Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/jsiwek/snmp'

Browse source 
* origin/topic/jsiwek/snmp:
  Add memory leak unit test for SNMP.
  Fix compiler nitpicks from new SNMP code.
  Add SNMP datagram parsing support.

BIT-1142
This commit is contained in:
Robin Sommer 2014-04-08 15:19:21 -07:00
commit cf7e25643e
43 changed files with 2374 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
testing/btest/Baseline/core.print-bpf-filters/output2
View file

@ -1,5 +1,7 @@
2 1080
1 137
1 161
1 162
1 20000
1 21
1 2123
@ -39,8 +41,8 @@
1 992
1 993
1 995
43 and
42 or
43 port
45 and
44 or
45 port
32 tcp
11 udp
13 udp

2
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -12,6 +12,7 @@ scripts/base/init-bare.bro
build/scripts/base/bif/strings.bif.bro
build/scripts/base/bif/bro.bif.bro
build/scripts/base/bif/reporter.bif.bro
build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro
build/scripts/base/bif/event.bif.bro
build/scripts/base/bif/plugins/__load__.bro
build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
@ -50,6 +51,7 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro
build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro
build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro
build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro
build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro

4
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -12,6 +12,7 @@ scripts/base/init-bare.bro
build/scripts/base/bif/strings.bif.bro
build/scripts/base/bif/bro.bif.bro
build/scripts/base/bif/reporter.bif.bro
build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro
build/scripts/base/bif/event.bif.bro
build/scripts/base/bif/plugins/__load__.bro
build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
@ -50,6 +51,7 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro
build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro
build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro
build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro
build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro
@ -208,6 +210,8 @@ scripts/base/init-default.bro
scripts/base/protocols/modbus/consts.bro
scripts/base/protocols/modbus/main.bro
scripts/base/protocols/pop3/__load__.bro
scripts/base/protocols/snmp/__load__.bro
scripts/base/protocols/snmp/main.bro
scripts/base/protocols/smtp/__load__.bro
scripts/base/protocols/smtp/main.bro
scripts/base/protocols/smtp/entities.bro

598
testing/btest/Baseline/scripts.base.protocols.snmp.v1/out1 Normal file
View file

@ -0,0 +1,598 @@
snmp_get_request
[orig_h=172.31.19.54, orig_p=15916/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 38
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15916/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 38
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x06): 1.3.6.1.4.1.2001.1.1.1.297.93.1.27.2.2.1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15917/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 39
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x05): <unspecified>
oid: 1.3.6.1.2.1.1.6.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15917/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 39
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x04): B6300
oid: 1.3.6.1.2.1.1.6.0
value (tag=0x04): Chandra's cube
snmp_get_request
[orig_h=172.31.19.54, orig_p=15918/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 40
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.2.2.1.6.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15918/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 40
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.2.2.1.6.1
value (tag=0x04): ^H\07^U\xe6\xbc
snmp_get_request
[orig_h=172.31.19.54, orig_p=15919/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 41
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104
value (tag=0x05): <unspecified>
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130102
value (tag=0x05): <unspecified>
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15919/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 41
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104
value (tag=0x04): 172.31.19.2
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130102
value (tag=0x04): 255.255.255.0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400
value (tag=0x02): 1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15920/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 42
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.43.14.1.1.6.1.5
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15920/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 42
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.43.14.1.1.6.1.5
value (tag=0x02): 3
snmp_get_request
[orig_h=172.31.19.54, orig_p=15921/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 43
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14150900
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15921/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 43
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14150900
value (tag=0x02): 1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15922/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 44
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15922/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 44
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x06): 1.3.6.1.4.1.2001.1.1.1.297.93.1.27.2.2.1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15923/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 45
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x05): <unspecified>
oid: 1.3.6.1.2.1.1.6.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15923/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 45
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x04): B6300
oid: 1.3.6.1.2.1.1.6.0
value (tag=0x04): Chandra's cube
snmp_get_request
[orig_h=172.31.19.54, orig_p=15924/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 46
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.2.2.1.6.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15924/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 46
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.2.2.1.6.1
value (tag=0x04): ^H\07^U\xe6\xbc
snmp_get_request
[orig_h=172.31.19.54, orig_p=15925/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 47
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104
value (tag=0x05): <unspecified>
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130102
value (tag=0x05): <unspecified>
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15925/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 47
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104
value (tag=0x04): 172.31.19.2
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130102
value (tag=0x04): 255.255.255.0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400
value (tag=0x02): 1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15926/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 48
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.43.14.1.1.6.1.5
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15926/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 48
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.43.14.1.1.6.1.5
value (tag=0x02): 3
snmp_get_request
[orig_h=172.31.19.54, orig_p=15927/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 49
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14150900
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15927/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 49
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14150900
value (tag=0x02): 1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15928/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 50
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15928/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 50
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x06): 1.3.6.1.4.1.2001.1.1.1.297.93.1.27.2.2.1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15929/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 51
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x05): <unspecified>
oid: 1.3.6.1.2.1.1.6.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15929/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 51
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x04): B6300
oid: 1.3.6.1.2.1.1.6.0
value (tag=0x04): Chandra's cube
snmp_get_request
[orig_h=172.31.19.54, orig_p=15930/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 52
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.2.2.1.6.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15930/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 52
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.2.2.1.6.1
value (tag=0x04): ^H\07^U\xe6\xbc
snmp_get_request
[orig_h=172.31.19.54, orig_p=15931/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 53
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104
value (tag=0x05): <unspecified>
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130102
value (tag=0x05): <unspecified>
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15931/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 53
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104
value (tag=0x04): 172.31.19.2
oid: 1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130102
value (tag=0x04): 255.255.255.0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400
value (tag=0x02): 1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15932/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 54
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.43.14.1.1.6.1.5
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15932/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 54
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.43.14.1.1.6.1.5
value (tag=0x02): 3
snmp_get_request
[orig_h=172.31.19.54, orig_p=15933/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 55
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14150900
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15933/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 55
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.64.4.2.1.5.10.14150900
value (tag=0x02): 1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15934/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 56
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15934/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 56
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x06): 1.3.6.1.4.1.2001.1.1.1.297.93.1.27.2.2.1
snmp_get_request
[orig_h=172.31.19.54, orig_p=15935/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 57
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.8.1.3.0
value (tag=0x05): <unspecified>
oid: 1.3.6.1.4.1.253.8.51.8.1.1.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15935/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 57
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.8.1.3.0
value (tag=0x02): 0
oid: 1.3.6.1.4.1.253.8.51.8.1.1.0
value (tag=0x02): 300
snmp_set_request
[orig_h=172.31.19.54, orig_p=15936/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 58
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.8.2.1.2.1
value (tag=0x02): 4
oid: 1.3.6.1.4.1.253.8.51.8.2.1.3.1
value (tag=0x04): FujiXeroxExodus
oid: 1.3.6.1.4.1.253.8.51.8.2.1.4.1
value (tag=0x06): 1.3.6.1.4.1.253.8.51.8.2
oid: 1.3.6.1.4.1.253.8.51.8.2.1.5.1
value (tag=0x02): 300
snmp_response
[orig_h=172.31.19.54, orig_p=15936/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 58
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.8.2.1.2.1
value (tag=0x02): 4
oid: 1.3.6.1.4.1.253.8.51.8.2.1.3.1
value (tag=0x04): FujiXeroxExodus
oid: 1.3.6.1.4.1.253.8.51.8.2.1.4.1
value (tag=0x06): 1.3.6.1.4.1.253.8.51.8.2
oid: 1.3.6.1.4.1.253.8.51.8.2.1.5.1
value (tag=0x02): 300
snmp_set_request
[orig_h=172.31.19.54, orig_p=15937/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 59
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.2.10.1
value (tag=0x02): 6
snmp_response
[orig_h=172.31.19.54, orig_p=15937/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 59
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.2.10.1
value (tag=0x02): 6
snmp_set_request
[orig_h=172.31.19.54, orig_p=15938/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 60
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.10.2.1.7.10.14130101
value (tag=0x04): 172.31.19.73
oid: 1.3.6.1.4.1.253.8.51.10.2.1.5.10.14130400
value (tag=0x02): 2
oid: 1.3.6.1.4.1.253.8.51.10.2.1.7.10.14130102
value (tag=0x04): 255.255.255.0
oid: 1.3.6.1.4.1.253.8.51.10.2.1.7.10.14130104
value (tag=0x04): 172.31.19.2
snmp_response
[orig_h=172.31.19.54, orig_p=15938/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 60
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.10.2.1.7.10.14130101
value (tag=0x04): 172.31.19.73
oid: 1.3.6.1.4.1.253.8.51.10.2.1.5.10.14130400
value (tag=0x02): 2
oid: 1.3.6.1.4.1.253.8.51.10.2.1.7.10.14130102
value (tag=0x04): 255.255.255.0
oid: 1.3.6.1.4.1.253.8.51.10.2.1.7.10.14130104
value (tag=0x04): 172.31.19.2
snmp_set_request
[orig_h=172.31.19.54, orig_p=15939/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 61
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.2.10.1
value (tag=0x02): 4
oid: 1.3.6.1.4.1.253.8.51.9.2.1.4.10.1
value (tag=0x02): 4
oid: 1.3.6.1.4.1.253.8.51.9.2.1.3.10.1
value (tag=0x02): 10
snmp_response
[orig_h=172.31.19.54, orig_p=15939/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 61
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.2.10.1
value (tag=0x02): 4
oid: 1.3.6.1.4.1.253.8.51.9.2.1.4.10.1
value (tag=0x02): 4
oid: 1.3.6.1.4.1.253.8.51.9.2.1.3.10.1
value (tag=0x02): 10
snmp_get_request
[orig_h=172.31.19.54, orig_p=15940/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 62
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.5.10.1
value (tag=0x05): <unspecified>
oid: 1.3.6.1.4.1.253.8.51.9.2.1.6.10.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15940/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 62
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.5.10.1
value (tag=0x02): 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.6.10.1
value (tag=0x02): 0
snmp_set_request
[orig_h=172.31.19.54, orig_p=15941/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 63
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.4.10.1
value (tag=0x02): 8
snmp_response
[orig_h=172.31.19.54, orig_p=15941/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 63
error_stat: 0
error_idx: 0
oid: 1.3.6.1.4.1.253.8.51.9.2.1.4.10.1
value (tag=0x02): 8
snmp_get_request
[orig_h=172.31.19.54, orig_p=15942/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 64
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.3.0
value (tag=0x05): <unspecified>
snmp_get_request
[orig_h=172.31.19.54, orig_p=15945/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 65
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.3.0
value (tag=0x05): <unspecified>
snmp_get_request
[orig_h=172.31.19.54, orig_p=15952/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 66
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.3.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15952/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 66
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.3.0
value (tag=0x43): 300
snmp_get_request
[orig_h=172.31.19.54, orig_p=15953/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 67
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=172.31.19.54, orig_p=15953/udp, resp_h=172.31.19.73, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 67
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.2.0
value (tag=0x06): 1.3.6.1.4.1.2001.1.1.1.297.93.1.27.2.2.1

26
testing/btest/Baseline/scripts.base.protocols.snmp.v1/out2 Normal file
View file

@ -0,0 +1,26 @@
snmp_get_request
[orig_h=203.143.168.235, orig_p=1026/udp, resp_h=129.94.135.39, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 1567
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.25.3.2.1.5.1
value (tag=0x05): <unspecified>
oid: 1.3.6.1.2.1.25.3.5.1.1.1
value (tag=0x05): <unspecified>
oid: 1.3.6.1.2.1.25.3.5.1.2.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=203.143.168.235, orig_p=1026/udp, resp_h=129.94.135.39, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 1567
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.25.3.2.1.5.1
value (tag=0x02): 5
oid: 1.3.6.1.2.1.25.3.5.1.1.1
value (tag=0x02): 1
oid: 1.3.6.1.2.1.25.3.5.1.2.1
value (tag=0x04): \xc0

18
testing/btest/Baseline/scripts.base.protocols.snmp.v1/out3 Normal file
View file

@ -0,0 +1,18 @@
snmp_set_request
[orig_h=127.0.0.1, orig_p=63034/udp, resp_h=127.0.0.1, resp_p=161/udp]
is_orig: T
[community=]
request_id: 2064150121
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x04): musec
snmp_response
[orig_h=127.0.0.1, orig_p=63034/udp, resp_h=127.0.0.1, resp_p=161/udp]
is_orig: F
[community=]
request_id: 2064150121
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x05): <unspecified>

11
testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4 Normal file
View file

@ -0,0 +1,11 @@
snmp_trap
[orig_h=127.0.0.1, orig_p=57150/udp, resp_h=127.0.0.1, resp_p=162/udp]
is_orig: T
[community=public]
enterprise: 1.3.6.1.4.1.31337.0
agent: 1.0.0.127
generic_trap: 0
specific_trap: 0
time_stamp: 0
oid: 1.3.6.1.2.1.2.1.0
value (tag=0x02): 33

18
testing/btest/Baseline/scripts.base.protocols.snmp.v2/out1 Normal file
View file

@ -0,0 +1,18 @@
snmp_get_request
[orig_h=10.10.1.159, orig_p=51217/udp, resp_h=10.10.3.109, resp_p=161/udp]
is_orig: T
[community=public]
request_id: 895734538
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.2.2.1.17.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=10.10.1.159, orig_p=51217/udp, resp_h=10.10.3.109, resp_p=161/udp]
is_orig: F
[community=public]
request_id: 895734538
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.2.2.1.17.1
value (tag=0x41): 854387

18
testing/btest/Baseline/scripts.base.protocols.snmp.v2/out2 Normal file
View file

@ -0,0 +1,18 @@
snmp_get_bulk_request
[orig_h=127.0.0.1, orig_p=28456/udp, resp_h=127.0.0.1, resp_p=161/udp]
is_orig: T
[community=]
request_id: 1817072941
non_repeaters: 0
max_repititions: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=127.0.0.1, orig_p=28456/udp, resp_h=127.0.0.1, resp_p=161/udp]
is_orig: F
[community=]
request_id: 1817072941
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.5.0
value (tag=0x05): <unspecified>

72
testing/btest/Baseline/scripts.base.protocols.snmp.v2/out3 Normal file
View file

@ -0,0 +1,72 @@
snmp_get_request
[orig_h=10.144.246.184, orig_p=33938/udp, resp_h=10.144.246.161, resp_p=161/udp]
is_orig: T
[community=[R0_C@cti!]]
request_id: 722681733
error_stat: 0
error_idx: 0
oid: 0.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=10.144.246.184, orig_p=33938/udp, resp_h=10.144.246.161, resp_p=161/udp]
is_orig: F
[community=[R0_C@cti!]]
request_id: 722681733
error_stat: 0
error_idx: 0
oid: 1.0.8802.1.1.1.1.1.1.0
value (tag=0x02): 2
snmp_get_request
[orig_h=10.144.246.184, orig_p=43824/udp, resp_h=10.144.246.161, resp_p=161/udp]
is_orig: T
[community=[R0_C@cti!]]
request_id: 555232471
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.3.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=10.144.246.184, orig_p=43824/udp, resp_h=10.144.246.161, resp_p=161/udp]
is_orig: F
[community=[R0_C@cti!]]
request_id: 555232471
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.3.0
value (tag=0x43): 76705700
snmp_get_request
[orig_h=10.144.246.184, orig_p=40807/udp, resp_h=10.144.246.161, resp_p=161/udp]
is_orig: T
[community=[R0_C@cti!]]
request_id: 349867006
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.31.1.1.1.10.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=10.144.246.184, orig_p=40807/udp, resp_h=10.144.246.161, resp_p=161/udp]
is_orig: F
[community=[R0_C@cti!]]
request_id: 349867006
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.31.1.1.1.10.1
value (tag=0x46): 2232821312
snmp_get_request
[orig_h=10.144.246.184, orig_p=54059/udp, resp_h=10.144.246.161, resp_p=161/udp]
is_orig: T
[community=[R0_C@cti!]]
request_id: 107891391
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.31.1.1.1.6.1
value (tag=0x05): <unspecified>
snmp_response
[orig_h=10.144.246.184, orig_p=54059/udp, resp_h=10.144.246.161, resp_p=161/udp]
is_orig: F
[community=[R0_C@cti!]]
request_id: 107891391
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.31.1.1.1.6.1
value (tag=0x46): 12606463906

34
testing/btest/Baseline/scripts.base.protocols.snmp.v3/out1 Normal file
View file

@ -0,0 +1,34 @@
snmp_get_request
[orig_h=127.0.0.1, orig_p=54211/udp, resp_h=127.0.0.1, resp_p=161/udp]
is_orig: T
[id=544943986, max_size=16384, flags=4, auth_flag=F, priv_flag=F, reportable_flag=T, security_model=3, security_params=0^N^D\0^B^A*^B^A*^D\0^D\0^D\0, pdu_context=[engine_id=, name=]]
request_id: 544943986
error_stat: 0
error_idx: 0
snmp_report
[orig_h=127.0.0.1, orig_p=54211/udp, resp_h=127.0.0.1, resp_p=161/udp]
is_orig: F
[id=544943986, max_size=16384, flags=0, auth_flag=F, priv_flag=F, reportable_flag=F, security_model=3, security_params=0\x1b^D^M\x80\0\x1f\x88\x80\xa9I\x8e^:,0C^B^A\xdd^B^A\xdd^D\0^D\0^D\0, pdu_context=[engine_id=\x80\0\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
request_id: 544943986
error_stat: 0
error_idx: 0
oid: 1.3.6.1.6.3.15.1.1.0
value (tag=0x41): 3
snmp_get_request
[orig_h=127.0.0.1, orig_p=54211/udp, resp_h=127.0.0.1, resp_p=161/udp]
is_orig: T
[id=544943986, max_size=16384, flags=4, auth_flag=F, priv_flag=F, reportable_flag=T, security_model=3, security_params=0/^D^M\x80\0\x1f\x88\x80\xa9I\x8e^:,0C^B^A\xdd^B^A\xdd^D^Husername^D^L\0\0\0\0\0\0\0\0\0\0\0\0^D\0, pdu_context=[engine_id=\x80\0\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
request_id: 544943986
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.6.0
value (tag=0x05): <unspecified>
snmp_response
[orig_h=127.0.0.1, orig_p=54211/udp, resp_h=127.0.0.1, resp_p=161/udp]
is_orig: F
[id=544943986, max_size=16384, flags=0, auth_flag=F, priv_flag=F, reportable_flag=F, security_model=3, security_params=0#^D^M\x80\0\x1f\x88\x80\xa9I\x8e^:,0C^B^A\xdd^B^A\xdd^D^Husername^D\0^D\0, pdu_context=[engine_id=\x80\0\x1f\x88\x80\xa9I\x8e^:,0C, name=]]
request_id: 544943986
error_stat: 0
error_idx: 0
oid: 1.3.6.1.2.1.1.6.0
value (tag=0x04):

BIN
testing/btest/Traces/snmp/snmpv1_get.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/snmp/snmpv1_get_short.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/snmp/snmpv1_set.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/snmp/snmpv1_trap.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/snmp/snmpv2_get.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/snmp/snmpv2_get_bulk.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/snmp/snmpv2_get_next.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/snmp/snmpv3_get_next.pcap Normal file
View file

Binary file not shown.

10
testing/btest/core/leaks/snmp.test Normal file
View file

@ -0,0 +1,10 @@
# Needs perftools support.
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
#
# @TEST-GROUP: leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.bro %INPUT
# @TEST-EXEC: btest-bg-wait 30
@load base/protocols/snmp

11
testing/btest/scripts/base/protocols/snmp/v1.bro Normal file
View file

@ -0,0 +1,11 @@
# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.bro >out1
# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.bro >out2
# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.bro >out3
# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.bro >out4
# @TEST-EXEC: btest-diff out1
# @TEST-EXEC: btest-diff out2
# @TEST-EXEC: btest-diff out3
# @TEST-EXEC: btest-diff out4
@load base/protocols/snmp

9
testing/btest/scripts/base/protocols/snmp/v2.bro Normal file
View file

@ -0,0 +1,9 @@
# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.bro >out1
# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.bro >out2
# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.bro >out3
# @TEST-EXEC: btest-diff out1
# @TEST-EXEC: btest-diff out2
# @TEST-EXEC: btest-diff out3
@load base/protocols/snmp

5
testing/btest/scripts/base/protocols/snmp/v3.bro Normal file
View file

@ -0,0 +1,5 @@
# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.bro >out1
# @TEST-EXEC: btest-diff out1
@load base/protocols/snmp

208
testing/scripts/snmp-test.bro Normal file
View file

@ -0,0 +1,208 @@
function format_snmp_val(tag: count, s: string): string
{
return fmt(" value (tag=0x%02x): %s", tag, s);
}
function print_snmp_value(val: SNMP::ObjectValue)
{
switch ( val$tag ) {
case SNMP::OBJ_OID_TAG:
print format_snmp_val(val$tag, fmt("%s", val$oid));
break;
case SNMP::OBJ_INTEGER_TAG:
print format_snmp_val(val$tag, fmt("%s", val$signed));
break;
case SNMP::OBJ_COUNTER32_TAG,
SNMP::OBJ_UNSIGNED32_TAG,
SNMP::OBJ_TIMETICKS_TAG,
SNMP::OBJ_COUNTER64_TAG:
print format_snmp_val(val$tag, fmt("%s", val$unsigned));
break;
case SNMP::OBJ_IPADDRESS_TAG:
print format_snmp_val(val$tag, fmt("%s", val$address));
break;
case SNMP::OBJ_OCTETSTRING_TAG,
SNMP::OBJ_OPAQUE_TAG:
print format_snmp_val(val$tag, fmt("%s", val$octets));
break;
case SNMP::OBJ_UNSPECIFIED_TAG:
print format_snmp_val(val$tag, fmt("%s", "<unspecified>"));
break;
case SNMP::OBJ_NOSUCHOBJECT_TAG:
print format_snmp_val(val$tag, fmt("%s", "<no such object>"));
break;
case SNMP::OBJ_NOSUCHINSTANCE_TAG:
print format_snmp_val(val$tag, fmt("%s", "<no such instance>"));
break;
case SNMP::OBJ_ENDOFMIBVIEW_TAG:
print format_snmp_val(val$tag, fmt("%s", "<end of mib view>"));
break;
default:
print format_snmp_val(val$tag, "<unknown>");
break;
}
}
function print_snmp_binding(binding: SNMP::Binding)
{
print fmt(" oid: %s", binding$oid);
print_snmp_value(binding$value);
}
function print_snmp_bindings(bindings: SNMP::Bindings)
{
for ( i in bindings )
print_snmp_binding(bindings[i]);
}
function print_snmp_pdu(pdu: SNMP::PDU)
{
print fmt(" request_id: %s", pdu$request_id);
print fmt(" error_stat: %s", pdu$error_status);
print fmt(" error_idx: %s", pdu$error_index);
print_snmp_bindings(pdu$bindings);
}
function print_snmp_trap_pdu(pdu: SNMP::TrapPDU)
{
print fmt(" enterprise: %s", pdu$enterprise);
print fmt(" agent: %s", pdu$agent);
print fmt(" generic_trap: %s", pdu$generic_trap);
print fmt(" specific_trap: %s", pdu$specific_trap);
print fmt(" time_stamp: %s", pdu$time_stamp);
print_snmp_bindings(pdu$bindings);
}
function print_snmp_bulk_pdu(pdu: SNMP::BulkPDU)
{
print fmt(" request_id: %s", pdu$request_id);
print fmt(" non_repeaters: %s", pdu$non_repeaters);
print fmt(" max_repititions: %s", pdu$max_repititions);
print_snmp_bindings(pdu$bindings);
}
function print_snmp_conn(c: connection, is_orig: bool)
{
print fmt(" %s", c$id);
print fmt(" is_orig: %s", is_orig);
}
function print_snmp_header(header: SNMP::Header)
{
switch ( header$version ) {
case 0:
print fmt(" %s", header$v1);
break;
case 1:
print fmt(" %s", header$v2);
break;
case 3:
print fmt(" %s", header$v3);
break;
default:
break;
}
}
function print_snmp(msg: string, c: connection, is_orig: bool,
header: SNMP::Header, pdu: SNMP::PDU)
{
print msg;
print_snmp_conn(c, is_orig);
print_snmp_header(header);
print_snmp_pdu(pdu);
}
event snmp_get_request(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU)
{
print_snmp("snmp_get_request", c, is_orig, header, pdu);
}
event snmp_get_next_request(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU)
{
print_snmp("snmp_get_request", c, is_orig, header, pdu);
}
event snmp_response(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU)
{
print_snmp("snmp_response", c, is_orig, header, pdu);
}
event snmp_set_request(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU)
{
print_snmp("snmp_set_request", c, is_orig, header, pdu);
}
event snmp_trap(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::TrapPDU)
{
print "snmp_trap";
print_snmp_conn(c, is_orig);
print_snmp_header(header);
print_snmp_trap_pdu(pdu);
}
event snmp_get_bulk_request(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::BulkPDU)
{
print "snmp_get_bulk_request";
print_snmp_conn(c, is_orig);
print_snmp_header(header);
print_snmp_bulk_pdu(pdu);
}
event snmp_inform_request(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU)
{
print_snmp("snmp_inform_request", c, is_orig, header, pdu);
}
event snmp_trapV2(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU)
{
print_snmp("snmp_trapv2", c, is_orig, header, pdu);
}
event snmp_report(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU)
{
print_snmp("snmp_report", c, is_orig, header, pdu);
}
event snmp_unknown_pdu(c: connection, is_orig: bool, header: SNMP::Header, tag: count)
{
print "snmp_unknown_pdu";
print_snmp_conn(c, is_orig);
print_snmp_header(header);
print fmt(" tag: %s", tag);
}
event snmp_unknown_scoped_pdu(c: connection, is_orig: bool, header: SNMP::Header, tag: count)
{
print "snmp_unknown_scoped_pdu";
print_snmp_conn(c, is_orig);
print_snmp_header(header);
print fmt(" tag: %s", tag);
}
event snmp_encrypted_pdu(c: connection, is_orig: bool, header: SNMP::Header)
{
print "snmp_encrypted_pdu";
print_snmp_conn(c, is_orig);
print_snmp_header(header);
}
event snmp_unknown_header_version(c: connection, is_orig: bool, version: count)
{
print "snmp_unknown_header_version";
print_snmp_conn(c, is_orig);
print fmt(" version %s", version);
}