X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/69cb46af9119e8b5554bcc4bf1bf36f39cb82131..0f328b4aa16b0b47f05a85c440ce1d07719e3cac:/print-snmp.c diff --git a/print-snmp.c b/print-snmp.c index b9372644..1e098dbd 100644 --- a/print-snmp.c +++ b/print-snmp.c @@ -56,11 +56,13 @@ # @(#)snmp.awk.x 1.1 (LANL) 1/15/90 */ +/* \summary: Simple Network Management Protocol (SNMP) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include #include #include @@ -69,7 +71,8 @@ #include #endif -#include "interface.h" +#include "netdissect.h" +#include "extract.h" #undef OPAQUE /* defined in */ @@ -252,7 +255,7 @@ static const char *Form[] = { * A structure for the OID tree for the compiled-in MIB. * This is stored as a general-order tree. */ -struct obj { +static struct obj { const char *desc; /* name of object */ u_char oid; /* sub-id following parent */ u_char type; /* object type (unused) */ @@ -274,28 +277,46 @@ struct obj { * Currently, this includes the prefixes for the Internet MIB, the * private enterprises tree, and the experimental tree. */ +#define OID_FIRST_OCTET(x, y) (((x)*40) + (y)) /* X.690 8.19.4 */ + +#ifndef NO_ABREV_MIB +static const uint8_t mib_oid[] = { OID_FIRST_OCTET(1, 3), 6, 1, 2, 1 }; +#endif +#ifndef NO_ABREV_ENTER +static const uint8_t enterprises_oid[] = { OID_FIRST_OCTET(1, 3), 6, 1, 4, 1 }; +#endif +#ifndef NO_ABREV_EXPERI +static const uint8_t experimental_oid[] = { OID_FIRST_OCTET(1, 3), 6, 1, 3 }; +#endif +#ifndef NO_ABBREV_SNMPMODS +static const uint8_t snmpModules_oid[] = { OID_FIRST_OCTET(1, 3), 6, 1, 6, 3 }; +#endif + +#define OBJ_ABBREV_ENTRY(prefix, obj) \ + { prefix, &_ ## obj ## _obj, obj ## _oid, sizeof (obj ## _oid) } static const struct obj_abrev { const char *prefix; /* prefix for this abrev */ struct obj *node; /* pointer into object table */ - const char *oid; /* ASN.1 encoded OID */ + const uint8_t *oid; /* ASN.1 encoded OID */ + size_t oid_len; /* length of OID */ } obj_abrev_list[] = { #ifndef NO_ABREV_MIB /* .iso.org.dod.internet.mgmt.mib */ - { "", &_mib_obj, "\53\6\1\2\1" }, + OBJ_ABBREV_ENTRY("", mib), #endif #ifndef NO_ABREV_ENTER /* .iso.org.dod.internet.private.enterprises */ - { "E:", &_enterprises_obj, "\53\6\1\4\1" }, + OBJ_ABBREV_ENTRY("E:", enterprises), #endif #ifndef NO_ABREV_EXPERI /* .iso.org.dod.internet.experimental */ - { "X:", &_experimental_obj, "\53\6\1\3" }, + OBJ_ABBREV_ENTRY("X:", experimental), #endif #ifndef NO_ABBREV_SNMPMODS /* .iso.org.dod.internet.snmpV2.snmpModules */ - { "S:", &_snmpModules_obj, "\53\6\1\6\3" }, + OBJ_ABBREV_ENTRY("S:", snmpModules), #endif - { 0,0,0 } + { 0,0,0,0 } }; /* @@ -328,10 +349,7 @@ struct be { int32_t integer; uint32_t uns; const u_char *str; - struct { - uint32_t high; - uint32_t low; - } uns64; + uint64_t uns64; } data; u_short id; u_char form, class; /* tag info */ @@ -411,7 +429,7 @@ asn1_parse(netdissect_options *ndo, ND_PRINT((ndo, "[nothing to parse]")); return -1; } - ND_TCHECK(*p); + ND_TCHECK_1(p); /* * it would be nice to use a bit field, but you can't depend on them. @@ -420,14 +438,14 @@ asn1_parse(netdissect_options *ndo, * +---+---+---+---+---+---+---+---+ * 7 6 5 4 3 2 1 0 */ - id = *p & ASN_ID_BITS; /* lower 5 bits, range 00-1f */ + id = EXTRACT_U_1(p) & ASN_ID_BITS; /* lower 5 bits, range 00-1f */ #ifdef notdef - form = (*p & 0xe0) >> 5; /* move upper 3 bits to lower 3 */ + form = (EXTRACT_U_1(p) & 0xe0) >> 5; /* move upper 3 bits to lower 3 */ class = form >> 1; /* bits 7&6 -> bits 1&0, range 0-3 */ form &= 0x1; /* bit 5 -> bit 0, range 0-1 */ #else - form = (u_char)(*p & ASN_FORM_BITS) >> ASN_FORM_SHIFT; - class = (u_char)(*p & ASN_CLASS_BITS) >> ASN_CLASS_SHIFT; + form = (u_char)(EXTRACT_U_1(p) & ASN_FORM_BITS) >> ASN_FORM_SHIFT; + class = (u_char)(EXTRACT_U_1(p) & ASN_CLASS_BITS) >> ASN_CLASS_SHIFT; #endif elem->form = form; elem->class = class; @@ -445,20 +463,25 @@ asn1_parse(netdissect_options *ndo, * bit set. XXX - this doesn't handle a value * that won't fit in 32 bits. */ - for (id = 0; *p & ASN_BIT8; len--, hdr++, p++) { + id = 0; + ND_TCHECK_1(p); + while (EXTRACT_U_1(p) & ASN_BIT8) { if (len < 1) { ND_PRINT((ndo, "[Xtagfield?]")); return -1; } - ND_TCHECK(*p); - id = (id << 7) | (*p & ~ASN_BIT8); + id = (id << 7) | (EXTRACT_U_1(p) & ~ASN_BIT8); + len--; + hdr++; + p++; + ND_TCHECK_1(p); } if (len < 1) { ND_PRINT((ndo, "[Xtagfield?]")); return -1; } - ND_TCHECK(*p); - elem->id = id = (id << 7) | *p; + ND_TCHECK_1(p); + elem->id = id = (id << 7) | EXTRACT_U_1(p); --len; ++hdr; ++p; @@ -467,8 +490,8 @@ asn1_parse(netdissect_options *ndo, ND_PRINT((ndo, "[no asnlen]")); return -1; } - ND_TCHECK(*p); - elem->asnlen = *p; + ND_TCHECK_1(p); + elem->asnlen = EXTRACT_U_1(p); p++; len--; hdr++; if (elem->asnlen & ASN_BIT8) { uint32_t noct = elem->asnlen % ASN_BIT8; @@ -478,8 +501,10 @@ asn1_parse(netdissect_options *ndo, return -1; } ND_TCHECK2(*p, noct); - for (; noct-- > 0; len--, hdr++) - elem->asnlen = (elem->asnlen << ASN_SHIFT8) | *p++; + for (; noct-- > 0; len--, hdr++) { + elem->asnlen = (elem->asnlen << ASN_SHIFT8) | EXTRACT_U_1(p); + p++; + } } if (len < elem->asnlen) { ND_PRINT((ndo, "[len%dasnlen)); @@ -497,6 +522,7 @@ asn1_parse(netdissect_options *ndo, ND_PRINT((ndo, "[id?%c/%s/%d]", *Form[form], Class[class].name, id)); return -1; } + ND_TCHECK2(*p, elem->asnlen); switch (form) { case PRIMITIVE: @@ -513,11 +539,14 @@ asn1_parse(netdissect_options *ndo, elem->type = BE_INT; data = 0; - ND_TCHECK2(*p, elem->asnlen); - if (*p & ASN_BIT8) /* negative */ + if (elem->asnlen == 0) { + ND_PRINT((ndo, "[asnlen=0]")); + return -1; + } + if (EXTRACT_U_1(p) & ASN_BIT8) /* negative */ data = -1; for (i = elem->asnlen; i-- > 0; p++) - data = (data << ASN_SHIFT8) | *p; + data = (data << ASN_SHIFT8) | EXTRACT_U_1(p); elem->data.integer = data; break; } @@ -551,27 +580,21 @@ asn1_parse(netdissect_options *ndo, case GAUGE: case TIMETICKS: { register uint32_t data; - ND_TCHECK2(*p, elem->asnlen); elem->type = BE_UNS; data = 0; for (i = elem->asnlen; i-- > 0; p++) - data = (data << 8) + *p; + data = (data << 8) + EXTRACT_U_1(p); elem->data.uns = data; break; } case COUNTER64: { - register uint32_t high, low; - ND_TCHECK2(*p, elem->asnlen); + register uint64_t data64; elem->type = BE_UNS64; - high = 0, low = 0; - for (i = elem->asnlen; i-- > 0; p++) { - high = (high << 8) | - ((low & 0xFF000000) >> 24); - low = (low << 8) | *p; - } - elem->data.uns64.high = high; - elem->data.uns64.low = low; + data64 = 0; + for (i = elem->asnlen; i-- > 0; p++) + data64 = (data64 << 8) + EXTRACT_U_1(p); + elem->data.uns64 = data64; break; } @@ -605,7 +628,6 @@ asn1_parse(netdissect_options *ndo, default: ND_PRINT((ndo, "[P/%s/%s]", Class[class].name, Class[class].Id[id])); - ND_TCHECK2(*p, elem->asnlen); elem->type = BE_OCTET; elem->data.raw = (const uint8_t *)p; break; @@ -651,6 +673,56 @@ trunc: return -1; } +static int +asn1_print_octets(netdissect_options *ndo, struct be *elem) +{ + const u_char *p = (const u_char *)elem->data.raw; + uint32_t asnlen = elem->asnlen; + uint32_t i; + + ND_TCHECK2(*p, asnlen); + for (i = asnlen; i-- > 0; p++) + ND_PRINT((ndo, "_%.2x", EXTRACT_U_1(p))); + return 0; + +trunc: + ND_PRINT((ndo, "%s", tstr)); + return -1; +} + +static int +asn1_print_string(netdissect_options *ndo, struct be *elem) +{ + register int printable = 1, first = 1; + const u_char *p; + uint32_t asnlen = elem->asnlen; + uint32_t i; + + p = elem->data.str; + ND_TCHECK2(*p, asnlen); + for (i = asnlen; printable && i-- > 0; p++) + printable = ND_ISPRINT(EXTRACT_U_1(p)); + p = elem->data.str; + if (printable) { + ND_PRINT((ndo, "\"")); + if (fn_printn(ndo, p, asnlen, ndo->ndo_snapend)) { + ND_PRINT((ndo, "\"")); + goto trunc; + } + ND_PRINT((ndo, "\"")); + } else { + for (i = asnlen; i-- > 0; p++) { + ND_PRINT((ndo, first ? "%.2x" : "_%.2x", EXTRACT_U_1(p))); + first = 0; + } + } + return 0; + +trunc: + ND_PRINT((ndo, "%s", tstr)); + return -1; +} + /* * Display the ASN.1 object represented by the BE object. * This used to be an integral part of asn1_parse() before the intermediate @@ -660,33 +732,36 @@ static int asn1_print(netdissect_options *ndo, struct be *elem) { - const u_char *p = (const u_char *)elem->data.raw; + const u_char *p; uint32_t asnlen = elem->asnlen; uint32_t i; switch (elem->type) { case BE_OCTET: - ND_TCHECK2(*p, asnlen); - for (i = asnlen; i-- > 0; p++) - ND_PRINT((ndo, "_%.2x", *p)); + if (asn1_print_octets(ndo, elem) == -1) + return -1; break; case BE_NULL: break; case BE_OID: { - int o = 0, first = -1, i = asnlen; + int o = 0, first = -1; - if (!ndo->ndo_sflag && !ndo->ndo_nflag && asnlen > 2) { + p = (const u_char *)elem->data.raw; + i = asnlen; + if (!ndo->ndo_nflag && asnlen > 2) { const struct obj_abrev *a = &obj_abrev_list[0]; - size_t a_len = strlen(a->oid); for (; a->node; a++) { - ND_TCHECK2(*p, a_len); - if (memcmp(a->oid, p, a_len) == 0) { + if (i < a->oid_len) + continue; + if (!ND_TTEST2(*p, a->oid_len)) + continue; + if (memcmp(a->oid, p, a->oid_len) == 0) { objp = a->node->child; - i -= strlen(a->oid); - p += strlen(a->oid); + i -= a->oid_len; + p += a->oid_len; ND_PRINT((ndo, "%s", a->prefix)); first = 1; break; @@ -694,14 +769,15 @@ asn1_print(netdissect_options *ndo, } } - for (; !ndo->ndo_sflag && i-- > 0; p++) { - ND_TCHECK(*p); - o = (o << ASN_SHIFT7) + (*p & ~ASN_BIT8); - if (*p & ASN_LONGLEN) + for (; i-- > 0; p++) { + ND_TCHECK_1(p); + o = (o << ASN_SHIFT7) + (EXTRACT_U_1(p) & ~ASN_BIT8); + if (EXTRACT_U_1(p) & ASN_LONGLEN) continue; /* - * first subitem encodes two items with 1st*OIDMUX+2nd + * first subitem encodes two items with + * 1st*OIDMUX+2nd * (see X.690:1997 clause 8.19 for the details) */ if (first < 0) { @@ -730,69 +806,14 @@ asn1_print(netdissect_options *ndo, ND_PRINT((ndo, "%u", elem->data.uns)); break; - case BE_UNS64: { /* idea borrowed from by Marshall Rose */ - double d; - int j, carry; - char *cpf, *cpl, last[6], first[30]; - if (elem->data.uns64.high == 0) { - ND_PRINT((ndo, "%u", elem->data.uns64.low)); - break; - } - d = elem->data.uns64.high * 4294967296.0; /* 2^32 */ - if (elem->data.uns64.high <= 0x1fffff) { - d += elem->data.uns64.low; -#if 0 /*is looks illegal, but what is the intention?*/ - ND_PRINT((ndo, "%.f", d)); -#else - ND_PRINT((ndo, "%f", d)); -#endif - break; - } - d += (elem->data.uns64.low & 0xfffff000); -#if 0 /*is looks illegal, but what is the intention?*/ - snprintf(first, sizeof(first), "%.f", d); -#else - snprintf(first, sizeof(first), "%f", d); -#endif - snprintf(last, sizeof(last), "%5.5d", - elem->data.uns64.low & 0xfff); - for (carry = 0, cpf = first+strlen(first)-1, cpl = last+4; - cpl >= last; - cpf--, cpl--) { - j = carry + (*cpf - '0') + (*cpl - '0'); - if (j > 9) { - j -= 10; - carry = 1; - } else { - carry = 0; - } - *cpf = j + '0'; - } - ND_PRINT((ndo, "%s", first)); + case BE_UNS64: + ND_PRINT((ndo, "%" PRIu64, elem->data.uns64)); break; - } - case BE_STR: { - register int printable = 1, first = 1; - const u_char *p = elem->data.str; - ND_TCHECK2(*p, asnlen); - for (i = asnlen; printable && i-- > 0; p++) - printable = ND_ISPRINT(*p); - p = elem->data.str; - if (printable) { - ND_PRINT((ndo, "\"")); - if (fn_printn(ndo, p, asnlen, ndo->ndo_snapend)) { - ND_PRINT((ndo, "\"")); - goto trunc; - } - ND_PRINT((ndo, "\"")); - } else - for (i = asnlen; i-- > 0; p++) { - ND_PRINT((ndo, first ? "%.2x" : "_%.2x", *p)); - first = 0; - } + case BE_STR: + if (asn1_print_string(ndo, elem) == -1) + return -1; break; - } case BE_SEQ: ND_PRINT((ndo, "Seq(%u)", elem->asnlen)); @@ -801,9 +822,10 @@ asn1_print(netdissect_options *ndo, case BE_INETADDR: if (asnlen != ASNLEN_INETADDR) ND_PRINT((ndo, "[inetaddr len!=%d]", ASNLEN_INETADDR)); + p = (const u_char *)elem->data.raw; ND_TCHECK2(*p, asnlen); for (i = asnlen; i-- != 0; p++) { - ND_PRINT((ndo, (i == asnlen-1) ? "%u" : ".%u", *p)); + ND_PRINT((ndo, (i == asnlen-1) ? "%u" : ".%u", EXTRACT_U_1(p))); } break; @@ -899,10 +921,10 @@ smi_decode_oid(netdissect_options *ndo, int o = 0, first = -1, i = asnlen; unsigned int firstval; - for (*oidlen = 0; ndo->ndo_sflag && i-- > 0; p++) { - ND_TCHECK(*p); - o = (o << ASN_SHIFT7) + (*p & ~ASN_BIT8); - if (*p & ASN_LONGLEN) + for (*oidlen = 0; i-- > 0; p++) { + ND_TCHECK_1(p); + o = (o << ASN_SHIFT7) + (EXTRACT_U_1(p) & ~ASN_BIT8); + if (EXTRACT_U_1(p) & ASN_LONGLEN) continue; /* @@ -910,7 +932,7 @@ smi_decode_oid(netdissect_options *ndo, * (see X.690:1997 clause 8.19 for the details) */ if (first < 0) { - first = 0; + first = 0; firstval = o / OIDMUX; if (firstval > 2) firstval = 2; o -= firstval * OIDMUX; @@ -1028,6 +1050,10 @@ smi_print_variable(netdissect_options *ndo, SmiNode *smiNode = NULL; unsigned int i; + if (!nd_smi_module_loaded) { + *status = asn1_print(ndo, elem); + return NULL; + } *status = smi_decode_oid(ndo, elem, oid, sizeof(oid) / sizeof(unsigned int), &oidlen); if (*status < 0) @@ -1052,7 +1078,7 @@ smi_print_variable(netdissect_options *ndo, static int smi_print_value(netdissect_options *ndo, - SmiNode *smiNode, u_char pduid, struct be *elem) + SmiNode *smiNode, u_short pduid, struct be *elem) { unsigned int i, oid[128], oidlen; SmiType *smiType; @@ -1113,22 +1139,24 @@ smi_print_value(netdissect_options *ndo, if (smiType->basetype == SMI_BASETYPE_BITS) { /* print bit labels */ } else { - smi_decode_oid(ndo, elem, oid, - sizeof(oid)/sizeof(unsigned int), - &oidlen); - smiNode = smiGetNodeByOID(oidlen, oid); - if (smiNode) { - if (ndo->ndo_vflag) { - ND_PRINT((ndo, "%s::", smiGetNodeModule(smiNode)->name)); - } - ND_PRINT((ndo, "%s", smiNode->name)); - if (smiNode->oidlen < oidlen) { - for (i = smiNode->oidlen; - i < oidlen; i++) { - ND_PRINT((ndo, ".%u", oid[i])); + if (nd_smi_module_loaded && + smi_decode_oid(ndo, elem, oid, + sizeof(oid)/sizeof(unsigned int), + &oidlen) == 0) { + smiNode = smiGetNodeByOID(oidlen, oid); + if (smiNode) { + if (ndo->ndo_vflag) { + ND_PRINT((ndo, "%s::", smiGetNodeModule(smiNode)->name)); + } + ND_PRINT((ndo, "%s", smiNode->name)); + if (smiNode->oidlen < oidlen) { + for (i = smiNode->oidlen; + i < oidlen; i++) { + ND_PRINT((ndo, ".%u", oid[i])); + } } + done++; } - done++; } } break; @@ -1195,7 +1223,7 @@ smi_print_value(netdissect_options *ndo, */ static void varbind_print(netdissect_options *ndo, - u_char pduid, const u_char *np, u_int length) + u_short pduid, const u_char *np, u_int length) { struct be elem; int count = 0, ind; @@ -1295,7 +1323,7 @@ snmppdu_print(netdissect_options *ndo, u_short pduid, const u_char *np, u_int length) { struct be elem; - int count = 0, error; + int count = 0, error_status; /* reqId (Integer) */ if ((count = asn1_parse(ndo, np, length, &elem)) < 0) @@ -1318,7 +1346,7 @@ snmppdu_print(netdissect_options *ndo, asn1_print(ndo, &elem); return; } - error = 0; + error_status = 0; if ((pduid == GETREQ || pduid == GETNEXTREQ || pduid == SETREQ || pduid == INFORMREQ || pduid == V2TRAP || pduid == REPORT) && elem.data.integer != 0) { @@ -1330,7 +1358,7 @@ snmppdu_print(netdissect_options *ndo, } else if (elem.data.integer != 0) { char errbuf[20]; ND_PRINT((ndo, " %s", DECODE_ErrorStatus(elem.data.integer))); - error = elem.data.integer; + error_status = elem.data.integer; } length -= count; np += count; @@ -1350,15 +1378,12 @@ snmppdu_print(netdissect_options *ndo, else if (pduid == GETBULKREQ) ND_PRINT((ndo, " M=%d", elem.data.integer)); else if (elem.data.integer != 0) { - if (!error) + if (!error_status) ND_PRINT((ndo, "[errorIndex(%d) w/o errorStatus]", elem.data.integer)); - else { + else ND_PRINT((ndo, "@%d", elem.data.integer)); - error = elem.data.integer; - } - } else if (error) { + } else if (error_status) { ND_PRINT((ndo, "[errorIndex==0]")); - error = 0; } length -= count; np += count; @@ -1528,7 +1553,7 @@ scopedpdu_print(netdissect_options *ndo, const u_char *np, u_int length, int version) { struct be elem; - int i, count = 0; + int count = 0; /* Sequence */ if ((count = asn1_parse(ndo, np, length, &elem)) < 0) @@ -1552,10 +1577,9 @@ scopedpdu_print(netdissect_options *ndo, length -= count; np += count; - ND_PRINT((ndo, "E= ")); - for (i = 0; i < (int)elem.asnlen; i++) { - ND_PRINT((ndo, "0x%02X", elem.data.str[i])); - } + ND_PRINT((ndo, "E=")); + if (asn1_print_octets(ndo, &elem) == -1) + return; ND_PRINT((ndo, " ")); /* contextName (OCTET STRING) */ @@ -1569,7 +1593,10 @@ scopedpdu_print(netdissect_options *ndo, length -= count; np += count; - ND_PRINT((ndo, "C=%.*s ", (int)elem.asnlen, elem.data.str)); + ND_PRINT((ndo, "C=")); + if (asn1_print_string(ndo, &elem) == -1) + return; + ND_PRINT((ndo, " ")); pdu_print(ndo, np, length, version); } @@ -1595,9 +1622,13 @@ community_print(netdissect_options *ndo, /* default community */ if (!(elem.asnlen == sizeof(DEF_COMMUNITY) - 1 && strncmp((const char *)elem.data.str, DEF_COMMUNITY, - sizeof(DEF_COMMUNITY) - 1) == 0)) + sizeof(DEF_COMMUNITY) - 1) == 0)) { /* ! "public" */ - ND_PRINT((ndo, "C=%.*s ", (int)elem.asnlen, elem.data.str)); + ND_PRINT((ndo, "C=")); + if (asn1_print_string(ndo, &elem) == -1) + return; + ND_PRINT((ndo, " ")); + } length -= count; np += count; @@ -1673,7 +1704,10 @@ usm_print(netdissect_options *ndo, length -= count; np += count; - ND_PRINT((ndo, "U=%.*s ", (int)elem.asnlen, elem.data.str)); + ND_PRINT((ndo, "U=")); + if (asn1_print_string(ndo, &elem) == -1) + return; + ND_PRINT((ndo, " ")); /* msgAuthenticationParameters (OCTET STRING) */ if ((count = asn1_parse(ndo, np, length, &elem)) < 0) @@ -1764,7 +1798,7 @@ v3msg_print(netdissect_options *ndo, ND_PRINT((ndo, "[msgFlags size %d]", elem.asnlen)); return; } - flags = elem.data.str[0]; + flags = EXTRACT_U_1(elem.data.str); if (flags != 0x00 && flags != 0x01 && flags != 0x03 && flags != 0x04 && flags != 0x05 && flags != 0x07) { ND_PRINT((ndo, "[msgFlags=0x%02X]", flags)); @@ -1882,7 +1916,7 @@ snmp_print(netdissect_options *ndo, ND_PRINT((ndo, "{ %s ", SnmpVersion[elem.data.integer])); break; default: - ND_PRINT((ndo, "[version = %d]", elem.data.integer)); + ND_PRINT((ndo, "SNMP [version = %d]", elem.data.integer)); return; } version = elem.data.integer;