diff options
Diffstat (limited to 'epan/dissectors/asn1/snmp/snmp.cnf')
-rw-r--r-- | epan/dissectors/asn1/snmp/snmp.cnf | 241 |
1 files changed, 241 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/snmp/snmp.cnf b/epan/dissectors/asn1/snmp/snmp.cnf new file mode 100644 index 0000000000..c1ed1575e6 --- /dev/null +++ b/epan/dissectors/asn1/snmp/snmp.cnf @@ -0,0 +1,241 @@ +# snmp.cnf +# snmp conformation file + + +#.PDU +SMUX-PDUs + +#.NO_EMIT +NotificationName +VarBind + +#.TYPE_RENAME +Message/community Community +Trap-PDU/_untag/generic-trap GenericTrap +Trap-PDU/_untag/specific-trap SpecificTrap + +#.FIELD_RENAME +Messagev2u/datav2u/plaintext v2u_plaintext +BulkPDU/request-id bulkPDU_request-id + +#.FN_PARS Version VAL_PTR = &snmp_version + +#.FN_PARS PDUs + + VAL_PTR = &pdu_type + +#.FN_BODY PDUs +gint pdu_type=-1; + + col_clear(actx->pinfo->cinfo, COL_INFO); + +%(DEFAULT_BODY)s + if( (pdu_type!=-1) && snmp_PDUs_vals[pdu_type].strptr ){ + col_prepend_fstr(actx->pinfo->cinfo, COL_INFO, "%%s", snmp_PDUs_vals[pdu_type].strptr); + } + +#.END + +#.FN_BODY Trap-PDU/_untag + generic_trap = 0; + enterprise_oid = NULL; + +%(DEFAULT_BODY)s + + if (snmp_version != 0) { + expert_add_info(actx->pinfo, tree, &ei_snmp_trap_pdu_obsolete); + } + +#.FN_PARS Trap-PDU/_untag/generic-trap VAL_PTR = &generic_trap + +#.FN_BODY Trap-PDU/_untag/specific-trap VAL_PTR = &specific_trap + guint specific_trap; + +%(DEFAULT_BODY)s + + if (generic_trap == 6) { /* enterprise specific */ + const gchar *specific_str = snmp_lookup_specific_trap (specific_trap); + if (specific_str) { + proto_item_append_text(actx->created_item, " (%%s)", specific_str); + } + } +#.END + + +#.FN_PARS EnterpriseOID FN_VARIANT = _str VAL_PTR = &enterprise_oid + +#.FN_BODY EnterpriseOID + const gchar* name; + +%(DEFAULT_BODY)s + + if (display_oid && enterprise_oid) { + name = oid_resolved_from_string(wmem_packet_scope(), enterprise_oid); + if (name) { + col_append_fstr (actx->pinfo->cinfo, COL_INFO, " %%s", name); + } + } + +#.END + +#.FN_PARS HeaderData/msgSecurityModel + + VAL_PTR = &MsgSecurityModel + +#.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineBoots + + VAL_PTR = &usm_p.boots + +#.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineTime + + VAL_PTR = &usm_p.snmp_time + +#.FN_BODY UsmSecurityParameters/msgAuthoritativeEngineID + + offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &usm_p.engine_tvb); + if (usm_p.engine_tvb) { + proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid); + dissect_snmp_engineid(engine_tree, actx->pinfo, usm_p.engine_tvb, 0, tvb_reported_length_remaining(usm_p.engine_tvb,0)); + } + +#.FN_BODY SnmpEngineID + tvbuff_t* param_tvb = NULL; + + offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, ¶m_tvb); + if (param_tvb) { + proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid); + dissect_snmp_engineid(engine_tree, actx->pinfo, param_tvb, 0, tvb_reported_length_remaining(param_tvb,0)); + } + +#.FN_PARS UsmSecurityParameters/msgUserName + VAL_PTR = &usm_p.user_tvb + +#.FN_BODY UsmSecurityParameters/msgAuthenticationParameters + offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &usm_p.auth_tvb); + if (usm_p.auth_tvb) { + usm_p.auth_item = %(ACTX)s->created_item; + usm_p.auth_offset = tvb_offset_from_real_beginning(usm_p.auth_tvb); + } +#.FN_PARS UsmSecurityParameters/msgPrivacyParameters + VAL_PTR = &usm_p.priv_tvb + +#.FN_BODY ScopedPduData/encryptedPDU + tvbuff_t* crypt_tvb; + offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_snmp_encryptedPDU, &crypt_tvb); + + if( usm_p.encrypted && crypt_tvb + && usm_p.user_assoc + && usm_p.user_assoc->user.privProtocol ) { + + const gchar* error = NULL; + proto_tree* encryptedpdu_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_encryptedPDU); + tvbuff_t* cleartext_tvb = usm_p.user_assoc->user.privProtocol(&usm_p, crypt_tvb, &error ); + + if (! cleartext_tvb) { + proto_tree_add_expert_format(encryptedpdu_tree, actx->pinfo, &ei_snmp_failed_decrypted_data_pdu, + crypt_tvb, 0, -1, "Failed to decrypt encryptedPDU: %%s", error); + + col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Failed to decrypt"); + + return offset; + } else { + proto_item* decrypted_item; + proto_tree* decrypted_tree; + + if (! check_ScopedPdu(cleartext_tvb)) { + proto_tree_add_expert(encryptedpdu_tree, actx->pinfo, &ei_snmp_decrypted_data_bad_formatted, cleartext_tvb, 0, -1); + + col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Decrypted data not formatted as expected"); + + return offset; + } + + + add_new_data_source(actx->pinfo, cleartext_tvb, "Decrypted ScopedPDU"); + + decrypted_item = proto_tree_add_item(encryptedpdu_tree, hf_snmp_decryptedPDU,cleartext_tvb,0,-1,ENC_NA); + decrypted_tree = proto_item_add_subtree(decrypted_item,ett_decrypted); + dissect_snmp_ScopedPDU(FALSE, cleartext_tvb, 0, actx, decrypted_tree, -1); + } + } else { + col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: privKey Unknown"); + } + +#.FN_BODY SNMPv3Message/msgSecurityParameters + + switch(MsgSecurityModel){ + case SNMP_SEC_USM: /* 3 */ + offset = get_ber_identifier(tvb, offset, NULL, NULL, NULL); + offset = get_ber_length(tvb, offset, NULL, NULL); + offset = dissect_snmp_UsmSecurityParameters(FALSE, tvb, offset, actx, tree, -1); + usm_p.user_assoc = get_user_assoc(usm_p.engine_tvb, usm_p.user_tvb); + break; + case SNMP_SEC_ANY: /* 0 */ + case SNMP_SEC_V1: /* 1 */ + case SNMP_SEC_V2C: /* 2 */ + default: + %(DEFAULT_BODY)s + break; + } + +#.FN_FTR SNMPv3Message + + if( usm_p.authenticated + && usm_p.user_assoc + && usm_p.user_assoc->user.authModel ) { + const gchar* error = NULL; + proto_item* authen_item; + proto_tree* authen_tree = proto_item_add_subtree(usm_p.auth_item,ett_authParameters); + guint8* calc_auth; + guint calc_auth_len; + + usm_p.authOK = usm_p.user_assoc->user.authModel->authenticate( &usm_p, &calc_auth, &calc_auth_len, &error ); + + if (error) { + expert_add_info_format( actx->pinfo, usm_p.auth_item, &ei_snmp_verify_authentication_error, "Error while verifying Message authenticity: %s", error ); + } else { + expert_field* expert; + + authen_item = proto_tree_add_boolean(authen_tree, hf_snmp_msgAuthentication, tvb, 0, 0, usm_p.authOK); + PROTO_ITEM_SET_GENERATED(authen_item); + + if (usm_p.authOK) { + expert = &ei_snmp_authentication_ok; + } else { + const gchar* calc_auth_str = bytestring_to_str(wmem_packet_scope(), calc_auth,calc_auth_len,' '); + proto_item_append_text(authen_item, " calculated = %s", calc_auth_str); + expert = &ei_snmp_authentication_error; + } + + expert_add_info( actx->pinfo, authen_item, expert); + } + } + +#.END + + + +#.FN_BODY HeaderData/msgFlags VAL_PTR = ¶meter_tvb + tvbuff_t *parameter_tvb = NULL; + + %(DEFAULT_BODY)s + if (parameter_tvb){ + guint8 v3_flags = tvb_get_guint8(parameter_tvb, 0); + proto_tree* flags_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_msgFlags); + + proto_tree_add_item(flags_tree, hf_snmp_v3_flags_report, parameter_tvb, 0, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(flags_tree, hf_snmp_v3_flags_crypt, parameter_tvb, 0, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(flags_tree, hf_snmp_v3_flags_auth, parameter_tvb, 0, 1, ENC_BIG_ENDIAN); + + usm_p.encrypted = v3_flags & TH_CRYPT ? TRUE : FALSE; + usm_p.authenticated = v3_flags & TH_AUTH ? TRUE : FALSE; + } + + +#.TYPE_ATTR +NetworkAddress TYPE = FT_IPv4 DISPLAY = BASE_NONE STRINGS = NULL +Message/community TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +HeaderData/msgSecurityModel TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(sec_models) +UsmSecurityParameters/msgUserName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +ScopedPDU/contextName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +#.END |