Add support for under-specified CIP addresses

o Default Attribute=1 for C*Logix requests specifying only Class,
  Instance (and Element).

Author: pjkundert

server/enip/device.py

@@ -201,18 +201,28 @@ def resolve( path, attribute=False ):
     Other valid paths segments (eg. {'port':...}, {'connection':...}) are not presently usable in
     our Controller communication simulation.
 
-    Call with attribute=True to force resolving to the Attribute level; otherwise, always returns
-    None for the attribute.
+    Call with attribute=<Truthy> to force resolving to the Attribute level; otherwise, always returns
+    None for the attribute.  If an attribute is required, but is not supplied in the path, then we
+    can default one.  This is an (unexpected) feature of the C*Logix PLCs; you can do a Read Tag
+    Fragmented asking for eg.  @0x6b/0x0008[0] (a Class, Instance and Element but no Attribute!).
+    Presumably there is an implied default Attribute number; we're guessing it's 1?  Undocumented.
 
     """
 
     result			= { 'class': None, 'instance': None, 'attribute': None }
     tag				= '' # developing symbolic tag "Symbol.Subsymbol"
 
     for term in path['segment']:
-        if ( result['class'] is not None and result['instance'] is not None
-             and ( not attribute or result['attribute'] is not None )):
-            break # All desired terms specified; done! (ie. ignore 'element')
+        if ( result['class'] is not None		# Got Class already
+             and result['instance'] is not None		# Got Instance already
+             and (
+                 result['attribute'] is not None	# Got Attribute already
+                 or not attribute			#   or no Attribute desired (must return None)
+                 or ( attribute is not True             #   or a default attribute is supplied
+                      and 'attribute' not in term )     #     and the term didn't contain a supplied one
+             )
+            ):
+            break # All desired terms specified; done! (ie. ignore subsequent 'element')
         working			= dict( term )
         while working:
             # Each term is something like {'class':5}, {'instance':1}, or (from symbol table):
@@ -240,6 +250,11 @@ def resolve( path, attribute=False ):
     assert not tag, \
         "Unrecognized symbolic name %r found in path %r" % ( tag, path['segment'] )
 
+    # Handle the case where a default Attribute value was provided, and none was supplied
+    if result['attribute'] is None and attribute and attribute is not True:
+        assert isinstance( attribute, int )
+        result['attribute']	= attribute
+    # Make sure we got everything we required
     assert ( result['class'] is not None and result['instance'] is not None
              and ( not attribute or result['attribute'] is not None )), \
         "Failed to resolve required Class (%r), Instance (%r) %s Attribute(%r) from path: %r" % (

server/enip/logix.py

@@ -316,7 +316,7 @@ def request( self, data, addr=None ):
             # We need to find the attribute for all requests, and it better be ours!
             data.status		= 0x05 # On Failure: Request Path destination unknown
             data.status_ext	= {'size': 1, 'data':[0x0000]}
-            clid, inid, atid	= resolve( data.path, attribute=True )
+            clid, inid, atid	= resolve( data.path, attribute=1 ) # eg. @<cls>/<ins>[<elm>] defaults to Attribute 1!
             attribute		= lookup( clid, inid, atid )
             assert clid == self.class_id and inid == self.instance_id, \
                 "Path %r processed by wrong Object %r" % ( data.path['segment'], self )
@@ -697,7 +697,7 @@ def setup_tag( key, val ):
         # doesn't exist.  Then, find the Attribute, ensuring it is consistent if it exists.
         cls,ins,att		= 0x02,1,None # The (Logix?) Message Router, by default
         if 'path' in val and val['path']:
-            cls,ins,att	= resolve( val['path'], attribute=True )
+            cls,ins,att	= resolve( val['path'], attribute=True ) # No default Attribute for new Tags
         # See if the tag's Instance exists.  If not, we'll need to create it.  If the Class'
         # "meta" Instance exists, we'll use it to create the Instance (its always at
         # Instance 0).  Otherwise, we'll create an Object class with the appropriate

server/enip/parser.py

@@ -684,7 +684,7 @@ def enip_format( data, sort_keys=False, indent=4 ):
                 beg,end		= 'bytearray(',')'
             else:
                 beg,end		= 'bytes(',')'
-            result	       += "{beg}hexload('''".format( beg=beg )
+            result	       += "{beg}hexload(r'''".format( beg=beg )
             result	       += ''.join( newline + prefix + row for row in misc.hexdumper( val ))
             result	       += newline + "'''){end},".format( end=end )
             continue

server/enip_test.py

@@ -37,7 +37,7 @@
     logging.basicConfig( **log_cfg )
 
 import cpppo
-from   cpppo.misc import hexdump
+from   cpppo.misc import hexdump, hexload
 from   cpppo.server import network, enip
 from   cpppo.server.enip import parser, device, logix, client, pccc
 from   cpppo.server.enip.main import main as enip_main
@@ -743,6 +743,30 @@ def test_enip_TYPES_STRUCT():
     0x00, 0x00, 0x80, 0x3e, 0x00, 0x00, 0xf0, 0x55, 0x00, 0x00, 0xf0, 0x55, 0x00, 0x00, 0xf0, 0x55,
     0x00, 0x00, 0x00, 0x00, 0xe0, 0x40, 0x00, 0x00, 0x20, 0x41, 0x00, 0x00, 0x20, 0x41,
 ]))
+
+# A Symbolic unconnected_send.path is supplied:
+# 
+#    'enip.CIP.send_data.CPF.item[1].unconnected_send.service': 82,
+#    'enip.CIP.send_data.CPF.item[1].unconnected_send.priority': 104,
+#    'enip.CIP.send_data.CPF.item[1].unconnected_send.path.size': 13,
+#    'enip.CIP.send_data.CPF.item[1].unconnected_send.path.segment[0].symbolic': 'GasGuardSensorDATAARRAY',
+#
+# instead of the Connection Manager @6/1. This is a PLC misconfiguration, and isn't a valid request.
+# 
+#            "CPF.item[1].unconnected_send.service": 82, 
+#            "CPF.item[1].unconnected_send.priority": 5, 
+#            "CPF.item[1].unconnected_send.path.size": 2, 
+#            "CPF.item[1].unconnected_send.path.segment[0].class": 6,
+#            "CPF.item[1].unconnected_send.path.segment[1].instance": 1,
+rfg_gg1_req			= bytes(bytearray([
+                            0x6f, 0x00, 0x32, 0x00, 0x73, 0x6b, 0x0d, 0x31, 0x00, 0x00, 0x00, 0x00,
+    0xc0, 0xa8, 0x12, 0x02, 0x00, 0x00, 0x5c, 0x7a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb2, 0x00, 0x22, 0x00, 0x52, 0x0d, 0x91, 0x17,
+    0x47, 0x61, 0x73, 0x47, 0x75, 0x61, 0x72, 0x64, 0x53, 0x65, 0x6e, 0x73, 0x6f, 0x72, 0x44, 0x41,
+    0x54, 0x41, 0x41, 0x52, 0x52, 0x41, 0x59, 0x00, 0x68, 0x01, 0x00, 0x00, 0x00, 0x00,
+]))
+
+
 eip_tests			= [
             ( b'', {} ),        # test that parsers handle/reject empty/EOF
             ( rss_004_request,	{ 'enip.command': 0x0065, 'enip.length': 4 }),
@@ -770,6 +794,7 @@ def test_enip_TYPES_STRUCT():
             ( msp_001_reply,	{} ),
             ( rfg_gg0_req,	{} ),
             ( rfg_gg0_rpy,	{} ),
+            ( rfg_gg1_req,	{} ),
 ]
 
 def test_enip_header():
@@ -1847,7 +1872,21 @@ def test_enip_CPF():
             ( 
                 # An empty request (usually indicates termination of session)
                 'empty_req', enip.Message_Router, {}
+            # ), (
+            #     # Not a valid unconnected_send.path (symbolic tag name, instead of @6/1); can't reconstruct...
+            #     'rfg_gg1_req', logix.Logix,
+            #     {
+            #         'enip.session_handle':          822963059,
+            #         'enip.sender_context.input':    array.array( cpppo.type_bytes_array_symbol, hexload(r'''
+            #             00000000:  c0 a8 12 02 00 00 5c 7a                            |......\z|
+            #         ''')),
+            #         "enip.options": 0,
+            #     }
             ), (
+                # This is a strange request; it's a Class/Instance request path of @0x006b/0x0008
+                # with a 16-bit Instance number (eg. vs. an 8-bit), and NO Attribute number, and an Element #0.  It must assume that the PLC defaults
+                # to a certain Attribute number?  This is a Read Tag Fragmented request for a UDT.
+                # We must be able to construct such numeric CIP addresses, eg. "@0x0086/0x0008[0]"?
                 'rfg_gg0_req', logix.Logix,
                 {
                     "enip.session_handle": 369295182,
@@ -1873,6 +1912,8 @@ def test_enip_CPF():
                     "enip.CIP.send_data.CPF.count": 2,
                 }
             ), (
+                # Here's the response of partial data from the UDT, to the above request.  We don't know
+                # the Attribute number, of course, but the PLC replies.
                 'rfg_gg0_rpy', logix.Logix,
                 {
                     "enip.command": 112,
@@ -3481,6 +3522,27 @@ def test_enip_device_symbolic():
     }
     assert enip.device.resolve( path, attribute=True ) == (0x401,1,3)
 
+    # Attribute defaults for CIP addressing; default not used
+    path			= {
+        'segment':[{'class': 0x6B}, {'instance': 0x0008}, {'attribute':99}, {'element':4}]
+    }
+    assert enip.device.resolve( path, attribute=True ) == (0x6B,8,99)
+    assert enip.device.resolve( path ) == (0x6B,8,None)
+
+    # Attribute defaults for CIP addressing; no attribute in path, default used
+    path			= {
+        'segment':[{'class': 0x6B}, {'instance': 0x0008}, {'element':4}]
+    }
+    try:
+        result			= enip.device.resolve( path, attribute=True )
+        assert False, "Should not have succeeded: %r" % result
+    except AssertionError as exc:
+        assert "Invalid term" in str(exc)
+    assert enip.device.resolve( path ) == (0x6B,8,None)
+    assert enip.device.resolve( path, attribute=22 ) == (0x6B,8,22)
+    assert enip.device.resolve( path, attribute=1 ) == (0x6B,8,1)
+
+    # Erroneous requests
     try:
         result			= enip.device.resolve(
             {'segment':[{'class':5},{'symbolic':'SCADA'},{'element':4}]} )