Right now tcpdump prints noSuchObject/noSuchInstance/endOfMibView as
[P/x/GetRequest]/[P/x/GetNextRequest]/[P/x/GetResponse]. This is because
tcpdump doesn't treat CONTEXT for what it is: context dependent.
I'm not going to untangle this entire mess, but this diff at least gives
us a better output:
martijn$ doas tcpdump -s1500 -ilo0 port snmp
tcpdump: listening on lo0, link-type LOOP
11:33:04.381363 localhost.40238 > localhost.snmp: GetRequest(27)
system.sysContact
11:33:04.381476 localhost.snmp > localhost.40238: GetResponse(27)
system.sysContact=[P/x/GetRequest]
11:33:06.564163 localhost.5317 > localhost.snmp: GetRequest(29)
system.sysContact.0.1
11:33:06.564278 localhost.snmp > localhost.5317: GetResponse(29)
system.sysContact.0.1=[P/x/GetNextRequest]
^C
4 packets received by filter
0 packets dropped by kernel
martijn$ make -j4 && doas ./obj/tcpdump -s1500 -ilo0 port snmp
tcpdump: listening on lo0, link-type LOOP
11:33:11.814521 localhost.19859 > localhost.snmp: GetRequest(27)
system.sysContact
11:33:11.814655 localhost.snmp > localhost.19859: GetResponse(27)
system.sysContact=noSuchObject
11:33:12.346477 localhost.2383 > localhost.snmp: GetRequest(29)
system.sysContact.0.1
11:33:12.346584 localhost.snmp > localhost.2383: GetResponse(29)
system.sysContact.0.1=noSuchInstance
OK?
martijn@
Index: print-snmp.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-snmp.c,v
retrieving revision 1.26
diff -u -p -r1.26 print-snmp.c
--- print-snmp.c 23 Oct 2021 09:42:14 -0000 1.26
+++ print-snmp.c 23 Oct 2021 10:35:15 -0000
@@ -134,6 +134,15 @@ char *Context[] = {
#define REPORT 8
};
+char *ContextVarbind[] = {
+ "noSuchObject",
+#define NOSUCHOBJECT 0
+ "noSuchInstance",
+#define NOSUCHINSTANCE 1
+ "endOfMibView"
+#define ENDOFMIBVIEW 2
+};
+
/*
* Private ASN.1 types
* The Internet SMI does not specify any
@@ -196,7 +205,7 @@ char *GenericTrap[] = {
struct {
char *name;
char **Id;
- int numIDs;
+ int numIDs;
} Class[] = {
defineCLASS(Universal),
#define UNIVERSAL 0
@@ -315,6 +324,7 @@ struct be {
#define BE_INETADDR 8
#define BE_PDU 9
#define BE_UNS64 10
+#define BE_VB 11
};
@@ -576,6 +586,22 @@ asn1_parse(const u_char *p, u_int len, s
}
break;
+ case CONTEXT:
+ switch (id) {
+ case NOSUCHOBJECT:
+ case NOSUCHINSTANCE:
+ case ENDOFMIBVIEW:
+ elem->type = BE_VB;
+ elem->data.raw = NULL;
+ break;
+ default:
+ elem->type = BE_OCTET;
+ elem->data.raw = (caddr_t)p;
+ printf("[P/C/%d]", id);
+ break;
+ }
+ break;
+
default:
elem->type = BE_OCTET;
elem->data.raw = (caddr_t)p;
@@ -723,6 +749,11 @@ asn1_print(struct be *elem)
case BE_PDU:
printf("%s(%u)",
Class[CONTEXT].Id[elem->id], elem->asnlen);
+ break;
+ case BE_VB:
+ if (elem->id > sizeof(ContextVarbind)/sizeof(ContextVarbind[0]))
+ break;
+ printf("%s", ContextVarbind[elem->id]);
break;
case BE_ANY:
printf("[BE_ANY!?]");
