From 7fe5422c4b4cd58dd7ffeebd984e7668cf61ab5d Mon Sep 17 00:00:00 2001 From: Michael Mann Date: Mon, 3 Jun 2013 03:42:36 +0000 Subject: Convert ASN.1 dissectors to use filterable expert info. NOTE: Kerberos ASN.1 template was updated, but not generated to source. svn path=/trunk/; revision=49707 --- asn1/snmp/packet-snmp-template.c | 108 ++++++++++++++++++++++++++++++--------- asn1/snmp/snmp.cnf | 18 +++---- 2 files changed, 92 insertions(+), 34 deletions(-) (limited to 'asn1/snmp') diff --git a/asn1/snmp/packet-snmp-template.c b/asn1/snmp/packet-snmp-template.c index 79f87d6fc2..e06eed5eda 100644 --- a/asn1/snmp/packet-snmp-template.c +++ b/asn1/snmp/packet-snmp-template.c @@ -254,6 +254,34 @@ static gint ett_decoding_error = -1; #include "packet-snmp-ett.c" +static expert_field ei_snmp_failed_decrypted_data_pdu = EI_INIT; +static expert_field ei_snmp_decrypted_data_bad_formatted = EI_INIT; +static expert_field ei_snmp_verify_authentication_error = EI_INIT; +static expert_field ei_snmp_authentication_ok = EI_INIT; +static expert_field ei_snmp_authentication_error = EI_INIT; +static expert_field ei_snmp_varbind_not_uni_class_seq = EI_INIT; +static expert_field ei_snmp_varbind_has_indicator = EI_INIT; +static expert_field ei_snmp_objectname_not_oid = EI_INIT; +static expert_field ei_snmp_objectname_has_indicator = EI_INIT; +static expert_field ei_snmp_value_not_primitive_encoding = EI_INIT; +static expert_field ei_snmp_invalid_oid = EI_INIT; +static expert_field ei_snmp_varbind_wrong_tag = EI_INIT; +static expert_field ei_snmp_varbind_response = EI_INIT; +static expert_field ei_snmp_no_instance_subid = EI_INIT; +static expert_field ei_snmp_wrong_num_of_subids = EI_INIT; +static expert_field ei_snmp_index_suboid_too_short = EI_INIT; +static expert_field ei_snmp_unimplemented_instance_index = EI_INIT; +static expert_field ei_snmp_index_suboid_len0 = EI_INIT; +static expert_field ei_snmp_index_suboid_too_long = EI_INIT; +static expert_field ei_snmp_index_string_too_long = EI_INIT; +static expert_field ei_snmp_column_parent_not_row = EI_INIT; +static expert_field ei_snmp_uint_too_large = EI_INIT; +static expert_field ei_snmp_int_too_large = EI_INIT; +static expert_field ei_snmp_integral_value0 = EI_INIT; +static expert_field ei_snmp_missing_mib = EI_INIT; +static expert_field ei_snmp_varbind_wrong_length_value = EI_INIT; +static expert_field ei_snmp_varbind_wrong_class_tag = EI_INIT; + static const true_false_string auth_flags = { "OK", "Failed" @@ -430,14 +458,14 @@ dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, if (!pc && ber_class==BER_CLASS_UNI && tag==BER_UNI_TAG_SEQUENCE) { proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"VarBind must be an universal class sequence"); pt = proto_item_add_subtree(pi,ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "VarBind is not an universal class sequence"); + expert_add_info(actx->pinfo, pi, &ei_snmp_varbind_not_uni_class_seq); return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt); } if (ind) { proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"Indicator must be clear in VarBind"); pt = proto_item_add_subtree(pi,ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "VarBind has indicator set"); + expert_add_info(actx->pinfo, pi, &ei_snmp_varbind_has_indicator); return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt); } @@ -449,14 +477,14 @@ dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, if (! ( !pc && ber_class==BER_CLASS_UNI && tag==BER_UNI_TAG_OID) ) { proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"ObjectName must be an OID in primitive encoding"); pt = proto_item_add_subtree(pi,ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "ObjectName not an OID"); + expert_add_info(actx->pinfo, pi, &ei_snmp_objectname_not_oid); return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt); } if (ind) { proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"Indicator must be clear in ObjectName"); pt = proto_item_add_subtree(pi,ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "ObjectName has indicator set"); + expert_add_info(actx->pinfo, pi, &ei_snmp_objectname_has_indicator); return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt); } @@ -470,7 +498,7 @@ dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, if (! (!pc) ) { proto_item* pi = proto_tree_add_text(tree, tvb, seq_offset, seq_len,"the value must be in primitive encoding"); pt = proto_item_add_subtree(pi,ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "value not in primitive encoding"); + expert_add_info(actx->pinfo, pi, &ei_snmp_value_not_primitive_encoding); return dissect_unknown_ber(actx->pinfo, tvb, seq_offset, pt); } @@ -498,7 +526,7 @@ dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, repr = oid_encoded2string(oid_bytes, name_len); pi = proto_tree_add_text(pt_name,tvb, 0, 0, "invalid oid: %s", repr); pt = proto_item_add_subtree(pi, ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "invalid oid: %s", repr); + expert_add_info_format_text(actx->pinfo, pi, &ei_snmp_invalid_oid, "invalid oid: %s", repr); return dissect_unknown_ber(actx->pinfo, tvb, name_offset, pt); } @@ -532,13 +560,13 @@ dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, default: { pi = proto_tree_add_text(pt_varbind,tvb,0,0,"Wrong tag for Error Value: expected 0, 1, or 2 but got: %d",tag); pt = proto_item_add_subtree(pi,ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong tag for SNMP VarBind error value"); + expert_add_info(actx->pinfo, pi, &ei_snmp_varbind_wrong_tag); return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt); } } pi = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN); - expert_add_info_format(actx->pinfo, pi, PI_RESPONSE_CODE, PI_NOTE, "%s",note); + expert_add_info_format_text(actx->pinfo, pi, &ei_snmp_varbind_response, "%s",note); g_strlcpy (label, note, ITEM_LABEL_LENGTH); goto set_label; } @@ -558,13 +586,13 @@ dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, goto set_label; } else { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"A scalar should have one instance sub-id this one has none"); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "No instance sub-id in scalar value"); + expert_add_info(actx->pinfo, pi, &ei_snmp_no_instance_subid); oid_info_is_ok = FALSE; goto indexing_done; } } else { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"A scalar should have only one instance sub-id this has: %d",oid_left); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong number of instance sub-ids in scalar value"); + expert_add_info(actx->pinfo, pi, &ei_snmp_wrong_num_of_subids); oid_info_is_ok = FALSE; goto indexing_done; } @@ -588,7 +616,7 @@ dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, if (key_start >= oid_matched+oid_left) { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid shorter than expected"); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid shorter than expected"); + expert_add_info(actx->pinfo, pi, &ei_snmp_index_suboid_too_short); oid_info_is_ok = FALSE; goto indexing_done; } @@ -596,7 +624,7 @@ dissect_snmp_VarBind(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, switch(k->key_type) { case OID_KEY_TYPE_WRONG: { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"OID instaces not handled, if you want this implemented please contact the wireshark developers"); - expert_add_info_format(actx->pinfo, pi, PI_UNDECODED, PI_WARN, "Unimplemented instance index"); + expert_add_info(actx->pinfo, pi, &ei_snmp_unimplemented_instance_index); oid_info_is_ok = FALSE; goto indexing_done; } @@ -628,14 +656,14 @@ show_oid_index: if( suboid_len == 0 ) { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"an index sub-oid OID cannot be 0 bytes long!"); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid OID with len=0"); + expert_add_info(actx->pinfo, pi, &ei_snmp_index_suboid_len0); oid_info_is_ok = FALSE; goto indexing_done; } if( key_len < suboid_len ) { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index sub-oid should not be longer than remaining oid size"); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index sub-oid longer than remaining oid size"); + expert_add_info(actx->pinfo, pi, &ei_snmp_index_suboid_too_long); oid_info_is_ok = FALSE; goto indexing_done; } @@ -682,7 +710,7 @@ show_oid_index: if( key_len < buf_len ) { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"index string should not be longer than remaining oid size"); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "index string longer than remaining oid size"); + expert_add_info(actx->pinfo, pi, &ei_snmp_index_string_too_long); oid_info_is_ok = FALSE; goto indexing_done; } @@ -724,13 +752,13 @@ show_oid_index: goto indexing_done; } else { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"We do not know how to handle this OID, if you want this implemented please contact the wireshark developers"); - expert_add_info_format(actx->pinfo, pi, PI_UNDECODED, PI_WARN, "Unimplemented instance index"); + expert_add_info(actx->pinfo, pi, &ei_snmp_unimplemented_instance_index); oid_info_is_ok = FALSE; goto indexing_done; } } else { proto_item* pi = proto_tree_add_text(pt_name,tvb,0,0,"The COLUMS's parent is not a ROW. This is a BUG! please contact the wireshark developers."); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_ERROR, "COLUMS's parent is not a ROW"); + expert_add_info(actx->pinfo, pi, &ei_snmp_column_parent_not_row); oid_info_is_ok = FALSE; goto indexing_done; } @@ -854,7 +882,7 @@ indexing_done: if (value_len > 9 || tvb_get_guint8(tvb, value_offset) != 0) { /* It is. Fail. */ pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value too large"); - expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Unsigned integer value > 2^64 - 1"); + expert_add_info(actx->pinfo, pi_value, &ei_snmp_uint_too_large); goto already_added; } /* Cheat and skip the leading 0 byte */ @@ -865,7 +893,7 @@ indexing_done: * For now, just reject these. */ pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value too large or too small"); - expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Signed integer value > 2^63 - 1 or <= -2^63"); + expert_add_info(actx->pinfo, pi_value, &ei_snmp_int_too_large); goto already_added; } } else if (value_len == 0) { @@ -880,13 +908,13 @@ indexing_done: header_field_info *hfinfo = proto_registrar_get_nth(hfid); if (hfinfo->type == FT_UINT64 || hfinfo->type == FT_INT64) { pi_value = proto_tree_add_text(pt_varbind,tvb,value_offset,value_len,"Integral value is zero-length"); - expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Integral value is zero-length"); + expert_add_info(actx->pinfo, pi_value, &ei_snmp_integral_value0); goto already_added; } } pi_value = proto_tree_add_item(pt_varbind,hfid,tvb,value_offset,value_len,ENC_BIG_ENDIAN); if (format_error != BER_NO_ERROR) { - expert_add_info_format(actx->pinfo, pi_value, PI_UNDECODED, PI_NOTE, "Unresolved value, Missing MIB"); + expert_add_info(actx->pinfo, pi_value, &ei_snmp_missing_mib); } already_added: @@ -939,7 +967,7 @@ set_label: proto_item* pi = proto_tree_add_text(p_tree,tvb,0,0,"Wrong value length: %u expecting: %u <= len <= %u", value_len, min_len, max_len == -1 ? 0xFFFFFF : max_len); pt = proto_item_add_subtree(pi,ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong length for SNMP VarBind/value"); + expert_add_info(actx->pinfo, pi, &ei_snmp_varbind_wrong_length_value); return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt); } case BER_WRONG_TAG: { @@ -948,7 +976,7 @@ set_label: oid_info->value_type->ber_class, oid_info->value_type->ber_tag, ber_class, tag); pt = proto_item_add_subtree(pi,ett_decoding_error); - expert_add_info_format(actx->pinfo, pi, PI_MALFORMED, PI_WARN, "Wrong class/tag for SNMP VarBind/value"); + expert_add_info(actx->pinfo, pi, &ei_snmp_varbind_wrong_class_tag); return dissect_unknown_ber(actx->pinfo, tvb, value_start, pt); } default: @@ -2308,6 +2336,38 @@ void proto_register_snmp(void) { &ett_decoding_error, #include "packet-snmp-ettarr.c" }; + static ei_register_info ei[] = { + { &ei_snmp_failed_decrypted_data_pdu, { "snmp.failed_decrypted_data_pdu", PI_MALFORMED, PI_WARN, "Failed to decrypt encryptedPDU", EXPFILL }}, + { &ei_snmp_decrypted_data_bad_formatted, { "snmp.decrypted_data_bad_formatted", PI_MALFORMED, PI_WARN, "Decrypted data not formatted as expected", EXPFILL }}, + { &ei_snmp_verify_authentication_error, { "snmp.verify_authentication_error", PI_MALFORMED, PI_ERROR, "Error while verifying Message authenticity", EXPFILL }}, + { &ei_snmp_authentication_ok, { "snmp.authentication_ok", PI_CHECKSUM, PI_CHAT, "SNMP Authentication OK", EXPFILL }}, + { &ei_snmp_authentication_error, { "snmp.authentication_error", PI_CHECKSUM, PI_WARN, "SNMP Authentication Error", EXPFILL }}, + { &ei_snmp_varbind_not_uni_class_seq, { "snmp.varbind.not_uni_class_seq", PI_MALFORMED, PI_WARN, "VarBind is not an universal class sequence", EXPFILL }}, + { &ei_snmp_varbind_has_indicator, { "snmp.varbind.has_indicator", PI_MALFORMED, PI_WARN, "VarBind has indicator set", EXPFILL }}, + { &ei_snmp_objectname_not_oid, { "snmp.objectname_not_oid", PI_MALFORMED, PI_WARN, "ObjectName not an OID", EXPFILL }}, + { &ei_snmp_objectname_has_indicator, { "snmp.objectname_has_indicator", PI_MALFORMED, PI_WARN, "ObjectName has indicator set", EXPFILL }}, + { &ei_snmp_value_not_primitive_encoding, { "snmp.value_not_primitive_encoding", PI_MALFORMED, PI_WARN, "value not in primitive encoding", EXPFILL }}, + { &ei_snmp_invalid_oid, { "snmp.invalid_oid", PI_MALFORMED, PI_WARN, "invalid oid", EXPFILL }}, + { &ei_snmp_varbind_wrong_tag, { "snmp.varbind.wrong_tag", PI_MALFORMED, PI_WARN, "Wrong tag for SNMP VarBind error value", EXPFILL }}, + { &ei_snmp_varbind_response, { "snmp.varbind.response", PI_RESPONSE_CODE, PI_NOTE, "Response", EXPFILL }}, + { &ei_snmp_no_instance_subid, { "snmp.no_instance_subid", PI_MALFORMED, PI_WARN, "No instance sub-id in scalar value", EXPFILL }}, + { &ei_snmp_wrong_num_of_subids, { "snmp.wrong_num_of_subids", PI_MALFORMED, PI_WARN, "Wrong number of instance sub-ids in scalar value", EXPFILL }}, + { &ei_snmp_index_suboid_too_short, { "snmp.index_suboid_too_short", PI_MALFORMED, PI_WARN, "index sub-oid shorter than expected", EXPFILL }}, + { &ei_snmp_unimplemented_instance_index, { "snmp.unimplemented_instance_index", PI_UNDECODED, PI_WARN, "Unimplemented instance index", EXPFILL }}, + { &ei_snmp_index_suboid_len0, { "snmp.ndex_suboid_len0", PI_MALFORMED, PI_WARN, "index sub-oid OID with len=0", EXPFILL }}, + { &ei_snmp_index_suboid_too_long, { "snmp.index_suboid_too_long", PI_MALFORMED, PI_WARN, "index sub-oid longer than remaining oid size", EXPFILL }}, + { &ei_snmp_index_string_too_long, { "snmp.index_string_too_long", PI_MALFORMED, PI_WARN, "index string longer than remaining oid size", EXPFILL }}, + { &ei_snmp_column_parent_not_row, { "snmp.column_parent_not_row", PI_MALFORMED, PI_ERROR, "COLUMS's parent is not a ROW", EXPFILL }}, + { &ei_snmp_uint_too_large, { "snmp.uint_too_large", PI_UNDECODED, PI_NOTE, "Unsigned integer value > 2^64 - 1", EXPFILL }}, + { &ei_snmp_int_too_large, { "snmp.int_too_large", PI_UNDECODED, PI_NOTE, "Signed integer value > 2^63 - 1 or <= -2^63", EXPFILL }}, + { &ei_snmp_integral_value0, { "snmp.integral_value0", PI_UNDECODED, PI_NOTE, "Integral value is zero-length", EXPFILL }}, + { &ei_snmp_missing_mib, { "snmp.missing_mib", PI_UNDECODED, PI_NOTE, "Unresolved value, Missing MIB", EXPFILL }}, + { &ei_snmp_varbind_wrong_length_value, { "snmp.varbind.wrong_length_value", PI_MALFORMED, PI_WARN, "Wrong length for SNMP VarBind/value", EXPFILL }}, + { &ei_snmp_varbind_wrong_class_tag, { "snmp.varbind.wrong_class_tag", PI_MALFORMED, PI_WARN, "Wrong class/tag for SNMP VarBind/value", EXPFILL }}, + + }; + + expert_module_t* expert_snmp; module_t *snmp_module; static uat_field_t users_fields[] = { @@ -2362,6 +2422,8 @@ void proto_register_snmp(void) { /* Register fields and subtrees */ proto_register_field_array(proto_snmp, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); + expert_snmp = expert_register_protocol(proto_snmp); + expert_register_field_array(expert_snmp, ei, array_length(ei)); /* Register configuration preferences */ diff --git a/asn1/snmp/snmp.cnf b/asn1/snmp/snmp.cnf index 4db5c72982..d7ab134b1b 100644 --- a/asn1/snmp/snmp.cnf +++ b/asn1/snmp/snmp.cnf @@ -133,7 +133,7 @@ gint pdu_type=-1; proto_item* cause = proto_tree_add_text(encryptedpdu_tree, crypt_tvb, 0, -1, "Failed to decrypt encryptedPDU: %%s", error); - expert_add_info_format(actx->pinfo, cause, PI_MALFORMED, PI_WARN, + expert_add_info_format_text(actx->pinfo, cause, &ei_snmp_failed_decrypted_data_pdu, "Failed to decrypt encryptedPDU: %%s", error); col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Failed to decrypt"); @@ -147,8 +147,7 @@ gint pdu_type=-1; proto_item* cause = proto_tree_add_text(encryptedpdu_tree, cleartext_tvb, 0, -1, "Decrypted data not formatted as expected, wrong key?"); - expert_add_info_format(actx->pinfo, cause, PI_MALFORMED, PI_WARN, - "Decrypted data not formatted as expected"); + expert_add_info(actx->pinfo, cause, &ei_snmp_decrypted_data_bad_formatted); col_set_str(actx->pinfo->cinfo, COL_INFO, "encryptedPDU: Decrypted data not formatted as expected"); @@ -197,25 +196,22 @@ gint pdu_type=-1; if (error) { authen_item = proto_tree_add_text(authen_tree,tvb,0,0,"Error while verifying Message authenticity: %s", error); PROTO_ITEM_SET_GENERATED(authen_item); - expert_add_info_format( actx->pinfo, authen_item, PI_MALFORMED, PI_ERROR, "Error while verifying Message authenticity: %s", error ); + expert_add_info_format_text( actx->pinfo, authen_item, &ei_snmp_verify_authentication_error, "Error while verifying Message authenticity: %s", error ); } else { - int severity; - const gchar* msg; + expert_field* expert; authen_item = proto_tree_add_boolean(authen_tree, hf_snmp_msgAuthentication, tvb, 0, 0, usm_p.authOK); PROTO_ITEM_SET_GENERATED(authen_item); if (usm_p.authOK) { - msg = "SNMP Authentication OK"; - severity = PI_CHAT; + expert = &ei_snmp_authentication_ok; } else { const gchar* calc_auth_str = bytestring_to_str(calc_auth,calc_auth_len,' '); proto_item_append_text(authen_item, " calculated = %s", calc_auth_str); - msg = "SNMP Authentication Error"; - severity = PI_WARN; + expert = &ei_snmp_authentication_error; } - expert_add_info_format( actx->pinfo, authen_item, PI_CHECKSUM, severity, "%s", msg ); + expert_add_info( actx->pinfo, authen_item, expert); } } -- cgit v1.2.1