[PATCH V3 0/5] netfilter: nf_nat_snmp_basic: use ASN.1 decoder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The goal of this patch set are to use the ASN.1 decoder library
to parse SNMP ASN.1 payload.

This patch set are same as previous patch
"[PATCH V2]netfilter: nf_nat_snmp_basic: use asn1 decoder library".


My test environment are below.

#Network
Client <-------------> Netfilter FW <-------------> SNMP Server
192.168.3.2   192.168.3.1      192.168.4.1   192.168.4.2

#FW commands
   iptables -t raw -I PREROUTING -p udp -m multiport --dports 161,162 \
	   -j CT --helper snmp
   echo 'file nf_nat_snmp_basic.c +p' > \
	   /sys/kernel/debug/dynamic_debug/control

#SNMP Server commands
   sudo ip r a 192.168.3.2 via 192.168.4.1 dev enp2s0
#Client commands
   sudo ip r a 192.168.4.2 via 192.168.3.1 dev enp3s0

To test basic snmp test, I used snmpwalk command because it is easy to use
   snmpwalk -v <1 or 2c> -c public <ip address> OID
example)
   snmpwalk -v 2c -c public 192.168.4.2 .1.3.6.1.2.1.4.21

so that we can see this message from dmesg.
"snmp_helper: 192.168.3.2 to 192.168.4.1"

And, to test snmp trap test, I used snmptrap command.
   snmptrap -v 1 -c public 192.168.3.2 .1 192.168.4.2 0 0 0 .1 a \
	   192.168.4.2
   snmptrap -v 2c -c public 192.168.3.2 .1 .1 .1 a 192.168.4.2

SNMPv1 trap includes two ip address in payload. so we can see below
message twice.
"snmp_helper: 192.168.4.2 to 192.168.3.1"

If you want to see asn1 decoder debug message, please use below command
   echo 'file asn1_decoder.c +p' > /sys/kernel/debug/dynamic_debug/control

V3 :
 - be separated by previous patch.

V2 : 
 - Add missing nf_nat_snmp_basic.asn1 file

V1 :
 - Initial patch

Taehee Yoo (5):
  netfilter: nf_nat_snmp_basic: remove useless comment
  netfilter: nf_nat_snmp_basic: remove debug parameter
  netfilter: nf_nat_snmp_basic: replace ctinfo with dir.
  netfilter: nf_nat_snmp_basic: use nf_ct_helper_log
  netfilter: nf_nat_snmp_basic: use asn1 decoder library

 net/ipv4/netfilter/Kconfig                |    1 +
 net/ipv4/netfilter/Makefile               |    5 +-
 net/ipv4/netfilter/nf_nat_snmp_basic.asn1 |  177 +++++
 net/ipv4/netfilter/nf_nat_snmp_basic.c    | 1175 ++---------------------------
 4 files changed, 245 insertions(+), 1113 deletions(-)
 create mode 100644 net/ipv4/netfilter/nf_nat_snmp_basic.asn1

-- 
2.9.3

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux