… | |
… | |
4 | |
4 | |
5 | =head1 SYNOPSIS |
5 | =head1 SYNOPSIS |
6 | |
6 | |
7 | use Convert::BER::XS ':all'; |
7 | use Convert::BER::XS ':all'; |
8 | |
8 | |
|
|
9 | # decode a binary BER data structure using the SNMP profile |
9 | my $ber = ber_decode $buf, $Convert::BER::XS::SNMP_PROFILE |
10 | my $ber = ber_decode $buf, $Convert::BER::XS::SNMP_PROFILE |
10 | or die "unable to decode SNMP message"; |
11 | or die "unable to decode SNMP message"; |
11 | |
12 | |
12 | # The above results in a data structure consisting of |
13 | # The above results in a data structure consisting of |
13 | # (class, tag, flags, data) |
14 | # (class, tag, flags, data) |
14 | # tuples. Below is such a message, SNMPv1 trap |
15 | # tuples. Below is such a message, an SNMPv1 trap |
15 | # with a Cisco mac change notification. |
16 | # with a Cisco mac change notification. |
16 | # Did you know that Cisco is in the news almost |
17 | # (Did you know that Cisco is in the news almost |
17 | # every week because of some backdoor password |
18 | # every week because of some backdoor password |
18 | # or other extremely stupid security bug? |
19 | # or other extremely stupid security bug?) |
19 | |
20 | |
20 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, |
21 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, |
21 | [ |
22 | [ |
22 | [ ASN_UNIVERSAL, ASN_INTEGER, 0, 0 ], # snmp version 1 |
23 | [ ASN_UNIVERSAL, ASN_INTEGER, 0, 0 ], # snmp version 1 |
23 | [ ASN_UNIVERSAL, 4, 0, "public" ], # community |
24 | [ ASN_UNIVERSAL, 4, 0, "public" ], # community |
… | |
… | |
36 | [ ASN_UNIVERSAL, ASN_OCTET_STRING, 0, "...data..." # the value |
37 | [ ASN_UNIVERSAL, ASN_OCTET_STRING, 0, "...data..." # the value |
37 | ] |
38 | ] |
38 | ] |
39 | ] |
39 | ], |
40 | ], |
40 | ... |
41 | ... |
|
|
42 | |
41 | # let's dump it, for debugging |
43 | # let's dump the above structure, for debugging |
42 | |
|
|
43 | ber_dump $ber, $Convert::BER::XS::SNMP_PROFILE; |
44 | ber_dump $ber, $Convert::BER::XS::SNMP_PROFILE; |
44 | |
45 | |
45 | # let's decode it a bit with some helper functions |
46 | # let's decode it a bit with some helper functions. |
46 | |
47 | # first check whether it starts with a sequence |
47 | my $msg = ber_is_seq $ber |
48 | my $msg = ber_is_seq $ber |
48 | or die "SNMP message does not start with a sequence"; |
49 | or die "SNMP message does not start with a sequence"; |
49 | |
50 | |
|
|
51 | # then check if its some kind of integer |
50 | ber_is $msg->[0], ASN_UNIVERSAL, ASN_INTEGER, 0 |
52 | ber_is $msg->[0], ASN_UNIVERSAL, ASN_INTEGER, 0 |
51 | or die "SNMP message does not start with snmp version\n"; |
53 | or die "SNMP message does not start with snmp version"; |
52 | |
54 | |
53 | # message is SNMP v1 or v2c? |
55 | # message is SNMP v1 or v2c? |
54 | if ($msg->[0][BER_DATA] == 0 || $msg->[0][BER_DATA] == 1) { |
56 | if ($msg->[0][BER_DATA] == 0 || $msg->[0][BER_DATA] == 1) { |
55 | |
57 | |
56 | # message is v1 trap? |
58 | # message is v1 trap? |
… | |
… | |
64 | and (ber_is_int $trap->[3], 1) # mac changed msg |
66 | and (ber_is_int $trap->[3], 1) # mac changed msg |
65 | ) { |
67 | ) { |
66 | ... and so on |
68 | ... and so on |
67 | |
69 | |
68 | # finally, let's encode it again and hope it results in the same bit pattern |
70 | # finally, let's encode it again and hope it results in the same bit pattern |
69 | |
|
|
70 | my $buf = ber_encode $ber, $Convert::BER::XS::SNMP_PROFILE; |
71 | my $buf = ber_encode $ber, $Convert::BER::XS::SNMP_PROFILE; |
71 | |
72 | |
72 | =head1 DESCRIPTION |
73 | =head1 DESCRIPTION |
73 | |
74 | |
74 | This module implements a I<very> low level BER/DER en-/decoder. |
75 | This module implements a I<very> low level BER/DER en-/decoder. |
… | |
… | |
173 | This works because BER values are tagged with a type and a namespace, |
174 | This works because BER values are tagged with a type and a namespace, |
174 | and also have a flag that says whether a value consists of subvalues (is |
175 | and also have a flag that says whether a value consists of subvalues (is |
175 | "constructed") or not (is "primitive"). |
176 | "constructed") or not (is "primitive"). |
176 | |
177 | |
177 | Tags are simple integers, and ASN.1 defines a somewhat weird assortment |
178 | Tags are simple integers, and ASN.1 defines a somewhat weird assortment |
178 | of those - for example, you have one integers and 16(!) different |
179 | of those - for example, you have one integer but 16(!) different |
179 | string types, but there is no Unsigned32 type for example. Different |
180 | string types, but there is no Unsigned32 type for example. Different |
180 | applications work around this in different ways, for example, SNMP defines |
181 | applications work around this in different ways, for example, SNMP defines |
181 | application-specific Gauge32, Counter32 and Unsigned32, which are mapped |
182 | application-specific Gauge32, Counter32 and Unsigned32, which are mapped |
182 | to two different tags: you can distinguish between Counter32 and the |
183 | to two different tags: you can distinguish between Counter32 and the |
183 | others, but not between Gause32 and Unsigned32, without the ASN.1 schema. |
184 | others, but not between Gause32 and Unsigned32, without the ASN.1 schema. |
… | |
… | |
466 | # additional SNMP application types |
467 | # additional SNMP application types |
467 | our $SNMP_PROFILE = new Convert::BER::XS::Profile; |
468 | our $SNMP_PROFILE = new Convert::BER::XS::Profile; |
468 | |
469 | |
469 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_IPADDRESS , BER_TYPE_IPADDRESS); |
470 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_IPADDRESS , BER_TYPE_IPADDRESS); |
470 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER32 , BER_TYPE_INT); |
471 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER32 , BER_TYPE_INT); |
|
|
472 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER64 , BER_TYPE_INT); |
471 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_UNSIGNED32, BER_TYPE_INT); |
473 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_UNSIGNED32, BER_TYPE_INT); |
472 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_TIMETICKS , BER_TYPE_INT); |
474 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_TIMETICKS , BER_TYPE_INT); |
473 | |
475 | |
474 | # decodes REAL values according to ECMA-63 |
476 | # decodes REAL values according to ECMA-63 |
475 | # this is pretty strict, except it doesn't catch -0. |
477 | # this is pretty strict, except it doesn't catch -0. |
… | |
… | |
563 | } |
565 | } |
564 | |
566 | |
565 | "($value)" |
567 | "($value)" |
566 | } |
568 | } |
567 | |
569 | |
568 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER64 , BER_TYPE_INT); |
|
|
569 | |
|
|
570 | sub _ber_dump { |
570 | sub _ber_dump { |
571 | my ($ber, $profile, $indent) = @_; |
571 | my ($ber, $profile, $indent) = @_; |
572 | |
572 | |
573 | if (my $seq = ber_is_seq $ber) { |
573 | if (my $seq = ber_is_seq $ber) { |
574 | printf "%sSEQUENCE\n", $indent; |
574 | printf "%sSEQUENCE\n", $indent; |
… | |
… | |
648 | =item C<$Convert::BER::XS::SNMP_PROFILE> |
648 | =item C<$Convert::BER::XS::SNMP_PROFILE> |
649 | |
649 | |
650 | A profile with mappings for SNMP-specific application tags added. This is |
650 | A profile with mappings for SNMP-specific application tags added. This is |
651 | useful when de-/encoding SNMP data. |
651 | useful when de-/encoding SNMP data. |
652 | |
652 | |
|
|
653 | The L<Example Profile> section, below, shows how this profile is being |
|
|
654 | constructed. |
|
|
655 | |
653 | Example: |
656 | Example: |
654 | |
657 | |
655 | $ber = ber_decode $data, $Convert::BER::XS::SNMP_PROFILE; |
658 | $ber = ber_decode $data, $Convert::BER::XS::SNMP_PROFILE; |
656 | |
659 | |
657 | =back |
660 | =back |