* See RFC 3414 for User-based Security Model for SNMPv3
* See RFC 3826 for (AES) Cipher Algorithm in the SNMP USM
* See RFC 2578 for Structure of Management Information Version 2 (SMIv2)
- * Copyright (C) 2007 Luis E. Garcia Ontanon <luis.ontanon@gmail.com>
+ * Copyright (C) 2007 Luis E. Garcia Ontanon <luis@ontanon.org>
*
* $Id$
*
# include "config.h"
#endif
-#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <epan/packet.h>
#include <epan/strutil.h>
#include <epan/conversation.h>
-#include "etypes.h"
+#include <epan/etypes.h>
#include <epan/prefs.h>
#include <epan/sminmpec.h>
#include <epan/emem.h>
#include <epan/report_err.h>
#include <epan/oids.h>
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif /* _WIN32 */
#ifdef HAVE_LIBGCRYPT
#include <gcrypt.h>
static int proto_smux = -1;
static gboolean display_oid = TRUE;
-static gboolean snmp_var_in_tree = TRUE;
+static gboolean snmp_var_in_tree = TRUE;
static gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8**, guint*, gchar const**);
static gboolean snmp_usm_auth_sha1(snmp_usm_params_t* p, guint8**, guint*, gchar const**);
static snmp_usm_auth_model_t model_md5 = {snmp_usm_password_to_key_md5, snmp_usm_auth_md5, 16};
static snmp_usm_auth_model_t model_sha1 = {snmp_usm_password_to_key_sha1, snmp_usm_auth_sha1, 20};
-static value_string auth_types[] = {
+static const value_string auth_types[] = {
{0,"MD5"},
{1,"SHA1"},
{0,NULL}
static snmp_usm_auth_model_t* auth_models[] = {&model_md5,&model_sha1};
-static value_string priv_types[] = {
+static const value_string priv_types[] = {
{0,"DES"},
{1,"AES"},
{0,NULL}
static snmp_ue_assoc_t* ueas = NULL;
static guint num_ueas = 0;
-static uat_t* assocs_uat = NULL;
static snmp_ue_assoc_t* localized_ues = NULL;
static snmp_ue_assoc_t* unlocalized_ues = NULL;
/****/
+/* Variabled used for handling enterprise spesific trap types */
+typedef struct _snmp_st_assoc_t {
+ char *enterprise;
+ guint trap;
+ char *desc;
+} snmp_st_assoc_t;
+static guint num_specific_traps = 0;
+static snmp_st_assoc_t *specific_traps = NULL;
+static const char *enterprise_oid = NULL;
+static guint generic_trap = 0;
static snmp_usm_params_t usm_p = {FALSE,FALSE,0,0,0,0,NULL,NULL,NULL,NULL,NULL,NULL,NULL,FALSE};
static int hf_snmp_engineid_format = -1;
static int hf_snmp_engineid_ipv4 = -1;
static int hf_snmp_engineid_ipv6 = -1;
+static int hf_snmp_engineid_cisco_type = -1;
static int hf_snmp_engineid_mac = -1;
static int hf_snmp_engineid_text = -1;
static int hf_snmp_engineid_time = -1;
static int hf_snmp_unSpecified = -1;
static int hf_snmp_integer32_value = -1;
-static int hf_snmp_octestring_value = -1;
+static int hf_snmp_octetstring_value = -1;
static int hf_snmp_oid_value = -1;
static int hf_snmp_null_value = -1;
static int hf_snmp_ipv4_value = -1;
"Failed"
};
-/* defined in net-SNMP; include/net-snmp/library/snmp.h */
-#undef SNMP_MSG_GET
-#undef SNMP_MSG_SET
-#undef SNMP_MSG_GETNEXT
-#undef SNMP_MSG_RESPONSE
-#undef SNMP_MSG_TRAP
-#undef SNMP_MSG_GETBULK
-#undef SNMP_MSG_INFORM
-#undef SNMP_MSG_TRAP2
-#undef SNMP_MSG_REPORT
-#undef SNMP_NOSUCHOBJECT
-#undef SNMP_NOSUCHINSTANCE
-#undef SNMP_ENDOFMIBVIEW
-
/* Security Models */
#define SNMP_SEC_ANY 0
dissector_table_t value_sub_dissectors_table;
+
+static const gchar *
+snmp_lookup_specific_trap (guint specific_trap)
+{
+ guint i;
+
+ for (i = 0; i < num_specific_traps; i++) {
+ snmp_st_assoc_t *u = &(specific_traps[i]);
+
+ if ((u->trap == specific_trap) &&
+ (strcmp (u->enterprise, enterprise_oid) == 0))
+ {
+ return u->desc;
+ }
+ }
+
+ return NULL;
+}
+
/*
* dissect_snmp_VarBind
* this routine dissects variable bindings, looking for the oid information in our oid reporsitory
* XXX: the length of this function (~400 lines) is an aberration!
* oid_key_t:key_type could become a series of callbacks instead of an enum
* the (! oid_info_is_ok) switch could be made into an array (would be slower)
- *
-
+ *
+
NetworkAddress ::= CHOICE { internet IpAddress }
IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4))
TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295)
Integer32 ::= INTEGER (-2147483648..2147483647)
ObjectID-value ::= OBJECT IDENTIFIER
Empty ::= NULL
- TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295)
+ TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295)
Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING
Counter64 ::= [APPLICATION 6] IMPLICIT INTEGER (0..18446744073709551615)
name ObjectName,
valueType ValueType
}
-
+
*/
-extern int dissect_snmp_VarBind(gboolean implicit_tag _U_,
- tvbuff_t *tvb,
- int offset,
- asn1_ctx_t *actx,
- proto_tree *tree,
- int hf_index _U_) {
+extern int
+dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset,
+ asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_)
+{
int seq_offset, name_offset, value_offset, value_start;
guint32 seq_len, name_len, value_len;
gint8 ber_class;
gboolean ind;
guint32* subids;
guint8* oid_bytes;
- oid_info_t* oid_info;
+ oid_info_t* oid_info = NULL;
guint oid_matched, oid_left;
proto_item *pi_name, *pi_varbind, *pi_value = NULL;
proto_tree *pt, *pt_varbind, *pt_name, *pt_value;
char label[ITEM_LABEL_LENGTH];
- char* repr = NULL;
+ const char* repr = NULL;
+ const char* info_oid = NULL;
char* valstr;
int hfid = -1;
int min_len = 0, max_len = 0;
gboolean oid_info_is_ok;
const char* oid_string = NULL;
+ enum {BER_NO_ERROR, BER_WRONG_LENGTH, BER_WRONG_TAG} format_error = BER_NO_ERROR;
+
seq_offset = offset;
-
+
/* first have the VarBind's sequence header */
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
offset = get_ber_length(tvb, offset, &seq_len, &ind);
-
+
seq_len += offset - seq_offset;
-
+
if (!pc && ber_class==BER_CLASS_UNI && tag==BER_UNI_TAG_SEQUENCE) {
proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"VarBind must be an universal class sequence");
pt = proto_item_add_subtree(pi,ett_decoding_error);
expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "VarBind is not an universal class sequence");
return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
}
-
- if (ind){
+
+ if (ind) {
proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"Indicator must be clear in VarBind");
pt = proto_item_add_subtree(pi,ett_decoding_error);
expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "VarBind has indicator set");
return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
}
-
+
/* then we have the ObjectName's header */
-
+
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
name_offset = offset = get_ber_length(tvb, offset, &name_len, &ind);
-
+
if (! ( !pc && ber_class==BER_CLASS_UNI && tag==BER_UNI_TAG_OID) ) {
proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"ObjectName must be an OID in primitive encoding");
pt = proto_item_add_subtree(pi,ett_decoding_error);
expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "ObjectName not an OID");
return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
}
-
- if (ind){
+
+ if (ind) {
proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"Indicator must be clear in ObjectName");
pt = proto_item_add_subtree(pi,ett_decoding_error);
expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "ObjectName has indicator set");
return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt);
}
-
+
offset += name_len;
value_start = offset;
-
+
/* then we have the value's header */
offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
- value_offset = offset = get_ber_length(tvb, offset, &value_len, &ind);
-
+ value_offset = get_ber_length(tvb, offset, &value_len, &ind);
+
if (! (!pc) ) {
proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"the value must be in primitive encoding");
pt = proto_item_add_subtree(pi,ett_decoding_error);
}
/* Now, we know where everithing is */
-
+
/* we add the varbind tree root with a dummy label we'll fill later on */
pi_varbind = proto_tree_add_text(tree,tvb,seq_offset,seq_len,"VarBind");
pt_varbind = proto_item_add_subtree(pi_varbind,ett_varbind);
*label = '\0';
-
- pi_name = proto_tree_add_item(pt_varbind,hf_snmp_objectname,tvb,name_offset,name_len,FALSE);
+
+ pi_name = proto_tree_add_item(pt_varbind,hf_snmp_objectname,tvb,name_offset,name_len,ENC_NA);
pt_name = proto_item_add_subtree(pi_name,ett_name);
-
-
-
+
+ /* fetch ObjectName and its relative oid_info */
+ oid_bytes = ep_tvb_memdup(tvb, name_offset, name_len);
+ oid_info = oid_get_from_encoded(oid_bytes, name_len, &subids, &oid_matched, &oid_left);
+
+ add_oid_debug_subtree(oid_info,pt_name);
+
+ if (!subids) {
+ proto_item* pi;
+
+ repr = oid_encoded2string(oid_bytes, name_len);
+ pi = proto_tree_add_text(pt_name,tvb, 0, 0, "invalid oid: %s", repr);
+ pt = proto_item_add_subtree(pi, ett_decoding_error);
+ expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "invalid oid: %s", repr);
+ return dissect_unknown_ber(actx->pinfo, tvb, name_offset, pt);
+ }
+
+ if (oid_matched+oid_left) {
+ oid_string = oid_subid2string(subids,oid_matched+oid_left);
+ }
+
if (ber_class == BER_CLASS_CON) {
/* if we have an error value just add it and get out the way ASAP */
proto_item* pi;
const char* note;
-
- if (value_len != 0)
- goto expected_other_size;
-
+
+ if (value_len != 0) {
+ min_len = max_len = 0;
+ format_error = BER_WRONG_LENGTH;
+ }
+
switch (tag) {
case SERR_NSO:
hfid = hf_snmp_noSuchObject;
pi = proto_tree_add_text(pt_varbind,tvb,0,0,"Wrong tag for Error Value: expected 0, 1, or 2 but got: %d",tag);
pt = proto_item_add_subtree(pi,ett_decoding_error);
expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong tag for SNMP VarBind error value");
- return dissect_unknown_ber(actx->pinfo, tvb, value_start, tree);
- }
+ return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
+ }
}
-
- pi = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,FALSE);
+
+ pi = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN);
expert_add_info_format(actx->pinfo, pi, PI_RESPONSE_CODE, PI_NOTE, "%s",note);
+ g_strlcpy (label, note, ITEM_LABEL_LENGTH);
goto set_label;
}
-
- /* fetch ObjectName and its relative oid_info */
- oid_bytes = ep_tvb_memdup(tvb, name_offset, name_len);
- oid_info = oid_get_from_encoded(oid_bytes, name_len, &subids, &oid_matched, &oid_left);
-
- add_oid_debug_subtree(oid_info,pt_name);
- if (subids && oid_matched+oid_left) {
- oid_string = oid_subid2string(subids,oid_matched+oid_left);
- }
-
/* now we'll try to figure out which are the indexing sub-oids and whether the oid we know about is the one oid we have to use */
switch (oid_info->kind) {
case OID_KIND_SCALAR:
} else if (oid_left == 0) {
if (ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
/* unSpecified does not require an instance sub-id add the new value and get off the way! */
- pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,FALSE);
+ pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,ENC_NA);
goto set_label;
} else {
proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"A scalar should have one instance sub-id this one has none");
if ( key_len == 0 && ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
/* unSpecified does not require an instance sub-id add the new value and get off the way! */
- pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,FALSE);
+ pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,ENC_NA);
goto set_label;
}
-
+
if (k) {
for (;k;k = k->next) {
+ guint suboid_len;
+
if (key_start >= oid_matched+oid_left) {
proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid shorter than expected");
expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid shorter than expected");
oid_info_is_ok = FALSE;
goto indexing_done;
}
-
+
switch(k->key_type) {
case OID_KEY_TYPE_WRONG: {
- proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"OID instaces not handled, if you want this implemented please contact the wireshark developpers");
+ proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"OID instaces not handled, if you want this implemented please contact the wireshark developers");
expert_add_info_format(actx->pinfo, pi, PI_UNDECODED, PI_WARN, "Unimplemented instance index");
oid_info_is_ok = FALSE;
goto indexing_done;
}
case OID_KEY_TYPE_INTEGER: {
- proto_tree_add_int(pt_name,k->hfid,tvb,name_offset,name_len,(guint)subids[key_start]);
+ if (IS_FT_INT(k->ft_type)) {
+ proto_tree_add_int(pt_name,k->hfid,tvb,name_offset,name_len,(guint)subids[key_start]);
+ } else { /* if it's not an unsigned int let proto_tree_add_uint throw a warning */
+ proto_tree_add_uint64(pt_name,k->hfid,tvb,name_offset,name_len,(guint)subids[key_start]);
+ }
key_start++;
key_len--;
continue; /* k->next */
}
+ case OID_KEY_TYPE_IMPLIED_OID:
+ suboid_len = key_len;
+
+ goto show_oid_index;
+
case OID_KEY_TYPE_OID: {
- guint suboid_len = subids[key_start++];
- guint32* suboid = &(subids[key_start]);
guint8* suboid_buf;
guint suboid_buf_len;
-
- if( suboid_len < key_len-1) {
- proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid should be longer than remaining oid size");
+ guint32* suboid;
+
+ suboid_len = subids[key_start++];
+ key_len--;
+
+show_oid_index:
+ suboid = &(subids[key_start]);
+
+ if( suboid_len == 0 ) {
+ proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"an index sub-oid OID cannot be 0 bytes long!");
+ expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid OID with len=0");
+ oid_info_is_ok = FALSE;
+ goto indexing_done;
+ }
+
+ if( key_len < suboid_len ) {
+ proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid should not be longer than remaining oid size");
expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid longer than remaining oid size");
oid_info_is_ok = FALSE;
goto indexing_done;
}
-
+
suboid_buf_len = oid_subid2encoded(suboid_len, suboid, &suboid_buf);
+
+ DISSECTOR_ASSERT(suboid_buf_len);
+
proto_tree_add_oid(pt_name,k->hfid,tvb,name_offset, suboid_buf_len, suboid_buf);
-
+
key_start += suboid_len;
key_len -= suboid_len + 1;
continue; /* k->next */
}
default: {
guint8* buf;
- guint buf_len = k->num_subids;
- guint32* suboid = &(subids[key_start]);
+ guint buf_len;
+ guint32* suboid;
guint i;
-
- if(!buf_len) {
- buf_len = *suboid;
- suboid++;
+
+
+ switch (k->key_type) {
+ case OID_KEY_TYPE_IPADDR:
+ suboid = &(subids[key_start]);
+ buf_len = 4;
+ break;
+ case OID_KEY_TYPE_IMPLIED_STRING:
+ case OID_KEY_TYPE_IMPLIED_BYTES:
+ case OID_KEY_TYPE_ETHER:
+ suboid = &(subids[key_start]);
+ buf_len = key_len;
+ break;
+ default:
+ buf_len = k->num_subids;
+ suboid = &(subids[key_start]);
+
+ if(!buf_len) {
+ buf_len = *suboid++;
+ key_len--;
+ key_start++;
+ }
+ break;
}
-
+
if( key_len < buf_len ) {
- proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid should not be longer than remaining oid size");
- expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid longer than remaining oid size");
+ proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index string should not be longer than remaining oid size");
+ expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index string longer than remaining oid size");
oid_info_is_ok = FALSE;
goto indexing_done;
}
-
+
buf = ep_alloc(buf_len+1);
for (i = 0; i < buf_len; i++)
buf[i] = (guint8)suboid[i];
buf[i] = '\0';
-
+
switch(k->key_type) {
case OID_KEY_TYPE_STRING:
- case OID_KEY_TYPE_FIXED_STRING:
+ case OID_KEY_TYPE_IMPLIED_STRING:
proto_tree_add_string(pt_name,k->hfid,tvb,name_offset,buf_len, buf);
break;
case OID_KEY_TYPE_BYTES:
case OID_KEY_TYPE_NSAP:
- case OID_KEY_TYPE_FIXED_BYTES:
+ case OID_KEY_TYPE_IMPLIED_BYTES:
proto_tree_add_bytes(pt_name,k->hfid,tvb,name_offset,buf_len, buf);
break;
+ case OID_KEY_TYPE_ETHER:
+ proto_tree_add_ether(pt_name,k->hfid,tvb,name_offset,buf_len, buf);
+ break;
case OID_KEY_TYPE_IPADDR: {
guint32* ipv4_p = (void*)buf;
proto_tree_add_ipv4(pt_name,k->hfid,tvb,name_offset,buf_len, *ipv4_p);
+ }
break;
default:
DISSECTOR_ASSERT_NOT_REACHED();
break;
- }
}
-
+
key_start += buf_len;
key_len -= buf_len;
continue; /* k->next*/
}
goto indexing_done;
} else {
- proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"we do not know how to handle this OID, if you want this implemented please contact the wireshark developers");
+ proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"We do not know how to handle this OID, if you want this implemented please contact the wireshark developers");
expert_add_info_format(actx->pinfo, pi, PI_UNDECODED, PI_WARN, "Unimplemented instance index");
oid_info_is_ok = FALSE;
goto indexing_done;
}
}
indexing_done:
-
- if (oid_info_is_ok) {
+
+ if (oid_info_is_ok && oid_info->value_type) {
if (ber_class == BER_CLASS_UNI && tag == BER_UNI_TAG_NULL) {
- pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,FALSE);
- } else {
+ pi_value = proto_tree_add_item(pt_varbind,hf_snmp_unSpecified,tvb,value_offset,value_len,ENC_NA);
+ } else {
+ /* Provide a tree_item to attach errors to, if needed. */
+ pi_value = pi_name;
+
if ((oid_info->value_type->ber_class != BER_CLASS_ANY) &&
(ber_class != oid_info->value_type->ber_class))
- goto expected_different;
-
- if ((oid_info->value_type->ber_tag != BER_TAG_ANY) &&
+ format_error = BER_WRONG_TAG;
+ else if ((oid_info->value_type->ber_tag != BER_TAG_ANY) &&
(tag != oid_info->value_type->ber_tag))
- goto expected_different;
-
- max_len = oid_info->value_type->max_len == -1 ? 0xffffff : oid_info->value_type->max_len;
- min_len = oid_info->value_type->min_len;
-
- if ((int)value_len < min_len || (int)value_len > max_len)
- goto expected_other_size;
-
-
- pi_value = proto_tree_add_item(pt_varbind,oid_info->value_hfid,tvb,value_offset,value_len,FALSE);
+ format_error = BER_WRONG_TAG;
+ else {
+ max_len = oid_info->value_type->max_len == -1 ? 0xffffff : oid_info->value_type->max_len;
+ min_len = oid_info->value_type->min_len;
+
+ if ((int)value_len < min_len || (int)value_len > max_len)
+ format_error = BER_WRONG_LENGTH;
+ }
+
+ if (format_error == BER_NO_ERROR)
+ pi_value = proto_tree_add_item(pt_varbind,oid_info->value_hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN);
}
} else {
switch(ber_class|(tag<<4)) {
case BER_CLASS_UNI|(BER_UNI_TAG_INTEGER<<4):
- max_len = 4; min_len = 1;
- if (value_len > (guint)max_len && value_len < (guint)min_len) goto expected_other_size;
- hfid = hf_snmp_integer32_value;
- break;
+ {
+ gint64 val=0;
+ unsigned int_val_offset = value_offset;
+ unsigned i;
+
+ max_len = 5; min_len = 1;
+ if (value_len > (guint)max_len && value_len < (guint)min_len) {
+ format_error = BER_WRONG_LENGTH;
+ break;
+ }
+
+ if(value_len > 0) {
+ /* extend sign bit */
+ if(tvb_get_guint8(tvb, int_val_offset)&0x80) {
+ val=-1;
+ }
+ for(i=0;i<value_len;i++) {
+ val=(val<<8)|tvb_get_guint8(tvb, int_val_offset);
+ int_val_offset++;
+ }
+ }
+ proto_tree_add_int64(pt_varbind, hf_snmp_integer32_value, tvb,value_offset,value_len, val);
+
+ goto already_added;
+ }
case BER_CLASS_UNI|(BER_UNI_TAG_OCTETSTRING<<4):
- hfid = hf_snmp_octestring_value;
+ hfid = hf_snmp_octetstring_value;
break;
case BER_CLASS_UNI|(BER_UNI_TAG_OID<<4):
- max_len = -1; min_len = 2;
- if (value_len < (guint)min_len) goto expected_other_size;
+ max_len = -1; min_len = 1;
+ if (value_len < (guint)min_len) format_error = BER_WRONG_LENGTH;
hfid = hf_snmp_oid_value;
break;
case BER_CLASS_UNI|(BER_UNI_TAG_NULL<<4):
max_len = 0; min_len = 0;
- if (value_len != 0) goto expected_other_size;
+ if (value_len != 0) format_error = BER_WRONG_LENGTH;
hfid = hf_snmp_null_value;
break;
case BER_CLASS_APP: /* | (SNMP_IPA<<4)*/
case BER_CLASS_APP|(SNMP_C64<<4):
hfid = hf_snmp_big_counter_value;
break;
- default:
+ default:
hfid = hf_snmp_unknown_value;
break;
}
-
- pi_value = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,FALSE);
- expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Unresolved value, Missing MIB");
+
+ pi_value = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN);
+ if (format_error != BER_NO_ERROR) {
+ expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Unresolved value, Missing MIB");
+ }
+
+already_added:
oid_info_is_ok = FALSE;
- }
-
+ }
+
pt_value = proto_item_add_subtree(pi_value,ett_value);
-
+
if (value_len > 0 && oid_string) {
tvbuff_t* sub_tvb = tvb_new_subset(tvb, value_offset, value_len, value_len);
-
+
next_tvb_add_string(&var_list, sub_tvb, (snmp_var_in_tree) ? pt_value : NULL, value_sub_dissectors_table, oid_string);
}
-
-
+
+
set_label:
- if (pi_value) proto_item_fill_label(pi_value->finfo, label);
-
- if (oid_info->name) {
+ if (pi_value) proto_item_fill_label(PITEM_FINFO(pi_value), label);
+
+ if (oid_info && oid_info->name) {
if (oid_left >= 1) {
- repr = ep_strdup_printf("%s.%s (%s)",
- oid_info->name,
- oid_subid2string(&(subids[oid_matched]),oid_left),
- oid_subid2string(subids,oid_matched+oid_left));
+ repr = ep_strdup_printf("%s.%s (%s)", oid_info->name,
+ oid_subid2string(&(subids[oid_matched]),oid_left),
+ oid_subid2string(subids,oid_matched+oid_left));
+ info_oid = ep_strdup_printf("%s.%s", oid_info->name,
+ oid_subid2string(&(subids[oid_matched]),oid_left));
} else {
- repr = ep_strdup_printf("%s (%s)",
- oid_info->name,
- oid_subid2string(subids,oid_matched));
+ repr = ep_strdup_printf("%s (%s)", oid_info->name,
+ oid_subid2string(subids,oid_matched));
+ info_oid = oid_info->name;
}
+ } else if (oid_string) {
+ repr = ep_strdup(oid_string);
+ info_oid = oid_string;
} else {
- repr = ep_strdup_printf("%s", oid_string);
+ repr = ep_strdup("[Bad OID]");
}
-
+
valstr = strstr(label,": ");
valstr = valstr ? valstr+2 : label;
-
+
proto_item_set_text(pi_varbind,"%s: %s",repr,valstr);
-
- return seq_offset + seq_len;
-expected_other_size: {
- proto_item* pi = proto_tree_add_text(tree,tvb,0,0,"Wrong value length: %u expecting: %u <= len <= %u",
- value_len,
- min_len,
- max_len == -1 ? 0xFFFFFF : max_len);
- pt = proto_item_add_subtree(pi,ett_decoding_error);
- expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong length for SNMP VarBind/value");
- return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
+ if (display_oid && info_oid) {
+ col_append_fstr (actx->pinfo->cinfo, COL_INFO, " %s", info_oid);
}
-expected_different: {
- proto_item* pi = proto_tree_add_text(tree,tvb,0,0,"Wrong class/tag for Value expected: %d,%d got: %d,%d",
- oid_info->value_type->ber_class,
- oid_info->value_type->ber_tag,
- ber_class,
- tag);
- pt = proto_item_add_subtree(pi,ett_decoding_error);
- expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong class/tag for SNMP VarBind/value");
- return dissect_unknown_ber(actx->pinfo, tvb, value_start, tree);
+ switch (format_error) {
+ case BER_WRONG_LENGTH: {
+ proto_tree* pt = proto_item_add_subtree(pi_value,ett_decoding_error);
+ proto_item* pi = proto_tree_add_text(pt,tvb,0,0,"Wrong value length: %u expecting: %u <= len <= %u",
+ value_len, min_len, max_len == -1 ? 0xFFFFFF : max_len);
+ pt = proto_item_add_subtree(pi,ett_decoding_error);
+ expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong length for SNMP VarBind/value");
+ return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
+ }
+ case BER_WRONG_TAG: {
+ proto_tree* pt = proto_item_add_subtree(pi_value,ett_decoding_error);
+ proto_item* pi = proto_tree_add_text(pt,tvb,0,0,"Wrong class/tag for Value expected: %d,%d got: %d,%d",
+ oid_info->value_type->ber_class, oid_info->value_type->ber_tag,
+ ber_class, tag);
+ pt = proto_item_add_subtree(pi,ett_decoding_error);
+ expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong class/tag for SNMP VarBind/value");
+ return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt);
+ }
+ default:
+ break;
}
+ return seq_offset + seq_len;
}
{ 0, NULL }
};
+#define SNMP_ENGINEID_CISCO_AGENT 0x00
+#define SNMP_ENGINEID_CISCO_MANAGER 0x01
+
+static const value_string snmp_engineid_cisco_type_vals[] = {
+ { SNMP_ENGINEID_CISCO_AGENT, "Agent" },
+ { SNMP_ENGINEID_CISCO_MANAGER, "Manager" },
+ { 0, NULL }
+};
+
/*
* SNMP Engine ID dissection according to RFC 3411 (SnmpEngineID TC)
* or historic RFC 1910 (AgentID)
/* first bit: engine id conformance */
if (len_remain<4) return offset;
- conformance = ((tvb_get_guint8(tvb, offset)>>7) && 0x01);
- proto_tree_add_item(tree, hf_snmp_engineid_conform, tvb, offset, 1, FALSE);
+ conformance = ((tvb_get_guint8(tvb, offset)>>7) & 0x01);
+ proto_tree_add_item(tree, hf_snmp_engineid_conform, tvb, offset, 1, ENC_BIG_ENDIAN);
/* 4-byte enterprise number/name */
if (len_remain<4) return offset;
if (len_remain<1) return offset;
format = tvb_get_guint8(tvb, offset);
item = proto_tree_add_uint_format(tree, hf_snmp_engineid_format, tvb, offset, 1, format, "Engine ID Format: %s (%d)",
- val_to_str(format, snmp_engineid_format_vals, "Reserved/Enterprise-specific"), format);
+ val_to_str(format, snmp_engineid_format_vals, "Reserved/Enterprise-specific"), format);
offset+=1;
len_remain-=1;
case SNMP_ENGINEID_FORMAT_IPV4:
/* 4-byte IPv4 address */
if (len_remain==4) {
- proto_tree_add_item(tree, hf_snmp_engineid_ipv4, tvb, offset, 4, FALSE);
+ proto_tree_add_item(tree, hf_snmp_engineid_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
offset+=4;
len_remain=0;
}
case SNMP_ENGINEID_FORMAT_IPV6:
/* 16-byte IPv6 address */
if (len_remain==16) {
- proto_tree_add_item(tree, hf_snmp_engineid_ipv6, tvb, offset, 16, FALSE);
+ proto_tree_add_item(tree, hf_snmp_engineid_ipv6, tvb, offset, 16, ENC_NA);
offset+=16;
len_remain=0;
}
break;
case SNMP_ENGINEID_FORMAT_MACADDRESS:
+ /* See: https://supportforums.cisco.com/message/3010617#3010617 for details. */
+ if ((enterpriseid==9)&&(len_remain==7)) {
+ proto_tree_add_item(tree, hf_snmp_engineid_cisco_type, tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset++;
+ len_remain--;
+ }
/* 6-byte MAC address */
if (len_remain==6) {
- proto_tree_add_item(tree, hf_snmp_engineid_mac, tvb, offset, 6, FALSE);
+ proto_tree_add_item(tree, hf_snmp_engineid_mac, tvb, offset, 6, ENC_BIG_ENDIAN);
offset+=6;
len_remain=0;
}
case SNMP_ENGINEID_FORMAT_TEXT:
/* max. 27-byte string, administratively assigned */
if (len_remain<=27) {
- proto_tree_add_item(tree, hf_snmp_engineid_text, tvb, offset, len_remain, FALSE);
+ proto_tree_add_item(tree, hf_snmp_engineid_text, tvb, offset, len_remain, ENC_ASCII|ENC_NA);
offset+=len_remain;
len_remain=0;
}
proto_item_append_text(item, (enterpriseid==2021) ? ": UCD-SNMP Random" : ": Net-SNMP Random");
/* demystify: 4B random, 4B epoch seconds */
if (len_remain==8) {
- proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, 4, FALSE);
+ proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, 4, ENC_NA);
seconds = tvb_get_letohl(tvb, offset+4);
ts.secs = seconds;
- proto_tree_add_time_format(tree, hf_snmp_engineid_time, tvb, offset+4, 4,
- &ts, "Engine ID Data: Creation Time: %s",
- abs_time_secs_to_str(seconds));
+ ts.nsecs = 0;
+ proto_tree_add_time_format_value(tree, hf_snmp_engineid_time, tvb, offset+4, 4,
+ &ts, "%s",
+ abs_time_secs_to_str(seconds, ABSOLUTE_TIME_LOCAL, TRUE));
offset+=8;
len_remain=0;
}
default:
/* max. 27 bytes, administratively assigned or unknown format */
if (len_remain<=27) {
- proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, len_remain, FALSE);
+ proto_tree_add_item(tree, hf_snmp_engineid_data, tvb, offset, len_remain, ENC_NA);
offset+=len_remain;
len_remain=0;
}
n->user.authKey.data = se_alloc(key_size);
n->user.authKey.len = key_size;
n->user.authModel->pass2key(n->user.authPassword.data,
- n->user.authPassword.len,
- n->engine.data,
- n->engine.len,
- n->user.authKey.data);
+ n->user.authPassword.len,
+ n->engine.data,
+ n->engine.len,
+ n->user.authKey.data);
n->user.privKey.data = se_alloc(key_size);
n->user.privKey.len = key_size;
n->user.authModel->pass2key(n->user.privPassword.data,
- n->user.privPassword.len,
- n->engine.data,
- n->engine.len,
- n->user.privKey.data);
+ n->user.privPassword.len,
+ n->engine.data,
+ n->engine.len,
+ n->user.privKey.data);
}
-static snmp_ue_assoc_t* ue_se_dup(snmp_ue_assoc_t* o) {
+static snmp_ue_assoc_t*
+ue_se_dup(snmp_ue_assoc_t* o)
+{
snmp_ue_assoc_t* d = se_memdup(o,sizeof(snmp_ue_assoc_t));
d->user.authModel = o->user.authModel;
#define CACHE_INSERT(c,a) if (c) { snmp_ue_assoc_t* t = c; c = a; c->next = t; } else { c = a; a->next = NULL; }
-static void renew_ue_cache(void) {
+static void
+renew_ue_cache(void)
+{
+ localized_ues = NULL;
+ unlocalized_ues = NULL;
+
if (num_ueas) {
guint i;
- localized_ues = NULL;
- unlocalized_ues = NULL;
-
for(i = 0; i < num_ueas; i++) {
snmp_ue_assoc_t* a = ue_se_dup(&(ueas[i]));
}
}
- } else {
- localized_ues = NULL;
- unlocalized_ues = NULL;
}
}
-static snmp_ue_assoc_t* localize_ue( snmp_ue_assoc_t* o, const guint8* engine, guint engine_len ) {
+static snmp_ue_assoc_t*
+localize_ue( snmp_ue_assoc_t* o, const guint8* engine, guint engine_len )
+{
snmp_ue_assoc_t* n = se_memdup(o,sizeof(snmp_ue_assoc_t));
n->engine.data = se_memdup(engine,engine_len);
#define localized_match(a,u,ul,e,el) \
( a->user.userName.len == ul \
&& a->engine.len == el \
- && memcmp( a->user.userName.data, u, (a->user.userName.len < ul) ? a->user.userName.len : ul ) == 0 \
- && memcmp( a->engine.data, e, (a->engine.len < el) ? a->engine.len : el ) == 0 )
+ && memcmp( a->user.userName.data, u, ul ) == 0 \
+ && memcmp( a->engine.data, e, el ) == 0 )
#define unlocalized_match(a,u,l) \
- ( a->user.userName.len == l && memcmp( a->user.userName.data, u, a->user.userName.len < l ? a->user.userName.len : l) == 0 )
+ ( a->user.userName.len == l && memcmp( a->user.userName.data, u, l) == 0 )
-static snmp_ue_assoc_t* get_user_assoc(tvbuff_t* engine_tvb, tvbuff_t* user_tvb) {
+static snmp_ue_assoc_t*
+get_user_assoc(tvbuff_t* engine_tvb, tvbuff_t* user_tvb)
+{
static snmp_ue_assoc_t* a;
guint given_username_len;
guint8* given_username;
if (! ( user_tvb && engine_tvb ) ) return NULL;
- given_username_len = tvb_length_remaining(user_tvb,0);
+ given_username_len = tvb_ensure_length_remaining(user_tvb,0);
given_username = ep_tvb_memdup(user_tvb,0,-1);
- given_engine_len = tvb_length_remaining(engine_tvb,0);
+ given_engine_len = tvb_ensure_length_remaining(engine_tvb,0);
given_engine = ep_tvb_memdup(engine_tvb,0,-1);
for (a = localized_ues; a; a = a->next) {
return NULL;
}
-static gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error) {
+static gboolean
+snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error)
+{
guint msg_len;
guint8* msg;
guint auth_len;
guint8* auth;
guint8* key;
guint key_len;
- guint8 calc_auth[16];
+ guint8 *calc_auth;
guint start;
guint end;
guint i;
msg[i] = '\0';
}
+ calc_auth = ep_alloc(16);
+
md5_hmac(msg, msg_len, key, key_len, calc_auth);
if (calc_auth_p) *calc_auth_p = calc_auth;
}
-static gboolean snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error _U_) {
+static gboolean
+snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error _U_)
+{
guint msg_len;
guint8* msg;
guint auth_len;
guint8* auth;
guint8* key;
guint key_len;
- guint8 calc_auth[20];
+ guint8 *calc_auth;
guint start;
guint end;
guint i;
msg[i] = '\0';
}
+ calc_auth = ep_alloc(20);
+
sha1_hmac(key, key_len, msg, msg_len, calc_auth);
if (calc_auth_p) *calc_auth_p = calc_auth;
return ( memcmp(auth,calc_auth,12) != 0 ) ? FALSE : TRUE;
}
-static tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar const** error _U_) {
+static tvbuff_t*
+snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar const** error _U_)
+{
#ifdef HAVE_LIBGCRYPT
gcry_error_t err;
gcry_cipher_hd_t hd = NULL;
err = gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
- err = gcry_cipher_setiv(hd, iv, 8);
+ err = gcry_cipher_setiv(hd, iv, 8);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setkey(hd,des_key,8);
gcry_cipher_close(hd);
- clear_tvb = tvb_new_real_data(cleartext, cryptgrm_len, cryptgrm_len);
+ clear_tvb = tvb_new_child_real_data(encryptedData, cleartext, cryptgrm_len, cryptgrm_len);
return clear_tvb;
#endif
}
-static tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar const** error _U_) {
+static tvbuff_t*
+snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, gchar const** error _U_)
+{
#ifdef HAVE_LIBGCRYPT
- gcry_error_t err;
- gcry_cipher_hd_t hd = NULL;
+ gcry_error_t err;
+ gcry_cipher_hd_t hd = NULL;
guint8* cleartext;
guint8* aes_key = p->user_assoc->user.privKey.data; /* first 16 bytes */
err = gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 0);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
- err = gcry_cipher_setiv(hd, iv, 16);
+ err = gcry_cipher_setiv(hd, iv, 16);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setkey(hd,aes_key,16);
gcry_cipher_close(hd);
- clear_tvb = tvb_new_real_data(cleartext, cryptgrm_len, cryptgrm_len);
+ clear_tvb = tvb_new_child_real_data(encryptedData, cleartext, cryptgrm_len, cryptgrm_len);
return clear_tvb;
}
-gboolean check_ScopedPdu(tvbuff_t* tvb) {
+gboolean
+check_ScopedPdu(tvbuff_t* tvb)
+{
int offset;
gint8 class;
gboolean pc;
guint
dissect_snmp_pdu(tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *tree, int proto, gint ett, gboolean is_tcp)
+ proto_tree *tree, int proto, gint ett, gboolean is_tcp)
{
guint length_remaining;
guint message_length;
int start_offset = offset;
guint32 version = 0;
+ tvbuff_t *next_tvb;
proto_tree *snmp_tree = NULL;
proto_item *item = NULL;
usm_p.msg_tvb = tvb;
- usm_p.start_offset = offset_from_real_beginning(tvb,0) ;
+ usm_p.start_offset = tvb_offset_from_real_beginning(tvb);
usm_p.engine_tvb = NULL;
usm_p.user_tvb = NULL;
usm_p.auth_item = NULL;
* This is TCP, and we should, and can, do reassembly.
*
* Is the "Sequence Of" header split across segment
- * boundaries? We requre at least 6 bytes for the
+ * boundaries? We require at least 6 bytes for the
* header, which allows for a 4-byte length (ASN.1
* BER).
*/
if (length_remaining < 6) {
+ /*
+ * Yes. Tell the TCP dissector where the data
+ * for this message starts in the data it handed
+ * us and that we need "some more data." Don't tell
+ * it exactly how many bytes we need because if/when
+ * we ask for even more (after the header) that will
+ * break reassembly.
+ */
pinfo->desegment_offset = offset;
- pinfo->desegment_len = 6 - length_remaining;
+ pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
/*
* Return 0, which means "I didn't dissect anything
* OK, try to read the "Sequence Of" header; this gets the total
* length of the SNMP message.
*/
- /* Set tree to 0 to not display internakl BER fields if option used.*/
+ /* Set tree to 0 to not display internal BER fields if option used.*/
offset = dissect_ber_identifier(pinfo, 0, tvb, offset, &class, &pc, &tag);
+ /*Get the total octet length of the SNMP data*/
offset = dissect_ber_length(pinfo, 0, tvb, offset, &len, &ind);
-
message_length = len + 2;
+
+ /*Get the SNMP version data*/
offset = dissect_ber_integer(FALSE, &asn1_ctx, 0, tvb, offset, -1, &version);
*/
pinfo->desegment_offset = start_offset;
pinfo->desegment_len =
- message_length - length_remaining;
+ message_length - length_remaining;
/*
* Return 0, which means "I didn't dissect anything
next_tvb_init(&var_list);
- if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
- col_set_str(pinfo->cinfo, COL_PROTOCOL,
- proto_get_protocol_short_name(find_protocol_by_id(proto)));
- }
+ col_set_str(pinfo->cinfo, COL_PROTOCOL,
+ proto_get_protocol_short_name(find_protocol_by_id(proto)));
if (tree) {
- item = proto_tree_add_item(tree, proto, tvb, offset,
- message_length, FALSE);
+ item = proto_tree_add_item(tree, proto, tvb, start_offset,
+ message_length, ENC_BIG_ENDIAN);
snmp_tree = proto_item_add_subtree(item, ett);
}
- switch (version){
+ switch (version) {
case 0: /* v1 */
case 1: /* v2c */
offset = dissect_snmp_Message(FALSE , tvb, start_offset, &asn1_ctx, snmp_tree, -1);
break;
}
- next_tvb_call(&var_list, pinfo, tree, NULL, data_handle);
+ /* There may be appended data after the SNMP data, so treat as raw
+ * data which needs to be dissected in case of UDP as UDP is PDU oriented.
+ */
+ if((!is_tcp) && (length_remaining > (guint)offset)) {
+ next_tvb = tvb_new_subset_remaining(tvb, offset);
+ call_dissector(data_handle, next_tvb, pinfo, tree);
+ } else {
+ next_tvb_call(&var_list, pinfo, tree, NULL, data_handle);
+ }
return offset;
}
*/
/* SNMP starts with a SEQUENCE */
offset = get_ber_identifier(tvb, 0, &tmp_class, &tmp_pc, &tmp_tag);
- if((tmp_class!=BER_CLASS_UNI)||(tmp_tag!=BER_UNI_TAG_SEQUENCE)){
+ if((tmp_class!=BER_CLASS_UNI)||(tmp_tag!=BER_UNI_TAG_SEQUENCE)) {
return 0;
}
/* then comes a length which spans the rest of the tvb */
offset = get_ber_length(tvb, offset, &tmp_length, &tmp_ind);
- if(tmp_length!=(guint32)tvb_reported_length_remaining(tvb, offset)){
- return 0;
+ /* if(tmp_length!=(guint32)tvb_reported_length_remaining(tvb, offset)) {
+ * Losen the heuristic a bit to handle the case where data has intentionally
+ * been added after the snmp PDU ( UDP case)
+ */
+ if ( pinfo->ptype == PT_UDP ) {
+ if(tmp_length>(guint32)tvb_reported_length_remaining(tvb, offset)) {
+ return 0;
+ }
+ }else{
+ if(tmp_length!=(guint32)tvb_reported_length_remaining(tvb, offset)) {
+ return 0;
+ }
}
/* then comes an INTEGER (version)*/
- offset = get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
- if((tmp_class!=BER_CLASS_UNI)||(tmp_tag!=BER_UNI_TAG_INTEGER)){
+ get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
+ if((tmp_class!=BER_CLASS_UNI)||(tmp_tag!=BER_UNI_TAG_INTEGER)) {
return 0;
}
/* do we need to test that version is 0 - 2 (version1-3) ? */
if (pinfo->destport == UDP_PORT_SNMP) {
conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
pinfo->srcport, 0, NO_PORT_B);
- if( (conversation == NULL) || (conversation->dissector_handle!=snmp_handle) ){
+ if( (conversation == NULL) || (conversation->dissector_handle!=snmp_handle) ) {
conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
pinfo->srcport, 0, NO_PORT2);
conversation_set_dissector(conversation, snmp_handle);
return dissect_snmp_pdu(tvb, 0, pinfo, tree, proto_snmp, ett_snmp, FALSE);
}
+
static void
dissect_snmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
while (tvb_reported_length_remaining(tvb, offset) > 0) {
message_len = dissect_snmp_pdu(tvb, 0, pinfo, tree,
- proto_snmp, ett_snmp, TRUE);
+ proto_snmp, ett_snmp, TRUE);
if (message_len == 0) {
/*
* We don't have all the data for that message,
proto_tree *smux_tree = NULL;
proto_item *item = NULL;
- if (check_col(pinfo->cinfo, COL_PROTOCOL))
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMUX");
+ next_tvb_init(&var_list);
+
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMUX");
if (tree) {
- item = proto_tree_add_item(tree, proto_smux, tvb, 0, -1, FALSE);
+ item = proto_tree_add_item(tree, proto_smux, tvb, 0, -1, ENC_BIG_ENDIAN);
smux_tree = proto_item_add_subtree(item, ett_smux);
}
- dissect_SMUX_PDUs_PDU(tvb, pinfo, tree);
+ dissect_SMUX_PDUs_PDU(tvb, pinfo, smux_tree);
}
MD5 Password to Key Algorithm
from RFC 3414 A.2.1
*/
-static void snmp_usm_password_to_key_md5(const guint8 *password,
- guint passwordlen,
- const guint8 *engineID,
- guint engineLength,
- guint8 *key) {
+static void
+snmp_usm_password_to_key_md5(const guint8 *password, guint passwordlen,
+ const guint8 *engineID, guint engineLength,
+ guint8 *key)
+{
md5_state_t MD;
guint8 *cp, password_buf[64];
guint32 password_index = 0;
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through MD5 to produce final key */
- /* May want to ensure that engineLength <= 32, */
- /* otherwise need to use a buffer larger than 64 */
+ /* We ignore invalid engineLengths here. More strict */
+ /* checking is done in snmp_users_update_cb. */
/*****************************************************/
md5_init(&MD);
SHA1 Password to Key Algorithm COPIED from RFC 3414 A.2.2
*/
-static void snmp_usm_password_to_key_sha1(const guint8 *password,
- guint passwordlen,
- const guint8 *engineID,
- guint engineLength,
- guint8 *key ) {
+static void
+snmp_usm_password_to_key_sha1(const guint8 *password, guint passwordlen,
+ const guint8 *engineID, guint engineLength,
+ guint8 *key)
+{
sha1_context SH;
- guint8 *cp, password_buf[72];
+ guint8 *cp, password_buf[64];
guint32 password_index = 0;
guint32 count = 0, i;
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through SHA to produce final key */
- /* May want to ensure that engineLength <= 32, */
- /* otherwise need to use a buffer larger than 72 */
+ /* We ignore invalid engineLengths here. More strict */
+ /* checking is done in snmp_users_update_cb. */
/*****************************************************/
- memcpy(password_buf, key, 20);
- memcpy(password_buf+20, engineID, engineLength);
- memcpy(password_buf+20+engineLength, key, 20);
sha1_starts(&SH);
- sha1_update(&SH, password_buf, 40+engineLength);
+ sha1_update(&SH, key, 20);
+ sha1_update(&SH, engineID, engineLength);
+ sha1_update(&SH, key, 20);
sha1_finish(&SH, key);
return;
}
-static void process_prefs(void) {}
+static void
+process_prefs(void)
+{
+}
-static void* snmp_users_copy_cb(void* dest, const void* orig, unsigned len _U_) {
+static void*
+snmp_users_copy_cb(void* dest, const void* orig, size_t len _U_)
+{
const snmp_ue_assoc_t* o = orig;
snmp_ue_assoc_t* d = dest;
return d;
}
-static void snmp_users_free_cb(void* p) {
+static void
+snmp_users_free_cb(void* p)
+{
snmp_ue_assoc_t* ue = p;
- if (ue->user.userName.data) g_free(ue->user.userName.data);
- if (ue->user.authPassword.data) g_free(ue->user.authPassword.data);
- if (ue->user.privPassword.data) g_free(ue->user.privPassword.data);
- if (ue->user.authKey.data) g_free(ue->user.authKey.data);
- if (ue->user.privKey.data) g_free(ue->user.privKey.data);
- if (ue->engine.data) g_free(ue->engine.data);
+ g_free(ue->user.userName.data);
+ g_free(ue->user.authPassword.data);
+ g_free(ue->user.privPassword.data);
+ g_free(ue->user.authKey.data);
+ g_free(ue->user.privKey.data);
+ g_free(ue->engine.data);
}
-static void snmp_users_update_cb(void* p _U_, const char** err) {
+static void
+snmp_users_update_cb(void* p _U_, const char** err)
+{
snmp_ue_assoc_t* ue = p;
GString* es = g_string_new("");
+ unsigned i;
*err = NULL;
- if (! ue->user.userName.len) g_string_append(es,"no userName, ");
- if (ue->user.authPassword.len < 8) g_string_sprintfa(es,"short authPassword (%d), ", ue->user.authPassword.len);
- if (ue->user.privPassword.len < 8) g_string_sprintfa(es,"short privPassword (%d), ", ue->user.privPassword.len);
+ if (num_ueas == 0)
+ /* Nothing to update */
+ return;
+
+ if (! ue->user.userName.len)
+ g_string_append_printf(es,"no userName\n");
+
+ for (i=0; i<num_ueas-1; i++) {
+ snmp_ue_assoc_t* u = &(ueas[i]);
+
+ /* RFC 3411 section 5 */
+ if ((u->engine.len > 0) && (u->engine.len < 5 || u->engine.len > 32)) {
+ g_string_append_printf(es, "Invalid engineId length (%u). Must be between 5 and 32 (10 and 64 hex digits)\n", u->engine.len);
+ }
+
+
+ if ( u->user.userName.len == ue->user.userName.len
+ && u->engine.len == ue->engine.len ) {
+
+ if (u->engine.len > 0 && memcmp( u->engine.data, ue->engine.data, u->engine.len ) == 0) {
+ if ( memcmp( u->user.userName.data, ue->user.userName.data, ue->user.userName.len ) == 0 ) {
+ /* XXX: make a string for the engineId */
+ g_string_append_printf(es,"Duplicate key (userName='%s')\n",ue->user.userName.data);
+ }
+ }
+
+ if (u->engine.len == 0) {
+ if ( memcmp( u->user.userName.data, ue->user.userName.data, ue->user.userName.len ) == 0 ) {
+ g_string_append_printf(es,"Duplicate key (userName='%s' engineId=NONE)\n",ue->user.userName.data);
+ }
+ }
+ }
+ }
if (es->len) {
- g_string_truncate(es,es->len-2);
+ g_string_truncate(es,es->len-1);
*err = ep_strdup(es->str);
}
return;
}
+
UAT_LSTRING_CB_DEF(snmp_users,userName,snmp_ue_assoc_t,user.userName.data,user.userName.len)
UAT_LSTRING_CB_DEF(snmp_users,authPassword,snmp_ue_assoc_t,user.authPassword.data,user.authPassword.len)
UAT_LSTRING_CB_DEF(snmp_users,privPassword,snmp_ue_assoc_t,user.privPassword.data,user.privPassword.len)
UAT_VS_DEF(snmp_users,auth_model,snmp_ue_assoc_t,0,"MD5")
UAT_VS_DEF(snmp_users,priv_proto,snmp_ue_assoc_t,0,"DES")
+static void *
+snmp_specific_trap_copy_cb(void *dest, const void *orig, size_t len _U_)
+{
+ snmp_st_assoc_t *u = dest;
+ const snmp_st_assoc_t *o = orig;
+
+ u->enterprise = g_strdup(o->enterprise);
+ u->trap = o->trap;
+ u->desc = g_strdup(o->desc);
+
+ return dest;
+}
+
+static void
+snmp_specific_trap_free_cb(void *r)
+{
+ snmp_st_assoc_t *u = r;
+
+ g_free(u->enterprise);
+ g_free(u->desc);
+}
+
+UAT_CSTRING_CB_DEF(specific_traps, enterprise, snmp_st_assoc_t)
+UAT_DEC_CB_DEF(specific_traps, trap, snmp_st_assoc_t)
+UAT_CSTRING_CB_DEF(specific_traps, desc, snmp_st_assoc_t)
+
/*--- proto_register_snmp -------------------------------------------*/
void proto_register_snmp(void) {
/* List of fields */
static hf_register_info hf[] = {
{ &hf_snmp_v3_flags_auth,
{ "Authenticated", "snmp.v3.flags.auth", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), TH_AUTH, "", HFILL }},
+ TFS(&tfs_set_notset), TH_AUTH, NULL, HFILL }},
{ &hf_snmp_v3_flags_crypt,
{ "Encrypted", "snmp.v3.flags.crypt", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), TH_CRYPT, "", HFILL }},
+ TFS(&tfs_set_notset), TH_CRYPT, NULL, HFILL }},
{ &hf_snmp_v3_flags_report,
{ "Reportable", "snmp.v3.flags.report", FT_BOOLEAN, 8,
- TFS(&flags_set_truth), TH_REPORT, "", HFILL }},
+ TFS(&tfs_set_notset), TH_REPORT, NULL, HFILL }},
{ &hf_snmp_engineid_conform, {
"Engine ID Conformance", "snmp.engineid.conform", FT_BOOLEAN, 8,
TFS(&tfs_snmp_engineid_conform), F_SNMP_ENGINEID_CONFORM, "Engine ID RFC3411 Conformance", HFILL }},
{ &hf_snmp_engineid_enterprise, {
- "Engine Enterprise ID", "snmp.engineid.enterprise", FT_UINT32, BASE_DEC,
- VALS(sminmpec_values), 0, "Engine Enterprise ID", HFILL }},
+ "Engine Enterprise ID", "snmp.engineid.enterprise", FT_UINT32, BASE_DEC|BASE_EXT_STRING,
+ &sminmpec_values_ext, 0, NULL, HFILL }},
{ &hf_snmp_engineid_format, {
"Engine ID Format", "snmp.engineid.format", FT_UINT8, BASE_DEC,
- VALS(snmp_engineid_format_vals), 0, "Engine ID Format", HFILL }},
+ VALS(snmp_engineid_format_vals), 0, NULL, HFILL }},
{ &hf_snmp_engineid_ipv4, {
"Engine ID Data: IPv4 address", "snmp.engineid.ipv4", FT_IPv4, BASE_NONE,
- NULL, 0, "Engine ID Data: IPv4 address", HFILL }},
+ NULL, 0, NULL, HFILL }},
{ &hf_snmp_engineid_ipv6, {
"Engine ID Data: IPv6 address", "snmp.engineid.ipv6", FT_IPv6, BASE_NONE,
- NULL, 0, "Engine ID Data: IPv6 address", HFILL }},
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_engineid_cisco_type, {
+ "Engine ID Data: Cisco type", "snmp.engineid.cisco.type", FT_UINT8, BASE_NONE,
+ VALS(snmp_engineid_cisco_type_vals), 0, NULL, HFILL }},
{ &hf_snmp_engineid_mac, {
"Engine ID Data: MAC address", "snmp.engineid.mac", FT_ETHER, BASE_NONE,
- NULL, 0, "Engine ID Data: MAC address", HFILL }},
+ NULL, 0, NULL, HFILL }},
{ &hf_snmp_engineid_text, {
"Engine ID Data: Text", "snmp.engineid.text", FT_STRING, BASE_NONE,
- NULL, 0, "Engine ID Data: Text", HFILL }},
+ NULL, 0, NULL, HFILL }},
{ &hf_snmp_engineid_time, {
- "Engine ID Data: Time", "snmp.engineid.time", FT_ABSOLUTE_TIME, BASE_NONE,
- NULL, 0, "Engine ID Data: Time", HFILL }},
+ "Engine ID Data: Creation Time", "snmp.engineid.time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+ NULL, 0, NULL, HFILL }},
{ &hf_snmp_engineid_data, {
- "Engine ID Data", "snmp.engineid.data", FT_BYTES, BASE_HEX,
- NULL, 0, "Engine ID Data", HFILL }},
- { &hf_snmp_msgAuthentication,
- { "Authentication", "snmp.v3.auth", FT_BOOLEAN, 8,
- TFS(&auth_flags), 0, "", HFILL }},
- { &hf_snmp_decryptedPDU, {
- "Decrypted ScopedPDU", "snmp.decrypted_pdu", FT_BYTES, BASE_HEX,
- NULL, 0, "Decrypted PDU", HFILL }},
- { &hf_snmp_noSuchObject, { "noSuchObject", "snmp.noSuchObject", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_noSuchInstance, { "noSuchInstance", "snmp.noSuchInstance", FT_NONE, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_endOfMibView, { "endOfMibView", "snmp.endOfMibView", FT_NONE, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_unSpecified, { "unSpecified", "snmp.unSpecified", FT_NONE, BASE_DEC, NULL, 0, "", HFILL }},
-
- { &hf_snmp_integer32_value, { "Value (Integer32)", "snmp.value.int", FT_INT64, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_octestring_value, { "Value (OctetString)", "snmp.value.octets", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_oid_value, { "Value (OID)", "snmp.value.oid", FT_OID, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_null_value, { "Value (Null)", "snmp.value.null", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_ipv4_value, { "Value (IpAddress)", "snmp.value.ipv4", FT_IPv4, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_ipv6_value, { "Value (IpAddress)", "snmp.value.ipv6", FT_IPv6, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_anyaddress_value, { "Value (IpAddress)", "snmp.value.addr", FT_BYTES, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_unsigned32_value, { "Value (Unsigned32)", "snmp.value.u32", FT_INT64, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_gauge32_value, { "Value (Gauge32)", "snmp.value.g32", FT_INT64, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_unknown_value, { "Value (Unknown)", "snmp.value.unk", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_counter_value, { "Value (Counter32)", "snmp.value.counter", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_nsap_value, { "Value (NSAP)", "snmp.value.nsap", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_timeticks_value, { "Value (Timeticks)", "snmp.value.timeticks", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_snmp_opaque_value, { "Value (Opaque)", "snmp.value.opaque", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_objectname, { "Object Name", "snmp.name", FT_OID, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_snmp_scalar_instance_index, { "Scalar Instance Index", "snmp.name.index", FT_UINT64, BASE_DEC, NULL, 0, "", HFILL }},
-
-
+ "Engine ID Data", "snmp.engineid.data", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_msgAuthentication, {
+ "Authentication", "snmp.v3.auth", FT_BOOLEAN, BASE_NONE,
+ TFS(&auth_flags), 0, NULL, HFILL }},
+ { &hf_snmp_decryptedPDU, {
+ "Decrypted ScopedPDU", "snmp.decrypted_pdu", FT_BYTES, BASE_NONE,
+ NULL, 0, "Decrypted PDU", HFILL }},
+ { &hf_snmp_noSuchObject, {
+ "noSuchObject", "snmp.noSuchObject", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_noSuchInstance, {
+ "noSuchInstance", "snmp.noSuchInstance", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_endOfMibView, {
+ "endOfMibView", "snmp.endOfMibView", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_unSpecified, {
+ "unSpecified", "snmp.unSpecified", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+
+ { &hf_snmp_integer32_value, {
+ "Value (Integer32)", "snmp.value.int", FT_INT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_octetstring_value, {
+ "Value (OctetString)", "snmp.value.octets", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_oid_value, {
+ "Value (OID)", "snmp.value.oid", FT_OID, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_null_value, {
+ "Value (Null)", "snmp.value.null", FT_NONE, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_ipv4_value, {
+ "Value (IpAddress)", "snmp.value.ipv4", FT_IPv4, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_ipv6_value, {
+ "Value (IpAddress)", "snmp.value.ipv6", FT_IPv6, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_anyaddress_value, {
+ "Value (IpAddress)", "snmp.value.addr", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_unsigned32_value, {
+ "Value (Unsigned32)", "snmp.value.u32", FT_INT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_gauge32_value, {
+ "Value (Gauge32)", "snmp.value.g32", FT_INT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_unknown_value, {
+ "Value (Unknown)", "snmp.value.unk", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_counter_value, {
+ "Value (Counter32)", "snmp.value.counter", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_big_counter_value, {
+ "Value (Counter64)", "snmp.value.counter", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_nsap_value, {
+ "Value (NSAP)", "snmp.value.nsap", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_timeticks_value, {
+ "Value (Timeticks)", "snmp.value.timeticks", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_opaque_value, {
+ "Value (Opaque)", "snmp.value.opaque", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_objectname, {
+ "Object Name", "snmp.name", FT_OID, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_snmp_scalar_instance_index, {
+ "Scalar Instance Index", "snmp.name.index", FT_UINT64, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+
+
#include "packet-snmp-hfarr.c"
};
#include "packet-snmp-ettarr.c"
};
module_t *snmp_module;
+
static uat_field_t users_fields[] = {
- UAT_FLD_BUFFER(snmp_users,engine_id,"Engine-id for this entry (empty = any)"),
- UAT_FLD_LSTRING(snmp_users,userName,"The username"),
- UAT_FLD_VS(snmp_users,auth_model,auth_types,"Algorithm to be used for authentication."),
- UAT_FLD_LSTRING(snmp_users,authPassword,"The password used for authenticating packets for this entry"),
- UAT_FLD_VS(snmp_users,priv_proto,priv_types,"Algorithm to be used for privacy."),
- UAT_FLD_LSTRING(snmp_users,privPassword,"The password used for encrypting packets for this entry"),
+ UAT_FLD_BUFFER(snmp_users,engine_id,"Engine ID","Engine-id for this entry (empty = any)"),
+ UAT_FLD_LSTRING(snmp_users,userName,"Username","The username"),
+ UAT_FLD_VS(snmp_users,auth_model,"Authentication model",auth_types,"Algorithm to be used for authentication."),
+ UAT_FLD_LSTRING(snmp_users,authPassword,"Password","The password used for authenticating packets for this entry"),
+ UAT_FLD_VS(snmp_users,priv_proto,"Privacy protocol",priv_types,"Algorithm to be used for privacy."),
+ UAT_FLD_LSTRING(snmp_users,privPassword,"Privacy password","The password used for encrypting packets for this entry"),
UAT_END_FIELDS
};
-
- assocs_uat = uat_new("SNMP Users",
- sizeof(snmp_ue_assoc_t),
- "snmp_users",
- (void**)&ueas,
- &num_ueas,
- UAT_CAT_CRYPTO,
- "ChSNMPUsersSection",
- snmp_users_copy_cb,
- snmp_users_update_cb,
- snmp_users_free_cb,
- users_fields);
-
+
+ uat_t *assocs_uat = uat_new("SNMP Users",
+ sizeof(snmp_ue_assoc_t),
+ "snmp_users",
+ TRUE,
+ (void*)&ueas,
+ &num_ueas,
+ UAT_CAT_CRYPTO,
+ "ChSNMPUsersSection",
+ snmp_users_copy_cb,
+ snmp_users_update_cb,
+ snmp_users_free_cb,
+ renew_ue_cache,
+ users_fields);
+
+ static uat_field_t specific_traps_flds[] = {
+ UAT_FLD_CSTRING(specific_traps,enterprise,"Enterprise OID","Enterprise Object Identifier"),
+ UAT_FLD_DEC(specific_traps,trap,"Trap Id","The specific-trap value"),
+ UAT_FLD_CSTRING(specific_traps,desc,"Description","Trap type description"),
+ UAT_END_FIELDS
+ };
+
+ uat_t* specific_traps_uat = uat_new("SNMP Enterprise Specific Trap Types",
+ sizeof(snmp_st_assoc_t),
+ "snmp_specific_traps",
+ TRUE,
+ (void*) &specific_traps,
+ &num_specific_traps,
+ UAT_CAT_GENERAL,
+ "ChSNMPEnterpriseSpecificTrapTypes",
+ snmp_specific_trap_copy_cb,
+ NULL,
+ snmp_specific_trap_free_cb,
+ NULL,
+ specific_traps_flds);
+
/* Register protocol */
proto_snmp = proto_register_protocol(PNAME, PSNAME, PFNAME);
new_register_dissector("snmp", dissect_snmp, proto_snmp);
proto_register_subtree_array(ett, array_length(ett));
- /* Register configuration preferences */
- snmp_module = prefs_register_protocol(proto_snmp, process_prefs);
- prefs_register_bool_preference(snmp_module, "display_oid",
- "Show SNMP OID in info column",
- "Whether the SNMP OID should be shown in the info column",
- &display_oid);
+ /* Register configuration preferences */
+ snmp_module = prefs_register_protocol(proto_snmp, process_prefs);
+ prefs_register_bool_preference(snmp_module, "display_oid",
+ "Show SNMP OID in info column",
+ "Whether the SNMP OID should be shown in the info column",
+ &display_oid);
- prefs_register_obsolete_preference(snmp_module, "mib_modules");
- prefs_register_obsolete_preference(snmp_module, "users_file");
+ prefs_register_obsolete_preference(snmp_module, "mib_modules");
+ prefs_register_obsolete_preference(snmp_module, "users_file");
- prefs_register_bool_preference(snmp_module, "desegment",
- "Reassemble SNMP-over-TCP messages\nspanning multiple TCP segments",
- "Whether the SNMP dissector should reassemble messages spanning multiple TCP segments."
- " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
- &snmp_desegment);
+ prefs_register_bool_preference(snmp_module, "desegment",
+ "Reassemble SNMP-over-TCP messages\nspanning multiple TCP segments",
+ "Whether the SNMP dissector should reassemble messages spanning multiple TCP segments."
+ " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
+ &snmp_desegment);
prefs_register_bool_preference(snmp_module, "var_in_tree",
- "Display dissected variables inside SNMP tree",
- "ON - display dissected variables inside SNMP tree, OFF - display dissected variables in root tree after SNMP",
- &snmp_var_in_tree);
+ "Display dissected variables inside SNMP tree",
+ "ON - display dissected variables inside SNMP tree, OFF - display dissected variables in root tree after SNMP",
+ &snmp_var_in_tree);
prefs_register_uat_preference(snmp_module, "users_table",
- "Users Table",
- "Table of engine-user associations used for authentication and decryption",
- assocs_uat);
-
-
- value_sub_dissectors_table = register_dissector_table("snmp.variable_oid","SNMP Variable OID", FT_STRING, BASE_NONE);
-
- register_init_routine(renew_ue_cache);
+ "Users Table",
+ "Table of engine-user associations used for authentication and decryption",
+ assocs_uat);
+
+ prefs_register_uat_preference(snmp_module, "specific_traps_table",
+ "Enterprise Specific Trap Types",
+ "Table of enterprise specific-trap type descriptions",
+ specific_traps_uat);
+
+#ifdef HAVE_LIBSMI
+ prefs_register_static_text_preference(snmp_module, "info_mibs",
+ "MIB settings can be changed in the Name Resolution preferences",
+ "MIB settings can be changed in the Name Resolution preferences");
+#endif
+
+ value_sub_dissectors_table = register_dissector_table("snmp.variable_oid","SNMP Variable OID", FT_STRING, BASE_NONE);
+
+ register_init_routine(renew_ue_cache);
+
+ register_ber_syntax_dissector("SNMP", proto_snmp, dissect_snmp_tcp);
}
snmp_handle = find_dissector("snmp");
- dissector_add("udp.port", UDP_PORT_SNMP, snmp_handle);
- dissector_add("udp.port", UDP_PORT_SNMP_TRAP, snmp_handle);
- dissector_add("udp.port", UDP_PORT_SNMP_PATROL, snmp_handle);
- dissector_add("ethertype", ETHERTYPE_SNMP, snmp_handle);
- dissector_add("ipx.socket", IPX_SOCKET_SNMP_AGENT, snmp_handle);
- dissector_add("ipx.socket", IPX_SOCKET_SNMP_SINK, snmp_handle);
- dissector_add("hpext.dxsap", HPEXT_SNMP, snmp_handle);
+ dissector_add_uint("udp.port", UDP_PORT_SNMP, snmp_handle);
+ dissector_add_uint("udp.port", UDP_PORT_SNMP_TRAP, snmp_handle);
+ dissector_add_uint("udp.port", UDP_PORT_SNMP_PATROL, snmp_handle);
+ dissector_add_uint("ethertype", ETHERTYPE_SNMP, snmp_handle);
+ dissector_add_uint("ipx.socket", IPX_SOCKET_SNMP_AGENT, snmp_handle);
+ dissector_add_uint("ipx.socket", IPX_SOCKET_SNMP_SINK, snmp_handle);
+ dissector_add_uint("hpext.dxsap", HPEXT_SNMP, snmp_handle);
snmp_tcp_handle = create_dissector_handle(dissect_snmp_tcp, proto_snmp);
- dissector_add("tcp.port", TCP_PORT_SNMP, snmp_tcp_handle);
- dissector_add("tcp.port", TCP_PORT_SNMP_TRAP, snmp_tcp_handle);
+ dissector_add_uint("tcp.port", TCP_PORT_SNMP, snmp_tcp_handle);
+ dissector_add_uint("tcp.port", TCP_PORT_SNMP_TRAP, snmp_tcp_handle);
data_handle = find_dissector("data");
static hf_register_info hf[] = {
{ &hf_smux_version,
{ "Version", "smux.version", FT_UINT8, BASE_DEC, NULL,
- 0x0, "", HFILL }},
+ 0x0, NULL, HFILL }},
{ &hf_smux_pdutype,
{ "PDU type", "smux.pdutype", FT_UINT8, BASE_DEC, VALS(smux_types),
- 0x0, "", HFILL }},
+ 0x0, NULL, HFILL }},
};
static gint *ett[] = {
&ett_smux,
dissector_handle_t smux_handle;
smux_handle = create_dissector_handle(dissect_smux, proto_smux);
- dissector_add("tcp.port", TCP_PORT_SMUX, smux_handle);
+ dissector_add_uint("tcp.port", TCP_PORT_SMUX, smux_handle);
}
-
-