diff options
| author | Luca Deri <deri@ntop.org> | 2022-02-14 23:17:51 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2022-02-14 23:17:51 +0100 |
| commit | c4113ffd7efdc085401fac260c7474ccda949442 (patch) | |
| tree | ed2f2f5fdd1c23c05d4bf75a421f386e076ae9cb | |
| parent | de6905f41bb91e9215c975fbda5fce4d4bc5dc76 (diff) | |
Added SNMP error code check
| -rw-r--r-- | src/lib/ndpi_main.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/snmp_proto.c | 70 |
2 files changed, 65 insertions, 6 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3427997b8..87a9bff87 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -7572,6 +7572,7 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp break; case NDPI_PROTOCOL_KERBEROS: + case NDPI_PROTOCOL_SNMP: if(flow->extra_packets_func) return(1); break; diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c index 6ad2c4d24..59b97e596 100644 --- a/src/lib/protocols/snmp_proto.c +++ b/src/lib/protocols/snmp_proto.c @@ -24,22 +24,44 @@ #include "ndpi_api.h" +static void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + +/* *************************************************************** */ + static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + *ndpi_struct, struct ndpi_flow_struct *flow) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP, + NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); +} + +/* *************************************************************** */ + +static int ndpi_search_snmp_again(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + + ndpi_search_snmp(ndpi_struct, flow); + +#ifdef SNMP_DEBUG + printf("=> %s()\n", __FUNCTION__); +#endif + + return((flow->extra_packets_func == NULL) /* We're good now */ ? 0 : 1); } +/* *************************************************************** */ + void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t snmp_port = htons(161), trap_port = htons(162); + u_int8_t version; if((packet->payload_packet_len <= 32) ||(packet->payload[0] != 0x30) - || ((packet->payload[4] != 0 /* SNMPv1 */) - && (packet->payload[4] != 1 /* SNMPv2c */) - && (packet->payload[4] != 3 /* SNMPv3 */)) + || (((version = packet->payload[4]) != 0 /* SNMPv1 */) + && ((version = packet->payload[4]) != 1 /* SNMPv2c */) + && ((version = packet->payload[4]) != 3 /* SNMPv3 */)) || ((packet->udp->source != snmp_port) && (packet->udp->dest != snmp_port) && (packet->udp->dest != trap_port)) @@ -47,11 +69,47 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, || ((packet->payload[1] + 2) != packet->payload_packet_len)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } else { + if((version == 0) || (version == 1)) { + u_int8_t community_len = packet->payload[6]; + u_int8_t snmp_primitive_offset = 7 + community_len; + + if(snmp_primitive_offset < packet->payload_packet_len) { + u_int8_t snmp_primitive = packet->payload[snmp_primitive_offset] & 0xF; + + if(snmp_primitive == 2 /* Get Response */) { + u_int8_t error_status_offset = 17 + community_len; + + if(error_status_offset < packet->payload_packet_len) { + u_int8_t error_status = packet->payload[error_status_offset]; + +#ifdef SNMP_DEBUG + printf("-> %u [offset: %u][primitive: %u]\n", + error_status, error_status_offset, snmp_primitive); +#endif + + flow->extra_packets_func = NULL; /* We're good now */ + + if(error_status != 0) + ndpi_set_risk(ndpi_struct, flow, NDPI_ERROR_CODE_DETECTED); + } + } + } + } + ndpi_int_snmp_add_connection(ndpi_struct, flow); + + if(flow->extra_packets_func == NULL) { + /* This is necessary to inform the core to call this dissector again */ + flow->check_extra_packets = 1; + flow->max_extra_packets_to_check = 8; + flow->extra_packets_func = ndpi_search_snmp_again; + } + return; } } +/* *************************************************************** */ void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { |