cc2d58634e
The basic SNMP ALG parse snmp ASN.1 payload however, since 2012 linux kernel provide ASN.1 decoder library. If we use ASN.1 decoder in the /lib/asn1_decoder.c, we can remove about 1000 line of ASN.1 parsing routine. To use asn1_decoder.c, we should write mib file(nf_nat_snmp_basic.asn1) then /script/asn1_compiler.c makes *-asn1.c and *-asn1.h file at the compiletime.(nf_nat_snmp_basic-asn1.c, nf_nat_snmp_basic-asn1.h) The nf_nat_snmp_basic.asn1 is made by RFC1155, RFC1157, RFC1902, RFC1905, RFC2578, RFC3416. of course that mib file supports only the basic SNMP ALG. Previous SNMP ALG mangles only first octet of IPv4 address. but after this patch, the SNMP ALG mangles whole IPv4 Address. And SNMPv3 is not supported. I tested with snmp commands such ans snmpd, snmpwalk, snmptrap. Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
178 lines
2.1 KiB
Groff
178 lines
2.1 KiB
Groff
Message ::=
|
|
SEQUENCE {
|
|
version
|
|
INTEGER ({snmp_version}),
|
|
|
|
community
|
|
OCTET STRING,
|
|
|
|
pdu
|
|
PDUs
|
|
}
|
|
|
|
|
|
ObjectName ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
ObjectSyntax ::=
|
|
CHOICE {
|
|
simple
|
|
SimpleSyntax,
|
|
|
|
application-wide
|
|
ApplicationSyntax
|
|
}
|
|
|
|
SimpleSyntax ::=
|
|
CHOICE {
|
|
integer-value
|
|
INTEGER,
|
|
|
|
string-value
|
|
OCTET STRING,
|
|
|
|
objectID-value
|
|
OBJECT IDENTIFIER
|
|
}
|
|
|
|
ApplicationSyntax ::=
|
|
CHOICE {
|
|
ipAddress-value
|
|
IpAddress,
|
|
|
|
counter-value
|
|
Counter32,
|
|
|
|
timeticks-value
|
|
TimeTicks,
|
|
|
|
arbitrary-value
|
|
Opaque,
|
|
|
|
big-counter-value
|
|
Counter64,
|
|
|
|
unsigned-integer-value
|
|
Unsigned32
|
|
}
|
|
|
|
IpAddress ::=
|
|
[APPLICATION 0]
|
|
IMPLICIT OCTET STRING OPTIONAL ({snmp_helper})
|
|
|
|
Counter32 ::=
|
|
[APPLICATION 1]
|
|
IMPLICIT INTEGER OPTIONAL
|
|
|
|
Unsigned32 ::=
|
|
[APPLICATION 2]
|
|
IMPLICIT INTEGER OPTIONAL
|
|
|
|
Gauge32 ::= Unsigned32 OPTIONAL
|
|
|
|
TimeTicks ::=
|
|
[APPLICATION 3]
|
|
IMPLICIT INTEGER OPTIONAL
|
|
|
|
Opaque ::=
|
|
[APPLICATION 4]
|
|
IMPLICIT OCTET STRING OPTIONAL
|
|
|
|
Counter64 ::=
|
|
[APPLICATION 6]
|
|
IMPLICIT INTEGER OPTIONAL
|
|
|
|
PDUs ::=
|
|
CHOICE {
|
|
get-request
|
|
GetRequest-PDU,
|
|
|
|
get-next-request
|
|
GetNextRequest-PDU,
|
|
|
|
get-bulk-request
|
|
GetBulkRequest-PDU,
|
|
|
|
response
|
|
Response-PDU,
|
|
|
|
set-request
|
|
SetRequest-PDU,
|
|
|
|
inform-request
|
|
InformRequest-PDU,
|
|
|
|
snmpV2-trap
|
|
SNMPv2-Trap-PDU,
|
|
|
|
report
|
|
Report-PDU
|
|
}
|
|
|
|
GetRequest-PDU ::=
|
|
[0] IMPLICIT PDU OPTIONAL
|
|
|
|
GetNextRequest-PDU ::=
|
|
[1] IMPLICIT PDU OPTIONAL
|
|
|
|
Response-PDU ::=
|
|
[2] IMPLICIT PDU OPTIONAL
|
|
|
|
SetRequest-PDU ::=
|
|
[3] IMPLICIT PDU OPTIONAL
|
|
|
|
-- [4] is obsolete
|
|
|
|
GetBulkRequest-PDU ::=
|
|
[5] IMPLICIT PDU OPTIONAL
|
|
|
|
InformRequest-PDU ::=
|
|
[6] IMPLICIT PDU OPTIONAL
|
|
|
|
SNMPv2-Trap-PDU ::=
|
|
[7] IMPLICIT PDU OPTIONAL
|
|
|
|
Report-PDU ::=
|
|
[8] IMPLICIT PDU OPTIONAL
|
|
|
|
PDU ::=
|
|
SEQUENCE {
|
|
request-id
|
|
INTEGER,
|
|
|
|
error-status
|
|
INTEGER,
|
|
|
|
error-index
|
|
INTEGER,
|
|
|
|
variable-bindings
|
|
VarBindList
|
|
}
|
|
|
|
|
|
VarBind ::=
|
|
SEQUENCE {
|
|
name
|
|
ObjectName,
|
|
|
|
CHOICE {
|
|
value
|
|
ObjectSyntax,
|
|
|
|
unSpecified
|
|
NULL,
|
|
|
|
noSuchObject
|
|
[0] IMPLICIT NULL,
|
|
|
|
noSuchInstance
|
|
[1] IMPLICIT NULL,
|
|
|
|
endOfMibView
|
|
[2] IMPLICIT NULL
|
|
}
|
|
}
|
|
|
|
VarBindList ::= SEQUENCE OF VarBind
|