diff --git a/supervisor/session/pocket.lua b/supervisor/session/pocket.lua index 7500110..c42d59d 100644 --- a/supervisor/session/pocket.lua +++ b/supervisor/session/pocket.lua @@ -39,7 +39,8 @@ local PERIODICS = { ---@param sessions svsessions_list list of computer sessions, read-only ---@param facility facility facility data table ---@param fp_ok boolean if the front panel UI is running -function pocket.new_session(id, s_addr, i_seq_num, in_queue, out_queue, timeout, sessions, facility, fp_ok) +---@param allow_test boolean if this should allow pocket testing commands +function pocket.new_session(id, s_addr, i_seq_num, in_queue, out_queue, timeout, sessions, facility, fp_ok, allow_test) -- print a log message to the terminal as long as the UI isn't running local function println(message) if not fp_ok then util.println_ts(message) end end @@ -143,7 +144,7 @@ function pocket.new_session(id, s_addr, i_seq_num, in_queue, out_queue, timeout, local valid = false -- attempt to set a tone state - if pkt.scada_frame.is_authenticated() then + if allow_test then if pkt.length == 2 then if type(pkt.data[1]) == "number" and type(pkt.data[2]) == "boolean" then valid = true @@ -151,22 +152,16 @@ function pocket.new_session(id, s_addr, i_seq_num, in_queue, out_queue, timeout, -- try to set tone states, then send back if testing is allowed local allow_testing, test_tone_states = facility.diag_set_test_tone(pkt.data[1], pkt.data[2]) _send_mgmt(MGMT_TYPE.DIAG_TONE_SET, { allow_testing, test_tone_states }) - else - log.debug(log_tag .. "SCADA diag tone set packet data type mismatch") - end - else - log.debug(log_tag .. "SCADA diag tone set packet length mismatch") - end - else - log.debug(log_tag .. "DIAG_TONE_SET is blocked without HMAC for security") - end + else log.debug(log_tag .. "SCADA diag tone set packet data type mismatch") end + else log.debug(log_tag .. "SCADA diag tone set packet length mismatch") end + else log.warning(log_tag .. "DIAG_TONE_SET is blocked without pocket test commands enabled") end if not valid then _send_mgmt(MGMT_TYPE.DIAG_TONE_SET, { false }) end elseif pkt.type == MGMT_TYPE.DIAG_ALARM_SET then local valid = false -- attempt to set an alarm state - if pkt.scada_frame.is_authenticated() then + if allow_test then if pkt.length == 2 then if type(pkt.data[1]) == "number" and type(pkt.data[2]) == "boolean" then valid = true @@ -174,15 +169,9 @@ function pocket.new_session(id, s_addr, i_seq_num, in_queue, out_queue, timeout, -- try to set alarm states, then send back if testing is allowed local allow_testing, test_alarm_states = facility.diag_set_test_alarm(pkt.data[1], pkt.data[2]) _send_mgmt(MGMT_TYPE.DIAG_ALARM_SET, { allow_testing, test_alarm_states }) - else - log.debug(log_tag .. "SCADA diag alarm set packet data type mismatch") - end - else - log.debug(log_tag .. "SCADA diag alarm set packet length mismatch") - end - else - log.debug(log_tag .. "DIAG_ALARM_SET is blocked without HMAC for security") - end + else log.debug(log_tag .. "SCADA diag alarm set packet data type mismatch") end + else log.debug(log_tag .. "SCADA diag alarm set packet length mismatch") end + else log.warning(log_tag .. "DIAG_ALARM_SET is blocked without pocket test commands enabled") end if not valid then _send_mgmt(MGMT_TYPE.DIAG_ALARM_SET, { false }) end elseif pkt.type == MGMT_TYPE.INFO_LIST_CMP then diff --git a/supervisor/session/svsessions.lua b/supervisor/session/svsessions.lua index 73d5c01..402ea58 100644 --- a/supervisor/session/svsessions.lua +++ b/supervisor/session/svsessions.lua @@ -623,7 +623,7 @@ function svsessions.establish_pdg_session(nic, source_addr, i_seq_num, version) local id = self.next_ids.pdg - pdg_s.instance = pocket.new_session(id, source_addr, i_seq_num, pdg_s.in_queue, pdg_s.out_queue, self.config.PKT_Timeout, self.sessions, self.facility, self.fp_ok) + pdg_s.instance = pocket.new_session(id, source_addr, i_seq_num, pdg_s.in_queue, pdg_s.out_queue, self.config.PKT_Timeout, self.sessions, self.facility, self.fp_ok, self.config.PocketTest) table.insert(self.sessions.pdg, pdg_s) local mt = {