… | |
… | |
4 | |
4 | |
5 | =head1 SYNOPSIS |
5 | =head1 SYNOPSIS |
6 | |
6 | |
7 | use Convert::BER::XS ':all'; |
7 | use Convert::BER::XS ':all'; |
8 | |
8 | |
|
|
9 | # decode a binary BER data structure using the SNMP profile |
9 | my $ber = ber_decode $buf, $Convert::BER::XS::SNMP_PROFILE |
10 | my $ber = ber_decode $buf, $Convert::BER::XS::SNMP_PROFILE |
10 | or die "unable to decode SNMP message"; |
11 | or die "unable to decode SNMP message"; |
11 | |
12 | |
12 | # The above results in a data structure consisting of |
13 | # The above results in a data structure consisting of |
13 | # (class, tag, flags, data) |
14 | # (class, tag, flags, data) |
14 | # tuples. Below is such a message, SNMPv1 trap |
15 | # tuples. Below is such a message, an SNMPv1 trap |
15 | # with a Cisco mac change notification. |
16 | # with a Cisco mac change notification. |
16 | # Did you know that Cisco is in the news almost |
17 | # (Did you know that Cisco is in the news almost |
17 | # every week because of some backdoor password |
18 | # every week because of some backdoor password |
18 | # or other extremely stupid security bug? |
19 | # or other extremely stupid security bug?) |
19 | |
20 | |
20 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, |
21 | [ ASN_UNIVERSAL, ASN_SEQUENCE, 1, |
21 | [ |
22 | [ |
22 | [ ASN_UNIVERSAL, ASN_INTEGER, 0, 0 ], # snmp version 1 |
23 | [ ASN_UNIVERSAL, ASN_INTEGER, 0, 0 ], # snmp version 1 |
23 | [ ASN_UNIVERSAL, 4, 0, "public" ], # community |
24 | [ ASN_UNIVERSAL, 4, 0, "public" ], # community |
… | |
… | |
36 | [ ASN_UNIVERSAL, ASN_OCTET_STRING, 0, "...data..." # the value |
37 | [ ASN_UNIVERSAL, ASN_OCTET_STRING, 0, "...data..." # the value |
37 | ] |
38 | ] |
38 | ] |
39 | ] |
39 | ], |
40 | ], |
40 | ... |
41 | ... |
|
|
42 | |
41 | # let's dump it, for debugging |
43 | # let's dump the above structure, for debugging |
42 | |
|
|
43 | ber_dump $ber, $Convert::BER::XS::SNMP_PROFILE; |
44 | ber_dump $ber, $Convert::BER::XS::SNMP_PROFILE; |
44 | |
45 | |
45 | # let's decode it a bit with some helper functions |
46 | # let's decode it a bit with some helper functions. |
46 | |
47 | # first check whether it starts with a sequence |
47 | my $msg = ber_is_seq $ber |
48 | my $msg = ber_is_seq $ber |
48 | or die "SNMP message does not start with a sequence"; |
49 | or die "SNMP message does not start with a sequence"; |
49 | |
50 | |
|
|
51 | # then check if its some kind of integer |
50 | ber_is $msg->[0], ASN_UNIVERSAL, ASN_INTEGER, 0 |
52 | ber_is $msg->[0], ASN_UNIVERSAL, ASN_INTEGER, 0 |
51 | or die "SNMP message does not start with snmp version\n"; |
53 | or die "SNMP message does not start with snmp version"; |
52 | |
54 | |
53 | # message is SNMP v1 or v2c? |
55 | # message is SNMP v1 or v2c? |
54 | if ($msg->[0][BER_DATA] == 0 || $msg->[0][BER_DATA] == 1) { |
56 | if ($msg->[0][BER_DATA] == 0 || $msg->[0][BER_DATA] == 1) { |
55 | |
57 | |
56 | # message is v1 trap? |
58 | # message is v1 trap? |
… | |
… | |
64 | and (ber_is_int $trap->[3], 1) # mac changed msg |
66 | and (ber_is_int $trap->[3], 1) # mac changed msg |
65 | ) { |
67 | ) { |
66 | ... and so on |
68 | ... and so on |
67 | |
69 | |
68 | # finally, let's encode it again and hope it results in the same bit pattern |
70 | # finally, let's encode it again and hope it results in the same bit pattern |
69 | |
|
|
70 | my $buf = ber_encode $ber, $Convert::BER::XS::SNMP_PROFILE; |
71 | my $buf = ber_encode $ber, $Convert::BER::XS::SNMP_PROFILE; |
71 | |
72 | |
72 | =head1 DESCRIPTION |
73 | =head1 DESCRIPTION |
73 | |
|
|
74 | WARNING: Before release 1.0, the API is not considered stable in any way. |
|
|
75 | |
74 | |
76 | This module implements a I<very> low level BER/DER en-/decoder. |
75 | This module implements a I<very> low level BER/DER en-/decoder. |
77 | |
76 | |
78 | It is tuned for low memory and high speed, while still maintaining some |
77 | It is tuned for low memory and high speed, while still maintaining some |
79 | level of user-friendlyness. |
78 | level of user-friendlyness. |
… | |
… | |
175 | This works because BER values are tagged with a type and a namespace, |
174 | This works because BER values are tagged with a type and a namespace, |
176 | and also have a flag that says whether a value consists of subvalues (is |
175 | and also have a flag that says whether a value consists of subvalues (is |
177 | "constructed") or not (is "primitive"). |
176 | "constructed") or not (is "primitive"). |
178 | |
177 | |
179 | Tags are simple integers, and ASN.1 defines a somewhat weird assortment |
178 | Tags are simple integers, and ASN.1 defines a somewhat weird assortment |
180 | of those - for example, you have one integers and 16(!) different |
179 | of those - for example, you have one integer but 16(!) different |
181 | string types, but there is no Unsigned32 type for example. Different |
180 | string types, but there is no Unsigned32 type for example. Different |
182 | applications work around this in different ways, for example, SNMP defines |
181 | applications work around this in different ways, for example, SNMP defines |
183 | application-specific Gauge32, Counter32 and Unsigned32, which are mapped |
182 | application-specific Gauge32, Counter32 and Unsigned32, which are mapped |
184 | to two different tags: you can distinguish between Counter32 and the |
183 | to two different tags: you can distinguish between Counter32 and the |
185 | others, but not between Gause32 and Unsigned32, without the ASN.1 schema. |
184 | others, but not between Gause32 and Unsigned32, without the ASN.1 schema. |
… | |
… | |
414 | use Carp (); |
413 | use Carp (); |
415 | |
414 | |
416 | our $VERSION; |
415 | our $VERSION; |
417 | |
416 | |
418 | BEGIN { |
417 | BEGIN { |
419 | $VERSION = 1.2; |
418 | $VERSION = 1.21; |
420 | XSLoader::load __PACKAGE__, $VERSION; |
419 | XSLoader::load __PACKAGE__, $VERSION; |
421 | } |
420 | } |
422 | |
421 | |
423 | our %EXPORT_TAGS = ( |
422 | our %EXPORT_TAGS = ( |
424 | const_index => [qw( |
423 | const_index => [qw( |
… | |
… | |
468 | # additional SNMP application types |
467 | # additional SNMP application types |
469 | our $SNMP_PROFILE = new Convert::BER::XS::Profile; |
468 | our $SNMP_PROFILE = new Convert::BER::XS::Profile; |
470 | |
469 | |
471 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_IPADDRESS , BER_TYPE_IPADDRESS); |
470 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_IPADDRESS , BER_TYPE_IPADDRESS); |
472 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER32 , BER_TYPE_INT); |
471 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER32 , BER_TYPE_INT); |
|
|
472 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER64 , BER_TYPE_INT); |
473 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_UNSIGNED32, BER_TYPE_INT); |
473 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_UNSIGNED32, BER_TYPE_INT); |
474 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_TIMETICKS , BER_TYPE_INT); |
474 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_TIMETICKS , BER_TYPE_INT); |
475 | |
475 | |
476 | # decodes REAL values according to ECMA-63 |
476 | # decodes REAL values according to ECMA-63 |
477 | # this is pretty strict, except it doesn't catch -0. |
477 | # this is pretty strict, except it doesn't catch -0. |
|
|
478 | # I don't have access to ISO 6093 (or BS 6727, or ANSI X.3-42)), so this is all guesswork. |
478 | sub _decode_real_decimal { |
479 | sub _decode_real_decimal { |
479 | my ($format, $val) = @_; |
480 | my ($format, $val) = @_; |
480 | |
481 | |
481 | $val =~ y/,/./; |
482 | $val =~ y/,/./; # probably not in ISO-6093 |
482 | |
483 | |
483 | if ($format == 1) { |
484 | if ($format == 1) { |
484 | $val =~ /^ \ * [+-]? [0-9]+ \z/x |
485 | $val =~ /^ \ * [+-]? [0-9]+ \z/x |
485 | or Carp::croak "BER_TYPE_REAL NR1 value not in NR1 format ($val) (X.690 8.5.8, ECMA-63)"; |
486 | or Carp::croak "BER_TYPE_REAL NR1 value not in NR1 format ($val) (X.690 8.5.8)"; |
486 | } elsif ($format == 2) { |
487 | } elsif ($format == 2) { |
487 | $val =~ /^ \ * [+-]? (?: [0-9]+\.[0-9]* | [0-9]*\.[0-9]+ ) \z/x |
488 | $val =~ /^ \ * [+-]? (?: [0-9]+\.[0-9]* | [0-9]*\.[0-9]+ ) \z/x |
488 | or Carp::croak "BER_TYPE_REAL NR2 value not in NR2 format ($val) (X.690 8.5.8, ECMA-63)"; |
489 | or Carp::croak "BER_TYPE_REAL NR2 value not in NR2 format ($val) (X.690 8.5.8)"; |
489 | } elsif ($format == 3) { |
490 | } elsif ($format == 3) { |
490 | $val =~ /^ \ * [+-] (?: [0-9]+\.[0-9]* | [0-9]*\.[0-9]+ ) E [+-][0-9]+ \z/x |
491 | $val =~ /^ \ * [+-] (?: [0-9]+\.[0-9]* | [0-9]*\.[0-9]+ ) [eE] [+-]? [0-9]+ \z/x |
491 | or Carp::croak "BER_TYPE_REAL NR3 value not in NR3 format ($val) (X.690 8.5.8, ECMA-63)"; |
492 | or Carp::croak "BER_TYPE_REAL NR3 value not in NR3 format ($val) (X.690 8.5.8)"; |
492 | } else { |
493 | } else { |
493 | Carp::croak "BER_TYPE_REAL illegal decimal numerical representation format $format"; |
494 | Carp::croak "BER_TYPE_REAL invalid decimal numerical representation format $format"; |
494 | } |
495 | } |
495 | |
496 | |
496 | $val |
497 | $val |
497 | } |
498 | } |
498 | |
499 | |
… | |
… | |
563 | and return $symbol; |
564 | and return $symbol; |
564 | } |
565 | } |
565 | |
566 | |
566 | "($value)" |
567 | "($value)" |
567 | } |
568 | } |
568 | |
|
|
569 | $SNMP_PROFILE->set (ASN_APPLICATION, SNMP_COUNTER64 , BER_TYPE_INT); |
|
|
570 | |
569 | |
571 | sub _ber_dump { |
570 | sub _ber_dump { |
572 | my ($ber, $profile, $indent) = @_; |
571 | my ($ber, $profile, $indent) = @_; |
573 | |
572 | |
574 | if (my $seq = ber_is_seq $ber) { |
573 | if (my $seq = ber_is_seq $ber) { |
… | |
… | |
649 | =item C<$Convert::BER::XS::SNMP_PROFILE> |
648 | =item C<$Convert::BER::XS::SNMP_PROFILE> |
650 | |
649 | |
651 | A profile with mappings for SNMP-specific application tags added. This is |
650 | A profile with mappings for SNMP-specific application tags added. This is |
652 | useful when de-/encoding SNMP data. |
651 | useful when de-/encoding SNMP data. |
653 | |
652 | |
|
|
653 | The L<Example Profile> section, below, shows how this profile is being |
|
|
654 | constructed. |
|
|
655 | |
654 | Example: |
656 | Example: |
655 | |
657 | |
656 | $ber = ber_decode $data, $Convert::BER::XS::SNMP_PROFILE; |
658 | $ber = ber_decode $data, $Convert::BER::XS::SNMP_PROFILE; |
657 | |
659 | |
658 | =back |
660 | =back |
… | |
… | |
728 | dot, e.g. C<1.3.6.1.213>. |
730 | dot, e.g. C<1.3.6.1.213>. |
729 | |
731 | |
730 | =item C<BER_TYPE_RELOID> |
732 | =item C<BER_TYPE_RELOID> |
731 | |
733 | |
732 | Same as C<BER_TYPE_OID> but uses relative object identifier |
734 | Same as C<BER_TYPE_OID> but uses relative object identifier |
733 | encoding: ASN.1 has this hack of encoding the first two OID components |
735 | encoding: ASN.1 uses some hack encoding of the first two OID components |
734 | into a single integer in a weird attempt to save an insignificant amount |
736 | into a single integer in a weird attempt to save an insignificant amount |
735 | of space in an otherwise wasteful encoding, and relative OIDs are |
737 | of space in an otherwise wasteful encoding, and relative OIDs are |
736 | basically OIDs without this hack. The practical difference is that the |
738 | basically OIDs without this hack. The practical difference is that the |
737 | second component of an OID can only have the values 1..40, while relative |
739 | second component of an OID can only have the values 1..40, while relative |
738 | OIDs do not have this restriction. |
740 | OIDs do not have this restriction. |