def handle(self, data, address):
session = conpot_core.get_session('bacnet', address[0], address[1])
logger.info('New Bacnet connection from %s:%d. (%s)', address[0],
address[1], session.id)
session.add_event({'type': 'NEW_CONNECTION'})
# I'm not sure if gevent DatagramServer handles issues where the
# received data is over the MTU -> fragmentation
if data:
pdu = PDU()
pdu.pduData = data
apdu = APDU()
npdu = NPDU()
bvlpdu = BVLPDU()
try:
bvlpdu.decode(pdu)
npdu.decode(bvlpdu)
apdu.decode(npdu)
except DecodingError as e:
logger.error("DecodingError: %s", e)
logger.error("PDU: " + format(pdu))
return
self.bacnet_app.indication(apdu, address, self.thisDevice)
self.bacnet_app.response(self.bacnet_app._response, npdu, bvlpdu,
address)
logger.info('Bacnet client disconnected %s:%d. (%s)', address[0],
address[1], session.id)
def confirmation(self, pdu):
if _debug: SnifferNode._debug("confirmation(%s) %r", self.name, pdu)
# it's an NPDU
npdu = NPDU()
npdu.decode(pdu)
# decode as a generic APDU
apdu = APDU()
apdu.decode(npdu)
# "lift" the source and destination address
if npdu.npduSADR:
apdu.pduSource = npdu.npduSADR
else:
apdu.pduSource = npdu.pduSource
if npdu.npduDADR:
apdu.pduDestination = npdu.npduDADR
else:
apdu.pduDestination = npdu.pduDestination
# make a more focused interpretation
atype = apdu_types.get(apdu.apduType)
if _debug: SnifferNode._debug(" - atype: %r", atype)
xpdu = apdu
apdu = atype()
apdu.decode(xpdu)
print(repr(apdu))
apdu.debug_contents()
print("")
def indication(self, npdu):
if _debug: NPDUCodec._debug("indication %r", npdu)
# first as a generic NPDU
xpdu = NPDU()
npdu.encode(xpdu)
# now as a vanilla PDU
ypdu = PDU()
xpdu.encode(ypdu)
if _debug: NPDUCodec._debug(" - encoded: %r", ypdu)
# send it downstream
self.request(ypdu)
def confirmation(self, pdu):
if _debug: NPDUCodec._debug("confirmation %r", pdu)
# decode as a generic NPDU
xpdu = NPDU()
xpdu.decode(pdu)
# drop application layer messages
if xpdu.npduNetMessage is None:
return
# do a deeper decode of the NPDU
ypdu = npdu_types[xpdu.npduNetMessage]()
ypdu.decode(xpdu)
# send it upstream
self.response(ypdu)
def confirmation(self, pdu):
if _debug:
SnifferStateMachine._debug("confirmation(%s) %r", self.name, pdu)
# it's an NPDU
npdu = NPDU()
npdu.decode(pdu)
# filter out network layer traffic if there is any, probably not
if npdu.npduNetMessage is not None:
if _debug:
SnifferStateMachine._debug(" - network message: %r",
npdu.npduNetMessage)
return
# decode as a generic APDU
apdu = APDU()
apdu.decode(npdu)
# "lift" the source and destination address
if npdu.npduSADR:
apdu.pduSource = npdu.npduSADR
else:
apdu.pduSource = npdu.pduSource
if npdu.npduDADR:
apdu.pduDestination = npdu.npduDADR
else:
apdu.pduDestination = npdu.pduDestination
# make a more focused interpretation
atype = apdu_types.get(apdu.apduType)
if _debug: SnifferStateMachine._debug(" - atype: %r", atype)
xpdu = apdu
apdu = atype()
apdu.decode(xpdu)
if _debug: SnifferStateMachine._debug(" - apdu: %r", apdu)
# pass to the state machine
self.receive(apdu)
def decode_packet(data, destination):
"""decode the data, return some kind of PDU."""
if _debug:
decode_packet._debug("decode_packet %r %r", data, destination)
# build a PDU
pdu = PDU(data, destination=destination)
# check for a BVLL header
if pdu.pduData[0] == 0x84:
if _debug:
decode_packet._debug(" - BVLL header found")
xpdu = BVLPDU()
xpdu.decode(pdu)
pdu = xpdu
# make a more focused interpretation
atype = bvl_pdu_types.get(pdu.bvlciFunction)
if not atype:
if _debug:
decode_packet._debug(" - unknown BVLL type: %r", pdu.bvlciFunction)
return pdu
# decode it as one of the basic types
try:
xpdu = pdu
bpdu = atype()
bpdu.decode(pdu)
if _debug:
decode_packet._debug(" - bpdu: %r", bpdu)
pdu = bpdu
# source address in the packet
pdu.pduSource = pdu.bvlciAddress
# no deeper decoding for some
if atype not in (OriginalUnicastNPDU, OriginalBroadcastNPDU):
return pdu
except Exception as err:
if _debug:
decode_packet._debug(" - decoding Error: %r", err)
return xpdu
# check for version number
if pdu.pduData[0] != 0x01:
if _debug:
decode_packet._debug(
" - not a version 1 packet: %s...", btox(pdu.pduData[:30], ".")
)
return None
# it's an NPDU
try:
npdu = NPDU()
npdu.decode(pdu)
except Exception as err:
if _debug:
decode_packet._debug(" - decoding Error: %r", err)
return None
# application or network layer message
if npdu.npduNetMessage is None:
if _debug:
decode_packet._debug(" - not a network layer message, try as an APDU")
# decode as a generic APDU
try:
xpdu = APDU()
xpdu.decode(npdu)
apdu = xpdu
except Exception as err:
if _debug:
decode_packet._debug(" - decoding Error: %r", err)
return npdu
# "lift" the source and destination address
if npdu.npduSADR:
apdu.pduSource = npdu.npduSADR
else:
apdu.pduSource = npdu.pduSource
if npdu.npduDADR:
apdu.pduDestination = npdu.npduDADR
else:
apdu.pduDestination = npdu.pduDestination
# make a more focused interpretation
atype = apdu_types.get(apdu.apduType)
if not atype:
if _debug:
decode_packet._debug(" - unknown APDU type: %r", apdu.apduType)
return apdu
# decode it as one of the basic types
try:
xpdu = apdu
apdu = atype()
apdu.decode(xpdu)
except Exception as err:
if _debug:
decode_packet._debug(" - decoding Error: %r", err)
return xpdu
# decode it at the next level
if isinstance(apdu, ConfirmedRequestPDU):
atype = confirmed_request_types.get(apdu.apduService)
if not atype:
if _debug:
decode_packet._debug(
" - no confirmed request decoder: %r", apdu.apduService
)
return apdu
elif isinstance(apdu, UnconfirmedRequestPDU):
atype = unconfirmed_request_types.get(apdu.apduService)
if not atype:
if _debug:
decode_packet._debug(
" - no unconfirmed request decoder: %r", apdu.apduService
)
return apdu
elif isinstance(apdu, SimpleAckPDU):
atype = None
elif isinstance(apdu, ComplexAckPDU):
atype = complex_ack_types.get(apdu.apduService)
if not atype:
if _debug:
decode_packet._debug(
" - no complex ack decoder: %r", apdu.apduService
)
return apdu
elif isinstance(apdu, SegmentAckPDU):
atype = None
elif isinstance(apdu, ErrorPDU):
atype = error_types.get(apdu.apduService)
if not atype:
if _debug:
decode_packet._debug(" - no error decoder: %r", apdu.apduService)
return apdu
elif isinstance(apdu, RejectPDU):
atype = None
elif isinstance(apdu, AbortPDU):
atype = None
if _debug:
decode_packet._debug(" - atype: %r", atype)
# deeper decoding
try:
if atype:
xpdu = apdu
apdu = atype()
apdu.decode(xpdu)
except Exception as err:
if _debug:
decode_packet._debug(" - decoding error: %r", err)
return xpdu
# success
return apdu
else:
# make a more focused interpretation
ntype = npdu_types.get(npdu.npduNetMessage)
if not ntype:
if _debug:
decode_packet._debug(
" - no network layer decoder: %r", npdu.npduNetMessage
)
return npdu
if _debug:
decode_packet._debug(" - ntype: %r", ntype)
# deeper decoding
try:
xpdu = npdu
npdu = ntype()
npdu.decode(xpdu)
except Exception as err:
if _debug:
decode_packet._debug(" - decoding error: %r", err)
return xpdu
# success
return npdu
return pdu
except Exception, err:
if _debug: decode_packet._debug(" - decoding Error: %r", err)
return xpdu
# check for version number
if (pdu.pduData[0] != '\x01'):
if _debug:
decode_packet._debug(" - not a version 1 packet: %s...",
_hexify(pdu.pduData[:30]))
return None
# it's an NPDU
try:
npdu = NPDU()
npdu.decode(pdu)
if _debug: decode_packet._debug(" - npdu: %r", npdu)
except Exception, err:
if _debug: decode_packet._debug(" - decoding Error: %r", err)
return None
# application or network layer message
if npdu.npduNetMessage is None:
if _debug:
decode_packet._debug(
" - not a network layer message, try as an APDU")
# decode as a generic APDU
try:
xpdu = APDU()