Reimplememnted SNMP dissector

author: Luca Deri <deri@ntop.org> 2021-06-11 21:44:51 +0200
committer: Luca Deri <deri@ntop.org> 2021-06-11 21:44:51 +0200
commit: a79b8ee834140cff8ce671683858c35abaed3192 (patch)
tree: af54d3a867e7342807dabd0087112ade8aee3b9a
parent: dee6f90d6c1526abf04cd3ea4046d307f997732c (diff)
1 files changed, 20 insertions, 93 deletions
diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c
index e33be179a..a3054d76c 100644
--- a/src/lib/protocols/snmp_proto.c
+++ b/src/lib/protocols/snmp_proto.c
@@ -1,12 +1,8 @@
 /*
  * snmp.c
  *
- * Copyright (C) 2009-11 - ipoque GmbH
  * Copyright (C) 2011-21 - ntop.org
  *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
@@ -34,100 +30,31 @@ static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct
   ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP, NDPI_PROTOCOL_UNKNOWN);
 }
 
-void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
+void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct,
+		      struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &flow->packet;
-
-  NDPI_LOG_DBG(ndpi_struct, "search SNMP\n");
-	
-  if (packet->payload_packet_len > 32 && packet->payload[0] == 0x30) {
-    int offset;
-    u_int16_t u16;
-    
-    switch (packet->payload[1]) {
-    case 0x81:
-      offset = 3;
-      break;
-    case 0x82:
-      offset = 4;
-      break;
-    default:
-      if (packet->payload[1] > 0x82) {
-	NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, second byte is > 0x82\n");
-	goto excl;
-      }
-      offset = 2;
-    }
-
-    u16 = ntohs(get_u_int16_t(packet->payload, offset));
-    
-    if((u16 != 0x0201) && (u16 != 0x0204)) {
-      NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, 0x0201/0x0204 pattern not found\n");
-      goto excl;
-    }
-
-    if (packet->payload[offset + 2] >= 0x04) {
-      NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, version > 3\n");
-      goto excl;
-    }
-
-    if (flow->l4.udp.snmp_stage == 0) {
-      if (packet->udp->dest == htons(161) || packet->udp->dest == htons(162)) {
-	NDPI_LOG_INFO(ndpi_struct, "found SNMP by port\n");
-	ndpi_int_snmp_add_connection(ndpi_struct, flow);
-	return;
-      }
-      NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 0\n");
-      if (packet->payload[offset + 2] == 3) {
-	flow->l4.udp.snmp_msg_id = ntohs(get_u_int32_t(packet->payload, offset + 8));
-      } else if (packet->payload[offset + 2] == 0) {
-	flow->l4.udp.snmp_msg_id = get_u_int8_t(packet->payload, offset + 15);
-      } else {
-	flow->l4.udp.snmp_msg_id = ntohs(get_u_int16_t(packet->payload, offset + 15));
-      }
-      flow->l4.udp.snmp_stage = 1 + packet->packet_direction;
-      return;
-    } else if (flow->l4.udp.snmp_stage == 1 + packet->packet_direction) {
-      if (packet->payload[offset + 2] == 0) {
-	if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15) - 1) {
-	  NDPI_LOG_DBG2(ndpi_struct,
-		   "SNMP v1 excluded, message ID doesn't match\n");
-	  goto excl;
-	}
-      }
-    } else if (flow->l4.udp.snmp_stage == 2 - packet->packet_direction) {
-      NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 1-2\n");
-      if (packet->payload[offset + 2] == 3) {
-	if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int32_t(packet->payload, offset + 8))) {
-	  NDPI_LOG_DBG2(ndpi_struct,
-		   "SNMP v3 excluded, message ID doesn't match\n");
-	  goto excl;
-	}
-      } else if (packet->payload[offset + 2] == 0) {
-	if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15)) {
-	  NDPI_LOG_DBG2(ndpi_struct,
-		   "SNMP v1 excluded, message ID doesn't match\n");
-	  goto excl;
-	}
-      } else {
-	if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int16_t(packet->payload, offset + 15))) {
-	  NDPI_LOG_DBG2(ndpi_struct,
-		   "SNMP v2 excluded, message ID doesn't match\n");
-	  goto excl;
-	}
-      }
-      NDPI_LOG_INFO(ndpi_struct, "found SNMP\n");
-      ndpi_int_snmp_add_connection(ndpi_struct, flow);
-      return;
-    }
+  u_int16_t snmp_port = htons(161), trap_port = htons(162);
+  
+  if((packet->payload_packet_len <= 32)
+     ||(packet->payload[0] != 0x30)
+     || ((packet->payload[4] != 0 /* SNMPv1 */)
+	 && (packet->payload[4] != 1 /* SNMPv2c */)
+	 && (packet->payload[4] != 3 /* SNMPv3 */))
+     || ((packet->udp->source != snmp_port)
+	 && (packet->udp->dest != snmp_port)
+	 && (packet->udp->dest != trap_port))
+     /* version */
+     || ((packet->payload[1] + 2) != packet->payload_packet_len)) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+  } else {
+    ndpi_int_snmp_add_connection(ndpi_struct, flow);
+    return;    
   }
- excl:
-  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }
 
 
-void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
-{
+void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+			 u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) {
   ndpi_set_bitmask_protocol_detection("SNMP", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_SNMP,
 				      ndpi_search_snmp,
author	Luca Deri <deri@ntop.org>	2021-06-11 21:44:51 +0200
committer	Luca Deri <deri@ntop.org>	2021-06-11 21:44:51 +0200
commit	a79b8ee834140cff8ce671683858c35abaed3192 (patch)
tree	af54d3a867e7342807dabd0087112ade8aee3b9a
parent	dee6f90d6c1526abf04cd3ea4046d307f997732c (diff)