xref: /openbsd/regress/usr.sbin/snmpd/snmp.c (revision 1434a006)

#include <sys/socket.h>
#include <sys/types.h>

#include <arpa/inet.h>

#include <ber.h>
#include <err.h>
#include <errno.h>
#include <inttypes.h>
#include <netdb.h>
#include <poll.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <vis.h>

#include "regress.h"

#include <stdio.h>

#define SNMP_HOSTNAME "127.0.0.1"
#define SNMP_PORT "161"

#define SNMP_R_COMMUNITY "public"

#define MIB_SNMP_V3 MIB_SNMP, 1
#define MIB_SNMP_USM MIB_SNMP_V3, 1

#define MIB_SUBAGENT_V3 MIB_SUBAGENT_SNMP, 1
#define MIB_SUBAGENT_USM MIB_SUBAGENT_V3, 1

#define SNMPMODULES 1, 3, 6, 1, 6, 3
#define SNMPUSMMIB SNMPMODULES, 15
#define USMMIBOBJECTS SNMPUSMMIB, 1
#define USMSTATS USMMIBOBJECTS, 1
#define USMSTATSUNKNOWNENGINEIDS USMSTATS, 4

#define BER_OID(...) (struct ber_oid){ {__VA_ARGS__},	\
    (sizeof((uint32_t []){__VA_ARGS__}) / sizeof(uint32_t)) }

enum snmp_application {
        APPLICATION_IPADDR = 0,
        APPLICATION_COUNTER32 = 1,
        APPLICATION_GAUGE32 = 2,
        APPLICATION_UNSIGNED32 = 2,
        APPLICATION_TIMETICKS = 3,
        APPLICATION_OPAQUE = 4,
        APPLICATION_NSAPADDR = 5,
        APPLICATION_COUNTER64 = 6,
};

enum snmp_exception {
	EXCEPTION_NOSUCHOBJECT = 0,
	EXCEPTION_NOSUCHINSTANCE = 1,
	EXCEPTION_ENDOFMIBVIEW = 2
};

enum security_model {
	SM_USM = 3,
	SM_TSM = 4
};

struct usm {
	char engineid[32];
	size_t engineidlen;
	int engineboots;
	int enginetime;
	char username[33];
};

union securityparams {
	struct usm usm;
};

#define MSGFLAG_AUTH (1 << 0)
#define MSGFLAG_PRIV (1 << 1)
#define MSG_NOAUTHNOPRIV 0
#define MSG_AUTHNOPRIV MSGFLAG_AUTH
#define MSG_AUTHPRIV (MSGFLAG_AUTH | MSGFLAG_PRIV)
#define MSGFLAG_REPORTABLE (1 << 2)
#define MSGFLAG_ALL (MSGFLAG_AUTH | MSGFLAG_PRIV | MSGFLAG_REPORTABLE)
struct headerdata {
	int32_t msgid;
	int32_t msgmaxsize;
	int8_t msgflags;
	enum security_model msgsm;
	char engineid[32];
	size_t engineidlen;
	char contextname[256];
};

int32_t snmpv2_send(int, const char *, enum snmp_request, int32_t, int32_t,
    int32_t, struct varbind *, size_t);
int32_t snmpv3_get(int, int, struct headerdata *, union securityparams *,
    int32_t, struct varbind *, size_t);
int32_t snmpv3_send(int, int, struct headerdata *, union securityparams *,
    enum snmp_request, int32_t, int32_t, int32_t, struct varbind *, size_t);
int32_t snmpv3_usm_send(int, int, struct headerdata *, struct usm *, int32_t,
    struct varbind *, size_t);
void snmpv3_usm_discovery(int, int, struct headerdata *, struct usm *);
void snmpv3_encode(int, struct ber *, struct headerdata *,
    union securityparams *, struct ber_element *);
void snmpv3_usm_encode(int, struct ber *, struct usm *);
struct ber_element *snmpv3_decode(int, void *, size_t, struct ber_element *,
    struct headerdata *, union securityparams *);
void snmpv3_response_validate(int, int, struct headerdata *,
    union securityparams *, int32_t, int32_t, int32_t, struct varbind *,
    size_t);
void snmpv3_usm_decode(int, void *, size_t, void *, size_t, struct usm *);
struct ber_element *snmp_recv(int, int, void *buf, size_t *);
struct ber_element *snmp_pdu(enum snmp_request, int32_t, int32_t, int32_t,
    struct varbind *, size_t);
struct ber_element *snmp_varbindlist(struct varbind *, size_t);
struct ber_oid *snmp_oid2ber_oid(struct oid *, struct ber_oid *);
struct ber_element *snmp_data2ber_element(enum type, union data *);
unsigned int smi_application(struct ber_element *);
char *smi_oid2string(struct ber_oid *, char *, size_t);
char *smi_print_element(struct ber_element *);
struct ber_element *v2cmps(struct ber_element *, const char *);
void snmp_pdu_validate(struct ber_element *, enum snmp_request, int32_t,
    int32_t, int32_t, struct varbind *, size_t);

void
snmp_v3_usm_noauthpriv(void)
{
	struct sockaddr_storage ss;
	struct sockaddr *sa = (struct sockaddr *)&ss;
	socklen_t salen;
	int snmp_s, ax_s;
	uint32_t sessionid;
	struct varbind varbind = {
		.type = TYPE_NULL,
		.name = OID_STRUCT(MIB_SNMP_USM, 1, 0),
		.data.int32 = 1
	};
	struct headerdata hd = {
		.msgid = 0,
		.msgmaxsize = 0,
		.msgflags = MSG_NOAUTHNOPRIV | MSGFLAG_REPORTABLE,
		.msgsm = SM_USM
	};
	union securityparams params = {
		.usm.engineidlen = 0,
		.usm.engineboots = 0,
		.usm.enginetime = 0,
		.usm.username = "noauthpriv"
	};
	int32_t requestid;
	char buf[1024];
	size_t n;

	ax_s = agentx_connect(axsocket);
	sessionid = agentx_open(ax_s, 0, 0,
	    OID_ARG(MIB_SUBAGENT_USM, 1), __func__);
	agentx_register(ax_s, sessionid, 0, 0, 127, 0,
	    OID_ARG(MIB_SNMP_USM, 1), 0);

	salen = snmp_resolve(SOCK_DGRAM, hostname, servname, sa);
	snmp_s = snmp_connect(SOCK_DGRAM, sa, salen);
	requestid = snmpv3_get(snmp_s, 1000, &hd, &params, 0, &varbind, 1);

	n = agentx_read(ax_s, buf, sizeof(buf), 1000);
	varbind.type = TYPE_INTEGER;
	agentx_get_handle(__func__, buf, n, 0, sessionid, &varbind, 1);
	agentx_response(ax_s, buf, 0, NOERROR, &varbind, 1);

	snmpv3_response_validate(snmp_s, 1000, &hd, &params, requestid, 0, 0,
	    &varbind, 1);
}

socklen_t
snmp_resolve(int type, const char *hostname, const char *servname, struct sockaddr *sa)
{
	struct addrinfo hints, *res;
	socklen_t salen;
	int error;

	if (hostname == NULL)
		hostname = SNMP_HOSTNAME;
	if (servname == NULL)
		servname = SNMP_PORT;

	memset(&hints, 0, sizeof(hints));
	hints.ai_family = AF_UNSPEC;
	hints.ai_socktype = type;

	if ((error = getaddrinfo(hostname, servname, &hints, &res)) != 0)
		errx(1, "getaddrinfo(%s, %s): %s", hostname, servname,
		    gai_strerror(error));

	memcpy(sa, res->ai_addr, res->ai_addrlen);
	salen = res->ai_addrlen;

	freeaddrinfo(res);
	return salen;
}

int
snmp_connect(int type, struct sockaddr *sa, socklen_t salen)
{
	int s;

	if ((s = socket(sa->sa_family, type, 0)) == -1)
		err(1, "socket");
	if (connect(s, sa, salen) == -1)
		err(1, "connect");
	return s;
}

int32_t
snmpv2_get(int s, const char *community, int32_t requestid,
    struct varbind *varbindlist, size_t nvarbind)
{
	return snmpv2_send(s, community, REQUEST_GET, requestid, 0, 0,
	    varbindlist, nvarbind);
}

int32_t
snmpv2_getnext(int s, const char *community, int32_t requestid,
    struct varbind *varbindlist, size_t nvarbind)
{
	return snmpv2_send(s, community, REQUEST_GETNEXT, requestid, 0, 0,
	    varbindlist, nvarbind);
}

int32_t
snmpv2_getbulk(int s, const char *community, int32_t requestid, int32_t nonrep,
    int32_t maxrep, struct varbind *varbindlist, size_t nvarbind)
{
	return snmpv2_send(s, community, REQUEST_GETBULK, requestid, nonrep,
	    maxrep, varbindlist, nvarbind);
}

struct ber_element *
snmpv2_build(const char *community, enum snmp_request request,
    int32_t requestid, int32_t error, int32_t index,
    struct varbind *varbindlist, size_t nvarbind)
{
	struct ber_element *message;

	if (community == NULL)
		community = SNMP_R_COMMUNITY;
	message = ober_printf_elements(NULL, "{dse}", 1, community,
	    snmp_pdu(request, requestid, error, index, varbindlist, nvarbind));
	if (message == NULL)
		err(1, NULL);

	return message;
}

int32_t
snmpv2_send(int s, const char *community, enum snmp_request request,
    int32_t requestid, int32_t error, int32_t index,
    struct varbind *varbindlist, size_t nvarbind)
{
	struct ber_element *message;
	struct ber ber = {};
	void *buf;
	ssize_t buflen, writelen;

	while (requestid == 0)
		requestid = arc4random();

	message = snmpv2_build(community, request, requestid, error, index,
	    varbindlist,nvarbind);

	if (ober_write_elements(&ber, message) == -1)
		err(1, "ober_write_elements");

	buflen = ober_get_writebuf(&ber, &buf);
	if ((writelen = write(s, buf, buflen)) == -1)
		err(1, "write");
	if (writelen != buflen)
		errx(1, "write: short write");

	if (verbose) {
		printf("SNMP send(%d):\n", s);
		smi_debug_elements(message);
	}
	ober_free_elements(message);
	ober_free(&ber);

	return requestid;
}

void
snmpv2_response_validate(int s, int timeout, const char *community,
    int32_t requestid, int32_t error, int32_t index,
    struct varbind *varbindlist, size_t nvarbind)
{
	struct ber_element *message, *pdu;
	char buf[100000];
	size_t buflen = sizeof(buf);

	message = snmp_recv(s, timeout, buf, &buflen);

	if (community == NULL)
		community = SNMP_R_COMMUNITY;
	snmp_pdu_validate(v2cmps(message, community), REQUEST_RESPONSE,
	    requestid, error, index, varbindlist, nvarbind);

	ober_free_elements(message);
}

struct ber_element *
snmp_recv(int s, int timeout, void *buf, size_t *buflen)
{
	struct pollfd pfd = {
		.fd = s,
		.events = POLLIN
	};
	struct ber ber = {};
	struct ber_element *message;
	ssize_t n;
	size_t ntot = 0;
	int ret;

 again:
	if ((ret = poll(&pfd, 1, timeout)) == -1)
		err(1, "poll");
	if (ret == 0) {
		if (ntot == 0)
			errx(1, "%s: timeout", __func__);
		errc(1, ECANCELED, "%s: unable to decode message", __func__);
	}
	if ((n = read(s, buf + ntot, *buflen - ntot)) == -1)
		err(1, "snmp read");
	ntot += n;

	ober_set_application(&ber, smi_application);
	ober_set_readbuf(&ber, buf, ntot);

	if ((message = ober_read_elements(&ber, NULL)) == NULL) {
		if (errno == ECANCELED)
			goto again;
		errx(1, "%s: unable to decode message", __func__);
	}
	*buflen = n;
	if (verbose) {
		printf("SNMP received(%d):\n", s);
		smi_debug_elements(message);
	}

	ober_free(&ber);

	return message;
}

int32_t
snmpv3_get(int s, int timeout, struct headerdata *hd,
    union securityparams *params, int32_t requestid,
    struct varbind *varbindlist, size_t nvarbind)
{
	return snmpv3_send(s, timeout, hd, params, REQUEST_GET, requestid,
	    0, 0, varbindlist, nvarbind);
}

int32_t
snmpv3_send(int s, int timeout, struct headerdata *hd,
    union securityparams *params, enum snmp_request request, int32_t requestid,
    int32_t error, int32_t index, struct varbind *varbindlist, size_t nvarbind)
{
	struct ber ber;
	void *buf;
	ssize_t buflen, writelen;

	if (hd->msgid == 0)
		hd->msgid = arc4random();
	if (hd->msgmaxsize == 0)
		hd->msgmaxsize = 484;
	if (requestid == 0)
		requestid = arc4random();

	if (hd->msgsm == SM_USM)
		snmpv3_usm_discovery(s, timeout, hd, &params->usm);

	snmpv3_encode(s, &ber, hd, params, snmp_pdu(request, requestid, error,
	    index, varbindlist, nvarbind));

	buflen = ober_get_writebuf(&ber, &buf);
	if ((writelen = write(s, buf, buflen)) == -1)
		err(1, "write");
	if (writelen != buflen)
		errx(1, "write: short write");

	ober_free(&ber);

	return requestid;
}

void
snmpv3_usm_discovery(int s, int timeout, struct headerdata *hd,
    struct usm *params)
{
	struct ber_element *message, *pdu;
	struct ber_oid oid;
	struct ber ber;
	struct headerdata hdd;
	union securityparams sp = {
		.usm = *params
	};
	void *buf;
	char rbuf[1024];
	size_t rbuflen = sizeof(rbuf);
	int8_t msgflags;
	size_t buflen, writelen;
	char oidbuf[1024];
	struct varbind vb = {
		.type = TYPE_COUNTER32,
		.dataunknown = 1
	};

	hdd = *hd;
	hdd.msgid = arc4random();
	if (params->engineidlen == 0) {
		hdd.msgflags = MSGFLAG_REPORTABLE;
		sp.usm.username[0] = '\0';
	} else if (hd->msgflags & MSGFLAG_AUTH && params->engineboots == 0 &&
	    params->enginetime == 0)
		hdd.msgflags = MSGFLAG_AUTH | MSGFLAG_REPORTABLE;
	else
		return;

	pdu = snmp_pdu(REQUEST_GET, 0, 0, 0, NULL, 0);
	snmpv3_encode(s, &ber, &hdd, &sp, pdu);
	buflen = ober_get_writebuf(&ber, &buf);
	if ((writelen = write(s, buf, buflen)) == -1)
		err(1, "write");
	if (writelen != buflen)
		errx(1, "write: short write");

 retry:
	message = snmp_recv(s, timeout, rbuf, &rbuflen);

	hdd.msgflags &= ~MSGFLAG_REPORTABLE;
	pdu = snmpv3_decode(s, rbuf, rbuflen, message, &hdd, &sp);

	if (params->engineidlen == 0) {
		vb.name = OID_STRUCT(USMSTATSUNKNOWNENGINEIDS, 0);
		snmp_pdu_validate(pdu, REQUEST_REPORT, 0, 0, 0, &vb, 1);
		memcpy(params->engineid, sp.usm.engineid, sp.usm.engineidlen);
		params->engineidlen = sp.usm.engineidlen;
		if (hd->msgflags & MSGFLAG_AUTH)
			snmpv3_usm_discovery(s, timeout, hd, params);
	}

	ober_free(&ber);
	ober_free_elements(message);

	return;
}

void
snmpv3_encode(int s, struct ber *ber, struct headerdata *hd,
    union securityparams *params, struct ber_element *pdu)
{
	struct ber_element *message;
	void *sp;
	size_t splen;

	switch (hd->msgsm) {
	case SM_USM:
		snmpv3_usm_encode(s, ber, &params->usm);
		break;
	default:
		errx(1, "%s: unsupported securityModel %d",
		    __func__, hd->msgsm);
	}

	splen = ober_get_writebuf(ber, &sp);
	if ((message = ober_printf_elements(NULL, "{d{ddxd}x{xse}}", 3,
	    hd->msgid, hd->msgmaxsize, &hd->msgflags, sizeof(hd->msgflags),
	    hd->msgsm, sp, splen, hd->engineid, hd->engineidlen,
	    hd->contextname, pdu)) == NULL)
		err(1, NULL);
	ober_free(ber);
	*ber = (struct ber){};
	ober_set_application(ber, smi_application);
	if (ober_write_elements(ber, message) == -1)
		err(1, NULL);
	if (verbose) {
		printf("SNMP send(%d):\n", s);
		smi_debug_elements(message);
	}
	ober_free_elements(message);
}

void
snmpv3_usm_encode(int s, struct ber *ber, struct usm *params)
{
	struct ber_element *sp;

	*ber = (struct ber){};
	ober_set_application(ber, smi_application);
	if ((sp = ober_printf_elements(NULL, "{xddxss}", params->engineid,
	    params->engineidlen, params->engineboots, params->enginetime,
	    params->username, strlen(params->username), "", "")) == NULL)
		err(1, NULL);
	if (ober_write_elements(ber, sp) == -1)
		err(1, NULL);
	if (verbose) {
		printf("USM params send(%d):\n", s);
		smi_debug_elements(sp);
	}
	ober_free_elements(sp);
}

struct ber_element *
snmpv3_decode(int s, void *buf, size_t buflen, struct ber_element *message,
    struct headerdata *hd, union securityparams *sp)
{
	struct ber_element *pdu;
	int32_t version, msgid, msgmaxsize, sm;
	char *msgflags, *spstr, *engineid, *name;
	size_t msgflagslen, spstrlen, engineidlen, namelen;
	int class;
	unsigned int type;

	if (ober_scanf_elements(message, "{d{ddxd$}x{xxe}",
	    &version, &msgid, &msgmaxsize, &msgflags, &msgflagslen,
	    &sm, &spstr, &spstrlen, &engineid, &engineidlen, &name, &namelen,
	    &pdu) == -1)
		errx(1, "%s: ober_scanf_elements", __func__);
	if (version != 3)
		errx(1, "%s: invalid version", __func__);
	if (msgid != hd->msgid)
		errx(1, "%s: unexpected msgid", __func__);
	if (msgmaxsize < 484 || msgmaxsize > 2147483647)
		errx(1, "%s: invalid msgmaxsize", __func__);
	if (msgflagslen != 1 || msgflags[0] != hd->msgflags)
		errx(1, "%s: invalid msgflags", __func__);
	if (sm != hd->msgsm)
		errx(1, "%s: unexpected security model", __func__);
	if (engineidlen < 5 || engineidlen > 32)
		errx(1, "%s: invalid contextEngineID", __func__);
	if (hd->engineidlen != 0) {
		if (hd->engineidlen != engineidlen ||
		    memcmp(hd->engineid, engineid, engineidlen) != 0)
			errx(1, "%s: unexpected engineid", __func__);
	} else {
		hd->engineidlen = engineidlen;
		memcpy(hd->engineid, engineid, engineidlen);
	}
	if (namelen > 255)
		errx(1, "%s: invalid ctxnamelen", __func__);
	if (strcmp(hd->contextname, name) != 0)
		errx(1, "%s: unexpected context", __func__);

	switch (sm) {
	case SM_USM:
		snmpv3_usm_decode(s, buf, buflen, spstr, spstrlen, &sp->usm);
	}
	return pdu;
}

void
snmpv3_usm_decode(int s, void *buf, size_t buflen, void *spstr, size_t spstrlen,
    struct usm *usm)
{
	struct ber ber = {};
	struct ber_element *sp;
	char *engineid, *username, *authparams, *privparams;
	size_t engineidlen, usernamelen, authparamslen, privparamslen;
	int32_t engineboots, enginetime;

	ober_set_application(&ber, smi_application);
	ober_set_readbuf(&ber, spstr, spstrlen);
	if ((sp = ober_read_elements(&ber, NULL)) == NULL)
		errx(1, "%s: ober_read_elements", __func__);
	if (verbose) {
		printf("USM params received(%d):\n", s);
		smi_debug_elements(sp);
	}

	if (ober_scanf_elements(sp, "{xddxxx}", &engineid, &engineidlen,
	    &engineboots, &enginetime, &username, &usernamelen, &authparams,
	    &authparamslen, &privparams, &privparamslen) == -1)
		errx(1, "%s: ober_scanf_elements", __func__);

	if (engineidlen < 5 || engineidlen > 32)
		errx(1, "%s: invalid msgAuthoritativeEngineID", __func__);
	if (engineboots < 0 || engineboots > 2147483647)
		errx(1, "%s: invalid msgAuthoritativeEngineBoots", __func__);
	if (enginetime < 0 || enginetime > 2147483647)
		errx(1, "%s: invalid msgAuthoritativeEngineTime", __func__);
	if (usernamelen < 0 || usernamelen > 32)
		errx(1, "%s: invalid msgUserName", __func__);

	if (usm->engineidlen == 0) {
		memcpy(usm->engineid, engineid, engineidlen);
		usm->engineidlen = engineidlen;
	} else {
		if (usm->engineidlen != engineidlen ||
		    memcmp(usm->engineid, engineid, engineidlen) != 0)
			errx(1, "%s: unexpected engineid", __func__);
	}
	if (usm->engineboots == 0 && usm->enginetime == 0) {
		usm->engineboots = engineboots;
		usm->enginetime = enginetime;
	} else {
		if (usm->engineboots < engineboots)
			errx(1, "%s: engineboots decremented", __func__);
		else if (usm->engineboots == engineboots) {
			if (enginetime < usm->enginetime - 150 ||
			    enginetime > usm->enginetime + 150)
				errx(1, "%s: enginetime out of window",
				    __func__);
		} else {
			if (enginetime > 150)
				errx(1, "%s: enginetime out of window",
				    __func__);
		}
	}
	if (strcmp(username, usm->username) != 0)
		errx(1, "unexpected username");
}

void
snmpv3_response_validate(int s, int timeout, struct headerdata *hd,
    union securityparams *sp, int32_t requestid, int32_t error, int32_t index,
    struct varbind *varbindlist, size_t nvarbind)
{
	struct ber_element *message, *pdu;
	char buf[1024];
	size_t buflen = sizeof(buf);
	hd->msgflags &= ~MSGFLAG_REPORTABLE;

	message = snmp_recv(s, timeout, buf, &buflen);
	pdu = snmpv3_decode(1, buf, sizeof(buf), message, hd, sp);
	snmp_pdu_validate(pdu, REQUEST_RESPONSE, requestid, error, index,
	    varbindlist, nvarbind);

	ober_free_elements(message);
}

void
snmp_timeout(int s, int timeout)
{
	int ret;
	struct pollfd pfd = {
		.fd = s,
		.events = POLLIN
	};

	if ((ret = poll(&pfd, 1, timeout)) == -1)
		err(1, "poll");
	if (ret != 0)
		errx(1, "%s: unexpected snmp data", __func__);
}

struct ber_element *
snmp_pdu(enum snmp_request request, int32_t requestid, int32_t error,
    int32_t index, struct varbind *varbindlist, size_t nvarbind)
{
	struct ber_element *pdu;

	if ((pdu = ober_printf_elements(NULL, "{tddde}", BER_CLASS_CONTEXT,
	    request, requestid, error, index,
	    snmp_varbindlist(varbindlist, nvarbind))) == NULL)
		err(1, NULL);
	return pdu;
}

struct ber_element *
snmp_varbindlist(struct varbind *varbindlist, size_t nvarbind)
{
	struct ber_element *vblist, *prev = NULL;
	struct ber_oid oid;
	size_t i;

	if ((vblist = prev = ober_add_sequence(NULL)) == NULL)
		err(1, NULL);
	for (i = 0; i < nvarbind; i++) {
		if ((prev = ober_printf_elements(prev, "{Oe}",
		    snmp_oid2ber_oid(&varbindlist[i].name, &oid),
		    snmp_data2ber_element(varbindlist[i].type,
		    &varbindlist[i].data))) == NULL)
			err(1, NULL);
	}

	return vblist;
}

struct ber_oid *
snmp_oid2ber_oid(struct oid *oid, struct ber_oid *boid)
{
	size_t i;

	for (i = 0; i < oid->n_subid; i++)
		boid->bo_id[i] = oid->subid[i];
	boid->bo_n = oid->n_subid;

	return boid;
}

struct ber_element *
snmp_data2ber_element(enum type type, union data *data)
{
	struct ber_element *elm;
	struct ber_oid oid;

	switch (type) {
	case TYPE_INTEGER:
		elm = ober_add_integer(NULL, data->int32);
		break;
	case TYPE_OCTETSTRING:
		elm = ober_add_nstring(NULL, data->octetstring.string,
		    data->octetstring.len);
		break;
	case TYPE_NULL:
		elm = ober_add_null(NULL);
		break;
	case TYPE_OBJECTIDENTIFIER:
		elm = ober_add_oid(NULL, snmp_oid2ber_oid(&data->oid, &oid));
		break;
	case TYPE_IPADDRESS:
		if ((elm = ober_add_nstring(NULL, data->octetstring.string,
		    data->octetstring.len)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_APPLICATION, APPLICATION_IPADDR);
		break;
	case TYPE_COUNTER32:
		if ((elm = ober_add_integer(NULL, data->uint32)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_APPLICATION,
		    APPLICATION_COUNTER32);
		break;
	case TYPE_GAUGE32:
		if ((elm = ober_add_integer(NULL, data->uint32)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_APPLICATION,
		    APPLICATION_GAUGE32);
		break;
	case TYPE_TIMETICKS:
		if ((elm = ober_add_integer(NULL, data->uint32)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_APPLICATION,
		    APPLICATION_TIMETICKS);
		break;
	case TYPE_OPAQUE:
		if ((elm = ober_add_nstring(NULL, data->octetstring.string,
		    data->octetstring.len)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_APPLICATION, APPLICATION_OPAQUE);
		break;
	case TYPE_COUNTER64:
		if ((elm = ober_add_integer(NULL, data->uint64)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_APPLICATION,
		    APPLICATION_COUNTER64);
		break;
	case TYPE_NOSUCHOBJECT:
		if ((elm = ober_add_null(NULL)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_CONTEXT, EXCEPTION_NOSUCHOBJECT);
		break;
	case TYPE_NOSUCHINSTANCE:
		if ((elm = ober_add_null(NULL)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_CONTEXT,
		    EXCEPTION_NOSUCHINSTANCE);
		break;
	case TYPE_ENDOFMIBVIEW:
		if ((elm = ober_add_null(NULL)) == NULL)
			err(1, NULL);
		ober_set_header(elm, BER_CLASS_CONTEXT, EXCEPTION_ENDOFMIBVIEW);
		break;
	default:
		errx(1, "%s: unsupported type: %d", __func__, type);
	}
	if (elm == NULL)
		err(1, NULL);
	return elm;
}

unsigned int
smi_application(struct ber_element *elm)
{
	if (elm->be_class != BER_CLASS_APPLICATION)
		return -1;

	switch (elm->be_type) {
	case APPLICATION_IPADDR:
	case APPLICATION_OPAQUE:
		return BER_TYPE_OCTETSTRING;
	case APPLICATION_COUNTER32:
	case APPLICATION_GAUGE32:
	case APPLICATION_TIMETICKS:
	case APPLICATION_COUNTER64:
		return BER_TYPE_INTEGER;
	default:
		return -1;
	}
}

char *
smi_oid2string(struct ber_oid *oid, char *buf, size_t len)
{
	char digit[11];
	size_t i;

	buf[0] = '\0';
	for (i = 0; i < oid->bo_n; i++) {
		snprintf(digit, sizeof(digit), "%"PRIu32, oid->bo_id[i]);
		if (i > 0)
			strlcat(buf, ".", len);
		strlcat(buf, digit, len);
	}
	return buf;
}

char *
smi_print_element(struct ber_element *root)
{
	char		*str = NULL, *buf, *p;
	long long	 v;
	struct ber_oid	 o;
	char		 strbuf[BUFSIZ];

	switch (root->be_class) {
	case BER_CLASS_UNIVERSAL:
		switch (root->be_type) {
		case BER_TYPE_INTEGER:
			if (ober_get_integer(root, &v) == -1)
				goto fail;
			if (asprintf(&str, "%lld", v) == -1)
				goto fail;
			break;
		case BER_TYPE_OBJECT:
			if (ober_get_oid(root, &o) == -1)
				goto fail;
			if (asprintf(&str, "%s", smi_oid2string(&o, strbuf,
			    sizeof(strbuf))) == -1)
				goto fail;
			break;
		case BER_TYPE_OCTETSTRING:
			if (ober_get_string(root, &buf) == -1)
				goto fail;
			p = reallocarray(NULL, 4, root->be_len + 1);
			if (p == NULL)
				goto fail;
			strvisx(p, buf, root->be_len, VIS_NL);
			if (asprintf(&str, "\"%s\"", p) == -1) {
				free(p);
				goto fail;
			}
			free(p);
			break;
		case BER_TYPE_NULL:
			if (asprintf(&str, "null") == -1)
				goto fail;
			break;
		default:
			/* Should not happen in a valid SNMP packet */
			if (asprintf(&str, "[U/%u]", root->be_type) == -1)
				goto fail;
			break;
		}
		break;
	case BER_CLASS_APPLICATION:
		switch (root->be_type) {
		case APPLICATION_IPADDR:
			if (ober_get_string(root, &buf) == -1)
				goto fail;
			if (asprintf(&str, "%s",
			    inet_ntoa(*(struct in_addr *)buf)) == -1)
					goto fail;
			break;
		case APPLICATION_COUNTER32:
			if (ober_get_integer(root, &v) == -1)
				goto fail;
			if (asprintf(&str, "%lld(c32)", v) == -1)
				goto fail;
			break;
		case APPLICATION_GAUGE32:
			if (ober_get_integer(root, &v) == -1)
				goto fail;
			if (asprintf(&str, "%lld(g32)", v) == -1)
				goto fail;
			break;
		case APPLICATION_TIMETICKS:
			if (ober_get_integer(root, &v) == -1)
				goto fail;
			if (asprintf(&str, "%lld.%llds", v/100, v%100) == -1)
				goto fail;
			break;
		case APPLICATION_OPAQUE:
			if (ober_get_string(root, &buf) == -1)
				goto fail;
			p = reallocarray(NULL, 4, root->be_len + 1);
			if (p == NULL)
				goto fail;
			strvisx(p, buf, root->be_len, VIS_NL);
			if (asprintf(&str, "\"%s\"(opaque)", p) == -1) {
				free(p);
				goto fail;
			}
			free(p);
			break;
		case APPLICATION_COUNTER64:
			if (ober_get_integer(root, &v) == -1)
				goto fail;
			if (asprintf(&str, "%lld(c64)", v) == -1)
				goto fail;
			break;
		default:
			/* Should not happen in a valid SNMP packet */
			if (asprintf(&str, "[A/%u]", root->be_type) == -1)
				goto fail;
			break;
		}
		break;
	case BER_CLASS_CONTEXT:
		switch (root->be_type) {
		case EXCEPTION_NOSUCHOBJECT:
			str = strdup("noSuchObject");
			break;
		case EXCEPTION_NOSUCHINSTANCE:
			str = strdup("noSuchInstance");
			break;
		case EXCEPTION_ENDOFMIBVIEW:
			str = strdup("endOfMibView");
			break;
		default:
			/* Should not happen in a valid SNMP packet */
			if (asprintf(&str, "[C/%u]", root->be_type) == -1)
				goto fail;
			break;
		}
		break;
	default:
		/* Should not happen in a valid SNMP packet */
		if (asprintf(&str, "[%hhu/%u]", root->be_class,
		    root->be_type) == -1)
			goto fail;
		break;
	}

	return (str);

 fail:
	free(str);
	return (NULL);
}

void
smi_debug_elements(struct ber_element *root)
{
	static int	 indent = 0;
	char		*value;
	int		 constructed;

	/* calculate lengths */
	ober_calc_len(root);

	switch (root->be_encoding) {
	case BER_TYPE_SEQUENCE:
	case BER_TYPE_SET:
		constructed = root->be_encoding;
		break;
	default:
		constructed = 0;
		break;
	}

	fprintf(stderr, "%*slen %lu ", indent, "", root->be_len);
	switch (root->be_class) {
	case BER_CLASS_UNIVERSAL:
		fprintf(stderr, "class: universal(%u) type: ", root->be_class);
		switch (root->be_type) {
		case BER_TYPE_EOC:
			fprintf(stderr, "end-of-content");
			break;
		case BER_TYPE_INTEGER:
			fprintf(stderr, "integer");
			break;
		case BER_TYPE_BITSTRING:
			fprintf(stderr, "bit-string");
			break;
		case BER_TYPE_OCTETSTRING:
			fprintf(stderr, "octet-string");
			break;
		case BER_TYPE_NULL:
			fprintf(stderr, "null");
			break;
		case BER_TYPE_OBJECT:
			fprintf(stderr, "object");
			break;
		case BER_TYPE_ENUMERATED:
			fprintf(stderr, "enumerated");
			break;
		case BER_TYPE_SEQUENCE:
			fprintf(stderr, "sequence");
			break;
		case BER_TYPE_SET:
			fprintf(stderr, "set");
			break;
		}
		break;
	case BER_CLASS_APPLICATION:
		fprintf(stderr, "class: application(%u) type: ",
		    root->be_class);
		switch (root->be_type) {
		case APPLICATION_IPADDR:
			fprintf(stderr, "ipaddr");
			break;
		case APPLICATION_COUNTER32:
			fprintf(stderr, "counter32");
			break;
		case APPLICATION_GAUGE32:
			fprintf(stderr, "gauge32");
			break;
		case APPLICATION_TIMETICKS:
			fprintf(stderr, "timeticks");
			break;
		case APPLICATION_OPAQUE:
			fprintf(stderr, "opaque");
			break;
		case APPLICATION_COUNTER64:
			fprintf(stderr, "counter64");
			break;
		}
		break;
	case BER_CLASS_CONTEXT:
		fprintf(stderr, "class: context(%u) type: ",
		    root->be_class);
		switch (root->be_type) {
		case REQUEST_GET:
			fprintf(stderr, "getreq");
			break;
		case REQUEST_GETNEXT:
			fprintf(stderr, "getnextreq");
			break;
		case REQUEST_RESPONSE:
			fprintf(stderr, "response");
			break;
		case REQUEST_SET:
			fprintf(stderr, "setreq");
			break;
		case REQUEST_TRAP:
			fprintf(stderr, "trap");
			break;
		case REQUEST_GETBULK:
			fprintf(stderr, "getbulkreq");
			break;
		case REQUEST_INFORM:
			fprintf(stderr, "informreq");
			break;
		case REQUEST_TRAPV2:
			fprintf(stderr, "trapv2");
			break;
		case REQUEST_REPORT:
			fprintf(stderr, "report");
			break;
		}
		break;
	case BER_CLASS_PRIVATE:
		fprintf(stderr, "class: private(%u) type: ", root->be_class);
		break;
	default:
		fprintf(stderr, "class: <INVALID>(%u) type: ", root->be_class);
		break;
	}
	fprintf(stderr, "(%u) encoding %u ",
	    root->be_type, root->be_encoding);

	if ((value = smi_print_element(root)) == NULL)
		goto invalid;

	switch (root->be_encoding) {
	case BER_TYPE_INTEGER:
	case BER_TYPE_ENUMERATED:
		fprintf(stderr, "value %s", value);
		break;
	case BER_TYPE_BITSTRING:
		fprintf(stderr, "hexdump %s", value);
		break;
	case BER_TYPE_OBJECT:
		fprintf(stderr, "oid %s", value);
		break;
	case BER_TYPE_OCTETSTRING:
		if (root->be_class == BER_CLASS_APPLICATION &&
		    root->be_type == APPLICATION_IPADDR) {
			fprintf(stderr, "addr %s", value);
		} else {
			fprintf(stderr, "string %s", value);
		}
		break;
	case BER_TYPE_NULL:	/* no payload */
	case BER_TYPE_EOC:
	case BER_TYPE_SEQUENCE:
	case BER_TYPE_SET:
	default:
		fprintf(stderr, "%s", value);
		break;
	}

 invalid:
	if (value == NULL)
		fprintf(stderr, "<INVALID>");
	else
		free(value);
	fprintf(stderr, "\n");

	if (constructed)
		root->be_encoding = constructed;

	if (constructed && root->be_sub) {
		indent += 2;
		smi_debug_elements(root->be_sub);
		indent -= 2;
	}
	if (root->be_next)
		smi_debug_elements(root->be_next);
}

struct ber_element *
v2cmps(struct ber_element *message, const char *community)
{
	int version;
	const char *mcommunity;
	struct ber_element *pdu;

	if (ober_scanf_elements(message, "{dse}$", &version, &mcommunity, &pdu) == -1)
		err(1, "%s: ober_scanf_elements", __func__);

	if (strcmp(mcommunity, community) != 0)
		errx(1, "%s: invalid community (%s/%s)", __func__, mcommunity,
		    community);

	return pdu;
}

void
snmp_pdu_validate(struct ber_element *pdu, enum snmp_request request,
    int32_t requestid, int32_t error, int32_t index, struct varbind *varbindlist,
    size_t nvarbind)
{
	int32_t mrequestid, merror, mindex;
	int class;
	unsigned int type;
	struct ber_element *mvarbindlist, *varbind;
	struct ber_oid moid, oid;
	struct ber_element *value;
	char oidbuf1[512], oidbuf2[512];
	size_t i;

	if (ober_scanf_elements(pdu, "t{ddd{e}$}$", &class, &type, &mrequestid,
	    &merror, &mindex, &varbind) == -1)
		err(1, "%s: ober_scanf_elementsi", __func__);

	if (class != BER_CLASS_CONTEXT || type != request)
		errx(1, "%s: unexpected pdu type", __func__);
	if (mrequestid != requestid)
		errx(1, "%s: unexpected pdu requestid (%d/%d)",
		    __func__, mrequestid, requestid);
	if (error != merror)
		errx(1, "%s: unexpected pdu error (%d/%d)",
		    __func__, merror, error);
	if (index != mindex)
		errx(1, "%s: unepxected pdu index (%d/%d)",
		    __func__, mindex, index);

	for (i = 0; varbind != NULL; varbind = varbind->be_next, i++) {
		if (ober_scanf_elements(varbind, "{oeS$}", &moid, &value) == -1)
			err(1, "%s: ober_scanf_elements", __func__);
		if (i >= nvarbind)
			continue;
		snmp_oid2ber_oid(&varbindlist[i].name, &oid);
		if (!varbindlist[i].nameunknown && ober_oid_cmp(&moid, &oid) != 0)
			errx(1, "%s: unexpected oid (%s/%s)", __func__,
			    smi_oid2string(&moid, oidbuf1, sizeof(oidbuf1)),
			    smi_oid2string(&oid, oidbuf2, sizeof(oidbuf2)));
		if (value->be_class == BER_CLASS_UNIVERSAL &&
		    value->be_type == BER_TYPE_INTEGER) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_INTEGER)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown &&
			    varbindlist[i].data.int32 != value->be_numeric)
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_UNIVERSAL &&
		    value->be_type == BER_TYPE_OCTETSTRING) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_OCTETSTRING)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown && (
			    varbindlist[i].data.octetstring.len !=
			    value->be_len ||
			    memcmp(varbindlist[i].data.octetstring.string,
			    value->be_val, value->be_len) != 0))
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_UNIVERSAL &&
		    value->be_type == BER_TYPE_NULL) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_NULL)
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_UNIVERSAL &&
		    value->be_type == BER_TYPE_OBJECT) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_OBJECTIDENTIFIER)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown) {
				if (ober_get_oid(value, &moid) == -1)
					errx(1, "%s: unexpected value",
					    __func__);
				snmp_oid2ber_oid(&varbindlist[i].data.oid,
				    &oid);
				if (ober_oid_cmp(&oid, &moid) != 0)
					errx(1, "%s: unexpected value",
					    __func__);
			}
		} else if (value->be_class == BER_CLASS_APPLICATION &&
		    value->be_type == APPLICATION_IPADDR) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_IPADDRESS)
				errx(1, "%s: unexpected value", __func__);
			if (value->be_len != 4)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown) {
				if (memcmp(value->be_val,
				    varbindlist[i].data.octetstring.string,
				    value->be_len) != 0)
					errx(1, "%s: unexpected value",
					    __func__);
			}
		} else if (value->be_class == BER_CLASS_APPLICATION &&
		    value->be_type == APPLICATION_COUNTER32) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_COUNTER32)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown &&
			    varbindlist[i].data.uint32 != value->be_numeric)
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_APPLICATION &&
		    value->be_type == APPLICATION_GAUGE32) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_GAUGE32)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown &&
			    varbindlist[i].data.uint32 != value->be_numeric)
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_APPLICATION &&
		    value->be_type == APPLICATION_TIMETICKS) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_TIMETICKS)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown &&
			    varbindlist[i].data.uint32 != value->be_numeric)
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_APPLICATION &&
		    value->be_type == APPLICATION_OPAQUE) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_OPAQUE)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown && (
			    varbindlist[i].data.octetstring.len !=
			    value->be_len ||
			    memcmp(varbindlist[i].data.octetstring.string,
			    value->be_val, value->be_len) != 0))
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_APPLICATION &&
		    value->be_type == APPLICATION_COUNTER64) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_COUNTER64)
				errx(1, "%s: unexpected value", __func__);
			if (!varbindlist[i].dataunknown &&
			    varbindlist[i].data.uint64 != value->be_numeric)
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_CONTEXT &&
		    value->be_type == EXCEPTION_NOSUCHOBJECT) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_NOSUCHOBJECT)
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_CONTEXT &&
		    value->be_type == EXCEPTION_NOSUCHINSTANCE) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_NOSUCHINSTANCE)
				errx(1, "%s: unexpected value", __func__);
		} else if (value->be_class == BER_CLASS_CONTEXT &&
		    value->be_type == EXCEPTION_ENDOFMIBVIEW) {
			if (!varbindlist[i].typeunknown &&
			    varbindlist[i].type != TYPE_ENDOFMIBVIEW)
				errx(1, "%s: unexpected value", __func__);
		} else
			errx(1, "%s: unexpected value", __func__);
	}
	if (i != nvarbind)
		errx(1, "%s: unexpected amount of varbind (%zu/%zu)", __func__,
		    i, nvarbind);
}