path: root/epan/dissectors/asn1/snmp/snmp.cnf

# snmp.cnf
# snmp conformation file


#.PDU
SMUX-PDUs

#.NO_EMIT
NotificationName
VarBind

#.TYPE_RENAME
Message/community               Community
Trap-PDU/_untag/generic-trap    GenericTrap
Trap-PDU/_untag/specific-trap   SpecificTrap

#.FIELD_RENAME
Messagev2u/datav2u/plaintext v2u_plaintext
BulkPDU/request-id bulkPDU_request-id

#.FN_HDR SMUX-PDUs

	snmp_conv_info_t *snmp_info = snmp_find_conversation_and_get_conv_data(actx->pinfo);

	actx->private_data = snmp_info;

#.FN_PARS Version    VAL_PTR = &snmp_version

#.FN_PARS PDUs

	VAL_PTR = &pdu_type

#.FN_BODY PDUs
	gint pdu_type=-1;

	snmp_request_response_t *srrp;
	snmp_conv_info_t *snmp_info = (snmp_conv_info_t *)actx->private_data;

	col_clear(actx->pinfo->cinfo, COL_INFO);

%(DEFAULT_BODY)s
	if( (pdu_type!=-1) && snmp_PDUs_vals[pdu_type].strptr ){
		col_prepend_fstr(actx->pinfo->cinfo, COL_INFO, "%%s", snmp_PDUs_vals[pdu_type].strptr);

		/* pdu_type is the index, not the tag so convert it to the tag value */
		pdu_type = snmp_PDUs_vals[pdu_type].value;

		srrp=snmp_match_request_response(tvb, actx->pinfo, tree, RequestID, pdu_type, snmp_info);
		if (srrp) {
			tap_queue_packet(snmp_tap, actx->pinfo, srrp);
		}
	}


#.END

#.FN_BODY PDU/request-id VAL_PTR = &RequestID

%(DEFAULT_BODY)s

#.FN_BODY Integer32 VAL_PTR = &RequestID

%(DEFAULT_BODY)s

#.FN_BODY Trap-PDU/_untag
	generic_trap = 0;
	enterprise_oid = NULL;

%(DEFAULT_BODY)s

  if (snmp_version != 0) {
    expert_add_info(actx->pinfo, tree, &ei_snmp_trap_pdu_obsolete);
  }

#.FN_PARS Trap-PDU/_untag/generic-trap    VAL_PTR = &generic_trap

#.FN_BODY Trap-PDU/_untag/specific-trap   VAL_PTR = &specific_trap
  guint specific_trap;

%(DEFAULT_BODY)s

	if (generic_trap == 6) { /* enterprise specific */
		const gchar *specific_str = snmp_lookup_specific_trap (specific_trap);
		if (specific_str) {
		proto_item_append_text(actx->created_item, " (%%s)", specific_str);
		}
	}
#.END


#.FN_PARS EnterpriseOID  FN_VARIANT = _str  VAL_PTR = &enterprise_oid

#.FN_BODY EnterpriseOID
	const gchar* name;

%(DEFAULT_BODY)s

	if (display_oid && enterprise_oid) {
		name = oid_resolved_from_string(actx->pinfo->pool, enterprise_oid);
		if (name) {
		col_append_fstr (actx->pinfo->cinfo, COL_INFO, " %%s", name);
		}
	}

#.END

#.FN_PARS HeaderData/msgSecurityModel

	VAL_PTR = &MsgSecurityModel

#.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineBoots

	VAL_PTR = &usm_p.boots

#.FN_PARS UsmSecurityParameters/msgAuthoritativeEngineTime

	VAL_PTR = &usm_p.snmp_time

#.FN_BODY UsmSecurityParameters/msgAuthoritativeEngineID

	offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &usm_p.engine_tvb);
	 if (usm_p.engine_tvb) {
		proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid);
		dissect_snmp_engineid(engine_tree, actx->pinfo, usm_p.engine_tvb, 0, tvb_reported_length_remaining(usm_p.engine_tvb,0));
	}

#.FN_BODY SnmpEngineID
	tvbuff_t* param_tvb = NULL;

	offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &param_tvb);
	 if (param_tvb) {
		proto_tree* engine_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_engineid);
		dissect_snmp_engineid(engine_tree, actx->pinfo, param_tvb, 0, tvb_reported_length_remaining(param_tvb,0));
	}

#.FN_PARS UsmSecurityParameters/msgUserName
	VAL_PTR = &usm_p.user_tvb

#.FN_BODY UsmSecurityParameters/msgAuthenticationParameters
	offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &usm_p.auth_tvb);
	if (usm_p.auth_tvb) {
		usm_p.auth_item = %(ACTX)s->created_item;
		usm_p.auth_offset = tvb_offset_from_real_beginning(usm_p.auth_tvb);
	}
#.FN_PARS UsmSecurityParameters/msgPrivacyParameters
	VAL_PTR = &usm_p.priv_tvb

#.FN_BODY ScopedPduData/encryptedPDU
	tvbuff_t* crypt_tvb;
	offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_snmp_encryptedPDU, &crypt_tvb);

	if( usm_p.encrypted && crypt_tvb
		&& usm_p.user_assoc
		&& usm_p.user_assoc->user.privProtocol ) {

		const gchar* error = NULL;
		proto_tree* encryptedpdu_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_encryptedPDU);
		tvbuff_t* cleartext_tvb = usm_p.user_assoc->user.privProtocol(&usm_p, crypt_tvb, actx->pinfo, &error );

		if (! cleartext_tvb) {
			proto_tree_add_expert_format(encryptedpdu_tree, actx->pinfo, &ei_snmp_failed_decrypted_data_pdu,
				crypt_tvb, 0, -1, "Failed to decrypt encryptedPDU: %%s", error);

			col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Failed to decrypt");

			return offset;
		} else {
			proto_item* decrypted_item;
			proto_tree* decrypted_tree;

			if (! check_ScopedPdu(cleartext_tvb)) {
				proto_tree_add_expert(encryptedpdu_tree, actx->pinfo, &ei_snmp_decrypted_data_bad_formatted, cleartext_tvb, 0, -1);

				col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Decrypted data not formatted as expected");

				return offset;
			}


			add_new_data_source(actx->pinfo, cleartext_tvb, "Decrypted ScopedPDU");

			decrypted_item = proto_tree_add_item(encryptedpdu_tree, hf_snmp_decryptedPDU,cleartext_tvb,0,-1,ENC_NA);
			decrypted_tree = proto_item_add_subtree(decrypted_item,ett_decrypted);
			dissect_snmp_ScopedPDU(FALSE, cleartext_tvb, 0, actx, decrypted_tree, -1);
			}
	} else {
			col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: privKey Unknown");
	}

#.FN_BODY SNMPv3Message/msgSecurityParameters

	switch(MsgSecurityModel){
		case SNMP_SEC_USM:	/* 3 */
			offset = get_ber_identifier(tvb, offset, NULL, NULL, NULL);
			offset = get_ber_length(tvb, offset, NULL, NULL);
			offset = dissect_snmp_UsmSecurityParameters(FALSE, tvb, offset, actx, tree, -1);
			usm_p.user_assoc = get_user_assoc(usm_p.engine_tvb, usm_p.user_tvb, actx->pinfo);
			break;
		case SNMP_SEC_ANY:	/* 0 */
		case SNMP_SEC_V1:	/* 1 */
		case SNMP_SEC_V2C:	/* 2 */
		default:
			%(DEFAULT_BODY)s
			break;
	}

#.FN_FTR SNMPv3Message

	if( usm_p.authenticated
		&& usm_p.user_assoc ) {
		const gchar* error = NULL;
		proto_item* authen_item;
		proto_tree* authen_tree = proto_item_add_subtree(usm_p.auth_item,ett_authParameters);
		guint8* calc_auth = NULL;
		guint calc_auth_len = 0;

		usm_p.authOK = snmp_usm_auth(actx->pinfo, usm_p.user_assoc->user.authModel, &usm_p, &calc_auth, &calc_auth_len, &error );

		if (error) {
			expert_add_info_format( actx->pinfo, usm_p.auth_item, &ei_snmp_verify_authentication_error, "Error while verifying Message authenticity: %s", error );
		} else {
			expert_field* expert;

			authen_item = proto_tree_add_boolean(authen_tree, hf_snmp_msgAuthentication, tvb, 0, 0, usm_p.authOK);
			proto_item_set_generated(authen_item);

			if (usm_p.authOK) {
				expert = &ei_snmp_authentication_ok;
			} else {
				const gchar* calc_auth_str = bytes_to_str_punct(actx->pinfo->pool, calc_auth,calc_auth_len,' ');
				proto_item_append_text(authen_item, " calculated = %s", calc_auth_str);
				expert = &ei_snmp_authentication_error;
			}

			expert_add_info( actx->pinfo, authen_item, expert);
		}
	}

#.END



#.FN_BODY HeaderData/msgFlags  VAL_PTR = &parameter_tvb
	tvbuff_t *parameter_tvb = NULL;

 %(DEFAULT_BODY)s
	if (parameter_tvb){
		guint8 v3_flags = tvb_get_guint8(parameter_tvb, 0);
		proto_tree* flags_tree = proto_item_add_subtree(%(ACTX)s->created_item,ett_msgFlags);

		proto_tree_add_item(flags_tree, hf_snmp_v3_flags_report, parameter_tvb, 0, 1, ENC_BIG_ENDIAN);
		proto_tree_add_item(flags_tree, hf_snmp_v3_flags_crypt, parameter_tvb, 0, 1, ENC_BIG_ENDIAN);
		proto_tree_add_item(flags_tree, hf_snmp_v3_flags_auth, parameter_tvb, 0, 1, ENC_BIG_ENDIAN);

		usm_p.encrypted = v3_flags & TH_CRYPT ? TRUE : FALSE;
		usm_p.authenticated = v3_flags & TH_AUTH ? TRUE : FALSE;
	}


#.TYPE_ATTR
NetworkAddress TYPE = FT_IPv4  DISPLAY = BASE_NONE  STRINGS = NULL
Message/community  TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
HeaderData/msgSecurityModel TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(sec_models)
UsmSecurityParameters/msgUserName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
ScopedPDU/contextName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
#.END