public bool ChangeModbusTcpRules(string dst_IP, string src_IP, string min_addr, string max_addr, int func, int Min_data, int Max_data, string dev_IP, bool log_record, bool add_delete) { ModbusTcpRulesForm mtrf = new ModbusTcpRulesForm(); mtrf.setIP_Addr_Funcode(dst_IP, src_IP, min_addr, max_addr, func, Min_data, Max_data); DeviceForm devform = new DeviceForm(dev_IP, 22222); ConfigDPIRules configDevice = new ConfigDPIRules(devform); return(configDevice.ConfigModbusTcpRules(mtrf, log_record, add_delete)); }
public bool ConfigModbusTcpRules(ModbusTcpRulesForm mtrf, bool log_flag, bool add_delete) { // RulesDataProcess.ModbusTcpRulesDataProcess(mtrf); String dpi_pro = "modbusTcp"; string flag = null; string dpi_rules_from_master_to_slave0 = null; if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() == "any") { dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP"; } else if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() != "any") { dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP"; } else if (mtrf.getSrc_IP() != "any" & mtrf.getDst_IP() == "any") { dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP"; } else { dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + " DROP"; } //string dpi_rules_from_master_to_slave1 = "iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT"; string dpi_rules_from_master_to_slave_log = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "LOG" + " " + "--log-prefix " + "\"" + "DROP&modbus&data_illegal " + "\""; if (add_delete == true) { flag = "DPI1"; string frule = devform.getDev_IP() + " " + mtrf.getDst_IP() + " " + mtrf.getSrc_IP() + " " + mtrf.getMin_addr() + " " + mtrf.getMax_addr() + " " + mtrf.getfunc() + " " + mtrf.getMin_data() + " " + mtrf.getMax_data() + " ACCEPT " + log_flag.ToString(); of.SaveRules(frule, "modbustcp"); } else if (add_delete == false) { flag = "DPI0"; string frule = devform.getDev_IP() + " " + mtrf.getDst_IP() + " " + mtrf.getSrc_IP() + " " + mtrf.getMin_addr() + " " + mtrf.getMax_addr() + " " + mtrf.getfunc() + " " + mtrf.getMin_data() + " " + mtrf.getMax_data() + " ACCEPT " + log_flag.ToString(); of.DeleteRules(frule, "modbustcp"); } string rule = flag + dpi_rules_from_master_to_slave_log + " && " + dpi_rules_from_master_to_slave0; SendInfo sendcmd = new SendInfo(devform); return(sendcmd.SendConfigInfo(rule)); }
public bool ConfigModbusTcpRules(ModbusTcpRulesForm mtrf, bool log_flag, bool add_delete) { // RulesDataProcess.ModbusTcpRulesDataProcess(mtrf); String dpi_pro = "modbusTcp"; string flag = null; string dpi_rules_from_master_to_slave0 = null; string sql_rule = null;; if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() == "any") { dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP"; } else if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() != "any") { dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP"; } else if (mtrf.getSrc_IP() != "any" & mtrf.getDst_IP() == "any") { dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP"; } else { dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + " DROP"; } //string dpi_rules_from_master_to_slave1 = "iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT"; string dpi_rules_from_master_to_slave_log = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "LOG" + " " + "--log-prefix " + "\"" + "DROP&modbus&data_illegal " + "\""; if (add_delete == true) { flag = "DPI1"; sql_rule = "INSERT INTO modbustcp values " + "('" + devform.getDev_IP() + "','" + mtrf.getDst_IP() + "'" + ",'" + mtrf.getSrc_IP() + "','" + mtrf.getMin_addr() + "','" + mtrf.getMax_addr() + "','" + mtrf.getfunc() + "','" + mtrf.getMin_data() + "','" + mtrf.getMax_data() + "','ACCEPT','" + log_flag + "')"; } else if (add_delete == false) { flag = "DPI0"; sql_rule = "DELETE FROM modbustcp where (dst_IP='" + mtrf.getDst_IP() + "' and src_IP='" + mtrf.getSrc_IP() + "' and min_coiladdr='" + mtrf.getMin_addr() + "'" + " and max_coiladdr='" + mtrf.getMax_addr() + "' and functioncode='" + mtrf.getfunc() + "' and min_speed='" + mtrf.getMin_data() + "' and max_speed='" + mtrf.getMax_data() + "' and method='ACCEPT' and log='" + log_flag + "')"; } string rule = flag + dpi_rules_from_master_to_slave_log + " && " + dpi_rules_from_master_to_slave0; DPIdb_operate.dboperate(sql_rule); SendInfo sendcmd = new SendInfo(devform); return(sendcmd.SendConfigInfo(rule)); }
public static void ModbusTcpRulesDataProcess(ModbusTcpRulesForm mtrf) { int[] function_code_selected_int = new int[32]; string[] function_code = mtrf.getFunction_code_select(); long lfc_flag = 0; long hfc_flag = 0; if (mtrf.getValue_select()) { int code_number = function_code.Length; for (int trs_count = 0; trs_count < code_number; trs_count++) { function_code_selected_int[trs_count] = Int32.Parse(function_code[trs_count]); //Console.WriteLine("int funcode is {0}", function_code_selected_int[trs_count]); } if (code_number > 32) { code_number = 32; } for (int count = 0; count < code_number; count++) { if (function_code_selected_int[count] <= 64) { lfc_flag = lfc_flag | ((long)1 << (function_code_selected_int[count] - 1)); } else { hfc_flag = hfc_flag | ((long)1 << (function_code_selected_int[count] - 1 - 64)); } } } mtrf.setHfc_flag(hfc_flag); mtrf.setLfc_flag(lfc_flag); }