ing

2017-11-21 21:47:55 +09:00
parent 753fafced4
commit 3dd6cb79ca
102 changed files with 9778 additions and 1 deletions
--- a/service/matcher/snmp/v2/snmpv2.go
+++ b/service/matcher/snmp/v2/snmpv2.go
@@ -0,0 +1,179 @@
+package v2
+
+import (
+	"bytes"
+	"encoding/binary"
+
+	"git.loafle.net/overflow/overflow_discovery/service/matcher"
+	"git.loafle.net/overflow/overflow_discovery/service/matcher/snmp"
+)
+
+type snmpv2VarBinding struct {
+	VarBindindStart uint8
+	VarBindLen      uint8
+	ObjectStart     uint8
+	ObjectLen       uint8
+	ValueType       uint8
+	ValueLen        uint8
+	ObjectValue     uint64
+	NullValue       uint8
+	EndIndicator    uint8
+}
+
+type snmpv2Data struct {
+	DataType        uint8
+	DataLen         uint8
+	RequestIdType   uint8
+	RequestIdLen    uint8
+	RequestId       uint8
+	ErrorStatusType uint8
+	ErrorStatusLen  uint8
+	ErrorStatus     uint8
+	ErrorIndexType  uint8
+	ErrorIndexLen   uint8
+	ErrorIndex      uint8
+
+	VarBinding snmpv2VarBinding
+}
+
+type snmpv2 struct {
+	StartSeq             uint8
+	SeqLen               uint8
+	SNMPVersionType      uint8
+	SNMPVersionLen       uint8
+	SNMPVersion          uint8
+	CommunityVersionType uint8
+	CommunityVersionLen  uint8
+	Community            [6]byte
+
+	Data snmpv2Data
+}
+
+type SNMPMatcher struct {
+	matcher.Matchers
+}
+
+func (t *SNMPMatcher) ServiceName() string {
+	return "SNMP"
+}
+
+func (t *SNMPMatcher) IsPrePacket() bool {
+	return false
+}
+
+func (t *SNMPMatcher) HasResponse(index int) bool {
+	return true
+}
+
+func (t *SNMPMatcher) IsError(info matcher.MatchInfo, index int, packet *matcher.Packet) bool {
+	return false
+}
+
+func (t *SNMPMatcher) Match(info matcher.MatchInfo, index int, packet *matcher.Packet) bool {
+
+	if packet == nil {
+		return false
+	}
+
+	r := new(bytes.Buffer)
+	r.Write(packet.Buffer)
+
+	s := snmpv2{}
+	if err := binary.Read(r, binary.BigEndian, &s); err != nil {
+		return false
+	}
+
+	if s.StartSeq != snmp.SNMP_START_SEQUENCE {
+		return false
+	}
+
+	var p uint8
+	reader := new(bytes.Buffer)
+	reader.Write(packet.Buffer)
+	for idx := 0; idx < 5; idx++ {
+		if err := binary.Read(reader, binary.BigEndian, &p); err != nil {
+			return false
+		}
+		if p == snmp.SNMP_TYPE_INTEGER {
+			break
+		}
+		p++
+	}
+
+	//finding protocol version type : 0x02 0x01 0x01
+	if err := binary.Read(reader, binary.BigEndian, &p); err != nil {
+		return false
+	}
+
+	if p == 0x01 {
+		if err := binary.Read(reader, binary.BigEndian, &p); err != nil {
+			return false
+		}
+		if p == 0x01 {
+			return true
+		}
+	}
+
+	return false
+
+}
+
+func (t *SNMPMatcher) IsSend(info matcher.MatchInfo) bool {
+	if info.Port() == 161 {
+		return true
+	}
+	return false
+}
+
+func NewMatcher() matcher.UDPMatcher {
+
+	m := &SNMPMatcher{}
+
+	snmpTempBuf := new(bytes.Buffer)
+	binary.Write(snmpTempBuf, binary.BigEndian, snmpv2{}) //For getting the struct size
+
+	snmpDataTempBuf := new(bytes.Buffer)
+	binary.Write(snmpDataTempBuf, binary.BigEndian, snmpv2Data{}) //For getting the struct size
+
+	snmpVarTempBuf := new(bytes.Buffer)
+	binary.Write(snmpVarTempBuf, binary.BigEndian, snmpv2VarBinding{}) //For getting the struct size
+
+	q := snmpv2{}
+	q.StartSeq = snmp.SNMP_START_SEQUENCE
+	q.SeqLen = uint8(len(snmpTempBuf.Bytes())) - 2
+	q.SNMPVersionType = snmp.SNMP_TYPE_INTEGER
+	q.SNMPVersionLen = 0x01
+	q.SNMPVersion = snmp.SNMP_PROTOCOL_VERSION_2c
+	q.CommunityVersionType = snmp.SNMP_TYPE_STRING
+	q.CommunityVersionLen = 0x06
+	var community [6]byte
+	copy(community[:], "public")
+	q.Community = community
+	q.Data.DataType = snmp.SNMP_GET_REQUEST
+	q.Data.DataLen = uint8(len(snmpDataTempBuf.Bytes())) - 2
+	q.Data.RequestIdType = snmp.SNMP_TYPE_INTEGER
+	q.Data.RequestIdLen = 0x01
+	q.Data.RequestId = 0x01
+	q.Data.ErrorStatusType = snmp.SNMP_TYPE_INTEGER
+	q.Data.ErrorStatusLen = 0x01
+	q.Data.ErrorStatus = 0x00
+	q.Data.ErrorIndexType = snmp.SNMP_TYPE_INTEGER
+	q.Data.ErrorIndexLen = 0x01
+	q.Data.ErrorIndex = 0x00
+	q.Data.VarBinding.VarBindindStart = snmp.SNMP_START_SEQUENCE
+	q.Data.VarBinding.VarBindLen = uint8(len(snmpVarTempBuf.Bytes())) - 2
+	q.Data.VarBinding.ObjectStart = snmp.SNMP_START_SEQUENCE
+	q.Data.VarBinding.ObjectLen = uint8(len(snmpVarTempBuf.Bytes())) - 4
+	q.Data.VarBinding.ValueType = snmp.SNMP_TYPE_OBJECT
+	q.Data.VarBinding.ValueLen = 0x08
+	q.Data.VarBinding.ObjectValue = 0x000001010201062b
+	q.Data.VarBinding.NullValue = snmp.SNMP_TYPE_NULL
+	q.Data.VarBinding.EndIndicator = 0x00
+
+	writer := new(bytes.Buffer)
+	binary.Write(writer, binary.LittleEndian, q)
+
+	m.AddPacket(matcher.NewPacket(writer.Bytes(), writer.Len()))
+
+	return m
+}
--- a/service/matcher/snmp/v2/snmpv2_test.go
+++ b/service/matcher/snmp/v2/snmpv2_test.go
@@ -0,0 +1,37 @@
+package v2
+
+import (
+	"net"
+	"testing"
+
+	"git.loafle.net/overflow/overflow_discovery/service/matcher"
+)
+
+func TestSNMP2(t *testing.T) {
+
+	m := NewMatcher()
+
+	conn, err := net.Dial("udp", "192.168.1.15:161")
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	defer conn.Close()
+
+	for i := 0; i < m.PacketCount(); i++ {
+
+		pack := m.Packet(i)
+		conn.Write(pack.Buffer)
+		bytes := make([]byte, 1024)
+		n, _ := conn.Read(bytes)
+		p := matcher.NewPacket(bytes, n)
+
+		if m.Match(nil, i, p) {
+			t.Log("SNMP found")
+			return
+		}
+
+		t.Error("SNMP not found")
+	}
+
+}