Preprocessor Configuration

To get started, the DNP3 preprocessor must be enabled. The preprocessor name is dnp3.

preprocessor dnp3

Option syntax

Option	Argument	Required	Default
ports	<ports>	NO	ports { 20000 }
memcap	<number	NO	memcap 262144
check_crc	NONE	NO	OFF
disabled	NONE	NO	OFF

Option explanations

ports

This specifies on what ports to check for DNP3 messages. Typically, this will include 20000.

Syntax

    ports { <port> [<port>< ... >] }

Examples

    ports { 1237 3945 5067 }

Note: there are spaces before and after `{' and `}'.

memcap

This sets a maximum to the amount of memory allocated to the DNP3 preprocessor for session-tracking purposes. The argument is given in bytes. Each session requires about 4 KB to track, and the default is 256 kB. This gives the preprocessor the ability to track 63 DNP3 sessions simultaneously. Setting the memcap below 4144 bytes will cause a fatal error. When multiple configs are used, the memcap in the non-default configs will be overwritten by the memcap in the default config. If the default config isn't intended to inspect DNP3 traffic, use the "disabled" keyword.

check_crc

This option makes the preprocessor validate the checksums contained in DNP3 Link-Layer Frames. Frames with invalid checksums will be ignored. If the corresponding preprocessor rule is enabled, invalid checksums will generate alerts. The corresponding rule is GID 145, SID 1.

disabled

This option is used for loading the preprocessor without inspecting any DNP3 traffic. The disabled keyword is only useful when the DNP3 preprocessor is turned on in a separate policy.

Default configuration

    preprocessor dnp3