modbus-checker/README.md

# Checker

Modbus/TCP traffic checker that validates generated PCAP/PCAPNG traces against
Modbus rules, request/response pairing, and optional expected fields supplied
via JSONL sidecar metadata.

## What It Does

- Parses Ethernet/RAW PCAP packets, extracts TCP payloads
- Validates MBAP header and basic Modbus/TCP invariants
- Parses PDU fields using descriptor JSON (request/response)
- Tracks outstanding requests and flags unmatched responses
- Compares observed values with optional expected fields in JSONL
- Emits a JSON report with findings and a summary

## Build

```bash
cargo build
```

## Run

```bash
cargo run -- \
  --pcap trace.pcapng \
  --meta trace.meta.jsonl \
  --config modbus.json \
  --report report.json \
  --port 502 \
  --mode mvp
```

Sample CLI with the example files:

```bash
cargo run -- \
  --pcap trace.pcapng \
  --meta docs/examples/trace.meta.jsonl \
  --config docs/examples/modbus.json \
  --report report.json
```

## CLI Options

- `--pcap <path>`: PCAP or PCAPNG input file
- `--meta <path>`: JSONL sidecar metadata (1 line per packet)
- `--config <path>`: Modbus descriptor JSON
- `--report <path>`: Report JSON output (default: `report.json`)
- `--port <u16>`: Modbus/TCP port (default: `502`)
- `--mode mvp|strict`: Validation mode (default: `mvp`)
- `--fail-fast`: Stop on first fatal error

## Files and Formats

See `docs/api.md` for the full schema of:
- `trace.meta.jsonl` lines
- Modbus descriptor JSON
- `report.json` output

Example files live in `docs/examples/`:
- `docs/examples/trace.meta.jsonl`
- `docs/examples/modbus.json`
- `docs/examples/report.json`

## Notes

- This checker assumes one Modbus ADU per TCP payload.
- TCP reassembly and checksum validation are not implemented.