2017-11-06 23:44 GMT+09:00 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>: > On Sun, Oct 29, 2017 at 09:34:53PM +0900, Taehee Yoo wrote: >> The basic SNMP ALG parse snmp ASN.1 payload >> however, since 2012 linux kernel provide ASN.1 decoder library. >> If we use ASN.1 decoder in the /lib/asn1_decoder.c, we can remove >> about 1000 line of ASN.1 parsing routine. >> >> To use asn1_decoder.c, we should write mib file(nf_nat_snmp_basic.asn1) >> then /script/asn1_compiler.c makes *-asn1.c and *-asn1.h file >> at the compiletime.(nf_nat_snmp_basic-asn1.c, nf_nat_snmp_basic-asn1.h) >> The nf_nat_snmp_basic.asn1 is made by RFC1155, RFC1157, RFC1902, RFC1905, >> RFC2578, RFC3416. of course that mib file supports only the basic SNMP ALG. >> >> Previous SNMP ALG mangles only first octet of IPv4 address. >> but after this patch, the SNMP ALG mangles whole IPv4 Address. >> And SNMPv3 is not supported. >> >> I tested with snmp commands such ans snmpd, snmpwalk, snmptrap. > > OK, something is missing here, I see no definition for > nf_nat_snmp_basic_decoder. I apologize for incomplete patch. I forgot to add nf_nat_snmp_basic.asn1 file. so I will resend v2 patch. Thank you for review! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
