diff --git a/CHANGES b/CHANGES index 24f31c3874..1f72911215 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.4-731 | 2016-08-01 08:14:06 -0700 + + * Correct endianness of IP addresses in SNMP. Addresses BIT-1644. + (Anony Mous) + 2.4-729 | 2016-08-01 08:00:54 -0700 * Fix behavior of connection_pending event. It is now really only diff --git a/VERSION b/VERSION index b092ef10ce..c7e8fbeda0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-729 +2.4-731 diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index 44dce4dbf5..0394dbda61 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -39,7 +39,7 @@ AddrVal* network_address_to_val(const ASN1Encoding* na) const u_char* data = reinterpret_cast(bs.data()); uint32 network_order = extract_uint32(data); - return new AddrVal(network_order); + return new AddrVal(ntohl(network_order)); } Val* asn1_obj_to_val(const ASN1Encoding* obj) diff --git a/testing/btest/Baseline/scripts.base.protocols.snmp.snmp-addr/.stdout b/testing/btest/Baseline/scripts.base.protocols.snmp.snmp-addr/.stdout new file mode 100644 index 0000000000..f21633eb91 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.snmp.snmp-addr/.stdout @@ -0,0 +1,30 @@ +138.68.0.1 +138.68.14.240 +169.254.169.254 +10.46.0.5 +127.0.0.1 +138.68.10.203 +255.255.0.0 +255.0.0.0 +255.255.240.0 +0.0.0.0 +10.46.0.0 +138.68.0.0 +138.68.0.1 +0.0.0.0 +0.0.0.0 +0.0.0.0 +255.255.0.0 +255.255.240.0 +138.68.0.1 +138.68.14.240 +169.254.169.254 +0.0.0.0 +10.46.0.0 +138.68.0.0 +0.0.0.0 +255.255.0.0 +255.255.240.0 +138.68.0.1 +0.0.0.0 +0.0.0.0 diff --git a/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4 b/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4 index 0854c7096c..2111edee6f 100644 --- a/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4 +++ b/testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4 @@ -3,7 +3,7 @@ snmp_trap is_orig: T [community=public] enterprise: 1.3.6.1.4.1.31337.0 - agent: 1.0.0.127 + agent: 127.0.0.1 generic_trap: 0 specific_trap: 0 time_stamp: 0 diff --git a/testing/btest/Traces/snmp/snmpwalk-short.pcap b/testing/btest/Traces/snmp/snmpwalk-short.pcap new file mode 100644 index 0000000000..90f2a47664 Binary files /dev/null and b/testing/btest/Traces/snmp/snmpwalk-short.pcap differ diff --git a/testing/btest/scripts/base/protocols/snmp/snmp-addr.bro b/testing/btest/scripts/base/protocols/snmp/snmp-addr.bro new file mode 100644 index 0000000000..5c21cf7be3 --- /dev/null +++ b/testing/btest/scripts/base/protocols/snmp/snmp-addr.bro @@ -0,0 +1,15 @@ +# @TEST-EXEC: bro -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT +# @TEST-EXEC: btest-diff .stdout + +@load base/protocols/snmp + +event snmp_response(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU) { + + for (i in pdu$bindings) { + local binding = pdu$bindings[i]; + + if (binding$value?$address) + print binding$value$address; + } + +}