1 % PNIO RTC layer test campaign 2 3 + Syntax check 4 = Import the PNIO RTC layer 5 from scapy.contrib.pnio import * 6 from scapy.contrib.pnio_rtc import * 7 8 9 + Check PNIORealTimeIOxS 10 11 = PNIORealTimeIOxS default values 12 raw(PNIORealTimeIOxS()) == b'\x80' 13 14 = Check no payload is dissected (only padding) 15 * In order for the PNIORealTime to dissect correctly all the data buffer, data field must strictly dissect what they know as being of themselves 16 p = PNIORealTimeIOxS(b'\x40\x01\x02') 17 p == PNIORealTimeIOxS(dataState='bad', instance='device') / conf.padding_layer(b'\x01\x02') 18 19 20 + Check PNIORealTimeRawData 21 22 = PNIORealTimeRawData default values 23 raw(PNIORealTimeRawData(config={'length': 5})) == b'\x00\x00\x00\x00\x00' 24 25 = PNIORealTimeRawData must always be the same configured length 26 raw(PNIORealTimeRawData(load='ABC', config={'length': 5})) == b'ABC\x00\x00' 27 28 = PNIORealTimeRawData may be truncated 29 raw(PNIORealTimeRawData(load='ABCDEF', config={'length': 5})) == b'ABCDE' 30 31 = Check that the dissected payload is an PNIORealTimeIOxS (IOPS) 32 p = PNIORealTimeRawData(b'ABCDE\x80\x01\x02', config={'length': 5}) 33 p == PNIORealTimeRawData(load=b'ABCDE', config={'length': 5}) / PNIORealTimeIOxS() / conf.padding_layer(b'\x01\x02') 34 35 = PNIORealTimeRawData is capable of dissected uncomplete packets 36 p = PNIORealTimeRawData('ABC', config={'length': 5}) 37 p == PNIORealTimeRawData(load=b'ABC', config={'length': 5}) 38 39 40 + Check Profisafe 41 42 = Profisafe default values 43 raw(Profisafe(config={'length': 7, 'CRC': 3})) == b'\0\0\0\0\0\0\0' 44 45 = Profisafe must always be the same configured length 46 raw(Profisafe(load=b'AB', config={'length': 7, 'CRC': 3})) == b'AB\0\0\0\0\0' 47 48 = Profisafe load may be truncated 49 raw(Profisafe(load=b'ABCDEF', config={'length': 7, 'CRC': 3})) == b'ABC\0\0\0\0' 50 51 = Check that the dissected payload is an PNIORealTimeIOxS (IOPS) 52 p = Profisafe(b'ABC\x20\x12\x34\x56\x80\x01\x02', config={'length': 7, 'CRC': 3}) 53 p == Profisafe(load=b'ABC', Control_Status=0x20, CRC=0x123456, config={'length': 7, 'CRC': 3}) / PNIORealTimeIOxS() / conf.padding_layer(b'\x01\x02') 54 55 = Profisafe with a CRC-32 56 raw(Profisafe(load=b'ABC', Control_Status=0x33, CRC=0x12345678, config={'length': 8, 'CRC': 4})) == b'ABC\x33\x12\x34\x56\x78' 57 58 = Profisafe is capable of dissected uncomplete packets 59 p = Profisafe('AB', config={'length': 7, 'CRC': 3}) 60 p == Profisafe(load=b'AB', Control_Status=0, CRC=0) 61 62 63 + Check PNIORealTime layer 64 65 = PNIORealTime default values 66 raw(PNIORealTime()) == b'\0' * 40 + b'\0\0\x35\0' 67 68 = PNIORealTime default values under an UDP packet 69 raw(UDP(sport=0x1234) / ProfinetIO(frameID=0x8002) / PNIORealTime()) == hex_bytes('12348892001a00008002') + b'\0' * 12 + b'\0\0\x35\0' 70 71 = PNIORealTime simple packet 72 * a simple data packet with a raw profinet data and its IOPS, an IOCS and a Profisafe data and its IOPS. 15B data length, 1B padding (20 - 15 -4) 73 raw(PNIORealTime(len=20, dataLen=15, cycleCounter=0x1234, dataStatus='redundancy+validData+no_problem', transferStatus=3, 74 data=[ 75 PNIORealTimeRawData(load=b'\x01\x02\x03\x04', config={'length': 5}) / PNIORealTimeIOxS(), 76 PNIORealTimeIOxS(dataState='bad'), 77 Profisafe(load=b'\x05\x06', Control_Status=0x20, CRC=0x12345678, config={'length': 7, 'CRC': 4}) / PNIORealTimeIOxS() 78 ] 79 )) == hex_bytes('0102030400800005062012345678800012342603') 80 81 = PNIORealTime dissects to PNIORealTimeRawData when no config is available 82 p = PNIORealTime(hex_bytes('0102030400800005062012345678800012342603')) 83 p == PNIORealTime(len=20, dataLen=15, cycleCounter=0x1234, dataStatus='redundancy+validData+no_problem', transferStatus=3, padding=b'\0', 84 data=[ 85 PNIORealTimeRawData(load=hex_bytes('010203040080000506201234567880')) 86 ] 87 ) 88 89 = PNIORealTime dissection is configurable 90 * Usually, the configuration is not given manually, but using PNIORealTime.analyse_data() on a list of Packets which analyses and updates the configuration 91 pnio_update_config({ 92 ('06:07:08:09:0a:0b', '00:01:02:03:04:05'): [ 93 (-15, PNIORealTimeRawData, {'length': 5}), 94 (-8, Profisafe, {'length': 7, 'CRC': 4}), 95 ] 96 }) 97 p = Ether(hex_bytes('000102030405060708090a0b889280020102030400800005062012345678800012342603')) 98 p == Ether(dst='00:01:02:03:04:05', src='06:07:08:09:0a:0b') / ProfinetIO(frameID=0x8002) / PNIORealTime( 99 len=20, dataLen=15, cycleCounter=0x1234, dataStatus='redundancy+validData+no_problem', transferStatus=3, padding=b'\0', 100 data=[ 101 PNIORealTimeRawData(load=b'\x01\x02\x03\x04\0', config={'length': 5}) / PNIORealTimeIOxS(), 102 PNIORealTimeIOxS(dataState='bad'), 103 Profisafe(load=b'\x05\x06', Control_Status=0x20, CRC=0x12345678, config={'length': 7, 'CRC': 4}) / PNIORealTimeIOxS() 104 ] 105 ) 106 107 = PNIORealTime - Analyse data 108 # Possible thanks to https://github.com/ITI/ICS-Security-Tools/blob/master/pcaps/profinet/profinet.pcap 109 110 bind_layers(UDP, ProfinetIO, dport=0x8894) 111 bind_layers(UDP, ProfinetIO, sport=0x8894) 112 113 packets = [Ether(hex_bytes('0090274ee3fc000991442017080045000128000c00004011648f0a0a00810a0a00968894061e011444c604022800100000000000a0de976cd111827100010003015a0100a0de976cd111827100a02442df7ddbabbaec1d005443b2500b01630abafd0100000001000000000000000500ffffffffbc000000000000000000a80000004080000000000000a80000008009003c0100000a0000000000000000000000000000000000000000000000010000f840000000680000000000000000000000000000000000000000000000000030002c0100000100000000000200000000000100020001000000010003ffff010a0001ffff814000010001ffff814000310018010000010000000000010001ffff814000010001ffff814000320018010000010000000000010000000000010001000100000001')), 114 Ether(hex_bytes('0009914420170090274ee3fc0800450000c0b28800008011727a0a0a00960a0a0081061e889400ac689504000800100000000000a0de976cd111827100010003015a0100a0de976cd111827100a02442df7ddbabbaec1d005443b2500b01630abafd0000000001000000000000000500ffffffff54000000000040800000400000004080000000000000400000000009003c0100000a0000000000000000000000000000000000000000000000010000f84000008000000000000000000000000000000000000000000000000000'))] 115 116 analysed_data = PNIORealTime.analyse_data(packets) 117 assert len(analysed_data) == 2 118 x = analysed_data[('00:09:91:44:20:17', '00:90:27:4e:e3:fc')] 119 assert len(x) == 2 120 assert x[0][1] == PNIORealTimeRawData 121 assert x[0][0] == -262 122 assert x[0][2]["length"] == 87 123 124 ProfinetIO._overload_fields[UDP].pop("sport") 125 ProfinetIO._overload_fields[UDP]["dport"] = 0x8892