FWD 0x00 - 0 - - - F All 0x0000003f 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x00 - 85 - - - BOTH 0x00 - 0 - - - F All 0x0000003f 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_browse_response_references.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 40 - - - T 0x00 - 61 - - - - - - FolderType 0x03 - FolderType ObjectTypeNodeClass 0x00 - 0 - - - - - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 0 2253 - - - - - - Server 0x03 - Server ObjectNodeClass 0x01 0 2004 - - - - - 4 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 1 58192 - - - - - 1 TheGreatNode 0x03 en-US TheNewGreatNode ObjectNodeClass 0x01 1 12134 - - - - - 5 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 1 53813 - - - - - - VariableNode 0x03 en-US TheNewVariableNode VariableNodeClass 0x00 - 63 - - - - - 6 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - F 0x00 - 84 - - - - - - Root 0x03 - Root ObjectNodeClass 0x00 - 61 - - - - - 7 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 40 - - - T 0x00 - 61 - - - - - - FolderType 0x03 - FolderType ObjectTypeNodeClass 0x00 - 0 - - - - - 8 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 0 2253 - - - - - - Server 0x03 - Server ObjectNodeClass 0x01 0 2004 - - - - - 9 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 1 58192 - - - - - 1 TheGreatNode 0x03 en-US TheNewGreatNode ObjectNodeClass 0x01 1 12134 - - - - - 10 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 1 53813 - - - - - - VariableNode 0x03 en-US TheNewVariableNode VariableNodeClass 0x00 - 63 - - - - - 11 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_browse_result.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_close_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 T 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_create_monitored_items.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 1 2 Both 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_create_monitored_items_create_item.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x03 1 - the.answer - - Value - - - Reporting 1 250.0 1 T - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - - - - - - - - - - 0 0.0 0 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_create_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 urn:unconfigured:application - 0 - - 1 - - - opc.tcp://localhost:4840 - - - - 1200000 2147483647 - - - - - - - - - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - - - 0x04 1 - - a0f7639b-18fd-8d0a-5235-f3cff51fd1dd - 0x04 1 - - 39121615-46f3-6d34-fecf-fcbfbacb4c14 - 1200000 0x598c5f8b8e16dbf2e5d02c5219ad6efbf5eb08dc590a1724... - - - - 0 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_create_session_endpoints.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 opc.tcp://localhost:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_create_session_user_token.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 open62541-anonymous-policy 0 - - - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_create_subscription.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 500 10000 10 0 T 0 - - - - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - 1 500 10000 10 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_get_endpoints.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56321 ::1 4840 T ::1 56321 ::1 4840 opc.tcp://localhost:4840 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56321 ::1 4840 F ::1 4840 ::1 56321 - 4 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 opc.tcp://localhost:4840 5 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_get_endpoints_description.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56321 ::1 4840 F ::1 4840 ::1 56321 opc.tcp://localhost:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 opc.tcp://localhost:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_get_endpoints_user_token.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56321 ::1 4840 F ::1 4840 ::1 56321 open62541-anonymous-policy 0 - - - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56321 ::1 4840 F ::1 4840 ::1 56321 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 4 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 open62541-anonymous-policy 0 - - - 5 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_opensecure_channel.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56321 ::1 4840 T ::1 56321 ::1 4840 0 0 1 (empty) 600000 - - - - - - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56321 ::1 4840 F ::1 4840 ::1 56321 - - - - - 0 3 3 XXXXXXXXXX.XXXXXX 600000 (empty) 4 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0 0 1 (empty) 600000 - - - - - - 5 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - 0 4 4 XXXXXXXXXX.XXXXXX 600000 (empty) 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_read.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0 0 Source 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_read_nodes_to_read.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x03 1 - the.answer - - 13 Value - 0 - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_read_results.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0 0x02 - - - - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.basic/opcua_binary_write.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x03 1 - the.answer - - 13 Value - 0x01 - - - - 3 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x03 1 - the.answer - - 13 Value - 0x01 - - - - 5 | XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap/opcua_binary.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 T 192.168.11.33 60952 192.168.11.34 4840 HEL F 60 - - 0 65536 65536 16777216 256 opc.tcp://192.168.11.34:4840 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 F 192.168.11.34 4840 192.168.11.33 60952 ACK F 28 - - 0 65536 65536 16777216 256 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 T 192.168.11.33 60952 192.168.11.34 4840 OPN F 133 - - - - - - - - 0 47 http://opcfoundation.org/UA/SecurityPolicy#None -1 - -1 - 1 1 1 0 446 OpenSecureChannelRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 (empty) 0 0 0 - - - - - 5 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 F 192.168.11.34 4840 192.168.11.33 60952 OPN F 135 - - - - - - - - 13 47 http://opcfoundation.org/UA/SecurityPolicy#None -1 - -1 - 1023 1 1 0 449 OpenSecureChannelResponse - - - - - - - - - - - - - XXXXXXXXXX.XXXXXX 0 0 0 0 6 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 T 192.168.11.33 60952 192.168.11.34 4840 MSG F 1578 - - - - 13 - - - 13 - - - - - - 2 2 1 0 461 CreateSessionRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 1000001 0 (empty) 5000 0 0 - - - - - 7 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap/opcua_binary_create_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 T 192.168.11.33 60952 192.168.11.34 4840 urn:MES::FraunhoferIOSB:SiLab UA-Client urn:FraunhoferIOSB:SiLabUAServer:Client 2 - SiLab OPC UA Server-Client 1 - - - opc.tcp://192.168.11.34:4840 urn:MES::FraunhoferIOSB:SiLab UA-Client 0x000000000000000000000000000000000000000000000000... 1257 0x308204e5308203cda00302010202045d5f914e300d06092a... 1200000 16777216 - - - - - - - - - - - - - - - - - - - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap/opcua_binary_opensecure_channel.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 T 192.168.11.33 60952 192.168.11.34 4840 0 0 1 \x00 3600000 - - - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 F 192.168.11.34 4840 192.168.11.33 60952 - - - - - 0 13 1 XXXXXXXXXX.XXXXXX 3600000 (empty) 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap/opcua_binary_status_code_detail.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 F 192.168.11.34 4840 192.168.11.33 60952 0 ResponseHeader 0 0x00000000 0 Severity_Good 0 Good F F 0 InfoType_NotUsed - - - - - - - - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_activate_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 - - 0x01 0 324 - - - UserNameIdentityToken 0x01 open62541-username-policy user1 password - - - - - - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - - - - - - - - - - - - - - - - 0xc916f70db6b1f05742b9c34580edb514f6f4982246e7822d... 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_browse.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 BrowseRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 BrowseResponse - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 BrowseRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 - 5 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 BrowseResponse - - - - - - - - - - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_browse_description.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 0x00 - 85 - - - FWD 0x00 - 0 - - - F All 0x0000003f 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 0x00 - 85 - - - BOTH 0x00 - 0 - - - F All 0x0000003f 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_browse_result.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_close_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 T 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_create_monitored_items.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 1 2 Both 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_create_monitored_items_create_item.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 0x03 1 - the.answer - - Value - - - Reporting 1 250.0 1 T - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - - - - - - - - - - - - - - - - - - - - - 0 0.0 0 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_create_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 T 192.168.11.33 60952 192.168.11.34 4840 urn:MES::FraunhoferIOSB:SiLab UA-Client urn:FraunhoferIOSB:SiLabUAServer:Client 2 - SiLab OPC UA Server-Client 1 - - - opc.tcp://192.168.11.34:4840 urn:MES::FraunhoferIOSB:SiLab UA-Client 0x000000000000000000000000000000000000000000000000... 1257 0x308204e5308203cda00302010202045d5f914e300d06092a... 1200000 16777216 - - - - - - - - - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 urn:unconfigured:application - 0 - - 1 - - - opc.tcp://192.168.224.102:4840 - - - - 1200000 2147483647 - - - - - - - - - - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - - - - - - - - - - - - - - 0x04 1 - - 2ac5850e-13da-f0c6-97c9-8ce8ed4e8478 - 0x04 1 - - 70f93e4d-380f-c498-6a46-24f2ff6fa68a - 1200000 0xc48cfc5d7731212c923d06c79095ad2009fe043ed705566f... - - - - 0 5 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_create_session_endpoints.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 opc.tcp://192.168.224.102:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_create_session_user_token.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 open62541-anonymous-policy 0 - - - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_create_subscription.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 500 10000 10 0 T 0 - - - - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - - - - 1 500 10000 10 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_get_endpoints.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62478 192.168.224.102 4840 T 192.168.224.102 62478 192.168.224.102 4840 opc.tcp://192.168.224.102:4840 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62478 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62478 - 4 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 opc.tcp://192.168.224.102:4840 5 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_get_endpoints_description.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62478 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62478 opc.tcp://192.168.224.102:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 opc.tcp://192.168.224.102:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_get_endpoints_user_token.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62478 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62478 open62541-anonymous-policy 0 - - - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62478 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62478 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 4 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 open62541-anonymous-policy 0 - - - 5 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_opensecure_channel.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 T 192.168.11.33 60952 192.168.11.34 4840 0 0 1 \x00 3600000 - - - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.11.33 60952 192.168.11.34 4840 F 192.168.11.34 4840 192.168.11.33 60952 - - - - - 0 13 1 XXXXXXXXXX.XXXXXX 3600000 (empty) 4 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62478 192.168.224.102 4840 T 192.168.224.102 62478 192.168.224.102 4840 0 0 1 (empty) 600000 - - - - - - 5 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62478 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62478 - - - - - 0 9 9 XXXXXXXXXX.XXXXXX 600000 (empty) 6 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 0 0 1 (empty) 600000 - - - - - - 7 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - - - 0 10 10 XXXXXXXXXX.XXXXXX 600000 (empty) 8 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_read.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 0 0 Source 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_read_nodes_to_read.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 0x03 1 - the.answer - - 13 Value - 0 - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_read_results.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 0 0x02 - - - - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.data-gap_with-handshake/opcua_binary_write.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 0x03 1 - the.answer - - 13 Value - 0x01 - - - - 3 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - - - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 T 192.168.224.102 62479 192.168.224.102 4840 0x03 1 - the.answer - - 13 Value - 0x01 - - - - 5 | XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.224.102 62479 192.168.224.102 4840 F 192.168.224.102 4840 192.168.224.102 62479 - - - - - - - - - - - - - - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_activate_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 - - 0x01 0 324 - - - UserNameIdentityToken 0x01 open62541-username-policy user1 password - - - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - - - - - 0xaf823f28a4fd9fda7a4a82598c36a432fb0138ce7ca1f5d7... 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_browse.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 BrowseRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 BrowseResponse - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 BrowseRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 - 5 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 BrowseResponse - - - - - - - - - - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_browse_description.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x00 - 85 - - - FWD 0x00 - 0 - - - F All 0x0000003f 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x00 - 85 - - - BOTH 0x00 - 0 - - - F All 0x0000003f 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_browse_response_references.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 40 - - - T 0x00 - 61 - - - - - - FolderType 0x03 - FolderType ObjectTypeNodeClass 0x00 - 0 - - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 0 2253 - - - - - - Server 0x03 - Server ObjectNodeClass 0x01 0 2004 - - - - - 4 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 1 58192 - - - - - 1 TheGreatNode 0x03 en-US TheNewGreatNode ObjectNodeClass 0x01 1 12134 - - - - - 5 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 1 53813 - - - - - - VariableNode 0x03 en-US TheNewVariableNode VariableNodeClass 0x00 - 63 - - - - - 6 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - F 0x00 - 84 - - - - - - Root 0x03 - Root ObjectNodeClass 0x00 - 61 - - - - - 7 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 40 - - - T 0x00 - 61 - - - - - - FolderType 0x03 - FolderType ObjectTypeNodeClass 0x00 - 0 - - - - - 8 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 0 2253 - - - - - - Server 0x03 - Server ObjectNodeClass 0x01 0 2004 - - - - - 9 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 1 58192 - - - - - 1 TheGreatNode 0x03 en-US TheNewGreatNode ObjectNodeClass 0x01 1 12134 - - - - - 10 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0x00 - 35 - - - T 0x01 1 53813 - - - - - - VariableNode 0x03 en-US TheNewVariableNode VariableNodeClass 0x00 - 63 - - - - - 11 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_browse_result.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_close_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 T 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_create_monitored_items.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 1 2 Both 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_create_monitored_items_create_item.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x03 1 - the.answer - - Value - - - Reporting 1 250.0 1 T - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - - - - - - - - - - 0 0.0 0 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_create_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 urn:unconfigured:application - 0 - - 1 - - - opc.tcp://localhost:4840 - - - - 1200000 2147483647 - - - - - - - - - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - - - 0x04 1 - - a0f7639b-18fd-8d0a-5235-f3cff51fd1dd - 0x04 1 - - 39121615-46f3-6d34-fecf-fcbfbacb4c14 - 1200000 0x598c5f8b8e16dbf2e5d02c5219ad6efbf5eb08dc590a1724... - - - - 0 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_create_session_endpoints.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 opc.tcp://localhost:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_create_session_user_token.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 open62541-anonymous-policy 0 - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_create_subscription.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 500 10000 10 0 T 0 - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - 1 500 10000 10 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_get_endpoints.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_get_endpoints_description.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 opc.tcp://localhost:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_get_endpoints_user_token.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 open62541-anonymous-policy 0 - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_read.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0 0 Source 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_read_nodes_to_read.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x03 1 - the.answer - - 13 Value - 0 - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_read_results.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 0 0x02 - - - - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.no-handshake/opcua_binary_write.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x03 1 - the.answer - - 13 Value - 0x01 - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 T ::1 56322 ::1 4840 0x03 1 - the.answer - - 13 Value - 0x01 - - - - 5 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 ::1 56322 ::1 4840 F ::1 4840 ::1 56322 - - - - - - - - - - - - - - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_activate_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 - - 0x01 0 324 - - - UserNameIdentityToken 0x01 open62541-username-policy user1 password - - - - - - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - - - - - - - - - - - - - - - - 0xc916f70db6b1f05742b9c34580edb514f6f4982246e7822d... 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_browse.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 BrowseRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 BrowseResponse - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 BrowseRequest 0x00 - 0 - - - XXXXXXXXXX.XXXXXX 0 0 - 5 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 BrowseResponse - - - - - - - - - - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_browse_description.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 0x00 - 85 - - - FWD 0x00 - 0 - - - F All 0x0000003f 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 0x00 - 85 - - - BOTH 0x00 - 0 - - - F All 0x0000003f 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_browse_result.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_close_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 T 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_create_monitored_items.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 1 2 Both 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_create_monitored_items_create_item.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 0x03 1 - the.answer - - Value - - - Reporting 1 250.0 1 T - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - - - - - - - - - - - - - - - - - - - - - 0 0.0 0 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_create_session.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 urn:unconfigured:application - 0 - - 1 - - - opc.tcp://192.168.224.102:4840 - - - - 1200000 2147483647 - - - - - - - - - - - - - - - - - - - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - - - - - - - - - - - - - - 0x04 1 - - 2ac5850e-13da-f0c6-97c9-8ce8ed4e8478 - 0x04 1 - - 70f93e4d-380f-c498-6a46-24f2ff6fa68a - 1200000 0xc48cfc5d7731212c923d06c79095ad2009fe043ed705566f... - - - - 0 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_create_session_endpoints.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 opc.tcp://192.168.224.102:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_create_session_user_token.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 open62541-anonymous-policy 0 - - - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_create_subscription.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 500 10000 10 0 T 0 - - - - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - - - - 1 500 10000 10 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_get_endpoints.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.224.102 62478 192.168.224.102 48010 T 192.168.224.102 62478 192.168.224.102 48010 opc.tcp://192.168.224.102:4840 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.224.102 62478 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62478 - 4 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 opc.tcp://192.168.224.102:4840 5 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_get_endpoints_description.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.224.102 62478 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62478 opc.tcp://192.168.224.102:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 opc.tcp://192.168.224.102:4840 urn:open62541.server.application http://open62541.org 3 en open62541-based OPC UA Application 0 - - - - - 1 http://opcfoundation.org/UA/SecurityPolicy#None http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary 1 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_get_endpoints_user_token.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.224.102 62478 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62478 open62541-anonymous-policy 0 - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.224.102 62478 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62478 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 4 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 open62541-anonymous-policy 0 - - - 5 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 open62541-username-policy 1 - - http://opcfoundation.org/UA/SecurityPolicy#None 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_opensecure_channel.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.224.102 62478 192.168.224.102 48010 T 192.168.224.102 62478 192.168.224.102 48010 0 0 1 (empty) 600000 - - - - - - 3 | XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.224.102 62478 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62478 - - - - - 0 9 9 XXXXXXXXXX.XXXXXX 600000 (empty) 4 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 0 0 1 (empty) 600000 - - - - - - 5 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - - - 0 10 10 XXXXXXXXXX.XXXXXX 600000 (empty) 6 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_read.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 0 0 Source 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - 4 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_read_nodes_to_read.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 0x03 1 - the.answer - - 13 Value - 0 - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_read_results.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 0 0x02 - - - - 3 | -------------------------------------------------------------------------------- /tests/baseline/analyzer.non-standard-port/opcua_binary_write.log: -------------------------------------------------------------------------------- 1 | ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 2 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 0x03 1 - the.answer - - 13 Value - 0x01 - - - - 3 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - - - - - - - - - - - - 4 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 T 192.168.224.102 62479 192.168.224.102 48010 0x03 1 - the.answer - - 13 Value - 0x01 - - - - 5 | XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.224.102 62479 192.168.224.102 48010 F 192.168.224.102 48010 192.168.224.102 62479 - - - - - - - - - - - - - - 6 | -------------------------------------------------------------------------------- /tests/btest.cfg: -------------------------------------------------------------------------------- 1 | [btest] 2 | TestDirs = analyzer 3 | TmpDir = %(testbase)s/.tmp 4 | BaselineDir = %(testbase)s/baseline 5 | IgnoreDirs = .tmp 6 | IgnoreFiles = *.tmp *.swp #* *.trace .DS_Store 7 | 8 | [environment] 9 | ZEEKPATH=`%(testbase)s/scripts/get-zeek-env zeekpath` 10 | ZEEK_PLUGIN_PATH=`%(testbase)s/scripts/get-zeek-env zeek_plugin_path` 11 | ZEEK_SEED_FILE=%(testbase)s/files/random.seed 12 | PATH=`%(testbase)s/scripts/get-zeek-env path` 13 | PACKAGE=%(testbase)s/../scripts 14 | TZ=UTC 15 | LC_ALL=C 16 | TRACES=%(testbase)s/traces 17 | TMPDIR=%(testbase)s/.tmp 18 | TEST_DIFF_CANONIFIER=%(testbase)s/scripts/diff-remove-timestamps 19 | -------------------------------------------------------------------------------- /tests/files/random.seed: -------------------------------------------------------------------------------- 1 | 2983378351 2 | 1299727368 3 | 0 4 | 310447 5 | 0 6 | 1409073626 7 | 3975311262 8 | 34130240 9 | 1450515018 10 | 1466150520 11 | 1342286698 12 | 1193956778 13 | 2188527278 14 | 3361989254 15 | 3912865238 16 | 3596260151 17 | 517973768 18 | 1462428821 19 | 0 20 | 2278350848 21 | 32767 22 | -------------------------------------------------------------------------------- /tests/scripts/diff-remove-timestamps: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | # 3 | # Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs). 4 | 5 | # Get us "modern" regexps with sed. 6 | if [ `uname` == "Linux" ]; then 7 | sed="sed -r" 8 | else 9 | sed="sed -E" 10 | fi 11 | 12 | $sed 's/(0\.000000)|([0-9]{9,10}\.[0-9]{2,8})/XXXXXXXXXX.XXXXXX/g' | \ 13 | $sed 's/^ *#(open|close).(19|20)..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' 14 | -------------------------------------------------------------------------------- /tests/scripts/get-zeek-env: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # BTest helper for getting values for Zeek-related environment variables. 4 | 5 | base=$(dirname $0) 6 | zeek_dist=$(cat ${base}/../../build/CMakeCache.txt 2>/dev/null | grep ZEEK_DIST | cut -d = -f 2) 7 | 8 | if [ -n "${zeek_dist}" ]; then 9 | if [ "$1" = "zeekpath" ]; then 10 | ${zeek_dist}/build/zeek-path-dev 11 | elif [ "$1" = "zeek_plugin_path" ]; then 12 | ( cd ${base}/../.. && pwd ) 13 | elif [ "$1" = "path" ]; then 14 | echo ${zeek_dist}/build/src:${zeek_dist}/aux/btest:${base}/:${zeek_dist}/aux/zeek-cut:$PATH 15 | else 16 | echo "usage: $(basename $0) " >&2 17 | exit 1 18 | fi 19 | else 20 | # Use Zeek installation for testing. In this case zeek-config must be in PATH. 21 | if ! which zeek-config >/dev/null 2>&1; then 22 | echo "zeek-config not found" >&2 23 | exit 1 24 | fi 25 | 26 | if [ "$1" = "zeekpath" ]; then 27 | zeek-config --zeekpath 28 | elif [ "$1" = "zeek_plugin_path" ]; then 29 | # Combine the local tree and the system-wide path. This allows 30 | # us to test on a local build or an installation made via zkg, 31 | # which squirrels away the build. --cpk 32 | echo "$(cd ${base}/../.. && pwd):$(zeek-config --plugin_dir)" 33 | elif [ "$1" = "path" ]; then 34 | echo ${PATH} 35 | else 36 | echo "usage: $(basename $0) " >&2 37 | exit 1 38 | fi 39 | fi 40 | -------------------------------------------------------------------------------- /tests/traces/opcua_with-gap.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/icsnpp-opcua-binary/683a907effaef741acd1cf261a59a029433e8fa6/tests/traces/opcua_with-gap.pcap -------------------------------------------------------------------------------- /tests/traces/opcua_with-gap_with-handshake.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/icsnpp-opcua-binary/683a907effaef741acd1cf261a59a029433e8fa6/tests/traces/opcua_with-gap_with-handshake.pcap -------------------------------------------------------------------------------- /tests/traces/open62541_client-server_mainloop-no-handshake.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/icsnpp-opcua-binary/683a907effaef741acd1cf261a59a029433e8fa6/tests/traces/open62541_client-server_mainloop-no-handshake.pcap -------------------------------------------------------------------------------- /tests/traces/open62541_client-server_mainloop-not-localhost-non-standard-port.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/icsnpp-opcua-binary/683a907effaef741acd1cf261a59a029433e8fa6/tests/traces/open62541_client-server_mainloop-not-localhost-non-standard-port.pcap -------------------------------------------------------------------------------- /tests/traces/open62541_client-server_mainloop.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/icsnpp-opcua-binary/683a907effaef741acd1cf261a59a029433e8fa6/tests/traces/open62541_client-server_mainloop.pcap -------------------------------------------------------------------------------- /zkg.meta: -------------------------------------------------------------------------------- 1 | [package] 2 | build_dir = build/ICSNPP_OPCUA_Binary.tgz 3 | script_dir = build/scripts/icsnpp/opcua-binary 4 | build_command = ./configure && make 5 | test_command = cd tests && btest -c btest.cfg 6 | description = OPC Unified Architecture Binary plugin for parsing and logging of the OPC UA Binary protocol - CISA ICSNPP 7 | credits = Kent Kvarfordt 8 | tags = opcua, opcua_binary, opc, ICS, CISA, INL, ICSNPP, icsnpp, zeek plugin, log writer, protocol analyzer 9 | depends = 10 | zkg >=2.0 11 | zeek >=5.2.0 12 | --------------------------------------------------------------------------------