Add SNMP datagram parsing support.

This supports parsing of SNMPv1 (RFC 1157), SNMPv2 (RFC 1901/3416), and SNMPv2 (RFC 3412). An event is raised for each SNMP PDU type, though there's not currently any event handlers for them and not a default snmp.log either. However, simple presence of SNMP is currently visible now in conn.log service field and known_services.log.
2025-10-08 01:28:20 +00:00 · 2014-02-18 14:41:32 -06:00 · 2014-02-18 14:41:32 -06:00 · a0c06a957b
commit a0c06a957b
parent ba81aa4387
38 changed files with 2345 additions and 8 deletions
--- a/testing/btest/scripts/base/protocols/snmp/v1.bro
+++ b/testing/btest/scripts/base/protocols/snmp/v1.bro
@ -0,0 +1,11 @@
+# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.bro >out1
+# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.bro >out2
+# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.bro >out3
+# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.bro >out4
+
+# @TEST-EXEC: btest-diff out1
+# @TEST-EXEC: btest-diff out2
+# @TEST-EXEC: btest-diff out3
+# @TEST-EXEC: btest-diff out4
+
+@load base/protocols/snmp
--- a/testing/btest/scripts/base/protocols/snmp/v2.bro
+++ b/testing/btest/scripts/base/protocols/snmp/v2.bro
@ -0,0 +1,9 @@
+# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.bro >out1
+# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.bro >out2
+# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.bro >out3
+
+# @TEST-EXEC: btest-diff out1
+# @TEST-EXEC: btest-diff out2
+# @TEST-EXEC: btest-diff out3
+
+@load base/protocols/snmp
--- a/testing/btest/scripts/base/protocols/snmp/v3.bro
+++ b/testing/btest/scripts/base/protocols/snmp/v3.bro
@ -0,0 +1,5 @@
+# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.bro >out1
+
+# @TEST-EXEC: btest-diff out1
+
+@load base/protocols/snmp