#ifndef lint
static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/tcpdump/print-snmp.c,v 1.33 1999-10-07 23:47:12 mcr Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-snmp.c,v 1.36 1999-10-17 22:18:02 mcr Exp $ (LBL)";
#endif
#include <sys/param.h>
#define GAUGE 2
"TimeTicks",
#define TIMETICKS 3
- "Opaque"
+ "Opaque",
+#define OPAQUE 4
+ "C-5",
+ "Counter64"
+#define COUNTER64 6
};
/*
#define GETRESP 2
"SetRequest",
#define SETREQ 3
- "Trap"
+ "Trap",
#define TRAP 4
+ "GetBulk",
+#define GETBULKREQ 5
+ "Inform",
+#define INFORMREQ 6
+ "V2Trap",
+#define V2TRAP 7
+ "Report"
+#define REPORT 8
+};
+
+/*
+ * Context-specific ASN.1 types for the SNMP Exceptions and their tags
+ */
+char *Exceptions[] = {
+ "noSuchObject",
+#define NOSUCHOBJECT 0
+ "noSuchInstance",
+#define NOSUCHINSTANCE 1
+ "endOfMibView",
+#define ENDOFMIBVIEW 2
};
/*
"noSuchName",
"badValue",
"readOnly",
- "genErr"
+ "genErr",
+ "noAccess",
+ "wrongType",
+ "wrongLength",
+ "wrongEncoding",
+ "wrongValue",
+ "noCreation",
+ "inconsistentValue",
+ "resourceUnavailable",
+ "commitFailed",
+ "undoFailed",
+ "authorizationError",
+ "notWritable",
+ "inconsistentName"
};
#define DECODE_ErrorStatus(e) \
- ( e >= 0 && e <= sizeof(ErrorStatus)/sizeof(ErrorStatus[0]) \
+ ( e >= 0 && e < sizeof(ErrorStatus)/sizeof(ErrorStatus[0]) \
? ErrorStatus[e] : (sprintf(errbuf, "err=%u", e), errbuf))
/*
#define GT_ENTERPRISE 7
};
#define DECODE_GenericTrap(t) \
- ( t >= 0 && t <= sizeof(GenericTrap)/sizeof(GenericTrap[0]) \
+ ( t >= 0 && t < sizeof(GenericTrap)/sizeof(GenericTrap[0]) \
? GenericTrap[t] : (sprintf(buf, "gt=%d", t), buf))
/*
#define CONTEXT 2
defineCLASS(Private),
#define PRIVATE 3
+ defineCLASS(Exceptions),
+#define EXCEPTIONS 4
};
/*
#ifndef NO_ABREV_EXPERI
/* .iso.org.dod.internet.experimental */
{ "X:", &_experimental_obj, "\53\6\1\3" },
+#endif
+#ifndef NO_ABBREV_SNMPMODS
+ /* .iso.org.dod.internet.snmpV2.snmpModules */
+ { "S:", &_snmpModules_obj, "\53\6\1\6\3" },
#endif
{ 0,0,0 }
};
int32_t integer;
u_int32_t uns;
const u_char *str;
+ struct {
+ u_int32_t high;
+ u_int32_t low;
+ } uns64;
} data;
u_short id;
u_char form, class; /* tag info */
#define BE_SEQ 7
#define BE_INETADDR 8
#define BE_PDU 9
+#define BE_UNS64 10
+#define BE_NOSUCHOBJECT 128
+#define BE_NOSUCHINST 129
+#define BE_ENDOFMIBVIEW 130
+};
+
+/*
+ * SNMP versions recognized by this module
+ */
+char *SnmpVersion[] = {
+ "SNMPv1",
+#define SNMP_VERSION_1 0
+ "SNMPv2c",
+#define SNMP_VERSION_2 1
+ "SNMPv2u",
+#define SNMP_VERSION_2U 2
+ "SNMPv3"
+#define SNMP_VERSION_3 3
};
/*
* Defaults for SNMP PDU components
*/
#define DEF_COMMUNITY "public"
-#define DEF_VERSION 0
/*
* constants for ASN.1 decoding
elem->asnlen = 0;
elem->type = BE_ANY;
if (len < 1) {
- ifNotTruncated puts("[nothing to parse], stdout");
+ ifNotTruncated fputs("[nothing to parse]", stdout);
return -1;
}
break;
}
+ case COUNTER64: {
+ register u_int32_t high, low;
+ elem->type = BE_UNS64;
+ high = 0, low = 0;
+ for (i = elem->asnlen; i-- > 0; p++) {
+ high = (high << 8) |
+ ((low & 0xFF000000) >> 24);
+ low = (low << 8) | *p;
+ }
+ elem->data.uns64.high = high;
+ elem->data.uns64.low = low;
+ break;
+ }
+
default:
elem->type = BE_OCTET;
elem->data.raw = (caddr_t)p;
}
break;
+ case CONTEXT:
+ switch (id) {
+ case NOSUCHOBJECT:
+ elem->type = BE_NOSUCHOBJECT;
+ elem->data.raw = NULL;
+ break;
+
+ case NOSUCHINSTANCE:
+ elem->type = BE_NOSUCHINST;
+ elem->data.raw = NULL;
+ break;
+
+ case ENDOFMIBVIEW:
+ elem->type = BE_ENDOFMIBVIEW;
+ elem->data.raw = NULL;
+ break;
+ }
+ break;
+
default:
elem->type = BE_OCTET;
elem->data.raw = (caddr_t)p;
printf("%d", elem->data.uns);
break;
+ case BE_UNS64: { /* idea borrowed from by Marshall Rose */
+ double d;
+ int j, carry;
+ char *cpf, *cpl, last[6], first[30];
+ if (elem->data.uns64.high == 0) {
+ printf("%u", elem->data.uns64.low);
+ break;
+ }
+ d = elem->data.uns64.high * 4294967296.0; /* 2^32 */
+ if (elem->data.uns64.high <= 0x1fffff) {
+ d += elem->data.uns64.low;
+ printf("%.f", d);
+ break;
+ }
+ d += (elem->data.uns64.low & 0xfffff000);
+ sprintf(first, "%.f", d);
+ sprintf(last, "%5.5d", elem->data.uns64.low & 0xfff);
+ for (carry = 0, cpf = first+strlen(first)-1, cpl = last+4;
+ cpl >= last;
+ cpf--, cpl--) {
+ j = carry + (*cpf - '0') + (*cpl - '0');
+ if (j > 9) {
+ j -= 10;
+ carry = 1;
+ } else {
+ carry = 0;
+ }
+ *cpf = j + '0';
+ }
+ fputs(first, stdout);
+ break;
+ }
+
case BE_STR: {
register int printable = 1, first = 1;
const u_char *p = elem->data.str;
break;
}
+ case BE_NOSUCHOBJECT:
+ case BE_NOSUCHINST:
+ case BE_ENDOFMIBVIEW:
+ printf("[%s]", Class[EXCEPTIONS].Id[elem->id]);
+ break;
+
case BE_PDU:
printf("%s(%u)",
Class[CONTEXT].Id[elem->id], elem->asnlen);
length -= count;
np += count;
- if (pduid != GETREQ && pduid != GETNEXTREQ && !error)
+ if (pduid != GETREQ && pduid != GETNEXTREQ
+ && pduid != GETBULKREQ && !error)
fputs("=", stdout);
/* objVal (ANY) */
if ((count = asn1_parse(np, length, &elem)) < 0)
return;
- if (pduid == GETREQ || pduid == GETNEXTREQ) {
+ if (pduid == GETREQ || pduid == GETNEXTREQ
+ || pduid == GETBULKREQ) {
if (elem.type != BE_NULL) {
fputs("[objVal!=NULL]", stdout);
asn1_print(&elem);
}
/*
- * Decode SNMP PDUs: GetRequest, GetNextRequest, GetResponse, and SetRequest
+ * Decode SNMP PDUs: GetRequest, GetNextRequest, GetResponse, SetRequest,
+ * GetBulk, Inform, V2Trap, and Report
*/
static void
snmppdu_print(u_char pduid, const u_char *np, u_int length)
return;
}
error = 0;
- if ((pduid == GETREQ || pduid == GETNEXTREQ)
+ if ((pduid == GETREQ || pduid == GETNEXTREQ || pduid == SETREQ
+ || pduid == INFORMREQ || pduid == V2TRAP || pduid == REPORT)
&& elem.data.integer != 0) {
char errbuf[10];
printf("[errorStatus(%s)!=0]",
DECODE_ErrorStatus(elem.data.integer));
+ } else if (pduid == GETBULKREQ) {
+ printf(" N=%d", elem.data.integer);
} else if (elem.data.integer != 0) {
char errbuf[10];
printf(" %s", DECODE_ErrorStatus(elem.data.integer));
asn1_print(&elem);
return;
}
- if ((pduid == GETREQ || pduid == GETNEXTREQ)
+ if ((pduid == GETREQ || pduid == GETNEXTREQ || pduid == SETREQ
+ || pduid == INFORMREQ || pduid == V2TRAP || pduid == REPORT)
&& elem.data.integer != 0)
printf("[errorIndex(%d)!=0]", elem.data.integer);
+ else if (pduid == GETBULKREQ)
+ printf(" M=%d", elem.data.integer);
else if (elem.data.integer != 0) {
if (!error)
printf("[errorIndex(%d) w/o errorStatus]",
* Decode SNMP Trap PDU
*/
static void
-trap_print(const u_char *np, u_int length)
+trappdu_print(const u_char *np, u_int length)
{
struct be elem;
int count = 0, generic;
}
/*
- * Decode SNMP header and pass on to PDU printing routines
+ * Decode arbitrary SNMP PDUs.
*/
-void
-snmp_print(const u_char *np, u_int length)
+static void
+pdu_print(const u_char *np, u_int length, int version)
{
- struct be elem, pdu;
+ struct be pdu;
int count = 0;
- truncated = 0;
+ /* PDU (Context) */
+ if ((count = asn1_parse(np, length, &pdu)) < 0)
+ return;
+ if (pdu.type != BE_PDU) {
+ fputs("[no PDU]", stdout);
+ return;
+ }
+ if (count < length)
+ printf("[%d extra after PDU]", length - count);
+ asn1_print(&pdu);
+ /* descend into PDU */
+ length = pdu.asnlen;
+ np = (u_char *)pdu.data.raw;
- /* truncated packet? */
- if (np + length > snapend) {
- truncated = 1;
- length = snapend - np;
+ if (version == SNMP_VERSION_1 &&
+ (pdu.id == GETBULKREQ || pdu.id == INFORMREQ ||
+ pdu.id == V2TRAP || pdu.id == REPORT)) {
+ printf("[v2 PDU in v1 message]");
+ return;
}
- putchar(' ');
+ if (version == SNMP_VERSION_2 && pdu.id == TRAP) {
+ printf("[v1 PDU in v2 message]");
+ return;
+ }
- /* initial Sequence */
+ switch (pdu.id) {
+ case TRAP:
+ trappdu_print(np, length);
+ break;
+ case GETREQ:
+ case GETNEXTREQ:
+ case GETRESP:
+ case SETREQ:
+ case GETBULKREQ:
+ case INFORMREQ:
+ case V2TRAP:
+ case REPORT:
+ snmppdu_print(pdu.id, np, length);
+ break;
+ }
+}
+
+/*
+ * Decode a scoped SNMP PDU.
+ */
+static void
+scopedpdu_print(const u_char *np, u_int length, int version)
+{
+ struct be elem;
+ int i, count = 0;
+
+ /* Sequence */
if ((count = asn1_parse(np, length, &elem)) < 0)
return;
if (elem.type != BE_SEQ) {
- fputs("[!init SEQ]", stdout);
+ fputs("[!scoped PDU]", stdout);
asn1_print(&elem);
return;
}
- if (count < length)
- printf("[%d extra after iSEQ]", length - count);
- /* descend */
length = elem.asnlen;
np = (u_char *)elem.data.raw;
- /* Version (Integer) */
+
+ /* contextEngineID (OCTET STRING) */
if ((count = asn1_parse(np, length, &elem)) < 0)
return;
- if (elem.type != BE_INT) {
- fputs("[version!=INT]", stdout);
+ if (elem.type != BE_STR) {
+ fputs("[contextEngineID!=STR]", stdout);
asn1_print(&elem);
return;
}
- /* only handle version==0 */
- if (elem.data.integer != DEF_VERSION) {
- printf("[version(%d)!=0]", elem.data.integer);
+ length -= count;
+ np += count;
+
+ fputs("E= ", stdout);
+ for (i = 0; i < (int)elem.asnlen; i++) {
+ printf("0x%02X", elem.data.str[i]);
+ }
+ fputs(" ", stdout);
+
+ /* contextName (OCTET STRING) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_STR) {
+ fputs("[contextName!=STR]", stdout);
+ asn1_print(&elem);
return;
}
length -= count;
np += count;
+ printf("C=%.*s ", (int)elem.asnlen, elem.data.str);
+
+ pdu_print(np, length, version);
+}
+
+/*
+ * Decode SNMP Community Header (SNMPv1 and SNMPv2c)
+ */
+static void
+community_print(const u_char *np, u_int length, int version)
+{
+ struct be elem;
+ int count = 0;
+
/* Community (String) */
if ((count = asn1_parse(np, length, &elem)) < 0)
return;
length -= count;
np += count;
- /* PDU (Context) */
- if ((count = asn1_parse(np, length, &pdu)) < 0)
+ pdu_print(np, length, version);
+}
+
+/*
+ * Decode SNMPv3 User-based Security Message Header (SNMPv3)
+ */
+static void
+usm_print(const u_char *np, u_int length)
+{
+ struct be elem;
+ int count = 0;
+
+ /* Sequence */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
return;
- if (pdu.type != BE_PDU) {
- fputs("[no PDU]", stdout);
+ if (elem.type != BE_SEQ) {
+ fputs("[!usm]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ length = elem.asnlen;
+ np = (u_char *)elem.data.raw;
+
+ /* msgAuthoritativeEngineID (OCTET STRING) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_STR) {
+ fputs("[msgAuthoritativeEngineID!=STR]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ length -= count;
+ np += count;
+
+ /* msgAuthoritativeEngineBoots (INTEGER) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_INT) {
+ fputs("[msgAuthoritativeEngineBoots!=INT]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ if (vflag)
+ printf("B=%d ", elem.data.integer);
+ length -= count;
+ np += count;
+
+ /* msgAuthoritativeEngineTime (INTEGER) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_INT) {
+ fputs("[msgAuthoritativeEngineTime!=INT]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ if (vflag)
+ printf("T=%d ", elem.data.integer);
+ length -= count;
+ np += count;
+
+ /* msgUserName (OCTET STRING) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_STR) {
+ fputs("[msgUserName!=STR]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ length -= count;
+ np += count;
+
+ printf("U=%.*s ", (int)elem.asnlen, elem.data.str);
+
+ /* msgAuthenticationParameters (OCTET STRING) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_STR) {
+ fputs("[msgAuthenticationParameters!=STR]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ length -= count;
+ np += count;
+
+ /* msgPrivacyParameters (OCTET STRING) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_STR) {
+ fputs("[msgPrivacyParameters!=STR]", stdout);
+ asn1_print(&elem);
return;
}
+ length -= count;
+ np += count;
+
if (count < length)
- printf("[%d extra after PDU]", length - count);
- asn1_print(&pdu);
- /* descend into PDU */
- length = pdu.asnlen;
- np = (u_char *)pdu.data.raw;
+ printf("[%d extra after usm SEQ]", length - count);
+}
- switch (pdu.id) {
- case TRAP:
- trap_print(np, length);
+/*
+ * Decode SNMPv3 Message Header (SNMPv3)
+ */
+static void
+v3msg_print(const u_char *np, u_int length)
+{
+ struct be elem;
+ int count = 0;
+ u_char flags;
+ int model;
+ const u_char *xnp = np;
+ int xlength = length;
+
+ /* Sequence */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_SEQ) {
+ fputs("[!message]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ length = elem.asnlen;
+ np = (u_char *)elem.data.raw;
+
+ /* msgID (INTEGER) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_INT) {
+ fputs("[msgID!=INT]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ length -= count;
+ np += count;
+
+ /* msgMaxSize (INTEGER) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_INT) {
+ fputs("[msgMaxSize!=INT]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ length -= count;
+ np += count;
+
+ /* msgFlags (OCTET STRING) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_STR) {
+ fputs("[msgFlags!=STR]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ if (elem.asnlen != 1) {
+ printf("[msgFlags size %d]", elem.asnlen);
+ return;
+ }
+ flags = elem.data.str[0];
+ if (flags != 0x00 && flags != 0x01 && flags != 0x03
+ && flags != 0x04 && flags != 0x05 && flags != 0x07) {
+ printf("[msgFlags=0x%02X]", flags);
+ return;
+ }
+ length -= count;
+ np += count;
+
+ fputs("F=", stdout);
+ if (flags & 0x01) fputs("a", stdout);
+ if (flags & 0x02) fputs("p", stdout);
+ if (flags & 0x04) fputs("r", stdout);
+ fputs(" ", stdout);
+
+ /* msgSecurityModel (INTEGER) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_INT) {
+ fputs("[msgSecurityModel!=INT]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ model = elem.data.integer;
+ length -= count;
+ np += count;
+
+ if (count < length)
+ printf("[%d extra after message SEQ]", length - count);
+
+ if (model == 3) {
+ if (vflag) {
+ fputs("USM ", stdout);
+ }
+ } else {
+ printf("[security model %d]", model);
+ return;
+ }
+
+ np = xnp + (np - xnp);
+ length = xlength - (np - xnp);
+
+ /* msgSecurityParameters (OCTET STRING) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_STR) {
+ fputs("[msgSecurityParameters!=STR]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ length -= count;
+ np += count;
+
+ if (model == 3) {
+ usm_print(elem.data.str, elem.asnlen);
+ }
+
+ if (vflag) {
+ fputs("ScopedPDU ", stdout);
+ }
+
+ scopedpdu_print(np, length, 3);
+}
+
+/*
+ * Decode SNMP header and pass on to PDU printing routines
+ */
+void
+snmp_print(const u_char *np, u_int length)
+{
+ struct be elem;
+ int count = 0;
+ int version = 0;
+
+ truncated = 0;
+
+ /* truncated packet? */
+ if (np + length > snapend) {
+ truncated = 1;
+ length = snapend - np;
+ }
+
+ putchar(' ');
+
+ /* initial Sequence */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_SEQ) {
+ fputs("[!init SEQ]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+ if (count < length)
+ printf("[%d extra after iSEQ]", length - count);
+ /* descend */
+ length = elem.asnlen;
+ np = (u_char *)elem.data.raw;
+
+ /* Version (INTEGER) */
+ if ((count = asn1_parse(np, length, &elem)) < 0)
+ return;
+ if (elem.type != BE_INT) {
+ fputs("[version!=INT]", stdout);
+ asn1_print(&elem);
+ return;
+ }
+
+ switch (elem.data.integer) {
+ case SNMP_VERSION_1:
+ case SNMP_VERSION_2:
+ case SNMP_VERSION_3:
+ if (vflag)
+ printf("%s ", SnmpVersion[elem.data.integer]);
break;
- case GETREQ:
- case GETNEXTREQ:
- case GETRESP:
- case SETREQ:
- snmppdu_print(pdu.id, np, length);
+ default:
+ printf("[version = %d]", elem.data.integer);
+ return;
+ }
+ version = elem.data.integer;
+ length -= count;
+ np += count;
+
+ switch (version) {
+ case SNMP_VERSION_1:
+ case SNMP_VERSION_2:
+ community_print(np, length, version);
+ break;
+ case SNMP_VERSION_3:
+ v3msg_print(np, length);
+ break;
+ default:
+ printf("[version = %d]", elem.data.integer);
break;
}
- return;
}