DNP3 support

[glaslos]

Skills required: Python, basic C++, dissecting network traffic. * Time estimation:* We assume this to be a three months project. Short Description: Improve Conpot’s current very minimal support for the DNP3 protocol. Goal is to provide a server capable of basic DNP3 communication.

Description: Conpot provides a variety of common protocols: Modbus, S7Comm, SNMP, HTTP and Kamstrup. We are always working on getting additional protocols supported. This is a rather complicated task as many protocols don't have an open source implementation, documentation is rather complex or simply not available. One of the protocols we are interested in is DNP3 (Distributed Network Protocol) which is similar to IEC 60870-5 and often used for communication between control centers, RTUs (Remote Terminal Units) and IEDs (Intelligent Electronic Devices). Conpot has a feature which we call the Proxy Module. This allows us to proxy incoming requests through Conpot to a service and back to the client. When we implement a new protocol in Conpot, we set up an instance with this proxy module and tunnel all requests from the client to e.g. a real device or a service with that protocol running on another host. Then, piece by piece, we are decoding the message in Conpot while it passes through so we get insight into the intention of the request. Right now we have a very basic decoder for the DNP3 protocol which we would like to extend.

More information:

• DNP3 library: https://github.com/automatak/dnp3
• Wrapping C++ with Python
• Calling C/C++ from python: http://stackoverflow.com/a/145649/948369

[glaslos]

I made some successful tests with the proxy module: https://github.com/glastopf/conpot/tree/dnp3_proxy

[adepasquale]

How can I help here? Is this doc up to date? https://github.com/glastopf/conpot/blob/dnp3_proxy/docs/source/components/protocols/dnp3.rst

[glaslos]

The documentation should be up to date. Have a look at the decoder and how to extend it.

[glaslos]

Let me know if you run into any problems or need some help.

[adepasquale]

I've just built and installed cverges' DNP3 fork successfully.

Is this right or do I need to install automatak's one?

Now I'll read something about DNP3 and then I'll have a look at the decoder in the dnp3_proxy branch.

[glaslos]

I went straight to the automatak code and installed the samples, some instructions can be found here: https://github.com/mushorg/conpot/blob/dnp3_proxy/docs/source/components/protocols/dnp3.rst

[adepasquale]

Ok thanks I'll do.

[adepasquale]

Done, outstationdemo and masterdemo samples are running fine.

[glaslos]

I have changed the outstations listening port to +=1 so conpot can listen on the default port and I didn't had to change the client. Let me know if you run into trouble merging master into the branch. And feel free to continue using that branch.

[adepasquale]

Just as a reminder to myself, I patched the source file /cpp/examples/outstation/DemoMain.cpp and changed 20000 to 20001.

[glaslos]

This is helpful during development: http://www.automatak.com/opendnp3/decoder/

[glaslos]

@adepasquale have you looked more into this?

[adepasquale]

Even if this might overlap with the DNP3 proxy branch, I'd like to code wireshark dissectors first. Then implement DNP3 only after I have better understood the protocol.

[glaslos]

Sounds good to me. I might have a student interested in working on this after all. I still think writing a proper wrapper around automataks opendnp3 library would be pretty awesome...

[xandfury]

Although my experience with swig is limited, I think auto generated python API is a little hackish - and may lead to unexpected behavior. I would instead suggest using Boost.python to write the wrapper for the handler. This way the python API would be seamless to work with, since we know what we are getting into :wink: We can use automak's lib for writing the handler.

[xandfury]

There has been promising updates on this :slightly_smiling_face: pydnp3

[prashantvidja]

Any progress? I am also planning to add dnp3 support in conpot.

[MortalAndTry]

Six years on, we're still in demand for DNP3, and the old branch is no longer usable.

[glaslos]

Six years on, we're still in demand for DNP3, and the old branch is no longer usable.

You think you can help in any way?