xref: /openbsd/usr.sbin/snmpd/snmpd.h (revision 1985d3eb) 
1 /*	$OpenBSD: snmpd.h,v 1.105 2022/09/01 14:34:17 martijn Exp $	*/
2 
3 /*
4  * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org>
5  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
6  *
7  * Permission to use, copy, modify, and distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #ifndef SNMPD_H
21 #define SNMPD_H
22 
23 #include <sys/tree.h>
24 #include <sys/un.h>
25 
26 #include <net/if.h>
27 #include <net/if_dl.h>
28 #include <netinet/in.h>
29 #include <netinet/if_ether.h>
30 #include <netinet/ip.h>
31 #include <arpa/inet.h>
32 #include <net/pfvar.h>
33 #include <net/route.h>
34 
35 #include <ber.h>
36 #include <stdio.h>
37 #include <imsg.h>
38 
39 #include "log.h"
40 #include "smi.h"
41 #include "snmp.h"
42 
43 #ifndef nitems
44 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
45 #endif
46 
47 /*
48  * common definitions for snmpd
49  */
50 
51 #define CONF_FILE		"/etc/snmpd.conf"
52 #define SNMPD_SOCKET		"/var/run/snmpd.sock"
53 #define SNMPD_BACKEND		"/usr/libexec/snmpd"
54 #define SNMPD_USER		"_snmpd"
55 #define SNMP_PORT		"161"
56 #define SNMPTRAP_PORT		"162"
57 
58 #define AGENTX_MASTER_PATH	"/var/agentx/master"
59 #define AGENTX_GROUP		"_agentx"
60 
61 #define SNMPD_MAXSTRLEN		484
62 #define SNMPD_MAXCOMMUNITYLEN	SNMPD_MAXSTRLEN
63 #define SNMPD_MAXVARBIND	0x7fffffff
64 #define SNMPD_MAXVARBINDLEN	1210
65 #define SNMPD_MAXENGINEIDLEN	32
66 #define SNMPD_MAXUSERNAMELEN	32
67 #define SNMPD_MAXCONTEXNAMELEN	32
68 
69 #define SNMP_USM_MAXDIGESTLEN	48
70 #define SNMP_USM_SALTLEN	8
71 #define SNMP_USM_KEYLEN		64
72 #define SNMP_CIPHER_KEYLEN	16
73 
74 #define SMALL_READ_BUF_SIZE	1024
75 #define READ_BUF_SIZE		65535
76 #define	RT_BUF_SIZE		16384
77 #define	MAX_RTSOCK_BUF		(2 * 1024 * 1024)
78 
79 #define SNMP_ENGINEID_OLD	0x00
80 #define SNMP_ENGINEID_NEW	0x80	/* RFC3411 */
81 
82 #define SNMP_ENGINEID_FMT_IPv4	1
83 #define SNMP_ENGINEID_FMT_IPv6	2
84 #define SNMP_ENGINEID_FMT_MAC	3
85 #define SNMP_ENGINEID_FMT_TEXT	4
86 #define SNMP_ENGINEID_FMT_OCT	5
87 #define SNMP_ENGINEID_FMT_HH	129
88 
89 #define PEN_OPENBSD		30155
90 
91 enum imsg_type {
92 	IMSG_NONE,
93 	IMSG_CTL_OK,		/* answer to snmpctl requests */
94 	IMSG_CTL_FAIL,
95 	IMSG_CTL_END,
96 	IMSG_CTL_NOTIFY,
97 	IMSG_CTL_VERBOSE,
98 	IMSG_CTL_RELOAD,
99 	IMSG_CTL_PROCFD,
100 	IMSG_TRAP_EXEC,
101 	IMSG_AX_FD
102 };
103 
104 struct imsgev {
105 	struct imsgbuf		 ibuf;
106 	void			(*handler)(int, short, void *);
107 	struct event		 ev;
108 	struct privsep_proc	*proc;
109 	void			*data;
110 	short			 events;
111 	const char		*name;
112 };
113 
114 #define IMSG_SIZE_CHECK(imsg, p) do {				\
115 	if (IMSG_DATA_SIZE(imsg) < sizeof(*p))			\
116 		fatalx("bad length imsg received");		\
117 } while (0)
118 #define IMSG_DATA_SIZE(imsg)	((imsg)->hdr.len - IMSG_HEADER_SIZE)
119 
120 enum privsep_procid {
121 	PROC_PARENT,	/* Parent process and application interface */
122 	PROC_SNMPE,	/* SNMP engine */
123 	PROC_MAX
124 };
125 
126 extern enum privsep_procid privsep_process;
127 
128 /* Attach the control socket to the following process */
129 #define PROC_CONTROL	PROC_SNMPE
130 
131 struct privsep_pipes {
132 	int			*pp_pipes[PROC_MAX];
133 };
134 
135 struct privsep {
136 	struct privsep_pipes	*ps_pipes[PROC_MAX];
137 	struct privsep_pipes	*ps_pp;
138 
139 	struct imsgev		*ps_ievs[PROC_MAX];
140 	const char		*ps_title[PROC_MAX];
141 	pid_t			 ps_pid[PROC_MAX];
142 	struct passwd		*ps_pw;
143 
144 	u_int			 ps_instances[PROC_MAX];
145 	u_int			 ps_instance;
146 	int			 ps_noaction;
147 
148 	/* Event and signal handlers */
149 	struct event		 ps_evsigint;
150 	struct event		 ps_evsigterm;
151 	struct event		 ps_evsigchld;
152 	struct event		 ps_evsighup;
153 	struct event		 ps_evsigpipe;
154 	struct event		 ps_evsigusr1;
155 
156 	void			*ps_env;
157 };
158 
159 struct privsep_proc {
160 	const char		*p_title;
161 	enum privsep_procid	 p_id;
162 	int			(*p_cb)(int, struct privsep_proc *,
163 				    struct imsg *);
164 	void			(*p_init)(struct privsep *,
165 				    struct privsep_proc *);
166 	void			(*p_shutdown)(void);
167 	const char		*p_chroot;
168 	struct privsep		*p_ps;
169 	struct passwd		*p_pw;
170 };
171 
172 struct privsep_fd {
173 	enum privsep_procid		 pf_procid;
174 	unsigned int			 pf_instance;
175 };
176 
177 #define PROC_PARENT_SOCK_FILENO	3
178 #define PROC_MAX_INSTANCES	32
179 
180 #if DEBUG
181 #define DPRINTF		log_debug
182 #else
183 #define DPRINTF(x...)	do {} while(0)
184 #endif
185 
186 /*
187  * kroute
188  */
189 
190 struct kroute_node;
191 struct kroute6_node;
192 RB_HEAD(kroute_tree, kroute_node);
193 RB_HEAD(kroute6_tree, kroute6_node);
194 
195 struct ktable {
196 	struct kroute_tree	 krt;
197 	struct kroute6_tree	 krt6;
198 	u_int			 rtableid;
199 	u_int			 rdomain;
200 };
201 
202 union kaddr {
203 	struct sockaddr		sa;
204 	struct sockaddr_in	sin;
205 	struct sockaddr_in6	sin6;
206 	struct sockaddr_dl	sdl;
207 	char			pad[32];
208 };
209 
210 struct kroute {
211 	struct in_addr	prefix;
212 	struct in_addr	nexthop;
213 	u_long		ticks;
214 	u_int16_t	flags;
215 	u_short		if_index;
216 	u_int8_t	prefixlen;
217 	u_int8_t	priority;
218 };
219 
220 struct kroute6 {
221 	struct in6_addr	prefix;
222 	struct in6_addr	nexthop;
223 	u_long		ticks;
224 	u_int16_t	flags;
225 	u_short		if_index;
226 	u_int8_t	prefixlen;
227 	u_int8_t	priority;
228 };
229 
230 struct kif_addr {
231 	u_short			 if_index;
232 	union kaddr		 addr;
233 	union kaddr		 mask;
234 	union kaddr		 dstbrd;
235 
236 	TAILQ_ENTRY(kif_addr)	 entry;
237 	RB_ENTRY(kif_addr)	 node;
238 };
239 
240 struct kif_arp {
241 	u_short			 flags;
242 	u_short			 if_index;
243 	union kaddr		 addr;
244 	union kaddr		 target;
245 
246 	TAILQ_ENTRY(kif_arp)	 entry;
247 };
248 
249 struct kif {
250 	char			 if_name[IF_NAMESIZE];
251 	char			 if_descr[IFDESCRSIZE];
252 	u_int8_t		 if_lladdr[ETHER_ADDR_LEN];
253 	struct if_data		 if_data;
254 	u_long			 if_ticks;
255 	int			 if_flags;
256 	u_short			 if_index;
257 };
258 #define	if_mtu		if_data.ifi_mtu
259 #define	if_type		if_data.ifi_type
260 #define	if_addrlen	if_data.ifi_addrlen
261 #define	if_hdrlen	if_data.ifi_hdrlen
262 #define	if_metric	if_data.ifi_metric
263 #define	if_link_state	if_data.ifi_link_state
264 #define	if_baudrate	if_data.ifi_baudrate
265 #define	if_ipackets	if_data.ifi_ipackets
266 #define	if_ierrors	if_data.ifi_ierrors
267 #define	if_opackets	if_data.ifi_opackets
268 #define	if_oerrors	if_data.ifi_oerrors
269 #define	if_collisions	if_data.ifi_collisions
270 #define	if_ibytes	if_data.ifi_ibytes
271 #define	if_obytes	if_data.ifi_obytes
272 #define	if_imcasts	if_data.ifi_imcasts
273 #define	if_omcasts	if_data.ifi_omcasts
274 #define	if_iqdrops	if_data.ifi_iqdrops
275 #define	if_oqdrops	if_data.ifi_oqdrops
276 #define	if_noproto	if_data.ifi_noproto
277 #define	if_lastchange	if_data.ifi_lastchange
278 #define	if_capabilities	if_data.ifi_capabilities
279 
280 #define F_CONNECTED		0x0001
281 #define F_STATIC		0x0002
282 #define F_BLACKHOLE		0x0004
283 #define F_REJECT		0x0008
284 #define F_DYNAMIC		0x0010
285 
286 /*
287  * Message Processing Subsystem (mps)
288  */
289 
290 struct oid {
291 	struct ber_oid		 o_id;
292 #define o_oid			 o_id.bo_id
293 #define o_oidlen		 o_id.bo_n
294 
295 	char			*o_name;
296 
297 	u_int			 o_flags;
298 
299 	int			 (*o_get)(struct oid *, struct ber_oid *,
300 				    struct ber_element **);
301 	int			 (*o_set)(struct oid *, struct ber_oid *,
302 				    struct ber_element **);
303 	struct ber_oid		*(*o_table)(struct oid *, struct ber_oid *,
304 				    struct ber_oid *);
305 
306 	long long		 o_val;
307 	void			*o_data;
308 
309 	struct ctl_conn		*o_session;
310 
311 	RB_ENTRY(oid)		 o_element;
312 	RB_ENTRY(oid)		 o_keyword;
313 	TAILQ_ENTRY(oid)	 o_list;
314 };
315 TAILQ_HEAD(oidlist, oid);
316 
317 #define OID_ROOT		0x00
318 #define OID_RD			0x01
319 #define OID_WR			0x02
320 #define OID_IFSET		0x04	/* only if user-specified value */
321 #define OID_DYNAMIC		0x08	/* free allocated data */
322 #define OID_TABLE		0x10	/* dynamic sub-elements */
323 #define OID_MIB			0x20	/* root-OID of a supported MIB */
324 #define OID_KEY			0x40	/* lookup tables */
325 #define	OID_REGISTERED		0x80	/* OID registered by subagent */
326 
327 #define OID_RS			(OID_RD|OID_IFSET)
328 #define OID_WS			(OID_WR|OID_IFSET)
329 #define OID_RW			(OID_RD|OID_WR)
330 #define OID_RWS			(OID_RW|OID_IFSET)
331 
332 #define OID_TRD			(OID_RD|OID_TABLE)
333 #define OID_TWR			(OID_WR|OID_TABLE)
334 #define OID_TRS			(OID_RD|OID_IFSET|OID_TABLE)
335 #define OID_TWS			(OID_WR|OID_IFSET|OID_TABLE)
336 #define OID_TRW			(OID_RD|OID_WR|OID_TABLE)
337 #define OID_TRWS		(OID_RW|OID_IFSET|OID_TABLE)
338 
339 #define OID_NOTSET(_oid)						\
340 	(((_oid)->o_flags & OID_IFSET) &&				\
341 	((_oid)->o_data == NULL) && ((_oid)->o_val == 0))
342 
343 #define OID(...)		{ { __VA_ARGS__ } }
344 #define MIBDECL(...)		{ { MIB_##__VA_ARGS__ } }, #__VA_ARGS__
345 #define MIB(...)		{ { MIB_##__VA_ARGS__ } }, NULL
346 #define MIBEND			{ { 0 } }, NULL
347 
348 struct ctl_conn {
349 	TAILQ_ENTRY(ctl_conn)	 entry;
350 	u_int8_t		 flags;
351 #define CTL_CONN_NOTIFY		 0x01
352 #define CTL_CONN_LOCKED		 0x02	/* restricted mode */
353 	struct imsgev		 iev;
354 	struct oidlist		 oids;
355 };
356 
357 /*
358  * pf
359  */
360 
361 enum {	PFRB_TABLES = 1, PFRB_TSTATS, PFRB_ADDRS, PFRB_ASTATS,
362 	PFRB_IFACES, PFRB_TRANS, PFRB_MAX };
363 
364 enum {  IN, OUT };
365 enum {  IPV4, IPV6 };
366 enum {  PASS, BLOCK };
367 
368 enum {  PFI_IFTYPE_GROUP, PFI_IFTYPE_INSTANCE };
369 
370 struct pfr_buffer {
371 	int	 pfrb_type;	/* type of content, see enum above */
372 	int	 pfrb_size;	/* number of objects in buffer */
373 	int	 pfrb_msize;	/* maximum number of objects in buffer */
374 	void	*pfrb_caddr;	/* malloc'ated memory area */
375 };
376 
377 #define PFRB_FOREACH(var, buf)				\
378 	for ((var) = pfr_buf_next((buf), NULL);		\
379 	    (var) != NULL;				\
380 	    (var) = pfr_buf_next((buf), (var)))
381 
382 /*
383  * daemon structures
384  */
385 
386 #define MSG_HAS_AUTH(m)		(((m)->sm_flags & SNMP_MSGFLAG_AUTH) != 0)
387 #define MSG_HAS_PRIV(m)		(((m)->sm_flags & SNMP_MSGFLAG_PRIV) != 0)
388 #define MSG_SECLEVEL(m)		((m)->sm_flags & SNMP_MSGFLAG_SECMASK)
389 #define MSG_REPORT(m)		(((m)->sm_flags & SNMP_MSGFLAG_REPORT) != 0)
390 
391 struct snmp_message {
392 	int			 sm_sock;
393 	struct sockaddr_storage	 sm_ss;
394 	socklen_t		 sm_slen;
395 	int			 sm_sock_tcp;
396 	int			 sm_aflags;
397 	enum snmp_pdutype	 sm_pdutype;
398 	struct event		 sm_sockev;
399 	char			 sm_host[HOST_NAME_MAX+1];
400 	in_port_t		 sm_port;
401 
402 	struct sockaddr_storage	 sm_local_ss;
403 	socklen_t		 sm_local_slen;
404 
405 	struct ber		 sm_ber;
406 	struct ber_element	*sm_req;
407 	struct ber_element	*sm_resp;
408 
409 	u_int8_t		 sm_data[READ_BUF_SIZE];
410 	size_t			 sm_datalen;
411 
412 	uint32_t		 sm_transactionid;
413 
414 	u_int			 sm_version;
415 
416 	/* V1, V2c */
417 	char			 sm_community[SNMPD_MAXCOMMUNITYLEN];
418 
419 	/* V3 */
420 	long long		 sm_msgid;
421 	long long		 sm_max_msg_size;
422 	u_int8_t		 sm_flags;
423 	long long		 sm_secmodel;
424 	u_int32_t		 sm_engine_boots;
425 	u_int32_t		 sm_engine_time;
426 	uint8_t			 sm_ctxengineid[SNMPD_MAXENGINEIDLEN];
427 	size_t			 sm_ctxengineid_len;
428 	char			 sm_ctxname[SNMPD_MAXCONTEXNAMELEN+1];
429 
430 	/* USM */
431 	char			 sm_username[SNMPD_MAXUSERNAMELEN+1];
432 	struct usmuser		*sm_user;
433 	size_t			 sm_digest_offs;
434 	char			 sm_salt[SNMP_USM_SALTLEN];
435 	int			 sm_usmerr;
436 
437 	long long		 sm_request;
438 
439 	const char		*sm_errstr;
440 	long long		 sm_error;
441 #define sm_nonrepeaters		 sm_error
442 	long long		 sm_errorindex;
443 #define sm_maxrepetitions	 sm_errorindex
444 
445 	struct ber_element	*sm_pdu;
446 	struct ber_element	*sm_pduend;
447 
448 	struct ber_element	*sm_varbind;
449 	struct ber_element	*sm_varbindresp;
450 
451 	RB_ENTRY(snmp_message)	 sm_entry;
452 };
453 RB_HEAD(snmp_messages, snmp_message);
454 extern struct snmp_messages snmp_messages;
455 
456 /* Defined in SNMPv2-MIB.txt (RFC 3418) */
457 struct snmp_stats {
458 	u_int32_t		snmp_inpkts;
459 	u_int32_t		snmp_outpkts;
460 	u_int32_t		snmp_inbadversions;
461 	u_int32_t		snmp_inbadcommunitynames;
462 	u_int32_t		snmp_inbadcommunityuses;
463 	u_int32_t		snmp_inasnparseerrs;
464 	u_int32_t		snmp_intoobigs;
465 	u_int32_t		snmp_innosuchnames;
466 	u_int32_t		snmp_inbadvalues;
467 	u_int32_t		snmp_inreadonlys;
468 	u_int32_t		snmp_ingenerrs;
469 	u_int32_t		snmp_intotalreqvars;
470 	u_int32_t		snmp_intotalsetvars;
471 	u_int32_t		snmp_ingetrequests;
472 	u_int32_t		snmp_ingetnexts;
473 	u_int32_t		snmp_insetrequests;
474 	u_int32_t		snmp_ingetresponses;
475 	u_int32_t		snmp_intraps;
476 	u_int32_t		snmp_outtoobigs;
477 	u_int32_t		snmp_outnosuchnames;
478 	u_int32_t		snmp_outbadvalues;
479 	u_int32_t		snmp_outgenerrs;
480 	u_int32_t		snmp_outgetrequests;
481 	u_int32_t		snmp_outgetnexts;
482 	u_int32_t		snmp_outsetrequests;
483 	u_int32_t		snmp_outgetresponses;
484 	u_int32_t		snmp_outtraps;
485 	int			snmp_enableauthentraps;
486 	u_int32_t		snmp_silentdrops;
487 	u_int32_t		snmp_proxydrops;
488 
489 	/* USM stats (RFC 3414) */
490 	u_int32_t		snmp_usmbadseclevel;
491 	u_int32_t		snmp_usmtimewindow;
492 	u_int32_t		snmp_usmnosuchuser;
493 	u_int32_t		snmp_usmnosuchengine;
494 	u_int32_t		snmp_usmwrongdigest;
495 	u_int32_t		snmp_usmdecrypterr;
496 };
497 
498 struct address {
499 	struct sockaddr_storage	 ss;
500 	in_port_t		 port;
501 	int			 type;
502 	int			 flags;
503 	int			 fd;
504 	struct event		 ev;
505 	struct event		 evt;
506 
507 	TAILQ_ENTRY(address)	 entry;
508 };
509 TAILQ_HEAD(addresslist, address);
510 
511 struct agentx_master {
512 	int			axm_fd;
513 	struct sockaddr_un	axm_sun;
514 	uid_t			axm_owner;
515 	gid_t			axm_group;
516 	mode_t			axm_mode;
517 
518 	struct event		axm_ev;
519 
520 	TAILQ_ENTRY(agentx_master) axm_entry;
521 };
522 TAILQ_HEAD(axmasterlist, agentx_master);
523 
524 #define ADDRESS_FLAG_READ	0x01
525 #define ADDRESS_FLAG_WRITE	0x02
526 #define ADDRESS_FLAG_NOTIFY	0x04
527 #define ADDRESS_FLAG_PERM	\
528     (ADDRESS_FLAG_READ | ADDRESS_FLAG_WRITE | ADDRESS_FLAG_NOTIFY)
529 #define ADDRESS_FLAG_SNMPV1	0x10
530 #define ADDRESS_FLAG_SNMPV2	0x20
531 #define ADDRESS_FLAG_SNMPV3	0x40
532 #define ADDRESS_FLAG_MPS	\
533     (ADDRESS_FLAG_SNMPV1 | ADDRESS_FLAG_SNMPV2 | ADDRESS_FLAG_SNMPV3)
534 
535 struct trap_address {
536 	struct sockaddr_storage	 ta_ss;
537 	struct sockaddr_storage	 ta_sslocal;
538 	int			 ta_version;
539 	union {
540 		char		 ta_community[SNMPD_MAXCOMMUNITYLEN];
541 		struct {
542 			char		*ta_usmusername;
543 			struct usmuser	*ta_usmuser;
544 			int		 ta_seclevel;
545 		};
546 	};
547 	struct ber_oid		*ta_oid;
548 
549 	TAILQ_ENTRY(trap_address) entry;
550 };
551 TAILQ_HEAD(trap_addresslist, trap_address);
552 
553 enum usmauth {
554 	AUTH_NONE = 0,
555 	AUTH_MD5,	/* HMAC-MD5-96, RFC3414 */
556 	AUTH_SHA1,	/* HMAC-SHA-96, RFC3414 */
557 	AUTH_SHA224,	/* usmHMAC128SHA224AuthProtocol. RFC7860 */
558 	AUTH_SHA256,	/* usmHMAC192SHA256AuthProtocol. RFC7860 */
559 	AUTH_SHA384,	/* usmHMAC256SHA384AuthProtocol. RFC7860 */
560 	AUTH_SHA512	/* usmHMAC384SHA512AuthProtocol. RFC7860 */
561 };
562 
563 #define AUTH_DEFAULT	AUTH_SHA1	/* Default digest */
564 
565 enum usmpriv {
566 	PRIV_NONE = 0,
567 	PRIV_DES,	/* CBC-DES, RFC3414 */
568 	PRIV_AES	/* CFB128-AES-128, RFC3826 */
569 };
570 
571 #define PRIV_DEFAULT	PRIV_AES	/* Default cipher */
572 
573 struct usmuser {
574 	char			*uu_name;
575 	int			 uu_seclevel;
576 
577 	enum usmauth		 uu_auth;
578 	char			*uu_authkey;
579 	unsigned		 uu_authkeylen;
580 
581 
582 	enum usmpriv		 uu_priv;
583 	char			*uu_privkey;
584 	unsigned long long	 uu_salt;
585 
586 	SLIST_ENTRY(usmuser)	 uu_next;
587 };
588 
589 struct snmpd {
590 	u_int8_t		 sc_flags;
591 #define SNMPD_F_VERBOSE		 0x01
592 #define SNMPD_F_DEBUG		 0x02
593 #define SNMPD_F_NONAMES		 0x04
594 
595 	const char		*sc_confpath;
596 	struct addresslist	 sc_addresses;
597 	struct axmasterlist	 sc_agentx_masters;
598 	struct timeval		 sc_starttime;
599 	u_int32_t		 sc_engine_boots;
600 
601 	char			 sc_rdcommunity[SNMPD_MAXCOMMUNITYLEN];
602 	char			 sc_rwcommunity[SNMPD_MAXCOMMUNITYLEN];
603 	char			 sc_trcommunity[SNMPD_MAXCOMMUNITYLEN];
604 
605 	uint8_t			 sc_engineid[SNMPD_MAXENGINEIDLEN];
606 	size_t			 sc_engineid_len;
607 
608 	struct snmp_stats	 sc_stats;
609 
610 	struct trap_addresslist	 sc_trapreceivers;
611 
612 	int			 sc_ncpu;
613 	int64_t			*sc_cpustates;
614 	struct ber_oid		*sc_blocklist;
615 	size_t			 sc_nblocklist;
616 	int			 sc_rtfilter;
617 
618 	int			 sc_min_seclevel;
619 	int			 sc_traphandler;
620 
621 	struct privsep		 sc_ps;
622 };
623 
624 struct trapcmd {
625 	struct ber_oid		*cmd_oid;
626 		/* sideways return for intermediate lookups */
627 	struct trapcmd		*cmd_maybe;
628 
629 	int			 cmd_argc;
630 	char			**cmd_argv;
631 
632 	RB_ENTRY(trapcmd)	 cmd_entry;
633 };
634 RB_HEAD(trapcmd_tree, trapcmd);
635 extern	struct trapcmd_tree trapcmd_tree;
636 
637 extern struct snmpd *snmpd_env;
638 
639 /* parse.y */
640 struct snmpd	*parse_config(const char *, u_int);
641 int		 cmdline_symset(char *);
642 
643 /* kroute.c */
644 void		 kr_init(void);
645 void		 kr_shutdown(void);
646 
647 u_int		 kr_ifnumber(void);
648 u_long		 kr_iflastchange(void);
649 int		 kr_updateif(u_int);
650 u_long		 kr_routenumber(void);
651 
652 struct kif	*kr_getif(u_short);
653 struct kif	*kr_getnextif(u_short);
654 struct kif_addr *kr_getaddr(struct sockaddr *);
655 struct kif_addr *kr_getnextaddr(struct sockaddr *);
656 
657 struct kroute	*kroute_first(void);
658 struct kroute	*kroute_getaddr(in_addr_t, u_int8_t, u_int8_t, int);
659 
660 struct kif_arp	*karp_first(u_short);
661 struct kif_arp	*karp_getaddr(struct sockaddr *, u_short, int);
662 
663 /* snmpe.c */
664 void		 snmpe(struct privsep *, struct privsep_proc *);
665 void		 snmpe_shutdown(void);
666 void		 snmpe_dispatchmsg(struct snmp_message *);
667 void		 snmpe_response(struct snmp_message *);
668 int		 snmp_messagecmp(struct snmp_message *, struct snmp_message *);
669 RB_PROTOTYPE(snmp_messages, snmp_message, sm_entry, snmp_messagecmp)
670 
671 /* trap.c */
672 void		 trap_init(void);
673 int		 trap_imsg(struct imsgev *, pid_t);
674 int		 trap_send(struct ber_oid *, struct ber_element *);
675 
676 /* mps.c */
677 int		 mps_getreq(struct snmp_message *, struct ber_element *,
678 		    struct ber_oid *, u_int);
679 int		 mps_getnextreq(struct snmp_message *, struct ber_element *,
680 		    struct ber_oid *);
681 int		 mps_getbulkreq(struct snmp_message *, struct ber_element **,
682 		    struct ber_element **, struct ber_oid *, int);
683 int		 mps_setreq(struct snmp_message *, struct ber_element *,
684 		    struct ber_oid *);
685 int		 mps_set(struct ber_oid *, void *, long long);
686 int		 mps_getstr(struct oid *, struct ber_oid *,
687 		    struct ber_element **);
688 int		 mps_setstr(struct oid *, struct ber_oid *,
689 		    struct ber_element **);
690 int		 mps_getint(struct oid *, struct ber_oid *,
691 		    struct ber_element **);
692 int		 mps_setint(struct oid *, struct ber_oid *,
693 		    struct ber_element **);
694 int		 mps_getts(struct oid *, struct ber_oid *,
695 		    struct ber_element **);
696 void		 mps_encodeinaddr(struct ber_oid *, struct in_addr *, int);
697 int		 mps_decodeinaddr(struct ber_oid *, struct in_addr *, int);
698 struct ber_oid	*mps_table(struct oid *, struct ber_oid *, struct ber_oid *);
699 
700 /* pf.c */
701 void			 pf_init(void);
702 int			 pf_get_stats(struct pf_status *);
703 int			 pfr_get_astats(struct pfr_table *, struct pfr_astats *,
704 			    int *, int);
705 int			 pfr_get_tstats(struct pfr_table *, struct pfr_tstats *,
706 			    int *, int);
707 int			 pfr_buf_grow(struct pfr_buffer *, int);
708 const void		*pfr_buf_next(struct pfr_buffer *, const void *);
709 int			 pfi_get_ifaces(const char *, struct pfi_kif *, int *);
710 int			 pfi_get(struct pfr_buffer *, const char *);
711 int			 pfi_count(void);
712 int			 pfi_get_if(struct pfi_kif *, int);
713 int			 pft_get(struct pfr_buffer *, struct pfr_table *);
714 int			 pft_count(void);
715 int			 pft_get_table(struct pfr_tstats *, int);
716 int			 pfta_get(struct pfr_buffer *, struct pfr_table *);
717 int			 pfta_get_addr(struct pfr_astats *, int);
718 int			 pfta_get_nextaddr(struct pfr_astats *, int *);
719 int			 pfta_get_first(struct pfr_astats *);
720 
721 /* smi.c */
722 int		 smi_init(void);
723 void		 smi_mibtree(struct oid *);
724 struct oid	*smi_find(struct oid *);
725 struct oid	*smi_nfind(struct oid *);
726 struct oid	*smi_findkey(char *);
727 struct oid	*smi_next(struct oid *);
728 struct oid	*smi_foreach(struct oid *, u_int);
729 void		 smi_oidlen(struct ber_oid *);
730 void		 smi_scalar_oidlen(struct ber_oid *);
731 int		 smi_string2oid(const char *, struct ber_oid *);
732 void		 smi_delete(struct oid *);
733 int		 smi_insert(struct oid *);
734 int		 smi_oid_cmp(struct oid *, struct oid *);
735 int		 smi_key_cmp(struct oid *, struct oid *);
736 unsigned int	 smi_application(struct ber_element *);
737 void		 smi_debug_elements(struct ber_element *);
738 
739 /* timer.c */
740 void		 timer_init(void);
741 
742 /* snmpd.c */
743 int		 snmpd_socket_af(struct sockaddr_storage *, int);
744 u_long		 snmpd_engine_time(void);
745 
746 /* usm.c */
747 void		 usm_generate_keys(void);
748 struct usmuser	*usm_newuser(char *name, const char **);
749 struct usmuser	*usm_finduser(char *name);
750 int		 usm_checkuser(struct usmuser *, const char **);
751 struct ber_element *usm_decode(struct snmp_message *, struct ber_element *,
752 		    const char **);
753 struct ber_element *usm_encode(struct snmp_message *, struct ber_element *);
754 struct ber_element *usm_encrypt(struct snmp_message *, struct ber_element *);
755 void		 usm_finalize_digest(struct snmp_message *, char *, ssize_t);
756 void		 usm_make_report(struct snmp_message *);
757 const struct usmuser *usm_check_mincred(int, const char **);
758 
759 /* proc.c */
760 enum privsep_procid
761 	    proc_getid(struct privsep_proc *, unsigned int, const char *);
762 void	 proc_init(struct privsep *, struct privsep_proc *, unsigned int, int,
763 	    int, char **, enum privsep_procid);
764 void	 proc_kill(struct privsep *);
765 void	 proc_connect(struct privsep *);
766 void	 proc_dispatch(int, short event, void *);
767 void	 proc_run(struct privsep *, struct privsep_proc *,
768 	    struct privsep_proc *, u_int,
769 	    void (*)(struct privsep *, struct privsep_proc *, void *), void *);
770 void	 imsg_event_add(struct imsgev *);
771 int	 imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t,
772 	    pid_t, int, void *, u_int16_t);
773 int	 imsg_composev_event(struct imsgev *, u_int16_t, u_int32_t,
774 	    pid_t, int, const struct iovec *, int);
775 void	 proc_range(struct privsep *, enum privsep_procid, int *, int *);
776 int	 proc_compose_imsg(struct privsep *, enum privsep_procid, int,
777 	    u_int16_t, u_int32_t, int, void *, u_int16_t);
778 int	 proc_compose(struct privsep *, enum privsep_procid,
779 	    uint16_t, void *, uint16_t);
780 int	 proc_composev_imsg(struct privsep *, enum privsep_procid, int,
781 	    u_int16_t, u_int32_t, int, const struct iovec *, int);
782 int	 proc_composev(struct privsep *, enum privsep_procid,
783 	    uint16_t, const struct iovec *, int);
784 int	 proc_forward_imsg(struct privsep *, struct imsg *,
785 	    enum privsep_procid, int);
786 struct imsgbuf *
787 	 proc_ibuf(struct privsep *, enum privsep_procid, int);
788 struct imsgev *
789 	 proc_iev(struct privsep *, enum privsep_procid, int);
790 int	 proc_flush_imsg(struct privsep *, enum privsep_procid, int);
791 
792 /* traphandler.c */
793 int	 traphandler_parse(struct snmp_message *);
794 int	 traphandler_priv_recvmsg(struct privsep_proc *, struct imsg *);
795 void	 trapcmd_free(struct trapcmd *);
796 int	 trapcmd_add(struct trapcmd *);
797 struct trapcmd *
798 	 trapcmd_lookup(struct ber_oid *);
799 
800 /* util.c */
801 ssize_t	 sendtofrom(int, void *, size_t, int, struct sockaddr *,
802 	    socklen_t, struct sockaddr *, socklen_t);
803 ssize_t	 recvfromto(int, void *, size_t, int, struct sockaddr *,
804 	    socklen_t *, struct sockaddr *, socklen_t *);
805 const char *log_in6addr(const struct in6_addr *);
806 const char *print_host(struct sockaddr_storage *, char *, size_t);
807 char	*tohexstr(u_int8_t *, int);
808 uint8_t *fromhexstr(uint8_t *, const char *, size_t);
809 
810 #endif /* SNMPD_H */
811