1 /** 2 * @file 3 * SNMP input message processing (RFC1157). 4 */ 5 6 /* 7 * Copyright (c) 2006 Axon Digital Design B.V., The Netherlands. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without modification, 11 * are permitted provided that the following conditions are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright notice, 14 * this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 22 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 23 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 24 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 25 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 26 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 29 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 30 * OF SUCH DAMAGE. 31 * 32 * Author: Christiaan Simons <christiaan.simons (at) axon.tv> 33 */ 34 35 #include "lwip/opt.h" 36 37 #if LWIP_SNMP /* don't build if not configured for use in lwipopts.h */ 38 39 #include "lwip/snmp.h" 40 #include "lwip/snmp_asn1.h" 41 #include "lwip/snmp_msg.h" 42 #include "lwip/snmp_structs.h" 43 #include "lwip/ip_addr.h" 44 #include "lwip/memp.h" 45 #include "lwip/udp.h" 46 #include "lwip/stats.h" 47 48 #include <string.h> 49 50 /* public (non-static) constants */ 51 /** SNMP v1 == 0 */ 52 const s32_t snmp_version = 0; 53 /** default SNMP community string */ 54 const char snmp_publiccommunity[7] = "public"; 55 56 /* statically allocated buffers for SNMP_CONCURRENT_REQUESTS */ 57 struct snmp_msg_pstat msg_input_list[SNMP_CONCURRENT_REQUESTS]; 58 /* UDP Protocol Control Block */ 59 struct udp_pcb *snmp1_pcb; 60 61 static void snmp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, ip_addr_t *addr, u16_t port); 62 static err_t snmp_pdu_header_check(struct pbuf *p, u16_t ofs, u16_t pdu_len, u16_t *ofs_ret, struct snmp_msg_pstat *m_stat); 63 static err_t snmp_pdu_dec_varbindlist(struct pbuf *p, u16_t ofs, u16_t *ofs_ret, struct snmp_msg_pstat *m_stat); 64 65 66 /** 67 * Starts SNMP Agent. 68 * Allocates UDP pcb and binds it to IP_ADDR_ANY port 161. 69 */ 70 void 71 snmp_init(void) 72 { 73 struct snmp_msg_pstat *msg_ps; 74 u8_t i; 75 76 snmp1_pcb = udp_new(); 77 if (snmp1_pcb != NULL) 78 { 79 udp_recv(snmp1_pcb, snmp_recv, (void *)SNMP_IN_PORT); 80 udp_bind(snmp1_pcb, IP_ADDR_ANY, SNMP_IN_PORT); 81 } 82 msg_ps = &msg_input_list[0]; 83 for (i=0; i<SNMP_CONCURRENT_REQUESTS; i++) 84 { 85 msg_ps->state = SNMP_MSG_EMPTY; 86 msg_ps->error_index = 0; 87 msg_ps->error_status = SNMP_ES_NOERROR; 88 msg_ps++; 89 } 90 trap_msg.pcb = snmp1_pcb; 91 92 #ifdef SNMP_PRIVATE_MIB_INIT 93 /* If defined, rhis must be a function-like define to initialize the 94 * private MIB after the stack has been initialized. 95 * The private MIB can also be initialized in tcpip_callback (or after 96 * the stack is initialized), this define is only for convenience. */ 97 SNMP_PRIVATE_MIB_INIT(); 98 #endif /* SNMP_PRIVATE_MIB_INIT */ 99 100 /* The coldstart trap will only be output 101 if our outgoing interface is up & configured */ 102 snmp_coldstart_trap(); 103 } 104 105 static void 106 snmp_error_response(struct snmp_msg_pstat *msg_ps, u8_t error) 107 { 108 snmp_varbind_list_free(&msg_ps->outvb); 109 msg_ps->outvb = msg_ps->invb; 110 msg_ps->invb.head = NULL; 111 msg_ps->invb.tail = NULL; 112 msg_ps->invb.count = 0; 113 msg_ps->error_status = error; 114 msg_ps->error_index = 1 + msg_ps->vb_idx; 115 snmp_send_response(msg_ps); 116 snmp_varbind_list_free(&msg_ps->outvb); 117 msg_ps->state = SNMP_MSG_EMPTY; 118 } 119 120 static void 121 snmp_ok_response(struct snmp_msg_pstat *msg_ps) 122 { 123 err_t err_ret; 124 125 err_ret = snmp_send_response(msg_ps); 126 if (err_ret == ERR_MEM) 127 { 128 /* serious memory problem, can't return tooBig */ 129 } 130 else 131 { 132 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_event = %"S32_F"\n",msg_ps->error_status)); 133 } 134 /* free varbinds (if available) */ 135 snmp_varbind_list_free(&msg_ps->invb); 136 snmp_varbind_list_free(&msg_ps->outvb); 137 msg_ps->state = SNMP_MSG_EMPTY; 138 } 139 140 /** 141 * Service an internal or external event for SNMP GET. 142 * 143 * @param request_id identifies requests from 0 to (SNMP_CONCURRENT_REQUESTS-1) 144 * @param msg_ps points to the assosicated message process state 145 */ 146 static void 147 snmp_msg_get_event(u8_t request_id, struct snmp_msg_pstat *msg_ps) 148 { 149 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_get_event: msg_ps->state==%"U16_F"\n",(u16_t)msg_ps->state)); 150 151 if (msg_ps->state == SNMP_MSG_EXTERNAL_GET_OBJDEF) 152 { 153 struct mib_external_node *en; 154 struct snmp_name_ptr np; 155 156 /* get_object_def() answer*/ 157 en = msg_ps->ext_mib_node; 158 np = msg_ps->ext_name_ptr; 159 160 /* translate answer into a known lifeform */ 161 en->get_object_def_a(request_id, np.ident_len, np.ident, &msg_ps->ext_object_def); 162 if ((msg_ps->ext_object_def.instance != MIB_OBJECT_NONE) && 163 (msg_ps->ext_object_def.access & MIB_ACCESS_READ)) 164 { 165 msg_ps->state = SNMP_MSG_EXTERNAL_GET_VALUE; 166 en->get_value_q(request_id, &msg_ps->ext_object_def); 167 } 168 else 169 { 170 en->get_object_def_pc(request_id, np.ident_len, np.ident); 171 /* search failed, object id points to unknown object (nosuchname) */ 172 snmp_error_response(msg_ps,SNMP_ES_NOSUCHNAME); 173 } 174 } 175 else if (msg_ps->state == SNMP_MSG_EXTERNAL_GET_VALUE) 176 { 177 struct mib_external_node *en; 178 struct snmp_varbind *vb; 179 180 /* get_value() answer */ 181 en = msg_ps->ext_mib_node; 182 183 /* allocate output varbind */ 184 vb = (struct snmp_varbind *)memp_malloc(MEMP_SNMP_VARBIND); 185 LWIP_ASSERT("vb != NULL",vb != NULL); 186 if (vb != NULL) 187 { 188 vb->next = NULL; 189 vb->prev = NULL; 190 191 /* move name from invb to outvb */ 192 vb->ident = msg_ps->vb_ptr->ident; 193 vb->ident_len = msg_ps->vb_ptr->ident_len; 194 /* ensure this memory is refereced once only */ 195 msg_ps->vb_ptr->ident = NULL; 196 msg_ps->vb_ptr->ident_len = 0; 197 198 vb->value_type = msg_ps->ext_object_def.asn_type; 199 LWIP_ASSERT("invalid length", msg_ps->ext_object_def.v_len <= 0xff); 200 vb->value_len = (u8_t)msg_ps->ext_object_def.v_len; 201 if (vb->value_len > 0) 202 { 203 LWIP_ASSERT("SNMP_MAX_OCTET_STRING_LEN is configured too low", vb->value_len <= SNMP_MAX_VALUE_SIZE); 204 vb->value = memp_malloc(MEMP_SNMP_VALUE); 205 LWIP_ASSERT("vb->value != NULL",vb->value != NULL); 206 if (vb->value != NULL) 207 { 208 en->get_value_a(request_id, &msg_ps->ext_object_def, vb->value_len, vb->value); 209 snmp_varbind_tail_add(&msg_ps->outvb, vb); 210 /* search again (if vb_idx < msg_ps->invb.count) */ 211 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 212 msg_ps->vb_idx += 1; 213 } 214 else 215 { 216 en->get_value_pc(request_id, &msg_ps->ext_object_def); 217 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_event: no variable space\n")); 218 msg_ps->vb_ptr->ident = vb->ident; 219 msg_ps->vb_ptr->ident_len = vb->ident_len; 220 memp_free(MEMP_SNMP_VARBIND, vb); 221 snmp_error_response(msg_ps,SNMP_ES_TOOBIG); 222 } 223 } 224 else 225 { 226 /* vb->value_len == 0, empty value (e.g. empty string) */ 227 en->get_value_a(request_id, &msg_ps->ext_object_def, 0, NULL); 228 vb->value = NULL; 229 snmp_varbind_tail_add(&msg_ps->outvb, vb); 230 /* search again (if vb_idx < msg_ps->invb.count) */ 231 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 232 msg_ps->vb_idx += 1; 233 } 234 } 235 else 236 { 237 en->get_value_pc(request_id, &msg_ps->ext_object_def); 238 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_event: no outvb space\n")); 239 snmp_error_response(msg_ps,SNMP_ES_TOOBIG); 240 } 241 } 242 243 while ((msg_ps->state == SNMP_MSG_SEARCH_OBJ) && 244 (msg_ps->vb_idx < msg_ps->invb.count)) 245 { 246 struct mib_node *mn; 247 struct snmp_name_ptr np; 248 249 if (msg_ps->vb_idx == 0) 250 { 251 msg_ps->vb_ptr = msg_ps->invb.head; 252 } 253 else 254 { 255 msg_ps->vb_ptr = msg_ps->vb_ptr->next; 256 } 257 /** test object identifier for .iso.org.dod.internet prefix */ 258 if (snmp_iso_prefix_tst(msg_ps->vb_ptr->ident_len, msg_ps->vb_ptr->ident)) 259 { 260 mn = snmp_search_tree((struct mib_node*)&internet, msg_ps->vb_ptr->ident_len - 4, 261 msg_ps->vb_ptr->ident + 4, &np); 262 if (mn != NULL) 263 { 264 if (mn->node_type == MIB_NODE_EX) 265 { 266 /* external object */ 267 struct mib_external_node *en = (struct mib_external_node*)mn; 268 269 msg_ps->state = SNMP_MSG_EXTERNAL_GET_OBJDEF; 270 /* save en && args in msg_ps!! */ 271 msg_ps->ext_mib_node = en; 272 msg_ps->ext_name_ptr = np; 273 274 en->get_object_def_q(en->addr_inf, request_id, np.ident_len, np.ident); 275 } 276 else 277 { 278 /* internal object */ 279 struct obj_def object_def; 280 281 msg_ps->state = SNMP_MSG_INTERNAL_GET_OBJDEF; 282 mn->get_object_def(np.ident_len, np.ident, &object_def); 283 if ((object_def.instance != MIB_OBJECT_NONE) && 284 (object_def.access & MIB_ACCESS_READ)) 285 { 286 mn = mn; 287 } 288 else 289 { 290 /* search failed, object id points to unknown object (nosuchname) */ 291 mn = NULL; 292 } 293 if (mn != NULL) 294 { 295 struct snmp_varbind *vb; 296 297 msg_ps->state = SNMP_MSG_INTERNAL_GET_VALUE; 298 /* allocate output varbind */ 299 vb = (struct snmp_varbind *)memp_malloc(MEMP_SNMP_VARBIND); 300 LWIP_ASSERT("vb != NULL",vb != NULL); 301 if (vb != NULL) 302 { 303 vb->next = NULL; 304 vb->prev = NULL; 305 306 /* move name from invb to outvb */ 307 vb->ident = msg_ps->vb_ptr->ident; 308 vb->ident_len = msg_ps->vb_ptr->ident_len; 309 /* ensure this memory is refereced once only */ 310 msg_ps->vb_ptr->ident = NULL; 311 msg_ps->vb_ptr->ident_len = 0; 312 313 vb->value_type = object_def.asn_type; 314 LWIP_ASSERT("invalid length", object_def.v_len <= 0xff); 315 vb->value_len = (u8_t)object_def.v_len; 316 if (vb->value_len > 0) 317 { 318 LWIP_ASSERT("SNMP_MAX_OCTET_STRING_LEN is configured too low", 319 vb->value_len <= SNMP_MAX_VALUE_SIZE); 320 vb->value = memp_malloc(MEMP_SNMP_VALUE); 321 LWIP_ASSERT("vb->value != NULL",vb->value != NULL); 322 if (vb->value != NULL) 323 { 324 mn->get_value(&object_def, vb->value_len, vb->value); 325 snmp_varbind_tail_add(&msg_ps->outvb, vb); 326 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 327 msg_ps->vb_idx += 1; 328 } 329 else 330 { 331 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_event: couldn't allocate variable space\n")); 332 msg_ps->vb_ptr->ident = vb->ident; 333 msg_ps->vb_ptr->ident_len = vb->ident_len; 334 memp_free(MEMP_SNMP_VARBIND, vb); 335 snmp_error_response(msg_ps,SNMP_ES_TOOBIG); 336 } 337 } 338 else 339 { 340 /* vb->value_len == 0, empty value (e.g. empty string) */ 341 vb->value = NULL; 342 snmp_varbind_tail_add(&msg_ps->outvb, vb); 343 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 344 msg_ps->vb_idx += 1; 345 } 346 } 347 else 348 { 349 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_event: couldn't allocate outvb space\n")); 350 snmp_error_response(msg_ps,SNMP_ES_TOOBIG); 351 } 352 } 353 } 354 } 355 } 356 else 357 { 358 mn = NULL; 359 } 360 if (mn == NULL) 361 { 362 /* mn == NULL, noSuchName */ 363 snmp_error_response(msg_ps,SNMP_ES_NOSUCHNAME); 364 } 365 } 366 if ((msg_ps->state == SNMP_MSG_SEARCH_OBJ) && 367 (msg_ps->vb_idx == msg_ps->invb.count)) 368 { 369 snmp_ok_response(msg_ps); 370 } 371 } 372 373 /** 374 * Service an internal or external event for SNMP GETNEXT. 375 * 376 * @param request_id identifies requests from 0 to (SNMP_CONCURRENT_REQUESTS-1) 377 * @param msg_ps points to the assosicated message process state 378 */ 379 static void 380 snmp_msg_getnext_event(u8_t request_id, struct snmp_msg_pstat *msg_ps) 381 { 382 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_getnext_event: msg_ps->state==%"U16_F"\n",(u16_t)msg_ps->state)); 383 384 if (msg_ps->state == SNMP_MSG_EXTERNAL_GET_OBJDEF) 385 { 386 struct mib_external_node *en; 387 388 /* get_object_def() answer*/ 389 en = msg_ps->ext_mib_node; 390 391 /* translate answer into a known lifeform */ 392 en->get_object_def_a(request_id, 1, &msg_ps->ext_oid.id[msg_ps->ext_oid.len - 1], &msg_ps->ext_object_def); 393 if (msg_ps->ext_object_def.instance != MIB_OBJECT_NONE) 394 { 395 msg_ps->state = SNMP_MSG_EXTERNAL_GET_VALUE; 396 en->get_value_q(request_id, &msg_ps->ext_object_def); 397 } 398 else 399 { 400 en->get_object_def_pc(request_id, 1, &msg_ps->ext_oid.id[msg_ps->ext_oid.len - 1]); 401 /* search failed, object id points to unknown object (nosuchname) */ 402 snmp_error_response(msg_ps,SNMP_ES_NOSUCHNAME); 403 } 404 } 405 else if (msg_ps->state == SNMP_MSG_EXTERNAL_GET_VALUE) 406 { 407 struct mib_external_node *en; 408 struct snmp_varbind *vb; 409 410 /* get_value() answer */ 411 en = msg_ps->ext_mib_node; 412 413 LWIP_ASSERT("invalid length", msg_ps->ext_object_def.v_len <= 0xff); 414 vb = snmp_varbind_alloc(&msg_ps->ext_oid, 415 msg_ps->ext_object_def.asn_type, 416 (u8_t)msg_ps->ext_object_def.v_len); 417 if (vb != NULL) 418 { 419 en->get_value_a(request_id, &msg_ps->ext_object_def, vb->value_len, vb->value); 420 snmp_varbind_tail_add(&msg_ps->outvb, vb); 421 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 422 msg_ps->vb_idx += 1; 423 } 424 else 425 { 426 en->get_value_pc(request_id, &msg_ps->ext_object_def); 427 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_getnext_event: couldn't allocate outvb space\n")); 428 snmp_error_response(msg_ps,SNMP_ES_TOOBIG); 429 } 430 } 431 432 while ((msg_ps->state == SNMP_MSG_SEARCH_OBJ) && 433 (msg_ps->vb_idx < msg_ps->invb.count)) 434 { 435 struct mib_node *mn; 436 struct snmp_obj_id oid; 437 438 if (msg_ps->vb_idx == 0) 439 { 440 msg_ps->vb_ptr = msg_ps->invb.head; 441 } 442 else 443 { 444 msg_ps->vb_ptr = msg_ps->vb_ptr->next; 445 } 446 if (snmp_iso_prefix_expand(msg_ps->vb_ptr->ident_len, msg_ps->vb_ptr->ident, &oid)) 447 { 448 if (msg_ps->vb_ptr->ident_len > 3) 449 { 450 /* can offset ident_len and ident */ 451 mn = snmp_expand_tree((struct mib_node*)&internet, 452 msg_ps->vb_ptr->ident_len - 4, 453 msg_ps->vb_ptr->ident + 4, &oid); 454 } 455 else 456 { 457 /* can't offset ident_len -4, ident + 4 */ 458 mn = snmp_expand_tree((struct mib_node*)&internet, 0, NULL, &oid); 459 } 460 } 461 else 462 { 463 mn = NULL; 464 } 465 if (mn != NULL) 466 { 467 if (mn->node_type == MIB_NODE_EX) 468 { 469 /* external object */ 470 struct mib_external_node *en = (struct mib_external_node*)mn; 471 472 msg_ps->state = SNMP_MSG_EXTERNAL_GET_OBJDEF; 473 /* save en && args in msg_ps!! */ 474 msg_ps->ext_mib_node = en; 475 msg_ps->ext_oid = oid; 476 477 en->get_object_def_q(en->addr_inf, request_id, 1, &oid.id[oid.len - 1]); 478 } 479 else 480 { 481 /* internal object */ 482 struct obj_def object_def; 483 struct snmp_varbind *vb; 484 485 msg_ps->state = SNMP_MSG_INTERNAL_GET_OBJDEF; 486 mn->get_object_def(1, &oid.id[oid.len - 1], &object_def); 487 488 LWIP_ASSERT("invalid length", object_def.v_len <= 0xff); 489 vb = snmp_varbind_alloc(&oid, object_def.asn_type, (u8_t)object_def.v_len); 490 if (vb != NULL) 491 { 492 msg_ps->state = SNMP_MSG_INTERNAL_GET_VALUE; 493 mn->get_value(&object_def, object_def.v_len, vb->value); 494 snmp_varbind_tail_add(&msg_ps->outvb, vb); 495 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 496 msg_ps->vb_idx += 1; 497 } 498 else 499 { 500 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_recv couldn't allocate outvb space\n")); 501 snmp_error_response(msg_ps,SNMP_ES_TOOBIG); 502 } 503 } 504 } 505 if (mn == NULL) 506 { 507 /* mn == NULL, noSuchName */ 508 snmp_error_response(msg_ps,SNMP_ES_NOSUCHNAME); 509 } 510 } 511 if ((msg_ps->state == SNMP_MSG_SEARCH_OBJ) && 512 (msg_ps->vb_idx == msg_ps->invb.count)) 513 { 514 snmp_ok_response(msg_ps); 515 } 516 } 517 518 /** 519 * Service an internal or external event for SNMP SET. 520 * 521 * @param request_id identifies requests from 0 to (SNMP_CONCURRENT_REQUESTS-1) 522 * @param msg_ps points to the assosicated message process state 523 */ 524 static void 525 snmp_msg_set_event(u8_t request_id, struct snmp_msg_pstat *msg_ps) 526 { 527 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_msg_set_event: msg_ps->state==%"U16_F"\n",(u16_t)msg_ps->state)); 528 529 if (msg_ps->state == SNMP_MSG_EXTERNAL_GET_OBJDEF) 530 { 531 struct mib_external_node *en; 532 struct snmp_name_ptr np; 533 534 /* get_object_def() answer*/ 535 en = msg_ps->ext_mib_node; 536 np = msg_ps->ext_name_ptr; 537 538 /* translate answer into a known lifeform */ 539 en->get_object_def_a(request_id, np.ident_len, np.ident, &msg_ps->ext_object_def); 540 if (msg_ps->ext_object_def.instance != MIB_OBJECT_NONE) 541 { 542 msg_ps->state = SNMP_MSG_EXTERNAL_SET_TEST; 543 en->set_test_q(request_id, &msg_ps->ext_object_def); 544 } 545 else 546 { 547 en->get_object_def_pc(request_id, np.ident_len, np.ident); 548 /* search failed, object id points to unknown object (nosuchname) */ 549 snmp_error_response(msg_ps,SNMP_ES_NOSUCHNAME); 550 } 551 } 552 else if (msg_ps->state == SNMP_MSG_EXTERNAL_SET_TEST) 553 { 554 struct mib_external_node *en; 555 556 /* set_test() answer*/ 557 en = msg_ps->ext_mib_node; 558 559 if (msg_ps->ext_object_def.access & MIB_ACCESS_WRITE) 560 { 561 if ((msg_ps->ext_object_def.asn_type == msg_ps->vb_ptr->value_type) && 562 (en->set_test_a(request_id,&msg_ps->ext_object_def, 563 msg_ps->vb_ptr->value_len,msg_ps->vb_ptr->value) != 0)) 564 { 565 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 566 msg_ps->vb_idx += 1; 567 } 568 else 569 { 570 en->set_test_pc(request_id,&msg_ps->ext_object_def); 571 /* bad value */ 572 snmp_error_response(msg_ps,SNMP_ES_BADVALUE); 573 } 574 } 575 else 576 { 577 en->set_test_pc(request_id,&msg_ps->ext_object_def); 578 /* object not available for set */ 579 snmp_error_response(msg_ps,SNMP_ES_NOSUCHNAME); 580 } 581 } 582 else if (msg_ps->state == SNMP_MSG_EXTERNAL_GET_OBJDEF_S) 583 { 584 struct mib_external_node *en; 585 struct snmp_name_ptr np; 586 587 /* get_object_def() answer*/ 588 en = msg_ps->ext_mib_node; 589 np = msg_ps->ext_name_ptr; 590 591 /* translate answer into a known lifeform */ 592 en->get_object_def_a(request_id, np.ident_len, np.ident, &msg_ps->ext_object_def); 593 if (msg_ps->ext_object_def.instance != MIB_OBJECT_NONE) 594 { 595 msg_ps->state = SNMP_MSG_EXTERNAL_SET_VALUE; 596 en->set_value_q(request_id, &msg_ps->ext_object_def, 597 msg_ps->vb_ptr->value_len,msg_ps->vb_ptr->value); 598 } 599 else 600 { 601 en->get_object_def_pc(request_id, np.ident_len, np.ident); 602 /* set_value failed, object has disappeared for some odd reason?? */ 603 snmp_error_response(msg_ps,SNMP_ES_GENERROR); 604 } 605 } 606 else if (msg_ps->state == SNMP_MSG_EXTERNAL_SET_VALUE) 607 { 608 struct mib_external_node *en; 609 610 /** set_value_a() */ 611 en = msg_ps->ext_mib_node; 612 en->set_value_a(request_id, &msg_ps->ext_object_def, 613 msg_ps->vb_ptr->value_len, msg_ps->vb_ptr->value); 614 615 /** @todo use set_value_pc() if toobig */ 616 msg_ps->state = SNMP_MSG_INTERNAL_SET_VALUE; 617 msg_ps->vb_idx += 1; 618 } 619 620 /* test all values before setting */ 621 while ((msg_ps->state == SNMP_MSG_SEARCH_OBJ) && 622 (msg_ps->vb_idx < msg_ps->invb.count)) 623 { 624 struct mib_node *mn; 625 struct snmp_name_ptr np; 626 627 if (msg_ps->vb_idx == 0) 628 { 629 msg_ps->vb_ptr = msg_ps->invb.head; 630 } 631 else 632 { 633 msg_ps->vb_ptr = msg_ps->vb_ptr->next; 634 } 635 /** test object identifier for .iso.org.dod.internet prefix */ 636 if (snmp_iso_prefix_tst(msg_ps->vb_ptr->ident_len, msg_ps->vb_ptr->ident)) 637 { 638 mn = snmp_search_tree((struct mib_node*)&internet, msg_ps->vb_ptr->ident_len - 4, 639 msg_ps->vb_ptr->ident + 4, &np); 640 if (mn != NULL) 641 { 642 if (mn->node_type == MIB_NODE_EX) 643 { 644 /* external object */ 645 struct mib_external_node *en = (struct mib_external_node*)mn; 646 647 msg_ps->state = SNMP_MSG_EXTERNAL_GET_OBJDEF; 648 /* save en && args in msg_ps!! */ 649 msg_ps->ext_mib_node = en; 650 msg_ps->ext_name_ptr = np; 651 652 en->get_object_def_q(en->addr_inf, request_id, np.ident_len, np.ident); 653 } 654 else 655 { 656 /* internal object */ 657 struct obj_def object_def; 658 659 msg_ps->state = SNMP_MSG_INTERNAL_GET_OBJDEF; 660 mn->get_object_def(np.ident_len, np.ident, &object_def); 661 if (object_def.instance != MIB_OBJECT_NONE) 662 { 663 mn = mn; 664 } 665 else 666 { 667 /* search failed, object id points to unknown object (nosuchname) */ 668 mn = NULL; 669 } 670 if (mn != NULL) 671 { 672 msg_ps->state = SNMP_MSG_INTERNAL_SET_TEST; 673 674 if (object_def.access & MIB_ACCESS_WRITE) 675 { 676 if ((object_def.asn_type == msg_ps->vb_ptr->value_type) && 677 (mn->set_test(&object_def,msg_ps->vb_ptr->value_len,msg_ps->vb_ptr->value) != 0)) 678 { 679 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 680 msg_ps->vb_idx += 1; 681 } 682 else 683 { 684 /* bad value */ 685 snmp_error_response(msg_ps,SNMP_ES_BADVALUE); 686 } 687 } 688 else 689 { 690 /* object not available for set */ 691 snmp_error_response(msg_ps,SNMP_ES_NOSUCHNAME); 692 } 693 } 694 } 695 } 696 } 697 else 698 { 699 mn = NULL; 700 } 701 if (mn == NULL) 702 { 703 /* mn == NULL, noSuchName */ 704 snmp_error_response(msg_ps,SNMP_ES_NOSUCHNAME); 705 } 706 } 707 708 if ((msg_ps->state == SNMP_MSG_SEARCH_OBJ) && 709 (msg_ps->vb_idx == msg_ps->invb.count)) 710 { 711 msg_ps->vb_idx = 0; 712 msg_ps->state = SNMP_MSG_INTERNAL_SET_VALUE; 713 } 714 715 /* set all values "atomically" (be as "atomic" as possible) */ 716 while ((msg_ps->state == SNMP_MSG_INTERNAL_SET_VALUE) && 717 (msg_ps->vb_idx < msg_ps->invb.count)) 718 { 719 struct mib_node *mn; 720 struct snmp_name_ptr np; 721 722 if (msg_ps->vb_idx == 0) 723 { 724 msg_ps->vb_ptr = msg_ps->invb.head; 725 } 726 else 727 { 728 msg_ps->vb_ptr = msg_ps->vb_ptr->next; 729 } 730 /* skip iso prefix test, was done previously while settesting() */ 731 mn = snmp_search_tree((struct mib_node*)&internet, msg_ps->vb_ptr->ident_len - 4, 732 msg_ps->vb_ptr->ident + 4, &np); 733 /* check if object is still available 734 (e.g. external hot-plug thingy present?) */ 735 if (mn != NULL) 736 { 737 if (mn->node_type == MIB_NODE_EX) 738 { 739 /* external object */ 740 struct mib_external_node *en = (struct mib_external_node*)mn; 741 742 msg_ps->state = SNMP_MSG_EXTERNAL_GET_OBJDEF_S; 743 /* save en && args in msg_ps!! */ 744 msg_ps->ext_mib_node = en; 745 msg_ps->ext_name_ptr = np; 746 747 en->get_object_def_q(en->addr_inf, request_id, np.ident_len, np.ident); 748 } 749 else 750 { 751 /* internal object */ 752 struct obj_def object_def; 753 754 msg_ps->state = SNMP_MSG_INTERNAL_GET_OBJDEF_S; 755 mn->get_object_def(np.ident_len, np.ident, &object_def); 756 msg_ps->state = SNMP_MSG_INTERNAL_SET_VALUE; 757 mn->set_value(&object_def,msg_ps->vb_ptr->value_len,msg_ps->vb_ptr->value); 758 msg_ps->vb_idx += 1; 759 } 760 } 761 } 762 if ((msg_ps->state == SNMP_MSG_INTERNAL_SET_VALUE) && 763 (msg_ps->vb_idx == msg_ps->invb.count)) 764 { 765 /* simply echo the input if we can set it 766 @todo do we need to return the actual value? 767 e.g. if value is silently modified or behaves sticky? */ 768 msg_ps->outvb = msg_ps->invb; 769 msg_ps->invb.head = NULL; 770 msg_ps->invb.tail = NULL; 771 msg_ps->invb.count = 0; 772 snmp_ok_response(msg_ps); 773 } 774 } 775 776 777 /** 778 * Handle one internal or external event. 779 * Called for one async event. (recv external/private answer) 780 * 781 * @param request_id identifies requests from 0 to (SNMP_CONCURRENT_REQUESTS-1) 782 */ 783 void 784 snmp_msg_event(u8_t request_id) 785 { 786 struct snmp_msg_pstat *msg_ps; 787 788 if (request_id < SNMP_CONCURRENT_REQUESTS) 789 { 790 msg_ps = &msg_input_list[request_id]; 791 if (msg_ps->rt == SNMP_ASN1_PDU_GET_NEXT_REQ) 792 { 793 snmp_msg_getnext_event(request_id, msg_ps); 794 } 795 else if (msg_ps->rt == SNMP_ASN1_PDU_GET_REQ) 796 { 797 snmp_msg_get_event(request_id, msg_ps); 798 } 799 else if(msg_ps->rt == SNMP_ASN1_PDU_SET_REQ) 800 { 801 snmp_msg_set_event(request_id, msg_ps); 802 } 803 } 804 } 805 806 807 /* lwIP UDP receive callback function */ 808 static void 809 snmp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, ip_addr_t *addr, u16_t port) 810 { 811 struct snmp_msg_pstat *msg_ps; 812 u8_t req_idx; 813 err_t err_ret; 814 u16_t payload_len = p->tot_len; 815 u16_t payload_ofs = 0; 816 u16_t varbind_ofs = 0; 817 818 /* suppress unused argument warning */ 819 LWIP_UNUSED_ARG(arg); 820 821 /* traverse input message process list, look for SNMP_MSG_EMPTY */ 822 msg_ps = &msg_input_list[0]; 823 req_idx = 0; 824 while ((req_idx < SNMP_CONCURRENT_REQUESTS) && (msg_ps->state != SNMP_MSG_EMPTY)) 825 { 826 req_idx++; 827 msg_ps++; 828 } 829 if (req_idx == SNMP_CONCURRENT_REQUESTS) 830 { 831 /* exceeding number of concurrent requests */ 832 pbuf_free(p); 833 return; 834 } 835 836 /* accepting request */ 837 snmp_inc_snmpinpkts(); 838 /* record used 'protocol control block' */ 839 msg_ps->pcb = pcb; 840 /* source address (network order) */ 841 msg_ps->sip = *addr; 842 /* source port (host order (lwIP oddity)) */ 843 msg_ps->sp = port; 844 845 /* check total length, version, community, pdu type */ 846 err_ret = snmp_pdu_header_check(p, payload_ofs, payload_len, &varbind_ofs, msg_ps); 847 /* Only accept requests and requests without error (be robust) */ 848 /* Reject response and trap headers or error requests as input! */ 849 if ((err_ret != ERR_OK) || 850 ((msg_ps->rt != SNMP_ASN1_PDU_GET_REQ) && 851 (msg_ps->rt != SNMP_ASN1_PDU_GET_NEXT_REQ) && 852 (msg_ps->rt != SNMP_ASN1_PDU_SET_REQ)) || 853 ((msg_ps->error_status != SNMP_ES_NOERROR) || 854 (msg_ps->error_index != 0)) ) 855 { 856 /* header check failed drop request silently, do not return error! */ 857 pbuf_free(p); 858 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_pdu_header_check() failed\n")); 859 return; 860 } 861 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_recv ok, community %s\n", msg_ps->community)); 862 863 /* Builds a list of variable bindings. Copy the varbinds from the pbuf 864 chain to glue them when these are divided over two or more pbuf's. */ 865 err_ret = snmp_pdu_dec_varbindlist(p, varbind_ofs, &varbind_ofs, msg_ps); 866 /* we've decoded the incoming message, release input msg now */ 867 pbuf_free(p); 868 if ((err_ret != ERR_OK) || (msg_ps->invb.count == 0)) 869 { 870 /* varbind-list decode failed, or varbind list empty. 871 drop request silently, do not return error! 872 (errors are only returned for a specific varbind failure) */ 873 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_pdu_dec_varbindlist() failed\n")); 874 return; 875 } 876 877 msg_ps->error_status = SNMP_ES_NOERROR; 878 msg_ps->error_index = 0; 879 /* find object for each variable binding */ 880 msg_ps->state = SNMP_MSG_SEARCH_OBJ; 881 /* first variable binding from list to inspect */ 882 msg_ps->vb_idx = 0; 883 884 LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_recv varbind cnt=%"U16_F"\n",(u16_t)msg_ps->invb.count)); 885 886 /* handle input event and as much objects as possible in one go */ 887 snmp_msg_event(req_idx); 888 } 889 890 /** 891 * Checks and decodes incoming SNMP message header, logs header errors. 892 * 893 * @param p points to pbuf chain of SNMP message (UDP payload) 894 * @param ofs points to first octet of SNMP message 895 * @param pdu_len the length of the UDP payload 896 * @param ofs_ret returns the ofset of the variable bindings 897 * @param m_stat points to the current message request state return 898 * @return 899 * - ERR_OK SNMP header is sane and accepted 900 * - ERR_ARG SNMP header is either malformed or rejected 901 */ 902 static err_t 903 snmp_pdu_header_check(struct pbuf *p, u16_t ofs, u16_t pdu_len, u16_t *ofs_ret, struct snmp_msg_pstat *m_stat) 904 { 905 err_t derr; 906 u16_t len, ofs_base; 907 u8_t len_octets; 908 u8_t type; 909 s32_t version; 910 911 ofs_base = ofs; 912 snmp_asn1_dec_type(p, ofs, &type); 913 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 914 if ((derr != ERR_OK) || 915 (pdu_len != (1 + len_octets + len)) || 916 (type != (SNMP_ASN1_UNIV | SNMP_ASN1_CONSTR | SNMP_ASN1_SEQ))) 917 { 918 snmp_inc_snmpinasnparseerrs(); 919 return ERR_ARG; 920 } 921 ofs += (1 + len_octets); 922 snmp_asn1_dec_type(p, ofs, &type); 923 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 924 if ((derr != ERR_OK) || (type != (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_INTEG))) 925 { 926 /* can't decode or no integer (version) */ 927 snmp_inc_snmpinasnparseerrs(); 928 return ERR_ARG; 929 } 930 derr = snmp_asn1_dec_s32t(p, ofs + 1 + len_octets, len, &version); 931 if (derr != ERR_OK) 932 { 933 /* can't decode */ 934 snmp_inc_snmpinasnparseerrs(); 935 return ERR_ARG; 936 } 937 if (version != 0) 938 { 939 /* not version 1 */ 940 snmp_inc_snmpinbadversions(); 941 return ERR_ARG; 942 } 943 ofs += (1 + len_octets + len); 944 snmp_asn1_dec_type(p, ofs, &type); 945 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 946 if ((derr != ERR_OK) || (type != (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_OC_STR))) 947 { 948 /* can't decode or no octet string (community) */ 949 snmp_inc_snmpinasnparseerrs(); 950 return ERR_ARG; 951 } 952 derr = snmp_asn1_dec_raw(p, ofs + 1 + len_octets, len, SNMP_COMMUNITY_STR_LEN, m_stat->community); 953 if (derr != ERR_OK) 954 { 955 snmp_inc_snmpinasnparseerrs(); 956 return ERR_ARG; 957 } 958 /* add zero terminator */ 959 len = ((len < (SNMP_COMMUNITY_STR_LEN))?(len):(SNMP_COMMUNITY_STR_LEN)); 960 m_stat->community[len] = 0; 961 m_stat->com_strlen = (u8_t)len; 962 if (strncmp(snmp_publiccommunity, (const char*)m_stat->community, SNMP_COMMUNITY_STR_LEN) != 0) 963 { 964 /** @todo: move this if we need to check more names */ 965 snmp_inc_snmpinbadcommunitynames(); 966 snmp_authfail_trap(); 967 return ERR_ARG; 968 } 969 ofs += (1 + len_octets + len); 970 snmp_asn1_dec_type(p, ofs, &type); 971 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 972 if (derr != ERR_OK) 973 { 974 snmp_inc_snmpinasnparseerrs(); 975 return ERR_ARG; 976 } 977 switch(type) 978 { 979 case (SNMP_ASN1_CONTXT | SNMP_ASN1_CONSTR | SNMP_ASN1_PDU_GET_REQ): 980 /* GetRequest PDU */ 981 snmp_inc_snmpingetrequests(); 982 derr = ERR_OK; 983 break; 984 case (SNMP_ASN1_CONTXT | SNMP_ASN1_CONSTR | SNMP_ASN1_PDU_GET_NEXT_REQ): 985 /* GetNextRequest PDU */ 986 snmp_inc_snmpingetnexts(); 987 derr = ERR_OK; 988 break; 989 case (SNMP_ASN1_CONTXT | SNMP_ASN1_CONSTR | SNMP_ASN1_PDU_GET_RESP): 990 /* GetResponse PDU */ 991 snmp_inc_snmpingetresponses(); 992 derr = ERR_ARG; 993 break; 994 case (SNMP_ASN1_CONTXT | SNMP_ASN1_CONSTR | SNMP_ASN1_PDU_SET_REQ): 995 /* SetRequest PDU */ 996 snmp_inc_snmpinsetrequests(); 997 derr = ERR_OK; 998 break; 999 case (SNMP_ASN1_CONTXT | SNMP_ASN1_CONSTR | SNMP_ASN1_PDU_TRAP): 1000 /* Trap PDU */ 1001 snmp_inc_snmpintraps(); 1002 derr = ERR_ARG; 1003 break; 1004 default: 1005 snmp_inc_snmpinasnparseerrs(); 1006 derr = ERR_ARG; 1007 break; 1008 } 1009 if (derr != ERR_OK) 1010 { 1011 /* unsupported input PDU for this agent (no parse error) */ 1012 return ERR_ARG; 1013 } 1014 m_stat->rt = type & 0x1F; 1015 ofs += (1 + len_octets); 1016 if (len != (pdu_len - (ofs - ofs_base))) 1017 { 1018 /* decoded PDU length does not equal actual payload length */ 1019 snmp_inc_snmpinasnparseerrs(); 1020 return ERR_ARG; 1021 } 1022 snmp_asn1_dec_type(p, ofs, &type); 1023 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 1024 if ((derr != ERR_OK) || (type != (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_INTEG))) 1025 { 1026 /* can't decode or no integer (request ID) */ 1027 snmp_inc_snmpinasnparseerrs(); 1028 return ERR_ARG; 1029 } 1030 derr = snmp_asn1_dec_s32t(p, ofs + 1 + len_octets, len, &m_stat->rid); 1031 if (derr != ERR_OK) 1032 { 1033 /* can't decode */ 1034 snmp_inc_snmpinasnparseerrs(); 1035 return ERR_ARG; 1036 } 1037 ofs += (1 + len_octets + len); 1038 snmp_asn1_dec_type(p, ofs, &type); 1039 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 1040 if ((derr != ERR_OK) || (type != (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_INTEG))) 1041 { 1042 /* can't decode or no integer (error-status) */ 1043 snmp_inc_snmpinasnparseerrs(); 1044 return ERR_ARG; 1045 } 1046 /* must be noError (0) for incoming requests. 1047 log errors for mib-2 completeness and for debug purposes */ 1048 derr = snmp_asn1_dec_s32t(p, ofs + 1 + len_octets, len, &m_stat->error_status); 1049 if (derr != ERR_OK) 1050 { 1051 /* can't decode */ 1052 snmp_inc_snmpinasnparseerrs(); 1053 return ERR_ARG; 1054 } 1055 switch (m_stat->error_status) 1056 { 1057 case SNMP_ES_TOOBIG: 1058 snmp_inc_snmpintoobigs(); 1059 break; 1060 case SNMP_ES_NOSUCHNAME: 1061 snmp_inc_snmpinnosuchnames(); 1062 break; 1063 case SNMP_ES_BADVALUE: 1064 snmp_inc_snmpinbadvalues(); 1065 break; 1066 case SNMP_ES_READONLY: 1067 snmp_inc_snmpinreadonlys(); 1068 break; 1069 case SNMP_ES_GENERROR: 1070 snmp_inc_snmpingenerrs(); 1071 break; 1072 } 1073 ofs += (1 + len_octets + len); 1074 snmp_asn1_dec_type(p, ofs, &type); 1075 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 1076 if ((derr != ERR_OK) || (type != (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_INTEG))) 1077 { 1078 /* can't decode or no integer (error-index) */ 1079 snmp_inc_snmpinasnparseerrs(); 1080 return ERR_ARG; 1081 } 1082 /* must be 0 for incoming requests. 1083 decode anyway to catch bad integers (and dirty tricks) */ 1084 derr = snmp_asn1_dec_s32t(p, ofs + 1 + len_octets, len, &m_stat->error_index); 1085 if (derr != ERR_OK) 1086 { 1087 /* can't decode */ 1088 snmp_inc_snmpinasnparseerrs(); 1089 return ERR_ARG; 1090 } 1091 ofs += (1 + len_octets + len); 1092 *ofs_ret = ofs; 1093 return ERR_OK; 1094 } 1095 1096 static err_t 1097 snmp_pdu_dec_varbindlist(struct pbuf *p, u16_t ofs, u16_t *ofs_ret, struct snmp_msg_pstat *m_stat) 1098 { 1099 err_t derr; 1100 u16_t len, vb_len; 1101 u8_t len_octets; 1102 u8_t type; 1103 1104 /* variable binding list */ 1105 snmp_asn1_dec_type(p, ofs, &type); 1106 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &vb_len); 1107 if ((derr != ERR_OK) || 1108 (type != (SNMP_ASN1_UNIV | SNMP_ASN1_CONSTR | SNMP_ASN1_SEQ))) 1109 { 1110 snmp_inc_snmpinasnparseerrs(); 1111 return ERR_ARG; 1112 } 1113 ofs += (1 + len_octets); 1114 1115 /* start with empty list */ 1116 m_stat->invb.count = 0; 1117 m_stat->invb.head = NULL; 1118 m_stat->invb.tail = NULL; 1119 1120 while (vb_len > 0) 1121 { 1122 struct snmp_obj_id oid, oid_value; 1123 struct snmp_varbind *vb; 1124 1125 snmp_asn1_dec_type(p, ofs, &type); 1126 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 1127 if ((derr != ERR_OK) || 1128 (type != (SNMP_ASN1_UNIV | SNMP_ASN1_CONSTR | SNMP_ASN1_SEQ)) || 1129 (len == 0) || (len > vb_len)) 1130 { 1131 snmp_inc_snmpinasnparseerrs(); 1132 /* free varbinds (if available) */ 1133 snmp_varbind_list_free(&m_stat->invb); 1134 return ERR_ARG; 1135 } 1136 ofs += (1 + len_octets); 1137 vb_len -= (1 + len_octets); 1138 1139 snmp_asn1_dec_type(p, ofs, &type); 1140 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 1141 if ((derr != ERR_OK) || (type != (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_OBJ_ID))) 1142 { 1143 /* can't decode object name length */ 1144 snmp_inc_snmpinasnparseerrs(); 1145 /* free varbinds (if available) */ 1146 snmp_varbind_list_free(&m_stat->invb); 1147 return ERR_ARG; 1148 } 1149 derr = snmp_asn1_dec_oid(p, ofs + 1 + len_octets, len, &oid); 1150 if (derr != ERR_OK) 1151 { 1152 /* can't decode object name */ 1153 snmp_inc_snmpinasnparseerrs(); 1154 /* free varbinds (if available) */ 1155 snmp_varbind_list_free(&m_stat->invb); 1156 return ERR_ARG; 1157 } 1158 ofs += (1 + len_octets + len); 1159 vb_len -= (1 + len_octets + len); 1160 1161 snmp_asn1_dec_type(p, ofs, &type); 1162 derr = snmp_asn1_dec_length(p, ofs+1, &len_octets, &len); 1163 if (derr != ERR_OK) 1164 { 1165 /* can't decode object value length */ 1166 snmp_inc_snmpinasnparseerrs(); 1167 /* free varbinds (if available) */ 1168 snmp_varbind_list_free(&m_stat->invb); 1169 return ERR_ARG; 1170 } 1171 1172 switch (type) 1173 { 1174 case (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_INTEG): 1175 vb = snmp_varbind_alloc(&oid, type, sizeof(s32_t)); 1176 if (vb != NULL) 1177 { 1178 s32_t *vptr = (s32_t*)vb->value; 1179 1180 derr = snmp_asn1_dec_s32t(p, ofs + 1 + len_octets, len, vptr); 1181 snmp_varbind_tail_add(&m_stat->invb, vb); 1182 } 1183 else 1184 { 1185 derr = ERR_ARG; 1186 } 1187 break; 1188 case (SNMP_ASN1_APPLIC | SNMP_ASN1_PRIMIT | SNMP_ASN1_COUNTER): 1189 case (SNMP_ASN1_APPLIC | SNMP_ASN1_PRIMIT | SNMP_ASN1_GAUGE): 1190 case (SNMP_ASN1_APPLIC | SNMP_ASN1_PRIMIT | SNMP_ASN1_TIMETICKS): 1191 vb = snmp_varbind_alloc(&oid, type, sizeof(u32_t)); 1192 if (vb != NULL) 1193 { 1194 u32_t *vptr = (u32_t*)vb->value; 1195 1196 derr = snmp_asn1_dec_u32t(p, ofs + 1 + len_octets, len, vptr); 1197 snmp_varbind_tail_add(&m_stat->invb, vb); 1198 } 1199 else 1200 { 1201 derr = ERR_ARG; 1202 } 1203 break; 1204 case (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_OC_STR): 1205 case (SNMP_ASN1_APPLIC | SNMP_ASN1_PRIMIT | SNMP_ASN1_OPAQUE): 1206 LWIP_ASSERT("invalid length", len <= 0xff); 1207 vb = snmp_varbind_alloc(&oid, type, (u8_t)len); 1208 if (vb != NULL) 1209 { 1210 derr = snmp_asn1_dec_raw(p, ofs + 1 + len_octets, len, vb->value_len, (u8_t*)vb->value); 1211 snmp_varbind_tail_add(&m_stat->invb, vb); 1212 } 1213 else 1214 { 1215 derr = ERR_ARG; 1216 } 1217 break; 1218 case (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_NUL): 1219 vb = snmp_varbind_alloc(&oid, type, 0); 1220 if (vb != NULL) 1221 { 1222 snmp_varbind_tail_add(&m_stat->invb, vb); 1223 derr = ERR_OK; 1224 } 1225 else 1226 { 1227 derr = ERR_ARG; 1228 } 1229 break; 1230 case (SNMP_ASN1_UNIV | SNMP_ASN1_PRIMIT | SNMP_ASN1_OBJ_ID): 1231 derr = snmp_asn1_dec_oid(p, ofs + 1 + len_octets, len, &oid_value); 1232 if (derr == ERR_OK) 1233 { 1234 vb = snmp_varbind_alloc(&oid, type, oid_value.len * sizeof(s32_t)); 1235 if (vb != NULL) 1236 { 1237 u8_t i = oid_value.len; 1238 s32_t *vptr = (s32_t*)vb->value; 1239 1240 while(i > 0) 1241 { 1242 i--; 1243 vptr[i] = oid_value.id[i]; 1244 } 1245 snmp_varbind_tail_add(&m_stat->invb, vb); 1246 derr = ERR_OK; 1247 } 1248 else 1249 { 1250 derr = ERR_ARG; 1251 } 1252 } 1253 break; 1254 case (SNMP_ASN1_APPLIC | SNMP_ASN1_PRIMIT | SNMP_ASN1_IPADDR): 1255 if (len == 4) 1256 { 1257 /* must be exactly 4 octets! */ 1258 vb = snmp_varbind_alloc(&oid, type, 4); 1259 if (vb != NULL) 1260 { 1261 derr = snmp_asn1_dec_raw(p, ofs + 1 + len_octets, len, vb->value_len, (u8_t*)vb->value); 1262 snmp_varbind_tail_add(&m_stat->invb, vb); 1263 } 1264 else 1265 { 1266 derr = ERR_ARG; 1267 } 1268 } 1269 else 1270 { 1271 derr = ERR_ARG; 1272 } 1273 break; 1274 default: 1275 derr = ERR_ARG; 1276 break; 1277 } 1278 if (derr != ERR_OK) 1279 { 1280 snmp_inc_snmpinasnparseerrs(); 1281 /* free varbinds (if available) */ 1282 snmp_varbind_list_free(&m_stat->invb); 1283 return ERR_ARG; 1284 } 1285 ofs += (1 + len_octets + len); 1286 vb_len -= (1 + len_octets + len); 1287 } 1288 1289 if (m_stat->rt == SNMP_ASN1_PDU_SET_REQ) 1290 { 1291 snmp_add_snmpintotalsetvars(m_stat->invb.count); 1292 } 1293 else 1294 { 1295 snmp_add_snmpintotalreqvars(m_stat->invb.count); 1296 } 1297 1298 *ofs_ret = ofs; 1299 return ERR_OK; 1300 } 1301 1302 struct snmp_varbind* 1303 snmp_varbind_alloc(struct snmp_obj_id *oid, u8_t type, u8_t len) 1304 { 1305 struct snmp_varbind *vb; 1306 1307 vb = (struct snmp_varbind *)memp_malloc(MEMP_SNMP_VARBIND); 1308 LWIP_ASSERT("vb != NULL",vb != NULL); 1309 if (vb != NULL) 1310 { 1311 u8_t i; 1312 1313 vb->next = NULL; 1314 vb->prev = NULL; 1315 i = oid->len; 1316 vb->ident_len = i; 1317 if (i > 0) 1318 { 1319 LWIP_ASSERT("SNMP_MAX_TREE_DEPTH is configured too low", i <= SNMP_MAX_TREE_DEPTH); 1320 /* allocate array of s32_t for our object identifier */ 1321 vb->ident = (s32_t*)memp_malloc(MEMP_SNMP_VALUE); 1322 LWIP_ASSERT("vb->ident != NULL",vb->ident != NULL); 1323 if (vb->ident == NULL) 1324 { 1325 memp_free(MEMP_SNMP_VARBIND, vb); 1326 return NULL; 1327 } 1328 while(i > 0) 1329 { 1330 i--; 1331 vb->ident[i] = oid->id[i]; 1332 } 1333 } 1334 else 1335 { 1336 /* i == 0, pass zero length object identifier */ 1337 vb->ident = NULL; 1338 } 1339 vb->value_type = type; 1340 vb->value_len = len; 1341 if (len > 0) 1342 { 1343 LWIP_ASSERT("SNMP_MAX_OCTET_STRING_LEN is configured too low", vb->value_len <= SNMP_MAX_VALUE_SIZE); 1344 /* allocate raw bytes for our object value */ 1345 vb->value = memp_malloc(MEMP_SNMP_VALUE); 1346 LWIP_ASSERT("vb->value != NULL",vb->value != NULL); 1347 if (vb->value == NULL) 1348 { 1349 if (vb->ident != NULL) 1350 { 1351 memp_free(MEMP_SNMP_VALUE, vb->ident); 1352 } 1353 memp_free(MEMP_SNMP_VARBIND, vb); 1354 return NULL; 1355 } 1356 } 1357 else 1358 { 1359 /* ASN1_NUL type, or zero length ASN1_OC_STR */ 1360 vb->value = NULL; 1361 } 1362 } 1363 return vb; 1364 } 1365 1366 void 1367 snmp_varbind_free(struct snmp_varbind *vb) 1368 { 1369 if (vb->value != NULL ) 1370 { 1371 memp_free(MEMP_SNMP_VALUE, vb->value); 1372 } 1373 if (vb->ident != NULL ) 1374 { 1375 memp_free(MEMP_SNMP_VALUE, vb->ident); 1376 } 1377 memp_free(MEMP_SNMP_VARBIND, vb); 1378 } 1379 1380 void 1381 snmp_varbind_list_free(struct snmp_varbind_root *root) 1382 { 1383 struct snmp_varbind *vb, *prev; 1384 1385 vb = root->tail; 1386 while ( vb != NULL ) 1387 { 1388 prev = vb->prev; 1389 snmp_varbind_free(vb); 1390 vb = prev; 1391 } 1392 root->count = 0; 1393 root->head = NULL; 1394 root->tail = NULL; 1395 } 1396 1397 void 1398 snmp_varbind_tail_add(struct snmp_varbind_root *root, struct snmp_varbind *vb) 1399 { 1400 if (root->count == 0) 1401 { 1402 /* add first varbind to list */ 1403 root->head = vb; 1404 root->tail = vb; 1405 } 1406 else 1407 { 1408 /* add nth varbind to list tail */ 1409 root->tail->next = vb; 1410 vb->prev = root->tail; 1411 root->tail = vb; 1412 } 1413 root->count += 1; 1414 } 1415 1416 struct snmp_varbind* 1417 snmp_varbind_tail_remove(struct snmp_varbind_root *root) 1418 { 1419 struct snmp_varbind* vb; 1420 1421 if (root->count > 0) 1422 { 1423 /* remove tail varbind */ 1424 vb = root->tail; 1425 root->tail = vb->prev; 1426 vb->prev->next = NULL; 1427 root->count -= 1; 1428 } 1429 else 1430 { 1431 /* nothing to remove */ 1432 vb = NULL; 1433 } 1434 return vb; 1435 } 1436 1437 #endif /* LWIP_SNMP */ 1438
