Comments (5)
TimRots
commented on June 5, 2024
I am using gosnmp version 1.25.0, where this issue does not seem to exist.
1.25.0 is unsupported by now and differs a lot from the current code base.
Could you please provide guidance or documentation on how to effectively use SnmpDecodePacket with these types of packets (or in general) in the latest version of gosnmp? Any examples or detailed explanations would be greatly appreciated :) .
From existing tests I whipped up this script to decode a v2 packet:
package main
import (
"log"
g "github.com/gosnmp/gosnmp"
)
/*
responseBytes corresponds to the response section of this snmpget
Simple Network Management Protocol
version: v2c (1)
community: public
data: get-response (2)
get-response
request-id: 1066889284
error-status: noError (0)
error-index: 0
variable-bindings: 8 items
1.3.6.1.2.1.1.7.0: 104
1.3.6.1.2.1.2.2.1.10.1: 271070065
1.3.6.1.2.1.2.2.1.5.1: 100000000
1.3.6.1.2.1.1.4.0: 41646d696e6973747261746f72
1.3.6.1.2.1.43.5.1.1.15.1: Value (Null)
1.3.6.1.2.1.4.21.1.1.127.0.0.1: 127.0.0.1 (127.0.0.1)
1.3.6.1.4.1.23.2.5.1.1.1.4.2: 00159937762b
1.3.6.1.2.1.1.3.0: 318870100
*/
var responseBytes = []byte{
0x30, 0x81, 0xc2, 0x02, 0x01, 0x01, 0x04, 0x06, 0x70, 0x75, 0x62, 0x6c,
0x69, 0x63, 0xa2, 0x81, 0xb4, 0x02, 0x04, 0x3f, 0x97, 0x70, 0x44, 0x02,
0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x81, 0xa5, 0x30, 0x0d, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x07, 0x00, 0x02, 0x01, 0x68, 0x30,
0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0a,
0x01, 0x41, 0x04, 0x10, 0x28, 0x33, 0x71, 0x30, 0x12, 0x06, 0x0a, 0x2b,
0x06, 0x01, 0x02, 0x01, 0x02, 0x02, 0x01, 0x05, 0x01, 0x42, 0x04, 0x05,
0xf5, 0xe1, 0x00, 0x30, 0x19, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01,
0x01, 0x04, 0x00, 0x04, 0x0d, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73,
0x74, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x30, 0x0f, 0x06, 0x0b, 0x2b, 0x06,
0x01, 0x02, 0x01, 0x2b, 0x05, 0x01, 0x01, 0x0f, 0x01, 0x05, 0x00, 0x30,
0x15, 0x06, 0x0d, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x04, 0x15, 0x01, 0x01,
0x7f, 0x00, 0x00, 0x01, 0x40, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x17,
0x06, 0x0d, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x17, 0x02, 0x05, 0x01, 0x01,
0x01, 0x04, 0x02, 0x04, 0x06, 0x00, 0x15, 0x99, 0x37, 0x76, 0x2b, 0x30,
0x10, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x03, 0x00, 0x43,
0x04, 0x13, 0x01, 0x92, 0x54,
}
func main() {
gosnmp := &g.GoSNMP{}
result, err := gosnmp.SnmpDecodePacket(responseBytes)
if err != nil {
log.Fatal(err)
}
log.Print(result)
}which works as expected
&{2c NoAuthNoPriv SnmpV3SecurityModel(0) <nil> public GetResponse 0 1066889284 0 NoError 0 0 0 [{104 .1.3.6.1.2.1.1.7.0 Integer} {271070065 .1.3.6.1.2.1.2.2.1.10.1 Counter32} {100000000 .1.3.6.1.2.1.2.2.1.5.1 Gauge32} {[65 100 109 105 110 105 115 116 114 97 116 111 114] .1.3.6.1.2.1.1.4.0 OctetString} {<nil> .1.3.6.1.2.1.43.5.1.1.15.1 Null} {127.0.0.1 .1.3.6.1.2.1.4.21.1.1.127.0.0.1 IPAddress} {[0 21 153 55 118 43] .1.3.6.1.4.1.23.2.5.1.1.1.4.2 OctetString} {318870100 .1.3.6.1.2.1.1.3.0 TimeTicks}] {<nil>} {[] false 0 0 0}}
I guess results with v3 packets could differ for how gosnmp will be initialized. Could you share back some example based on above? I'll try to help out
from gosnmp.
matan-cylus
commented on June 5, 2024
Thank you for the quick response :)
Im using gosnmp for DPI. meaning when i use the SnmpDecodePacket function to parse the following packets i don't know the expected authentication parameters. can you give me advice on how should i use the function if the cases i show here?
im trying to decode this packet, for example:
"3077020103300f02030489b302020800040101020103042f302d040c800000f805008063d2fe3a000201030203305cdf040561646d696e040c7f663f86fdd8adb6c1bedb7604003030040c800000f805008063d2fe3a000400a21e02030489b30201000201003011300f060a2b060102010202010801020101"
(this is the hex value of the snmp layer)
and this is the error i recieve
error parsing SNMPv3 User Security Model: authentication parameters are not configured to parse incoming authenticated message
same will happen with this packet
"308190020103300f02030091c90202080004010302010304383036040c000039e7000000a1c0a81da0020202f0020302fde8040561646d696e040c11ea7ebd94bf2e64e3500b5b04085611c81435399c400440f0e8472aa3180408ef813db8cf114188ccb806d3e670cdd98e926dff21e98d6ba056223ab768cb402665706ee183e028dd2710452c1530d7553c202fa14950cd"
the common thing i see between them is that the encrypted/authenticated flags are on.
the packets in pcap files:
pcaps.zip
from gosnmp.
TimRots
commented on June 5, 2024
Thanks for sharing those pcaps, that accelerated some tests today.
I feel that the unmarshal method in v3_usm.go is a bit on the strict side. With minimal logic changes and some furniture moving one would be able to dump packet contents for v3:
diff --git a/v3_usm.go b/v3_usm.go
index 9c6574a..cbcbdc2 100644
--- a/v3_usm.go
+++ b/v3_usm.go
@@ -1042,10 +1042,10 @@ func (sp *UsmSecurityParameters) unmarshal(flags SnmpV3MsgFlags, packet []byte,
if flags&AuthNoPriv > 0 {
// In case if the authentication protocol is not configured or set to NoAuth, then the packet cannot
// be processed further
- if sp.AuthenticationProtocol <= NoAuth {
- return 0, errors.New("error parsing SNMPv3 User Security Model: authentication parameters are not configured to parse incoming authenticated message")
+ if sp.AuthenticationProtocol >= NoAuth {
+ copy(packet[cursor+2:cursor+len(macVarbinds[sp.AuthenticationProtocol])], macVarbinds[sp.AuthenticationProtocol][2:])
}
- copy(packet[cursor+2:cursor+len(macVarbinds[sp.AuthenticationProtocol])], macVarbinds[sp.AuthenticationProtocol][2:])
+ // return 0, errors.New("error parsing SNMPv3 User Security Model: authentication parameters are not configured to parse incoming authenticated message")
}
cursor += count
@@ -1057,11 +1057,11 @@ func (sp *UsmSecurityParameters) unmarshal(flags SnmpV3MsgFlags, packet []byte,
if msgPrivacyParameters, ok := rawMsgPrivacyParameters.(string); ok {
sp.PrivacyParameters = []byte(msgPrivacyParameters)
sp.Logger.Printf("Parsed privacyParameters %s", msgPrivacyParameters)
- if flags&AuthPriv >= AuthPriv {
- if sp.PrivacyProtocol <= NoPriv {
- return 0, errors.New("error parsing SNMPv3 User Security Model: privacy parameters are not configured to parse incoming encrypted message")
- }
- }
+ // if flags&AuthPriv >= AuthPriv {
+ // if sp.PrivacyProtocol <= NoPriv {
+ // return 0, errors.New("error parsing SNMPv3 User Security Model: privacy parameters are not configured to parse incoming encrypted message")
+ // }
+ // }
}
% go run main.go
(*gosnmp.SnmpPacket)(0xc0000e6000)({
Version: (gosnmp.SnmpVersion) 3,
MsgFlags: (gosnmp.SnmpV3MsgFlags) AuthNoPriv,
SecurityModel: (gosnmp.SnmpV3SecurityModel) UserSecurityModel,
SecurityParameters: (*gosnmp.UsmSecurityParameters)(0xc0000a85b0)({
mu: (sync.Mutex) {
state: (int32) 0,
sema: (uint32) 0
},
localAESSalt: (uint64) 0,
localDESSalt: (uint32) 0,
AuthoritativeEngineID: (string) (len=12) "\x80\x00\x00\xf8\x05\x00\x80c\xd2\xfe:\x00",
AuthoritativeEngineBoots: (uint32) 3,
AuthoritativeEngineTime: (uint32) 3169503,
UserName: (string) (len=5) "admin",
AuthenticationParameters: (string) (len=12) "\x7ff?\x86\xfdح\xb6\xc1\xbe\xdbv",
PrivacyParameters: ([]uint8) {
},
AuthenticationProtocol: (gosnmp.SnmpV3AuthProtocol) SnmpV3AuthProtocol(0),
PrivacyProtocol: (gosnmp.SnmpV3PrivProtocol) SnmpV3PrivProtocol(0),
AuthenticationPassphrase: (string) "",
PrivacyPassphrase: (string) "",
SecretKey: ([]uint8) <nil>,
PrivacyKey: ([]uint8) <nil>,
Logger: (gosnmp.Logger) {
logger: (gosnmp.LoggerInterface) <nil>
}
}),
ContextEngineID: (string) (len=12) "\x80\x00\x00\xf8\x05\x00\x80c\xd2\xfe:\x00",
ContextName: (string) "",
Community: (string) "",
PDUType: (gosnmp.PDUType) GetResponse,
MsgID: (uint32) 297395,
RequestID: (uint32) 297395,
MsgMaxSize: (uint32) 2048,
Error: (gosnmp.SNMPError) NoError,
ErrorIndex: (uint8) 0,
NonRepeaters: (uint8) 0,
MaxRepetitions: (uint32) 0,
Variables: ([]gosnmp.SnmpPDU) (len=1 cap=5) {
(gosnmp.SnmpPDU) {
Value: (int) 1,
Name: (string) (len=22) ".1.3.6.1.2.1.2.2.1.8.1",
Type: (gosnmp.Asn1BER) Integer
}
},
Logger: (gosnmp.Logger) {
logger: (gosnmp.LoggerInterface) <nil>
},
SnmpTrap: (gosnmp.SnmpTrap) {
Variables: ([]gosnmp.SnmpPDU) <nil>,
IsInform: (bool) false,
Enterprise: (string) "",
AgentAddress: (string) "",
GenericTrap: (int) 0,
SpecificTrap: (int) 0,
Timestamp: (uint) 0
}
})
With the other pcap I run into new issues in v3.go where we error out on
2024/02/08 16:43:03 error parsing SNMPV3 contextEngineID: unknown field type: f0
Long story short. I think gosnmp should be able to do what you need for your use-case. However to achieve that we would need to increase test coverage by quite a bit for all the breakage that will pop up during those renovations, so that we don't sacrifice reliability of the gosnmp library.
from gosnmp.
matan-cylus
commented on June 5, 2024
Do you expect this fix to be implemented in the next released version?
from gosnmp.
TimRots
commented on June 5, 2024
Do you expect this fix to be implemented in the next released version?
Sorry I don't think that will be the case.
from gosnmp.
Related Issues (20)
- usmStatsUnknownUserNames as terminating error? HOT 3
- Chinese coding is garbled HOT 2
- How to configure read/write community? HOT 1
- marshal: marshalPDU: unable to marshal varbind list: unable to marshal OID: Value out of range HOT 2
- Should cancelling a context interrupt an ongoing operation?
- out of bounds error when parsing AuthNoPriv packet HOT 4
- msgMaxSize to be supported in SNMP v3 bulkwalk requests
- V3 feat needed: Load keys manually if the passphrases are not allowed be saved locally HOT 1
- Connect function in gosnmp always returns nil even if the credentials are not valid HOT 1
- Panic in unmarshalV3Header
- Compatibility with GoSNMPServer HOT 7
- `net-snmp` based validation testing HOT 5
- Request ID size too large
- Not handling `0` values correctly for `OpaqueDouble` or `OpaqueFloat`
- Retry netConnect() on resolution failure HOT 2
- bulkwalk can omit OIDs that snmpwalk does show HOT 1
- Unable to receive SNMP response message, but the other party confirmed that it has been sent.
- SNMP-V3 trap-send not work
- OID index in tabular oid result HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gosnmp.