2 * Routines for SNMP (simple network management protocol)
3 * Copyright (C) 1998 Didier Jorand
5 * See RFC 1157 for SNMPv1.
7 * See RFCs 1901, 1905, and 1906 for SNMPv2c.
9 * See RFCs 1905, 1906, 1909, and 1910 for SNMPv2u [historic].
11 * See RFCs 2570-2576 for SNMPv3
12 * Updated to use the asn2wrs compiler made by Tomas Kukosa
13 * Copyright (C) 2005 - 2006 Anders Broman [AT] ericsson.com
15 * See RFC 3414 for User-based Security Model for SNMPv3
16 * See RFC 3826 for (AES) Cipher Algorithm in the SNMP USM
17 * See RFC 2578 for Structure of Management Information Version 2 (SMIv2)
18 * Copyright (C) 2007 Luis E. Garcia Ontanon <luis@ontanon.org>
22 * Wireshark - Network traffic analyzer
23 * By Gerald Combs <gerald@wireshark.org>
24 * Copyright 1998 Gerald Combs
28 * GXSNMP -- An snmp mangament application
29 * Copyright (C) 1998 Gregory McLean & Jochen Friedrich
30 * Beholder RMON ethernet network monitor,Copyright (C) 1993 DNPAP group
32 * This program is free software; you can redistribute it and/or
33 * modify it under the terms of the GNU General Public License
34 * as published by the Free Software Foundation; either version 2
35 * of the License, or (at your option) any later version.
37 * This program is distributed in the hope that it will be useful,
38 * but WITHOUT ANY WARRANTY; without even the implied warranty of
39 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
40 * GNU General Public License for more details.
42 * You should have received a copy of the GNU General Public License
43 * along with this program; if not, write to the Free Software
44 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
47 #define D(args) do {printf args; fflush(stdout); } while(0)
58 #include <epan/packet.h>
59 #include <epan/strutil.h>
60 #include <epan/conversation.h>
61 #include <epan/etypes.h>
62 #include <epan/prefs.h>
63 #include <epan/sminmpec.h>
64 #include <epan/emem.h>
65 #include <epan/next_tvb.h>
67 #include <epan/asn1.h>
68 #include "packet-ipx.h"
69 #include "packet-hpext.h"
72 #include "packet-ber.h"
74 #include "packet-snmp.h"
76 #include <epan/crypt/sha1.h>
77 #include <epan/crypt/md5.h>
78 #include <epan/expert.h>
79 #include <epan/report_err.h>
80 #include <epan/oids.h>
87 /* Take a pointer that may be null and return a pointer that's not null
88 by turning null pointers into pointers to the above null string,
89 and, if the argument pointer wasn't null, make sure we handle
90 non-printable characters in the string by escaping them. */
91 #define SAFE_STRING(s, l) (((s) != NULL) ? format_text((s), (l)) : "")
93 #define PNAME "Simple Network Management Protocol"
97 #define UDP_PORT_SNMP 161
98 #define UDP_PORT_SNMP_TRAP 162
99 #define TCP_PORT_SNMP 161
100 #define TCP_PORT_SNMP_TRAP 162
101 #define TCP_PORT_SMUX 199
102 #define UDP_PORT_SNMP_PATROL 8161
104 /* Initialize the protocol and registered fields */
105 static int proto_snmp = -1;
106 static int proto_smux = -1;
108 static gboolean display_oid = TRUE;
109 static gboolean snmp_var_in_tree = TRUE;
111 static gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8**, guint*, gchar const**);
112 static gboolean snmp_usm_auth_sha1(snmp_usm_params_t* p, guint8**, guint*, gchar const**);
114 static tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t*, tvbuff_t*, gchar const**);
115 static tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t*, tvbuff_t*, gchar const**);
118 static void snmp_usm_password_to_key_md5(const guint8 *password, guint passwordlen, const guint8 *engineID, guint engineLength, guint8 *key);
119 static void snmp_usm_password_to_key_sha1(const guint8 *password, guint passwordlen, const guint8 *engineID, guint engineLength, guint8 *key);
122 static snmp_usm_auth_model_t model_md5 = {snmp_usm_password_to_key_md5, snmp_usm_auth_md5, 16};
123 static snmp_usm_auth_model_t model_sha1 = {snmp_usm_password_to_key_sha1, snmp_usm_auth_sha1, 20};
125 static const value_string auth_types[] = {
130 static snmp_usm_auth_model_t* auth_models[] = {&model_md5,&model_sha1};
133 static const value_string priv_types[] = {
138 static snmp_usm_decoder_t priv_protos[] = {snmp_usm_priv_des, snmp_usm_priv_aes};
140 static snmp_ue_assoc_t* ueas = NULL;
141 static guint num_ueas = 0;
142 static snmp_ue_assoc_t* localized_ues = NULL;
143 static snmp_ue_assoc_t* unlocalized_ues = NULL;
146 /* Variabled used for handling enterprise spesific trap types */
147 typedef struct _snmp_st_assoc_t {
152 static guint num_specific_traps = 0;
153 static snmp_st_assoc_t *specific_traps = NULL;
154 static const char *enterprise_oid = NULL;
155 static guint generic_trap = 0;
158 static snmp_usm_params_t usm_p = {FALSE,FALSE,0,0,0,0,NULL,NULL,NULL,NULL,NULL,NULL,NULL,FALSE};
161 #define TH_CRYPT 0x02
162 #define TH_REPORT 0x04
164 /* desegmentation of SNMP-over-TCP */
165 static gboolean snmp_desegment = TRUE;
167 /* Global variables */
169 guint32 MsgSecurityModel;
170 tvbuff_t *oid_tvb=NULL;
171 tvbuff_t *value_tvb=NULL;
173 static dissector_handle_t snmp_handle;
174 static dissector_handle_t data_handle;
176 static next_tvb_list_t var_list;
178 static int hf_snmp_v3_flags_auth = -1;
179 static int hf_snmp_v3_flags_crypt = -1;
180 static int hf_snmp_v3_flags_report = -1;
182 static int hf_snmp_engineid_conform = -1;
183 static int hf_snmp_engineid_enterprise = -1;
184 static int hf_snmp_engineid_format = -1;
185 static int hf_snmp_engineid_ipv4 = -1;
186 static int hf_snmp_engineid_ipv6 = -1;
187 static int hf_snmp_engineid_cisco_type = -1;
188 static int hf_snmp_engineid_mac = -1;
189 static int hf_snmp_engineid_text = -1;
190 static int hf_snmp_engineid_time = -1;
191 static int hf_snmp_engineid_data = -1;
192 static int hf_snmp_decryptedPDU = -1;
193 static int hf_snmp_msgAuthentication = -1;
195 static int hf_snmp_noSuchObject = -1;
196 static int hf_snmp_noSuchInstance = -1;
197 static int hf_snmp_endOfMibView = -1;
198 static int hf_snmp_unSpecified = -1;
200 static int hf_snmp_integer32_value = -1;
201 static int hf_snmp_octetstring_value = -1;
202 static int hf_snmp_oid_value = -1;
203 static int hf_snmp_null_value = -1;
204 static int hf_snmp_ipv4_value = -1;
205 static int hf_snmp_ipv6_value = -1;
206 static int hf_snmp_anyaddress_value = -1;
207 static int hf_snmp_unsigned32_value = -1;
208 static int hf_snmp_unknown_value = -1;
209 static int hf_snmp_opaque_value = -1;
210 static int hf_snmp_nsap_value = -1;
211 static int hf_snmp_counter_value = -1;
212 static int hf_snmp_timeticks_value = -1;
213 static int hf_snmp_big_counter_value = -1;
214 static int hf_snmp_gauge32_value = -1;
216 static int hf_snmp_objectname = -1;
217 static int hf_snmp_scalar_instance_index = -1;
220 #include "packet-snmp-hf.c"
222 static int hf_smux_version = -1;
223 static int hf_smux_pdutype = -1;
225 /* Initialize the subtree pointers */
226 static gint ett_smux = -1;
227 static gint ett_snmp = -1;
228 static gint ett_engineid = -1;
229 static gint ett_msgFlags = -1;
230 static gint ett_encryptedPDU = -1;
231 static gint ett_decrypted = -1;
232 static gint ett_authParameters = -1;
233 static gint ett_internet = -1;
234 static gint ett_varbind = -1;
235 static gint ett_name = -1;
236 static gint ett_value = -1;
237 static gint ett_decoding_error = -1;
239 #include "packet-snmp-ett.c"
241 static const true_false_string auth_flags = {
246 /* Security Models */
248 #define SNMP_SEC_ANY 0
249 #define SNMP_SEC_V1 1
250 #define SNMP_SEC_V2C 2
251 #define SNMP_SEC_USM 3
253 static const value_string sec_models[] = {
254 { SNMP_SEC_ANY, "Any" },
255 { SNMP_SEC_V1, "V1" },
256 { SNMP_SEC_V2C, "V2C" },
257 { SNMP_SEC_USM, "USM" },
262 #define SMUX_MSG_OPEN 0
263 #define SMUX_MSG_CLOSE 1
264 #define SMUX_MSG_RREQ 2
265 #define SMUX_MSG_RRSP 3
266 #define SMUX_MSG_SOUT 4
268 static const value_string smux_types[] = {
269 { SMUX_MSG_OPEN, "Open" },
270 { SMUX_MSG_CLOSE, "Close" },
271 { SMUX_MSG_RREQ, "Registration Request" },
272 { SMUX_MSG_RRSP, "Registration Response" },
273 { SMUX_MSG_SOUT, "Commit Or Rollback" },
278 #define SNMP_IPA 0 /* IP Address */
279 #define SNMP_CNT 1 /* Counter (Counter32) */
280 #define SNMP_GGE 2 /* Gauge (Gauge32) */
281 #define SNMP_TIT 3 /* TimeTicks */
282 #define SNMP_OPQ 4 /* Opaque */
283 #define SNMP_NSP 5 /* NsapAddress */
284 #define SNMP_C64 6 /* Counter64 */
285 #define SNMP_U32 7 /* Uinteger32 */
292 dissector_table_t value_sub_dissectors_table;
296 snmp_lookup_specific_trap (guint specific_trap)
300 for (i = 0; i < num_specific_traps; i++) {
301 snmp_st_assoc_t *u = &(specific_traps[i]);
303 if ((u->trap == specific_trap) &&
304 (strcmp (u->enterprise, enterprise_oid) == 0))
314 * dissect_snmp_VarBind
315 * this routine dissects variable bindings, looking for the oid information in our oid reporsitory
316 * to format and add the value adequatelly.
318 * The choice to handwrite this code instead of using the asn compiler is to avoid having tons
319 * of uses of global variables distributed in very different parts of the code.
320 * Other than that there's a cosmetic thing: the tree from ASN generated code would be so
321 * convoluted due to the nesting of CHOICEs in the definition of VarBind/value.
323 * XXX: the length of this function (~400 lines) is an aberration!
324 * oid_key_t:key_type could become a series of callbacks instead of an enum
325 * the (! oid_info_is_ok) switch could be made into an array (would be slower)
328 NetworkAddress ::= CHOICE { internet IpAddress }
329 IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4))
330 TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295)
331 Integer32 ::= INTEGER (-2147483648..2147483647)
332 ObjectName ::= OBJECT IDENTIFIER
333 Counter32 ::= [APPLICATION 1] IMPLICIT INTEGER (0..4294967295)
334 Gauge32 ::= [APPLICATION 2] IMPLICIT INTEGER (0..4294967295)
335 Unsigned32 ::= [APPLICATION 2] IMPLICIT INTEGER (0..4294967295)
336 Integer-value ::= INTEGER (-2147483648..2147483647)
337 Integer32 ::= INTEGER (-2147483648..2147483647)
338 ObjectID-value ::= OBJECT IDENTIFIER
340 TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295)
341 Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING
342 Counter64 ::= [APPLICATION 6] IMPLICIT INTEGER (0..18446744073709551615)
344 ObjectSyntax ::= CHOICE {
346 application-wide ApplicationSyntax
349 SimpleSyntax ::= CHOICE {
350 integer-value Integer-value,
351 string-value String-value,
352 objectID-value ObjectID-value,
356 ApplicationSyntax ::= CHOICE {
357 ipAddress-value IpAddress,
358 counter-value Counter32,
359 timeticks-value TimeTicks,
360 arbitrary-value Opaque,
361 big-counter-value Counter64,
362 unsigned-integer-value Unsigned32
365 ValueType ::= CHOICE {
368 noSuchObject[0] IMPLICIT NULL,
369 noSuchInstance[1] IMPLICIT NULL,
370 endOfMibView[2] IMPLICIT NULL
373 VarBind ::= SEQUENCE {
381 dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset,
382 asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_)
384 int seq_offset, name_offset, value_offset, value_start;
385 guint32 seq_len, name_len, value_len;
392 oid_info_t* oid_info = NULL;
393 guint oid_matched, oid_left;
394 proto_item *pi_name, *pi_varbind, *pi_value = NULL;
395 proto_tree *pt, *pt_varbind, *pt_name, *pt_value;
396 char label[ITEM_LABEL_LENGTH];
397 const char* repr = NULL;
398 const char* info_oid = NULL;
401 int min_len = 0, max_len = 0;
402 gboolean oid_info_is_ok;
403 const char* oid_string = NULL;
404 enum {BER_NO_ERROR, BER_WRONG_LENGTH, BER_WRONG_TAG} format_error = BER_NO_ERROR;
408 /* first have the VarBind's sequence header */
409 offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
410 offset = get_ber_length(tvb, offset, &seq_len, &ind);
412 seq_len += offset - seq_offset;
414 if (!pc && ber_class==BER_CLASS_UNI && tag==BER_UNI_TAG_SEQUENCE) {
415 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"VarBind must be an universal class sequence");
416 pt = proto_item_add_subtree(pi,ett_decoding_error);
417 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "VarBind is not an universal class sequence");
418 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
422 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"Indicator must be clear in VarBind");
423 pt = proto_item_add_subtree(pi,ett_decoding_error);
424 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "VarBind has indicator set");
425 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
428 /* then we have the ObjectName's header */
430 offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
431 name_offset = offset = get_ber_length(tvb, offset, &name_len, &ind);
433 if (! ( !pc && ber_class==BER_CLASS_UNI && tag==BER_UNI_TAG_OID) ) {
434 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"ObjectName must be an OID in primitive encoding");
435 pt = proto_item_add_subtree(pi,ett_decoding_error);
436 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "ObjectName not an OID");
437 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
441 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"Indicator must be clear in ObjectName");
442 pt = proto_item_add_subtree(pi,ett_decoding_error);
443 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "ObjectName has indicator set");
444 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
448 value_start = offset;
450 /* then we have the value's header */
451 offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
452 value_offset = get_ber_length(tvb, offset, &value_len, &ind);
455 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"the value must be in primitive encoding");
456 pt = proto_item_add_subtree(pi,ett_decoding_error);
457 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "value not in primitive encoding");
458 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
461 /* Now, we know where everithing is */
465 /* we add the varbind tree root with a dummy label we'll fill later on */
466 pi_varbind = proto_tree_add_text(tree,tvb,seq_offset,seq_len,"VarBind");
467 pt_varbind = proto_item_add_subtree(pi_varbind,ett_varbind);
470 pi_name = proto_tree_add_item(pt_varbind,hf_snmp_objectname,tvb,name_offset,name_len,ENC_NA);
471 pt_name = proto_item_add_subtree(pi_name,ett_name);
473 /* fetch ObjectName and its relative oid_info */
474 oid_bytes = (guint8*)ep_tvb_memdup(tvb, name_offset, name_len);
475 oid_info = oid_get_from_encoded(oid_bytes, name_len, &subids, &oid_matched, &oid_left);
477 add_oid_debug_subtree(oid_info,pt_name);
482 repr = oid_encoded2string(oid_bytes, name_len);
483 pi = proto_tree_add_text(pt_name,tvb, 0, 0, "invalid oid: %s", repr);
484 pt = proto_item_add_subtree(pi, ett_decoding_error);
485 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "invalid oid: %s", repr);
486 return dissect_unknown_ber(actx->pinfo, tvb, name_offset, pt);
489 if (oid_matched+oid_left) {
490 oid_string = oid_subid2string(subids,oid_matched+oid_left);
493 if (ber_class == BER_CLASS_CON) {
494 /* if we have an error value just add it and get out the way ASAP */
498 if (value_len != 0) {
499 min_len = max_len = 0;
500 format_error = BER_WRONG_LENGTH;
505 hfid = hf_snmp_noSuchObject;
506 note = "noSuchObject";
509 hfid = hf_snmp_noSuchInstance;
510 note = "noSuchInstance";
513 hfid = hf_snmp_endOfMibView;
514 note = "endOfMibView";
517 pi = proto_tree_add_text(pt_varbind,tvb,0,0,"Wrong tag for Error Value: expected 0, 1, or 2 but got: %d",tag);
518 pt = proto_item_add_subtree(pi,ett_decoding_error);
519 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong tag for SNMP VarBind error value");
520 return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
524 pi = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN);
525 expert_add_info_format(actx->pinfo, pi, PI_RESPONSE_CODE, PI_NOTE, "%s",note);
526 g_strlcpy (label, note, ITEM_LABEL_LENGTH);
530 /* now we'll try to figure out which are the indexing sub-oids and whether the oid we know about is the one oid we have to use */
531 switch (oid_info->kind) {
532 case OID_KIND_SCALAR:
534 /* OK: we got the instance sub-id */
535 proto_tree_add_uint64(pt_name,hf_snmp_scalar_instance_index,tvb,name_offset,name_len,subids[oid_matched]);
536 oid_info_is_ok = TRUE;
538 } else if (oid_left == 0) {
539 if (ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
540 /* unSpecified does not require an instance sub-id add the new value and get off the way! */
541 pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,ENC_NA);
544 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"A scalar should have one instance sub-id this one has none");
545 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "No instance sub-id in scalar value");
546 oid_info_is_ok = FALSE;
550 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"A scalar should have only one instance sub-id this has: %d",oid_left);
551 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong number of instance sub-ids in scalar value");
552 oid_info_is_ok = FALSE;
556 case OID_KIND_COLUMN:
557 if ( oid_info->parent->kind == OID_KIND_ROW) {
558 oid_key_t* k = oid_info->parent->key;
559 guint key_start = oid_matched;
560 guint key_len = oid_left;
561 oid_info_is_ok = TRUE;
563 if ( key_len == 0 && ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
564 /* unSpecified does not require an instance sub-id add the new value and get off the way! */
565 pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,ENC_NA);
570 for (;k;k = k->next) {
573 if (key_start >= oid_matched+oid_left) {
574 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid shorter than expected");
575 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid shorter than expected");
576 oid_info_is_ok = FALSE;
580 switch(k->key_type) {
581 case OID_KEY_TYPE_WRONG: {
582 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"OID instaces not handled, if you want this implemented please contact the wireshark developers");
583 expert_add_info_format(actx->pinfo, pi, PI_UNDECODED, PI_WARN, "Unimplemented instance index");
584 oid_info_is_ok = FALSE;
587 case OID_KEY_TYPE_INTEGER: {
588 if (IS_FT_INT(k->ft_type)) {
589 proto_tree_add_int(pt_name,k->hfid,tvb,name_offset,name_len,(guint)subids[key_start]);
590 } else { /* if it's not an unsigned int let proto_tree_add_uint throw a warning */
591 proto_tree_add_uint64(pt_name,k->hfid,tvb,name_offset,name_len,(guint)subids[key_start]);
595 continue; /* k->next */
597 case OID_KEY_TYPE_IMPLIED_OID:
598 suboid_len = key_len;
602 case OID_KEY_TYPE_OID: {
604 guint suboid_buf_len;
607 suboid_len = subids[key_start++];
611 suboid = &(subids[key_start]);
613 if( suboid_len == 0 ) {
614 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"an index sub-oid OID cannot be 0 bytes long!");
615 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid OID with len=0");
616 oid_info_is_ok = FALSE;
620 if( key_len < suboid_len ) {
621 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid should not be longer than remaining oid size");
622 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid longer than remaining oid size");
623 oid_info_is_ok = FALSE;
627 suboid_buf_len = oid_subid2encoded(suboid_len, suboid, &suboid_buf);
629 DISSECTOR_ASSERT(suboid_buf_len);
631 proto_tree_add_oid(pt_name,k->hfid,tvb,name_offset, suboid_buf_len, suboid_buf);
633 key_start += suboid_len;
634 key_len -= suboid_len + 1;
635 continue; /* k->next */
644 switch (k->key_type) {
645 case OID_KEY_TYPE_IPADDR:
646 suboid = &(subids[key_start]);
649 case OID_KEY_TYPE_IMPLIED_STRING:
650 case OID_KEY_TYPE_IMPLIED_BYTES:
651 case OID_KEY_TYPE_ETHER:
652 suboid = &(subids[key_start]);
656 buf_len = k->num_subids;
657 suboid = &(subids[key_start]);
667 if( key_len < buf_len ) {
668 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index string should not be longer than remaining oid size");
669 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index string longer than remaining oid size");
670 oid_info_is_ok = FALSE;
674 buf = (guint8*)ep_alloc(buf_len+1);
675 for (i = 0; i < buf_len; i++)
676 buf[i] = (guint8)suboid[i];
679 switch(k->key_type) {
680 case OID_KEY_TYPE_STRING:
681 case OID_KEY_TYPE_IMPLIED_STRING:
682 proto_tree_add_string(pt_name,k->hfid,tvb,name_offset,buf_len, buf);
684 case OID_KEY_TYPE_BYTES:
685 case OID_KEY_TYPE_NSAP:
686 case OID_KEY_TYPE_IMPLIED_BYTES:
687 proto_tree_add_bytes(pt_name,k->hfid,tvb,name_offset,buf_len, buf);
689 case OID_KEY_TYPE_ETHER:
690 proto_tree_add_ether(pt_name,k->hfid,tvb,name_offset,buf_len, buf);
692 case OID_KEY_TYPE_IPADDR: {
693 guint32* ipv4_p = (void*)buf;
694 proto_tree_add_ipv4(pt_name,k->hfid,tvb,name_offset,buf_len, *ipv4_p);
698 DISSECTOR_ASSERT_NOT_REACHED();
702 key_start += buf_len;
704 continue; /* k->next*/
710 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"We do not know how to handle this OID, if you want this implemented please contact the wireshark developers");
711 expert_add_info_format(actx->pinfo, pi, PI_UNDECODED, PI_WARN, "Unimplemented instance index");
712 oid_info_is_ok = FALSE;
716 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"The COLUMS's parent is not a ROW. This is a BUG! please contact the wireshark developers.");
717 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_ERROR, "COLUMS's parent is not a ROW");
718 oid_info_is_ok = FALSE;
722 /* proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"This kind OID should have no value");
723 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "This kind OID should have no value"); */
724 oid_info_is_ok = FALSE;
730 if (oid_info_is_ok && oid_info->value_type) {
731 if (ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
732 pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,ENC_NA);
734 /* Provide a tree_item to attach errors to, if needed. */
737 if ((oid_info->value_type->ber_class != BER_CLASS_ANY) &&
738 (ber_class != oid_info->value_type->ber_class))
739 format_error = BER_WRONG_TAG;
740 else if ((oid_info->value_type->ber_tag != BER_TAG_ANY) &&
741 (tag != oid_info->value_type->ber_tag))
742 format_error = BER_WRONG_TAG;
744 max_len = oid_info->value_type->max_len == -1 ? 0xffffff : oid_info->value_type->max_len;
745 min_len = oid_info->value_type->min_len;
747 if ((int)value_len < min_len || (int)value_len > max_len)
748 format_error = BER_WRONG_LENGTH;
751 if (format_error == BER_NO_ERROR)
752 pi_value = proto_tree_add_item(pt_varbind,oid_info->value_hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN);
755 switch(ber_class|(tag<<4)) {
756 case BER_CLASS_UNI|(BER_UNI_TAG_INTEGER<<4):
759 unsigned int_val_offset = value_offset;
762 max_len = 4; min_len = 1;
763 if (value_len > (guint)max_len || value_len < (guint)min_len) {
764 hfid = hf_snmp_integer32_value;
765 format_error = BER_WRONG_LENGTH;
770 /* extend sign bit */
771 if(tvb_get_guint8(tvb, int_val_offset)&0x80) {
774 for(i=0;i<value_len;i++) {
775 val=(val<<8)|tvb_get_guint8(tvb, int_val_offset);
779 proto_tree_add_int64(pt_varbind, hf_snmp_integer32_value, tvb,value_offset,value_len, val);
783 case BER_CLASS_UNI|(BER_UNI_TAG_OCTETSTRING<<4):
784 hfid = hf_snmp_octetstring_value;
786 case BER_CLASS_UNI|(BER_UNI_TAG_OID<<4):
787 max_len = -1; min_len = 1;
788 if (value_len < (guint)min_len) format_error = BER_WRONG_LENGTH;
789 hfid = hf_snmp_oid_value;
791 case BER_CLASS_UNI|(BER_UNI_TAG_NULL<<4):
792 max_len = 0; min_len = 0;
793 if (value_len != 0) format_error = BER_WRONG_LENGTH;
794 hfid = hf_snmp_null_value;
796 case BER_CLASS_APP: /* | (SNMP_IPA<<4)*/
798 case 4: hfid = hf_snmp_ipv4_value; break;
799 case 16: hfid = hf_snmp_ipv6_value; break;
800 default: hfid = hf_snmp_anyaddress_value; break;
803 case BER_CLASS_APP|(SNMP_U32<<4):
804 hfid = hf_snmp_unsigned32_value;
806 case BER_CLASS_APP|(SNMP_GGE<<4):
807 hfid = hf_snmp_gauge32_value;
809 case BER_CLASS_APP|(SNMP_CNT<<4):
810 hfid = hf_snmp_counter_value;
812 case BER_CLASS_APP|(SNMP_TIT<<4):
813 hfid = hf_snmp_timeticks_value;
815 case BER_CLASS_APP|(SNMP_OPQ<<4):
816 hfid = hf_snmp_opaque_value;
818 case BER_CLASS_APP|(SNMP_NSP<<4):
819 hfid = hf_snmp_nsap_value;
821 case BER_CLASS_APP|(SNMP_C64<<4):
822 hfid = hf_snmp_big_counter_value;
825 hfid = hf_snmp_unknown_value;
830 * Too long for an FT_UINT64 or an FT_INT64.
832 header_field_info *hfinfo = proto_registrar_get_nth(hfid);
833 if (hfinfo->type == FT_UINT64) {
835 * Check if this is an unsigned int64 with
838 if (value_len > 9 || tvb_get_guint8(tvb, value_offset) != 0) {
840 pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value too large");
841 expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Unsigned integer value > 2^64 - 1");
844 /* Cheat and skip the leading 0 byte */
847 } else if (hfinfo->type == FT_INT64) {
849 * For now, just reject these.
851 pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value too large or too small");
852 expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Signed integer value > 2^63 - 1 or <= -2^63");
855 } else if (value_len == 0) {
857 * X.690 section 8.3.1 "Encoding of an integer value":
858 * "The encoding of an integer value shall be
859 * primitive. The contents octets shall consist of
860 * one or more octets."
862 * Zero is not "one or more".
864 header_field_info *hfinfo = proto_registrar_get_nth(hfid);
865 if (hfinfo->type == FT_UINT64 || hfinfo->type == FT_INT64) {
866 pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value is zero-length");
867 expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Integral value is zero-length");
871 pi_value = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN);
872 if (format_error != BER_NO_ERROR) {
873 expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Unresolved value, Missing MIB");
877 oid_info_is_ok = FALSE;
880 pt_value = proto_item_add_subtree(pi_value,ett_value);
882 if (value_len > 0 && oid_string) {
883 tvbuff_t* sub_tvb = tvb_new_subset(tvb, value_offset, value_len, value_len);
885 next_tvb_add_string(&var_list, sub_tvb, (snmp_var_in_tree) ? pt_value : NULL, value_sub_dissectors_table, oid_string);
890 if (pi_value) proto_item_fill_label(PITEM_FINFO(pi_value), label);
892 if (oid_info && oid_info->name) {
894 repr = ep_strdup_printf("%s.%s (%s)", oid_info->name,
895 oid_subid2string(&(subids[oid_matched]),oid_left),
896 oid_subid2string(subids,oid_matched+oid_left));
897 info_oid = ep_strdup_printf("%s.%s", oid_info->name,
898 oid_subid2string(&(subids[oid_matched]),oid_left));
900 repr = ep_strdup_printf("%s (%s)", oid_info->name,
901 oid_subid2string(subids,oid_matched));
902 info_oid = oid_info->name;
904 } else if (oid_string) {
905 repr = ep_strdup(oid_string);
906 info_oid = oid_string;
908 repr = ep_strdup("[Bad OID]");
911 valstr = strstr(label,": ");
912 valstr = valstr ? valstr+2 : label;
914 proto_item_set_text(pi_varbind,"%s: %s",repr,valstr);
916 if (display_oid && info_oid) {
917 col_append_fstr (actx->pinfo->cinfo, COL_INFO, " %s", info_oid);
920 switch (format_error) {
921 case BER_WRONG_LENGTH: {
922 proto_tree* p_tree = proto_item_add_subtree(pi_value,ett_decoding_error);
923 proto_item* pi = proto_tree_add_text(p_tree,tvb,0,0,"Wrong value length: %u expecting: %u <= len <= %u",
924 value_len, min_len, max_len == -1 ? 0xFFFFFF : max_len);
925 pt = proto_item_add_subtree(pi,ett_decoding_error);
926 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong length for SNMP VarBind/value");
927 return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
929 case BER_WRONG_TAG: {
930 proto_tree* p_tree = proto_item_add_subtree(pi_value,ett_decoding_error);
931 proto_item* pi = proto_tree_add_text(p_tree,tvb,0,0,"Wrong class/tag for Value expected: %d,%d got: %d,%d",
932 oid_info->value_type->ber_class, oid_info->value_type->ber_tag,
934 pt = proto_item_add_subtree(pi,ett_decoding_error);
935 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong class/tag for SNMP VarBind/value");
936 return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
942 return seq_offset + seq_len;
946 #define F_SNMP_ENGINEID_CONFORM 0x80
947 #define SNMP_ENGINEID_RFC1910 0x00
948 #define SNMP_ENGINEID_RFC3411 0x01
950 static const true_false_string tfs_snmp_engineid_conform = {
952 "RFC1910 (Non-SNMPv3)"
955 #define SNMP_ENGINEID_FORMAT_IPV4 0x01
956 #define SNMP_ENGINEID_FORMAT_IPV6 0x02
957 #define SNMP_ENGINEID_FORMAT_MACADDRESS 0x03
958 #define SNMP_ENGINEID_FORMAT_TEXT 0x04
959 #define SNMP_ENGINEID_FORMAT_OCTETS 0x05
961 static const value_string snmp_engineid_format_vals[] = {
962 { SNMP_ENGINEID_FORMAT_IPV4, "IPv4 address" },
963 { SNMP_ENGINEID_FORMAT_IPV6, "IPv6 address" },
964 { SNMP_ENGINEID_FORMAT_MACADDRESS, "MAC address" },
965 { SNMP_ENGINEID_FORMAT_TEXT, "Text, administratively assigned" },
966 { SNMP_ENGINEID_FORMAT_OCTETS, "Octets, administratively assigned" },
970 #define SNMP_ENGINEID_CISCO_AGENT 0x00
971 #define SNMP_ENGINEID_CISCO_MANAGER 0x01
973 static const value_string snmp_engineid_cisco_type_vals[] = {
974 { SNMP_ENGINEID_CISCO_AGENT, "Agent" },
975 { SNMP_ENGINEID_CISCO_MANAGER, "Manager" },
980 * SNMP Engine ID dissection according to RFC 3411 (SnmpEngineID TC)
981 * or historic RFC 1910 (AgentID)
984 dissect_snmp_engineid(proto_tree *tree, tvbuff_t *tvb, int offset, int len)
986 proto_item *item = NULL;
987 guint8 conformance, format;
988 guint32 enterpriseid, seconds;
990 int len_remain = len;
992 /* first bit: engine id conformance */
993 if (len_remain<4) return offset;
994 conformance = ((tvb_get_guint8(tvb, offset)>>7) & 0x01);
995 proto_tree_add_item(tree, hf_snmp_engineid_conform, tvb, offset, 1, ENC_BIG_ENDIAN);
997 /* 4-byte enterprise number/name */
998 if (len_remain<4) return offset;
999 enterpriseid = tvb_get_ntohl(tvb, offset);
1001 enterpriseid -= 0x80000000; /* ignore first bit */
1002 proto_tree_add_uint(tree, hf_snmp_engineid_enterprise, tvb, offset, 4, enterpriseid);
1006 switch(conformance) {
1008 case SNMP_ENGINEID_RFC1910:
1009 /* 12-byte AgentID w/ 8-byte trailer */
1010 if (len_remain==8) {
1011 proto_tree_add_text(tree, tvb, offset, 8, "AgentID Trailer: 0x%s",
1012 tvb_bytes_to_str(tvb, offset, 8));
1016 proto_tree_add_text(tree, tvb, offset, len_remain, "<Data not conforming to RFC1910>");
1021 case SNMP_ENGINEID_RFC3411: /* variable length: 5..32 */
1023 /* 1-byte format specifier */
1024 if (len_remain<1) return offset;
1025 format = tvb_get_guint8(tvb, offset);
1026 item = proto_tree_add_uint_format(tree, hf_snmp_engineid_format, tvb, offset, 1, format, "Engine ID Format: %s (%d)",
1027 val_to_str(format, snmp_engineid_format_vals, "Reserved/Enterprise-specific"), format);
1032 case SNMP_ENGINEID_FORMAT_IPV4:
1033 /* 4-byte IPv4 address */
1034 if (len_remain==4) {
1035 proto_tree_add_item(tree, hf_snmp_engineid_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
1040 case SNMP_ENGINEID_FORMAT_IPV6:
1041 /* 16-byte IPv6 address */
1042 if (len_remain==16) {
1043 proto_tree_add_item(tree, hf_snmp_engineid_ipv6, tvb, offset, 16, ENC_NA);
1048 case SNMP_ENGINEID_FORMAT_MACADDRESS:
1049 /* See: https://supportforums.cisco.com/message/3010617#3010617 for details. */
1050 if ((enterpriseid==9)&&(len_remain==7)) {
1051 proto_tree_add_item(tree, hf_snmp_engineid_cisco_type, tvb, offset, 1, ENC_BIG_ENDIAN);
1055 /* 6-byte MAC address */
1056 if (len_remain==6) {
1057 proto_tree_add_item(tree, hf_snmp_engineid_mac, tvb, offset, 6, ENC_NA);
1062 case SNMP_ENGINEID_FORMAT_TEXT:
1063 /* max. 27-byte string, administratively assigned */
1064 if (len_remain<=27) {
1065 proto_tree_add_item(tree, hf_snmp_engineid_text, tvb, offset, len_remain, ENC_ASCII|ENC_NA);
1071 /* most common enterprise-specific format: (ucd|net)-snmp random */
1072 if ((enterpriseid==2021)||(enterpriseid==8072)) {
1073 proto_item_append_text(item, (enterpriseid==2021) ? ": UCD-SNMP Random" : ": Net-SNMP Random");
1074 /* demystify: 4B random, 4B epoch seconds */
1075 if (len_remain==8) {
1076 proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, 4, ENC_NA);
1077 seconds = tvb_get_letohl(tvb, offset+4);
1080 proto_tree_add_time_format_value(tree, hf_snmp_engineid_time, tvb, offset+4, 4,
1082 abs_time_secs_to_str(seconds, ABSOLUTE_TIME_LOCAL, TRUE));
1089 case SNMP_ENGINEID_FORMAT_OCTETS:
1091 /* max. 27 bytes, administratively assigned or unknown format */
1092 if (len_remain<=27) {
1093 proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, len_remain, ENC_NA);
1102 proto_tree_add_text(tree, tvb, offset, len_remain, "<Data not conforming to RFC3411>");
1109 static void set_ue_keys(snmp_ue_assoc_t* n ) {
1110 guint key_size = n->user.authModel->key_size;
1112 n->user.authKey.data = (guint8 *)se_alloc(key_size);
1113 n->user.authKey.len = key_size;
1114 n->user.authModel->pass2key(n->user.authPassword.data,
1115 n->user.authPassword.len,
1118 n->user.authKey.data);
1120 n->user.privKey.data = (guint8 *)se_alloc(key_size);
1121 n->user.privKey.len = key_size;
1122 n->user.authModel->pass2key(n->user.privPassword.data,
1123 n->user.privPassword.len,
1126 n->user.privKey.data);
1129 static snmp_ue_assoc_t*
1130 ue_se_dup(snmp_ue_assoc_t* o)
1132 snmp_ue_assoc_t* d = (snmp_ue_assoc_t*)se_memdup(o,sizeof(snmp_ue_assoc_t));
1134 d->user.authModel = o->user.authModel;
1136 d->user.privProtocol = o->user.privProtocol;
1138 d->user.userName.data = (guint8 *)se_memdup(o->user.userName.data,o->user.userName.len);
1139 d->user.userName.len = o->user.userName.len;
1141 d->user.authPassword.data = o->user.authPassword.data ? (guint8 *)se_memdup(o->user.authPassword.data,o->user.authPassword.len) : NULL;
1142 d->user.authPassword.len = o->user.authPassword.len;
1144 d->user.privPassword.data = o->user.privPassword.data ? (guint8 *)se_memdup(o->user.privPassword.data,o->user.privPassword.len) : NULL;
1145 d->user.privPassword.len = o->user.privPassword.len;
1147 d->engine.len = o->engine.len;
1149 if (d->engine.len) {
1150 d->engine.data = (guint8 *)se_memdup(o->engine.data,o->engine.len);
1159 #define CACHE_INSERT(c,a) if (c) { snmp_ue_assoc_t* t = c; c = a; c->next = t; } else { c = a; a->next = NULL; }
1162 renew_ue_cache(void)
1164 localized_ues = NULL;
1165 unlocalized_ues = NULL;
1170 for(i = 0; i < num_ueas; i++) {
1171 snmp_ue_assoc_t* a = ue_se_dup(&(ueas[i]));
1173 if (a->engine.len) {
1174 CACHE_INSERT(localized_ues,a);
1177 CACHE_INSERT(unlocalized_ues,a);
1185 static snmp_ue_assoc_t*
1186 localize_ue( snmp_ue_assoc_t* o, const guint8* engine, guint engine_len )
1188 snmp_ue_assoc_t* n = (snmp_ue_assoc_t*)se_memdup(o,sizeof(snmp_ue_assoc_t));
1190 n->engine.data = (guint8*)se_memdup(engine,engine_len);
1191 n->engine.len = engine_len;
1199 #define localized_match(a,u,ul,e,el) \
1200 ( a->user.userName.len == ul \
1201 && a->engine.len == el \
1202 && memcmp( a->user.userName.data, u, ul ) == 0 \
1203 && memcmp( a->engine.data, e, el ) == 0 )
1205 #define unlocalized_match(a,u,l) \
1206 ( a->user.userName.len == l && memcmp( a->user.userName.data, u, l) == 0 )
1208 static snmp_ue_assoc_t*
1209 get_user_assoc(tvbuff_t* engine_tvb, tvbuff_t* user_tvb)
1211 static snmp_ue_assoc_t* a;
1212 guint given_username_len;
1213 guint8* given_username;
1214 guint given_engine_len;
1215 guint8* given_engine;
1217 if ( ! (localized_ues || unlocalized_ues ) ) return NULL;
1219 if (! ( user_tvb && engine_tvb ) ) return NULL;
1221 given_username_len = tvb_ensure_length_remaining(user_tvb,0);
1222 given_username = (guint8*)ep_tvb_memdup(user_tvb,0,-1);
1223 given_engine_len = tvb_ensure_length_remaining(engine_tvb,0);
1224 given_engine = (guint8*)ep_tvb_memdup(engine_tvb,0,-1);
1226 for (a = localized_ues; a; a = a->next) {
1227 if ( localized_match(a, given_username, given_username_len, given_engine, given_engine_len) ) {
1232 for (a = unlocalized_ues; a; a = a->next) {
1233 if ( unlocalized_match(a, given_username, given_username_len) ) {
1234 snmp_ue_assoc_t* n = localize_ue( a, given_engine, given_engine_len );
1235 CACHE_INSERT(localized_ues,n);
1244 snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error)
1258 *error = "No Authenticator";
1262 key = p->user_assoc->user.authKey.data;
1263 key_len = p->user_assoc->user.authKey.len;
1266 *error = "User has no authKey";
1271 auth_len = tvb_length_remaining(p->auth_tvb,0);
1273 if (auth_len != 12) {
1274 *error = "Authenticator length wrong";
1278 msg_len = tvb_length_remaining(p->msg_tvb,0);
1280 *error = "Not enough data remaining";
1283 msg = (guint8*)ep_tvb_memdup(p->msg_tvb,0,msg_len);
1286 auth = (guint8*)ep_tvb_memdup(p->auth_tvb,0,auth_len);
1288 start = p->auth_offset - p->start_offset;
1289 end = start + auth_len;
1291 /* fill the authenticator with zeros */
1292 for ( i = start ; i < end ; i++ ) {
1296 calc_auth = (guint8*)ep_alloc(16);
1298 md5_hmac(msg, msg_len, key, key_len, calc_auth);
1300 if (calc_auth_p) *calc_auth_p = calc_auth;
1301 if (calc_auth_len_p) *calc_auth_len_p = 12;
1303 return ( memcmp(auth,calc_auth,12) != 0 ) ? FALSE : TRUE;
1308 snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error _U_)
1322 *error = "No Authenticator";
1326 key = p->user_assoc->user.authKey.data;
1327 key_len = p->user_assoc->user.authKey.len;
1330 *error = "User has no authKey";
1335 auth_len = tvb_length_remaining(p->auth_tvb,0);
1338 if (auth_len != 12) {
1339 *error = "Authenticator length wrong";
1343 msg_len = tvb_length_remaining(p->msg_tvb,0);
1345 *error = "Not enough data remaining";
1348 msg = (guint8*)ep_tvb_memdup(p->msg_tvb,0,msg_len);
1350 auth = (guint8*)ep_tvb_memdup(p->auth_tvb,0,auth_len);
1352 start = p->auth_offset - p->start_offset;
1353 end = start + auth_len;
1355 /* fill the authenticator with zeros */
1356 for ( i = start ; i < end ; i++ ) {
1360 calc_auth = (guint8*)ep_alloc(20);
1362 sha1_hmac(key, key_len, msg, msg_len, calc_auth);
1364 if (calc_auth_p) *calc_auth_p = calc_auth;
1365 if (calc_auth_len_p) *calc_auth_len_p = 12;
1367 return ( memcmp(auth,calc_auth,12) != 0 ) ? FALSE : TRUE;
1371 snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar const** error _U_)
1373 #ifdef HAVE_LIBGCRYPT
1375 gcry_cipher_hd_t hd = NULL;
1378 guint8* des_key = p->user_assoc->user.privKey.data; /* first 8 bytes */
1379 guint8* pre_iv = &(p->user_assoc->user.privKey.data[8]); /* last 8 bytes */
1384 tvbuff_t* clear_tvb;
1389 salt_len = tvb_length_remaining(p->priv_tvb,0);
1391 if (salt_len != 8) {
1392 *error = "decryptionError: msgPrivacyParameters length != 8";
1396 salt = (guint8*)ep_tvb_memdup(p->priv_tvb,0,salt_len);
1399 The resulting "salt" is XOR-ed with the pre-IV to obtain the IV.
1401 for (i=0; i<8; i++) {
1402 iv[i] = pre_iv[i] ^ salt[i];
1405 cryptgrm_len = tvb_length_remaining(encryptedData,0);
1407 if ((cryptgrm_len <= 0) || (cryptgrm_len % 8)) {
1408 *error = "decryptionError: the length of the encrypted data is not a mutiple of 8 octets";
1412 cryptgrm = (guint8*)ep_tvb_memdup(encryptedData,0,-1);
1414 cleartext = (guint8*)ep_alloc(cryptgrm_len);
1416 err = gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
1417 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1419 err = gcry_cipher_setiv(hd, iv, 8);
1420 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1422 err = gcry_cipher_setkey(hd,des_key,8);
1423 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1425 err = gcry_cipher_decrypt(hd, cleartext, cryptgrm_len, cryptgrm, cryptgrm_len);
1426 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1428 gcry_cipher_close(hd);
1430 clear_tvb = tvb_new_child_real_data(encryptedData, cleartext, cryptgrm_len, cryptgrm_len);
1435 *error = (void*)gpg_strerror(err);
1436 if (hd) gcry_cipher_close(hd);
1439 *error = "libgcrypt not present, cannot decrypt";
1445 snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar const** error _U_)
1447 #ifdef HAVE_LIBGCRYPT
1449 gcry_cipher_hd_t hd = NULL;
1452 guint8* aes_key = p->user_assoc->user.privKey.data; /* first 16 bytes */
1457 tvbuff_t* clear_tvb;
1459 priv_len = tvb_length_remaining(p->priv_tvb,0);
1461 if (priv_len != 8) {
1462 *error = "decryptionError: msgPrivacyParameters length != 8";
1466 iv[0] = (p->boots & 0xff000000) >> 24;
1467 iv[1] = (p->boots & 0x00ff0000) >> 16;
1468 iv[2] = (p->boots & 0x0000ff00) >> 8;
1469 iv[3] = (p->boots & 0x000000ff);
1470 iv[4] = (p->time & 0xff000000) >> 24;
1471 iv[5] = (p->time & 0x00ff0000) >> 16;
1472 iv[6] = (p->time & 0x0000ff00) >> 8;
1473 iv[7] = (p->time & 0x000000ff);
1474 tvb_memcpy(p->priv_tvb,&(iv[8]),0,8);
1476 cryptgrm_len = tvb_length_remaining(encryptedData,0);
1477 if (cryptgrm_len <= 0) {
1478 *error = "Not enough data remaining";
1481 cryptgrm = (guint8*)ep_tvb_memdup(encryptedData,0,-1);
1483 cleartext = (guint8*)ep_alloc(cryptgrm_len);
1485 err = gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 0);
1486 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1488 err = gcry_cipher_setiv(hd, iv, 16);
1489 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1491 err = gcry_cipher_setkey(hd,aes_key,16);
1492 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1494 err = gcry_cipher_decrypt(hd, cleartext, cryptgrm_len, cryptgrm, cryptgrm_len);
1495 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1497 gcry_cipher_close(hd);
1499 clear_tvb = tvb_new_child_real_data(encryptedData, cleartext, cryptgrm_len, cryptgrm_len);
1504 *error = (void*)gpg_strerror(err);
1505 if (hd) gcry_cipher_close(hd);
1508 *error = "libgcrypt not present, cannot decrypt";
1515 check_ScopedPdu(tvbuff_t* tvb)
1521 int hoffset, eoffset;
1524 offset = get_ber_identifier(tvb, 0, &ber_class, &pc, &tag);
1525 offset = get_ber_length(tvb, offset, NULL, NULL);
1527 if ( ! (((ber_class!=BER_CLASS_APP) && (ber_class!=BER_CLASS_PRI) )
1528 && ( (!pc) || (ber_class!=BER_CLASS_UNI) || (tag!=BER_UNI_TAG_ENUMERATED) )
1531 if((tvb_get_guint8(tvb, offset)==0)&&(tvb_get_guint8(tvb, offset+1)==0))
1536 offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
1537 offset = get_ber_length(tvb, offset, &len, NULL);
1538 eoffset = offset + len;
1540 if (eoffset <= hoffset) return FALSE;
1542 if ((ber_class!=BER_CLASS_APP)&&(ber_class!=BER_CLASS_PRI))
1543 if( (ber_class!=BER_CLASS_UNI)
1544 ||((tag<BER_UNI_TAG_NumericString)&&(tag!=BER_UNI_TAG_OCTETSTRING)&&(tag!=BER_UNI_TAG_UTF8String)) )
1551 #include "packet-snmp-fn.c"
1555 dissect_snmp_pdu(tvbuff_t *tvb, int offset, packet_info *pinfo,
1556 proto_tree *tree, int proto, gint ett, gboolean is_tcp)
1559 guint length_remaining;
1561 gboolean pc, ind = 0;
1564 guint message_length;
1565 int start_offset = offset;
1566 guint32 version = 0;
1569 proto_tree *snmp_tree = NULL;
1570 proto_item *item = NULL;
1571 asn1_ctx_t asn1_ctx;
1572 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
1575 usm_p.msg_tvb = tvb;
1576 usm_p.start_offset = tvb_offset_from_real_beginning(tvb);
1577 usm_p.engine_tvb = NULL;
1578 usm_p.user_tvb = NULL;
1579 usm_p.auth_item = NULL;
1580 usm_p.auth_tvb = NULL;
1581 usm_p.auth_offset = 0;
1582 usm_p.priv_tvb = NULL;
1583 usm_p.user_assoc = NULL;
1584 usm_p.authenticated = FALSE;
1585 usm_p.encrypted = FALSE;
1588 usm_p.authOK = FALSE;
1591 * This will throw an exception if we don't have any data left.
1592 * That's what we want. (See "tcp_dissect_pdus()", which is
1593 * similar, but doesn't have to deal with ASN.1.
1594 * XXX - can we make "tcp_dissect_pdus()" provide enough
1595 * information to the "get_pdu_len" routine so that we could
1596 * have that routine deal with ASN.1, and just use
1597 * "tcp_dissect_pdus()"?)
1599 length_remaining = tvb_ensure_length_remaining(tvb, offset);
1601 /* NOTE: we have to parse the message piece by piece, since the
1602 * capture length may be less than the message length: a 'global'
1603 * parsing is likely to fail.
1607 * If this is SNMP-over-TCP, we might have to do reassembly
1608 * in order to read the "Sequence Of" header.
1610 if (is_tcp && snmp_desegment && pinfo->can_desegment) {
1612 * This is TCP, and we should, and can, do reassembly.
1614 * Is the "Sequence Of" header split across segment
1615 * boundaries? We require at least 6 bytes for the
1616 * header, which allows for a 4-byte length (ASN.1
1619 if (length_remaining < 6) {
1621 * Yes. Tell the TCP dissector where the data
1622 * for this message starts in the data it handed
1623 * us and that we need "some more data." Don't tell
1624 * it exactly how many bytes we need because if/when
1625 * we ask for even more (after the header) that will
1628 pinfo->desegment_offset = offset;
1629 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
1632 * Return 0, which means "I didn't dissect anything
1633 * because I don't have enough data - we need
1641 * OK, try to read the "Sequence Of" header; this gets the total
1642 * length of the SNMP message.
1644 /* Set tree to 0 to not display internal BER fields if option used.*/
1645 offset = dissect_ber_identifier(pinfo, 0, tvb, offset, &ber_class, &pc, &tag);
1646 /*Get the total octet length of the SNMP data*/
1647 offset = dissect_ber_length(pinfo, 0, tvb, offset, &len, &ind);
1648 message_length = len + 2;
1650 /*Get the SNMP version data*/
1651 offset = dissect_ber_integer(FALSE, &asn1_ctx, 0, tvb, offset, -1, &version);
1655 * If this is SNMP-over-TCP, we might have to do reassembly
1656 * to get all of this message.
1658 if (is_tcp && snmp_desegment && pinfo->can_desegment) {
1660 * Yes - is the message split across segment boundaries?
1662 if (length_remaining < message_length) {
1664 * Yes. Tell the TCP dissector where the data
1665 * for this message starts in the data it handed
1666 * us, and how many more bytes we need, and
1669 pinfo->desegment_offset = start_offset;
1670 pinfo->desegment_len =
1671 message_length - length_remaining;
1674 * Return 0, which means "I didn't dissect anything
1675 * because I don't have enough data - we need
1682 next_tvb_init(&var_list);
1684 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1685 proto_get_protocol_short_name(find_protocol_by_id(proto)));
1688 item = proto_tree_add_item(tree, proto, tvb, start_offset,
1689 message_length, ENC_BIG_ENDIAN);
1690 snmp_tree = proto_item_add_subtree(item, ett);
1696 offset = dissect_snmp_Message(FALSE , tvb, start_offset, &asn1_ctx, snmp_tree, -1);
1699 offset = dissect_snmp_Messagev2u(FALSE , tvb, start_offset, &asn1_ctx, snmp_tree, -1);
1703 offset = dissect_snmp_SNMPv3Message(FALSE , tvb, start_offset, &asn1_ctx, snmp_tree, -1);
1707 * Return the length remaining in the tvbuff, so
1708 * if this is SNMP-over-TCP, our caller thinks there's
1709 * nothing left to dissect.
1711 proto_tree_add_text(snmp_tree, tvb, offset, -1,"Unknown version");
1712 return length_remaining;
1716 /* There may be appended data after the SNMP data, so treat as raw
1717 * data which needs to be dissected in case of UDP as UDP is PDU oriented.
1719 if((!is_tcp) && (length_remaining > (guint)offset)) {
1720 next_tvb = tvb_new_subset_remaining(tvb, offset);
1721 call_dissector(data_handle, next_tvb, pinfo, tree);
1723 next_tvb_call(&var_list, pinfo, tree, NULL, data_handle);
1730 dissect_snmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1732 conversation_t *conversation;
1741 * See if this looks like SNMP or not. if not, return 0 so
1742 * wireshark can try som other dissector instead.
1744 /* All SNMP packets are BER encoded and consist of a SEQUENCE
1745 * that spans the entire PDU. The first item is an INTEGER that
1746 * has the values 0-2 (version 1-3).
1747 * if not it is not snmp.
1749 /* SNMP starts with a SEQUENCE */
1750 offset = get_ber_identifier(tvb, 0, &tmp_class, &tmp_pc, &tmp_tag);
1751 if((tmp_class!=BER_CLASS_UNI)||(tmp_tag!=BER_UNI_TAG_SEQUENCE)) {
1754 /* then comes a length which spans the rest of the tvb */
1755 offset = get_ber_length(tvb, offset, &tmp_length, &tmp_ind);
1756 /* if(tmp_length!=(guint32)tvb_reported_length_remaining(tvb, offset)) {
1757 * Losen the heuristic a bit to handle the case where data has intentionally
1758 * been added after the snmp PDU ( UDP case)
1760 if ( pinfo->ptype == PT_UDP ) {
1761 if(tmp_length>(guint32)tvb_reported_length_remaining(tvb, offset)) {
1765 if(tmp_length!=(guint32)tvb_reported_length_remaining(tvb, offset)) {
1769 /* then comes an INTEGER (version)*/
1770 get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
1771 if((tmp_class!=BER_CLASS_UNI)||(tmp_tag!=BER_UNI_TAG_INTEGER)) {
1774 /* do we need to test that version is 0 - 2 (version1-3) ? */
1778 * The first SNMP packet goes to the SNMP port; the second one
1779 * may come from some *other* port, but goes back to the same
1780 * IP address and port as the ones from which the first packet
1781 * came; all subsequent packets presumably go between those two
1782 * IP addresses and ports.
1784 * If this packet went to the SNMP port, we check to see if
1785 * there's already a conversation with one address/port pair
1786 * matching the source IP address and port of this packet,
1787 * the other address matching the destination IP address of this
1788 * packet, and any destination port.
1790 * If not, we create one, with its address 1/port 1 pair being
1791 * the source address/port of this packet, its address 2 being
1792 * the destination address of this packet, and its port 2 being
1793 * wildcarded, and give it the SNMP dissector as a dissector.
1795 if (pinfo->destport == UDP_PORT_SNMP) {
1796 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
1797 pinfo->srcport, 0, NO_PORT_B);
1798 if( (conversation == NULL) || (conversation->dissector_handle!=snmp_handle) ) {
1799 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
1800 pinfo->srcport, 0, NO_PORT2);
1801 conversation_set_dissector(conversation, snmp_handle);
1805 return dissect_snmp_pdu(tvb, 0, pinfo, tree, proto_snmp, ett_snmp, FALSE);
1809 dissect_snmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1814 while (tvb_reported_length_remaining(tvb, offset) > 0) {
1815 message_len = dissect_snmp_pdu(tvb, 0, pinfo, tree,
1816 proto_snmp, ett_snmp, TRUE);
1817 if (message_len == 0) {
1819 * We don't have all the data for that message,
1820 * so we need to do desegmentation;
1821 * "dissect_snmp_pdu()" has set that up.
1825 offset += message_len;
1830 dissect_smux(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1832 proto_tree *smux_tree = NULL;
1833 proto_item *item = NULL;
1835 next_tvb_init(&var_list);
1837 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMUX");
1840 item = proto_tree_add_item(tree, proto_smux, tvb, 0, -1, ENC_NA);
1841 smux_tree = proto_item_add_subtree(item, ett_smux);
1844 dissect_SMUX_PDUs_PDU(tvb, pinfo, smux_tree);
1849 MD5 Password to Key Algorithm
1853 snmp_usm_password_to_key_md5(const guint8 *password, guint passwordlen,
1854 const guint8 *engineID, guint engineLength,
1858 guint8 *cp, password_buf[64];
1859 guint32 password_index = 0;
1860 guint32 count = 0, i;
1862 md5_init(&MD); /* initialize MD5 */
1864 /**********************************************/
1865 /* Use while loop until we've done 1 Megabyte */
1866 /**********************************************/
1867 while (count < 1048576) {
1869 for (i = 0; i < 64; i++) {
1870 /*************************************************/
1871 /* Take the next octet of the password, wrapping */
1872 /* to the beginning of the password as necessary.*/
1873 /*************************************************/
1874 *cp++ = password[password_index++ % passwordlen];
1876 md5_append(&MD, password_buf, 64);
1879 md5_finish(&MD, key1); /* tell MD5 we're done */
1881 /*****************************************************/
1882 /* Now localize the key with the engineID and pass */
1883 /* through MD5 to produce final key */
1884 /* We ignore invalid engineLengths here. More strict */
1885 /* checking is done in snmp_users_update_cb. */
1886 /*****************************************************/
1889 md5_append(&MD, key1, 16);
1890 md5_append(&MD, engineID, engineLength);
1891 md5_append(&MD, key1, 16);
1892 md5_finish(&MD, key);
1901 SHA1 Password to Key Algorithm COPIED from RFC 3414 A.2.2
1905 snmp_usm_password_to_key_sha1(const guint8 *password, guint passwordlen,
1906 const guint8 *engineID, guint engineLength,
1910 guint8 *cp, password_buf[64];
1911 guint32 password_index = 0;
1912 guint32 count = 0, i;
1914 sha1_starts(&SH); /* initialize SHA */
1916 /**********************************************/
1917 /* Use while loop until we've done 1 Megabyte */
1918 /**********************************************/
1919 while (count < 1048576) {
1921 for (i = 0; i < 64; i++) {
1922 /*************************************************/
1923 /* Take the next octet of the password, wrapping */
1924 /* to the beginning of the password as necessary.*/
1925 /*************************************************/
1926 *cp++ = password[password_index++ % passwordlen];
1928 sha1_update (&SH, password_buf, 64);
1931 sha1_finish(&SH, key);
1933 /*****************************************************/
1934 /* Now localize the key with the engineID and pass */
1935 /* through SHA to produce final key */
1936 /* We ignore invalid engineLengths here. More strict */
1937 /* checking is done in snmp_users_update_cb. */
1938 /*****************************************************/
1941 sha1_update(&SH, key, 20);
1942 sha1_update(&SH, engineID, engineLength);
1943 sha1_update(&SH, key, 20);
1944 sha1_finish(&SH, key);
1955 snmp_users_copy_cb(void* dest, const void* orig, size_t len _U_)
1957 const snmp_ue_assoc_t* o = (const snmp_ue_assoc_t*)orig;
1958 snmp_ue_assoc_t* d = (snmp_ue_assoc_t*)dest;
1960 d->auth_model = o->auth_model;
1961 d->user.authModel = auth_models[o->auth_model];
1963 d->priv_proto = o->priv_proto;
1964 d->user.privProtocol = priv_protos[o->priv_proto];
1966 d->user.userName.data = (guint8*)g_memdup(o->user.userName.data,o->user.userName.len);
1967 d->user.userName.len = o->user.userName.len;
1969 d->user.authPassword.data = o->user.authPassword.data ? (guint8*)g_memdup(o->user.authPassword.data,o->user.authPassword.len) : NULL;
1970 d->user.authPassword.len = o->user.authPassword.len;
1972 d->user.privPassword.data = o->user.privPassword.data ? (guint8*)g_memdup(o->user.privPassword.data,o->user.privPassword.len) : NULL;
1973 d->user.privPassword.len = o->user.privPassword.len;
1975 d->engine.len = o->engine.len;
1976 if (o->engine.data) {
1977 d->engine.data = (guint8*)g_memdup(o->engine.data,o->engine.len);
1980 d->user.authKey.data = o->user.authKey.data ? (guint8*)g_memdup(o->user.authKey.data,o->user.authKey.len) : NULL;
1981 d->user.authKey.len = o->user.authKey.len;
1983 d->user.privKey.data = o->user.privKey.data ? (guint8*)g_memdup(o->user.privKey.data,o->user.privKey.len) : NULL;
1984 d->user.privKey.len = o->user.privKey.len;
1990 snmp_users_free_cb(void* p)
1992 snmp_ue_assoc_t* ue = (snmp_ue_assoc_t*)p;
1993 g_free(ue->user.userName.data);
1994 g_free(ue->user.authPassword.data);
1995 g_free(ue->user.privPassword.data);
1996 g_free(ue->user.authKey.data);
1997 g_free(ue->user.privKey.data);
1998 g_free(ue->engine.data);
2002 snmp_users_update_cb(void* p _U_, const char** err)
2004 snmp_ue_assoc_t* ue = (snmp_ue_assoc_t*)p;
2005 GString* es = g_string_new("");
2011 /* Nothing to update */
2014 if (! ue->user.userName.len)
2015 g_string_append_printf(es,"no userName\n");
2017 for (i=0; i<num_ueas-1; i++) {
2018 snmp_ue_assoc_t* u = &(ueas[i]);
2020 /* RFC 3411 section 5 */
2021 if ((u->engine.len > 0) && (u->engine.len < 5 || u->engine.len > 32)) {
2022 g_string_append_printf(es, "Invalid engineId length (%u). Must be between 5 and 32 (10 and 64 hex digits)\n", u->engine.len);
2026 if ( u->user.userName.len == ue->user.userName.len
2027 && u->engine.len == ue->engine.len ) {
2029 if (u->engine.len > 0 && memcmp( u->engine.data, ue->engine.data, u->engine.len ) == 0) {
2030 if ( memcmp( u->user.userName.data, ue->user.userName.data, ue->user.userName.len ) == 0 ) {
2031 /* XXX: make a string for the engineId */
2032 g_string_append_printf(es,"Duplicate key (userName='%s')\n",ue->user.userName.data);
2036 if (u->engine.len == 0) {
2037 if ( memcmp( u->user.userName.data, ue->user.userName.data, ue->user.userName.len ) == 0 ) {
2038 g_string_append_printf(es,"Duplicate key (userName='%s' engineId=NONE)\n",ue->user.userName.data);
2045 g_string_truncate(es,es->len-1);
2046 *err = ep_strdup(es->str);
2049 g_string_free(es,TRUE);
2055 UAT_LSTRING_CB_DEF(snmp_users,userName,snmp_ue_assoc_t,user.userName.data,user.userName.len)
2056 UAT_LSTRING_CB_DEF(snmp_users,authPassword,snmp_ue_assoc_t,user.authPassword.data,user.authPassword.len)
2057 UAT_LSTRING_CB_DEF(snmp_users,privPassword,snmp_ue_assoc_t,user.privPassword.data,user.privPassword.len)
2058 UAT_BUFFER_CB_DEF(snmp_users,engine_id,snmp_ue_assoc_t,engine.data,engine.len)
2059 UAT_VS_DEF(snmp_users,auth_model,snmp_ue_assoc_t,0,"MD5")
2060 UAT_VS_DEF(snmp_users,priv_proto,snmp_ue_assoc_t,0,"DES")
2063 snmp_specific_trap_copy_cb(void *dest, const void *orig, size_t len _U_)
2065 snmp_st_assoc_t *u = (snmp_st_assoc_t *)dest;
2066 const snmp_st_assoc_t *o = (const snmp_st_assoc_t *)orig;
2068 u->enterprise = g_strdup(o->enterprise);
2070 u->desc = g_strdup(o->desc);
2076 snmp_specific_trap_free_cb(void *r)
2078 snmp_st_assoc_t *u = (snmp_st_assoc_t *)r;
2080 g_free(u->enterprise);
2084 UAT_CSTRING_CB_DEF(specific_traps, enterprise, snmp_st_assoc_t)
2085 UAT_DEC_CB_DEF(specific_traps, trap, snmp_st_assoc_t)
2086 UAT_CSTRING_CB_DEF(specific_traps, desc, snmp_st_assoc_t)
2088 /*--- proto_register_snmp -------------------------------------------*/
2089 void proto_register_snmp(void) {
2090 /* List of fields */
2091 static hf_register_info hf[] = {
2092 { &hf_snmp_v3_flags_auth,
2093 { "Authenticated", "snmp.v3.flags.auth", FT_BOOLEAN, 8,
2094 TFS(&tfs_set_notset), TH_AUTH, NULL, HFILL }},
2095 { &hf_snmp_v3_flags_crypt,
2096 { "Encrypted", "snmp.v3.flags.crypt", FT_BOOLEAN, 8,
2097 TFS(&tfs_set_notset), TH_CRYPT, NULL, HFILL }},
2098 { &hf_snmp_v3_flags_report,
2099 { "Reportable", "snmp.v3.flags.report", FT_BOOLEAN, 8,
2100 TFS(&tfs_set_notset), TH_REPORT, NULL, HFILL }},
2101 { &hf_snmp_engineid_conform, {
2102 "Engine ID Conformance", "snmp.engineid.conform", FT_BOOLEAN, 8,
2103 TFS(&tfs_snmp_engineid_conform), F_SNMP_ENGINEID_CONFORM, "Engine ID RFC3411 Conformance", HFILL }},
2104 { &hf_snmp_engineid_enterprise, {
2105 "Engine Enterprise ID", "snmp.engineid.enterprise", FT_UINT32, BASE_DEC|BASE_EXT_STRING,
2106 &sminmpec_values_ext, 0, NULL, HFILL }},
2107 { &hf_snmp_engineid_format, {
2108 "Engine ID Format", "snmp.engineid.format", FT_UINT8, BASE_DEC,
2109 VALS(snmp_engineid_format_vals), 0, NULL, HFILL }},
2110 { &hf_snmp_engineid_ipv4, {
2111 "Engine ID Data: IPv4 address", "snmp.engineid.ipv4", FT_IPv4, BASE_NONE,
2112 NULL, 0, NULL, HFILL }},
2113 { &hf_snmp_engineid_ipv6, {
2114 "Engine ID Data: IPv6 address", "snmp.engineid.ipv6", FT_IPv6, BASE_NONE,
2115 NULL, 0, NULL, HFILL }},
2116 { &hf_snmp_engineid_cisco_type, {
2117 "Engine ID Data: Cisco type", "snmp.engineid.cisco.type", FT_UINT8, BASE_HEX,
2118 VALS(snmp_engineid_cisco_type_vals), 0, NULL, HFILL }},
2119 { &hf_snmp_engineid_mac, {
2120 "Engine ID Data: MAC address", "snmp.engineid.mac", FT_ETHER, BASE_NONE,
2121 NULL, 0, NULL, HFILL }},
2122 { &hf_snmp_engineid_text, {
2123 "Engine ID Data: Text", "snmp.engineid.text", FT_STRING, BASE_NONE,
2124 NULL, 0, NULL, HFILL }},
2125 { &hf_snmp_engineid_time, {
2126 "Engine ID Data: Creation Time", "snmp.engineid.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
2127 NULL, 0, NULL, HFILL }},
2128 { &hf_snmp_engineid_data, {
2129 "Engine ID Data", "snmp.engineid.data", FT_BYTES, BASE_NONE,
2130 NULL, 0, NULL, HFILL }},
2131 { &hf_snmp_msgAuthentication, {
2132 "Authentication", "snmp.v3.auth", FT_BOOLEAN, BASE_NONE,
2133 TFS(&auth_flags), 0, NULL, HFILL }},
2134 { &hf_snmp_decryptedPDU, {
2135 "Decrypted ScopedPDU", "snmp.decrypted_pdu", FT_BYTES, BASE_NONE,
2136 NULL, 0, "Decrypted PDU", HFILL }},
2137 { &hf_snmp_noSuchObject, {
2138 "noSuchObject", "snmp.noSuchObject", FT_NONE, BASE_NONE,
2139 NULL, 0, NULL, HFILL }},
2140 { &hf_snmp_noSuchInstance, {
2141 "noSuchInstance", "snmp.noSuchInstance", FT_NONE, BASE_NONE,
2142 NULL, 0, NULL, HFILL }},
2143 { &hf_snmp_endOfMibView, {
2144 "endOfMibView", "snmp.endOfMibView", FT_NONE, BASE_NONE,
2145 NULL, 0, NULL, HFILL }},
2146 { &hf_snmp_unSpecified, {
2147 "unSpecified", "snmp.unSpecified", FT_NONE, BASE_NONE,
2148 NULL, 0, NULL, HFILL }},
2150 { &hf_snmp_integer32_value, {
2151 "Value (Integer32)", "snmp.value.int", FT_INT64, BASE_DEC,
2152 NULL, 0, NULL, HFILL }},
2153 { &hf_snmp_octetstring_value, {
2154 "Value (OctetString)", "snmp.value.octets", FT_BYTES, BASE_NONE,
2155 NULL, 0, NULL, HFILL }},
2156 { &hf_snmp_oid_value, {
2157 "Value (OID)", "snmp.value.oid", FT_OID, BASE_NONE,
2158 NULL, 0, NULL, HFILL }},
2159 { &hf_snmp_null_value, {
2160 "Value (Null)", "snmp.value.null", FT_NONE, BASE_NONE,
2161 NULL, 0, NULL, HFILL }},
2162 { &hf_snmp_ipv4_value, {
2163 "Value (IpAddress)", "snmp.value.ipv4", FT_IPv4, BASE_NONE,
2164 NULL, 0, NULL, HFILL }},
2165 { &hf_snmp_ipv6_value, {
2166 "Value (IpAddress)", "snmp.value.ipv6", FT_IPv6, BASE_NONE,
2167 NULL, 0, NULL, HFILL }},
2168 { &hf_snmp_anyaddress_value, {
2169 "Value (IpAddress)", "snmp.value.addr", FT_BYTES, BASE_NONE,
2170 NULL, 0, NULL, HFILL }},
2171 { &hf_snmp_unsigned32_value, {
2172 "Value (Unsigned32)", "snmp.value.u32", FT_INT64, BASE_DEC,
2173 NULL, 0, NULL, HFILL }},
2174 { &hf_snmp_gauge32_value, {
2175 "Value (Gauge32)", "snmp.value.g32", FT_INT64, BASE_DEC,
2176 NULL, 0, NULL, HFILL }},
2177 { &hf_snmp_unknown_value, {
2178 "Value (Unknown)", "snmp.value.unk", FT_BYTES, BASE_NONE,
2179 NULL, 0, NULL, HFILL }},
2180 { &hf_snmp_counter_value, {
2181 "Value (Counter32)", "snmp.value.counter", FT_UINT64, BASE_DEC,
2182 NULL, 0, NULL, HFILL }},
2183 { &hf_snmp_big_counter_value, {
2184 "Value (Counter64)", "snmp.value.counter", FT_UINT64, BASE_DEC,
2185 NULL, 0, NULL, HFILL }},
2186 { &hf_snmp_nsap_value, {
2187 "Value (NSAP)", "snmp.value.nsap", FT_UINT64, BASE_DEC,
2188 NULL, 0, NULL, HFILL }},
2189 { &hf_snmp_timeticks_value, {
2190 "Value (Timeticks)", "snmp.value.timeticks", FT_UINT64, BASE_DEC,
2191 NULL, 0, NULL, HFILL }},
2192 { &hf_snmp_opaque_value, {
2193 "Value (Opaque)", "snmp.value.opaque", FT_BYTES, BASE_NONE,
2194 NULL, 0, NULL, HFILL }},
2195 { &hf_snmp_objectname, {
2196 "Object Name", "snmp.name", FT_OID, BASE_NONE,
2197 NULL, 0, NULL, HFILL }},
2198 { &hf_snmp_scalar_instance_index, {
2199 "Scalar Instance Index", "snmp.name.index", FT_UINT64, BASE_DEC,
2200 NULL, 0, NULL, HFILL }},
2203 #include "packet-snmp-hfarr.c"
2206 /* List of subtrees */
2207 static gint *ett[] = {
2213 &ett_authParameters,
2218 &ett_decoding_error,
2219 #include "packet-snmp-ettarr.c"
2221 module_t *snmp_module;
2223 static uat_field_t users_fields[] = {
2224 UAT_FLD_BUFFER(snmp_users,engine_id,"Engine ID","Engine-id for this entry (empty = any)"),
2225 UAT_FLD_LSTRING(snmp_users,userName,"Username","The username"),
2226 UAT_FLD_VS(snmp_users,auth_model,"Authentication model",auth_types,"Algorithm to be used for authentication."),
2227 UAT_FLD_LSTRING(snmp_users,authPassword,"Password","The password used for authenticating packets for this entry"),
2228 UAT_FLD_VS(snmp_users,priv_proto,"Privacy protocol",priv_types,"Algorithm to be used for privacy."),
2229 UAT_FLD_LSTRING(snmp_users,privPassword,"Privacy password","The password used for encrypting packets for this entry"),
2233 uat_t *assocs_uat = uat_new("SNMP Users",
2234 sizeof(snmp_ue_assoc_t),
2240 "ChSNMPUsersSection",
2242 snmp_users_update_cb,
2247 static uat_field_t specific_traps_flds[] = {
2248 UAT_FLD_CSTRING(specific_traps,enterprise,"Enterprise OID","Enterprise Object Identifier"),
2249 UAT_FLD_DEC(specific_traps,trap,"Trap Id","The specific-trap value"),
2250 UAT_FLD_CSTRING(specific_traps,desc,"Description","Trap type description"),
2254 uat_t* specific_traps_uat = uat_new("SNMP Enterprise Specific Trap Types",
2255 sizeof(snmp_st_assoc_t),
2256 "snmp_specific_traps",
2258 (void*) &specific_traps,
2259 &num_specific_traps,
2261 "ChSNMPEnterpriseSpecificTrapTypes",
2262 snmp_specific_trap_copy_cb,
2264 snmp_specific_trap_free_cb,
2266 specific_traps_flds);
2268 /* Register protocol */
2269 proto_snmp = proto_register_protocol(PNAME, PSNAME, PFNAME);
2270 new_register_dissector("snmp", dissect_snmp, proto_snmp);
2272 /* Register fields and subtrees */
2273 proto_register_field_array(proto_snmp, hf, array_length(hf));
2274 proto_register_subtree_array(ett, array_length(ett));
2277 /* Register configuration preferences */
2278 snmp_module = prefs_register_protocol(proto_snmp, process_prefs);
2279 prefs_register_bool_preference(snmp_module, "display_oid",
2280 "Show SNMP OID in info column",
2281 "Whether the SNMP OID should be shown in the info column",
2284 prefs_register_obsolete_preference(snmp_module, "mib_modules");
2285 prefs_register_obsolete_preference(snmp_module, "users_file");
2287 prefs_register_bool_preference(snmp_module, "desegment",
2288 "Reassemble SNMP-over-TCP messages\nspanning multiple TCP segments",
2289 "Whether the SNMP dissector should reassemble messages spanning multiple TCP segments."
2290 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
2293 prefs_register_bool_preference(snmp_module, "var_in_tree",
2294 "Display dissected variables inside SNMP tree",
2295 "ON - display dissected variables inside SNMP tree, OFF - display dissected variables in root tree after SNMP",
2298 prefs_register_uat_preference(snmp_module, "users_table",
2300 "Table of engine-user associations used for authentication and decryption",
2303 prefs_register_uat_preference(snmp_module, "specific_traps_table",
2304 "Enterprise Specific Trap Types",
2305 "Table of enterprise specific-trap type descriptions",
2306 specific_traps_uat);
2309 prefs_register_static_text_preference(snmp_module, "info_mibs",
2310 "MIB settings can be changed in the Name Resolution preferences",
2311 "MIB settings can be changed in the Name Resolution preferences");
2314 value_sub_dissectors_table = register_dissector_table("snmp.variable_oid","SNMP Variable OID", FT_STRING, BASE_NONE);
2316 register_init_routine(renew_ue_cache);
2318 register_ber_syntax_dissector("SNMP", proto_snmp, dissect_snmp_tcp);
2322 /*--- proto_reg_handoff_snmp ---------------------------------------*/
2323 void proto_reg_handoff_snmp(void) {
2324 dissector_handle_t snmp_tcp_handle;
2326 snmp_handle = find_dissector("snmp");
2328 dissector_add_uint("udp.port", UDP_PORT_SNMP, snmp_handle);
2329 dissector_add_uint("udp.port", UDP_PORT_SNMP_TRAP, snmp_handle);
2330 dissector_add_uint("udp.port", UDP_PORT_SNMP_PATROL, snmp_handle);
2331 dissector_add_uint("ethertype", ETHERTYPE_SNMP, snmp_handle);
2332 dissector_add_uint("ipx.socket", IPX_SOCKET_SNMP_AGENT, snmp_handle);
2333 dissector_add_uint("ipx.socket", IPX_SOCKET_SNMP_SINK, snmp_handle);
2334 dissector_add_uint("hpext.dxsap", HPEXT_SNMP, snmp_handle);
2336 snmp_tcp_handle = create_dissector_handle(dissect_snmp_tcp, proto_snmp);
2337 dissector_add_uint("tcp.port", TCP_PORT_SNMP, snmp_tcp_handle);
2338 dissector_add_uint("tcp.port", TCP_PORT_SNMP_TRAP, snmp_tcp_handle);
2340 data_handle = find_dissector("data");
2343 * Process preference settings.
2345 * We can't do this in the register routine, as preferences aren't
2346 * read until all dissector register routines have been called (so
2347 * that all dissector preferences have been registered).
2354 proto_register_smux(void)
2356 static hf_register_info hf[] = {
2358 { "Version", "smux.version", FT_UINT8, BASE_DEC, NULL,
2359 0x0, NULL, HFILL }},
2361 { "PDU type", "smux.pdutype", FT_UINT8, BASE_DEC, VALS(smux_types),
2362 0x0, NULL, HFILL }},
2364 static gint *ett[] = {
2368 proto_smux = proto_register_protocol("SNMP Multiplex Protocol",
2370 proto_register_field_array(proto_smux, hf, array_length(hf));
2371 proto_register_subtree_array(ett, array_length(ett));
2376 proto_reg_handoff_smux(void)
2378 dissector_handle_t smux_handle;
2380 smux_handle = create_dissector_handle(dissect_smux, proto_smux);
2381 dissector_add_uint("tcp.port", TCP_PORT_SMUX, smux_handle);