sven
/
libicsneo
mirror of https://github.com/intrepidcs/libicsneo.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

PCAP: Listen for ICS_UNSET_MAC 

On newer firmware, the device will address the PC directly after
EnableNetworkComm. Before this, it will set the destination MAC to
00:FC:70:FF:FF:FF.
pull/25/head
Paul Hollinsky 2020-08-26 22:43:35 -04:00
parent b5c9443fc8
commit 5db07102aa
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
platform/posix/pcap.cpp
View File

@ -15,6 +15,7 @@
using namespace icsneo; using namespace icsneo;
static const uint8_t BROADCAST_MAC[6] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; static const uint8_t BROADCAST_MAC[6] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
static const uint8_t ICS_UNSET_MAC[6] = { 0x00, 0xFC, 0x70, 0xFF, 0xFF, 0xFF };
std::vector<PCAP::NetworkInterface> PCAP::knownInterfaces; std::vector<PCAP::NetworkInterface> PCAP::knownInterfaces;
@ -130,7 +131,8 @@ std::vector<PCAP::PCAPFoundDevice> PCAP::FindAll() {
// Is this an ICS response packet (0xCAB2) from an ICS MAC, either to broadcast or directly to us? // Is this an ICS response packet (0xCAB2) from an ICS MAC, either to broadcast or directly to us?
if(packet.etherType == 0xCAB2 && packet.srcMAC[0] == 0x00 && packet.srcMAC[1] == 0xFC && packet.srcMAC[2] == 0x70 && ( if(packet.etherType == 0xCAB2 && packet.srcMAC[0] == 0x00 && packet.srcMAC[1] == 0xFC && packet.srcMAC[2] == 0x70 && (
memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) == 0 || memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) == 0 ||
memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 ||
memcmp(packet.destMAC, ICS_UNSET_MAC, sizeof(packet.destMAC)) == 0
)) { )) {
/* We have received a packet from a device. We don't know if this is the device we're /* We have received a packet from a device. We don't know if this is the device we're
* looking for, we don't know if it's actually a response to our RequestSerialNumber * looking for, we don't know if it's actually a response to our RequestSerialNumber
@ -255,7 +257,8 @@ void PCAP::readTask() {
continue; // Not a packet to host continue; // Not a packet to host
if(memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) != 0 && if(memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) != 0 &&
memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0) memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0 &&
memcmp(packet.destMAC, ICS_UNSET_MAC, sizeof(packet.destMAC)) != 0)
continue; // Packet is not addressed to us or broadcast continue; // Packet is not addressed to us or broadcast
if(memcmp(packet.srcMAC, deviceMAC, sizeof(deviceMAC)) != 0) if(memcmp(packet.srcMAC, deviceMAC, sizeof(deviceMAC)) != 0)

7
platform/windows/pcap.cpp
View File

@ -13,6 +13,7 @@ using namespace icsneo;
static std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter; static std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter;
static const uint8_t BROADCAST_MAC[6] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; static const uint8_t BROADCAST_MAC[6] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
static const uint8_t ICS_UNSET_MAC[6] = { 0x00, 0xFC, 0x70, 0xFF, 0xFF, 0xFF };
std::vector<PCAP::NetworkInterface> PCAP::knownInterfaces; std::vector<PCAP::NetworkInterface> PCAP::knownInterfaces;
@ -134,7 +135,8 @@ std::vector<PCAP::PCAPFoundDevice> PCAP::FindAll() {
// Is this an ICS response packet (0xCAB2) from an ICS MAC, either to broadcast or directly to us? // Is this an ICS response packet (0xCAB2) from an ICS MAC, either to broadcast or directly to us?
if(packet.etherType == 0xCAB2 && packet.srcMAC[0] == 0x00 && packet.srcMAC[1] == 0xFC && packet.srcMAC[2] == 0x70 && ( if(packet.etherType == 0xCAB2 && packet.srcMAC[0] == 0x00 && packet.srcMAC[1] == 0xFC && packet.srcMAC[2] == 0x70 && (
memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) == 0 || memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) == 0 ||
memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 ||
memcmp(packet.destMAC, ICS_UNSET_MAC, sizeof(packet.destMAC)) == 0
)) { )) {
/* We have received a packet from a device. We don't know if this is the device we're /* We have received a packet from a device. We don't know if this is the device we're
* looking for, we don't know if it's actually a response to our RequestSerialNumber * looking for, we don't know if it's actually a response to our RequestSerialNumber
@ -268,7 +270,8 @@ void PCAP::readTask() {
continue; // Not a packet to host continue; // Not a packet to host
if(memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) != 0 && if(memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) != 0 &&
memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0) memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0 &&
memcmp(packet.destMAC, ICS_UNSET_MAC, sizeof(packet.destMAC)) != 0)
continue; // Packet is not addressed to us or broadcast continue; // Packet is not addressed to us or broadcast
if(memcmp(packet.srcMAC, deviceMAC, sizeof(deviceMAC)) != 0) if(memcmp(packet.srcMAC, deviceMAC, sizeof(deviceMAC)) != 0)