snmp_agent_dispatch.c
Go to the documentation of this file.
1 /**
2  * @file snmp_agent_dispatch.c
3  * @brief SNMP message dispatching
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneTCP Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL SNMP_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/net.h"
36 #include "snmp/snmp_agent.h"
38 #include "snmp/snmp_agent_pdu.h"
39 #include "snmp/snmp_agent_misc.h"
40 #include "mibs/mib2_module.h"
41 #include "mibs/snmp_mib_module.h"
42 #include "core/crypto.h"
43 #include "encoding/asn1.h"
44 #include "encoding/oid.h"
45 #include "debug.h"
46 
47 //Check TCP/IP stack configuration
48 #if (SNMP_AGENT_SUPPORT == ENABLED)
49 
50 
51 /**
52  * @brief Process incoming SNMP message
53  * @param[in] context Pointer to the SNMP agent context
54  * @return Error code
55  **/
56 
58 {
59  error_t error;
60 
61  //Total number of messages delivered to the SNMP entity from the
62  //transport service
63  MIB2_INC_COUNTER32(snmpGroup.snmpInPkts, 1);
64  SNMP_MIB_INC_COUNTER32(snmpGroup.snmpInPkts, 1);
65 
66 #if (SNMP_V3_SUPPORT == ENABLED)
67  //Refresh SNMP engine time
68  snmpRefreshEngineTime(context);
69 #endif
70 
71  //Message parsing initialization
72  snmpInitMessage(&context->request);
73 
74  //Parse SNMP message header
75  error = snmpParseMessageHeader(&context->request);
76  //Any error to report?
77  if(error)
78  return error;
79 
80  //The SNMP agent verifies the version number. If there is a mismatch,
81  //it discards the datagram and performs no further actions
82  if(context->request.version < context->settings.versionMin ||
83  context->request.version > context->settings.versionMax)
84  {
85  //Debug message
86  TRACE_WARNING(" Invalid SNMP version!\r\n");
87  //Discard incoming SNMP message
88  return ERROR_INVALID_VERSION;
89  }
90 
91 #if (SNMP_V1_SUPPORT == ENABLED)
92  //SNMPv1 version?
93  if(context->request.version == SNMP_VERSION_1)
94  {
95  //Process incoming SNMPv1 message
96  error = snmpv1ProcessMessage(context);
97  }
98  else
99 #endif
100 #if (SNMP_V2C_SUPPORT == ENABLED)
101  //SNMPv2c version?
102  if(context->request.version == SNMP_VERSION_2C)
103  {
104  //Process incoming SNMPv2c message
105  error = snmpv2cProcessMessage(context);
106  }
107  else
108 #endif
109 #if (SNMP_V3_SUPPORT == ENABLED)
110  //SNMPv3 version?
111  if(context->request.version == SNMP_VERSION_3)
112  {
113  //Process incoming SNMPv3 message
114  error = snmpv3ProcessMessage(context);
115  }
116  else
117 #endif
118  //Invalid SNMP version?
119  {
120  //Debug message
121  TRACE_WARNING(" Invalid SNMP version!\r\n");
122 
123  //Total number of SNMP messages which were delivered to the SNMP
124  //protocol entity and were for an unsupported SNMP version
125  MIB2_INC_COUNTER32(snmpGroup.snmpInBadVersions, 1);
126  SNMP_MIB_INC_COUNTER32(snmpGroup.snmpInBadVersions, 1);
127 
128  //Discard incoming SNMP message
129  error = ERROR_INVALID_VERSION;
130  }
131 
132  //Check status code
133  if(error == NO_ERROR)
134  {
135  //Total number of messages which were passed from the SNMP protocol
136  //entity to the transport service
137  MIB2_INC_COUNTER32(snmpGroup.snmpOutPkts, 1);
138  }
139  else if(error == ERROR_INVALID_TAG)
140  {
141  //Total number of ASN.1 or BER errors encountered by the SNMP protocol
142  //entity when decoding received SNMP messages
143  MIB2_INC_COUNTER32(snmpGroup.snmpInASNParseErrs, 1);
144  SNMP_MIB_INC_COUNTER32(snmpGroup.snmpInASNParseErrs, 1);
145  }
146  else if(error == ERROR_BUFFER_OVERFLOW)
147  {
148  //Total number of PDUs delivered to the SNMP entity which were silently
149  //dropped because the size of the reply was greater than the maximum
150  //message size
151  SNMP_MIB_INC_COUNTER32(snmpGroup.snmpSilentDrops, 1);
152  }
153 
154  //Return status code
155  return error;
156 }
157 
158 
159 /**
160  * @brief Process incoming SNMPv1 message
161  * @param[in] context Pointer to the SNMP agent context
162  * @return Error code
163  **/
164 
166 {
167 #if (SNMP_V1_SUPPORT == ENABLED)
168  error_t error;
169  SnmpUserEntry *community;
170 
171  //Parse community name
172  error = snmpParseCommunity(&context->request);
173  //Any error to report?
174  if(error)
175  return error;
176 
177  //Information about the community name is extracted from the local
178  //configuration datastore
179  community = snmpFindCommunityEntry(context, context->request.community,
180  context->request.communityLen);
181 
182  //Invalid community name?
183  if(community == NULL || community->status != MIB_ROW_STATUS_ACTIVE)
184  {
185  //Debug message
186  TRACE_WARNING(" Invalid community name!\r\n");
187 
188  //Total number of SNMP messages delivered to the SNMP protocol entity
189  //which used a SNMP community name not known to said entity
190  MIB2_INC_COUNTER32(snmpGroup.snmpInBadCommunityNames, 1);
191  SNMP_MIB_INC_COUNTER32(snmpGroup.snmpInBadCommunityNames, 1);
192 
193  //Report an error
195  }
196 
197  //Save the security profile associated with the current community
198  context->user = *community;
199 
200  //Process PDU
201  error = snmpProcessPdu(context);
202  //Any error to report?
203  if(error)
204  return error;
205 
206  //Any response?
207  if(context->response.length > 0)
208  {
209  //Format SNMP message header
210  error = snmpWriteMessageHeader(&context->response);
211  }
212 
213  //Return status code
214  return error;
215 #else
216  //Report an error
217  return ERROR_INVALID_VERSION;
218 #endif
219 }
220 
221 
222 /**
223  * @brief Process incoming SNMPv2c message
224  * @param[in] context Pointer to the SNMP agent context
225  * @return Error code
226  **/
227 
229 {
230 #if (SNMP_V2C_SUPPORT == ENABLED)
231  error_t error;
232  SnmpUserEntry *community;
233 
234  //Parse community name
235  error = snmpParseCommunity(&context->request);
236  //Any error to report?
237  if(error)
238  return error;
239 
240  //Information about the community name is extracted from the local
241  //configuration datastore
242  community = snmpFindCommunityEntry(context, context->request.community,
243  context->request.communityLen);
244 
245  //Invalid community name?
246  if(community == NULL || community->status != MIB_ROW_STATUS_ACTIVE)
247  {
248  //Debug message
249  TRACE_WARNING(" Invalid community name!\r\n");
250 
251  //Total number of SNMP messages delivered to the SNMP protocol entity
252  //which used a SNMP community name not known to said entity
253  MIB2_INC_COUNTER32(snmpGroup.snmpInBadCommunityNames, 1);
254  SNMP_MIB_INC_COUNTER32(snmpGroup.snmpInBadCommunityNames, 1);
255 
256  //Report an error
258  }
259 
260  //Save the security profile associated with the current community
261  context->user = *community;
262 
263  //Process PDU
264  error = snmpProcessPdu(context);
265  //Any error to report?
266  if(error)
267  return error;
268 
269  //Any response?
270  if(context->response.length > 0)
271  {
272  //Format SNMP message header
273  error = snmpWriteMessageHeader(&context->response);
274  }
275 
276  //Return status code
277  return error;
278 #else
279  //Report an error
280  return ERROR_INVALID_VERSION;
281 #endif
282 }
283 
284 
285 /**
286  * @brief Process incoming SNMPv3 message
287  * @param[in] context Pointer to the SNMP agent context
288  * @return Error code
289  **/
290 
292 {
293 #if (SNMP_V3_SUPPORT == ENABLED)
294  error_t error;
295  SnmpUserEntry *user;
296 
297  //Parse msgGlobalData field
298  error = snmpParseGlobalData(&context->request);
299  //Any error to report?
300  if(error)
301  return error;
302 
303  //Parse msgSecurityParameters field
304  error = snmpParseSecurityParameters(&context->request);
305  //Any error to report?
306  if(error)
307  return error;
308 
309  //Start of exception handling block
310  do
311  {
312 #if (SNMP_AGENT_INFORM_SUPPORT == ENABLED)
313  if(context->request.msgUserNameLen == 0 && context->request.msgFlags == 0)
314  {
315  //Clear the security profile
316  memset(&context->user, 0, sizeof(SnmpUserEntry));
317  }
318  else if(context->informContextEngineLen > 0 &&
319  !oidComp(context->request.msgAuthEngineId, context->request.msgAuthEngineIdLen,
320  context->informContextEngine, context->informContextEngineLen))
321  {
322  //Information about the value of the msgUserName field is extracted
323  //from the local configuration datastore
324  user = snmpFindUserEntry(context, context->request.msgUserName,
325  context->request.msgUserNameLen);
326 
327  //Check security parameters
328  error = snmpCheckSecurityParameters(user, &context->request,
329  context->informContextEngine, context->informContextEngineLen);
330  //Invalid security parameters?
331  if(error)
332  break;
333 
334  //Save the security profile associated with the current user
335  context->user = *user;
336 
337  //Localize the authentication key with the engine ID of the
338  //remote SNMP device
339  if(context->user.authProtocol != SNMP_AUTH_PROTOCOL_NONE)
340  {
341  //Key localization algorithm
342  error = snmpLocalizeKey(context->user.authProtocol,
343  context->informContextEngine, context->informContextEngineLen,
344  &context->user.rawAuthKey, &context->user.localizedAuthKey);
345  //Any error to report?
346  if(error)
347  break;
348  }
349 
350  //Localize the privacy key with the engine ID of the remote
351  //SNMP device
352  if(context->user.privProtocol != SNMP_AUTH_PROTOCOL_NONE)
353  {
354  //Key localization algorithm
355  error = snmpLocalizeKey(context->user.authProtocol,
356  context->informContextEngine, context->informContextEngineLen,
357  &context->user.rawPrivKey, &context->user.localizedPrivKey);
358  //Any error to report?
359  if(error)
360  break;
361  }
362  }
363  else
364 #endif
365  {
366  //Information about the value of the msgUserName field is extracted
367  //from the local configuration datastore
368  user = snmpFindUserEntry(context, context->request.msgUserName,
369  context->request.msgUserNameLen);
370 
371  //Check security parameters
372  error = snmpCheckSecurityParameters(user, &context->request,
373  context->contextEngine, context->contextEngineLen);
374  //Invalid security parameters?
375  if(error)
376  break;
377 
378  //Save the security profile associated with the current user
379  context->user = *user;
380  }
381 
382  //Check whether the authFlag is set
383  if(context->request.msgFlags & SNMP_MSG_FLAG_AUTH)
384  {
385  //Authenticate incoming SNMP message
386  error = snmpAuthIncomingMessage(&context->user, &context->request);
387  //Data authentication failed?
388  if(error)
389  break;
390 
391  //Replay protection
392  error = snmpCheckEngineTime(context, &context->request);
393  //Message outside of the time window?
394  if(error)
395  break;
396  }
397 
398  //Check whether the privFlag is set
399  if(context->request.msgFlags & SNMP_MSG_FLAG_PRIV)
400  {
401  //Decrypt data
402  error = snmpDecryptData(&context->user, &context->request);
403  //Data decryption failed?
404  if(error)
405  break;
406  }
407 
408  //Parse scopedPDU
409  error = snmpParseScopedPdu(&context->request);
410  //Any error to report?
411  if(error)
412  break;
413 
414  //Process PDU
415  error = snmpProcessPdu(context);
416  //Any error to report?
417  if(error)
418  break;
419 
420  //End of exception handling block
421  } while(0);
422 
423  //Check error indication
424  if(error == ERROR_UNSUPPORTED_SECURITY_LEVEL ||
425  error == ERROR_NOT_IN_TIME_WINDOW ||
426  error == ERROR_UNKNOWN_USER_NAME ||
427  error == ERROR_UNKNOWN_ENGINE_ID ||
428  error == ERROR_AUTHENTICATION_FAILED ||
429  error == ERROR_DECRYPTION_FAILED ||
430  error == ERROR_UNAVAILABLE_CONTEXT ||
431  error == ERROR_UNKNOWN_CONTEXT)
432  {
433  //When the reportable flag is used, if its value is one, a Report-PDU
434  //must be returned to the sender
435  if(context->request.msgFlags & SNMP_MSG_FLAG_REPORTABLE)
436  error = snmpFormatReportPdu(context, error);
437 
438  //Any error to report?
439  if(error)
440  return error;
441  }
442  else if(error == NO_ERROR)
443  {
444  //Continue processing
445  }
446  else
447  {
448  //Stop processing
449  return error;
450  }
451 
452  //Any response?
453  if(context->response.length > 0)
454  {
455  //Format scopedPDU
456  error = snmpWriteScopedPdu(&context->response);
457  //Any error to report?
458  if(error)
459  return error;
460 
461  //Check whether the privFlag is set
462  if(context->response.msgFlags & SNMP_MSG_FLAG_PRIV)
463  {
464  //Encrypt data
465  error = snmpEncryptData(&context->user, &context->response,
466  &context->salt);
467  //Any error to report?
468  if(error)
469  return error;
470  }
471 
472  //Format SNMP message header
473  error = snmpWriteMessageHeader(&context->response);
474  //Any error to report?
475  if(error)
476  return error;
477 
478  //Check whether the authFlag is set
479  if(context->response.msgFlags & SNMP_MSG_FLAG_AUTH)
480  {
481  //Authenticate outgoing SNMP message
482  error = snmpAuthOutgoingMessage(&context->user, &context->response);
483  //Any error to report?
484  if(error)
485  return error;
486  }
487  }
488 
489  //Successful processing
490  return NO_ERROR;
491 #else
492  //Report an error
493  return ERROR_INVALID_VERSION;
494 #endif
495 }
496 
497 #endif
error_t snmpEncryptData(const SnmpUserEntry *user, SnmpMessage *message, uint64_t *salt)
Data encryption.
@ ERROR_UNKNOWN_ENGINE_ID
Definition: error.h:255
MIB-II module.
error_t snmpProcessPdu(SnmpAgentContext *context)
Process PDU.
@ ERROR_UNKNOWN_USER_NAME
Definition: error.h:256
error_t snmpDecryptData(const SnmpUserEntry *user, SnmpMessage *message)
Data decryption.
@ ERROR_UNKNOWN_CONTEXT
Definition: error.h:257
SnmpUserEntry * snmpFindCommunityEntry(SnmpAgentContext *context, const char_t *community, size_t length)
Search the community table for a given community string.
error_t snmpv2cProcessMessage(SnmpAgentContext *context)
Process incoming SNMPv2c message.
@ ERROR_BUFFER_OVERFLOW
Definition: error.h:140
@ ERROR_DECRYPTION_FAILED
Definition: error.h:236
OID (Object Identifier)
error_t snmpParseGlobalData(SnmpMessage *message)
Parse msgGlobalData field.
error_t snmpWriteScopedPdu(SnmpMessage *message)
Format scopedPDU.
error_t snmpCheckEngineTime(SnmpAgentContext *context, SnmpMessage *message)
Replay protection.
#define SNMP_MIB_INC_COUNTER32(name, value)
User table entry.
@ SNMP_VERSION_2C
Definition: snmp_common.h:139
@ ERROR_INVALID_VERSION
Definition: error.h:116
SNMP MIB module.
int_t oidComp(const uint8_t *oid1, size_t oidLen1, const uint8_t *oid2, size_t oidLen2)
Compare object identifiers.
Definition: oid.c:101
SNMP agent (Simple Network Management Protocol)
@ SNMP_MSG_FLAG_PRIV
error_t snmpFormatReportPdu(SnmpAgentContext *context, error_t errorIndication)
Format Report-PDU.
error_t
Error codes.
Definition: error.h:42
error_t snmpParseScopedPdu(SnmpMessage *message)
Parse scopedPDU field.
SnmpUserEntry * snmpFindUserEntry(SnmpAgentContext *context, const char_t *name, size_t length)
Search the user table for a given user name.
@ ERROR_UNAVAILABLE_CONTEXT
Definition: error.h:258
@ ERROR_NOT_IN_TIME_WINDOW
Definition: error.h:260
error_t snmpProcessMessage(SnmpAgentContext *context)
Process incoming SNMP message.
@ SNMP_MSG_FLAG_REPORTABLE
error_t snmpAuthIncomingMessage(const SnmpUserEntry *user, SnmpMessage *message)
Authenticate incoming SNMP message.
error_t snmpv3ProcessMessage(SnmpAgentContext *context)
Process incoming SNMPv3 message.
error_t snmpCheckSecurityParameters(const SnmpUserEntry *user, SnmpMessage *message, const uint8_t *engineId, size_t engineIdLen)
Check security parameters.
General definitions for cryptographic algorithms.
Helper functions for SNMP agent.
@ SNMP_MSG_FLAG_AUTH
MibRowStatus status
Status of the user.
@ SNMP_VERSION_3
Definition: snmp_common.h:140
#define TRACE_WARNING(...)
Definition: debug.h:84
@ MIB_ROW_STATUS_ACTIVE
Definition: mib_common.h:103
error_t snmpParseSecurityParameters(SnmpMessage *message)
Parse msgSecurityParameters field.
error_t snmpParseMessageHeader(SnmpMessage *message)
Parse SNMP message header.
@ ERROR_AUTHENTICATION_FAILED
Definition: error.h:69
#define MIB2_INC_COUNTER32(name, value)
Definition: mib2_module.h:156
error_t snmpLocalizeKey(SnmpAuthProtocol authProtocol, const uint8_t *engineId, size_t engineIdLen, SnmpKey *key, SnmpKey *localizedKey)
Key localization algorithm.
@ SNMP_VERSION_1
Definition: snmp_common.h:138
#define SnmpAgentContext
Definition: snmp_agent.h:36
@ ERROR_INVALID_TAG
Definition: error.h:112
SNMP agent (PDU processing)
error_t snmpAuthOutgoingMessage(const SnmpUserEntry *user, SnmpMessage *message)
Authenticate outgoing SNMP message.
void snmpRefreshEngineTime(SnmpAgentContext *context)
Refresh SNMP engine time.
TCP/IP stack core.
@ SNMP_AUTH_PROTOCOL_NONE
No authentication.
error_t snmpParseCommunity(SnmpMessage *message)
Parse community name.
error_t snmpv1ProcessMessage(SnmpAgentContext *context)
Process incoming SNMPv1 message.
@ NO_ERROR
Success.
Definition: error.h:44
Debugging facilities.
ASN.1 (Abstract Syntax Notation One)
void snmpInitMessage(SnmpMessage *message)
Initialize a SNMP message.
error_t snmpWriteMessageHeader(SnmpMessage *message)
Format SNMP message header.
@ ERROR_UNSUPPORTED_SECURITY_LEVEL
Definition: error.h:259
SNMP message dispatching.