-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using SnmpDecodePacket for Encrypted/Authenticated Packets in GoSNMP #463
Comments
1.25.0 is unsupported by now and differs a lot from the current code base.
From existing tests I whipped up this script to decode a v2 packet: package main
import (
"log"
g "github.com/gosnmp/gosnmp"
)
/*
responseBytes corresponds to the response section of this snmpget
Simple Network Management Protocol
version: v2c (1)
community: public
data: get-response (2)
get-response
request-id: 1066889284
error-status: noError (0)
error-index: 0
variable-bindings: 8 items
1.3.6.1.2.1.1.7.0: 104
1.3.6.1.2.1.2.2.1.10.1: 271070065
1.3.6.1.2.1.2.2.1.5.1: 100000000
1.3.6.1.2.1.1.4.0: 41646d696e6973747261746f72
1.3.6.1.2.1.43.5.1.1.15.1: Value (Null)
1.3.6.1.2.1.4.21.1.1.127.0.0.1: 127.0.0.1 (127.0.0.1)
1.3.6.1.4.1.23.2.5.1.1.1.4.2: 00159937762b
1.3.6.1.2.1.1.3.0: 318870100
*/
var responseBytes = []byte{
0x30, 0x81, 0xc2, 0x02, 0x01, 0x01, 0x04, 0x06, 0x70, 0x75, 0x62, 0x6c,
0x69, 0x63, 0xa2, 0x81, 0xb4, 0x02, 0x04, 0x3f, 0x97, 0x70, 0x44, 0x02,
0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x81, 0xa5, 0x30, 0x0d, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x07, 0x00, 0x02, 0x01, 0x68, 0x30,
0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0a,
0x01, 0x41, 0x04, 0x10, 0x28, 0x33, 0x71, 0x30, 0x12, 0x06, 0x0a, 0x2b,
0x06, 0x01, 0x02, 0x01, 0x02, 0x02, 0x01, 0x05, 0x01, 0x42, 0x04, 0x05,
0xf5, 0xe1, 0x00, 0x30, 0x19, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01,
0x01, 0x04, 0x00, 0x04, 0x0d, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73,
0x74, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x30, 0x0f, 0x06, 0x0b, 0x2b, 0x06,
0x01, 0x02, 0x01, 0x2b, 0x05, 0x01, 0x01, 0x0f, 0x01, 0x05, 0x00, 0x30,
0x15, 0x06, 0x0d, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x04, 0x15, 0x01, 0x01,
0x7f, 0x00, 0x00, 0x01, 0x40, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x17,
0x06, 0x0d, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x17, 0x02, 0x05, 0x01, 0x01,
0x01, 0x04, 0x02, 0x04, 0x06, 0x00, 0x15, 0x99, 0x37, 0x76, 0x2b, 0x30,
0x10, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x03, 0x00, 0x43,
0x04, 0x13, 0x01, 0x92, 0x54,
}
func main() {
gosnmp := &g.GoSNMP{}
result, err := gosnmp.SnmpDecodePacket(responseBytes)
if err != nil {
log.Fatal(err)
}
log.Print(result)
} which works as expected
I guess results with v3 packets could differ for how |
Thank you for the quick response :) im trying to decode this packet, for example: "3077020103300f02030489b302020800040101020103042f302d040c800000f805008063d2fe3a000201030203305cdf040561646d696e040c7f663f86fdd8adb6c1bedb7604003030040c800000f805008063d2fe3a000400a21e02030489b30201000201003011300f060a2b060102010202010801020101" (this is the hex value of the snmp layer) and this is the error i recieve
same will happen with this packet "308190020103300f02030091c90202080004010302010304383036040c000039e7000000a1c0a81da0020202f0020302fde8040561646d696e040c11ea7ebd94bf2e64e3500b5b04085611c81435399c400440f0e8472aa3180408ef813db8cf114188ccb806d3e670cdd98e926dff21e98d6ba056223ab768cb402665706ee183e028dd2710452c1530d7553c202fa14950cd" the common thing i see between them is that the encrypted/authenticated flags are on. the packets in pcap files: |
Thanks for sharing those pcaps, that accelerated some tests today. I feel that the unmarshal method in
With the other pcap I run into new issues in
Long story short. I think gosnmp should be able to do what you need for your use-case. However to achieve that we would need to increase test coverage by quite a bit for all the breakage that will pop up during those renovations, so that we don't sacrifice reliability of the gosnmp library. |
Do you expect this fix to be implemented in the next released version? |
Sorry I don't think that will be the case. |
Hello,
I'm currently exploring the gosnmp library for parsing SNMP packets, specifically versions 2 and 3. My use case involves the SnmpDecodePacket function, which is structured as follows:
func (x *GoSNMP) SnmpDecodePacket(resp []byte) (*SnmpPacket, error)
In the process of integrating this functionality, I encountered a problem regarding the parsing capabilities of SnmpDecodePacket, especially when it comes to handling encrypted or authenticated packets. It appears that the function struggles to effectively parse even the header.
I am using gosnmp version 1.25.0, where this issue does not seem to exist.
Could you please provide guidance or documentation on how to effectively use SnmpDecodePacket with these types of packets (or in general) in the latest version of gosnmp? Any examples or detailed explanations would be greatly appreciated :) .
Thank you for your time and assistance.
The text was updated successfully, but these errors were encountered: