MJ - Because SNMP uses ASN.1 to encode packets, one can use tcllib's asn package to decode the SNMP packets. The code below implements the ::asn::decodeBer command that will create a nested list of the parsed SNMP packet.
package require asn
namespace eval asn {
namespace eval util {
proc string2hex {string} {
binary scan $string H* t
set res [regexp -inline -all {..} $t]
return [join $res " "]
}
}
array set dispatch {
02 decodeInteger
04 decodeOctetString
06 decodeOID
30 decodeSequence
40 decodeNetworkAddress
41 decodeCounter
43 decodeTimeTicks
A0 decodeGetRequest-PDU
A1 decodeGetNextRequest-PDU
A2 decodeGetResponse-PDU
A3 decodeSetRequest-PDU
A4 decodeTrap-PDU
A6 decodeInformRequest-PDU
A7 decodeSNMPv2-Trap-PDU
}
proc decodeBer {raw} {
variable dispatch
asnGetHexTag raw hex_tag
if {[info exists dispatch($hex_tag)] } {
set res [$dispatch($hex_tag) $raw]
return $res
} else {
dputs "Don't know how to handle: $hex_tag"
asnGetByte raw tag
asnGetLength raw length
asnGetBytes raw $length value
return [list $hex_tag [util::string2hex $value] ]
}
}
proc asnGetHexTag { data_var tag_var} {
# no destructively get the tag
upvar $data_var data $tag_var hex_tag
set orig $data
asnGetByte data tag
set hex_tag [format %2.2X $tag]
dputs "Part has tag $hex_tag"
set data $orig
}
proc asnGetElement { data_var element_var } {
upvar $data_var data $element_var element
dputs "Getting the first element from: [util::string2hex $data]"
set orig $data
asnGetByte data tag
asnGetLength data length
asnGetBytes data $length temp
set remaining_length [string length $data]
set element [string range $orig 0 end-$remaining_length]
dputs "Element is: [util::string2hex $element]"
return
}
proc decodeSequence {raw {type SEQUENCE}} {
set data $raw
asnGetSequence data sequence
while {[string length $sequence] > 0 } {
asnGetElement sequence element
lappend result [decodeBer $element]
}
if {![info exists result] } { set result {}}
return [list $type $result]
}
proc decodeGetRequest-PDU { raw } {
# a GetResponse PDU is an implicit sequence so retag it to that
asnRetag raw [expr {0x30}]
return [decodeSequence $raw GetRequest-PDU]
}
proc decodeGetNextRequest-PDU { raw } {
# a GetResponse PDU is an implicit sequence so retag it to that
asnRetag raw [expr {0x30}]
return [decodeSequence $raw GetNextRequest-PDU]
}
proc decodeGetResponse-PDU { raw } {
# a GetResponse PDU is an implicit sequence so retag it to that
asnRetag raw [expr {0x30}]
return [decodeSequence $raw GetResponse-PDU]
}
proc decodeSetRequest-PDU { raw } {
# a GetResponse PDU is an implicit sequence so retag it to that
asnRetag raw [expr {0x30}]
return [decodeSequence $raw SetRequest-PDU]
}
proc decodeTrap-PDU { raw } {
# a trap PDU is an implicit sequence so retag it to that
asnRetag raw [expr {0x30}]
return [decodeSequence $raw Trap-PDU]
}
proc decodeSNMPv2-Trap-PDU { raw } {
# an SNMPv2 trap PDU is an implicit sequence so retag it to that
asnRetag raw [expr {0x30}]
return [decodeSequence $raw SNMPv2-Trap-PDU]
}
proc decodeInformRequest-PDU { raw } {
# an InformRequest PDU is an implicit sequence so retag it to that
asnRetag raw [expr {0x30}]
return [decodeSequence $raw InformRequest-PDU]
}
proc decodeTimeTicks { raw } {
# a TimeTick is an implicit integer so retag it to that
asnRetag raw [expr {0x02}]
return [decodeInteger $raw TimeTicks]
}
proc decodeInteger {raw {type INTEGER}} {
return [handleWithAsnLib $type asnGetInteger $raw]
}
proc decodeCounter {raw {type COUNTER}} {
# a TimeTick is an implicit integer so retag it to that
asnRetag raw [expr {0x02}]
return [decodeInteger $raw COUNTER]
}
proc decodeOID {raw} {
return [handleWithAsnLib {OBJECT IDENTIFIER} asnGetObjectIdentifier $raw]
}
proc decodeOctetString {raw} {
return [handleWithAsnLib OCTETSTRING asnGetOctetString $raw]
}
proc decodeNetworkAddress {raw} {
asnGetByte raw dummy
asnGetByte raw length
asnGetBytes raw $length address
foreach number [split $address ""] {
lappend result [scan $number %c]
}
return [list IpAddress $result]
}
proc handleWithAsnLib {type libfunction raw} {
dputs "Decoding $type: [util::string2hex $raw]"
$libfunction raw result
return [list $type $result]
}
}
proc dputs {text} {}
package provide ber 0.1
Sample usage for an SNMPv1 trap PDU
package require base64
set trap [join {MIGXAgEABAZwdWJsaWOkgYkGCCsGAQQBgo17QATAqAAzAgEGAgID6EMBZDBtMBoGDCsFAQQBgo17?\
AQbOEAQKbG9jYWxob3N0IDBPBgwrBQEEAYKNewEGzhEEPyBzdShwYW1fdW5peClbMjUxMTVdOiBz?\
ZXNzaW9uIG9wZW5lZCBmb3IgdXNlciByb290IGJ5ICh1aWQ9NTAwKQ==} {}]
::asn::decodeBer [base64::decode $trap]gives:
SEQUENCE {{INTEGER 0} {OCTETSTRING public} {Trap-PDU {{{OBJECT IDENTIFIER} {1 3 6 1 4 1 34555}}\
{IpAddress {192 168 0 51}} {INTEGER 6} {INTEGER 1000} {TimeTicks 100}\
{SEQUENCE {{SEQUENCE {{{OBJECT IDENTIFIER} {1 3 5 1 4 1 34555 1 6 10000}} {OCTETSTRING {localhost }}}}\
{SEQUENCE {{{OBJECT IDENTIFIER} {1 3 5 1 4 1 34555 1 6 10001}}\
{OCTETSTRING { su(pam_unix)[25115]: session opened for user root by (uid=500)}}}}}}}}}MJ - 14-03-2007: Removed a lot of the redundancy when handling the implicit types.