3 files changed, 15 insertions, 3 deletions

diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 20f6e2a63..a1f0732ea 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -392,6 +392,7 @@ typedef enum {
   NDPI_PROTOCOL_S7COMM_PLUS           = 361,
   NDPI_PROTOCOL_FINS                  = 362,
   NDPI_PROTOCOL_ETHERSIO              = 363,
+  NDPI_PROTOCOL_UMAS                  = 364,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 9f152631f..f3786a719 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2154,6 +2154,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "EtherSIO", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 6060, 0, 0, 0, 0) /* UDP */);
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UMAS,
+			  "UMAS", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
+			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main.c"
diff --git a/src/lib/protocols/modbus.c b/src/lib/protocols/modbus.c
index 8eb0f8dae..e57b0d69e 100644
--- a/src/lib/protocols/modbus.c
+++ b/src/lib/protocols/modbus.c
@@ -47,9 +47,16 @@ static void ndpi_search_modbus_tcp(struct ndpi_detection_module_struct *ndpi_str
 
       // the fourth parameter of the payload is the length of the segment            
       if((modbus_len-1) == (packet->payload_packet_len - 7 /* ModbusTCP header len */)) {
-	NDPI_LOG_INFO(ndpi_struct, "found MODBUS\n");
-	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MODBUS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	return;
+        /* Check Modbus function code. 0x5A (90) is reserved for UMAS protocol */
+        if (packet->payload[7] == 0x5A) {
+          NDPI_LOG_INFO(ndpi_struct, "found Schneider Electric UMAS\n");
+          ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UMAS, NDPI_PROTOCOL_MODBUS, NDPI_CONFIDENCE_DPI);
+          return;
+        }
+
+        NDPI_LOG_INFO(ndpi_struct, "found MODBUS\n");
+        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MODBUS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+        return;
       }
     }
   }