forked from osmocom/wireshark
242 lines
7.3 KiB
INI
242 lines
7.3 KiB
INI
# snmp.cnf
|
|
# snmp conformation file
|
|
|
|
|
|
#.PDU
|
|
SMUX-PDUs
|
|
|
|
#.NO_EMIT
|
|
NotificationName
|
|
VarBind
|
|
|
|
#.TYPE_RENAME
|
|
Message/community Community
|
|
Trap-PDU/_untag/generic-trap GenericTrap
|
|
Trap-PDU/_untag/specific-trap SpecificTrap
|
|
|
|
#.FIELD_RENAME
|
|
Messagev2u/datav2u/plaintext v2u_plaintext
|
|
BulkPDU/request-id bulkPDU_request-id
|
|
|
|
#.FN_PARS Version VAL_PTR = &snmp_version
|
|
|
|
#.FN_PARS PDUs
|
|
|
|
VAL_PTR = &pdu_type
|
|
|
|
#.FN_BODY PDUs
|
|
gint pdu_type=-1;
|
|
|
|
col_clear(actx->pinfo->cinfo, COL_INFO);
|
|
|
|
%(DEFAULT_BODY)s
|
|
if( (pdu_type!=-1) && snmp_PDUs_vals[pdu_type].strptr ){
|
|
col_prepend_fstr(actx->pinfo->cinfo, COL_INFO, "%%s", snmp_PDUs_vals[pdu_type].strptr);
|
|
}
|
|
|
|
#.END
|
|
|
|
#.FN_BODY Trap-PDU/_untag
|
|
generic_trap = 0;
|
|
enterprise_oid = NULL;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if (snmp_version != 0) {
|
|
expert_add_info(actx->pinfo, tree, &ei_snmp_trap_pdu_obsolete);
|
|
}
|
|
|
|
#.FN_PARS Trap-PDU/_untag/generic-trap VAL_PTR = &generic_trap
|
|
|
|
#.FN_BODY Trap-PDU/_untag/specific-trap VAL_PTR = &specific_trap
|
|
guint specific_trap;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if (generic_trap == 6) { /* enterprise specific */
|
|
const gchar *specific_str = snmp_lookup_specific_trap (specific_trap);
|
|
if (specific_str) {
|
|
proto_item_append_text(actx->created_item, " (%%s)", specific_str);
|
|
}
|
|
}
|
|
#.END
|
|
|
|
|
|
#.FN_PARS EnterpriseOID FN_VARIANT = _str VAL_PTR = &enterprise_oid
|
|
|
|
#.FN_BODY EnterpriseOID
|
|
const gchar* name;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if (display_oid && enterprise_oid) {
|
|
name = oid_resolved_from_string(wmem_packet_scope(), enterprise_oid);
|
|
if (name) {
|
|
col_append_fstr (actx->pinfo->cinfo, COL_INFO, " %%s", name);
|
|
}
|
|
}
|
|
|
|
#.END
|
|
|
|
#.FN_PARS HeaderData/msgSecurityModel
|
|
|
|
VAL_PTR = &MsgSecurityModel
|
|
|
|
#.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineBoots
|
|
|
|
VAL_PTR = &usm_p.boots
|
|
|
|
#.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineTime
|
|
|
|
VAL_PTR = &usm_p.snmp_time
|
|
|
|
#.FN_BODY UsmSecurityParameters/msgAuthoritativeEngineID
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &usm_p.engine_tvb);
|
|
if (usm_p.engine_tvb) {
|
|
proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid);
|
|
dissect_snmp_engineid(engine_tree, actx->pinfo, usm_p.engine_tvb, 0, tvb_reported_length_remaining(usm_p.engine_tvb,0));
|
|
}
|
|
|
|
#.FN_BODY SnmpEngineID
|
|
tvbuff_t* param_tvb = NULL;
|
|
|
|
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, ¶m_tvb);
|
|
if (param_tvb) {
|
|
proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid);
|
|
dissect_snmp_engineid(engine_tree, actx->pinfo, param_tvb, 0, tvb_reported_length_remaining(param_tvb,0));
|
|
}
|
|
|
|
#.FN_PARS UsmSecurityParameters/msgUserName
|
|
VAL_PTR = &usm_p.user_tvb
|
|
|
|
#.FN_BODY UsmSecurityParameters/msgAuthenticationParameters
|
|
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &usm_p.auth_tvb);
|
|
if (usm_p.auth_tvb) {
|
|
usm_p.auth_item = %(ACTX)s->created_item;
|
|
usm_p.auth_offset = tvb_offset_from_real_beginning(usm_p.auth_tvb);
|
|
}
|
|
#.FN_PARS UsmSecurityParameters/msgPrivacyParameters
|
|
VAL_PTR = &usm_p.priv_tvb
|
|
|
|
#.FN_BODY ScopedPduData/encryptedPDU
|
|
tvbuff_t* crypt_tvb;
|
|
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_snmp_encryptedPDU, &crypt_tvb);
|
|
|
|
if( usm_p.encrypted && crypt_tvb
|
|
&& usm_p.user_assoc
|
|
&& usm_p.user_assoc->user.privProtocol ) {
|
|
|
|
const gchar* error = NULL;
|
|
proto_tree* encryptedpdu_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_encryptedPDU);
|
|
tvbuff_t* cleartext_tvb = usm_p.user_assoc->user.privProtocol(&usm_p, crypt_tvb, actx->pinfo, &error );
|
|
|
|
if (! cleartext_tvb) {
|
|
proto_tree_add_expert_format(encryptedpdu_tree, actx->pinfo, &ei_snmp_failed_decrypted_data_pdu,
|
|
crypt_tvb, 0, -1, "Failed to decrypt encryptedPDU: %%s", error);
|
|
|
|
col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Failed to decrypt");
|
|
|
|
return offset;
|
|
} else {
|
|
proto_item* decrypted_item;
|
|
proto_tree* decrypted_tree;
|
|
|
|
if (! check_ScopedPdu(cleartext_tvb)) {
|
|
proto_tree_add_expert(encryptedpdu_tree, actx->pinfo, &ei_snmp_decrypted_data_bad_formatted, cleartext_tvb, 0, -1);
|
|
|
|
col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Decrypted data not formatted as expected");
|
|
|
|
return offset;
|
|
}
|
|
|
|
|
|
add_new_data_source(actx->pinfo, cleartext_tvb, "Decrypted ScopedPDU");
|
|
|
|
decrypted_item = proto_tree_add_item(encryptedpdu_tree, hf_snmp_decryptedPDU,cleartext_tvb,0,-1,ENC_NA);
|
|
decrypted_tree = proto_item_add_subtree(decrypted_item,ett_decrypted);
|
|
dissect_snmp_ScopedPDU(FALSE, cleartext_tvb, 0, actx, decrypted_tree, -1);
|
|
}
|
|
} else {
|
|
col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: privKey Unknown");
|
|
}
|
|
|
|
#.FN_BODY SNMPv3Message/msgSecurityParameters
|
|
|
|
switch(MsgSecurityModel){
|
|
case SNMP_SEC_USM: /* 3 */
|
|
offset = get_ber_identifier(tvb, offset, NULL, NULL, NULL);
|
|
offset = get_ber_length(tvb, offset, NULL, NULL);
|
|
offset = dissect_snmp_UsmSecurityParameters(FALSE, tvb, offset, actx, tree, -1);
|
|
usm_p.user_assoc = get_user_assoc(usm_p.engine_tvb, usm_p.user_tvb);
|
|
break;
|
|
case SNMP_SEC_ANY: /* 0 */
|
|
case SNMP_SEC_V1: /* 1 */
|
|
case SNMP_SEC_V2C: /* 2 */
|
|
default:
|
|
%(DEFAULT_BODY)s
|
|
break;
|
|
}
|
|
|
|
#.FN_FTR SNMPv3Message
|
|
|
|
if( usm_p.authenticated
|
|
&& usm_p.user_assoc
|
|
&& usm_p.user_assoc->user.authModel ) {
|
|
const gchar* error = NULL;
|
|
proto_item* authen_item;
|
|
proto_tree* authen_tree = proto_item_add_subtree(usm_p.auth_item,ett_authParameters);
|
|
guint8* calc_auth = NULL;
|
|
guint calc_auth_len = 0;
|
|
|
|
usm_p.authOK = snmp_usm_auth(usm_p.user_assoc->user.authModel, &usm_p, &calc_auth, &calc_auth_len, &error );
|
|
|
|
if (error) {
|
|
expert_add_info_format( actx->pinfo, usm_p.auth_item, &ei_snmp_verify_authentication_error, "Error while verifying Message authenticity: %s", error );
|
|
} else {
|
|
expert_field* expert;
|
|
|
|
authen_item = proto_tree_add_boolean(authen_tree, hf_snmp_msgAuthentication, tvb, 0, 0, usm_p.authOK);
|
|
proto_item_set_generated(authen_item);
|
|
|
|
if (usm_p.authOK) {
|
|
expert = &ei_snmp_authentication_ok;
|
|
} else {
|
|
const gchar* calc_auth_str = bytestring_to_str(wmem_packet_scope(), calc_auth,calc_auth_len,' ');
|
|
proto_item_append_text(authen_item, " calculated = %s", calc_auth_str);
|
|
expert = &ei_snmp_authentication_error;
|
|
}
|
|
|
|
expert_add_info( actx->pinfo, authen_item, expert);
|
|
}
|
|
}
|
|
|
|
#.END
|
|
|
|
|
|
|
|
#.FN_BODY HeaderData/msgFlags VAL_PTR = ¶meter_tvb
|
|
tvbuff_t *parameter_tvb = NULL;
|
|
|
|
%(DEFAULT_BODY)s
|
|
if (parameter_tvb){
|
|
guint8 v3_flags = tvb_get_guint8(parameter_tvb, 0);
|
|
proto_tree* flags_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_msgFlags);
|
|
|
|
proto_tree_add_item(flags_tree, hf_snmp_v3_flags_report, parameter_tvb, 0, 1, ENC_BIG_ENDIAN);
|
|
proto_tree_add_item(flags_tree, hf_snmp_v3_flags_crypt, parameter_tvb, 0, 1, ENC_BIG_ENDIAN);
|
|
proto_tree_add_item(flags_tree, hf_snmp_v3_flags_auth, parameter_tvb, 0, 1, ENC_BIG_ENDIAN);
|
|
|
|
usm_p.encrypted = v3_flags & TH_CRYPT ? TRUE : FALSE;
|
|
usm_p.authenticated = v3_flags & TH_AUTH ? TRUE : FALSE;
|
|
}
|
|
|
|
|
|
#.TYPE_ATTR
|
|
NetworkAddress TYPE = FT_IPv4 DISPLAY = BASE_NONE STRINGS = NULL
|
|
Message/community TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
HeaderData/msgSecurityModel TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(sec_models)
|
|
UsmSecurityParameters/msgUserName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
ScopedPDU/contextName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
#.END
|