# snmp.cnf # snmp conformation file # $Id$ #.PDU SMUX-PDUs #.NO_EMIT NotificationName VarBind #.TYPE_RENAME Message/community Community Trap-PDU/_untag/generic-trap GenericTrap Trap-PDU/_untag/specific-trap SpecificTrap #.FIELD_RENAME Messagev2u/datav2u/plaintext v2u_plaintext BulkPDU/request-id bulkPDU_request-id #.FN_PARS PDUs VAL_PTR = &pdu_type #.FN_BODY PDUs gint pdu_type=-1; col_clear(actx->pinfo->cinfo, COL_INFO); %(DEFAULT_BODY)s if( (pdu_type!=-1) && snmp_PDUs_vals[pdu_type].strptr ){ col_prepend_fstr(actx->pinfo->cinfo, COL_INFO, "%%s", snmp_PDUs_vals[pdu_type].strptr); } #.END #.FN_BODY Trap-PDU/_untag generic_trap = 0; enterprise_oid = NULL; %(DEFAULT_BODY)s #.FN_PARS Trap-PDU/_untag/generic-trap VAL_PTR = &generic_trap #.FN_BODY Trap-PDU/_untag/specific-trap VAL_PTR = &specific_trap guint specific_trap; %(DEFAULT_BODY)s if (generic_trap == 6) { /* enterprise specific */ const gchar *specific_str = snmp_lookup_specific_trap (specific_trap); if (specific_str) { proto_item_append_text(actx->created_item, " (%%s)", specific_str); } } #.END #.FN_PARS EnterpriseOID FN_VARIANT = _str VAL_PTR = &enterprise_oid #.FN_BODY EnterpriseOID const gchar* name; %(DEFAULT_BODY)s if (display_oid && enterprise_oid) { name = oid_resolved_from_string(enterprise_oid); if (name) { col_append_fstr (actx->pinfo->cinfo, COL_INFO, " %%s", name); } } #.END #.FN_PARS HeaderData/msgSecurityModel VAL_PTR = &MsgSecurityModel #.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineBoots VAL_PTR = &usm_p.boots #.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineTime VAL_PTR = &usm_p.time #.FN_BODY UsmSecurityParameters/msgAuthoritativeEngineID offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &usm_p.engine_tvb); if (usm_p.engine_tvb) { proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid); dissect_snmp_engineid(engine_tree, usm_p.engine_tvb, 0, tvb_length_remaining(usm_p.engine_tvb,0)); } #.FN_BODY SnmpEngineID tvbuff_t* param_tvb = NULL; offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, ¶m_tvb); if (param_tvb) { proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid); dissect_snmp_engineid(engine_tree, param_tvb, 0, tvb_length_remaining(param_tvb,0)); } #.FN_PARS UsmSecurityParameters/msgUserName VAL_PTR = &usm_p.user_tvb #.FN_BODY UsmSecurityParameters/msgAuthenticationParameters offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &usm_p.auth_tvb); if (usm_p.auth_tvb) { usm_p.auth_item = %(ACTX)s->created_item; usm_p.auth_offset = tvb_offset_from_real_beginning(usm_p.auth_tvb); } #.FN_PARS UsmSecurityParameters/msgPrivacyParameters VAL_PTR = &usm_p.priv_tvb #.FN_BODY ScopedPduData/encryptedPDU tvbuff_t* crypt_tvb; offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_snmp_encryptedPDU, &crypt_tvb); if( usm_p.encrypted && crypt_tvb && usm_p.user_assoc && usm_p.user_assoc->user.privProtocol ) { const gchar* error = NULL; proto_tree* encryptedpdu_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_encryptedPDU); tvbuff_t* cleartext_tvb = usm_p.user_assoc->user.privProtocol(&usm_p, crypt_tvb, &error ); if (! cleartext_tvb) { proto_item* cause = proto_tree_add_text(encryptedpdu_tree, crypt_tvb, 0, -1, "Failed to decrypt encryptedPDU: %%s", error); expert_add_info_format(actx->pinfo, cause, PI_MALFORMED, PI_WARN, "Failed to decrypt encryptedPDU: %%s", error); col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Failed to decrypt"); return offset; } else { proto_item* decrypted_item; proto_tree* decrypted_tree; if (! check_ScopedPdu(cleartext_tvb)) { proto_item* cause = proto_tree_add_text(encryptedpdu_tree, cleartext_tvb, 0, -1, "Decrypted data not formatted as expected, wrong key?"); expert_add_info_format(actx->pinfo, cause, PI_MALFORMED, PI_WARN, "Decrypted data not formatted as expected"); col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Decrypted data not formatted as expected"); return offset; } add_new_data_source(actx->pinfo, cleartext_tvb, "Decrypted ScopedPDU"); decrypted_item = proto_tree_add_item(encryptedpdu_tree, hf_snmp_decryptedPDU,cleartext_tvb,0,-1,FALSE); decrypted_tree = proto_item_add_subtree(decrypted_item,ett_decrypted); dissect_snmp_ScopedPDU(FALSE, cleartext_tvb, 0, actx, decrypted_tree, -1); } } else { col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: privKey Unknown"); } #.FN_BODY SNMPv3Message/msgSecurityParameters switch(MsgSecurityModel){ case SNMP_SEC_USM: /* 3 */ offset = dissect_snmp_UsmSecurityParameters(FALSE, tvb, offset+2, actx, tree, -1); usm_p.user_assoc = get_user_assoc(usm_p.engine_tvb, usm_p.user_tvb); break; case SNMP_SEC_ANY: /* 0 */ case SNMP_SEC_V1: /* 1 */ case SNMP_SEC_V2C: /* 2 */ default: %(DEFAULT_BODY)s break; } #.FN_FTR SNMPv3Message if( usm_p.authenticated && usm_p.user_assoc && usm_p.user_assoc->user.authModel ) { const gchar* error = NULL; proto_item* authen_item; proto_tree* authen_tree = proto_item_add_subtree(usm_p.auth_item,ett_authParameters); guint8* calc_auth; guint calc_auth_len; usm_p.authOK = usm_p.user_assoc->user.authModel->authenticate( &usm_p, &calc_auth, &calc_auth_len, &error ); if (error) { authen_item = proto_tree_add_text(authen_tree,tvb,0,0,"Error while verifying Message authenticity: %s", error); PROTO_ITEM_SET_GENERATED(authen_item); expert_add_info_format( actx->pinfo, authen_item, PI_MALFORMED, PI_ERROR, "Error while verifying Message authenticity: %s", error ); } else { int severity; gchar* msg; authen_item = proto_tree_add_boolean(authen_tree, hf_snmp_msgAuthentication, tvb, 0, 0, usm_p.authOK); PROTO_ITEM_SET_GENERATED(authen_item); if (usm_p.authOK) { msg = "SNMP Authentication OK"; severity = PI_CHAT; } else { gchar* calc_auth_str = bytestring_to_str(calc_auth,calc_auth_len,' '); proto_item_append_text(authen_item, " calculated = %s", calc_auth_str); msg = "SNMP Authentication Error"; severity = PI_WARN; } expert_add_info_format( actx->pinfo, authen_item, PI_CHECKSUM, severity, "%s", msg ); } } #.END #.FN_BODY HeaderData/msgFlags VAL_PTR = ¶meter_tvb tvbuff_t *parameter_tvb = NULL; %(DEFAULT_BODY)s if (parameter_tvb){ guint8 v3_flags = tvb_get_guint8(parameter_tvb, 0); proto_tree* flags_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_msgFlags); proto_tree_add_item(flags_tree, hf_snmp_v3_flags_report, parameter_tvb, 0, 1, FALSE); proto_tree_add_item(flags_tree, hf_snmp_v3_flags_crypt, parameter_tvb, 0, 1, FALSE); proto_tree_add_item(flags_tree, hf_snmp_v3_flags_auth, parameter_tvb, 0, 1, FALSE); usm_p.encrypted = v3_flags & TH_CRYPT ? TRUE : FALSE; usm_p.authenticated = v3_flags & TH_AUTH ? TRUE : FALSE; } #.TYPE_ATTR NetworkAddress TYPE = FT_IPv4 DISPLAY = BASE_NONE STRINGS = NULL Message/community TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL HeaderData/msgSecurityModel TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(sec_models) UsmSecurityParameters/msgUserName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL #.END