Modify consts.zeek file

Hi,

I am trying to generate logs based on specific exceptions of the modbus protocol.

To achieve that, I would like to modify the /protocols/modbus/consts.zeek file to add other exceptions like this :

const exception_codes = {
                [0x01] = "ILLEGAL_FUNCTION",
                [0x02] = "ILLEGAL_DATA_ADDRESS",
                [0x03] = "ILLEGAL_DATA_VALUE",
                [0x04] = "SLAVE_DEVICE_FAILURE",
                [0x05] = "TIMEOUT_ACK_SERVER",
                [0x06] = "SLAVE_DEVICE_BUSY",
                [0x08] = "MEMORY_PARITY_ERROR",
                [0x0A] = "GATEWAY_PATH_UNAVAILABLE",
                [0x0B] = "GATEWAY_TARGET_DEVICE_FAILED_TO_RESPOND",
                [0x204] = "TIMEOUT"
                [0x205] = "TIMEOUT_RESPONSE_FROM_HOST"
                [0x207] = "UNKNOWN_ERROR"
                [0x2013] = "COMMUNICATION_CHANNEL_NOT_AVAILABLE"
                [0x216] = "CORRUPTED_MODBUS_HEADER"
                [0x302] = "PORT_FAILED_TO_CONNECT"
                [0x303] = "PORT_LOST_CONNECTION"
                [0x305] = "PORT_ALREADY_IN_USE"
                [0x306] = "SERIAL_PORT_ACCESS_DENIED"
                [0x307] = "SERIAL_PORT_GENERAL_FAILURE"
                [0x310] = "PORT_UNKNOWN_ERROR"
                [0x309] = "PORT_NOT_CONNECTED"
        } &default=function(i: count):string { return fmt("unknown-%d", i); } &redef;

But I then get this error when launching Zeek :

zeek scripts failed.
expression error in /opt/zeek/share/zeek/base/protocols/modbus/./consts.zeek, lines 66-77: illegal assignment in initialization (TIMEOUT[(coerce 517 to int)] = TIMEOUT_RESPONSE_FROM_HOST[(coerce 519 to int)] = UNKNOWN_ERROR[(coerce 8211 to int)] = COMMUNICATION_CHANNEL_NOT_AVAILABLE[(coerce 534 to int)] = CORRUPTED_MODBUS_HEADER[(coerce 770 to int)] = PORT_FAILED_TO_CONNECT[(coerce 771 to int)] = PORT_LOST_CONNECTION[(coerce 773 to int)] = PORT_ALREADY_IN_USE[(coerce 774 to int)] = SERIAL_PORT_ACCESS_DENIED[(coerce 775 to int)] = SERIAL_PORT_GENERAL_FAILURE[(coerce 784 to int)] = PORT_UNKNOWN_ERROR[(coerce 777 to int)] = PORT_NOT_CONNECTED)
error in /opt/zeek/share/zeek/base/protocols/modbus/./consts.zeek, line 56: initialization failed (Modbus::exception_codes)
internal error in /opt/zeek/share/zeek/base/protocols/modbus/./consts.zeek, line 80: Failed to find variable named: Spicy::codegen_debug
/opt/zeek/share/zeekctl/scripts/check-config: line 50: 81339 Aborted                 (core dumped) ZEEKCTL_DISABLE_LISTEN=1 ZEEKCTL_CHECK_CONFIG=1 "${zeek}" $check_option "$@"

How should I do it ?

Thank you for your help

Table elements are separated with , which you miss for your added entries.

That being said, since Modbus::exception_codes is declared with &redef you do not need and in fact should avoid to modify the system script. On updates such changes would likely be overwritten again. Instead you should tweak it in a file you own and control like site/local.zeek, e.g.,

# Append entries to existing table with `+=`.
redef Modbus::exception_codes += {
	[0x204] = "TIMEOUT",
	[0x205] = "TIMEOUT_RESPONSE_FROM_HOST",
	[0x207] = "UNKNOWN_ERROR",
	[0x2013] = "COMMUNICATION_CHANNEL_NOT_AVAILABLE",
	[0x216] = "CORRUPTED_MODBUS_HEADER",
	[0x302] = "PORT_FAILED_TO_CONNECT",
	[0x303] = "PORT_LOST_CONNECTION",
	[0x305] = "PORT_ALREADY_IN_USE",
	[0x306] = "SERIAL_PORT_ACCESS_DENIED",
	[0x307] = "SERIAL_PORT_GENERAL_FAILURE",
	[0x310] = "PORT_UNKNOWN_ERROR",
	[0x309] = "PORT_NOT_CONNECTED"
};
1 Like