1 /*
2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
3 * John Robert LoVerso. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 *
27 *
28 * This implementation has been influenced by the CMU SNMP release,
29 * by Steve Waldbusser. However, this shares no code with that system.
30 * Additional ASN.1 insight gained from Marshall T. Rose's _The_Open_Book_.
31 * Earlier forms of this implementation were derived and/or inspired by an
32 * awk script originally written by C. Philip Wood of LANL (but later
33 * heavily modified by John Robert LoVerso). The copyright notice for
34 * that work is preserved below, even though it may not rightly apply
35 * to this file.
36 *
37 * Support for SNMPv2c/SNMPv3 and the ability to link the module against
38 * the libsmi was added by J. Schoenwaelder, Copyright (c) 1999.
39 *
40 * This started out as a very simple program, but the incremental decoding
41 * (into the BE structure) complicated things.
42 *
43 # Los Alamos National Laboratory
44 #
45 # Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
46 # This software was produced under a U.S. Government contract
47 # (W-7405-ENG-36) by Los Alamos National Laboratory, which is
48 # operated by the University of California for the U.S. Department
49 # of Energy. The U.S. Government is licensed to use, reproduce,
50 # and distribute this software. Permission is granted to the
51 # public to copy and use this software without charge, provided
52 # that this Notice and any statement of authorship are reproduced
53 # on all copies. Neither the Government nor the University makes
54 # any warranty, express or implied, or assumes any liability or
55 # responsibility for the use of this software.
56 # @(#)snmp.awk.x 1.1 (LANL) 1/15/90
57 */
58
59 #ifndef lint
60 static const char rcsid[] _U_ =
61 "@(#) $Header: /tcpdump/master/tcpdump/print-snmp.c,v 1.62.2.2 2005/05/06 07:57:19 guy Exp $ (LBL)";
62 #endif
63
64 #ifdef HAVE_CONFIG_H
65 #include "config.h"
66 #endif
67
68 #include <tcpdump-stdinc.h>
69
70 #include <stdio.h>
71 #include <string.h>
72
73 #ifdef HAVE_SMI_H
74 #include <smi.h>
75 #endif
76
77 #include "interface.h"
78 #include "addrtoname.h"
79
80 #undef OPAQUE /* defined in <wingdi.h> */
81
82 /*
83 * Universal ASN.1 types
84 * (we only care about the tag values for those allowed in the Internet SMI)
85 */
86 const char *Universal[] = {
87 "U-0",
88 "Boolean",
89 "Integer",
90 #define INTEGER 2
91 "Bitstring",
92 "String",
93 #define STRING 4
94 "Null",
95 #define ASN_NULL 5
96 "ObjID",
97 #define OBJECTID 6
98 "ObjectDes",
99 "U-8","U-9","U-10","U-11", /* 8-11 */
100 "U-12","U-13","U-14","U-15", /* 12-15 */
101 "Sequence",
102 #define SEQUENCE 16
103 "Set"
104 };
105
106 /*
107 * Application-wide ASN.1 types from the Internet SMI and their tags
108 */
109 const char *Application[] = {
110 "IpAddress",
111 #define IPADDR 0
112 "Counter",
113 #define COUNTER 1
114 "Gauge",
115 #define GAUGE 2
116 "TimeTicks",
117 #define TIMETICKS 3
118 "Opaque",
119 #define OPAQUE 4
120 "C-5",
121 "Counter64"
122 #define COUNTER64 6
123 };
124
125 /*
126 * Context-specific ASN.1 types for the SNMP PDUs and their tags
127 */
128 const char *Context[] = {
129 "GetRequest",
130 #define GETREQ 0
131 "GetNextRequest",
132 #define GETNEXTREQ 1
133 "GetResponse",
134 #define GETRESP 2
135 "SetRequest",
136 #define SETREQ 3
137 "Trap",
138 #define TRAP 4
139 "GetBulk",
140 #define GETBULKREQ 5
141 "Inform",
142 #define INFORMREQ 6
143 "V2Trap",
144 #define V2TRAP 7
145 "Report"
146 #define REPORT 8
147 };
148
149 #define NOTIFY_CLASS(x) (x == TRAP || x == V2TRAP || x == INFORMREQ)
150 #define READ_CLASS(x) (x == GETREQ || x == GETNEXTREQ || x == GETBULKREQ)
151 #define WRITE_CLASS(x) (x == SETREQ)
152 #define RESPONSE_CLASS(x) (x == GETRESP)
153 #define INTERNAL_CLASS(x) (x == REPORT)
154
155 /*
156 * Context-specific ASN.1 types for the SNMP Exceptions and their tags
157 */
158 const char *Exceptions[] = {
159 "noSuchObject",
160 #define NOSUCHOBJECT 0
161 "noSuchInstance",
162 #define NOSUCHINSTANCE 1
163 "endOfMibView",
164 #define ENDOFMIBVIEW 2
165 };
166
167 /*
168 * Private ASN.1 types
169 * The Internet SMI does not specify any
170 */
171 const char *Private[] = {
172 "P-0"
173 };
174
175 /*
176 * error-status values for any SNMP PDU
177 */
178 const char *ErrorStatus[] = {
179 "noError",
180 "tooBig",
181 "noSuchName",
182 "badValue",
183 "readOnly",
184 "genErr",
185 "noAccess",
186 "wrongType",
187 "wrongLength",
188 "wrongEncoding",
189 "wrongValue",
190 "noCreation",
191 "inconsistentValue",
192 "resourceUnavailable",
193 "commitFailed",
194 "undoFailed",
195 "authorizationError",
196 "notWritable",
197 "inconsistentName"
198 };
199 #define DECODE_ErrorStatus(e) \
200 ( e >= 0 && (size_t)e < sizeof(ErrorStatus)/sizeof(ErrorStatus[0]) \
201 ? ErrorStatus[e] \
202 : (snprintf(errbuf, sizeof(errbuf), "err=%u", e), errbuf))
203
204 /*
205 * generic-trap values in the SNMP Trap-PDU
206 */
207 const char *GenericTrap[] = {
208 "coldStart",
209 "warmStart",
210 "linkDown",
211 "linkUp",
212 "authenticationFailure",
213 "egpNeighborLoss",
214 "enterpriseSpecific"
215 #define GT_ENTERPRISE 6
216 };
217 #define DECODE_GenericTrap(t) \
218 ( t >= 0 && (size_t)t < sizeof(GenericTrap)/sizeof(GenericTrap[0]) \
219 ? GenericTrap[t] \
220 : (snprintf(buf, sizeof(buf), "gt=%d", t), buf))
221
222 /*
223 * ASN.1 type class table
224 * Ties together the preceding Universal, Application, Context, and Private
225 * type definitions.
226 */
227 #define defineCLASS(x) { "x", x, sizeof(x)/sizeof(x[0]) } /* not ANSI-C */
228 struct {
229 const char *name;
230 const char **Id;
231 int numIDs;
232 } Class[] = {
233 defineCLASS(Universal),
234 #define UNIVERSAL 0
235 defineCLASS(Application),
236 #define APPLICATION 1
237 defineCLASS(Context),
238 #define CONTEXT 2
239 defineCLASS(Private),
240 #define PRIVATE 3
241 defineCLASS(Exceptions),
242 #define EXCEPTIONS 4
243 };
244
245 /*
246 * defined forms for ASN.1 types
247 */
248 const char *Form[] = {
249 "Primitive",
250 #define PRIMITIVE 0
251 "Constructed",
252 #define CONSTRUCTED 1
253 };
254
255 /*
256 * A structure for the OID tree for the compiled-in MIB.
257 * This is stored as a general-order tree.
258 */
259 struct obj {
260 const char *desc; /* name of object */
261 u_char oid; /* sub-id following parent */
262 u_char type; /* object type (unused) */
263 struct obj *child, *next; /* child and next sibling pointers */
264 } *objp = NULL;
265
266 /*
267 * Include the compiled in SNMP MIB. "mib.h" is produced by feeding
268 * RFC-1156 format files into "makemib". "mib.h" MUST define at least
269 * a value for `mibroot'.
270 *
271 * In particular, this is gross, as this is including initialized structures,
272 * and by right shouldn't be an "include" file.
273 */
274 #include "mib.h"
275
276 /*
277 * This defines a list of OIDs which will be abbreviated on output.
278 * Currently, this includes the prefixes for the Internet MIB, the
279 * private enterprises tree, and the experimental tree.
280 */
281 struct obj_abrev {
282 const char *prefix; /* prefix for this abrev */
283 struct obj *node; /* pointer into object table */
284 const char *oid; /* ASN.1 encoded OID */
285 } obj_abrev_list[] = {
286 #ifndef NO_ABREV_MIB
287 /* .iso.org.dod.internet.mgmt.mib */
288 { "", &_mib_obj, "\53\6\1\2\1" },
289 #endif
290 #ifndef NO_ABREV_ENTER
291 /* .iso.org.dod.internet.private.enterprises */
292 { "E:", &_enterprises_obj, "\53\6\1\4\1" },
293 #endif
294 #ifndef NO_ABREV_EXPERI
295 /* .iso.org.dod.internet.experimental */
296 { "X:", &_experimental_obj, "\53\6\1\3" },
297 #endif
298 #ifndef NO_ABBREV_SNMPMODS
299 /* .iso.org.dod.internet.snmpV2.snmpModules */
300 { "S:", &_snmpModules_obj, "\53\6\1\6\3" },
301 #endif
302 { 0,0,0 }
303 };
304
305 /*
306 * This is used in the OID print routine to walk down the object tree
307 * rooted at `mibroot'.
308 */
309 #define OBJ_PRINT(o, suppressdot) \
310 { \
311 if (objp) { \
312 do { \
313 if ((o) == objp->oid) \
314 break; \
315 } while ((objp = objp->next) != NULL); \
316 } \
317 if (objp) { \
318 printf(suppressdot?"%s":".%s", objp->desc); \
319 objp = objp->child; \
320 } else \
321 printf(suppressdot?"%u":".%u", (o)); \
322 }
323
324 /*
325 * This is the definition for the Any-Data-Type storage used purely for
326 * temporary internal representation while decoding an ASN.1 data stream.
327 */
328 struct be {
329 u_int32_t asnlen;
330 union {
331 caddr_t raw;
332 int32_t integer;
333 u_int32_t uns;
334 const u_char *str;
335 struct {
336 u_int32_t high;
337 u_int32_t low;
338 } uns64;
339 } data;
340 u_short id;
341 u_char form, class; /* tag info */
342 u_char type;
343 #define BE_ANY 255
344 #define BE_NONE 0
345 #define BE_NULL 1
346 #define BE_OCTET 2
347 #define BE_OID 3
348 #define BE_INT 4
349 #define BE_UNS 5
350 #define BE_STR 6
351 #define BE_SEQ 7
352 #define BE_INETADDR 8
353 #define BE_PDU 9
354 #define BE_UNS64 10
355 #define BE_NOSUCHOBJECT 128
356 #define BE_NOSUCHINST 129
357 #define BE_ENDOFMIBVIEW 130
358 };
359
360 /*
361 * SNMP versions recognized by this module
362 */
363 const char *SnmpVersion[] = {
364 "SNMPv1",
365 #define SNMP_VERSION_1 0
366 "SNMPv2c",
367 #define SNMP_VERSION_2 1
368 "SNMPv2u",
369 #define SNMP_VERSION_2U 2
370 "SNMPv3"
371 #define SNMP_VERSION_3 3
372 };
373
374 /*
375 * Defaults for SNMP PDU components
376 */
377 #define DEF_COMMUNITY "public"
378
379 /*
380 * constants for ASN.1 decoding
381 */
382 #define OIDMUX 40
383 #define ASNLEN_INETADDR 4
384 #define ASN_SHIFT7 7
385 #define ASN_SHIFT8 8
386 #define ASN_BIT8 0x80
387 #define ASN_LONGLEN 0x80
388
389 #define ASN_ID_BITS 0x1f
390 #define ASN_FORM_BITS 0x20
391 #define ASN_FORM_SHIFT 5
392 #define ASN_CLASS_BITS 0xc0
393 #define ASN_CLASS_SHIFT 6
394
395 #define ASN_ID_EXT 0x1f /* extension ID in tag field */
396
397 /*
398 * This decodes the next ASN.1 object in the stream pointed to by "p"
399 * (and of real-length "len") and stores the intermediate data in the
400 * provided BE object.
401 *
402 * This returns -l if it fails (i.e., the ASN.1 stream is not valid).
403 * O/w, this returns the number of bytes parsed from "p".
404 */
405 static int
asn1_parse(register const u_char * p,u_int len,struct be * elem)406 asn1_parse(register const u_char *p, u_int len, struct be *elem)
407 {
408 u_char form, class, id;
409 int i, hdr;
410
411 elem->asnlen = 0;
412 elem->type = BE_ANY;
413 if (len < 1) {
414 fputs("[nothing to parse]", stdout);
415 return -1;
416 }
417 TCHECK(*p);
418
419 /*
420 * it would be nice to use a bit field, but you can't depend on them.
421 * +---+---+---+---+---+---+---+---+
422 * + class |frm| id |
423 * +---+---+---+---+---+---+---+---+
424 * 7 6 5 4 3 2 1 0
425 */
426 id = *p & ASN_ID_BITS; /* lower 5 bits, range 00-1f */
427 #ifdef notdef
428 form = (*p & 0xe0) >> 5; /* move upper 3 bits to lower 3 */
429 class = form >> 1; /* bits 7&6 -> bits 1&0, range 0-3 */
430 form &= 0x1; /* bit 5 -> bit 0, range 0-1 */
431 #else
432 form = (u_char)(*p & ASN_FORM_BITS) >> ASN_FORM_SHIFT;
433 class = (u_char)(*p & ASN_CLASS_BITS) >> ASN_CLASS_SHIFT;
434 #endif
435 elem->form = form;
436 elem->class = class;
437 elem->id = id;
438 p++; len--; hdr = 1;
439 /* extended tag field */
440 if (id == ASN_ID_EXT) {
441 /*
442 * The ID follows, as a sequence of octets with the
443 * 8th bit set and the remaining 7 bits being
444 * the next 7 bits of the value, terminated with
445 * an octet with the 8th bit not set.
446 *
447 * First, assemble all the octets with the 8th
448 * bit set. XXX - this doesn't handle a value
449 * that won't fit in 32 bits.
450 */
451 for (id = 0; *p & ASN_BIT8; len--, hdr++, p++) {
452 if (len < 1) {
453 fputs("[Xtagfield?]", stdout);
454 return -1;
455 }
456 TCHECK(*p);
457 id = (id << 7) | (*p & ~ASN_BIT8);
458 }
459 if (len < 1) {
460 fputs("[Xtagfield?]", stdout);
461 return -1;
462 }
463 TCHECK(*p);
464 elem->id = id = (id << 7) | *p;
465 --len;
466 ++hdr;
467 ++p;
468 }
469 if (len < 1) {
470 fputs("[no asnlen]", stdout);
471 return -1;
472 }
473 TCHECK(*p);
474 elem->asnlen = *p;
475 p++; len--; hdr++;
476 if (elem->asnlen & ASN_BIT8) {
477 u_int32_t noct = elem->asnlen % ASN_BIT8;
478 elem->asnlen = 0;
479 if (len < noct) {
480 printf("[asnlen? %d<%d]", len, noct);
481 return -1;
482 }
483 TCHECK2(*p, noct);
484 for (; noct-- > 0; len--, hdr++)
485 elem->asnlen = (elem->asnlen << ASN_SHIFT8) | *p++;
486 }
487 if (len < elem->asnlen) {
488 printf("[len%d<asnlen%u]", len, elem->asnlen);
489 return -1;
490 }
491 if (form >= sizeof(Form)/sizeof(Form[0])) {
492 printf("[form?%d]", form);
493 return -1;
494 }
495 if (class >= sizeof(Class)/sizeof(Class[0])) {
496 printf("[class?%c/%d]", *Form[form], class);
497 return -1;
498 }
499 if ((int)id >= Class[class].numIDs) {
500 printf("[id?%c/%s/%d]", *Form[form], Class[class].name, id);
501 return -1;
502 }
503
504 switch (form) {
505 case PRIMITIVE:
506 switch (class) {
507 case UNIVERSAL:
508 switch (id) {
509 case STRING:
510 elem->type = BE_STR;
511 elem->data.str = p;
512 break;
513
514 case INTEGER: {
515 register int32_t data;
516 elem->type = BE_INT;
517 data = 0;
518
519 TCHECK2(*p, elem->asnlen);
520 if (*p & ASN_BIT8) /* negative */
521 data = -1;
522 for (i = elem->asnlen; i-- > 0; p++)
523 data = (data << ASN_SHIFT8) | *p;
524 elem->data.integer = data;
525 break;
526 }
527
528 case OBJECTID:
529 elem->type = BE_OID;
530 elem->data.raw = (caddr_t)p;
531 break;
532
533 case ASN_NULL:
534 elem->type = BE_NULL;
535 elem->data.raw = NULL;
536 break;
537
538 default:
539 elem->type = BE_OCTET;
540 elem->data.raw = (caddr_t)p;
541 printf("[P/U/%s]",
542 Class[class].Id[id]);
543 break;
544 }
545 break;
546
547 case APPLICATION:
548 switch (id) {
549 case IPADDR:
550 elem->type = BE_INETADDR;
551 elem->data.raw = (caddr_t)p;
552 break;
553
554 case COUNTER:
555 case GAUGE:
556 case TIMETICKS: {
557 register u_int32_t data;
558 TCHECK2(*p, elem->asnlen);
559 elem->type = BE_UNS;
560 data = 0;
561 for (i = elem->asnlen; i-- > 0; p++)
562 data = (data << 8) + *p;
563 elem->data.uns = data;
564 break;
565 }
566
567 case COUNTER64: {
568 register u_int32_t high, low;
569 TCHECK2(*p, elem->asnlen);
570 elem->type = BE_UNS64;
571 high = 0, low = 0;
572 for (i = elem->asnlen; i-- > 0; p++) {
573 high = (high << 8) |
574 ((low & 0xFF000000) >> 24);
575 low = (low << 8) | *p;
576 }
577 elem->data.uns64.high = high;
578 elem->data.uns64.low = low;
579 break;
580 }
581
582 default:
583 elem->type = BE_OCTET;
584 elem->data.raw = (caddr_t)p;
585 printf("[P/A/%s]",
586 Class[class].Id[id]);
587 break;
588 }
589 break;
590
591 case CONTEXT:
592 switch (id) {
593 case NOSUCHOBJECT:
594 elem->type = BE_NOSUCHOBJECT;
595 elem->data.raw = NULL;
596 break;
597
598 case NOSUCHINSTANCE:
599 elem->type = BE_NOSUCHINST;
600 elem->data.raw = NULL;
601 break;
602
603 case ENDOFMIBVIEW:
604 elem->type = BE_ENDOFMIBVIEW;
605 elem->data.raw = NULL;
606 break;
607 }
608 break;
609
610 default:
611 printf("[P/%s/%s]",
612 Class[class].name, Class[class].Id[id]);
613 TCHECK2(*p, elem->asnlen);
614 elem->type = BE_OCTET;
615 elem->data.raw = (caddr_t)p;
616 break;
617 }
618 break;
619
620 case CONSTRUCTED:
621 switch (class) {
622 case UNIVERSAL:
623 switch (id) {
624 case SEQUENCE:
625 elem->type = BE_SEQ;
626 elem->data.raw = (caddr_t)p;
627 break;
628
629 default:
630 elem->type = BE_OCTET;
631 elem->data.raw = (caddr_t)p;
632 printf("C/U/%s", Class[class].Id[id]);
633 break;
634 }
635 break;
636
637 case CONTEXT:
638 elem->type = BE_PDU;
639 elem->data.raw = (caddr_t)p;
640 break;
641
642 default:
643 elem->type = BE_OCTET;
644 elem->data.raw = (caddr_t)p;
645 printf("C/%s/%s",
646 Class[class].name, Class[class].Id[id]);
647 break;
648 }
649 break;
650 }
651 p += elem->asnlen;
652 len -= elem->asnlen;
653 return elem->asnlen + hdr;
654
655 trunc:
656 fputs("[|snmp]", stdout);
657 return -1;
658 }
659
660 /*
661 * Display the ASN.1 object represented by the BE object.
662 * This used to be an integral part of asn1_parse() before the intermediate
663 * BE form was added.
664 */
665 static int
asn1_print(struct be * elem)666 asn1_print(struct be *elem)
667 {
668 u_char *p = (u_char *)elem->data.raw;
669 u_int32_t asnlen = elem->asnlen;
670 u_int32_t i;
671
672 switch (elem->type) {
673
674 case BE_OCTET:
675 TCHECK2(*p, asnlen);
676 for (i = asnlen; i-- > 0; p++)
677 printf("_%.2x", *p);
678 break;
679
680 case BE_NULL:
681 break;
682
683 case BE_OID: {
684 int o = 0, first = -1, i = asnlen;
685
686 if (!sflag && !nflag && asnlen > 2) {
687 struct obj_abrev *a = &obj_abrev_list[0];
688 size_t a_len = strlen(a->oid);
689 for (; a->node; a++) {
690 TCHECK2(*p, a_len);
691 if (memcmp(a->oid, (char *)p, a_len) == 0) {
692 objp = a->node->child;
693 i -= strlen(a->oid);
694 p += strlen(a->oid);
695 fputs(a->prefix, stdout);
696 first = 1;
697 break;
698 }
699 }
700 }
701
702 for (; !sflag && i-- > 0; p++) {
703 TCHECK(*p);
704 o = (o << ASN_SHIFT7) + (*p & ~ASN_BIT8);
705 if (*p & ASN_LONGLEN)
706 continue;
707
708 /*
709 * first subitem encodes two items with 1st*OIDMUX+2nd
710 * (see X.690:1997 clause 8.19 for the details)
711 */
712 if (first < 0) {
713 int s;
714 if (!nflag)
715 objp = mibroot;
716 first = 0;
717 s = o / OIDMUX;
718 if (s > 2) s = 2;
719 OBJ_PRINT(s, first);
720 o -= s * OIDMUX;
721 }
722 OBJ_PRINT(o, first);
723 if (--first < 0)
724 first = 0;
725 o = 0;
726 }
727 break;
728 }
729
730 case BE_INT:
731 printf("%d", elem->data.integer);
732 break;
733
734 case BE_UNS:
735 printf("%u", elem->data.uns);
736 break;
737
738 case BE_UNS64: { /* idea borrowed from by Marshall Rose */
739 double d;
740 int j, carry;
741 char *cpf, *cpl, last[6], first[30];
742 if (elem->data.uns64.high == 0) {
743 printf("%u", elem->data.uns64.low);
744 break;
745 }
746 d = elem->data.uns64.high * 4294967296.0; /* 2^32 */
747 if (elem->data.uns64.high <= 0x1fffff) {
748 d += elem->data.uns64.low;
749 #if 0 /*is looks illegal, but what is the intention?*/
750 printf("%.f", d);
751 #else
752 printf("%f", d);
753 #endif
754 break;
755 }
756 d += (elem->data.uns64.low & 0xfffff000);
757 #if 0 /*is looks illegal, but what is the intention?*/
758 snprintf(first, sizeof(first), "%.f", d);
759 #else
760 snprintf(first, sizeof(first), "%f", d);
761 #endif
762 snprintf(last, sizeof(last), "%5.5d",
763 elem->data.uns64.low & 0xfff);
764 for (carry = 0, cpf = first+strlen(first)-1, cpl = last+4;
765 cpl >= last;
766 cpf--, cpl--) {
767 j = carry + (*cpf - '0') + (*cpl - '0');
768 if (j > 9) {
769 j -= 10;
770 carry = 1;
771 } else {
772 carry = 0;
773 }
774 *cpf = j + '0';
775 }
776 fputs(first, stdout);
777 break;
778 }
779
780 case BE_STR: {
781 register int printable = 1, first = 1;
782 const u_char *p = elem->data.str;
783 TCHECK2(*p, asnlen);
784 for (i = asnlen; printable && i-- > 0; p++)
785 printable = isprint(*p) || isspace(*p);
786 p = elem->data.str;
787 if (printable) {
788 putchar('"');
789 if (fn_printn(p, asnlen, snapend)) {
790 putchar('"');
791 goto trunc;
792 }
793 putchar('"');
794 } else
795 for (i = asnlen; i-- > 0; p++) {
796 printf(first ? "%.2x" : "_%.2x", *p);
797 first = 0;
798 }
799 break;
800 }
801
802 case BE_SEQ:
803 printf("Seq(%u)", elem->asnlen);
804 break;
805
806 case BE_INETADDR:
807 if (asnlen != ASNLEN_INETADDR)
808 printf("[inetaddr len!=%d]", ASNLEN_INETADDR);
809 TCHECK2(*p, asnlen);
810 for (i = asnlen; i-- != 0; p++) {
811 printf((i == asnlen-1) ? "%u" : ".%u", *p);
812 }
813 break;
814
815 case BE_NOSUCHOBJECT:
816 case BE_NOSUCHINST:
817 case BE_ENDOFMIBVIEW:
818 printf("[%s]", Class[EXCEPTIONS].Id[elem->id]);
819 break;
820
821 case BE_PDU:
822 printf("%s(%u)",
823 Class[CONTEXT].Id[elem->id], elem->asnlen);
824 break;
825
826 case BE_ANY:
827 fputs("[BE_ANY!?]", stdout);
828 break;
829
830 default:
831 fputs("[be!?]", stdout);
832 break;
833 }
834 return 0;
835
836 trunc:
837 fputs("[|snmp]", stdout);
838 return -1;
839 }
840
841 #ifdef notdef
842 /*
843 * This is a brute force ASN.1 printer: recurses to dump an entire structure.
844 * This will work for any ASN.1 stream, not just an SNMP PDU.
845 *
846 * By adding newlines and spaces at the correct places, this would print in
847 * Rose-Normal-Form.
848 *
849 * This is not currently used.
850 */
851 static void
asn1_decode(u_char * p,u_int length)852 asn1_decode(u_char *p, u_int length)
853 {
854 struct be elem;
855 int i = 0;
856
857 while (i >= 0 && length > 0) {
858 i = asn1_parse(p, length, &elem);
859 if (i >= 0) {
860 fputs(" ", stdout);
861 if (asn1_print(&elem) < 0)
862 return;
863 if (elem.type == BE_SEQ || elem.type == BE_PDU) {
864 fputs(" {", stdout);
865 asn1_decode(elem.data.raw, elem.asnlen);
866 fputs(" }", stdout);
867 }
868 length -= i;
869 p += i;
870 }
871 }
872 }
873 #endif
874
875 #ifdef LIBSMI
876
877 struct smi2be {
878 SmiBasetype basetype;
879 int be;
880 };
881
882 static struct smi2be smi2betab[] = {
883 { SMI_BASETYPE_INTEGER32, BE_INT },
884 { SMI_BASETYPE_OCTETSTRING, BE_STR },
885 { SMI_BASETYPE_OCTETSTRING, BE_INETADDR },
886 { SMI_BASETYPE_OBJECTIDENTIFIER, BE_OID },
887 { SMI_BASETYPE_UNSIGNED32, BE_UNS },
888 { SMI_BASETYPE_INTEGER64, BE_NONE },
889 { SMI_BASETYPE_UNSIGNED64, BE_UNS64 },
890 { SMI_BASETYPE_FLOAT32, BE_NONE },
891 { SMI_BASETYPE_FLOAT64, BE_NONE },
892 { SMI_BASETYPE_FLOAT128, BE_NONE },
893 { SMI_BASETYPE_ENUM, BE_INT },
894 { SMI_BASETYPE_BITS, BE_STR },
895 { SMI_BASETYPE_UNKNOWN, BE_NONE }
896 };
897
898 static int
smi_decode_oid(struct be * elem,unsigned int * oid,unsigned int oidsize,unsigned int * oidlen)899 smi_decode_oid(struct be *elem, unsigned int *oid,
900 unsigned int oidsize, unsigned int *oidlen)
901 {
902 u_char *p = (u_char *)elem->data.raw;
903 u_int32_t asnlen = elem->asnlen;
904 int o = 0, first = -1, i = asnlen;
905
906 for (*oidlen = 0; sflag && i-- > 0; p++) {
907 TCHECK(*p);
908 o = (o << ASN_SHIFT7) + (*p & ~ASN_BIT8);
909 if (*p & ASN_LONGLEN)
910 continue;
911
912 /*
913 * first subitem encodes two items with 1st*OIDMUX+2nd
914 * (see X.690:1997 clause 8.19 for the details)
915 */
916 if (first < 0) {
917 first = 0;
918 if (*oidlen < oidsize) {
919 oid[*oidlen] = o / OIDMUX;
920 if (oid[*oidlen] > 2) oid[*oidlen] = 2;
921 }
922 o -= oid[*oidlen] * OIDMUX;
923 if (*oidlen < oidsize) (*oidlen)++;
924 }
925 if (*oidlen < oidsize) {
926 oid[(*oidlen)++] = o;
927 }
928 o = 0;
929 }
930 return 0;
931
932 trunc:
933 fputs("[|snmp]", stdout);
934 return -1;
935 }
936
smi_check_type(SmiBasetype basetype,int be)937 static int smi_check_type(SmiBasetype basetype, int be)
938 {
939 int i;
940
941 for (i = 0; smi2betab[i].basetype != SMI_BASETYPE_UNKNOWN; i++) {
942 if (smi2betab[i].basetype == basetype && smi2betab[i].be == be) {
943 return 1;
944 }
945 }
946
947 return 0;
948 }
949
smi_check_a_range(SmiType * smiType,SmiRange * smiRange,struct be * elem)950 static int smi_check_a_range(SmiType *smiType, SmiRange *smiRange,
951 struct be *elem)
952 {
953 int ok = 1;
954
955 switch (smiType->basetype) {
956 case SMI_BASETYPE_OBJECTIDENTIFIER:
957 case SMI_BASETYPE_OCTETSTRING:
958 if (smiRange->minValue.value.unsigned32
959 == smiRange->maxValue.value.unsigned32) {
960 ok = (elem->asnlen == smiRange->minValue.value.unsigned32);
961 } else {
962 ok = (elem->asnlen >= smiRange->minValue.value.unsigned32
963 && elem->asnlen <= smiRange->maxValue.value.unsigned32);
964 }
965 break;
966
967 case SMI_BASETYPE_INTEGER32:
968 ok = (elem->data.integer >= smiRange->minValue.value.integer32
969 && elem->data.integer <= smiRange->maxValue.value.integer32);
970 break;
971
972 case SMI_BASETYPE_UNSIGNED32:
973 ok = (elem->data.uns >= smiRange->minValue.value.unsigned32
974 && elem->data.uns <= smiRange->maxValue.value.unsigned32);
975 break;
976
977 case SMI_BASETYPE_UNSIGNED64:
978 /* XXX */
979 break;
980
981 /* case SMI_BASETYPE_INTEGER64: SMIng */
982 /* case SMI_BASETYPE_FLOAT32: SMIng */
983 /* case SMI_BASETYPE_FLOAT64: SMIng */
984 /* case SMI_BASETYPE_FLOAT128: SMIng */
985
986 case SMI_BASETYPE_ENUM:
987 case SMI_BASETYPE_BITS:
988 case SMI_BASETYPE_UNKNOWN:
989 ok = 1;
990 break;
991
992 default:
993 ok = 0;
994 break;
995 }
996
997 return ok;
998 }
999
smi_check_range(SmiType * smiType,struct be * elem)1000 static int smi_check_range(SmiType *smiType, struct be *elem)
1001 {
1002 SmiRange *smiRange;
1003 int ok = 1;
1004
1005 for (smiRange = smiGetFirstRange(smiType);
1006 smiRange;
1007 smiRange = smiGetNextRange(smiRange)) {
1008
1009 ok = smi_check_a_range(smiType, smiRange, elem);
1010
1011 if (ok) {
1012 break;
1013 }
1014 }
1015
1016 if (ok) {
1017 SmiType *parentType;
1018 parentType = smiGetParentType(smiType);
1019 if (parentType) {
1020 ok = smi_check_range(parentType, elem);
1021 }
1022 }
1023
1024 return ok;
1025 }
1026
smi_print_variable(struct be * elem,int * status)1027 static SmiNode *smi_print_variable(struct be *elem, int *status)
1028 {
1029 unsigned int oid[128], oidlen;
1030 SmiNode *smiNode = NULL;
1031 unsigned int i;
1032
1033 *status = smi_decode_oid(elem, oid, sizeof(oid)/sizeof(unsigned int),
1034 &oidlen);
1035 if (*status < 0)
1036 return NULL;
1037 smiNode = smiGetNodeByOID(oidlen, oid);
1038 if (! smiNode) {
1039 *status = asn1_print(elem);
1040 return NULL;
1041 }
1042 if (vflag) {
1043 fputs(smiGetNodeModule(smiNode)->name, stdout);
1044 fputs("::", stdout);
1045 }
1046 fputs(smiNode->name, stdout);
1047 if (smiNode->oidlen < oidlen) {
1048 for (i = smiNode->oidlen; i < oidlen; i++) {
1049 printf(".%u", oid[i]);
1050 }
1051 }
1052 *status = 0;
1053 return smiNode;
1054 }
1055
1056 static int
smi_print_value(SmiNode * smiNode,u_char pduid,struct be * elem)1057 smi_print_value(SmiNode *smiNode, u_char pduid, struct be *elem)
1058 {
1059 unsigned int i, oid[128], oidlen;
1060 SmiType *smiType;
1061 SmiNamedNumber *nn;
1062 int done = 0;
1063
1064 if (! smiNode || ! (smiNode->nodekind
1065 & (SMI_NODEKIND_SCALAR | SMI_NODEKIND_COLUMN))) {
1066 return asn1_print(elem);
1067 }
1068
1069 if (elem->type == BE_NOSUCHOBJECT
1070 || elem->type == BE_NOSUCHINST
1071 || elem->type == BE_ENDOFMIBVIEW) {
1072 return asn1_print(elem);
1073 }
1074
1075 if (NOTIFY_CLASS(pduid) && smiNode->access < SMI_ACCESS_NOTIFY) {
1076 fputs("[notNotifyable]", stdout);
1077 }
1078
1079 if (READ_CLASS(pduid) && smiNode->access < SMI_ACCESS_READ_ONLY) {
1080 fputs("[notReadable]", stdout);
1081 }
1082
1083 if (WRITE_CLASS(pduid) && smiNode->access < SMI_ACCESS_READ_WRITE) {
1084 fputs("[notWritable]", stdout);
1085 }
1086
1087 if (RESPONSE_CLASS(pduid)
1088 && smiNode->access == SMI_ACCESS_NOT_ACCESSIBLE) {
1089 fputs("[noAccess]", stdout);
1090 }
1091
1092 smiType = smiGetNodeType(smiNode);
1093 if (! smiType) {
1094 return asn1_print(elem);
1095 }
1096
1097 if (! smi_check_type(smiType->basetype, elem->type)) {
1098 fputs("[wrongType]", stdout);
1099 }
1100
1101 if (! smi_check_range(smiType, elem)) {
1102 fputs("[outOfRange]", stdout);
1103 }
1104
1105 /* resolve bits to named bits */
1106
1107 /* check whether instance identifier is valid */
1108
1109 /* apply display hints (integer, octetstring) */
1110
1111 /* convert instance identifier to index type values */
1112
1113 switch (elem->type) {
1114 case BE_OID:
1115 if (smiType->basetype == SMI_BASETYPE_BITS) {
1116 /* print bit labels */
1117 } else {
1118 smi_decode_oid(elem, oid,
1119 sizeof(oid)/sizeof(unsigned int),
1120 &oidlen);
1121 smiNode = smiGetNodeByOID(oidlen, oid);
1122 if (smiNode) {
1123 if (vflag) {
1124 fputs(smiGetNodeModule(smiNode)->name, stdout);
1125 fputs("::", stdout);
1126 }
1127 fputs(smiNode->name, stdout);
1128 if (smiNode->oidlen < oidlen) {
1129 for (i = smiNode->oidlen;
1130 i < oidlen; i++) {
1131 printf(".%u", oid[i]);
1132 }
1133 }
1134 done++;
1135 }
1136 }
1137 break;
1138
1139 case BE_INT:
1140 if (smiType->basetype == SMI_BASETYPE_ENUM) {
1141 for (nn = smiGetFirstNamedNumber(smiType);
1142 nn;
1143 nn = smiGetNextNamedNumber(nn)) {
1144 if (nn->value.value.integer32
1145 == elem->data.integer) {
1146 fputs(nn->name, stdout);
1147 printf("(%d)", elem->data.integer);
1148 done++;
1149 break;
1150 }
1151 }
1152 }
1153 break;
1154 }
1155
1156 if (! done) {
1157 return asn1_print(elem);
1158 }
1159 return 0;
1160 }
1161 #endif
1162
1163 /*
1164 * General SNMP header
1165 * SEQUENCE {
1166 * version INTEGER {version-1(0)},
1167 * community OCTET STRING,
1168 * data ANY -- PDUs
1169 * }
1170 * PDUs for all but Trap: (see rfc1157 from page 15 on)
1171 * SEQUENCE {
1172 * request-id INTEGER,
1173 * error-status INTEGER,
1174 * error-index INTEGER,
1175 * varbindlist SEQUENCE OF
1176 * SEQUENCE {
1177 * name ObjectName,
1178 * value ObjectValue
1179 * }
1180 * }
1181 * PDU for Trap:
1182 * SEQUENCE {
1183 * enterprise OBJECT IDENTIFIER,
1184 * agent-addr NetworkAddress,
1185 * generic-trap INTEGER,
1186 * specific-trap INTEGER,
1187 * time-stamp TimeTicks,
1188 * varbindlist SEQUENCE OF
1189 * SEQUENCE {
1190 * name ObjectName,
1191 * value ObjectValue
1192 * }
1193 * }
1194 */
1195
1196 /*
1197 * Decode SNMP varBind
1198 */
1199 static void
varbind_print(u_char pduid,const u_char * np,u_int length)1200 varbind_print(u_char pduid, const u_char *np, u_int length)
1201 {
1202 struct be elem;
1203 int count = 0, ind;
1204 #ifdef LIBSMI
1205 SmiNode *smiNode = NULL;
1206 #endif
1207 int status;
1208
1209 /* Sequence of varBind */
1210 if ((count = asn1_parse(np, length, &elem)) < 0)
1211 return;
1212 if (elem.type != BE_SEQ) {
1213 fputs("[!SEQ of varbind]", stdout);
1214 asn1_print(&elem);
1215 return;
1216 }
1217 if ((u_int)count < length)
1218 printf("[%d extra after SEQ of varbind]", length - count);
1219 /* descend */
1220 length = elem.asnlen;
1221 np = (u_char *)elem.data.raw;
1222
1223 for (ind = 1; length > 0; ind++) {
1224 const u_char *vbend;
1225 u_int vblength;
1226
1227 fputs(" ", stdout);
1228
1229 /* Sequence */
1230 if ((count = asn1_parse(np, length, &elem)) < 0)
1231 return;
1232 if (elem.type != BE_SEQ) {
1233 fputs("[!varbind]", stdout);
1234 asn1_print(&elem);
1235 return;
1236 }
1237 vbend = np + count;
1238 vblength = length - count;
1239 /* descend */
1240 length = elem.asnlen;
1241 np = (u_char *)elem.data.raw;
1242
1243 /* objName (OID) */
1244 if ((count = asn1_parse(np, length, &elem)) < 0)
1245 return;
1246 if (elem.type != BE_OID) {
1247 fputs("[objName!=OID]", stdout);
1248 asn1_print(&elem);
1249 return;
1250 }
1251 #ifdef LIBSMI
1252 smiNode = smi_print_variable(&elem, &status);
1253 #else
1254 status = asn1_print(&elem);
1255 #endif
1256 if (status < 0)
1257 return;
1258 length -= count;
1259 np += count;
1260
1261 if (pduid != GETREQ && pduid != GETNEXTREQ
1262 && pduid != GETBULKREQ)
1263 fputs("=", stdout);
1264
1265 /* objVal (ANY) */
1266 if ((count = asn1_parse(np, length, &elem)) < 0)
1267 return;
1268 if (pduid == GETREQ || pduid == GETNEXTREQ
1269 || pduid == GETBULKREQ) {
1270 if (elem.type != BE_NULL) {
1271 fputs("[objVal!=NULL]", stdout);
1272 if (asn1_print(&elem) < 0)
1273 return;
1274 }
1275 } else {
1276 if (elem.type != BE_NULL) {
1277 #ifdef LIBSMI
1278 status = smi_print_value(smiNode, pduid, &elem);
1279 #else
1280 status = asn1_print(&elem);
1281 #endif
1282 }
1283 if (status < 0)
1284 return;
1285 }
1286 length = vblength;
1287 np = vbend;
1288 }
1289 }
1290
1291 /*
1292 * Decode SNMP PDUs: GetRequest, GetNextRequest, GetResponse, SetRequest,
1293 * GetBulk, Inform, V2Trap, and Report
1294 */
1295 static void
snmppdu_print(u_short pduid,const u_char * np,u_int length)1296 snmppdu_print(u_short pduid, const u_char *np, u_int length)
1297 {
1298 struct be elem;
1299 int count = 0, error;
1300
1301 /* reqId (Integer) */
1302 if ((count = asn1_parse(np, length, &elem)) < 0)
1303 return;
1304 if (elem.type != BE_INT) {
1305 fputs("[reqId!=INT]", stdout);
1306 asn1_print(&elem);
1307 return;
1308 }
1309 if (vflag)
1310 printf("R=%d ", elem.data.integer);
1311 length -= count;
1312 np += count;
1313
1314 /* errorStatus (Integer) */
1315 if ((count = asn1_parse(np, length, &elem)) < 0)
1316 return;
1317 if (elem.type != BE_INT) {
1318 fputs("[errorStatus!=INT]", stdout);
1319 asn1_print(&elem);
1320 return;
1321 }
1322 error = 0;
1323 if ((pduid == GETREQ || pduid == GETNEXTREQ || pduid == SETREQ
1324 || pduid == INFORMREQ || pduid == V2TRAP || pduid == REPORT)
1325 && elem.data.integer != 0) {
1326 char errbuf[20];
1327 printf("[errorStatus(%s)!=0]",
1328 DECODE_ErrorStatus(elem.data.integer));
1329 } else if (pduid == GETBULKREQ) {
1330 printf(" N=%d", elem.data.integer);
1331 } else if (elem.data.integer != 0) {
1332 char errbuf[20];
1333 printf(" %s", DECODE_ErrorStatus(elem.data.integer));
1334 error = elem.data.integer;
1335 }
1336 length -= count;
1337 np += count;
1338
1339 /* errorIndex (Integer) */
1340 if ((count = asn1_parse(np, length, &elem)) < 0)
1341 return;
1342 if (elem.type != BE_INT) {
1343 fputs("[errorIndex!=INT]", stdout);
1344 asn1_print(&elem);
1345 return;
1346 }
1347 if ((pduid == GETREQ || pduid == GETNEXTREQ || pduid == SETREQ
1348 || pduid == INFORMREQ || pduid == V2TRAP || pduid == REPORT)
1349 && elem.data.integer != 0)
1350 printf("[errorIndex(%d)!=0]", elem.data.integer);
1351 else if (pduid == GETBULKREQ)
1352 printf(" M=%d", elem.data.integer);
1353 else if (elem.data.integer != 0) {
1354 if (!error)
1355 printf("[errorIndex(%d) w/o errorStatus]",
1356 elem.data.integer);
1357 else {
1358 printf("@%d", elem.data.integer);
1359 error = elem.data.integer;
1360 }
1361 } else if (error) {
1362 fputs("[errorIndex==0]", stdout);
1363 error = 0;
1364 }
1365 length -= count;
1366 np += count;
1367
1368 varbind_print(pduid, np, length);
1369 return;
1370 }
1371
1372 /*
1373 * Decode SNMP Trap PDU
1374 */
1375 static void
trappdu_print(const u_char * np,u_int length)1376 trappdu_print(const u_char *np, u_int length)
1377 {
1378 struct be elem;
1379 int count = 0, generic;
1380
1381 putchar(' ');
1382
1383 /* enterprise (oid) */
1384 if ((count = asn1_parse(np, length, &elem)) < 0)
1385 return;
1386 if (elem.type != BE_OID) {
1387 fputs("[enterprise!=OID]", stdout);
1388 asn1_print(&elem);
1389 return;
1390 }
1391 if (asn1_print(&elem) < 0)
1392 return;
1393 length -= count;
1394 np += count;
1395
1396 putchar(' ');
1397
1398 /* agent-addr (inetaddr) */
1399 if ((count = asn1_parse(np, length, &elem)) < 0)
1400 return;
1401 if (elem.type != BE_INETADDR) {
1402 fputs("[agent-addr!=INETADDR]", stdout);
1403 asn1_print(&elem);
1404 return;
1405 }
1406 if (asn1_print(&elem) < 0)
1407 return;
1408 length -= count;
1409 np += count;
1410
1411 /* generic-trap (Integer) */
1412 if ((count = asn1_parse(np, length, &elem)) < 0)
1413 return;
1414 if (elem.type != BE_INT) {
1415 fputs("[generic-trap!=INT]", stdout);
1416 asn1_print(&elem);
1417 return;
1418 }
1419 generic = elem.data.integer;
1420 {
1421 char buf[20];
1422 printf(" %s", DECODE_GenericTrap(generic));
1423 }
1424 length -= count;
1425 np += count;
1426
1427 /* specific-trap (Integer) */
1428 if ((count = asn1_parse(np, length, &elem)) < 0)
1429 return;
1430 if (elem.type != BE_INT) {
1431 fputs("[specific-trap!=INT]", stdout);
1432 asn1_print(&elem);
1433 return;
1434 }
1435 if (generic != GT_ENTERPRISE) {
1436 if (elem.data.integer != 0)
1437 printf("[specific-trap(%d)!=0]", elem.data.integer);
1438 } else
1439 printf(" s=%d", elem.data.integer);
1440 length -= count;
1441 np += count;
1442
1443 putchar(' ');
1444
1445 /* time-stamp (TimeTicks) */
1446 if ((count = asn1_parse(np, length, &elem)) < 0)
1447 return;
1448 if (elem.type != BE_UNS) { /* XXX */
1449 fputs("[time-stamp!=TIMETICKS]", stdout);
1450 asn1_print(&elem);
1451 return;
1452 }
1453 if (asn1_print(&elem) < 0)
1454 return;
1455 length -= count;
1456 np += count;
1457
1458 varbind_print (TRAP, np, length);
1459 return;
1460 }
1461
1462 /*
1463 * Decode arbitrary SNMP PDUs.
1464 */
1465 static void
pdu_print(const u_char * np,u_int length,int version)1466 pdu_print(const u_char *np, u_int length, int version)
1467 {
1468 struct be pdu;
1469 int count = 0;
1470
1471 /* PDU (Context) */
1472 if ((count = asn1_parse(np, length, &pdu)) < 0)
1473 return;
1474 if (pdu.type != BE_PDU) {
1475 fputs("[no PDU]", stdout);
1476 return;
1477 }
1478 if ((u_int)count < length)
1479 printf("[%d extra after PDU]", length - count);
1480 if (vflag) {
1481 fputs("{ ", stdout);
1482 }
1483 if (asn1_print(&pdu) < 0)
1484 return;
1485 fputs(" ", stdout);
1486 /* descend into PDU */
1487 length = pdu.asnlen;
1488 np = (u_char *)pdu.data.raw;
1489
1490 if (version == SNMP_VERSION_1 &&
1491 (pdu.id == GETBULKREQ || pdu.id == INFORMREQ ||
1492 pdu.id == V2TRAP || pdu.id == REPORT)) {
1493 printf("[v2 PDU in v1 message]");
1494 return;
1495 }
1496
1497 if (version == SNMP_VERSION_2 && pdu.id == TRAP) {
1498 printf("[v1 PDU in v2 message]");
1499 return;
1500 }
1501
1502 switch (pdu.id) {
1503 case TRAP:
1504 trappdu_print(np, length);
1505 break;
1506 case GETREQ:
1507 case GETNEXTREQ:
1508 case GETRESP:
1509 case SETREQ:
1510 case GETBULKREQ:
1511 case INFORMREQ:
1512 case V2TRAP:
1513 case REPORT:
1514 snmppdu_print(pdu.id, np, length);
1515 break;
1516 }
1517
1518 if (vflag) {
1519 fputs(" } ", stdout);
1520 }
1521 }
1522
1523 /*
1524 * Decode a scoped SNMP PDU.
1525 */
1526 static void
scopedpdu_print(const u_char * np,u_int length,int version)1527 scopedpdu_print(const u_char *np, u_int length, int version)
1528 {
1529 struct be elem;
1530 int i, count = 0;
1531
1532 /* Sequence */
1533 if ((count = asn1_parse(np, length, &elem)) < 0)
1534 return;
1535 if (elem.type != BE_SEQ) {
1536 fputs("[!scoped PDU]", stdout);
1537 asn1_print(&elem);
1538 return;
1539 }
1540 length = elem.asnlen;
1541 np = (u_char *)elem.data.raw;
1542
1543 /* contextEngineID (OCTET STRING) */
1544 if ((count = asn1_parse(np, length, &elem)) < 0)
1545 return;
1546 if (elem.type != BE_STR) {
1547 fputs("[contextEngineID!=STR]", stdout);
1548 asn1_print(&elem);
1549 return;
1550 }
1551 length -= count;
1552 np += count;
1553
1554 fputs("E= ", stdout);
1555 for (i = 0; i < (int)elem.asnlen; i++) {
1556 printf("0x%02X", elem.data.str[i]);
1557 }
1558 fputs(" ", stdout);
1559
1560 /* contextName (OCTET STRING) */
1561 if ((count = asn1_parse(np, length, &elem)) < 0)
1562 return;
1563 if (elem.type != BE_STR) {
1564 fputs("[contextName!=STR]", stdout);
1565 asn1_print(&elem);
1566 return;
1567 }
1568 length -= count;
1569 np += count;
1570
1571 printf("C=%.*s ", (int)elem.asnlen, elem.data.str);
1572
1573 pdu_print(np, length, version);
1574 }
1575
1576 /*
1577 * Decode SNMP Community Header (SNMPv1 and SNMPv2c)
1578 */
1579 static void
community_print(const u_char * np,u_int length,int version)1580 community_print(const u_char *np, u_int length, int version)
1581 {
1582 struct be elem;
1583 int count = 0;
1584
1585 /* Community (String) */
1586 if ((count = asn1_parse(np, length, &elem)) < 0)
1587 return;
1588 if (elem.type != BE_STR) {
1589 fputs("[comm!=STR]", stdout);
1590 asn1_print(&elem);
1591 return;
1592 }
1593 /* default community */
1594 if (!(elem.asnlen == sizeof(DEF_COMMUNITY) - 1 &&
1595 strncmp((char *)elem.data.str, DEF_COMMUNITY,
1596 sizeof(DEF_COMMUNITY) - 1) == 0))
1597 /* ! "public" */
1598 printf("C=%.*s ", (int)elem.asnlen, elem.data.str);
1599 length -= count;
1600 np += count;
1601
1602 pdu_print(np, length, version);
1603 }
1604
1605 /*
1606 * Decode SNMPv3 User-based Security Message Header (SNMPv3)
1607 */
1608 static void
usm_print(const u_char * np,u_int length)1609 usm_print(const u_char *np, u_int length)
1610 {
1611 struct be elem;
1612 int count = 0;
1613
1614 /* Sequence */
1615 if ((count = asn1_parse(np, length, &elem)) < 0)
1616 return;
1617 if (elem.type != BE_SEQ) {
1618 fputs("[!usm]", stdout);
1619 asn1_print(&elem);
1620 return;
1621 }
1622 length = elem.asnlen;
1623 np = (u_char *)elem.data.raw;
1624
1625 /* msgAuthoritativeEngineID (OCTET STRING) */
1626 if ((count = asn1_parse(np, length, &elem)) < 0)
1627 return;
1628 if (elem.type != BE_STR) {
1629 fputs("[msgAuthoritativeEngineID!=STR]", stdout);
1630 asn1_print(&elem);
1631 return;
1632 }
1633 length -= count;
1634 np += count;
1635
1636 /* msgAuthoritativeEngineBoots (INTEGER) */
1637 if ((count = asn1_parse(np, length, &elem)) < 0)
1638 return;
1639 if (elem.type != BE_INT) {
1640 fputs("[msgAuthoritativeEngineBoots!=INT]", stdout);
1641 asn1_print(&elem);
1642 return;
1643 }
1644 if (vflag)
1645 printf("B=%d ", elem.data.integer);
1646 length -= count;
1647 np += count;
1648
1649 /* msgAuthoritativeEngineTime (INTEGER) */
1650 if ((count = asn1_parse(np, length, &elem)) < 0)
1651 return;
1652 if (elem.type != BE_INT) {
1653 fputs("[msgAuthoritativeEngineTime!=INT]", stdout);
1654 asn1_print(&elem);
1655 return;
1656 }
1657 if (vflag)
1658 printf("T=%d ", elem.data.integer);
1659 length -= count;
1660 np += count;
1661
1662 /* msgUserName (OCTET STRING) */
1663 if ((count = asn1_parse(np, length, &elem)) < 0)
1664 return;
1665 if (elem.type != BE_STR) {
1666 fputs("[msgUserName!=STR]", stdout);
1667 asn1_print(&elem);
1668 return;
1669 }
1670 length -= count;
1671 np += count;
1672
1673 printf("U=%.*s ", (int)elem.asnlen, elem.data.str);
1674
1675 /* msgAuthenticationParameters (OCTET STRING) */
1676 if ((count = asn1_parse(np, length, &elem)) < 0)
1677 return;
1678 if (elem.type != BE_STR) {
1679 fputs("[msgAuthenticationParameters!=STR]", stdout);
1680 asn1_print(&elem);
1681 return;
1682 }
1683 length -= count;
1684 np += count;
1685
1686 /* msgPrivacyParameters (OCTET STRING) */
1687 if ((count = asn1_parse(np, length, &elem)) < 0)
1688 return;
1689 if (elem.type != BE_STR) {
1690 fputs("[msgPrivacyParameters!=STR]", stdout);
1691 asn1_print(&elem);
1692 return;
1693 }
1694 length -= count;
1695 np += count;
1696
1697 if ((u_int)count < length)
1698 printf("[%d extra after usm SEQ]", length - count);
1699 }
1700
1701 /*
1702 * Decode SNMPv3 Message Header (SNMPv3)
1703 */
1704 static void
v3msg_print(const u_char * np,u_int length)1705 v3msg_print(const u_char *np, u_int length)
1706 {
1707 struct be elem;
1708 int count = 0;
1709 u_char flags;
1710 int model;
1711 const u_char *xnp = np;
1712 int xlength = length;
1713
1714 /* Sequence */
1715 if ((count = asn1_parse(np, length, &elem)) < 0)
1716 return;
1717 if (elem.type != BE_SEQ) {
1718 fputs("[!message]", stdout);
1719 asn1_print(&elem);
1720 return;
1721 }
1722 length = elem.asnlen;
1723 np = (u_char *)elem.data.raw;
1724
1725 if (vflag) {
1726 fputs("{ ", stdout);
1727 }
1728
1729 /* msgID (INTEGER) */
1730 if ((count = asn1_parse(np, length, &elem)) < 0)
1731 return;
1732 if (elem.type != BE_INT) {
1733 fputs("[msgID!=INT]", stdout);
1734 asn1_print(&elem);
1735 return;
1736 }
1737 length -= count;
1738 np += count;
1739
1740 /* msgMaxSize (INTEGER) */
1741 if ((count = asn1_parse(np, length, &elem)) < 0)
1742 return;
1743 if (elem.type != BE_INT) {
1744 fputs("[msgMaxSize!=INT]", stdout);
1745 asn1_print(&elem);
1746 return;
1747 }
1748 length -= count;
1749 np += count;
1750
1751 /* msgFlags (OCTET STRING) */
1752 if ((count = asn1_parse(np, length, &elem)) < 0)
1753 return;
1754 if (elem.type != BE_STR) {
1755 fputs("[msgFlags!=STR]", stdout);
1756 asn1_print(&elem);
1757 return;
1758 }
1759 if (elem.asnlen != 1) {
1760 printf("[msgFlags size %d]", elem.asnlen);
1761 return;
1762 }
1763 flags = elem.data.str[0];
1764 if (flags != 0x00 && flags != 0x01 && flags != 0x03
1765 && flags != 0x04 && flags != 0x05 && flags != 0x07) {
1766 printf("[msgFlags=0x%02X]", flags);
1767 return;
1768 }
1769 length -= count;
1770 np += count;
1771
1772 fputs("F=", stdout);
1773 if (flags & 0x01) fputs("a", stdout);
1774 if (flags & 0x02) fputs("p", stdout);
1775 if (flags & 0x04) fputs("r", stdout);
1776 fputs(" ", stdout);
1777
1778 /* msgSecurityModel (INTEGER) */
1779 if ((count = asn1_parse(np, length, &elem)) < 0)
1780 return;
1781 if (elem.type != BE_INT) {
1782 fputs("[msgSecurityModel!=INT]", stdout);
1783 asn1_print(&elem);
1784 return;
1785 }
1786 model = elem.data.integer;
1787 length -= count;
1788 np += count;
1789
1790 if ((u_int)count < length)
1791 printf("[%d extra after message SEQ]", length - count);
1792
1793 if (vflag) {
1794 fputs("} ", stdout);
1795 }
1796
1797 if (model == 3) {
1798 if (vflag) {
1799 fputs("{ USM ", stdout);
1800 }
1801 } else {
1802 printf("[security model %d]", model);
1803 return;
1804 }
1805
1806 np = xnp + (np - xnp);
1807 length = xlength - (np - xnp);
1808
1809 /* msgSecurityParameters (OCTET STRING) */
1810 if ((count = asn1_parse(np, length, &elem)) < 0)
1811 return;
1812 if (elem.type != BE_STR) {
1813 fputs("[msgSecurityParameters!=STR]", stdout);
1814 asn1_print(&elem);
1815 return;
1816 }
1817 length -= count;
1818 np += count;
1819
1820 if (model == 3) {
1821 usm_print(elem.data.str, elem.asnlen);
1822 if (vflag) {
1823 fputs("} ", stdout);
1824 }
1825 }
1826
1827 if (vflag) {
1828 fputs("{ ScopedPDU ", stdout);
1829 }
1830
1831 scopedpdu_print(np, length, 3);
1832
1833 if (vflag) {
1834 fputs("} ", stdout);
1835 }
1836 }
1837
1838 /*
1839 * Decode SNMP header and pass on to PDU printing routines
1840 */
1841 void
snmp_print(const u_char * np,u_int length)1842 snmp_print(const u_char *np, u_int length)
1843 {
1844 struct be elem;
1845 int count = 0;
1846 int version = 0;
1847
1848 putchar(' ');
1849
1850 /* initial Sequence */
1851 if ((count = asn1_parse(np, length, &elem)) < 0)
1852 return;
1853 if (elem.type != BE_SEQ) {
1854 fputs("[!init SEQ]", stdout);
1855 asn1_print(&elem);
1856 return;
1857 }
1858 if ((u_int)count < length)
1859 printf("[%d extra after iSEQ]", length - count);
1860 /* descend */
1861 length = elem.asnlen;
1862 np = (u_char *)elem.data.raw;
1863
1864 /* Version (INTEGER) */
1865 if ((count = asn1_parse(np, length, &elem)) < 0)
1866 return;
1867 if (elem.type != BE_INT) {
1868 fputs("[version!=INT]", stdout);
1869 asn1_print(&elem);
1870 return;
1871 }
1872
1873 switch (elem.data.integer) {
1874 case SNMP_VERSION_1:
1875 case SNMP_VERSION_2:
1876 case SNMP_VERSION_3:
1877 if (vflag)
1878 printf("{ %s ", SnmpVersion[elem.data.integer]);
1879 break;
1880 default:
1881 printf("[version = %d]", elem.data.integer);
1882 return;
1883 }
1884 version = elem.data.integer;
1885 length -= count;
1886 np += count;
1887
1888 switch (version) {
1889 case SNMP_VERSION_1:
1890 case SNMP_VERSION_2:
1891 community_print(np, length, version);
1892 break;
1893 case SNMP_VERSION_3:
1894 v3msg_print(np, length);
1895 break;
1896 default:
1897 printf("[version = %d]", elem.data.integer);
1898 break;
1899 }
1900
1901 if (vflag) {
1902 fputs("} ", stdout);
1903 }
1904 }
1905