1 /* Do not modify this file. */
2 /* It is created automatically by the ASN.1 to Wireshark dissector compiler */
4 /* ../../tools/asn2wrs.py -b -p snmp -c ./snmp.cnf -s ./packet-snmp-template -D . snmp.asn */
6 /* Input file: packet-snmp-template.c */
8 #line 1 "packet-snmp-template.c"
10 * Routines for SNMP (simple network management protocol)
11 * Copyright (C) 1998 Didier Jorand
13 * See RFC 1157 for SNMPv1.
15 * See RFCs 1901, 1905, and 1906 for SNMPv2c.
17 * See RFCs 1905, 1906, 1909, and 1910 for SNMPv2u [historic].
19 * See RFCs 2570-2576 for SNMPv3
20 * Updated to use the asn2wrs compiler made by Tomas Kukosa
21 * Copyright (C) 2005 - 2006 Anders Broman [AT] ericsson.com
23 * See RFC 3414 for User-based Security Model for SNMPv3
24 * See RFC 3826 for (AES) Cipher Algorithm in the SNMP USM
25 * See RFC 2578 for Structure of Management Information Version 2 (SMIv2)
26 * Copyright (C) 2007 Luis E. Garcia Ontanon <luis.ontanon@gmail.com>
30 * Wireshark - Network traffic analyzer
31 * By Gerald Combs <gerald@wireshark.org>
32 * Copyright 1998 Gerald Combs
36 * GXSNMP -- An snmp mangament application
37 * Copyright (C) 1998 Gregory McLean & Jochen Friedrich
38 * Beholder RMON ethernet network monitor,Copyright (C) 1993 DNPAP group
40 * This program is free software; you can redistribute it and/or
41 * modify it under the terms of the GNU General Public License
42 * as published by the Free Software Foundation; either version 2
43 * of the License, or (at your option) any later version.
45 * This program is distributed in the hope that it will be useful,
46 * but WITHOUT ANY WARRANTY; without even the implied warranty of
47 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
48 * GNU General Public License for more details.
50 * You should have received a copy of the GNU General Public License
51 * along with this program; if not, write to the Free Software
52 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
55 #define D(args) do {printf args; fflush(stdout); } while(0)
67 #include <epan/packet.h>
68 #include <epan/strutil.h>
69 #include <epan/conversation.h>
71 #include <epan/prefs.h>
72 #include <epan/sminmpec.h>
73 #include <epan/emem.h>
74 #include <epan/next_tvb.h>
76 #include <epan/asn1.h>
77 #include "packet-ipx.h"
78 #include "packet-hpext.h"
81 #include "packet-ber.h"
83 #include "packet-snmp.h"
85 #include <epan/crypt/crypt-sha1.h>
86 #include <epan/crypt/crypt-md5.h>
87 #include <epan/expert.h>
88 #include <epan/report_err.h>
89 #include <epan/oids.h>
94 #include <winposixtype.h>
99 /* Take a pointer that may be null and return a pointer that's not null
100 by turning null pointers into pointers to the above null string,
101 and, if the argument pointer wasn't null, make sure we handle
102 non-printable characters in the string by escaping them. */
103 #define SAFE_STRING(s, l) (((s) != NULL) ? format_text((s), (l)) : "")
105 #define PNAME "Simple Network Management Protocol"
106 #define PSNAME "SNMP"
107 #define PFNAME "snmp"
109 #define UDP_PORT_SNMP 161
110 #define UDP_PORT_SNMP_TRAP 162
111 #define TCP_PORT_SNMP 161
112 #define TCP_PORT_SNMP_TRAP 162
113 #define TCP_PORT_SMUX 199
114 #define UDP_PORT_SNMP_PATROL 8161
116 /* Initialize the protocol and registered fields */
117 static int proto_snmp = -1;
118 static int proto_smux = -1;
120 static gboolean display_oid = TRUE;
121 static gboolean snmp_var_in_tree = TRUE;
123 static gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8**, guint*, gchar const**);
124 static gboolean snmp_usm_auth_sha1(snmp_usm_params_t* p, guint8**, guint*, gchar const**);
126 static tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t*, tvbuff_t*, gchar const**);
127 static tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t*, tvbuff_t*, gchar const**);
130 static void snmp_usm_password_to_key_md5(const guint8 *password, guint passwordlen, const guint8 *engineID, guint engineLength, guint8 *key);
131 static void snmp_usm_password_to_key_sha1(const guint8 *password, guint passwordlen, const guint8 *engineID, guint engineLength, guint8 *key);
134 static snmp_usm_auth_model_t model_md5 = {snmp_usm_password_to_key_md5, snmp_usm_auth_md5, 16};
135 static snmp_usm_auth_model_t model_sha1 = {snmp_usm_password_to_key_sha1, snmp_usm_auth_sha1, 20};
137 static value_string auth_types[] = {
142 static snmp_usm_auth_model_t* auth_models[] = {&model_md5,&model_sha1};
145 static value_string priv_types[] = {
150 static snmp_usm_decoder_t priv_protos[] = {snmp_usm_priv_des, snmp_usm_priv_aes};
152 static snmp_ue_assoc_t* ueas = NULL;
153 static guint num_ueas = 0;
154 static uat_t* assocs_uat = NULL;
155 static snmp_ue_assoc_t* localized_ues = NULL;
156 static snmp_ue_assoc_t* unlocalized_ues = NULL;
161 static snmp_usm_params_t usm_p = {FALSE,FALSE,0,0,0,0,NULL,NULL,NULL,NULL,NULL,NULL,NULL,FALSE};
164 #define TH_CRYPT 0x02
165 #define TH_REPORT 0x04
167 /* desegmentation of SNMP-over-TCP */
168 static gboolean snmp_desegment = TRUE;
170 /* Global variables */
172 guint32 MsgSecurityModel;
173 tvbuff_t *oid_tvb=NULL;
174 tvbuff_t *value_tvb=NULL;
176 static dissector_handle_t snmp_handle;
177 static dissector_handle_t data_handle;
179 static next_tvb_list_t var_list;
181 static int hf_snmp_v3_flags_auth = -1;
182 static int hf_snmp_v3_flags_crypt = -1;
183 static int hf_snmp_v3_flags_report = -1;
185 static int hf_snmp_engineid_conform = -1;
186 static int hf_snmp_engineid_enterprise = -1;
187 static int hf_snmp_engineid_format = -1;
188 static int hf_snmp_engineid_ipv4 = -1;
189 static int hf_snmp_engineid_ipv6 = -1;
190 static int hf_snmp_engineid_mac = -1;
191 static int hf_snmp_engineid_text = -1;
192 static int hf_snmp_engineid_time = -1;
193 static int hf_snmp_engineid_data = -1;
194 static int hf_snmp_decryptedPDU = -1;
195 static int hf_snmp_msgAuthentication = -1;
197 static int hf_snmp_noSuchObject = -1;
198 static int hf_snmp_noSuchInstance = -1;
199 static int hf_snmp_endOfMibView = -1;
200 static int hf_snmp_unSpecified = -1;
202 static int hf_snmp_integer32_value = -1;
203 static int hf_snmp_octestring_value = -1;
204 static int hf_snmp_oid_value = -1;
205 static int hf_snmp_null_value = -1;
206 static int hf_snmp_ipv4_value = -1;
207 static int hf_snmp_ipv6_value = -1;
208 static int hf_snmp_anyaddress_value = -1;
209 static int hf_snmp_unsigned32_value = -1;
210 static int hf_snmp_unknown_value = -1;
211 static int hf_snmp_opaque_value = -1;
212 static int hf_snmp_nsap_value = -1;
213 static int hf_snmp_counter_value = -1;
214 static int hf_snmp_timeticks_value = -1;
215 static int hf_snmp_big_counter_value = -1;
216 static int hf_snmp_gauge32_value = -1;
218 static int hf_snmp_objectname = -1;
219 static int hf_snmp_scalar_instance_index = -1;
223 /*--- Included file: packet-snmp-hf.c ---*/
224 #line 1 "packet-snmp-hf.c"
225 static int hf_snmp_SMUX_PDUs_PDU = -1; /* SMUX_PDUs */
226 static int hf_snmp_version = -1; /* Version */
227 static int hf_snmp_community = -1; /* OCTET_STRING */
228 static int hf_snmp_data = -1; /* PDUs */
229 static int hf_snmp_parameters = -1; /* OCTET_STRING */
230 static int hf_snmp_datav2u = -1; /* T_datav2u */
231 static int hf_snmp_v2u_plaintext = -1; /* PDUs */
232 static int hf_snmp_encrypted = -1; /* OCTET_STRING */
233 static int hf_snmp_msgAuthoritativeEngineID = -1; /* T_msgAuthoritativeEngineID */
234 static int hf_snmp_msgAuthoritativeEngineBoots = -1; /* T_msgAuthoritativeEngineBoots */
235 static int hf_snmp_msgAuthoritativeEngineTime = -1; /* T_msgAuthoritativeEngineTime */
236 static int hf_snmp_msgUserName = -1; /* T_msgUserName */
237 static int hf_snmp_msgAuthenticationParameters = -1; /* T_msgAuthenticationParameters */
238 static int hf_snmp_msgPrivacyParameters = -1; /* T_msgPrivacyParameters */
239 static int hf_snmp_msgVersion = -1; /* Version */
240 static int hf_snmp_msgGlobalData = -1; /* HeaderData */
241 static int hf_snmp_msgSecurityParameters = -1; /* T_msgSecurityParameters */
242 static int hf_snmp_msgData = -1; /* ScopedPduData */
243 static int hf_snmp_msgID = -1; /* INTEGER_0_2147483647 */
244 static int hf_snmp_msgMaxSize = -1; /* INTEGER_484_2147483647 */
245 static int hf_snmp_msgFlags = -1; /* T_msgFlags */
246 static int hf_snmp_msgSecurityModel = -1; /* T_msgSecurityModel */
247 static int hf_snmp_plaintext = -1; /* ScopedPDU */
248 static int hf_snmp_encryptedPDU = -1; /* T_encryptedPDU */
249 static int hf_snmp_contextEngineID = -1; /* SnmpEngineID */
250 static int hf_snmp_contextName = -1; /* OCTET_STRING */
251 static int hf_snmp_get_request = -1; /* GetRequest_PDU */
252 static int hf_snmp_get_next_request = -1; /* GetNextRequest_PDU */
253 static int hf_snmp_get_response = -1; /* GetResponse_PDU */
254 static int hf_snmp_set_request = -1; /* SetRequest_PDU */
255 static int hf_snmp_trap = -1; /* Trap_PDU */
256 static int hf_snmp_getBulkRequest = -1; /* GetBulkRequest_PDU */
257 static int hf_snmp_informRequest = -1; /* InformRequest_PDU */
258 static int hf_snmp_sNMPv2_Trap = -1; /* SNMPv2_Trap_PDU */
259 static int hf_snmp_report = -1; /* Report_PDU */
260 static int hf_snmp_request_id = -1; /* INTEGER */
261 static int hf_snmp_error_status = -1; /* T_error_status */
262 static int hf_snmp_error_index = -1; /* INTEGER */
263 static int hf_snmp_variable_bindings = -1; /* VarBindList */
264 static int hf_snmp_bulkPDU_request_id = -1; /* Integer32 */
265 static int hf_snmp_non_repeaters = -1; /* INTEGER_0_2147483647 */
266 static int hf_snmp_max_repetitions = -1; /* INTEGER_0_2147483647 */
267 static int hf_snmp_enterprise = -1; /* OBJECT_IDENTIFIER */
268 static int hf_snmp_agent_addr = -1; /* NetworkAddress */
269 static int hf_snmp_generic_trap = -1; /* T_generic_trap */
270 static int hf_snmp_specific_trap = -1; /* INTEGER */
271 static int hf_snmp_time_stamp = -1; /* TimeTicks */
272 static int hf_snmp_name = -1; /* ObjectName */
273 static int hf_snmp_valueType = -1; /* NULL */
274 static int hf_snmp_VarBindList_item = -1; /* VarBind */
275 static int hf_snmp_open = -1; /* OpenPDU */
276 static int hf_snmp_close = -1; /* ClosePDU */
277 static int hf_snmp_registerRequest = -1; /* RReqPDU */
278 static int hf_snmp_registerResponse = -1; /* RegisterResponse */
279 static int hf_snmp_commitOrRollback = -1; /* SOutPDU */
280 static int hf_snmp_rRspPDU = -1; /* RRspPDU */
281 static int hf_snmp_pDUs = -1; /* PDUs */
282 static int hf_snmp_smux_simple = -1; /* SimpleOpen */
283 static int hf_snmp_smux_version = -1; /* T_smux_version */
284 static int hf_snmp_identity = -1; /* OBJECT_IDENTIFIER */
285 static int hf_snmp_description = -1; /* DisplayString */
286 static int hf_snmp_password = -1; /* OCTET_STRING */
287 static int hf_snmp_subtree = -1; /* ObjectName */
288 static int hf_snmp_priority = -1; /* INTEGER_M1_2147483647 */
289 static int hf_snmp_operation = -1; /* T_operation */
291 /*--- End of included file: packet-snmp-hf.c ---*/
292 #line 215 "packet-snmp-template.c"
294 static int hf_smux_version = -1;
295 static int hf_smux_pdutype = -1;
297 /* Initialize the subtree pointers */
298 static gint ett_smux = -1;
299 static gint ett_snmp = -1;
300 static gint ett_engineid = -1;
301 static gint ett_msgFlags = -1;
302 static gint ett_encryptedPDU = -1;
303 static gint ett_decrypted = -1;
304 static gint ett_authParameters = -1;
305 static gint ett_internet = -1;
306 static gint ett_varbind = -1;
307 static gint ett_name = -1;
308 static gint ett_value = -1;
309 static gint ett_decoding_error = -1;
312 /*--- Included file: packet-snmp-ett.c ---*/
313 #line 1 "packet-snmp-ett.c"
314 static gint ett_snmp_Message = -1;
315 static gint ett_snmp_Messagev2u = -1;
316 static gint ett_snmp_T_datav2u = -1;
317 static gint ett_snmp_UsmSecurityParameters = -1;
318 static gint ett_snmp_SNMPv3Message = -1;
319 static gint ett_snmp_HeaderData = -1;
320 static gint ett_snmp_ScopedPduData = -1;
321 static gint ett_snmp_ScopedPDU = -1;
322 static gint ett_snmp_PDUs = -1;
323 static gint ett_snmp_PDU = -1;
324 static gint ett_snmp_BulkPDU = -1;
325 static gint ett_snmp_Trap_PDU_U = -1;
326 static gint ett_snmp_VarBind = -1;
327 static gint ett_snmp_VarBindList = -1;
328 static gint ett_snmp_SMUX_PDUs = -1;
329 static gint ett_snmp_RegisterResponse = -1;
330 static gint ett_snmp_OpenPDU = -1;
331 static gint ett_snmp_SimpleOpen_U = -1;
332 static gint ett_snmp_RReqPDU_U = -1;
334 /*--- End of included file: packet-snmp-ett.c ---*/
335 #line 234 "packet-snmp-template.c"
337 static const true_false_string auth_flags = {
342 /* Security Models */
344 #define SNMP_SEC_ANY 0
345 #define SNMP_SEC_V1 1
346 #define SNMP_SEC_V2C 2
347 #define SNMP_SEC_USM 3
349 static const value_string sec_models[] = {
350 { SNMP_SEC_ANY, "Any" },
351 { SNMP_SEC_V1, "V1" },
352 { SNMP_SEC_V2C, "V2C" },
353 { SNMP_SEC_USM, "USM" },
358 #define SMUX_MSG_OPEN 0
359 #define SMUX_MSG_CLOSE 1
360 #define SMUX_MSG_RREQ 2
361 #define SMUX_MSG_RRSP 3
362 #define SMUX_MSG_SOUT 4
364 static const value_string smux_types[] = {
365 { SMUX_MSG_OPEN, "Open" },
366 { SMUX_MSG_CLOSE, "Close" },
367 { SMUX_MSG_RREQ, "Registration Request" },
368 { SMUX_MSG_RRSP, "Registration Response" },
369 { SMUX_MSG_SOUT, "Commit Or Rollback" },
374 #define SNMP_IPA 0 /* IP Address */
375 #define SNMP_CNT 1 /* Counter (Counter32) */
376 #define SNMP_GGE 2 /* Gauge (Gauge32) */
377 #define SNMP_TIT 3 /* TimeTicks */
378 #define SNMP_OPQ 4 /* Opaque */
379 #define SNMP_NSP 5 /* NsapAddress */
380 #define SNMP_C64 6 /* Counter64 */
381 #define SNMP_U32 7 /* Uinteger32 */
388 dissector_table_t value_sub_dissectors_table;
391 * dissect_snmp_VarBind
392 * this routine dissects variable bindings, looking for the oid information in our oid reporsitory
393 * to format and add the value adequatelly.
395 * The choice to handwrite this code instead of using the asn compiler is to avoid having tons
396 * of uses of global variables distributed in very different parts of the code.
397 * Other than that there's a cosmetic thing: the tree from ASN generated code would be so
398 * convoluted due to the nesting of CHOICEs in the definition of VarBind/value.
400 * XXX: the length of this function (~400 lines) is an aberration!
401 * oid_key_t:key_type could become a series of callbacks instead of an enum
402 * the (! oid_info_is_ok) switch could be made into an array (would be slower)
405 NetworkAddress ::= CHOICE { internet IpAddress }
406 IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4))
407 TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295)
408 Integer32 ::= INTEGER (-2147483648..2147483647)
409 ObjectName ::= OBJECT IDENTIFIER
410 Counter32 ::= [APPLICATION 1] IMPLICIT INTEGER (0..4294967295)
411 Gauge32 ::= [APPLICATION 2] IMPLICIT INTEGER (0..4294967295)
412 Unsigned32 ::= [APPLICATION 2] IMPLICIT INTEGER (0..4294967295)
413 Integer-value ::= INTEGER (-2147483648..2147483647)
414 Integer32 ::= INTEGER (-2147483648..2147483647)
415 ObjectID-value ::= OBJECT IDENTIFIER
417 TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295)
418 Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING
419 Counter64 ::= [APPLICATION 6] IMPLICIT INTEGER (0..18446744073709551615)
421 ObjectSyntax ::= CHOICE {
423 application-wide ApplicationSyntax
426 SimpleSyntax ::= CHOICE {
427 integer-value Integer-value,
428 string-value String-value,
429 objectID-value ObjectID-value,
433 ApplicationSyntax ::= CHOICE {
434 ipAddress-value IpAddress,
435 counter-value Counter32,
436 timeticks-value TimeTicks,
437 arbitrary-value Opaque,
438 big-counter-value Counter64,
439 unsigned-integer-value Unsigned32
442 ValueType ::= CHOICE {
445 noSuchObject[0] IMPLICIT NULL,
446 noSuchInstance[1] IMPLICIT NULL,
447 endOfMibView[2] IMPLICIT NULL
450 VarBind ::= SEQUENCE {
457 extern int dissect_snmp_VarBind(gboolean implicit_tag _U_,
463 int seq_offset, name_offset, value_offset, value_start;
464 guint32 seq_len, name_len, value_len;
471 oid_info_t* oid_info = NULL;
472 guint oid_matched, oid_left;
473 proto_item *pi_name, *pi_varbind, *pi_value = NULL;
474 proto_tree *pt, *pt_varbind, *pt_name, *pt_value;
475 char label[ITEM_LABEL_LENGTH];
479 int min_len = 0, max_len = 0;
480 gboolean oid_info_is_ok;
481 const char* oid_string = NULL;
482 enum {BER_NO_ERROR, BER_WRONG_LENGTH, BER_WRONG_TAG} format_error = BER_NO_ERROR;
486 /* first have the VarBind's sequence header */
487 offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
488 offset = get_ber_length(tvb, offset, &seq_len, &ind);
490 seq_len += offset - seq_offset;
492 if (!pc && ber_class==BER_CLASS_UNI && tag==BER_UNI_TAG_SEQUENCE) {
493 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"VarBind must be an universal class sequence");
494 pt = proto_item_add_subtree(pi,ett_decoding_error);
495 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "VarBind is not an universal class sequence");
496 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
500 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"Indicator must be clear in VarBind");
501 pt = proto_item_add_subtree(pi,ett_decoding_error);
502 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "VarBind has indicator set");
503 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
506 /* then we have the ObjectName's header */
508 offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
509 name_offset = offset = get_ber_length(tvb, offset, &name_len, &ind);
511 if (! ( !pc && ber_class==BER_CLASS_UNI && tag==BER_UNI_TAG_OID) ) {
512 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"ObjectName must be an OID in primitive encoding");
513 pt = proto_item_add_subtree(pi,ett_decoding_error);
514 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "ObjectName not an OID");
515 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
519 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"Indicator must be clear in ObjectName");
520 pt = proto_item_add_subtree(pi,ett_decoding_error);
521 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "ObjectName has indicator set");
522 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
526 value_start = offset;
528 /* then we have the value's header */
529 offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
530 value_offset = offset = get_ber_length(tvb, offset, &value_len, &ind);
533 proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"the value must be in primitive encoding");
534 pt = proto_item_add_subtree(pi,ett_decoding_error);
535 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "value not in primitive encoding");
536 return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
539 /* Now, we know where everithing is */
543 /* we add the varbind tree root with a dummy label we'll fill later on */
544 pi_varbind = proto_tree_add_text(tree,tvb,seq_offset,seq_len,"VarBind");
545 pt_varbind = proto_item_add_subtree(pi_varbind,ett_varbind);
548 pi_name = proto_tree_add_item(pt_varbind,hf_snmp_objectname,tvb,name_offset,name_len,FALSE);
549 pt_name = proto_item_add_subtree(pi_name,ett_name);
551 /* fetch ObjectName and its relative oid_info */
552 oid_bytes = ep_tvb_memdup(tvb, name_offset, name_len);
553 oid_info = oid_get_from_encoded(oid_bytes, name_len, &subids, &oid_matched, &oid_left);
555 add_oid_debug_subtree(oid_info,pt_name);
557 if (subids && oid_matched+oid_left) {
558 oid_string = oid_subid2string(subids,oid_matched+oid_left);
561 if (ber_class == BER_CLASS_CON) {
562 /* if we have an error value just add it and get out the way ASAP */
566 if (value_len != 0) {
567 min_len = max_len = 0;
568 format_error = BER_WRONG_LENGTH;
573 hfid = hf_snmp_noSuchObject;
574 note = "noSuchObject";
577 hfid = hf_snmp_noSuchInstance;
578 note = "noSuchInstance";
581 hfid = hf_snmp_endOfMibView;
582 note = "endOfMibView";
585 pi = proto_tree_add_text(pt_varbind,tvb,0,0,"Wrong tag for Error Value: expected 0, 1, or 2 but got: %d",tag);
586 pt = proto_item_add_subtree(pi,ett_decoding_error);
587 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong tag for SNMP VarBind error value");
588 return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
592 pi = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,FALSE);
593 expert_add_info_format(actx->pinfo, pi, PI_RESPONSE_CODE, PI_NOTE, "%s",note);
594 g_strlcpy (label, note, ITEM_LABEL_LENGTH);
598 /* now we'll try to figure out which are the indexing sub-oids and whether the oid we know about is the one oid we have to use */
599 switch (oid_info->kind) {
600 case OID_KIND_SCALAR:
602 /* OK: we got the instance sub-id */
603 proto_tree_add_uint64(pt_name,hf_snmp_scalar_instance_index,tvb,name_offset,name_len,subids[oid_matched]);
604 oid_info_is_ok = TRUE;
606 } else if (oid_left == 0) {
607 if (ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
608 /* unSpecified does not require an instance sub-id add the new value and get off the way! */
609 pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,FALSE);
612 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"A scalar should have one instance sub-id this one has none");
613 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "No instance sub-id in scalar value");
614 oid_info_is_ok = FALSE;
618 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"A scalar should have only one instance sub-id this has: %d",oid_left);
619 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong number of instance sub-ids in scalar value");
620 oid_info_is_ok = FALSE;
624 case OID_KIND_COLUMN:
625 if ( oid_info->parent->kind == OID_KIND_ROW) {
626 oid_key_t* k = oid_info->parent->key;
627 guint key_start = oid_matched;
628 guint key_len = oid_left;
629 oid_info_is_ok = TRUE;
631 if ( key_len == 0 && ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
632 /* unSpecified does not require an instance sub-id add the new value and get off the way! */
633 pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,FALSE);
638 for (;k;k = k->next) {
641 if (key_start >= oid_matched+oid_left) {
642 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid shorter than expected");
643 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid shorter than expected");
644 oid_info_is_ok = FALSE;
648 switch(k->key_type) {
649 case OID_KEY_TYPE_WRONG: {
650 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"OID instaces not handled, if you want this implemented please contact the wireshark developpers");
651 expert_add_info_format(actx->pinfo, pi, PI_UNDECODED, PI_WARN, "Unimplemented instance index");
652 oid_info_is_ok = FALSE;
655 case OID_KEY_TYPE_INTEGER: {
656 if (IS_FT_INT(k->ft_type)) {
657 proto_tree_add_int(pt_name,k->hfid,tvb,name_offset,name_len,(guint)subids[key_start]);
658 } else { /* if it's not an unsigned int let proto_tree_add_uint throw a warning */
659 proto_tree_add_uint(pt_name,k->hfid,tvb,name_offset,name_len,(guint)subids[key_start]);
663 continue; /* k->next */
665 case OID_KEY_TYPE_IMPLIED_OID:
666 suboid_len = key_len;
670 case OID_KEY_TYPE_OID: {
672 guint suboid_buf_len;
675 suboid_len = subids[key_start++];
679 suboid = &(subids[key_start]);
681 if( suboid_len == 0 ) {
682 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"an index sub-oid OID cannot be 0 bytes long!");
683 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid OID with len=0");
684 oid_info_is_ok = FALSE;
688 if( key_len < suboid_len ) {
689 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid should not be longer than remaining oid size");
690 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid longer than remaining oid size");
691 oid_info_is_ok = FALSE;
695 suboid_buf_len = oid_subid2encoded(suboid_len, suboid, &suboid_buf);
697 DISSECTOR_ASSERT(suboid_buf_len);
699 proto_tree_add_oid(pt_name,k->hfid,tvb,name_offset, suboid_buf_len, suboid_buf);
701 key_start += suboid_len;
702 key_len -= suboid_len + 1;
703 continue; /* k->next */
712 switch (k->key_type) {
713 case OID_KEY_TYPE_IPADDR:
714 suboid = &(subids[key_start]);
717 case OID_KEY_TYPE_IMPLIED_STRING:
718 case OID_KEY_TYPE_IMPLIED_BYTES:
719 suboid = &(subids[key_start]);
723 buf_len = k->num_subids;
724 suboid = &(subids[key_start]);
734 if( key_len < buf_len ) {
735 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index string should not be longer than remaining oid size");
736 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index string longer than remaining oid size");
737 oid_info_is_ok = FALSE;
741 buf = ep_alloc(buf_len+1);
742 for (i = 0; i < buf_len; i++)
743 buf[i] = (guint8)suboid[i];
746 switch(k->key_type) {
747 case OID_KEY_TYPE_STRING:
748 case OID_KEY_TYPE_IMPLIED_STRING:
749 proto_tree_add_string(pt_name,k->hfid,tvb,name_offset,buf_len, buf);
751 case OID_KEY_TYPE_BYTES:
752 case OID_KEY_TYPE_NSAP:
753 case OID_KEY_TYPE_IMPLIED_BYTES:
754 proto_tree_add_bytes(pt_name,k->hfid,tvb,name_offset,buf_len, buf);
756 case OID_KEY_TYPE_IPADDR: {
757 guint32* ipv4_p = (void*)buf;
758 proto_tree_add_ipv4(pt_name,k->hfid,tvb,name_offset,buf_len, *ipv4_p);
761 DISSECTOR_ASSERT_NOT_REACHED();
766 key_start += buf_len;
768 continue; /* k->next*/
774 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"We do not know how to handle this OID, if you want this implemented please contact the wireshark developers");
775 expert_add_info_format(actx->pinfo, pi, PI_UNDECODED, PI_WARN, "Unimplemented instance index");
776 oid_info_is_ok = FALSE;
780 proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"The COLUMS's parent is not a ROW. This is a BUG! please contact the wireshark developers.");
781 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_ERROR, "COLUMS's parent is not a ROW");
782 oid_info_is_ok = FALSE;
786 /* proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"This kind OID should have no value");
787 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "This kind OID should have no value"); */
788 oid_info_is_ok = FALSE;
794 if (oid_info_is_ok) {
795 if (ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
796 pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,FALSE);
798 if ((oid_info->value_type->ber_class != BER_CLASS_ANY) &&
799 (ber_class != oid_info->value_type->ber_class))
800 format_error = BER_WRONG_TAG;
802 if ((oid_info->value_type->ber_tag != BER_TAG_ANY) &&
803 (tag != oid_info->value_type->ber_tag))
804 format_error = BER_WRONG_TAG;
806 max_len = oid_info->value_type->max_len == -1 ? 0xffffff : oid_info->value_type->max_len;
807 min_len = oid_info->value_type->min_len;
809 if ((int)value_len < min_len || (int)value_len > max_len)
810 format_error = BER_WRONG_LENGTH;
812 pi_value = proto_tree_add_item(pt_varbind,oid_info->value_hfid,tvb,value_offset,value_len,FALSE);
815 switch(ber_class|(tag<<4)) {
816 case BER_CLASS_UNI|(BER_UNI_TAG_INTEGER<<4):
817 max_len = 4; min_len = 1;
818 if (value_len > (guint)max_len && value_len < (guint)min_len) format_error = BER_WRONG_LENGTH;
819 hfid = hf_snmp_integer32_value;
821 case BER_CLASS_UNI|(BER_UNI_TAG_OCTETSTRING<<4):
822 hfid = hf_snmp_octestring_value;
824 case BER_CLASS_UNI|(BER_UNI_TAG_OID<<4):
825 max_len = -1; min_len = 1;
826 if (value_len < (guint)min_len) format_error = BER_WRONG_LENGTH;
827 hfid = hf_snmp_oid_value;
829 case BER_CLASS_UNI|(BER_UNI_TAG_NULL<<4):
830 max_len = 0; min_len = 0;
831 if (value_len != 0) format_error = BER_WRONG_LENGTH;
832 hfid = hf_snmp_null_value;
834 case BER_CLASS_APP: /* | (SNMP_IPA<<4)*/
836 case 4: hfid = hf_snmp_ipv4_value; break;
837 case 16: hfid = hf_snmp_ipv6_value; break;
838 default: hfid = hf_snmp_anyaddress_value; break;
841 case BER_CLASS_APP|(SNMP_U32<<4):
842 hfid = hf_snmp_unsigned32_value;
844 case BER_CLASS_APP|(SNMP_GGE<<4):
845 hfid = hf_snmp_gauge32_value;
847 case BER_CLASS_APP|(SNMP_CNT<<4):
848 hfid = hf_snmp_counter_value;
850 case BER_CLASS_APP|(SNMP_TIT<<4):
851 hfid = hf_snmp_timeticks_value;
853 case BER_CLASS_APP|(SNMP_OPQ<<4):
854 hfid = hf_snmp_opaque_value;
856 case BER_CLASS_APP|(SNMP_NSP<<4):
857 hfid = hf_snmp_nsap_value;
859 case BER_CLASS_APP|(SNMP_C64<<4):
860 hfid = hf_snmp_big_counter_value;
863 hfid = hf_snmp_unknown_value;
867 pi_value = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,FALSE);
868 expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Unresolved value, Missing MIB");
869 oid_info_is_ok = FALSE;
872 pt_value = proto_item_add_subtree(pi_value,ett_value);
874 if (value_len > 0 && oid_string) {
875 tvbuff_t* sub_tvb = tvb_new_subset(tvb, value_offset, value_len, value_len);
877 next_tvb_add_string(&var_list, sub_tvb, (snmp_var_in_tree) ? pt_value : NULL, value_sub_dissectors_table, oid_string);
882 if (pi_value) proto_item_fill_label(pi_value->finfo, label);
884 if (oid_info && oid_info->name) {
886 repr = ep_strdup_printf("%s.%s (%s)",
888 oid_subid2string(&(subids[oid_matched]),oid_left),
889 oid_subid2string(subids,oid_matched+oid_left));
891 repr = ep_strdup_printf("%s (%s)",
893 oid_subid2string(subids,oid_matched));
895 } else if (oid_string) {
896 repr = ep_strdup(oid_string);
898 repr = ep_strdup("[Bad OID]");
901 valstr = strstr(label,": ");
902 valstr = valstr ? valstr+2 : label;
904 proto_item_set_text(pi_varbind,"%s: %s",repr,valstr);
906 switch (format_error) {
907 case BER_WRONG_LENGTH: {
908 proto_tree* pt = proto_item_add_subtree(pi_value,ett_decoding_error);
909 proto_item* pi = proto_tree_add_text(pt,tvb,0,0,"Wrong value length: %u expecting: %u <= len <= %u",
912 max_len == -1 ? 0xFFFFFF : max_len);
913 pt = proto_item_add_subtree(pi,ett_decoding_error);
914 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong length for SNMP VarBind/value");
915 return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
917 case BER_WRONG_TAG: {
918 proto_tree* pt = proto_item_add_subtree(pi_value,ett_decoding_error);
919 proto_item* pi = proto_tree_add_text(pt,tvb,0,0,"Wrong class/tag for Value expected: %d,%d got: %d,%d",
920 oid_info->value_type->ber_class,
921 oid_info->value_type->ber_tag,
924 pt = proto_item_add_subtree(pi,ett_decoding_error);
925 expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong class/tag for SNMP VarBind/value");
926 return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
932 return seq_offset + seq_len;
936 #define F_SNMP_ENGINEID_CONFORM 0x80
937 #define SNMP_ENGINEID_RFC1910 0x00
938 #define SNMP_ENGINEID_RFC3411 0x01
940 static const true_false_string tfs_snmp_engineid_conform = {
942 "RFC1910 (Non-SNMPv3)"
945 #define SNMP_ENGINEID_FORMAT_IPV4 0x01
946 #define SNMP_ENGINEID_FORMAT_IPV6 0x02
947 #define SNMP_ENGINEID_FORMAT_MACADDRESS 0x03
948 #define SNMP_ENGINEID_FORMAT_TEXT 0x04
949 #define SNMP_ENGINEID_FORMAT_OCTETS 0x05
951 static const value_string snmp_engineid_format_vals[] = {
952 { SNMP_ENGINEID_FORMAT_IPV4, "IPv4 address" },
953 { SNMP_ENGINEID_FORMAT_IPV6, "IPv6 address" },
954 { SNMP_ENGINEID_FORMAT_MACADDRESS, "MAC address" },
955 { SNMP_ENGINEID_FORMAT_TEXT, "Text, administratively assigned" },
956 { SNMP_ENGINEID_FORMAT_OCTETS, "Octets, administratively assigned" },
961 * SNMP Engine ID dissection according to RFC 3411 (SnmpEngineID TC)
962 * or historic RFC 1910 (AgentID)
964 int dissect_snmp_engineid(proto_tree *tree, tvbuff_t *tvb, int offset, int len) {
965 proto_item *item = NULL;
966 guint8 conformance, format;
967 guint32 enterpriseid, seconds;
969 int len_remain = len;
971 /* first bit: engine id conformance */
972 if (len_remain<4) return offset;
973 conformance = ((tvb_get_guint8(tvb, offset)>>7) && 0x01);
974 proto_tree_add_item(tree, hf_snmp_engineid_conform, tvb, offset, 1, FALSE);
976 /* 4-byte enterprise number/name */
977 if (len_remain<4) return offset;
978 enterpriseid = tvb_get_ntohl(tvb, offset);
980 enterpriseid -= 0x80000000; /* ignore first bit */
981 proto_tree_add_uint(tree, hf_snmp_engineid_enterprise, tvb, offset, 4, enterpriseid);
985 switch(conformance) {
987 case SNMP_ENGINEID_RFC1910:
988 /* 12-byte AgentID w/ 8-byte trailer */
990 proto_tree_add_text(tree, tvb, offset, 8, "AgentID Trailer: 0x%s",
991 tvb_bytes_to_str(tvb, offset, 8));
995 proto_tree_add_text(tree, tvb, offset, len_remain, "<Data not conforming to RFC1910>");
1000 case SNMP_ENGINEID_RFC3411: /* variable length: 5..32 */
1002 /* 1-byte format specifier */
1003 if (len_remain<1) return offset;
1004 format = tvb_get_guint8(tvb, offset);
1005 item = proto_tree_add_uint_format(tree, hf_snmp_engineid_format, tvb, offset, 1, format, "Engine ID Format: %s (%d)",
1006 val_to_str(format, snmp_engineid_format_vals, "Reserved/Enterprise-specific"), format);
1011 case SNMP_ENGINEID_FORMAT_IPV4:
1012 /* 4-byte IPv4 address */
1013 if (len_remain==4) {
1014 proto_tree_add_item(tree, hf_snmp_engineid_ipv4, tvb, offset, 4, FALSE);
1019 case SNMP_ENGINEID_FORMAT_IPV6:
1020 /* 16-byte IPv6 address */
1021 if (len_remain==16) {
1022 proto_tree_add_item(tree, hf_snmp_engineid_ipv6, tvb, offset, 16, FALSE);
1027 case SNMP_ENGINEID_FORMAT_MACADDRESS:
1028 /* 6-byte MAC address */
1029 if (len_remain==6) {
1030 proto_tree_add_item(tree, hf_snmp_engineid_mac, tvb, offset, 6, FALSE);
1035 case SNMP_ENGINEID_FORMAT_TEXT:
1036 /* max. 27-byte string, administratively assigned */
1037 if (len_remain<=27) {
1038 proto_tree_add_item(tree, hf_snmp_engineid_text, tvb, offset, len_remain, FALSE);
1044 /* most common enterprise-specific format: (ucd|net)-snmp random */
1045 if ((enterpriseid==2021)||(enterpriseid==8072)) {
1046 proto_item_append_text(item, (enterpriseid==2021) ? ": UCD-SNMP Random" : ": Net-SNMP Random");
1047 /* demystify: 4B random, 4B epoch seconds */
1048 if (len_remain==8) {
1049 proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, 4, FALSE);
1050 seconds = tvb_get_letohl(tvb, offset+4);
1052 proto_tree_add_time_format(tree, hf_snmp_engineid_time, tvb, offset+4, 4,
1053 &ts, "Engine ID Data: Creation Time: %s",
1054 abs_time_secs_to_str(seconds));
1060 case SNMP_ENGINEID_FORMAT_OCTETS:
1062 /* max. 27 bytes, administratively assigned or unknown format */
1063 if (len_remain<=27) {
1064 proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, len_remain, FALSE);
1073 proto_tree_add_text(tree, tvb, offset, len_remain, "<Data not conforming to RFC3411>");
1080 static void set_ue_keys(snmp_ue_assoc_t* n ) {
1081 guint key_size = n->user.authModel->key_size;
1083 n->user.authKey.data = se_alloc(key_size);
1084 n->user.authKey.len = key_size;
1085 n->user.authModel->pass2key(n->user.authPassword.data,
1086 n->user.authPassword.len,
1089 n->user.authKey.data);
1091 n->user.privKey.data = se_alloc(key_size);
1092 n->user.privKey.len = key_size;
1093 n->user.authModel->pass2key(n->user.privPassword.data,
1094 n->user.privPassword.len,
1097 n->user.privKey.data);
1100 static snmp_ue_assoc_t* ue_se_dup(snmp_ue_assoc_t* o) {
1101 snmp_ue_assoc_t* d = se_memdup(o,sizeof(snmp_ue_assoc_t));
1103 d->user.authModel = o->user.authModel;
1105 d->user.privProtocol = o->user.privProtocol;
1107 d->user.userName.data = se_memdup(o->user.userName.data,o->user.userName.len);
1108 d->user.userName.len = o->user.userName.len;
1110 d->user.authPassword.data = o->user.authPassword.data ? se_memdup(o->user.authPassword.data,o->user.authPassword.len) : NULL;
1111 d->user.authPassword.len = o->user.authPassword.len;
1113 d->user.privPassword.data = o->user.privPassword.data ? se_memdup(o->user.privPassword.data,o->user.privPassword.len) : NULL;
1114 d->user.privPassword.len = o->user.privPassword.len;
1116 d->engine.len = o->engine.len;
1118 if (d->engine.len) {
1119 d->engine.data = se_memdup(o->engine.data,o->engine.len);
1128 #define CACHE_INSERT(c,a) if (c) { snmp_ue_assoc_t* t = c; c = a; c->next = t; } else { c = a; a->next = NULL; }
1130 static void renew_ue_cache(void) {
1134 localized_ues = NULL;
1135 unlocalized_ues = NULL;
1137 for(i = 0; i < num_ueas; i++) {
1138 snmp_ue_assoc_t* a = ue_se_dup(&(ueas[i]));
1140 if (a->engine.len) {
1141 CACHE_INSERT(localized_ues,a);
1144 CACHE_INSERT(unlocalized_ues,a);
1149 localized_ues = NULL;
1150 unlocalized_ues = NULL;
1155 static snmp_ue_assoc_t* localize_ue( snmp_ue_assoc_t* o, const guint8* engine, guint engine_len ) {
1156 snmp_ue_assoc_t* n = se_memdup(o,sizeof(snmp_ue_assoc_t));
1158 n->engine.data = se_memdup(engine,engine_len);
1159 n->engine.len = engine_len;
1167 #define localized_match(a,u,ul,e,el) \
1168 ( a->user.userName.len == ul \
1169 && a->engine.len == el \
1170 && memcmp( a->user.userName.data, u, (a->user.userName.len < ul) ? a->user.userName.len : ul ) == 0 \
1171 && memcmp( a->engine.data, e, (a->engine.len < el) ? a->engine.len : el ) == 0 )
1173 #define unlocalized_match(a,u,l) \
1174 ( a->user.userName.len == l && memcmp( a->user.userName.data, u, a->user.userName.len < l ? a->user.userName.len : l) == 0 )
1176 static snmp_ue_assoc_t* get_user_assoc(tvbuff_t* engine_tvb, tvbuff_t* user_tvb) {
1177 static snmp_ue_assoc_t* a;
1178 guint given_username_len;
1179 guint8* given_username;
1180 guint given_engine_len;
1181 guint8* given_engine;
1183 if ( ! (localized_ues || unlocalized_ues ) ) return NULL;
1185 if (! ( user_tvb && engine_tvb ) ) return NULL;
1187 given_username_len = tvb_length_remaining(user_tvb,0);
1188 given_username = ep_tvb_memdup(user_tvb,0,-1);
1189 given_engine_len = tvb_length_remaining(engine_tvb,0);
1190 given_engine = ep_tvb_memdup(engine_tvb,0,-1);
1192 for (a = localized_ues; a; a = a->next) {
1193 if ( localized_match(a, given_username, given_username_len, given_engine, given_engine_len) ) {
1198 for (a = unlocalized_ues; a; a = a->next) {
1199 if ( unlocalized_match(a, given_username, given_username_len) ) {
1200 snmp_ue_assoc_t* n = localize_ue( a, given_engine, given_engine_len );
1201 CACHE_INSERT(localized_ues,n);
1209 static gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error) {
1216 guint8 calc_auth[16];
1222 *error = "No Authenticator";
1226 key = p->user_assoc->user.authKey.data;
1227 key_len = p->user_assoc->user.authKey.len;
1230 *error = "User has no authKey";
1235 auth_len = tvb_length_remaining(p->auth_tvb,0);
1237 if (auth_len != 12) {
1238 *error = "Authenticator length wrong";
1242 msg_len = tvb_length_remaining(p->msg_tvb,0);
1243 msg = ep_tvb_memdup(p->msg_tvb,0,msg_len);
1246 auth = ep_tvb_memdup(p->auth_tvb,0,auth_len);
1248 start = p->auth_offset - p->start_offset;
1249 end = start + auth_len;
1251 /* fill the authenticator with zeros */
1252 for ( i = start ; i < end ; i++ ) {
1256 md5_hmac(msg, msg_len, key, key_len, calc_auth);
1258 if (calc_auth_p) *calc_auth_p = calc_auth;
1259 if (calc_auth_len_p) *calc_auth_len_p = 12;
1261 return ( memcmp(auth,calc_auth,12) != 0 ) ? FALSE : TRUE;
1265 static gboolean snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error _U_) {
1272 guint8 calc_auth[20];
1278 *error = "No Authenticator";
1282 key = p->user_assoc->user.authKey.data;
1283 key_len = p->user_assoc->user.authKey.len;
1286 *error = "User has no authKey";
1291 auth_len = tvb_length_remaining(p->auth_tvb,0);
1294 if (auth_len != 12) {
1295 *error = "Authenticator length wrong";
1299 msg_len = tvb_length_remaining(p->msg_tvb,0);
1300 msg = ep_tvb_memdup(p->msg_tvb,0,msg_len);
1302 auth = ep_tvb_memdup(p->auth_tvb,0,auth_len);
1304 start = p->auth_offset - p->start_offset;
1305 end = start + auth_len;
1307 /* fill the authenticator with zeros */
1308 for ( i = start ; i < end ; i++ ) {
1312 sha1_hmac(key, key_len, msg, msg_len, calc_auth);
1314 if (calc_auth_p) *calc_auth_p = calc_auth;
1315 if (calc_auth_len_p) *calc_auth_len_p = 12;
1317 return ( memcmp(auth,calc_auth,12) != 0 ) ? FALSE : TRUE;
1320 static tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar const** error _U_) {
1321 #ifdef HAVE_LIBGCRYPT
1323 gcry_cipher_hd_t hd = NULL;
1326 guint8* des_key = p->user_assoc->user.privKey.data; /* first 8 bytes */
1327 guint8* pre_iv = &(p->user_assoc->user.privKey.data[8]); /* last 8 bytes */
1332 tvbuff_t* clear_tvb;
1337 salt_len = tvb_length_remaining(p->priv_tvb,0);
1339 if (salt_len != 8) {
1340 *error = "decryptionError: msgPrivacyParameters length != 8";
1344 salt = ep_tvb_memdup(p->priv_tvb,0,salt_len);
1347 The resulting "salt" is XOR-ed with the pre-IV to obtain the IV.
1349 for (i=0; i<8; i++) {
1350 iv[i] = pre_iv[i] ^ salt[i];
1353 cryptgrm_len = tvb_length_remaining(encryptedData,0);
1355 if (cryptgrm_len % 8) {
1356 *error = "decryptionError: the length of the encrypted data is not a mutiple of 8 octets";
1360 cryptgrm = ep_tvb_memdup(encryptedData,0,-1);
1362 cleartext = ep_alloc(cryptgrm_len);
1364 err = gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
1365 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1367 err = gcry_cipher_setiv(hd, iv, 8);
1368 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1370 err = gcry_cipher_setkey(hd,des_key,8);
1371 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1373 err = gcry_cipher_decrypt(hd, cleartext, cryptgrm_len, cryptgrm, cryptgrm_len);
1374 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1376 gcry_cipher_close(hd);
1378 clear_tvb = tvb_new_real_data(cleartext, cryptgrm_len, cryptgrm_len);
1383 *error = (void*)gpg_strerror(err);
1384 if (hd) gcry_cipher_close(hd);
1387 *error = "libgcrypt not present, cannot decrypt";
1392 static tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar const** error _U_) {
1393 #ifdef HAVE_LIBGCRYPT
1395 gcry_cipher_hd_t hd = NULL;
1398 guint8* aes_key = p->user_assoc->user.privKey.data; /* first 16 bytes */
1403 tvbuff_t* clear_tvb;
1405 priv_len = tvb_length_remaining(p->priv_tvb,0);
1407 if (priv_len != 8) {
1408 *error = "decryptionError: msgPrivacyParameters length != 8";
1412 iv[0] = (p->boots & 0xff000000) >> 24;
1413 iv[1] = (p->boots & 0x00ff0000) >> 16;
1414 iv[2] = (p->boots & 0x0000ff00) >> 8;
1415 iv[3] = (p->boots & 0x000000ff);
1416 iv[4] = (p->time & 0xff000000) >> 24;
1417 iv[5] = (p->time & 0x00ff0000) >> 16;
1418 iv[6] = (p->time & 0x0000ff00) >> 8;
1419 iv[7] = (p->time & 0x000000ff);
1420 tvb_memcpy(p->priv_tvb,&(iv[8]),0,8);
1422 cryptgrm_len = tvb_length_remaining(encryptedData,0);
1423 cryptgrm = ep_tvb_memdup(encryptedData,0,-1);
1425 cleartext = ep_alloc(cryptgrm_len);
1427 err = gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 0);
1428 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1430 err = gcry_cipher_setiv(hd, iv, 16);
1431 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1433 err = gcry_cipher_setkey(hd,aes_key,16);
1434 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1436 err = gcry_cipher_decrypt(hd, cleartext, cryptgrm_len, cryptgrm, cryptgrm_len);
1437 if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
1439 gcry_cipher_close(hd);
1441 clear_tvb = tvb_new_real_data(cleartext, cryptgrm_len, cryptgrm_len);
1446 *error = (void*)gpg_strerror(err);
1447 if (hd) gcry_cipher_close(hd);
1450 *error = "libgcrypt not present, cannot decrypt";
1456 gboolean check_ScopedPdu(tvbuff_t* tvb) {
1461 int hoffset, eoffset;
1464 offset = get_ber_identifier(tvb, 0, &class, &pc, &tag);
1465 offset = get_ber_length(tvb, offset, NULL, NULL);
1467 if ( ! (((class!=BER_CLASS_APP) && (class!=BER_CLASS_PRI) )
1468 && ( (!pc) || (class!=BER_CLASS_UNI) || (tag!=BER_UNI_TAG_ENUMERATED) )
1471 if((tvb_get_guint8(tvb, offset)==0)&&(tvb_get_guint8(tvb, offset+1)==0))
1476 offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
1477 offset = get_ber_length(tvb, offset, &len, NULL);
1478 eoffset = offset + len;
1480 if (eoffset <= hoffset) return FALSE;
1482 if ((class!=BER_CLASS_APP)&&(class!=BER_CLASS_PRI))
1483 if( (class!=BER_CLASS_UNI)
1484 ||((tag<BER_UNI_TAG_NumericString)&&(tag!=BER_UNI_TAG_OCTETSTRING)&&(tag!=BER_UNI_TAG_UTF8String)) )
1492 /*--- Included file: packet-snmp-fn.c ---*/
1493 #line 1 "packet-snmp-fn.c"
1498 dissect_snmp_OCTET_STRING_SIZE_4(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1499 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1508 dissect_snmp_NetworkAddress(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1509 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1510 hf_index, BER_CLASS_APP, 0, TRUE, dissect_snmp_OCTET_STRING_SIZE_4);
1518 dissect_snmp_INTEGER_0_4294967295(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1519 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1528 dissect_snmp_TimeTicks(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1529 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1530 hf_index, BER_CLASS_APP, 3, TRUE, dissect_snmp_INTEGER_0_4294967295);
1538 dissect_snmp_Integer32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1539 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1548 dissect_snmp_ObjectName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1549 offset = dissect_ber_object_identifier(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1555 static const value_string snmp_Version_vals[] = {
1565 dissect_snmp_Version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1566 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1575 dissect_snmp_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1576 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1585 dissect_snmp_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1586 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1593 static const value_string snmp_T_error_status_vals[] = {
1596 { 2, "noSuchName" },
1602 { 8, "wrongLength" },
1603 { 9, "wrongEncoding" },
1604 { 10, "wrongValue" },
1605 { 11, "noCreation" },
1606 { 12, "inconsistentValue" },
1607 { 13, "resourceUnavailable" },
1608 { 14, "commitFailed" },
1609 { 15, "undoFailed" },
1610 { 16, "authorizationError" },
1611 { 17, "notWritable" },
1612 { 18, "inconsistentName" },
1618 dissect_snmp_T_error_status(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1619 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1628 dissect_snmp_NULL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1629 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index);
1636 static const ber_sequence_t VarBindList_sequence_of[1] = {
1637 { &hf_snmp_VarBindList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_snmp_VarBind },
1641 dissect_snmp_VarBindList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1642 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1643 VarBindList_sequence_of, hf_index, ett_snmp_VarBindList);
1649 static const ber_sequence_t PDU_sequence[] = {
1650 { &hf_snmp_request_id , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_INTEGER },
1651 { &hf_snmp_error_status , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_T_error_status },
1652 { &hf_snmp_error_index , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_INTEGER },
1653 { &hf_snmp_variable_bindings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_snmp_VarBindList },
1654 { NULL, 0, 0, 0, NULL }
1658 dissect_snmp_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1659 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1660 PDU_sequence, hf_index, ett_snmp_PDU);
1668 dissect_snmp_GetRequest_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1669 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1670 hf_index, BER_CLASS_CON, 0, TRUE, dissect_snmp_PDU);
1678 dissect_snmp_GetNextRequest_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1679 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1680 hf_index, BER_CLASS_CON, 1, TRUE, dissect_snmp_PDU);
1688 dissect_snmp_GetResponse_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1689 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1690 hf_index, BER_CLASS_CON, 2, TRUE, dissect_snmp_PDU);
1698 dissect_snmp_SetRequest_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1699 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1700 hf_index, BER_CLASS_CON, 3, TRUE, dissect_snmp_PDU);
1708 dissect_snmp_OBJECT_IDENTIFIER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1709 offset = dissect_ber_object_identifier(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1715 static const value_string snmp_T_generic_trap_vals[] = {
1720 { 4, "authenticationFailure" },
1721 { 5, "egpNeighborLoss" },
1722 { 6, "enterpriseSpecific" },
1728 dissect_snmp_T_generic_trap(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1729 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1736 static const ber_sequence_t Trap_PDU_U_sequence[] = {
1737 { &hf_snmp_enterprise , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_snmp_OBJECT_IDENTIFIER },
1738 { &hf_snmp_agent_addr , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_snmp_NetworkAddress },
1739 { &hf_snmp_generic_trap , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_T_generic_trap },
1740 { &hf_snmp_specific_trap , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_INTEGER },
1741 { &hf_snmp_time_stamp , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_snmp_TimeTicks },
1742 { &hf_snmp_variable_bindings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_snmp_VarBindList },
1743 { NULL, 0, 0, 0, NULL }
1747 dissect_snmp_Trap_PDU_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1748 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1749 Trap_PDU_U_sequence, hf_index, ett_snmp_Trap_PDU_U);
1757 dissect_snmp_Trap_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1758 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1759 hf_index, BER_CLASS_CON, 4, TRUE, dissect_snmp_Trap_PDU_U);
1767 dissect_snmp_INTEGER_0_2147483647(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1768 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1775 static const ber_sequence_t BulkPDU_sequence[] = {
1776 { &hf_snmp_bulkPDU_request_id, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_Integer32 },
1777 { &hf_snmp_non_repeaters , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_INTEGER_0_2147483647 },
1778 { &hf_snmp_max_repetitions, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_INTEGER_0_2147483647 },
1779 { &hf_snmp_variable_bindings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_snmp_VarBindList },
1780 { NULL, 0, 0, 0, NULL }
1784 dissect_snmp_BulkPDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1785 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1786 BulkPDU_sequence, hf_index, ett_snmp_BulkPDU);
1794 dissect_snmp_GetBulkRequest_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1795 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1796 hf_index, BER_CLASS_CON, 5, TRUE, dissect_snmp_BulkPDU);
1804 dissect_snmp_InformRequest_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1805 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1806 hf_index, BER_CLASS_CON, 6, TRUE, dissect_snmp_PDU);
1814 dissect_snmp_SNMPv2_Trap_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1815 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1816 hf_index, BER_CLASS_CON, 7, TRUE, dissect_snmp_PDU);
1824 dissect_snmp_Report_PDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1825 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1826 hf_index, BER_CLASS_CON, 8, TRUE, dissect_snmp_PDU);
1832 static const value_string snmp_PDUs_vals[] = {
1833 { 0, "get-request" },
1834 { 1, "get-next-request" },
1835 { 2, "get-response" },
1836 { 3, "set-request" },
1838 { 5, "getBulkRequest" },
1839 { 6, "informRequest" },
1840 { 7, "sNMPv2-Trap" },
1845 static const ber_choice_t PDUs_choice[] = {
1846 { 0, &hf_snmp_get_request , BER_CLASS_CON, 0, BER_FLAGS_NOOWNTAG, dissect_snmp_GetRequest_PDU },
1847 { 1, &hf_snmp_get_next_request, BER_CLASS_CON, 1, BER_FLAGS_NOOWNTAG, dissect_snmp_GetNextRequest_PDU },
1848 { 2, &hf_snmp_get_response , BER_CLASS_CON, 2, BER_FLAGS_NOOWNTAG, dissect_snmp_GetResponse_PDU },
1849 { 3, &hf_snmp_set_request , BER_CLASS_CON, 3, BER_FLAGS_NOOWNTAG, dissect_snmp_SetRequest_PDU },
1850 { 4, &hf_snmp_trap , BER_CLASS_CON, 4, BER_FLAGS_NOOWNTAG, dissect_snmp_Trap_PDU },
1851 { 5, &hf_snmp_getBulkRequest , BER_CLASS_CON, 5, BER_FLAGS_NOOWNTAG, dissect_snmp_GetBulkRequest_PDU },
1852 { 6, &hf_snmp_informRequest , BER_CLASS_CON, 6, BER_FLAGS_NOOWNTAG, dissect_snmp_InformRequest_PDU },
1853 { 7, &hf_snmp_sNMPv2_Trap , BER_CLASS_CON, 7, BER_FLAGS_NOOWNTAG, dissect_snmp_SNMPv2_Trap_PDU },
1854 { 8, &hf_snmp_report , BER_CLASS_CON, 8, BER_FLAGS_NOOWNTAG, dissect_snmp_Report_PDU },
1855 { 0, NULL, 0, 0, 0, NULL }
1859 dissect_snmp_PDUs(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1863 offset = dissect_ber_choice(actx, tree, tvb, offset,
1864 PDUs_choice, hf_index, ett_snmp_PDUs,
1867 if( (pdu_type!=-1) && snmp_PDUs_vals[pdu_type].strptr ){
1868 if (check_col(actx->pinfo->cinfo, COL_INFO))
1869 col_add_str(actx->pinfo->cinfo, COL_INFO, snmp_PDUs_vals[pdu_type].strptr);
1878 static const ber_sequence_t Message_sequence[] = {
1879 { &hf_snmp_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_Version },
1880 { &hf_snmp_community , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_OCTET_STRING },
1881 { &hf_snmp_data , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_snmp_PDUs },
1882 { NULL, 0, 0, 0, NULL }
1886 dissect_snmp_Message(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1887 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1888 Message_sequence, hf_index, ett_snmp_Message);
1894 static const value_string snmp_T_datav2u_vals[] = {
1900 static const ber_choice_t T_datav2u_choice[] = {
1901 { 0, &hf_snmp_v2u_plaintext , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_snmp_PDUs },
1902 { 1, &hf_snmp_encrypted , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_OCTET_STRING },
1903 { 0, NULL, 0, 0, 0, NULL }
1907 dissect_snmp_T_datav2u(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1908 offset = dissect_ber_choice(actx, tree, tvb, offset,
1909 T_datav2u_choice, hf_index, ett_snmp_T_datav2u,
1916 static const ber_sequence_t Messagev2u_sequence[] = {
1917 { &hf_snmp_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_Version },
1918 { &hf_snmp_parameters , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_OCTET_STRING },
1919 { &hf_snmp_datav2u , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_snmp_T_datav2u },
1920 { NULL, 0, 0, 0, NULL }
1924 dissect_snmp_Messagev2u(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1925 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1926 Messagev2u_sequence, hf_index, ett_snmp_Messagev2u);
1934 dissect_snmp_SnmpEngineID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1936 tvbuff_t* param_tvb;
1938 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1941 proto_tree* engine_tree = proto_item_add_subtree(actx->created_item,ett_engineid);
1942 dissect_snmp_engineid(engine_tree, param_tvb, 0, tvb_length_remaining(param_tvb,0));
1953 dissect_snmp_T_msgAuthoritativeEngineID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1956 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1958 if (usm_p.engine_tvb) {
1959 proto_tree* engine_tree = proto_item_add_subtree(actx->created_item,ett_engineid);
1960 dissect_snmp_engineid(engine_tree, usm_p.engine_tvb, 0, tvb_length_remaining(usm_p.engine_tvb,0));
1971 dissect_snmp_T_msgAuthoritativeEngineBoots(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1972 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1981 dissect_snmp_T_msgAuthoritativeEngineTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1982 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1991 dissect_snmp_T_msgUserName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1992 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2001 dissect_snmp_T_msgAuthenticationParameters(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2003 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &usm_p.auth_tvb);
2004 if (usm_p.auth_tvb) {
2005 usm_p.auth_item = actx->created_item;
2006 usm_p.auth_offset = offset_from_real_beginning(usm_p.auth_tvb,0);
2016 dissect_snmp_T_msgPrivacyParameters(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2017 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2024 static const ber_sequence_t UsmSecurityParameters_sequence[] = {
2025 { &hf_snmp_msgAuthoritativeEngineID, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgAuthoritativeEngineID },
2026 { &hf_snmp_msgAuthoritativeEngineBoots, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgAuthoritativeEngineBoots },
2027 { &hf_snmp_msgAuthoritativeEngineTime, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgAuthoritativeEngineTime },
2028 { &hf_snmp_msgUserName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgUserName },
2029 { &hf_snmp_msgAuthenticationParameters, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgAuthenticationParameters },
2030 { &hf_snmp_msgPrivacyParameters, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgPrivacyParameters },
2031 { NULL, 0, 0, 0, NULL }
2035 dissect_snmp_UsmSecurityParameters(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2036 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2037 UsmSecurityParameters_sequence, hf_index, ett_snmp_UsmSecurityParameters);
2045 dissect_snmp_INTEGER_484_2147483647(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2046 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2055 dissect_snmp_T_msgFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2056 #line 202 "snmp.cnf"
2057 tvbuff_t *parameter_tvb = NULL;
2059 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2063 guint8 v3_flags = tvb_get_guint8(parameter_tvb, 0);
2064 proto_tree* flags_tree = proto_item_add_subtree(actx->created_item,ett_msgFlags);
2066 proto_tree_add_item(flags_tree, hf_snmp_v3_flags_report, parameter_tvb, 0, 1, FALSE);
2067 proto_tree_add_item(flags_tree, hf_snmp_v3_flags_crypt, parameter_tvb, 0, 1, FALSE);
2068 proto_tree_add_item(flags_tree, hf_snmp_v3_flags_auth, parameter_tvb, 0, 1, FALSE);
2070 usm_p.encrypted = v3_flags & TH_CRYPT ? TRUE : FALSE;
2071 usm_p.authenticated = v3_flags & TH_AUTH ? TRUE : FALSE;
2083 dissect_snmp_T_msgSecurityModel(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2084 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2091 static const ber_sequence_t HeaderData_sequence[] = {
2092 { &hf_snmp_msgID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_INTEGER_0_2147483647 },
2093 { &hf_snmp_msgMaxSize , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_INTEGER_484_2147483647 },
2094 { &hf_snmp_msgFlags , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgFlags },
2095 { &hf_snmp_msgSecurityModel, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgSecurityModel },
2096 { NULL, 0, 0, 0, NULL }
2100 dissect_snmp_HeaderData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2101 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2102 HeaderData_sequence, hf_index, ett_snmp_HeaderData);
2110 dissect_snmp_T_msgSecurityParameters(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2111 #line 145 "snmp.cnf"
2113 switch(MsgSecurityModel){
2114 case SNMP_SEC_USM: /* 3 */
2115 offset = dissect_snmp_UsmSecurityParameters(FALSE, tvb, offset+2, actx, tree, -1);
2116 usm_p.user_assoc = get_user_assoc(usm_p.engine_tvb, usm_p.user_tvb);
2118 case SNMP_SEC_ANY: /* 0 */
2119 case SNMP_SEC_V1: /* 1 */
2120 case SNMP_SEC_V2C: /* 2 */
2122 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2134 static const ber_sequence_t ScopedPDU_sequence[] = {
2135 { &hf_snmp_contextEngineID, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_SnmpEngineID },
2136 { &hf_snmp_contextName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_OCTET_STRING },
2137 { &hf_snmp_data , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_snmp_PDUs },
2138 { NULL, 0, 0, 0, NULL }
2142 dissect_snmp_ScopedPDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2143 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2144 ScopedPDU_sequence, hf_index, ett_snmp_ScopedPDU);
2152 dissect_snmp_T_encryptedPDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2154 tvbuff_t* crypt_tvb;
2155 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_snmp_encryptedPDU, &crypt_tvb);
2157 if( usm_p.encrypted && crypt_tvb
2159 && usm_p.user_assoc->user.privProtocol ) {
2161 const gchar* error = NULL;
2162 proto_tree* encryptedpdu_tree = proto_item_add_subtree(actx->created_item,ett_encryptedPDU);
2163 tvbuff_t* cleartext_tvb = usm_p.user_assoc->user.privProtocol(&usm_p, crypt_tvb, &error );
2165 if (! cleartext_tvb) {
2166 proto_item* cause = proto_tree_add_text(encryptedpdu_tree, crypt_tvb, 0, -1,
2167 "Failed to decrypt encryptedPDU: %s", error);
2169 expert_add_info_format(actx->pinfo, cause, PI_MALFORMED, PI_WARN,
2170 "Failed to decrypt encryptedPDU: %s", error);
2172 if (check_col(actx->pinfo->cinfo, COL_INFO))
2173 col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Failed to decrypt");
2177 proto_item* decrypted_item;
2178 proto_tree* decrypted_tree;
2180 if (! check_ScopedPdu(cleartext_tvb)) {
2181 proto_item* cause = proto_tree_add_text(encryptedpdu_tree, cleartext_tvb, 0, -1,
2182 "Decrypted data not formated as expected, wrong key?");
2184 expert_add_info_format(actx->pinfo, cause, PI_MALFORMED, PI_WARN,
2185 "Decrypted data not formated as expected");
2187 if (check_col(actx->pinfo->cinfo, COL_INFO))
2188 col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Decrypted data not formated as expected");
2194 add_new_data_source(actx->pinfo, cleartext_tvb, "Decrypted ScopedPDU");
2195 tvb_set_child_real_data_tvbuff(tvb, cleartext_tvb);
2197 decrypted_item = proto_tree_add_item(encryptedpdu_tree, hf_snmp_decryptedPDU,cleartext_tvb,0,-1,FALSE);
2198 decrypted_tree = proto_item_add_subtree(decrypted_item,ett_decrypted);
2199 dissect_snmp_ScopedPDU(FALSE, cleartext_tvb, 0, actx, decrypted_tree, -1);
2202 if (check_col(actx->pinfo->cinfo, COL_INFO))
2203 col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: privKey Unknown");
2212 static const value_string snmp_ScopedPduData_vals[] = {
2214 { 1, "encryptedPDU" },
2218 static const ber_choice_t ScopedPduData_choice[] = {
2219 { 0, &hf_snmp_plaintext , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_snmp_ScopedPDU },
2220 { 1, &hf_snmp_encryptedPDU , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_T_encryptedPDU },
2221 { 0, NULL, 0, 0, 0, NULL }
2225 dissect_snmp_ScopedPduData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2226 offset = dissect_ber_choice(actx, tree, tvb, offset,
2227 ScopedPduData_choice, hf_index, ett_snmp_ScopedPduData,
2234 static const ber_sequence_t SNMPv3Message_sequence[] = {
2235 { &hf_snmp_msgVersion , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_Version },
2236 { &hf_snmp_msgGlobalData , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_snmp_HeaderData },
2237 { &hf_snmp_msgSecurityParameters, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_T_msgSecurityParameters },
2238 { &hf_snmp_msgData , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_snmp_ScopedPduData },
2239 { NULL, 0, 0, 0, NULL }
2243 dissect_snmp_SNMPv3Message(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2244 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2245 SNMPv3Message_sequence, hf_index, ett_snmp_SNMPv3Message);
2247 #line 160 "snmp.cnf"
2249 if( usm_p.authenticated
2251 && usm_p.user_assoc->user.authModel ) {
2252 const gchar* error = NULL;
2253 proto_item* authen_item;
2254 proto_tree* authen_tree = proto_item_add_subtree(usm_p.auth_item,ett_authParameters);
2256 guint calc_auth_len;
2258 usm_p.authOK = usm_p.user_assoc->user.authModel->authenticate( &usm_p, &calc_auth, &calc_auth_len, &error );
2261 authen_item = proto_tree_add_text(authen_tree,tvb,0,0,"Error while verifying Messsage authenticity: %s", error);
2262 PROTO_ITEM_SET_GENERATED(authen_item);
2263 expert_add_info_format( actx->pinfo, authen_item, PI_MALFORMED, PI_ERROR, "Error while verifying Messsage authenticity: %s", error );
2268 authen_item = proto_tree_add_boolean(authen_tree, hf_snmp_msgAuthentication, tvb, 0, 0, usm_p.authOK);
2269 PROTO_ITEM_SET_GENERATED(authen_item);
2272 fmt = "SNMP Authentication OK";
2275 gchar* calc_auth_str = bytestring_to_str(calc_auth,calc_auth_len,' ');
2276 proto_item_append_text(authen_item, " calcuated = %s", calc_auth_str);
2277 fmt = "SNMP Authentication Error";
2281 expert_add_info_format( actx->pinfo, authen_item, PI_CHECKSUM, severity, fmt );
2290 static const value_string snmp_T_smux_version_vals[] = {
2297 dissect_snmp_T_smux_version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2298 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2307 dissect_snmp_DisplayString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2308 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2315 static const ber_sequence_t SimpleOpen_U_sequence[] = {
2316 { &hf_snmp_smux_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_T_smux_version },
2317 { &hf_snmp_identity , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_snmp_OBJECT_IDENTIFIER },
2318 { &hf_snmp_description , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_DisplayString },
2319 { &hf_snmp_password , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_snmp_OCTET_STRING },
2320 { NULL, 0, 0, 0, NULL }
2324 dissect_snmp_SimpleOpen_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2325 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2326 SimpleOpen_U_sequence, hf_index, ett_snmp_SimpleOpen_U);
2334 dissect_snmp_SimpleOpen(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2335 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2336 hf_index, BER_CLASS_APP, 0, TRUE, dissect_snmp_SimpleOpen_U);
2342 static const value_string snmp_OpenPDU_vals[] = {
2343 { 0, "smux-simple" },
2347 static const ber_choice_t OpenPDU_choice[] = {
2348 { 0, &hf_snmp_smux_simple , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_snmp_SimpleOpen },
2349 { 0, NULL, 0, 0, 0, NULL }
2353 dissect_snmp_OpenPDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2354 offset = dissect_ber_choice(actx, tree, tvb, offset,
2355 OpenPDU_choice, hf_index, ett_snmp_OpenPDU,
2362 static const value_string snmp_ClosePDU_U_vals[] = {
2364 { 1, "unsupportedVersion" },
2365 { 2, "packetFormat" },
2366 { 3, "protocolError" },
2367 { 4, "internalError" },
2368 { 5, "authenticationFailure" },
2374 dissect_snmp_ClosePDU_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2375 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2384 dissect_snmp_ClosePDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2385 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2386 hf_index, BER_CLASS_APP, 1, TRUE, dissect_snmp_ClosePDU_U);
2394 dissect_snmp_INTEGER_M1_2147483647(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2395 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2402 static const value_string snmp_T_operation_vals[] = {
2411 dissect_snmp_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2412 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2419 static const ber_sequence_t RReqPDU_U_sequence[] = {
2420 { &hf_snmp_subtree , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_snmp_ObjectName },
2421 { &hf_snmp_priority , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_INTEGER_M1_2147483647 },
2422 { &hf_snmp_operation , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_snmp_T_operation },
2423 { NULL, 0, 0, 0, NULL }
2427 dissect_snmp_RReqPDU_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2428 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2429 RReqPDU_U_sequence, hf_index, ett_snmp_RReqPDU_U);
2437 dissect_snmp_RReqPDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2438 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2439 hf_index, BER_CLASS_APP, 2, TRUE, dissect_snmp_RReqPDU_U);
2445 static const value_string snmp_RRspPDU_U_vals[] = {
2452 dissect_snmp_RRspPDU_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2453 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2462 dissect_snmp_RRspPDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2463 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2464 hf_index, BER_CLASS_APP, 3, TRUE, dissect_snmp_RRspPDU_U);
2470 static const value_string snmp_RegisterResponse_vals[] = {
2476 static const ber_choice_t RegisterResponse_choice[] = {
2477 { 0, &hf_snmp_rRspPDU , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_snmp_RRspPDU },
2478 { 1, &hf_snmp_pDUs , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_snmp_PDUs },
2479 { 0, NULL, 0, 0, 0, NULL }
2483 dissect_snmp_RegisterResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2484 offset = dissect_ber_choice(actx, tree, tvb, offset,
2485 RegisterResponse_choice, hf_index, ett_snmp_RegisterResponse,
2492 static const value_string snmp_SOutPDU_U_vals[] = {
2500 dissect_snmp_SOutPDU_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2501 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2510 dissect_snmp_SOutPDU(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2511 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2512 hf_index, BER_CLASS_APP, 4, TRUE, dissect_snmp_SOutPDU_U);
2518 static const value_string snmp_SMUX_PDUs_vals[] = {
2521 { 2, "registerRequest" },
2522 { 3, "registerResponse" },
2523 { 4, "commitOrRollback" },
2527 static const ber_choice_t SMUX_PDUs_choice[] = {
2528 { 0, &hf_snmp_open , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_snmp_OpenPDU },
2529 { 1, &hf_snmp_close , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_snmp_ClosePDU },
2530 { 2, &hf_snmp_registerRequest, BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_snmp_RReqPDU },
2531 { 3, &hf_snmp_registerResponse, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_snmp_RegisterResponse },
2532 { 4, &hf_snmp_commitOrRollback, BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_snmp_SOutPDU },
2533 { 0, NULL, 0, 0, 0, NULL }
2537 dissect_snmp_SMUX_PDUs(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2538 offset = dissect_ber_choice(actx, tree, tvb, offset,
2539 SMUX_PDUs_choice, hf_index, ett_snmp_SMUX_PDUs,
2547 static void dissect_SMUX_PDUs_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
2548 asn1_ctx_t asn1_ctx;
2549 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
2550 dissect_snmp_SMUX_PDUs(FALSE, tvb, 0, &asn1_ctx, tree, hf_snmp_SMUX_PDUs_PDU);
2554 /*--- End of included file: packet-snmp-fn.c ---*/
2555 #line 1390 "packet-snmp-template.c"
2559 dissect_snmp_pdu(tvbuff_t *tvb, int offset, packet_info *pinfo,
2560 proto_tree *tree, int proto, gint ett, gboolean is_tcp)
2563 guint length_remaining;
2565 gboolean pc, ind = 0;
2568 guint message_length;
2569 int start_offset = offset;
2570 guint32 version = 0;
2572 proto_tree *snmp_tree = NULL;
2573 proto_item *item = NULL;
2574 asn1_ctx_t asn1_ctx;
2575 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
2578 usm_p.msg_tvb = tvb;
2579 usm_p.start_offset = offset_from_real_beginning(tvb,0) ;
2580 usm_p.engine_tvb = NULL;
2581 usm_p.user_tvb = NULL;
2582 usm_p.auth_item = NULL;
2583 usm_p.auth_tvb = NULL;
2584 usm_p.auth_offset = 0;
2585 usm_p.priv_tvb = NULL;
2586 usm_p.user_assoc = NULL;
2587 usm_p.authenticated = FALSE;
2588 usm_p.encrypted = FALSE;
2591 usm_p.authOK = FALSE;
2594 * This will throw an exception if we don't have any data left.
2595 * That's what we want. (See "tcp_dissect_pdus()", which is
2596 * similar, but doesn't have to deal with ASN.1.
2597 * XXX - can we make "tcp_dissect_pdus()" provide enough
2598 * information to the "get_pdu_len" routine so that we could
2599 * have that routine deal with ASN.1, and just use
2600 * "tcp_dissect_pdus()"?)
2602 length_remaining = tvb_ensure_length_remaining(tvb, offset);
2604 /* NOTE: we have to parse the message piece by piece, since the
2605 * capture length may be less than the message length: a 'global'
2606 * parsing is likely to fail.
2610 * If this is SNMP-over-TCP, we might have to do reassembly
2611 * in order to read the "Sequence Of" header.
2613 if (is_tcp && snmp_desegment && pinfo->can_desegment) {
2615 * This is TCP, and we should, and can, do reassembly.
2617 * Is the "Sequence Of" header split across segment
2618 * boundaries? We requre at least 6 bytes for the
2619 * header, which allows for a 4-byte length (ASN.1
2622 if (length_remaining < 6) {
2623 pinfo->desegment_offset = offset;
2624 pinfo->desegment_len = 6 - length_remaining;
2627 * Return 0, which means "I didn't dissect anything
2628 * because I don't have enough data - we need
2636 * OK, try to read the "Sequence Of" header; this gets the total
2637 * length of the SNMP message.
2639 /* Set tree to 0 to not display internakl BER fields if option used.*/
2640 offset = dissect_ber_identifier(pinfo, 0, tvb, offset, &class, &pc, &tag);
2641 offset = dissect_ber_length(pinfo, 0, tvb, offset, &len, &ind);
2643 message_length = len + 2;
2644 offset = dissect_ber_integer(FALSE, &asn1_ctx, 0, tvb, offset, -1, &version);
2648 * If this is SNMP-over-TCP, we might have to do reassembly
2649 * to get all of this message.
2651 if (is_tcp && snmp_desegment && pinfo->can_desegment) {
2653 * Yes - is the message split across segment boundaries?
2655 if (length_remaining < message_length) {
2657 * Yes. Tell the TCP dissector where the data
2658 * for this message starts in the data it handed
2659 * us, and how many more bytes we need, and
2662 pinfo->desegment_offset = start_offset;
2663 pinfo->desegment_len =
2664 message_length - length_remaining;
2667 * Return 0, which means "I didn't dissect anything
2668 * because I don't have enough data - we need
2675 next_tvb_init(&var_list);
2677 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
2678 col_set_str(pinfo->cinfo, COL_PROTOCOL,
2679 proto_get_protocol_short_name(find_protocol_by_id(proto)));
2683 item = proto_tree_add_item(tree, proto, tvb, offset,
2684 message_length, FALSE);
2685 snmp_tree = proto_item_add_subtree(item, ett);
2691 offset = dissect_snmp_Message(FALSE , tvb, start_offset, &asn1_ctx, snmp_tree, -1);
2694 offset = dissect_snmp_Messagev2u(FALSE , tvb, start_offset, &asn1_ctx, snmp_tree, -1);
2698 offset = dissect_snmp_SNMPv3Message(FALSE , tvb, start_offset, &asn1_ctx, snmp_tree, -1);
2702 * Return the length remaining in the tvbuff, so
2703 * if this is SNMP-over-TCP, our caller thinks there's
2704 * nothing left to dissect.
2706 proto_tree_add_text(snmp_tree, tvb, offset, -1,"Unknown version");
2707 return length_remaining;
2711 next_tvb_call(&var_list, pinfo, tree, NULL, data_handle);
2717 dissect_snmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
2719 conversation_t *conversation;
2728 * See if this looks like SNMP or not. if not, return 0 so
2729 * wireshark can try som other dissector instead.
2731 /* All SNMP packets are BER encoded and consist of a SEQUENCE
2732 * that spans the entire PDU. The first item is an INTEGER that
2733 * has the values 0-2 (version 1-3).
2734 * if not it is not snmp.
2736 /* SNMP starts with a SEQUENCE */
2737 offset = get_ber_identifier(tvb, 0, &tmp_class, &tmp_pc, &tmp_tag);
2738 if((tmp_class!=BER_CLASS_UNI)||(tmp_tag!=BER_UNI_TAG_SEQUENCE)){
2741 /* then comes a length which spans the rest of the tvb */
2742 offset = get_ber_length(tvb, offset, &tmp_length, &tmp_ind);
2743 if(tmp_length!=(guint32)tvb_reported_length_remaining(tvb, offset)){
2746 /* then comes an INTEGER (version)*/
2747 offset = get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
2748 if((tmp_class!=BER_CLASS_UNI)||(tmp_tag!=BER_UNI_TAG_INTEGER)){
2751 /* do we need to test that version is 0 - 2 (version1-3) ? */
2755 * The first SNMP packet goes to the SNMP port; the second one
2756 * may come from some *other* port, but goes back to the same
2757 * IP address and port as the ones from which the first packet
2758 * came; all subsequent packets presumably go between those two
2759 * IP addresses and ports.
2761 * If this packet went to the SNMP port, we check to see if
2762 * there's already a conversation with one address/port pair
2763 * matching the source IP address and port of this packet,
2764 * the other address matching the destination IP address of this
2765 * packet, and any destination port.
2767 * If not, we create one, with its address 1/port 1 pair being
2768 * the source address/port of this packet, its address 2 being
2769 * the destination address of this packet, and its port 2 being
2770 * wildcarded, and give it the SNMP dissector as a dissector.
2772 if (pinfo->destport == UDP_PORT_SNMP) {
2773 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
2774 pinfo->srcport, 0, NO_PORT_B);
2775 if( (conversation == NULL) || (conversation->dissector_handle!=snmp_handle) ){
2776 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
2777 pinfo->srcport, 0, NO_PORT2);
2778 conversation_set_dissector(conversation, snmp_handle);
2782 return dissect_snmp_pdu(tvb, 0, pinfo, tree, proto_snmp, ett_snmp, FALSE);
2785 dissect_snmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
2790 while (tvb_reported_length_remaining(tvb, offset) > 0) {
2791 message_len = dissect_snmp_pdu(tvb, 0, pinfo, tree,
2792 proto_snmp, ett_snmp, TRUE);
2793 if (message_len == 0) {
2795 * We don't have all the data for that message,
2796 * so we need to do desegmentation;
2797 * "dissect_snmp_pdu()" has set that up.
2801 offset += message_len;
2806 dissect_smux(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
2808 proto_tree *smux_tree = NULL;
2809 proto_item *item = NULL;
2811 next_tvb_init(&var_list);
2813 if (check_col(pinfo->cinfo, COL_PROTOCOL))
2814 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMUX");
2817 item = proto_tree_add_item(tree, proto_smux, tvb, 0, -1, FALSE);
2818 smux_tree = proto_item_add_subtree(item, ett_smux);
2821 dissect_SMUX_PDUs_PDU(tvb, pinfo, tree);
2826 MD5 Password to Key Algorithm
2829 static void snmp_usm_password_to_key_md5(const guint8 *password,
2831 const guint8 *engineID,
2835 guint8 *cp, password_buf[64];
2836 guint32 password_index = 0;
2837 guint32 count = 0, i;
2839 md5_init(&MD); /* initialize MD5 */
2841 /**********************************************/
2842 /* Use while loop until we've done 1 Megabyte */
2843 /**********************************************/
2844 while (count < 1048576) {
2846 for (i = 0; i < 64; i++) {
2847 /*************************************************/
2848 /* Take the next octet of the password, wrapping */
2849 /* to the beginning of the password as necessary.*/
2850 /*************************************************/
2851 *cp++ = password[password_index++ % passwordlen];
2853 md5_append(&MD, password_buf, 64);
2856 md5_finish(&MD, key1); /* tell MD5 we're done */
2858 /*****************************************************/
2859 /* Now localize the key with the engineID and pass */
2860 /* through MD5 to produce final key */
2861 /* May want to ensure that engineLength <= 32, */
2862 /* otherwise need to use a buffer larger than 64 */
2863 /*****************************************************/
2866 md5_append(&MD, key1, 16);
2867 md5_append(&MD, engineID, engineLength);
2868 md5_append(&MD, key1, 16);
2869 md5_finish(&MD, key);
2878 SHA1 Password to Key Algorithm COPIED from RFC 3414 A.2.2
2881 static void snmp_usm_password_to_key_sha1(const guint8 *password,
2883 const guint8 *engineID,
2887 guint8 *cp, password_buf[72];
2888 guint32 password_index = 0;
2889 guint32 count = 0, i;
2891 sha1_starts(&SH); /* initialize SHA */
2893 /**********************************************/
2894 /* Use while loop until we've done 1 Megabyte */
2895 /**********************************************/
2896 while (count < 1048576) {
2898 for (i = 0; i < 64; i++) {
2899 /*************************************************/
2900 /* Take the next octet of the password, wrapping */
2901 /* to the beginning of the password as necessary.*/
2902 /*************************************************/
2903 *cp++ = password[password_index++ % passwordlen];
2905 sha1_update (&SH, password_buf, 64);
2908 sha1_finish(&SH, key);
2910 /*****************************************************/
2911 /* Now localize the key with the engineID and pass */
2912 /* through SHA to produce final key */
2913 /* May want to ensure that engineLength <= 32, */
2914 /* otherwise need to use a buffer larger than 72 */
2915 /*****************************************************/
2916 memcpy(password_buf, key, 20);
2917 memcpy(password_buf+20, engineID, engineLength);
2918 memcpy(password_buf+20+engineLength, key, 20);
2921 sha1_update(&SH, password_buf, 40+engineLength);
2922 sha1_finish(&SH, key);
2927 static void process_prefs(void) {}
2929 static void* snmp_users_copy_cb(void* dest, const void* orig, unsigned len _U_) {
2930 const snmp_ue_assoc_t* o = orig;
2931 snmp_ue_assoc_t* d = dest;
2933 d->auth_model = o->auth_model;
2934 d->user.authModel = auth_models[o->auth_model];
2936 d->priv_proto = o->priv_proto;
2937 d->user.privProtocol = priv_protos[o->priv_proto];
2939 d->user.userName.data = g_memdup(o->user.userName.data,o->user.userName.len);
2940 d->user.userName.len = o->user.userName.len;
2942 d->user.authPassword.data = o->user.authPassword.data ? g_memdup(o->user.authPassword.data,o->user.authPassword.len) : NULL;
2943 d->user.authPassword.len = o->user.authPassword.len;
2945 d->user.privPassword.data = o->user.privPassword.data ? g_memdup(o->user.privPassword.data,o->user.privPassword.len) : NULL;
2946 d->user.privPassword.len = o->user.privPassword.len;
2948 d->engine.len = o->engine.len;
2949 if (o->engine.data) {
2950 d->engine.data = g_memdup(o->engine.data,o->engine.len);
2953 d->user.authKey.data = o->user.authKey.data ? g_memdup(o->user.authKey.data,o->user.authKey.len) : NULL;
2954 d->user.authKey.len = o->user.authKey.len;
2956 d->user.privKey.data = o->user.privKey.data ? g_memdup(o->user.privKey.data,o->user.privKey.len) : NULL;
2957 d->user.privKey.len = o->user.privKey.len;
2962 static void snmp_users_free_cb(void* p) {
2963 snmp_ue_assoc_t* ue = p;
2964 if (ue->user.userName.data) g_free(ue->user.userName.data);
2965 if (ue->user.authPassword.data) g_free(ue->user.authPassword.data);
2966 if (ue->user.privPassword.data) g_free(ue->user.privPassword.data);
2967 if (ue->user.authKey.data) g_free(ue->user.authKey.data);
2968 if (ue->user.privKey.data) g_free(ue->user.privKey.data);
2969 if (ue->engine.data) g_free(ue->engine.data);
2972 static void snmp_users_update_cb(void* p _U_, const char** err) {
2973 snmp_ue_assoc_t* ue = p;
2974 GString* es = g_string_new("");
2978 if (! ue->user.userName.len) g_string_append(es,"no userName, ");
2979 if (ue->user.authPassword.len < 8) g_string_sprintfa(es,"short authPassword (%d), ", ue->user.authPassword.len);
2980 if (ue->user.privPassword.len < 8) g_string_sprintfa(es,"short privPassword (%d), ", ue->user.privPassword.len);
2983 g_string_truncate(es,es->len-2);
2984 *err = ep_strdup(es->str);
2987 g_string_free(es,TRUE);
2992 UAT_LSTRING_CB_DEF(snmp_users,userName,snmp_ue_assoc_t,user.userName.data,user.userName.len)
2993 UAT_LSTRING_CB_DEF(snmp_users,authPassword,snmp_ue_assoc_t,user.authPassword.data,user.authPassword.len)
2994 UAT_LSTRING_CB_DEF(snmp_users,privPassword,snmp_ue_assoc_t,user.privPassword.data,user.privPassword.len)
2995 UAT_BUFFER_CB_DEF(snmp_users,engine_id,snmp_ue_assoc_t,engine.data,engine.len)
2996 UAT_VS_DEF(snmp_users,auth_model,snmp_ue_assoc_t,0,"MD5")
2997 UAT_VS_DEF(snmp_users,priv_proto,snmp_ue_assoc_t,0,"DES")
2999 /*--- proto_register_snmp -------------------------------------------*/
3000 void proto_register_snmp(void) {
3001 /* List of fields */
3002 static hf_register_info hf[] = {
3003 { &hf_snmp_v3_flags_auth,
3004 { "Authenticated", "snmp.v3.flags.auth", FT_BOOLEAN, 8,
3005 TFS(&flags_set_truth), TH_AUTH, "", HFILL }},
3006 { &hf_snmp_v3_flags_crypt,
3007 { "Encrypted", "snmp.v3.flags.crypt", FT_BOOLEAN, 8,
3008 TFS(&flags_set_truth), TH_CRYPT, "", HFILL }},
3009 { &hf_snmp_v3_flags_report,
3010 { "Reportable", "snmp.v3.flags.report", FT_BOOLEAN, 8,
3011 TFS(&flags_set_truth), TH_REPORT, "", HFILL }},
3012 { &hf_snmp_engineid_conform, {
3013 "Engine ID Conformance", "snmp.engineid.conform", FT_BOOLEAN, 8,
3014 TFS(&tfs_snmp_engineid_conform), F_SNMP_ENGINEID_CONFORM, "Engine ID RFC3411 Conformance", HFILL }},
3015 { &hf_snmp_engineid_enterprise, {
3016 "Engine Enterprise ID", "snmp.engineid.enterprise", FT_UINT32, BASE_DEC,
3017 VALS(sminmpec_values), 0, "Engine Enterprise ID", HFILL }},
3018 { &hf_snmp_engineid_format, {
3019 "Engine ID Format", "snmp.engineid.format", FT_UINT8, BASE_DEC,
3020 VALS(snmp_engineid_format_vals), 0, "Engine ID Format", HFILL }},
3021 { &hf_snmp_engineid_ipv4, {
3022 "Engine ID Data: IPv4 address", "snmp.engineid.ipv4", FT_IPv4, BASE_NONE,
3023 NULL, 0, "Engine ID Data: IPv4 address", HFILL }},
3024 { &hf_snmp_engineid_ipv6, {
3025 "Engine ID Data: IPv6 address", "snmp.engineid.ipv6", FT_IPv6, BASE_NONE,
3026 NULL, 0, "Engine ID Data: IPv6 address", HFILL }},
3027 { &hf_snmp_engineid_mac, {
3028 "Engine ID Data: MAC address", "snmp.engineid.mac", FT_ETHER, BASE_NONE,
3029 NULL, 0, "Engine ID Data: MAC address", HFILL }},
3030 { &hf_snmp_engineid_text, {
3031 "Engine ID Data: Text", "snmp.engineid.text", FT_STRING, BASE_NONE,
3032 NULL, 0, "Engine ID Data: Text", HFILL }},
3033 { &hf_snmp_engineid_time, {
3034 "Engine ID Data: Time", "snmp.engineid.time", FT_ABSOLUTE_TIME, BASE_NONE,
3035 NULL, 0, "Engine ID Data: Time", HFILL }},
3036 { &hf_snmp_engineid_data, {
3037 "Engine ID Data", "snmp.engineid.data", FT_BYTES, BASE_HEX,
3038 NULL, 0, "Engine ID Data", HFILL }},
3039 { &hf_snmp_msgAuthentication,
3040 { "Authentication", "snmp.v3.auth", FT_BOOLEAN, 8,
3041 TFS(&auth_flags), 0, "", HFILL }},
3042 { &hf_snmp_decryptedPDU, {
3043 "Decrypted ScopedPDU", "snmp.decrypted_pdu", FT_BYTES, BASE_HEX,
3044 NULL, 0, "Decrypted PDU", HFILL }},
3045 { &hf_snmp_noSuchObject, { "noSuchObject", "snmp.noSuchObject", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
3046 { &hf_snmp_noSuchInstance, { "noSuchInstance", "snmp.noSuchInstance", FT_NONE, BASE_DEC, NULL, 0, "", HFILL }},
3047 { &hf_snmp_endOfMibView, { "endOfMibView", "snmp.endOfMibView", FT_NONE, BASE_DEC, NULL, 0, "", HFILL }},
3048 { &hf_snmp_unSpecified, { "unSpecified", "snmp.unSpecified", FT_NONE, BASE_DEC, NULL, 0, "", HFILL }},
3050 { &hf_snmp_integer32_value, { "Value (Integer32)", "snmp.value.int", FT_INT64, BASE_DEC, NULL, 0, "", HFILL }},
3051 { &hf_snmp_octestring_value, { "Value (OctetString)", "snmp.value.octets", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
3052 { &hf_snmp_oid_value, { "Value (OID)", "snmp.value.oid", FT_OID, BASE_NONE, NULL, 0, "", HFILL }},
3053 { &hf_snmp_null_value, { "Value (Null)", "snmp.value.null", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
3054 { &hf_snmp_ipv4_value, { "Value (IpAddress)", "snmp.value.ipv4", FT_IPv4, BASE_NONE, NULL, 0, "", HFILL }},
3055 { &hf_snmp_ipv6_value, { "Value (IpAddress)", "snmp.value.ipv6", FT_IPv6, BASE_NONE, NULL, 0, "", HFILL }},
3056 { &hf_snmp_anyaddress_value, { "Value (IpAddress)", "snmp.value.addr", FT_BYTES, BASE_DEC, NULL, 0, "", HFILL }},
3057 { &hf_snmp_unsigned32_value, { "Value (Unsigned32)", "snmp.value.u32", FT_INT64, BASE_DEC, NULL, 0, "", HFILL }},
3058 { &hf_snmp_gauge32_value, { "Value (Gauge32)", "snmp.value.g32", FT_INT64, BASE_DEC, NULL, 0, "", HFILL }},
3059 { &hf_snmp_unknown_value, { "Value (Unknown)", "snmp.value.unk", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
3060 { &hf_snmp_counter_value, { "Value (Counter32)", "snmp.value.counter", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
3061 { &hf_snmp_big_counter_value, { "Value (Counter64)", "snmp.value.counter", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
3062 { &hf_snmp_nsap_value, { "Value (NSAP)", "snmp.value.nsap", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
3063 { &hf_snmp_timeticks_value, { "Value (Timeticks)", "snmp.value.timeticks", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
3064 { &hf_snmp_opaque_value, { "Value (Opaque)", "snmp.value.opaque", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
3065 { &hf_snmp_objectname, { "Object Name", "snmp.name", FT_OID, BASE_NONE, NULL, 0, "", HFILL }},
3066 { &hf_snmp_scalar_instance_index, { "Scalar Instance Index", "snmp.name.index", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
3070 /*--- Included file: packet-snmp-hfarr.c ---*/
3071 #line 1 "packet-snmp-hfarr.c"
3072 { &hf_snmp_SMUX_PDUs_PDU,
3073 { "SMUX-PDUs", "snmp.SMUX_PDUs",
3074 FT_UINT32, BASE_DEC, VALS(snmp_SMUX_PDUs_vals), 0,
3075 "snmp.SMUX_PDUs", HFILL }},
3077 { "version", "snmp.version",
3078 FT_INT32, BASE_DEC, VALS(snmp_Version_vals), 0,
3079 "snmp.Version", HFILL }},
3080 { &hf_snmp_community,
3081 { "community", "snmp.community",
3082 FT_STRING, BASE_HEX, NULL, 0,
3083 "snmp.OCTET_STRING", HFILL }},
3085 { "data", "snmp.data",
3086 FT_UINT32, BASE_DEC, VALS(snmp_PDUs_vals), 0,
3087 "snmp.PDUs", HFILL }},
3088 { &hf_snmp_parameters,
3089 { "parameters", "snmp.parameters",
3090 FT_BYTES, BASE_HEX, NULL, 0,
3091 "snmp.OCTET_STRING", HFILL }},
3093 { "datav2u", "snmp.datav2u",
3094 FT_UINT32, BASE_DEC, VALS(snmp_T_datav2u_vals), 0,
3095 "snmp.T_datav2u", HFILL }},
3096 { &hf_snmp_v2u_plaintext,
3097 { "plaintext", "snmp.plaintext",
3098 FT_UINT32, BASE_DEC, VALS(snmp_PDUs_vals), 0,
3099 "snmp.PDUs", HFILL }},
3100 { &hf_snmp_encrypted,
3101 { "encrypted", "snmp.encrypted",
3102 FT_BYTES, BASE_HEX, NULL, 0,
3103 "snmp.OCTET_STRING", HFILL }},
3104 { &hf_snmp_msgAuthoritativeEngineID,
3105 { "msgAuthoritativeEngineID", "snmp.msgAuthoritativeEngineID",
3106 FT_BYTES, BASE_HEX, NULL, 0,
3107 "snmp.T_msgAuthoritativeEngineID", HFILL }},
3108 { &hf_snmp_msgAuthoritativeEngineBoots,
3109 { "msgAuthoritativeEngineBoots", "snmp.msgAuthoritativeEngineBoots",
3110 FT_UINT32, BASE_DEC, NULL, 0,
3111 "snmp.T_msgAuthoritativeEngineBoots", HFILL }},
3112 { &hf_snmp_msgAuthoritativeEngineTime,
3113 { "msgAuthoritativeEngineTime", "snmp.msgAuthoritativeEngineTime",
3114 FT_UINT32, BASE_DEC, NULL, 0,
3115 "snmp.T_msgAuthoritativeEngineTime", HFILL }},
3116 { &hf_snmp_msgUserName,
3117 { "msgUserName", "snmp.msgUserName",
3118 FT_STRING, BASE_HEX, NULL, 0,
3119 "snmp.T_msgUserName", HFILL }},
3120 { &hf_snmp_msgAuthenticationParameters,
3121 { "msgAuthenticationParameters", "snmp.msgAuthenticationParameters",
3122 FT_BYTES, BASE_HEX, NULL, 0,
3123 "snmp.T_msgAuthenticationParameters", HFILL }},
3124 { &hf_snmp_msgPrivacyParameters,
3125 { "msgPrivacyParameters", "snmp.msgPrivacyParameters",
3126 FT_BYTES, BASE_HEX, NULL, 0,
3127 "snmp.T_msgPrivacyParameters", HFILL }},
3128 { &hf_snmp_msgVersion,
3129 { "msgVersion", "snmp.msgVersion",
3130 FT_INT32, BASE_DEC, VALS(snmp_Version_vals), 0,
3131 "snmp.Version", HFILL }},
3132 { &hf_snmp_msgGlobalData,
3133 { "msgGlobalData", "snmp.msgGlobalData",
3134 FT_NONE, BASE_NONE, NULL, 0,
3135 "snmp.HeaderData", HFILL }},
3136 { &hf_snmp_msgSecurityParameters,
3137 { "msgSecurityParameters", "snmp.msgSecurityParameters",
3138 FT_BYTES, BASE_HEX, NULL, 0,
3139 "snmp.T_msgSecurityParameters", HFILL }},
3141 { "msgData", "snmp.msgData",
3142 FT_UINT32, BASE_DEC, VALS(snmp_ScopedPduData_vals), 0,
3143 "snmp.ScopedPduData", HFILL }},
3145 { "msgID", "snmp.msgID",
3146 FT_UINT32, BASE_DEC, NULL, 0,
3147 "snmp.INTEGER_0_2147483647", HFILL }},
3148 { &hf_snmp_msgMaxSize,
3149 { "msgMaxSize", "snmp.msgMaxSize",
3150 FT_UINT32, BASE_DEC, NULL, 0,
3151 "snmp.INTEGER_484_2147483647", HFILL }},
3152 { &hf_snmp_msgFlags,
3153 { "msgFlags", "snmp.msgFlags",
3154 FT_BYTES, BASE_HEX, NULL, 0,
3155 "snmp.T_msgFlags", HFILL }},
3156 { &hf_snmp_msgSecurityModel,
3157 { "msgSecurityModel", "snmp.msgSecurityModel",
3158 FT_UINT32, BASE_DEC, VALS(sec_models), 0,
3159 "snmp.T_msgSecurityModel", HFILL }},
3160 { &hf_snmp_plaintext,
3161 { "plaintext", "snmp.plaintext",
3162 FT_NONE, BASE_NONE, NULL, 0,
3163 "snmp.ScopedPDU", HFILL }},
3164 { &hf_snmp_encryptedPDU,
3165 { "encryptedPDU", "snmp.encryptedPDU",
3166 FT_BYTES, BASE_HEX, NULL, 0,
3167 "snmp.T_encryptedPDU", HFILL }},
3168 { &hf_snmp_contextEngineID,
3169 { "contextEngineID", "snmp.contextEngineID",
3170 FT_BYTES, BASE_HEX, NULL, 0,
3171 "snmp.SnmpEngineID", HFILL }},
3172 { &hf_snmp_contextName,
3173 { "contextName", "snmp.contextName",
3174 FT_BYTES, BASE_HEX, NULL, 0,
3175 "snmp.OCTET_STRING", HFILL }},
3176 { &hf_snmp_get_request,
3177 { "get-request", "snmp.get_request",
3178 FT_NONE, BASE_NONE, NULL, 0,
3179 "snmp.GetRequest_PDU", HFILL }},
3180 { &hf_snmp_get_next_request,
3181 { "get-next-request", "snmp.get_next_request",
3182 FT_NONE, BASE_NONE, NULL, 0,
3183 "snmp.GetNextRequest_PDU", HFILL }},
3184 { &hf_snmp_get_response,
3185 { "get-response", "snmp.get_response",
3186 FT_NONE, BASE_NONE, NULL, 0,
3187 "snmp.GetResponse_PDU", HFILL }},
3188 { &hf_snmp_set_request,
3189 { "set-request", "snmp.set_request",
3190 FT_NONE, BASE_NONE, NULL, 0,
3191 "snmp.SetRequest_PDU", HFILL }},
3193 { "trap", "snmp.trap",
3194 FT_NONE, BASE_NONE, NULL, 0,
3195 "snmp.Trap_PDU", HFILL }},
3196 { &hf_snmp_getBulkRequest,
3197 { "getBulkRequest", "snmp.getBulkRequest",
3198 FT_NONE, BASE_NONE, NULL, 0,
3199 "snmp.GetBulkRequest_PDU", HFILL }},
3200 { &hf_snmp_informRequest,
3201 { "informRequest", "snmp.informRequest",
3202 FT_NONE, BASE_NONE, NULL, 0,
3203 "snmp.InformRequest_PDU", HFILL }},
3204 { &hf_snmp_sNMPv2_Trap,
3205 { "sNMPv2-Trap", "snmp.sNMPv2_Trap",
3206 FT_NONE, BASE_NONE, NULL, 0,
3207 "snmp.SNMPv2_Trap_PDU", HFILL }},
3209 { "report", "snmp.report",
3210 FT_NONE, BASE_NONE, NULL, 0,
3211 "snmp.Report_PDU", HFILL }},
3212 { &hf_snmp_request_id,
3213 { "request-id", "snmp.request_id",
3214 FT_INT32, BASE_DEC, NULL, 0,
3215 "snmp.INTEGER", HFILL }},
3216 { &hf_snmp_error_status,
3217 { "error-status", "snmp.error_status",
3218 FT_INT32, BASE_DEC, VALS(snmp_T_error_status_vals), 0,
3219 "snmp.T_error_status", HFILL }},
3220 { &hf_snmp_error_index,
3221 { "error-index", "snmp.error_index",
3222 FT_INT32, BASE_DEC, NULL, 0,
3223 "snmp.INTEGER", HFILL }},
3224 { &hf_snmp_variable_bindings,
3225 { "variable-bindings", "snmp.variable_bindings",
3226 FT_UINT32, BASE_DEC, NULL, 0,
3227 "snmp.VarBindList", HFILL }},
3228 { &hf_snmp_bulkPDU_request_id,
3229 { "request-id", "snmp.request_id",
3230 FT_INT32, BASE_DEC, NULL, 0,
3231 "snmp.Integer32", HFILL }},
3232 { &hf_snmp_non_repeaters,
3233 { "non-repeaters", "snmp.non_repeaters",
3234 FT_UINT32, BASE_DEC, NULL, 0,
3235 "snmp.INTEGER_0_2147483647", HFILL }},
3236 { &hf_snmp_max_repetitions,
3237 { "max-repetitions", "snmp.max_repetitions",
3238 FT_UINT32, BASE_DEC, NULL, 0,
3239 "snmp.INTEGER_0_2147483647", HFILL }},
3240 { &hf_snmp_enterprise,
3241 { "enterprise", "snmp.enterprise",
3242 FT_OID, BASE_NONE, NULL, 0,
3243 "snmp.OBJECT_IDENTIFIER", HFILL }},
3244 { &hf_snmp_agent_addr,
3245 { "agent-addr", "snmp.agent_addr",
3246 FT_BYTES, BASE_HEX, NULL, 0,
3247 "snmp.NetworkAddress", HFILL }},
3248 { &hf_snmp_generic_trap,
3249 { "generic-trap", "snmp.generic_trap",
3250 FT_INT32, BASE_DEC, VALS(snmp_T_generic_trap_vals), 0,
3251 "snmp.T_generic_trap", HFILL }},
3252 { &hf_snmp_specific_trap,
3253 { "specific-trap", "snmp.specific_trap",
3254 FT_INT32, BASE_DEC, NULL, 0,
3255 "snmp.INTEGER", HFILL }},
3256 { &hf_snmp_time_stamp,
3257 { "time-stamp", "snmp.time_stamp",
3258 FT_UINT32, BASE_DEC, NULL, 0,
3259 "snmp.TimeTicks", HFILL }},
3261 { "name", "snmp.name",
3262 FT_OID, BASE_NONE, NULL, 0,
3263 "snmp.ObjectName", HFILL }},
3264 { &hf_snmp_valueType,
3265 { "valueType", "snmp.valueType",
3266 FT_NONE, BASE_NONE, NULL, 0,
3267 "snmp.NULL", HFILL }},
3268 { &hf_snmp_VarBindList_item,
3269 { "Item", "snmp.VarBindList_item",
3270 FT_NONE, BASE_NONE, NULL, 0,
3271 "snmp.VarBind", HFILL }},
3273 { "open", "snmp.open",
3274 FT_UINT32, BASE_DEC, VALS(snmp_OpenPDU_vals), 0,
3275 "snmp.OpenPDU", HFILL }},
3277 { "close", "snmp.close",
3278 FT_INT32, BASE_DEC, VALS(snmp_ClosePDU_U_vals), 0,
3279 "snmp.ClosePDU", HFILL }},
3280 { &hf_snmp_registerRequest,
3281 { "registerRequest", "snmp.registerRequest",
3282 FT_NONE, BASE_NONE, NULL, 0,
3283 "snmp.RReqPDU", HFILL }},
3284 { &hf_snmp_registerResponse,
3285 { "registerResponse", "snmp.registerResponse",
3286 FT_UINT32, BASE_DEC, VALS(snmp_RegisterResponse_vals), 0,
3287 "snmp.RegisterResponse", HFILL }},
3288 { &hf_snmp_commitOrRollback,
3289 { "commitOrRollback", "snmp.commitOrRollback",
3290 FT_INT32, BASE_DEC, VALS(snmp_SOutPDU_U_vals), 0,
3291 "snmp.SOutPDU", HFILL }},
3293 { "rRspPDU", "snmp.rRspPDU",
3294 FT_INT32, BASE_DEC, VALS(snmp_RRspPDU_U_vals), 0,
3295 "snmp.RRspPDU", HFILL }},
3297 { "pDUs", "snmp.pDUs",
3298 FT_UINT32, BASE_DEC, VALS(snmp_PDUs_vals), 0,
3299 "snmp.PDUs", HFILL }},
3300 { &hf_snmp_smux_simple,
3301 { "smux-simple", "snmp.smux_simple",
3302 FT_NONE, BASE_NONE, NULL, 0,
3303 "snmp.SimpleOpen", HFILL }},
3304 { &hf_snmp_smux_version,
3305 { "smux-version", "snmp.smux_version",
3306 FT_INT32, BASE_DEC, VALS(snmp_T_smux_version_vals), 0,
3307 "snmp.T_smux_version", HFILL }},
3308 { &hf_snmp_identity,
3309 { "identity", "snmp.identity",
3310 FT_OID, BASE_NONE, NULL, 0,
3311 "snmp.OBJECT_IDENTIFIER", HFILL }},
3312 { &hf_snmp_description,
3313 { "description", "snmp.description",
3314 FT_BYTES, BASE_HEX, NULL, 0,
3315 "snmp.DisplayString", HFILL }},
3316 { &hf_snmp_password,
3317 { "password", "snmp.password",
3318 FT_BYTES, BASE_HEX, NULL, 0,
3319 "snmp.OCTET_STRING", HFILL }},
3321 { "subtree", "snmp.subtree",
3322 FT_OID, BASE_NONE, NULL, 0,
3323 "snmp.ObjectName", HFILL }},
3324 { &hf_snmp_priority,
3325 { "priority", "snmp.priority",
3326 FT_INT32, BASE_DEC, NULL, 0,
3327 "snmp.INTEGER_M1_2147483647", HFILL }},
3328 { &hf_snmp_operation,
3329 { "operation", "snmp.operation",
3330 FT_INT32, BASE_DEC, VALS(snmp_T_operation_vals), 0,
3331 "snmp.T_operation", HFILL }},
3333 /*--- End of included file: packet-snmp-hfarr.c ---*/
3334 #line 1904 "packet-snmp-template.c"
3337 /* List of subtrees */
3338 static gint *ett[] = {
3344 &ett_authParameters,
3349 &ett_decoding_error,
3351 /*--- Included file: packet-snmp-ettarr.c ---*/
3352 #line 1 "packet-snmp-ettarr.c"
3354 &ett_snmp_Messagev2u,
3355 &ett_snmp_T_datav2u,
3356 &ett_snmp_UsmSecurityParameters,
3357 &ett_snmp_SNMPv3Message,
3358 &ett_snmp_HeaderData,
3359 &ett_snmp_ScopedPduData,
3360 &ett_snmp_ScopedPDU,
3364 &ett_snmp_Trap_PDU_U,
3366 &ett_snmp_VarBindList,
3367 &ett_snmp_SMUX_PDUs,
3368 &ett_snmp_RegisterResponse,
3370 &ett_snmp_SimpleOpen_U,
3371 &ett_snmp_RReqPDU_U,
3373 /*--- End of included file: packet-snmp-ettarr.c ---*/
3374 #line 1920 "packet-snmp-template.c"
3376 module_t *snmp_module;
3377 static uat_field_t users_fields[] = {
3378 UAT_FLD_BUFFER(snmp_users,engine_id,"Engine-id for this entry (empty = any)"),
3379 UAT_FLD_LSTRING(snmp_users,userName,"The username"),
3380 UAT_FLD_VS(snmp_users,auth_model,auth_types,"Algorithm to be used for authentication."),
3381 UAT_FLD_LSTRING(snmp_users,authPassword,"The password used for authenticating packets for this entry"),
3382 UAT_FLD_VS(snmp_users,priv_proto,priv_types,"Algorithm to be used for privacy."),
3383 UAT_FLD_LSTRING(snmp_users,privPassword,"The password used for encrypting packets for this entry"),
3387 assocs_uat = uat_new("SNMP Users",
3388 sizeof(snmp_ue_assoc_t),
3394 "ChSNMPUsersSection",
3396 snmp_users_update_cb,
3400 /* Register protocol */
3401 proto_snmp = proto_register_protocol(PNAME, PSNAME, PFNAME);
3402 new_register_dissector("snmp", dissect_snmp, proto_snmp);
3404 /* Register fields and subtrees */
3405 proto_register_field_array(proto_snmp, hf, array_length(hf));
3406 proto_register_subtree_array(ett, array_length(ett));
3409 /* Register configuration preferences */
3410 snmp_module = prefs_register_protocol(proto_snmp, process_prefs);
3411 prefs_register_bool_preference(snmp_module, "display_oid",
3412 "Show SNMP OID in info column",
3413 "Whether the SNMP OID should be shown in the info column",
3416 prefs_register_obsolete_preference(snmp_module, "mib_modules");
3417 prefs_register_obsolete_preference(snmp_module, "users_file");
3419 prefs_register_bool_preference(snmp_module, "desegment",
3420 "Reassemble SNMP-over-TCP messages\nspanning multiple TCP segments",
3421 "Whether the SNMP dissector should reassemble messages spanning multiple TCP segments."
3422 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
3425 prefs_register_bool_preference(snmp_module, "var_in_tree",
3426 "Display dissected variables inside SNMP tree",
3427 "ON - display dissected variables inside SNMP tree, OFF - display dissected variables in root tree after SNMP",
3430 prefs_register_uat_preference(snmp_module, "users_table",
3432 "Table of engine-user associations used for authentication and decryption",
3436 value_sub_dissectors_table = register_dissector_table("snmp.variable_oid","SNMP Variable OID", FT_STRING, BASE_NONE);
3438 register_init_routine(renew_ue_cache);
3442 /*--- proto_reg_handoff_snmp ---------------------------------------*/
3443 void proto_reg_handoff_snmp(void) {
3444 dissector_handle_t snmp_tcp_handle;
3446 snmp_handle = find_dissector("snmp");
3448 dissector_add("udp.port", UDP_PORT_SNMP, snmp_handle);
3449 dissector_add("udp.port", UDP_PORT_SNMP_TRAP, snmp_handle);
3450 dissector_add("udp.port", UDP_PORT_SNMP_PATROL, snmp_handle);
3451 dissector_add("ethertype", ETHERTYPE_SNMP, snmp_handle);
3452 dissector_add("ipx.socket", IPX_SOCKET_SNMP_AGENT, snmp_handle);
3453 dissector_add("ipx.socket", IPX_SOCKET_SNMP_SINK, snmp_handle);
3454 dissector_add("hpext.dxsap", HPEXT_SNMP, snmp_handle);
3456 snmp_tcp_handle = create_dissector_handle(dissect_snmp_tcp, proto_snmp);
3457 dissector_add("tcp.port", TCP_PORT_SNMP, snmp_tcp_handle);
3458 dissector_add("tcp.port", TCP_PORT_SNMP_TRAP, snmp_tcp_handle);
3460 data_handle = find_dissector("data");
3463 * Process preference settings.
3465 * We can't do this in the register routine, as preferences aren't
3466 * read until all dissector register routines have been called (so
3467 * that all dissector preferences have been registered).
3474 proto_register_smux(void)
3476 static hf_register_info hf[] = {
3478 { "Version", "smux.version", FT_UINT8, BASE_DEC, NULL,
3481 { "PDU type", "smux.pdutype", FT_UINT8, BASE_DEC, VALS(smux_types),
3484 static gint *ett[] = {
3488 proto_smux = proto_register_protocol("SNMP Multiplex Protocol",
3490 proto_register_field_array(proto_smux, hf, array_length(hf));
3491 proto_register_subtree_array(ett, array_length(ett));
3496 proto_reg_handoff_smux(void)
3498 dissector_handle_t smux_handle;
3500 smux_handle = create_dissector_handle(dissect_smux, proto_smux);
3501 dissector_add("tcp.port", TCP_PORT_SMUX, smux_handle);