# snmp.cnf # snmp conformation file #.PDU SMUX-PDUs #.NO_EMIT NotificationName VarBind #.TYPE_RENAME Message/community Community Trap-PDU/_untag/generic-trap GenericTrap Trap-PDU/_untag/specific-trap SpecificTrap #.FIELD_RENAME Messagev2u/datav2u/plaintext v2u_plaintext BulkPDU/request-id bulkPDU_request-id #.FN_HDR SMUX-PDUs snmp_conv_info_t *snmp_info = snmp_find_conversation_and_get_conv_data(actx->pinfo); actx->private_data = snmp_info; #.FN_PARS Version VAL_PTR = &snmp_version #.FN_PARS PDUs VAL_PTR = &pdu_type #.FN_BODY PDUs int pdu_type=-1; snmp_request_response_t *srrp; snmp_conv_info_t *snmp_info = (snmp_conv_info_t *)actx->private_data; col_clear(actx->pinfo->cinfo, COL_INFO); %(DEFAULT_BODY)s if( (pdu_type!=-1) && snmp_PDUs_vals[pdu_type].strptr ){ col_prepend_fstr(actx->pinfo->cinfo, COL_INFO, "%%s", snmp_PDUs_vals[pdu_type].strptr); /* pdu_type is the index, not the tag so convert it to the tag value */ pdu_type = snmp_PDUs_vals[pdu_type].value; srrp=snmp_match_request_response(tvb, actx->pinfo, tree, RequestID, pdu_type, snmp_info); if (srrp) { tap_queue_packet(snmp_tap, actx->pinfo, srrp); } } #.END #.FN_BODY PDU/request-id VAL_PTR = &RequestID %(DEFAULT_BODY)s #.FN_BODY Integer32 VAL_PTR = &RequestID %(DEFAULT_BODY)s #.FN_BODY Trap-PDU/_untag generic_trap = 0; enterprise_oid = NULL; %(DEFAULT_BODY)s if (snmp_version != 0) { expert_add_info(actx->pinfo, tree, &ei_snmp_trap_pdu_obsolete); } #.FN_PARS Trap-PDU/_untag/generic-trap VAL_PTR = &generic_trap #.FN_BODY Trap-PDU/_untag/specific-trap VAL_PTR = &specific_trap unsigned specific_trap; %(DEFAULT_BODY)s if (generic_trap == 6) { /* enterprise specific */ const char *specific_str = snmp_lookup_specific_trap (specific_trap); if (specific_str) { proto_item_append_text(actx->created_item, " (%%s)", specific_str); } } #.END #.FN_PARS EnterpriseOID FN_VARIANT = _str VAL_PTR = &enterprise_oid #.FN_BODY EnterpriseOID const char* name; %(DEFAULT_BODY)s if (display_oid && enterprise_oid) { name = oid_resolved_from_string(actx->pinfo->pool, enterprise_oid); if (name) { col_append_fstr (actx->pinfo->cinfo, COL_INFO, " %%s", name); } } #.END #.FN_PARS HeaderData/msgSecurityModel VAL_PTR = &MsgSecurityModel #.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineBoots VAL_PTR = &usm_p.boots #.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineTime VAL_PTR = &usm_p.snmp_time #.FN_BODY UsmSecurityParameters/msgAuthoritativeEngineID offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &usm_p.engine_tvb); if (usm_p.engine_tvb) { proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid); dissect_snmp_engineid(engine_tree, actx->pinfo, usm_p.engine_tvb, 0, tvb_reported_length_remaining(usm_p.engine_tvb,0)); } #.FN_BODY SnmpEngineID tvbuff_t* param_tvb = NULL; offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, ¶m_tvb); if (param_tvb) { proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid); dissect_snmp_engineid(engine_tree, actx->pinfo, param_tvb, 0, tvb_reported_length_remaining(param_tvb,0)); } #.FN_PARS UsmSecurityParameters/msgUserName VAL_PTR = &usm_p.user_tvb #.FN_BODY UsmSecurityParameters/msgAuthenticationParameters offset = dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &usm_p.auth_tvb); if (usm_p.auth_tvb) { usm_p.auth_item = %(ACTX)s->created_item; usm_p.auth_offset = tvb_offset_from_real_beginning(usm_p.auth_tvb); } #.FN_PARS UsmSecurityParameters/msgPrivacyParameters VAL_PTR = &usm_p.priv_tvb #.FN_BODY ScopedPduData/encryptedPDU tvbuff_t* crypt_tvb; offset = dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_snmp_encryptedPDU, &crypt_tvb); if( usm_p.encrypted && crypt_tvb && usm_p.user_assoc && usm_p.user_assoc->user.privProtocol ) { const char* error = NULL; proto_tree* encryptedpdu_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_encryptedPDU); tvbuff_t* cleartext_tvb = usm_p.user_assoc->user.privProtocol(&usm_p, crypt_tvb, actx->pinfo, &error ); if (! cleartext_tvb) { proto_tree_add_expert_format(encryptedpdu_tree, actx->pinfo, &ei_snmp_failed_decrypted_data_pdu, crypt_tvb, 0, -1, "Failed to decrypt encryptedPDU: %%s", error); col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Failed to decrypt"); return offset; } else { proto_item* decrypted_item; proto_tree* decrypted_tree; if (! check_ScopedPdu(cleartext_tvb)) { proto_tree_add_expert(encryptedpdu_tree, actx->pinfo, &ei_snmp_decrypted_data_bad_formatted, cleartext_tvb, 0, -1); col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Decrypted data not formatted as expected"); return offset; } add_new_data_source(actx->pinfo, cleartext_tvb, "Decrypted ScopedPDU"); decrypted_item = proto_tree_add_item(encryptedpdu_tree, hf_snmp_decryptedPDU,cleartext_tvb,0,-1,ENC_NA); decrypted_tree = proto_item_add_subtree(decrypted_item,ett_decrypted); dissect_snmp_ScopedPDU(false, cleartext_tvb, 0, actx, decrypted_tree, -1); } } else { col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: privKey Unknown"); } #.FN_BODY SNMPv3Message/msgSecurityParameters switch(MsgSecurityModel){ case SNMP_SEC_USM: /* 3 */ offset = get_ber_identifier(tvb, offset, NULL, NULL, NULL); offset = get_ber_length(tvb, offset, NULL, NULL); offset = dissect_snmp_UsmSecurityParameters(false, tvb, offset, actx, tree, -1); usm_p.user_assoc = get_user_assoc(usm_p.engine_tvb, usm_p.user_tvb, actx->pinfo); break; case SNMP_SEC_ANY: /* 0 */ case SNMP_SEC_V1: /* 1 */ case SNMP_SEC_V2C: /* 2 */ default: %(DEFAULT_BODY)s break; } #.FN_FTR SNMPv3Message if( usm_p.authenticated && usm_p.user_assoc ) { const char* error = NULL; proto_item* authen_item; proto_tree* authen_tree = proto_item_add_subtree(usm_p.auth_item,ett_authParameters); uint8_t* calc_auth = NULL; unsigned calc_auth_len = 0; usm_p.authOK = snmp_usm_auth(actx->pinfo, usm_p.user_assoc->user.authModel, &usm_p, &calc_auth, &calc_auth_len, &error ); if (error) { expert_add_info_format( actx->pinfo, usm_p.auth_item, &ei_snmp_verify_authentication_error, "Error while verifying Message authenticity: %s", error ); } else { expert_field* expert; authen_item = proto_tree_add_boolean(authen_tree, hf_snmp_msgAuthentication, tvb, 0, 0, usm_p.authOK); proto_item_set_generated(authen_item); if (usm_p.authOK) { expert = &ei_snmp_authentication_ok; } else { const char* calc_auth_str = bytes_to_str_punct(actx->pinfo->pool, calc_auth,calc_auth_len,' '); proto_item_append_text(authen_item, " calculated = %s", calc_auth_str); expert = &ei_snmp_authentication_error; } expert_add_info( actx->pinfo, authen_item, expert); } } #.END #.FN_BODY HeaderData/msgFlags VAL_PTR = ¶meter_tvb tvbuff_t *parameter_tvb = NULL; %(DEFAULT_BODY)s if (parameter_tvb){ uint8_t v3_flags = tvb_get_uint8(parameter_tvb, 0); proto_tree* flags_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_msgFlags); proto_tree_add_item(flags_tree, hf_snmp_v3_flags_report, parameter_tvb, 0, 1, ENC_BIG_ENDIAN); proto_tree_add_item(flags_tree, hf_snmp_v3_flags_crypt, parameter_tvb, 0, 1, ENC_BIG_ENDIAN); proto_tree_add_item(flags_tree, hf_snmp_v3_flags_auth, parameter_tvb, 0, 1, ENC_BIG_ENDIAN); usm_p.encrypted = v3_flags & TH_CRYPT ? true : false; usm_p.authenticated = v3_flags & TH_AUTH ? true : false; } #.TYPE_ATTR NetworkAddress TYPE = FT_IPv4 DISPLAY = BASE_NONE STRINGS = NULL Message/community TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL HeaderData/msgSecurityModel TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(sec_models) UsmSecurityParameters/msgUserName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL ScopedPDU/contextName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL #.END